PRD: ASAP Protocol v2.0.0

May 4, 2026 · View on GitHub

Product Requirements Document

Version: 2.0.0 Status: APPROVED Created: 2026-02-06 Last Updated: 2026-02-12

1. Executive Summary

1.1 Purpose

v2.0.0 is The End Goal — the Agent Marketplace with human-facing Web App. This release delivers:

  • Web App: Human interface for agent discovery, registration, and management
  • Lite Registry Integration: Web App reads from registry.json (GitHub Pages)
  • IssueOps Registration: Low-friction agent submission via Web Form -> GitHub Issue
  • Verified Badge: Manual validation of trusted agents (Payment deferred to v3.0)

Note

Lean Marketplace approach: No backend API. The Web App reads from the Lite Registry (SD-11). A full Registry API Backend is deferred to v2.1. See deferred-backlog.md.

1.2 Strategic Context

All previous versions (v1.0-v1.3) built foundational capabilities:

  • v1.0: Core protocol
  • v1.1: Identity (OAuth2, WebSocket, Discovery, Lite Registry)
  • v1.2: Verified Identity (Ed25519, Compliance Harness)
  • v1.3: Observability (Metering, Delegation, SLA)

v2.0 wraps the Lite Registry in a Web App with manual Verified status to build initial trust.

Domain: asap-protocol.com (marketplace product name TBD — Open Question Q10)

2. Goals

GoalMetricPriority
Web App liveCore flows functionalP1
Lite Registry browsableAgents searchable in Web AppP1
Registration friction low< 2 min to submit agentP1
100+ agents in Lite RegistryBefore launchP1
Security audit passedNo critical findingsP1

3. User Stories

Agent Developer (Provider)

As an agent developer, I want to register my agent in the marketplace via Web App so that consumers can discover and use my agent.

Agent Consumer

As an agent consumer, I want to browse agents by skill and trust level so that I find reliable agents for my workflows.

Verified Agent Developer

As a developer seeking trust, I want to apply for Verified badge and pay via Stripe so that my agent displays a trust badge.

Platform Admin (ASAP Team)

As a platform admin, I want to review and approve Verified applications so that only quality agents get the badge.

4. Functional Requirements

4.1 Lite Registry Integration (P1)

IDRequirementPriority
REG-001Fetch and parse registry.json from GitHub PagesMUST
REG-002Agent search by skill, trust levelMUST
REG-003Agent detail view (manifest, SLA, status)MUST
REG-004Real-time status (online/offline via health endpoint)SHOULD
REG-005Cache registry data with configurable TTLMUST

4.2 Web App — Landing & Discovery (P1)

IDRequirementPriority
WEB-001Landing page with value propositionMUST
WEB-002Agent search/browse pageMUST
WEB-003Skill and trust level filtersMUST
WEB-004Agent detail page (manifest, SLA, reputation)MUST
WEB-005"Get Started" developer CTAMUST
WEB-006SEO optimizationSHOULD

4.3 Web App — Developer Dashboard (P1)

IDRequirementPriority
DASH-001OAuth2 login (dog-fooding ASAP auth)MUST
DASH-002"My Agents" list with statusMUST
DASH-003Register new agent flowMUST
DASH-004Edit agent manifestMUST
DASH-005View usage metrics per agentSHOULD
DASH-006API key managementMUST

4.4 Verified Badge Service (P1)

IDRequirementPriority
VERIFY-001"Apply for Verified" button in dashboardMUST
VERIFY-002Manual review process (Contact/Issue)MUST
VERIFY-003Minimal KYC (email, name, URL check)MUST
VERIFY-004Manual review queue for ASAP teamMUST
VERIFY-005ASAP-sign manifest on approvalMUST
VERIFY-006Badge visible in Registry and Web AppMUST

4.5 Infrastructure (P1)

IDRequirementPriority
INFRA-001Production deployment (Vercel)MUST
INFRA-002CDN for static assetsSHOULD
INFRA-003Monitoring (uptime, error rates)MUST
INFRA-004Error tracking (Sentry or similar)MUST

4.6 Security (P1)

IDRequirementPriority
SEC-001Security audit before launchMUST
SEC-002HTTPS everywhereMUST
SEC-003Rate limiting on all endpointsMUST
SEC-004CSRF protection on Web AppMUST

5. Non-Goals (Out of Scope)

FeatureReasonWhen
Registry API BackendLite Registry sufficient for MVPv2.1
Payment processingDeferred to v3.0v3.0
FederationAfter centralized proves ROIv2.x+
Advanced analytics dashboardPost-MVPv2.1+
Mobile appWeb-firstTBD
Multiple payment providersStripe is enoughTBD
Enterprise SSOAfter enterprise tractionv2.1+
Economy SettlementRequires live marketplace transactionsv3.0

6. Technical Considerations

6.1 Tech Stack (Decision SD-8)

LayerTechnologyRationale
FrontendNext.js 15 (App Router)SSR for Registry SEO, React Server Components
StylingTailwindCSS v4 + ShadcnPremium UI velocity (Exception to no-Tailwind rule)
Data SourceLite Registry (registry.json)No backend needed for MVP
AuthASAP OAuth2 + GitHub (TBD)Dog-fooding + Bootstrap ease (See Q11)
RegistrationIssueOps (GitHub Actions)Low friction, no git needed
HostingVercelSimple, scalable
DocsSeparate MkDocsPer SD-8 decision

6.2 Architecture

┌─────────────────────────────────────────────────────────────────┐
│                        WEB LAYER (Next.js)                          │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐               │
│  │   Landing   │  │  Registry   │  │ Registration│               │
│  │    Page     │  │   Browser   │  │    Form     │               │
│  └─────────────┘  └─────────────┘  └─────────────┘               │
└─────────────────────────────────────────────────────────────────┘
       │                    ▲                 │
       │ (Read JSON)        │                 │ (Submit to GitHub)
       ▼                    │                 ▼
┌───────────────────────┐   │      ┌───────────────────────┐
│  LITE REGISTRY        │   │      │  GITHUB ISSUES        │
│  ┌─────────────────┐  │   │      │  ┌─────────────────┐  │
│  │  registry.json  │  │   │      │  │ Agent Req Issue │  │
│  │ (GitHub Pages)  │──┘   │      │  └────────┬────────┘  │
│  └────────┬────────┘      │      └───────────┼───────────┘
└───────────┼───────────────┘                  │
            │                                  │ (Action Trigger)
            │                           ┌──────▼──────┐
            └───────────────────────────│  GH ACTION  │
                                        └─────────────┘

Note: No backend API in v2.0. The Web App fetches registry.json at build time (SSG) or at request time (ISR) from GitHub Pages. Agent registration is still PR-based. A full Registry API Backend is planned for v2.1 when scale demands it.

6.3 Repository Structure

asap-protocol/
├── src/asap/              # Protocol library (existing)
├── apps/
│   └── web/               # Next.js 15 Web App (App Router)
│       ├── src/
│       │   ├── app/           # App Router pages
│       │   ├── components/
│       │   ├── lib/           # Data fetching (registry.json)
│       │   └── styles/
│       └── package.json
└── infra/
    └── vercel.json

7. Success Metrics

MetricTarget
Lite Registry agents100+ at launch
Web App uptime99.9%
Verified conversions5% of registered agents
Page load time<2s (p95)
Security auditZero critical findings

8. Launch Criteria

Before announcing v2.0.0:

  • Lite Registry has 100+ agents
  • Verified badge flow working (Stripe + ASAP CA signing)
  • Web App live with core features (browse, search, register)
  • Security audit passed
  • Monitoring operational
  • Documentation complete

Change Log

DateVersionChange
2026-05-04Cross-link: PRD v2.3.0 Adoption Multiplier shipped as v2.3.0 (OpenAPI adapter, TypeScript SDK, auto-registration, escalation, ASAP challenge); see root CHANGELOG.md and docs/migration.md.
2026-02-061.0.0Initial PRD for v2.0.0
2026-02-071.1.0Updated architecture diagram with Storage Layer (SD-9), ASAP Cloud reference
2026-02-121.2.0Lean Marketplace pivot: Replaced Production Registry with Lite Registry integration, removed FastAPI backend/PostgreSQL, simplified architecture to Next.js + GitHub Pages JSON, updated goals/launch criteria (100+ instead of 10k+), added Economy Settlement to non-goals (v3.0)
2026-05-041.3.0Successor releases: v2.3.0 Adoption Multiplier shipped (OpenAPI adapter, @asap-protocol/client, auto-registration, escalation, ASAP WWW-Authenticate challenge). Registry API backend and related scale items remain deferred per PRD gates.