tenuo

Cryptographic authorization primitive for AI agents.

Status: v0.1 Beta — Core semantics are stable. See CHANGELOG.

Overview

Tenuo implements capability tokens (Warrants) for AI agent authorization:

• Offline verification in ~27μs - no network calls
• Monotonic attenuation - delegated tokens can only shrink in scope
• Proof-of-possession - stolen tokens are useless without the private key
• Constraint types - Exact, Pattern, Range, OneOf, Regex, Wildcard, CEL, UrlPattern, Cidr
• Multi-sig approvals - M-of-N cryptographic approval requirements

Quick Start

use tenuo::{SigningKey, Warrant, Constraint, ConstraintSet, Authorizer};

// Generate keys
let issuer_key = SigningKey::generate();
let holder_key = SigningKey::generate();

// Issue a warrant
let warrant = Warrant::builder()
    .capability("read_file", ConstraintSet::new().insert("path", Constraint::pattern("/data/*")))
    .holder(holder_key.public_key())
    .ttl_secs(300)
    .build(&issuer_key)?;

// Verify and authorize
let authorizer = Authorizer::new(vec![issuer_key.public_key()]);
authorizer.verify_and_authorize(
    &warrant,
    "read_file",
    &[("path", "/data/report.txt")],
    Some(&holder_key.create_pop(&warrant, "read_file", &args)?),
)?;

Features

Use Cases

• Sidecar authorizer - Verify warrants at the edge
• Gateway integration - Envoy/Istio external authorization
• Embedded verification - In-process authorization checks

Documentation

• tenuo.dev - Full documentation
• docs.rs/tenuo - API reference
• GitHub - Source code

License

MIT OR Apache-2.0