@adcp/sdk 8.1.0-beta.7 → 8.1.0-beta.8

package/dist/lib/types/list-creatives.d.ts

@@ -0,0 +1,2390 @@
+// AUTO-GENERATED — DO NOT EDIT.
+// Per-tool .d.ts slice for `list_creatives`. Built from the published
+// `tools.generated.d.ts` + `core.generated.d.ts` + `enums.generated.d.ts`
+// by `scripts/generate-per-tool-types.ts`.
+//
+// Self-contained: imports nothing from the broader SDK. Adopters who
+// import only this slice pay a fraction of the tsc cost of pulling in
+// `@adcp/sdk` root — useful when strict + skipLibCheck:false adopters
+// hit memory pressure on the full surface.
+
+/**
+ * Request parameters for querying creative assets from a creative library with filtering, sorting, and pagination. Implemented by any agent that hosts a creative library — creative agents (ad servers, creative platforms) and sales agents that manage creatives.
+ */
+export interface ListCreativesRequest {
+    /**
+     * Release-precision AdCP version (VERSION.RELEASE, e.g. "3.0", "3.1", "3.1-beta"). On a request: the buyer's release pin — the seller validates against its supported_versions and returns VERSION_UNSUPPORTED on cross-major mismatch, or downshifts to the highest supported release within the same major. On a response: the release the seller actually served — clients SHOULD validate the response against that release's schema, not against their pin. Patches are not negotiated; surface them as build_version on capabilities for operational visibility. When omitted, falls back to adcp_major_version (deprecated) or server default. Buyers SHOULD emit both adcp_version and adcp_major_version through 3.x to remain compatible with sellers that only read the legacy field. NORMALIZATION: SDKs that read full-semver values from bundle metadata (e.g. ComplianceIndex.published_version = "3.1.0-beta.1") MUST normalize to release-precision ("3.1-beta.1") before emitting on the wire — meta-field values are NOT valid wire values.
+     */
+    adcp_version?: string;
+    /**
+     * DEPRECATED in favor of adcp_version (release-precision string). Servers MUST continue to honor this field through 3.x. Removed in 4.0. Original semantics: the AdCP major version the buyer's payloads conform to. Sellers validate against their supported major_versions and return VERSION_UNSUPPORTED if unsupported. When omitted, the seller assumes its highest supported version.
+     */
+    adcp_major_version?: number;
+    filters?: CreativeFilters;
+    /**
+     * Sorting parameters
+     */
+    sort?: {
+        field?: CreativeSortField;
+        direction?: SortDirection;
+    };
+    pagination?: PaginationRequest;
+    /**
+     * Include package assignment information in response
+     */
+    include_assignments?: boolean;
+    /**
+     * Include a lightweight delivery snapshot per creative (lifetime impressions and last-served date). For detailed performance analytics, use get_creative_delivery.
+     */
+    include_snapshot?: boolean;
+    /**
+     * Include items for multi-asset formats like carousels and native ads
+     */
+    include_items?: boolean;
+    /**
+     * Include dynamic content variable definitions (DCO slots) for each creative
+     */
+    include_variables?: boolean;
+    /**
+     * Include pricing_options on each creative. Requires account to be provided. When false or omitted, pricing is not computed.
+     */
+    include_pricing?: boolean;
+    /**
+     * Include soft-purged creative tombstones in the result set. When true, creatives destroyed via `creative.purged` with `purge_kind: soft` surface as tombstone records carrying `purged: true`, `purged_at`, and the purge reason — within the seller's webhook activity retention window (30 days from `purged_at`, MUST match `webhook-activity-record` retention). Hard-purged creatives MUST NOT appear regardless of this flag. When false or omitted, the result set excludes all purged creatives — same default as today.
+     */
+    include_purged?: boolean;
+    /**
+     * Include recent webhook activity per creative. When true, each returned creative carries a `webhook_activity[]` array of the most recent fires scoped to that creative — `creative.status_changed` and `creative.purged` deliveries. Adoption of the `webhook_activity[]` pattern per `snapshot-and-log.mdx § Webhook activity log pattern`. Retention is 30 days from `completed_at` (MUST). Three-state presence applies: omitted = seller does not surface; `[]` = persists but no recent fires; non-empty = actual records.
+     */
+    include_webhook_activity?: boolean;
+    /**
+     * Maximum number of `webhook_activity[]` records to return per creative. Only meaningful when `include_webhook_activity: true`. Sellers MUST respect the cap; structural enforcement is provided by the response schema's `maxItems: 200` on the array.
+     * @minimum 1
+     * @maximum 200
+     */
+    webhook_activity_limit?: number;
+    account?: AccountReference;
+    /**
+     * Specific fields to include in response (omit for all fields). The 'concept' value returns both concept_id and concept_name.
+     */
+    fields?: ('creative_id' | 'name' | 'format_id' | 'status' | 'created_date' | 'updated_date' | 'tags' | 'assignments' | 'snapshot' | 'items' | 'variables' | 'concept' | 'pricing_options')[];
+    context?: ContextObject;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Response from creative library query with filtered results, metadata, and optional enriched data
+ */
+export interface ListCreativesResponse {
+    /**
+     * Session/conversation identifier for tracking related operations across multiple task invocations. Managed by the protocol layer to maintain conversational context. Distinct from `context` (per-request opaque echo, see below).
+     */
+    context_id?: string;
+    context?: ContextObject;
+    /**
+     * Unique identifier for tracking asynchronous operations. Present when a task requires extended processing time. Used to query task status and retrieve results when complete.
+     */
+    task_id?: string;
+    status: TaskStatus;
+    /**
+     * Human-readable summary of the task result. Provides natural language explanation of what happened, suitable for display to end users or for AI agent comprehension. Generated by the protocol layer based on the task response.
+     */
+    message?: string;
+    /**
+     * ISO 8601 timestamp when the response was generated. Useful for debugging, logging, cache validation, and tracking async operation progress.
+     */
+    timestamp?: string;
+    /**
+     * Set to true when this response was returned from the idempotency cache rather than from a fresh execution. Set to false (or omitted) when the request was executed fresh. Buyers use this to distinguish cached replays from new executions — matters for billing reconciliation, audit logs, state-machine routing (cached state-tracking fields are historical snapshots, not current state — re-read via the resource's read endpoint), and any downstream system that assumes exactly-once event semantics. From 3.1 onward, `replayed` MAY appear on responses to any request that resolved via the idempotency cache, including read tools — universal `idempotency_key` (see security.mdx §Idempotency) means the cache holds read responses too.
+     */
+    replayed?: boolean;
+    adcp_error?: Error;
+    push_notification_config?: PushNotificationConfig;
+    /**
+     * Governance context token issued by the account's governance agent during check_governance. Buyers attach it to governed purchase requests (media buys, rights acquisitions, signal activations, creative services); sellers persist it and include it on all subsequent governance calls for that action's lifecycle. An account binds to one governance agent (see sync_governance); governance is phased across `purchase` / `modification` / `delivery`, not partitioned across specialist agents, so the envelope carries a single token for the full lifecycle.
+     *
+     * Value format: governance agents MUST emit a compact JWS per the AdCP JWS profile (see Security — Signed Governance Context). Sellers MAY verify; sellers that do not verify MUST persist and forward the token unchanged. In 3.1 all sellers MUST verify. Non-JWS values from pre-3.0 governance agents are deprecated.
+     *
+     * This is the primary correlation key for audit and reporting across the governance lifecycle.
+     */
+    governance_context?: string;
+    /**
+     * Conceptual grouping for the task-specific response data defined by individual task response schemas (e.g., get-products-response.json, create-media-buy-response.json). `payload` is a documentary construct — it is NOT a required wire field, and its on-the-wire shape depends on transport (see Transport serialization below). Task response schemas declare body fields without wrapping them in a `payload` object; the wire representation places those body fields per transport convention. On MCP the body fields appear as siblings of envelope fields at the root of the tool response; on A2A they appear inside `task.artifacts[0].parts[].DataPart`; on REST they appear at the root of the JSON body.
+     */
+    payload?: {};
+    /**
+     * Release-precision AdCP version (VERSION.RELEASE, e.g. "3.0", "3.1", "3.1-beta"). On a request: the buyer's release pin — the seller validates against its supported_versions and returns VERSION_UNSUPPORTED on cross-major mismatch, or downshifts to the highest supported release within the same major. On a response: the release the seller actually served — clients SHOULD validate the response against that release's schema, not against their pin. Patches are not negotiated; surface them as build_version on capabilities for operational visibility. When omitted, falls back to adcp_major_version (deprecated) or server default. Buyers SHOULD emit both adcp_version and adcp_major_version through 3.x to remain compatible with sellers that only read the legacy field. NORMALIZATION: SDKs that read full-semver values from bundle metadata (e.g. ComplianceIndex.published_version = "3.1.0-beta.1") MUST normalize to release-precision ("3.1-beta.1") before emitting on the wire — meta-field values are NOT valid wire values.
+     */
+    adcp_version?: string;
+    /**
+     * DEPRECATED in favor of adcp_version (release-precision string). Servers MUST continue to honor this field through 3.x. Removed in 4.0. Original semantics: the AdCP major version the buyer's payloads conform to. Sellers validate against their supported major_versions and return VERSION_UNSUPPORTED if unsupported. When omitted, the seller assumes its highest supported version.
+     */
+    adcp_major_version?: number;
+    /**
+     * Summary of the query that was executed
+     */
+    query_summary: {
+        /**
+         * Total number of creatives matching filters (across all pages)
+         * @minimum 0
+         */
+        total_matching: number;
+        /**
+         * Number of creatives returned in this response
+         * @minimum 0
+         */
+        returned: number;
+        /**
+         * List of filters that were applied to the query
+         */
+        filters_applied?: string[];
+        /**
+         * Sort order that was applied
+         */
+        sort_applied?: {
+            field?: string;
+            direction?: SortDirection;
+        };
+    };
+    pagination: PaginationResponse;
+    /**
+     * Array of creative assets matching the query
+     */
+    creatives: {
+        /**
+         * Unique identifier for the creative
+         */
+        creative_id: string;
+        account?: Account;
+        /**
+         * Human-readable creative name
+         */
+        name: string;
+        format_id: FormatReferenceStructuredObject;
+        status: CreativeStatus;
+        /**
+         * When the creative was created
+         * @format date-time
+         */
+        created_date: string;
+        /**
+         * When the creative was last modified
+         * @format date-time
+         */
+        updated_date: string;
+        /**
+         * Assets for this creative, keyed by asset_id. Each slot value is either a single asset object or an array of asset objects (for slots with `min`/`max > 1`). Each asset value carries an `asset_type` discriminator that selects the matching asset schema.
+         */
+        assets?: {
+            /**
+             * This interface was referenced by `undefined`'s JSON-Schema definition
+             * via the `patternProperty` "^[a-z0-9_]+$".
+             */
+            [k: string]: AssetVariant | AssetVariant[];
+        };
+        /**
+         * User-defined tags for organization and searchability
+         */
+        tags?: string[];
+        /**
+         * Creative concept this creative belongs to. Concepts group related creatives across sizes and formats.
+         */
+        concept_id?: string;
+        /**
+         * Human-readable concept name
+         */
+        concept_name?: string;
+        /**
+         * Dynamic content variables (DCO slots) for this creative. Included when include_variables=true.
+         */
+        variables?: CreativeVariable[];
+        /**
+         * Current package assignments (included when include_assignments=true)
+         */
+        assignments?: {
+            /**
+             * Total number of active package assignments
+             * @minimum 0
+             */
+            assignment_count: number;
+            /**
+             * List of packages this creative is assigned to
+             */
+            assigned_packages?: {
+                /**
+                 * Package identifier
+                 */
+                package_id: string;
+                /**
+                 * When this assignment was created
+                 * @format date-time
+                 */
+                assigned_date: string;
+            }[];
+        };
+        /**
+         * Lightweight delivery snapshot (included when include_snapshot=true). For detailed performance analytics, use get_creative_delivery.
+         */
+        snapshot?: {
+            /**
+             * When this snapshot was captured by the platform
+             * @format date-time
+             */
+            as_of: string;
+            /**
+             * Maximum age of this data in seconds. For example, 3600 means the data may be up to 1 hour old.
+             * @minimum 0
+             */
+            staleness_seconds: number;
+            /**
+             * Lifetime impressions across all assignments. Not scoped to any date range.
+             * @minimum 0
+             */
+            impressions: number;
+            /**
+             * Last time this creative served an impression. Absent when the creative has never served.
+             * @format date-time
+             */
+            last_served?: string;
+        };
+        snapshot_unavailable_reason?: SnapshotUnavailableReason;
+        /**
+         * Items for multi-asset formats like carousels and native ads (included when include_items=true)
+         */
+        items?: CreativeItem[];
+        /**
+         * Pricing options for using this creative (serving, delivery). Used by ad servers and library agents. Transformation agents expose format-level pricing on list_creative_formats instead. Present when include_pricing=true and account provided. The buyer passes the applied pricing_option_id in report_usage.
+         */
+        pricing_options?: VendorPricingOption[];
+        /**
+         * Tombstone block — present only when this record is a soft-purged creative surfaced via `include_purged: true`. The record's `status` field reflects the last status before purge (frozen — buyers MUST treat the creative as gone; assignments, snapshot, and serving operations no longer apply). Tombstones surface for the seller's webhook activity retention window (30 days from `purge.at`). Hard purges (`purge_kind: hard` on the webhook) do not surface on this read — the [`creative.purged`](https://adcontextprotocol.org/schemas/v3/creative/creative-purged-webhook.json) webhook is the only signal.
+         */
+        purge?: {
+            /**
+             * Always `soft` on tombstones — hard purges do not surface on this read.
+             */
+            kind: 'soft';
+            /**
+             * ISO 8601 timestamp when the creative was destroyed. Matches the `purged_at` field on the corresponding `creative.purged` webhook fire.
+             * @format date-time
+             */
+            at: string;
+            reason_code: CreativeEventReasonCode;
+        };
+        /**
+         * Recent webhook fires scoped to this creative — `creative.status_changed` and `creative.purged` deliveries. Present only when the request set `include_webhook_activity: true`. Each item is a `webhook-activity-record`; the `notification_type` field discriminates between status changes and purges. The `ext.creative_id` slot MAY be populated on records nested inside larger reads where the parent does not already key the array; on `list_creatives` the parent creative_id is unambiguous and `ext.creative_id` MAY be omitted. Retention: 30 days from `completed_at` (MUST). See `snapshot-and-log.mdx § Webhook activity log pattern` for the full normative contract.
+         */
+        webhook_activity?: WebhookActivityRecord[];
+    }[];
+    /**
+     * Breakdown of creatives by format. Keys are agent-defined format identifiers, optionally including dimensions (e.g., 'display_static_300x250', 'video_30s_vast'). Key construction is platform-specific — there is no required format.
+     */
+    format_summary?: {
+        /**
+         * Number of creatives with this format
+         * @minimum 0
+         *
+         * This interface was referenced by `undefined`'s JSON-Schema definition
+         * via the `patternProperty` "^[a-zA-Z0-9_-]+$".
+         */
+        [k: string]: number | undefined;
+    };
+    /**
+     * Breakdown of creatives by status
+     */
+    status_summary?: {
+        /**
+         * Number of creatives being processed
+         * @minimum 0
+         */
+        processing?: number;
+        /**
+         * Number of approved creatives
+         * @minimum 0
+         */
+        approved?: number;
+        /**
+         * Number of creatives pending review
+         * @minimum 0
+         */
+        pending_review?: number;
+        /**
+         * Number of rejected creatives
+         * @minimum 0
+         */
+        rejected?: number;
+        /**
+         * Number of archived creatives
+         * @minimum 0
+         */
+        archived?: number;
+    };
+    /**
+     * Task-specific errors (e.g., invalid filters, account not found)
+     */
+    errors?: Error[];
+    /**
+     * When true, this response contains simulated data from sandbox mode.
+     */
+    sandbox?: boolean;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Account billed for this media buy. Includes advertiser, billing proxy (if any), and rate card applied.
+ */
+export interface Account {
+    /**
+     * Unique identifier for this account
+     */
+    account_id: string;
+    /**
+     * Human-readable account name (e.g., 'Acme', 'Acme c/o Pinnacle')
+     */
+    name: string;
+    /**
+     * The advertiser whose rates apply to this account
+     */
+    advertiser?: string;
+    /**
+     * Optional intermediary who receives invoices on behalf of the advertiser (e.g., agency)
+     */
+    billing_proxy?: string;
+    status: AccountStatus;
+    brand?: BrandReference;
+    /**
+     * Domain of the entity operating this account. When the brand operates directly, this is the brand's domain.
+     * @pattern ^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$
+     */
+    operator?: string;
+    billing?: BillingParty;
+    billing_entity?: BusinessEntity;
+    /**
+     * Identifier for the rate card applied to this account
+     */
+    rate_card?: string;
+    payment_terms?: PaymentTerms;
+    /**
+     * Maximum outstanding balance allowed
+     */
+    credit_limit?: {
+        /**
+         * @minimum 0
+         */
+        amount: number;
+        /**
+         * @pattern ^[A-Z]{3}$
+         */
+        currency: string;
+    };
+    /**
+     * Present when status is 'pending_approval'. Contains next steps for completing account activation.
+     */
+    setup?: {
+        /**
+         * URL where the human can complete the required action (credit application, legal agreement, add funds).
+         */
+        url?: string;
+        /**
+         * Human-readable description of what's needed.
+         */
+        message: string;
+        /**
+         * When this setup link expires.
+         * @format date-time
+         */
+        expires_at?: string;
+    };
+    account_scope?: AccountScope;
+    /**
+     * Governance agent endpoint registered on this account. Exactly one entry per sync_governance's one-agent-per-account invariant. The array shape is preserved for wire compatibility with 3.0; `maxItems: 1` is load-bearing and mirrors the singular `governance_context` on the protocol envelope. Authentication credentials are write-only and not included in responses — use sync_governance to set or update credentials.
+     */
+    governance_agents?: {
+        /**
+         * Governance agent endpoint URL. Must use HTTPS.
+         * @pattern ^https:\/\/
+         */
+        url: string;
+    }[];
+    /**
+     * Cloud storage bucket where the seller delivers offline reporting files for this account. Seller provisions a dedicated bucket or a per-account prefix within a shared bucket, and grants the buyer read access out-of-band. Access MUST be scoped at the IAM layer so each account can only read its own prefix — bucket-wide grants are non-compliant even with per-account prefixes. Seller MUST revoke access when the account's status transitions to inactive, suspended, or closed. See security considerations for offline delivery in docs/media-buy/media-buys/optimization-reporting. Only present when the seller supports offline delivery (reporting_delivery_methods includes 'offline' in capabilities).
+     */
+    reporting_bucket?: {
+        protocol: CloudStorageProtocol;
+        /**
+         * Bucket or container name
+         * @minLength 3
+         * @maxLength 63
+         * @pattern ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$
+         */
+        bucket: string;
+        /**
+         * Path prefix within the bucket. Seller appends date-based partitioning beneath this prefix.
+         * @maxLength 512
+         * @pattern ^[a-zA-Z0-9\/_.-]+$
+         */
+        prefix?: string;
+        /**
+         * Cloud region for the bucket
+         * @maxLength 64
+         * @pattern ^[a-z0-9-]+$
+         */
+        region?: string;
+        /**
+         * File format for delivered files. Parquet, Avro, and ORC use internal compression (the top-level compression field is ignored for these formats).
+         */
+        format?: 'jsonl' | 'csv' | 'parquet' | 'avro' | 'orc';
+        /**
+         * Compression applied to delivered files
+         */
+        compression?: 'gzip' | 'none';
+        /**
+         * How long reporting files are retained in the bucket before deletion. Buyers must read files within this window. Minimum recommended: 14 days.
+         * @minimum 1
+         */
+        file_retention_days: number;
+        /**
+         * URL to documentation for configuring buyer read access to this bucket (IAM role, service account, etc.). Operator-facing documentation — buyer agents MUST NOT auto-fetch this URL; surface it to a human operator. If an implementation fetches it (for preview), apply webhook URL SSRF validation and do not pass the fetched content into an LLM context without indirect-prompt-injection guarding. See docs/media-buy/media-buys/optimization-reporting#security-considerations-for-offline-delivery.
+         * @pattern ^https:\/\/
+         */
+        setup_instructions?: string;
+    };
+    /**
+     * When true, this is a sandbox account — no real platform calls, no real spend. For explicit accounts (require_operator_auth: true), sandbox accounts are pre-existing test accounts on the platform discovered via list_accounts. For implicit accounts, sandbox is part of the natural key: the same brand/operator pair can have both a production and sandbox account.
+     */
+    sandbox?: boolean;
+    /**
+     * Account-level webhook subscriptions for notifications whose lifecycle outlives any single media buy (e.g., `creative.status_changed`, `creative.purged`, wholesale feed change payloads). Distinct from `push_notification_config` on individual operations, which anchors at a per-resource scope. Buyers register and update entries via `sync_accounts`; sellers echo the applied state here on `list_accounts` reads so buyers can verify what's active. `authentication.credentials` is write-only — sellers MUST NOT echo legacy auth credentials in this response. When two or more entries register the same `event_types`, each receives an independent fire — see #3009 multi-subscriber composition.
+     */
+    notification_configs?: NotificationConfig[];
+    ext?: ExtensionObject;
+}
+
+/**
+ * Account for product lookup. Returns products with pricing specific to this account's rate card.
+ */
+export type AccountReference = {
+    /**
+     * Seller-assigned account identifier (from sync_accounts or list_accounts)
+     */
+    account_id: string;
+} | {
+    brand: BrandReference;
+    /**
+     * Domain of the entity operating on the brand's behalf. When the brand operates directly, this is the brand's domain.
+     * @pattern ^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$
+     */
+    operator: string;
+    /**
+     * When true, references the sandbox account for this brand/operator pair. Defaults to false (production account).
+     */
+    sandbox?: boolean;
+};
+
+/**
+ * How the seller scoped a billing account relative to the operator and brand dimensions.
+ */
+export type AccountScope = 'operator' | 'brand' | 'operator_brand' | 'agent';
+
+/**
+ * Account lifecycle status. See the Accounts Protocol overview for the operations matrix showing which tasks are permitted in each state.
+ */
+export type AccountStatus = 'active' | 'pending_approval' | 'rejected' | 'payment_required' | 'suspended' | 'closed';
+
+/**
+ * Canonical union of all asset variant schemas. Referenced from creative-asset.json and creative-manifest.json to ensure a single named type is emitted by schema-to-TypeScript tooling. Add new asset types here and to the creative/asset-types registry.
+ */
+export type AssetVariant = ImageAsset | VideoAsset | AudioAsset | VASTAsset | TextAsset | URLAsset | HTMLAsset | JavaScriptAsset | ZipAsset | WebhookAsset | CSSAsset | DAASTAsset | MarkdownAsset | BriefAsset | CatalogAsset | CardAsset;
+
+/**
+ * Audio asset with URL and technical specifications
+ */
+export interface AudioAsset {
+    /**
+     * Discriminator identifying this as an audio asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'audio';
+    /**
+     * URL to the audio asset
+     */
+    url: string;
+    /**
+     * Audio duration in milliseconds
+     * @minimum 0
+     */
+    duration_ms?: number;
+    /**
+     * File size in bytes
+     * @minimum 1
+     */
+    file_size_bytes?: number;
+    /**
+     * Audio container/file format (mp3, m4a, aac, wav, ogg, flac, etc.)
+     */
+    container_format?: string;
+    /**
+     * Audio codec used (aac, aac_lc, he_aac, pcm, mp3, vorbis, opus, flac, ac3, eac3, etc.)
+     */
+    codec?: string;
+    /**
+     * Sampling rate in Hz (e.g., 44100, 48000, 96000)
+     */
+    sampling_rate_hz?: number;
+    channels?: AudioChannelLayout;
+    /**
+     * Bit depth
+     */
+    bit_depth?: 16 | 24 | 32;
+    /**
+     * Bitrate in kilobits per second
+     * @minimum 1
+     */
+    bitrate_kbps?: number;
+    /**
+     * Integrated loudness in LUFS
+     */
+    loudness_lufs?: number;
+    /**
+     * True peak level in dBFS
+     */
+    true_peak_dbfs?: number;
+    /**
+     * URL to text transcript of the audio content
+     */
+    transcript_url?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * Audio channel configuration
+ */
+export type AudioChannelLayout = 'mono' | 'stereo' | '5.1' | '7.1';
+
+/**
+ * Legacy authentication schemes for the webhook auth block. Bearer: token sent in Authorization header. HMAC-SHA256: legacy shared-secret signing. Both are deprecated; new integrations SHOULD omit the authentication block and use the RFC 9421 webhook signing profile (applicable on schemas where authentication is optional). Removed in AdCP 4.0.
+ */
+export type AuthenticationScheme = 'Bearer' | 'HMAC-SHA256';
+
+/**
+ * Who is invoiced on this account. See billing_entity for the invoiced party's business details.
+ */
+export type BillingParty = 'operator' | 'agent' | 'advertiser';
+
+/**
+ * Brand identifier within the house portfolio. Optional for single-brand domains.
+ */
+export type BrandID = string;
+
+/**
+ * Brand reference for product discovery context. Resolved to full brand identity at execution time.
+ */
+export interface BrandReference {
+    /**
+     * Domain where /.well-known/brand.json is hosted, or the brand's operating domain
+     * @pattern ^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$
+     */
+    domain: string;
+    brand_id?: BrandID;
+    /**
+     * Inline override for the brand's industries. Useful when the caller cannot modify the brand's canonical brand.json but needs to declare industries for governance (e.g., Annex III vertical detection). brand.json remains the canonical source; when omitted here, governance agents SHOULD resolve from brand.json.
+     */
+    industries?: string[];
+    /**
+     * Inline override for the brand's contestation contact point. Useful when the operator does not control brand.json but needs to discharge Art 22(3) for this plan. brand.json is canonical; when omitted, governance agents resolve brand → house → missing.
+     */
+    data_subject_contestation?: {
+        [k: string]: unknown | undefined;
+    };
+    /**
+     * Inline override for brand-kit fields normally resolved from `/.well-known/brand.json` on `domain` (logo, colors, voice, tagline). Use when brand.json is missing, stale, or inappropriate for this specific call — e.g., a campaign-scoped tagline, a co-branded creative, a freshly-rebranded color palette the brand.json hasn't shipped yet. Same inline-override pattern as `industries` and `data_subject_contestation` above: brand.json is canonical, the override is per-call. Adopters needing to override fields outside this subset (`voice_attributes`, `prohibited_terms`, etc.) MUST publish a different brand.json and reference it via a different `domain` — the inline override is intentionally narrow to a small high-traffic subset.
+     *
+     * **Merge semantics (normative).** The merge is **field-level**, not whole-object replacement. Each field within `brand_kit_override` (`logo`, `colors`, `voice`, `tagline`) is evaluated independently — when a field is present on the override the override value applies; when a field is absent the brand.json value applies (or is absent if brand.json doesn't carry one either). For composite fields (`colors.primary`, `colors.secondary`, `colors.accent`), the merge is one level deeper: each color slot is evaluated independently — a producer can override `colors.primary` while still inheriting `colors.secondary` from brand.json. SDKs MUST NOT treat a present `brand_kit_override.colors` as wiping the brand.json `colors` block entirely; only the per-slot fields present in the override take precedence. Without this rule, a partial-override semantics would diverge across SDKs and produce inconsistent rendering for the same payload.
+     */
+    brand_kit_override?: {
+        logo?: ImageAsset;
+        /**
+         * Override brand colors (hex strings).
+         */
+        colors?: {
+            /**
+             * @pattern ^#[0-9a-fA-F]{6}$
+             */
+            primary?: string;
+            /**
+             * @pattern ^#[0-9a-fA-F]{6}$
+             */
+            secondary?: string;
+            /**
+             * @pattern ^#[0-9a-fA-F]{6}$
+             */
+            accent?: string;
+        };
+        /**
+         * Override brand-voice description for surface-composed text/audio output.
+         */
+        voice?: string;
+        /**
+         * Override tagline.
+         */
+        tagline?: string;
+    };
+}
+
+/**
+ * Campaign-level creative context as an asset. Carries the creative brief through the manifest so it travels with the creative through regeneration, resizing, and auditing.
+ */
+export interface BriefAsset {
+    /**
+     * Campaign or flight name for identification
+     */
+    name: string;
+    /**
+     * Campaign objective that guides creative tone and call-to-action strategy
+     */
+    objective?: 'awareness' | 'consideration' | 'conversion' | 'retention' | 'engagement';
+    /**
+     * Desired tone for this campaign, modulating the brand's base tone (e.g., 'playful and festive', 'premium and aspirational')
+     */
+    tone?: string;
+    /**
+     * Target audience description for this campaign
+     */
+    audience?: string;
+    /**
+     * Creative territory or positioning the campaign should occupy
+     */
+    territory?: string;
+    /**
+     * Messaging framework for the campaign
+     */
+    messaging?: {
+        /**
+         * Primary headline
+         */
+        headline?: string;
+        /**
+         * Supporting tagline or sub-headline
+         */
+        tagline?: string;
+        /**
+         * Call-to-action text
+         */
+        cta?: string;
+        /**
+         * Key messages to communicate in priority order
+         */
+        key_messages?: string[];
+    };
+    /**
+     * Visual and strategic reference materials such as mood boards, product shots, example creatives, and strategy documents
+     */
+    reference_assets?: ReferenceAsset[];
+    /**
+     * Regulatory and legal compliance requirements for this campaign. Campaign-specific, regional, and product-based — distinct from brand-level disclaimers in brand.json.
+     */
+    compliance?: {
+        /**
+         * Disclosures that must appear in creatives for this campaign. Each disclosure specifies the text, where it should appear, and which jurisdictions require it.
+         */
+        required_disclosures?: {
+            /**
+             * The disclosure text that must appear in the creative
+             */
+            text: string;
+            position?: DisclosurePosition;
+            /**
+             * Jurisdictions where this disclosure is required. ISO 3166-1 alpha-2 country codes or ISO 3166-2 subdivision codes (e.g., 'US', 'GB', 'US-NJ', 'CA-QC'). If omitted, the disclosure applies to all jurisdictions in the campaign.
+             */
+            jurisdictions?: string[];
+            /**
+             * The regulation or legal authority requiring this disclosure (e.g., 'SEC Rule 156', 'FCA COBS 4.5', 'FDA 21 CFR 202')
+             */
+            regulation?: string;
+            /**
+             * Minimum display duration in milliseconds. For video/audio disclosures, how long the disclosure must be visible or audible. For static formats, how long the disclosure must remain on screen before any auto-advance.
+             */
+            min_duration_ms?: number;
+            /**
+             * Language of the disclosure text as a BCP 47 language tag (e.g., 'en', 'fr-CA', 'es'). When omitted, the disclosure is assumed to match the creative's language.
+             */
+            language?: string;
+            persistence?: DisclosurePersistence;
+        }[];
+        /**
+         * Claims that must not appear in creatives for this campaign. Creative agents should ensure generated content avoids these claims.
+         */
+        prohibited_claims?: string[];
+    };
+    /**
+     * Discriminator identifying this as a brief asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'brief';
+}
+
+/**
+ * Override the account's default billing entity for this specific buy. When provided, the seller invoices this entity instead. The seller MUST validate the invoice recipient is authorized for this account. When governance_agents are configured, the seller MUST include invoice_recipient in the check_governance request.
+ */
+export interface BusinessEntity {
+    /**
+     * Registered legal name of the business entity
+     * @maxLength 200
+     */
+    legal_name: string;
+    /**
+     * VAT identification number (e.g., DE123456789 for Germany, FR12345678901 for France). Required for B2B invoicing in the EU. Must be normalized: no spaces, dots, or dashes.
+     * @pattern ^[A-Z]{2}[A-Z0-9]{2,13}$
+     */
+    vat_id?: string;
+    /**
+     * Tax identification number for jurisdictions that do not use VAT (e.g., US EIN)
+     * @maxLength 30
+     */
+    tax_id?: string;
+    /**
+     * Company registration number (e.g., HRB 12345 for German Handelsregister)
+     * @maxLength 50
+     */
+    registration_number?: string;
+    /**
+     * Postal address for invoicing and legal correspondence
+     */
+    address?: {
+        /**
+         * Street address including building number
+         * @maxLength 200
+         */
+        street: string;
+        /**
+         * @maxLength 100
+         */
+        city: string;
+        /**
+         * @maxLength 20
+         */
+        postal_code: string;
+        /**
+         * State, province, or region
+         * @maxLength 100
+         */
+        region?: string;
+        /**
+         * ISO 3166-1 alpha-2 country code
+         * @pattern ^[A-Z]{2}$
+         */
+        country: string;
+    };
+    /**
+     * Contacts for billing, legal, and operational matters. Contains personal data subject to GDPR and equivalent regulations. Implementations MUST use this data only for invoicing and account management.
+     */
+    contacts?: {
+        /**
+         * Contact's functional role in the business relationship
+         */
+        role: 'billing' | 'legal' | 'creative' | 'general';
+        /**
+         * Full name of the contact
+         * @maxLength 200
+         */
+        name?: string;
+        /**
+         * @maxLength 254
+         * @format email
+         */
+        email?: string;
+        /**
+         * @maxLength 30
+         */
+        phone?: string;
+    }[];
+    /**
+     * Bank account details for payment processing. Write-only: included in requests to provide payment coordinates, but MUST NOT be echoed in responses. Sellers store these details and confirm receipt without returning them.
+     */
+    bank?: {
+        /**
+         * Name on the bank account
+         * @maxLength 200
+         */
+        account_holder: string;
+        /**
+         * International Bank Account Number (SEPA markets)
+         * @pattern ^[A-Z]{2}[0-9]{2}[A-Z0-9]{4,30}$
+         */
+        iban?: string;
+        /**
+         * Bank Identifier Code / SWIFT code (SEPA markets)
+         * @pattern ^[A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?$
+         */
+        bic?: string;
+        /**
+         * Bank routing number for non-SEPA markets (e.g., US ABA routing number, Canadian transit/institution number)
+         * @maxLength 30
+         */
+        routing_number?: string;
+        /**
+         * Bank account number for non-SEPA markets
+         * @maxLength 30
+         */
+        account_number?: string;
+    };
+    ext?: ExtensionObject;
+}
+
+/**
+ * C2PA action classification for this watermark
+ */
+export type C2PAWatermarkAction = 'c2pa.watermarked.bound' | 'c2pa.watermarked.unbound';
+
+/**
+ * CSS stylesheet asset
+ */
+export interface CSSAsset {
+    /**
+     * Discriminator identifying this as a CSS asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'css';
+    /**
+     * CSS content
+     */
+    content: string;
+    /**
+     * CSS media query context (e.g., 'screen', 'print')
+     */
+    media?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * A single card in a multi-card creative (image_carousel, future composed carousels). Carries: `media` (an image OR video asset), optional `headline` (short text), optional `description` (longer text), optional `cta` (call-to-action label), optional `landing_page_url` (url asset with `url_type: "clickthrough"`).
+ *
+ * Covers the multi-card patterns across Meta carousel, Pinterest sponsored pin, Snap Collection, TikTok carousel, and AI-surface result cards. The two-field text shape (`headline` + `description`) reflects how almost every adopter splits short labels from longer copy; Pinterest pin description and Meta per-card description both go in `description`.
+ *
+ * Used as the array element type for the `cards` slot on image_carousel canonicals. Adopters MUST NOT invent per-card key conventions like `card_0_headline` / `cards.0.headline` — the manifest's `assets.cards` value is an array of card-asset objects, period. Per-card platform extensions (e.g., Meta-specific carousel attributes, Pinterest rich-pin metadata, Snap Collection price tags) attach via the `platform_extensions` field, never via inline non-canonical keys.
+ */
+export interface CardAsset {
+    /**
+     * Discriminator identifying this as a card asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'card';
+    /**
+     * The card's primary visual asset. Either an `image` or `video` asset, matching the parent format's `allowed_card_media_asset_types` parameter.
+     */
+    media: ImageAsset | VideoAsset;
+    /**
+     * Optional per-card short text label (typically 25-40 chars). Length governed by `card_headline_max_chars` on the format declaration. Meta carousel headline, Pinterest pin title, Snap Collection sticker text, TikTok caption-short.
+     */
+    headline?: string;
+    /**
+     * Optional per-card longer text (typically 100-500 chars). Distinct from `headline`: `description` is body copy, `headline` is the label. Length governed by `card_description_max_chars` on the format declaration. Meta carousel description, Pinterest pin description, AI-surface result body text, TikTok long caption.
+     */
+    description?: string;
+    /**
+     * Optional per-card call-to-action label (e.g., 'SHOP_NOW', 'LEARN_MORE'). When the parent format declares `cta_values` (allowed CTA labels), the per-card `cta` MUST be one of those values. Lets a Meta or TikTok carousel show different CTAs per card.
+     */
+    cta?: string;
+    landing_page_url?: URLAsset;
+    /**
+     * Per-card platform-specific extensions (URI+digest references). Same hosting model as format-level platform_extensions. Use this for Meta carousel-card attributes, Pinterest pin overrides, etc. — NEVER inline non-canonical keys on the card object directly.
+     */
+    platform_extensions?: PlatformExtensionReference[];
+    provenance?: Provenance;
+}
+
+/**
+ * A typed data feed as a creative asset. Carries catalog context (products, stores, jobs, etc.) within the manifest's assets map.
+ */
+export interface CatalogAsset {
+    /**
+     * Buyer's identifier for this catalog. Required when syncing via sync_catalogs. When used in creatives, references a previously synced catalog on the account.
+     */
+    catalog_id?: string;
+    /**
+     * Human-readable name for this catalog (e.g., 'Summer Products 2025', 'Amsterdam Store Locations').
+     */
+    name?: string;
+    type: CatalogType;
+    /**
+     * URL to an external catalog feed. The platform fetches and resolves items from this URL. For offering-type catalogs, the feed contains an array of Offering objects. For other types, the feed format is determined by feed_format. When omitted with type 'product', the platform uses its synced copy of the brand's product catalog.
+     */
+    url?: string;
+    feed_format?: FeedFormat;
+    update_frequency?: UpdateFrequency;
+    /**
+     * Inline catalog data. The item schema depends on the catalog type: Offering objects for 'offering', StoreItem for 'store', HotelItem for 'hotel', FlightItem for 'flight', JobItem for 'job', VehicleItem for 'vehicle', RealEstateItem for 'real_estate', EducationItem for 'education', DestinationItem for 'destination', AppItem for 'app', or freeform objects for 'product', 'inventory', and 'promotion'. Mutually exclusive with url — provide one or the other, not both. Implementations should validate items against the type-specific schema.
+     */
+    items?: {}[];
+    /**
+     * Filter catalog to specific item IDs. For offering-type catalogs, these are offering_id values. For product-type catalogs, these are SKU identifiers.
+     */
+    ids?: string[];
+    /**
+     * Filter product-type catalogs by GTIN identifiers for cross-retailer catalog matching. Accepts standard GTIN formats (GTIN-8, UPC-A/GTIN-12, EAN-13/GTIN-13, GTIN-14). Only applicable when type is 'product'.
+     */
+    gtins?: string[];
+    /**
+     * Filter catalog to items with these tags. Tags are matched using OR logic — items matching any tag are included.
+     */
+    tags?: string[];
+    /**
+     * Filter catalog to items in this category (e.g., 'beverages/soft-drinks', 'chef-positions').
+     */
+    category?: string;
+    /**
+     * Natural language filter for catalog items (e.g., 'all pasta sauces under $5', 'amsterdam vacancies').
+     */
+    query?: string;
+    /**
+     * Event types that represent conversions for items in this catalog. Declares what events the platform should attribute to catalog items — e.g., a job catalog converts via submit_application, a product catalog via purchase. The event's content_ids field carries the item IDs that connect back to catalog items. Use content_id_type to declare what identifier type content_ids values represent.
+     */
+    conversion_events?: EventType[];
+    content_id_type?: ContentIDType;
+    /**
+     * Declarative normalization rules for external feeds. Maps non-standard feed field names, date formats, price encodings, and image URLs to the AdCP catalog item schema. Applied during sync_catalogs ingestion. Supports field renames, named transforms (date, divide, boolean, split), static literal injection, and assignment of image URLs to typed asset pools.
+     */
+    feed_field_mappings?: CatalogFieldMapping[];
+    /**
+     * Discriminator identifying this as a catalog asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'catalog';
+}
+
+/**
+ * Declares how a field in an external feed maps to the AdCP catalog item schema. Used in sync_catalogs feed_field_mappings to normalize non-AdCP feeds (Google Merchant Center, LinkedIn Jobs XML, hotel XML, etc.) to the standard catalog item schema without requiring the buyer to preprocess every feed. Multiple mappings can assemble a nested object via dot notation (e.g., separate mappings for price.amount and price.currency).
+ */
+export interface CatalogFieldMapping {
+    /**
+     * Field name in the external feed record. Omit when injecting a static literal value (use the value property instead).
+     */
+    feed_field?: string;
+    /**
+     * Target field on the catalog item schema, using dot notation for nested fields (e.g., 'name', 'price.amount', 'location.city'). Mutually exclusive with asset_group_id.
+     */
+    catalog_field?: string;
+    /**
+     * Places the feed field value (a URL) into a typed asset pool on the catalog item's assets array. The value is wrapped as an image or video asset in a group with this ID. Use standard group IDs: 'images_landscape', 'images_vertical', 'images_square', 'logo', 'video'. Mutually exclusive with catalog_field.
+     */
+    asset_group_id?: string;
+    /**
+     * Static literal value to inject into catalog_field for every item, regardless of what the feed contains. Mutually exclusive with feed_field. Useful for fields the feed omits (e.g., currency when price is always USD, or a constant category value).
+     */
+    value?: unknown;
+    /**
+     * Named transform to apply to the feed field value before writing to the catalog schema. See transform-specific parameters (format, timezone, by, separator).
+     */
+    transform?: 'date' | 'divide' | 'boolean' | 'split';
+    /**
+     * For transform 'date': the input date format string (e.g., 'YYYYMMDD', 'MM/DD/YYYY', 'DD-MM-YYYY'). Output is always ISO 8601 (e.g., '2025-03-01'). Uses Unicode date pattern tokens.
+     */
+    format?: string;
+    /**
+     * For transform 'date': the timezone of the input value. IANA timezone identifier (e.g., 'UTC', 'America/New_York', 'Europe/Amsterdam'). Defaults to UTC when omitted.
+     */
+    timezone?: string;
+    /**
+     * For transform 'divide': the divisor to apply (e.g., 100 to convert integer cents to decimal dollars).
+     */
+    by?: number;
+    /**
+     * For transform 'split': the separator character or string to split on. Defaults to ','.
+     */
+    separator?: string;
+    /**
+     * Fallback value to use when feed_field is absent, null, or empty. Applied after any transform would have been applied. Allows optional feed fields to have a guaranteed baseline value.
+     */
+    default?: unknown;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Catalog type. Structural types: 'offering' (AdCP Offering objects), 'product' (ecommerce entries), 'inventory' (stock per location), 'store' (physical locations), 'promotion' (deals and pricing). Vertical types: 'hotel', 'flight', 'job', 'vehicle', 'real_estate', 'education', 'destination', 'app' — each with an industry-specific item schema.
+ */
+export type CatalogType = 'offering' | 'product' | 'inventory' | 'store' | 'promotion' | 'hotel' | 'flight' | 'job' | 'vehicle' | 'real_estate' | 'education' | 'destination' | 'app';
+
+/**
+ * Cloud storage protocol
+ */
+export type CloudStorageProtocol = 's3' | 'gcs' | 'azure_blob';
+
+/**
+ * Identifier type that the event's content_ids field should be matched against for items in this catalog. For example, 'gtin' means content_ids values are Global Trade Item Numbers, 'sku' means retailer SKUs. Omit when using a custom identifier scheme not listed in the enum.
+ */
+export type ContentIDType = 'sku' | 'gtin' | 'offering_id' | 'job_id' | 'hotel_id' | 'flight_id' | 'vehicle_id' | 'listing_id' | 'store_id' | 'program_id' | 'destination_id' | 'app_id';
+
+/**
+ * Opaque correlation data that is echoed unchanged in responses. Used for internal tracking, UI session IDs, trace IDs, and other caller-specific identifiers that don't affect protocol behavior. Context data is never parsed by AdCP agents - it's simply preserved and returned.
+ */
+export interface ContextObject {
+}
+
+/**
+ * Fixed cost per thousand impressions
+ */
+export interface CpmPricing {
+    model: 'cpm';
+    /**
+     * Cost per thousand impressions
+     * @minimum 0
+     */
+    cpm: number;
+    /**
+     * ISO 4217 currency code
+     * @pattern ^[A-Z]{3}$
+     */
+    currency: string;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Categorical reason for the purge. Matches the value the seller emitted on the corresponding `creative.purged` webhook fire.
+ */
+export type CreativeEventReasonCode = 'review_passed' | 'review_failure' | 'processing_failure' | 'seller_rereview' | 'policy_revocation' | 'content_drift' | 'takedown_request' | 'advertiser_request' | 'seller_archive' | 'account_closed' | 'account_suspended' | 'retention_expired' | 'legal_erasure';
+
+/**
+ * Filter criteria for querying creatives from a creative library. By default, archived creatives are excluded from results. To include archived creatives, explicitly filter by status='archived' or include 'archived' in the statuses array.
+ */
+export interface CreativeFilters {
+    /**
+     * Filter creatives by owning accounts. Useful for agencies managing multiple client accounts.
+     */
+    accounts?: AccountReference[];
+    /**
+     * Filter by creative approval statuses
+     */
+    statuses?: CreativeStatus[];
+    /**
+     * Filter by creative tags (all tags must match)
+     */
+    tags?: string[];
+    /**
+     * Filter by creative tags (any tag must match)
+     */
+    tags_any?: string[];
+    /**
+     * Filter by creative names containing this text (case-insensitive)
+     */
+    name_contains?: string;
+    /**
+     * Filter by specific creative IDs
+     */
+    creative_ids?: string[];
+    /**
+     * Filter creatives created after this date (ISO 8601)
+     * @format date-time
+     */
+    created_after?: string;
+    /**
+     * Filter creatives created before this date (ISO 8601)
+     * @format date-time
+     */
+    created_before?: string;
+    /**
+     * Filter creatives last updated after this date (ISO 8601)
+     * @format date-time
+     */
+    updated_after?: string;
+    /**
+     * Filter creatives last updated before this date (ISO 8601)
+     * @format date-time
+     */
+    updated_before?: string;
+    /**
+     * Filter creatives assigned to any of these packages. Sales-agent-specific — standalone creative agents SHOULD ignore this filter.
+     */
+    assigned_to_packages?: string[];
+    /**
+     * Filter creatives assigned to any of these media buys. Sales-agent-specific — standalone creative agents SHOULD ignore this filter.
+     */
+    media_buy_ids?: string[];
+    /**
+     * Filter for unassigned creatives when true, assigned creatives when false. Sales-agent-specific — standalone creative agents SHOULD ignore this filter.
+     */
+    unassigned?: boolean;
+    /**
+     * When true, return only creatives that have served at least one impression. When false, return only creatives that have never served.
+     */
+    has_served?: boolean;
+    /**
+     * Filter by creative concept IDs. Concepts group related creatives across sizes and formats (e.g., Flashtalking concepts, Celtra campaign folders, CM360 creative groups).
+     */
+    concept_ids?: string[];
+    /**
+     * Filter by structured format IDs. Returns creatives that match any of these formats.
+     */
+    format_ids?: FormatReferenceStructuredObject[];
+    /**
+     * When true, return only creatives with dynamic variables (DCO). When false, return only static creatives.
+     */
+    has_variables?: boolean;
+}
+
+/**
+ * Item within a multi-asset creative format. Used for carousel products, native ad components, and other formats composed of multiple distinct elements.
+ */
+export type CreativeItem = {
+    /**
+     * Discriminator indicating this is a media asset with content_uri
+     */
+    asset_kind: 'media';
+    /**
+     * Type of asset. Common types: thumbnail_image, product_image, featured_image, logo
+     */
+    asset_type: string;
+    /**
+     * Unique identifier for the asset within the creative
+     */
+    asset_id: string;
+    /**
+     * URL for media assets (images, videos, etc.)
+     */
+    content_uri: string;
+} | {
+    /**
+     * Discriminator indicating this is a text asset with content
+     */
+    asset_kind: 'text';
+    /**
+     * Type of asset. Common types: headline, body_text, cta_text, price_text, sponsor_name, author_name, click_url
+     */
+    asset_type: string;
+    /**
+     * Unique identifier for the asset within the creative
+     */
+    asset_id: string;
+    /**
+     * Text content for text-based assets like headlines, body text, CTA text, etc.
+     */
+    content: string | string[];
+};
+
+/**
+ * Field to sort by
+ */
+export type CreativeSortField = 'created_date' | 'updated_date' | 'name' | 'status' | 'assignment_count';
+
+/**
+ * For generative creatives: set to 'approved' to finalize, 'rejected' to request regeneration with updated assets/message. Omit for non-generative creatives (system will set based on processing state).
+ */
+export type CreativeStatus = 'processing' | 'pending_review' | 'approved' | 'rejected' | 'archived';
+
+/**
+ * A dynamic content variable (DCO slot) on a creative. Variables represent content that can change at serve time — headlines, images, product data, etc.
+ */
+export interface CreativeVariable {
+    /**
+     * Variable identifier on the creative platform
+     */
+    variable_id: string;
+    /**
+     * Human-readable variable name
+     */
+    name: string;
+    /**
+     * Data type of the variable. Each type represents a semantic content slot: text (headlines, body copy), image/video/audio (media URLs), url (clickthrough or tracking URLs), number (prices, counts), boolean (conditional flags like show_discount or is_raining), color (hex color values), date (ISO 8601 date-time for countdowns and offer expirations).
+     */
+    variable_type: 'text' | 'image' | 'video' | 'audio' | 'url' | 'number' | 'boolean' | 'color' | 'date';
+    /**
+     * Default value used when no dynamic value is provided at serve time. All types are string-encoded: text/image/video/audio/url as literal strings, number as decimal (e.g., "42.99"), boolean as "true"/"false", color as "#RRGGBB", date as ISO 8601 (e.g., "2026-12-25T00:00:00Z").
+     */
+    default_value?: string;
+    /**
+     * Whether this variable must have a value for the creative to serve
+     */
+    required?: boolean;
+}
+
+/**
+ * Escape hatch for pricing constructs that do not fit cpm, percent_of_media, flat_fee, or per_unit. Use when a vendor prices via performance kickers, tiered volume, hybrid formulas, outcome-sharing, or any other model the standard forms cannot express. Requires a human-readable description and a structured metadata object that captures the parameters a buyer needs to reason about the charge. Buyers SHOULD route custom pricing through operator review before commitment — automatic selection is not recommended.
+ */
+export interface CustomPricing {
+    model: 'custom';
+    /**
+     * Human-readable description of the custom pricing model. Buyers display this to the operator when requesting approval.
+     * @minLength 1
+     */
+    description: string;
+    /**
+     * Structured parameters for the custom model. Keys follow lowercase_snake_case. Values may be primitives, arrays, or nested objects. Must be sufficient for a human to understand the pricing basis and for a downstream system to reconstruct the charge. Vendors SHOULD include a `summary_for_operator` string (one or two sentences, suitable for display in a buyer's operator-review UI) so reviewers across vendors see a consistent prompt. Required operator-review fields (approver role, dollar threshold for automatic approval, escalation contact) MAY be surfaced via additional keys the buyer's review surface recognizes.
+     */
+    metadata: {
+        /**
+         * One or two sentences describing the pricing construct in plain language, displayed to the buyer's operator when requesting approval. Should not repeat the top-level `description` verbatim — summarize the charge mechanic instead (e.g., 'Base $12 CPM plus $0.50 per qualifying post-view conversion, capped at $45 CPM').
+         * @minLength 1
+         */
+        summary_for_operator?: string;
+    };
+    /**
+     * ISO 4217 currency code. Present when the pricing resolves to a monetary charge in a specific currency.
+     * @pattern ^[A-Z]{3}$
+     */
+    currency?: string;
+    ext?: ExtensionObject;
+}
+
+/**
+ * DAAST (Digital Audio Ad Serving Template) tag for third-party audio ad serving
+ */
+export type DAASTAsset = {
+    /**
+     * Discriminator identifying this as a DAAST asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'daast';
+    daast_version?: DAASTVersion;
+    /**
+     * Expected audio duration in milliseconds (if known)
+     * @minimum 0
+     */
+    duration_ms?: number;
+    /**
+     * Tracking events supported by this DAAST tag
+     */
+    tracking_events?: DAASTTrackingEvent[];
+    /**
+     * Whether companion display ads are included
+     */
+    companion_ads?: boolean;
+    /**
+     * URL to text transcript of the audio content
+     */
+    transcript_url?: string;
+    provenance?: Provenance;
+} & ({
+    /**
+     * Discriminator indicating DAAST is delivered via URL endpoint
+     */
+    delivery_type: 'url';
+    /**
+     * URL endpoint that returns DAAST XML
+     */
+    url: string;
+} | {
+    /**
+     * Discriminator indicating DAAST is delivered as inline XML content
+     */
+    delivery_type: 'inline';
+    /**
+     * Inline DAAST XML content
+     */
+    content: string;
+});
+
+/**
+ * Tracking events for audio ads. Aligned to the IAB DAAST 1.1 `Tracking@event` enumeration from §3.2.1.7 of the spec (creativeView, start, firstQuartile, midpoint, thirdQuartile, complete, mute, unmute, pause, rewind, resume, skip, progress) — plus `close` (referenced descriptively in DAAST 1.1 §3.2.4.2 contrasting it with `skip`), and AdCP-flattened representations of the `Impression`, `Error`, and click elements (`<Impression>`, `<Error>`, and the click children of `<AdInteractions>`) so a single declared list can cover everything a measurement vendor wants to track. `viewable` / `notViewable` / `viewUndetermined` and `measurableImpression` / `viewableImpression` are AdCP extensions for OM-SDK Audio measurability signals (DAAST 1.1 itself does not define a `<ViewableImpression>` element). DAAST 1.1 audio-incompatible video events are deliberately omitted: no `loaded`, `playerExpand` / `playerCollapse`, `fullscreen` / `exitFullscreen`, `acceptInvitation`, `adExpand` / `adCollapse`, `minimize`, `overlayViewDuration`, or `interactiveStart`.
+ */
+export type DAASTTrackingEvent = 'impression' | 'creativeView' | 'start' | 'firstQuartile' | 'midpoint' | 'thirdQuartile' | 'complete' | 'mute' | 'unmute' | 'pause' | 'resume' | 'rewind' | 'skip' | 'progress' | 'clickTracking' | 'customClick' | 'close' | 'error' | 'viewable' | 'notViewable' | 'viewUndetermined' | 'measurableImpression' | 'viewableImpression';
+
+/**
+ * DAAST specification version
+ */
+export type DAASTVersion = '1.0' | '1.1';
+
+/**
+ * IPTC-aligned classification of AI involvement in producing this content
+ */
+export type DigitalSourceType = 'digital_capture' | 'digital_creation' | 'trained_algorithmic_media' | 'composite_with_trained_algorithmic_media' | 'algorithmic_media' | 'composite_capture' | 'composite_synthetic' | 'human_edits' | 'data_driven_media';
+
+/**
+ * How long the disclosure must persist during content playback or display
+ */
+export type DisclosurePersistence = 'continuous' | 'initial' | 'flexible';
+
+/**
+ * Where a required disclosure should appear within a creative. Used by creative briefs to specify disclosure placement and by formats to declare which positions they can render.
+ */
+export type DisclosurePosition = 'prominent' | 'footer' | 'audio' | 'subtitle' | 'overlay' | 'end_card' | 'pre_roll' | 'companion';
+
+/**
+ * How provenance data is carried within the content
+ */
+export type EmbeddedProvenanceMethod = 'manifest_wrapper' | 'provenance_markers';
+
+/**
+ * Standard marketing event types for event logging, aligned with IAB ECAPI
+ */
+export type EventType = 'page_view' | 'view_content' | 'select_content' | 'select_item' | 'search' | 'share' | 'add_to_cart' | 'remove_from_cart' | 'viewed_cart' | 'add_to_wishlist' | 'initiate_checkout' | 'add_payment_info' | 'purchase' | 'refund' | 'lead' | 'qualify_lead' | 'close_convert_lead' | 'disqualify_lead' | 'complete_registration' | 'subscribe' | 'start_trial' | 'app_install' | 'app_launch' | 'contact' | 'schedule' | 'donate' | 'submit_application' | 'custom';
+
+/**
+ * Extension object for platform-specific, vendor-namespaced parameters. Extensions are always optional and must be namespaced under a vendor/platform key (e.g., ext.gam, ext.roku). Used for custom capabilities, partner-specific configuration, and features being proposed for standardization.
+ */
+export interface ExtensionObject {
+}
+
+/**
+ * Format of the external feed at url. Required when url points to a non-AdCP feed (e.g., Google Merchant Center XML, Meta Product Catalog). Omit for offering-type catalogs where the feed is native AdCP JSON.
+ */
+export type FeedFormat = 'google_merchant_center' | 'facebook_catalog' | 'shopify' | 'linkedin_jobs' | 'custom';
+
+/**
+ * Fixed charge per billing period, regardless of impressions or spend. Used for licensed data bundles and audience subscriptions.
+ */
+export interface FlatFeePricing {
+    model: 'flat_fee';
+    /**
+     * Fixed charge for the billing period
+     * @minimum 0
+     */
+    amount: number;
+    /**
+     * Billing period for the flat fee.
+     */
+    period: 'monthly' | 'quarterly' | 'annual' | 'campaign';
+    /**
+     * ISO 4217 currency code
+     * @pattern ^[A-Z]{3}$
+     */
+    currency: string;
+    ext?: ExtensionObject;
+}
+
+/**
+ * A JSON object — never a plain string — that identifies a creative format by its declaring agent and local slug. Required properties: agent_url (URI of the agent that owns the format) and id (slug matching [a-zA-Z0-9_-]+). Example: {"agent_url": "https://creative.adcontextprotocol.org", "id": "display_300x250"}. Can reference: (1) a concrete format with fixed dimensions (id only), (2) a template format without parameters (id only), or (3) a template format with parameters (id + dimensions/duration). Template formats accept parameters in format_id while concrete formats have fixed dimensions in their definition. Parameterized format IDs create unique, specific format variants. Using a plain string here is a schema violation.
+ */
+export interface FormatReferenceStructuredObject {
+    /**
+     * URL of the agent that defines this format (e.g., 'https://creative.adcontextprotocol.org' for standard formats, or 'https://publisher.com/.well-known/adcp/sales' for custom formats). Callers comparing two `format-id` values MUST canonicalize `agent_url` per the AdCP URL canonicalization rules before treating two formats as the same. See docs/reference/url-canonicalization.
+     */
+    agent_url: string;
+    /**
+     * Format identifier within the agent's namespace (e.g., 'display_static', 'video_hosted', 'audio_standard'). When used alone, references a template format. When combined with dimension/duration fields, creates a parameterized format ID for a specific variant.
+     * @pattern ^[a-zA-Z0-9_-]+$
+     */
+    id: string;
+    /**
+     * Width in pixels for visual formats. When specified, height must also be specified. Both fields together create a parameterized format ID for dimension-specific variants.
+     * @minimum 1
+     */
+    width?: number;
+    /**
+     * Height in pixels for visual formats. When specified, width must also be specified. Both fields together create a parameterized format ID for dimension-specific variants.
+     * @minimum 1
+     */
+    height?: number;
+    /**
+     * Duration in milliseconds for time-based formats (video, audio). When specified, creates a parameterized format ID. Omit to reference a template format without parameters.
+     * @minimum 1
+     */
+    duration_ms?: number;
+}
+
+/**
+ * Whether the video uses a constant or variable frame rate. Broadcast and SSAI contexts require constant frame rate for seamless splicing.
+ */
+export type FrameRateType = 'constant' | 'variable';
+
+/**
+ * Group of Pictures structure. SSAI and broadcast require closed GOPs for clean splice points; open GOPs may produce artifacts at ad boundaries.
+ */
+export type GOPType = 'closed' | 'open';
+
+/**
+ * Inline HTML content asset. For URL-delivered HTML5 banner bundles, use the zip asset type instead. For single-URL iframe-rendered tag references, use the url asset type with an appropriate url_type.
+ */
+export interface HTMLAsset {
+    /**
+     * Discriminator identifying this as an HTML asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'html';
+    /**
+     * HTML content
+     */
+    content: string;
+    /**
+     * HTML version (e.g., 'HTML5')
+     */
+    version?: string;
+    /**
+     * Self-declared accessibility properties for this opaque creative
+     */
+    accessibility?: {
+        /**
+         * Text alternative describing the creative content
+         */
+        alt_text?: string;
+        /**
+         * Whether the creative can be fully operated via keyboard
+         */
+        keyboard_navigable?: boolean;
+        /**
+         * Whether the creative respects prefers-reduced-motion or provides pause/stop controls
+         */
+        motion_control?: boolean;
+        /**
+         * Whether the creative has been tested with screen readers
+         */
+        screen_reader_tested?: boolean;
+    };
+    provenance?: Provenance;
+}
+
+/**
+ * HTTP method
+ */
+export type HTTPMethod = 'GET' | 'POST';
+
+/**
+ * Override logo asset.
+ */
+export interface ImageAsset {
+    /**
+     * Discriminator identifying this as an image asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'image';
+    /**
+     * URL to the image asset
+     */
+    url: string;
+    /**
+     * Width in pixels
+     * @minimum 1
+     */
+    width: number;
+    /**
+     * Height in pixels
+     * @minimum 1
+     */
+    height: number;
+    /**
+     * Image file format (jpg, png, gif, webp, etc.)
+     */
+    format?: string;
+    /**
+     * Alternative text for accessibility
+     */
+    alt_text?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * Inline JavaScript content asset. For URL-delivered third-party tag scripts, use the url asset type with url_type 'tracker_script'. For HTML5 banner bundles that include JavaScript, use the zip asset type.
+ */
+export interface JavaScriptAsset {
+    /**
+     * Discriminator identifying this as a JavaScript asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'javascript';
+    /**
+     * JavaScript content
+     */
+    content: string;
+    module_type?: JavaScriptModuleType;
+    /**
+     * Self-declared accessibility properties for this opaque creative
+     */
+    accessibility?: {
+        /**
+         * Text alternative describing the creative content
+         */
+        alt_text?: string;
+        /**
+         * Whether the creative can be fully operated via keyboard
+         */
+        keyboard_navigable?: boolean;
+        /**
+         * Whether the creative respects prefers-reduced-motion or provides pause/stop controls
+         */
+        motion_control?: boolean;
+        /**
+         * Whether the creative has been tested with screen readers
+         */
+        screen_reader_tested?: boolean;
+    };
+    provenance?: Provenance;
+}
+
+/**
+ * JavaScript module type
+ */
+export type JavaScriptModuleType = 'esm' | 'commonjs' | 'script';
+
+/**
+ * Markdown-formatted text content following CommonMark specification
+ */
+export interface MarkdownAsset {
+    /**
+     * Discriminator identifying this as a markdown asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'markdown';
+    /**
+     * Markdown content following CommonMark spec with optional GitHub Flavored Markdown extensions
+     */
+    content: string;
+    /**
+     * Language code (e.g., 'en', 'es', 'fr')
+     */
+    language?: string;
+    markdown_flavor?: MarkdownFlavor;
+    /**
+     * Whether raw HTML blocks are allowed in the markdown. False recommended for security.
+     */
+    allow_raw_html?: boolean;
+}
+
+/**
+ * Markdown flavor used. CommonMark for strict compatibility, GFM for tables/task lists/strikethrough.
+ */
+export type MarkdownFlavor = 'commonmark' | 'gfm';
+
+/**
+ * Position of the moov atom in an MP4 container. 'start' enables progressive download without buffering the entire file; required for streaming ad delivery.
+ */
+export type MoovAtomPosition = 'start' | 'end';
+
+/**
+ * Account-level webhook subscription for notifications whose lifecycle outlives any single media buy — creative state changes, library purges, wholesale feed change webhooks, and future account-scoped events. Distinct from `push-notification-config.json`, which anchors at a per-resource operation (a single task or media buy). An account MAY register multiple notification configs to fan a single seller's events out to multiple buyer-side endpoints; each entry filters by `event_types`. As with push-notification-config, the default signing scheme is the AdCP RFC 9421 webhook profile against the seller's brand.json `agents[]` JWKS; the optional `authentication` block opts into the deprecated Bearer / HMAC-SHA256 fallback for compatibility. Credentials and shared secrets in `authentication.credentials` are write-only — sellers MUST NOT echo them back in `list_accounts` responses. Sellers MUST verify endpoint control before activating account-level notification configs for high-volume event families such as wholesale feed changes; delivery-time SSRF validation still applies to every fire.
+ */
+export interface NotificationConfig {
+    /**
+     * Buyer-supplied identifier for this subscription endpoint. Echoed on every webhook payload and on every `webhook_activity[]` record fired against this config so the buyer can attribute fires across multiple endpoints. MUST be unique within the account's `notification_configs[]` — uniqueness is enforced by the seller at registration time; duplicates are rejected with `errors[]`. Always required (even with a single subscriber) so the SDK contract is uniform — no conditional required-when-multiple rules to trip up implementations. Format is opaque — recommended values are short kebab-case slugs (`buyer-primary`, `audit-bus`, `dx-team`).
+     * @minLength 1
+     * @maxLength 64
+     * @pattern ^[A-Za-z0-9_.:-]{1,64}$
+     */
+    subscriber_id: string;
+    /**
+     * Webhook endpoint URL. Same wire contract as `push-notification-config.url` — `format: "uri"`, no destination-port allowlist enforced by the protocol, SSRF protection via the IP-range check defined in docs/building/by-layer/L1/security.mdx#webhook-url-validation-ssrf. For wholesale feed subscribers, sellers MUST complete an activation challenge or equivalent proof-of-control before treating the subscriber as active.
+     */
+    url: string;
+    /**
+     * Notification types this subscriber wishes to receive on the registered `url`. The seller MUST NOT fire other types against this endpoint, and MUST NOT silently widen the filter when new types are added to `notification-type.json`. When omitted, the seller MUST default to a no-fire policy and surface an `errors[]` entry on `sync_accounts` so the buyer notices the missing filter. Values are drawn from `notification-type.json`, but only types whose contract anchors at the account scope are valid here — creative lifecycle events and wholesale feed change payloads are valid; media-buy-anchored types (`scheduled`, `final`, `delayed`, `adjusted`, `impairment`) belong on a media buy's `push_notification_config`, not on this surface; sellers MUST reject those entries as per-account validation failures with `INVALID_REQUEST` or `VALIDATION_ERROR` and `error.field` pointing at the invalid `event_types` entry rather than silently dropping them.
+     */
+    event_types: NotificationType[];
+    /**
+     * Legacy authentication selector. Same precedence and semantics as `push-notification-config.authentication` — presence opts the seller into Bearer or HMAC-SHA256 signing; absence selects the default RFC 9421 webhook profile keyed off the seller's brand.json `agents[]` JWKS. The same signed-registration downgrade-resistance rules apply to accounts[].notification_configs[].authentication. Deprecated; removed in AdCP 4.0. Credentials are write-only and MUST NOT be echoed on `list_accounts` reads.
+     */
+    authentication?: {
+        schemes: AuthenticationScheme[];
+        /**
+         * Credentials for the legacy scheme. Bearer: token. HMAC-SHA256: shared secret. Minimum 32 characters. Exchanged out-of-band during onboarding. Write-only.
+         * @minLength 32
+         */
+        credentials: string;
+    };
+    /**
+     * When false, the seller persists the configuration but suppresses fires. Use to pause a noisy subscriber without losing the registration. Sellers MUST NOT skip persisting the entry when `active: false` — the buyer's next `sync_accounts` MUST observe the same array, otherwise the buyer cannot distinguish pause from drop.
+     */
+    active?: boolean;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Type of push notification fired by a seller agent. Media-buy-anchored notifications (`scheduled`, `final`, `delayed`, `adjusted`, `impairment`) fire against a media buy's `push_notification_config`. Account-anchored notifications (`creative.status_changed`, `creative.purged`, `product.*`, `signal.*`, `wholesale_feed.bulk_change`) fire against an account's `notification_configs[]` entries whose `event_types` include the value — these outlive any single media buy and anchor at the account. Wholesale feed notifications carry the actual change payload in `/schemas/core/wholesale-feed-webhook.json`; receivers use `get_products` / `get_signals` with `if_wholesale_feed_version` to repair or reconcile. New notification types added to this enum MUST declare their anchor (media-buy or account) and per-type `notification_id` semantics in the enumDescription. Sellers MUST reject `notification_configs[]` entries whose `event_types` include any media-buy-anchored type, and MUST reject `push_notification_config` registrations for account-anchored types.
+ */
+export type NotificationType = 'scheduled' | 'final' | 'delayed' | 'adjusted' | 'impairment' | 'creative.status_changed' | 'creative.purged' | 'product.created' | 'product.updated' | 'product.priced' | 'product.removed' | 'signal.created' | 'signal.updated' | 'signal.priced' | 'signal.removed' | 'wholesale_feed.bulk_change';
+
+/**
+ * Standard cursor-based pagination parameters for list operations
+ */
+export interface PaginationRequest {
+    /**
+     * Maximum number of items to return per page
+     * @minimum 1
+     * @maximum 100
+     */
+    max_results?: number;
+    /**
+     * Opaque cursor from a previous response to fetch the next page
+     */
+    cursor?: string;
+}
+
+/**
+ * Standard cursor-based pagination metadata for list responses
+ */
+export interface PaginationResponse {
+    /**
+     * Whether more results are available beyond this page
+     */
+    has_more: boolean;
+    /**
+     * Opaque cursor to pass in the next request to fetch the next page. Only present when has_more is true.
+     */
+    cursor?: string;
+    /**
+     * Total number of items matching the query across all pages. Optional because not all backends can efficiently compute this.
+     * @minimum 0
+     */
+    total_count?: number;
+}
+
+/**
+ * Payment terms agreed for this account. Binding for all invoices when the account is active.
+ */
+export type PaymentTerms = 'net_15' | 'net_30' | 'net_45' | 'net_60' | 'net_90' | 'prepay';
+
+/**
+ * Fixed price per unit of work. Used for creative transformation (per format), AI generation (per image, per token), and rendering (per variant). The unit field describes what is counted; unit_price is the cost per one unit.
+ */
+export interface PerUnitPricing {
+    model: 'per_unit';
+    /**
+     * What is counted — e.g. 'format', 'image', 'token', 'variant', 'render', 'evaluation'.
+     */
+    unit: string;
+    /**
+     * Cost per one unit
+     * @minimum 0
+     */
+    unit_price: number;
+    /**
+     * ISO 4217 currency code
+     * @pattern ^[A-Z]{3}$
+     */
+    currency: string;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Percentage of media spend charged for this signal. When max_cpm is set, the effective rate is capped at that CPM — useful for platforms like The Trade Desk that use percent-of-media pricing with a CPM ceiling.
+ */
+export interface PercentOfMediaPricing {
+    model: 'percent_of_media';
+    /**
+     * Percentage of media spend, e.g. 15 = 15%
+     * @minimum 0
+     * @maximum 100
+     */
+    percent: number;
+    /**
+     * Optional CPM cap. When set, the effective charge is min(percent × media_spend_per_mille, max_cpm).
+     * @minimum 0
+     */
+    max_cpm?: number;
+    /**
+     * ISO 4217 currency code for the resulting charge
+     * @pattern ^[A-Z]{3}$
+     */
+    currency: string;
+    ext?: ExtensionObject;
+}
+
+/**
+ * REQUIRED when `format_kind: "custom"`; otherwise MUST be absent. URI+digest reference to a fetchable schema describing this custom shape's actual `params` and `slots`. Same hosting model as `platform_extensions`: open-ecosystem publishers host the artifact at the canonical URI on their subdomain; closed-platform / walled-garden shapes resolve through the AAO mirror at `https://creative.adcontextprotocol.org/translated/...`. Buyer agents fetch by `uri@digest` (immutable per digest, aggressive caching, `Cache-Control: public, max-age=31536000, immutable`), validate `params` and `slots` against the fetched schema, and reason about manifests structurally — same mechanic as platform_extensions but at the format-structure level. Without `format_schema`, custom shapes would be opaque to buyer agents and the protocol would regress to per-seller integration code; that's why the schema is required, not optional.
+ *
+ * **Fetch contract (normative)** — `format_schema` is load-bearing for validation (unlike `platform_extensions`, which is informational on the *consumption* side). The *transport* rules below apply identically to BOTH fields — any SDK fetching a `platform-extension-ref.json` URI MUST apply this contract regardless of whether the field name is `format_schema` or `platform_extensions`. A shared SDK fetch path that drops to the weakest bar undermines `format_schema`'s hardening. The consumption distinction (load-bearing vs informational) is about *what the body means*; the transport distinction is `https`-and-allowlisted regardless.
+ *
+ * - **Transport**: `https` only. Buyers MUST reject `http://`, `file://`, `data:`, and any non-`https` scheme. The URI MUST resolve to a JSON document that is itself a valid JSON Schema (Draft 07 or 2020-12; producers MUST declare `$schema`).
+ * - **SSRF protection**: buyers MUST resolve the URI hostname and reject if any resolved address is in RFC 1918 private space (`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`), loopback (`127.0.0.0/8`, `::1`), link-local (`169.254.0.0/16`, `fe80::/10`), CGNAT (`100.64.0.0/10`), or any RFC 6761 special-use name (`.local`, `.localhost`, `.internal`, `.test`, `.example`, `.invalid`). Cloud metadata endpoints (`169.254.169.254`, `metadata.google.internal`, `kubernetes.default.svc`) are explicitly forbidden — these are credential-leak primitives. Buyers MUST pin the connection to the resolved IP (or re-resolve and re-validate the allowlist per request) to defeat DNS rebinding.
+ * - **HTTP redirects**: MUST be disabled. If a follow is implemented at all, the redirect target MUST pass the same scheme + SSRF + allowlist checks; otherwise the fetch hard-fails. Open redirects on same-origin paths are otherwise a free SSRF primitive.
+ * - **Response size cap**: response body MUST be capped at 1 MiB. Enforce during streaming, not after full buffering. Over-cap hard-fails identically to digest mismatch.
+ * - **Timeout**: SDKs SHOULD apply a fetch timeout ≤5 seconds. Timeout SHOULD be treated identically to an HTTP 5xx response (transient — retry policy at the SDK's discretion; on persistent failure surface as unresolved and skip the declaration for this session).
+ * - **Digest verification**: SHA-256 of the response body MUST equal `digest`. **Digest mismatch is a hard fail** — the buyer MUST treat the format declaration as unresolvable and MUST NOT validate manifests against the mismatched body. A divergent digest is either a malicious substitution or producer error; either way, falling back to the un-verified body breaks the trust model. Digest format: `sha256:` prefix + 64 lowercase hex characters. Cache key is `uri@digest`; digest mismatch MUST NOT be cached as a negative result keyed on `uri` alone (defeats CDN-flap recovery), and MUST be distinguishable in telemetry from network 5xx / 404 (sustained mismatch is a substitution-attack signal, not a flap).
+ * - **Sandboxing of `$ref`**: fetched schemas MAY use `$ref`. Buyers MUST resolve `$ref` only to URIs that are (a) same-origin as the parent `format_schema.uri` after RFC 3986 §6 normalization (lowercase scheme + host, strip default port, normalize path dot-segments, no userinfo component), OR (b) hosted under the AAO catalog domain (`https://creative.adcontextprotocol.org/...`), OR (c) intra-document JSON Pointer refs (`#/...`) bounded to the parent document's parsed tree. Cross-origin `$ref` to arbitrary URIs MUST be rejected. `$ref: file://...` MUST be rejected unconditionally. Transitive `$ref` chains MUST be bounded at depth ≤8 AND `$ref` count ≤256 across the resolved tree (depth 8 with breadth 100 per level is 10^16 nodes — depth alone is not enough). Publishers SHOULD inline rather than $ref where possible.
+ * - **Schema-compile bounds (DoS protection)**: validators MUST bound CPU/memory on fetched schemas. Recommended: compiled-schema keyword count ≤10 000, `pattern` regexes evaluated with a non-backtracking engine (re2) OR under a per-pattern timeout, per-manifest validation budget ≤250 ms (exceeded budget → treat manifest as invalid, surface telemetry signal). Without these, a 'valid' schema with catastrophic regex backtracking or exponential `allOf`/`anyOf` expansion pins a CPU forever.
+ * - **Cache**: buyers cache fetched schemas by `uri@digest` and treat them as immutable (the same hosting contract as `platform_extensions`). On `404`, network partition, or persistent fetch failure, buyers SHOULD degrade gracefully (treat the declaration as unresolved, skip it for the current `get_products` response, surface via `errors[]` with the relevant code) rather than failing the entire session.
+ * - **Schema-not-valid handling**: if the fetched body parses as JSON but is not a valid JSON Schema, the buyer MUST treat the declaration as unresolvable (same as digest mismatch) and surface via `errors[]`. Validators MUST NOT attempt partial validation against an invalid schema.
+ * - **AAO catalog trust**: `https://creative.adcontextprotocol.org/*` is a single trust anchor in the same-origin allowlist; compromise of the catalog domain or its CA compromises every buyer agent. Catalog-served bodies MUST be digest-pinned identically to origin fetches (the digest is on the *parent* `format_schema.uri@digest`, not on the catalog response). Future hardening (signed bodies, transparency log) is tracked separately.
+ */
+export interface PlatformExtensionReference {
+    /**
+     * HTTPS URL identifying the extension. `https://` is mandatory — `http://`, `file://`, `data:`, and other schemes are rejected at the schema layer (defense-in-depth on top of the fetch-contract normative rules). The URI base is the owning agent's URL; the path identifies the extension within that agent. Example: 'https://creative.adcontextprotocol.org/translated/meta/extensions/meta_pixel'. The full fetch contract — SSRF allowlist, response-size cap, $ref sandbox, schema-compile bounds — is documented on `product-format-declaration.json#format_schema` and applies to ALL fetches of this reference shape regardless of whether the field is named `format_schema` (load-bearing for validation) or `platform_extensions` (informational); the *transport* rules are identical, only the *consumption* semantics differ.
+     * @pattern ^https:\/\/
+     */
+    uri: string;
+    /**
+     * SHA-256 content digest of the extension definition (sha256:<hex>). Used to detect drift — if the agent revises the extension, the digest changes and cached definitions become invalid.
+     * @pattern ^sha256:[a-f0-9]{64}$
+     */
+    digest: string;
+}
+
+/**
+ * Provenance metadata for this asset, overrides manifest-level provenance
+ */
+export interface Provenance {
+    digital_source_type?: DigitalSourceType;
+    /**
+     * AI system used to generate or modify this content. Aligns with IPTC 2025.1 AI metadata fields and C2PA claim_generator.
+     */
+    ai_tool?: {
+        /**
+         * Name of the AI tool or model (e.g., 'DALL-E 3', 'Stable Diffusion XL', 'Gemini')
+         */
+        name: string;
+        /**
+         * Version identifier for the AI tool or model (e.g., '25.1', '0125', '2.1'). For generative models, use the model version rather than the API version.
+         */
+        version?: string;
+        /**
+         * Organization that provides the AI tool (e.g., 'OpenAI', 'Stability AI', 'Google')
+         */
+        provider?: string;
+    };
+    /**
+     * Level of human involvement in the AI-assisted creation process. Independent of `disclosure.required` — the protocol does not derive disclosure obligations from oversight level. Some regulations include carve-outs for human-edited or human-directed AI output, but those carve-outs have factual prerequisites the schema cannot evaluate. Asserting `edited` or `directed` does not by itself justify `disclosure.required: false`.
+     */
+    human_oversight?: 'none' | 'prompt_only' | 'selected' | 'edited' | 'directed';
+    /**
+     * Party declaring this provenance. Identifies who attached the provenance claim, enabling receiving parties to assess trust.
+     */
+    declared_by?: {
+        /**
+         * URL of the agent or service that declared this provenance
+         */
+        agent_url?: string;
+        /**
+         * Role of the declaring party in the supply chain
+         */
+        role: 'creator' | 'advertiser' | 'agency' | 'platform' | 'tool';
+    };
+    /**
+     * When this provenance claim was made (ISO 8601). Distinct from created_time, which records when the content itself was produced. A provenance claim may be attached well after content creation, for example when retroactively declaring AI involvement for regulatory compliance.
+     * @format date-time
+     */
+    declared_at?: string;
+    /**
+     * When this content was created or generated (ISO 8601)
+     * @format date-time
+     */
+    created_time?: string;
+    /**
+     * C2PA sidecar manifest reference. Links to a detached cryptographic provenance manifest for this content. Note: file-level C2PA bindings break when ad servers transcode, resize, or re-encode assets. For pipelines with intermediaries, consider embedded_provenance as the primary provenance mechanism.
+     */
+    c2pa?: {
+        /**
+         * URL to the C2PA manifest store for this content
+         */
+        manifest_url: string;
+    };
+    /**
+     * Provenance metadata embedded within the content stream. Each entry declares one embedding layer: structured provenance data carried inside the content itself, as distinct from sidecar references (c2pa.manifest_url). Embedded provenance survives operations that break sidecar and file-level bindings: ad-server transcoding, CMS ingestion, copy-paste, reformatting, and CDN re-encoding. For ad-tech pipelines where content passes through multiple intermediaries, embedded provenance is the reliable path for provenance that persists from declaration through delivery. This is a declaration by the embedding party. The receiving party (the seller) is the verifier-of-record: it confirms the claim by calling a governance agent it trusts (typically one published in `creative_policy.accepted_verifiers`).
+     */
+    embedded_provenance?: {
+        method: EmbeddedProvenanceMethod;
+        /**
+         * Standard the embedding conforms to, if any (e.g., 'c2pa' for C2PA Section A.7 text manifest embedding)
+         */
+        standard?: string;
+        /**
+         * Organization that performed the embedding (e.g., 'Encypher', 'Digimarc'). Display label and audit context — not a wire identifier.
+         */
+        provider: string;
+        /**
+         * Buyer's representation that this embedding can be verified by a governance agent on the seller's `creative_policy.accepted_verifiers` list. The `agent_url` MUST match (canonicalized) one of the seller's published `accepted_verifiers[].agent_url` entries; sellers reject `sync_creatives` submissions whose `verify_agent.agent_url` is off-list with `PROVENANCE_VERIFIER_NOT_ACCEPTED`. This is buyer-supplied evidence, not buyer-driven routing — the seller is the verifier-of-record and the seller controls which agent it actually calls (the seller MAY use a different on-list agent if it determines this is more appropriate; the seller does not call buyer-asserted endpoints outside its allowlist). MAY be omitted for self-verifiable embeddings (e.g., a C2PA text manifest with a public key the seller already trusts).
+         */
+        verify_agent?: {
+            /**
+             * URL of the governance agent the buyer represents was used to embed/verify this layer. MUST use the `https://` scheme and MUST appear in the seller's `creative_policy.accepted_verifiers[].agent_url` list (canonicalized per /docs/reference/url-canonicalization: lowercase scheme and host, strip default port, normalize path dot-segments). Sellers MUST NOT call this URL until the canonicalized match is confirmed.
+             * @pattern ^https:\/\/
+             */
+            agent_url: string;
+            /**
+             * Optional `feature_id` the buyer represents the seller should request via `get_creative_features` (e.g., `encypher.markers_present_v2`). SHOULD match the `feature_id` declared on the matching `accepted_verifiers[]` entry, or be omitted to defer the selector to the seller. When the seller's entry pins a `feature_id`, that value wins; when neither side pins, the seller selects from the agent's `governance.creative_features` catalog.
+             */
+            feature_id?: string;
+        };
+        /**
+         * When the provenance data was embedded (ISO 8601)
+         * @format date-time
+         */
+        embedded_at?: string;
+    }[];
+    /**
+     * Content watermarks applied to this asset. Each entry declares one watermarking layer: a content modification that encodes an identifier or fingerprint within the asset. Watermarks differ from embedded provenance: a watermark encodes an identifier (who generated it, who owns it), while embedded provenance carries or references a structured provenance record (the full chain of custody). A single asset may carry both. Aligns with C2PA action taxonomy: c2pa.watermarked.bound (watermark linked to a C2PA manifest) and c2pa.watermarked.unbound (watermark independent of any manifest). This is a declaration by the watermarking party. The receiving party (the seller) is the verifier-of-record: it confirms the claim by calling a governance agent it trusts (typically one published in `creative_policy.accepted_verifiers`).
+     */
+    watermarks?: {
+        media_type: WatermarkMediaType;
+        /**
+         * Organization that applied the watermark (e.g., 'Imatag', 'Steg.AI', 'Encypher'). Display label and audit context — not a wire identifier.
+         */
+        provider: string;
+        /**
+         * Buyer's representation that this watermark can be detected by a governance agent on the seller's `creative_policy.accepted_verifiers` list. The `agent_url` MUST match (canonicalized) one of the seller's published `accepted_verifiers[].agent_url` entries; sellers reject `sync_creatives` submissions whose `verify_agent.agent_url` is off-list with `PROVENANCE_VERIFIER_NOT_ACCEPTED`. This is buyer-supplied evidence, not buyer-driven routing — the seller is the verifier-of-record and the seller controls which agent it actually calls (the seller MAY use a different on-list agent if it determines this is more appropriate; the seller does not call buyer-asserted endpoints outside its allowlist).
+         */
+        verify_agent?: {
+            /**
+             * URL of the governance agent the buyer represents was used to apply/detect this watermark. MUST use the `https://` scheme and MUST appear in the seller's `creative_policy.accepted_verifiers[].agent_url` list (canonicalized per /docs/reference/url-canonicalization: lowercase scheme and host, strip default port, normalize path dot-segments). Sellers MUST NOT call this URL until the canonicalized match is confirmed.
+             * @pattern ^https:\/\/
+             */
+            agent_url: string;
+            /**
+             * Optional `feature_id` the buyer represents the seller should request via `get_creative_features` (e.g., `imatag.watermark_detected`). SHOULD match the `feature_id` declared on the matching `accepted_verifiers[]` entry, or be omitted to defer the selector to the seller. When the seller's entry pins a `feature_id`, that value wins; when neither side pins, the seller selects from the agent's `governance.creative_features` catalog.
+             */
+            feature_id?: string;
+        };
+        c2pa_action?: C2PAWatermarkAction;
+        /**
+         * When the watermark was applied (ISO 8601)
+         * @format date-time
+         */
+        embedded_at?: string;
+    }[];
+    /**
+     * Regulatory disclosure requirements for this content. Indicates whether AI disclosure is required and under which jurisdictions.
+     */
+    disclosure?: {
+        /**
+         * The declaring party's claim that AI disclosure is required for this content under applicable regulations. This is a declared signal carried through the supply chain — useful as a routing and audit input — not a regulatory determination made by the protocol. Receiving parties remain responsible for their own jurisdictional analysis and should not treat `required: false` as compliance cover.
+         */
+        required: boolean;
+        /**
+         * Jurisdictions where disclosure obligations apply
+         */
+        jurisdictions?: {
+            /**
+             * ISO 3166-1 alpha-2 country code (e.g., 'US', 'DE', 'CN')
+             */
+            country: string;
+            /**
+             * Sub-national region code (e.g., 'CA' for California, 'BY' for Bavaria)
+             */
+            region?: string;
+            /**
+             * Regulation identifier (e.g., 'eu_ai_act_article_50', 'ca_sb_942', 'cn_deep_synthesis')
+             */
+            regulation: string;
+            /**
+             * Required disclosure label text for this jurisdiction, in the local language
+             */
+            label_text?: string;
+            /**
+             * How the disclosure should be rendered for this jurisdiction. Expresses the declaring party's intent for persistence and position based on regulatory requirements. Publishers control actual rendering but governance agents can audit whether guidance was followed.
+             */
+            render_guidance?: {
+                persistence?: DisclosurePersistence;
+                /**
+                 * Minimum display duration in milliseconds for initial persistence. Recommended when persistence is initial — without it, the duration is at the publisher's discretion. At serve time the publisher reads this from provenance since the brief is not available.
+                 * @minimum 1
+                 */
+                min_duration_ms?: number;
+                /**
+                 * Preferred disclosure positions in priority order. The first position a format supports should be used.
+                 */
+                positions?: DisclosurePosition[];
+                ext?: ExtensionObject;
+            };
+        }[];
+    };
+    /**
+     * Third-party verification or detection results for this content. Multiple services may independently evaluate the same content. Provenance is a claim — verification results attached by the declaring party are supplementary. The enforcing party (e.g., seller/publisher) should run its own verification via get_creative_features or calibrate_content.
+     */
+    verification?: {
+        /**
+         * Name of the verification service (e.g., 'DoubleVerify', 'Hive Moderation', 'Reality Defender')
+         */
+        verified_by: string;
+        /**
+         * When the verification was performed (ISO 8601)
+         * @format date-time
+         */
+        verified_time?: string;
+        /**
+         * Verification outcome
+         */
+        result: 'authentic' | 'ai_generated' | 'ai_modified' | 'inconclusive';
+        /**
+         * Confidence score of the verification result (0.0 to 1.0)
+         * @minimum 0
+         * @maximum 1
+         */
+        confidence?: number;
+        /**
+         * URL to the full verification report
+         */
+        details_url?: string;
+    }[];
+    ext?: ExtensionObject;
+}
+
+/**
+ * Push notification configuration for async task updates (A2A and REST protocols). Echoed from the request to confirm webhook settings. Specifies URL, authentication scheme (Bearer or HMAC-SHA256), and credentials. MCP uses progress notifications instead of webhooks.
+ */
+export interface PushNotificationConfig {
+    /**
+     * Webhook endpoint URL for task status notifications. The wire contract is unconstrained beyond `format: "uri"` — in particular, publishers SHOULD NOT enforce a destination-port allowlist by default, since buyers legitimately host receivers on non-standard TLS ports (`:9443`, `:4443`, path-routed multi-tenant gateways). The SSRF guard the protocol relies on is the IP-range check + DNS-rebinding-resistant connect pin defined in [Webhook URL validation (SSRF)](/docs/building/by-layer/L1/security#webhook-url-validation-ssrf), not port filtering. Operators who want a hardened destination-port allowlist as defense-in-depth (e.g., locked-down enterprise egress) opt in explicitly — see [Destination port: permissive by default](/docs/building/by-layer/L1/security#destination-port-permissive-by-default).
+     */
+    url: string;
+    /**
+     * Buyer-supplied correlation identifier for the operation that will produce webhooks against this registration. The seller MUST echo this value verbatim into every webhook payload's `operation_id` field (see [`mcp-webhook-payload.json`](/schemas/core/mcp-webhook-payload.json) and [Webhooks — Operation IDs](/docs/building/by-layer/L3/webhooks#operation-ids-and-url-templates)). Buyers SHOULD generate a unique value per task invocation (UUID recommended). This field is the canonical registration channel for `operation_id`; buyers MAY additionally embed the same value in the URL path or query as a routing aid for their own HTTP server, but the URL is opaque to the seller and the wire-level source of truth is this field. Sellers MUST NOT parse the URL to recover `operation_id`. Sellers that receive a webhook registration without `operation_id` MAY reject the task with `INVALID_REQUEST`.
+     * @minLength 1
+     * @maxLength 255
+     * @pattern ^[A-Za-z0-9_.:-]{1,255}$
+     */
+    operation_id?: string;
+    /**
+     * Optional client-provided token for webhook validation. The seller MUST echo this value verbatim in every webhook payload's `token` field (see [`mcp-webhook-payload.json`](/schemas/core/mcp-webhook-payload.json) for the receiver-side validation obligation). Length bounds give receivers a defensive range check on the echoed value; senders SHOULD generate tokens with at least 128 bits of entropy (≥22 base64url characters). This is a complementary authenticity mechanism that can layer on top of the RFC 9421 webhook signature — unlike the `authentication` block below, it is not on the 4.0 removal track. Receivers that registered both a signing key (RFC 9421) and a `token` MUST NOT treat a valid token echo as authorization to skip signature verification; both checks remain independent obligations.
+     * @minLength 16
+     * @maxLength 4096
+     */
+    token?: string;
+    /**
+     * Legacy authentication configuration (A2A-compatible). Opts the seller into Bearer or HMAC-SHA256 signing instead of the default RFC 9421 webhook profile. Deprecated; removed in AdCP 4.0. **Precedence is a switch, not a fallback:** presence of this block selects the legacy scheme; absence selects 9421. A seller MUST NOT sign the same webhook both ways, and a buyer MUST NOT attempt 'try 9421 first, fall back to HMAC' verification — signature mode is determined solely by whether this block was present at registration time. The seller's baseline 9421 webhook-signing key published at its brand.json `agents[]` `jwks_uri` does not override this selector; it is always discoverable but only used when `authentication` is omitted. See docs/building/implementation/security.mdx#webhook-callbacks for the full precedence and downgrade-resistance rules (including the `webhook_mode_mismatch` rejection a buyer MUST apply when a received webhook's signing mode does not match the registered mode).
+     */
+    authentication?: {
+        /**
+         * Array of authentication schemes. Supported: ['Bearer'] for simple token auth, ['HMAC-SHA256'] for legacy shared-secret signing. Both are deprecated; new integrations SHOULD omit `authentication` and use the RFC 9421 webhook profile.
+         */
+        schemes: AuthenticationScheme[];
+        /**
+         * Credentials for the legacy scheme. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding.
+         * @minLength 32
+         */
+        credentials: string;
+    };
+}
+
+/**
+ * A reference asset that provides creative context. Carries visual materials (mood boards, product shots, example creatives) with semantic roles that tell creative agents how to use them.
+ */
+export interface ReferenceAsset {
+    /**
+     * URL to the reference asset (image, video, or document)
+     */
+    url: string;
+    /**
+     * How the creative agent should use this asset. style_reference: match the visual style; product_shot: include this product; mood_board: overall look and feel; example_creative: example of a similar execution; logo: logo to use; strategy_doc: strategy or planning document for context; storyboard: sequential visual direction for video or multi-scene creative
+     */
+    role: 'style_reference' | 'product_shot' | 'mood_board' | 'example_creative' | 'logo' | 'strategy_doc' | 'storyboard';
+    /**
+     * Human-readable description of the asset and how it should inform creative generation
+     */
+    description?: string;
+}
+
+/**
+ * Video scan method. Modern digital delivery requires progressive scan; interlaced is retained for broadcast legacy content.
+ */
+export type ScanType = 'progressive' | 'interlaced';
+
+/**
+ * Machine-readable reason the snapshot is omitted. Present only when include_snapshot was true and snapshot is unavailable for this package.
+ */
+export type SnapshotUnavailableReason = 'SNAPSHOT_UNSUPPORTED' | 'SNAPSHOT_TEMPORARILY_UNAVAILABLE' | 'SNAPSHOT_PERMISSION_DENIED';
+
+/**
+ * Sort direction
+ */
+export type SortDirection = 'asc' | 'desc';
+
+/**
+ * Current task execution state. Indicates whether the task is completed, in progress (working), submitted for async processing, failed, or requires user input. REQUIRED on every task response envelope. Synchronous tasks (including read-only metadata calls like `get_adcp_capabilities`) MUST emit `status: "completed"`; async tasks emit `submitted`, `working`, `input-required`, etc. per their lifecycle. Agents MUST NOT emit the legacy task_status or response_status fields alongside this field — the status field is the single authoritative task state.
+ */
+export type TaskStatus = 'submitted' | 'working' | 'input-required' | 'completed' | 'canceled' | 'failed' | 'rejected' | 'auth-required' | 'unknown';
+
+/**
+ * Text content asset
+ */
+export interface TextAsset {
+    /**
+     * Discriminator identifying this as a text asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'text';
+    /**
+     * Text content
+     */
+    content: string;
+    /**
+     * Language code (e.g., 'en', 'es', 'fr')
+     */
+    language?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * URL reference asset. `url_type` declares the mechanism a receiver uses to invoke the URL (clickthrough vs. tracker_pixel vs. tracker_script) and is distinct from the URL's purpose, which the format declares in `url-asset-requirements.role` (clickthrough, landing_page, impression_tracker, click_tracker, viewability_tracker, third_party_tracker). Senders SHOULD include `url_type` on every URL asset. When `url_type` is absent, receivers SHOULD fall back to the format's `url-asset-requirements.role` per this mapping: clickthrough/landing_page → `clickthrough`; impression_tracker/click_tracker → `tracker_pixel`; viewability_tracker → `tracker_script` (OMID and equivalent verification SDKs require a <script> tag — firing them as a pixel produces no measurement); third_party_tracker → no safe fallback (mechanism is integration-specific — DV/IAS ship both pixel and script forms — receivers MAY reject or warn). When neither `url_type` nor a format-side `role` is available, receivers MUST NOT silently pick a mechanism; they SHOULD reject the manifest. Note: VAST/DAAST tag URLs are not URL assets — use `asset_type: "vast"` (or the dedicated tracker types pending RFC #2915), not `asset_type: "url"` with a tracker_pixel mechanism.
+ */
+export interface URLAsset {
+    /**
+     * Discriminator identifying this as a URL asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'url';
+    /**
+     * URL reference. May be a plain URI or an RFC 6570 URI template carrying AdCP universal macros (e.g., `{SKU}`, `{MEDIA_BUY_ID}`). Buyers MUST NOT pre-encode macro braces at sync time; the ad server URL-encodes substituted values at impression time. See docs/creative/universal-macros.mdx.
+     */
+    url: string;
+    url_type?: URLAssetType;
+    /**
+     * Description of what this URL points to
+     */
+    description?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * Mechanism a receiver uses to invoke this URL (distinct from purpose, which lives in `url-asset-requirements.role`): `clickthrough` for user click destination (landing page), `tracker_pixel` for impression/event tracking via HTTP request (fires GET, expects pixel/204 response), `tracker_script` for measurement SDKs that must load as a <script> tag (OMID verification, native event trackers using method:2). SHOULD be present on every URL asset; senders that omit it force the receiver into the role-based fallback described in this schema's top-level description.
+ */
+export type URLAssetType = 'clickthrough' | 'tracker_pixel' | 'tracker_script';
+
+/**
+ * Standardized macro placeholders for dynamic value substitution in creative tracking URLs. Macros are replaced with actual values at impression time. See docs/creative/universal-macros.mdx for detailed documentation.
+ */
+export type UniversalMacro = 'MEDIA_BUY_ID' | 'PACKAGE_ID' | 'CREATIVE_ID' | 'CACHEBUSTER' | 'TIMESTAMP' | 'CLICK_URL' | 'GDPR' | 'GDPR_CONSENT' | 'US_PRIVACY' | 'GPP_STRING' | 'GPP_SID' | 'IP_ADDRESS' | 'LIMIT_AD_TRACKING' | 'DEVICE_TYPE' | 'OS' | 'OS_VERSION' | 'DEVICE_MAKE' | 'DEVICE_MODEL' | 'USER_AGENT' | 'APP_BUNDLE' | 'APP_NAME' | 'COUNTRY' | 'REGION' | 'CITY' | 'ZIP' | 'DMA' | 'LAT' | 'LONG' | 'DEVICE_ID' | 'DEVICE_ID_TYPE' | 'DOMAIN' | 'PAGE_URL' | 'REFERRER' | 'KEYWORDS' | 'PLACEMENT_ID' | 'FOLD_POSITION' | 'AD_WIDTH' | 'AD_HEIGHT' | 'VIDEO_ID' | 'VIDEO_TITLE' | 'VIDEO_DURATION' | 'VIDEO_CATEGORY' | 'CONTENT_GENRE' | 'CONTENT_RATING' | 'PLAYER_WIDTH' | 'PLAYER_HEIGHT' | 'POD_POSITION' | 'POD_SIZE' | 'AD_BREAK_ID' | 'STATION_ID' | 'COLLECTION_NAME' | 'INSTALLMENT_ID' | 'AUDIO_DURATION' | 'TMPX' | 'AXEM' | 'CATALOG_ID' | 'SKU' | 'GTIN' | 'OFFERING_ID' | 'JOB_ID' | 'HOTEL_ID' | 'FLIGHT_ID' | 'VEHICLE_ID' | 'LISTING_ID' | 'STORE_ID' | 'PROGRAM_ID' | 'DESTINATION_ID' | 'CREATIVE_VARIANT_ID' | 'APP_ITEM_ID';
+
+/**
+ * How often the platform should re-fetch the feed from url. Only applicable when url is provided. Platforms may use this as a hint for polling schedules.
+ */
+export type UpdateFrequency = 'realtime' | 'hourly' | 'daily' | 'weekly';
+
+/**
+ * VAST (Video Ad Serving Template) tag for third-party video ad serving
+ */
+export type VASTAsset = {
+    /**
+     * Discriminator identifying this as a VAST asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'vast';
+    vast_version?: VASTVersion;
+    /**
+     * Whether VPAID (Video Player-Ad Interface Definition) is supported
+     */
+    vpaid_enabled?: boolean;
+    /**
+     * Expected video duration in milliseconds (if known)
+     * @minimum 0
+     */
+    duration_ms?: number;
+    /**
+     * Tracking events supported by this VAST tag
+     */
+    tracking_events?: VASTTrackingEvent[];
+    /**
+     * URL to captions file (WebVTT, SRT, etc.)
+     */
+    captions_url?: string;
+    /**
+     * URL to audio description track for visually impaired users
+     */
+    audio_description_url?: string;
+    provenance?: Provenance;
+} & ({
+    /**
+     * Discriminator indicating VAST is delivered via URL endpoint
+     */
+    delivery_type: 'url';
+    /**
+     * URL endpoint that returns VAST XML
+     */
+    url: string;
+} | {
+    /**
+     * Discriminator indicating VAST is delivered as inline XML content
+     */
+    delivery_type: 'inline';
+    /**
+     * Inline VAST XML content
+     */
+    content: string;
+});
+
+/**
+ * Tracking events for video ads. Includes the IAB VAST 4.2 `Tracking@event` enumeration (vast_4.2.xsd `TrackingEvents_type`, lines 112–136), plus AdCP-flattened representations of the `Impression`, `Error`, `VideoClicks`, and `ViewableImpression` elements (which live in dedicated VAST elements, not under `<TrackingEvents>` — they are surfaced here so a single declared list can cover everything a measurement vendor wants to track). `fullscreen` / `exitFullscreen` are retained for VAST 2.x / 3.x compatibility (VAST 4.0+ replaced them with `playerExpand` / `playerCollapse`). `measurableImpression` is an AdCP extension for MRC measurability signals.
+ */
+export type VASTTrackingEvent = 'impression' | 'creativeView' | 'loaded' | 'start' | 'firstQuartile' | 'midpoint' | 'thirdQuartile' | 'complete' | 'mute' | 'unmute' | 'pause' | 'resume' | 'rewind' | 'skip' | 'playerExpand' | 'playerCollapse' | 'fullscreen' | 'exitFullscreen' | 'progress' | 'acceptInvitation' | 'adExpand' | 'adCollapse' | 'minimize' | 'overlayViewDuration' | 'otherAdInteraction' | 'interactiveStart' | 'clickTracking' | 'customClick' | 'close' | 'closeLinear' | 'error' | 'viewable' | 'notViewable' | 'viewUndetermined' | 'measurableImpression' | 'viewableImpression';
+
+/**
+ * VAST specification version
+ */
+export type VASTVersion = '2.0' | '3.0' | '4.0' | '4.1' | '4.2';
+
+/**
+ * Pricing model for a vendor service. Discriminated by model: 'cpm' (fixed CPM), 'percent_of_media' (percentage of spend with optional CPM cap), 'flat_fee' (fixed charge per reporting period), 'per_unit' (fixed price per unit of work), or 'custom' (escape hatch for models not covered by the enumerated forms — requires a description and structured metadata).
+ */
+export type VendorPricing = CpmPricing | PercentOfMediaPricing | FlatFeePricing | PerUnitPricing | CustomPricing;
+
+/**
+ * A pricing option offered by a vendor agent (signals, creative, governance). Combines pricing_option_id with the pricing model fields. Pass pricing_option_id in report_usage for billing verification. All vendor discovery responses return pricing_options as an array — vendors may offer multiple options (volume tiers, context-specific rates, different models per product line).
+ */
+export type VendorPricingOption = {
+    /**
+     * Opaque identifier for this pricing option, unique within the vendor agent. Pass this in report_usage to identify which pricing option was applied.
+     */
+    pricing_option_id: string;
+} & VendorPricing;
+
+/**
+ * Video asset with URL and technical specifications including audio track properties
+ */
+export interface VideoAsset {
+    /**
+     * Discriminator identifying this as a video asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'video';
+    /**
+     * URL to the video asset
+     */
+    url: string;
+    /**
+     * Width in pixels
+     * @minimum 1
+     */
+    width: number;
+    /**
+     * Height in pixels
+     * @minimum 1
+     */
+    height: number;
+    /**
+     * Video duration in milliseconds
+     * @minimum 1
+     */
+    duration_ms?: number;
+    /**
+     * File size in bytes
+     * @minimum 1
+     */
+    file_size_bytes?: number;
+    /**
+     * Video container format (mp4, webm, mov, etc.)
+     */
+    container_format?: string;
+    /**
+     * Video codec used (h264, h265, vp9, av1, prores, etc.)
+     */
+    video_codec?: string;
+    /**
+     * Video stream bitrate in kilobits per second
+     * @minimum 1
+     */
+    video_bitrate_kbps?: number;
+    /**
+     * Frame rate as string to preserve precision (e.g., '23.976', '29.97', '30')
+     */
+    frame_rate?: string;
+    frame_rate_type?: FrameRateType;
+    scan_type?: ScanType;
+    /**
+     * Color space of the video
+     */
+    color_space?: 'rec709' | 'rec2020' | 'rec2100' | 'srgb' | 'dci_p3';
+    /**
+     * HDR format if applicable, or 'sdr' for standard dynamic range
+     */
+    hdr_format?: 'sdr' | 'hdr10' | 'hdr10_plus' | 'hlg' | 'dolby_vision';
+    /**
+     * Chroma subsampling format
+     */
+    chroma_subsampling?: '4:2:0' | '4:2:2' | '4:4:4';
+    /**
+     * Video bit depth
+     */
+    video_bit_depth?: 8 | 10 | 12;
+    /**
+     * GOP/keyframe interval in seconds
+     */
+    gop_interval_seconds?: number;
+    gop_type?: GOPType;
+    moov_atom_position?: MoovAtomPosition;
+    /**
+     * Whether the video contains an audio track
+     */
+    has_audio?: boolean;
+    /**
+     * Audio codec used (aac, aac_lc, he_aac, pcm, mp3, ac3, eac3, etc.)
+     */
+    audio_codec?: string;
+    /**
+     * Audio sampling rate in Hz (e.g., 44100, 48000)
+     */
+    audio_sampling_rate_hz?: number;
+    audio_channels?: AudioChannelLayout;
+    /**
+     * Audio bit depth
+     */
+    audio_bit_depth?: 16 | 24 | 32;
+    /**
+     * Audio bitrate in kilobits per second
+     * @minimum 1
+     */
+    audio_bitrate_kbps?: number;
+    /**
+     * Integrated loudness in LUFS
+     */
+    audio_loudness_lufs?: number;
+    /**
+     * True peak level in dBFS
+     */
+    audio_true_peak_dbfs?: number;
+    /**
+     * URL to captions file (WebVTT, SRT, etc.)
+     */
+    captions_url?: string;
+    /**
+     * URL to text transcript of the video content
+     */
+    transcript_url?: string;
+    /**
+     * URL to audio description track for visually impaired users
+     */
+    audio_description_url?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * Media category of the watermarked content
+ */
+export type WatermarkMediaType = 'audio' | 'image' | 'video' | 'text';
+
+/**
+ * Single webhook delivery attempt surfaced to a calling principal as a buyer-side debug aid. Represents one HTTP attempt of a logical webhook fire from the seller to the buyer's registered endpoint — retries of the same logical fire share `idempotency_key` and differ by `attempt`. This is the canonical record shape for any AdCP resource that exposes a `webhook_activity[]` log on its read API; see snapshot-and-log.mdx § Webhook activity log pattern for the full normative contract (scoping, retention, three-state presence, request-field conventions).
+ */
+export interface WebhookActivityRecord {
+    /**
+     * Equals the `idempotency_key` carried in the webhook payload itself (see docs/building/by-layer/L3/webhooks.mdx § Dedup by `idempotency_key`). Stable across retry attempts of the same logical fire — retries with `attempt` > 1 reuse this key. Buyers correlate this surface with their own endpoint logs via this exact field; the spec deliberately reuses the payload key rather than minting a parallel `delivery_id` so callers do not need a join table. Format is sender-defined; callers MUST treat as opaque.
+     */
+    idempotency_key: string;
+    /**
+     * Identifies which registered webhook subscriber received this fire. **Required on records from account-anchored notification channels** (`notification_configs[]` registered via `sync_accounts`) — every subscriber has a `subscriber_id` at registration time, the seller MUST echo it on every fire and every activity record. **Optional on records from per-resource push channels** (`push_notification_config` on a media buy or task) — the calling principal is unambiguous in single-subscriber configurations and the field MAY be omitted; sellers MUST populate it once `reporting_webhook` adopts multi-subscriber (per #3009 in AdCP 4.0). Buyers MUST NOT use absence as a signal that no other subscribers exist; that information is not exposed by this surface.
+     */
+    subscriber_id?: string;
+    /**
+     * ISO 8601 timestamp when the seller initiated the HTTP request for this attempt.
+     * @format date-time
+     */
+    fired_at: string;
+    /**
+     * ISO 8601 timestamp when the seller observed the response (or terminal timeout / connection error — for `timeout` and `connection_error` outcomes, `completed_at` is set to the moment the seller declared the attempt terminal). Explicitly `null` when the attempt is still in flight or queued for retry (status `pending`); MUST be set as `null` rather than omitted so callers can distinguish 'still in flight' from 'field missing'.
+     * @format date-time
+     */
+    completed_at?: string | null;
+    notification_type: NotificationType;
+    /**
+     * Sequence number from the webhook payload. Surfaced here so the buyer can spot stale-sequence drops and gaps without correlating against their own endpoint log. Absent for notification types that do not carry a sequence number.
+     * @minimum 0
+     */
+    sequence_number?: number;
+    /**
+     * 1-indexed retry counter for this logical fire. Initial fire is attempt=1; retries increment. Sellers MUST emit one record per attempt, so a successful first-attempt fire appears as a single record with `attempt: 1` and a 3-attempt retry trail appears as three records sharing `idempotency_key`.
+     * @minimum 1
+     */
+    attempt: number;
+    /**
+     * Outcome of this attempt. `success` — response received with 2xx (`http_status_code` populated). `failed` — response received with non-2xx (`http_status_code` populated). `timeout` — no response within the seller's configured timeout (`http_status_code` null). `connection_error` — DNS / TLS / socket failure before any HTTP response (`http_status_code` null). `pending` — attempt is in flight or queued for retry (`completed_at` null, `http_status_code` null). The `timeout` / `connection_error` split is intentional and operationally distinct: `timeout` typically signals a slow / overloaded buyer endpoint, `connection_error` typically signals it is unreachable or misconfigured.
+     */
+    status: 'success' | 'failed' | 'timeout' | 'connection_error' | 'pending';
+    /**
+     * Target URL for this fire. Query string and fragment MUST be stripped before surfacing — buyers commonly stash bearer tokens in the query string and sellers MUST NOT echo those back through this debug surface. Sellers SHOULD additionally redact path segments matching obvious secret patterns (e.g., a path segment that is high-entropy random material or matches a UUID / token format). Buyers matching this against their own configured URL should compare by origin + path; query strings will not match and that mismatch is expected.
+     */
+    url: string;
+    /**
+     * HTTP status code returned by the buyer's endpoint. Explicitly `null` when no HTTP response was received (status `timeout`, `connection_error`, or `pending`); MUST be set as `null` rather than omitted.
+     * @minimum 100
+     * @maximum 599
+     */
+    http_status_code?: number | null;
+    /**
+     * Wall-clock latency between request send and response receipt, in milliseconds. Explicitly `null` when the attempt did not complete (`timeout`, `connection_error`, `pending`); MUST be set as `null` rather than omitted.
+     * @minimum 0
+     */
+    response_time_ms?: number | null;
+    /**
+     * Size of the request body the seller sent, in bytes. Useful for diagnosing oversized-payload rejections from the buyer's gateway.
+     * @minimum 0
+     */
+    payload_size_bytes?: number;
+    /**
+     * Short human-readable server-side classification of why this attempt did not succeed (e.g., `connection refused`, `TLS handshake timeout`, `HTTP 503 Service Unavailable`). Explicitly `null` for `success` (MUST be set as `null` rather than omitted). Sellers MUST NOT include request headers, request body content, or response body content in this field — payload surfacing is reserved for a future `include_webhook_payloads` extension and is subject to stricter access controls. Sellers SHOULD also avoid including buyer-endpoint internal hostnames, stack traces, or other implementation detail leaked by the response — keep it a stable classification string.
+     * @maxLength 500
+     */
+    error_message?: string | null;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Webhook for server-side dynamic content rendering (DCO)
+ */
+export interface WebhookAsset {
+    /**
+     * Discriminator identifying this as a webhook asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'webhook';
+    /**
+     * Webhook URL to call for dynamic content
+     */
+    url: string;
+    method?: HTTPMethod;
+    /**
+     * Maximum time to wait for response in milliseconds
+     * @minimum 10
+     * @maximum 5000
+     */
+    timeout_ms?: number;
+    /**
+     * Universal macros that can be passed to webhook (e.g., DEVICE_TYPE, COUNTRY). See docs/creative/universal-macros.mdx for full list.
+     */
+    supported_macros?: (UniversalMacro | string)[];
+    /**
+     * Universal macros that must be provided for webhook to function
+     */
+    required_macros?: (UniversalMacro | string)[];
+    response_type: WebhookResponseType;
+    /**
+     * Security configuration for webhook calls
+     */
+    security: {
+        method: WebhookSecurityMethod;
+        /**
+         * Header name for HMAC signature (e.g., 'X-Signature')
+         */
+        hmac_header?: string;
+        /**
+         * Header name for API key (e.g., 'X-API-Key')
+         */
+        api_key_header?: string;
+    };
+    provenance?: Provenance;
+}
+
+/**
+ * Expected content type of webhook response
+ */
+export type WebhookResponseType = 'html' | 'json' | 'xml' | 'javascript';
+
+/**
+ * Authentication method
+ */
+export type WebhookSecurityMethod = 'hmac_sha256' | 'api_key' | 'none';
+
+/**
+ * Bundled creative asset delivered as a zip archive — typically an HTML5 banner with index.html plus supporting CSS, JS, images, and fonts. Receivers unpack the zip, validate internal structure, and serve contents from CDN. Distinct from inline HTML (html asset) and from third-party tag URLs (url asset with url_type tracker_script).
+ */
+export interface ZipAsset {
+    /**
+     * Discriminator identifying this as a zip-bundled asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'zip';
+    /**
+     * URL where the zip archive is hosted. Must be HTTPS.
+     */
+    url: string;
+    /**
+     * Maximum file size in kilobytes. Receivers should reject zips exceeding this.
+     * @minimum 0
+     */
+    max_file_size_kb?: number;
+    /**
+     * Relative path to the entry file within the zip (typically 'index.html'). Receivers default to 'index.html' if absent.
+     */
+    entry_point?: string;
+    /**
+     * File extensions permitted inside the zip (e.g., ['html', 'css', 'js', 'png', 'jpg', 'svg', 'webp', 'json', 'woff2']). Receivers may reject zips containing other extensions.
+     */
+    allowed_inner_extensions?: string[];
+    /**
+     * Fallback image URL for environments that cannot render the bundled creative (e.g., non-HTML5 endpoints, ad blockers). Recommended for HTML5 banners.
+     */
+    backup_image_url?: string;
+    /**
+     * Optional SHA-256 content digest of the zip archive (sha256:<hex>) for integrity verification. Lets receivers detect tampered or stale archives.
+     * @pattern ^sha256:[a-f0-9]{64}$
+     */
+    digest?: string;
+    /**
+     * Self-declared accessibility properties for this opaque creative
+     */
+    accessibility?: {
+        /**
+         * Text alternative describing the creative content
+         */
+        alt_text?: string;
+        /**
+         * Whether the creative can be fully operated via keyboard
+         */
+        keyboard_navigable?: boolean;
+        /**
+         * Whether the creative respects prefers-reduced-motion or provides pause/stop controls
+         */
+        motion_control?: boolean;
+        /**
+         * Whether the creative has been tested with screen readers
+         */
+        screen_reader_tested?: boolean;
+    };
+    provenance?: Provenance;
+}