v3.2.4-0.11.0

Summary

Most of the PRs here are for improved test coverage and dependabot upgrades.

Apart from that:

• 🐛 Bug fix: ValidationError exception handling #772
• ✨ Revocation service can now accept credential_exchange_id's prefixed with v1- or v2- #776
• ✨ Rejecting a proof request now has a flag to optionally delete the proof exchange record that is associated with the proof being rejected #783
• 👷 Implementation of Lago Billing manager service #715
• 👷 Initial NATS JetStream infra config #754
• 🧪 Initial regression testing framework #780

What's Changed

• ⏪ Remove wallet-patch endpoint and revert valid group assertion by @ff137 in #751
• 👷 Update dependabot schedule by @ff137 in #755
• ✅ Enhanced test coverage for endorser service by @ff137 in #752
• Unit tests for trustregistry.crud by @cl0ete in #757
• ✅ Remove sleeps from public did tests by @ff137 in #753
• ⬆️ Upgrade python version to 3.12 by @ff137 in #702
• ⬆️ Update pydantic requirement from ~=2.6.4 to ~=2.7.0 by @dependabot in #761
• ⬆️ Update black requirement from ~=24.3.0 to ~=24.4.0 by @dependabot in #760
• Test trust registry endpoints by @cl0ete in #759
• ✅ Test coverage for verifier service by @ff137 in #762
• Add nats jetstream cluster for local dev with persistent storage by @henrymsiska in #754
• Add Lago billing manager by @cl0ete in #715
• 📝 Add openapi specs to project by @ff137 in #763
• ⬆️ Upgrade to latest cloudcontroller (openapi v7.4.0) by @ff137 in #734
• Added test for StringList type decorator by @cl0ete in #764
• ⬆️ Upgrade to latest cloudcontroller (openapi v7.5.0) by @ff137 in #765
• Add tests for trustregistry/main.py by @cl0ete in #766
• ✅ Test coverage for app.main and app.dependencies by @ff137 in #767
• Added tests for trustregistry/db.py by @cl0ete in #768
• ✅ Test coverage for app.models by @ff137 in #769
• ⬆️ Update setuptools requirement from ~=69.2.0 to ~=69.5.1 by @dependabot in #770
• 🐛 fix ValidationError exception handling by @ff137 in #772
• ✨ strip protocol prefix from cred ex id in revocation service by @ff137 in #776
• Fix reject proof request by @cl0ete in #783
• 🎨 Cleanup and parametrize verifier tests by @ff137 in #789
• ⬆️ Update fastapi requirement from ~=0.110.0 to ~=0.111.0 by @dependabot in #790
• ⬆️ Update pytest requirement from ~=8.1.1 to ~=8.2.0 by @dependabot in #791
• 🧪 Initial regression testing framework by @ff137 in #780
• 📝 Update openapi spec by @ff137 in #794

New Contributors

• @henrymsiska made their first contribution in #754

Full Changelog: v3.2.3-0.11.0...v3.2.4-0.11.0

v3.2.3-0.11.0

What's Changed

• ✅ Enhanced test coverage for webhooks service by @ff137 in #748
• ✨ Implement temporary endpoint to patch wallets with old group_id by @ff137 in #750

Full Changelog: v3.2.2-0.11.0...v3.2.3-0.11.0

v3.2.2-0.11.0

Summary

🐛 Bug fix:

• Fixed a race condition when creating credential definitions, where a 404 could be raised after successfully creating a cred def

🩹 Patch wallet access for wallets with None group_id:

• Fixed a breaking change where the group-scoping for wallet access would prevent access to wallets that were created before the group_id plugin was fixed to register the attribute correctly

Apart from that, changes include dependency upgrades and expanded test coverage.

What's Changed

• Make the latest docker tag condition more concise by @rblaine95 in #736
• ✅ Test coverage for admin-tenants route by @ff137 in #738
• ⬆️ Update typing-extensions requirement from ~=4.10.0 to ~=4.11.0 by @dependabot in #740
• ⬆️ Update sse-starlette requirement from ~=2.0.0 to ~=2.1.0 by @dependabot in #739
• ⬆️ Update orjson requirement from ~=3.9.15 to ~=3.10.0 by @dependabot in #742
• ⬆️ Bump helmfile/helmfile-action from 1.8.0 to 1.9.0 by @dependabot in #743
• Bump Helm, Helmfile, and Tailscale by @rblaine95 in #744
• 🐛 Fix race condition when creating credential definitions by @ff137 in #746
• ✅ Test coverage for webhooks SSE route by @ff137 in #745
• 🩹 Fix wallet access being restricted when group_id is null by @ff137 in #747

Full Changelog: v3.2.1-0.11.0...v3.2.2-0.11.0

v3.2.1-0.11.0

What's Changed

• 🔒 Forbid wallet actions if wallet doesn't belong to group by @ff137 in #730
• 📝 Update tenant-admin Swagger docs to include CloudAPI description by @ff137 in #731
• ✅ Tests: parametrize protocol version in issuer tests by @ff137 in #589
• 🩹 Invalidate proof if no associated schema_ids found by @ff137 in #732
• ⬆️ Upgrade pydantic and cloudcontroller by @ff137 in #733
• 🩹 Fix WebSocket callback function by @ff137 in #735

Full Changelog: v3.2.0-0.11.0...v3.2.1-0.11.0

v3.2.0-0.11.0

🔒 Webhook event scoping by group

• For SSE and Websocket events, tenant-admins can now only subscribe to wallet_ids for their group (i.e. wallets they've created).
• With Websockets, subscribing by topic (/ws/topic/) now only returns webhook events belonging to that group.

✨ New Features

• New websocket endpoint:
  • the base websocket route (/ws/) now returns all webhook events belonging to the tenant-admin's group.
• look_back query parameter option for SSE endpoints:
  • This specifies a duration in seconds for recent events to be included in the response.
  • Default behaviour is to include events from 30 seconds before the stream started.

What's Changed

• ✨ Validate wallet_id belongs to group_id in SSE subscriptions by @ff137 in #712
• Don't write Pytest Coverage unless PR by @rblaine95 in #713
• ✨ Configure SseListeners in tests with retry logic by @ff137 in #716
• ✨ add group_id to websocket subscriptions by @ff137 in #714
• ✨ Add group_id query parameter to SSE endpoints by @ff137 in #717
• ⬆️ Update pytest-cov requirement from ~=4.1.0 to ~=5.0.0 by @dependabot in #721
• ⬆️ Update pre-commit requirement from ~=3.6.0 to ~=3.7.0 by @dependabot in #720
• ✅ Test coverage for SSE service by @ff137 in #718
• ✨ add look_back query param to SSE routes by @ff137 in #723
• ✏️ Resolve typos by @ff137 in #724
• 🔇 Do not log credential attributes by @ff137 in #725
• 📝 Update websocket documentation to include new endpoint by @ff137 in #729

Full Changelog: v3.1.1-0.11.0...v3.2.0-0.11.0

v3.1.1-0.11.0

📝 Deprecation:

• The /webhooks endpoint is set to be removed. We recommend using SSE instead.
• This is because fetching bulk webhooks is not the intended use case of such events, and should rather be reacted to live.
• An additional change to avoid excessively large responses: the endpoint no longer attempts to return all events, and is now capped to 100 events.

🐛 Bug fix:

• ACA-Py provides double webhook events, one representing a state change, and one representing the base record. This resulted in the chance of double endorsements, if endorser replicas simultaneously picked up different events for same transaction.
• This is now fixed at the source: no more double webhooks!

What's Changed

• 🩹 disable pubsub notification listener in events processors by @ff137 in #703
• ⬆️ Update pytest-mock requirement from ~=3.12.0 to ~=3.14.0 by @dependabot in #704
• ⬆️ Update uvicorn[standard] requirement from ~=0.28.0 to ~=0.29.0 by @dependabot in #705
• ✨ obfuscate secret data from webhook logs by @ff137 in #707
• 🐛 Fix double endorsement by @ff137 in #708
• 🗑️ Deprecate webhooks endpoint by @ff137 in #709
• Speed up Docker Builds by @rblaine95 in #710
• Push latest if on default branch by @rblaine95 in #711
• Ability to skip tests when doing workflow dispatch by @wdbasson in #706

Full Changelog: v3.1.0-0.11.0...v3.1.1-0.11.0

v3.1.0-0.11.0

This release includes several new features and foundational improvements, enhancing the performance, reliability, and user experience of our platform. Here's what's new:

✨ New Features

JWS and SD-JWS Support

• New endpoints have been introduced to support JSON Web Signatures (JWS) and Selective Disclosure JWS (SD-JWS), enabling sign and verify operations through the wallet interface:
  • /wallet/jws/sign
  • /wallet/jws/verify
  • /wallet/sd-jws/sign
  • /wallet/sd-jws/verify

Query Enhancements for Record Retrieval

• Added additional query parameter options for fetching connections and exchange records. Routes affected:
  • /connections (Get connection records)
  • /issuer/credentials (Get credential exchange records)
  • /verifier/proofs (Get proof exchange records)
• Connections can now be fetched with several query options, including alias, state, their_did, their_public_did, and more.
• Credential and proof exchange records can now be fetched with query options for connection_id, state, role and thread_id.

🔧 Internal Improvements

Auto Revocation Registry

• Automated revocation registry creation improves efficiency of issuing revocable credentials.

Exception Handling and Model Validation

• System-wide enhancements in exception handling and model validation, primarily improving responses for bad requests.

Redis Cluster for High Availability

• Major enhancements to webhook event handling within the platform offering improved error recovery and concurrent processing.
• Support for clustered Redis.

---

What's Changed

• Shared local tails storage by @wdbasson in #656
• ✨ Implement JWS and SD-JWS sign and verify routes by @ff137 in #657
• 🎨 Minor code cleanup by @ff137 in #658
• JSON logging by @wdbasson in #678
• Bump Mozilla sops action by @rblaine95 in #679
• ⚡💥✨🚀 Implement redis-events-plugin and refactor webhooks and endorser service to pull events from redis by @ff137 in #659
• Enable Redis TLS, Auth, and Clustered in GH Actions by @rblaine95 in #680
• ✨ add group_id to webhook events by @ff137 in #684
• Set deploy job timeout to 30m by @wdbasson in #595
• Auto Revocation Registry by @cl0ete in #665
• 🐛 fix missing group_id in update/get_tenant response by @ff137 in #691
• ✨ add lookback time as param for check_webhook_state by @ff137 in #686
• 📌 pin von-network version to v1.8.0 by @ff137 in #687
• 🚚 reorganise tests and 👷 update test matrix by @ff137 in #692
• 🎨 modify serialized logs pattern and ✨ improve exception handling by @ff137 in #689
• Update proof models by @cl0ete in #688
• 🎨 Update extra wallet settings in create/update tenant request by @ff137 in #690
• Add query params to get connections and credential/proof exchange records by @cl0ete in #664
• ✨ Improved model validation and exception handling by @ff137 in #699
• 🎨 Replace SseListeners used in app by @ff137 in #700
• ⬆️ Update black requirement from ~=24.1.0 to ~=24.2.0 by @dependabot in #653
• ⬆️ Update black requirement from ~=24.2.0 to ~=24.3.0 by @dependabot in #697
• ⬆️ Bump helmfile/helmfile-action from 1.7.0 to 1.8.0 by @dependabot in #676
• ⬆️ Update httpx requirement from ~=0.26.0 to ~=0.27.0 by @dependabot in #662
• ⬆️ Update mockito requirement from ~=1.4.0 to ~=1.5.0 by @dependabot in #696
• ⬆️ Update pytest requirement from ~=8.0.0 to ~=8.1.1 by @dependabot in #683
• ⬆️ Update redis requirement from ~=5.1.0b3 to ~=5.1.0b4 by @dependabot in #682
• ⬆️ Update setuptools requirement from ~=69.0.2 to ~=69.1.0 by @dependabot in #655
• ⬆️ Update setuptools requirement from ~=69.1.0 to ~=69.2.0 by @dependabot in #698
• ⬆️ Update uvicorn[standard] requirement from ~=0.27.0 to ~=0.28.0 by @dependabot in #681

Full Changelog: v3.0.1-0.11.0...v3.1.0-0.11.0

v3.0.1-0.11.0

What's Changed

• Update docs by @cl0ete in #650
• 🚑 Hotfix: handle redis pubsub connection error by @ff137 in #651

Full Changelog: v3.0.0-0.11.0...v3.0.1-0.11.0

v3.0.0-0.11.0

💥 Breaking Changes

1. Endpoint Versioning:

   • A /v1 prefix has been added to all routes to enable better versioning support and facilitate smoother integration with future changes.

2. Endpoint Path Simplification:

   • The /generic string has been removed from endpoints, reflecting our improved API segmentation.

3. API Segmentation:

   • Split APIs into distinct groups: Public, Governance, Tenant-Admin, and Tenant routes for clearer access and functionality separation.

✨ New Features

1. Expanded Credential Revocation Functionality:

   • Introduced bulk credential revocation support. Credentials that are revoked (using /v1/issuer/credentials/revoke) with body parameter "auto_publish_on_ledger": false, can now be published in bulk at a later time. All pending revocations can be published, or a select subset. This allows for a reduction in ledger write operations.
   • Added the ability to cancel pending revocations before publishing (cancel all outstanding, or a select subset), providing flexibility in managing revocation actions.

2. Selective Exchange Record Preservation:

   • Added a save_exchange_record parameter (default: false) for optionally saving credential and proof exchange records. This feature is available on specific issuer and verifier routes, allowing for selective preservation or auto-deletion of exchange records.

What's Changed

• Fix: remove governance from trust registry in test fixture by @ff137 in #563
• ✅ cleanup tenant after creation in test by @ff137 in #565
• 🔨 Update script for drop db by @ff137 in #568
• ✨ Add save_exchange_record argument to create/send proof requests by @ff137 in #553
• ✨ Add save_exchange_record argument to send credentials by @ff137 in #552
• ⬆️ Upgrade to latest wallet plugin by @ff137 in #570
• ✅ Fix creating connections with use_public_did by @ff137 in #525
• 🎨 improve error handling in governance public did fixture by @ff137 in #573
• ✅ Improve issuer test coverage by @cl0ete in #506
• ✅ Fix some spurious test failures by @ff137 in #574
• ⚡ Set issuer fixture scope to session level by @cl0ete in #539
• ✅ Parameterise cred ex record test by protocol version by @ff137 in #575
• external pytest results by @wdbasson in #566
• ✨ make websocket event publishing stateless by @ff137 in #571
• 🐛 fix test writing duplicate public did for governance by @ff137 in #576
• ✅ fix teardown errors by @ff137 in #579
• chore: Remove erroneous close swirly in github action by @rblaine95 in #584
• 🎨 Update main and add test by @ff137 in #586
• Logic to patch RDS proxy by @wdbasson in #585
• One completion by @wdbasson in #588
• ⬆️ Bump SonarSource/sonarcloud-github-action from 2.0.2 to 2.1.0 by @dependabot in #581
• ⬆️ Bump helmfile/helmfile-action from 1.5.0 to 1.6.0 by @dependabot in #582
• ⬆️ Bump actions/setup-python from 4 to 5 by @dependabot in #583
• ✨ add env config to disable file logging or colorizing by @ff137 in #572
• ✨ Add lookback_time query parameter to SSE routes by @ff137 in #587
• Concurrency on job level by @wdbasson in #590
• Update docs by @cl0ete in #546
• 🎨 remove auto_verify from ProofRequest model and set default to true by @ff137 in #596
• ⬆️ Bump helmfile/helmfile-action from 1.6.0 to 1.6.2 by @dependabot in #606
• ⬆️ Bump actions/upload-artifact from 3 to 4 by @dependabot in #603
• ⬆️ Bump actions/download-artifact from 3 to 4 by @dependabot in #605
• Patch concurrency group by @rblaine95 in #607
• ⬆️ Bump github/codeql-action from 2 to 3 by @dependabot in #604
• ⬆️ Bump SonarSource/sonarcloud-github-action from 2.1.0 to 2.1.1 by @dependabot in #602
• Don't deploy if PR Draft or Dependabot by @rblaine95 in #608
• ⬆️ Update black requirement from ~=23.11.0 to ~=23.12.0 by @dependabot in #598
• ⬆️ Update isort requirement from ~=5.12.0 to ~=5.13.2 by @dependabot in #600
• ⬆️ Update pylint requirement from ~=3.0.2 to ~=3.0.3 by @dependabot in #601
• ⬆️ Update pre-commit requirement from ~=3.5.0 to ~=3.6.0 by @dependabot in #599
• triggering_actor -> actor by @rblaine95 in #613
• ⬆️ Update fastapi requirement from ~=0.104.1 to ~=0.109.0 by @dependabot in #618
• ⬆️ Upgrade cloudcontroller to latest by @ff137 in #620
• ⬆️ Update uvicorn[standard] requirement from ~=0.24.0 to ~=0.25.0 by @dependabot in #610
• ⬆️ Update httpx requirement from ~=0.25.1 to ~=0.26.0 by @dependabot in #612
• ⬆️ Bump helmfile/helmfile-action from 1.6.2 to 1.6.3 by @dependabot in #616
• ⬆️ Update lxml requirement from ~=4.9.3 to ~=5.1.0 by @dependabot in #619
• ⬆️ Upgrade to python 3.10 by @ff137 in #577
• ⬆️ Update uvicorn[standard] requirement from ~=0.25.0 to ~=0.26.0 by @dependabot in #625
• Feat/split apis by @wdbasson in #593
• Bump Helm and Helmfile by @rblaine95 in #628
• ⬆️ Update sse-starlette requirement from ~=1.8.2 to ~=2.0.0 by @dependabot in #630
• ⬆️ Update uvicorn[standard] requirement from ~=0.26.0 to ~=0.27.0 by @dependabot in #631
• ⬆️ Update black requirement from ~=23.12.0 to ~=24.1.0 by @dependabot in #632
• Standardise roles by @wdbasson in #634
• SSE route in tenant-admin by @wdbasson in #637
• Grouped routes for webhooks by @wdbasson in #638
• ⬆️ Update pytest requirement from ~=7.4.0 to ~=8.0.0 by @dependabot in #640
• ⬆️ Bump helmfile/helmfile-action from 1.6.3 to 1.7.0 by @dependabot in #643
• 🔒 Update auth requirements for tenant-admin and governance roles by @ff137 in #633
• Fix revocation by @cl0ete in #636
• ⬆️ Use latest acapy-wallet-groups-plugin by @ff137 in #644
• ✨ add /v1 prefix to endpoints, and drop /generic by @ff137 in #645
• add v1 to websocket routes by @cl0ete in #649
• ⬆️ Bump codacy/codacy-analysis-cli-action from 4.3.0 to 4.4.0 by @dependabot in #648

Full Changelog: v2.1.0-0.11.0...v3.0.0-0.11.0

v2.1.0-0.11.0

Summary

• Upgrade ACA-Py to 0.11.0
• Bug Fix in Verifier Role Assertion:
  • Resolved an issue where sending a proof request failed if an actor had both issuer and verifier roles.
• Restrictions on wallet_label and wallet_name:
  • Some special characters that need URL encoding (e.g., %, ^, &) are now disallowed in wallet_label and wallet_name.
  • Also implemented a maximum length of 100 characters for these fields.
• Per Wallet Config Settings:
  • Added extra_settings in create/update wallet functions and models, allowing for more granular wallet configuration (primarily for advanced users)

What's Changed

• ⬆️ Update uvicorn[standard] requirement from ~=0.23.0 to ~=0.24.0 by @dependabot in #535
• ⬆️ Update black requirement from ~=23.10.1 to ~=23.11.0 by @dependabot in #536
• ⬆️ Bump helmfile/helmfile-action from 1.4.0 to 1.5.0 by @dependabot in #538
• ✨🎨 Refactor webhooks and make SseManager stateless by @ff137 in #532
• Update tenant-admin auth by @ff137 in #540
• Add per wallet config settings by @cl0ete in #533
• 🐛✅ Fix asserting valid verifier when actor has both issuer and verifier roles by @ff137 in #517
• ⬆️ Upgrade to latest cloudcontroller by @ff137 in #541
• 🐛✅ Fix assert valid verifier when using invite not from trust registry by @ff137 in #545
• Disallow special characters in wallet_label and wallet_name, and limit max length by @ff137 in #544
• ✨ add env config for trust registry postgres engine by @ff137 in #549
• ⬆️💥 Upgrade ACA-Py to 0.10.5 by @ff137 in #548
• ⬆️ Update setuptools requirement from ~=68.2.0 to ~=69.0.2 by @dependabot in #557
• ⬆️ Update sse-starlette requirement from ~=1.6.1 to ~=1.8.2 by @dependabot in #554
• ⬆️ Upgrade to ACA-Py 0.11.0 by @ff137 in #558
• ✅ re-add support for revoking credentials by @ff137 in #559

Full Changelog: v2.0.0-0.9.0...v2.1.0-0.11.0