Async Simple Agent Protocol - A streamlined protocol for agent-to-agent communication
Project description
ASAP: Async Simple Agent Protocol
✨ From agents, for agents. Delivering reliability, as soon as possible.
A production-ready protocol for agent-to-agent communication and task coordination.
Quick Info: v2.5.3 (merged · pending tag/publish) · PyPI v2.5.2 | Apache 2.0 | Python 3.13+ | Documentation | Changelog
📦 Install —
asap-protocol2.5.2 on PyPI (Python; 2.5.3 merged tomain, pending tag/publish) ·@asap-protocol/clienton npm (TypeScript)
🚀 Live now our agentic marketplace — browse agents, register yours, request verification.
Why ASAP?
Multi-agent systems hit three walls that point-to-point agent protocols often leave open:
- Connection sprawl — pairwise HTTP does not scale as orchestrators fan out.
- State drift — long workflows stall without durable task state and resumability.
- Fragmentation — delegation, artifacts, and MCP tool calls end up in incompatible layers.
ASAP answers with a schema-first protocol and reference SDKs in Python and TypeScript:
- Resumable orchestration — task state machine, snapshot store, SSE streaming, and built-in
trace_id/correlation_id. - One typed envelope — tasks, MCP tool execution, and artifact exchange on the same JSON Schema contract.
- Production trust — Ed25519 signed manifests, Host/Agent JWTs, constrained capabilities, OAuth2, opt-in WebAuthn — plus the MCP Auth Bridge (v2.5.0) for scoped native
tools/call. - Ecosystem-ready — agentic marketplace, Lite Registry, edge-AI discovery, OpenAPI import, and framework adapters (Python & npm).
Plain HTTP between two agents is enough for the simplest cases. ASAP is built for multi-agent orchestration, stateful workflows, and governed capability access in production — see documentation and the feature table below.
Key Features
| Area | Highlights | Docs |
|---|---|---|
| Stateful orchestration | Task state machine, snapshotting, resumable workflows | State management |
| Schema-first | Pydantic v2 + JSON Schema for cross-agent interchange | API reference |
| Async-native | asyncio + httpx; sync and async handlers |
Transport |
| MCP integration | Tool execution and coordination in one envelope (Mode B) | MCP integration |
| MCP Auth Bridge | Opt-in Agent JWT + capability grants on native stdio MCP tools/call (Mode A) |
MCP Auth Bridge |
| Observability | trace_id and correlation_id for debugging |
Observability |
| Security | OAuth2/JWT, Ed25519 manifests, mTLS, rate limiting | Security |
| Identity & capabilities | Host/Agent JWTs, constrained grants, approval flows, opt-in WebAuthn | Capabilities |
| Streaming & wire protocol | SSE /asap/stream, JSON-RPC batch, ASAP-Version negotiation |
Transport |
| Adoption tools | OpenAPI adapter, @asap-protocol/client, auto-registration, escalation |
Migration (v2.2 → v2.3) |
| Edge-AI discovery | Hardware/inference manifests, registry mirror, marketplace filters | ShellClaw guide |
| Framework adapters (npm) | @asap-protocol/mastra and @asap-protocol/openai-agents tool bridges |
Mastra · OpenAI Agents |
| Economics | Usage metering, delegation tokens, SLA breach alerts | Audit log |
Full overview and upgrade paths: docs/index.md.
Framework Ecosystem
ASAP meets agents where they run — optional Python extras, npm tool bridges, and protocol-native MCP.
| Runtime | Integrations | Docs |
|---|---|---|
| Python | LangChain, CrewAI, LlamaIndex, PydanticAI, SmolAgents, OpenClaw (pip install "asap-protocol[extra]"); Vercel AI SDK router; MCP; MCP Auth Bridge; A2H; OpenAPI workflow connectors (Lab II) |
OpenClaw · Vercel AI SDK · MCP · MCP Auth Bridge · Workflow connectors · NeMo Agent Toolkit (experimental) |
| TypeScript (npm) | @asap-protocol/client (Vercel AI / OpenAI / Anthropic adapters), @asap-protocol/mastra, @asap-protocol/openai-agents |
TypeScript SDK · Mastra · OpenAI Agents · Microsoft Agent Framework (research) |
Installation
We recommend using uv for dependency management:
uv add asap-protocol # latest on PyPI (currently 2.5.2)
Or with pip:
pip install asap-protocol==2.5.2
TypeScript (npm, 2.4.1 — unchanged for v2.5.3; @asap-protocol/mcp-auth HTTP middleware still deferred):
@asap-protocol/client— SDK docs@asap-protocol/mastra— docs · demo@asap-protocol/openai-agents— docs · demo
npm install @asap-protocol/client@2.4.1
npm install @asap-protocol/mastra@2.4.1 @asap-protocol/client @mastra/core zod
npm install @asap-protocol/openai-agents@2.4.1 @asap-protocol/client @openai/agents zod
Python v2.5.3 (Adapter Lab II) is merged to main and pending tag/publish — stay on asap-protocol==2.5.2 from PyPI until the release is published; then see Migration (v2.5.2 → v2.5.3).
Quick Start
Run the demo (echo agent + coordinator in one command):
uv run python -m asap.examples.run_demo
Build your first agent here — server setup, client code, step-by-step (~15 min).
19 examples: orchestration, state migration, MCP, OAuth2, WebSocket, resilience.
Testing
uv run pytest -n auto --tb=short
With coverage (separate run — do not combine with -n auto):
uv run pytest --tb=short --cov=asap --cov-report=term-missing --cov-fail-under=85
Testing Guide (structure, fixtures, property/load/chaos tests). Contributing (dev setup, CI).
Compliance Harness
Validate that your agent follows the ASAP protocol:
uv add "asap-compliance>=1.3.0"
pytest --asap-agent-url https://your-agent.example.com -m asap_compliance
For MCP Auth Bridge stdio gates (mcp-auth-bridge profile), use asap-compliance 1.3.0+ with asap-protocol 2.5.0+ — published on PyPI via tag v2.5.0.1.
See Compliance Testing Guide for handshake, schema and state machine validation.
Documentation
Learn
- Docs | API Reference
- MCP Auth Bridge — v2.5.0 opt-in JWT + capability grants for native stdio MCP
- TypeScript client SDK —
@asap-protocol/client(identity, capabilities, streaming, adapters) - Tutorials — First agent to production checklist
- Migration from A2A/MCP
- Raw Fetch (non-Python) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.
Deep Dive
- State Management | Best Practices: Failover & Migration | Error Handling
- Transport | Security | Security Model (OAuth2 trust, Custom Claims)
- Identity Signing | Compliance Testing | Migration v1.1 to v1.2 | mTLS
- Observability | Testing
Decisions & Operations
- ADRs — 19 Architecture Decision Records
- Tech Stack — Rationale for Python, Pydantic, Next.js choices
- Deployment | Troubleshooting
Release
- Changelog | PyPI listing —
https://pypi.org/project/asap-protocol/(install:pip install asap-protocol)
CLI
asap --version # Show version
asap list-schemas # List JSON schemas
asap export-schemas # Export schemas to disk
asap validate-schema payload.json # Validate JSON against a schema
asap compliance-check --url https://agent.example # Remote Compliance Harness v2
asap audit export --store memory --format json # Export audit log (stdout)
asap keys generate -o key.pem # Ed25519 keypair
asap manifest sign -k key.pem manifest.json # Sign agent manifest
asap delegation create -d <urn> -s read -k key.pem --delegator <urn>
asap trace <trace-id> --log-file asap.log # Visualize request flow from logs
See docs/cli.md for delegation tokens, schema validation, trace visualization, REPL, and full flag reference. Run asap --help for your installed version.
Version History
High-level only — see Changelog and the docs index for full notes.
| Version | What shipped |
|---|---|
| v2.5.3 | Adapter Lab II — merged · pending tag/publish. Workflow OpenAPI connectors + security guide, experimental MAF / NeMo guides, JSON-safe -32602, MCP example client DX. PyPI still 2.5.2. See CHANGELOG, PRD, and Migration (v2.5.2 → v2.5.3) |
| v2.5.2 | Security & correctness follow-up — opt-in operator API auth, extra="forbid" ingress, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups (#245–#249), registry signed-manifest/400 fixes. See CHANGELOG, PRD, and Migration (v2.5.1 → v2.5.2) |
| v2.5.1 | Code quality patch — behavior-preserving refactor (transport/server, client, websocket, SQLite storage, auth, integrations) + six correctness/security fixes (atomic revoke_cascade, usage_events DDL, unified Host-JWT verifier, WS now enforces OAuth2, OpenAPI handler cleanup, client correlation_id binding). Deprecated import paths removed in v2.6.0. See CHANGELOG and Migration (v2.5.0 → v2.5.1) |
| v2.5.0.1 | Compliance publish — GitHub Release v2.5.0.1 · PyPI asap-compliance 1.3.0 (mcp-auth-bridge profile; requires asap-protocol>=2.5.0). No asap-protocol API change. See CHANGELOG |
| v2.5.0 | MCP Auth Bridge — GitHub Release v2.5.0 · opt-in protect_server for stdio MCP; Agent JWT + capability grants; reference example examples/mcp_auth_bridge/. See CHANGELOG and Migration (v2.4.1 → v2.5.0) |
| v2.4.1 | Security hardening — OAuth2 iss/aud, fail-closed identity binding, web SSRF/redirect fixes, dependency bumps. See CHANGELOG and Migration (v2.4.0 → v2.4.1) |
| v2.4.0 | Edge-AI discovery — optional hardware / inference manifest fields, registry mirror, marketplace filters, @asap-protocol/client@2.4.0, ShellClaw onboarding docs. See CHANGELOG and Migration (v2.3.x → v2.4.0) |
| v2.3.1 | npm TS patch — GitHub Release v2.3.1 · @asap-protocol/mastra, @asap-protocol/openai-agents, @asap-protocol/client@2.3.1 (additive adapter exports). Python 2.3.0 unchanged. See CHANGELOG and Migration (v2.3.0 → v2.3.1) |
| v2.3.0 | OpenAPI Adapter ([openapi]) · TypeScript client (@asap-protocol/client) · Auto-Registration · Capability escalation · ASAP HTTP challenge — see CHANGELOG and Migration |
| v2.2.1 | Opt-in WebAuthn (asap-protocol[webauthn]) · asap compliance-check & asap audit export · stricter ResolvedAgent.run() · AuditChainBroken · pinned security deps |
| v2.2 | Per-runtime identity & capability auth · SSE POST /asap/stream · ASAP-Version · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
| v2.1.1 | Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening |
| v2.1 | MarketClient · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX |
| v2.0 | Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow |
| v1.3 | asap delegation create / revoke |
| v1.2 | Ed25519 manifests · trust levels · optional mTLS · Compliance Harness |
| v1.1 | OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks |
🔭 What's Next?
The agentic marketplace and Lite Registry are live. The v2.5.x train focuses on interop and adoption:
- v2.5.4 — distribution loop (homepage templates, starter kits, adoption metrics)
@asap-protocol/mcp-auth(npm) — HTTP/SSE MCP middleware- Formal spec track (v2.5.5) — introspection, privacy, cross-protocol interop on the path to v3.0 economy
See the v2.5 roadmap PRD and ADR index.
Contributing
Community feedback and contributions are essential for ASAP Protocol's evolution. We're working on improvements and your input helps shape the future of the protocol.
Every contribution, from bug reports to feature suggestions, documentation improvements and code contributions, makes a real difference.
Check out our contributing guidelines to get started. It's easier than you think! 🚀
Contact
| Channel | Use for |
|---|---|
| GitHub Discussions or Issues | Public questions, bugs, and feature ideas |
| info@asap-protocol.com | Private coordination — protocol, marketplace, partnerships, press |
| SECURITY.md | Security vulnerabilities only — do not use email or public issues |
Privacy
See PRIVACY.md for how the public site and maintainer telemetry use aggregate metrics (including Vercel Web Analytics) without collecting agent IDs or end-user PII in repository outputs.
License
This project is licensed under the Apache 2.0 License - see the license file for details.
Built with Cursor, with Composer, Opus, Gemini, Kimi and more.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file asap_protocol-2.5.3.tar.gz.
File metadata
- Download URL: asap_protocol-2.5.3.tar.gz
- Upload date:
- Size: 409.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
206790baadbfa9f4295430a804fd6cc37b427e80289072d4aba7e7b2afc9bafc
|
|
| MD5 |
b8b5455255878630c8e9a2ed3c661aa7
|
|
| BLAKE2b-256 |
7ff274fa7c011014bcfe8f5c420e53ddc7cd7bafbb7e90041b97eab5a07dae15
|
File details
Details for the file asap_protocol-2.5.3-py3-none-any.whl.
File metadata
- Download URL: asap_protocol-2.5.3-py3-none-any.whl
- Upload date:
- Size: 473.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
335d601ff1beaef72570c386296224b27e26ab5ae718f61cf323a1cb7e073b5f
|
|
| MD5 |
424fe18a90c4d6f24e5e597908aec0c9
|
|
| BLAKE2b-256 |
b115159e447bd6b175f9c58b4b51e3ae20c9d3b3e37d1beb3b6814307cb9ed88
|