asap-protocol 2.5.0__tar.gz → 2.5.2__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/CHANGELOG.md +133 -14
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/PKG-INFO +88 -51
- asap_protocol-2.5.2/README.md +230 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/pyproject.toml +16 -3
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/conversation.schema.json +1 -1
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/manifest.schema.json +170 -111
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/envelope.schema.json +51 -1
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/task_request.schema.json +1 -1
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/__init__.py +1 -1
- asap_protocol-2.5.2/src/asap/adapters/mcp/__init__.py +33 -0
- asap_protocol-2.5.2/src/asap/adapters/mcp/auth_middleware.py +16 -0
- asap_protocol-2.5.2/src/asap/adapters/mcp/capability_map.py +15 -0
- asap_protocol-2.5.2/src/asap/adapters/mcp/config.py +16 -0
- asap_protocol-2.5.2/src/asap/adapters/mcp/errors.py +24 -0
- asap_protocol-2.5.2/src/asap/adapters/mcp/jwt_extractor.py +12 -0
- asap_protocol-2.5.2/src/asap/adapters/mcp/protected_server.py +12 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/capability_mapper.py +17 -23
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/handler.py +32 -10
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/__init__.py +7 -11
- asap_protocol-2.5.2/src/asap/auth/_scope_parse.py +39 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/agent_jwt.py +100 -28
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/capabilities.py +4 -8
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/identity.py +75 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/introspection.py +1 -1
- asap_protocol-2.5.2/src/asap/auth/jti_replay_cache.py +109 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/jwks.py +56 -3
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/middleware.py +172 -114
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/scopes.py +10 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/self_auth.py +3 -3
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/webauthn.py +36 -209
- asap_protocol-2.5.2/src/asap/auth/webauthn_store.py +222 -0
- asap_protocol-2.5.2/src/asap/cli/__init__.py +78 -0
- asap_protocol-2.5.2/src/asap/cli/_compat.py +24 -0
- asap_protocol-2.5.2/src/asap/cli/delegation.py +96 -0
- asap_protocol-2.5.2/src/asap/cli/keys.py +44 -0
- asap_protocol-2.5.2/src/asap/cli/manifest.py +127 -0
- asap_protocol-2.5.2/src/asap/cli/repl.py +59 -0
- asap_protocol-2.5.2/src/asap/cli/schemas.py +158 -0
- asap_protocol-2.5.2/src/asap/cli/trace.py +95 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/audit.py +78 -104
- asap_protocol-2.5.2/src/asap/economics/delegation_storage.py +478 -0
- asap_protocol-2.5.2/src/asap/economics/sla_storage.py +401 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/storage.py +119 -245
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/errors.py +69 -37
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/secure_agent.py +1 -1
- asap_protocol-2.5.2/src/asap/integrations/_base.py +524 -0
- asap_protocol-2.5.2/src/asap/integrations/crewai.py +80 -0
- asap_protocol-2.5.2/src/asap/integrations/langchain.py +79 -0
- asap_protocol-2.5.2/src/asap/integrations/llamaindex.py +82 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/integrations/openclaw.py +2 -2
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/integrations/pydanticai.py +7 -11
- asap_protocol-2.5.2/src/asap/integrations/smolagents.py +71 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/integrations/vercel_ai.py +6 -6
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/__init__.py +3 -1
- asap_protocol-2.5.2/src/asap/mcp/auth/__init__.py +29 -0
- {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/auth_middleware.py +2 -2
- {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/capability_map.py +2 -2
- {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/config.py +3 -3
- {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/protected_server.py +29 -8
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/server.py +56 -16
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/entities.py +2 -4
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/envelope.py +9 -3
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/payloads.py +1 -3
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/registry/auto_registration.py +11 -3
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/__init__.py +2 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/metering.py +104 -2
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/stores/__init__.py +9 -1
- asap_protocol-2.5.2/src/asap/state/stores/_sqlite_base.py +316 -0
- asap_protocol-2.5.2/src/asap/state/stores/_sync_bridge.py +127 -0
- asap_protocol-2.5.2/src/asap/state/stores/sqlite.py +352 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/__init__.py +5 -42
- asap_protocol-2.5.2/src/asap/transport/_auth_helpers.py +109 -0
- asap_protocol-2.5.2/src/asap/transport/_request_handler.py +1212 -0
- asap_protocol-2.5.2/src/asap/transport/_state_deps.py +90 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/agent_routes.py +35 -63
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/capability_routes.py +27 -43
- asap_protocol-2.5.2/src/asap/transport/client/__init__.py +76 -0
- asap_protocol-2.5.2/src/asap/transport/client/_core.py +758 -0
- asap_protocol-2.5.2/src/asap/transport/client/_discovery.py +498 -0
- asap_protocol-2.5.2/src/asap/transport/client/_helpers.py +169 -0
- asap_protocol-2.5.2/src/asap/transport/client/_send.py +726 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/delegation_api.py +27 -14
- asap_protocol-2.5.2/src/asap/transport/errors.py +143 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/escalation_routes.py +5 -2
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/handlers.py +170 -90
- {asap_protocol-2.5.0/src/asap/transport/codecs → asap_protocol-2.5.2/src/asap/transport}/lambda_codec.py +1 -1
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/middleware.py +88 -50
- asap_protocol-2.5.2/src/asap/transport/routes/__init__.py +25 -0
- asap_protocol-2.5.2/src/asap/transport/routes/audit.py +79 -0
- asap_protocol-2.5.2/src/asap/transport/routes/health.py +79 -0
- asap_protocol-2.5.2/src/asap/transport/routes/jsonrpc.py +140 -0
- asap_protocol-2.5.2/src/asap/transport/routes/websocket.py +44 -0
- asap_protocol-2.5.2/src/asap/transport/server.py +1064 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/sla_api.py +27 -21
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/usage_api.py +31 -22
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/validators.py +5 -34
- asap_protocol-2.5.2/src/asap/transport/websocket.py +130 -0
- asap_protocol-2.5.2/src/asap/transport/ws/__init__.py +106 -0
- asap_protocol-2.5.2/src/asap/transport/ws/_ack.py +140 -0
- asap_protocol-2.5.2/src/asap/transport/ws/_actions.py +35 -0
- asap_protocol-2.5.2/src/asap/transport/ws/_dispatch.py +500 -0
- asap_protocol-2.5.2/src/asap/transport/ws/_errors.py +25 -0
- asap_protocol-2.5.2/src/asap/transport/ws/_recv.py +186 -0
- asap_protocol-2.5.2/src/asap/transport/ws/client.py +400 -0
- asap_protocol-2.5.2/src/asap/transport/ws/codecs.py +212 -0
- asap_protocol-2.5.2/src/asap/transport/ws/pool.py +125 -0
- asap_protocol-2.5.2/src/asap/transport/ws/server.py +375 -0
- asap_protocol-2.5.0/README.md +0 -197
- asap_protocol-2.5.0/src/asap/adapters/mcp/__init__.py +0 -17
- asap_protocol-2.5.0/src/asap/auth/claims.py +0 -43
- asap_protocol-2.5.0/src/asap/auth/lifecycle.py +0 -67
- asap_protocol-2.5.0/src/asap/auth/utils.py +0 -25
- asap_protocol-2.5.0/src/asap/cli/__init__.py +0 -596
- asap_protocol-2.5.0/src/asap/economics/delegation_storage.py +0 -455
- asap_protocol-2.5.0/src/asap/economics/sla_storage.py +0 -410
- asap_protocol-2.5.0/src/asap/integrations/crewai.py +0 -205
- asap_protocol-2.5.0/src/asap/integrations/langchain.py +0 -186
- asap_protocol-2.5.0/src/asap/integrations/llamaindex.py +0 -183
- asap_protocol-2.5.0/src/asap/integrations/smolagents.py +0 -163
- asap_protocol-2.5.0/src/asap/state/stores/sqlite.py +0 -517
- asap_protocol-2.5.0/src/asap/transport/_auth_helpers.py +0 -13
- asap_protocol-2.5.0/src/asap/transport/client.py +0 -1934
- asap_protocol-2.5.0/src/asap/transport/codecs/__init__.py +0 -32
- asap_protocol-2.5.0/src/asap/transport/server.py +0 -2244
- asap_protocol-2.5.0/src/asap/transport/websocket.py +0 -1081
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/.gitignore +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/LICENSE +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/agent.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/artifact.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/message.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/state_snapshot.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/task.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/examples/shellclaw-jetson-capabilities.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/parts/data_part.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/parts/file_part.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/parts/resource_part.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/parts/template_part.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/parts/text_part.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/artifact_notify.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/mcp_resource_data.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/mcp_resource_fetch.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/mcp_tool_call.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/mcp_tool_result.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/message_send.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/state_query.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/state_restore.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/task_cancel.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/task_response.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/task_update.schema.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/approval.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/factory.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/spec_loader.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/approval.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/oauth2.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/oidc.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/cli/audit_export.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/cli/compliance_check.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/cache.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/http_client.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/market.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/revocation.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/trust.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/keys.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/models.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/signing.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/trust.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/trust_levels.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/dnssd.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/health.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/registry.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/validation.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/wellknown.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/delegation.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/hooks.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/metering.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/sla.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/README.md +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/a2h_approval.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/agent_failover.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/auth_patterns.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/coordinator.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/echo_agent.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/error_recovery.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/long_running.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/mcp_client_demo.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/mcp_integration.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/multi_step_workflow.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/orchestration.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/rate_limiting.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/run_demo.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/secure_handler.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/state_migration.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/storage_backends.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/streaming_agent.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/streaming_response.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/v1_3_0_showcase.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/v1_4_0_showcase.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/websocket_concept.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/handlers/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/handlers/hitl.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/integrations/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/integrations/a2h.py +11 -11
- {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/errors.py +0 -0
- {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/jwt_extractor.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/client.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/protocol.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/serve.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/server_runner.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/base.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/constants.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/enums.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/ids.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/parts.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/types.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/validators.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/dashboards/README.md +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/dashboards/asap-detailed.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/dashboards/asap-red.json +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/logging.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/metrics.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/trace_parser.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/trace_ui.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/tracing.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/registry/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/registry/anti_spam.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/registry/bot_pr.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/registry/receipt_cache.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/schemas.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/machine.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/snapshot.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/stores/memory.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/asgi_factory.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/assertions.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/compliance.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/fixtures.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/mocks.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/cache.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/challenge.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/circuit_breaker.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/compression.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/executors.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/jsonrpc.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/mtls.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/rate_limit.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/webhook.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/utils/__init__.py +0 -0
- {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/utils/sanitization.py +0 -0
|
@@ -7,17 +7,139 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
-
### Follow-up (
|
|
10
|
+
### Follow-up (planned v2.5.3+)
|
|
11
11
|
|
|
12
|
-
-
|
|
13
|
-
-
|
|
14
|
-
-
|
|
15
|
-
- `@asap-protocol/mcp-auth` HTTP/SSE middleware (deferred from v2.5.0 — see [2.5.0] TypeScript note and [typescript-mcp-auth-spike.md](engineering/tasks/v2.5.0/typescript-mcp-auth-spike.md))
|
|
12
|
+
- **Adapter Lab II** — enterprise/workflow adapters ([prd-v2.5.3-adapter-lab-ii.md](product/prd/prd-v2.5.3-adapter-lab-ii.md)).
|
|
13
|
+
- **Distribution Loop** — homepage, templates, metrics ([prd-v2.5.4-distribution-loop.md](product/prd/prd-v2.5.4-distribution-loop.md)).
|
|
14
|
+
- **Formal Spec & Interop** — RFC spec, introspection, privacy ([prd-v2.5.5-formal-spec-interop.md](product/prd/prd-v2.5.5-formal-spec-interop.md)).
|
|
15
|
+
- `@asap-protocol/mcp-auth` HTTP/SSE middleware (deferred from v2.5.0 — see [2.5.0] TypeScript note and [typescript-mcp-auth-spike.md](engineering/tasks/v2.5.0/typescript-mcp-auth-spike.md)).
|
|
16
|
+
- Collapse the dual `UsageMetrics`/`InMemoryMeteringStore` pair retained in S1 for API stability.
|
|
17
|
+
- Reduce the `asap.transport.client` package aggregate LOC below the S2 target.
|
|
18
|
+
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
## [2.5.2] - 2026-07-08
|
|
22
|
+
|
|
23
|
+
**Security & correctness follow-up** — operator API auth, tighter ingress
|
|
24
|
+
validation, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups,
|
|
25
|
+
and registry fixes. Scope: [prd-v2.5.2-security-follow-up.md](product/prd/prd-v2.5.2-security-follow-up.md).
|
|
26
|
+
Wire protocol and manifest schema are unchanged aside from rejecting unknown
|
|
27
|
+
`config` / `metadata` keys (see Migration).
|
|
28
|
+
|
|
29
|
+
### Added
|
|
30
|
+
|
|
31
|
+
- **Opt-in operator API auth (#209)**: `create_app(require_operator_auth=True)`
|
|
32
|
+
requires an OAuth2 Bearer JWT with scope ``asap:admin`` on ``/usage``,
|
|
33
|
+
``/sla``, and ``/audit``. Default remains open (local/operator ergonomics)
|
|
34
|
+
with the existing startup warnings. Requires ``oauth2_config``.
|
|
35
|
+
- **Redis-backed JTI replay cache (#209)**: Optional
|
|
36
|
+
:class:`~asap.auth.jti_replay_cache.RedisJtiReplayCache` for multi-worker
|
|
37
|
+
Host/Agent JWT replay protection. Default remains in-memory
|
|
38
|
+
:class:`~asap.auth.agent_jwt.JtiReplayCache`. Requires
|
|
39
|
+
``pip install 'asap-protocol[redis]'``. Inject via
|
|
40
|
+
``create_app(identity_jti_cache=...)`` or ``MCPAuthConfig.jti_replay_cache``.
|
|
41
|
+
|
|
42
|
+
### Changed
|
|
43
|
+
|
|
44
|
+
- **Ingress validation (#209)**: `TaskRequestConfig` and `CommonMetadata` now reject
|
|
45
|
+
unknown fields (`extra="forbid"`, inherited from `ASAPBaseModel`). Previously these
|
|
46
|
+
models allowed arbitrary extension keys; clients sending custom `config` or
|
|
47
|
+
`metadata` properties must use known fields only or nest extensions under
|
|
48
|
+
`TaskRequest.input` / envelope `extensions`. See
|
|
49
|
+
[migration guide](docs/migration.md#upgrading-from-v251).
|
|
50
|
+
- **CLI legacy imports (#242)**: `DEFAULT_SCHEMAS_DIR`, `export_all_schemas`, and
|
|
51
|
+
`_repl_namespace` are no longer re-exported from `asap.cli` root. Import from
|
|
52
|
+
`asap.cli._compat` (shim) or the owning submodules (`asap.cli.schemas`,
|
|
53
|
+
`asap.schemas`, `asap.cli.repl`). The `_compat` shim is removed in v2.6.0
|
|
54
|
+
([#275](https://github.com/adriannoes/asap-protocol/issues/275)).
|
|
55
|
+
See [migration guide](docs/migration.md#upgrading-from-v251).
|
|
56
|
+
- **Web app (`apps/web`)**: Optional distributed rate limits via Upstash Redis
|
|
57
|
+
or Vercel KV when `UPSTASH_REDIS_REST_URL` + `UPSTASH_REDIS_REST_TOKEN` (or
|
|
58
|
+
`KV_REST_API_URL` + `KV_REST_API_TOKEN`) are set; local dev without Redis
|
|
59
|
+
keeps the existing in-memory per-instance limiter
|
|
60
|
+
([#209](https://github.com/adriannoes/asap-protocol/issues/209)).
|
|
61
|
+
- **Auth scope parsing (#243)**: `parse_scope` lives in `asap.auth._scope_parse` so
|
|
62
|
+
`OAuth2Middleware` no longer needs an inline import to break a cycle.
|
|
63
|
+
|
|
64
|
+
### Fixed
|
|
65
|
+
|
|
66
|
+
- **CI security (`pip-audit`)**: Raised `joserfc` to `>=1.6.7,<2` (CVE-2026-48990) and added overrides for `python-engineio>=4.13.2` (CVE-2026-48802 / CVE-2026-48809) and `python-socketio>=5.16.2` (CVE-2026-48804). See [SECURITY.md](SECURITY.md).
|
|
67
|
+
- **Streaming correlation binding (#247)**: SSE and WebSocket streaming now require `TaskStream` chunks to echo the request envelope `id` (not an arbitrary request `correlation_id`), and streamed response payloads reject missing or mismatched `correlation_id` values.
|
|
68
|
+
- **SQLite write serialization (#245)**: `AsyncSqliteRepository.execute()` now holds the same `asyncio.Lock` as other write paths so concurrent writers cannot interleave on a shared connection.
|
|
69
|
+
- **Agent status JTI replay (#249)**: `GET /asap/agent/status` now records JWT `jti` in the replay cache (same hardening as other identity routes).
|
|
70
|
+
- **Registry signed manifests (#224)**: Registration paths accept signed manifest envelopes (unwrap before validation).
|
|
71
|
+
- **Registry validation errors (#227)**: Auto-registration maps `ManifestValidationError` to HTTP 400 instead of a 500.
|
|
72
|
+
|
|
73
|
+
### Migration
|
|
74
|
+
|
|
75
|
+
- **v2.5.1 → v2.5.2**: See [migration guide](docs/migration.md#upgrading-from-v251).
|
|
76
|
+
Breaking for clients that sent unknown keys on `TaskRequest.config` /
|
|
77
|
+
`CommonMetadata`. Operator auth and Redis JTI remain opt-in.
|
|
78
|
+
|
|
79
|
+
---
|
|
80
|
+
|
|
81
|
+
## [2.5.1] - 2026-06-25
|
|
82
|
+
|
|
83
|
+
**Code quality patch** — behavior-preserving refactor of the transport, storage,
|
|
84
|
+
auth, and integration layers accumulated through v2.5.0, plus six correctness and
|
|
85
|
+
security fixes. No wire-protocol, manifest schema, or public API breaking changes.
|
|
86
|
+
Deprecated import paths keep working via shims until v2.6.0.
|
|
87
|
+
|
|
88
|
+
### Fixed
|
|
89
|
+
|
|
90
|
+
- **`revoke_cascade` atomicity**: delegation revocation now runs in a single SQLite transaction (BEGIN→walk→COMMIT, rollback on failure); the in-memory store holds an `asyncio.Lock` across the cascade so concurrent `register_issued` can't leave children un-revoked.
|
|
91
|
+
- **`usage_events` schema**: one canonical DDL owner in `state/stores/sqlite.py`; both indexes created with `IF NOT EXISTS` regardless of store init order, fixing schema/query-plan divergence.
|
|
92
|
+
- **Host-JWT verifier**: collapsed the divergent verifiers into one `verify_host_bearer`; revoked hosts now return 403 (was 401) on every protected route, including `/asap/agent/reactivate`.
|
|
93
|
+
- **WebSocket OAuth2 bypass**: `/asap/ws` no longer skips `OAuth2Middleware`. In OAuth2-only deployments the WS path now requires a Bearer JWT in the handshake `Authorization` header and rejects with close code 4401 when absent or invalid. Deploys without an OAuth2 IdP are unchanged.
|
|
94
|
+
- **OpenAPI handler**: hoisted the inline `format_www_authenticate_asap` import to module top; `OpenAPIPathParameterError.__init__` no longer raises (validation moved to `for_missing()`/`for_invalid()` factories). `resolve_headers` stays as documented public API.
|
|
95
|
+
- **Client correlation binding**: the client now asserts `response.correlation_id == request.id` in `send()`, `batch()`, and the WS recv loop, raising `ProtocolCorrelationError` (previously only checked non-empty).
|
|
96
|
+
|
|
97
|
+
### Changed
|
|
98
|
+
|
|
99
|
+
- **Storage consolidation**: six SQLite backends (snapshot, metering, delegation, SLA, audit, plus the economics metering store) now subclass a shared `AsyncSqliteRepository` (`state/stores/_sqlite_base.py`) with one WAL setup, `transaction()`, `parse_iso`, and `build_where`. `server.py` uses the new `MeteringStorageBridge` directly; `metering_storage_adapter` is kept as a one-line shim.
|
|
100
|
+
- **`server.py` decomposition**: split into `create_*_router` factories plus `routes/{health,jsonrpc,websocket,audit}.py` (2256 → 1000 LOC); `create_app` is thin wiring. Shared request prep (`parse→auth→envelope→timestamp→nonce`) moved to `ASAPRequestHandler._prepare_request`.
|
|
101
|
+
- **`client.py` decomposition**: split into a `client/` package (`_core`, `_send`, `_discovery`, `_helpers`); `get_manifest`/`discover` now share `_fetch_and_cache_manifest`, and `send`'s Retry-After parser is extracted. `from asap.transport.client import ASAPClient` is unchanged.
|
|
102
|
+
- **`websocket.py` decomposition**: split into `asap/transport/ws/` (`codecs`, `client`, `server`, `pool`, `_recv`, `_ack`, `_dispatch`, `_actions`, `_errors`); `_make_fake_request` is gone and WS dispatches envelopes directly through `_prepare_request`. `websocket.py` stays as a re-export shim.
|
|
103
|
+
- **Integrations**: shared `asap/integrations/_base.py` centralizes JSON-schema→Pydantic conversion, URN-scoped skill resolve cache, and per-exception error formatting; `langchain`/`crewai`/`llamaindex`/`smolagents` slimmed to glue-only (71–80 LOC each).
|
|
104
|
+
- **`OAuth2Middleware` JWKS**: delegates to one shared `JWKSValidator` instead of its own cache; HTTP and WS now use the same validator and TTL (`JWKS_CACHE_TTL_SECONDS=86400`).
|
|
105
|
+
- **`MCPServer` tool registration**: the untyped 5-tuple is now a frozen `ToolRegistration` dataclass with per-tool capability metadata.
|
|
106
|
+
- **`RemoteRPCError`**: `RemoteFatalRPCError`/`RemoteRecoverableRPCError` collapse into one `RemoteRPCError` with an `is_recoverable` property; the old names stay as deprecated subclasses.
|
|
107
|
+
- **Identity rate limiting**: the 9 inline limiter checks now use `Depends(require_identity_limiter)`; a missing limiter returns 503 (was `AttributeError` → 500).
|
|
108
|
+
- **`auth/` modules**: `claims`→`jwks`/`middleware`, `utils`→`scopes`, `lifecycle`→`identity`; `WebAuthnSelfAuthVerifier` deleted (`WebAuthnVerifierImpl` satisfies the protocol directly).
|
|
109
|
+
- **MCP Auth Bridge**: folded `asap.adapters.mcp.*` into `asap.mcp.auth.*`; `asap.adapters.mcp` stays as a re-export shim.
|
|
110
|
+
|
|
111
|
+
### Removed
|
|
112
|
+
|
|
113
|
+
- **`asap.transport` root re-exports**: `start_periodic_cleanup`, `WebhookDelivery`, `RetryPolicy`, `compute_signature`, and other tuning/webhook internals are no longer re-exported from `asap.transport.__init__` — import them from their owning modules (`asap.transport.cache`, `asap.transport.webhook`).
|
|
114
|
+
- **`asap.transport.codecs` package**: inlined into `asap.transport.lambda_codec`; WS framing primitives moved to `asap.transport.ws.codecs`. No shim (grep-verified zero external callers).
|
|
115
|
+
- **`NonceStore.is_used` / `mark_used`**: replaced by the atomic `check_and_mark`. Custom nonce stores should switch to the one-method protocol.
|
|
116
|
+
- **`OpenAPIExecutionKind.ASYNC_POLLING`**: pruned; a `202 + Location` OpenAPI operation now classifies as `SYNC`.
|
|
117
|
+
- **Dead binary/base64 WS framing**: frames are JSON text only.
|
|
118
|
+
|
|
119
|
+
### Deprecated (remove in v2.6.0)
|
|
120
|
+
|
|
121
|
+
- `from asap.cli._compat import ...` — use `asap.cli.schemas`, `asap.schemas`, or
|
|
122
|
+
`asap.cli.repl` directly ([#242](https://github.com/adriannoes/asap-protocol/issues/242);
|
|
123
|
+
removal tracked in [#275](https://github.com/adriannoes/asap-protocol/issues/275)).
|
|
124
|
+
- `from asap.transport.websocket import ...` — use `asap.transport.ws` directly.
|
|
125
|
+
- `from asap.adapters.mcp import ...` — use `asap.mcp.auth` directly.
|
|
126
|
+
- `RemoteFatalRPCError` / `RemoteRecoverableRPCError` — use `RemoteRPCError` + `is_recoverable`.
|
|
127
|
+
- `metering_storage_adapter` — use `MeteringStorageBridge`.
|
|
128
|
+
- `FRAME_ENCODING_BINARY` — binary framing is gone; the literal remains on the shim for import compat only.
|
|
129
|
+
|
|
130
|
+
### Migration
|
|
131
|
+
|
|
132
|
+
- **v2.5.0 → v2.5.1**: No breaking changes. Update deprecated import paths at your convenience (removed in v2.6.0). If you run an OAuth2-only deployment, note that `/asap/ws` now requires a Bearer JWT in the handshake — see [migration guide](docs/migration.md#upgrading-from-v250-to-v251).
|
|
133
|
+
|
|
134
|
+
---
|
|
135
|
+
|
|
136
|
+
## [2.5.0.1] - 2026-06-24
|
|
137
|
+
|
|
138
|
+
**Compliance package publish** — no change to `asap-protocol` Python API (remains **2.5.0** on PyPI). Git tag **`v2.5.0.1`** is **compliance-only** (not an npm TypeScript release).
|
|
16
139
|
|
|
17
140
|
### Fixed
|
|
18
141
|
|
|
19
|
-
- **
|
|
20
|
-
- **pydantic-ai (CVE-2026-46678)**: Optional `[pydanticai]` extra pins `pydantic-ai>=1.99.0`; removed obsolete `pip-audit` ignore from CI.
|
|
142
|
+
- **PyPI `asap-compliance`**: Bump to **1.3.0** and publish the `mcp-auth-bridge` stdio MCP profile shipped in v2.5.0. The v2.5.0 tag did not upload a new compliance wheel because `release.yml` uses `skip-existing` and the version was still **1.2.0** (February 2026 artifact without MCP auth checks). Requires `asap-protocol>=2.5.0`.
|
|
21
143
|
|
|
22
144
|
---
|
|
23
145
|
|
|
@@ -67,14 +189,11 @@ changes.
|
|
|
67
189
|
|
|
68
190
|
### TypeScript
|
|
69
191
|
|
|
70
|
-
- **`@asap-protocol/mcp-auth` deferred
|
|
71
|
-
Bearer middleware) are SHOULD-scope; v2.5.0 ships the Python stdio bridge as the
|
|
72
|
-
release gate. Rationale and implementation checklist:
|
|
192
|
+
- **`@asap-protocol/mcp-auth` deferred** — MCP-TS-001..003 (HTTP/SSE Bearer middleware) are SHOULD-scope; v2.5.0 ships the Python stdio bridge as the release gate. Rationale and checklist:
|
|
73
193
|
[typescript-mcp-auth-spike.md](engineering/tasks/v2.5.0/typescript-mcp-auth-spike.md);
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
Existing `@asap-protocol/*` npm packages remain at **2.4.1** until
|
|
77
|
-
publish.
|
|
194
|
+
[backlog](engineering/tasks/v2.5.0/backlog-mcp-auth-typescript.md).
|
|
195
|
+
**Note:** git tag **`v2.5.0.1`** was used for **`asap-compliance` 1.3.0** only; the npm middleware targets a **future patch** (TBD tag, e.g. `v2.5.0.2`).
|
|
196
|
+
Existing `@asap-protocol/*` npm packages remain at **2.4.1** until that publish.
|
|
78
197
|
|
|
79
198
|
### Migration
|
|
80
199
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: asap-protocol
|
|
3
|
-
Version: 2.5.
|
|
3
|
+
Version: 2.5.2
|
|
4
4
|
Summary: Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication
|
|
5
5
|
Project-URL: Homepage, https://github.com/adriannoes/asap-protocol
|
|
6
6
|
Project-URL: Documentation, https://adriannoes.github.io/asap-protocol
|
|
@@ -27,7 +27,7 @@ Requires-Dist: cryptography<49,>=48.0.1
|
|
|
27
27
|
Requires-Dist: fastapi>=0.136.1
|
|
28
28
|
Requires-Dist: httpx[http2]>=0.28.1
|
|
29
29
|
Requires-Dist: jcs>=0.2.0
|
|
30
|
-
Requires-Dist: joserfc<2,>=1.6.
|
|
30
|
+
Requires-Dist: joserfc<2,>=1.6.7
|
|
31
31
|
Requires-Dist: jsonschema>=4.23.0
|
|
32
32
|
Requires-Dist: limits>=3.0
|
|
33
33
|
Requires-Dist: opentelemetry-api>=1.20
|
|
@@ -48,6 +48,7 @@ Requires-Dist: crewai>=0.80; extra == 'crewai'
|
|
|
48
48
|
Provides-Extra: dev
|
|
49
49
|
Requires-Dist: asgi-lifespan>=2.1.0; extra == 'dev'
|
|
50
50
|
Requires-Dist: brotli>=1.1.0; extra == 'dev'
|
|
51
|
+
Requires-Dist: fakeredis>=2.26.0; extra == 'dev'
|
|
51
52
|
Requires-Dist: mypy>=1.19.1; extra == 'dev'
|
|
52
53
|
Requires-Dist: pip-audit>=2.7; extra == 'dev'
|
|
53
54
|
Requires-Dist: pytest-asyncio>=0.24; extra == 'dev'
|
|
@@ -61,9 +62,12 @@ Provides-Extra: dns-sd
|
|
|
61
62
|
Requires-Dist: zeroconf>=0.149.5; extra == 'dns-sd'
|
|
62
63
|
Provides-Extra: docs
|
|
63
64
|
Requires-Dist: ghp-import>=2.1.0; extra == 'docs'
|
|
65
|
+
Requires-Dist: joserfc<2,>=1.6.7; extra == 'docs'
|
|
64
66
|
Requires-Dist: mkdocs-material>=9.5; extra == 'docs'
|
|
65
67
|
Requires-Dist: mkdocstrings[python]>=0.27; extra == 'docs'
|
|
66
68
|
Requires-Dist: pymdown-extensions>=10.21.3; extra == 'docs'
|
|
69
|
+
Requires-Dist: python-engineio>=4.13.2; extra == 'docs'
|
|
70
|
+
Requires-Dist: python-socketio>=5.16.2; extra == 'docs'
|
|
67
71
|
Provides-Extra: langchain
|
|
68
72
|
Requires-Dist: langchain-core>=1.3.3; extra == 'langchain'
|
|
69
73
|
Provides-Extra: llamaindex
|
|
@@ -83,7 +87,7 @@ Requires-Dist: smolagents>=1.24.0; extra == 'smolagents'
|
|
|
83
87
|
Provides-Extra: telemetry
|
|
84
88
|
Requires-Dist: pypistats>=1.11.0; extra == 'telemetry'
|
|
85
89
|
Provides-Extra: webauthn
|
|
86
|
-
Requires-Dist: webauthn<
|
|
90
|
+
Requires-Dist: webauthn<4,>=2.6; extra == 'webauthn'
|
|
87
91
|
Description-Content-Type: text/markdown
|
|
88
92
|
|
|
89
93
|
# ASAP: Async Simple Agent Protocol
|
|
@@ -95,40 +99,57 @@ Description-Content-Type: text/markdown
|
|
|
95
99
|
|
|
96
100
|
> A production-ready protocol for agent-to-agent communication and task coordination.
|
|
97
101
|
|
|
98
|
-
**Quick Info**: `v2.5.
|
|
102
|
+
**Quick Info**: [`v2.5.2`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.2) | `Apache 2.0` | `Python 3.13+` | [Documentation](docs/index.md) | [Changelog](CHANGELOG.md)
|
|
99
103
|
|
|
100
|
-
> 📦 Install
|
|
104
|
+
> 📦 **Install** — [`asap-protocol` on PyPI](https://pypi.org/project/asap-protocol/) (Python) · [`@asap-protocol/client` on npm](https://www.npmjs.com/package/@asap-protocol/client) (TypeScript)
|
|
101
105
|
|
|
102
|
-
|
|
106
|
+
🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
|
|
103
107
|
|
|
104
108
|
## Why ASAP?
|
|
105
109
|
|
|
106
|
-
|
|
107
|
-
1. **$N^2$ Connection Complexity**: Most protocols assume static point-to-point HTTP connections that don't scale.
|
|
108
|
-
2. **State Drift**: Lack of native persistence makes it impossible to reliably resume long-running agentic workflows.
|
|
109
|
-
3. **Fragmentation**: No unified way to handle task delegation, artifact exchange and tool execution (MCP) in a single envelope.
|
|
110
|
+
Multi-agent systems hit three walls that point-to-point agent protocols often leave open:
|
|
110
111
|
|
|
111
|
-
|
|
112
|
+
1. **Connection sprawl** — pairwise HTTP does not scale as orchestrators fan out.
|
|
113
|
+
2. **State drift** — long workflows stall without durable task state and resumability.
|
|
114
|
+
3. **Fragmentation** — delegation, artifacts, and MCP tool calls end up in incompatible layers.
|
|
112
115
|
|
|
113
|
-
|
|
116
|
+
**ASAP** answers with a schema-first protocol and reference SDKs in **Python** and **TypeScript**:
|
|
117
|
+
|
|
118
|
+
- **Resumable orchestration** — task state machine, snapshot store, SSE streaming, and built-in `trace_id` / `correlation_id`.
|
|
119
|
+
- **One typed envelope** — tasks, MCP tool execution, and artifact exchange on the same JSON Schema contract.
|
|
120
|
+
- **Production trust** — Ed25519 signed manifests, Host/Agent JWTs, constrained capabilities, OAuth2, opt-in WebAuthn — plus the **MCP Auth Bridge** (v2.5.0) for scoped native `tools/call`.
|
|
121
|
+
- **Ecosystem-ready** — [agentic marketplace](https://asap-protocol.com/), Lite Registry, edge-AI discovery, OpenAPI import, and framework adapters ([Python & npm](#framework-ecosystem)).
|
|
122
|
+
|
|
123
|
+
Plain HTTP between two agents is enough for the simplest cases. ASAP is built for **multi-agent orchestration**, **stateful workflows**, and **governed capability access** in production — see [documentation](docs/index.md) and the feature table below.
|
|
114
124
|
|
|
115
125
|
### Key Features
|
|
116
126
|
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
-
|
|
121
|
-
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
127
|
+
| Area | Highlights | Docs |
|
|
128
|
+
| --- | --- | --- |
|
|
129
|
+
| Stateful orchestration | Task state machine, snapshotting, resumable workflows | [State management](docs/state-management.md) |
|
|
130
|
+
| Schema-first | Pydantic v2 + JSON Schema for cross-agent interchange | [API reference](docs/api-reference.md) |
|
|
131
|
+
| Async-native | `asyncio` + `httpx`; sync and async handlers | [Transport](docs/transport.md) |
|
|
132
|
+
| MCP integration | Tool execution and coordination in one envelope (Mode B) | [MCP integration](docs/mcp-integration.md) |
|
|
133
|
+
| MCP Auth Bridge | Opt-in Agent JWT + capability grants on native stdio MCP `tools/call` (Mode A) | [MCP Auth Bridge](docs/adapters/mcp-auth-bridge.md) |
|
|
134
|
+
| Observability | `trace_id` and `correlation_id` for debugging | [Observability](docs/observability.md) |
|
|
135
|
+
| Security | OAuth2/JWT, Ed25519 manifests, mTLS, rate limiting | [Security](docs/security.md) |
|
|
136
|
+
| Identity & capabilities | Host/Agent JWTs, constrained grants, approval flows, opt-in WebAuthn | [Capabilities](docs/capabilities/index.md) |
|
|
137
|
+
| Streaming & wire protocol | SSE `/asap/stream`, JSON-RPC batch, `ASAP-Version` negotiation | [Transport](docs/transport.md) |
|
|
138
|
+
| Adoption tools | OpenAPI adapter, `@asap-protocol/client`, auto-registration, escalation | [Migration (v2.2 → v2.3)](docs/migration.md#upgrading-from-v22x-to-v230) |
|
|
139
|
+
| Edge-AI discovery | Hardware/inference manifests, registry mirror, marketplace filters | [ShellClaw guide](docs/guides/shellclaw-registry.md) |
|
|
140
|
+
| Framework adapters (npm) | `@asap-protocol/mastra` and `@asap-protocol/openai-agents` tool bridges | [Mastra](docs/integrations/mastra.md) · [OpenAI Agents](docs/integrations/openai-agents.md) |
|
|
141
|
+
| Economics | Usage metering, delegation tokens, SLA breach alerts | [Audit log](docs/audit.md) |
|
|
142
|
+
|
|
143
|
+
Full overview and upgrade paths: [docs/index.md](docs/index.md).
|
|
144
|
+
|
|
145
|
+
### Framework Ecosystem
|
|
146
|
+
|
|
147
|
+
ASAP meets agents where they run — optional Python extras, npm tool bridges, and protocol-native MCP.
|
|
148
|
+
|
|
149
|
+
| Runtime | Integrations | Docs |
|
|
150
|
+
| --- | --- | --- |
|
|
151
|
+
| **Python** | LangChain, CrewAI, LlamaIndex, PydanticAI, SmolAgents, OpenClaw (`pip install "asap-protocol[extra]"`); Vercel AI SDK router; MCP; MCP Auth Bridge; A2H | [OpenClaw](docs/guides/openclaw-integration.md) · [Vercel AI SDK](docs/guides/vercel-ai-sdk.md) · [MCP](docs/mcp-integration.md) · [MCP Auth Bridge](docs/adapters/mcp-auth-bridge.md) |
|
|
152
|
+
| **TypeScript** (npm) | `@asap-protocol/client` (Vercel AI / OpenAI / Anthropic adapters), `@asap-protocol/mastra`, `@asap-protocol/openai-agents` | [TypeScript SDK](docs/sdks/typescript.md) · [Mastra](docs/integrations/mastra.md) · [OpenAI Agents](docs/integrations/openai-agents.md) |
|
|
132
153
|
|
|
133
154
|
## Installation
|
|
134
155
|
|
|
@@ -144,11 +165,11 @@ Or with pip:
|
|
|
144
165
|
pip install asap-protocol
|
|
145
166
|
```
|
|
146
167
|
|
|
147
|
-
**
|
|
168
|
+
**TypeScript** (npm, **`2.4.1`** — unchanged for v2.5.2; `@asap-protocol/mcp-auth` HTTP middleware still deferred):
|
|
148
169
|
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
170
|
+
- [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client) — [SDK docs](docs/sdks/typescript.md)
|
|
171
|
+
- [`@asap-protocol/mastra`](https://www.npmjs.com/package/@asap-protocol/mastra) — [docs](docs/integrations/mastra.md) · [demo](apps/example-mastra/README.md)
|
|
172
|
+
- [`@asap-protocol/openai-agents`](https://www.npmjs.com/package/@asap-protocol/openai-agents) — [docs](docs/integrations/openai-agents.md) · [demo](apps/example-openai-agents/README.md)
|
|
152
173
|
|
|
153
174
|
```bash
|
|
154
175
|
npm install @asap-protocol/client@2.4.1
|
|
@@ -156,7 +177,7 @@ npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
|
|
|
156
177
|
npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod
|
|
157
178
|
```
|
|
158
179
|
|
|
159
|
-
|
|
180
|
+
**Python v2.5.2** (security follow-up): `uv add asap-protocol` or `pip install asap-protocol==2.5.2` — see [Migration (v2.5.1 → v2.5.2)](docs/migration.md#upgrading-from-v251).
|
|
160
181
|
|
|
161
182
|
## Quick Start
|
|
162
183
|
|
|
@@ -189,17 +210,20 @@ uv run pytest --tb=short --cov=asap --cov-report=term-missing --cov-fail-under=8
|
|
|
189
210
|
Validate that your agent follows the ASAP protocol:
|
|
190
211
|
|
|
191
212
|
```bash
|
|
192
|
-
uv add asap-compliance
|
|
213
|
+
uv add "asap-compliance>=1.3.0"
|
|
193
214
|
pytest --asap-agent-url https://your-agent.example.com -m asap_compliance
|
|
194
215
|
```
|
|
195
216
|
|
|
217
|
+
For **MCP Auth Bridge** stdio gates (`mcp-auth-bridge` profile), use **`asap-compliance` 1.3.0+** with **`asap-protocol` 2.5.0+** — published on PyPI via tag [`v2.5.0.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.0.1).
|
|
218
|
+
|
|
196
219
|
See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/main/docs/guides/compliance-testing.md) for handshake, schema and state machine validation.
|
|
197
220
|
|
|
198
221
|
## Documentation
|
|
199
222
|
|
|
200
223
|
**Learn**
|
|
201
|
-
- [Docs](
|
|
202
|
-
- [
|
|
224
|
+
- [Docs](docs/index.md) | [API Reference](docs/api-reference.md)
|
|
225
|
+
- [MCP Auth Bridge](docs/adapters/mcp-auth-bridge.md) — v2.5.0 opt-in JWT + capability grants for native stdio MCP
|
|
226
|
+
- [TypeScript client SDK](docs/sdks/typescript.md) — `@asap-protocol/client` (identity, capabilities, streaming, adapters)
|
|
203
227
|
- [Tutorials](https://github.com/adriannoes/asap-protocol/tree/main/docs/tutorials) — First agent to production checklist
|
|
204
228
|
- [Migration from A2A/MCP](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md)
|
|
205
229
|
- [Raw Fetch (non-Python)](https://github.com/adriannoes/asap-protocol/blob/main/docs/raw-fetch.md) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.
|
|
@@ -222,17 +246,18 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
|
|
|
222
246
|
|
|
223
247
|
```bash
|
|
224
248
|
asap --version # Show version
|
|
225
|
-
asap list-schemas # List
|
|
226
|
-
asap export-schemas # Export
|
|
227
|
-
asap
|
|
249
|
+
asap list-schemas # List JSON schemas
|
|
250
|
+
asap export-schemas # Export schemas to disk
|
|
251
|
+
asap validate-schema payload.json # Validate JSON against a schema
|
|
252
|
+
asap compliance-check --url https://agent.example # Remote Compliance Harness v2
|
|
228
253
|
asap audit export --store memory --format json # Export audit log (stdout)
|
|
229
|
-
asap keys generate -o key.pem #
|
|
230
|
-
asap manifest sign -k key.pem manifest.json # Sign manifest
|
|
231
|
-
asap
|
|
232
|
-
asap
|
|
254
|
+
asap keys generate -o key.pem # Ed25519 keypair
|
|
255
|
+
asap manifest sign -k key.pem manifest.json # Sign agent manifest
|
|
256
|
+
asap delegation create -d <urn> -s read -k key.pem --delegator <urn>
|
|
257
|
+
asap trace <trace-id> --log-file asap.log # Visualize request flow from logs
|
|
233
258
|
```
|
|
234
259
|
|
|
235
|
-
See
|
|
260
|
+
See [docs/cli.md](docs/cli.md) for delegation tokens, schema validation, trace visualization, REPL, and full flag reference. Run `asap --help` for your installed version.
|
|
236
261
|
|
|
237
262
|
## Version History
|
|
238
263
|
|
|
@@ -240,7 +265,12 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
|
|
|
240
265
|
|
|
241
266
|
| Version | What shipped |
|
|
242
267
|
| :-- | :-- |
|
|
243
|
-
| **v2.
|
|
268
|
+
| **v2.5.2** | **Security & correctness follow-up** — opt-in operator API auth, `extra="forbid"` ingress, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups (#245–#249), registry signed-manifest/400 fixes. See [CHANGELOG](CHANGELOG.md#252---2026-07-08), [PRD](product/prd/prd-v2.5.2-security-follow-up.md), and [Migration (v2.5.1 → v2.5.2)](docs/migration.md#upgrading-from-v251) |
|
|
269
|
+
| **v2.5.1** | **Code quality patch** — behavior-preserving refactor (transport/server, client, websocket, SQLite storage, auth, integrations) + six correctness/security fixes (atomic `revoke_cascade`, `usage_events` DDL, unified Host-JWT verifier, **WS now enforces OAuth2**, OpenAPI handler cleanup, client `correlation_id` binding). Deprecated import paths removed in v2.6.0. See [CHANGELOG](CHANGELOG.md#251---2026-06-25) and [Migration (v2.5.0 → v2.5.1)](docs/migration.md#upgrading-from-v250-to-v251) |
|
|
270
|
+
| **v2.5.0.1** | **Compliance publish** — **[GitHub Release `v2.5.0.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.0.1)** · PyPI **`asap-compliance` 1.3.0** (`mcp-auth-bridge` profile; requires `asap-protocol>=2.5.0`). No `asap-protocol` API change. See [CHANGELOG](CHANGELOG.md#2501---2026-06-24) |
|
|
271
|
+
| **v2.5.0** | **MCP Auth Bridge** — **[GitHub Release `v2.5.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.0)** · opt-in `protect_server` for stdio MCP; Agent JWT + capability grants; reference example `examples/mcp_auth_bridge/`. See [CHANGELOG](CHANGELOG.md#250---2026-06-24) and [Migration (v2.4.1 → v2.5.0)](docs/migration.md#upgrading-from-v241-to-v250) |
|
|
272
|
+
| **v2.4.1** | **Security hardening** — OAuth2 `iss`/`aud`, fail-closed identity binding, web SSRF/redirect fixes, dependency bumps. See [CHANGELOG](CHANGELOG.md#241---2026-06-14) and [Migration (v2.4.0 → v2.4.1)](docs/migration.md#upgrading-from-v240-to-v241) |
|
|
273
|
+
| **v2.4.0** | **Edge-AI discovery** — optional `hardware` / `inference` manifest fields, registry mirror, marketplace filters, **`@asap-protocol/client@2.4.0`**, ShellClaw onboarding docs. See [CHANGELOG](CHANGELOG.md#240---2026-05-24) and [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) |
|
|
244
274
|
| **v2.3.1** | **npm TS patch** — **[GitHub Release `v2.3.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.3.1)** · **`@asap-protocol/mastra`**, **`@asap-protocol/openai-agents`**, **`@asap-protocol/client@2.3.1`** (additive adapter exports). Python **2.3.0** unchanged. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#231---2026-05-20) and [Migration (v2.3.0 → v2.3.1)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v230-to-v231) |
|
|
245
275
|
| **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** — see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
|
|
246
276
|
| **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
|
|
@@ -254,7 +284,14 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
|
|
|
254
284
|
|
|
255
285
|
## 🔭 What's Next?
|
|
256
286
|
|
|
257
|
-
|
|
287
|
+
The [agentic marketplace](https://asap-protocol.com/) and Lite Registry are live. The **v2.5.x train** focuses on interop and adoption:
|
|
288
|
+
|
|
289
|
+
- **v2.5.3** — enterprise/workflow adapter spikes (Adapter Lab II)
|
|
290
|
+
- **v2.5.4** — distribution loop (homepage templates, starter kits, adoption metrics)
|
|
291
|
+
- **`@asap-protocol/mcp-auth`** (npm) — HTTP/SSE MCP middleware
|
|
292
|
+
- **Formal spec track** (v2.5.5) — introspection, privacy, cross-protocol interop on the path to v3.0 economy
|
|
293
|
+
|
|
294
|
+
See the [v2.5 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.5-roadmap.md) and [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md).
|
|
258
295
|
|
|
259
296
|
## Contributing
|
|
260
297
|
|
|
@@ -266,11 +303,11 @@ Check out our [contributing guidelines](https://github.com/adriannoes/asap-proto
|
|
|
266
303
|
|
|
267
304
|
## Contact
|
|
268
305
|
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
306
|
+
| Channel | Use for |
|
|
307
|
+
| --- | --- |
|
|
308
|
+
| [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) | Public questions, bugs, and feature ideas |
|
|
309
|
+
| [info@asap-protocol.com](mailto:info@asap-protocol.com) | Private coordination — protocol, marketplace, partnerships, press |
|
|
310
|
+
| [SECURITY.md](SECURITY.md) | Security vulnerabilities only — **do not** use email or public issues |
|
|
274
311
|
|
|
275
312
|
## Privacy
|
|
276
313
|
|
|
@@ -282,4 +319,4 @@ This project is licensed under the Apache 2.0 License - see the [license](https:
|
|
|
282
319
|
|
|
283
320
|
---
|
|
284
321
|
|
|
285
|
-
**Built with [Cursor](https://cursor.com/)
|
|
322
|
+
**Built with [Cursor](https://cursor.com/)**, with Composer, Opus, Gemini, Kimi and more.
|