Which JACS Path Should I Use?
Choose the smallest supported integration that matches your deployment.
Start Here
| If you need... | Start here | Why |
|---|---|---|
| Signed tool outputs inside LangChain / LangGraph on Python | Python Framework Adapters | Smallest path: sign tool results without adding MCP |
| Signed tool outputs inside LangChain.js / LangGraph on Node | Node.js LangChain.js | Same idea for TypeScript |
| A ready-made local MCP server for Claude, Codex, or another MCP client | MCP Overview and jacs-mcp | Fastest full server path |
| To secure your existing MCP server/client code | Python MCP or Node.js MCP | Use wrappers or transport proxies around code you already have |
| Cross-organization agent discovery and signed artifact exchange | A2A Interoperability | MCP is not enough for this boundary |
| Signed HTTP APIs without adopting MCP | Python Framework Adapters, Express, Koa | Sign requests or responses at the web layer |
| Multi-party approval or quorum workflows | Multi-Agent Agreements | Agreements are the right primitive, not just one-off signatures |
| Direct signing from scripts, jobs, or services | Quick Start, Python Basic Usage, Node Basic Usage, Go Installation | Start from sign/verify before adding framework layers |
When You Probably Do Not Need JACS
- Everything stays inside one service you control and your own logs are enough
- You only need integrity, not signer identity or third-party verification
- A plain checksum or database audit log already satisfies the requirement
Recommended Adoption Order
- Prototype with quickstart and simple sign/verify calls.
- Attach provenance at the boundary that already exists in your system: LangChain tool, FastAPI response, MCP call, or A2A artifact.
- Add trust policy only when other agents or organizations enter the picture.
- Add agreements, DNS, or attestations only if your deployment actually needs them.
The mistake to avoid is starting with the broadest story. Start with the boundary you need to secure now.