Resolves verification keys by keyid.
Stores (keyid, signature-bytes, expires) tuples for replay detection.
Consulted for revoked kid / jti before accepting a signature.
Optionalrequired_Operation names that MUST arrive signed. Defaults to every mutating AdCP tool (per the framework's MUTATING_TASKS). Read-only tools are optional — callers can sign them for authenticity but the verifier accepts unsigned traffic outside this list.
Optionalprotocol_JSON-RPC protocol method names that MUST arrive signed. Separate from
AdCP tool names in required_for; examples include tasks/cancel.
Optionalcovers_Default 'either' — accept signatures with or without Content-Digest.
OptionalagentResolve the agent_url claim the verifier stamps on successful results.
Useful when a single seller hosts multiple brands and the buyer's
signing key is scoped to a brand identifier rather than the root.
Inputs for the auto-wired RFC 9421 request-signature verifier. When set on AdcpServerConfig,
createAdcpServerbuilds an Express-shaped verifier middleware and attaches it to the returnedMcpServervia ADCP_PRE_TRANSPORT.serve()discovers the attached middleware and mounts it as the transport-layerpreTransporthook, so every inbound MCP request passes the verifier before reaching the JSON-RPC router.A seller wiring this config MUST also publish a buyer-visible discovery surface in
capabilities, one of:capabilities.request_signing.supported: true. Buyers learn the agent verifies signatures fromget_adcp_capabilities; no deprecated specialism claim required. The universalsigned_requestsstoryboard grades on this signal alone.'signed-requests'tocapabilities.specialisms. The 3.0-era enum value is preserved through the AdCP 4.0 deprecation cycle (adcp#3075); when this path is taken the runner emitssigned_requests_specialism_deprecated(adcp-client#2082, adcp#4796).createAdcpServerthrows at construction time whensignedRequestsis set but neither discovery surface is declared, closing the footgun where the verifier silently rejects every signed request from buyers who never learned to sign. The inverse (specialism or capability declared without asignedRequestsconfig) is logged loudly but not thrown — legacy servers that hand-build the middleware viaserve({ preTransport })stay conformant.jwks,replayStore, andrevocationStoreshould be hoisted outside the agent factory so a single verifier instance serves every request — otherwise each request would build a fresh replay store and the rate- abuse / replay-detection guards would be per-request (i.e. broken).