Expand description
Canonical signing for tool-call provenance.
A signed tool call commits to its canonical bytes: the buffa encoding of
the message with its signature field cleared. Both the signer and the
verifier clear the field before encoding, so the signature covers every
other field (id, oneof body, …) but not itself. buffa’s encoding is
deterministic for a given message, making the round-trip reproducible.
Use sign_tool_call / sign_tool_result to mint a signature, the
*_into helpers to fill the message’s field in place, and
verify_tool_call / verify_tool_result to check provenance. The
verifiers never panic.
Functions§
- sign_
tool_ call - Sign the canonical bytes of
call; returns signature bytes suitable forToolCallContent::signature. - sign_
tool_ call_ into - Sign
calland store the signature in itssignaturefield in place. - sign_
tool_ result - Sign the canonical bytes of
result; returns signature bytes suitable forToolResultContent::signature. - sign_
tool_ result_ into - Sign
resultand store the signature in itssignaturefield in place. - verify_
tool_ call - Verify the provenance signature carried in
call.signatureagainst an encodedpublic_key. - verify_
tool_ result - Verify the provenance signature carried in
result.signatureagainst an encodedpublic_key.