@adcp/sdk 6.9.0 → 6.10.0

package/compliance/cache/3.0.6.previous/test-kits/summit-foods.yaml

@@ -0,0 +1,125 @@
+# Summit Foods — CPG Advertiser Test Kit
+#
+# Entity definition: fictional-entities.yaml → advertisers[summit_foods]
+#
+# Organic food / CPG brand that buys retail media inventory on ShopGrid.
+#
+# This brand is registered as a sandbox brand in AgenticAdvertising.org (AAO).
+# Agents resolve summitfoods.example via the standard AAO brand resolution path.
+# AAO returns the brand.json below but excludes sandbox brands from production
+# brand discovery results.
+
+id: summit_foods
+name: "Summit Foods"
+description: "Organic food CPG brand for retail media storyboard testing"
+sandbox: true
+
+# security_baseline auth fixture — see acme-outdoor.yaml for semantics.
+auth:
+  api_key: "demo-summit-foods-v1"
+  probe_task: list_creatives
+
+brand:
+  house:
+    domain: "summitfoods.example"
+    name: "Summit Foods"
+  brand_id: "summit_foods"
+  names:
+    - en: "Summit Foods"
+  description: "Organic pantry staples made from ingredients you can pronounce. From farm to shelf, nothing artificial."
+  industry: "cpg"
+  keller_type: "master"
+  logos:
+    - url: "https://test-assets.adcontextprotocol.org/summit-foods/logo-primary.png"
+      orientation: "horizontal"
+      background: "light-bg"
+      variant: "primary"
+      width: 400
+      height: 100
+    - url: "https://test-assets.adcontextprotocol.org/summit-foods/logo-icon.png"
+      orientation: "square"
+      background: "transparent-bg"
+      variant: "icon"
+      width: 200
+      height: 200
+  colors:
+    primary: "#33691E"
+    secondary: "#F9A825"
+    accent: "#BF360C"
+    background: "#FAFAF5"
+    text: "#1B1B1B"
+  fonts:
+    heading:
+      family: "Nunito"
+      weight: 700
+      url: "https://fonts.googleapis.com/css2?family=Nunito:wght@700"
+    body:
+      family: "Nunito"
+      weight: 400
+      url: "https://fonts.googleapis.com/css2?family=Nunito"
+  tone:
+    voice: "Honest and approachable. We talk like a farmer at a market stall — proud of the product, plain about what's in it."
+    attributes:
+      - "transparent"
+      - "approachable"
+      - "earthy"
+    dos:
+      - "Name specific ingredients and sourcing"
+      - "Use plain language over marketing speak"
+      - "Emphasize taste alongside health"
+    donts:
+      - "Use 'clean eating' or diet-culture language"
+      - "Make unsubstantiated health claims"
+      - "Position as premium or exclusive — Summit Foods is everyday food"
+
+assets:
+  images:
+    - id: "hero_300x250"
+      url: "https://test-assets.adcontextprotocol.org/summit-foods/hero-300x250.jpg"
+      width: 300
+      height: 250
+      mime_type: "image/jpeg"
+      description: "Medium rectangle hero — product lineup on kitchen counter"
+
+    - id: "hero_728x90"
+      url: "https://test-assets.adcontextprotocol.org/summit-foods/hero-728x90.jpg"
+      width: 728
+      height: 90
+      mime_type: "image/jpeg"
+      description: "Leaderboard hero — harvest field with Summit Foods packaging"
+
+    - id: "hero_320x50"
+      url: "https://test-assets.adcontextprotocol.org/summit-foods/hero-320x50.jpg"
+      width: 320
+      height: 50
+      mime_type: "image/jpeg"
+      description: "Mobile banner hero — close-up of organic granola bar"
+
+    - id: "hero_160x600"
+      url: "https://test-assets.adcontextprotocol.org/summit-foods/hero-160x600.jpg"
+      width: 160
+      height: 600
+      mime_type: "image/jpeg"
+      description: "Wide skyscraper hero — vertical pantry shelf with Summit products"
+
+    - id: "hero_master"
+      url: "https://test-assets.adcontextprotocol.org/summit-foods/hero-master.jpg"
+      width: 1200
+      height: 628
+      mime_type: "image/jpeg"
+      description: "Master hero image — high-res breakfast spread with Summit products"
+
+  text:
+    headlines:
+      - "Organic. Honest. Delicious."
+      - "Ingredients You Can Pronounce"
+      - "From Our Farm to Your Shelf"
+    descriptions:
+      - "Organic pantry staples made with five ingredients or fewer. Summit Foods — real food for real kitchens."
+      - "No fillers, no artificial anything. Just honest food that tastes like food should."
+    cta:
+      - "Shop Now"
+      - "Find in Store"
+      - "Try the Sampler"
+
+  click_url: "https://summitfoods.example/shop"

package/compliance/cache/3.0.6.previous/test-kits/webhook-receiver-runner.yaml

@@ -0,0 +1,265 @@
+# Webhook Receiver Runner — Harness Contract Test Kit
+#
+# Applies to:
+#   - universal/webhook-emission.yaml (primary consumer — grades outbound
+#     webhook conformance: idempotency_key presence, stability across retries,
+#     and RFC 9421 signature validity when 9421 is in effect)
+#   - universal/idempotency.yaml (replay-side-effect invariant — "no duplicate
+#     webhooks on replay" step is gated on this contract being in scope)
+#   - Any future storyboard that needs to observe outbound webhooks.
+#
+# The webhook-emission universal grades an agent's outbound-webhook
+# conformance: idempotency_key presence and stability across retries, and —
+# when the 9421 webhook profile is in effect — RFC 9421 signature validity per
+# docs/building/implementation/security.mdx#webhook-callbacks.
+#
+# Storyboards are unidirectional by default (runner → agent). Verifying what
+# the agent sends back requires the runner to host a webhook receiver during
+# test execution and observe inbound deliveries. This test-kit defines the
+# coordination contract between that receiver and a webhook-emitting agent
+# under test.
+#
+# Clean seam: the runner does NOT reimplement signature verification or dedup.
+# It delegates to `@adcp/client` primitives (AsyncHandler, WebhookMetadata,
+# IdempotencyBackend) so the same code that production receivers use is what
+# the conformance runner exercises. A single bug fix in the library covers both.
+
+id: webhook_receiver_runner
+applies_to:
+  universals:
+    - webhook-emission
+    - idempotency
+
+description: |
+  Coordination contract between a black-box runner hosting a webhook receiver
+  and a webhook-emitting agent under test. The runner mints per-step HTTPS
+  endpoints, injects them into push_notification_config.url on the steps that
+  trigger webhooks, observes incoming deliveries via @adcp/client AsyncHandler
+  hooks, and asserts on idempotency_key presence, idempotency_key stability
+  across retries, and (when advertised) 9421 signature validity.
+
+endpoint_scope: sandbox
+# Storyboards that drive webhook emission typically call spend-committing
+# operations (create_media_buy, acquire_*, activate_signal). Running those
+# against production would create real commitments. Graders MUST target a
+# sandbox/staging endpoint. Agents claiming the specialism SHOULD expose a
+# dedicated grading endpoint.
+
+harness_mode: black_box
+
+# --- Ephemeral endpoint mechanism ---
+#
+# Three viable shapes with materially different operational costs. The runner
+# selects per run mode; storyboard authors SHOULD NOT assume a specific mode.
+#
+#   loopback_mock (default for lint/fast runs):
+#     The runner intercepts the agent's outbound HTTP at the library-client
+#     level (via @adcp/client AsyncHandler) before the request leaves the
+#     process. Zero network dependencies. Exercises serialization, signature
+#     math, and idempotency-key logic, but not real wire behavior (no TLS
+#     handshake, no proxy interposition, no real DNS). Appropriate for CI lint
+#     gates and SDK self-tests.
+#
+#   proxy_url (default for full conformance runs):
+#     The CI environment exposes an HTTPS URL that routes into the runner
+#     process. The runner mints per-step paths under that base. Exercises real
+#     wire behavior end-to-end, including TLS, proxies, and body preservation.
+#     Appropriate for AdCP Verified grading where the agent under test is a
+#     remote service.
+#
+#   tunnel (optional wrapper, NOT a hard dep):
+#     ngrok, cloudflared, or similar. Operators MAY configure a tunnel as the
+#     proxy_url provider, but the runner MUST NOT require a specific tunnel
+#     vendor. Adding a tunnel is a wrapper concern outside the spec.
+#
+# The specialism grades observable agent behavior; the receiver mechanism is
+# an implementation detail below the conformance seam. An agent that passes
+# under loopback_mock MUST also pass under proxy_url for the same storyboard —
+# any divergence is a conformance bug in the runner or the client library, not
+# a legitimate agent-behavior difference.
+
+endpoint_modes:
+  - mode: loopback_mock
+    default_for: [lint, fast]
+    description: |
+      Intercepts the agent's outbound HTTP at the @adcp/client AsyncHandler
+      layer. No external network exposure. Zero CI setup cost.
+    runner_config:
+      intercept_layer: adcp_client_async_handler
+
+  - mode: proxy_url
+    default_for: [full_conformance, adcp_verified]
+    description: |
+      Operator-supplied HTTPS URL routing to the runner process. The runner
+      mints per-step paths under this base.
+    runner_config:
+      base_url_env: ADCP_RUNNER_WEBHOOK_BASE_URL
+      required_for_adcp_verified: true
+      scheme: https
+      # HTTPS is REQUIRED for proxy_url. Runners MUST reject an
+      # ADCP_RUNNER_WEBHOOK_BASE_URL with an http:// scheme unless the runner
+      # is started with an explicit local-dev flag (not exposed in AdCP
+      # Verified grading). The loopback_mock mode operates in-process and has
+      # no TLS surface; this rule applies only to proxy_url.
+
+# --- Per-step receiver URLs ---
+#
+# The runner exposes two substitution variables to storyboards:
+#
+#   {{runner.webhook_base}}            HTTPS base for the current run
+#   {{runner.webhook_url:<step_id>}}   Per-step URL unique to step <step_id>
+#
+# Per-step URLs scope assertions cleanly: an expect_webhook on step_A matches
+# only webhooks delivered to step_A's URL. Fan-in scenarios (one URL receiving
+# from multiple emitting steps) are deferred — see storyboard-schema.yaml
+# "shared_receiver (deferred / out of scope v1)."
+
+receiver_urls:
+  per_step_url_template: "{{runner.webhook_base}}/step/<step_id>/<operation_id>"
+  operation_id_source: push_notification_config.url
+  # <operation_id> in the URL template is the ID the RUNNER (acting as caller)
+  # sets in the path segment of push_notification_config.url when it registers
+  # the webhook on the triggering step. This is NOT a server-generated ID — the
+  # agent under test MUST NOT mint its own operation_id. The agent's webhook
+  # payload MUST echo this operation_id back verbatim so the runner can match
+  # inbound deliveries to the step that triggered them.
+
+# --- Retry-replay assertion shape ---
+#
+# expect_webhook_retry_keys_stable is the only step that requires a specific
+# receiver-behavior contract. The runner's webhook receiver deterministically
+# returns HTTP 5xx for the first `count` deliveries, then 2xx, and records the
+# idempotency_key on every delivery. The runner then asserts all recorded keys
+# are byte-identical.
+#
+# The sender's retry back-off is out of scope for the contract — the runner
+# sets a sufficient timeout_seconds on the step to cover reasonable back-off
+# schedules (default 90s). Any conformant at-least-once sender will retry
+# within that window.
+
+retry_replay_contract:
+  mechanism: receiver_returns_5xx_then_2xx
+  default_count: 3
+  min_count: 1
+  max_count: 10
+  # Hard ceiling on retry_trigger.count. Runners MUST reject storyboards whose
+  # retry_trigger.count falls outside [min_count, max_count] with a storyboard
+  # validation error at load time. The ceiling prevents a typo (count: 1000000)
+  # from turning a runner into a DoS amplifier against a real seller in
+  # proxy_url mode. Sellers exercise retry back-off with N=3 routinely;
+  # higher counts do not add meaningful conformance signal.
+  default_http_status: 503
+  allowed_statuses: [429, 500, 502, 503, 504]
+  # Runners MUST reject retry_trigger.http_status values outside this
+  # allowlist. Statuses like 400 or 404 are not retryable signals for
+  # at-least-once senders — a storyboard declaring one is a bug, not a
+  # legitimate test shape.
+  default_timeout_seconds: 90
+  expected_behavior: |
+    The sender retries on each 5xx response. Every retry MUST carry the
+    byte-identical idempotency_key the first delivery carried. The runner
+    records all deliveries and asserts key stability; a key rotation across
+    retries fails the step with `idempotency_key_rotated`.
+
+    When 9421 is in effect for the storyboard, the runner ALSO verifies the
+    signature on every retry delivery using the run-scoped replay store (see
+    client_primitives.signature_replay_store). A sender that reuses the 9421
+    `nonce` sig-param across retries fails the step with `signature_replayed`
+    on the second delivery even though idempotency_key is stable — nonce
+    freshness is a separate invariant.
+
+# --- @adcp/client primitives the runner hooks ---
+#
+# The runner does NOT reimplement signature verification or dedup. It consumes
+# the following primitives from @adcp/client (see adcontextprotocol/adcp-client)
+# so the conformance surface matches what production receivers use:
+
+client_primitives:
+  async_handler_config:
+    # AdCPClient is constructed with an AsyncHandlerConfig whose webhookDedup
+    # uses a runner-owned IdempotencyBackend. The runner's backend wraps the
+    # standard memoryBackend() and records every (agent_id, idempotency_key)
+    # observed for later assertion.
+    reference: AsyncHandlerConfig.webhookDedup
+    doc: https://github.com/adcontextprotocol/adcp-client/pull/629
+
+  webhook_metadata:
+    # Every onXxxStatusChange handler receives a WebhookMetadata second arg
+    # carrying idempotency_key. The runner's handlers write this into the
+    # per-step observation buffer.
+    reference: WebhookMetadata.idempotency_key
+    doc: https://github.com/adcontextprotocol/adcp-client/pull/629
+
+  activity_webhook_duplicate:
+    # The client emits Activity { type: "webhook_duplicate" } when a repeat
+    # idempotency_key hits the dedup backend. The runner counts these to
+    # assert that retries triggered by expect_webhook_retry_keys_stable do
+    # reach the client (indicating the sender is retrying) AND are suppressed
+    # as duplicates (indicating the key stayed stable).
+    reference: Activity.type == "webhook_duplicate"
+    doc: https://github.com/adcontextprotocol/adcp-client/pull/629
+
+  webhook_signature_verifier:
+    # Once RFC 9421 webhook signing lands in the client library (follow-up to
+    # adcontextprotocol/adcp#2423), the runner hooks the verifier to surface
+    # webhook_signature_* error codes on failure. Until that lands,
+    # expect_webhook_signature_valid grades as preview / skip with a stable
+    # non-applicable marker.
+    reference: 9421 webhook verifier (TBD in @adcp/client)
+    status: pending
+    blocked_on: "@adcp/client implementation of docs/building/implementation/security.mdx#webhook-callbacks"
+
+  signature_replay_store:
+    # The runner MUST maintain ONE (keyid, nonce) replay store shared across
+    # every webhook delivery it observes in a storyboard run — including
+    # every expect_webhook_signature_valid step AND every retry delivery
+    # produced under expect_webhook_retry_keys_stable.
+    #
+    # Rationale: without a shared store, a publisher emitting the same signed
+    # bytes at two different expect_webhook_signature_valid steps would pass
+    # both in isolation, silently missing cross-step nonce replay. The 9421
+    # profile's (keyid, nonce) uniqueness guarantee is per-signer, not
+    # per-step — scoping replay state per-step in the runner would redefine
+    # the guarantee in a way production receivers don't.
+    #
+    # Scope: one store per storyboard run; destroyed at run end. Not shared
+    # across runs (a fresh run is a fresh counterparty-session from the
+    # publisher's perspective).
+    reference: Run-scoped (keyid, nonce) replay store
+    required_for:
+      - expect_webhook_signature_valid
+      - expect_webhook_retry_keys_stable (when 9421 in effect)
+
+# --- Claim scope ---
+
+scope:
+  in_scope: |
+    - Per-step receiver URL template and operation_id echo pattern.
+    - Retry-replay receiver-behavior contract (5xx-then-2xx, count and status).
+    - @adcp/client primitives the runner delegates to for observation and
+      verification.
+    - Endpoint mode selection (loopback_mock vs. proxy_url) and which mode
+      AdCP Verified grading runs under.
+    - Black-box-only harness mode (white_box is out of scope for webhook
+      receiver testing because the seam is the client library, not the
+      agent's internals).
+  out_of_scope: |
+    - The agent's internal webhook emission code path — the contract grades
+      observable behavior only.
+    - Which 9421 library the client uses — the client is free to pin any
+      validated RFC 9421 implementation.
+    - HTTP retry back-off schedules — the runner's timeout_seconds is
+      sufficient; precise back-off is sender-implementation-specific.
+    - Webhook-signing negative conformance vectors — those live at
+      /compliance/{version}/test-vectors/webhook-signing/ (follow-up) and
+      are graded per-vector, not via this contract.
+    - Production webhook receiver configuration — this contract configures
+      test counterparties only.
+
+references:
+  universal: static/compliance/source/universal/webhook-emission.yaml
+  spec_section: /docs/building/implementation/security.mdx#webhook-callbacks
+  client_receiver_pr: https://github.com/adcontextprotocol/adcp-client/pull/629
+  signing_upstream_pr: https://github.com/adcontextprotocol/adcp/pull/2423
+  idempotency_upstream_pr: https://github.com/adcontextprotocol/adcp/pull/2417
+  runner_implementation_tracking: https://github.com/adcontextprotocol/adcp/issues/2426

package/compliance/cache/3.0.6.previous/test-vectors/plan-hash/001-minimal-plan.json

@@ -0,0 +1,43 @@
+{
+  "name": "Minimal plan with required fields only",
+  "spec_reference": "#plan-state-binding",
+  "description": "Baseline canonicalization over the required plan fields (plan_id, brand, objectives, budget, flight). No optionals set.",
+  "plan_as_supplied": {
+    "plan_id": "plan_minimal_2026",
+    "brand": {
+      "domain": "example.com"
+    },
+    "objectives": "Drive awareness for Q1 launch.",
+    "budget": {
+      "total": 100000,
+      "currency": "USD",
+      "reallocation_threshold": 5000
+    },
+    "flight": {
+      "start": "2026-04-01T00:00:00Z",
+      "end": "2026-06-30T00:00:00Z"
+    }
+  },
+  "expected": {
+    "preimage": {
+      "plan_id": "plan_minimal_2026",
+      "brand": {
+        "domain": "example.com"
+      },
+      "objectives": "Drive awareness for Q1 launch.",
+      "budget": {
+        "total": 100000,
+        "currency": "USD",
+        "reallocation_threshold": 5000
+      },
+      "flight": {
+        "start": "2026-04-01T00:00:00Z",
+        "end": "2026-06-30T00:00:00Z"
+      }
+    },
+    "jcs_bytes": "{\"brand\":{\"domain\":\"example.com\"},\"budget\":{\"currency\":\"USD\",\"reallocation_threshold\":5000,\"total\":100000},\"flight\":{\"end\":\"2026-06-30T00:00:00Z\",\"start\":\"2026-04-01T00:00:00Z\"},\"objectives\":\"Drive awareness for Q1 launch.\",\"plan_id\":\"plan_minimal_2026\"}",
+    "sha256_hex": "a11d2314312dcdcc203db35ff8e7ddfdf64761f0320f54d16f318e1415421be7",
+    "plan_hash": "oR0jFDEtzcwgPbNf-Ofd_fZHYfAyD1TRbzGOFBVCG-c"
+  },
+  "$comment": "Generated by .context/generate-plan-hash-vectors.mjs. Re-run on spec changes."
+}

package/compliance/cache/3.0.6.previous/test-vectors/plan-hash/002-full-plan.json

@@ -0,0 +1,217 @@
+{
+  "name": "Plan exercising every optional field",
+  "spec_reference": "#plan-state-binding",
+  "description": "All optional fields populated including delegations[], custom_policies[], channels.mix_targets{}, budget.allocations{}, and ext{}.",
+  "plan_as_supplied": {
+    "plan_id": "plan_full_2026",
+    "brand": {
+      "domain": "acmecorp.com",
+      "industries": [
+        "consumer_finance"
+      ],
+      "data_subject_contestation": {
+        "url": "https://acmecorp.com/contest",
+        "email": "privacy@acmecorp.com"
+      }
+    },
+    "objectives": "Drive awareness for spring launch across premium video.",
+    "budget": {
+      "total": 500000,
+      "currency": "USD",
+      "reallocation_threshold": 25000,
+      "per_seller_max_pct": 40,
+      "allocations": {
+        "media_buy": {
+          "amount": 400000
+        },
+        "rights_license": {
+          "amount": 75000,
+          "max_pct": 20
+        },
+        "signal_activation": {
+          "amount": 25000
+        }
+      }
+    },
+    "human_review_required": true,
+    "channels": {
+      "required": [
+        "olv"
+      ],
+      "allowed": [
+        "audio",
+        "ctv",
+        "display",
+        "olv"
+      ],
+      "mix_targets": {
+        "olv": {
+          "min_pct": 40,
+          "max_pct": 70
+        },
+        "display": {
+          "min_pct": 10,
+          "max_pct": 30
+        }
+      }
+    },
+    "flight": {
+      "start": "2026-03-15T00:00:00Z",
+      "end": "2026-06-15T00:00:00Z"
+    },
+    "countries": [
+      "US"
+    ],
+    "regions": [
+      "US-CA",
+      "US-MA",
+      "US-NY"
+    ],
+    "policy_ids": [
+      "alcohol_advertising",
+      "eu_ai_act_annex_iii",
+      "us_coppa"
+    ],
+    "policy_categories": [
+      "fair_lending"
+    ],
+    "custom_policies": [
+      {
+        "policy_id": "no_competitor_adjacency",
+        "policy": "No advertising adjacent to direct competitor content.",
+        "enforcement": "must"
+      }
+    ],
+    "mode": "enforce",
+    "approved_sellers": [
+      "https://publisher-a.example",
+      "https://publisher-b.example"
+    ],
+    "delegations": [
+      {
+        "agent_url": "https://buying.agency.example",
+        "authority": "execute_only",
+        "budget_limit": {
+          "amount": 200000,
+          "currency": "USD"
+        },
+        "markets": [
+          "US"
+        ],
+        "expires_at": "2026-12-31T23:59:59Z"
+      }
+    ],
+    "ext": {
+      "trace_id": "trace_abc123"
+    }
+  },
+  "expected": {
+    "preimage": {
+      "plan_id": "plan_full_2026",
+      "brand": {
+        "domain": "acmecorp.com",
+        "industries": [
+          "consumer_finance"
+        ],
+        "data_subject_contestation": {
+          "url": "https://acmecorp.com/contest",
+          "email": "privacy@acmecorp.com"
+        }
+      },
+      "objectives": "Drive awareness for spring launch across premium video.",
+      "budget": {
+        "total": 500000,
+        "currency": "USD",
+        "reallocation_threshold": 25000,
+        "per_seller_max_pct": 40,
+        "allocations": {
+          "media_buy": {
+            "amount": 400000
+          },
+          "rights_license": {
+            "amount": 75000,
+            "max_pct": 20
+          },
+          "signal_activation": {
+            "amount": 25000
+          }
+        }
+      },
+      "human_review_required": true,
+      "channels": {
+        "required": [
+          "olv"
+        ],
+        "allowed": [
+          "audio",
+          "ctv",
+          "display",
+          "olv"
+        ],
+        "mix_targets": {
+          "olv": {
+            "min_pct": 40,
+            "max_pct": 70
+          },
+          "display": {
+            "min_pct": 10,
+            "max_pct": 30
+          }
+        }
+      },
+      "flight": {
+        "start": "2026-03-15T00:00:00Z",
+        "end": "2026-06-15T00:00:00Z"
+      },
+      "countries": [
+        "US"
+      ],
+      "regions": [
+        "US-CA",
+        "US-MA",
+        "US-NY"
+      ],
+      "policy_ids": [
+        "alcohol_advertising",
+        "eu_ai_act_annex_iii",
+        "us_coppa"
+      ],
+      "policy_categories": [
+        "fair_lending"
+      ],
+      "custom_policies": [
+        {
+          "policy_id": "no_competitor_adjacency",
+          "policy": "No advertising adjacent to direct competitor content.",
+          "enforcement": "must"
+        }
+      ],
+      "mode": "enforce",
+      "approved_sellers": [
+        "https://publisher-a.example",
+        "https://publisher-b.example"
+      ],
+      "delegations": [
+        {
+          "agent_url": "https://buying.agency.example",
+          "authority": "execute_only",
+          "budget_limit": {
+            "amount": 200000,
+            "currency": "USD"
+          },
+          "markets": [
+            "US"
+          ],
+          "expires_at": "2026-12-31T23:59:59Z"
+        }
+      ],
+      "ext": {
+        "trace_id": "trace_abc123"
+      }
+    },
+    "jcs_bytes": "{\"approved_sellers\":[\"https://publisher-a.example\",\"https://publisher-b.example\"],\"brand\":{\"data_subject_contestation\":{\"email\":\"privacy@acmecorp.com\",\"url\":\"https://acmecorp.com/contest\"},\"domain\":\"acmecorp.com\",\"industries\":[\"consumer_finance\"]},\"budget\":{\"allocations\":{\"media_buy\":{\"amount\":400000},\"rights_license\":{\"amount\":75000,\"max_pct\":20},\"signal_activation\":{\"amount\":25000}},\"currency\":\"USD\",\"per_seller_max_pct\":40,\"reallocation_threshold\":25000,\"total\":500000},\"channels\":{\"allowed\":[\"audio\",\"ctv\",\"display\",\"olv\"],\"mix_targets\":{\"display\":{\"max_pct\":30,\"min_pct\":10},\"olv\":{\"max_pct\":70,\"min_pct\":40}},\"required\":[\"olv\"]},\"countries\":[\"US\"],\"custom_policies\":[{\"enforcement\":\"must\",\"policy\":\"No advertising adjacent to direct competitor content.\",\"policy_id\":\"no_competitor_adjacency\"}],\"delegations\":[{\"agent_url\":\"https://buying.agency.example\",\"authority\":\"execute_only\",\"budget_limit\":{\"amount\":200000,\"currency\":\"USD\"},\"expires_at\":\"2026-12-31T23:59:59Z\",\"markets\":[\"US\"]}],\"ext\":{\"trace_id\":\"trace_abc123\"},\"flight\":{\"end\":\"2026-06-15T00:00:00Z\",\"start\":\"2026-03-15T00:00:00Z\"},\"human_review_required\":true,\"mode\":\"enforce\",\"objectives\":\"Drive awareness for spring launch across premium video.\",\"plan_id\":\"plan_full_2026\",\"policy_categories\":[\"fair_lending\"],\"policy_ids\":[\"alcohol_advertising\",\"eu_ai_act_annex_iii\",\"us_coppa\"],\"regions\":[\"US-CA\",\"US-MA\",\"US-NY\"]}",
+    "sha256_hex": "15ef2c87895e763dc4be0f410b0e62d943112bff5c8c27667c77a979b9907673",
+    "plan_hash": "Fe8sh4ledj3Evg9BCw5i2UMRK_9cjCdmfHepebmQdnM"
+  },
+  "$comment": "Generated by .context/generate-plan-hash-vectors.mjs. Re-run on spec changes."
+}