@adcp/sdk 7.11.0 → 7.11.1

package/compliance/cache/3.1.0-rc.2/test-kits/billing-gate-runner.yaml

@@ -0,0 +1,115 @@
+# Billing-Gate Runner — Harness Contract Test Kit
+#
+# Applies to: universal/billing-gate-dispatch.yaml.
+#
+# The billing-gate-dispatch storyboard validates the two-gate dispatch on
+# `sync_accounts.billing` rejection — seller-wide capability gate
+# (BILLING_NOT_SUPPORTED) vs per-buyer-agent commercial-relationship gate
+# (BILLING_NOT_PERMITTED_FOR_AGENT). Two of the four phases depend on
+# preconditions the runner cannot establish via the protocol:
+#
+#   capability_gate         — runner needs a `billing` value the seller does
+#                             NOT support, so it can probe a rejection. Skipped
+#                             if the seller supports all three values
+#                             ("operator", "agent", "advertiser") at the
+#                             capability level.
+#   per_agent_gate_reject   — runner needs the calling buyer agent to be
+#                             registered with the seller as passthrough-only
+#                             (no payments relationship). The seller's
+#                             onboarding system records the commercial state
+#                             offline; the protocol has no surface for
+#                             toggling it from outside.
+#
+# This kit is the coordination contract between the runner and a seller-under-
+# test that wants the per-agent-gate phases graded. Sellers that do not ship
+# a passthrough-only test caller leave `commercial_relationship` unset and
+# the per-agent phases grade `not_applicable`.
+
+id: billing_gate_runner
+applies_to:
+  universal_storyboard: billing-gate-dispatch
+
+description: |
+  Coordination contract between the billing-gate-dispatch runner and a seller
+  agent under test.
+
+  The runner reads two precondition fields from this kit:
+
+    account.unsupported_billing_probe — (optional) the value the runner will
+      submit on the capability-gate phase. MUST be a value the seller's
+      `account.supported_billing` does NOT include, so the seller rejects
+      with BILLING_NOT_SUPPORTED. Sellers whose `supported_billing` is the
+      full set of three values omit this field; the capability-gate phase
+      grades `not_applicable` in that case.
+
+    commercial_relationship — (optional) declares the calling buyer agent's
+      onboarded commercial state with the seller. When set to
+      "passthrough_only", the runner submits `billing: "agent"` on the
+      per-agent-gate-reject phase and asserts BILLING_NOT_PERMITTED_FOR_AGENT
+      with the clamped error.details shape. When unset, both per-agent
+      phases grade `not_applicable`.
+
+  Establishing the commercial relationship is offline (the same posture as
+  operator account creation): the seller-under-test records the test
+  caller's commercial state in its onboarding system before the storyboard
+  runs. A future extension (`comply_test_controller` `seed_buyer_agent`)
+  MAY let runners establish the precondition programmatically; until then
+  the test kit declares it.
+
+endpoint_scope: sandbox
+# The per_agent_gate_recover phase provisions a real account on the seller's
+# books once `BILLING_NOT_PERMITTED_FOR_AGENT` recovers via the seller's
+# `error.details.suggested_billing` value. Run against a sandbox endpoint or
+# a designated test caller whose account creations the seller cleans up
+# post-grading.
+
+harness_mode: black_box
+
+# Authentication fixture. Validated end-to-end against the training-agent
+# reference implementation (#3851), which recognizes the
+# `demo-billing-passthrough-*` family as the spoofable test principal
+# mapping to `commercial_relationship: passthrough_only` — see
+# server/src/training-agent/commercial-relationships.ts. Sellers running
+# their own conformance harness substitute their own bearer convention
+# for the same precondition.
+#
+# IMPORTANT — runner invocation: today's storyboard runner does not
+# auto-extract `auth.api_key` from the test kit. Pass it explicitly:
+#
+#   npx adcp storyboard run <agent-url> \
+#     --auth demo-billing-passthrough-v1 \
+#     --file static/compliance/source/universal/billing-gate-dispatch.yaml
+#
+# The kit declares the bearer the seller's harness expects to be
+# authenticated under; the CLI carries the bearer onto the wire.
+auth:
+  api_key: "demo-billing-passthrough-v1"
+  probe_task: list_accounts
+
+# Brand identity for the storyboard's sample_request payloads. Reuses the Acme
+# Outdoor sandbox brand so the brand-resolution path is the same as for
+# adjacent universal storyboards (acmeoutdoor.example resolves via AAO sandbox
+# brand resolution).
+brand:
+  house:
+    domain: "acmeoutdoor.example"
+    name: "Acme Outdoor"
+  brand_id: "acme_outdoor"
+
+# Account-shape preconditions for the capability-gate phase. Sellers whose
+# `account.supported_billing` is a strict subset of ["operator", "agent",
+# "advertiser"] declare the unsupported value here. Sellers whose capability
+# is the full set leave this commented out and the capability-gate phase
+# grades not_applicable.
+account:
+  # unsupported_billing_probe: "advertiser"  # uncomment + set for capability-gate
+
+# Per-buyer-agent commercial-relationship precondition for the per-agent
+# gate phases. When set to "passthrough_only", the runner exercises the
+# per-agent gate. Other values reserved for future commercial-state shapes
+# (e.g., "agent_billable", "advertiser_billable_only").
+#
+# Sellers that ship a passthrough-only test caller declare it here.
+# Sellers that don't, comment this out and the per-agent phases grade
+# not_applicable.
+commercial_relationship: "passthrough_only"

package/compliance/cache/3.1.0-rc.2/test-kits/bistro-oranje.yaml

@@ -0,0 +1,126 @@
+# Bistro Oranje — Hospitality Advertiser Test Kit
+#
+# Entity definition: fictional-entities.yaml → advertisers[bistro_oranje]
+#
+# Dutch restaurant chain used in rights licensing scenarios.
+#
+# This brand is registered as a sandbox brand in AgenticAdvertising.org (AAO).
+# Agents resolve bistro-oranje.example via the standard AAO brand resolution path.
+# AAO returns the brand.json below but excludes sandbox brands from production
+# brand discovery results.
+
+id: bistro_oranje
+name: "Bistro Oranje"
+description: "Dutch restaurant chain for rights licensing storyboard testing"
+sandbox: true
+
+# security_baseline auth fixture — see acme-outdoor.yaml for semantics.
+auth:
+  api_key: "demo-bistro-oranje-v1"
+  probe_task: list_creatives
+
+brand:
+  house:
+    domain: "bistro-oranje.example"
+    name: "Bistro Oranje"
+  brand_id: "bistro_oranje"
+  names:
+    - en: "Bistro Oranje"
+    - nl: "Bistro Oranje"
+  description: "Modern Dutch dining — seasonal menus inspired by the Netherlands, served with warmth."
+  industry: "hospitality"
+  keller_type: "master"
+  logos:
+    - url: "https://test-assets.adcontextprotocol.org/bistro-oranje/logo-primary.png"
+      orientation: "horizontal"
+      background: "light-bg"
+      variant: "primary"
+      width: 400
+      height: 100
+    - url: "https://test-assets.adcontextprotocol.org/bistro-oranje/logo-icon.png"
+      orientation: "square"
+      background: "transparent-bg"
+      variant: "icon"
+      width: 200
+      height: 200
+  colors:
+    primary: "#E65100"
+    secondary: "#1B5E20"
+    accent: "#FFC107"
+    background: "#FFF8E1"
+    text: "#212121"
+  fonts:
+    heading:
+      family: "Playfair Display"
+      weight: 700
+      url: "https://fonts.googleapis.com/css2?family=Playfair+Display:wght@700"
+    body:
+      family: "Source Sans Pro"
+      weight: 400
+      url: "https://fonts.googleapis.com/css2?family=Source+Sans+Pro"
+  tone:
+    voice: "Warm and inviting, with understated confidence. We let the food speak — no excess, no pretension."
+    attributes:
+      - "welcoming"
+      - "seasonal"
+      - "unpretentious"
+    dos:
+      - "Mention seasonal ingredients by name"
+      - "Reference Dutch culinary traditions"
+      - "Keep descriptions sensory and specific"
+    donts:
+      - "Use fine-dining jargon"
+      - "Overuse superlatives"
+      - "Promise exclusivity — Bistro Oranje is for everyone"
+
+assets:
+  images:
+    - id: "hero_300x250"
+      url: "https://test-assets.adcontextprotocol.org/bistro-oranje/hero-300x250.jpg"
+      width: 300
+      height: 250
+      mime_type: "image/jpeg"
+      description: "Medium rectangle hero — seasonal dish on rustic table"
+
+    - id: "hero_728x90"
+      url: "https://test-assets.adcontextprotocol.org/bistro-oranje/hero-728x90.jpg"
+      width: 728
+      height: 90
+      mime_type: "image/jpeg"
+      description: "Leaderboard hero — bistro exterior with canal backdrop"
+
+    - id: "hero_320x50"
+      url: "https://test-assets.adcontextprotocol.org/bistro-oranje/hero-320x50.jpg"
+      width: 320
+      height: 50
+      mime_type: "image/jpeg"
+      description: "Mobile banner hero — close-up of signature stamppot"
+
+    - id: "hero_160x600"
+      url: "https://test-assets.adcontextprotocol.org/bistro-oranje/hero-160x600.jpg"
+      width: 160
+      height: 600
+      mime_type: "image/jpeg"
+      description: "Wide skyscraper hero — vertical dining room scene"
+
+    - id: "hero_master"
+      url: "https://test-assets.adcontextprotocol.org/bistro-oranje/hero-master.jpg"
+      width: 1200
+      height: 628
+      mime_type: "image/jpeg"
+      description: "Master hero image — high-res chef plating seasonal dish"
+
+  text:
+    headlines:
+      - "Taste the Season at Bistro Oranje"
+      - "Dutch Comfort, Modern Kitchen"
+      - "Reserve Your Table Tonight"
+    descriptions:
+      - "Seasonal menus inspired by Dutch tradition, made with ingredients sourced within 50km. Bistro Oranje — Amsterdam, Rotterdam, Utrecht."
+      - "From stamppot to stroopwafel, every dish tells a story. Book your table at Bistro Oranje."
+    cta:
+      - "Reserve a Table"
+      - "View the Menu"
+      - "Find a Location"
+
+  click_url: "https://bistro-oranje.example/reservations"

package/compliance/cache/3.1.0-rc.2/test-kits/distributed-brand-runner.yaml

@@ -0,0 +1,281 @@
+# Distributed Brand Runner — Harness Contract Test Kit
+#
+# Applies to:
+#   - protocols/brand/scenarios/distributed_brand_resolution.yaml
+#
+# The distributed-brand scenario is a consumer-conformance test. It grades a
+# crawler, registry, buyer-side DSP, governance platform, or membership system
+# that reads static `brand.json` documents and decides whether relationship
+# trust can propagate from a house to a child brand.
+#
+# Runner-side implementation is pending. Until adcp-client lands a general
+# consumer-under-test dispatch primitive, scenario steps declare
+# `requires_contract: distributed_brand_runner` and grade `not_applicable`
+# unless the consumer advertises the controller scenario below.
+
+id: distributed_brand_runner
+applies_to:
+  protocol_scenarios:
+    - distributed_brand_resolution
+
+description: |
+  Coordination contract between a black-box runner and a consumer under test
+  for distributed `brand.json` resolution. The runner hosts fixture static
+  documents, dispatches the consumer through comply_test_controller scenario
+  `evaluate_distributed_brand_resolution`, and records the consumer's outbound
+  fetches and result report through `query_upstream_traffic`.
+
+endpoint_scope: sandbox
+harness_mode: black_box
+
+fixtures:
+  result_observation_endpoint:
+    url: "https://runner.example/distributed-brand-resolution/result"
+    method: POST
+    description: |
+      The consumer posts one JSON result per dispatch. This is a harness
+      observation surface, not a production protocol endpoint. The runner
+      records the call and applies storyboard `upstream_traffic`
+      `payload_must_contain` assertions against it.
+
+  mutual_assertion:
+    house:
+      domain: "nova-house.example"
+      brand_json_url: "https://nova-house.example/.well-known/brand.json"
+      brand_json_shape:
+        house:
+          domain: "nova-house.example"
+          name: "Nova House"
+        contact:
+          email: "brand-ops@nova-house.example"
+        data_subject_contestation:
+          contact:
+            email: "privacy@nova-house.example"
+            domain: "nova-house.example"
+        compliance_policies:
+          - policy_id: "house_art22_review"
+            enforcement: "must"
+            policy: "Human review is required for automated eligibility or opportunity decisions."
+        policy_categories:
+          - "regulated_decisioning"
+        brand_refs:
+          - domain: "leaf-brand.example"
+            brand_id: "leaf_brand"
+            managed_by: "aurora-agency.example"
+            effective_at: "2026-05-01T00:00:00Z"
+        trademarks:
+          - registry: "USPTO"
+            number: "90000001"
+            mark: "NOVA HOUSE"
+            status: "active"
+            license_type: "owned"
+            countries: ["US"]
+            nice_classes: [35]
+    leaf:
+      domain: "leaf-brand.example"
+      brand_json_url: "https://leaf-brand.example/.well-known/brand.json"
+      brand_json_shape:
+        id: "leaf_brand"
+        names:
+          - en: "Leaf Brand"
+        tagline: "Built by Leaf Brand"
+        description: "Self-published child brand identity for distributed brand.json testing."
+        house_domain: "nova-house.example"
+        keller_type: "endorsed"
+        colors:
+          primary: "#176B87"
+          secondary: "#E9C46A"
+        tone:
+          voice: "Clear, exact, and practical."
+          attributes:
+            - "clear"
+            - "practical"
+        data_subject_contestation:
+          contact:
+            email: "privacy@leaf-brand.example"
+            domain: "leaf-brand.example"
+        compliance_policies:
+          - policy_id: "leaf_no_sensitive_segments"
+            enforcement: "must"
+            policy: "Do not target sensitive health, finance, or employment inference segments."
+        policy_categories:
+          - "brand_suitability"
+        trademarks:
+          - registry: "USPTO"
+            number: "90000002"
+            mark: "LEAF BRAND"
+            status: "active"
+            license_type: "owned"
+            countries: ["US"]
+            nice_classes: [35]
+
+  leaf_only:
+    description: |
+      Leaf claims `house_domain: nova-house.example`, but the house document
+      served for this variant omits the leaf from `brand_refs[]`. Identity is
+      still trusted from the leaf's TLS document; relationship trust is not.
+    house:
+      domain: "nova-house.example"
+      brand_json_url: "https://nova-house.example/.well-known/brand.json"
+      brand_json_shape:
+        house:
+          domain: "nova-house.example"
+          name: "Nova House"
+        contact:
+          email: "brand-ops@nova-house.example"
+        data_subject_contestation:
+          contact:
+            email: "privacy@nova-house.example"
+            domain: "nova-house.example"
+        compliance_policies:
+          - policy_id: "house_art22_review"
+            enforcement: "must"
+            policy: "Human review is required for automated eligibility or opportunity decisions."
+        brand_refs: []
+    leaf:
+      domain: "leaf-only-brand.example"
+      brand_json_url: "https://leaf-only-brand.example/.well-known/brand.json"
+      brand_json_shape:
+        id: "leaf_only_brand"
+        names:
+          - en: "Leaf Only Brand"
+        tagline: "Leaf identity remains authoritative"
+        house_domain: "nova-house.example"
+        keller_type: "independent"
+        trademarks:
+          - registry: "USPTO"
+            number: "90000003"
+            mark: "LEAF ONLY BRAND"
+            status: "pending"
+            countries: ["US"]
+            nice_classes: [35]
+
+  managed_by_only:
+    description: |
+      House declares a pointer child with `managed_by`, but the leaf omits
+      `house_domain`. Consumers may surface the manager in directory views,
+      but MUST NOT use it as a trust edge.
+    house:
+      domain: "nova-house.example"
+      brand_json_url: "https://nova-house.example/.well-known/brand.json"
+      brand_json_shape:
+        house:
+          domain: "nova-house.example"
+          name: "Nova House"
+        contact:
+          email: "brand-ops@nova-house.example"
+        brand_refs:
+          - domain: "managed-leaf.example"
+            brand_id: "managed_leaf"
+            managed_by: "aurora-agency.example"
+            effective_at: "2026-05-01T00:00:00Z"
+    leaf:
+      domain: "managed-leaf.example"
+      brand_json_url: "https://managed-leaf.example/.well-known/brand.json"
+      brand_json_shape:
+        id: "managed_leaf"
+        names:
+          - en: "Managed Leaf"
+        tagline: "Managed operationally, not trust delegated"
+        keller_type: "independent"
+        trademarks:
+          - registry: "USPTO"
+            number: "90000004"
+            mark: "MANAGED LEAF"
+            status: "active"
+            countries: ["US"]
+            nice_classes: [35]
+
+  invalid_trademark:
+    description: |
+      Static document used only for schema-rejection validation. The runner
+      intentionally serves invalid typed trademark values so the consumer can
+      prove it rejects them before promoting the document into a resolved graph.
+    leaf:
+      domain: "invalid-mark-brand.example"
+      brand_json_url: "https://invalid-mark-brand.example/.well-known/brand.json"
+      invalid_fields:
+        - "trademarks[0].status"
+        - "trademarks[0].countries[0]"
+        - "trademarks[0].nice_classes[0]"
+      brand_json_shape:
+        id: "invalid_mark_brand"
+        names:
+          - en: "Invalid Mark Brand"
+        tagline: "Invalid marks should not promote"
+        house_domain: "nova-house.example"
+        keller_type: "endorsed"
+        trademarks:
+          - registry: "USPTO"
+            number: "90000005"
+            mark: "INVALID MARK BRAND"
+            status: "registered"
+            countries: ["USA"]
+            nice_classes: [99]
+
+consumer_test_controller_scenario:
+  name: evaluate_distributed_brand_resolution
+  request_shape:
+    scenario: evaluate_distributed_brand_resolution
+    params:
+      variant: mutual_assertion | leaf_only | managed_by_only | invalid_trademark
+      house_domain: "<runner-supplied house domain>"
+      house_brand_json_url: "<runner-supplied URL>"
+      leaf_domain: "<runner-supplied leaf domain>"
+      leaf_brand_json_url: "<runner-supplied URL>"
+      brand_id: "<runner-supplied brand_id>"
+      manager_domain: "<runner-supplied manager domain, when variant=managed_by_only>"
+      result_endpoint: "https://runner.example/distributed-brand-resolution/result"
+
+  expected_consumer_behavior:
+    - Fetch the leaf Brand Canonical Document.
+    - Fetch the named house document when evaluating a schema-valid parent relationship claim.
+    - Fetch the house document first when the dispatch variant starts from a house-side `brand_refs[]` claim.
+    - Stop before relationship promotion when the leaf document fails brand.json schema validation.
+    - Compare `leaf.house_domain` with `house.brand_refs[]` by domain and brand_id.
+    - Report leaf identity as trusted whenever the leaf document is schema-valid and TLS-served.
+    - Report relationship trust as `mutual` only when both sides reciprocate.
+    - Merge governance and compliance fields strictest-of when returning a resolved graph.
+    - Treat `managed_by` as directory metadata only.
+    - Validate typed `trademarks[]` fields against the 3.1 brand.json schema before promoting them.
+
+result_report_contract:
+  content_type: "application/json"
+  required_fields:
+    variant: "mutual_assertion | leaf_only | managed_by_only | invalid_trademark"
+    identity:
+      trusted: boolean
+      source_domain: string
+      brand_id: string
+      tagline: string
+    relationship:
+      trust_tier: "mutual | leaf_only | house_only | standalone | invalid"
+      trust_extending: boolean
+      managed_by_trust_edge: false
+    compliance:
+      policy_ids: "array of resolved policy_id values after strictest-of merge"
+      data_subject_contestation_contacts: "array of { domain, email } contacts retained from both house and leaf when present"
+    directory:
+      managed_by: "manager domain when present on house brand_refs[]"
+    trademark_validation:
+      valid_fixture_schema: boolean
+      error_paths: "array of field paths when valid_fixture_schema is false"
+    trademarks: "array of accepted brand-level trademark records when valid_fixture_schema is true"
+
+upstream_traffic_contract:
+  required_fetches:
+    mutual_assertion:
+      - "GET *://nova-house.example/.well-known/brand.json"
+      - "GET *://leaf-brand.example/.well-known/brand.json"
+    leaf_only:
+      - "GET *://nova-house.example/.well-known/brand.json"
+      - "GET *://leaf-only-brand.example/.well-known/brand.json"
+    managed_by_only:
+      - "GET *://nova-house.example/.well-known/brand.json"
+      - "GET *://managed-leaf.example/.well-known/brand.json"
+    invalid_trademark:
+      - "GET *://invalid-mark-brand.example/.well-known/brand.json"
+  forbidden_trust_extension_patterns:
+    - "POST */governance/auto-provision"
+    - "POST */governance/contexts"
+    - "POST */billing/seats/auto-add"