Phase: 7 (Enterprise Reality) Status: Initial draft.
pip install authgate # pure Python, no build toolchain
pip install maturin && cd authgate-kernel && pip install . # with Rust kernelfrom authgate.kernel.verifier import FreedomVerifier
from authgate.kernel.registry import OwnershipRegistry
from authgate.kernel.audit import AuditLog
log = AuditLog(path="/var/log/kernel.jsonl")
registry = OwnershipRegistry()
# ... register machines, add claims ...
verifier = FreedomVerifier(registry, audit_log=log)Run the verifier as an isolated sidecar process alongside each agent:
Agent Process ──── gRPC/IPC ───► Verifier Sidecar
│
OwnershipRegistry
│
AuditLog (file)
Benefits: process isolation, minimal attack surface, OS-level boundary.
Embed the verifier directly in the agent process:
verifier = FreedomVerifier(registry.freeze())Benefits: zero latency, simpler deployment. Risk: a memory-safety bug in orchestration code is in the same process as the gate.
Multi-node with consensus-backed revocation. See formal/distributed/.
- Use
registry.freeze()before passing to verifier — eliminates TOCTOU - Set
expires_aton all machine claims — no perpetual claims - Use
AuditLog(path=...)— not in-memory only - Call
AuditLog.verify_chain()on log rotation - Use KMS-backed ed25519 key for production (not in-memory default)
- Run verifier with seccomp/AppArmor profile (no network, minimal filesystem)
- Pin dependency versions — check
cargo auditin CI
| Operation | Target | Typical (Rust) |
|---|---|---|
verify() — permit path |
< 5 µs | ~2 µs |
verify() — blocked (flag) |
< 1 µs | ~0.3 µs |
| Registry, 10k claims (indexed) | < 10 µs | ~3 µs (O(1) lookup) |
| Cascading revocation, 100 agents | < 1 ms | ~600 µs |
| Variable | Default | Description |
|---|---|---|
FREEDOM_KERNEL_MAX_DEPTH |
16 | Maximum delegation chain depth |
FREEDOM_KERNEL_REPLAY_WINDOW |
30 | Signature replay window in seconds |
FREEDOM_KERNEL_AUDIT_PATH |
None | Path to audit log file |