Worked for 7m 39s

Stdio-only enforcement is now covered and passing across both repos, with local-only MCP behavior preserved and hai.ai URLs unchanged.

What’s covered

haisdk Rust bridge ignores JACS_MCP_ARGS and forces empty args (stdio-local): main.rs:1264
haisdk Rust tests added for that behavior: main.rs:1334, main.rs:1356
haisdk docs updated to state JACS_MCP_ARGS is ignored: README.md:31
JACS CLI mcp run no longer accepts forwarded runtime args, only optional --bin: cli.rs:1053, cli.rs:1740
JACS tests added for help/output contract and rejection of --transport: cli_tests.rs:1171, cli_tests.rs:1184
JACS README updated with stdio-only statement: README.md:74
Existing Node/Python passthrough enforcement and tests were also validated:

Node logic/tests: jacs.ts:25, jacs-passthrough.test.ts:88
Python logic/tests: cli.py:292, test_cli_passthrough.py:81
Test results (current run)

haisdk/node: npm test → 221 passed, 11 skipped
haisdk/python: uv run pytest -q → 203 passed, 1 skipped
haisdk/go: go test ./... → pass
haisdk/rust: cargo test -q → pass (all crates/tests completed)
JACS/jacs: cargo test --features cli --test cli_tests → 35 passed, 0 failed
jacs mcp run --help now shows only --bin under stdio usage
There is no repo-wide numeric coverage gate configured today, but the relevant stdio/local-mode paths now have direct, useful tests and all suites pass.

Author: Hendler

README.md

@@ -71,6 +71,8 @@ jacs mcp run
 jacs mcp install --from-cargo
 ```
 
+`jacs mcp run` is local stdio-only transport. Runtime transport override args are intentionally not accepted.
+
 ### Homebrew (macOS)
 
 ```bash

jacs-mcp/src/jacs_tools.rs

@@ -115,6 +115,15 @@ fn update_embedded_state_content(doc: &mut serde_json::Value, new_content: &str)
     new_hash
 }
 
+/// Extract verification validity from `verify_a2a_artifact` details JSON.
+/// Defaults to `false` on malformed/missing fields to avoid optimistic trust.
+fn extract_verify_a2a_valid(details_json: &str) -> bool {
+    serde_json::from_str::<serde_json::Value>(details_json)
+        .ok()
+        .and_then(|v| v.get("valid").and_then(|b| b.as_bool()))
+        .unwrap_or(false)
+}
+
 // =============================================================================
 // Request/Response Types
 // =============================================================================
@@ -3326,11 +3335,7 @@ impl JacsMcpServer {
 
         match self.agent.verify_a2a_artifact(&params.wrapped_artifact) {
             Ok(details_json) => {
-                // Check if the result indicates valid
-                let valid = serde_json::from_str::<serde_json::Value>(&details_json)
-                    .ok()
-                    .and_then(|v| v.get("valid").and_then(|b| b.as_bool()))
-                    .unwrap_or(true); // Default to true if field missing but no error
+                let valid = extract_verify_a2a_valid(&details_json);
                 let result = VerifyA2aArtifactResult {
                     success: true,
                     valid,
@@ -4012,6 +4017,21 @@ mod tests {
         assert!(validate_agent_id("550e8400-e29b-41d4-a716").is_err()); // Too short
     }
 
+    #[test]
+    fn test_extract_verify_a2a_valid_true() {
+        assert!(extract_verify_a2a_valid(r#"{"valid":true}"#));
+    }
+
+    #[test]
+    fn test_extract_verify_a2a_valid_missing_defaults_false() {
+        assert!(!extract_verify_a2a_valid(r#"{"status":"ok"}"#));
+    }
+
+    #[test]
+    fn test_extract_verify_a2a_valid_invalid_json_defaults_false() {
+        assert!(!extract_verify_a2a_valid("not-json"));
+    }
+
     #[test]
     fn test_is_registration_allowed_default() {
         // When env var is not set, should return false

jacs/src/agent/payloads.rs

@@ -82,7 +82,15 @@ impl PayloadTraits for Agent {
         let date = self.get_document_signature_date(&document_key)?;
         let agent_id = self.get_document_signature_agent_id(&document_key)?;
 
-        let max_replay_seconds = max_replay_time_delta_seconds.unwrap_or(1);
+        // Default payload freshness window: 5 minutes.
+        // Can be overridden per call, or globally with JACS_PAYLOAD_MAX_REPLAY_SECONDS.
+        let max_replay_seconds = max_replay_time_delta_seconds
+            .or_else(|| {
+                std::env::var("JACS_PAYLOAD_MAX_REPLAY_SECONDS")
+                    .ok()
+                    .and_then(|v| v.parse::<u64>().ok())
+            })
+            .unwrap_or(300);
         let current_time = std::time::SystemTime::now()
             .duration_since(std::time::UNIX_EPOCH)?
             .as_secs();

jacs/src/bin/cli.rs

@@ -1,8 +1,8 @@
-use clap::{Arg, ArgAction, Command, crate_name, value_parser};
+use clap::{crate_name, value_parser, Arg, ArgAction, Command};
 
-use jacs::agent::Agent;
 use jacs::agent::boilerplate::BoilerPlate;
 use jacs::agent::document::DocumentTraits;
+use jacs::agent::Agent;
 use jacs::cli_utils::create::handle_agent_create;
 use jacs::cli_utils::create::handle_config_create;
 use jacs::cli_utils::default_set_file_list;
@@ -13,7 +13,7 @@ use jacs::cli_utils::document::{
 use jacs::config::load_config_12factor_optional;
 // use jacs::create_task; // unused
 use jacs::dns::bootstrap as dns_bootstrap;
-use jacs::shutdown::{ShutdownGuard, install_signal_handler};
+use jacs::shutdown::{install_signal_handler, ShutdownGuard};
 use jacs::{load_agent, load_agent_with_dns_strict};
 
 use reqwest;
@@ -27,7 +27,8 @@ use std::time::{SystemTime, UNIX_EPOCH};
 
 const CLI_PASSWORD_FILE_ENV: &str = "JACS_PASSWORD_FILE";
 const DEFAULT_LEGACY_PASSWORD_FILE: &str = "./jacs_keys/.jacs_password";
-const DEFAULT_MCP_RELEASE_BASE_URL: &str = "https://github.com/HumanAssisted/JACS/releases/download";
+const DEFAULT_MCP_RELEASE_BASE_URL: &str =
+    "https://github.com/HumanAssisted/JACS/releases/download";
 const DEFAULT_MCP_RELEASE_TAG_PREFIX: &str = "cli/v";
 
 fn quickstart_password_bootstrap_help() -> &'static str {
@@ -458,9 +459,8 @@ fn install_jacs_mcp_prebuilt(
     Ok(())
 }
 
-fn run_jacs_mcp_binary(binary: &str, forwarded_args: &[String]) -> Result<(), Box<dyn Error>> {
+fn run_jacs_mcp_binary(binary: &str) -> Result<(), Box<dyn Error>> {
     let status = std::process::Command::new(binary)
-        .args(forwarded_args)
         .status()
         .map_err(|e| -> Box<dyn Error> {
             Box::new(std::io::Error::other(format!(
@@ -1057,13 +1057,6 @@ pub fn main() -> Result<(), Box<dyn Error>> {
                                 .long("bin")
                                 .value_parser(value_parser!(String))
                                 .help("Path to jacs-mcp binary (default: JACS_MCP_BIN or PATH)"),
-                        )
-                        .arg(
-                            Arg::new("args")
-                                .help("Arguments forwarded to jacs-mcp")
-                                .num_args(0..)
-                                .trailing_var_arg(true)
-                                .allow_hyphen_values(true),
                         ),
                 ),
         )
@@ -1713,12 +1706,16 @@ pub fn main() -> Result<(), Box<dyn Error>> {
         },
         Some(("mcp", mcp_matches)) => match mcp_matches.subcommand() {
             Some(("install", install_matches)) => {
-                let version = install_matches.get_one::<String>("version").map(|s| s.as_str());
+                let version = install_matches
+                    .get_one::<String>("version")
+                    .map(|s| s.as_str());
                 let force = *install_matches.get_one::<bool>("force").unwrap_or(&false);
                 let from_cargo = *install_matches
                     .get_one::<bool>("from-cargo")
                     .unwrap_or(&false);
-                let bin_dir = install_matches.get_one::<String>("bin-dir").map(|s| s.as_str());
+                let bin_dir = install_matches
+                    .get_one::<String>("bin-dir")
+                    .map(|s| s.as_str());
                 let url_override = install_matches.get_one::<String>("url").map(|s| s.as_str());
                 let dry_run = *install_matches.get_one::<bool>("dry-run").unwrap_or(&false);
 
@@ -1740,19 +1737,14 @@ pub fn main() -> Result<(), Box<dyn Error>> {
                     })
                     .unwrap_or_else(|| "jacs-mcp".to_string());
 
-                let forwarded_args: Vec<String> = run_matches
-                    .get_many::<String>("args")
-                    .map(|vals| vals.map(|v| v.to_string()).collect())
-                    .unwrap_or_default();
-
-                run_jacs_mcp_binary(&binary, &forwarded_args)?;
+                run_jacs_mcp_binary(&binary)?;
             }
             _ => println!("please enter subcommand see jacs mcp --help"),
         },
         Some(("a2a", a2a_matches)) => match a2a_matches.subcommand() {
             Some(("assess", assess_matches)) => {
+                use jacs::a2a::trust::{assess_a2a_agent, A2ATrustPolicy};
                 use jacs::a2a::AgentCard;
-                use jacs::a2a::trust::{A2ATrustPolicy, assess_a2a_agent};
 
                 let source = assess_matches.get_one::<String>("source").unwrap();
                 let policy_str = assess_matches
@@ -1865,8 +1857,8 @@ pub fn main() -> Result<(), Box<dyn Error>> {
                 println!("  Added to local trust store with key: {}", key);
             }
             Some(("discover", discover_matches)) => {
+                use jacs::a2a::trust::{assess_a2a_agent, A2ATrustPolicy};
                 use jacs::a2a::AgentCard;
-                use jacs::a2a::trust::{A2ATrustPolicy, assess_a2a_agent};
 
                 let base_url = discover_matches.get_one::<String>("url").unwrap();
                 let json_output = *discover_matches.get_one::<bool>("json").unwrap_or(&false);

jacs/tests/cli_tests.rs

@@ -1100,7 +1100,9 @@ fn test_mcp_help_shows_install_and_run() -> Result<(), Box<dyn Error>> {
         .success()
         .stdout(predicate::str::contains("install"))
         .stdout(predicate::str::contains("run"))
-        .stdout(predicate::str::contains("Install and run the JACS MCP server"));
+        .stdout(predicate::str::contains(
+            "Install and run the JACS MCP server",
+        ));
     Ok(())
 }
 
@@ -1110,9 +1112,13 @@ fn test_mcp_install_dry_run_shows_prebuilt_plan() -> Result<(), Box<dyn Error>>
     cmd.arg("mcp").arg("install").arg("--dry-run");
     cmd.assert()
         .success()
-        .stdout(predicate::str::contains("Dry run: MCP prebuilt install plan"))
+        .stdout(predicate::str::contains(
+            "Dry run: MCP prebuilt install plan",
+        ))
         .stdout(predicate::str::contains("jacs-mcp-"))
-        .stdout(predicate::str::contains("github.com/HumanAssisted/JACS/releases/download"));
+        .stdout(predicate::str::contains(
+            "github.com/HumanAssisted/JACS/releases/download",
+        ));
     Ok(())
 }
 
@@ -1124,9 +1130,9 @@ fn test_mcp_install_dry_run_custom_url() -> Result<(), Box<dyn Error>> {
         .arg("--dry-run")
         .arg("--url")
         .arg("https://example.invalid/jacs-mcp.tar.gz");
-    cmd.assert()
-        .success()
-        .stdout(predicate::str::contains("https://example.invalid/jacs-mcp.tar.gz"));
+    cmd.assert().success().stdout(predicate::str::contains(
+        "https://example.invalid/jacs-mcp.tar.gz",
+    ));
     Ok(())
 }
 
@@ -1142,7 +1148,9 @@ fn test_mcp_install_from_cargo_dry_run_shows_cargo_plan() -> Result<(), Box<dyn
     cmd.assert()
         .success()
         .stdout(predicate::str::contains("Dry run: MCP cargo install plan"))
-        .stdout(predicate::str::contains("cargo install jacs-mcp --locked --version 0.8.0"));
+        .stdout(predicate::str::contains(
+            "cargo install jacs-mcp --locked --version 0.8.0",
+        ));
     Ok(())
 }
 
@@ -1153,8 +1161,31 @@ fn test_mcp_run_missing_binary_shows_install_hint() -> Result<(), Box<dyn Error>
         .arg("run")
         .arg("--bin")
         .arg("/definitely/not/a/real/jacs-mcp");
+    cmd.assert().failure().stderr(predicate::str::contains(
+        "Install it with `jacs mcp install`",
+    ));
+    Ok(())
+}
+
+#[test]
+fn test_mcp_run_help_mentions_stdio_and_no_forwarded_args() -> Result<(), Box<dyn Error>> {
+    let mut cmd = Command::cargo_bin("jacs")?;
+    cmd.arg("mcp").arg("run").arg("--help");
     cmd.assert()
-        .failure()
-        .stderr(predicate::str::contains("Install it with `jacs mcp install`"));
+        .success()
+        .stdout(predicate::str::contains("stdio transport"))
+        .stdout(predicate::str::contains("--bin <bin>"))
+        .stdout(predicate::str::contains("[args]").not())
+        .stdout(predicate::str::contains("Arguments forwarded").not());
+    Ok(())
+}
+
+#[test]
+fn test_mcp_run_rejects_forwarded_runtime_args() -> Result<(), Box<dyn Error>> {
+    let mut cmd = Command::cargo_bin("jacs")?;
+    cmd.arg("mcp").arg("run").arg("--transport").arg("http");
+    cmd.assert().failure().stderr(predicate::str::contains(
+        "unexpected argument '--transport'",
+    ));
     Ok(())
 }

jacs/tests/payload_security_tests.rs

@@ -0,0 +1,100 @@
+use jacs::agent::payloads::PayloadTraits;
+use serde_json::json;
+use serial_test::serial;
+use std::time::Duration;
+
+mod utils;
+use utils::load_test_agent_one;
+
+struct EnvVarGuard {
+    key: &'static str,
+    previous: Option<String>,
+}
+
+impl EnvVarGuard {
+    fn set(key: &'static str, value: &str) -> Self {
+        let previous = std::env::var(key).ok();
+        // SAFETY: this test module is serial; env mutation is isolated.
+        unsafe {
+            std::env::set_var(key, value);
+        }
+        Self { key, previous }
+    }
+
+    fn unset(key: &'static str) -> Self {
+        let previous = std::env::var(key).ok();
+        // SAFETY: this test module is serial; env mutation is isolated.
+        unsafe {
+            std::env::remove_var(key);
+        }
+        Self { key, previous }
+    }
+}
+
+impl Drop for EnvVarGuard {
+    fn drop(&mut self) {
+        // SAFETY: this test module is serial; env mutation is isolated.
+        unsafe {
+            if let Some(value) = &self.previous {
+                std::env::set_var(self.key, value);
+            } else {
+                std::env::remove_var(self.key);
+            }
+        }
+    }
+}
+
+#[test]
+#[serial]
+fn verify_payload_default_window_allows_recent_message() {
+    let _guard = EnvVarGuard::unset("JACS_PAYLOAD_MAX_REPLAY_SECONDS");
+    let mut agent = load_test_agent_one();
+    let signed = agent
+        .sign_payload(json!({ "test": "default-window" }))
+        .expect("payload signing should succeed");
+
+    std::thread::sleep(Duration::from_secs(2));
+
+    let payload = agent
+        .verify_payload(signed, None)
+        .expect("default 5-minute replay window should accept a 2-second-old payload");
+    assert_eq!(payload["test"], "default-window");
+}
+
+#[test]
+#[serial]
+fn verify_payload_env_override_can_be_strict() {
+    let _guard = EnvVarGuard::set("JACS_PAYLOAD_MAX_REPLAY_SECONDS", "1");
+    let mut agent = load_test_agent_one();
+    let signed = agent
+        .sign_payload(json!({ "test": "strict-env-window" }))
+        .expect("payload signing should succeed");
+
+    std::thread::sleep(Duration::from_secs(2));
+
+    let err = agent
+        .verify_payload(signed, None)
+        .expect_err("strict 1-second env replay window should reject old payload");
+    assert!(
+        err.to_string().contains("Signature too old"),
+        "unexpected error: {}",
+        err
+    );
+}
+
+#[test]
+#[serial]
+fn verify_payload_explicit_argument_overrides_env_window() {
+    let _guard = EnvVarGuard::set("JACS_PAYLOAD_MAX_REPLAY_SECONDS", "1");
+    let mut agent = load_test_agent_one();
+    let signed = agent
+        .sign_payload(json!({ "test": "explicit-override" }))
+        .expect("payload signing should succeed");
+
+    std::thread::sleep(Duration::from_secs(2));
+
+    let payload = agent
+        .verify_payload(signed, Some(300))
+        .expect("explicit replay window should override strict env setting");
+    assert_eq!(payload["test"], "explicit-override");
+}