Crate okami

Expand description

Okami — Post-quantum cryptographic identity for AI agents.

This crate provides SPIFFE-based agent identity with hybrid PQC cryptography (Ed25519 + ML-DSA-65), OAuth-style delegation tokens, and tamper-evident audit events. It builds on the [lupine-pqc] PQC library.

§Quick start

use okami::identity::AgentIdentity;
use okami::delegation::{Capability, DelegationToken};
use std::time::Duration;

// Create two agent identities.
let orchestrator = AgentIdentity::new("example.com", "orchestrator").unwrap();
let worker_id = okami::identity::SpiffeId::new("example.com", "worker/1").unwrap();

// Issue a delegation token.
let scopes = vec![Capability::new("read:db").unwrap()];
let token = DelegationToken::issue(
    &orchestrator,
    worker_id,
    scopes.clone(),
    &scopes,
    Duration::from_secs(3600),
    None,
).unwrap();

// Verify the token.
token.verify(None).unwrap();

§Modules

Module	Contents
`error`	Unified `Error` type and `Result` alias
`identity`	[`AgentIdentity`], [`SpiffeId`], [`PqcCredential`]
`delegation`	[`DelegationToken`], [`DelegationChain`], [`Capability`]
`audit`	[`AuditEvent`], [`SignedAuditEvent`], audit chain verification

Re-exports§

pub use error::Error;
pub use error::Result;

Modules§

audit: Audit events: tamper-evident signed event chain for agent actions.
delegation: Delegation tokens and chains for OAuth-style capability passing between agents.
error: Unified error type for the okami Agent Passport SDK.
identity: Agent identity: SPIFFE IDs, PQC credentials, and key lifecycle.

Crate okami

Crate okami Copy item path

§Quick start

§Modules

Re-exports§

Modules§

Crate okami