All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added a prime256v1-based
Identity
impl to complement the ed25519 and secp256k1Identity
impls.
- Added the chunked wasm API to ic-utils. Existing code that uses
install_code
should probably update toinstall
, which works the same but silently handles large wasm modules. - Added query stats to
StatusCallResult
. - Upgraded
ic-certification
to v2.2.
- Breaking change: Bump candid to 0.10. Downstream libraries need to bump Candid to 0.10 as well.
- Feat: add
idle_cycles_burned_per_day
field toStatusCallResult
.
- Fixed a spurious certificate validation error in the five minutes after a node is added to a subnet
- Fixed
HyperTransport
endpoint construction (//
in the format/api/v2//canister/5v3p4-iyaaa-aaaaa-qaaaa-cai/query
)
- Added node signature certification to query calls, for protection against rogue boundary nodes. This can be disabled with
with_verify_query_signatures
. - Added
with_nonce_generation
toQueryBuilder
for precise cache control. - Added the ability to dispatch to multiple URLs to
ReqwestTransport
andHyperTransport
, with aRouteProvider
trait and a providedRoundRobinRouteProvider
implementation. - Added
read_subnet_state_raw
toAgent
andread_subnet_state
toTransport
for looking up raw state by subnet ID instead of canister ID. - Added
read_state_subnet_metrics
toAgent
to access subnet metrics, such as total spent cycles. - Types passed to the
to_request_id
function can now contain nested structs, signed integers, and externally tagged enums. Envelope
struct is public also outside of the crate.- Remove non-optional
ic_api_version
field (whose value is not meaningfully populated by the replica) and optionalimpl_source
andimpl_revision
fields (that are not populated by the replica) from the expected/api/v2/status
endpoint response. - Drop
senders
field from user delegations (typeDelegation
).
- Added
reserved_cycles_limit
to canister creation and canister setting update options. - Added
reserved_cycles
andreserved_cycles_limit
to canister status call result.
- Added
DelegatedIdentity
, anIdentity
implementation for consuming delegations such as those from Internet Identity. - Replica protocol type definitions have been moved to an
ic-transport-types
crate.ic-agent
still reexports the ones for its API. - The
Unknown
lookup of a request_status path in a certificate results in anAgentError
(the IC returnsAbsent
for non-existing paths). - For
Canister
type, added methods with no trailing underscore: update(), query(), canister_id(), clone_with()
- Breaking change: Remove argument builder form
ic-utils
.CallBuilder::with_arg
sets a single argument, instead of pushing a new argument to the list. This function can be called at most once. If it's called multiple times, it panics. If you have multiple arguments, useCallBuilder::with_args((arg1, arg2))
orCallBuilder::set_raw_arg(candid::Encode!(arg1, arg2)?)
. - feat: Added
public_key
,sign_arbitrary
,sign_delegation
functions toIdentity
. - Add
From
trait to coercecandid::Error
intoic_agent::AgentError
. - Add
Agent::set_arc_identity
method to switch identity.
Switched from rustls crate to rustls-webpki fork to address https://rustsec.org/advisories/RUSTSEC-2023-0052
Removed the arc_type
feature requirement for candid, in order to avoid deprecation warnings. This is a breaking change. The call and call_and_wait are no longer async fn
and instead return a Future or BoxFuture.
- Breaking Change: builders are now owning-style rather than borrowing-style; with_arg takes an owned Vec rather than a borrowed Vec
- Breaking Change: Identity::sign takes &EnvelopeContent rather than the request ID.
- Bump Candid crate to 0.9.0
-
fix: Adjust the default polling parameters to provide better UX. Remove the
CouldNotReadRootKey
error and panic on poisoned mutex. -
chore: remove deprecated code and fix style
-
Breaking Change: removing the PasswordManager
-
Breaking Change: Enum variant
AgentError::ReplicaError
is now a tuple struct containingRejectResponse
. -
Handling rejected update calls where status code is 200. See IC-1462
-
Reject code type is changed from
u64
to enumRejectCode
. -
Support WASM targets in the browser via
wasm-bindgen
. Featurewasm-bindgen
required. -
Do not send
certificate_version
on HTTP Update requests -
Update
certificate_version
tou16
instead ofu128
, fixes an issue where the asset canister always responds with v1 response verification
- Breaking change: Content and path storage has been changed from a
Cow<[u8]>
to a user-providedT: AsRef<u8>
, removing the lifetime from various types.
- Fixed issue where a missing request header caused the canister to not respond with an
ic-certificate
header.
- Expose the root key to clients through
read_root_key
- Add
lookup_subtree
method to HashTree & HashTreeNode to allow for subtree lookups. - Derive
Clone
onCertificate
andDelegation
structs. - Add certificate version to http_request canister interface.
- (ic-utils) Add specified_id in provisional_create_canister_with_cycles.
- Remove
garcon
from API. Callers can remove the dependency and any usages of it; all waiting functions no longer take a waiter parameter. - Create
ic-certification
crate and move HashTree and Certificate types.
- Drop
disable_range_check
flag from certificate delegation checking.
- Update
candid
to v0.8.0. - Move
hash_tree
fromic-types
and no more re-export ic-types.
- Set
default-features = false
foric-agent
interdependencies to reduce unused nested dependencies. - Bump
candid
to0.7.18
.
- Fixed custom configured HTTP headers - no longer is the header's value wrapped with double quotes.
- Switched to
ic-verify-bls-signature
crate for verify BLS signatures - Added new
hyper
transportHyperReplicaV2Transport
- Added Agent::set_identity method (#379)
- Updated lookup_request_status method to handle proofs of absent paths in certificates.
- Make it possible to specify effective canister id in CreateCanisterBuilder
- Remove
PrincipalInner
Principal
directly holdslen
andbytes
fields
PrincipalError
enum has different set of variants reflecting changes infrom_text
logic.from_text
accepts input containing uppercase letters which results in Err before.from_text
verifies CRC32 check sequence
Added support configurable inclusion and exclusion of files and directories (including dotfiles and dot directories), done via .ic-assets.json
config file:
- example of
.ic-assets.json
file format:[ { "match": ".*", "cache": { "max_age": 20 }, "headers": { "X-Content-Type-Options": "nosniff" }, "ignore": false } ]
- see PR and tests for more examples
Added support for configuring HTTP headers for assets in asset canister (via .ic-assets.json
config file):
- example of
.ic-assets.json
file format:[ { "match": "*", "cache": { "max_age": 20 }, "headers": { "X-Content-Type-Options": "nosniff" } }, { "match": "**/*", "headers": null }, ]
headers
from multiple applicable rules are being stacked/concatenated, unlessnull
is specified, which resets/empties the headers. Both"headers": {}
and absence ofheaders
don't have any effect on end result.
Added support for asset canister config files in ic-assets
.
- reads configuration from
.ic-assets.json
config files if placed inside assets directory, multiple config files can be used (nested in subdirectories) - runs successfully only if the config file is right format (valid JSON, valid glob pattern, JSON fields in correct format)
- example of
.ic-assets.json
file format:[ { "match": "*", "cache": { "max_age": 20 } } ]
- works only during asset creation
- the config file is being taken into account only when calling
ic_asset::sync
(i.e.dfx deploy
oricx-asset sync
)
Breaking change: ic-asset::sync() now synchronizes from multiple source directories.
This is to allow for configuration files located alongside assets in asset source directories.
Also, ic-asset::sync:
- skips files and directories that begin with a ".", as dfx does when copying assets to an output directory.
- reports an error if more than one asset file would resolve to the same asset key
agent-rs/349 feat: add with_max_response_body_size to ReqwestHttpReplicaV2Transport
Updated dependencies. Some had breaking changes: k256 0.11, pkcs 0.9, and sec1 0.3.
Fixed a potential panic in secp256k1 signature generation.
Added ReqwestHttpReplicaV2Transport::create_with_client
.
Remove openssl
in favor of pure rust libraries.
Updated minimum version of reqwest to 0.11.7. This is to avoid the following error, seen with reqwest 0.11.6:
Unknown TLS backend passed to use_preconfigured_tls
Updated wallet interface for 128-bit API.
Remove parameterized canister pattern. Use WalletCanister::create
rather than Wallet::create
.
wallet_send takes Principal instead of &Canister.
Updated ic_utils::interfaces::http_request
structures to use &str
to reduce copying.
Removed Deserialize
from HttpRequest
.
Changed HttpResponse
to be generic over entire callback instead of just ArgToken
.
Added HttpRequestStreamingCallbackAny
to deserialize any callback, regardless of signature.
Added conversion helpers for HttpResponse
, StreamingStrategy
and CallbackStrategy
across generics.
Changes to Canister<HttpRequestCanister>
interface.
- Made
http_request
,http_request_update
, andhttp_request_stream_callback
more generic and require fewer string copies. - Added
_custom
variants to enable customtoken
deserialization.
Introduced HttpRequestStreamingCallback to work around dfinity/candid#273.
Response certificate verification will check that the canister id falls within the range of valid canister ids for the subnet.
Secp256k1 identity now checks if a curve actually uses the secp256k1 parameters. It cannot be used to load non-secp256k1 identities anymore.
Data type of cycles
changed to u128
(was u64
).
fetch_root_key() only fetches on the first call.
Re-genericized Token to allow use of an arbitrary Token type with StreamingStrategy.
Renamed BatchOperationKind._Clear to Clear for compatibility with the certified assets canister. This avoids decode errors, even though the type isn't referenced here.
Changed the 'HttpRequest.upgrade' field to 'Option' from 'bool'.
The lookup_value
function now takes generics which can be iterated over (IntoIterator<Item = &'p Label>
) and transformed into a Vec<Label>
, rather than just a Vec<Label>
.
The lookup_path
method now takes an Iterator<Label>
rather than an AsRef<[Label]>
Added support for upgrading HTTP requests (http_request_update method)
Updated crate dependencies, most notably updating rustls, removing the direct dependency on webpki-roots, and allowing consumers of ic-agent to update to reqwest 0.11.7.
Implements https://github.com/dfinity-lab/ic-ref/pull/371
Fixed a defect in asset synchronization where no retries would be attempted after the first 30 seconds overall.
Unified all version numbers and removed the zzz-release tool.
It's now possible to specify which encodings will be accepted. The default (and previous) behavior is to accept only the identity encoding. Specifying encodings that browsers more commonly accept demonstrates the difference in the returned data and certificate.
For example, here is the data and certificate returned when only accepting the identity encoding.
$ cargo run -p icx-cert -- print 'http://localhost:8000/index.js?canisterId=ryjl3-tyaaa-aaaaa-aaaba-cai'
DATA HASH: 1495cd574831c23b4db97bc3860666ea495386f0ef0dab73c23ef31db5aa2765
Label("/index.js", Leaf(0x1495cd574831c23b4db97bc3860666ea495386f0ef0dab73c23ef31db5aa2765)),
Here is an example accepting the gzip encoding (as most browsers do), showing that the canister responded with different data having a different data hash.
$ cargo run -p icx-cert -- print --accept-encoding gzip 'http://localhost:8000/index.js?canisterId=ryjl3-tyaaa-aaaaa-aaaba-cai'
DATA HASH: 1770e76af0816ba951320c03eab1263c43de7ac4b0558dd9049cc532b7d6cd01
Label("/index.js", Leaf(0x1495cd574831c23b4db97bc3860666ea495386f0ef0dab73c23ef31db5aa2765)),
This project moved to https://github.com/dfinity/icx-proxy.
- Added field
replica_health_status
toStatus
.- typical values
healthy
waiting_for_certified_state
- typical values