Skip to content

HumanAssisted/JACS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

624 Commits
.githooks
.githooks
 
 
.github
.github
 
 
Formula
Formula
 
 
binding-core
binding-core
 
 
docs
docs
 
 
examples
examples
 
 
jacs-cli
jacs-cli
 
 
jacs-duckdb
jacs-duckdb
 
 
jacs-mcp
jacs-mcp
 
 
jacs-postgresql
jacs-postgresql
 
 
jacs-redb
jacs-redb
 
 
jacs-surrealdb
jacs-surrealdb
 
 
jacs
jacs
 
 
jacsgo
jacsgo
 
 
jacsnpm
jacsnpm
 
 
jacspy
jacspy
 
 
scripts
scripts
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
A2A_QUICKSTART.md
A2A_QUICKSTART.md
 
 
AGENTS.md
AGENTS.md
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Cargo.toml
Cargo.toml
 
 
DEVELOPMENT.md
DEVELOPMENT.md
 
 
LICENSE
LICENSE
 
 
LICENSE-APACHE
LICENSE-APACHE
 
 
LICENSE-MIT
LICENSE-MIT
 
 
LINES_OF_CODE.md
LINES_OF_CODE.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
RELEASING.md
RELEASING.md
 
 
SECURITY.md
SECURITY.md
 
 
THIRD-PARTY-NOTICES
THIRD-PARTY-NOTICES
 
 
USECASES.md
USECASES.md
 
 
about.toml
about.toml
 
 
basic-schemas.png
basic-schemas.png
 
 
deny.toml
deny.toml
 
 
docker-compose.test.yml
docker-compose.test.yml
 
 
pre-commit
pre-commit
 
 
rustfmt.toml
rustfmt.toml
 
 
sloc.sh
sloc.sh
 
 

Repository files navigation

JACS

Cryptographic identity, data provenance, and trust for AI agents.

JACS gives every AI agent a verifiable identity, signs everything it produces, and lets any other agent or system verify who said what — without a central server.

cargo install jacs-cli | brew install jacs

For the HAI.AI platform (agent email, benchmarks, leaderboard), see haiai.

Rust License Crates.io npm PyPI Rust 1.93+ Homebrew

What JACS does

Capability What it means
Agent Identity Generate a cryptographic keypair that uniquely identifies your agent. Post-quantum ready (ML-DSA-87/FIPS-204) by default.
Data Provenance Sign any JSON document or file. Every signature is tamper-evident — anyone can verify the content hasn't been modified and who produced it.
Agent Trust Verify other agents' identities, manage a local trust store, and establish trust policies (open, verified, strict) for cross-agent interactions.

Quick start

cargo install jacs-cli

export JACS_PRIVATE_KEY_PASSWORD='your-password'
jacs quickstart --name my-agent --domain example.com
jacs document create -f mydata.json
jacs verify signed-document.json

Or via Homebrew:

brew tap HumanAssisted/homebrew-jacs
brew install jacs

MCP server

JACS includes a built-in MCP server for AI tool integration (Claude Desktop, Cursor, Claude Code, etc.):

jacs mcp
{
  "mcpServers": {
    "jacs": {
      "command": "jacs",
      "args": ["mcp"]
    }
  }
}

The MCP server uses stdio transport only — no HTTP endpoints. This is a deliberate security choice: the server holds the agent's private key, so it runs as a subprocess of your MCP client. The key never leaves the local process and no ports are opened.

Core profile (default) — 7 tool families: state, document, trust, audit, memory, search, key.

Full profile (jacs mcp --profile full) — adds agreements, messaging, A2A, and attestation tools.

Core operations

Operation What it does
Create Generate an agent identity with a cryptographic keypair
Sign Attach a tamper-evident signature to any JSON payload or file
Verify Prove a signed document is authentic and unmodified
Export Share your agent's public key or signed documents with others

Use cases

Local provenance — An agent creates, signs, verifies, and exports documents locally. No server required.

Trusted local memory — Store agent memories, plans, configs as signed documents with searchable metadata and visibility controls (public/private/restricted).

Platform workflows — Use the same JACS identity with haiai to register with HAI.AI, send signed email, and run benchmarks.

Multi-agent trust — Agreements with quorum signing, A2A interoperability, attestation chains, and DNS-verified identity discovery.

When you DON'T need JACS

  • Single developer, single service. Standard logging is fine.
  • Internal-only prototypes. No trust boundaries, no value in signing.
  • Simple checksums. If you only need to detect accidental corruption, use SHA-256.

JACS adds value when data crosses trust boundaries — between organizations, between services with different operators, or into regulated audit trails.

Features

  • Post-quantum ready — ML-DSA-87 (FIPS-204) default, with Ed25519 and RSA-PSS.
  • Cross-language — Sign in Rust, verify in Python or Node.js. Tested on every commit.
  • Pluggable storage — Filesystem, SQLite, PostgreSQL, DuckDB, SurrealDB, Redb.
  • Document visibilitypublic, private, or restricted access control.
  • Trust policiesopen, verified (default), or strict modes.
  • Multi-agent agreements — Quorum signing, timeouts, algorithm requirements (feature-gated).
  • A2A interoperability — Every JACS agent is an A2A agent with zero config (feature-gated).

Language bindings (experimental)

The MCP server and CLI are the recommended integration paths. Native bindings exist for direct library use:

Language Install Status
Python pip install jacs Experimental
Node.js npm install @hai.ai/jacs Experimental
Go go get github.com/HumanAssisted/JACS/jacsgo Experimental

See DEVELOPMENT.md for library APIs, framework adapters, and build instructions.

Security

  • Private keys are encrypted with password-based key derivation.
  • MCP server is stdio-only — no network exposure.
  • 260+ automated tests covering cryptographic operations, password validation, agent lifecycle, DNS verification, and attack scenarios.
  • Post-quantum default — ML-DSA-87 (FIPS-204) composite signatures.

Report vulnerabilities to security@hai.ai. Do not open public issues for security concerns.

Links

v0.9.7 | Apache-2.0 OR MIT | Third-Party Notices

About

HAI.AI JSON client libraries and the reference implementation of JACS (JSON Agent Communication Standard)

Resources

Readme

License

Unknown and 2 other licenses found

Licenses found

Unknown
LICENSE
Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Security policy

Security policy
Activity
Custom properties

Stars

10 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 14

JACS CLI v0.9.13 Latest
Mar 28, 2026
+ 13 releases

Packages

 
 
 

Contributors

Languages