AATP is a zero-dependency, forbid(unsafe) binary transport protocol engineered specifically for autonomous agent communication. It prioritizes deterministic performance, memory safety, and verifiable integrity.
AATP is built on the principle of Structural Assurance. Rather than relying on complex, black-box macros or heavy dependencies, AATP provides a transparent, audited interface.
- Audited Integrity: 100% mutation-tested coverage (0 survivors).
- Embedded Ready:
no_stdcompatible, verified onthumbv7em-none-eabihf. - Zero-Dependency: No external serialization crates or bloat.
- Fail-Closed: Designed for high-assurance environments where memory corruption is not an option.
AATP has undergone an adversarial deep-audit by autonomous agents and exhaustive mutation testing.
| Finding | Severity | Fix |
|---|---|---|
| Comparative speed claim (unbacked) | High | Softened to structural argument |
| Dead repository URL | Med | Removed / Updated |
| Macro E0392 (all-scalar struct) | Med | Added no-lifetime macro arm |
| Macro hollow coverage (u16 arm) | Low-Med | Added dedicated test case |
| Dictionary pinning typo | Low-Med | Implemented snapshot tests |
| Target/ build artifact cruft | Low | Cleaned & .gitignore fixed |
| CRC vs. Authentication scope | Low | Added explicit security caveats |
Verified empirically: every 1-bit corruption in the dictionary, XOR key, or boundary offsets triggers an immediate test failure. The tests/fuzz.rs harness backs this with a deterministic property/fuzz pass — thousands of random inputs per run assert no parser panics and that every round-trip is an identity.
Define your agent messages with the aatp_message! macro and get an allocation-free codec for free:
use aatp::aatp_message;
aatp_message! {
pub struct Ping {
seq: u64,
code: u16,
}
}
let ping = Ping { seq: 42, code: 7 };
let mut buf = [0u8; 32];
let n = ping.encode(&mut buf).unwrap();
assert_eq!(Ping::decode(&buf[..n]).unwrap(), ping);String and byte fields are decoded zero-copy — they borrow from the input buffer, no allocation:
use aatp::aatp_message;
aatp_message! {
pub struct ToolCall<'a> {
id: u64,
tool: str,
args: str,
}
}
let call = ToolCall { id: 7, tool: "web_search", args: "{\"q\":\"aatp\"}" };
let mut buf = [0u8; 128];
let n = call.encode(&mut buf).unwrap();
assert_eq!(ToolCall::decode(&buf[..n]).unwrap(), call); // `tool`/`args` borrow `buf`Or frame an arbitrary payload for the wire — magic, version, length, and CRC32C all verified on decode:
let mut frame = vec![0u8; aatp::OVERHEAD + payload.len()];
let n = aatp::encode(0x02, &payload, &mut frame)?; // [Magic][Ver][Type][Len][Payload][CRC32C]
let pkt = aatp::decode(&frame[..n])?; // magic, version, length, CRC all checked| Module | What |
|---|---|
lib |
Frame codec — [Magic][Version][Type][Length][Payload][CRC32C], table-driven CRC32C |
codec + aatp_message! |
Safe typed Writer/Reader cursors and a macro that generates a struct's codec |
message |
A ready AgentMessage payload (id, role, name, content, tokens) |
state |
Session machine Handshake → Active → Closed; refuses out-of-order frames |
dict |
Compile-time dictionary compression — recompile with your vocabulary |
shadow |
Reversible XOR keystream — obfuscation, see the warning |
[dependencies]
aatp = "0.1"AATP's edge is structural: it skips a text format's tokenizing and per-string allocation entirely and decodes by borrowing fields in place, so on streams of many small structured messages (tool calls, status, turns) there is simply less work per message — while also carrying an integrity checksum a text format never does. On bulk, paragraph-sized payloads that edge narrows: a checksummed binary format is byte-throughput-bound. This crate ships no cross-format benchmark; benches/deser.rs reports AATP's own throughput. The comparison above is an argument from structure, not a measured claim.
shadow XORs the payload with a keystream. It is exactly reversible and hides bytes from a casual glance, but a static-key XOR stream is trivially broken (known-plaintext recovers the keystream; two messages under one key reveal each other) and is unauthenticated. Do not use it for confidentiality. For real secrecy use a vetted authenticated-encryption (AEAD) construction. Its 100% mutation coverage proves it is correct and reversible — not secret.
Likewise, the frame's CRC32C detects accidental corruption, not a malicious sender — an attacker can recompute it. Pair AATP with a MAC/AEAD if you need to trust the peer, not merely detect line noise.
"100% mutation coverage" means zero survivors under the mutation operator set used to audit it — comparison/boolean/arithmetic swaps, condition forcing, and unary-negation removal. It is a strong signal, not a proof of total correctness: the operator set does not, for example, mutate integer literals, so wide constant tables (the CRC32C table, the SplitMix64 keystream, the dictionary) are additionally pinned by explicit known-answer, snapshot, and digest tests. A green build means the tested behaviour is genuinely pinned — it does not mean "provably bug-free."
MIT.