asap-protocol 2.3.0__tar.gz → 2.4.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (194) hide show
  1. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/.gitignore +6 -0
  2. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/CHANGELOG.md +131 -0
  3. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/PKG-INFO +28 -11
  4. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/README.md +17 -3
  5. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/pyproject.toml +35 -15
  6. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/entities/manifest.schema.json +131 -1
  7. asap_protocol-2.4.1/schemas/examples/shellclaw-jetson-capabilities.json +38 -0
  8. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/__init__.py +1 -1
  9. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/agent_jwt.py +1 -18
  10. asap_protocol-2.4.1/src/asap/auth/claims.py +43 -0
  11. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/jwks.py +25 -6
  12. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/middleware.py +44 -37
  13. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/discovery/registry.py +84 -0
  14. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/discovery/wellknown.py +1 -1
  15. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/secure_agent.py +6 -0
  16. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/integrations/crewai.py +2 -2
  17. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/integrations/llamaindex.py +33 -15
  18. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/integrations/pydanticai.py +28 -11
  19. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/integrations/smolagents.py +21 -18
  20. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/entities.py +74 -1
  21. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/enums.py +36 -0
  22. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/client.py +53 -20
  23. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/server.py +30 -0
  24. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/LICENSE +0 -0
  25. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/entities/agent.schema.json +0 -0
  26. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/entities/artifact.schema.json +0 -0
  27. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/entities/conversation.schema.json +0 -0
  28. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/entities/message.schema.json +0 -0
  29. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/entities/state_snapshot.schema.json +0 -0
  30. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/entities/task.schema.json +0 -0
  31. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/envelope.schema.json +0 -0
  32. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/parts/data_part.schema.json +0 -0
  33. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/parts/file_part.schema.json +0 -0
  34. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/parts/resource_part.schema.json +0 -0
  35. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/parts/template_part.schema.json +0 -0
  36. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/parts/text_part.schema.json +0 -0
  37. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/artifact_notify.schema.json +0 -0
  38. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/mcp_resource_data.schema.json +0 -0
  39. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/mcp_resource_fetch.schema.json +0 -0
  40. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/mcp_tool_call.schema.json +0 -0
  41. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/mcp_tool_result.schema.json +0 -0
  42. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/message_send.schema.json +0 -0
  43. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/state_query.schema.json +0 -0
  44. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/state_restore.schema.json +0 -0
  45. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/task_cancel.schema.json +0 -0
  46. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/task_request.schema.json +0 -0
  47. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/task_response.schema.json +0 -0
  48. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/schemas/payloads/task_update.schema.json +0 -0
  49. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/adapters/__init__.py +0 -0
  50. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/__init__.py +0 -0
  51. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/approval.py +0 -0
  52. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/capability_mapper.py +0 -0
  53. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/factory.py +0 -0
  54. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/handler.py +0 -0
  55. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/spec_loader.py +0 -0
  56. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/__init__.py +0 -0
  57. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/approval.py +0 -0
  58. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/capabilities.py +0 -0
  59. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/identity.py +0 -0
  60. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/introspection.py +0 -0
  61. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/lifecycle.py +0 -0
  62. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/oauth2.py +0 -0
  63. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/oidc.py +0 -0
  64. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/scopes.py +0 -0
  65. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/self_auth.py +0 -0
  66. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/utils.py +0 -0
  67. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/auth/webauthn.py +0 -0
  68. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/cli/__init__.py +0 -0
  69. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/cli/audit_export.py +0 -0
  70. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/cli/compliance_check.py +0 -0
  71. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/client/__init__.py +0 -0
  72. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/client/cache.py +0 -0
  73. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/client/http_client.py +0 -0
  74. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/client/market.py +0 -0
  75. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/client/revocation.py +0 -0
  76. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/client/trust.py +0 -0
  77. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/crypto/__init__.py +0 -0
  78. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/crypto/keys.py +0 -0
  79. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/crypto/models.py +0 -0
  80. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/crypto/signing.py +0 -0
  81. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/crypto/trust.py +0 -0
  82. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/crypto/trust_levels.py +0 -0
  83. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/discovery/__init__.py +0 -0
  84. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/discovery/dnssd.py +0 -0
  85. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/discovery/health.py +0 -0
  86. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/discovery/validation.py +0 -0
  87. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/economics/__init__.py +0 -0
  88. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/economics/audit.py +0 -0
  89. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/economics/delegation.py +0 -0
  90. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/economics/delegation_storage.py +0 -0
  91. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/economics/hooks.py +0 -0
  92. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/economics/metering.py +0 -0
  93. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/economics/sla.py +0 -0
  94. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/economics/sla_storage.py +0 -0
  95. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/economics/storage.py +0 -0
  96. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/errors.py +0 -0
  97. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/README.md +0 -0
  98. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/__init__.py +0 -0
  99. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/a2h_approval.py +0 -0
  100. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/agent_failover.py +0 -0
  101. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/auth_patterns.py +0 -0
  102. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/coordinator.py +0 -0
  103. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/echo_agent.py +0 -0
  104. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/error_recovery.py +0 -0
  105. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/long_running.py +0 -0
  106. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/mcp_client_demo.py +0 -0
  107. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/mcp_integration.py +0 -0
  108. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/multi_step_workflow.py +0 -0
  109. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/orchestration.py +0 -0
  110. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/rate_limiting.py +0 -0
  111. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/run_demo.py +0 -0
  112. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/secure_handler.py +0 -0
  113. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/state_migration.py +0 -0
  114. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/storage_backends.py +0 -0
  115. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/streaming_agent.py +0 -0
  116. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/streaming_response.py +0 -0
  117. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/v1_3_0_showcase.py +0 -0
  118. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/v1_4_0_showcase.py +0 -0
  119. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/examples/websocket_concept.py +0 -0
  120. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/handlers/__init__.py +0 -0
  121. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/handlers/hitl.py +0 -0
  122. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/integrations/__init__.py +0 -0
  123. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/integrations/a2h.py +0 -0
  124. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/integrations/langchain.py +0 -0
  125. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/integrations/openclaw.py +0 -0
  126. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/integrations/vercel_ai.py +0 -0
  127. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/mcp/__init__.py +0 -0
  128. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/mcp/client.py +0 -0
  129. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/mcp/protocol.py +0 -0
  130. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/mcp/serve.py +0 -0
  131. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/mcp/server.py +0 -0
  132. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/mcp/server_runner.py +0 -0
  133. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/__init__.py +0 -0
  134. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/base.py +0 -0
  135. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/constants.py +0 -0
  136. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/envelope.py +0 -0
  137. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/ids.py +0 -0
  138. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/parts.py +0 -0
  139. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/payloads.py +0 -0
  140. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/types.py +0 -0
  141. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/models/validators.py +0 -0
  142. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/observability/__init__.py +0 -0
  143. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/observability/dashboards/README.md +0 -0
  144. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/observability/dashboards/asap-detailed.json +0 -0
  145. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/observability/dashboards/asap-red.json +0 -0
  146. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/observability/logging.py +0 -0
  147. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/observability/metrics.py +0 -0
  148. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/observability/trace_parser.py +0 -0
  149. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/observability/trace_ui.py +0 -0
  150. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/observability/tracing.py +0 -0
  151. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/registry/__init__.py +0 -0
  152. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/registry/anti_spam.py +0 -0
  153. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/registry/auto_registration.py +0 -0
  154. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/registry/bot_pr.py +0 -0
  155. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/registry/receipt_cache.py +0 -0
  156. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/schemas.py +0 -0
  157. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/state/__init__.py +0 -0
  158. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/state/machine.py +0 -0
  159. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/state/metering.py +0 -0
  160. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/state/snapshot.py +0 -0
  161. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/state/stores/__init__.py +0 -0
  162. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/state/stores/memory.py +0 -0
  163. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/state/stores/sqlite.py +0 -0
  164. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/testing/__init__.py +0 -0
  165. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/testing/asgi_factory.py +0 -0
  166. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/testing/assertions.py +0 -0
  167. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/testing/compliance.py +0 -0
  168. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/testing/fixtures.py +0 -0
  169. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/testing/mocks.py +0 -0
  170. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/__init__.py +0 -0
  171. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/_auth_helpers.py +0 -0
  172. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/agent_routes.py +0 -0
  173. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/cache.py +0 -0
  174. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/capability_routes.py +0 -0
  175. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/challenge.py +0 -0
  176. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/circuit_breaker.py +0 -0
  177. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/codecs/__init__.py +0 -0
  178. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/codecs/lambda_codec.py +0 -0
  179. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/compression.py +0 -0
  180. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/delegation_api.py +0 -0
  181. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/escalation_routes.py +0 -0
  182. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/executors.py +0 -0
  183. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/handlers.py +0 -0
  184. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/jsonrpc.py +0 -0
  185. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/middleware.py +0 -0
  186. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/mtls.py +0 -0
  187. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/rate_limit.py +0 -0
  188. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/sla_api.py +0 -0
  189. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/usage_api.py +0 -0
  190. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/validators.py +0 -0
  191. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/webhook.py +0 -0
  192. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/transport/websocket.py +0 -0
  193. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/utils/__init__.py +0 -0
  194. {asap_protocol-2.3.0 → asap_protocol-2.4.1}/src/asap/utils/sanitization.py +0 -0
@@ -186,6 +186,7 @@ product/strategy/
186
186
  product/private/
187
187
  product/private-roadmap/
188
188
  product/prd/private/
189
+ engineering/code-review/private/
189
190
  # Tactical PRDs outside private/ (patch train); single-digit and double-digit patch (e.g. v2.3.10)
190
191
  product/prd/prd-v2.3.[1-9]-*.md
191
192
  product/prd/prd-v2.3.[1-9][0-9]-*.md
@@ -203,6 +204,8 @@ node_modules/
203
204
  # Next.js app lib (do not ignore; root lib/ is for Python)
204
205
  !apps/web/src/lib/
205
206
  !apps/web/src/lib/**
207
+ !apps/example-mastra/src/lib/
208
+ !apps/example-mastra/src/lib/**
206
209
 
207
210
  # Benchmark and cache artifacts
208
211
  .benchmarks/
@@ -215,3 +218,6 @@ node_modules/
215
218
  eslint-report.json
216
219
  .vercel
217
220
  .env*.local
221
+
222
+ # Local weekly telemetry outputs (snapshots + dashboard; CI uses artifacts)
223
+ private/telemetry/
@@ -7,6 +7,137 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ### Follow-up (not in this release)
11
+
12
+ - `extra="forbid"` on ingress payload models (`TaskRequestConfig`, `CommonMetadata`)
13
+ - Opt-in protection for operator APIs (`/usage`, `/sla`, `/audit`)
14
+ - Redis-backed `JtiReplayCache` and distributed Next.js rate limits
15
+ - Bump optional `pydantic-ai` extra (CVE-2026-46678)
16
+
17
+ ---
18
+
19
+ ## [2.4.1] - 2026-06-14
20
+
21
+ **Security hardening patch** — OAuth2 `iss`/`aud` validation, fail-closed identity
22
+ binding, web app SSRF/redirect fixes, and dependency bumps. Wire protocol and
23
+ manifest schemas are unchanged from v2.4.0.
24
+
25
+ ### Security
26
+
27
+ - **OAuth2 middleware**: Validate JWT `iss` and `aud` when `ASAP_AUTH_ISSUER` / `ASAP_AUTH_AUDIENCE` (or `OAuth2Config.expected_issuer` / `expected_audience`) are set; refactored validation through `validate_jwt()` in `asap.auth.jwks`.
28
+ - **Identity binding**: Fail-closed when `manifest_id` is configured but neither custom claim nor `ASAP_AUTH_SUBJECT_MAP` allowlist matches (403 instead of warn-and-pass).
29
+ - **Web app (`apps/web`)**: Block open redirects on E2E fixture login routes via `resolveRedirectUrl`; harden SSRF on `/api/health-check` (127.0.0.0/8, DNS resolve4/6); Zod strict validation on public API query params (unknown keys return 400); rate-limit unit tests.
30
+
31
+ ### Fixed
32
+
33
+ - **CI security (`pip-audit`)**: Bumped transitive pins (`langchain-core`, `langsmith`, `python-multipart`, `urllib3`, `pip`, `smolagents`) and adjusted documented `--ignore-vuln` flags (pygments + **smolagents** CVEs with no PyPI fix yet; pip ≥26.1 clears prior pip ignore). See [SECURITY.md](SECURITY.md).
34
+ - **FastAPI / Starlette**: Raised `fastapi` floor to `>=0.136.1` so `starlette>=1.0.1` resolves **PYSEC-2026-161** (Host header path injection) without a `pip-audit` ignore.
35
+
36
+ ### Migration
37
+
38
+ - **v2.4.0 → v2.4.1**: Security patch — bump dependencies; verify OAuth2 issuer/audience and identity binding if already configured. See
39
+ [migration guide](docs/migration.md#upgrading-from-v240-to-v241).
40
+
41
+ ---
42
+
43
+ ## [2.4.0] - 2026-05-24
44
+
45
+ **Edge-AI discovery** — Optional structured hardware and inference capability
46
+ advertising on manifests, mirrored to the Lite Registry, marketplace filters, and
47
+ TypeScript discovery types. Wire protocol and existing manifests remain
48
+ backward compatible.
49
+
50
+ ### Added
51
+
52
+ - **feat(discovery): hardware and inference capability advertising**
53
+ - **Manifest schema** (`schemas/entities/manifest.schema.json`): optional
54
+ `capabilities.hardware` (`class`, `model`, `io`) and `capabilities.inference`
55
+ (`modes`, `local_models` with optional self-reported throughput); closed enums;
56
+ `additionalProperties: false` on nested objects. Example:
57
+ `schemas/examples/shellclaw-jetson-capabilities.json`.
58
+ - **Pydantic models** (`HardwareCapability`, `InferenceCapability`,
59
+ `LocalModelInfo`; enums `HardwareClass`, `HardwareIoType`, `InferenceMode`).
60
+ - **Registry mirror**: `RegistryEntry.hardware_class`, `inference_modes`,
61
+ `hardware_io`; `derive_registry_hardware_fields()` applied in
62
+ `auto_registration` and `process_registration` when a signed manifest is
63
+ loaded.
64
+ - **Discovery helpers**: `find_by_hardware_class`, `find_by_inference_mode`,
65
+ `find_by_io` in `asap.discovery.registry`.
66
+ - **Marketplace (web)**: Browse sidebar filters and agent detail blocks for
67
+ hardware class, inference mode, and I/O; register docs and IssueOps template
68
+ note manifest-derived fields.
69
+ - **TypeScript SDK** (`@asap-protocol/client@2.4.0`): optional hardware fields
70
+ on `RegistryEntry` with parsers in `discovery.ts`.
71
+ - **Docs**: `docs/transport.md`, `docs/registry/auto-registration.md`,
72
+ `docs/examples/registry-shellclaw.md`; fixtures under `tests/fixtures/`.
73
+ - **ShellClaw marketplace onboarding (S0)**: Guide
74
+ [docs/guides/shellclaw-registry.md](docs/guides/shellclaw-registry.md)
75
+ (`online_check: false`, static manifest URLs, IssueOps path); validation
76
+ fixtures `tests/fixtures/registry/shellclaw-v1.0-entry.json`.
77
+
78
+ ### Changed
79
+
80
+ - **Tags vs structured fields**: `tags` (e.g. `cuda`, `jetson`) remain valid;
81
+ registrants may migrate to structured `hardware` / `inference` when ready.
82
+
83
+ ### Community feedback
84
+
85
+ - Track enum and field feedback on GitHub: [#176](https://github.com/adriannoes/asap-protocol/issues/176).
86
+
87
+ ---
88
+
89
+ ## [2.3.1] - 2026-05-20
90
+
91
+ **Adapter Lab I** — TypeScript-only patch: two new framework adapters on npm and
92
+ additive exports on `@asap-protocol/client`. Python `asap-protocol` core is
93
+ unchanged; no wire-protocol or migration work required for existing deployments.
94
+
95
+ ### Added
96
+
97
+ - **`@asap-protocol/mastra@2.3.1`**: Expose ASAP capabilities as Mastra
98
+ `createTool` definitions, optional `createAsapMastraAgent` wrapper, and
99
+ streaming bridge. See [docs/integrations/mastra.md](docs/integrations/mastra.md).
100
+ ```bash
101
+ npm install @asap-protocol/mastra @asap-protocol/client @mastra/core zod
102
+ ```
103
+ - **`@asap-protocol/openai-agents@2.3.1`**: Expose ASAP capabilities as OpenAI
104
+ Agents SDK `tool()` definitions, remote-agent handoff helpers, and streaming
105
+ bridge. See [docs/integrations/openai-agents.md](docs/integrations/openai-agents.md).
106
+ ```bash
107
+ npm install @asap-protocol/openai-agents @asap-protocol/client @openai/agents zod
108
+ ```
109
+ - **Examples**: `apps/example-mastra` and `apps/example-openai-agents` (Compliance
110
+ Harness v2 score 1.0 against the loopback provider).
111
+
112
+ ### Changed
113
+
114
+ - **`@asap-protocol/client@2.3.1`**: Additive exports for adapter authors —
115
+ public `@asap-protocol/client/adapters/shared`, `jsonSchemaForCapabilityOutput`,
116
+ execution types, and envelope helpers. Non-breaking; existing `@2.3.0` consumers
117
+ remain compatible.
118
+ - **CI security (`pip-audit`)**: Bumped transitive pins (`idna>=3.15`,
119
+ `markdown>=3.10.2`, `pymdown-extensions>=10.21.3`) and documented `--ignore-vuln`
120
+ flags for advisories with no PyPI fix yet (`PYSEC-2026-89`, `PYSEC-2025-183`,
121
+ `PYSEC-2024-271`). See [SECURITY.md](SECURITY.md).
122
+
123
+ ### Known limitations
124
+
125
+ - Adapter packages peer on pre-1.0 framework releases (`@mastra/core@^1.5.0`,
126
+ `@openai/agents@^0.11.0`). Pin peers in production until those ecosystems
127
+ stabilize semver.
128
+
129
+ ### Migration
130
+
131
+ - **v2.3.0 → v2.3.1**: Additive release — install new packages only if you adopt
132
+ Mastra or OpenAI Agents SDK integrations. See
133
+ [migration guide](docs/migration.md#upgrading-from-v230-to-v231).
134
+
135
+ ### Skipped (TS-only patch)
136
+
137
+ - **Python PyPI / Docker**: No changes to `asap-protocol` Python core (`2.3.0`
138
+ remains current on PyPI). Tag `v2.3.1` ships npm adapters only; any Docker
139
+ image retagged by CI is unchanged bytecode — do not treat it as a Python upgrade.
140
+
10
141
  ---
11
142
 
12
143
  ## [2.3.0] - 2026-05-04
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: asap-protocol
3
- Version: 2.3.0
3
+ Version: 2.4.1
4
4
  Summary: Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication
5
5
  Project-URL: Homepage, https://github.com/adriannoes/asap-protocol
6
6
  Project-URL: Documentation, https://adriannoes.github.io/asap-protocol
@@ -21,10 +21,10 @@ Classifier: Topic :: System :: Distributed Computing
21
21
  Classifier: Typing :: Typed
22
22
  Requires-Python: >=3.13
23
23
  Requires-Dist: aiosqlite>=0.20
24
- Requires-Dist: authlib<2,>=1.6.11
24
+ Requires-Dist: authlib<2,>=1.6.12
25
25
  Requires-Dist: brotli>=1.2.0
26
26
  Requires-Dist: cryptography<47,>=46.0.7
27
- Requires-Dist: fastapi>=0.128.0
27
+ Requires-Dist: fastapi>=0.136.1
28
28
  Requires-Dist: httpx[http2]>=0.28.1
29
29
  Requires-Dist: jcs>=0.2.0
30
30
  Requires-Dist: joserfc<2,>=1.6.3
@@ -46,6 +46,7 @@ Requires-Dist: websockets>=12.0
46
46
  Provides-Extra: crewai
47
47
  Requires-Dist: crewai>=0.80; extra == 'crewai'
48
48
  Provides-Extra: dev
49
+ Requires-Dist: asgi-lifespan>=2.1.0; extra == 'dev'
49
50
  Requires-Dist: brotli>=1.1.0; extra == 'dev'
50
51
  Requires-Dist: mypy>=1.19.1; extra == 'dev'
51
52
  Requires-Dist: pip-audit>=2.7; extra == 'dev'
@@ -57,14 +58,14 @@ Requires-Dist: pytest>=9.0.3; extra == 'dev'
57
58
  Requires-Dist: ruff>=0.14.14; extra == 'dev'
58
59
  Requires-Dist: types-jsonschema>=4.0.0; extra == 'dev'
59
60
  Provides-Extra: dns-sd
60
- Requires-Dist: zeroconf>=0.80; extra == 'dns-sd'
61
+ Requires-Dist: zeroconf>=0.149.5; extra == 'dns-sd'
61
62
  Provides-Extra: docs
62
63
  Requires-Dist: ghp-import>=2.1.0; extra == 'docs'
63
64
  Requires-Dist: mkdocs-material>=9.5; extra == 'docs'
64
65
  Requires-Dist: mkdocstrings[python]>=0.27; extra == 'docs'
65
- Requires-Dist: pymdown-extensions>=10.21; extra == 'docs'
66
+ Requires-Dist: pymdown-extensions>=10.21.3; extra == 'docs'
66
67
  Provides-Extra: langchain
67
- Requires-Dist: langchain-core>=0.2; extra == 'langchain'
68
+ Requires-Dist: langchain-core>=1.3.3; extra == 'langchain'
68
69
  Provides-Extra: llamaindex
69
70
  Requires-Dist: llama-index-core>=0.10; extra == 'llamaindex'
70
71
  Provides-Extra: mcp
@@ -74,11 +75,13 @@ Requires-Dist: openapi-pydantic>=0.5; extra == 'openapi'
74
75
  Provides-Extra: openclaw
75
76
  Requires-Dist: openclaw-sdk>=2.0; extra == 'openclaw'
76
77
  Provides-Extra: pydanticai
77
- Requires-Dist: pydantic-ai>=0.2; extra == 'pydanticai'
78
+ Requires-Dist: pydantic-ai>=1.99.0; extra == 'pydanticai'
78
79
  Provides-Extra: redis
79
80
  Requires-Dist: redis>=5.0.0; extra == 'redis'
80
81
  Provides-Extra: smolagents
81
- Requires-Dist: smolagents>=1.0; extra == 'smolagents'
82
+ Requires-Dist: smolagents>=1.24.0; extra == 'smolagents'
83
+ Provides-Extra: telemetry
84
+ Requires-Dist: pypistats>=1.11.0; extra == 'telemetry'
82
85
  Provides-Extra: webauthn
83
86
  Requires-Dist: webauthn<3,>=2.6; extra == 'webauthn'
84
87
  Description-Content-Type: text/markdown
@@ -92,7 +95,7 @@ Description-Content-Type: text/markdown
92
95
 
93
96
  > A production-ready protocol for agent-to-agent communication and task coordination.
94
97
 
95
- **Quick Info**: `v2.3.0` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
98
+ **Quick Info**: `v2.4.1` (PyPI) · **npm TS [`2.4.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.1)** | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
96
99
 
97
100
  > 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`** — package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
98
101
 
@@ -120,6 +123,8 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
120
123
  - **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
121
124
  - **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
122
125
  - **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
126
+ - **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.1` discovery types. Wire protocol unchanged. See [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) and [ShellClaw registry guide](docs/guides/shellclaw-registry.md).
127
+ - **Framework adapters (v2.3.1+, npm)** — **`@asap-protocol/mastra`** and **`@asap-protocol/openai-agents`** expose ASAP capabilities as Mastra tools and OpenAI Agents SDK `tool()` definitions. See [Migration (v2.3.0 → v2.3.1)](docs/migration.md#upgrading-from-v230-to-v231).
123
128
  - **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
124
129
 
125
130
  ### 🆕 Framework Ecosystem
@@ -139,10 +144,16 @@ Or with pip:
139
144
  pip install asap-protocol
140
145
  ```
141
146
 
142
- **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), aligned with protocol **v2.3.0**):
147
+ **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.1`**). The `latest` dist-tag matches **`npm view @asap-protocol/client version`**.
148
+
149
+ **npm** Mastra [**`@asap-protocol/mastra@2.4.1`**](https://www.npmjs.com/package/@asap-protocol/mastra) bridges ASAP capabilities onto **`@mastra/core`** tools; docs: [`docs/integrations/mastra.md`](docs/integrations/mastra.md), demo: [`apps/example-mastra/README.md`](apps/example-mastra/README.md).
150
+
151
+ **npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.1`**](https://www.npmjs.com/package/@asap-protocol/openai-agents) exposes ASAP capabilities as **`@openai/agents`** `tool()` definitions — **not** the Chat Completions helper [`adapters/openai`](packages/typescript/client/src/adapters/openai.ts); docs: [`docs/integrations/openai-agents.md`](docs/integrations/openai-agents.md), demo: [`apps/example-openai-agents/README.md`](apps/example-openai-agents/README.md).
143
152
 
144
153
  ```bash
145
- npm install @asap-protocol/client
154
+ npm install @asap-protocol/client@2.4.1
155
+ npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
156
+ npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod
146
157
  ```
147
158
 
148
159
  📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
@@ -229,6 +240,8 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
229
240
 
230
241
  | Version | What shipped |
231
242
  | :-- | :-- |
243
+ | **v2.4.0** | **Edge-AI discovery** — **[GitHub Release `v2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** · optional `hardware` / `inference` manifest fields, registry mirror, marketplace filters, **`@asap-protocol/client@2.4.0`**, ShellClaw onboarding docs. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#240---2026-05-24) and [Migration (v2.3.x → v2.4.0)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v23x-to-v240) |
244
+ | **v2.3.1** | **npm TS patch** — **[GitHub Release `v2.3.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.3.1)** · **`@asap-protocol/mastra`**, **`@asap-protocol/openai-agents`**, **`@asap-protocol/client@2.3.1`** (additive adapter exports). Python **2.3.0** unchanged. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#231---2026-05-20) and [Migration (v2.3.0 → v2.3.1)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v230-to-v231) |
232
245
  | **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** — see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
233
246
  | **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
234
247
  | **v2.2** | Per-runtime identity & capability auth · SSE `POST /asap/stream` · `ASAP-Version` · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
@@ -259,6 +272,10 @@ For **general questions** about the protocol, the marketplace, partnerships, or
259
272
 
260
273
  You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
261
274
 
275
+ ## Privacy
276
+
277
+ See [PRIVACY.md](PRIVACY.md) for how the public site and maintainer telemetry use aggregate metrics (including Vercel Web Analytics) without collecting agent IDs or end-user PII in repository outputs.
278
+
262
279
  ## License
263
280
 
264
281
  This project is licensed under the Apache 2.0 License - see the [license](https://github.com/adriannoes/asap-protocol/blob/main/LICENSE) file for details.
@@ -7,7 +7,7 @@
7
7
 
8
8
  > A production-ready protocol for agent-to-agent communication and task coordination.
9
9
 
10
- **Quick Info**: `v2.3.0` | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
10
+ **Quick Info**: `v2.4.1` (PyPI) · **npm TS [`2.4.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.1)** | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
11
11
 
12
12
  > 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`** — package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
13
13
 
@@ -35,6 +35,8 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
35
35
  - **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
36
36
  - **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
37
37
  - **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
38
+ - **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.1` discovery types. Wire protocol unchanged. See [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) and [ShellClaw registry guide](docs/guides/shellclaw-registry.md).
39
+ - **Framework adapters (v2.3.1+, npm)** — **`@asap-protocol/mastra`** and **`@asap-protocol/openai-agents`** expose ASAP capabilities as Mastra tools and OpenAI Agents SDK `tool()` definitions. See [Migration (v2.3.0 → v2.3.1)](docs/migration.md#upgrading-from-v230-to-v231).
38
40
  - **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
39
41
 
40
42
  ### 🆕 Framework Ecosystem
@@ -54,10 +56,16 @@ Or with pip:
54
56
  pip install asap-protocol
55
57
  ```
56
58
 
57
- **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), aligned with protocol **v2.3.0**):
59
+ **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.1`**). The `latest` dist-tag matches **`npm view @asap-protocol/client version`**.
60
+
61
+ **npm** Mastra [**`@asap-protocol/mastra@2.4.1`**](https://www.npmjs.com/package/@asap-protocol/mastra) bridges ASAP capabilities onto **`@mastra/core`** tools; docs: [`docs/integrations/mastra.md`](docs/integrations/mastra.md), demo: [`apps/example-mastra/README.md`](apps/example-mastra/README.md).
62
+
63
+ **npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.1`**](https://www.npmjs.com/package/@asap-protocol/openai-agents) exposes ASAP capabilities as **`@openai/agents`** `tool()` definitions — **not** the Chat Completions helper [`adapters/openai`](packages/typescript/client/src/adapters/openai.ts); docs: [`docs/integrations/openai-agents.md`](docs/integrations/openai-agents.md), demo: [`apps/example-openai-agents/README.md`](apps/example-openai-agents/README.md).
58
64
 
59
65
  ```bash
60
- npm install @asap-protocol/client
66
+ npm install @asap-protocol/client@2.4.1
67
+ npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
68
+ npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod
61
69
  ```
62
70
 
63
71
  📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
@@ -144,6 +152,8 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
144
152
 
145
153
  | Version | What shipped |
146
154
  | :-- | :-- |
155
+ | **v2.4.0** | **Edge-AI discovery** — **[GitHub Release `v2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** · optional `hardware` / `inference` manifest fields, registry mirror, marketplace filters, **`@asap-protocol/client@2.4.0`**, ShellClaw onboarding docs. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#240---2026-05-24) and [Migration (v2.3.x → v2.4.0)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v23x-to-v240) |
156
+ | **v2.3.1** | **npm TS patch** — **[GitHub Release `v2.3.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.3.1)** · **`@asap-protocol/mastra`**, **`@asap-protocol/openai-agents`**, **`@asap-protocol/client@2.3.1`** (additive adapter exports). Python **2.3.0** unchanged. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#231---2026-05-20) and [Migration (v2.3.0 → v2.3.1)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v230-to-v231) |
147
157
  | **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** — see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
148
158
  | **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
149
159
  | **v2.2** | Per-runtime identity & capability auth · SSE `POST /asap/stream` · `ASAP-Version` · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
@@ -174,6 +184,10 @@ For **general questions** about the protocol, the marketplace, partnerships, or
174
184
 
175
185
  You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
176
186
 
187
+ ## Privacy
188
+
189
+ See [PRIVACY.md](PRIVACY.md) for how the public site and maintainer telemetry use aggregate metrics (including Vercel Web Analytics) without collecting agent IDs or end-user PII in repository outputs.
190
+
177
191
  ## License
178
192
 
179
193
  This project is licensed under the Apache 2.0 License - see the [license](https://github.com/adriannoes/asap-protocol/blob/main/LICENSE) file for details.
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "asap-protocol"
3
- version = "2.3.0"
3
+ version = "2.4.1"
4
4
  description = "Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication"
5
5
  authors = [
6
6
  {name = "ASAP Protocol Contributors"}
@@ -27,9 +27,9 @@ dependencies = [
27
27
  "jcs>=0.2.0",
28
28
  "jsonschema>=4.23.0",
29
29
  "pydantic>=2.12.5,<3",
30
- "fastapi>=0.128.0",
30
+ "fastapi>=0.136.1",
31
31
  "httpx[http2]>=0.28.1",
32
- "authlib>=1.6.11,<2",
32
+ "authlib>=1.6.12,<2",
33
33
  "joserfc>=1.6.3,<2",
34
34
  "uvicorn>=0.34",
35
35
  "python-ulid>=3.0",
@@ -49,6 +49,7 @@ dependencies = [
49
49
 
50
50
  [project.optional-dependencies]
51
51
  dev = [
52
+ "asgi-lifespan>=2.1.0",
52
53
  "brotli>=1.1.0",
53
54
  "pytest>=9.0.3",
54
55
  "pytest-asyncio>=0.24",
@@ -64,10 +65,10 @@ docs = [
64
65
  "ghp-import>=2.1.0",
65
66
  "mkdocs-material>=9.5",
66
67
  "mkdocstrings[python]>=0.27",
67
- "pymdown-extensions>=10.21",
68
+ "pymdown-extensions>=10.21.3",
68
69
  ]
69
70
  dns-sd = [
70
- "zeroconf>=0.80",
71
+ "zeroconf>=0.149.5",
71
72
  ]
72
73
  # Redis: shared rate limit storage for multi-worker deployments (see rate_limit.py).
73
74
  redis = [
@@ -82,7 +83,7 @@ mcp = [
82
83
  "mcp>=1.0.0",
83
84
  ]
84
85
  langchain = [
85
- "langchain-core>=0.2",
86
+ "langchain-core>=1.3.3",
86
87
  ]
87
88
  crewai = [
88
89
  "crewai>=0.80",
@@ -91,10 +92,10 @@ llamaindex = [
91
92
  "llama-index-core>=0.10",
92
93
  ]
93
94
  smolagents = [
94
- "smolagents>=1.0",
95
+ "smolagents>=1.24.0",
95
96
  ]
96
97
  pydanticai = [
97
- "pydantic-ai>=0.2",
98
+ "pydantic-ai>=1.99.0",
98
99
  ]
99
100
  openclaw = [
100
101
  "openclaw-sdk>=2.0",
@@ -103,6 +104,9 @@ openclaw = [
103
104
  openapi = [
104
105
  "openapi-pydantic>=0.5",
105
106
  ]
107
+ telemetry = [
108
+ "pypistats>=1.11.0",
109
+ ]
106
110
 
107
111
  [project.urls]
108
112
  Homepage = "https://github.com/adriannoes/asap-protocol"
@@ -112,30 +116,46 @@ Issues = "https://github.com/adriannoes/asap-protocol/issues"
112
116
  "PyPI" = "https://pypi.org/project/asap-protocol/"
113
117
 
114
118
  # Override transitive dependencies for security fixes:
115
- # - pyjwt>=2.12.0 for CVE-2026-32597 (crit header validation)
119
+ # - pyjwt>=2.13.0 for PYSEC-2026-175/177/178/179 (CVE-2026-32597 baseline at 2.12.0)
120
+ # - aiohttp>=3.14.0,<4 for CVE-2026-34993 / CVE-2026-47265 (transitive, e.g. openclaw/mcp stacks)
121
+ # - zeroconf>=0.149.5 for CVE-2026-47180/47183/47184 ([dns-sd] extra)
116
122
  # - pyasn1>=0.6.3 for CVE-2026-30922 (DoS via unbounded recursion)
117
123
  # - tinytag>=2.2.1 for CVE-2026-32889
118
124
  # - cryptography>=46.0.7 for CVE-2026-39892 / CVE-2026-34073 (name-constraint / peer identity)
119
125
  # - requests>=2.33.0 for CVE-2026-25645 (extract_zipped_paths temp file)
120
126
  # - pillow>=12.2.0 for CVE-2026-40192 (transitive, e.g. pdf/vision stacks)
121
127
  # - pytest>=9.0.3 for CVE-2025-71176 (dev)
122
- # - python-multipart>=0.0.26 for CVE-2026-40347 (FastAPI stack)
128
+ # - python-multipart>=0.0.27 for CVE-2026-42561 / CVE-2026-40347 (FastAPI stack)
123
129
  # - pygments>=2.20.0 for CVE-2026-4539
124
- # - langsmith>=0.7.31 for GHSA-rr7j-v2q5-chgv
130
+ # - langsmith>=0.8.0 for CVE-2026-45134 (prior: GHSA-rr7j-v2q5-chgv)
131
+ # - langchain-core>=1.3.3 for CVE-2026-44843
132
+ # - urllib3>=2.7.0 for CVE-2026-44431 / CVE-2026-44432
133
+ # - pip>=26.1.2 for PYSEC-2026-196 (CVE-2026-6357 baseline at 26.1)
125
134
  # - python-dotenv>=1.2.2 for CVE-2026-28684 (transitive, e.g. pydantic-settings / uvicorn stacks)
135
+ # - idna>=3.15 for CVE-2026-45409 (DoS in idna.encode; transitive via httpx/requests)
136
+ # - markdown>=3.10.2 for PYSEC-2026-89 (DoS in html.parser during Markdown parse; mkdocs stack)
137
+ # - pymdown-extensions>=10.21.3 for CVE-2026-46338 (snippets base_path prefix bypass; mkdocs stack)
126
138
  [tool.uv]
127
139
  override-dependencies = [
128
- "pyjwt>=2.12.0,<3",
140
+ "aiohttp>=3.14.0,<4",
141
+ "pyjwt>=2.13.0,<3",
129
142
  "pyasn1>=0.6.3",
130
143
  "tinytag>=2.2.1",
131
144
  "cryptography>=46.0.7,<47",
132
145
  "requests>=2.33.0",
133
146
  "pillow>=12.2.0",
134
147
  "pytest>=9.0.3",
135
- "python-multipart>=0.0.26",
148
+ "python-multipart>=0.0.27",
136
149
  "pygments>=2.20.0",
137
- "langsmith>=0.7.31",
150
+ "langsmith>=0.8.0",
151
+ "langchain-core>=1.3.3",
152
+ "urllib3>=2.7.0",
153
+ "pip>=26.1.2",
154
+ "zeroconf>=0.149.5",
138
155
  "python-dotenv>=1.2.2",
156
+ "idna>=3.15",
157
+ "markdown>=3.10.2",
158
+ "pymdown-extensions>=10.21.3",
139
159
  ]
140
160
 
141
161
  [project.scripts]
@@ -324,5 +344,5 @@ dev = [
324
344
  "memory-profiler>=0.61",
325
345
  "pytest-asyncio>=0.24",
326
346
  "pytest-cov>=6.0",
327
- "pip>=26.0.1",
347
+ "pip>=26.1.2",
328
348
  ]
@@ -33,9 +33,115 @@
33
33
  "title": "AuthScheme",
34
34
  "type": "object"
35
35
  },
36
+ "HardwareCapability": {
37
+ "additionalProperties": false,
38
+ "description": "Optional hardware hosting profile for edge and physical agents.\n\nAll fields are optional; registrants may omit the object entirely.\nClosed enums support marketplace filtering (v2.4+).",
39
+ "properties": {
40
+ "class": {
41
+ "description": "Hardware class hosting the agent",
42
+ "enum": [
43
+ "cloud",
44
+ "sbc",
45
+ "edge_accelerator",
46
+ "microcontroller",
47
+ "desktop"
48
+ ],
49
+ "title": "Class",
50
+ "type": "string"
51
+ },
52
+ "model": {
53
+ "description": "Specific board or SoC (e.g. jetson_orin_nano_super_8gb)",
54
+ "maxLength": 100,
55
+ "title": "Model",
56
+ "type": "string"
57
+ },
58
+ "io": {
59
+ "description": "Physical I/O interfaces available to the agent",
60
+ "items": {
61
+ "enum": [
62
+ "gpio",
63
+ "i2c",
64
+ "spi",
65
+ "uart",
66
+ "csi_camera",
67
+ "usb_camera",
68
+ "audio_in",
69
+ "audio_out",
70
+ "bluetooth",
71
+ "lora",
72
+ "ble"
73
+ ],
74
+ "type": "string"
75
+ },
76
+ "title": "Io",
77
+ "type": "array",
78
+ "uniqueItems": true
79
+ }
80
+ },
81
+ "title": "HardwareCapability",
82
+ "type": "object"
83
+ },
84
+ "InferenceCapability": {
85
+ "additionalProperties": false,
86
+ "description": "Optional local and cloud inference modes advertised by the agent.",
87
+ "properties": {
88
+ "modes": {
89
+ "description": "Supported inference execution modes",
90
+ "items": {
91
+ "enum": [
92
+ "cloud",
93
+ "local_cpu",
94
+ "local_cuda",
95
+ "local_metal",
96
+ "local_npu"
97
+ ],
98
+ "type": "string"
99
+ },
100
+ "title": "Modes",
101
+ "type": "array",
102
+ "uniqueItems": true
103
+ },
104
+ "local_models": {
105
+ "description": "Self-reported local models (optional throughput)",
106
+ "items": {
107
+ "$ref": "#/$defs/LocalModelInfo"
108
+ },
109
+ "title": "Local Models",
110
+ "type": "array"
111
+ }
112
+ },
113
+ "title": "InferenceCapability",
114
+ "type": "object"
115
+ },
116
+ "LocalModelInfo": {
117
+ "additionalProperties": false,
118
+ "description": "Metadata for a model running on-device (self-reported).",
119
+ "properties": {
120
+ "id": {
121
+ "description": "Model identifier (e.g. Hugging Face repo or GGUF name)",
122
+ "maxLength": 200,
123
+ "title": "Id",
124
+ "type": "string"
125
+ },
126
+ "quantization": {
127
+ "description": "Quantization label (e.g. Q4_K_M)",
128
+ "maxLength": 50,
129
+ "title": "Quantization",
130
+ "type": "string"
131
+ },
132
+ "throughput_tokens_per_second": {
133
+ "description": "Self-reported throughput (tokens per second)",
134
+ "minimum": 0,
135
+ "title": "Throughput Tokens Per Second",
136
+ "type": "number"
137
+ }
138
+ },
139
+ "title": "LocalModelInfo",
140
+ "type": "object"
141
+ },
36
142
  "Capability": {
37
143
  "additionalProperties": false,
38
- "description": "Collection of an agent's features and supported operations.\n\nCapabilities describe what an agent can do, including skills,\nstate persistence, streaming support, and MCP tool integration.\n\nAttributes:\n asap_version: ASAP protocol version supported (e.g., \"0.1\")\n skills: List of skills the agent can perform\n state_persistence: Whether the agent supports state snapshots\n streaming: Whether the agent supports streaming responses\n mcp_tools: List of MCP tool names the agent can execute\n\nExample:\n >>> capability = Capability(\n ... asap_version=\"0.1\",\n ... skills=[Skill(id=\"research\", description=\"Research skill\")],\n ... state_persistence=True,\n ... streaming=True,\n ... mcp_tools=[\"web_search\"]\n ... )",
144
+ "description": "Collection of an agent's features and supported operations.\n\nCapabilities describe what an agent can do, including skills,\nstate persistence, streaming support, MCP tool integration, and\noptional hardware / inference advertising (v2.4+).\n\nAttributes:\n asap_version: ASAP protocol version supported (e.g., \"0.1\")\n skills: List of skills the agent can perform\n state_persistence: Whether the agent supports state snapshots\n streaming: Whether the agent supports streaming responses\n mcp_tools: List of MCP tool names the agent can execute\n hardware: Optional hardware class, model, and I/O (v2.4+)\n inference: Optional inference modes and local models (v2.4+)\n\nExample:\n >>> capability = Capability(\n ... asap_version=\"0.1\",\n ... skills=[Skill(id=\"research\", description=\"Research skill\")],\n ... state_persistence=True,\n ... streaming=True,\n ... mcp_tools=[\"web_search\"]\n ... )",
39
145
  "properties": {
40
146
  "asap_version": {
41
147
  "default": "0.1",
@@ -70,6 +176,30 @@
70
176
  },
71
177
  "title": "Mcp Tools",
72
178
  "type": "array"
179
+ },
180
+ "hardware": {
181
+ "anyOf": [
182
+ {
183
+ "$ref": "#/$defs/HardwareCapability"
184
+ },
185
+ {
186
+ "type": "null"
187
+ }
188
+ ],
189
+ "default": null,
190
+ "description": "Optional hardware hosting profile (edge / physical agents)"
191
+ },
192
+ "inference": {
193
+ "anyOf": [
194
+ {
195
+ "$ref": "#/$defs/InferenceCapability"
196
+ },
197
+ {
198
+ "type": "null"
199
+ }
200
+ ],
201
+ "default": null,
202
+ "description": "Optional inference modes and local model metadata"
73
203
  }
74
204
  },
75
205
  "title": "Capability",