jacs 0.9.4

JACS JSON AI Communication Standard
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

# JACS: JSON Agent Communication Standard

Cryptographic signing and verification for AI agents.

**[Documentation](https://humanassisted.github.io/JACS/)** | **[Quick Start](https://humanassisted.github.io/JACS/getting-started/quick-start.html)** | **[API Reference](https://humanassisted.github.io/JACS/nodejs/api.html)**

```bash
cargo install jacs-cli
```

## Quick Start

```rust
use jacs::simple::{load, sign_message, verify};

// Load agent
load(None)?;

// Sign a message
let signed = sign_message(&serde_json::json!({"action": "approve"}))?;

// Verify it
let result = verify(&signed.raw)?;
assert!(result.valid);
```

## 6 Core Operations

| Operation | Description |
|-----------|-------------|
| `create()` | Create a new agent with keys |
| `load()` | Load agent from config |
| `verify_self()` | Verify agent integrity |
| `sign_message()` | Sign JSON data |
| `sign_file()` | Sign files with embedding |
| `verify()` | Verify any signed document |

## Features

- RSA, Ed25519, and post-quantum (ML-DSA) cryptography
- JSON Schema validation
- Multi-agent agreements
- Signed agent state (memory, skills, plans, configs, hooks, or any document)
- Commitments (shared signed agreements between agents)
- Todo lists (private signed task tracking with cross-references)
- Conversation threading (ordered, signed message chains)
- Verified document storage via filesystem and local `rusqlite` search/indexing
- Trait-based storage interfaces with additional backends in separate crates
- MCP and A2A protocol support
- Python, Go, and NPM bindings

## CLI

```bash
jacs create              # Create new agent
jacs sign-message "hi"   # Sign a message
jacs sign-file doc.pdf   # Sign a file
jacs verify doc.json     # Verify a document
```

## Security

**Security Hardening**: This library includes:
- Password entropy validation for key encryption (minimum 28 bits, 35 bits for single character class)
- Thread-safe environment variable handling
- TLS certificate validation (strict by default; set `JACS_STRICT_TLS=false` only for local development)
- Private key zeroization on drop
- Algorithm identification embedded in signatures
- Verification claim enforcement with downgrade prevention
- DNSSEC-validated identity verification for verified agents

**Test Coverage**: JACS includes 260+ automated tests covering cryptographic operations (RSA, Ed25519, post-quantum ML-DSA), password validation, agent lifecycle, DNS identity verification, trust store operations, and claim-based security enforcement. Security-critical paths are tested with boundary conditions, failure cases, and attack scenarios (replay attacks, downgrade attempts, key mismatches).

**Reporting Vulnerabilities**: Please report security issues responsibly.
- Email: security@hai.ai
- Do **not** open public issues for security vulnerabilities
- We aim to respond within 48 hours

**Dependency audit**: To check Rust dependencies for known vulnerabilities, run: `cargo install cargo-audit && cargo audit`.

**Best Practices**:
- Do not put the private key password in config; set `JACS_PRIVATE_KEY_PASSWORD` only.
- Use strong passwords (12+ characters with mixed case, numbers, symbols)
- Store private keys securely with appropriate file permissions
- Keep JACS and its dependencies updated

## Links

- [Documentation](https://humanassisted.github.io/JACS/)
- [Rust API](https://docs.rs/jacs/latest/jacs/)
- [Python](https://pypi.org/project/jacs/)
- [Crates.io](https://crates.io/crates/jacs)

**Version**: 0.9.4 | [HAI.AI](https://hai.ai)