Skip to main content

Crate tf_types

Crate tf_types 

Source
Expand description

TrustForge type bindings and semantic core.

Generated wire types live under generated/; hand-written semantic helpers live as sibling modules.

Re-exports§

pub use actor_id::actor_id_equals;
pub use actor_id::format_actor_id;
pub use actor_id::parse_actor_id;
pub use actor_id::ActorIdParseError;
pub use actor_id::ParsedActorId;
pub use canonical::canonicalize;
pub use canonical::CanonicalJsonError;
pub use capability::constraints_satisfied;
pub use capability::intersect_constraints;
pub use capability::EvalContext;
pub use delegation::walk_chain;
pub use delegation::WalkResult;
pub use envelope::validate_envelope_shape;
pub use envelope::EnvelopeIssue;
pub use envelope::EnvelopeValidation;
pub use instance_id::format_instance_id;
pub use instance_id::parse_instance_id;
pub use instance_id::to_actor_id;
pub use instance_id::ParsedInstanceId;
pub use revocation::RevocationIndex;
pub use trust_domain::parse_trust_domain;
pub use trust_domain::trust_domain_equals;
pub use trust_domain::ParsedTrustDomain;
pub use trust_domain::TrustDomainKind;
pub use trust_domain::TrustDomainParseError;

Modules§

actor_id
Actor-URI parser and formatter mirroring tools/tf-types-ts/src/core/actor-id.ts.
approval
ApprovalQueue — Rust mirror of tools/tf-types-ts/src/core/approval.ts.
binary_format
Binary container formats — Rust mirror of TS binary-format.ts.
bridge_a2a
A2A (agent-to-agent) protocol bridge — mirror of TS bridge-a2a.ts.
bridge_did
DID (W3C DID Core 1.0) bridge — Rust mirror of TS.
bridge_gnap
GNAP (RFC 9635) + DPoP (RFC 9449) bridge — Rust mirror of tools/tf-types-ts/src/core/bridge-gnap.ts.
bridge_grpc
gRPC bridge — mirror of TS bridge-grpc.ts.
bridge_matrix
Matrix bridge — Rust mirror.
bridge_mcp
MCP bridge — Rust mirror of tools/tf-types-ts/src/core/bridge-mcp.ts.
bridge_oauth
OAuth/GNAP bridge — verify a JWT bearer token using jsonwebtoken, against a static or remote JWKS, and project the verified claims into a TrustForge actor identity + capabilities.
bridge_service_mesh
Service-mesh bridge — Envoy XFCC, Istio AuthN, Linkerd l5d-client-id.
bridge_spiffe
SPIFFE bridge. Mirrors tools/tf-types-ts/src/core/bridge-spiffe.ts.
bridge_tls
TLS / mTLS bridge — accept a peer-supplied X.509 certificate chain, verify it against a configured set of trust anchors, and project the verified leaf into a TrustForge actor identity + capabilities.
bridge_webauthn
WebAuthn bridge — Rust mirror of tools/tf-types-ts/src/core/bridge-webauthn.ts.
bridge_webhook
Webhook bridge — Rust mirror. HMAC-SHA256, HMAC-SHA1, and ed25519 signature schemes; vendor-event → action mapping; replay-window.
bridges
Common compatibility-bridge framework. Concrete bridges live in sibling modules (e.g. bridge_spiffe) and register themselves with a BridgeRegistry so higher-level code can look up a bridge by kind at runtime.
bridges_registry
Rust mirror of tools/tf-types-ts/src/core/bridges-registry.ts.
bundle
Encrypted .tfbundle (L4/L5) sealing + transparency anchoring — Rust mirror of tools/tf-types-ts/src/core/bundle.ts.
canonical
Deterministic JSON serialization compatible with the TypeScript implementation in tools/tf-types-ts/src/core/canonical.ts.
capability
Capability semantics — mirrors tools/tf-types-ts/src/core/capability.ts.
chain
Proof-event chain and merkle-tree helpers.
constrained
Constrained-mode runtime primitives — Rust mirror of tools/tf-types-ts/src/core/constrained.ts.
crypto
Crypto primitives — thin wrappers over reviewed crates.
crypto_pq
Post-quantum signature primitives (FIPS 204 ML-DSA), mirror of tools/tf-types-ts/src/core/crypto.ts hybridSign/hybridVerify.
delegation
Delegation chain walker — mirrors tools/tf-types-ts/src/core/delegation.ts.
envelope
Signature envelope shape validator — mirrors tools/tf-types-ts/src/core/envelope.ts. No crypto is performed here; real signing/verification lives in crypto.rs.
evidence
Compliance evidence pipeline (TF-0012) — Rust mirror of tools/tf-types-ts/src/core/evidence.ts.
expiration
Capability / authority / token expiration helpers — Rust mirror of tools/tf-types-ts/src/core/expiration.ts. Lexicographic RFC 3339 comparison so byte-for-byte parity with TS holds when both sides use Z-suffixed UTC timestamps.
federation
Federation primitives — Rust mirror of TS federation.ts.
format
Binary framing for .tflog and .tfproof. Matches tools/tf-types-ts/src/core/format.ts byte-for-byte via conformance/framing-vectors.yaml.
generated
guard
AgentGuard — Rust mirror of tools/tf-types-ts/src/core/guard.ts.
instance_id
Instance-URI parser mirroring tools/tf-types-ts/src/core/instance-id.ts.
offline_approval
Offline-signed approval packets — Rust mirror of tools/tf-types-ts/src/core/offline-approval.ts.
packet
Packet mode (TF-0011) — Rust mirror of tools/tf-types-ts/src/core/packet.ts.
permission
Dynamic permission negotiation helpers — Rust mirror of tools/tf-types-ts/src/core/permission.ts.
plugin
PluginRegistry — native-plugin mirror of tools/tf-types-ts/src/core/plugin.ts.
plugin_wasm
Rust WASM plugin runtime — mirror of TS PluginRegistry WASM path.
policy_engine
Native TrustForge policy engine — Rust mirror of tools/tf-types-ts/src/core/policy-engine.ts.
profile
Profile selection runtime — Rust mirror of tools/tf-types-ts/src/core/profile.ts.
quorum
Quorum approval collector — Rust mirror of tools/tf-types-ts/src/core/quorum.ts.
relay
Relay model — Rust mirror of tools/tf-types-ts/src/core/relay.ts. Forwarding authority is strictly separate from action authority; RelayHandler only sees opaque ciphertext and routes it.
revocation
Revocation index — mirrors tools/tf-types-ts/src/core/revocation.ts.
rpc
ProofRPC runtime — mirrors tools/tf-types-ts/src/core/rpc.ts.
session
Session protocol — Phase 3 prototype. Mirrors tools/tf-types-ts/src/core/session.ts byte-for-byte where deterministic.
session_migration
Session-migration helpers (Rust mirror of TS).
simulation
TrustForge simulation harness — Rust mirror of tools/tf-types-ts/src/core/simulation.ts.
store
Persistence-backend traits for proof ledger, revocation cache, and evidence archive. Implementations live in separate crates (tf-store-*).
tf_manifests
.tf/ manifest loader — Rust mirror of tools/tf-types-ts/src/core/tf-manifests.ts.
trust_domain
Trust-domain parser mirroring tools/tf-types-ts/src/core/trust-domain.ts.
trust_overlay
Trust-level overlays — Rust mirror of tools/tf-types-ts/src/core/trust-overlay.ts. See that file for the design rationale; this module exists so the daemon, RPC server, and conformance vectors can produce identical TrustLevel decisions in both languages.
vault
File-backed passphrase vault. Mirrors tools/tf-types-ts/src/core/vault.ts.
webauthn_attestation
Full WebAuthn attestation parser + verifier.