asap-protocol 2.2.1__tar.gz → 2.4.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (195) hide show
  1. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/.gitignore +27 -2
  2. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/CHANGELOG.md +156 -0
  3. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/PKG-INFO +63 -23
  4. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/README.md +53 -18
  5. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/pyproject.toml +30 -9
  6. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/entities/manifest.schema.json +131 -1
  7. asap_protocol-2.4.0/schemas/examples/shellclaw-jetson-capabilities.json +38 -0
  8. asap_protocol-2.4.0/src/asap/__init__.py +22 -0
  9. asap_protocol-2.4.0/src/asap/adapters/__init__.py +1 -0
  10. asap_protocol-2.4.0/src/asap/adapters/openapi/__init__.py +19 -0
  11. asap_protocol-2.4.0/src/asap/adapters/openapi/approval.py +107 -0
  12. asap_protocol-2.4.0/src/asap/adapters/openapi/capability_mapper.py +499 -0
  13. asap_protocol-2.4.0/src/asap/adapters/openapi/factory.py +243 -0
  14. asap_protocol-2.4.0/src/asap/adapters/openapi/handler.py +525 -0
  15. asap_protocol-2.4.0/src/asap/adapters/openapi/spec_loader.py +154 -0
  16. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/agent_jwt.py +1 -18
  17. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/approval.py +25 -1
  18. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/capabilities.py +41 -0
  19. asap_protocol-2.4.0/src/asap/auth/claims.py +43 -0
  20. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/jwks.py +25 -6
  21. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/middleware.py +44 -37
  22. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/discovery/registry.py +84 -0
  23. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/secure_agent.py +6 -0
  24. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/integrations/crewai.py +2 -2
  25. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/integrations/llamaindex.py +33 -15
  26. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/entities.py +74 -1
  27. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/enums.py +36 -0
  28. asap_protocol-2.4.0/src/asap/registry/__init__.py +19 -0
  29. asap_protocol-2.4.0/src/asap/registry/anti_spam.py +20 -0
  30. asap_protocol-2.4.0/src/asap/registry/auto_registration.py +291 -0
  31. asap_protocol-2.4.0/src/asap/registry/bot_pr.py +336 -0
  32. asap_protocol-2.4.0/src/asap/registry/receipt_cache.py +96 -0
  33. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/agent_routes.py +41 -12
  34. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/capability_routes.py +25 -5
  35. asap_protocol-2.4.0/src/asap/transport/challenge.py +119 -0
  36. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/client.py +147 -0
  37. asap_protocol-2.4.0/src/asap/transport/escalation_routes.py +199 -0
  38. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/rate_limit.py +33 -0
  39. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/server.py +89 -2
  40. asap_protocol-2.2.1/src/asap/__init__.py +0 -9
  41. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/LICENSE +0 -0
  42. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/entities/agent.schema.json +0 -0
  43. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/entities/artifact.schema.json +0 -0
  44. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/entities/conversation.schema.json +0 -0
  45. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/entities/message.schema.json +0 -0
  46. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/entities/state_snapshot.schema.json +0 -0
  47. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/entities/task.schema.json +0 -0
  48. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/envelope.schema.json +0 -0
  49. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/parts/data_part.schema.json +0 -0
  50. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/parts/file_part.schema.json +0 -0
  51. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/parts/resource_part.schema.json +0 -0
  52. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/parts/template_part.schema.json +0 -0
  53. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/parts/text_part.schema.json +0 -0
  54. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/artifact_notify.schema.json +0 -0
  55. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/mcp_resource_data.schema.json +0 -0
  56. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/mcp_resource_fetch.schema.json +0 -0
  57. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/mcp_tool_call.schema.json +0 -0
  58. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/mcp_tool_result.schema.json +0 -0
  59. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/message_send.schema.json +0 -0
  60. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/state_query.schema.json +0 -0
  61. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/state_restore.schema.json +0 -0
  62. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/task_cancel.schema.json +0 -0
  63. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/task_request.schema.json +0 -0
  64. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/task_response.schema.json +0 -0
  65. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/schemas/payloads/task_update.schema.json +0 -0
  66. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/__init__.py +0 -0
  67. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/identity.py +0 -0
  68. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/introspection.py +0 -0
  69. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/lifecycle.py +0 -0
  70. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/oauth2.py +0 -0
  71. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/oidc.py +0 -0
  72. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/scopes.py +0 -0
  73. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/self_auth.py +0 -0
  74. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/utils.py +0 -0
  75. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/auth/webauthn.py +0 -0
  76. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/cli/__init__.py +0 -0
  77. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/cli/audit_export.py +0 -0
  78. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/cli/compliance_check.py +0 -0
  79. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/client/__init__.py +0 -0
  80. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/client/cache.py +0 -0
  81. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/client/http_client.py +0 -0
  82. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/client/market.py +0 -0
  83. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/client/revocation.py +0 -0
  84. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/client/trust.py +0 -0
  85. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/crypto/__init__.py +0 -0
  86. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/crypto/keys.py +0 -0
  87. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/crypto/models.py +0 -0
  88. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/crypto/signing.py +0 -0
  89. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/crypto/trust.py +0 -0
  90. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/crypto/trust_levels.py +0 -0
  91. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/discovery/__init__.py +0 -0
  92. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/discovery/dnssd.py +0 -0
  93. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/discovery/health.py +0 -0
  94. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/discovery/validation.py +0 -0
  95. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/discovery/wellknown.py +0 -0
  96. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/economics/__init__.py +0 -0
  97. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/economics/audit.py +0 -0
  98. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/economics/delegation.py +0 -0
  99. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/economics/delegation_storage.py +0 -0
  100. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/economics/hooks.py +0 -0
  101. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/economics/metering.py +0 -0
  102. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/economics/sla.py +0 -0
  103. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/economics/sla_storage.py +0 -0
  104. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/economics/storage.py +0 -0
  105. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/errors.py +0 -0
  106. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/README.md +0 -0
  107. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/__init__.py +0 -0
  108. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/a2h_approval.py +0 -0
  109. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/agent_failover.py +0 -0
  110. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/auth_patterns.py +0 -0
  111. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/coordinator.py +0 -0
  112. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/echo_agent.py +0 -0
  113. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/error_recovery.py +0 -0
  114. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/long_running.py +0 -0
  115. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/mcp_client_demo.py +0 -0
  116. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/mcp_integration.py +0 -0
  117. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/multi_step_workflow.py +0 -0
  118. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/orchestration.py +0 -0
  119. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/rate_limiting.py +0 -0
  120. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/run_demo.py +0 -0
  121. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/secure_handler.py +0 -0
  122. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/state_migration.py +0 -0
  123. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/storage_backends.py +0 -0
  124. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/streaming_agent.py +0 -0
  125. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/streaming_response.py +0 -0
  126. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/v1_3_0_showcase.py +0 -0
  127. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/v1_4_0_showcase.py +0 -0
  128. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/examples/websocket_concept.py +0 -0
  129. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/handlers/__init__.py +0 -0
  130. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/handlers/hitl.py +0 -0
  131. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/integrations/__init__.py +0 -0
  132. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/integrations/a2h.py +0 -0
  133. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/integrations/langchain.py +0 -0
  134. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/integrations/openclaw.py +0 -0
  135. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/integrations/pydanticai.py +0 -0
  136. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/integrations/smolagents.py +0 -0
  137. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/integrations/vercel_ai.py +0 -0
  138. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/mcp/__init__.py +0 -0
  139. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/mcp/client.py +0 -0
  140. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/mcp/protocol.py +0 -0
  141. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/mcp/serve.py +0 -0
  142. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/mcp/server.py +0 -0
  143. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/mcp/server_runner.py +0 -0
  144. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/__init__.py +0 -0
  145. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/base.py +0 -0
  146. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/constants.py +0 -0
  147. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/envelope.py +0 -0
  148. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/ids.py +0 -0
  149. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/parts.py +0 -0
  150. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/payloads.py +0 -0
  151. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/types.py +0 -0
  152. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/models/validators.py +0 -0
  153. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/observability/__init__.py +0 -0
  154. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/observability/dashboards/README.md +0 -0
  155. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/observability/dashboards/asap-detailed.json +0 -0
  156. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/observability/dashboards/asap-red.json +0 -0
  157. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/observability/logging.py +0 -0
  158. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/observability/metrics.py +0 -0
  159. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/observability/trace_parser.py +0 -0
  160. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/observability/trace_ui.py +0 -0
  161. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/observability/tracing.py +0 -0
  162. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/schemas.py +0 -0
  163. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/state/__init__.py +0 -0
  164. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/state/machine.py +0 -0
  165. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/state/metering.py +0 -0
  166. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/state/snapshot.py +0 -0
  167. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/state/stores/__init__.py +0 -0
  168. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/state/stores/memory.py +0 -0
  169. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/state/stores/sqlite.py +0 -0
  170. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/testing/__init__.py +0 -0
  171. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/testing/asgi_factory.py +0 -0
  172. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/testing/assertions.py +0 -0
  173. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/testing/compliance.py +0 -0
  174. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/testing/fixtures.py +0 -0
  175. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/testing/mocks.py +0 -0
  176. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/__init__.py +0 -0
  177. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/_auth_helpers.py +0 -0
  178. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/cache.py +0 -0
  179. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/circuit_breaker.py +0 -0
  180. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/codecs/__init__.py +0 -0
  181. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/codecs/lambda_codec.py +0 -0
  182. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/compression.py +0 -0
  183. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/delegation_api.py +0 -0
  184. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/executors.py +0 -0
  185. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/handlers.py +0 -0
  186. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/jsonrpc.py +0 -0
  187. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/middleware.py +0 -0
  188. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/mtls.py +0 -0
  189. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/sla_api.py +0 -0
  190. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/usage_api.py +0 -0
  191. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/validators.py +0 -0
  192. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/webhook.py +0 -0
  193. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/transport/websocket.py +0 -0
  194. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/utils/__init__.py +0 -0
  195. {asap_protocol-2.2.1 → asap_protocol-2.4.0}/src/asap/utils/sanitization.py +0 -0
@@ -178,21 +178,46 @@ cython_debug/
178
178
  # Project specific
179
179
  !/.cursor/
180
180
  /drafts/
181
- # Strategy docs (private — do not commit)
182
- .cursor/product-specs/strategy/
181
+ /.claude/
182
+ # Local agent state / tooling (ignore everywhere, not only repo root)
183
+ .agents/
184
+ # Strategic and commercial planning (private - do not commit)
185
+ product/strategy/
186
+ product/private/
187
+ product/private-roadmap/
188
+ product/prd/private/
189
+ engineering/code-review/private/
190
+ # Tactical PRDs outside private/ (patch train); single-digit and double-digit patch (e.g. v2.3.10)
191
+ product/prd/prd-v2.3.[1-9]-*.md
192
+ product/prd/prd-v2.3.[1-9][0-9]-*.md
193
+ engineering/private/
194
+ engineering/tasks/private/
195
+ engineering/tasks/v2.3.[1-9]*/
183
196
  node_modules/
197
+ # Next.js build output (examples and apps)
198
+ .next/
199
+ # tshy generated tsconfig fragments (regenerated on build)
200
+ .tshy/
184
201
  .pnpm-store/
185
202
  .github/wiki/
186
203
 
187
204
  # Next.js app lib (do not ignore; root lib/ is for Python)
188
205
  !apps/web/src/lib/
189
206
  !apps/web/src/lib/**
207
+ !apps/example-mastra/src/lib/
208
+ !apps/example-mastra/src/lib/**
190
209
 
191
210
  # Benchmark and cache artifacts
192
211
  .benchmarks/
193
212
  .uv-cache/
194
213
 
214
+ # TypeScript incremental build info (local / IDE)
215
+ *.tsbuildinfo
216
+
195
217
  # ESLint report (generated)
196
218
  eslint-report.json
197
219
  .vercel
198
220
  .env*.local
221
+
222
+ # Local weekly telemetry outputs (snapshots + dashboard; CI uses artifacts)
223
+ private/telemetry/
@@ -7,6 +7,162 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ### Security
11
+
12
+ - **OAuth2 middleware**: Validate JWT `iss` and `aud` when `ASAP_AUTH_ISSUER` / `ASAP_AUTH_AUDIENCE` (or `OAuth2Config.expected_issuer` / `expected_audience`) are set; refactored validation through `validate_jwt()` in `asap.auth.jwks`.
13
+ - **Identity binding**: Fail-closed when `manifest_id` is configured but neither custom claim nor `ASAP_AUTH_SUBJECT_MAP` allowlist matches (403 instead of warn-and-pass).
14
+ - **Web app (`apps/web`)**: Block open redirects on E2E fixture login routes via `resolveRedirectUrl`; harden SSRF on `/api/health-check` (127.0.0.0/8, DNS resolve4/6); Zod validation on API query params; rate-limit unit tests.
15
+
16
+ ### Fixed
17
+
18
+ - **CI security (`pip-audit`)**: Bumped transitive pins (`langchain-core`, `langsmith`, `python-multipart`, `urllib3`, `pip`, `smolagents`) and adjusted documented `--ignore-vuln` flags (pygments + **smolagents** CVEs with no PyPI fix yet; pip ≥26.1 clears prior pip ignore). See [SECURITY.md](SECURITY.md).
19
+ - **FastAPI / Starlette**: Raised `fastapi` floor to `>=0.136.1` so `starlette>=1.0.1` resolves **PYSEC-2026-161** (Host header path injection) without a `pip-audit` ignore.
20
+
21
+ ### Follow-up (not in this release)
22
+
23
+ - `extra="forbid"` on ingress payload models (`TaskRequestConfig`, `CommonMetadata`)
24
+ - Opt-in protection for operator APIs (`/usage`, `/sla`, `/audit`)
25
+ - Redis-backed `JtiReplayCache` and distributed Next.js rate limits
26
+ - Bump optional `pydantic-ai` extra (CVE-2026-46678)
27
+
28
+ ---
29
+
30
+ ## [2.4.0] - 2026-05-24
31
+
32
+ **Edge-AI discovery** — Optional structured hardware and inference capability
33
+ advertising on manifests, mirrored to the Lite Registry, marketplace filters, and
34
+ TypeScript discovery types. Wire protocol and existing manifests remain
35
+ backward compatible.
36
+
37
+ ### Added
38
+
39
+ - **feat(discovery): hardware and inference capability advertising**
40
+ - **Manifest schema** (`schemas/entities/manifest.schema.json`): optional
41
+ `capabilities.hardware` (`class`, `model`, `io`) and `capabilities.inference`
42
+ (`modes`, `local_models` with optional self-reported throughput); closed enums;
43
+ `additionalProperties: false` on nested objects. Example:
44
+ `schemas/examples/shellclaw-jetson-capabilities.json`.
45
+ - **Pydantic models** (`HardwareCapability`, `InferenceCapability`,
46
+ `LocalModelInfo`; enums `HardwareClass`, `HardwareIoType`, `InferenceMode`).
47
+ - **Registry mirror**: `RegistryEntry.hardware_class`, `inference_modes`,
48
+ `hardware_io`; `derive_registry_hardware_fields()` applied in
49
+ `auto_registration` and `process_registration` when a signed manifest is
50
+ loaded.
51
+ - **Discovery helpers**: `find_by_hardware_class`, `find_by_inference_mode`,
52
+ `find_by_io` in `asap.discovery.registry`.
53
+ - **Marketplace (web)**: Browse sidebar filters and agent detail blocks for
54
+ hardware class, inference mode, and I/O; register docs and IssueOps template
55
+ note manifest-derived fields.
56
+ - **TypeScript SDK** (`@asap-protocol/client@2.4.0`): optional hardware fields
57
+ on `RegistryEntry` with parsers in `discovery.ts`.
58
+ - **Docs**: `docs/transport.md`, `docs/registry/auto-registration.md`,
59
+ `docs/examples/registry-shellclaw.md`; fixtures under `tests/fixtures/`.
60
+ - **ShellClaw marketplace onboarding (S0)**: Guide
61
+ [docs/guides/shellclaw-registry.md](docs/guides/shellclaw-registry.md)
62
+ (`online_check: false`, static manifest URLs, IssueOps path); validation
63
+ fixtures `tests/fixtures/registry/shellclaw-v1.0-entry.json`.
64
+
65
+ ### Changed
66
+
67
+ - **Tags vs structured fields**: `tags` (e.g. `cuda`, `jetson`) remain valid;
68
+ registrants may migrate to structured `hardware` / `inference` when ready.
69
+
70
+ ### Community feedback
71
+
72
+ - Track enum and field feedback on GitHub: [#176](https://github.com/adriannoes/asap-protocol/issues/176).
73
+
74
+ ---
75
+
76
+ ## [2.3.1] - 2026-05-20
77
+
78
+ **Adapter Lab I** — TypeScript-only patch: two new framework adapters on npm and
79
+ additive exports on `@asap-protocol/client`. Python `asap-protocol` core is
80
+ unchanged; no wire-protocol or migration work required for existing deployments.
81
+
82
+ ### Added
83
+
84
+ - **`@asap-protocol/mastra@2.3.1`**: Expose ASAP capabilities as Mastra
85
+ `createTool` definitions, optional `createAsapMastraAgent` wrapper, and
86
+ streaming bridge. See [docs/integrations/mastra.md](docs/integrations/mastra.md).
87
+ ```bash
88
+ npm install @asap-protocol/mastra @asap-protocol/client @mastra/core zod
89
+ ```
90
+ - **`@asap-protocol/openai-agents@2.3.1`**: Expose ASAP capabilities as OpenAI
91
+ Agents SDK `tool()` definitions, remote-agent handoff helpers, and streaming
92
+ bridge. See [docs/integrations/openai-agents.md](docs/integrations/openai-agents.md).
93
+ ```bash
94
+ npm install @asap-protocol/openai-agents @asap-protocol/client @openai/agents zod
95
+ ```
96
+ - **Examples**: `apps/example-mastra` and `apps/example-openai-agents` (Compliance
97
+ Harness v2 score 1.0 against the loopback provider).
98
+
99
+ ### Changed
100
+
101
+ - **`@asap-protocol/client@2.3.1`**: Additive exports for adapter authors —
102
+ public `@asap-protocol/client/adapters/shared`, `jsonSchemaForCapabilityOutput`,
103
+ execution types, and envelope helpers. Non-breaking; existing `@2.3.0` consumers
104
+ remain compatible.
105
+ - **CI security (`pip-audit`)**: Bumped transitive pins (`idna>=3.15`,
106
+ `markdown>=3.10.2`, `pymdown-extensions>=10.21.3`) and documented `--ignore-vuln`
107
+ flags for advisories with no PyPI fix yet (`PYSEC-2026-89`, `PYSEC-2025-183`,
108
+ `PYSEC-2024-271`). See [SECURITY.md](SECURITY.md).
109
+
110
+ ### Known limitations
111
+
112
+ - Adapter packages peer on pre-1.0 framework releases (`@mastra/core@^1.5.0`,
113
+ `@openai/agents@^0.11.0`). Pin peers in production until those ecosystems
114
+ stabilize semver.
115
+
116
+ ### Migration
117
+
118
+ - **v2.3.0 → v2.3.1**: Additive release — install new packages only if you adopt
119
+ Mastra or OpenAI Agents SDK integrations. See
120
+ [migration guide](docs/migration.md#upgrading-from-v230-to-v231).
121
+
122
+ ### Skipped (TS-only patch)
123
+
124
+ - **Python PyPI / Docker**: No changes to `asap-protocol` Python core (`2.3.0`
125
+ remains current on PyPI). Tag `v2.3.1` ships npm adapters only; any Docker
126
+ image retagged by CI is unchanged bytecode — do not treat it as a Python upgrade.
127
+
128
+ ---
129
+
130
+ ## [2.3.0] - 2026-05-04
131
+
132
+ **Adoption Multiplier** — OpenAPI-derived agents, first-class TypeScript, lean
133
+ registry auto-registration, runtime capability escalation, and opt-in
134
+ `WWW-Authenticate: ASAP` discovery challenges. Wire JSON-RPC and envelope
135
+ schemas remain backward compatible with v2.2.x.
136
+
137
+ ### Added
138
+
139
+ - **OpenAPI Adapter (Python)**: `asap.adapters.openapi.create_from_openapi` maps
140
+ OpenAPI 3.x operations to ASAP capabilities; optional `[openapi]` extra.
141
+ See [docs/adapters/openapi.md](docs/adapters/openapi.md).
142
+ - **Official TypeScript client**: npm package `@asap-protocol/client` with
143
+ discovery, capability helpers, streaming consumer, and optional adapters for
144
+ Vercel AI SDK, OpenAI, and Anthropic (`packages/typescript/client/`).
145
+ - **Auto-Registration**: `POST /registry/agents` for Compliance Harness–gated
146
+ Lite Registry submissions (optional `registry_auto_registration` on
147
+ `create_app`). See [docs/registry/auto-registration.md](docs/registry/auto-registration.md).
148
+ - **Capability escalation**: `POST /asap/agent/request-capability` plus Python
149
+ `ASAPClient.request_capability` / TypeScript client support for approval
150
+ flows without re-registering the agent.
151
+ - **ASAP HTTP challenge**: `WWW-Authenticate: ASAP` with `discovery=` manifest
152
+ URL on selected 401/403 responses; clients can record discovery metadata from
153
+ the challenge header.
154
+
155
+ ### Changed
156
+
157
+ - **Reference server**: New optional routers and middleware wiring are
158
+ **opt-in** behind constructor flags — existing deployments keep v2.2.x
159
+ behavior until they enable OpenAPI surfaces, auto-registration, escalation
160
+ routes, or challenge middleware.
161
+
162
+ ### Security
163
+
164
+ - **Dependency sweep (pre-tag)**: `uv run pip-audit --ignore-vuln CVE-2026-4539 --ignore-vuln CVE-2026-3219` (after `uv sync` per [SECURITY.md](SECURITY.md)) reported **no known vulnerabilities** (same ignores as CI). **`apps/web`**: `npm audit` (2026-05-04) still reports **moderate** `postcss` via `next@16.2.4` (GHSA-qx2v-qp2m-jg93); upstream fix may require a newer Next.js line — track before treating web audits as fully clean.
165
+
10
166
  ---
11
167
 
12
168
  ## [2.2.1] - 2026-04-21
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: asap-protocol
3
- Version: 2.2.1
3
+ Version: 2.4.0
4
4
  Summary: Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication
5
5
  Project-URL: Homepage, https://github.com/adriannoes/asap-protocol
6
6
  Project-URL: Documentation, https://adriannoes.github.io/asap-protocol
@@ -24,7 +24,7 @@ Requires-Dist: aiosqlite>=0.20
24
24
  Requires-Dist: authlib<2,>=1.6.11
25
25
  Requires-Dist: brotli>=1.2.0
26
26
  Requires-Dist: cryptography<47,>=46.0.7
27
- Requires-Dist: fastapi>=0.128.0
27
+ Requires-Dist: fastapi>=0.136.1
28
28
  Requires-Dist: httpx[http2]>=0.28.1
29
29
  Requires-Dist: jcs>=0.2.0
30
30
  Requires-Dist: joserfc<2,>=1.6.3
@@ -46,6 +46,7 @@ Requires-Dist: websockets>=12.0
46
46
  Provides-Extra: crewai
47
47
  Requires-Dist: crewai>=0.80; extra == 'crewai'
48
48
  Provides-Extra: dev
49
+ Requires-Dist: asgi-lifespan>=2.1.0; extra == 'dev'
49
50
  Requires-Dist: brotli>=1.1.0; extra == 'dev'
50
51
  Requires-Dist: mypy>=1.19.1; extra == 'dev'
51
52
  Requires-Dist: pip-audit>=2.7; extra == 'dev'
@@ -62,13 +63,15 @@ Provides-Extra: docs
62
63
  Requires-Dist: ghp-import>=2.1.0; extra == 'docs'
63
64
  Requires-Dist: mkdocs-material>=9.5; extra == 'docs'
64
65
  Requires-Dist: mkdocstrings[python]>=0.27; extra == 'docs'
65
- Requires-Dist: pymdown-extensions>=10.21; extra == 'docs'
66
+ Requires-Dist: pymdown-extensions>=10.21.3; extra == 'docs'
66
67
  Provides-Extra: langchain
67
- Requires-Dist: langchain-core>=0.2; extra == 'langchain'
68
+ Requires-Dist: langchain-core>=1.3.3; extra == 'langchain'
68
69
  Provides-Extra: llamaindex
69
70
  Requires-Dist: llama-index-core>=0.10; extra == 'llamaindex'
70
71
  Provides-Extra: mcp
71
72
  Requires-Dist: mcp>=1.0.0; extra == 'mcp'
73
+ Provides-Extra: openapi
74
+ Requires-Dist: openapi-pydantic>=0.5; extra == 'openapi'
72
75
  Provides-Extra: openclaw
73
76
  Requires-Dist: openclaw-sdk>=2.0; extra == 'openclaw'
74
77
  Provides-Extra: pydanticai
@@ -76,7 +79,9 @@ Requires-Dist: pydantic-ai>=0.2; extra == 'pydanticai'
76
79
  Provides-Extra: redis
77
80
  Requires-Dist: redis>=5.0.0; extra == 'redis'
78
81
  Provides-Extra: smolagents
79
- Requires-Dist: smolagents>=1.0; extra == 'smolagents'
82
+ Requires-Dist: smolagents>=1.24.0; extra == 'smolagents'
83
+ Provides-Extra: telemetry
84
+ Requires-Dist: pypistats>=1.11.0; extra == 'telemetry'
80
85
  Provides-Extra: webauthn
81
86
  Requires-Dist: webauthn<3,>=2.6; extra == 'webauthn'
82
87
  Description-Content-Type: text/markdown
@@ -90,9 +95,11 @@ Description-Content-Type: text/markdown
90
95
 
91
96
  > A production-ready protocol for agent-to-agent communication and task coordination.
92
97
 
93
- **Quick Info**: `v2.2.1` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [PyPI](https://pypi.org/project/asap-protocol/) | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
98
+ **Quick Info**: `v2.4.0` (PyPI) · **npm TS [`2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
94
99
 
95
- > 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.vercel.app/)browse agents, register yours, request verification.
100
+ > 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`**package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
101
+
102
+ > 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
96
103
 
97
104
  ## Why ASAP?
98
105
 
@@ -103,7 +110,7 @@ Building multi-agent systems today suffers from three core technical challenges
103
110
 
104
111
  **ASAP** provides a production-ready communication layer that simplifies these complexities. It's ideal for **multi-agent orchestration**, **stateful workflows** (persistence, resumability), **MCP support** and **production systems** requiring high-performance, type-safe agent communication.
105
112
 
106
- For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [spec](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/product-specs/strategy/v0-original-specs.md) for details.
113
+ For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) for the current protocol overview and features.
107
114
 
108
115
  ### Key Features
109
116
 
@@ -115,6 +122,9 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
115
122
  - **Security** — Bearer auth, OAuth2/JWT, Ed25519 signed manifests, optional mTLS, replay prevention, HTTPS, rate limiting. [Security Model](https://github.com/adriannoes/asap-protocol/blob/main/docs/security/v1.1-security-model.md) (trust limits, Custom Claims).
116
123
  - **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
117
124
  - **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
125
+ - **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
126
+ - **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.0` discovery types. Wire protocol unchanged. See [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) and [ShellClaw registry guide](docs/guides/shellclaw-registry.md).
127
+ - **Framework adapters (v2.3.1+, npm)** — **`@asap-protocol/mastra`** and **`@asap-protocol/openai-agents`** expose ASAP capabilities as Mastra tools and OpenAI Agents SDK `tool()` definitions. See [Migration (v2.3.0 → v2.3.1)](docs/migration.md#upgrading-from-v230-to-v231).
118
128
  - **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
119
129
 
120
130
  ### 🆕 Framework Ecosystem
@@ -134,7 +144,19 @@ Or with pip:
134
144
  pip install asap-protocol
135
145
  ```
136
146
 
137
- 📦 **Available on [PyPI](https://pypi.org/project/asap-protocol/)** for reproducible environments, prefer `uv` when possible.
147
+ **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.0`**). The `latest` dist-tag matches **`npm view @asap-protocol/client version`**.
148
+
149
+ **npm** Mastra [**`@asap-protocol/mastra@2.4.0`**](https://www.npmjs.com/package/@asap-protocol/mastra) bridges ASAP capabilities onto **`@mastra/core`** tools; docs: [`docs/integrations/mastra.md`](docs/integrations/mastra.md), demo: [`apps/example-mastra/README.md`](apps/example-mastra/README.md).
150
+
151
+ **npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.0`**](https://www.npmjs.com/package/@asap-protocol/openai-agents) exposes ASAP capabilities as **`@openai/agents`** `tool()` definitions — **not** the Chat Completions helper [`adapters/openai`](packages/typescript/client/src/adapters/openai.ts); docs: [`docs/integrations/openai-agents.md`](docs/integrations/openai-agents.md), demo: [`apps/example-openai-agents/README.md`](apps/example-openai-agents/README.md).
152
+
153
+ ```bash
154
+ npm install @asap-protocol/client@2.4.0
155
+ npm install @asap-protocol/mastra@2.4.0 @asap-protocol/client @mastra/core zod
156
+ npm install @asap-protocol/openai-agents@2.4.0 @asap-protocol/client @openai/agents zod
157
+ ```
158
+
159
+ 📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
138
160
 
139
161
  ## Quick Start
140
162
 
@@ -177,6 +199,7 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
177
199
 
178
200
  **Learn**
179
201
  - [Docs](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [API Reference](https://github.com/adriannoes/asap-protocol/blob/main/docs/api-reference.md)
202
+ - [TypeScript client SDK](https://github.com/adriannoes/asap-protocol/blob/main/docs/sdks/typescript.md) — `@asap-protocol/client` (identity, capabilities, streaming, adapters)
180
203
  - [Tutorials](https://github.com/adriannoes/asap-protocol/tree/main/docs/tutorials) — First agent to production checklist
181
204
  - [Migration from A2A/MCP](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md)
182
205
  - [Raw Fetch (non-Python)](https://github.com/adriannoes/asap-protocol/blob/main/docs/raw-fetch.md) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.
@@ -189,11 +212,11 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
189
212
 
190
213
  **Decisions & Operations**
191
214
  - [ADRs](https://github.com/adriannoes/asap-protocol/tree/main/docs/adr) — 19 Architecture Decision Records
192
- - [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/dev-planning/architecture/tech-stack-decisions.md) — Rationale for Python, Pydantic, Next.js choices
215
+ - [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main/engineering/architecture/tech-stack-decisions.md) — Rationale for Python, Pydantic, Next.js choices
193
216
  - [Deployment](https://github.com/adriannoes/asap-protocol/blob/main/docs/deployment/kubernetes.md) | [Troubleshooting](https://github.com/adriannoes/asap-protocol/blob/main/docs/troubleshooting.md)
194
217
 
195
218
  **Release**
196
- - [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | [PyPI](https://pypi.org/project/asap-protocol/)
219
+ - [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | **[PyPI listing](https://pypi.org/project/asap-protocol/)** — `https://pypi.org/project/asap-protocol/` (install: `pip install asap-protocol`)
197
220
 
198
221
  ## CLI
199
222
 
@@ -213,20 +236,25 @@ See the [CLI reference](docs/cli.md) for `compliance-check` and `audit export` f
213
236
 
214
237
  ## Version History
215
238
 
216
- - **v1.1** adds OAuth2, WebSocket, Discovery (well-known + Lite Registry), State Storage (SQLite) and Webhooks.
217
- - **v1.2** adds Ed25519 signed manifests, trust levels, optional mTLS and the [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md).
218
- - **v1.3** adds delegation commands (`asap delegation create`, `asap delegation revoke`).
219
- - **v2.0** adds the Lean Marketplace Web App (Next.js), Lite Registry on GitHub Pages, IssueOps registration, OAuth sign-in for developers, and Verified Badge flow.
220
- - **v2.1** adds the Consumer SDK (`MarketClient`), optional framework extras (LangChain, CrewAI, LlamaIndex, SmolAgents, OpenClaw, ), and registry UX improvements on PyPI.
221
- - **v2.1.1** is a patch release: JWT algorithm allowlist, SQLite async bridging, optional Redis-backed rate limits, SSRF hardening in the web app, and related reliability fixes (see [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)).
222
- - **v2.2** adds per-runtime agent identity, capability-based authorization, SSE streaming (`POST /asap/stream`), `ASAP-Version` negotiation, JSON-RPC batch requests, tamper-evident audit logging, async state stores, and Compliance Harness v2.
223
- - **v2.2.1** closes the SELF-002 follow-up with **real WebAuthn** attestation/assertion via the opt-in `asap-protocol[webauthn]` extra, ships the `asap compliance-check` and `asap audit export` CLIs, promotes the client SDK `ResolvedAgent.run()` to a typed contract (raises `TypeError` on protocol violation), introduces the `asap.economics.audit.AuditChainBroken` exception for scripted tamper handling, and pins upper bounds on security-sensitive deps (`cryptography`, `authlib`, `joserfc`, `pyjwt`, `webauthn`, `pydantic`) — see [dependency policy](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) and full notes in the [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md).
224
-
225
- For a structured index of per-version features, see the [docs index](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md#v11-features-api-reference--guides).
239
+ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)** and the **[docs index](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md#v11-features-api-reference--guides)** for full notes.
240
+
241
+ | Version | What shipped |
242
+ | :-- | :-- |
243
+ | **v2.4.0** | **Edge-AI discovery** **[GitHub Release `v2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** · optional `hardware` / `inference` manifest fields, registry mirror, marketplace filters, **`@asap-protocol/client@2.4.0`**, ShellClaw onboarding docs. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#240---2026-05-24) and [Migration (v2.3.x v2.4.0)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v23x-to-v240) |
244
+ | **v2.3.1** | **npm TS patch** **[GitHub Release `v2.3.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.3.1)** · **`@asap-protocol/mastra`**, **`@asap-protocol/openai-agents`**, **`@asap-protocol/client@2.3.1`** (additive adapter exports). Python **2.3.0** unchanged. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#231---2026-05-20) and [Migration (v2.3.0 v2.3.1)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v230-to-v231) |
245
+ | **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
246
+ | **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
247
+ | **v2.2** | Per-runtime identity & capability auth · SSE `POST /asap/stream` · `ASAP-Version` · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
248
+ | **v2.1.1** | Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening |
249
+ | **v2.1** | `MarketClient` · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX |
250
+ | **v2.0** | Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow |
251
+ | **v1.3** | `asap delegation create` / `revoke` |
252
+ | **v1.2** | Ed25519 manifests · trust levels · optional mTLS · [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md) |
253
+ | **v1.1** | OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks |
226
254
 
227
255
  ## 🔭 What's Next?
228
256
 
229
- ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See our [vision document](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/product-specs/strategy/vision-agent-marketplace.md) for the full roadmap.
257
+ ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See the [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md) and [v2.0 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.0-roadmap.md). Detailed long-term strategy narratives are maintained privately (not shipped in this repository).
230
258
 
231
259
  ## Contributing
232
260
 
@@ -236,10 +264,22 @@ Every contribution, from bug reports to feature suggestions, documentation impro
236
264
 
237
265
  Check out our [contributing guidelines](https://github.com/adriannoes/asap-protocol/blob/main/CONTRIBUTING.md) to get started. It's easier than you think! 🚀
238
266
 
267
+ ## Contact
268
+
269
+ For **general questions** about the protocol, the marketplace, partnerships, or press (not security vulnerabilities — use [SECURITY.md](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md) for those):
270
+
271
+ - **Email:** [info@asap-protocol.com](mailto:info@asap-protocol.com)
272
+
273
+ You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
274
+
275
+ ## Privacy
276
+
277
+ See [PRIVACY.md](PRIVACY.md) for how the public site and maintainer telemetry use aggregate metrics (including Vercel Web Analytics) without collecting agent IDs or end-user PII in repository outputs.
278
+
239
279
  ## License
240
280
 
241
281
  This project is licensed under the Apache 2.0 License - see the [license](https://github.com/adriannoes/asap-protocol/blob/main/LICENSE) file for details.
242
282
 
243
283
  ---
244
284
 
245
- **Built with [Cursor](https://cursor.com/) and [Claude Code](https://claude.com/claude-code)** primarily Claude Opus 4.7 (1M context) with Cursor Composer 1.5, Gemini 3.1 Pro, and Kimi K2.5 as collaborators.
285
+ **Built with [Cursor](https://cursor.com/)** using Opus 4.6/4.7, Composer 1.5/2.0, Gemini 3.1 Pro and Kimi K2.5.
@@ -7,9 +7,11 @@
7
7
 
8
8
  > A production-ready protocol for agent-to-agent communication and task coordination.
9
9
 
10
- **Quick Info**: `v2.2.1` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [PyPI](https://pypi.org/project/asap-protocol/) | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
10
+ **Quick Info**: `v2.4.0` (PyPI) · **npm TS [`2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
11
11
 
12
- > 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.vercel.app/)browse agents, register yours, request verification.
12
+ > 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`**package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
13
+
14
+ > 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
13
15
 
14
16
  ## Why ASAP?
15
17
 
@@ -20,7 +22,7 @@ Building multi-agent systems today suffers from three core technical challenges
20
22
 
21
23
  **ASAP** provides a production-ready communication layer that simplifies these complexities. It's ideal for **multi-agent orchestration**, **stateful workflows** (persistence, resumability), **MCP support** and **production systems** requiring high-performance, type-safe agent communication.
22
24
 
23
- For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [spec](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/product-specs/strategy/v0-original-specs.md) for details.
25
+ For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) for the current protocol overview and features.
24
26
 
25
27
  ### Key Features
26
28
 
@@ -32,6 +34,9 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
32
34
  - **Security** — Bearer auth, OAuth2/JWT, Ed25519 signed manifests, optional mTLS, replay prevention, HTTPS, rate limiting. [Security Model](https://github.com/adriannoes/asap-protocol/blob/main/docs/security/v1.1-security-model.md) (trust limits, Custom Claims).
33
35
  - **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
34
36
  - **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
37
+ - **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
38
+ - **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.0` discovery types. Wire protocol unchanged. See [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) and [ShellClaw registry guide](docs/guides/shellclaw-registry.md).
39
+ - **Framework adapters (v2.3.1+, npm)** — **`@asap-protocol/mastra`** and **`@asap-protocol/openai-agents`** expose ASAP capabilities as Mastra tools and OpenAI Agents SDK `tool()` definitions. See [Migration (v2.3.0 → v2.3.1)](docs/migration.md#upgrading-from-v230-to-v231).
35
40
  - **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
36
41
 
37
42
  ### 🆕 Framework Ecosystem
@@ -51,7 +56,19 @@ Or with pip:
51
56
  pip install asap-protocol
52
57
  ```
53
58
 
54
- 📦 **Available on [PyPI](https://pypi.org/project/asap-protocol/)** for reproducible environments, prefer `uv` when possible.
59
+ **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.0`**). The `latest` dist-tag matches **`npm view @asap-protocol/client version`**.
60
+
61
+ **npm** Mastra [**`@asap-protocol/mastra@2.4.0`**](https://www.npmjs.com/package/@asap-protocol/mastra) bridges ASAP capabilities onto **`@mastra/core`** tools; docs: [`docs/integrations/mastra.md`](docs/integrations/mastra.md), demo: [`apps/example-mastra/README.md`](apps/example-mastra/README.md).
62
+
63
+ **npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.0`**](https://www.npmjs.com/package/@asap-protocol/openai-agents) exposes ASAP capabilities as **`@openai/agents`** `tool()` definitions — **not** the Chat Completions helper [`adapters/openai`](packages/typescript/client/src/adapters/openai.ts); docs: [`docs/integrations/openai-agents.md`](docs/integrations/openai-agents.md), demo: [`apps/example-openai-agents/README.md`](apps/example-openai-agents/README.md).
64
+
65
+ ```bash
66
+ npm install @asap-protocol/client@2.4.0
67
+ npm install @asap-protocol/mastra@2.4.0 @asap-protocol/client @mastra/core zod
68
+ npm install @asap-protocol/openai-agents@2.4.0 @asap-protocol/client @openai/agents zod
69
+ ```
70
+
71
+ 📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
55
72
 
56
73
  ## Quick Start
57
74
 
@@ -94,6 +111,7 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
94
111
 
95
112
  **Learn**
96
113
  - [Docs](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [API Reference](https://github.com/adriannoes/asap-protocol/blob/main/docs/api-reference.md)
114
+ - [TypeScript client SDK](https://github.com/adriannoes/asap-protocol/blob/main/docs/sdks/typescript.md) — `@asap-protocol/client` (identity, capabilities, streaming, adapters)
97
115
  - [Tutorials](https://github.com/adriannoes/asap-protocol/tree/main/docs/tutorials) — First agent to production checklist
98
116
  - [Migration from A2A/MCP](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md)
99
117
  - [Raw Fetch (non-Python)](https://github.com/adriannoes/asap-protocol/blob/main/docs/raw-fetch.md) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.
@@ -106,11 +124,11 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
106
124
 
107
125
  **Decisions & Operations**
108
126
  - [ADRs](https://github.com/adriannoes/asap-protocol/tree/main/docs/adr) — 19 Architecture Decision Records
109
- - [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/dev-planning/architecture/tech-stack-decisions.md) — Rationale for Python, Pydantic, Next.js choices
127
+ - [Tech Stack](https://github.com/adriannoes/asap-protocol/blob/main/engineering/architecture/tech-stack-decisions.md) — Rationale for Python, Pydantic, Next.js choices
110
128
  - [Deployment](https://github.com/adriannoes/asap-protocol/blob/main/docs/deployment/kubernetes.md) | [Troubleshooting](https://github.com/adriannoes/asap-protocol/blob/main/docs/troubleshooting.md)
111
129
 
112
130
  **Release**
113
- - [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | [PyPI](https://pypi.org/project/asap-protocol/)
131
+ - [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md) | **[PyPI listing](https://pypi.org/project/asap-protocol/)** — `https://pypi.org/project/asap-protocol/` (install: `pip install asap-protocol`)
114
132
 
115
133
  ## CLI
116
134
 
@@ -130,20 +148,25 @@ See the [CLI reference](docs/cli.md) for `compliance-check` and `audit export` f
130
148
 
131
149
  ## Version History
132
150
 
133
- - **v1.1** adds OAuth2, WebSocket, Discovery (well-known + Lite Registry), State Storage (SQLite) and Webhooks.
134
- - **v1.2** adds Ed25519 signed manifests, trust levels, optional mTLS and the [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md).
135
- - **v1.3** adds delegation commands (`asap delegation create`, `asap delegation revoke`).
136
- - **v2.0** adds the Lean Marketplace Web App (Next.js), Lite Registry on GitHub Pages, IssueOps registration, OAuth sign-in for developers, and Verified Badge flow.
137
- - **v2.1** adds the Consumer SDK (`MarketClient`), optional framework extras (LangChain, CrewAI, LlamaIndex, SmolAgents, OpenClaw, ), and registry UX improvements on PyPI.
138
- - **v2.1.1** is a patch release: JWT algorithm allowlist, SQLite async bridging, optional Redis-backed rate limits, SSRF hardening in the web app, and related reliability fixes (see [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)).
139
- - **v2.2** adds per-runtime agent identity, capability-based authorization, SSE streaming (`POST /asap/stream`), `ASAP-Version` negotiation, JSON-RPC batch requests, tamper-evident audit logging, async state stores, and Compliance Harness v2.
140
- - **v2.2.1** closes the SELF-002 follow-up with **real WebAuthn** attestation/assertion via the opt-in `asap-protocol[webauthn]` extra, ships the `asap compliance-check` and `asap audit export` CLIs, promotes the client SDK `ResolvedAgent.run()` to a typed contract (raises `TypeError` on protocol violation), introduces the `asap.economics.audit.AuditChainBroken` exception for scripted tamper handling, and pins upper bounds on security-sensitive deps (`cryptography`, `authlib`, `joserfc`, `pyjwt`, `webauthn`, `pydantic`) — see [dependency policy](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) and full notes in the [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md).
141
-
142
- For a structured index of per-version features, see the [docs index](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md#v11-features-api-reference--guides).
151
+ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)** and the **[docs index](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md#v11-features-api-reference--guides)** for full notes.
152
+
153
+ | Version | What shipped |
154
+ | :-- | :-- |
155
+ | **v2.4.0** | **Edge-AI discovery** **[GitHub Release `v2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** · optional `hardware` / `inference` manifest fields, registry mirror, marketplace filters, **`@asap-protocol/client@2.4.0`**, ShellClaw onboarding docs. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#240---2026-05-24) and [Migration (v2.3.x v2.4.0)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v23x-to-v240) |
156
+ | **v2.3.1** | **npm TS patch** **[GitHub Release `v2.3.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.3.1)** · **`@asap-protocol/mastra`**, **`@asap-protocol/openai-agents`**, **`@asap-protocol/client@2.3.1`** (additive adapter exports). Python **2.3.0** unchanged. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#231---2026-05-20) and [Migration (v2.3.0 v2.3.1)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v230-to-v231) |
157
+ | **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
158
+ | **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
159
+ | **v2.2** | Per-runtime identity & capability auth · SSE `POST /asap/stream` · `ASAP-Version` · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
160
+ | **v2.1.1** | Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening |
161
+ | **v2.1** | `MarketClient` · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX |
162
+ | **v2.0** | Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow |
163
+ | **v1.3** | `asap delegation create` / `revoke` |
164
+ | **v1.2** | Ed25519 manifests · trust levels · optional mTLS · [Compliance Harness](https://github.com/adriannoes/asap-protocol/blob/main/asap-compliance/README.md) |
165
+ | **v1.1** | OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks |
143
166
 
144
167
  ## 🔭 What's Next?
145
168
 
146
- ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See our [vision document](https://github.com/adriannoes/asap-protocol/blob/main/.cursor/product-specs/strategy/vision-agent-marketplace.md) for the full roadmap.
169
+ ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See the [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md) and [v2.0 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.0-roadmap.md). Detailed long-term strategy narratives are maintained privately (not shipped in this repository).
147
170
 
148
171
  ## Contributing
149
172
 
@@ -153,10 +176,22 @@ Every contribution, from bug reports to feature suggestions, documentation impro
153
176
 
154
177
  Check out our [contributing guidelines](https://github.com/adriannoes/asap-protocol/blob/main/CONTRIBUTING.md) to get started. It's easier than you think! 🚀
155
178
 
179
+ ## Contact
180
+
181
+ For **general questions** about the protocol, the marketplace, partnerships, or press (not security vulnerabilities — use [SECURITY.md](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md) for those):
182
+
183
+ - **Email:** [info@asap-protocol.com](mailto:info@asap-protocol.com)
184
+
185
+ You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
186
+
187
+ ## Privacy
188
+
189
+ See [PRIVACY.md](PRIVACY.md) for how the public site and maintainer telemetry use aggregate metrics (including Vercel Web Analytics) without collecting agent IDs or end-user PII in repository outputs.
190
+
156
191
  ## License
157
192
 
158
193
  This project is licensed under the Apache 2.0 License - see the [license](https://github.com/adriannoes/asap-protocol/blob/main/LICENSE) file for details.
159
194
 
160
195
  ---
161
196
 
162
- **Built with [Cursor](https://cursor.com/) and [Claude Code](https://claude.com/claude-code)** primarily Claude Opus 4.7 (1M context) with Cursor Composer 1.5, Gemini 3.1 Pro, and Kimi K2.5 as collaborators.
197
+ **Built with [Cursor](https://cursor.com/)** using Opus 4.6/4.7, Composer 1.5/2.0, Gemini 3.1 Pro and Kimi K2.5.