Nothing here is automated and nothing has been pushed. This repo is already a local git repository with full history on branch
main, every commit authored by Tilelli LAB <hello@tilelli.tech>.The build sandbox has NO network access to GitHub, so the push must be run from a machine that can both reach github.com and see this repo (your own terminal). Target:
TilelliLab/aspl(adjust if you use a different org).
Description (≤350 chars):
The trust & supply-chain layer for AI agents — sits above MCP and A2A. Ed25519 identity, sybil-resistant trust scoring, double-signed delivery, a Merkle transparency log, cross-node federation, and MCP/A2A/LangChain adapters. Apache-2.0.
Website: https://tilelli.tech
Topics: ai-agents agentic-ai mcp model-context-protocol a2a llm
agent-protocol trust reputation supply-chain-security ed25519
transparency-log merkle-tree federation langchain python fastapi
security cryptography open-protocol
- GitHub account
gitandgh(GitHub CLI) installed- SSH key or personal access token configured
- Git identity already set in this repo:
git config user.name # -> Tilelli LAB git config user.email # -> hello@tilelli.tech
# Create the org "aspl-protocol" on GitHub
# Go to: https://github.com/organizations/plan
# Choose: Free plan
# Org name: aspl-protocol
# Contact email: hello@tilelli.tech# Using GitHub CLI
gh repo create aspl-protocol/aspl \
--public \
--description "The trust & supply-chain layer for AI agents — sits above MCP and A2A. Ed25519 identity, sybil-resistant trust, signed delivery, Merkle transparency log, federation, MCP/A2A/LangChain adapters." \
--license apache-2.0
# Or create manually at: https://github.com/new
# Owner: aspl-protocol
# Name: aspl
# Public
# No README (we have our own)
# License: Apache 2.0The repo already has a full commit history as Tilelli LAB — no git init or first
commit needed. Just point it at your new remote and push.
cd /workspace/aspl-protocol
git branch -M main # if not already on main
git remote add origin git@github.com:aspl-protocol/aspl.git # <- your org/repo
# Review what you're about to publish first:
git log --oneline
git status
# Push only when you're ready (this is the irreversible, outward step):
git push -u origin main# Add topics for discoverability
gh repo edit TilelliLab/aspl \
--add-topic "ai-agents" --add-topic "agentic-ai" --add-topic "mcp" \
--add-topic "model-context-protocol" --add-topic "a2a" --add-topic "llm" \
--add-topic "agent-protocol" --add-topic "trust" --add-topic "reputation" \
--add-topic "supply-chain-security" --add-topic "ed25519" --add-topic "transparency-log" \
--add-topic "merkle-tree" --add-topic "federation" --add-topic "langchain" \
--add-topic "python" --add-topic "fastapi" --add-topic "security" \
--add-topic "cryptography" --add-topic "open-protocol"
# Enable issues
gh repo edit aspl-protocol/aspl --enable-issues
# Enable discussions
gh repo edit aspl-protocol/aspl --enable-discussions# Tag the release
git tag -a v0.1.0 -m "ASPL v0.1.0 — First public release"
git push origin v0.1.0
# Create GitHub release
gh release create v0.1.0 \
--title "ASPL v0.1.0 — The Trust Layer for Autonomous Agents" \
--notes "$(cat <<'EOF'
## What's in this release
**Core protocol** — register (PoW), publish (security scan), intent discovery,
double-signed delivery (client-verified), confirm/trust, revoke, env probe.
**Interop** — ingest MCP tools (static + live `tools/list`), A2A Agent Cards, and
LangChain tool descriptors into one trust-scored namespace; OpenAI/Hermes agent
adapter so any function-calling agent can discover→acquire→use capabilities.
**Trust** — Bayesian + activity + decay; sybil-resistant (distinct-confirmer
counting, self-dealing excluded); read-time freshness decay.
**Verifiability** — hash-chained audit log PLUS a Merkle (RFC 6962) transparency
log: inclusion proofs, consistency proofs, and signed tree heads.
**Federation** — mirror a peer node's signed catalog + revocations with origin
provenance at discounted trust.
**Tooling** — Python SDK, zero-dependency JS/TS SDK, `aspl` CLI, formal `SPEC.md`
+ conformance suite (reference node passes 21/21), adversarial test suite.
**Install** — one-click `./install.sh`, `docker compose up`, or `pip install -e .`.
## What's next
- acquisition-proxying for federated capabilities (mirror is discovery-only today)
- true container/seccomp isolation for the smoke probe
- more native framework adapters (CrewAI, AutoGen)
EOF
)"# Protect main branch
gh api repos/aspl-protocol/aspl/branches/main/protection \
--method PUT \
--field required_status_checks='{"strict":true,"contexts":["test (3.11)"]}' \
--field enforce_admins=false \
--field required_pull_request_reviews='{"required_approving_review_count":0}'# Check repo is live
gh repo view aspl-protocol/aspl
# Check release
gh release view v0.1.0
# Check CI runs
gh run list- Link from websites: Update asplproject.org and agentshop.tech to point to the GitHub repo
- PyPI: When ready,
pip install build && python -m build && twine upload dist/* - Reddit/HN post: "ASPL: The trust layer MCP and A2A forgot to build"
- Dev.to article: Migration guide showing MCP/A2A -> ASPL in 5 minutes