giles
db885e15bc
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 57s
delegation.sx makes the loop's central rule concrete: check() introspects
the token first — inactive → {error, unauthenticated} (401), acl never
consulted — and only an authenticated subject's request is delegated to
acl, which returns permit/deny ({error, forbidden} = 403). 401 strictly
precedes 403. acl-on-sx (Datalog) is a different SX guest wired at the
integration layer, so the decider here is a labelled stub (permits when
Action in Scope); swap the pid and the boundary is unchanged. New
tests/delegation.sx. 185/185 — extensions backlog clear.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
26 lines
583 B
Markdown
26 lines
583 B
Markdown
# identity-on-sx Scoreboard
|
|
|
|
**Total: 185 / 185 tests passing**
|
|
|
|
| | Suite | Pass | Total |
|
|
|---|---|---|---|
|
|
| ✅ | session | 11 | 11 |
|
|
| ✅ | token | 24 | 24 |
|
|
| ✅ | registry | 9 | 9 |
|
|
| ✅ | api | 10 | 10 |
|
|
| ✅ | oauth | 17 | 17 |
|
|
| ✅ | sso | 10 | 10 |
|
|
| ✅ | membership | 17 | 17 |
|
|
| ✅ | cache | 9 | 9 |
|
|
| ✅ | audit | 11 | 11 |
|
|
| ✅ | federation | 12 | 12 |
|
|
| ✅ | expiry | 8 | 8 |
|
|
| ✅ | clients | 11 | 11 |
|
|
| ✅ | grants | 9 | 9 |
|
|
| ✅ | device | 10 | 10 |
|
|
| ✅ | facade | 9 | 9 |
|
|
| ✅ | delegation | 8 | 8 |
|
|
|
|
|
|
Generated by `lib/identity/conformance.sh`.
|