HumanAssisted · Hendler · Mar 22, 2026 · Mar 21, 2026 · Mar 22, 2026 · Mar 22, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.9.10
+
+(unreleased)
+
 ## 0.9.9
 
 (unreleased)

diff --git a/binding-core/Cargo.toml b/binding-core/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "jacs-binding-core"
-version = "0.9.9"
+version = "0.9.10"
 edition = "2024"
 rust-version = "1.93"
 resolver = "3"
@@ -19,7 +19,7 @@ attestation = ["jacs/attestation"]
 pq-tests = []
 
 [dependencies]
-jacs = { version = "0.9.9", path = "../jacs" }
+jacs = { version = "0.9.10", path = "../jacs" }
 serde_json = "1.0"
 base64 = "0.22.1"
 serde = { version = "1.0", features = ["derive"] }

diff --git a/jacs-cli/Cargo.toml b/jacs-cli/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "jacs-cli"
-version = "0.9.9"
+version = "0.9.10"
 edition = "2024"
 rust-version = "1.93"
 description = "JACS CLI: command-line interface for JSON AI Communication Standard"
@@ -23,8 +23,8 @@ attestation = ["jacs/attestation"]
 keychain = ["jacs/keychain"]
 
 [dependencies]
-jacs = { version = "0.9.9", path = "../jacs" }
-jacs-mcp = { version = "0.9.9", path = "../jacs-mcp", features = ["mcp", "full-tools"], optional = true }
+jacs = { version = "0.9.10", path = "../jacs" }
+jacs-mcp = { version = "0.9.10", path = "../jacs-mcp", features = ["mcp", "full-tools"], optional = true }
 clap = { version = "4.5.4", features = ["derive", "cargo"] }
 rpassword = "7.3.1"
 reqwest = { version = "0.13.2", default-features = false, features = ["blocking", "json", "rustls"] }

diff --git a/jacs-cli/src/main.rs b/jacs-cli/src/main.rs
@@ -1105,10 +1105,17 @@ pub fn main() -> Result<(), Box<dyn Error>> {
     #[cfg(feature = "keychain")]
     let matches = matches.subcommand(
         Command::new("keychain")
-            .about("Manage private key passwords in the OS keychain")
+            .about("Manage private key passwords in the OS keychain (per-agent)")
             .subcommand(
                 Command::new("set")
-                    .about("Store a password in the OS keychain")
+                    .about("Store a password in the OS keychain for an agent")
+                    .arg(
+                        Arg::new("agent-id")
+                            .long("agent-id")
+                            .help("Agent ID to associate the password with")
+                            .value_name("AGENT_ID")
+                            .required(true),
+                    )
                     .arg(
                         Arg::new("password")
                             .long("password")
@@ -1117,13 +1124,37 @@ pub fn main() -> Result<(), Box<dyn Error>> {
                     ),
             )
             .subcommand(
-                Command::new("get").about("Retrieve the stored password (prints to stdout)"),
+                Command::new("get")
+                    .about("Retrieve the stored password for an agent (prints to stdout)")
+                    .arg(
+                        Arg::new("agent-id")
+                            .long("agent-id")
+                            .help("Agent ID to look up")
+                            .value_name("AGENT_ID")
+                            .required(true),
+                    ),
             )
             .subcommand(
-                Command::new("delete").about("Remove the stored password from the OS keychain"),
+                Command::new("delete")
+                    .about("Remove the stored password for an agent from the OS keychain")
+                    .arg(
+                        Arg::new("agent-id")
+                            .long("agent-id")
+                            .help("Agent ID whose password to delete")
+                            .value_name("AGENT_ID")
+                            .required(true),
+                    ),
             )
             .subcommand(
-                Command::new("status").about("Check if a password is stored in the OS keychain"),
+                Command::new("status")
+                    .about("Check if a password is stored for an agent in the OS keychain")
+                    .arg(
+                        Arg::new("agent-id")
+                            .long("agent-id")
+                            .help("Agent ID to check")
+                            .value_name("AGENT_ID")
+                            .required(true),
+                    ),
             )
             .arg_required_else_help(true),
     );
@@ -2092,16 +2123,8 @@ pub fn main() -> Result<(), Box<dyn Error>> {
                     env::set_var("JACS_PRIVATE_KEY_PASSWORD", &password);
                 }
 
-                // Store in OS keychain so future commands "just work"
-                #[cfg(feature = "keychain")]
-                {
-                    if jacs::keystore::keychain::is_available() {
-                        match jacs::keystore::keychain::store_password(&password) {
-                            Ok(()) => eprintln!("Password stored in OS keychain."),
-                            Err(e) => eprintln!("Warning: Could not store in OS keychain: {}", e),
-                        }
-                    }
-                }
+                // Note: keychain storage is handled by quickstart() after agent
+                // creation, when the agent_id is known.
             }
 
             let (agent, info) =
@@ -2541,6 +2564,7 @@ pub fn main() -> Result<(), Box<dyn Error>> {
 
             match keychain_matches.subcommand() {
                 Some(("set", sub)) => {
+                    let agent_id = sub.get_one::<String>("agent-id").unwrap();
                     let password = if let Some(pw) = sub.get_one::<String>("password") {
                         pw.clone()
                     } else {
@@ -2556,29 +2580,36 @@ pub fn main() -> Result<(), Box<dyn Error>> {
                         eprintln!("Error: {}", e);
                         process::exit(1);
                     }
-                    keychain::store_password(&password)?;
-                    eprintln!("Password stored in OS keychain.");
+                    keychain::store_password(agent_id, &password)?;
+                    eprintln!("Password stored in OS keychain for agent {}.", agent_id);
                 }
-                Some(("get", _)) => match keychain::get_password()? {
-                    Some(pw) => println!("{}", pw),
-                    None => {
-                        eprintln!("No password found in OS keychain.");
-                        process::exit(1);
+                Some(("get", sub)) => {
+                    let agent_id = sub.get_one::<String>("agent-id").unwrap();
+                    match keychain::get_password(agent_id)? {
+                        Some(pw) => println!("{}", pw),
+                        None => {
+                            eprintln!("No password found in OS keychain for agent {}.", agent_id);
+                            process::exit(1);
+                        }
                     }
-                },
-                Some(("delete", _)) => {
-                    keychain::delete_password()?;
-                    eprintln!("Password removed from OS keychain.");
                 }
-                Some(("status", _)) => {
+                Some(("delete", sub)) => {
+                    let agent_id = sub.get_one::<String>("agent-id").unwrap();
+                    keychain::delete_password(agent_id)?;
+                    eprintln!("Password removed from OS keychain for agent {}.", agent_id);
+                }
+                Some(("status", sub)) => {
+                    let agent_id = sub.get_one::<String>("agent-id").unwrap();
                     if keychain::is_available() {
-                        match keychain::get_password() {
+                        match keychain::get_password(agent_id) {
                             Ok(Some(_)) => {
                                 eprintln!("Keychain backend: available");
+                                eprintln!("Agent: {}", agent_id);
                                 eprintln!("Password: stored");
                             }
                             Ok(None) => {
                                 eprintln!("Keychain backend: available");
+                                eprintln!("Agent: {}", agent_id);
                                 eprintln!("Password: not stored");
                             }
                             Err(e) => {

diff --git a/jacs-duckdb/Cargo.toml b/jacs-duckdb/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "jacs-duckdb"
-version = "0.1.3"
+version = "0.1.4"
 edition = "2024"
 rust-version.workspace = true
 description = "DuckDB storage backend for JACS documents"
@@ -13,7 +13,7 @@ keywords = ["cryptography", "json", "duckdb", "storage"]
 categories = ["database", "data-structures"]
 
 [dependencies]
-jacs = { version = "0.9.9", path = "../jacs", default-features = false }
+jacs = { version = "0.9.10", path = "../jacs", default-features = false }
 duckdb = { version = "1.4", features = ["bundled", "json"] }
 serde_json = "1.0"
 

diff --git a/jacs-mcp/Cargo.toml b/jacs-mcp/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "jacs-mcp"
-version = "0.9.9"
+version = "0.9.10"
 edition = "2024"
 rust-version = "1.93"
 description = "MCP server for JACS: data provenance and cryptographic signing of agent state"
@@ -45,8 +45,8 @@ tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["fmt", "env-filter"] }
 rmcp = { version = "0.12", features = ["client", "server", "transport-io", "transport-child-process", "macros"], optional = true }
 tokio = { version = "1", features = ["rt-multi-thread", "macros", "process", "time"], optional = true }
-jacs = { version = "0.9.9", path = "../jacs", default-features = true }
-jacs-binding-core = { version = "0.9.9", path = "../binding-core", features = ["a2a"] }
+jacs = { version = "0.9.10", path = "../jacs", default-features = true }
+jacs-binding-core = { version = "0.9.10", path = "../binding-core", features = ["a2a"] }
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 schemars = "1.0"

diff --git a/jacs-mcp/contract/jacs-mcp-contract.json b/jacs-mcp/contract/jacs-mcp-contract.json
@@ -3,7 +3,7 @@
   "server": {
     "name": "jacs-mcp",
     "title": "JACS MCP Server",
-    "version": "0.9.9",
+    "version": "0.9.10",
     "website_url": "https://humanassisted.github.io/JACS/",
     "instructions": "This MCP server provides data provenance and cryptographic signing for agent state files and agent-to-agent messaging. Agent state tools: jacs_sign_state (sign files), jacs_verify_state (verify integrity), jacs_load_state (load with verification), jacs_update_state (update and re-sign), jacs_list_state (list signed docs), jacs_adopt_state (adopt external files). Memory tools: jacs_memory_save (save a memory), jacs_memory_recall (search memories by query), jacs_memory_list (list all memories), jacs_memory_forget (soft-delete a memory), jacs_memory_update (update an existing memory). Messaging tools: jacs_message_send (create and sign a message), jacs_message_update (update and re-sign a message), jacs_message_agree (co-sign/agree to a message), jacs_message_receive (verify and extract a received message). Agent management: jacs_create_agent (create new agent with keys), jacs_reencrypt_key (rotate private key password). A2A artifacts: jacs_wrap_a2a_artifact (sign artifact with provenance), jacs_verify_a2a_artifact (verify wrapped artifact), jacs_assess_a2a_agent (assess remote agent trust level). A2A discovery: jacs_export_agent_card (export Agent Card), jacs_generate_well_known (generate .well-known documents), jacs_export_agent (export full agent JSON). Trust store: jacs_trust_agent (add agent to trust store), jacs_untrust_agent (remove from trust store, requires JACS_MCP_ALLOW_UNTRUST=true), jacs_list_trusted_agents (list all trusted agent IDs), jacs_is_trusted (check if agent is trusted), jacs_get_trusted_agent (get trusted agent JSON). Attestation: jacs_attest_create (create signed attestation with claims), jacs_attest_verify (verify attestation, optionally with evidence checks), jacs_attest_lift (lift signed document into attestation), jacs_attest_export_dsse (export attestation as DSSE envelope). Security: jacs_audit (read-only security audit and health checks). Audit trail: jacs_audit_log (record events as signed audit entries), jacs_audit_query (search audit trail by action, target, time range), jacs_audit_export (export audit trail as signed bundle). Search: jacs_search (unified search across all signed documents)."
   },

diff --git a/jacs-postgresql/Cargo.toml b/jacs-postgresql/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "jacs-postgresql"
-version = "0.1.3"
+version = "0.1.4"
 edition = "2024"
 rust-version.workspace = true
 description = "PostgreSQL storage backend for JACS documents"
@@ -13,7 +13,7 @@ keywords = ["cryptography", "json", "postgresql", "storage"]
 categories = ["database", "data-structures"]
 
 [dependencies]
-jacs = { version = "0.9.9", path = "../jacs", default-features = false }
+jacs = { version = "0.9.10", path = "../jacs", default-features = false }
 sqlx = { version = "0.8.6", default-features = false, features = ["runtime-tokio-rustls", "postgres"] }
 tokio = { version = "1.0", features = ["rt-multi-thread"] }
 serde_json = "1.0"

diff --git a/jacs-redb/Cargo.toml b/jacs-redb/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "jacs-redb"
-version = "0.1.3"
+version = "0.1.4"
 edition = "2024"
 rust-version.workspace = true
 readme.workspace = true
@@ -13,7 +13,7 @@ categories.workspace = true
 description = "Redb (pure-Rust embedded KV) storage backend for JACS documents"
 
 [dependencies]
-jacs = { version = "0.9.9", path = "../jacs", default-features = false }
+jacs = { version = "0.9.10", path = "../jacs", default-features = false }
 redb = "3.1"
 chrono = "0.4.40"
 serde_json = "1.0"

diff --git a/jacs-surrealdb/Cargo.toml b/jacs-surrealdb/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "jacs-surrealdb"
-version = "0.1.3"
+version = "0.1.4"
 edition = "2024"
 rust-version.workspace = true
 description = "SurrealDB storage backend for JACS documents"
@@ -13,7 +13,7 @@ keywords = ["cryptography", "json", "surrealdb", "storage"]
 categories = ["database", "data-structures"]
 
 [dependencies]
-jacs = { version = "0.9.9", path = "../jacs", default-features = false }
+jacs = { version = "0.9.10", path = "../jacs", default-features = false }
 surrealdb = { version = "3.0.2", default-features = false, features = ["kv-mem"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"

diff --git a/jacs/Cargo.toml b/jacs/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "jacs"
-version = "0.9.9"
+version = "0.9.10"
 edition = "2024"
 rust-version = "1.93"
 resolver = "3"

diff --git a/jacs/docs/jacsbook/book/advanced/security.html b/jacs/docs/jacsbook/book/advanced/security.html
@@ -311,7 +311,7 @@ <h3 id="key-protection"><a class="header" href="#key-protection">Key Protection<
 export JACS_PRIVATE_KEY_PASSWORD="secure-password"
 
 # Option 2: OS keychain (recommended for developer workstations)
-jacs keychain set
+jacs keychain set --agent-id &lt;YOUR_AGENT_UUID&gt;
 </code></pre>
 <blockquote>
 <p><strong>Important</strong>: The CLI can prompt for the password during <code>jacs init</code>, but scripts and servers must set <code>JACS_PRIVATE_KEY_PASSWORD</code> as an environment variable or use the OS keychain.</p>
@@ -322,11 +322,11 @@ <h3 id="key-protection"><a class="header" href="#key-protection">Key Protection<
 <li><strong>macOS</strong>: Uses Security.framework (Keychain Access)</li>
 <li><strong>Linux</strong>: Uses the freedesktop.org D-Bus Secret Service API (GNOME Keyring, KDE Wallet, KeePassXC)</li>
 </ul>
-<p>Store your password once with <code>jacs keychain set</code>, and all subsequent JACS operations will find it automatically. The password resolution order is:</p>
+<p>Each password is keyed by agent ID, so multiple agents can coexist on the same machine without overwriting each other. Store your password once with <code>jacs keychain set --agent-id &lt;ID&gt;</code>, and all subsequent JACS operations will find it automatically. The password resolution order is:</p>
 <ol>
 <li><code>JACS_PRIVATE_KEY_PASSWORD</code> env var (highest priority -- explicit always wins)</li>
 <li><code>JACS_PASSWORD_FILE</code> / legacy <code>.jacs_password</code> file</li>
-<li>OS keychain (lowest priority among explicit sources)</li>
+<li>OS keychain keyed by agent ID (lowest priority among explicit sources)</li>
 </ol>
 <p>To disable keychain lookups (recommended for CI and headless environments):</p>
 <pre><code class="language-bash">export JACS_KEYCHAIN_BACKEND=disabled
@@ -622,7 +622,7 @@ <h3 id="2-password-handling"><a class="header" href="#2-password-handling">2. Pa
 export JACS_PRIVATE_KEY_PASSWORD="$(pass show jacs/key-password)"
 
 # Option B: Use OS keychain (developer workstations)
-jacs keychain set  # stores password securely in OS credential store
+jacs keychain set --agent-id &lt;AGENT_UUID&gt;  # stores password securely in OS credential store
 
 # Option C: Disable keychain for headless/CI environments
 export JACS_KEYCHAIN_BACKEND=disabled

diff --git a/jacs/docs/jacsbook/book/getting-started/quick-start.html b/jacs/docs/jacsbook/book/getting-started/quick-start.html
@@ -184,7 +184,7 @@ <h3 id="password-bootstrap"><a class="header" href="#password-bootstrap">Passwor
 export JACS_PRIVATE_KEY_PASSWORD='use-a-strong-password'
 
 # Option B: OS keychain (recommended for developer workstations)
-jacs keychain set   # prompts once, then all JACS commands find the password automatically
+jacs keychain set --agent-id &lt;YOUR_AGENT_UUID&gt;   # prompts once, then JACS finds the password automatically
 
 # Option C: Password file (CLI convenience)
 export JACS_PASSWORD_FILE=/secure/path/jacs-password.txt