Optionalalways_AdCP operation names to sign regardless of the seller's advertisement.
Useful during pilots before a counterparty flips an op into required_for.
Optionalsign_When true, also sign operations the seller lists in supported_for (but
not required_for). Defaults to false — conservative "sign what the
seller asks for" behavior.
Optionaljwks_Informational mirror of the JWKS endpoint where this agent publishes
its verification keys. Verifiers do not read this field — they walk
brand.json from agent_url to discover the authoritative jwks_uri.
The field is carried on the buyer-side config so audit logs, custom
verifier wiring, and split-domain setups have a single self-describing
source of truth that matches what brand.json publishes.
Common case: split-domain setups where the JWKS lives off the
conventional ${agent_url}/.well-known/jwks.json path (identity
domain separate from the agent endpoint). Make sure brand.json's
jwks_uri agrees with whatever you set here — brand.json is
authoritative; this field documents intent.
The signing provider that produces RFC 9421 signature bytes. Imported
from @adcp/sdk/signing — see SigningProvider for the interface
contract and examples/gcp-kms-signing-provider.ts for a reference
KMS adapter.
Agent base URL — same semantics as the inline shape.
KMS-backed (or otherwise externalized) signing identity. The SDK calls
provider.sign(payload)on every signed request — async, may dispatch to a managed key store. Use a SigningProvider for production deployments that keep private keys out of process memory.The
kidandalgcome from the provider itself; this shape only carries the agent'sagent_urland the operation-list overrides.