@adcp/sdk 8.1.0-beta.6 → 8.1.0-beta.8

package/dist/lib/types/sync-creatives.d.ts

@@ -0,0 +1,2134 @@
+// AUTO-GENERATED — DO NOT EDIT.
+// Per-tool .d.ts slice for `sync_creatives`. Built from the published
+// `tools.generated.d.ts` + `core.generated.d.ts` + `enums.generated.d.ts`
+// by `scripts/generate-per-tool-types.ts`.
+//
+// Self-contained: imports nothing from the broader SDK. Adopters who
+// import only this slice pay a fraction of the tsc cost of pulling in
+// `@adcp/sdk` root — useful when strict + skipLibCheck:false adopters
+// hit memory pressure on the full surface.
+
+/**
+ * Request parameters for syncing creative assets with upsert semantics - supports bulk operations, scoped updates, and assignment management
+ */
+export interface SyncCreativesRequest {
+    /**
+     * Release-precision AdCP version (VERSION.RELEASE, e.g. "3.0", "3.1", "3.1-beta"). On a request: the buyer's release pin — the seller validates against its supported_versions and returns VERSION_UNSUPPORTED on cross-major mismatch, or downshifts to the highest supported release within the same major. On a response: the release the seller actually served — clients SHOULD validate the response against that release's schema, not against their pin. Patches are not negotiated; surface them as build_version on capabilities for operational visibility. When omitted, falls back to adcp_major_version (deprecated) or server default. Buyers SHOULD emit both adcp_version and adcp_major_version through 3.x to remain compatible with sellers that only read the legacy field. NORMALIZATION: SDKs that read full-semver values from bundle metadata (e.g. ComplianceIndex.published_version = "3.1.0-beta.1") MUST normalize to release-precision ("3.1-beta.1") before emitting on the wire — meta-field values are NOT valid wire values.
+     */
+    adcp_version?: string;
+    /**
+     * DEPRECATED in favor of adcp_version (release-precision string). Servers MUST continue to honor this field through 3.x. Removed in 4.0. Original semantics: the AdCP major version the buyer's payloads conform to. Sellers validate against their supported major_versions and return VERSION_UNSUPPORTED if unsupported. When omitted, the seller assumes its highest supported version.
+     */
+    adcp_major_version?: number;
+    account: AccountReference;
+    /**
+     * Array of creative assets to sync (create or update)
+     */
+    creatives: CreativeAsset[];
+    /**
+     * Optional filter to limit sync scope to specific creative IDs. When provided, only these creatives will be created/updated. Other creatives in the library are unaffected. Useful for partial updates and error recovery.
+     */
+    creative_ids?: string[];
+    /**
+     * Optional bulk assignment of creatives to packages. Each entry maps one creative to one package with optional weight and placement targeting. Standalone creative agents that do not manage media buys ignore this field.
+     */
+    assignments?: {
+        /**
+         * ID of the creative to assign
+         */
+        creative_id: string;
+        /**
+         * ID of the package to assign the creative to
+         */
+        package_id: string;
+        /**
+         * Relative delivery weight (0-100). When multiple creatives are assigned to the same package, weights determine impression distribution proportionally. When omitted, the creative receives equal rotation with other unweighted creatives. A weight of 0 means the creative is assigned but paused (receives no delivery).
+         * @minimum 0
+         * @maximum 100
+         */
+        weight?: number;
+        /**
+         * Restrict this creative to specific placements within the package. When omitted, the creative is eligible for all placements.
+         */
+        placement_ids?: string[];
+    }[];
+    /**
+     * Client-generated idempotency key for safe retries. If a sync fails without a response, resending with the same idempotency_key guarantees at-most-once execution. MUST be unique per (seller, request) pair to prevent cross-seller correlation. Use a fresh UUID v4 for each request.
+     * @minLength 16
+     * @maxLength 255
+     * @pattern ^[A-Za-z0-9_.:-]{16,255}$
+     */
+    idempotency_key: string;
+    /**
+     * When true, creatives not included in this sync will be archived. Use with caution for full library replacement. Invalid when creative_ids is provided — delete_missing applies to the entire library scope, not a filtered subset.
+     */
+    delete_missing?: boolean;
+    /**
+     * When true, preview changes without applying them. Returns what would be created/updated/deleted.
+     */
+    dry_run?: boolean;
+    validation_mode?: ValidationMode;
+    push_notification_config?: PushNotificationConfig;
+    context?: ContextObject;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Response from creative sync operation. Exactly one of three shapes: (1) synchronous success — per-creative results in the creatives array (best-effort processing with per-item status/failures); (2) terminal failure — errors array with no creatives processed; (3) submitted task envelope — status 'submitted' with task_id when the whole operation is queued (batch ingestion, async review that must settle before per-item results can be issued). The submitted branch MAY carry advisory errors for non-blocking warnings; terminal failures belong in the error branch. Final per-item results land on the task completion artifact, not this envelope. These three shapes are mutually exclusive — a response has exactly one.
+ */
+export type SyncCreativesResponse = {
+    /**
+     * Session/conversation identifier for tracking related operations across multiple task invocations. Managed by the protocol layer to maintain conversational context. Distinct from `context` (per-request opaque echo, see below).
+     */
+    context_id?: string;
+    context?: ContextObject;
+    /**
+     * Unique identifier for tracking asynchronous operations. Present when a task requires extended processing time. Used to query task status and retrieve results when complete.
+     */
+    task_id?: string;
+    status: TaskStatus;
+    /**
+     * Human-readable summary of the task result. Provides natural language explanation of what happened, suitable for display to end users or for AI agent comprehension. Generated by the protocol layer based on the task response.
+     */
+    message?: string;
+    /**
+     * ISO 8601 timestamp when the response was generated. Useful for debugging, logging, cache validation, and tracking async operation progress.
+     */
+    timestamp?: string;
+    /**
+     * Set to true when this response was returned from the idempotency cache rather than from a fresh execution. Set to false (or omitted) when the request was executed fresh. Buyers use this to distinguish cached replays from new executions — matters for billing reconciliation, audit logs, state-machine routing (cached state-tracking fields are historical snapshots, not current state — re-read via the resource's read endpoint), and any downstream system that assumes exactly-once event semantics. From 3.1 onward, `replayed` MAY appear on responses to any request that resolved via the idempotency cache, including read tools — universal `idempotency_key` (see security.mdx §Idempotency) means the cache holds read responses too.
+     */
+    replayed?: boolean;
+    adcp_error?: Error;
+    push_notification_config?: PushNotificationConfig;
+    /**
+     * Governance context token issued by the account's governance agent during check_governance. Buyers attach it to governed purchase requests (media buys, rights acquisitions, signal activations, creative services); sellers persist it and include it on all subsequent governance calls for that action's lifecycle. An account binds to one governance agent (see sync_governance); governance is phased across `purchase` / `modification` / `delivery`, not partitioned across specialist agents, so the envelope carries a single token for the full lifecycle.
+     *
+     * Value format: governance agents MUST emit a compact JWS per the AdCP JWS profile (see Security — Signed Governance Context). Sellers MAY verify; sellers that do not verify MUST persist and forward the token unchanged. In 3.1 all sellers MUST verify. Non-JWS values from pre-3.0 governance agents are deprecated.
+     *
+     * This is the primary correlation key for audit and reporting across the governance lifecycle.
+     */
+    governance_context?: string;
+    /**
+     * Conceptual grouping for the task-specific response data defined by individual task response schemas (e.g., get-products-response.json, create-media-buy-response.json). `payload` is a documentary construct — it is NOT a required wire field, and its on-the-wire shape depends on transport (see Transport serialization below). Task response schemas declare body fields without wrapping them in a `payload` object; the wire representation places those body fields per transport convention. On MCP the body fields appear as siblings of envelope fields at the root of the tool response; on A2A they appear inside `task.artifacts[0].parts[].DataPart`; on REST they appear at the root of the JSON body.
+     */
+    payload?: {};
+    /**
+     * Release-precision AdCP version (VERSION.RELEASE, e.g. "3.0", "3.1", "3.1-beta"). On a request: the buyer's release pin — the seller validates against its supported_versions and returns VERSION_UNSUPPORTED on cross-major mismatch, or downshifts to the highest supported release within the same major. On a response: the release the seller actually served — clients SHOULD validate the response against that release's schema, not against their pin. Patches are not negotiated; surface them as build_version on capabilities for operational visibility. When omitted, falls back to adcp_major_version (deprecated) or server default. Buyers SHOULD emit both adcp_version and adcp_major_version through 3.x to remain compatible with sellers that only read the legacy field. NORMALIZATION: SDKs that read full-semver values from bundle metadata (e.g. ComplianceIndex.published_version = "3.1.0-beta.1") MUST normalize to release-precision ("3.1-beta.1") before emitting on the wire — meta-field values are NOT valid wire values.
+     */
+    adcp_version?: string;
+    /**
+     * DEPRECATED in favor of adcp_version (release-precision string). Servers MUST continue to honor this field through 3.x. Removed in 4.0. Original semantics: the AdCP major version the buyer's payloads conform to. Sellers validate against their supported major_versions and return VERSION_UNSUPPORTED if unsupported. When omitted, the seller assumes its highest supported version.
+     */
+    adcp_major_version?: number;
+} & (SyncCreativesSuccess | SyncCreativesError | SyncCreativesSubmitted);
+
+/**
+ * Success response - sync operation processed creatives (may include per-item failures)
+ */
+export interface SyncCreativesSuccess {
+    /**
+     * Whether this was a dry run (no actual changes made)
+     */
+    dry_run?: boolean;
+    /**
+     * Results for each creative processed. Items with action='failed' indicate per-item validation/processing failures, not operation-level failures.
+     */
+    creatives: {
+        /**
+         * Creative ID from the request
+         */
+        creative_id: string;
+        account?: Account;
+        action: CreativeAction;
+        status?: CreativeStatus;
+        /**
+         * Platform-specific ID assigned to the creative
+         */
+        platform_id?: string;
+        /**
+         * Field names that were modified (only present when action='updated')
+         */
+        changes?: string[];
+        /**
+         * Validation or processing errors (only present when action='failed')
+         */
+        errors?: Error[];
+        /**
+         * Non-fatal warnings about this creative
+         */
+        warnings?: string[];
+        /**
+         * Preview URL for generative creatives (only present for generative formats)
+         */
+        preview_url?: string;
+        /**
+         * ISO 8601 timestamp when preview link expires (only present when preview_url exists)
+         * @format date-time
+         */
+        expires_at?: string;
+        /**
+         * Package IDs this creative was successfully assigned to (only present when assignments were requested)
+         */
+        assigned_to?: string[];
+        /**
+         * Assignment errors by package ID (only present when assignment failures occurred)
+         */
+        assignment_errors?: {
+            /**
+             * Error message for this package assignment
+             *
+             * This interface was referenced by `undefined`'s JSON-Schema definition
+             * via the `patternProperty` "^[a-zA-Z0-9_-]+$".
+             */
+            [k: string]: string | undefined;
+        };
+    }[];
+    /**
+     * When true, this response contains simulated data from sandbox mode.
+     */
+    sandbox?: boolean;
+    context?: ContextObject;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Error response - operation failed completely, no creatives were processed
+ */
+export interface SyncCreativesError {
+    /**
+     * Operation-level errors that prevented processing any creatives (e.g., authentication failure, service unavailable, invalid request format)
+     */
+    errors: Error[];
+    context?: ContextObject;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Async task envelope returned when the whole sync operation cannot be confirmed before the response is emitted — for example, when the seller batches ingestion, when async review must settle before per-item results can be issued, or when governance review gates the sync. The buyer polls tasks/get with task_id or receives a webhook when the task completes; the creatives array with per-item action/status lands on the completion artifact, not this envelope. Per-item async review (an item in pending_review while the rest of the sync resolves synchronously) belongs on the SyncCreativesSuccess branch with status: pending_review, not here.
+ */
+export interface SyncCreativesSubmitted {
+    /**
+     * Task-level status literal. Discriminates this async envelope from the synchronous success shape, whose creatives array carries per-item approval state via CreativeStatus. See task-status.json for the full task-status enum.
+     */
+    status: 'submitted';
+    /**
+     * Task handle the buyer uses with tasks/get, and that the seller references on push-notification callbacks. The creatives array is issued on the completion artifact, not here. Per AdCP wire conventions this is snake_case; A2A adapters MAY surface it as taskId, but the payload field emitted by the agent is task_id.
+     */
+    task_id: string;
+    /**
+     * Optional human-readable explanation of why the task is submitted — e.g., 'Batch ingestion queued; typical turnaround 15-30 minutes.' Plain text only. Buyers MUST treat this as untrusted seller input: escape before rendering to HTML UIs, and sanitize or isolate before passing to an LLM prompt context — a hostile seller may inject prompt-injection payloads aimed at the buyer's agent.
+     * @maxLength 2000
+     */
+    message?: string;
+    /**
+     * Optional advisory errors accompanying the submitted envelope. Use only for non-blocking warnings (e.g., throttled_severity advisories, governance observations). Terminal failures belong in the error branch, not here.
+     */
+    errors?: Error[];
+    context?: ContextObject;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Account billed for this media buy. Includes advertiser, billing proxy (if any), and rate card applied.
+ */
+export interface Account {
+    /**
+     * Unique identifier for this account
+     */
+    account_id: string;
+    /**
+     * Human-readable account name (e.g., 'Acme', 'Acme c/o Pinnacle')
+     */
+    name: string;
+    /**
+     * The advertiser whose rates apply to this account
+     */
+    advertiser?: string;
+    /**
+     * Optional intermediary who receives invoices on behalf of the advertiser (e.g., agency)
+     */
+    billing_proxy?: string;
+    status: AccountStatus;
+    brand?: BrandReference;
+    /**
+     * Domain of the entity operating this account. When the brand operates directly, this is the brand's domain.
+     * @pattern ^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$
+     */
+    operator?: string;
+    billing?: BillingParty;
+    billing_entity?: BusinessEntity;
+    /**
+     * Identifier for the rate card applied to this account
+     */
+    rate_card?: string;
+    payment_terms?: PaymentTerms;
+    /**
+     * Maximum outstanding balance allowed
+     */
+    credit_limit?: {
+        /**
+         * @minimum 0
+         */
+        amount: number;
+        /**
+         * @pattern ^[A-Z]{3}$
+         */
+        currency: string;
+    };
+    /**
+     * Present when status is 'pending_approval'. Contains next steps for completing account activation.
+     */
+    setup?: {
+        /**
+         * URL where the human can complete the required action (credit application, legal agreement, add funds).
+         */
+        url?: string;
+        /**
+         * Human-readable description of what's needed.
+         */
+        message: string;
+        /**
+         * When this setup link expires.
+         * @format date-time
+         */
+        expires_at?: string;
+    };
+    account_scope?: AccountScope;
+    /**
+     * Governance agent endpoint registered on this account. Exactly one entry per sync_governance's one-agent-per-account invariant. The array shape is preserved for wire compatibility with 3.0; `maxItems: 1` is load-bearing and mirrors the singular `governance_context` on the protocol envelope. Authentication credentials are write-only and not included in responses — use sync_governance to set or update credentials.
+     */
+    governance_agents?: {
+        /**
+         * Governance agent endpoint URL. Must use HTTPS.
+         * @pattern ^https:\/\/
+         */
+        url: string;
+    }[];
+    /**
+     * Cloud storage bucket where the seller delivers offline reporting files for this account. Seller provisions a dedicated bucket or a per-account prefix within a shared bucket, and grants the buyer read access out-of-band. Access MUST be scoped at the IAM layer so each account can only read its own prefix — bucket-wide grants are non-compliant even with per-account prefixes. Seller MUST revoke access when the account's status transitions to inactive, suspended, or closed. See security considerations for offline delivery in docs/media-buy/media-buys/optimization-reporting. Only present when the seller supports offline delivery (reporting_delivery_methods includes 'offline' in capabilities).
+     */
+    reporting_bucket?: {
+        protocol: CloudStorageProtocol;
+        /**
+         * Bucket or container name
+         * @minLength 3
+         * @maxLength 63
+         * @pattern ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$
+         */
+        bucket: string;
+        /**
+         * Path prefix within the bucket. Seller appends date-based partitioning beneath this prefix.
+         * @maxLength 512
+         * @pattern ^[a-zA-Z0-9\/_.-]+$
+         */
+        prefix?: string;
+        /**
+         * Cloud region for the bucket
+         * @maxLength 64
+         * @pattern ^[a-z0-9-]+$
+         */
+        region?: string;
+        /**
+         * File format for delivered files. Parquet, Avro, and ORC use internal compression (the top-level compression field is ignored for these formats).
+         */
+        format?: 'jsonl' | 'csv' | 'parquet' | 'avro' | 'orc';
+        /**
+         * Compression applied to delivered files
+         */
+        compression?: 'gzip' | 'none';
+        /**
+         * How long reporting files are retained in the bucket before deletion. Buyers must read files within this window. Minimum recommended: 14 days.
+         * @minimum 1
+         */
+        file_retention_days: number;
+        /**
+         * URL to documentation for configuring buyer read access to this bucket (IAM role, service account, etc.). Operator-facing documentation — buyer agents MUST NOT auto-fetch this URL; surface it to a human operator. If an implementation fetches it (for preview), apply webhook URL SSRF validation and do not pass the fetched content into an LLM context without indirect-prompt-injection guarding. See docs/media-buy/media-buys/optimization-reporting#security-considerations-for-offline-delivery.
+         * @pattern ^https:\/\/
+         */
+        setup_instructions?: string;
+    };
+    /**
+     * When true, this is a sandbox account — no real platform calls, no real spend. For explicit accounts (require_operator_auth: true), sandbox accounts are pre-existing test accounts on the platform discovered via list_accounts. For implicit accounts, sandbox is part of the natural key: the same brand/operator pair can have both a production and sandbox account.
+     */
+    sandbox?: boolean;
+    /**
+     * Account-level webhook subscriptions for notifications whose lifecycle outlives any single media buy (e.g., `creative.status_changed`, `creative.purged`, wholesale feed change payloads). Distinct from `push_notification_config` on individual operations, which anchors at a per-resource scope. Buyers register and update entries via `sync_accounts`; sellers echo the applied state here on `list_accounts` reads so buyers can verify what's active. `authentication.credentials` is write-only — sellers MUST NOT echo legacy auth credentials in this response. When two or more entries register the same `event_types`, each receives an independent fire — see #3009 multi-subscriber composition.
+     */
+    notification_configs?: NotificationConfig[];
+    ext?: ExtensionObject;
+}
+
+/**
+ * Account for product lookup. Returns products with pricing specific to this account's rate card.
+ */
+export type AccountReference = {
+    /**
+     * Seller-assigned account identifier (from sync_accounts or list_accounts)
+     */
+    account_id: string;
+} | {
+    brand: BrandReference;
+    /**
+     * Domain of the entity operating on the brand's behalf. When the brand operates directly, this is the brand's domain.
+     * @pattern ^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$
+     */
+    operator: string;
+    /**
+     * When true, references the sandbox account for this brand/operator pair. Defaults to false (production account).
+     */
+    sandbox?: boolean;
+};
+
+/**
+ * How the seller scoped a billing account relative to the operator and brand dimensions.
+ */
+export type AccountScope = 'operator' | 'brand' | 'operator_brand' | 'agent';
+
+/**
+ * Account lifecycle status. See the Accounts Protocol overview for the operations matrix showing which tasks are permitted in each state.
+ */
+export type AccountStatus = 'active' | 'pending_approval' | 'rejected' | 'payment_required' | 'suspended' | 'closed';
+
+/**
+ * Canonical union of all asset variant schemas. Referenced from creative-asset.json and creative-manifest.json to ensure a single named type is emitted by schema-to-TypeScript tooling. Add new asset types here and to the creative/asset-types registry.
+ */
+export type AssetVariant = ImageAsset | VideoAsset | AudioAsset | VASTAsset | TextAsset | URLAsset | HTMLAsset | JavaScriptAsset | ZipAsset | WebhookAsset | CSSAsset | DAASTAsset | MarkdownAsset | BriefAsset | CatalogAsset | CardAsset;
+
+/**
+ * Audio asset with URL and technical specifications
+ */
+export interface AudioAsset {
+    /**
+     * Discriminator identifying this as an audio asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'audio';
+    /**
+     * URL to the audio asset
+     */
+    url: string;
+    /**
+     * Audio duration in milliseconds
+     * @minimum 0
+     */
+    duration_ms?: number;
+    /**
+     * File size in bytes
+     * @minimum 1
+     */
+    file_size_bytes?: number;
+    /**
+     * Audio container/file format (mp3, m4a, aac, wav, ogg, flac, etc.)
+     */
+    container_format?: string;
+    /**
+     * Audio codec used (aac, aac_lc, he_aac, pcm, mp3, vorbis, opus, flac, ac3, eac3, etc.)
+     */
+    codec?: string;
+    /**
+     * Sampling rate in Hz (e.g., 44100, 48000, 96000)
+     */
+    sampling_rate_hz?: number;
+    channels?: AudioChannelLayout;
+    /**
+     * Bit depth
+     */
+    bit_depth?: 16 | 24 | 32;
+    /**
+     * Bitrate in kilobits per second
+     * @minimum 1
+     */
+    bitrate_kbps?: number;
+    /**
+     * Integrated loudness in LUFS
+     */
+    loudness_lufs?: number;
+    /**
+     * True peak level in dBFS
+     */
+    true_peak_dbfs?: number;
+    /**
+     * URL to text transcript of the audio content
+     */
+    transcript_url?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * Audio channel configuration
+ */
+export type AudioChannelLayout = 'mono' | 'stereo' | '5.1' | '7.1';
+
+/**
+ * Legacy authentication schemes for the webhook auth block. Bearer: token sent in Authorization header. HMAC-SHA256: legacy shared-secret signing. Both are deprecated; new integrations SHOULD omit the authentication block and use the RFC 9421 webhook signing profile (applicable on schemas where authentication is optional). Removed in AdCP 4.0.
+ */
+export type AuthenticationScheme = 'Bearer' | 'HMAC-SHA256';
+
+/**
+ * Who is invoiced on this account. See billing_entity for the invoiced party's business details.
+ */
+export type BillingParty = 'operator' | 'agent' | 'advertiser';
+
+/**
+ * Brand identifier within the house portfolio. Optional for single-brand domains.
+ */
+export type BrandID = string;
+
+/**
+ * Brand reference for product discovery context. Resolved to full brand identity at execution time.
+ */
+export interface BrandReference {
+    /**
+     * Domain where /.well-known/brand.json is hosted, or the brand's operating domain
+     * @pattern ^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$
+     */
+    domain: string;
+    brand_id?: BrandID;
+    /**
+     * Inline override for the brand's industries. Useful when the caller cannot modify the brand's canonical brand.json but needs to declare industries for governance (e.g., Annex III vertical detection). brand.json remains the canonical source; when omitted here, governance agents SHOULD resolve from brand.json.
+     */
+    industries?: string[];
+    /**
+     * Inline override for the brand's contestation contact point. Useful when the operator does not control brand.json but needs to discharge Art 22(3) for this plan. brand.json is canonical; when omitted, governance agents resolve brand → house → missing.
+     */
+    data_subject_contestation?: {
+        [k: string]: unknown | undefined;
+    };
+    /**
+     * Inline override for brand-kit fields normally resolved from `/.well-known/brand.json` on `domain` (logo, colors, voice, tagline). Use when brand.json is missing, stale, or inappropriate for this specific call — e.g., a campaign-scoped tagline, a co-branded creative, a freshly-rebranded color palette the brand.json hasn't shipped yet. Same inline-override pattern as `industries` and `data_subject_contestation` above: brand.json is canonical, the override is per-call. Adopters needing to override fields outside this subset (`voice_attributes`, `prohibited_terms`, etc.) MUST publish a different brand.json and reference it via a different `domain` — the inline override is intentionally narrow to a small high-traffic subset.
+     *
+     * **Merge semantics (normative).** The merge is **field-level**, not whole-object replacement. Each field within `brand_kit_override` (`logo`, `colors`, `voice`, `tagline`) is evaluated independently — when a field is present on the override the override value applies; when a field is absent the brand.json value applies (or is absent if brand.json doesn't carry one either). For composite fields (`colors.primary`, `colors.secondary`, `colors.accent`), the merge is one level deeper: each color slot is evaluated independently — a producer can override `colors.primary` while still inheriting `colors.secondary` from brand.json. SDKs MUST NOT treat a present `brand_kit_override.colors` as wiping the brand.json `colors` block entirely; only the per-slot fields present in the override take precedence. Without this rule, a partial-override semantics would diverge across SDKs and produce inconsistent rendering for the same payload.
+     */
+    brand_kit_override?: {
+        logo?: ImageAsset;
+        /**
+         * Override brand colors (hex strings).
+         */
+        colors?: {
+            /**
+             * @pattern ^#[0-9a-fA-F]{6}$
+             */
+            primary?: string;
+            /**
+             * @pattern ^#[0-9a-fA-F]{6}$
+             */
+            secondary?: string;
+            /**
+             * @pattern ^#[0-9a-fA-F]{6}$
+             */
+            accent?: string;
+        };
+        /**
+         * Override brand-voice description for surface-composed text/audio output.
+         */
+        voice?: string;
+        /**
+         * Override tagline.
+         */
+        tagline?: string;
+    };
+}
+
+/**
+ * Campaign-level creative context as an asset. Carries the creative brief through the manifest so it travels with the creative through regeneration, resizing, and auditing.
+ */
+export interface BriefAsset {
+    /**
+     * Campaign or flight name for identification
+     */
+    name: string;
+    /**
+     * Campaign objective that guides creative tone and call-to-action strategy
+     */
+    objective?: 'awareness' | 'consideration' | 'conversion' | 'retention' | 'engagement';
+    /**
+     * Desired tone for this campaign, modulating the brand's base tone (e.g., 'playful and festive', 'premium and aspirational')
+     */
+    tone?: string;
+    /**
+     * Target audience description for this campaign
+     */
+    audience?: string;
+    /**
+     * Creative territory or positioning the campaign should occupy
+     */
+    territory?: string;
+    /**
+     * Messaging framework for the campaign
+     */
+    messaging?: {
+        /**
+         * Primary headline
+         */
+        headline?: string;
+        /**
+         * Supporting tagline or sub-headline
+         */
+        tagline?: string;
+        /**
+         * Call-to-action text
+         */
+        cta?: string;
+        /**
+         * Key messages to communicate in priority order
+         */
+        key_messages?: string[];
+    };
+    /**
+     * Visual and strategic reference materials such as mood boards, product shots, example creatives, and strategy documents
+     */
+    reference_assets?: ReferenceAsset[];
+    /**
+     * Regulatory and legal compliance requirements for this campaign. Campaign-specific, regional, and product-based — distinct from brand-level disclaimers in brand.json.
+     */
+    compliance?: {
+        /**
+         * Disclosures that must appear in creatives for this campaign. Each disclosure specifies the text, where it should appear, and which jurisdictions require it.
+         */
+        required_disclosures?: {
+            /**
+             * The disclosure text that must appear in the creative
+             */
+            text: string;
+            position?: DisclosurePosition;
+            /**
+             * Jurisdictions where this disclosure is required. ISO 3166-1 alpha-2 country codes or ISO 3166-2 subdivision codes (e.g., 'US', 'GB', 'US-NJ', 'CA-QC'). If omitted, the disclosure applies to all jurisdictions in the campaign.
+             */
+            jurisdictions?: string[];
+            /**
+             * The regulation or legal authority requiring this disclosure (e.g., 'SEC Rule 156', 'FCA COBS 4.5', 'FDA 21 CFR 202')
+             */
+            regulation?: string;
+            /**
+             * Minimum display duration in milliseconds. For video/audio disclosures, how long the disclosure must be visible or audible. For static formats, how long the disclosure must remain on screen before any auto-advance.
+             */
+            min_duration_ms?: number;
+            /**
+             * Language of the disclosure text as a BCP 47 language tag (e.g., 'en', 'fr-CA', 'es'). When omitted, the disclosure is assumed to match the creative's language.
+             */
+            language?: string;
+            persistence?: DisclosurePersistence;
+        }[];
+        /**
+         * Claims that must not appear in creatives for this campaign. Creative agents should ensure generated content avoids these claims.
+         */
+        prohibited_claims?: string[];
+    };
+    /**
+     * Discriminator identifying this as a brief asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'brief';
+}
+
+/**
+ * Override the account's default billing entity for this specific buy. When provided, the seller invoices this entity instead. The seller MUST validate the invoice recipient is authorized for this account. When governance_agents are configured, the seller MUST include invoice_recipient in the check_governance request.
+ */
+export interface BusinessEntity {
+    /**
+     * Registered legal name of the business entity
+     * @maxLength 200
+     */
+    legal_name: string;
+    /**
+     * VAT identification number (e.g., DE123456789 for Germany, FR12345678901 for France). Required for B2B invoicing in the EU. Must be normalized: no spaces, dots, or dashes.
+     * @pattern ^[A-Z]{2}[A-Z0-9]{2,13}$
+     */
+    vat_id?: string;
+    /**
+     * Tax identification number for jurisdictions that do not use VAT (e.g., US EIN)
+     * @maxLength 30
+     */
+    tax_id?: string;
+    /**
+     * Company registration number (e.g., HRB 12345 for German Handelsregister)
+     * @maxLength 50
+     */
+    registration_number?: string;
+    /**
+     * Postal address for invoicing and legal correspondence
+     */
+    address?: {
+        /**
+         * Street address including building number
+         * @maxLength 200
+         */
+        street: string;
+        /**
+         * @maxLength 100
+         */
+        city: string;
+        /**
+         * @maxLength 20
+         */
+        postal_code: string;
+        /**
+         * State, province, or region
+         * @maxLength 100
+         */
+        region?: string;
+        /**
+         * ISO 3166-1 alpha-2 country code
+         * @pattern ^[A-Z]{2}$
+         */
+        country: string;
+    };
+    /**
+     * Contacts for billing, legal, and operational matters. Contains personal data subject to GDPR and equivalent regulations. Implementations MUST use this data only for invoicing and account management.
+     */
+    contacts?: {
+        /**
+         * Contact's functional role in the business relationship
+         */
+        role: 'billing' | 'legal' | 'creative' | 'general';
+        /**
+         * Full name of the contact
+         * @maxLength 200
+         */
+        name?: string;
+        /**
+         * @maxLength 254
+         * @format email
+         */
+        email?: string;
+        /**
+         * @maxLength 30
+         */
+        phone?: string;
+    }[];
+    /**
+     * Bank account details for payment processing. Write-only: included in requests to provide payment coordinates, but MUST NOT be echoed in responses. Sellers store these details and confirm receipt without returning them.
+     */
+    bank?: {
+        /**
+         * Name on the bank account
+         * @maxLength 200
+         */
+        account_holder: string;
+        /**
+         * International Bank Account Number (SEPA markets)
+         * @pattern ^[A-Z]{2}[0-9]{2}[A-Z0-9]{4,30}$
+         */
+        iban?: string;
+        /**
+         * Bank Identifier Code / SWIFT code (SEPA markets)
+         * @pattern ^[A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?$
+         */
+        bic?: string;
+        /**
+         * Bank routing number for non-SEPA markets (e.g., US ABA routing number, Canadian transit/institution number)
+         * @maxLength 30
+         */
+        routing_number?: string;
+        /**
+         * Bank account number for non-SEPA markets
+         * @maxLength 30
+         */
+        account_number?: string;
+    };
+    ext?: ExtensionObject;
+}
+
+/**
+ * C2PA action classification for this watermark
+ */
+export type C2PAWatermarkAction = 'c2pa.watermarked.bound' | 'c2pa.watermarked.unbound';
+
+/**
+ * CSS stylesheet asset
+ */
+export interface CSSAsset {
+    /**
+     * Discriminator identifying this as a CSS asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'css';
+    /**
+     * CSS content
+     */
+    content: string;
+    /**
+     * CSS media query context (e.g., 'screen', 'print')
+     */
+    media?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * The v2 canonical-format-kind this v1 format projects to (`image`, `html5`, `display_tag`, `image_carousel`, `video_hosted`, `video_vast`, `audio_hosted`, `audio_daast`, `sponsored_placement`, `responsive_creative`, `agent_placement`, or `custom`).
+ */
+export type CanonicalFormatKind = 'image' | 'html5' | 'display_tag' | 'image_carousel' | 'video_hosted' | 'video_vast' | 'audio_hosted' | 'audio_daast' | 'sponsored_placement' | 'native_in_feed' | 'responsive_creative' | 'agent_placement' | 'custom';
+
+/**
+ * A single card in a multi-card creative (image_carousel, future composed carousels). Carries: `media` (an image OR video asset), optional `headline` (short text), optional `description` (longer text), optional `cta` (call-to-action label), optional `landing_page_url` (url asset with `url_type: "clickthrough"`).
+ *
+ * Covers the multi-card patterns across Meta carousel, Pinterest sponsored pin, Snap Collection, TikTok carousel, and AI-surface result cards. The two-field text shape (`headline` + `description`) reflects how almost every adopter splits short labels from longer copy; Pinterest pin description and Meta per-card description both go in `description`.
+ *
+ * Used as the array element type for the `cards` slot on image_carousel canonicals. Adopters MUST NOT invent per-card key conventions like `card_0_headline` / `cards.0.headline` — the manifest's `assets.cards` value is an array of card-asset objects, period. Per-card platform extensions (e.g., Meta-specific carousel attributes, Pinterest rich-pin metadata, Snap Collection price tags) attach via the `platform_extensions` field, never via inline non-canonical keys.
+ */
+export interface CardAsset {
+    /**
+     * Discriminator identifying this as a card asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'card';
+    /**
+     * The card's primary visual asset. Either an `image` or `video` asset, matching the parent format's `allowed_card_media_asset_types` parameter.
+     */
+    media: ImageAsset | VideoAsset;
+    /**
+     * Optional per-card short text label (typically 25-40 chars). Length governed by `card_headline_max_chars` on the format declaration. Meta carousel headline, Pinterest pin title, Snap Collection sticker text, TikTok caption-short.
+     */
+    headline?: string;
+    /**
+     * Optional per-card longer text (typically 100-500 chars). Distinct from `headline`: `description` is body copy, `headline` is the label. Length governed by `card_description_max_chars` on the format declaration. Meta carousel description, Pinterest pin description, AI-surface result body text, TikTok long caption.
+     */
+    description?: string;
+    /**
+     * Optional per-card call-to-action label (e.g., 'SHOP_NOW', 'LEARN_MORE'). When the parent format declares `cta_values` (allowed CTA labels), the per-card `cta` MUST be one of those values. Lets a Meta or TikTok carousel show different CTAs per card.
+     */
+    cta?: string;
+    landing_page_url?: URLAsset;
+    /**
+     * Per-card platform-specific extensions (URI+digest references). Same hosting model as format-level platform_extensions. Use this for Meta carousel-card attributes, Pinterest pin overrides, etc. — NEVER inline non-canonical keys on the card object directly.
+     */
+    platform_extensions?: PlatformExtensionReference[];
+    provenance?: Provenance;
+}
+
+/**
+ * A typed data feed as a creative asset. Carries catalog context (products, stores, jobs, etc.) within the manifest's assets map.
+ */
+export interface CatalogAsset {
+    /**
+     * Buyer's identifier for this catalog. Required when syncing via sync_catalogs. When used in creatives, references a previously synced catalog on the account.
+     */
+    catalog_id?: string;
+    /**
+     * Human-readable name for this catalog (e.g., 'Summer Products 2025', 'Amsterdam Store Locations').
+     */
+    name?: string;
+    type: CatalogType;
+    /**
+     * URL to an external catalog feed. The platform fetches and resolves items from this URL. For offering-type catalogs, the feed contains an array of Offering objects. For other types, the feed format is determined by feed_format. When omitted with type 'product', the platform uses its synced copy of the brand's product catalog.
+     */
+    url?: string;
+    feed_format?: FeedFormat;
+    update_frequency?: UpdateFrequency;
+    /**
+     * Inline catalog data. The item schema depends on the catalog type: Offering objects for 'offering', StoreItem for 'store', HotelItem for 'hotel', FlightItem for 'flight', JobItem for 'job', VehicleItem for 'vehicle', RealEstateItem for 'real_estate', EducationItem for 'education', DestinationItem for 'destination', AppItem for 'app', or freeform objects for 'product', 'inventory', and 'promotion'. Mutually exclusive with url — provide one or the other, not both. Implementations should validate items against the type-specific schema.
+     */
+    items?: {}[];
+    /**
+     * Filter catalog to specific item IDs. For offering-type catalogs, these are offering_id values. For product-type catalogs, these are SKU identifiers.
+     */
+    ids?: string[];
+    /**
+     * Filter product-type catalogs by GTIN identifiers for cross-retailer catalog matching. Accepts standard GTIN formats (GTIN-8, UPC-A/GTIN-12, EAN-13/GTIN-13, GTIN-14). Only applicable when type is 'product'.
+     */
+    gtins?: string[];
+    /**
+     * Filter catalog to items with these tags. Tags are matched using OR logic — items matching any tag are included.
+     */
+    tags?: string[];
+    /**
+     * Filter catalog to items in this category (e.g., 'beverages/soft-drinks', 'chef-positions').
+     */
+    category?: string;
+    /**
+     * Natural language filter for catalog items (e.g., 'all pasta sauces under $5', 'amsterdam vacancies').
+     */
+    query?: string;
+    /**
+     * Event types that represent conversions for items in this catalog. Declares what events the platform should attribute to catalog items — e.g., a job catalog converts via submit_application, a product catalog via purchase. The event's content_ids field carries the item IDs that connect back to catalog items. Use content_id_type to declare what identifier type content_ids values represent.
+     */
+    conversion_events?: EventType[];
+    content_id_type?: ContentIDType;
+    /**
+     * Declarative normalization rules for external feeds. Maps non-standard feed field names, date formats, price encodings, and image URLs to the AdCP catalog item schema. Applied during sync_catalogs ingestion. Supports field renames, named transforms (date, divide, boolean, split), static literal injection, and assignment of image URLs to typed asset pools.
+     */
+    feed_field_mappings?: CatalogFieldMapping[];
+    /**
+     * Discriminator identifying this as a catalog asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'catalog';
+}
+
+/**
+ * Declares how a field in an external feed maps to the AdCP catalog item schema. Used in sync_catalogs feed_field_mappings to normalize non-AdCP feeds (Google Merchant Center, LinkedIn Jobs XML, hotel XML, etc.) to the standard catalog item schema without requiring the buyer to preprocess every feed. Multiple mappings can assemble a nested object via dot notation (e.g., separate mappings for price.amount and price.currency).
+ */
+export interface CatalogFieldMapping {
+    /**
+     * Field name in the external feed record. Omit when injecting a static literal value (use the value property instead).
+     */
+    feed_field?: string;
+    /**
+     * Target field on the catalog item schema, using dot notation for nested fields (e.g., 'name', 'price.amount', 'location.city'). Mutually exclusive with asset_group_id.
+     */
+    catalog_field?: string;
+    /**
+     * Places the feed field value (a URL) into a typed asset pool on the catalog item's assets array. The value is wrapped as an image or video asset in a group with this ID. Use standard group IDs: 'images_landscape', 'images_vertical', 'images_square', 'logo', 'video'. Mutually exclusive with catalog_field.
+     */
+    asset_group_id?: string;
+    /**
+     * Static literal value to inject into catalog_field for every item, regardless of what the feed contains. Mutually exclusive with feed_field. Useful for fields the feed omits (e.g., currency when price is always USD, or a constant category value).
+     */
+    value?: unknown;
+    /**
+     * Named transform to apply to the feed field value before writing to the catalog schema. See transform-specific parameters (format, timezone, by, separator).
+     */
+    transform?: 'date' | 'divide' | 'boolean' | 'split';
+    /**
+     * For transform 'date': the input date format string (e.g., 'YYYYMMDD', 'MM/DD/YYYY', 'DD-MM-YYYY'). Output is always ISO 8601 (e.g., '2025-03-01'). Uses Unicode date pattern tokens.
+     */
+    format?: string;
+    /**
+     * For transform 'date': the timezone of the input value. IANA timezone identifier (e.g., 'UTC', 'America/New_York', 'Europe/Amsterdam'). Defaults to UTC when omitted.
+     */
+    timezone?: string;
+    /**
+     * For transform 'divide': the divisor to apply (e.g., 100 to convert integer cents to decimal dollars).
+     */
+    by?: number;
+    /**
+     * For transform 'split': the separator character or string to split on. Defaults to ','.
+     */
+    separator?: string;
+    /**
+     * Fallback value to use when feed_field is absent, null, or empty. Applied after any transform would have been applied. Allows optional feed fields to have a guaranteed baseline value.
+     */
+    default?: unknown;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Catalog type. Structural types: 'offering' (AdCP Offering objects), 'product' (ecommerce entries), 'inventory' (stock per location), 'store' (physical locations), 'promotion' (deals and pricing). Vertical types: 'hotel', 'flight', 'job', 'vehicle', 'real_estate', 'education', 'destination', 'app' — each with an industry-specific item schema.
+ */
+export type CatalogType = 'offering' | 'product' | 'inventory' | 'store' | 'promotion' | 'hotel' | 'flight' | 'job' | 'vehicle' | 'real_estate' | 'education' | 'destination' | 'app';
+
+/**
+ * Cloud storage protocol
+ */
+export type CloudStorageProtocol = 's3' | 'gcs' | 'azure_blob';
+
+/**
+ * Identifier type that the event's content_ids field should be matched against for items in this catalog. For example, 'gtin' means content_ids values are Global Trade Item Numbers, 'sku' means retailer SKUs. Omit when using a custom identifier scheme not listed in the enum.
+ */
+export type ContentIDType = 'sku' | 'gtin' | 'offering_id' | 'job_id' | 'hotel_id' | 'flight_id' | 'vehicle_id' | 'listing_id' | 'store_id' | 'program_id' | 'destination_id' | 'app_id';
+
+/**
+ * Opaque correlation data that is echoed unchanged in responses. Used for internal tracking, UI session IDs, trace IDs, and other caller-specific identifiers that don't affect protocol behavior. Context data is never parsed by AdCP agents - it's simply preserved and returned.
+ */
+export interface ContextObject {
+}
+
+/**
+ * Action taken for this creative during this sync operation (lifecycle operation, not approval state).
+ */
+export type CreativeAction = 'created' | 'updated' | 'unchanged' | 'failed' | 'deleted';
+
+/**
+ * Creative asset for upload to library — supports static assets, generative formats, and third-party snippets. Identifies which format this creative conforms to via EITHER a v1 `format_id` (structured `{agent_url, id}`) OR v2 `format_kind` (canonical format name). Mutually exclusive — see the `oneOf` at the schema root.
+ */
+export type CreativeAsset = {
+    /**
+     * Unique identifier for the creative. Stable across v1 and v2 paths — a creative registered against v1 `format_id` retains the same `creative_id` when later viewed via v2 flatten.
+     */
+    creative_id: string;
+    /**
+     * Human-readable creative name
+     */
+    name: string;
+    format_id?: FormatReferenceStructuredObject;
+    format_kind?: CanonicalFormatKind;
+    /**
+     * v2 path, optional. Stable identifier matching one of the seller's product `format_options[i].capability_id` values. REQUIRED only when the target product has multiple `format_options` entries sharing the same `format_kind`.
+     */
+    capability_id?: string;
+    /**
+     * Assets required by the format, keyed by asset_id. Each slot value is either a single asset object or an array of asset objects (for slots with `min`/`max > 1` like carousel `cards` or responsive_creative `headlines`). Each asset value carries an `asset_type` discriminator that selects the matching asset schema.
+     */
+    assets: {
+        /**
+         * This interface was referenced by `undefined`'s JSON-Schema definition
+         * via the `patternProperty` "^[a-z0-9_]+$".
+         */
+        [k: string]: AssetVariant | AssetVariant[];
+    };
+    /**
+     * Preview contexts for generative formats - defines what scenarios to generate previews for
+     */
+    inputs?: {
+        /**
+         * Human-readable name for this preview variant
+         */
+        name: string;
+        /**
+         * Macro values to apply for this preview
+         */
+        macros?: {
+            [k: string]: string | undefined;
+        };
+        /**
+         * Natural language description of the context for AI-generated content
+         */
+        context_description?: string;
+    }[];
+    /**
+     * User-defined tags for organization and searchability
+     */
+    tags?: string[];
+    status?: CreativeStatus;
+    /**
+     * Optional delivery weight for creative rotation when uploading via create_media_buy or update_media_buy (0-100). If omitted, platform determines rotation. Only used during upload to media buy - not stored in creative library.
+     * @minimum 0
+     * @maximum 100
+     */
+    weight?: number;
+    /**
+     * Optional array of placement IDs where this creative should run when uploading via create_media_buy or update_media_buy. References placement_id values from the product's placements array. If omitted, creative runs on all placements. Only used during upload to media buy - not stored in creative library.
+     */
+    placement_ids?: string[];
+    /**
+     * Industry-standard identifiers for this creative (e.g., Ad-ID, ISCI, Clearcast clock number). In broadcast buying, these identifiers tie the creative to rotation instructions and traffic systems. A creative may have multiple identifiers when different systems reference the same asset.
+     */
+    industry_identifiers?: IndustryIdentifier[];
+    provenance?: Provenance;
+} & (V1CreativeNamedFormatReference | V2CreativeCanonicalFormatKind);
+
+/**
+ * Industry-standard identifier types for advertising creatives. These identifiers are managed by external registries and used across the supply chain to track and reference specific creative assets.
+ */
+export type CreativeIdentifierType = 'ad_id' | 'isci' | 'clearcast_clock';
+
+/**
+ * For generative creatives: set to 'approved' to finalize, 'rejected' to request regeneration with updated assets/message. Omit for non-generative creatives (system will set based on processing state).
+ */
+export type CreativeStatus = 'processing' | 'pending_review' | 'approved' | 'rejected' | 'archived';
+
+/**
+ * DAAST (Digital Audio Ad Serving Template) tag for third-party audio ad serving
+ */
+export type DAASTAsset = {
+    /**
+     * Discriminator identifying this as a DAAST asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'daast';
+    daast_version?: DAASTVersion;
+    /**
+     * Expected audio duration in milliseconds (if known)
+     * @minimum 0
+     */
+    duration_ms?: number;
+    /**
+     * Tracking events supported by this DAAST tag
+     */
+    tracking_events?: DAASTTrackingEvent[];
+    /**
+     * Whether companion display ads are included
+     */
+    companion_ads?: boolean;
+    /**
+     * URL to text transcript of the audio content
+     */
+    transcript_url?: string;
+    provenance?: Provenance;
+} & ({
+    /**
+     * Discriminator indicating DAAST is delivered via URL endpoint
+     */
+    delivery_type: 'url';
+    /**
+     * URL endpoint that returns DAAST XML
+     */
+    url: string;
+} | {
+    /**
+     * Discriminator indicating DAAST is delivered as inline XML content
+     */
+    delivery_type: 'inline';
+    /**
+     * Inline DAAST XML content
+     */
+    content: string;
+});
+
+/**
+ * Tracking events for audio ads. Aligned to the IAB DAAST 1.1 `Tracking@event` enumeration from §3.2.1.7 of the spec (creativeView, start, firstQuartile, midpoint, thirdQuartile, complete, mute, unmute, pause, rewind, resume, skip, progress) — plus `close` (referenced descriptively in DAAST 1.1 §3.2.4.2 contrasting it with `skip`), and AdCP-flattened representations of the `Impression`, `Error`, and click elements (`<Impression>`, `<Error>`, and the click children of `<AdInteractions>`) so a single declared list can cover everything a measurement vendor wants to track. `viewable` / `notViewable` / `viewUndetermined` and `measurableImpression` / `viewableImpression` are AdCP extensions for OM-SDK Audio measurability signals (DAAST 1.1 itself does not define a `<ViewableImpression>` element). DAAST 1.1 audio-incompatible video events are deliberately omitted: no `loaded`, `playerExpand` / `playerCollapse`, `fullscreen` / `exitFullscreen`, `acceptInvitation`, `adExpand` / `adCollapse`, `minimize`, `overlayViewDuration`, or `interactiveStart`.
+ */
+export type DAASTTrackingEvent = 'impression' | 'creativeView' | 'start' | 'firstQuartile' | 'midpoint' | 'thirdQuartile' | 'complete' | 'mute' | 'unmute' | 'pause' | 'resume' | 'rewind' | 'skip' | 'progress' | 'clickTracking' | 'customClick' | 'close' | 'error' | 'viewable' | 'notViewable' | 'viewUndetermined' | 'measurableImpression' | 'viewableImpression';
+
+/**
+ * DAAST specification version
+ */
+export type DAASTVersion = '1.0' | '1.1';
+
+/**
+ * IPTC-aligned classification of AI involvement in producing this content
+ */
+export type DigitalSourceType = 'digital_capture' | 'digital_creation' | 'trained_algorithmic_media' | 'composite_with_trained_algorithmic_media' | 'algorithmic_media' | 'composite_capture' | 'composite_synthetic' | 'human_edits' | 'data_driven_media';
+
+/**
+ * How long the disclosure must persist during content playback or display
+ */
+export type DisclosurePersistence = 'continuous' | 'initial' | 'flexible';
+
+/**
+ * Where a required disclosure should appear within a creative. Used by creative briefs to specify disclosure placement and by formats to declare which positions they can render.
+ */
+export type DisclosurePosition = 'prominent' | 'footer' | 'audio' | 'subtitle' | 'overlay' | 'end_card' | 'pre_roll' | 'companion';
+
+/**
+ * How provenance data is carried within the content
+ */
+export type EmbeddedProvenanceMethod = 'manifest_wrapper' | 'provenance_markers';
+
+/**
+ * Standard marketing event types for event logging, aligned with IAB ECAPI
+ */
+export type EventType = 'page_view' | 'view_content' | 'select_content' | 'select_item' | 'search' | 'share' | 'add_to_cart' | 'remove_from_cart' | 'viewed_cart' | 'add_to_wishlist' | 'initiate_checkout' | 'add_payment_info' | 'purchase' | 'refund' | 'lead' | 'qualify_lead' | 'close_convert_lead' | 'disqualify_lead' | 'complete_registration' | 'subscribe' | 'start_trial' | 'app_install' | 'app_launch' | 'contact' | 'schedule' | 'donate' | 'submit_application' | 'custom';
+
+/**
+ * Extension object for platform-specific, vendor-namespaced parameters. Extensions are always optional and must be namespaced under a vendor/platform key (e.g., ext.gam, ext.roku). Used for custom capabilities, partner-specific configuration, and features being proposed for standardization.
+ */
+export interface ExtensionObject {
+}
+
+/**
+ * Format of the external feed at url. Required when url points to a non-AdCP feed (e.g., Google Merchant Center XML, Meta Product Catalog). Omit for offering-type catalogs where the feed is native AdCP JSON.
+ */
+export type FeedFormat = 'google_merchant_center' | 'facebook_catalog' | 'shopify' | 'linkedin_jobs' | 'custom';
+
+/**
+ * A JSON object — never a plain string — that identifies a creative format by its declaring agent and local slug. Required properties: agent_url (URI of the agent that owns the format) and id (slug matching [a-zA-Z0-9_-]+). Example: {"agent_url": "https://creative.adcontextprotocol.org", "id": "display_300x250"}. Can reference: (1) a concrete format with fixed dimensions (id only), (2) a template format without parameters (id only), or (3) a template format with parameters (id + dimensions/duration). Template formats accept parameters in format_id while concrete formats have fixed dimensions in their definition. Parameterized format IDs create unique, specific format variants. Using a plain string here is a schema violation.
+ */
+export interface FormatReferenceStructuredObject {
+    /**
+     * URL of the agent that defines this format (e.g., 'https://creative.adcontextprotocol.org' for standard formats, or 'https://publisher.com/.well-known/adcp/sales' for custom formats). Callers comparing two `format-id` values MUST canonicalize `agent_url` per the AdCP URL canonicalization rules before treating two formats as the same. See docs/reference/url-canonicalization.
+     */
+    agent_url: string;
+    /**
+     * Format identifier within the agent's namespace (e.g., 'display_static', 'video_hosted', 'audio_standard'). When used alone, references a template format. When combined with dimension/duration fields, creates a parameterized format ID for a specific variant.
+     * @pattern ^[a-zA-Z0-9_-]+$
+     */
+    id: string;
+    /**
+     * Width in pixels for visual formats. When specified, height must also be specified. Both fields together create a parameterized format ID for dimension-specific variants.
+     * @minimum 1
+     */
+    width?: number;
+    /**
+     * Height in pixels for visual formats. When specified, width must also be specified. Both fields together create a parameterized format ID for dimension-specific variants.
+     * @minimum 1
+     */
+    height?: number;
+    /**
+     * Duration in milliseconds for time-based formats (video, audio). When specified, creates a parameterized format ID. Omit to reference a template format without parameters.
+     * @minimum 1
+     */
+    duration_ms?: number;
+}
+
+/**
+ * Whether the video uses a constant or variable frame rate. Broadcast and SSAI contexts require constant frame rate for seamless splicing.
+ */
+export type FrameRateType = 'constant' | 'variable';
+
+/**
+ * Group of Pictures structure. SSAI and broadcast require closed GOPs for clean splice points; open GOPs may produce artifacts at ad boundaries.
+ */
+export type GOPType = 'closed' | 'open';
+
+/**
+ * Inline HTML content asset. For URL-delivered HTML5 banner bundles, use the zip asset type instead. For single-URL iframe-rendered tag references, use the url asset type with an appropriate url_type.
+ */
+export interface HTMLAsset {
+    /**
+     * Discriminator identifying this as an HTML asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'html';
+    /**
+     * HTML content
+     */
+    content: string;
+    /**
+     * HTML version (e.g., 'HTML5')
+     */
+    version?: string;
+    /**
+     * Self-declared accessibility properties for this opaque creative
+     */
+    accessibility?: {
+        /**
+         * Text alternative describing the creative content
+         */
+        alt_text?: string;
+        /**
+         * Whether the creative can be fully operated via keyboard
+         */
+        keyboard_navigable?: boolean;
+        /**
+         * Whether the creative respects prefers-reduced-motion or provides pause/stop controls
+         */
+        motion_control?: boolean;
+        /**
+         * Whether the creative has been tested with screen readers
+         */
+        screen_reader_tested?: boolean;
+    };
+    provenance?: Provenance;
+}
+
+/**
+ * HTTP method
+ */
+export type HTTPMethod = 'GET' | 'POST';
+
+/**
+ * Override logo asset.
+ */
+export interface ImageAsset {
+    /**
+     * Discriminator identifying this as an image asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'image';
+    /**
+     * URL to the image asset
+     */
+    url: string;
+    /**
+     * Width in pixels
+     * @minimum 1
+     */
+    width: number;
+    /**
+     * Height in pixels
+     * @minimum 1
+     */
+    height: number;
+    /**
+     * Image file format (jpg, png, gif, webp, etc.)
+     */
+    format?: string;
+    /**
+     * Alternative text for accessibility
+     */
+    alt_text?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * An industry-standard identifier for an advertising creative (e.g., Ad-ID, ISCI, Clearcast clock number). These identifiers are managed by external registries and used across the supply chain to track and reference specific creative assets.
+ */
+export interface IndustryIdentifier {
+    type: CreativeIdentifierType;
+    /**
+     * The identifier value (e.g., 'ABCD1234000H' for Ad-ID)
+     * @maxLength 64
+     */
+    value: string;
+}
+
+/**
+ * Inline JavaScript content asset. For URL-delivered third-party tag scripts, use the url asset type with url_type 'tracker_script'. For HTML5 banner bundles that include JavaScript, use the zip asset type.
+ */
+export interface JavaScriptAsset {
+    /**
+     * Discriminator identifying this as a JavaScript asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'javascript';
+    /**
+     * JavaScript content
+     */
+    content: string;
+    module_type?: JavaScriptModuleType;
+    /**
+     * Self-declared accessibility properties for this opaque creative
+     */
+    accessibility?: {
+        /**
+         * Text alternative describing the creative content
+         */
+        alt_text?: string;
+        /**
+         * Whether the creative can be fully operated via keyboard
+         */
+        keyboard_navigable?: boolean;
+        /**
+         * Whether the creative respects prefers-reduced-motion or provides pause/stop controls
+         */
+        motion_control?: boolean;
+        /**
+         * Whether the creative has been tested with screen readers
+         */
+        screen_reader_tested?: boolean;
+    };
+    provenance?: Provenance;
+}
+
+/**
+ * JavaScript module type
+ */
+export type JavaScriptModuleType = 'esm' | 'commonjs' | 'script';
+
+/**
+ * Markdown-formatted text content following CommonMark specification
+ */
+export interface MarkdownAsset {
+    /**
+     * Discriminator identifying this as a markdown asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'markdown';
+    /**
+     * Markdown content following CommonMark spec with optional GitHub Flavored Markdown extensions
+     */
+    content: string;
+    /**
+     * Language code (e.g., 'en', 'es', 'fr')
+     */
+    language?: string;
+    markdown_flavor?: MarkdownFlavor;
+    /**
+     * Whether raw HTML blocks are allowed in the markdown. False recommended for security.
+     */
+    allow_raw_html?: boolean;
+}
+
+/**
+ * Markdown flavor used. CommonMark for strict compatibility, GFM for tables/task lists/strikethrough.
+ */
+export type MarkdownFlavor = 'commonmark' | 'gfm';
+
+/**
+ * Position of the moov atom in an MP4 container. 'start' enables progressive download without buffering the entire file; required for streaming ad delivery.
+ */
+export type MoovAtomPosition = 'start' | 'end';
+
+/**
+ * Account-level webhook subscription for notifications whose lifecycle outlives any single media buy — creative state changes, library purges, wholesale feed change webhooks, and future account-scoped events. Distinct from `push-notification-config.json`, which anchors at a per-resource operation (a single task or media buy). An account MAY register multiple notification configs to fan a single seller's events out to multiple buyer-side endpoints; each entry filters by `event_types`. As with push-notification-config, the default signing scheme is the AdCP RFC 9421 webhook profile against the seller's brand.json `agents[]` JWKS; the optional `authentication` block opts into the deprecated Bearer / HMAC-SHA256 fallback for compatibility. Credentials and shared secrets in `authentication.credentials` are write-only — sellers MUST NOT echo them back in `list_accounts` responses. Sellers MUST verify endpoint control before activating account-level notification configs for high-volume event families such as wholesale feed changes; delivery-time SSRF validation still applies to every fire.
+ */
+export interface NotificationConfig {
+    /**
+     * Buyer-supplied identifier for this subscription endpoint. Echoed on every webhook payload and on every `webhook_activity[]` record fired against this config so the buyer can attribute fires across multiple endpoints. MUST be unique within the account's `notification_configs[]` — uniqueness is enforced by the seller at registration time; duplicates are rejected with `errors[]`. Always required (even with a single subscriber) so the SDK contract is uniform — no conditional required-when-multiple rules to trip up implementations. Format is opaque — recommended values are short kebab-case slugs (`buyer-primary`, `audit-bus`, `dx-team`).
+     * @minLength 1
+     * @maxLength 64
+     * @pattern ^[A-Za-z0-9_.:-]{1,64}$
+     */
+    subscriber_id: string;
+    /**
+     * Webhook endpoint URL. Same wire contract as `push-notification-config.url` — `format: "uri"`, no destination-port allowlist enforced by the protocol, SSRF protection via the IP-range check defined in docs/building/by-layer/L1/security.mdx#webhook-url-validation-ssrf. For wholesale feed subscribers, sellers MUST complete an activation challenge or equivalent proof-of-control before treating the subscriber as active.
+     */
+    url: string;
+    /**
+     * Notification types this subscriber wishes to receive on the registered `url`. The seller MUST NOT fire other types against this endpoint, and MUST NOT silently widen the filter when new types are added to `notification-type.json`. When omitted, the seller MUST default to a no-fire policy and surface an `errors[]` entry on `sync_accounts` so the buyer notices the missing filter. Values are drawn from `notification-type.json`, but only types whose contract anchors at the account scope are valid here — creative lifecycle events and wholesale feed change payloads are valid; media-buy-anchored types (`scheduled`, `final`, `delayed`, `adjusted`, `impairment`) belong on a media buy's `push_notification_config`, not on this surface; sellers MUST reject those entries as per-account validation failures with `INVALID_REQUEST` or `VALIDATION_ERROR` and `error.field` pointing at the invalid `event_types` entry rather than silently dropping them.
+     */
+    event_types: NotificationType[];
+    /**
+     * Legacy authentication selector. Same precedence and semantics as `push-notification-config.authentication` — presence opts the seller into Bearer or HMAC-SHA256 signing; absence selects the default RFC 9421 webhook profile keyed off the seller's brand.json `agents[]` JWKS. The same signed-registration downgrade-resistance rules apply to accounts[].notification_configs[].authentication. Deprecated; removed in AdCP 4.0. Credentials are write-only and MUST NOT be echoed on `list_accounts` reads.
+     */
+    authentication?: {
+        schemes: AuthenticationScheme[];
+        /**
+         * Credentials for the legacy scheme. Bearer: token. HMAC-SHA256: shared secret. Minimum 32 characters. Exchanged out-of-band during onboarding. Write-only.
+         * @minLength 32
+         */
+        credentials: string;
+    };
+    /**
+     * When false, the seller persists the configuration but suppresses fires. Use to pause a noisy subscriber without losing the registration. Sellers MUST NOT skip persisting the entry when `active: false` — the buyer's next `sync_accounts` MUST observe the same array, otherwise the buyer cannot distinguish pause from drop.
+     */
+    active?: boolean;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Type of push notification fired by a seller agent. Media-buy-anchored notifications (`scheduled`, `final`, `delayed`, `adjusted`, `impairment`) fire against a media buy's `push_notification_config`. Account-anchored notifications (`creative.status_changed`, `creative.purged`, `product.*`, `signal.*`, `wholesale_feed.bulk_change`) fire against an account's `notification_configs[]` entries whose `event_types` include the value — these outlive any single media buy and anchor at the account. Wholesale feed notifications carry the actual change payload in `/schemas/core/wholesale-feed-webhook.json`; receivers use `get_products` / `get_signals` with `if_wholesale_feed_version` to repair or reconcile. New notification types added to this enum MUST declare their anchor (media-buy or account) and per-type `notification_id` semantics in the enumDescription. Sellers MUST reject `notification_configs[]` entries whose `event_types` include any media-buy-anchored type, and MUST reject `push_notification_config` registrations for account-anchored types.
+ */
+export type NotificationType = 'scheduled' | 'final' | 'delayed' | 'adjusted' | 'impairment' | 'creative.status_changed' | 'creative.purged' | 'product.created' | 'product.updated' | 'product.priced' | 'product.removed' | 'signal.created' | 'signal.updated' | 'signal.priced' | 'signal.removed' | 'wholesale_feed.bulk_change';
+
+/**
+ * Payment terms agreed for this account. Binding for all invoices when the account is active.
+ */
+export type PaymentTerms = 'net_15' | 'net_30' | 'net_45' | 'net_60' | 'net_90' | 'prepay';
+
+/**
+ * REQUIRED when `format_kind: "custom"`; otherwise MUST be absent. URI+digest reference to a fetchable schema describing this custom shape's actual `params` and `slots`. Same hosting model as `platform_extensions`: open-ecosystem publishers host the artifact at the canonical URI on their subdomain; closed-platform / walled-garden shapes resolve through the AAO mirror at `https://creative.adcontextprotocol.org/translated/...`. Buyer agents fetch by `uri@digest` (immutable per digest, aggressive caching, `Cache-Control: public, max-age=31536000, immutable`), validate `params` and `slots` against the fetched schema, and reason about manifests structurally — same mechanic as platform_extensions but at the format-structure level. Without `format_schema`, custom shapes would be opaque to buyer agents and the protocol would regress to per-seller integration code; that's why the schema is required, not optional.
+ *
+ * **Fetch contract (normative)** — `format_schema` is load-bearing for validation (unlike `platform_extensions`, which is informational on the *consumption* side). The *transport* rules below apply identically to BOTH fields — any SDK fetching a `platform-extension-ref.json` URI MUST apply this contract regardless of whether the field name is `format_schema` or `platform_extensions`. A shared SDK fetch path that drops to the weakest bar undermines `format_schema`'s hardening. The consumption distinction (load-bearing vs informational) is about *what the body means*; the transport distinction is `https`-and-allowlisted regardless.
+ *
+ * - **Transport**: `https` only. Buyers MUST reject `http://`, `file://`, `data:`, and any non-`https` scheme. The URI MUST resolve to a JSON document that is itself a valid JSON Schema (Draft 07 or 2020-12; producers MUST declare `$schema`).
+ * - **SSRF protection**: buyers MUST resolve the URI hostname and reject if any resolved address is in RFC 1918 private space (`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`), loopback (`127.0.0.0/8`, `::1`), link-local (`169.254.0.0/16`, `fe80::/10`), CGNAT (`100.64.0.0/10`), or any RFC 6761 special-use name (`.local`, `.localhost`, `.internal`, `.test`, `.example`, `.invalid`). Cloud metadata endpoints (`169.254.169.254`, `metadata.google.internal`, `kubernetes.default.svc`) are explicitly forbidden — these are credential-leak primitives. Buyers MUST pin the connection to the resolved IP (or re-resolve and re-validate the allowlist per request) to defeat DNS rebinding.
+ * - **HTTP redirects**: MUST be disabled. If a follow is implemented at all, the redirect target MUST pass the same scheme + SSRF + allowlist checks; otherwise the fetch hard-fails. Open redirects on same-origin paths are otherwise a free SSRF primitive.
+ * - **Response size cap**: response body MUST be capped at 1 MiB. Enforce during streaming, not after full buffering. Over-cap hard-fails identically to digest mismatch.
+ * - **Timeout**: SDKs SHOULD apply a fetch timeout ≤5 seconds. Timeout SHOULD be treated identically to an HTTP 5xx response (transient — retry policy at the SDK's discretion; on persistent failure surface as unresolved and skip the declaration for this session).
+ * - **Digest verification**: SHA-256 of the response body MUST equal `digest`. **Digest mismatch is a hard fail** — the buyer MUST treat the format declaration as unresolvable and MUST NOT validate manifests against the mismatched body. A divergent digest is either a malicious substitution or producer error; either way, falling back to the un-verified body breaks the trust model. Digest format: `sha256:` prefix + 64 lowercase hex characters. Cache key is `uri@digest`; digest mismatch MUST NOT be cached as a negative result keyed on `uri` alone (defeats CDN-flap recovery), and MUST be distinguishable in telemetry from network 5xx / 404 (sustained mismatch is a substitution-attack signal, not a flap).
+ * - **Sandboxing of `$ref`**: fetched schemas MAY use `$ref`. Buyers MUST resolve `$ref` only to URIs that are (a) same-origin as the parent `format_schema.uri` after RFC 3986 §6 normalization (lowercase scheme + host, strip default port, normalize path dot-segments, no userinfo component), OR (b) hosted under the AAO catalog domain (`https://creative.adcontextprotocol.org/...`), OR (c) intra-document JSON Pointer refs (`#/...`) bounded to the parent document's parsed tree. Cross-origin `$ref` to arbitrary URIs MUST be rejected. `$ref: file://...` MUST be rejected unconditionally. Transitive `$ref` chains MUST be bounded at depth ≤8 AND `$ref` count ≤256 across the resolved tree (depth 8 with breadth 100 per level is 10^16 nodes — depth alone is not enough). Publishers SHOULD inline rather than $ref where possible.
+ * - **Schema-compile bounds (DoS protection)**: validators MUST bound CPU/memory on fetched schemas. Recommended: compiled-schema keyword count ≤10 000, `pattern` regexes evaluated with a non-backtracking engine (re2) OR under a per-pattern timeout, per-manifest validation budget ≤250 ms (exceeded budget → treat manifest as invalid, surface telemetry signal). Without these, a 'valid' schema with catastrophic regex backtracking or exponential `allOf`/`anyOf` expansion pins a CPU forever.
+ * - **Cache**: buyers cache fetched schemas by `uri@digest` and treat them as immutable (the same hosting contract as `platform_extensions`). On `404`, network partition, or persistent fetch failure, buyers SHOULD degrade gracefully (treat the declaration as unresolved, skip it for the current `get_products` response, surface via `errors[]` with the relevant code) rather than failing the entire session.
+ * - **Schema-not-valid handling**: if the fetched body parses as JSON but is not a valid JSON Schema, the buyer MUST treat the declaration as unresolvable (same as digest mismatch) and surface via `errors[]`. Validators MUST NOT attempt partial validation against an invalid schema.
+ * - **AAO catalog trust**: `https://creative.adcontextprotocol.org/*` is a single trust anchor in the same-origin allowlist; compromise of the catalog domain or its CA compromises every buyer agent. Catalog-served bodies MUST be digest-pinned identically to origin fetches (the digest is on the *parent* `format_schema.uri@digest`, not on the catalog response). Future hardening (signed bodies, transparency log) is tracked separately.
+ */
+export interface PlatformExtensionReference {
+    /**
+     * HTTPS URL identifying the extension. `https://` is mandatory — `http://`, `file://`, `data:`, and other schemes are rejected at the schema layer (defense-in-depth on top of the fetch-contract normative rules). The URI base is the owning agent's URL; the path identifies the extension within that agent. Example: 'https://creative.adcontextprotocol.org/translated/meta/extensions/meta_pixel'. The full fetch contract — SSRF allowlist, response-size cap, $ref sandbox, schema-compile bounds — is documented on `product-format-declaration.json#format_schema` and applies to ALL fetches of this reference shape regardless of whether the field is named `format_schema` (load-bearing for validation) or `platform_extensions` (informational); the *transport* rules are identical, only the *consumption* semantics differ.
+     * @pattern ^https:\/\/
+     */
+    uri: string;
+    /**
+     * SHA-256 content digest of the extension definition (sha256:<hex>). Used to detect drift — if the agent revises the extension, the digest changes and cached definitions become invalid.
+     * @pattern ^sha256:[a-f0-9]{64}$
+     */
+    digest: string;
+}
+
+/**
+ * Provenance metadata for this asset, overrides manifest-level provenance
+ */
+export interface Provenance {
+    digital_source_type?: DigitalSourceType;
+    /**
+     * AI system used to generate or modify this content. Aligns with IPTC 2025.1 AI metadata fields and C2PA claim_generator.
+     */
+    ai_tool?: {
+        /**
+         * Name of the AI tool or model (e.g., 'DALL-E 3', 'Stable Diffusion XL', 'Gemini')
+         */
+        name: string;
+        /**
+         * Version identifier for the AI tool or model (e.g., '25.1', '0125', '2.1'). For generative models, use the model version rather than the API version.
+         */
+        version?: string;
+        /**
+         * Organization that provides the AI tool (e.g., 'OpenAI', 'Stability AI', 'Google')
+         */
+        provider?: string;
+    };
+    /**
+     * Level of human involvement in the AI-assisted creation process. Independent of `disclosure.required` — the protocol does not derive disclosure obligations from oversight level. Some regulations include carve-outs for human-edited or human-directed AI output, but those carve-outs have factual prerequisites the schema cannot evaluate. Asserting `edited` or `directed` does not by itself justify `disclosure.required: false`.
+     */
+    human_oversight?: 'none' | 'prompt_only' | 'selected' | 'edited' | 'directed';
+    /**
+     * Party declaring this provenance. Identifies who attached the provenance claim, enabling receiving parties to assess trust.
+     */
+    declared_by?: {
+        /**
+         * URL of the agent or service that declared this provenance
+         */
+        agent_url?: string;
+        /**
+         * Role of the declaring party in the supply chain
+         */
+        role: 'creator' | 'advertiser' | 'agency' | 'platform' | 'tool';
+    };
+    /**
+     * When this provenance claim was made (ISO 8601). Distinct from created_time, which records when the content itself was produced. A provenance claim may be attached well after content creation, for example when retroactively declaring AI involvement for regulatory compliance.
+     * @format date-time
+     */
+    declared_at?: string;
+    /**
+     * When this content was created or generated (ISO 8601)
+     * @format date-time
+     */
+    created_time?: string;
+    /**
+     * C2PA sidecar manifest reference. Links to a detached cryptographic provenance manifest for this content. Note: file-level C2PA bindings break when ad servers transcode, resize, or re-encode assets. For pipelines with intermediaries, consider embedded_provenance as the primary provenance mechanism.
+     */
+    c2pa?: {
+        /**
+         * URL to the C2PA manifest store for this content
+         */
+        manifest_url: string;
+    };
+    /**
+     * Provenance metadata embedded within the content stream. Each entry declares one embedding layer: structured provenance data carried inside the content itself, as distinct from sidecar references (c2pa.manifest_url). Embedded provenance survives operations that break sidecar and file-level bindings: ad-server transcoding, CMS ingestion, copy-paste, reformatting, and CDN re-encoding. For ad-tech pipelines where content passes through multiple intermediaries, embedded provenance is the reliable path for provenance that persists from declaration through delivery. This is a declaration by the embedding party. The receiving party (the seller) is the verifier-of-record: it confirms the claim by calling a governance agent it trusts (typically one published in `creative_policy.accepted_verifiers`).
+     */
+    embedded_provenance?: {
+        method: EmbeddedProvenanceMethod;
+        /**
+         * Standard the embedding conforms to, if any (e.g., 'c2pa' for C2PA Section A.7 text manifest embedding)
+         */
+        standard?: string;
+        /**
+         * Organization that performed the embedding (e.g., 'Encypher', 'Digimarc'). Display label and audit context — not a wire identifier.
+         */
+        provider: string;
+        /**
+         * Buyer's representation that this embedding can be verified by a governance agent on the seller's `creative_policy.accepted_verifiers` list. The `agent_url` MUST match (canonicalized) one of the seller's published `accepted_verifiers[].agent_url` entries; sellers reject `sync_creatives` submissions whose `verify_agent.agent_url` is off-list with `PROVENANCE_VERIFIER_NOT_ACCEPTED`. This is buyer-supplied evidence, not buyer-driven routing — the seller is the verifier-of-record and the seller controls which agent it actually calls (the seller MAY use a different on-list agent if it determines this is more appropriate; the seller does not call buyer-asserted endpoints outside its allowlist). MAY be omitted for self-verifiable embeddings (e.g., a C2PA text manifest with a public key the seller already trusts).
+         */
+        verify_agent?: {
+            /**
+             * URL of the governance agent the buyer represents was used to embed/verify this layer. MUST use the `https://` scheme and MUST appear in the seller's `creative_policy.accepted_verifiers[].agent_url` list (canonicalized per /docs/reference/url-canonicalization: lowercase scheme and host, strip default port, normalize path dot-segments). Sellers MUST NOT call this URL until the canonicalized match is confirmed.
+             * @pattern ^https:\/\/
+             */
+            agent_url: string;
+            /**
+             * Optional `feature_id` the buyer represents the seller should request via `get_creative_features` (e.g., `encypher.markers_present_v2`). SHOULD match the `feature_id` declared on the matching `accepted_verifiers[]` entry, or be omitted to defer the selector to the seller. When the seller's entry pins a `feature_id`, that value wins; when neither side pins, the seller selects from the agent's `governance.creative_features` catalog.
+             */
+            feature_id?: string;
+        };
+        /**
+         * When the provenance data was embedded (ISO 8601)
+         * @format date-time
+         */
+        embedded_at?: string;
+    }[];
+    /**
+     * Content watermarks applied to this asset. Each entry declares one watermarking layer: a content modification that encodes an identifier or fingerprint within the asset. Watermarks differ from embedded provenance: a watermark encodes an identifier (who generated it, who owns it), while embedded provenance carries or references a structured provenance record (the full chain of custody). A single asset may carry both. Aligns with C2PA action taxonomy: c2pa.watermarked.bound (watermark linked to a C2PA manifest) and c2pa.watermarked.unbound (watermark independent of any manifest). This is a declaration by the watermarking party. The receiving party (the seller) is the verifier-of-record: it confirms the claim by calling a governance agent it trusts (typically one published in `creative_policy.accepted_verifiers`).
+     */
+    watermarks?: {
+        media_type: WatermarkMediaType;
+        /**
+         * Organization that applied the watermark (e.g., 'Imatag', 'Steg.AI', 'Encypher'). Display label and audit context — not a wire identifier.
+         */
+        provider: string;
+        /**
+         * Buyer's representation that this watermark can be detected by a governance agent on the seller's `creative_policy.accepted_verifiers` list. The `agent_url` MUST match (canonicalized) one of the seller's published `accepted_verifiers[].agent_url` entries; sellers reject `sync_creatives` submissions whose `verify_agent.agent_url` is off-list with `PROVENANCE_VERIFIER_NOT_ACCEPTED`. This is buyer-supplied evidence, not buyer-driven routing — the seller is the verifier-of-record and the seller controls which agent it actually calls (the seller MAY use a different on-list agent if it determines this is more appropriate; the seller does not call buyer-asserted endpoints outside its allowlist).
+         */
+        verify_agent?: {
+            /**
+             * URL of the governance agent the buyer represents was used to apply/detect this watermark. MUST use the `https://` scheme and MUST appear in the seller's `creative_policy.accepted_verifiers[].agent_url` list (canonicalized per /docs/reference/url-canonicalization: lowercase scheme and host, strip default port, normalize path dot-segments). Sellers MUST NOT call this URL until the canonicalized match is confirmed.
+             * @pattern ^https:\/\/
+             */
+            agent_url: string;
+            /**
+             * Optional `feature_id` the buyer represents the seller should request via `get_creative_features` (e.g., `imatag.watermark_detected`). SHOULD match the `feature_id` declared on the matching `accepted_verifiers[]` entry, or be omitted to defer the selector to the seller. When the seller's entry pins a `feature_id`, that value wins; when neither side pins, the seller selects from the agent's `governance.creative_features` catalog.
+             */
+            feature_id?: string;
+        };
+        c2pa_action?: C2PAWatermarkAction;
+        /**
+         * When the watermark was applied (ISO 8601)
+         * @format date-time
+         */
+        embedded_at?: string;
+    }[];
+    /**
+     * Regulatory disclosure requirements for this content. Indicates whether AI disclosure is required and under which jurisdictions.
+     */
+    disclosure?: {
+        /**
+         * The declaring party's claim that AI disclosure is required for this content under applicable regulations. This is a declared signal carried through the supply chain — useful as a routing and audit input — not a regulatory determination made by the protocol. Receiving parties remain responsible for their own jurisdictional analysis and should not treat `required: false` as compliance cover.
+         */
+        required: boolean;
+        /**
+         * Jurisdictions where disclosure obligations apply
+         */
+        jurisdictions?: {
+            /**
+             * ISO 3166-1 alpha-2 country code (e.g., 'US', 'DE', 'CN')
+             */
+            country: string;
+            /**
+             * Sub-national region code (e.g., 'CA' for California, 'BY' for Bavaria)
+             */
+            region?: string;
+            /**
+             * Regulation identifier (e.g., 'eu_ai_act_article_50', 'ca_sb_942', 'cn_deep_synthesis')
+             */
+            regulation: string;
+            /**
+             * Required disclosure label text for this jurisdiction, in the local language
+             */
+            label_text?: string;
+            /**
+             * How the disclosure should be rendered for this jurisdiction. Expresses the declaring party's intent for persistence and position based on regulatory requirements. Publishers control actual rendering but governance agents can audit whether guidance was followed.
+             */
+            render_guidance?: {
+                persistence?: DisclosurePersistence;
+                /**
+                 * Minimum display duration in milliseconds for initial persistence. Recommended when persistence is initial — without it, the duration is at the publisher's discretion. At serve time the publisher reads this from provenance since the brief is not available.
+                 * @minimum 1
+                 */
+                min_duration_ms?: number;
+                /**
+                 * Preferred disclosure positions in priority order. The first position a format supports should be used.
+                 */
+                positions?: DisclosurePosition[];
+                ext?: ExtensionObject;
+            };
+        }[];
+    };
+    /**
+     * Third-party verification or detection results for this content. Multiple services may independently evaluate the same content. Provenance is a claim — verification results attached by the declaring party are supplementary. The enforcing party (e.g., seller/publisher) should run its own verification via get_creative_features or calibrate_content.
+     */
+    verification?: {
+        /**
+         * Name of the verification service (e.g., 'DoubleVerify', 'Hive Moderation', 'Reality Defender')
+         */
+        verified_by: string;
+        /**
+         * When the verification was performed (ISO 8601)
+         * @format date-time
+         */
+        verified_time?: string;
+        /**
+         * Verification outcome
+         */
+        result: 'authentic' | 'ai_generated' | 'ai_modified' | 'inconclusive';
+        /**
+         * Confidence score of the verification result (0.0 to 1.0)
+         * @minimum 0
+         * @maximum 1
+         */
+        confidence?: number;
+        /**
+         * URL to the full verification report
+         */
+        details_url?: string;
+    }[];
+    ext?: ExtensionObject;
+}
+
+/**
+ * Push notification configuration for async task updates (A2A and REST protocols). Echoed from the request to confirm webhook settings. Specifies URL, authentication scheme (Bearer or HMAC-SHA256), and credentials. MCP uses progress notifications instead of webhooks.
+ */
+export interface PushNotificationConfig {
+    /**
+     * Webhook endpoint URL for task status notifications. The wire contract is unconstrained beyond `format: "uri"` — in particular, publishers SHOULD NOT enforce a destination-port allowlist by default, since buyers legitimately host receivers on non-standard TLS ports (`:9443`, `:4443`, path-routed multi-tenant gateways). The SSRF guard the protocol relies on is the IP-range check + DNS-rebinding-resistant connect pin defined in [Webhook URL validation (SSRF)](/docs/building/by-layer/L1/security#webhook-url-validation-ssrf), not port filtering. Operators who want a hardened destination-port allowlist as defense-in-depth (e.g., locked-down enterprise egress) opt in explicitly — see [Destination port: permissive by default](/docs/building/by-layer/L1/security#destination-port-permissive-by-default).
+     */
+    url: string;
+    /**
+     * Buyer-supplied correlation identifier for the operation that will produce webhooks against this registration. The seller MUST echo this value verbatim into every webhook payload's `operation_id` field (see [`mcp-webhook-payload.json`](/schemas/core/mcp-webhook-payload.json) and [Webhooks — Operation IDs](/docs/building/by-layer/L3/webhooks#operation-ids-and-url-templates)). Buyers SHOULD generate a unique value per task invocation (UUID recommended). This field is the canonical registration channel for `operation_id`; buyers MAY additionally embed the same value in the URL path or query as a routing aid for their own HTTP server, but the URL is opaque to the seller and the wire-level source of truth is this field. Sellers MUST NOT parse the URL to recover `operation_id`. Sellers that receive a webhook registration without `operation_id` MAY reject the task with `INVALID_REQUEST`.
+     * @minLength 1
+     * @maxLength 255
+     * @pattern ^[A-Za-z0-9_.:-]{1,255}$
+     */
+    operation_id?: string;
+    /**
+     * Optional client-provided token for webhook validation. The seller MUST echo this value verbatim in every webhook payload's `token` field (see [`mcp-webhook-payload.json`](/schemas/core/mcp-webhook-payload.json) for the receiver-side validation obligation). Length bounds give receivers a defensive range check on the echoed value; senders SHOULD generate tokens with at least 128 bits of entropy (≥22 base64url characters). This is a complementary authenticity mechanism that can layer on top of the RFC 9421 webhook signature — unlike the `authentication` block below, it is not on the 4.0 removal track. Receivers that registered both a signing key (RFC 9421) and a `token` MUST NOT treat a valid token echo as authorization to skip signature verification; both checks remain independent obligations.
+     * @minLength 16
+     * @maxLength 4096
+     */
+    token?: string;
+    /**
+     * Legacy authentication configuration (A2A-compatible). Opts the seller into Bearer or HMAC-SHA256 signing instead of the default RFC 9421 webhook profile. Deprecated; removed in AdCP 4.0. **Precedence is a switch, not a fallback:** presence of this block selects the legacy scheme; absence selects 9421. A seller MUST NOT sign the same webhook both ways, and a buyer MUST NOT attempt 'try 9421 first, fall back to HMAC' verification — signature mode is determined solely by whether this block was present at registration time. The seller's baseline 9421 webhook-signing key published at its brand.json `agents[]` `jwks_uri` does not override this selector; it is always discoverable but only used when `authentication` is omitted. See docs/building/implementation/security.mdx#webhook-callbacks for the full precedence and downgrade-resistance rules (including the `webhook_mode_mismatch` rejection a buyer MUST apply when a received webhook's signing mode does not match the registered mode).
+     */
+    authentication?: {
+        /**
+         * Array of authentication schemes. Supported: ['Bearer'] for simple token auth, ['HMAC-SHA256'] for legacy shared-secret signing. Both are deprecated; new integrations SHOULD omit `authentication` and use the RFC 9421 webhook profile.
+         */
+        schemes: AuthenticationScheme[];
+        /**
+         * Credentials for the legacy scheme. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding.
+         * @minLength 32
+         */
+        credentials: string;
+    };
+}
+
+/**
+ * A reference asset that provides creative context. Carries visual materials (mood boards, product shots, example creatives) with semantic roles that tell creative agents how to use them.
+ */
+export interface ReferenceAsset {
+    /**
+     * URL to the reference asset (image, video, or document)
+     */
+    url: string;
+    /**
+     * How the creative agent should use this asset. style_reference: match the visual style; product_shot: include this product; mood_board: overall look and feel; example_creative: example of a similar execution; logo: logo to use; strategy_doc: strategy or planning document for context; storyboard: sequential visual direction for video or multi-scene creative
+     */
+    role: 'style_reference' | 'product_shot' | 'mood_board' | 'example_creative' | 'logo' | 'strategy_doc' | 'storyboard';
+    /**
+     * Human-readable description of the asset and how it should inform creative generation
+     */
+    description?: string;
+}
+
+/**
+ * Video scan method. Modern digital delivery requires progressive scan; interlaced is retained for broadcast legacy content.
+ */
+export type ScanType = 'progressive' | 'interlaced';
+
+/**
+ * Current task execution state. Indicates whether the task is completed, in progress (working), submitted for async processing, failed, or requires user input. REQUIRED on every task response envelope. Synchronous tasks (including read-only metadata calls like `get_adcp_capabilities`) MUST emit `status: "completed"`; async tasks emit `submitted`, `working`, `input-required`, etc. per their lifecycle. Agents MUST NOT emit the legacy task_status or response_status fields alongside this field — the status field is the single authoritative task state.
+ */
+export type TaskStatus = 'submitted' | 'working' | 'input-required' | 'completed' | 'canceled' | 'failed' | 'rejected' | 'auth-required' | 'unknown';
+
+/**
+ * Text content asset
+ */
+export interface TextAsset {
+    /**
+     * Discriminator identifying this as a text asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'text';
+    /**
+     * Text content
+     */
+    content: string;
+    /**
+     * Language code (e.g., 'en', 'es', 'fr')
+     */
+    language?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * URL reference asset. `url_type` declares the mechanism a receiver uses to invoke the URL (clickthrough vs. tracker_pixel vs. tracker_script) and is distinct from the URL's purpose, which the format declares in `url-asset-requirements.role` (clickthrough, landing_page, impression_tracker, click_tracker, viewability_tracker, third_party_tracker). Senders SHOULD include `url_type` on every URL asset. When `url_type` is absent, receivers SHOULD fall back to the format's `url-asset-requirements.role` per this mapping: clickthrough/landing_page → `clickthrough`; impression_tracker/click_tracker → `tracker_pixel`; viewability_tracker → `tracker_script` (OMID and equivalent verification SDKs require a <script> tag — firing them as a pixel produces no measurement); third_party_tracker → no safe fallback (mechanism is integration-specific — DV/IAS ship both pixel and script forms — receivers MAY reject or warn). When neither `url_type` nor a format-side `role` is available, receivers MUST NOT silently pick a mechanism; they SHOULD reject the manifest. Note: VAST/DAAST tag URLs are not URL assets — use `asset_type: "vast"` (or the dedicated tracker types pending RFC #2915), not `asset_type: "url"` with a tracker_pixel mechanism.
+ */
+export interface URLAsset {
+    /**
+     * Discriminator identifying this as a URL asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'url';
+    /**
+     * URL reference. May be a plain URI or an RFC 6570 URI template carrying AdCP universal macros (e.g., `{SKU}`, `{MEDIA_BUY_ID}`). Buyers MUST NOT pre-encode macro braces at sync time; the ad server URL-encodes substituted values at impression time. See docs/creative/universal-macros.mdx.
+     */
+    url: string;
+    url_type?: URLAssetType;
+    /**
+     * Description of what this URL points to
+     */
+    description?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * Mechanism a receiver uses to invoke this URL (distinct from purpose, which lives in `url-asset-requirements.role`): `clickthrough` for user click destination (landing page), `tracker_pixel` for impression/event tracking via HTTP request (fires GET, expects pixel/204 response), `tracker_script` for measurement SDKs that must load as a <script> tag (OMID verification, native event trackers using method:2). SHOULD be present on every URL asset; senders that omit it force the receiver into the role-based fallback described in this schema's top-level description.
+ */
+export type URLAssetType = 'clickthrough' | 'tracker_pixel' | 'tracker_script';
+
+/**
+ * Standardized macro placeholders for dynamic value substitution in creative tracking URLs. Macros are replaced with actual values at impression time. See docs/creative/universal-macros.mdx for detailed documentation.
+ */
+export type UniversalMacro = 'MEDIA_BUY_ID' | 'PACKAGE_ID' | 'CREATIVE_ID' | 'CACHEBUSTER' | 'TIMESTAMP' | 'CLICK_URL' | 'GDPR' | 'GDPR_CONSENT' | 'US_PRIVACY' | 'GPP_STRING' | 'GPP_SID' | 'IP_ADDRESS' | 'LIMIT_AD_TRACKING' | 'DEVICE_TYPE' | 'OS' | 'OS_VERSION' | 'DEVICE_MAKE' | 'DEVICE_MODEL' | 'USER_AGENT' | 'APP_BUNDLE' | 'APP_NAME' | 'COUNTRY' | 'REGION' | 'CITY' | 'ZIP' | 'DMA' | 'LAT' | 'LONG' | 'DEVICE_ID' | 'DEVICE_ID_TYPE' | 'DOMAIN' | 'PAGE_URL' | 'REFERRER' | 'KEYWORDS' | 'PLACEMENT_ID' | 'FOLD_POSITION' | 'AD_WIDTH' | 'AD_HEIGHT' | 'VIDEO_ID' | 'VIDEO_TITLE' | 'VIDEO_DURATION' | 'VIDEO_CATEGORY' | 'CONTENT_GENRE' | 'CONTENT_RATING' | 'PLAYER_WIDTH' | 'PLAYER_HEIGHT' | 'POD_POSITION' | 'POD_SIZE' | 'AD_BREAK_ID' | 'STATION_ID' | 'COLLECTION_NAME' | 'INSTALLMENT_ID' | 'AUDIO_DURATION' | 'TMPX' | 'AXEM' | 'CATALOG_ID' | 'SKU' | 'GTIN' | 'OFFERING_ID' | 'JOB_ID' | 'HOTEL_ID' | 'FLIGHT_ID' | 'VEHICLE_ID' | 'LISTING_ID' | 'STORE_ID' | 'PROGRAM_ID' | 'DESTINATION_ID' | 'CREATIVE_VARIANT_ID' | 'APP_ITEM_ID';
+
+/**
+ * How often the platform should re-fetch the feed from url. Only applicable when url is provided. Platforms may use this as a hint for polling schedules.
+ */
+export type UpdateFrequency = 'realtime' | 'hourly' | 'daily' | 'weekly';
+
+/**
+ * Creative references a named format via the structured `format_id` object. The v1 path; remains supported through 4.x.
+ */
+export interface V1CreativeNamedFormatReference {
+    /**
+     * Unique identifier for the creative. Stable across v1 and v2 paths — a creative registered against v1 `format_id` retains the same `creative_id` when later viewed via v2 flatten.
+     */
+    creative_id: string;
+    /**
+     * Human-readable creative name
+     */
+    name: string;
+    format_id: FormatReferenceStructuredObject;
+    /**
+     * v2 path, optional. Stable identifier matching one of the seller's product `format_options[i].capability_id` values. REQUIRED only when the target product has multiple `format_options` entries sharing the same `format_kind`.
+     */
+    capability_id?: string;
+    /**
+     * Assets required by the format, keyed by asset_id. Each slot value is either a single asset object or an array of asset objects (for slots with `min`/`max > 1` like carousel `cards` or responsive_creative `headlines`). Each asset value carries an `asset_type` discriminator that selects the matching asset schema.
+     */
+    assets: {
+        /**
+         * This interface was referenced by `undefined`'s JSON-Schema definition
+         * via the `patternProperty` "^[a-z0-9_]+$".
+         */
+        [k: string]: AssetVariant | AssetVariant[];
+    };
+    /**
+     * Preview contexts for generative formats - defines what scenarios to generate previews for
+     */
+    inputs?: {
+        /**
+         * Human-readable name for this preview variant
+         */
+        name: string;
+        /**
+         * Macro values to apply for this preview
+         */
+        macros?: {
+            [k: string]: string | undefined;
+        };
+        /**
+         * Natural language description of the context for AI-generated content
+         */
+        context_description?: string;
+    }[];
+    /**
+     * User-defined tags for organization and searchability
+     */
+    tags?: string[];
+    status?: CreativeStatus;
+    /**
+     * Optional delivery weight for creative rotation when uploading via create_media_buy or update_media_buy (0-100). If omitted, platform determines rotation. Only used during upload to media buy - not stored in creative library.
+     * @minimum 0
+     * @maximum 100
+     */
+    weight?: number;
+    /**
+     * Optional array of placement IDs where this creative should run when uploading via create_media_buy or update_media_buy. References placement_id values from the product's placements array. If omitted, creative runs on all placements. Only used during upload to media buy - not stored in creative library.
+     */
+    placement_ids?: string[];
+    /**
+     * Industry-standard identifiers for this creative (e.g., Ad-ID, ISCI, Clearcast clock number). In broadcast buying, these identifiers tie the creative to rotation instructions and traffic systems. A creative may have multiple identifiers when different systems reference the same asset.
+     */
+    industry_identifiers?: IndustryIdentifier[];
+    provenance?: Provenance;
+}
+
+/**
+ * Creative declares which canonical format it targets via `format_kind` (e.g., `image`). The v2 path introduced by RFC #3305.
+ */
+export interface V2CreativeCanonicalFormatKind {
+    /**
+     * Unique identifier for the creative. Stable across v1 and v2 paths — a creative registered against v1 `format_id` retains the same `creative_id` when later viewed via v2 flatten.
+     */
+    creative_id: string;
+    /**
+     * Human-readable creative name
+     */
+    name: string;
+    format_kind: CanonicalFormatKind;
+    /**
+     * v2 path, optional. Stable identifier matching one of the seller's product `format_options[i].capability_id` values. REQUIRED only when the target product has multiple `format_options` entries sharing the same `format_kind`.
+     */
+    capability_id?: string;
+    /**
+     * Assets required by the format, keyed by asset_id. Each slot value is either a single asset object or an array of asset objects (for slots with `min`/`max > 1` like carousel `cards` or responsive_creative `headlines`). Each asset value carries an `asset_type` discriminator that selects the matching asset schema.
+     */
+    assets: {
+        /**
+         * This interface was referenced by `undefined`'s JSON-Schema definition
+         * via the `patternProperty` "^[a-z0-9_]+$".
+         */
+        [k: string]: AssetVariant | AssetVariant[];
+    };
+    /**
+     * Preview contexts for generative formats - defines what scenarios to generate previews for
+     */
+    inputs?: {
+        /**
+         * Human-readable name for this preview variant
+         */
+        name: string;
+        /**
+         * Macro values to apply for this preview
+         */
+        macros?: {
+            [k: string]: string | undefined;
+        };
+        /**
+         * Natural language description of the context for AI-generated content
+         */
+        context_description?: string;
+    }[];
+    /**
+     * User-defined tags for organization and searchability
+     */
+    tags?: string[];
+    status?: CreativeStatus;
+    /**
+     * Optional delivery weight for creative rotation when uploading via create_media_buy or update_media_buy (0-100). If omitted, platform determines rotation. Only used during upload to media buy - not stored in creative library.
+     * @minimum 0
+     * @maximum 100
+     */
+    weight?: number;
+    /**
+     * Optional array of placement IDs where this creative should run when uploading via create_media_buy or update_media_buy. References placement_id values from the product's placements array. If omitted, creative runs on all placements. Only used during upload to media buy - not stored in creative library.
+     */
+    placement_ids?: string[];
+    /**
+     * Industry-standard identifiers for this creative (e.g., Ad-ID, ISCI, Clearcast clock number). In broadcast buying, these identifiers tie the creative to rotation instructions and traffic systems. A creative may have multiple identifiers when different systems reference the same asset.
+     */
+    industry_identifiers?: IndustryIdentifier[];
+    provenance?: Provenance;
+}
+
+/**
+ * VAST (Video Ad Serving Template) tag for third-party video ad serving
+ */
+export type VASTAsset = {
+    /**
+     * Discriminator identifying this as a VAST asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'vast';
+    vast_version?: VASTVersion;
+    /**
+     * Whether VPAID (Video Player-Ad Interface Definition) is supported
+     */
+    vpaid_enabled?: boolean;
+    /**
+     * Expected video duration in milliseconds (if known)
+     * @minimum 0
+     */
+    duration_ms?: number;
+    /**
+     * Tracking events supported by this VAST tag
+     */
+    tracking_events?: VASTTrackingEvent[];
+    /**
+     * URL to captions file (WebVTT, SRT, etc.)
+     */
+    captions_url?: string;
+    /**
+     * URL to audio description track for visually impaired users
+     */
+    audio_description_url?: string;
+    provenance?: Provenance;
+} & ({
+    /**
+     * Discriminator indicating VAST is delivered via URL endpoint
+     */
+    delivery_type: 'url';
+    /**
+     * URL endpoint that returns VAST XML
+     */
+    url: string;
+} | {
+    /**
+     * Discriminator indicating VAST is delivered as inline XML content
+     */
+    delivery_type: 'inline';
+    /**
+     * Inline VAST XML content
+     */
+    content: string;
+});
+
+/**
+ * Tracking events for video ads. Includes the IAB VAST 4.2 `Tracking@event` enumeration (vast_4.2.xsd `TrackingEvents_type`, lines 112–136), plus AdCP-flattened representations of the `Impression`, `Error`, `VideoClicks`, and `ViewableImpression` elements (which live in dedicated VAST elements, not under `<TrackingEvents>` — they are surfaced here so a single declared list can cover everything a measurement vendor wants to track). `fullscreen` / `exitFullscreen` are retained for VAST 2.x / 3.x compatibility (VAST 4.0+ replaced them with `playerExpand` / `playerCollapse`). `measurableImpression` is an AdCP extension for MRC measurability signals.
+ */
+export type VASTTrackingEvent = 'impression' | 'creativeView' | 'loaded' | 'start' | 'firstQuartile' | 'midpoint' | 'thirdQuartile' | 'complete' | 'mute' | 'unmute' | 'pause' | 'resume' | 'rewind' | 'skip' | 'playerExpand' | 'playerCollapse' | 'fullscreen' | 'exitFullscreen' | 'progress' | 'acceptInvitation' | 'adExpand' | 'adCollapse' | 'minimize' | 'overlayViewDuration' | 'otherAdInteraction' | 'interactiveStart' | 'clickTracking' | 'customClick' | 'close' | 'closeLinear' | 'error' | 'viewable' | 'notViewable' | 'viewUndetermined' | 'measurableImpression' | 'viewableImpression';
+
+/**
+ * VAST specification version
+ */
+export type VASTVersion = '2.0' | '3.0' | '4.0' | '4.1' | '4.2';
+
+/**
+ * Validation strictness. 'strict' fails entire sync on any validation error. 'lenient' processes valid catalogs and reports errors.
+ */
+export type ValidationMode = 'strict' | 'lenient';
+
+/**
+ * Video asset with URL and technical specifications including audio track properties
+ */
+export interface VideoAsset {
+    /**
+     * Discriminator identifying this as a video asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'video';
+    /**
+     * URL to the video asset
+     */
+    url: string;
+    /**
+     * Width in pixels
+     * @minimum 1
+     */
+    width: number;
+    /**
+     * Height in pixels
+     * @minimum 1
+     */
+    height: number;
+    /**
+     * Video duration in milliseconds
+     * @minimum 1
+     */
+    duration_ms?: number;
+    /**
+     * File size in bytes
+     * @minimum 1
+     */
+    file_size_bytes?: number;
+    /**
+     * Video container format (mp4, webm, mov, etc.)
+     */
+    container_format?: string;
+    /**
+     * Video codec used (h264, h265, vp9, av1, prores, etc.)
+     */
+    video_codec?: string;
+    /**
+     * Video stream bitrate in kilobits per second
+     * @minimum 1
+     */
+    video_bitrate_kbps?: number;
+    /**
+     * Frame rate as string to preserve precision (e.g., '23.976', '29.97', '30')
+     */
+    frame_rate?: string;
+    frame_rate_type?: FrameRateType;
+    scan_type?: ScanType;
+    /**
+     * Color space of the video
+     */
+    color_space?: 'rec709' | 'rec2020' | 'rec2100' | 'srgb' | 'dci_p3';
+    /**
+     * HDR format if applicable, or 'sdr' for standard dynamic range
+     */
+    hdr_format?: 'sdr' | 'hdr10' | 'hdr10_plus' | 'hlg' | 'dolby_vision';
+    /**
+     * Chroma subsampling format
+     */
+    chroma_subsampling?: '4:2:0' | '4:2:2' | '4:4:4';
+    /**
+     * Video bit depth
+     */
+    video_bit_depth?: 8 | 10 | 12;
+    /**
+     * GOP/keyframe interval in seconds
+     */
+    gop_interval_seconds?: number;
+    gop_type?: GOPType;
+    moov_atom_position?: MoovAtomPosition;
+    /**
+     * Whether the video contains an audio track
+     */
+    has_audio?: boolean;
+    /**
+     * Audio codec used (aac, aac_lc, he_aac, pcm, mp3, ac3, eac3, etc.)
+     */
+    audio_codec?: string;
+    /**
+     * Audio sampling rate in Hz (e.g., 44100, 48000)
+     */
+    audio_sampling_rate_hz?: number;
+    audio_channels?: AudioChannelLayout;
+    /**
+     * Audio bit depth
+     */
+    audio_bit_depth?: 16 | 24 | 32;
+    /**
+     * Audio bitrate in kilobits per second
+     * @minimum 1
+     */
+    audio_bitrate_kbps?: number;
+    /**
+     * Integrated loudness in LUFS
+     */
+    audio_loudness_lufs?: number;
+    /**
+     * True peak level in dBFS
+     */
+    audio_true_peak_dbfs?: number;
+    /**
+     * URL to captions file (WebVTT, SRT, etc.)
+     */
+    captions_url?: string;
+    /**
+     * URL to text transcript of the video content
+     */
+    transcript_url?: string;
+    /**
+     * URL to audio description track for visually impaired users
+     */
+    audio_description_url?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * Media category of the watermarked content
+ */
+export type WatermarkMediaType = 'audio' | 'image' | 'video' | 'text';
+
+/**
+ * Webhook for server-side dynamic content rendering (DCO)
+ */
+export interface WebhookAsset {
+    /**
+     * Discriminator identifying this as a webhook asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'webhook';
+    /**
+     * Webhook URL to call for dynamic content
+     */
+    url: string;
+    method?: HTTPMethod;
+    /**
+     * Maximum time to wait for response in milliseconds
+     * @minimum 10
+     * @maximum 5000
+     */
+    timeout_ms?: number;
+    /**
+     * Universal macros that can be passed to webhook (e.g., DEVICE_TYPE, COUNTRY). See docs/creative/universal-macros.mdx for full list.
+     */
+    supported_macros?: (UniversalMacro | string)[];
+    /**
+     * Universal macros that must be provided for webhook to function
+     */
+    required_macros?: (UniversalMacro | string)[];
+    response_type: WebhookResponseType;
+    /**
+     * Security configuration for webhook calls
+     */
+    security: {
+        method: WebhookSecurityMethod;
+        /**
+         * Header name for HMAC signature (e.g., 'X-Signature')
+         */
+        hmac_header?: string;
+        /**
+         * Header name for API key (e.g., 'X-API-Key')
+         */
+        api_key_header?: string;
+    };
+    provenance?: Provenance;
+}
+
+/**
+ * Expected content type of webhook response
+ */
+export type WebhookResponseType = 'html' | 'json' | 'xml' | 'javascript';
+
+/**
+ * Authentication method
+ */
+export type WebhookSecurityMethod = 'hmac_sha256' | 'api_key' | 'none';
+
+/**
+ * Bundled creative asset delivered as a zip archive — typically an HTML5 banner with index.html plus supporting CSS, JS, images, and fonts. Receivers unpack the zip, validate internal structure, and serve contents from CDN. Distinct from inline HTML (html asset) and from third-party tag URLs (url asset with url_type tracker_script).
+ */
+export interface ZipAsset {
+    /**
+     * Discriminator identifying this as a zip-bundled asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'zip';
+    /**
+     * URL where the zip archive is hosted. Must be HTTPS.
+     */
+    url: string;
+    /**
+     * Maximum file size in kilobytes. Receivers should reject zips exceeding this.
+     * @minimum 0
+     */
+    max_file_size_kb?: number;
+    /**
+     * Relative path to the entry file within the zip (typically 'index.html'). Receivers default to 'index.html' if absent.
+     */
+    entry_point?: string;
+    /**
+     * File extensions permitted inside the zip (e.g., ['html', 'css', 'js', 'png', 'jpg', 'svg', 'webp', 'json', 'woff2']). Receivers may reject zips containing other extensions.
+     */
+    allowed_inner_extensions?: string[];
+    /**
+     * Fallback image URL for environments that cannot render the bundled creative (e.g., non-HTML5 endpoints, ad blockers). Recommended for HTML5 banners.
+     */
+    backup_image_url?: string;
+    /**
+     * Optional SHA-256 content digest of the zip archive (sha256:<hex>) for integrity verification. Lets receivers detect tampered or stale archives.
+     * @pattern ^sha256:[a-f0-9]{64}$
+     */
+    digest?: string;
+    /**
+     * Self-declared accessibility properties for this opaque creative
+     */
+    accessibility?: {
+        /**
+         * Text alternative describing the creative content
+         */
+        alt_text?: string;
+        /**
+         * Whether the creative can be fully operated via keyboard
+         */
+        keyboard_navigable?: boolean;
+        /**
+         * Whether the creative respects prefers-reduced-motion or provides pause/stop controls
+         */
+        motion_control?: boolean;
+        /**
+         * Whether the creative has been tested with screen readers
+         */
+        screen_reader_tested?: boolean;
+    };
+    provenance?: Provenance;
+}