Home Original page

GitHub - HumanAssisted/JACS: HAI.AI JSON client libraries and the reference implementation of JACS (JSON Agent Communication Standard)

Cryptographic identity, data provenance, and trust for AI agents.

JACS gives every AI agent a verifiable identity, signs everything it produces, and lets any other agent or system verify who said what — without a central server.

cargo install jacs-cli | brew install jacs

For the HAI.AI platform (agent email, benchmarks, leaderboard), see haiai.

Rust License Crates.io npm PyPI Rust 1.93+ Homebrew

What JACS does

Capability What it means
Agent Identity Generate a cryptographic keypair that uniquely identifies your agent. Post-quantum ready (ML-DSA-87/FIPS-204) by default.
Data Provenance Sign any JSON document or file. Every signature is tamper-evident — anyone can verify the content hasn't been modified and who produced it.
Agent Trust Verify other agents' identities, manage a local trust store, and establish trust policies (open, verified, strict) for cross-agent interactions.

Quick start

cargo install jacs-cli

export JACS_PRIVATE_KEY_PASSWORD='your-password'
jacs quickstart --name my-agent --domain example.com
jacs document create -f mydata.json
jacs verify signed-document.json

Or via Homebrew:

brew tap HumanAssisted/homebrew-jacs
brew install jacs

MCP server

JACS includes a built-in MCP server for AI tool integration (Claude Desktop, Cursor, Claude Code, etc.):

{
  "mcpServers": {
    "jacs": {
      "command": "jacs",
      "args": ["mcp"]
    }
  }
}

The MCP server uses stdio transport only — no HTTP endpoints. This is a deliberate security choice: the server holds the agent's private key, so it runs as a subprocess of your MCP client. The key never leaves the local process and no ports are opened.

Core profile (default) — 7 tool families: state, document, trust, audit, memory, search, key.

Full profile (jacs mcp --profile full) — adds agreements, messaging, A2A, and attestation tools.

Core operations

Operation What it does
Create Generate an agent identity with a cryptographic keypair
Sign Attach a tamper-evident signature to any JSON payload or file
Verify Prove a signed document is authentic and unmodified
Export Share your agent's public key or signed documents with others

Use cases

Local provenance — An agent creates, signs, verifies, and exports documents locally. No server required.

Trusted local memory — Store agent memories, plans, configs as signed documents with searchable metadata and visibility controls (public/private/restricted).

Platform workflows — Use the same JACS identity with haiai to register with HAI.AI, send signed email, and run benchmarks.

Multi-agent trust — Agreements with quorum signing, A2A interoperability, attestation chains, and DNS-verified identity discovery.

When you DON'T need JACS

  • Single developer, single service. Standard logging is fine.
  • Internal-only prototypes. No trust boundaries, no value in signing.
  • Simple checksums. If you only need to detect accidental corruption, use SHA-256.

JACS adds value when data crosses trust boundaries — between organizations, between services with different operators, or into regulated audit trails.

Features

  • Post-quantum ready — ML-DSA-87 (FIPS-204) default, with Ed25519 and RSA-PSS.
  • Cross-language — Sign in Rust, verify in Python or Node.js. Tested on every commit.
  • Pluggable storage — Filesystem, SQLite, PostgreSQL, DuckDB, SurrealDB, Redb.
  • Document visibilitypublic, private, or restricted access control.
  • Trust policiesopen, verified (default), or strict modes.
  • Multi-agent agreements — Quorum signing, timeouts, algorithm requirements (feature-gated).
  • A2A interoperability — Every JACS agent is an A2A agent with zero config (feature-gated).

Language bindings (experimental)

The MCP server and CLI are the recommended integration paths. Native bindings exist for direct library use:

Language Install Status
Python pip install jacs Experimental
Node.js npm install @hai.ai/jacs Experimental
Go go get github.com/HumanAssisted/JACS/jacsgo Experimental

See DEVELOPMENT.md for library APIs, framework adapters, and build instructions.

Security

  • Private keys are encrypted with password-based key derivation.
  • MCP server is stdio-only — no network exposure.
  • 260+ automated tests covering cryptographic operations, password validation, agent lifecycle, DNS verification, and attack scenarios.
  • Post-quantum default — ML-DSA-87 (FIPS-204) composite signatures.

Report vulnerabilities to security@hai.ai. Do not open public issues for security concerns.

Links

v0.9.7 | Apache-2.0 OR MIT | Third-Party Notices