jacs 0.10.1

JACS JSON AI Communication Standard
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

# JACS Rust Crate

Cryptographic identity, signing, and verification for agent systems.

**[Documentation](https://humanassisted.github.io/JACS/)** | **[Quick Start](https://humanassisted.github.io/JACS/getting-started/quick-start.html)** | **[API Reference](https://docs.rs/jacs/latest/jacs/)**

```bash
cargo add jacs
```

For the CLI and MCP server:

```bash
cargo install jacs-cli
```

## What it does

| Capability | Rust API |
|-----------|----------|
| Agent identity and signed JSON | `jacs::simple` |
| Inline Markdown/text signatures | `jacs::text` |
| PNG/JPEG/WebP provenance | `jacs::media` |
| RFC 5322 email signatures | `jacs::email` |
| Agreements, storage, DNS, and trust | Core crate modules |

## Quick start

```rust
use jacs::simple::{load, sign_message, verify};

load(None)?;

let signed = sign_message(&serde_json::json!({"action": "approve"}))?;
let result = verify(&signed.raw)?;

assert!(result.valid);
```

## Artifact provenance

```rust
use jacs::media::{sign_image, verify_image, SignImageOptions};
use jacs::text::{sign_text_file, verify_text_file, VerifyOptions};

// Markdown/text: append an inline signature block.
sign_text_file(&agent, "README.md")?;
let text = verify_text_file(
    &agent,
    "README.md",
    VerifyOptions { strict: false, key_dir: None },
)?;

// Images: embed a JACS signature in PNG iTXt, JPEG APP11, or WebP XMP.
sign_image(&agent, "photo.png", "signed.png", SignImageOptions::default())?;
let image = verify_image(
    &agent,
    "signed.png",
    VerifyOptions { strict: false, key_dir: None },
)?;
```

Email signing is Rust-only today:

```rust
use jacs::email::{sign_email, verify_email};

let raw_eml = std::fs::read("outgoing.eml")?;
let signed_eml = sign_email(&raw_eml, &agent)?;

let sender_public_key = agent.get_public_key()?;
let result = verify_email(&signed_eml, &agent, &sender_public_key)?;
assert!(result.valid);
```

## CLI

```bash
jacs quickstart --name my-agent --domain example.com
jacs document create -f mydata.json
jacs verify signed-document.json
jacs mcp                # start MCP server (stdio only)
```

## Security

- Password entropy validation for key encryption
- Private key zeroization on drop
- Algorithm identification embedded in signatures with downgrade prevention
- DNSSEC-aware identity verification paths
- Stdio-only MCP server; no network listener
- `pq2025` / ML-DSA-87 is the default for new agents

Report vulnerabilities to security@hai.ai.

## Links

- [Documentation](https://humanassisted.github.io/JACS/)
- [Rust API](https://docs.rs/jacs/latest/jacs/)
- [Crates.io](https://crates.io/crates/jacs)
- [Development Guide](../DEVELOPMENT.md)

**Version**: 0.10.1 | [Apache-2.0](../LICENSE-APACHE)