Context
Three integration tests in auths-auth-server are disabled (commented out in tests/cases/mod.rs) because they assert the pre-refactor model where capabilities lived on the attestation chain (Attestation.role/.capabilities, verify_chain_with_capability, ed25519_pubkey_to_did_key, DeviceDID, WitnessReceipt). That model was removed when the crate was realigned in #317. The test files remain on disk.
Disabled:
tests/cases/air_gapped.rs
tests/cases/client_registration.rs
tests/cases/robustness.rs
Task
Rewrite them against the current attestation/verifier APIs (and the restored capability check — see the capability-gate issue). Per meta_prompt §V, keep the adversarial paths: forged signature rejected, wrong/absent capability rejected, replay rejected.
Acceptance
- The three modules are re-enabled in
tests/cases/mod.rs and pass.
helpers.rs::create_test_keypair drops its #[allow(dead_code)] once used again.
Context
Three integration tests in
auths-auth-serverare disabled (commented out intests/cases/mod.rs) because they assert the pre-refactor model where capabilities lived on the attestation chain (Attestation.role/.capabilities,verify_chain_with_capability,ed25519_pubkey_to_did_key,DeviceDID,WitnessReceipt). That model was removed when the crate was realigned in #317. The test files remain on disk.Disabled:
tests/cases/air_gapped.rstests/cases/client_registration.rstests/cases/robustness.rsTask
Rewrite them against the current attestation/verifier APIs (and the restored capability check — see the capability-gate issue). Per meta_prompt §V, keep the adversarial paths: forged signature rejected, wrong/absent capability rejected, replay rejected.
Acceptance
tests/cases/mod.rsand pass.helpers.rs::create_test_keypairdrops its#[allow(dead_code)]once used again.