@adcp/sdk 7.5.0 → 7.6.0

package/ADCP_VERSION

@@ -1 +1 @@
-3.0.11
+3.0.12

package/bin/adcp.js

@@ -964,6 +964,19 @@ function parseAgentOptions(args) {
     if (eqArg) file = eqArg.slice('--file='.length);
   }
 
+  // --test-kit PATH | --test-kit=PATH: load a test-kit YAML so storyboard
+  // steps with `auth.from_test_kit: true` or `$test_kit.<path>` references
+  // resolve. Required for storyboards like `comply_controller_mode_gate`
+  // that draw their bearer from a fixture rather than --auth.
+  const testKitIndex = args.indexOf('--test-kit');
+  let testKitPath = null;
+  if (testKitIndex !== -1 && testKitIndex + 1 < args.length && !args[testKitIndex + 1].startsWith('--')) {
+    testKitPath = args[testKitIndex + 1];
+  } else {
+    const eqArg = args.find(a => a.startsWith('--test-kit='));
+    if (eqArg) testKitPath = eqArg.slice('--test-kit='.length);
+  }
+
   const jsonOutput = args.includes('--json');
   const debug = args.includes('--debug') || process.env.ADCP_DEBUG === 'true';
   const dryRun = args.includes('--dry-run');
@@ -1081,6 +1094,7 @@ function parseAgentOptions(args) {
     formatValue,
     summaryOutputValue,
     fileIndex !== -1 ? file : null,
+    testKitIndex !== -1 ? testKitPath : null,
     summaryFileFlagValue,
   ].filter(v => v !== null && v !== undefined);
   // `-H` short form does NOT start with `--`, so we filter it (and its KEY=VALUE
@@ -1095,6 +1109,7 @@ function parseAgentOptions(args) {
     protocolFlag,
     brief,
     file,
+    testKitPath,
     jsonOutput,
     debug,
     dryRun,
@@ -1336,6 +1351,30 @@ function buildResolvedAuthOption({
  * function deliberately does NOT exchange — it just surfaces the saved
  * credentials so the caller can hand them to the testing/protocol layer.
  */
+/**
+ * Load a test-kit YAML file and return its parsed object. Throws on invalid
+ * YAML or missing files. Used by `storyboard run --test-kit PATH` to feed
+ * `options.test_kit` to the storyboard runner — storyboard steps with
+ * `auth.from_test_kit: true` or `$test_kit.<path>` references read from it.
+ */
+function loadTestKitFile(testKitPath) {
+  const fs = require('node:fs');
+  const path = require('node:path');
+  const resolved = path.resolve(testKitPath);
+  let raw;
+  try {
+    raw = fs.readFileSync(resolved, 'utf8');
+  } catch (err) {
+    throw new Error(`failed to read test-kit at ${resolved}: ${err.message}`);
+  }
+  try {
+    const { parse } = require('yaml');
+    return parse(raw);
+  } catch (err) {
+    throw new Error(`failed to parse ${resolved} as YAML: ${err.message}`);
+  }
+}
+
 async function resolveAgent(agentArg, authToken, protocolFlag, jsonOutput, authScheme = null) {
   let agentUrl;
   let protocol = protocolFlag;
@@ -1466,6 +1505,12 @@ NOTES:
   skill-matrix run: hand Claude the OpenAPI spec + the AdCP SKILL.md +
   a target storyboard, let Claude generate the wrapper, then grade.
 
+  The spec pins the triage order spec → mock → SDK. When a storyboard
+  failure disagrees between the spec, the mock, and your code, the mock
+  is the authoritative reference (within the bounds the spec defines).
+  See:
+    https://adcontextprotocol.org/docs/building/verification/conformance#mock-server-authority-and-failure-triage
+
   See: src/lib/mock-server/<specialism>/openapi.yaml
 `);
     process.exit(args.length === 0 ? 2 : 0);
@@ -2139,7 +2184,14 @@ async function handleStoryboardShow(args) {
       console.log(`Resolves to ${resolved.storyboards.length} storyboard(s):`);
       for (const sb of resolved.storyboards) {
         const gating = sb.requires_capability
-          ? ` (gated on ${sb.requires_capability.path} = ${sb.requires_capability.equals})`
+          ? ' (gated on ' +
+            sb.requires_capability.path +
+            ('present' in sb.requires_capability
+              ? sb.requires_capability.present
+                ? ' present'
+                : ' absent'
+              : ' = ' + sb.requires_capability.equals) +
+            ')'
           : ' (always graded)';
         const trackTag = sb.track ? ` [track: ${sb.track}]` : '';
         console.log(`  - ${sb.id}${trackTag}${gating}`);
@@ -2436,6 +2488,16 @@ async function handleStoryboardRun(args) {
     ? await resolveWebhookReceiverOptions(args, { jsonOutput })
     : webhookReceiverBase;
 
+  let loadedTestKit = null;
+  if (opts.testKitPath) {
+    try {
+      loadedTestKit = loadTestKitFile(opts.testKitPath);
+    } catch (err) {
+      console.error(`ERROR: ${err.message}`);
+      process.exit(2);
+    }
+  }
+
   const options = {
     protocol,
     ...buildResolvedAuthOption({
@@ -2449,6 +2511,7 @@ async function handleStoryboardRun(args) {
     ...(opts.noSandbox && { sandbox: false, disable_sandbox: true }),
     ...(opts.assertsSeededState && { assertsSeededState: true }),
     ...(mergedRunHeaders && { headers: mergedRunHeaders }),
+    ...(loadedTestKit && { test_kit: loadedTestKit }),
   };
 
   const restoreLogs = jsonOutput ? captureStdoutLogs() : null;
@@ -4118,6 +4181,16 @@ async function runFullAssessment(agentArg, rawArgs, parsedOpts) {
 
   await loadInvariantModules(rawArgs);
 
+  let loadedTestKit = null;
+  if (opts.testKitPath) {
+    try {
+      loadedTestKit = loadTestKitFile(opts.testKitPath);
+    } catch (err) {
+      console.error(`ERROR: ${err.message}`);
+      process.exit(2);
+    }
+  }
+
   const testOptions = {
     protocol,
     brief: opts.brief,
@@ -4131,6 +4204,7 @@ async function runFullAssessment(agentArg, rawArgs, parsedOpts) {
     ...(opts.noSandbox && { sandbox: false, disable_sandbox: true }),
     ...(opts.assertsSeededState && { assertsSeededState: true }),
     ...(mergedAssessmentHeaders && { headers: mergedAssessmentHeaders }),
+    ...(loadedTestKit && { test_kit: loadedTestKit }),
   };
 
   if (!opts.jsonOutput) {

package/compliance/cache/{3.0.11 → 3.0.12}/index.json

@@ -1,9 +1,10 @@
 {
-  "adcp_version": "3.0.11",
-  "generated_at": "2026-05-11T08:45:20.345Z",
+  "adcp_version": "3.0.12",
+  "generated_at": "2026-05-13T10:39:52.556Z",
   "universal": [
     "capability-discovery",
     "collection-lists-pagination-integrity",
+    "comply-controller-mode-gate",
     "content-standards-pagination-integrity",
     "deterministic-testing",
     "error-compliance",

package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/brand-rights/scenarios/governance_denied.yaml

@@ -2,7 +2,7 @@ id: brand_rights/governance_denied
 version: "1.0.0"
 title: "Brand agent rejects rights acquisition when governance denies"
 category: brand_rights
-summary: "Verifies that a brand agent propagates GOVERNANCE_DENIED when the buyer's governance plan denies a rights license."
+summary: "Verifies that a brand agent returns AcquireRightsRejected when the buyer's governance plan denies a rights license."
 track: brand
 required_tools:
   - sync_governance
@@ -18,8 +18,8 @@ narrative: |
 
   This scenario sets up a strict $50 governance plan, registers governance with the
   brand agent via sync_governance, then attempts to acquire rights whose pricing
-  exceeds the plan. The brand agent must return GOVERNANCE_DENIED with findings
-  propagated from the governance agent.
+  exceeds the plan. The brand agent must return AcquireRightsRejected (status:
+  rejected) with a reason explaining the governance denial.
 
   By default, the governance agent is the training agent at test-agent.adcontextprotocol.org.
   Override with --governance-agent-url to use a custom governance agent.
@@ -161,13 +161,12 @@ phases:
         schema_ref: "brand/acquire-rights-request.json"
         response_schema_ref: "brand/acquire-rights-response.json"
         doc_ref: "/brand-protocol/tasks/acquire_rights"
-        expect_error: true
-        negative_path: payload_well_formed
         stateful: true
         expected: |
-          Brand agent rejects with:
-          - code: GOVERNANCE_DENIED
-          - findings propagated from the governance agent
+          Brand agent returns AcquireRightsRejected:
+          - status: 'rejected'
+          - reason: explanation referencing the governance plan
+          - suggestions: optional array of remediation hints
 
         sample_request:
           account:
@@ -196,9 +195,21 @@ phases:
           context:
             correlation_id: "brand_rights--governance_denied--acquire"
         validations:
-          - check: error_code
-            value: "GOVERNANCE_DENIED"
-            description: "Error code is GOVERNANCE_DENIED"
+          - check: response_schema
+            description: "Response matches AcquireRightsRejected arm of acquire-rights-response.json"
+          - check: field_value
+            path: "status"
+            value: "rejected"
+            description: "Status indicates rejection"
+          - check: field_present
+            path: "rights_id"
+            description: "Denial carries the rights identifier"
+          - check: field_present
+            path: "brand_id"
+            description: "Denial carries the brand identifier"
+          - check: field_present
+            path: "reason"
+            description: "Denial includes explanation"
           - check: field_present
             path: "context"
-            description: "Response echoes back the context object even on errors"
+            description: "Response echoes back the context object"

package/compliance/cache/3.0.12/test-kits/acme-outdoor-live.yaml

@@ -0,0 +1,78 @@
+# Acme Outdoor — Live-Mode Principal Test Kit
+#
+# Entity definition: fictional-entities.yaml → advertisers[acme_outdoor]
+#
+# Live-mode counterpart to acme-outdoor.yaml. Used exclusively by the
+# comply-controller-mode-gate storyboard to supply a non-sandbox principal:
+# the seller's gate must resolve the calling account, detect mode: live, and
+# return ControllerError.error: FORBIDDEN before dispatching any scenario.
+#
+# IMPORTANT: sandbox: false here signals that this principal represents a
+# live/production account for the purpose of controller gating tests. It does
+# NOT mean this kit is used in production grading — the kit is only loaded by
+# the comply_controller_mode_gate storyboard, which requires: [controller]
+# and is dev/staging-only by design.
+
+id: acme_outdoor_live
+name: "Acme Outdoor (Live Mode)"
+description: "Fictional outdoor gear brand — live-mode principal for comply_test_controller denial storyboard"
+sandbox: false
+
+# Authentication fixture for the comply-controller-mode-gate storyboard.
+# The api_key here represents a live-mode (non-sandbox) credential. When the
+# runner sends requests using this key, a conformant seller resolves the
+# account, determines mode: live, and refuses comply_test_controller dispatch
+# with FORBIDDEN.
+#
+# The demo-acme-outdoor-live- prefix signals this is a test harness key whose
+# account resolves as live-mode on conformant implementations.
+auth:
+  api_key: "demo-acme-outdoor-live-v1"
+  probe_task: list_creatives
+
+brand:
+  house:
+    domain: "acmeoutdoor.example"
+    name: "Acme Outdoor"
+  brand_id: "acme_outdoor"
+  names:
+    - en: "Acme Outdoor"
+  description: "Premium outdoor gear for every adventure. From trail to summit, we make gear that performs."
+  industry: "retail"
+  keller_type: "master"
+  logos:
+    - url: "https://test-assets.adcontextprotocol.org/acme-outdoor/logo-primary.png"
+      orientation: "horizontal"
+      background: "light-bg"
+      variant: "primary"
+      width: 400
+      height: 100
+  colors:
+    primary: "#1B5E20"
+    secondary: "#FF6F00"
+    accent: "#FDD835"
+    background: "#FAFAFA"
+    text: "#212121"
+  fonts:
+    heading:
+      family: "Montserrat"
+      weight: 700
+      url: "https://fonts.googleapis.com/css2?family=Montserrat:wght@700"
+    body:
+      family: "Open Sans"
+      weight: 400
+      url: "https://fonts.googleapis.com/css2?family=Open+Sans"
+  tone:
+    voice: "Confident and adventurous, but never pretentious. We talk to people who do things, not people who buy things."
+    attributes:
+      - "active"
+      - "direct"
+      - "warm"
+    dos:
+      - "Use action verbs"
+      - "Reference real outdoor activities"
+      - "Keep it short"
+    donts:
+      - "Use superlatives without evidence"
+      - "Talk down to the reader"
+      - "Use corporate jargon"

package/compliance/cache/3.0.12/universal/comply-controller-mode-gate.yaml

@@ -0,0 +1,135 @@
+id: comply_controller_mode_gate
+version: '1.0.0'
+title: 'Comply test controller — live-account denial gate'
+category: deterministic_testing
+summary: 'Verifies that a seller exposing comply_test_controller refuses calls from live-mode (non-sandbox) accounts with FORBIDDEN.'
+track: security
+required_tools:
+  - comply_test_controller
+
+requires:
+  - controller
+
+narrative: |
+  Sellers that expose comply_test_controller MUST gate dispatch against the calling
+  account's mode. When a buyer agent authenticates as a live-mode (non-sandbox)
+  account and calls comply_test_controller, the seller MUST refuse with
+  error: FORBIDDEN before dispatching any scenario.
+
+  This storyboard exercises the denial path by sending a well-formed
+  force_creative_status request from a live-mode principal (test-kit:
+  acme-outdoor-live, sandbox: false) and asserting FORBIDDEN is returned.
+
+  The live_account_denial phase is optional for two-deployment sellers whose
+  sandbox endpoint admits all authenticated principals regardless of account mode.
+  Those sellers rely on their production endpoint simply not advertising
+  comply_test_controller. Single-endpoint sellers that expose the controller on
+  their main endpoint MUST implement per-account gating and MUST pass this phase.
+
+  This storyboard is the keystone for the (Sandbox) AAO Verified tier — a seller
+  claiming that badge must prove its compliance infrastructure correctly refuses
+  live-mode callers from the controller surface, confirming the sandbox/production
+  boundary is enforced in both directions.
+
+agent:
+  interaction_model: media_buy_seller
+  capabilities:
+    - sells_media
+    - supports_test_controller
+  examples:
+    - 'Any single-endpoint seller with comply_test_controller'
+
+caller:
+  role: buyer_agent
+  example: 'Comply test harness'
+
+prerequisites:
+  description: |
+    The seller must expose comply_test_controller (verified by requires: [controller]
+    at storyboard load time). The live-mode test kit (acme-outdoor-live, sandbox: false)
+    provides an API key whose associated account resolves as live/production mode.
+    Conformant sellers resolve the account, detect mode: live, and return FORBIDDEN
+    without dispatching the scenario.
+  test_kit: 'test-kits/acme-outdoor-live.yaml'
+
+phases:
+  - id: live_account_denial
+    title: 'Live-account caller is denied'
+    narrative: |
+      A buyer authenticates as the live-mode Acme Outdoor principal (sandbox: false)
+      and calls comply_test_controller with a well-formed force_creative_status request.
+
+      Sellers that implement per-account gating MUST detect mode: live and return
+      ControllerError with error: FORBIDDEN before any scenario dispatch occurs.
+
+      This phase is optional: two-deployment sellers whose sandbox endpoint
+      has no per-account gate will return a successful state transition rather than
+      FORBIDDEN, which would fail this phase. Those sellers correctly prevent
+      live-mode misuse by not advertising the tool on their production endpoint
+      at all, so an optional result here does not indicate non-conformance.
+
+    optional: true
+
+    steps:
+      - id: deny_live_caller
+        title: 'comply_test_controller returns FORBIDDEN for a live-mode account'
+        narrative: |
+          Send a valid force_creative_status request authenticated as the live-mode
+          principal. The creative_id comply-live-mode-probe-000 is a stable probe
+          value that will not exist on any real seller; the scenario is benign —
+          the seller's gate fires before entity lookup, so NOT_FOUND is not a
+          conformant response here.
+
+          The seller MUST resolve the calling account, detect that account.mode
+          is live (not sandbox), and return FORBIDDEN. Returning UNKNOWN_SCENARIO,
+          NOT_FOUND, or a success response are all non-conformant for a
+          single-endpoint seller that implements the gate.
+        task: comply_test_controller
+        schema_ref: 'compliance/comply-test-controller-request.json'
+        response_schema_ref: 'compliance/comply-test-controller-response.json'
+        doc_ref: '/building/implementation/comply-test-controller'
+        comply_scenario: comply_controller_mode_gate
+        stateful: false
+        auth:
+          type: api_key
+          from_test_kit: true
+        expect_error: true
+        negative_path: payload_well_formed
+        expected: |
+          Seller refuses with:
+          - success: false
+          - error: FORBIDDEN
+          - error_detail (optional): human-readable explanation such as
+            "comply_test_controller requires a sandbox account; resolved
+            account is in live mode"
+
+        sample_request:
+          scenario: 'force_creative_status'
+          params:
+            creative_id: 'comply-live-mode-probe-000'
+            status: 'approved'
+
+          context:
+            correlation_id: "comply_controller_mode_gate--deny_live_caller"
+
+        validations:
+          - check: response_schema
+            description: 'Response matches comply-test-controller-response.json schema (ControllerError branch)'
+          - check: field_value
+            path: 'success'
+            allowed_values:
+              - false
+            description: 'Request is rejected — seller refused live-mode controller dispatch'
+          - check: field_value
+            path: 'error'
+            allowed_values:
+              - 'FORBIDDEN'
+            description: 'Error code is FORBIDDEN — seller detected live-mode account and denied dispatch before scenario execution'
+
+          - check: field_present
+            path: "context"
+            description: "Response echoes back the context object"
+          - check: field_value
+            path: "context.correlation_id"
+            value: "comply_controller_mode_gate--deny_live_caller"
+            description: "Context correlation_id returned unchanged"

package/compliance/cache/{3.0.11.previous → 3.0.12}/universal/runner-output-contract.yaml

@@ -322,6 +322,34 @@ skip_result:
       DETAILED_SKIP_TO_CANONICAL in the conforming implementation for a
       concrete mapping.
 
+      Recognized narrower detail values for reason: not_applicable (MUST use
+      these exact strings when the cause matches, so dashboards can bucket them):
+
+        fixture_seed_unsupported      — a seed_* controller scenario in the
+                                        auto-injected fixtures phase returned
+                                        UNKNOWN_SCENARIO (seller declared
+                                        comply_test_controller but has not
+                                        implemented that seed scenario).
+
+        force_scenario_unsupported    — a force_* controller scenario in an
+                                        explicit storyboard phase returned
+                                        UNKNOWN_SCENARIO. Runners MUST detect
+                                        the tuple (comply_test_controller
+                                        present, resolved payload scenario
+                                        begins with `force_`, response
+                                        {success: false, error: UNKNOWN_SCENARIO})
+                                        and grade not_applicable before applying
+                                        the step's declared validations; encode
+                                        `force_scenario_unsupported` in
+                                        skip_result.detail. See
+                                        storyboard-schema.yaml >
+                                        force_scenario_unsupported.
+
+        unresolved_scenario_reference — a requires_scenarios reference did not
+                                        resolve against the source tree (authoring
+                                        bug; distinct from the two above, which
+                                        are agent-coverage gaps).
+
 run_summary:
   description: |
     Runners MUST expose a top-level summary for every run. UI surfaces

package/compliance/cache/{3.0.11 → 3.0.12}/universal/storyboard-schema.yaml

@@ -852,6 +852,35 @@
 #       UNKNOWN_SCENARIO). The storyboard grades not_applicable (coverage gap),
 #       not failed.
 #
+#   force_scenario_unsupported
+#       Emitted when a `comply_test_controller` step in an explicit storyboard
+#       phase (not the auto-injected fixture phase) receives
+#       {success: false, error: UNKNOWN_SCENARIO} for a scenario whose name
+#       begins with `force_`. This is the explicit-phase analogue of
+#       `fixture_seed_unsupported`: the seller advertises comply_test_controller
+#       but has not implemented the specific force_* scenario arm the storyboard
+#       requires. The storyboard grades not_applicable (coverage gap), not
+#       failed.
+#
+#       Runners MUST detect this tuple — comply_test_controller IS advertised
+#       (missing_test_controller check already passed), the resolved wire
+#       payload's `scenario` field begins with `force_`, and the response
+#       carries {success: false, error: UNKNOWN_SCENARIO} — and apply
+#       not_applicable grading before evaluating the step's declared
+#       validations. The narrower reason MUST be encoded in skip_result.detail
+#       per the convention in runner-output-contract.yaml; the canonical reason
+#       remains not_applicable.
+#
+#       Detection order: `missing_test_controller` (tool absent) fires first;
+#       `force_scenario_unsupported` fires only when the tool IS present. A
+#       runner that checks `force_scenario_unsupported` before confirming tool
+#       presence would misgrade absent-tool cases whose scenario name starts
+#       with `force_`.
+#
+#       Distinct from `fixture_seed_unsupported` (auto-injected fixture phase,
+#       seed_* scenarios) and from `missing_test_controller` (the agent did not
+#       advertise comply_test_controller at all). Closes #4226.
+#
 #   unresolved_scenario_reference
 #       A detailed sub-reason under the canonical skip `reason:
 #       not_applicable`. Emitted when a parent storyboard's

package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/index.json

@@ -1,9 +1,10 @@
 {
-  "adcp_version": "3.0.11",
-  "generated_at": "2026-05-11T08:45:20.345Z",
+  "adcp_version": "3.0.12",
+  "generated_at": "2026-05-13T10:39:52.556Z",
   "universal": [
     "capability-discovery",
     "collection-lists-pagination-integrity",
+    "comply-controller-mode-gate",
     "content-standards-pagination-integrity",
     "deterministic-testing",
     "error-compliance",

package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/brand-rights/scenarios/governance_denied.yaml

@@ -2,7 +2,7 @@ id: brand_rights/governance_denied
 version: "1.0.0"
 title: "Brand agent rejects rights acquisition when governance denies"
 category: brand_rights
-summary: "Verifies that a brand agent propagates GOVERNANCE_DENIED when the buyer's governance plan denies a rights license."
+summary: "Verifies that a brand agent returns AcquireRightsRejected when the buyer's governance plan denies a rights license."
 track: brand
 required_tools:
   - sync_governance
@@ -18,8 +18,8 @@ narrative: |
 
   This scenario sets up a strict $50 governance plan, registers governance with the
   brand agent via sync_governance, then attempts to acquire rights whose pricing
-  exceeds the plan. The brand agent must return GOVERNANCE_DENIED with findings
-  propagated from the governance agent.
+  exceeds the plan. The brand agent must return AcquireRightsRejected (status:
+  rejected) with a reason explaining the governance denial.
 
   By default, the governance agent is the training agent at test-agent.adcontextprotocol.org.
   Override with --governance-agent-url to use a custom governance agent.
@@ -161,13 +161,12 @@ phases:
         schema_ref: "brand/acquire-rights-request.json"
         response_schema_ref: "brand/acquire-rights-response.json"
         doc_ref: "/brand-protocol/tasks/acquire_rights"
-        expect_error: true
-        negative_path: payload_well_formed
         stateful: true
         expected: |
-          Brand agent rejects with:
-          - code: GOVERNANCE_DENIED
-          - findings propagated from the governance agent
+          Brand agent returns AcquireRightsRejected:
+          - status: 'rejected'
+          - reason: explanation referencing the governance plan
+          - suggestions: optional array of remediation hints
 
         sample_request:
           account:
@@ -196,9 +195,21 @@ phases:
           context:
             correlation_id: "brand_rights--governance_denied--acquire"
         validations:
-          - check: error_code
-            value: "GOVERNANCE_DENIED"
-            description: "Error code is GOVERNANCE_DENIED"
+          - check: response_schema
+            description: "Response matches AcquireRightsRejected arm of acquire-rights-response.json"
+          - check: field_value
+            path: "status"
+            value: "rejected"
+            description: "Status indicates rejection"
+          - check: field_present
+            path: "rights_id"
+            description: "Denial carries the rights identifier"
+          - check: field_present
+            path: "brand_id"
+            description: "Denial carries the brand identifier"
+          - check: field_present
+            path: "reason"
+            description: "Denial includes explanation"
           - check: field_present
             path: "context"
-            description: "Response echoes back the context object even on errors"
+            description: "Response echoes back the context object"

package/compliance/cache/3.0.12.previous/test-kits/acme-outdoor-live.yaml

@@ -0,0 +1,78 @@
+# Acme Outdoor — Live-Mode Principal Test Kit
+#
+# Entity definition: fictional-entities.yaml → advertisers[acme_outdoor]
+#
+# Live-mode counterpart to acme-outdoor.yaml. Used exclusively by the
+# comply-controller-mode-gate storyboard to supply a non-sandbox principal:
+# the seller's gate must resolve the calling account, detect mode: live, and
+# return ControllerError.error: FORBIDDEN before dispatching any scenario.
+#
+# IMPORTANT: sandbox: false here signals that this principal represents a
+# live/production account for the purpose of controller gating tests. It does
+# NOT mean this kit is used in production grading — the kit is only loaded by
+# the comply_controller_mode_gate storyboard, which requires: [controller]
+# and is dev/staging-only by design.
+
+id: acme_outdoor_live
+name: "Acme Outdoor (Live Mode)"
+description: "Fictional outdoor gear brand — live-mode principal for comply_test_controller denial storyboard"
+sandbox: false
+
+# Authentication fixture for the comply-controller-mode-gate storyboard.
+# The api_key here represents a live-mode (non-sandbox) credential. When the
+# runner sends requests using this key, a conformant seller resolves the
+# account, determines mode: live, and refuses comply_test_controller dispatch
+# with FORBIDDEN.
+#
+# The demo-acme-outdoor-live- prefix signals this is a test harness key whose
+# account resolves as live-mode on conformant implementations.
+auth:
+  api_key: "demo-acme-outdoor-live-v1"
+  probe_task: list_creatives
+
+brand:
+  house:
+    domain: "acmeoutdoor.example"
+    name: "Acme Outdoor"
+  brand_id: "acme_outdoor"
+  names:
+    - en: "Acme Outdoor"
+  description: "Premium outdoor gear for every adventure. From trail to summit, we make gear that performs."
+  industry: "retail"
+  keller_type: "master"
+  logos:
+    - url: "https://test-assets.adcontextprotocol.org/acme-outdoor/logo-primary.png"
+      orientation: "horizontal"
+      background: "light-bg"
+      variant: "primary"
+      width: 400
+      height: 100
+  colors:
+    primary: "#1B5E20"
+    secondary: "#FF6F00"
+    accent: "#FDD835"
+    background: "#FAFAFA"
+    text: "#212121"
+  fonts:
+    heading:
+      family: "Montserrat"
+      weight: 700
+      url: "https://fonts.googleapis.com/css2?family=Montserrat:wght@700"
+    body:
+      family: "Open Sans"
+      weight: 400
+      url: "https://fonts.googleapis.com/css2?family=Open+Sans"
+  tone:
+    voice: "Confident and adventurous, but never pretentious. We talk to people who do things, not people who buy things."
+    attributes:
+      - "active"
+      - "direct"
+      - "warm"
+    dos:
+      - "Use action verbs"
+      - "Reference real outdoor activities"
+      - "Keep it short"
+    donts:
+      - "Use superlatives without evidence"
+      - "Talk down to the reader"
+      - "Use corporate jargon"