jadegate 1.2.0

Deterministic Security for AI Agent Skills — 104 verified skills with Ed25519 signature chain

💠 JadeGate

Deterministic Security for AI Agent Skills

Think Terraform, but for AI agent tools.

"Code is fluid. Jade is solid."

玉印既定，万法不侵。

[English | 中文]

---

What is JadeGate?

JADE (JSON-based Agent Deterministic Execution) is a zero-trust security protocol for AI agent skills.

Every skill is a pure JSON file — non-Turing-complete, structurally verifiable, mathematically provable safe.

No eval(). No exec(). No import. No escape.

羌笛何须怨杨柳，春风不度玉门关。
Malicious code shall not pass the JadeGate.

Why?

AI agents need tools. Every approach has trade-offs — here's how they compare:

	Function Calling	Evo.ninja	MCP	JadeGate
Format	Provider-defined functions	Closed-source agents	Arbitrary code	Pure JSON
Verification	None — trust the code	Opaque	Trust the server	5-layer deterministic proof
Source model	Open (per provider)	Closed-source	Open or closed	Open-source (Apache 2.0)
Execution	Provider cloud	Centralized (their infra)	Server-dependent	Local, zero external dependencies
Signatures	None	N/A	None	Ed25519 chain of trust
Sandbox	None	Platform-managed	Server-dependent	Enforced by protocol
Dependencies	Provider SDK	Requires their compute	Runtime-dependent	Zero

Each approach serves different needs. Function Calling is the simplest integration path. Evo.ninja offers managed agent orchestration. MCP provides a flexible server protocol. JadeGate focuses on deterministic verification — every skill is a pure JSON file that can be mathematically proven safe before execution.

Before & After

❌ BEFORE — Typical AI agent tool (Python):

def search_and_notify(query, channel):
    try:
        result = eval(f"search('{query}')")  # injection risk
        subprocess.run(f"curl -X POST {webhook}", shell=True)  # no sandbox
    except Exception:
        pass  # silent failure, no verification
    # No signature. No audit trail. No guarantees.

✅ AFTER — JadeGate skill (pure JSON):

{
  "jade_version": "1.0.0",
  "skill_id": "search_and_notify",
  "execution_dag": {
    "nodes": [
      {"id": "search", "type": "mcp_brave_search", "input": {"query": "$input.query"}},
      {"id": "notify", "type": "mcp_slack_post", "input": {"channel": "$input.channel", "text": "$search.output"}}
    ],
    "edges": [{"from": "search", "to": "notify"}]
  },
  "security": {"sandbox": "strict", "network_whitelist": ["api.brave.com", "slack.com"]}
}

Same functionality. Verifiable. Sandboxed. Signed. No code execution.

🔒 100% Offline & Air-Gapped Ready

JadeGate requires zero network calls for verification. Everything is local, pure math.

• Ed25519 signatures — verified locally, no certificate authority needed
• DAG validation — graph analysis runs entirely in-process
• No cloud dependency — no telemetry, no phone-home, no license server
• No data leaves your machine — ever

Perfect for:

• 🏛️ Classified environments — air-gapped networks, government systems
• 🏥 Healthcare (HIPAA) — patient data never touches external services
• 🏦 Finance (SOX) — audit-ready, deterministic verification
• 🏢 On-premise enterprise — runs behind your firewall, no exceptions

Install once, verify forever. No internet required after pip install.

Quick Start

pip install jadegate

# Browse all verified skills
jade list

# Search for what you need
jade search "github"

# Check skill details
jade info mcp_brave_search

# Verify any skill file
jade verify my_skill.json

# System status
jade status

🤖 AI Agent Auto-Discovery

After installing JadeGate, AI agents can automatically discover and use all 109 skills.

MCP Server (Claude Desktop / Cursor / Windsurf)

One line in your MCP config — the LLM sees all skills instantly:

{
  "mcpServers": {
    "jadegate": {
      "command": "jade",
      "args": ["mcp-serve"]
    }
  }
}

The LLM gets 6 tools: jade_search, jade_list, jade_info, jade_verify, jade_compose, jade_doctor. It will use them automatically when it needs to find or verify skills.

Python Agent Frameworks (LangChain / CrewAI / AutoGPT)

import jade_core
jade_core.activate()  # Scans env, generates .well-known/jade.json

One-Command Setup (Any Platform)

pip install jadegate
jade init

jade init auto-detects your OS (Windows/macOS/Linux), caches all skills locally, scans your API keys, and shows you exactly what's ready to use.

Environment Scan

jade doctor

💠 JadeGate Doctor
==================================================
🔑 Detected API Keys:
   ✓ GITHUB_TOKEN → 5 skills ready
   ✓ SLACK_TOKEN → 2 skills ready
📁 Detected Project Files:
   ✓ package.json → mcp_npm_search
💡 8 skills ready to use

5-Layer Verification

Every skill passes through 5 deterministic security layers:

Layer 1: Schema Validation     — Structure must be valid JADE JSON
Layer 2: DAG Integrity         — Execution graph must be acyclic, no loops
Layer 3: Security Policy       — Sandbox, network whitelist, permissions
Layer 4: Injection Detection   — No code injection, no template attacks
Layer 5: Cryptographic Seal    — Ed25519 signature chain verification

All layers are deterministic. Same input → same result. Every time.

Trust Hierarchy

JadeGate uses a layered trust model with cryptographic signatures at every level:

💠 Root Seal — Project Authority

The highest level of trust. The JadeGate root key signs all 109 official skills. Root-sealed skills have been reviewed, verified, and cryptographically locked by the project maintainers.

🔷 Org Seal — Organizational Authority

Organizations receive authorized signing keys and can sign their own skills independently. Run your own internal registry with your own Root key — full sovereignty over your skill supply chain. Perfect for enterprises that need private, auditable skill catalogs without depending on any external authority.

🔹 Community Seal — Open Participation

Anyone can generate a signing key and sign skills they've reviewed. When a skill accumulates 5+ unique community signatures, it earns Community Verified status — decentralized trust through independent review.

❌ Revoked — Instant Revocation

Compromised or deprecated signers are instantly revoked via revoked_signers.json. Revocation is checked at verification time — no delay, no propagation wait.

# Generate your community signing key
python jade_community_sign.py keygen

# Sign a skill you've reviewed
python jade_community_sign.py sign jade_skills/mcp/mcp_brave_search.json

# Check all signatures on a skill
python jade_community_sign.py check jade_skills/mcp/mcp_brave_search.json

Enterprise note: Organizations can run fully private JadeGate registries with their own Root key. All verification stays local — no external calls, no shared infrastructure. Your skills, your keys, your rules.

109 Verified Skills

JadeGate ships with 109 pre-verified skills across two categories:

MCP Skills (67)

GitHub, Slack, Discord, OpenAI, Anthropic, AWS, GCP, Firebase, MongoDB, Redis, Elasticsearch, Stripe, Twilio, SendGrid, Jira, Confluence, Vercel, Shopify, and more.

Tool Skills (42)

CSV analysis, DNS lookup, QR code, image resize, JWT decode, regex tester, password generator, UUID, YAML/JSON converter, and more.

→ Full list: CATALOG.md

🧭 Design Philosophy

"We handle orchestration, not computation."

JadeGate doesn't execute your business logic — it orchestrates verified, sandboxed skills into safe workflows. Complex logic belongs in your APIs; JadeGate chains them deterministically.

Declare intent, don't write implementation. Like Terraform for infrastructure, JadeGate lets you describe what should happen (which APIs, what parameters, how to chain) and the runtime handles how. No imperative code, no hidden side effects.

Wrap complexity as atomic APIs. If your workflow needs complex processing — ML inference, database transactions, custom algorithms — expose it as an API endpoint. JadeGate calls it safely within a verified DAG, with sandboxing, retries, and fallback nodes built in.

Coming soon:

• 🐍 Python SDK — Build skills programmatically: jade.step('search').then('summarize').export()
• 🎨 Visual DAG Editor — Design workflows graphically, export as verified JSON

🗺️ Roadmap

Status	Feature	Description
🔜	Python SDK Builder	jade.step('search').then('summarize').export() — programmatic skill creation
🔜	jade visualize	DAG visualization in Mermaid and ASCII formats
📋	Web DAG Editor	Browser-based visual workflow designer
📋	Crypto Acceleration	Optional native Ed25519 for high-throughput verification
📋	npm Package	@jadegate/core for JS/TS ecosystem integration

For AI Agents

All commands support --json for machine-readable output:

jade search --json "web search"
jade list --json --type mcp
jade info --json mcp_brave_search

from jade_core.validator import JadeValidator

v = JadeValidator()
result = v.validate_file("my_skill.json")
print(result.valid)  # True/False
print(result.issues) # Detailed security findings

Skill Format

A JadeGate skill is a single JSON file:

{
  "jade_version": "1.0.0",
  "skill_id": "my_skill",
  "metadata": {
    "name": "My Skill",
    "description": "What it does",
    "version": "1.0.0",
    "tags": ["example"]
  },
  "input_schema": { ... },
  "output_schema": { ... },
  "execution_dag": {
    "nodes": [ ... ],
    "edges": [ ... ]
  },
  "security": {
    "sandbox": "strict",
    "network_whitelist": ["api.example.com"],
    "max_execution_time_ms": 10000
  }
}

No code. Just structure. Verifiable by anyone.

Contributing

1. Create a skill JSON file
2. Run jade verify your_skill.json
3. Submit a PR — CI auto-verifies
4. Community signs → merged

FAQ

Is pure JSON + DAG expressive enough?

Yes — think of it like Terraform for agent skills. You declare intent (which API, what params, how to chain), and the runtime handles execution. Complex logic is expressed through conditional edges, fallback nodes, and parallel branches in the DAG. JadeGate isn't replacing code — it's replacing trust assumptions.

What about complex error handling?

The DAG supports fallback nodes, retry policies, and conditional branching. The security policy defines timeouts, max retries, and circuit breakers. You get robust error handling without arbitrary code execution.

How does this relate to LLM jailbreak defense?

It doesn't. JadeGate is about AI Agent skill security — verifying the tools agents use are safe. It's not about prompt injection or jailbreak defense. Different problem space entirely.

Why not just audit MCP servers?

You can't audit what changes. MCP servers can update silently — the code you reviewed yesterday may not be the code running today. JadeGate skills are immutable JSON with cryptographic signatures. Any change breaks the seal.

Architecture

┌─────────────────────────────────────────┐
│              AI Agent                    │
├─────────────────────────────────────────┤
│         JadeGate Protocol               │
│  ┌─────────┐ ┌──────────┐ ┌──────────┐ │
│  │ Verify  │ │ Search   │ │ Execute  │ │
│  │ 5-Layer │ │ Catalog  │ │ Sandbox  │ │
│  └─────────┘ └──────────┘ └──────────┘ │
├─────────────────────────────────────────┤
│  💠 Ed25519 Signature Chain             │
├─────────────────────────────────────────┤
│  Skills (Pure JSON, no code)            │
└─────────────────────────────────────────┘

License

Apache 2.0

---

💠 JadeGate — Trust is not assumed. Trust is proven.