feat: migrate refimpls from draft-00 to draft-01 claim names

- Rename `par` to `pred` (predecessor) in types, serialization, tests - Remove `pol`, `pol_decision` from core payload; move to `ect_ext` - Remove `sub` from payload (not part of ECT spec) - Update `typ` from `wimse-exec+jwt` to `exec+jwt` (accept both) - Rename MaxParLength to MaxPredLength everywhere - Update testdata, demos, READMEs with migration table - All Go tests pass, all 56 Python tests pass (90% coverage)
2026-04-03 10:55:58 +02:00
parent ba044f6626
commit 884d2dc836
33 changed files with 416 additions and 481 deletions
--- a/refimpl/go-lang/ect/create_test.go
+++ b/refimpl/go-lang/ect/create_test.go
@@ -15,15 +15,13 @@ func TestCreateRoundtrip(t *testing.T) {
 	}
 	now := time.Now()
 	payload := &Payload{
-		Iss:         "spiffe://example.com/agent/a",
-		Aud:         []string{"spiffe://example.com/agent/b"},
-		Iat:         now.Unix(),
-		Exp:         now.Add(10 * time.Minute).Unix(),
-		Jti:         "e4f5a6b7-c8d9-0123-ef01-234567890abc",
-		ExecAct:     "review_spec",
-		Par:         []string{},
-		Pol:         "spec_review_policy_v2",
-		PolDecision: PolDecisionApproved,
+		Iss:     "spiffe://example.com/agent/a",
+		Aud:     []string{"spiffe://example.com/agent/b"},
+		Iat:     now.Unix(),
+		Exp:     now.Add(10 * time.Minute).Unix(),
+		Jti:     "e4f5a6b7-c8d9-0123-ef01-234567890abc",
+		ExecAct: "review_spec",
+		Pred:    []string{},
 	}
 	compact, err := Create(payload, key, CreateOptions{KeyID: "agent-a-key-1"})
 	if err != nil {
@@ -68,7 +66,7 @@ func TestDefaultCreateOptions(t *testing.T) {

 func TestCreate_Errors(t *testing.T) {
 	key, _ := GenerateKey()
-	payload := &Payload{Iss: "i", Aud: []string{"a"}, Jti: "j", ExecAct: "e", Par: []string{}, Pol: "p", PolDecision: PolDecisionApproved, Iat: 1, Exp: 2}
+	payload := &Payload{Iss: "i", Aud: []string{"a"}, Jti: "j", ExecAct: "e", Pred: []string{}, Iat: 1, Exp: 2}
 	if _, err := Create(nil, key, CreateOptions{KeyID: "k"}); err == nil {
 		t.Error("expected error for nil payload")
 	}
@@ -85,7 +83,7 @@ func TestCreate_OptionalPol(t *testing.T) {
 	now := time.Now()
 	payload := &Payload{
 		Iss: "iss", Aud: []string{"aud"}, Iat: now.Unix(), Exp: now.Add(time.Hour).Unix(),
-		Jti: "jti-nopol", ExecAct: "act", Par: []string{},
+		Jti: "jti-nopol", ExecAct: "act", Pred: []string{},
 	}
 	compact, err := Create(payload, key, CreateOptions{KeyID: "kid"})
 	if err != nil {
@@ -100,7 +98,7 @@ func TestCreate_ZeroExpiryUsesDefault(t *testing.T) {
 	key, _ := GenerateKey()
 	payload := &Payload{
 		Iss: "i", Aud: []string{"a"}, Iat: 0, Exp: 0,
-		Jti: "jti-z", ExecAct: "e", Par: []string{},
+		Jti: "jti-z", ExecAct: "e", Pred: []string{},
 	}
 	_, err := Create(payload, key, CreateOptions{KeyID: "kid", DefaultExpiry: 5 * time.Minute})
 	if err != nil {
@@ -115,7 +113,7 @@ func TestCreate_ExtCompensationReasonRequiresRequired(t *testing.T) {
 	key, _ := GenerateKey()
 	payload := &Payload{
 		Iss: "i", Aud: []string{"a"}, Iat: 1, Exp: 2,
-		Jti: "j", ExecAct: "e", Par: []string{},
+		Jti: "j", ExecAct: "e", Pred: []string{},
 		Ext: map[string]interface{}{"compensation_reason": "rollback", "compensation_required": false},
 	}
 	_, err := Create(payload, key, CreateOptions{KeyID: "k"})
@@ -130,12 +128,10 @@ func TestCreate_ValidationErrors(t *testing.T) {
 		name string
 		p    *Payload
 	}{
-		{"missing iss", &Payload{Iss: "", Aud: []string{"a"}, Jti: "j", ExecAct: "e", Par: []string{}, Iat: 1, Exp: 2}},
-		{"missing aud", &Payload{Iss: "i", Aud: nil, Jti: "j", ExecAct: "e", Par: []string{}, Iat: 1, Exp: 2}},
-		{"missing jti", &Payload{Iss: "i", Aud: []string{"a"}, Jti: "", ExecAct: "e", Par: []string{}, Iat: 1, Exp: 2}},
-		{"missing exec_act", &Payload{Iss: "i", Aud: []string{"a"}, Jti: "j", ExecAct: "", Par: []string{}, Iat: 1, Exp: 2}},
-		{"pol without pol_decision", &Payload{Iss: "i", Aud: []string{"a"}, Jti: "j", ExecAct: "e", Par: []string{}, Pol: "p", PolDecision: "", Iat: 1, Exp: 2}},
-		{"invalid pol_decision", &Payload{Iss: "i", Aud: []string{"a"}, Jti: "j", ExecAct: "e", Par: []string{}, Pol: "p", PolDecision: "bad", Iat: 1, Exp: 2}},
+		{"missing iss", &Payload{Iss: "", Aud: []string{"a"}, Jti: "j", ExecAct: "e", Pred: []string{}, Iat: 1, Exp: 2}},
+		{"missing aud", &Payload{Iss: "i", Aud: nil, Jti: "j", ExecAct: "e", Pred: []string{}, Iat: 1, Exp: 2}},
+		{"missing jti", &Payload{Iss: "i", Aud: []string{"a"}, Jti: "", ExecAct: "e", Pred: []string{}, Iat: 1, Exp: 2}},
+		{"missing exec_act", &Payload{Iss: "i", Aud: []string{"a"}, Jti: "j", ExecAct: "", Pred: []string{}, Iat: 1, Exp: 2}},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {