@adcp/sdk 8.1.0-beta.7 → 8.1.0-beta.8

package/dist/lib/types/build-creative.d.ts

@@ -0,0 +1,2105 @@
+// AUTO-GENERATED — DO NOT EDIT.
+// Per-tool .d.ts slice for `build_creative`. Built from the published
+// `tools.generated.d.ts` + `core.generated.d.ts` + `enums.generated.d.ts`
+// by `scripts/generate-per-tool-types.ts`.
+//
+// Self-contained: imports nothing from the broader SDK. Adopters who
+// import only this slice pay a fraction of the tsc cost of pulling in
+// `@adcp/sdk` root — useful when strict + skipLibCheck:false adopters
+// hit memory pressure on the full surface.
+
+/**
+ * Request to transform, generate, or retrieve a creative manifest. Supports three modes: (1) generation from a brief or seed assets, (2) transformation of an existing manifest, (3) retrieval from a creative library by creative_id. Produces target manifest(s) in the specified format(s). Provide either target_format_id for a single format or target_format_ids for multiple formats.
+ */
+export interface BuildCreativeRequest {
+    /**
+     * Release-precision AdCP version (VERSION.RELEASE, e.g. "3.0", "3.1", "3.1-beta"). On a request: the buyer's release pin — the seller validates against its supported_versions and returns VERSION_UNSUPPORTED on cross-major mismatch, or downshifts to the highest supported release within the same major. On a response: the release the seller actually served — clients SHOULD validate the response against that release's schema, not against their pin. Patches are not negotiated; surface them as build_version on capabilities for operational visibility. When omitted, falls back to adcp_major_version (deprecated) or server default. Buyers SHOULD emit both adcp_version and adcp_major_version through 3.x to remain compatible with sellers that only read the legacy field. NORMALIZATION: SDKs that read full-semver values from bundle metadata (e.g. ComplianceIndex.published_version = "3.1.0-beta.1") MUST normalize to release-precision ("3.1-beta.1") before emitting on the wire — meta-field values are NOT valid wire values.
+     */
+    adcp_version?: string;
+    /**
+     * DEPRECATED in favor of adcp_version (release-precision string). Servers MUST continue to honor this field through 3.x. Removed in 4.0. Original semantics: the AdCP major version the buyer's payloads conform to. Sellers validate against their supported major_versions and return VERSION_UNSUPPORTED if unsupported. When omitted, the seller assumes its highest supported version.
+     */
+    adcp_major_version?: number;
+    /**
+     * Natural language instructions for the transformation or generation. For pure generation, this is the creative brief. For transformation, this provides guidance on how to adapt the creative. For refinement, this describes the desired changes.
+     */
+    message?: string;
+    creative_manifest?: CreativeManifest;
+    /**
+     * Reference to a creative in the agent's library. The creative agent resolves this to a manifest from its library. Use this instead of creative_manifest when retrieving an existing creative for tag generation or format adaptation.
+     */
+    creative_id?: string;
+    /**
+     * Creative concept containing the creative. Creative agents SHOULD assign globally unique creative_id values; when they cannot guarantee uniqueness, concept_id is REQUIRED to disambiguate.
+     */
+    concept_id?: string;
+    /**
+     * Media buy identifier for tag generation context. When the creative agent is also the ad server, this provides the trafficking context needed to generate placement-specific tags (e.g., CM360 placement ID). Not needed when tags are generated at the creative level (most creative platforms).
+     */
+    media_buy_id?: string;
+    /**
+     * Package identifier within the media buy. Used with media_buy_id when the creative agent needs line-item-level context for tag generation. Omit to get a tag not scoped to a specific package.
+     */
+    package_id?: string;
+    target_format_id?: FormatReferenceStructuredObject;
+    /**
+     * Array of format IDs to generate in a single call. Mutually exclusive with target_format_id. The creative agent produces one manifest per format. Each format definition specifies its own required input assets and output structure.
+     */
+    target_format_ids?: FormatReferenceStructuredObject[];
+    account?: AccountReference;
+    brand?: BrandReference;
+    quality?: CreativeQuality;
+    /**
+     * Maximum number of catalog items to use when generating. When a catalog asset contains more items than this limit, the creative agent selects the top items based on relevance or catalog ordering. When item_limit exceeds the format's max_items, the creative agent SHOULD use the lesser of the two. Ignored when the manifest contains no catalog assets.
+     * @minimum 1
+     */
+    item_limit?: number;
+    /**
+     * When true, requests the creative agent to include preview renders in the response alongside the manifest. Agents that support this return a 'preview' object in the response using the same structure as preview_creative. Agents that do not support inline preview simply omit the field. This avoids a separate preview_creative round trip for platforms that generate previews as a byproduct of building.
+     */
+    include_preview?: boolean;
+    /**
+     * Input sets for preview generation when include_preview is true. Each input set defines macros and context values for one preview variant. If include_preview is true but this is omitted, the agent generates a single default preview. Only supported with target_format_id (single-format requests). Ignored when using target_format_ids — multi-format requests generate one default preview per format. Ignored when include_preview is false or omitted.
+     */
+    preview_inputs?: {
+        /**
+         * Human-readable name for this input set (e.g., 'Sunny morning on mobile', 'Evening podcast ad')
+         */
+        name: string;
+        /**
+         * Macro values to use for this preview variant
+         */
+        macros?: {
+            [k: string]: string | undefined;
+        };
+        /**
+         * Natural language description of the context for AI-generated content
+         */
+        context_description?: string;
+    }[];
+    preview_quality?: CreativeQuality;
+    preview_output_format?: PreviewOutputFormat;
+    /**
+     * Macro values to pre-substitute into the output manifest's assets. Keys are universal macro names (e.g., CLICK_URL, CACHEBUSTER); values are the substitution strings. The creative agent translates universal macros to its platform's native syntax. Substitution is literal — all occurrences of each macro in output assets are replaced with the provided value. The caller is responsible for URL-encoding values if the output context requires it. Macros not provided here remain as {MACRO} placeholders for the sales agent to resolve at serve time. Creative agents MUST ignore keys they do not recognize — unknown macro names are not an error.
+     */
+    macro_values?: {
+        [k: string]: string | undefined;
+    };
+    /**
+     * Client-generated unique key for this request. Prevents duplicate creative generation on retries. MUST be unique per (seller, request) pair to prevent cross-seller correlation. Use a fresh UUID v4 for each request.
+     * @minLength 16
+     * @maxLength 255
+     * @pattern ^[A-Za-z0-9_.:-]{16,255}$
+     */
+    idempotency_key: string;
+    context?: ContextObject;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Response payload for build_creative. Exactly one of four shapes: (1) synchronous single-format success — creative_manifest issued in-line (target_format_id request); (2) synchronous multi-format success — creative_manifests issued in-line (target_format_ids request); (3) terminal failure — an errors array; (4) submitted task envelope — status 'submitted' with task_id when the build is queued (e.g., slow generative or multi-minute LLM pipeline). The submitted branch MAY carry advisory errors for non-blocking warnings; terminal failures belong in the error branch. These four shapes are mutually exclusive — a response has exactly one.
+ */
+export type BuildCreativeResponse = {
+    /**
+     * Session/conversation identifier for tracking related operations across multiple task invocations. Managed by the protocol layer to maintain conversational context. Distinct from `context` (per-request opaque echo, see below).
+     */
+    context_id?: string;
+    context?: ContextObject;
+    /**
+     * Unique identifier for tracking asynchronous operations. Present when a task requires extended processing time. Used to query task status and retrieve results when complete.
+     */
+    task_id?: string;
+    status: TaskStatus;
+    /**
+     * Human-readable summary of the task result. Provides natural language explanation of what happened, suitable for display to end users or for AI agent comprehension. Generated by the protocol layer based on the task response.
+     */
+    message?: string;
+    /**
+     * ISO 8601 timestamp when the response was generated. Useful for debugging, logging, cache validation, and tracking async operation progress.
+     */
+    timestamp?: string;
+    /**
+     * Set to true when this response was returned from the idempotency cache rather than from a fresh execution. Set to false (or omitted) when the request was executed fresh. Buyers use this to distinguish cached replays from new executions — matters for billing reconciliation, audit logs, state-machine routing (cached state-tracking fields are historical snapshots, not current state — re-read via the resource's read endpoint), and any downstream system that assumes exactly-once event semantics. From 3.1 onward, `replayed` MAY appear on responses to any request that resolved via the idempotency cache, including read tools — universal `idempotency_key` (see security.mdx §Idempotency) means the cache holds read responses too.
+     */
+    replayed?: boolean;
+    adcp_error?: Error;
+    push_notification_config?: PushNotificationConfig;
+    /**
+     * Governance context token issued by the account's governance agent during check_governance. Buyers attach it to governed purchase requests (media buys, rights acquisitions, signal activations, creative services); sellers persist it and include it on all subsequent governance calls for that action's lifecycle. An account binds to one governance agent (see sync_governance); governance is phased across `purchase` / `modification` / `delivery`, not partitioned across specialist agents, so the envelope carries a single token for the full lifecycle.
+     *
+     * Value format: governance agents MUST emit a compact JWS per the AdCP JWS profile (see Security — Signed Governance Context). Sellers MAY verify; sellers that do not verify MUST persist and forward the token unchanged. In 3.1 all sellers MUST verify. Non-JWS values from pre-3.0 governance agents are deprecated.
+     *
+     * This is the primary correlation key for audit and reporting across the governance lifecycle.
+     */
+    governance_context?: string;
+    /**
+     * Conceptual grouping for the task-specific response data defined by individual task response schemas (e.g., get-products-response.json, create-media-buy-response.json). `payload` is a documentary construct — it is NOT a required wire field, and its on-the-wire shape depends on transport (see Transport serialization below). Task response schemas declare body fields without wrapping them in a `payload` object; the wire representation places those body fields per transport convention. On MCP the body fields appear as siblings of envelope fields at the root of the tool response; on A2A they appear inside `task.artifacts[0].parts[].DataPart`; on REST they appear at the root of the JSON body.
+     */
+    payload?: {};
+    /**
+     * Release-precision AdCP version (VERSION.RELEASE, e.g. "3.0", "3.1", "3.1-beta"). On a request: the buyer's release pin — the seller validates against its supported_versions and returns VERSION_UNSUPPORTED on cross-major mismatch, or downshifts to the highest supported release within the same major. On a response: the release the seller actually served — clients SHOULD validate the response against that release's schema, not against their pin. Patches are not negotiated; surface them as build_version on capabilities for operational visibility. When omitted, falls back to adcp_major_version (deprecated) or server default. Buyers SHOULD emit both adcp_version and adcp_major_version through 3.x to remain compatible with sellers that only read the legacy field. NORMALIZATION: SDKs that read full-semver values from bundle metadata (e.g. ComplianceIndex.published_version = "3.1.0-beta.1") MUST normalize to release-precision ("3.1-beta.1") before emitting on the wire — meta-field values are NOT valid wire values.
+     */
+    adcp_version?: string;
+    /**
+     * DEPRECATED in favor of adcp_version (release-precision string). Servers MUST continue to honor this field through 3.x. Removed in 4.0. Original semantics: the AdCP major version the buyer's payloads conform to. Sellers validate against their supported major_versions and return VERSION_UNSUPPORTED if unsupported. When omitted, the seller assumes its highest supported version.
+     */
+    adcp_major_version?: number;
+} & (BuildCreativeSuccess | BuildCreativeMultiSuccess | BuildCreativeError | BuildCreativeSubmitted);
+
+/**
+ * Single-format success response. Returned when the request used target_format_id.
+ */
+export interface BuildCreativeSuccess {
+    creative_manifest: CreativeManifest;
+    /**
+     * When true, this response contains simulated data from sandbox mode.
+     */
+    sandbox?: boolean;
+    /**
+     * ISO 8601 timestamp when generated asset URLs in the manifest expire. Set to the earliest expiration across all generated assets. Re-build the creative after this time to get fresh URLs.
+     * @format date-time
+     */
+    expires_at?: string;
+    /**
+     * Preview renders included when the request set include_preview to true and the agent supports it. Contains the same content fields as a preview_creative single response (previews, interactive_url, expires_at) minus the response_type discriminator, so clients can reuse the same preview rendering logic.
+     */
+    preview?: {
+        /**
+         * Array of preview variants. Each preview corresponds to an input set from preview_inputs, or a single default preview if no inputs were provided.
+         */
+        previews: {
+            /**
+             * Unique identifier for this preview variant
+             */
+            preview_id: string;
+            /**
+             * Array of rendered pieces for this preview variant. Most formats render as a single piece. Companion ad formats render as multiple pieces.
+             */
+            renders: PreviewRender[];
+            /**
+             * The input parameters that generated this preview variant. Echoes back the request input or shows defaults used.
+             */
+            input: {
+                /**
+                 * Human-readable name for this variant
+                 */
+                name: string;
+                /**
+                 * Macro values applied to this variant
+                 */
+                macros?: {
+                    [k: string]: string | undefined;
+                };
+                /**
+                 * Context description applied to this variant
+                 */
+                context_description?: string;
+            };
+        }[];
+        /**
+         * Optional URL to an interactive testing page that shows all preview variants with controls to switch between them.
+         */
+        interactive_url?: string;
+        /**
+         * ISO 8601 timestamp when preview URLs expire. May differ from the manifest's expires_at.
+         * @format date-time
+         */
+        expires_at: string;
+    };
+    preview_error?: Error;
+    /**
+     * Which rate card pricing option was applied for this build. Present when the creative agent charges for its services. Pass this in report_usage to identify which pricing option was applied.
+     */
+    pricing_option_id?: string;
+    /**
+     * Cost incurred for this build, denominated in currency. May be 0 for CPM-priced creatives where cost accrues at serve time rather than build time.
+     * @minimum 0
+     */
+    vendor_cost?: number;
+    /**
+     * ISO 4217 currency code for vendor_cost.
+     * @pattern ^[A-Z]{3}$
+     */
+    currency?: string;
+    consumption?: CreativeConsumption;
+    context?: ContextObject;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Error response — creative generation failed. Multi-format requests (`target_format_ids[]`) are atomic per `BuildCreativeMultiSuccess` semantics: a single format failing means the entire batch returns an error response, not a partial success. Buyers diagnose per-format failures by reading the `errors[]` array's per-format attribution (see the `errors` field description).
+ */
+export interface BuildCreativeError {
+    /**
+     * Array of errors explaining why creative generation failed.
+     *
+     * **Per-format attribution on multi-format requests.** When the request used `target_format_ids[]` (a batch request), sellers MUST attribute each failure to the specific format(s) that caused it so buyers can correct and retry the failing subset rather than re-running the entire batch. Two attribution surfaces, populated together:
+     *
+     * 1. **`error.field`** — set to `target_format_ids[N]` where `N` is the zero-based index of the failing format in the request's `target_format_ids[]` array (e.g., `target_format_ids[1]` for the second requested format). Mirrors the JSONPath-lite convention `error.field` uses elsewhere. Required when the error is format-scoped.
+     * 2. **`error.details.format_id`** — the resolved `format_id` value (e.g., `"meta-reels-9x16"`). Required when the error is format-scoped. Lets buyers dispatch on the format identity without re-parsing `error.field`.
+     *
+     * Errors not attributable to a specific format (whole-batch failures: authentication, governance denial, transport-level errors) MAY omit `field` and `details.format_id`. Buyers MUST treat per-format errors as scoped to the named format only — a `correctable` error on `target_format_ids[1]` does NOT mean the buyer must reshape the entire batch; they may retry just that format with corrected input. Sellers SHOULD emit one error per failing format (rather than collapsing multiple format failures into a single error entry) so per-format recovery routing is unambiguous.
+     */
+    errors: Error[];
+    context?: ContextObject;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Async task envelope returned when build_creative cannot be confirmed before the response — for example, when a slow generative pipeline or multi-minute LLM workflow is queued. The buyer polls tasks/get with task_id or receives a webhook when the task completes; the creative_manifest(s) land on the completion artifact, not this envelope.
+ */
+export interface BuildCreativeSubmitted {
+    /**
+     * Task-level status literal. Discriminates this async envelope from the synchronous success shapes, whose creative_manifest or creative_manifests are issued in-line. See task-status.json for the full task-status enum.
+     */
+    status: 'submitted';
+    /**
+     * Task handle the buyer uses with tasks/get, and that the seller references on push-notification callbacks. Per AdCP wire conventions this is snake_case; A2A adapters MAY surface it as taskId, but the payload field emitted by the agent is task_id.
+     */
+    task_id: string;
+    /**
+     * Optional human-readable explanation of why the task is submitted — e.g., 'Generative build queued; typical turnaround 3–5 minutes.' Plain text only. Buyers MUST treat this as untrusted seller input: escape before rendering to HTML UIs, and sanitize or isolate before passing to an LLM prompt context — a hostile seller may inject prompt-injection payloads aimed at the buyer's agent.
+     * @maxLength 2000
+     */
+    message?: string;
+    /**
+     * Optional advisory errors accompanying the submitted envelope. Use only for non-blocking warnings (e.g., throttled_severity advisories, governance observations). Terminal failures belong in the error branch, not here.
+     */
+    errors?: Error[];
+    context?: ContextObject;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Account for product lookup. Returns products with pricing specific to this account's rate card.
+ */
+export type AccountReference = {
+    /**
+     * Seller-assigned account identifier (from sync_accounts or list_accounts)
+     */
+    account_id: string;
+} | {
+    brand: BrandReference;
+    /**
+     * Domain of the entity operating on the brand's behalf. When the brand operates directly, this is the brand's domain.
+     * @pattern ^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$
+     */
+    operator: string;
+    /**
+     * When true, references the sandbox account for this brand/operator pair. Defaults to false (production account).
+     */
+    sandbox?: boolean;
+};
+
+/**
+ * Canonical union of all asset variant schemas. Referenced from creative-asset.json and creative-manifest.json to ensure a single named type is emitted by schema-to-TypeScript tooling. Add new asset types here and to the creative/asset-types registry.
+ */
+export type AssetVariant = ImageAsset | VideoAsset | AudioAsset | VASTAsset | TextAsset | URLAsset | HTMLAsset | JavaScriptAsset | ZipAsset | WebhookAsset | CSSAsset | DAASTAsset | MarkdownAsset | BriefAsset | CatalogAsset | CardAsset;
+
+/**
+ * Audio asset with URL and technical specifications
+ */
+export interface AudioAsset {
+    /**
+     * Discriminator identifying this as an audio asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'audio';
+    /**
+     * URL to the audio asset
+     */
+    url: string;
+    /**
+     * Audio duration in milliseconds
+     * @minimum 0
+     */
+    duration_ms?: number;
+    /**
+     * File size in bytes
+     * @minimum 1
+     */
+    file_size_bytes?: number;
+    /**
+     * Audio container/file format (mp3, m4a, aac, wav, ogg, flac, etc.)
+     */
+    container_format?: string;
+    /**
+     * Audio codec used (aac, aac_lc, he_aac, pcm, mp3, vorbis, opus, flac, ac3, eac3, etc.)
+     */
+    codec?: string;
+    /**
+     * Sampling rate in Hz (e.g., 44100, 48000, 96000)
+     */
+    sampling_rate_hz?: number;
+    channels?: AudioChannelLayout;
+    /**
+     * Bit depth
+     */
+    bit_depth?: 16 | 24 | 32;
+    /**
+     * Bitrate in kilobits per second
+     * @minimum 1
+     */
+    bitrate_kbps?: number;
+    /**
+     * Integrated loudness in LUFS
+     */
+    loudness_lufs?: number;
+    /**
+     * True peak level in dBFS
+     */
+    true_peak_dbfs?: number;
+    /**
+     * URL to text transcript of the audio content
+     */
+    transcript_url?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * Audio channel configuration
+ */
+export type AudioChannelLayout = 'mono' | 'stereo' | '5.1' | '7.1';
+
+/**
+ * Legacy authentication schemes for the webhook auth block. Bearer: token sent in Authorization header. HMAC-SHA256: legacy shared-secret signing. Both are deprecated; new integrations SHOULD omit the authentication block and use the RFC 9421 webhook signing profile (applicable on schemas where authentication is optional). Removed in AdCP 4.0.
+ */
+export type AuthenticationScheme = 'Bearer' | 'HMAC-SHA256';
+
+/**
+ * Brand identifier within the house portfolio. Optional for single-brand domains.
+ */
+export type BrandID = string;
+
+/**
+ * Brand reference for product discovery context. Resolved to full brand identity at execution time.
+ */
+export interface BrandReference {
+    /**
+     * Domain where /.well-known/brand.json is hosted, or the brand's operating domain
+     * @pattern ^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$
+     */
+    domain: string;
+    brand_id?: BrandID;
+    /**
+     * Inline override for the brand's industries. Useful when the caller cannot modify the brand's canonical brand.json but needs to declare industries for governance (e.g., Annex III vertical detection). brand.json remains the canonical source; when omitted here, governance agents SHOULD resolve from brand.json.
+     */
+    industries?: string[];
+    /**
+     * Inline override for the brand's contestation contact point. Useful when the operator does not control brand.json but needs to discharge Art 22(3) for this plan. brand.json is canonical; when omitted, governance agents resolve brand → house → missing.
+     */
+    data_subject_contestation?: {
+        [k: string]: unknown | undefined;
+    };
+    /**
+     * Inline override for brand-kit fields normally resolved from `/.well-known/brand.json` on `domain` (logo, colors, voice, tagline). Use when brand.json is missing, stale, or inappropriate for this specific call — e.g., a campaign-scoped tagline, a co-branded creative, a freshly-rebranded color palette the brand.json hasn't shipped yet. Same inline-override pattern as `industries` and `data_subject_contestation` above: brand.json is canonical, the override is per-call. Adopters needing to override fields outside this subset (`voice_attributes`, `prohibited_terms`, etc.) MUST publish a different brand.json and reference it via a different `domain` — the inline override is intentionally narrow to a small high-traffic subset.
+     *
+     * **Merge semantics (normative).** The merge is **field-level**, not whole-object replacement. Each field within `brand_kit_override` (`logo`, `colors`, `voice`, `tagline`) is evaluated independently — when a field is present on the override the override value applies; when a field is absent the brand.json value applies (or is absent if brand.json doesn't carry one either). For composite fields (`colors.primary`, `colors.secondary`, `colors.accent`), the merge is one level deeper: each color slot is evaluated independently — a producer can override `colors.primary` while still inheriting `colors.secondary` from brand.json. SDKs MUST NOT treat a present `brand_kit_override.colors` as wiping the brand.json `colors` block entirely; only the per-slot fields present in the override take precedence. Without this rule, a partial-override semantics would diverge across SDKs and produce inconsistent rendering for the same payload.
+     */
+    brand_kit_override?: {
+        logo?: ImageAsset;
+        /**
+         * Override brand colors (hex strings).
+         */
+        colors?: {
+            /**
+             * @pattern ^#[0-9a-fA-F]{6}$
+             */
+            primary?: string;
+            /**
+             * @pattern ^#[0-9a-fA-F]{6}$
+             */
+            secondary?: string;
+            /**
+             * @pattern ^#[0-9a-fA-F]{6}$
+             */
+            accent?: string;
+        };
+        /**
+         * Override brand-voice description for surface-composed text/audio output.
+         */
+        voice?: string;
+        /**
+         * Override tagline.
+         */
+        tagline?: string;
+    };
+}
+
+/**
+ * Campaign-level creative context as an asset. Carries the creative brief through the manifest so it travels with the creative through regeneration, resizing, and auditing.
+ */
+export interface BriefAsset {
+    /**
+     * Campaign or flight name for identification
+     */
+    name: string;
+    /**
+     * Campaign objective that guides creative tone and call-to-action strategy
+     */
+    objective?: 'awareness' | 'consideration' | 'conversion' | 'retention' | 'engagement';
+    /**
+     * Desired tone for this campaign, modulating the brand's base tone (e.g., 'playful and festive', 'premium and aspirational')
+     */
+    tone?: string;
+    /**
+     * Target audience description for this campaign
+     */
+    audience?: string;
+    /**
+     * Creative territory or positioning the campaign should occupy
+     */
+    territory?: string;
+    /**
+     * Messaging framework for the campaign
+     */
+    messaging?: {
+        /**
+         * Primary headline
+         */
+        headline?: string;
+        /**
+         * Supporting tagline or sub-headline
+         */
+        tagline?: string;
+        /**
+         * Call-to-action text
+         */
+        cta?: string;
+        /**
+         * Key messages to communicate in priority order
+         */
+        key_messages?: string[];
+    };
+    /**
+     * Visual and strategic reference materials such as mood boards, product shots, example creatives, and strategy documents
+     */
+    reference_assets?: ReferenceAsset[];
+    /**
+     * Regulatory and legal compliance requirements for this campaign. Campaign-specific, regional, and product-based — distinct from brand-level disclaimers in brand.json.
+     */
+    compliance?: {
+        /**
+         * Disclosures that must appear in creatives for this campaign. Each disclosure specifies the text, where it should appear, and which jurisdictions require it.
+         */
+        required_disclosures?: {
+            /**
+             * The disclosure text that must appear in the creative
+             */
+            text: string;
+            position?: DisclosurePosition;
+            /**
+             * Jurisdictions where this disclosure is required. ISO 3166-1 alpha-2 country codes or ISO 3166-2 subdivision codes (e.g., 'US', 'GB', 'US-NJ', 'CA-QC'). If omitted, the disclosure applies to all jurisdictions in the campaign.
+             */
+            jurisdictions?: string[];
+            /**
+             * The regulation or legal authority requiring this disclosure (e.g., 'SEC Rule 156', 'FCA COBS 4.5', 'FDA 21 CFR 202')
+             */
+            regulation?: string;
+            /**
+             * Minimum display duration in milliseconds. For video/audio disclosures, how long the disclosure must be visible or audible. For static formats, how long the disclosure must remain on screen before any auto-advance.
+             */
+            min_duration_ms?: number;
+            /**
+             * Language of the disclosure text as a BCP 47 language tag (e.g., 'en', 'fr-CA', 'es'). When omitted, the disclosure is assumed to match the creative's language.
+             */
+            language?: string;
+            persistence?: DisclosurePersistence;
+        }[];
+        /**
+         * Claims that must not appear in creatives for this campaign. Creative agents should ensure generated content avoids these claims.
+         */
+        prohibited_claims?: string[];
+    };
+    /**
+     * Discriminator identifying this as a brief asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'brief';
+}
+
+/**
+ * Multi-format success response. Returned when the request used target_format_ids. Contains one manifest per requested format. Multi-format requests are atomic — all formats must succeed or the entire request fails with an error response. Array order corresponds to the target_format_ids request order.
+ */
+export interface BuildCreativeMultiSuccess {
+    /**
+     * Array of generated creative manifests, one per requested format. Each manifest contains its own format_id identifying which format it was generated for.
+     */
+    creative_manifests: CreativeManifest[];
+    /**
+     * When true, this response contains simulated data from sandbox mode.
+     */
+    sandbox?: boolean;
+    /**
+     * ISO 8601 timestamp when the earliest generated asset URL expires across all manifests. Re-build after this time to get fresh URLs.
+     * @format date-time
+     */
+    expires_at?: string;
+    /**
+     * Preview renders included when the request set include_preview to true and the agent supports it. Contains one default preview per requested format. preview_inputs is ignored for multi-format requests.
+     */
+    preview?: {
+        /**
+         * Array of preview entries, one per requested format. Array order matches creative_manifests. Each entry includes a format_id for explicit correlation.
+         */
+        previews: {
+            /**
+             * Unique identifier for this preview
+             */
+            preview_id: string;
+            format_id: FormatReferenceStructuredObject;
+            /**
+             * Array of rendered pieces for this format's preview. Most formats render as a single piece. Companion ad formats render as multiple pieces.
+             */
+            renders: PreviewRender[];
+            /**
+             * The input parameters that generated this preview. For multi-format responses, this is always a default input.
+             */
+            input: {
+                /**
+                 * Human-readable name for this preview
+                 */
+                name: string;
+                /**
+                 * Macro values applied to this preview
+                 */
+                macros?: {
+                    [k: string]: string | undefined;
+                };
+                /**
+                 * Context description applied to this preview
+                 */
+                context_description?: string;
+            };
+        }[];
+        /**
+         * Optional URL to an interactive testing page that shows all format previews with controls to switch between them.
+         */
+        interactive_url?: string;
+        /**
+         * ISO 8601 timestamp when preview URLs expire. May differ from the manifest's expires_at.
+         * @format date-time
+         */
+        expires_at: string;
+    };
+    preview_error?: Error;
+    /**
+     * Which rate card pricing option was applied for this build. Represents the total cost of the entire multi-format build call. Present when the creative agent charges for its services.
+     */
+    pricing_option_id?: string;
+    /**
+     * Total cost incurred for this multi-format build, denominated in currency. May be 0 for CPM-priced creatives where cost accrues at serve time.
+     * @minimum 0
+     */
+    vendor_cost?: number;
+    /**
+     * ISO 4217 currency code for vendor_cost.
+     * @pattern ^[A-Z]{3}$
+     */
+    currency?: string;
+    consumption?: CreativeConsumption;
+    context?: ContextObject;
+    ext?: ExtensionObject;
+}
+
+/**
+ * C2PA action classification for this watermark
+ */
+export type C2PAWatermarkAction = 'c2pa.watermarked.bound' | 'c2pa.watermarked.unbound';
+
+/**
+ * CSS stylesheet asset
+ */
+export interface CSSAsset {
+    /**
+     * Discriminator identifying this as a CSS asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'css';
+    /**
+     * CSS content
+     */
+    content: string;
+    /**
+     * CSS media query context (e.g., 'screen', 'print')
+     */
+    media?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * The v2 canonical-format-kind this v1 format projects to (`image`, `html5`, `display_tag`, `image_carousel`, `video_hosted`, `video_vast`, `audio_hosted`, `audio_daast`, `sponsored_placement`, `responsive_creative`, `agent_placement`, or `custom`).
+ */
+export type CanonicalFormatKind = 'image' | 'html5' | 'display_tag' | 'image_carousel' | 'video_hosted' | 'video_vast' | 'audio_hosted' | 'audio_daast' | 'sponsored_placement' | 'native_in_feed' | 'responsive_creative' | 'agent_placement' | 'custom';
+
+/**
+ * A single card in a multi-card creative (image_carousel, future composed carousels). Carries: `media` (an image OR video asset), optional `headline` (short text), optional `description` (longer text), optional `cta` (call-to-action label), optional `landing_page_url` (url asset with `url_type: "clickthrough"`).
+ *
+ * Covers the multi-card patterns across Meta carousel, Pinterest sponsored pin, Snap Collection, TikTok carousel, and AI-surface result cards. The two-field text shape (`headline` + `description`) reflects how almost every adopter splits short labels from longer copy; Pinterest pin description and Meta per-card description both go in `description`.
+ *
+ * Used as the array element type for the `cards` slot on image_carousel canonicals. Adopters MUST NOT invent per-card key conventions like `card_0_headline` / `cards.0.headline` — the manifest's `assets.cards` value is an array of card-asset objects, period. Per-card platform extensions (e.g., Meta-specific carousel attributes, Pinterest rich-pin metadata, Snap Collection price tags) attach via the `platform_extensions` field, never via inline non-canonical keys.
+ */
+export interface CardAsset {
+    /**
+     * Discriminator identifying this as a card asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'card';
+    /**
+     * The card's primary visual asset. Either an `image` or `video` asset, matching the parent format's `allowed_card_media_asset_types` parameter.
+     */
+    media: ImageAsset | VideoAsset;
+    /**
+     * Optional per-card short text label (typically 25-40 chars). Length governed by `card_headline_max_chars` on the format declaration. Meta carousel headline, Pinterest pin title, Snap Collection sticker text, TikTok caption-short.
+     */
+    headline?: string;
+    /**
+     * Optional per-card longer text (typically 100-500 chars). Distinct from `headline`: `description` is body copy, `headline` is the label. Length governed by `card_description_max_chars` on the format declaration. Meta carousel description, Pinterest pin description, AI-surface result body text, TikTok long caption.
+     */
+    description?: string;
+    /**
+     * Optional per-card call-to-action label (e.g., 'SHOP_NOW', 'LEARN_MORE'). When the parent format declares `cta_values` (allowed CTA labels), the per-card `cta` MUST be one of those values. Lets a Meta or TikTok carousel show different CTAs per card.
+     */
+    cta?: string;
+    landing_page_url?: URLAsset;
+    /**
+     * Per-card platform-specific extensions (URI+digest references). Same hosting model as format-level platform_extensions. Use this for Meta carousel-card attributes, Pinterest pin overrides, etc. — NEVER inline non-canonical keys on the card object directly.
+     */
+    platform_extensions?: PlatformExtensionReference[];
+    provenance?: Provenance;
+}
+
+/**
+ * A typed data feed as a creative asset. Carries catalog context (products, stores, jobs, etc.) within the manifest's assets map.
+ */
+export interface CatalogAsset {
+    /**
+     * Buyer's identifier for this catalog. Required when syncing via sync_catalogs. When used in creatives, references a previously synced catalog on the account.
+     */
+    catalog_id?: string;
+    /**
+     * Human-readable name for this catalog (e.g., 'Summer Products 2025', 'Amsterdam Store Locations').
+     */
+    name?: string;
+    type: CatalogType;
+    /**
+     * URL to an external catalog feed. The platform fetches and resolves items from this URL. For offering-type catalogs, the feed contains an array of Offering objects. For other types, the feed format is determined by feed_format. When omitted with type 'product', the platform uses its synced copy of the brand's product catalog.
+     */
+    url?: string;
+    feed_format?: FeedFormat;
+    update_frequency?: UpdateFrequency;
+    /**
+     * Inline catalog data. The item schema depends on the catalog type: Offering objects for 'offering', StoreItem for 'store', HotelItem for 'hotel', FlightItem for 'flight', JobItem for 'job', VehicleItem for 'vehicle', RealEstateItem for 'real_estate', EducationItem for 'education', DestinationItem for 'destination', AppItem for 'app', or freeform objects for 'product', 'inventory', and 'promotion'. Mutually exclusive with url — provide one or the other, not both. Implementations should validate items against the type-specific schema.
+     */
+    items?: {}[];
+    /**
+     * Filter catalog to specific item IDs. For offering-type catalogs, these are offering_id values. For product-type catalogs, these are SKU identifiers.
+     */
+    ids?: string[];
+    /**
+     * Filter product-type catalogs by GTIN identifiers for cross-retailer catalog matching. Accepts standard GTIN formats (GTIN-8, UPC-A/GTIN-12, EAN-13/GTIN-13, GTIN-14). Only applicable when type is 'product'.
+     */
+    gtins?: string[];
+    /**
+     * Filter catalog to items with these tags. Tags are matched using OR logic — items matching any tag are included.
+     */
+    tags?: string[];
+    /**
+     * Filter catalog to items in this category (e.g., 'beverages/soft-drinks', 'chef-positions').
+     */
+    category?: string;
+    /**
+     * Natural language filter for catalog items (e.g., 'all pasta sauces under $5', 'amsterdam vacancies').
+     */
+    query?: string;
+    /**
+     * Event types that represent conversions for items in this catalog. Declares what events the platform should attribute to catalog items — e.g., a job catalog converts via submit_application, a product catalog via purchase. The event's content_ids field carries the item IDs that connect back to catalog items. Use content_id_type to declare what identifier type content_ids values represent.
+     */
+    conversion_events?: EventType[];
+    content_id_type?: ContentIDType;
+    /**
+     * Declarative normalization rules for external feeds. Maps non-standard feed field names, date formats, price encodings, and image URLs to the AdCP catalog item schema. Applied during sync_catalogs ingestion. Supports field renames, named transforms (date, divide, boolean, split), static literal injection, and assignment of image URLs to typed asset pools.
+     */
+    feed_field_mappings?: CatalogFieldMapping[];
+    /**
+     * Discriminator identifying this as a catalog asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'catalog';
+}
+
+/**
+ * Declares how a field in an external feed maps to the AdCP catalog item schema. Used in sync_catalogs feed_field_mappings to normalize non-AdCP feeds (Google Merchant Center, LinkedIn Jobs XML, hotel XML, etc.) to the standard catalog item schema without requiring the buyer to preprocess every feed. Multiple mappings can assemble a nested object via dot notation (e.g., separate mappings for price.amount and price.currency).
+ */
+export interface CatalogFieldMapping {
+    /**
+     * Field name in the external feed record. Omit when injecting a static literal value (use the value property instead).
+     */
+    feed_field?: string;
+    /**
+     * Target field on the catalog item schema, using dot notation for nested fields (e.g., 'name', 'price.amount', 'location.city'). Mutually exclusive with asset_group_id.
+     */
+    catalog_field?: string;
+    /**
+     * Places the feed field value (a URL) into a typed asset pool on the catalog item's assets array. The value is wrapped as an image or video asset in a group with this ID. Use standard group IDs: 'images_landscape', 'images_vertical', 'images_square', 'logo', 'video'. Mutually exclusive with catalog_field.
+     */
+    asset_group_id?: string;
+    /**
+     * Static literal value to inject into catalog_field for every item, regardless of what the feed contains. Mutually exclusive with feed_field. Useful for fields the feed omits (e.g., currency when price is always USD, or a constant category value).
+     */
+    value?: unknown;
+    /**
+     * Named transform to apply to the feed field value before writing to the catalog schema. See transform-specific parameters (format, timezone, by, separator).
+     */
+    transform?: 'date' | 'divide' | 'boolean' | 'split';
+    /**
+     * For transform 'date': the input date format string (e.g., 'YYYYMMDD', 'MM/DD/YYYY', 'DD-MM-YYYY'). Output is always ISO 8601 (e.g., '2025-03-01'). Uses Unicode date pattern tokens.
+     */
+    format?: string;
+    /**
+     * For transform 'date': the timezone of the input value. IANA timezone identifier (e.g., 'UTC', 'America/New_York', 'Europe/Amsterdam'). Defaults to UTC when omitted.
+     */
+    timezone?: string;
+    /**
+     * For transform 'divide': the divisor to apply (e.g., 100 to convert integer cents to decimal dollars).
+     */
+    by?: number;
+    /**
+     * For transform 'split': the separator character or string to split on. Defaults to ','.
+     */
+    separator?: string;
+    /**
+     * Fallback value to use when feed_field is absent, null, or empty. Applied after any transform would have been applied. Allows optional feed fields to have a guaranteed baseline value.
+     */
+    default?: unknown;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Catalog type. Structural types: 'offering' (AdCP Offering objects), 'product' (ecommerce entries), 'inventory' (stock per location), 'store' (physical locations), 'promotion' (deals and pricing). Vertical types: 'hotel', 'flight', 'job', 'vehicle', 'real_estate', 'education', 'destination', 'app' — each with an industry-specific item schema.
+ */
+export type CatalogType = 'offering' | 'product' | 'inventory' | 'store' | 'promotion' | 'hotel' | 'flight' | 'job' | 'vehicle' | 'real_estate' | 'education' | 'destination' | 'app';
+
+/**
+ * Identifier type that the event's content_ids field should be matched against for items in this catalog. For example, 'gtin' means content_ids values are Global Trade Item Numbers, 'sku' means retailer SKUs. Omit when using a custom identifier scheme not listed in the enum.
+ */
+export type ContentIDType = 'sku' | 'gtin' | 'offering_id' | 'job_id' | 'hotel_id' | 'flight_id' | 'vehicle_id' | 'listing_id' | 'store_id' | 'program_id' | 'destination_id' | 'app_id';
+
+/**
+ * Opaque correlation data that is echoed unchanged in responses. Used for internal tracking, UI session IDs, trace IDs, and other caller-specific identifiers that don't affect protocol behavior. Context data is never parsed by AdCP agents - it's simply preserved and returned.
+ */
+export interface ContextObject {
+}
+
+/**
+ * Structured consumption details for this build. Informational — lets the buyer verify that vendor_cost is consistent with the rate card. vendor_cost is the billing source of truth.
+ */
+export interface CreativeConsumption {
+    /**
+     * LLM or generation tokens consumed during creative generation.
+     * @minimum 0
+     */
+    tokens?: number;
+    /**
+     * Number of images produced during generation.
+     * @minimum 0
+     */
+    images_generated?: number;
+    /**
+     * Number of render passes performed (video, animation).
+     * @minimum 0
+     */
+    renders?: number;
+    /**
+     * Processing time billed, in seconds. For compute-time pricing models.
+     * @minimum 0
+     */
+    duration_seconds?: number;
+}
+
+/**
+ * Industry-standard identifier types for advertising creatives. These identifiers are managed by external registries and used across the supply chain to track and reference specific creative assets.
+ */
+export type CreativeIdentifierType = 'ad_id' | 'isci' | 'clearcast_clock';
+
+/**
+ * Creative manifest to transform or generate from. For pure generation, this should include the target format_id and any required input assets. For transformation (e.g., resizing, reformatting), this is the complete creative to adapt. When creative_id is provided, the agent resolves the creative from its library and this field is ignored.
+ */
+export type CreativeManifest = {
+    format_id?: FormatReferenceStructuredObject;
+    format_kind?: CanonicalFormatKind;
+    /**
+     * v2 path, optional. Stable identifier matching one of the seller's product `format_options[i].capability_id` values. REQUIRED when the target product carries multiple `format_options` entries sharing the same `format_kind` (the buyer must disambiguate which option this manifest matches). When the product's `format_options` has a single entry — or multiple entries with distinct `format_kind` values — `capability_id` is OPTIONAL because `format_kind` alone routes the manifest to the right declaration.
+     */
+    capability_id?: string;
+    /**
+     * Map of slot keys to actual asset content. v1 path: each key matches an `asset_id` from the format's `assets` array (e.g., 'banner_image', 'clickthrough_url', 'video_file', 'vast_tag'). v2 path: each key matches an `asset_group_id` from the format's `slots` declaration drawn from the canonical vocabulary registry (e.g., 'images_landscape', 'video', 'landing_page_url', 'vast_tag', 'script', 'creative_brief'). Either path produces the same envelope shape; only the slot-key vocabulary differs.
+     *
+     * Each slot value is **either** a single asset object (most slots — image, video, vast_tag, landing_page_url, etc.) **or** an array of asset objects (slots with `min`/`max` counts on the format declaration — `cards` on `image_carousel`, `headlines` / `descriptions` / `images_landscape` on `responsive_creative`, etc.). Single-vs-array shape is governed by the format's `slots[].min` and `slots[].max` parameters: when `max > 1` (or when the slot is conceptually a pool), the value MUST be an array; when the slot is single-valued, the value MUST be a single object. Each asset value (single or array element) carries an `asset_type` discriminator (image, video, audio, vast, daast, text, markdown, url, html, css, webhook, javascript, brief, catalog, zip, card) that selects the matching asset schema. Validators with OpenAPI-style discriminator support use `asset_type` to report errors against only the selected branch instead of all branches.
+     */
+    assets: {
+        /**
+         * This interface was referenced by `undefined`'s JSON-Schema definition
+         * via the `patternProperty` "^[a-z0-9_]+$".
+         */
+        [k: string]: AssetVariant | AssetVariant[];
+    };
+    brand?: BrandReference;
+    /**
+     * Rights constraints attached to this creative. Each entry represents constraints from a single rights holder. A creative may combine multiple rights constraints (e.g., talent likeness + music license). For v1, rights constraints are informational metadata — the buyer/orchestrator manages creative lifecycle against these terms.
+     */
+    rights?: RightsConstraint[];
+    /**
+     * Industry-standard identifiers for this specific manifest (e.g., Ad-ID, ISCI, Clearcast clock number). When present, overrides creative-level identifiers. Use when different format versions of the same source creative have distinct Ad-IDs (e.g., the :15 and :30 cuts).
+     */
+    industry_identifiers?: IndustryIdentifier[];
+    provenance?: Provenance;
+    ext?: ExtensionObject;
+} & (V1ManifestNamedFormatReference | V2ManifestCanonicalFormatKind);
+
+/**
+ * Quality tier for generation. 'draft' produces fast, lower-fidelity output for iteration and review. 'production' produces full-quality output for final delivery. If omitted, the creative agent uses its own default. For non-generative transforms (e.g., format resizing), creative agents MAY ignore this field.
+ */
+export type CreativeQuality = 'draft' | 'production';
+
+/**
+ * DAAST (Digital Audio Ad Serving Template) tag for third-party audio ad serving
+ */
+export type DAASTAsset = {
+    /**
+     * Discriminator identifying this as a DAAST asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'daast';
+    daast_version?: DAASTVersion;
+    /**
+     * Expected audio duration in milliseconds (if known)
+     * @minimum 0
+     */
+    duration_ms?: number;
+    /**
+     * Tracking events supported by this DAAST tag
+     */
+    tracking_events?: DAASTTrackingEvent[];
+    /**
+     * Whether companion display ads are included
+     */
+    companion_ads?: boolean;
+    /**
+     * URL to text transcript of the audio content
+     */
+    transcript_url?: string;
+    provenance?: Provenance;
+} & ({
+    /**
+     * Discriminator indicating DAAST is delivered via URL endpoint
+     */
+    delivery_type: 'url';
+    /**
+     * URL endpoint that returns DAAST XML
+     */
+    url: string;
+} | {
+    /**
+     * Discriminator indicating DAAST is delivered as inline XML content
+     */
+    delivery_type: 'inline';
+    /**
+     * Inline DAAST XML content
+     */
+    content: string;
+});
+
+/**
+ * Tracking events for audio ads. Aligned to the IAB DAAST 1.1 `Tracking@event` enumeration from §3.2.1.7 of the spec (creativeView, start, firstQuartile, midpoint, thirdQuartile, complete, mute, unmute, pause, rewind, resume, skip, progress) — plus `close` (referenced descriptively in DAAST 1.1 §3.2.4.2 contrasting it with `skip`), and AdCP-flattened representations of the `Impression`, `Error`, and click elements (`<Impression>`, `<Error>`, and the click children of `<AdInteractions>`) so a single declared list can cover everything a measurement vendor wants to track. `viewable` / `notViewable` / `viewUndetermined` and `measurableImpression` / `viewableImpression` are AdCP extensions for OM-SDK Audio measurability signals (DAAST 1.1 itself does not define a `<ViewableImpression>` element). DAAST 1.1 audio-incompatible video events are deliberately omitted: no `loaded`, `playerExpand` / `playerCollapse`, `fullscreen` / `exitFullscreen`, `acceptInvitation`, `adExpand` / `adCollapse`, `minimize`, `overlayViewDuration`, or `interactiveStart`.
+ */
+export type DAASTTrackingEvent = 'impression' | 'creativeView' | 'start' | 'firstQuartile' | 'midpoint' | 'thirdQuartile' | 'complete' | 'mute' | 'unmute' | 'pause' | 'resume' | 'rewind' | 'skip' | 'progress' | 'clickTracking' | 'customClick' | 'close' | 'error' | 'viewable' | 'notViewable' | 'viewUndetermined' | 'measurableImpression' | 'viewableImpression';
+
+/**
+ * DAAST specification version
+ */
+export type DAASTVersion = '1.0' | '1.1';
+
+/**
+ * IPTC-aligned classification of AI involvement in producing this content
+ */
+export type DigitalSourceType = 'digital_capture' | 'digital_creation' | 'trained_algorithmic_media' | 'composite_with_trained_algorithmic_media' | 'algorithmic_media' | 'composite_capture' | 'composite_synthetic' | 'human_edits' | 'data_driven_media';
+
+/**
+ * How long the disclosure must persist during content playback or display
+ */
+export type DisclosurePersistence = 'continuous' | 'initial' | 'flexible';
+
+/**
+ * Where a required disclosure should appear within a creative. Used by creative briefs to specify disclosure placement and by formats to declare which positions they can render.
+ */
+export type DisclosurePosition = 'prominent' | 'footer' | 'audio' | 'subtitle' | 'overlay' | 'end_card' | 'pre_roll' | 'companion';
+
+/**
+ * How provenance data is carried within the content
+ */
+export type EmbeddedProvenanceMethod = 'manifest_wrapper' | 'provenance_markers';
+
+/**
+ * Standard marketing event types for event logging, aligned with IAB ECAPI
+ */
+export type EventType = 'page_view' | 'view_content' | 'select_content' | 'select_item' | 'search' | 'share' | 'add_to_cart' | 'remove_from_cart' | 'viewed_cart' | 'add_to_wishlist' | 'initiate_checkout' | 'add_payment_info' | 'purchase' | 'refund' | 'lead' | 'qualify_lead' | 'close_convert_lead' | 'disqualify_lead' | 'complete_registration' | 'subscribe' | 'start_trial' | 'app_install' | 'app_launch' | 'contact' | 'schedule' | 'donate' | 'submit_application' | 'custom';
+
+/**
+ * Extension object for platform-specific, vendor-namespaced parameters. Extensions are always optional and must be namespaced under a vendor/platform key (e.g., ext.gam, ext.roku). Used for custom capabilities, partner-specific configuration, and features being proposed for standardization.
+ */
+export interface ExtensionObject {
+}
+
+/**
+ * Format of the external feed at url. Required when url points to a non-AdCP feed (e.g., Google Merchant Center XML, Meta Product Catalog). Omit for offering-type catalogs where the feed is native AdCP JSON.
+ */
+export type FeedFormat = 'google_merchant_center' | 'facebook_catalog' | 'shopify' | 'linkedin_jobs' | 'custom';
+
+/**
+ * A JSON object — never a plain string — that identifies a creative format by its declaring agent and local slug. Required properties: agent_url (URI of the agent that owns the format) and id (slug matching [a-zA-Z0-9_-]+). Example: {"agent_url": "https://creative.adcontextprotocol.org", "id": "display_300x250"}. Can reference: (1) a concrete format with fixed dimensions (id only), (2) a template format without parameters (id only), or (3) a template format with parameters (id + dimensions/duration). Template formats accept parameters in format_id while concrete formats have fixed dimensions in their definition. Parameterized format IDs create unique, specific format variants. Using a plain string here is a schema violation.
+ */
+export interface FormatReferenceStructuredObject {
+    /**
+     * URL of the agent that defines this format (e.g., 'https://creative.adcontextprotocol.org' for standard formats, or 'https://publisher.com/.well-known/adcp/sales' for custom formats). Callers comparing two `format-id` values MUST canonicalize `agent_url` per the AdCP URL canonicalization rules before treating two formats as the same. See docs/reference/url-canonicalization.
+     */
+    agent_url: string;
+    /**
+     * Format identifier within the agent's namespace (e.g., 'display_static', 'video_hosted', 'audio_standard'). When used alone, references a template format. When combined with dimension/duration fields, creates a parameterized format ID for a specific variant.
+     * @pattern ^[a-zA-Z0-9_-]+$
+     */
+    id: string;
+    /**
+     * Width in pixels for visual formats. When specified, height must also be specified. Both fields together create a parameterized format ID for dimension-specific variants.
+     * @minimum 1
+     */
+    width?: number;
+    /**
+     * Height in pixels for visual formats. When specified, width must also be specified. Both fields together create a parameterized format ID for dimension-specific variants.
+     * @minimum 1
+     */
+    height?: number;
+    /**
+     * Duration in milliseconds for time-based formats (video, audio). When specified, creates a parameterized format ID. Omit to reference a template format without parameters.
+     * @minimum 1
+     */
+    duration_ms?: number;
+}
+
+/**
+ * Whether the video uses a constant or variable frame rate. Broadcast and SSAI contexts require constant frame rate for seamless splicing.
+ */
+export type FrameRateType = 'constant' | 'variable';
+
+/**
+ * Group of Pictures structure. SSAI and broadcast require closed GOPs for clean splice points; open GOPs may produce artifacts at ad boundaries.
+ */
+export type GOPType = 'closed' | 'open';
+
+/**
+ * Inline HTML content asset. For URL-delivered HTML5 banner bundles, use the zip asset type instead. For single-URL iframe-rendered tag references, use the url asset type with an appropriate url_type.
+ */
+export interface HTMLAsset {
+    /**
+     * Discriminator identifying this as an HTML asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'html';
+    /**
+     * HTML content
+     */
+    content: string;
+    /**
+     * HTML version (e.g., 'HTML5')
+     */
+    version?: string;
+    /**
+     * Self-declared accessibility properties for this opaque creative
+     */
+    accessibility?: {
+        /**
+         * Text alternative describing the creative content
+         */
+        alt_text?: string;
+        /**
+         * Whether the creative can be fully operated via keyboard
+         */
+        keyboard_navigable?: boolean;
+        /**
+         * Whether the creative respects prefers-reduced-motion or provides pause/stop controls
+         */
+        motion_control?: boolean;
+        /**
+         * Whether the creative has been tested with screen readers
+         */
+        screen_reader_tested?: boolean;
+    };
+    provenance?: Provenance;
+}
+
+/**
+ * HTTP method
+ */
+export type HTTPMethod = 'GET' | 'POST';
+
+/**
+ * Override logo asset.
+ */
+export interface ImageAsset {
+    /**
+     * Discriminator identifying this as an image asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'image';
+    /**
+     * URL to the image asset
+     */
+    url: string;
+    /**
+     * Width in pixels
+     * @minimum 1
+     */
+    width: number;
+    /**
+     * Height in pixels
+     * @minimum 1
+     */
+    height: number;
+    /**
+     * Image file format (jpg, png, gif, webp, etc.)
+     */
+    format?: string;
+    /**
+     * Alternative text for accessibility
+     */
+    alt_text?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * An industry-standard identifier for an advertising creative (e.g., Ad-ID, ISCI, Clearcast clock number). These identifiers are managed by external registries and used across the supply chain to track and reference specific creative assets.
+ */
+export interface IndustryIdentifier {
+    type: CreativeIdentifierType;
+    /**
+     * The identifier value (e.g., 'ABCD1234000H' for Ad-ID)
+     * @maxLength 64
+     */
+    value: string;
+}
+
+/**
+ * Inline JavaScript content asset. For URL-delivered third-party tag scripts, use the url asset type with url_type 'tracker_script'. For HTML5 banner bundles that include JavaScript, use the zip asset type.
+ */
+export interface JavaScriptAsset {
+    /**
+     * Discriminator identifying this as a JavaScript asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'javascript';
+    /**
+     * JavaScript content
+     */
+    content: string;
+    module_type?: JavaScriptModuleType;
+    /**
+     * Self-declared accessibility properties for this opaque creative
+     */
+    accessibility?: {
+        /**
+         * Text alternative describing the creative content
+         */
+        alt_text?: string;
+        /**
+         * Whether the creative can be fully operated via keyboard
+         */
+        keyboard_navigable?: boolean;
+        /**
+         * Whether the creative respects prefers-reduced-motion or provides pause/stop controls
+         */
+        motion_control?: boolean;
+        /**
+         * Whether the creative has been tested with screen readers
+         */
+        screen_reader_tested?: boolean;
+    };
+    provenance?: Provenance;
+}
+
+/**
+ * JavaScript module type
+ */
+export type JavaScriptModuleType = 'esm' | 'commonjs' | 'script';
+
+/**
+ * Markdown-formatted text content following CommonMark specification
+ */
+export interface MarkdownAsset {
+    /**
+     * Discriminator identifying this as a markdown asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'markdown';
+    /**
+     * Markdown content following CommonMark spec with optional GitHub Flavored Markdown extensions
+     */
+    content: string;
+    /**
+     * Language code (e.g., 'en', 'es', 'fr')
+     */
+    language?: string;
+    markdown_flavor?: MarkdownFlavor;
+    /**
+     * Whether raw HTML blocks are allowed in the markdown. False recommended for security.
+     */
+    allow_raw_html?: boolean;
+}
+
+/**
+ * Markdown flavor used. CommonMark for strict compatibility, GFM for tables/task lists/strikethrough.
+ */
+export type MarkdownFlavor = 'commonmark' | 'gfm';
+
+/**
+ * Position of the moov atom in an MP4 container. 'start' enables progressive download without buffering the entire file; required for streaming ad delivery.
+ */
+export type MoovAtomPosition = 'start' | 'end';
+
+/**
+ * REQUIRED when `format_kind: "custom"`; otherwise MUST be absent. URI+digest reference to a fetchable schema describing this custom shape's actual `params` and `slots`. Same hosting model as `platform_extensions`: open-ecosystem publishers host the artifact at the canonical URI on their subdomain; closed-platform / walled-garden shapes resolve through the AAO mirror at `https://creative.adcontextprotocol.org/translated/...`. Buyer agents fetch by `uri@digest` (immutable per digest, aggressive caching, `Cache-Control: public, max-age=31536000, immutable`), validate `params` and `slots` against the fetched schema, and reason about manifests structurally — same mechanic as platform_extensions but at the format-structure level. Without `format_schema`, custom shapes would be opaque to buyer agents and the protocol would regress to per-seller integration code; that's why the schema is required, not optional.
+ *
+ * **Fetch contract (normative)** — `format_schema` is load-bearing for validation (unlike `platform_extensions`, which is informational on the *consumption* side). The *transport* rules below apply identically to BOTH fields — any SDK fetching a `platform-extension-ref.json` URI MUST apply this contract regardless of whether the field name is `format_schema` or `platform_extensions`. A shared SDK fetch path that drops to the weakest bar undermines `format_schema`'s hardening. The consumption distinction (load-bearing vs informational) is about *what the body means*; the transport distinction is `https`-and-allowlisted regardless.
+ *
+ * - **Transport**: `https` only. Buyers MUST reject `http://`, `file://`, `data:`, and any non-`https` scheme. The URI MUST resolve to a JSON document that is itself a valid JSON Schema (Draft 07 or 2020-12; producers MUST declare `$schema`).
+ * - **SSRF protection**: buyers MUST resolve the URI hostname and reject if any resolved address is in RFC 1918 private space (`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`), loopback (`127.0.0.0/8`, `::1`), link-local (`169.254.0.0/16`, `fe80::/10`), CGNAT (`100.64.0.0/10`), or any RFC 6761 special-use name (`.local`, `.localhost`, `.internal`, `.test`, `.example`, `.invalid`). Cloud metadata endpoints (`169.254.169.254`, `metadata.google.internal`, `kubernetes.default.svc`) are explicitly forbidden — these are credential-leak primitives. Buyers MUST pin the connection to the resolved IP (or re-resolve and re-validate the allowlist per request) to defeat DNS rebinding.
+ * - **HTTP redirects**: MUST be disabled. If a follow is implemented at all, the redirect target MUST pass the same scheme + SSRF + allowlist checks; otherwise the fetch hard-fails. Open redirects on same-origin paths are otherwise a free SSRF primitive.
+ * - **Response size cap**: response body MUST be capped at 1 MiB. Enforce during streaming, not after full buffering. Over-cap hard-fails identically to digest mismatch.
+ * - **Timeout**: SDKs SHOULD apply a fetch timeout ≤5 seconds. Timeout SHOULD be treated identically to an HTTP 5xx response (transient — retry policy at the SDK's discretion; on persistent failure surface as unresolved and skip the declaration for this session).
+ * - **Digest verification**: SHA-256 of the response body MUST equal `digest`. **Digest mismatch is a hard fail** — the buyer MUST treat the format declaration as unresolvable and MUST NOT validate manifests against the mismatched body. A divergent digest is either a malicious substitution or producer error; either way, falling back to the un-verified body breaks the trust model. Digest format: `sha256:` prefix + 64 lowercase hex characters. Cache key is `uri@digest`; digest mismatch MUST NOT be cached as a negative result keyed on `uri` alone (defeats CDN-flap recovery), and MUST be distinguishable in telemetry from network 5xx / 404 (sustained mismatch is a substitution-attack signal, not a flap).
+ * - **Sandboxing of `$ref`**: fetched schemas MAY use `$ref`. Buyers MUST resolve `$ref` only to URIs that are (a) same-origin as the parent `format_schema.uri` after RFC 3986 §6 normalization (lowercase scheme + host, strip default port, normalize path dot-segments, no userinfo component), OR (b) hosted under the AAO catalog domain (`https://creative.adcontextprotocol.org/...`), OR (c) intra-document JSON Pointer refs (`#/...`) bounded to the parent document's parsed tree. Cross-origin `$ref` to arbitrary URIs MUST be rejected. `$ref: file://...` MUST be rejected unconditionally. Transitive `$ref` chains MUST be bounded at depth ≤8 AND `$ref` count ≤256 across the resolved tree (depth 8 with breadth 100 per level is 10^16 nodes — depth alone is not enough). Publishers SHOULD inline rather than $ref where possible.
+ * - **Schema-compile bounds (DoS protection)**: validators MUST bound CPU/memory on fetched schemas. Recommended: compiled-schema keyword count ≤10 000, `pattern` regexes evaluated with a non-backtracking engine (re2) OR under a per-pattern timeout, per-manifest validation budget ≤250 ms (exceeded budget → treat manifest as invalid, surface telemetry signal). Without these, a 'valid' schema with catastrophic regex backtracking or exponential `allOf`/`anyOf` expansion pins a CPU forever.
+ * - **Cache**: buyers cache fetched schemas by `uri@digest` and treat them as immutable (the same hosting contract as `platform_extensions`). On `404`, network partition, or persistent fetch failure, buyers SHOULD degrade gracefully (treat the declaration as unresolved, skip it for the current `get_products` response, surface via `errors[]` with the relevant code) rather than failing the entire session.
+ * - **Schema-not-valid handling**: if the fetched body parses as JSON but is not a valid JSON Schema, the buyer MUST treat the declaration as unresolvable (same as digest mismatch) and surface via `errors[]`. Validators MUST NOT attempt partial validation against an invalid schema.
+ * - **AAO catalog trust**: `https://creative.adcontextprotocol.org/*` is a single trust anchor in the same-origin allowlist; compromise of the catalog domain or its CA compromises every buyer agent. Catalog-served bodies MUST be digest-pinned identically to origin fetches (the digest is on the *parent* `format_schema.uri@digest`, not on the catalog response). Future hardening (signed bodies, transparency log) is tracked separately.
+ */
+export interface PlatformExtensionReference {
+    /**
+     * HTTPS URL identifying the extension. `https://` is mandatory — `http://`, `file://`, `data:`, and other schemes are rejected at the schema layer (defense-in-depth on top of the fetch-contract normative rules). The URI base is the owning agent's URL; the path identifies the extension within that agent. Example: 'https://creative.adcontextprotocol.org/translated/meta/extensions/meta_pixel'. The full fetch contract — SSRF allowlist, response-size cap, $ref sandbox, schema-compile bounds — is documented on `product-format-declaration.json#format_schema` and applies to ALL fetches of this reference shape regardless of whether the field is named `format_schema` (load-bearing for validation) or `platform_extensions` (informational); the *transport* rules are identical, only the *consumption* semantics differ.
+     * @pattern ^https:\/\/
+     */
+    uri: string;
+    /**
+     * SHA-256 content digest of the extension definition (sha256:<hex>). Used to detect drift — if the agent revises the extension, the digest changes and cached definitions become invalid.
+     * @pattern ^sha256:[a-f0-9]{64}$
+     */
+    digest: string;
+}
+
+/**
+ * Output format for preview renders when include_preview is true. 'url' returns preview_url (iframe-embeddable URL), 'html' returns preview_html (raw HTML). Ignored when include_preview is false or omitted.
+ */
+export type PreviewOutputFormat = 'url' | 'html';
+
+/**
+ * A single rendered piece of a creative preview with discriminated output format
+ */
+export type PreviewRender = {
+    /**
+     * Unique identifier for this rendered piece within the variant
+     */
+    render_id: string;
+    /**
+     * Discriminator indicating preview_url is provided
+     */
+    output_format: 'url';
+    /**
+     * URL to an HTML page that renders this piece. Can be embedded in an iframe.
+     */
+    preview_url: string;
+    /**
+     * Semantic role of this rendered piece. Use 'primary' for main content, 'companion' for associated banners, descriptive strings for device variants or custom roles.
+     */
+    role: string;
+    /**
+     * Dimensions for this rendered piece
+     */
+    dimensions?: {
+        /**
+         * @minimum 0
+         */
+        width: number;
+        /**
+         * @minimum 0
+         */
+        height: number;
+    };
+    /**
+     * Optional security and embedding metadata for safe iframe integration
+     */
+    embedding?: {
+        /**
+         * Recommended iframe sandbox attribute value (e.g., 'allow-scripts allow-same-origin')
+         */
+        recommended_sandbox?: string;
+        /**
+         * Whether this output requires HTTPS for secure embedding
+         */
+        requires_https?: boolean;
+        /**
+         * Whether this output supports fullscreen mode
+         */
+        supports_fullscreen?: boolean;
+        /**
+         * Content Security Policy requirements for embedding
+         */
+        csp_policy?: string;
+    };
+} | {
+    /**
+     * Unique identifier for this rendered piece within the variant
+     */
+    render_id: string;
+    /**
+     * Discriminator indicating preview_html is provided
+     */
+    output_format: 'html';
+    /**
+     * Raw HTML for this rendered piece. Can be embedded directly in the page without iframe. Security warning: Only use with trusted creative agents as this bypasses iframe sandboxing.
+     */
+    preview_html: string;
+    /**
+     * Semantic role of this rendered piece. Use 'primary' for main content, 'companion' for associated banners, descriptive strings for device variants or custom roles.
+     */
+    role: string;
+    /**
+     * Dimensions for this rendered piece
+     */
+    dimensions?: {
+        /**
+         * @minimum 0
+         */
+        width: number;
+        /**
+         * @minimum 0
+         */
+        height: number;
+    };
+    /**
+     * Optional security and embedding metadata
+     */
+    embedding?: {
+        /**
+         * Recommended iframe sandbox attribute value (e.g., 'allow-scripts allow-same-origin')
+         */
+        recommended_sandbox?: string;
+        /**
+         * Whether this output requires HTTPS for secure embedding
+         */
+        requires_https?: boolean;
+        /**
+         * Whether this output supports fullscreen mode
+         */
+        supports_fullscreen?: boolean;
+        /**
+         * Content Security Policy requirements for embedding
+         */
+        csp_policy?: string;
+    };
+} | {
+    /**
+     * Unique identifier for this rendered piece within the variant
+     */
+    render_id: string;
+    /**
+     * Discriminator indicating both preview_url and preview_html are provided
+     */
+    output_format: 'both';
+    /**
+     * URL to an HTML page that renders this piece. Can be embedded in an iframe.
+     */
+    preview_url: string;
+    /**
+     * Raw HTML for this rendered piece. Can be embedded directly in the page without iframe. Security warning: Only use with trusted creative agents as this bypasses iframe sandboxing.
+     */
+    preview_html: string;
+    /**
+     * Semantic role of this rendered piece. Use 'primary' for main content, 'companion' for associated banners, descriptive strings for device variants or custom roles.
+     */
+    role: string;
+    /**
+     * Dimensions for this rendered piece
+     */
+    dimensions?: {
+        /**
+         * @minimum 0
+         */
+        width: number;
+        /**
+         * @minimum 0
+         */
+        height: number;
+    };
+    /**
+     * Optional security and embedding metadata for safe iframe integration
+     */
+    embedding?: {
+        /**
+         * Recommended iframe sandbox attribute value (e.g., 'allow-scripts allow-same-origin')
+         */
+        recommended_sandbox?: string;
+        /**
+         * Whether this output requires HTTPS for secure embedding
+         */
+        requires_https?: boolean;
+        /**
+         * Whether this output supports fullscreen mode
+         */
+        supports_fullscreen?: boolean;
+        /**
+         * Content Security Policy requirements for embedding
+         */
+        csp_policy?: string;
+    };
+};
+
+/**
+ * Provenance metadata for this asset, overrides manifest-level provenance
+ */
+export interface Provenance {
+    digital_source_type?: DigitalSourceType;
+    /**
+     * AI system used to generate or modify this content. Aligns with IPTC 2025.1 AI metadata fields and C2PA claim_generator.
+     */
+    ai_tool?: {
+        /**
+         * Name of the AI tool or model (e.g., 'DALL-E 3', 'Stable Diffusion XL', 'Gemini')
+         */
+        name: string;
+        /**
+         * Version identifier for the AI tool or model (e.g., '25.1', '0125', '2.1'). For generative models, use the model version rather than the API version.
+         */
+        version?: string;
+        /**
+         * Organization that provides the AI tool (e.g., 'OpenAI', 'Stability AI', 'Google')
+         */
+        provider?: string;
+    };
+    /**
+     * Level of human involvement in the AI-assisted creation process. Independent of `disclosure.required` — the protocol does not derive disclosure obligations from oversight level. Some regulations include carve-outs for human-edited or human-directed AI output, but those carve-outs have factual prerequisites the schema cannot evaluate. Asserting `edited` or `directed` does not by itself justify `disclosure.required: false`.
+     */
+    human_oversight?: 'none' | 'prompt_only' | 'selected' | 'edited' | 'directed';
+    /**
+     * Party declaring this provenance. Identifies who attached the provenance claim, enabling receiving parties to assess trust.
+     */
+    declared_by?: {
+        /**
+         * URL of the agent or service that declared this provenance
+         */
+        agent_url?: string;
+        /**
+         * Role of the declaring party in the supply chain
+         */
+        role: 'creator' | 'advertiser' | 'agency' | 'platform' | 'tool';
+    };
+    /**
+     * When this provenance claim was made (ISO 8601). Distinct from created_time, which records when the content itself was produced. A provenance claim may be attached well after content creation, for example when retroactively declaring AI involvement for regulatory compliance.
+     * @format date-time
+     */
+    declared_at?: string;
+    /**
+     * When this content was created or generated (ISO 8601)
+     * @format date-time
+     */
+    created_time?: string;
+    /**
+     * C2PA sidecar manifest reference. Links to a detached cryptographic provenance manifest for this content. Note: file-level C2PA bindings break when ad servers transcode, resize, or re-encode assets. For pipelines with intermediaries, consider embedded_provenance as the primary provenance mechanism.
+     */
+    c2pa?: {
+        /**
+         * URL to the C2PA manifest store for this content
+         */
+        manifest_url: string;
+    };
+    /**
+     * Provenance metadata embedded within the content stream. Each entry declares one embedding layer: structured provenance data carried inside the content itself, as distinct from sidecar references (c2pa.manifest_url). Embedded provenance survives operations that break sidecar and file-level bindings: ad-server transcoding, CMS ingestion, copy-paste, reformatting, and CDN re-encoding. For ad-tech pipelines where content passes through multiple intermediaries, embedded provenance is the reliable path for provenance that persists from declaration through delivery. This is a declaration by the embedding party. The receiving party (the seller) is the verifier-of-record: it confirms the claim by calling a governance agent it trusts (typically one published in `creative_policy.accepted_verifiers`).
+     */
+    embedded_provenance?: {
+        method: EmbeddedProvenanceMethod;
+        /**
+         * Standard the embedding conforms to, if any (e.g., 'c2pa' for C2PA Section A.7 text manifest embedding)
+         */
+        standard?: string;
+        /**
+         * Organization that performed the embedding (e.g., 'Encypher', 'Digimarc'). Display label and audit context — not a wire identifier.
+         */
+        provider: string;
+        /**
+         * Buyer's representation that this embedding can be verified by a governance agent on the seller's `creative_policy.accepted_verifiers` list. The `agent_url` MUST match (canonicalized) one of the seller's published `accepted_verifiers[].agent_url` entries; sellers reject `sync_creatives` submissions whose `verify_agent.agent_url` is off-list with `PROVENANCE_VERIFIER_NOT_ACCEPTED`. This is buyer-supplied evidence, not buyer-driven routing — the seller is the verifier-of-record and the seller controls which agent it actually calls (the seller MAY use a different on-list agent if it determines this is more appropriate; the seller does not call buyer-asserted endpoints outside its allowlist). MAY be omitted for self-verifiable embeddings (e.g., a C2PA text manifest with a public key the seller already trusts).
+         */
+        verify_agent?: {
+            /**
+             * URL of the governance agent the buyer represents was used to embed/verify this layer. MUST use the `https://` scheme and MUST appear in the seller's `creative_policy.accepted_verifiers[].agent_url` list (canonicalized per /docs/reference/url-canonicalization: lowercase scheme and host, strip default port, normalize path dot-segments). Sellers MUST NOT call this URL until the canonicalized match is confirmed.
+             * @pattern ^https:\/\/
+             */
+            agent_url: string;
+            /**
+             * Optional `feature_id` the buyer represents the seller should request via `get_creative_features` (e.g., `encypher.markers_present_v2`). SHOULD match the `feature_id` declared on the matching `accepted_verifiers[]` entry, or be omitted to defer the selector to the seller. When the seller's entry pins a `feature_id`, that value wins; when neither side pins, the seller selects from the agent's `governance.creative_features` catalog.
+             */
+            feature_id?: string;
+        };
+        /**
+         * When the provenance data was embedded (ISO 8601)
+         * @format date-time
+         */
+        embedded_at?: string;
+    }[];
+    /**
+     * Content watermarks applied to this asset. Each entry declares one watermarking layer: a content modification that encodes an identifier or fingerprint within the asset. Watermarks differ from embedded provenance: a watermark encodes an identifier (who generated it, who owns it), while embedded provenance carries or references a structured provenance record (the full chain of custody). A single asset may carry both. Aligns with C2PA action taxonomy: c2pa.watermarked.bound (watermark linked to a C2PA manifest) and c2pa.watermarked.unbound (watermark independent of any manifest). This is a declaration by the watermarking party. The receiving party (the seller) is the verifier-of-record: it confirms the claim by calling a governance agent it trusts (typically one published in `creative_policy.accepted_verifiers`).
+     */
+    watermarks?: {
+        media_type: WatermarkMediaType;
+        /**
+         * Organization that applied the watermark (e.g., 'Imatag', 'Steg.AI', 'Encypher'). Display label and audit context — not a wire identifier.
+         */
+        provider: string;
+        /**
+         * Buyer's representation that this watermark can be detected by a governance agent on the seller's `creative_policy.accepted_verifiers` list. The `agent_url` MUST match (canonicalized) one of the seller's published `accepted_verifiers[].agent_url` entries; sellers reject `sync_creatives` submissions whose `verify_agent.agent_url` is off-list with `PROVENANCE_VERIFIER_NOT_ACCEPTED`. This is buyer-supplied evidence, not buyer-driven routing — the seller is the verifier-of-record and the seller controls which agent it actually calls (the seller MAY use a different on-list agent if it determines this is more appropriate; the seller does not call buyer-asserted endpoints outside its allowlist).
+         */
+        verify_agent?: {
+            /**
+             * URL of the governance agent the buyer represents was used to apply/detect this watermark. MUST use the `https://` scheme and MUST appear in the seller's `creative_policy.accepted_verifiers[].agent_url` list (canonicalized per /docs/reference/url-canonicalization: lowercase scheme and host, strip default port, normalize path dot-segments). Sellers MUST NOT call this URL until the canonicalized match is confirmed.
+             * @pattern ^https:\/\/
+             */
+            agent_url: string;
+            /**
+             * Optional `feature_id` the buyer represents the seller should request via `get_creative_features` (e.g., `imatag.watermark_detected`). SHOULD match the `feature_id` declared on the matching `accepted_verifiers[]` entry, or be omitted to defer the selector to the seller. When the seller's entry pins a `feature_id`, that value wins; when neither side pins, the seller selects from the agent's `governance.creative_features` catalog.
+             */
+            feature_id?: string;
+        };
+        c2pa_action?: C2PAWatermarkAction;
+        /**
+         * When the watermark was applied (ISO 8601)
+         * @format date-time
+         */
+        embedded_at?: string;
+    }[];
+    /**
+     * Regulatory disclosure requirements for this content. Indicates whether AI disclosure is required and under which jurisdictions.
+     */
+    disclosure?: {
+        /**
+         * The declaring party's claim that AI disclosure is required for this content under applicable regulations. This is a declared signal carried through the supply chain — useful as a routing and audit input — not a regulatory determination made by the protocol. Receiving parties remain responsible for their own jurisdictional analysis and should not treat `required: false` as compliance cover.
+         */
+        required: boolean;
+        /**
+         * Jurisdictions where disclosure obligations apply
+         */
+        jurisdictions?: {
+            /**
+             * ISO 3166-1 alpha-2 country code (e.g., 'US', 'DE', 'CN')
+             */
+            country: string;
+            /**
+             * Sub-national region code (e.g., 'CA' for California, 'BY' for Bavaria)
+             */
+            region?: string;
+            /**
+             * Regulation identifier (e.g., 'eu_ai_act_article_50', 'ca_sb_942', 'cn_deep_synthesis')
+             */
+            regulation: string;
+            /**
+             * Required disclosure label text for this jurisdiction, in the local language
+             */
+            label_text?: string;
+            /**
+             * How the disclosure should be rendered for this jurisdiction. Expresses the declaring party's intent for persistence and position based on regulatory requirements. Publishers control actual rendering but governance agents can audit whether guidance was followed.
+             */
+            render_guidance?: {
+                persistence?: DisclosurePersistence;
+                /**
+                 * Minimum display duration in milliseconds for initial persistence. Recommended when persistence is initial — without it, the duration is at the publisher's discretion. At serve time the publisher reads this from provenance since the brief is not available.
+                 * @minimum 1
+                 */
+                min_duration_ms?: number;
+                /**
+                 * Preferred disclosure positions in priority order. The first position a format supports should be used.
+                 */
+                positions?: DisclosurePosition[];
+                ext?: ExtensionObject;
+            };
+        }[];
+    };
+    /**
+     * Third-party verification or detection results for this content. Multiple services may independently evaluate the same content. Provenance is a claim — verification results attached by the declaring party are supplementary. The enforcing party (e.g., seller/publisher) should run its own verification via get_creative_features or calibrate_content.
+     */
+    verification?: {
+        /**
+         * Name of the verification service (e.g., 'DoubleVerify', 'Hive Moderation', 'Reality Defender')
+         */
+        verified_by: string;
+        /**
+         * When the verification was performed (ISO 8601)
+         * @format date-time
+         */
+        verified_time?: string;
+        /**
+         * Verification outcome
+         */
+        result: 'authentic' | 'ai_generated' | 'ai_modified' | 'inconclusive';
+        /**
+         * Confidence score of the verification result (0.0 to 1.0)
+         * @minimum 0
+         * @maximum 1
+         */
+        confidence?: number;
+        /**
+         * URL to the full verification report
+         */
+        details_url?: string;
+    }[];
+    ext?: ExtensionObject;
+}
+
+/**
+ * Push notification configuration for async task updates (A2A and REST protocols). Echoed from the request to confirm webhook settings. Specifies URL, authentication scheme (Bearer or HMAC-SHA256), and credentials. MCP uses progress notifications instead of webhooks.
+ */
+export interface PushNotificationConfig {
+    /**
+     * Webhook endpoint URL for task status notifications. The wire contract is unconstrained beyond `format: "uri"` — in particular, publishers SHOULD NOT enforce a destination-port allowlist by default, since buyers legitimately host receivers on non-standard TLS ports (`:9443`, `:4443`, path-routed multi-tenant gateways). The SSRF guard the protocol relies on is the IP-range check + DNS-rebinding-resistant connect pin defined in [Webhook URL validation (SSRF)](/docs/building/by-layer/L1/security#webhook-url-validation-ssrf), not port filtering. Operators who want a hardened destination-port allowlist as defense-in-depth (e.g., locked-down enterprise egress) opt in explicitly — see [Destination port: permissive by default](/docs/building/by-layer/L1/security#destination-port-permissive-by-default).
+     */
+    url: string;
+    /**
+     * Buyer-supplied correlation identifier for the operation that will produce webhooks against this registration. The seller MUST echo this value verbatim into every webhook payload's `operation_id` field (see [`mcp-webhook-payload.json`](/schemas/core/mcp-webhook-payload.json) and [Webhooks — Operation IDs](/docs/building/by-layer/L3/webhooks#operation-ids-and-url-templates)). Buyers SHOULD generate a unique value per task invocation (UUID recommended). This field is the canonical registration channel for `operation_id`; buyers MAY additionally embed the same value in the URL path or query as a routing aid for their own HTTP server, but the URL is opaque to the seller and the wire-level source of truth is this field. Sellers MUST NOT parse the URL to recover `operation_id`. Sellers that receive a webhook registration without `operation_id` MAY reject the task with `INVALID_REQUEST`.
+     * @minLength 1
+     * @maxLength 255
+     * @pattern ^[A-Za-z0-9_.:-]{1,255}$
+     */
+    operation_id?: string;
+    /**
+     * Optional client-provided token for webhook validation. The seller MUST echo this value verbatim in every webhook payload's `token` field (see [`mcp-webhook-payload.json`](/schemas/core/mcp-webhook-payload.json) for the receiver-side validation obligation). Length bounds give receivers a defensive range check on the echoed value; senders SHOULD generate tokens with at least 128 bits of entropy (≥22 base64url characters). This is a complementary authenticity mechanism that can layer on top of the RFC 9421 webhook signature — unlike the `authentication` block below, it is not on the 4.0 removal track. Receivers that registered both a signing key (RFC 9421) and a `token` MUST NOT treat a valid token echo as authorization to skip signature verification; both checks remain independent obligations.
+     * @minLength 16
+     * @maxLength 4096
+     */
+    token?: string;
+    /**
+     * Legacy authentication configuration (A2A-compatible). Opts the seller into Bearer or HMAC-SHA256 signing instead of the default RFC 9421 webhook profile. Deprecated; removed in AdCP 4.0. **Precedence is a switch, not a fallback:** presence of this block selects the legacy scheme; absence selects 9421. A seller MUST NOT sign the same webhook both ways, and a buyer MUST NOT attempt 'try 9421 first, fall back to HMAC' verification — signature mode is determined solely by whether this block was present at registration time. The seller's baseline 9421 webhook-signing key published at its brand.json `agents[]` `jwks_uri` does not override this selector; it is always discoverable but only used when `authentication` is omitted. See docs/building/implementation/security.mdx#webhook-callbacks for the full precedence and downgrade-resistance rules (including the `webhook_mode_mismatch` rejection a buyer MUST apply when a received webhook's signing mode does not match the registered mode).
+     */
+    authentication?: {
+        /**
+         * Array of authentication schemes. Supported: ['Bearer'] for simple token auth, ['HMAC-SHA256'] for legacy shared-secret signing. Both are deprecated; new integrations SHOULD omit `authentication` and use the RFC 9421 webhook profile.
+         */
+        schemes: AuthenticationScheme[];
+        /**
+         * Credentials for the legacy scheme. For Bearer: token sent in Authorization header. For HMAC-SHA256: shared secret used to generate signature. Minimum 32 characters. Exchanged out-of-band during onboarding.
+         * @minLength 32
+         */
+        credentials: string;
+    };
+}
+
+/**
+ * A reference asset that provides creative context. Carries visual materials (mood boards, product shots, example creatives) with semantic roles that tell creative agents how to use them.
+ */
+export interface ReferenceAsset {
+    /**
+     * URL to the reference asset (image, video, or document)
+     */
+    url: string;
+    /**
+     * How the creative agent should use this asset. style_reference: match the visual style; product_shot: include this product; mood_board: overall look and feel; example_creative: example of a similar execution; logo: logo to use; strategy_doc: strategy or planning document for context; storyboard: sequential visual direction for video or multi-scene creative
+     */
+    role: 'style_reference' | 'product_shot' | 'mood_board' | 'example_creative' | 'logo' | 'strategy_doc' | 'storyboard';
+    /**
+     * Human-readable description of the asset and how it should inform creative generation
+     */
+    description?: string;
+}
+
+/**
+ * Type of rights (talent, music, etc.). Helps identify constraints when a creative combines multiple rights types.
+ */
+export type RightType = 'talent' | 'character' | 'brand_ip' | 'music' | 'stock_media';
+
+/**
+ * Types of rights usage that can be licensed through the brand protocol. Aligned with DDEX UseType direction for interoperability with music and media rights systems.
+ */
+export type RightUse = 'likeness' | 'voice' | 'name' | 'endorsement' | 'motion_capture' | 'signature' | 'catchphrase' | 'sync' | 'background_music' | 'editorial' | 'commercial' | 'ai_generated_image';
+
+/**
+ * Rights metadata attached to a creative manifest. Each entry represents constraints from a single rights holder. A creative may combine multiple rights constraints (e.g., talent likeness + music license). For v1, rights constraints are informational metadata — the buyer/orchestrator manages creative lifecycle against these terms.
+ */
+export interface RightsConstraint {
+    /**
+     * Rights grant identifier from the acquire_rights response
+     */
+    rights_id: string;
+    /**
+     * The agent that granted these rights
+     */
+    rights_agent: {
+        /**
+         * MCP endpoint URL of the rights agent
+         */
+        url: string;
+        /**
+         * Agent identifier
+         */
+        id: string;
+    };
+    /**
+     * Start of the rights validity period
+     * @format date-time
+     */
+    valid_from?: string;
+    /**
+     * End of the rights validity period. Creative should not be served after this time.
+     * @format date-time
+     */
+    valid_until?: string;
+    /**
+     * Rights uses covered by this constraint
+     */
+    uses: RightUse[];
+    /**
+     * Countries where this creative may be served under these rights (ISO 3166-1 alpha-2). If omitted, no country restriction. When both countries and excluded_countries are present, the effective set is countries minus excluded_countries.
+     */
+    countries?: string[];
+    /**
+     * Countries excluded from rights availability (ISO 3166-1 alpha-2). Use when the grant is worldwide except specific markets.
+     */
+    excluded_countries?: string[];
+    /**
+     * Maximum total impressions allowed for the full validity period (valid_from to valid_until). This is the absolute cap across all creatives using this rights grant, not a per-creative or per-period limit.
+     * @minimum 1
+     */
+    impression_cap?: number;
+    right_type?: RightType;
+    /**
+     * Approval status from the rights holder at manifest creation time (snapshot, not a live value)
+     */
+    approval_status?: 'pending' | 'approved' | 'rejected';
+    /**
+     * URL where downstream supply chain participants can verify this rights grant is active. Returns HTTP 200 with the current grant status, or 404 if revoked. Enables SSPs and verification vendors to confirm rights before serving.
+     */
+    verification_url?: string;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Video scan method. Modern digital delivery requires progressive scan; interlaced is retained for broadcast legacy content.
+ */
+export type ScanType = 'progressive' | 'interlaced';
+
+/**
+ * Current task execution state. Indicates whether the task is completed, in progress (working), submitted for async processing, failed, or requires user input. REQUIRED on every task response envelope. Synchronous tasks (including read-only metadata calls like `get_adcp_capabilities`) MUST emit `status: "completed"`; async tasks emit `submitted`, `working`, `input-required`, etc. per their lifecycle. Agents MUST NOT emit the legacy task_status or response_status fields alongside this field — the status field is the single authoritative task state.
+ */
+export type TaskStatus = 'submitted' | 'working' | 'input-required' | 'completed' | 'canceled' | 'failed' | 'rejected' | 'auth-required' | 'unknown';
+
+/**
+ * Text content asset
+ */
+export interface TextAsset {
+    /**
+     * Discriminator identifying this as a text asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'text';
+    /**
+     * Text content
+     */
+    content: string;
+    /**
+     * Language code (e.g., 'en', 'es', 'fr')
+     */
+    language?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * URL reference asset. `url_type` declares the mechanism a receiver uses to invoke the URL (clickthrough vs. tracker_pixel vs. tracker_script) and is distinct from the URL's purpose, which the format declares in `url-asset-requirements.role` (clickthrough, landing_page, impression_tracker, click_tracker, viewability_tracker, third_party_tracker). Senders SHOULD include `url_type` on every URL asset. When `url_type` is absent, receivers SHOULD fall back to the format's `url-asset-requirements.role` per this mapping: clickthrough/landing_page → `clickthrough`; impression_tracker/click_tracker → `tracker_pixel`; viewability_tracker → `tracker_script` (OMID and equivalent verification SDKs require a <script> tag — firing them as a pixel produces no measurement); third_party_tracker → no safe fallback (mechanism is integration-specific — DV/IAS ship both pixel and script forms — receivers MAY reject or warn). When neither `url_type` nor a format-side `role` is available, receivers MUST NOT silently pick a mechanism; they SHOULD reject the manifest. Note: VAST/DAAST tag URLs are not URL assets — use `asset_type: "vast"` (or the dedicated tracker types pending RFC #2915), not `asset_type: "url"` with a tracker_pixel mechanism.
+ */
+export interface URLAsset {
+    /**
+     * Discriminator identifying this as a URL asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'url';
+    /**
+     * URL reference. May be a plain URI or an RFC 6570 URI template carrying AdCP universal macros (e.g., `{SKU}`, `{MEDIA_BUY_ID}`). Buyers MUST NOT pre-encode macro braces at sync time; the ad server URL-encodes substituted values at impression time. See docs/creative/universal-macros.mdx.
+     */
+    url: string;
+    url_type?: URLAssetType;
+    /**
+     * Description of what this URL points to
+     */
+    description?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * Mechanism a receiver uses to invoke this URL (distinct from purpose, which lives in `url-asset-requirements.role`): `clickthrough` for user click destination (landing page), `tracker_pixel` for impression/event tracking via HTTP request (fires GET, expects pixel/204 response), `tracker_script` for measurement SDKs that must load as a <script> tag (OMID verification, native event trackers using method:2). SHOULD be present on every URL asset; senders that omit it force the receiver into the role-based fallback described in this schema's top-level description.
+ */
+export type URLAssetType = 'clickthrough' | 'tracker_pixel' | 'tracker_script';
+
+/**
+ * Standardized macro placeholders for dynamic value substitution in creative tracking URLs. Macros are replaced with actual values at impression time. See docs/creative/universal-macros.mdx for detailed documentation.
+ */
+export type UniversalMacro = 'MEDIA_BUY_ID' | 'PACKAGE_ID' | 'CREATIVE_ID' | 'CACHEBUSTER' | 'TIMESTAMP' | 'CLICK_URL' | 'GDPR' | 'GDPR_CONSENT' | 'US_PRIVACY' | 'GPP_STRING' | 'GPP_SID' | 'IP_ADDRESS' | 'LIMIT_AD_TRACKING' | 'DEVICE_TYPE' | 'OS' | 'OS_VERSION' | 'DEVICE_MAKE' | 'DEVICE_MODEL' | 'USER_AGENT' | 'APP_BUNDLE' | 'APP_NAME' | 'COUNTRY' | 'REGION' | 'CITY' | 'ZIP' | 'DMA' | 'LAT' | 'LONG' | 'DEVICE_ID' | 'DEVICE_ID_TYPE' | 'DOMAIN' | 'PAGE_URL' | 'REFERRER' | 'KEYWORDS' | 'PLACEMENT_ID' | 'FOLD_POSITION' | 'AD_WIDTH' | 'AD_HEIGHT' | 'VIDEO_ID' | 'VIDEO_TITLE' | 'VIDEO_DURATION' | 'VIDEO_CATEGORY' | 'CONTENT_GENRE' | 'CONTENT_RATING' | 'PLAYER_WIDTH' | 'PLAYER_HEIGHT' | 'POD_POSITION' | 'POD_SIZE' | 'AD_BREAK_ID' | 'STATION_ID' | 'COLLECTION_NAME' | 'INSTALLMENT_ID' | 'AUDIO_DURATION' | 'TMPX' | 'AXEM' | 'CATALOG_ID' | 'SKU' | 'GTIN' | 'OFFERING_ID' | 'JOB_ID' | 'HOTEL_ID' | 'FLIGHT_ID' | 'VEHICLE_ID' | 'LISTING_ID' | 'STORE_ID' | 'PROGRAM_ID' | 'DESTINATION_ID' | 'CREATIVE_VARIANT_ID' | 'APP_ITEM_ID';
+
+/**
+ * How often the platform should re-fetch the feed from url. Only applicable when url is provided. Platforms may use this as a hint for polling schedules.
+ */
+export type UpdateFrequency = 'realtime' | 'hourly' | 'daily' | 'weekly';
+
+/**
+ * Manifest references a named format via the structured `format_id` object. The v1 path; remains supported through 4.x.
+ */
+export interface V1ManifestNamedFormatReference {
+    format_id: FormatReferenceStructuredObject;
+    /**
+     * v2 path, optional. Stable identifier matching one of the seller's product `format_options[i].capability_id` values. REQUIRED when the target product carries multiple `format_options` entries sharing the same `format_kind` (the buyer must disambiguate which option this manifest matches). When the product's `format_options` has a single entry — or multiple entries with distinct `format_kind` values — `capability_id` is OPTIONAL because `format_kind` alone routes the manifest to the right declaration.
+     */
+    capability_id?: string;
+    /**
+     * Map of slot keys to actual asset content. v1 path: each key matches an `asset_id` from the format's `assets` array (e.g., 'banner_image', 'clickthrough_url', 'video_file', 'vast_tag'). v2 path: each key matches an `asset_group_id` from the format's `slots` declaration drawn from the canonical vocabulary registry (e.g., 'images_landscape', 'video', 'landing_page_url', 'vast_tag', 'script', 'creative_brief'). Either path produces the same envelope shape; only the slot-key vocabulary differs.
+     *
+     * Each slot value is **either** a single asset object (most slots — image, video, vast_tag, landing_page_url, etc.) **or** an array of asset objects (slots with `min`/`max` counts on the format declaration — `cards` on `image_carousel`, `headlines` / `descriptions` / `images_landscape` on `responsive_creative`, etc.). Single-vs-array shape is governed by the format's `slots[].min` and `slots[].max` parameters: when `max > 1` (or when the slot is conceptually a pool), the value MUST be an array; when the slot is single-valued, the value MUST be a single object. Each asset value (single or array element) carries an `asset_type` discriminator (image, video, audio, vast, daast, text, markdown, url, html, css, webhook, javascript, brief, catalog, zip, card) that selects the matching asset schema. Validators with OpenAPI-style discriminator support use `asset_type` to report errors against only the selected branch instead of all branches.
+     */
+    assets: {
+        /**
+         * This interface was referenced by `undefined`'s JSON-Schema definition
+         * via the `patternProperty` "^[a-z0-9_]+$".
+         */
+        [k: string]: AssetVariant | AssetVariant[];
+    };
+    brand?: BrandReference;
+    /**
+     * Rights constraints attached to this creative. Each entry represents constraints from a single rights holder. A creative may combine multiple rights constraints (e.g., talent likeness + music license). For v1, rights constraints are informational metadata — the buyer/orchestrator manages creative lifecycle against these terms.
+     */
+    rights?: RightsConstraint[];
+    /**
+     * Industry-standard identifiers for this specific manifest (e.g., Ad-ID, ISCI, Clearcast clock number). When present, overrides creative-level identifiers. Use when different format versions of the same source creative have distinct Ad-IDs (e.g., the :15 and :30 cuts).
+     */
+    industry_identifiers?: IndustryIdentifier[];
+    provenance?: Provenance;
+    ext?: ExtensionObject;
+}
+
+/**
+ * Manifest declares which canonical format it targets via `format_kind` (e.g., `image`). The v2 path introduced by RFC #3305.
+ */
+export interface V2ManifestCanonicalFormatKind {
+    format_kind: CanonicalFormatKind;
+    /**
+     * v2 path, optional. Stable identifier matching one of the seller's product `format_options[i].capability_id` values. REQUIRED when the target product carries multiple `format_options` entries sharing the same `format_kind` (the buyer must disambiguate which option this manifest matches). When the product's `format_options` has a single entry — or multiple entries with distinct `format_kind` values — `capability_id` is OPTIONAL because `format_kind` alone routes the manifest to the right declaration.
+     */
+    capability_id?: string;
+    /**
+     * Map of slot keys to actual asset content. v1 path: each key matches an `asset_id` from the format's `assets` array (e.g., 'banner_image', 'clickthrough_url', 'video_file', 'vast_tag'). v2 path: each key matches an `asset_group_id` from the format's `slots` declaration drawn from the canonical vocabulary registry (e.g., 'images_landscape', 'video', 'landing_page_url', 'vast_tag', 'script', 'creative_brief'). Either path produces the same envelope shape; only the slot-key vocabulary differs.
+     *
+     * Each slot value is **either** a single asset object (most slots — image, video, vast_tag, landing_page_url, etc.) **or** an array of asset objects (slots with `min`/`max` counts on the format declaration — `cards` on `image_carousel`, `headlines` / `descriptions` / `images_landscape` on `responsive_creative`, etc.). Single-vs-array shape is governed by the format's `slots[].min` and `slots[].max` parameters: when `max > 1` (or when the slot is conceptually a pool), the value MUST be an array; when the slot is single-valued, the value MUST be a single object. Each asset value (single or array element) carries an `asset_type` discriminator (image, video, audio, vast, daast, text, markdown, url, html, css, webhook, javascript, brief, catalog, zip, card) that selects the matching asset schema. Validators with OpenAPI-style discriminator support use `asset_type` to report errors against only the selected branch instead of all branches.
+     */
+    assets: {
+        /**
+         * This interface was referenced by `undefined`'s JSON-Schema definition
+         * via the `patternProperty` "^[a-z0-9_]+$".
+         */
+        [k: string]: AssetVariant | AssetVariant[];
+    };
+    brand?: BrandReference;
+    /**
+     * Rights constraints attached to this creative. Each entry represents constraints from a single rights holder. A creative may combine multiple rights constraints (e.g., talent likeness + music license). For v1, rights constraints are informational metadata — the buyer/orchestrator manages creative lifecycle against these terms.
+     */
+    rights?: RightsConstraint[];
+    /**
+     * Industry-standard identifiers for this specific manifest (e.g., Ad-ID, ISCI, Clearcast clock number). When present, overrides creative-level identifiers. Use when different format versions of the same source creative have distinct Ad-IDs (e.g., the :15 and :30 cuts).
+     */
+    industry_identifiers?: IndustryIdentifier[];
+    provenance?: Provenance;
+    ext?: ExtensionObject;
+}
+
+/**
+ * VAST (Video Ad Serving Template) tag for third-party video ad serving
+ */
+export type VASTAsset = {
+    /**
+     * Discriminator identifying this as a VAST asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'vast';
+    vast_version?: VASTVersion;
+    /**
+     * Whether VPAID (Video Player-Ad Interface Definition) is supported
+     */
+    vpaid_enabled?: boolean;
+    /**
+     * Expected video duration in milliseconds (if known)
+     * @minimum 0
+     */
+    duration_ms?: number;
+    /**
+     * Tracking events supported by this VAST tag
+     */
+    tracking_events?: VASTTrackingEvent[];
+    /**
+     * URL to captions file (WebVTT, SRT, etc.)
+     */
+    captions_url?: string;
+    /**
+     * URL to audio description track for visually impaired users
+     */
+    audio_description_url?: string;
+    provenance?: Provenance;
+} & ({
+    /**
+     * Discriminator indicating VAST is delivered via URL endpoint
+     */
+    delivery_type: 'url';
+    /**
+     * URL endpoint that returns VAST XML
+     */
+    url: string;
+} | {
+    /**
+     * Discriminator indicating VAST is delivered as inline XML content
+     */
+    delivery_type: 'inline';
+    /**
+     * Inline VAST XML content
+     */
+    content: string;
+});
+
+/**
+ * Tracking events for video ads. Includes the IAB VAST 4.2 `Tracking@event` enumeration (vast_4.2.xsd `TrackingEvents_type`, lines 112–136), plus AdCP-flattened representations of the `Impression`, `Error`, `VideoClicks`, and `ViewableImpression` elements (which live in dedicated VAST elements, not under `<TrackingEvents>` — they are surfaced here so a single declared list can cover everything a measurement vendor wants to track). `fullscreen` / `exitFullscreen` are retained for VAST 2.x / 3.x compatibility (VAST 4.0+ replaced them with `playerExpand` / `playerCollapse`). `measurableImpression` is an AdCP extension for MRC measurability signals.
+ */
+export type VASTTrackingEvent = 'impression' | 'creativeView' | 'loaded' | 'start' | 'firstQuartile' | 'midpoint' | 'thirdQuartile' | 'complete' | 'mute' | 'unmute' | 'pause' | 'resume' | 'rewind' | 'skip' | 'playerExpand' | 'playerCollapse' | 'fullscreen' | 'exitFullscreen' | 'progress' | 'acceptInvitation' | 'adExpand' | 'adCollapse' | 'minimize' | 'overlayViewDuration' | 'otherAdInteraction' | 'interactiveStart' | 'clickTracking' | 'customClick' | 'close' | 'closeLinear' | 'error' | 'viewable' | 'notViewable' | 'viewUndetermined' | 'measurableImpression' | 'viewableImpression';
+
+/**
+ * VAST specification version
+ */
+export type VASTVersion = '2.0' | '3.0' | '4.0' | '4.1' | '4.2';
+
+/**
+ * Video asset with URL and technical specifications including audio track properties
+ */
+export interface VideoAsset {
+    /**
+     * Discriminator identifying this as a video asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'video';
+    /**
+     * URL to the video asset
+     */
+    url: string;
+    /**
+     * Width in pixels
+     * @minimum 1
+     */
+    width: number;
+    /**
+     * Height in pixels
+     * @minimum 1
+     */
+    height: number;
+    /**
+     * Video duration in milliseconds
+     * @minimum 1
+     */
+    duration_ms?: number;
+    /**
+     * File size in bytes
+     * @minimum 1
+     */
+    file_size_bytes?: number;
+    /**
+     * Video container format (mp4, webm, mov, etc.)
+     */
+    container_format?: string;
+    /**
+     * Video codec used (h264, h265, vp9, av1, prores, etc.)
+     */
+    video_codec?: string;
+    /**
+     * Video stream bitrate in kilobits per second
+     * @minimum 1
+     */
+    video_bitrate_kbps?: number;
+    /**
+     * Frame rate as string to preserve precision (e.g., '23.976', '29.97', '30')
+     */
+    frame_rate?: string;
+    frame_rate_type?: FrameRateType;
+    scan_type?: ScanType;
+    /**
+     * Color space of the video
+     */
+    color_space?: 'rec709' | 'rec2020' | 'rec2100' | 'srgb' | 'dci_p3';
+    /**
+     * HDR format if applicable, or 'sdr' for standard dynamic range
+     */
+    hdr_format?: 'sdr' | 'hdr10' | 'hdr10_plus' | 'hlg' | 'dolby_vision';
+    /**
+     * Chroma subsampling format
+     */
+    chroma_subsampling?: '4:2:0' | '4:2:2' | '4:4:4';
+    /**
+     * Video bit depth
+     */
+    video_bit_depth?: 8 | 10 | 12;
+    /**
+     * GOP/keyframe interval in seconds
+     */
+    gop_interval_seconds?: number;
+    gop_type?: GOPType;
+    moov_atom_position?: MoovAtomPosition;
+    /**
+     * Whether the video contains an audio track
+     */
+    has_audio?: boolean;
+    /**
+     * Audio codec used (aac, aac_lc, he_aac, pcm, mp3, ac3, eac3, etc.)
+     */
+    audio_codec?: string;
+    /**
+     * Audio sampling rate in Hz (e.g., 44100, 48000)
+     */
+    audio_sampling_rate_hz?: number;
+    audio_channels?: AudioChannelLayout;
+    /**
+     * Audio bit depth
+     */
+    audio_bit_depth?: 16 | 24 | 32;
+    /**
+     * Audio bitrate in kilobits per second
+     * @minimum 1
+     */
+    audio_bitrate_kbps?: number;
+    /**
+     * Integrated loudness in LUFS
+     */
+    audio_loudness_lufs?: number;
+    /**
+     * True peak level in dBFS
+     */
+    audio_true_peak_dbfs?: number;
+    /**
+     * URL to captions file (WebVTT, SRT, etc.)
+     */
+    captions_url?: string;
+    /**
+     * URL to text transcript of the video content
+     */
+    transcript_url?: string;
+    /**
+     * URL to audio description track for visually impaired users
+     */
+    audio_description_url?: string;
+    provenance?: Provenance;
+}
+
+/**
+ * Media category of the watermarked content
+ */
+export type WatermarkMediaType = 'audio' | 'image' | 'video' | 'text';
+
+/**
+ * Webhook for server-side dynamic content rendering (DCO)
+ */
+export interface WebhookAsset {
+    /**
+     * Discriminator identifying this as a webhook asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'webhook';
+    /**
+     * Webhook URL to call for dynamic content
+     */
+    url: string;
+    method?: HTTPMethod;
+    /**
+     * Maximum time to wait for response in milliseconds
+     * @minimum 10
+     * @maximum 5000
+     */
+    timeout_ms?: number;
+    /**
+     * Universal macros that can be passed to webhook (e.g., DEVICE_TYPE, COUNTRY). See docs/creative/universal-macros.mdx for full list.
+     */
+    supported_macros?: (UniversalMacro | string)[];
+    /**
+     * Universal macros that must be provided for webhook to function
+     */
+    required_macros?: (UniversalMacro | string)[];
+    response_type: WebhookResponseType;
+    /**
+     * Security configuration for webhook calls
+     */
+    security: {
+        method: WebhookSecurityMethod;
+        /**
+         * Header name for HMAC signature (e.g., 'X-Signature')
+         */
+        hmac_header?: string;
+        /**
+         * Header name for API key (e.g., 'X-API-Key')
+         */
+        api_key_header?: string;
+    };
+    provenance?: Provenance;
+}
+
+/**
+ * Expected content type of webhook response
+ */
+export type WebhookResponseType = 'html' | 'json' | 'xml' | 'javascript';
+
+/**
+ * Authentication method
+ */
+export type WebhookSecurityMethod = 'hmac_sha256' | 'api_key' | 'none';
+
+/**
+ * Bundled creative asset delivered as a zip archive — typically an HTML5 banner with index.html plus supporting CSS, JS, images, and fonts. Receivers unpack the zip, validate internal structure, and serve contents from CDN. Distinct from inline HTML (html asset) and from third-party tag URLs (url asset with url_type tracker_script).
+ */
+export interface ZipAsset {
+    /**
+     * Discriminator identifying this as a zip-bundled asset. See /schemas/creative/asset-types for the registry.
+     */
+    asset_type: 'zip';
+    /**
+     * URL where the zip archive is hosted. Must be HTTPS.
+     */
+    url: string;
+    /**
+     * Maximum file size in kilobytes. Receivers should reject zips exceeding this.
+     * @minimum 0
+     */
+    max_file_size_kb?: number;
+    /**
+     * Relative path to the entry file within the zip (typically 'index.html'). Receivers default to 'index.html' if absent.
+     */
+    entry_point?: string;
+    /**
+     * File extensions permitted inside the zip (e.g., ['html', 'css', 'js', 'png', 'jpg', 'svg', 'webp', 'json', 'woff2']). Receivers may reject zips containing other extensions.
+     */
+    allowed_inner_extensions?: string[];
+    /**
+     * Fallback image URL for environments that cannot render the bundled creative (e.g., non-HTML5 endpoints, ad blockers). Recommended for HTML5 banners.
+     */
+    backup_image_url?: string;
+    /**
+     * Optional SHA-256 content digest of the zip archive (sha256:<hex>) for integrity verification. Lets receivers detect tampered or stale archives.
+     * @pattern ^sha256:[a-f0-9]{64}$
+     */
+    digest?: string;
+    /**
+     * Self-declared accessibility properties for this opaque creative
+     */
+    accessibility?: {
+        /**
+         * Text alternative describing the creative content
+         */
+        alt_text?: string;
+        /**
+         * Whether the creative can be fully operated via keyboard
+         */
+        keyboard_navigable?: boolean;
+        /**
+         * Whether the creative respects prefers-reduced-motion or provides pause/stop controls
+         */
+        motion_control?: boolean;
+        /**
+         * Whether the creative has been tested with screen readers
+         */
+        screen_reader_tested?: boolean;
+    };
+    provenance?: Provenance;
+}