What the SDK already handles
Before listing what’s missing, it helps to be explicit about what a storyboard-validated agent already gives you:- AdCP tool schemas and typed registration
- Request/response shapes that pass compliance
- Error formats and version negotiation
- A starting point with example products you can swap for real ones
Partner, self-host, or build
There are three paths to a live agent. They differ in how much you own, not whether you own anything at all — in every case you still own products, pricing, and the activation into your ad server. Partner with a managed sales agent platform. The platform runs the agent endpoint, holds state, and exposes admin UIs for your ad ops team to manage products, pricing, and approvals. You connect your ad server; the platform handles the protocol and the operations around it. Fastest to live, least control. Self-host a prebuilt agent. Deploy an existing open-source agent — today this usually means the Prebid Sales Agent, a community full-stack seller agent with GAM integration — on your own infrastructure, and connect it to your systems. You skip writing the protocol layer and admin UI, but you own hosting, upgrades, database, and the ad-server wiring. Middle ground: more control than partnering, less work than building. Build your own. Use the SDK and skill files to write a custom agent. You get full control over business logic, pricing models, and activation paths, at the cost of owning the code alongside everything else. Right answer when no prebuilt agent fits your stack or pricing model. The SDKs and storyboards cover protocol compliance across all three paths. Everything in the table below is what’s outside that line, regardless of which path you take.What you’ll still need to build or provision
Where the protocol ends and your business begins
AdCP defines the shape of the conversation between agents. It does not define:- Pricing strategy — how you price inventory, how rate cards flex, when discounts apply
- Approval policy — which campaigns you accept or reject, and on what grounds
- Billing and invoicing — no spec-level billing; you reconcile with buyers out-of-band
- Identity and consent — user-level identity, consent capture, and data-subject rights are regulated and implementation-specific
- SLA monitoring — uptime, latency, and error budgets for your agent endpoint
- Ad ops workflow — how your team monitors pacing, makegoods, and escalations
Where this differs by agent type
The components table above assumes a sales agent. Other agent types share most of it but have specific additions:- Signals agents — consent and provenance are load-bearing. You need a defensible data lineage (where a segment came from, what consent covers it) and the ability to honor opt-outs. Activation is less about ad-server trafficking and more about delivering segments to platforms that already ingest them.
- Creative agents — asset storage, transcoding, and rendering SLAs replace ad-server trafficking. Creative review becomes policy on what you’ll render, not what you’ll traffic.
- Retail-media agents — catalog freshness is the operational constraint; your products change as SKUs change. Activation often runs through retail-specific ad platforms rather than GAM.
Operating the agent in production
A protocol-compliant agent is not the same as a well-operated agent. That’s two different concerns: ongoing ad-ops health (the protocol stuff actually doing its job) and security (the protocol stuff staying trustworthy when it does). Treat both with the same seriousness you give your ad-server integration.Ad-ops health monitoring — what you actually watch
This is the day-to-day job. Most of it is protocol-aware extensions of the monitoring any ad ops team already runs. The point is not “new concepts to learn” — it’s “here are the specific protocol signals you need dashboards for.” Addie can help you set these up.
This is the monitoring a sales agent needs regardless of who wrote the code. A partner platform should expose dashboards for most of this; a self-hosted prebuilt agent requires you to wire them up; a self-built agent puts every row on your team.
Security monitoring — what compliance covers vs. what stays with you
Most AdCP security mechanics are enforced by the compliance suite — you don’t need to hand-verify them. The storyboard runner verifies authentication, idempotency, schema conformance, error handling, and governance behavior against your agent. If the suite passes, the wire-level behavior is correct. You don’t need to learn agent/account scoping internals, JWS verification steps, or canonical JSON — the tests do. What the compliance suite checks (so you don’t have to teach it):
What you still own, regardless of who wrote the code:
If you’re partnering, ask the vendor: “Do you pass the AdCP compliance suite on every release? Which version? Can I see the latest run?” That single question covers most of the code-controls surface. Also ask whether they hold SOC 2 Type II, ISO 27001, or the equivalent attestation for your industry — and what their breach-notification commitment is. If you’re self-hosting a prebuilt agent, run the compliance suite yourself against your deployment. If you’re self-building, the compliance suite is your regression harness.
For security and IT leaders: The Security Model page is written for you — CISOs, security architects, and third-party risk reviewers at brands, agencies, publishers, and platforms alike. It explains the threat landscape and what AdCP defends against by design, and includes a checklist of questions to ask your engineering team (or your vendor) before going live.
What’s next
- Validate Your Agent — The compliance suite referenced above
- Security — The normative reference for HMAC, idempotency, SSRF, and governance verification
- How Agents Communicate — Discovery via
adagents.jsonandbrand.json - Seller Integration — Patterns for connecting an agent to an ad server
- Authorized Properties — Who can sell what, and how that’s declared