asap-protocol 2.4.0__tar.gz → 2.4.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/CHANGELOG.md +19 -6
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/PKG-INFO +12 -12
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/README.md +8 -8
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/pyproject.toml +13 -9
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/__init__.py +1 -1
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/discovery/wellknown.py +1 -1
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/integrations/pydanticai.py +28 -11
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/integrations/smolagents.py +21 -18
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/client.py +53 -20
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/.gitignore +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/LICENSE +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/entities/agent.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/entities/artifact.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/entities/conversation.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/entities/manifest.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/entities/message.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/entities/state_snapshot.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/entities/task.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/envelope.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/examples/shellclaw-jetson-capabilities.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/parts/data_part.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/parts/file_part.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/parts/resource_part.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/parts/template_part.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/parts/text_part.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/artifact_notify.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/mcp_resource_data.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/mcp_resource_fetch.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/mcp_tool_call.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/mcp_tool_result.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/message_send.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/state_query.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/state_restore.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/task_cancel.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/task_request.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/task_response.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/payloads/task_update.schema.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/adapters/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/approval.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/capability_mapper.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/factory.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/handler.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/adapters/openapi/spec_loader.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/agent_jwt.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/approval.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/capabilities.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/claims.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/identity.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/introspection.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/jwks.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/lifecycle.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/middleware.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/oauth2.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/oidc.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/scopes.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/self_auth.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/utils.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/auth/webauthn.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/cli/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/cli/audit_export.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/cli/compliance_check.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/client/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/client/cache.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/client/http_client.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/client/market.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/client/revocation.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/client/trust.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/crypto/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/crypto/keys.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/crypto/models.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/crypto/signing.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/crypto/trust.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/crypto/trust_levels.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/discovery/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/discovery/dnssd.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/discovery/health.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/discovery/registry.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/discovery/validation.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/economics/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/economics/audit.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/economics/delegation.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/economics/delegation_storage.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/economics/hooks.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/economics/metering.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/economics/sla.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/economics/sla_storage.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/economics/storage.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/errors.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/README.md +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/a2h_approval.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/agent_failover.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/auth_patterns.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/coordinator.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/echo_agent.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/error_recovery.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/long_running.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/mcp_client_demo.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/mcp_integration.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/multi_step_workflow.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/orchestration.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/rate_limiting.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/run_demo.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/secure_agent.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/secure_handler.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/state_migration.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/storage_backends.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/streaming_agent.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/streaming_response.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/v1_3_0_showcase.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/v1_4_0_showcase.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/examples/websocket_concept.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/handlers/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/handlers/hitl.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/integrations/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/integrations/a2h.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/integrations/crewai.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/integrations/langchain.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/integrations/llamaindex.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/integrations/openclaw.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/integrations/vercel_ai.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/mcp/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/mcp/client.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/mcp/protocol.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/mcp/serve.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/mcp/server.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/mcp/server_runner.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/base.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/constants.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/entities.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/enums.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/envelope.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/ids.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/parts.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/payloads.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/types.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/models/validators.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/observability/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/observability/dashboards/README.md +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/observability/dashboards/asap-detailed.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/observability/dashboards/asap-red.json +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/observability/logging.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/observability/metrics.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/observability/trace_parser.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/observability/trace_ui.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/observability/tracing.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/registry/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/registry/anti_spam.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/registry/auto_registration.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/registry/bot_pr.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/registry/receipt_cache.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/schemas.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/state/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/state/machine.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/state/metering.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/state/snapshot.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/state/stores/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/state/stores/memory.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/state/stores/sqlite.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/testing/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/testing/asgi_factory.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/testing/assertions.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/testing/compliance.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/testing/fixtures.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/testing/mocks.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/_auth_helpers.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/agent_routes.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/cache.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/capability_routes.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/challenge.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/circuit_breaker.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/codecs/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/codecs/lambda_codec.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/compression.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/delegation_api.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/escalation_routes.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/executors.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/handlers.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/jsonrpc.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/middleware.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/mtls.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/rate_limit.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/server.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/sla_api.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/usage_api.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/validators.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/webhook.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/transport/websocket.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/utils/__init__.py +0 -0
- {asap_protocol-2.4.0 → asap_protocol-2.4.1}/src/asap/utils/sanitization.py +0 -0
|
@@ -7,23 +7,36 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
### Follow-up (not in this release)
|
|
11
|
+
|
|
12
|
+
- `extra="forbid"` on ingress payload models (`TaskRequestConfig`, `CommonMetadata`)
|
|
13
|
+
- Opt-in protection for operator APIs (`/usage`, `/sla`, `/audit`)
|
|
14
|
+
- Redis-backed `JtiReplayCache` and distributed Next.js rate limits
|
|
15
|
+
- Bump optional `pydantic-ai` extra (CVE-2026-46678)
|
|
16
|
+
|
|
17
|
+
---
|
|
18
|
+
|
|
19
|
+
## [2.4.1] - 2026-06-14
|
|
20
|
+
|
|
21
|
+
**Security hardening patch** — OAuth2 `iss`/`aud` validation, fail-closed identity
|
|
22
|
+
binding, web app SSRF/redirect fixes, and dependency bumps. Wire protocol and
|
|
23
|
+
manifest schemas are unchanged from v2.4.0.
|
|
24
|
+
|
|
10
25
|
### Security
|
|
11
26
|
|
|
12
27
|
- **OAuth2 middleware**: Validate JWT `iss` and `aud` when `ASAP_AUTH_ISSUER` / `ASAP_AUTH_AUDIENCE` (or `OAuth2Config.expected_issuer` / `expected_audience`) are set; refactored validation through `validate_jwt()` in `asap.auth.jwks`.
|
|
13
28
|
- **Identity binding**: Fail-closed when `manifest_id` is configured but neither custom claim nor `ASAP_AUTH_SUBJECT_MAP` allowlist matches (403 instead of warn-and-pass).
|
|
14
|
-
- **Web app (`apps/web`)**: Block open redirects on E2E fixture login routes via `resolveRedirectUrl`; harden SSRF on `/api/health-check` (127.0.0.0/8, DNS resolve4/6); Zod validation on API query params; rate-limit unit tests.
|
|
29
|
+
- **Web app (`apps/web`)**: Block open redirects on E2E fixture login routes via `resolveRedirectUrl`; harden SSRF on `/api/health-check` (127.0.0.0/8, DNS resolve4/6); Zod strict validation on public API query params (unknown keys return 400); rate-limit unit tests.
|
|
15
30
|
|
|
16
31
|
### Fixed
|
|
17
32
|
|
|
18
33
|
- **CI security (`pip-audit`)**: Bumped transitive pins (`langchain-core`, `langsmith`, `python-multipart`, `urllib3`, `pip`, `smolagents`) and adjusted documented `--ignore-vuln` flags (pygments + **smolagents** CVEs with no PyPI fix yet; pip ≥26.1 clears prior pip ignore). See [SECURITY.md](SECURITY.md).
|
|
19
34
|
- **FastAPI / Starlette**: Raised `fastapi` floor to `>=0.136.1` so `starlette>=1.0.1` resolves **PYSEC-2026-161** (Host header path injection) without a `pip-audit` ignore.
|
|
20
35
|
|
|
21
|
-
###
|
|
36
|
+
### Migration
|
|
22
37
|
|
|
23
|
-
-
|
|
24
|
-
|
|
25
|
-
- Redis-backed `JtiReplayCache` and distributed Next.js rate limits
|
|
26
|
-
- Bump optional `pydantic-ai` extra (CVE-2026-46678)
|
|
38
|
+
- **v2.4.0 → v2.4.1**: Security patch — bump dependencies; verify OAuth2 issuer/audience and identity binding if already configured. See
|
|
39
|
+
[migration guide](docs/migration.md#upgrading-from-v240-to-v241).
|
|
27
40
|
|
|
28
41
|
---
|
|
29
42
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: asap-protocol
|
|
3
|
-
Version: 2.4.
|
|
3
|
+
Version: 2.4.1
|
|
4
4
|
Summary: Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication
|
|
5
5
|
Project-URL: Homepage, https://github.com/adriannoes/asap-protocol
|
|
6
6
|
Project-URL: Documentation, https://adriannoes.github.io/asap-protocol
|
|
@@ -21,7 +21,7 @@ Classifier: Topic :: System :: Distributed Computing
|
|
|
21
21
|
Classifier: Typing :: Typed
|
|
22
22
|
Requires-Python: >=3.13
|
|
23
23
|
Requires-Dist: aiosqlite>=0.20
|
|
24
|
-
Requires-Dist: authlib<2,>=1.6.
|
|
24
|
+
Requires-Dist: authlib<2,>=1.6.12
|
|
25
25
|
Requires-Dist: brotli>=1.2.0
|
|
26
26
|
Requires-Dist: cryptography<47,>=46.0.7
|
|
27
27
|
Requires-Dist: fastapi>=0.136.1
|
|
@@ -58,7 +58,7 @@ Requires-Dist: pytest>=9.0.3; extra == 'dev'
|
|
|
58
58
|
Requires-Dist: ruff>=0.14.14; extra == 'dev'
|
|
59
59
|
Requires-Dist: types-jsonschema>=4.0.0; extra == 'dev'
|
|
60
60
|
Provides-Extra: dns-sd
|
|
61
|
-
Requires-Dist: zeroconf>=0.
|
|
61
|
+
Requires-Dist: zeroconf>=0.149.5; extra == 'dns-sd'
|
|
62
62
|
Provides-Extra: docs
|
|
63
63
|
Requires-Dist: ghp-import>=2.1.0; extra == 'docs'
|
|
64
64
|
Requires-Dist: mkdocs-material>=9.5; extra == 'docs'
|
|
@@ -75,7 +75,7 @@ Requires-Dist: openapi-pydantic>=0.5; extra == 'openapi'
|
|
|
75
75
|
Provides-Extra: openclaw
|
|
76
76
|
Requires-Dist: openclaw-sdk>=2.0; extra == 'openclaw'
|
|
77
77
|
Provides-Extra: pydanticai
|
|
78
|
-
Requires-Dist: pydantic-ai>=0
|
|
78
|
+
Requires-Dist: pydantic-ai>=1.99.0; extra == 'pydanticai'
|
|
79
79
|
Provides-Extra: redis
|
|
80
80
|
Requires-Dist: redis>=5.0.0; extra == 'redis'
|
|
81
81
|
Provides-Extra: smolagents
|
|
@@ -95,7 +95,7 @@ Description-Content-Type: text/markdown
|
|
|
95
95
|
|
|
96
96
|
> A production-ready protocol for agent-to-agent communication and task coordination.
|
|
97
97
|
|
|
98
|
-
**Quick Info**: `v2.4.
|
|
98
|
+
**Quick Info**: `v2.4.1` (PyPI) · **npm TS [`2.4.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.1)** | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
|
|
99
99
|
|
|
100
100
|
> 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`** — package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
|
|
101
101
|
|
|
@@ -123,7 +123,7 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
|
|
|
123
123
|
- **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
|
|
124
124
|
- **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
|
|
125
125
|
- **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
|
|
126
|
-
- **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.
|
|
126
|
+
- **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.1` discovery types. Wire protocol unchanged. See [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) and [ShellClaw registry guide](docs/guides/shellclaw-registry.md).
|
|
127
127
|
- **Framework adapters (v2.3.1+, npm)** — **`@asap-protocol/mastra`** and **`@asap-protocol/openai-agents`** expose ASAP capabilities as Mastra tools and OpenAI Agents SDK `tool()` definitions. See [Migration (v2.3.0 → v2.3.1)](docs/migration.md#upgrading-from-v230-to-v231).
|
|
128
128
|
- **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
|
|
129
129
|
|
|
@@ -144,16 +144,16 @@ Or with pip:
|
|
|
144
144
|
pip install asap-protocol
|
|
145
145
|
```
|
|
146
146
|
|
|
147
|
-
**npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.
|
|
147
|
+
**npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.1`**). The `latest` dist-tag matches **`npm view @asap-protocol/client version`**.
|
|
148
148
|
|
|
149
|
-
**npm** Mastra [**`@asap-protocol/mastra@2.4.
|
|
149
|
+
**npm** Mastra [**`@asap-protocol/mastra@2.4.1`**](https://www.npmjs.com/package/@asap-protocol/mastra) bridges ASAP capabilities onto **`@mastra/core`** tools; docs: [`docs/integrations/mastra.md`](docs/integrations/mastra.md), demo: [`apps/example-mastra/README.md`](apps/example-mastra/README.md).
|
|
150
150
|
|
|
151
|
-
**npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.
|
|
151
|
+
**npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.1`**](https://www.npmjs.com/package/@asap-protocol/openai-agents) exposes ASAP capabilities as **`@openai/agents`** `tool()` definitions — **not** the Chat Completions helper [`adapters/openai`](packages/typescript/client/src/adapters/openai.ts); docs: [`docs/integrations/openai-agents.md`](docs/integrations/openai-agents.md), demo: [`apps/example-openai-agents/README.md`](apps/example-openai-agents/README.md).
|
|
152
152
|
|
|
153
153
|
```bash
|
|
154
|
-
npm install @asap-protocol/client@2.4.
|
|
155
|
-
npm install @asap-protocol/mastra@2.4.
|
|
156
|
-
npm install @asap-protocol/openai-agents@2.4.
|
|
154
|
+
npm install @asap-protocol/client@2.4.1
|
|
155
|
+
npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
|
|
156
|
+
npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod
|
|
157
157
|
```
|
|
158
158
|
|
|
159
159
|
📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
|
|
8
8
|
> A production-ready protocol for agent-to-agent communication and task coordination.
|
|
9
9
|
|
|
10
|
-
**Quick Info**: `v2.4.
|
|
10
|
+
**Quick Info**: `v2.4.1` (PyPI) · **npm TS [`2.4.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.1)** | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
|
|
11
11
|
|
|
12
12
|
> 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`** — package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
|
|
13
13
|
|
|
@@ -35,7 +35,7 @@ For simple point-to-point communication, a basic HTTP API might suffice; ASAP sh
|
|
|
35
35
|
- **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** — Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
|
|
36
36
|
- **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
|
|
37
37
|
- **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
|
|
38
|
-
- **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.
|
|
38
|
+
- **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.1` discovery types. Wire protocol unchanged. See [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) and [ShellClaw registry guide](docs/guides/shellclaw-registry.md).
|
|
39
39
|
- **Framework adapters (v2.3.1+, npm)** — **`@asap-protocol/mastra`** and **`@asap-protocol/openai-agents`** expose ASAP capabilities as Mastra tools and OpenAI Agents SDK `tool()` definitions. See [Migration (v2.3.0 → v2.3.1)](docs/migration.md#upgrading-from-v230-to-v231).
|
|
40
40
|
- **Economics** — Usage metering, delegation tokens, SLA framework with breach alerts.
|
|
41
41
|
|
|
@@ -56,16 +56,16 @@ Or with pip:
|
|
|
56
56
|
pip install asap-protocol
|
|
57
57
|
```
|
|
58
58
|
|
|
59
|
-
**npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.
|
|
59
|
+
**npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.1`**). The `latest` dist-tag matches **`npm view @asap-protocol/client version`**.
|
|
60
60
|
|
|
61
|
-
**npm** Mastra [**`@asap-protocol/mastra@2.4.
|
|
61
|
+
**npm** Mastra [**`@asap-protocol/mastra@2.4.1`**](https://www.npmjs.com/package/@asap-protocol/mastra) bridges ASAP capabilities onto **`@mastra/core`** tools; docs: [`docs/integrations/mastra.md`](docs/integrations/mastra.md), demo: [`apps/example-mastra/README.md`](apps/example-mastra/README.md).
|
|
62
62
|
|
|
63
|
-
**npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.
|
|
63
|
+
**npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.1`**](https://www.npmjs.com/package/@asap-protocol/openai-agents) exposes ASAP capabilities as **`@openai/agents`** `tool()` definitions — **not** the Chat Completions helper [`adapters/openai`](packages/typescript/client/src/adapters/openai.ts); docs: [`docs/integrations/openai-agents.md`](docs/integrations/openai-agents.md), demo: [`apps/example-openai-agents/README.md`](apps/example-openai-agents/README.md).
|
|
64
64
|
|
|
65
65
|
```bash
|
|
66
|
-
npm install @asap-protocol/client@2.4.
|
|
67
|
-
npm install @asap-protocol/mastra@2.4.
|
|
68
|
-
npm install @asap-protocol/openai-agents@2.4.
|
|
66
|
+
npm install @asap-protocol/client@2.4.1
|
|
67
|
+
npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
|
|
68
|
+
npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod
|
|
69
69
|
```
|
|
70
70
|
|
|
71
71
|
📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** — package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[project]
|
|
2
2
|
name = "asap-protocol"
|
|
3
|
-
version = "2.4.
|
|
3
|
+
version = "2.4.1"
|
|
4
4
|
description = "Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication"
|
|
5
5
|
authors = [
|
|
6
6
|
{name = "ASAP Protocol Contributors"}
|
|
@@ -29,7 +29,7 @@ dependencies = [
|
|
|
29
29
|
"pydantic>=2.12.5,<3",
|
|
30
30
|
"fastapi>=0.136.1",
|
|
31
31
|
"httpx[http2]>=0.28.1",
|
|
32
|
-
"authlib>=1.6.
|
|
32
|
+
"authlib>=1.6.12,<2",
|
|
33
33
|
"joserfc>=1.6.3,<2",
|
|
34
34
|
"uvicorn>=0.34",
|
|
35
35
|
"python-ulid>=3.0",
|
|
@@ -68,7 +68,7 @@ docs = [
|
|
|
68
68
|
"pymdown-extensions>=10.21.3",
|
|
69
69
|
]
|
|
70
70
|
dns-sd = [
|
|
71
|
-
"zeroconf>=0.
|
|
71
|
+
"zeroconf>=0.149.5",
|
|
72
72
|
]
|
|
73
73
|
# Redis: shared rate limit storage for multi-worker deployments (see rate_limit.py).
|
|
74
74
|
redis = [
|
|
@@ -95,7 +95,7 @@ smolagents = [
|
|
|
95
95
|
"smolagents>=1.24.0",
|
|
96
96
|
]
|
|
97
97
|
pydanticai = [
|
|
98
|
-
"pydantic-ai>=0
|
|
98
|
+
"pydantic-ai>=1.99.0",
|
|
99
99
|
]
|
|
100
100
|
openclaw = [
|
|
101
101
|
"openclaw-sdk>=2.0",
|
|
@@ -116,7 +116,9 @@ Issues = "https://github.com/adriannoes/asap-protocol/issues"
|
|
|
116
116
|
"PyPI" = "https://pypi.org/project/asap-protocol/"
|
|
117
117
|
|
|
118
118
|
# Override transitive dependencies for security fixes:
|
|
119
|
-
# - pyjwt>=2.
|
|
119
|
+
# - pyjwt>=2.13.0 for PYSEC-2026-175/177/178/179 (CVE-2026-32597 baseline at 2.12.0)
|
|
120
|
+
# - aiohttp>=3.14.0,<4 for CVE-2026-34993 / CVE-2026-47265 (transitive, e.g. openclaw/mcp stacks)
|
|
121
|
+
# - zeroconf>=0.149.5 for CVE-2026-47180/47183/47184 ([dns-sd] extra)
|
|
120
122
|
# - pyasn1>=0.6.3 for CVE-2026-30922 (DoS via unbounded recursion)
|
|
121
123
|
# - tinytag>=2.2.1 for CVE-2026-32889
|
|
122
124
|
# - cryptography>=46.0.7 for CVE-2026-39892 / CVE-2026-34073 (name-constraint / peer identity)
|
|
@@ -128,14 +130,15 @@ Issues = "https://github.com/adriannoes/asap-protocol/issues"
|
|
|
128
130
|
# - langsmith>=0.8.0 for CVE-2026-45134 (prior: GHSA-rr7j-v2q5-chgv)
|
|
129
131
|
# - langchain-core>=1.3.3 for CVE-2026-44843
|
|
130
132
|
# - urllib3>=2.7.0 for CVE-2026-44431 / CVE-2026-44432
|
|
131
|
-
# - pip>=26.1 for CVE-2026-6357
|
|
133
|
+
# - pip>=26.1.2 for PYSEC-2026-196 (CVE-2026-6357 baseline at 26.1)
|
|
132
134
|
# - python-dotenv>=1.2.2 for CVE-2026-28684 (transitive, e.g. pydantic-settings / uvicorn stacks)
|
|
133
135
|
# - idna>=3.15 for CVE-2026-45409 (DoS in idna.encode; transitive via httpx/requests)
|
|
134
136
|
# - markdown>=3.10.2 for PYSEC-2026-89 (DoS in html.parser during Markdown parse; mkdocs stack)
|
|
135
137
|
# - pymdown-extensions>=10.21.3 for CVE-2026-46338 (snippets base_path prefix bypass; mkdocs stack)
|
|
136
138
|
[tool.uv]
|
|
137
139
|
override-dependencies = [
|
|
138
|
-
"
|
|
140
|
+
"aiohttp>=3.14.0,<4",
|
|
141
|
+
"pyjwt>=2.13.0,<3",
|
|
139
142
|
"pyasn1>=0.6.3",
|
|
140
143
|
"tinytag>=2.2.1",
|
|
141
144
|
"cryptography>=46.0.7,<47",
|
|
@@ -147,7 +150,8 @@ override-dependencies = [
|
|
|
147
150
|
"langsmith>=0.8.0",
|
|
148
151
|
"langchain-core>=1.3.3",
|
|
149
152
|
"urllib3>=2.7.0",
|
|
150
|
-
"pip>=26.1",
|
|
153
|
+
"pip>=26.1.2",
|
|
154
|
+
"zeroconf>=0.149.5",
|
|
151
155
|
"python-dotenv>=1.2.2",
|
|
152
156
|
"idna>=3.15",
|
|
153
157
|
"markdown>=3.10.2",
|
|
@@ -340,5 +344,5 @@ dev = [
|
|
|
340
344
|
"memory-profiler>=0.61",
|
|
341
345
|
"pytest-asyncio>=0.24",
|
|
342
346
|
"pytest-cov>=6.0",
|
|
343
|
-
"pip>=26.
|
|
347
|
+
"pip>=26.1.2",
|
|
344
348
|
]
|
|
@@ -40,7 +40,7 @@ def get_manifest_json(manifest: Manifest) -> dict[str, object]:
|
|
|
40
40
|
Returns:
|
|
41
41
|
Dictionary suitable for JSON response (model_dump).
|
|
42
42
|
"""
|
|
43
|
-
return manifest.model_dump()
|
|
43
|
+
return manifest.model_dump(mode="json", by_alias=True)
|
|
44
44
|
|
|
45
45
|
|
|
46
46
|
def compute_manifest_etag(manifest: Manifest) -> str:
|
|
@@ -64,20 +64,37 @@ def asap_tool_for_urn(
|
|
|
64
64
|
|
|
65
65
|
client_instance = client or MarketClient()
|
|
66
66
|
resolved: ResolvedAgent | None = None
|
|
67
|
-
try:
|
|
68
|
-
resolved = asyncio.run(client_instance.resolve(urn))
|
|
69
|
-
except Exception as e:
|
|
70
|
-
raise ValueError(f"Failed to resolve agent {urn}: {e}") from e
|
|
71
|
-
|
|
72
67
|
skill_id = ""
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
68
|
+
tool_name = name or urn
|
|
69
|
+
tool_description = description or f"Invoke ASAP agent {urn}."
|
|
70
|
+
parameters_schema = DEFAULT_PARAMETERS_JSON_SCHEMA
|
|
71
|
+
|
|
72
|
+
try:
|
|
73
|
+
asyncio.get_running_loop()
|
|
74
|
+
except RuntimeError:
|
|
75
|
+
try:
|
|
76
|
+
resolved = asyncio.run(client_instance.resolve(urn))
|
|
77
|
+
if resolved.manifest.capabilities.skills:
|
|
78
|
+
skill_id = resolved.manifest.capabilities.skills[0].id
|
|
79
|
+
tool_name = name or resolved.manifest.name or urn
|
|
80
|
+
tool_description = (
|
|
81
|
+
description or resolved.manifest.description or f"Invoke ASAP agent {urn}."
|
|
82
|
+
)
|
|
83
|
+
parameters_schema = _parameters_schema_from_manifest(resolved.manifest)
|
|
84
|
+
except Exception as e:
|
|
85
|
+
raise ValueError(f"Failed to resolve agent {urn}: {e}") from e
|
|
79
86
|
|
|
80
87
|
async def _invoke(**kwargs: Any) -> str:
|
|
88
|
+
nonlocal resolved, skill_id
|
|
89
|
+
agent = resolved
|
|
90
|
+
if agent is None:
|
|
91
|
+
try:
|
|
92
|
+
agent = await client_instance.resolve(urn)
|
|
93
|
+
resolved = agent
|
|
94
|
+
if agent.manifest.capabilities.skills:
|
|
95
|
+
skill_id = agent.manifest.capabilities.skills[0].id
|
|
96
|
+
except Exception as e:
|
|
97
|
+
return _to_str_result(f"Error: Failed to resolve agent {urn}: {e!s}")
|
|
81
98
|
input_payload = kwargs.get("input", kwargs)
|
|
82
99
|
if not isinstance(input_payload, dict):
|
|
83
100
|
input_payload = {"value": input_payload}
|
|
@@ -101,24 +101,27 @@ class SmolAgentsAsapTool(Tool if Tool is not None else object): # type: ignore[
|
|
|
101
101
|
self._skill_id = ""
|
|
102
102
|
|
|
103
103
|
try:
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
resolved.
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
104
|
+
asyncio.get_running_loop()
|
|
105
|
+
except RuntimeError:
|
|
106
|
+
try:
|
|
107
|
+
resolved = asyncio.run(self._client.resolve(urn))
|
|
108
|
+
self._resolved = resolved
|
|
109
|
+
self._skill_id = (
|
|
110
|
+
resolved.manifest.capabilities.skills[0].id
|
|
111
|
+
if resolved.manifest.capabilities.skills
|
|
112
|
+
else ""
|
|
113
|
+
)
|
|
114
|
+
raw_name = name or resolved.manifest.name or urn
|
|
115
|
+
self.name = _sanitize_tool_name(raw_name)
|
|
116
|
+
self.description = (
|
|
117
|
+
description or resolved.manifest.description or f"Invoke ASAP agent {urn}."
|
|
118
|
+
)
|
|
119
|
+
self.inputs = _build_inputs_from_manifest(resolved.manifest)
|
|
120
|
+
except (OSError, ValueError, AgentRevokedException, SignatureVerificationError):
|
|
121
|
+
raw_name = name or urn or "asap_agent"
|
|
122
|
+
self.name = _sanitize_tool_name(raw_name)
|
|
123
|
+
self.description = description or f"Invoke ASAP agent {urn}."
|
|
124
|
+
self.inputs = _DEFAULT_INPUTS.copy()
|
|
122
125
|
|
|
123
126
|
super().__init__()
|
|
124
127
|
|
|
@@ -1287,6 +1287,39 @@ class ASAPClient:
|
|
|
1287
1287
|
data = json.loads(json_str)
|
|
1288
1288
|
yield Envelope.model_validate(data)
|
|
1289
1289
|
|
|
1290
|
+
async def _coerce_manifest_payload(
|
|
1291
|
+
self,
|
|
1292
|
+
manifest_data: dict[str, Any],
|
|
1293
|
+
url: str,
|
|
1294
|
+
*,
|
|
1295
|
+
use_schema_validator: bool,
|
|
1296
|
+
) -> tuple[Manifest, str | None]:
|
|
1297
|
+
"""Parse plain or signed manifest JSON from an HTTP response body."""
|
|
1298
|
+
try:
|
|
1299
|
+
if "manifest" in manifest_data and "signature" in manifest_data:
|
|
1300
|
+
signed = SignedManifest.model_validate(manifest_data)
|
|
1301
|
+
if self._verify_signatures:
|
|
1302
|
+
trusted_b64 = self._trusted_manifest_keys.get(url)
|
|
1303
|
+
if not trusted_b64:
|
|
1304
|
+
raise SignatureVerificationError(
|
|
1305
|
+
f"Cannot verify signed manifest from {sanitize_url(url)}: "
|
|
1306
|
+
"no trusted public key provided. Pass trusted_manifest_keys "
|
|
1307
|
+
"to ASAPClient (or disable verify_signatures).",
|
|
1308
|
+
details={"url": sanitize_url(url)},
|
|
1309
|
+
)
|
|
1310
|
+
trusted_key = load_public_key_from_base64(trusted_b64)
|
|
1311
|
+
await asyncio.to_thread(verify_manifest, signed, trusted_key)
|
|
1312
|
+
return signed.manifest, signed.signature.trust_level.value
|
|
1313
|
+
if use_schema_validator:
|
|
1314
|
+
return validate_manifest_schema(manifest_data), None
|
|
1315
|
+
return Manifest.model_validate(manifest_data), None
|
|
1316
|
+
except SignatureVerificationError:
|
|
1317
|
+
raise
|
|
1318
|
+
except ManifestValidationError:
|
|
1319
|
+
raise
|
|
1320
|
+
except Exception as e:
|
|
1321
|
+
raise ValueError(f"Invalid manifest format: {e}") from e
|
|
1322
|
+
|
|
1290
1323
|
async def get_manifest(self, url: str | None = None) -> Manifest:
|
|
1291
1324
|
"""Get agent manifest from cache or HTTP endpoint.
|
|
1292
1325
|
|
|
@@ -1361,24 +1394,11 @@ class ASAPClient:
|
|
|
1361
1394
|
raise ValueError(f"Invalid JSON in manifest response: {e}") from e
|
|
1362
1395
|
|
|
1363
1396
|
try:
|
|
1364
|
-
|
|
1365
|
-
|
|
1366
|
-
|
|
1367
|
-
|
|
1368
|
-
|
|
1369
|
-
raise SignatureVerificationError(
|
|
1370
|
-
f"Cannot verify signed manifest from {sanitize_url(url)}: "
|
|
1371
|
-
"no trusted public key provided. Pass trusted_manifest_keys "
|
|
1372
|
-
"to ASAPClient (or disable verify_signatures).",
|
|
1373
|
-
details={"url": sanitize_url(url)},
|
|
1374
|
-
)
|
|
1375
|
-
trusted_key = load_public_key_from_base64(trusted_b64)
|
|
1376
|
-
await asyncio.to_thread(verify_manifest, signed, trusted_key)
|
|
1377
|
-
manifest = signed.manifest
|
|
1378
|
-
trust_level = signed.signature.trust_level.value
|
|
1379
|
-
else:
|
|
1380
|
-
manifest = Manifest.model_validate(manifest_data)
|
|
1381
|
-
trust_level = None
|
|
1397
|
+
manifest, trust_level = await self._coerce_manifest_payload(
|
|
1398
|
+
manifest_data,
|
|
1399
|
+
url,
|
|
1400
|
+
use_schema_validator=False,
|
|
1401
|
+
)
|
|
1382
1402
|
except SignatureVerificationError:
|
|
1383
1403
|
self._manifest_cache.invalidate(url)
|
|
1384
1404
|
raise
|
|
@@ -1605,7 +1625,14 @@ class ASAPClient:
|
|
|
1605
1625
|
raise ValueError(f"Invalid JSON in manifest response: {e}") from e
|
|
1606
1626
|
|
|
1607
1627
|
try:
|
|
1608
|
-
manifest =
|
|
1628
|
+
manifest, _trust_level = await self._coerce_manifest_payload(
|
|
1629
|
+
manifest_data,
|
|
1630
|
+
manifest_url,
|
|
1631
|
+
use_schema_validator=True,
|
|
1632
|
+
)
|
|
1633
|
+
except SignatureVerificationError:
|
|
1634
|
+
self._manifest_cache.invalidate(manifest_url)
|
|
1635
|
+
raise
|
|
1609
1636
|
except ManifestValidationError:
|
|
1610
1637
|
self._manifest_cache.invalidate(manifest_url)
|
|
1611
1638
|
raise
|
|
@@ -1633,7 +1660,13 @@ class ASAPClient:
|
|
|
1633
1660
|
cause=e,
|
|
1634
1661
|
url=sanitize_url(manifest_url),
|
|
1635
1662
|
) from e
|
|
1636
|
-
except (
|
|
1663
|
+
except (
|
|
1664
|
+
ASAPConnectionError,
|
|
1665
|
+
ASAPTimeoutError,
|
|
1666
|
+
ValueError,
|
|
1667
|
+
ManifestValidationError,
|
|
1668
|
+
SignatureVerificationError,
|
|
1669
|
+
):
|
|
1637
1670
|
raise
|
|
1638
1671
|
except Exception as e:
|
|
1639
1672
|
self._manifest_cache.invalidate(manifest_url)
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{asap_protocol-2.4.0 → asap_protocol-2.4.1}/schemas/examples/shellclaw-jetson-capabilities.json
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|