v2.5.2
Security & correctness follow-up — operator API auth, tighter ingress
validation, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups,
and registry fixes. Scope: prd-v2.5.2-security-follow-up.md.
Wire protocol and manifest schema are unchanged aside from rejecting unknown
config / metadata keys (see Migration).
Added
- Opt-in operator API auth (#209):
create_app(require_operator_auth=True)
requires an OAuth2 Bearer JWT with scopeasap:adminon/usage,
/sla, and/audit. Default remains open (local/operator ergonomics)
with the existing startup warnings. Requiresoauth2_config. - Redis-backed JTI replay cache (#209): Optional
:class:~asap.auth.jti_replay_cache.RedisJtiReplayCachefor multi-worker
Host/Agent JWT replay protection. Default remains in-memory
:class:~asap.auth.agent_jwt.JtiReplayCache. Requires
pip install 'asap-protocol[redis]'. Inject via
create_app(identity_jti_cache=...)orMCPAuthConfig.jti_replay_cache.
Changed
- Ingress validation (#209):
TaskRequestConfigandCommonMetadatanow reject
unknown fields (extra="forbid", inherited fromASAPBaseModel). Previously these
models allowed arbitrary extension keys; clients sending customconfigor
metadataproperties must use known fields only or nest extensions under
TaskRequest.input/ envelopeextensions. See
migration guide. - CLI legacy imports (#242):
DEFAULT_SCHEMAS_DIR,export_all_schemas, and
_repl_namespaceare no longer re-exported fromasap.cliroot. Import from
asap.cli._compat(shim) or the owning submodules (asap.cli.schemas,
asap.schemas,asap.cli.repl). The_compatshim is removed in v2.6.0
(#275).
See migration guide. - Web app (
apps/web): Optional distributed rate limits via Upstash Redis
or Vercel KV whenUPSTASH_REDIS_REST_URL+UPSTASH_REDIS_REST_TOKEN(or
KV_REST_API_URL+KV_REST_API_TOKEN) are set; local dev without Redis
keeps the existing in-memory per-instance limiter
(#209). - Auth scope parsing (#243):
parse_scopelives inasap.auth._scope_parseso
OAuth2Middlewareno longer needs an inline import to break a cycle.
Fixed
- CI security (
pip-audit): Raisedjoserfcto>=1.6.7,<2(CVE-2026-48990) and added overrides forpython-engineio>=4.13.2(CVE-2026-48802 / CVE-2026-48809) andpython-socketio>=5.16.2(CVE-2026-48804). See SECURITY.md. - Streaming correlation binding (#247): SSE and WebSocket streaming now require
TaskStreamchunks to echo the request envelopeid(not an arbitrary requestcorrelation_id), and streamed response payloads reject missing or mismatchedcorrelation_idvalues. - SQLite write serialization (#245):
AsyncSqliteRepository.execute()now holds the sameasyncio.Lockas other write paths so concurrent writers cannot interleave on a shared connection. - Agent status JTI replay (#249):
GET /asap/agent/statusnow records JWTjtiin the replay cache (same hardening as other identity routes). - Registry signed manifests (#224): Registration paths accept signed manifest envelopes (unwrap before validation).
- Registry validation errors (#227): Auto-registration maps
ManifestValidationErrorto HTTP 400 instead of a 500.
Migration
- v2.5.1 → v2.5.2: See migration guide.
Breaking for clients that sent unknown keys onTaskRequest.config/
CommonMetadata. Operator auth and Redis JTI remain opt-in.
Full Changelog: v0.1.0...v2.5.2