oatf

Rust SDK for the Open Agent Threat Format (OATF).

OATF is a YAML-based format for describing security threats against AI agent communication protocols (MCP, A2A, AG-UI). This crate provides parsing, validation, normalization, serialization, and evaluation of OATF documents.

Quick Start

use oatf::{load, parse, validate, normalize, serialize};

// Parse → validate → normalize in one step
let result = load(yaml_str).expect("valid OATF document");
println!("{:?}", result.document.attack.name);

// Or use individual entry points
let doc = parse(yaml_str).unwrap();
let validation = validate(&doc);
assert!(validation.is_valid());
let normalized = normalize(doc);
let yaml_out = serialize(&normalized).unwrap();

Feature Flags

To disable all CEL support (reduces dependencies):

[dependencies]
oatf = { version = "0.4", default-features = false }

To keep CEL syntax validation but provide your own evaluator:

[dependencies]
oatf = { version = "0.4", default-features = false, features = ["cel-validate"] }

Pipeline

parse(yaml) → Document → validate(doc) → ValidationResult
                       → normalize(doc) → Document → serialize(doc) → yaml

• parse — YAML → Document. Rejects anchors, aliases, merge keys, multi-document streams.
• validate — 50 conformance rules (V-001–V-050) returning all errors and warnings.
• normalize — 8 idempotent steps converting to canonical multi-actor form.
• serialize — Document → YAML.
• load — Convenience: parse → validate → normalize.
• evaluate — Pattern, CEL expression, and semantic indicator evaluation with verdict computation.
• primitives — 13 execution primitives (path resolution, duration parsing, condition evaluation, etc.).

Conformance

This crate passes the full OATF conformance suite (442 test cases across parse, validate, normalize, evaluate, verdict, roundtrip, and primitives).

Minimum Supported Rust Version

The MSRV is 1.88.0 (edition 2024). It is tested in CI and will be bumped as a minor version change.