asap-protocol 2.3.0__tar.gz → 2.4.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (194) hide show
  1. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/.gitignore +6 -0
  2. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/CHANGELOG.md +118 -0
  3. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/PKG-INFO +25 -8
  4. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/README.md +17 -3
  5. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/pyproject.toml +25 -9
  6. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/entities/manifest.schema.json +131 -1
  7. asap_protocol-2.4.0/schemas/examples/shellclaw-jetson-capabilities.json +38 -0
  8. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/__init__.py +1 -1
  9. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/agent_jwt.py +1 -18
  10. asap_protocol-2.4.0/src/asap/auth/claims.py +43 -0
  11. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/jwks.py +25 -6
  12. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/middleware.py +44 -37
  13. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/discovery/registry.py +84 -0
  14. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/secure_agent.py +6 -0
  15. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/integrations/crewai.py +2 -2
  16. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/integrations/llamaindex.py +33 -15
  17. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/entities.py +74 -1
  18. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/enums.py +36 -0
  19. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/server.py +30 -0
  20. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/LICENSE +0 -0
  21. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/entities/agent.schema.json +0 -0
  22. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/entities/artifact.schema.json +0 -0
  23. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/entities/conversation.schema.json +0 -0
  24. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/entities/message.schema.json +0 -0
  25. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/entities/state_snapshot.schema.json +0 -0
  26. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/entities/task.schema.json +0 -0
  27. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/envelope.schema.json +0 -0
  28. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/parts/data_part.schema.json +0 -0
  29. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/parts/file_part.schema.json +0 -0
  30. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/parts/resource_part.schema.json +0 -0
  31. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/parts/template_part.schema.json +0 -0
  32. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/parts/text_part.schema.json +0 -0
  33. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/artifact_notify.schema.json +0 -0
  34. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/mcp_resource_data.schema.json +0 -0
  35. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/mcp_resource_fetch.schema.json +0 -0
  36. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/mcp_tool_call.schema.json +0 -0
  37. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/mcp_tool_result.schema.json +0 -0
  38. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/message_send.schema.json +0 -0
  39. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/state_query.schema.json +0 -0
  40. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/state_restore.schema.json +0 -0
  41. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/task_cancel.schema.json +0 -0
  42. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/task_request.schema.json +0 -0
  43. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/task_response.schema.json +0 -0
  44. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/schemas/payloads/task_update.schema.json +0 -0
  45. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/adapters/__init__.py +0 -0
  46. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/adapters/openapi/__init__.py +0 -0
  47. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/adapters/openapi/approval.py +0 -0
  48. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/adapters/openapi/capability_mapper.py +0 -0
  49. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/adapters/openapi/factory.py +0 -0
  50. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/adapters/openapi/handler.py +0 -0
  51. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/adapters/openapi/spec_loader.py +0 -0
  52. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/__init__.py +0 -0
  53. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/approval.py +0 -0
  54. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/capabilities.py +0 -0
  55. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/identity.py +0 -0
  56. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/introspection.py +0 -0
  57. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/lifecycle.py +0 -0
  58. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/oauth2.py +0 -0
  59. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/oidc.py +0 -0
  60. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/scopes.py +0 -0
  61. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/self_auth.py +0 -0
  62. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/utils.py +0 -0
  63. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/auth/webauthn.py +0 -0
  64. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/cli/__init__.py +0 -0
  65. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/cli/audit_export.py +0 -0
  66. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/cli/compliance_check.py +0 -0
  67. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/client/__init__.py +0 -0
  68. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/client/cache.py +0 -0
  69. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/client/http_client.py +0 -0
  70. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/client/market.py +0 -0
  71. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/client/revocation.py +0 -0
  72. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/client/trust.py +0 -0
  73. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/crypto/__init__.py +0 -0
  74. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/crypto/keys.py +0 -0
  75. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/crypto/models.py +0 -0
  76. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/crypto/signing.py +0 -0
  77. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/crypto/trust.py +0 -0
  78. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/crypto/trust_levels.py +0 -0
  79. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/discovery/__init__.py +0 -0
  80. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/discovery/dnssd.py +0 -0
  81. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/discovery/health.py +0 -0
  82. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/discovery/validation.py +0 -0
  83. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/discovery/wellknown.py +0 -0
  84. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/economics/__init__.py +0 -0
  85. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/economics/audit.py +0 -0
  86. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/economics/delegation.py +0 -0
  87. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/economics/delegation_storage.py +0 -0
  88. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/economics/hooks.py +0 -0
  89. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/economics/metering.py +0 -0
  90. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/economics/sla.py +0 -0
  91. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/economics/sla_storage.py +0 -0
  92. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/economics/storage.py +0 -0
  93. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/errors.py +0 -0
  94. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/README.md +0 -0
  95. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/__init__.py +0 -0
  96. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/a2h_approval.py +0 -0
  97. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/agent_failover.py +0 -0
  98. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/auth_patterns.py +0 -0
  99. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/coordinator.py +0 -0
  100. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/echo_agent.py +0 -0
  101. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/error_recovery.py +0 -0
  102. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/long_running.py +0 -0
  103. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/mcp_client_demo.py +0 -0
  104. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/mcp_integration.py +0 -0
  105. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/multi_step_workflow.py +0 -0
  106. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/orchestration.py +0 -0
  107. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/rate_limiting.py +0 -0
  108. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/run_demo.py +0 -0
  109. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/secure_handler.py +0 -0
  110. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/state_migration.py +0 -0
  111. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/storage_backends.py +0 -0
  112. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/streaming_agent.py +0 -0
  113. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/streaming_response.py +0 -0
  114. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/v1_3_0_showcase.py +0 -0
  115. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/v1_4_0_showcase.py +0 -0
  116. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/examples/websocket_concept.py +0 -0
  117. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/handlers/__init__.py +0 -0
  118. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/handlers/hitl.py +0 -0
  119. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/integrations/__init__.py +0 -0
  120. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/integrations/a2h.py +0 -0
  121. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/integrations/langchain.py +0 -0
  122. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/integrations/openclaw.py +0 -0
  123. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/integrations/pydanticai.py +0 -0
  124. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/integrations/smolagents.py +0 -0
  125. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/integrations/vercel_ai.py +0 -0
  126. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/mcp/__init__.py +0 -0
  127. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/mcp/client.py +0 -0
  128. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/mcp/protocol.py +0 -0
  129. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/mcp/serve.py +0 -0
  130. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/mcp/server.py +0 -0
  131. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/mcp/server_runner.py +0 -0
  132. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/__init__.py +0 -0
  133. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/base.py +0 -0
  134. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/constants.py +0 -0
  135. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/envelope.py +0 -0
  136. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/ids.py +0 -0
  137. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/parts.py +0 -0
  138. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/payloads.py +0 -0
  139. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/types.py +0 -0
  140. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/models/validators.py +0 -0
  141. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/observability/__init__.py +0 -0
  142. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/observability/dashboards/README.md +0 -0
  143. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/observability/dashboards/asap-detailed.json +0 -0
  144. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/observability/dashboards/asap-red.json +0 -0
  145. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/observability/logging.py +0 -0
  146. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/observability/metrics.py +0 -0
  147. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/observability/trace_parser.py +0 -0
  148. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/observability/trace_ui.py +0 -0
  149. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/observability/tracing.py +0 -0
  150. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/registry/__init__.py +0 -0
  151. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/registry/anti_spam.py +0 -0
  152. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/registry/auto_registration.py +0 -0
  153. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/registry/bot_pr.py +0 -0
  154. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/registry/receipt_cache.py +0 -0
  155. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/schemas.py +0 -0
  156. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/state/__init__.py +0 -0
  157. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/state/machine.py +0 -0
  158. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/state/metering.py +0 -0
  159. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/state/snapshot.py +0 -0
  160. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/state/stores/__init__.py +0 -0
  161. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/state/stores/memory.py +0 -0
  162. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/state/stores/sqlite.py +0 -0
  163. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/testing/__init__.py +0 -0
  164. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/testing/asgi_factory.py +0 -0
  165. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/testing/assertions.py +0 -0
  166. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/testing/compliance.py +0 -0
  167. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/testing/fixtures.py +0 -0
  168. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/testing/mocks.py +0 -0
  169. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/__init__.py +0 -0
  170. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/_auth_helpers.py +0 -0
  171. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/agent_routes.py +0 -0
  172. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/cache.py +0 -0
  173. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/capability_routes.py +0 -0
  174. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/challenge.py +0 -0
  175. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/circuit_breaker.py +0 -0
  176. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/client.py +0 -0
  177. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/codecs/__init__.py +0 -0
  178. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/codecs/lambda_codec.py +0 -0
  179. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/compression.py +0 -0
  180. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/delegation_api.py +0 -0
  181. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/escalation_routes.py +0 -0
  182. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/executors.py +0 -0
  183. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/handlers.py +0 -0
  184. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/jsonrpc.py +0 -0
  185. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/middleware.py +0 -0
  186. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/mtls.py +0 -0
  187. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/rate_limit.py +0 -0
  188. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/sla_api.py +0 -0
  189. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/usage_api.py +0 -0
  190. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/validators.py +0 -0
  191. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/webhook.py +0 -0
  192. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/transport/websocket.py +0 -0
  193. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/utils/__init__.py +0 -0
  194. {asap_protocol-2.3.0 → asap_protocol-2.4.0}/src/asap/utils/sanitization.py +0 -0
@@ -186,6 +186,7 @@ product/strategy/
186
186
  product/private/
187
187
  product/private-roadmap/
188
188
  product/prd/private/
189
+ engineering/code-review/private/
189
190
  # Tactical PRDs outside private/ (patch train); single-digit and double-digit patch (e.g. v2.3.10)
190
191
  product/prd/prd-v2.3.[1-9]-*.md
191
192
  product/prd/prd-v2.3.[1-9][0-9]-*.md
@@ -203,6 +204,8 @@ node_modules/
203
204
  # Next.js app lib (do not ignore; root lib/ is for Python)
204
205
  !apps/web/src/lib/
205
206
  !apps/web/src/lib/**
207
+ !apps/example-mastra/src/lib/
208
+ !apps/example-mastra/src/lib/**
206
209
 
207
210
  # Benchmark and cache artifacts
208
211
  .benchmarks/
@@ -215,3 +218,6 @@ node_modules/
215
218
  eslint-report.json
216
219
  .vercel
217
220
  .env*.local
221
+
222
+ # Local weekly telemetry outputs (snapshots + dashboard; CI uses artifacts)
223
+ private/telemetry/
@@ -7,6 +7,124 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ### Security
11
+
12
+ - **OAuth2 middleware**: Validate JWT `iss` and `aud` when `ASAP_AUTH_ISSUER` / `ASAP_AUTH_AUDIENCE` (or `OAuth2Config.expected_issuer` / `expected_audience`) are set; refactored validation through `validate_jwt()` in `asap.auth.jwks`.
13
+ - **Identity binding**: Fail-closed when `manifest_id` is configured but neither custom claim nor `ASAP_AUTH_SUBJECT_MAP` allowlist matches (403 instead of warn-and-pass).
14
+ - **Web app (`apps/web`)**: Block open redirects on E2E fixture login routes via `resolveRedirectUrl`; harden SSRF on `/api/health-check` (127.0.0.0/8, DNS resolve4/6); Zod validation on API query params; rate-limit unit tests.
15
+
16
+ ### Fixed
17
+
18
+ - **CI security (`pip-audit`)**: Bumped transitive pins (`langchain-core`, `langsmith`, `python-multipart`, `urllib3`, `pip`, `smolagents`) and adjusted documented `--ignore-vuln` flags (pygments + **smolagents** CVEs with no PyPI fix yet; pip ≥26.1 clears prior pip ignore). See [SECURITY.md](SECURITY.md).
19
+ - **FastAPI / Starlette**: Raised `fastapi` floor to `>=0.136.1` so `starlette>=1.0.1` resolves **PYSEC-2026-161** (Host header path injection) without a `pip-audit` ignore.
20
+
21
+ ### Follow-up (not in this release)
22
+
23
+ - `extra="forbid"` on ingress payload models (`TaskRequestConfig`, `CommonMetadata`)
24
+ - Opt-in protection for operator APIs (`/usage`, `/sla`, `/audit`)
25
+ - Redis-backed `JtiReplayCache` and distributed Next.js rate limits
26
+ - Bump optional `pydantic-ai` extra (CVE-2026-46678)
27
+
28
+ ---
29
+
30
+ ## [2.4.0] - 2026-05-24
31
+
32
+ **Edge-AI discovery** — Optional structured hardware and inference capability
33
+ advertising on manifests, mirrored to the Lite Registry, marketplace filters, and
34
+ TypeScript discovery types. Wire protocol and existing manifests remain
35
+ backward compatible.
36
+
37
+ ### Added
38
+
39
+ - **feat(discovery): hardware and inference capability advertising**
40
+ - **Manifest schema** (`schemas/entities/manifest.schema.json`): optional
41
+ `capabilities.hardware` (`class`, `model`, `io`) and `capabilities.inference`
42
+ (`modes`, `local_models` with optional self-reported throughput); closed enums;
43
+ `additionalProperties: false` on nested objects. Example:
44
+ `schemas/examples/shellclaw-jetson-capabilities.json`.
45
+ - **Pydantic models** (`HardwareCapability`, `InferenceCapability`,
46
+ `LocalModelInfo`; enums `HardwareClass`, `HardwareIoType`, `InferenceMode`).
47
+ - **Registry mirror**: `RegistryEntry.hardware_class`, `inference_modes`,
48
+ `hardware_io`; `derive_registry_hardware_fields()` applied in
49
+ `auto_registration` and `process_registration` when a signed manifest is
50
+ loaded.
51
+ - **Discovery helpers**: `find_by_hardware_class`, `find_by_inference_mode`,
52
+ `find_by_io` in `asap.discovery.registry`.
53
+ - **Marketplace (web)**: Browse sidebar filters and agent detail blocks for
54
+ hardware class, inference mode, and I/O; register docs and IssueOps template
55
+ note manifest-derived fields.
56
+ - **TypeScript SDK** (`@asap-protocol/client@2.4.0`): optional hardware fields
57
+ on `RegistryEntry` with parsers in `discovery.ts`.
58
+ - **Docs**: `docs/transport.md`, `docs/registry/auto-registration.md`,
59
+ `docs/examples/registry-shellclaw.md`; fixtures under `tests/fixtures/`.
60
+ - **ShellClaw marketplace onboarding (S0)**: Guide
61
+ [docs/guides/shellclaw-registry.md](docs/guides/shellclaw-registry.md)
62
+ (`online_check: false`, static manifest URLs, IssueOps path); validation
63
+ fixtures `tests/fixtures/registry/shellclaw-v1.0-entry.json`.
64
+
65
+ ### Changed
66
+
67
+ - **Tags vs structured fields**: `tags` (e.g. `cuda`, `jetson`) remain valid;
68
+ registrants may migrate to structured `hardware` / `inference` when ready.
69
+
70
+ ### Community feedback
71
+
72
+ - Track enum and field feedback on GitHub: [#176](https://github.com/adriannoes/asap-protocol/issues/176).
73
+
74
+ ---
75
+
76
+ ## [2.3.1] - 2026-05-20
77
+
78
+ **Adapter Lab I** — TypeScript-only patch: two new framework adapters on npm and
79
+ additive exports on `@asap-protocol/client`. Python `asap-protocol` core is
80
+ unchanged; no wire-protocol or migration work required for existing deployments.
81
+
82
+ ### Added
83
+
84
+ - **`@asap-protocol/mastra@2.3.1`**: Expose ASAP capabilities as Mastra
85
+ `createTool` definitions, optional `createAsapMastraAgent` wrapper, and
86
+ streaming bridge. See [docs/integrations/mastra.md](docs/integrations/mastra.md).
87
+ ```bash
88
+ npm install @asap-protocol/mastra @asap-protocol/client @mastra/core zod
89
+ ```
90
+ - **`@asap-protocol/openai-agents@2.3.1`**: Expose ASAP capabilities as OpenAI
91
+ Agents SDK `tool()` definitions, remote-agent handoff helpers, and streaming
92
+ bridge. See [docs/integrations/openai-agents.md](docs/integrations/openai-agents.md).
93
+ ```bash
94
+ npm install @asap-protocol/openai-agents @asap-protocol/client @openai/agents zod
95
+ ```
96
+ - **Examples**: `apps/example-mastra` and `apps/example-openai-agents` (Compliance
97
+ Harness v2 score 1.0 against the loopback provider).
98
+
99
+ ### Changed
100
+
101
+ - **`@asap-protocol/client@2.3.1`**: Additive exports for adapter authors —
102
+ public `@asap-protocol/client/adapters/shared`, `jsonSchemaForCapabilityOutput`,
103
+ execution types, and envelope helpers. Non-breaking; existing `@2.3.0` consumers
104
+ remain compatible.
105
+ - **CI security (`pip-audit`)**: Bumped transitive pins (`idna>=3.15`,
106
+ `markdown>=3.10.2`, `pymdown-extensions>=10.21.3`) and documented `--ignore-vuln`
107
+ flags for advisories with no PyPI fix yet (`PYSEC-2026-89`, `PYSEC-2025-183`,
108
+ `PYSEC-2024-271`). See [SECURITY.md](SECURITY.md).
109
+
110
+ ### Known limitations
111
+
112
+ - Adapter packages peer on pre-1.0 framework releases (`@mastra/core@^1.5.0`,
113
+ `@openai/agents@^0.11.0`). Pin peers in production until those ecosystems
114
+ stabilize semver.
115
+
116
+ ### Migration
117
+
118
+ - **v2.3.0 → v2.3.1**: Additive release — install new packages only if you adopt
119
+ Mastra or OpenAI Agents SDK integrations. See
120
+ [migration guide](docs/migration.md#upgrading-from-v230-to-v231).
121
+
122
+ ### Skipped (TS-only patch)
123
+
124
+ - **Python PyPI / Docker**: No changes to `asap-protocol` Python core (`2.3.0`
125
+ remains current on PyPI). Tag `v2.3.1` ships npm adapters only; any Docker
126
+ image retagged by CI is unchanged bytecode — do not treat it as a Python upgrade.
127
+
10
128
  ---
11
129
 
12
130
  ## [2.3.0] - 2026-05-04
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: asap-protocol
3
- Version: 2.3.0
3
+ Version: 2.4.0
4
4
  Summary: Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication
5
5
  Project-URL: Homepage, https://github.com/adriannoes/asap-protocol
6
6
  Project-URL: Documentation, https://adriannoes.github.io/asap-protocol
@@ -24,7 +24,7 @@ Requires-Dist: aiosqlite>=0.20
24
24
  Requires-Dist: authlib<2,>=1.6.11
25
25
  Requires-Dist: brotli>=1.2.0
26
26
  Requires-Dist: cryptography<47,>=46.0.7
27
- Requires-Dist: fastapi>=0.128.0
27
+ Requires-Dist: fastapi>=0.136.1
28
28
  Requires-Dist: httpx[http2]>=0.28.1
29
29
  Requires-Dist: jcs>=0.2.0
30
30
  Requires-Dist: joserfc<2,>=1.6.3
@@ -46,6 +46,7 @@ Requires-Dist: websockets>=12.0
46
46
  Provides-Extra: crewai
47
47
  Requires-Dist: crewai>=0.80; extra == 'crewai'
48
48
  Provides-Extra: dev
49
+ Requires-Dist: asgi-lifespan>=2.1.0; extra == 'dev'
49
50
  Requires-Dist: brotli>=1.1.0; extra == 'dev'
50
51
  Requires-Dist: mypy>=1.19.1; extra == 'dev'
51
52
  Requires-Dist: pip-audit>=2.7; extra == 'dev'
@@ -62,9 +63,9 @@ Provides-Extra: docs
62
63
  Requires-Dist: ghp-import>=2.1.0; extra == 'docs'
63
64
  Requires-Dist: mkdocs-material>=9.5; extra == 'docs'
64
65
  Requires-Dist: mkdocstrings[python]>=0.27; extra == 'docs'
65
- Requires-Dist: pymdown-extensions>=10.21; extra == 'docs'
66
+ Requires-Dist: pymdown-extensions>=10.21.3; extra == 'docs'
66
67
  Provides-Extra: langchain
67
- Requires-Dist: langchain-core>=0.2; extra == 'langchain'
68
+ Requires-Dist: langchain-core>=1.3.3; extra == 'langchain'
68
69
  Provides-Extra: llamaindex
69
70
  Requires-Dist: llama-index-core>=0.10; extra == 'llamaindex'
70
71
  Provides-Extra: mcp
@@ -78,7 +79,9 @@ Requires-Dist: pydantic-ai>=0.2; extra == 'pydanticai'
78
79
  Provides-Extra: redis
79
80
  Requires-Dist: redis>=5.0.0; extra == 'redis'
80
81
  Provides-Extra: smolagents
81
- Requires-Dist: smolagents>=1.0; extra == 'smolagents'
82
+ Requires-Dist: smolagents>=1.24.0; extra == 'smolagents'
83
+ Provides-Extra: telemetry
84
+ Requires-Dist: pypistats>=1.11.0; extra == 'telemetry'
82
85
  Provides-Extra: webauthn
83
86
  Requires-Dist: webauthn<3,>=2.6; extra == 'webauthn'
84
87
  Description-Content-Type: text/markdown
@@ -92,7 +95,7 @@ Description-Content-Type: text/markdown
92
95
 
93
96
  > A production-ready protocol for agent-to-agent communication and task coordination.
94
97
 
95
- **Quick Info**: `v2.3.0` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
98
+ **Quick Info**: `v2.4.0` (PyPI) · **npm TS [`2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
96
99
 
97
100
  > 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`** — package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
98
101
 
@@ -120,6 +123,8 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
120
123
  - **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
121
124
  - **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
122
125
  - **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
126
+ - **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.0` discovery types. Wire protocol unchanged. See [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) and [ShellClaw registry guide](docs/guides/shellclaw-registry.md).
127
+ - **Framework adapters (v2.3.1+, npm)** — **`@asap-protocol/mastra`** and **`@asap-protocol/openai-agents`** expose ASAP capabilities as Mastra tools and OpenAI Agents SDK `tool()` definitions. See [Migration (v2.3.0 → v2.3.1)](docs/migration.md#upgrading-from-v230-to-v231).
123
128
  - **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
124
129
 
125
130
  ### 🆕 Framework Ecosystem
@@ -139,10 +144,16 @@ Or with pip:
139
144
  pip install asap-protocol
140
145
  ```
141
146
 
142
- **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), aligned with protocol **v2.3.0**):
147
+ **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.0`**). The `latest` dist-tag matches **`npm view @asap-protocol/client version`**.
148
+
149
+ **npm** Mastra [**`@asap-protocol/mastra@2.4.0`**](https://www.npmjs.com/package/@asap-protocol/mastra) bridges ASAP capabilities onto **`@mastra/core`** tools; docs: [`docs/integrations/mastra.md`](docs/integrations/mastra.md), demo: [`apps/example-mastra/README.md`](apps/example-mastra/README.md).
150
+
151
+ **npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.0`**](https://www.npmjs.com/package/@asap-protocol/openai-agents) exposes ASAP capabilities as **`@openai/agents`** `tool()` definitions — **not** the Chat Completions helper [`adapters/openai`](packages/typescript/client/src/adapters/openai.ts); docs: [`docs/integrations/openai-agents.md`](docs/integrations/openai-agents.md), demo: [`apps/example-openai-agents/README.md`](apps/example-openai-agents/README.md).
143
152
 
144
153
  ```bash
145
- npm install @asap-protocol/client
154
+ npm install @asap-protocol/client@2.4.0
155
+ npm install @asap-protocol/mastra@2.4.0 @asap-protocol/client @mastra/core zod
156
+ npm install @asap-protocol/openai-agents@2.4.0 @asap-protocol/client @openai/agents zod
146
157
  ```
147
158
 
148
159
  📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
@@ -229,6 +240,8 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
229
240
 
230
241
  | Version | What shipped |
231
242
  | :-- | :-- |
243
+ | **v2.4.0** | **Edge-AI discovery** — **[GitHub Release `v2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** · optional `hardware` / `inference` manifest fields, registry mirror, marketplace filters, **`@asap-protocol/client@2.4.0`**, ShellClaw onboarding docs. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#240---2026-05-24) and [Migration (v2.3.x → v2.4.0)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v23x-to-v240) |
244
+ | **v2.3.1** | **npm TS patch** — **[GitHub Release `v2.3.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.3.1)** · **`@asap-protocol/mastra`**, **`@asap-protocol/openai-agents`**, **`@asap-protocol/client@2.3.1`** (additive adapter exports). Python **2.3.0** unchanged. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#231---2026-05-20) and [Migration (v2.3.0 → v2.3.1)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v230-to-v231) |
232
245
  | **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** — see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
233
246
  | **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
234
247
  | **v2.2** | Per-runtime identity & capability auth · SSE `POST /asap/stream` · `ASAP-Version` · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
@@ -259,6 +272,10 @@ For **general questions** about the protocol, the marketplace, partnerships, or
259
272
 
260
273
  You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
261
274
 
275
+ ## Privacy
276
+
277
+ See [PRIVACY.md](PRIVACY.md) for how the public site and maintainer telemetry use aggregate metrics (including Vercel Web Analytics) without collecting agent IDs or end-user PII in repository outputs.
278
+
262
279
  ## License
263
280
 
264
281
  This project is licensed under the Apache 2.0 License - see the [license](https://github.com/adriannoes/asap-protocol/blob/main/LICENSE) file for details.
@@ -7,7 +7,7 @@
7
7
 
8
8
  > A production-ready protocol for agent-to-agent communication and task coordination.
9
9
 
10
- **Quick Info**: `v2.3.0` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
10
+ **Quick Info**: `v2.4.0` (PyPI) · **npm TS [`2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
11
11
 
12
12
  > 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`** — package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
13
13
 
@@ -35,6 +35,8 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
35
35
  - **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
36
36
  - **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
37
37
  - **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
38
+ - **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.0` discovery types. Wire protocol unchanged. See [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) and [ShellClaw registry guide](docs/guides/shellclaw-registry.md).
39
+ - **Framework adapters (v2.3.1+, npm)** — **`@asap-protocol/mastra`** and **`@asap-protocol/openai-agents`** expose ASAP capabilities as Mastra tools and OpenAI Agents SDK `tool()` definitions. See [Migration (v2.3.0 → v2.3.1)](docs/migration.md#upgrading-from-v230-to-v231).
38
40
  - **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
39
41
 
40
42
  ### 🆕 Framework Ecosystem
@@ -54,10 +56,16 @@ Or with pip:
54
56
  pip install asap-protocol
55
57
  ```
56
58
 
57
- **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), aligned with protocol **v2.3.0**):
59
+ **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.0`**). The `latest` dist-tag matches **`npm view @asap-protocol/client version`**.
60
+
61
+ **npm** Mastra [**`@asap-protocol/mastra@2.4.0`**](https://www.npmjs.com/package/@asap-protocol/mastra) bridges ASAP capabilities onto **`@mastra/core`** tools; docs: [`docs/integrations/mastra.md`](docs/integrations/mastra.md), demo: [`apps/example-mastra/README.md`](apps/example-mastra/README.md).
62
+
63
+ **npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.0`**](https://www.npmjs.com/package/@asap-protocol/openai-agents) exposes ASAP capabilities as **`@openai/agents`** `tool()` definitions — **not** the Chat Completions helper [`adapters/openai`](packages/typescript/client/src/adapters/openai.ts); docs: [`docs/integrations/openai-agents.md`](docs/integrations/openai-agents.md), demo: [`apps/example-openai-agents/README.md`](apps/example-openai-agents/README.md).
58
64
 
59
65
  ```bash
60
- npm install @asap-protocol/client
66
+ npm install @asap-protocol/client@2.4.0
67
+ npm install @asap-protocol/mastra@2.4.0 @asap-protocol/client @mastra/core zod
68
+ npm install @asap-protocol/openai-agents@2.4.0 @asap-protocol/client @openai/agents zod
61
69
  ```
62
70
 
63
71
  📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
@@ -144,6 +152,8 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
144
152
 
145
153
  | Version | What shipped |
146
154
  | :-- | :-- |
155
+ | **v2.4.0** | **Edge-AI discovery** — **[GitHub Release `v2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** · optional `hardware` / `inference` manifest fields, registry mirror, marketplace filters, **`@asap-protocol/client@2.4.0`**, ShellClaw onboarding docs. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#240---2026-05-24) and [Migration (v2.3.x → v2.4.0)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v23x-to-v240) |
156
+ | **v2.3.1** | **npm TS patch** — **[GitHub Release `v2.3.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.3.1)** · **`@asap-protocol/mastra`**, **`@asap-protocol/openai-agents`**, **`@asap-protocol/client@2.3.1`** (additive adapter exports). Python **2.3.0** unchanged. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#231---2026-05-20) and [Migration (v2.3.0 → v2.3.1)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v230-to-v231) |
147
157
  | **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** — see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
148
158
  | **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
149
159
  | **v2.2** | Per-runtime identity & capability auth · SSE `POST /asap/stream` · `ASAP-Version` · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
@@ -174,6 +184,10 @@ For **general questions** about the protocol, the marketplace, partnerships, or
174
184
 
175
185
  You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
176
186
 
187
+ ## Privacy
188
+
189
+ See [PRIVACY.md](PRIVACY.md) for how the public site and maintainer telemetry use aggregate metrics (including Vercel Web Analytics) without collecting agent IDs or end-user PII in repository outputs.
190
+
177
191
  ## License
178
192
 
179
193
  This project is licensed under the Apache 2.0 License - see the [license](https://github.com/adriannoes/asap-protocol/blob/main/LICENSE) file for details.
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "asap-protocol"
3
- version = "2.3.0"
3
+ version = "2.4.0"
4
4
  description = "Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication"
5
5
  authors = [
6
6
  {name = "ASAP Protocol Contributors"}
@@ -27,7 +27,7 @@ dependencies = [
27
27
  "jcs>=0.2.0",
28
28
  "jsonschema>=4.23.0",
29
29
  "pydantic>=2.12.5,<3",
30
- "fastapi>=0.128.0",
30
+ "fastapi>=0.136.1",
31
31
  "httpx[http2]>=0.28.1",
32
32
  "authlib>=1.6.11,<2",
33
33
  "joserfc>=1.6.3,<2",
@@ -49,6 +49,7 @@ dependencies = [
49
49
 
50
50
  [project.optional-dependencies]
51
51
  dev = [
52
+ "asgi-lifespan>=2.1.0",
52
53
  "brotli>=1.1.0",
53
54
  "pytest>=9.0.3",
54
55
  "pytest-asyncio>=0.24",
@@ -64,7 +65,7 @@ docs = [
64
65
  "ghp-import>=2.1.0",
65
66
  "mkdocs-material>=9.5",
66
67
  "mkdocstrings[python]>=0.27",
67
- "pymdown-extensions>=10.21",
68
+ "pymdown-extensions>=10.21.3",
68
69
  ]
69
70
  dns-sd = [
70
71
  "zeroconf>=0.80",
@@ -82,7 +83,7 @@ mcp = [
82
83
  "mcp>=1.0.0",
83
84
  ]
84
85
  langchain = [
85
- "langchain-core>=0.2",
86
+ "langchain-core>=1.3.3",
86
87
  ]
87
88
  crewai = [
88
89
  "crewai>=0.80",
@@ -91,7 +92,7 @@ llamaindex = [
91
92
  "llama-index-core>=0.10",
92
93
  ]
93
94
  smolagents = [
94
- "smolagents>=1.0",
95
+ "smolagents>=1.24.0",
95
96
  ]
96
97
  pydanticai = [
97
98
  "pydantic-ai>=0.2",
@@ -103,6 +104,9 @@ openclaw = [
103
104
  openapi = [
104
105
  "openapi-pydantic>=0.5",
105
106
  ]
107
+ telemetry = [
108
+ "pypistats>=1.11.0",
109
+ ]
106
110
 
107
111
  [project.urls]
108
112
  Homepage = "https://github.com/adriannoes/asap-protocol"
@@ -119,10 +123,16 @@ Issues = "https://github.com/adriannoes/asap-protocol/issues"
119
123
  # - requests>=2.33.0 for CVE-2026-25645 (extract_zipped_paths temp file)
120
124
  # - pillow>=12.2.0 for CVE-2026-40192 (transitive, e.g. pdf/vision stacks)
121
125
  # - pytest>=9.0.3 for CVE-2025-71176 (dev)
122
- # - python-multipart>=0.0.26 for CVE-2026-40347 (FastAPI stack)
126
+ # - python-multipart>=0.0.27 for CVE-2026-42561 / CVE-2026-40347 (FastAPI stack)
123
127
  # - pygments>=2.20.0 for CVE-2026-4539
124
- # - langsmith>=0.7.31 for GHSA-rr7j-v2q5-chgv
128
+ # - langsmith>=0.8.0 for CVE-2026-45134 (prior: GHSA-rr7j-v2q5-chgv)
129
+ # - langchain-core>=1.3.3 for CVE-2026-44843
130
+ # - urllib3>=2.7.0 for CVE-2026-44431 / CVE-2026-44432
131
+ # - pip>=26.1 for CVE-2026-6357 (transitive via pip-api / venv)
125
132
  # - python-dotenv>=1.2.2 for CVE-2026-28684 (transitive, e.g. pydantic-settings / uvicorn stacks)
133
+ # - idna>=3.15 for CVE-2026-45409 (DoS in idna.encode; transitive via httpx/requests)
134
+ # - markdown>=3.10.2 for PYSEC-2026-89 (DoS in html.parser during Markdown parse; mkdocs stack)
135
+ # - pymdown-extensions>=10.21.3 for CVE-2026-46338 (snippets base_path prefix bypass; mkdocs stack)
126
136
  [tool.uv]
127
137
  override-dependencies = [
128
138
  "pyjwt>=2.12.0,<3",
@@ -132,10 +142,16 @@ override-dependencies = [
132
142
  "requests>=2.33.0",
133
143
  "pillow>=12.2.0",
134
144
  "pytest>=9.0.3",
135
- "python-multipart>=0.0.26",
145
+ "python-multipart>=0.0.27",
136
146
  "pygments>=2.20.0",
137
- "langsmith>=0.7.31",
147
+ "langsmith>=0.8.0",
148
+ "langchain-core>=1.3.3",
149
+ "urllib3>=2.7.0",
150
+ "pip>=26.1",
138
151
  "python-dotenv>=1.2.2",
152
+ "idna>=3.15",
153
+ "markdown>=3.10.2",
154
+ "pymdown-extensions>=10.21.3",
139
155
  ]
140
156
 
141
157
  [project.scripts]
@@ -33,9 +33,115 @@
33
33
  "title": "AuthScheme",
34
34
  "type": "object"
35
35
  },
36
+ "HardwareCapability": {
37
+ "additionalProperties": false,
38
+ "description": "Optional hardware hosting profile for edge and physical agents.\n\nAll fields are optional; registrants may omit the object entirely.\nClosed enums support marketplace filtering (v2.4+).",
39
+ "properties": {
40
+ "class": {
41
+ "description": "Hardware class hosting the agent",
42
+ "enum": [
43
+ "cloud",
44
+ "sbc",
45
+ "edge_accelerator",
46
+ "microcontroller",
47
+ "desktop"
48
+ ],
49
+ "title": "Class",
50
+ "type": "string"
51
+ },
52
+ "model": {
53
+ "description": "Specific board or SoC (e.g. jetson_orin_nano_super_8gb)",
54
+ "maxLength": 100,
55
+ "title": "Model",
56
+ "type": "string"
57
+ },
58
+ "io": {
59
+ "description": "Physical I/O interfaces available to the agent",
60
+ "items": {
61
+ "enum": [
62
+ "gpio",
63
+ "i2c",
64
+ "spi",
65
+ "uart",
66
+ "csi_camera",
67
+ "usb_camera",
68
+ "audio_in",
69
+ "audio_out",
70
+ "bluetooth",
71
+ "lora",
72
+ "ble"
73
+ ],
74
+ "type": "string"
75
+ },
76
+ "title": "Io",
77
+ "type": "array",
78
+ "uniqueItems": true
79
+ }
80
+ },
81
+ "title": "HardwareCapability",
82
+ "type": "object"
83
+ },
84
+ "InferenceCapability": {
85
+ "additionalProperties": false,
86
+ "description": "Optional local and cloud inference modes advertised by the agent.",
87
+ "properties": {
88
+ "modes": {
89
+ "description": "Supported inference execution modes",
90
+ "items": {
91
+ "enum": [
92
+ "cloud",
93
+ "local_cpu",
94
+ "local_cuda",
95
+ "local_metal",
96
+ "local_npu"
97
+ ],
98
+ "type": "string"
99
+ },
100
+ "title": "Modes",
101
+ "type": "array",
102
+ "uniqueItems": true
103
+ },
104
+ "local_models": {
105
+ "description": "Self-reported local models (optional throughput)",
106
+ "items": {
107
+ "$ref": "#/$defs/LocalModelInfo"
108
+ },
109
+ "title": "Local Models",
110
+ "type": "array"
111
+ }
112
+ },
113
+ "title": "InferenceCapability",
114
+ "type": "object"
115
+ },
116
+ "LocalModelInfo": {
117
+ "additionalProperties": false,
118
+ "description": "Metadata for a model running on-device (self-reported).",
119
+ "properties": {
120
+ "id": {
121
+ "description": "Model identifier (e.g. Hugging Face repo or GGUF name)",
122
+ "maxLength": 200,
123
+ "title": "Id",
124
+ "type": "string"
125
+ },
126
+ "quantization": {
127
+ "description": "Quantization label (e.g. Q4_K_M)",
128
+ "maxLength": 50,
129
+ "title": "Quantization",
130
+ "type": "string"
131
+ },
132
+ "throughput_tokens_per_second": {
133
+ "description": "Self-reported throughput (tokens per second)",
134
+ "minimum": 0,
135
+ "title": "Throughput Tokens Per Second",
136
+ "type": "number"
137
+ }
138
+ },
139
+ "title": "LocalModelInfo",
140
+ "type": "object"
141
+ },
36
142
  "Capability": {
37
143
  "additionalProperties": false,
38
- "description": "Collection of an agent's features and supported operations.\n\nCapabilities describe what an agent can do, including skills,\nstate persistence, streaming support, and MCP tool integration.\n\nAttributes:\n asap_version: ASAP protocol version supported (e.g., \"0.1\")\n skills: List of skills the agent can perform\n state_persistence: Whether the agent supports state snapshots\n streaming: Whether the agent supports streaming responses\n mcp_tools: List of MCP tool names the agent can execute\n\nExample:\n >>> capability = Capability(\n ... asap_version=\"0.1\",\n ... skills=[Skill(id=\"research\", description=\"Research skill\")],\n ... state_persistence=True,\n ... streaming=True,\n ... mcp_tools=[\"web_search\"]\n ... )",
144
+ "description": "Collection of an agent's features and supported operations.\n\nCapabilities describe what an agent can do, including skills,\nstate persistence, streaming support, MCP tool integration, and\noptional hardware / inference advertising (v2.4+).\n\nAttributes:\n asap_version: ASAP protocol version supported (e.g., \"0.1\")\n skills: List of skills the agent can perform\n state_persistence: Whether the agent supports state snapshots\n streaming: Whether the agent supports streaming responses\n mcp_tools: List of MCP tool names the agent can execute\n hardware: Optional hardware class, model, and I/O (v2.4+)\n inference: Optional inference modes and local models (v2.4+)\n\nExample:\n >>> capability = Capability(\n ... asap_version=\"0.1\",\n ... skills=[Skill(id=\"research\", description=\"Research skill\")],\n ... state_persistence=True,\n ... streaming=True,\n ... mcp_tools=[\"web_search\"]\n ... )",
39
145
  "properties": {
40
146
  "asap_version": {
41
147
  "default": "0.1",
@@ -70,6 +176,30 @@
70
176
  },
71
177
  "title": "Mcp Tools",
72
178
  "type": "array"
179
+ },
180
+ "hardware": {
181
+ "anyOf": [
182
+ {
183
+ "$ref": "#/$defs/HardwareCapability"
184
+ },
185
+ {
186
+ "type": "null"
187
+ }
188
+ ],
189
+ "default": null,
190
+ "description": "Optional hardware hosting profile (edge / physical agents)"
191
+ },
192
+ "inference": {
193
+ "anyOf": [
194
+ {
195
+ "$ref": "#/$defs/InferenceCapability"
196
+ },
197
+ {
198
+ "type": "null"
199
+ }
200
+ ],
201
+ "default": null,
202
+ "description": "Optional inference modes and local model metadata"
73
203
  }
74
204
  },
75
205
  "title": "Capability",
@@ -0,0 +1,38 @@
1
+ {
2
+ "asap_version": "2.1.0",
3
+ "skills": [
4
+ {
5
+ "id": "assistant",
6
+ "description": "General assistant on edge hardware"
7
+ },
8
+ {
9
+ "id": "edge_briefing",
10
+ "description": "Local briefing with optional cloud fallback"
11
+ },
12
+ {
13
+ "id": "server_admin",
14
+ "description": "Host administration tasks"
15
+ },
16
+ {
17
+ "id": "gpio_control",
18
+ "description": "GPIO pin control"
19
+ }
20
+ ],
21
+ "state_persistence": true,
22
+ "streaming": true,
23
+ "mcp_tools": [],
24
+ "hardware": {
25
+ "class": "edge_accelerator",
26
+ "model": "jetson_orin_nano_super_8gb",
27
+ "io": ["gpio", "i2c"]
28
+ },
29
+ "inference": {
30
+ "modes": ["cloud", "local_cuda"],
31
+ "local_models": [
32
+ {
33
+ "id": "Phi-3-mini-4k-instruct-Q4_K_M",
34
+ "quantization": "Q4_K_M"
35
+ }
36
+ ]
37
+ }
38
+ }
@@ -8,7 +8,7 @@ from __future__ import annotations
8
8
 
9
9
  from typing import Any
10
10
 
11
- __version__ = "2.3.0"
11
+ __version__ = "2.4.0"
12
12
 
13
13
  __all__ = ["__version__", "create_from_openapi"]
14
14
 
@@ -20,6 +20,7 @@ from joserfc.errors import JoseError
20
20
  from joserfc.jwk import OKPKey
21
21
  from joserfc.jws import extract_compact as _jws_extract_compact
22
22
 
23
+ from asap.auth.claims import audience_matches_expected as _audience_matches_expected
23
24
  from asap.auth.identity import (
24
25
  AgentSession,
25
26
  AgentStore,
@@ -154,24 +155,6 @@ def _jti_present(claims: dict[str, Any]) -> bool:
154
155
  return isinstance(jti, str) and bool(jti.strip())
155
156
 
156
157
 
157
- def _audience_matches_expected(
158
- claims: dict[str, Any],
159
- expected_audience: str | list[str],
160
- ) -> bool:
161
- """Return True if ``aud`` intersects ``expected_audience`` (RFC 7519 §4.1.3)."""
162
- aud = claims.get("aud")
163
- expected = (
164
- [expected_audience] if isinstance(expected_audience, str) else list(expected_audience)
165
- )
166
- if isinstance(aud, str):
167
- token_auds = [aud]
168
- elif isinstance(aud, list):
169
- token_auds = [a for a in aud if isinstance(a, str)]
170
- else:
171
- return False
172
- return any(a in expected for a in token_auds)
173
-
174
-
175
158
  async def verify_host_jwt(
176
159
  token: str,
177
160
  host_store: HostStore,