Complete, clean, separated from Agent Shop platform.
aspl-protocol/
├── README.md DONE
├── LICENSE DONE (Apache 2.0)
├── CHANGELOG.md DONE
├── GITHUB-PUBLISH.md DONE (step-by-step)
├── .gitignore DONE
├── pyproject.toml DONE
├── aspl/
│ ├── __init__.py DONE
│ ├── server.py DONE (protocol-only, no marketplace)
│ ├── models.py DONE (with source_protocol fields)
│ ├── database.py DONE (with source_protocol, revoked columns)
│ ├── crypto.py DONE
│ ├── trust.py DONE (with compute_imported_trust)
│ ├── intent.py DONE
│ ├── scanner.py DONE
│ ├── pow.py DONE
│ ├── audit.py DONE (with MCP/A2A event types)
│ ├── auth.py DONE
│ ├── ratelimit.py DONE
│ └── adapters/
│ ├── __init__.py DONE
│ ├── mcp.py DONE (full MCP tool -> ASPL converter)
│ └── a2a.py DONE (full A2A card -> ASPL converter)
├── sdk/
│ └── aspl_client.py DONE (with ingest_mcp, ingest_a2a)
├── examples/
│ ├── quickstart.py DONE
│ ├── migrate_from_mcp.py DONE
│ └── migrate_from_a2a.py DONE
├── tests/
│ ├── __init__.py DONE
│ ├── test_trust.py DONE
│ ├── test_scanner.py DONE
│ ├── test_intent.py DONE
│ └── test_adapters.py DONE
├── .github/
│ ├── workflows/tests.yml DONE
│ └── ISSUE_TEMPLATE/
│ ├── bug_report.md DONE
│ └── feature_request.md DONE
- EN/FR with auto language detection
- Protocol/platform clearly separated
- Honest "What We Have / What We Don't" section
- 13-row comparison table vs MCP & A2A
- "1 vs 146" finale
- Contact: hello@agentshop.tech
- MCP adapter BUILT (was only specced before) — converts MCP tools to ASPL capabilities
- A2A adapter BUILT (was only specced before) — converts Agent Cards to passports
- Ingestion endpoints added: POST /v1/ingest/mcp, POST /v1/ingest/a2a
- Revocation added to server (was in spec but not implemented)
- Source tracking: source_protocol + source_ref columns in DB
- Imported trust levels: MCP starts at 0.5, A2A at 0.3
- Test suite created (was missing entirely)
- Protocol separated from marketplace — clean repo, no credit/pricing code
asplproject.orgfor the protocol (aspl.org is taken)agentshop.techfor the platform
- Run tests and fix any failures — 52 tests pass
- Actually publish to GitHub (manual step — need account)
- Update website domain references from aspl.org to asplproject.org
- Memory file updates
- Copy ASPL-SPEC.md to protocol repo (cleaned version) — now
SPEC.md
Code review: fixed 6 real bugs — min_trust discovery gate, deliver rate-limit
bucket key, PoW overclaim (now ASPL_POW_DIFFICULTY-configurable), SQLite
busy_timeout, shop-key file perms, README overclaims. Tests 32 → 52.
New protocol features (all verified live over real HTTP/sockets):
- Hardened scanner (
aspl/scanner.py) — unicode/homoglyph normalization, base64/hex decode-and-rescan, AST analysis, secret detection. Proof tests intests/test_scanner_hardened.py(catches what regex denylist misses). - Environment verification probe (
aspl/probe.py,POST /v1/probe/{cap},/v1/needenv_compatible annotation). - Client-side delivery verification — SDK recomputes content hash + verifies
Ed25519 node signature on every
deliver(). - Agent adapter (
aspl/adapters/agent.py) — OpenAI/Hermes tool schemas + loop;examples/hermes_agent_demo.py. - Revocation push-broadcast (
aspl/events.py, SSE/v1/revocations/stream)- signed pull status-list (
/v1/revocations).
- signed pull status-list (
- Live MCP-over-HTTP ingestion (
POST /v1/ingest/mcp/url, fetch tools/list). - Formal spec (
SPEC.md) + conformance suite (conformance/, reference node passes 15/15). - JS/TS SDK (
sdk-js/) — zero-dep Node client, verifies Ed25519 in JS (cross-language interop proven). - Live LLM agent (P5) —
run_p5_live.py: real DeepSeek drove need→acquire(sig-verified)→confirm via tool calls.
Honest status: moat verdict unchanged — these are the protocol made real and
adoptable, not a defensibility claim. See memory 2026-06-13_aspl-protocol-moat-verdict.
New protocol features (all tested over real HTTP, no mocks):
- Verifiable Merkle transparency log (RFC 6962): inclusion + consistency proofs +
signed tree heads —
aspl/translog.py,GET /v1/log/{sth,proof/inclusion,proof/consistency,leaves}. - Adversarial/red-team:
tests/test_adversarial.py+aspl/redteam.py(aspl-redteam <url>). Found+fixed a real revocation-bypass (deliver now re-checks revocation -> 410). - Sybil-resistant trust: distinct-confirmer counting, self-dealing excluded, read-time decay.
- Cross-node federation + acquisition proxy —
aspl/federation.py,POST /v1/federation/{mirror,acquire/{cap}},federation_peerstable. - LangChain adapter (both directions) +
/v1/ingest/langchain; fullasplCLI. - Live-LLM brain RE-VERIFIED with real DeepSeek (
run_p5_live.py, env-only key).
Packaging / GitHub-prep:
- Configurable
aspl-server(flags+env). One-click install:install.sh(verified), Dockerfile/compose (NOT built — no Docker in sandbox), Makefile,.env.example. - Community files: CONTRIBUTING / SECURITY / CODE_OF_CONDUCT. CI runs conformance.
- README/CHANGELOG/SPEC/website refreshed; website has GitHub + tilelli.tech links; Playwright-verified 0 overflow / 0 console errors at 320/768/1440px EN+FR.
- All 14 commits authored Tilelli LAB hello@tilelli.tech; branch
main; zero Claude/Anthropic in history; no secrets tracked. Builds clean (sdist+wheel). - 91 tests pass; reference node 21/21 CONFORMANT. HEAD =
029886e.
The ONLY remaining step is the GitHub push, which this sandbox CANNOT do (no network route to github.com; needs the user's GitHub auth). To publish, from a networked machine that can see this repo:
cd /workspace/aspl-protocol
git remote add origin git@github.com:TilelliLab/aspl.git # confirm org name
git push -u origin main
Then paste the Description + Topics from this file's publish section into GitHub "About".
Open items awaiting user: (1) confirm repo = TilelliLab/aspl + public/private;
(2) optionally git bundle to move the repo out; (3) Reddit post draft is ready
(in chat) for r/AI_Agents / r/LocalLLaMA. Website GitHub links assume
github.com/TilelliLab/aspl — update if the org differs. Rotate the DeepSeek key
that was pasted in chat.