Overview
What ASP is, why it exists, and what problems it solves
The Agent Session Protocol (ASP) is an open protocol for structured, trust-verified conversations between autonomous agents. It defines session lifecycle, negotiation semantics, quantitative trust scoring, and binding commitments. ASP fills the session and presentation layers (OSI Layers 5-6) that existing agent protocols leave unaddressed.
The problem
Two protocols dominate agent communication today. MCP (Model Context Protocol) gives agents access to tools on remote systems. A2A (Agent-to-Agent Protocol) lets agents delegate tasks to each other. Both operate at Layer 7 of the OSI model, handling application-level concerns.
But ten critical concerns remain unaddressed by either protocol:
| # | Concern | Question |
|---|---|---|
| 1 | Session management | How do agents establish, maintain, and tear down structured conversations? |
| 2 | Turn-taking | How is message ordering guaranteed in multi-turn exchanges? |
| 3 | Trust verification | How does one agent determine whether another is reliable? |
| 4 | Negotiation semantics | How do agents propose, counter, accept, or reject terms? |
| 5 | Context sharing | How is conversational context maintained across message boundaries? |
| 6 | Economic safeguards | How are resource limits and cost boundaries enforced? |
| 7 | Conversation integrity | How can participants verify that messages have not been altered or reordered? |
| 8 | Multi-party coordination | How do more than two agents participate in a single conversation? |
| 9 | Graceful degradation | What happens when an agent fails or a conversation stalls? |
| 10 | Learning | How do agents improve from past conversations? |
These are not application-layer problems. They belong to OSI Layers 5 and 6: session management and data representation. No existing agent protocol addresses them.
The gap in the stack
The agent communication stack has coverage at the top and bottom, but nothing in the middle.
| OSI Layer | Coverage | Protocol |
|---|---|---|
| Layer 7 (Application) | Covered | MCP (tools), A2A (tasks) |
| Layers 5-6 (Session + Presentation) | Missing | ASP fills this gap |
| Layers 1-4 (Transport) | Covered | npayload (reliable messaging) |
Layer 7 handles tools and tasks. Layers 1-4 handle reliable delivery. But no protocol existed for the session layer between them. ASP fills that gap.
ASP is not a replacement for MCP or A2A. It is the session layer that makes them work together in multi-turn, trust-verified conversations. Think of it as the protocol that wraps around tool calls and task delegations to give them structure, accountability, and trust.
What ASP provides
ASP addresses each of the ten unaddressed concerns with a concrete mechanism.
| Concern | ASP mechanism | How it works |
|---|---|---|
| Session management | Eight-phase lifecycle | Sessions progress through DISCOVERY, NEGOTIATION, TRUST_ASSESSMENT, COMMITMENT, EXECUTION, VERIFICATION, LEARNING, and CLOSURE with explicit state transitions |
| Turn-taking | Sequence-numbered messages | Every message carries a sequence number and references its parent, establishing causal ordering |
| Trust verification | Eight-component trust model | Trust is computed from observed behaviour across reliability, latency, accuracy, compliance, security, availability, reputation, and history |
| Negotiation semantics | Thirteen performatives | Speech-act messages (PROPOSE, ACCEPT, REJECT, COUNTER, INFORM, QUERY, CLARIFY, COMMIT, DELEGATE, ESCALATE, WITHDRAW, OBSERVE, CLOSE) define what each message does |
| Context sharing | Typed context objects | Structured context data is attached to sessions and individual messages, preserved across the full conversation |
| Economic safeguards | Token budgets with escrow | Agents declare spending limits. Tokens can be held in escrow until commitments are fulfilled. Overspend is prevented at the protocol level |
| Conversation integrity | SHA-256 hash chain | Each message includes a hash of the previous message, forming a tamper-evident chain. Ed25519 signatures bind each message to its author |
| Multi-party coordination | N-party sessions | Sessions support any number of participants with role-based access (initiator, responder, observer) |
| Graceful degradation | ESCALATE performative | When autonomous resolution fails, agents can escalate to a human operator with full session context preserved |
| Learning | LEARN phase | After a session closes, agents record patterns: effective negotiation strategies, reliable counterparties, successful terms |
Relationship to npayload
ASP is a protocol. npayload is the transport that carries it.
The relationship mirrors SIP and TCP. SIP (Session Initiation Protocol) defines how voice calls are established, maintained, and terminated, but SIP does not deliver packets. It relies on TCP or UDP for that. Similarly, ASP defines how agent sessions are structured, but it relies on npayload for reliable message delivery, encryption, and cross-region routing.
In practice, ASP sessions map to npayload constructs:
| ASP concept | npayload construct | Purpose |
|---|---|---|
| Session | Channel | Each session creates a dedicated channel for message exchange |
| Performative message | Published message | ASP messages are published to the session's channel |
| Delivery guarantee | Subscription + DLQ | npayload handles retries, dead-letter queues, and exactly-once delivery |
| Cross-region session | Cross-instance channel | Sessions that span regions use npayload's built-in replication |
| Audit trail | Message history | npayload retains the complete message history for verification |
While npayload is the primary transport binding, ASP is transport-agnostic by design. HTTP/SSE and WebSocket bindings also exist for environments where npayload is not available. See Transports for details.
How ASP works with MCP and A2A
ASP does not replace MCP or A2A. It wraps around them. The session is the container; the tools and tasks are the actions within it.
Here is a typical multi-protocol interaction:
Discover capabilities
Agent A opens an ASP session with Agent B. Both agents share capability descriptors, including what tools they expose (via MCP) and what tasks they can handle (via A2A). Session parameters are established: timeout duration, maximum turns, trust thresholds.
Discover tools
Within the ASP session context, Agent A uses MCP to call tools/list on Agent B. This returns the available tools: check_inventory, get_pricing, create_order. The ASP session provides the trust context for this discovery.
Negotiate terms
Agent A sends an ASP PROPOSE performative with terms: 1,000 units at $12.50 each, delivery within 5 business days, 2% penalty per day for late delivery. Agent B can ACCEPT, REJECT, or send a COUNTER with modified terms.
Execute with delegation
After both agents reach agreement, Agent A delegates order execution to Agent B using A2A. The A2A task references the ASP session ID and commitment ID, binding the execution to the negotiated terms.
Verify and close
Agent A verifies the result through the ASP session. Trust scores are updated based on whether commitments were fulfilled. The session enters the LEARN phase (agents record what worked), then closes.
Each protocol handles what it does best:
| Protocol | Role | Question it answers |
|---|---|---|
| MCP | Tool discovery and invocation | "What can you do?" |
| A2A | Task delegation and lifecycle | "Please do this." |
| ASP | Session, trust, and commitments | "Under what terms, with what trust, and with what guarantees?" |
The ASP advantage
Without ASP, agent interactions are ad-hoc. Trust is either hardcoded or absent. Negotiations happen in unstructured text. Commitments are implicit. When something goes wrong, there is no structured escalation path and no audit trail.
- Trust is binary: you either allow an agent or you do not
- Negotiations happen in natural language with no formal structure
- Commitments exist only as text in chat history
- No mechanism to penalise broken promises
- Multi-agent conversations have no turn-taking guarantees
- When an agent fails, the conversation is lost
- No learning from past interactions
- Trust is quantitative, computed from eight behavioural dimensions
- Negotiations use formal performatives with machine-parseable terms
- Commitments are binding protocol objects with deadlines and penalties
- Economic mechanisms (escrow, penalties) enforce accountability
- Sequence-numbered messages guarantee ordering in any group size
- ESCALATE transfers full context to a human operator
- LEARN phase captures patterns for future improvement
Next steps
Was this page helpful?