Skip to content

Latest commit

 

History

History
153 lines (136 loc) · 7.82 KB

File metadata and controls

153 lines (136 loc) · 7.82 KB

ASPL Protocol — Session Checkpoint

Last updated: 2026-04-15

What's DONE

1. Protocol repo created: /workspace/aspl-protocol/

Complete, clean, separated from Agent Shop platform.

2. Files built:

aspl-protocol/
├── README.md                              DONE
├── LICENSE                                DONE (Apache 2.0)
├── CHANGELOG.md                           DONE
├── GITHUB-PUBLISH.md                      DONE (step-by-step)
├── .gitignore                             DONE
├── pyproject.toml                         DONE
├── aspl/
│   ├── __init__.py                        DONE
│   ├── server.py                          DONE (protocol-only, no marketplace)
│   ├── models.py                          DONE (with source_protocol fields)
│   ├── database.py                        DONE (with source_protocol, revoked columns)
│   ├── crypto.py                          DONE
│   ├── trust.py                           DONE (with compute_imported_trust)
│   ├── intent.py                          DONE
│   ├── scanner.py                         DONE
│   ├── pow.py                             DONE
│   ├── audit.py                           DONE (with MCP/A2A event types)
│   ├── auth.py                            DONE
│   ├── ratelimit.py                       DONE
│   └── adapters/
│       ├── __init__.py                    DONE
│       ├── mcp.py                         DONE (full MCP tool -> ASPL converter)
│       └── a2a.py                         DONE (full A2A card -> ASPL converter)
├── sdk/
│   └── aspl_client.py                     DONE (with ingest_mcp, ingest_a2a)
├── examples/
│   ├── quickstart.py                      DONE
│   ├── migrate_from_mcp.py               DONE
│   └── migrate_from_a2a.py               DONE
├── tests/
│   ├── __init__.py                        DONE
│   ├── test_trust.py                      DONE
│   ├── test_scanner.py                    DONE
│   ├── test_intent.py                     DONE
│   └── test_adapters.py                   DONE
├── .github/
│   ├── workflows/tests.yml                DONE
│   └── ISSUE_TEMPLATE/
│       ├── bug_report.md                  DONE
│       └── feature_request.md             DONE

3. Website built: /workspace/test-projects/agent-shop/website-unified/index.html

  • EN/FR with auto language detection
  • Protocol/platform clearly separated
  • Honest "What We Have / What We Don't" section
  • 13-row comparison table vs MCP & A2A
  • "1 vs 146" finale
  • Contact: hello@agentshop.tech

4. Key improvements over original Agent Shop code:

  • MCP adapter BUILT (was only specced before) — converts MCP tools to ASPL capabilities
  • A2A adapter BUILT (was only specced before) — converts Agent Cards to passports
  • Ingestion endpoints added: POST /v1/ingest/mcp, POST /v1/ingest/a2a
  • Revocation added to server (was in spec but not implemented)
  • Source tracking: source_protocol + source_ref columns in DB
  • Imported trust levels: MCP starts at 0.5, A2A at 0.3
  • Test suite created (was missing entirely)
  • Protocol separated from marketplace — clean repo, no credit/pricing code

5. Domain recommendation:

  • asplproject.org for the protocol (aspl.org is taken)
  • agentshop.tech for the platform

What's NOT done / still to do:

  • Run tests and fix any failures — 52 tests pass
  • Actually publish to GitHub (manual step — need account)
  • Update website domain references from aspl.org to asplproject.org
  • Memory file updates
  • Copy ASPL-SPEC.md to protocol repo (cleaned version) — now SPEC.md

2026-06-13 session — code review + protocol pushed further

Code review: fixed 6 real bugs — min_trust discovery gate, deliver rate-limit bucket key, PoW overclaim (now ASPL_POW_DIFFICULTY-configurable), SQLite busy_timeout, shop-key file perms, README overclaims. Tests 32 → 52.

New protocol features (all verified live over real HTTP/sockets):

  • Hardened scanner (aspl/scanner.py) — unicode/homoglyph normalization, base64/hex decode-and-rescan, AST analysis, secret detection. Proof tests in tests/test_scanner_hardened.py (catches what regex denylist misses).
  • Environment verification probe (aspl/probe.py, POST /v1/probe/{cap}, /v1/need env_compatible annotation).
  • Client-side delivery verification — SDK recomputes content hash + verifies Ed25519 node signature on every deliver().
  • Agent adapter (aspl/adapters/agent.py) — OpenAI/Hermes tool schemas + loop; examples/hermes_agent_demo.py.
  • Revocation push-broadcast (aspl/events.py, SSE /v1/revocations/stream)
    • signed pull status-list (/v1/revocations).
  • Live MCP-over-HTTP ingestion (POST /v1/ingest/mcp/url, fetch tools/list).
  • Formal spec (SPEC.md) + conformance suite (conformance/, reference node passes 15/15).
  • JS/TS SDK (sdk-js/) — zero-dep Node client, verifies Ed25519 in JS (cross-language interop proven).
  • Live LLM agent (P5)run_p5_live.py: real DeepSeek drove need→acquire(sig-verified)→confirm via tool calls.

Honest status: moat verdict unchanged — these are the protocol made real and adoptable, not a defensibility claim. See memory 2026-06-13_aspl-protocol-moat-verdict.


2026-06-14 session — capabilities, packaging, website, GitHub-prep

New protocol features (all tested over real HTTP, no mocks):

  • Verifiable Merkle transparency log (RFC 6962): inclusion + consistency proofs + signed tree heads — aspl/translog.py, GET /v1/log/{sth,proof/inclusion,proof/consistency,leaves}.
  • Adversarial/red-team: tests/test_adversarial.py + aspl/redteam.py (aspl-redteam <url>). Found+fixed a real revocation-bypass (deliver now re-checks revocation -> 410).
  • Sybil-resistant trust: distinct-confirmer counting, self-dealing excluded, read-time decay.
  • Cross-node federation + acquisition proxyaspl/federation.py, POST /v1/federation/{mirror,acquire/{cap}}, federation_peers table.
  • LangChain adapter (both directions) + /v1/ingest/langchain; full aspl CLI.
  • Live-LLM brain RE-VERIFIED with real DeepSeek (run_p5_live.py, env-only key).

Packaging / GitHub-prep:

  • Configurable aspl-server (flags+env). One-click install: install.sh (verified), Dockerfile/compose (NOT built — no Docker in sandbox), Makefile, .env.example.
  • Community files: CONTRIBUTING / SECURITY / CODE_OF_CONDUCT. CI runs conformance.
  • README/CHANGELOG/SPEC/website refreshed; website has GitHub + tilelli.tech links; Playwright-verified 0 overflow / 0 console errors at 320/768/1440px EN+FR.
  • All 14 commits authored Tilelli LAB hello@tilelli.tech; branch main; zero Claude/Anthropic in history; no secrets tracked. Builds clean (sdist+wheel).
  • 91 tests pass; reference node 21/21 CONFORMANT. HEAD = 029886e.

>>> RESUME HERE (next session)

The ONLY remaining step is the GitHub push, which this sandbox CANNOT do (no network route to github.com; needs the user's GitHub auth). To publish, from a networked machine that can see this repo:

cd /workspace/aspl-protocol
git remote add origin git@github.com:TilelliLab/aspl.git   # confirm org name
git push -u origin main

Then paste the Description + Topics from this file's publish section into GitHub "About". Open items awaiting user: (1) confirm repo = TilelliLab/aspl + public/private; (2) optionally git bundle to move the repo out; (3) Reddit post draft is ready (in chat) for r/AI_Agents / r/LocalLLaMA. Website GitHub links assume github.com/TilelliLab/aspl — update if the org differs. Rotate the DeepSeek key that was pasted in chat.