ASAP: Async Simple Agent Protocol

May 14, 2026 Ā· View on GitHub

āœØ From agents, for agents. Delivering reliability, as soon as possible.

ASAP Protocol Banner

A production-ready protocol for agent-to-agent communication and task coordination.

Quick Info: v2.3.0 | Apache 2.0 | Python 3.13+ | Documentation | PyPI asap-protocol | npm @asap-protocol/client | Changelog

šŸ“¦ Install the ASAP Python SDK / protocol from https://pypi.org/project/asap-protocol/ ā€” package name asap-protocol on PyPI.

šŸš€ Live now our agentic marketplace ā€” browse agents, register yours, request verification.

Why ASAP?

Building multi-agent systems today suffers from three core technical challenges that existing protocols like A2A don't fully address:

  1. N2N^2 Connection Complexity: Most protocols assume static point-to-point HTTP connections that don't scale.
  2. State Drift: Lack of native persistence makes it impossible to reliably resume long-running agentic workflows.
  3. Fragmentation: No unified way to handle task delegation, artifact exchange and tool execution (MCP) in a single envelope.

ASAP provides a production-ready communication layer that simplifies these complexities. It's ideal for multi-agent orchestration, stateful workflows (persistence, resumability), MCP support and production systems requiring high-performance, type-safe agent communication.

For simple point-to-point communication, a basic HTTP API might suffice; ASAP shines when you need orchestration, state management and multi-agent coordination. See the documentation for the current protocol overview and features.

Key Features

  • Stateful orchestration ā€” Task state machine with snapshotting for resumable workflows.
  • Schema-first ā€” Pydantic v2 + JSON Schema for cross-agent interoperability.
  • Async-native ā€” asyncio + httpx; sync and async handlers supported.
  • MCP integration ā€” Tool execution and coordination in a single envelope.
  • Observable ā€” trace_id and correlation_id for debugging.
  • Security ā€” Bearer auth, OAuth2/JWT, Ed25519 signed manifests, optional mTLS, replay prevention, HTTPS, rate limiting. Security Model (trust limits, Custom Claims).
  • Identity & capabilities (v2.2, WebAuthn real in v2.2.1) ā€” Per-runtime Host/Agent JWTs, capability grants with constraints (max, min, in, not_in), approval flows (device authorization / CIBA-style), real WebAuthn attestation/assertion for high-risk registration (opt-in via asap-protocol[webauthn]).
  • Streaming & wire protocol (v2.2) ā€” POST /asap/stream (SSE / TaskStream), JSON-RPC 2.0 batch on POST /asap, ASAP-Version negotiation, tamper-evident audit logging, Compliance Harness v2.
  • Adoption Multiplier (v2.3.0) ā€” OpenAPI ā†’ ASAP via create_from_openapi ([openapi] extra), official @asap-protocol/client on npm (Vercel AI / OpenAI / Anthropic adapters), optional Auto-Registration (POST /registry/agents), capability escalation, and ASAP WWW-Authenticate discovery challenges. All opt-in; wire protocol unchanged. See docs/index.md and docs/migration.md.
  • Economics ā€” Usage metering, delegation tokens, SLA framework with breach alerts.

šŸ†• Framework Ecosystem

ASAP is built for interoperability. Seamlessly integrate your agents into OpenClaw, LangChain, CrewAI and LlamaIndex workflows using our growing library of native adapters and standardized tool-calling schemas.

Installation

We recommend using uv for dependency management:

uv add asap-protocol

Or with pip:

pip install asap-protocol

npm (TypeScript / JavaScript ā€” @asap-protocol/client, aligned with protocol v2.3.0). The latest dist-tag matches npm view @asap-protocol/client version (currently 2.3.0).

npm install @asap-protocol/client
# reproducible pin (same as latest today):
# npm install @asap-protocol/client@2.3.0

šŸ“¦ Canonical listing: https://pypi.org/project/asap-protocol/ ā€” package asap-protocol (pip install asap-protocol). Prefer uv for reproducible environments when possible.

Quick Start

Run the demo (echo agent + coordinator in one command):

uv run python -m asap.examples.run_demo

Build your first agent here ā€” server setup, client code, step-by-step (~15 min).

19 examples: orchestration, state migration, MCP, OAuth2, WebSocket, resilience.

Testing

uv run pytest -n auto --tb=short

With coverage:

uv run pytest --cov=src --cov-report=term-missing

Testing Guide (structure, fixtures, property/load/chaos tests). Contributing (dev setup, CI).

Compliance Harness

Validate that your agent follows the ASAP protocol:

uv add asap-compliance
pytest --asap-agent-url https://your-agent.example.com -m asap_compliance

See Compliance Testing Guide for handshake, schema and state machine validation.

Documentation

Learn

Deep Dive

Decisions & Operations

Release

  • Changelog | PyPI listing ā€” https://pypi.org/project/asap-protocol/ (install: pip install asap-protocol)

CLI

asap --version                                    # Show version
asap list-schemas                                 # List all available schemas
asap export-schemas                               # Export JSON schemas to file
asap compliance-check --url https://agent.example # Compliance Harness v2 (HTTP(S))
asap audit export --store memory --format json    # Export audit log (stdout)
asap keys generate -o key.pem                     # Generate Ed25519 keypair
asap manifest sign -k key.pem manifest.json       # Sign manifest
asap manifest verify signed.json                  # Verify signature
asap manifest info signed.json                    # Show trust level

See the CLI reference for compliance-check and audit export flag details, the CI compliance gate for wiring compliance-check into GitHub Actions, the audit export guide, Identity Signing, or run asap --help for the full command surface.

Version History

High-level only ā€” see Changelog and the docs index for full notes.

VersionWhat shipped
v2.3.0OpenAPI Adapter ([openapi]) Ā· TypeScript client (@asap-protocol/client) Ā· Auto-Registration Ā· Capability escalation Ā· ASAP HTTP challenge ā€” see CHANGELOG and Migration
v2.2.1Opt-in WebAuthn (asap-protocol[webauthn]) Ā· asap compliance-check & asap audit export Ā· stricter ResolvedAgent.run() Ā· AuditChainBroken Ā· pinned security deps
v2.2Per-runtime identity & capability auth Ā· SSE POST /asap/stream Ā· ASAP-Version Ā· JSON-RPC batch Ā· tamper-evident audit Ā· async state stores Ā· Compliance Harness v2
v2.1.1Patch: JWT allowlist Ā· SQLite async bridge Ā· optional Redis rate limits Ā· web SSRF hardening
v2.1MarketClient Ā· framework extras (LangChain, CrewAI, LlamaIndex, ā€¦) Ā· registry UX
v2.0Marketplace web app Ā· Lite Registry (GitHub Pages) Ā· IssueOps Ā· OAuth Ā· verification flow
v1.3asap delegation create / revoke
v1.2Ed25519 manifests Ā· trust levels Ā· optional mTLS Ā· Compliance Harness
v1.1OAuth2 Ā· WebSocket Ā· discovery (well-known + Lite Registry) Ā· SQLite state Ā· webhooks

šŸ”­ What's Next?

ASAP is evolving toward an Agent Marketplace ā€” an open ecosystem where AI agents discover, trust and collaborate autonomously. See the ADR index and v2.0 roadmap PRD. Detailed long-term strategy narratives are maintained privately (not shipped in this repository).

Contributing

Community feedback and contributions are essential for ASAP Protocol's evolution. We're working on improvements and your input helps shape the future of the protocol.

Every contribution, from bug reports to feature suggestions, documentation improvements and code contributions, makes a real difference.

Check out our contributing guidelines to get started. It's easier than you think! šŸš€

Contact

For general questions about the protocol, the marketplace, partnerships, or press (not security vulnerabilities ā€” use SECURITY.md for those):

You can also use GitHub Discussions or Issues for public project topics.

License

This project is licensed under the Apache 2.0 License - see the license file for details.

Built with Cursor using Opus 4.6/4.7, Composer 1.5/2.0, Gemini 3.1 Pro and Kimi K2.5.