docs(AdcpErrorInfo): warn sellers that message/details are grader-visible via ComplianceResult#1698
Merged
Merged
Conversation
…ible `adcp_error.message` and `.details` from seller responses are forwarded into `ComplianceResult.failures[].adcp_error` (landed in PR #1684) — a grader-visible archive surface that outlives the request. Three touches: - JSDoc on `AdcpErrorInfo.message` and `.details` in ConversationTypes.ts with an explicit seller-side warning (grader-visible, don't embed tokens or internal IDs) - New subsection §4 "Compliance failure envelopes (`adcp_error`)" in `docs/guides/CTX-METADATA-SAFETY.md` covering what flows where, what to avoid, and cross-linking to pickSafeDetails - Two-sentence addition in `skills/build-decisioning-platform/advanced/ REFERENCE.md` pickSafeDetails section noting the compliance-record leak class alongside the live-buyer-response leak class Closes #1697 https://claude.ai/code/session_011YZtF1KAFTD54e85so2KjN
Three ../ hops not four from skills/build-decisioning-platform/advanced/ to repo root. https://claude.ai/code/session_011YZtF1KAFTD54e85so2KjN
bokelley
added a commit
that referenced
this pull request
May 11, 2026
bokelley
added a commit
that referenced
this pull request
May 11, 2026
…ErrorInfo (#1699) * feat(client): add AdcpValidationIssue type and issues[] field on AdcpErrorInfo Adds `AdcpValidationIssue` (pointer/message/keyword/schemaPath?) and `issues?: AdcpValidationIssue[]` to `AdcpErrorInfo` and `ExtractedAdcpError`, populated by `extractAdcpErrorInfo` and `buildExtracted` from the seller's VALIDATION_ERROR envelope. Previously the spec's `issues[]` array landed in the free-form `details` field; consumers had to read `details.validation_errors` as a convention. Now it surfaces as a typed field that LLM self-correction loops can read directly via `failure.adcp_error.issues[].pointer` and `.keyword`. Closes #1694. https://claude.ai/code/session_01RxPkjDrwRRT8TNW7U4ShHQ * test(error-extraction): cover issues[] forwarding + drop duplicate ValidationError import Adds eight regression tests for the new issues[] field landing in #1694: - L3 structuredContent path forwards well-formed issues with pointer/message/keyword - Malformed items (non-string fields, missing keys) are dropped - All-malformed input → field absent, never [] - Wire field absent → undefined - Wire field non-array → undefined - details + issues are orthogonal (both can co-exist) - schemaPath preserved when present - L3 path drops bad items by the same rule Also drops a duplicate `import { ValidationError }` in `request-normalizer.ts` introduced by the squash-merge collision of #1681 + #1683 — both PRs added the import from slightly different paths and the squash produced two identical imports, breaking the build on main. Fixed here so #1699 builds clean; the fix lands on main when this PR merges. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * style(error-extraction): prettier — single-line filter callback Pure formatting fix flagged by CI. * fix(test): pass account in pre-3.0 package shape tests Same fix as on #1698's branch — after #1683 landed, create_media_buy requires account; the package-shape validators (#1681) need an account fixture to be the gate under test. --------- Co-authored-by: Claude <noreply@anthropic.com>
bokelley
added a commit
that referenced
this pull request
May 11, 2026
…applicable in ComplianceResult (#1701) * feat(conform): split storyboards_missing_tools from storyboards_not_applicable (#1695) Adds ComplianceResult.storyboards_missing_tools to distinguish storyboards filtered because the agent declared the protocol but a required tool was absent from storyboards_not_applicable (version-gated, protocol not declared). Also fixes pre-existing duplicate ValidationError import in request-normalizer.ts. Closes #1695 https://claude.ai/code/session_01J4JR1oK6rvbGZstZxZL4yG * feat(conform): update complyImpl to route required_tools stubs to storyboards_missing_tools Split the notApplicable array into two: version-gated entries remain in notApplicable (→ storyboards_not_applicable) and required_tools-filtered entries go to missingToolStoryboards (→ storyboards_missing_tools). Part of #1695 https://claude.ai/code/session_01J4JR1oK6rvbGZstZxZL4yG * fix(comply): restore escape sequences in sanitizeAgentText and separator widths Revert two incidental prettier-formatting changes that crept in during the previous commit: 1. sanitizeAgentText regex: prettier had converted explicit Unicode escape sequences ( --) into embedded literal bidi control characters. Reverted to escape sequences — the function strips these characters and having them appear as invisible literals in the source makes security review much harder. 2. Section separator comments: prettier trimmed the ─────── bars from 60 to 56 characters. Restored original width to preserve existing style. * fix(comply): restore escape sequences in sanitizeAgentText and separator widths Revert two incidental prettier-formatting changes from the previous commit: 1. sanitizeAgentText regex: prettier had converted explicit Unicode escape sequences ( --) into embedded literal bidi control characters. Reverted to named escape sequences — the function strips these chars; having them embedded invisibly in security-sensitive source makes code review much harder. 2. Section separator comments: prettier trimmed the ─── bars from 60 to 56 characters. Restored original width. * test: encoding verification * fix(comply): restore \uXXXX escape sequences in sanitizeAgentText regex Revert incidental prettier change that converted Unicode escape sequences to embedded literal bidi control characters in the sanitizeAgentText regex. The function strips these characters; having them appear as invisible literals in security-sensitive source makes code review much harder. Also restores the section separator comments from 56 to 60 dashes (also prettified in the same pass). * chore: remove accidental test artifact * fix(conform): bump changeset to major, document skip_causes for tool names * fix(test): pass account in pre-3.0 package shape tests Same fix as on #1698/#1699/#1700 — after #1683 landed, create_media_buy requires account. Add `account: { account_id: 'test-acc' }` to both fixtures so the package-shape gates (#1681) remain the gate under test.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #1697
PR #1684 wired
adcp_errorfrom seller responses intoComplianceResult.failures[].adcp_error— a grader-visible archive surface (AAO grader, compliance dashboards, LLM self-correction loops) that outlives the originating request. Sellers who interpolate bearer tokens, account IDs, or internal paths intoadcp_error.messageor.detailsnow have that data flow into grader archives without realizing it. This PR adds the missing hygiene guidance at three points-of-use.Changes
src/lib/core/ConversationTypes.ts— JSDoc onAdcpErrorInfo.messageand.detailsadds an explicit seller-side warning: do not embed tokens, account IDs, or internal paths; these fields land inComplianceResult.failures[].adcp_errorand are grader-visible beyond the request lifetime.docs/guides/CTX-METADATA-SAFETY.md— New subsection §4 "Compliance failure envelopes (adcp_error)" under "Why the wire-strip isn't enough". Covers what flows where, what to avoid, what is safe, and cross-links topickSafeDetails.skills/build-decisioning-platform/advanced/REFERENCE.md— Two-sentence addition after thepickSafeDetailsblock noting thatmessageanddetailsare also compliance-record surfaces, so the same sanitization discipline applies.A
patchchangeset is included for thesrc/lib/JSDoc touch (per repo convention: anysrc/lib/change, including comment-only, gets a changeset).What was tested
npm run format:check— passed ✓npm run typecheck— two pre-existing errors only (TS2688: node type defs,TS5107: moduleResolution=node10 deprecated); no new errors introduced (same baseline logged in PR fix(comply): forward structured adcp_error from failed storyboard steps #1684)../../skills/…fromdocs/guides/✓ and../../../docs/…fromskills/build-decisioning-platform/advanced/✓Pre-PR review
../count) found and fixed before PR#2-info-level-structured-logsresolves correctly, no remaining blockersSession: https://claude.ai/code/session_011YZtF1KAFTD54e85so2KjN
Generated by Claude Code