PyPI - asap-protocol - Versions diffs - 0.1.0__py3-none-any.whl → 0.5.0__py3-none-any.whl - Mend

asap-protocol 0.1.0py3-none-any.whl → 0.5.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

asap/__init__.py +1 -1
asap/errors.py +209 -0
asap/examples/README.md +3 -0
asap/examples/coordinator.py +1 -1
asap/examples/echo_agent.py +1 -1
asap/examples/run_demo.py +9 -2
asap/models/__init__.py +4 -0
asap/models/constants.py +74 -0
asap/models/entities.py +38 -2
asap/models/envelope.py +7 -1
asap/observability/metrics.py +1 -0
asap/transport/__init__.py +3 -0
asap/transport/circuit_breaker.py +193 -0
asap/transport/client.py +588 -53
asap/transport/executors.py +156 -0
asap/transport/handlers.py +17 -5
asap/transport/middleware.py +304 -8
asap/transport/server.py +729 -258
asap/transport/validators.py +324 -0
asap/utils/__init__.py +7 -0
asap/utils/sanitization.py +139 -0
{asap_protocol-0.1.0.dist-info → asap_protocol-0.5.0.dist-info}/METADATA +66 -73
asap_protocol-0.5.0.dist-info/RECORD +41 -0
asap_protocol-0.1.0.dist-info/RECORD +0 -36
{asap_protocol-0.1.0.dist-info → asap_protocol-0.5.0.dist-info}/WHEEL +0 -0
{asap_protocol-0.1.0.dist-info → asap_protocol-0.5.0.dist-info}/entry_points.txt +0 -0
{asap_protocol-0.1.0.dist-info → asap_protocol-0.5.0.dist-info}/licenses/LICENSE +0 -0

asap/transport/server.py CHANGED Viewed

@@ -40,18 +40,33 @@ Example:
     >>> # Run with: uvicorn asap.transport.server:app --host 0.0.0.0 --port 8000
 """
+import json
+import os
 import time
-from typing import Any, Callable
+from dataclasses import dataclass
+from typing import Any, Callable, TypeVar
 from fastapi import FastAPI, HTTPException, Request
 from fastapi.responses import JSONResponse, PlainTextResponse
 from pydantic import ValidationError
+from slowapi.errors import RateLimitExceeded
+from asap.errors import InvalidNonceError, InvalidTimestampError, ThreadPoolExhaustedError
+from asap.models.constants import MAX_REQUEST_SIZE
 from asap.models.entities import Capability, Endpoint, Manifest, Skill
 from asap.models.envelope import Envelope
 from asap.observability import get_logger, get_metrics
-from asap.transport.middleware import AuthenticationMiddleware, BearerTokenValidator
+from asap.utils.sanitization import sanitize_nonce
+from asap.transport.middleware import (
+    AuthenticationMiddleware,
+    BearerTokenValidator,
+    SizeLimitMiddleware,
+    create_limiter,
+    limiter,
+    rate_limit_handler,
+)
 from asap.observability.metrics import MetricsCollector
+from asap.transport.executors import BoundedExecutor
 from asap.transport.handlers import (
     HandlerNotFoundError,
     HandlerRegistry,
@@ -69,10 +84,40 @@ from asap.transport.jsonrpc import (
     JsonRpcRequest,
     JsonRpcResponse,
 )
+from asap.transport.validators import (
+    InMemoryNonceStore,
+    NonceStore,
+    validate_envelope_nonce,
+    validate_envelope_timestamp,
+)
 # Module logger
 logger = get_logger(__name__)
+# Type variable for handler result pattern
+T = TypeVar("T")
+HandlerResult = tuple[T | None, JSONResponse | None]
+@dataclass
+class RequestContext:
+    """Request-scoped context for handler processing.
+    Groups request-scoped data that is passed to multiple helper methods
+    to reduce parameter noise and improve code readability.
+    Attributes:
+        request_id: JSON-RPC request ID (str, int, or None)
+        start_time: Request start time for duration calculation
+        metrics: Metrics collector for observability
+        rpc_request: Validated JSON-RPC request object
+    """
+    request_id: str | int | None
+    start_time: float
+    metrics: MetricsCollector
+    rpc_request: JsonRpcRequest
 class ASAPRequestHandler:
     """Handler for processing ASAP protocol requests.
@@ -103,6 +148,8 @@ class ASAPRequestHandler:
         registry: HandlerRegistry,
         manifest: Manifest,
         auth_middleware: AuthenticationMiddleware | None = None,
+        max_request_size: int = MAX_REQUEST_SIZE,
+        nonce_store: NonceStore | None = None,
     ) -> None:
         """Initialize the request handler.
@@ -110,10 +157,31 @@ class ASAPRequestHandler:
             registry: Handler registry for dispatching payloads
             manifest: Agent manifest describing capabilities
             auth_middleware: Optional authentication middleware for request validation
+            max_request_size: Maximum allowed request size in bytes
+            nonce_store: Optional nonce store for replay attack prevention
         """
         self.registry = registry
         self.manifest = manifest
         self.auth_middleware = auth_middleware
+        self.max_request_size = max_request_size
+        self.nonce_store = nonce_store
+    def _normalize_payload_type_for_metrics(self, payload_type: str) -> str:
+        """Normalize payload type for metrics to prevent cardinality explosion.
+        Only registered payload types are used as metric labels. Unknown
+        payload types are normalized to "other" to prevent DoS attacks
+        through metric cardinality explosion.
+        Args:
+            payload_type: The payload type to normalize
+        Returns:
+            The payload type if registered, or "other" if unknown
+        """
+        if self.registry.has_handler(payload_type):
+            return payload_type
+        return "other"
     def build_error_response(
         self,
@@ -152,22 +220,475 @@ class ASAPRequestHandler:
             error_type: Type of error that occurred
             duration_seconds: Request duration in seconds
         """
+        # Normalize payload_type to prevent cardinality explosion
+        normalized_payload_type = self._normalize_payload_type_for_metrics(payload_type)
         metrics.increment_counter(
             "asap_requests_total",
-            {"payload_type": payload_type, "status": "error"},
+            {"payload_type": normalized_payload_type, "status": "error"},
         )
         metrics.increment_counter(
             "asap_requests_error_total",
-            {"payload_type": payload_type, "error_type": error_type},
+            {"payload_type": normalized_payload_type, "error_type": error_type},
         )
         metrics.observe_histogram(
             "asap_request_duration_seconds",
             duration_seconds,
-            {"payload_type": payload_type, "status": "error"},
+            {"payload_type": normalized_payload_type, "status": "error"},
         )
+    def _validate_envelope(
+        self,
+        ctx: RequestContext,
+    ) -> tuple[Envelope | None, JSONResponse | str]:
+        """Validate and extract envelope from JSON-RPC params.
+        Validates that params is a dict, extracts the envelope field,
+        and validates the envelope structure.
+        Args:
+            ctx: Request context with rpc_request, start_time, and metrics
+        Returns:
+            Tuple of (Envelope, payload_type) if valid, or (None, error_response) if invalid
+        """
+        rpc_request = ctx.rpc_request
+        # Validate params is a dict before accessing
+        if not isinstance(rpc_request.params, dict):
+            logger.warning(
+                "asap.request.invalid_params_type",
+                params_type=type(rpc_request.params).__name__,
+            )
+            error_response = self.build_error_response(
+                INVALID_PARAMS,
+                data={
+                    "error": "JSON-RPC 'params' must be an object",
+                    "received_type": type(rpc_request.params).__name__,
+                },
+                request_id=ctx.request_id,
+            )
+            self.record_error_metrics(
+                ctx.metrics,
+                "unknown",
+                "invalid_params",
+                time.perf_counter() - ctx.start_time,
+            )
+            return None, error_response
+        # Extract envelope from params
+        envelope_data = rpc_request.params.get("envelope")
+        if envelope_data is None:
+            logger.warning("asap.request.missing_envelope")
+            error_response = self.build_error_response(
+                INVALID_PARAMS,
+                data={"error": "Missing 'envelope' in params"},
+                request_id=ctx.request_id,
+            )
+            self.record_error_metrics(
+                ctx.metrics,
+                "unknown",
+                "missing_envelope",
+                time.perf_counter() - ctx.start_time,
+            )
+            return None, error_response
+        # Validate envelope structure
+        try:
+            envelope = Envelope(**envelope_data)
+            payload_type = envelope.payload_type
+            return envelope, payload_type
+        except ValidationError as e:
+            logger.warning(
+                "asap.request.invalid_envelope",
+                error="Invalid envelope structure",
+                validation_errors=str(e.errors()),
+            )
+            duration_seconds = time.perf_counter() - ctx.start_time
+            self.record_error_metrics(ctx.metrics, "unknown", "invalid_envelope", duration_seconds)
+            error_response = self.build_error_response(
+                INVALID_PARAMS,
+                data={
+                    "error": "Invalid envelope structure",
+                    "validation_errors": e.errors(),
+                },
+                request_id=ctx.request_id,
+            )
+            return None, error_response
+    async def _dispatch_to_handler(
+        self,
+        envelope: Envelope,
+        ctx: RequestContext,
+    ) -> tuple[Envelope | None, JSONResponse | str]:
+        """Dispatch envelope to registered handler.
+        Looks up and executes the handler for the envelope's payload type.
+        Handles HandlerNotFoundError and converts it to JSON-RPC error response.
+        Args:
+            envelope: Validated ASAP envelope
+            ctx: Request context with rpc_request, start_time, and metrics
+        Returns:
+            Tuple of (response_envelope, payload_type) if successful,
+            or (None, error_response) if handler not found
+        """
+        payload_type = envelope.payload_type
+        try:
+            response_envelope = await self.registry.dispatch_async(envelope, self.manifest)
+            return response_envelope, payload_type
+        except ThreadPoolExhaustedError as e:
+            # Thread pool exhausted - service temporarily unavailable
+            logger.warning(
+                "asap.request.thread_pool_exhausted",
+                payload_type=payload_type,
+                envelope_id=envelope.id,
+                max_threads=e.max_threads,
+                active_threads=e.active_threads,
+            )
+            # Record error metric
+            duration_seconds = time.perf_counter() - ctx.start_time
+            self.record_error_metrics(
+                ctx.metrics, payload_type, "thread_pool_exhausted", duration_seconds
+            )
+            # Return HTTP 503 Service Unavailable (not JSON-RPC error)
+            error_response = JSONResponse(
+                status_code=503,
+                content={
+                    "error": "Service Temporarily Unavailable",
+                    "code": e.code,
+                    "message": e.message,
+                    "details": e.details,
+                },
+            )
+            return None, error_response
+        except HandlerNotFoundError as e:
+            # No handler registered for this payload type
+            logger.warning(
+                "asap.request.handler_not_found",
+                payload_type=e.payload_type,
+                envelope_id=envelope.id,
+            )
+            # Record error metric
+            duration_seconds = time.perf_counter() - ctx.start_time
+            self.record_error_metrics(
+                ctx.metrics, payload_type, "handler_not_found", duration_seconds
+            )
+            handler_error = JsonRpcErrorResponse(
+                error=JsonRpcError.from_code(
+                    METHOD_NOT_FOUND,
+                    data={
+                        "payload_type": e.payload_type,
+                        "error": str(e),
+                    },
+                ),
+                id=ctx.request_id,
+            )
+            error_response = JSONResponse(
+                status_code=200,
+                content=handler_error.model_dump(),
+            )
+            return None, error_response
+    async def _authenticate_request(
+        self,
+        request: Request,
+        ctx: RequestContext,
+    ) -> HandlerResult[str]:
+        """Authenticate the request if authentication is enabled.
+        Args:
+            request: FastAPI request object
+            ctx: Request context with rpc_request, start_time, and metrics
+        Returns:
+            Tuple of (authenticated_agent_id, None) if successful or auth disabled,
+            or (None, error_response) if authentication failed
+        """
+        if self.auth_middleware is None:
+            return None, None
+        try:
+            authenticated_agent_id = await self.auth_middleware.verify_authentication(request)
+            return authenticated_agent_id, None
+        except HTTPException as e:
+            # Authentication failed - return JSON-RPC error
+            logger.warning(
+                "asap.request.auth_failed",
+                status_code=e.status_code,
+                detail=e.detail,
+            )
+            # Map HTTP status to JSON-RPC error code
+            error_code = INVALID_REQUEST if e.status_code == 401 else INVALID_PARAMS
+            error_response = self.build_error_response(
+                error_code,
+                data={"error": str(e.detail), "status_code": e.status_code},
+                request_id=ctx.request_id,
+            )
+            self.record_error_metrics(
+                ctx.metrics,
+                "unknown",
+                "auth_failed",
+                time.perf_counter() - ctx.start_time,
+            )
+            return None, error_response
+    def _verify_sender_matches_auth(
+        self,
+        authenticated_agent_id: str | None,
+        envelope: Envelope,
+        ctx: RequestContext,
+        payload_type: str,
+    ) -> JSONResponse | None:
+        """Verify that envelope sender matches authenticated identity.
+        Args:
+            authenticated_agent_id: Authenticated agent ID from auth middleware
+            envelope: Validated ASAP envelope
+            ctx: Request context with rpc_request, start_time, and metrics
+            payload_type: Payload type for metrics
+        Returns:
+            None if verification passes, or error_response if sender mismatch
+        """
+        if self.auth_middleware is None:
+            return None
+        try:
+            self.auth_middleware.verify_sender_matches_auth(authenticated_agent_id, envelope.sender)
+            return None
+        except HTTPException as e:
+            # Sender mismatch - return JSON-RPC error
+            logger.warning(
+                "asap.request.sender_mismatch",
+                authenticated_agent=authenticated_agent_id,
+                envelope_sender=envelope.sender,
+            )
+            error_response = self.build_error_response(
+                INVALID_PARAMS,
+                data={"error": str(e.detail), "status_code": e.status_code},
+                request_id=ctx.request_id,
+            )
+            duration_seconds = time.perf_counter() - ctx.start_time
+            self.record_error_metrics(
+                ctx.metrics, payload_type, "sender_mismatch", duration_seconds
+            )
+            return error_response
+    def _build_success_response(
+        self,
+        response_envelope: Envelope,
+        ctx: RequestContext,
+        payload_type: str,
+    ) -> JSONResponse:
+        """Build success response with metrics and logging.
+        Args:
+            response_envelope: Response envelope from handler
+            ctx: Request context with rpc_request, start_time, and metrics
+            payload_type: Payload type for metrics
+        Returns:
+            JSON-RPC success response
+        """
+        duration_seconds = time.perf_counter() - ctx.start_time
+        duration_ms = duration_seconds * 1000
+        # Normalize payload_type to prevent cardinality explosion
+        normalized_payload_type = self._normalize_payload_type_for_metrics(payload_type)
+        # Record success metrics
+        ctx.metrics.increment_counter(
+            "asap_requests_total",
+            {"payload_type": normalized_payload_type, "status": "success"},
+        )
+        ctx.metrics.increment_counter(
+            "asap_requests_success_total",
+            {"payload_type": normalized_payload_type},
+        )
+        ctx.metrics.observe_histogram(
+            "asap_request_duration_seconds",
+            duration_seconds,
+            {"payload_type": normalized_payload_type, "status": "success"},
+        )
+        # Log successful processing
+        logger.info(
+            "asap.request.processed",
+            envelope_id=response_envelope.id,
+            response_id=response_envelope.id,
+            trace_id=response_envelope.trace_id,
+            payload_type=payload_type,
+            duration_ms=round(duration_ms, 2),
+        )
+        # Wrap response in JSON-RPC
+        # JsonRpcResponse requires id to be str | int, not None
+        response_id: str | int = ctx.request_id if ctx.request_id is not None else ""
+        rpc_response = JsonRpcResponse(
+            result={"envelope": response_envelope.model_dump(mode="json")},
+            id=response_id,
+        )
+        return JSONResponse(
+            status_code=200,
+            content=rpc_response.model_dump(),
+        )
+    def _handle_internal_error(
+        self,
+        error: Exception,
+        ctx: RequestContext,
+        payload_type: str,
+    ) -> JSONResponse:
+        """Handle internal server errors with metrics and logging.
+        Args:
+            error: The exception that occurred
+            ctx: Request context with rpc_request, start_time, and metrics
+            payload_type: Payload type for metrics
+        Returns:
+            JSON-RPC internal error response
+        """
+        duration_seconds = time.perf_counter() - ctx.start_time
+        duration_ms = duration_seconds * 1000
+        # Record error metrics (normalized to prevent cardinality explosion)
+        self.record_error_metrics(ctx.metrics, payload_type, "internal_error", duration_seconds)
+        # Log error
+        logger.exception(
+            "asap.request.error",
+            error=str(error),
+            error_type=type(error).__name__,
+            duration_ms=round(duration_ms, 2),
+        )
+        # Internal server error
+        internal_error = JsonRpcErrorResponse(
+            error=JsonRpcError.from_code(
+                INTERNAL_ERROR,
+                data={"error": str(error), "type": type(error).__name__},
+            ),
+            id=ctx.request_id,
+        )
+        return JSONResponse(
+            status_code=200,
+            content=internal_error.model_dump(),
+        )
+    async def _parse_and_validate_request(
+        self,
+        request: Request,
+    ) -> HandlerResult[JsonRpcRequest]:
+        """Parse JSON body and validate JSON-RPC request structure.
+        Args:
+            request: FastAPI request object
+        Returns:
+            Tuple of (JsonRpcRequest, None) if valid, or (None, error_response) if invalid
+        """
+        # Parse JSON body
+        try:
+            body = await self.parse_json_body(request)
+        except HTTPException as e:
+            # HTTPException (e.g., 413 Payload Too Large) should be returned directly
+            # Don't convert to JSON-RPC error response
+            from fastapi.responses import JSONResponse
+            return None, JSONResponse(
+                status_code=e.status_code,
+                content={"detail": e.detail},
+                headers=e.headers if hasattr(e, "headers") else None,
+            )
+        except ValueError as e:
+            # Invalid JSON - return parse error
+            error_response = self.build_error_response(
+                PARSE_ERROR,
+                data={"error": str(e)},
+                request_id=None,
+            )
+            # Create temporary context for metrics (before we have rpc_request)
+            temp_metrics = get_metrics()
+            self.record_error_metrics(temp_metrics, "unknown", "parse_error", 0.0)
+            return None, error_response
+        # Validate body is a dict (JSON-RPC requires object at root)
+        if not isinstance(body, dict):
+            error_response = self.build_error_response(
+                INVALID_REQUEST,
+                data={
+                    "error": "JSON-RPC request must be an object",
+                    "received_type": type(body).__name__,
+                },
+                request_id=None,
+            )
+            temp_metrics = get_metrics()
+            self.record_error_metrics(temp_metrics, "unknown", "invalid_request", 0.0)
+            return None, error_response
+        # Validate JSON-RPC request structure and method
+        rpc_request, validation_error = self.validate_jsonrpc_request(body)
+        if validation_error is not None:
+            temp_metrics = get_metrics()
+            self.record_error_metrics(temp_metrics, "unknown", "invalid_request", 0.0)
+            return None, validation_error
+        # Type narrowing: rpc_request is not None here
+        if rpc_request is None:
+            # This should not happen if validate_jsonrpc_request is correct
+            # but guard against it for robustness
+            error_response = self.build_error_response(
+                INTERNAL_ERROR,
+                data={"error": "Internal validation error"},
+                request_id=None,
+            )
+            temp_metrics = get_metrics()
+            self.record_error_metrics(
+                temp_metrics, "unknown", "internal_error", time.perf_counter()
+            )
+            return None, error_response
+        return rpc_request, None
+    def _validate_request_size(self, request: Request, max_size: int) -> None:
+        """Validate that request size does not exceed maximum.
+        Checks Content-Length header first, then validates actual body size
+        if available. Raises HTTPException(413) if request is too large.
+        Args:
+            request: FastAPI request object
+            max_size: Maximum allowed request size in bytes
+        Raises:
+            HTTPException: If request size exceeds maximum (413 Payload Too Large)
+        """
+        # Check Content-Length header first
+        content_length = request.headers.get("content-length")
+        if content_length:
+            try:
+                size = int(content_length)
+                if size > max_size:
+                    logger.warning(
+                        "asap.request.size_exceeded",
+                        content_length=size,
+                        max_size=max_size,
+                    )
+                    raise HTTPException(
+                        status_code=413,
+                        detail=f"Request size ({size} bytes) exceeds maximum ({max_size} bytes)",
+                    )
+            except ValueError:
+                # Invalid Content-Length header, will check body size instead
+                pass
     async def parse_json_body(self, request: Request) -> dict[str, Any]:
-        """Parse JSON body from request.
+        """Parse JSON body from request with size validation.
+        Validates request size before parsing to prevent DoS attacks.
+        Checks both Content-Length header and actual body size.
         Args:
             request: FastAPI request object
@@ -176,14 +697,37 @@ class ASAPRequestHandler:
             Parsed JSON body
         Raises:
+            HTTPException: If request size exceeds maximum (413)
             ValueError: If JSON is invalid
         """
+        # Read body in chunks and validate size incrementally to prevent OOM attacks
+        # Note: Content-Length header validation is handled by SizeLimitMiddleware
+        # This validates actual body size during streaming to prevent OOM attacks
         try:
-            body: dict[str, Any] = await request.json()
+            body_bytes = bytearray()
+            async for chunk in request.stream():
+                body_bytes.extend(chunk)
+                # Validate size after each chunk to abort early if limit exceeded
+                if len(body_bytes) > self.max_request_size:
+                    logger.warning(
+                        "asap.request.size_exceeded",
+                        actual_size=len(body_bytes),
+                        max_size=self.max_request_size,
+                    )
+                    raise HTTPException(
+                        status_code=413,
+                        detail=f"Request size ({len(body_bytes)} bytes) exceeds maximum ({self.max_request_size} bytes)",
+                    )
+            # Parse JSON from bytes
+            body: dict[str, Any] = json.loads(body_bytes.decode("utf-8"))
             return body
-        except ValueError as e:
+        except UnicodeDecodeError as e:
+            logger.warning("asap.request.invalid_encoding", error=str(e))
+            raise ValueError(f"Invalid UTF-8 encoding: {e}") from e
+        except json.JSONDecodeError as e:
             logger.warning("asap.request.invalid_json", error=str(e))
-            raise
+            raise ValueError(f"Invalid JSON: {e}") from e
     def validate_jsonrpc_request(
         self, body: dict[str, Any]
@@ -268,158 +812,102 @@ class ASAPRequestHandler:
         payload_type = "unknown"
         try:
-            # Parse JSON body
-            try:
-                body = await self.parse_json_body(request)
-            except ValueError as e:
-                # Invalid JSON - return parse error
-                error_response = self.build_error_response(
-                    PARSE_ERROR,
-                    data={"error": str(e)},
-                    request_id=None,
-                )
-                self.record_error_metrics(metrics, "unknown", "parse_error", 0.0)
-                return error_response
+            # Parse and validate JSON-RPC request
+            parse_result = await self._parse_and_validate_request(request)
+            rpc_request, parse_error = parse_result
+            if parse_error is not None:
+                return parse_error
+            # Type narrowing: rpc_request is not None here
+            # Use explicit check instead of assert to avoid removal in optimized builds
+            if rpc_request is None:
+                raise RuntimeError("Internal error: rpc_request is None after validation")
-            # Validate body is a dict (JSON-RPC requires object at root)
-            if not isinstance(body, dict):
-                error_response = self.build_error_response(
-                    INVALID_REQUEST,
-                    data={
-                        "error": "JSON-RPC request must be an object",
-                        "received_type": type(body).__name__,
-                    },
-                    request_id=None,
-                )
-                self.record_error_metrics(metrics, "unknown", "invalid_request", 0.0)
-                return error_response
+            # Create request context
+            ctx = RequestContext(
+                request_id=rpc_request.id,
+                start_time=start_time,
+                metrics=metrics,
+                rpc_request=rpc_request,
+            )
-            # Validate JSON-RPC request structure and method
-            rpc_request, validation_error = self.validate_jsonrpc_request(body)
-            if validation_error is not None:
-                self.record_error_metrics(metrics, "unknown", "invalid_request", 0.0)
-                return validation_error
+            # Authenticate request if enabled
+            auth_result = await self._authenticate_request(request, ctx)
+            authenticated_agent_id, auth_error = auth_result
+            if auth_error is not None:
+                return auth_error
+            # Validate and extract envelope
+            envelope_result = self._validate_envelope(ctx)
+            envelope_or_none, result = envelope_result
+            if envelope_or_none is None:
+                # result is JSONResponse when envelope is None
+                return result  # type: ignore[return-value]
+            envelope = envelope_or_none
+            # result is payload_type (str) when envelope is not None
+            payload_type = result  # type: ignore[assignment]
-            # Type narrowing: rpc_request is not None here
-            if rpc_request is None:
-                # This should not happen if validate_jsonrpc_request is correct
-                # but guard against it for robustness
-                error_response = self.build_error_response(
-                    INTERNAL_ERROR,
-                    data={"error": "Internal validation error"},
-                    request_id=None,
-                )
-                self.record_error_metrics(
-                    metrics, "unknown", "internal_error", time.perf_counter() - start_time
-                )
-                return error_response
-            # Verify authentication if enabled
-            authenticated_agent_id: str | None = None
-            if self.auth_middleware is not None:
-                try:
-                    authenticated_agent_id = await self.auth_middleware.verify_authentication(
-                        request
-                    )
-                except HTTPException as e:
-                    # Authentication failed - return JSON-RPC error
-                    logger.warning(
-                        "asap.request.auth_failed",
-                        status_code=e.status_code,
-                        detail=e.detail,
-                    )
-                    # Map HTTP status to JSON-RPC error code
-                    error_code = INVALID_REQUEST if e.status_code == 401 else INVALID_PARAMS
-                    error_response = self.build_error_response(
-                        error_code,
-                        data={"error": str(e.detail), "status_code": e.status_code},
-                        request_id=rpc_request.id,
-                    )
-                    self.record_error_metrics(
-                        metrics, "unknown", "auth_failed", time.perf_counter() - start_time
-                    )
-                    return error_response
+            # Verify sender matches authenticated identity
+            sender_error = self._verify_sender_matches_auth(
+                authenticated_agent_id,
+                envelope,
+                ctx,
+                payload_type,
+            )
+            if sender_error is not None:
+                return sender_error
-            # Validate params is a dict before accessing
-            if not isinstance(rpc_request.params, dict):
+            # Validate envelope timestamp to prevent replay attacks
+            try:
+                validate_envelope_timestamp(envelope)
+            except InvalidTimestampError as e:
                 logger.warning(
-                    "asap.request.invalid_params_type",
-                    params_type=type(rpc_request.params).__name__,
-                )
-                error_response = self.build_error_response(
-                    INVALID_PARAMS,
-                    data={
-                        "error": "JSON-RPC 'params' must be an object",
-                        "received_type": type(rpc_request.params).__name__,
-                    },
-                    request_id=rpc_request.id,
+                    "asap.request.invalid_timestamp",
+                    envelope_id=envelope.id,
+                    error=e.message,
+                    details=e.details,
                 )
+                duration_seconds = time.perf_counter() - ctx.start_time
                 self.record_error_metrics(
-                    metrics, "unknown", "invalid_params", time.perf_counter() - start_time
+                    ctx.metrics, payload_type, "invalid_timestamp", duration_seconds
                 )
-                return error_response
-            # Extract envelope from params
-            envelope_data = rpc_request.params.get("envelope")
-            if envelope_data is None:
-                logger.warning("asap.request.missing_envelope")
-                error_response = self.build_error_response(
+                return self.build_error_response(
                     INVALID_PARAMS,
-                    data={"error": "Missing 'envelope' in params"},
-                    request_id=rpc_request.id,
-                )
-                self.record_error_metrics(
-                    metrics, "unknown", "missing_envelope", time.perf_counter() - start_time
+                    data={
+                        "error": "Invalid envelope timestamp",
+                        "code": e.code,
+                        "message": e.message,
+                        "details": e.details,
+                    },
+                    request_id=ctx.request_id,
                 )
-                return error_response
-            # Validate envelope structure
+            # Validate envelope nonce if nonce store is available
             try:
-                envelope = Envelope(**envelope_data)
-                payload_type = envelope.payload_type
-            except ValidationError as e:
+                validate_envelope_nonce(envelope, self.nonce_store)
+            except InvalidNonceError as e:
+                # Sanitize nonce in logs to prevent full value exposure
+                nonce_sanitized = sanitize_nonce(e.nonce)
                 logger.warning(
-                    "asap.request.invalid_envelope",
-                    error="Invalid envelope structure",
-                    validation_errors=str(e.errors()),
+                    "asap.request.invalid_nonce",
+                    envelope_id=envelope.id,
+                    nonce=nonce_sanitized,
+                    error=e.message,
                 )
-                duration_seconds = time.perf_counter() - start_time
+                duration_seconds = time.perf_counter() - ctx.start_time
                 self.record_error_metrics(
-                    metrics, payload_type, "invalid_envelope", duration_seconds
+                    ctx.metrics, payload_type, "invalid_nonce", duration_seconds
                 )
                 return self.build_error_response(
                     INVALID_PARAMS,
                     data={
-                        "error": "Invalid envelope structure",
-                        "validation_errors": e.errors(),
+                        "error": "Invalid envelope nonce",
+                        "code": e.code,
+                        "message": e.message,
+                        "details": e.details,
                     },
-                    request_id=rpc_request.id,
+                    request_id=ctx.request_id,
                 )
-            # Verify sender matches authenticated identity
-            if self.auth_middleware is not None:
-                try:
-                    self.auth_middleware.verify_sender_matches_auth(
-                        authenticated_agent_id, envelope.sender
-                    )
-                except HTTPException as e:
-                    # Sender mismatch - return JSON-RPC error
-                    logger.warning(
-                        "asap.request.sender_mismatch",
-                        authenticated_agent=authenticated_agent_id,
-                        envelope_sender=envelope.sender,
-                    )
-                    error_response = self.build_error_response(
-                        INVALID_PARAMS,
-                        data={"error": str(e.detail), "status_code": e.status_code},
-                        request_id=rpc_request.id,
-                    )
-                    duration_seconds = time.perf_counter() - start_time
-                    self.record_error_metrics(
-                        metrics, payload_type, "sender_mismatch", duration_seconds
-                    )
-                    return error_response
             # Log request received
             logger.info(
                 "asap.request.received",
@@ -431,132 +919,45 @@ class ASAPRequestHandler:
                 authenticated=authenticated_agent_id is not None,
             )
-            # Process the envelope using the handler registry
-            try:
-                response_envelope = await self.registry.dispatch_async(envelope, self.manifest)
-            except HandlerNotFoundError as e:
-                # No handler registered for this payload type
-                logger.warning(
-                    "asap.request.handler_not_found",
-                    payload_type=e.payload_type,
-                    envelope_id=envelope.id,
-                )
-                # Record error metric
-                duration_seconds = time.perf_counter() - start_time
-                metrics.increment_counter(
-                    "asap_requests_total",
-                    {"payload_type": payload_type, "status": "error"},
-                )
-                metrics.increment_counter(
-                    "asap_requests_error_total",
-                    {"payload_type": payload_type, "error_type": "handler_not_found"},
-                )
-                metrics.observe_histogram(
-                    "asap_request_duration_seconds",
-                    duration_seconds,
-                    {"payload_type": payload_type, "status": "error"},
-                )
-                handler_error = JsonRpcErrorResponse(
-                    error=JsonRpcError.from_code(
-                        METHOD_NOT_FOUND,
-                        data={
-                            "payload_type": e.payload_type,
-                            "error": str(e),
-                        },
-                    ),
-                    id=rpc_request.id,
-                )
-                return JSONResponse(
-                    status_code=200,
-                    content=handler_error.model_dump(),
-                )
-            # Calculate duration
-            duration_seconds = time.perf_counter() - start_time
-            duration_ms = duration_seconds * 1000
+            # Dispatch to handler
+            dispatch_result = await self._dispatch_to_handler(envelope, ctx)
+            response_or_none, result = dispatch_result
+            if response_or_none is None:
+                # result is JSONResponse when response is None
+                return result  # type: ignore[return-value]
+            response_envelope = response_or_none
+            # result is payload_type (str) when response is not None
+            payload_type = result  # type: ignore[assignment]
-            # Record success metrics
-            metrics.increment_counter(
-                "asap_requests_total",
-                {"payload_type": payload_type, "status": "success"},
-            )
-            metrics.increment_counter(
-                "asap_requests_success_total",
-                {"payload_type": payload_type},
-            )
-            metrics.observe_histogram(
-                "asap_request_duration_seconds",
-                duration_seconds,
-                {"payload_type": payload_type, "status": "success"},
-            )
-            # Log successful processing
-            logger.info(
-                "asap.request.processed",
-                envelope_id=envelope.id,
-                response_id=response_envelope.id,
-                trace_id=envelope.trace_id,
-                payload_type=envelope.payload_type,
-                duration_ms=round(duration_ms, 2),
-            )
-            # Wrap response in JSON-RPC
-            rpc_response = JsonRpcResponse(
-                result={"envelope": response_envelope.model_dump(mode="json")},
-                id=rpc_request.id,
-            )
-            return JSONResponse(
-                status_code=200,
-                content=rpc_response.model_dump(),
-            )
+            # Build and return success response
+            return self._build_success_response(response_envelope, ctx, payload_type)
         except Exception as e:
-            # Calculate duration for error case
-            duration_seconds = time.perf_counter() - start_time
-            duration_ms = duration_seconds * 1000
-            # Record error metrics
-            metrics.increment_counter(
-                "asap_requests_total",
-                {"payload_type": payload_type, "status": "error"},
-            )
-            metrics.increment_counter(
-                "asap_requests_error_total",
-                {"payload_type": payload_type, "error_type": "internal_error"},
-            )
-            metrics.observe_histogram(
-                "asap_request_duration_seconds",
-                duration_seconds,
-                {"payload_type": payload_type, "status": "error"},
-            )
-            # Log error
-            logger.exception(
-                "asap.request.error",
-                error=str(e),
-                error_type=type(e).__name__,
-                duration_ms=round(duration_ms, 2),
-            )
-            # Internal server error
-            internal_error = JsonRpcErrorResponse(
-                error=JsonRpcError.from_code(
-                    INTERNAL_ERROR,
-                    data={"error": str(e), "type": type(e).__name__},
-                ),
-                id=None,
-            )
-            return JSONResponse(
-                status_code=200,
-                content=internal_error.model_dump(),
-            )
+            # Create minimal context for error handling if we don't have rpc_request yet
+            if "ctx" not in locals():
+                # Fallback: create context with minimal info
+                temp_metrics = get_metrics()
+                # JsonRpcRequest requires id to be str | int, use empty string as fallback
+                temp_rpc_request = JsonRpcRequest(
+                    jsonrpc="2.0", method=ASAP_METHOD, params={}, id=""
+                )
+                ctx = RequestContext(
+                    request_id="",
+                    start_time=start_time,
+                    metrics=temp_metrics,
+                    rpc_request=temp_rpc_request,
+                )
+            return self._handle_internal_error(e, ctx, payload_type)
 def create_app(
     manifest: Manifest,
     registry: HandlerRegistry | None = None,
     token_validator: Callable[[str], str | None] | None = None,
+    rate_limit: str | None = None,
+    max_request_size: int | None = None,
+    max_threads: int | None = None,
+    require_nonce: bool = False,
 ) -> FastAPI:
     """Create and configure a FastAPI application for ASAP protocol.
@@ -576,6 +977,17 @@ def create_app(
         token_validator: Optional function to validate Bearer tokens.
             Required if manifest.auth is configured. Should return agent ID
             if token is valid, None otherwise.
+        rate_limit: Optional rate limit string (e.g., "100/minute").
+            Rate limiting is IP-based (per client IP address) to prevent DoS attacks.
+            Defaults to ASAP_RATE_LIMIT environment variable or "100/minute".
+        max_request_size: Optional maximum request size in bytes.
+            Defaults to ASAP_MAX_REQUEST_SIZE environment variable or 10MB.
+        max_threads: Optional maximum number of threads for sync handlers.
+            Defaults to ASAP_MAX_THREADS environment variable or min(32, cpu_count + 4).
+            Set to None to use unbounded executor (not recommended for production).
+        require_nonce: If True, enables nonce validation for replay attack prevention.
+            When enabled, creates an InMemoryNonceStore and validates nonces in envelopes.
+            Defaults to False (nonce validation is optional).
     Returns:
         Configured FastAPI application ready to run
@@ -617,10 +1029,28 @@ def create_app(
         >>> app = create_app(manifest, registry)
         >>> # Run with uvicorn: uvicorn module:app
     """
+    # Configure thread pool executor for DoS prevention
+    executor: BoundedExecutor | None = None
+    if max_threads is None:
+        max_threads_env = os.getenv("ASAP_MAX_THREADS")
+        if max_threads_env:
+            max_threads = int(max_threads_env)
+    if max_threads is not None:
+        executor = BoundedExecutor(max_threads=max_threads)
+        logger.info(
+            "asap.server.bounded_executor_enabled",
+            manifest_id=manifest.id,
+            max_threads=max_threads,
+        )
     # Use default registry if none provided
     if registry is None:
         registry = create_default_registry()
+    # Attach executor to registry if provided
+    if executor is not None:
+        registry._executor = executor
     # Create authentication middleware if auth is configured
     auth_middleware: AuthenticationMiddleware | None = None
     if manifest.auth is not None:
@@ -637,14 +1067,54 @@ def create_app(
             schemes=manifest.auth.schemes,
         )
+    # Configure max request size
+    if max_request_size is None:
+        max_request_size = int(os.getenv("ASAP_MAX_REQUEST_SIZE", str(MAX_REQUEST_SIZE)))
+    # Create nonce store if required
+    nonce_store: NonceStore | None = None
+    if require_nonce:
+        nonce_store = InMemoryNonceStore()
+        logger.info(
+            "asap.server.nonce_validation_enabled",
+            manifest_id=manifest.id,
+        )
     # Create request handler
-    handler = ASAPRequestHandler(registry, manifest, auth_middleware)
+    handler = ASAPRequestHandler(registry, manifest, auth_middleware, max_request_size, nonce_store)
     app = FastAPI(
         title="ASAP Protocol Server",
         description=f"ASAP server for {manifest.name}",
         version=manifest.version,
     )
+    # Add size limit middleware (runs before routing)
+    app.add_middleware(SizeLimitMiddleware, max_size=max_request_size)
+    # Configure rate limiting
+    if rate_limit is None:
+        rate_limit_str = os.getenv("ASAP_RATE_LIMIT", "100/minute")
+    else:
+        rate_limit_str = rate_limit
+    # Create isolated limiter instance for this app
+    # This ensures each app instance has its own rate limiter storage
+    # Tests can override this via monkeypatch or direct assignment to app.state.limiter
+    app.state.limiter = create_limiter([rate_limit_str])
+    app.state.max_request_size = max_request_size
+    app.add_exception_handler(RateLimitExceeded, rate_limit_handler)
+    logger.info(
+        "asap.server.rate_limit_enabled",
+        manifest_id=manifest.id,
+        rate_limit=rate_limit_str,
+    )
+    logger.info(
+        "asap.server.max_request_size",
+        manifest_id=manifest.id,
+        max_request_size=max_request_size,
+    )
     # Note: Request size limits should be configured at the ASGI server level (e.g., uvicorn).
     # For production, consider setting --limit-max-requests or using a reverse proxy
     # (nginx, traefik) to enforce request size limits (e.g., 10MB max).
@@ -686,6 +1156,7 @@ def create_app(
         )
     @app.post("/asap")
+    @limiter.limit(rate_limit_str)  # slowapi uses app.state.limiter at runtime
     async def handle_asap_message(request: Request) -> JSONResponse:
         """Handle ASAP messages wrapped in JSON-RPC 2.0.
@@ -723,7 +1194,7 @@ def _create_default_manifest() -> Manifest:
     return Manifest(
         id="urn:asap:agent:default-server",
         name="ASAP Default Server",
-        version="0.1.0",
+        version="0.3.0",
         description="Default ASAP protocol server with echo capabilities",
         capabilities=Capability(
             asap_version="0.1",

asap-protocol 0.1.0__py3-none-any.whl → 0.5.0__py3-none-any.whl

asap-protocol 0.1.0py3-none-any.whl → 0.5.0py3-none-any.whl