@adcp/sdk@8.1.0-beta.18

Patch Changes

• 448249c: Include operation_id in framework-emitted task webhook payloads and validate
  push notification operation identifiers at the request boundary.

@adcp/sdk@8.1.0-beta.17

Minor Changes

• a7d460d: Update the SDK schema pin and generated surfaces to AdCP 3.1.0-rc.2.

  Regenerates TypeScript/Zod schemas, docs, registry types, manifest-derived
  constants, and wire field allowlists from the 3.1 RC protocol bundle. Preserves
  SignalCatalogType compatibility aliases across generated type, schema, and
  enum entrypoints while adopting the renamed SignalAvailabilityType surface.

• f325c11: Update the SDK schema pin and generated surfaces to AdCP 3.1.0-rc.4.

  Regenerates TypeScript/Zod schemas, docs, manifest-derived constants, entity
  hydration metadata, and server wire field allowlists from the rc4 protocol
  bundle. Adds GitHub-dist fallback for schema syncs when the website mirror has
  not yet published a signed protocol bundle, and keeps the media-buy mode
  mismatch recovery path tolerant of older 3.1 prerelease sellers that still emit
  requires_proposal.

• e9638ae: Reuse authorization-code OAuth MCP sessions across related tool calls and export closeOAuthConnections() for scoped cleanup.

• f9ed580: fix(storyboard): add regex-backed field pattern validations

  Storyboard validations now support field_pattern and envelope_field_pattern checks for string fields, with consistent handling for missing fields, non-string values, invalid regex sources, conformance replay, and schema drift detection.

• 2326b27: Expose typed webhook parse/verify results, add buyer webhook receiver conformance replay checks, and clarify delivery webhook envelope docs.

Patch Changes

• 3300db7: Allow packaged catalog-era adagents.json schemas to validate community mirror catalogs with authorized_agents: [], while preserving the stricter non-empty authorization requirement for legacy authorization-only schema bundles.
• 249604c: Fix external compliance/schema bundle handling by scoping schema roots per run, preloading async response refs for request validators, preserving hosted stable-line aliases on the wire, and exposing schema-root options through conformance fuzzing.
• ceb8b80: Add storyboard runner support for step-level HTTP Basic auth directives.

@adcp/sdk@8.1.0-beta.16

Patch Changes

• cbaebbc: Restore signing-only response helpers under @adcp/sdk/signing for adopters that sign JSON transport responses and publish
  response-signing JWKs.

@adcp/sdk@8.1.0-beta.15

Minor Changes

• 476e452: Update the SDK schema pin and generated surfaces to AdCP 3.1.0-beta.7.

  Regenerates TypeScript/Zod schemas, docs, manifest-derived constants, wire
  field allowlists, and the 3.1 beta opt-in type surface from the beta.7
  protocol bundle. The test-controller and createComplyController helpers now
  recognize and advertise the new beta.7 compliance controller scenarios
  (force_creative_purge, seed_measurement_catalog,
  query_provenance_audit_observations), auto-seeded product/pricing fixtures
  are projected through compliance_testing.scenarios, and the beta sync wrapper
  preserves protocol-managed artifacts when the beta is also the primary pin.

• dceec03: Add brand JSON asset mapping helpers for validating PDF/model extraction output, applying approved logo mappings, selecting logos by slot, checking slot coverage, and saving updated brand manifests through the registry client.

• 743946b: Add typed registry helpers for community mirror adagents catalogs. buildCommunityMirrorAdagents() and RegistryClient.createCommunityMirrorAdagents() emit catalog-only descriptors with authorized_agents: [], while CreateAdagentsRequest now exposes typed formats, placements, and placement_tags shapes for local adopter code.

• a06542b: Emit the canonical signed_requests_specialism_deprecated runner notice when
  agents still advertise the deprecated signed-requests specialism on the
  signed-requests storyboard.

  The notice is a counter-neutral deprecation advisory with
  capability_path: "specialisms" and effective_version: "4.0". This widens
  the public NoticeCode union so dashboards and CI gates can handle the new
  canonical code explicitly.

Patch Changes

• 8353d64: Reject catastrophic format_schema regex patterns in canonical reference resolution with invalid_schema / budget_exceeded.
• 766cf27: Add a storyboard-level preferred_attestation_mode hint for upstream traffic
  controller prefetches.
• 2ed0dd1: Tighten sync_accounts commercial filtering diagnostics and replay caching for
  stable rejected rows.

@adcp/sdk@8.1.0-beta.14

Minor Changes

• 546f093: Document the AdCP 3.1 AUTH_MISSING / AUTH_INVALID split while keeping deprecated AuthRequiredError wire-compatible with AUTH_REQUIRED. The decisioning runtime also refreshes once on AUTH_MISSING when AccountStore.refreshToken is configured, attaching the refreshed upstream token to a request-local account clone before retrying.

• fa8c1ba: Add framework-level sync_accounts commercial enforcement for AdCP 3.1 buyer-agent billing gates, including clamped per-agent billing errors, unmapped-bearer oracle protection, supported payment terms checks, and idempotency cache bypass for rejected account rows.

• 799d5b6: Add storyboard canonical_format_satisfaction validation for canonical format create-time assertions.

  The check compares actual create_media_buy package selectors against prior get_products product format declarations, including canonical format_option_refs, legacy format_ids normalized through v1_format_ref or catalog projection, richer param containment, under-specified selector rejection, and format-specific rejection diagnostics.

• 6ffbdfa: Add createCanonicalReferenceResolver through the package root and @adcp/sdk/canonical-references for immutable format_schema and platform_extensions URI+SHA-256 references. The resolver applies SSRF-safe DNS-pinned fetching, redirect blocking, timeout and body caps, digest verification, caller-owned policy-scoped caching, structured non-throwing statuses, and JSON Schema validation plus pinned $ref sandboxing for format_schema.

• 505c09c: Hide comply_test_controller and compliance_testing discovery from live principals while preserving sandbox/mock controller dispatch and live-target PERMISSION_DENIED handling.

• 965fb43: Add shared mock-server scenario scaffolding for storyboard fixtures: token-protected /_scenario/* HTTP routes surfaced in mock-server summaries, programmatic handle.scenario, fixture reset/state snapshots, authenticated scripted fault responses, loopback-only webhook emit/capture stubs, and exact idempotency_key replay handling on state-creation mock routes.

• 8ec6cbd: Expose a public schema-root override for hosted compliance runs via schemaRoot options and registerExternalSchemaRoot from @adcp/sdk/testing.

• bc0c21f: Add the rate-limit trip/replay observer for the AdCP 3.1 rate_limit_trip_runner storyboard contract.

  The storyboard runner now executes expect_rate_limit_not_replayed by bursting fresh idempotency keys until RATE_LIMITED, waiting the advertised retry_after, replaying the same key, and grading the new replay_not_cached_rate_limit check. If the burst exhausts max_attempts without a rate-limit response, the step emits skip_reason: "rate_limit_not_triggered" and canonical skip.reason: "not_applicable". The public RateLimitTripObserver helper is exported from both @adcp/sdk and @adcp/sdk/testing.

• 35947d7: Harden RegistryClient transport defaults with timeout, max body size, redirect policy, and injectable fetch options. The default registry host now uses the canonical upstream registry, and callers pinned to the legacy host can either update baseUrl or opt into redirect: 'follow'.

  Regenerate registry OpenAPI types so CreateAdagentsRequest accepts catalog metadata fields for community mirror manifests, while preserving backward-compatible listAgents()/listPublishers() source summaries and the legacy type: 'si' list-agent filter. Add CI drift checks that regenerate registry types from the bundled upstream registry OpenAPI before validating generated files.

• 748e5c9: breaking: remove the preview RFC 9421 transport response-signing surface from the beta line

  AdCP 3.x does not authorize generic RFC 9421 §2.2.9 transport response signing. The SDK no longer exports signResponse, signResponseAsync, verifyResponseSignature, createResponseVerifier, ResponseSignatureError, RESPONSE_SIGNING_TAG, RESPONSE_MANDATORY_COMPONENTS, buildResponseSignatureBase, ResponseLike, prepareResponseSignature, finalizeResponseSignature, SignResponseOptions, PreparedResponseSignature, SignedResponse, the response-verifier option/result types, or the 'response-signing' JWK purpose.

  Runtime helpers also reject the retired purpose: pemToAdcpJwk({ adcp_use: 'response-signing' }) and mintEphemeralEd25519Key({ adcp_use: 'response-signing' }) now throw, and InMemorySigningProvider preserves retired or unknown raw purpose strings so signRequestAsync() and signWebhookAsync() still fail closed instead of silently treating the key as unscoped.

  Request signing and webhook signing are unchanged. There is no conformant AdCP 3.x replacement for generic transport response signing; future designated-task payload JWS support should land under a fresh spec-defined purpose and helper surface.

• 2764c56: Adopt several SDK-side follow-ups unblocked by the AdCP 3.1 schema cache.

  • Preserve explicit conversion_tracking.supported_targets declarations without inventing a default; omitted values mean only target-less event goals are guaranteed.
  • Allow supported_optimization_metrics to derive from a static productCatalog; empty derived or explicit metric arrays are omitted from the wire response instead of advertising an empty 3.1 metric-optimization declaration.
  • Treat sponsored-intelligence as a first-class specialism in compile-time and runtime platform validation, and update the SI example/skill docs.
  • Align upstream-recorder RecordedCall output with the cached 3.1 query_upstream_traffic schema, including raw/digest attestation metadata, payload length, and digest-mode identifier proofs.
  • Honor storyboard required_any_of_tools gates with requirement_unmet skips and skip-cause aggregation.

  BREAKING:

  • RecordedCall is now a raw/digest discriminated union for the 3.1 query_upstream_traffic response. Raw calls carry payload and payload_length; digest calls carry payload_digest_sha256, payload_length, and optional identifier_match_proofs. Consumers that assumed RecordedCall.payload was always present, or that construct RecordedCall literals, need to handle the branch-specific fields.
  • validatePlatform now rejects specialisms: ['sponsored-intelligence'] unless the platform provides the sponsoredIntelligence implementation required by that specialism. Adapters that previously advertised the specialism without dispatch support must either add the platform field or stop advertising the specialism.

• 9e5eeda: Surface the seller-served, release-precision response adcp_version echo as result.metadata.adcpVersion.

• 363ddf5: Add seed_buyer_agent support for comply_test_controller and storyboard controller seeding.

• 80f255b: Harden digest-mode upstream traffic attestations with JCS length alignment, bounded identifier proof scanning, clearer not-applicable grading, and stricter storyboard identifier path validation.

  computePayloadDigestSha256() now applies the recorder's default payload normalization and secret-key redaction before hashing, and accepts a third RegExp | false | PayloadDigestOptions argument. Pass createUpstreamRecorder({ redactPattern }) through as { redactPattern }, and createUpstreamRecorder({ maxPayloadBytes }) through as { maxPayloadBytes }. Pass { prenormalized: true } only when the payload has already been normalized/redacted exactly as the recorder would store it; prenormalized inputs with unredacted secret-shaped keys now throw PayloadDigestError, malformed prenormalized JSON strings and duplicate secret-shaped form keys are rejected, and { redactPattern: false } is rejected unless paired with { prenormalized: true }. Secret-shaped keys in prenormalized payloads are considered safe only when their value is the literal "[redacted]" marker or null. Legacy bare RegExp and false forms remain accepted for this major but are soft-deprecated in favor of { redactPattern } and { prenormalized: true }.

  RecordedCall.host and RecordedCall.path are emitted as strings. The recorder populates both fields from new URL(url) when parsing succeeds and emits empty strings when parsing fails.

  BEHAVIOR CHANGE: digest-mode payload_length now reports the canonical byte length covered by payload_digest_sha256; raw calls continue to report the redacted emitted payload length.

  Manual record() calls with JSON-string payloads now parse and secret-redact the stored payload just like wrapped fetch() calls, so raw and digest attestations use the same redacted body view. Parsed JSON string payloads now fail closed beyond the recorder's 256-level JSON canonicalization cap, and malformed JSON strings get a best-effort key-based secret scrub before diagnostic storage and surface an onError event when configured and digest-mode identifier scanning cannot parse them. Digest-mode query projection now drops only the non-canonical recorded entry and surfaces digest_canonicalization_failed through configured onError instead of throwing the whole query. Redaction now walks to the recorder's 256-level JSON canonicalization cap with cycle protection, raw recording rejects structured payloads beyond that cap, invalid purpose classifier values are omitted instead of emitting off-spec strings, and disabled recorder queries without a caller-supplied bound return a schema-valid epoch since_timestamp. Purpose classifier values remain a preview surface until the purpose field is adopted by the spec; unknown values are omitted rather than emitted on the wire.

  Storyboard identifier_paths are request-payload-relative. Loader validation now rejects request/response/context-prefixed forms including request.*, $["request"].*, and $..request.*; use paths such as audiences[*].add[*].hashed_email. `runStoryboardSt...

@adcp/sdk@8.1.0-beta.13

Minor Changes

• 156059c: Update the SDK schema pin and generated surfaces to AdCP 3.1.0-beta.5.

  The 3.1 beta write-side media-buy helpers now emit format_option_refs /
  format_option_id instead of the removed capability_ids path, while keeping
  the old capability-named helper exports as beta.3 compatibility aliases.
  packageRefsForCapabilities() is now documented as beta.3-only and emits a
  one-time warning because beta.5 sellers reject capability_ids on
  PackageRequest.

  PROPOSAL_NOT_FOUND recovery is aligned to beta5 as correctable, and the
  projection diagnostic detail name follows the beta5 format_option_id field
  instead of the beta.3 capability_id name. Regenerated types, Zod schemas,
  docs, schema caches, conformance arbitraries, retry policy, and compliance
  controller support are aligned with the beta5 protocol bundle.

• 8c0a7f0: Expose canonical creative format migration helpers and get_products cache-scope helpers.

  Adds the CanonicalFormat namespace plus projection subpath builder helpers for authoring format_options[] and v1 fallback refs, exports the existing projection/write-side helpers from the package root, and adds ensureGetProductsCacheScope() / validateGetProductsCacheScope() for storefronts composing legacy upstream product feeds.

  Also widens SyncCreativesPayload to include operation-level SyncCreativesError payloads and adds explicit list_creative_formats server payload aliases.

• 05bc22b: Add first-class helpers for decomposing and enforcing update_media_buy action requests. decomposeUpdateMediaBuy() exposes concrete requested mutations with action, path, scope, package IDs, and best-effort before/after values, while assertUpdateMediaBuyAllowed() lets server adopters throw canonical ACTION_NOT_ALLOWED errors from per-buy available_actions[].

Patch Changes

• f05ca49: Disambiguate A2A artifact status fields so domain payloads like update_media_buy returning status: "canceled" are treated as completed tool responses, not task lifecycle cancellations. Parser, validator, task polling, and signing discovery logic now consistently read the latest structured DataPart.

• a312e00: Publish releases under AdCP minor-line npm dist-tags.

  The release wrapper derives adcp-<major.minor> from package.json#adcp_version
  and uses that as the publish-time npm tag, so OIDC trusted publishing can update
  the compatibility channel without a post-publish dist-tag mutation.

• b8a08bb: Accept AdCP 3.1 vendor_metric optimization goals in create_media_buy validation and treat top-level errors[] as advisory when a task-aware success or submitted payload is present.

• 3600320: fix: let external compliance dirs provide their matching schema bundle

  When --compliance-dir points at another SDK package or checkout, the storyboard runner now registers the sibling schema bundle before constructing the test client. This allows a beta runner that ships only the 3.1 cache to execute a supplied 3.0 compliance bundle without failing the adcpVersion schema-bundle preflight.

• 9beb418: Fix idempotency storyboard grading for MCP sellers by keeping missing-field vectors on the initialized SDK transport, and allow standard recovery metadata on IDEMPOTENCY_CONFLICT error envelopes.

• ca64f88: Split storyboard runner exclusions from selected-but-skipped steps in compliance summaries.

  Runs now report caller-excluded work, such as version gates, explicit request-signing vector filters, live-side-effect opt-outs, and profile exclusions, under steps_not_selected / not_selected_by_reason instead of inflating steps_skipped. Selected steps that could not execute, such as missing tools or missing comply_test_controller, remain skipped.

  The narrow compliance summary artifact is bumped to schema version 2 and now exposes not_selected_count, optional not_selected records, not_selected_by_reason, and skipped_by_reason.

@adcp/sdk@8.1.0-beta.12

Minor Changes

• bbf735c: Export parseWholesaleFeedWebhookNotification /
  normalizeWholesaleFeedWebhookNotification helpers for canonical wholesale-feed
  webhook receivers and align WholesaleFeedSync dedupe semantics with delivery
  idempotency_key plus canonical logical event identity
  notification_id === event.event_id.

  Add buyer-side signal discovery helpers that normalize get_signals rows,
  expose the canonical activate_signal.signal_agent_segment_id handle, and
  build activation requests without confusing signal_id provenance for the
  activation key.

Patch Changes

• 70cdb20: Recognize ACTION_NOT_ALLOWED through the shared standard error-code runtime table so decisioning AdcpError construction does not warn for the AdCP 3.1 code.

• d6528d7: Tighten beta.11 server payload migration around get_products.cache_scope.

  Server-facing get_products payload aliases and productsResponse() now require
  cache_scope whenever products are returned or a wholesale-feed response is
  unchanged. Unchanged responses still omit products, but must echo
  cache_scope. Strict response validation catches plain JavaScript adopters that
  bypass TypeScript.

  Framework response defaulting now infers cache_scope: 'public' only when there
  is no inline account and no auth-derived/resolved account. Account-scoped
  requests fail closed unless the adapter explicitly chooses public or
  account, and sandbox/test-controller seeded merges no longer hide missing
  account-scoped scope.

@adcp/sdk@8.1.0-beta.11

Minor Changes

• 8d32fe6: fix(media-buy): use generated 3.1 types for available_actions[] surface

  The hand-written wire-shape types in src/lib/media-buy/types.ts (MediaBuyValidAction, MediaBuyActionMode, MediaBuyAvailableAction, ActionNotAllowedReason, ActionNotAllowedDetails, and the SLA window) are deleted and replaced with re-exports from src/lib/types/core.generated.ts now that the AdCP 3.1.0-beta.3 schema cache produces them.

  Breaking type shape fix. The previously-shipped SlaWindow was { unit, value, response_max? }. The spec evolved to SLAWindow (caps, ISO acronym convention) with shape { response_max?, completion_max? } where both are ISO 8601 duration strings. Adopters reading available_actions[0].sla.response_max against the prior type would have hit a runtime shape mismatch when sellers actually populated sla. SLAWindow is the canonical export; SlaWindow remains as a deprecated import-compatibility alias to the corrected generated shape.

  Helper-local types stay: LEGACY_COARSE_ACTIONS, LegacyCoarseAction, MediaBuyActionContext, UpdateMediaBuyRequestLike. These are convenience subsets the preflight resolver reads against and aren't part of the wire schema.

  scripts/generate-media-buy-update-fields.ts re-ran against the real 3.1.0-beta.3 cache. The generated enumMetadata.update_fields table is unchanged from the snapshot taken against the merged-but-pre-release upstream copy.

  Preflight logic, boolean gates, ActionNotAllowedError, and the compat shim for valid_actions[] are unchanged.

• a809021: Re-export SSRF-safe networking helpers from the package root and the new
  @adcp/sdk/net public subpath. This includes ssrfSafeFetch,
  SsrfRefusedError, SSRF_TRANSIENT_CODES, decodeBodyAsJsonOrText,
  isPrivateIp, isAlwaysBlocked, and isLikelyPrivateUrl.

  Docs add the 8.0 -> 8.1 migration guide and a recipe for verifying inbound
  webhooks with RFC 9421, per-agent isolation, multi-replica replay storage, and
  legacy HMAC handling.

Patch Changes

• dcefd85: Expose named server *Payload aliases from the root, types, and server barrels so adopters can annotate server-side adapter returns without importing wire *Response types.
• 90d9edb: Normalize legacy media-buy lifecycle status responses during validation and storyboard capture, and export getAuthoritativeMediaBuyStatus / isMediaBuyStatus helpers for reading authoritative media-buy status from mixed-version payloads. The normalized return shape preserves seller-provided legacy status values while adding canonical media_buy_status where the lifecycle status is unambiguous.
• 77252a9: Fix false-positive collision warnings in per-tool type extractor when the same type is emitted by both tools.generated and core.generated with different JSDoc but identical structure.

@adcp/sdk@8.1.0-beta.10

Patch Changes

• 6738e2a: Export named server *Payload and *HandlerResult aliases for decisioning handlers, and keep those payload types aligned with runtime response projection by stripping write-only webhook credentials and billing bank fields.

  Adopters that annotated server helper layers with generated wire *Response / *Success types should switch those annotations to the exported aliases from @adcp/sdk/server, or use ServerPayload<T> directly for less common generated response shapes.

• 21240cf: fix: make storyboard runner version negotiation explicit

  Storyboards now inherit the AdCP version from the selected compliance cache, suppress the exact adcp_version marker for 3.0 cache runs, and opt into explicit 3.1 markers only when running 3.1 storyboards. The compliance runner and CLI also expose cache selection so the runner does not infer the spec line solely from the installed package version.

@adcp/sdk@8.1.0-beta.9

Patch Changes

• c9a2e63: Expose generated input helpers for brand discovery and verification custom tools, including a full-schema helper for union-shaped verify_brand_claim requests.

• e52f1bf: Preserve ZodObject helpers for safe generated object intersections, including validate_property_delivery request schemas used for MCP tool registration.

• 94ba961: Restore ZodObject helper access on ProductSchema and marker-backed canonical format schemas by collapsing marker-only intersections during schema generation.

  Also preserve exact known-key typing for exported tool request/input schema maps while keeping dynamic string lookups explicitly nullable.

• eb0d260: Restore ZodObject ergonomics for generated schemas whose only intersection arms are opaque Record<string, unknown> markers.

  ProductSchema and related marker-only format schemas now expose object helpers like .extend(), .omit(), .pick(), and .shape again without changing runtime validation behavior.

• 314ea71: Type server/platform handler returns as domain payloads rather than requiring protocol task-envelope fields from generated wire response types. The SDK continues to stamp envelope fields such as status: "completed" at dispatch time, and exports ServerPayload<T> for adopters that want explicit payload return annotations.