You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add the interpretation-layer reject vector kind, parallel to the byte-layer
reject kind. A schema-reject vector carries canonical cbor that decodes clean,
the interpret_as artifact-type code of the field table to interpret it against,
and the reason interpretation refuses it with. Document the kind in the vectors
README and enforce its fields in check-vectors.py.
The floor field tables are pinned, so these land against the floor first.
Signed-off-by: Chris Raynor <chris@raynor.tech>
Copy file name to clipboardExpand all lines: vectors/README.md
+6-2Lines changed: 6 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,6 +14,7 @@ vectors/
14
14
content-id/ canonical bytes and their SHA-256 content address
15
15
envelope/ the signed envelope: a byte-pinned signature, and verify cases
16
16
reject/ valid CBOR that is non-canonical and must be refused on receipt
17
+
schema-reject/ canonical CBOR that decodes clean but fails interpretation against a field table
17
18
```
18
19
19
20
## File shape
@@ -42,7 +43,7 @@ A single-key object whose sole key is a registered tag escapes into the types JS
42
43
43
44
A single-key object whose key begins with `$` but is not a registered tag is an error, never a literal, so a mistyped tag fails loudly rather than encoding as a stray map. The four tags above are the registered set; more are added here as the value domain grows.
44
45
45
-
The reject vectors take none of this. They carry only `bytes` and a `reason`, since their point is a byte sequence with no valid logical value to express.
46
+
The reject vectors take none of this. They carry only `bytes` and a `reason`, since their point is a byte sequence with no valid logical value to express. The schema-reject vectors are the same kind one layer up. Their bytes decode clean, so they are canonical, but they do not match the field table their type declares, so there is no named-field value to give either. They carry the `cbor`, the `interpret_as` artifact-type code of the table to interpret them against, and the `reason` that interpretation refuses them with.
46
47
47
48
### Kinds
48
49
@@ -51,6 +52,7 @@ The reject vectors take none of this. They carry only `bytes` and a `reason`, si
51
52
-`envelope-sign`: a `seed`, the `claims_cbor` that is signed, and the expected `signature`. Ed25519 signing is deterministic (RFC 8032), so the signature bytes are reproducible across implementations and can be pinned, not merely verified.
52
53
-`envelope-verify`: a `public_key`, `claims_cbor`, a `signature`, and a `valid` verdict. The negative cases, a flipped byte or a wrong key, carry `valid: false`.
53
54
-`reject`: the offending `bytes` and a `reason`. A conformant decoder refuses them rather than re-encoding to compare (Section 7.2).
55
+
-`schema-reject`: canonical `cbor` that decodes clean, the `interpret_as` artifact-type code of the field table to interpret it against, and the `reason` interpretation refuses it with. This is the interpretation layer, not the byte layer that `reject` covers: the bytes are well-formed, and only the table they are read against rejects them. The reasons are the artifact-determined interpretation refusals of the canonical-encoding rules ("Interpretation refusals"). A conformant interpreter MUST report the named `reason`.
54
56
55
57
The signed envelope on the wire is the canonical claims, an Ed25519 signature, and a small header. The exact bytes the signature covers, including whether the header is part of the signed input, are pinned with the envelope schema. These vectors sign the canonical claims directly, as the verifiable core.
56
58
@@ -68,7 +70,9 @@ Both `murmur-rs`, the reference implementation, and `murmur-go`, the conformance
68
70
69
71
## Status
70
72
71
-
This is the first scaffold, and the byte values are real and self-checking. The Ed25519 public key matches RFC 8032 Test 1, and the reject cases follow the canonical CBOR rules of RFC 8949. The wire encoding is mandated by the spec (Section 7.1): deterministic CBOR with an owned signed envelope, versioned and algorithm-tagged. Schema-level vectors, a real grant and a real capability definition, land once those field tables are pinned.
73
+
This is the first scaffold, and the byte values are real and self-checking. The Ed25519 public key matches RFC 8032 Test 1, and the reject cases follow the canonical CBOR rules of RFC 8949. The wire encoding is mandated by the spec (Section 7.1): deterministic CBOR with an owned signed envelope, versioned and algorithm-tagged.
74
+
75
+
The floor field tables are pinned (the meta-table, the entry table, and the type-descriptor table, each a `content-id` vector), so the first schema-reject vectors land against them. They exercise the artifact-determined interpretation refusals on the floor itself: a field table whose entry keys are not dense, a type-descriptor that omits what its kind requires, an entries element of the wrong shape. The capability-relative refusals (an unresolved ref or an unknown code) are not pinned for reason-equality, because two conformant nodes may legitimately disagree on them. Schema vectors against a real grant and a real capability definition land once those field tables are pinned, alongside the positive schema vectors that carry a named-field `value`.
0 commit comments