Skip to main content

Failure-mode competency scope

This document maps each AdCP failure-mode scenario to the certification module(s) where it belongs, specifies the depth target per tier, and defines the assessment approach. It is a scoping artifact — authoring of the actual content in each module is tracked in follow-up issues per module. Depth levels used below:

FM-1 — Idempotency replay / conflict / expired

Status: Partially covered. #2346 and #2367 established idempotency in the training agent. This entry consolidates the assessment scope. Gap to close before authoring: Confirm S1 lab exercise 7 (“Lifecycle management”) stages all three error states in sandbox, not just NOT_CANCELLABLE. If not, extend exercise 7 to cover IDEMPOTENCY_CONFLICT and IDEMPOTENCY_EXPIRED.

FM-2 — Creative compliance failure post-launch

Status: Not yet in any module. Prerequisite reading is present in S2 and S4, but no lab exercise walks the post-launch discovery path. Gap to close before authoring: Add a numbered lab exercise to S2 that explicitly stages a post-launch compliance failure using validate_content_delivery. The prerequisite reading card is present; the exercise is not. Without a staged scenario, assessment relies entirely on conversation and cannot satisfy IACET Element 7 (demonstrable competency evidence). The authoring issue must specify three things to prevent a reading card from being filed as a lab exercise: (a) the sandbox agent must be configured to return a validate_content_delivery violation on a specific creative ID after a simulated flight-start event; (b) the learner must invoke get_media_buy_artifacts within the same session and correlate the audit artifact to the violation; (c) this constitutes a required demonstration with a stable criterion ID (e.g., s2_postlaunch_sc0) — the recertification machinery only fires if the ID exists.

FM-3 — Payment / settlement reconciliation differences

Status: Not yet in any module. Schema being finalized in #2391 (billing reconciliation, AdCP 3.1). Scoped now against current delivery and accountability-terms surfaces; depth will expand when #2391 lands. Flag for authoring: Assign a stable criterion ID (e.g., s1_recon_sc0) at authoring time. When #2391 ships a reconciliation schema, S1 credentials issued under the current criteria must be flagged for targeted recertification — the recertification machinery in the instructional design framework only fires if the criterion ID exists. Do not leave this implicit. Depth TBD pending #2391: Once the billing reconciliation schema lands, add a second criterion (s1_recon_sc1) covering the new settlement fields. Credentials issued before that addition are candidates for recertification per the protocol-triggered recertification policy.

FM-4 — Governance token mismatch / authorization revoked mid-lifecycle

Status: Partially covered. S4 covers GOVERNANCE_DENIED recovery, the 15-step JWS verification, and the governance_context correlation model. Mid-lifecycle revocation is distinct from denial at check time and is not yet named as a scenario. Gap to close before authoring: S4’s “What you’ll demonstrate” section covers the 15-step JWS verification and governance_context correlation model but does not name mid-lifecycle revocation as a discrete scenario. Add it as a demonstration item and extend lab exercise 7 (“GOVERNANCE_DENIED recovery”) with a revocation-during-execution variant.

FM-5 — Lifecycle state stuck (media buy, creative, account, SI session, catalog)

Status: Not yet in any module as an explicit failure-mode scenario. S1 lab exercise 6 covers forced rejection from pending_start but not timeout without response. S5 covers normal SI session management but not stuck or expired sessions. Gap to close before authoring:
  • S5’s current “What you’ll demonstrate” covers normal session management only. Add session expiry and stuck-session recovery as explicit demonstration items.
  • S1 lab exercise 6 should be extended (or a variant added) for the timeout-without-response case, distinct from the forced rejection already staged.

FM-6 — Webhook delivery failure / retries

Status: Not yet in any module as a failure scenario. D3 prerequisite reading references error handling but no lab exercise or assessment dimension covers webhook failure. Gap to close before authoring: Add a scenario within D3’s error-handling discussion (not necessarily a full new exercise) that walks a webhook delivery failure end-to-end. D3 currently lists the error-handling docs as prerequisite reading but has no lab exercise or assessment item that tests operational recovery.

FM-7 — Signed-request validation failure

Status: Not yet in any module as a failure scenario. S1 covers the buyer-identity resolution chain (signature → JWKS → agent entry → brand.json) conceptually, but no module tests a fail-closed implementation. Note on criterion IDs: Assign separate criterion IDs for D2 (d2_sig_sc0) and S1 (s1_sig_sc0) at authoring time so that a future change to RFC 9421 request signing triggers recertification in both modules independently. Related (FM-C below): adagents.json / brand.json authorization failure at agent discovery is a closely related onboarding failure mode scoped separately.

FM-8 — TMP provider integration failure

Status: Reclassified from “TMP attestation failure.” TMP cryptographic attestation is a SHOULD (not a MUST) in AdCP 3.0 and is marked “future enhancement” in the specification — the current conformance model is publisher-attested via adagents.json over HTTPS. Teaching cryptographic attestation failure as a certification topic before the mechanism is stable would credential knowledge of a future feature rather than current protocol behavior. The operationally real failure modes today are: (1) adagents.json binding failure — provider not listed, seller_agent URL mismatch, or bypass-mode misconfiguration; (2) TMP Router provider configuration failure; (3) Identity Match returning no result due to integration misconfiguration, causing the frequency-cap logic to fall back to no-cap behavior. Home is S1, not S3 — TMP is a media buy execution mechanism, not a signals/audiences topic. Deferred: Cryptographic attestation failure scenarios will be added when TMP moves out of experimental status. Gap to close before authoring: Add a failure variant to S1 lab exercise 9 — same cross-publisher suppression scenario, but Identity Match returns no result due to adagents.json misconfiguration. This is an extension of an existing exercise, not a new one.

FM-9 — Cross-protocol policy conflicts

Status: Not yet in any module. S4 covers composing governance domains (campaign, property, collection, content standards, creative) but does not include a scenario where rules from multiple domains conflict and must be adjudicated. Rationale for S4 (not a new cross-domain section): S4 already covers governance domains composing, including their interaction across campaign, property, collection, content standards, and creative. The cross-protocol scenario is an extension of existing S4 scope, assessable with S4 + S3 prerequisite knowledge. A new module section would require authoring scope that this issue explicitly defers. Flag for #2391: If billing reconciliation introduces a governance dimension to payment authorization (e.g., a plan that constrains spend must validate against billing reconciliation rules), add a second criterion ID in S4 for that interaction when #2391 closes.

FM-A — Account payment required blocking active buys

Status: Not in the original candidate list. Identified during curriculum review as a real, high-frequency operational failure. The account state machine allows an account to transition to payment_required, which blocks new spend but does not terminate in-flight campaigns. Buyer agents that treat all authorization failures as transient will over-retry; agents that treat them as fatal will stop managing campaigns that can still be modified. Neither behavior is correct.

FM-B — report_usage pricing mismatch

Status: Not in the original candidate list. Identified as a billing dispute trigger: the buyer reports a pricing_option_id in report_usage that does not match the rate negotiated at buy time, and the seller agent rejects it. This is operationally painful for CPA and performance-priced campaigns where the pricing option ID changes between the buy and the reporting call. Scope note: If #2391 introduces a formal billing reconciliation mechanism, this failure mode may merge with FM-3 into a unified settlement module. Flag for review when #2391 closes.

FM-C — adagents.json / brand.json authorization failure at discovery

Status: Not in the original candidate list. Identified as the most common onboarding failure for new integrations: a buyer agent discovers a sales agent via get_adcp_capabilities, attempts OAuth authentication, and the seller rejects the token because the buyer’s adagents.json does not declare the correct authorized_agents[] relationship — or the brand.json entry does not match the agent identity presented in the signed request.

Open items tracker


Module impact summary

The table below shows which specialist and practitioner modules need authoring follow-ups. Each ✦ is a new lab exercise or demonstration item; each ✧ is a new exam scenario or cross-reference.