Skip to content

adriannoes/asap-protocol

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,655 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

ASAP: Async Simple Agent Protocol

✨ From agents, for agents. Delivering reliability, as soon as possible.

ASAP Protocol Banner

A production-ready protocol for agent-to-agent communication and task coordination.

Quick Info: v2.5.4 · PyPI asap-protocol | Apache 2.0 | Python 3.13+ | Documentation | Changelog

📦 Installasap-protocol 2.5.4 on PyPI (Python) · @asap-protocol/client on npm (TypeScript)

🚀 Live now our agentic marketplace — browse agents, register yours, request verification.

Why ASAP?

Multi-agent systems hit three walls that point-to-point agent protocols often leave open:

  1. Connection sprawl — pairwise HTTP does not scale as orchestrators fan out.
  2. State drift — long workflows stall without durable task state and resumability.
  3. Fragmentation — delegation, artifacts, and MCP tool calls end up in incompatible layers.

ASAP answers with a schema-first protocol and reference SDKs in Python and TypeScript:

  • Resumable orchestration — task state machine, snapshot store, SSE streaming, and built-in trace_id / correlation_id.
  • One typed envelope — tasks, MCP tool execution, and artifact exchange on the same JSON Schema contract.
  • Production trust — Ed25519 signed manifests, Host/Agent JWTs, constrained capabilities, OAuth2, opt-in WebAuthn — plus the MCP Auth Bridge (v2.5.0) for scoped native tools/call.
  • Ecosystem-readyagentic marketplace, Lite Registry, edge-AI discovery, OpenAPI import, and framework adapters (Python & npm).

Plain HTTP between two agents is enough for the simplest cases. ASAP is built for multi-agent orchestration, stateful workflows, and governed capability access in production — see documentation and the feature table below.

Key Features

Area Highlights Docs
Stateful orchestration Task state machine, snapshotting, resumable workflows State management
Schema-first Pydantic v2 + JSON Schema for cross-agent interchange API reference
Async-native asyncio + httpx; sync and async handlers Transport
MCP integration Tool execution and coordination in one envelope (Mode B) MCP integration
MCP Auth Bridge Opt-in Agent JWT + capability grants on native stdio MCP tools/call (Mode A) MCP Auth Bridge
Observability trace_id and correlation_id for debugging Observability
Security OAuth2/JWT, Ed25519 manifests, mTLS, rate limiting Security
Identity & capabilities Host/Agent JWTs, constrained grants, approval flows, opt-in WebAuthn Capabilities
Streaming & wire protocol SSE /asap/stream, JSON-RPC batch, ASAP-Version negotiation Transport
Adoption tools OpenAPI adapter, @asap-protocol/client, auto-registration, escalation Migration (v2.2 → v2.3)
Edge-AI discovery Hardware/inference manifests, registry mirror, marketplace filters ShellClaw guide
Framework adapters (npm) @asap-protocol/mastra and @asap-protocol/openai-agents tool bridges Mastra · OpenAI Agents
Economics Usage metering, delegation tokens, SLA breach alerts Audit log

Full overview and upgrade paths: docs/index.md.

Framework Ecosystem

ASAP meets agents where they run — optional Python extras, npm tool bridges, and protocol-native MCP.

Runtime Integrations Docs
Python LangChain, CrewAI, LlamaIndex, PydanticAI, SmolAgents, OpenClaw (pip install "asap-protocol[extra]"); Vercel AI SDK router; MCP; MCP Auth Bridge; A2H; OpenAPI workflow connectors (Lab II) OpenClaw · Vercel AI SDK · MCP · MCP Auth Bridge · Workflow connectors · NeMo Agent Toolkit (experimental)
TypeScript (npm) @asap-protocol/client (Vercel AI / OpenAI / Anthropic adapters), @asap-protocol/mastra, @asap-protocol/openai-agents TypeScript SDK · Mastra · OpenAI Agents · Microsoft Agent Framework (research)

Installation

We recommend using uv for dependency management:

uv add asap-protocol  # latest on PyPI (currently 2.5.4)

Or with pip:

pip install asap-protocol==2.5.4

TypeScript (npm, 2.4.1 — unchanged for v2.5.4; @asap-protocol/mcp-auth HTTP middleware still deferred):

npm install @asap-protocol/client@2.4.1
npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod

Python v2.5.4 (Distribution Loop) is shipped — see Migration (v2.5.3 → v2.5.4). Start here: Build for agents · starters.

Quick Start

Run the demo (echo agent + coordinator in one command):

uv run python -m asap.examples.run_demo

Build your first agent here — server setup, client code, step-by-step (~15 min).

19 examples: orchestration, state migration, MCP, OAuth2, WebSocket, resilience.

Testing

uv run pytest -n auto --tb=short

With coverage (separate run — do not combine with -n auto):

uv run pytest --tb=short --cov=asap --cov-report=term-missing --cov-fail-under=85

Testing Guide (structure, fixtures, property/load/chaos tests). Contributing (dev setup, CI).

Compliance Harness

Validate that your agent follows the ASAP protocol:

uv add "asap-compliance>=1.3.0"
pytest --asap-agent-url https://your-agent.example.com -m asap_compliance

For MCP Auth Bridge stdio gates (mcp-auth-bridge profile), use asap-compliance 1.3.0+ with asap-protocol 2.5.0+ — published on PyPI via tag v2.5.0.1.

See Compliance Testing Guide for handshake, schema and state machine validation.

Documentation

Learn

Deep Dive

Decisions & Operations

Release

  • Changelog | PyPI listinghttps://pypi.org/project/asap-protocol/ (install: pip install asap-protocol)

CLI

asap --version                                    # Show version
asap list-schemas                                 # List JSON schemas
asap export-schemas                               # Export schemas to disk
asap validate-schema payload.json                 # Validate JSON against a schema
asap compliance-check --url https://agent.example # Remote Compliance Harness v2
asap audit export --store memory --format json    # Export audit log (stdout)
asap keys generate -o key.pem                     # Ed25519 keypair
asap manifest sign -k key.pem manifest.json       # Sign agent manifest
asap delegation create -d <urn> -s read -k key.pem --delegator <urn>
asap trace <trace-id> --log-file asap.log         # Visualize request flow from logs

See docs/cli.md for delegation tokens, schema validation, trace visualization, REPL, and full flag reference. Run asap --help for your installed version.

Version History

High-level only — see Changelog and the docs index for full notes.

Version What shipped
v2.5.4 Distribution LoopGitHub Release v2.5.4 · thin starters (examples/starters/), Build for agents, homepage agent-first CTAs, telemetry ops (no public metrics UI). See CHANGELOG, PRD, and Migration (v2.5.3 → v2.5.4)
v2.5.3 Adapter Lab IIGitHub Release v2.5.3 · workflow OpenAPI connectors + security guide, experimental MAF / NeMo guides, JSON-safe -32602, MCP example client DX. See CHANGELOG, PRD, and Migration (v2.5.2 → v2.5.3)
v2.5.2 Security & correctness follow-up — opt-in operator API auth, extra="forbid" ingress, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups (#245–#249), registry signed-manifest/400 fixes. See CHANGELOG, PRD, and Migration (v2.5.1 → v2.5.2)
v2.5.1 Code quality patch — behavior-preserving refactor (transport/server, client, websocket, SQLite storage, auth, integrations) + six correctness/security fixes (atomic revoke_cascade, usage_events DDL, unified Host-JWT verifier, WS now enforces OAuth2, OpenAPI handler cleanup, client correlation_id binding). Deprecated import paths removed in v2.6.0. See CHANGELOG and Migration (v2.5.0 → v2.5.1)
v2.5.0.1 Compliance publishGitHub Release v2.5.0.1 · PyPI asap-compliance 1.3.0 (mcp-auth-bridge profile; requires asap-protocol>=2.5.0). No asap-protocol API change. See CHANGELOG
v2.5.0 MCP Auth BridgeGitHub Release v2.5.0 · opt-in protect_server for stdio MCP; Agent JWT + capability grants; reference example examples/mcp_auth_bridge/. See CHANGELOG and Migration (v2.4.1 → v2.5.0)
v2.4.1 Security hardening — OAuth2 iss/aud, fail-closed identity binding, web SSRF/redirect fixes, dependency bumps. See CHANGELOG and Migration (v2.4.0 → v2.4.1)
v2.4.0 Edge-AI discovery — optional hardware / inference manifest fields, registry mirror, marketplace filters, @asap-protocol/client@2.4.0, ShellClaw onboarding docs. See CHANGELOG and Migration (v2.3.x → v2.4.0)
v2.3.1 npm TS patchGitHub Release v2.3.1 · @asap-protocol/mastra, @asap-protocol/openai-agents, @asap-protocol/client@2.3.1 (additive adapter exports). Python 2.3.0 unchanged. See CHANGELOG and Migration (v2.3.0 → v2.3.1)
v2.3.0 OpenAPI Adapter ([openapi]) · TypeScript client (@asap-protocol/client) · Auto-Registration · Capability escalation · ASAP HTTP challenge — see CHANGELOG and Migration
v2.2.1 Opt-in WebAuthn (asap-protocol[webauthn]) · asap compliance-check & asap audit export · stricter ResolvedAgent.run() · AuditChainBroken · pinned security deps
v2.2 Per-runtime identity & capability auth · SSE POST /asap/stream · ASAP-Version · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2
v2.1.1 Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening
v2.1 MarketClient · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX
v2.0 Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow
v1.3 asap delegation create / revoke
v1.2 Ed25519 manifests · trust levels · optional mTLS · Compliance Harness
v1.1 OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks

🔭 What's Next?

The agentic marketplace and Lite Registry are live. The v2.5.x train focuses on interop and adoption:

  • v2.5.5 — Formal Spec & Interop (RFC, introspection, privacy)
  • @asap-protocol/mcp-auth (npm) — HTTP/SSE MCP middleware
  • Formal spec track (v2.5.5) — introspection, privacy, cross-protocol interop on the path to v3.0 economy

See the v2.5 roadmap PRD and ADR index.

Contributing

Community feedback and contributions are essential for ASAP Protocol's evolution. We're working on improvements and your input helps shape the future of the protocol.

Every contribution, from bug reports to feature suggestions, documentation improvements and code contributions, makes a real difference.

Check out our contributing guidelines to get started. It's easier than you think! 🚀

Contact

Channel Use for
GitHub Discussions or Issues Public questions, bugs, and feature ideas
info@asap-protocol.com Private coordination — protocol, marketplace, partnerships, press
SECURITY.md Security vulnerabilities only — do not use email or public issues

Privacy

See PRIVACY.md for how the public site and maintainer telemetry use aggregate metrics (including Vercel Web Analytics) without collecting agent IDs or end-user PII in repository outputs.

License

This project is licensed under the Apache 2.0 License - see the license file for details.


Built with Cursor, with Composer, Opus, Gemini, Kimi and more.

About

Protocol for agent-to-agent communication with stateful orchestration, MCP-compatible and a public marketplace to discover and register agents.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

14 stars

Watchers

0 watching

Forks

Contributors