Skip to main content

mur_common/muragent/
mod.rs

1//! `.muragent` v2 portable agent package format.
2//!
3//! ## Module map
4//!
5//! - `manifest` — type definitions for `manifest.yaml`
6//! - `jcs_canonical` — manifest → `manifest.signed.json` (RFC 8785 JCS via `mur_common::jcs`)
7//! - `dsse` — DSSE envelope sign/verify
8//! - `statement` — in-toto v1 Statement with subject hashes
9//! - `writer` — build `.muragent` tar.gz
10//! - `reader` — extract and validate `.muragent` tar.gz
11//! - `validator` — 11-step validation pipeline
12//! - `executable_ban` — MCP command deny-list and permit-list
13
14pub mod dsse;
15pub mod executable_ban;
16pub mod installer;
17pub mod jcs_canonical;
18pub mod manifest;
19pub mod model_class;
20pub mod reader;
21pub mod statement;
22pub mod validator;
23pub mod writer;
24// pub mod statement; — Task 6
25// pub mod executable_ban; — Task 7
26// pub mod writer; — Task 8
27// pub mod reader; — Task 9
28// pub mod validator; — Task 9
29
30use thiserror::Error;
31
32#[derive(Error, Debug)]
33pub enum MuragentError {
34    #[error("schema version mismatch: expected 'mur-agent/2', got '{0}'")]
35    SchemaMismatch(String),
36
37    #[error("manifest YAML parse error: {0}")]
38    ManifestParse(String),
39
40    #[error("manifest.signed.json mismatch: re-derived canonical JSON does not match embedded")]
41    SignedJsonMismatch,
42
43    #[error("DSSE verification failed: {0}")]
44    DsseError(String),
45
46    #[error("subject hash mismatch for '{path}': expected {expected}, got {actual}")]
47    SubjectHashMismatch {
48        path: String,
49        expected: String,
50        actual: String,
51    },
52
53    #[error("missing subject in tarball: '{0}'")]
54    MissingSubject(String),
55
56    #[error("extra file in tarball not in statement subjects: '{0}'")]
57    ExtraFile(String),
58
59    #[error("executable content detected: {0}")]
60    ExecutableContent(String),
61
62    #[error("forbidden MCP command: {0}")]
63    ForbiddenMcpCommand(String),
64
65    #[error("signature invalid for keyid '{0}'")]
66    InvalidSignature(String),
67
68    #[error("trust refused: {0}")]
69    TrustRefused(String),
70
71    #[error("I/O error: {0}")]
72    Io(#[from] std::io::Error),
73
74    #[error("{0}")]
75    Other(String),
76}