Skip to content

spec(governance): require check_governance on every spend-commit (#2403)#2419

Merged
bokelley merged 2 commits into
mainfrom
bokelley/issue-2403
Apr 19, 2026
Merged

spec(governance): require check_governance on every spend-commit (#2403)#2419
bokelley merged 2 commits into
mainfrom
bokelley/issue-2403

Conversation

@bokelley

Copy link
Copy Markdown
Contributor

Closes #2403.

Summary

Turns Embedded Human Judgment into an enforceable MUST. When a governance agent is configured on the plan, buyer agents MUST invoke check_governance before every spend-commit request — full stop. No dollar floors, anomaly thresholds, or cold-start exemptions. Auto-approve fast-paths live inside the governance agent's own policy via the existing budget.reallocation_threshold and human_review_required surfaces.

Seller enforcement makes the MUST real: a seller receiving a spend-commit for a governance-configured plan MUST require a valid, in-date governance_context token for the matching plan and phase, and MUST reject with PERMISSION_DENIED otherwise. A buyer that skips check_governance cannot produce a valid token, so the commit is rejected at the seller.

Why always-invoke instead of the threshold design posted on #2403

The working-group comments on #2403 proposed a three-trigger threshold (operator floor + 3× median + cold-start). After expert review, that design lost on five fronts:

  1. Gaming surface. Per-commit floors invite split-orders, anomaly medians can be poisoned by seeding the baseline with a few inflated commits, cold-start is gamed by rotating plan_ids or sellers.
  2. Contradicts an existing invariant. check_governance.mdx already says "if governance is configured and unreachable, MUST NOT proceed." That's incompatible with "configured but this commit is small enough to skip."
  3. Regulator clarity. "Every spend-commit was checked" is a one-line attestation. "Every spend-commit above an operator floor, or 3× median, or within cold-start, was checked" is an audit nightmare — a verifier has to recompute the buyer's median to prove the MUST held.
  4. Threshold already lives in the right place. reallocation_threshold + human_review_required on the plan are where the governance agent is told when to auto-approve vs. escalate. Duplicating that one layer up was a design mistake.
  5. Seller enforcement becomes a pure token check. A seller can't verify a buyer computed the median correctly. "Valid governance_context token or reject" is all a seller can meaningfully enforce.

Spend-commit tasks in scope

create_media_buy, update_media_buy, acquire_rights, update_rights, activate_signal, build_creative, and any future spend-commit task. NOT triggered by discovery (get_products, get_signals), reporting (get_media_buy_delivery), or operational-status tasks.

Test plan

  • npm run test:unit — 587 passing
  • npm run typecheck — clean
  • Mintlify renders new sections; anchor links resolve (#spend-commit-invocation, #signed-governance-context, #idempotency, #seller-verification-checklist)
  • Working-group sign-off on the always-invoke direction before merge

🤖 Generated with Claude Code

… governance is configured (#2403)

Turns Embedded Human Judgment into an enforceable MUST. When a governance
agent is configured on the plan, buyer agents MUST invoke check_governance
before every spend-commit request (create_media_buy, update_media_buy,
acquire_rights, update_rights, activate_signal, build_creative) — full stop.
No dollar floors, anomaly thresholds, or cold-start exemptions. Auto-approve
fast-paths live inside the governance agent's own policy via the existing
budget.reallocation_threshold and human_review_required fields.

Seller enforcement makes the MUST real: a seller receiving a spend-commit
for a plan with a configured governance agent MUST require a valid, in-date
governance_context token for the matching plan and phase, and MUST reject
with PERMISSION_DENIED otherwise. A buyer that skips check_governance cannot
produce a valid token, so the commit is rejected at the seller.

Adds audit-log MUSTs, idempotency interaction, and extends the Embedded
Human Judgment Protocol Mapping to cite the new enforceable surface.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions

github-actions Bot commented Apr 19, 2026

Copy link
Copy Markdown
Contributor

Schema Link Check Results

Commit: 772d1c7 - spec(governance): apply expert-review feedback to #2403 — intent-phase clarifications + seller retention (#2403 follow-up)

⚠️ Warnings (schema not yet released)

These schemas exist in source but haven't been released yet. The links will be broken until the next version is published:

  • https://adcontextprotocol.org/schemas/v3/enums/specialism.json
    • Schema exists in latest (source) but not yet released in v3
    • Action: This link will work after next 3.x release is published

To fix: Either:

  1. Wait for the next release and merge this PR after the release is published
  2. Use latest instead of a version alias if you need the link to work immediately (note: latest is the development version and may change)
  3. Coordinate with maintainers to cut a new release before merging

…e clarifications + seller retention (#2403 follow-up)

Security reviewer and protocol expert both flagged the same latent bug: the
original draft of the Seller enforcement paragraph read as if the buyer
produced a purchase-phase token, contradicting the JWS profile (intent tokens
are pre-seller; purchase tokens are seller-assigned with media_buy_id).

Applied fixes:

- Specification §126: name the buyer's token as intent-phase up front
- Specification §148 (Seller enforcement): require phase="intent", sub=plan_id,
  aud=this-seller on the token the buyer attaches; document the two-step flow
  (buyer's intent check → seller's execution check → purchase-phase token
  bound to the newly assigned media_buy_id)
- Specification: new MUST that sellers persist accepted governance tokens
  keyed by (jti, iss, aud, sub, phase, outcome, timestamp) so auditor
  reconciliation between seller records and get_plan_audit_logs is possible —
  without seller retention, the audit log is single-sourced from the entity
  under scrutiny
- Specification: idempotency/replay-dedup carve-out (repeated jti with same
  idempotency_key is a legitimate retry, not a replay attack)
- Specification: stale-approval residual-risk note (tight exp bounds the
  window; operators who cannot tolerate it set reallocation_threshold=0 or
  human_review_required=true)
- Specification: shopping-privacy note for multi-seller fanout (GA sees the
  buyer's full seller list at intent time)
- Specification: sellers MAY refuse to transact on plans lacking a configured
  governance agent
- check_governance §34 (Execution checks): fix pseudocode that passed
  phase:"purchase" to the verifier for a token the buyer just attached — the
  buyer attaches intent tokens; the seller's execution check produces purchase
  tokens internally
- check_governance Invocation requirement: align with the two-step flow

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@bokelley

Copy link
Copy Markdown
Contributor Author

Expert review round applied

Ran the always-invoke shape by security-reviewer and ad-tech-protocol-expert in parallel. Both independently flagged the same latent bug: the first draft of the Seller enforcement paragraph read as if the buyer produced a purchase-phase token, contradicting the JWS profile (intent tokens are pre-seller; purchase tokens are seller-assigned with media_buy_id).

Applied in the follow-up commit:

Correctness

  • Name the buyer's token as intent-phase up front (§126, §148, check_governance.mdx invocation section)
  • Document the two-step flow: buyer's intent check → seller's execution check → purchase-phase token bound to the newly assigned media_buy_id for the rest of the lifecycle
  • Fix pre-existing bug in check_governance.mdx pseudocode that passed phase: "purchase" to the verifier for a token the buyer just attached

New MUSTs surfaced by the security review

  • Sellers MUST persist accepted governance tokens keyed by (jti, iss, aud, sub, phase, outcome, timestamp) so auditor reconciliation between seller records and get_plan_audit_logs is possible — without this, the audit log is single-sourced from the entity under scrutiny
  • Idempotency/replay-dedup carve-out: repeated jti with the same idempotency_key is a legitimate retry, not a replay attack

Clarifications

  • Sellers MAY refuse to transact on plans lacking a configured governance agent as commercial policy (closes the "buyer declares no governance agent to evade the MUST" loophole without forcing the protocol to mandate one)
  • Multi-seller fanout produces one intent token per seller (correct protocol shape), and operators should know their GA sees the full shopping list
  • Accepted residual risk for stale approvals: tight exp bounds the window; operators who cannot tolerate it set reallocation_threshold: 0 or human_review_required: true

CI remains green. Ready for working-group review.

@bokelley bokelley merged commit 7aaf579 into main Apr 19, 2026
15 checks passed
bokelley added a commit that referenced this pull request Apr 20, 2026
…k idempotency)

Webhooks now a full citizen of the 3.0 trust surface — signing unified on the
RFC 9421 profile (baseline-required for sellers) and every webhook payload
carries a required idempotency_key. Also picks up several spec-hardening and
governance-tightening PRs that landed post-merge.

CHANGELOG.md — Adds to trust-surface minor changes:
- Unify webhook signing on RFC 9421 profile (#2423)
- Require idempotency_key on every webhook payload (#2416, #2417)
- check_governance required on every spend-commit (#2403, #2419)
- Experimental status mechanism + custom pricing escape hatch (#2422)

Plus patch entries for:
- submitted branch on create_media_buy + ai_generated_image right-use (#2425)
- time semantics + activate_signal idempotency (#2407)
- known-limitations/privacy-considerations/why-not FAQs + platform-agnostic lint (#2427)
- scope-truthfulness pass on three audited claims (#2385, #2404)

release-notes.mdx — Renames #1 item to "Trust Surface: Idempotency, Request
Signing, Signed Governance, and Signed Webhooks" and promotes webhooks to a
first-class bullet. Updates intro paragraph to mention webhook signing + payload
idempotency. Adds 4 new rows to the breaking changes table (webhook signing,
webhook idempotency_key, revocation-notification.notification_id rename, plus
MediaBuy.pending_approval placement). New webhook migration bullet at the top
of the rc.3 adopter list.

whats-new-in-v3.mdx — Expands the trust surface section with two new paragraphs
covering webhook signing under the 9421 profile and required payload
idempotency across all five webhook payload schemas.

prerelease-upgrades.mdx — 4 new breaking-change rows (webhook signing, webhook
payload idempotency, notification_id → idempotency_key, etc.) + 8 new additive
bullets covering webhook signing, webhook idempotency, check_governance on
spend-commit, experimental status mechanism, submitted branch, time semantics,
and the new reference pages.

migration/index.mdx — Adds webhook signing and webhook idempotency rows to the
v2→v3 migration checklist.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
bokelley added a commit that referenced this pull request Apr 22, 2026
…A banners (#2302)

* docs: 3.0 release notes, migration guide, specialism threading, and GA banners (#2177)

Closes #2177 and #2290. Comprehensive documentation update for AdCP 3.0 GA.

**Release documentation:**
- Add 3.0.0 CHANGELOG entry covering every change since rc.3
- Add rc.3 → 3.0 prerelease upgrade guide with breaking changes table,
  before/after JSON examples, and schema file references
- Expand whats-new rc.3 → 3.0 highlights with Specialisms + Compliance as
  a headline 3.0 pillar
- Exit changeset prerelease mode so next release is stable 3.0.0
- Remove stale "use 2.5 for production" banner from intro; drop misleading
  "(recommended for production)" from v2.5.0 historical schema-versioning note

**Specialisms + storyboards threaded through training:**
- Add "Specialisms you can validate" tables to all 5 specialist modules
- Add "Specialisms you can claim" to publisher and platform tracks;
  "Validating across sellers" to buyer track
- Add Domain/Specialism/Storyboard glossary + Compliance claims section
  to foundations A2 module
- Map skills to specialisms in build-an-agent; note brand-rights has no
  skill yet
- Add "What changed in 3.0" callout to Compliance Catalog covering
  rename/merge/promotion
- Thread specialisms mention through intro and quickstart

**GA launch banners (#2290):**
- Add Mintlify banner to docs.json: "AdCP 3.0 is now GA — see what's new"
- Add dismissible announcement strip to AAO homepage
- Bump docs.json default version label 3.0-rc → 3.0

**Pre-commit hook fix:**
- Force vitest `pool: 'threads'` in vitest.config.ts. The default forks pool
  hangs indefinitely under non-TTY stdin (git pre-commit hook) because server
  module init in imported code keeps child processes alive. Threads share the
  parent lifecycle and exit cleanly. Same test speed.

**Other fixes:**
- Remove stale "AdCP 3.0 Proposal" banner from collection_lists.mdx
- Fix major_versions: [1] → [3] in get_adcp_capabilities examples
- Update publisher track B3 to use governance_context + purchase_type
- Trim changelog.mdx stub to match its actual role (link to GitHub)

Expert-reviewed across code, protocol, DX, docs, copy, product, security,
and education. All feedback applied.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(3.0): foreground trust surface story (signing, idempotency, signed governance)

Weaves the post-rc.3 trust-surface work into the 3.0 narrative across CHANGELOG,
release notes, whats-new, and migration guides. Previously these PRs were merged
to main but not reflected in the 3.0 documentation story.

CHANGELOG.md — Adds "Breaking Changes — trust surface" and "Minor Changes —
trust surface" sections:

Breaking:
- idempotency_key required on all mutating requests (#2315)
- IO approval at task layer, not MediaBuy.pending_approval (#2270, #2351)
- Art 22 / Annex III as schema invariants (#2310, #2338)
- inventory-lists → property-lists, collection-lists split out (#2332, #2336)
- domains → protocols compliance taxonomy (#2300)

Minor:
- RFC 9421 request signing profile (#2323)
- Signed JWS governance_context (#2316)
- Universal security baseline storyboard (#2304)
- Signed-requests runner harness + runner output contract (#2350, #2352)
- Cross-instance state persistence required (#2363)
- Security narrative + principal terminology retirement (#2381)
- URL canonicalization + sf-binary pins (#2341, #2342, #2343)

Plus docs/patch entries for Operating an Agent, release cadence, CHARTER.md,
AI disclosure, creative lifecycle hardening, signals baseline, Scope3 → CSBS
rename, and numerous training-agent/storyboard fixes.

release-notes.mdx — Rewrites the 3.0.0 intro to lead with the trust surface.
Adds #1 "Trust Surface" item covering idempotency, signing, signed governance,
and universal security storyboard.

whats-new-in-v3.mdx — New "Trust surface: idempotency, request signing, and
signed governance" section at the top of New Capabilities.

prerelease-upgrades.mdx — New breaking-change rows and additive bullets for
trust-surface primitives.

migration/index.mdx — Adds idempotency_key, request signing, signed
governance_context, IO approval task-layer move, and Art 22 schema invariants.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(3.0): fold webhooks into trust surface (signed webhooks + webhook idempotency)

Webhooks now a full citizen of the 3.0 trust surface — signing unified on the
RFC 9421 profile (baseline-required for sellers) and every webhook payload
carries a required idempotency_key. Also picks up several spec-hardening and
governance-tightening PRs that landed post-merge.

CHANGELOG.md — Adds to trust-surface minor changes:
- Unify webhook signing on RFC 9421 profile (#2423)
- Require idempotency_key on every webhook payload (#2416, #2417)
- check_governance required on every spend-commit (#2403, #2419)
- Experimental status mechanism + custom pricing escape hatch (#2422)

Plus patch entries for:
- submitted branch on create_media_buy + ai_generated_image right-use (#2425)
- time semantics + activate_signal idempotency (#2407)
- known-limitations/privacy-considerations/why-not FAQs + platform-agnostic lint (#2427)
- scope-truthfulness pass on three audited claims (#2385, #2404)

release-notes.mdx — Renames #1 item to "Trust Surface: Idempotency, Request
Signing, Signed Governance, and Signed Webhooks" and promotes webhooks to a
first-class bullet. Updates intro paragraph to mention webhook signing + payload
idempotency. Adds 4 new rows to the breaking changes table (webhook signing,
webhook idempotency_key, revocation-notification.notification_id rename, plus
MediaBuy.pending_approval placement). New webhook migration bullet at the top
of the rc.3 adopter list.

whats-new-in-v3.mdx — Expands the trust surface section with two new paragraphs
covering webhook signing under the 9421 profile and required payload
idempotency across all five webhook payload schemas.

prerelease-upgrades.mdx — 4 new breaking-change rows (webhook signing, webhook
payload idempotency, notification_id → idempotency_key, etc.) + 8 new additive
bullets covering webhook signing, webhook idempotency, check_governance on
spend-commit, experimental status mechanism, submitted branch, time semantics,
and the new reference pages.

migration/index.mdx — Adds webhook signing and webhook idempotency rows to the
v2→v3 migration checklist.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(3.0): expert-review fixes — accurate trust-surface primitives, adcp_use placement, no protocol default on TTL

Addresses three rounds of expert review (product, protocol, copy) on the 3.0
release-docs PR.

**Accuracy fixes (protocol expert)**:
- idempotency_key TTL: "default 24h" was wrong — schema has no default, 24h
  is only recommended. Clients MUST NOT assume one. Fixed in CHANGELOG,
  release-notes, whats-new, prerelease-upgrades.
- adcp_use placement: webhook-signing JWK carries adcp_use:"webhook-signing"
  on the JWK inside the JWKS document at jwks_uri — NOT as a field on the
  brand.json agents[] entry. Clarified in all four files.
- kid uniqueness: kid values MUST be unique across adcp_use purposes within
  a JWKS. Added to whats-new and prerelease-upgrades.
- check_governance qualifier: restored "when a governance agent is
  configured on the plan" — was previously unconditional MUST. Added
  PERMISSION_DENIED as the rejection code.
- UUID v4: spec allows ^[A-Za-z0-9_.:-]{16,255}$; UUID v4 is an AdCP Verified
  requirement, not schema-enforced. Clarified across docs.
- Legacy HMAC opt-in: named the actual field (push_notification_config.
  authentication.credentials) where 3.x buyers opt into HMAC fallback.
- 4.0 removal scope: the entire `authentication` object is removed in 4.0,
  not just HMAC.
- webhook_signature_* reworded to "typed reason codes defined in the
  Security guide" — they are not enum values in error-code.json.

**Narrative fixes (product + copy)**:
- Primitive count reconciled: release-notes headline said 4, list had 5+1,
  whats-new said 3. Now consistently 4, grouped by symmetry (requests:
  idempotency + signing; webhooks: signing + idempotency; governance JWS
  as capstone). Universal security storyboard moved to item #2
  (specialisms/storyboards) where it belongs as verification, not a
  primitive.
- Opener paragraph tightened. "AdCP 3.0 makes agent-to-agent ad buying
  cryptographically verifiable and retry-safe." leads — the
  "safe for real money" overreach is softened throughout.
- Connective tissue added: "Trust primitives define the bar; storyboards
  test it; AdCP Verified certifies it." in item #2.
- Item #5 (IO approval) merged into item #12 (media buy lifecycle) —
  they described the same change. Numbered items now 1-14 clean.
- Release notes #14 consolidated brand-schema + operating-an-agent +
  cadence + experimental-status + known-limitations into one "Operating
  an Agent, Release Cadence, CHARTER" item; brand-schema extensions
  pointer to CHANGELOG.
- Long 14/15-step checklists deduplicated — release-notes and
  whats-new now link to the Security guide rather than restating them.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(3.0): remove preview specialisms, fill brand baseline, thread trust surface

- Remove sales-streaming-tv, sales-exchange, sales-retail-media, and
  measurement-verification from the 3.0 specialism enum and catalog. They
  were causing confusion about what's stable at GA. Tracking reintroduction
  with authoritative storyboards in 3.1: #2511.
- Fill the brand protocol baseline storyboard (identity-only); rights
  lifecycle remains in the experimental brand-rights specialism.
- Rewrite quickstart step 3 to teach idempotency_key + replay semantics
  and step 4 to replace HMAC-SHA256 webhooks with the RFC 9421 webhook
  profile (JWKS-anchored, typed webhook_signature_* reason codes).
- Add a trust-surface callout to the intro walkthrough so Alex's team
  encounters signing, idempotency replay, and signed governance JWS
  together at the media-buy execution moment.
- Clean up cross-references in compliance-catalog, specialist learning
  modules (governance, media-buy), platform track, migration guide, and
  what's-new page.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(3.0): apply external rc.3 review fixes — versioning clarity, SI experimental flags

- versioning: empty 3.1/3.2 Notes column removed; table now points at
  GitHub milestones for current candidate scope (no fixed commitments).
- versioning: retire "architecture committee led by Brian O'Kelley"
  phrasing; cross-cutting decisions happen in working-group forums and
  public GitHub issues. Brian's role remains named in FAQ and CHARTER.
- whats-new: flag Sponsored Intelligence as (experimental) in the
  protocol-scope comparison rows and implementer checklist, matching
  treatment already present on the dedicated SI section, FAQ, and
  governance overview.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(3.0): defensibility review P0 fixes + cutover checklist (#2538)

- known-limitations:47 tense fix. Art 22 / Annex III schema invariant
  shipped via #2310 on 2026-04-18.
- release-notes trust-framing. RFC 9421 request signing is optional in
  3.0 (required only for AdCP Verified). Reframed as "retry-safe and
  auditable, with optional end-to-end request signing."
- whats-new Verified self-attestation note. Agents publish their own
  runner-output.json; AAO does not audit or gate issuance.
- policy-registry CSBS provenance. Formal IP donation instrument is
  tracked in #2314 (Evergreen, legal-gated). CSBS ships under AAO
  custodianship until signed assignment is on file.

Launch-day cutover tracked in #2538.

* docs(3.0): defensibility review P1 fixes

* docs(governance): vendor Bylaws + Membership Agreement into repo (closes #2440)

* docs(governance): replace HTML-comment mirror headers with MDX-safe blockquotes

* docs(governance): absolute GitHub URL for governance README pointers (Mintlify broken-link fix)

* chore(husky): pin mintlify to 4.2.500 in pre-push (useState crash in 4.2.515+)

* docs(3.0): flip to GA — FAQ maturity, AAMP comparison, industry landscape (closes #2538 docs)

* docs(3.0): Verified program launches with 3.1 — set expectations now

* fix(ci): restore multi-platform optional deps in lockfile + axios types

Regenerating the lockfile during the main-merge resolution was done on
macOS-arm64, which only recorded darwin-arm64 entries for platform-
specific optional deps (@rolldown/binding-*, @img/sharp-*). Linux CI
then failed with 'Cannot find module @rolldown/binding-linux-x64-gnu'
(TypeScript Build) and 'Could not load the sharp module using the
linux-x64 runtime' (broken-links).

Regenerated the lockfile with npm install --os=linux --cpu=x64 after
nuking node_modules, which populated all platform optional deps
(darwin/linux/win32/android/freebsd/wasm bindings for rolldown; full
sharp platform matrix including the nested favicons/node_modules/sharp
copy). Reinstalling locally after on macOS works fine — npm picks up
only the darwin-arm64 bindings at runtime.

Also fixes a latent typecheck error in server/src/adagents-manager.ts:
axios 1.15.2 narrowed AxiosHeaders to string | number | true |
string[] | AxiosHeaders | undefined, breaking the .includes() call on
response.headers['content-type']. Wrap in String() to coerce safely.
The lockfile regeneration bumped axios from an older 1.13.x resolve
to 1.15.2 which surfaced this (existing bug, would have hit anyone
regenerating the lockfile on main).

* fix(ci): drop tests for two SDK-owned compliance assertions

server/tests/unit/compliance-assertions.test.ts still imported spec from
context-no-secret-echo.ts and idempotency-conflict-no-payload-leak.ts,
both of which were deleted in the 5.8 @adcp/client upgrade (the SDK now
ships both as built-in default invariants and owns the tests).

Removed the two describe blocks and their imports. Kept the
governance.denial_blocks_mutation tests — that assertion is still
repo-local.

Missed locally because npm run test:unit only scans tests/, not
server/tests/ — CI catches both via test:server-unit.

* docs(3.0): add item 17 (schema presence tightenings) + fold in x-annotations

Two additions to the 3.0.0 release notes for work that landed on main
over the last 30h but wasn't yet in our section:

- Item 17 covers #2612: check-governance-response now enforces
  conditions/findings/expires_at presence via if/then, and
  sync-catalogs-response requires item_count on created/updated/
  unchanged actions. Conformant agents unchanged; non-conformant ones
  now fail at response_schema validation instead of downstream
  field_present checks.
- Brand schema extensions summary paragraph now also names the three
  non-normative x- annotations that shipped over the last 48h:
  x-entity (#2660 phases 1-4 complete), x-mutates-state (#2675), and
  the governance_policy registry/inline split (#2685). All x-*
  annotations — agents don't validate them; they're tooling hints for
  the storyboard context-entity lint.

* docs(3.0): fold envelope-replayed schema fix and audience-status enum into item 11

Two schema-touch commits from the training-agent sprint that are protocol-visible:

- #2839 (2ee6ac7): envelope-level `replayed` flag now accepted on 15 mutating response schemas (property-list, collection-list, governance). Previously replay responses on these tools failed schema validation.
- #2836 (8ed0d4c): formal `audience-status` enum with explicit lifecycle transitions, paralleling other lifecycle-bearing resource types.

Both roll into item 11 (Error Codes and Schema Consistency). No breaking-changes-table additions — the `replayed` fix is permissive, the enum formalization just elevates an implicit contract.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3.0: check_governance MUST for spend-commit tasks above declared threshold

1 participant