@adcp/sdk 7.1.0 → 7.2.0

package/dist/lib/version.d.ts

@@ -1,7 +1,7 @@
 /**
  * AdCP SDK library version
  */
-export declare const LIBRARY_VERSION = "7.1.0";
+export declare const LIBRARY_VERSION = "7.2.0";
 /**
  * AdCP specification version this library is built for
  */
@@ -33,10 +33,10 @@ export type AdcpVersion = (typeof COMPATIBLE_ADCP_VERSIONS)[number];
  * Full version information
  */
 export declare const VERSION_INFO: {
-    readonly library: "7.1.0";
+    readonly library: "7.2.0";
     readonly adcp: "3.0.11";
     readonly compatibleVersions: readonly ["v2.5", "v2.6", "v3", "3.0.0-beta.1", "3.0.0-beta.3", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "3.0.4", "3.0.5", "3.0.6", "3.0.7", "3.0.8", "3.0.9", "3.0.10", "3.0.11"];
-    readonly generatedAt: "2026-05-12T12:09:32.916Z";
+    readonly generatedAt: "2026-05-12T23:51:47.164Z";
 };
 /**
  * Get the AdCP specification version this library is built for

package/dist/lib/version.js

@@ -11,7 +11,7 @@ exports.parseAdcpMajorVersion = parseAdcpMajorVersion;
 /**
  * AdCP SDK library version
  */
-exports.LIBRARY_VERSION = '7.1.0';
+exports.LIBRARY_VERSION = '7.2.0';
 /**
  * AdCP specification version this library is built for
  */
@@ -52,10 +52,10 @@ exports.COMPATIBLE_ADCP_VERSIONS = [
  * Full version information
  */
 exports.VERSION_INFO = {
-    library: '7.1.0',
+    library: '7.2.0',
     adcp: '3.0.11',
     compatibleVersions: exports.COMPATIBLE_ADCP_VERSIONS,
-    generatedAt: '2026-05-12T12:09:32.916Z',
+    generatedAt: '2026-05-12T23:51:47.164Z',
 };
 /**
  * Get the AdCP specification version this library is built for

package/docs/llms.txt

@@ -1,7 +1,7 @@
 # Ad Context Protocol (AdCP)
 
-> Generated at: 2026-05-08
-> Library: @adcp/sdk v6.11.0
+> Generated at: 2026-05-12
+> Library: @adcp/sdk v7.1.0
 > AdCP major version: 3
 > Canonical URL: https://adcontextprotocol.github.io/adcp-client/llms.txt
 > Note: the `Library` stamp reflects the package.json version at doc-generation time. The narrative below describes the surface that lands on the next-published minor — including any 6.7 helpers documented here ahead of the release tag.
@@ -97,6 +97,14 @@ const buy = await agent.createMediaBuy({
 });
 ```
 
+## Transport auth
+
+AdCP is auth-scheme-agnostic at the transport layer. The protocol carries JSON-RPC over HTTP; how the outer envelope is gated is an operator-private deployment choice — bearer tokens, OAuth, mTLS, AWS SigV4 at the edge, an IP allow-list, or RFC 7617 HTTP Basic when the agent sits behind an API gateway with a BasicAuthentication policy (Apigee, Kong, AWS API Gateway, nginx `auth_basic`) are all valid. `get_adcp_capabilities` does NOT advertise the accepted auth schemes; encoding every gateway permutation in the capability payload would couple the protocol to infrastructure choices that change between deployments.
+
+Auth-scheme discovery, when needed, flows through `WWW-Authenticate` (RFC 9110 §11.6.1) and Protected Resource Metadata (RFC 9728) — both consumed by the SDK's auth-diagnostics path. Basic-fronted agents emit `WWW-Authenticate: Basic realm="…"` on a 401; consumers (SDK callers, the CLI's 401-bounce path, LLM agents) should branch on the challenge scheme rather than retrying Bearer indefinitely.
+
+The TypeScript SDK speaks both schemes today. Programmatically: `createTestClient({ auth: { type: 'basic', username, password } })` (RFC 7617) and `createTestClient({ auth: { type: 'bearer', token } })`. From the CLI: `--auth-scheme basic` opts into Basic and `--auth <user:pass>` carries the credential; the default `bearer` remains unchanged.
+
 ## Error Handling
 
 When `result.success` is `false`, use `result.adcpError` for programmatic handling:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adcp/sdk",
-  "version": "7.1.0",
+  "version": "7.2.0",
   "description": "AdCP SDK — client, server, and compliance harnesses for the AdContext Protocol (MCP + A2A)",
   "workspaces": [
     ".",

package/skills/call-adcp-agent/SKILL.md

@@ -240,7 +240,7 @@ Quick lookup before reading the full envelope. Match what you see in `adcp_error
 | `recovery: 'transient'` (rate limit, 5xx, timeout) | Server-side, retry-safe | Retry with the **same** `idempotency_key`. |
 | `recovery: 'correctable'` | Buyer-side fix | Read `issues[]`, patch the pointers, resend. Most cases close in one attempt. |
 | `recovery: 'terminal'` (account suspended, payment required, …) | Requires human action | Don't retry. Surface to the user. |
-| HTTP 401 with `WWW-Authenticate` header | Missing or expired credential | Add `Authorization` per the agent's auth spec; re-auth if applicable. |
+| HTTP 401 with `WWW-Authenticate` header | Missing or expired credential | Add `Authorization` per the agent's auth spec; re-auth if applicable. If the challenge `scheme` is `Basic` (gateway-fronted agents — Apigee, Kong, AWS API GW), the SDK / CLI need `auth: { type: 'basic', username, password }` or `--auth user:pass --auth-scheme basic` — `Bearer` will never succeed against that gateway. **Saved aliases**: if registered with `--auth-scheme basic`, the scheme persists in `~/.adcp/config.json` and auto-applies on every later invocation — don't redundantly repeat the flag on each call. |
 
 If your symptom isn't here, fall through to the next section.