token/invocation/invocation_test.go

package invocation_test

import (
	_ "embed"
	"testing"

	"code.sonr.org/go/did-it/didtest"
	"github.com/ipfs/go-cid"
	"github.com/stretchr/testify/require"

	"code.sonr.org/go/ucan/pkg/args"
	"code.sonr.org/go/ucan/pkg/command"
	"code.sonr.org/go/ucan/pkg/policy/policytest"
	"code.sonr.org/go/ucan/token/delegation/delegationtest"
	"code.sonr.org/go/ucan/token/invocation"
)

//go:embed testdata/new.dagjson
var newDagJson []byte

const (
	missingTknCIDStr = "bafyreigwypmw6eul6vadi6g6lnfbsfo2zck7gfzsbjoroqs3djhnzzc7mm"
)

var emptyArguments = args.New()

func TestToken_ExecutionAllowed(t *testing.T) {
	t.Parallel()

	t.Run("passes - only root", func(t *testing.T) {
		t.Parallel()

		testPasses(t, didtest.PersonaBob, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBob)
	})

	t.Run("passes - valid chain", func(t *testing.T) {
		t.Parallel()

		testPasses(t, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank)
	})

	t.Run("passes - proof chain attenuates command", func(t *testing.T) {
		t.Parallel()

		testPasses(t, didtest.PersonaFrank, delegationtest.AttenuatedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_ValidAttenuatedCommand)
	})

	t.Run("passes - invocation attenuates command", func(t *testing.T) {
		t.Parallel()

		testPasses(t, didtest.PersonaFrank, delegationtest.AttenuatedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank)
	})

	t.Run("passes - arguments satisfy empty policy", func(t *testing.T) {
		t.Parallel()

		testPasses(t, didtest.PersonaFrank, delegationtest.NominalCommand, policytest.SpecValidArguments, delegationtest.ProofAliceBobCarolDanErinFrank)
	})

	t.Run("passes - arguments satify example policy", func(t *testing.T) {
		t.Parallel()

		testPasses(t, didtest.PersonaFrank, delegationtest.NominalCommand, policytest.SpecValidArguments, delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy)
	})

	t.Run("fails - no proof", func(t *testing.T) {
		t.Parallel()

		testFails(t, invocation.ErrNoProof, didtest.PersonaCarol, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofEmpty)
	})

	t.Run("fails - missing referenced delegation", func(t *testing.T) {
		t.Parallel()

		missingTknCID, err := cid.Parse(missingTknCIDStr)
		require.NoError(t, err)

		prf := []cid.Cid{missingTknCID, delegationtest.TokenAliceBobCID}
		testFails(t, invocation.ErrMissingDelegation, didtest.PersonaCarol, delegationtest.NominalCommand, emptyArguments, prf)
	})

	t.Run("fails - referenced delegation expired", func(t *testing.T) {
		t.Parallel()

		testFails(t, invocation.ErrTokenInvalidNow, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpired)

	})

	t.Run("fails - referenced delegation inactive", func(t *testing.T) {
		t.Parallel()

		testFails(t, invocation.ErrTokenInvalidNow, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidInactive)
	})

	t.Run("fails - last (or only) delegation not root", func(t *testing.T) {
		t.Parallel()

		prf := []cid.Cid{delegationtest.TokenErinFrankCID, delegationtest.TokenDanErinCID, delegationtest.TokenCarolDanCID}
		testFails(t, invocation.ErrLastNotRoot, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, prf)
	})

	t.Run("fails - broken chain", func(t *testing.T) {
		t.Parallel()

		prf := []cid.Cid{delegationtest.TokenCarolDanCID, delegationtest.TokenAliceBobCID}
		testFails(t, invocation.ErrBrokenChain, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, prf)
	})

	t.Run("fails - first not issued to invoker", func(t *testing.T) {
		t.Parallel()

		prf := []cid.Cid{delegationtest.TokenBobCarolCID, delegationtest.TokenAliceBobCID}
		testFails(t, invocation.ErrBrokenChain, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, prf)
	})

	t.Run("fails - proof chain expands command", func(t *testing.T) {
		t.Parallel()

		testFails(t, invocation.ErrCommandNotCovered, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpandedCommand)
	})

	t.Run("fails - invocation expands command", func(t *testing.T) {
		t.Parallel()

		testFails(t, invocation.ErrCommandNotCovered, didtest.PersonaFrank, delegationtest.ExpandedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank)
	})

	t.Run("fails - inconsistent subject", func(t *testing.T) {
		t.Parallel()

		testFails(t, invocation.ErrWrongSub, didtest.PersonaFrank, delegationtest.ExpandedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidSubject)
	})

	t.Run("passes - arguments satisfy example policy", func(t *testing.T) {
		t.Parallel()

		testFails(t, invocation.ErrPolicyNotSatisfied, didtest.PersonaFrank, delegationtest.NominalCommand, policytest.SpecInvalidArguments, delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy)
	})

}

func test(t *testing.T, persona didtest.Persona, cmd command.Command, args *args.Args, prf []cid.Cid, opts ...invocation.Option) error {
	t.Helper()

	opts = append(opts, invocation.WithArguments(args))

	tkn, err := invocation.New(persona.DID(), cmd, didtest.PersonaAlice.DID(), prf, opts...)
	require.NoError(t, err)

	return tkn.ExecutionAllowed(delegationtest.GetDelegationLoader())
}

func testFails(t *testing.T, expErr error, persona didtest.Persona, cmd command.Command, args *args.Args, prf []cid.Cid, opts ...invocation.Option) {
	err := test(t, persona, cmd, args, prf, opts...)
	require.ErrorIs(t, err, expErr)
}

func testPasses(t *testing.T, persona didtest.Persona, cmd command.Command, args *args.Args, prf []cid.Cid, opts ...invocation.Option) {
	err := test(t, persona, cmd, args, prf, opts...)
	require.NoError(t, err)
}
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`package invocation_test`

			`import (`
Integrate go-varsig and go-did-it - go-varsig provides a varsig V1 implementation - go-did-it provides a complete and extensible DID implementation 2025-07-31 14:43:42 +02:00			`_ "embed"`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`"testing"`

refactor(invocation): migrate from MetaMask/go-did-it to code.sonr.org/go/did-it 2026-01-08 15:45:57 -05:00			`"code.sonr.org/go/did-it/didtest"`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`"github.com/ipfs/go-cid"`
			`"github.com/stretchr/testify/require"`
various sanding everywhere towards building the tookit 2024-11-20 12:34:24 +01:00
refactor(invocation): migrate from MetaMask/go-did-it to code.sonr.org/go/did-it 2026-01-08 15:45:57 -05:00			`"code.sonr.org/go/ucan/pkg/args"`
			`"code.sonr.org/go/ucan/pkg/command"`
			`"code.sonr.org/go/ucan/pkg/policy/policytest"`
			`"code.sonr.org/go/ucan/token/delegation/delegationtest"`
			`"code.sonr.org/go/ucan/token/invocation"`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`)`

Integrate go-varsig and go-did-it - go-varsig provides a varsig V1 implementation - go-did-it provides a complete and extensible DID implementation 2025-07-31 14:43:42 +02:00			`//go:embed testdata/new.dagjson`
			`var newDagJson []byte`

feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`const (`
Integrate go-varsig and go-did-it - go-varsig provides a varsig V1 implementation - go-did-it provides a complete and extensible DID implementation 2025-07-31 14:43:42 +02:00			`missingTknCIDStr = "bafyreigwypmw6eul6vadi6g6lnfbsfo2zck7gfzsbjoroqs3djhnzzc7mm"`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`)`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`var emptyArguments = args.New()`

feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`func TestToken_ExecutionAllowed(t *testing.T) {`
			`t.Parallel()`

			`t.Run("passes - only root", func(t *testing.T) {`
			`t.Parallel()`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`testPasses(t, didtest.PersonaBob, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBob)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`})`

			`t.Run("passes - valid chain", func(t *testing.T) {`
			`t.Parallel()`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`testPasses(t, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank)`
			`})`

			`t.Run("passes - proof chain attenuates command", func(t *testing.T) {`
			`t.Parallel()`

tests: lots of small asjustement 2024-11-20 14:55:48 +01:00			`testPasses(t, didtest.PersonaFrank, delegationtest.AttenuatedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_ValidAttenuatedCommand)`
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`})`

			`t.Run("passes - invocation attenuates command", func(t *testing.T) {`
			`t.Parallel()`

			`testPasses(t, didtest.PersonaFrank, delegationtest.AttenuatedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`})`

test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00			`t.Run("passes - arguments satisfy empty policy", func(t *testing.T) {`
			`t.Parallel()`

feat(args): export fluent builder 2024-11-27 12:05:00 -05:00			`testPasses(t, didtest.PersonaFrank, delegationtest.NominalCommand, policytest.SpecValidArguments, delegationtest.ProofAliceBobCarolDanErinFrank)`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00			`})`

			`t.Run("passes - arguments satify example policy", func(t *testing.T) {`
			`t.Parallel()`

feat(args): export fluent builder 2024-11-27 12:05:00 -05:00			`testPasses(t, didtest.PersonaFrank, delegationtest.NominalCommand, policytest.SpecValidArguments, delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy)`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00			`})`

feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`t.Run("fails - no proof", func(t *testing.T) {`
			`t.Parallel()`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`testFails(t, invocation.ErrNoProof, didtest.PersonaCarol, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofEmpty)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`})`

			`t.Run("fails - missing referenced delegation", func(t *testing.T) {`
			`t.Parallel()`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`missingTknCID, err := cid.Parse(missingTknCIDStr)`
			`require.NoError(t, err)`

			`prf := []cid.Cid{missingTknCID, delegationtest.TokenAliceBobCID}`
			`testFails(t, invocation.ErrMissingDelegation, didtest.PersonaCarol, delegationtest.NominalCommand, emptyArguments, prf)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`})`

			`t.Run("fails - referenced delegation expired", func(t *testing.T) {`
			`t.Parallel()`

tests: lots of small asjustement 2024-11-20 14:55:48 +01:00			`testFails(t, invocation.ErrTokenInvalidNow, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpired)`
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`})`

			`t.Run("fails - referenced delegation inactive", func(t *testing.T) {`
			`t.Parallel()`

tests: lots of small asjustement 2024-11-20 14:55:48 +01:00			`testFails(t, invocation.ErrTokenInvalidNow, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidInactive)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`})`

			`t.Run("fails - last (or only) delegation not root", func(t *testing.T) {`
			`t.Parallel()`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`prf := []cid.Cid{delegationtest.TokenErinFrankCID, delegationtest.TokenDanErinCID, delegationtest.TokenCarolDanCID}`
			`testFails(t, invocation.ErrLastNotRoot, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, prf)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`})`

			`t.Run("fails - broken chain", func(t *testing.T) {`
			`t.Parallel()`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`prf := []cid.Cid{delegationtest.TokenCarolDanCID, delegationtest.TokenAliceBobCID}`
			`testFails(t, invocation.ErrBrokenChain, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, prf)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`})`

			`t.Run("fails - first not issued to invoker", func(t *testing.T) {`
			`t.Parallel()`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`prf := []cid.Cid{delegationtest.TokenBobCarolCID, delegationtest.TokenAliceBobCID}`
			`testFails(t, invocation.ErrBrokenChain, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, prf)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`})`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`t.Run("fails - proof chain expands command", func(t *testing.T) {`
			`t.Parallel()`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
tests: lots of small asjustement 2024-11-20 14:55:48 +01:00			`testFails(t, invocation.ErrCommandNotCovered, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpandedCommand)`
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`})`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`t.Run("fails - invocation expands command", func(t *testing.T) {`
			`t.Parallel()`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`testFails(t, invocation.ErrCommandNotCovered, didtest.PersonaFrank, delegationtest.ExpandedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank)`
			`})`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`t.Run("fails - inconsistent subject", func(t *testing.T) {`
			`t.Parallel()`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
tests: lots of small asjustement 2024-11-20 14:55:48 +01:00			`testFails(t, invocation.ErrWrongSub, didtest.PersonaFrank, delegationtest.ExpandedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidSubject)`
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`})`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00
(WIP) refine the token constructors: - for invocation, reorder the parameters for a more "natural language" mental model - for delegation, make "subject" a required parameter to avoid make powerline by mistake - for delegation, implement powerline 2024-12-09 20:39:47 +01:00			`t.Run("passes - arguments satisfy example policy", func(t *testing.T) {`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00			`t.Parallel()`

feat(args): export fluent builder 2024-11-27 12:05:00 -05:00			`testFails(t, invocation.ErrPolicyNotSatisfied, didtest.PersonaFrank, delegationtest.NominalCommand, policytest.SpecInvalidArguments, delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy)`
test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00			`})`

feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`}`

various sanding everywhere towards building the tookit 2024-11-20 12:34:24 +01:00			`func test(t testing.T, persona didtest.Persona, cmd command.Command, args args.Args, prf []cid.Cid, opts ...invocation.Option) error {`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`t.Helper()`

test(invocation): verify arguments versus aggregated policies 2024-11-27 10:20:40 -05:00			`opts = append(opts, invocation.WithArguments(args))`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00
(WIP) refine the token constructors: - for invocation, reorder the parameters for a more "natural language" mental model - for delegation, make "subject" a required parameter to avoid make powerline by mistake - for delegation, implement powerline 2024-12-09 20:39:47 +01:00			`tkn, err := invocation.New(persona.DID(), cmd, didtest.PersonaAlice.DID(), prf, opts...)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`require.NoError(t, err)`

tests: lots of small asjustement 2024-11-20 14:55:48 +01:00			`return tkn.ExecutionAllowed(delegationtest.GetDelegationLoader())`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`}`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`func testFails(t testing.T, expErr error, persona didtest.Persona, cmd command.Command, args args.Args, prf []cid.Cid, opts ...invocation.Option) {`
various sanding everywhere towards building the tookit 2024-11-20 12:34:24 +01:00			`err := test(t, persona, cmd, args, prf, opts...)`
test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`require.ErrorIs(t, err, expErr)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`}`

test(invocation): add command.Covers and subject consistency tests Also improve the maintainability of the tests by a) providing a set of fixed Personas and then generating a slew of valid delegation tokens, invalid delegation tokens and proof-chains thereof. 2024-11-19 14:35:46 -05:00			`func testPasses(t testing.T, persona didtest.Persona, cmd command.Command, args args.Args, prf []cid.Cid, opts ...invocation.Option) {`
various sanding everywhere towards building the tookit 2024-11-20 12:34:24 +01:00			`err := test(t, persona, cmd, args, prf, opts...)`
feat(invocation): validate delegation proof chain 2024-11-12 15:16:43 -05:00			`require.NoError(t, err)`
			`}`