arf.io / ARF / SDK & API
ARF · SDK & Programmatic API

Build on
the watchdog.

Rust SDK for programmatic access to governance state, audit trails, and agent orchestration. Python plugin API for Blender and Fusion 360. MCP as the SDK for AI agents. Everything the TUI can do, your code can do too.

Rust SDK

ArfClient.
The full surface, in Rust.

The arf-sdk crate provides an async Rust client for the ARF proxy HTTP API. It covers governance queries, provenance reading, session management, and agent dispatch.

# Cargo.toml [dependencies] arf-sdk = "0.1" tokio = { version = "1", features = ["full"] }

Connecting

use arf_sdk::ArfClient; let client = ArfClient::connect("http://localhost:4554").await?; // or from environment: let client = ArfClient::from_env().await?; // reads ARF_PROXY_ADDR

Governance Status

let status = client.governance().status().await?; println!("Profile: {}, active rules: {}", status.profile, status.rules.len()); // Check whether an action would be allowed before submitting let check = client.governance().check_action(&GovernanceCheck { tool: "Write".into(), path: Some("src/auth/session.ts".into()), ..Default::default() }).await?; match check.outcome { Outcome::Allow => println!("Auto-approved"), Outcome::Approve => println!("Needs human approval"), Outcome::Deny => println!("Denied: {}", check.message.unwrap()), }

Reading Provenance

use arf_sdk::{ProvenanceFilter}; // Fetch all governance events from a session let events = client .provenance() .session("01HX4Q…AB12") .filter(ProvenanceFilter::Governance) .fetch() .await?; for event in &events { println!("{}: {} → {}", event.timestamp, event.event_type, event.ulid); } // Verify chain integrity let result = client.provenance().verify_session("01HX4Q…AB12").await?; assert!(result.is_valid, "Chain invalid: {}", result.error.unwrap_or_default());

Launching an Agent Session

use arf_sdk::{RunnerKind, SubmitOptions}; let session = client.submit() .runner(RunnerKind::Claude) .prompt("Implement rate limiting for the auth endpoints") .profile("standard") .worktree(true) .dispatch() .await?; println!("Session: {} ({})", session.call_sign, session.session_id); // Stream output let mut stream = session.output_stream().await?; while let Some(chunk) = stream.next().await { print!("{}", chunk?); }

Key Methods

Governance
governance().status()
governance().check_action(&check)
governance().rules()
governance().circuit_breakers()
governance().reset_breaker(name)
governance().health_grade(session_id)
Provenance
provenance().fetch(session_id)
provenance().verify_session(id)
provenance().export_bundle(id, path)
provenance().session_list()
provenance().event(ulid)
Sessions & Agents
submit().runner(kind).prompt(s).dispatch()
sessions().list()
sessions().kill(session_id)
sessions().resume(session_id)
steer().pause(session_id)
steer().redirect(session_id, prompt)
Tasks & Knowledge
tasks().list(status?, owner?)
tasks().checkout_next()
tasks().checkin(id, outcome)
knowledge().query(q, min_dikw?)
knowledge().add(content, scope)
knowledge().attest(fact_id, evidence)
MCP as SDK for Agents

Agents call ARF tools.
From inside their own session.

For agents running under ARF governance, the MCP server is the primary API. An agent that needs to check its own governance status, claim a task from the work queue, or spawn a sub-agent calls ARF MCP tools directly. No HTTP client needed.

# From inside a Claude Code session with ARF MCP configured: # Check what governance applies to me governance_check_action({ tool: "Write", path: "src/auth.ts" }) # → { outcome: "require_approval", rule: "approve-file-writes" } # Claim the next available task arf_task_checkout_next() # → { id: "T-042", title: "Add rate limiting to auth endpoints", priority: 1 } # Write a fact to shared memory knowledge_add({ content: "The auth module uses crypto.randomUUID for session tokens as of 2026-05-31", scope: "project", fact_type: "decision", confidence: 0.9 }) # Spawn a sub-agent for a subtask arf_run_codex({ prompt: "Write tests for the rate limiter" })

See the MCP page for the full tool reference and configuration instructions.

Python Plugin API

Blender. Fusion 360.
Binary provenance for 3D work.

ARF ships Python plugins for Blender and Autodesk Fusion 360. Each plugin integrates with the application's save/modify events and records binary provenance using ARF's begin / modify / commit protocol.

Installation

One command per application.

# Install Blender plugin arf plugins install blender # Installs to ~/Library/Application Support/Blender/.../addons/arf/ # Enable in Blender: Edit → Preferences → Add-ons → ARF Provenance # Install Fusion 360 plugin arf plugins install fusion360 # Installs to the Fusion 360 add-ins directory # Enable: Tools → Add-Ins → ARF Provenance
# The begin/modify/commit protocol # ARF Python plugin API (same for Blender & Fusion) import arf # Called when you open a file arf.begin( path="/projects/hero-model.blend", session_id="current-arf-session" ) # Called on each significant modification arf.modify( description="Added subdivision surface modifier", object_name="HeroMesh" ) # Called when you save / close arf.commit( path="/projects/hero-model.blend", message="Roughness pass on hero model" ) # Records: size, sha256, git commit, session_id

The protocol produces provenance records that integrate with the session's Merkle DAG. Binary files get the same tamper-evident hash chain as code changes. If a render artifact, texture, or CAD model changes unexpectedly, the deviation is detectable in the audit trail.

HTTP API

The proxy HTTP surface.
For any language.

The ARF proxy exposes a JSON HTTP API at http://localhost:4554/_arf/. The Rust SDK is a thin wrapper over this API. Any HTTP client in any language can call it directly.

# Proxy status GET /_arf/status # Governance GET /_arf/governance/status POST /_arf/governance/check # body: { tool, path?, args? } GET /_arf/governance/rules GET /_arf/governance/circuit-breakers POST /_arf/governance/circuit-breakers/:name/reset # Sessions GET /_arf/sessions POST /_arf/sessions # body: { runner, prompt, profile? } DELETE /_arf/sessions/:id # kill session GET /_arf/sessions/:id/output # stream output (SSE) # Provenance GET /_arf/provenance/:session_id GET /_arf/provenance/:session_id/verify POST /_arf/provenance/:session_id/export # body: { compliance? } # Audit log GET /_arf/audit?session=...&filter=...&last=N # Tasks GET /_arf/tasks?status=...&owner=... POST /_arf/tasks/:id/checkout POST /_arf/tasks/:id/checkin # body: { outcome, notes? }