18 releases

0.1.0-beta.7	Feb 2, 2026
0.1.0-beta.6	Jan 15, 2026
0.1.0-beta.1	Dec 27, 2025

#576 in Authentication

MIT/Apache

1.5MB
26K SLoC

tenuo

Cryptographic authorization primitive for AI agents.

Status: v0.1 Beta — Core semantics are stable. See CHANGELOG.

Overview

Tenuo implements capability tokens (Warrants) for AI agent authorization:

Offline verification in ~27μs - no network calls
Monotonic attenuation - delegated tokens can only shrink in scope
Proof-of-possession - stolen tokens are useless without the private key
Constraint types - Exact, Pattern, Range, OneOf, Regex, Wildcard, CEL, UrlPattern, Cidr
Multi-sig approvals - M-of-N cryptographic approval requirements

Quick Start

use tenuo::{SigningKey, Warrant, Constraint, ConstraintSet, Authorizer};

// Generate keys
let issuer_key = SigningKey::generate();
let holder_key = SigningKey::generate();

// Issue a warrant
let warrant = Warrant::builder()
    .capability("read_file", ConstraintSet::new().insert("path", Constraint::pattern("/data/*")))
    .holder(holder_key.public_key())
    .ttl_secs(300)
    .build(&issuer_key)?;

// Verify and authorize
let authorizer = Authorizer::new(vec![issuer_key.public_key()]);
authorizer.verify_and_authorize(
    &warrant,
    "read_file",
    &[("path", "/data/report.txt")],
    Some(&holder_key.create_pop(&warrant, "read_file", &args)?),
)?;

Features

Feature	Description
`control-plane`	Warrant issuance (default)
`data-plane`	Warrant verification (default)
`python`	PyO3 bindings
`server`	HTTP server dependencies

Use Cases

Sidecar authorizer - Verify warrants at the edge
Gateway integration - Envoy/Istio external authorization
Embedded verification - In-process authorization checks

Documentation

tenuo.ai - Full documentation
docs.rs/tenuo - API reference
GitHub - Source code

License

MIT OR Apache-2.0

Dependencies

~13–34MB
~476K SLoC