Version Packages (beta)#4837
Conversation
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
f77801e to
3f2aa61
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
3f2aa61 to
0b8a4ef
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
0b8a4ef to
216fea3
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
216fea3 to
89e3144
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
89e3144 to
def0dae
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
def0dae to
6568973
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
6568973 to
2a999f6
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
2a999f6 to
61cead7
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
61cead7 to
0388bd4
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
0388bd4 to
aa87cec
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
c771dd6 to
fa35754
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
fa35754 to
348c3cf
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
348c3cf to
71927e0
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
71927e0 to
bdab491
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
bdab491 to
6c7b4ba
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
6c7b4ba to
3aa4f43
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
3aa4f43 to
acd6a09
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
acd6a09 to
f8bdde3
Compare
|
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final This is an automated message from the Argus AI review workflow. |
Catch up the lockfile version field after the 3.1.0-beta.2 release (#4837); package.json was already at beta.2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…4901) * spec(errors): register STALE_RESPONSE for cache-fallback advisories Add STALE_RESPONSE to the canonical error-code enum as a non-fatal advisory the seller emits alongside a populated payload when one of its upstreams or sub-agents is unreachable and the response was satisfied from a cache entry past the surface's freshness target. Sibling to SERVICE_UNAVAILABLE (empty payload + fatal): same upstream failure, opposite cache state. - enum + enumDescriptions + enumMetadata entry (transient recovery) - error-details/stale-response.json (served_from_cache, cache_age_seconds, optional freshness_target_seconds, upstream {url,name}, original_error) - error-handling.mdx System table row distinguishing from SERVICE_UNAVAILABLE - drift-disposition entry (held-for-next-minor, target_version 3.1) Multi-upstream cases emit one STALE_RESPONSE per affected upstream (per-asset advisory precedent from PIXEL_TRACKER_LOSSY_DOWNGRADE), not one aggregated entry. Closes #4899. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: sync package-lock.json to 3.1.0-beta.2 Catch up the lockfile version field after the 3.1.0-beta.2 release (#4837); package.json was already at beta.2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(docs): pin STALE_RESPONSE details link to schemas/v3 check-schema-links flagged the schemas/v1/ path I used in the System errors table. docs links must pin to the current major's alias (schemas/v3/) so they stay stable across releases. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
mainis currently in pre mode so this branch has prereleases rather than normal releases. If you want to exit prereleases, runchangeset pre exitonmain.Releases
adcontextprotocol@3.1.0-beta.2
Minor Changes
95bc69c: spec: webhook token round-trip + storyboard
required_any_of_tools(closes feat(schemas): promote echoed authentication token to typed field in mcp-webhook-payload #4339, spec: Storyboard.required_any_of_tools — declarative one-of-N tool requirement gate #4325)Two additive 3.1.0-beta.2 blockers bundled. Both are non-breaking — existing senders and receivers continue to interoperate.
feat(schemas): promote echoed authentication token to typed field in mcp-webhook-payload #4339 — webhook authentication
tokenround-trip (static/schemas/source/core/)mcp-webhook-payload.json— promote the echoed authenticationtokento a typed optional property (minLength: 16,maxLength: 4096). The field previously traveled on the wire underadditionalProperties: true; this is purely a typed surface on an existing implicit contract. Schema-driven SDK clients can now accesspayload.tokenwithout falling through an extras path. Receivers that configured a token MUST compare it to this value to validate request authenticity, and SHOULD use a constant-time equality check to mitigate timing attacks. The length-check fast-path is forbidden — receivers MAY range-check token length only after subscription lookup and never as a short-circuit on equal-length inputs.push-notification-config.json— addmaxLength: 4096to the existingtokenfield (was previously onlyminLength: 16); this is a constraint addition on the upper bound, not a tightening of the lower bound that would reject existing-conformant configs. Cross-reference the payload-side validation obligation. Add downgrade-defense sentence: receivers that registered both an RFC 9421 signing key and atokenMUST NOT treat a valid token echo as authorization to skip signature verification. Clarify thattokenis NOT on the 4.0 removal track (only the legacyauthenticationblock is being removed in favor of RFC 9421).spec: Storyboard.required_any_of_tools — declarative one-of-N tool requirement gate #4325 — storyboard
required_any_of_toolsdeclarative one-of-N gate (static/compliance/source/universal/)storyboard-schema.yaml— addrequired_any_of_toolsas a top-level optional storyboard field. Each entry is an OR-family{ tools: string[] (minItems: 2), rationale?: string }. Multiple entries AND-combine. Distinct fromrequired_tools(lenient any-of coverage skip) andprovides_state_for(step-scope state substitution).runner-output-contract.yaml— extendrequirement_unmetwith the canonicaldetailsub-reason prefixmissing_required_tool_family:plus the literal wire shape for separators (" or "between family members,"; "between multi-gate aggregations). No new top-levelskip_result.reasonenum value — the contract version stays at 2.2.0. Aggregator guidance is human-display only; automated consumers SHOULD parse only the first sub-reason from aggregateddetailand surface multi-gate state separately.scripts/build-compliance.cjs— validate the field on specialismindex.yamlfiles (filter+trimtools[]beforeminItems:2enforcement; reject non-stringrationale; drop emptyrationaleafter trim) and hoist intocompliance/<version>/index.jsonfor downstream SDK consumption.Downstream pickups (tracked separately):
adcontextprotocol/adcp-client-python#638— drops theextra='allow'token round-trip path once types regenerate against this schema.adcontextprotocol/adcp-client#1481— dropsexamples/hello_si_adapter_brand.tstop-leveloffering_idmirror once the 3.1.0-beta.2 dist publishes (the SI capture-path fix shipped in ci(storyboards): lint context_outputs.path against the response schema #3937 / dist 3.1.0-beta.1).adcontextprotocol/adcp-client#1642— migrates the runner-level account-discovery conformance gate (fix: restore stories routing and nav changes lost in #1600 merge #1624) to per-storyboardrequired_any_of_toolsconsumption.Known follow-ups (filed as issues, non-blocking on this beta):
minLength: 16on bothtokenfields permits ~96-bit base64url credentials, below the 128-bit entropy SHOULD in the description. Raising the floor to 22 would tighten an existing field; the gap is intentional for backward compatibility and re-evaluated in 4.0.docs/building/by-layer/L3/webhooks.mdxtoken-echo subsection andwhats-new-in-3-1.mdx/migration/prerelease-upgrades.mdxentries are pending. Schema descriptions carry normative weight; the docs page catches up in a follow-up PR.41fce13: spec(envelope):
statusis REQUIRED on every task response envelope.The protocol envelope (
core/protocol-envelope.json) now declaresstatusin itsrequiredarray, formalizing the wire contract the docs and conformance storyboards already assume. Every task response — including synchronous read-only metadata calls likeget_adcp_capabilities— MUST carry a top-levelstatusfield. Synchronous calls emitstatus: "completed"; async calls emitsubmitted,working,input-required, etc. per the task-status enum.Why this is a wire-shape clarification, not a new requirement. The docs (
sdk-stack.mdx,mcp-response-extraction.mdx,webhooks.mdx,error-handling.mdx) already treat envelopestatusas a canonical protocol-layer field. Thev3_envelope_integrityconformance storyboard already asserts presence viaenvelope_field_present. The schema design just leftstatusdeclared but not required on the envelope, which let SDKs ship without emitting it on some sync responses. This change closes that ambiguity.Resolves v3_envelope_integrity/no_legacy_status_fields expects presence of status field on get_adcp_capabilities envelope, but SDK 7.7.0 does not inject one — schema/storyboard drift #4832 — adopter (
@adcp/sdk@7.7.0, production seller) hitv3_envelope_integrity/no_legacy_status_fieldsfailure because the SDK's auto-registeredget_adcp_capabilitieshandler builds the response payload without settingstatus. The storyboard was correct; the envelope contract just wasn't formalized in schema.Adopter impact. Agents shipping responses without top-level envelope
statusare now non-conformant per the schema. The single broadly-distributed gap is@adcp/client's auto-registeredget_adcp_capabilities(tracked separately); other tools that go through the v6 handler pipeline already carrystatusbecause the SDK threads the envelope around typed platform returns. Adopters using raw-handler patterns (deprecated v5) should audit their responses and addstatus: "completed"to any sync response missing it.Phased follow-ups (not in this PR):
adcp-client: emitstatus: "completed"on the auto-registeredget_adcp_capabilitieshandler (and audit any other sync helper that builds responses without the v6 pipeline).create-media-buy-response.json,sync-creatives-response.json, etc.) to$refprotocol-envelope.jsonin addition toversion-envelope.json. Mechanical cleanup that lets per-taskresponse_schemavalidators catch envelope omissions directly, without relying on the separateenvelope_field_presentstoryboard check. Targeted for the 3.1 cycle ahead of GA.aa58c94: Add
capability_ids[]toPackageRequest(thepackages[]item shape oncreate_media_buy) as a V2 path equivalent toformat_ids[]. Lets buyers reading the V2 mental model (Product.format_options[]) author acreate_media_buycall without translating back throughv1_format_ref[].Symmetric with the V2 path that
creative-manifestalready exposes (manifest carries a singlecapability_id; package-side carries an array since one package may activate multipleformat_optionsentries).Additive optional field. When both
capability_idsandformat_idsare sent,capability_idswins and the seller routes by it; the resolving seller ignoresformat_ids(V2-native buyer SDKs SHOULD still emit it as a v1-compat hint for v1-only sellers further down the wire). When neither is sent, the package defaults to all formats supported by the product (unchanged from v1 behavior). Sellers MUST reject withUNSUPPORTED_FEATUREwhen an entry doesn't match aformat_options[]entry, when the product is v1-only (noformat_options[]at all), or when the product'sformat_options[]entries don't publishcapability_idvalues.Closes PackageRequest lacks v2 capability_id path — V2 mental model breaks at create_media_buy boundary #4842.
Patch Changes
ff53133: docs(adagents): add
authorization_type→ companion-field quick-reference table at the top of the Authorization Patterns section, plus a<Warning>callout on theinline_propertiesnaming exception (companion field isproperties, notinline_properties). Schemadescriptionstrings on theinline_propertiesoneOfbranch updated to surface the same exception where IDEs and linters display it. "Four patterns" count corrected to "six authorization types" (the two signal-side values were absent from the prose count). Non-normative — no fields, enums, orrequiredarrays change.Closes adagents.json: authorization_type values and their required fields are underdocumented #4776.
079c25c: Mark
data-provider-signal-selector.jsonwithx-adcp-hoist: trueso the schema bundler deduplicates it via root$defsinstead of inlining it N times.In 3.1.0-beta.x, the
tasks-get-response.jsonresultfield referencesasync-response-data.json— a union of all task response schemas. When bundled, shared sub-schemas get inlined once per referencing response schema. The duplicatedata-provider-signal-selectorinstances (a discriminatedoneOfwithselection_typevaluesall,by_id,by_tag) causeddatamodel-code-generatorto fabricate aLiteral['reuse']discriminator value, raisingTypeError: Value 'reuse' for discriminator 'selection_type' mapped to multiple choicesand blocking the entire Python SDK from importing.The bundler already has
hoistMarkedSchemas()for exactly this case. Thex-adcp-hoist: truedirective is build-time only and is stripped from the emitted bundled schemas — the normative wire contract is unchanged.c232af3: Fix phantom
FORMAT_INCOMPATIBLEerror code oncreate_media_buydocs. The code was referenced in the error table and two response examples ondocs/media-buy/task-reference/create_media_buy.mdxbut was never defined instatic/schemas/source/enums/error-code.json. SDKs that validateerrors[].codeagainst the published enum would reject responses built from the docs literally.Migrated all three references to
UNSUPPORTED_FEATURE— the enum value whose semantics ("a requested feature or field is not supported by this seller") match the "format not in the product's accepted set" case exactly. The error-table row was also merged with the siblingUNSUPPORTED_FEATURErow added in spec(3.1): add capability_ids[] to PackageRequest for V2-native authoring #4845 (which covered the v2capability_ids[]failure modes), so a single row now spans both v1 (format_ids[]) and v2 (capability_ids[]) format-mismatch cases.Closes docs(error):
FORMAT_INCOMPATIBLEreferenced in error table but not defined in error-code.json enum #4852.e2c3635: fix(schema): reconcile $ref sandbox host in product-format-declaration (closes Spec inconsistency: $ref sandboxing references mirror.adcontextprotocol.org but the rest of 3.1 migrated to creative.adcontextprotocol.org #4862)
core/product-format-declaration.json#format_schema.descriptioncontained two conflicting normative statements: thev1_format_refmirror-domain migration block (labeled "3.1") sayscreative.adcontextprotocol.org/translated/is the canonical AAO mirror host and that adopters MUST migrate away from the legacy host; the$refsandboxing clause in the same description still namedmirror.adcontextprotocol.orgas the allowed non-same-origin anchor, causing strict implementations of the sandbox to silently reject$refs hosted under the correct domain.Changes:
core/product-format-declaration.jsonformat_schema.description— two edits:$refbullet:(b) hosted under the AAO mirror namespace (\https://mirror.adcontextprotocol.org/...\`)→(b) hosted under the AAO catalog domain (`https://creative.adcontextprotocol.org/...\`)`mirror.adcontextprotocol.org/*withcreative.adcontextprotocol.org/*, update surrounding prose to match.docs/creative/canonical-formats.mdx$refsandboxing rule (item b) and "AAO mirror" trust anchor note updated to namecreative.adcontextprotocol.organd use "AAO catalog domain" terminology.No structural schema changes. No new fields, enum values, or MUST requirements — this is a normative-text consistency repair.
mirror.adcontextprotocol.orgwas never provisioned;@adcp/sdk7.10 already ships both hosts inDEFAULT_MIRROR_HOSTSas a transitional posture and can drop the legacy entry on next release.Closes Spec inconsistency: $ref sandboxing references mirror.adcontextprotocol.org but the rest of 3.1 migrated to creative.adcontextprotocol.org #4862.
ef9946c: fix(compliance): replace phantom_unit with devices in reach_buy_flow rejection step
The rejection_unsupported_reach_unit phase was using reach_unit: "phantom_unit", which
is not a valid reach-unit.json enum value. Because the step carries negative_path:
payload_well_formed, the payload must be schema-valid — but phantom_unit caused schema
rejection before the seller's capability-checking logic ran, so the test was passing for
the wrong reason.
Fix: add metric_optimization.supported_metrics: ["reach"] and
supported_reach_units: ["households", "individuals"] to the reach_ctv_q2 product fixture,
replace phantom_unit with "devices" (a valid enum value deliberately absent from the
fixture's declared units), and rename the step id from
create_media_buy_with_phantom_reach_unit to create_media_buy_with_unsupported_reach_unit.
The rejection now comes from the seller's business-logic capability check, which is the
contract the scenario is designed to exercise.
Closes fix(reach_buy_flow): phantom_unit causes schema rejection before seller capability validation #4819.
118d760: spec(preview_creative): allow non-expiring preview URLs by making
expires_atoptionalpreview_creativeresponses previously requiredexpires_atfor single previews and successful batch results, but the spec did not define how agents should represent preview URLs that do not expire. The response schema now allows omittingexpires_at; documentation clarifies that a present timestamp marks the time after which consumers should treat preview URLs as invalid, while an omitted timestamp means the preview URLs do not expire.This relaxes validation for existing non-expiring implementations without changing the meaning of responses that already include
expires_at. Closes spec: expires_at is required but no convention exists for non-expiring preview URLs #4453.210b8a7: Add SHOULD on
product-format-declaration.json: sellers SHOULD publishcapability_idon everyformat_options[]entry — not just when structurally required to break aformat_kindcollision. Without it, V2-mental-model buyers using thePackageRequest.capability_ids[]path added in spec(3.1): add capability_ids[] to PackageRequest for V2-native authoring #4845 (and the long-standingcreative-manifest.capability_id) can't address the entry, fall back to v1format_ids[], and lose the cross-publisher-stable naming the V2 authoring path was designed to provide.Co-located with spec(3.1): add capability_ids[] to PackageRequest for V2-native authoring #4845's buyer-side change so 3.1 release-notes readers see the buyer capability and the seller obligation together. No structural change — capability_id remains optional at the schema level; this is description-text only. The 4.0 cutover will tighten SHOULD → MUST (tracked in spec(4.0): tighten
capability_idonproduct-format-declarationfrom SHOULD → MUST #4857).Closes spec(3.1): SHOULD-publish
capability_idon everyformat_options[]entry #4856.