@mcp-i/core 1.1.3 → 1.2.0

package/src/__tests__/audit/proof-boundary.test.ts

@@ -0,0 +1,269 @@
+/**
+ * Proof Boundary Audit Tests
+ *
+ * Tests the proof generation → verification pipeline at exact boundary
+ * conditions: timestamp skew thresholds, nonce scoping, malformed proofs.
+ * Uses ControllableClockProvider for deterministic timestamp testing.
+ */
+
+import { describe, it, expect, beforeAll, beforeEach } from 'vitest';
+import { ProofGenerator } from '../../proof/generator.js';
+import { ProofVerifier } from '../../proof/verifier.js';
+import type { AgentIdentity } from '../../providers/base.js';
+import type { DetachedProof } from '../../types/protocol.js';
+import { extractPublicKeyFromDidKey, publicKeyToJwk } from '../../delegation/did-key-resolver.js';
+import {
+  createRealCryptoProvider,
+  createRealIdentity,
+  ControllableClockProvider,
+  RealFetchProvider,
+  MemoryNonceCacheProvider,
+} from './helpers/crypto-helpers.js';
+import { NodeCryptoProvider } from '../utils/node-crypto-provider.js';
+import type { Ed25519JWK } from '../../utils/crypto-service.js';
+
+describe('Proof Boundary Audit', () => {
+  let crypto: NodeCryptoProvider;
+  let agentA: AgentIdentity;
+  let agentB: AgentIdentity;
+  const SKEW_SECONDS = 300; // default 5 minutes
+
+  beforeAll(async () => {
+    crypto = createRealCryptoProvider();
+    agentA = await createRealIdentity(crypto);
+    agentB = await createRealIdentity(crypto);
+  });
+
+  function makeGenerator(identity: AgentIdentity): ProofGenerator {
+    return new ProofGenerator(
+      { did: identity.did, kid: identity.kid, privateKey: identity.privateKey, publicKey: identity.publicKey },
+      crypto
+    );
+  }
+
+  function makeVerifier(clock: ControllableClockProvider): {
+    verifier: ProofVerifier;
+    nonceCache: MemoryNonceCacheProvider;
+  } {
+    const nonceCache = new MemoryNonceCacheProvider();
+    const verifier = new ProofVerifier({
+      cryptoProvider: crypto,
+      clockProvider: clock,
+      nonceCacheProvider: nonceCache,
+      fetchProvider: new RealFetchProvider(),
+      timestampSkewSeconds: SKEW_SECONDS,
+    });
+    return { verifier, nonceCache };
+  }
+
+  function getPublicKeyJwk(identity: AgentIdentity): Ed25519JWK {
+    const rawPublicKey = extractPublicKeyFromDidKey(identity.did);
+    const jwk = publicKeyToJwk(rawPublicKey!);
+    jwk.kid = identity.kid;
+    return jwk as Ed25519JWK;
+  }
+
+  async function generateProof(identity: AgentIdentity): Promise<DetachedProof> {
+    const gen = makeGenerator(identity);
+    return gen.generateProof(
+      { method: 'tools/call', params: { name: 'test-tool', arguments: { input: 'hello' } } },
+      { data: { output: 'world' } },
+      {
+        sessionId: 'sess_test_boundary',
+        audience: 'did:web:test-server.example.com',
+        nonce: `nonce-${Date.now()}-${Math.random().toString(36).slice(2)}`,
+        timestamp: Math.floor(Date.now() / 1000),
+        createdAt: Math.floor(Date.now() / 1000),
+        lastActivity: Math.floor(Date.now() / 1000),
+        ttlMinutes: 30,
+        identityState: 'anonymous',
+      }
+    );
+  }
+
+  // ── Timestamp Skew Boundary Tests ─────────────────────────────
+
+  describe('timestamp skew boundaries', () => {
+    it('should accept proof at exactly the skew boundary (300s)', async () => {
+      // Generate proof first, then use its actual meta.ts to set the clock.
+      // This avoids a race where a second boundary is crossed between
+      // capturing the timestamp and generating the proof (which would
+      // cause a JWS signature mismatch).
+      const proof = await generateProof(agentA);
+      const proofTimestampMs = proof.meta.ts * 1000;
+
+      // Clock is exactly SKEW_SECONDS * 1000 ms ahead of the proof timestamp
+      const clock = new ControllableClockProvider(proofTimestampMs + SKEW_SECONDS * 1000);
+      const { verifier } = makeVerifier(clock);
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(true);
+    });
+
+    it('should reject proof 1ms beyond the skew boundary', async () => {
+      const proof = await generateProof(agentA);
+      const proofTimestampMs = proof.meta.ts * 1000;
+
+      // Clock is 1ms beyond the skew window
+      const clock = new ControllableClockProvider(proofTimestampMs + SKEW_SECONDS * 1000 + 1);
+      const { verifier } = makeVerifier(clock);
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(false);
+      expect(result.reason).toContain('skew');
+    });
+
+    it('should accept proof when verifier clock is behind by exactly the skew boundary', async () => {
+      // Generate proof with real timestamp (meta.ts ≈ now)
+      const proof = await generateProof(agentA);
+      const proofTimestampMs = proof.meta.ts * 1000;
+
+      // Set verifier clock to be exactly SKEW_SECONDS behind the proof
+      // This simulates verifying a proof from a clock-ahead agent
+      const clock = new ControllableClockProvider(proofTimestampMs - SKEW_SECONDS * 1000);
+      const { verifier } = makeVerifier(clock);
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(true);
+    });
+
+    it('should reject proof when verifier clock is behind beyond the skew boundary', async () => {
+      const proof = await generateProof(agentA);
+      const proofTimestampMs = proof.meta.ts * 1000;
+
+      // Set verifier clock 1ms further than the boundary
+      const clock = new ControllableClockProvider(proofTimestampMs - SKEW_SECONDS * 1000 - 1);
+      const { verifier } = makeVerifier(clock);
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(false);
+      expect(result.reason).toContain('skew');
+    });
+  });
+
+  // ── Nonce Scoping Tests ───────────────────────────────────────
+
+  describe('nonce scoping', () => {
+    it('should allow same nonce value from different agents (no cross-agent collision)', async () => {
+      const sharedNonce = 'shared-nonce-value-12345';
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      // Generate proofs for both agents with the same nonce
+      const genA = makeGenerator(agentA);
+      const genB = makeGenerator(agentB);
+
+      const session = {
+        sessionId: 'sess_nonce_test',
+        audience: 'did:web:server.example.com',
+        nonce: sharedNonce,
+        timestamp: Math.floor(Date.now() / 1000),
+        createdAt: Math.floor(Date.now() / 1000),
+        lastActivity: Math.floor(Date.now() / 1000),
+        ttlMinutes: 30,
+        identityState: 'anonymous' as const,
+      };
+
+      const request = { method: 'tools/call', params: { name: 'test' } };
+      const response = { data: { result: 'ok' } };
+
+      const proofA = await genA.generateProof(request, response, session);
+      const proofB = await genB.generateProof(request, response, session);
+
+      const jwkA = getPublicKeyJwk(agentA);
+      const jwkB = getPublicKeyJwk(agentB);
+
+      const resultA = await verifier.verifyProof(proofA, jwkA);
+      expect(resultA.valid).toBe(true);
+
+      // Same nonce, different agent — should also succeed
+      const resultB = await verifier.verifyProof(proofB, jwkB);
+      expect(resultB.valid).toBe(true);
+    });
+
+    it('should reject replay of same nonce from same agent', async () => {
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      const proof = await generateProof(agentA);
+      const jwk = getPublicKeyJwk(agentA);
+
+      const result1 = await verifier.verifyProof(proof, jwk);
+      expect(result1.valid).toBe(true);
+
+      // Same exact proof (same nonce, same agent) — should be rejected as replay
+      const result2 = await verifier.verifyProof(proof, jwk);
+      expect(result2.valid).toBe(false);
+      expect(result2.reason).toContain('replay');
+    });
+  });
+
+  // ── Wrong Key Tests ───────────────────────────────────────────
+
+  describe('signature verification with wrong key', () => {
+    it('should reject proof verified with wrong public key', async () => {
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      // Generate proof with agent A
+      const proof = await generateProof(agentA);
+
+      // Try to verify with agent B's public key
+      const wrongJwk = getPublicKeyJwk(agentB);
+
+      const result = await verifier.verifyProof(proof, wrongJwk);
+      expect(result.valid).toBe(false);
+    });
+  });
+
+  // ── Malformed Proof Tests ─────────────────────────────────────
+
+  describe('malformed proof rejection', () => {
+    it('should reject proof with empty nonce', async () => {
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      const proof = await generateProof(agentA);
+      proof.meta.nonce = '';
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(false);
+    });
+
+    it('should reject proof with malformed requestHash', async () => {
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      const proof = await generateProof(agentA);
+      proof.meta.requestHash = 'md5:abc123';
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(false);
+    });
+
+    it('should reject proof with ts=0', async () => {
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      const proof = await generateProof(agentA);
+      proof.meta.ts = 0;
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(false);
+    });
+  });
+});

package/src/__tests__/audit/statuslist-bitstring-roundtrip.test.ts

@@ -0,0 +1,135 @@
+/**
+ * StatusList2021 + Bitstring Round-Trip Audit Tests
+ *
+ * Tests the full lifecycle: allocate status entry → check (not revoked) →
+ * revoke → check (revoked), using real gzip compression and bitstring encoding.
+ */
+
+import { describe, it, expect, beforeEach, beforeAll } from 'vitest';
+import type { AgentIdentity } from '../../providers/base.js';
+import {
+  createRealCryptoProvider,
+  createRealIdentity,
+  createRealStatusListManager,
+  type RealStatusListSetup,
+} from './helpers/crypto-helpers.js';
+import { NodeCryptoProvider } from '../utils/node-crypto-provider.js';
+
+describe('StatusList Bitstring Round-Trip Audit', () => {
+  let crypto: NodeCryptoProvider;
+  let identity: AgentIdentity;
+  let setup: RealStatusListSetup;
+
+  beforeAll(async () => {
+    crypto = createRealCryptoProvider();
+    identity = await createRealIdentity(crypto);
+  });
+
+  beforeEach(() => {
+    setup = createRealStatusListManager(crypto, identity);
+  });
+
+  it('should allocate, check not revoked, revoke, then check revoked', async () => {
+    const statusEntry = await setup.manager.allocateStatusEntry('revocation');
+
+    // Initially not revoked
+    const beforeRevoke = await setup.manager.checkStatus(statusEntry);
+    expect(beforeRevoke).toBe(false);
+
+    // Revoke
+    await setup.manager.updateStatus(statusEntry, true);
+
+    // Now revoked
+    const afterRevoke = await setup.manager.checkStatus(statusEntry);
+    expect(afterRevoke).toBe(true);
+  });
+
+  it('should selectively revoke entries in the same status list', async () => {
+    // Allocate 5 entries
+    const entries = [];
+    for (let i = 0; i < 5; i++) {
+      entries.push(await setup.manager.allocateStatusEntry('revocation'));
+    }
+
+    // Revoke entries at index 1 and 3
+    await setup.manager.updateStatus(entries[1]!, true);
+    await setup.manager.updateStatus(entries[3]!, true);
+
+    // Check all 5
+    const statuses = await Promise.all(
+      entries.map((e) => setup.manager.checkStatus(e))
+    );
+
+    expect(statuses[0]).toBe(false);
+    expect(statuses[1]).toBe(true);
+    expect(statuses[2]).toBe(false);
+    expect(statuses[3]).toBe(true);
+    expect(statuses[4]).toBe(false);
+  });
+
+  it('should report revoked indices correctly via getRevokedIndices', async () => {
+    const entries = [];
+    for (let i = 0; i < 6; i++) {
+      entries.push(await setup.manager.allocateStatusEntry('revocation'));
+    }
+
+    // Revoke indices 0, 2, 5
+    await setup.manager.updateStatus(entries[0]!, true);
+    await setup.manager.updateStatus(entries[2]!, true);
+    await setup.manager.updateStatus(entries[5]!, true);
+
+    const statusListId = `${setup.manager.getStatusListBaseUrl()}/revocation/v1`;
+    const revoked = await setup.manager.getRevokedIndices(statusListId);
+
+    expect(revoked).toContain(0);
+    expect(revoked).toContain(2);
+    expect(revoked).toContain(5);
+    expect(revoked).not.toContain(1);
+    expect(revoked).not.toContain(3);
+    expect(revoked).not.toContain(4);
+  });
+
+  it('should re-sign the status list credential after update', async () => {
+    const entry = await setup.manager.allocateStatusEntry('revocation');
+
+    const statusListId = `${setup.manager.getStatusListBaseUrl()}/revocation/v1`;
+    const credBefore = await setup.storage.getStatusList(statusListId);
+    const proofBefore = credBefore?.proof?.proofValue;
+
+    // Revoke — triggers re-signing
+    await setup.manager.updateStatus(entry, true);
+
+    const credAfter = await setup.storage.getStatusList(statusListId);
+    const proofAfter = credAfter?.proof?.proofValue;
+
+    expect(proofBefore).toBeDefined();
+    expect(proofAfter).toBeDefined();
+    expect(proofAfter).not.toBe(proofBefore);
+  });
+
+  it('should handle bits at byte boundaries correctly (index 7 and 8)', async () => {
+    // Allocate enough entries to reach index 7 and 8
+    const entries = [];
+    for (let i = 0; i < 9; i++) {
+      entries.push(await setup.manager.allocateStatusEntry('revocation'));
+    }
+
+    // Index 7 = last bit of byte 0, Index 8 = first bit of byte 1
+    await setup.manager.updateStatus(entries[7]!, true);
+    await setup.manager.updateStatus(entries[8]!, true);
+
+    expect(await setup.manager.checkStatus(entries[6]!)).toBe(false);
+    expect(await setup.manager.checkStatus(entries[7]!)).toBe(true);
+    expect(await setup.manager.checkStatus(entries[8]!)).toBe(true);
+  });
+
+  it('should un-revoke (restore) an entry by setting status to false', async () => {
+    const entry = await setup.manager.allocateStatusEntry('revocation');
+
+    await setup.manager.updateStatus(entry, true);
+    expect(await setup.manager.checkStatus(entry)).toBe(true);
+
+    await setup.manager.updateStatus(entry, false);
+    expect(await setup.manager.checkStatus(entry)).toBe(false);
+  });
+});

package/src/__tests__/audit/vc-roundtrip.test.ts

@@ -0,0 +1,290 @@
+/**
+ * VC Round-Trip Audit Tests
+ *
+ * Tests the full lifecycle: issue a DelegationCredential with real Ed25519
+ * signing, then verify it through the 3-stage verification pipeline.
+ * No mocks on crypto, canonicalization, or signing.
+ */
+
+import { describe, it, expect, beforeAll } from 'vitest';
+import { DelegationCredentialIssuer } from '../../delegation/vc-issuer.js';
+import {
+  DelegationCredentialVerifier,
+  type DIDResolver,
+} from '../../delegation/vc-verifier.js';
+import { createDidKeyResolver } from '../../delegation/did-key-resolver.js';
+import type { AgentIdentity } from '../../providers/base.js';
+import type { DelegationRecord, DelegationCredential } from '../../types/protocol.js';
+import {
+  createRealCryptoProvider,
+  createRealIdentity,
+  createRealSigningFunction,
+  createRealSignatureVerifier,
+} from './helpers/crypto-helpers.js';
+import { NodeCryptoProvider } from '../utils/node-crypto-provider.js';
+
+describe('VC Round-Trip Audit', () => {
+  let crypto: NodeCryptoProvider;
+  let issuerIdentity: AgentIdentity;
+  let subjectIdentity: AgentIdentity;
+  let issuer: DelegationCredentialIssuer;
+  let verifier: DelegationCredentialVerifier;
+  let didResolver: DIDResolver;
+
+  beforeAll(async () => {
+    crypto = createRealCryptoProvider();
+    issuerIdentity = await createRealIdentity(crypto);
+    subjectIdentity = await createRealIdentity(crypto);
+
+    const signingFunction = createRealSigningFunction(crypto, issuerIdentity);
+    const signatureVerifier = createRealSignatureVerifier(crypto);
+    didResolver = createDidKeyResolver();
+
+    const issuerIdProvider = {
+      getDid: () => issuerIdentity.did,
+      getKeyId: () => issuerIdentity.kid,
+      getPrivateKey: () => issuerIdentity.privateKey,
+    };
+
+    issuer = new DelegationCredentialIssuer(issuerIdProvider, signingFunction);
+
+    verifier = new DelegationCredentialVerifier({
+      didResolver,
+      signatureVerifier,
+    });
+  });
+
+  function makeDelegationRecord(overrides?: Partial<DelegationRecord>): DelegationRecord {
+    return {
+      id: 'test-delegation-001',
+      issuerDid: issuerIdentity.did,
+      subjectDid: subjectIdentity.did,
+      vcId: 'urn:uuid:test-vc-001',
+      constraints: {
+        scopes: ['tools:read', 'tools:write'],
+        notBefore: Math.floor(Date.now() / 1000) - 3600,
+        notAfter: Math.floor(Date.now() / 1000) + 3600,
+      },
+      signature: '',
+      status: 'active',
+      createdAt: Date.now(),
+      ...overrides,
+    };
+  }
+
+  // ── Round-Trip Tests ──────────────────────────────────────────
+
+  it('should issue and verify a delegation credential round-trip', async () => {
+    const delegation = makeDelegationRecord();
+    const vc = await issuer.issueDelegationCredential(delegation);
+
+    const result = await verifier.verifyDelegationCredential(vc, {
+      skipStatus: true,
+      skipCache: true,
+    });
+
+    expect(result.valid).toBe(true);
+    expect(result.stage).toBe('complete');
+    expect(result.checks?.basicValid).toBe(true);
+    expect(result.checks?.signatureValid).toBe(true);
+    expect(result.reason).toBeUndefined();
+  });
+
+  it('should reject VC with tampered credentialSubject', async () => {
+    const delegation = makeDelegationRecord();
+    const vc = await issuer.issueDelegationCredential(delegation);
+
+    // Tamper with the scopes after signing
+    const tampered = structuredClone(vc);
+    tampered.credentialSubject.delegation.scopes = ['admin:*'];
+
+    const result = await verifier.verifyDelegationCredential(tampered, {
+      skipStatus: true,
+      skipCache: true,
+    });
+
+    expect(result.valid).toBe(false);
+    expect(result.checks?.signatureValid).toBe(false);
+  });
+
+  it('should reject VC with swapped issuer DID', async () => {
+    const delegation = makeDelegationRecord();
+    const vc = await issuer.issueDelegationCredential(delegation);
+
+    // Swap issuer to subject's DID — resolver will return subject's key,
+    // which won't match the issuer's signature
+    const tampered = structuredClone(vc);
+    tampered.issuer = subjectIdentity.did;
+
+    const result = await verifier.verifyDelegationCredential(tampered, {
+      skipStatus: true,
+      skipCache: true,
+    });
+
+    expect(result.valid).toBe(false);
+  });
+
+  it('should reject expired VC', async () => {
+    const delegation = makeDelegationRecord({
+      constraints: {
+        scopes: ['tools:read'],
+        notAfter: Math.floor(Date.now() / 1000) - 1, // 1 second in the past
+      },
+    });
+    const vc = await issuer.issueDelegationCredential(delegation);
+
+    const result = await verifier.verifyDelegationCredential(vc, {
+      skipStatus: true,
+      skipCache: true,
+    });
+
+    expect(result.valid).toBe(false);
+    expect(result.stage).toBe('basic');
+    expect(result.reason).toContain('expired');
+  });
+
+  it('should reject VC with revoked status field', async () => {
+    const delegation = makeDelegationRecord({ status: 'revoked' });
+    const vc = await issuer.issueDelegationCredential(delegation);
+
+    const result = await verifier.verifyDelegationCredential(vc, {
+      skipStatus: true,
+      skipCache: true,
+    });
+
+    expect(result.valid).toBe(false);
+    expect(result.stage).toBe('basic');
+    expect(result.reason).toContain('revoked');
+  });
+
+  it('should reject VC without proof field', async () => {
+    const delegation = makeDelegationRecord();
+    const vc = await issuer.issueDelegationCredential(delegation);
+
+    // Remove proof entirely
+    const noProof = { ...vc } as Record<string, unknown>;
+    delete noProof['proof'];
+
+    const result = await verifier.verifyDelegationCredential(
+      noProof as DelegationCredential,
+      { skipStatus: true, skipCache: true }
+    );
+
+    expect(result.valid).toBe(false);
+    expect(result.stage).toBe('basic');
+    expect(result.reason).toContain('proof');
+  });
+
+  it('should reject VC when DID resolver returns null', async () => {
+    const delegation = makeDelegationRecord();
+    const vc = await issuer.issueDelegationCredential(delegation);
+
+    const nullResolver: DIDResolver = {
+      resolve: async () => null,
+    };
+
+    const strictVerifier = new DelegationCredentialVerifier({
+      didResolver: nullResolver,
+      signatureVerifier: createRealSignatureVerifier(crypto),
+    });
+
+    const result = await strictVerifier.verifyDelegationCredential(vc, {
+      skipStatus: true,
+      skipCache: true,
+    });
+
+    expect(result.valid).toBe(false);
+    expect(result.reason).toContain('resolve');
+  });
+
+  // ── Caching Tests ─────────────────────────────────────────────
+
+  it('should return cached result on second verification', async () => {
+    const delegation = makeDelegationRecord();
+    const vc = await issuer.issueDelegationCredential(delegation);
+
+    const cachingVerifier = new DelegationCredentialVerifier({
+      didResolver,
+      signatureVerifier: createRealSignatureVerifier(crypto),
+      cacheTtl: 60_000,
+    });
+
+    const first = await cachingVerifier.verifyDelegationCredential(vc, {
+      skipStatus: true,
+    });
+    expect(first.valid).toBe(true);
+    expect(first.cached).toBeUndefined();
+
+    const second = await cachingVerifier.verifyDelegationCredential(vc, {
+      skipStatus: true,
+    });
+    expect(second.valid).toBe(true);
+    expect(second.cached).toBe(true);
+  });
+
+  it('should evict oldest cache entry when maxCacheSize is exceeded', async () => {
+    const cachingVerifier = new DelegationCredentialVerifier({
+      didResolver,
+      signatureVerifier: createRealSignatureVerifier(crypto),
+      cacheTtl: 60_000,
+      maxCacheSize: 2,
+    });
+
+    // Issue 3 distinct VCs
+    const vcs: DelegationCredential[] = [];
+    for (let i = 0; i < 3; i++) {
+      const delegation = makeDelegationRecord({
+        id: `cache-test-${i}`,
+        vcId: `urn:uuid:cache-test-${i}`,
+      });
+      vcs.push(await issuer.issueDelegationCredential(delegation));
+    }
+
+    // Verify all 3 — first should be evicted
+    for (const vc of vcs) {
+      await cachingVerifier.verifyDelegationCredential(vc, { skipStatus: true });
+    }
+
+    // First VC should NOT be cached (evicted)
+    const first = await cachingVerifier.verifyDelegationCredential(vcs[0]!, {
+      skipStatus: true,
+    });
+    expect(first.cached).toBeUndefined();
+
+    // Third VC should still be cached
+    const third = await cachingVerifier.verifyDelegationCredential(vcs[2]!, {
+      skipStatus: true,
+    });
+    expect(third.cached).toBe(true);
+  });
+
+  // ── Signature Integrity ───────────────────────────────────────
+
+  it('should produce different signatures for different delegations', async () => {
+    const vc1 = await issuer.issueDelegationCredential(
+      makeDelegationRecord({ id: 'del-A' })
+    );
+    const vc2 = await issuer.issueDelegationCredential(
+      makeDelegationRecord({ id: 'del-B' })
+    );
+
+    expect(vc1.proof?.proofValue).not.toBe(vc2.proof?.proofValue);
+  });
+
+  it('should produce identical canonicalization for same delegation regardless of field order', async () => {
+    const delegation = makeDelegationRecord();
+    const vc1 = await issuer.issueDelegationCredential(delegation);
+    const vc2 = await issuer.issueDelegationCredential(delegation);
+
+    // Same input should produce same unsigned VC structure
+    // (proof timestamps differ, but the unsigned portion should canonicalize the same)
+    const strip = (vc: DelegationCredential) => {
+      const copy = { ...vc } as Record<string, unknown>;
+      delete copy['proof'];
+      return copy;
+    };
+
+    const { canonicalizeJSON } = await import('../../delegation/utils.js');
+    expect(canonicalizeJSON(strip(vc1))).toBe(canonicalizeJSON(strip(vc2)));
+  });
+});