Release 1.2.1 is a patch to fix a couple of issues introduced in Release 1.2.0 that prevent the startup of multi-tenant/single database instances of ACA-Py. The release includes the fixes, plus a new test for testing ACA-Py upgrades -- a new test type introduced in Release 1.2.0. Given that there are no breaking changes in this release, we'll move the 1.2.lts branch to be based on this release.
Enhancements in Release 1.2.1 are the addition of support for the Linked Data proof cryptosuite EcdsaSecp256r1Signature2019
, and support for P256 keys generally and in did:key
form.
The same deprecation notices from the 1.1.0 release about AIP 1.0 protocols still apply. The protocols remain in the 1.2.1 release, but will be moved out of the core and into plugins soon. Please review these notifications carefully!
There are no breaking changes in this release, just fixes, new tests and minor updates.
-
Linked Data Proof and Key Type Additions
-
Startup, Wallet Keys, and Upgrade Fixes
- Check admin wallet anoncreds upgrade on startup #3458 jamshale
- Add Multi-tenancy single wallet upgrade test #3457 jamshale
- Pass the correct key for multitenant single wallets #3450 jamshale
- Prevent dummy profiles on start up #3449 jamshale
- Fixed handling of base wallet routes in auth decorator #3448 esune
-
DID Registration and Resolution
-
Test Suite Updates and Artifact Publishing
-
Internal Improvements / Cleanups / Tech Debt Updates
-
Consolidate Dependabot updates and other library/dependency updates
-
Release management pull requests:
-
Dependabot PRs
!!! warning "Multi-tenant, Single Database Deployments"
A bug in Release 1.2.0 prevents using the release with existing multi-tenant, single wallet deployments. Those requiring such support **MUST** skip Release 1.2.0 and move to [Release 1.2.1](https://github.com/openwallet-foundation/acapy/releases/tag/1.2.1) or higher.
Release 1.2.0 is a minor update to ACA-Py that contains an update to the AnonCreds implementation to make it easier to deploy on other than Hyperledger Indy, and a lengthy list of adjustments, improvements and fixes, with a focus on removing technical debt. In addition to the AnonCreds updates, the most visible change is the removal of the "in-memory wallet" implementation in favour of using the SQLite in-memory wallet (sqlite://:memory:
), including removing the logic for handling that extra wallet type. In removing the in-memory wallet, all of the unit and integration tests that used the in-memory wallet have been updated to use SQLite's in-memory wallet.
Release 1.2.x is the new current Long Term Support (LTS) for ACA-Py, as defined in the LTS Strategy document. With this release, the "end of life" for the previous "current LTS release" -- 0.12 -- is set for October 2025.
The first step to full support of did:webvh ("did:web
+ Verifiable History"-- formerly did:tdw
) has been added to ACA-Py -- a resolver. We're working on improving the new DID Registration mechanism for it, Cheqd and other DID Methods, enabling ACA-Py to be used easily with a variety of DID Methods.
The move to the OpenWallet Foundation is now complete. If you haven't done so already, please update your ACA-Py deployment to use:
- the ACA-Py OWF repository,
- the new acapy-agent in PyPi, and
- the container images for ACA-Py hosted by the OpenWallet Foundation GitHub organization within the GitHub Container Repository (GHCR).
A significant testing capability was added in this release -- the ability to run an integration test that includes an ACA-Py upgrade in the middle. This allows us to test, for example starting an agent on one release, doing an upgrade (possibly including running a migration script), and then completing the test on the upgraded release. This is enable by adding a capability to restart Docker containers in the middle of tests. Nice work, @ianco!
The same deprecation notices from the 1.1.0 release about AIP 1.0 protocols still apply. The protocols remain in the 1.2.0 release, but will be moved out of the core and into plugins soon. Please review these notifications carefully!
The removal of the "in-memory" wallet implementation might be break some test scripts. Rather than using the in-memory wallet, tests should be updated to use SQLite's special sqlite://:memory:
database instead. This results in a better alignment between the Askar storage configuration in test environments and what is used in production.
A fix for a multi-tenancy bug in the holding of VC-LD credentials that resulted in the storing of such credentials in the base wallet versus the intended tenant wallet in included in this release. As part of that fix, PR #3391 impacts those using the GET /vc/credentials endpoint; the response is now an object with a single results attribute where it was previously a flat list.
-
AnonCreds VC Issuance and Presentation Enhancement / Fixes
- Fix indy fallback format in presentation from holder #3413 jamshale
- Anoncreds post api object handling #3411 jamshale
- fix: Anoncreds schemas and validation #3397 DaevMithran
- Update accumulator value in wallet on repair #3299 jamshale
- Repair release bdd tests #3376 jamshale
- Update anoncreds format names #3374 jamshale
- Anoncreds create credential #3369 jamshale
- Fix tails upload for anoncreds multitenancy #3346 jamshale
- Fix subwallet anoncreds upgrade check #3345 jamshale
- Add anoncreds issuance and presentation format #3331 jamshale
- Fix endorsement setup with existing connection #3309 jamshale
-
Middleware Handling and Multi-tenancy
- BREAKING: VCHolder multitenant binding #3391 jamshale
- Restore
--base-wallet-routes
flag functionality #3344 esune - ✅ Re-add ready_middleware unit tests #3330 ff137
- ✨ Handle NotFound and UnprocessableEntity errors in middleware #3327 ff137
- 🎨 Refactor Multitenant Manager errors and exception handling #3323 ff137
- Don't pass rekey to sub_wallet_profile #3312 jamshale
-
DID Registration and Resolution
-
DIDComm Updates and Enhancements
-
Test Suite Updates and Artifact Publishing
- Scenario test with anoncreds wallet upgrade and restart #3410 ianco
- Add legacy pypi token #3408 jamshale
- Aca-Py test scenario including a container restart (with aca-py version upgrade) #3400 ianco
- Adjust coverage location for sonarcloud #3399 jamshale
- Remove sonar cov report move step #3398 jamshale
- Update Sonarcloud to new action #3390 ryjones
- Switch to COPY commands in dockerfiles #3389 jamshale
- Fix sonar coverage on merge main #3388 jamshale
- Add test wallet config option #3355 jamshale
- 🎨 Fix current test warnings #3338 ff137
- 👷 Fix Nightly Publish to not run on forks #3333 ff137
-
Internal Improvements / Cleanups / Tech Debt Updates
- Fix devcontainer poetry install #3428 jamshale
- Pin poetry to 1.8.3 in dockerfiles #3427 jamshale
- Adds the OpenSSF to the readme #3412 swcurran
- The latest tag doesn't exist in git, just github #3392 ryjones
- 🎨 Fix model name for consistency #3382 ff137
- Fix for demo initial cred_type override #3378 ianco
- ⚡ Add class caching to DeferLoad #3361 [ff137](https://github.com/ff137
- 🎨 Sync Ruff version in configs and apply formatting #3358 ff137
- 🎨 Replace deprecated ABC decorators #3357 ff137
- 🎨 Refactor the logging module monolith #3319 ff137
- 🔧 set default fixture scope for pytest-asyncio #3318 ff137
- Docs (devcontainer) Change folder names #3317 loneil
- 🎨 Refactor string concatenation in model descriptions #3313 ff137
- Remove in memory wallet #3311 jamshale
-
Consolidate Dependabot updates and other library/dependency updates
-
Release management pull requests:
-
Dependabot PRs
ACA-Py Release 1.1.1 was a release candidate for 1.2.0. A mistake in the release PR meant the 1.1.1rc0 was tagged published to PyPi as Release 1.1.1. Since that was not intended to be a final release, the release changelog for 1.2.0 includes the Pull Requests that would have been in 1.1.1.
A patch release to add address a bug found in the Linked Data Verifiable Credential handling for multi-tenant holders. The bug was fixed in the main branch, PR 3391 - BREAKING: VCHolder multitenant binding, and with this release is backported to 0.12 Long Term Support branch. Prior to this release, holder credentials received into a tenant wallet were actually received into the multi-tenant admin wallet.
There are no breaking changes in this release.
- Multitenant LD-VC Holders
- Patch PR 3391 - 0.12.lts #3396
- Release management pull requests
Release 1.1.0 is the first release of ACA-Py from the OpenWallet Foundation (OWF). The only reason for the release is to test out all of the release publishing actions now that we have moved the repo to its new home (https://github.com/openwallet-foundation/acapy). Almost all of the changes in the release are related to the move.
The move triggered some big changes for those with existing ACA-Py deployments resulting from the change in the GitHub organization (from Hyperledger to OWF) and source code name (from aries_cloudagent
to acapy_agent
). See the Release 1.1.0 breaking changes for the details.
For up to date details on what the repo move means for ACA-Py users, including steps for updating deployments, please follow the updates in GitHub Issue #3250. We'll keep you informed about the approach, timeline, and progress of the move. Stay tuned!
The same deprecation notices from the 1.0.1 release about AIP 1.0 protocols still apply. The protocols remain in the 1.1.0 release, but will be moved out of the core and into plugins soon. Please review these notifications carefully!
The only (but significant) breaking changes in 1.1.0 are related to the GitHub organization and project name changes. Specific impacts are:
- the renaming of the source code folder from
aries_cloudagent
toacapy_agent
, - the publication of the PyPi project under the new
acapy_agent
name, and - the use of the OWF organizational GitHub Container Registry (GHCR) and
acapy_agent
as the name for release container image artifacts.- The patterns for the image tags remain the same as before. So, for example, the new nightly artifact can be found here:
docker pull ghcr.io/openwallet-foundation/acapy-agent:py3.12-nightly
.
- The patterns for the image tags remain the same as before. So, for example, the new nightly artifact can be found here:
Anyone deploying ACA-Py should use this release to update their existing deployments. Since there are no other changes to ACA-Py, any issues found should relate back to those changes.
- Deployments referencing the PyPi project (including those in custom plugins) MUST update their deployments to use the new name.
- Deployments sourcing the ACA-Py published container image artifacts to GHCR must update their deployments to use the new URLs.
Please note that if and when the current LTS releases (0.11 and 0.12) have new releases, they will continue to use the aries_cloudagent
source folder, the existing locations for the PyPi and GHCR container image artifacts.
-
Updates related to the move and rename of the repository from the Hyperledger to OpenWallet Foundation GitHub organization
- Change pypi upload workflow to use pypa/gh-action-pypi-publish #3291 jamshale
- Update interop fork location after AATH update #3282 jamshale
- Fix interop test fork location replacement #3280 jamshale
- Update MDs and release publishing files to reflect the repo move to OWF #3270 swcurran
- General repo updates post OWF move. #3267 jamshale
-
Release management pull requests:
-
Dependabot PRs
Release 1.0.1 will be the last release of ACA-Py from the Hyperledger organization before the repository moves to the OpenWallet Foundation (OWF). Soon after this release, the ACA-Py project and this repository will move to the OWF's GitHub organization as the new "acapy" project.
For details on what this means for ACA-Py users, including steps for updating deployments, please follow the updates in GitHub Issue #3250. We'll keep you informed about the approach, timeline, and progress of the move. Stay tuned!
The 1.0.1 release contains mostly internal clean ups, technical debt elimination, and a revision to the integration testing approach, incorporating the Aries Agent Test Harness tests in the ACA-Py continuous integration testing process. There are substantial enhancements in the management of keys and their use with VC-DI proofs, and web-based DID methods like did:web
. See the Wallet and Key Handling
updates in the categorized PR list below.
There are several important deprecation notices in this release in preparation for the next ACA-Py release. Please review these notifications carefully!
In an attempt to shorten the categorized list of PRs in the release, rather than listing all of the dependabot
PRs in the release, we've included a link to a list of those PRs.
- ACA-Py will soon be moved from the Hyperledger GitHub organization to that of the OpenWallet Foundation. As such, there will be changes in the names and locations of the artifacts produced -- the PyPi project and the container images in the GitHub Container Registry. We will retain the ability to publish LTS releases of ACA-Py for the current LTS versions (0.11, 0.12) in the current locations. For details, guidance, timing, and progress on the move, please monitor the description of GitHub Issue #3250 that will be maintained throughout the process.
- In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0160 Connections, [RFC 0037 Issue Credentials v1.0] and [RFC 0037 Present Proof v1.0] DIDComm protocols. Each of the protocols will be moved to the [ACA-Py Plugins] repo. All deployers that use those protocols SHOULD update to the AIP 2.0 versions of those protocols (RFC 0434 Out of Band+RFC 0023 DID Exchange, RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.
There are no breaking changes in ACA-Py Release 1.0.1.
-
Wallet and Key Handling Updates
- Data integrity routes #3261 PatStLouis
- [BUG] Handle get key operation when no tag has been set #3256 PatStLouis
- Feature multikey management #3246 PatStLouis
- chore: delete unused keypair storage manager #3245 dbluhm
-
Credential Exchange Updates
-
OpenAPI Updates
-
Documentation and GHA Test Updates
- Prevent integration tests on forks #3276 jamshale
- :memo Fix typos in PUBLISHING.md #3274 claudiotorrens
- Fix scenario tests #3231 jamshale
- Only run integration tests on correct file changes #3230 jamshale
- Update docs for outstanding anoncreds work #3229 jamshale
- Only change interop testing fork on pull requests #3218 jamshale
- Remove the RC from the versions table #3213 swcurran
- Document the documentation site generation process #3212 swcurran
- Remove 1.0.0rc6 documentation from gh-pages #3211 swcurran - Adjust nightly and release workflows #3210 jamshale
- Change interop tests to critical on PRs #3209 jamshale
- Change integration testing #3194 jamshale
-
Dependencies and Internal Fixes/Updates:
- Adjust sonarcloud and integration test workflows #3259 jamshale
- fix: enable refreshing did endpoint using mediator info #3260 dbluhm
- Removing padding from url invitations #3238 jamshale
- Ensure that DAP_PORT is always an int #3241 Gavinok
- Fix logic to send verbose webhooks #3193 ianco
- fixes #3186: handler_timed_file_handler #3187 rngadam
- issue #3182: replace deprecated ptvsd debugger by debugpy #3183 rngadam
- 👷Publish
aries-cloudagent-bbs
Docker image #3175 rblaine95 - [ POST v1.0.0 ] Adjust message queue error handling #3170 jamshale
-
Release management pull requests:
-
Dependabot PRs
Release 1.0.0 is finally here! While Aries Cloud Agent Python has been used in production for several years, the maintainers have decided it is finally time to put a "1.0" tag on the project. The 1.0.0 release itself includes well over 100 PRs merged since Release 0.12.1. The vast majority of that work was in hardening the product in preparation for this 1.0.0 release. While there are a number of new features and a new Long Term Support (LTS) policy, the majority of the focus has been on eliminating technical debt and improving the underlying implementation. The full list of PRs in this release can be found below. here are the highlights of the release:
- A formal ACA-Py Long Term Support (LTS) policy has been documented and is being followed.
- The default underlying Python version has been upgraded to 3.12. Happily, there were minimal code changes to enable the upgrade to 3.12 from the previous Python 3.9.
- A new ACA-Py Plugins Store at https://plugins.aca-py.org. Check out the plugins that have been published by ACA-Py contributors, and learn how to add your own plugins!
- We've improved the developer experience by enabling support in ACA-Py artifacts for the ARM Architecture (and notably, Mac M1 and later systems). To do so, we have removed default support for BBS Signatures. BBS Signatures are still supported in the codebase, and guidance is provided for how to enable the support in artifacts (Docker images, etc.) for those needing it. We look forward to updating the BBS support in ACA-Py based on libraries that include multi-architecture support.
- Pagination support has been added to a number of Admin API queries for object lists, enabling the development of better user interfaces for large deployments.
- Cleanup in the ACA-Py AnonCreds Revocation Registry handling to prevent errors that were found occurring under certain specific conditions.
- Upgraded pull request and release pipeline, including:
- Enabling a much more aggressive approach to dependabot notifications, beyond just those for security vulnerabilities. Along with those upgrades, we've moved to newer/better build pipeline tooling, such as switching from Black to Ruff, and re-enable per pull request code coverage notifications.
- Many of the PRs in this release are related to dependency updates from dependabot or applied directly.
- A switch to more used tooling, such as a switch from black to ruff.
- Improvements in coverage monitoring of pull requests.
- Enabling a much more aggressive approach to dependabot notifications, beyond just those for security vulnerabilities. Along with those upgrades, we've moved to newer/better build pipeline tooling, such as switching from Black to Ruff, and re-enable per pull request code coverage notifications.
- The start of a DIDComm v2 implementation in ACA-Py. The work is not complete, as we are taking an incremental approach to adding DIDComm v2 support.
- A decorator has been added for enabling direct support for Admin API authentication. Previously, the only option to enable (the necessary) Admin API was to put the API behind a proxy that could manage authentication. With this update, ACA-Py deployments can handle authentication directly, without a proxy.
- We have dropped support for the old, archived Indy SDK. If you have not migrated your deployment off of the Indy SDK, you must do so now. See this Indy SDK to Askar migration documentation for guidance.
- Support added for using AnonCreds in W3C VCDM format.
With the focus of the pull requests for this release on stabilizing the implementation, there were a few breaking changes:
- The default underlying Python version has been upgraded to 3.12.
- ACA-Py has supported BBS Signatures for some time. However, the dependency that is used (
bbs
) does not support the ARM architecture, and its inclusion in the default ACA-Py artifacts mean that developers using ARM-based hardware (such as Apple M1 Macs or later) cannot run ACA-Py "out-of-the-box". We feel that providing a better developer experience by supporting the ARM architecture is more important than BBS Signature support at this time. As such, we have removed the BBS dependency from the base ACA-Py artifacts and made it an add-on that those using ACA-Py with BBS must take extra steps to build into their own artifacts, as documented here. - Support for the Indy SDK has been dropped. It had been previously deprecated. See this Indy SDK to Askar migration documentation for guidance. Hyperledger Indy is still fully supported - it's just the Indy SDK client-side library that has been removed.
- The webhook sent after receipt of presentation by a verifier has been updated to include all of the information needed by the verifier so that the controller does not have to call the "Verify Presentation" endpoint. The issue with calling that endpoint after the presentation has been received is that there is a race condition between the controller and the ACA-Py cleanup process deleting completed Present Proof protocol instances. See #3081 for additional details.
- A fix to an obscure bug includes a change to the data sent to the controller after publishing multiple, endorsed credential definition revocation registries in a single call. The bug fix was to properly process the publishing. The breaking change is that when the process (now successfully) completes, the controller is sent the list of published credential definitions. Previously only a single value was being sent. See PR #3107 for additional details.
- The configuration settings around whether a multitenant wallet uses a single database vs. a database per tenant has been made more explicit. The previous settings were not clear, resulting in some deployments that were intended to be a database per tenant actually result in all tenants being in the same database. For details about the change, see #3105.
-
LTS Support Policy:
-
DIDComm and Connection Establishment updates/fixes:
- fix: multiuse invites with did peer 4 #3112 dbluhm
- Check connection is ready in all connection required handlers #3095 jamshale
- fix: didexchange manager not checking the did-rotate content correctly #3057 gmulhearn-anonyome
- fix: respond to did:peer:1 with did:peer:4 #3050 dbluhm
- DIDComm V2 Initial Implementation #2959 TheTechmage
- Feature: use decorators for admin api authentication #2860 esune
-
Admin API, Startup, OpenAPI/Swagger Updates and Improvements:
- Add rekey feature with blank key support #3125 jamshale
- BREAKING: Make single wallet config more explicit #3105 jamshale
- 🐛 fix IndyAttrValue bad reference in OpenAPI spec #3090 ff137
- 🎨 improve record querying logic #3083 ff137
- 🐛 fix storage record pagination with post-filter query params #3082 ff137
- ✨ Add pagination support for listing Connection, Cred Ex, and Pres Ex records #3033 ff137
- ✨ Adds support for paginated storage queries, and implements pagination for the wallets_list endpoint #3000 ff137
- Enable no-transport mode as startup parameter #2990 PatStLouis
-
Test and Demo updates:
-
Credential Exchange updates and fixes:
- Update TxnOrPublishRevocationsResultSchema #3164 cl0ete
- For proof problem handler #3068 loneil
- Breaking: Fix publishing multiple rev reg defs with endorsement #3107 jamshale
- Fix the check for vc_di proof #3106 ianco
- Add DIF presentation exchange context and cache document #3093 gmulhearn
- Add by_format to terse webhook for presentations #3081 ianco
- Use anoncreds registry for holder credential endpoints #3063 jamshale
- For proof problem handler, allow no connection record (OOB cases), prevent unhandled exception #3068 loneil
- Handle failed tails server issuance Anoncreds #3049 jamshale
- Prevent getting stuck with no active registry #3032 jamshale
- Fix and refactor anoncreds revocation recovery #3029 jamshale
- Fix issue with requested to revoke before registry creation #2995 jamshale
- Add support for revocable credentials in vc_di handler #2967 EmadAnwer
- Fix clear revocation logic #2956 jamshale
- Anoncreds - Send full registry list when getting revocation states #2946 jamshale
- Add missing VC-DI/LD-Proof verification method option #2867 PatStLouis
- feat: Integrate AnonCreds with W3C VCDI Format Support in ACA-Py #2861 sarthakvijayvergiya
- Correct the response type in send_rev_reg_def #2355 ff137
-
Upgrade Updates and Improvements:
- 👷 Enable linux/arm64 docker builds #3171 rblaine95
- BREAKING: Enable ARM-based ACA-Py artifacts by default by removing BBS+ Signatures as a default inclusion #3127 amanji
- Re-enable ledger plugin when --no-legder is set #3070 PatStLouis
- Upgrade to anoncreds via api endpoint #2922 jamshale
- 🐛 fix wallet_update when only extra_settings requested #2612 ff137
-
Release management pull requests:
-
Documentation, code formatting, publishing process updates:
- 🎨 organize imports #3169 ff137
- 👷 fix lint workflow and 🎨 apply ruff linting #3166 ff137
- Fix typo credetial, uste #3146 rngadam
- Fix links to AliceGetsAPhone.md from abs to rel and blob refs #3128 rngadam
- DOC: Verifiable Credential Data Integrity (VC-DI) Credentials in Aries Cloud Agent Python (ACA-Py) #2947 #3110 kenechukwu-orjiene
- demo/ACA-Py-Workshop.md tweak for Traction Sandbox update #3136 loneil
- Adds documentation site docs for releases 0.11.0 #3133 swcurran
- Add descriptive error for issuance without RevRegRecord #3109 jamshale
- Switch from black to ruff #3080 jamshale
- fix: print provision messages when auto-provision is triggered #3077 TheTechmage
- Rule D417 #3072 jamshale
- Fix - only run integration tests on opened PR's #3042 jamshale
- docs: added section on environment variables #3028 Executioner1939
- Fix deprecation warnings #2756 ff137
- 🎨 clarify LedgerError message when TAA is required and not accepted #2545 ff137
- Chore: fix marshmallow warnings #2398 ff137
- Fix formatting and grammatical errors in different readme's #2222 ff137
- Fix broken link in README #2221 ff137
- Manage integration tests with GitHub Actions (#2952) #2996 jamshale
- Update README.md #2927 KPCOFGS
- Add anoncreds migration guide #2881 jamshale
- Fix formatting and grammatical errors in different readme's #2222 ff137
- Fix broken link in README #2221 ff137
-
Dependencies and Internal Updates:
- Add explicit write permission to publish workflow #3167 jamshale
- Upgrade python to version 3.12 #3067 jamshale
- Use a published version of aiohttp-apispec #3019 jamshale
- Add sonarcloud badges #3014 jamshale
- Switch from pytz to dateutil #3012 jamshale
- feat: soft binding for plugin flexibility #3010 dbluhm
- feat: inject profile and session #2997 dbluhm
- ✨ Faster uuid generation #2994 ff137
- Sonarcloud with code coverage #2968 jamshale
- Fix Snyk sarif file #2961 pradeepp88
- Add OpenSSF Scorecard GHA - weekly #2955 swcurran
- Fix Snyk Container scanning workflow #2951 WadeBarnes
- chore: updating dependabot to support gha, python, docker and dev container packages #2945 rajpalc7
- fix(interop): overly strict validation #2943 dbluhm
- ⬆️ Upgrade test and lint dependencies #2939 ff137
- ⬆️ Upgrade aiohttp-apispec #2920 ff137
- ⬆️ Upgrade pydid (pydantic v2) #2919 ff137
- BREAKING feat: drop indy sdk #2892 dbluhm
- Change middleware registration order #2796 PatStLouis
- ⬆️ Upgrade pytest to 8.0 #2773 ff137
- ⬆️ Update pytest-asyncio to 0.23.4 #2764 ff137
- Upgrade pre-commit and flake8 dependencies; fix flake8 warnings #2399 ff137
- ⬆️ upgrade requests to latest #2336 ff137
- ⬆️ upgrade pyjwt to latest; introduce leeway to jwt.decode #2335 ff137
- ⬆️ upgrade packaging to latest #2334 ff137
- ⬆️ upgrade marshmallow to latest #2322 ff137
- Upgrade codegen tools in scripts/generate-open-api-spec and publish Swagger 2.0 and OpenAPI 3.0 specs #2246 ff137
-
Dependabot PRs:
- chore(deps): Bump ossf/scorecard-action from 2.3.3 to 2.4.0 in the all-actions group #3134 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump pre-commit from 3.7.1 to 3.8.0 #3129 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump ruff from 0.5.4 to 0.5.5 #3131 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump mkdocs-material from 9.5.29 to 9.5.30 #3130 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump pytest from 8.3.1 to 8.3.2 #3132 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump ruff from 0.5.2 to 0.5.4 #3114 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump pytest-asyncio from 0.23.7 to 0.23.8 in /demo/playground/examples #3117 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump pytest-ruff from 0.4.0 to 0.4.1 #3113 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump pytest from 8.2.2 to 8.3.1 #3115 [dependabot bot](https://github.com/dependabot bot)
- Library update 15/07/24 / Fix unit test typing #3103 jamshale
- chore(deps): Bump certifi from 2024.6.2 to 2024.7.4 in /demo/playground/examples in the pip group #3084 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump aries-askar from 0.3.1 to 0.3.2 #3088 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump ruff from 0.5.0 to 0.5.1 #3087 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump mkdocs-material from 9.5.27 to 9.5.28 #3089 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump certifi from 2024.6.2 to 2024.7.4 in the pip group #3085 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump requests from 2.32.2 to 2.32.3 #3076 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump uuid-utils from 0.8.0 to 0.9.0 #3075 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump mike from 2.0.0 to 2.1.2 #3074 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump ruff from 0.4.10 to 0.5.0 #3073 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump dawidd6/action-download-artifact from 5 to 6 in the all-actions group #3064 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump markupsafe from 2.0.1 to 2.1.5 #3062 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump pydevd-pycharm from 193.6015.41 to 193.7288.30 #3060 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump ruff from 0.4.4 to 0.4.10 #3058 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump the pip group with 2 updates #3046 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump urllib3 from 2.2.1 to 2.2.2 in /demo/playground/examples in the pip group #3045 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump marshmallow from 3.20.2 to 3.21.3 #3038 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump packaging from 23.1 to 23.2 #3037 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump mkdocs-material from 9.5.10 to 9.5.27 #3036 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump configargparse from 1.5.5 to 1.7 #3035 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump uuid-utils from 0.7.0 to 0.8.0 #3034 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump dawidd6/action-download-artifact from 3 to 5 in the all-actions group #3027 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Update prompt-toolkit requirement from ~=2.0.9 to ~=2.0.10 in /demo #3026 [dependabot bot](https://github.com/dependabot bot)
- chore(deps-dev): Bump pytest from 8.2.1 to 8.2.2 #3025 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump pydid from 0.5.0 to 0.5.1 #3024 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump sphinx from 1.8.4 to 1.8.6 #3021 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump actions/checkout from 3 to 4 in the all-actions group #3011 [dependabot bot](https://github.com/dependabot bot)
- Merge all demo dependabot PRs #3008 PatStLouis
- Merge all poetry dependabot PRs #3007 PatStLouis
- chore(deps): Bump hyperledger/aries-cloudagent-python from py3.9-0.9.0 to py3.9-0.12.1 in /demo/multi-demo #2976 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump hyperledger/aries-cloudagent-python from py3.9-0.10.4 to py3.9-0.12.1 in /demo/playground #2975 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump hyperledger/aries-cloudagent-python from py3.9-0.9.0 to py3.9-0.12.1 in /demo/docker-agent #2973 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump sphinx-rtd-theme from 1.1.1 to 1.3.0 in /docs #2970 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump untergeek/curator from 8.0.2 to 8.0.15 in /demo/elk-stack/extensions/curator #2969 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump ecdsa from 0.16.1 to 0.19.0 in the pip group across 1 directory #2933 [dependabot bot](https://github.com/dependabot bot)
A patch release to add the verification of a linkage between an inbound message and its associated connection (if any) before processing the message. Also adds some additional cleanup/fix PRs from the main branch (see list below) that might be useful for deployments currently using Release 0.12.1 or 0.12.0.
There are no breaking changes in this release.
- Dependency update and release PR
- Release management pull requests
- PRs cherry-picked into #3121 from the
main
branch:- fix: multiuse invites with did peer 4 #3112 dbluhm
- Check connection is ready in all connection required handlers #3095 jamshale
- Add by_format to terse webhook for presentations #3081 ianco
- fix: respond to did:peer:1 with did:peer:4 #3050 dbluhm
- feat: soft binding for plugin flexibility #3010 dbluhm
- feat: inject profile and session #2997 dbluhm
- feat: external signature suite provider interface #2835 dbluhm
- fix(interop): overly strict validation #2943 dbluhm
Release 0.12.1 is a small patch to cleanup some edge case issues in the handling of Out of Band invitations, revocation notification webhooks, and connection querying uncovered after the 0.12.0 release. Fixes and improvements were also made to the generation of ACA-Py's OpenAPI specifications.
There are no breaking changes in this release.
-
Out of Band Invitations and Connection Establishment updates/fixes:
-
OpenAPI/Swagger updates, fixes and cleanups:
-
Test and Demo updates:
-
Credential Exchange updates and fixes:
-
Endorsement of Indy Transactions fixes:
-
Documentation publishing process updates:
-
Dependencies and Internal Updates:
- chore(deps): Bump psf/black from 24.4.0 to 24.4.2 in the all-actions group #2924 [dependabot bot](https://github.com/dependabot bot)
- fix: fixes a regression that requires a log file in multi-tenant mode #2918 amanji
- Update AnonCreds to 0.2.2 #2917 swcurran
- chore(deps): Bump aiohttp from 3.9.3 to 3.9.4 dependencies python #2902 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump idna from 3.4 to 3.7 in /demo/playground/examples dependencies python #2886 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump psf/black from 24.3.0 to 24.4.0 in the all-actions group dependencies github_actions #2893 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump idna from 3.6 to 3.7 dependencies python #2887 [dependabot bot](https://github.com/dependabot bot)
- refactor: logging configs setup #2870 amanji
-
Release management pull requests:
Release 0.12.0 is a large release with many new capabilities, feature improvements, upgrades, and bug fixes. Importantly, this release completes the ACA-Py implementation of Aries Interop Profile v2.0, and enables the elimination of unqualified DIDs. While only deprecated for now, all deployments of ACA-Py SHOULD move to using only fully qualified DIDs as soon as possible.
Much progress has been made on did:peer
support in this release, with the handling of inbound DID Peer 1 added, and inbound and outbound support for DID Peer 2 and 4. Much attention was also paid to making sure that the Peer DID and DID Exchange capabilities match those of Credo-TS (formerly Aries Framework JavaScript). The completion of that work eliminates the remaining places where "unqualified" DIDs were being used, and to enable the "connection reuse" feature in the Out of Band protocol when using DID Peer 2 and 4 DIDs in invitations. See the document Qualified DIDs for details about how to control the use of DID Peer 2 or 4 in an ACA-Py deployment, and how to eliminate the use of unqualified DIDs. Support for DID Exchange v1.1 has been added to ACA-Py, with support for DID Exchange v1.0 retained, and we've added support for DID Rotation.
Work continues towards supporting ledger agnostic AnonCreds, and the new Hyperledger AnonCreds Rust library. Some of that work is in this release, the rest will be in the next release.
Attention was given in the release to simplifying the handling of JSON-LD Data Integrity Verifiable Credentials.
An important change in this release is the re-organization of the ACA-Py documentation, moving the vast majority of the documents to the folders within the docs
folder -- a long overdue change that will allow us to soon publish the documents on https://aca-py.org directly from the ACA-Py repository, rather than from the separate aries-acapy-docs currently being used.
A big developer improvement is a revamping of the test handling to eliminate ~2500 warnings that were previously generated in the test suite. Nice job @ff137!
A deployment of this release that uses DID Peer 2 and 4 invitations may encounter problems interacting with agents deployed using older Aries protocols. Led by the Aries Working Group, the Aries community is encouraging the upgrade of all ecosystem deployments to accept all commonly used qualified DIDs, including DID Peer 2 and 4. See the document Qualified DIDs for more details about the transition to using only qualified DIDs. If deployments you interact with are still using unqualified DIDs, please encourage them to upgrade as soon as possible.
Specifically for those upgrading their ACA-Py instance that create Out of Band invitations with more than one handshake_protocol
, the protocol for the connection has been removed. See Issue #2879 contains the details of this subtle breaking change.
New deprecation notices were added to ACA-Py on startup and in the OpenAPI/Swagger interface. Those added are listed below. As well, we anticipate 0.12.0 being the last ACA-Py release to include support for the previously deprecated Indy SDK.
- RFC 0036 Issue Credential v1
- Migrate to use RFC 0453 Issue Credential v2
- RFC 0037 Present Proof v2
- Migrate to use RFC 0454 Present Proof v2
- RFC 0169 Connections
- Migrate to use RFC 0023 DID Exchange and 0434 Out-of-Band
- The use of
did:sov:...
as a Protocol Doc URI- Migrate to use
https://didcomm.org/
.
- Migrate to use
-
DID Handling and Connection Establishment Updates/Fixes
- fix: conn proto in invite webhook if known #2880 dbluhm
- Emit the OOB done event even for multi-use invites #2872 ianco
- refactor: introduce use_did and use_did_method #2862 dbluhm
- fix(credo-interop): various didexchange and did:peer related fixes 1.0.0 #2748 dbluhm
- Change did <--> verkey logging on connections #2853 jamshale
- fix: did exchange multiuse invites respond in kind #2850 dbluhm
- Support connection re-use for did:peer:2/4 #2823 ianco
- feat: did-rotate #2816 amanji
- Author subwallet setup automation #2791 jamshale
- fix: save multi_use to the DB for OOB invitations #2694 frostyfrog
- Connection and DIDX Problem Reports #2653 usingtechnology
-
DID Peer and DID Resolver Updates and Fixes
- Integration test for did:peer #2713 ianco
- Feature/emit did peer 4 #2696 Jsyro
- did peer 4 resolution #2692 Jsyro
- Emit did:peer:2 for didexchange #2687 Jsyro
- Add did web method type as a default option #2684 PatStLouis
- feat: add did:jwk resolver #2645 dbluhm
- feat: support resolving did:peer:1 received in did exchange #2611 dbluhm
-
AnonCreds and Ledger Agnostic AnonCreds RS Changes
- Prevent revocable cred def being created without tails server #2849 jamshale
- Anoncreds - support for anoncreds and askar wallets concurrently #2822 jamshale
- Send revocation list instead of rev_list object - Anoncreds #2821 jamshale
- Fix anoncreds non-endorsement revocation #2814 jamshale
- Get and create anoncreds profile when using anoncreds subwallet #2803 jamshale
- Add anoncreds multitenant endorsement integration tests #2801 jamshale
- Anoncreds revoke and publish-revocations endorsement #2782 jamshale
- Upgrade anoncreds to version 0.2.0-dev11 #2763 jamshale
- Update anoncreds to 0.2.0-dev10 #2758 jamshale
- Anoncreds - Cred Def and Revocation Endorsement #2752 jamshale
- Upgrade anoncreds to 0.2.0-dev9 #2741 jamshale
- Upgrade anoncred-rs to version 0.2.0-dev8 #2734 jamshale
- Upgrade anoncreds to 0.2.0.dev7 #2719 jamshale
- Improve api documentation and error handling #2690 jamshale
- Add unit tests for anoncreds revocation #2688 jamshale
- Return 404 when schema not found #2683 jamshale
- Anoncreds - Add unit testing #2672 jamshale
- Additional anoncreds integration tests AnonCreds #2660 ianco
- Update integration tests for anoncreds-rs AnonCreds #2651 ianco
- Initial migration of anoncreds revocation code AnonCreds #2643 ianco
- Integrate Anoncreds rs into credential and presentation endpoints AnonCreds #2632 ianco
- Initial code migration from anoncreds-rs branch AnonCreds #2596 ianco
-
Hyperledger Indy ledger related updates and fixes
-
JSON-LD Verifiable Credential/DIF Presentation Exchange updates
- Add missing VC-DI/LD-Proof verification method option #2867 PatStLouis
- Revert profile injection for VcLdpManager on vc-api endpoints #2794 PatStLouis
- Add cached copy of BBS v1 context #2749 andrewwhitehead
- Update BBS+ context to bypass redirections #2739 swcurran
- feat: make VcLdpManager pluggable #2706 dbluhm
- fix: minor type hint corrections for VcLdpManager #2704 dbluhm
- Remove if condition which checks if the credential.type array is equal to 1 #2670 PatStLouis
- Feature Suggestion: Include a Reason When Constraints Cannot Be Applied #2630 Ennovate-com
- refactor: make ldp_vc logic reusable #2533 dbluhm
-
Credential Exchange (Issue, Present) Updates
- Allow for crids in event payload to be integers #2819 jamshale
- Create revocation notification after list entry written to ledger #2812 jamshale
- Remove exception on connectionless presentation problem report handler #2723 loneil
- Ensure "preserve_exchange_records" flags are set. #2664 usingtechnology
- Slight improvement to credx proof validation error message #2655 ianco
- Add ConnectionProblemReport handler #2600 usingtechnology
-
Multitenancy Updates and Fixes
- feature/per tenant settings #2790 amanji
- Improve Per Tenant Logging: Fix issues around default log file path #2659 shaangill025
-
Other Fixes, Demo, DevContainer and Documentation Fixes
- chore: propose official deprecations of a couple of features #2856 dbluhm
- feat: external signature suite provider interface #2835 dbluhm
- Update GHA so that broken image links work on docs site - without breaking them on GitHub #2852 swcurran
- Minor updates to the documentation - links #2848 swcurran
- Update to run_demo script to support Apple M1 CPUs #2843 swcurran
- Add functionality for building and running agents seprately #2845 sarthakvijayvergiya
- Cleanup of docs #2831 swcurran
- Create AnonCredsMethods.md #2832 swcurran
- FIX: GHA update for doc publishing, fix doc file that was blanked #2820 swcurran
- More updates to get docs publishing #2810 swcurran
- Eliminate the double workflow event #2811 swcurran
- Publish docs GHActions tweak #2806 swcurran
- Update publish-docs to operate on main and on branches prefixed with docs-v #2804 swcurran
- Add index.html redirector to gh-pages branch #2802 swcurran
- Demo description of reuse in establishing a connection #2787 swcurran
- Reorganize the ACA-Py Documentation Files #2765 swcurran
- Tweaks to MD files to enable aca-py.org publishing #2771 swcurran
- Update devcontainer documentation #2729 jamshale
- Update the SupportedRFCs Document to be up to date #2722 swcurran
- Fix incorrect Sphinx search library version reference #2716 swcurran
- Update RTD requirements after security vulnerability recorded #2712 swcurran
- Update legacy bcgovimages references. #2700 WadeBarnes
- fix: link to raw content change from master to main #2663 Ennovate-com
- fix: open-api generator script #2661 dbluhm
- Update the ReadTheDocs config in case we do another 0.10.x release #2629 swcurran
-
Dependencies and Internal Updates
- Add wallet.type config to /settings endpoint #2877 jamshale
- chore(deps): Bump pillow from 10.2.0 to 10.3.0 dependencies python #2869 [dependabot bot](https://github.com/dependabot bot)
- Fix run_tests script #2866 ianco
- fix: states for discovery record to emit webhook #2858 dbluhm
- Increase promote did retries #2854 jamshale
- chore(deps-dev): Bump black from 24.1.1 to 24.3.0 dependencies python #2847 [dependabot bot](https://github.com/dependabot bot)
- chore(deps): Bump the all-actions group with 1 update dependencies github_actions #2844 [dependabot bot](https://github.com/dependabot bot)
- patch for #2781: User Agent header in doc loader #2824 gmulhearn-anonyome
- chore(deps): Bump jwcrypto from 1.5.4 to 1.5.6 dependencies python #2833 [dependabot bot](https://github.com/dependabot bot)
- bot chore(deps): Bump cryptography from 42.0.3 to 42.0.4 dependencies python #2805 dependabot
- bot chore(deps): Bump the all-actions group with 3 updates dependencies github_actions #2815 dependabot
- Change middleware registration order #2796 PatStLouis
- Bump pyld version to 2.0.4 #2795 PatStLouis
- Revert profile inject #2789 jamshale
- Move emit events to profile and delay sending until after commit #2760 ianco
- fix: partial revert of ConnRecord schema change 1.0.0 #2746 dbluhm
- chore(deps): Bump aiohttp from 3.9.1 to 3.9.2 dependencies #2745 dependabot bot
- bump pydid to v 0.4.3 #2737 PatStLouis
- Fix subwallet record removal #2721 andrewwhitehead
- chore(deps): Bump jinja2 from 3.1.2 to 3.1.3 dependencies #2707 dependabot bot
- feat: inject profile #2705 dbluhm
- Remove tiny-vim from being added to the container image to reduce reported vulnerabilities from scanning #2699 swcurran
- chore(deps): Bump jwcrypto from 1.5.0 to 1.5.1 dependencies #2689 dependabot bot
- Update dependencies #2686 andrewwhitehead
- Fix: Change To Use Timezone Aware UTC datetime #2679 Ennovate-com
- fix: update broken demo dependency #2638 mrkaurelius
- Bump cryptography from 41.0.5 to 41.0.6 dependencies #2636 dependabot bot
- Bump aiohttp from 3.8.6 to 3.9.0 dependencies #2635 dependabot bot
-
CI/CD, Testing, and Developer Tools/Productivity Updates
- Fix deprecation warnings #2756 ff137
- chore(deps): Bump the all-actions group with 10 updates dependencies #2784 dependabot bot
- Add Dependabot configuration #2783 WadeBarnes
- Implement B006 rule #2775 jamshale
- ⬆️ Upgrade pytest to 8.0 #2773 ff137
- ⬆️ Update pytest-asyncio to 0.23.4 #2764 ff137
- Remove asynctest dependency and fix "coroutine not awaited" warnings #2755 ff137
- Fix pytest collection errors when anoncreds package is not installed #2750 andrewwhitehead
- chore: pin black version #2747 dbluhm
- Tweak scope of GHA integration tests #2662 ianco
- Update snyk workflow to execute on Pull Request #2658 usingtechnology
-
Release management pull requests
A patch release to add a fix that ensures that sufficient webhook information is sent to an ACA-Py controller that is executing the AIP 2.0 Present Proof 2.0 Protocol.
There are no breaking changes in this release.
- Dependency update and release PR
- Release management pull requests
- PRs cherry-picked into #3142 from the
main
branch:
A patch release to add the verification of a linkage between an inbound message and its associated connection (if any) before processing the message.
There are no breaking changes in this release.
- Dependency update and release PR
- Release management pull requests
- PRs cherry-picked into #3120 from the
main
branch:
A patch release to update the aiohttp
library such that a reported serious
vulnerability is addressed such that a crafted payload delivered to aiohttp
can put it in an infinite loop, which can be used for a low cost denial of
service attack. CVE-2024-30251 describes the issue.
There are no breaking changes in this release. The only changed is the updated
aiohttp
dependency.
Release 0.11.0 is a relatively large release of new features, fixes, and internal updates. 0.11.0 is planned to be the last significant update before we begin the transition to using the ledger agnostic AnonCreds Rust in a release that is expected to bring Admin/Controller API changes. We plan to do patches to the 0.11.x branch while the transition is made to using [Anoncreds Rust].
An important addition to ACA-Py is support for signing and verifying SD-JWT verifiable credentials. We expect this to be the first of the changes to extend ACA-Py to support OpenID4VC protocols.
This release and Release 0.10.5 contain a high priority fix to correct
an issue with the handling of the JSON-LD presentation verifications, where the
status of the verification of the presentation.proof
in the Verifiable
Presentation was not included when determining the verification value (true
or
false
) of the overall presentation. A forthcoming security advisory will cover
the details. Anyone using JSON-LD presentations is recommended to upgrade to one
of these versions of ACA-Py as soon as possible.
In the CI/CD realm, substantial changes were applied to the source base in switching from:
pip
to Poetry for packaging and dependency management,- Flake8 to Ruff for linting,
asynctest
toIsolatedAsyncioTestCase
andAsyncMock
objects now included in Python's builtinunittest
package for unit testing.
These are necessary and important modernization changes, with the latter two triggering many (largely mechanical) changes to the codebase.
In addition to the impacts of the change for developers in switching from pip
to Poetry, the only significant breaking change is the (overdue) transition of
ACA-Py to always use the new DIDComm message type prefix, changing the DID
Message prefix from the old hardcoded did:sov:BzCbsNYhMrjHiqZDTUASHg;spec
to
the new hardcoded https://didcomm.org
value, and using the new DIDComm MIME
type in place of the old. The vast majority (all?) Aries deployments have long
since been updated to accept both values, so this change just forces the use of
the newer value in sending messages. In updating this, we retained the old
configuration parameters most deployments were using
(--emit-new-didcomm-prefix
and --emit-new-didcomm-mime-type
) but updated the
code to set the configuration parameters to true
even if the parameters were
not set. See PR #2517.
The JSON-LD verifiable credential handling of JSON-LD contexts has been updated to pre-load the base contexts into the repository code so they are not fetched at run time. This is a security best practice for JSON-LD, and prevents errors in production when, from time to time, the JSON-LD contexts are unavailable because of outages of the web servers where they are hosted. See PR #2587.
A Problem Report message is now sent when a request for a credential is received and there is no associated Credential Exchange Record. This may happen, for example, if an issuer decides to delete a Credential Exchange Record that has not be answered for a long time, and the holder responds after the delete. See PR #2577.
- DIDComm Messaging Improvements/Fixes
- DID Handling and Connection Establishment Updates/Fixes
- Goal and Goal Code in invitation URL. #2591 usingtechnology
- refactor: use did-peer-2 instead of peerdid #2561 dbluhm
- Fix: Problem Report Before Exchange Established #2519 Ennovate-com
- fix: issue #2434: Change DIDExchange States to Match rfc160 #2461 anwalker293
- DID Peer and DID Resolver Updates and Fixes
- ACA-Py as a DIDComm Mediator Updates and Fixes
- Fixes to Upgrades
- Hyperledger Indy ledger related updates and fixes
- fix: taa rough timestamp timezone from datetime #2554 dbluhm
- 🎨 clarify LedgerError message when TAA is required and not accepted #2545 ff137
- Feat: Upgrade from tags and fix issue with legacy IssuerRevRegRecords [<=v0.5.2] #2486 shaangill025
- Bugfix: Issue with write ledger pool when performing Accumulator sync #2480 shaangill025
- Issue #2419 InvalidClientTaaAcceptanceError time too precise error if container timezone is not UTC #2420 Ennovate-com
- OpenID4VC / SD-JWT Updates
- JSON-LD Verifiable Credential/Presentation updates
- fix: report presentation result #2615 dbluhm
- Fix Issue #2589 TypeError When There Are No Nested Requirements #2590 Ennovate-com
- feat: use a local static cache for commonly used contexts #2587 chumbert
- Issue #2488 KeyError raised when Subject ID is not a URI #2490 Ennovate-com
- Credential Exchange (Issue, Present) Updates
- Multitenancy Updates and Fixes
- Feat: Support subwallet upgradation using the Upgrade command #2529 shaangill025
- Other Fixes, Demo, DevContainer and Documentation Fixes
- fix: wallet type help text out of date #2618 dbluhm
- fix: typos #2614 omahs
- black formatter extension configuration update #2603 usingtechnology
- Update Devcontainer pytest ruff black #2602 usingtechnology
- Issue 2570 devcontainer ruff, black and pytest #2595 usingtechnology
- chore: correct type hints on base record #2604 dbluhm
- Playground needs optionally external network #2564 usingtechnology
- Issue 2555 playground scripts readme #2563 usingtechnology
- Update demo/playground scripts #2562 usingtechnology
- Update .readthedocs.yaml #2548 swcurran
- Update .readthedocs.yaml #2547 swcurran
- fix: correct minor typos #2544 Ennovate-com
- Update steps for Manually Creating Revocation Registries #2491 WadeBarnes
- Dependencies and Internal Updates
- chore: bump pydid version #2626 dbluhm
- chore: dependency updates #2565 dbluhm
- chore(deps): Bump urllib3 from 2.0.6 to 2.0.7 dependencies #2552 dependabot bot
- chore(deps): Bump urllib3 from 2.0.6 to 2.0.7 in /demo/playground/scripts dependencies #2551 dependabot bot
- chore: update pydid #2527 dbluhm
- chore(deps): Bump urllib3 from 2.0.5 to 2.0.6 dependencies #2525 dependabot bot
- chore(deps): Bump urllib3 from 2.0.2 to 2.0.6 in /demo/playground/scripts dependencies #2524 dependabot bot
- Avoid multiple open wallet connections #2521 andrewwhitehead
- Remove unused dependencies #2510 andrewwhitehead
- Use correct rust log level in dockerfiles #2499 loneil
- fix: run tests script copying local env #2495 dbluhm
- Update devcontainer to read version from aries-cloudagent package #2483 usingtechnology
- Update Python image version to 3.9.18 #2456 WadeBarnes
- Remove old routing protocol code #2466 dbluhm
- CI/CD, Testing, and Developer Tools/Productivity Updates
- fix: drop asynctest 0.11.0 #2566 dbluhm
- Dockerfile.indy - Include aries_cloudagent code into build #2584 usingtechnology
- fix: version should be set by pyproject.toml #2471 dbluhm
- chore: add black back in as a dev dep #2465 dbluhm
- Swap out flake8 in favor of Ruff #2438 dbluhm
- #2289 Migrate to Poetry #2436 Gavinok
- Release management pull requests
Release 0.10.5 is a high priority patch release to correct an issue with the
handling of the JSON-LD presentation verifications, where the status of the
verification of the presentation.proof
in the Verifiable Presentation was not
included when determining the verification value (true
or false
) of the
overall presentation. A forthcoming security advisory will cover the details.
Anyone using JSON-LD presentations is recommended to upgrade to this version of ACA-Py as soon as possible.
- JSON-LD Credential Exchange (Issue, Present) Updates
- Release management pull requests
Release 0.10.4 is a patch release to correct an issue with the handling of did:key
routing
keys in some mediator scenarios, notably with the use of [Aries Framework Kotlin]. See the
details in the PR and [Issue #2531 Routing for agents behind a aca-py based mediator is broken].
Thanks to codespree for raising the issue and providing the fix.
Aries Framework Kotlin [Issue #2531 Routing for agents behind a aca-py based mediator is broken]: #2531
- DID Handling and Connection Establishment Updates/Fixes
- Release management pull requests
Release 0.10.3 is a patch release to add an upgrade process for very old versions of Aries Cloud Agent Python (circa 0.5.2). If you have a long time deployment of an issuer that uses revocation, this release could correct internal data (tags in secure storage) related to revocation registries. Details of the about the triggering problem can be found in Issue #2485.
The upgrade is applied by running the following command for the ACA-Py instance to be upgraded:
./scripts/run_docker upgrade --force-upgrade --named-tag fix_issue_rev_reg
- Credential Exchange (Issue, Present) Updates
- Feat: Upgrade from tags and fix issue with legacy IssuerRevRegRecords [<=v0.5.2] #2486 shaangill025
- Release management pull requests
Release 0.10.2 is a patch release for 0.10.1 that addresses three specific regressions found in deploying Release 0.10.1. The regressions are to fix:
- An ACA-Py instance upgraded to 0.10.1 that had an existing connection to another Aries agent
where the connection has both an
http
andws
(websocket) service endpoint with the same ID cannot message that agent. A scenario is an ACA-Py issuer connecting to an Endorser with bothhttp
andws
service endpoints. The updates made in 0.10.1 to improve ACA-Py DID resolution did not account for this scenario and needed a tweak to work (Issue #2474, PR #2475). - The "fix revocation registry" endpoint used to fix scenarios an Issuer's local revocation registry state is out of sync with the ledger was broken by some code being added to support a single ACA-Py instance writing to different ledgers (Issue #2477, PR #2480).
- The version of the PyDID library we were using did not handle some unexpected DID resolution use cases encountered with mediators. The PyDID library version dependency was updated in PR #2500.
- DID Handling and Connection Establishment Updates/Fixes
- Credential Exchange (Issue, Present) Updates
- Bugfix: Issue with write ledger pool when performing Accumulator sync #2480 shaangill025
- Release management pull requests
Release 0.10.1 contains a breaking change, an important fix for a regression
introduced in 0.8.2 that impacts certain deployments, and a number of fixes and
updates. Included in the updates is a significant internal reorganization of the
DID and connection management code that was done to enable more flexible uses of
different DID Methods, such as being able to use did:web
DIDs for DIDComm
messaging connections. The work also paves the way for coming updates related to
support for did:peer
DIDs for DIDComm. For details on the change see
PR #2409, which includes some of the best pull request documentation ever
created.
Release 0.10.1 has the same contents as 0.10.0. An error on PyPi prevented the 0.10.0 release from being properly uploaded because of an existing file of the same name. We immediately released 0.10.1 as a replacement.
The regression fix is for ACA-Py deployments that use multi-use invitations but
do NOT use the --auto-accept-connection-requests
flag/processing. A change
in 0.8.2 (PR #2223) suppressed an extra webhook event firing during
the processing after receiving a connection request. An unexpected side effect
of that change was that the subsequent webhook event also did not fire, and as a
result, the controller did not get any event signalling a new connection request
had been received via the multi-use invitation. The update in this release
ensures the proper event fires and the controller receives the webhook.
See below for the breaking changes and a categorized list of the pull requests included in this release.
Updates in the CI/CD area include adding the publishing of a nightly
container
image that includes any changes in the main branch since the last nightly
was
published. This allows getting the "latest and greatest" code via a container image
vs. having to install ACA-Py from the repository. In addition, Snyk scanning
was added to the CI pipeline, and Indy SDK tests were removed from the pipeline.
#2352 is a breaking change related to the storage of presentation exchange
records in ACA-Py. In previous releases, presentation exchange protocol state
data records were retained in ACA-Py secure storage after the completion of
protocol instances. With this release the default behavior changes to deleting
those records by default, unless the ----preserve-exchange-records
flag is
set in the configuration. This extends the use of that flag that previously
applied only to issue credential records. The extension matches the initial
intention of the flag--that it cover both issue credential and present proof
exchanges. The "best practices" for ACA-Py is that the controller (business
logic) store any long-lasting business information needed for the service that
is using the Aries Agent, and ACA-Py storage should be used only for data
necessary for the operation of the agent. In particular, protocol state data
should be held in ACA-Py only as long as the protocol is running (as it is
needed by ACA-Py), and once a protocol instance completes, the controller should
extract and store the business information from the protocol state before it is
deleted from ACA-Py storage.
- DIDComm Messaging Improvements/Fixes
- DID Handling and Connection Establishment Updates/Fixes
- fix: handle stored afgo and findy docs in corrections #2450 dbluhm
- chore: relax connections filter DID format #2451 chumbert
- fix: ignore duplicate record errors on add key #2447 dbluhm
- fix: ignore duplicate record errors on add key #2447 dbluhm
- fix: more diddoc corrections #2446 dbluhm
- feat: resolve connection targets and permit connecting via public DID #2409 dbluhm
- feat: add legacy peer did resolver #2404 dbluhm
- Fix: Ensure event/webhook is emitted for multi-use invitations #2413 esune
- feat: add DID Exchange specific problem reports and reject endpoint #2394 dbluhm
- fix: additional tweaks for did:web and other methods as public DIDs #2392 dbluhm
- Fix empty ServiceDecorator in OobRecord causing 422 Unprocessable Entity Error #2362 ff137
- Feat: Added support for Ed25519Signature2020 signature type and Ed25519VerificationKey2020 #2241 dkulic
- Upgrading to Aries Askar Updates
- Credential Exchange (Issue, Present) Updates
- Multitenancy Updates and Fixes
- Multitenant check endorser_info before saving #2395 usingtechnology
- Feat: Support Selectable Write Ledger #2339 shaangill025
- Other Fixes, Demo, and Documentation Fixes
- Redis Plugins [redis_cache & redis_queue] documentation and docker related updates #1937 shaangill025
- Chore: fix marshmallow warnings #2398 ff137
- Upgrade pre-commit and flake8 dependencies; fix flake8 warnings #2399 ff137
- Corrected typo on mediator invitation configuration argument #2365 jorgefl0
- Add workaround for ARM based macs #2313 finnformica
- Dependencies and Internal Updates
- chore(deps): Bump certifi from 2023.5.7 to 2023.7.22 in /demo/playground/scripts dependencies #2354 dependabot bot
- CI/CD and Developer Tools/Productivity Updates
- Release management pull requests
Release 0.10.1 has the same contents as 0.10.0. An error on PyPi prevented the 0.10.0 release from being properly uploaded because of an existing file of the same name. We immediately released 0.10.1 as a replacement.
Release 0.9.0 is an important upgrade that changes (PR #2302) the dependency on the now archived Hyperledger Ursa project to its updated, improved replacement, AnonCreds CL-Signatures. This important change is ONLY available when using Aries Askar as the wallet type, which brings in both [Indy VDR] and the CL-Signatures via the latest version of CredX from the indy-shared-rs repository. The update is NOT available to those that are using the Indy SDK. All new deployments of ACA-Py SHOULD use Aries Askar. Further, we strongly recommend that all deployments using the Indy SDK with ACA-Py upgrade their installation to use Aries Askar and the related components using the migration scripts available. An Indy SDK to Askar migration document added to the aca-py.org documentation site, and a deprecation warning added to the ACA-Py startup.
The second big change in this release is that we have upgraded the primary Python version from 3.6 to 3.9 (PR #2247). In this case, primary means that Python 3.9 is used to run the unit and integration tests on all Pull Requests. We also do nightly runs of the main branch using Python 3.10. As of this release we have dropped Python 3.6, 3.7 and 3.8, and introduced new dependencies that are not supported in those versions of Python. For those that use the published ACA-Py container images, the upgrade should be easily handled. If you are pulling ACA-Py into your own image, or a non-containerized environment, this is a breaking change that you will need to address.
Please see the next section for all breaking changes, and the subsequent section for a categorized list of all pull requests in this release.
In addition to the breaking Python 3.6 to 3.9 upgrade, there are two other breaking changes that may impact some deployments.
#2034 allows for additional flexibility in using public DIDs in invitations,
and adds a restriction that "implicit" invitations must be proactively enabled
using a flag (--requests-through-public-did
). Previously, such requests
would always be accepted if --auto-accept
was enabled, which could lead to
unexpected connections being established.
#2170 is a change to improve message handling in the face of delivery errors when using a persistent queue implementation such as the ACA-Py Redis Plugin. If you are using the Redis plugin, you MUST upgrade to Redis Plugin Release 0.1.0 in conjunction with deploying this ACA-Py release. For those using their own persistent queue solution, see the PR #2170 comments for information about changes you might need to make to your deployment.
- DIDComm Messaging Improvements/Fixes
- DID Handling and Connection Establishment Updates/Fixes
- Allow any did to be public #2295 mkempa
- Feat: Added support for Ed25519Signature2020 signature type and Ed25519VerificationKey2020 #2241 dkulic
- Add Goal and Goal Code to OOB and DIDex Request #2294 usingtechnology
- Fix routing in set public did #2288 mkempa - Fix: Do not replace public verkey on mediator #2269 mkempa - BREAKING: Allow multi-use public invites and public invites with metadata #2034 mepeltier
- fix: public did mediator routing keys as did keys #1977 dbluhm
- Credential Exchange (Issue, Present) Updates
- Add revocation registry rotate to faber demo #2333 usingtechnology
- Update to indy-credx 1.0 #2302 andrewwhitehead
- feat(anoncreds): Implement automated setup of revocation #2292 dbluhm
- fix: schema class can set Meta.unknown #1885 dbluhm
- Respect auto-verify-presentation flag in present proof v1 and v2 #2097 dbluhm
- Feature: JWT Sign and Verify Admin Endpoints with DID Support #2300 burdettadam
- Multitenancy Updates and Fixes
- Fix: Track endorser and author roles in per-tenant settings #2331 shaangill025
- Added base wallet provisioning details to Multitenancy.md #2328 esune
- Other Fixes, Demo, and Documentation Fixes
- Add more context to the ACA-Py Revocation handling documentation #2343 swcurran
- Document the Indy SDK to Askar Migration process #2340 swcurran
- Add revocation registry rotate to faber demo #2333 usingtechnology
- chore: add indy deprecation warnings #2332 dbluhm
- Fix alice/faber demo execution #2305 andrewwhitehead
- Add .indy_client folder to Askar only image. #2308 WadeBarnes
- Add build step for indy-base image in run_demo #2299 usingtechnology
- Webhook over websocket clarification #2287 dbluhm
- ACA-Py Deployment Upgrade Changes
- Add Explicit/Offline marking mechanism for Upgrade #2204 shaangill025
- Plugin Handling Updates
- Feature: Add the ability to deny specific plugins from loading 0.7.4 #1737 frostyfrog
- Dependencies and Internal Updates
- upgrade pyjwt to latest; introduce leeway to jwt.decodet #2335 ff137
- upgrade requests to latest #2336 ff137
- upgrade packaging to latest #2334 ff137
- chore: update PyYAML #2329 dbluhm
- chore(deps): Bump aiohttp from 3.8.4 to 3.8.5 in /demo/playground/scripts dependencies #2325 dependabot bot
- ⬆️ upgrade marshmallow to latest #2322 ff137
- fix: use python 3.9 in run_docker #2291 dbluhm
- BREAKING!: drop python 3.6 support #2247 dbluhm
- Minor revisions to the README.md and DevReadMe.md #2272 swcurran
- ACA-Py Administrative Updates
- CI/CD and Developer Tools/Productivity Updates
- Cancel in-progress workflows when PR is updated #2303 andrewwhitehead
- ci: add gha for pr-tests #2058 dbluhm
- Add devcontainer for ACA-Py #2267 usingtechnology
- Docker images and GHA for publishing images help wanted #2076 dbluhm
- ci: test additional versions of python nightly #2059 dbluhm
- Release management pull requests
Release 0.8.2 contains a number of minor fixes and updates to ACA-Py, including the correction of a regression in Release 0.8.0 related to the use of plugins (see #2255). Highlights include making it easier to use tracing in a development environment to collect detailed performance information about what is going in within ACA-Py.
This release pulls in indy-shared-rs Release 3.3 which fixes a serious issue in AnonCreds verification, as described in issue #2036, where the verification of a presentation with multiple revocable credentials fails when using Aries Askar and the other shared components. This issue occurs only when using Aries Askar and indy-credx Release 3.3.
An important new feature in this release is the ability to set some instance configuration settings at the tenant level of a multi-tenant deployment. See PR #2233.
There are no breaking changes in this release.
- Connections Fixes/Updates
- Resolve definitions.py fix to fix backwards compatibility break in plugins #2255 usingtechnology
- Add support for JsonWebKey2020 for the connection invitations #2173 dkulic
- fix: only cache completed connection targets #2240 dbluhm
- Connection target should not be limited only to indy dids #2229 dkulic
- Disable webhook trigger on initial response to multi-use connection invitation #2223 esune
- Credential Exchange (Issue, Present) Updates
- Pass document loader to jsonld.expand #2175 andrewwhitehead
- Multi-tenancy fixes/updates
- Allow Configuration Settings on a per-tenant basis #2233 shaangill025
- stand up multiple agents (single and multi) for local development and testing #2230 usingtechnology
- Multi-tenant self-managed mediation verkey lookup #2232 usingtechnology
- fix: route multitenant connectionless oob invitation #2243 TimoGlastra
- Fix multitenant/mediation in demo #2075 ianco
- Other Bug and Documentation Fixes
- Assign ~thread.thid with thread_id value #2261 usingtechnology
- Fix: Do not replace public verkey on mediator #2269 mkempa
- Provide an optional Profile to the verification key strategy #2265 yvgny
- refactor: Extract verification method ID generation to a separate class #2235 yvgny
- Create .readthedocs.yaml file #2268 swcurran
- feat(did creation route): reject unregistered did methods #2262 chumbert
- ./run_demo performance -c 1 --mediation --timing --trace-log #2245 usingtechnology
- Fix formatting and grammatical errors in different readme's #2222 ff137
- Fix broken link in README #2221 ff137
- fix: run only on main, forks ok #2166 anwalker293
- Update Alice Wants a JSON-LD Credential to fix invocation #2219 swcurran
- Dependencies and Internal Updates
- Bump requests from 2.30.0 to 2.31.0 in /demo/playground/scripts dependenciesPull requests that update a dependency file #2238 dependabot bot
- Upgrade codegen tools in scripts/generate-open-api-spec and publish Swagger 2.0 and OpenAPI 3.0 specs #2246 ff137
- ACA-Py Administrative Updates
- Propose adding Jason Sherman usingtechnology as a Maintainer #2263 swcurran
- Updating Maintainers list to be accurate and using the TOC format #2258 swcurran
- Message Tracing/Timing Updates
- Add updated ELK stack for demos. #2236 usingtechnology
- Release management pull requests
Version 0.8.1 is an urgent update to Release 0.8.0 to address an inability to
execute the upgrade
command. The upgrade
command is needed for 0.8.0 Pull
Request #2116 - "UPGRADE: Fix multi-use invitation performance", which is
useful for (at least) deployments of ACA-Py as a mediator. In the release, the
upgrade process is revamped, and documented in Upgrading ACA-Py.
Key points about upgrading for those with production, pre-0.8.1 ACA-Py deployments:
- Upgrades now happen automatically on startup, when needed.
- The version of the last executed upgrade, even if it is a "no change" upgrade,
is put into secure storage and is used to detect when future upgrades are needed.
- Upgrades are needed when the running version is greater than the version is secure storage.
- If you have an existing, pre-0.8.1 deployment with many connection records,
there may be a delay in starting as an upgrade will be run that loads and saves
every connection record, updating the data in the record in the process.
- A mechanism is to be added (see Issue #2201) for preventing an upgrade
running if it should not be run automatically, and requires using the
upgrade
command. To date, there has been no need for this feature.
- A mechanism is to be added (see Issue #2201) for preventing an upgrade
running if it should not be run automatically, and requires using the
- See the Upgrading ACA-Py document for more details.
Recent changes to Aries Askar have resulted in Askar supporting Postgres version 11 and greater. If you are on Postgres 10 or earlier and want to upgrade to use Askar, you must migrate your database to Postgres 10.
We have also noted that in some container orchestration environments such as
Red Hat's OpenShift and possibly other Kubernetes distributions, Askar using
Postgres versions greater than 14 do not install correctly. Please monitor
Issue #2199 for an update to this limitation. We have found that Postgres 15 does
install correctly in other environments (such as in docker compose
setups).
- Fixes for the
upgrade
Command- Change upgrade definition file entry from 0.8.0 to 0.8.1 #2203 swcurran
- Add Upgrading ACA-Py document #2200 swcurran
- Fix: Indy WalletAlreadyOpenedError during upgrade process #2196 shaangill025
- Fix: Resolve Upgrade Config file in Container #2193 shaangill025
- Update and automate ACA-Py upgrade process #2185 shaangill025
- Adds the upgrade command YML file to the PyPi Release #2179 swcurran
- Test and Documentation
- Release management pull requests
0.8.0 is a breaking change that contains all updates since release 0.7.5. It
extends the previously tagged 1.0.0-rc1
release because it is not clear when
the 1.0.0 release will be finalized. Many of the PRs in this release were previously
included in the 1.0.0-rc1
release. The categorized list of PRs separates those
that are new from those in the 1.0.0-rc1
release candidate.
There are not a lot of new Aries Framework features in this release, as the focus has been on cleanup and optimization. The biggest addition is the inclusion with ACA-Py of a universal resolver interface, allowing an instance to have both local resolvers for some DID Methods and a call out to an external universal resolver for other DID Methods. Another significant new capability is full support for Hyperledger Indy transaction endorsement for Authors and Endorsers. A new repo aries-endorser-service has been created that is a pre-configured instance of ACA-Py for use as an Endorser service.
A recently completed feature that is outside of ACA-Py is a script to migrate existing ACA-Py storage from Indy SDK format to Aries Askar format. This enables existing deployments to switch to using the newer Aries Askar components. For details see the converter in the aries-acapy-tools repository.
With this release, a new automated process publishes container images in the Hyperledger container image repository. New images for the release are automatically published by the GitHubAction Workflows: publish.yml and publish-indy.yml. The actions are triggered when a release is tagged, so no manual action is needed. The images are published in the Hyperledger Package Repository under aries-cloudagent-python and a link to the packages added to the repositories main page (under "Packages"). Additional information about the container image publication process can be found in the document Container Images and Github Actions.
The ACA-Py container images are based on Python 3.6 and 3.9 slim-bullseye
images, and are designed to support linux/386 (x86)
, linux/amd64 (x64)
, and linux/arm64
. However, for this release, the
publication of multi-architecture containers is disabled. We are working to
enable that through the updating of some dependencies that lack that capability.
There are two flavors of image built for each Python version. One contains only
the Indy/Aries Shared Libraries only (Aries
Askar, Indy
VDR and Indy Shared
RS, supporting only the use of
--wallet-type askar
). The other (labelled indy
) contains the Indy/Aries
shared libraries and the Indy SDK (considered deprecated). For new deployments,
we recommend using the Python 3.9 Shared Library images. For existing
deployments, we recommend migrating to those images.
Those currently using the container images published by BC Gov on Docker Hub should change to use those published to the Hyperledger Package Repository under aries-cloudagent-python.
PR #2034 -- Implicit connections
The break impacts existing deployments that support implicit connections, those
initiated by another agent using a Public DID for this instance instead of an
explicit invitation. Such deployments need to add the configuration parameter
--requests-through-public-did
to continue to support that feature. The use
case is that an ACA-Py instance publishes a public DID on a ledger with a
DIDComm service
in the DIDDoc. Other agents resolve that DID, and attempt to
establish a connection with the ACA-Py instance using the service
endpoint.
This is called an "implicit" connection in RFC 0023 DID
Exchange.
PR #1913 -- Unrevealed attributes in presentations
Updates the handling of "unrevealed attributes" during verification of AnonCreds presentations, allowing them to be used in a presentation, with additional data that can be checked if for unrevealed attributes. As few implementations of Aries wallets support unrevealed attributes in an AnonCreds presentation, this is unlikely to impact any deployments.
PR #2145 - Update webhook message to terse form by default, added startup flag --debug-webhooks for full form
The default behavior in ACA-Py has been to keep the full text of all messages in the protocol state object, and include the full protocol state object in the webhooks sent to the controller. When the messages include an object that is very large in all the messages, the webhook may become too big to be passed via HTTP. For example, issuing a credential with a photo as one of the claims may result in a number of copies of the photo in the protocol state object and hence, very large webhooks. This change reduces the size of the webhook message by eliminating redundant data in the protocol state of the "Issue Credential" message as the default, and adds a new parameter to use the old behavior.
UPGRADE PR #2116 - UPGRADE: Fix multi-use invitation performance
The way that multiuse invitations in previous versions of ACA-Py caused performance to degrade over time. An update was made to add state into the tag names that eliminated the need to scan the tags when querying storage for the invitation.
If you are using multiuse invitations in your existing (pre-0.8.0
deployment
of ACA-Py, you can run an upgrade
to apply this change. To run upgrade from
previous versions, use the following command using the 0.8.0
version of
ACA-Py, adding you wallet settings:
aca-py upgrade <other wallet config settings> --from-version=v0.7.5 --upgrade-config-path ./upgrade.yml
-
Verifiable credential, presentation and revocation handling updates
- BREAKING: Update webhook message to terse form [default, added startup flag --debug-webhooks for full form #2145 by victorlee0505
- Add startup flag --light-weight-webhook to trim down outbound webhook payload #1941 victorlee0505
- feat: add verification method issue-credentials-2.0/send endpoint #2135 chumbert
- Respect auto-verify-presentation flag in present proof v1 and v2 #2097 dbluhm
- Feature: enabled handling VPs (request, creation, verification) with different VCs #1956 (teanas)
- fix: update issue-credential endpoint summaries #1997 (PeterStrob)
- fix claim format designation in presentation submission #2013 (rmnre)
- #2041 - Issue JSON-LD has invalid Admin API documentation #2046 (jfblier-amplitude)
- Previously flagged in release 1.0.0-rc1
- Refactor ledger correction code and insert into revocation error handling #1892 (ianco)
- Indy ledger fixes and cleanups #1870 (andrewwhitehead)
- Refactoring of revocation registry creation #1813 (andrewwhitehead)
- Fix: �the type of tails file path to string. #1925 (baegjae)
- Pre-populate revoc_reg_id on IssuerRevRegRecord #1924 (andrewwhitehead)
- Leave credentialStatus element in the LD credential #1921 (tsabolov)
- BREAKING: Remove aca-py check for unrevealed revealed attrs on proof validation #1913 (ianco)
- Send webhooks upon record/credential deletion #1906 (frostyfrog)
-
Out of Band (OOB) and DID Exchange / Connection Handling / Mediator
- UPGRADE: Fix multi-use invitation performance #2116 reflectivedevelopment
- fix: public did mediator routing keys as did keys #1977 (dbluhm)
- Fix for mediator load testing race condition when scaling horizontally #2009 (ianco)
- BREAKING: Allow multi-use public invites and public invites with metadata #2034 (mepeltier)
- Do not reject OOB invitation with unknown handshake protocol(s) #2060 (andrewwhitehead)
- fix: fix connection timing bug #2099 (reflectivedevelopment)
- Previously flagged in release 1.0.0-rc1
- Fix:
--mediator-invitation
with OOB invitation + cleanup #1970 (shaangill025) - include image_url in oob invitation #1966 (Zzocker)
- feat: 00B v1.1 support #1962 (shaangill025)
- Fix: OOB - Handling of minor versions #1940 (shaangill025)
- fix: failed connectionless proof request on some case #1933 (kukgini)
- fix: propagate endpoint from mediation record #1922 (cjhowland)
- Feat/public did endpoints for agents behind mediators #1899 (cjhowland)
- Fix:
-
DID Registration and Resolution related updates
- feat: allow marking non-SOV DIDs as public #2144 chumbert
- fix: askar exception message always displaying null DID #2155 chumbert
- feat: enable creation of DIDs for all registered methods #2067 (chumbert)
- fix: create local DID return schema #2086 (chumbert)
- feat: universal resolver - configurable authentication #2095 (chumbert)
- Previously flagged in release 1.0.0-rc1
- feat: add universal resolver #1866 (dbluhm)
- fix: resolve dids following new endpoint rules #1863 (dbluhm)
- fix: didx request cannot be accepted #1881 (rmnre)
- did method & key type registry #1986 (burdettadam)
- Fix/endpoint attrib structure #1934 (cjhowland)
- Simple did registry #1920 (burdettadam)
- Use did:key for recipient keys #1886 (frostyfrog)
-
Hyperledger Indy Endorser/Author Transaction Handling
-
Admin API Additions
-
Startup Command Line / Environment / YAML Parameter Updates
- Update webhook message to terse form [default, added startup flag --debug-webhooks for full form #2145 by victorlee0505
- Add startup flag --light-weight-webhook to trim down outbound webhook payload #1941 victorlee0505
- Add missing --mediator-connections-invite cmd arg info to docs #2051 (matrixik)
- Issue #2068 boolean flag change to support HEAD requests to default route #2077 (johnekent)
- Previously flagged in release 1.0.0-rc1
- Add seed command line parameter but use only if also an "allow insecure seed" parameter is set #1714 (DaevMithran)
-
Internal Aries framework data handling updates
- fix: resolver api schema inconsistency #2112 (TimoGlastra)
- fix: return if return route but no response #1853 (TimoGlastra)
- Multi-ledger/Multi-tenant issues #2022 (ianco)
- fix: Correct typo in model -- required spelled incorrectly #2031 (swcurran)
- Code formatting #2053 (ianco)
- Improved validation of record state attributes #2071 (rmnre)
- Previously flagged in release 1.0.0-rc1
- fix: update RouteManager methods use to pass profile as parameter #1902 (chumbert)
- Allow fully qualified class names for profile managers #1880 (chumbert)
- fix: unable to use askar with in memory db #1878 (dbluhm)
- Enable manually triggering keylist updates during connection #1851 (dbluhm)
- feat: make base wallet route access configurable #1836 (dbluhm)
- feat: event and webhook on keylist update stored #1769 (dbluhm)
- fix: Safely shutdown when root_profile uninitialized #1960 (frostyfrog)
- feat: include connection ids in keylist update webhook #1914 (dbluhm)
- fix: incorrect response schema for discover features #1912 (dbluhm)
- Fix: SchemasInputDescriptorFilter: broken deserialization renders generated clients unusable #1894 (rmnre)
- fix: schema class can set Meta.unknown #1885 (dbluhm)
-
Unit, Integration, and Aries Agent Test Harness Test updates
-
Dependency, Python version, GitHub Actions and Container Image Changes
- Remove CircleCI Status since we aren't using CircleCI anymore #2163 swcurran
- Update ACA-Py docker files to produce OpenShift compatible images #2130 WadeBarnes
- Temporarily disable multi-architecture image builds #2125 WadeBarnes
- Fix ACA-py image builds #2123 WadeBarnes
- Fix publish workflows #2117 WadeBarnes
- fix: indy dependency version format #2054 (chumbert)
- ci: add gha for pr-tests #2058 (dbluhm)
- ci: test additional versions of python nightly #2059 (dbluhm)
- Update github actions dependencies (for node16 support) #2066 (andrewwhitehead)
- Docker images and GHA for publishing images #2076 (dbluhm)
- Update dockerfiles to use python 3.9 #2109 (ianco)
- Updating base images from slim-buster to slim-bullseye #2105 (pradeepp88)
- Previously flagged in release 1.0.0-rc1
- feat: update pynacl version from 1.4.0 to 1.50 #1981 (morrieinmaas)
- Fix: web.py dependency - integration tests & demos #1973 (shaangill025)
- chore: update pydid #1915 (dbluhm)
-
Demo and Documentation Updates
- [fix] Removes extra comma that prevents swagger from accepting the presentation request #2149 swcurran
- Initial plugin docs #2138 ianco
- Acme workshop #2137 ianco
- Fix: Performance Demo [no --revocation] #2151 shaangill025
- Fix typos in alice-local.sh & faber-local.sh #2010 (naonishijima)
- Added a bit about manually creating a revoc reg tails file #2012 (ianco)
- Add ability to set docker container name #2024 (matrixik)
- Doc updates for json demo #2026 (ianco)
- Multitenancy demo (docker-compose with postgres and ngrok) #2089 (ianco)
- Allow using YAML configuration file with run_docker #2091 (matrixik)
- Previously flagged in release 1.0.0-rc1
- Fixes to acme exercise code #1990 (ianco)
- Fixed bug in run_demo script #1982 (pasquale95)
- Transaction Author with Endorser demo #1975 (ianco)
- Redis Plugins [redis_cache & redis_queue] related updates #1937 (shaangill025)
-
Release management pull requests
0.7.5 is a patch release to deal primarily to add PR #1881 DID Exchange in ACA-Py 0.7.4 with explicit invitations and without auto-accept broken. A couple of other PRs were added to the release, as listed below, and in Milestone 0.7.5.
- Changelog and version updates for version 0.7.5-rc1 #1985 (swcurran)
- Endorser doc updates and some bug fixes #1926 (ianco)
- Fix: web.py dependency - integration tests & demos #1973 (shaangill025)
- Endorser write DID transaction #1938 (ianco)
- fix: didx request cannot be accepted #1881 (rmnre)
- Fix: OOB - Handling of minor versions #1940 (shaangill025)
- fix: Safely shutdown when root_profile uninitialized #1960 (frostyfrog)
- feat: 00B v1.1 support #1962 (shaangill025)
- 0.7.5 Cherry Picks #1967 (frostyfrog)
- Changelog and version updates for version 0.7.5-rc0 #1969 (swcurran)
- Final 0.7.5 changes #1991 (swcurran)
⚠️ Existing multitenant JWTs invalidated when a new JWT is generated: If you have a pre-existing implementation with existing Admin API authorization JWTs, invoking the endpoint to get a JWT now invalidates the existing JWT. Previously an identical JWT would be created. Please see this comment on PR #1725 for more details.
0.7.4 is a significant release focused on stability and production deployments. As the "patch" release number indicates, there were no breaking changes in the Admin API, but a huge volume of updates and improvements. Highlights of this release include:
- A major performance and stability improvement resulting from the now recommended use of Aries Askar instead of the Indy-SDK.
- There are significant improvements and tools for dealing with revocation-related issues.
- A lot of work has been on the handling of Hyperledger Indy transaction endorsements.
- ACA-Py now has a pluggable persistent queues mechanism in place, with Redis and Kafka support available (albeit with work still to come on documentation).
In addition, there are a significant number of general enhancements, bug fixes, documentation updates and code management improvements.
This release is a reflection of the many groups stressing ACA-Py in production environments, reporting issues and the resulting solutions. We also have a very large number of contributors to ACA-Py, with this release having PRs from 22 different individuals. A big thank you to all of those using ACA-Py, raising issues and providing solutions.
A lot of work has been put into this release related to performance and load
testing, with significant updates being made to the key "shared component"
ACA-Py dependencies (Aries Askar, Indy
VDR) and Indy Shared RS (including
CredX). We now recommend using
those components (by using --wallet-type askar
in the ACA-Py startup
parameters) for new ACA-Py deployments. A wallet migration tool from indy-sdk
storage to Askar storage is still needed before migrating existing deployment to
Askar. A big thanks to those creating/reporting on stress test scenarios, and
especially the team at LISSI for creating the
aries-cloudagent-loadgenerator
to make load testing so easy! And of course to the core ACA-Py team for
addressing the findings.
The largest enhancement is in the area of the endorsing of Hyperledger Indy ledger transactions, enabling an instance of ACA-Py to act as an Endorser for Indy authors needing endorsements to write objects to an Indy ledger. We're working on an Aries Endorser Service based on the new capabilities in ACA-Py, an Endorser to be easily operated by an organization, ideally with a controller starter kit supporting a basic human and automated approvals business workflow. Contributions welcome!
A focus towards the end of the 0.7.4 development and release cycle was on the handling of AnonCreds revocation in ACA-Py. Most important, a production issue was uncovered where by an ACA-Py issuer's local Revocation Registry data could get out of sync with what was published on an Indy ledger, resulting in an inability to publish new RevRegEntry transactions -- making new revocations impossible. As a result, we have added some new endpoints to enable an update to the RevReg storage such that RevRegEntry transactions can again be published to the ledger. Other changes were added related to revocation in general and in the handling of tails files in particular.
The team has worked a lot on evolving the persistent queue (PQ) approach available in ACA-Py. We have landed on a design for the queues for inbound and outbound messages using a default in-memory implementation, and the ability to replace the default method with implementations created via an ACA-Py plugin. There are two concrete, out-of-the-box external persistent queuing solutions available for Redis and Kafka. Those ACA-Py persistent queue implementation repositories will soon be migrated to the Aries project within the Hyperledger Foundation's GitHub organization. Anyone else can implement their own queuing plugin as long as it uses the same interface.
Several new ways to control ACA-Py configurations were added, including new startup parameters, Admin API parameters to control instances of protocols, and additional web hook notifications.
A number of fixes were made to the Credential Exchange protocols, both for V1 and V2, and for both AnonCreds and W3C format VCs. Nothing new was added and there no changes in the APIs.
As well there were a number of internal fixes, dependency updates, documentation and demo changes, developer tools and release management updates. All the usual stuff needed for a healthy, growing codebase.
-
Hyperledger Indy Endorser related updates:
- Fix order of operations connecting faber to endorser #1716 (ianco)
- Endorser support for updating DID endpoints on ledger #1696 (frostyfrog)
- Add "sent" key to both Schema and Cred Defs when using Endorsers #1663 (frostyfrog)
- Add cred_def_id to metadata when using an Endorser #1655 (frostyfrog)
- Update Endorser documentation #1646 (chumbert)
- Auto-promote author did to public after endorsing #1607 (ianco)
- DID updates for endorser #1601 (ianco)
- Qualify did exch connection lookup by role #1670 (ianco)
- Use provided connection_id if provided #1726 (ianco)
-
Additions to the startup parameters, Admin API and Web Hooks
- Improve typing of settings and add plugin settings object #1833 (dbluhm)
- feat: accept taa using startup parameter --accept-taa #1643 (TimoGlastra)
- Add auto_verify flag in present-proof protocol #1702 (DaevMithran)
- feat: query connections by their_public_did #1637 (TimoGlastra)
- feat: enable webhook events for mediation records #1614 (TimoGlastra)
- Feature/undelivered events #1694 (mepeltier)
- Allow use of SEED when creating local wallet DID Issue-1682 Issue-1682 #1705 (DaevMithran)
- Feature: Add the ability to deny specific plugins from loading #1737 (frostyfrog)
- feat: Add filter param to connection list for invitations #1797 (frostyfrog)
- Fix missing webhook handler #1816 (ianco)
-
Persistent Queues
- Redis PQ Cleanup in preparation for enabling the uses of plugin PQ implementations [Issue#1659] #1659 (shaangill025)
-
Credential Revocation and Tails File Handling
- Fix handling of non-revocable credential when timestamp is specified (askar/credx) #1847 (andrewwhitehead)
- Additional endpoints to get revocation details and fix "published" status #1783 (ianco)
- Fix IssuerCredRevRecord state update on revocation publish #1827 (andrewwhitehead)
- Fix put_file when the server returns a redirect #1808 (andrewwhitehead)
- Adjust revocation registry update procedure to shorten transactions #1804 (andrewwhitehead)
- fix: Resolve Revocation Notification environment variable name collision #1751 (frostyfrog)
- fix: always notify if revocation notification record exists #1665 (TimoGlastra)
- Fix for AnonCreds non-revoc proof with no timestamp #1628 (ianco)
- Fixes for v7.3.0 - Issue #1597 #1711 (shaangill025)
- Fixes Issue 1 from #1597: Tails file upload fails when a credDef is created and multi ledger support is enabled
- Fix tails server upload multi-ledger mode #1785 (ianco)
- Feat/revocation notification v2 #1734 (frostyfrog)
-
Issue Credential, Present Proof updates/fixes
- Fix: Present Proof v2 - check_proof_vs_proposal update to support proof request with restrictions #1820 (shaangill025)
- Fix: present-proof v1 send-proposal flow #1811 (shaangill025)
- Prover - verification outcome from presentation ack message #1757 (shaangill025)
- feat: support connectionless exchange #1710 (TimoGlastra)
- Fix: DIF proof proposal when creating bound presentation request [Issue#1687] #1690 (shaangill025)
- Fix DIF PresExch and OOB request_attach delete unused connection #1676 (shaangill025)
- Fix DIFPresFormatHandler returning invalid V20PresExRecord on presentation verification #1645 (rmnre)
- Update aries-askar patch version to at least 0.2.4 as 0.2.3 does not include backward compatibility #1603 (acuderman)
- Fixes for credential details in issue-credential webhook responses #1668 (andrewwhitehead)
- Fix: present-proof v2 send-proposal issue#1474 #1667 (shaangill025)
- Fixes Issue 3b from #1597: V2 Credential exchange ignores the auto-respond-credential-request
- Revert change to send_credential_ack return value #1660 (andrewwhitehead)
- Fix usage of send_credential_ack #1653 (andrewwhitehead)
- Replace blank credential/presentation exchange states with abandoned state #1605 (andrewwhitehead)
- Fixes Issue 4 from #1597: Wallet type askar has issues when receiving V1 credentials
- Fixes and cleanups for issue-credential 1.0 #1619 (andrewwhitehead)
- Fix: Duplicated schema and cred_def - Askar and Postgres #1800 (shaangill025)
-
Mediator updates and fixes
- feat: allow querying default mediator from base wallet #1729 (dbluhm)
- Added async with for mediator record delete #1749 (dejsenlitro)
-
Multitenacy updates and fixes
- feat: create new JWT tokens and invalidate older for multitenancy #1725 (TimoGlastra)
- Multi-tenancy stale wallet clean up #1692 (dbluhm)
-
Dependencies and internal code updates/fixes
- Update pyjwt to 2.4 #1829 (andrewwhitehead)
- Fix external Outbound Transport loading code #1812 (frostyfrog)
- Fix iteration over key list, update Askar to 0.2.5 #1740 (andrewwhitehead)
- Fix: update IndyLedgerRequestsExecutor logic - multitenancy and basic base wallet type #1700 (shaangill025)
- Move database operations inside the session context #1633 (acuderman)
- Upgrade ConfigArgParse to version 1.5.3 #1627 (WadeBarnes)
- Update aiohttp dependency #1606 (acuderman)
- did-exchange implicit request pthid update & invitation key verification #1599 (shaangill025)
- Fix auto connection response not being properly mediated #1638 (dbluhm)
- platform target in run tests. #1697 (burdettadam)
- Add an integration test for mixed proof with a revocable cred and a n… #1672 (ianco)
- Fix: Inbound Transport is_external attribute #1802 (shaangill025)
- fix: add a close statement to ensure session is closed on error #1777 (reflectivedevelopment)
- Adds
transport_id
variable assignment back to outbound enqueue method #1776 (amanji) - Replace async workaround within document loader #1774 (frostyfrog)
-
Documentation and Demo Updates
- Use default wallet type askar for alice/faber demo and bdd tests #1761 (ianco)
- Update the Supported RFCs document for 0.7.4 release #1846 (swcurran)
- Fix a typo in DevReadMe.md #1844 (feknall)
- Add troubleshooting document, include initial examples - ledger connection, out-of-sync RevReg #1818 (swcurran)
- Update POST /present-proof/send-request to POST /present-proof-2.0/send-request #1824 (lineko)
- Fetch from --genesis-url likely to fail in composed container #1746 (tdiesler)
- Fixes logic for web hook formatter in Faber demo #1739 (amanji)
- Multitenancy Docs Update #1706 (MonolithicMonk)
- #1674 Add basic DOCKER_ENV logging for run_demo #1675 (tdiesler)
- Performance demo updates #1647 (ianco)
- docs: supported features attribution #1654 (TimoGlastra)
- Documentation on existing language wrappers for aca-py #1738 (etschelp)
- Document impact of multi-ledger on TAA acceptance #1778 (ianco)
-
Code management and contributor/developer support updates
- Set prefix for integration test demo agents; some code cleanup #1840 (andrewwhitehead)
- Pin markupsafe at version 2.0.1 #1642 (andrewwhitehead)
- style: format with stable black release #1615 (TimoGlastra)
- Remove references to play with von #1688 (ianco)
- Add pre-commit as optional developer tool #1671 (dbluhm)
- run_docker start - pass environment variables #1715 (shaangill025)
- Use local deps only #1834 (ryjones)
- Enable pip-audit #1831 (ryjones)
- Only run pip-audit on main repo #1845 (ryjones)
-
Release management pull requests
- 0.7.4 Release Changelog and version update #1849 (swcurran)
- 0.7.4-rc5 changelog, version and ReadTheDocs updates #1838 (swcurran)
- Update changelog and version for 0.7.4-rc4 #1830 (swcurran)
- Changelog, version and ReadTheDocs updates for 0.7.4-rc3 release #1817 (swcurran)
- 0.7.4-rc2 update #1771 (swcurran)
- Some ReadTheDocs File updates #1770 (swcurran)
- 0.7.4-RC1 Changelog intro paragraph - fix copy/paste error #1753 (swcurran)
- Fixing the intro paragraph and heading in the changelog of this 0.7.4RC1 #1752 (swcurran)
- Updates to Changelog for 0.7.4. RC1 release #1747 (swcurran)
- Prep for adding the 0.7.4-rc0 tag #1722 (swcurran)
- Added missed new module -- upgrade -- to the RTD generated docs #1593 (swcurran)
- Doh....update the date in the Changelog for 0.7.3 #1592 (swcurran)
This release includes some new AIP 2.0 features out (Revocation Notification and Discover Features 2.0), a major new feature for those using Indy ledger (multi-ledger support), a new "version upgrade" process that automates updating data in secure storage required after a new release, and a fix for a critical bug in some mediator scenarios. The release also includes several new pieces of documentation (upgrade processing, storage database information and logging) and some other documentation updates that make the ACA-Py Read The Docs site useful again. And of course, some recent bug fixes and cleanups are included.
There is a BREAKING CHANGE for those deploying ACA-Py with an external outbound queue implementation (see PR #1501). As far as we know, there is only one organization that has such an implementation and they were involved in the creation of this PR, so we are not making this release a minor or major update. However, anyone else using an external queue should be aware of the impact of this PR that is included in the release.
For those that have an existing deployment of ACA-Py with long-lasting connection records, an upgrade is needed to use RFC 434 Out of Band and the "reuse connection" as the invitee. In PR #1453 (details below) a performance improvement was made when finding a connection for reuse. The new approach (adding a tag to the connection to enable searching) applies only to connections made using this ACA-Py release and later, and "as-is" connections made using earlier releases of ACA-Py will not be found as reuse candidates. A new "Upgrade deployment" capability (#1557, described below) must be executed to update your deployment to add tags for all existing connections.
The Supported RFCs document has been updated to reflect the addition of the AIP 2.0 RFCs for which support was added.
The following is an annotated list of PRs in the release, including a link to each PR.
- AIP 2.0 Features
- Discover Features Protocol: v1_0 refactoring and v2_0 implementation #1500
- Updates the Discover Features 1.0 (AIP 1.0) implementation and implements the new 2.0 version. In doing so, adds generalized support for goal codes to ACA-Py.
- fix DiscoveryExchangeRecord RECORD_TOPIC typo fix #1566
- Implement Revocation Notification v1.0 #1464
- Fix integration tests (revocation notifications) #1528
- Add Revocation notification support to alice/faber #1527
- Discover Features Protocol: v1_0 refactoring and v2_0 implementation #1500
- Other New Features
- Multiple Indy Ledger support and State Proof verification #1425
- Outbound Queue - more usability improvements #1501
- Display QR code when generating/displaying invites on startup #1526
- Enable WS Pings for WS Inbound Transport #1530
- Faster detection of lost Web Socket connections; implementation verified with an existing mediator.
- Performance Improvement when using connection reuse in OOB and there are many DID connections. ConnRecord tags - their_public_did and invitation_msg_id #1543
- In previous releases, a "their_public_did" was not a tag, so to see if you can reuse a connection, all connections were retrieved from the database to see if a matching public DID can be found. Now, connections created after deploying this release will have a tag on the connection such that an indexed query can be used. See "Breaking Change" note above and "Update" feature below.
- Follow up to #1543 - Adding invitation_msg_id and their_public_did back to record_value #1553
- A generic "Upgrade Deployment" capability was added to ACA-Py that operates like a database migration capability in relational databases. When executed (via a command line option), a current version of the deployment is detected and if any storage updates need be applied to be consistent with the new version, they are, and the stored "current version"is updated to the new version. An instance of this capability can be used to address the new feature #1543 documented above. #1557
- Adds a "credential_revoked" state to the Issue Credential protocol state object. When the protocol state object is retained past the completion of the protocol, it is updated when the credential is revoked. #1545
- Updated a missing dependency that recently caused an error when using the
--version
command line option #1589
- Critical Fixes
- Fix connection record response for mobile #1469
- Documentation Additions and Updates
- added documentation for wallet storage databases #1523
- added logging documentation #1519
- Fix warnings when generating ReadTheDocs #1509
- Remove Streetcred references #1504
- Add RTD configs to get generator working #1496
- The Alice/Faber demo was updated to allow connections based on Public DIDs to be established, including reusing a connection if there is an existing connection. #1574
- Other Fixes
- Connection Handling / Out of Band Invitations Fixes
- OOB: Fixes issues with multiple public explicit invitation and unused 0160 connection #1525
- OOB added webhooks to notify the controller when a connection reuse message is used in response to an invitation #1581
- Delete unused ConnRecord generated - OOB invitation (use_exising_connection) #1521
- When an invitee responded with a "reuse" message, the connection record associated with the invitation was not being deleted. Now it is.
- Await asyncio.sleeps to cleanup warnings in Python 3.8/3.9 #1558
- Add alias field to didexchange invitation UI #1561
- fix: use invitation key for connection query #1570
- Fix the inconsistency of invitation_msg_id between invitation and response #1564
- chore: update pydid to ^0.3.3 #1562
- DIF Presentation Exchange Cleanups
- Fix DIF Presentation Request Input Validation #1517
- Some validation checking of a DIF presentation request to prevent uncaught errors later in the process.
- DIF PresExch - ProblemReport and "is_holder" #1493
- Cleanups related to when "is_holder" is or is not required. Related to Issue #1486
- Fix DIF Presentation Request Input Validation #1517
- Indy SDK Related Fixes
- Fix AttributeError when writing an Indy Cred Def record #1516
- Fix TypeError when calling credential_definitions_fix_cred_def_wallet… #1515
- Fix TypeError when writing a Schema record #1494
- Fix validation for range checks #1538
- Back out some of the validation checking for proof requests with predicates as they were preventing valid proof requests from being processed.
- Aries Askar Related Fixes:
- Docker fixes:
- Update docker scripts to use new & improved docker IP detection #1565
- Release Adminstration:
- Changelog and RTD updates for the pending 0.7.3 release #1553
- Connection Handling / Out of Band Invitations Fixes
A mostly maintenance release with some key updates and cleanups based on community deployments and discovery. With usage in the field increasing, we're cleaning up edge cases and issues related to volume deployments.
The most significant new feature for users of Indy ledgers is a simplified approach for transaction authors getting their transactions signed by an endorser. Transaction author controllers now do almost nothing other than configuring their instance to use an Endorser, and ACA-Py takes care of the rest. Documentation of that feature is here.
- Improve cloud native deployments/scaling
- unprotect liveness and readiness endpoints #1416
- Open askar sessions only on demand - Connections #1424
- Fixed potential deadlocks by opening sessions only on demand (Wallet endpoints) #1472
- Fixed potential deadlocks by opening sessions only on demand #1439
- Make mediation invitation parameter idempotent #1413
- Indy Transaction Endorser Support Added
- Indy verifiable credential/presentation fixes and updates
- Update credential and proof mappings to allow negative encoded values #1475
- Add credential validation to offer issuance step #1446
- Fix error removing proof req entries by timestamp #1465
- Fix issue with cred limit on presentation endpoint #1437
- Add support for custom offers from the proposal #1426
- Make requested attributes and predicates required on indy proof request #1411
- Remove connection check on proof verify #1383
- General cleanups and improvements to existing features
- Fixes failing integration test -- JSON-LD context URL not loading because of external issue #1491
- Update base record time-stamp to standard ISO format #1453
- Encode DIDComm messages before sent to the queue #1408
- Add Event bus Metadata #1429
- Allow base wallet to connect to a mediator after startup #1463
- Log warning when unsupported problem report code is received #1409
- feature/inbound-transport-profile #1407
- Import cleanups #1393
- Add no-op handler for generic ack message (RFC 0015) #1390
- Align OutOfBandManager.receive_invitation with other connection managers #1382
- Bug fixes
- fix: fixes error in use of a default mediator in connections/out of band -- mediation ID was being saved as None instead of the retrieved default mediator value #1490
- fix: help text for open-mediation flag #1445
- fix: incorrect return type #1438
- Add missing param to ws protocol #1442
- fix: create static doc use empty endpoint if None #1483
- fix: use named tuple instead of dataclass in mediation invite store #1476
- When fetching the admin config, don't overwrite webhook settings #1420
- fix: return type of inject #1392
- fix: typo in connection static result schema #1389
- fix: don't require push on outbound queue implementations #1387
- Updates/Fixes to the Alice/Faber demo and integration tests
- Chores
A relatively minor maintenance release to address issues found since the 0.7.0 Release. Includes some cleanups of JSON-LD Verifiable Credentials and Verifiable Presentations
- W3C Verifiable Credential cleanups
- Refactor outbound queue interface (#1348)
- Command line parameter handling for arbitrary plugins (#1347)
- Add an optional parameter '--ledger-socks-proxy' (#1342)
- OOB Protocol - CredentialOffer Support (#1316), (#1216)
- Updated IndyCredPrecisSchema - pres_referents renamed to presentation_referents (#1334)
- Handle unpadded protected header in PackWireFormat::get_recipient_keys (#1324)
- Initial cut of OpenAPI Code Generation guidelines (#1339)
- Correct revocation API in credential revocation documentation (#612)
- Documentation updates for Read-The-Docs (#1359, #1366, #1371)
- Add
inject_or
method to dynamic injection framework to resolve typing ambiguity (#1376) - Other fixes:
- Indy Proof processing fix, error not raised in predicate timestamp check (#1364)
- Problem Report handler for connection specific problems (#1356)
- fix: error on deserializing conn record with protocol (#1325)
- fix: failure to verify jsonld on non-conformant doc but vaild vmethod (#1301)
- fix: allow underscore in endpoints (#1378)
Another significant release, this version adds support for multiple new protocols, credential formats, and extension methods.
- Support for W3C Standard Verifiable Credentials based on JSON-LD using LD-Signatures and BBS+ Signatures, contributed by Animo Solutions - #1061
- Present Proof V2 including support for DIF Presentation Exchange - #1125
- Pluggable DID Resolver (with a did:web resolver) with fallback to an external DID universal resolver, contributed by Indicio - #1070
- Updates and extensions to ledger transaction endorsement via the Sign Attachment Protocol, contributed by AyanWorks - #1134, #1200
- Upgrades to Demos to add support for Credential Exchange 2.0 and W3C Verifiable Credentials #1235
- Alpha support for the Indy/Aries Shared Components (indy-vdr, indy-credx and aries-askar), which enable running ACA-Py without using Indy-SDK, while still supporting the use of Indy as a ledger, and Indy AnonCreds verifiable credentials #1267
- A new event bus for distributing internally generated ACA-Py events to controllers and other listeners, contributed by Indicio - #1063
- Enable operation without Indy ledger support if not needed
- Performance fix for deployments with large numbers of DIDs/connections #1249
- Simplify the creation/handling of plugin protocols #1086, #1133, #1226
- DID Exchange implicit invitation handling #1174
- Add support for Indy 1.16 predicates (restrictions on predicates based on attribute name and value) #1213
- BDD Tests run via GitHub Actions #1046
This is a significant release of ACA-Py with several new features, as well as changes to the internal architecture in order to set the groundwork for using the new shared component libraries: indy-vdr, indy-credx, and aries-askar.
While ACA-Py had previous support for a basic routing protocol, this was never fully developed or used in practice. Starting with this release, inbound and outbound connections can be established through a mediator agent using the Aries Mediator Coordination Protocol. This work was initially contributed by Adam Burdett and Daniel Bluhm of Indicio on behalf of SICPA. Read more about mediation support.
Started by BMW and completed by Animo Solutions and Anon Solutions on behalf of SICPA, this feature allows for a single ACA-Py instance to host multiple wallet instances. This can greatly reduce the resources required when many identities are being handled. Read more about multi-tenancy support.
In addition to the Aries 0160 Connections RFC, ACA-Py now supports the Aries DID Exchange Protocol for connection establishment and reuse, as well as the Aries Out-of-Band Protocol for representing connection invitations and other pre-connection requests.
This release includes an initial implementation of the Aries Issue Credential v2 protocol.
-
There are several new endpoints available for controllers as well as new startup parameters related to the multi-tenancy and mediator features, see the feature description pages above in order to make use of these features. Additional admin endpoints are introduced for the DID Exchange, Issue Credential v2, and Out-of-Band protocols.
-
When running
aca-py start
, a new wallet will no longer be created unless the--auto-provision
argument is provided. It is recommended to always useaca-py provision
to initialize the wallet rather than relying on automatic behaviour, as this removes the need for repeatedly providing the wallet seed value (if any). This is a breaking change from previous versions. -
When running
aca-py provision
, an existing wallet will not be removed and re-created unless the--recreate-wallet
argument is provided. This is a breaking change from previous versions. -
The logic around revocation intervals has been tightened up in accordance with Present Proof Best Practices.
The following are breaking changes to the internal APIs which may impact Python code extensions.
-
Manager classes generally accept a
Profile
instance, where previously they accepted aRequestContext
. -
Admin request handlers now receive an
AdminRequestContext
asapp["context"]
. The current profile is available asapp["context"].profile
. The admin server now generates a unique context instance per request in order to facilitate multi-tenancy, rather than reusing the same instance for each handler. -
In order to inject the
BaseStorage
orBaseWallet
interfaces, aProfileSession
must be used. Other interfaces can be injected at theProfile
orProfileSession
level. This is obtained by awaitingprofile.session()
for the currentProfile
instance, or (preferably) using it as an async context manager:
async with profile.session() as session:
storage = session.inject(BaseStorage)
- The
inject
method of a context is no longerasync
.
- Fix an attempt to update the agent endpoint when configured with a read-only ledger #758
- Support interactions using the new
https://didcomm.org
message type prefix (currently opt-in via the--emit-new-didcomm-prefix
flag) #705, #713 - Updates to application startup arguments, adding support for YAML configuration #739, #746, #748
- Add a new endpoint to check the revocation status of a stored credential #735
- Clean up API documentation and OpenAPI definition, minor API adjustments #712, #726, #732, #734, #738, #741, #747
- Add configurable support for unencrypted record tags #723
- Retain more limited records on issued credentials #718
- Fix handling of custom endpoint in connections
accept-request
API method #715, #716 - Add restrictions around revocation registry sizes #727
- Allow the state for revocation registry records to be set manually #708
- Handle multiple matching credentials when satisfying a presentation request using
names
#706 - Additional handling for a missing local tails file, tails file rollover process #702, #717
- Handle unknown credential ID in
create-proof
API method #700 - Improvements to revocation interval handling in presentation requests #699, #703
- Clean up warnings on API redirects #692
- Extensions to DID publicity status #691
- Support Unicode text in JSON-LD credential handling #687
- Improvements to schema, cred def registration procedure #682, #683
- Updates to align admin API output with documented interface #674, #681
- Fix provisioning issue when ledger is configured as read-only #673
- Add
get-nym-role
action #671 - Basic support for w3c profile endpoint #667, #669
- Improve handling of non-revocation interval #648, #680
- Update revocation demo after changes to tails file handling #644
- Improve handling of fatal ledger errors #643, #659
- Improve
did:key:
handling in out-of-band protocol support #639 - Fix crash when no public DID is configured #637
- Fix high CPU usage when only messages pending retry are in the outbound queue #636
- Additional unit tests for config, messaging, revocation, startup, transports #633, #641, #658, #661, #666
- Allow forwarded messages to use existing connections and the outbound queue #631
- Store endpoint on provisioned DID records #610
- More reliable delivery of outbound messages and webhooks #615
- Improvements for OpenShift pod handling #614
- Remove support for 'on-demand' revocation registries #605
- Sort tags in generated swagger JSON for better consistency #602
- Improve support for multi-credential proofs #601
- Adjust default settings for tracing and add documentation #598, #597
- Fix reliance on local copy of revocation tails file #590
- Improved handling of problem reports #595
- Remove credential preview parameter from credential issue endpoint #596
- Looser format restrictions on dates #586
- Support
names
and attribute-value specifications in present-proof protocol #587 - Misc documentation updates and unit test coverage
- Initial out-of-band protocol support #576
- Support provisioning a new local-only DID in the wallet, updating a DID endpoint #559, #573
- Support pagination for holder search operation #558
- Add raw JSON credential signing and verification admin endpoints #540
- Catch fatal errors in admin and protocol request handlers #527, #533, #534, #539, #543, #554, #555
- Add wallet and DID key rotation operations #525
- Admin API documentation and usability improvements #504, #516, #570
- Adjust the maximum number of attempts for outbound messages #501
- Add demo support for tails server #499
- Various credential and presentation protocol fixes and improvements #491, #494, #498, #526, #561, #563, #564, #577, #579
- Fixes for multiple agent endpoints #495, #497
- Additional test coverage #482, #485, #486, #487, #490, #493, #509, #553
- Update marshmallow dependency #479
- Restore previous response format for the
/credential/{id}
admin route #474
- Add support for credential revocation and revocation registry handling, with thanks to Medici Ventures #306, #417, #425, #429, #432, #435, #441, #455
- Breaking change Remove previous credential and presentation protocols (0.1 versions) #416
- Add support for major/minor protocol version routing #443
- Event tracing and trace reports for message exchanges #440
- Support additional Indy restriction operators (
>
,<
,<=
in addition to>=
) #457 - Support signed attachments according to the updated Aries RFC 0017 #456
- Increased test coverage #442, #453
- Updates to demo agents and documentation #402, #403, #411, #415, #422, #423, #449, #450, #452
- Use Indy generate_nonce method to create proof request nonces #431
- Make request context available in the outbound transport handler #408
- Contain indy-anoncreds usage in IndyIssuer, IndyHolder, IndyProver classes #406, #463
- Fix issue with validation of proof with predicates and revocation support #400
- Added NOTICES file with license information for dependencies #398
- Updated documentation for administration API demo #397
- Accept self-attested attributes in presentation verification, only when no restrictions are present on the requested attribute #394, #396
- Update docker image used in demo and test containers #391
- Fix pre-verify check on received presentations #390
- Do not canonicalize attribute names in credential previews #389
- Fix the application of transaction author agreement acceptance to signed ledger requests #385
- Add a command line argument to preserve connection exchange records #355
- Allow custom credential IDs to be specified by the controller in the issue-credential protocol #384
- Handle send timeouts in the admin server websocket implementation #377
- Aries RFC 0348: Support the 'didcomm.org' message type prefix for incoming messages #379
- Add support for additional postgres wallet schemes such as "MultiWalletDatabase" #378
- Updates to the demo agents and documentation to support demos using the OpenAPI interface #371, #375, #376, #382, #383, #382
- Add a new flag for preventing writes to the ledger #364
- Adjust logging on HTTP request retries #363
- Tweaks to
run_docker
/run_demo
scripts for Windows #357 - Avoid throwing exceptions on invalid or incomplete received presentations #359
- Restore the
present-proof/create-request
admin endpoint for creating connectionless presentation requests #356 - Activate the
connections/create-static
admin endpoint for creating static connections #354
- Update Forward messages and handlers to align with RFC 0094 for compatibility with libvcx and Streetcred #240, #349
- Verify encoded attributes match raw attributes on proof presentation #344
- Improve checks for existing credential definitions in the wallet and on ledger when publishing #333, #346
- Accommodate referents in presentation proposal preview attribute specifications #333
- Make credential proposal optional in issue-credential protocol #336
- Handle proofs with repeated credential definition IDs #330
- Allow side-loading of alternative inbound transports #322
- Various fixes to documentation and message schemas, and improved unit test coverage
- Improved unit test coverage (actionmenu, basicmessage, connections, introduction, issue-credential, present-proof, routing protocols)
- Various documentation and bug fixes
- Add admin routes for fetching and accepting the ledger transaction author agreement #144
- Add support for receiving connection-less proof presentations #296
- Set attachment id explicitly in unbound proof request #289
- Add create-proposal admin endpoint to the present-proof protocol #288
- Remove old anon/authcrypt support #282
- Allow additional endpoints to be specified #276
- Allow timestamp without trailing 'Z' #275, #277
- Display agent label and version on CLI and SwaggerUI #274
- Remove connection activity tracking and add ping webhooks (with --monitor-ping) #271
- Refactor message transport to track all async tasks, active message handlers #269, #287
- Add invitation mode "static" for static connections #260
- Allow for cred proposal underspecification of cred def id, only lock down cred def id at issuer on offer. Sync up api requests to Aries RFC-36 verbiage #259
- Disable cookies on outbound requests (avoid session affinity) #258
- Add plugin registry for managing all loaded protocol plugins, streamline ClassLoader #257, #261
- Add support for locking a cache key to avoid repeating expensive operations #256
- Add optional support for uvloop #255
- Output timing information when --timing-log argument is provided #254
- General refactoring - modules moved from messaging into new core, protocols, and utils sub-packages #250, #301
- Switch performance demo to the newer issue-credential protocol #243
- Switch performance demo to the newer issue-credential protocol #243
- Remove old method for reusing credential requests and replace with local caching for credential offers and requests #238, #242
- Add statistics on HTTP requests to timing output #237
- Reduce the number of tags on non-secrets records to reduce storage requirements and improve performance #235
- Clean up base64 handling in wallet utils and add tests #224
- Support schema sequence numbers for lookups and caching and allow credential definition tag override via admin API #223
- Support multiple proof referents in the present-proof protocol #222
- Group protocol command line arguments appropriately #217
- Don't require a signature for get_txn_request in credential_definition_id2schema_id and reduce public DID lookups #215
- Add a role property to credential exchange and presentation exchange records #214, #218
- Improve attachment decorator handling #210
- Expand and correct documentation of the OpenAPI interface #208, #212
- Clean up LGTM errors and warnings and fix a message dispatch error #203
- Avoid wrapping messages with Forward wrappers when returning them directly #199
- Add a CLI parameter to override the base URL used in URL-formatted connection invitations #197
- Update the feature discovery protocol to match the RFC and rename the admin API endpoint #193
- Add CLI parameters for specifying additional properties of the printed connection invitation #192
- Add support for explicitly setting the wallet credential ID on storage #188
- Additional performance tracking and storage reductions #187
- Handle connection invitations in base64 or URL format in the Alice demo agent #186
- Add admin API methods to get and set the credential tagging policy for a credential definition ID #185
- Allow querying of credentials for proof requests with multiple referents #181
- Allow self-connected agents to issue credentials, present proofs #179
- Add admin API endpoints to register a ledger nym, fetch a ledger DID verkey, or fetch a ledger DID endpoint #178
- Merge support for Aries #36 (issue-credential) and Aries #37 (present-proof) protocols #164, #167
- Add
initiator
to connection record queries to ensure uniqueness in the case of a self-connection #161 - Add connection aliases #149
- Misc documentation updates
- Do not fail with an error when no ledger is configured #145
- Switch to PyNaCl instead of pysodium; update dependencies #143
- Support reusable connection invitations #142
- Fix --version option and optimize Docker builds #136
- Add connection_id to basicmessage webhooks #134
- Fixes for transaction author agreements #133
- Ledger and wallet config updates; add support for transaction author agreements #127
- Handle duplicate schema in send_schema by always fetching first #126
- More flexible timeout support in detect_process #125
- Add start command to run_docker invocations #119
- Add issuer stored state #114
- Add admin route to create a presentation request without sending it #112
- Add -v option to aca-py executable to print version #110
- Fix demo presentation request, optimize credential retrieval #108
- Add pypi badge to README and make document link URLs absolute #103
- Add admin routes for creating and listing wallet DIDs, adjusting the public DID #102
- Update the running locally instructions based on feedback from Sam Smith #101
- Add support for multiple invocation commands, implement start/provision/help commands #99
- Add admin endpoint to send problem report #98
- Add credential received state transition #97
- Adding documentation for the routing version of the performance example #94
- Document listing the Aries RFCs supported by ACA-Py and reference to the list in the README #89
- Further updates to the running locally section of the demo README #86
- Don't extract decorators with names matching the 'data_key' of defined schema fields #85
- Allow demo scripts to run outside of Docker; add command line parsing #84
- Connection invitation fixes and improvements; support DID-based invitations #82
- Add missing MANIFEST file #78
This is the first PyPI release. The history begins with the transfer of aca-py from bcgov to hyperledger.
- Prepare for version 0.2.0 release #77
- Update von-network related references. #74
- Fixed log_level arg, added validation error logging #73
- fix shell inconsistency #72
- further cleanup to the OpenAPI demo script #71
- Updates to invitation handling and performance test #68
- Api security #67
- Fix line endings on Windows #66
- Fix repository name in badge links #65
- Connection record is_ready refactor #64
- Fix API instructions for cred def id #58
- Updated API demo docs to use alice/faber scripts #54
- Updates to the readme for the demo to add PWD support #53
- Swallow empty input in demo scripts #51
- Set credential_exchange state when created from a cached credential request #49
- Check for readiness instead of activeness in credential admin routes #46
- Demo updates #43
- Misc fixes #42
- Readme updates #41
- Change installed "binary" name to aca-py #40
- Tweak in script to work under Linux; updates to readme for demo #33
- New routing example document, typo corrections #31
- More bad links #30
- Links cleanup for the documentation #29
- Alice-Faber demo update #28
- Deployment Model document #27
- Plantuml source and images for documentation; w/image generator script #26
- Move generated documentation. #25
- Update generated documents #24
- Split application configuration into separate modules and add tests #23
- Updates to the RTD configuration file #22
- Merge DIDDoc support from von_anchor #21
- Adding Prov of BC, Gov of Canada copyright #19
- Update test configuration #18
- CI updates #17
- Transport updates #15