Skip to main content

Crate fdkey

Crate fdkey 

Source
Expand description

§FDKEY — verification primitives for MCP servers and HTTP backends.

This crate ships the cross-language FDKEY verification logic — JWT verify against the well-known endpoint, challenge fetch / submit against api.fdkey.com, and the same per-session policy semantics as the TypeScript and Python SDKs.

The Rust MCP server ecosystem is still consolidating, so this crate intentionally exposes primitives rather than wrapping a single framework: take Verifier and VpsClient, plug them into whichever MCP server library you use (or your own HTTP service), and gate tool calls on the policies in guard.

§Quick start (HTTP backend)

use fdkey::{Verifier, FdkeyConfig, jwt::extract_bearer};

let cfg = FdkeyConfig {
    api_key: "fdk_...".into(),
    vps_url: Some("https://api.fdkey.com".into()),
    ..Default::default()
};
let verifier = Verifier::new(&cfg)?;

// Inside your HTTP handler:
let auth_header: Option<&str> = Some("Bearer eyJ...");
if let Some(token) = extract_bearer(auth_header) {
    let claims = verifier.verify_token(token).await?;
    println!("score={}, tier={}", claims.score, claims.tier);
}

§Per-session policy gating (any MCP server flavor)

See the guard module: can_call, mark_verified, consume_policy, and the SessionState / Policy types are the same primitives the TypeScript SDK uses.

Re-exports§

pub use jwt_verify::JwtVerifier;
pub use types::Difficulty;
pub use types::FailMode;
pub use types::FdkeyConfig;
pub use types::FdkeyContext;
pub use types::FdkeyError;
pub use types::Policy;
pub use types::SessionState;
pub use types::VerifiedClaims;
pub use vps_client::ChallengeMeta;
pub use vps_client::ChallengeResponse;
pub use vps_client::SubmitResponse;
pub use vps_client::VpsClient;
pub use well_known::WellKnownClient;

Modules§

guard
Pure-function policy evaluation. Mirrors guard.ts / guard.py.
jwt
Re-export under a friendlier jwt alias for the documented quick-start.
jwt_verify
Ed25519 JWT verification. Same wire shape as the TypeScript SDK.
types
Public types: config, policies, session state, verification context.
vps
Re-export under a friendlier vps alias.
vps_client
HTTP client for api.fdkey.com — fetch challenge, submit answers.
well_known
${vps_base}/.well-known/fdkey.json cache. Mirrors the TS SDK’s well-known.tsHashMap<kid, DecodingKey> cached for 1 hour, refreshes on unknown kid (mid-rotation handling).

Structs§

Verifier
One-shot bundle: well-known cache + JWT verifier + VPS client. The canonical entry point for HTTP and custom-MCP integrations.