Releases: didx-xyz/aries-cloudapi-python
v3.4.0
v3.4.0 Release Summary
Our latest release is packed with improvements, including an upgrade to ACA-Py's latest v1.0.0 release, together with performance enhancements and new features!
Below are the detailed changes, with recommended actions at the end:
✨ New Features
Pagination with Ordering Support
A key feature in this release is pagination support for fetching tenants, connection records, credential exchange records, and proof records. This allows for improved performance and scalability when working with potentially thousands of tenants or records.
The following query parameters are now available:
limit
: Specifies the number of records to return.offset
: Specifies the starting point for fetching records.descending
: Controls the order of results based on thecreated_at
timestamp.
These parameters are supported on the following routes:
- Tenant-admin API:
GET /v1/tenants
- Tenant API:
GET /v1/connections
,GET /v1/issuer/credentials
,GET /v1/verifier/proofs
By default, results are ordered with descending=true
, which returns the most recently created records at the top. Set descending=false
to retrieve the oldest records first.
Example usage:
GET /v1/tenants?limit=10&descending=false
will fetch the oldest 10 tenant records.GET /v1/tenants?limit=10&offset=10&descending=false
will return the next 10 records.GET /v1/connections?limit=1
will return the most recently created connection record.
The maximum allowable limit
is 10'000, to prevent excessively large fetch queries.
NB: The default behaviour, when limit
is not specified, will now return 1'000 records, instead of the previous default of returning all records. This represents a 💥 breaking change for integrations that previously expected all records to be returned in a single call.
Note on Custom Ordering:
Due to encrypted storage, custom ordering during record retrieval is not supported. Therefore, to correctly order byupdated_at
, for example, all records must be fetched before applying custom ordering in post-processing. We plan to support this in a future release, but for now, clients requiring custom ordering will need to implement it after retrieving all records.
New Query Parameters for Fetching Matching Credentials
The GET /v1/verifier/proofs/{proof_id}/credentials
endpoint returns matching credentials for a proof request. Previously the default behaviour would return up to 10 valid credentials. This endpoint now also supports limit
and offset
query parameters, to benefit from pagination functionality, together with an additional referent
query parameter that allows filtering by presentation referent as well.
New Response Model for /revoke
Endpoint
The /v1/issuer/credentials/revoke
endpoint no longer returns an empty success response (204). Instead, it now returns a RevokedResponse
model, providing clearer confirmation of which credential revocation IDs have been successfully published in the request.
New Endpoint: Get Pending Revocations
We’ve introduced a new endpoint, GET /v1/issuer/credentials/get-pending-revocations/{revocation_registry_id}
, which allows you to retrieve pending revocations for a given revocation registry ID. This provides better insight into revocation statuses and assists in managing revocation workflows more effectively.
❗ Action Required
To maintain compatibility with the changes in this release, please take the following actions:
- For the
/v1/issuer/credentials/revoke
endpoint: Update your integrations to handle the newRevokedResponse
model. - For pagination: Review and update any usage of the affected endpoints to incorporate
limit
,offset
, anddescending
parameters as necessary.- If you previously expected all records to be returned in a single call, you must now explicitly specify a
limit
that meets your needs. If your dataset exceeds 10,000 records, fetching all records will require multiple iterative calls. - To fetch all records:
- Begin by calling the endpoint with your desired
limit
(up to 10,000) and an initialoffset
of 0. - Continue making calls, incrementing the
offset
by thelimit
value, until the response is either empty or contains fewer records than the requestedlimit
.
- Begin by calling the endpoint with your desired
- If you previously expected all records to be returned in a single call, you must now explicitly specify a
We also recommend regenerating any OpenAPI clients to reflect all the latest changes.
If you have any questions about these changes, please feel free to contact us!
What's Changed
- ⬆️ Bump docker/build-push-action from 5 to 6 by @dependabot in #849
- ⬆️ upgrade to latest ACA-Py build by @ff137 in #839
- Update Helm, Helmfile, and Tailscale by @rblaine95 in #853
- Create a service for definitions endpoints by @cl0ete in #842
- ⬆️ Update setuptools requirement from ~=70.1.0 to ~=70.2.0 by @dependabot in #858
- ⬆️ Update pydantic requirement from ~=2.7.0 to ~=2.8.2 by @dependabot in #859
- ⬆️ ACA-Py 1.0.0rc4 by @ff137 in #861
- ⬆️ Bump MishaKav/pytest-coverage-comment from 1.1.51 to 1.1.52 by @dependabot in #852
- ⬆️ Bump codacy/codacy-analysis-cli-action from 4.4.1 to 4.4.5 by @dependabot in #865
- ✨ Pagination support for fetching wallets, connections, cred ex and proof records by @ff137 in #850
- ⬆️ update redis events plugin to latest release by @ff137 in #870
- Definition routes/services unit tests by @cl0ete in #857
- ✅ ensure test tenants are deleted upon test failure by @ff137 in #878
- ✅ adjust sleep durations in tests by @ff137 in #879
- ✨ better dependency management with Poetry by @ff137 in #863
- ⬆️ Bulk dependency upgrades by @ff137 in #900
- 🐛 Fix scanning of redis keys by @ff137 in #898
- ⬆️ Bump pytest from 8.3.1 to 8.3.2 in /app by @dependabot in #913
- 👷 K6 by @wdbasson in #897
- 👷 K6 refactor by @wdbasson in #917
- 👷 K6 create issuers by @wdbasson in #918
- 🎨 👷♂️ Make Markdownlint happy in k6 readme by @rblaine95 in #920
- 🎨 👷♂️ K6 run Biome Lint and Format by @rblaine95 in #921
- 🔧 Increase default pagination
limit
to 1000 and ✅ fix regression tests when fetching many records by @ff137 in #953 - ⬆️ Bump docker/build-push-action from 5 to 6 by @dependabot in #952
- ⬆️ Bulk dependency upgrades:
black
,fastapi
,uvicorn
,aiohttp
by @ff137 in #950 - 🎨 fix lint warnings by @ff137 in #951
- ⬆️ Upgrade redis and redis_events plugin dependencies by @ff137 in #956
- Revoc reg size by @wdbasson in #958
- 👷 Increase deploy timeout by @wdbasson in #960
- ✅ Add
self_attested_attributes
e2e test by @cl0ete in #922 - 🩹 Remove
_backfill_events
method from webhooks service startup by @ff137 in #961 - 🩹 Increase expiry time of redis webhook event locks by @ff137 in #963
- ✅ K6 cred def by @wdbasson in #974
- ⬆️ Upgrade dependencies:
aiohttp
,orjson
,pyjwt
,pyyaml
by @ff137 in #973 - Configure global concurrency by @wdbasson in #976
- 🩹 Increase issuer-endorser connection timeout to 15s by @wdbasson in #964
- ✅ fix regression tests when fetching "trust registry" connections by @ff137 in #975
- ⚡✅ Add pytest-xdist to pytest container by @wdbasson in #977
- ✅ Ensure e2e test resources are always cleaned up by @ff137 in #981
- 🎨 Ensure appropriate log levels for a production context by @ff137 in #980
- 🧑💻 Remove patch proxy CICD logic by @wdbasson in #979
- ✅ fix test to work with pytest-xdist by @ff137 in #98...
v3.3.2-0.12.1
Full Changelog: v3.3.1-0.12.1...v3.3.2-0.12.1
v3.3.1-0.12.1
Full Changelog: v3.3.0-0.12.1...v3.3.1-0.12.1
v3.3.0-0.12.1
v3.3.0 Release Summary
Our latest release brings several enhancements, including an upgrade to the latest ACA-Py release, improvements in credential revocation, expanded documentation, and some important deprecations and model changes.
Below are the detailed changes, with recommended actions at the end:
⬆️ Upgrade to latest ACA-Py release (0.12.1)
- Includes latest improvements and security updates.
- The latest features, such as anoncreds support, will be implemented in a future release.
✨ Revoking a credential now asserts successful publishing
Revoking a credential with auto_publish_to_ledger=True
, or publishing pending revocations, now includes a wait to assert that revocations are successfully published to the ledger.
📝 Documentation
Our Swagger/OpenAPI documentation has seen significant improvements, with more detailed descriptions and examples to clarify the functionality of different endpoints. More documentation improvements are coming soon! In the meantime, we welcome any requests for more specific examples, use cases, or further improvements. Feel free to let us know and we can be of assistance.
⚠️ Deprecations
- Endpoint:
/v1/issuer/credentials/{credential_exchange_id}/store
- Credentials are auto-stored after being accepted, and so this endpoint is no longer needed, and marked as deprecated.
- The model
CredentialExchange
contains acredential_id
field, which is now renamed tocredential_exchange_id
, for clarity.- The old name
credential_id
is preserved for backward compatibility, and marked as deprecated.
- The old name
Note: This deprecation notice will be followed by a sunset notice in an upcoming release, after which the relevant features will be removed in subsequent release. There will be at least 1 month before removal.
🎨 Changes to our request and response models
These are mostly minor changes that may have impact on integrations.
Request Models:
CreateCredentialDefinition
request body forPOST /v1/definitions/credentials
no longer takes arevocation_registry_size
option (the maximum possible size is now always used, as this is recommended to minimise ledger write operations).RevokeCredential
request body for/v1/issuer/credentials/revoke
endpoint no longer takes acredential_definition_id
field.CreateOobInvitation
request body for/v1/oob/create-invitation
no longer takes ahandshake_protocols
field.- The
trace
field has been removed from the create and send proof request models, as this only had internal usage. - The
Credential
model used in sending LD Proof credentials now accepts an optionalcredentialStatus
. - Options when sending an LD Proof now accept a new field:
verificationMethod
.
Response Models:
DELETE /v1/connections/{connection_id}
now returns a 204 status code, instead of a 200 with an empty response.OobRecord
, the response when accepting an OOB invitation, now includes amulti_use
field, indicating if it allows for multiple uses.InvitationResult
, the response when creating a connection invitation, now has all fields required, guaranteeing they are populated in our responses.- The
DID
model, returned in our wallet-dids API, now guarantees required fields:did
,key_type
,method
,posture
,verkey
.
❗ Action Required
With regards to the deprecations:
- Ensure that the
/store
endpoint is no longer needed in your applications. - Update any usage of
credential_id
tocredential_exchange_id
when working with credential exchange records.
The following is related to fields removed from our requests. They can still be passed, but will now have no effect. We recommend:
- Remove
revocation_registry_size
when creating revocable credential definitions. - Remove
credential_definition_id
when revoking a credential. - Remove
handshake_protocols
when creating OOB invitations - Remove
trace
when creating proof requests.
With regards to changes to our response models:
- If you are asserting that a 200 status code is returned when deleting a connection record, instead of a general success response, it should now expect a 204.
For those working closely with the Swagger/OpenAPI specification:
- We recommend that users of OpenAPI autogenerated clients should regenerate the client using the latest specifications, in order to reflect all the latest updates.
If you have any questions about these changes, please feel free to contact us!
What's Changed
- 🧪 skip ledger-related tests when in regression mode by @ff137 in #807
- 🎨 Update trust registry models by @ff137 in #808
- ⬆️ Update pylint requirement from ~=3.1.0 to ~=3.2.0 by @dependabot in #809
- ⬆️ Bump helmfile/helmfile-action from 1.9.0 to 1.9.1 by @dependabot in #810
- Definitions swagger update by @cl0ete in #793
- ✨ Speed up tests by adjusting fixture scope by @ff137 in #813
- ✅ test coverage for connection routes by @ff137 in #816
- ⬆️ Update setuptools requirement from ~=69.5.1 to ~=70.0.0 by @dependabot in #819
- ⬆️ Update typing-extensions requirement from ~=4.11.0 to ~=4.12.0 by @dependabot in #822
- ⬆️ Bump SonarSource/sonarcloud-github-action from 2.1.1 to 2.2.0 by @dependabot in #823
- ⬆️ Update pylint requirement from ~=3.2.0 to ~=3.2.2 by @dependabot in #821
- ⬆️ Update uvicorn[standard] requirement from ~=0.29.0 to ~=0.30.0 by @dependabot in #828
- ⬆️ Update anyio requirement from ~=4.3.0 to ~=4.4.0 by @dependabot in #830
- ➖ Remove unused dependency:
watchfiles
by @dependabot in #829 - Add regression test logic to pipeline by @wdbasson in #806
- Swagger updates message oob by @cl0ete in #804
- Predicate proof tests by @cl0ete in #827
- ⬆️ Upgrade ACA-Py version to 0.12.1 by @ff137 in #758
- ✅ test coverage for wallet-dids routes by @ff137 in #841
- Update verifier endpoints swagger docs by @cl0ete in #781
- ✅ test coverage for issuer routes by @ff137 in #843
- 📝 Update openapi specs by @ff137 in #844
- Only comment test coverage on Pull Request by @rblaine95 in #845
- Only comment test coverage on Pull Request (Take 2) by @rblaine95 in #846
- ⬆️ Update setuptools requirement from ~=70.0.0 to ~=70.1.0 by @dependabot in #848
- ⬆️ Bump SonarSource/sonarcloud-github-action from 2.2.0 to 2.3.0 by @dependabot in #840
Full Changelog: v3.2.5-0.11.0...v3.3.0-0.12.1
v3.2.5-0.11.0
Summary
Purpose of release is to include the latest regression tests:
- asserting a valid credential is still valid, and
- asserting a revoked credential is still revoked.
Other noteworthy inclusions:
- ✨ The /revoke endpoint request body no longer takes the optional
credential_definition_id
field - 🎨 In credential exchange records, the field
credential_id
will be renamed tocredential_exchange_id
. Currently it is aliased (both field names are available), withcredential_id
marked as deprecated⚠️ - 📝 Swagger docs are seeing a significant overhaul 🎨
What's Changed
- ⬆️ Update redis requirement from ~=5.1.0b4 to ~=5.1.0b5 by @dependabot in #800
- ⬆️ Bump codacy/codacy-analysis-cli-action from 4.4.0 to 4.4.1 by @dependabot in #801
- Regression test revoked credential by @cl0ete in #795
- ⬆️ Update black requirement from ~=24.4.0 to ~=24.4.2 by @dependabot in #787
- ✨ Don't delete the credential when deleting credential exchange record by @ff137 in #803
- 🎨 rename
credential_id
tocredential_exchange_id
and⚠️ mark old field as deprecated by @ff137 in #802 - 🎨 update revoke credential request body and ✅ add tests with auto-publish true by @ff137 in #777
- Update issuer endpoint docs by @cl0ete in #778
- Update Connections doc strings by @cl0ete in #792
- Regression test valid credential by @cl0ete in #805
Full Changelog: v3.2.4-0.11.0...v3.2.5-0.11.0
v3.2.4-0.11.0
Summary
Most of the PRs here are for improved test coverage and dependabot upgrades.
Apart from that:
- 🐛 Bug fix: ValidationError exception handling #772
- ✨ Revocation service can now accept credential_exchange_id's prefixed with
v1-
orv2-
#776 - ✨ Rejecting a proof request now has a flag to optionally delete the proof exchange record that is associated with the proof being rejected #783
- 👷 Implementation of Lago Billing manager service #715
- 👷 Initial NATS JetStream infra config #754
- 🧪 Initial regression testing framework #780
What's Changed
- ⏪ Remove wallet-patch endpoint and revert valid group assertion by @ff137 in #751
- 👷 Update dependabot schedule by @ff137 in #755
- ✅ Enhanced test coverage for endorser service by @ff137 in #752
- Unit tests for trustregistry.crud by @cl0ete in #757
- ✅ Remove sleeps from public did tests by @ff137 in #753
- ⬆️ Upgrade python version to 3.12 by @ff137 in #702
- ⬆️ Update pydantic requirement from ~=2.6.4 to ~=2.7.0 by @dependabot in #761
- ⬆️ Update black requirement from ~=24.3.0 to ~=24.4.0 by @dependabot in #760
- Test trust registry endpoints by @cl0ete in #759
- ✅ Test coverage for verifier service by @ff137 in #762
- Add nats jetstream cluster for local dev with persistent storage by @henrymsiska in #754
- Add Lago billing manager by @cl0ete in #715
- 📝 Add openapi specs to project by @ff137 in #763
- ⬆️ Upgrade to latest cloudcontroller (openapi v7.4.0) by @ff137 in #734
- Added test for
StringList
type decorator by @cl0ete in #764 - ⬆️ Upgrade to latest cloudcontroller (openapi v7.5.0) by @ff137 in #765
- Add tests for
trustregistry/main.py
by @cl0ete in #766 - ✅ Test coverage for app.main and app.dependencies by @ff137 in #767
- Added tests for
trustregistry/db.py
by @cl0ete in #768 - ✅ Test coverage for app.models by @ff137 in #769
- ⬆️ Update setuptools requirement from ~=69.2.0 to ~=69.5.1 by @dependabot in #770
- 🐛 fix ValidationError exception handling by @ff137 in #772
- ✨ strip protocol prefix from cred ex id in revocation service by @ff137 in #776
- Fix reject proof request by @cl0ete in #783
- 🎨 Cleanup and parametrize verifier tests by @ff137 in #789
- ⬆️ Update fastapi requirement from ~=0.110.0 to ~=0.111.0 by @dependabot in #790
- ⬆️ Update pytest requirement from ~=8.1.1 to ~=8.2.0 by @dependabot in #791
- 🧪 Initial regression testing framework by @ff137 in #780
- 📝 Update openapi spec by @ff137 in #794
New Contributors
- @henrymsiska made their first contribution in #754
Full Changelog: v3.2.3-0.11.0...v3.2.4-0.11.0
v3.2.3-0.11.0
What's Changed
- ✅ Enhanced test coverage for webhooks service by @ff137 in #748
- ✨ Implement temporary endpoint to patch wallets with old group_id by @ff137 in #750
Full Changelog: v3.2.2-0.11.0...v3.2.3-0.11.0
v3.2.2-0.11.0
Summary
🐛 Bug fix:
- Fixed a race condition when creating credential definitions, where a 404 could be raised after successfully creating a cred def
🩹 Patch wallet access for wallets with None group_id:
- Fixed a breaking change where the group-scoping for wallet access would prevent access to wallets that were created before the group_id plugin was fixed to register the attribute correctly
Apart from that, changes include dependency upgrades and expanded test coverage.
What's Changed
- Make the latest docker tag condition more concise by @rblaine95 in #736
- ✅ Test coverage for admin-tenants route by @ff137 in #738
- ⬆️ Update typing-extensions requirement from ~=4.10.0 to ~=4.11.0 by @dependabot in #740
- ⬆️ Update sse-starlette requirement from ~=2.0.0 to ~=2.1.0 by @dependabot in #739
- ⬆️ Update orjson requirement from ~=3.9.15 to ~=3.10.0 by @dependabot in #742
- ⬆️ Bump helmfile/helmfile-action from 1.8.0 to 1.9.0 by @dependabot in #743
- Bump Helm, Helmfile, and Tailscale by @rblaine95 in #744
- 🐛 Fix race condition when creating credential definitions by @ff137 in #746
- ✅ Test coverage for webhooks SSE route by @ff137 in #745
- 🩹 Fix wallet access being restricted when group_id is null by @ff137 in #747
Full Changelog: v3.2.1-0.11.0...v3.2.2-0.11.0
v3.2.1-0.11.0
What's Changed
- 🔒 Forbid wallet actions if wallet doesn't belong to group by @ff137 in #730
- 📝 Update tenant-admin Swagger docs to include CloudAPI description by @ff137 in #731
- ✅ Tests: parametrize protocol version in issuer tests by @ff137 in #589
- 🩹 Invalidate proof if no associated schema_ids found by @ff137 in #732
- ⬆️ Upgrade pydantic and cloudcontroller by @ff137 in #733
- 🩹 Fix WebSocket callback function by @ff137 in #735
Full Changelog: v3.2.0-0.11.0...v3.2.1-0.11.0
v3.2.0-0.11.0
🔒 Webhook event scoping by group
- For SSE and Websocket events, tenant-admins can now only subscribe to wallet_ids for their group (i.e. wallets they've created).
- With Websockets, subscribing by topic (
/ws/topic/
) now only returns webhook events belonging to that group.
✨ New Features
- New websocket endpoint:
- the base websocket route (
/ws/
) now returns all webhook events belonging to the tenant-admin's group.
- the base websocket route (
look_back
query parameter option for SSE endpoints:- This specifies a duration in seconds for recent events to be included in the response.
- Default behaviour is to include events from 30 seconds before the stream started.
What's Changed
- ✨ Validate wallet_id belongs to group_id in SSE subscriptions by @ff137 in #712
- Don't write Pytest Coverage unless PR by @rblaine95 in #713
- ✨ Configure SseListeners in tests with retry logic by @ff137 in #716
- ✨ add group_id to websocket subscriptions by @ff137 in #714
- ✨ Add
group_id
query parameter to SSE endpoints by @ff137 in #717 - ⬆️ Update pytest-cov requirement from ~=4.1.0 to ~=5.0.0 by @dependabot in #721
- ⬆️ Update pre-commit requirement from ~=3.6.0 to ~=3.7.0 by @dependabot in #720
- ✅ Test coverage for SSE service by @ff137 in #718
- ✨ add
look_back
query param to SSE routes by @ff137 in #723 - ✏️ Resolve typos by @ff137 in #724
- 🔇 Do not log credential attributes by @ff137 in #725
- 📝 Update websocket documentation to include new endpoint by @ff137 in #729
Full Changelog: v3.1.1-0.11.0...v3.2.0-0.11.0