Skip to content

v1.2.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 15 Feb 18:08
· 923 commits to main since this release
v1.2.0
2841766

Verified Identity: Ed25519 signed manifests, trust levels, optional mTLS, and compliance harness. Backward compatible with v1.1.0.

Added

Signed Manifests

  • Ed25519 key management: asap.crypto.keysgenerate_keypair, serialize_private_key, load_private_key_from_file_sync, load_private_key_from_env
  • Manifest signing: asap.crypto.signingsign_manifest, verify_manifest, JCS canonicalization (RFC 8785)
  • SignedManifest model: asap.crypto.modelsSignedManifest, SignatureBlock with public_key and trust_level
  • CLI: asap keys generate, asap manifest sign, asap manifest verify, asap manifest info

Trust Levels

  • Trust level model: asap.crypto.trust_levelsTrustLevel enum (self-signed, verified, enterprise)
  • Trust detection: asap.crypto.trustdetect_trust_level, sign_with_ca for Verified badge simulation
  • Client verification: ASAPClientverify_signatures, trusted_manifest_keys for optional manifest signature verification

mTLS

  • Optional mTLS: asap.transport.mtlsMTLSConfig, create_ssl_context, mtls_config_to_uvicorn_kwargs
  • Server/client support: create_app(mtls_config=...), ASAPClient(mtls_config=...)
  • Documentation: docs/security/mtls.md — Enterprise CA, client cert configuration

Compliance Harness

  • asap-compliance package: Separate PyPI package for protocol compliance testing
  • Handshake validation: Health endpoint, manifest schema, signed manifest verification, version compatibility
  • Schema validation: Envelope, TaskRequest, TaskResponse, McpToolResult, MessageAck; extra="forbid"
  • State machine validation: Task lifecycle (PENDING → RUNNING → COMPLETED/FAILED)
  • SLA validation: Timeout and progress schema checks
  • Usage: pytest --asap-agent-url https://your-agent.example.com -m asap_compliance

Testing & Benchmarks

  • Cross-version compatibility: Signed manifests with discovery; compliance harness against signed manifest agents
  • Crypto benchmarks: benchmarks/benchmark_crypto.py — Ed25519 sign/verify, JCS canonicalization, compliance handshake
  • Coverage: CLI keys/manifest tests, mTLS edge cases, integration tests

Changed

  • Discovery validation: validate_signed_manifest_response accepts plain or signed manifests; optional signature verification
  • AGENTS.md: mTLS note updated (now implemented); crypto module and compliance harness documented

Deferred (not in v1.2.0)

  • Registry API: Centralized agent registry backend (planned for v2.1)
  • DeepEval integration: Intelligence layer for compliance (planned for v2.2+)
  • Lite Registry (v1.1) continues as discovery mechanism

Technical Details

  • Python: 3.13+
  • Tests: 1940+ (asap-protocol), 54 (asap-compliance)
  • Coverage: ~94.2% (asap-protocol)
  • New packages: asap-compliance on PyPI (separate from asap-protocol)

Full Changelog: v0.1.0...v1.2.0

Assets 7
Loading