Deterministic Security for AI Agent Skills
Project description
๐ JadeGate
Deterministic Security for AI Agent Skills
"Code is fluid. Jade is solid."
็ๅฐๆขๅฎ๏ผไธๆณไธไพตใ
What is JadeGate?
JADE (JSON-based Agent Deterministic Execution) is a zero-trust security protocol for AI agent skills.
Every skill is a pure JSON file โ non-Turing-complete, structurally verifiable, mathematically provable safe.
No eval(). No exec(). No import. No escape.
็พ็ฌไฝ้กปๆจๆจๆณ๏ผๆฅ้ฃไธๅบฆ็้จๅ
ณใ
Malicious code shall not pass the JadeGate.
Why?
MCP is powerful but permissive. Any MCP server can run arbitrary code. JadeGate adds a security layer:
| MCP | JadeGate | |
|---|---|---|
| Format | Arbitrary code | Pure JSON |
| Verification | Trust the server | 5-layer deterministic proof |
| Signatures | None | Ed25519 chain of trust |
| Sandbox | Server-dependent | Enforced by protocol |
| Dependencies | Runtime-dependent | Zero |
Quick Start
pip install jadegate
# Browse all verified skills
jade list
# Search for what you need
jade search "github"
# Check skill details
jade info mcp_brave_search
# Verify any skill file
jade verify my_skill.json
# System status
jade status
5-Layer Verification
Every skill passes through 5 deterministic security layers:
Layer 1: Schema Validation โ Structure must be valid JADE JSON
Layer 2: DAG Integrity โ Execution graph must be acyclic, no loops
Layer 3: Security Policy โ Sandbox, network whitelist, permissions
Layer 4: Injection Detection โ No code injection, no template attacks
Layer 5: Cryptographic Seal โ Ed25519 signature chain verification
All layers are deterministic. Same input โ same result. Every time.
Trust Hierarchy
๐ Root Seal โ Project authority, highest trust
๐ท Org Seal โ Authorized organizations
๐น Community Seal โ Anyone can sign; 5+ sigs = Community Verified
# Generate your community signing key
python jade_community_sign.py keygen
# Sign a skill you've reviewed
python jade_community_sign.py sign jade_skills/mcp/mcp_brave_search.json
# Check all signatures on a skill
python jade_community_sign.py check jade_skills/mcp/mcp_brave_search.json
101 Verified Skills
JadeGate ships with 101 pre-verified skills across two categories:
MCP Skills (61)
GitHub, Slack, Discord, OpenAI, Anthropic, AWS, GCP, Firebase, MongoDB, Redis, Elasticsearch, Stripe, Twilio, SendGrid, Jira, Confluence, Vercel, Shopify, and more.
Tool Skills (40)
CSV analysis, DNS lookup, QR code, image resize, JWT decode, regex tester, password generator, UUID, YAML/JSON converter, and more.
โ Full list: CATALOG.md
For AI Agents
All commands support --json for machine-readable output:
jade search --json "web search"
jade list --json --type mcp
jade info --json mcp_brave_search
from jade_core.validator import JadeValidator
v = JadeValidator()
result = v.validate_file("my_skill.json")
print(result.valid) # True/False
print(result.issues) # Detailed security findings
Skill Format
A JadeGate skill is a single JSON file:
{
"jade_version": "1.0.0",
"skill_id": "my_skill",
"metadata": {
"name": "My Skill",
"description": "What it does",
"version": "1.0.0",
"tags": ["example"]
},
"input_schema": { ... },
"output_schema": { ... },
"execution_dag": {
"nodes": [ ... ],
"edges": [ ... ]
},
"security": {
"sandbox": "strict",
"network_whitelist": ["api.example.com"],
"max_execution_time_ms": 10000
}
}
No code. Just structure. Verifiable by anyone.
Contributing
- Create a skill JSON file
- Run
jade verify your_skill.json - Submit a PR โ CI auto-verifies
- Community signs โ merged
Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ AI Agent โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ JadeGate Protocol โ
โ โโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โ
โ โ Verify โ โ Search โ โ Execute โ โ
โ โ 5-Layer โ โ Catalog โ โ Sandbox โ โ
โ โโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ ๐ Ed25519 Signature Chain โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Skills (Pure JSON, no code) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
License
Apache 2.0
๐ JadeGate โ Trust is not assumed. Trust is proven.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file jadegate-1.1.0.tar.gz.
File metadata
- Download URL: jadegate-1.1.0.tar.gz
- Upload date:
- Size: 64.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9d79aab3b84ca2344f21889c73c133e1cf8aa2e2b036426df50058875cda7281
|
|
| MD5 |
0d33605ea61c5b526c4df07c9572b556
|
|
| BLAKE2b-256 |
d24ca3fbb8dfb28d6c5af3ea1c7cb109ebbca6f31cbd94d77c38e8afba998811
|
File details
Details for the file jadegate-1.1.0-py3-none-any.whl.
File metadata
- Download URL: jadegate-1.1.0-py3-none-any.whl
- Upload date:
- Size: 61.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3b8b05e1de908b88835b1be5e3104e76c385c8ee3fe5135cfa32f322f822c0e2
|
|
| MD5 |
7657f55c0e08fdccdfb7e9d0a0dd21f7
|
|
| BLAKE2b-256 |
74a44bd6e561a9c71b1b30bc76e3e632017e9bd6744d34be977f7907768a2584
|
