User/hendler/0.3.4

.github/workflows/python.yml

@@ -0,0 +1,106 @@
+name: Python (jacspy crate)
+
+on:
+  push:
+    branches: [ "main" ]
+    paths: # Optional: Trigger only on changes within jacspy/ or relevant files
+      - 'jacspy/**'
+      - 'jacs/**' # jacspy depends on jacs
+      - '.github/workflows/python.yml'
+  pull_request:
+    branches: [ "main" ]
+    paths: # Optional: Trigger only on changes within jacspy/ or relevant files
+      - 'jacspy/**'
+      - 'jacs/**' # jacspy depends on jacs
+      - '.github/workflows/python.yml'
+  workflow_dispatch: # Allows manual triggering
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  # Job to run tests on every push/PR
+  test-jacspy:
+    name: Test jacspy crate (x86_64)
+    runs-on: ubuntu-latest # Docker is available on ubuntu-latest runners (x86_64)
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image for testing (x86_64)
+        working-directory: jacspy # Directory containing DockerfileBuilder
+        run: docker buildx build --tag "jacs-build-x86_64" -f DockerfileBuilder . --load # --load makes image available
+
+      - name: Run jacspy tests in Docker (x86_64)
+        working-directory: jacspy # To match PWD context if needed by scripts
+        env:
+          RUST_BACKTRACE: "1"
+        run: |
+          docker run --rm \
+            -v "$(pwd)/..:/workspace" \
+            jacs-build-x86_64 \
+            bash -c "\
+              cd /workspace/jacspy && \
+              /opt/python/cp311-cp311/bin/python3.11 -m venv .venv && \
+              source .venv/bin/activate && \
+              pip install pytest && \
+              make test-python"
+
+  # Job to build wheels, runs ONLY on push to main
+  build-jacspy-wheels:
+    name: Build jacspy wheels on ${{ matrix.os }}
+    # Condition: Only run on push events to the main branch
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main' 
+    needs: test-jacspy # Optional: Ensure tests pass before building wheels
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-14, macos-latest] 
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Needed for cibuildwheel versioning
+
+      - name: Set up QEMU (Linux only)
+        if: runner.os == 'Linux'
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: all 
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11' 
+
+      - name: Install cibuildwheel
+        run: python -m pip install cibuildwheel
+
+      - name: Build wheels
+        # Run cibuildwheel from the root, but it should detect ./JACS/jacspy/pyproject.toml
+        # Or use working-directory: JACS/jacspy
+        run: cibuildwheel --output-dir wheelhouse jacspy
+        env:
+          # === cibuildwheel configuration ===
+          # Build architectures
+          CIBW_ARCHS_LINUX: "x86_64 aarch64"
+          CIBW_ARCHS_MACOS: "x86_64 aarch64" # Build both Intel and ARM on macOS runners
+          # Skip PyPy builds
+          CIBW_SKIP: "pp*" 
+          # Python versions to build for (align with pyproject.toml requires-python)
+          CIBW_BUILD: "cp311-* cp312-* cp313-*" # Example: Build for 3.11, 3.12, 3.13
+          # Linux specific dependencies (if needed inside manylinux container)
+          # CIBW_BUILD_DEPENDS_LINUX: "openssl-devel" 
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: wheels-jacspy-${{ matrix.os }}
+          # Path is relative to GITHUB_WORKSPACE (repo root)
+          path: ./wheelhouse/*.whl 

.github/workflows/rust.yml

@@ -1,22 +1,30 @@
-name: Rust
+name: Rust (jacs crate)
 
 on:
   push:
     branches: [ "main" ]
+    paths: # Optional: Trigger only on changes within jacs/ or relevant files
+      - 'JACS/jacs/**'
+      - '.github/workflows/rust.yml' 
   pull_request:
     branches: [ "main" ]
+    paths: # Optional: Trigger only on changes within jacs/ or relevant files
+      - 'JACS/jacs/**'
+      - '.github/workflows/rust.yml' 
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
-  build:
-
+  test-jacs: # Renamed job for clarity
+    name: Test jacs crate
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
-    - name: Build
-      run: cargo build --verbose
-    - name: Run tests
+    - name: Checkout code
+      uses: actions/checkout@v4 # Use v4
+
+    - name: Run jacs tests
+      # Specify the working directory for the test command
+      working-directory: jacs 
       run: cargo test --verbose

CHANGELOG.md

@@ -1,41 +1,132 @@
 # PLANNED
-
+-  machine fingerprinting v2
 - encrypt files at rest
 - refine schema usage
 - more getters and setters for documents recognized by schemas
 - WASM builds
-
+ - https://github.com/verus-lang/verus?tab=readme-ov-file
+- use rcgen to sign certs, and register with ACME
+ https://opentelemetry.io/docs/languages/rust/
+. ai.pydantic.dev
 
 ## 0.4.0
-- WASM
- - [] machine fingerprinting v2
-
-## 0.3.4
- - [] upgrade pqcrypto https://github.com/rustpq/pqcrypto/issues/79
- - [] RBAC integration with header
+- Domain integration
+- [] sign config
  - [] RBAC enforcement from server. If shared, new version is pinned. 
- - [] diff versions
- - [] bucket integration
- - [] task review
- - [] make sure config directory is in isolated location, like with key
- - [] don't store  "jacs_private_key_password":  in config, don't display
- - [] domain to header, and related verification
- - [] refactor API so easier to use from higher level libraries  - create agent, load agent, save document, create document, update document, sign 
-   - more complete python implementation
+
+  - more complete python implementation
    - pass document string or document id - with optional version instead of string
    - load document whatever storage config is
    - function test output metadata about current config and current agent
-
-## jacspy cleanup
-
 ## jacs-mcp 0.1.0
 
- - [] integrate with server
+ - [] use rmcp
+ - [] auth or all features
  - [] integration test with client
  - [] https://github.com/modelcontextprotocol/specification/discussions
 
+
+
+--------------------
+
+## 0.3.5
+
+### Register agent
+
+ - [] register agent
+    - [] remove requirement to store public key type
+
+ - [] upgrade pqcrypto https://github.com/rustpq/pqcrypto/issues/79
+ - [] RBAC integration with header
+ - [] diff versions
+ - [] bucket integration
+ - [] don't store  "jacs_private_key_password":  in config, don't display
+ - [] register public key 
+ - [] CA for cert
+ - [] add timestamp to prevent timing attacks to request/response features
+ - [] no_save = false should save document and still return json string instead of message on create document
+ - 
+
+## jacspy
+ - [] install jacs cli with the python wheel
+ - [] python based instructions for how to create - cli create agent 
+      1. cli create agent 
+      2. config jacspy to load each agent
+
+ - [] auto generate agent doc from MCP server list, auto versions
+ - [] traceable, verifiable request logs
+ - [] fastmcp client and server stdio
+ - [] fastmcp client and server websocket
+ - [] publish jacspy to pypi
+ - [] github actions builder for linux
+ - [] mcp make decorator for @resource
+ - [] mcp make sure "list" request is signed
+
+## jacsnpm
+proof of concept
+
+ - [] typescript mcp client and server
+ - [] npm install jacs (cli and available to plugin)
+
+--------------------
+
 # COMPLETED
 
+## 0.3.4
+
+## integrated demo
+
+ - [x] sign request/response (any python object -> payload)
+ - [x] verify response/request (any payload json string -> python object)
+ - [x] integrate with fastMCP, MCP, and Web for request response
+ - [x] have identity available to business logic
+ - [x] have logs available for review (no writing to file, ephemoral)
+
+## jacspy
+
+ - [x] make decorator for easy use in @tools
+ - [x] new local builder
+ - [] fastmcp client and server sse
+ - [x] jacspy test -  sign(content) -> (signature, agentid, agentversion, documentid, documentversion)
+ - [x] jacspy test - verify(content, signature, agentid, agentversion) -> bool, error
+
+
+ ### General 
+
+ - init √
+ - [x] load(config) -> Agent
+
+### detailed
+ - [x] make sure config directory is in isolated location, like with key
+ - [x] make config and security part of Agent
+ - [x] don't use env  everywhere- dep jacspy
+   - [x] load multistorage into agent object to re-use
+   - [x] BUG keys directory isolation broken when re-using Multistorage. TODO wrap key saving in different function
+   - [x] don't use set_env_vars() by default - may be more than one agent in system    
+   - [x] change config to have storagetype string, add to config schema
+   - write tests for no env vars usage of config
+   - load by id from default store
+   - [x] don't store passwords in config
+   - [x] all old tests and some new tests pass
+- [x] cli init function
+ - [x] clean up fs defaults in init/config/ 
+ - [x] bug with JACS_SCHEMA_AGENT_VERSION didn't have default on cli init
+ - [x] separate JACS readme repo readme
+ - [x] minimal github actions
+ - [x] autodetect public key type
+ - [x] refactor API so easier to use from higher level libraries  - create agent, load agent, save document, create document, update document, sign 
+   init, load agent, verify agent, verify document, 
+   - [x] single init, also signs agent
+   - [x] load from config
+   - [x] have load agent from config also load keys IF SIGNED
+
+
+
+
+---------------
+
+# 0.3.3
+
 ## jacs 0.3.3
  - [x] change project to workspace
  - [x] basic python integration
@@ -44,9 +135,6 @@
  - [x] cli review and tests 
  - [x] TEST init agent without needing configs in filesystem by checking that needed ENV variables are set
 
-
-
-
 ## 0.3.2
  - [x] add common clause to Apache 2.0
  - [x] use a single file to handle file i/o for all storage types
@@ -55,9 +143,8 @@
  - [x] create tests using custom schemas - verify this is working
 
 
-
 ## 0.3.1
-- upgraded many dependencies using 
+- [x] upgraded many dependencies using 
     cargo install cargo-edit
     cargo upgrade
 

Makefile

@@ -1,30 +1,22 @@
-.PHONY: build-jacspy build-jacspy-mac build-jacspy-linux build-jacs test
-
-build-jacspy: build-jacspy-mac build-jacspy-linux
-
-build-jacspy-mac:
-	$(info PYTHON_INCLUDE: $(PYTHON_INCLUDE))
-	$(info PYTHON_LIB: $(PYTHON_LIB))
-	echo $(PYTHON_INCLUDE)
-	echo $(PYTHON_LIB)
-	cd jacspy && env PYTHON_INCLUDE=$(PYTHON_INCLUDE) PYTHON_LIB=$(PYTHON_LIB) cargo build --release
-	cp target/release/libjacspy.dylib jacspy/jacspy.so
-
-build-jacspy-linux:
-	docker pull python:3.11-bookworm
-	docker buildx build --tag "jacs-build" -f ./jacspy/Dockerfile . ;\
-	docker  run --rm -v "$(PWD)/jacspy/linux:/output" jacs-build cp /usr/src/jacspy/target/release/libjacspy.so /output/jacspy.so;
+.PHONY:  build-jacs test
 
+
 build-jacs:
 	cd jacs && cargo install --path . --force
-	/Users/jonathan.hendler/.cargo/bin/jacs --help 
-	/Users/jonathan.hendler/.cargo/bin/jacs version
+	~/.cargo/bin/jacs --help 
+	~/.cargo/bin/jacs version
 
 test-jacs:
 	cd jacs && RUST_BACKTRACE=1 cargo test  -- --nocapture
 
-test-jacspy:
-	cd jacspy && cargo test  -- --nocapture
+test-jacs-cli:
+	cd jacs && RUST_BACKTRACE=1 cargo test --test cli_tests  -- --nocapture
+
+
+
+publish-jacs:
+	cargo publish --dry-run -p jacs
+
 
 test: test-jacs test-jacspy
 #   --test agent_tests --test document_tests --test key_tests --test task_tests --test agreement_test  --test create_agent_test