build(config): bump go-varint dependency to v0.1.0

.github/Repo.toml

@@ -0,0 +1,20 @@
+[scopes]
+ci = [".github/workflows"]
+config = [".github", "go.mod", "go.sum"]
+docs = ["Readme.md", "LICENSE.md"]
+assets = ["assets"]
+pkg = ["pkg"]
+args = ["pkg/args"]
+command = ["pkg/command"]
+container = ["pkg/container"]
+meta = ["pkg/meta"]
+policy = ["pkg/policy"]
+secretbox = ["pkg/secretbox"]
+token = ["token"]
+delegation = ["token/delegation"]
+invocation = ["token/invocation"]
+toolkit = ["toolkit"]
+examples = ["toolkit/_example"]
+client = ["toolkit/client"]
+issuer = ["toolkit/issuer"]
+server = ["toolkit/server"]

Readme.md

@@ -1,5 +1,5 @@
 <div align="center">
-  <a href="https://github.com/ucan-wg/go-ucan" target="_blank">
+  <a href="https://code.sonr.org/go/ucan" target="_blank">
     <img src="https://raw.githubusercontent.com/ucan-wg/go-ucan/v1/assets/logo.png" alt="go-ucan Logo" height="250"></img>
   </a>
 
@@ -7,19 +7,19 @@
 
   <p>
     <img src="https://img.shields.io/badge/UCAN-v1.0.0--rc.1-blue" alt="UCAN v1.0.0-rc.1">
-    <a href="https://github.com/ucan-wg/go-ucan/tags">
+    <a href="https://code.sonr.org/go/ucan/tags">
         <img alt="GitHub Tag" src="https://img.shields.io/github/v/tag/ucan-wg/go-ucan">
     </a>
-    <a href="https://github.com/ucan-wg/go-ucan/actions?query=">
-      <img src="https://github.com/ucan-wg/go-ucan/actions/workflows/gotest.yml/badge.svg" alt="Build Status">
+    <a href="https://code.sonr.org/go/ucan/actions?query=">
+      <img src="https://code.sonr.org/go/ucan/actions/workflows/gotest.yml/badge.svg" alt="Build Status">
     </a>
     <a href="https://ucan-wg.github.io/go-ucan/dev/bench/">
         <img alt="Go benchmarks" src="https://img.shields.io/badge/Benchmarks-go-blue">
     </a>
-    <a href="https://github.com/ucan-wg/go-ucan/blob/v1/LICENSE.md">
+    <a href="https://code.sonr.org/go/ucan/blob/v1/LICENSE.md">
         <img alt="Apache 2.0 OR MIT License" src="https://img.shields.io/badge/License-Apache--2.0_OR_MIT-green">
     </a>
-    <a href="https://pkg.go.dev/github.com/ucan-wg/go-ucan">
+    <a href="https://pkg.go.dev/code.sonr.org/go/ucan">
       <img src="https://img.shields.io/badge/Docs-godoc-blue" alt="Docs">
     </a>
     <a href="https://discord.gg/JSyFG6XgVM">
@@ -54,7 +54,7 @@ Not implemented yet:
 
 ## Status
 
-`go-ucan` currently support the required parts of the UCAN specification: the main specification, delegation and invocation. It leverages the sibling project [`go-did-it`](https://github.com/MetaMask/go-did-it) for easy and extensible DID support.
+`go-ucan` currently support the required parts of the UCAN specification: the main specification, delegation and invocation. It leverages the sibling project [`go-did-it`](https://code.sonr.org/go/did-it) for easy and extensible DID support.
 
 Besides that, `go-ucan` also includes:
 - support for encrypted values in token's metadata
@@ -73,4 +73,4 @@ Artwork by [Bruno Monts](https://www.instagram.com/bruno_monts). Thank you [Rene
 
 ## License
 
-This project is licensed under the dual license [Apache 2.0 OR MIT](https://github.com/ucan-wg/go-ucan/blob/v1/LICENSE.md).
+This project is licensed under the dual license [Apache 2.0 OR MIT](https://code.sonr.org/go/ucan/blob/v1/LICENSE.md).

go.mod

@@ -1,21 +1,21 @@
-module github.com/ucan-wg/go-ucan
+module code.sonr.org/go/ucan
 
 go 1.24.4
 
 toolchain go1.24.5
 
 require (
-	github.com/MetaMask/go-did-it v1.0.0-pre1
+	code.sonr.org/go/did-it v1.0.0
 	github.com/avast/retry-go/v4 v4.6.1
 	github.com/ipfs/go-cid v0.5.0
 	github.com/ipld/go-ipld-prime v0.21.0
 	github.com/multiformats/go-multibase v0.2.0
 	github.com/multiformats/go-multicodec v0.9.0
 	github.com/multiformats/go-multihash v0.2.3
-	github.com/multiformats/go-varint v0.0.7
+	github.com/multiformats/go-varint v0.1.0
 	github.com/stretchr/testify v1.10.0
 	github.com/ucan-wg/go-varsig v1.0.0
-	golang.org/x/crypto v0.40.0
+	golang.org/x/crypto v0.45.0
 )
 
 require (
@@ -29,7 +29,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/polydawn/refmt v0.89.0 // indirect
 	github.com/spaolacci/murmur3 v1.1.0 // indirect
-	golang.org/x/sys v0.34.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	lukechampine.com/blake3 v1.3.0 // indirect

go.sum

@@ -1,6 +1,6 @@
+code.sonr.org/go/did-it v1.0.0 h1:Wh8igUkD6cuf0Ul3gawi27z2/M1YfdnQ/mD9gBq/2EU=
+code.sonr.org/go/did-it v1.0.0/go.mod h1:PFK6ItvNyB2xbnVqipBbkN9BK1Sq+E2lf1YfOyCA0Og=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/MetaMask/go-did-it v1.0.0-pre1 h1:NTGAC7z52TwFegEF7c+csUr/6Al1nAo6ValAAxOsjto=
-github.com/MetaMask/go-did-it v1.0.0-pre1/go.mod h1:7m9syDnXFTg5GmUEcydpO4Rs3eYT4McFH7vCw5fp3A4=
 github.com/avast/retry-go/v4 v4.6.1 h1:VkOLRubHdisGrHnTu89g08aQEWEgRU7LVEop3GbIcMk=
 github.com/avast/retry-go/v4 v4.6.1/go.mod h1:V6oF8njAwxJ5gRo1Q7Cxab24xs5NCWZBeaHHBklR8mA=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
@@ -43,8 +43,8 @@ github.com/multiformats/go-multicodec v0.9.0 h1:pb/dlPnzee/Sxv/j4PmkDRxCOi3hXTz3
 github.com/multiformats/go-multicodec v0.9.0/go.mod h1:L3QTQvMIaVBkXOXXtVmYE+LI16i14xuaojr/H7Ai54k=
 github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U=
 github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM=
-github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/nEGOHFS8=
-github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU=
+github.com/multiformats/go-varint v0.1.0 h1:i2wqFp4sdl3IcIxfAonHQV9qU5OsZ4Ts9IOoETFs5dI=
+github.com/multiformats/go-varint v0.1.0/go.mod h1:5KVAVXegtfmNQQm/lCY+ATvDzvJJhSkUlGQV9wgObdI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/polydawn/refmt v0.89.0 h1:ADJTApkvkeBZsN0tBTx8QjpD9JkmxbKp0cxfr9qszm4=
@@ -67,12 +67,12 @@ github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60Nt
 github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0 h1:GDDkbFiaK8jsSDJfjId/PEGEShv6ugrt4kYsC5UIDaQ=
 github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0/go.mod h1:x6AKhvSSexNrVSrViXSHUEbICjmGXhtgABaHIySUSGw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
-golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
+golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
-golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

pkg/args/args.go

@@ -16,8 +16,8 @@ import (
 	"github.com/ipld/go-ipld-prime/node/basicnode"
 	"github.com/ipld/go-ipld-prime/printer"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/pkg/policy/limits"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
 )
 
 var ErrNotFound = errors.New("key not found in meta")

pkg/args/args_test.go

@@ -14,9 +14,9 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
-	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/policy/limits"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
 )
 
 func TestArgs(t *testing.T) {

pkg/args/builder_test.go

@@ -7,7 +7,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/args"
 )
 
 func TestBuilder_XXX(t *testing.T) {

pkg/command/command_test.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/command"
 )
 
 func TestTop(t *testing.T) {

pkg/container/reader.go

@@ -12,9 +12,9 @@ import (
 	"github.com/ipld/go-ipld-prime/codec/cbor"
 	"github.com/ipld/go-ipld-prime/datamodel"
 
-	"github.com/ucan-wg/go-ucan/token"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/token"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
 var ErrNotFound = fmt.Errorf("not found")

pkg/container/serial_test.go

@@ -9,16 +9,16 @@ import (
 	"testing"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
-	"github.com/MetaMask/go-did-it/controller/did-key"
-	"github.com/MetaMask/go-did-it/crypto/ed25519"
+	"code.sonr.org/go/did-it"
+	"code.sonr.org/go/did-it/controller/did-key"
+	"code.sonr.org/go/did-it/crypto/ed25519"
 	"github.com/ipfs/go-cid"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/token/delegation"
 )
 
 func TestContainerRoundTrip(t *testing.T) {

pkg/meta/meta.go

@@ -10,8 +10,8 @@ import (
 	"github.com/ipld/go-ipld-prime"
 	"github.com/ipld/go-ipld-prime/printer"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
-	"github.com/ucan-wg/go-ucan/pkg/secretbox"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/pkg/secretbox"
 )
 
 var ErrNotFound = errors.New("key not found in meta")

pkg/meta/meta_test.go

@@ -9,7 +9,7 @@ import (
 	"github.com/ipld/go-ipld-prime/node/basicnode"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/meta"
+	"code.sonr.org/go/ucan/pkg/meta"
 )
 
 func TestMeta_Add(t *testing.T) {

pkg/policy/ipld.go

@@ -9,8 +9,8 @@ import (
 	"github.com/ipld/go-ipld-prime/must"
 	"github.com/ipld/go-ipld-prime/node/basicnode"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
-	"github.com/ucan-wg/go-ucan/pkg/policy/selector"
+	"code.sonr.org/go/ucan/pkg/policy/limits"
+	"code.sonr.org/go/ucan/pkg/policy/selector"
 )
 
 func FromIPLD(node datamodel.Node) (Policy, error) {

pkg/policy/literal/literal.go

@@ -13,7 +13,7 @@ import (
 	cidlink "github.com/ipld/go-ipld-prime/linking/cid"
 	"github.com/ipld/go-ipld-prime/node/basicnode"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
+	"code.sonr.org/go/ucan/pkg/policy/limits"
 )
 
 var Bool = basicnode.NewBool

pkg/policy/literal/literal_test.go

@@ -9,7 +9,7 @@ import (
 	"github.com/ipld/go-ipld-prime/printer"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
+	"code.sonr.org/go/ucan/pkg/policy/limits"
 )
 
 func TestList(t *testing.T) {

pkg/policy/match_test.go

@@ -11,7 +11,7 @@ import (
 	"github.com/ipld/go-ipld-prime/node/basicnode"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
 )
 
 func TestMatch(t *testing.T) {

pkg/policy/policy.go

@@ -9,7 +9,7 @@ import (
 	"github.com/ipld/go-ipld-prime"
 	"github.com/ipld/go-ipld-prime/codec/dagjson"
 
-	selpkg "github.com/ucan-wg/go-ucan/pkg/policy/selector"
+	selpkg "code.sonr.org/go/ucan/pkg/policy/selector"
 )
 
 const (

pkg/policy/policy_test.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
 )
 
 func ExamplePolicy() {

pkg/policy/policytest/spec.go

@@ -3,9 +3,9 @@ package policytest
 import (
 	"github.com/ipld/go-ipld-prime"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
 )
 
 // EmptyPolicy provides a Policy with no statements.

pkg/policy/selector/parsing.go

@@ -7,7 +7,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
+	"code.sonr.org/go/ucan/pkg/policy/limits"
 )
 
 var (

pkg/policy/selector/parsing_test.go

@@ -7,7 +7,7 @@ import (
 
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
+	"code.sonr.org/go/ucan/pkg/policy/limits"
 )
 
 func TestParse(t *testing.T) {

pkg/policy/selector/supported_test.go

@@ -9,7 +9,7 @@ import (
 	basicnode "github.com/ipld/go-ipld-prime/node/basic"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/selector"
+	"code.sonr.org/go/ucan/pkg/policy/selector"
 )
 
 // TestSupported Forms runs tests against the Selector according to the

token/delegation/delegation.go

@@ -16,13 +16,13 @@ import (
 	"strings"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/meta"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/token/internal/nonce"
-	"github.com/ucan-wg/go-ucan/token/internal/parse"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/meta"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/token/internal/nonce"
+	"code.sonr.org/go/ucan/token/internal/parse"
 )
 
 // Token is an immutable type that holds the fields of a UCAN delegation.
@@ -238,7 +238,7 @@ func tokenFromModel(m tokenPayloadModel) (*Token, error) {
 
 	tkn.issuer, err = did.Parse(m.Iss)
 	if err != nil {
-		return nil, fmt.Errorf("parse issuer: %w", err)
+		return nil, fmt.Errorf("parse iss: %w", err)
 	}
 
 	if tkn.audience, err = did.Parse(m.Aud); err != nil {

token/delegation/delegation_test.go

@@ -6,12 +6,12 @@ import (
 	"testing"
 	"time"
 
-	"github.com/MetaMask/go-did-it/didtest"
+	"code.sonr.org/go/did-it/didtest"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/token/delegation"
 )
 
 //go:embed testdata/new.dagjson

token/delegation/delegationtest/generator/generator.go

@@ -9,17 +9,17 @@ import (
 	"slices"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
-	didkeyctl "github.com/MetaMask/go-did-it/controller/did-key"
-	"github.com/MetaMask/go-did-it/crypto"
-	"github.com/MetaMask/go-did-it/didtest"
+	"code.sonr.org/go/did-it"
+	didkeyctl "code.sonr.org/go/did-it/controller/did-key"
+	"code.sonr.org/go/did-it/crypto"
+	"code.sonr.org/go/did-it/didtest"
 	"github.com/ipfs/go-cid"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/pkg/policy/policytest"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/delegation/delegationtest"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/policy/policytest"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/delegation/delegationtest"
 )
 
 const (
@@ -71,25 +71,6 @@ type generator struct {
 	chains []proof
 }
 
-func (g *generator) createSelfDelegations(personas []didtest.Persona) error {
-	for _, persona := range personas {
-		_, err := g.createDelegation(newDelegationParams{
-			privKey: persona.PrivKey(),
-			aud:     persona.DID(),
-			cmd:     delegationtest.NominalCommand,
-			pol:     policytest.EmptyPolicy,
-			sub:     persona.DID(),
-			opts: []delegation.Option{
-				delegation.WithNonce(constantNonce),
-			},
-		}, persona.Name()+persona.Name(), noopVariant())
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 func (g *generator) chainPersonas(personas []didtest.Persona, acc acc, vari variant) error {
 	acc.name += personas[0].Name()
 
@@ -234,7 +215,7 @@ func (g *generator) writeGoFile() error {
 	Println("import (")
 	Println("\t\"github.com/ipfs/go-cid\"")
 	Println()
-	Println("\t\"github.com/ucan-wg/go-ucan/token/delegation\"")
+	Println("\t\"code.sonr.org/go/ucan/token/delegation\"")
 	Println(")")
 
 	refs := make(map[cid.Cid]string, len(g.dlgs))

token/delegation/delegationtest/generator/main.go

@@ -1,16 +1,12 @@
 package main
 
 import (
-	"github.com/MetaMask/go-did-it/didtest"
+	"code.sonr.org/go/did-it/didtest"
 )
 
 func main() {
 	gen := &generator{}
-	err := gen.createSelfDelegations(didtest.Personas())
-	if err != nil {
-		panic(err)
-	}
-	err = gen.chainPersonas(didtest.Personas(), acc{}, noopVariant())
+	err := gen.chainPersonas(didtest.Personas(), acc{}, noopVariant())
 	if err != nil {
 		panic(err)
 	}

token/delegation/delegationtest/token.go

@@ -5,11 +5,11 @@ import (
 	"path/filepath"
 	"sync"
 
-	_ "github.com/MetaMask/go-did-it/verifiers/did-key"
+	_ "code.sonr.org/go/did-it/verifiers/did-key"
 	"github.com/ipfs/go-cid"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/token/delegation"
 )
 
 var (

token/delegation/delegationtest/token_gen.go

@@ -5,49 +5,7 @@ package delegationtest
 import (
 	"github.com/ipfs/go-cid"
 
-	"github.com/ucan-wg/go-ucan/token/delegation"
-)
-
-var (
-	TokenAliceAliceCID    = cid.MustParse("bafyreiddqsv5rrpcormtcs3dg7hzwjr2grxyyozc2f2surxdbnctdqpfzi")
-	TokenAliceAliceSealed = mustGetBundle(TokenAliceAliceCID).Sealed
-	TokenAliceAliceBundle = mustGetBundle(TokenAliceAliceCID)
-	TokenAliceAlice       = mustGetBundle(TokenAliceAliceCID).Decoded
-)
-
-var (
-	TokenBobBobCID    = cid.MustParse("bafyreid4dwdov4yijvnb7xxhcndsxifzw5yry4sm4frex6relttlnledo4")
-	TokenBobBobSealed = mustGetBundle(TokenBobBobCID).Sealed
-	TokenBobBobBundle = mustGetBundle(TokenBobBobCID)
-	TokenBobBob       = mustGetBundle(TokenBobBobCID).Decoded
-)
-
-var (
-	TokenCarolCarolCID    = cid.MustParse("bafyreiekuehdsubdfllqecsat4gsfveyqq6442ejuiqfsgu3tplrus5l3e")
-	TokenCarolCarolSealed = mustGetBundle(TokenCarolCarolCID).Sealed
-	TokenCarolCarolBundle = mustGetBundle(TokenCarolCarolCID)
-	TokenCarolCarol       = mustGetBundle(TokenCarolCarolCID).Decoded
-)
-
-var (
-	TokenDanDanCID    = cid.MustParse("bafyreigzd442yhyizbx54kd76ewxssh5owuxv26ziittnblnj4h3a555dm")
-	TokenDanDanSealed = mustGetBundle(TokenDanDanCID).Sealed
-	TokenDanDanBundle = mustGetBundle(TokenDanDanCID)
-	TokenDanDan       = mustGetBundle(TokenDanDanCID).Decoded
-)
-
-var (
-	TokenErinErinCID    = cid.MustParse("bafyreigl5lbogpzq7iyz6qkzhicv4zscu26j62k4ydgcqogdiqmks5tz7q")
-	TokenErinErinSealed = mustGetBundle(TokenErinErinCID).Sealed
-	TokenErinErinBundle = mustGetBundle(TokenErinErinCID)
-	TokenErinErin       = mustGetBundle(TokenErinErinCID).Decoded
-)
-
-var (
-	TokenFrankFrankCID    = cid.MustParse("bafyreic6hgmqf2vwszboldlqeobpy2plpkcmj4dhhug76akcnafb2pt6em")
-	TokenFrankFrankSealed = mustGetBundle(TokenFrankFrankCID).Sealed
-	TokenFrankFrankBundle = mustGetBundle(TokenFrankFrankCID)
-	TokenFrankFrank       = mustGetBundle(TokenFrankFrankCID).Decoded
+	"code.sonr.org/go/ucan/token/delegation"
 )
 
 var (
@@ -212,12 +170,6 @@ var (
 )
 
 var AllTokens = []*delegation.Token{
-	TokenAliceAlice,
-	TokenBobBob,
-	TokenCarolCarol,
-	TokenDanDan,
-	TokenErinErin,
-	TokenFrankFrank,
 	TokenAliceBob,
 	TokenBobCarol,
 	TokenCarolDan,
@@ -244,12 +196,6 @@ var AllTokens = []*delegation.Token{
 }
 
 var AllBundles = []delegation.Bundle{
-	TokenAliceAliceBundle,
-	TokenBobBobBundle,
-	TokenCarolCarolBundle,
-	TokenDanDanBundle,
-	TokenErinErinBundle,
-	TokenFrankFrankBundle,
 	TokenAliceBobBundle,
 	TokenBobCarolBundle,
 	TokenCarolDanBundle,
@@ -276,12 +222,6 @@ var AllBundles = []delegation.Bundle{
 }
 
 var cidToName = map[cid.Cid]string{
-	TokenAliceAliceCID:                       "TokenAliceAlice",
-	TokenBobBobCID:                           "TokenBobBob",
-	TokenCarolCarolCID:                       "TokenCarolCarol",
-	TokenDanDanCID:                           "TokenDanDan",
-	TokenErinErinCID:                         "TokenErinErin",
-	TokenFrankFrankCID:                       "TokenFrankFrank",
 	TokenAliceBobCID:                         "TokenAliceBob",
 	TokenBobCarolCID:                         "TokenBobCarol",
 	TokenCarolDanCID:                         "TokenCarolDan",

token/delegation/delegationtest/token_test.go

@@ -7,8 +7,8 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/delegation/delegationtest"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/delegation/delegationtest"
 )
 
 func TestGetDelegation(t *testing.T) {

token/delegation/examples_test.go

@@ -8,17 +8,17 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/MetaMask/go-did-it/didtest"
+	"code.sonr.org/go/did-it/didtest"
 	"github.com/ipfs/go-cid"
 	"github.com/ipld/go-ipld-prime"
 	"github.com/ipld/go-ipld-prime/codec/dagcbor"
 	"github.com/ipld/go-ipld-prime/codec/dagjson"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/internal/envelope"
 )
 
 // The following example shows how to create a delegation.Token with

token/delegation/interop_test.go

@@ -7,8 +7,8 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/MetaMask/go-did-it/crypto"
-	"github.com/MetaMask/go-did-it/crypto/ed25519"
+	"code.sonr.org/go/did-it/crypto"
+	"code.sonr.org/go/did-it/crypto/ed25519"
 	"github.com/multiformats/go-varint"
 	"github.com/stretchr/testify/require"
 )

token/delegation/ipld.go

@@ -3,8 +3,8 @@ package delegation
 import (
 	"io"
 
-	"github.com/MetaMask/go-did-it"
-	"github.com/MetaMask/go-did-it/crypto"
+	"code.sonr.org/go/did-it"
+	"code.sonr.org/go/did-it/crypto"
 	"github.com/ipfs/go-cid"
 	"github.com/ipld/go-ipld-prime"
 	"github.com/ipld/go-ipld-prime/codec"
@@ -12,7 +12,7 @@ import (
 	"github.com/ipld/go-ipld-prime/codec/dagjson"
 	"github.com/ipld/go-ipld-prime/datamodel"
 
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/token/internal/envelope"
 )
 
 // ToSealed wraps the delegation token in an envelope, generates the

token/delegation/schema.go

@@ -10,8 +10,8 @@ import (
 	"github.com/ipld/go-ipld-prime/node/bindnode"
 	"github.com/ipld/go-ipld-prime/schema"
 
-	"github.com/ucan-wg/go-ucan/pkg/meta"
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/pkg/meta"
+	"code.sonr.org/go/ucan/token/internal/envelope"
 )
 
 // Tag is the string used as a key within the SigPayload that identifies

token/delegation/schema_test.go

@@ -5,13 +5,13 @@ import (
 	_ "embed"
 	"testing"
 
-	"github.com/MetaMask/go-did-it/didtest"
+	"code.sonr.org/go/did-it/didtest"
 	"github.com/ipld/go-ipld-prime"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/internal/envelope"
 )
 
 //go:embed delegation.ipldsch

token/inspect.go

@@ -3,7 +3,7 @@ package token
 import (
 	"github.com/ipld/go-ipld-prime/datamodel"
 
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/token/internal/envelope"
 )
 
 type Info = envelope.Info

token/interface.go

@@ -4,7 +4,7 @@ import (
 	"io"
 	"time"
 
-	"github.com/MetaMask/go-did-it/crypto"
+	"code.sonr.org/go/did-it/crypto"
 	"github.com/ipfs/go-cid"
 	"github.com/ipld/go-ipld-prime/codec"
 )

token/internal/envelope/cid_test.go

@@ -10,7 +10,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/token/internal/envelope"
 )
 
 func TestCidFromBytes(t *testing.T) {

token/internal/envelope/example_test.go

@@ -7,8 +7,8 @@ import (
 	"sync"
 	"testing"
 
-	"github.com/MetaMask/go-did-it/crypto"
-	"github.com/MetaMask/go-did-it/crypto/ed25519"
+	"code.sonr.org/go/did-it/crypto"
+	"code.sonr.org/go/did-it/crypto/ed25519"
 	"github.com/ipld/go-ipld-prime"
 	"github.com/ipld/go-ipld-prime/codec/dagcbor"
 	"github.com/ipld/go-ipld-prime/datamodel"
@@ -18,7 +18,7 @@ import (
 	"github.com/ipld/go-ipld-prime/schema"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/token/internal/envelope"
 )
 
 const (

token/internal/envelope/ipld.go

@@ -42,8 +42,8 @@ import (
 	"github.com/ipld/go-ipld-prime/schema"
 	"github.com/ucan-wg/go-varsig"
 
-	"github.com/MetaMask/go-did-it"
-	"github.com/MetaMask/go-did-it/crypto"
+	"code.sonr.org/go/did-it"
+	"code.sonr.org/go/did-it/crypto"
 )
 
 const (

token/internal/envelope/ipld_test.go

@@ -8,13 +8,13 @@ import (
 	"os"
 	"testing"
 
-	_ "github.com/MetaMask/go-did-it/verifiers/did-key"
+	_ "code.sonr.org/go/did-it/verifiers/did-key"
 	"github.com/ipld/go-ipld-prime"
 	"github.com/ipld/go-ipld-prime/codec/dagcbor"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/token/internal/envelope"
 )
 
 func TestDecode(t *testing.T) {

token/internal/parse/parse.go

@@ -4,9 +4,9 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
+	"code.sonr.org/go/ucan/pkg/policy/limits"
 )
 
 func OptionalDID(s *string) (did.DID, error) {

token/internal/parse/parse_test.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
+	"code.sonr.org/go/ucan/pkg/policy/limits"
 )
 
 func TestOptionalTimestamp(t *testing.T) {

token/invocation/examples_test.go

@@ -7,17 +7,17 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
-	didkeyctl "github.com/MetaMask/go-did-it/controller/did-key"
-	"github.com/MetaMask/go-did-it/crypto/ed25519"
+	"code.sonr.org/go/did-it"
+	didkeyctl "code.sonr.org/go/did-it/controller/did-key"
+	"code.sonr.org/go/did-it/crypto/ed25519"
 	"github.com/ipfs/go-cid"
 	"github.com/ipld/go-ipld-prime"
 	"github.com/ipld/go-ipld-prime/codec/dagcbor"
 	"github.com/ipld/go-ipld-prime/codec/dagjson"
 	"github.com/ipld/go-ipld-prime/node/basicnode"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
 func ExampleNew() {

token/invocation/invocation.go

@@ -14,15 +14,15 @@ import (
 	"strings"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 	"github.com/ipfs/go-cid"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/meta"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/internal/nonce"
-	"github.com/ucan-wg/go-ucan/token/internal/parse"
+	"code.sonr.org/go/ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/meta"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/internal/nonce"
+	"code.sonr.org/go/ucan/token/internal/parse"
 )
 
 // Token is an immutable type that holds the fields of a UCAN invocation.
@@ -109,23 +109,10 @@ func New(iss did.DID, cmd command.Command, sub did.DID, prf []cid.Cid, opts ...O
 	return &tkn, nil
 }
 
-// NewSelfSigned is similar to New, but self-signs the invocation, and therefore does not require a proof.
-// It's similar to having an invocation with a delegation from the invoker to itself.
-// This can be useful in some protocols where the invoker is the same as the subject, or to prove ownership of a resource.
-//
-// You can read it as "(Issuer - I) executes (command) on itself".
-func NewSelfSigned(iss did.DID, cmd command.Command, opts ...Option) (*Token, error) {
-	return New(iss, cmd, iss, nil, opts...)
-}
-
-// ExecutionAllowed verifies that the invocation respects the rules and can be executed.
-// IMPORTANT: this function does NOT verify that the subject (and audience if set) makes sense in your context.
 func (t *Token) ExecutionAllowed(loader delegation.Loader) error {
 	return t.executionAllowed(loader, t.arguments)
 }
 
-// ExecutionAllowedWithArgsHook is the same as ExecutionAllowed, but allows to modify the arguments before verifying them.
-// IMPORTANT: this function does NOT verify that the subject (and audience if set) makes sense in your context.
 func (t *Token) ExecutionAllowedWithArgsHook(loader delegation.Loader, hook func(args args.ReadOnly) (*args.Args, error)) error {
 	newArgs, err := hook(t.arguments.ReadOnly())
 	if err != nil {
@@ -217,11 +204,6 @@ func (t *Token) Cause() *cid.Cid {
 	return t.cause
 }
 
-// IsSelfSigned returns true if the token is self-signed, ie it has the same issuer and subject.
-func (t *Token) IsSelfSigned() bool {
-	return t.issuer.Equal(t.subject)
-}
-
 // IsValidNow verifies that the token can be used at the current time, based on expiration or "not before" fields.
 // This does NOT do any other kind of verifications.
 func (t *Token) IsValidNow() bool {
@@ -294,7 +276,7 @@ func tokenFromModel(m tokenPayloadModel) (*Token, error) {
 	)
 
 	if tkn.issuer, err = did.Parse(m.Iss); err != nil {
-		return nil, fmt.Errorf("parse issuer: %w", err)
+		return nil, fmt.Errorf("parse iss: %w", err)
 	}
 
 	if tkn.subject, err = did.Parse(m.Sub); err != nil {

token/invocation/invocation_test.go

@@ -3,273 +3,159 @@ package invocation_test
 import (
 	_ "embed"
 	"testing"
-	"time"
 
-	"github.com/MetaMask/go-did-it/didtest"
+	"code.sonr.org/go/did-it/didtest"
 	"github.com/ipfs/go-cid"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/policy/policytest"
-	"github.com/ucan-wg/go-ucan/token/delegation/delegationtest"
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/policy/policytest"
+	"code.sonr.org/go/ucan/token/delegation/delegationtest"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
 //go:embed testdata/new.dagjson
 var newDagJson []byte
 
-//go:embed testdata/selfsigned.dagjson
-var selfsignedDagJson []byte
-
-const missingTknCIDStr = "bafyreigwypmw6eul6vadi6g6lnfbsfo2zck7gfzsbjoroqs3djhnzzc7mm"
+const (
+	missingTknCIDStr = "bafyreigwypmw6eul6vadi6g6lnfbsfo2zck7gfzsbjoroqs3djhnzzc7mm"
+)
 
 var emptyArguments = args.New()
 
 func TestToken_ExecutionAllowed(t *testing.T) {
-	for _, tc := range []struct {
-		name   string
-		issuer didtest.Persona
-		cmd    command.Command
-		args   *args.Args
-		proofs []cid.Cid
-		opts   []invocation.Option
-		err    error
-	}{
-		// Passes
-		{
-			name:   "passes - only root",
-			issuer: didtest.PersonaBob,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: delegationtest.ProofAliceBob,
-			err:    nil,
-		},
-		{
-			name:   "passes - valid chain",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank,
-			err:    nil,
-		},
-		{
-			name:   "passes - proof chain attenuates command",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.AttenuatedCommand,
-			args:   emptyArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_ValidAttenuatedCommand,
-			err:    nil,
-		},
-		{
-			name:   "passes - invocation attenuates command",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.AttenuatedCommand,
-			args:   emptyArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank,
-			err:    nil,
-		},
-		{
-			name:   "passes - arguments satisfy empty policy",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.NominalCommand,
-			args:   policytest.SpecValidArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank,
-			err:    nil,
-		},
-		{
-			name:   "passes - arguments satisfy example policy",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.NominalCommand,
-			args:   policytest.SpecValidArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy,
-			err:    nil,
-		},
-		{
-			name:   "passes - self-signed invocation doesn't require proof",
-			issuer: didtest.PersonaAlice,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: nil,
-			err:    nil,
-		},
-		{
-			name:   "passes - self-signed invocation accepts a delegation to itself",
-			issuer: didtest.PersonaAlice,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: []cid.Cid{delegationtest.TokenAliceAliceCID},
-			err:    nil,
-		},
+	t.Parallel()
 
-		// Fails
-		{
-			name:   "fails - no proof",
-			issuer: didtest.PersonaCarol,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: delegationtest.ProofEmpty,
-			err:    invocation.ErrNoProof,
-		},
-		{
-			name:   "fails - missing referenced delegation",
-			issuer: didtest.PersonaCarol,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: []cid.Cid{cid.MustParse(missingTknCIDStr), delegationtest.TokenAliceBobCID},
-			err:    invocation.ErrMissingDelegation,
-		},
-		{
-			name:   "fails - referenced delegation expired",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpired,
-			err:    invocation.ErrTokenInvalidNow,
-		},
-		{
-			name:   "fails - referenced delegation inactive",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidInactive,
-			err:    invocation.ErrTokenInvalidNow,
-		},
-		{
-			name:   "fails - last (or only) delegation not root",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: []cid.Cid{delegationtest.TokenErinFrankCID, delegationtest.TokenDanErinCID, delegationtest.TokenCarolDanCID},
-			err:    invocation.ErrLastNotRoot,
-		},
-		{
-			name:   "fails - broken chain",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: []cid.Cid{delegationtest.TokenCarolDanCID, delegationtest.TokenAliceBobCID},
-			err:    invocation.ErrBrokenChain,
-		},
-		{
-			name:   "fails - first not issued to invoker",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: []cid.Cid{delegationtest.TokenBobCarolCID, delegationtest.TokenAliceBobCID},
-			err:    invocation.ErrBrokenChain,
-		},
-		{
-			name:   "fails - proof chain expands command",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpandedCommand,
-			err:    invocation.ErrCommandNotCovered,
-		},
-		{
-			name:   "fails - invocation expands command",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.ExpandedCommand,
-			args:   emptyArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank,
-			err:    invocation.ErrCommandNotCovered,
-		},
-		{
-			name:   "fails - inconsistent subject",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.ExpandedCommand,
-			args:   emptyArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_InvalidSubject,
-			err:    invocation.ErrWrongSub,
-		},
-		{
-			name:   "fails - arguments don't satisfy example policy",
-			issuer: didtest.PersonaFrank,
-			cmd:    delegationtest.NominalCommand,
-			args:   policytest.SpecInvalidArguments,
-			proofs: delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy,
-			err:    invocation.ErrPolicyNotSatisfied,
-		},
-		{
-			name:   "fails - self-signed invocation refuses a delegation to itself for a different DID",
-			issuer: didtest.PersonaAlice,
-			cmd:    delegationtest.NominalCommand,
-			args:   emptyArguments,
-			proofs: []cid.Cid{delegationtest.TokenBobBobCID},
-			err:    invocation.ErrWrongSub,
-		},
-	} {
-		t.Run(tc.name, func(t *testing.T) {
-			tc.opts = append(tc.opts, invocation.WithArguments(tc.args))
+	t.Run("passes - only root", func(t *testing.T) {
+		t.Parallel()
 
-			tkn, err := invocation.New(tc.issuer.DID(), tc.cmd, didtest.PersonaAlice.DID(), tc.proofs, tc.opts...)
-			require.NoError(t, err)
-
-			t.Log(tkn.String())
-
-			err = tkn.ExecutionAllowed(delegationtest.GetDelegationLoader())
-
-			if tc.err != nil {
-				require.ErrorIs(t, err, tc.err)
-			} else {
-				require.NoError(t, err)
-			}
-		})
-	}
-}
-
-const (
-	nonce      = "6roDhGi0kiNriQAz7J3d+bOeoI/tj8ENikmQNbtjnD0"
-	subjectCmd = "/foo/bar"
-)
-
-func TestConstructors(t *testing.T) {
-	cmd, err := command.Parse(subjectCmd)
-	require.NoError(t, err)
-
-	iat, err := time.Parse(time.RFC3339, "2100-01-01T00:00:00Z")
-	require.NoError(t, err)
-
-	exp, err := time.Parse(time.RFC3339, "2200-01-01T00:00:00Z")
-	require.NoError(t, err)
-
-	t.Run("New", func(t *testing.T) {
-		tkn, err := invocation.New(
-			didtest.PersonaAlice.DID(), cmd, didtest.PersonaBob.DID(),
-			delegationtest.ProofAliceBob,
-			invocation.WithNonce([]byte(nonce)),
-			invocation.WithIssuedAt(iat),
-			invocation.WithExpiration(exp),
-			invocation.WithArgument("foo", "bar"),
-			invocation.WithMeta("baz", 123),
-		)
-		require.NoError(t, err)
-
-		require.False(t, tkn.IsSelfSigned())
-
-		data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey())
-		require.NoError(t, err)
-
-		require.JSONEq(t, string(newDagJson), string(data))
+		testPasses(t, didtest.PersonaBob, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBob)
 	})
 
-	t.Run("Self-Signed", func(t *testing.T) {
-		tkn, err := invocation.NewSelfSigned(
-			didtest.PersonaAlice.DID(), cmd,
-			invocation.WithNonce([]byte(nonce)),
-			invocation.WithIssuedAt(iat),
-			invocation.WithExpiration(exp),
-			invocation.WithArgument("foo", "bar"),
-			invocation.WithMeta("baz", 123),
-		)
-		require.NoError(t, err)
+	t.Run("passes - valid chain", func(t *testing.T) {
+		t.Parallel()
 
-		require.True(t, tkn.IsSelfSigned())
-
-		data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey())
-		require.NoError(t, err)
-
-		require.JSONEq(t, string(selfsignedDagJson), string(data))
+		testPasses(t, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank)
 	})
+
+	t.Run("passes - proof chain attenuates command", func(t *testing.T) {
+		t.Parallel()
+
+		testPasses(t, didtest.PersonaFrank, delegationtest.AttenuatedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_ValidAttenuatedCommand)
+	})
+
+	t.Run("passes - invocation attenuates command", func(t *testing.T) {
+		t.Parallel()
+
+		testPasses(t, didtest.PersonaFrank, delegationtest.AttenuatedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank)
+	})
+
+	t.Run("passes - arguments satisfy empty policy", func(t *testing.T) {
+		t.Parallel()
+
+		testPasses(t, didtest.PersonaFrank, delegationtest.NominalCommand, policytest.SpecValidArguments, delegationtest.ProofAliceBobCarolDanErinFrank)
+	})
+
+	t.Run("passes - arguments satify example policy", func(t *testing.T) {
+		t.Parallel()
+
+		testPasses(t, didtest.PersonaFrank, delegationtest.NominalCommand, policytest.SpecValidArguments, delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy)
+	})
+
+	t.Run("fails - no proof", func(t *testing.T) {
+		t.Parallel()
+
+		testFails(t, invocation.ErrNoProof, didtest.PersonaCarol, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofEmpty)
+	})
+
+	t.Run("fails - missing referenced delegation", func(t *testing.T) {
+		t.Parallel()
+
+		missingTknCID, err := cid.Parse(missingTknCIDStr)
+		require.NoError(t, err)
+
+		prf := []cid.Cid{missingTknCID, delegationtest.TokenAliceBobCID}
+		testFails(t, invocation.ErrMissingDelegation, didtest.PersonaCarol, delegationtest.NominalCommand, emptyArguments, prf)
+	})
+
+	t.Run("fails - referenced delegation expired", func(t *testing.T) {
+		t.Parallel()
+
+		testFails(t, invocation.ErrTokenInvalidNow, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpired)
+
+	})
+
+	t.Run("fails - referenced delegation inactive", func(t *testing.T) {
+		t.Parallel()
+
+		testFails(t, invocation.ErrTokenInvalidNow, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidInactive)
+	})
+
+	t.Run("fails - last (or only) delegation not root", func(t *testing.T) {
+		t.Parallel()
+
+		prf := []cid.Cid{delegationtest.TokenErinFrankCID, delegationtest.TokenDanErinCID, delegationtest.TokenCarolDanCID}
+		testFails(t, invocation.ErrLastNotRoot, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, prf)
+	})
+
+	t.Run("fails - broken chain", func(t *testing.T) {
+		t.Parallel()
+
+		prf := []cid.Cid{delegationtest.TokenCarolDanCID, delegationtest.TokenAliceBobCID}
+		testFails(t, invocation.ErrBrokenChain, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, prf)
+	})
+
+	t.Run("fails - first not issued to invoker", func(t *testing.T) {
+		t.Parallel()
+
+		prf := []cid.Cid{delegationtest.TokenBobCarolCID, delegationtest.TokenAliceBobCID}
+		testFails(t, invocation.ErrBrokenChain, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, prf)
+	})
+
+	t.Run("fails - proof chain expands command", func(t *testing.T) {
+		t.Parallel()
+
+		testFails(t, invocation.ErrCommandNotCovered, didtest.PersonaFrank, delegationtest.NominalCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidExpandedCommand)
+	})
+
+	t.Run("fails - invocation expands command", func(t *testing.T) {
+		t.Parallel()
+
+		testFails(t, invocation.ErrCommandNotCovered, didtest.PersonaFrank, delegationtest.ExpandedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank)
+	})
+
+	t.Run("fails - inconsistent subject", func(t *testing.T) {
+		t.Parallel()
+
+		testFails(t, invocation.ErrWrongSub, didtest.PersonaFrank, delegationtest.ExpandedCommand, emptyArguments, delegationtest.ProofAliceBobCarolDanErinFrank_InvalidSubject)
+	})
+
+	t.Run("passes - arguments satisfy example policy", func(t *testing.T) {
+		t.Parallel()
+
+		testFails(t, invocation.ErrPolicyNotSatisfied, didtest.PersonaFrank, delegationtest.NominalCommand, policytest.SpecInvalidArguments, delegationtest.ProofAliceBobCarolDanErinFrank_ValidExamplePolicy)
+	})
+
+}
+
+func test(t *testing.T, persona didtest.Persona, cmd command.Command, args *args.Args, prf []cid.Cid, opts ...invocation.Option) error {
+	t.Helper()
+
+	opts = append(opts, invocation.WithArguments(args))
+
+	tkn, err := invocation.New(persona.DID(), cmd, didtest.PersonaAlice.DID(), prf, opts...)
+	require.NoError(t, err)
+
+	return tkn.ExecutionAllowed(delegationtest.GetDelegationLoader())
+}
+
+func testFails(t *testing.T, expErr error, persona didtest.Persona, cmd command.Command, args *args.Args, prf []cid.Cid, opts ...invocation.Option) {
+	err := test(t, persona, cmd, args, prf, opts...)
+	require.ErrorIs(t, err, expErr)
+}
+
+func testPasses(t *testing.T, persona didtest.Persona, cmd command.Command, args *args.Args, prf []cid.Cid, opts ...invocation.Option) {
+	err := test(t, persona, cmd, args, prf, opts...)
+	require.NoError(t, err)
 }

token/invocation/ipld.go

@@ -3,8 +3,8 @@ package invocation
 import (
 	"io"
 
-	"github.com/MetaMask/go-did-it"
-	"github.com/MetaMask/go-did-it/crypto"
+	"code.sonr.org/go/did-it"
+	"code.sonr.org/go/did-it/crypto"
 	"github.com/ipfs/go-cid"
 	"github.com/ipld/go-ipld-prime"
 	"github.com/ipld/go-ipld-prime/codec"
@@ -12,7 +12,7 @@ import (
 	"github.com/ipld/go-ipld-prime/codec/dagjson"
 	"github.com/ipld/go-ipld-prime/datamodel"
 
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/token/internal/envelope"
 )
 
 // ToSealed wraps the invocation token in an envelope, generates the

token/invocation/ipld_test.go

@@ -7,7 +7,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
 func TestSealUnsealRoundtrip(t *testing.T) {

token/invocation/options.go

@@ -3,10 +3,10 @@ package invocation
 import (
 	"time"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 	"github.com/ipfs/go-cid"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/args"
 )
 
 // Option is a type that allows optional fields to be set during the

token/invocation/proof.go

@@ -4,9 +4,9 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/token/delegation"
 )
 
 // # Invocation token validation
@@ -18,11 +18,11 @@ import (
 //  1. When a token is read/unsealed from its containing envelope (`envelope` package):
 //     a. The envelope can be decoded.
 //     b. The envelope contains a Signature, VarsigHeader and Payload.
-//     c. The Payload contains an iss field that contains a valid DID.
-//     d. One or more public keys can be derived from the DID.
-//     e. One or more public keys are supported by go-ucan.
+//     c. The Payload contains an iss field that contains a valid `did:key`.
+//     d. The public key can be extracted from the `did:key`.
+//     e. The public key type is supported by go-ucan.
 //     f. The Signature can be decoded per the VarsigHeader.
-//     g. The SigPayload can be verified using the Signature and one public key.
+//     g. The SigPayload can be verified using the Signature and public key.
 //     h. The field key of the TokenPayload matches the expected tag.
 //
 //  2. When the token is created or passes step one (token constructor or decoder):
@@ -35,7 +35,7 @@ import (
 //     c. All the delegation must be active (nbf in the past or absent).
 //
 //  4. When the proof chain is being validated (verifyProofs below):
-//     a. Self-signed invocations (issuer == subject) are allowed and don't require further proof. Otherwise, proof is required.
+//     a. There must be at least one delegation in the proof chain.
 //     b. All referenced delegations must be available.
 //     c. The first proof must be issued to the Invoker (audience DID).
 //     d. The Issuer of each delegation must be the Audience in the next one.
@@ -51,11 +51,8 @@ import (
 // - principal alignment
 // - command alignment
 func (t *Token) verifyProofs(delegations []*delegation.Token) error {
-	// Self-signed invocations (issuer == subject) are allowed and don't require further proof. Otherwise, proof is required. - 4a
-	if len(delegations) == 0 && t.issuer.Equal(t.subject) {
-		return nil
-	}
-	if len(delegations) == 0 {
+	// There must be at least one delegation referenced - 4a
+	if len(delegations) < 1 {
 		return ErrNoProof
 	}
 

token/invocation/schema.go

@@ -10,9 +10,9 @@ import (
 	"github.com/ipld/go-ipld-prime/node/bindnode"
 	"github.com/ipld/go-ipld-prime/schema"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
-	"github.com/ucan-wg/go-ucan/pkg/meta"
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/meta"
+	"code.sonr.org/go/ucan/token/internal/envelope"
 )
 
 // [Tag] is the string used as a key within the SigPayload that identifies

token/invocation/schema_test.go

@@ -2,25 +2,21 @@ package invocation_test
 
 import (
 	"bytes"
-	_ "embed"
 	"encoding/base64"
 	"testing"
 
-	"github.com/MetaMask/go-did-it/crypto"
-	"github.com/MetaMask/go-did-it/crypto/ed25519"
+	"code.sonr.org/go/did-it/crypto"
+	"code.sonr.org/go/did-it/crypto/ed25519"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
-//go:embed testdata/full_example.dagjson
-var fullExampleDagJson []byte
-
 const (
 	issuerPrivKeyCfg = "BeAgktAj8irGgWjp4PGk/fV67e5CcML/KRmmHSldco3etP5lRiuYQ+VVO/39ol3XXruJC8deSuBxoEXzgdYpYw=="
-	fullExampleCID   = "zdpuB1NjhETofEUp5iYzoHjSc2KKgZvSoT6FBaLMoVzzsxiR1"
+	newCID           = "zdpuB1NjhETofEUp5iYzoHjSc2KKgZvSoT6FBaLMoVzzsxiR1"
 )
 
 func TestSchemaRoundTrip(t *testing.T) {
@@ -34,12 +30,12 @@ func TestSchemaRoundTrip(t *testing.T) {
 		// format:    dagJson   -->   PayloadModel   -->   dagCbor   -->   PayloadModel   -->   dagJson
 		// function:      DecodeDagJson()           Seal()        Unseal()          EncodeDagJson()
 
-		p1, err := invocation.FromDagJson(fullExampleDagJson)
+		p1, err := invocation.FromDagJson(newDagJson)
 		require.NoError(t, err)
 
 		cborBytes, id, err := p1.ToSealed(privKey)
 		require.NoError(t, err)
-		assert.Equal(t, fullExampleCID, envelope.CIDToBase58BTC(id))
+		assert.Equal(t, newCID, envelope.CIDToBase58BTC(id))
 
 		p2, c2, err := invocation.FromSealed(cborBytes)
 		require.NoError(t, err)
@@ -48,13 +44,13 @@ func TestSchemaRoundTrip(t *testing.T) {
 		readJson, err := p2.ToDagJson(privKey)
 		require.NoError(t, err)
 
-		assert.JSONEq(t, string(fullExampleDagJson), string(readJson))
+		assert.JSONEq(t, string(newDagJson), string(readJson))
 	})
 
 	t.Run("via streaming", func(t *testing.T) {
 		t.Parallel()
 
-		buf := bytes.NewBuffer(fullExampleDagJson)
+		buf := bytes.NewBuffer(newDagJson)
 
 		// format:    dagJson   -->   PayloadModel   -->   dagCbor   -->   PayloadModel   -->   dagJson
 		// function:      DecodeDagJson()           Seal()         Unseal()         EncodeDagJson()
@@ -65,7 +61,7 @@ func TestSchemaRoundTrip(t *testing.T) {
 		cborBytes := &bytes.Buffer{}
 		id, err := p1.ToSealedWriter(cborBytes, privKey)
 		require.NoError(t, err)
-		assert.Equal(t, fullExampleCID, envelope.CIDToBase58BTC(id))
+		assert.Equal(t, newCID, envelope.CIDToBase58BTC(id))
 
 		p2, c2, err := invocation.FromSealedReader(cborBytes)
 		require.NoError(t, err)
@@ -74,7 +70,7 @@ func TestSchemaRoundTrip(t *testing.T) {
 		readJson := &bytes.Buffer{}
 		require.NoError(t, p2.ToDagJsonWriter(readJson, privKey))
 
-		assert.JSONEq(t, string(fullExampleDagJson), readJson.String())
+		assert.JSONEq(t, string(newDagJson), readJson.String())
 	})
 }
 

token/invocation/testdata/full_example.dagjson

@@ -1 +0,0 @@
-[{"/":{"bytes":"tRKNRahqwdyR6OpytuGIdcYI7HxXvKI5I594zznCLbN2C6WP5f8FIfIQlo0Nnqg4xFgKjJGAbIEVqeCZdib1Dw"}},{"h":{"/":{"bytes":"NAHtAe0BE3E"}},"ucan/inv@1.0.0-rc.1":{"args":{"headers":{"Content-Type":"application/json"},"payload":{"body":"UCAN is great","draft":true,"title":"UCAN for Fun and Profit","topics":["authz","journal"]},"uri":"https://example.com/blog/posts"},"cmd":"/crud/create","exp":1753965668,"iss":"did:key:z6MkuScdGeTmbWubyoWWpPmX9wkwdZAshkTcLKb1bf4Cyj8N","meta":{"env":"development","tags":["blog","post","pr#123"]},"nonce":{"/":{"bytes":"BBR5znl7VpRof4ac"}},"prf":[{"/":"bafyreigx3qxd2cndpe66j2mdssj773ecv7tqd7wovcnz5raguw6lj7sjoe"},{"/":"bafyreib34ira254zdqgehz6f2bhwme2ja2re3ltcalejv4x4tkcveujvpa"},{"/":"bafyreibkb66tpo2ixqx3fe5hmekkbuasrod6olt5bwm5u5pi726mduuwlq"}],"sub":"did:key:z6MkuQU8kqxCAUeurotHyrnMgkMUBtJN8ozYxkwctnop4zzB"}}]

token/invocation/testdata/new.dagjson

@@ -1 +1 @@
-[{"/":{"bytes":"8BxXBbXtPVoqn/z804w2w2gZH9m6kT55ivv7u2kxqptAfDcFzlRWBu3YKE9ijfIezpa79Btq5ja0PpqwjfSLAw"}},{"h":{"/":{"bytes":"NAHtAe0BE3E"}},"ucan/inv@1.0.0-rc.1":{"args":{"foo":"bar"},"cmd":"/foo/bar","exp":7258118400,"iat":4102444800,"iss":"did:key:z6MknUz1mSj4pvS6aUUHekCHdUPv7HBhDyDBZQ2W3Vujc5qC","meta":{"baz":123},"nonce":{"/":{"bytes":"NnJvRGhHaTBraU5yaVFBejdKM2QrYk9lb0kvdGo4RU5pa21RTmJ0am5EMA"}},"prf":[{"/":"bafyreifa35rjstdm37cjudzs72ab22rnh5blny725khtapox63fnsj6pbe"}],"sub":"did:key:z6Mkf4WtCwPDtamsZvBJA4eSVcE7vZuRPy5Skm4HaoQv81i1"}}]
+[{"/":{"bytes":"tRKNRahqwdyR6OpytuGIdcYI7HxXvKI5I594zznCLbN2C6WP5f8FIfIQlo0Nnqg4xFgKjJGAbIEVqeCZdib1Dw"}},{"h":{"/":{"bytes":"NAHtAe0BE3E"}},"ucan/inv@1.0.0-rc.1":{"args":{"headers":{"Content-Type":"application/json"},"payload":{"body":"UCAN is great","draft":true,"title":"UCAN for Fun and Profit","topics":["authz","journal"]},"uri":"https://example.com/blog/posts"},"cmd":"/crud/create","exp":1753965668,"iss":"did:key:z6MkuScdGeTmbWubyoWWpPmX9wkwdZAshkTcLKb1bf4Cyj8N","meta":{"env":"development","tags":["blog","post","pr#123"]},"nonce":{"/":{"bytes":"BBR5znl7VpRof4ac"}},"prf":[{"/":"bafyreigx3qxd2cndpe66j2mdssj773ecv7tqd7wovcnz5raguw6lj7sjoe"},{"/":"bafyreib34ira254zdqgehz6f2bhwme2ja2re3ltcalejv4x4tkcveujvpa"},{"/":"bafyreibkb66tpo2ixqx3fe5hmekkbuasrod6olt5bwm5u5pi726mduuwlq"}],"sub":"did:key:z6MkuQU8kqxCAUeurotHyrnMgkMUBtJN8ozYxkwctnop4zzB"}}]

token/invocation/testdata/selfsigned.dagjson

@@ -1 +0,0 @@
-[{"/":{"bytes":"ejXoQIdp3OGXewEkfQF4Z4Vd8c3H0XF319dsNh5DEP/2l9Nt9H1IhMpks1+HXoYFOKN3QmtxpPMoYmf/rhKaAQ"}},{"h":{"/":{"bytes":"NAHtAe0BE3E"}},"ucan/inv@1.0.0-rc.1":{"args":{"foo":"bar"},"cmd":"/foo/bar","exp":7258118400,"iat":4102444800,"iss":"did:key:z6MknUz1mSj4pvS6aUUHekCHdUPv7HBhDyDBZQ2W3Vujc5qC","meta":{"baz":123},"nonce":{"/":{"bytes":"NnJvRGhHaTBraU5yaVFBejdKM2QrYk9lb0kvdGo4RU5pa21RTmJ0am5EMA"}},"prf":[],"sub":"did:key:z6MknUz1mSj4pvS6aUUHekCHdUPv7HBhDyDBZQ2W3Vujc5qC"}}]

token/read.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 	"github.com/ipfs/go-cid"
 	"github.com/ipld/go-ipld-prime"
 	"github.com/ipld/go-ipld-prime/codec"
@@ -12,9 +12,9 @@ import (
 	"github.com/ipld/go-ipld-prime/codec/dagjson"
 	"github.com/ipld/go-ipld-prime/datamodel"
 
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/internal/envelope"
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/internal/envelope"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
 // FromSealed decodes an arbitrary token type from the binary data,

toolkit/_example/_protocol-issuer/request-resolver.go

@@ -4,10 +4,10 @@ import (
 	"encoding/json"
 	"net/http"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/toolkit/issuer"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/toolkit/issuer"
 )
 
 func RequestResolver(r *http.Request) (*issuer.ResolvedRequest, error) {

toolkit/_example/_protocol-issuer/requester.go

@@ -8,13 +8,13 @@ import (
 	"log"
 	"net/http"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/token/delegation"
 
-	"github.com/ucan-wg/go-ucan/toolkit/client"
-	"github.com/ucan-wg/go-ucan/toolkit/issuer"
+	"code.sonr.org/go/ucan/toolkit/client"
+	"code.sonr.org/go/ucan/toolkit/issuer"
 )
 
 var _ client.DelegationRequester = &Requester{}

toolkit/_example/alice-client-issuer/alice.go

@@ -13,20 +13,20 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
-	"github.com/MetaMask/go-did-it/crypto"
+	"code.sonr.org/go/did-it"
+	"code.sonr.org/go/did-it/crypto"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/container"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/container"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/token/delegation"
 
-	example "github.com/ucan-wg/go-ucan/toolkit/_example"
-	protocol "github.com/ucan-wg/go-ucan/toolkit/_example/_protocol-issuer"
-	"github.com/ucan-wg/go-ucan/toolkit/client"
-	"github.com/ucan-wg/go-ucan/toolkit/issuer"
-	"github.com/ucan-wg/go-ucan/toolkit/server/bearer"
+	example "code.sonr.org/go/ucan/toolkit/_example"
+	protocol "code.sonr.org/go/ucan/toolkit/_example/_protocol-issuer"
+	"code.sonr.org/go/ucan/toolkit/client"
+	"code.sonr.org/go/ucan/toolkit/issuer"
+	"code.sonr.org/go/ucan/toolkit/server/bearer"
 )
 
 func main() {

toolkit/_example/bob-client/bob.go

@@ -12,17 +12,17 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
-	didkeyctl "github.com/MetaMask/go-did-it/controller/did-key"
-	"github.com/MetaMask/go-did-it/crypto/ed25519"
+	"code.sonr.org/go/did-it"
+	didkeyctl "code.sonr.org/go/did-it/controller/did-key"
+	"code.sonr.org/go/did-it/crypto/ed25519"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/container"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/container"
 
-	example "github.com/ucan-wg/go-ucan/toolkit/_example"
-	protocol "github.com/ucan-wg/go-ucan/toolkit/_example/_protocol-issuer"
-	"github.com/ucan-wg/go-ucan/toolkit/client"
-	"github.com/ucan-wg/go-ucan/toolkit/server/bearer"
+	example "code.sonr.org/go/ucan/toolkit/_example"
+	protocol "code.sonr.org/go/ucan/toolkit/_example/_protocol-issuer"
+	"code.sonr.org/go/ucan/toolkit/client"
+	"code.sonr.org/go/ucan/toolkit/server/bearer"
 )
 
 func main() {

toolkit/_example/service-issuer/issuer.go

@@ -11,17 +11,17 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
-	"github.com/MetaMask/go-did-it/crypto"
+	"code.sonr.org/go/did-it"
+	"code.sonr.org/go/did-it/crypto"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/token/delegation"
 
-	example "github.com/ucan-wg/go-ucan/toolkit/_example"
-	protocol "github.com/ucan-wg/go-ucan/toolkit/_example/_protocol-issuer"
-	"github.com/ucan-wg/go-ucan/toolkit/issuer"
+	example "code.sonr.org/go/ucan/toolkit/_example"
+	protocol "code.sonr.org/go/ucan/toolkit/_example/_protocol-issuer"
+	"code.sonr.org/go/ucan/toolkit/issuer"
 )
 
 func main() {

toolkit/_example/service/service.go

@@ -9,10 +9,10 @@ import (
 	"os/signal"
 	"syscall"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 
-	example "github.com/ucan-wg/go-ucan/toolkit/_example"
-	"github.com/ucan-wg/go-ucan/toolkit/server/exectx"
+	example "code.sonr.org/go/ucan/toolkit/_example"
+	"code.sonr.org/go/ucan/toolkit/server/exectx"
 )
 
 func main() {

toolkit/_example/shared_values.go

@@ -3,10 +3,10 @@ package example
 import (
 	"encoding/base64"
 
-	"github.com/MetaMask/go-did-it"
-	didkeyctl "github.com/MetaMask/go-did-it/controller/did-key"
-	"github.com/MetaMask/go-did-it/crypto"
-	"github.com/MetaMask/go-did-it/crypto/ed25519"
+	"code.sonr.org/go/did-it"
+	didkeyctl "code.sonr.org/go/did-it/controller/did-key"
+	"code.sonr.org/go/did-it/crypto"
+	"code.sonr.org/go/did-it/crypto/ed25519"
 )
 
 // Endpoints

toolkit/client/client.go

@@ -5,15 +5,15 @@ import (
 	"fmt"
 	"iter"
 
-	"github.com/MetaMask/go-did-it"
-	"github.com/MetaMask/go-did-it/crypto"
+	"code.sonr.org/go/did-it"
+	"code.sonr.org/go/did-it/crypto"
 	"github.com/ipfs/go-cid"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/container"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/container"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
 type Client struct {

toolkit/client/client_test.go

@@ -6,13 +6,13 @@ import (
 	"iter"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
-	"github.com/MetaMask/go-did-it/didtest"
+	"code.sonr.org/go/did-it"
+	"code.sonr.org/go/did-it/didtest"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
 func ExampleNewClient() {

toolkit/client/clientissuer.go

@@ -5,12 +5,12 @@ import (
 	"fmt"
 	"iter"
 
-	"github.com/MetaMask/go-did-it"
-	"github.com/MetaMask/go-did-it/crypto"
+	"code.sonr.org/go/did-it"
+	"code.sonr.org/go/did-it/crypto"
 	"github.com/ipfs/go-cid"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/token/delegation"
 )
 
 // DlgIssuingLogic is a function that decides what powers are given to a client.

toolkit/client/pool.go

@@ -6,11 +6,11 @@ import (
 	"sync"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 	"github.com/ipfs/go-cid"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/token/delegation"
 )
 
 type Pool struct {

toolkit/client/proof.go

@@ -4,11 +4,11 @@ import (
 	"iter"
 	"math"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 	"github.com/ipfs/go-cid"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/token/delegation"
 )
 
 // FindProof find in the pool the best (shortest, smallest in bytes) chain of delegation(s) matching the given invocation parameters.
@@ -21,7 +21,8 @@ import (
 // Note: the returned delegation(s) don't have to match exactly the parameters, as long as they allow them.
 // Note: the implemented algorithm won't perform well with a large number of delegations.
 func FindProof(dlgs func() iter.Seq[*delegation.Bundle], issuer did.DID, cmd command.Command, subject did.DID) []cid.Cid {
-	continuePath := func(dlg *delegation.Token, issuer did.DID, cmd command.Command, subject did.DID) bool {
+	// TODO: maybe that should be part of delegation.Token directly?
+	dlgMatch := func(dlg *delegation.Token, issuer did.DID, cmd command.Command, subject did.DID) bool {
 		// The Subject of each delegation must equal the invocation's Subject (or Audience if defined). - 4f
 		if !dlg.Subject().Equal(subject) {
 			return false
@@ -46,7 +47,7 @@ func FindProof(dlgs func() iter.Seq[*delegation.Bundle], issuer did.DID, cmd com
 	var candidateLeaf []*delegation.Bundle
 
 	for bundle := range dlgs() {
-		if !continuePath(bundle.Decoded, issuer, cmd, subject) {
+		if !dlgMatch(bundle.Decoded, issuer, cmd, subject) {
 			continue
 		}
 		candidateLeaf = append(candidateLeaf, bundle)
@@ -82,12 +83,7 @@ func FindProof(dlgs func() iter.Seq[*delegation.Bundle], issuer did.DID, cmd com
 
 			// find parent delegation for our current delegation
 			for candidate := range dlgs() {
-				// Prune the delegations that don't match the current proof.
-				if !continuePath(candidate.Decoded, at.Decoded.Issuer(), at.Decoded.Command(), subject) {
-					continue
-				}
-				// Prune the self-delegations as they can't get us closer to what we are looking for.
-				if candidate.Decoded.Issuer().Equal(candidate.Decoded.Audience()) {
+				if !dlgMatch(candidate.Decoded, at.Decoded.Issuer(), at.Decoded.Command(), subject) {
 					continue
 				}
 

toolkit/client/proof_test.go

@@ -4,14 +4,12 @@ import (
 	"iter"
 	"testing"
 
-	"github.com/MetaMask/go-did-it"
-	"github.com/MetaMask/go-did-it/didtest"
-	"github.com/ipfs/go-cid"
+	"code.sonr.org/go/did-it/didtest"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/delegation/delegationtest"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/delegation/delegationtest"
 )
 
 func TestFindProof(t *testing.T) {
@@ -25,76 +23,17 @@ func TestFindProof(t *testing.T) {
 		}
 	}
 
-	for _, tc := range []struct {
-		name     string
-		issuer   did.DID
-		command  command.Command
-		subject  did.DID
-		expected []cid.Cid
-	}{
-		// Passes
-		{
-			name:     "Alice --> Alice (self-delegation)",
-			issuer:   didtest.PersonaAlice.DID(),
-			command:  delegationtest.NominalCommand,
-			subject:  didtest.PersonaAlice.DID(),
-			expected: []cid.Cid{delegationtest.TokenAliceAliceCID},
-		},
-		{
-			name:     "Alice --> Bob",
-			issuer:   didtest.PersonaBob.DID(),
-			command:  delegationtest.NominalCommand,
-			subject:  didtest.PersonaAlice.DID(),
-			expected: delegationtest.ProofAliceBob,
-		},
-		{
-			name:     "Alice --> Bob --> Carol",
-			issuer:   didtest.PersonaCarol.DID(),
-			command:  delegationtest.NominalCommand,
-			subject:  didtest.PersonaAlice.DID(),
-			expected: delegationtest.ProofAliceBobCarol,
-		},
-		{
-			name:     "Alice --> Bob --> Carol --> Dan",
-			issuer:   didtest.PersonaDan.DID(),
-			command:  delegationtest.NominalCommand,
-			subject:  didtest.PersonaAlice.DID(),
-			expected: delegationtest.ProofAliceBobCarolDan,
-		},
-		{
-			name:     "Alice --> Bob --> Carol --> Dan --> Erin",
-			issuer:   didtest.PersonaErin.DID(),
-			command:  delegationtest.NominalCommand,
-			subject:  didtest.PersonaAlice.DID(),
-			expected: delegationtest.ProofAliceBobCarolDanErin,
-		},
-		{
-			name:     "Alice --> Bob --> Carol --> Dan --> Erin --> Frank",
-			issuer:   didtest.PersonaFrank.DID(),
-			command:  delegationtest.NominalCommand,
-			subject:  didtest.PersonaAlice.DID(),
-			expected: delegationtest.ProofAliceBobCarolDanErinFrank,
-		},
+	require.Equal(t, delegationtest.ProofAliceBob,
+		FindProof(dlgs, didtest.PersonaBob.DID(), delegationtest.NominalCommand, didtest.PersonaAlice.DID()))
+	require.Equal(t, delegationtest.ProofAliceBobCarol,
+		FindProof(dlgs, didtest.PersonaCarol.DID(), delegationtest.NominalCommand, didtest.PersonaAlice.DID()))
+	require.Equal(t, delegationtest.ProofAliceBobCarolDan,
+		FindProof(dlgs, didtest.PersonaDan.DID(), delegationtest.NominalCommand, didtest.PersonaAlice.DID()))
+	require.Equal(t, delegationtest.ProofAliceBobCarolDanErin,
+		FindProof(dlgs, didtest.PersonaErin.DID(), delegationtest.NominalCommand, didtest.PersonaAlice.DID()))
+	require.Equal(t, delegationtest.ProofAliceBobCarolDanErinFrank,
+		FindProof(dlgs, didtest.PersonaFrank.DID(), delegationtest.NominalCommand, didtest.PersonaAlice.DID()))
 
-		// Fails
-		{
-			name:     "wrong command",
-			issuer:   didtest.PersonaBob.DID(),
-			command:  command.New("foo"),
-			subject:  didtest.PersonaAlice.DID(),
-			expected: nil,
-		},
-		{
-			name:     "wrong subject",
-			issuer:   didtest.PersonaBob.DID(),
-			command:  delegationtest.NominalCommand,
-			subject:  didtest.PersonaDan.DID(),
-			expected: nil,
-		},
-	} {
-		t.Run(tc.name, func(t *testing.T) {
-			res := FindProof(dlgs, tc.issuer, tc.command, tc.subject)
-			require.Equal(t, tc.expected, res)
-		})
-	}
+	// wrong command
+	require.Empty(t, FindProof(dlgs, didtest.PersonaBob.DID(), command.New("foo"), didtest.PersonaAlice.DID()))
 }

toolkit/client/requester.go

@@ -5,11 +5,11 @@ import (
 	"iter"
 	"time"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 	"github.com/avast/retry-go/v4"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/token/delegation"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/token/delegation"
 )
 
 type DelegationRequester interface {

toolkit/issuer/http_wrapper.go

@@ -6,12 +6,12 @@ import (
 	"iter"
 	"net/http"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/container"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/toolkit/client"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/container"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/toolkit/client"
 )
 
 type RequestResolver func(r *http.Request) (*ResolvedRequest, error)

toolkit/issuer/root_issuer.go

@@ -5,13 +5,13 @@ import (
 	"fmt"
 	"iter"
 
-	"github.com/MetaMask/go-did-it"
-	didkeyctl "github.com/MetaMask/go-did-it/controller/did-key"
-	"github.com/MetaMask/go-did-it/crypto"
+	"code.sonr.org/go/did-it"
+	didkeyctl "code.sonr.org/go/did-it/controller/did-key"
+	"code.sonr.org/go/did-it/crypto"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/toolkit/client"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/toolkit/client"
 )
 
 // RootIssuingLogic is a function that decides what powers are given to a client.

toolkit/server/bearer/bearer.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/ucan-wg/go-ucan/pkg/container"
+	"code.sonr.org/go/ucan/pkg/container"
 )
 
 var ErrNoUcan = fmt.Errorf("no ucan")

toolkit/server/bearer/bearer_test.go

@@ -4,11 +4,11 @@ import (
 	"net/http"
 	"testing"
 
-	_ "github.com/MetaMask/go-did-it/verifiers/did-key"
+	_ "code.sonr.org/go/did-it/verifiers/did-key"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/container"
-	"github.com/ucan-wg/go-ucan/pkg/container/containertest"
+	"code.sonr.org/go/ucan/pkg/container"
+	"code.sonr.org/go/ucan/pkg/container/containertest"
 )
 
 func TestHTTPBearer(t *testing.T) {

toolkit/server/exectx/middlewares.go

@@ -4,9 +4,9 @@ import (
 	"errors"
 	"net/http"
 
-	"github.com/MetaMask/go-did-it"
+	"code.sonr.org/go/did-it"
 
-	"github.com/ucan-wg/go-ucan/toolkit/server/bearer"
+	"code.sonr.org/go/ucan/toolkit/server/bearer"
 )
 
 // ExtractMW returns an HTTP middleware tasked with:

toolkit/server/exectx/middlewares_test.go

@@ -6,13 +6,13 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/MetaMask/go-did-it/didtest"
+	"code.sonr.org/go/did-it/didtest"
 	"github.com/ipfs/go-cid"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/container"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/pkg/container"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
 func TestExtractMW(t *testing.T) {

toolkit/server/exectx/ucanctx.go

@@ -9,14 +9,14 @@ import (
 	"github.com/ipfs/go-cid"
 	"github.com/ipld/go-ipld-prime/datamodel"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/container"
-	"github.com/ucan-wg/go-ucan/pkg/meta"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/invocation"
-	"github.com/ucan-wg/go-ucan/toolkit/server/extargs"
+	"code.sonr.org/go/ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/container"
+	"code.sonr.org/go/ucan/pkg/meta"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/invocation"
+	"code.sonr.org/go/ucan/toolkit/server/extargs"
 )
 
 var _ delegation.Loader = &UcanCtx{}

toolkit/server/exectx/ucanctx_test.go

@@ -8,19 +8,19 @@ import (
 	"testing"
 	"time"
 
-	"github.com/MetaMask/go-did-it/didtest"
+	"code.sonr.org/go/did-it/didtest"
 	"github.com/ipfs/go-cid"
 	"github.com/ipld/go-ipld-prime/datamodel"
 	"github.com/ipld/go-ipld-prime/fluent/qp"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/container"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
-	"github.com/ucan-wg/go-ucan/token/delegation"
-	"github.com/ucan-wg/go-ucan/token/invocation"
-	"github.com/ucan-wg/go-ucan/toolkit/server/exectx"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/container"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/token/delegation"
+	"code.sonr.org/go/ucan/token/invocation"
+	"code.sonr.org/go/ucan/toolkit/server/exectx"
 )
 
 const (

toolkit/server/extargs/custom.go

@@ -9,8 +9,8 @@ import (
 	"github.com/ipld/go-ipld-prime/fluent/qp"
 	"github.com/ipld/go-ipld-prime/node/basicnode"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/policy"
 )
 
 type CustomExtArgs struct {

toolkit/server/extargs/custom_test.go

@@ -8,8 +8,8 @@ import (
 	"github.com/ipld/go-ipld-prime/fluent/qp"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
 )
 
 func ExampleCustomExtArgs() {

toolkit/server/extargs/http.go

@@ -14,9 +14,9 @@ import (
 	"github.com/ipld/go-ipld-prime/node/basicnode"
 	"github.com/multiformats/go-multihash"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
 // HttpArgsKey is the key in the args, used for:

toolkit/server/extargs/http_test.go

@@ -5,15 +5,15 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/MetaMask/go-did-it/didtest"
+	"code.sonr.org/go/did-it/didtest"
 	"github.com/multiformats/go-multihash"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ucan-wg/go-ucan/pkg/args"
-	"github.com/ucan-wg/go-ucan/pkg/command"
-	"github.com/ucan-wg/go-ucan/pkg/policy"
-	"github.com/ucan-wg/go-ucan/pkg/policy/literal"
-	"github.com/ucan-wg/go-ucan/token/invocation"
+	"code.sonr.org/go/ucan/pkg/args"
+	"code.sonr.org/go/ucan/pkg/command"
+	"code.sonr.org/go/ucan/pkg/policy"
+	"code.sonr.org/go/ucan/pkg/policy/literal"
+	"code.sonr.org/go/ucan/token/invocation"
 )
 
 func TestHttp(t *testing.T) {