{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "/schemas/3.1.0-rc.4/protocol/get-adcp-capabilities-response.json", "title": "Get AdCP Capabilities Response", "description": "Response payload for get_adcp_capabilities task. Protocol-level capability discovery across all AdCP protocols. Each protocol has its own capability section.", "type": "object", "allOf": [ { "$ref": "/schemas/3.1.0-rc.4/core/version-envelope.json" }, { "$ref": "/schemas/3.1.0-rc.4/core/protocol-envelope.json" } ], "properties": { "adcp": { "type": "object", "description": "Core AdCP protocol information", "properties": { "major_versions": { "type": "array", "description": "DEPRECATED in favor of `supported_versions` (release-precision strings). Servers MUST continue to emit this field through 3.x for backwards compatibility. Removed in 4.0. Original semantics: AdCP major versions supported by this seller. Major versions indicate breaking changes.", "items": { "type": "integer", "minimum": 1 }, "minItems": 1 }, "supported_versions": { "type": "array", "description": "Release-precision (VERSION.RELEASE) AdCP versions this seller speaks. Authoritative for buyer-side release pinning — buyers SHOULD declare `adcp_version` (release-precision string) on each request. Sellers downshift to the highest supported release ≤ the buyer's pin within the same major; cross-major mismatch returns VERSION_UNSUPPORTED. Pre-release tags (e.g. `\"3.1-beta\"`) hang off release.", "items": { "type": "string", "pattern": "^\\d+\\.\\d+(-[a-zA-Z0-9.-]+)?$" }, "minItems": 1, "examples": [ [ "3.0" ], [ "3.0", "3.1" ], [ "3.0", "3.1-beta" ] ] }, "build_version": { "type": "string", "description": "Optional advisory metadata: full semver build identifier of the seller's deployment — MAJOR.MINOR.PATCH plus optional pre-release and build-metadata segments per semver §9–§10. Patches are not part of the wire contract — semver patch by definition introduces no contract change — but surfacing the build helps buyers triage incidents and bug reports against a specific seller deployment lineage. Buyers MUST NOT use this field for negotiation; use `supported_versions` (release-precision) instead.", "pattern": "^\\d+\\.\\d+\\.\\d+(-[a-zA-Z0-9.-]+)?(\\+[a-zA-Z0-9.-]+)?$", "examples": [ "3.0.1", "3.1.2", "3.1.0-beta.3", "3.1.2+scope3.deploy.4821", "3.1.0-beta.3+sha.a1b2c3d" ] }, "idempotency": { "type": "object", "description": "Idempotency semantics for mutating requests. Sellers MUST declare whether they honor idempotency_key replay protection so buyers can reason about safe retry behavior. Modeled as a discriminated union on the supported boolean so that code generators produce two named types (IdempotencySupported, IdempotencyUnsupported) with the replay_ttl_seconds invariant enforced at the type level — draft-07 if/then would be dropped by most generators (openapi-typescript, zod-to-json-schema, datamodel-code-generator pre-0.25, quicktype). Clients MUST NOT assume a default — a seller without this declaration is non-compliant and should be treated as unsafe for retry-sensitive operations.", "oneOf": [ { "title": "IdempotencySupported", "description": "Seller honors idempotency_key replay protection on mutating requests. Replays within replay_ttl_seconds return the cached response (or IDEMPOTENCY_CONFLICT on payload divergence); replays past the window return IDEMPOTENCY_EXPIRED when the seller can still distinguish 'seen and evicted' from 'never seen'.", "properties": { "supported": { "const": true, "description": "Discriminator. True means the seller deduplicates replays — a repeat of the same idempotency_key within replay_ttl_seconds returns the cached response without re-executing side effects." }, "replay_ttl_seconds": { "type": "integer", "description": "How long the seller retains a canonical response for an idempotency_key. Within this window, a replay with the same key + equivalent canonical payload returns the cached response; a replay with a different canonical payload returns IDEMPOTENCY_CONFLICT; a replay past the window returns IDEMPOTENCY_EXPIRED when the seller can still distinguish 'seen and evicted' from 'never seen'. Minimum 3600 (1h); recommended 86400 (24h). Maximum 604800 (7 days) — longer windows force buyers to retain secret keys at rest for extended periods and grow the seller's cache table without bounded benefit.", "minimum": 3600, "maximum": 604800 }, "in_flight_max_seconds": { "type": "integer", "description": "Maximum lifetime in seconds of an in-flight idempotency row before the seller releases it per L1/security.mdx rule 9 (treat the in-flight attempt as failed if the handler does not complete within this bound). Buyer SDKs use this value to compute a retry budget when they see `IDEMPOTENCY_IN_FLIGHT` — cap individual retry waits at this value rather than the much-wider `replay_ttl_seconds` ceiling. Optional in 3.1 (additive declaration); SDKs that don't see the field fall back to rule 9's order-of-magnitude SHOULD heuristic. Required when `supported: true` in 4.0. MUST be no greater than `replay_ttl_seconds` (a bound larger than the replay window is vacuous — any retry past the TTL hits IDEMPOTENCY_EXPIRED regardless of in-flight state); validators MUST enforce this cross-field constraint at the test layer since JSON Schema cannot express field-relative bounds. A buyer that observes `error.details.retry_after` exceeding this value MAY treat that as a seller bug — the in-flight row cannot legitimately outlive the bound the seller declared.", "minimum": 1, "maximum": 604800 }, "account_id_is_opaque": { "type": "boolean", "description": "When true, the seller derives `account_id` via an HKDF-based one-way transform of the buyer's natural account key rather than echoing the natural key on the wire. Buyers MUST NOT attempt to invert the opaque id and MUST treat it as a blind handle scoped to this seller. Absent or false, callers should assume `account_id` is the natural key (or a server-assigned but non-opaque id). This flag does not change the wire shape, but it DOES change buyer behavior — buyers MUST NOT cache, log, or treat `account_id` as a natural-key analog when this flag is true. Migration note for sellers already returning an opaque id without this flag: set it to true at the next capabilities refresh so buyers stop inferring natural-key semantics; until set, new-buyer replay/retry logic will misclassify these ids as natural keys.", "default": false } }, "required": [ "supported", "replay_ttl_seconds" ] }, { "title": "IdempotencyUnsupported", "description": "Seller does NOT honor idempotency_key replay protection — sending a key is a no-op, the seller will NOT return IDEMPOTENCY_CONFLICT or IDEMPOTENCY_EXPIRED, and a naive retry WILL double-process. Buyers MUST use natural-key checks (e.g., get_media_buys plus request context such as context.internal_campaign_id or package context such as context.buyer_ref) before retrying spend-committing operations against this seller. replay_ttl_seconds and in_flight_max_seconds MUST be absent — they have no meaning without replay support.", "properties": { "supported": { "const": false, "description": "Discriminator. False means the seller does not deduplicate retries." } }, "required": [ "supported" ], "not": { "anyOf": [ { "required": [ "replay_ttl_seconds" ] }, { "required": [ "in_flight_max_seconds" ] } ] } } ] } }, "required": [ "major_versions", "idempotency" ] }, "supported_protocols": { "type": "array", "description": "AdCP protocols this agent supports. Stable values both (a) declare which tools the agent implements and (b) commit the agent to pass the baseline compliance storyboard at /compliance/{version}/protocols/{protocol}/ (with snake_case → kebab-case path mapping, e.g. media_buy → /compliance/.../protocols/media-buy/). The `measurement` protocol is experimental in 3.1 and currently scoped to `get_adcp_capabilities` catalog discovery; agents implementing it MUST also list `measurement.core` in `experimental_features`. Additional measurement tasks (reporting, attribution, etc.) and a baseline storyboard land in subsequent minors. Compliance testing support is declared separately via the `compliance_testing` capability block (below), not as a protocol claim.", "items": { "type": "string", "enum": [ "media_buy", "signals", "governance", "sponsored_intelligence", "creative", "brand", "measurement" ] }, "minItems": 1 }, "account": { "type": "object", "description": "Account management capabilities. Describes how accounts are established, what billing models are supported, and whether an account is required before browsing products.", "properties": { "require_operator_auth": { "type": "boolean", "description": "Whether the seller requires operator-level credentials. This declares who must authenticate; it does not by itself declare whether OAuth is used, whether list_accounts is exposed, or which sync_accounts modes are supported. When true, operators authenticate independently with the seller and account-scoped calls use seller-assigned account_id values because the seller or upstream platform owns the canonical account namespace. If a credential may access more than one account, the seller MUST expose list_accounts and buyers MUST resolve an explicit account_id before the first account-scoped request. If a credential is bound to exactly one account, the seller SHOULD expose list_accounts returning that singleton; a seller MAY omit list_accounts only when it provides the same explicit account_id through another declared path or out-of-band onboarding. When false (default, buyer-declared accounts), the seller trusts the agent's identity claims — the agent authenticates once and declares brands/operators via sync_accounts, then references accounts by natural key.", "default": false }, "authorization_endpoint": { "type": "string", "format": "uri", "description": "OAuth authorization endpoint for obtaining operator-level credentials. Present when the seller supports OAuth for operator authentication. The agent directs the operator to this URL to authenticate and obtain a bearer token. If absent and require_operator_auth is true, operators obtain credentials out-of-band (e.g., seller portal, API key)." }, "supported_billing": { "type": "array", "description": "Billing models this seller supports. operator: seller invoices the operator (agency or brand buying direct). agent: agent consolidates billing. advertiser: seller invoices the advertiser directly, even when a different operator places orders on their behalf. The buyer must pass one of these values in sync_accounts.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/billing-party.json" }, "minItems": 1 }, "required_for_products": { "type": "boolean", "description": "Whether an account reference is required for get_products. When true, the buyer must establish an account before browsing products. When false (default), the buyer can browse products without an account — useful for price comparison and discovery before committing to a seller.", "default": false }, "account_financials": { "type": "boolean", "description": "Whether this seller exposes the `get_account_financials` task for querying account-level financial status (spend, credit, invoices). Acts as a **pre-call discriminator** — buyers MUST consult this field before issuing `get_account_financials`; when `false` (or absent), sellers MAY reject the call with an `UNSUPPORTED_FEATURE` / `OPERATION_NOT_SUPPORTED` error. Companion pattern to `creative.bills_through_adcp` (issue #2881) — both fields let buyers gate optional capability calls on a single declared boolean rather than probing for support. Only applicable to operator-billed accounts; sellers using buyer-billed flows omit or set to `false`.", "default": false }, "sandbox": { "type": "boolean", "description": "Whether this seller supports sandbox accounts for testing. Buyer-declared account sellers provision sandbox accounts via sync_accounts with sandbox: true. Sellers with account_id namespaces expose sandbox accounts as pre-existing test accounts through list_accounts or supply them out-of-band. Requests using a sandbox account perform no real platform calls or spend.", "default": false } }, "required": [ "supported_billing" ] }, "media_buy": { "type": "object", "description": "Media-buy protocol capabilities. Expected when media_buy is in supported_protocols. Sellers declaring media_buy should also include account with supported_billing.", "properties": { "supported_pricing_models": { "type": "array", "description": "Pricing models this seller supports across its product portfolio. Buyers can use this for pre-flight filtering before querying individual products. Individual products may support a subset of these models.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/pricing-model.json" }, "minItems": 1, "uniqueItems": true }, "buying_modes": { "type": "array", "description": "Buying modes this seller supports on get_products. 'brief' (semantic discovery driven by the brief) is universally supported and implicit. 'wholesale' (raw wholesale product feed enumeration — caller omits brief and the seller returns the full priced product feed, paginated) is opt-in and SHOULD be declared explicitly so buyers can probe before issuing wholesale calls. 'refine' lets buyers iterate on prior products/proposals and is also the vehicle for finalizing draft proposals when the seller returns them. Sellers MAY declare ['brief', 'wholesale'] to signal wholesale support; absent declaration is treated as ['brief'] for wholesale-feed probing purposes and sellers MAY return INVALID_REQUEST for wholesale calls they do not support. Symmetric with signals.discovery_modes.", "items": { "type": "string", "enum": [ "brief", "wholesale", "refine" ] }, "minItems": 1, "uniqueItems": true, "default": [ "brief" ] }, "reporting_delivery_methods": { "type": "array", "description": "How this seller delivers reporting data to buyers. Polling via get_media_buy_delivery is always available as a baseline regardless of this field. This array declares additional push-based delivery methods the seller supports. 'webhook': seller pushes to buyer-provided URL (configured per buy via reporting_webhook). 'offline': seller pushes batch files to a cloud storage bucket (seller-provisioned per account via reporting_bucket on the account object). When absent, only polling is available.", "items": { "type": "string", "enum": [ "webhook", "offline" ] }, "minItems": 1, "uniqueItems": true }, "offline_delivery_protocols": { "type": "array", "description": "Cloud storage protocols this seller supports for offline file delivery. Only meaningful when reporting_delivery_methods includes 'offline'. Buyers express a protocol preference in sync_accounts; the seller provisions the account's reporting_bucket using a supported protocol.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/cloud-storage-protocol.json" }, "minItems": 1, "uniqueItems": true }, "supports_proposals": { "type": "boolean", "description": "Conformance declaration that this seller supports the full proposal lifecycle on get_products: returned proposals are actionable, draft proposals can be finalized with buying_mode: 'refine' + action: 'finalize', and committed proposals can be executed via create_media_buy with proposal_id before expires_at. Buyers SHOULD NOT use this field to decide whether a specific returned proposal is executable; proposal_status is the per-proposal source of truth. A declaration of true opts the seller into proposal-lifecycle grading. When false or absent, conformance runners skip proposal-lifecycle storyboards, but buyers should still honor any proposals the seller actually returns.", "default": false }, "propagation_surfaces": { "type": "array", "description": "Where this seller surfaces dependency-resource impairments (creative rejected post-approval, audience suspended, catalog item withdrawn, event source insufficient, property depublished) to buyers. Non-exclusive: a seller mirroring impairments on both the buy snapshot AND firing webhooks declares `[\"snapshot\", \"webhook\"]` (the common case for premium guaranteed sellers). Each value names one surface where buyers can observe an impairment:\n\n- **`snapshot`** — seller propagates resource transitions into `media_buy.health` and `media_buy.impairments[]` on the next `get_media_buys` read. The `impairment.coherence` compliance assertion grades this surface; storyboards that exercise it (`media_buy_seller/dependency_impairment`, `media_buy_seller/dependency_impairment_cardinality`) require `\"snapshot\"` to be declared, else they grade `not_applicable`.\n- **`webhook`** — seller fires `notification-type: impairment` webhooks (configured via `push_notification_config`). Sellers declaring `\"webhook\"` MUST satisfy the persistent-channel webhook contract for the impairment event type. A seller declaring `[\"webhook\"]` without `\"snapshot\"` is webhook-only — buyers reconcile state from the push channel alone, and snapshot-coherence storyboards grade `not_applicable`.\n- **`out_of_band`** — seller propagates via channels outside the AdCP protocol surface entirely (email to trafficker, separate dashboard, partner-specific notification feed). Long-tail and enterprise-bundled platforms commonly use this when impairment workflows are managed in human channels. Sellers declaring only `[\"out_of_band\"]` are not graded by snapshot or webhook compliance — their bar is the offline agreement, not a protocol assertion. If a seller has impairment data in their API under a non-AdCP field name (a mapping gap, not truly out-of-band), they SHOULD document the mapping rather than declare `out_of_band` — the spec's gap, not the seller's posture, is what `out_of_band` legitimately covers.\n\nDefault: `[\"snapshot\"]` when absent (preserves the existing snapshot-coherence contract for sellers that don't declare). Empty array `[]` is invalid (`minItems: 1`) — omit the field to inherit the default rather than declaring no surfaces. Pick the surfaces that honestly describe where buyers will see impairments on this agent. Mixing is normative — `[\"snapshot\", \"webhook\"]` is the documented common case; `[\"snapshot\", \"webhook\", \"out_of_band\"]` is valid for sellers that ship all three surfaces (rare but legal). See lifecycle.mdx § Compliance for the per-surface contract.", "items": { "type": "string", "enum": [ "snapshot", "webhook", "out_of_band" ] }, "uniqueItems": true, "minItems": 1, "default": [ "snapshot" ] }, "creative_approval_mode": { "type": "string", "description": "Tenant-wide applicability signal for media-buy creative approval behavior. This is not a notification or new approval workflow. `auto_approve` means human review does not block serving eligibility after creatives are assigned and automated validation passes. `require_human` means one or more products/accounts may require manual review before creatives become eligible to serve; buyers and compliance runners MUST treat this as a worst-case ceiling across this seller's portfolio unless a future product-level override says otherwise. Compliance runners use this mainly to decide whether auto-approval-dependent storyboards apply. When absent, approval behavior is legacy-unspecified; runners SHOULD NOT treat omission as an affirmative auto-approval claim. `ai_assisted` is intentionally not part of the enum until a behavioral contract is defined.", "enum": [ "auto_approve", "require_human" ] }, "features": { "$ref": "/schemas/3.1.0-rc.4/core/media-buy-features.json" }, "execution": { "type": "object", "description": "Technical execution capabilities for media buying", "properties": { "trusted_match": { "type": "object", "description": "Trusted Match Protocol (TMP) support. Presence of this object indicates the seller has TMP infrastructure deployed. Check individual products via get_products for per-product TMP capabilities.", "x-status": "experimental", "properties": { "surfaces": { "type": "array", "description": "Surface types this seller supports via TMP.", "items": { "type": "string", "enum": [ "website", "mobile_app", "ctv_app", "desktop_app", "dooh", "podcast", "radio", "streaming_audio", "ai_assistant" ] } } } }, "axe_integrations": { "type": "array", "description": "Deprecated. Legacy AXE integrations. Use trusted_match for new integrations.", "items": { "type": "string", "format": "uri" } }, "creative_specs": { "type": "object", "description": "Creative specification support", "properties": { "vast_versions": { "type": "array", "description": "VAST versions supported for video creatives", "items": { "type": "string", "pattern": "^[0-9]+\\.[0-9]+$" } }, "mraid_versions": { "type": "array", "description": "MRAID versions supported for rich media mobile creatives", "items": { "type": "string", "pattern": "^[0-9]+\\.[0-9]+$" } }, "vpaid": { "type": "boolean", "description": "VPAID support for interactive video ads" }, "simid": { "type": "boolean", "description": "SIMID support for interactive video ads" } } }, "targeting": { "type": "object", "description": "Targeting capabilities. If declared true/supported, buyer can use these targeting parameters and seller MUST honor them.", "properties": { "geo_countries": { "type": "boolean", "description": "Country-level targeting using ISO 3166-1 alpha-2 codes" }, "geo_regions": { "type": "boolean", "description": "Region/state-level targeting using ISO 3166-2 codes (e.g., US-NY, GB-SCT)" }, "geo_metros": { "type": "object", "description": "Metro area targeting. Properties indicate which classification systems are supported.", "properties": { "nielsen_dma": { "type": "boolean" }, "uk_itl1": { "type": "boolean" }, "uk_itl2": { "type": "boolean" }, "eurostat_nuts2": { "type": "boolean" } }, "additionalProperties": false }, "geo_postal_areas": { "type": "object", "description": "Postal area targeting. Properties indicate which postal code systems are supported.", "properties": { "us_zip": { "type": "boolean" }, "us_zip_plus_four": { "type": "boolean" }, "gb_outward": { "type": "boolean" }, "gb_full": { "type": "boolean" }, "ca_fsa": { "type": "boolean" }, "ca_full": { "type": "boolean" }, "de_plz": { "type": "boolean" }, "fr_code_postal": { "type": "boolean" }, "au_postcode": { "type": "boolean" }, "ch_plz": { "type": "boolean" }, "at_plz": { "type": "boolean" } }, "additionalProperties": false }, "age_restriction": { "type": "object", "description": "Age restriction capabilities for compliance (alcohol, gambling)", "properties": { "supported": { "type": "boolean", "description": "Whether seller supports age restrictions" }, "verification_methods": { "type": "array", "description": "Age verification methods this seller supports", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/age-verification-method.json" } } } }, "language": { "type": "boolean", "description": "Whether seller supports language targeting (ISO 639-1 codes)" }, "keyword_targets": { "type": "object", "description": "Keyword targeting capabilities. Presence indicates support for targeting_overlay.keyword_targets and keyword_targets_add/remove in update_media_buy.", "properties": { "supported_match_types": { "type": "array", "description": "Match types this seller supports for keyword targets. Sellers must reject goals with unsupported match types.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/match-type.json" }, "minItems": 1 } }, "required": [ "supported_match_types" ] }, "negative_keywords": { "type": "object", "description": "Negative keyword capabilities. Presence indicates support for targeting_overlay.negative_keywords and negative_keywords_add/remove in update_media_buy.", "properties": { "supported_match_types": { "type": "array", "description": "Match types this seller supports for negative keywords. Sellers must reject goals with unsupported match types.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/match-type.json" }, "minItems": 1 } }, "required": [ "supported_match_types" ] }, "geo_proximity": { "type": "object", "description": "Proximity targeting capabilities from arbitrary coordinates via targeting_overlay.geo_proximity.", "properties": { "radius": { "type": "boolean", "description": "Whether seller supports simple radius targeting (distance circle from a point)" }, "travel_time": { "type": "boolean", "description": "Whether seller supports travel time isochrone targeting (requires a routing engine)" }, "geometry": { "type": "boolean", "description": "Whether seller supports pre-computed GeoJSON geometry (buyer provides the polygon)" }, "transport_modes": { "type": "array", "description": "Transport modes supported for travel_time isochrones. Only relevant when travel_time is true.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/transport-mode.json" }, "minItems": 1 } } } } } } }, "audience_targeting": { "type": "object", "description": "Audience targeting capabilities. Presence of this object indicates the seller supports audience targeting, including sync_audiences and audience_include/audience_exclude in targeting overlays.", "properties": { "supported_identifier_types": { "type": "array", "description": "PII-derived identifier types accepted for audience matching. Buyers should only send identifiers the seller supports.", "items": { "type": "string", "enum": [ "hashed_email", "hashed_phone" ] }, "minItems": 1 }, "supports_platform_customer_id": { "type": "boolean", "description": "Whether the seller accepts the buyer's CRM/loyalty ID as a matchable identifier. Only applicable when the seller operates a closed ecosystem with a shared ID namespace (e.g., a retailer matching against their loyalty program). When true, buyers can include platform_customer_id values in AudienceMember.identifiers for matching against the seller's identity graph. Reporting on matched platform_customer_ids typically requires a clean room or the seller's own reporting surface." }, "supported_uid_types": { "type": "array", "description": "Universal ID types accepted for audience matching (MAIDs, RampID, UID2, etc.). MAID support varies significantly by platform — check this field before sending uids with type: maid.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/uid-type.json" }, "minItems": 1 }, "minimum_audience_size": { "type": "integer", "description": "Minimum matched audience size required for targeting. Audiences below this threshold will have status: too_small. Varies by platform (100–1000 is typical).", "minimum": 1 }, "matching_latency_hours": { "type": "object", "description": "Expected matching latency range in hours after upload. Use to calibrate polling cadence and set appropriate expectations before configuring push_notification_config.", "properties": { "min": { "type": "integer", "minimum": 0 }, "max": { "type": "integer", "minimum": 0 } }, "additionalProperties": false } }, "required": [ "supported_identifier_types", "minimum_audience_size" ], "additionalProperties": true }, "supported_optimization_metrics": { "type": "array", "description": "Optimization metrics this seller can support on at least one of their products. Seller-level rollup of product-level metric_optimization.supported_metrics declarations (core/product.json). Buyers SHOULD filter their requested optimization goals against this list before submitting briefs. Sellers MUST keep this in sync with their product catalog — if no products support a metric, it must not appear here. Omitting this field means the seller declares no specific guarantees about which metrics they support; buyers should fall back to per-product inspection of metric_optimization.supported_metrics.", "items": { "type": "string", "enum": [ "clicks", "views", "completed_views", "viewed_seconds", "attention_seconds", "attention_score", "engagements", "follows", "saves", "profile_visits", "reach" ] }, "minItems": 1, "uniqueItems": true }, "vendor_metric_optimization": { "type": "object", "description": "Seller-level rollup of vendor-metric optimization capabilities supported by at least one product. Product-level vendor_metric_optimization.supported_metrics[] remains authoritative for the specific (vendor, metric_id) pairs and target kinds a buyer may bind on a package; this seller-level object exists so buyers and compliance runners can discover whether vendor_metric goals are in scope before walking the catalog. Sellers MUST keep this in sync with product-level vendor_metric_optimization declarations.", "properties": { "supported_targets": { "type": "array", "description": "Target kinds this seller can support for vendor_metric optimization goals on at least one product. Values match optimization_goals[].target.kind for kind: vendor_metric. A target-less vendor_metric goal maximizes the metric within budget and does not require a target-kind declaration.", "items": { "type": "string", "enum": [ "cost_per", "threshold_rate" ] }, "minItems": 1, "uniqueItems": true } }, "additionalProperties": true }, "conversion_tracking": { "type": "object", "description": "Seller-level conversion tracking capabilities. Presence of this object indicates the seller supports sync_event_sources and log_event for conversion event tracking.", "properties": { "multi_source_event_dedup": { "type": "boolean", "description": "Whether this seller can deduplicate conversion events across multiple event sources within a single goal. When true, the seller honors the deduplication semantics in optimization_goals event_sources arrays — the same event_id from multiple sources counts once. When false or absent, buyers should use a single event source per goal; multi-source arrays will be treated as first-source-wins. Most social platforms cannot deduplicate across independently-managed pixel and CAPI sources." }, "per_creative_attribution": { "type": "boolean", "description": "Whether the seller can attribute conversions to specific creatives within a package and surface that breakdown via media_buy_deliveries[].by_package[].by_creative[].conversions in get_media_buy_delivery. Defaults to false when omitted. Sellers that report conversions only at the line / package / placement / campaign granularity (retail-media, MMP-mediated mobile, CTV performance) declare false (or omit) and the per-creative scenario grades not_applicable for them. Sellers that surface ad-level conversion attribution (most social platforms) declare true and the scenario asserts the breakdown is populated end-to-end. Defaults to false to preserve backward compatibility." }, "supported_event_types": { "type": "array", "description": "Event types this seller can track and attribute. If omitted, all standard event types are supported.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/event-type.json" }, "minItems": 1 }, "supported_targets": { "type": "array", "description": "Event-goal target kinds this seller can compute against. Buyers should only submit event-kind optimization goals whose target.kind is listed here — sellers MUST reject goals with unlisted target kinds. When omitted, only target-less event goals (maximize conversion count within budget) are guaranteed; sellers MAY accept specific target kinds but buyers should not rely on it. Named to parallel `metric_optimization.supported_targets` at the product level — same concept (which target kinds are supported), one at seller-capability granularity and one at product granularity.", "items": { "type": "string", "enum": [ "cost_per", "per_ad_spend", "maximize_value" ] }, "minItems": 1, "uniqueItems": true }, "supported_uid_types": { "type": "array", "description": "Universal ID types accepted for user matching", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/uid-type.json" }, "minItems": 1 }, "supported_hashed_identifiers": { "type": "array", "description": "Hashed PII types accepted for user matching. Buyers must hash before sending (SHA-256, normalized).", "items": { "type": "string", "enum": [ "hashed_email", "hashed_phone" ] }, "minItems": 1 }, "supported_action_sources": { "type": "array", "description": "Action sources this seller accepts events from", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/action-source.json" }, "minItems": 1 }, "attribution_windows": { "type": "array", "description": "Attribution windows available from this seller. Single-element arrays indicate fixed windows; multi-element arrays indicate configurable options the buyer can choose from via attribution_window on optimization goals.", "items": { "type": "object", "properties": { "event_type": { "$ref": "/schemas/3.1.0-rc.4/enums/event-type.json", "description": "Event type this window applies to, or omit for default window" }, "post_click": { "type": "array", "description": "Available post-click attribution windows (e.g. [{\"interval\": 7, \"unit\": \"days\"}])", "items": { "$ref": "/schemas/3.1.0-rc.4/core/duration.json" }, "minItems": 1 }, "post_view": { "type": "array", "description": "Available post-view attribution windows (e.g. [{\"interval\": 1, \"unit\": \"days\"}])", "items": { "$ref": "/schemas/3.1.0-rc.4/core/duration.json" }, "minItems": 1 } }, "required": [ "post_click" ], "additionalProperties": true } } }, "additionalProperties": true }, "frequency_capping": { "type": "object", "description": "Frequency capping capabilities. Presence of this object indicates the seller honors targeting.frequency_cap on packages and MUST reject caps it cannot enforce rather than silently dropping them. Buyers SHOULD inspect supported_per_units and supported_window_units before submitting caps; sellers without these sub-fields populated MAY accept any reach-unit / duration-unit combination they can enforce. Per-product overrides (for sellers with mixed addressable/non-addressable inventory) are a likely follow-up — file a separate RFC if needed.", "properties": { "supported_per_units": { "type": "array", "description": "Entity granularities the seller can enforce caps against. Values from the reach-unit enum. Omit to indicate all reach-unit values are supported.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/reach-unit.json" }, "minItems": 1, "uniqueItems": true }, "supported_window_units": { "type": "array", "description": "Duration units the seller supports for frequency cap windows. Values must match the duration.json unit enum (e.g., 'hours', 'days', 'campaign'). Omit to indicate all duration units are supported.", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true } }, "additionalProperties": true }, "content_standards": { "type": "object", "description": "Content standards implementation details. Presence of this object indicates the seller supports content_standards configuration including sampling rates and category filtering. Gives buyers pre-buy visibility into local evaluation and artifact delivery capabilities.", "properties": { "supports_local_evaluation": { "type": "boolean", "description": "Whether the seller runs a local evaluation model. When false, all artifacts will have local_verdict: 'unevaluated' and the failures_only filter on get_media_buy_artifacts is not useful." }, "supported_channels": { "type": "array", "description": "Channels for which the seller can provide content artifacts. Helps buyers understand which parts of a mixed-channel buy will have content standards coverage.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/channels.json" }, "minItems": 1 }, "supports_webhook_delivery": { "type": "boolean", "description": "Whether the seller supports push-based artifact delivery via artifact_webhook configured at buy creation time." } } }, "portfolio": { "type": "object", "description": "Information about the seller's media inventory portfolio. Expected for media_buy sellers — buyers use this to understand inventory coverage and verify authorization via adagents.json.", "properties": { "publisher_domains": { "type": "array", "description": "Publisher domains this seller is authorized to represent. Buyers should fetch each publisher's adagents.json for property definitions.", "items": { "type": "string", "pattern": "^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$" }, "minItems": 1 }, "primary_channels": { "type": "array", "description": "Primary advertising channels in this portfolio", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/channels.json" } }, "primary_countries": { "type": "array", "description": "Primary countries (ISO 3166-1 alpha-2) where inventory is concentrated", "items": { "type": "string", "pattern": "^[A-Z]{2}$" } }, "description": { "type": "string", "description": "Markdown-formatted description of the inventory portfolio", "maxLength": 5000 }, "advertising_policies": { "type": "string", "description": "Advertising content policies, restrictions, and guidelines", "maxLength": 10000 } }, "required": [ "publisher_domains" ] } } }, "signals": { "type": "object", "description": "Signals protocol capabilities. Only present if signals is in supported_protocols.", "properties": { "data_provider_domains": { "type": "array", "description": "Data provider domains this signals agent is authorized to resell. Buyers should fetch each data provider's adagents.json for published signal definitions and to verify authorization.", "items": { "type": "string", "pattern": "^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$" }, "minItems": 1 }, "discovery_modes": { "type": "array", "description": "Discovery modes this signals agent supports on get_signals. 'brief' (default — every signals agent supports this): semantic discovery driven by signal_spec or signal_refs, with deprecated signal_ids accepted for older clients. 'wholesale': raw wholesale signals feed enumeration — caller omits signal_spec, signal_refs, and signal_ids and the agent returns its full priced signals feed, paginated, scoped by filters/account/destinations/countries. Agents that do not declare 'wholesale' MAY return INVALID_REQUEST for wholesale calls. Absent declaration is treated as ['brief'].", "items": { "type": "string", "enum": [ "brief", "wholesale" ] }, "minItems": 1, "uniqueItems": true, "default": [ "brief" ] }, "features": { "type": "object", "description": "Optional signals features supported", "properties": { "catalog_signals": { "type": "boolean", "description": "DEPRECATED. Legacy wire flag for structured signal_ref references to provider-published signal definitions. New agents SHOULD omit this flag; callers MUST NOT require it before using signal_ref with the Signals protocol.", "deprecated": true } }, "additionalProperties": { "type": "boolean" } } } }, "governance": { "type": "object", "description": "Governance protocol capabilities. Only present if governance is in supported_protocols. Governance agents provide property and creative data like compliance scores, brand safety ratings, sustainability metrics, and creative quality assessments.", "properties": { "aggregation_window_days": { "type": "integer", "minimum": 1, "maximum": 365, "description": "Trailing window (in days) over which this governance agent aggregates committed spend when evaluating dollar-valued thresholds (reallocation_threshold, human_review triggers, registry-policy floors). Required for fragmentation defense: without aggregation, a buyer can split a single large spend into many sub-threshold commits across plans / task surfaces / time and bypass every dollar-gated escalation. Aggregation is keyed on (buyer_agent, seller_agent, account_id) and spans all spend-commit task types. Upper bound 365 represents a one-year trailing window (fiscal-year alignment with grace); governance agents needing longer scopes negotiate via operator sign-off, not this capability. No schema default: absence of this field indicates the governance agent has not committed to any aggregation window and buyers MUST assume per-commit evaluation only (the fragmentation attack surface is open). A declared value of 30 is a common starting point but is not implied by omission. Buyers depending on a specific window for compliance MUST check this capability before relying on aggregation semantics — an agent declaring 7 days does not defend against fragmentation spread across a 30-day quarter-end push." }, "property_features": { "type": "array", "description": "Property features this governance agent can evaluate. Each feature describes a score, rating, or certification the agent can provide for properties.", "items": { "type": "object", "properties": { "feature_id": { "type": "string", "description": "Unique identifier for this feature (e.g., 'consent_quality', 'coppa_certified', 'carbon_score')" }, "type": { "type": "string", "enum": [ "binary", "quantitative", "categorical" ], "description": "Data type: 'binary' for yes/no, 'quantitative' for numeric scores, 'categorical' for enum values" }, "range": { "type": "object", "description": "For quantitative features, the valid range", "properties": { "min": { "type": "number", "description": "Minimum value" }, "max": { "type": "number", "description": "Maximum value" } }, "required": [ "min", "max" ] }, "categories": { "type": "array", "description": "For categorical features, the valid values", "items": { "type": "string" } }, "description": { "type": "string", "description": "Human-readable description of what this feature measures" }, "methodology_url": { "type": "string", "format": "uri", "description": "URL to documentation explaining how this feature is calculated or measured. Helps buyers understand and compare methodologies across vendors." } }, "required": [ "feature_id", "type" ] } }, "creative_features": { "type": "array", "description": "Creative features this governance agent can evaluate. Each feature describes a score, rating, or assessment the agent can provide for creatives (e.g., security scanning, creative quality, content categorization).", "items": { "type": "object", "properties": { "feature_id": { "type": "string", "description": "Unique identifier for this feature (e.g., 'auto_redirect', 'brand_consistency', 'iab_casinos_gambling')" }, "type": { "type": "string", "enum": [ "binary", "quantitative", "categorical" ], "description": "Data type: 'binary' for yes/no, 'quantitative' for numeric scores, 'categorical' for enum values" }, "range": { "type": "object", "description": "For quantitative features, the valid range", "properties": { "min": { "type": "number", "description": "Minimum value" }, "max": { "type": "number", "description": "Maximum value" } }, "required": [ "min", "max" ] }, "categories": { "type": "array", "description": "For categorical features, the valid values", "items": { "type": "string" } }, "description": { "type": "string", "description": "Human-readable description of what this feature measures" }, "methodology_url": { "type": "string", "format": "uri", "description": "URL to documentation explaining how this feature is calculated or measured." } }, "required": [ "feature_id", "type" ] } } } }, "sponsored_intelligence": { "type": "object", "description": "Sponsored Intelligence protocol capabilities. Only present if sponsored_intelligence is in supported_protocols. SI agents handle conversational brand experiences.", "x-status": "experimental", "properties": { "endpoint": { "type": "object", "description": "SI agent endpoint configuration", "properties": { "transports": { "type": "array", "description": "Available protocol transports. Hosts select based on their capabilities.", "items": { "type": "object", "properties": { "type": { "type": "string", "enum": [ "mcp", "a2a" ], "description": "Protocol transport type" }, "url": { "type": "string", "format": "uri", "description": "Agent endpoint URL for this transport" } }, "required": [ "type", "url" ], "additionalProperties": true }, "minItems": 1 }, "preferred": { "type": "string", "enum": [ "mcp", "a2a" ], "description": "Preferred transport when host supports multiple" } }, "required": [ "transports" ] }, "capabilities": { "$ref": "/schemas/3.1.0-rc.4/sponsored-intelligence/si-capabilities.json", "description": "Modalities, components, and commerce capabilities" }, "brand_url": { "type": "string", "format": "uri", "description": "URL to brand.json with colors, fonts, logos, tone" } }, "required": [ "endpoint", "capabilities" ] }, "brand": { "type": "object", "description": "Brand protocol capabilities. Only present if brand is in supported_protocols. Brand agents provide identity data (logos, colors, tone, assets) and optionally rights clearance for licensable content (talent, music, stock media).", "properties": { "rights": { "type": "boolean", "description": "Supports get_rights and acquire_rights for rights discovery and clearance", "x-status": "experimental", "default": false }, "right_types": { "type": "array", "description": "Types of rights available through this agent", "x-status": "experimental", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/right-type.json" } }, "available_uses": { "type": "array", "description": "Rights uses available across this agent's roster", "x-status": "experimental", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/right-use.json" } }, "generation_providers": { "type": "array", "description": "LLM/generation providers this agent can issue credentials for", "x-status": "experimental", "items": { "type": "string" } }, "description": { "type": "string", "description": "Description of the agent's brand protocol capabilities", "maxLength": 5000 } }, "additionalProperties": true }, "creative": { "type": "object", "description": "Creative protocol capabilities. Only present if creative is in supported_protocols.", "properties": { "supports_compliance": { "type": "boolean", "description": "When true, this creative agent can process briefs with compliance requirements (required_disclosures, prohibited_claims) and will validate that disclosures can be satisfied by the target format." }, "has_creative_library": { "type": "boolean", "description": "When true, this agent hosts a creative library and supports list_creatives and creative_id references in build_creative. Creative agents with a library should also implement the accounts protocol (sync_accounts / list_accounts) so buyers can establish access.", "default": false }, "supports_generation": { "type": "boolean", "description": "When true, this agent can generate creatives from natural language briefs via build_creative. The buyer provides a message with creative direction, and the agent produces a manifest with generated assets. When false, build_creative only supports transformation or library retrieval.", "default": false }, "supports_transformation": { "type": "boolean", "description": "When true, this agent can transform or resize existing manifests via build_creative. The buyer provides a creative_manifest and a target_format_id, and the agent adapts the creative to the new format.", "default": false }, "supported_formats": { "type": "array", "description": "Canonical-formats path: format declarations describing which canonical formats this creative agent can produce via `build_creative`. Each entry uses the same `ProductFormatDeclaration` shape as a product's inline `format_options[i]` — `format_kind` discriminator + `params` (canonical's parameter schema including `slots`, dimensions, durations, codecs, character limits, platform_extensions, tracking_extensions). Replaces the v1 `list_creative_formats` discovery surface for creative agents.", "items": { "type": "object", "properties": { "capability_id": { "type": "string", "description": "Stable identifier for this format declaration within the agent (e.g., 'audiostack_audio_30s'). Optional but recommended for declarations that may be referenced over time." }, "format": { "$ref": "/schemas/3.1.0-rc.4/core/product-format-declaration.json", "description": "Format declaration this agent can produce. Same shape as a product's inline `format_options[i]`: `format_kind` + `params` + `slots`." } }, "required": [ "format" ], "additionalProperties": true } }, "bills_through_adcp": { "type": "boolean", "description": "When true, this creative agent bills through the AdCP rate-card surface: list_creatives returns pricing_options when include_pricing=true with an authenticated account, build_creative populates pricing_option_id and vendor_cost on the response, and report_usage accepts records against the rate card. When false or absent, the agent bills out of band (flat license, SaaS contract, bundled enterprise agreement) and buyers should skip pricing fields and tolerate report_usage returning accepted: 0 with errors carrying BILLING_OUT_OF_BAND. A pre-call discriminator so buyer agents can route across many creative agents without first establishing an account to probe pricing.", "default": false }, "canonical_catalog_version": { "type": "string", "pattern": "^\\d+\\.\\d+(\\.\\d+)?$", "description": "Optional. The AdCP canonical-formats catalog version this agent's runtime is built against (e.g., `3.1`, `3.2.0`). Lets buyer SDKs detect canonical-catalog skew between their generated types and the seller's actual support. SDKs MAY declare the version they were generated against (typically the AdCP version they ship for); when seller and SDK versions disagree, SDKs SHOULD soft-warn rather than fail (the open-enum semantics on `canonical-format-kind.json` make unknown canonicals safe to retain, so skew is not a hard error — it just means the older side might not understand newer canonical values). Omitted by sellers who haven't yet generated against a versioned catalog; absence is interpreted as the AdCP version advertised by the broader capabilities response." } }, "additionalProperties": true }, "request_signing": { "type": "object", "description": "RFC 9421 HTTP Signatures support for incoming requests. Optional in 3.0 — capability-advertised so counterparties can opt into signing selectively. Required for spend-committing operations in 4.0 (the next breaking-changes accumulation window). The full profile is defined in docs/building/implementation/security.mdx (Signed Requests (Transport Layer)).", "properties": { "supported": { "type": "boolean", "description": "Whether this agent verifies RFC 9421 signatures on incoming requests. When true, signatures present on requests are validated per the AdCP request-signing profile. When false or absent, signatures are ignored (requests are bearer-authenticated only)." }, "covers_content_digest": { "type": "string", "enum": [ "required", "forbidden", "either" ], "description": "Policy for content-digest coverage in request signatures. 'required': signers MUST cover content-digest (body is bound to the signature); body-unbound signatures rejected with request_signature_components_incomplete. 'forbidden': signers MUST NOT cover content-digest; body-bound signatures rejected with request_signature_components_unexpected. This is an opt-out for the narrow case of legacy infrastructure that cannot preserve body bytes. 'either' (default): signer chooses per-request; verifier accepts both covered and uncovered forms. 'required' is recommended for spend-committing operations in production; 4.0 recommends 'required' for those operations.", "default": "either" }, "required_for": { "type": "array", "description": "AdCP protocol operation names (e.g., 'create_media_buy') for which this agent rejects unsigned requests with request_signature_required. Not MCP tool names, A2A skill names, or any transport-specific rename — verifiers MUST NOT accept operation names that are not defined by the AdCP protocol spec. JSON-RPC protocol method names like `tasks/cancel` belong in `protocol_methods_required_for`, not here. Empty in 3.0 by default; sellers populate selectively during per-counterparty pilots. In 4.0 this list MUST include all spend-committing operations the agent supports (create_media_buy, acquire_*, etc.). Counterparties MUST sign any listed operation. Every operation listed MUST also appear in `supported_for` (an operation can't be required without being supported); see `x-adcp-validation`.", "items": { "type": "string" }, "default": [], "x-adcp-validation": { "subset_of": "request_signing.supported_for", "spec": "docs/building/implementation/security.mdx#signed-requests-transport-layer" } }, "warn_for": { "type": "array", "description": "AdCP protocol operation names for which this agent verifies signatures when present and logs failures but does NOT reject the request. Used as a shadow-mode bridge between supported_for and required_for: the verifier surfaces failure rates in monitoring before flipping an operation to required. Precedence: required_for > warn_for > supported_for. An operation in required_for ignores warn_for. Counterparties SHOULD sign operations in warn_for; verifiers MUST NOT reject if the signature is missing or invalid. An operation MUST NOT appear in both `warn_for` and `required_for`; see `x-adcp-validation`.", "items": { "type": "string" }, "default": [], "x-adcp-validation": { "disjoint_with": "request_signing.required_for", "subset_of": "request_signing.supported_for", "spec": "docs/building/implementation/security.mdx#signed-requests-transport-layer" } }, "supported_for": { "type": "array", "description": "AdCP protocol operation names for which this agent verifies signatures when present but does not require them. Counterparties SHOULD sign operations in this list. Typically a superset of required_for and warn_for.", "items": { "type": "string" } }, "protocol_methods_supported_for": { "type": "array", "description": "JSON-RPC protocol method names (e.g., 'tasks/cancel', 'tasks/get') for which this agent verifies signatures when present. Disjoint from `supported_for`, which carries AdCP tool names only. Counterparties SHOULD sign listed methods. The `tasks/*` family enumerated here matches the A2A 0.3.0 task-lifecycle methods (§7.x); future protocol additions extend this list, not `supported_for`. Items MUST be wire-format JSON-RPC method strings (containing `/`); plain AdCP tool names belong in `supported_for`.", "items": { "type": "string", "pattern": "^[a-z][a-z0-9_]*/[a-z][a-z0-9_]*$" }, "default": [], "x-adcp-validation": { "spec": "docs/building/by-layer/L1/security.mdx#signed-requests-transport-layer" } }, "protocol_methods_warn_for": { "type": "array", "description": "Protocol method names for which this agent verifies signatures when present and logs failures but does NOT reject. Shadow-mode bridge between `protocol_methods_supported_for` and `protocol_methods_required_for`, mirroring `warn_for` semantics in the AdCP-tool namespace. An item MUST NOT appear in both `protocol_methods_warn_for` and `protocol_methods_required_for`; see `x-adcp-validation`.", "items": { "type": "string", "pattern": "^[a-z][a-z0-9_]*/[a-z][a-z0-9_]*$" }, "default": [], "x-adcp-validation": { "disjoint_with": "request_signing.protocol_methods_required_for", "subset_of": "request_signing.protocol_methods_supported_for", "spec": "docs/building/by-layer/L1/security.mdx#signed-requests-transport-layer" } }, "protocol_methods_required_for": { "type": "array", "description": "JSON-RPC protocol method names for which this agent rejects unsigned requests with `request_signature_required`. Separate namespace from `required_for` (which carries AdCP tool names) so verifiers and storyboard runners don't conflate the two — an AdCP tool name and an A2A method name could in principle collide as bare strings, but the protocol_methods_* bucket binds the match against the JSON-RPC `method` field, not the `tools/call` `params.name`. Every method listed MUST also appear in `protocol_methods_supported_for`; see `x-adcp-validation`.", "items": { "type": "string", "pattern": "^[a-z][a-z0-9_]*/[a-z][a-z0-9_]*$" }, "default": [], "x-adcp-validation": { "subset_of": "request_signing.protocol_methods_supported_for", "spec": "docs/building/by-layer/L1/security.mdx#signed-requests-transport-layer" } } }, "required": [ "supported" ] }, "webhook_signing": { "type": "object", "description": "RFC 9421 webhook-signature support for outbound webhook callbacks (top-level peer of request_signing). Declares which AdCP webhook-signing profile version and algorithms this agent produces on delivery, and whether it supports the legacy HMAC-SHA256 fallback for receivers that have not yet adopted RFC 9421. See docs/building/implementation/webhooks.mdx.", "properties": { "supported": { "type": "boolean", "description": "Whether this agent signs outbound webhooks with the AdCP RFC 9421 webhook profile. When false or absent, webhooks are delivered with legacy Bearer or HMAC-SHA256 auth only and receivers MUST NOT expect a Signature header. When the seller advertises mutating-webhook emission (i.e., `media_buy.reporting_delivery_methods` includes `webhook`, `media_buy.content_standards.supports_webhook_delivery` is true, or `wholesale_feed_webhooks.supported` is true), this MUST be `true` — emitting state-changing webhooks unsigned is a downgrade vector that lets an on-path attacker forge delivery callbacks. See `x-adcp-validation`.", "x-adcp-validation": { "verifier_constraints": { "must_equal_when": { "value": true, "any_of": [ { "field": "media_buy.reporting_delivery_methods", "contains_item": "webhook" }, { "field": "media_buy.content_standards.supports_webhook_delivery", "equals": true }, { "field": "wholesale_feed_webhooks.supported", "equals": true } ] } }, "spec": "docs/building/implementation/webhooks.mdx" } }, "profile": { "type": "string", "enum": [ "adcp/webhook-signing/v1" ], "description": "Identifier of the webhook-signing profile version the agent emits. Value MUST match the `tag=` parameter emitted in the RFC 9421 `Signature-Input` header (see docs/building/implementation/webhooks.mdx) so receivers can statically validate the declared profile against the on-wire tag. Closed enum; future profile revisions will extend this enum in a follow-up schema bump." }, "algorithms": { "type": "array", "description": "Signature algorithms this agent uses on outbound webhooks. 3.0 profile permits 'ed25519' and 'ecdsa-p256-sha256' only; other values are reserved for future profile versions and MUST NOT be emitted under adcp/webhook-signing/v1.", "items": { "type": "string", "enum": [ "ed25519", "ecdsa-p256-sha256" ] }, "minItems": 1, "uniqueItems": true }, "legacy_hmac_fallback": { "type": "boolean", "description": "Whether this agent will fall back to HMAC-SHA256 on the legacy push_notification_config.authentication or accounts[].notification_configs[].authentication paths for receivers that have not adopted RFC 9421. Deprecated; removed in AdCP 4.0.", "default": false } }, "required": [ "supported" ] }, "identity": { "type": "object", "description": "Operator identity posture — trust-root pointer (`brand_json_url`) plus key-scoping and compromise-response controls the agent operates. `brand_json_url` is **load-bearing** for signature verification: when the agent declares any signing posture (`request_signing.supported_for`/`required_for` non-empty, `webhook_signing.supported === true`, or any `key_origins` subfield), `brand_json_url` MUST be present (storyboard-enforced in 3.x; schema-required in 4.0). Verifiers use it to bootstrap from the agent URL to the operator's brand.json (and from there to signing keys); see [security.mdx §Discovering an agent's signing keys](https://adcontextprotocol.org/docs/building/by-layer/L1/security#discovering-an-agents-signing-keys-via-brand_json_url). The remaining fields (`per_principal_key_isolation`, `key_origins`, `compromise_notification`) are advisory and receivers use them to reason about blast radius and revocation latency at onboarding. Empty-object semantics: `identity: {}` means \"posture block present but no posture claimed\" — schema-valid but advisory-neutral and receivers MUST treat it as equivalent to omitting the block, **except** that an agent declaring a signing posture elsewhere in the response with an empty `identity` MUST be rejected by storyboard runners as missing `brand_json_url`.", "properties": { "brand_json_url": { "type": "string", "format": "uri", "pattern": "^https://", "description": "HTTPS URL of the operator's brand.json (typically `https://{operator-domain}/.well-known/brand.json`). Trust-root pointer for this agent's signing keys. See [security.mdx §Discovering an agent's signing keys via `brand_json_url`](https://adcontextprotocol.org/docs/building/by-layer/L1/security#discovering-an-agents-signing-keys-via-brand_json_url) for the verifier algorithm and `x-adcp-validation` for structured constraints. Distinct from `sponsored_intelligence.brand_url`, which is a rendering pointer for SI agent visuals — verifiers MUST use this field for key discovery and MUST NOT fall back to `sponsored_intelligence.brand_url` as a trust-root pointer.", "x-adcp-validation": { "trust_root": true, "required_when": { "any_of": [ { "field": "request_signing.supported_for", "non_empty": true }, { "field": "request_signing.required_for", "non_empty": true }, { "field": "request_signing.protocol_methods_supported_for", "non_empty": true }, { "field": "request_signing.protocol_methods_required_for", "non_empty": true }, { "field": "webhook_signing.supported", "equals": true }, { "field": "identity.key_origins", "any_subfield_present": true } ] }, "schema_required_when": { "field": "adcp.supported_versions", "any_item_matches_pattern": "^4\\." }, "verifier_constraints": { "agent_url_match": "byte_equal", "origin_binding": "etld1_or_authorized_operators", "key_origins_consistency": "mandatory_when_signing" }, "distinct_from": "sponsored_intelligence.brand_url", "spec": "docs/building/implementation/security.mdx#discovering-an-agents-signing-keys-via-brand_json_url" } }, "per_principal_key_isolation": { "type": "boolean", "description": "When true, this multi-principal operator scopes signing keys per-principal so a single principal's key compromise does not silently re-scope across principals served by the same operator. `kid` values remain opaque to verifiers per RFC 7517; any operator-side naming convention (e.g., `{operator}:{principal}:{key_version}`) is internal bookkeeping and MUST NOT be parsed by verifiers. See docs/building/understanding/security-model.mdx.", "default": false }, "key_origins": { "type": "object", "description": "Map of signing-key purpose → publishing origin, so counterparties can verify origin separation (e.g., governance keys served from a separate origin than transport/webhook keys) at onboarding. Absent means the operator has not declared a separation scheme; receivers SHOULD assume shared-origin. Every purpose listed MUST have a corresponding signing posture declared elsewhere — `request_signing` requires non-empty `request_signing.supported_for`/`required_for`/`protocol_methods_supported_for`/`protocol_methods_required_for`; `webhook_signing` requires `webhook_signing.supported === true` — otherwise the consistency check at signature-verification time has nothing to anchor against. See `x-adcp-validation` and docs/building/implementation/security.mdx §Origin separation.", "properties": { "governance_signing": { "type": "string", "format": "uri", "description": "Origin (scheme + host) serving the governance-signing JWKS." }, "request_signing": { "type": "string", "format": "uri", "description": "Origin (scheme + host) serving the request-signing JWKS." }, "webhook_signing": { "type": "string", "format": "uri", "description": "Origin (scheme + host) serving the webhook-signing JWKS." }, "tmp_signing": { "type": "string", "format": "uri", "description": "Origin (scheme + host) serving the TMP-signing JWKS, when this operator participates in TMP." } }, "additionalProperties": false, "x-adcp-validation": { "verifier_constraints": { "purpose_anchoring": { "request_signing": "request_signing.supported_for | request_signing.required_for | request_signing.protocol_methods_supported_for | request_signing.protocol_methods_required_for non-empty", "webhook_signing": "webhook_signing.supported === true", "governance_signing": "governance protocol declared in supported_protocols", "tmp_signing": "trusted_match.surfaces non-empty (TMP participation)" } }, "spec": "docs/building/implementation/security.mdx#origin-separation" } }, "compromise_notification": { "type": "object", "description": "Whether this agent emits the `identity.compromise_notification` webhook event on key revocation due to known or suspected compromise (as opposed to scheduled rotation). Subscribers use this to bound the window between compromise detected and verifiers converging on revocation. See docs/building/implementation/webhooks.mdx §identity.compromise_notification.", "properties": { "emits": { "type": "boolean", "description": "Whether this agent emits `identity.compromise_notification` events.", "default": false }, "accepts": { "type": "boolean", "description": "Whether this agent subscribes to `identity.compromise_notification` events from counterparties it verifies signatures from.", "default": false } }, "additionalProperties": false } }, "additionalProperties": true }, "measurement": { "type": "object", "x-status": "experimental", "description": "Experimental measurement capability block. Presence indicates this agent computes one or more quantitative metrics about ad delivery, exposure, or effect, and is willing to be discovered as a measurement vendor. Agents implementing this block MUST list `measurement.core` in experimental_features. Returns metric definitions (this surface), not pricing/coverage (negotiated via `measurement_terms` on `create_media_buy`) or live values (returned per buy via `vendor_metric_values`). AAO crawls each measurement agent's `metrics[]` on a TTL to populate the federated cross-vendor index. Same self-describing pattern as `governance.property_features[]`: agents own the catalog; the registry aggregates.", "properties": { "metrics": { "type": "array", "description": "Metrics this agent computes. Each entry is identified by `metric_id` within the vendor's vocabulary; the canonical reference everywhere a measurement value appears (`committed_metrics`, `vendor_metric_values`, `missing_metrics`) is the tuple `(vendor.domain, vendor.brand_id, metric_id)`.", "items": { "type": "object", "properties": { "metric_id": { "$ref": "/schemas/3.1.0-rc.4/core/vendor-metric-id.json", "description": "Identifier for the metric within the vendor's vocabulary. Combined with the agent's BrandRef, forms the canonical tuple `(vendor.domain, vendor.brand_id, metric_id)`. Each metric_id MUST be unique within a single agent's catalog." }, "standard_reference": { "type": "string", "format": "uri", "description": "Optional URI pointing at the published standard this metric IMPLEMENTS (e.g., IAB Attention Measurement Guidelines, MRC Viewable Impression Measurement, GARM emissions framework). Distinct from `accreditations[]` — `standard_reference` is what the metric is built against; `accreditations[]` is third-party certification that the implementation actually conforms. Buyer agents normalizing across vendors SHOULD apply the AdCP URL canonicalization rules before comparing — vendors implementing the same standard MAY use different URL forms for the same canonical document." }, "accreditations": { "type": "array", "description": "Third-party accreditations this metric holds (MRC, ARF, JIC, ABC, BARB, AGOF, etc.). Distinct from `standard_reference`: a metric can implement a standard without being independently accredited. Buyers asking 'is this MRC-accredited?' SHOULD check this array, not just `standard_reference`. Each entry names the accrediting body and optionally pins a certification ID, validity date, and evidence URL.", "items": { "type": "object", "properties": { "accrediting_body": { "type": "string", "description": "Accrediting organization — open string (the global landscape includes MRC, ARF, ABC, BARB, JICWEBS, AGOF, JIC bodies in many markets). Use the canonical short name where one exists.", "examples": [ "MRC", "ARF", "ABC", "BARB", "JICWEBS", "AGOF" ] }, "certification_id": { "type": "string", "description": "Optional identifier for the certification in the accrediting body's records (when one exists; many bodies do not issue stable IDs)." }, "valid_until": { "type": "string", "format": "date", "description": "Optional ISO 8601 date when the current accreditation expires. Buyers MAY treat post-expiry data as un-accredited. Absence means the vendor does not assert an expiry — buyers SHOULD verify currency at the accrediting body's directory." }, "evidence_url": { "type": "string", "format": "uri", "description": "Optional URL pointing at the accrediting body's public listing for this certification (the buyer's path to verify the claim independently)." } }, "required": [ "accrediting_body" ], "additionalProperties": false }, "uniqueItems": true }, "unit": { "type": "string", "description": "Unit of the metric value when reported via `vendor_metric_values.value` (e.g., `score`, `seconds`, `persons`, `gCO2e`, `lift_percent`, `USD`). Buyers SHOULD render the unit alongside the value rather than computing units locally; sellers populating `vendor_metric_values.unit` MUST match this declaration when present.", "examples": [ "score", "seconds", "persons", "gCO2e", "lift_percent", "index", "USD" ] }, "description": { "type": "string", "description": "Human-readable description of what this metric measures and any relevant methodology notes. Surfaced in buyer-agent UX when explaining the metric to humans." }, "methodology_url": { "type": "string", "format": "uri", "description": "URL to the vendor's full methodology documentation for this metric. Buyers SHOULD link or fetch this when human review of the methodology is in scope (compliance, RFP review, accreditation audit). Field name mirrors `governance.property_features[].methodology_url`." }, "methodology_version": { "type": "string", "description": "Optional version identifier (semver, ISO date, or vendor-defined version string) for the methodology this metric currently implements. When present, buyer agents pin the contracted version on `committed_metrics` so silent vendor methodology changes are detectable; absence means the vendor does not version their methodology and buyers MUST treat any change as untracked.", "examples": [ "v2.1", "2026-Q1", "1.0" ] }, "ext": { "$ref": "/schemas/3.1.0-rc.4/core/ext.json" } }, "required": [ "metric_id" ], "additionalProperties": false }, "minItems": 1, "uniqueItems": true } }, "required": [ "metrics" ] }, "compliance_testing": { "type": "object", "description": "Compliance testing capabilities. The presence of this block declares that the agent supports deterministic testing via comply_test_controller for lifecycle state machine validation. Omit the block entirely if the agent does not support compliance testing. Sellers SHOULD list every canonical controller scenario they implement so buyers and runners can distinguish full deterministic coverage from partial coverage without probing each scenario one by one; the runtime source of truth remains comply_test_controller with scenario: 'list_scenarios'.", "properties": { "scenarios": { "type": "array", "description": "Compliance testing scenarios this agent supports. Must be non-empty — at least one scenario. Values SHOULD include every canonical controller scenario the agent implements, excluding list_scenarios because that value is a discovery operation rather than a test capability. Values MAY also include implementation-specific scenarios. Callers can use comply_test_controller with scenario: 'list_scenarios' to discover supported scenarios at runtime.", "items": { "type": "string" }, "minItems": 1 } }, "required": [ "scenarios" ], "additionalProperties": true }, "specialisms": { "type": "array", "description": "Optional — specialized compliance claims this agent supports. Values MUST be kebab-case enum IDs (e.g., 'creative-generative', 'sales-non-guaranteed'). An agent that implements a specialism's tools but omits its ID from this array will receive 'No applicable tracks found' from the compliance runner — tracks for that specialism are not evaluated even if every tool works. Omitting the field means the agent declares no specialism claims (it still passes the universal + domain-baseline storyboards implied by supported_protocols). Each specialism maps to a storyboard bundle at /compliance/{version}/specialisms/{id}/ that the AAO compliance runner executes to verify the claim. Each specialism rolls up to one of the protocols in supported_protocols — the runner rejects a specialism claim whose parent protocol is missing. Only list specialisms your agent actually implements — the AAO Verified badge enumerates which specialisms were demonstrably passed.", "items": { "$ref": "/schemas/3.1.0-rc.4/enums/specialism.json" }, "uniqueItems": true }, "extensions_supported": { "type": "array", "description": "Extension namespaces this agent supports. Buyers can expect meaningful data in ext.{namespace} fields on responses from this agent. Extension schemas are published in the AdCP extension registry.", "items": { "type": "string", "pattern": "^[a-z][a-z0-9_]*$", "description": "Extension namespace (lowercase alphanumeric with underscores, e.g., 'iab_tcf', 'iab_gpp')" }, "uniqueItems": true }, "experimental_features": { "type": "array", "description": "Experimental AdCP surfaces this agent implements. A surface is experimental when its schema carries x-status: experimental and the working group has not yet frozen it. Sellers that implement any experimental surface MUST list its feature id here. Buyers inspect this array before relying on experimental surfaces — a seller that does not list a surface is asserting it does not implement it. Experimental surfaces MAY break between any two 3.x releases with at least 6 weeks notice; the full contract is in docs/reference/experimental-status.", "items": { "type": "string", "pattern": "^[a-z][a-z0-9_]*(\\.[a-z][a-z0-9_]*)*$", "description": "Experimental feature id (dot-separated lowercase identifiers, e.g., 'brand.rights_lifecycle', 'governance.campaign', 'measurement.core', 'trusted_match.core')" }, "uniqueItems": true }, "wholesale_feed_versioning": { "type": "object", "description": "Conditional-fetch token capabilities for get_products and get_signals. Independent of wholesale feed webhooks: an agent MAY support cheap version probes via if_wholesale_feed_version without pushing change payloads (and vice versa). When supported is true, the agent returns wholesale_feed_version on every get_products / get_signals response and honors if_wholesale_feed_version on subsequent requests. When absent or supported is false, callers MAY still send if_wholesale_feed_version — pre-3.1 agents that ignore it just return the full payload (correct, just inefficient). Pre-flight declaration here lets buyers fast-path which agents to bother caching versions for. See get_products / get_signals 'Wholesale feed versioning' sections.", "properties": { "supported": { "type": "boolean", "description": "Whether the agent returns wholesale_feed_version on responses and honors if_wholesale_feed_version on requests. When absent, treated as false; buyers MAY still probe (the field-presence detection path) but cannot pre-flight-decide." }, "pricing_version_separate": { "type": "boolean", "description": "Whether the agent tracks pricing_version independently of wholesale_feed_version. When true, the agent returns both tokens and honors if_pricing_version separately — useful for rate-card sweeps that don't change product and signal metadata. When false or absent, the agent collapses both into wholesale_feed_version; callers SHOULD NOT send if_pricing_version (it will be ignored and may produce INVALID_REQUEST when sent without if_wholesale_feed_version per the dependencies rule)." }, "cache_scope_account": { "type": "boolean", "description": "Whether the agent ever returns cache_scope: 'account' (i.e., publishes per-account overlays distinct from the public rate card). When true, buyers MUST be prepared to maintain account-overlay caches alongside the public layer. When false or absent, all responses are cache_scope: 'public' regardless of whether account was provided — the agent's rate card is universal. Confidentiality note: declaring true advertises that the agent runs custom-pricing deals (low-grade market-posture signal); agents preferring not to disclose this MAY omit the field and let consumers detect-on-call via cache_scope on response." } }, "required": [ "supported" ] }, "last_updated": { "type": "string", "format": "date-time", "description": "ISO 8601 timestamp of when capabilities were last updated. Buyers can use this for cache invalidation." }, "errors": { "type": "array", "description": "Task-specific errors and warnings", "items": { "$ref": "/schemas/3.1.0-rc.4/core/error.json" } }, "context": { "$ref": "/schemas/3.1.0-rc.4/core/context.json" }, "ext": { "$ref": "/schemas/3.1.0-rc.4/core/ext.json" }, "wholesale_feed_webhooks": { "type": "object", "description": "Per-agent wholesale product-feed and wholesale signals-feed webhook capabilities. Declared by sales agents (products) and signals agents (signals). When supported is true, consumers can register sync_accounts.accounts[].notification_configs[] entries for product.* / signal.* / wholesale_feed.bulk_change and receive the actual change payload in each webhook. This is distinct from buyer-provided feeds managed by sync_catalogs. Consumers use get_products / get_signals with if_wholesale_feed_version as the repair and reconciliation path after missed or distrusted webhooks. See specs/wholesale-feed-webhooks.md. Webhook emission MUST apply the same caller/account authorization and scope predicate as the corresponding wholesale read; agents unable to guarantee per-principal filtering MUST NOT declare supported: true. Capability consistency: agents listing product.* event types MUST declare and support get_products with media_buy.buying_modes including wholesale; agents listing signal.* event types MUST declare and support get_signals with signals.discovery_modes including wholesale; agents listing wholesale_feed.bulk_change MUST have at least one of those wholesale repair paths and MUST only emit bulk-change payloads for affected_entity_type values backed by a declared repair path.", "properties": { "supported": { "type": "boolean", "description": "Whether this agent can push wholesale feed change payloads through account-level sync_accounts.accounts[].notification_configs[]. When false or absent, consumers fall back to wholesale polling, optionally with if_wholesale_feed_version probes." }, "event_types": { "type": "array", "description": "Wholesale feed webhook event types this agent can emit. Sales agents emit product.* events. Signals agents emit signal.* events. Agents that are both can emit both event families. Agents listing product.* event types MUST declare and support get_products with media_buy.buying_modes including wholesale. Agents listing signal.* event types MUST declare and support get_signals with signals.discovery_modes including wholesale. wholesale_feed.bulk_change tells consumers to repair by re-reading the affected wholesale feed via get_products and/or get_signals; agents listing it MUST have at least one of those wholesale repair paths and MUST only emit bulk-change payloads for affected_entity_type values backed by a declared repair path.", "items": { "type": "string", "enum": [ "product.created", "product.updated", "product.priced", "product.removed", "signal.created", "signal.updated", "signal.priced", "signal.removed", "wholesale_feed.bulk_change" ] }, "minItems": 1, "uniqueItems": true, "x-adcp-validation": { "verifier_constraints": { "wholesale_feed_webhook_capability_consistency": { "product_events_require": { "field": "media_buy.buying_modes", "contains_item": "wholesale" }, "signal_events_require": { "field": "signals.discovery_modes", "contains_item": "wholesale" }, "bulk_change_requires_any": [ { "field": "media_buy.buying_modes", "contains_item": "wholesale" }, { "field": "signals.discovery_modes", "contains_item": "wholesale" } ], "bulk_change_affected_entity_type_must_match_declared_repair_path": true } }, "spec": "specs/wholesale-feed-webhooks.md#capability-declaration" } } }, "required": [ "supported" ], "additionalProperties": true } }, "required": [ "adcp", "supported_protocols" ], "additionalProperties": true }