Expand description
Manifest parser, schema, and validator.
Structs§
- ArgSpec
- Argument contract.
- Audit
Spec - Audit settings.
- CliSpec
- CLI binary metadata.
- Conformance
Corpus - A parsed, structurally-validated conformance corpus.
- EnvSpec
- Environment policy.
- Manifest
- McPact manifest.
- Output
Spec - Output contract.
- Package
Signature - Ed25519 manifest signature metadata.
- Package
Spec - Generated package metadata.
- Policy
Spec - Policy declaration.
- Replay
Outcome - Outcome of replaying a corpus against a built MCP server.
- Tool
Spec - Tool contract.
- Trust
Anchor - A set of authorized publisher public keys (decoded 32-byte ed25519 keys).
- Validation
Report - Validation report.
Enums§
- ArgType
- Supported argument types.
- Corpus
Error - Why a conformance corpus failed to parse / validate.
- Manifest
Error - Manifest errors.
- Replay
Error - Why a replay could not be performed at all (distinct from a replay that ran
and produced a failing
ReplayOutcome). - Signature
Trust - Outcome classification for
verify_package_signature_trusted.
Constants§
- ALGORITHM_
ED25519 - Supported signature algorithm name.
- SCHEMA_
VERSION - Current manifest schema version.
- TRUSTED_
KEYS_ ENV - Environment variable holding the set of authorized publisher public keys.
Functions§
- is_
valid_ arg_ name - Validate generated Rust field name subset.
- is_
valid_ tool_ name - Validate MCP-compatible tool name subset.
- parse_
signing_ seed - Parse a 32-byte ed25519 seed from hex (64 chars) or standard base64.
- resolve_
audit_ jsonl_ path - Resolve JSONL audit file path from manifest
[audit]and package name. - resolve_
audit_ jsonl_ path_ beside_ manifest - Resolve JSONL path relative to a base directory (CLI validate beside manifest).
- sign_
manifest - Attach an ed25519 signature to
manifest.package.signature. - signing_
digest - SHA-256 digest of the canonical signing payload.
- signing_
payload - Canonical unsigned manifest bytes used for signing and verification.
- verify_
package_ signature - Verify
package.signatureon a manifest (integrity only). - verify_
package_ signature_ trusted - Trust-anchored verification using the
TRUSTED_KEYS_ENVallow-list. - verify_
package_ signature_ with_ anchor - Verify
package.signatureAND require the embedded key to be inanchor. - verify_
signature_ fields - Verify explicit signature fields against manifest payload.