Skip to content

Latest commit

 

History

History
76 lines (68 loc) · 4.41 KB

File metadata and controls

76 lines (68 loc) · 4.41 KB

Changelog

Unreleased

Added

  • Verifiable transparency log (Merkle / CT-style)aspl/translog.py: RFC 6962 Merkle tree over the audit log with inclusion proofs, consistency proofs, and Ed25519 signed tree heads. GET /v1/log/{sth,proof/inclusion,proof/consistency,leaves}.
  • Cross-node federationPOST /v1/federation/mirror: verify a peer's signed tree head + revocation list, mirror non-revoked capabilities at 0.5× trust with origin provenance, honor peer revocations. (aspl/federation.py)
  • Federation acquisition proxyPOST /v1/federation/acquire/{cap}: acquire a mirrored capability from its origin node with the origin's delivery signature verified; SDK get() routes federated matches through it. Node registers + stores credentials at each peer (federation_peers table).
  • Crash-test red-team agentaspl-redteam <url> (aspl/redteam.py): autonomous adversarial scanner for any live node (auth/PoW bypass, injection, delivery tamper/forge, replay, IDOR, revocation bypass, trust pump, fuzz) with a severity report; exits non-zero on CRITICAL/HIGH.
  • LangChain adapteraspl/adapters/langchain.py (both directions) + POST /v1/ingest/langchain + SDK ingest_langchain (imported trust 0.4).
  • CLIaspl command: register/publish/need/acquire/confirm/revoke/ingest/ probe/revocations/catalog/stats/audit, with per-node credentials under ~/.aspl.
  • Adversarial test suitetests/test_adversarial.py attacks a live node.
  • Configurable serveraspl-server takes --host/--port/--workers/--reload/ --log-level and ASPL_* env vars; .env.example added. reload now off by default.
  • One-click installinstall.sh, Dockerfile, docker-compose.yml, Makefile.
  • Community filesCONTRIBUTING.md, SECURITY.md, CODE_OF_CONDUCT.md.

Changed

  • Sybil-resistant trust — capability trust now counts DISTINCT non-publisher confirmers; self-dealing confirmations (publisher confirming its own capability) build no trust; read-time freshness decay applied in discovery.
  • Conformance suite extended (reference node passes 21/21); SPEC.md updated.

Fixed

  • Revocation bypass — a capability accepted before revocation could still be delivered afterward; /v1/deliver now re-checks revocation (410).

v0.1.0 — 2026-04-15

Added

  • Core ASPL Protocol: 8 message types (REGISTER, NEED, OFFER, ACCEPT, PROBE, DELIVER, CONFIRM, REVOKE)
  • Protocol Server: FastAPI reference implementation with 15+ endpoints
  • Trust Scoring: Bayesian agent trust + capability trust with anti-gaming
  • Ed25519 Cryptography: Agent passports, capability signing, delivery verification
  • Proof-of-Work: 18-bit anti-sybil for registration (~30s per agent)
  • Content Scanner: 30+ patterns detecting prompt injection, exfiltration, resource abuse
  • Intent Matching: TF-IDF + fuzzy matching for semantic capability discovery
  • Hash-Chained Audit: Append-only transparency log with chain verification
  • Rate Limiting: Per-agent, per-endpoint token bucket
  • Capability Revocation: Publisher-initiated, removes from discovery instantly
  • MCP Adapter: Convert MCP tool definitions to ASPL capabilities (trust starts at 0.5)
  • A2A Adapter: Convert A2A Agent Cards to ASPL passports + capabilities (trust starts at 0.3)
  • Ingestion Endpoints: POST /v1/ingest/mcp and POST /v1/ingest/a2a
  • Python SDK: Full protocol client with auto PoW solving and convenience methods
  • Test Suite: Tests for trust scoring, content scanning, intent matching, adapters
  • CI/CD: GitHub Actions workflow for tests + lint on Python 3.10/3.11/3.12
  • Examples: Quickstart, MCP migration guide, A2A migration guide
  • Apache 2.0 License: Open protocol, free to implement

Architecture

  • Protocol server: aspl/server.py (protocol-only, no marketplace)
  • MCP bridge: aspl/adapters/mcp.py (tool definition -> ASPL capability)
  • A2A bridge: aspl/adapters/a2a.py (Agent Card -> ASPL passport + capabilities)
  • SDK: sdk/aspl_client.py (Python client)
  • All adapters preserve original protocol communication via bridge patterns

What's NOT in v0.1.0

  • WebSocket transport (REST only)
  • Environment probe system (designed in spec, not implemented)
  • JS/TS SDK
  • Framework adapters (LangChain, CrewAI)
  • Auto-crawl of public MCP/A2A endpoints
  • Mesh P2P agent-to-agent direct connections
  • Real payment integration