asap-protocol 2.5.0__tar.gz → 2.5.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (257) hide show
  1. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/CHANGELOG.md +133 -14
  2. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/PKG-INFO +88 -51
  3. asap_protocol-2.5.2/README.md +230 -0
  4. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/pyproject.toml +16 -3
  5. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/conversation.schema.json +1 -1
  6. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/manifest.schema.json +170 -111
  7. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/envelope.schema.json +51 -1
  8. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/task_request.schema.json +1 -1
  9. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/__init__.py +1 -1
  10. asap_protocol-2.5.2/src/asap/adapters/mcp/__init__.py +33 -0
  11. asap_protocol-2.5.2/src/asap/adapters/mcp/auth_middleware.py +16 -0
  12. asap_protocol-2.5.2/src/asap/adapters/mcp/capability_map.py +15 -0
  13. asap_protocol-2.5.2/src/asap/adapters/mcp/config.py +16 -0
  14. asap_protocol-2.5.2/src/asap/adapters/mcp/errors.py +24 -0
  15. asap_protocol-2.5.2/src/asap/adapters/mcp/jwt_extractor.py +12 -0
  16. asap_protocol-2.5.2/src/asap/adapters/mcp/protected_server.py +12 -0
  17. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/capability_mapper.py +17 -23
  18. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/handler.py +32 -10
  19. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/__init__.py +7 -11
  20. asap_protocol-2.5.2/src/asap/auth/_scope_parse.py +39 -0
  21. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/agent_jwt.py +100 -28
  22. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/capabilities.py +4 -8
  23. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/identity.py +75 -0
  24. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/introspection.py +1 -1
  25. asap_protocol-2.5.2/src/asap/auth/jti_replay_cache.py +109 -0
  26. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/jwks.py +56 -3
  27. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/middleware.py +172 -114
  28. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/scopes.py +10 -0
  29. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/self_auth.py +3 -3
  30. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/webauthn.py +36 -209
  31. asap_protocol-2.5.2/src/asap/auth/webauthn_store.py +222 -0
  32. asap_protocol-2.5.2/src/asap/cli/__init__.py +78 -0
  33. asap_protocol-2.5.2/src/asap/cli/_compat.py +24 -0
  34. asap_protocol-2.5.2/src/asap/cli/delegation.py +96 -0
  35. asap_protocol-2.5.2/src/asap/cli/keys.py +44 -0
  36. asap_protocol-2.5.2/src/asap/cli/manifest.py +127 -0
  37. asap_protocol-2.5.2/src/asap/cli/repl.py +59 -0
  38. asap_protocol-2.5.2/src/asap/cli/schemas.py +158 -0
  39. asap_protocol-2.5.2/src/asap/cli/trace.py +95 -0
  40. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/audit.py +78 -104
  41. asap_protocol-2.5.2/src/asap/economics/delegation_storage.py +478 -0
  42. asap_protocol-2.5.2/src/asap/economics/sla_storage.py +401 -0
  43. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/storage.py +119 -245
  44. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/errors.py +69 -37
  45. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/secure_agent.py +1 -1
  46. asap_protocol-2.5.2/src/asap/integrations/_base.py +524 -0
  47. asap_protocol-2.5.2/src/asap/integrations/crewai.py +80 -0
  48. asap_protocol-2.5.2/src/asap/integrations/langchain.py +79 -0
  49. asap_protocol-2.5.2/src/asap/integrations/llamaindex.py +82 -0
  50. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/integrations/openclaw.py +2 -2
  51. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/integrations/pydanticai.py +7 -11
  52. asap_protocol-2.5.2/src/asap/integrations/smolagents.py +71 -0
  53. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/integrations/vercel_ai.py +6 -6
  54. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/__init__.py +3 -1
  55. asap_protocol-2.5.2/src/asap/mcp/auth/__init__.py +29 -0
  56. {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/auth_middleware.py +2 -2
  57. {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/capability_map.py +2 -2
  58. {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/config.py +3 -3
  59. {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/protected_server.py +29 -8
  60. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/server.py +56 -16
  61. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/entities.py +2 -4
  62. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/envelope.py +9 -3
  63. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/payloads.py +1 -3
  64. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/registry/auto_registration.py +11 -3
  65. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/__init__.py +2 -0
  66. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/metering.py +104 -2
  67. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/stores/__init__.py +9 -1
  68. asap_protocol-2.5.2/src/asap/state/stores/_sqlite_base.py +316 -0
  69. asap_protocol-2.5.2/src/asap/state/stores/_sync_bridge.py +127 -0
  70. asap_protocol-2.5.2/src/asap/state/stores/sqlite.py +352 -0
  71. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/__init__.py +5 -42
  72. asap_protocol-2.5.2/src/asap/transport/_auth_helpers.py +109 -0
  73. asap_protocol-2.5.2/src/asap/transport/_request_handler.py +1212 -0
  74. asap_protocol-2.5.2/src/asap/transport/_state_deps.py +90 -0
  75. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/agent_routes.py +35 -63
  76. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/capability_routes.py +27 -43
  77. asap_protocol-2.5.2/src/asap/transport/client/__init__.py +76 -0
  78. asap_protocol-2.5.2/src/asap/transport/client/_core.py +758 -0
  79. asap_protocol-2.5.2/src/asap/transport/client/_discovery.py +498 -0
  80. asap_protocol-2.5.2/src/asap/transport/client/_helpers.py +169 -0
  81. asap_protocol-2.5.2/src/asap/transport/client/_send.py +726 -0
  82. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/delegation_api.py +27 -14
  83. asap_protocol-2.5.2/src/asap/transport/errors.py +143 -0
  84. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/escalation_routes.py +5 -2
  85. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/handlers.py +170 -90
  86. {asap_protocol-2.5.0/src/asap/transport/codecs → asap_protocol-2.5.2/src/asap/transport}/lambda_codec.py +1 -1
  87. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/middleware.py +88 -50
  88. asap_protocol-2.5.2/src/asap/transport/routes/__init__.py +25 -0
  89. asap_protocol-2.5.2/src/asap/transport/routes/audit.py +79 -0
  90. asap_protocol-2.5.2/src/asap/transport/routes/health.py +79 -0
  91. asap_protocol-2.5.2/src/asap/transport/routes/jsonrpc.py +140 -0
  92. asap_protocol-2.5.2/src/asap/transport/routes/websocket.py +44 -0
  93. asap_protocol-2.5.2/src/asap/transport/server.py +1064 -0
  94. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/sla_api.py +27 -21
  95. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/usage_api.py +31 -22
  96. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/validators.py +5 -34
  97. asap_protocol-2.5.2/src/asap/transport/websocket.py +130 -0
  98. asap_protocol-2.5.2/src/asap/transport/ws/__init__.py +106 -0
  99. asap_protocol-2.5.2/src/asap/transport/ws/_ack.py +140 -0
  100. asap_protocol-2.5.2/src/asap/transport/ws/_actions.py +35 -0
  101. asap_protocol-2.5.2/src/asap/transport/ws/_dispatch.py +500 -0
  102. asap_protocol-2.5.2/src/asap/transport/ws/_errors.py +25 -0
  103. asap_protocol-2.5.2/src/asap/transport/ws/_recv.py +186 -0
  104. asap_protocol-2.5.2/src/asap/transport/ws/client.py +400 -0
  105. asap_protocol-2.5.2/src/asap/transport/ws/codecs.py +212 -0
  106. asap_protocol-2.5.2/src/asap/transport/ws/pool.py +125 -0
  107. asap_protocol-2.5.2/src/asap/transport/ws/server.py +375 -0
  108. asap_protocol-2.5.0/README.md +0 -197
  109. asap_protocol-2.5.0/src/asap/adapters/mcp/__init__.py +0 -17
  110. asap_protocol-2.5.0/src/asap/auth/claims.py +0 -43
  111. asap_protocol-2.5.0/src/asap/auth/lifecycle.py +0 -67
  112. asap_protocol-2.5.0/src/asap/auth/utils.py +0 -25
  113. asap_protocol-2.5.0/src/asap/cli/__init__.py +0 -596
  114. asap_protocol-2.5.0/src/asap/economics/delegation_storage.py +0 -455
  115. asap_protocol-2.5.0/src/asap/economics/sla_storage.py +0 -410
  116. asap_protocol-2.5.0/src/asap/integrations/crewai.py +0 -205
  117. asap_protocol-2.5.0/src/asap/integrations/langchain.py +0 -186
  118. asap_protocol-2.5.0/src/asap/integrations/llamaindex.py +0 -183
  119. asap_protocol-2.5.0/src/asap/integrations/smolagents.py +0 -163
  120. asap_protocol-2.5.0/src/asap/state/stores/sqlite.py +0 -517
  121. asap_protocol-2.5.0/src/asap/transport/_auth_helpers.py +0 -13
  122. asap_protocol-2.5.0/src/asap/transport/client.py +0 -1934
  123. asap_protocol-2.5.0/src/asap/transport/codecs/__init__.py +0 -32
  124. asap_protocol-2.5.0/src/asap/transport/server.py +0 -2244
  125. asap_protocol-2.5.0/src/asap/transport/websocket.py +0 -1081
  126. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/.gitignore +0 -0
  127. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/LICENSE +0 -0
  128. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/agent.schema.json +0 -0
  129. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/artifact.schema.json +0 -0
  130. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/message.schema.json +0 -0
  131. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/state_snapshot.schema.json +0 -0
  132. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/entities/task.schema.json +0 -0
  133. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/examples/shellclaw-jetson-capabilities.json +0 -0
  134. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/parts/data_part.schema.json +0 -0
  135. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/parts/file_part.schema.json +0 -0
  136. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/parts/resource_part.schema.json +0 -0
  137. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/parts/template_part.schema.json +0 -0
  138. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/parts/text_part.schema.json +0 -0
  139. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/artifact_notify.schema.json +0 -0
  140. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/mcp_resource_data.schema.json +0 -0
  141. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/mcp_resource_fetch.schema.json +0 -0
  142. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/mcp_tool_call.schema.json +0 -0
  143. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/mcp_tool_result.schema.json +0 -0
  144. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/message_send.schema.json +0 -0
  145. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/state_query.schema.json +0 -0
  146. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/state_restore.schema.json +0 -0
  147. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/task_cancel.schema.json +0 -0
  148. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/task_response.schema.json +0 -0
  149. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/schemas/payloads/task_update.schema.json +0 -0
  150. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/__init__.py +0 -0
  151. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/__init__.py +0 -0
  152. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/approval.py +0 -0
  153. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/factory.py +0 -0
  154. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/adapters/openapi/spec_loader.py +0 -0
  155. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/approval.py +0 -0
  156. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/oauth2.py +0 -0
  157. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/auth/oidc.py +0 -0
  158. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/cli/audit_export.py +0 -0
  159. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/cli/compliance_check.py +0 -0
  160. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/__init__.py +0 -0
  161. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/cache.py +0 -0
  162. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/http_client.py +0 -0
  163. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/market.py +0 -0
  164. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/revocation.py +0 -0
  165. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/client/trust.py +0 -0
  166. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/__init__.py +0 -0
  167. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/keys.py +0 -0
  168. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/models.py +0 -0
  169. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/signing.py +0 -0
  170. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/trust.py +0 -0
  171. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/crypto/trust_levels.py +0 -0
  172. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/__init__.py +0 -0
  173. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/dnssd.py +0 -0
  174. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/health.py +0 -0
  175. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/registry.py +0 -0
  176. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/validation.py +0 -0
  177. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/discovery/wellknown.py +0 -0
  178. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/__init__.py +0 -0
  179. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/delegation.py +0 -0
  180. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/hooks.py +0 -0
  181. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/metering.py +0 -0
  182. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/economics/sla.py +0 -0
  183. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/README.md +0 -0
  184. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/__init__.py +0 -0
  185. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/a2h_approval.py +0 -0
  186. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/agent_failover.py +0 -0
  187. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/auth_patterns.py +0 -0
  188. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/coordinator.py +0 -0
  189. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/echo_agent.py +0 -0
  190. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/error_recovery.py +0 -0
  191. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/long_running.py +0 -0
  192. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/mcp_client_demo.py +0 -0
  193. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/mcp_integration.py +0 -0
  194. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/multi_step_workflow.py +0 -0
  195. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/orchestration.py +0 -0
  196. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/rate_limiting.py +0 -0
  197. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/run_demo.py +0 -0
  198. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/secure_handler.py +0 -0
  199. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/state_migration.py +0 -0
  200. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/storage_backends.py +0 -0
  201. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/streaming_agent.py +0 -0
  202. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/streaming_response.py +0 -0
  203. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/v1_3_0_showcase.py +0 -0
  204. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/v1_4_0_showcase.py +0 -0
  205. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/examples/websocket_concept.py +0 -0
  206. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/handlers/__init__.py +0 -0
  207. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/handlers/hitl.py +0 -0
  208. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/integrations/__init__.py +0 -0
  209. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/integrations/a2h.py +11 -11
  210. {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/errors.py +0 -0
  211. {asap_protocol-2.5.0/src/asap/adapters/mcp → asap_protocol-2.5.2/src/asap/mcp/auth}/jwt_extractor.py +0 -0
  212. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/client.py +0 -0
  213. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/protocol.py +0 -0
  214. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/serve.py +0 -0
  215. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/mcp/server_runner.py +0 -0
  216. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/__init__.py +0 -0
  217. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/base.py +0 -0
  218. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/constants.py +0 -0
  219. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/enums.py +0 -0
  220. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/ids.py +0 -0
  221. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/parts.py +0 -0
  222. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/types.py +0 -0
  223. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/models/validators.py +0 -0
  224. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/__init__.py +0 -0
  225. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/dashboards/README.md +0 -0
  226. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/dashboards/asap-detailed.json +0 -0
  227. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/dashboards/asap-red.json +0 -0
  228. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/logging.py +0 -0
  229. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/metrics.py +0 -0
  230. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/trace_parser.py +0 -0
  231. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/trace_ui.py +0 -0
  232. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/observability/tracing.py +0 -0
  233. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/registry/__init__.py +0 -0
  234. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/registry/anti_spam.py +0 -0
  235. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/registry/bot_pr.py +0 -0
  236. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/registry/receipt_cache.py +0 -0
  237. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/schemas.py +0 -0
  238. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/machine.py +0 -0
  239. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/snapshot.py +0 -0
  240. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/state/stores/memory.py +0 -0
  241. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/__init__.py +0 -0
  242. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/asgi_factory.py +0 -0
  243. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/assertions.py +0 -0
  244. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/compliance.py +0 -0
  245. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/fixtures.py +0 -0
  246. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/testing/mocks.py +0 -0
  247. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/cache.py +0 -0
  248. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/challenge.py +0 -0
  249. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/circuit_breaker.py +0 -0
  250. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/compression.py +0 -0
  251. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/executors.py +0 -0
  252. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/jsonrpc.py +0 -0
  253. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/mtls.py +0 -0
  254. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/rate_limit.py +0 -0
  255. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/transport/webhook.py +0 -0
  256. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/utils/__init__.py +0 -0
  257. {asap_protocol-2.5.0 → asap_protocol-2.5.2}/src/asap/utils/sanitization.py +0 -0
@@ -7,17 +7,139 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
- ### Follow-up (not in this release)
10
+ ### Follow-up (planned v2.5.3+)
11
11
 
12
- - `extra="forbid"` on ingress payload models (`TaskRequestConfig`, `CommonMetadata`)
13
- - Opt-in protection for operator APIs (`/usage`, `/sla`, `/audit`)
14
- - Redis-backed `JtiReplayCache` and distributed Next.js rate limits
15
- - `@asap-protocol/mcp-auth` HTTP/SSE middleware (deferred from v2.5.0 — see [2.5.0] TypeScript note and [typescript-mcp-auth-spike.md](engineering/tasks/v2.5.0/typescript-mcp-auth-spike.md))
12
+ - **Adapter Lab II** enterprise/workflow adapters ([prd-v2.5.3-adapter-lab-ii.md](product/prd/prd-v2.5.3-adapter-lab-ii.md)).
13
+ - **Distribution Loop** homepage, templates, metrics ([prd-v2.5.4-distribution-loop.md](product/prd/prd-v2.5.4-distribution-loop.md)).
14
+ - **Formal Spec & Interop** RFC spec, introspection, privacy ([prd-v2.5.5-formal-spec-interop.md](product/prd/prd-v2.5.5-formal-spec-interop.md)).
15
+ - `@asap-protocol/mcp-auth` HTTP/SSE middleware (deferred from v2.5.0 — see [2.5.0] TypeScript note and [typescript-mcp-auth-spike.md](engineering/tasks/v2.5.0/typescript-mcp-auth-spike.md)).
16
+ - Collapse the dual `UsageMetrics`/`InMemoryMeteringStore` pair retained in S1 for API stability.
17
+ - Reduce the `asap.transport.client` package aggregate LOC below the S2 target.
18
+
19
+ ---
20
+
21
+ ## [2.5.2] - 2026-07-08
22
+
23
+ **Security & correctness follow-up** — operator API auth, tighter ingress
24
+ validation, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups,
25
+ and registry fixes. Scope: [prd-v2.5.2-security-follow-up.md](product/prd/prd-v2.5.2-security-follow-up.md).
26
+ Wire protocol and manifest schema are unchanged aside from rejecting unknown
27
+ `config` / `metadata` keys (see Migration).
28
+
29
+ ### Added
30
+
31
+ - **Opt-in operator API auth (#209)**: `create_app(require_operator_auth=True)`
32
+ requires an OAuth2 Bearer JWT with scope ``asap:admin`` on ``/usage``,
33
+ ``/sla``, and ``/audit``. Default remains open (local/operator ergonomics)
34
+ with the existing startup warnings. Requires ``oauth2_config``.
35
+ - **Redis-backed JTI replay cache (#209)**: Optional
36
+ :class:`~asap.auth.jti_replay_cache.RedisJtiReplayCache` for multi-worker
37
+ Host/Agent JWT replay protection. Default remains in-memory
38
+ :class:`~asap.auth.agent_jwt.JtiReplayCache`. Requires
39
+ ``pip install 'asap-protocol[redis]'``. Inject via
40
+ ``create_app(identity_jti_cache=...)`` or ``MCPAuthConfig.jti_replay_cache``.
41
+
42
+ ### Changed
43
+
44
+ - **Ingress validation (#209)**: `TaskRequestConfig` and `CommonMetadata` now reject
45
+ unknown fields (`extra="forbid"`, inherited from `ASAPBaseModel`). Previously these
46
+ models allowed arbitrary extension keys; clients sending custom `config` or
47
+ `metadata` properties must use known fields only or nest extensions under
48
+ `TaskRequest.input` / envelope `extensions`. See
49
+ [migration guide](docs/migration.md#upgrading-from-v251).
50
+ - **CLI legacy imports (#242)**: `DEFAULT_SCHEMAS_DIR`, `export_all_schemas`, and
51
+ `_repl_namespace` are no longer re-exported from `asap.cli` root. Import from
52
+ `asap.cli._compat` (shim) or the owning submodules (`asap.cli.schemas`,
53
+ `asap.schemas`, `asap.cli.repl`). The `_compat` shim is removed in v2.6.0
54
+ ([#275](https://github.com/adriannoes/asap-protocol/issues/275)).
55
+ See [migration guide](docs/migration.md#upgrading-from-v251).
56
+ - **Web app (`apps/web`)**: Optional distributed rate limits via Upstash Redis
57
+ or Vercel KV when `UPSTASH_REDIS_REST_URL` + `UPSTASH_REDIS_REST_TOKEN` (or
58
+ `KV_REST_API_URL` + `KV_REST_API_TOKEN`) are set; local dev without Redis
59
+ keeps the existing in-memory per-instance limiter
60
+ ([#209](https://github.com/adriannoes/asap-protocol/issues/209)).
61
+ - **Auth scope parsing (#243)**: `parse_scope` lives in `asap.auth._scope_parse` so
62
+ `OAuth2Middleware` no longer needs an inline import to break a cycle.
63
+
64
+ ### Fixed
65
+
66
+ - **CI security (`pip-audit`)**: Raised `joserfc` to `>=1.6.7,<2` (CVE-2026-48990) and added overrides for `python-engineio>=4.13.2` (CVE-2026-48802 / CVE-2026-48809) and `python-socketio>=5.16.2` (CVE-2026-48804). See [SECURITY.md](SECURITY.md).
67
+ - **Streaming correlation binding (#247)**: SSE and WebSocket streaming now require `TaskStream` chunks to echo the request envelope `id` (not an arbitrary request `correlation_id`), and streamed response payloads reject missing or mismatched `correlation_id` values.
68
+ - **SQLite write serialization (#245)**: `AsyncSqliteRepository.execute()` now holds the same `asyncio.Lock` as other write paths so concurrent writers cannot interleave on a shared connection.
69
+ - **Agent status JTI replay (#249)**: `GET /asap/agent/status` now records JWT `jti` in the replay cache (same hardening as other identity routes).
70
+ - **Registry signed manifests (#224)**: Registration paths accept signed manifest envelopes (unwrap before validation).
71
+ - **Registry validation errors (#227)**: Auto-registration maps `ManifestValidationError` to HTTP 400 instead of a 500.
72
+
73
+ ### Migration
74
+
75
+ - **v2.5.1 → v2.5.2**: See [migration guide](docs/migration.md#upgrading-from-v251).
76
+ Breaking for clients that sent unknown keys on `TaskRequest.config` /
77
+ `CommonMetadata`. Operator auth and Redis JTI remain opt-in.
78
+
79
+ ---
80
+
81
+ ## [2.5.1] - 2026-06-25
82
+
83
+ **Code quality patch** — behavior-preserving refactor of the transport, storage,
84
+ auth, and integration layers accumulated through v2.5.0, plus six correctness and
85
+ security fixes. No wire-protocol, manifest schema, or public API breaking changes.
86
+ Deprecated import paths keep working via shims until v2.6.0.
87
+
88
+ ### Fixed
89
+
90
+ - **`revoke_cascade` atomicity**: delegation revocation now runs in a single SQLite transaction (BEGIN→walk→COMMIT, rollback on failure); the in-memory store holds an `asyncio.Lock` across the cascade so concurrent `register_issued` can't leave children un-revoked.
91
+ - **`usage_events` schema**: one canonical DDL owner in `state/stores/sqlite.py`; both indexes created with `IF NOT EXISTS` regardless of store init order, fixing schema/query-plan divergence.
92
+ - **Host-JWT verifier**: collapsed the divergent verifiers into one `verify_host_bearer`; revoked hosts now return 403 (was 401) on every protected route, including `/asap/agent/reactivate`.
93
+ - **WebSocket OAuth2 bypass**: `/asap/ws` no longer skips `OAuth2Middleware`. In OAuth2-only deployments the WS path now requires a Bearer JWT in the handshake `Authorization` header and rejects with close code 4401 when absent or invalid. Deploys without an OAuth2 IdP are unchanged.
94
+ - **OpenAPI handler**: hoisted the inline `format_www_authenticate_asap` import to module top; `OpenAPIPathParameterError.__init__` no longer raises (validation moved to `for_missing()`/`for_invalid()` factories). `resolve_headers` stays as documented public API.
95
+ - **Client correlation binding**: the client now asserts `response.correlation_id == request.id` in `send()`, `batch()`, and the WS recv loop, raising `ProtocolCorrelationError` (previously only checked non-empty).
96
+
97
+ ### Changed
98
+
99
+ - **Storage consolidation**: six SQLite backends (snapshot, metering, delegation, SLA, audit, plus the economics metering store) now subclass a shared `AsyncSqliteRepository` (`state/stores/_sqlite_base.py`) with one WAL setup, `transaction()`, `parse_iso`, and `build_where`. `server.py` uses the new `MeteringStorageBridge` directly; `metering_storage_adapter` is kept as a one-line shim.
100
+ - **`server.py` decomposition**: split into `create_*_router` factories plus `routes/{health,jsonrpc,websocket,audit}.py` (2256 → 1000 LOC); `create_app` is thin wiring. Shared request prep (`parse→auth→envelope→timestamp→nonce`) moved to `ASAPRequestHandler._prepare_request`.
101
+ - **`client.py` decomposition**: split into a `client/` package (`_core`, `_send`, `_discovery`, `_helpers`); `get_manifest`/`discover` now share `_fetch_and_cache_manifest`, and `send`'s Retry-After parser is extracted. `from asap.transport.client import ASAPClient` is unchanged.
102
+ - **`websocket.py` decomposition**: split into `asap/transport/ws/` (`codecs`, `client`, `server`, `pool`, `_recv`, `_ack`, `_dispatch`, `_actions`, `_errors`); `_make_fake_request` is gone and WS dispatches envelopes directly through `_prepare_request`. `websocket.py` stays as a re-export shim.
103
+ - **Integrations**: shared `asap/integrations/_base.py` centralizes JSON-schema→Pydantic conversion, URN-scoped skill resolve cache, and per-exception error formatting; `langchain`/`crewai`/`llamaindex`/`smolagents` slimmed to glue-only (71–80 LOC each).
104
+ - **`OAuth2Middleware` JWKS**: delegates to one shared `JWKSValidator` instead of its own cache; HTTP and WS now use the same validator and TTL (`JWKS_CACHE_TTL_SECONDS=86400`).
105
+ - **`MCPServer` tool registration**: the untyped 5-tuple is now a frozen `ToolRegistration` dataclass with per-tool capability metadata.
106
+ - **`RemoteRPCError`**: `RemoteFatalRPCError`/`RemoteRecoverableRPCError` collapse into one `RemoteRPCError` with an `is_recoverable` property; the old names stay as deprecated subclasses.
107
+ - **Identity rate limiting**: the 9 inline limiter checks now use `Depends(require_identity_limiter)`; a missing limiter returns 503 (was `AttributeError` → 500).
108
+ - **`auth/` modules**: `claims`→`jwks`/`middleware`, `utils`→`scopes`, `lifecycle`→`identity`; `WebAuthnSelfAuthVerifier` deleted (`WebAuthnVerifierImpl` satisfies the protocol directly).
109
+ - **MCP Auth Bridge**: folded `asap.adapters.mcp.*` into `asap.mcp.auth.*`; `asap.adapters.mcp` stays as a re-export shim.
110
+
111
+ ### Removed
112
+
113
+ - **`asap.transport` root re-exports**: `start_periodic_cleanup`, `WebhookDelivery`, `RetryPolicy`, `compute_signature`, and other tuning/webhook internals are no longer re-exported from `asap.transport.__init__` — import them from their owning modules (`asap.transport.cache`, `asap.transport.webhook`).
114
+ - **`asap.transport.codecs` package**: inlined into `asap.transport.lambda_codec`; WS framing primitives moved to `asap.transport.ws.codecs`. No shim (grep-verified zero external callers).
115
+ - **`NonceStore.is_used` / `mark_used`**: replaced by the atomic `check_and_mark`. Custom nonce stores should switch to the one-method protocol.
116
+ - **`OpenAPIExecutionKind.ASYNC_POLLING`**: pruned; a `202 + Location` OpenAPI operation now classifies as `SYNC`.
117
+ - **Dead binary/base64 WS framing**: frames are JSON text only.
118
+
119
+ ### Deprecated (remove in v2.6.0)
120
+
121
+ - `from asap.cli._compat import ...` — use `asap.cli.schemas`, `asap.schemas`, or
122
+ `asap.cli.repl` directly ([#242](https://github.com/adriannoes/asap-protocol/issues/242);
123
+ removal tracked in [#275](https://github.com/adriannoes/asap-protocol/issues/275)).
124
+ - `from asap.transport.websocket import ...` — use `asap.transport.ws` directly.
125
+ - `from asap.adapters.mcp import ...` — use `asap.mcp.auth` directly.
126
+ - `RemoteFatalRPCError` / `RemoteRecoverableRPCError` — use `RemoteRPCError` + `is_recoverable`.
127
+ - `metering_storage_adapter` — use `MeteringStorageBridge`.
128
+ - `FRAME_ENCODING_BINARY` — binary framing is gone; the literal remains on the shim for import compat only.
129
+
130
+ ### Migration
131
+
132
+ - **v2.5.0 → v2.5.1**: No breaking changes. Update deprecated import paths at your convenience (removed in v2.6.0). If you run an OAuth2-only deployment, note that `/asap/ws` now requires a Bearer JWT in the handshake — see [migration guide](docs/migration.md#upgrading-from-v250-to-v251).
133
+
134
+ ---
135
+
136
+ ## [2.5.0.1] - 2026-06-24
137
+
138
+ **Compliance package publish** — no change to `asap-protocol` Python API (remains **2.5.0** on PyPI). Git tag **`v2.5.0.1`** is **compliance-only** (not an npm TypeScript release).
16
139
 
17
140
  ### Fixed
18
141
 
19
- - **CI security (`pip-audit`)**: Raised `cryptography` to `>=48.0.1,<49` (GHSA-537c-gmf6-5ccf), `python-multipart>=0.0.31` (CVE-2026-53538–53540), and `starlette>=1.3.1` (CVE-2026-54282 / CVE-2026-54283) via `pyproject.toml` floors and `tool.uv.override-dependencies`.
20
- - **pydantic-ai (CVE-2026-46678)**: Optional `[pydanticai]` extra pins `pydantic-ai>=1.99.0`; removed obsolete `pip-audit` ignore from CI.
142
+ - **PyPI `asap-compliance`**: Bump to **1.3.0** and publish the `mcp-auth-bridge` stdio MCP profile shipped in v2.5.0. The v2.5.0 tag did not upload a new compliance wheel because `release.yml` uses `skip-existing` and the version was still **1.2.0** (February 2026 artifact without MCP auth checks). Requires `asap-protocol>=2.5.0`.
21
143
 
22
144
  ---
23
145
 
@@ -67,14 +189,11 @@ changes.
67
189
 
68
190
  ### TypeScript
69
191
 
70
- - **`@asap-protocol/mcp-auth` deferred to v2.5.0.1** — MCP-TS-001..003 (HTTP/SSE
71
- Bearer middleware) are SHOULD-scope; v2.5.0 ships the Python stdio bridge as the
72
- release gate. Rationale and implementation checklist:
192
+ - **`@asap-protocol/mcp-auth` deferred** — MCP-TS-001..003 (HTTP/SSE Bearer middleware) are SHOULD-scope; v2.5.0 ships the Python stdio bridge as the release gate. Rationale and checklist:
73
193
  [typescript-mcp-auth-spike.md](engineering/tasks/v2.5.0/typescript-mcp-auth-spike.md);
74
- carry-over tracked in
75
- [PRD v2.5.1 §3](product/prd/prd-v2.5.1-adapter-lab-ii.md#3-carry-over-from-v250-asap-protocolmcp-auth).
76
- Existing `@asap-protocol/*` npm packages remain at **2.4.1** until a separate
77
- publish.
194
+ [backlog](engineering/tasks/v2.5.0/backlog-mcp-auth-typescript.md).
195
+ **Note:** git tag **`v2.5.0.1`** was used for **`asap-compliance` 1.3.0** only; the npm middleware targets a **future patch** (TBD tag, e.g. `v2.5.0.2`).
196
+ Existing `@asap-protocol/*` npm packages remain at **2.4.1** until that publish.
78
197
 
79
198
  ### Migration
80
199
 
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: asap-protocol
3
- Version: 2.5.0
3
+ Version: 2.5.2
4
4
  Summary: Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication
5
5
  Project-URL: Homepage, https://github.com/adriannoes/asap-protocol
6
6
  Project-URL: Documentation, https://adriannoes.github.io/asap-protocol
@@ -27,7 +27,7 @@ Requires-Dist: cryptography<49,>=48.0.1
27
27
  Requires-Dist: fastapi>=0.136.1
28
28
  Requires-Dist: httpx[http2]>=0.28.1
29
29
  Requires-Dist: jcs>=0.2.0
30
- Requires-Dist: joserfc<2,>=1.6.3
30
+ Requires-Dist: joserfc<2,>=1.6.7
31
31
  Requires-Dist: jsonschema>=4.23.0
32
32
  Requires-Dist: limits>=3.0
33
33
  Requires-Dist: opentelemetry-api>=1.20
@@ -48,6 +48,7 @@ Requires-Dist: crewai>=0.80; extra == 'crewai'
48
48
  Provides-Extra: dev
49
49
  Requires-Dist: asgi-lifespan>=2.1.0; extra == 'dev'
50
50
  Requires-Dist: brotli>=1.1.0; extra == 'dev'
51
+ Requires-Dist: fakeredis>=2.26.0; extra == 'dev'
51
52
  Requires-Dist: mypy>=1.19.1; extra == 'dev'
52
53
  Requires-Dist: pip-audit>=2.7; extra == 'dev'
53
54
  Requires-Dist: pytest-asyncio>=0.24; extra == 'dev'
@@ -61,9 +62,12 @@ Provides-Extra: dns-sd
61
62
  Requires-Dist: zeroconf>=0.149.5; extra == 'dns-sd'
62
63
  Provides-Extra: docs
63
64
  Requires-Dist: ghp-import>=2.1.0; extra == 'docs'
65
+ Requires-Dist: joserfc<2,>=1.6.7; extra == 'docs'
64
66
  Requires-Dist: mkdocs-material>=9.5; extra == 'docs'
65
67
  Requires-Dist: mkdocstrings[python]>=0.27; extra == 'docs'
66
68
  Requires-Dist: pymdown-extensions>=10.21.3; extra == 'docs'
69
+ Requires-Dist: python-engineio>=4.13.2; extra == 'docs'
70
+ Requires-Dist: python-socketio>=5.16.2; extra == 'docs'
67
71
  Provides-Extra: langchain
68
72
  Requires-Dist: langchain-core>=1.3.3; extra == 'langchain'
69
73
  Provides-Extra: llamaindex
@@ -83,7 +87,7 @@ Requires-Dist: smolagents>=1.24.0; extra == 'smolagents'
83
87
  Provides-Extra: telemetry
84
88
  Requires-Dist: pypistats>=1.11.0; extra == 'telemetry'
85
89
  Provides-Extra: webauthn
86
- Requires-Dist: webauthn<3,>=2.6; extra == 'webauthn'
90
+ Requires-Dist: webauthn<4,>=2.6; extra == 'webauthn'
87
91
  Description-Content-Type: text/markdown
88
92
 
89
93
  # ASAP: Async Simple Agent Protocol
@@ -95,40 +99,57 @@ Description-Content-Type: text/markdown
95
99
 
96
100
  > A production-ready protocol for agent-to-agent communication and task coordination.
97
101
 
98
- **Quick Info**: `v2.5.0` (release branch; PyPI/npm publish on `v2.5.0` tag) · **npm TS [`2.4.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.1)** (latest published) | `Apache 2.0` | `Python 3.13+` | [Documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | **[PyPI `asap-protocol`](https://pypi.org/project/asap-protocol/)** | **[npm `@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client)** | [Changelog](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md)
102
+ **Quick Info**: [`v2.5.2`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.2) | `Apache 2.0` | `Python 3.13+` | [Documentation](docs/index.md) | [Changelog](CHANGELOG.md)
99
103
 
100
- > 📦 Install the ASAP **Python SDK / protocol** from **`https://pypi.org/project/asap-protocol/`** package name **`asap-protocol`** on [PyPI](https://pypi.org/project/asap-protocol/).
104
+ > 📦 **Install** [`asap-protocol` on PyPI](https://pypi.org/project/asap-protocol/) (Python) · [`@asap-protocol/client` on npm](https://www.npmjs.com/package/@asap-protocol/client) (TypeScript)
101
105
 
102
- > 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
106
+ 🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
103
107
 
104
108
  ## Why ASAP?
105
109
 
106
- Building multi-agent systems today suffers from three core technical challenges that existing protocols like A2A don't fully address:
107
- 1. **$N^2$ Connection Complexity**: Most protocols assume static point-to-point HTTP connections that don't scale.
108
- 2. **State Drift**: Lack of native persistence makes it impossible to reliably resume long-running agentic workflows.
109
- 3. **Fragmentation**: No unified way to handle task delegation, artifact exchange and tool execution (MCP) in a single envelope.
110
+ Multi-agent systems hit three walls that point-to-point agent protocols often leave open:
110
111
 
111
- **ASAP** provides a production-ready communication layer that simplifies these complexities. It's ideal for **multi-agent orchestration**, **stateful workflows** (persistence, resumability), **MCP support** and **production systems** requiring high-performance, type-safe agent communication.
112
+ 1. **Connection sprawl** pairwise HTTP does not scale as orchestrators fan out.
113
+ 2. **State drift** — long workflows stall without durable task state and resumability.
114
+ 3. **Fragmentation** — delegation, artifacts, and MCP tool calls end up in incompatible layers.
112
115
 
113
- For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the [documentation](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) for the current protocol overview and features.
116
+ **ASAP** answers with a schema-first protocol and reference SDKs in **Python** and **TypeScript**:
117
+
118
+ - **Resumable orchestration** — task state machine, snapshot store, SSE streaming, and built-in `trace_id` / `correlation_id`.
119
+ - **One typed envelope** — tasks, MCP tool execution, and artifact exchange on the same JSON Schema contract.
120
+ - **Production trust** — Ed25519 signed manifests, Host/Agent JWTs, constrained capabilities, OAuth2, opt-in WebAuthn — plus the **MCP Auth Bridge** (v2.5.0) for scoped native `tools/call`.
121
+ - **Ecosystem-ready** — [agentic marketplace](https://asap-protocol.com/), Lite Registry, edge-AI discovery, OpenAPI import, and framework adapters ([Python & npm](#framework-ecosystem)).
122
+
123
+ Plain HTTP between two agents is enough for the simplest cases. ASAP is built for **multi-agent orchestration**, **stateful workflows**, and **governed capability access** in production — see [documentation](docs/index.md) and the feature table below.
114
124
 
115
125
  ### Key Features
116
126
 
117
- - **Stateful orchestration** Task state machine with snapshotting for resumable workflows.
118
- - **Schema-first** Pydantic v2 + JSON Schema for cross-agent interoperability.
119
- - **Async-native** `asyncio` + `httpx`; sync and async handlers supported.
120
- - **MCP integration** Tool execution and coordination in a single envelope.
121
- - **Observable** `trace_id` and `correlation_id` for debugging.
122
- - **Security** Bearer auth, OAuth2/JWT, Ed25519 signed manifests, optional mTLS, replay prevention, HTTPS, rate limiting. [Security Model](https://github.com/adriannoes/asap-protocol/blob/main/docs/security/v1.1-security-model.md) (trust limits, Custom Claims).
123
- - **Identity & capabilities (v2.2, WebAuthn real in v2.2.1)** Per-runtime Host/Agent JWTs, capability grants with constraints (`max`, `min`, `in`, `not_in`), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via `asap-protocol[webauthn]`).
124
- - **Streaming & wire protocol (v2.2)** — `POST /asap/stream` (SSE / `TaskStream`), JSON-RPC 2.0 batch on `POST /asap`, `ASAP-Version` negotiation, tamper-evident audit logging, Compliance Harness v2.
125
- - **Adoption Multiplier (v2.3.0)** — OpenAPI → ASAP via `create_from_openapi` (`[openapi]` extra), official **`@asap-protocol/client`** on npm (Vercel AI / OpenAI / Anthropic adapters), optional **Auto-Registration** (`POST /registry/agents`), **capability escalation**, and **ASAP `WWW-Authenticate`** discovery challenges. All opt-in; wire protocol unchanged. See [docs/index.md](docs/index.md) and [docs/migration.md](docs/migration.md).
126
- - **Edge-AI discovery (v2.4.0)** — Optional `manifest.capabilities.hardware` + `inference`, Lite Registry mirror, marketplace browse filters, and `@asap-protocol/client@2.4.1` discovery types. Wire protocol unchanged. See [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) and [ShellClaw registry guide](docs/guides/shellclaw-registry.md).
127
- - **Framework adapters (v2.3.1+, npm)** **`@asap-protocol/mastra`** and **`@asap-protocol/openai-agents`** expose ASAP capabilities as Mastra tools and OpenAI Agents SDK `tool()` definitions. See [Migration (v2.3.0 → v2.3.1)](docs/migration.md#upgrading-from-v230-to-v231).
128
- - **Economics** Usage metering, delegation tokens, SLA framework with breach alerts.
129
-
130
- ### 🆕 Framework Ecosystem
131
- ASAP is built for interoperability. Seamlessly integrate your agents into **OpenClaw**, **LangChain**, **CrewAI** and **LlamaIndex** workflows using our growing library of native adapters and standardized tool-calling schemas.
127
+ | Area | Highlights | Docs |
128
+ | --- | --- | --- |
129
+ | Stateful orchestration | Task state machine, snapshotting, resumable workflows | [State management](docs/state-management.md) |
130
+ | Schema-first | Pydantic v2 + JSON Schema for cross-agent interchange | [API reference](docs/api-reference.md) |
131
+ | Async-native | `asyncio` + `httpx`; sync and async handlers | [Transport](docs/transport.md) |
132
+ | MCP integration | Tool execution and coordination in one envelope (Mode B) | [MCP integration](docs/mcp-integration.md) |
133
+ | MCP Auth Bridge | Opt-in Agent JWT + capability grants on native stdio MCP `tools/call` (Mode A) | [MCP Auth Bridge](docs/adapters/mcp-auth-bridge.md) |
134
+ | Observability | `trace_id` and `correlation_id` for debugging | [Observability](docs/observability.md) |
135
+ | Security | OAuth2/JWT, Ed25519 manifests, mTLS, rate limiting | [Security](docs/security.md) |
136
+ | Identity & capabilities | Host/Agent JWTs, constrained grants, approval flows, opt-in WebAuthn | [Capabilities](docs/capabilities/index.md) |
137
+ | Streaming & wire protocol | SSE `/asap/stream`, JSON-RPC batch, `ASAP-Version` negotiation | [Transport](docs/transport.md) |
138
+ | Adoption tools | OpenAPI adapter, `@asap-protocol/client`, auto-registration, escalation | [Migration (v2.2 → v2.3)](docs/migration.md#upgrading-from-v22x-to-v230) |
139
+ | Edge-AI discovery | Hardware/inference manifests, registry mirror, marketplace filters | [ShellClaw guide](docs/guides/shellclaw-registry.md) |
140
+ | Framework adapters (npm) | `@asap-protocol/mastra` and `@asap-protocol/openai-agents` tool bridges | [Mastra](docs/integrations/mastra.md) · [OpenAI Agents](docs/integrations/openai-agents.md) |
141
+ | Economics | Usage metering, delegation tokens, SLA breach alerts | [Audit log](docs/audit.md) |
142
+
143
+ Full overview and upgrade paths: [docs/index.md](docs/index.md).
144
+
145
+ ### Framework Ecosystem
146
+
147
+ ASAP meets agents where they run — optional Python extras, npm tool bridges, and protocol-native MCP.
148
+
149
+ | Runtime | Integrations | Docs |
150
+ | --- | --- | --- |
151
+ | **Python** | LangChain, CrewAI, LlamaIndex, PydanticAI, SmolAgents, OpenClaw (`pip install "asap-protocol[extra]"`); Vercel AI SDK router; MCP; MCP Auth Bridge; A2H | [OpenClaw](docs/guides/openclaw-integration.md) · [Vercel AI SDK](docs/guides/vercel-ai-sdk.md) · [MCP](docs/mcp-integration.md) · [MCP Auth Bridge](docs/adapters/mcp-auth-bridge.md) |
152
+ | **TypeScript** (npm) | `@asap-protocol/client` (Vercel AI / OpenAI / Anthropic adapters), `@asap-protocol/mastra`, `@asap-protocol/openai-agents` | [TypeScript SDK](docs/sdks/typescript.md) · [Mastra](docs/integrations/mastra.md) · [OpenAI Agents](docs/integrations/openai-agents.md) |
132
153
 
133
154
  ## Installation
134
155
 
@@ -144,11 +165,11 @@ Or with pip:
144
165
  pip install asap-protocol
145
166
  ```
146
167
 
147
- **npm** (TypeScript / JavaScript — [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client), **`2.4.1`**). The `latest` dist-tag matches **`npm view @asap-protocol/client version`**.
168
+ **TypeScript** (npm, **`2.4.1`** unchanged for v2.5.2; `@asap-protocol/mcp-auth` HTTP middleware still deferred):
148
169
 
149
- **npm** Mastra [**`@asap-protocol/mastra@2.4.1`**](https://www.npmjs.com/package/@asap-protocol/mastra) bridges ASAP capabilities onto **`@mastra/core`** tools; docs: [`docs/integrations/mastra.md`](docs/integrations/mastra.md), demo: [`apps/example-mastra/README.md`](apps/example-mastra/README.md).
150
-
151
- **npm** OpenAI Agents SDK [**`@asap-protocol/openai-agents@2.4.1`**](https://www.npmjs.com/package/@asap-protocol/openai-agents) exposes ASAP capabilities as **`@openai/agents`** `tool()` definitions **not** the Chat Completions helper [`adapters/openai`](packages/typescript/client/src/adapters/openai.ts); docs: [`docs/integrations/openai-agents.md`](docs/integrations/openai-agents.md), demo: [`apps/example-openai-agents/README.md`](apps/example-openai-agents/README.md).
170
+ - [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client) [SDK docs](docs/sdks/typescript.md)
171
+ - [`@asap-protocol/mastra`](https://www.npmjs.com/package/@asap-protocol/mastra) — [docs](docs/integrations/mastra.md) · [demo](apps/example-mastra/README.md)
172
+ - [`@asap-protocol/openai-agents`](https://www.npmjs.com/package/@asap-protocol/openai-agents) — [docs](docs/integrations/openai-agents.md) · [demo](apps/example-openai-agents/README.md)
152
173
 
153
174
  ```bash
154
175
  npm install @asap-protocol/client@2.4.1
@@ -156,7 +177,7 @@ npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
156
177
  npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod
157
178
  ```
158
179
 
159
- 📦 **Canonical listing:** **[https://pypi.org/project/asap-protocol/](https://pypi.org/project/asap-protocol/)** package **`asap-protocol`** (`pip install asap-protocol`). Prefer `uv` for reproducible environments when possible.
180
+ **Python v2.5.2** (security follow-up): `uv add asap-protocol` or `pip install asap-protocol==2.5.2` see [Migration (v2.5.1 v2.5.2)](docs/migration.md#upgrading-from-v251).
160
181
 
161
182
  ## Quick Start
162
183
 
@@ -189,17 +210,20 @@ uv run pytest --tb=short --cov=asap --cov-report=term-missing --cov-fail-under=8
189
210
  Validate that your agent follows the ASAP protocol:
190
211
 
191
212
  ```bash
192
- uv add asap-compliance
213
+ uv add "asap-compliance>=1.3.0"
193
214
  pytest --asap-agent-url https://your-agent.example.com -m asap_compliance
194
215
  ```
195
216
 
217
+ For **MCP Auth Bridge** stdio gates (`mcp-auth-bridge` profile), use **`asap-compliance` 1.3.0+** with **`asap-protocol` 2.5.0+** — published on PyPI via tag [`v2.5.0.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.0.1).
218
+
196
219
  See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/main/docs/guides/compliance-testing.md) for handshake, schema and state machine validation.
197
220
 
198
221
  ## Documentation
199
222
 
200
223
  **Learn**
201
- - [Docs](https://github.com/adriannoes/asap-protocol/blob/main/docs/index.md) | [API Reference](https://github.com/adriannoes/asap-protocol/blob/main/docs/api-reference.md)
202
- - [TypeScript client SDK](https://github.com/adriannoes/asap-protocol/blob/main/docs/sdks/typescript.md) — `@asap-protocol/client` (identity, capabilities, streaming, adapters)
224
+ - [Docs](docs/index.md) | [API Reference](docs/api-reference.md)
225
+ - [MCP Auth Bridge](docs/adapters/mcp-auth-bridge.md) — v2.5.0 opt-in JWT + capability grants for native stdio MCP
226
+ - [TypeScript client SDK](docs/sdks/typescript.md) — `@asap-protocol/client` (identity, capabilities, streaming, adapters)
203
227
  - [Tutorials](https://github.com/adriannoes/asap-protocol/tree/main/docs/tutorials) — First agent to production checklist
204
228
  - [Migration from A2A/MCP](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md)
205
229
  - [Raw Fetch (non-Python)](https://github.com/adriannoes/asap-protocol/blob/main/docs/raw-fetch.md) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.
@@ -222,17 +246,18 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
222
246
 
223
247
  ```bash
224
248
  asap --version # Show version
225
- asap list-schemas # List all available schemas
226
- asap export-schemas # Export JSON schemas to file
227
- asap compliance-check --url https://agent.example # Compliance Harness v2 (HTTP(S))
249
+ asap list-schemas # List JSON schemas
250
+ asap export-schemas # Export schemas to disk
251
+ asap validate-schema payload.json # Validate JSON against a schema
252
+ asap compliance-check --url https://agent.example # Remote Compliance Harness v2
228
253
  asap audit export --store memory --format json # Export audit log (stdout)
229
- asap keys generate -o key.pem # Generate Ed25519 keypair
230
- asap manifest sign -k key.pem manifest.json # Sign manifest
231
- asap manifest verify signed.json # Verify signature
232
- asap manifest info signed.json # Show trust level
254
+ asap keys generate -o key.pem # Ed25519 keypair
255
+ asap manifest sign -k key.pem manifest.json # Sign agent manifest
256
+ asap delegation create -d <urn> -s read -k key.pem --delegator <urn>
257
+ asap trace <trace-id> --log-file asap.log # Visualize request flow from logs
233
258
  ```
234
259
 
235
- See the [CLI reference](docs/cli.md) for `compliance-check` and `audit export` flag details, the [CI compliance gate](docs/ci-compliance.md) for wiring `compliance-check` into GitHub Actions, the [audit export guide](docs/audit.md), [Identity Signing](docs/guides/identity-signing.md), or run `asap --help` for the full command surface.
260
+ See [docs/cli.md](docs/cli.md) for delegation tokens, schema validation, trace visualization, REPL, and full flag reference. Run `asap --help` for your installed version.
236
261
 
237
262
  ## Version History
238
263
 
@@ -240,7 +265,12 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
240
265
 
241
266
  | Version | What shipped |
242
267
  | :-- | :-- |
243
- | **v2.4.0** | **Edge-AI discovery** **[GitHub Release `v2.4.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.4.0)** · optional `hardware` / `inference` manifest fields, registry mirror, marketplace filters, **`@asap-protocol/client@2.4.0`**, ShellClaw onboarding docs. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#240---2026-05-24) and [Migration (v2.3.x → v2.4.0)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v23x-to-v240) |
268
+ | **v2.5.2** | **Security & correctness follow-up** opt-in operator API auth, `extra="forbid"` ingress, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups (#245–#249), registry signed-manifest/400 fixes. See [CHANGELOG](CHANGELOG.md#252---2026-07-08), [PRD](product/prd/prd-v2.5.2-security-follow-up.md), and [Migration (v2.5.1 → v2.5.2)](docs/migration.md#upgrading-from-v251) |
269
+ | **v2.5.1** | **Code quality patch** — behavior-preserving refactor (transport/server, client, websocket, SQLite storage, auth, integrations) + six correctness/security fixes (atomic `revoke_cascade`, `usage_events` DDL, unified Host-JWT verifier, **WS now enforces OAuth2**, OpenAPI handler cleanup, client `correlation_id` binding). Deprecated import paths removed in v2.6.0. See [CHANGELOG](CHANGELOG.md#251---2026-06-25) and [Migration (v2.5.0 → v2.5.1)](docs/migration.md#upgrading-from-v250-to-v251) |
270
+ | **v2.5.0.1** | **Compliance publish** — **[GitHub Release `v2.5.0.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.0.1)** · PyPI **`asap-compliance` 1.3.0** (`mcp-auth-bridge` profile; requires `asap-protocol>=2.5.0`). No `asap-protocol` API change. See [CHANGELOG](CHANGELOG.md#2501---2026-06-24) |
271
+ | **v2.5.0** | **MCP Auth Bridge** — **[GitHub Release `v2.5.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.0)** · opt-in `protect_server` for stdio MCP; Agent JWT + capability grants; reference example `examples/mcp_auth_bridge/`. See [CHANGELOG](CHANGELOG.md#250---2026-06-24) and [Migration (v2.4.1 → v2.5.0)](docs/migration.md#upgrading-from-v241-to-v250) |
272
+ | **v2.4.1** | **Security hardening** — OAuth2 `iss`/`aud`, fail-closed identity binding, web SSRF/redirect fixes, dependency bumps. See [CHANGELOG](CHANGELOG.md#241---2026-06-14) and [Migration (v2.4.0 → v2.4.1)](docs/migration.md#upgrading-from-v240-to-v241) |
273
+ | **v2.4.0** | **Edge-AI discovery** — optional `hardware` / `inference` manifest fields, registry mirror, marketplace filters, **`@asap-protocol/client@2.4.0`**, ShellClaw onboarding docs. See [CHANGELOG](CHANGELOG.md#240---2026-05-24) and [Migration (v2.3.x → v2.4.0)](docs/migration.md#upgrading-from-v23x-to-v240) |
244
274
  | **v2.3.1** | **npm TS patch** — **[GitHub Release `v2.3.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.3.1)** · **`@asap-protocol/mastra`**, **`@asap-protocol/openai-agents`**, **`@asap-protocol/client@2.3.1`** (additive adapter exports). Python **2.3.0** unchanged. See [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#231---2026-05-20) and [Migration (v2.3.0 → v2.3.1)](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v230-to-v231) |
245
275
  | **v2.3.0** | **OpenAPI Adapter** (`[openapi]`) · **TypeScript client** (`@asap-protocol/client`) · **Auto-Registration** · **Capability escalation** · **ASAP HTTP challenge** — see [CHANGELOG](https://github.com/adriannoes/asap-protocol/blob/main/CHANGELOG.md#230---2026-05-04) and [Migration](https://github.com/adriannoes/asap-protocol/blob/main/docs/migration.md#upgrading-from-v22x-to-v230) |
246
276
  | **v2.2.1** | Opt-in **WebAuthn** (`asap-protocol[webauthn]`) · `asap compliance-check` & `asap audit export` · stricter `ResolvedAgent.run()` · `AuditChainBroken` · [pinned security deps](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md#dependency-policy) |
@@ -254,7 +284,14 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
254
284
 
255
285
  ## 🔭 What's Next?
256
286
 
257
- ASAP is evolving toward an **Agent Marketplace** — an open ecosystem where AI agents discover, trust and collaborate autonomously. See the [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md) and [v2.0 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.0-roadmap.md). Detailed long-term strategy narratives are maintained privately (not shipped in this repository).
287
+ The [agentic marketplace](https://asap-protocol.com/) and Lite Registry are live. The **v2.5.x train** focuses on interop and adoption:
288
+
289
+ - **v2.5.3** — enterprise/workflow adapter spikes (Adapter Lab II)
290
+ - **v2.5.4** — distribution loop (homepage templates, starter kits, adoption metrics)
291
+ - **`@asap-protocol/mcp-auth`** (npm) — HTTP/SSE MCP middleware
292
+ - **Formal spec track** (v2.5.5) — introspection, privacy, cross-protocol interop on the path to v3.0 economy
293
+
294
+ See the [v2.5 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.5-roadmap.md) and [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md).
258
295
 
259
296
  ## Contributing
260
297
 
@@ -266,11 +303,11 @@ Check out our [contributing guidelines](https://github.com/adriannoes/asap-proto
266
303
 
267
304
  ## Contact
268
305
 
269
- For **general questions** about the protocol, the marketplace, partnerships, or press (not security vulnerabilities — use [SECURITY.md](https://github.com/adriannoes/asap-protocol/blob/main/SECURITY.md) for those):
270
-
271
- - **Email:** [info@asap-protocol.com](mailto:info@asap-protocol.com)
272
-
273
- You can also use [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) for public project topics.
306
+ | Channel | Use for |
307
+ | --- | --- |
308
+ | [GitHub Discussions](https://github.com/adriannoes/asap-protocol/discussions) or [Issues](https://github.com/adriannoes/asap-protocol/issues) | Public questions, bugs, and feature ideas |
309
+ | [info@asap-protocol.com](mailto:info@asap-protocol.com) | Private coordination — protocol, marketplace, partnerships, press |
310
+ | [SECURITY.md](SECURITY.md) | Security vulnerabilities only — **do not** use email or public issues |
274
311
 
275
312
  ## Privacy
276
313
 
@@ -282,4 +319,4 @@ This project is licensed under the Apache 2.0 License - see the [license](https:
282
319
 
283
320
  ---
284
321
 
285
- **Built with [Cursor](https://cursor.com/)** using Opus 4.6/4.7, Composer 1.5/2.0, Gemini 3.1 Pro and Kimi K2.5.
322
+ **Built with [Cursor](https://cursor.com/)**, with Composer, Opus, Gemini, Kimi and more.