@adcp/sdk API Reference - v10.0.1
    Preparing search index...

    Interface SignedRequestsConfig

    Inputs for the auto-wired RFC 9421 request-signature verifier. When set on AdcpServerConfig, createAdcpServer builds an Express-shaped verifier middleware and attaches it to the returned McpServer via ADCP_PRE_TRANSPORT. serve() discovers the attached middleware and mounts it as the transport-layer preTransport hook, so every inbound MCP request passes the verifier before reaching the JSON-RPC router.

    A seller wiring this config MUST also publish a buyer-visible discovery surface in capabilities, one of:

    • 3.1+ canonical (recommended): set capabilities.request_signing.supported: true. Buyers learn the agent verifies signatures from get_adcp_capabilities; no deprecated specialism claim required. The universal signed_requests storyboard grades on this signal alone.
    • Back-compat: add 'signed-requests' to capabilities.specialisms. The 3.0-era enum value is preserved through the AdCP 4.0 deprecation cycle (adcp#3075); when this path is taken the runner emits signed_requests_specialism_deprecated (adcp-client#2082, adcp#4796).

    createAdcpServer throws at construction time when signedRequests is set but neither discovery surface is declared, closing the footgun where the verifier silently rejects every signed request from buyers who never learned to sign. The inverse (specialism or capability declared without a signedRequests config) is logged loudly but not thrown — legacy servers that hand-build the middleware via serve({ preTransport }) stay conformant.

    jwks, replayStore, and revocationStore should be hoisted outside the agent factory so a single verifier instance serves every request — otherwise each request would build a fresh replay store and the rate- abuse / replay-detection guards would be per-request (i.e. broken).

    interface SignedRequestsConfig {
        jwks: JwksResolver;
        replayStore: ReplayStore;
        revocationStore: RevocationStore;
        required_for?: string[];
        protocol_methods_required_for?: string[];
        covers_content_digest?: ContentDigestPolicy;
        agentUrlForKeyid?: (keyid: string) => string | undefined;
    }
    Index

    Properties

    jwks: JwksResolver

    Resolves verification keys by keyid.

    replayStore: ReplayStore

    Stores (keyid, signature-bytes, expires) tuples for replay detection.

    revocationStore: RevocationStore

    Consulted for revoked kid / jti before accepting a signature.

    required_for?: string[]

    Operation names that MUST arrive signed. Defaults to every mutating AdCP tool (per the framework's MUTATING_TASKS). Read-only tools are optional — callers can sign them for authenticity but the verifier accepts unsigned traffic outside this list.

    protocol_methods_required_for?: string[]

    JSON-RPC protocol method names that MUST arrive signed. Separate from AdCP tool names in required_for; examples include tasks/cancel.

    covers_content_digest?: ContentDigestPolicy

    Default 'either' — accept signatures with or without Content-Digest.

    agentUrlForKeyid?: (keyid: string) => string | undefined

    Resolve the agent_url claim the verifier stamps on successful results. Useful when a single seller hosts multiple brands and the buyer's signing key is scoped to a brand identifier rather than the root.