asap-protocol 2.5.1__tar.gz → 2.5.2__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/CHANGELOG.md +67 -5
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/PKG-INFO +35 -22
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/README.md +28 -19
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/pyproject.toml +13 -3
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/entities/conversation.schema.json +1 -1
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/entities/manifest.schema.json +170 -111
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/envelope.schema.json +51 -1
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/task_request.schema.json +1 -1
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/__init__.py +1 -1
- asap_protocol-2.5.2/src/asap/auth/_scope_parse.py +39 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/agent_jwt.py +24 -3
- asap_protocol-2.5.2/src/asap/auth/jti_replay_cache.py +109 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/middleware.py +52 -10
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/scopes.py +9 -25
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/cli/__init__.py +1 -14
- asap_protocol-2.5.2/src/asap/cli/_compat.py +24 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/auth/config.py +2 -2
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/entities.py +2 -4
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/envelope.py +9 -3
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/payloads.py +1 -3
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/registry/auto_registration.py +11 -3
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/state/stores/_sqlite_base.py +32 -5
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/_auth_helpers.py +7 -3
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/agent_routes.py +12 -5
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/capability_routes.py +7 -4
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/client/_send.py +14 -3
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/errors.py +51 -11
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/routes/audit.py +16 -5
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/server.py +94 -30
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/sla_api.py +14 -6
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/usage_api.py +17 -5
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/ws/client.py +7 -1
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/.gitignore +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/LICENSE +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/entities/agent.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/entities/artifact.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/entities/message.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/entities/state_snapshot.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/entities/task.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/examples/shellclaw-jetson-capabilities.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/parts/data_part.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/parts/file_part.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/parts/resource_part.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/parts/template_part.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/parts/text_part.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/artifact_notify.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/mcp_resource_data.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/mcp_resource_fetch.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/mcp_tool_call.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/mcp_tool_result.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/message_send.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/state_query.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/state_restore.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/task_cancel.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/task_response.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/schemas/payloads/task_update.schema.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/mcp/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/mcp/auth_middleware.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/mcp/capability_map.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/mcp/config.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/mcp/errors.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/mcp/jwt_extractor.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/mcp/protected_server.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/openapi/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/openapi/approval.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/openapi/capability_mapper.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/openapi/factory.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/openapi/handler.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/adapters/openapi/spec_loader.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/approval.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/capabilities.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/identity.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/introspection.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/jwks.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/oauth2.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/oidc.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/self_auth.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/webauthn.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/auth/webauthn_store.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/cli/audit_export.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/cli/compliance_check.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/cli/delegation.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/cli/keys.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/cli/manifest.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/cli/repl.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/cli/schemas.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/cli/trace.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/client/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/client/cache.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/client/http_client.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/client/market.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/client/revocation.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/client/trust.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/crypto/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/crypto/keys.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/crypto/models.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/crypto/signing.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/crypto/trust.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/crypto/trust_levels.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/discovery/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/discovery/dnssd.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/discovery/health.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/discovery/registry.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/discovery/validation.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/discovery/wellknown.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/economics/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/economics/audit.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/economics/delegation.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/economics/delegation_storage.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/economics/hooks.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/economics/metering.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/economics/sla.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/economics/sla_storage.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/economics/storage.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/errors.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/README.md +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/a2h_approval.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/agent_failover.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/auth_patterns.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/coordinator.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/echo_agent.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/error_recovery.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/long_running.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/mcp_client_demo.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/mcp_integration.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/multi_step_workflow.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/orchestration.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/rate_limiting.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/run_demo.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/secure_agent.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/secure_handler.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/state_migration.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/storage_backends.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/streaming_agent.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/streaming_response.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/v1_3_0_showcase.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/v1_4_0_showcase.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/examples/websocket_concept.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/handlers/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/handlers/hitl.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/integrations/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/integrations/_base.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/integrations/a2h.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/integrations/crewai.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/integrations/langchain.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/integrations/llamaindex.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/integrations/openclaw.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/integrations/pydanticai.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/integrations/smolagents.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/integrations/vercel_ai.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/auth/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/auth/auth_middleware.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/auth/capability_map.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/auth/errors.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/auth/jwt_extractor.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/auth/protected_server.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/client.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/protocol.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/serve.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/server.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/mcp/server_runner.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/base.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/constants.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/enums.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/ids.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/parts.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/types.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/models/validators.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/observability/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/observability/dashboards/README.md +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/observability/dashboards/asap-detailed.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/observability/dashboards/asap-red.json +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/observability/logging.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/observability/metrics.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/observability/trace_parser.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/observability/trace_ui.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/observability/tracing.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/registry/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/registry/anti_spam.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/registry/bot_pr.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/registry/receipt_cache.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/schemas.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/state/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/state/machine.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/state/metering.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/state/snapshot.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/state/stores/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/state/stores/_sync_bridge.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/state/stores/memory.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/state/stores/sqlite.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/testing/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/testing/asgi_factory.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/testing/assertions.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/testing/compliance.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/testing/fixtures.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/testing/mocks.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/_request_handler.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/_state_deps.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/cache.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/challenge.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/circuit_breaker.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/client/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/client/_core.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/client/_discovery.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/client/_helpers.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/compression.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/delegation_api.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/escalation_routes.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/executors.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/handlers.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/jsonrpc.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/lambda_codec.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/middleware.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/mtls.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/rate_limit.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/routes/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/routes/health.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/routes/jsonrpc.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/routes/websocket.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/validators.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/webhook.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/websocket.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/ws/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/ws/_ack.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/ws/_actions.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/ws/_dispatch.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/ws/_errors.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/ws/_recv.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/ws/codecs.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/ws/pool.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/transport/ws/server.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/utils/__init__.py +0 -0
- {asap_protocol-2.5.1 → asap_protocol-2.5.2}/src/asap/utils/sanitization.py +0 -0
|
@@ -7,18 +7,77 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
-
### Follow-up (
|
|
10
|
+
### Follow-up (planned v2.5.3+)
|
|
11
11
|
|
|
12
|
-
- **Adapter Lab II** —
|
|
13
|
-
-
|
|
14
|
-
-
|
|
15
|
-
- Redis-backed `JtiReplayCache` and distributed Next.js rate limits.
|
|
12
|
+
- **Adapter Lab II** — enterprise/workflow adapters ([prd-v2.5.3-adapter-lab-ii.md](product/prd/prd-v2.5.3-adapter-lab-ii.md)).
|
|
13
|
+
- **Distribution Loop** — homepage, templates, metrics ([prd-v2.5.4-distribution-loop.md](product/prd/prd-v2.5.4-distribution-loop.md)).
|
|
14
|
+
- **Formal Spec & Interop** — RFC spec, introspection, privacy ([prd-v2.5.5-formal-spec-interop.md](product/prd/prd-v2.5.5-formal-spec-interop.md)).
|
|
16
15
|
- `@asap-protocol/mcp-auth` HTTP/SSE middleware (deferred from v2.5.0 — see [2.5.0] TypeScript note and [typescript-mcp-auth-spike.md](engineering/tasks/v2.5.0/typescript-mcp-auth-spike.md)).
|
|
17
16
|
- Collapse the dual `UsageMetrics`/`InMemoryMeteringStore` pair retained in S1 for API stability.
|
|
18
17
|
- Reduce the `asap.transport.client` package aggregate LOC below the S2 target.
|
|
19
18
|
|
|
20
19
|
---
|
|
21
20
|
|
|
21
|
+
## [2.5.2] - 2026-07-08
|
|
22
|
+
|
|
23
|
+
**Security & correctness follow-up** — operator API auth, tighter ingress
|
|
24
|
+
validation, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups,
|
|
25
|
+
and registry fixes. Scope: [prd-v2.5.2-security-follow-up.md](product/prd/prd-v2.5.2-security-follow-up.md).
|
|
26
|
+
Wire protocol and manifest schema are unchanged aside from rejecting unknown
|
|
27
|
+
`config` / `metadata` keys (see Migration).
|
|
28
|
+
|
|
29
|
+
### Added
|
|
30
|
+
|
|
31
|
+
- **Opt-in operator API auth (#209)**: `create_app(require_operator_auth=True)`
|
|
32
|
+
requires an OAuth2 Bearer JWT with scope ``asap:admin`` on ``/usage``,
|
|
33
|
+
``/sla``, and ``/audit``. Default remains open (local/operator ergonomics)
|
|
34
|
+
with the existing startup warnings. Requires ``oauth2_config``.
|
|
35
|
+
- **Redis-backed JTI replay cache (#209)**: Optional
|
|
36
|
+
:class:`~asap.auth.jti_replay_cache.RedisJtiReplayCache` for multi-worker
|
|
37
|
+
Host/Agent JWT replay protection. Default remains in-memory
|
|
38
|
+
:class:`~asap.auth.agent_jwt.JtiReplayCache`. Requires
|
|
39
|
+
``pip install 'asap-protocol[redis]'``. Inject via
|
|
40
|
+
``create_app(identity_jti_cache=...)`` or ``MCPAuthConfig.jti_replay_cache``.
|
|
41
|
+
|
|
42
|
+
### Changed
|
|
43
|
+
|
|
44
|
+
- **Ingress validation (#209)**: `TaskRequestConfig` and `CommonMetadata` now reject
|
|
45
|
+
unknown fields (`extra="forbid"`, inherited from `ASAPBaseModel`). Previously these
|
|
46
|
+
models allowed arbitrary extension keys; clients sending custom `config` or
|
|
47
|
+
`metadata` properties must use known fields only or nest extensions under
|
|
48
|
+
`TaskRequest.input` / envelope `extensions`. See
|
|
49
|
+
[migration guide](docs/migration.md#upgrading-from-v251).
|
|
50
|
+
- **CLI legacy imports (#242)**: `DEFAULT_SCHEMAS_DIR`, `export_all_schemas`, and
|
|
51
|
+
`_repl_namespace` are no longer re-exported from `asap.cli` root. Import from
|
|
52
|
+
`asap.cli._compat` (shim) or the owning submodules (`asap.cli.schemas`,
|
|
53
|
+
`asap.schemas`, `asap.cli.repl`). The `_compat` shim is removed in v2.6.0
|
|
54
|
+
([#275](https://github.com/adriannoes/asap-protocol/issues/275)).
|
|
55
|
+
See [migration guide](docs/migration.md#upgrading-from-v251).
|
|
56
|
+
- **Web app (`apps/web`)**: Optional distributed rate limits via Upstash Redis
|
|
57
|
+
or Vercel KV when `UPSTASH_REDIS_REST_URL` + `UPSTASH_REDIS_REST_TOKEN` (or
|
|
58
|
+
`KV_REST_API_URL` + `KV_REST_API_TOKEN`) are set; local dev without Redis
|
|
59
|
+
keeps the existing in-memory per-instance limiter
|
|
60
|
+
([#209](https://github.com/adriannoes/asap-protocol/issues/209)).
|
|
61
|
+
- **Auth scope parsing (#243)**: `parse_scope` lives in `asap.auth._scope_parse` so
|
|
62
|
+
`OAuth2Middleware` no longer needs an inline import to break a cycle.
|
|
63
|
+
|
|
64
|
+
### Fixed
|
|
65
|
+
|
|
66
|
+
- **CI security (`pip-audit`)**: Raised `joserfc` to `>=1.6.7,<2` (CVE-2026-48990) and added overrides for `python-engineio>=4.13.2` (CVE-2026-48802 / CVE-2026-48809) and `python-socketio>=5.16.2` (CVE-2026-48804). See [SECURITY.md](SECURITY.md).
|
|
67
|
+
- **Streaming correlation binding (#247)**: SSE and WebSocket streaming now require `TaskStream` chunks to echo the request envelope `id` (not an arbitrary request `correlation_id`), and streamed response payloads reject missing or mismatched `correlation_id` values.
|
|
68
|
+
- **SQLite write serialization (#245)**: `AsyncSqliteRepository.execute()` now holds the same `asyncio.Lock` as other write paths so concurrent writers cannot interleave on a shared connection.
|
|
69
|
+
- **Agent status JTI replay (#249)**: `GET /asap/agent/status` now records JWT `jti` in the replay cache (same hardening as other identity routes).
|
|
70
|
+
- **Registry signed manifests (#224)**: Registration paths accept signed manifest envelopes (unwrap before validation).
|
|
71
|
+
- **Registry validation errors (#227)**: Auto-registration maps `ManifestValidationError` to HTTP 400 instead of a 500.
|
|
72
|
+
|
|
73
|
+
### Migration
|
|
74
|
+
|
|
75
|
+
- **v2.5.1 → v2.5.2**: See [migration guide](docs/migration.md#upgrading-from-v251).
|
|
76
|
+
Breaking for clients that sent unknown keys on `TaskRequest.config` /
|
|
77
|
+
`CommonMetadata`. Operator auth and Redis JTI remain opt-in.
|
|
78
|
+
|
|
79
|
+
---
|
|
80
|
+
|
|
22
81
|
## [2.5.1] - 2026-06-25
|
|
23
82
|
|
|
24
83
|
**Code quality patch** — behavior-preserving refactor of the transport, storage,
|
|
@@ -59,6 +118,9 @@ Deprecated import paths keep working via shims until v2.6.0.
|
|
|
59
118
|
|
|
60
119
|
### Deprecated (remove in v2.6.0)
|
|
61
120
|
|
|
121
|
+
- `from asap.cli._compat import ...` — use `asap.cli.schemas`, `asap.schemas`, or
|
|
122
|
+
`asap.cli.repl` directly ([#242](https://github.com/adriannoes/asap-protocol/issues/242);
|
|
123
|
+
removal tracked in [#275](https://github.com/adriannoes/asap-protocol/issues/275)).
|
|
62
124
|
- `from asap.transport.websocket import ...` — use `asap.transport.ws` directly.
|
|
63
125
|
- `from asap.adapters.mcp import ...` — use `asap.mcp.auth` directly.
|
|
64
126
|
- `RemoteFatalRPCError` / `RemoteRecoverableRPCError` — use `RemoteRPCError` + `is_recoverable`.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: asap-protocol
|
|
3
|
-
Version: 2.5.
|
|
3
|
+
Version: 2.5.2
|
|
4
4
|
Summary: Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication
|
|
5
5
|
Project-URL: Homepage, https://github.com/adriannoes/asap-protocol
|
|
6
6
|
Project-URL: Documentation, https://adriannoes.github.io/asap-protocol
|
|
@@ -27,7 +27,7 @@ Requires-Dist: cryptography<49,>=48.0.1
|
|
|
27
27
|
Requires-Dist: fastapi>=0.136.1
|
|
28
28
|
Requires-Dist: httpx[http2]>=0.28.1
|
|
29
29
|
Requires-Dist: jcs>=0.2.0
|
|
30
|
-
Requires-Dist: joserfc<2,>=1.6.
|
|
30
|
+
Requires-Dist: joserfc<2,>=1.6.7
|
|
31
31
|
Requires-Dist: jsonschema>=4.23.0
|
|
32
32
|
Requires-Dist: limits>=3.0
|
|
33
33
|
Requires-Dist: opentelemetry-api>=1.20
|
|
@@ -48,6 +48,7 @@ Requires-Dist: crewai>=0.80; extra == 'crewai'
|
|
|
48
48
|
Provides-Extra: dev
|
|
49
49
|
Requires-Dist: asgi-lifespan>=2.1.0; extra == 'dev'
|
|
50
50
|
Requires-Dist: brotli>=1.1.0; extra == 'dev'
|
|
51
|
+
Requires-Dist: fakeredis>=2.26.0; extra == 'dev'
|
|
51
52
|
Requires-Dist: mypy>=1.19.1; extra == 'dev'
|
|
52
53
|
Requires-Dist: pip-audit>=2.7; extra == 'dev'
|
|
53
54
|
Requires-Dist: pytest-asyncio>=0.24; extra == 'dev'
|
|
@@ -61,9 +62,12 @@ Provides-Extra: dns-sd
|
|
|
61
62
|
Requires-Dist: zeroconf>=0.149.5; extra == 'dns-sd'
|
|
62
63
|
Provides-Extra: docs
|
|
63
64
|
Requires-Dist: ghp-import>=2.1.0; extra == 'docs'
|
|
65
|
+
Requires-Dist: joserfc<2,>=1.6.7; extra == 'docs'
|
|
64
66
|
Requires-Dist: mkdocs-material>=9.5; extra == 'docs'
|
|
65
67
|
Requires-Dist: mkdocstrings[python]>=0.27; extra == 'docs'
|
|
66
68
|
Requires-Dist: pymdown-extensions>=10.21.3; extra == 'docs'
|
|
69
|
+
Requires-Dist: python-engineio>=4.13.2; extra == 'docs'
|
|
70
|
+
Requires-Dist: python-socketio>=5.16.2; extra == 'docs'
|
|
67
71
|
Provides-Extra: langchain
|
|
68
72
|
Requires-Dist: langchain-core>=1.3.3; extra == 'langchain'
|
|
69
73
|
Provides-Extra: llamaindex
|
|
@@ -83,7 +87,7 @@ Requires-Dist: smolagents>=1.24.0; extra == 'smolagents'
|
|
|
83
87
|
Provides-Extra: telemetry
|
|
84
88
|
Requires-Dist: pypistats>=1.11.0; extra == 'telemetry'
|
|
85
89
|
Provides-Extra: webauthn
|
|
86
|
-
Requires-Dist: webauthn<
|
|
90
|
+
Requires-Dist: webauthn<4,>=2.6; extra == 'webauthn'
|
|
87
91
|
Description-Content-Type: text/markdown
|
|
88
92
|
|
|
89
93
|
# ASAP: Async Simple Agent Protocol
|
|
@@ -95,9 +99,9 @@ Description-Content-Type: text/markdown
|
|
|
95
99
|
|
|
96
100
|
> A production-ready protocol for agent-to-agent communication and task coordination.
|
|
97
101
|
|
|
98
|
-
**Quick Info**: [`v2.5.
|
|
102
|
+
**Quick Info**: [`v2.5.2`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.2) | `Apache 2.0` | `Python 3.13+` | [Documentation](docs/index.md) | [Changelog](CHANGELOG.md)
|
|
99
103
|
|
|
100
|
-
> 📦 **Install**
|
|
104
|
+
> 📦 **Install** — [`asap-protocol` on PyPI](https://pypi.org/project/asap-protocol/) (Python) · [`@asap-protocol/client` on npm](https://www.npmjs.com/package/@asap-protocol/client) (TypeScript)
|
|
101
105
|
|
|
102
106
|
🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
|
|
103
107
|
|
|
@@ -126,13 +130,13 @@ Plain HTTP between two agents is enough for the simplest cases. ASAP is built fo
|
|
|
126
130
|
| Schema-first | Pydantic v2 + JSON Schema for cross-agent interchange | [API reference](docs/api-reference.md) |
|
|
127
131
|
| Async-native | `asyncio` + `httpx`; sync and async handlers | [Transport](docs/transport.md) |
|
|
128
132
|
| MCP integration | Tool execution and coordination in one envelope (Mode B) | [MCP integration](docs/mcp-integration.md) |
|
|
129
|
-
| MCP Auth Bridge
|
|
133
|
+
| MCP Auth Bridge | Opt-in Agent JWT + capability grants on native stdio MCP `tools/call` (Mode A) | [MCP Auth Bridge](docs/adapters/mcp-auth-bridge.md) |
|
|
130
134
|
| Observability | `trace_id` and `correlation_id` for debugging | [Observability](docs/observability.md) |
|
|
131
135
|
| Security | OAuth2/JWT, Ed25519 manifests, mTLS, rate limiting | [Security](docs/security.md) |
|
|
132
|
-
| Identity & capabilities
|
|
133
|
-
| Streaming & wire protocol
|
|
134
|
-
| Adoption tools
|
|
135
|
-
| Edge-AI discovery
|
|
136
|
+
| Identity & capabilities | Host/Agent JWTs, constrained grants, approval flows, opt-in WebAuthn | [Capabilities](docs/capabilities/index.md) |
|
|
137
|
+
| Streaming & wire protocol | SSE `/asap/stream`, JSON-RPC batch, `ASAP-Version` negotiation | [Transport](docs/transport.md) |
|
|
138
|
+
| Adoption tools | OpenAPI adapter, `@asap-protocol/client`, auto-registration, escalation | [Migration (v2.2 → v2.3)](docs/migration.md#upgrading-from-v22x-to-v230) |
|
|
139
|
+
| Edge-AI discovery | Hardware/inference manifests, registry mirror, marketplace filters | [ShellClaw guide](docs/guides/shellclaw-registry.md) |
|
|
136
140
|
| Framework adapters (npm) | `@asap-protocol/mastra` and `@asap-protocol/openai-agents` tool bridges | [Mastra](docs/integrations/mastra.md) · [OpenAI Agents](docs/integrations/openai-agents.md) |
|
|
137
141
|
| Economics | Usage metering, delegation tokens, SLA breach alerts | [Audit log](docs/audit.md) |
|
|
138
142
|
|
|
@@ -161,7 +165,7 @@ Or with pip:
|
|
|
161
165
|
pip install asap-protocol
|
|
162
166
|
```
|
|
163
167
|
|
|
164
|
-
**TypeScript** (npm, **`2.4.1`** — unchanged for v2.5.
|
|
168
|
+
**TypeScript** (npm, **`2.4.1`** — unchanged for v2.5.2; `@asap-protocol/mcp-auth` HTTP middleware still deferred):
|
|
165
169
|
|
|
166
170
|
- [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client) — [SDK docs](docs/sdks/typescript.md)
|
|
167
171
|
- [`@asap-protocol/mastra`](https://www.npmjs.com/package/@asap-protocol/mastra) — [docs](docs/integrations/mastra.md) · [demo](apps/example-mastra/README.md)
|
|
@@ -173,7 +177,7 @@ npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
|
|
|
173
177
|
npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod
|
|
174
178
|
```
|
|
175
179
|
|
|
176
|
-
**Python v2.5.
|
|
180
|
+
**Python v2.5.2** (security follow-up): `uv add asap-protocol` or `pip install asap-protocol==2.5.2` — see [Migration (v2.5.1 → v2.5.2)](docs/migration.md#upgrading-from-v251).
|
|
177
181
|
|
|
178
182
|
## Quick Start
|
|
179
183
|
|
|
@@ -242,17 +246,18 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
|
|
|
242
246
|
|
|
243
247
|
```bash
|
|
244
248
|
asap --version # Show version
|
|
245
|
-
asap list-schemas # List
|
|
246
|
-
asap export-schemas # Export
|
|
247
|
-
asap
|
|
249
|
+
asap list-schemas # List JSON schemas
|
|
250
|
+
asap export-schemas # Export schemas to disk
|
|
251
|
+
asap validate-schema payload.json # Validate JSON against a schema
|
|
252
|
+
asap compliance-check --url https://agent.example # Remote Compliance Harness v2
|
|
248
253
|
asap audit export --store memory --format json # Export audit log (stdout)
|
|
249
|
-
asap keys generate -o key.pem #
|
|
250
|
-
asap manifest sign -k key.pem manifest.json # Sign manifest
|
|
251
|
-
asap
|
|
252
|
-
asap
|
|
254
|
+
asap keys generate -o key.pem # Ed25519 keypair
|
|
255
|
+
asap manifest sign -k key.pem manifest.json # Sign agent manifest
|
|
256
|
+
asap delegation create -d <urn> -s read -k key.pem --delegator <urn>
|
|
257
|
+
asap trace <trace-id> --log-file asap.log # Visualize request flow from logs
|
|
253
258
|
```
|
|
254
259
|
|
|
255
|
-
See
|
|
260
|
+
See [docs/cli.md](docs/cli.md) for delegation tokens, schema validation, trace visualization, REPL, and full flag reference. Run `asap --help` for your installed version.
|
|
256
261
|
|
|
257
262
|
## Version History
|
|
258
263
|
|
|
@@ -260,6 +265,7 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
|
|
|
260
265
|
|
|
261
266
|
| Version | What shipped |
|
|
262
267
|
| :-- | :-- |
|
|
268
|
+
| **v2.5.2** | **Security & correctness follow-up** — opt-in operator API auth, `extra="forbid"` ingress, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups (#245–#249), registry signed-manifest/400 fixes. See [CHANGELOG](CHANGELOG.md#252---2026-07-08), [PRD](product/prd/prd-v2.5.2-security-follow-up.md), and [Migration (v2.5.1 → v2.5.2)](docs/migration.md#upgrading-from-v251) |
|
|
263
269
|
| **v2.5.1** | **Code quality patch** — behavior-preserving refactor (transport/server, client, websocket, SQLite storage, auth, integrations) + six correctness/security fixes (atomic `revoke_cascade`, `usage_events` DDL, unified Host-JWT verifier, **WS now enforces OAuth2**, OpenAPI handler cleanup, client `correlation_id` binding). Deprecated import paths removed in v2.6.0. See [CHANGELOG](CHANGELOG.md#251---2026-06-25) and [Migration (v2.5.0 → v2.5.1)](docs/migration.md#upgrading-from-v250-to-v251) |
|
|
264
270
|
| **v2.5.0.1** | **Compliance publish** — **[GitHub Release `v2.5.0.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.0.1)** · PyPI **`asap-compliance` 1.3.0** (`mcp-auth-bridge` profile; requires `asap-protocol>=2.5.0`). No `asap-protocol` API change. See [CHANGELOG](CHANGELOG.md#2501---2026-06-24) |
|
|
265
271
|
| **v2.5.0** | **MCP Auth Bridge** — **[GitHub Release `v2.5.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.0)** · opt-in `protect_server` for stdio MCP; Agent JWT + capability grants; reference example `examples/mcp_auth_bridge/`. See [CHANGELOG](CHANGELOG.md#250---2026-06-24) and [Migration (v2.4.1 → v2.5.0)](docs/migration.md#upgrading-from-v241-to-v250) |
|
|
@@ -278,7 +284,14 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
|
|
|
278
284
|
|
|
279
285
|
## 🔭 What's Next?
|
|
280
286
|
|
|
281
|
-
|
|
287
|
+
The [agentic marketplace](https://asap-protocol.com/) and Lite Registry are live. The **v2.5.x train** focuses on interop and adoption:
|
|
288
|
+
|
|
289
|
+
- **v2.5.3** — enterprise/workflow adapter spikes (Adapter Lab II)
|
|
290
|
+
- **v2.5.4** — distribution loop (homepage templates, starter kits, adoption metrics)
|
|
291
|
+
- **`@asap-protocol/mcp-auth`** (npm) — HTTP/SSE MCP middleware
|
|
292
|
+
- **Formal spec track** (v2.5.5) — introspection, privacy, cross-protocol interop on the path to v3.0 economy
|
|
293
|
+
|
|
294
|
+
See the [v2.5 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.5-roadmap.md) and [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md).
|
|
282
295
|
|
|
283
296
|
## Contributing
|
|
284
297
|
|
|
@@ -306,4 +319,4 @@ This project is licensed under the Apache 2.0 License - see the [license](https:
|
|
|
306
319
|
|
|
307
320
|
---
|
|
308
321
|
|
|
309
|
-
**Built with [Cursor](https://cursor.com/)
|
|
322
|
+
**Built with [Cursor](https://cursor.com/)**, with Composer, Opus, Gemini, Kimi and more.
|
|
@@ -7,9 +7,9 @@
|
|
|
7
7
|
|
|
8
8
|
> A production-ready protocol for agent-to-agent communication and task coordination.
|
|
9
9
|
|
|
10
|
-
**Quick Info**: [`v2.5.
|
|
10
|
+
**Quick Info**: [`v2.5.2`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.2) | `Apache 2.0` | `Python 3.13+` | [Documentation](docs/index.md) | [Changelog](CHANGELOG.md)
|
|
11
11
|
|
|
12
|
-
> 📦 **Install**
|
|
12
|
+
> 📦 **Install** — [`asap-protocol` on PyPI](https://pypi.org/project/asap-protocol/) (Python) · [`@asap-protocol/client` on npm](https://www.npmjs.com/package/@asap-protocol/client) (TypeScript)
|
|
13
13
|
|
|
14
14
|
🚀 **Live now** our [**agentic marketplace**](https://asap-protocol.com/) — browse agents, register yours, request verification.
|
|
15
15
|
|
|
@@ -38,13 +38,13 @@ Plain HTTP between two agents is enough for the simplest cases. ASAP is built fo
|
|
|
38
38
|
| Schema-first | Pydantic v2 + JSON Schema for cross-agent interchange | [API reference](docs/api-reference.md) |
|
|
39
39
|
| Async-native | `asyncio` + `httpx`; sync and async handlers | [Transport](docs/transport.md) |
|
|
40
40
|
| MCP integration | Tool execution and coordination in one envelope (Mode B) | [MCP integration](docs/mcp-integration.md) |
|
|
41
|
-
| MCP Auth Bridge
|
|
41
|
+
| MCP Auth Bridge | Opt-in Agent JWT + capability grants on native stdio MCP `tools/call` (Mode A) | [MCP Auth Bridge](docs/adapters/mcp-auth-bridge.md) |
|
|
42
42
|
| Observability | `trace_id` and `correlation_id` for debugging | [Observability](docs/observability.md) |
|
|
43
43
|
| Security | OAuth2/JWT, Ed25519 manifests, mTLS, rate limiting | [Security](docs/security.md) |
|
|
44
|
-
| Identity & capabilities
|
|
45
|
-
| Streaming & wire protocol
|
|
46
|
-
| Adoption tools
|
|
47
|
-
| Edge-AI discovery
|
|
44
|
+
| Identity & capabilities | Host/Agent JWTs, constrained grants, approval flows, opt-in WebAuthn | [Capabilities](docs/capabilities/index.md) |
|
|
45
|
+
| Streaming & wire protocol | SSE `/asap/stream`, JSON-RPC batch, `ASAP-Version` negotiation | [Transport](docs/transport.md) |
|
|
46
|
+
| Adoption tools | OpenAPI adapter, `@asap-protocol/client`, auto-registration, escalation | [Migration (v2.2 → v2.3)](docs/migration.md#upgrading-from-v22x-to-v230) |
|
|
47
|
+
| Edge-AI discovery | Hardware/inference manifests, registry mirror, marketplace filters | [ShellClaw guide](docs/guides/shellclaw-registry.md) |
|
|
48
48
|
| Framework adapters (npm) | `@asap-protocol/mastra` and `@asap-protocol/openai-agents` tool bridges | [Mastra](docs/integrations/mastra.md) · [OpenAI Agents](docs/integrations/openai-agents.md) |
|
|
49
49
|
| Economics | Usage metering, delegation tokens, SLA breach alerts | [Audit log](docs/audit.md) |
|
|
50
50
|
|
|
@@ -73,7 +73,7 @@ Or with pip:
|
|
|
73
73
|
pip install asap-protocol
|
|
74
74
|
```
|
|
75
75
|
|
|
76
|
-
**TypeScript** (npm, **`2.4.1`** — unchanged for v2.5.
|
|
76
|
+
**TypeScript** (npm, **`2.4.1`** — unchanged for v2.5.2; `@asap-protocol/mcp-auth` HTTP middleware still deferred):
|
|
77
77
|
|
|
78
78
|
- [`@asap-protocol/client`](https://www.npmjs.com/package/@asap-protocol/client) — [SDK docs](docs/sdks/typescript.md)
|
|
79
79
|
- [`@asap-protocol/mastra`](https://www.npmjs.com/package/@asap-protocol/mastra) — [docs](docs/integrations/mastra.md) · [demo](apps/example-mastra/README.md)
|
|
@@ -85,7 +85,7 @@ npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
|
|
|
85
85
|
npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod
|
|
86
86
|
```
|
|
87
87
|
|
|
88
|
-
**Python v2.5.
|
|
88
|
+
**Python v2.5.2** (security follow-up): `uv add asap-protocol` or `pip install asap-protocol==2.5.2` — see [Migration (v2.5.1 → v2.5.2)](docs/migration.md#upgrading-from-v251).
|
|
89
89
|
|
|
90
90
|
## Quick Start
|
|
91
91
|
|
|
@@ -154,17 +154,18 @@ See [Compliance Testing Guide](https://github.com/adriannoes/asap-protocol/blob/
|
|
|
154
154
|
|
|
155
155
|
```bash
|
|
156
156
|
asap --version # Show version
|
|
157
|
-
asap list-schemas # List
|
|
158
|
-
asap export-schemas # Export
|
|
159
|
-
asap
|
|
157
|
+
asap list-schemas # List JSON schemas
|
|
158
|
+
asap export-schemas # Export schemas to disk
|
|
159
|
+
asap validate-schema payload.json # Validate JSON against a schema
|
|
160
|
+
asap compliance-check --url https://agent.example # Remote Compliance Harness v2
|
|
160
161
|
asap audit export --store memory --format json # Export audit log (stdout)
|
|
161
|
-
asap keys generate -o key.pem #
|
|
162
|
-
asap manifest sign -k key.pem manifest.json # Sign manifest
|
|
163
|
-
asap
|
|
164
|
-
asap
|
|
162
|
+
asap keys generate -o key.pem # Ed25519 keypair
|
|
163
|
+
asap manifest sign -k key.pem manifest.json # Sign agent manifest
|
|
164
|
+
asap delegation create -d <urn> -s read -k key.pem --delegator <urn>
|
|
165
|
+
asap trace <trace-id> --log-file asap.log # Visualize request flow from logs
|
|
165
166
|
```
|
|
166
167
|
|
|
167
|
-
See
|
|
168
|
+
See [docs/cli.md](docs/cli.md) for delegation tokens, schema validation, trace visualization, REPL, and full flag reference. Run `asap --help` for your installed version.
|
|
168
169
|
|
|
169
170
|
## Version History
|
|
170
171
|
|
|
@@ -172,6 +173,7 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
|
|
|
172
173
|
|
|
173
174
|
| Version | What shipped |
|
|
174
175
|
| :-- | :-- |
|
|
176
|
+
| **v2.5.2** | **Security & correctness follow-up** — opt-in operator API auth, `extra="forbid"` ingress, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups (#245–#249), registry signed-manifest/400 fixes. See [CHANGELOG](CHANGELOG.md#252---2026-07-08), [PRD](product/prd/prd-v2.5.2-security-follow-up.md), and [Migration (v2.5.1 → v2.5.2)](docs/migration.md#upgrading-from-v251) |
|
|
175
177
|
| **v2.5.1** | **Code quality patch** — behavior-preserving refactor (transport/server, client, websocket, SQLite storage, auth, integrations) + six correctness/security fixes (atomic `revoke_cascade`, `usage_events` DDL, unified Host-JWT verifier, **WS now enforces OAuth2**, OpenAPI handler cleanup, client `correlation_id` binding). Deprecated import paths removed in v2.6.0. See [CHANGELOG](CHANGELOG.md#251---2026-06-25) and [Migration (v2.5.0 → v2.5.1)](docs/migration.md#upgrading-from-v250-to-v251) |
|
|
176
178
|
| **v2.5.0.1** | **Compliance publish** — **[GitHub Release `v2.5.0.1`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.0.1)** · PyPI **`asap-compliance` 1.3.0** (`mcp-auth-bridge` profile; requires `asap-protocol>=2.5.0`). No `asap-protocol` API change. See [CHANGELOG](CHANGELOG.md#2501---2026-06-24) |
|
|
177
179
|
| **v2.5.0** | **MCP Auth Bridge** — **[GitHub Release `v2.5.0`](https://github.com/adriannoes/asap-protocol/releases/tag/v2.5.0)** · opt-in `protect_server` for stdio MCP; Agent JWT + capability grants; reference example `examples/mcp_auth_bridge/`. See [CHANGELOG](CHANGELOG.md#250---2026-06-24) and [Migration (v2.4.1 → v2.5.0)](docs/migration.md#upgrading-from-v241-to-v250) |
|
|
@@ -190,7 +192,14 @@ High-level only — see **[Changelog](https://github.com/adriannoes/asap-protoco
|
|
|
190
192
|
|
|
191
193
|
## 🔭 What's Next?
|
|
192
194
|
|
|
193
|
-
|
|
195
|
+
The [agentic marketplace](https://asap-protocol.com/) and Lite Registry are live. The **v2.5.x train** focuses on interop and adoption:
|
|
196
|
+
|
|
197
|
+
- **v2.5.3** — enterprise/workflow adapter spikes (Adapter Lab II)
|
|
198
|
+
- **v2.5.4** — distribution loop (homepage templates, starter kits, adoption metrics)
|
|
199
|
+
- **`@asap-protocol/mcp-auth`** (npm) — HTTP/SSE MCP middleware
|
|
200
|
+
- **Formal spec track** (v2.5.5) — introspection, privacy, cross-protocol interop on the path to v3.0 economy
|
|
201
|
+
|
|
202
|
+
See the [v2.5 roadmap PRD](https://github.com/adriannoes/asap-protocol/blob/main/product/prd/prd-v2.5-roadmap.md) and [ADR index](https://github.com/adriannoes/asap-protocol/blob/main/product/decision-records/README.md).
|
|
194
203
|
|
|
195
204
|
## Contributing
|
|
196
205
|
|
|
@@ -218,4 +227,4 @@ This project is licensed under the Apache 2.0 License - see the [license](https:
|
|
|
218
227
|
|
|
219
228
|
---
|
|
220
229
|
|
|
221
|
-
**Built with [Cursor](https://cursor.com/)
|
|
230
|
+
**Built with [Cursor](https://cursor.com/)**, with Composer, Opus, Gemini, Kimi and more.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[project]
|
|
2
2
|
name = "asap-protocol"
|
|
3
|
-
version = "2.5.
|
|
3
|
+
version = "2.5.2"
|
|
4
4
|
description = "Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication"
|
|
5
5
|
authors = [
|
|
6
6
|
{name = "ASAP Protocol Contributors"}
|
|
@@ -30,7 +30,7 @@ dependencies = [
|
|
|
30
30
|
"fastapi>=0.136.1",
|
|
31
31
|
"httpx[http2]>=0.28.1",
|
|
32
32
|
"authlib>=1.6.12,<2",
|
|
33
|
-
"joserfc>=1.6.
|
|
33
|
+
"joserfc>=1.6.7,<2",
|
|
34
34
|
"uvicorn>=0.34",
|
|
35
35
|
"python-ulid>=3.0",
|
|
36
36
|
"packaging>=25.0",
|
|
@@ -60,12 +60,16 @@ dev = [
|
|
|
60
60
|
"types-jsonschema>=4.0.0",
|
|
61
61
|
"ruff>=0.14.14",
|
|
62
62
|
"pip-audit>=2.7",
|
|
63
|
+
"fakeredis>=2.26.0",
|
|
63
64
|
]
|
|
64
65
|
docs = [
|
|
65
66
|
"ghp-import>=2.1.0",
|
|
66
67
|
"mkdocs-material>=9.5",
|
|
67
68
|
"mkdocstrings[python]>=0.27",
|
|
68
69
|
"pymdown-extensions>=10.21.3",
|
|
70
|
+
"joserfc>=1.6.7,<2",
|
|
71
|
+
"python-engineio>=4.13.2",
|
|
72
|
+
"python-socketio>=5.16.2",
|
|
69
73
|
]
|
|
70
74
|
dns-sd = [
|
|
71
75
|
"zeroconf>=0.149.5",
|
|
@@ -76,7 +80,7 @@ redis = [
|
|
|
76
80
|
]
|
|
77
81
|
# Optional WebAuthn (real attestation/assertion when extra installed).
|
|
78
82
|
webauthn = [
|
|
79
|
-
"webauthn>=2.6,<
|
|
83
|
+
"webauthn>=2.6,<4",
|
|
80
84
|
]
|
|
81
85
|
# Framework integrations (Sprint E3 — PKG-003).
|
|
82
86
|
mcp = [
|
|
@@ -138,6 +142,9 @@ Issues = "https://github.com/adriannoes/asap-protocol/issues"
|
|
|
138
142
|
# - idna>=3.15 for CVE-2026-45409 (DoS in idna.encode; transitive via httpx/requests)
|
|
139
143
|
# - markdown>=3.10.2 for PYSEC-2026-89 (DoS in html.parser during Markdown parse; mkdocs stack)
|
|
140
144
|
# - pymdown-extensions>=10.21.3 for CVE-2026-46338 (snippets base_path prefix bypass; mkdocs stack)
|
|
145
|
+
# - joserfc>=1.6.7 for CVE-2026-48990 (JWT/JWS primitives; direct + override)
|
|
146
|
+
# - python-engineio>=4.13.2 for CVE-2026-48802 / CVE-2026-48809 (transitive, locust stack)
|
|
147
|
+
# - python-socketio>=5.16.2 for CVE-2026-48804 (transitive, locust stack)
|
|
141
148
|
[tool.uv]
|
|
142
149
|
override-dependencies = [
|
|
143
150
|
"aiohttp>=3.14.0,<4",
|
|
@@ -162,6 +169,9 @@ override-dependencies = [
|
|
|
162
169
|
"pymdown-extensions>=10.21.3",
|
|
163
170
|
"pydantic-settings>=2.14.2",
|
|
164
171
|
"msgpack>=1.2.1",
|
|
172
|
+
"joserfc>=1.6.7,<2",
|
|
173
|
+
"python-engineio>=4.13.2",
|
|
174
|
+
"python-socketio>=5.16.2",
|
|
165
175
|
]
|
|
166
176
|
|
|
167
177
|
[project.scripts]
|