HumanAssisted
diff --git a/‎README.md‎
Lines changed: 26 additions & 10 deletions b/‎README.md‎
Lines changed: 26 additions & 10 deletions
diff --git a/‎binding-core/src/lib.rs‎
Lines changed: 16 additions & 2 deletions b/‎binding-core/src/lib.rs‎
Lines changed: 16 additions & 2 deletions
diff --git a/‎docs/QUICKSTART_PQ2025_TDD_TASKS.md‎
Lines changed: 100 additions & 0 deletions b/‎docs/QUICKSTART_PQ2025_TDD_TASKS.md‎
Lines changed: 100 additions & 0 deletions
diff --git a/‎docs/jacsbook.pdf‎
28.8 KB b/‎docs/jacsbook.pdf‎
28.8 KB
diff --git a/‎jacs/docs/jacsbook/book/advanced/algorithm-guide.html‎
Lines changed: 13 additions & 5 deletions b/‎jacs/docs/jacsbook/book/advanced/algorithm-guide.html‎
Lines changed: 13 additions & 5 deletions
diff --git a/‎jacs/docs/jacsbook/book/getting-started/decision-tree.html‎
Lines changed: 1 addition & 1 deletion b/‎jacs/docs/jacsbook/book/getting-started/decision-tree.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎jacs/docs/jacsbook/book/getting-started/deployment.html‎
Lines changed: 1 addition & 1 deletion b/‎jacs/docs/jacsbook/book/getting-started/deployment.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎jacs/docs/jacsbook/book/getting-started/multi-agent-agreement.html‎
Lines changed: 18 additions & 3 deletions b/‎jacs/docs/jacsbook/book/getting-started/multi-agent-agreement.html‎
Lines changed: 18 additions & 3 deletions
@@ -10,9 +10,9 @@ Cryptographic signatures for AI agent outputs so anyone can verify who said what
 
 Zero-config -- one call creates a persistent agent with keys on disk.
 
-### Password Setup (Required)
+### Password Setup
 
-Persistent agents require a private-key password before `quickstart()`.
+Persistent agents use encrypted private keys. Rust/CLI flows require an explicit password source before `quickstart(...)`. Python/Node quickstart can auto-generate one, but production deployments should still set it explicitly.
 
 ```bash
 # Option A (recommended): direct env var
@@ -22,15 +22,16 @@ export JACS_PRIVATE_KEY_PASSWORD='use-a-strong-password'
 export JACS_PASSWORD_FILE=/secure/path/jacs-password.txt
 ```
 
-Set exactly one explicit source. If both are set, CLI fails fast to avoid ambiguity.
-For Python/Node library usage, set `JACS_PRIVATE_KEY_PASSWORD` in your process environment.
+Set exactly one explicit source for CLI. If both are set, CLI fails fast to avoid ambiguity.
+For Python/Node library usage, set `JACS_PRIVATE_KEY_PASSWORD` in your process environment (recommended).
 
 ### Python
 
 ```python
 import jacs.simple as jacs
 
-jacs.quickstart()
+info = jacs.quickstart(name="payments-agent", domain="payments.example.com")
+print(info.config_path, info.public_key_path, info.private_key_path)
 signed = jacs.sign_message({"action": "approve", "amount": 100})
 result = jacs.verify(signed.raw)
 print(f"Valid: {result.valid}, Signer: {result.signer_id}")
@@ -42,7 +43,11 @@ print(f"Valid: {result.valid}, Signer: {result.signer_id}")
 const jacs = require('@hai.ai/jacs/simple');
 
 async function main() {
-  await jacs.quickstart();
+  const info = await jacs.quickstart({
+    name: 'payments-agent',
+    domain: 'payments.example.com',
+  });
+  console.log(info.configPath, info.publicKeyPath, info.privateKeyPath);
   const signed = await jacs.signMessage({ action: 'approve', amount: 100 });
   const result = await jacs.verify(signed.raw);
   console.log(`Valid: ${result.valid}, Signer: ${result.signerId}`);
@@ -60,7 +65,7 @@ cargo install jacs --features cli
 # Or download a prebuilt binary from GitHub Releases
 # https://github.com/HumanAssisted/JACS/releases
 
-jacs quickstart
+jacs quickstart --name payments-agent --domain payments.example.com
 jacs document create -f mydata.json
 
 # Install and run the Rust MCP server from the CLI
@@ -154,7 +159,7 @@ JACS provides the missing trust layer: identity (who produced this?), integrity
 
 ## Post-Quantum Ready
 
-JACS supports ML-DSA-87 (FIPS-204) post-quantum signatures alongside classical algorithms (Ed25519, ECDSA P-256/P-384, RSA-PSS). The `pq2025` algorithm preset gives you quantum-resistant signing today, with zero code changes from the standard API.
+JACS supports ML-DSA-87 (FIPS-204) post-quantum signatures alongside classical algorithms (Ed25519 and RSA-PSS). The `pq2025` algorithm preset is the default across quickstart/create paths.
 
 [Algorithm Selection Guide](https://humanassisted.github.io/JACS/advanced/algorithm-guide.html)
 
@@ -169,19 +174,30 @@ Built-in trust policies control how your agent handles foreign signatures: `open
 ```python
 from jacs.client import JacsClient
 
-client = JacsClient.quickstart()
+client = JacsClient.quickstart(name="a2a-agent", domain="a2a.example.com")
 card = client.export_agent_card("http://localhost:8080")
 signed = client.sign_artifact({"action": "classify", "input": "hello"}, "task")
 ```
 
 ```javascript
 const { JacsClient } = require('@hai.ai/jacs/client');
 
-const client = await JacsClient.quickstart();
+const client = await JacsClient.quickstart({
+  name: 'a2a-agent',
+  domain: 'a2a.example.com',
+});
 const card = client.exportAgentCard();
 const signed = await client.signArtifact({ action: 'classify', input: 'hello' }, 'task');
 ```
 
+For trust bootstrap flows, use a signed agent document plus an explicit public key exchange:
+
+```python
+agent_json = client.share_agent()
+public_key_pem = client.share_public_key()
+client.trust_agent_with_key(agent_json, public_key_pem)
+```
+
 [A2A Guide](https://humanassisted.github.io/JACS/integrations/a2a.html) | [Python A2A](https://humanassisted.github.io/JACS/python/a2a.html) | [Node.js A2A](https://humanassisted.github.io/JACS/nodejs/a2a.html)
 
 ## Cross-Language Compatibility
 
@@ -853,10 +853,10 @@ impl AgentWrapper {
     ///
     /// Replaces the inner agent with a freshly created ephemeral agent that
     /// lives entirely in memory. Returns a JSON string with agent info
-    /// (agent_id, name, version, algorithm).
+    /// (agent_id, name, version, algorithm). Default algorithm is `pq2025`.
     pub fn ephemeral(&self, algorithm: Option<&str>) -> BindingResult<String> {
         // Map user-friendly names to internal algorithm strings
-        let algo = match algorithm.unwrap_or("ed25519") {
+        let algo = match algorithm.unwrap_or("pq2025") {
             "ed25519" => "ring-Ed25519",
             "rsa-pss" => "RSA-PSS",
             "pq2025" => "pq2025",
@@ -1723,6 +1723,20 @@ pub fn trust_agent(agent_json: &str) -> BindingResult<String> {
         .map_err(|e| BindingCoreError::trust_failed(format!("Failed to trust agent: {}", e)))
 }
 
+/// Add an agent to the local trust store using an explicitly provided public key.
+///
+/// This is the recommended first-contact bootstrap for secure trust establishment.
+pub fn trust_agent_with_key(agent_json: &str, public_key_pem: &str) -> BindingResult<String> {
+    if public_key_pem.trim().is_empty() {
+        return Err(BindingCoreError::invalid_argument(
+            "public_key_pem cannot be empty",
+        ));
+    }
+    jacs::trust::trust_agent_with_key(agent_json, Some(public_key_pem)).map_err(|e| {
+        BindingCoreError::trust_failed(format!("Failed to trust agent with explicit key: {}", e))
+    })
+}
+
 /// List all trusted agent IDs.
 pub fn list_trusted_agents() -> BindingResult<Vec<String>> {
     jacs::trust::list_trusted_agents().map_err(|e| {
 
@@ -0,0 +1,100 @@
+# Quickstart + PQ2025 + Framework Exposure: Granular TDD Task List
+
+Scope: implement and verify the five requested changes across Rust core, Python bindings, Node bindings, docs, and tests.
+
+## Workstream A — Quickstart Identity Contract
+
+Goal: `quickstart` requires `name` and `domain`, supports optional `description`, and returns/echoes config and key locations.
+
+### A1. Contract tests first
+- [x] Rust: verify `SimpleAgent::quickstart` rejects empty name/domain and returns path-rich `AgentInfo`.
+- [x] Python: verify `jacs.quickstart` and `JacsClient.quickstart` reject empty name/domain.
+- [x] Node: verify `jacs.quickstart` and `JacsClient.quickstart` reject missing `options.name`/`options.domain`.
+
+### A2. Implement contract in all entry points
+- [x] Rust: enforce required `name`/`domain` in `SimpleAgent::quickstart`.
+- [x] Python: enforce required `name`/`domain` in simple/client quickstart wrappers.
+- [x] Node: enforce required `name`/`domain` in simple/client quickstart wrappers.
+
+### A3. Return operational file locations
+- [x] Rust: `AgentInfo` includes `config_path`, key paths, directories.
+- [x] Python: expose `config_path`, `public_key_path`, `private_key_path`, directories.
+- [x] Node: expose `configPath`, `publicKeyPath`, `privateKeyPath`, directories.
+
+## Workstream B — Default Algorithm Invariant (`pq2025`)
+
+Goal: default algorithm is `pq2025` for creation/quickstart and fallback default paths.
+
+### B1. Config/default tests first
+- [x] Rust config tests updated to assert default algorithm `pq2025`.
+- [x] Wrapper tests updated where default assumptions previously expected legacy defaults.
+
+### B2. Implement defaults
+- [x] Rust config defaults switched to `pq2025`.
+- [x] Rust simple creation/quickstart defaults switched to `pq2025`.
+- [x] Binding-core creation/quickstart defaults switched to `pq2025`.
+- [x] Node wrappers quickstart/default paths switched to `pq2025`.
+- [x] Python wrappers quickstart/default paths switched to `pq2025`.
+
+### B3. DRY consolidation
+- [x] Normalize wrapper fallback strings to a single consistent default (`pq2025`) per module.
+- [ ] Optional follow-up: centralize algorithm default constant across all Node modules.
+
+## Workstream C — Trust Bootstrap Surfaces (MCP + Frameworks)
+
+Goal: expose trust bootstrap primitives for cross-agent handshake flows.
+
+### C1. Tool/API coverage tests first
+- [x] Node MCP tests: assert `jacs_share_public_key`, `jacs_share_agent`, `jacs_trust_agent_with_key` tools exist and dispatch correctly.
+- [x] Node LangChain tests: assert same trust bootstrap tools exist and dispatch correctly.
+- [x] Python MCP adapter tests: assert same trust bootstrap tools are registered.
+
+### C2. Implement and export
+- [x] Node MCP adapter exposes share/trust bootstrap tools.
+- [x] Node LangChain toolkit exposes share/trust bootstrap tools.
+- [x] Python MCP adapter exposes share/trust bootstrap tools.
+- [x] Core bindings export `trust_agent_with_key` and wrappers expose client methods.
+
+## Workstream D — Critical Gaps
+
+Goal: remove behavior/docs mismatches that can mislead implementation users.
+
+### D1. A2A well-known defaults
+- [x] Node/Python A2A well-known generation fallback `keyAlgorithm` switched to `pq2025`.
+- [x] Kept A2A JWS key default (`ring-Ed25519`) in Rust/binding-core for protocol compatibility (A2A JWS key algorithm is distinct from JACS document-signing default).
+
+### D2. Runtime/error guidance
+- [x] Node runtime error hints updated to mention `quickstart({ name, domain })`.
+- [x] Docs/examples updated away from zero-arg quickstart snippets.
+
+## Workstream E — Documentation and Examples
+
+Goal: align jacsbook/readmes/examples to real code behavior.
+
+### E1. jacsbook core pages
+- [x] Front page (`jacsbook/src/README.md`) updated for MCP/A2A/use-case narrative, GO mention, DB integration, DID (no blockchain), encryption/post-quantum emphasis.
+- [x] Quick start + simple API pages updated to required quickstart identity and path outputs.
+- [x] Reference configuration/migration pages updated for `pq2025` defaults and required quickstart identity.
+
+### E2. jacsbook guide pages
+- [x] A2A guides, streaming, integration pages updated for required quickstart identity.
+- [x] Multi-agent agreement examples fixed for current quickstart signature.
+- [x] Express/Node examples fixed to include `name` and `domain` where quickstart is called directly.
+
+### E3. READMEs and runnable examples
+- [x] Root README quickstart and trust bootstrap handshake examples updated.
+- [x] `jacspy/README.md` quickstart contract + password behavior corrected.
+- [x] Python examples updated to required quickstart identity.
+- [x] Node examples updated to required quickstart identity.
+
+## Validation Matrix
+
+- [x] Rust: targeted + feature-gated quickstart/config tests pass.
+- [x] Node: build + simple/client/mcp/langchain/a2a/express/koa targeted tests pass.
+- [x] Python: focused adapter/a2a/quickstart/client/simple test suites pass.
+- [ ] Optional follow-up: run full cross-language fixture matrix in one pass before release cut.
+
+## Notes
+
+- This checklist intentionally keeps one source of truth per behavior and reuses existing adapter/client primitives instead of adding parallel APIs.
+- No commits were created in this workstream; changes are review-ready in the working tree.
@@ -215,19 +215,27 @@ <h2 id="configuration"><a class="header" href="#configuration">Configuration</a>
 <p>Or via environment variable:</p>
 <pre><code class="language-bash">export JACS_AGENT_KEY_ALGORITHM=pq2025
 </code></pre>
-<p>Valid values: <code>ring-Ed25519</code>, <code>RSA-PSS</code>, <code>pq2025</code>, <code>pq-dilithium</code></p>
-<p>In Python and Node.js, pass the algorithm to <code>quickstart()</code>:</p>
+<p>Valid values: <code>ring-Ed25519</code>, <code>RSA-PSS</code>, <code>pq2025</code></p>
+<p>In Python and Node.js, pass the algorithm to <code>quickstart(...)</code>:</p>
 <pre><code class="language-python">from jacs.client import JacsClient
-client = JacsClient.quickstart(algorithm="pq2025")
+client = JacsClient.quickstart(
+    name="algo-agent",
+    domain="algo.example.com",
+    algorithm="pq2025",
+)
 </code></pre>
 <pre><code class="language-typescript">import { JacsClient } from "@hai.ai/jacs";
-const client = await JacsClient.quickstart({ algorithm: "pq2025" });
+const client = await JacsClient.quickstart({
+  name: "algo-agent",
+  domain: "algo.example.com",
+  algorithm: "pq2025",
+});
 </code></pre>
 <h2 id="current-limitations"><a class="header" href="#current-limitations">Current Limitations</a></h2>
 <ul>
 <li>Each agent uses one algorithm, chosen at creation time. You cannot change an agent's algorithm after creation.</li>
 <li>Algorithm negotiation between agents is planned but not yet implemented.</li>
-<li><code>pq-dilithium</code> is deprecated in favor of <code>pq2025</code> (ML-DSA-87). It remains available for backward compatibility but should not be used for new agents.</li>
+<li><code>pq-dilithium</code> is deprecated in favor of <code>pq2025</code> (ML-DSA-87). Use <code>pq2025</code> for new agents and verification hints.</li>
 </ul>
 
                     </main>
 
@@ -209,7 +209,7 @@ <h2 id="step-2-pick-your-framework"><a class="header" href="#step-2-pick-your-fr
 </tbody></table>
 </div>
 <h2 id="step-3-your-adoption-path"><a class="header" href="#step-3-your-adoption-path">Step 3: Your Adoption Path</a></h2>
-<p><strong>Stage 1 -- Prototyping</strong>: <code>jacs.quickstart()</code>. No config. Explore the API. Keys on disk, auto-managed.</p>
+<p><strong>Stage 1 -- Prototyping</strong>: <code>jacs.quickstart(name="my-agent", domain="my-agent.example.com")</code>. No config. Explore the API. Keys on disk, auto-managed.</p>
 <p><strong>Stage 2 -- Single-org production</strong>: <code>jacs.load()</code> with persistent agent, strict mode, file-based keys. Add provenance to internal systems.</p>
 <p><strong>Stage 3 -- Cross-org production</strong>: DNS trust anchoring, A2A agent cards, agreements with external agents. Operate across trust boundaries.</p>
 <p><strong>Stage 4 -- Regulated/enterprise</strong>: Post-quantum algorithms (pq2025/ML-DSA-87), OpenTelemetry observability, audit trails for compliance.</p>
 
@@ -206,7 +206,7 @@ <h2 id="docker-example"><a class="header" href="#docker-example">Docker Example<
 RUN pip install jacs
 COPY . /app
 WORKDIR /app
-RUN python -c "import jacs.simple as j; j.quickstart()"
+RUN python -c "import jacs.simple as j; j.quickstart(name='docker-agent', domain='docker.local')"
 CMD ["python", "main.py"]
 </code></pre>
 <h2 id="lambda-deployment"><a class="header" href="#lambda-deployment">Lambda Deployment</a></h2>
 
@@ -185,9 +185,24 @@ <h2 id="python"><a class="header" href="#python">Python</a></h2>
 <pre><code class="language-python">from jacs.client import JacsClient
 
 # Step 1: Create three agents (one per organization)
-finance    = JacsClient.quickstart("ring-Ed25519", "./finance.config.json")
-compliance = JacsClient.quickstart("ring-Ed25519", "./compliance.config.json")
-legal      = JacsClient.quickstart("ring-Ed25519", "./legal.config.json")
+finance = JacsClient.quickstart(
+    name="finance",
+    domain="finance.example.com",
+    algorithm="ring-Ed25519",
+    config_path="./finance.config.json",
+)
+compliance = JacsClient.quickstart(
+    name="compliance",
+    domain="compliance.example.com",
+    algorithm="ring-Ed25519",
+    config_path="./compliance.config.json",
+)
+legal = JacsClient.quickstart(
+    name="legal",
+    domain="legal.example.com",
+    algorithm="ring-Ed25519",
+    config_path="./legal.config.json",
+)
 
 # Step 2: Finance proposes an agreement with quorum
 from datetime import datetime, timedelta, timezone