Skip to content

chore(main): release 4.4.0#328

Open
github-actions[bot] wants to merge 1 commit intomainfrom
release-please--branches--main
Open

chore(main): release 4.4.0#328
github-actions[bot] wants to merge 1 commit intomainfrom
release-please--branches--main

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Apr 30, 2026
edited
Loading

🤖 I have created a release beep boop

4.4.0 (2026-05-03)

Features

  • buyer-agent-registry: caching + rate-limit + audit emission (#380) (#407) (5a1e6b6)
  • client: looks_like_v3_capabilities — drop the v2-downgrade footgun on capabilities-validation failure (#475) (385dc80)
  • decisioning: Account v3 projection helpers — bank-details write-only guard (#356) (#366) (5d898b6)
  • decisioning: Account.mode + sandbox-authority gate for comply_test_controller (Phase 1) (#483) (f5cd8cf)
  • decisioning: adopt structured capabilities in v3 reference seller (8316105), closes #479
  • decisioning: align AccountStore.resolution literal with JS + Tier 1 docs (#330) (6490948)
  • decisioning: AuthInfo.from_verified_signer — bridge to RFC 9421 verifier (#365) (5ae109b)
  • decisioning: boot-time capabilities response shape validation (#422) (#446) (127f164)
  • decisioning: BrandRights/ContentStandards/PropertyLists/CollectionLists Protocols (breadth sprint Batch 4 — FINAL) (#335) (aeb2543)
  • decisioning: CampaignGovernancePlatform Protocol (breadth sprint Batch 3) (#334) (2ca828a)
  • decisioning: composeMethod + security composer helpers (#466) (ddad4b9)
  • decisioning: comprehensive Emma DX follow-up (P0/P1/P2 + examples) (#339) (985dcd9)
  • decisioning: create_tenant_store — opinionated multi-tenant AccountStore with fail-closed isolation (#473) (8dd5dab)
  • decisioning: createOAuthPassthroughResolver — Shape B account resolver factory (#472) (defa022)
  • decisioning: createUpstreamHttpClient + createTranslationMap (#464) (7e5f2c4)
  • decisioning: CreativeBuilderPlatform + CreativeAdServerPlatform (breadth sprint Batch 2) (#333) (5921949)
  • decisioning: credential-leak strip on every echo path + ctx_metadata guidance (#481) (52b15fa)
  • decisioning: F12 — auto-emit completion webhook on sync mutating responses (#331) (9d29754)
  • decisioning: handoff_to_workflow — externally-completed task primitive (#336) (bff48ab)
  • decisioning: mock-mode upstream URL routing — Account.metadata['mock_upstream_url'] + DecisioningPlatform.upstream_for (Phase 2) (#487) (5c605b4)
  • decisioning: MockAdServer Protocol + /_debug/traffic counters (#383) (#405) (53d8b8c)
  • decisioning: PgBuyerAgentRegistry — durable Tier 2 commercial-identity store (#364) (fbdcb31)
  • decisioning: PostgresTaskRegistry — durable HITL task state (v6.1) (#361) (e01eef0)
  • decisioning: project full capability blocks via DecisioningCapabilities (c09433c), closes #479
  • decisioning: project full get_adcp_capabilities response schema into DecisioningCapabilities (55613f8)
  • decisioning: re-export SignalsFeatures + ContentStandards capability sub-models (74671d0), closes #485
  • decisioning: retype DecisioningCapabilities.specialisms to Specialism enum union (9fb7fc9), closes #479
  • decisioning: SignalsPlatform + AudiencePlatform Protocols (breadth sprint Batch 1) (#332) (c66ff72)
  • decisioning: state-machine helpers + typed exception classes + ref_account_id (#465) (9301acf)
  • decisioning: surface capability sub-models via adcp.decisioning.capabilities (bc5bb9a), closes #479
  • decisioning: Tier 2 — BuyerAgentRegistry + dispatch wire-up + AuthInfo v3 fields (#349) (#359) (9dad22c)
  • decisioning: UserWarning when sales-* required methods missing (#423) (#445) (5349ddc)
  • decisioning: v6.0 DecisioningPlatform foundation (skeleton + design) (#316) (3539359)
  • decisioning: warn when compliance_testing capability is declared without test_controller wired (37f42a7), closes #485
  • decisioning: warn when supported_protocols is auto-derived from specialisms (a0eb1e2), closes #485
  • decisioning: WebhookDeliverySupervisor + SQLAlchemy A2A stores example (#348) (73a7512)
  • decisioning: widen DecisioningCapabilities with structured wire fields (5a5219e), closes #479
  • examples: v3 reference seller — runnable Tier 2 + v3 wiring (#357) (#373) (cda07f9)
  • server: /.well-known/adcp-agents.json discovery endpoint (#381) (#406) (e6dfaad)
  • server: Account v3 wire fields + AccountStore.upsert/list/syncGovernance receive ResolveContext (#469) (62b58dc)
  • server: add asgi_middleware param to serve() (#441) (69211a3)
  • server: AuditSink Protocol + LoggingAuditSink/SlackAlertSink reference impls (#362) (66c3c57)
  • server: createMediaBuyStore — opt-in targeting_overlay echo for property-lists / collection-lists sellers (#474) (4ba19fc)
  • server: createRosterAccountStore — Shape C explicit AccountStore for publisher-curated rosters (#471) (7f919cc)
  • server: default validation=strict in serve() — wire-conformance by default (#439) (a29b61f)
  • server: SubdomainTenantRouter middleware for multi-tenant deployments (#355) (#368) (1e27dad)
  • server: transport="both" — host MCP and A2A on a single binary (#354) (#370) (1d5d907)
  • signing: async_resolve_agent — bootstrap to JWKS via brand.json (#389) (0d78bd1)
  • signing: v3-identity Tier 1 — BrandJsonJwksResolver + CapabilityCache (port from JS) (#345) (a016eca)
  • signing: verify_from_agent_url — single-call resolver+verifier factory (#401) (5931921)
  • testing: storyboard runner matrix entry for v3 reference seller (#410) (#426) (f047c23)
  • types: Account v3 projection helpers — bank-details write-only guard (#371) (e4415e3)
  • types: narrow discriminated-union errors (Stability AI Emma P2) (#340) (ad8b520)
  • v3-ref-seller: broaden sales surface + sync_accounts + invoice_recipient (#408) (f1e325b)
  • v3-ref-seller: enable server validation + declare account.supported_billing (#402) (ac7a61f)
  • v3-ref-seller: translator pattern with JS mock-server upstream (#447) (4185ced)
  • validation: ADCP_VALIDATION_MODE env var + outputSchema on tools/list (#391) (fa35bfb)
  • validation: oneOf near-miss validator hints + issues[].hint on every VALIDATION_ERROR (#476) (9985086)
  • webhook: PgWebhookDeliverySupervisor — Postgres-backed multi-worker delivery (#360) (5f1f3a0)
  • webhooks: HMAC/bearer/Docker/Standard Webhooks delivery modes (#482) (5d2c220)

Bug Fixes

  • ci: add concurrency group to cancel superseded runs on force-push (#444) (272fb01), closes #413
  • ci: align pre-commit mypy with CI — install mypy in uv dev group (#427) (d3d8f7b)
  • ci: pre-install @adcp/client + bump readiness window for v3 storyboard (#448) (6b89599)
  • decisioning: address expert review — major_versions passthrough, supported_protocols default, nested re-exports (b72b744), closes #479
  • decisioning: apply 3.10 mock-target fix to second compliance_testing test (d086aa8), closes #485
  • decisioning: fire legacy-field DeprecationWarnings at construction (679709b), closes #485
  • decisioning: handle Specialism|str union in create_media_buy_store (6f3faa0), closes #479
  • decisioning: handler shims for every non-sales wire tool (#337) (a51c5a4)
  • decisioning: mock target Python 3.10 import-resolution compat (40b4517), closes #485
  • decisioning: post-#484 capabilities-projection polish (closes #485) (87bacfb)
  • decisioning: three Emma cross-cutting findings + matrix runner (#341) (4938ee1)
  • decisioning: Tier 2 codes → spec-conformant PERMISSION_DENIED (#375) (#393) (870e98a)
  • decisioning: Tier 2 expert-review fix-pack (#372) (9605f44)
  • decisioning: update v3 reference seller smoke tests for Specialism|str union (09c5669), closes #479
  • decisioning: wire-path dispatch + F12 silent no-op (Emma sales-direct P0s) (#338) (50c985e)
  • migrate: per-symbol replacement for generated_poc reach-ins (#329) (100680b)
  • server: protocol-polish follow-ups from PR #341 (#342) (5a37adc)
  • testing: make a2a_compat_shim resilient to wrong a2a-sdk in /tmp worktrees (#433) (c5c581d)

Performance Improvements

  • ci: cache ~/.npm + drop per-invocation npx for storyboard runners (#450) (386cb15)
  • server: lazy-load Pydantic schema generation to fix storyboard readiness flake (#435) (8664ea3)

Documentation

  • adcp: document git worktree isolation pattern for parallel agents (#428) (117d4f2)
  • agents: add parallel agent coordination protocol to CLAUDE.md (#430) (abf0d65)
  • decisioning: adopter guide for declaring capabilities (f2e8f9a), closes #479
  • examples: Alembic migration scaffold for v3 reference seller (#390) (3035c25)

This PR was generated with Release Please. See documentation.

@github-actions github-actions Bot requested a review from bokelley as a code owner April 30, 2026 21:20
@bokelley
Copy link
Copy Markdown
Contributor

bokelley commented Apr 30, 2026

🛑 DO NOT MERGE — soaking pre-release

Holding 4.4.0 until salesagent (the load-bearing real adopter) validates the v6.0 DecisioningPlatform foundation against their codebase. They're using uv add --editable so they don't need PyPI to test; this PR will accumulate the foundation + post-merge codemod ergonomics fixes (per-symbol mapping, cascade callout, a2a-sdk callout) and whatever else lands during their soak period, then ship as one clean release.

See /.context/adcp-v4-migration-feedback.md in the salesagent worktree for the adopter-feedback driving the soak window.

@bokelley
Copy link
Copy Markdown
Contributor

bokelley commented Apr 30, 2026

Acknowledged — holding 4.4.0 pending salesagent soak validation. Will not act on this PR until the hold is lifted.

Generated by Claude Code

@bokelley bokelley mentioned this pull request Apr 30, 2026
Merged
6 tasks
@github-actions github-actions Bot force-pushed the release-please--branches--main branch from e2e3d58 to 65cf4bd Compare April 30, 2026 23:18
@bokelley bokelley mentioned this pull request Apr 30, 2026
Merged
4 tasks
bokelley added a commit that referenced this pull request Apr 30, 2026
@bokelley @claude
feat(decisioning): align AccountStore.resolution literal with JS + Ti…
6490948 
…er 1 docs (#330)

* feat(decisioning): align AccountStore.resolution literal with JS + Tier 1 docs

Round-5 design feedback (salesagent + cross-language parity audit):
the Python decisioning module's adopter surface drifts from the JS
reference at ``src/lib/server/decisioning/account.ts``. Aligning now,
hours post-foundation merge, before any adopter locks in.

Pre-release alignment (4.4.0 release PR is held; not on PyPI yet):

* ``AccountStore.resolution`` literal: ``'singleton' → 'derived'``,
  ``'from_auth' → 'implicit'``. ``'explicit'`` unchanged. Class names
  (``SingletonAccounts``, ``FromAuthAccounts``) kept — they're Python-
  ergonomic with no JS counterpart to drift from.

The literal is what the framework reads at server boot for
``validate_platform`` deployment checks; cross-language parity
matters because both SDKs read the same wire-shape concept. NOT a
``feat!:`` because the foundation hasn't shipped to PyPI in 4.4.0
form — the held release PR #328 carries this rename alongside the
foundation, so external adopters never see the old literal values.

Tier 1 documentation additions (3 of 4 from salesagent's
``adcp-decisioning-design-feedback.md``; the 4th — StateReader
UserWarning — was already implemented in round-4 via
``_NotYetWiredStateReader._warn_once``):

* ``accounts.py`` module docstring: "Spec-agent vs auth-layer
  principal" section. Resolves the load-bearing ambiguity adopters
  hit — what string AuthInfo.principal carries varies by auth shape
  (agent_url for AdCP v3 signed-request, OAuth subject for bearer,
  mTLS subject for client-cert). Adopters wiring FromAuthAccounts
  decide what their auth middleware projects.

* ``RequestContext`` docstring: "Identifier disambiguation — when
  to use which" table. ``account.id`` (data ownership),
  ``auth_principal`` (caller identity), ``caller_identity``
  (framework-managed cache scope key, never read directly),
  ``tenant_id`` (transport routing). Salesagent flagged this as
  cognitively heavy.

* ``TaskHandoff`` docstring: "What it's for / not for" section.
  Steers adopters away from human-driven HITL workflows where the
  background fn would block on a person's clicks. v6.1 may add a
  ``ctx.handoff_to_human()`` primitive; for v6.0, the recommended
  pattern for queued approvals is ``input-required`` + adopter-
  owned webhook emission, not TaskHandoff.

Tier 2 items (multi-tenant ``hello_publisher.py``,
``AdagentsAccountStore``, built-in auth adapter wrappers like
``SignedRequestAuth``/``BearerAuth``/``MtlsAuth``) deferred to 4.5.0
with proper RFCs — better design data once salesagent's actual port
exists as the reference.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(decisioning): address expert review of #330 — stale literals, table render, doc citations

Code-reviewer + docs-expert findings on the round-5 alignment PR:

- 3 stale literal references missed by the rename pass:
  * accounts.py AccountStore.resolve docstring (``'singleton'`` /
    ``'from_auth'`` references)
  * context.py auth_info field docstring
  * handler.py _extract_auth_info comment

- RequestContext identifier table:
  * Composite cache-key format was incorrect (said ``store.qualname:
    account.id``; actual is
    ``<store_module>.<store_qualname>:<account_id>`` per
    dispatch.py:457). The ``__module__`` prefix is load-bearing for
    cross-package collision isolation.
  * "NEVER read directly in adopter code" claim was overstated —
    audit logging and rate-limiting code legitimately reads
    ``ctx.caller_identity``. Tightened to "treat as opaque; don't
    parse, compare, or rewrite" so the contract matches reality.
  * Replaced the reST grid table with a definition-list format —
    the original had a 1-char width mismatch on the
    ``caller_identity`` row that would have failed pdoc3's grid-table
    parser and fallen back to literal-block rendering. Definition
    lists render correctly in pdoc3 + ``help()`` + IDE hover without
    width-counting.

- TaskHandoff "what it's NOT for" section:
  * Added concrete pointers for the human-driven HITL pattern —
    ``input-required`` status from
    ``schemas/cache/enums/task-status.json`` + per-tool
    ``*_async_response_input_required`` envelopes; webhook
    primitives in ``adcp.webhooks`` (payload builders) +
    ``adcp.webhook_sender`` (HMAC-SHA256 signing + IP-pinned
    delivery). Worked example deferred to ``hello_publisher.py`` in
    4.5.0.

- accounts.py spec-agent vs auth-principal section:
  * Tightened the signed-request claim — the SDK's ``adcp.signing``
    primitives verify the signature, but the wiring that writes
    ``AuthInfo.principal = agent_url`` lives in adopter middleware
    today (or the built-in ``SignedRequestAuth`` adapter wrapper that
    lands in 4.5.0). Adopters wiring this manually before then should
    follow the convention so ``adcp.adagents`` reads the right key.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions github-actions Bot force-pushed the release-please--branches--main branch from 65cf4bd to 8ed9739 Compare April 30, 2026 23:43
@bokelley bokelley mentioned this pull request May 1, 2026
Merged
4 tasks
@github-actions github-actions Bot force-pushed the release-please--branches--main branch from 8ed9739 to e3ca4ca Compare May 1, 2026 00:27
@bokelley bokelley mentioned this pull request May 1, 2026
Merged
4 tasks
@github-actions github-actions Bot force-pushed the release-please--branches--main branch from e3ca4ca to ad13f2e Compare May 1, 2026 01:04
@bokelley bokelley mentioned this pull request May 1, 2026
Merged
4 tasks
@github-actions github-actions Bot force-pushed the release-please--branches--main branch from ad13f2e to 4a8d878 Compare May 1, 2026 01:31
@bokelley bokelley mentioned this pull request May 1, 2026
Merged
5 tasks
@github-actions github-actions Bot force-pushed the release-please--branches--main branch from 4a8d878 to aa7b3ac Compare May 1, 2026 01:42
@bokelley bokelley mentioned this pull request May 1, 2026
Merged
4 tasks
bokelley added a commit that referenced this pull request May 1, 2026
@bokelley @claude
feat(decisioning): BrandRights/ContentStandards/PropertyLists/Collect…
aeb2543 
…ionLists Protocols (breadth sprint Batch 4 — FINAL) (#335)

Final batch of the breadth-sprint per the parity audit. Ports the
remaining four specialism Protocols from JS reference. With this
PR, every spec specialism slug except ``governance-aware-seller``
has a Protocol class + REQUIRED_METHODS coverage.

New Protocols:

* ``BrandRightsPlatform`` — covers ``brand-rights``. Identity
  discovery + licensing. Required (3, sync): ``get_brand_identity``,
  ``get_rights``, ``acquire_rights``. ``acquire_rights`` returns a
  3-arm discriminated success union (acquired / pending / rejected)
  — rejection-as-data for spec-defined GRANT rejection, AdcpError
  only for buyer-fixable REQUEST rejection. Async outcomes for the
  ``pending`` arm flow via ``push_notification_config`` webhook
  (NOT a polling tool).

* ``ContentStandardsPlatform`` — covers ``content-standards``.
  Brand safety policies, content adjacency rules, per-creative
  compliance verification. Required (6): list/get/create/update,
  ``calibrate_content``, ``validate_content_delivery``. Optional
  (2, analyzer reads): ``get_media_buy_artifacts``,
  ``get_creative_features``.

* ``PropertyListsPlatform`` + ``CollectionListsPlatform``
  (specialisms/lists.py) — covers ``property-lists`` and
  ``collection-lists``. Parallel CRUD shapes (5 methods each, all
  required) with token-issuance semantics: ``create_*`` returns a
  per-seller-scoped ``fetch_token``, ``delete_*`` revokes it.
  Compromise-driven revocation MUST trigger the delete path.

Required-method coverage in ``REQUIRED_METHODS_PER_SPECIALISM``:
``brand-rights`` (3), ``content-standards`` (6),
``property-lists`` (5), ``collection-lists`` (5).

Public re-exports added at ``adcp.decisioning.__all__``:
``BrandRightsPlatform``, ``ContentStandardsPlatform``,
``PropertyListsPlatform``, ``CollectionListsPlatform``.

Test coverage in ``tests/test_decisioning_specialisms.py`` (13 new
tests, 43 total in the file):

* ``runtime_checkable`` conformance per Protocol.
* ``validate_platform`` enforcement per slug — including a
  security-relevant test that ``property-lists`` REQUIRES
  ``delete_property_list`` (revocation path) so adopters can't ship
  list-publishing without revocation primitives.
* Contract pins per slug.
* **Breadth-sprint completeness pin**:
  ``test_every_spec_slug_except_governance_aware_seller_is_enforced``
  asserts that ``SPEC_SPECIALISM_ENUM - REQUIRED_METHODS.keys()``
  yields exactly ``{governance-aware-seller, signed-requests}`` —
  the two slugs unenforced by design (composition claim and
  deprecated-moved-to-universal respectively).

One existing dispatch test updated:
``test_validate_platform_warns_on_unenforced_spec_specialism``
swapped its canonical "spec-recognized but unenforced" example
from ``brand-rights`` (now enforced) to ``governance-aware-seller``
(the only remaining unenforced spec slug — by design).

**Breadth sprint COMPLETE.** All 8 missing specialism Protocols
from the parity audit are now ported. 9 PRs total accumulating in
the held release PR #328:

* #316 foundation
* #329 codemod ergonomics
* #330 parity rename + Tier 1 docs
* #331 F12 auto-emit
* #332 Signals + Audience (Batch 1)
* #333 Creative Builder + AdServer (Batch 2)
* #334 Campaign Governance (Batch 3)
* #335 Brand + Content + Lists (Batch 4 — this PR)

Ready for salesagent validation against editable install before
tagging 4.4.0.

2252 tests pass (up from 2239).

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions github-actions Bot force-pushed the release-please--branches--main branch from aa7b3ac to 2249e42 Compare May 1, 2026 01:57
@bokelley bokelley mentioned this pull request May 1, 2026
Merged
5 tasks
@github-actions github-actions Bot force-pushed the release-please--branches--main branch 9 times, most recently from 6f7515d to c0872cd Compare May 2, 2026 17:29
@github-actions github-actions Bot force-pushed the release-please--branches--main branch 29 times, most recently from 0ec8620 to b3079d5 Compare May 3, 2026 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bokelley bokelley Awaiting requested review from bokelley bokelley is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

autorelease: pending

Projects

None yet

Milestone

No milestone

1 participant

@bokelley