token/invocation/invocation_test.go

package invocation_test

import (
	_ "embed"
	"testing"
	"time"

	"github.com/MetaMask/go-did-it/didtest"
	"github.com/ipfs/go-cid"
	"github.com/stretchr/testify/require"

	"github.com/ucan-wg/go-ucan/pkg/args"
	"github.com/ucan-wg/go-ucan/pkg/command"
	"github.com/ucan-wg/go-ucan/pkg/policy/policytest"
	"github.com/ucan-wg/go-ucan/token/delegation/delegationtest"
	"github.com/ucan-wg/go-ucan/token/invocation"
)

//go:embed testdata/new.dagjson
var newDagJson []byte

//go:embed testdata/selfsigned.dagjson
var selfsignedDagJson []byte

const missingTknCIDStr = "bafyreigwypmw6eul6vadi6g6lnfbsfo2zck7gfzsbjoroqs3djhnzzc7mm"

var emptyArguments = args.New()

func TestToken_ExecutionAllowed(t *testing.T) {
	for _, tc := range []struct {
		name   string
		issuer didtest.Persona
		cmd    command.Command
		args   *args.Args
		proofs []cid.Cid
		opts   []invocation.Option
		err    error
	}{
		// Passes
		{
			name:   "passes - only root",
			issuer: didtest.PersonaBob,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: delegationtest.ProofAliceBob,
			err:    nil,
		},
		{
			name:   "passes - valid chain",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank,
			err:    nil,
		},
		{
			name:   "passes - proof chain attenuates command",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.AttenuatedCommand,
			args:   emptyArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_ValidAttenuatedCommand,
			err:    nil,
		},
		{
			name:   "passes - invocation attenuates command",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.AttenuatedCommand,
			args:   emptyArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank,
			err:    nil,
		},
		{
			name:   "passes - arguments satisfy empty policy",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.NominalCommand,
			args:   policytest.SpecValidArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank,
			err:    nil,
		},
		{
			name:   "passes - arguments satisfy example policy",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.NominalCommand,
			args:   policytest.SpecValidArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy,
			err:    nil,
		},
		{
			name:   "passes - self-signed invocation doesn't require proof",
			issuer: didtest.PersonaAlice,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: nil,
			err:    nil,
		},
		{
			name:   "passes - self-signed invocation accepts a delegation to itself",
			issuer: didtest.PersonaAlice,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: []cid.Cid{delegationtest.TokenAliceAliceCID},
			err:    nil,
		},

		// Fails
		{
			name:   "fails - no proof",
			issuer: didtest.PersonaCarol,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: delegationtest.ProofEmpty,
			err:    invocation.ErrNoProof,
		},
		{
			name:   "fails - missing referenced delegation",
			issuer: didtest.PersonaCarol,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: []cid.Cid{cid.MustParse(missingTknCIDStr), delegationtest.TokenAliceBobCID},
			err:    invocation.ErrMissingDelegation,
		},
		{
			name:   "fails - referenced delegation expired",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpired,
			err:    invocation.ErrTokenInvalidNow,
		},
		{
			name:   "fails - referenced delegation inactive",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidInactive,
			err:    invocation.ErrTokenInvalidNow,
		},
		{
			name:   "fails - last (or only) delegation not root",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: []cid.Cid{delegationtest.TokenErinFrankCID, delegationtest.TokenDanErinCID, delegationtest.TokenCarolDanCID},
			err:    invocation.ErrLastNotRoot,
		},
		{
			name:   "fails - broken chain",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: []cid.Cid{delegationtest.TokenCarolDanCID, delegationtest.TokenAliceBobCID},
			err:    invocation.ErrBrokenChain,
		},
		{
			name:   "fails - first not issued to invoker",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: []cid.Cid{delegationtest.TokenBobCarolCID, delegationtest.TokenAliceBobCID},
			err:    invocation.ErrBrokenChain,
		},
		{
			name:   "fails - proof chain expands command",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpandedCommand,
			err:    invocation.ErrCommandNotCovered,
		},
		{
			name:   "fails - invocation expands command",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.ExpandedCommand,
			args:   emptyArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank,
			err:    invocation.ErrCommandNotCovered,
		},
		{
			name:   "fails - inconsistent subject",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.ExpandedCommand,
			args:   emptyArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidSubject,
			err:    invocation.ErrWrongSub,
		},
		{
			name:   "fails - arguments don't satisfy example policy",
			issuer: didtest.PersonaFrank,
			cmd:    delegationtest.NominalCommand,
			args:   policytest.SpecInvalidArguments,
			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy,
			err:    invocation.ErrPolicyNotSatisfied,
		},
		{
			name:   "fails - self-signed invocation refuses a delegation to itself for a different DID",
			issuer: didtest.PersonaAlice,
			cmd:    delegationtest.NominalCommand,
			args:   emptyArguments,
			proofs: []cid.Cid{delegationtest.TokenBobBobCID},
			err:    invocation.ErrBrokenChain,
		},
	} {
		t.Run(tc.name, func(t *testing.T) {
			tc.opts = append(tc.opts, invocation.WithArguments(tc.args))

			tkn, err := invocation.New(tc.issuer.DID(), tc.cmd, didtest.PersonaAlice.DID(), tc.proofs, tc.opts...)
			require.NoError(t, err)

			err = tkn.ExecutionAllowed(delegationtest.GetDelegationLoader())

			if tc.err != nil {
				require.ErrorIs(t, err, tc.err)
			} else {
				require.NoError(t, err)
			}
		})
	}
}

const (
	nonce      = "6roDhGi0kiNriQAz7J3d+bOeoI/tj8ENikmQNbtjnD0"
	subjectCmd = "/foo/bar"
)

func TestConstructors(t *testing.T) {
	cmd, err := command.Parse(subjectCmd)
	require.NoError(t, err)

	iat, err := time.Parse(time.RFC3339, "2100-01-01T00:00:00Z")
	require.NoError(t, err)

	exp, err := time.Parse(time.RFC3339, "2200-01-01T00:00:00Z")
	require.NoError(t, err)

	t.Run("New", func(t *testing.T) {
		tkn, err := invocation.New(
			didtest.PersonaAlice.DID(), cmd, didtest.PersonaBob.DID(),
			delegationtest.ProofAliceBob,
			invocation.WithNonce([]byte(nonce)),
			invocation.WithIssuedAt(iat),
			invocation.WithExpiration(exp),
			invocation.WithArgument("foo", "bar"),
			invocation.WithMeta("baz", 123),
		)
		require.NoError(t, err)

		require.False(t, tkn.IsSelfSigned())

		data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey())
		require.NoError(t, err)

		require.JSONEq(t, string(newDagJson), string(data))
	})

	t.Run("Self-Signed", func(t *testing.T) {
		tkn, err := invocation.NewSelfSigned(
			didtest.PersonaAlice.DID(), cmd,
			invocation.WithNonce([]byte(nonce)),
			invocation.WithIssuedAt(iat),
			invocation.WithExpiration(exp),
			invocation.WithArgument("foo", "bar"),
			invocation.WithMeta("baz", 123),
		)
		require.NoError(t, err)

		require.True(t, tkn.IsSelfSigned())

		data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey())
		require.NoError(t, err)

		require.JSONEq(t, string(selfsignedDagJson), string(data))
	})
}
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`package invocation_test`

			`import (`
Integrate go-varsig and go-did-it - go-varsig provides a varsig V1 implementation - go-did-it provides a complete and extensible DID implementation 2025-07-31 14:43:42 +02:00			`_ "embed"`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`"testing"`
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`"time"`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
adjust the toolkit to the new location 2025-08-05 12:11:20 +02:00			`"github.com/MetaMask/go-did-it/didtest"`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`"github.com/ipfs/go-cid"`
			`"github.com/stretchr/testify/require"`
various sanding everywhere towards building the tookit 2024-11-20 12:34:24 +01:00
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`"github.com/ucan-wg/go-ucan/pkg/args"`
			`"github.com/ucan-wg/go-ucan/pkg/command"`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00			`"github.com/ucan-wg/go-ucan/pkg/policy/policytest"`
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`"github.com/ucan-wg/go-ucan/token/delegation/delegationtest"`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`"github.com/ucan-wg/go-ucan/token/invocation"`
			`)`

Integrate go-varsig and go-did-it - go-varsig provides a varsig V1 implementation - go-did-it provides a complete and extensible DID implementation 2025-07-31 14:43:42 +02:00			`//go:embed testdata/new.dagjson`
			`var newDagJson []byte`

invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`//go:embed testdata/selfsigned.dagjson`
			`var selfsignedDagJson []byte`

			`const missingTknCIDStr = "bafyreigwypmw6eul6vadi6g6lnfbsfo2zck7gfzsbjoroqs3djhnzzc7mm"`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`var emptyArguments = args.New()`

feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`func TestToken_ExecutionAllowed(t *testing.T) {`
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`for _, tc := range []struct {`
			`name string`
			`issuer didtest.Persona`
			`cmd command.Command`
			`args *args.Args`
			`proofs []cid.Cid`
			`opts []invocation.Option`
			`err error`
			`}{`
			`// Passes`
			`{`
			`name: "passes - only root",`
			`issuer: didtest.PersonaBob,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: delegationtest.ProofAliceBob,`
			`err: nil,`
			`},`
			`{`
			`name: "passes - valid chain",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank,`
			`err: nil,`
			`},`
			`{`
			`name: "passes - proof chain attenuates command",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.AttenuatedCommand,`
			`args: emptyArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank_ValidAttenuatedCommand,`
			`err: nil,`
			`},`
			`{`
			`name: "passes - invocation attenuates command",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.AttenuatedCommand,`
			`args: emptyArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank,`
			`err: nil,`
			`},`
			`{`
			`name: "passes - arguments satisfy empty policy",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.NominalCommand,`
			`args: policytest.SpecValidArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank,`
			`err: nil,`
			`},`
			`{`
			`name: "passes - arguments satisfy example policy",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.NominalCommand,`
			`args: policytest.SpecValidArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy,`
			`err: nil,`
			`},`
			`{`
			`name: "passes - self-signed invocation doesn't require proof",`
			`issuer: didtest.PersonaAlice,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: nil,`
			`err: nil,`
			`},`
			`{`
			`name: "passes - self-signed invocation accepts a delegation to itself",`
			`issuer: didtest.PersonaAlice,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: []cid.Cid{delegationtest.TokenAliceAliceCID},`
			`err: nil,`
			`},`

			`// Fails`
			`{`
			`name: "fails - no proof",`
			`issuer: didtest.PersonaCarol,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: delegationtest.ProofEmpty,`
			`err: invocation.ErrNoProof,`
			`},`
			`{`
			`name: "fails - missing referenced delegation",`
			`issuer: didtest.PersonaCarol,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: []cid.Cid{cid.MustParse(missingTknCIDStr), delegationtest.TokenAliceBobCID},`
			`err: invocation.ErrMissingDelegation,`
			`},`
			`{`
			`name: "fails - referenced delegation expired",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpired,`
			`err: invocation.ErrTokenInvalidNow,`
			`},`
			`{`
			`name: "fails - referenced delegation inactive",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidInactive,`
			`err: invocation.ErrTokenInvalidNow,`
			`},`
			`{`
			`name: "fails - last (or only) delegation not root",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: []cid.Cid{delegationtest.TokenErinFrankCID, delegationtest.TokenDanErinCID, delegationtest.TokenCarolDanCID},`
			`err: invocation.ErrLastNotRoot,`
			`},`
			`{`
			`name: "fails - broken chain",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: []cid.Cid{delegationtest.TokenCarolDanCID, delegationtest.TokenAliceBobCID},`
			`err: invocation.ErrBrokenChain,`
			`},`
			`{`
			`name: "fails - first not issued to invoker",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: []cid.Cid{delegationtest.TokenBobCarolCID, delegationtest.TokenAliceBobCID},`
			`err: invocation.ErrBrokenChain,`
			`},`
			`{`
			`name: "fails - proof chain expands command",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpandedCommand,`
			`err: invocation.ErrCommandNotCovered,`
			`},`
			`{`
			`name: "fails - invocation expands command",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.ExpandedCommand,`
			`args: emptyArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank,`
			`err: invocation.ErrCommandNotCovered,`
			`},`
			`{`
			`name: "fails - inconsistent subject",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.ExpandedCommand,`
			`args: emptyArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidSubject,`
			`err: invocation.ErrWrongSub,`
			`},`
			`{`
			`name: "fails - arguments don't satisfy example policy",`
			`issuer: didtest.PersonaFrank,`
			`cmd: delegationtest.NominalCommand,`
			`args: policytest.SpecInvalidArguments,`
			`proofs: delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy,`
			`err: invocation.ErrPolicyNotSatisfied,`
			`},`
			`{`
			`name: "fails - self-signed invocation refuses a delegation to itself for a different DID",`
			`issuer: didtest.PersonaAlice,`
			`cmd: delegationtest.NominalCommand,`
			`args: emptyArguments,`
			`proofs: []cid.Cid{delegationtest.TokenBobBobCID},`
			`err: invocation.ErrBrokenChain,`
			`},`
			`} {`
			`t.Run(tc.name, func(t *testing.T) {`
			`tc.opts = append(tc.opts, invocation.WithArguments(tc.args))`

			`tkn, err := invocation.New(tc.issuer.DID(), tc.cmd, didtest.PersonaAlice.DID(), tc.proofs, tc.opts...)`
			`require.NoError(t, err)`

			`err = tkn.ExecutionAllowed(delegationtest.GetDelegationLoader())`

			`if tc.err != nil {`
			`require.ErrorIs(t, err, tc.err)`
			`} else {`
			`require.NoError(t, err)`
			`}`
			`})`
			`}`
			`}`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`const (`
			`nonce = "6roDhGi0kiNriQAz7J3d+bOeoI/tj8ENikmQNbtjnD0"`
			`subjectCmd = "/foo/bar"`
			`)`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`func TestConstructors(t *testing.T) {`
			`cmd, err := command.Parse(subjectCmd)`
			`require.NoError(t, err)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`iat, err := time.Parse(time.RFC3339, "2100-01-01T00:00:00Z")`
			`require.NoError(t, err)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`exp, err := time.Parse(time.RFC3339, "2200-01-01T00:00:00Z")`
			`require.NoError(t, err)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`t.Run("New", func(t *testing.T) {`
			`tkn, err := invocation.New(`
			`didtest.PersonaAlice.DID(), cmd, didtest.PersonaBob.DID(),`
			`delegationtest.ProofAliceBob,`
			`invocation.WithNonce([]byte(nonce)),`
			`invocation.WithIssuedAt(iat),`
			`invocation.WithExpiration(exp),`
			`invocation.WithArgument("foo", "bar"),`
			`invocation.WithMeta("baz", 123),`
			`)`
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`require.NoError(t, err)`

invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`require.False(t, tkn.IsSelfSigned())`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey())`
			`require.NoError(t, err)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`require.JSONEq(t, string(newDagJson), string(data))`
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`})`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`t.Run("Self-Signed", func(t *testing.T) {`
			`tkn, err := invocation.NewSelfSigned(`
			`didtest.PersonaAlice.DID(), cmd,`
			`invocation.WithNonce([]byte(nonce)),`
			`invocation.WithIssuedAt(iat),`
			`invocation.WithExpiration(exp),`
			`invocation.WithArgument("foo", "bar"),`
			`invocation.WithMeta("baz", 123),`
			`)`
			`require.NoError(t, err)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`require.True(t, tkn.IsSelfSigned())`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey())`
			`require.NoError(t, err)`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00
invocation: add support for self-signed invocations (issuer=subject) 2025-12-04 15:01:15 +01:00			`require.JSONEq(t, string(selfsignedDagJson), string(data))`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00			`})`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`}`