Tenuo

Tenuo is a capability authorization engine for AI Agents, built around cryptographically attenuating warrants—signed tokens that precisely specify which tools an Agent may invoke, under what parameter constraints, and for how long. Authorization is enforced at the tool-call boundary, so even if an Agent is compromised via prompt injection, it remains constrained by its warrant.

The core engine is implemented in Rust, delivering offline verification in under 50 μs. Authorization follows the principle of subtractive delegation—each step in a delegation chain can only narrow permissions, never expand them, enforced cryptographically. Eleven built-in constraint types cover path traversal protection (Subpath), SSRF prevention (UrlSafe), value bounds (Range), pattern matching (Pattern), and more, with core attenuation rules formally verified using Alloy and Z3.

Deployment options include in-process embedding and boundary enforcement points (sidecar/gateway). The Python SDK ships as pre-compiled wheels requiring no local Rust toolchain, with first-party integrations for OpenAI Agents SDK, Google ADK, LangChain, LangGraph, MCP, A2A, CrewAI, Temporal, AutoGen, and FastAPI. A native Rust crate, a WASM target, and a Kubernetes Helm Chart are also provided. Every authorization decision produces a signed audit receipt for compliance traceability.

The token format and delegation protocol are being standardized in the IETF OAuth Working Group. Current version: v0.1.0-beta.22, with stable core semantics.