Session State Machine
Nine session states, all valid transitions, timeout behavior, and terminal conditions
Every ASP session follows a deterministic state machine. The current state determines which performatives are valid, and each performative triggers a well-defined transition. Implementations MUST enforce these transitions and MUST reject messages that violate the state machine.
States
ASP defines 9 session states:
| State | Terminal | Description |
|---|---|---|
IDLE | No | No session exists. Initial state before any invitation is sent. |
INVITED | No | An invitation (PROPOSE with type: "session-invitation") has been sent. Awaiting response. |
INTRODUCED | No | Both participants have exchanged identities. Ready for conversation. |
CONVERSING | No | Active negotiation with performative exchange. The core working state. |
AGREEING | No | A COMMIT has been sent. Awaiting ACCEPT, REJECT, or COUNTER. |
EXECUTING | No | A binding agreement has been accepted. Participants are fulfilling obligations. |
ESCALATED | No | Session paused pending intervention from a human or higher authority. |
CLOSED | Yes | Session terminated normally. |
FAILED | Yes | Session terminated abnormally (timeout, unrecoverable error, protocol violation). |
State Diagram
PROPOSE (session-invitation)
IDLE ────────────────────────► INVITED
│
ACCEPT │ + identity exchange
(REJECT) │──────────► FAILED
(timeout)│
▼
INTRODUCED
│
PROPOSE / QUERY │ / INFORM / OBSERVE
│
┌─────────────────────▼──────────────────────┐
│ CONVERSING │
│ │
│ Valid: PROPOSE, COUNTER, INFORM, QUERY, │
│ CLARIFY, OBSERVE, DELEGATE, │
│ WITHDRAW, ESCALATE, CLOSE │
└──────────────────┬─────────────────────────┘
│ ▲
COMMIT │ │ REJECT / COUNTER
│ │
┌──────────────────▼────────────────────┘
│ AGREEING │
│ │
│ Valid: ACCEPT, REJECT, COUNTER, CLARIFY, │
│ ESCALATE, CLOSE │
└──────────────────┬─────────────────────────┘
│
ACCEPT │ (of COMMIT)
│
┌──────────────────▼─────────────────────────┐
│ EXECUTING │
│ │
│ Valid: INFORM (progress/result), QUERY, │
│ ESCALATE, CLOSE │
└──────────────────┬─────────────────────────┘
│
CLOSE │ (after fulfillment)
▼
┌────────────────────────────────────────────┐
│ CLOSED │
└────────────────────────────────────────────┘
Any state ──── ESCALATE ───► ESCALATED ──── resolve ───► Previous state
Any state ──── timeout/error ───► FAILED
Any state ──── WITHDRAW ───► CLOSED
Any state ──── CLOSE ───► CLOSEDTransition Table
The complete set of valid state transitions:
| # | From | To | Trigger | Preconditions |
|---|---|---|---|---|
| 1 | IDLE | INVITED | PROPOSE with type: "session-invitation" | Valid DPoP proof, known recipient, accessible Agent Card |
| 2 | INVITED | INTRODUCED | ACCEPT + both parties exchange INFORM with informType: "identity" | Sender trust score meets recipient threshold, Agent Cards verified |
| 3 | INVITED | FAILED | REJECT, or invitation timeout expires | Rejection includes reason, or timeout exceeded |
| 4 | INTRODUCED | CONVERSING | Any conversational performative (PROPOSE, QUERY, INFORM, OBSERVE) | Both Agent Cards verified, session fully initialized |
| 5 | CONVERSING | AGREEING | COMMIT | Commitment terms well-formed, escrow amount valid (if specified) |
| 6 | CONVERSING | CLOSED | CLOSE | Close reason provided |
| 7 | CONVERSING | ESCALATED | ESCALATE | Reason and urgency provided |
| 8 | CONVERSING | FAILED | Session timeout expires | No response within configured timeout |
| 9 | AGREEING | EXECUTING | ACCEPT of the pending COMMIT | Accepting party acknowledges terms, escrow verified (if required) |
| 10 | AGREEING | CONVERSING | REJECT or COUNTER of the pending COMMIT | Rejection includes reason |
| 11 | EXECUTING | CLOSED | CLOSE after obligations fulfilled | Both parties confirm completion |
| 12 | EXECUTING | ESCALATED | ESCALATE | Reason and urgency provided |
| 13 | EXECUTING | FAILED | Unrecoverable error | Error cannot be resolved through negotiation |
| 14 | ESCALATED | (previous state) | Resolution received | Escalation handler provides resolution |
| 15 | ESCALATED | CLOSED | CLOSE | Escalation resolved with session termination |
| 16 | Any | CLOSED | WITHDRAW | Reason provided |
| 17 | Any | CLOSED | CLOSE | Close reason provided |
| 18 | Any | FAILED | Timeout, protocol violation, hash chain integrity failure | Automatic transition, no message required |
Transition Details
1. IDLE to INVITED
Trigger: PROPOSE with type: "session-invitation"
Actions on transition:
- Generate a new
sessionId(UUID v7) - Create the session communication channel
- Start the invitation timeout (default: 30 seconds)
The invitation MUST include a validUntil field or use the default timeout. If no response is received before the deadline, the session transitions to FAILED.
2. INVITED to INTRODUCED
Trigger: ACCEPT from the target agent, followed by both parties exchanging INFORM with informType: "identity"
Actions on transition:
- Record both agent identities in the session
- Verify Agent Card signatures against published public keys
- Cancel the invitation timeout
3. INTRODUCED to CONVERSING
Trigger: Any conversational performative (PROPOSE, QUERY, INFORM, OBSERVE)
Actions on transition:
- Enable the full set of performatives based on the declared conformance level
- Start the session timeout if configured
4. CONVERSING to AGREEING
Trigger: COMMIT from either participant
Actions on transition:
- Record the pending commitment
- The session awaits ACCEPT, REJECT, COUNTER, or CLARIFY from the other party
- Start the response timeout if
constraints.maxResponseTimeMsis set
5. AGREEING to EXECUTING
Trigger: ACCEPT received on the pending COMMIT
Actions on transition:
- Create a binding agreement record
- Activate escrow if present
- Both parties begin fulfilling obligations
6. AGREEING to CONVERSING
Trigger: REJECT or COUNTER received on the pending COMMIT
Actions on transition:
- Clear the pending commitment
- Return to open negotiation
- If COUNTER was sent, the counter-proposal becomes the active topic
7. EXECUTING to CLOSED
Trigger: INFORM with informType: "result" confirming fulfillment, followed by CLOSE from both parties
Actions on transition:
- Record the session outcome
- Release escrow funds to the appropriate party
- Run the local LEARN phase (implementation step, not a protocol message)
8. Any State to ESCALATED
Trigger: ESCALATE from any participant
Actions on transition:
- Pause the session, preserving the previous state
- Notify the designated escalation handler (human operator, supervisor agent, or organizational authority)
- Start the escalation timeout (default: 3600 seconds)
Resolution: When the escalation is resolved, the session returns to the state it was in before the ESCALATE was sent. If the escalation times out, the session transitions to FAILED.
9. Any State to CLOSED or FAILED
CLOSE: A participant sends CLOSE with a reason. For mutual close, both parties send CLOSE. For unilateral close, one party sends CLOSE with reason: "unilateral".
FAILED: Triggered automatically by timeout expiration, unrecoverable error, or protocol violation (such as a hash chain integrity failure).
A unilateral CLOSE during EXECUTING (before obligations are fulfilled) MAY be treated as a breach, impacting the closing party's trust score.
Allowed Performatives Per State
| State | Allowed Performatives |
|---|---|
| IDLE | PROPOSE (session-invitation only) |
| INVITED | ACCEPT, REJECT |
| INTRODUCED | PROPOSE, QUERY, INFORM, OBSERVE |
| CONVERSING | PROPOSE, ACCEPT, REJECT, COUNTER, INFORM, QUERY, CLARIFY, COMMIT, DELEGATE, OBSERVE, WITHDRAW, ESCALATE, CLOSE |
| AGREEING | ACCEPT, REJECT, COUNTER, CLARIFY, ESCALATE, CLOSE |
| EXECUTING | INFORM (progress, result, error), QUERY, ESCALATE, CLOSE |
| ESCALATED | INFORM (resolution), CLOSE |
| CLOSED | (none) |
| FAILED | (none) |
Implementations MUST reject any performative not listed for the current state. The response SHOULD be a REJECT with the code invalid_state_transition.
Timeout Configuration
| Timeout | Default | Configurable Via | Description |
|---|---|---|---|
| Invitation | 30s | PROPOSE validUntil field | Time to wait for the target to accept or reject |
| Response | None | constraints.maxResponseTimeMs | Maximum time for a response to any message |
| Session | 3600s | PROPOSE terms.proposed_duration | Total session lifetime |
| Escalation | 3600s | ESCALATE timeout field | Time to wait for escalation resolution |
Timeout Behavior
| Timeout | Effect |
|---|---|
| Invitation expires | Session transitions from INVITED to FAILED |
| Response expires | The waiting party MAY send CLOSE or retry |
| Session expires | Session transitions to FAILED with reason: "timeout" |
| Escalation expires | Session transitions from ESCALATED to FAILED |
Terminal States
CLOSED and FAILED are terminal states. No transitions out of these states are permitted. Implementations MUST reject any messages sent to a session in a terminal state.
After a session reaches CLOSED, the LEARN phase runs locally within each participant. This is not a state machine transition or protocol message. It is an internal process where agents update trust scores, record session outcomes, and adjust strategies based on the session results.
Related
Was this page helpful?