Crate kanoniv_agent_auth

Expand description

§kanoniv-agent-auth

Cryptographic identity and delegation for AI agents.

This crate provides Ed25519 keypair generation, did:agent: decentralized identifiers, signed message envelopes, provenance entries, and attenuated delegation with recursive chain verification.

§Quick Start

use kanoniv_agent_auth::{AgentKeyPair, SignedMessage};

// Generate a new agent identity
let keypair = AgentKeyPair::generate();
let identity = keypair.identity();
println!("Agent DID: {}", identity.did);

// Sign a message
let payload = serde_json::json!({"action": "merge", "entity_id": "abc123"});
let signed = SignedMessage::sign(&keypair, payload).unwrap();

// Verify the message
signed.verify(&identity).unwrap();

§Delegation

use kanoniv_agent_auth::{AgentKeyPair, Delegation, Invocation, Caveat, verify_invocation};

let root = AgentKeyPair::generate();
let agent = AgentKeyPair::generate();

// Root delegates to agent: resolve only, max cost $5
let delegation = Delegation::create_root(
    &root,
    &agent.identity().did,
    vec![
        Caveat::ActionScope(vec!["resolve".into()]),
        Caveat::MaxCost(5.0),
    ],
).unwrap();

// Agent invokes the delegated power
let invocation = Invocation::create(
    &agent,
    "resolve",
    serde_json::json!({"entity_id": "123", "cost": 2.0}),
    delegation,
).unwrap();

// Verify the full chain (no server calls)
let result = verify_invocation(&invocation, &agent.identity(), &root.identity()).unwrap();
assert_eq!(result.root_did, root.identity().did);

Re-exports§

pub use delegation::verify_delegation_chain;
pub use delegation::verify_delegation_chain_with_revocation;
pub use delegation::verify_invocation;
pub use delegation::verify_invocation_with_revocation;
pub use delegation::Caveat;
pub use delegation::Delegation;
pub use delegation::Invocation;
pub use delegation::VerificationResult;
pub use delegation::MAX_CHAIN_DEPTH;
pub use error::CryptoError;
pub use identity::AgentIdentity;
pub use identity::AgentKeyPair;
pub use identity::ServiceEndpoint;
pub use mcp::McpAuthMode;
pub use mcp::McpAuthOutcome;
pub use mcp::McpProof;
pub use provenance::ActionType;
pub use provenance::ProvenanceEntry;
pub use signing::SignedMessage;

Modules§

delegation: Cryptographic delegation with attenuated capabilities.
error: Error types for cryptographic operations.
identity: Agent cryptographic identity - Ed25519 keypairs and did:agent: identifiers.
mcp: MCP (Model Context Protocol) authentication middleware.
provenance: Provenance entries - signed audit trail for agent actions.
signing: Signed message envelopes with Ed25519 signatures.

Crate kanoniv_agent_auth

Crate kanoniv_agent_auth Copy item path

§kanoniv-agent-auth

§Quick Start

§Delegation

Re-exports§

Modules§

Crate kanoniv_agent_auth