@adcp/sdk 7.5.0 → 7.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ADCP_VERSION +1 -1
- package/bin/adcp.js +77 -1
- package/compliance/cache/{3.0.11 → 3.0.12}/index.json +3 -2
- package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/brand-rights/scenarios/governance_denied.yaml +23 -12
- package/compliance/cache/3.0.12/test-kits/acme-outdoor-live.yaml +78 -0
- package/compliance/cache/3.0.12/universal/comply-controller-mode-gate.yaml +135 -0
- package/compliance/cache/{3.0.11.previous → 3.0.12}/universal/runner-output-contract.yaml +28 -0
- package/compliance/cache/{3.0.11 → 3.0.12}/universal/storyboard-schema.yaml +29 -0
- package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/index.json +3 -2
- package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/brand-rights/scenarios/governance_denied.yaml +23 -12
- package/compliance/cache/3.0.12.previous/test-kits/acme-outdoor-live.yaml +78 -0
- package/compliance/cache/3.0.12.previous/universal/comply-controller-mode-gate.yaml +135 -0
- package/compliance/cache/{3.0.11 → 3.0.12.previous}/universal/runner-output-contract.yaml +28 -0
- package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/storyboard-schema.yaml +29 -0
- package/dist/lib/core/AgentClient.d.ts.map +1 -1
- package/dist/lib/core/SingleAgentClient.d.ts.map +1 -1
- package/dist/lib/core/SingleAgentClient.js +31 -9
- package/dist/lib/core/SingleAgentClient.js.map +1 -1
- package/dist/lib/discovery/publisher-property-selector.d.ts +99 -0
- package/dist/lib/discovery/publisher-property-selector.d.ts.map +1 -0
- package/dist/lib/discovery/publisher-property-selector.js +233 -0
- package/dist/lib/discovery/publisher-property-selector.js.map +1 -0
- package/dist/lib/discovery/resolve-agent-properties.d.ts +24 -3
- package/dist/lib/discovery/resolve-agent-properties.d.ts.map +1 -1
- package/dist/lib/discovery/resolve-agent-properties.js +67 -13
- package/dist/lib/discovery/resolve-agent-properties.js.map +1 -1
- package/dist/lib/discovery/types.d.ts +42 -5
- package/dist/lib/discovery/types.d.ts.map +1 -1
- package/dist/lib/index.d.ts +12 -1
- package/dist/lib/index.d.ts.map +1 -1
- package/dist/lib/index.js +36 -10
- package/dist/lib/index.js.map +1 -1
- package/dist/lib/protocols/index.d.ts.map +1 -1
- package/dist/lib/protocols/index.js +13 -4
- package/dist/lib/protocols/index.js.map +1 -1
- package/dist/lib/schemas-data/3.0/a2ui/bound-value.json +1 -1
- package/dist/lib/schemas-data/3.0/a2ui/component.json +1 -1
- package/dist/lib/schemas-data/3.0/a2ui/si-catalog.json +25 -25
- package/dist/lib/schemas-data/3.0/a2ui/surface.json +2 -2
- package/dist/lib/schemas-data/3.0/a2ui/user-action.json +1 -1
- package/dist/lib/schemas-data/3.0/account/get-account-financials-request.json +5 -5
- package/dist/lib/schemas-data/3.0/account/get-account-financials-response.json +10 -10
- package/dist/lib/schemas-data/3.0/account/list-accounts-request.json +4 -4
- package/dist/lib/schemas-data/3.0/account/list-accounts-response.json +6 -6
- package/dist/lib/schemas-data/3.0/account/report-usage-request.json +5 -5
- package/dist/lib/schemas-data/3.0/account/report-usage-response.json +4 -4
- package/dist/lib/schemas-data/3.0/account/sync-accounts-request.json +9 -9
- package/dist/lib/schemas-data/3.0/account/sync-accounts-response.json +12 -12
- package/dist/lib/schemas-data/3.0/account/sync-governance-request.json +5 -5
- package/dist/lib/schemas-data/3.0/account/sync-governance-response.json +8 -8
- package/dist/lib/schemas-data/3.0/adagents.json +32 -32
- package/dist/lib/schemas-data/3.0/brand/acquire-rights-request.json +8 -8
- package/dist/lib/schemas-data/3.0/brand/acquire-rights-response.json +14 -14
- package/dist/lib/schemas-data/3.0/brand/creative-approval-request.json +4 -4
- package/dist/lib/schemas-data/3.0/brand/creative-approval-response.json +10 -10
- package/dist/lib/schemas-data/3.0/brand/get-brand-identity-request.json +3 -3
- package/dist/lib/schemas-data/3.0/brand/get-brand-identity-response.json +8 -8
- package/dist/lib/schemas-data/3.0/brand/get-rights-request.json +7 -7
- package/dist/lib/schemas-data/3.0/brand/get-rights-response.json +9 -9
- package/dist/lib/schemas-data/3.0/brand/revocation-notification.json +4 -4
- package/dist/lib/schemas-data/3.0/brand/rights-pricing-option.json +5 -5
- package/dist/lib/schemas-data/3.0/brand/rights-terms.json +3 -3
- package/dist/lib/schemas-data/3.0/brand/update-rights-request.json +4 -4
- package/dist/lib/schemas-data/3.0/brand/update-rights-response.json +9 -9
- package/dist/lib/schemas-data/3.0/brand.json +14 -14
- package/dist/lib/schemas-data/3.0/bundled/content-standards/calibrate-content-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/calibrate-content-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/create-content-standards-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/create-content-standards-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/get-content-standards-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/get-content-standards-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/get-media-buy-artifacts-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/get-media-buy-artifacts-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/list-content-standards-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/list-content-standards-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/update-content-standards-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/update-content-standards-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/validate-content-delivery-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/content-standards/validate-content-delivery-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/core/tasks-get-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/core/tasks-get-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/core/tasks-list-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/core/tasks-list-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/get-creative-delivery-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/get-creative-delivery-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/get-creative-features-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/get-creative-features-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/list-creative-formats-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/list-creative-formats-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/list-creatives-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/list-creatives-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/preview-creative-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/preview-creative-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/sync-creatives-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/creative/sync-creatives-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/build-creative-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/build-creative-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/create-media-buy-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/create-media-buy-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/get-media-buy-delivery-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/get-media-buy-delivery-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/get-media-buys-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/get-media-buys-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/get-products-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/get-products-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/list-creative-formats-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/list-creative-formats-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/log-event-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/log-event-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/package-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/provide-performance-feedback-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/provide-performance-feedback-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/sync-audiences-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/sync-audiences-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/sync-catalogs-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/sync-catalogs-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/sync-event-sources-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/sync-event-sources-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/update-media-buy-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/media-buy/update-media-buy-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/create-property-list-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/create-property-list-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/delete-property-list-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/delete-property-list-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/get-property-list-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/get-property-list-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/list-property-lists-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/list-property-lists-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/update-property-list-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/update-property-list-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/validate-property-delivery-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/property/validate-property-delivery-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/protocol/get-adcp-capabilities-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/protocol/get-adcp-capabilities-response.json +34 -8
- package/dist/lib/schemas-data/3.0/bundled/signals/activate-signal-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/signals/activate-signal-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/signals/get-signals-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/signals/get-signals-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/sponsored-intelligence/si-get-offering-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/sponsored-intelligence/si-get-offering-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/sponsored-intelligence/si-initiate-session-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/sponsored-intelligence/si-initiate-session-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/sponsored-intelligence/si-send-message-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/sponsored-intelligence/si-send-message-response.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/sponsored-intelligence/si-terminate-session-request.json +2 -2
- package/dist/lib/schemas-data/3.0/bundled/sponsored-intelligence/si-terminate-session-response.json +2 -2
- package/dist/lib/schemas-data/3.0/collection/base-collection-source.json +3 -3
- package/dist/lib/schemas-data/3.0/collection/collection-list-changed-webhook.json +2 -2
- package/dist/lib/schemas-data/3.0/collection/collection-list-filters.json +7 -7
- package/dist/lib/schemas-data/3.0/collection/collection-list.json +5 -5
- package/dist/lib/schemas-data/3.0/collection/create-collection-list-request.json +7 -7
- package/dist/lib/schemas-data/3.0/collection/create-collection-list-response.json +4 -4
- package/dist/lib/schemas-data/3.0/collection/delete-collection-list-request.json +4 -4
- package/dist/lib/schemas-data/3.0/collection/delete-collection-list-response.json +3 -3
- package/dist/lib/schemas-data/3.0/collection/get-collection-list-request.json +4 -4
- package/dist/lib/schemas-data/3.0/collection/get-collection-list-response.json +10 -10
- package/dist/lib/schemas-data/3.0/collection/list-collection-lists-request.json +5 -5
- package/dist/lib/schemas-data/3.0/collection/list-collection-lists-response.json +5 -5
- package/dist/lib/schemas-data/3.0/collection/update-collection-list-request.json +7 -7
- package/dist/lib/schemas-data/3.0/collection/update-collection-list-response.json +4 -4
- package/dist/lib/schemas-data/3.0/content-standards/artifact-webhook-payload.json +3 -3
- package/dist/lib/schemas-data/3.0/content-standards/artifact.json +7 -7
- package/dist/lib/schemas-data/3.0/content-standards/calibrate-content-request.json +4 -4
- package/dist/lib/schemas-data/3.0/content-standards/calibrate-content-response.json +8 -8
- package/dist/lib/schemas-data/3.0/content-standards/content-standards.json +7 -7
- package/dist/lib/schemas-data/3.0/content-standards/create-content-standards-request.json +7 -7
- package/dist/lib/schemas-data/3.0/content-standards/create-content-standards-response.json +6 -6
- package/dist/lib/schemas-data/3.0/content-standards/get-content-standards-request.json +3 -3
- package/dist/lib/schemas-data/3.0/content-standards/get-content-standards-response.json +7 -7
- package/dist/lib/schemas-data/3.0/content-standards/get-media-buy-artifacts-request.json +4 -4
- package/dist/lib/schemas-data/3.0/content-standards/get-media-buy-artifacts-response.json +8 -8
- package/dist/lib/schemas-data/3.0/content-standards/list-content-standards-request.json +5 -5
- package/dist/lib/schemas-data/3.0/content-standards/list-content-standards-response.json +8 -8
- package/dist/lib/schemas-data/3.0/content-standards/update-content-standards-request.json +7 -7
- package/dist/lib/schemas-data/3.0/content-standards/update-content-standards-response.json +6 -6
- package/dist/lib/schemas-data/3.0/content-standards/validate-content-delivery-request.json +4 -4
- package/dist/lib/schemas-data/3.0/content-standards/validate-content-delivery-response.json +8 -8
- package/dist/lib/schemas-data/3.0/core/account-ref.json +2 -2
- package/dist/lib/schemas-data/3.0/core/account.json +9 -9
- package/dist/lib/schemas-data/3.0/core/activation-key.json +1 -1
- package/dist/lib/schemas-data/3.0/core/ad-inventory-config.json +1 -1
- package/dist/lib/schemas-data/3.0/core/agent-encryption-key.json +1 -1
- package/dist/lib/schemas-data/3.0/core/agent-signing-key.json +1 -1
- package/dist/lib/schemas-data/3.0/core/app-item.json +4 -4
- package/dist/lib/schemas-data/3.0/core/assets/asset-union.json +15 -15
- package/dist/lib/schemas-data/3.0/core/assets/audio-asset.json +3 -3
- package/dist/lib/schemas-data/3.0/core/assets/brief-asset.json +2 -2
- package/dist/lib/schemas-data/3.0/core/assets/catalog-asset.json +2 -2
- package/dist/lib/schemas-data/3.0/core/assets/css-asset.json +2 -2
- package/dist/lib/schemas-data/3.0/core/assets/daast-asset.json +4 -4
- package/dist/lib/schemas-data/3.0/core/assets/html-asset.json +2 -2
- package/dist/lib/schemas-data/3.0/core/assets/image-asset.json +2 -2
- package/dist/lib/schemas-data/3.0/core/assets/javascript-asset.json +3 -3
- package/dist/lib/schemas-data/3.0/core/assets/markdown-asset.json +2 -2
- package/dist/lib/schemas-data/3.0/core/assets/text-asset.json +2 -2
- package/dist/lib/schemas-data/3.0/core/assets/url-asset.json +3 -3
- package/dist/lib/schemas-data/3.0/core/assets/vast-asset.json +4 -4
- package/dist/lib/schemas-data/3.0/core/assets/video-asset.json +7 -7
- package/dist/lib/schemas-data/3.0/core/assets/webhook-asset.json +7 -7
- package/dist/lib/schemas-data/3.0/core/async-response-data.json +25 -25
- package/dist/lib/schemas-data/3.0/core/attribution-window.json +4 -4
- package/dist/lib/schemas-data/3.0/core/audience-member.json +3 -3
- package/dist/lib/schemas-data/3.0/core/audience-selector.json +4 -4
- package/dist/lib/schemas-data/3.0/core/brand-id.json +1 -1
- package/dist/lib/schemas-data/3.0/core/brand-ref.json +2 -2
- package/dist/lib/schemas-data/3.0/core/business-entity.json +2 -2
- package/dist/lib/schemas-data/3.0/core/cancellation-policy.json +2 -2
- package/dist/lib/schemas-data/3.0/core/catalog-field-mapping.json +2 -2
- package/dist/lib/schemas-data/3.0/core/catalog.json +7 -7
- package/dist/lib/schemas-data/3.0/core/catchment.json +5 -5
- package/dist/lib/schemas-data/3.0/core/collection-distribution.json +2 -2
- package/dist/lib/schemas-data/3.0/core/collection-list-ref.json +1 -1
- package/dist/lib/schemas-data/3.0/core/collection-selector.json +1 -1
- package/dist/lib/schemas-data/3.0/core/collection.json +13 -13
- package/dist/lib/schemas-data/3.0/core/content-rating.json +2 -2
- package/dist/lib/schemas-data/3.0/core/context.json +1 -1
- package/dist/lib/schemas-data/3.0/core/creative-asset.json +6 -6
- package/dist/lib/schemas-data/3.0/core/creative-assignment.json +1 -1
- package/dist/lib/schemas-data/3.0/core/creative-brief.json +4 -4
- package/dist/lib/schemas-data/3.0/core/creative-consumption.json +1 -1
- package/dist/lib/schemas-data/3.0/core/creative-filters.json +4 -4
- package/dist/lib/schemas-data/3.0/core/creative-item.json +1 -1
- package/dist/lib/schemas-data/3.0/core/creative-manifest.json +7 -7
- package/dist/lib/schemas-data/3.0/core/creative-policy.json +3 -3
- package/dist/lib/schemas-data/3.0/core/creative-variable.json +1 -1
- package/dist/lib/schemas-data/3.0/core/creative-variant.json +5 -5
- package/dist/lib/schemas-data/3.0/core/data-provider-signal-selector.json +1 -1
- package/dist/lib/schemas-data/3.0/core/date-range.json +1 -1
- package/dist/lib/schemas-data/3.0/core/datetime-range.json +1 -1
- package/dist/lib/schemas-data/3.0/core/daypart-target.json +2 -2
- package/dist/lib/schemas-data/3.0/core/deadline-policy.json +1 -1
- package/dist/lib/schemas-data/3.0/core/delivery-forecast.json +7 -7
- package/dist/lib/schemas-data/3.0/core/delivery-metrics.json +5 -5
- package/dist/lib/schemas-data/3.0/core/deployment.json +3 -3
- package/dist/lib/schemas-data/3.0/core/destination-item.json +4 -4
- package/dist/lib/schemas-data/3.0/core/destination.json +1 -1
- package/dist/lib/schemas-data/3.0/core/diagnostic-issue.json +1 -1
- package/dist/lib/schemas-data/3.0/core/duration.json +1 -1
- package/dist/lib/schemas-data/3.0/core/education-item.json +4 -4
- package/dist/lib/schemas-data/3.0/core/error.json +1 -1
- package/dist/lib/schemas-data/3.0/core/event-custom-data.json +2 -2
- package/dist/lib/schemas-data/3.0/core/event-source-health.json +3 -3
- package/dist/lib/schemas-data/3.0/core/event.json +6 -6
- package/dist/lib/schemas-data/3.0/core/ext.json +1 -1
- package/dist/lib/schemas-data/3.0/core/feature-requirement.json +1 -1
- package/dist/lib/schemas-data/3.0/core/flight-item.json +4 -4
- package/dist/lib/schemas-data/3.0/core/forecast-point.json +18 -18
- package/dist/lib/schemas-data/3.0/core/forecast-range.json +1 -1
- package/dist/lib/schemas-data/3.0/core/format-id.json +1 -1
- package/dist/lib/schemas-data/3.0/core/format.json +42 -42
- package/dist/lib/schemas-data/3.0/core/frequency-cap.json +4 -4
- package/dist/lib/schemas-data/3.0/core/generation-credential.json +3 -3
- package/dist/lib/schemas-data/3.0/core/geo-breakdown-support.json +3 -3
- package/dist/lib/schemas-data/3.0/core/hotel-item.json +4 -4
- package/dist/lib/schemas-data/3.0/core/identifier.json +2 -2
- package/dist/lib/schemas-data/3.0/core/industry-identifier.json +2 -2
- package/dist/lib/schemas-data/3.0/core/insertion-order.json +1 -1
- package/dist/lib/schemas-data/3.0/core/installment-deadlines.json +2 -2
- package/dist/lib/schemas-data/3.0/core/installment.json +9 -9
- package/dist/lib/schemas-data/3.0/core/job-item.json +3 -3
- package/dist/lib/schemas-data/3.0/core/limited-series.json +1 -1
- package/dist/lib/schemas-data/3.0/core/material-deadline.json +1 -1
- package/dist/lib/schemas-data/3.0/core/mcp-webhook-payload.json +5 -5
- package/dist/lib/schemas-data/3.0/core/measurement-readiness.json +5 -5
- package/dist/lib/schemas-data/3.0/core/measurement-terms.json +3 -3
- package/dist/lib/schemas-data/3.0/core/measurement-window.json +1 -1
- package/dist/lib/schemas-data/3.0/core/media-buy-features.json +1 -1
- package/dist/lib/schemas-data/3.0/core/media-buy.json +7 -7
- package/dist/lib/schemas-data/3.0/core/offering-asset-group.json +15 -15
- package/dist/lib/schemas-data/3.0/core/offering.json +5 -5
- package/dist/lib/schemas-data/3.0/core/optimization-goal.json +6 -6
- package/dist/lib/schemas-data/3.0/core/outcome-measurement.json +2 -2
- package/dist/lib/schemas-data/3.0/core/overlay.json +1 -1
- package/dist/lib/schemas-data/3.0/core/package.json +14 -14
- package/dist/lib/schemas-data/3.0/core/pagination-request.json +1 -1
- package/dist/lib/schemas-data/3.0/core/pagination-response.json +1 -1
- package/dist/lib/schemas-data/3.0/core/performance-feedback.json +3 -3
- package/dist/lib/schemas-data/3.0/core/performance-standard.json +4 -4
- package/dist/lib/schemas-data/3.0/core/placement-definition.json +5 -5
- package/dist/lib/schemas-data/3.0/core/placement.json +2 -2
- package/dist/lib/schemas-data/3.0/core/planned-delivery.json +5 -5
- package/dist/lib/schemas-data/3.0/core/price.json +1 -1
- package/dist/lib/schemas-data/3.0/core/pricing-option.json +10 -10
- package/dist/lib/schemas-data/3.0/core/product-allocation.json +4 -4
- package/dist/lib/schemas-data/3.0/core/product-filters.json +16 -16
- package/dist/lib/schemas-data/3.0/core/product.json +28 -28
- package/dist/lib/schemas-data/3.0/core/property-id.json +1 -1
- package/dist/lib/schemas-data/3.0/core/property-list-ref.json +1 -1
- package/dist/lib/schemas-data/3.0/core/property-tag.json +1 -1
- package/dist/lib/schemas-data/3.0/core/property.json +6 -6
- package/dist/lib/schemas-data/3.0/core/proposal.json +6 -6
- package/dist/lib/schemas-data/3.0/core/protocol-envelope.json +3 -3
- package/dist/lib/schemas-data/3.0/core/provenance.json +6 -6
- package/dist/lib/schemas-data/3.0/core/publisher-property-selector.json +3 -3
- package/dist/lib/schemas-data/3.0/core/push-notification-config.json +2 -2
- package/dist/lib/schemas-data/3.0/core/real-estate-item.json +4 -4
- package/dist/lib/schemas-data/3.0/core/reference-asset.json +1 -1
- package/dist/lib/schemas-data/3.0/core/reporting-capabilities.json +5 -5
- package/dist/lib/schemas-data/3.0/core/reporting-webhook.json +3 -3
- package/dist/lib/schemas-data/3.0/core/requirements/asset-requirements.json +13 -13
- package/dist/lib/schemas-data/3.0/core/requirements/audio-asset-requirements.json +1 -1
- package/dist/lib/schemas-data/3.0/core/requirements/catalog-field-binding.json +4 -4
- package/dist/lib/schemas-data/3.0/core/requirements/catalog-requirements.json +5 -5
- package/dist/lib/schemas-data/3.0/core/requirements/css-asset-requirements.json +1 -1
- package/dist/lib/schemas-data/3.0/core/requirements/daast-asset-requirements.json +1 -1
- package/dist/lib/schemas-data/3.0/core/requirements/html-asset-requirements.json +1 -1
- package/dist/lib/schemas-data/3.0/core/requirements/image-asset-requirements.json +2 -2
- package/dist/lib/schemas-data/3.0/core/requirements/javascript-asset-requirements.json +1 -1
- package/dist/lib/schemas-data/3.0/core/requirements/markdown-asset-requirements.json +1 -1
- package/dist/lib/schemas-data/3.0/core/requirements/offering-asset-constraint.json +4 -4
- package/dist/lib/schemas-data/3.0/core/requirements/text-asset-requirements.json +1 -1
- package/dist/lib/schemas-data/3.0/core/requirements/url-asset-requirements.json +1 -1
- package/dist/lib/schemas-data/3.0/core/requirements/vast-asset-requirements.json +1 -1
- package/dist/lib/schemas-data/3.0/core/requirements/video-asset-requirements.json +6 -6
- package/dist/lib/schemas-data/3.0/core/requirements/webhook-asset-requirements.json +1 -1
- package/dist/lib/schemas-data/3.0/core/response.json +1 -1
- package/dist/lib/schemas-data/3.0/core/rights-constraint.json +4 -4
- package/dist/lib/schemas-data/3.0/core/seller-agent-ref.json +1 -1
- package/dist/lib/schemas-data/3.0/core/signal-definition.json +3 -3
- package/dist/lib/schemas-data/3.0/core/signal-filters.json +2 -2
- package/dist/lib/schemas-data/3.0/core/signal-id.json +1 -1
- package/dist/lib/schemas-data/3.0/core/signal-pricing-option.json +2 -2
- package/dist/lib/schemas-data/3.0/core/signal-pricing.json +6 -6
- package/dist/lib/schemas-data/3.0/core/signal-targeting.json +4 -4
- package/dist/lib/schemas-data/3.0/core/special.json +2 -2
- package/dist/lib/schemas-data/3.0/core/start-timing.json +1 -1
- package/dist/lib/schemas-data/3.0/core/store-item.json +3 -3
- package/dist/lib/schemas-data/3.0/core/talent.json +2 -2
- package/dist/lib/schemas-data/3.0/core/targeting.json +20 -20
- package/dist/lib/schemas-data/3.0/core/tasks-get-request.json +3 -3
- package/dist/lib/schemas-data/3.0/core/tasks-get-response.json +7 -7
- package/dist/lib/schemas-data/3.0/core/tasks-list-request.json +11 -11
- package/dist/lib/schemas-data/3.0/core/tasks-list-response.json +6 -6
- package/dist/lib/schemas-data/3.0/core/user-match.json +3 -3
- package/dist/lib/schemas-data/3.0/core/vehicle-item.json +4 -4
- package/dist/lib/schemas-data/3.0/core/vendor-pricing-option.json +2 -2
- package/dist/lib/schemas-data/3.0/core/x-entity-types.json +1 -1
- package/dist/lib/schemas-data/3.0/creative/asset-types/index.json +5 -5
- package/dist/lib/schemas-data/3.0/creative/creative-feature-result.json +2 -2
- package/dist/lib/schemas-data/3.0/creative/get-creative-delivery-request.json +5 -5
- package/dist/lib/schemas-data/3.0/creative/get-creative-delivery-response.json +7 -7
- package/dist/lib/schemas-data/3.0/creative/get-creative-features-request.json +5 -5
- package/dist/lib/schemas-data/3.0/creative/get-creative-features-response.json +8 -8
- package/dist/lib/schemas-data/3.0/creative/list-creative-formats-request.json +11 -11
- package/dist/lib/schemas-data/3.0/creative/list-creative-formats-response.json +7 -7
- package/dist/lib/schemas-data/3.0/creative/list-creatives-request.json +8 -8
- package/dist/lib/schemas-data/3.0/creative/list-creatives-response.json +14 -14
- package/dist/lib/schemas-data/3.0/creative/preview-creative-request.json +11 -11
- package/dist/lib/schemas-data/3.0/creative/preview-creative-response.json +12 -12
- package/dist/lib/schemas-data/3.0/creative/preview-render.json +1 -1
- package/dist/lib/schemas-data/3.0/creative/sync-creatives-async-response-input-required.json +3 -3
- package/dist/lib/schemas-data/3.0/creative/sync-creatives-async-response-submitted.json +3 -3
- package/dist/lib/schemas-data/3.0/creative/sync-creatives-async-response-working.json +3 -3
- package/dist/lib/schemas-data/3.0/creative/sync-creatives-request.json +7 -7
- package/dist/lib/schemas-data/3.0/creative/sync-creatives-response.json +13 -13
- package/dist/lib/schemas-data/3.0/enums/account-scope.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/account-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/action-source.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/adcp-protocol.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/adjustment-kind.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/advertiser-industry.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/age-verification-method.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/assessment-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/asset-content-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/attribution-model.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/audience-source.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/audience-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/audio-channel-layout.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/auth-scheme.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/available-metric.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/billing-party.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/binary-verdict.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/brand-agent-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/canceled-by.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/catalog-action.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/catalog-item-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/catalog-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/channels.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/cloud-storage-protocol.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/co-branding-requirement.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/collection-cadence.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/collection-kind.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/collection-relationship.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/collection-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/consent-basis.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/content-id-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/content-rating-system.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/creative-action.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/creative-agent-capability.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/creative-approval-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/creative-identifier-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/creative-quality.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/creative-sort-field.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/creative-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/daast-tracking-event.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/daast-version.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/day-of-week.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/delegation-authority.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/delivery-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/demographic-system.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/derivative-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/device-platform.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/device-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/digital-source-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/dimension-unit.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/disclosure-persistence.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/disclosure-position.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/distance-unit.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/distribution-identifier-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/error-code.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/escalation-severity.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/event-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/exclusivity.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/feature-check-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/feed-format.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/feedback-source.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/forecast-method.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/forecast-range-unit.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/forecastable-metric.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/format-id-parameter.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/frame-rate-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/frequency-cap-scope.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/genre-taxonomy.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/geo-level.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/gop-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/governance-decision.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/governance-domain.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/governance-mode.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/governance-phase.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/history-entry-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/http-method.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/identifier-types.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/installment-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/javascript-module-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/landing-page-requirement.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/makegood-remedy.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/markdown-flavor.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/match-id-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/match-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/media-buy-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/media-buy-valid-action.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/metric-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/metro-system.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/moov-atom-position.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/notification-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/outcome-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/pacing.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/payment-terms.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/performance-standard-metric.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/policy-category.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/policy-enforcement.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/postal-system.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/preview-output-format.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/pricing-model.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/production-quality.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/property-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/proposal-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/publisher-identifier-types.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/purchase-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/reach-unit.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/reporting-frequency.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/response-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/restricted-attribute.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/right-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/right-use.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/rights-billing-period.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/scan-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/si-session-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/signal-catalog-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/signal-source.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/signal-value-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/snapshot-unavailable-reason.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/sort-direction.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/sort-metric.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/special-category.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/specialism.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/talent-role.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/task-status.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/task-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/transport-mode.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/travel-time-unit.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/uid-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/universal-macro.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/update-frequency.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/url-asset-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/validation-mode.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/vast-tracking-event.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/vast-version.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/viewability-standard.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/wcag-level.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/webhook-response-type.json +1 -1
- package/dist/lib/schemas-data/3.0/enums/webhook-security-method.json +1 -1
- package/dist/lib/schemas-data/3.0/error-details/account-setup-required.json +1 -1
- package/dist/lib/schemas-data/3.0/error-details/audience-too-small.json +1 -1
- package/dist/lib/schemas-data/3.0/error-details/budget-too-low.json +1 -1
- package/dist/lib/schemas-data/3.0/error-details/conflict.json +1 -1
- package/dist/lib/schemas-data/3.0/error-details/creative-rejected.json +1 -1
- package/dist/lib/schemas-data/3.0/error-details/policy-violation.json +1 -1
- package/dist/lib/schemas-data/3.0/error-details/rate-limited.json +1 -1
- package/dist/lib/schemas-data/3.0/error-details/vendor-error-codes.json +1 -1
- package/dist/lib/schemas-data/3.0/extensions/extension-meta.json +1 -1
- package/dist/lib/schemas-data/3.0/extensions/index.json +2 -2
- package/dist/lib/schemas-data/3.0/governance/attribute-definition.json +1 -1
- package/dist/lib/schemas-data/3.0/governance/audience-constraints.json +3 -3
- package/dist/lib/schemas-data/3.0/governance/check-governance-request.json +7 -7
- package/dist/lib/schemas-data/3.0/governance/check-governance-response.json +6 -6
- package/dist/lib/schemas-data/3.0/governance/get-plan-audit-logs-request.json +4 -4
- package/dist/lib/schemas-data/3.0/governance/get-plan-audit-logs-response.json +9 -9
- package/dist/lib/schemas-data/3.0/governance/policy-category-definition.json +2 -2
- package/dist/lib/schemas-data/3.0/governance/policy-entry.json +6 -6
- package/dist/lib/schemas-data/3.0/governance/policy-ref.json +1 -1
- package/dist/lib/schemas-data/3.0/governance/report-plan-outcome-request.json +6 -6
- package/dist/lib/schemas-data/3.0/governance/report-plan-outcome-response.json +4 -4
- package/dist/lib/schemas-data/3.0/governance/sync-plans-request.json +13 -13
- package/dist/lib/schemas-data/3.0/governance/sync-plans-response.json +4 -4
- package/dist/lib/schemas-data/3.0/index.json +364 -364
- package/dist/lib/schemas-data/3.0/manifest.json +3 -3
- package/dist/lib/schemas-data/3.0/manifest.schema.json +1 -1
- package/dist/lib/schemas-data/3.0/media-buy/build-creative-async-response-input-required.json +4 -4
- package/dist/lib/schemas-data/3.0/media-buy/build-creative-async-response-submitted.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/build-creative-async-response-working.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/build-creative-request.json +11 -11
- package/dist/lib/schemas-data/3.0/media-buy/build-creative-response.json +17 -17
- package/dist/lib/schemas-data/3.0/media-buy/create-media-buy-async-response-input-required.json +4 -4
- package/dist/lib/schemas-data/3.0/media-buy/create-media-buy-async-response-submitted.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/create-media-buy-async-response-working.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/create-media-buy-request.json +12 -12
- package/dist/lib/schemas-data/3.0/media-buy/create-media-buy-response.json +15 -15
- package/dist/lib/schemas-data/3.0/media-buy/get-media-buy-delivery-request.json +17 -17
- package/dist/lib/schemas-data/3.0/media-buy/get-media-buy-delivery-response.json +24 -24
- package/dist/lib/schemas-data/3.0/media-buy/get-media-buys-request.json +7 -7
- package/dist/lib/schemas-data/3.0/media-buy/get-media-buys-response.json +19 -19
- package/dist/lib/schemas-data/3.0/media-buy/get-products-async-response-input-required.json +4 -4
- package/dist/lib/schemas-data/3.0/media-buy/get-products-async-response-submitted.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/get-products-async-response-working.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/get-products-request.json +11 -11
- package/dist/lib/schemas-data/3.0/media-buy/get-products-response.json +8 -8
- package/dist/lib/schemas-data/3.0/media-buy/list-creative-formats-request.json +11 -11
- package/dist/lib/schemas-data/3.0/media-buy/list-creative-formats-response.json +7 -7
- package/dist/lib/schemas-data/3.0/media-buy/log-event-request.json +4 -4
- package/dist/lib/schemas-data/3.0/media-buy/log-event-response.json +6 -6
- package/dist/lib/schemas-data/3.0/media-buy/package-request.json +12 -12
- package/dist/lib/schemas-data/3.0/media-buy/package-update.json +13 -13
- package/dist/lib/schemas-data/3.0/media-buy/provide-performance-feedback-request.json +6 -6
- package/dist/lib/schemas-data/3.0/media-buy/provide-performance-feedback-response.json +6 -6
- package/dist/lib/schemas-data/3.0/media-buy/sync-audiences-request.json +7 -7
- package/dist/lib/schemas-data/3.0/media-buy/sync-audiences-response.json +9 -9
- package/dist/lib/schemas-data/3.0/media-buy/sync-catalogs-async-response-input-required.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/sync-catalogs-async-response-submitted.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/sync-catalogs-async-response-working.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/sync-catalogs-request.json +7 -7
- package/dist/lib/schemas-data/3.0/media-buy/sync-catalogs-response.json +9 -9
- package/dist/lib/schemas-data/3.0/media-buy/sync-event-sources-request.json +5 -5
- package/dist/lib/schemas-data/3.0/media-buy/sync-event-sources-response.json +10 -10
- package/dist/lib/schemas-data/3.0/media-buy/update-media-buy-async-response-input-required.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/update-media-buy-async-response-submitted.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/update-media-buy-async-response-working.json +3 -3
- package/dist/lib/schemas-data/3.0/media-buy/update-media-buy-request.json +10 -10
- package/dist/lib/schemas-data/3.0/media-buy/update-media-buy-response.json +10 -10
- package/dist/lib/schemas-data/3.0/pricing-options/cpa-option.json +4 -4
- package/dist/lib/schemas-data/3.0/pricing-options/cpc-option.json +4 -4
- package/dist/lib/schemas-data/3.0/pricing-options/cpcv-option.json +4 -4
- package/dist/lib/schemas-data/3.0/pricing-options/cpm-option.json +4 -4
- package/dist/lib/schemas-data/3.0/pricing-options/cpp-option.json +5 -5
- package/dist/lib/schemas-data/3.0/pricing-options/cpv-option.json +4 -4
- package/dist/lib/schemas-data/3.0/pricing-options/flat-rate-option.json +4 -4
- package/dist/lib/schemas-data/3.0/pricing-options/price-breakdown.json +2 -2
- package/dist/lib/schemas-data/3.0/pricing-options/price-guidance.json +1 -1
- package/dist/lib/schemas-data/3.0/pricing-options/time-option.json +4 -4
- package/dist/lib/schemas-data/3.0/pricing-options/vcpm-option.json +4 -4
- package/dist/lib/schemas-data/3.0/property/authorization-result.json +1 -1
- package/dist/lib/schemas-data/3.0/property/base-property-source.json +4 -4
- package/dist/lib/schemas-data/3.0/property/create-property-list-request.json +7 -7
- package/dist/lib/schemas-data/3.0/property/create-property-list-response.json +4 -4
- package/dist/lib/schemas-data/3.0/property/delete-property-list-request.json +4 -4
- package/dist/lib/schemas-data/3.0/property/delete-property-list-response.json +3 -3
- package/dist/lib/schemas-data/3.0/property/delivery-record.json +3 -3
- package/dist/lib/schemas-data/3.0/property/get-property-list-request.json +4 -4
- package/dist/lib/schemas-data/3.0/property/get-property-list-response.json +7 -7
- package/dist/lib/schemas-data/3.0/property/list-property-lists-request.json +5 -5
- package/dist/lib/schemas-data/3.0/property/list-property-lists-response.json +5 -5
- package/dist/lib/schemas-data/3.0/property/property-error.json +2 -2
- package/dist/lib/schemas-data/3.0/property/property-feature-definition.json +2 -2
- package/dist/lib/schemas-data/3.0/property/property-feature-result.json +4 -4
- package/dist/lib/schemas-data/3.0/property/property-feature-value.json +2 -2
- package/dist/lib/schemas-data/3.0/property/property-feature.json +1 -1
- package/dist/lib/schemas-data/3.0/property/property-list-changed-webhook.json +2 -2
- package/dist/lib/schemas-data/3.0/property/property-list-filters.json +5 -5
- package/dist/lib/schemas-data/3.0/property/property-list.json +6 -6
- package/dist/lib/schemas-data/3.0/property/update-property-list-request.json +7 -7
- package/dist/lib/schemas-data/3.0/property/update-property-list-response.json +4 -4
- package/dist/lib/schemas-data/3.0/property/validate-property-delivery-request.json +5 -5
- package/dist/lib/schemas-data/3.0/property/validate-property-delivery-response.json +4 -4
- package/dist/lib/schemas-data/3.0/property/validation-result.json +5 -5
- package/dist/lib/schemas-data/3.0/protocol/get-adcp-capabilities-request.json +3 -3
- package/dist/lib/schemas-data/3.0/protocol/get-adcp-capabilities-response.json +57 -31
- package/dist/lib/schemas-data/3.0/signals/activate-signal-request.json +5 -5
- package/dist/lib/schemas-data/3.0/signals/activate-signal-response.json +7 -7
- package/dist/lib/schemas-data/3.0/signals/get-signals-request.json +8 -8
- package/dist/lib/schemas-data/3.0/signals/get-signals-response.json +10 -10
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-capabilities.json +1 -1
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-get-offering-request.json +3 -3
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-get-offering-response.json +4 -4
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-identity.json +1 -1
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-initiate-session-request.json +5 -5
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-initiate-session-response.json +7 -7
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-send-message-request.json +3 -3
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-send-message-response.json +7 -7
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-terminate-session-request.json +3 -3
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-terminate-session-response.json +5 -5
- package/dist/lib/schemas-data/3.0/sponsored-intelligence/si-ui-element.json +1 -1
- package/dist/lib/schemas-data/v2.5/_provenance.json +1 -1
- package/dist/lib/server/create-adcp-server.d.ts +26 -23
- package/dist/lib/server/create-adcp-server.d.ts.map +1 -1
- package/dist/lib/server/create-adcp-server.js.map +1 -1
- package/dist/lib/server/decisioning/runtime/entity-hydration.generated.js +1 -1
- package/dist/lib/server/decisioning/runtime/from-platform.d.ts.map +1 -1
- package/dist/lib/server/decisioning/runtime/from-platform.js +28 -0
- package/dist/lib/server/decisioning/runtime/from-platform.js.map +1 -1
- package/dist/lib/server/test-controller.d.ts +46 -1
- package/dist/lib/server/test-controller.d.ts.map +1 -1
- package/dist/lib/server/test-controller.js +49 -2
- package/dist/lib/server/test-controller.js.map +1 -1
- package/dist/lib/server/wire-spec-fields.generated.d.ts +29 -29
- package/dist/lib/server/wire-spec-fields.generated.js +31 -31
- package/dist/lib/signing/canonicalize.d.ts +53 -0
- package/dist/lib/signing/canonicalize.d.ts.map +1 -1
- package/dist/lib/signing/canonicalize.js +33 -1
- package/dist/lib/signing/canonicalize.js.map +1 -1
- package/dist/lib/signing/client.d.ts +6 -5
- package/dist/lib/signing/client.d.ts.map +1 -1
- package/dist/lib/signing/client.js +16 -1
- package/dist/lib/signing/client.js.map +1 -1
- package/dist/lib/signing/errors.d.ts +11 -0
- package/dist/lib/signing/errors.d.ts.map +1 -1
- package/dist/lib/signing/errors.js +11 -1
- package/dist/lib/signing/errors.js.map +1 -1
- package/dist/lib/signing/jwks-helpers.d.ts +4 -1
- package/dist/lib/signing/jwks-helpers.d.ts.map +1 -1
- package/dist/lib/signing/jwks-helpers.js.map +1 -1
- package/dist/lib/signing/provider.d.ts +17 -0
- package/dist/lib/signing/provider.d.ts.map +1 -1
- package/dist/lib/signing/replay.d.ts +16 -0
- package/dist/lib/signing/replay.d.ts.map +1 -1
- package/dist/lib/signing/replay.js.map +1 -1
- package/dist/lib/signing/request-context.d.ts +140 -0
- package/dist/lib/signing/request-context.d.ts.map +1 -0
- package/dist/lib/signing/request-context.js +160 -0
- package/dist/lib/signing/request-context.js.map +1 -0
- package/dist/lib/signing/response-verifier.d.ts +105 -0
- package/dist/lib/signing/response-verifier.d.ts.map +1 -0
- package/dist/lib/signing/response-verifier.js +271 -0
- package/dist/lib/signing/response-verifier.js.map +1 -0
- package/dist/lib/signing/server.d.ts +5 -3
- package/dist/lib/signing/server.d.ts.map +1 -1
- package/dist/lib/signing/server.js +13 -1
- package/dist/lib/signing/server.js.map +1 -1
- package/dist/lib/signing/signer-async.d.ts +8 -2
- package/dist/lib/signing/signer-async.d.ts.map +1 -1
- package/dist/lib/signing/signer-async.js +14 -0
- package/dist/lib/signing/signer-async.js.map +1 -1
- package/dist/lib/signing/signer.d.ts +149 -1
- package/dist/lib/signing/signer.d.ts.map +1 -1
- package/dist/lib/signing/signer.js +164 -0
- package/dist/lib/signing/signer.js.map +1 -1
- package/dist/lib/signing/testing.d.ts +10 -0
- package/dist/lib/signing/testing.d.ts.map +1 -1
- package/dist/lib/signing/testing.js +9 -0
- package/dist/lib/signing/testing.js.map +1 -1
- package/dist/lib/signing/types.d.ts +36 -0
- package/dist/lib/signing/types.d.ts.map +1 -1
- package/dist/lib/signing/types.js +37 -1
- package/dist/lib/signing/types.js.map +1 -1
- package/dist/lib/testing/comply-controller.d.ts +26 -1
- package/dist/lib/testing/comply-controller.d.ts.map +1 -1
- package/dist/lib/testing/comply-controller.js +17 -7
- package/dist/lib/testing/comply-controller.js.map +1 -1
- package/dist/lib/testing/index.d.ts +1 -1
- package/dist/lib/testing/index.d.ts.map +1 -1
- package/dist/lib/testing/index.js.map +1 -1
- package/dist/lib/testing/seed-merge.d.ts +4 -1
- package/dist/lib/testing/seed-merge.d.ts.map +1 -1
- package/dist/lib/testing/seed-merge.js +16 -3
- package/dist/lib/testing/seed-merge.js.map +1 -1
- package/dist/lib/testing/storyboard/default-invariants.d.ts +7 -0
- package/dist/lib/testing/storyboard/default-invariants.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/default-invariants.js +438 -0
- package/dist/lib/testing/storyboard/default-invariants.js.map +1 -1
- package/dist/lib/testing/storyboard/index.d.ts +2 -2
- package/dist/lib/testing/storyboard/index.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/index.js +3 -2
- package/dist/lib/testing/storyboard/index.js.map +1 -1
- package/dist/lib/testing/storyboard/probes.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/probes.js +48 -11
- package/dist/lib/testing/storyboard/probes.js.map +1 -1
- package/dist/lib/testing/storyboard/request-signing/builder.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/request-signing/builder.js +10 -1
- package/dist/lib/testing/storyboard/request-signing/builder.js.map +1 -1
- package/dist/lib/testing/storyboard/runner.d.ts +40 -0
- package/dist/lib/testing/storyboard/runner.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/runner.js +127 -19
- package/dist/lib/testing/storyboard/runner.js.map +1 -1
- package/dist/lib/testing/storyboard/types.d.ts +217 -8
- package/dist/lib/testing/storyboard/types.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/types.js +1 -0
- package/dist/lib/testing/storyboard/types.js.map +1 -1
- package/dist/lib/testing/storyboard/validations.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/validations.js +182 -0
- package/dist/lib/testing/storyboard/validations.js.map +1 -1
- package/dist/lib/types/core.generated.d.ts +3 -3
- package/dist/lib/types/core.generated.d.ts.map +1 -1
- package/dist/lib/types/core.generated.js +2 -2
- package/dist/lib/types/manifest.generated.d.ts +3 -3
- package/dist/lib/types/manifest.generated.js +1 -1
- package/dist/lib/types/schemas.generated.d.ts +1 -1
- package/dist/lib/types/schemas.generated.js +2 -2
- package/dist/lib/types/schemas.generated.js.map +1 -1
- package/dist/lib/types/tools.generated.d.ts +3 -3
- package/dist/lib/types/tools.generated.d.ts.map +1 -1
- package/dist/lib/validation/schema-loader.d.ts +31 -1
- package/dist/lib/validation/schema-loader.d.ts.map +1 -1
- package/dist/lib/validation/schema-loader.js +146 -2
- package/dist/lib/validation/schema-loader.js.map +1 -1
- package/dist/lib/version.d.ts +7 -7
- package/dist/lib/version.d.ts.map +1 -1
- package/dist/lib/version.js +6 -5
- package/dist/lib/version.js.map +1 -1
- package/docs/llms.txt +10 -7
- package/examples/hello_seller_adapter_guaranteed.ts +40 -1
- package/package.json +3 -2
- package/skills/build-seller-agent/SKILL.md +14 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/brand/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/creative/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/governance/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/creative-reception.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/create_media_buy_async.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/creative_fate_after_cancellation.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/delivery_reporting.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/governance_approved.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/governance_conditions.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/governance_denied.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/governance_denied_recovery.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/invalid_transitions.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/inventory_list_no_match.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/inventory_list_targeting.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/measurement_terms_rejected.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/pending_creatives_to_start.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/proposal_finalize.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/scenarios/refine_products.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/media-buy/state-machine.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/signals/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/domains/sponsored-intelligence/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/brand/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/creative/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/governance/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/creative-reception.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/create_media_buy_async.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/creative_fate_after_cancellation.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/delivery_reporting.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/governance_approved.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/governance_conditions.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/governance_denied.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/governance_denied_recovery.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/invalid_transitions.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/inventory_list_no_match.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/inventory_list_targeting.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/measurement_terms_rejected.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/pending_creatives_to_start.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/proposal_finalize.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/scenarios/refine_products.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/media-buy/state-machine.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/signals/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/protocols/sponsored-intelligence/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/audience-sync/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/brand-rights/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/collection-lists/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/content-standards/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/creative-ad-server/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/creative-generative/generative-seller.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/creative-generative/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/creative-template/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/governance-aware-seller/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/governance-delivery-monitor/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/governance-spend-authority/denied.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/governance-spend-authority/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/property-lists/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/sales-broadcast-tv/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/sales-catalog-driven/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/sales-guaranteed/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/sales-non-guaranteed/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/sales-proposal-mode/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/sales-social/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/signal-marketplace/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/signal-marketplace/scenarios/governance_denied.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/specialisms/signal-owned/index.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-kits/acme-outdoor.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-kits/bistro-oranje.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-kits/nova-motors.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-kits/osei-natural.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-kits/signed-requests-runner.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-kits/substitution-observer-runner.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-kits/summit-foods.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-kits/webhook-receiver-runner.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/001-minimal-plan.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/002-full-plan.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/003-bookkeeping-stripped.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/004a-human-review-omitted.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/004b-human-review-explicit-null.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/005a-policy-categories-order-1.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/005b-policy-categories-order-2.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/006a-ext-trace-v1.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/006b-ext-trace-v2.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/007-unicode-objectives.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/plan-hash/008-numeric-canonicalization.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/README.md +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/canonicalization.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/keys.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/001-no-signature-header.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/002-wrong-tag.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/003-expired-signature.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/004-window-too-long.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/005-alg-not-allowed.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/006-missing-covered-component.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/007-missing-content-digest.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/008-unknown-keyid.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/009-key-ops-missing-verify.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/010-content-digest-mismatch.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/011-malformed-header.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/012-missing-expires-param.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/013-expires-le-created.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/014-missing-nonce-param.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/015-signature-invalid.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/016-replayed-nonce.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/017-key-revoked.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/018-digest-covered-when-forbidden.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/019-signature-without-signature-input.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/020-rate-abuse.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/021-duplicate-signature-input-label.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/022-multi-valued-content-type.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/023-multi-valued-content-digest.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/024-unquoted-string-param.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/025-jwk-alg-crv-mismatch.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/026-non-ascii-host.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/negative/027-webhook-registration-authentication-unsigned.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/001-basic-post.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/002-post-with-content-digest.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/003-es256-post.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/004-multiple-signature-labels.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/005-default-port-stripped.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/006-dot-segment-path.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/007-query-byte-preserved.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/008-percent-encoded-path.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/009-percent-encoded-unreserved-decoded.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/010-percent-encoded-slash-preserved.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/011-ipv6-authority.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/request-signing/positive/012-ipv6-authority-default-port-stripped.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/README.md +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/keys.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/001-wrong-tag.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/002-expired-signature.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/003-window-too-long.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/004-alg-not-allowed.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/005-missing-authority-component.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/006-missing-content-digest.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/007-unknown-keyid.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/008-wrong-adcp-use.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/009-content-digest-mismatch.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/010-malformed-signature-input.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/011-signature-without-input.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/012-missing-expires-param.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/013-expires-le-created.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/014-missing-nonce-param.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/015-signature-invalid.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/016-replayed-nonce.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/017-key-revoked.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/018-rate-abuse.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/019-revocation-stale.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/020-key-ops-missing-verify.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/negative/021-base64-alphabet-mixing.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/positive/001-basic-post.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/positive/002-es256-post.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/positive/003-multiple-signature-labels.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/positive/004-default-port-stripped.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/positive/005-percent-encoded-path.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/positive/006-query-byte-preserved.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/test-vectors/webhook-signing/positive/007-body-without-idempotency-key.json +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/capability-discovery.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/collection-lists-pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/content-standards-pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/deterministic-testing.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/error-compliance.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/fictional-entities.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/get-media-buys-pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/get-signals-pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/idempotency.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/pagination-integrity-creative-formats.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/pagination-integrity-list-accounts.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/property-lists-pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/schema-validation.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/security.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/signed-requests.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/v3-envelope-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11 → 3.0.12}/universal/webhook-emission.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/brand/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/creative/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/governance/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/creative-reception.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/create_media_buy_async.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/creative_fate_after_cancellation.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/delivery_reporting.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/governance_approved.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/governance_conditions.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/governance_denied.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/governance_denied_recovery.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/invalid_transitions.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/inventory_list_no_match.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/inventory_list_targeting.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/measurement_terms_rejected.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/pending_creatives_to_start.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/proposal_finalize.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/scenarios/refine_products.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/media-buy/state-machine.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/signals/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/domains/sponsored-intelligence/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/brand/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/creative/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/governance/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/creative-reception.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/create_media_buy_async.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/creative_fate_after_cancellation.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/delivery_reporting.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/governance_approved.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/governance_conditions.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/governance_denied.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/governance_denied_recovery.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/invalid_transitions.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/inventory_list_no_match.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/inventory_list_targeting.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/measurement_terms_rejected.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/pending_creatives_to_start.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/proposal_finalize.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/scenarios/refine_products.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/media-buy/state-machine.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/signals/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/protocols/sponsored-intelligence/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/audience-sync/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/brand-rights/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/collection-lists/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/content-standards/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/creative-ad-server/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/creative-generative/generative-seller.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/creative-generative/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/creative-template/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/governance-aware-seller/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/governance-delivery-monitor/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/governance-spend-authority/denied.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/governance-spend-authority/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/property-lists/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/sales-broadcast-tv/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/sales-catalog-driven/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/sales-guaranteed/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/sales-non-guaranteed/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/sales-proposal-mode/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/sales-social/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/signal-marketplace/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/signal-marketplace/scenarios/governance_denied.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/specialisms/signal-owned/index.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-kits/acme-outdoor.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-kits/bistro-oranje.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-kits/nova-motors.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-kits/osei-natural.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-kits/signed-requests-runner.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-kits/substitution-observer-runner.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-kits/summit-foods.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-kits/webhook-receiver-runner.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/001-minimal-plan.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/002-full-plan.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/003-bookkeeping-stripped.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/004a-human-review-omitted.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/004b-human-review-explicit-null.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/005a-policy-categories-order-1.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/005b-policy-categories-order-2.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/006a-ext-trace-v1.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/006b-ext-trace-v2.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/007-unicode-objectives.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/plan-hash/008-numeric-canonicalization.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/README.md +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/canonicalization.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/keys.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/001-no-signature-header.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/002-wrong-tag.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/003-expired-signature.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/004-window-too-long.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/005-alg-not-allowed.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/006-missing-covered-component.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/007-missing-content-digest.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/008-unknown-keyid.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/009-key-ops-missing-verify.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/010-content-digest-mismatch.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/011-malformed-header.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/012-missing-expires-param.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/013-expires-le-created.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/014-missing-nonce-param.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/015-signature-invalid.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/016-replayed-nonce.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/017-key-revoked.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/018-digest-covered-when-forbidden.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/019-signature-without-signature-input.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/020-rate-abuse.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/021-duplicate-signature-input-label.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/022-multi-valued-content-type.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/023-multi-valued-content-digest.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/024-unquoted-string-param.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/025-jwk-alg-crv-mismatch.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/026-non-ascii-host.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/negative/027-webhook-registration-authentication-unsigned.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/001-basic-post.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/002-post-with-content-digest.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/003-es256-post.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/004-multiple-signature-labels.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/005-default-port-stripped.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/006-dot-segment-path.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/007-query-byte-preserved.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/008-percent-encoded-path.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/009-percent-encoded-unreserved-decoded.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/010-percent-encoded-slash-preserved.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/011-ipv6-authority.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/request-signing/positive/012-ipv6-authority-default-port-stripped.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/README.md +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/keys.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/001-wrong-tag.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/002-expired-signature.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/003-window-too-long.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/004-alg-not-allowed.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/005-missing-authority-component.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/006-missing-content-digest.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/007-unknown-keyid.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/008-wrong-adcp-use.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/009-content-digest-mismatch.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/010-malformed-signature-input.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/011-signature-without-input.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/012-missing-expires-param.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/013-expires-le-created.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/014-missing-nonce-param.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/015-signature-invalid.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/016-replayed-nonce.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/017-key-revoked.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/018-rate-abuse.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/019-revocation-stale.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/020-key-ops-missing-verify.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/negative/021-base64-alphabet-mixing.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/positive/001-basic-post.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/positive/002-es256-post.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/positive/003-multiple-signature-labels.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/positive/004-default-port-stripped.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/positive/005-percent-encoded-path.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/positive/006-query-byte-preserved.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/test-vectors/webhook-signing/positive/007-body-without-idempotency-key.json +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/capability-discovery.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/collection-lists-pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/content-standards-pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/deterministic-testing.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/error-compliance.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/fictional-entities.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/get-media-buys-pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/get-signals-pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/idempotency.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/pagination-integrity-creative-formats.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/pagination-integrity-list-accounts.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/property-lists-pagination-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/schema-validation.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/security.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/signed-requests.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/v3-envelope-integrity.yaml +0 -0
- /package/compliance/cache/{3.0.11.previous → 3.0.12.previous}/universal/webhook-emission.yaml +0 -0
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Adapter helpers that construct the `{ method, url }` shape that
|
|
4
|
+
* `ResponseLike.request` (and any other caller binding RFC 9421 derived
|
|
5
|
+
* components back to an originating request) requires.
|
|
6
|
+
*
|
|
7
|
+
* Why this exists: `ResponseLike.request.url` MUST be an absolute URL —
|
|
8
|
+
* `canonicalAuthority` / `canonicalTargetUri` parse via `new URL(...)` and
|
|
9
|
+
* throw on a relative path. Express handlers ship `req.url` / `req.originalUrl`
|
|
10
|
+
* as path-only, so adopters reconstruct via
|
|
11
|
+
* `${req.protocol}://${req.get('host')}${req.originalUrl}`. But `req.protocol`
|
|
12
|
+
* lies behind a TLS-terminating proxy unless `trust proxy` is set, and
|
|
13
|
+
* `req.get('host')` is attacker-controllable absent a Host allowlist. A
|
|
14
|
+
* hostile peer that controls these headers can rebind a signature to
|
|
15
|
+
* `attacker.example.com` while the operator believes they're signing for
|
|
16
|
+
* `seller.example.com`.
|
|
17
|
+
*
|
|
18
|
+
* The library can warn (JSDoc on `ResponseLike.request`) but can't enforce.
|
|
19
|
+
* These helpers make the safe path the default path — pass them an inbound
|
|
20
|
+
* request handle from your platform and they emit a hardened
|
|
21
|
+
* `{ method, url }` shape.
|
|
22
|
+
*/
|
|
23
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
24
|
+
exports.requestContextFromExpress = requestContextFromExpress;
|
|
25
|
+
exports.requestContextFromFetch = requestContextFromFetch;
|
|
26
|
+
exports.requestContextFromLambda = requestContextFromLambda;
|
|
27
|
+
/**
|
|
28
|
+
* Construct a hardened `{ method, url }` from an Express request.
|
|
29
|
+
*
|
|
30
|
+
* **You MUST configure `app.set('trust proxy', ...)`** with the IPs of
|
|
31
|
+
* your trusted reverse proxies before relying on this helper. Without
|
|
32
|
+
* `trust proxy`, Express returns the literal `req.connection.remoteAddress`
|
|
33
|
+
* for `req.protocol` and `req.ip` — which a TLS-terminating proxy will
|
|
34
|
+
* always set to the proxy's address, leaving you blind to whether the
|
|
35
|
+
* original request actually arrived over HTTPS. This helper trusts what
|
|
36
|
+
* Express tells it; the operator is responsible for telling Express what
|
|
37
|
+
* to trust.
|
|
38
|
+
*
|
|
39
|
+
* Throws when the `Host` header is missing, doesn't match `hostAllowlist`,
|
|
40
|
+
* or when the scheme is not `https` (unless `forceHttps: false`).
|
|
41
|
+
*/
|
|
42
|
+
function requestContextFromExpress(req, options = {}) {
|
|
43
|
+
const host = normalizeHost(req.get('host'));
|
|
44
|
+
if (!host) {
|
|
45
|
+
throw new TypeError('requestContextFromExpress: Host header is missing. ' +
|
|
46
|
+
'Express returned no `host` — either the inbound request omitted it, or your reverse proxy stripped it.');
|
|
47
|
+
}
|
|
48
|
+
if (options.hostAllowlist && !hostMatchesAllowlist(host, options.hostAllowlist)) {
|
|
49
|
+
throw new TypeError(`requestContextFromExpress: Host "${host}" is not in hostAllowlist. ` +
|
|
50
|
+
`A hostile peer may be trying to rebind your signature origin via Host-header injection. ` +
|
|
51
|
+
`Add the legitimate value to hostAllowlist, or fix your proxy's Host handling.`);
|
|
52
|
+
}
|
|
53
|
+
const protocol = req.protocol;
|
|
54
|
+
const forceHttps = options.forceHttps !== false;
|
|
55
|
+
if (forceHttps && protocol !== 'https') {
|
|
56
|
+
throw new TypeError(`requestContextFromExpress: protocol is "${protocol}", not "https". ` +
|
|
57
|
+
`Set app.set('trust proxy', ...) so Express sees the X-Forwarded-Proto header, ` +
|
|
58
|
+
`or pass forceHttps: false for local dev (loopback / mock-server testing).`);
|
|
59
|
+
}
|
|
60
|
+
// Defense-in-depth: reject userinfo in originalUrl. A malicious middleware
|
|
61
|
+
// could mutate req.originalUrl to inject `user@` between host and path —
|
|
62
|
+
// canonicalAuthority would then sign the userinfo-bearing variant. Express
|
|
63
|
+
// doesn't normally carry userinfo here but we check rather than trust.
|
|
64
|
+
if (/[@]/.test(req.originalUrl.split('?')[0] ?? '')) {
|
|
65
|
+
throw new TypeError('requestContextFromExpress: originalUrl path must not embed userinfo (@).');
|
|
66
|
+
}
|
|
67
|
+
return { method: req.method, url: `${protocol}://${host}${req.originalUrl}` };
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Construct `{ method, url }` from a Fetch / WHATWG `Request`. Trivial
|
|
71
|
+
* passthrough; included for API symmetry with the Express / Lambda
|
|
72
|
+
* helpers. No proxy hardening needed — `request.url` is the absolute URL
|
|
73
|
+
* the runtime constructed from the wire, and Workers / Deno / Bun all
|
|
74
|
+
* terminate TLS at the edge so `https` is honest.
|
|
75
|
+
*/
|
|
76
|
+
function requestContextFromFetch(request) {
|
|
77
|
+
// WHATWG accepts `https://user:pw@host/path` as a valid Request URL and
|
|
78
|
+
// echoes it back verbatim. `canonicalAuthority` would then sign the
|
|
79
|
+
// userinfo-bearing form, splitting the signature namespace between
|
|
80
|
+
// userinfo and userinfo-stripped variants of the same logical origin.
|
|
81
|
+
// Reject at construction time — userinfo never belongs in a signed
|
|
82
|
+
// `@authority` / `@target-uri`.
|
|
83
|
+
let parsed;
|
|
84
|
+
try {
|
|
85
|
+
parsed = new URL(request.url);
|
|
86
|
+
}
|
|
87
|
+
catch {
|
|
88
|
+
throw new TypeError(`requestContextFromFetch: request.url "${request.url}" is not a parseable URL.`);
|
|
89
|
+
}
|
|
90
|
+
if (parsed.username || parsed.password) {
|
|
91
|
+
throw new TypeError('requestContextFromFetch: request.url must not embed userinfo. ' +
|
|
92
|
+
'A signed @authority component with userinfo creates a verifier-splitting confusion vector.');
|
|
93
|
+
}
|
|
94
|
+
return { method: request.method, url: request.url };
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* Construct `{ method, url }` from an AWS Lambda API Gateway v2 / ALB
|
|
98
|
+
* event. Reads `requestContext.domainName` for the authority, `rawPath` +
|
|
99
|
+
* `rawQueryString` for the target (v2 / ALB), falling back to `path` +
|
|
100
|
+
* `queryStringParameters` reconstruction (v1).
|
|
101
|
+
*
|
|
102
|
+
* Always emits `https://` — Lambda is not addressable over plain HTTP
|
|
103
|
+
* through API Gateway / ALB in any documented configuration.
|
|
104
|
+
*/
|
|
105
|
+
function requestContextFromLambda(event, options = {}) {
|
|
106
|
+
const domainName = event.requestContext.domainName;
|
|
107
|
+
if (!domainName) {
|
|
108
|
+
throw new TypeError('requestContextFromLambda: event.requestContext.domainName is missing. ' +
|
|
109
|
+
'API Gateway v2 / ALB events should always carry this; ' +
|
|
110
|
+
'is this event shaped like something else?');
|
|
111
|
+
}
|
|
112
|
+
const host = normalizeHost(domainName);
|
|
113
|
+
if (!host) {
|
|
114
|
+
throw new TypeError('requestContextFromLambda: domainName is empty after normalization.');
|
|
115
|
+
}
|
|
116
|
+
if (options.hostAllowlist && !hostMatchesAllowlist(host, options.hostAllowlist)) {
|
|
117
|
+
throw new TypeError(`requestContextFromLambda: domainName "${host}" is not in hostAllowlist. ` +
|
|
118
|
+
`Multi-tenant API Gateway misroute? Add the legitimate value, or fix the API mapping.`);
|
|
119
|
+
}
|
|
120
|
+
const method = event.requestContext.http?.method ?? event.requestContext.httpMethod ?? event.httpMethod;
|
|
121
|
+
if (!method) {
|
|
122
|
+
throw new TypeError('requestContextFromLambda: HTTP method is missing from the event.');
|
|
123
|
+
}
|
|
124
|
+
const path = event.rawPath ?? event.path ?? '/';
|
|
125
|
+
// Lambda's domainName won't carry a trailing dot in supported configs but
|
|
126
|
+
// we normalize here so a future shape change can't bypass the allowlist.
|
|
127
|
+
let url = `https://${host}${path}`;
|
|
128
|
+
if (event.rawQueryString) {
|
|
129
|
+
url += `?${event.rawQueryString}`;
|
|
130
|
+
}
|
|
131
|
+
else if (event.queryStringParameters) {
|
|
132
|
+
const params = Object.entries(event.queryStringParameters)
|
|
133
|
+
.filter(([, v]) => v !== undefined)
|
|
134
|
+
.map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`);
|
|
135
|
+
if (params.length)
|
|
136
|
+
url += `?${params.join('&')}`;
|
|
137
|
+
}
|
|
138
|
+
return { method, url };
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Normalize a Host / domainName value for allowlist comparison. Lowercase
|
|
142
|
+
* + trim handle the obvious cases; trailing-dot stripping closes a
|
|
143
|
+
* documented Host-header bypass where `example.com.` is a distinct string
|
|
144
|
+
* from `example.com` on some stacks. IPv6 brackets are preserved so the
|
|
145
|
+
* allowlist entry and the inbound value agree on bracket presence.
|
|
146
|
+
*/
|
|
147
|
+
function normalizeHost(raw) {
|
|
148
|
+
if (!raw)
|
|
149
|
+
return '';
|
|
150
|
+
let h = raw.trim().toLowerCase();
|
|
151
|
+
// Strip trailing dot from FQDN. Bracketed IPv6 cannot legitimately
|
|
152
|
+
// carry a trailing dot, so this only fires on hostnames.
|
|
153
|
+
if (h.endsWith('.') && !h.endsWith(']'))
|
|
154
|
+
h = h.slice(0, -1);
|
|
155
|
+
return h;
|
|
156
|
+
}
|
|
157
|
+
function hostMatchesAllowlist(host, allowlist) {
|
|
158
|
+
return allowlist.some(entry => normalizeHost(entry) === host);
|
|
159
|
+
}
|
|
160
|
+
//# sourceMappingURL=request-context.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request-context.js","sourceRoot":"","sources":["../../../src/lib/signing/request-context.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;AAsDH,8DAmCC;AAmBD,0DAoBC;AAyCD,4DAuCC;AAzKD;;;;;;;;;;;;;;GAcG;AACH,SAAgB,yBAAyB,CACvC,GAAuB,EACvB,UAA4C,EAAE;IAE9C,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,SAAS,CACjB,qDAAqD;YACnD,wGAAwG,CAC3G,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,aAAa,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;QAChF,MAAM,IAAI,SAAS,CACjB,oCAAoC,IAAI,6BAA6B;YACnE,0FAA0F;YAC1F,+EAA+E,CAClF,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,KAAK,KAAK,CAAC;IAChD,IAAI,UAAU,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CACjB,2CAA2C,QAAQ,kBAAkB;YACnE,gFAAgF;YAChF,2EAA2E,CAC9E,CAAC;IACJ,CAAC;IACD,2EAA2E;IAC3E,yEAAyE;IACzE,2EAA2E;IAC3E,uEAAuE;IACvE,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,SAAS,CAAC,0EAA0E,CAAC,CAAC;IAClG,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;AAChF,CAAC;AAYD;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,OAAyB;IAC/D,wEAAwE;IACxE,oEAAoE;IACpE,mEAAmE;IACnE,sEAAsE;IACtE,mEAAmE;IACnE,gCAAgC;IAChC,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,SAAS,CAAC,yCAAyC,OAAO,CAAC,GAAG,2BAA2B,CAAC,CAAC;IACvG,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CACjB,gEAAgE;YAC9D,4FAA4F,CAC/F,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;AACtD,CAAC;AAgCD;;;;;;;;GAQG;AACH,SAAgB,wBAAwB,CACtC,KAAyB,EACzB,UAA2C,EAAE;IAE7C,MAAM,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC;IACnD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,SAAS,CACjB,wEAAwE;YACtE,wDAAwD;YACxD,2CAA2C,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IACvC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,SAAS,CAAC,oEAAoE,CAAC,CAAC;IAC5F,CAAC;IACD,IAAI,OAAO,CAAC,aAAa,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;QAChF,MAAM,IAAI,SAAS,CACjB,yCAAyC,IAAI,6BAA6B;YACxE,sFAAsF,CACzF,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,UAAU,IAAI,KAAK,CAAC,UAAU,CAAC;IACxG,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,SAAS,CAAC,kEAAkE,CAAC,CAAC;IAC1F,CAAC;IACD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,IAAI,IAAI,GAAG,CAAC;IAChD,0EAA0E;IAC1E,yEAAyE;IACzE,IAAI,GAAG,GAAG,WAAW,IAAI,GAAG,IAAI,EAAE,CAAC;IACnC,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;QACzB,GAAG,IAAI,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;IACpC,CAAC;SAAM,IAAI,KAAK,CAAC,qBAAqB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC;aACvD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC,IAAI,kBAAkB,CAAC,CAAW,CAAC,EAAE,CAAC,CAAC;QAClF,IAAI,MAAM,CAAC,MAAM;YAAE,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IACnD,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACzB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,GAAuB;IAC5C,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACjC,mEAAmE;IACnE,yDAAyD;IACzD,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY,EAAE,SAAgC;IAC1E,OAAO,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC;AAChE,CAAC"}
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* RFC 9421 response-signing verifier (§2.2.9).
|
|
3
|
+
*
|
|
4
|
+
* Companion to `verifier.ts` (request signatures) and `webhook-verifier.ts`
|
|
5
|
+
* (webhook callbacks). This verifier runs on the buyer / receiver side of
|
|
6
|
+
* a signed response: a client receives a response from a seller agent and
|
|
7
|
+
* hands it here, with the originating request URL the client sent, for
|
|
8
|
+
* signature validation before parsing the body.
|
|
9
|
+
*
|
|
10
|
+
* Distinct from request / webhook signing:
|
|
11
|
+
* - Tag: `adcp/response-signing/v1`.
|
|
12
|
+
* - Key purpose: `adcp_use: "response-signing"`.
|
|
13
|
+
* - Default covered components: `@status`, `@authority`, `@target-uri`,
|
|
14
|
+
* plus `content-type` + `content-digest` when the body is non-empty.
|
|
15
|
+
* - The originating request URL is carried explicitly on `ResponseLike.request`
|
|
16
|
+
* because RFC 9421 §2.2 binds response signatures to their request
|
|
17
|
+
* context via `@authority` and `@target-uri`. The client supplies the URL
|
|
18
|
+
* it actually sent — a malformed reconstruction (e.g. `req.protocol`
|
|
19
|
+
* lying behind a proxy) will trip step 6a or fail the crypto check.
|
|
20
|
+
*
|
|
21
|
+
* Checklist steps below mirror the 13-step shape in `webhook-verifier.ts`
|
|
22
|
+
* so failures point at the same step numbers the request and webhook
|
|
23
|
+
* verifiers use. Numbers are 1-based.
|
|
24
|
+
*/
|
|
25
|
+
import { type ResponseLike } from './canonicalize';
|
|
26
|
+
import type { JwksResolver } from './jwks';
|
|
27
|
+
import { type ReplayStore } from './replay';
|
|
28
|
+
import { type RevocationStore } from './revocation';
|
|
29
|
+
export interface VerifyResponseOptions {
|
|
30
|
+
jwks: JwksResolver;
|
|
31
|
+
replayStore: ReplayStore;
|
|
32
|
+
revocationStore: RevocationStore;
|
|
33
|
+
/** Now in seconds since epoch. Defaults to `Date.now() / 1000`. */
|
|
34
|
+
now?: () => number;
|
|
35
|
+
/**
|
|
36
|
+
* Optional tag override — spec currently defines exactly
|
|
37
|
+
* `adcp/response-signing/v1`; the override lets test vectors pin a
|
|
38
|
+
* version.
|
|
39
|
+
*/
|
|
40
|
+
requiredTag?: string;
|
|
41
|
+
/** Optional reverse-lookup (kid → publisher URL) for result attribution. */
|
|
42
|
+
agentUrlForKeyid?: (keyid: string) => string | undefined;
|
|
43
|
+
}
|
|
44
|
+
export interface VerifyResponseResult {
|
|
45
|
+
status: 'verified';
|
|
46
|
+
keyid: string;
|
|
47
|
+
agent_url?: string;
|
|
48
|
+
verified_at: number;
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Verify an inbound response's RFC 9421 signature.
|
|
52
|
+
*
|
|
53
|
+
* Ordering invariant matches the webhook verifier: cheap invariant checks
|
|
54
|
+
* (tag, alg, window, components) run before JWKS resolution; revocation and
|
|
55
|
+
* rate-abuse run before cryptographic verify so an attacker can't amplify
|
|
56
|
+
* Ed25519/ECDSA work. Replay insert commits only after every earlier check
|
|
57
|
+
* passes — any signature failing crypto verify never consumes a cap entry.
|
|
58
|
+
*
|
|
59
|
+
* The replay scope is `(keyid, @target-uri-of-originating-request)`. Two
|
|
60
|
+
* responses to two different request URLs under the same keyid use
|
|
61
|
+
* independent replay budgets — same shape as webhook verification.
|
|
62
|
+
*
|
|
63
|
+
* Throws {@link ResponseSignatureError} on the first failed step.
|
|
64
|
+
*/
|
|
65
|
+
export declare function verifyResponseSignature(response: ResponseLike, options: VerifyResponseOptions): Promise<VerifyResponseResult>;
|
|
66
|
+
/**
|
|
67
|
+
* Options for {@link createResponseVerifier}. Identical to
|
|
68
|
+
* {@link VerifyResponseOptions} except `replayStore` and `revocationStore`
|
|
69
|
+
* are optional — the factory defaults them once at creation time so replay
|
|
70
|
+
* state is shared across every response the returned verifier handles.
|
|
71
|
+
*/
|
|
72
|
+
export interface CreateResponseVerifierOptions extends Omit<VerifyResponseOptions, 'replayStore' | 'revocationStore'> {
|
|
73
|
+
/**
|
|
74
|
+
* Stores `(keyid, scope, nonce)` tuples for replay detection. Defaults to
|
|
75
|
+
* a fresh {@link InMemoryReplayStore} — suitable for single-process
|
|
76
|
+
* deployments only. **Multi-replica deployments MUST pass an explicit
|
|
77
|
+
* shared store** (Redis, Postgres, etc.); the default in-memory store
|
|
78
|
+
* does not survive process boundaries, so a signature accepted on
|
|
79
|
+
* replica A is invisible to replica B and can be replayed there within
|
|
80
|
+
* the signature window.
|
|
81
|
+
*/
|
|
82
|
+
replayStore?: ReplayStore;
|
|
83
|
+
/**
|
|
84
|
+
* Consulted for revoked `kid` before accepting a signature. Defaults to a
|
|
85
|
+
* fresh {@link InMemoryRevocationStore}, which starts empty and does not
|
|
86
|
+
* poll for updates. Pass a store backed by your secrets manager or admin
|
|
87
|
+
* tooling when you revoke keys at runtime.
|
|
88
|
+
*/
|
|
89
|
+
revocationStore?: RevocationStore;
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Create a bound response-signature verifier with shared replay and
|
|
93
|
+
* revocation stores. Mirrors {@link createWebhookVerifier} for the response
|
|
94
|
+
* profile.
|
|
95
|
+
*
|
|
96
|
+
* **Why a factory?** Replay detection requires the same store instance to
|
|
97
|
+
* be consulted across every response. Constructing stores inside a
|
|
98
|
+
* per-response call would silently defeat replay dedup. The factory pattern
|
|
99
|
+
* captures stores in closure scope at wire-up time.
|
|
100
|
+
*
|
|
101
|
+
* **Multi-replica deployments MUST pass an explicit `replayStore`** backed
|
|
102
|
+
* by a shared persistence layer.
|
|
103
|
+
*/
|
|
104
|
+
export declare function createResponseVerifier(options: CreateResponseVerifierOptions): (response: ResponseLike) => Promise<VerifyResponseResult>;
|
|
105
|
+
//# sourceMappingURL=response-verifier.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"response-verifier.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/response-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAkE,KAAK,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAKnH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAC3C,OAAO,EAAuB,KAAK,WAAW,EAAE,MAAM,UAAU,CAAC;AACjE,OAAO,EAA2B,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAS7E,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,WAAW,CAAC;IACzB,eAAe,EAAE,eAAe,CAAC;IACjC,mEAAmE;IACnE,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IACnB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;CAC1D;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,UAAU,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,oBAAoB,CAAC,CAuM/B;AAkHD;;;;;GAKG;AACH,MAAM,WAAW,6BAA8B,SAAQ,IAAI,CAAC,qBAAqB,EAAE,aAAa,GAAG,iBAAiB,CAAC;IACnH;;;;;;;;OAQG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B;;;;;OAKG;IACH,eAAe,CAAC,EAAE,eAAe,CAAC;CACnC;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,6BAA6B,GACrC,CAAC,QAAQ,EAAE,YAAY,KAAK,OAAO,CAAC,oBAAoB,CAAC,CAI3D"}
|
|
@@ -0,0 +1,271 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* RFC 9421 response-signing verifier (§2.2.9).
|
|
4
|
+
*
|
|
5
|
+
* Companion to `verifier.ts` (request signatures) and `webhook-verifier.ts`
|
|
6
|
+
* (webhook callbacks). This verifier runs on the buyer / receiver side of
|
|
7
|
+
* a signed response: a client receives a response from a seller agent and
|
|
8
|
+
* hands it here, with the originating request URL the client sent, for
|
|
9
|
+
* signature validation before parsing the body.
|
|
10
|
+
*
|
|
11
|
+
* Distinct from request / webhook signing:
|
|
12
|
+
* - Tag: `adcp/response-signing/v1`.
|
|
13
|
+
* - Key purpose: `adcp_use: "response-signing"`.
|
|
14
|
+
* - Default covered components: `@status`, `@authority`, `@target-uri`,
|
|
15
|
+
* plus `content-type` + `content-digest` when the body is non-empty.
|
|
16
|
+
* - The originating request URL is carried explicitly on `ResponseLike.request`
|
|
17
|
+
* because RFC 9421 §2.2 binds response signatures to their request
|
|
18
|
+
* context via `@authority` and `@target-uri`. The client supplies the URL
|
|
19
|
+
* it actually sent — a malformed reconstruction (e.g. `req.protocol`
|
|
20
|
+
* lying behind a proxy) will trip step 6a or fail the crypto check.
|
|
21
|
+
*
|
|
22
|
+
* Checklist steps below mirror the 13-step shape in `webhook-verifier.ts`
|
|
23
|
+
* so failures point at the same step numbers the request and webhook
|
|
24
|
+
* verifiers use. Numbers are 1-based.
|
|
25
|
+
*/
|
|
26
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
27
|
+
exports.verifyResponseSignature = verifyResponseSignature;
|
|
28
|
+
exports.createResponseVerifier = createResponseVerifier;
|
|
29
|
+
const canonicalize_1 = require("./canonicalize");
|
|
30
|
+
const content_digest_1 = require("./content-digest");
|
|
31
|
+
const errors_1 = require("./errors");
|
|
32
|
+
const parser_1 = require("./parser");
|
|
33
|
+
const crypto_1 = require("./crypto");
|
|
34
|
+
const replay_1 = require("./replay");
|
|
35
|
+
const revocation_1 = require("./revocation");
|
|
36
|
+
const types_1 = require("./types");
|
|
37
|
+
/**
|
|
38
|
+
* Verify an inbound response's RFC 9421 signature.
|
|
39
|
+
*
|
|
40
|
+
* Ordering invariant matches the webhook verifier: cheap invariant checks
|
|
41
|
+
* (tag, alg, window, components) run before JWKS resolution; revocation and
|
|
42
|
+
* rate-abuse run before cryptographic verify so an attacker can't amplify
|
|
43
|
+
* Ed25519/ECDSA work. Replay insert commits only after every earlier check
|
|
44
|
+
* passes — any signature failing crypto verify never consumes a cap entry.
|
|
45
|
+
*
|
|
46
|
+
* The replay scope is `(keyid, @target-uri-of-originating-request)`. Two
|
|
47
|
+
* responses to two different request URLs under the same keyid use
|
|
48
|
+
* independent replay budgets — same shape as webhook verification.
|
|
49
|
+
*
|
|
50
|
+
* Throws {@link ResponseSignatureError} on the first failed step.
|
|
51
|
+
*/
|
|
52
|
+
async function verifyResponseSignature(response, options) {
|
|
53
|
+
const now = options.now ? options.now() : Math.floor(Date.now() / 1000);
|
|
54
|
+
const requiredTag = options.requiredTag ?? types_1.RESPONSE_SIGNING_TAG;
|
|
55
|
+
// Step 1: both signature headers present AND parseable. Bound-pair rule.
|
|
56
|
+
const sigInputHeader = (0, canonicalize_1.getHeaderValue)(response.headers, 'Signature-Input');
|
|
57
|
+
const sigHeader = (0, canonicalize_1.getHeaderValue)(response.headers, 'Signature');
|
|
58
|
+
if (!sigInputHeader || !sigHeader) {
|
|
59
|
+
throw new errors_1.ResponseSignatureError('response_signature_header_malformed', 1, 'Response is missing Signature or Signature-Input headers.');
|
|
60
|
+
}
|
|
61
|
+
let parsedInput;
|
|
62
|
+
let parsedSig;
|
|
63
|
+
try {
|
|
64
|
+
parsedInput = (0, parser_1.parseSignatureInput)(sigInputHeader);
|
|
65
|
+
parsedSig = (0, parser_1.parseSignature)(sigHeader, parsedInput.label);
|
|
66
|
+
}
|
|
67
|
+
catch (err) {
|
|
68
|
+
throw new errors_1.ResponseSignatureError('response_signature_header_malformed', 1, err instanceof Error ? err.message : String(err));
|
|
69
|
+
}
|
|
70
|
+
// Step 2: required params present.
|
|
71
|
+
requireParams(parsedInput);
|
|
72
|
+
// Step 3: tag match.
|
|
73
|
+
if (parsedInput.params.tag !== requiredTag) {
|
|
74
|
+
throw new errors_1.ResponseSignatureError('response_signature_tag_invalid', 3, `Signature tag must be "${requiredTag}"; got "${parsedInput.params.tag}".`);
|
|
75
|
+
}
|
|
76
|
+
// Step 4: alg allowlist.
|
|
77
|
+
if (!types_1.ALLOWED_ALGS.has(parsedInput.params.alg)) {
|
|
78
|
+
throw new errors_1.ResponseSignatureError('response_signature_alg_not_allowed', 4, `Signature alg "${parsedInput.params.alg}" is not in the AdCP allowlist.`);
|
|
79
|
+
}
|
|
80
|
+
// Step 5: window valid.
|
|
81
|
+
validateWindow(parsedInput.params.created, parsedInput.params.expires, now);
|
|
82
|
+
// Step 6: covered components must include the response-signing mandatory set.
|
|
83
|
+
validateCoveredComponents(parsedInput.components, response.body);
|
|
84
|
+
// Step 6a: `@target-uri` syntactic validation against the originating-
|
|
85
|
+
// request URL the caller passed in. Same rationale as the webhook
|
|
86
|
+
// verifier — flag dangerous URI shapes (non-https, userinfo, fragment)
|
|
87
|
+
// before cryptographic work. Distinct from `header_malformed`, which
|
|
88
|
+
// flags the Signature / Signature-Input headers.
|
|
89
|
+
//
|
|
90
|
+
// Note: response-side `@target-uri` comes from `response.request.url`,
|
|
91
|
+
// which is the *client's* reconstruction of what they sent. This check
|
|
92
|
+
// most often fires on caller-side bugs (Express `req.protocol` lying
|
|
93
|
+
// behind a non-trust-proxy reverse proxy → http://...) rather than on
|
|
94
|
+
// wire-level attacker payloads. See ResponseLike.request JSDoc.
|
|
95
|
+
validateTargetUri(response.request.url);
|
|
96
|
+
// Step 7: resolve keyid.
|
|
97
|
+
const jwk = await options.jwks.resolve(parsedInput.params.keyid);
|
|
98
|
+
if (!jwk) {
|
|
99
|
+
throw new errors_1.ResponseSignatureError('response_signature_key_unknown', 7, `No JWK found for keyid "${parsedInput.params.keyid}".`);
|
|
100
|
+
}
|
|
101
|
+
if (jwk.kid !== parsedInput.params.keyid) {
|
|
102
|
+
throw new errors_1.ResponseSignatureError('response_signature_key_unknown', 7, `JWKS resolver returned a JWK whose kid "${jwk.kid}" does not match requested keyid "${parsedInput.params.keyid}".`);
|
|
103
|
+
}
|
|
104
|
+
// Step 8: key purpose — MUST be scoped for response signing.
|
|
105
|
+
//
|
|
106
|
+
// Same split as webhook: "no purpose declared" vs "declared but wrong".
|
|
107
|
+
// The former needs the publisher to add a purpose; the latter needs a
|
|
108
|
+
// new keypair (purpose binding is the whole point of `adcp_use`).
|
|
109
|
+
if (jwk.adcp_use === undefined || !jwk.key_ops?.includes('verify')) {
|
|
110
|
+
throw new errors_1.ResponseSignatureError('response_signature_key_purpose_invalid', 8, `JWK "${jwk.kid}" is not scoped for response-signing verification.`);
|
|
111
|
+
}
|
|
112
|
+
if (jwk.adcp_use !== 'response-signing') {
|
|
113
|
+
throw new errors_1.ResponseSignatureError('response_mode_mismatch', 8, `JWK "${jwk.kid}" declares adcp_use="${jwk.adcp_use}" but this endpoint requires "response-signing".`);
|
|
114
|
+
}
|
|
115
|
+
// Step 9: revocation. The shared revocation store throws
|
|
116
|
+
// `request_signature_revocation_stale` when its cached snapshot is past
|
|
117
|
+
// grace — re-map to the response taxonomy so callers see consistent codes.
|
|
118
|
+
try {
|
|
119
|
+
if (await options.revocationStore.isRevoked(jwk.kid)) {
|
|
120
|
+
throw new errors_1.ResponseSignatureError('response_signature_key_revoked', 9, `JWK "${jwk.kid}" is revoked.`);
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
catch (err) {
|
|
124
|
+
if (err instanceof errors_1.RequestSignatureError && err.code === 'request_signature_revocation_stale') {
|
|
125
|
+
throw new errors_1.ResponseSignatureError('response_signature_revocation_stale', 9, err.message);
|
|
126
|
+
}
|
|
127
|
+
throw err;
|
|
128
|
+
}
|
|
129
|
+
// Replay scope is `(keyid, @target-uri-of-originating-request)` — same
|
|
130
|
+
// rationale as webhook signing. A response to /adcp/get_products MUST NOT
|
|
131
|
+
// count against the replay budget for a response to /adcp/create_media_buy
|
|
132
|
+
// under the same keyid.
|
|
133
|
+
const replayScope = (0, canonicalize_1.canonicalTargetUri)(response.request.url);
|
|
134
|
+
// Step 9a: per-keyid rate abuse. Distinct code from step 12 replay — cap
|
|
135
|
+
// exhaustion is a compromised-key / misconfig signal, not "same nonce
|
|
136
|
+
// twice."
|
|
137
|
+
if (await options.replayStore.isCapHit(jwk.kid, replayScope, now)) {
|
|
138
|
+
throw new errors_1.ResponseSignatureError('response_signature_rate_abuse', 9, `Per-keyid replay cache cap exceeded for keyid=${jwk.kid}.`);
|
|
139
|
+
}
|
|
140
|
+
// Pre-check replay before crypto so a replayed nonce short-circuits an
|
|
141
|
+
// expensive Ed25519 / ECDSA verify.
|
|
142
|
+
if (await options.replayStore.has(jwk.kid, replayScope, parsedInput.params.nonce, now)) {
|
|
143
|
+
throw new errors_1.ResponseSignatureError('response_signature_replayed', 12, `Replay of (keyid=${jwk.kid}, nonce=${parsedInput.params.nonce}) within signature window.`);
|
|
144
|
+
}
|
|
145
|
+
// Step 10: cryptographic verify. Use the verbatim signatureParamsValue
|
|
146
|
+
// from the parsed input so byte-identity with what the signer sent is
|
|
147
|
+
// preserved regardless of param-order differences across SDKs.
|
|
148
|
+
const base = (0, canonicalize_1.buildResponseSignatureBase)(parsedInput.components, response, parsedInput.params, parsedInput.signatureParamsValue);
|
|
149
|
+
const publicKey = (0, crypto_1.jwkToPublicKey)(jwk);
|
|
150
|
+
const valid = (0, crypto_1.verifySignature)(parsedInput.params.alg, publicKey, Buffer.from(base, 'utf8'), parsedSig.bytes);
|
|
151
|
+
if (!valid) {
|
|
152
|
+
throw new errors_1.ResponseSignatureError('response_signature_invalid', 10, 'Cryptographic verification of response signature base failed.');
|
|
153
|
+
}
|
|
154
|
+
// Step 11: content-digest match (only when the signature covered it).
|
|
155
|
+
if (parsedInput.components.includes('content-digest')) {
|
|
156
|
+
const digestHeader = (0, canonicalize_1.getHeaderValue)(response.headers, 'Content-Digest');
|
|
157
|
+
if (!digestHeader || !(0, content_digest_1.contentDigestMatches)(digestHeader, response.body ?? '')) {
|
|
158
|
+
throw new errors_1.ResponseSignatureError('response_signature_digest_mismatch', 11, 'Content-Digest header does not match recomputed body hash.');
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
// Step 13: commit nonce. Insert AFTER every prior check passes — external
|
|
162
|
+
// traffic can't grow the cap because any signature failing at step 10
|
|
163
|
+
// never reaches this point.
|
|
164
|
+
const remaining = parsedInput.params.expires - now + types_1.CLOCK_SKEW_TOLERANCE_SECONDS;
|
|
165
|
+
const ttl = Math.max(remaining, types_1.MAX_SIGNATURE_WINDOW_SECONDS + types_1.CLOCK_SKEW_TOLERANCE_SECONDS);
|
|
166
|
+
const insertResult = await options.replayStore.insert(jwk.kid, replayScope, parsedInput.params.nonce, ttl, now);
|
|
167
|
+
if (insertResult === 'replayed') {
|
|
168
|
+
throw new errors_1.ResponseSignatureError('response_signature_replayed', 13, `Replay of (keyid=${jwk.kid}, nonce=${parsedInput.params.nonce}) within signature window.`);
|
|
169
|
+
}
|
|
170
|
+
if (insertResult === 'rate_abuse') {
|
|
171
|
+
throw new errors_1.ResponseSignatureError('response_signature_rate_abuse', 13, `Per-keyid replay cache cap exceeded on commit for keyid=${jwk.kid}.`);
|
|
172
|
+
}
|
|
173
|
+
const agent_url = options.agentUrlForKeyid?.(jwk.kid);
|
|
174
|
+
return { status: 'verified', keyid: jwk.kid, ...(agent_url !== undefined && { agent_url }), verified_at: now };
|
|
175
|
+
}
|
|
176
|
+
function requireParams(parsed) {
|
|
177
|
+
const required = ['created', 'expires', 'nonce', 'keyid', 'alg', 'tag'];
|
|
178
|
+
const missing = required.filter(k => parsed.params[k] === undefined);
|
|
179
|
+
if (missing.length) {
|
|
180
|
+
throw new errors_1.ResponseSignatureError('response_signature_params_incomplete', 2, `Signature-Input missing required parameter(s): ${missing.join(', ')}.`);
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
function validateWindow(created, expires, now) {
|
|
184
|
+
// Same shape as webhook: every window failure (expired, negative window,
|
|
185
|
+
// over-long window, created-in-future) folds to a single code. Specific
|
|
186
|
+
// subtype lives in the error message for diagnostics.
|
|
187
|
+
if (expires <= created) {
|
|
188
|
+
throw new errors_1.ResponseSignatureError('response_signature_window_invalid', 5, 'Signature expires must be strictly greater than created.');
|
|
189
|
+
}
|
|
190
|
+
if (expires - created > types_1.MAX_SIGNATURE_WINDOW_SECONDS) {
|
|
191
|
+
throw new errors_1.ResponseSignatureError('response_signature_window_invalid', 5, `Signature window exceeds ${types_1.MAX_SIGNATURE_WINDOW_SECONDS}s maximum.`);
|
|
192
|
+
}
|
|
193
|
+
if (now < created - types_1.CLOCK_SKEW_TOLERANCE_SECONDS) {
|
|
194
|
+
throw new errors_1.ResponseSignatureError('response_signature_window_invalid', 5, 'Signature created is in the future beyond skew tolerance.');
|
|
195
|
+
}
|
|
196
|
+
if (now > expires + types_1.CLOCK_SKEW_TOLERANCE_SECONDS) {
|
|
197
|
+
throw new errors_1.ResponseSignatureError('response_signature_window_invalid', 5, 'Signature is expired.');
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
function validateCoveredComponents(components, body) {
|
|
201
|
+
for (const mandatory of types_1.RESPONSE_MANDATORY_COMPONENTS) {
|
|
202
|
+
if (!components.includes(mandatory)) {
|
|
203
|
+
throw new errors_1.ResponseSignatureError('response_signature_components_incomplete', 6, `Covered components must include "${mandatory}".`);
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
// When the response carries a body, `content-digest` coverage is required
|
|
207
|
+
// — an unbound body is the cross-purpose footgun the signer's default
|
|
208
|
+
// opt-out behavior is designed to prevent. The signer omits
|
|
209
|
+
// content-digest only when the body is empty (e.g. 204 No Content); the
|
|
210
|
+
// verifier mirrors that envelope.
|
|
211
|
+
const hasBody = (body ?? '').length > 0;
|
|
212
|
+
if (hasBody && !components.includes('content-digest')) {
|
|
213
|
+
throw new errors_1.ResponseSignatureError('response_signature_components_incomplete', 6, 'Response carries a body but "content-digest" is not in covered components.');
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
/**
|
|
217
|
+
* Syntactic validation of the originating-request `@target-uri` value. Four
|
|
218
|
+
* failure modes mirror the webhook verifier:
|
|
219
|
+
* - URL doesn't parse at all.
|
|
220
|
+
* - Scheme is not https (response signatures bound to http will fail
|
|
221
|
+
* strict-HTTPS verifier profiles; loopback hosts are exempt for local
|
|
222
|
+
* test mock servers).
|
|
223
|
+
* - Authority contains userinfo — credentials don't belong in a signed URI.
|
|
224
|
+
* - URL carries a fragment — fragments are client-side and never transmitted.
|
|
225
|
+
*
|
|
226
|
+
* Each throws `response_target_uri_malformed`. The error message names the
|
|
227
|
+
* failure reason.
|
|
228
|
+
*/
|
|
229
|
+
function validateTargetUri(rawUrl) {
|
|
230
|
+
let url;
|
|
231
|
+
try {
|
|
232
|
+
url = new URL(rawUrl);
|
|
233
|
+
}
|
|
234
|
+
catch {
|
|
235
|
+
throw new errors_1.ResponseSignatureError('response_target_uri_malformed', 6, `@target-uri "${rawUrl}" is not a parseable URL.`);
|
|
236
|
+
}
|
|
237
|
+
if (url.protocol !== 'https:' && !isLoopbackHost(url.hostname)) {
|
|
238
|
+
throw new errors_1.ResponseSignatureError('response_target_uri_malformed', 6, `@target-uri must use https; got "${url.protocol}" in "${rawUrl}".`);
|
|
239
|
+
}
|
|
240
|
+
if (url.username || url.password) {
|
|
241
|
+
throw new errors_1.ResponseSignatureError('response_target_uri_malformed', 6, '@target-uri must not embed userinfo.');
|
|
242
|
+
}
|
|
243
|
+
if (url.hash) {
|
|
244
|
+
throw new errors_1.ResponseSignatureError('response_target_uri_malformed', 6, '@target-uri must not carry a fragment.');
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
function isLoopbackHost(hostname) {
|
|
248
|
+
if (!hostname)
|
|
249
|
+
return false;
|
|
250
|
+
const normalized = hostname.toLowerCase();
|
|
251
|
+
return normalized === 'localhost' || normalized === '::1' || normalized.startsWith('127.');
|
|
252
|
+
}
|
|
253
|
+
/**
|
|
254
|
+
* Create a bound response-signature verifier with shared replay and
|
|
255
|
+
* revocation stores. Mirrors {@link createWebhookVerifier} for the response
|
|
256
|
+
* profile.
|
|
257
|
+
*
|
|
258
|
+
* **Why a factory?** Replay detection requires the same store instance to
|
|
259
|
+
* be consulted across every response. Constructing stores inside a
|
|
260
|
+
* per-response call would silently defeat replay dedup. The factory pattern
|
|
261
|
+
* captures stores in closure scope at wire-up time.
|
|
262
|
+
*
|
|
263
|
+
* **Multi-replica deployments MUST pass an explicit `replayStore`** backed
|
|
264
|
+
* by a shared persistence layer.
|
|
265
|
+
*/
|
|
266
|
+
function createResponseVerifier(options) {
|
|
267
|
+
const replayStore = options.replayStore ?? new replay_1.InMemoryReplayStore();
|
|
268
|
+
const revocationStore = options.revocationStore ?? new revocation_1.InMemoryRevocationStore();
|
|
269
|
+
return (response) => verifyResponseSignature(response, { ...options, replayStore, revocationStore });
|
|
270
|
+
}
|
|
271
|
+
//# sourceMappingURL=response-verifier.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"response-verifier.js","sourceRoot":"","sources":["../../../src/lib/signing/response-verifier.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;;AAwDH,0DA0MC;AAyJD,wDAMC;AA/ZD,iDAAmH;AACnH,qDAAwD;AACxD,qCAAyE;AACzE,qCAA0F;AAC1F,qCAA2D;AAE3D,qCAAiE;AACjE,6CAA6E;AAC7E,mCAMiB;AAyBjB;;;;;;;;;;;;;;GAcG;AACI,KAAK,UAAU,uBAAuB,CAC3C,QAAsB,EACtB,OAA8B;IAE9B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACxE,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,4BAAoB,CAAC;IAEhE,yEAAyE;IACzE,MAAM,cAAc,GAAG,IAAA,6BAAc,EAAC,QAAQ,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,IAAA,6BAAc,EAAC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAChE,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC;QAClC,MAAM,IAAI,+BAAsB,CAC9B,qCAAqC,EACrC,CAAC,EACD,2DAA2D,CAC5D,CAAC;IACJ,CAAC;IACD,IAAI,WAAiC,CAAC;IACtC,IAAI,SAA4C,CAAC;IACjD,IAAI,CAAC;QACH,WAAW,GAAG,IAAA,4BAAmB,EAAC,cAAc,CAAC,CAAC;QAClD,SAAS,GAAG,IAAA,uBAAc,EAAC,SAAS,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,+BAAsB,CAC9B,qCAAqC,EACrC,CAAC,EACD,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CACjD,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,aAAa,CAAC,WAAW,CAAC,CAAC;IAE3B,qBAAqB;IACrB,IAAI,WAAW,CAAC,MAAM,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;QAC3C,MAAM,IAAI,+BAAsB,CAC9B,gCAAgC,EAChC,CAAC,EACD,0BAA0B,WAAW,WAAW,WAAW,CAAC,MAAM,CAAC,GAAG,IAAI,CAC3E,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,IAAI,CAAC,oBAAY,CAAC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,+BAAsB,CAC9B,oCAAoC,EACpC,CAAC,EACD,kBAAkB,WAAW,CAAC,MAAM,CAAC,GAAG,iCAAiC,CAC1E,CAAC;IACJ,CAAC;IAED,wBAAwB;IACxB,cAAc,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAE5E,8EAA8E;IAC9E,yBAAyB,CAAC,WAAW,CAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAEjE,uEAAuE;IACvE,kEAAkE;IAClE,uEAAuE;IACvE,qEAAqE;IACrE,iDAAiD;IACjD,EAAE;IACF,uEAAuE;IACvE,uEAAuE;IACvE,qEAAqE;IACrE,sEAAsE;IACtE,gEAAgE;IAChE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAExC,yBAAyB;IACzB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjE,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,+BAAsB,CAC9B,gCAAgC,EAChC,CAAC,EACD,2BAA2B,WAAW,CAAC,MAAM,CAAC,KAAK,IAAI,CACxD,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,GAAG,KAAK,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACzC,MAAM,IAAI,+BAAsB,CAC9B,gCAAgC,EAChC,CAAC,EACD,2CAA2C,GAAG,CAAC,GAAG,qCAAqC,WAAW,CAAC,MAAM,CAAC,KAAK,IAAI,CACpH,CAAC;IACJ,CAAC;IAED,6DAA6D;IAC7D,EAAE;IACF,wEAAwE;IACxE,sEAAsE;IACtE,kEAAkE;IAClE,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,+BAAsB,CAC9B,wCAAwC,EACxC,CAAC,EACD,QAAQ,GAAG,CAAC,GAAG,oDAAoD,CACpE,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,kBAAkB,EAAE,CAAC;QACxC,MAAM,IAAI,+BAAsB,CAC9B,wBAAwB,EACxB,CAAC,EACD,QAAQ,GAAG,CAAC,GAAG,wBAAwB,GAAG,CAAC,QAAQ,kDAAkD,CACtG,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,wEAAwE;IACxE,2EAA2E;IAC3E,IAAI,CAAC;QACH,IAAI,MAAM,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,+BAAsB,CAAC,gCAAgC,EAAE,CAAC,EAAE,QAAQ,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC;QACxG,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,8BAAqB,IAAI,GAAG,CAAC,IAAI,KAAK,oCAAoC,EAAE,CAAC;YAC9F,MAAM,IAAI,+BAAsB,CAAC,qCAAqC,EAAE,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAC1F,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,uEAAuE;IACvE,0EAA0E;IAC1E,2EAA2E;IAC3E,wBAAwB;IACxB,MAAM,WAAW,GAAG,IAAA,iCAAkB,EAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE7D,yEAAyE;IACzE,sEAAsE;IACtE,UAAU;IACV,IAAI,MAAM,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,EAAE,GAAG,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,+BAAsB,CAC9B,+BAA+B,EAC/B,CAAC,EACD,iDAAiD,GAAG,CAAC,GAAG,GAAG,CAC5D,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,oCAAoC;IACpC,IAAI,MAAM,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,EAAE,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;QACvF,MAAM,IAAI,+BAAsB,CAC9B,6BAA6B,EAC7B,EAAE,EACF,oBAAoB,GAAG,CAAC,GAAG,WAAW,WAAW,CAAC,MAAM,CAAC,KAAK,4BAA4B,CAC3F,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,sEAAsE;IACtE,+DAA+D;IAC/D,MAAM,IAAI,GAAG,IAAA,yCAA0B,EACrC,WAAW,CAAC,UAAU,EACtB,QAAQ,EACR,WAAW,CAAC,MAAM,EAClB,WAAW,CAAC,oBAAoB,CACjC,CAAC;IACF,MAAM,SAAS,GAAG,IAAA,uBAAc,EAAC,GAAG,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,IAAA,wBAAe,EAAC,WAAW,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;IAC7G,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,+BAAsB,CAC9B,4BAA4B,EAC5B,EAAE,EACF,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,WAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACtD,MAAM,YAAY,GAAG,IAAA,6BAAc,EAAC,QAAQ,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QACxE,IAAI,CAAC,YAAY,IAAI,CAAC,IAAA,qCAAoB,EAAC,YAAY,EAAE,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;YAC9E,MAAM,IAAI,+BAAsB,CAC9B,oCAAoC,EACpC,EAAE,EACF,4DAA4D,CAC7D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,4BAA4B;IAC5B,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,OAAO,GAAG,GAAG,GAAG,oCAA4B,CAAC;IAClF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,oCAA4B,GAAG,oCAA4B,CAAC,CAAC;IAC7F,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,EAAE,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IAChH,IAAI,YAAY,KAAK,UAAU,EAAE,CAAC;QAChC,MAAM,IAAI,+BAAsB,CAC9B,6BAA6B,EAC7B,EAAE,EACF,oBAAoB,GAAG,CAAC,GAAG,WAAW,WAAW,CAAC,MAAM,CAAC,KAAK,4BAA4B,CAC3F,CAAC;IACJ,CAAC;IACD,IAAI,YAAY,KAAK,YAAY,EAAE,CAAC;QAClC,MAAM,IAAI,+BAAsB,CAC9B,+BAA+B,EAC/B,EAAE,EACF,2DAA2D,GAAG,CAAC,GAAG,GAAG,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACtD,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC;AACjH,CAAC;AAED,SAAS,aAAa,CAAC,MAA4B;IACjD,MAAM,QAAQ,GAAgD,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;IACrH,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IACrE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,IAAI,+BAAsB,CAC9B,sCAAsC,EACtC,CAAC,EACD,kDAAkD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACxE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,OAAe,EAAE,GAAW;IACnE,yEAAyE;IACzE,wEAAwE;IACxE,sDAAsD;IACtD,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;QACvB,MAAM,IAAI,+BAAsB,CAC9B,mCAAmC,EACnC,CAAC,EACD,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,GAAG,OAAO,GAAG,oCAA4B,EAAE,CAAC;QACrD,MAAM,IAAI,+BAAsB,CAC9B,mCAAmC,EACnC,CAAC,EACD,4BAA4B,oCAA4B,YAAY,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,GAAG,OAAO,GAAG,oCAA4B,EAAE,CAAC;QACjD,MAAM,IAAI,+BAAsB,CAC9B,mCAAmC,EACnC,CAAC,EACD,2DAA2D,CAC5D,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,GAAG,OAAO,GAAG,oCAA4B,EAAE,CAAC;QACjD,MAAM,IAAI,+BAAsB,CAAC,mCAAmC,EAAE,CAAC,EAAE,uBAAuB,CAAC,CAAC;IACpG,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAAC,UAAoB,EAAE,IAAwB;IAC/E,KAAK,MAAM,SAAS,IAAI,qCAA6B,EAAE,CAAC;QACtD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,+BAAsB,CAC9B,0CAA0C,EAC1C,CAAC,EACD,oCAAoC,SAAS,IAAI,CAClD,CAAC;QACJ,CAAC;IACH,CAAC;IACD,0EAA0E;IAC1E,sEAAsE;IACtE,4DAA4D;IAC5D,wEAAwE;IACxE,kCAAkC;IAClC,MAAM,OAAO,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IACxC,IAAI,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,+BAAsB,CAC9B,0CAA0C,EAC1C,CAAC,EACD,4EAA4E,CAC7E,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,iBAAiB,CAAC,MAAc;IACvC,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,+BAAsB,CAC9B,+BAA+B,EAC/B,CAAC,EACD,gBAAgB,MAAM,2BAA2B,CAClD,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,+BAAsB,CAC9B,+BAA+B,EAC/B,CAAC,EACD,oCAAoC,GAAG,CAAC,QAAQ,SAAS,MAAM,IAAI,CACpE,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,+BAAsB,CAAC,+BAA+B,EAAE,CAAC,EAAE,sCAAsC,CAAC,CAAC;IAC/G,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,MAAM,IAAI,+BAAsB,CAAC,+BAA+B,EAAE,CAAC,EAAE,wCAAwC,CAAC,CAAC;IACjH,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAC1C,OAAO,UAAU,KAAK,WAAW,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAC7F,CAAC;AA4BD;;;;;;;;;;;;GAYG;AACH,SAAgB,sBAAsB,CACpC,OAAsC;IAEtC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,4BAAmB,EAAE,CAAC;IACrE,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,IAAI,oCAAuB,EAAE,CAAC;IACjF,OAAO,CAAC,QAAsB,EAAE,EAAE,CAAC,uBAAuB,CAAC,QAAQ,EAAE,EAAE,GAAG,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC,CAAC;AACrH,CAAC"}
|
|
@@ -8,10 +8,11 @@
|
|
|
8
8
|
* capability cache). The aggregate `@adcp/sdk/signing` barrel re-exports
|
|
9
9
|
* both for back-compat.
|
|
10
10
|
*/
|
|
11
|
-
export { buildSignatureBase, canonicalAuthority, canonicalMethod, canonicalTargetUri, formatSignatureParams, getHeaderValue, type RequestLike, type SignatureParams, } from './canonicalize';
|
|
11
|
+
export { buildResponseSignatureBase, buildSignatureBase, canonicalAuthority, canonicalMethod, canonicalTargetUri, formatSignatureParams, getHeaderValue, type RequestLike, type ResponseLike, type SignatureParams, } from './canonicalize';
|
|
12
12
|
export { computeContentDigest, contentDigestMatches, parseContentDigest } from './content-digest';
|
|
13
|
+
export { requestContextFromExpress, requestContextFromFetch, requestContextFromLambda, type ExpressRequestLike, type FetchRequestLike, type LambdaRequestEvent, type RequestContextFromExpressOptions, type RequestContextFromLambdaOptions, } from './request-context';
|
|
13
14
|
export { jwkToPublicKey, verifySignature } from './crypto';
|
|
14
|
-
export { RequestSignatureError, type RequestSignatureErrorCode, WebhookSignatureError, type WebhookSignatureErrorCode, } from './errors';
|
|
15
|
+
export { RequestSignatureError, type RequestSignatureErrorCode, ResponseSignatureError, type ResponseSignatureErrorCode, WebhookSignatureError, type WebhookSignatureErrorCode, } from './errors';
|
|
15
16
|
export { StaticJwksResolver, type JwksResolver } from './jwks';
|
|
16
17
|
export { HttpsJwksResolver, type HttpsJwksResolverOptions } from './jwks-https';
|
|
17
18
|
export { BrandJsonJwksResolver, BrandJsonResolverError, type BrandAgentType, type BrandJsonJwksResolverOptions, type BrandJsonResolverErrorCode, } from './brand-jwks';
|
|
@@ -20,8 +21,9 @@ export { InMemoryReplayStore, type InMemoryReplayStoreOptions, type ReplayInsert
|
|
|
20
21
|
export { PostgresReplayStore, REPLAY_CACHE_MIGRATION, getReplayStoreMigration, sweepExpiredReplays, type PostgresReplayStoreOptions, type SweepExpiredReplaysOptions, } from './postgres-replay-store';
|
|
21
22
|
export { InMemoryRevocationStore, type RevocationStore } from './revocation';
|
|
22
23
|
export { HttpsRevocationStore, type HttpsRevocationStoreOptions } from './revocation-https';
|
|
23
|
-
export { ALLOWED_ALGS, CLOCK_SKEW_TOLERANCE_SECONDS, MANDATORY_COMPONENTS, MAX_SIGNATURE_WINDOW_SECONDS, REQUEST_SIGNING_TAG, type AdcpJsonWebKey, type ContentDigestPolicy, type RevocationSnapshot, type VerifiedSigner, type VerifierCapability, type VerifyResult, } from './types';
|
|
24
|
+
export { ALLOWED_ALGS, CLOCK_SKEW_TOLERANCE_SECONDS, MANDATORY_COMPONENTS, MAX_SIGNATURE_WINDOW_SECONDS, REQUEST_SIGNING_TAG, RESPONSE_MANDATORY_COMPONENTS, RESPONSE_SIGNING_TAG, type AdcpJsonWebKey, type ContentDigestPolicy, type RevocationSnapshot, type VerifiedSigner, type VerifierCapability, type VerifyResult, } from './types';
|
|
24
25
|
export { verifyRequestSignature, type VerifyRequestOptions } from './verifier';
|
|
26
|
+
export { createResponseVerifier, verifyResponseSignature, type CreateResponseVerifierOptions, type VerifyResponseOptions, type VerifyResponseResult, } from './response-verifier';
|
|
25
27
|
export { createWebhookVerifier, verifyWebhookSignature, WEBHOOK_MANDATORY_COMPONENTS, WEBHOOK_SIGNING_TAG, type CreateWebhookVerifierOptions, type VerifyWebhookOptions, type VerifyWebhookResult, } from './webhook-verifier';
|
|
26
28
|
export { createExpressVerifier, type ExpressLike, type ExpressMiddlewareOptions } from './middleware';
|
|
27
29
|
export { resolveAgent, getAgentJwks, createAgentJwksSet, AgentResolverError, attackerInfluencedFields, ATTACKER_INFLUENCED, readBrandJsonUrl, readIdentityPosture, type AgentResolution, type AgentProtocol, type AgentResolverErrorCode, type AgentResolverErrorDetail, type AgentEntry, type AgentJwksResult, type CapabilitiesWithBrandJsonUrl, type CreateAgentJwksSetOptions, type FetchCapabilitiesFn, type GetAgentJwksOptions, type IdentityKeyOriginPurpose, type IdentityKeyOrigins, type IdentityPosture, type ResolveAgentOptions, type TraceStep, } from './agent-resolver';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,KAAK,WAAW,EAChB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EACL,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,qBAAqB,EACrB,KAAK,yBAAyB,GAC/B,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,MAAM,QAAQ,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,KAAK,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAChF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,cAAc,EACnB,KAAK,4BAA4B,EACjC,KAAK,0BAA0B,GAChC,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,eAAe,EAAE,KAAK,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAChH,OAAO,EACL,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,GAChC,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,uBAAuB,EAAE,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,KAAK,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AAC5F,OAAO,EACL,YAAY,EACZ,4BAA4B,EAC5B,oBAAoB,EACpB,4BAA4B,EAC5B,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,sBAAsB,EAAE,KAAK,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,4BAA4B,EAC5B,mBAAmB,EACnB,KAAK,4BAA4B,EACjC,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,qBAAqB,EAAE,KAAK,WAAW,EAAE,KAAK,wBAAwB,EAAE,MAAM,cAAc,CAAC;AACtG,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,wBAAwB,EAC7B,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,4BAA4B,EACjC,KAAK,yBAAyB,EAC9B,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,wBAAwB,EAC7B,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,SAAS,GACf,MAAM,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EACL,0BAA0B,EAC1B,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAClG,OAAO,EACL,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,GACrC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EACL,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,sBAAsB,EACtB,KAAK,0BAA0B,EAC/B,qBAAqB,EACrB,KAAK,yBAAyB,GAC/B,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,MAAM,QAAQ,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,KAAK,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAChF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,cAAc,EACnB,KAAK,4BAA4B,EACjC,KAAK,0BAA0B,GAChC,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,eAAe,EAAE,KAAK,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAChH,OAAO,EACL,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,GAChC,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,uBAAuB,EAAE,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,KAAK,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AAC5F,OAAO,EACL,YAAY,EACZ,4BAA4B,EAC5B,oBAAoB,EACpB,4BAA4B,EAC5B,mBAAmB,EACnB,6BAA6B,EAC7B,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,sBAAsB,EAAE,KAAK,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,KAAK,6BAA6B,EAClC,KAAK,qBAAqB,EAC1B,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,4BAA4B,EAC5B,mBAAmB,EACnB,KAAK,4BAA4B,EACjC,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,qBAAqB,EAAE,KAAK,WAAW,EAAE,KAAK,wBAAwB,EAAE,MAAM,cAAc,CAAC;AACtG,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,wBAAwB,EAC7B,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,4BAA4B,EACjC,KAAK,yBAAyB,EAC9B,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,wBAAwB,EAC7B,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,SAAS,GACf,MAAM,kBAAkB,CAAC"}
|