Release 0.9.0 is an important upgrade that changes (PR #2302) the dependency on the now archived Hyperledger Ursa project to its updated, improved replacement, AnonCreds CL-Signatures. This important change is ONLY available when using Aries Askar as the wallet type, which brings in both [Indy VDR] and the CL-Signatures via the latest version of CredX from the indy-shared-rs repository. The update is NOT available to those that are using the Indy SDK. All new deployments of ACA-Py SHOULD use Aries Askar. Further, we strongly recommend that all deployments using the Indy SDK with ACA-Py upgrade their installation to use Aries Askar and the related components using the migration scripts available. An Indy SDK to Askar migration document added to the aca-py.org documentation site, and a deprecation warning added to the ACA-Py startup.
The second big change in this release is that we have upgraded the primary Python version from 3.6 to 3.9 (PR #2247). In this case, primary means that Python 3.9 is used to run the unit and integration tests on all Pull Requests. We also do nightly runs of the main branch using Python 3.10. As of this release we have dropped Python 3.6, 3.7 and 3.8, and introduced new dependencies that are not supported in those versions of Python. For those that use the published ACA-Py container images, the upgrade should be easily handled. If you are pulling ACA-Py into your own image, or a non-containerized environment, this is a breaking change that you will need to address.
Please see the next section for all breaking changes, and the subsequent section for a categorized list of all pull requests in this release.
In addition to the breaking Python 3.6 to 3.9 upgrade, there are two other breaking changes that may impact some deployments.
#2034 allows for additional flexibility in using public DIDs in invitations,
and adds a restriction that "implicit" invitations must be proactively enabled
using a flag (--requests-through-public-did
). Previously, such requests
would always be accepted if --auto-accept
was enabled, which could lead to
unexpected connections being established.
#2170 is a change to improve message handling in the face of delivery errors when using a persistent queue implementation such as the ACA-Py Redis Plugin. If you are using the Redis plugin, you MUST upgrade to Redis Plugin Release 0.1.0 in conjunction with deploying this ACA-Py release. For those using their own persistent queue solution, see the PR #2170 comments for information about changes you might need to make to your deployment.
- DIDComm Messaging Improvements/Fixes
- DID Handling and Connection Establishment Updates/Fixes
- Allow any did to be public #2295 mkempa
- Feat: Added support for Ed25519Signature2020 signature type and Ed25519VerificationKey2020 #2241 dkulic
- Add Goal and Goal Code to OOB and DIDex Request #2294 usingtechnology
- Fix routing in set public did #2288 mkempa - Fix: Do not replace public verkey on mediator #2269 mkempa - BREAKING: Allow multi-use public invites and public invites with metadata #2034 mepeltier
- fix: public did mediator routing keys as did keys #1977 dbluhm
- Credential Exchange (Issue, Present) Updates
- Add revocation registry rotate to faber demo #2333 usingtechnology
- Update to indy-credx 1.0 #2302 andrewwhitehead
- feat(anoncreds): Implement automated setup of revocation #2292 dbluhm
- fix: schema class can set Meta.unknown #1885 dbluhm
- Respect auto-verify-presentation flag in present proof v1 and v2 #2097 dbluhm
- Feature: JWT Sign and Verify Admin Endpoints with DID Support #2300 burdettadam
- Multitenancy Updates and Fixes
- Fix: Track endorser and author roles in per-tenant settings #2331 shaangill025
- Added base wallet provisioning details to Multitenancy.md #2328 esune
- Other Fixes, Demo, and Documentation Fixes
- Add more context to the ACA-Py Revocation handling documentation #2343 swcurran
- Document the Indy SDK to Askar Migration process #2340 swcurran
- Add revocation registry rotate to faber demo #2333 usingtechnology
- chore: add indy deprecation warnings #2332 dbluhm
- Fix alice/faber demo execution #2305 andrewwhitehead
- Add .indy_client folder to Askar only image. #2308 WadeBarnes
- Add build step for indy-base image in run_demo #2299 usingtechnology
- Webhook over websocket clarification #2287 dbluhm
- ACA-Py Deployment Upgrade Changes
- Add Explicit/Offline marking mechanism for Upgrade #2204 shaangill025
- Plugin Handling Updates
- Feature: Add the ability to deny specific plugins from loading 0.7.4 #1737 frostyfrog
- Dependencies and Internal Updates
- upgrade pyjwt to latest; introduce leeway to jwt.decodet #2335 ff137
- upgrade requests to latest #2336 ff137
- upgrade packaging to latest #2334 ff137
- chore: update PyYAML #2329 dbluhm
- chore(deps): Bump aiohttp from 3.8.4 to 3.8.5 in /demo/playground/scripts dependencies #2325 [dependabot bot](https://github.com/dependabot bot)
- ⬆️ upgrade marshmallow to latest #2322 ff137
- fix: use python 3.9 in run_docker #2291 dbluhm
- BREAKING!: drop python 3.6 support #2247 dbluhm
- Minor revisions to the README.md and DevReadMe.md #2272 swcurran
- ACA-Py Administrative Updates
- CI/CD and Developer Tools/Productivity Updates
- Cancel in-progress workflows when PR is updated #2303 andrewwhitehead
- ci: add gha for pr-tests #2058 dbluhm
- Add devcontainer for ACA-Py #2267 usingtechnology
- Docker images and GHA for publishing images help wanted #2076 dbluhm
- ci: test additional versions of python nightly #2059 dbluhm
- Release management pull requests
Release 0.8.2 contains a number of minor fixes and updates to ACA-Py, including the correction of a regression in Release 0.8.0 related to the use of plugins (see #2255). Highlights include making it easier to use tracing in a development environment to collect detailed performance information about what is going in within ACA-Py.
This release pulls in indy-shared-rs Release 3.3 which fixes a serious issue in AnonCreds verification, as described in issue #2036, where the verification of a presentation with multiple revocable credentials fails when using Aries Askar and the other shared components. This issue occurs only when using Aries Askar and indy-credx Release 3.3.
An important new feature in this release is the ability to set some instance configuration settings at the tenant level of a multi-tenant deployment. See PR #2233.
There are no breaking changes in this release.
- Connections Fixes/Updates
- Resolve definitions.py fix to fix backwards compatibility break in plugins #2255 usingtechnology
- Add support for JsonWebKey2020 for the connection invitations #2173 dkulic
- fix: only cache completed connection targets #2240 dbluhm
- Connection target should not be limited only to indy dids #2229 dkulic
- Disable webhook trigger on initial response to multi-use connection invitation #2223 esune
- Credential Exchange (Issue, Present) Updates
- Pass document loader to jsonld.expand #2175 andrewwhitehead
- Multi-tenancy fixes/updates
- Allow Configuration Settings on a per-tenant basis #2233 shaangill025
- stand up multiple agents (single and multi) for local development and testing #2230 usingtechnology
- Multi-tenant self-managed mediation verkey lookup #2232 usingtechnology
- fix: route multitenant connectionless oob invitation #2243 TimoGlastra
- Fix multitenant/mediation in demo #2075 ianco
- Other Bug and Documentation Fixes
- Assign ~thread.thid with thread_id value #2261 usingtechnology
- Fix: Do not replace public verkey on mediator #2269 mkempa
- Provide an optional Profile to the verification key strategy #2265 yvgny
- refactor: Extract verification method ID generation to a separate class #2235 yvgny
- Create .readthedocs.yaml file #2268 swcurran
- feat(did creation route): reject unregistered did methods #2262 chumbert
- ./run_demo performance -c 1 --mediation --timing --trace-log #2245 usingtechnology
- Fix formatting and grammatical errors in different readme's #2222 ff137
- Fix broken link in README #2221 ff137
- fix: run only on main, forks ok #2166 anwalker293
- Update Alice Wants a JSON-LD Credential to fix invocation #2219 swcurran
- Dependencies and Internal Updates
- Bump requests from 2.30.0 to 2.31.0 in /demo/playground/scripts dependenciesPull requests that update a dependency file #2238 dependabot bot
- Upgrade codegen tools in scripts/generate-open-api-spec and publish Swagger 2.0 and OpenAPI 3.0 specs #2246 ff137
- ACA-Py Administrative Updates
- Propose adding Jason Sherman usingtechnology as a Maintainer #2263 swcurran
- Updating Maintainers list to be accurate and using the TOC format #2258 swcurran
- Message Tracing/Timing Updates
- Add updated ELK stack for demos. #2236 usingtechnology
- Release management pull requests
Version 0.8.1 is an urgent update to Release 0.8.0 to address an inability to
execute the upgrade
command. The upgrade
command is needed for 0.8.0 Pull
Request #2116 - "UPGRADE: Fix multi-use invitation performance", which is
useful for (at least) deployments of ACA-Py as a mediator. In the release, the
upgrade process is revamped, and documented in Upgrading ACA-Py.
Key points about upgrading for those with production, pre-0.8.1 ACA-Py deployments:
- Upgrades now happen automatically on startup, when needed.
- The version of the last executed upgrade, even if it is a "no change" upgrade,
is put into secure storage and is used to detect when future upgrades are needed.
- Upgrades are needed when the running version is greater than the version is secure storage.
- If you have an existing, pre-0.8.1 deployment with many connection records,
there may be a delay in starting as an upgrade will be run that loads and saves
every connection record, updating the data in the record in the process.
- A mechanism is to be added (see Issue #2201) for preventing an upgrade
running if it should not be run automatically, and requires using the
upgrade
command. To date, there has been no need for this feature.
- A mechanism is to be added (see Issue #2201) for preventing an upgrade
running if it should not be run automatically, and requires using the
- See the Upgrading ACA-Py document for more details.
Recent changes to Aries Askar have resulted in Askar supporting Postgres version 11 and greater. If you are on Postgres 10 or earlier and want to upgrade to use Askar, you must migrate your database to Postgres 10.
We have also noted that in some container orchestration environments such as
Red Hat's OpenShift and possibly other Kubernetes distributions, Askar using
Postgres versions greater than 14 do not install correctly. Please monitor
Issue #2199 for an update to this limitation. We have found that Postgres 15 does
install correctly in other environments (such as in docker compose
setups).
- Fixes for the
upgrade
Command- Change upgrade definition file entry from 0.8.0 to 0.8.1 #2203 swcurran
- Add Upgrading ACA-Py document #2200 swcurran
- Fix: Indy WalletAlreadyOpenedError during upgrade process #2196 shaangill025
- Fix: Resolve Upgrade Config file in Container #2193 shaangill025
- Update and automate ACA-Py upgrade process #2185 shaangill025
- Adds the upgrade command YML file to the PyPi Release #2179 swcurran
- Test and Documentation
- Release management pull requests
0.8.0 is a breaking change that contains all updates since release 0.7.5. It
extends the previously tagged 1.0.0-rc1
release because it is not clear when
the 1.0.0 release will be finalized. Many of the PRs in this release were previously
included in the 1.0.0-rc1
release. The categorized list of PRs separates those
that are new from those in the 1.0.0-rc1
release candidate.
There are not a lot of new Aries Framework features in this release, as the focus has been on cleanup and optimization. The biggest addition is the inclusion with ACA-Py of a universal resolver interface, allowing an instance to have both local resolvers for some DID Methods and a call out to an external universal resolver for other DID Methods. Another significant new capability is full support for Hyperledger Indy transaction endorsement for Authors and Endorsers. A new repo aries-endorser-service has been created that is a pre-configured instance of ACA-Py for use as an Endorser service.
A recently completed feature that is outside of ACA-Py is a script to migrate existing ACA-Py storage from Indy SDK format to Aries Askar format. This enables existing deployments to switch to using the newer Aries Askar components. For details see the converter in the aries-acapy-tools repository.
With this release, a new automated process publishes container images in the Hyperledger container image repository. New images for the release are automatically published by the GitHubAction Workflows: publish.yml and publish-indy.yml. The actions are triggered when a release is tagged, so no manual action is needed. The images are published in the Hyperledger Package Repository under aries-cloudagent-python and a link to the packages added to the repositories main page (under "Packages"). Additional information about the container image publication process can be found in the document Container Images and Github Actions.
The ACA-Py container images are based on Python 3.6 and 3.9 slim-bullseye
images, and are designed to support linux/386 (x86)
, linux/amd64 (x64)
, and linux/arm64
. However, for this release, the
publication of multi-architecture containers is disabled. We are working to
enable that through the updating of some dependencies that lack that capability.
There are two flavors of image built for each Python version. One contains only
the Indy/Aries Shared Libraries only (Aries
Askar, Indy
VDR and Indy Shared
RS, supporting only the use of
--wallet-type askar
). The other (labelled indy
) contains the Indy/Aries
shared libraries and the Indy SDK (considered deprecated). For new deployments,
we recommend using the Python 3.9 Shared Library images. For existing
deployments, we recommend migrating to those images.
Those currently using the container images published by BC Gov on Docker Hub should change to use those published to the Hyperledger Package Repository under aries-cloudagent-python.
PR #2034 -- Implicit connections
The break impacts existing deployments that support implicit connections, those
initiated by another agent using a Public DID for this instance instead of an
explicit invitation. Such deployments need to add the configuration parameter
--requests-through-public-did
to continue to support that feature. The use
case is that an ACA-Py instance publishes a public DID on a ledger with a
DIDComm service
in the DIDDoc. Other agents resolve that DID, and attempt to
establish a connection with the ACA-Py instance using the service
endpoint.
This is called an "implicit" connection in RFC 0023 DID
Exchange.
PR #1913 -- Unrevealed attributes in presentations
Updates the handling of "unrevealed attributes" during verification of AnonCreds presentations, allowing them to be used in a presentation, with additional data that can be checked if for unrevealed attributes. As few implementations of Aries wallets support unrevealed attributes in an AnonCreds presentation, this is unlikely to impact any deployments.
PR #2145 - Update webhook message to terse form by default, added startup flag --debug-webhooks for full form
The default behavior in ACA-Py has been to keep the full text of all messages in the protocol state object, and include the full protocol state object in the webhooks sent to the controller. When the messages include an object that is very large in all the messages, the webhook may become too big to be passed via HTTP. For example, issuing a credential with a photo as one of the claims may result in a number of copies of the photo in the protocol state object and hence, very large webhooks. This change reduces the size of the webhook message by eliminating redundant data in the protocol state of the "Issue Credential" message as the default, and adds a new parameter to use the old behavior.
UPGRADE PR #2116 - UPGRADE: Fix multi-use invitation performance
The way that multiuse invitations in previous versions of ACA-Py caused performance to degrade over time. An update was made to add state into the tag names that eliminated the need to scan the tags when querying storage for the invitation.
If you are using multiuse invitations in your existing (pre-0.8.0
deployment
of ACA-Py, you can run an upgrade
to apply this change. To run upgrade from
previous versions, use the following command using the 0.8.0
version of
ACA-Py, adding you wallet settings:
aca-py upgrade <other wallet config settings> --from-version=v0.7.5 --upgrade-config-path ./upgrade.yml
-
Verifiable credential, presentation and revocation handling updates
- BREAKING: Update webhook message to terse form [default, added startup flag --debug-webhooks for full form #2145 by victorlee0505
- Add startup flag --light-weight-webhook to trim down outbound webhook payload #1941 victorlee0505
- feat: add verification method issue-credentials-2.0/send endpoint #2135 chumbert
- Respect auto-verify-presentation flag in present proof v1 and v2 #2097 dbluhm
- Feature: enabled handling VPs (request, creation, verification) with different VCs #1956 (teanas)
- fix: update issue-credential endpoint summaries #1997 (PeterStrob)
- fix claim format designation in presentation submission #2013 (rmnre)
- #2041 - Issue JSON-LD has invalid Admin API documentation #2046 (jfblier-amplitude)
- Previously flagged in release 1.0.0-rc1
- Refactor ledger correction code and insert into revocation error handling #1892 (ianco)
- Indy ledger fixes and cleanups #1870 (andrewwhitehead)
- Refactoring of revocation registry creation #1813 (andrewwhitehead)
- Fix: �the type of tails file path to string. #1925 (baegjae)
- Pre-populate revoc_reg_id on IssuerRevRegRecord #1924 (andrewwhitehead)
- Leave credentialStatus element in the LD credential #1921 (tsabolov)
- BREAKING: Remove aca-py check for unrevealed revealed attrs on proof validation #1913 (ianco)
- Send webhooks upon record/credential deletion #1906 (frostyfrog)
-
Out of Band (OOB) and DID Exchange / Connection Handling / Mediator
- UPGRADE: Fix multi-use invitation performance #2116 reflectivedevelopment
- fix: public did mediator routing keys as did keys #1977 (dbluhm)
- Fix for mediator load testing race condition when scaling horizontally #2009 (ianco)
- BREAKING: Allow multi-use public invites and public invites with metadata #2034 (mepeltier)
- Do not reject OOB invitation with unknown handshake protocol(s) #2060 (andrewwhitehead)
- fix: fix connection timing bug #2099 (reflectivedevelopment)
- Previously flagged in release 1.0.0-rc1
- Fix:
--mediator-invitation
with OOB invitation + cleanup #1970 (shaangill025) - include image_url in oob invitation #1966 (Zzocker)
- feat: 00B v1.1 support #1962 (shaangill025)
- Fix: OOB - Handling of minor versions #1940 (shaangill025)
- fix: failed connectionless proof request on some case #1933 (kukgini)
- fix: propagate endpoint from mediation record #1922 (cjhowland)
- Feat/public did endpoints for agents behind mediators #1899 (cjhowland)
- Fix:
-
DID Registration and Resolution related updates
- feat: allow marking non-SOV DIDs as public #2144 chumbert
- fix: askar exception message always displaying null DID #2155 chumbert
- feat: enable creation of DIDs for all registered methods #2067 (chumbert)
- fix: create local DID return schema #2086 (chumbert)
- feat: universal resolver - configurable authentication #2095 (chumbert)
- Previously flagged in release 1.0.0-rc1
- feat: add universal resolver #1866 (dbluhm)
- fix: resolve dids following new endpoint rules #1863 (dbluhm)
- fix: didx request cannot be accepted #1881 (rmnre)
- did method & key type registry #1986 (burdettadam)
- Fix/endpoint attrib structure #1934 (cjhowland)
- Simple did registry #1920 (burdettadam)
- Use did:key for recipient keys #1886 (frostyfrog)
-
Hyperledger Indy Endorser/Author Transaction Handling
-
Admin API Additions
-
Startup Command Line / Environment / YAML Parameter Updates
- Update webhook message to terse form [default, added startup flag --debug-webhooks for full form #2145 by victorlee0505
- Add startup flag --light-weight-webhook to trim down outbound webhook payload #1941 victorlee0505
- Add missing --mediator-connections-invite cmd arg info to docs #2051 (matrixik)
- Issue #2068 boolean flag change to support HEAD requests to default route #2077 (johnekent)
- Previously flagged in release 1.0.0-rc1
- Add seed command line parameter but use only if also an "allow insecure seed" parameter is set #1714 (DaevMithran)
-
Internal Aries framework data handling updates
- fix: resolver api schema inconsistency #2112 (TimoGlastra)
- fix: return if return route but no response #1853 (TimoGlastra)
- Multi-ledger/Multi-tenant issues #2022 (ianco)
- fix: Correct typo in model -- required spelled incorrectly #2031 (swcurran)
- Code formatting #2053 (ianco)
- Improved validation of record state attributes #2071 (rmnre)
- Previously flagged in release 1.0.0-rc1
- fix: update RouteManager methods use to pass profile as parameter #1902 (chumbert)
- Allow fully qualified class names for profile managers #1880 (chumbert)
- fix: unable to use askar with in memory db #1878 (dbluhm)
- Enable manually triggering keylist updates during connection #1851 (dbluhm)
- feat: make base wallet route access configurable #1836 (dbluhm)
- feat: event and webhook on keylist update stored #1769 (dbluhm)
- fix: Safely shutdown when root_profile uninitialized #1960 (frostyfrog)
- feat: include connection ids in keylist update webhook #1914 (dbluhm)
- fix: incorrect response schema for discover features #1912 (dbluhm)
- Fix: SchemasInputDescriptorFilter: broken deserialization renders generated clients unusable #1894 (rmnre)
- fix: schema class can set Meta.unknown #1885 (dbluhm)
-
Unit, Integration, and Aries Agent Test Harness Test updates
-
Dependency, Python version, GitHub Actions and Container Image Changes
- Remove CircleCI Status since we aren't using CircleCI anymore #2163 swcurran
- Update ACA-Py docker files to produce OpenShift compatible images #2130 WadeBarnes
- Temporarily disable multi-architecture image builds #2125 WadeBarnes
- Fix ACA-py image builds #2123 WadeBarnes
- Fix publish workflows #2117 WadeBarnes
- fix: indy dependency version format #2054 (chumbert)
- ci: add gha for pr-tests #2058 (dbluhm)
- ci: test additional versions of python nightly #2059 (dbluhm)
- Update github actions dependencies (for node16 support) #2066 (andrewwhitehead)
- Docker images and GHA for publishing images #2076 (dbluhm)
- Update dockerfiles to use python 3.9 #2109 (ianco)
- Updating base images from slim-buster to slim-bullseye #2105 (pradeepp88)
- Previously flagged in release 1.0.0-rc1
- feat: update pynacl version from 1.4.0 to 1.50 #1981 (morrieinmaas)
- Fix: web.py dependency - integration tests & demos #1973 (shaangill025)
- chore: update pydid #1915 (dbluhm)
-
Demo and Documentation Updates
- [fix] Removes extra comma that prevents swagger from accepting the presentation request #2149 swcurran
- Initial plugin docs #2138 ianco
- Acme workshop #2137 ianco
- Fix: Performance Demo [no --revocation] [#2151](https://github.com/ openwallet-foundation/pull/2151) shaangill025
- Fix typos in alice-local.sh & faber-local.sh #2010 (naonishijima)
- Added a bit about manually creating a revoc reg tails file #2012 (ianco)
- Add ability to set docker container name #2024 (matrixik)
- Doc updates for json demo #2026 (ianco)
- Multitenancy demo (docker-compose with postgres and ngrok) #2089 (ianco)
- Allow using YAML configuration file with run_docker #2091 (matrixik)
- Previously flagged in release 1.0.0-rc1
- Fixes to acme exercise code #1990 (ianco)
- Fixed bug in run_demo script #1982 (pasquale95)
- Transaction Author with Endorser demo #1975 (ianco)
- Redis Plugins [redis_cache & redis_queue] related updates #1937 (shaangill025)
-
Release management pull requests
0.7.5 is a patch release to deal primarily to add PR #1881 DID Exchange in ACA-Py 0.7.4 with explicit invitations and without auto-accept broken. A couple of other PRs were added to the release, as listed below, and in Milestone 0.7.5.
- Changelog and version updates for version 0.7.5-rc1 #1985 (swcurran)
- Endorser doc updates and some bug fixes #1926 (ianco)
- Fix: web.py dependency - integration tests & demos #1973 (shaangill025)
- Endorser write DID transaction #1938 (ianco)
- fix: didx request cannot be accepted #1881 (rmnre)
- Fix: OOB - Handling of minor versions #1940 (shaangill025)
- fix: Safely shutdown when root_profile uninitialized #1960 (frostyfrog)
- feat: 00B v1.1 support #1962 (shaangill025)
- 0.7.5 Cherry Picks #1967 (frostyfrog)
- Changelog and version updates for version 0.7.5-rc0 #1969 (swcurran)
- Final 0.7.5 changes #1991 (swcurran)
⚠️ Existing multitenant JWTs invalidated when a new JWT is generated: If you have a pre-existing implementation with existing Admin API authorization JWTs, invoking the endpoint to get a JWT now invalidates the existing JWT. Previously an identical JWT would be created. Please see this comment on PR #1725 for more details.
0.7.4 is a significant release focused on stability and production deployments. As the "patch" release number indicates, there were no breaking changes in the Admin API, but a huge volume of updates and improvements. Highlights of this release include:
- A major performance and stability improvement resulting from the now recommended use of Aries Askar instead of the Indy-SDK.
- There are significant improvements and tools for dealing with revocation-related issues.
- A lot of work has been on the handling of Hyperledger Indy transaction endorsements.
- ACA-Py now has a pluggable persistent queues mechanism in place, with Redis and Kafka support available (albeit with work still to come on documentation).
In addition, there are a significant number of general enhancements, bug fixes, documentation updates and code management improvements.
This release is a reflection of the many groups stressing ACA-Py in production environments, reporting issues and the resulting solutions. We also have a very large number of contributors to ACA-Py, with this release having PRs from 22 different individuals. A big thank you to all of those using ACA-Py, raising issues and providing solutions.
A lot of work has been put into this release related to performance and load
testing, with significant updates being made to the key "shared component"
ACA-Py dependencies (Aries Askar, Indy
VDR) and Indy Shared RS (including
CredX). We now recommend using
those components (by using --wallet-type askar
in the ACA-Py startup
parameters) for new ACA-Py deployments. A wallet migration tool from indy-sdk
storage to Askar storage is still needed before migrating existing deployment to
Askar. A big thanks to those creating/reporting on stress test scenarios, and
especially the team at LISSI for creating the
aries-cloudagent-loadgenerator
to make load testing so easy! And of course to the core ACA-Py team for
addressing the findings.
The largest enhancement is in the area of the endorsing of Hyperledger Indy ledger transactions, enabling an instance of ACA-Py to act as an Endorser for Indy authors needing endorsements to write objects to an Indy ledger. We're working on an Aries Endorser Service based on the new capabilities in ACA-Py, an Endorser to be easily operated by an organization, ideally with a controller starter kit supporting a basic human and automated approvals business workflow. Contributions welcome!
A focus towards the end of the 0.7.4 development and release cycle was on the handling of AnonCreds revocation in ACA-Py. Most important, a production issue was uncovered where by an ACA-Py issuer's local Revocation Registry data could get out of sync with what was published on an Indy ledger, resulting in an inability to publish new RevRegEntry transactions -- making new revocations impossible. As a result, we have added some new endpoints to enable an update to the RevReg storage such that RevRegEntry transactions can again be published to the ledger. Other changes were added related to revocation in general and in the handling of tails files in particular.
The team has worked a lot on evolving the persistent queue (PQ) approach available in ACA-Py. We have landed on a design for the queues for inbound and outbound messages using a default in-memory implementation, and the ability to replace the default method with implementations created via an ACA-Py plugin. There are two concrete, out-of-the-box external persistent queuing solutions available for Redis and Kafka. Those ACA-Py persistent queue implementation repositories will soon be migrated to the Aries project within the Hyperledger Foundation's GitHub organization. Anyone else can implement their own queuing plugin as long as it uses the same interface.
Several new ways to control ACA-Py configurations were added, including new startup parameters, Admin API parameters to control instances of protocols, and additional web hook notifications.
A number of fixes were made to the Credential Exchange protocols, both for V1 and V2, and for both AnonCreds and W3C format VCs. Nothing new was added and there no changes in the APIs.
As well there were a number of internal fixes, dependency updates, documentation and demo changes, developer tools and release management updates. All the usual stuff needed for a healthy, growing codebase.
-
Hyperledger Indy Endorser related updates:
- Fix order of operations connecting faber to endorser #1716 (ianco)
- Endorser support for updating DID endpoints on ledger #1696 (frostyfrog)
- Add "sent" key to both Schema and Cred Defs when using Endorsers #1663 (frostyfrog)
- Add cred_def_id to metadata when using an Endorser #1655 (frostyfrog)
- Update Endorser documentation #1646 (chumbert)
- Auto-promote author did to public after endorsing #1607 (ianco)
- DID updates for endorser #1601 (ianco)
- Qualify did exch connection lookup by role #1670 (ianco)
- Use provided connection_id if provided #1726 (ianco)
-
Additions to the startup parameters, Admin API and Web Hooks
- Improve typing of settings and add plugin settings object #1833 (dbluhm)
- feat: accept taa using startup parameter --accept-taa #1643 (TimoGlastra)
- Add auto_verify flag in present-proof protocol #1702 (DaevMithran)
- feat: query connections by their_public_did #1637 (TimoGlastra)
- feat: enable webhook events for mediation records #1614 (TimoGlastra)
- Feature/undelivered events #1694 (mepeltier)
- Allow use of SEED when creating local wallet DID Issue-1682 Issue-1682 #1705 (DaevMithran)
- Feature: Add the ability to deny specific plugins from loading #1737 (frostyfrog)
- feat: Add filter param to connection list for invitations #1797 (frostyfrog)
- Fix missing webhook handler #1816 (ianco)
-
Persistent Queues
- Redis PQ Cleanup in preparation for enabling the uses of plugin PQ implementations [Issue#1659] #1659 (shaangill025)
-
Credential Revocation and Tails File Handling
- Fix handling of non-revocable credential when timestamp is specified (askar/credx) #1847 (andrewwhitehead)
- Additional endpoints to get revocation details and fix "published" status #1783 (ianco)
- Fix IssuerCredRevRecord state update on revocation publish #1827 (andrewwhitehead)
- Fix put_file when the server returns a redirect #1808 (andrewwhitehead)
- Adjust revocation registry update procedure to shorten transactions #1804 (andrewwhitehead)
- fix: Resolve Revocation Notification environment variable name collision #1751 (frostyfrog)
- fix: always notify if revocation notification record exists #1665 (TimoGlastra)
- Fix for AnonCreds non-revoc proof with no timestamp #1628 (ianco)
- Fixes for v7.3.0 - Issue #1597 #1711 (shaangill025)
- Fixes Issue 1 from #1597: Tails file upload fails when a credDef is created and multi ledger support is enabled
- Fix tails server upload multi-ledger mode #1785 (ianco)
- Feat/revocation notification v2 #1734 (frostyfrog)
-
Issue Credential, Present Proof updates/fixes
- Fix: Present Proof v2 - check_proof_vs_proposal update to support proof request with restrictions #1820 (shaangill025)
- Fix: present-proof v1 send-proposal flow #1811 (shaangill025)
- Prover - verification outcome from presentation ack message #1757 (shaangill025)
- feat: support connectionless exchange #1710 (TimoGlastra)
- Fix: DIF proof proposal when creating bound presentation request [Issue#1687] #1690 (shaangill025)
- Fix DIF PresExch and OOB request_attach delete unused connection #1676 (shaangill025)
- Fix DIFPresFormatHandler returning invalid V20PresExRecord on presentation verification #1645 (rmnre)
- Update aries-askar patch version to at least 0.2.4 as 0.2.3 does not include backward compatibility #1603 (acuderman)
- Fixes for credential details in issue-credential webhook responses #1668 (andrewwhitehead)
- Fix: present-proof v2 send-proposal issue#1474 #1667 (shaangill025)
- Fixes Issue 3b from #1597: V2 Credential exchange ignores the auto-respond-credential-request
- Revert change to send_credential_ack return value #1660 (andrewwhitehead)
- Fix usage of send_credential_ack #1653 (andrewwhitehead)
- Replace blank credential/presentation exchange states with abandoned state #1605 (andrewwhitehead)
- Fixes Issue 4 from #1597: Wallet type askar has issues when receiving V1 credentials
- Fixes and cleanups for issue-credential 1.0 #1619 (andrewwhitehead)
- Fix: Duplicated schema and cred_def - Askar and Postgres #1800 (shaangill025)
-
Mediator updates and fixes
- feat: allow querying default mediator from base wallet #1729 (dbluhm)
- Added async with for mediator record delete #1749 (dejsenlitro)
-
Multitenacy updates and fixes
- feat: create new JWT tokens and invalidate older for multitenancy #1725 (TimoGlastra)
- Multi-tenancy stale wallet clean up #1692 (dbluhm)
-
Dependencies and internal code updates/fixes
- Update pyjwt to 2.4 #1829 (andrewwhitehead)
- Fix external Outbound Transport loading code #1812 (frostyfrog)
- Fix iteration over key list, update Askar to 0.2.5 #1740 (andrewwhitehead)
- Fix: update IndyLedgerRequestsExecutor logic - multitenancy and basic base wallet type #1700 (shaangill025)
- Move database operations inside the session context #1633 (acuderman)
- Upgrade ConfigArgParse to version 1.5.3 #1627 (WadeBarnes)
- Update aiohttp dependency #1606 (acuderman)
- did-exchange implicit request pthid update & invitation key verification #1599 (shaangill025)
- Fix auto connection response not being properly mediated #1638 (dbluhm)
- platform target in run tests. #1697 (burdettadam)
- Add an integration test for mixed proof with a revocable cred and a n… #1672 (ianco)
- Fix: Inbound Transport is_external attribute #1802 (shaangill025)
- fix: add a close statement to ensure session is closed on error #1777 (reflectivedevelopment)
- Adds
transport_id
variable assignment back to outbound enqueue method #1776 (amanji) - Replace async workaround within document loader #1774 (frostyfrog)
-
Documentation and Demo Updates
- Use default wallet type askar for alice/faber demo and bdd tests #1761 (ianco)
- Update the Supported RFCs document for 0.7.4 release #1846 (swcurran)
- Fix a typo in DevReadMe.md #1844 (feknall)
- Add troubleshooting document, include initial examples - ledger connection, out-of-sync RevReg #1818 (swcurran)
- Update POST /present-proof/send-request to POST /present-proof-2.0/send-request #1824 (lineko)
- Fetch from --genesis-url likely to fail in composed container #1746 (tdiesler)
- Fixes logic for web hook formatter in Faber demo #1739 (amanji)
- Multitenancy Docs Update #1706 (MonolithicMonk)
- #1674 Add basic DOCKER_ENV logging for run_demo #1675 (tdiesler)
- Performance demo updates #1647 (ianco)
- docs: supported features attribution #1654 (TimoGlastra)
- Documentation on existing language wrappers for aca-py #1738 (etschelp)
- Document impact of multi-ledger on TAA acceptance #1778 (ianco)
-
Code management and contributor/developer support updates
- Set prefix for integration test demo agents; some code cleanup #1840 (andrewwhitehead)
- Pin markupsafe at version 2.0.1 #1642 (andrewwhitehead)
- style: format with stable black release #1615 (TimoGlastra)
- Remove references to play with von #1688 (ianco)
- Add pre-commit as optional developer tool #1671 (dbluhm)
- run_docker start - pass environment variables #1715 (shaangill025)
- Use local deps only #1834 (ryjones)
- Enable pip-audit #1831 (ryjones)
- Only run pip-audit on main repo #1845 (ryjones)
-
Release management pull requests
- 0.7.4 Release Changelog and version update #1849 (swcurran)
- 0.7.4-rc5 changelog, version and ReadTheDocs updates #1838 (swcurran)
- Update changelog and version for 0.7.4-rc4 #1830 (swcurran)
- Changelog, version and ReadTheDocs updates for 0.7.4-rc3 release #1817 (swcurran)
- 0.7.4-rc2 update #1771 (swcurran)
- Some ReadTheDocs File updates #1770 (swcurran)
- 0.7.4-RC1 Changelog intro paragraph - fix copy/paste error #1753 (swcurran)
- Fixing the intro paragraph and heading in the changelog of this 0.7.4RC1 #1752 (swcurran)
- Updates to Changelog for 0.7.4. RC1 release #1747 (swcurran)
- Prep for adding the 0.7.4-rc0 tag #1722 (swcurran)
- Added missed new module -- upgrade -- to the RTD generated docs #1593 (swcurran)
- Doh....update the date in the Changelog for 0.7.3 #1592 (swcurran)
This release includes some new AIP 2.0 features out (Revocation Notification and Discover Features 2.0), a major new feature for those using Indy ledger (multi-ledger support), a new "version upgrade" process that automates updating data in secure storage required after a new release, and a fix for a critical bug in some mediator scenarios. The release also includes several new pieces of documentation (upgrade processing, storage database information and logging) and some other documentation updates that make the ACA-Py Read The Docs site useful again. And of course, some recent bug fixes and cleanups are included.
There is a BREAKING CHANGE for those deploying ACA-Py with an external outbound queue implementation (see PR #1501). As far as we know, there is only one organization that has such an implementation and they were involved in the creation of this PR, so we are not making this release a minor or major update. However, anyone else using an external queue should be aware of the impact of this PR that is included in the release.
For those that have an existing deployment of ACA-Py with long-lasting connection records, an upgrade is needed to use RFC 434 Out of Band and the "reuse connection" as the invitee. In PR #1453 (details below) a performance improvement was made when finding a connection for reuse. The new approach (adding a tag to the connection to enable searching) applies only to connections made using this ACA-Py release and later, and "as-is" connections made using earlier releases of ACA-Py will not be found as reuse candidates. A new "Upgrade deployment" capability (#1557, described below) must be executed to update your deployment to add tags for all existing connections.
The Supported RFCs document has been updated to reflect the addition of the AIP 2.0 RFCs for which support was added.
The following is an annotated list of PRs in the release, including a link to each PR.
- AIP 2.0 Features
- Discover Features Protocol: v1_0 refactoring and v2_0 implementation [#1500](openwallet-foundation#1500)
- Updates the Discover Features 1.0 (AIP 1.0) implementation and implements the new 2.0 version. In doing so, adds generalized support for goal codes to ACA-Py.
- fix DiscoveryExchangeRecord RECORD_TOPIC typo fix #1566
- Implement Revocation Notification v1.0 #1464
- Fix integration tests (revocation notifications) #1528
- Add Revocation notification support to alice/faber #1527
- Discover Features Protocol: v1_0 refactoring and v2_0 implementation [#1500](openwallet-foundation#1500)
- Other New Features
- Multiple Indy Ledger support and State Proof verification #1425
- Outbound Queue - more usability improvements #1501
- Display QR code when generating/displaying invites on startup #1526
- Enable WS Pings for WS Inbound Transport #1530
- Faster detection of lost Web Socket connections; implementation verified with an existing mediator.
- Performance Improvement when using connection reuse in OOB and there are many DID connections. ConnRecord tags - their_public_did and invitation_msg_id #1543
- In previous releases, a "their_public_did" was not a tag, so to see if you can reuse a connection, all connections were retrieved from the database to see if a matching public DID can be found. Now, connections created after deploying this release will have a tag on the connection such that an indexed query can be used. See "Breaking Change" note above and "Update" feature below.
- Follow up to #1543 - Adding invitation_msg_id and their_public_did back to record_value #1553
- A generic "Upgrade Deployment" capability was added to ACA-Py that operates like a database migration capability in relational databases. When executed (via a command line option), a current version of the deployment is detected and if any storage updates need be applied to be consistent with the new version, they are, and the stored "current version"is updated to the new version. An instance of this capability can be used to address the new feature #1543 documented above. #1557
- Adds a "credential_revoked" state to the Issue Credential protocol state object. When the protocol state object is retained past the completion of the protocol, it is updated when the credential is revoked. #1545
- Updated a missing dependency that recently caused an error when using the
--version
command line option #1589
- Critical Fixes
- Fix connection record response for mobile #1469
- Documentation Additions and Updates
- added documentation for wallet storage databases #1523
- added logging documentation #1519
- Fix warnings when generating ReadTheDocs #1509
- Remove Streetcred references #1504
- Add RTD configs to get generator working #1496
- The Alice/Faber demo was updated to allow connections based on Public DIDs to be established, including reusing a connection if there is an existing connection. #1574
- Other Fixes
- Connection Handling / Out of Band Invitations Fixes
- OOB: Fixes issues with multiple public explicit invitation and unused 0160 connection #1525
- OOB added webhooks to notify the controller when a connection reuse message is used in response to an invitation #1581
- Delete unused ConnRecord generated - OOB invitation (use_exising_connection) #1521
- When an invitee responded with a "reuse" message, the connection record associated with the invitation was not being deleted. Now it is.
- Await asyncio.sleeps to cleanup warnings in Python 3.8/3.9 #1558
- Add alias field to didexchange invitation UI #1561
- fix: use invitation key for connection query #1570
- Fix the inconsistency of invitation_msg_id between invitation and response #1564
- chore: update pydid to ^0.3.3 #1562
- DIF Presentation Exchange Cleanups
- Fix DIF Presentation Request Input Validation #1517
- Some validation checking of a DIF presentation request to prevent uncaught errors later in the process.
- DIF PresExch - ProblemReport and "is_holder" #1493
- Cleanups related to when "is_holder" is or is not required. Related to Issue #1486
- Fix DIF Presentation Request Input Validation #1517
- Indy SDK Related Fixes
- Fix AttributeError when writing an Indy Cred Def record #1516
- Fix TypeError when calling credential_definitions_fix_cred_def_wallet… #1515
- Fix TypeError when writing a Schema record #1494
- Fix validation for range checks #1538
- Back out some of the validation checking for proof requests with predicates as they were preventing valid proof requests from being processed.
- Aries Askar Related Fixes:
- Docker fixes:
- Update docker scripts to use new & improved docker IP detection #1565
- Release Adminstration:
- Changelog and RTD updates for the pending 0.7.3 release #1553
- Connection Handling / Out of Band Invitations Fixes
A mostly maintenance release with some key updates and cleanups based on community deployments and discovery. With usage in the field increasing, we're cleaning up edge cases and issues related to volume deployments.
The most significant new feature for users of Indy ledgers is a simplified approach for transaction authors getting their transactions signed by an endorser. Transaction author controllers now do almost nothing other than configuring their instance to use an Endorser, and ACA-Py takes care of the rest. Documentation of that feature is here.
- Improve cloud native deployments/scaling
- unprotect liveness and readiness endpoints #1416
- Open askar sessions only on demand - Connections #1424
- Fixed potential deadlocks by opening sessions only on demand (Wallet endpoints) #1472
- Fixed potential deadlocks by opening sessions only on demand #1439
- Make mediation invitation parameter idempotent #1413
- Indy Transaction Endorser Support Added
- Indy verifiable credential/presentation fixes and updates
- Update credential and proof mappings to allow negative encoded values #1475
- Add credential validation to offer issuance step #1446
- Fix error removing proof req entries by timestamp #1465
- Fix issue with cred limit on presentation endpoint #1437
- Add support for custom offers from the proposal #1426
- Make requested attributes and predicates required on indy proof request #1411
- Remove connection check on proof verify #1383
- General cleanups and improvements to existing features
- Fixes failing integration test -- JSON-LD context URL not loading because of external issue #1491
- Update base record time-stamp to standard ISO format #1453
- Encode DIDComm messages before sent to the queue #1408
- Add Event bus Metadata #1429
- Allow base wallet to connect to a mediator after startup #1463
- Log warning when unsupported problem report code is received #1409
- feature/inbound-transport-profile #1407
- Import cleanups #1393
- Add no-op handler for generic ack message (RFC 0015) #1390
- Align OutOfBandManager.receive_invitation with other connection managers #1382
- Bug fixes
- fix: fixes error in use of a default mediator in connections/out of band -- mediation ID was being saved as None instead of the retrieved default mediator value #1490
- fix: help text for open-mediation flag #1445
- fix: incorrect return type #1438
- Add missing param to ws protocol #1442
- fix: create static doc use empty endpoint if None #1483
- fix: use named tuple instead of dataclass in mediation invite store #1476
- When fetching the admin config, don't overwrite webhook settings #1420
- fix: return type of inject #1392
- fix: typo in connection static result schema #1389
- fix: don't require push on outbound queue implementations #1387
- Updates/Fixes to the Alice/Faber demo and integration tests
- Chores
A relatively minor maintenance release to address issues found since the 0.7.0 Release. Includes some cleanups of JSON-LD Verifiable Credentials and Verifiable Presentations
- W3C Verifiable Credential cleanups
- Refactor outbound queue interface (#1348)
- Command line parameter handling for arbitrary plugins (#1347)
- Add an optional parameter '--ledger-socks-proxy' (#1342)
- OOB Protocol - CredentialOffer Support (#1316), (#1216)
- Updated IndyCredPrecisSchema - pres_referents renamed to presentation_referents (#1334)
- Handle unpadded protected header in PackWireFormat::get_recipient_keys (#1324)
- Initial cut of OpenAPI Code Generation guidelines (#1339)
- Correct revocation API in credential revocation documentation (#612)
- Documentation updates for Read-The-Docs (#1359, #1366, #1371)
- Add
inject_or
method to dynamic injection framework to resolve typing ambiguity (#1376) - Other fixes:
- Indy Proof processing fix, error not raised in predicate timestamp check (#1364)
- Problem Report handler for connection specific problems (#1356)
- fix: error on deserializing conn record with protocol (#1325)
- fix: failure to verify jsonld on non-conformant doc but vaild vmethod (#1301)
- fix: allow underscore in endpoints (#1378)
Another significant release, this version adds support for multiple new protocols, credential formats, and extension methods.
- Support for W3C Standard Verifiable Credentials based on JSON-LD using LD-Signatures and BBS+ Signatures, contributed by Animo Solutions - #1061
- Present Proof V2 including support for DIF Presentation Exchange - #1125
- Pluggable DID Resolver (with a did:web resolver) with fallback to an external DID universal resolver, contributed by Indicio - #1070
- Updates and extensions to ledger transaction endorsement via the Sign Attachment Protocol, contributed by AyanWorks - #1134, #1200
- Upgrades to Demos to add support for Credential Exchange 2.0 and W3C Verifiable Credentials #1235
- Alpha support for the Indy/Aries Shared Components (indy-vdr, indy-credx and aries-askar), which enable running ACA-Py without using Indy-SDK, while still supporting the use of Indy as a ledger, and Indy AnonCreds verifiable credentials #1267
- A new event bus for distributing internally generated ACA-Py events to controllers and other listeners, contributed by Indicio - #1063
- Enable operation without Indy ledger support if not needed
- Performance fix for deployments with large numbers of DIDs/connections #1249
- Simplify the creation/handling of plugin protocols #1086, #1133, #1226
- DID Exchange implicit invitation handling #1174
- Add support for Indy 1.16 predicates (restrictions on predicates based on attribute name and value) #1213
- BDD Tests run via GitHub Actions #1046
This is a significant release of ACA-Py with several new features, as well as changes to the internal architecture in order to set the groundwork for using the new shared component libraries: indy-vdr, indy-credx, and aries-askar.
While ACA-Py had previous support for a basic routing protocol, this was never fully developed or used in practice. Starting with this release, inbound and outbound connections can be established through a mediator agent using the Aries (Mediator Coordination Protocol)[https://github.com/hyperledger/aries-rfcs/tree/master/features/0211-route-coordination]. This work was initially contributed by Adam Burdett and Daniel Bluhm of Indicio on behalf of SICPA. Read more about mediation support.
Started by BMW and completed by Animo Solutions and Anon Solutions on behalf of SICPA, this feature allows for a single ACA-Py instance to host multiple wallet instances. This can greatly reduce the resources required when many identities are being handled. Read more about multi-tenancy support.
In addition to the Aries 0160 Connections RFC, ACA-Py now supports the Aries DID Exchange Protocol for connection establishment and reuse, as well as the Aries Out-of-Band Protocol for representing connection invitations and other pre-connection requests.
This release includes an initial implementation of the Aries Issue Credential v2 protocol.
-
There are several new endpoints available for controllers as well as new startup parameters related to the multi-tenancy and mediator features, see the feature description pages above in order to make use of these features. Additional admin endpoints are introduced for the DID Exchange, Issue Credential v2, and Out-of-Band protocols.
-
When running
aca-py start
, a new wallet will no longer be created unless the--auto-provision
argument is provided. It is recommended to always useaca-py provision
to initialize the wallet rather than relying on automatic behaviour, as this removes the need for repeatedly providing the wallet seed value (if any). This is a breaking change from previous versions. -
When running
aca-py provision
, an existing wallet will not be removed and re-created unless the--recreate-wallet
argument is provided. This is a breaking change from previous versions. -
The logic around revocation intervals has been tightened up in accordance with Present Proof Best Practices.
The following are breaking changes to the internal APIs which may impact Python code extensions.
-
Manager classes generally accept a
Profile
instance, where previously they accepted aRequestContext
. -
Admin request handlers now receive an
AdminRequestContext
asapp["context"]
. The current profile is available asapp["context"].profile
. The admin server now generates a unique context instance per request in order to facilitate multi-tenancy, rather than reusing the same instance for each handler. -
In order to inject the
BaseStorage
orBaseWallet
interfaces, aProfileSession
must be used. Other interfaces can be injected at theProfile
orProfileSession
level. This is obtained by awaitingprofile.session()
for the currentProfile
instance, or (preferably) using it as an async context manager:
async with profile.session() as session:
storage = session.inject(BaseStorage)
- The
inject
method of a context is no longerasync
.
- Fix an attempt to update the agent endpoint when configured with a read-only ledger #758
- Support interactions using the new
https://didcomm.org
message type prefix (currently opt-in via the--emit-new-didcomm-prefix
flag) #705, #713 - Updates to application startup arguments, adding support for YAML configuration #739, #746, #748
- Add a new endpoint to check the revocation status of a stored credential #735
- Clean up API documentation and OpenAPI definition, minor API adjustments #712, #726, #732, #734, #738, #741, #747
- Add configurable support for unencrypted record tags #723
- Retain more limited records on issued credentials #718
- Fix handling of custom endpoint in connections
accept-request
API method #715, #716 - Add restrictions around revocation registry sizes #727
- Allow the state for revocation registry records to be set manually #708
- Handle multiple matching credentials when satisfying a presentation request using
names
#706 - Additional handling for a missing local tails file, tails file rollover process #702, #717
- Handle unknown credential ID in
create-proof
API method #700 - Improvements to revocation interval handling in presentation requests #699, #703
- Clean up warnings on API redirects #692
- Extensions to DID publicity status #691
- Support Unicode text in JSON-LD credential handling #687
- Improvements to schema, cred def registration procedure #682, #683
- Updates to align admin API output with documented interface #674, #681
- Fix provisioning issue when ledger is configured as read-only #673
- Add
get-nym-role
action #671 - Basic support for w3c profile endpoint #667, #669
- Improve handling of non-revocation interval #648, #680
- Update revocation demo after changes to tails file handling #644
- Improve handling of fatal ledger errors #643, #659
- Improve
did:key:
handling in out-of-band protocol support #639 - Fix crash when no public DID is configured #637
- Fix high CPU usage when only messages pending retry are in the outbound queue #636
- Additional unit tests for config, messaging, revocation, startup, transports #633, #641, #658, #661, #666
- Allow forwarded messages to use existing connections and the outbound queue #631
- Store endpoint on provisioned DID records #610
- More reliable delivery of outbound messages and webhooks #615
- Improvements for OpenShift pod handling #614
- Remove support for 'on-demand' revocation registries #605
- Sort tags in generated swagger JSON for better consistency #602
- Improve support for multi-credential proofs #601
- Adjust default settings for tracing and add documentation #598, #597
- Fix reliance on local copy of revocation tails file #590
- Improved handling of problem reports #595
- Remove credential preview parameter from credential issue endpoint #596
- Looser format restrictions on dates #586
- Support
names
and attribute-value specifications in present-proof protocol #587 - Misc documentation updates and unit test coverage
- Initial out-of-band protocol support #576
- Support provisioning a new local-only DID in the wallet, updating a DID endpoint #559, #573
- Support pagination for holder search operation #558
- Add raw JSON credential signing and verification admin endpoints #540
- Catch fatal errors in admin and protocol request handlers #527, #533, #534, #539, #543, #554, #555
- Add wallet and DID key rotation operations #525
- Admin API documentation and usability improvements #504, #516, #570
- Adjust the maximum number of attempts for outbound messages #501
- Add demo support for tails server #499
- Various credential and presentation protocol fixes and improvements #491, #494, #498, #526, #561, #563, #564, #577, #579
- Fixes for multiple agent endpoints #495, #497
- Additional test coverage #482, #485, #486, #487, #490, #493, #509, #553
- Update marshmallow dependency #479
- Restore previous response format for the
/credential/{id}
admin route #474
- Add support for credential revocation and revocation registry handling, with thanks to Medici Ventures #306, #417, #425, #429, #432, #435, #441, #455
- Breaking change Remove previous credential and presentation protocols (0.1 versions) #416
- Add support for major/minor protocol version routing #443
- Event tracing and trace reports for message exchanges #440
- Support additional Indy restriction operators (
>
,<
,<=
in addition to>=
) #457 - Support signed attachments according to the updated Aries RFC 0017 #456
- Increased test coverage #442, #453
- Updates to demo agents and documentation #402, #403, #411, #415, #422, #423, #449, #450, #452
- Use Indy generate_nonce method to create proof request nonces #431
- Make request context available in the outbound transport handler #408
- Contain indy-anoncreds usage in IndyIssuer, IndyHolder, IndyProver classes #406, #463
- Fix issue with validation of proof with predicates and revocation support #400
- Added NOTICES file with license information for dependencies #398
- Updated documentation for administration API demo #397
- Accept self-attested attributes in presentation verification, only when no restrictions are present on the requested attribute #394, #396
- Update docker image used in demo and test containers #391
- Fix pre-verify check on received presentations #390
- Do not canonicalize attribute names in credential previews #389
- Fix the application of transaction author agreement acceptance to signed ledger requests #385
- Add a command line argument to preserve connection exchange records #355
- Allow custom credential IDs to be specified by the controller in the issue-credential protocol #384
- Handle send timeouts in the admin server websocket implementation #377
- Aries RFC 0348: Support the 'didcomm.org' message type prefix for incoming messages #379
- Add support for additional postgres wallet schemes such as "MultiWalletDatabase" #378
- Updates to the demo agents and documentation to support demos using the OpenAPI interface #371, #375, #376, #382, #383, #382
- Add a new flag for preventing writes to the ledger #364
- Adjust logging on HTTP request retries #363
- Tweaks to
run_docker
/run_demo
scripts for Windows #357 - Avoid throwing exceptions on invalid or incomplete received presentations #359
- Restore the
present-proof/create-request
admin endpoint for creating connectionless presentation requests #356 - Activate the
connections/create-static
admin endpoint for creating static connections #354
- Update Forward messages and handlers to align with RFC 0094 for compatibility with libvcx and Streetcred #240, #349
- Verify encoded attributes match raw attributes on proof presentation #344
- Improve checks for existing credential definitions in the wallet and on ledger when publishing #333, #346
- Accommodate referents in presentation proposal preview attribute specifications #333
- Make credential proposal optional in issue-credential protocol #336
- Handle proofs with repeated credential definition IDs #330
- Allow side-loading of alternative inbound transports #322
- Various fixes to documentation and message schemas, and improved unit test coverage
- Improved unit test coverage (actionmenu, basicmessage, connections, introduction, issue-credential, present-proof, routing protocols)
- Various documentation and bug fixes
- Add admin routes for fetching and accepting the ledger transaction author agreement #144
- Add support for receiving connection-less proof presentations #296
- Set attachment id explicitely in unbound proof request #289
- Add create-proposal admin endpoint to the present-proof protocol #288
- Remove old anon/authcrypt support #282
- Allow additional endpoints to be specified #276
- Allow timestamp without trailing 'Z' #275, #277
- Display agent label and version on CLI and SwaggerUI #274
- Remove connection activity tracking and add ping webhooks (with --monitor-ping) #271
- Refactor message transport to track all async tasks, active message handlers #269, #287
- Add invitation mode "static" for static connections #260
- Allow for cred proposal underspecification of cred def id, only lock down cred def id at issuer on offer. Sync up api requests to Aries RFC-36 verbiage #259
- Disable cookies on outbound requests (avoid session affinity) #258
- Add plugin registry for managing all loaded protocol plugins, streamline ClassLoader #257, #261
- Add support for locking a cache key to avoid repeating expensive operations #256
- Add optional support for uvloop #255
- Output timing information when --timing-log argument is provided #254
- General refactoring - modules moved from messaging into new core, protocols, and utils sub-packages #250, #301
- Switch performance demo to the newer issue-credential protocol #243
- Switch performance demo to the newer issue-credential protocol #243
- Remove old method for reusing credential requests and replace with local caching for credential offers and requests #238, #242
- Add statistics on HTTP requests to timing output #237
- Reduce the number of tags on non-secrets records to reduce storage requirements and improve performance #235
- Clean up base64 handling in wallet utils and add tests #224
- Support schema sequence numbers for lookups and caching and allow credential definition tag override via admin API #223
- Support multiple proof referents in the present-proof protocol #222
- Group protocol command line arguments appropriately #217
- Don't require a signature for get_txn_request in credential_definition_id2schema_id and reduce public DID lookups #215
- Add a role property to credential exchange and presentation exchange records #214, #218
- Improve attachment decorator handling #210
- Expand and correct documentation of the OpenAPI interface #208, #212
- Clean up LGTM errors and warnings and fix a message dispatch error #203
- Avoid wrapping messages with Forward wrappers when returning them directly #199
- Add a CLI parameter to override the base URL used in URL-formatted connection invitations #197
- Update the feature discovery protocol to match the RFC and rename the admin API endpoint #193
- Add CLI parameters for specifying additional properties of the printed connection invitation #192
- Add support for explicitly setting the wallet credential ID on storage #188
- Additional performance tracking and storage reductions #187
- Handle connection invitations in base64 or URL format in the Alice demo agent #186
- Add admin API methods to get and set the credential tagging policy for a credential definition ID #185
- Allow querying of credentials for proof requests with multiple referents #181
- Allow self-connected agents to issue credentials, present proofs #179
- Add admin API endpoints to register a ledger nym, fetch a ledger DID verkey, or fetch a ledger DID endpoint #178
- Merge support for Aries #36 (issue-credential) and Aries #37 (present-proof) protocols #164, #167
- Add
initiator
to connection record queries to ensure uniqueness in the case of a self-connection #161 - Add connection aliases #149
- Misc documentation updates
- Do not fail with an error when no ledger is configured #145
- Switch to PyNaCl instead of pysodium; update dependencies #143
- Support reusable connection invitations #142
- Fix --version option and optimize Docker builds #136
- Add connection_id to basicmessage webhooks #134
- Fixes for transaction author agreements #133
- Ledger and wallet config updates; add support for transaction author agreements #127
- Handle duplicate schema in send_schema by always fetching first #126
- More flexible timeout support in detect_process #125
- Add start command to run_docker invocations #119
- Add issuer stored state #114
- Add admin route to create a presentation request without sending it #112
- Add -v option to aca-py executable to print version #110
- Fix demo presentation request, optimize credential retrieval #108
- Add pypi badge to README and make document link URLs absolute #103
- Add admin routes for creating and listing wallet DIDs, adjusting the public DID #102
- Update the running locally instructions based on feedback from Sam Smith #101
- Add support for multiple invocation commands, implement start/provision/help commands #99
- Add admin endpoint to send problem report #98
- Add credential received state transition #97
- Adding documentation for the routing version of the performance example #94
- Document listing the Aries RFCs supported by ACA-Py and reference to the list in the README #89
- Further updates to the running locally section of the demo README #86
- Don't extract decorators with names matching the 'data_key' of defined schema fields #85
- Allow demo scripts to run outside of Docker; add command line parsing #84
- Connection invitation fixes and improvements; support DID-based invitations #82
- Add missing MANIFEST file #78
This is the first PyPI release. The history begins with the transfer of aca-py from bcgov to hyperledger.
- Prepare for version 0.2.0 release #77
- Update von-network related references. #74
- Fixed log_level arg, added validation error logging #73
- fix shell inconsistency #72
- further cleanup to the OpenAPI demo script #71
- Updates to invitation handling and performance test #68
- Api security #67
- Fix line endings on Windows #66
- Fix repository name in badge links #65
- Connection record is_ready refactor #64
- Fix API instructions for cred def id #58
- Updated API demo docs to use alice/faber scripts #54
- Updates to the readme for the demo to add PWD support #53
- Swallow empty input in demo scripts #51
- Set credential_exchange state when created from a cached credential request #49
- Check for readiness instead of activeness in credential admin routes #46
- Demo updates #43
- Misc fixes #42
- Readme updates #41
- Change installed "binary" name to aca-py #40
- Tweak in script to work under Linux; updates to readme for demo #33
- New routing example document, typo corrections #31
- More bad links #30
- Links cleanup for the documentation #29
- Alice-Faber demo update #28
- Deployment Model document #27
- Plantuml source and images for documentation; w/image generator script #26
- Move generated documentation. #25
- Update generated documents #24
- Split application configuration into separate modules and add tests #23
- Updates to the RTD configuration file #22
- Merge DIDDoc support from von_anchor #21
- Adding Prov of BC, Gov of Canada copyright #19
- Update test configuration #18
- CI updates #17
- Transport updates #15