Skip to content
AgentZero

Crate Map

Facade

Section titled “Facade”

agentzero

Section titled “agentzero”

Re-exports all sub-crates under a single namespace:

use agentzero::core::{AgentId, DataClassification};
use agentzero::policy::PolicyEngine;
use agentzero::session::Session;
use agentzero::mcp::McpServer;

Core

Section titled “Core”

agentzero-core

Section titled “agentzero-core”

Shared vocabulary: IDs, enums, types, secret handles, trust labels, redaction, model routing, encryption (AES-256-GCM), vault.

agentzero-policy

Section titled “agentzero-policy”

Rule-based policy engine with TOML loader. Deny-by-default. Evaluates capability + classification (and optionally runtime tier) against rules. First matching rule wins. Supports runtime-aware rules for WASM/MVM gating.

agentzero-audit

Section titled “agentzero-audit”

Audit event logging. JSONL file sink, encrypted sink, in-memory sink for tests. Every meaningful action emits an event.

Runtime

Section titled “Runtime”

agentzero-session

Section titled “agentzero-session”

Session engine tying together models, tools, policy, and audit. Includes:

  • AgentLoop — reusable agentic loop with send(), ApprovalHandler trait, ProgressHandler trait, configurable max_tool_rounds and max_output_bytes
  • ModelProvider trait with chat_with_tools(), chat_streaming(), health_check(), model_name()
  • Ollama provider (native API)
  • OpenAI-compatible provider (llama.cpp, vLLM, LM Studio, Groq, Together, DeepSeek)
  • Anthropic Claude provider (Messages API, anthropic.rs)
  • ModelsConfig loaded from .agentzero/models.json with dynamic provider instantiation
  • ProviderRouter::from_config() for dynamic provider loading
  • Multi-provider router with fallback
  • Retry with exponential backoff
  • Tool executor with policy checks
  • Skill executor with runtime routing (InstructionOnly, HostSupervised, WasmSandbox; MVM planned)
  • WASM execution via ToolExecutor::execute_wasm() (default wasm feature)
  • Host-supervised execution via shell_command with policy + audit
  • Agent loop with generate_and_register_tool() for runtime WASM codegen (agent_loop.rs)
  • DynamicToolRegistry for per-project tool storage with directory-based versioning (dynamic_tools.rs)
  • SessionHostCallbacks wiring WasmHostCallbacks to ToolExecutor with policy enforcement (wasm_host.rs)
  • WASM codegen via wasm-encoder templates (codegen.rs)
  • Context compaction

agentzero-tools

Section titled “agentzero-tools”

Tool registry with 7 built-in schemas (read, list, search, write, edit, shell, generate_tool).

agentzero-sandbox

Section titled “agentzero-sandbox”

Sandbox profiles (SandboxProfile, SandboxLimit, SandboxNetworkPolicy) plus the WASM runtime. The wasm feature is on by default; build with --no-default-features for a smaller binary without WASM. Wasmtime backend provides:

  • Fuel-based execution time limits (30s default)
  • Memory cap (64 MB default)
  • No ambient filesystem or network access
  • _start (WASI) and main() -> i32 entrypoints
  • Policy-gated via RuntimeTier::WasmSandbox
  • WasmHostCallbacks trait for injectable host functions (az::log, az::read_file, az::write_file)
  • WIT interface definition at crates/agentzero-sandbox/wit/az-host.wit
  • WASM modules with undeclared imports rejected before execution

agentzero-index

Section titled “agentzero-index”

Document indexing and semantic query engine. Behind the rag feature flag. Includes:

  • Text chunking via text-splitter (sentence/paragraph boundaries)
  • Embedding via Ollama /api/embed (zero external deps)
  • In-memory vector store with bincode serialization to disk
  • Cosine similarity search with top-k retrieval
  • File walker with extension-based filtering

Extensions

Section titled “Extensions”

agentzero-skills

Section titled “agentzero-skills”

Skill manifests, security scanner, report generator, skill registry with lockfile. Includes:

  • registry — manifest loading, lockfile management, checksum verification
  • package — tarball creation/extraction, SHA-256 checksums
  • remote — skill ref parsing (local/git/GitHub), release resolution
  • github — async GitHub API client for install and publish

agentzero-brain

Section titled “agentzero-brain”

Personal LLM wiki plugin. Manages a knowledge vault with daily notes, capture, query, ingest, review, weekly summaries, health diagnostics, git checkpoints, and status. Uses a BrainFs trait to abstract filesystem operations, enabling the same logic to run natively or inside the WASM sandbox via az::* host imports. Configured via .agentzero-brain.toml. The WASM guest crate lives at plugins/brain/.

agentzero-mcp

Section titled “agentzero-mcp”

MCP server (JSON-RPC 2.0 over stdio). Exposes tools to any MCP client. Now behind the optional mcp feature flag (see ADR 0014).

agentzero-acp

Section titled “agentzero-acp”

ACP adapter for custom editor integrations. JSON-RPC over stdio. Runs the full agentic loop via chat method (LLM inference + tool calls). Includes:

  • AcpNotification — server-initiated streaming events (token, tool_start, tool_result, requires_approval, context_compacted)
  • list_models, switch_model for dynamic model management
  • approve_action, cancel for interactive approval flow

Infrastructure

Section titled “Infrastructure”

agentzero-tracing

Section titled “agentzero-tracing”

Centralized tracing setup. Re-exports tracing macros. Configurable format (human/JSON).

agentzero-cli

Section titled “agentzero-cli”

CLI binary with all commands. Default run target.