jadegate 1.1.0__tar.gz

jadegate-1.1.0/LICENSE

@@ -0,0 +1,68 @@
+Business Source License 1.1
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+"Business Source License" is a trademark of MariaDB Corporation Ab.
+
+Parameters
+
+Licensor:             JadeGate Project
+Licensed Work:        JadeGate v0.2.0
+                      The Licensed Work is (c) 2026 JadeGate Project
+Additional Use Grant: You may use the Licensed Work for any purpose,
+                      including production use, EXCEPT for operating
+                      a commercial skill certification or verification
+                      service that competes with JadeGate.
+Change Date:          2030-02-21
+Change License:       Apache License, Version 2.0
+
+Notice
+
+The Business Source License (this document, or the "License") is not
+an Open Source license. However, the Licensed Work will eventually be
+made available under an Open Source License, as stated in this License.
+
+For more information on the use of this License, please refer to:
+https://mariadb.com/bsl11/
+
+License text
+
+The Licensor hereby grants you the right to copy, modify, create
+derivative works, redistribute, and make non-production use of the
+Licensed Work. The Licensor may make an Additional Use Grant, above,
+permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first
+publicly available distribution of a specific version of the Licensed
+Work under this License, whichever comes first, the Licensor hereby
+grants you rights under the terms of the Change License, and the
+rights granted in the paragraph above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or
+authorized resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative
+works of the Licensed Work, are subject to this License. This License
+applies separately for each version of the Licensed Work and the
+Change Date may vary for each version of the Licensed Work released
+by Licensor.
+
+You must conspicuously display this License on each original or
+modified copy of the Licensed Work. If you receive the Licensed Work
+in original or modified form from a third party, the terms and
+conditions set forth in this License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will
+automatically terminate your rights under this License for the
+current and all other versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or
+logo of Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS
+PROVIDED ON AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL
+WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING (WITHOUT
+LIMITATION) WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+PURPOSE, NON-INFRINGEMENT, AND TITLE.

jadegate-1.1.0/PKG-INFO

@@ -0,0 +1,219 @@
+Metadata-Version: 2.4
+Name: jadegate
+Version: 1.1.0
+Summary: Deterministic Security for AI Agent Skills
+Author: JadeGate
+License: Apache-2.0
+Project-URL: Homepage, https://github.com/JadeGate/jade-core
+Project-URL: Repository, https://github.com/JadeGate/jade-core
+Keywords: ai,agent,security,mcp,skills,verification
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+<div align="center">
+
+# 💠 JadeGate
+
+**Deterministic Security for AI Agent Skills**
+
+*"Code is fluid. Jade is solid."*
+
+*玉印既定，万法不侵。*
+
+[![PyPI](https://img.shields.io/pypi/v/jadegate?color=jade&label=pip%20install%20jadegate)](https://pypi.org/project/jadegate/)
+[![Skills](https://img.shields.io/badge/skills-101%20verified-jade)](CATALOG.md)
+[English | [中文](README_CN.md)]
+
+[![License](https://img.shields.io/badge/license-Apache%202.0-blue)](LICENSE)
+[![Zero Dependencies](https://img.shields.io/badge/dependencies-zero-brightgreen)]()
+
+</div>
+
+---
+
+## What is JadeGate?
+
+**JADE** (JSON-based Agent Deterministic Execution) is a zero-trust security protocol for AI agent skills.
+
+Every skill is a pure JSON file — non-Turing-complete, structurally verifiable, mathematically provable safe.
+
+No `eval()`. No `exec()`. No `import`. No escape.
+
+```
+羌笛何须怨杨柳，春风不度玉门关。
+Malicious code shall not pass the JadeGate.
+```
+
+## Why?
+
+MCP is powerful but permissive. Any MCP server can run arbitrary code. JadeGate adds a security layer:
+
+| | MCP | JadeGate |
+|---|---|---|
+| Format | Arbitrary code | Pure JSON |
+| Verification | Trust the server | 5-layer deterministic proof |
+| Signatures | None | Ed25519 chain of trust |
+| Sandbox | Server-dependent | Enforced by protocol |
+| Dependencies | Runtime-dependent | Zero |
+
+## Quick Start
+
+```bash
+pip install jadegate
+```
+
+```bash
+# Browse all verified skills
+jade list
+
+# Search for what you need
+jade search "github"
+
+# Check skill details
+jade info mcp_brave_search
+
+# Verify any skill file
+jade verify my_skill.json
+
+# System status
+jade status
+```
+
+## 5-Layer Verification
+
+Every skill passes through 5 deterministic security layers:
+
+```
+Layer 1: Schema Validation     — Structure must be valid JADE JSON
+Layer 2: DAG Integrity         — Execution graph must be acyclic, no loops
+Layer 3: Security Policy       — Sandbox, network whitelist, permissions
+Layer 4: Injection Detection   — No code injection, no template attacks
+Layer 5: Cryptographic Seal    — Ed25519 signature chain verification
+```
+
+All layers are deterministic. Same input → same result. Every time.
+
+## Trust Hierarchy
+
+```
+💠 Root Seal        — Project authority, highest trust
+🔷 Org Seal         — Authorized organizations
+🔹 Community Seal   — Anyone can sign; 5+ sigs = Community Verified
+```
+
+```bash
+# Generate your community signing key
+python jade_community_sign.py keygen
+
+# Sign a skill you've reviewed
+python jade_community_sign.py sign jade_skills/mcp/mcp_brave_search.json
+
+# Check all signatures on a skill
+python jade_community_sign.py check jade_skills/mcp/mcp_brave_search.json
+```
+
+## 101 Verified Skills
+
+JadeGate ships with **101 pre-verified skills** across two categories:
+
+### MCP Skills (61)
+GitHub, Slack, Discord, OpenAI, Anthropic, AWS, GCP, Firebase, MongoDB, Redis, Elasticsearch, Stripe, Twilio, SendGrid, Jira, Confluence, Vercel, Shopify, and more.
+
+### Tool Skills (40)
+CSV analysis, DNS lookup, QR code, image resize, JWT decode, regex tester, password generator, UUID, YAML/JSON converter, and more.
+
+→ Full list: [CATALOG.md](CATALOG.md)
+
+## For AI Agents
+
+All commands support `--json` for machine-readable output:
+
+```bash
+jade search --json "web search"
+jade list --json --type mcp
+jade info --json mcp_brave_search
+```
+
+```python
+from jade_core.validator import JadeValidator
+
+v = JadeValidator()
+result = v.validate_file("my_skill.json")
+print(result.valid)  # True/False
+print(result.issues) # Detailed security findings
+```
+
+## Skill Format
+
+A JadeGate skill is a single JSON file:
+
+```json
+{
+  "jade_version": "1.0.0",
+  "skill_id": "my_skill",
+  "metadata": {
+    "name": "My Skill",
+    "description": "What it does",
+    "version": "1.0.0",
+    "tags": ["example"]
+  },
+  "input_schema": { ... },
+  "output_schema": { ... },
+  "execution_dag": {
+    "nodes": [ ... ],
+    "edges": [ ... ]
+  },
+  "security": {
+    "sandbox": "strict",
+    "network_whitelist": ["api.example.com"],
+    "max_execution_time_ms": 10000
+  }
+}
+```
+
+No code. Just structure. Verifiable by anyone.
+
+## Contributing
+
+1. Create a skill JSON file
+2. Run `jade verify your_skill.json`
+3. Submit a PR — CI auto-verifies
+4. Community signs → merged
+
+## Architecture
+
+```
+┌─────────────────────────────────────────┐
+│              AI Agent                    │
+├─────────────────────────────────────────┤
+│         JadeGate Protocol               │
+│  ┌─────────┐ ┌──────────┐ ┌──────────┐ │
+│  │ Verify  │ │ Search   │ │ Execute  │ │
+│  │ 5-Layer │ │ Catalog  │ │ Sandbox  │ │
+│  └─────────┘ └──────────┘ └──────────┘ │
+├─────────────────────────────────────────┤
+│  💠 Ed25519 Signature Chain             │
+├─────────────────────────────────────────┤
+│  Skills (Pure JSON, no code)            │
+└─────────────────────────────────────────┘
+```
+
+## License
+
+Apache 2.0
+
+---
+
+<div align="center">
+
+**💠 JadeGate** — *Trust is not assumed. Trust is proven.*
+
+</div>

jadegate-1.1.0/README.md

@@ -0,0 +1,199 @@
+<div align="center">
+
+# 💠 JadeGate
+
+**Deterministic Security for AI Agent Skills**
+
+*"Code is fluid. Jade is solid."*
+
+*玉印既定，万法不侵。*
+
+[![PyPI](https://img.shields.io/pypi/v/jadegate?color=jade&label=pip%20install%20jadegate)](https://pypi.org/project/jadegate/)
+[![Skills](https://img.shields.io/badge/skills-101%20verified-jade)](CATALOG.md)
+[English | [中文](README_CN.md)]
+
+[![License](https://img.shields.io/badge/license-Apache%202.0-blue)](LICENSE)
+[![Zero Dependencies](https://img.shields.io/badge/dependencies-zero-brightgreen)]()
+
+</div>
+
+---
+
+## What is JadeGate?
+
+**JADE** (JSON-based Agent Deterministic Execution) is a zero-trust security protocol for AI agent skills.
+
+Every skill is a pure JSON file — non-Turing-complete, structurally verifiable, mathematically provable safe.
+
+No `eval()`. No `exec()`. No `import`. No escape.
+
+```
+羌笛何须怨杨柳，春风不度玉门关。
+Malicious code shall not pass the JadeGate.
+```
+
+## Why?
+
+MCP is powerful but permissive. Any MCP server can run arbitrary code. JadeGate adds a security layer:
+
+| | MCP | JadeGate |
+|---|---|---|
+| Format | Arbitrary code | Pure JSON |
+| Verification | Trust the server | 5-layer deterministic proof |
+| Signatures | None | Ed25519 chain of trust |
+| Sandbox | Server-dependent | Enforced by protocol |
+| Dependencies | Runtime-dependent | Zero |
+
+## Quick Start
+
+```bash
+pip install jadegate
+```
+
+```bash
+# Browse all verified skills
+jade list
+
+# Search for what you need
+jade search "github"
+
+# Check skill details
+jade info mcp_brave_search
+
+# Verify any skill file
+jade verify my_skill.json
+
+# System status
+jade status
+```
+
+## 5-Layer Verification
+
+Every skill passes through 5 deterministic security layers:
+
+```
+Layer 1: Schema Validation     — Structure must be valid JADE JSON
+Layer 2: DAG Integrity         — Execution graph must be acyclic, no loops
+Layer 3: Security Policy       — Sandbox, network whitelist, permissions
+Layer 4: Injection Detection   — No code injection, no template attacks
+Layer 5: Cryptographic Seal    — Ed25519 signature chain verification
+```
+
+All layers are deterministic. Same input → same result. Every time.
+
+## Trust Hierarchy
+
+```
+💠 Root Seal        — Project authority, highest trust
+🔷 Org Seal         — Authorized organizations
+🔹 Community Seal   — Anyone can sign; 5+ sigs = Community Verified
+```
+
+```bash
+# Generate your community signing key
+python jade_community_sign.py keygen
+
+# Sign a skill you've reviewed
+python jade_community_sign.py sign jade_skills/mcp/mcp_brave_search.json
+
+# Check all signatures on a skill
+python jade_community_sign.py check jade_skills/mcp/mcp_brave_search.json
+```
+
+## 101 Verified Skills
+
+JadeGate ships with **101 pre-verified skills** across two categories:
+
+### MCP Skills (61)
+GitHub, Slack, Discord, OpenAI, Anthropic, AWS, GCP, Firebase, MongoDB, Redis, Elasticsearch, Stripe, Twilio, SendGrid, Jira, Confluence, Vercel, Shopify, and more.
+
+### Tool Skills (40)
+CSV analysis, DNS lookup, QR code, image resize, JWT decode, regex tester, password generator, UUID, YAML/JSON converter, and more.
+
+→ Full list: [CATALOG.md](CATALOG.md)
+
+## For AI Agents
+
+All commands support `--json` for machine-readable output:
+
+```bash
+jade search --json "web search"
+jade list --json --type mcp
+jade info --json mcp_brave_search
+```
+
+```python
+from jade_core.validator import JadeValidator
+
+v = JadeValidator()
+result = v.validate_file("my_skill.json")
+print(result.valid)  # True/False
+print(result.issues) # Detailed security findings
+```
+
+## Skill Format
+
+A JadeGate skill is a single JSON file:
+
+```json
+{
+  "jade_version": "1.0.0",
+  "skill_id": "my_skill",
+  "metadata": {
+    "name": "My Skill",
+    "description": "What it does",
+    "version": "1.0.0",
+    "tags": ["example"]
+  },
+  "input_schema": { ... },
+  "output_schema": { ... },
+  "execution_dag": {
+    "nodes": [ ... ],
+    "edges": [ ... ]
+  },
+  "security": {
+    "sandbox": "strict",
+    "network_whitelist": ["api.example.com"],
+    "max_execution_time_ms": 10000
+  }
+}
+```
+
+No code. Just structure. Verifiable by anyone.
+
+## Contributing
+
+1. Create a skill JSON file
+2. Run `jade verify your_skill.json`
+3. Submit a PR — CI auto-verifies
+4. Community signs → merged
+
+## Architecture
+
+```
+┌─────────────────────────────────────────┐
+│              AI Agent                    │
+├─────────────────────────────────────────┤
+│         JadeGate Protocol               │
+│  ┌─────────┐ ┌──────────┐ ┌──────────┐ │
+│  │ Verify  │ │ Search   │ │ Execute  │ │
+│  │ 5-Layer │ │ Catalog  │ │ Sandbox  │ │
+│  └─────────┘ └──────────┘ └──────────┘ │
+├─────────────────────────────────────────┤
+│  💠 Ed25519 Signature Chain             │
+├─────────────────────────────────────────┤
+│  Skills (Pure JSON, no code)            │
+└─────────────────────────────────────────┘
+```
+
+## License
+
+Apache 2.0
+
+---
+
+<div align="center">
+
+**💠 JadeGate** — *Trust is not assumed. Trust is proven.*
+
+</div>