avp-rs

Rust reference implementation of Agent Vault Protocol
Full + Hardware conformance · Production ready · Zero unsafe code

---

Overview

avp-rs is the official Rust reference implementation of the Agent Vault Protocol (AVP). It provides a complete, production-ready library for secure credential management in AI agent systems.

Features

• Full AVP Conformance — All 7 core operations (DISCOVER, AUTHENTICATE, STORE, RETRIEVE, DELETE, LIST, ROTATE)
• Hardware Support — HW_CHALLENGE, HW_SIGN, HW_ATTEST for secure elements
• All Backends — File, Keychain (macOS/Windows/Linux), Hardware, Remote
• All Transports — In-process, USB serial, Unix socket, HTTP/HTTPS, MCP
• Zero Unsafe — 100% safe Rust, audited dependencies
• Async/Await — Tokio-based async runtime
• WASM Ready — Compile to WebAssembly for browser/edge use

Installation

Add to your Cargo.toml:

[dependencies]
avp = "0.1"

Quick Start

use avp::{Vault, Config};

#[tokio::main]
async fn main() -> avp::Result<()> {
    // Load configuration
    let config = Config::from_file("avp.toml")?;

    // Create vault instance
    let vault = Vault::new(config).await?;

    // Authenticate
    vault.authenticate().await?;

    // Store a secret
    vault.store("anthropic_api_key", "sk-ant-...").await?;

    // Retrieve a secret
    let api_key = vault.retrieve("anthropic_api_key").await?;

    Ok(())
}

Backend Selection

use avp::{Vault, Backend};

// File backend (encrypted, for development)
let vault = Vault::with_backend(Backend::File {
    path: "~/.avp/secrets.enc".into(),
    cipher: avp::Cipher::ChaCha20Poly1305,
}).await?;

// OS Keychain (recommended for most use cases)
let vault = Vault::with_backend(Backend::Keychain).await?;

// Hardware secure element (maximum security)
let vault = Vault::with_backend(Backend::Hardware {
    device: "/dev/ttyUSB0".into(),
}).await?;

// Remote vault (team/enterprise)
let vault = Vault::with_backend(Backend::Remote {
    url: "https://vault.company.com".into(),
    auth: avp::RemoteAuth::Token("hvs.xxx".into()),
}).await?;

Hardware Attestation

// Verify hardware device authenticity
let challenge = vault.hw_challenge().await?;
assert!(challenge.verified);

// Sign data without exposing the key
let signature = vault.hw_sign("anthropic_api_key", payload).await?;

// Generate compliance attestation
let attestation = vault.hw_attest("anthropic_api_key").await?;
println!("Attestation: {}", attestation.proof);

Migration

use avp::migration;

// Migrate from file to keychain
migration::migrate(
    Backend::File { path: "~/.avp/secrets.enc".into(), .. },
    Backend::Keychain,
).await?;

// Migrate from keychain to hardware
migration::migrate(
    Backend::Keychain,
    Backend::Hardware { device: "/dev/ttyUSB0".into() },
).await?;

Project Structure

avp-rs/
├── avp/                 # Core library
│   ├── src/
│   │   ├── lib.rs       # Public API
│   │   ├── vault.rs     # Vault implementation
│   │   ├── session.rs   # Session management
│   │   ├── backend/     # Backend implementations
│   │   │   ├── file.rs
│   │   │   ├── keychain.rs
│   │   │   ├── hardware.rs
│   │   │   └── remote.rs
│   │   ├── transport/   # Transport bindings
│   │   │   ├── library.rs
│   │   │   ├── usb.rs
│   │   │   ├── socket.rs
│   │   │   ├── http.rs
│   │   │   └── mcp.rs
│   │   └── crypto/      # Cryptographic primitives
│   └── Cargo.toml
├── avp-cli/             # CLI binary (re-exported from avp-protocol/avp-cli)
├── avp-mcp/             # MCP server binary
└── examples/            # Usage examples

Conformance

Level	Status
AVP Core	✅ Complete
AVP Full	✅ Complete
AVP Hardware	✅ Complete

Security

• All cryptographic operations use audited libraries (ring, rustcrypto)
• Memory is zeroed after use (zeroize crate)
• No unsafe code in the main library
• Fuzz tested with cargo-fuzz
• Regular dependency audits with cargo-audit

Contributing

See CONTRIBUTING.md for development setup and guidelines.

License

Apache 2.0 — see LICENSE.

---

Specification · Documentation · Issues