Skip to main content

Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication

Project description

ASAP: Async Simple Agent Protocol

✨ From agents, for agents. Delivering reliability, as soon as possible.

ASAP Protocol Banner

A production-ready protocol for agent-to-agent communication and task coordination.

Quick Info: v2.5.2 | Apache 2.0 | Python 3.13+ | Documentation | Changelog

📦 Installasap-protocol on PyPI (Python) · @asap-protocol/client on npm (TypeScript)

🚀 Live now our agentic marketplace — browse agents, register yours, request verification.

Why ASAP?

Multi-agent systems hit three walls that point-to-point agent protocols often leave open:

  1. Connection sprawl — pairwise HTTP does not scale as orchestrators fan out.
  2. State drift — long workflows stall without durable task state and resumability.
  3. Fragmentation — delegation, artifacts, and MCP tool calls end up in incompatible layers.

ASAP answers with a schema-first protocol and reference SDKs in Python and TypeScript:

  • Resumable orchestration — task state machine, snapshot store, SSE streaming, and built-in trace_id / correlation_id.
  • One typed envelope — tasks, MCP tool execution, and artifact exchange on the same JSON Schema contract.
  • Production trust — Ed25519 signed manifests, Host/Agent JWTs, constrained capabilities, OAuth2, opt-in WebAuthn — plus the MCP Auth Bridge (v2.5.0) for scoped native tools/call.
  • Ecosystem-readyagentic marketplace, Lite Registry, edge-AI discovery, OpenAPI import, and framework adapters (Python & npm).

Plain HTTP between two agents is enough for the simplest cases. ASAP is built for multi-agent orchestration, stateful workflows, and governed capability access in production — see documentation and the feature table below.

Key Features

Area Highlights Docs
Stateful orchestration Task state machine, snapshotting, resumable workflows State management
Schema-first Pydantic v2 + JSON Schema for cross-agent interchange API reference
Async-native asyncio + httpx; sync and async handlers Transport
MCP integration Tool execution and coordination in one envelope (Mode B) MCP integration
MCP Auth Bridge Opt-in Agent JWT + capability grants on native stdio MCP tools/call (Mode A) MCP Auth Bridge
Observability trace_id and correlation_id for debugging Observability
Security OAuth2/JWT, Ed25519 manifests, mTLS, rate limiting Security
Identity & capabilities Host/Agent JWTs, constrained grants, approval flows, opt-in WebAuthn Capabilities
Streaming & wire protocol SSE /asap/stream, JSON-RPC batch, ASAP-Version negotiation Transport
Adoption tools OpenAPI adapter, @asap-protocol/client, auto-registration, escalation Migration (v2.2 → v2.3)
Edge-AI discovery Hardware/inference manifests, registry mirror, marketplace filters ShellClaw guide
Framework adapters (npm) @asap-protocol/mastra and @asap-protocol/openai-agents tool bridges Mastra · OpenAI Agents
Economics Usage metering, delegation tokens, SLA breach alerts Audit log

Full overview and upgrade paths: docs/index.md.

Framework Ecosystem

ASAP meets agents where they run — optional Python extras, npm tool bridges, and protocol-native MCP.

Runtime Integrations Docs
Python LangChain, CrewAI, LlamaIndex, PydanticAI, SmolAgents, OpenClaw (pip install "asap-protocol[extra]"); Vercel AI SDK router; MCP; MCP Auth Bridge; A2H OpenClaw · Vercel AI SDK · MCP · MCP Auth Bridge
TypeScript (npm) @asap-protocol/client (Vercel AI / OpenAI / Anthropic adapters), @asap-protocol/mastra, @asap-protocol/openai-agents TypeScript SDK · Mastra · OpenAI Agents

Installation

We recommend using uv for dependency management:

uv add asap-protocol

Or with pip:

pip install asap-protocol

TypeScript (npm, 2.4.1 — unchanged for v2.5.2; @asap-protocol/mcp-auth HTTP middleware still deferred):

npm install @asap-protocol/client@2.4.1
npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod

Python v2.5.2 (security follow-up): uv add asap-protocol or pip install asap-protocol==2.5.2 — see Migration (v2.5.1 → v2.5.2).

Quick Start

Run the demo (echo agent + coordinator in one command):

uv run python -m asap.examples.run_demo

Build your first agent here — server setup, client code, step-by-step (~15 min).

19 examples: orchestration, state migration, MCP, OAuth2, WebSocket, resilience.

Testing

uv run pytest -n auto --tb=short

With coverage (separate run — do not combine with -n auto):

uv run pytest --tb=short --cov=asap --cov-report=term-missing --cov-fail-under=85

Testing Guide (structure, fixtures, property/load/chaos tests). Contributing (dev setup, CI).

Compliance Harness

Validate that your agent follows the ASAP protocol:

uv add "asap-compliance>=1.3.0"
pytest --asap-agent-url https://your-agent.example.com -m asap_compliance

For MCP Auth Bridge stdio gates (mcp-auth-bridge profile), use asap-compliance 1.3.0+ with asap-protocol 2.5.0+ — published on PyPI via tag v2.5.0.1.

See Compliance Testing Guide for handshake, schema and state machine validation.

Documentation

Learn

Deep Dive

Decisions & Operations

Release

  • Changelog | PyPI listinghttps://pypi.org/project/asap-protocol/ (install: pip install asap-protocol)

CLI

asap --version                                    # Show version
asap list-schemas                                 # List JSON schemas
asap export-schemas                               # Export schemas to disk
asap validate-schema payload.json                 # Validate JSON against a schema
asap compliance-check --url https://agent.example # Remote Compliance Harness v2
asap audit export --store memory --format json    # Export audit log (stdout)
asap keys generate -o key.pem                     # Ed25519 keypair
asap manifest sign -k key.pem manifest.json       # Sign agent manifest
asap delegation create -d <urn> -s read -k key.pem --delegator <urn>
asap trace <trace-id> --log-file asap.log         # Visualize request flow from logs

See docs/cli.md for delegation tokens, schema validation, trace visualization, REPL, and full flag reference. Run asap --help for your installed version.

Version History

High-level only — see Changelog and the docs index for full notes.

Version What shipped
v2.5.2 Security & correctness follow-up — opt-in operator API auth, extra="forbid" ingress, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups (#245–#249), registry signed-manifest/400 fixes. See CHANGELOG, PRD, and Migration (v2.5.1 → v2.5.2)
v2.5.1 Code quality patch — behavior-preserving refactor (transport/server, client, websocket, SQLite storage, auth, integrations) + six correctness/security fixes (atomic revoke_cascade, usage_events DDL, unified Host-JWT verifier, WS now enforces OAuth2, OpenAPI handler cleanup, client correlation_id binding). Deprecated import paths removed in v2.6.0. See CHANGELOG and Migration (v2.5.0 → v2.5.1)
v2.5.0.1 Compliance publishGitHub Release v2.5.0.1 · PyPI asap-compliance 1.3.0 (mcp-auth-bridge profile; requires asap-protocol>=2.5.0). No asap-protocol API change. See CHANGELOG
v2.5.0 MCP Auth BridgeGitHub Release v2.5.0 · opt-in protect_server for stdio MCP; Agent JWT + capability grants; reference example examples/mcp_auth_bridge/. See CHANGELOG and Migration (v2.4.1 → v2.5.0)
v2.4.1 Security hardening — OAuth2 iss/aud, fail-closed identity binding, web SSRF/redirect fixes, dependency bumps. See CHANGELOG and Migration (v2.4.0 → v2.4.1)
v2.4.0 Edge-AI discovery — optional hardware / inference manifest fields, registry mirror, marketplace filters, @asap-protocol/client@2.4.0, ShellClaw onboarding docs. See CHANGELOG and Migration (v2.3.x → v2.4.0)
v2.3.1 npm TS patchGitHub Release v2.3.1 · @asap-protocol/mastra, @asap-protocol/openai-agents, @asap-protocol/client@2.3.1 (additive adapter exports). Python 2.3.0 unchanged. See CHANGELOG and Migration (v2.3.0 → v2.3.1)
v2.3.0 OpenAPI Adapter ([openapi]) · TypeScript client (@asap-protocol/client) · Auto-Registration · Capability escalation · ASAP HTTP challenge — see CHANGELOG and Migration
v2.2.1 Opt-in WebAuthn (asap-protocol[webauthn]) · asap compliance-check & asap audit export · stricter ResolvedAgent.run() · AuditChainBroken · pinned security deps
v2.2 Per-runtime identity & capability auth · SSE POST /asap/stream · ASAP-Version · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2
v2.1.1 Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening
v2.1 MarketClient · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX
v2.0 Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow
v1.3 asap delegation create / revoke
v1.2 Ed25519 manifests · trust levels · optional mTLS · Compliance Harness
v1.1 OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks

🔭 What's Next?

The agentic marketplace and Lite Registry are live. The v2.5.x train focuses on interop and adoption:

  • v2.5.3 — enterprise/workflow adapter spikes (Adapter Lab II)
  • v2.5.4 — distribution loop (homepage templates, starter kits, adoption metrics)
  • @asap-protocol/mcp-auth (npm) — HTTP/SSE MCP middleware
  • Formal spec track (v2.5.5) — introspection, privacy, cross-protocol interop on the path to v3.0 economy

See the v2.5 roadmap PRD and ADR index.

Contributing

Community feedback and contributions are essential for ASAP Protocol's evolution. We're working on improvements and your input helps shape the future of the protocol.

Every contribution, from bug reports to feature suggestions, documentation improvements and code contributions, makes a real difference.

Check out our contributing guidelines to get started. It's easier than you think! 🚀

Contact

Channel Use for
GitHub Discussions or Issues Public questions, bugs, and feature ideas
info@asap-protocol.com Private coordination — protocol, marketplace, partnerships, press
SECURITY.md Security vulnerabilities only — do not use email or public issues

Privacy

See PRIVACY.md for how the public site and maintainer telemetry use aggregate metrics (including Vercel Web Analytics) without collecting agent IDs or end-user PII in repository outputs.

License

This project is licensed under the Apache 2.0 License - see the license file for details.


Built with Cursor, with Composer, Opus, Gemini, Kimi and more.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

asap_protocol-2.5.2.tar.gz (407.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

asap_protocol-2.5.2-py3-none-any.whl (473.2 kB view details)

Uploaded Python 3

File details

Details for the file asap_protocol-2.5.2.tar.gz.

File metadata

  • Download URL: asap_protocol-2.5.2.tar.gz
  • Upload date:
  • Size: 407.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for asap_protocol-2.5.2.tar.gz
Algorithm Hash digest
SHA256 beab648da00adb059f54068b7df894dac65e1bebd340136c96983e50848b7533
MD5 15c74a259be9c40cbe73a06155195230
BLAKE2b-256 fb4ac49b163f2b0f19039e3a1721eb64508b54a9c57bd28349723dab9d337670

See more details on using hashes here.

File details

Details for the file asap_protocol-2.5.2-py3-none-any.whl.

File metadata

  • Download URL: asap_protocol-2.5.2-py3-none-any.whl
  • Upload date:
  • Size: 473.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for asap_protocol-2.5.2-py3-none-any.whl
Algorithm Hash digest
SHA256 3fed30da98be318ce7336f366ae65e170e3e852d3465ec5dc29ac1e14f31d13e
MD5 d5e514e8792e6baa8349e2ad492608f2
BLAKE2b-256 2bcc126199e7ea0e0947f548f5a3c8b963ca0915b084cfefc75f2db5a5a32dda

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page