๐Ÿฆž
PQSafe · Conformance

Six implementations. One canonical envelope. Byte-identical.

Every PQSafe SDK produces identical RFC 8785 JCS canonical bytes for the same mandate. That's the definition of conformance — not just "the signature verifies", but "the bytes we sign are the same across TypeScript, Python, Rust, Go, Java, and .NET". This page is the public scoreboard.

6 / 6
Languages passing
36 / 36
Vector ร— language assertions
100%
JCS bytes match across all 6
v1
Spec version

Per-vector matrix

Each cell asserts the implementation produces the canonical JCS bytes recorded in the published test vector AND verifies both signatures.

Vector Description TS Py Rust Go Java .NET
tc1-minimalMinimal 5-field mandateโœ“โœ“โœ“โœ“โœ“โœ“
tc2-array-orderingArray ordering preserved across langsโœ“โœ“โœ“โœ“โœ“โœ“
tc3-decimalDecimal-string amount normalizationโœ“โœ“โœ“โœ“โœ“โœ“
tc4-retention7-year retention metadata fieldsโœ“โœ“โœ“โœ“โœ“โœ“
tc5-tamperedNegative case: mutated amount rejectsโœ“โœ“โœ“โœ“โœ“โœ“
tc6-multi-payeepayee_constraints array of 3 DIDsโœ“โœ“โœ“โœ“โœ“โœ“

Vectors v1 published at /spec/ap2-pq-test-vectors-v1.json. Includes one negative case (tc5) exposing the pqcrypto 0.4.0 ML-DSA verify defect that motivated cross-impl conformance in the first place.

Reproduce in 30 seconds

Run the conformance harness against the canonical vectors:

# Node / TypeScript
npx @pqsafe/conformance check

# Python
pip install pqsafe-conformance
pqsafe-conformance check

# All six in one shell (assumes the repo is cloned)
cd pqsafe-xlang-conformance
bash run-all.sh

Each implementation re-derives the JCS canonical bytes from the mandate, fingerprints them, and verifies the bundled signature. Cross-check compares the resulting fingerprints across all six. Drift fails CI.

Per-language implementations

TypeScript · @pqsafe/agent-pay

Node 20+ and modern browsers. @noble/post-quantum + @noble/curves. Used by /verify and /generate.

All 6 vectors · pure JS · โœ“ passing
Python · pqsafe

Python 3.10+. Wraps pqcrypto for ML-DSA-65 and cryptography for ECDSA. Async-friendly verify API.

All 6 vectors · โœ“ passing
Rust · pqsafe crate

Native FIPS 204 via ml-dsa crate (RustCrypto). Suitable for CF Workers and edge runtimes.

All 6 vectors · โœ“ passing
Go · github.com/PQSafe/pqsafe-go

Go 1.22+. Cgo-free build path; ML-DSA via pure-Go port.

All 6 vectors · โœ“ passing
Java · xyz.pqsafe:agent-pay

JDK 17+. ML-DSA via Bouncy Castle 1.78+. JCS via erdtman/java-json-canonicalization.

All 6 vectors · โœ“ passing
.NET · PQSafe.AgentPay

.NET 8+. ML-DSA via BouncyCastle.Cryptography. Targets ASP.NET middleware.

All 6 vectors · โœ“ passing
Why this matters. The single most common failure mode in cross-language crypto interop is JSON canonicalization drift — one library sorts keys, another doesn't, a third strips trailing zeros from decimals, and the signature stops verifying across languages. PQSafe ships six independent implementations against a single test vector set so this defect class never reaches production.

Adding your implementation

  1. Implement RFC 8785 JCS in your target language.
  2. Wire in your platform's FIPS 204 ML-DSA-65 library + ECDSA P-256.
  3. Run the conformance harness against v1 test vectors.
  4. Open a PR to PQSafe/pqsafe with your impl + a green conformance badge.

Reference impls in TS / Python are the recommended starting point.