Skip to content

v2.5.2

Choose a tag to compare

@github-actions github-actions released this 08 Jul 21:41
3a3b427

Security & correctness follow-up — operator API auth, tighter ingress
validation, Redis JTI replay, web distributed rate limits, v2.5.1 CR follow-ups,
and registry fixes. Scope: prd-v2.5.2-security-follow-up.md.
Wire protocol and manifest schema are unchanged aside from rejecting unknown
config / metadata keys (see Migration).

Added

  • Opt-in operator API auth (#209): create_app(require_operator_auth=True)
    requires an OAuth2 Bearer JWT with scope asap:admin on /usage,
    /sla, and /audit. Default remains open (local/operator ergonomics)
    with the existing startup warnings. Requires oauth2_config.
  • Redis-backed JTI replay cache (#209): Optional
    :class:~asap.auth.jti_replay_cache.RedisJtiReplayCache for multi-worker
    Host/Agent JWT replay protection. Default remains in-memory
    :class:~asap.auth.agent_jwt.JtiReplayCache. Requires
    pip install 'asap-protocol[redis]'. Inject via
    create_app(identity_jti_cache=...) or MCPAuthConfig.jti_replay_cache.

Changed

  • Ingress validation (#209): TaskRequestConfig and CommonMetadata now reject
    unknown fields (extra="forbid", inherited from ASAPBaseModel). Previously these
    models allowed arbitrary extension keys; clients sending custom config or
    metadata properties must use known fields only or nest extensions under
    TaskRequest.input / envelope extensions. See
    migration guide.
  • CLI legacy imports (#242): DEFAULT_SCHEMAS_DIR, export_all_schemas, and
    _repl_namespace are no longer re-exported from asap.cli root. Import from
    asap.cli._compat (shim) or the owning submodules (asap.cli.schemas,
    asap.schemas, asap.cli.repl). The _compat shim is removed in v2.6.0
    (#275).
    See migration guide.
  • Web app (apps/web): Optional distributed rate limits via Upstash Redis
    or Vercel KV when UPSTASH_REDIS_REST_URL + UPSTASH_REDIS_REST_TOKEN (or
    KV_REST_API_URL + KV_REST_API_TOKEN) are set; local dev without Redis
    keeps the existing in-memory per-instance limiter
    (#209).
  • Auth scope parsing (#243): parse_scope lives in asap.auth._scope_parse so
    OAuth2Middleware no longer needs an inline import to break a cycle.

Fixed

  • CI security (pip-audit): Raised joserfc to >=1.6.7,<2 (CVE-2026-48990) and added overrides for python-engineio>=4.13.2 (CVE-2026-48802 / CVE-2026-48809) and python-socketio>=5.16.2 (CVE-2026-48804). See SECURITY.md.
  • Streaming correlation binding (#247): SSE and WebSocket streaming now require TaskStream chunks to echo the request envelope id (not an arbitrary request correlation_id), and streamed response payloads reject missing or mismatched correlation_id values.
  • SQLite write serialization (#245): AsyncSqliteRepository.execute() now holds the same asyncio.Lock as other write paths so concurrent writers cannot interleave on a shared connection.
  • Agent status JTI replay (#249): GET /asap/agent/status now records JWT jti in the replay cache (same hardening as other identity routes).
  • Registry signed manifests (#224): Registration paths accept signed manifest envelopes (unwrap before validation).
  • Registry validation errors (#227): Auto-registration maps ManifestValidationError to HTTP 400 instead of a 500.

Migration

  • v2.5.1 → v2.5.2: See migration guide.
    Breaking for clients that sent unknown keys on TaskRequest.config /
    CommonMetadata. Operator auth and Redis JTI remain opt-in.


Full Changelog: v0.1.0...v2.5.2