Build the singleton account from the request context. Called on every
resolve() (no caching — the tenant is per-request because the auth
principal varies). The returned account's id is typically a stable
literal (e.g. 'audiostack', '__publisher_wide__'); single-tenant
adapters have no buyer-supplied account_id to reflect back.
DO NOT put credentials in ctx_metadata. See
docs/guides/CTX-METADATA-SAFETY.md for the rationale. The wire-strip
protects buyer responses but does NOT protect server-side log lines,
error envelopes, or adopter-generated strings (e.g. JSON.stringify(account)
in an error message). Re-derive the bearer from ctx.authInfo per
request inside specialism methods instead.
Adopters MAY omit authInfo from the returned Account — the framework
auto-attaches the principal from ctx.authInfo when absent (matches
Shape A/B/C semantics).
OptionalskipSkip the AUTH_REQUIRED precheck. Defaults to false — the factory
throws AdcpError('AUTH_REQUIRED') when ctx.authInfo is absent or
carries no credential, matching the canonical Shape D pattern (every
call must authenticate).
Set to true for genuinely unauthenticated single-tenant agents (rare —
public format catalogs, signed-request-only agents that authenticate
out-of-band). When true, toAccount runs unconditionally.
If you're tempted to set this because tests don't carry authInfo,
fix the tests instead — serve({ authenticate }) should populate
ctx.authInfo from your test harness (or use dispatchTestRequest
which threads a synthetic principal). The escape hatch is for
production agents that legitimately accept unauthenticated traffic,
not for working around fixture gaps.
Options for createDerivedAccountStore.