Skip to content

test: add delegation action evidence conformance#37

Open
carloshvp wants to merge 1 commit into
agentrust-io:mainfrom
carloshvp:delegation-action-evidence-fixtures
Open

test: add delegation action evidence conformance#37
carloshvp wants to merge 1 commit into
agentrust-io:mainfrom
carloshvp:delegation-action-evidence-fixtures

Conversation

@carloshvp

Copy link
Copy Markdown
Member

Summary

Refs #36.

Adds a new conformance group for delegation-linked action evidence, covering the boundary between provenance validity, authorization validity, and valid negative outcomes for embodied/action-style workflows.

What changed

  • Documented ACTION-001 through ACTION-007 in the conformance suite README.
  • Added runnable conformance checks for:
    • valid delegated action evidence bound to a parent-linked provenance record;
    • parent TRACE/provenance hash mismatch;
    • missing parent record for a delegated child action;
    • action evidence naming an unknown leaf credential id;
    • action outside delegated scope;
    • local policy denial with valid delegation evidence;
    • valid controller rejection as a negative outcome rather than malformed evidence.
  • Routed the action-evidence helper through the public ca2a_verify.verify_delegation_chain wrapper before DAG and policy checks.

Validation

  • .venv/bin/ruff check src/ tests/
  • .venv/bin/mypy src/ca2a_runtime/ src/ca2a_verify/
  • .venv/bin/bandit -r src/ -c pyproject.toml
  • .venv/bin/pytest tests/conformance/ -v
  • .venv/bin/pytest tests/unit/ -v
  • git diff --check

Signed-off-by: Carlos Hernandez-Vaquero <carloshvp@gmail.com>
@carloshvp carloshvp marked this pull request as ready for review July 4, 2026 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant