Metadata-Version: 2.4
Name: jadegate
Version: 1.2.1
Summary: Deterministic Security for AI Agent Skills — 109 verified skills with Ed25519 signature chain
Author: JadeGate
License: Apache-2.0
Project-URL: Homepage, https://jadegate.io
Project-URL: Repository, https://github.com/JadeGate/jade-core
Project-URL: Documentation, https://jadegate.io
Keywords: ai,agent,security,mcp,skills,verification,tool-discovery
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Provides-Extra: fast
Requires-Dist: cryptography>=41.0; extra == "fast"
Dynamic: license-file

<div align="center">

# 💠 JadeGate

**Deterministic Security for AI Agent Skills**

*Think Terraform, but for AI agent tools.*

*"Code is fluid. Jade is solid."*

*玉印既定，万法不侵。*

[![PyPI](https://img.shields.io/pypi/v/jadegate?color=jade&label=pip%20install%20jadegate)](https://pypi.org/project/jadegate/)
[![Skills](https://img.shields.io/badge/skills-109%20verified-jade)](CATALOG.md)
[English | [中文](README_CN.md)]

[![License](https://img.shields.io/badge/license-Apache%202.0-blue)](LICENSE)
[![Zero Dependencies](https://img.shields.io/badge/dependencies-zero-brightgreen)]()

</div>

---

## What is JadeGate?

**JADE** (JSON-based Agent Deterministic Execution) is a zero-trust security protocol for AI agent skills.

Every skill is a pure JSON file — non-Turing-complete, structurally verifiable, mathematically provable safe.

No `eval()`. No `exec()`. No `import`. No escape.

```
羌笛何须怨杨柳，春风不度玉门关。
Malicious code shall not pass the JadeGate.
```

## Why?

AI agents need tools. Every approach has trade-offs — here's how they compare:

| | Function Calling | Evo.ninja | MCP | JadeGate |
|---|---|---|---|---|
| Format | Provider-defined functions | Closed-source agents | Arbitrary code | Pure JSON |
| Verification | None — trust the code | Opaque | Trust the server | 5-layer deterministic proof |
| Source model | Open (per provider) | Closed-source | Open or closed | Open-source (Apache 2.0) |
| Execution | Provider cloud | Centralized (their infra) | Server-dependent | Local, zero external dependencies |
| Signatures | None | N/A | None | Ed25519 chain of trust |
| Sandbox | None | Platform-managed | Server-dependent | Enforced by protocol |
| Dependencies | Provider SDK | Requires their compute | Runtime-dependent | Zero |

Each approach serves different needs. Function Calling is the simplest integration path. Evo.ninja offers managed agent orchestration. MCP provides a flexible server protocol. JadeGate focuses on deterministic verification — every skill is a pure JSON file that can be mathematically proven safe before execution.

## Before & After

**❌ BEFORE — Typical AI agent tool (Python):**

```python
def search_and_notify(query, channel):
    try:
        result = eval(f"search('{query}')")  # injection risk
        subprocess.run(f"curl -X POST {webhook}", shell=True)  # no sandbox
    except Exception:
        pass  # silent failure, no verification
    # No signature. No audit trail. No guarantees.
```

**✅ AFTER — JadeGate skill (pure JSON):**

```json
{
  "jade_version": "1.0.0",
  "skill_id": "search_and_notify",
  "execution_dag": {
    "nodes": [
      {"id": "search", "type": "mcp_brave_search", "input": {"query": "$input.query"}},
      {"id": "notify", "type": "mcp_slack_post", "input": {"channel": "$input.channel", "text": "$search.output"}}
    ],
    "edges": [{"from": "search", "to": "notify"}]
  },
  "security": {"sandbox": "strict", "network_whitelist": ["api.brave.com", "slack.com"]}
}
```

Same functionality. Verifiable. Sandboxed. Signed. No code execution.

## 🔒 100% Offline & Air-Gapped Ready

JadeGate requires **zero network calls** for verification. Everything is local, pure math.

- **Ed25519 signatures** — verified locally, no certificate authority needed
- **DAG validation** — graph analysis runs entirely in-process
- **No cloud dependency** — no telemetry, no phone-home, no license server
- **No data leaves your machine** — ever

Perfect for:
- 🏛️ **Classified environments** — air-gapped networks, government systems
- 🏥 **Healthcare (HIPAA)** — patient data never touches external services
- 🏦 **Finance (SOX)** — audit-ready, deterministic verification
- 🏢 **On-premise enterprise** — runs behind your firewall, no exceptions

Install once, verify forever. No internet required after `pip install`.

## Quick Start

```bash
pip install jadegate
```

```bash
# Browse all verified skills
jade list

# Search for what you need
jade search "github"

# Check skill details
jade info mcp_brave_search

# Verify any skill file
jade verify my_skill.json

# System status
jade status
```

## 🤖 AI Agent Auto-Discovery

After installing JadeGate, AI agents can automatically discover and use all 109 skills.

### MCP Server (Claude Desktop / Cursor / Windsurf)

One line in your MCP config — the LLM sees all skills instantly:

```json
{
  "mcpServers": {
    "jadegate": {
      "command": "jade",
      "args": ["mcp-serve"]
    }
  }
}
```

The LLM gets 6 tools: `jade_search`, `jade_list`, `jade_info`, `jade_verify`, `jade_compose`, `jade_doctor`. It will use them automatically when it needs to find or verify skills.

### Python Agent Frameworks (LangChain / CrewAI / AutoGPT)

```python
import jade_core
jade_core.activate()  # Scans env, generates .well-known/jade.json
```

### One-Command Setup (Any Platform)

```bash
pip install jadegate
jade init
```

`jade init` auto-detects your OS (Windows/macOS/Linux), caches all skills locally, scans your API keys, and shows you exactly what's ready to use.

### Environment Scan

```bash
jade doctor
```

```
💠 JadeGate Doctor
==================================================
🔑 Detected API Keys:
   ✓ GITHUB_TOKEN → 5 skills ready
   ✓ SLACK_TOKEN → 2 skills ready
📁 Detected Project Files:
   ✓ package.json → mcp_npm_search
💡 8 skills ready to use
```

## 5-Layer Verification

Every skill passes through 5 deterministic security layers:

```
Layer 1: Schema Validation     — Structure must be valid JADE JSON
Layer 2: DAG Integrity         — Execution graph must be acyclic, no loops
Layer 3: Security Policy       — Sandbox, network whitelist, permissions
Layer 4: Injection Detection   — No code injection, no template attacks
Layer 5: Cryptographic Seal    — Ed25519 signature chain verification
```

All layers are deterministic. Same input → same result. Every time.

## Trust Hierarchy

JadeGate uses a layered trust model with cryptographic signatures at every level:

### 💠 Root Seal — Project Authority

The highest level of trust. The JadeGate root key signs all 109 official skills. Root-sealed skills have been reviewed, verified, and cryptographically locked by the project maintainers.

### 🔷 Org Seal — Organizational Authority

Organizations receive authorized signing keys and can sign their own skills independently. **Run your own internal registry with your own Root key** — full sovereignty over your skill supply chain. Perfect for enterprises that need private, auditable skill catalogs without depending on any external authority.

### 🔹 Community Seal — Open Participation

Anyone can generate a signing key and sign skills they've reviewed. When a skill accumulates **5+ unique community signatures**, it earns **Community Verified** status — decentralized trust through independent review.

### ❌ Revoked — Instant Revocation

Compromised or deprecated signers are instantly revoked via `revoked_signers.json`. Revocation is checked at verification time — no delay, no propagation wait.

```bash
# Generate your community signing key
python jade_community_sign.py keygen

# Sign a skill you've reviewed
python jade_community_sign.py sign jade_skills/mcp/mcp_brave_search.json

# Check all signatures on a skill
python jade_community_sign.py check jade_skills/mcp/mcp_brave_search.json
```

> **Enterprise note:** Organizations can run fully private JadeGate registries with their own Root key. All verification stays local — no external calls, no shared infrastructure. Your skills, your keys, your rules.

## 109 Verified Skills

JadeGate ships with **109 pre-verified skills** across two categories:

### MCP Skills (67)
GitHub, Slack, Discord, OpenAI, Anthropic, AWS, GCP, Firebase, MongoDB, Redis, Elasticsearch, Stripe, Twilio, SendGrid, Jira, Confluence, Vercel, Shopify, and more.

### Tool Skills (42)
CSV analysis, DNS lookup, QR code, image resize, JWT decode, regex tester, password generator, UUID, YAML/JSON converter, and more.

→ Full list: [CATALOG.md](CATALOG.md)

## 🧭 Design Philosophy

**"We handle orchestration, not computation."**

JadeGate doesn't execute your business logic — it orchestrates verified, sandboxed skills into safe workflows. Complex logic belongs in your APIs; JadeGate chains them deterministically.

**Declare intent, don't write implementation.** Like Terraform for infrastructure, JadeGate lets you describe *what* should happen (which APIs, what parameters, how to chain) and the runtime handles *how*. No imperative code, no hidden side effects.

**Wrap complexity as atomic APIs.** If your workflow needs complex processing — ML inference, database transactions, custom algorithms — expose it as an API endpoint. JadeGate calls it safely within a verified DAG, with sandboxing, retries, and fallback nodes built in.

**Coming soon:**
- 🐍 **Python SDK** — Build skills programmatically: `jade.step('search').then('summarize').export()`
- 🎨 **Visual DAG Editor** — Design workflows graphically, export as verified JSON

## 🗺️ Roadmap

| Status | Feature | Description |
|--------|---------|-------------|
| 🔜 | **Python SDK Builder** | `jade.step('search').then('summarize').export()` — programmatic skill creation |
| 🔜 | **`jade visualize`** | DAG visualization in Mermaid and ASCII formats |
| 📋 | **Web DAG Editor** | Browser-based visual workflow designer |
| 📋 | **Crypto Acceleration** | Optional native Ed25519 for high-throughput verification |
| 📋 | **npm Package** | `@jadegate/core` for JS/TS ecosystem integration |

## For AI Agents

All commands support `--json` for machine-readable output:

```bash
jade search --json "web search"
jade list --json --type mcp
jade info --json mcp_brave_search
```

```python
from jade_core.validator import JadeValidator

v = JadeValidator()
result = v.validate_file("my_skill.json")
print(result.valid)  # True/False
print(result.issues) # Detailed security findings
```

## Skill Format

A JadeGate skill is a single JSON file:

```json
{
  "jade_version": "1.0.0",
  "skill_id": "my_skill",
  "metadata": {
    "name": "My Skill",
    "description": "What it does",
    "version": "1.0.0",
    "tags": ["example"]
  },
  "input_schema": { ... },
  "output_schema": { ... },
  "execution_dag": {
    "nodes": [ ... ],
    "edges": [ ... ]
  },
  "security": {
    "sandbox": "strict",
    "network_whitelist": ["api.example.com"],
    "max_execution_time_ms": 10000
  }
}
```

No code. Just structure. Verifiable by anyone.

## Contributing

1. Create a skill JSON file
2. Run `jade verify your_skill.json`
3. Submit a PR — CI auto-verifies
4. Community signs → merged

## FAQ

**Is pure JSON + DAG expressive enough?**

Yes — think of it like Terraform for agent skills. You declare intent (which API, what params, how to chain), and the runtime handles execution. Complex logic is expressed through conditional edges, fallback nodes, and parallel branches in the DAG. JadeGate isn't replacing code — it's replacing trust assumptions.

**What about complex error handling?**

The DAG supports fallback nodes, retry policies, and conditional branching. The security policy defines timeouts, max retries, and circuit breakers. You get robust error handling without arbitrary code execution.

**How does this relate to LLM jailbreak defense?**

It doesn't. JadeGate is about AI Agent *skill* security — verifying the tools agents use are safe. It's not about prompt injection or jailbreak defense. Different problem space entirely.

**Why not just audit MCP servers?**

You can't audit what changes. MCP servers can update silently — the code you reviewed yesterday may not be the code running today. JadeGate skills are immutable JSON with cryptographic signatures. Any change breaks the seal.

## Architecture

```
┌─────────────────────────────────────────┐
│              AI Agent                    │
├─────────────────────────────────────────┤
│         JadeGate Protocol               │
│  ┌─────────┐ ┌──────────┐ ┌──────────┐ │
│  │ Verify  │ │ Search   │ │ Execute  │ │
│  │ 5-Layer │ │ Catalog  │ │ Sandbox  │ │
│  └─────────┘ └──────────┘ └──────────┘ │
├─────────────────────────────────────────┤
│  💠 Ed25519 Signature Chain             │
├─────────────────────────────────────────┤
│  Skills (Pure JSON, no code)            │
└─────────────────────────────────────────┘
```

## License

Apache 2.0

---

<div align="center">

**💠 JadeGate** — *Trust is not assumed. Trust is proven.*

</div>
