Skip to content

Latest commit

 

History

History
1954 lines (1644 loc) · 197 KB

CHANGELOG.md

File metadata and controls

1954 lines (1644 loc) · 197 KB
Raw

Aries Cloud Agent Python Changelog

0.12.1

April 26, 2024

Release 0.12.1 is a small patch to cleanup some edge case issues in the handling of Out of Band invitations, revocation notification webhooks, and connection querying uncovered after the 0.12.0 release. Fixes and improvements were also made to the generation of ACA-Py's OpenAPI specifications.

0.12.1 Breaking Changes

There are no breaking changes in this release.

0.12.1 Categorized List of Pull Requests

  • Out of Band Invitations and Connection Establishment updates/fixes:

    • 🐛 Fix ServiceDecorator parsing in oob record handling #2910 ff137
    • fix: consider all resolvable dids in invites "public" #2900 dbluhm
    • fix: oob record their_service should be updatable #2897 dbluhm
    • fix: look up conn record by invite msg id instead of key #2891 dbluhm

  • OpenAPI/Swagger updates, fixes and cleanups:

    • Fix api schema mixup in revocation routes #2909 jamshale
    • 🎨 fix typos #2898 ff137
    • ⬆️ Upgrade codegen tools used in generate-open-api-specols #2899 ff137
    • 🐛 Fix IndyAttrValue model that was dropped from openapi spec #2894 ff137

  • Test and Demo updates:

    • fix Faber demo to use oob with aip10 to support connection reuse #2903 ianco
    • fix: integration tests should use didex 1.1 #2889 dbluhm

  • Credential Exchange updates and fixes:

    • fix: rev notifications on publish pending #2916 dbluhm

  • Endorsement of Indy Transactions fixes:

  • Documentation publishing process updates:

    • Some updates to the mkdocs publishing process #2888 swcurran
    • Update GHA so that broken image links work on docs site - without breaking them on GitHub #2852 swcurran

  • Dependencies and Internal Updates:

  • Release management pull requests:

0.12.0

April 11, 2024

Release 0.12.0 is a large release with many new capabilities, feature improvements, upgrades, and bug fixes. Importantly, this release completes the ACA-Py implementation of Aries Interop Profile v2.0, and enables the elimination of unqualified DIDs. While only deprecated for now, all deployments of ACA-Py SHOULD move to using only fully qualified DIDs as soon as possible.

Much progress has been made on did:peer support in this release, with the handling of inbound DID Peer 1 added, and inbound and outbound support for DID Peer 2 and 4. Much attention was also paid to making sure that the Peer DID and DID Exchange capabilities match those of Credo-TS (formerly Aries Framework JavaScript). The completion of that work eliminates the remaining places where "unqualified" DIDs were being used, and to enable the "connection reuse" feature in the Out of Band protocol when using DID Peer 2 and 4 DIDs in invitations. See the document Qualified DIDs for details about how to control the use of DID Peer 2 or 4 in an ACA-Py deployment, and how to eliminate the use of unqualified DIDs. Support for DID Exchange v1.1 has been added to ACA-Py, with support for DID Exchange v1.0 retained, and we've added support for DID Rotation.

Work continues towards supporting ledger agnostic AnonCreds, and the new Hyperledger AnonCreds Rust library. Some of that work is in this release, the rest will be in the next release.

Attention was given in the release to simplifying the handling of JSON-LD Data Integrity Verifiable Credentials.

An important change in this release is the re-organization of the ACA-Py documentation, moving the vast majority of the documents to the folders within the docs folder -- a long overdue change that will allow us to soon publish the documents on https://aca-py.org directly from the ACA-Py repository, rather than from the separate aries-acapy-docs currently being used.

A big developer improvement is a revamping of the test handling to eliminate ~2500 warnings that were previously generated in the test suite. Nice job @ff137!

0.12.0 Breaking Changes

A deployment of this release that uses DID Peer 2 and 4 invitations may encounter problems interacting with agents deployed using older Aries protocols. Led by the Aries Working Group, the Aries community is encouraging the upgrade of all ecosystem deployments to accept all commonly used qualified DIDs, including DID Peer 2 and 4. See the document Qualified DIDs for more details about the transition to using only qualified DIDs. If deployments you interact with are still using unqualified DIDs, please encourage them to upgrade as soon as possible.

Specifically for those upgrading their ACA-Py instance that create Out of Band invitations with more than one handshake_protocol, the protocol for the connection has been removed. See Issue #2879 contains the details of this subtle breaking change.

New deprecation notices were added to ACA-Py on startup and in the OpenAPI/Swagger interface. Those added are listed below. As well, we anticipate 0.12.0 being the last ACA-Py release to include support for the previously deprecated Indy SDK.

  • RFC 0036 Issue Credential v1
    • Migrate to use RFC 0453 Issue Credential v2
  • RFC 0037 Present Proof v2
    • Migrate to use RFC 0454 Present Proof v2
  • RFC 0169 Connections
    • Migrate to use RFC 0023 DID Exchange and 0434 Out-of-Band
  • The use of did:sov:... as a Protocol Doc URI
    • Migrate to use https://didcomm.org/.

0.12.0 Categorized List of Pull Requests

0.11.0

November 24, 2023

Release 0.11.0 is a relatively large release of new features, fixes, and internal updates. 0.11.0 is planned to be the last significant update before we begin the transition to using the ledger agnostic AnonCreds Rust in a release that is expected to bring Admin/Controller API changes. We plan to do patches to the 0.11.x branch while the transition is made to using [Anoncreds Rust].

An important addition to ACA-Py is support for signing and verifying SD-JWT verifiable credentials. We expect this to be the first of the changes to extend ACA-Py to support OpenID4VC protocols.

This release and Release 0.10.5 contain a high priority fix to correct an issue with the handling of the JSON-LD presentation verifications, where the status of the verification of the presentation.proof in the Verifiable Presentation was not included when determining the verification value (true or false) of the overall presentation. A forthcoming security advisory will cover the details. Anyone using JSON-LD presentations is recommended to upgrade to one of these versions of ACA-Py as soon as possible.

In the CI/CD realm, substantial changes were applied to the source base in switching from:

  • pip to Poetry for packaging and dependency management,
  • Flake8 to Ruff for linting,
  • asynctest to IsolatedAsyncioTestCase and AsyncMock objects now included in Python's builtin unittest package for unit testing.

These are necessary and important modernization changes, with the latter two triggering many (largely mechanical) changes to the codebase.

0.11.0 Breaking Changes

In addition to the impacts of the change for developers in switching from pip to Poetry, the only significant breaking change is the (overdue) transition of ACA-Py to always use the new DIDComm message type prefix, changing the DID Message prefix from the old hardcoded did:sov:BzCbsNYhMrjHiqZDTUASHg;spec to the new hardcoded https://didcomm.org value, and using the new DIDComm MIME type in place of the old. The vast majority (all?) Aries deployments have long since been updated to accept both values, so this change just forces the use of the newer value in sending messages. In updating this, we retained the old configuration parameters most deployments were using (--emit-new-didcomm-prefix and --emit-new-didcomm-mime-type) but updated the code to set the configuration parameters to true even if the parameters were not set. See PR #2517.

The JSON-LD verifiable credential handling of JSON-LD contexts has been updated to pre-load the base contexts into the repository code so they are not fetched at run time. This is a security best practice for JSON-LD, and prevents errors in production when, from time to time, the JSON-LD contexts are unavailable because of outages of the web servers where they are hosted. See PR #2587.

A Problem Report message is now sent when a request for a credential is received and there is no associated Credential Exchange Record. This may happen, for example, if an issuer decides to delete a Credential Exchange Record that has not be answered for a long time, and the holder responds after the delete. See PR #2577.

0.11.0 Categorized List of Pull Requests

0.10.5

November 21, 2023

Release 0.10.5 is a high priority patch release to correct an issue with the handling of the JSON-LD presentation verifications, where the status of the verification of the presentation.proof in the Verifiable Presentation was not included when determining the verification value (true or false) of the overall presentation. A forthcoming security advisory will cover the details.

Anyone using JSON-LD presentations is recommended to upgrade to this version of ACA-Py as soon as possible.

0.10.5 Categorized List of Pull Requests

  • JSON-LD Credential Exchange (Issue, Present) Updates
    • fix(backport): report presentation result #2622 dbluhm
  • Release management pull requests

0.10.4

October 9, 2023

Release 0.10.4 is a patch release to correct an issue with the handling of did:key routing keys in some mediator scenarios, notably with the use of [Aries Framework Kotlin]. See the details in the PR and [Issue #2531 Routing for agents behind a aca-py based mediator is broken].

Thanks to codespree for raising the issue and providing the fix.

Aries Framework Kotlin [Issue #2531 Routing for agents behind a aca-py based mediator is broken]: #2531

0.10.4 Categorized List of Pull Requests

  • DID Handling and Connection Establishment Updates/Fixes
  • Release management pull requests

0.10.3

September 29, 2023

Release 0.10.3 is a patch release to add an upgrade process for very old versions of Aries Cloud Agent Python (circa 0.5.2). If you have a long time deployment of an issuer that uses revocation, this release could correct internal data (tags in secure storage) related to revocation registries. Details of the about the triggering problem can be found in Issue #2485.

The upgrade is applied by running the following command for the ACA-Py instance to be upgraded:

./scripts/run_docker upgrade --force-upgrade --named-tag fix_issue_rev_reg

0.10.3 Categorized List of Pull Requests

  • Credential Exchange (Issue, Present) Updates
    • Feat: Upgrade from tags and fix issue with legacy IssuerRevRegRecords [<=v0.5.2] #2486 shaangill025
  • Release management pull requests

0.10.2

September 22, 2023

Release 0.10.2 is a patch release for 0.10.1 that addresses three specific regressions found in deploying Release 0.10.1. The regressions are to fix:

  • An ACA-Py instance upgraded to 0.10.1 that had an existing connection to another Aries agent where the connection has both an http and ws (websocket) service endpoint with the same ID cannot message that agent. A scenario is an ACA-Py issuer connecting to an Endorser with both http and ws service endpoints. The updates made in 0.10.1 to improve ACA-Py DID resolution did not account for this scenario and needed a tweak to work (Issue #2474, PR #2475).
  • The "fix revocation registry" endpoint used to fix scenarios an Issuer's local revocation registry state is out of sync with the ledger was broken by some code being added to support a single ACA-Py instance writing to different ledgers (Issue #2477, PR #2480).
  • The version of the PyDID library we were using did not handle some unexpected DID resolution use cases encountered with mediators. The PyDID library version dependency was updated in PR #2500.

0.10.2 Categorized List of Pull Requests

  • DID Handling and Connection Establishment Updates/Fixes
    • LegacyPeerDIDResolver: erroneously assigning same ID to multiple services #2475 dbluhm
    • fix: update pydid #2500 dbluhm
  • Credential Exchange (Issue, Present) Updates
    • Bugfix: Issue with write ledger pool when performing Accumulator sync #2480 shaangill025
  • Release management pull requests

0.10.1

August 29, 2023

Release 0.10.1 contains a breaking change, an important fix for a regression introduced in 0.8.2 that impacts certain deployments, and a number of fixes and updates. Included in the updates is a significant internal reorganization of the DID and connection management code that was done to enable more flexible uses of different DID Methods, such as being able to use did:web DIDs for DIDComm messaging connections. The work also paves the way for coming updates related to support for did:peer DIDs for DIDComm. For details on the change see PR #2409, which includes some of the best pull request documentation ever created.

Release 0.10.1 has the same contents as 0.10.0. An error on PyPi prevented the 0.10.0 release from being properly uploaded because of an existing file of the same name. We immediately released 0.10.1 as a replacement.

The regression fix is for ACA-Py deployments that use multi-use invitations but do NOT use the --auto-accept-connection-requests flag/processing. A change in 0.8.2 (PR #2223) suppressed an extra webhook event firing during the processing after receiving a connection request. An unexpected side effect of that change was that the subsequent webhook event also did not fire, and as a result, the controller did not get any event signalling a new connection request had been received via the multi-use invitation. The update in this release ensures the proper event fires and the controller receives the webhook.

See below for the breaking changes and a categorized list of the pull requests included in this release.

Updates in the CI/CD area include adding the publishing of a nightly container image that includes any changes in the main branch since the last nightly was published. This allows getting the "latest and greatest" code via a container image vs. having to install ACA-Py from the repository. In addition, Snyk scanning was added to the CI pipeline, and Indy SDK tests were removed from the pipeline.

0.10.1 Breaking Changes

#2352 is a breaking change related to the storage of presentation exchange records in ACA-Py. In previous releases, presentation exchange protocol state data records were retained in ACA-Py secure storage after the completion of protocol instances. With this release the default behavior changes to deleting those records by default, unless the ----preserve-exchange-records flag is set in the configuration. This extends the use of that flag that previously applied only to issue credential records. The extension matches the initial intention of the flag--that it cover both issue credential and present proof exchanges. The "best practices" for ACA-Py is that the controller (business logic) store any long-lasting business information needed for the service that is using the Aries Agent, and ACA-Py storage should be used only for data necessary for the operation of the agent. In particular, protocol state data should be held in ACA-Py only as long as the protocol is running (as it is needed by ACA-Py), and once a protocol instance completes, the controller should extract and store the business information from the protocol state before it is deleted from ACA-Py storage.

0.10.0 Categorized List of Pull Requests

  • DIDComm Messaging Improvements/Fixes
    • fix: outbound send status missing on path #2393 dbluhm
    • fix: keylist update response race condition #2391 dbluhm
  • DID Handling and Connection Establishment Updates/Fixes
    • fix: handle stored afgo and findy docs in corrections #2450 dbluhm
    • chore: relax connections filter DID format #2451 chumbert
    • fix: ignore duplicate record errors on add key #2447 dbluhm
    • fix: ignore duplicate record errors on add key #2447 dbluhm
    • fix: more diddoc corrections #2446 dbluhm
    • feat: resolve connection targets and permit connecting via public DID #2409 dbluhm
    • feat: add legacy peer did resolver #2404 dbluhm
    • Fix: Ensure event/webhook is emitted for multi-use invitations #2413 esune
    • feat: add DID Exchange specific problem reports and reject endpoint #2394 dbluhm
    • fix: additional tweaks for did:web and other methods as public DIDs #2392 dbluhm
    • Fix empty ServiceDecorator in OobRecord causing 422 Unprocessable Entity Error #2362 ff137
    • Feat: Added support for Ed25519Signature2020 signature type and Ed25519VerificationKey2020 #2241 dkulic
  • Upgrading to Aries Askar Updates
    • Add symlink to /home/indy/.indy_client for backwards compatibility #2443 esune
  • Credential Exchange (Issue, Present) Updates
    • fix: ensure request matches offer in JSON-LD exchanges, if sent #2341 dbluhm
    • BREAKING Extend --preserve-exchange-records to include Presentation Exchange. #2352 usingtechnology
    • Correct the response type in send_rev_reg_def #2355 ff137
  • Multitenancy Updates and Fixes
  • Other Fixes, Demo, and Documentation Fixes
    • Redis Plugins [redis_cache & redis_queue] documentation and docker related updates #1937 shaangill025
    • Chore: fix marshmallow warnings #2398 ff137
    • Upgrade pre-commit and flake8 dependencies; fix flake8 warnings #2399 ff137
    • Corrected typo on mediator invitation configuration argument #2365 jorgefl0
    • Add workaround for ARM based macs #2313 finnformica
  • Dependencies and Internal Updates
    • chore(deps): Bump certifi from 2023.5.7 to 2023.7.22 in /demo/playground/scripts dependencies #2354 dependabot bot
  • CI/CD and Developer Tools/Productivity Updates
  • Release management pull requests

0.10.0

August 29, 2023

Release 0.10.1 has the same contents as 0.10.0. An error on PyPi prevented the 0.10.0 release from being properly uploaded because of an existing file of the same name. We immediately released 0.10.1 as a replacement.

0.9.0

July 24, 2023

Release 0.9.0 is an important upgrade that changes (PR #2302) the dependency on the now archived Hyperledger Ursa project to its updated, improved replacement, AnonCreds CL-Signatures. This important change is ONLY available when using Aries Askar as the wallet type, which brings in both [Indy VDR] and the CL-Signatures via the latest version of CredX from the indy-shared-rs repository. The update is NOT available to those that are using the Indy SDK. All new deployments of ACA-Py SHOULD use Aries Askar. Further, we strongly recommend that all deployments using the Indy SDK with ACA-Py upgrade their installation to use Aries Askar and the related components using the migration scripts available. An Indy SDK to Askar migration document added to the aca-py.org documentation site, and a deprecation warning added to the ACA-Py startup.

The second big change in this release is that we have upgraded the primary Python version from 3.6 to 3.9 (PR #2247). In this case, primary means that Python 3.9 is used to run the unit and integration tests on all Pull Requests. We also do nightly runs of the main branch using Python 3.10. As of this release we have dropped Python 3.6, 3.7 and 3.8, and introduced new dependencies that are not supported in those versions of Python. For those that use the published ACA-Py container images, the upgrade should be easily handled. If you are pulling ACA-Py into your own image, or a non-containerized environment, this is a breaking change that you will need to address.

Please see the next section for all breaking changes, and the subsequent section for a categorized list of all pull requests in this release.

Breaking Changes

In addition to the breaking Python 3.6 to 3.9 upgrade, there are two other breaking changes that may impact some deployments.

#2034 allows for additional flexibility in using public DIDs in invitations, and adds a restriction that "implicit" invitations must be proactively enabled using a flag (--requests-through-public-did). Previously, such requests would always be accepted if --auto-accept was enabled, which could lead to unexpected connections being established.

#2170 is a change to improve message handling in the face of delivery errors when using a persistent queue implementation such as the ACA-Py Redis Plugin. If you are using the Redis plugin, you MUST upgrade to Redis Plugin Release 0.1.0 in conjunction with deploying this ACA-Py release. For those using their own persistent queue solution, see the PR #2170 comments for information about changes you might need to make to your deployment.

Categorized List of Pull Requests

  • DIDComm Messaging Improvements/Fixes
    • BREAKING: feat: get queued outbound message in transport handle message #2170 dbluhm
  • DID Handling and Connection Establishment Updates/Fixes
    • Allow any did to be public #2295 mkempa
    • Feat: Added support for Ed25519Signature2020 signature type and Ed25519VerificationKey2020 #2241 dkulic
    • Add Goal and Goal Code to OOB and DIDex Request #2294 usingtechnology
    • Fix routing in set public did #2288 mkempa - Fix: Do not replace public verkey on mediator #2269 mkempa - BREAKING: Allow multi-use public invites and public invites with metadata #2034 mepeltier
    • fix: public did mediator routing keys as did keys #1977 dbluhm
  • Credential Exchange (Issue, Present) Updates
  • Multitenancy Updates and Fixes
    • Fix: Track endorser and author roles in per-tenant settings #2331 shaangill025
    • Added base wallet provisioning details to Multitenancy.md #2328 esune
  • Other Fixes, Demo, and Documentation Fixes
  • ACA-Py Deployment Upgrade Changes
  • Plugin Handling Updates
    • Feature: Add the ability to deny specific plugins from loading 0.7.4 #1737 frostyfrog
  • Dependencies and Internal Updates
  • ACA-Py Administrative Updates
    • Updating Maintainers list to be accurate and using the TOC format #2258 swcurran
  • CI/CD and Developer Tools/Productivity Updates
  • Release management pull requests

0.8.2

June 29, 2023

Release 0.8.2 contains a number of minor fixes and updates to ACA-Py, including the correction of a regression in Release 0.8.0 related to the use of plugins (see #2255). Highlights include making it easier to use tracing in a development environment to collect detailed performance information about what is going in within ACA-Py.

This release pulls in indy-shared-rs Release 3.3 which fixes a serious issue in AnonCreds verification, as described in issue #2036, where the verification of a presentation with multiple revocable credentials fails when using Aries Askar and the other shared components. This issue occurs only when using Aries Askar and indy-credx Release 3.3.

An important new feature in this release is the ability to set some instance configuration settings at the tenant level of a multi-tenant deployment. See PR #2233.

There are no breaking changes in this release.

Categorized List of Pull Requests

  • Connections Fixes/Updates
    • Resolve definitions.py fix to fix backwards compatibility break in plugins #2255 usingtechnology
    • Add support for JsonWebKey2020 for the connection invitations #2173 dkulic
    • fix: only cache completed connection targets #2240 dbluhm
    • Connection target should not be limited only to indy dids #2229 dkulic
    • Disable webhook trigger on initial response to multi-use connection invitation #2223 esune
  • Credential Exchange (Issue, Present) Updates
  • Multi-tenancy fixes/updates
  • Other Bug and Documentation Fixes
  • Dependencies and Internal Updates
    • Bump requests from 2.30.0 to 2.31.0 in /demo/playground/scripts dependenciesPull requests that update a dependency file #2238 dependabot bot
    • Upgrade codegen tools in scripts/generate-open-api-spec and publish Swagger 2.0 and OpenAPI 3.0 specs #2246 ff137
  • ACA-Py Administrative Updates
  • Message Tracing/Timing Updates
  • Release management pull requests

0.8.1

April 5, 2023

Version 0.8.1 is an urgent update to Release 0.8.0 to address an inability to execute the upgrade command. The upgrade command is needed for 0.8.0 Pull Request #2116 - "UPGRADE: Fix multi-use invitation performance", which is useful for (at least) deployments of ACA-Py as a mediator. In the release, the upgrade process is revamped, and documented in Upgrading ACA-Py.

Key points about upgrading for those with production, pre-0.8.1 ACA-Py deployments:

  • Upgrades now happen automatically on startup, when needed.
  • The version of the last executed upgrade, even if it is a "no change" upgrade, is put into secure storage and is used to detect when future upgrades are needed.
    • Upgrades are needed when the running version is greater than the version is secure storage.
  • If you have an existing, pre-0.8.1 deployment with many connection records, there may be a delay in starting as an upgrade will be run that loads and saves every connection record, updating the data in the record in the process.
    • A mechanism is to be added (see Issue #2201) for preventing an upgrade running if it should not be run automatically, and requires using the upgrade command. To date, there has been no need for this feature.
  • See the Upgrading ACA-Py document for more details.

Postgres Support with Aries Askar

Recent changes to Aries Askar have resulted in Askar supporting Postgres version 11 and greater. If you are on Postgres 10 or earlier and want to upgrade to use Askar, you must migrate your database to Postgres 10.

We have also noted that in some container orchestration environments such as Red Hat's OpenShift and possibly other Kubernetes distributions, Askar using Postgres versions greater than 14 do not install correctly. Please monitor Issue #2199 for an update to this limitation. We have found that Postgres 15 does install correctly in other environments (such as in docker compose setups).

Categorized List of Pull Requests

0.8.0

March 14, 2023

0.8.0 is a breaking change that contains all updates since release 0.7.5. It extends the previously tagged 1.0.0-rc1 release because it is not clear when the 1.0.0 release will be finalized. Many of the PRs in this release were previously included in the 1.0.0-rc1 release. The categorized list of PRs separates those that are new from those in the 1.0.0-rc1 release candidate.

There are not a lot of new Aries Framework features in this release, as the focus has been on cleanup and optimization. The biggest addition is the inclusion with ACA-Py of a universal resolver interface, allowing an instance to have both local resolvers for some DID Methods and a call out to an external universal resolver for other DID Methods. Another significant new capability is full support for Hyperledger Indy transaction endorsement for Authors and Endorsers. A new repo aries-endorser-service has been created that is a pre-configured instance of ACA-Py for use as an Endorser service.

A recently completed feature that is outside of ACA-Py is a script to migrate existing ACA-Py storage from Indy SDK format to Aries Askar format. This enables existing deployments to switch to using the newer Aries Askar components. For details see the converter in the aries-acapy-tools repository.

Container Publishing Updated

With this release, a new automated process publishes container images in the Hyperledger container image repository. New images for the release are automatically published by the GitHubAction Workflows: publish.yml and publish-indy.yml. The actions are triggered when a release is tagged, so no manual action is needed. The images are published in the Hyperledger Package Repository under aries-cloudagent-python and a link to the packages added to the repositories main page (under "Packages"). Additional information about the container image publication process can be found in the document Container Images and Github Actions.

The ACA-Py container images are based on Python 3.6 and 3.9 slim-bullseye images, and are designed to support linux/386 (x86), linux/amd64 (x64), and linux/arm64. However, for this release, the publication of multi-architecture containers is disabled. We are working to enable that through the updating of some dependencies that lack that capability. There are two flavors of image built for each Python version. One contains only the Indy/Aries Shared Libraries only (Aries Askar, Indy VDR and Indy Shared RS, supporting only the use of --wallet-type askar). The other (labelled indy) contains the Indy/Aries shared libraries and the Indy SDK (considered deprecated). For new deployments, we recommend using the Python 3.9 Shared Library images. For existing deployments, we recommend migrating to those images.

Those currently using the container images published by BC Gov on Docker Hub should change to use those published to the Hyperledger Package Repository under aries-cloudagent-python.

Breaking Changes and Upgrades

PR #2034 -- Implicit connections

The break impacts existing deployments that support implicit connections, those initiated by another agent using a Public DID for this instance instead of an explicit invitation. Such deployments need to add the configuration parameter --requests-through-public-did to continue to support that feature. The use case is that an ACA-Py instance publishes a public DID on a ledger with a DIDComm service in the DIDDoc. Other agents resolve that DID, and attempt to establish a connection with the ACA-Py instance using the service endpoint. This is called an "implicit" connection in RFC 0023 DID Exchange.

PR #1913 -- Unrevealed attributes in presentations

Updates the handling of "unrevealed attributes" during verification of AnonCreds presentations, allowing them to be used in a presentation, with additional data that can be checked if for unrevealed attributes. As few implementations of Aries wallets support unrevealed attributes in an AnonCreds presentation, this is unlikely to impact any deployments.

PR #2145 - Update webhook message to terse form by default, added startup flag --debug-webhooks for full form

The default behavior in ACA-Py has been to keep the full text of all messages in the protocol state object, and include the full protocol state object in the webhooks sent to the controller. When the messages include an object that is very large in all the messages, the webhook may become too big to be passed via HTTP. For example, issuing a credential with a photo as one of the claims may result in a number of copies of the photo in the protocol state object and hence, very large webhooks. This change reduces the size of the webhook message by eliminating redundant data in the protocol state of the "Issue Credential" message as the default, and adds a new parameter to use the old behavior.

UPGRADE PR #2116 - UPGRADE: Fix multi-use invitation performance

The way that multiuse invitations in previous versions of ACA-Py caused performance to degrade over time. An update was made to add state into the tag names that eliminated the need to scan the tags when querying storage for the invitation.

If you are using multiuse invitations in your existing (pre-0.8.0 deployment of ACA-Py, you can run an upgrade to apply this change. To run upgrade from previous versions, use the following command using the 0.8.0 version of ACA-Py, adding you wallet settings:

aca-py upgrade <other wallet config settings> --from-version=v0.7.5 --upgrade-config-path ./upgrade.yml

Categorized List of Pull Requests

  • Verifiable credential, presentation and revocation handling updates

    • BREAKING: Update webhook message to terse form [default, added startup flag --debug-webhooks for full form #2145 by victorlee0505
    • Add startup flag --light-weight-webhook to trim down outbound webhook payload #1941 victorlee0505
    • feat: add verification method issue-credentials-2.0/send endpoint #2135 chumbert
    • Respect auto-verify-presentation flag in present proof v1 and v2 #2097 dbluhm
    • Feature: enabled handling VPs (request, creation, verification) with different VCs #1956 (teanas)
    • fix: update issue-credential endpoint summaries #1997 (PeterStrob)
    • fix claim format designation in presentation submission #2013 (rmnre)
    • #2041 - Issue JSON-LD has invalid Admin API documentation #2046 (jfblier-amplitude)
    • Previously flagged in release 1.0.0-rc1

  • Out of Band (OOB) and DID Exchange / Connection Handling / Mediator

  • DID Registration and Resolution related updates

  • Hyperledger Indy Endorser/Author Transaction Handling

    • Update some of the demo Readme and Endorser instructions #2122 swcurran
    • Special handling for the write ledger #2030 (ianco)
    • Previously flagged in release 1.0.0-rc1

  • Admin API Additions

  • Startup Command Line / Environment / YAML Parameter Updates

    • Update webhook message to terse form [default, added startup flag --debug-webhooks for full form #2145 by victorlee0505
    • Add startup flag --light-weight-webhook to trim down outbound webhook payload #1941 victorlee0505
    • Add missing --mediator-connections-invite cmd arg info to docs #2051 (matrixik)
    • Issue #2068 boolean flag change to support HEAD requests to default route #2077 (johnekent)
    • Previously flagged in release 1.0.0-rc1
      • Add seed command line parameter but use only if also an "allow insecure seed" parameter is set #1714 (DaevMithran)

  • Internal Aries framework data handling updates

    • fix: resolver api schema inconsistency #2112 (TimoGlastra)
    • fix: return if return route but no response #1853 (TimoGlastra)
    • Multi-ledger/Multi-tenant issues #2022 (ianco)
    • fix: Correct typo in model -- required spelled incorrectly #2031 (swcurran)
    • Code formatting #2053 (ianco)
    • Improved validation of record state attributes #2071 (rmnre)
    • Previously flagged in release 1.0.0-rc1
      • fix: update RouteManager methods use to pass profile as parameter #1902 (chumbert)
      • Allow fully qualified class names for profile managers #1880 (chumbert)
      • fix: unable to use askar with in memory db #1878 (dbluhm)
      • Enable manually triggering keylist updates during connection #1851 (dbluhm)
      • feat: make base wallet route access configurable #1836 (dbluhm)
      • feat: event and webhook on keylist update stored #1769 (dbluhm)
      • fix: Safely shutdown when root_profile uninitialized #1960 (frostyfrog)
      • feat: include connection ids in keylist update webhook #1914 (dbluhm)
      • fix: incorrect response schema for discover features #1912 (dbluhm)
      • Fix: SchemasInputDescriptorFilter: broken deserialization renders generated clients unusable #1894 (rmnre)
      • fix: schema class can set Meta.unknown #1885 (dbluhm)

  • Unit, Integration, and Aries Agent Test Harness Test updates

  • Dependency, Python version, GitHub Actions and Container Image Changes

  • Demo and Documentation Updates

  • Release management pull requests

0.7.5

October 26, 2022

0.7.5 is a patch release to deal primarily to add PR #1881 DID Exchange in ACA-Py 0.7.4 with explicit invitations and without auto-accept broken. A couple of other PRs were added to the release, as listed below, and in Milestone 0.7.5.

List of Pull Requests

0.7.4

June 30, 2022

⚠️ Existing multitenant JWTs invalidated when a new JWT is generated: If you have a pre-existing implementation with existing Admin API authorization JWTs, invoking the endpoint to get a JWT now invalidates the existing JWT. Previously an identical JWT would be created. Please see this comment on PR #1725 for more details.

0.7.4 is a significant release focused on stability and production deployments. As the "patch" release number indicates, there were no breaking changes in the Admin API, but a huge volume of updates and improvements. Highlights of this release include:

  • A major performance and stability improvement resulting from the now recommended use of Aries Askar instead of the Indy-SDK.
  • There are significant improvements and tools for dealing with revocation-related issues.
  • A lot of work has been on the handling of Hyperledger Indy transaction endorsements.
  • ACA-Py now has a pluggable persistent queues mechanism in place, with Redis and Kafka support available (albeit with work still to come on documentation).

In addition, there are a significant number of general enhancements, bug fixes, documentation updates and code management improvements.

This release is a reflection of the many groups stressing ACA-Py in production environments, reporting issues and the resulting solutions. We also have a very large number of contributors to ACA-Py, with this release having PRs from 22 different individuals. A big thank you to all of those using ACA-Py, raising issues and providing solutions.

Major Enhancements

A lot of work has been put into this release related to performance and load testing, with significant updates being made to the key "shared component" ACA-Py dependencies (Aries Askar, Indy VDR) and Indy Shared RS (including CredX). We now recommend using those components (by using --wallet-type askar in the ACA-Py startup parameters) for new ACA-Py deployments. A wallet migration tool from indy-sdk storage to Askar storage is still needed before migrating existing deployment to Askar. A big thanks to those creating/reporting on stress test scenarios, and especially the team at LISSI for creating the aries-cloudagent-loadgenerator to make load testing so easy! And of course to the core ACA-Py team for addressing the findings.

The largest enhancement is in the area of the endorsing of Hyperledger Indy ledger transactions, enabling an instance of ACA-Py to act as an Endorser for Indy authors needing endorsements to write objects to an Indy ledger. We're working on an Aries Endorser Service based on the new capabilities in ACA-Py, an Endorser to be easily operated by an organization, ideally with a controller starter kit supporting a basic human and automated approvals business workflow. Contributions welcome!

A focus towards the end of the 0.7.4 development and release cycle was on the handling of AnonCreds revocation in ACA-Py. Most important, a production issue was uncovered where by an ACA-Py issuer's local Revocation Registry data could get out of sync with what was published on an Indy ledger, resulting in an inability to publish new RevRegEntry transactions -- making new revocations impossible. As a result, we have added some new endpoints to enable an update to the RevReg storage such that RevRegEntry transactions can again be published to the ledger. Other changes were added related to revocation in general and in the handling of tails files in particular.

The team has worked a lot on evolving the persistent queue (PQ) approach available in ACA-Py. We have landed on a design for the queues for inbound and outbound messages using a default in-memory implementation, and the ability to replace the default method with implementations created via an ACA-Py plugin. There are two concrete, out-of-the-box external persistent queuing solutions available for Redis and Kafka. Those ACA-Py persistent queue implementation repositories will soon be migrated to the Aries project within the Hyperledger Foundation's GitHub organization. Anyone else can implement their own queuing plugin as long as it uses the same interface.

Several new ways to control ACA-Py configurations were added, including new startup parameters, Admin API parameters to control instances of protocols, and additional web hook notifications.

A number of fixes were made to the Credential Exchange protocols, both for V1 and V2, and for both AnonCreds and W3C format VCs. Nothing new was added and there no changes in the APIs.

As well there were a number of internal fixes, dependency updates, documentation and demo changes, developer tools and release management updates. All the usual stuff needed for a healthy, growing codebase.

Categorized List of Pull Requests

  • Hyperledger Indy Endorser related updates:

    • Fix order of operations connecting faber to endorser #1716 (ianco)
    • Endorser support for updating DID endpoints on ledger #1696 (frostyfrog)
    • Add "sent" key to both Schema and Cred Defs when using Endorsers #1663 (frostyfrog)
    • Add cred_def_id to metadata when using an Endorser #1655 (frostyfrog)
    • Update Endorser documentation #1646 (chumbert)
    • Auto-promote author did to public after endorsing #1607 (ianco)
    • DID updates for endorser #1601 (ianco)
    • Qualify did exch connection lookup by role #1670 (ianco)
    • Use provided connection_id if provided #1726 (ianco)

  • Additions to the startup parameters, Admin API and Web Hooks

  • Persistent Queues

    • Redis PQ Cleanup in preparation for enabling the uses of plugin PQ implementations [Issue#1659] #1659 (shaangill025)

  • Credential Revocation and Tails File Handling

    • Fix handling of non-revocable credential when timestamp is specified (askar/credx) #1847 (andrewwhitehead)
    • Additional endpoints to get revocation details and fix "published" status #1783 (ianco)
    • Fix IssuerCredRevRecord state update on revocation publish #1827 (andrewwhitehead)
    • Fix put_file when the server returns a redirect #1808 (andrewwhitehead)
    • Adjust revocation registry update procedure to shorten transactions #1804 (andrewwhitehead)
    • fix: Resolve Revocation Notification environment variable name collision #1751 (frostyfrog)
    • fix: always notify if revocation notification record exists #1665 (TimoGlastra)
    • Fix for AnonCreds non-revoc proof with no timestamp #1628 (ianco)
    • Fixes for v7.3.0 - Issue #1597 #1711 (shaangill025)
      • Fixes Issue 1 from #1597: Tails file upload fails when a credDef is created and multi ledger support is enabled
    • Fix tails server upload multi-ledger mode #1785 (ianco)
    • Feat/revocation notification v2 #1734 (frostyfrog)

  • Issue Credential, Present Proof updates/fixes

    • Fix: Present Proof v2 - check_proof_vs_proposal update to support proof request with restrictions #1820 (shaangill025)
    • Fix: present-proof v1 send-proposal flow #1811 (shaangill025)
    • Prover - verification outcome from presentation ack message #1757 (shaangill025)
    • feat: support connectionless exchange #1710 (TimoGlastra)
    • Fix: DIF proof proposal when creating bound presentation request [Issue#1687] #1690 (shaangill025)
    • Fix DIF PresExch and OOB request_attach delete unused connection #1676 (shaangill025)
    • Fix DIFPresFormatHandler returning invalid V20PresExRecord on presentation verification #1645 (rmnre)
    • Update aries-askar patch version to at least 0.2.4 as 0.2.3 does not include backward compatibility #1603 (acuderman)
    • Fixes for credential details in issue-credential webhook responses #1668 (andrewwhitehead)
    • Fix: present-proof v2 send-proposal issue#1474 #1667 (shaangill025)
      • Fixes Issue 3b from #1597: V2 Credential exchange ignores the auto-respond-credential-request
    • Revert change to send_credential_ack return value #1660 (andrewwhitehead)
    • Fix usage of send_credential_ack #1653 (andrewwhitehead)
    • Replace blank credential/presentation exchange states with abandoned state #1605 (andrewwhitehead)
      • Fixes Issue 4 from #1597: Wallet type askar has issues when receiving V1 credentials
    • Fixes and cleanups for issue-credential 1.0 #1619 (andrewwhitehead)
    • Fix: Duplicated schema and cred_def - Askar and Postgres #1800 (shaangill025)

  • Mediator updates and fixes

    • feat: allow querying default mediator from base wallet #1729 (dbluhm)
    • Added async with for mediator record delete #1749 (dejsenlitro)

  • Multitenacy updates and fixes

    • feat: create new JWT tokens and invalidate older for multitenancy #1725 (TimoGlastra)
    • Multi-tenancy stale wallet clean up #1692 (dbluhm)

  • Dependencies and internal code updates/fixes

  • Documentation and Demo Updates

    • Use default wallet type askar for alice/faber demo and bdd tests #1761 (ianco)
    • Update the Supported RFCs document for 0.7.4 release #1846 (swcurran)
    • Fix a typo in DevReadMe.md #1844 (feknall)
    • Add troubleshooting document, include initial examples - ledger connection, out-of-sync RevReg #1818 (swcurran)
    • Update POST /present-proof/send-request to POST /present-proof-2.0/send-request #1824 (lineko)
    • Fetch from --genesis-url likely to fail in composed container #1746 (tdiesler)
    • Fixes logic for web hook formatter in Faber demo #1739 (amanji)
    • Multitenancy Docs Update #1706 (MonolithicMonk)
    • #1674 Add basic DOCKER_ENV logging for run_demo #1675 (tdiesler)
    • Performance demo updates #1647 (ianco)
    • docs: supported features attribution #1654 (TimoGlastra)
    • Documentation on existing language wrappers for aca-py #1738 (etschelp)
    • Document impact of multi-ledger on TAA acceptance #1778 (ianco)

  • Code management and contributor/developer support updates

  • Release management pull requests

    • 0.7.4 Release Changelog and version update #1849 (swcurran)
    • 0.7.4-rc5 changelog, version and ReadTheDocs updates #1838 (swcurran)
    • Update changelog and version for 0.7.4-rc4 #1830 (swcurran)
    • Changelog, version and ReadTheDocs updates for 0.7.4-rc3 release #1817 (swcurran)
    • 0.7.4-rc2 update #1771 (swcurran)
    • Some ReadTheDocs File updates #1770 (swcurran)
    • 0.7.4-RC1 Changelog intro paragraph - fix copy/paste error #1753 (swcurran)
    • Fixing the intro paragraph and heading in the changelog of this 0.7.4RC1 #1752 (swcurran)
    • Updates to Changelog for 0.7.4. RC1 release #1747 (swcurran)
    • Prep for adding the 0.7.4-rc0 tag #1722 (swcurran)
    • Added missed new module -- upgrade -- to the RTD generated docs #1593 (swcurran)
    • Doh....update the date in the Changelog for 0.7.3 #1592 (swcurran)

0.7.3

January 10, 2022

This release includes some new AIP 2.0 features out (Revocation Notification and Discover Features 2.0), a major new feature for those using Indy ledger (multi-ledger support), a new "version upgrade" process that automates updating data in secure storage required after a new release, and a fix for a critical bug in some mediator scenarios. The release also includes several new pieces of documentation (upgrade processing, storage database information and logging) and some other documentation updates that make the ACA-Py Read The Docs site useful again. And of course, some recent bug fixes and cleanups are included.

There is a BREAKING CHANGE for those deploying ACA-Py with an external outbound queue implementation (see PR #1501). As far as we know, there is only one organization that has such an implementation and they were involved in the creation of this PR, so we are not making this release a minor or major update. However, anyone else using an external queue should be aware of the impact of this PR that is included in the release.

For those that have an existing deployment of ACA-Py with long-lasting connection records, an upgrade is needed to use RFC 434 Out of Band and the "reuse connection" as the invitee. In PR #1453 (details below) a performance improvement was made when finding a connection for reuse. The new approach (adding a tag to the connection to enable searching) applies only to connections made using this ACA-Py release and later, and "as-is" connections made using earlier releases of ACA-Py will not be found as reuse candidates. A new "Upgrade deployment" capability (#1557, described below) must be executed to update your deployment to add tags for all existing connections.

The Supported RFCs document has been updated to reflect the addition of the AIP 2.0 RFCs for which support was added.

The following is an annotated list of PRs in the release, including a link to each PR.

  • AIP 2.0 Features
    • Discover Features Protocol: v1_0 refactoring and v2_0 implementation #1500
      • Updates the Discover Features 1.0 (AIP 1.0) implementation and implements the new 2.0 version. In doing so, adds generalized support for goal codes to ACA-Py.
      • fix DiscoveryExchangeRecord RECORD_TOPIC typo fix #1566
    • Implement Revocation Notification v1.0 #1464
    • Fix integration tests (revocation notifications) #1528
    • Add Revocation notification support to alice/faber #1527
  • Other New Features
    • Multiple Indy Ledger support and State Proof verification #1425
      • Remove required dependencies from multi-ledger code that was requiring the import of Aries Askar even when not being used#1550
      • Fixed IndyDID resolver bug after Tag 0.7.3rc0 created #1569
      • Typo vdr service name #1563
      • Fixes and cleanup for multiple ledger support with Askar #1583
    • Outbound Queue - more usability improvements #1501
    • Display QR code when generating/displaying invites on startup #1526
    • Enable WS Pings for WS Inbound Transport #1530
      • Faster detection of lost Web Socket connections; implementation verified with an existing mediator.
    • Performance Improvement when using connection reuse in OOB and there are many DID connections. ConnRecord tags - their_public_did and invitation_msg_id #1543
      • In previous releases, a "their_public_did" was not a tag, so to see if you can reuse a connection, all connections were retrieved from the database to see if a matching public DID can be found. Now, connections created after deploying this release will have a tag on the connection such that an indexed query can be used. See "Breaking Change" note above and "Update" feature below.
      • Follow up to #1543 - Adding invitation_msg_id and their_public_did back to record_value #1553
    • A generic "Upgrade Deployment" capability was added to ACA-Py that operates like a database migration capability in relational databases. When executed (via a command line option), a current version of the deployment is detected and if any storage updates need be applied to be consistent with the new version, they are, and the stored "current version"is updated to the new version. An instance of this capability can be used to address the new feature #1543 documented above. #1557
    • Adds a "credential_revoked" state to the Issue Credential protocol state object. When the protocol state object is retained past the completion of the protocol, it is updated when the credential is revoked. #1545
    • Updated a missing dependency that recently caused an error when using the --version command line option #1589
  • Critical Fixes
    • Fix connection record response for mobile #1469
  • Documentation Additions and Updates
    • added documentation for wallet storage databases #1523
    • added logging documentation #1519
    • Fix warnings when generating ReadTheDocs #1509
    • Remove Streetcred references #1504
    • Add RTD configs to get generator working #1496
    • The Alice/Faber demo was updated to allow connections based on Public DIDs to be established, including reusing a connection if there is an existing connection. #1574
  • Other Fixes
    • Connection Handling / Out of Band Invitations Fixes
      • OOB: Fixes issues with multiple public explicit invitation and unused 0160 connection #1525
      • OOB added webhooks to notify the controller when a connection reuse message is used in response to an invitation #1581
      • Delete unused ConnRecord generated - OOB invitation (use_exising_connection) #1521
        • When an invitee responded with a "reuse" message, the connection record associated with the invitation was not being deleted. Now it is.
      • Await asyncio.sleeps to cleanup warnings in Python 3.8/3.9 #1558
      • Add alias field to didexchange invitation UI #1561
      • fix: use invitation key for connection query #1570
      • Fix the inconsistency of invitation_msg_id between invitation and response #1564
      • chore: update pydid to ^0.3.3 #1562
    • DIF Presentation Exchange Cleanups
      • Fix DIF Presentation Request Input Validation #1517
        • Some validation checking of a DIF presentation request to prevent uncaught errors later in the process.
      • DIF PresExch - ProblemReport and "is_holder" #1493
        • Cleanups related to when "is_holder" is or is not required. Related to Issue #1486
    • Indy SDK Related Fixes
      • Fix AttributeError when writing an Indy Cred Def record #1516
      • Fix TypeError when calling credential_definitions_fix_cred_def_wallet… #1515
      • Fix TypeError when writing a Schema record #1494
      • Fix validation for range checks #1538
        • Back out some of the validation checking for proof requests with predicates as they were preventing valid proof requests from being processed.
    • Aries Askar Related Fixes:
      • Fix bug when getting credentials on askar-profile #1510
      • Fix error when removing a wallet on askar-profile #1518
      • Fix error when connection request is received (askar, public invitation) #1508
      • Fix error when an error occurs while issuing a revocable credential #1591
    • Docker fixes:
      • Update docker scripts to use new & improved docker IP detection #1565
    • Release Adminstration:
      • Changelog and RTD updates for the pending 0.7.3 release #1553

0.7.2

November 15, 2021

A mostly maintenance release with some key updates and cleanups based on community deployments and discovery. With usage in the field increasing, we're cleaning up edge cases and issues related to volume deployments.

The most significant new feature for users of Indy ledgers is a simplified approach for transaction authors getting their transactions signed by an endorser. Transaction author controllers now do almost nothing other than configuring their instance to use an Endorser, and ACA-Py takes care of the rest. Documentation of that feature is here.

  • Improve cloud native deployments/scaling
    • unprotect liveness and readiness endpoints #1416
    • Open askar sessions only on demand - Connections #1424
    • Fixed potential deadlocks by opening sessions only on demand (Wallet endpoints) #1472
    • Fixed potential deadlocks by opening sessions only on demand #1439
    • Make mediation invitation parameter idempotent #1413
  • Indy Transaction Endorser Support Added
    • Endorser protocol configuration, automation and demo integration #1422
    • Auto connect from author to endorser on startup #1461
    • Startup and shutdown events (prep for endorser updates) #1459
    • Endorser protocol askar fixes #1450
    • Endorser protocol updates - refactor to use event bus #1448
  • Indy verifiable credential/presentation fixes and updates
    • Update credential and proof mappings to allow negative encoded values #1475
    • Add credential validation to offer issuance step #1446
    • Fix error removing proof req entries by timestamp #1465
    • Fix issue with cred limit on presentation endpoint #1437
    • Add support for custom offers from the proposal #1426
    • Make requested attributes and predicates required on indy proof request #1411
    • Remove connection check on proof verify #1383
  • General cleanups and improvements to existing features
    • Fixes failing integration test -- JSON-LD context URL not loading because of external issue #1491
    • Update base record time-stamp to standard ISO format #1453
    • Encode DIDComm messages before sent to the queue #1408
    • Add Event bus Metadata #1429
    • Allow base wallet to connect to a mediator after startup #1463
    • Log warning when unsupported problem report code is received #1409
    • feature/inbound-transport-profile #1407
    • Import cleanups #1393
    • Add no-op handler for generic ack message (RFC 0015) #1390
    • Align OutOfBandManager.receive_invitation with other connection managers #1382
  • Bug fixes
    • fix: fixes error in use of a default mediator in connections/out of band -- mediation ID was being saved as None instead of the retrieved default mediator value #1490
    • fix: help text for open-mediation flag #1445
    • fix: incorrect return type #1438
    • Add missing param to ws protocol #1442
    • fix: create static doc use empty endpoint if None #1483
    • fix: use named tuple instead of dataclass in mediation invite store #1476
    • When fetching the admin config, don't overwrite webhook settings #1420
    • fix: return type of inject #1392
    • fix: typo in connection static result schema #1389
    • fix: don't require push on outbound queue implementations #1387
  • Updates/Fixes to the Alice/Faber demo and integration tests
    • Clarify instructions in the Acme Controller Demo #1484
    • Fix aip 20 behaviour and other cleanup #1406
    • Fix issue with startup sequence for faber agent #1415
    • Connectionless proof demo #1395
    • Typos in the demo's README.md #1405
    • Run integration tests using external ledger and tails server #1400
  • Chores
    • Update CONTRIBUTING.md #1428
    • Update to ReadMe and Supported RFCs for 0.7.2 #1489
    • Updating the RTDs code for Release 0.7.2 - Try 2 #1488

0.7.1

August 31, 2021

A relatively minor maintenance release to address issues found since the 0.7.0 Release. Includes some cleanups of JSON-LD Verifiable Credentials and Verifiable Presentations

  • W3C Verifiable Credential cleanups
    • Timezone inclusion [ISO 8601] for W3C VC and Proofs (#1373)
    • W3C VC handling where attachment is JSON and not Base64 encoded (#1352)
  • Refactor outbound queue interface (#1348)
  • Command line parameter handling for arbitrary plugins (#1347)
  • Add an optional parameter '--ledger-socks-proxy' (#1342)
  • OOB Protocol - CredentialOffer Support (#1316), (#1216)
  • Updated IndyCredPrecisSchema - pres_referents renamed to presentation_referents (#1334)
  • Handle unpadded protected header in PackWireFormat::get_recipient_keys (#1324)
  • Initial cut of OpenAPI Code Generation guidelines (#1339)
  • Correct revocation API in credential revocation documentation (#612)
  • Documentation updates for Read-The-Docs (#1359, #1366, #1371)
  • Add inject_or method to dynamic injection framework to resolve typing ambiguity (#1376)
  • Other fixes:
    • Indy Proof processing fix, error not raised in predicate timestamp check (#1364)
    • Problem Report handler for connection specific problems (#1356)
    • fix: error on deserializing conn record with protocol (#1325)
    • fix: failure to verify jsonld on non-conformant doc but vaild vmethod (#1301)
    • fix: allow underscore in endpoints (#1378)

0.7.0

July 14, 2021

Another significant release, this version adds support for multiple new protocols, credential formats, and extension methods.

  • Support for W3C Standard Verifiable Credentials based on JSON-LD using LD-Signatures and BBS+ Signatures, contributed by Animo Solutions - #1061
  • Present Proof V2 including support for DIF Presentation Exchange - #1125
  • Pluggable DID Resolver (with a did:web resolver) with fallback to an external DID universal resolver, contributed by Indicio - #1070
  • Updates and extensions to ledger transaction endorsement via the Sign Attachment Protocol, contributed by AyanWorks - #1134, #1200
  • Upgrades to Demos to add support for Credential Exchange 2.0 and W3C Verifiable Credentials #1235
  • Alpha support for the Indy/Aries Shared Components (indy-vdr, indy-credx and aries-askar), which enable running ACA-Py without using Indy-SDK, while still supporting the use of Indy as a ledger, and Indy AnonCreds verifiable credentials #1267
  • A new event bus for distributing internally generated ACA-Py events to controllers and other listeners, contributed by Indicio - #1063
  • Enable operation without Indy ledger support if not needed
  • Performance fix for deployments with large numbers of DIDs/connections #1249
  • Simplify the creation/handling of plugin protocols #1086, #1133, #1226
  • DID Exchange implicit invitation handling #1174
  • Add support for Indy 1.16 predicates (restrictions on predicates based on attribute name and value) #1213
  • BDD Tests run via GitHub Actions #1046

0.6.0

February 25, 2021

This is a significant release of ACA-Py with several new features, as well as changes to the internal architecture in order to set the groundwork for using the new shared component libraries: indy-vdr, indy-credx, and aries-askar.

Mediator support

While ACA-Py had previous support for a basic routing protocol, this was never fully developed or used in practice. Starting with this release, inbound and outbound connections can be established through a mediator agent using the Aries Mediator Coordination Protocol. This work was initially contributed by Adam Burdett and Daniel Bluhm of Indicio on behalf of SICPA. Read more about mediation support.

Multi-Tenancy support

Started by BMW and completed by Animo Solutions and Anon Solutions on behalf of SICPA, this feature allows for a single ACA-Py instance to host multiple wallet instances. This can greatly reduce the resources required when many identities are being handled. Read more about multi-tenancy support.

New connection protocol(s)

In addition to the Aries 0160 Connections RFC, ACA-Py now supports the Aries DID Exchange Protocol for connection establishment and reuse, as well as the Aries Out-of-Band Protocol for representing connection invitations and other pre-connection requests.

Issue-Credential v2

This release includes an initial implementation of the Aries Issue Credential v2 protocol.

Notable changes for administrators

  • There are several new endpoints available for controllers as well as new startup parameters related to the multi-tenancy and mediator features, see the feature description pages above in order to make use of these features. Additional admin endpoints are introduced for the DID Exchange, Issue Credential v2, and Out-of-Band protocols.

  • When running aca-py start, a new wallet will no longer be created unless the --auto-provision argument is provided. It is recommended to always use aca-py provision to initialize the wallet rather than relying on automatic behaviour, as this removes the need for repeatedly providing the wallet seed value (if any). This is a breaking change from previous versions.

  • When running aca-py provision, an existing wallet will not be removed and re-created unless the --recreate-wallet argument is provided. This is a breaking change from previous versions.

  • The logic around revocation intervals has been tightened up in accordance with Present Proof Best Practices.

Notable changes for plugin writers

The following are breaking changes to the internal APIs which may impact Python code extensions.

  • Manager classes generally accept a Profile instance, where previously they accepted a RequestContext.

  • Admin request handlers now receive an AdminRequestContext as app["context"]. The current profile is available as app["context"].profile. The admin server now generates a unique context instance per request in order to facilitate multi-tenancy, rather than reusing the same instance for each handler.

  • In order to inject the BaseStorage or BaseWallet interfaces, a ProfileSession must be used. Other interfaces can be injected at the Profile or ProfileSession level. This is obtained by awaiting profile.session() for the current Profile instance, or (preferably) using it as an async context manager:

async with profile.session() as session:
   storage = session.inject(BaseStorage)
  • The inject method of a context is no longer async.

0.5.6

October 19, 2020

  • Fix an attempt to update the agent endpoint when configured with a read-only ledger #758

0.5.5

October 9, 2020

  • Support interactions using the new https://didcomm.org message type prefix (currently opt-in via the --emit-new-didcomm-prefix flag) #705, #713
  • Updates to application startup arguments, adding support for YAML configuration #739, #746, #748
  • Add a new endpoint to check the revocation status of a stored credential #735
  • Clean up API documentation and OpenAPI definition, minor API adjustments #712, #726, #732, #734, #738, #741, #747
  • Add configurable support for unencrypted record tags #723
  • Retain more limited records on issued credentials #718
  • Fix handling of custom endpoint in connections accept-request API method #715, #716
  • Add restrictions around revocation registry sizes #727
  • Allow the state for revocation registry records to be set manually #708
  • Handle multiple matching credentials when satisfying a presentation request using names #706
  • Additional handling for a missing local tails file, tails file rollover process #702, #717
  • Handle unknown credential ID in create-proof API method #700
  • Improvements to revocation interval handling in presentation requests #699, #703
  • Clean up warnings on API redirects #692
  • Extensions to DID publicity status #691
  • Support Unicode text in JSON-LD credential handling #687

0.5.4

August 24, 2020

  • Improvements to schema, cred def registration procedure #682, #683
  • Updates to align admin API output with documented interface #674, #681
  • Fix provisioning issue when ledger is configured as read-only #673
  • Add get-nym-role action #671
  • Basic support for w3c profile endpoint #667, #669
  • Improve handling of non-revocation interval #648, #680
  • Update revocation demo after changes to tails file handling #644
  • Improve handling of fatal ledger errors #643, #659
  • Improve did:key: handling in out-of-band protocol support #639
  • Fix crash when no public DID is configured #637
  • Fix high CPU usage when only messages pending retry are in the outbound queue #636
  • Additional unit tests for config, messaging, revocation, startup, transports #633, #641, #658, #661, #666
  • Allow forwarded messages to use existing connections and the outbound queue #631

0.5.3

July 23, 2020

  • Store endpoint on provisioned DID records #610
  • More reliable delivery of outbound messages and webhooks #615
  • Improvements for OpenShift pod handling #614
  • Remove support for 'on-demand' revocation registries #605
  • Sort tags in generated swagger JSON for better consistency #602
  • Improve support for multi-credential proofs #601
  • Adjust default settings for tracing and add documentation #598, #597
  • Fix reliance on local copy of revocation tails file #590
  • Improved handling of problem reports #595
  • Remove credential preview parameter from credential issue endpoint #596
  • Looser format restrictions on dates #586
  • Support names and attribute-value specifications in present-proof protocol #587
  • Misc documentation updates and unit test coverage

0.5.2

June 26, 2020

  • Initial out-of-band protocol support #576
  • Support provisioning a new local-only DID in the wallet, updating a DID endpoint #559, #573
  • Support pagination for holder search operation #558
  • Add raw JSON credential signing and verification admin endpoints #540
  • Catch fatal errors in admin and protocol request handlers #527, #533, #534, #539, #543, #554, #555
  • Add wallet and DID key rotation operations #525
  • Admin API documentation and usability improvements #504, #516, #570
  • Adjust the maximum number of attempts for outbound messages #501
  • Add demo support for tails server #499
  • Various credential and presentation protocol fixes and improvements #491, #494, #498, #526, #561, #563, #564, #577, #579
  • Fixes for multiple agent endpoints #495, #497
  • Additional test coverage #482, #485, #486, #487, #490, #493, #509, #553
  • Update marshmallow dependency #479

0.5.1

April 23, 2020

  • Restore previous response format for the /credential/{id} admin route #474

0.5.0

April 21, 2020

  • Add support for credential revocation and revocation registry handling, with thanks to Medici Ventures #306, #417, #425, #429, #432, #435, #441, #455
  • Breaking change Remove previous credential and presentation protocols (0.1 versions) #416
  • Add support for major/minor protocol version routing #443
  • Event tracing and trace reports for message exchanges #440
  • Support additional Indy restriction operators (>, <, <= in addition to >=) #457
  • Support signed attachments according to the updated Aries RFC 0017 #456
  • Increased test coverage #442, #453
  • Updates to demo agents and documentation #402, #403, #411, #415, #422, #423, #449, #450, #452
  • Use Indy generate_nonce method to create proof request nonces #431
  • Make request context available in the outbound transport handler #408
  • Contain indy-anoncreds usage in IndyIssuer, IndyHolder, IndyProver classes #406, #463
  • Fix issue with validation of proof with predicates and revocation support #400

0.4.5

March 3, 2020

  • Added NOTICES file with license information for dependencies #398
  • Updated documentation for administration API demo #397
  • Accept self-attested attributes in presentation verification, only when no restrictions are present on the requested attribute #394, #396

0.4.4

February 28, 2020

  • Update docker image used in demo and test containers #391
  • Fix pre-verify check on received presentations #390
  • Do not canonicalize attribute names in credential previews #389

0.4.3

February 26, 2020

  • Fix the application of transaction author agreement acceptance to signed ledger requests #385
  • Add a command line argument to preserve connection exchange records #355
  • Allow custom credential IDs to be specified by the controller in the issue-credential protocol #384
  • Handle send timeouts in the admin server websocket implementation #377
  • Aries RFC 0348: Support the 'didcomm.org' message type prefix for incoming messages #379
  • Add support for additional postgres wallet schemes such as "MultiWalletDatabase" #378
  • Updates to the demo agents and documentation to support demos using the OpenAPI interface #371, #375, #376, #382, #383, #382
  • Add a new flag for preventing writes to the ledger #364

0.4.2

February 8, 2020

  • Adjust logging on HTTP request retries #363
  • Tweaks to run_docker/run_demo scripts for Windows #357
  • Avoid throwing exceptions on invalid or incomplete received presentations #359
  • Restore the present-proof/create-request admin endpoint for creating connectionless presentation requests #356
  • Activate the connections/create-static admin endpoint for creating static connections #354

0.4.1

January 31, 2020

  • Update Forward messages and handlers to align with RFC 0094 for compatibility with libvcx and Streetcred #240, #349
  • Verify encoded attributes match raw attributes on proof presentation #344
  • Improve checks for existing credential definitions in the wallet and on ledger when publishing #333, #346
  • Accommodate referents in presentation proposal preview attribute specifications #333
  • Make credential proposal optional in issue-credential protocol #336
  • Handle proofs with repeated credential definition IDs #330
  • Allow side-loading of alternative inbound transports #322
  • Various fixes to documentation and message schemas, and improved unit test coverage

0.4.0

December 10, 2019

  • Improved unit test coverage (actionmenu, basicmessage, connections, introduction, issue-credential, present-proof, routing protocols)
  • Various documentation and bug fixes
  • Add admin routes for fetching and accepting the ledger transaction author agreement #144
  • Add support for receiving connection-less proof presentations #296
  • Set attachment id explicitly in unbound proof request #289
  • Add create-proposal admin endpoint to the present-proof protocol #288
  • Remove old anon/authcrypt support #282
  • Allow additional endpoints to be specified #276
  • Allow timestamp without trailing 'Z' #275, #277
  • Display agent label and version on CLI and SwaggerUI #274
  • Remove connection activity tracking and add ping webhooks (with --monitor-ping) #271
  • Refactor message transport to track all async tasks, active message handlers #269, #287
  • Add invitation mode "static" for static connections #260
  • Allow for cred proposal underspecification of cred def id, only lock down cred def id at issuer on offer. Sync up api requests to Aries RFC-36 verbiage #259
  • Disable cookies on outbound requests (avoid session affinity) #258
  • Add plugin registry for managing all loaded protocol plugins, streamline ClassLoader #257, #261
  • Add support for locking a cache key to avoid repeating expensive operations #256
  • Add optional support for uvloop #255
  • Output timing information when --timing-log argument is provided #254
  • General refactoring - modules moved from messaging into new core, protocols, and utils sub-packages #250, #301
  • Switch performance demo to the newer issue-credential protocol #243

0.3.5

November 1, 2019

  • Switch performance demo to the newer issue-credential protocol #243
  • Remove old method for reusing credential requests and replace with local caching for credential offers and requests #238, #242
  • Add statistics on HTTP requests to timing output #237
  • Reduce the number of tags on non-secrets records to reduce storage requirements and improve performance #235

0.3.4

October 23, 2019

  • Clean up base64 handling in wallet utils and add tests #224
  • Support schema sequence numbers for lookups and caching and allow credential definition tag override via admin API #223
  • Support multiple proof referents in the present-proof protocol #222
  • Group protocol command line arguments appropriately #217
  • Don't require a signature for get_txn_request in credential_definition_id2schema_id and reduce public DID lookups #215
  • Add a role property to credential exchange and presentation exchange records #214, #218
  • Improve attachment decorator handling #210
  • Expand and correct documentation of the OpenAPI interface #208, #212

0.3.3

September 27, 2019

  • Clean up LGTM errors and warnings and fix a message dispatch error #203
  • Avoid wrapping messages with Forward wrappers when returning them directly #199
  • Add a CLI parameter to override the base URL used in URL-formatted connection invitations #197
  • Update the feature discovery protocol to match the RFC and rename the admin API endpoint #193
  • Add CLI parameters for specifying additional properties of the printed connection invitation #192
  • Add support for explicitly setting the wallet credential ID on storage #188
  • Additional performance tracking and storage reductions #187
  • Handle connection invitations in base64 or URL format in the Alice demo agent #186
  • Add admin API methods to get and set the credential tagging policy for a credential definition ID #185
  • Allow querying of credentials for proof requests with multiple referents #181
  • Allow self-connected agents to issue credentials, present proofs #179
  • Add admin API endpoints to register a ledger nym, fetch a ledger DID verkey, or fetch a ledger DID endpoint #178

0.3.2

September 3, 2019

  • Merge support for Aries #36 (issue-credential) and Aries #37 (present-proof) protocols #164, #167
  • Add initiator to connection record queries to ensure uniqueness in the case of a self-connection #161
  • Add connection aliases #149
  • Misc documentation updates

0.3.1

August 15, 2019

  • Do not fail with an error when no ledger is configured #145
  • Switch to PyNaCl instead of pysodium; update dependencies #143
  • Support reusable connection invitations #142
  • Fix --version option and optimize Docker builds #136
  • Add connection_id to basicmessage webhooks #134
  • Fixes for transaction author agreements #133

0.3.0

August 9, 2019

  • Ledger and wallet config updates; add support for transaction author agreements #127
  • Handle duplicate schema in send_schema by always fetching first #126
  • More flexible timeout support in detect_process #125
  • Add start command to run_docker invocations #119
  • Add issuer stored state #114
  • Add admin route to create a presentation request without sending it #112
  • Add -v option to aca-py executable to print version #110
  • Fix demo presentation request, optimize credential retrieval #108
  • Add pypi badge to README and make document link URLs absolute #103
  • Add admin routes for creating and listing wallet DIDs, adjusting the public DID #102
  • Update the running locally instructions based on feedback from Sam Smith #101
  • Add support for multiple invocation commands, implement start/provision/help commands #99
  • Add admin endpoint to send problem report #98
  • Add credential received state transition #97
  • Adding documentation for the routing version of the performance example #94
  • Document listing the Aries RFCs supported by ACA-Py and reference to the list in the README #89
  • Further updates to the running locally section of the demo README #86
  • Don't extract decorators with names matching the 'data_key' of defined schema fields #85
  • Allow demo scripts to run outside of Docker; add command line parsing #84
  • Connection invitation fixes and improvements; support DID-based invitations #82

0.2.1

July 16, 2019

  • Add missing MANIFEST file #78

0.2.0

July 16, 2019

This is the first PyPI release. The history begins with the transfer of aca-py from bcgov to hyperledger.

  • Prepare for version 0.2.0 release #77
  • Update von-network related references. #74
  • Fixed log_level arg, added validation error logging #73
  • fix shell inconsistency #72
  • further cleanup to the OpenAPI demo script #71
  • Updates to invitation handling and performance test #68
  • Api security #67
  • Fix line endings on Windows #66
  • Fix repository name in badge links #65
  • Connection record is_ready refactor #64
  • Fix API instructions for cred def id #58
  • Updated API demo docs to use alice/faber scripts #54
  • Updates to the readme for the demo to add PWD support #53
  • Swallow empty input in demo scripts #51
  • Set credential_exchange state when created from a cached credential request #49
  • Check for readiness instead of activeness in credential admin routes #46
  • Demo updates #43
  • Misc fixes #42
  • Readme updates #41
  • Change installed "binary" name to aca-py #40
  • Tweak in script to work under Linux; updates to readme for demo #33
  • New routing example document, typo corrections #31
  • More bad links #30
  • Links cleanup for the documentation #29
  • Alice-Faber demo update #28
  • Deployment Model document #27
  • Plantuml source and images for documentation; w/image generator script #26
  • Move generated documentation. #25
  • Update generated documents #24
  • Split application configuration into separate modules and add tests #23
  • Updates to the RTD configuration file #22
  • Merge DIDDoc support from von_anchor #21
  • Adding Prov of BC, Gov of Canada copyright #19
  • Update test configuration #18
  • CI updates #17
  • Transport updates #15