✨ From agents, for agents. Delivering reliability, as soon as possible.
A production-ready protocol for agent-to-agent communication and task coordination.
Quick Info: v2.4.1 (PyPI) · npm TS 2.4.1 | Apache 2.0 | Python 3.13+ | Documentation | PyPI asap-protocol | npm @asap-protocol/client | Changelog
📦 Install the ASAP Python SDK / protocol from
https://pypi.org/project/asap-protocol/— package nameasap-protocolon PyPI.
🚀 Live now our agentic marketplace — browse agents, register yours, request verification.
Building multi-agent systems today suffers from three core technical challenges that existing protocols like A2A don't fully address:
-
$N^2$ Connection Complexity: Most protocols assume static point-to-point HTTP connections that don't scale. - State Drift: Lack of native persistence makes it impossible to reliably resume long-running agentic workflows.
- Fragmentation: No unified way to handle task delegation, artifact exchange and tool execution (MCP) in a single envelope.
ASAP provides a production-ready communication layer that simplifies these complexities. It's ideal for multi-agent orchestration, stateful workflows (persistence, resumability), MCP support and production systems requiring high-performance, type-safe agent communication.
For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the documentation for the current protocol overview and features.
- Stateful orchestration — Task state machine with snapshotting for resumable workflows.
- Schema-first — Pydantic v2 + JSON Schema for cross-agent interoperability.
- Async-native —
asyncio+httpx; sync and async handlers supported. - MCP integration — Tool execution and coordination in a single envelope.
- Observable —
trace_idandcorrelation_idfor debugging. - Security — Bearer auth, OAuth2/JWT, Ed25519 signed manifests, optional mTLS, replay prevention, HTTPS, rate limiting. Security Model (trust limits, Custom Claims).
- Identity & capabilities (v2.2, WebAuthn real in v2.2.1) — Per-runtime Host/Agent JWTs, capability grants with constraints (
max,min,in,not_in), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in viaasap-protocol[webauthn]). - Streaming & wire protocol (v2.2) —
POST /asap/stream(SSE /TaskStream), JSON-RPC 2.0 batch onPOST /asap,ASAP-Versionnegotiation, tamper-evident audit logging, Compliance Harness v2. - Adoption Multiplier (v2.3.0) — OpenAPI → ASAP via
create_from_openapi([openapi]extra), official@asap-protocol/clienton npm (Vercel AI / OpenAI / Anthropic adapters), optional Auto-Registration (POST /registry/agents), capability escalation, and ASAPWWW-Authenticatediscovery challenges. All opt-in; wire protocol unchanged. See docs/index.md and docs/migration.md. - Edge-AI discovery (v2.4.0) — Optional
manifest.capabilities.hardware+inference, Lite Registry mirror, marketplace browse filters, and@asap-protocol/[email protected]discovery types. Wire protocol unchanged. See Migration (v2.3.x → v2.4.0) and ShellClaw registry guide. - Framework adapters (v2.3.1+, npm) —
@asap-protocol/mastraand@asap-protocol/openai-agentsexpose ASAP capabilities as Mastra tools and OpenAI Agents SDKtool()definitions. See Migration (v2.3.0 → v2.3.1). - Economics — Usage metering, delegation tokens, SLA framework with breach alerts.
ASAP is built for interoperability. Seamlessly integrate your agents into OpenClaw, LangChain, CrewAI and LlamaIndex workflows using our growing library of native adapters and standardized tool-calling schemas.
We recommend using uv for dependency management:
uv add asap-protocolOr with pip:
pip install asap-protocolnpm (TypeScript / JavaScript — @asap-protocol/client, 2.4.1). The latest dist-tag matches npm view @asap-protocol/client version.
npm Mastra @asap-protocol/[email protected] bridges ASAP capabilities onto @mastra/core tools; docs: docs/integrations/mastra.md, demo: apps/example-mastra/README.md.
npm OpenAI Agents SDK @asap-protocol/[email protected] exposes ASAP capabilities as @openai/agents tool() definitions — not the Chat Completions helper adapters/openai; docs: docs/integrations/openai-agents.md, demo: apps/example-openai-agents/README.md.
npm install @asap-protocol/[email protected]
npm install @asap-protocol/[email protected] @asap-protocol/client @mastra/core zod
npm install @asap-protocol/[email protected] @asap-protocol/client @openai/agents zod📦 Canonical listing: https://pypi.org/project/asap-protocol/ — package asap-protocol (pip install asap-protocol). Prefer uv for reproducible environments when possible.
Run the demo (echo agent + coordinator in one command):
uv run python -m asap.examples.run_demoBuild your first agent here — server setup, client code, step-by-step (~15 min).
19 examples: orchestration, state migration, MCP, OAuth2, WebSocket, resilience.
uv run pytest -n auto --tb=shortWith coverage:
uv run pytest --cov=src --cov-report=term-missingTesting Guide (structure, fixtures, property/load/chaos tests). Contributing (dev setup, CI).
Validate that your agent follows the ASAP protocol:
uv add asap-compliance
pytest --asap-agent-url https://your-agent.example.com -m asap_complianceSee Compliance Testing Guide for handshake, schema and state machine validation.
Learn
- Docs | API Reference
- TypeScript client SDK —
@asap-protocol/client(identity, capabilities, streaming, adapters) - Tutorials — First agent to production checklist
- Migration from A2A/MCP
- Raw Fetch (non-Python) — Fetch registry.json and revoked_agents.json with curl/fetch; implement your own client.
Deep Dive
- State Management | Best Practices: Failover & Migration | Error Handling
- Transport | Security | Security Model (OAuth2 trust, Custom Claims)
- Identity Signing | Compliance Testing | Migration v1.1 to v1.2 | mTLS
- Observability | Testing
Decisions & Operations
- ADRs — 19 Architecture Decision Records
- Tech Stack — Rationale for Python, Pydantic, Next.js choices
- Deployment | Troubleshooting
Release
- Changelog | PyPI listing —
https://pypi.org/project/asap-protocol/(install:pip install asap-protocol)
asap --version # Show version
asap list-schemas # List all available schemas
asap export-schemas # Export JSON schemas to file
asap compliance-check --url https://agent.example # Compliance Harness v2 (HTTP(S))
asap audit export --store memory --format json # Export audit log (stdout)
asap keys generate -o key.pem # Generate Ed25519 keypair
asap manifest sign -k key.pem manifest.json # Sign manifest
asap manifest verify signed.json # Verify signature
asap manifest info signed.json # Show trust levelSee the CLI reference for compliance-check and audit export flag details, the CI compliance gate for wiring compliance-check into GitHub Actions, the audit export guide, Identity Signing, or run asap --help for the full command surface.
High-level only — see Changelog and the docs index for full notes.
| Version | What shipped |
|---|---|
| v2.4.0 | Edge-AI discovery — GitHub Release v2.4.0 · optional hardware / inference manifest fields, registry mirror, marketplace filters, @asap-protocol/[email protected], ShellClaw onboarding docs. See CHANGELOG and Migration (v2.3.x → v2.4.0) |
| v2.3.1 | npm TS patch — GitHub Release v2.3.1 · @asap-protocol/mastra, @asap-protocol/openai-agents, @asap-protocol/[email protected] (additive adapter exports). Python 2.3.0 unchanged. See CHANGELOG and Migration (v2.3.0 → v2.3.1) |
| v2.3.0 | OpenAPI Adapter ([openapi]) · TypeScript client (@asap-protocol/client) · Auto-Registration · Capability escalation · ASAP HTTP challenge — see CHANGELOG and Migration |
| v2.2.1 | Opt-in WebAuthn (asap-protocol[webauthn]) · asap compliance-check & asap audit export · stricter ResolvedAgent.run() · AuditChainBroken · pinned security deps |
| v2.2 | Per-runtime identity & capability auth · SSE POST /asap/stream · ASAP-Version · JSON-RPC batch · tamper-evident audit · async state stores · Compliance Harness v2 |
| v2.1.1 | Patch: JWT allowlist · SQLite async bridge · optional Redis rate limits · web SSRF hardening |
| v2.1 | MarketClient · framework extras (LangChain, CrewAI, LlamaIndex, …) · registry UX |
| v2.0 | Marketplace web app · Lite Registry (GitHub Pages) · IssueOps · OAuth · verification flow |
| v1.3 | asap delegation create / revoke |
| v1.2 | Ed25519 manifests · trust levels · optional mTLS · Compliance Harness |
| v1.1 | OAuth2 · WebSocket · discovery (well-known + Lite Registry) · SQLite state · webhooks |
ASAP is evolving toward an Agent Marketplace — an open ecosystem where AI agents discover, trust and collaborate autonomously. See the ADR index and v2.0 roadmap PRD. Detailed long-term strategy narratives are maintained privately (not shipped in this repository).
Community feedback and contributions are essential for ASAP Protocol's evolution. We're working on improvements and your input helps shape the future of the protocol.
Every contribution, from bug reports to feature suggestions, documentation improvements and code contributions, makes a real difference.
Check out our contributing guidelines to get started. It's easier than you think! 🚀
For general questions about the protocol, the marketplace, partnerships, or press (not security vulnerabilities — use SECURITY.md for those):
- Email: [email protected]
You can also use GitHub Discussions or Issues for public project topics.
See PRIVACY.md for how the public site and maintainer telemetry use aggregate metrics (including Vercel Web Analytics) without collecting agent IDs or end-user PII in repository outputs.
This project is licensed under the Apache 2.0 License - see the license file for details.
Built with Cursor using Opus 4.6/4.7, Composer 1.5/2.0, Gemini 3.1 Pro and Kimi K2.5.