Skip to content

Latest commit

 

History

History
171 lines (130 loc) · 5.81 KB

File metadata and controls

171 lines (130 loc) · 5.81 KB

Publishing ASPL to GitHub — Step by Step

Nothing here is automated and nothing has been pushed. This repo is already a local git repository with full history on branch main, every commit authored by Tilelli LAB <hello@tilelli.tech>.

The build sandbox has NO network access to GitHub, so the push must be run from a machine that can both reach github.com and see this repo (your own terminal). Target: TilelliLab/aspl (adjust if you use a different org).

Optimized repo metadata (paste into GitHub "About")

Description (≤350 chars):

The trust & supply-chain layer for AI agents — sits above MCP and A2A. Ed25519 identity, sybil-resistant trust scoring, double-signed delivery, a Merkle transparency log, cross-node federation, and MCP/A2A/LangChain adapters. Apache-2.0.

Website: https://tilelli.tech

Topics: ai-agents agentic-ai mcp model-context-protocol a2a llm agent-protocol trust reputation supply-chain-security ed25519 transparency-log merkle-tree federation langchain python fastapi security cryptography open-protocol

Prerequisites

  • GitHub account
  • git and gh (GitHub CLI) installed
  • SSH key or personal access token configured
  • Git identity already set in this repo:
    git config user.name   # -> Tilelli LAB
    git config user.email  # -> hello@tilelli.tech

Step 1: Create the GitHub Organization

# Create the org "aspl-protocol" on GitHub
# Go to: https://github.com/organizations/plan
# Choose: Free plan
# Org name: aspl-protocol
# Contact email: hello@tilelli.tech

Step 2: Create the Repository

# Using GitHub CLI
gh repo create aspl-protocol/aspl \
  --public \
  --description "The trust & supply-chain layer for AI agents — sits above MCP and A2A. Ed25519 identity, sybil-resistant trust, signed delivery, Merkle transparency log, federation, MCP/A2A/LangChain adapters." \
  --license apache-2.0

# Or create manually at: https://github.com/new
# Owner: aspl-protocol
# Name: aspl
# Public
# No README (we have our own)
# License: Apache 2.0

Step 3: Add the remote and push (when YOU decide)

The repo already has a full commit history as Tilelli LAB — no git init or first commit needed. Just point it at your new remote and push.

cd /workspace/aspl-protocol

git branch -M main                                          # if not already on main
git remote add origin git@github.com:aspl-protocol/aspl.git # <- your org/repo

# Review what you're about to publish first:
git log --oneline
git status

# Push only when you're ready (this is the irreversible, outward step):
git push -u origin main

Step 4: Configure Repository Settings

# Add topics for discoverability
gh repo edit TilelliLab/aspl \
  --add-topic "ai-agents" --add-topic "agentic-ai" --add-topic "mcp" \
  --add-topic "model-context-protocol" --add-topic "a2a" --add-topic "llm" \
  --add-topic "agent-protocol" --add-topic "trust" --add-topic "reputation" \
  --add-topic "supply-chain-security" --add-topic "ed25519" --add-topic "transparency-log" \
  --add-topic "merkle-tree" --add-topic "federation" --add-topic "langchain" \
  --add-topic "python" --add-topic "fastapi" --add-topic "security" \
  --add-topic "cryptography" --add-topic "open-protocol"

# Enable issues
gh repo edit aspl-protocol/aspl --enable-issues

# Enable discussions
gh repo edit aspl-protocol/aspl --enable-discussions

Step 5: Create the First Release

# Tag the release
git tag -a v0.1.0 -m "ASPL v0.1.0 — First public release"
git push origin v0.1.0

# Create GitHub release
gh release create v0.1.0 \
  --title "ASPL v0.1.0 — The Trust Layer for Autonomous Agents" \
  --notes "$(cat <<'EOF'
## What's in this release

**Core protocol** — register (PoW), publish (security scan), intent discovery,
double-signed delivery (client-verified), confirm/trust, revoke, env probe.

**Interop** — ingest MCP tools (static + live `tools/list`), A2A Agent Cards, and
LangChain tool descriptors into one trust-scored namespace; OpenAI/Hermes agent
adapter so any function-calling agent can discover→acquire→use capabilities.

**Trust** — Bayesian + activity + decay; sybil-resistant (distinct-confirmer
counting, self-dealing excluded); read-time freshness decay.

**Verifiability** — hash-chained audit log PLUS a Merkle (RFC 6962) transparency
log: inclusion proofs, consistency proofs, and signed tree heads.

**Federation** — mirror a peer node's signed catalog + revocations with origin
provenance at discounted trust.

**Tooling** — Python SDK, zero-dependency JS/TS SDK, `aspl` CLI, formal `SPEC.md`
+ conformance suite (reference node passes 21/21), adversarial test suite.

**Install** — one-click `./install.sh`, `docker compose up`, or `pip install -e .`.

## What's next
- acquisition-proxying for federated capabilities (mirror is discovery-only today)
- true container/seccomp isolation for the smoke probe
- more native framework adapters (CrewAI, AutoGen)
EOF
)"

Step 6: Set Up Branch Protection

# Protect main branch
gh api repos/aspl-protocol/aspl/branches/main/protection \
  --method PUT \
  --field required_status_checks='{"strict":true,"contexts":["test (3.11)"]}' \
  --field enforce_admins=false \
  --field required_pull_request_reviews='{"required_approving_review_count":0}'

Step 7: Verify Everything

# Check repo is live
gh repo view aspl-protocol/aspl

# Check release
gh release view v0.1.0

# Check CI runs
gh run list

After Publishing

  1. Link from websites: Update asplproject.org and agentshop.tech to point to the GitHub repo
  2. PyPI: When ready, pip install build && python -m build && twine upload dist/*
  3. Reddit/HN post: "ASPL: The trust layer MCP and A2A forgot to build"
  4. Dev.to article: Migration guide showing MCP/A2A -> ASPL in 5 minutes