Rust SDK for the Agent Governance Toolkit — policy evaluation, trust scoring, hash-chain audit logging, and Ed25519 agent identity.
Public Preview — APIs may change before 1.0.
cargo add agentmesh[dependencies]
agentmesh = "3.0.2"If you only need the MCP governance/security surface, install the standalone crate:
cargo add agentmesh-mcp[dependencies]
agentmesh-mcp = "3.0.2"use agentmesh::{AgentMeshClient, ClientOptions, PolicyDecision};
fn main() {
// Create a client with a policy
let opts = ClientOptions {
policy_yaml: Some(r#"
version: "1.0"
agent: my-agent
policies:
- name: capability-gate
type: capability
allowed_actions: ["data.read", "data.write"]
denied_actions: ["shell:*"]
- name: deploy-approval
type: approval
actions: ["deploy.*"]
min_approvals: 2
"#.to_string()),
..Default::default()
};
let client = AgentMeshClient::with_options("my-agent", opts)
.expect("failed to create client");
// Run an action through the governance pipeline
let result = client.execute_with_governance("data.read", None);
println!("Decision: {:?}, Allowed: {}", result.decision, result.allowed);
// Shell commands are denied
let result = client.execute_with_governance("shell:rm", None);
assert!(!result.allowed);
// Audit chain is verifiable
assert!(client.audit.verify());
}use agentmesh_mcp::{
CredentialRedactor, InMemoryNonceStore, McpMessageSigner, SystemClock,
SystemNonceGenerator,
};
use std::sync::Arc;
use std::time::Duration;
let signer = McpMessageSigner::new(
b"top-secret-signing-key".to_vec(),
Arc::new(SystemClock),
Arc::new(SystemNonceGenerator),
Arc::new(InMemoryNonceStore::default()),
Duration::from_secs(300),
Duration::from_secs(600),
)?;
let message = signer.sign("hello from mcp")?;
signer.verify(&message)?;
let redactor = CredentialRedactor::new()?;
let result = redactor.redact("Authorization: Bearer super-secret-token");
assert!(result.sanitized.contains("[REDACTED_BEARER_TOKEN]"));
# Ok::<(), agentmesh_mcp::McpError>(())Unified governance client combining all modules.
| Function / Method | Description |
|---|---|
AgentMeshClient::new(agent_id) |
Create a client with defaults |
AgentMeshClient::with_options(agent_id, opts) |
Create a client with custom config |
client.execute_with_governance(action, context) |
Run action through governance pipeline |
YAML-based policy engine with four-way decisions (allow / deny / requires-approval / rate-limit).
| Function / Method | Description |
|---|---|
PolicyEngine::new() |
Create an empty policy engine |
engine.load_from_yaml(yaml) |
Load rules from a YAML string |
engine.load_from_file(path) |
Load rules from a YAML file |
engine.evaluate(action, context) |
Evaluate an action against loaded policy |
Integer trust scoring (0–1000) across five tiers with optional JSON persistence.
| Function / Method | Description |
|---|---|
TrustManager::new(config) |
Create a trust manager |
TrustManager::with_defaults() |
Create with default config |
manager.get_trust_score(agent_id) |
Get current trust score |
manager.is_trusted(agent_id) |
Check against threshold |
manager.record_success(agent_id) |
Increase trust after success |
manager.record_failure(agent_id) |
Decrease trust after failure |
Trust tiers:
| Tier | Score Range |
|---|---|
| VerifiedPartner | 900–1000 |
| Trusted | 700–899 |
| Standard | 500–699 |
| Probationary | 300–499 |
| Untrusted | 0–299 |
SHA-256 hash-chained audit log for tamper detection.
| Function / Method | Description |
|---|---|
AuditLogger::new() |
Create an audit logger |
logger.log(agent_id, action, decision) |
Append an audit entry |
logger.verify() |
Verify chain integrity |
logger.get_entries(filter) |
Query entries by filter |
Ed25519-based agent identity with DID support.
| Function / Method | Description |
|---|---|
AgentIdentity::generate(agent_id, capabilities) |
Create a new identity |
identity.sign(data) |
Sign data with private key |
identity.verify(data, sig) |
Verify a signature |
identity.to_json() |
Serialise public identity |
AgentIdentity::from_json(json) |
Deserialise public identity |
version: "1.0"
agent: my-agent
policies:
- name: capability-gate
type: capability
allowed_actions:
- "data.read"
- "data.write"
denied_actions:
- "shell:*"
- name: deploy-approval
type: approval
actions:
- "deploy.*"
min_approvals: 2
- name: api-rate-limit
type: rate_limit
actions:
- "api.call"
max_calls: 100
window: "60s"See repository root LICENSE.