Expand description
Access Manager — least-privilege security for agents.
Inspired by OWASP Agentic AI security guidelines:
- Least privilege by default
- Agent identity and audit logging
- Sandbox boundaries (path restrictions)
- Tool access control (which agent can use which tools)
Every agent starts with minimal permissions and must be explicitly granted access to tools, paths, and network resources.
Structs§
- Access
Denied - Authorization denial — includes the layer, reason, and user-facing suggestion.
- Access
Gate - Single entry point for all authorization decisions.
- Access
Manager - Access Manager — least-privilege security for agents.
- Agent
Context - Agent security context — unforgeable proof of agent identity.
- Agent
Permissions - Permissions for a single agent.
- Audit
Entry - An entry in the security audit log.
- Pending
Approval - Human-in-the-loop approval request.
- Permission
Update - Update struct for permission changes (partial updates).
- Rbac
Audit Entry - RBAC audit entry — records authorization decisions.
- Rbac
Manager - RBAC Manager — manages roles, permissions, and HitL approvals.
- Rbac
Policy - RBAC policy defining what a role can do.
- Tracing
Audit Sink - Minimal audit sink that logs to tracing — used as default when no file sink is configured.
- Trail
Audit Sink - Production audit sink: Merkle chain + async JSONL file writer.
Enums§
- Action
- Actions that can be authorized by RBAC.
- Approval
Status - Status of a HitL approval request.
- Audit
Event - Unified security audit event.
- Check
Request - Authorization check request — specifies what is being accessed.
- Deny
Layer - Which security layer produced the deny decision.
- Path
Mode - Path access mode for permission checks.
- Role
- Roles for role-based access control (3-tier model).
- Subject
- Subject — who is accessing the system.
Traits§
- Audit
Sink - Destination for all security audit events.