diff --git a/.changeset/bump-adcp-3.0.9.md b/.changeset/bump-adcp-3.0.9.md new file mode 100644 index 000000000..69c1e1526 --- /dev/null +++ b/.changeset/bump-adcp-3.0.9.md @@ -0,0 +1,33 @@ +--- +'@adcp/sdk': patch +--- + +chore: bump AdCP pin to 3.0.9 + +Pulls AdCP v3.0.9 into the schema cache and adds it to +`COMPATIBLE_ADCP_VERSIONS`. Patch bump because v3.0.9 is description-only: + +- **adcp#4302** — propagates the existing `list_accounts` / `sync_accounts` + account-discovery MUST from `required-tasks.mdx` into `accounts/overview.mdx`. + Restates the existing requirement in the surface-level overview where + implementors look first; no wire shape change. Filed against + adcp-client#1624 (storyboard rubric for missing-account-tool fail) which + is now unblocked at the spec level. +- HMAC-as-recommended framing fix in `reporting-webhook.json`, + `auth-scheme.json`, and `create-media-buy-request.json`'s `artifact_webhook`; + RFC 9421 default guidance added to `call-adcp-agent` SKILL.md. Description + text only — generated `tools.generated.ts` / `core.generated.ts` reflect + the updated docstrings. + +Generated file diffs are limited to: +- `Source:` path bumps from `schemas/cache/3.0.8/` to `schemas/cache/3.0.9/` + in `entity-hydration.generated.ts`, `wire-spec-fields.generated.ts`. +- Description-only updates to `core.generated.ts`, `manifest.generated.ts`, + `tools.generated.ts` reflecting the legacy-auth deprecation framing fixes. + +No behavior change. No test updates required (1600+ existing tests pass +unchanged against the 3.0.9 cache). + +Unblocks adcp-client#1624 (the storyboard runner can now cite v3.0.9 +normative language for the universal account-discovery requirement when +the runner.ts:936 fix lands). diff --git a/ADCP_VERSION b/ADCP_VERSION index 67786e246..747457c6d 100644 --- a/ADCP_VERSION +++ b/ADCP_VERSION @@ -1 +1 @@ -3.0.8 +3.0.9 diff --git a/package.json b/package.json index 4029310d9..7e312c257 100644 --- a/package.json +++ b/package.json @@ -361,5 +361,5 @@ }, "minimatch": "^10.2.1" }, - "adcp_version": "3.0.8" + "adcp_version": "3.0.9" } diff --git a/src/lib/server/decisioning/runtime/entity-hydration.generated.ts b/src/lib/server/decisioning/runtime/entity-hydration.generated.ts index 8b784c7f7..c3329bd7f 100644 --- a/src/lib/server/decisioning/runtime/entity-hydration.generated.ts +++ b/src/lib/server/decisioning/runtime/entity-hydration.generated.ts @@ -1,6 +1,6 @@ // Generated entity-hydration field map — do NOT edit by hand // -// Source: `schemas/cache/3.0.8/manifest.json` + per-tool request +// Source: `schemas/cache/3.0.9/manifest.json` + per-tool request // schemas. Every top-level `x-entity`-tagged string field on a request // schema lands here. The runtime hydrator (`from-platform.ts` → // `hydrateForTool`) walks this map plus the hand-curated diff --git a/src/lib/server/wire-spec-fields.generated.ts b/src/lib/server/wire-spec-fields.generated.ts index 1f5877113..7f660e97f 100644 --- a/src/lib/server/wire-spec-fields.generated.ts +++ b/src/lib/server/wire-spec-fields.generated.ts @@ -1,6 +1,6 @@ // AUTO-GENERATED by scripts/generate-wire-spec-fields.ts. DO NOT EDIT. -// Source: schemas/cache/3.0.8/**/*-request.json -// Generated at: 2026-05-08T15:47:26.705Z +// Source: schemas/cache/3.0.9/**/*-request.json +// Generated at: 2026-05-10T10:32:36.701Z import type { AcquireRightsRequest, @@ -53,147 +53,147 @@ import type { * pollution or shared-state mutation of the allowlist. */ export const WIRE_SPEC_FIELDS = Object.freeze({ - /** schemas/cache/3.0.8/brand/acquire-rights-request.json */ + /** schemas/cache/3.0.9/brand/acquire-rights-request.json */ AcquireRightsRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","buyer","campaign","context","ext","idempotency_key","pricing_option_id","push_notification_config","revocation_webhook","rights_id"]) as readonly string[], __type: null as unknown as AcquireRightsRequest, }), - /** schemas/cache/3.0.8/signals/activate-signal-request.json */ + /** schemas/cache/3.0.9/signals/activate-signal-request.json */ ActivateSignalRequest: Object.freeze({ fields: Object.freeze(["account","action","adcp_major_version","context","destinations","ext","idempotency_key","pricing_option_id","signal_agent_segment_id"]) as readonly string[], __type: null as unknown as ActivateSignalRequest, }), - /** schemas/cache/3.0.8/media-buy/build-creative-request.json */ + /** schemas/cache/3.0.9/media-buy/build-creative-request.json */ BuildCreativeRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","brand","concept_id","context","creative_id","creative_manifest","ext","idempotency_key","include_preview","item_limit","macro_values","media_buy_id","message","package_id","preview_inputs","preview_output_format","preview_quality","quality","target_format_id","target_format_ids"]) as readonly string[], __type: null as unknown as BuildCreativeRequest, }), - /** schemas/cache/3.0.8/content-standards/calibrate-content-request.json */ + /** schemas/cache/3.0.9/content-standards/calibrate-content-request.json */ CalibrateContentRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","artifact","context","ext","idempotency_key","standards_id"]) as readonly string[], __type: null as unknown as CalibrateContentRequest, }), - /** schemas/cache/3.0.8/collection/create-collection-list-request.json */ + /** schemas/cache/3.0.9/collection/create-collection-list-request.json */ CreateCollectionListRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","base_collections","brand","context","description","ext","filters","idempotency_key","name"]) as readonly string[], __type: null as unknown as CreateCollectionListRequest, }), - /** schemas/cache/3.0.8/content-standards/create-content-standards-request.json */ + /** schemas/cache/3.0.9/content-standards/create-content-standards-request.json */ CreateContentStandardsRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","calibration_exemplars","context","ext","idempotency_key","policies","registry_policy_ids","scope"]) as readonly string[], __type: null as unknown as CreateContentStandardsRequest, }), - /** schemas/cache/3.0.8/media-buy/create-media-buy-request.json */ + /** schemas/cache/3.0.9/media-buy/create-media-buy-request.json */ CreateMediaBuyRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","advertiser_industry","agency_estimate_number","artifact_webhook","brand","context","end_time","ext","idempotency_key","invoice_recipient","io_acceptance","packages","plan_id","po_number","proposal_id","push_notification_config","reporting_webhook","start_time","total_budget"]) as readonly string[], __type: null as unknown as CreateMediaBuyRequest, }), - /** schemas/cache/3.0.8/property/create-property-list-request.json */ + /** schemas/cache/3.0.9/property/create-property-list-request.json */ CreatePropertyListRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","base_properties","brand","context","description","ext","filters","idempotency_key","name"]) as readonly string[], __type: null as unknown as CreatePropertyListRequest, }), - /** schemas/cache/3.0.8/collection/delete-collection-list-request.json */ + /** schemas/cache/3.0.9/collection/delete-collection-list-request.json */ DeleteCollectionListRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","context","ext","idempotency_key","list_id"]) as readonly string[], __type: null as unknown as DeleteCollectionListRequest, }), - /** schemas/cache/3.0.8/property/delete-property-list-request.json */ + /** schemas/cache/3.0.9/property/delete-property-list-request.json */ DeletePropertyListRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","context","ext","idempotency_key","list_id"]) as readonly string[], __type: null as unknown as DeletePropertyListRequest, }), - /** schemas/cache/3.0.8/media-buy/get-media-buy-delivery-request.json */ + /** schemas/cache/3.0.9/media-buy/get-media-buy-delivery-request.json */ GetMediaBuyDeliveryRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","attribution_window","context","end_date","ext","include_package_daily_breakdown","media_buy_ids","reporting_dimensions","start_date","status_filter"]) as readonly string[], __type: null as unknown as GetMediaBuyDeliveryRequest, }), - /** schemas/cache/3.0.8/media-buy/log-event-request.json */ + /** schemas/cache/3.0.9/media-buy/log-event-request.json */ LogEventRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","context","event_source_id","events","ext","idempotency_key","test_event_code"]) as readonly string[], __type: null as unknown as LogEventRequest, }), - /** schemas/cache/3.0.8/media-buy/provide-performance-feedback-request.json */ + /** schemas/cache/3.0.9/media-buy/provide-performance-feedback-request.json */ ProvidePerformanceFeedbackRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","context","creative_id","ext","feedback_source","idempotency_key","measurement_period","media_buy_id","metric_type","package_id","performance_index"]) as readonly string[], __type: null as unknown as ProvidePerformanceFeedbackRequest, }), - /** schemas/cache/3.0.8/governance/report-plan-outcome-request.json */ + /** schemas/cache/3.0.9/governance/report-plan-outcome-request.json */ ReportPlanOutcomeRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","check_id","context","delivery","error","ext","governance_context","idempotency_key","outcome","plan_id","purchase_type","seller_response"]) as readonly string[], __type: null as unknown as ReportPlanOutcomeRequest, }), - /** schemas/cache/3.0.8/account/report-usage-request.json */ + /** schemas/cache/3.0.9/account/report-usage-request.json */ ReportUsageRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","context","ext","idempotency_key","reporting_period","usage"]) as readonly string[], __type: null as unknown as ReportUsageRequest, }), - /** schemas/cache/3.0.8/sponsored-intelligence/si-initiate-session-request.json */ + /** schemas/cache/3.0.9/sponsored-intelligence/si-initiate-session-request.json */ SIInitiateSessionRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","context","ext","idempotency_key","identity","intent","media_buy_id","offering_id","offering_token","placement","supported_capabilities"]) as readonly string[], __type: null as unknown as SIInitiateSessionRequest, }), - /** schemas/cache/3.0.8/sponsored-intelligence/si-send-message-request.json */ + /** schemas/cache/3.0.9/sponsored-intelligence/si-send-message-request.json */ SISendMessageRequest: Object.freeze({ fields: Object.freeze(["action_response","adcp_major_version","context","ext","idempotency_key","message","session_id"]) as readonly string[], __type: null as unknown as SISendMessageRequest, }), - /** schemas/cache/3.0.8/account/sync-accounts-request.json */ + /** schemas/cache/3.0.9/account/sync-accounts-request.json */ SyncAccountsRequest: Object.freeze({ fields: Object.freeze(["accounts","adcp_major_version","context","delete_missing","dry_run","ext","idempotency_key","push_notification_config"]) as readonly string[], __type: null as unknown as SyncAccountsRequest, }), - /** schemas/cache/3.0.8/media-buy/sync-audiences-request.json */ + /** schemas/cache/3.0.9/media-buy/sync-audiences-request.json */ SyncAudiencesRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","audiences","context","delete_missing","ext","idempotency_key"]) as readonly string[], __type: null as unknown as SyncAudiencesRequest, }), - /** schemas/cache/3.0.8/media-buy/sync-catalogs-request.json */ + /** schemas/cache/3.0.9/media-buy/sync-catalogs-request.json */ SyncCatalogsRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","catalog_ids","catalogs","context","delete_missing","dry_run","ext","idempotency_key","push_notification_config","validation_mode"]) as readonly string[], __type: null as unknown as SyncCatalogsRequest, }), - /** schemas/cache/3.0.8/creative/sync-creatives-request.json */ + /** schemas/cache/3.0.9/creative/sync-creatives-request.json */ SyncCreativesRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","assignments","context","creative_ids","creatives","delete_missing","dry_run","ext","idempotency_key","push_notification_config","validation_mode"]) as readonly string[], __type: null as unknown as SyncCreativesRequest, }), - /** schemas/cache/3.0.8/media-buy/sync-event-sources-request.json */ + /** schemas/cache/3.0.9/media-buy/sync-event-sources-request.json */ SyncEventSourcesRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","context","delete_missing","event_sources","ext","idempotency_key"]) as readonly string[], __type: null as unknown as SyncEventSourcesRequest, }), - /** schemas/cache/3.0.8/account/sync-governance-request.json */ + /** schemas/cache/3.0.9/account/sync-governance-request.json */ SyncGovernanceRequest: Object.freeze({ fields: Object.freeze(["accounts","adcp_major_version","context","ext","idempotency_key"]) as readonly string[], __type: null as unknown as SyncGovernanceRequest, }), - /** schemas/cache/3.0.8/governance/sync-plans-request.json */ + /** schemas/cache/3.0.9/governance/sync-plans-request.json */ SyncPlansRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","context","ext","idempotency_key","plans"]) as readonly string[], __type: null as unknown as SyncPlansRequest, }), - /** schemas/cache/3.0.8/collection/update-collection-list-request.json */ + /** schemas/cache/3.0.9/collection/update-collection-list-request.json */ UpdateCollectionListRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","base_collections","brand","context","description","ext","filters","idempotency_key","list_id","name","webhook_url"]) as readonly string[], __type: null as unknown as UpdateCollectionListRequest, }), - /** schemas/cache/3.0.8/content-standards/update-content-standards-request.json */ + /** schemas/cache/3.0.9/content-standards/update-content-standards-request.json */ UpdateContentStandardsRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","calibration_exemplars","context","ext","idempotency_key","policies","registry_policy_ids","scope","standards_id"]) as readonly string[], __type: null as unknown as UpdateContentStandardsRequest, }), - /** schemas/cache/3.0.8/media-buy/update-media-buy-request.json */ + /** schemas/cache/3.0.9/media-buy/update-media-buy-request.json */ UpdateMediaBuyRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","canceled","cancellation_reason","context","end_time","ext","idempotency_key","invoice_recipient","media_buy_id","new_packages","packages","paused","push_notification_config","reporting_webhook","revision","start_time"]) as readonly string[], __type: null as unknown as UpdateMediaBuyRequest, }), - /** schemas/cache/3.0.8/property/update-property-list-request.json */ + /** schemas/cache/3.0.9/property/update-property-list-request.json */ UpdatePropertyListRequest: Object.freeze({ fields: Object.freeze(["account","adcp_major_version","base_properties","brand","context","description","ext","filters","idempotency_key","list_id","name","webhook_url"]) as readonly string[], __type: null as unknown as UpdatePropertyListRequest, }), - /** schemas/cache/3.0.8/brand/update-rights-request.json */ + /** schemas/cache/3.0.9/brand/update-rights-request.json */ UpdateRightsRequest: Object.freeze({ fields: Object.freeze(["adcp_major_version","context","end_date","ext","idempotency_key","impression_cap","paused","pricing_option_id","push_notification_config","rights_id"]) as readonly string[], __type: null as unknown as UpdateRightsRequest, diff --git a/src/lib/types/core.generated.ts b/src/lib/types/core.generated.ts index 29f931f1f..756ed7ec7 100644 --- a/src/lib/types/core.generated.ts +++ b/src/lib/types/core.generated.ts @@ -1,5 +1,5 @@ -// Generated AdCP core types from official schemas v3.0.8 -// Generated at: 2026-05-08T15:47:18.429Z +// Generated AdCP core types from official schemas v3.0.9 +// Generated at: 2026-05-10T10:33:36.437Z // MEDIA-BUY SCHEMA /** @@ -5581,7 +5581,7 @@ export interface A2UIUserAction { // brand/acquire-rights-request.json /** - * Authentication schemes for push notification endpoints + * Legacy authentication schemes for the webhook auth block. Bearer: token sent in Authorization header. HMAC-SHA256: legacy shared-secret signing. Both are deprecated; new integrations SHOULD omit the authentication block and use the RFC 9421 webhook signing profile (applicable on schemas where authentication is optional). Removed in AdCP 4.0. */ export type AuthenticationScheme = 'Bearer' | 'HMAC-SHA256'; @@ -9613,15 +9613,15 @@ export interface CreateMediaBuyRequest { */ token?: string; /** - * Authentication configuration for webhook delivery (A2A-compatible) + * Legacy authentication configuration for webhook delivery (A2A-compatible). Opts the receiver into Bearer or HMAC-SHA256 signing. Both schemes are deprecated; the preferred signing profile for new integrations is RFC 9421, where the seller signs with a key published at its brand.json agents[] entry and the buyer verifies against the seller's JWKS — no shared secret crosses the wire (see docs/building/implementation/security.mdx#webhook-callbacks). This field is required in AdCP 3.x; the requirement is removed in AdCP 4.0 when the default RFC 9421 path becomes the only path. */ authentication: { /** - * Array of authentication schemes. Supported: ['Bearer'] for simple token auth, ['HMAC-SHA256'] for signature verification (recommended for production) + * Array of authentication schemes. ['Bearer'] for simple token auth, ['HMAC-SHA256'] for legacy shared-secret signing. Both are deprecated; new integrations SHOULD use the RFC 9421 webhook signing profile instead. */ schemes: AuthenticationScheme[]; /** - * Credentials for authentication. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding. + * Credentials for the legacy scheme. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding. */ credentials: string; }; @@ -9728,15 +9728,15 @@ export interface ReportingWebhook { */ token?: string; /** - * Authentication configuration for webhook delivery (A2A-compatible) + * Legacy authentication configuration for webhook delivery (A2A-compatible). Opts the receiver into Bearer or HMAC-SHA256 signing. Both schemes are deprecated; the preferred signing profile for new integrations is RFC 9421, where the seller signs with a key published at its brand.json agents[] entry and the buyer verifies against the seller's JWKS — no shared secret crosses the wire (see docs/building/implementation/security.mdx#webhook-callbacks). This field is required in AdCP 3.x; the requirement is removed in AdCP 4.0 when the default RFC 9421 path becomes the only path. */ authentication: { /** - * Array of authentication schemes. Supported: ['Bearer'] for simple token auth, ['HMAC-SHA256'] for signature verification (recommended for production) + * Array of authentication schemes. ['Bearer'] for simple token auth, ['HMAC-SHA256'] for legacy shared-secret signing. Both are deprecated; new integrations SHOULD use the RFC 9421 webhook signing profile instead. */ schemes: AuthenticationScheme[]; /** - * Credentials for authentication. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding. + * Credentials for the legacy scheme. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding. */ credentials: string; }; diff --git a/src/lib/types/manifest.generated.ts b/src/lib/types/manifest.generated.ts index eace1df7d..01dc7d496 100644 --- a/src/lib/types/manifest.generated.ts +++ b/src/lib/types/manifest.generated.ts @@ -1,16 +1,16 @@ -// AUTO-GENERATED FROM schemas/cache/3.0.8/manifest.json — DO NOT EDIT. +// AUTO-GENERATED FROM schemas/cache/3.0.9/manifest.json — DO NOT EDIT. // Run `npm run generate-manifest-derived` to regenerate. /** - * Manifest-derived constants for AdCP 3.0.8. + * Manifest-derived constants for AdCP 3.0.9. * * Single source of truth for tool↔protocol grouping, error-code metadata * (description + recovery + suggestion), and specialism→required-tools * mapping. Replaces the hand-curated tables that previously lived in * `src/lib/utils/capabilities.ts` and `src/lib/types/error-codes.ts`. * - * Source: `schemas/cache/3.0.8/manifest.json` (adcp_version: 3.0.8, generated_at: - * 2026-05-08T14:02:02.755Z). Re-run `npm run sync-schemas` then + * Source: `schemas/cache/3.0.9/manifest.json` (adcp_version: 3.0.9, generated_at: + * 2026-05-09T20:40:13.106Z). Re-run `npm run sync-schemas` then * `npm run generate-manifest-derived` to refresh after a spec bump. */ diff --git a/src/lib/types/tools.generated.ts b/src/lib/types/tools.generated.ts index 15d80b891..db9fd2aa9 100644 --- a/src/lib/types/tools.generated.ts +++ b/src/lib/types/tools.generated.ts @@ -3917,7 +3917,7 @@ export type AdvertiserIndustry = */ export type StartTiming = 'asap' | string; /** - * Authentication schemes for push notification endpoints + * Legacy authentication schemes for the webhook auth block. Bearer: token sent in Authorization header. HMAC-SHA256: legacy shared-secret signing. Both are deprecated; new integrations SHOULD omit the authentication block and use the RFC 9421 webhook signing profile (applicable on schemas where authentication is optional). Removed in AdCP 4.0. */ export type AuthenticationScheme = 'Bearer' | 'HMAC-SHA256'; /** @@ -4010,15 +4010,15 @@ export interface CreateMediaBuyRequest { */ token?: string; /** - * Authentication configuration for webhook delivery (A2A-compatible) + * Legacy authentication configuration for webhook delivery (A2A-compatible). Opts the receiver into Bearer or HMAC-SHA256 signing. Both schemes are deprecated; the preferred signing profile for new integrations is RFC 9421, where the seller signs with a key published at its brand.json agents[] entry and the buyer verifies against the seller's JWKS — no shared secret crosses the wire (see docs/building/implementation/security.mdx#webhook-callbacks). This field is required in AdCP 3.x; the requirement is removed in AdCP 4.0 when the default RFC 9421 path becomes the only path. */ authentication: { /** - * Array of authentication schemes. Supported: ['Bearer'] for simple token auth, ['HMAC-SHA256'] for signature verification (recommended for production) + * Array of authentication schemes. ['Bearer'] for simple token auth, ['HMAC-SHA256'] for legacy shared-secret signing. Both are deprecated; new integrations SHOULD use the RFC 9421 webhook signing profile instead. */ schemes: AuthenticationScheme[]; /** - * Credentials for authentication. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding. + * Credentials for the legacy scheme. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding. */ credentials: string; }; @@ -5121,15 +5121,15 @@ export interface ReportingWebhook { */ token?: string; /** - * Authentication configuration for webhook delivery (A2A-compatible) + * Legacy authentication configuration for webhook delivery (A2A-compatible). Opts the receiver into Bearer or HMAC-SHA256 signing. Both schemes are deprecated; the preferred signing profile for new integrations is RFC 9421, where the seller signs with a key published at its brand.json agents[] entry and the buyer verifies against the seller's JWKS — no shared secret crosses the wire (see docs/building/implementation/security.mdx#webhook-callbacks). This field is required in AdCP 3.x; the requirement is removed in AdCP 4.0 when the default RFC 9421 path becomes the only path. */ authentication: { /** - * Array of authentication schemes. Supported: ['Bearer'] for simple token auth, ['HMAC-SHA256'] for signature verification (recommended for production) + * Array of authentication schemes. ['Bearer'] for simple token auth, ['HMAC-SHA256'] for legacy shared-secret signing. Both are deprecated; new integrations SHOULD use the RFC 9421 webhook signing profile instead. */ schemes: AuthenticationScheme[]; /** - * Credentials for authentication. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding. + * Credentials for the legacy scheme. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding. */ credentials: string; }; diff --git a/src/lib/version.ts b/src/lib/version.ts index 03ff4dbea..13cdbde00 100644 --- a/src/lib/version.ts +++ b/src/lib/version.ts @@ -4,12 +4,12 @@ /** * AdCP SDK library version */ -export const LIBRARY_VERSION = '6.15.1'; +export const LIBRARY_VERSION = '6.16.1'; /** * AdCP specification version this library is built for */ -export const ADCP_VERSION = '3.0.8'; +export const ADCP_VERSION = '3.0.9'; /** * AdCP major version sent with every request (adcp_major_version field). @@ -52,10 +52,10 @@ export type AdcpVersion = (typeof COMPATIBLE_ADCP_VERSIONS)[number]; * Full version information */ export const VERSION_INFO = { - library: '6.15.1', - adcp: '3.0.8', + library: '6.16.1', + adcp: '3.0.9', compatibleVersions: COMPATIBLE_ADCP_VERSIONS, - generatedAt: '2026-05-09T13:46:01.397Z', + generatedAt: '2026-05-10T10:32:00.436Z', } as const; /**