Expand description
TrustForge type bindings and semantic core.
Generated wire types live under generated/; hand-written semantic
helpers live as sibling modules.
Re-exports§
pub use actor_id::actor_id_equals;pub use actor_id::format_actor_id;pub use actor_id::parse_actor_id;pub use actor_id::ActorIdParseError;pub use actor_id::ParsedActorId;pub use canonical::canonicalize;pub use canonical::CanonicalJsonError;pub use capability::constraints_satisfied;pub use capability::intersect_constraints;pub use capability::EvalContext;pub use delegation::walk_chain;pub use delegation::WalkResult;pub use envelope::validate_envelope_shape;pub use envelope::EnvelopeIssue;pub use envelope::EnvelopeValidation;pub use instance_id::format_instance_id;pub use instance_id::parse_instance_id;pub use instance_id::to_actor_id;pub use instance_id::ParsedInstanceId;pub use revocation::RevocationIndex;pub use trust_domain::parse_trust_domain;pub use trust_domain::trust_domain_equals;pub use trust_domain::ParsedTrustDomain;pub use trust_domain::TrustDomainKind;pub use trust_domain::TrustDomainParseError;
Modules§
- actor_
id - Actor-URI parser and formatter mirroring
tools/tf-types-ts/src/core/actor-id.ts. - approval
- ApprovalQueue — Rust mirror of
tools/tf-types-ts/src/core/approval.ts. - binary_
format - Binary container formats — Rust mirror of TS
binary-format.ts. - bridge_
a2a - A2A (agent-to-agent) protocol bridge — mirror of TS bridge-a2a.ts.
- bridge_
did - DID (W3C DID Core 1.0) bridge — Rust mirror of TS.
- bridge_
gnap - GNAP (RFC 9635) + DPoP (RFC 9449) bridge — Rust mirror of
tools/tf-types-ts/src/core/bridge-gnap.ts. - bridge_
grpc - gRPC bridge — mirror of TS
bridge-grpc.ts. - bridge_
matrix - Matrix bridge — Rust mirror.
- bridge_
mcp - MCP bridge — Rust mirror of
tools/tf-types-ts/src/core/bridge-mcp.ts. - bridge_
oauth - OAuth/GNAP bridge — verify a JWT bearer token using
jsonwebtoken, against a static or remote JWKS, and project the verified claims into a TrustForge actor identity + capabilities. - bridge_
service_ mesh - Service-mesh bridge — Envoy XFCC, Istio AuthN, Linkerd l5d-client-id.
- bridge_
spiffe - SPIFFE bridge. Mirrors
tools/tf-types-ts/src/core/bridge-spiffe.ts. - bridge_
tls - TLS / mTLS bridge — accept a peer-supplied X.509 certificate chain, verify it against a configured set of trust anchors, and project the verified leaf into a TrustForge actor identity + capabilities.
- bridge_
webauthn - WebAuthn bridge — Rust mirror of
tools/tf-types-ts/src/core/bridge-webauthn.ts. - bridge_
webhook - Webhook bridge — Rust mirror. HMAC-SHA256, HMAC-SHA1, and ed25519 signature schemes; vendor-event → action mapping; replay-window.
- bridges
- Common compatibility-bridge framework. Concrete bridges live in
sibling modules (e.g.
bridge_spiffe) and register themselves with aBridgeRegistryso higher-level code can look up a bridge by kind at runtime. - bridges_
registry - Rust mirror of
tools/tf-types-ts/src/core/bridges-registry.ts. - bundle
- Encrypted .tfbundle (L4/L5) sealing + transparency anchoring — Rust
mirror of
tools/tf-types-ts/src/core/bundle.ts. - canonical
- Deterministic JSON serialization compatible with the TypeScript
implementation in
tools/tf-types-ts/src/core/canonical.ts. - capability
- Capability semantics — mirrors
tools/tf-types-ts/src/core/capability.ts. - chain
- Proof-event chain and merkle-tree helpers.
- constrained
- Constrained-mode runtime primitives — Rust mirror of
tools/tf-types-ts/src/core/constrained.ts. - crypto
- Crypto primitives — thin wrappers over reviewed crates.
- crypto_
pq - Post-quantum signature primitives (FIPS 204 ML-DSA), mirror of
tools/tf-types-ts/src/core/crypto.tshybridSign/hybridVerify. - delegation
- Delegation chain walker — mirrors
tools/tf-types-ts/src/core/delegation.ts. - envelope
- Signature envelope shape validator — mirrors
tools/tf-types-ts/src/core/envelope.ts. No crypto is performed here; real signing/verification lives incrypto.rs. - evidence
- Compliance evidence pipeline (TF-0012) — Rust mirror of
tools/tf-types-ts/src/core/evidence.ts. - expiration
- Capability / authority / token expiration helpers — Rust mirror of
tools/tf-types-ts/src/core/expiration.ts. Lexicographic RFC 3339 comparison so byte-for-byte parity with TS holds when both sides useZ-suffixed UTC timestamps. - federation
- Federation primitives — Rust mirror of TS
federation.ts. - format
- Binary framing for
.tflogand.tfproof. Matchestools/tf-types-ts/src/core/format.tsbyte-for-byte viaconformance/framing-vectors.yaml. - generated
- guard
- AgentGuard — Rust mirror of
tools/tf-types-ts/src/core/guard.ts. - instance_
id - Instance-URI parser mirroring
tools/tf-types-ts/src/core/instance-id.ts. - offline_
approval - Offline-signed approval packets — Rust mirror of
tools/tf-types-ts/src/core/offline-approval.ts. - packet
- Packet mode (TF-0011) — Rust mirror of
tools/tf-types-ts/src/core/packet.ts. - permission
- Dynamic permission negotiation helpers — Rust mirror of
tools/tf-types-ts/src/core/permission.ts. - plugin
- PluginRegistry — native-plugin mirror of
tools/tf-types-ts/src/core/plugin.ts. - plugin_
wasm - Rust WASM plugin runtime — mirror of TS
PluginRegistryWASM path. - policy_
engine - Native TrustForge policy engine — Rust mirror of
tools/tf-types-ts/src/core/policy-engine.ts. - profile
- Profile selection runtime — Rust mirror of
tools/tf-types-ts/src/core/profile.ts. - quorum
- Quorum approval collector — Rust mirror of
tools/tf-types-ts/src/core/quorum.ts. - relay
- Relay model — Rust mirror of
tools/tf-types-ts/src/core/relay.ts. Forwarding authority is strictly separate from action authority;RelayHandleronly sees opaque ciphertext and routes it. - revocation
- Revocation index — mirrors
tools/tf-types-ts/src/core/revocation.ts. - rpc
- ProofRPC runtime — mirrors
tools/tf-types-ts/src/core/rpc.ts. - session
- Session protocol — Phase 3 prototype. Mirrors
tools/tf-types-ts/src/core/session.tsbyte-for-byte where deterministic. - session_
migration - Session-migration helpers (Rust mirror of TS).
- simulation
- TrustForge simulation harness — Rust mirror of
tools/tf-types-ts/src/core/simulation.ts. - store
- Persistence-backend traits for proof ledger, revocation cache, and evidence archive. Implementations live in separate crates (tf-store-*).
- tf_
manifests .tf/manifest loader — Rust mirror oftools/tf-types-ts/src/core/tf-manifests.ts.- trust_
domain - Trust-domain parser mirroring
tools/tf-types-ts/src/core/trust-domain.ts. - trust_
overlay - Trust-level overlays — Rust mirror of
tools/tf-types-ts/src/core/trust-overlay.ts. See that file for the design rationale; this module exists so the daemon, RPC server, and conformance vectors can produce identical TrustLevel decisions in both languages. - vault
- File-backed passphrase vault. Mirrors
tools/tf-types-ts/src/core/vault.ts. - webauthn_
attestation - Full WebAuthn attestation parser + verifier.