Failure-mode competency scope
This document maps each AdCP failure-mode scenario to the certification module(s) where it belongs, specifies the depth target per tier, and defines the assessment approach. It is a scoping artifact — authoring of the actual content in each module is tracked in follow-up issues per module. Depth levels used below:FM-1 — Idempotency replay / conflict / expired
Status: Partially covered.#2346 and #2367 established idempotency in the training agent. This entry consolidates the assessment scope.
Gap to close before authoring: Confirm S1 lab exercise 7 (“Lifecycle management”) stages all three error states in sandbox, not just
NOT_CANCELLABLE. If not, extend exercise 7 to cover IDEMPOTENCY_CONFLICT and IDEMPOTENCY_EXPIRED.
FM-2 — Creative compliance failure post-launch
Status: Not yet in any module. Prerequisite reading is present in S2 and S4, but no lab exercise walks the post-launch discovery path.
Gap to close before authoring: Add a numbered lab exercise to S2 that explicitly stages a post-launch compliance failure using
validate_content_delivery. The prerequisite reading card is present; the exercise is not. Without a staged scenario, assessment relies entirely on conversation and cannot satisfy IACET Element 7 (demonstrable competency evidence). The authoring issue must specify three things to prevent a reading card from being filed as a lab exercise: (a) the sandbox agent must be configured to return a validate_content_delivery violation on a specific creative ID after a simulated flight-start event; (b) the learner must invoke get_media_buy_artifacts within the same session and correlate the audit artifact to the violation; (c) this constitutes a required demonstration with a stable criterion ID (e.g., s2_postlaunch_sc0) — the recertification machinery only fires if the ID exists.
FM-3 — Payment / settlement reconciliation differences
Status: Not yet in any module. Schema being finalized in#2391 (billing reconciliation, AdCP 3.1). Scoped now against current delivery and accountability-terms surfaces; depth will expand when #2391 lands.
Flag for authoring: Assign a stable criterion ID (e.g.,
s1_recon_sc0) at authoring time. When #2391 ships a reconciliation schema, S1 credentials issued under the current criteria must be flagged for targeted recertification — the recertification machinery in the instructional design framework only fires if the criterion ID exists. Do not leave this implicit.
Depth TBD pending #2391: Once the billing reconciliation schema lands, add a second criterion (s1_recon_sc1) covering the new settlement fields. Credentials issued before that addition are candidates for recertification per the protocol-triggered recertification policy.
FM-4 — Governance token mismatch / authorization revoked mid-lifecycle
Status: Partially covered. S4 coversGOVERNANCE_DENIED recovery, the 15-step JWS verification, and the governance_context correlation model. Mid-lifecycle revocation is distinct from denial at check time and is not yet named as a scenario.
Gap to close before authoring: S4’s “What you’ll demonstrate” section covers the 15-step JWS verification and
governance_context correlation model but does not name mid-lifecycle revocation as a discrete scenario. Add it as a demonstration item and extend lab exercise 7 (“GOVERNANCE_DENIED recovery”) with a revocation-during-execution variant.
FM-5 — Lifecycle state stuck (media buy, creative, account, SI session, catalog)
Status: Not yet in any module as an explicit failure-mode scenario. S1 lab exercise 6 covers forced rejection frompending_start but not timeout without response. S5 covers normal SI session management but not stuck or expired sessions.
Gap to close before authoring:
- S5’s current “What you’ll demonstrate” covers normal session management only. Add session expiry and stuck-session recovery as explicit demonstration items.
- S1 lab exercise 6 should be extended (or a variant added) for the timeout-without-response case, distinct from the forced rejection already staged.
FM-6 — Webhook delivery failure / retries
Status: Not yet in any module as a failure scenario. D3 prerequisite reading references error handling but no lab exercise or assessment dimension covers webhook failure.
Gap to close before authoring: Add a scenario within D3’s error-handling discussion (not necessarily a full new exercise) that walks a webhook delivery failure end-to-end. D3 currently lists the error-handling docs as prerequisite reading but has no lab exercise or assessment item that tests operational recovery.
FM-7 — Signed-request validation failure
Status: Not yet in any module as a failure scenario. S1 covers the buyer-identity resolution chain (signature → JWKS → agent entry → brand.json) conceptually, but no module tests a fail-closed implementation.
Note on criterion IDs: Assign separate criterion IDs for D2 (
d2_sig_sc0) and S1 (s1_sig_sc0) at authoring time so that a future change to RFC 9421 request signing triggers recertification in both modules independently.
Related (FM-C below): adagents.json / brand.json authorization failure at agent discovery is a closely related onboarding failure mode scoped separately.
FM-8 — TMP provider integration failure
Status: Reclassified from “TMP attestation failure.” TMP cryptographic attestation is a SHOULD (not a MUST) in AdCP 3.0 and is marked “future enhancement” in the specification — the current conformance model is publisher-attested viaadagents.json over HTTPS. Teaching cryptographic attestation failure as a certification topic before the mechanism is stable would credential knowledge of a future feature rather than current protocol behavior. The operationally real failure modes today are: (1) adagents.json binding failure — provider not listed, seller_agent URL mismatch, or bypass-mode misconfiguration; (2) TMP Router provider configuration failure; (3) Identity Match returning no result due to integration misconfiguration, causing the frequency-cap logic to fall back to no-cap behavior. Home is S1, not S3 — TMP is a media buy execution mechanism, not a signals/audiences topic.
Deferred: Cryptographic attestation failure scenarios will be added when TMP moves out of experimental status.
Gap to close before authoring: Add a failure variant to S1 lab exercise 9 — same cross-publisher suppression scenario, but Identity Match returns no result due to
adagents.json misconfiguration. This is an extension of an existing exercise, not a new one.
FM-9 — Cross-protocol policy conflicts
Status: Not yet in any module. S4 covers composing governance domains (campaign, property, collection, content standards, creative) but does not include a scenario where rules from multiple domains conflict and must be adjudicated.
Rationale for S4 (not a new cross-domain section): S4 already covers governance domains composing, including their interaction across campaign, property, collection, content standards, and creative. The cross-protocol scenario is an extension of existing S4 scope, assessable with S4 + S3 prerequisite knowledge. A new module section would require authoring scope that this issue explicitly defers.
Flag for
#2391: If billing reconciliation introduces a governance dimension to payment authorization (e.g., a plan that constrains spend must validate against billing reconciliation rules), add a second criterion ID in S4 for that interaction when #2391 closes.
FM-A — Account payment required blocking active buys
Status: Not in the original candidate list. Identified during curriculum review as a real, high-frequency operational failure. The account state machine allows an account to transition topayment_required, which blocks new spend but does not terminate in-flight campaigns. Buyer agents that treat all authorization failures as transient will over-retry; agents that treat them as fatal will stop managing campaigns that can still be modified. Neither behavior is correct.
FM-B — report_usage pricing mismatch
Status: Not in the original candidate list. Identified as a billing dispute trigger: the buyer reports apricing_option_id in report_usage that does not match the rate negotiated at buy time, and the seller agent rejects it. This is operationally painful for CPA and performance-priced campaigns where the pricing option ID changes between the buy and the reporting call.
Scope note: If
#2391 introduces a formal billing reconciliation mechanism, this failure mode may merge with FM-3 into a unified settlement module. Flag for review when #2391 closes.
FM-C — adagents.json / brand.json authorization failure at discovery
Status: Not in the original candidate list. Identified as the most common onboarding failure for new integrations: a buyer agent discovers a sales agent viaget_adcp_capabilities, attempts OAuth authentication, and the seller rejects the token because the buyer’s adagents.json does not declare the correct authorized_agents[] relationship — or the brand.json entry does not match the agent identity presented in the signed request.