jadegate 1.1.3

Deterministic Security for AI Agent Skills — 104 verified skills with Ed25519 signature chain

💠 JadeGate

Deterministic Security for AI Agent Skills

"Code is fluid. Jade is solid."

玉印既定，万法不侵。

[English | 中文]

---

What is JadeGate?

JADE (JSON-based Agent Deterministic Execution) is a zero-trust security protocol for AI agent skills.

Every skill is a pure JSON file — non-Turing-complete, structurally verifiable, mathematically provable safe.

No eval(). No exec(). No import. No escape.

羌笛何须怨杨柳，春风不度玉门关。
Malicious code shall not pass the JadeGate.

Why?

MCP is powerful but permissive. Any MCP server can run arbitrary code. JadeGate adds a security layer:

	MCP	JadeGate
Format	Arbitrary code	Pure JSON
Verification	Trust the server	5-layer deterministic proof
Signatures	None	Ed25519 chain of trust
Sandbox	Server-dependent	Enforced by protocol
Dependencies	Runtime-dependent	Zero

Quick Start

pip install jadegate

# Browse all verified skills
jade list

# Search for what you need
jade search "github"

# Check skill details
jade info mcp_brave_search

# Verify any skill file
jade verify my_skill.json

# System status
jade status

🤖 AI Agent Auto-Discovery

After installing JadeGate, AI agents can automatically discover and use all 104 skills.

MCP Server (Claude Desktop / Cursor / Windsurf)

One line in your MCP config — the LLM sees all skills instantly:

{
  "mcpServers": {
    "jadegate": {
      "command": "jade",
      "args": ["mcp-serve"]
    }
  }
}

The LLM gets 6 tools: jade_search, jade_list, jade_info, jade_verify, jade_compose, jade_doctor. It will use them automatically when it needs to find or verify skills.

Python Agent Frameworks (LangChain / CrewAI / AutoGPT)

import jade_core
jade_core.activate()  # Scans env, generates .well-known/jade.json

One-Command Setup (Any Platform)

pip install jadegate
jade init

jade init auto-detects your OS (Windows/macOS/Linux), caches all skills locally, scans your API keys, and shows you exactly what's ready to use.

Environment Scan

jade doctor

💠 JadeGate Doctor
==================================================
🔑 Detected API Keys:
   ✓ GITHUB_TOKEN → 5 skills ready
   ✓ SLACK_TOKEN → 2 skills ready
📁 Detected Project Files:
   ✓ package.json → mcp_npm_search
💡 8 skills ready to use

5-Layer Verification

Every skill passes through 5 deterministic security layers:

Layer 1: Schema Validation     — Structure must be valid JADE JSON
Layer 2: DAG Integrity         — Execution graph must be acyclic, no loops
Layer 3: Security Policy       — Sandbox, network whitelist, permissions
Layer 4: Injection Detection   — No code injection, no template attacks
Layer 5: Cryptographic Seal    — Ed25519 signature chain verification

All layers are deterministic. Same input → same result. Every time.

Trust Hierarchy

💠 Root Seal        — Project authority, highest trust
🔷 Org Seal         — Authorized organizations
🔹 Community Seal   — Anyone can sign; 5+ sigs = Community Verified

# Generate your community signing key
python jade_community_sign.py keygen

# Sign a skill you've reviewed
python jade_community_sign.py sign jade_skills/mcp/mcp_brave_search.json

# Check all signatures on a skill
python jade_community_sign.py check jade_skills/mcp/mcp_brave_search.json

104 Verified Skills

JadeGate ships with 104 pre-verified skills across two categories:

MCP Skills (64)

GitHub, Slack, Discord, OpenAI, Anthropic, AWS, GCP, Firebase, MongoDB, Redis, Elasticsearch, Stripe, Twilio, SendGrid, Jira, Confluence, Vercel, Shopify, and more.

Tool Skills (40)

CSV analysis, DNS lookup, QR code, image resize, JWT decode, regex tester, password generator, UUID, YAML/JSON converter, and more.

→ Full list: CATALOG.md

For AI Agents

All commands support --json for machine-readable output:

jade search --json "web search"
jade list --json --type mcp
jade info --json mcp_brave_search

from jade_core.validator import JadeValidator

v = JadeValidator()
result = v.validate_file("my_skill.json")
print(result.valid)  # True/False
print(result.issues) # Detailed security findings

Skill Format

A JadeGate skill is a single JSON file:

{
  "jade_version": "1.0.0",
  "skill_id": "my_skill",
  "metadata": {
    "name": "My Skill",
    "description": "What it does",
    "version": "1.0.0",
    "tags": ["example"]
  },
  "input_schema": { ... },
  "output_schema": { ... },
  "execution_dag": {
    "nodes": [ ... ],
    "edges": [ ... ]
  },
  "security": {
    "sandbox": "strict",
    "network_whitelist": ["api.example.com"],
    "max_execution_time_ms": 10000
  }
}

No code. Just structure. Verifiable by anyone.

Contributing

1. Create a skill JSON file
2. Run jade verify your_skill.json
3. Submit a PR — CI auto-verifies
4. Community signs → merged

Architecture

┌─────────────────────────────────────────┐
│              AI Agent                    │
├─────────────────────────────────────────┤
│         JadeGate Protocol               │
│  ┌─────────┐ ┌──────────┐ ┌──────────┐ │
│  │ Verify  │ │ Search   │ │ Execute  │ │
│  │ 5-Layer │ │ Catalog  │ │ Sandbox  │ │
│  └─────────┘ └──────────┘ └──────────┘ │
├─────────────────────────────────────────┤
│  💠 Ed25519 Signature Chain             │
├─────────────────────────────────────────┤
│  Skills (Pure JSON, no code)            │
└─────────────────────────────────────────┘

License

Apache 2.0

---

💠 JadeGate — Trust is not assumed. Trust is proven.