asap-protocol 2.3.0

Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication

ASAP: Async Simple Agent Protocol

✨ From agents, for agents. Delivering reliability, as soon as possible.

A production-ready protocol for agent-to-agent communication and task coordination.

Quick Info: v2.3.0 | Apache 2.0 | Python 3.13+ | Documentation | PyPI asap-protocol | npm @asap-protocol/client | Changelog

📦 Install the ASAP Python SDK / protocol from https://pypi.org/project/asap-protocol/ — package name asap-protocol on PyPI.

🚀 Live now our agentic marketplace — browse agents, register yours, request verification.

Why ASAP?

Building multi-agent systems today suffers from three core technical challenges that existing protocols like A2A don't fully address:

1. $N^2$ Connection Complexity: Most protocols assume static point-to-point HTTP connections that don't scale.
2. State Drift: Lack of native persistence makes it impossible to reliably resume long-running agentic workflows.
3. Fragmentation: No unified way to handle task delegation, artifact exchange and tool execution (MCP) in a single envelope.

ASAP provides a production-ready communication layer that simplifies these complexities. It's ideal for multi-agent orchestration, stateful workflows (persistence, resumability), MCP support and production systems requiring high-performance, type-safe agent communication.

For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the documentation for the current protocol overview and features.

Key Features

• Stateful orchestration — Task state machine with snapshotting for resumable workflows.
• Schema-first — Pydantic v2 + JSON Schema for cross-agent interoperability.
• Async-native — asyncio + httpx; sync and async handlers supported.
• MCP integration — Tool execution and coordination in a single envelope.
• Observable — trace_id and correlation_id for debugging.
• Security — Bearer auth, OAuth2/JWT, Ed25519 signed manifests, optional mTLS, replay prevention, HTTPS, rate limiting. Security Model (trust limits, Custom Claims).
• Identity & capabilities (v2.2, WebAuthn real in v2.2.1) — Per-runtime Host/Agent JWTs, capability grants with constraints (max, min, in, not_in), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via asap-protocol[webauthn]).
• Streaming & wire protocol (v2.2) — POST /asap/stream (SSE / TaskStream), JSON-RPC 2.0 batch on POST /asap, ASAP-Version negotiation, tamper-evident audit logging, Compliance Harness v2.
• Adoption Multiplier (v2.3.0) — OpenAPI → ASAP via create_from_openapi ([openapi] extra), official @asap-protocol/client on npm (Vercel AI / OpenAI / Anthropic adapters), optional Auto-Registration (POST /registry/agents), capability escalation, and ASAP WWW-Authenticate discovery challenges. All opt-in; wire protocol unchanged. See docs/index.md and docs/migration.md.
• Economics — Usage metering, delegation tokens, SLA framework with breach alerts.

🆕 Framework Ecosystem

ASAP is built for interoperability. Seamlessly integrate your agents into OpenClaw, LangChain, CrewAI and LlamaIndex workflows using our growing library of native adapters and standardized tool-calling schemas.

Installation

We recommend using uv for dependency management:

uv add asap-protocol

Or with pip:

pip install asap-protocol

npm (TypeScript / JavaScript — @asap-protocol/client, aligned with protocol v2.3.0):

npm install @asap-protocol/client

📦 Canonical listing: https://pypi.org/project/asap-protocol/ — package asap-protocol (pip install asap-protocol). Prefer uv for reproducible environments when possible.

Quick Start

Run the demo (echo agent + coordinator in one command):

uv run python -m asap.examples.run_demo

Build your first agent here — server setup, client code, step-by-step (~15 min).

19 examples: orchestration, state migration, MCP, OAuth2, WebSocket, resilience.

Testing

uv run pytest -n auto --tb=short

With coverage:

uv run pytest --cov=src --cov-report=term-missing

Testing Guide (structure, fixtures, property/load/chaos tests). Contributing (dev setup, CI).

Compliance Harness

Validate that your agent follows the ASAP protocol:

uv add asap-compliance
pytest --asap-agent-url https://your-agent.example.com -m asap_compliance

See Compliance Testing Guide for handshake, schema and state machine validation.

Documentation

Learn

• Docs | API Reference
• TypeScript client SDK — @asap-protocol/client (identity, capabilities, streaming, adapters)
• Tutorials — First agent to production checklist
• Migration from A2A/MCP
• Raw Fetch (non-Python) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.

Deep Dive

• State Management | Best Practices: Failover & Migration | Error Handling
• Transport | Security | Security Model (OAuth2 trust, Custom Claims)
• Identity Signing | Compliance Testing | Migration v1.1 to v1.2 | mTLS
• Observability | Testing

Decisions & Operations

• ADRs — 19 Architecture Decision Records
• Tech Stack — Rationale for Python, Pydantic, Next.js choices
• Deployment | Troubleshooting

Release

• Changelog | PyPI listing — https://pypi.org/project/asap-protocol/ (install: pip install asap-protocol)

CLI

asap --version                                    # Show version
asap list-schemas                                 # List all available schemas
asap export-schemas                               # Export JSON schemas to file
asap compliance-check --url https://agent.example # Compliance Harness v2 (HTTP(S))
asap audit export --store memory --format json    # Export audit log (stdout)
asap keys generate -o key.pem                     # Generate Ed25519 keypair
asap manifest sign -k key.pem manifest.json       # Sign manifest
asap manifest verify signed.json                  # Verify signature
asap manifest info signed.json                    # Show trust level

See the CLI reference for compliance-check and audit export flag details, the CI compliance gate for wiring compliance-check into GitHub Actions, the audit export guide, Identity Signing, or run asap --help for the full command surface.

Version History

High-level only — see Changelog and the docs index for full notes.

Version	What shipped
v2.3.0	OpenAPI Adapter ([openapi]) · TypeScript client (@asap-protocol/client) · Auto-Registration · Capability escalation · ASAP HTTP challenge — see CHANGELOG and Migration
v2.2.1	Opt-in WebAuthn (asap-protocol[webauthn]) · asap compliance-check & asap audit export · stricter ResolvedAgent.run() · AuditChainBroken · pinned security deps
v2.2	Per-runtime identity & capability auth · SSE POST /asap/stream · ASAP-Version · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2
v2.1.1	Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening
v2.1	MarketClient · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX
v2.0	Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow
v1.3	asap delegation create / revoke
v1.2	Ed25519 manifests · trust levels · optional mTLS · Compliance Harness
v1.1	OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks

🔭 What's Next?

ASAP is evolving toward an Agent Marketplace — an open ecosystem where AI agents discover, trust and collaborate autonomously. See the ADR index and v2.0 roadmap PRD. Detailed long-term strategy narratives are maintained privately (not shipped in this repository).

Contributing

Community feedback and contributions are essential for ASAP Protocol's evolution. We're working on improvements and your input helps shape the future of the protocol.

Every contribution, from bug reports to feature suggestions, documentation improvements and code contributions, makes a real difference.

Check out our contributing guidelines to get started. It's easier than you think! 🚀

Contact

For general questions about the protocol, the marketplace, partnerships, or press (not security vulnerabilities — use SECURITY.md for those):

• Email: info@asap-protocol.com

You can also use GitHub Discussions or Issues for public project topics.

License

This project is licensed under the Apache 2.0 License - see the license file for details.

---

Built with Cursor using Opus 4.6/4.7, Composer 1.5/2.0, Gemini 3.1 Pro and Kimi K2.5.