What
Roll the @sd-jwt/sd-jwt-vc pin from draft-ietf-oauth-sd-jwt-vc-15 (v0.5) to draft-16 (April 2026). Verify all canonicalization, signature, and disclosure paths in browser + Node + on-chain still produce identical bytes.
Why
The IETF OAuth WG advanced the SD-JWT VC profile to -16 in April 2026. EU Digital Identity Wallet (eIDAS 2.0) deployments are tracking -16; Compass v0.5 deliberately stays on -15 for the hackathon cycle.
Acceptance
app/package.json + enclave/package.json both pin -16.app/src/lib/verifyReceipt.ts browser-side verifier produces identical canonical bytes to the Node CLI (enclave/src/receipt.ts).- All existing receipt fixtures still verify 4/4 ✓.
docs/honest-limits.md §6 updated.
Refs
What
Roll the
@sd-jwt/sd-jwt-vcpin from draft-ietf-oauth-sd-jwt-vc-15 (v0.5) to draft-16 (April 2026). Verify all canonicalization, signature, and disclosure paths in browser + Node + on-chain still produce identical bytes.Why
The IETF OAuth WG advanced the SD-JWT VC profile to -16 in April 2026. EU Digital Identity Wallet (eIDAS 2.0) deployments are tracking -16; Compass v0.5 deliberately stays on -15 for the hackathon cycle.
Acceptance
app/package.json+enclave/package.jsonboth pin -16.app/src/lib/verifyReceipt.tsbrowser-side verifier produces identical canonical bytes to the Node CLI (enclave/src/receipt.ts).docs/honest-limits.md§6 updated.Refs
docs/honest-limits.md