Expand description
§SUDP — Secret-Use Delegation Protocol
Protocol-level secret use for agentic systems. The unit of delegation is the use
of a secret for one specific authorized operation o, not the secret itself.
§Crate layout
primitives— abstract crypto traits (Hash,Kdf,Aead,KeyWrap,Kem,Csprng,Authenticator) and standard realisations.operation,grant— the A↔T contract (canonicalOperation) and the one-shot authorization artifact (Grant,RedeemedGrant).state— sealed and protected state structures (SealedState,ProtectedState, the peer map).phases— Phase I (setup), Phase II (grant validation), Phase III (consumption dispatch).custodian— façade over the phases.batch— multi-op batch grant.canonical— JCS-style deterministic JSON encoding.passkey— WebAuthn realisation ofprimitives::Authenticator(featurewebauthn).
§Trust model and scope
sudp implements the abstract protocol and the standard cryptographic profile.
It does not speak HTTP, does not render o to humans, and does not perform
the environment call at E. The crate emits canonical bytes for Render,
verifies authorization evidence on Grant, gives the caller bounded access to
s_o := M[o.act.target], and produces the new sealed state for lifecycle
operations. Everything that touches I/O lives in the deployment.
Re-exports§
pub use batch::BatchGrant;pub use batch::BatchOperations;pub use batch::RedeemedBatch;pub use custodian::ConveyanceCredential;pub use custodian::ConveyancePayload;pub use custodian::Custodian;pub use error::Error;pub use error::Result;pub use freshness::FreshnessStore;pub use freshness::FreshnessToken;pub use freshness::InMemoryFreshness;pub use grant::Grant;pub use grant::GrantOpt;pub use grant::RedeemedGrant;pub use grant::WrappingKey;pub use operation::Act;pub use operation::ActType;pub use operation::Bind;pub use operation::Multiplicity;pub use operation::Operation;pub use operation::RecipientPk;pub use operation::Valid;pub use state::PeerMap;pub use state::PrfSalt;pub use state::ProtectedState;pub use state::Registry;pub use state::SealedCredential;pub use state::SealedState;pub use state::Version;pub use state::WrappedKey;pub use state::CURRENT_VERSION;
Modules§
- batch
- Batch grant.
- beta
- Channel binding
β. - canonical
- Deterministic canonical encoding for the operation hash.
- custodian
Custodian— façade over the three phases.- error
- Crate-level error type.
- freshness
- Freshness pool
S. - grant
GrantandRedeemedGrant.- operation
Operation— the canonical A↔T contract.- passkey
webauthn - WebAuthn realization of
crate::primitives::Authenticator(featurewebauthn, on by default). - phases
- Phase I (Setup), Phase II (Grant), Phase III (Consumption).
- prelude
- Ergonomic re-exports for downstream callers.
- primitives
- Abstract cryptographic primitives and their standard realisations.
- state
- Persistent sealed state
Σand its decrypted formM. - wire
- Wire-format helpers (base64 byte encoding used by sealed state and grants).
- xdevice
- Cross-device confidentiality envelope.