Conversation
- Add config signing/verification: sign_config, verify_config, update_config
on Agent. Configs are signed on create, rotation, and migration. Unsigned
configs still load (backward compat) with a warning logged on tamper detection.
- Add agent_email field to config schema and Config struct.
- Simplify license from "Apache-2.0 OR MIT" to "Apache-2.0" across all crates,
package.json, pyproject.toml, deny.toml, docs, and README. Remove LICENSE-MIT.
- Fix DNS TXT record parsing: filter for v=jacs records among SPF/DKIM/DMARC
(new find_jacs_txt_record function with 4 tests).
- Replace .unwrap() with proper error propagation on poisoned mutexes in
InMemoryKeyStore (4 tests).
- Bump fips204 0.4.3 → 0.4.6.
- Add TODO comments for ML-DSA context hardening and agreement .expect() cleanup.
- Integration tests for config signing across create, rotate, and migrate paths.
…ne 42), document.rs (line 804). Exporting embedded jacsFiles.contents would inflate attacker-controlled gzip data without a hard cap. It now stops at JACS_MAX_DOCUMENT_SIZE and fails with DocumentTooLarge instead of allowing decompression-bomb behavior.
Insecure shared password-file handling: lib.rs (line 236), lib.rs (line 561). The binding core now rejects Unix .jacs_password files that are group/world readable, and auto-generated password files are created atomically with owner-only permissions (0600) instead of write-then-chmod.
1. Crash during rotation (High risk) -- If the process dies after rotate_self() but before the config is re-written, keys and config become inconsistent. The fix is a write-ahead journal file in the key directory that
enables auto-repair on next load.
2. No transition signature (Medium risk) -- The documented JACS_KEY_ROTATION:{id}:{old_hash}:{new_hash}:{timestamp} pattern exists only in docs, never in code. The fix generates a jacsKeyRotationProof signed with the
OLD key and embeds it in the agent document.
3. CLI commands unimplemented (Medium risk) -- jacs agent rotate-keys, keys list, and keys revoke are marked "Coming Soon" in docs but do not exist. The fix adds three CLI commands and binding-core/Python/Node/Go/MCP
wrappers.
4. Algorithm field stale on cross-algorithm rotation (Low risk) -- The fix adds an algorithm parameter to rotate() and rotate_self() so cross-algorithm rotation is atomic.
- Issue 001 (Critical): Tasks 005-007 implemented (CLI, binding-core, MCP) - Issue 002 (High): Added Agent::verify_transition_proof() + test - Issue 003 (High): Fixed vacuous assertion in test_double_rotation_preserves_chain - Issue 004 (High): Fixed double config repair in apply_config_and_load - Issue 011 (Critical): Refactored to rotate_with_mutex() — binding-core and MCP now use the full rotation pipeline (journal, save, config re-sign) - Issue 012 (High): Added test_transition_proof_verifiable_with_old_key test Still outstanding (lower priority): - Issue 005 (Medium): Algorithm validation in rotate_self() - Issue 006 (Medium): Journal load() silently swallows parse errors - Issue 008 (High): Some specified unit tests still missing - Issue 010 (Low): jacsKeyRotationProof not in agent schema - Issue 013 (High): Python/Node/Go binding wrappers - Issues 014-019: Medium/Low remaining items - Task 008: Dedicated rotation_edge_case_tests.rs file - Task 009: Docs and "Coming Soon" cleanup
…, MCP) - Issue 002 (High): Added Agent::verify_transition_proof() + test - Issue 003 (High): Fixed vacuous assertion in test_double_rotation_preserves_chain - Issue 004 (High): Fixed double config repair in apply_config_and_load - Issue 011 (Critical): Refactored to rotate_with_mutex() — binding-core and MCP now use the full rotation pipeline (journal, save, config re-sign) - Issue 012 (High): Added test_transition_proof_verifiable_with_old_key test
…───────────────────────────────────┐ │ Issue │ Status │ What was done │ ├────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┤ │ 005 (Med) │ Done │ Algorithm validation in rotate_self() against known set │ ├────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┤ │ 006 (Med) │ Done │ Journal load() logs warnings instead of silently swallowing │ ├────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┤ │ 008 (High) │ Done │ 3 new unit tests added to config_signing_integration │ ├────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┤ │ 010 (Low) │ Done │ jacsKeyRotationProof added to agent.schema.json │ ├────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┤ │ 013 (High) │ Done │ Python + Node binding wrappers for rotate_keys │ ├────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┤ │ 016 (Med) │ Done │ Chain-linkage assertions in double rotation test │ ├────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┤ │ 017 (Low) │ Done │ "Coming Soon" labels removed from docs, new sections added │ ├────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┤ │ 019 (Low) │ Done │ jacsVersionDate preferred over mtime for version ordering │ ├────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┤ │ Task 008 │ Done │ rotation_edge_case_tests.rs — 10 integration tests │ ├────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┤ │ Task 009 │ Done │ Docs updated with Transition Signature, Crash Recovery, Cross-Algorithm sections │ └────────────┴────────┴──────────────────────────────────────────────────────────────────────────────────┘
…───────────────────────────────────┐ │ Workflow │ Root Cause │ Status │ ├──────────┼──────────────────────────────────────────────────────┼────────────────────────────────────┤ │ Python │ rotate_keys missing from parity map │ Fixed in 5abfc86 (already pushed) │ ├──────────┼──────────────────────────────────────────────────────┼────────────────────────────────────┤ │ Go │ rotate_keys parity + MCP contract drift │ Fixed in 5abfc86 (already pushed) │ ├──────────┼──────────────────────────────────────────────────────┼────────────────────────────────────┤ │ MCP │ Tool count 42→43 │ Fixed in 5abfc86 (already pushed) │ ├──────────┼──────────────────────────────────────────────────────┼────────────────────────────────────┤ │ Node.js │ rotateKeys on JacsAgent only, NOT on JacsSimpleAgent │ Fixed locally (new) │ └──────────┴──────────────────────────────────────────────────────┴────────────────────────────────────┘
… added to parity maps, MCP 42→43) 2. Node.js — rotateKeys added to JacsSimpleAgent class in jacsnpm/src/lib.rs (was only on legacy JacsAgent) 3. MCP core-tools count — updated 28→29 in profiles.rs (preventive fix for non-full-tools builds)
…ry other method on the class (delegate to self.inner, convert via .to_napi()). Correctly sync-only, matching the JacsSimpleAgent design. - Tool counts — 29 core = 6+3+5+4+5+1+5 and 43 full = 29+4+3+3+4. Both verified against actual tool registration code. - Delegation chain is clean — every binding goes through SimpleAgentWrapper → Rust core rotate(). No layer does bespoke rotation logic. - client.ts — async/sync pair follows the v0.7.0 pattern. RotationResult TypeScript interface has correct field types including transition_proof: string | null matching Rust's Option<String>. - Generated files (index.d.ts, client.d.ts, client.js) — consistent with source changes. - mcp.py refactor — fastmcp import update from mcp.server.fastmcp to fastmcp (the package was renamed/restructured upstream). No behavioral changes to signing/verification.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
verifiable. 10 new edge-case integration tests and proptest-based crypto fuzzing added.
group/world-readable .jacs_password files, symlink-safe journal writes.
Key changes by area
Core (jacs/src/)
Bindings
Tests (102 files, +5782/-1078)
Test plan