//! Generated by `trust-tasks-codegen` — do not edit by hand.
//!
//! Spec slug: `vta/webvh/dids/update`. Version: `1.0`.
#[allow(unused_imports)]
use serde::{Deserialize, Serialize};
/// Error types.
pub mod error {
/// Error from a `TryFrom` or `FromStr` implementation.
pub struct ConversionError(::std::borrow::Cow<'static, str>);
impl ::std::error::Error for ConversionError {}
impl ::std::fmt::Display for ConversionError {
fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> Result<(), ::std::fmt::Error> {
::std::fmt::Display::fmt(&self.0, f)
}
}
impl ::std::fmt::Debug for ConversionError {
fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> Result<(), ::std::fmt::Error> {
::std::fmt::Debug::fmt(&self.0, f)
}
}
impl From<&'static str> for ConversionError {
fn from(value: &'static str) -> Self {
Self(value.into())
}
}
impl From<String> for ConversionError {
fn from(value: String) -> Self {
Self(value.into())
}
}
}
///Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "title": "Ext",
/// "description": "Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.",
/// "type": "object",
/// "minProperties": 1,
/// "additionalProperties": true,
/// "propertyNames": {
/// "pattern": "^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$"
/// }
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(transparent)]
pub struct Ext(pub ::std::collections::HashMap<ExtKey, ::serde_json::Value>);
impl ::std::ops::Deref for Ext {
type Target = ::std::collections::HashMap<ExtKey, ::serde_json::Value>;
fn deref(&self) -> &::std::collections::HashMap<ExtKey, ::serde_json::Value> {
&self.0
}
}
impl ::std::convert::From<Ext> for ::std::collections::HashMap<ExtKey, ::serde_json::Value> {
fn from(value: Ext) -> Self {
value.0
}
}
impl ::std::convert::From<::std::collections::HashMap<ExtKey, ::serde_json::Value>> for Ext {
fn from(value: ::std::collections::HashMap<ExtKey, ::serde_json::Value>) -> Self {
Self(value)
}
}
///`ExtKey`
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "type": "string",
/// "pattern": "^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$"
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct ExtKey(::std::string::String);
impl ::std::ops::Deref for ExtKey {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<ExtKey> for ::std::string::String {
fn from(value: ExtKey) -> Self {
value.0
}
}
impl ::std::str::FromStr for ExtKey {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
static PATTERN: ::std::sync::LazyLock<::regress::Regex> =
::std::sync::LazyLock::new(|| {
::regress::Regex::new("^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$").unwrap()
});
if PATTERN.find(value).is_none() {
return Err("doesn't match pattern \"^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$\"".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for ExtKey {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for ExtKey {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for ExtKey {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for ExtKey {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///Ask a Verifiable Trust Agent to publish a new entry in a did:webvh log it holds the update key for. The agent decides whether to do so; the caller proposes.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "$id": "https://trusttasks.org/spec/vta/webvh/dids/update/1.0",
/// "title": "Payload",
/// "description": "Ask a Verifiable Trust Agent to publish a new entry in a did:webvh log it holds the update key for. The agent decides whether to do so; the caller proposes.",
/// "type": "object",
/// "required": [
/// "did"
/// ],
/// "properties": {
/// "did": {
/// "description": "The did:webvh being updated. The agent MUST verify it speaks for this subject.",
/// "type": "string",
/// "minLength": 1
/// },
/// "document": {
/// "description": "The new DID document. Omit to leave it unchanged. Supplying this ROTATES the DID's update key and refreshes its pre-rotation commitments, as a parallel consequence of the change — a consequence not visible anywhere in this payload, because it lives in the executing handler's semantics. A consent surface MUST therefore render effects the executor computed, and MUST NOT derive them from this document.",
/// "type": "object"
/// },
/// "expectedVersionId": {
/// "description": "Optimistic-concurrency precondition: the versionId the caller based this edit on. The agent MUST refuse the update if the DID's latest entry no longer matches. Without it a `get -> edit -> save` cycle silently overwrites a concurrent edit with a chain that is structurally valid, verifies perfectly, and is based on a stale read. Where a human approves the update the window is minutes wide, so this is a routine race rather than an exotic one. OPTIONAL because a scripted caller with no concurrent writers has nothing to protect against; not optional for anything a person looked at.",
/// "type": "string",
/// "minLength": 1
/// },
/// "ext": {
/// "$ref": "#/definitions/Ext"
/// },
/// "label": {
/// "description": "Operator-facing audit label.",
/// "type": "string"
/// },
/// "preRotationCount": {
/// "description": "Number of pre-rotation commitments to publish. Omit to keep the current count; `0` disables pre-rotation going forward.",
/// "type": "integer",
/// "minimum": 0.0
/// },
/// "ttl": {
/// "description": "New TTL in seconds. Omit to keep the current value.",
/// "type": "integer",
/// "minimum": 0.0
/// },
/// "watchers": {
/// "description": "New watcher URLs. Omit to keep the current set; an empty array removes them.",
/// "type": "array",
/// "items": {
/// "type": "string"
/// }
/// },
/// "witnesses": {
/// "description": "New witness configuration. Omit to keep the current one."
/// }
/// },
/// "additionalProperties": false
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct Payload {
///The did:webvh being updated. The agent MUST verify it speaks for this subject.
pub did: PayloadDid,
///The new DID document. Omit to leave it unchanged. Supplying this ROTATES the DID's update key and refreshes its pre-rotation commitments, as a parallel consequence of the change — a consequence not visible anywhere in this payload, because it lives in the executing handler's semantics. A consent surface MUST therefore render effects the executor computed, and MUST NOT derive them from this document.
#[serde(default, skip_serializing_if = "::serde_json::Map::is_empty")]
pub document: ::serde_json::Map<::std::string::String, ::serde_json::Value>,
///Optimistic-concurrency precondition: the versionId the caller based this edit on. The agent MUST refuse the update if the DID's latest entry no longer matches. Without it a `get -> edit -> save` cycle silently overwrites a concurrent edit with a chain that is structurally valid, verifies perfectly, and is based on a stale read. Where a human approves the update the window is minutes wide, so this is a routine race rather than an exotic one. OPTIONAL because a scripted caller with no concurrent writers has nothing to protect against; not optional for anything a person looked at.
#[serde(
rename = "expectedVersionId",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub expected_version_id: ::std::option::Option<PayloadExpectedVersionId>,
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub ext: ::std::option::Option<Ext>,
///Operator-facing audit label.
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub label: ::std::option::Option<::std::string::String>,
///Number of pre-rotation commitments to publish. Omit to keep the current count; `0` disables pre-rotation going forward.
#[serde(
rename = "preRotationCount",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub pre_rotation_count: ::std::option::Option<u64>,
///New TTL in seconds. Omit to keep the current value.
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub ttl: ::std::option::Option<u64>,
///New watcher URLs. Omit to keep the current set; an empty array removes them.
#[serde(default, skip_serializing_if = "::std::vec::Vec::is_empty")]
pub watchers: ::std::vec::Vec<::std::string::String>,
///New witness configuration. Omit to keep the current one.
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub witnesses: ::std::option::Option<::serde_json::Value>,
}
///The did:webvh being updated. The agent MUST verify it speaks for this subject.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "The did:webvh being updated. The agent MUST verify it speaks for this subject.",
/// "type": "string",
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct PayloadDid(::std::string::String);
impl ::std::ops::Deref for PayloadDid {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<PayloadDid> for ::std::string::String {
fn from(value: PayloadDid) -> Self {
value.0
}
}
impl ::std::str::FromStr for PayloadDid {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for PayloadDid {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for PayloadDid {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for PayloadDid {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for PayloadDid {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///Optimistic-concurrency precondition: the versionId the caller based this edit on. The agent MUST refuse the update if the DID's latest entry no longer matches. Without it a `get -> edit -> save` cycle silently overwrites a concurrent edit with a chain that is structurally valid, verifies perfectly, and is based on a stale read. Where a human approves the update the window is minutes wide, so this is a routine race rather than an exotic one. OPTIONAL because a scripted caller with no concurrent writers has nothing to protect against; not optional for anything a person looked at.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "Optimistic-concurrency precondition: the versionId the caller based this edit on. The agent MUST refuse the update if the DID's latest entry no longer matches. Without it a `get -> edit -> save` cycle silently overwrites a concurrent edit with a chain that is structurally valid, verifies perfectly, and is based on a stale read. Where a human approves the update the window is minutes wide, so this is a routine race rather than an exotic one. OPTIONAL because a scripted caller with no concurrent writers has nothing to protect against; not optional for anything a person looked at.",
/// "type": "string",
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct PayloadExpectedVersionId(::std::string::String);
impl ::std::ops::Deref for PayloadExpectedVersionId {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<PayloadExpectedVersionId> for ::std::string::String {
fn from(value: PayloadExpectedVersionId) -> Self {
value.0
}
}
impl ::std::str::FromStr for PayloadExpectedVersionId {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for PayloadExpectedVersionId {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for PayloadExpectedVersionId {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for PayloadExpectedVersionId {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for PayloadExpectedVersionId {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///The published entry. camelCase per the framework convention — note the counts are the state AFTER the update, including the rotation the caller did not ask for.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "title": "Response",
/// "description": "The published entry. camelCase per the framework convention — note the counts are the state AFTER the update, including the rotation the caller did not ask for.",
/// "type": "object",
/// "required": [
/// "did",
/// "newVersionId"
/// ],
/// "properties": {
/// "did": {
/// "type": "string"
/// },
/// "ext": {
/// "$ref": "#/definitions/Ext"
/// },
/// "newLogEntry": {
/// "description": "The appended log entry, as JSON text.",
/// "type": "string"
/// },
/// "newScid": {
/// "type": "string"
/// },
/// "newVersionId": {
/// "description": "versionId of the entry just appended. A caller intending a further edit SHOULD pass this back as the next request's `expectedVersionId`.",
/// "type": "string"
/// },
/// "preRotationKeyCount": {
/// "description": "Pre-rotation commitments published by this entry.",
/// "type": "integer",
/// "minimum": 0.0
/// },
/// "serverless": {
/// "description": "True when the agent holds the log itself and no hosting server was published to — the operator must fetch and redeploy `did.jsonl`.",
/// "type": "boolean"
/// },
/// "updateKeysCount": {
/// "description": "Update keys authorized AFTER this entry. Where `document` was supplied these are new keys — the previous ones no longer authorize anything.",
/// "type": "integer",
/// "minimum": 0.0
/// }
/// },
/// "additionalProperties": false,
/// "$anchor": "response"
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct Response {
pub did: ::std::string::String,
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub ext: ::std::option::Option<Ext>,
///The appended log entry, as JSON text.
#[serde(
rename = "newLogEntry",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub new_log_entry: ::std::option::Option<::std::string::String>,
#[serde(
rename = "newScid",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub new_scid: ::std::option::Option<::std::string::String>,
///versionId of the entry just appended. A caller intending a further edit SHOULD pass this back as the next request's `expectedVersionId`.
#[serde(rename = "newVersionId")]
pub new_version_id: ::std::string::String,
///Pre-rotation commitments published by this entry.
#[serde(
rename = "preRotationKeyCount",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub pre_rotation_key_count: ::std::option::Option<u64>,
///True when the agent holds the log itself and no hosting server was published to — the operator must fetch and redeploy `did.jsonl`.
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub serverless: ::std::option::Option<bool>,
///Update keys authorized AFTER this entry. Where `document` was supplied these are new keys — the previous ones no longer authorize anything.
#[serde(
rename = "updateKeysCount",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub update_keys_count: ::std::option::Option<u64>,
}
impl crate::Payload for Payload {
const TYPE_URI: &'static str = "https://trusttasks.org/spec/vta/webvh/dids/update/1.0";
const IS_PROOF_REQUIRED: bool = true;
const IS_RECIPIENT_REQUIRED: bool = true;
}
impl crate::Payload for Response {
const TYPE_URI: &'static str = "https://trusttasks.org/spec/vta/webvh/dids/update/1.0#response";
const IS_PROOF_REQUIRED: bool = true;
const IS_RECIPIENT_REQUIRED: bool = true;
}
#[cfg(feature = "validate")]
impl crate::validate::ValidatedPayload for Payload {
const SCHEMA_JSON: &'static str = "{\n \"$defs\": {\n \"Ext\": {\n \"additionalProperties\": true,\n \"description\": \"Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.\",\n \"minProperties\": 1,\n \"propertyNames\": {\n \"pattern\": \"^[a-z][a-z0-9-]*(\\\\.[a-z0-9-]+)+$\"\n },\n \"title\": \"Ext\",\n \"type\": \"object\"\n },\n \"Response\": {\n \"$anchor\": \"response\",\n \"additionalProperties\": false,\n \"description\": \"The published entry. camelCase per the framework convention — note the counts are the state AFTER the update, including the rotation the caller did not ask for.\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"ext\": {\n \"$ref\": \"#/$defs/Ext\"\n },\n \"newLogEntry\": {\n \"description\": \"The appended log entry, as JSON text.\",\n \"type\": \"string\"\n },\n \"newScid\": {\n \"type\": \"string\"\n },\n \"newVersionId\": {\n \"description\": \"versionId of the entry just appended. A caller intending a further edit SHOULD pass this back as the next request's `expectedVersionId`.\",\n \"type\": \"string\"\n },\n \"preRotationKeyCount\": {\n \"description\": \"Pre-rotation commitments published by this entry.\",\n \"minimum\": 0,\n \"type\": \"integer\"\n },\n \"serverless\": {\n \"description\": \"True when the agent holds the log itself and no hosting server was published to — the operator must fetch and redeploy `did.jsonl`.\",\n \"type\": \"boolean\"\n },\n \"updateKeysCount\": {\n \"description\": \"Update keys authorized AFTER this entry. Where `document` was supplied these are new keys — the previous ones no longer authorize anything.\",\n \"minimum\": 0,\n \"type\": \"integer\"\n }\n },\n \"required\": [\n \"did\",\n \"newVersionId\"\n ],\n \"title\": \"WebVH DID Update — response payload\",\n \"type\": \"object\"\n }\n },\n \"$id\": \"https://trusttasks.org/spec/vta/webvh/dids/update/1.0\",\n \"$schema\": \"https://json-schema.org/draft/2020-12/schema\",\n \"additionalProperties\": false,\n \"description\": \"Ask a Verifiable Trust Agent to publish a new entry in a did:webvh log it holds the update key for. The agent decides whether to do so; the caller proposes.\",\n \"properties\": {\n \"did\": {\n \"description\": \"The did:webvh being updated. The agent MUST verify it speaks for this subject.\",\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"document\": {\n \"description\": \"The new DID document. Omit to leave it unchanged. Supplying this ROTATES the DID's update key and refreshes its pre-rotation commitments, as a parallel consequence of the change — a consequence not visible anywhere in this payload, because it lives in the executing handler's semantics. A consent surface MUST therefore render effects the executor computed, and MUST NOT derive them from this document.\",\n \"type\": \"object\"\n },\n \"expectedVersionId\": {\n \"description\": \"Optimistic-concurrency precondition: the versionId the caller based this edit on. The agent MUST refuse the update if the DID's latest entry no longer matches. Without it a `get -> edit -> save` cycle silently overwrites a concurrent edit with a chain that is structurally valid, verifies perfectly, and is based on a stale read. Where a human approves the update the window is minutes wide, so this is a routine race rather than an exotic one. OPTIONAL because a scripted caller with no concurrent writers has nothing to protect against; not optional for anything a person looked at.\",\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"ext\": {\n \"$ref\": \"#/$defs/Ext\"\n },\n \"label\": {\n \"description\": \"Operator-facing audit label.\",\n \"type\": \"string\"\n },\n \"preRotationCount\": {\n \"description\": \"Number of pre-rotation commitments to publish. Omit to keep the current count; `0` disables pre-rotation going forward.\",\n \"minimum\": 0,\n \"type\": \"integer\"\n },\n \"ttl\": {\n \"description\": \"New TTL in seconds. Omit to keep the current value.\",\n \"minimum\": 0,\n \"type\": \"integer\"\n },\n \"watchers\": {\n \"description\": \"New watcher URLs. Omit to keep the current set; an empty array removes them.\",\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"witnesses\": {\n \"description\": \"New witness configuration. Omit to keep the current one.\"\n }\n },\n \"required\": [\n \"did\"\n ],\n \"title\": \"WebVH DID Update — payload\",\n \"type\": \"object\"\n}\n";
}
#[cfg(test)]
mod conformance {
//! Round-trip tests harvested from the spec's `spec.md`,
//! plus a `rejects_invalid_examples` test for any fixtures
//! in `payload.invalid-examples.json` (validate feature).
#[test]
fn request_example_1() {
const JSON: &str = "{\n \"id\": \"urn:uuid:2f7c1a90-4b6e-4d21-9a55-1c3e8b7d0f42\",\n \"type\": \"https://trusttasks.org/spec/vta/webvh/dids/update/1.0\",\n \"issuer\": \"did:key:z6MkCallerExample\",\n \"recipient\": \"did:key:z6MkAgentExample\",\n \"issuedAt\": \"2026-07-14T10:12:00Z\",\n \"payload\": {\n \"did\": \"did:webvh:QmSCIDExample:example.com:acme\",\n \"document\": {\n \"@context\": [\"https://www.w3.org/ns/did/v1\"],\n \"id\": \"did:webvh:QmSCIDExample:example.com:acme\",\n \"service\": [\n {\n \"id\": \"#files\",\n \"type\": \"FileStore\",\n \"serviceEndpoint\": \"https://files.example.com/acme\"\n }\n ]\n },\n \"expectedVersionId\": \"3-QmPriorEntryHashExample\",\n \"label\": \"add file store\"\n },\n \"proof\": {\n \"type\": \"DataIntegrityProof\",\n \"cryptosuite\": \"eddsa-jcs-2022\",\n \"created\": \"2026-07-14T10:12:00Z\",\n \"verificationMethod\": \"did:key:z6MkCallerExample#z6MkCallerExample\",\n \"proofPurpose\": \"assertionMethod\",\n \"proofValue\": \"z4Xq7WExampleProofValueForWebvhUpdateRequest\"\n }\n}\n";
let doc: crate::TrustTask<super::Payload> =
serde_json::from_str(JSON).expect("deserialize request example");
let rendered = serde_json::to_value(&doc).expect("re-serialize");
let expected: serde_json::Value = serde_json::from_str(JSON).expect("re-parse expected");
assert_eq!(rendered, expected, "request example failed round-trip");
}
#[test]
fn response_example_1() {
const JSON: &str = "{\n \"id\": \"urn:uuid:8d1b6e34-7f92-4c05-b3a1-6e0d29c4f8b7\",\n \"type\": \"https://trusttasks.org/spec/vta/webvh/dids/update/1.0#response\",\n \"issuer\": \"did:key:z6MkAgentExample\",\n \"recipient\": \"did:key:z6MkCallerExample\",\n \"issuedAt\": \"2026-07-14T10:12:04Z\",\n \"payload\": {\n \"did\": \"did:webvh:QmSCIDExample:example.com:acme\",\n \"newVersionId\": \"4-QmNewEntryHashExample\",\n \"updateKeysCount\": 1,\n \"preRotationKeyCount\": 2\n },\n \"proof\": {\n \"type\": \"DataIntegrityProof\",\n \"cryptosuite\": \"eddsa-jcs-2022\",\n \"created\": \"2026-07-14T10:12:04Z\",\n \"verificationMethod\": \"did:key:z6MkAgentExample#z6MkAgentExample\",\n \"proofPurpose\": \"assertionMethod\",\n \"proofValue\": \"z9LmTpExampleProofValueForWebvhUpdateResponse\"\n }\n}\n";
let doc: crate::TrustTask<super::Response> =
serde_json::from_str(JSON).expect("deserialize response example");
let rendered = serde_json::to_value(&doc).expect("re-serialize");
let expected: serde_json::Value = serde_json::from_str(JSON).expect("re-parse expected");
assert_eq!(rendered, expected, "response example failed round-trip");
}
/// Each fixture in `payload.invalid-examples.json` MUST be
/// rejected by at least one of: serde deserialization, or
/// JSON-Schema validation under the `validate` feature. The
/// fixture file documents the producer-side bug class that
/// each payload exemplifies; this generated test pins it.
#[cfg(feature = "validate")]
#[test]
fn rejects_invalid_examples() {
use crate::validate::ValidatedPayload;
let fixtures: &[(&str, &str)] = &[
(
"Missing the subject. Without `did` there is nothing to update.",
"{\n \"document\": {\n \"id\": \"did:webvh:QmSCIDExample:example.com:acme\"\n }\n}",
),
(
"The concurrency precondition in the wrong case. THIS is the one that matters: an implementation that silently ignores it publishes with no lost-update protection at all, while the caller's own source reads as though the danger were handled. A closed schema rejects it; a permissive one drops it without a word.",
"{\n \"did\": \"did:webvh:QmSCIDExample:example.com:acme\",\n \"expected_version_id\": \"3-QmPriorEntryHashExample\"\n}",
),
(
"An unrecognised member. Not harmless — a payload member the consumer ignores is a member the caller believes it sent.",
"{\n \"did\": \"did:webvh:QmSCIDExample:example.com:acme\",\n \"skipApproval\": true\n}",
),
(
"preRotationCount must be a non-negative integer.",
"{\n \"did\": \"did:webvh:QmSCIDExample:example.com:acme\",\n \"preRotationCount\": -1\n}",
),
(
"watchers must be strings.",
"{\n \"did\": \"did:webvh:QmSCIDExample:example.com:acme\",\n \"watchers\": [\n {\n \"url\": \"https://watcher.example.com\"\n }\n ]\n}",
),
(
"An empty expectedVersionId is not a version; it is a caller that meant to pin and did not.",
"{\n \"did\": \"did:webvh:QmSCIDExample:example.com:acme\",\n \"expectedVersionId\": \"\"\n}",
),
(
"The document must be an object.",
"{\n \"did\": \"did:webvh:QmSCIDExample:example.com:acme\",\n \"document\": \"did:webvh:QmSCIDExample:example.com:acme\"\n}",
),
];
for (i, (note, raw)) in fixtures.iter().enumerate() {
let value: serde_json::Value = match serde_json::from_str(raw) {
Ok(v) => v,
Err(_) => continue,
};
let serde_ok = serde_json::from_value::<super::Payload>(value.clone()).is_ok();
let schema_ok = super::Payload::validate_value(&value).is_ok();
assert!(
!(serde_ok && schema_ok),
"invalid-example #{} ({:?}) was accepted by both serde and JSON Schema; \
the fixture's stated failure class is no longer caught:\n{}",
i + 1,
note,
raw
);
}
}
}