asap-protocol 2.2.1__tar.gz → 2.3.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (193) hide show
  1. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/.gitignore +21 -2
  2. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/CHANGELOG.md +38 -0
  3. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/PKG-INFO +41 -18
  4. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/README.md +38 -17
  5. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/pyproject.toml +6 -1
  6. asap_protocol-2.3.0/src/asap/__init__.py +22 -0
  7. asap_protocol-2.3.0/src/asap/adapters/__init__.py +1 -0
  8. asap_protocol-2.3.0/src/asap/adapters/openapi/__init__.py +19 -0
  9. asap_protocol-2.3.0/src/asap/adapters/openapi/approval.py +107 -0
  10. asap_protocol-2.3.0/src/asap/adapters/openapi/capability_mapper.py +499 -0
  11. asap_protocol-2.3.0/src/asap/adapters/openapi/factory.py +243 -0
  12. asap_protocol-2.3.0/src/asap/adapters/openapi/handler.py +525 -0
  13. asap_protocol-2.3.0/src/asap/adapters/openapi/spec_loader.py +154 -0
  14. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/approval.py +25 -1
  15. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/capabilities.py +41 -0
  16. asap_protocol-2.3.0/src/asap/registry/__init__.py +19 -0
  17. asap_protocol-2.3.0/src/asap/registry/anti_spam.py +20 -0
  18. asap_protocol-2.3.0/src/asap/registry/auto_registration.py +291 -0
  19. asap_protocol-2.3.0/src/asap/registry/bot_pr.py +336 -0
  20. asap_protocol-2.3.0/src/asap/registry/receipt_cache.py +96 -0
  21. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/agent_routes.py +41 -12
  22. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/capability_routes.py +25 -5
  23. asap_protocol-2.3.0/src/asap/transport/challenge.py +119 -0
  24. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/client.py +147 -0
  25. asap_protocol-2.3.0/src/asap/transport/escalation_routes.py +199 -0
  26. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/rate_limit.py +33 -0
  27. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/server.py +59 -2
  28. asap_protocol-2.2.1/src/asap/__init__.py +0 -9
  29. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/LICENSE +0 -0
  30. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/agent.schema.json +0 -0
  31. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/artifact.schema.json +0 -0
  32. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/conversation.schema.json +0 -0
  33. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/manifest.schema.json +0 -0
  34. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/message.schema.json +0 -0
  35. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/state_snapshot.schema.json +0 -0
  36. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/task.schema.json +0 -0
  37. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/envelope.schema.json +0 -0
  38. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/parts/data_part.schema.json +0 -0
  39. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/parts/file_part.schema.json +0 -0
  40. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/parts/resource_part.schema.json +0 -0
  41. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/parts/template_part.schema.json +0 -0
  42. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/parts/text_part.schema.json +0 -0
  43. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/artifact_notify.schema.json +0 -0
  44. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/mcp_resource_data.schema.json +0 -0
  45. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/mcp_resource_fetch.schema.json +0 -0
  46. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/mcp_tool_call.schema.json +0 -0
  47. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/mcp_tool_result.schema.json +0 -0
  48. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/message_send.schema.json +0 -0
  49. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/state_query.schema.json +0 -0
  50. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/state_restore.schema.json +0 -0
  51. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/task_cancel.schema.json +0 -0
  52. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/task_request.schema.json +0 -0
  53. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/task_response.schema.json +0 -0
  54. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/task_update.schema.json +0 -0
  55. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/__init__.py +0 -0
  56. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/agent_jwt.py +0 -0
  57. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/identity.py +0 -0
  58. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/introspection.py +0 -0
  59. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/jwks.py +0 -0
  60. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/lifecycle.py +0 -0
  61. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/middleware.py +0 -0
  62. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/oauth2.py +0 -0
  63. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/oidc.py +0 -0
  64. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/scopes.py +0 -0
  65. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/self_auth.py +0 -0
  66. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/utils.py +0 -0
  67. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/webauthn.py +0 -0
  68. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/cli/__init__.py +0 -0
  69. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/cli/audit_export.py +0 -0
  70. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/cli/compliance_check.py +0 -0
  71. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/__init__.py +0 -0
  72. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/cache.py +0 -0
  73. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/http_client.py +0 -0
  74. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/market.py +0 -0
  75. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/revocation.py +0 -0
  76. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/trust.py +0 -0
  77. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/__init__.py +0 -0
  78. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/keys.py +0 -0
  79. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/models.py +0 -0
  80. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/signing.py +0 -0
  81. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/trust.py +0 -0
  82. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/trust_levels.py +0 -0
  83. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/__init__.py +0 -0
  84. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/dnssd.py +0 -0
  85. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/health.py +0 -0
  86. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/registry.py +0 -0
  87. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/validation.py +0 -0
  88. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/wellknown.py +0 -0
  89. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/__init__.py +0 -0
  90. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/audit.py +0 -0
  91. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/delegation.py +0 -0
  92. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/delegation_storage.py +0 -0
  93. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/hooks.py +0 -0
  94. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/metering.py +0 -0
  95. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/sla.py +0 -0
  96. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/sla_storage.py +0 -0
  97. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/storage.py +0 -0
  98. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/errors.py +0 -0
  99. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/README.md +0 -0
  100. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/__init__.py +0 -0
  101. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/a2h_approval.py +0 -0
  102. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/agent_failover.py +0 -0
  103. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/auth_patterns.py +0 -0
  104. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/coordinator.py +0 -0
  105. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/echo_agent.py +0 -0
  106. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/error_recovery.py +0 -0
  107. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/long_running.py +0 -0
  108. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/mcp_client_demo.py +0 -0
  109. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/mcp_integration.py +0 -0
  110. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/multi_step_workflow.py +0 -0
  111. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/orchestration.py +0 -0
  112. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/rate_limiting.py +0 -0
  113. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/run_demo.py +0 -0
  114. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/secure_agent.py +0 -0
  115. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/secure_handler.py +0 -0
  116. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/state_migration.py +0 -0
  117. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/storage_backends.py +0 -0
  118. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/streaming_agent.py +0 -0
  119. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/streaming_response.py +0 -0
  120. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/v1_3_0_showcase.py +0 -0
  121. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/v1_4_0_showcase.py +0 -0
  122. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/websocket_concept.py +0 -0
  123. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/handlers/__init__.py +0 -0
  124. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/handlers/hitl.py +0 -0
  125. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/__init__.py +0 -0
  126. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/a2h.py +0 -0
  127. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/crewai.py +0 -0
  128. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/langchain.py +0 -0
  129. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/llamaindex.py +0 -0
  130. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/openclaw.py +0 -0
  131. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/pydanticai.py +0 -0
  132. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/smolagents.py +0 -0
  133. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/vercel_ai.py +0 -0
  134. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/__init__.py +0 -0
  135. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/client.py +0 -0
  136. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/protocol.py +0 -0
  137. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/serve.py +0 -0
  138. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/server.py +0 -0
  139. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/server_runner.py +0 -0
  140. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/__init__.py +0 -0
  141. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/base.py +0 -0
  142. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/constants.py +0 -0
  143. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/entities.py +0 -0
  144. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/enums.py +0 -0
  145. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/envelope.py +0 -0
  146. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/ids.py +0 -0
  147. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/parts.py +0 -0
  148. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/payloads.py +0 -0
  149. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/types.py +0 -0
  150. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/validators.py +0 -0
  151. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/__init__.py +0 -0
  152. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/dashboards/README.md +0 -0
  153. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/dashboards/asap-detailed.json +0 -0
  154. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/dashboards/asap-red.json +0 -0
  155. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/logging.py +0 -0
  156. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/metrics.py +0 -0
  157. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/trace_parser.py +0 -0
  158. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/trace_ui.py +0 -0
  159. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/tracing.py +0 -0
  160. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/schemas.py +0 -0
  161. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/__init__.py +0 -0
  162. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/machine.py +0 -0
  163. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/metering.py +0 -0
  164. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/snapshot.py +0 -0
  165. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/stores/__init__.py +0 -0
  166. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/stores/memory.py +0 -0
  167. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/stores/sqlite.py +0 -0
  168. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/__init__.py +0 -0
  169. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/asgi_factory.py +0 -0
  170. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/assertions.py +0 -0
  171. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/compliance.py +0 -0
  172. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/fixtures.py +0 -0
  173. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/mocks.py +0 -0
  174. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/__init__.py +0 -0
  175. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/_auth_helpers.py +0 -0
  176. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/cache.py +0 -0
  177. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/circuit_breaker.py +0 -0
  178. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/codecs/__init__.py +0 -0
  179. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/codecs/lambda_codec.py +0 -0
  180. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/compression.py +0 -0
  181. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/delegation_api.py +0 -0
  182. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/executors.py +0 -0
  183. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/handlers.py +0 -0
  184. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/jsonrpc.py +0 -0
  185. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/middleware.py +0 -0
  186. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/mtls.py +0 -0
  187. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/sla_api.py +0 -0
  188. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/usage_api.py +0 -0
  189. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/validators.py +0 -0
  190. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/webhook.py +0 -0
  191. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/websocket.py +0 -0
  192. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/utils/__init__.py +0 -0
  193. {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/utils/sanitization.py +0 -0
@@ -178,9 +178,25 @@ cython_debug/
178
178
  # Project specific
179
179
  !/.cursor/
180
180
  /drafts/
181
- # Strategy docs (private — do not commit)
182
- .cursor/product-specs/strategy/
181
+ /.claude/
182
+ # Local agent state / tooling (ignore everywhere, not only repo root)
183
+ .agents/
184
+ # Strategic and commercial planning (private - do not commit)
185
+ product/strategy/
186
+ product/private/
187
+ product/private-roadmap/
188
+ product/prd/private/
189
+ # Tactical PRDs outside private/ (patch train); single-digit and double-digit patch (e.g. v2.3.10)
190
+ product/prd/prd-v2.3.[1-9]-*.md
191
+ product/prd/prd-v2.3.[1-9][0-9]-*.md
192
+ engineering/private/
193
+ engineering/tasks/private/
194
+ engineering/tasks/v2.3.[1-9]*/
183
195
  node_modules/
196
+ # Next.js build output (examples and apps)
197
+ .next/
198
+ # tshy generated tsconfig fragments (regenerated on build)
199
+ .tshy/
184
200
  .pnpm-store/
185
201
  .github/wiki/
186
202
 
@@ -192,6 +208,9 @@ node_modules/
192
208
  .benchmarks/
193
209
  .uv-cache/
194
210
 
211
+ # TypeScript incremental build info (local / IDE)
212
+ *.tsbuildinfo
213
+
195
214
  # ESLint report (generated)
196
215
  eslint-report.json
197
216
  .vercel
@@ -9,6 +9,44 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
9
9
 
10
10
  ---
11
11
 
12
+ ## [2.3.0] - 2026-05-04
13
+
14
+ **Adoption Multiplier** — OpenAPI-derived agents, first-class TypeScript, lean
15
+ registry auto-registration, runtime capability escalation, and opt-in
16
+ `WWW-Authenticate: ASAP` discovery challenges. Wire JSON-RPC and envelope
17
+ schemas remain backward compatible with v2.2.x.
18
+
19
+ ### Added
20
+
21
+ - **OpenAPI Adapter (Python)**: `asap.adapters.openapi.create_from_openapi` maps
22
+ OpenAPI 3.x operations to ASAP capabilities; optional `[openapi]` extra.
23
+ See [docs/adapters/openapi.md](docs/adapters/openapi.md).
24
+ - **Official TypeScript client**: npm package `@asap-protocol/client` with
25
+ discovery, capability helpers, streaming consumer, and optional adapters for
26
+ Vercel AI SDK, OpenAI, and Anthropic (`packages/typescript/client/`).
27
+ - **Auto-Registration**: `POST /registry/agents` for Compliance Harness–gated
28
+ Lite Registry submissions (optional `registry_auto_registration` on
29
+ `create_app`). See [docs/registry/auto-registration.md](docs/registry/auto-registration.md).
30
+ - **Capability escalation**: `POST /asap/agent/request-capability` plus Python
31
+ `ASAPClient.request_capability` / TypeScript client support for approval
32
+ flows without re-registering the agent.
33
+ - **ASAP HTTP challenge**: `WWW-Authenticate: ASAP` with `discovery=` manifest
34
+ URL on selected 401/403 responses; clients can record discovery metadata from
35
+ the challenge header.
36
+
37
+ ### Changed
38
+
39
+ - **Reference server**: New optional routers and middleware wiring are
40
+ **opt-in** behind constructor flags — existing deployments keep v2.2.x
41
+ behavior until they enable OpenAPI surfaces, auto-registration, escalation
42
+ routes, or challenge middleware.
43
+
44
+ ### Security
45
+
46
+ - **Dependency sweep (pre-tag)**: `uv run pip-audit --ignore-vuln CVE-2026-4539 --ignore-vuln CVE-2026-3219` (after `uv sync` per [SECURITY.md](SECURITY.md)) reported **no known vulnerabilities** (same ignores as CI). **`apps/web`**: `npm audit` (2026-05-04) still reports **moderate** `postcss` via `next@16.2.4` (GHSA-qx2v-qp2m-jg93); upstream fix may require a newer Next.js line — track before treating web audits as fully clean.
47
+
48
+ ---
49
+
12
50
  ## [2.2.1] - 2026-04-21
13
51
 
14
52
  Patch release: optional WebAuthn verification, compliance and audit CLIs, docs,
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: asap-protocol
3
- Version: 2.2.1
3
+ Version: 2.3.0
4
4
  Summary: Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication
5
5
  Project-URL: Homepage, https://github.com/adriannoes/asap-protocol
6
6
  Project-URL: Documentation, https://adriannoes.github.io/asap-protocol
@@ -69,6 +69,8 @@ Provides-Extra: llamaindex
69
69
  Requires-Dist: llama-index-core>=0.10; extra == 'llamaindex'
70
70
  Provides-Extra: mcp
71
71
  Requires-Dist: mcp>=1.0.0; extra == 'mcp'
72
+ Provides-Extra: openapi
73
+ Requires-Dist: openapi-pydantic>=0.5; extra == 'openapi'
72
74
  Provides-Extra: openclaw
73
75
  Requires-Dist: openclaw-sdk>=2.0; extra == 'openclaw'
74
76
  Provides-Extra: pydanticai
@@ -90,9 +92,11 @@ Description-Content-Type: text/markdown
90
92
 
91
93
  > A production-ready protocol for agent-to-agent communication and task coordination.
92
94
 
93
- **Quick Info**: `v2.2.1` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [PyPI](https://pypi.org/project/asap-protocol/) | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
95
+ **Quick Info**: `v2.3.0` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
94
96
 
95
- > 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.vercel.app/)browse agents, register yours, request verification.
97
+ > 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`**package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
98
+
99
+ > 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
96
100
 
97
101
  ## Why ASAP?
98
102
 
@@ -103,7 +107,7 @@ Building multi-agent systems today suffers from three core technical challenges
103
107
 
104
108
  **ASAP** provides a production-ready communication layer that simplifies these complexities. It's ideal for **multi-agent orchestration**, **stateful workflows** (persistence, resumability), **MCP support** and **production systems** requiring high-performance, type-safe agent communication.
105
109
 
106
- For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [spec](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/product-specs/strategy/v0-original-specs.md) for details.
110
+ For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) for the current protocol overview and features.
107
111
 
108
112
  ### Key Features
109
113
 
@@ -115,6 +119,7 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
115
119
  - **Security** — Bearer auth, OAuth2/JWT, Ed25519 signed manifests, optional mTLS, replay prevention, HTTPS, rate limiting. [Security Model](https://github.com/adriannoes/asap-protocol/blob/main/docs/security/v1.1-security-model.md) (trust limits, Custom Claims).
116
120
  - **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
117
121
  - **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
122
+ - **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
118
123
  - **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
119
124
 
120
125
  ### 🆕 Framework Ecosystem
@@ -134,7 +139,13 @@ Or with pip:
134
139
  pip install asap-protocol
135
140
  ```
136
141
 
137
- 📦 **Available on [PyPI](https://pypi.org/project/asap-protocol/)** — for reproducible environments, prefer `uv` when possible.
142
+ **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), aligned with protocol **v2.3.0**):
143
+
144
+ ```bash
145
+ npm install @asap-protocol/client
146
+ ```
147
+
148
+ 📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
138
149
 
139
150
  ## Quick Start
140
151
 
@@ -177,6 +188,7 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
177
188
 
178
189
  **Learn**
179
190
  - [Docs](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [API Reference](https://github.com/adriannoes/asap-protocol/blob/main/docs/api-reference.md)
191
+ - [TypeScript client SDK](https://github.com/adriannoes/asap-protocol/blob/main/docs/sdks/typescript.md) — `@asap-protocol/client` (identity, capabilities, streaming, adapters)
180
192
  - [Tutorials](https://github.com/adriannoes/asap-protocol/tree/main/docs/tutorials) — First agent to production checklist
181
193
  - [Migration from A2A/MCP](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md)
182
194
  - [Raw Fetch (non-Python)](https://github.com/adriannoes/asap-protocol/blob/main/docs/raw-fetch.md) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.
@@ -189,11 +201,11 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
189
201
 
190
202
  **Decisions & Operations**
191
203
  - [ADRs](https://github.com/adriannoes/asap-protocol/tree/main/docs/adr) — 19 Architecture Decision Records
192
- - [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/dev-planning/architecture/tech-stack-decisions.md) — Rationale for Python, Pydantic, Next.js choices
204
+ - [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main/engineering/architecture/tech-stack-decisions.md) — Rationale for Python, Pydantic, Next.js choices
193
205
  - [Deployment](https://github.com/adriannoes/asap-protocol/blob/main/docs/deployment/kubernetes.md) | [Troubleshooting](https://github.com/adriannoes/asap-protocol/blob/main/docs/troubleshooting.md)
194
206
 
195
207
  **Release**
196
- - [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | [PyPI](https://pypi.org/project/asap-protocol/)
208
+ - [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | **[PyPI listing](https://pypi.org/project/asap-protocol/)** — `https://pypi.org/project/asap-protocol/` (install: `pip install asap-protocol`)
197
209
 
198
210
  ## CLI
199
211
 
@@ -213,20 +225,23 @@ See the [CLI reference](docs/cli.md) for `compliance-check` and `audit export` f
213
225
 
214
226
  ## Version History
215
227
 
216
- - **v1.1** adds OAuth2, WebSocket, Discovery (well-known + Lite Registry), State Storage (SQLite) and Webhooks.
217
- - **v1.2** adds Ed25519 signed manifests, trust levels, optional mTLS and the [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md).
218
- - **v1.3** adds delegation commands (`asap delegation create`, `asap delegation revoke`).
219
- - **v2.0** adds the Lean Marketplace Web App (Next.js), Lite Registry on GitHub Pages, IssueOps registration, OAuth sign-in for developers, and Verified Badge flow.
220
- - **v2.1** adds the Consumer SDK (`MarketClient`), optional framework extras (LangChain, CrewAI, LlamaIndex, SmolAgents, OpenClaw, …), and registry UX improvements on PyPI.
221
- - **v2.1.1** is a patch release: JWT algorithm allowlist, SQLite async bridging, optional Redis-backed rate limits, SSRF hardening in the web app, and related reliability fixes (see [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)).
222
- - **v2.2** adds per-runtime agent identity, capability-based authorization, SSE streaming (`POST /asap/stream`), `ASAP-Version` negotiation, JSON-RPC batch requests, tamper-evident audit logging, async state stores, and Compliance Harness v2.
223
- - **v2.2.1** closes the SELF-002 follow-up with **real WebAuthn** attestation/assertion via the opt-in `asap-protocol[webauthn]` extra, ships the `asap compliance-check` and `asap audit export` CLIs, promotes the client SDK `ResolvedAgent.run()` to a typed contract (raises `TypeError` on protocol violation), introduces the `asap.economics.audit.AuditChainBroken` exception for scripted tamper handling, and pins upper bounds on security-sensitive deps (`cryptography`, `authlib`, `joserfc`, `pyjwt`, `webauthn`, `pydantic`) — see [dependency policy](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) and full notes in the [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md).
228
+ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)** and the **[docs index](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md#v11-features-api-reference--guides)** for full notes.
224
229
 
225
- For a structured index of per-version features, see the [docs index](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md#v11-features-api-reference--guides).
230
+ | Version | What shipped |
231
+ | :-- | :-- |
232
+ | **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** — see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
233
+ | **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
234
+ | **v2.2** | Per-runtime identity & capability auth · SSE `POST /asap/stream` · `ASAP-Version` · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
235
+ | **v2.1.1** | Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening |
236
+ | **v2.1** | `MarketClient` · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX |
237
+ | **v2.0** | Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow |
238
+ | **v1.3** | `asap delegation create` / `revoke` |
239
+ | **v1.2** | Ed25519 manifests · trust levels · optional mTLS · [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md) |
240
+ | **v1.1** | OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks |
226
241
 
227
242
  ## 🔭 What's Next?
228
243
 
229
- ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See our [vision document](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/product-specs/strategy/vision-agent-marketplace.md) for the full roadmap.
244
+ ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See the [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md) and [v2.0 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.0-roadmap.md). Detailed long-term strategy narratives are maintained privately (not shipped in this repository).
230
245
 
231
246
  ## Contributing
232
247
 
@@ -236,10 +251,18 @@ Every contribution, from bug reports to feature suggestions, documentation impro
236
251
 
237
252
  Check out our [contributing guidelines](https://github.com/adriannoes/asap-protocol/blob/main/CONTRIBUTING.md) to get started. It's easier than you think! 🚀
238
253
 
254
+ ## Contact
255
+
256
+ For **general questions** about the protocol, the marketplace, partnerships, or press (not security vulnerabilities — use [SECURITY.md](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md) for those):
257
+
258
+ - **Email:** [info@asap-protocol.com](mailto:info@asap-protocol.com)
259
+
260
+ You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
261
+
239
262
  ## License
240
263
 
241
264
  This project is licensed under the Apache 2.0 License - see the [license](https://github.com/adriannoes/asap-protocol/blob/main/LICENSE) file for details.
242
265
 
243
266
  ---
244
267
 
245
- **Built with [Cursor](https://cursor.com/) and [Claude Code](https://claude.com/claude-code)** primarily Claude Opus 4.7 (1M context) with Cursor Composer 1.5, Gemini 3.1 Pro, and Kimi K2.5 as collaborators.
268
+ **Built with [Cursor](https://cursor.com/)** using Opus 4.6/4.7, Composer 1.5/2.0, Gemini 3.1 Pro and Kimi K2.5.
@@ -7,9 +7,11 @@
7
7
 
8
8
  > A production-ready protocol for agent-to-agent communication and task coordination.
9
9
 
10
- **Quick Info**: `v2.2.1` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [PyPI](https://pypi.org/project/asap-protocol/) | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
10
+ **Quick Info**: `v2.3.0` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
11
11
 
12
- > 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.vercel.app/)browse agents, register yours, request verification.
12
+ > 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`**package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
13
+
14
+ > 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
13
15
 
14
16
  ## Why ASAP?
15
17
 
@@ -20,7 +22,7 @@ Building multi-agent systems today suffers from three core technical challenges
20
22
 
21
23
  **ASAP** provides a production-ready communication layer that simplifies these complexities. It's ideal for **multi-agent orchestration**, **stateful workflows** (persistence, resumability), **MCP support** and **production systems** requiring high-performance, type-safe agent communication.
22
24
 
23
- For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [spec](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/product-specs/strategy/v0-original-specs.md) for details.
25
+ For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) for the current protocol overview and features.
24
26
 
25
27
  ### Key Features
26
28
 
@@ -32,6 +34,7 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
32
34
  - **Security** — Bearer auth, OAuth2/JWT, Ed25519 signed manifests, optional mTLS, replay prevention, HTTPS, rate limiting. [Security Model](https://github.com/adriannoes/asap-protocol/blob/main/docs/security/v1.1-security-model.md) (trust limits, Custom Claims).
33
35
  - **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
34
36
  - **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
37
+ - **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
35
38
  - **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
36
39
 
37
40
  ### 🆕 Framework Ecosystem
@@ -51,7 +54,13 @@ Or with pip:
51
54
  pip install asap-protocol
52
55
  ```
53
56
 
54
- 📦 **Available on [PyPI](https://pypi.org/project/asap-protocol/)** — for reproducible environments, prefer `uv` when possible.
57
+ **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), aligned with protocol **v2.3.0**):
58
+
59
+ ```bash
60
+ npm install @asap-protocol/client
61
+ ```
62
+
63
+ 📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
55
64
 
56
65
  ## Quick Start
57
66
 
@@ -94,6 +103,7 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
94
103
 
95
104
  **Learn**
96
105
  - [Docs](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [API Reference](https://github.com/adriannoes/asap-protocol/blob/main/docs/api-reference.md)
106
+ - [TypeScript client SDK](https://github.com/adriannoes/asap-protocol/blob/main/docs/sdks/typescript.md) — `@asap-protocol/client` (identity, capabilities, streaming, adapters)
97
107
  - [Tutorials](https://github.com/adriannoes/asap-protocol/tree/main/docs/tutorials) — First agent to production checklist
98
108
  - [Migration from A2A/MCP](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md)
99
109
  - [Raw Fetch (non-Python)](https://github.com/adriannoes/asap-protocol/blob/main/docs/raw-fetch.md) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.
@@ -106,11 +116,11 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
106
116
 
107
117
  **Decisions & Operations**
108
118
  - [ADRs](https://github.com/adriannoes/asap-protocol/tree/main/docs/adr) — 19 Architecture Decision Records
109
- - [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/dev-planning/architecture/tech-stack-decisions.md) — Rationale for Python, Pydantic, Next.js choices
119
+ - [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main/engineering/architecture/tech-stack-decisions.md) — Rationale for Python, Pydantic, Next.js choices
110
120
  - [Deployment](https://github.com/adriannoes/asap-protocol/blob/main/docs/deployment/kubernetes.md) | [Troubleshooting](https://github.com/adriannoes/asap-protocol/blob/main/docs/troubleshooting.md)
111
121
 
112
122
  **Release**
113
- - [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | [PyPI](https://pypi.org/project/asap-protocol/)
123
+ - [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | **[PyPI listing](https://pypi.org/project/asap-protocol/)** — `https://pypi.org/project/asap-protocol/` (install: `pip install asap-protocol`)
114
124
 
115
125
  ## CLI
116
126
 
@@ -130,20 +140,23 @@ See the [CLI reference](docs/cli.md) for `compliance-check` and `audit export` f
130
140
 
131
141
  ## Version History
132
142
 
133
- - **v1.1** adds OAuth2, WebSocket, Discovery (well-known + Lite Registry), State Storage (SQLite) and Webhooks.
134
- - **v1.2** adds Ed25519 signed manifests, trust levels, optional mTLS and the [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md).
135
- - **v1.3** adds delegation commands (`asap delegation create`, `asap delegation revoke`).
136
- - **v2.0** adds the Lean Marketplace Web App (Next.js), Lite Registry on GitHub Pages, IssueOps registration, OAuth sign-in for developers, and Verified Badge flow.
137
- - **v2.1** adds the Consumer SDK (`MarketClient`), optional framework extras (LangChain, CrewAI, LlamaIndex, SmolAgents, OpenClaw, …), and registry UX improvements on PyPI.
138
- - **v2.1.1** is a patch release: JWT algorithm allowlist, SQLite async bridging, optional Redis-backed rate limits, SSRF hardening in the web app, and related reliability fixes (see [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)).
139
- - **v2.2** adds per-runtime agent identity, capability-based authorization, SSE streaming (`POST /asap/stream`), `ASAP-Version` negotiation, JSON-RPC batch requests, tamper-evident audit logging, async state stores, and Compliance Harness v2.
140
- - **v2.2.1** closes the SELF-002 follow-up with **real WebAuthn** attestation/assertion via the opt-in `asap-protocol[webauthn]` extra, ships the `asap compliance-check` and `asap audit export` CLIs, promotes the client SDK `ResolvedAgent.run()` to a typed contract (raises `TypeError` on protocol violation), introduces the `asap.economics.audit.AuditChainBroken` exception for scripted tamper handling, and pins upper bounds on security-sensitive deps (`cryptography`, `authlib`, `joserfc`, `pyjwt`, `webauthn`, `pydantic`) — see [dependency policy](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) and full notes in the [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md).
143
+ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)** and the **[docs index](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md#v11-features-api-reference--guides)** for full notes.
141
144
 
142
- For a structured index of per-version features, see the [docs index](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md#v11-features-api-reference--guides).
145
+ | Version | What shipped |
146
+ | :-- | :-- |
147
+ | **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** — see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
148
+ | **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
149
+ | **v2.2** | Per-runtime identity & capability auth · SSE `POST /asap/stream` · `ASAP-Version` · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
150
+ | **v2.1.1** | Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening |
151
+ | **v2.1** | `MarketClient` · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX |
152
+ | **v2.0** | Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow |
153
+ | **v1.3** | `asap delegation create` / `revoke` |
154
+ | **v1.2** | Ed25519 manifests · trust levels · optional mTLS · [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md) |
155
+ | **v1.1** | OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks |
143
156
 
144
157
  ## 🔭 What's Next?
145
158
 
146
- ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See our [vision document](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/product-specs/strategy/vision-agent-marketplace.md) for the full roadmap.
159
+ ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See the [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md) and [v2.0 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.0-roadmap.md). Detailed long-term strategy narratives are maintained privately (not shipped in this repository).
147
160
 
148
161
  ## Contributing
149
162
 
@@ -153,10 +166,18 @@ Every contribution, from bug reports to feature suggestions, documentation impro
153
166
 
154
167
  Check out our [contributing guidelines](https://github.com/adriannoes/asap-protocol/blob/main/CONTRIBUTING.md) to get started. It's easier than you think! 🚀
155
168
 
169
+ ## Contact
170
+
171
+ For **general questions** about the protocol, the marketplace, partnerships, or press (not security vulnerabilities — use [SECURITY.md](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md) for those):
172
+
173
+ - **Email:** [info@asap-protocol.com](mailto:info@asap-protocol.com)
174
+
175
+ You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
176
+
156
177
  ## License
157
178
 
158
179
  This project is licensed under the Apache 2.0 License - see the [license](https://github.com/adriannoes/asap-protocol/blob/main/LICENSE) file for details.
159
180
 
160
181
  ---
161
182
 
162
- **Built with [Cursor](https://cursor.com/) and [Claude Code](https://claude.com/claude-code)** primarily Claude Opus 4.7 (1M context) with Cursor Composer 1.5, Gemini 3.1 Pro, and Kimi K2.5 as collaborators.
183
+ **Built with [Cursor](https://cursor.com/)** using Opus 4.6/4.7, Composer 1.5/2.0, Gemini 3.1 Pro and Kimi K2.5.
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "asap-protocol"
3
- version = "2.2.1"
3
+ version = "2.3.0"
4
4
  description = "Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication"
5
5
  authors = [
6
6
  {name = "ASAP Protocol Contributors"}
@@ -99,6 +99,10 @@ pydanticai = [
99
99
  openclaw = [
100
100
  "openclaw-sdk>=2.0",
101
101
  ]
102
+ # OpenAPI 3.x spec parsing for asap.adapters.openapi (Sprint S1).
103
+ openapi = [
104
+ "openapi-pydantic>=0.5",
105
+ ]
102
106
 
103
107
  [project.urls]
104
108
  Homepage = "https://github.com/adriannoes/asap-protocol"
@@ -185,6 +189,7 @@ ignore = [
185
189
  [tool.ruff.lint.per-file-ignores]
186
190
  "scripts/**" = ["T201"]
187
191
  "src/asap/examples/**" = ["T201", "ASYNC210"]
192
+ "examples/**" = ["T201"]
188
193
  "benchmarks/**" = ["T201"]
189
194
  "tests/**" = ["B008"]
190
195
  "src/asap/transport/usage_api.py" = ["B008"]
@@ -0,0 +1,22 @@
1
+ """ASAP: Async Simple Agent Protocol.
2
+
3
+ A streamlined, scalable, asynchronous protocol for agent-to-agent communication
4
+ and task coordination.
5
+ """
6
+
7
+ from __future__ import annotations
8
+
9
+ from typing import Any
10
+
11
+ __version__ = "2.3.0"
12
+
13
+ __all__ = ["__version__", "create_from_openapi"]
14
+
15
+
16
+ def __getattr__(name: str) -> Any:
17
+ if name == "create_from_openapi":
18
+ from asap.adapters.openapi import create_from_openapi as exported
19
+
20
+ return exported
21
+ msg = f"module {__name__!r} has no attribute {name!r}"
22
+ raise AttributeError(msg)
@@ -0,0 +1 @@
1
+ """ASAP protocol adapters (third-party wire formats → ASAP capabilities)."""
@@ -0,0 +1,19 @@
1
+ """OpenAPI 3.x → ASAP adapter (Sprint S1)."""
2
+
3
+ from __future__ import annotations
4
+
5
+ import logging
6
+
7
+ from asap.adapters.openapi.factory import (
8
+ PETSTORE_OPENAPI_URL,
9
+ OpenAPIAdapterBundle,
10
+ create_from_openapi,
11
+ )
12
+
13
+ logger = logging.getLogger(__name__)
14
+
15
+ __all__ = [
16
+ "PETSTORE_OPENAPI_URL",
17
+ "OpenAPIAdapterBundle",
18
+ "create_from_openapi",
19
+ ]
@@ -0,0 +1,107 @@
1
+ """Map OpenAPI operations to ASAP approval strength (OA-008, v2.2.1 self-auth)."""
2
+
3
+ from __future__ import annotations
4
+
5
+ import logging
6
+ from collections.abc import Mapping, Sequence
7
+ from typing import Literal, cast
8
+
9
+ from asap.adapters.openapi.capability_mapper import OpenAPICapability
10
+
11
+ logger = logging.getLogger(__name__)
12
+
13
+ ApprovalStrength = Literal["session", "webauthn"]
14
+
15
+ _HTTP_VERBS_FROZEN: frozenset[str] = frozenset(
16
+ ("GET", "PUT", "POST", "DELETE", "OPTIONS", "HEAD", "PATCH", "TRACE"),
17
+ )
18
+ _VALID_STRENGTH: frozenset[str] = frozenset(("session", "webauthn"))
19
+
20
+
21
+ def normalize_approval_strength_map(
22
+ mapping: Mapping[str, str],
23
+ ) -> dict[str, ApprovalStrength]:
24
+ """Normalize user map keys (HTTP verbs uppercased) and validate strength values.
25
+
26
+ Args:
27
+ mapping: Keys are HTTP methods (any case) or OpenAPI ``operationId`` strings
28
+ (case-sensitive). Values must be ``\"session\"`` or ``\"webauthn\"``.
29
+
30
+ Returns:
31
+ A normalized dict suitable for :func:`resolve_approval_strength`.
32
+
33
+ Raises:
34
+ ValueError: If any strength value is invalid.
35
+ """
36
+ out: dict[str, ApprovalStrength] = {}
37
+ for raw_key, raw_val in mapping.items():
38
+ if not isinstance(raw_key, str) or not raw_key.strip():
39
+ continue
40
+ key = raw_key.strip()
41
+ norm_key = key.upper() if key.strip().upper() in _HTTP_VERBS_FROZEN else key.strip()
42
+ if not isinstance(raw_val, str) or not raw_val.strip():
43
+ msg = f"approval_strength value for {raw_key!r} must be a non-empty string"
44
+ raise ValueError(msg)
45
+ val = raw_val.strip().lower()
46
+ if val not in _VALID_STRENGTH:
47
+ msg = (
48
+ f"Invalid approval_strength {raw_val!r} for key {raw_key!r}; "
49
+ "expected 'session' or 'webauthn'"
50
+ )
51
+ raise ValueError(msg)
52
+ out[norm_key] = cast("ApprovalStrength", val)
53
+ return out
54
+
55
+
56
+ def resolve_approval_strength(
57
+ *,
58
+ http_method: str,
59
+ operation_id: str | None,
60
+ mapping: Mapping[str, ApprovalStrength],
61
+ ) -> ApprovalStrength | None:
62
+ """Resolve strength for one operation.
63
+
64
+ Precedence:
65
+ 1. Exact ``operationId`` key in *mapping* when *operation_id* is set.
66
+ 2. HTTP method (case-insensitive, compared as uppercase).
67
+ """
68
+ if operation_id is not None and operation_id in mapping:
69
+ return mapping[operation_id]
70
+ verb = http_method.strip().upper()
71
+ return mapping.get(verb)
72
+
73
+
74
+ def collect_webauthn_required_capability_names(
75
+ capabilities: Sequence[OpenAPICapability],
76
+ approval_strength: Mapping[str, str],
77
+ ) -> list[str]:
78
+ """Capability names that must appear in ``FreshSessionConfig.require_webauthn_for``.
79
+
80
+ Args:
81
+ capabilities: Mapped OpenAPI operations from :func:`~.capability_mapper.map_openapi_to_capabilities`.
82
+ approval_strength: Raw mapping (normalized by :func:`normalize_approval_strength_map`).
83
+ """
84
+ normalized = normalize_approval_strength_map(approval_strength)
85
+ ordered: list[str] = []
86
+ seen: set[str] = set()
87
+ for cap in capabilities:
88
+ strength = resolve_approval_strength(
89
+ http_method=cap.http_method,
90
+ operation_id=cap.operation_id,
91
+ mapping=normalized,
92
+ )
93
+ if strength == "webauthn":
94
+ name = cap.skill.id
95
+ if name not in seen:
96
+ seen.add(name)
97
+ ordered.append(name)
98
+ logger.debug("collect_webauthn_required_capability_names: %s name(s)", len(ordered))
99
+ return ordered
100
+
101
+
102
+ __all__ = [
103
+ "ApprovalStrength",
104
+ "collect_webauthn_required_capability_names",
105
+ "normalize_approval_strength_map",
106
+ "resolve_approval_strength",
107
+ ]