asap-protocol 2.2.1__tar.gz → 2.3.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/.gitignore +21 -2
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/CHANGELOG.md +38 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/PKG-INFO +41 -18
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/README.md +38 -17
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/pyproject.toml +6 -1
- asap_protocol-2.3.0/src/asap/__init__.py +22 -0
- asap_protocol-2.3.0/src/asap/adapters/__init__.py +1 -0
- asap_protocol-2.3.0/src/asap/adapters/openapi/__init__.py +19 -0
- asap_protocol-2.3.0/src/asap/adapters/openapi/approval.py +107 -0
- asap_protocol-2.3.0/src/asap/adapters/openapi/capability_mapper.py +499 -0
- asap_protocol-2.3.0/src/asap/adapters/openapi/factory.py +243 -0
- asap_protocol-2.3.0/src/asap/adapters/openapi/handler.py +525 -0
- asap_protocol-2.3.0/src/asap/adapters/openapi/spec_loader.py +154 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/approval.py +25 -1
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/capabilities.py +41 -0
- asap_protocol-2.3.0/src/asap/registry/__init__.py +19 -0
- asap_protocol-2.3.0/src/asap/registry/anti_spam.py +20 -0
- asap_protocol-2.3.0/src/asap/registry/auto_registration.py +291 -0
- asap_protocol-2.3.0/src/asap/registry/bot_pr.py +336 -0
- asap_protocol-2.3.0/src/asap/registry/receipt_cache.py +96 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/agent_routes.py +41 -12
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/capability_routes.py +25 -5
- asap_protocol-2.3.0/src/asap/transport/challenge.py +119 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/client.py +147 -0
- asap_protocol-2.3.0/src/asap/transport/escalation_routes.py +199 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/rate_limit.py +33 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/server.py +59 -2
- asap_protocol-2.2.1/src/asap/__init__.py +0 -9
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/LICENSE +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/agent.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/artifact.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/conversation.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/manifest.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/message.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/state_snapshot.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/entities/task.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/envelope.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/parts/data_part.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/parts/file_part.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/parts/resource_part.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/parts/template_part.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/parts/text_part.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/artifact_notify.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/mcp_resource_data.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/mcp_resource_fetch.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/mcp_tool_call.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/mcp_tool_result.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/message_send.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/state_query.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/state_restore.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/task_cancel.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/task_request.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/task_response.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/schemas/payloads/task_update.schema.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/agent_jwt.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/identity.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/introspection.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/jwks.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/lifecycle.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/middleware.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/oauth2.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/oidc.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/scopes.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/self_auth.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/utils.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/auth/webauthn.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/cli/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/cli/audit_export.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/cli/compliance_check.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/cache.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/http_client.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/market.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/revocation.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/client/trust.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/keys.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/models.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/signing.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/trust.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/crypto/trust_levels.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/dnssd.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/health.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/registry.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/validation.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/discovery/wellknown.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/audit.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/delegation.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/delegation_storage.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/hooks.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/metering.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/sla.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/sla_storage.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/economics/storage.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/errors.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/README.md +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/a2h_approval.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/agent_failover.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/auth_patterns.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/coordinator.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/echo_agent.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/error_recovery.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/long_running.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/mcp_client_demo.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/mcp_integration.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/multi_step_workflow.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/orchestration.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/rate_limiting.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/run_demo.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/secure_agent.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/secure_handler.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/state_migration.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/storage_backends.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/streaming_agent.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/streaming_response.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/v1_3_0_showcase.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/v1_4_0_showcase.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/examples/websocket_concept.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/handlers/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/handlers/hitl.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/a2h.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/crewai.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/langchain.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/llamaindex.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/openclaw.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/pydanticai.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/smolagents.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/integrations/vercel_ai.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/client.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/protocol.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/serve.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/server.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/mcp/server_runner.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/base.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/constants.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/entities.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/enums.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/envelope.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/ids.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/parts.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/payloads.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/types.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/models/validators.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/dashboards/README.md +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/dashboards/asap-detailed.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/dashboards/asap-red.json +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/logging.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/metrics.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/trace_parser.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/trace_ui.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/observability/tracing.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/schemas.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/machine.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/metering.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/snapshot.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/stores/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/stores/memory.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/state/stores/sqlite.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/asgi_factory.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/assertions.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/compliance.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/fixtures.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/testing/mocks.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/_auth_helpers.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/cache.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/circuit_breaker.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/codecs/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/codecs/lambda_codec.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/compression.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/delegation_api.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/executors.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/handlers.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/jsonrpc.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/middleware.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/mtls.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/sla_api.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/usage_api.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/validators.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/webhook.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/transport/websocket.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/utils/__init__.py +0 -0
- {asap_protocol-2.2.1 → asap_protocol-2.3.0}/src/asap/utils/sanitization.py +0 -0
|
@@ -178,9 +178,25 @@ cython_debug/
|
|
|
178
178
|
# Project specific
|
|
179
179
|
!/.cursor/
|
|
180
180
|
/drafts/
|
|
181
|
-
|
|
182
|
-
|
|
181
|
+
/.claude/
|
|
182
|
+
# Local agent state / tooling (ignore everywhere, not only repo root)
|
|
183
|
+
.agents/
|
|
184
|
+
# Strategic and commercial planning (private - do not commit)
|
|
185
|
+
product/strategy/
|
|
186
|
+
product/private/
|
|
187
|
+
product/private-roadmap/
|
|
188
|
+
product/prd/private/
|
|
189
|
+
# Tactical PRDs outside private/ (patch train); single-digit and double-digit patch (e.g. v2.3.10)
|
|
190
|
+
product/prd/prd-v2.3.[1-9]-*.md
|
|
191
|
+
product/prd/prd-v2.3.[1-9][0-9]-*.md
|
|
192
|
+
engineering/private/
|
|
193
|
+
engineering/tasks/private/
|
|
194
|
+
engineering/tasks/v2.3.[1-9]*/
|
|
183
195
|
node_modules/
|
|
196
|
+
# Next.js build output (examples and apps)
|
|
197
|
+
.next/
|
|
198
|
+
# tshy generated tsconfig fragments (regenerated on build)
|
|
199
|
+
.tshy/
|
|
184
200
|
.pnpm-store/
|
|
185
201
|
.github/wiki/
|
|
186
202
|
|
|
@@ -192,6 +208,9 @@ node_modules/
|
|
|
192
208
|
.benchmarks/
|
|
193
209
|
.uv-cache/
|
|
194
210
|
|
|
211
|
+
# TypeScript incremental build info (local / IDE)
|
|
212
|
+
*.tsbuildinfo
|
|
213
|
+
|
|
195
214
|
# ESLint report (generated)
|
|
196
215
|
eslint-report.json
|
|
197
216
|
.vercel
|
|
@@ -9,6 +9,44 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
9
9
|
|
|
10
10
|
---
|
|
11
11
|
|
|
12
|
+
## [2.3.0] - 2026-05-04
|
|
13
|
+
|
|
14
|
+
**Adoption Multiplier** — OpenAPI-derived agents, first-class TypeScript, lean
|
|
15
|
+
registry auto-registration, runtime capability escalation, and opt-in
|
|
16
|
+
`WWW-Authenticate: ASAP` discovery challenges. Wire JSON-RPC and envelope
|
|
17
|
+
schemas remain backward compatible with v2.2.x.
|
|
18
|
+
|
|
19
|
+
### Added
|
|
20
|
+
|
|
21
|
+
- **OpenAPI Adapter (Python)**: `asap.adapters.openapi.create_from_openapi` maps
|
|
22
|
+
OpenAPI 3.x operations to ASAP capabilities; optional `[openapi]` extra.
|
|
23
|
+
See [docs/adapters/openapi.md](docs/adapters/openapi.md).
|
|
24
|
+
- **Official TypeScript client**: npm package `@asap-protocol/client` with
|
|
25
|
+
discovery, capability helpers, streaming consumer, and optional adapters for
|
|
26
|
+
Vercel AI SDK, OpenAI, and Anthropic (`packages/typescript/client/`).
|
|
27
|
+
- **Auto-Registration**: `POST /registry/agents` for Compliance Harness–gated
|
|
28
|
+
Lite Registry submissions (optional `registry_auto_registration` on
|
|
29
|
+
`create_app`). See [docs/registry/auto-registration.md](docs/registry/auto-registration.md).
|
|
30
|
+
- **Capability escalation**: `POST /asap/agent/request-capability` plus Python
|
|
31
|
+
`ASAPClient.request_capability` / TypeScript client support for approval
|
|
32
|
+
flows without re-registering the agent.
|
|
33
|
+
- **ASAP HTTP challenge**: `WWW-Authenticate: ASAP` with `discovery=` manifest
|
|
34
|
+
URL on selected 401/403 responses; clients can record discovery metadata from
|
|
35
|
+
the challenge header.
|
|
36
|
+
|
|
37
|
+
### Changed
|
|
38
|
+
|
|
39
|
+
- **Reference server**: New optional routers and middleware wiring are
|
|
40
|
+
**opt-in** behind constructor flags — existing deployments keep v2.2.x
|
|
41
|
+
behavior until they enable OpenAPI surfaces, auto-registration, escalation
|
|
42
|
+
routes, or challenge middleware.
|
|
43
|
+
|
|
44
|
+
### Security
|
|
45
|
+
|
|
46
|
+
- **Dependency sweep (pre-tag)**: `uv run pip-audit --ignore-vuln CVE-2026-4539 --ignore-vuln CVE-2026-3219` (after `uv sync` per [SECURITY.md](SECURITY.md)) reported **no known vulnerabilities** (same ignores as CI). **`apps/web`**: `npm audit` (2026-05-04) still reports **moderate** `postcss` via `next@16.2.4` (GHSA-qx2v-qp2m-jg93); upstream fix may require a newer Next.js line — track before treating web audits as fully clean.
|
|
47
|
+
|
|
48
|
+
---
|
|
49
|
+
|
|
12
50
|
## [2.2.1] - 2026-04-21
|
|
13
51
|
|
|
14
52
|
Patch release: optional WebAuthn verification, compliance and audit CLIs, docs,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: asap-protocol
|
|
3
|
-
Version: 2.
|
|
3
|
+
Version: 2.3.0
|
|
4
4
|
Summary: Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication
|
|
5
5
|
Project-URL: Homepage, https://github.com/adriannoes/asap-protocol
|
|
6
6
|
Project-URL: Documentation, https://adriannoes.github.io/asap-protocol
|
|
@@ -69,6 +69,8 @@ Provides-Extra: llamaindex
|
|
|
69
69
|
Requires-Dist: llama-index-core>=0.10; extra == 'llamaindex'
|
|
70
70
|
Provides-Extra: mcp
|
|
71
71
|
Requires-Dist: mcp>=1.0.0; extra == 'mcp'
|
|
72
|
+
Provides-Extra: openapi
|
|
73
|
+
Requires-Dist: openapi-pydantic>=0.5; extra == 'openapi'
|
|
72
74
|
Provides-Extra: openclaw
|
|
73
75
|
Requires-Dist: openclaw-sdk>=2.0; extra == 'openclaw'
|
|
74
76
|
Provides-Extra: pydanticai
|
|
@@ -90,9 +92,11 @@ Description-Content-Type: text/markdown
|
|
|
90
92
|
|
|
91
93
|
> A production-ready protocol for agent-to-agent communication and task coordination.
|
|
92
94
|
|
|
93
|
-
**Quick Info**: `v2.
|
|
95
|
+
**Quick Info**: `v2.3.0` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
|
|
94
96
|
|
|
95
|
-
>
|
|
97
|
+
> 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`** — package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
|
|
98
|
+
|
|
99
|
+
> 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
|
|
96
100
|
|
|
97
101
|
## Why ASAP?
|
|
98
102
|
|
|
@@ -103,7 +107,7 @@ Building multi-agent systems today suffers from three core technical challenges
|
|
|
103
107
|
|
|
104
108
|
**ASAP** provides a production-ready communication layer that simplifies these complexities. It's ideal for **multi-agent orchestration**, **stateful workflows** (persistence, resumability), **MCP support** and **production systems** requiring high-performance, type-safe agent communication.
|
|
105
109
|
|
|
106
|
-
For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [
|
|
110
|
+
For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) for the current protocol overview and features.
|
|
107
111
|
|
|
108
112
|
### Key Features
|
|
109
113
|
|
|
@@ -115,6 +119,7 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
|
|
|
115
119
|
- **Security** — Bearer auth, OAuth2/JWT, Ed25519 signed manifests, optional mTLS, replay prevention, HTTPS, rate limiting. [Security Model](https://github.com/adriannoes/asap-protocol/blob/main/docs/security/v1.1-security-model.md) (trust limits, Custom Claims).
|
|
116
120
|
- **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
|
|
117
121
|
- **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
|
|
122
|
+
- **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
|
|
118
123
|
- **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
|
|
119
124
|
|
|
120
125
|
### 🆕 Framework Ecosystem
|
|
@@ -134,7 +139,13 @@ Or with pip:
|
|
|
134
139
|
pip install asap-protocol
|
|
135
140
|
```
|
|
136
141
|
|
|
137
|
-
|
|
142
|
+
**npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), aligned with protocol **v2.3.0**):
|
|
143
|
+
|
|
144
|
+
```bash
|
|
145
|
+
npm install @asap-protocol/client
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
|
|
138
149
|
|
|
139
150
|
## Quick Start
|
|
140
151
|
|
|
@@ -177,6 +188,7 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
|
|
|
177
188
|
|
|
178
189
|
**Learn**
|
|
179
190
|
- [Docs](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [API Reference](https://github.com/adriannoes/asap-protocol/blob/main/docs/api-reference.md)
|
|
191
|
+
- [TypeScript client SDK](https://github.com/adriannoes/asap-protocol/blob/main/docs/sdks/typescript.md) — `@asap-protocol/client` (identity, capabilities, streaming, adapters)
|
|
180
192
|
- [Tutorials](https://github.com/adriannoes/asap-protocol/tree/main/docs/tutorials) — First agent to production checklist
|
|
181
193
|
- [Migration from A2A/MCP](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md)
|
|
182
194
|
- [Raw Fetch (non-Python)](https://github.com/adriannoes/asap-protocol/blob/main/docs/raw-fetch.md) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.
|
|
@@ -189,11 +201,11 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
|
|
|
189
201
|
|
|
190
202
|
**Decisions & Operations**
|
|
191
203
|
- [ADRs](https://github.com/adriannoes/asap-protocol/tree/main/docs/adr) — 19 Architecture Decision Records
|
|
192
|
-
- [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main
|
|
204
|
+
- [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main/engineering/architecture/tech-stack-decisions.md) — Rationale for Python, Pydantic, Next.js choices
|
|
193
205
|
- [Deployment](https://github.com/adriannoes/asap-protocol/blob/main/docs/deployment/kubernetes.md) | [Troubleshooting](https://github.com/adriannoes/asap-protocol/blob/main/docs/troubleshooting.md)
|
|
194
206
|
|
|
195
207
|
**Release**
|
|
196
|
-
- [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | [PyPI](https://pypi.org/project/asap-protocol/)
|
|
208
|
+
- [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | **[PyPI listing](https://pypi.org/project/asap-protocol/)** — `https://pypi.org/project/asap-protocol/` (install: `pip install asap-protocol`)
|
|
197
209
|
|
|
198
210
|
## CLI
|
|
199
211
|
|
|
@@ -213,20 +225,23 @@ See the [CLI reference](docs/cli.md) for `compliance-check` and `audit export` f
|
|
|
213
225
|
|
|
214
226
|
## Version History
|
|
215
227
|
|
|
216
|
-
- **
|
|
217
|
-
- **v1.2** adds Ed25519 signed manifests, trust levels, optional mTLS and the [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md).
|
|
218
|
-
- **v1.3** adds delegation commands (`asap delegation create`, `asap delegation revoke`).
|
|
219
|
-
- **v2.0** adds the Lean Marketplace Web App (Next.js), Lite Registry on GitHub Pages, IssueOps registration, OAuth sign-in for developers, and Verified Badge flow.
|
|
220
|
-
- **v2.1** adds the Consumer SDK (`MarketClient`), optional framework extras (LangChain, CrewAI, LlamaIndex, SmolAgents, OpenClaw, …), and registry UX improvements on PyPI.
|
|
221
|
-
- **v2.1.1** is a patch release: JWT algorithm allowlist, SQLite async bridging, optional Redis-backed rate limits, SSRF hardening in the web app, and related reliability fixes (see [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)).
|
|
222
|
-
- **v2.2** adds per-runtime agent identity, capability-based authorization, SSE streaming (`POST /asap/stream`), `ASAP-Version` negotiation, JSON-RPC batch requests, tamper-evident audit logging, async state stores, and Compliance Harness v2.
|
|
223
|
-
- **v2.2.1** closes the SELF-002 follow-up with **real WebAuthn** attestation/assertion via the opt-in `asap-protocol[webauthn]` extra, ships the `asap compliance-check` and `asap audit export` CLIs, promotes the client SDK `ResolvedAgent.run()` to a typed contract (raises `TypeError` on protocol violation), introduces the `asap.economics.audit.AuditChainBroken` exception for scripted tamper handling, and pins upper bounds on security-sensitive deps (`cryptography`, `authlib`, `joserfc`, `pyjwt`, `webauthn`, `pydantic`) — see [dependency policy](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) and full notes in the [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md).
|
|
228
|
+
High-level only — see **[Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)** and the **[docs index](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md#v11-features-api-reference--guides)** for full notes.
|
|
224
229
|
|
|
225
|
-
|
|
230
|
+
| Version | What shipped |
|
|
231
|
+
| :-- | :-- |
|
|
232
|
+
| **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** — see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
|
|
233
|
+
| **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
|
|
234
|
+
| **v2.2** | Per-runtime identity & capability auth · SSE `POST /asap/stream` · `ASAP-Version` · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
|
|
235
|
+
| **v2.1.1** | Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening |
|
|
236
|
+
| **v2.1** | `MarketClient` · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX |
|
|
237
|
+
| **v2.0** | Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow |
|
|
238
|
+
| **v1.3** | `asap delegation create` / `revoke` |
|
|
239
|
+
| **v1.2** | Ed25519 manifests · trust levels · optional mTLS · [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md) |
|
|
240
|
+
| **v1.1** | OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks |
|
|
226
241
|
|
|
227
242
|
## 🔭 What's Next?
|
|
228
243
|
|
|
229
|
-
ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See
|
|
244
|
+
ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See the [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md) and [v2.0 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.0-roadmap.md). Detailed long-term strategy narratives are maintained privately (not shipped in this repository).
|
|
230
245
|
|
|
231
246
|
## Contributing
|
|
232
247
|
|
|
@@ -236,10 +251,18 @@ Every contribution, from bug reports to feature suggestions, documentation impro
|
|
|
236
251
|
|
|
237
252
|
Check out our [contributing guidelines](https://github.com/adriannoes/asap-protocol/blob/main/CONTRIBUTING.md) to get started. It's easier than you think! 🚀
|
|
238
253
|
|
|
254
|
+
## Contact
|
|
255
|
+
|
|
256
|
+
For **general questions** about the protocol, the marketplace, partnerships, or press (not security vulnerabilities — use [SECURITY.md](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md) for those):
|
|
257
|
+
|
|
258
|
+
- **Email:** [info@asap-protocol.com](mailto:info@asap-protocol.com)
|
|
259
|
+
|
|
260
|
+
You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
|
|
261
|
+
|
|
239
262
|
## License
|
|
240
263
|
|
|
241
264
|
This project is licensed under the Apache 2.0 License - see the [license](https://github.com/adriannoes/asap-protocol/blob/main/LICENSE) file for details.
|
|
242
265
|
|
|
243
266
|
---
|
|
244
267
|
|
|
245
|
-
**Built with [Cursor](https://cursor.com/)
|
|
268
|
+
**Built with [Cursor](https://cursor.com/)** using Opus 4.6/4.7, Composer 1.5/2.0, Gemini 3.1 Pro and Kimi K2.5.
|
|
@@ -7,9 +7,11 @@
|
|
|
7
7
|
|
|
8
8
|
> A production-ready protocol for agent-to-agent communication and task coordination.
|
|
9
9
|
|
|
10
|
-
**Quick Info**: `v2.
|
|
10
|
+
**Quick Info**: `v2.3.0` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
|
|
11
11
|
|
|
12
|
-
>
|
|
12
|
+
> 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`** — package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
|
|
13
|
+
|
|
14
|
+
> 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
|
|
13
15
|
|
|
14
16
|
## Why ASAP?
|
|
15
17
|
|
|
@@ -20,7 +22,7 @@ Building multi-agent systems today suffers from three core technical challenges
|
|
|
20
22
|
|
|
21
23
|
**ASAP** provides a production-ready communication layer that simplifies these complexities. It's ideal for **multi-agent orchestration**, **stateful workflows** (persistence, resumability), **MCP support** and **production systems** requiring high-performance, type-safe agent communication.
|
|
22
24
|
|
|
23
|
-
For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [
|
|
25
|
+
For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) for the current protocol overview and features.
|
|
24
26
|
|
|
25
27
|
### Key Features
|
|
26
28
|
|
|
@@ -32,6 +34,7 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
|
|
|
32
34
|
- **Security** — Bearer auth, OAuth2/JWT, Ed25519 signed manifests, optional mTLS, replay prevention, HTTPS, rate limiting. [Security Model](https://github.com/adriannoes/asap-protocol/blob/main/docs/security/v1.1-security-model.md) (trust limits, Custom Claims).
|
|
33
35
|
- **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
|
|
34
36
|
- **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
|
|
37
|
+
- **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
|
|
35
38
|
- **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
|
|
36
39
|
|
|
37
40
|
### 🆕 Framework Ecosystem
|
|
@@ -51,7 +54,13 @@ Or with pip:
|
|
|
51
54
|
pip install asap-protocol
|
|
52
55
|
```
|
|
53
56
|
|
|
54
|
-
|
|
57
|
+
**npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), aligned with protocol **v2.3.0**):
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
npm install @asap-protocol/client
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
|
|
55
64
|
|
|
56
65
|
## Quick Start
|
|
57
66
|
|
|
@@ -94,6 +103,7 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
|
|
|
94
103
|
|
|
95
104
|
**Learn**
|
|
96
105
|
- [Docs](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [API Reference](https://github.com/adriannoes/asap-protocol/blob/main/docs/api-reference.md)
|
|
106
|
+
- [TypeScript client SDK](https://github.com/adriannoes/asap-protocol/blob/main/docs/sdks/typescript.md) — `@asap-protocol/client` (identity, capabilities, streaming, adapters)
|
|
97
107
|
- [Tutorials](https://github.com/adriannoes/asap-protocol/tree/main/docs/tutorials) — First agent to production checklist
|
|
98
108
|
- [Migration from A2A/MCP](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md)
|
|
99
109
|
- [Raw Fetch (non-Python)](https://github.com/adriannoes/asap-protocol/blob/main/docs/raw-fetch.md) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.
|
|
@@ -106,11 +116,11 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
|
|
|
106
116
|
|
|
107
117
|
**Decisions & Operations**
|
|
108
118
|
- [ADRs](https://github.com/adriannoes/asap-protocol/tree/main/docs/adr) — 19 Architecture Decision Records
|
|
109
|
-
- [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main
|
|
119
|
+
- [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main/engineering/architecture/tech-stack-decisions.md) — Rationale for Python, Pydantic, Next.js choices
|
|
110
120
|
- [Deployment](https://github.com/adriannoes/asap-protocol/blob/main/docs/deployment/kubernetes.md) | [Troubleshooting](https://github.com/adriannoes/asap-protocol/blob/main/docs/troubleshooting.md)
|
|
111
121
|
|
|
112
122
|
**Release**
|
|
113
|
-
- [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | [PyPI](https://pypi.org/project/asap-protocol/)
|
|
123
|
+
- [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | **[PyPI listing](https://pypi.org/project/asap-protocol/)** — `https://pypi.org/project/asap-protocol/` (install: `pip install asap-protocol`)
|
|
114
124
|
|
|
115
125
|
## CLI
|
|
116
126
|
|
|
@@ -130,20 +140,23 @@ See the [CLI reference](docs/cli.md) for `compliance-check` and `audit export` f
|
|
|
130
140
|
|
|
131
141
|
## Version History
|
|
132
142
|
|
|
133
|
-
- **
|
|
134
|
-
- **v1.2** adds Ed25519 signed manifests, trust levels, optional mTLS and the [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md).
|
|
135
|
-
- **v1.3** adds delegation commands (`asap delegation create`, `asap delegation revoke`).
|
|
136
|
-
- **v2.0** adds the Lean Marketplace Web App (Next.js), Lite Registry on GitHub Pages, IssueOps registration, OAuth sign-in for developers, and Verified Badge flow.
|
|
137
|
-
- **v2.1** adds the Consumer SDK (`MarketClient`), optional framework extras (LangChain, CrewAI, LlamaIndex, SmolAgents, OpenClaw, …), and registry UX improvements on PyPI.
|
|
138
|
-
- **v2.1.1** is a patch release: JWT algorithm allowlist, SQLite async bridging, optional Redis-backed rate limits, SSRF hardening in the web app, and related reliability fixes (see [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)).
|
|
139
|
-
- **v2.2** adds per-runtime agent identity, capability-based authorization, SSE streaming (`POST /asap/stream`), `ASAP-Version` negotiation, JSON-RPC batch requests, tamper-evident audit logging, async state stores, and Compliance Harness v2.
|
|
140
|
-
- **v2.2.1** closes the SELF-002 follow-up with **real WebAuthn** attestation/assertion via the opt-in `asap-protocol[webauthn]` extra, ships the `asap compliance-check` and `asap audit export` CLIs, promotes the client SDK `ResolvedAgent.run()` to a typed contract (raises `TypeError` on protocol violation), introduces the `asap.economics.audit.AuditChainBroken` exception for scripted tamper handling, and pins upper bounds on security-sensitive deps (`cryptography`, `authlib`, `joserfc`, `pyjwt`, `webauthn`, `pydantic`) — see [dependency policy](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) and full notes in the [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md).
|
|
143
|
+
High-level only — see **[Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)** and the **[docs index](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md#v11-features-api-reference--guides)** for full notes.
|
|
141
144
|
|
|
142
|
-
|
|
145
|
+
| Version | What shipped |
|
|
146
|
+
| :-- | :-- |
|
|
147
|
+
| **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** — see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
|
|
148
|
+
| **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
|
|
149
|
+
| **v2.2** | Per-runtime identity & capability auth · SSE `POST /asap/stream` · `ASAP-Version` · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
|
|
150
|
+
| **v2.1.1** | Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening |
|
|
151
|
+
| **v2.1** | `MarketClient` · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX |
|
|
152
|
+
| **v2.0** | Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow |
|
|
153
|
+
| **v1.3** | `asap delegation create` / `revoke` |
|
|
154
|
+
| **v1.2** | Ed25519 manifests · trust levels · optional mTLS · [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md) |
|
|
155
|
+
| **v1.1** | OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks |
|
|
143
156
|
|
|
144
157
|
## 🔭 What's Next?
|
|
145
158
|
|
|
146
|
-
ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See
|
|
159
|
+
ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See the [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md) and [v2.0 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.0-roadmap.md). Detailed long-term strategy narratives are maintained privately (not shipped in this repository).
|
|
147
160
|
|
|
148
161
|
## Contributing
|
|
149
162
|
|
|
@@ -153,10 +166,18 @@ Every contribution, from bug reports to feature suggestions, documentation impro
|
|
|
153
166
|
|
|
154
167
|
Check out our [contributing guidelines](https://github.com/adriannoes/asap-protocol/blob/main/CONTRIBUTING.md) to get started. It's easier than you think! 🚀
|
|
155
168
|
|
|
169
|
+
## Contact
|
|
170
|
+
|
|
171
|
+
For **general questions** about the protocol, the marketplace, partnerships, or press (not security vulnerabilities — use [SECURITY.md](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md) for those):
|
|
172
|
+
|
|
173
|
+
- **Email:** [info@asap-protocol.com](mailto:info@asap-protocol.com)
|
|
174
|
+
|
|
175
|
+
You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
|
|
176
|
+
|
|
156
177
|
## License
|
|
157
178
|
|
|
158
179
|
This project is licensed under the Apache 2.0 License - see the [license](https://github.com/adriannoes/asap-protocol/blob/main/LICENSE) file for details.
|
|
159
180
|
|
|
160
181
|
---
|
|
161
182
|
|
|
162
|
-
**Built with [Cursor](https://cursor.com/)
|
|
183
|
+
**Built with [Cursor](https://cursor.com/)** using Opus 4.6/4.7, Composer 1.5/2.0, Gemini 3.1 Pro and Kimi K2.5.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[project]
|
|
2
2
|
name = "asap-protocol"
|
|
3
|
-
version = "2.
|
|
3
|
+
version = "2.3.0"
|
|
4
4
|
description = "Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication"
|
|
5
5
|
authors = [
|
|
6
6
|
{name = "ASAP Protocol Contributors"}
|
|
@@ -99,6 +99,10 @@ pydanticai = [
|
|
|
99
99
|
openclaw = [
|
|
100
100
|
"openclaw-sdk>=2.0",
|
|
101
101
|
]
|
|
102
|
+
# OpenAPI 3.x spec parsing for asap.adapters.openapi (Sprint S1).
|
|
103
|
+
openapi = [
|
|
104
|
+
"openapi-pydantic>=0.5",
|
|
105
|
+
]
|
|
102
106
|
|
|
103
107
|
[project.urls]
|
|
104
108
|
Homepage = "https://github.com/adriannoes/asap-protocol"
|
|
@@ -185,6 +189,7 @@ ignore = [
|
|
|
185
189
|
[tool.ruff.lint.per-file-ignores]
|
|
186
190
|
"scripts/**" = ["T201"]
|
|
187
191
|
"src/asap/examples/**" = ["T201", "ASYNC210"]
|
|
192
|
+
"examples/**" = ["T201"]
|
|
188
193
|
"benchmarks/**" = ["T201"]
|
|
189
194
|
"tests/**" = ["B008"]
|
|
190
195
|
"src/asap/transport/usage_api.py" = ["B008"]
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
"""ASAP: Async Simple Agent Protocol.
|
|
2
|
+
|
|
3
|
+
A streamlined, scalable, asynchronous protocol for agent-to-agent communication
|
|
4
|
+
and task coordination.
|
|
5
|
+
"""
|
|
6
|
+
|
|
7
|
+
from __future__ import annotations
|
|
8
|
+
|
|
9
|
+
from typing import Any
|
|
10
|
+
|
|
11
|
+
__version__ = "2.3.0"
|
|
12
|
+
|
|
13
|
+
__all__ = ["__version__", "create_from_openapi"]
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
def __getattr__(name: str) -> Any:
|
|
17
|
+
if name == "create_from_openapi":
|
|
18
|
+
from asap.adapters.openapi import create_from_openapi as exported
|
|
19
|
+
|
|
20
|
+
return exported
|
|
21
|
+
msg = f"module {__name__!r} has no attribute {name!r}"
|
|
22
|
+
raise AttributeError(msg)
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
"""ASAP protocol adapters (third-party wire formats → ASAP capabilities)."""
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
"""OpenAPI 3.x → ASAP adapter (Sprint S1)."""
|
|
2
|
+
|
|
3
|
+
from __future__ import annotations
|
|
4
|
+
|
|
5
|
+
import logging
|
|
6
|
+
|
|
7
|
+
from asap.adapters.openapi.factory import (
|
|
8
|
+
PETSTORE_OPENAPI_URL,
|
|
9
|
+
OpenAPIAdapterBundle,
|
|
10
|
+
create_from_openapi,
|
|
11
|
+
)
|
|
12
|
+
|
|
13
|
+
logger = logging.getLogger(__name__)
|
|
14
|
+
|
|
15
|
+
__all__ = [
|
|
16
|
+
"PETSTORE_OPENAPI_URL",
|
|
17
|
+
"OpenAPIAdapterBundle",
|
|
18
|
+
"create_from_openapi",
|
|
19
|
+
]
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
"""Map OpenAPI operations to ASAP approval strength (OA-008, v2.2.1 self-auth)."""
|
|
2
|
+
|
|
3
|
+
from __future__ import annotations
|
|
4
|
+
|
|
5
|
+
import logging
|
|
6
|
+
from collections.abc import Mapping, Sequence
|
|
7
|
+
from typing import Literal, cast
|
|
8
|
+
|
|
9
|
+
from asap.adapters.openapi.capability_mapper import OpenAPICapability
|
|
10
|
+
|
|
11
|
+
logger = logging.getLogger(__name__)
|
|
12
|
+
|
|
13
|
+
ApprovalStrength = Literal["session", "webauthn"]
|
|
14
|
+
|
|
15
|
+
_HTTP_VERBS_FROZEN: frozenset[str] = frozenset(
|
|
16
|
+
("GET", "PUT", "POST", "DELETE", "OPTIONS", "HEAD", "PATCH", "TRACE"),
|
|
17
|
+
)
|
|
18
|
+
_VALID_STRENGTH: frozenset[str] = frozenset(("session", "webauthn"))
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
def normalize_approval_strength_map(
|
|
22
|
+
mapping: Mapping[str, str],
|
|
23
|
+
) -> dict[str, ApprovalStrength]:
|
|
24
|
+
"""Normalize user map keys (HTTP verbs uppercased) and validate strength values.
|
|
25
|
+
|
|
26
|
+
Args:
|
|
27
|
+
mapping: Keys are HTTP methods (any case) or OpenAPI ``operationId`` strings
|
|
28
|
+
(case-sensitive). Values must be ``\"session\"`` or ``\"webauthn\"``.
|
|
29
|
+
|
|
30
|
+
Returns:
|
|
31
|
+
A normalized dict suitable for :func:`resolve_approval_strength`.
|
|
32
|
+
|
|
33
|
+
Raises:
|
|
34
|
+
ValueError: If any strength value is invalid.
|
|
35
|
+
"""
|
|
36
|
+
out: dict[str, ApprovalStrength] = {}
|
|
37
|
+
for raw_key, raw_val in mapping.items():
|
|
38
|
+
if not isinstance(raw_key, str) or not raw_key.strip():
|
|
39
|
+
continue
|
|
40
|
+
key = raw_key.strip()
|
|
41
|
+
norm_key = key.upper() if key.strip().upper() in _HTTP_VERBS_FROZEN else key.strip()
|
|
42
|
+
if not isinstance(raw_val, str) or not raw_val.strip():
|
|
43
|
+
msg = f"approval_strength value for {raw_key!r} must be a non-empty string"
|
|
44
|
+
raise ValueError(msg)
|
|
45
|
+
val = raw_val.strip().lower()
|
|
46
|
+
if val not in _VALID_STRENGTH:
|
|
47
|
+
msg = (
|
|
48
|
+
f"Invalid approval_strength {raw_val!r} for key {raw_key!r}; "
|
|
49
|
+
"expected 'session' or 'webauthn'"
|
|
50
|
+
)
|
|
51
|
+
raise ValueError(msg)
|
|
52
|
+
out[norm_key] = cast("ApprovalStrength", val)
|
|
53
|
+
return out
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
def resolve_approval_strength(
|
|
57
|
+
*,
|
|
58
|
+
http_method: str,
|
|
59
|
+
operation_id: str | None,
|
|
60
|
+
mapping: Mapping[str, ApprovalStrength],
|
|
61
|
+
) -> ApprovalStrength | None:
|
|
62
|
+
"""Resolve strength for one operation.
|
|
63
|
+
|
|
64
|
+
Precedence:
|
|
65
|
+
1. Exact ``operationId`` key in *mapping* when *operation_id* is set.
|
|
66
|
+
2. HTTP method (case-insensitive, compared as uppercase).
|
|
67
|
+
"""
|
|
68
|
+
if operation_id is not None and operation_id in mapping:
|
|
69
|
+
return mapping[operation_id]
|
|
70
|
+
verb = http_method.strip().upper()
|
|
71
|
+
return mapping.get(verb)
|
|
72
|
+
|
|
73
|
+
|
|
74
|
+
def collect_webauthn_required_capability_names(
|
|
75
|
+
capabilities: Sequence[OpenAPICapability],
|
|
76
|
+
approval_strength: Mapping[str, str],
|
|
77
|
+
) -> list[str]:
|
|
78
|
+
"""Capability names that must appear in ``FreshSessionConfig.require_webauthn_for``.
|
|
79
|
+
|
|
80
|
+
Args:
|
|
81
|
+
capabilities: Mapped OpenAPI operations from :func:`~.capability_mapper.map_openapi_to_capabilities`.
|
|
82
|
+
approval_strength: Raw mapping (normalized by :func:`normalize_approval_strength_map`).
|
|
83
|
+
"""
|
|
84
|
+
normalized = normalize_approval_strength_map(approval_strength)
|
|
85
|
+
ordered: list[str] = []
|
|
86
|
+
seen: set[str] = set()
|
|
87
|
+
for cap in capabilities:
|
|
88
|
+
strength = resolve_approval_strength(
|
|
89
|
+
http_method=cap.http_method,
|
|
90
|
+
operation_id=cap.operation_id,
|
|
91
|
+
mapping=normalized,
|
|
92
|
+
)
|
|
93
|
+
if strength == "webauthn":
|
|
94
|
+
name = cap.skill.id
|
|
95
|
+
if name not in seen:
|
|
96
|
+
seen.add(name)
|
|
97
|
+
ordered.append(name)
|
|
98
|
+
logger.debug("collect_webauthn_required_capability_names: %s name(s)", len(ordered))
|
|
99
|
+
return ordered
|
|
100
|
+
|
|
101
|
+
|
|
102
|
+
__all__ = [
|
|
103
|
+
"ApprovalStrength",
|
|
104
|
+
"collect_webauthn_required_capability_names",
|
|
105
|
+
"normalize_approval_strength_map",
|
|
106
|
+
"resolve_approval_strength",
|
|
107
|
+
]
|