v3.4.0

v3.4.0 Release Summary

Our latest release is packed with improvements, including an upgrade to ACA-Py's latest v1.0.0 release, together with performance enhancements and new features!

Below are the detailed changes, with recommended actions at the end:

✨ New Features

Pagination with Ordering Support

A key feature in this release is pagination support for fetching tenants, connection records, credential exchange records, and proof records. This allows for improved performance and scalability when working with potentially thousands of tenants or records.

The following query parameters are now available:

• limit: Specifies the number of records to return.
• offset: Specifies the starting point for fetching records.
• descending: Controls the order of results based on the created_at timestamp.

These parameters are supported on the following routes:

• Tenant-admin API: GET /v1/tenants
• Tenant API: GET /v1/connections, GET /v1/issuer/credentials, GET /v1/verifier/proofs

By default, results are ordered with descending=true, which returns the most recently created records at the top. Set descending=false to retrieve the oldest records first.

Example usage:

• GET /v1/tenants?limit=10&descending=false will fetch the oldest 10 tenant records.
• GET /v1/tenants?limit=10&offset=10&descending=false will return the next 10 records.
• GET /v1/connections?limit=1 will return the most recently created connection record.

The maximum allowable limit is 10'000, to prevent excessively large fetch queries.

NB: The default behaviour, when limit is not specified, will now return 1'000 records, instead of the previous default of returning all records. This represents a 💥 breaking change for integrations that previously expected all records to be returned in a single call.

Note on Custom Ordering:
Due to encrypted storage, custom ordering during record retrieval is not supported. Therefore, to correctly order by updated_at, for example, all records must be fetched before applying custom ordering in post-processing. We plan to support this in a future release, but for now, clients requiring custom ordering will need to implement it after retrieving all records.

New Query Parameters for Fetching Matching Credentials

The GET /v1/verifier/proofs/{proof_id}/credentials endpoint returns matching credentials for a proof request. Previously the default behaviour would return up to 10 valid credentials. This endpoint now also supports limit and offset query parameters, to benefit from pagination functionality, together with an additional referent query parameter that allows filtering by presentation referent as well.

New Response Model for /revoke Endpoint

The /v1/issuer/credentials/revoke endpoint no longer returns an empty success response (204). Instead, it now returns a RevokedResponse model, providing clearer confirmation of which credential revocation IDs have been successfully published in the request.

New Endpoint: Get Pending Revocations

We’ve introduced a new endpoint, GET /v1/issuer/credentials/get-pending-revocations/{revocation_registry_id}, which allows you to retrieve pending revocations for a given revocation registry ID. This provides better insight into revocation statuses and assists in managing revocation workflows more effectively.

❗ Action Required

To maintain compatibility with the changes in this release, please take the following actions:

• For the /v1/issuer/credentials/revoke endpoint: Update your integrations to handle the new RevokedResponse model.
• For pagination: Review and update any usage of the affected endpoints to incorporate limit, offset, and descending parameters as necessary.
  • If you previously expected all records to be returned in a single call, you must now explicitly specify a limit that meets your needs. If your dataset exceeds 10,000 records, fetching all records will require multiple iterative calls.
  • To fetch all records:
    • Begin by calling the endpoint with your desired limit (up to 10,000) and an initial offset of 0.
    • Continue making calls, incrementing the offset by the limit value, until the response is either empty or contains fewer records than the requested limit.

We also recommend regenerating any OpenAPI clients to reflect all the latest changes.

---

If you have any questions about these changes, please feel free to contact us!

---

What's Changed

• ⬆️ Bump docker/build-push-action from 5 to 6 by @dependabot in #849
• ⬆️ upgrade to latest ACA-Py build by @ff137 in #839
• Update Helm, Helmfile, and Tailscale by @rblaine95 in #853
• Create a service for definitions endpoints by @cl0ete in #842
• ⬆️ Update setuptools requirement from ~=70.1.0 to ~=70.2.0 by @dependabot in #858
• ⬆️ Update pydantic requirement from ~=2.7.0 to ~=2.8.2 by @dependabot in #859
• ⬆️ ACA-Py 1.0.0rc4 by @ff137 in #861
• ⬆️ Bump MishaKav/pytest-coverage-comment from 1.1.51 to 1.1.52 by @dependabot in #852
• ⬆️ Bump codacy/codacy-analysis-cli-action from 4.4.1 to 4.4.5 by @dependabot in #865
• ✨ Pagination support for fetching wallets, connections, cred ex and proof records by @ff137 in #850
• ⬆️ update redis events plugin to latest release by @ff137 in #870
• Definition routes/services unit tests by @cl0ete in #857
• ✅ ensure test tenants are deleted upon test failure by @ff137 in #878
• ✅ adjust sleep durations in tests by @ff137 in #879
• ✨ better dependency management with Poetry by @ff137 in #863
• ⬆️ Bulk dependency upgrades by @ff137 in #900
• 🐛 Fix scanning of redis keys by @ff137 in #898
• ⬆️ Bump pytest from 8.3.1 to 8.3.2 in /app by @dependabot in #913
• 👷 K6 by @wdbasson in #897
• 👷 K6 refactor by @wdbasson in #917
• 👷 K6 create issuers by @wdbasson in #918
• 🎨 👷‍♂️ Make Markdownlint happy in k6 readme by @rblaine95 in #920
• 🎨 👷‍♂️ K6 run Biome Lint and Format by @rblaine95 in #921
• 🔧 Increase default pagination limit to 1000 and ✅ fix regression tests when fetching many records by @ff137 in #953
• ⬆️ Bump docker/build-push-action from 5 to 6 by @dependabot in #952
• ⬆️ Bulk dependency upgrades: black, fastapi, uvicorn, aiohttp by @ff137 in #950
• 🎨 fix lint warnings by @ff137 in #951
• ⬆️ Upgrade redis and redis_events plugin dependencies by @ff137 in #956
• Revoc reg size by @wdbasson in #958
• 👷 Increase deploy timeout by @wdbasson in #960
• ✅ Add self_attested_attributes e2e test by @cl0ete in #922
• 🩹 Remove _backfill_events method from webhooks service startup by @ff137 in #961
• 🩹 Increase expiry time of redis webhook event locks by @ff137 in #963
• ✅ K6 cred def by @wdbasson in #974
• ⬆️ Upgrade dependencies: aiohttp, orjson, pyjwt, pyyaml by @ff137 in #973
• Configure global concurrency by @wdbasson in #976
• 🩹 Increase issuer-endorser connection timeout to 15s by @wdbasson in #964
• ✅ fix regression tests when fetching "trust registry" connections by @ff137 in #975
• ⚡✅ Add pytest-xdist to pytest container by @wdbasson in #977
• ✅ Ensure e2e test resources are always cleaned up by @ff137 in #981
• 🎨 Ensure appropriate log levels for a production context by @ff137 in #980
• 🧑‍💻 Remove patch proxy CICD logic by @wdbasson in #979
• ✅ fix test to work with pytest-xdist by @ff137 in #98...

v3.3.2-0.12.1

Full Changelog: v3.3.1-0.12.1...v3.3.2-0.12.1

v3.3.1-0.12.1

Full Changelog: v3.3.0-0.12.1...v3.3.1-0.12.1

v3.3.0-0.12.1

v3.3.0 Release Summary

Our latest release brings several enhancements, including an upgrade to the latest ACA-Py release, improvements in credential revocation, expanded documentation, and some important deprecations and model changes.

Below are the detailed changes, with recommended actions at the end:

⬆️ Upgrade to latest ACA-Py release (0.12.1)

• Includes latest improvements and security updates.
• The latest features, such as anoncreds support, will be implemented in a future release.

✨ Revoking a credential now asserts successful publishing

Revoking a credential with auto_publish_to_ledger=True, or publishing pending revocations, now includes a wait to assert that revocations are successfully published to the ledger.

📝 Documentation

Our Swagger/OpenAPI documentation has seen significant improvements, with more detailed descriptions and examples to clarify the functionality of different endpoints. More documentation improvements are coming soon! In the meantime, we welcome any requests for more specific examples, use cases, or further improvements. Feel free to let us know and we can be of assistance.

⚠️ Deprecations

• Endpoint: /v1/issuer/credentials/{credential_exchange_id}/store
  • Credentials are auto-stored after being accepted, and so this endpoint is no longer needed, and marked as deprecated.
• The model CredentialExchange contains a credential_id field, which is now renamed to credential_exchange_id, for clarity.
  • The old name credential_id is preserved for backward compatibility, and marked as deprecated.

Note: This deprecation notice will be followed by a sunset notice in an upcoming release, after which the relevant features will be removed in subsequent release. There will be at least 1 month before removal.

🎨 Changes to our request and response models

These are mostly minor changes that may have impact on integrations.

Request Models:

• CreateCredentialDefinition request body for POST /v1/definitions/credentials no longer takes a revocation_registry_size option (the maximum possible size is now always used, as this is recommended to minimise ledger write operations).
• RevokeCredential request body for /v1/issuer/credentials/revoke endpoint no longer takes a credential_definition_id field.
• CreateOobInvitation request body for /v1/oob/create-invitation no longer takes a handshake_protocols field.
• The trace field has been removed from the create and send proof request models, as this only had internal usage.
• The Credential model used in sending LD Proof credentials now accepts an optional credentialStatus.
• Options when sending an LD Proof now accept a new field: verificationMethod.

Response Models:

• DELETE /v1/connections/{connection_id} now returns a 204 status code, instead of a 200 with an empty response.
• OobRecord, the response when accepting an OOB invitation, now includes a multi_use field, indicating if it allows for multiple uses.
• InvitationResult, the response when creating a connection invitation, now has all fields required, guaranteeing they are populated in our responses.
• The DID model, returned in our wallet-dids API, now guarantees required fields: did, key_type, method, posture, verkey.

❗ Action Required

With regards to the deprecations:

• Ensure that the /store endpoint is no longer needed in your applications.
• Update any usage of credential_id to credential_exchange_id when working with credential exchange records.

The following is related to fields removed from our requests. They can still be passed, but will now have no effect. We recommend:

• Remove revocation_registry_size when creating revocable credential definitions.
• Remove credential_definition_id when revoking a credential.
• Remove handshake_protocols when creating OOB invitations
• Remove trace when creating proof requests.

With regards to changes to our response models:

• If you are asserting that a 200 status code is returned when deleting a connection record, instead of a general success response, it should now expect a 204.

For those working closely with the Swagger/OpenAPI specification:

• We recommend that users of OpenAPI autogenerated clients should regenerate the client using the latest specifications, in order to reflect all the latest updates.

---

If you have any questions about these changes, please feel free to contact us!

---

What's Changed

• 🧪 skip ledger-related tests when in regression mode by @ff137 in #807
• 🎨 Update trust registry models by @ff137 in #808
• ⬆️ Update pylint requirement from ~=3.1.0 to ~=3.2.0 by @dependabot in #809
• ⬆️ Bump helmfile/helmfile-action from 1.9.0 to 1.9.1 by @dependabot in #810
• Definitions swagger update by @cl0ete in #793
• ✨ Speed up tests by adjusting fixture scope by @ff137 in #813
• ✅ test coverage for connection routes by @ff137 in #816
• ⬆️ Update setuptools requirement from ~=69.5.1 to ~=70.0.0 by @dependabot in #819
• ⬆️ Update typing-extensions requirement from ~=4.11.0 to ~=4.12.0 by @dependabot in #822
• ⬆️ Bump SonarSource/sonarcloud-github-action from 2.1.1 to 2.2.0 by @dependabot in #823
• ⬆️ Update pylint requirement from ~=3.2.0 to ~=3.2.2 by @dependabot in #821
• ⬆️ Update uvicorn[standard] requirement from ~=0.29.0 to ~=0.30.0 by @dependabot in #828
• ⬆️ Update anyio requirement from ~=4.3.0 to ~=4.4.0 by @dependabot in #830
• ➖ Remove unused dependency: watchfiles by @dependabot in #829
• Add regression test logic to pipeline by @wdbasson in #806
• Swagger updates message oob by @cl0ete in #804
• Predicate proof tests by @cl0ete in #827
• ⬆️ Upgrade ACA-Py version to 0.12.1 by @ff137 in #758
• ✅ test coverage for wallet-dids routes by @ff137 in #841
• Update verifier endpoints swagger docs by @cl0ete in #781
• ✅ test coverage for issuer routes by @ff137 in #843
• 📝 Update openapi specs by @ff137 in #844
• Only comment test coverage on Pull Request by @rblaine95 in #845
• Only comment test coverage on Pull Request (Take 2) by @rblaine95 in #846
• ⬆️ Update setuptools requirement from ~=70.0.0 to ~=70.1.0 by @dependabot in #848
• ⬆️ Bump SonarSource/sonarcloud-github-action from 2.2.0 to 2.3.0 by @dependabot in #840

Full Changelog: v3.2.5-0.11.0...v3.3.0-0.12.1

v3.2.5-0.11.0

Summary

Purpose of release is to include the latest regression tests:

• asserting a valid credential is still valid, and
• asserting a revoked credential is still revoked.

Other noteworthy inclusions:

• ✨ The /revoke endpoint request body no longer takes the optional credential_definition_id field
• 🎨 In credential exchange records, the field credential_id will be renamed to credential_exchange_id. Currently it is aliased (both field names are available), with credential_id marked as deprecated ⚠️
• 📝 Swagger docs are seeing a significant overhaul 🎨

What's Changed

• ⬆️ Update redis requirement from ~=5.1.0b4 to ~=5.1.0b5 by @dependabot in #800
• ⬆️ Bump codacy/codacy-analysis-cli-action from 4.4.0 to 4.4.1 by @dependabot in #801
• Regression test revoked credential by @cl0ete in #795
• ⬆️ Update black requirement from ~=24.4.0 to ~=24.4.2 by @dependabot in #787
• ✨ Don't delete the credential when deleting credential exchange record by @ff137 in #803
• 🎨 rename credential_id to credential_exchange_id and ⚠️ mark old field as deprecated by @ff137 in #802
• 🎨 update revoke credential request body and ✅ add tests with auto-publish true by @ff137 in #777
• Update issuer endpoint docs by @cl0ete in #778
• Update Connections doc strings by @cl0ete in #792
• Regression test valid credential by @cl0ete in #805

Full Changelog: v3.2.4-0.11.0...v3.2.5-0.11.0

v3.2.4-0.11.0

Summary

Most of the PRs here are for improved test coverage and dependabot upgrades.

Apart from that:

• 🐛 Bug fix: ValidationError exception handling #772
• ✨ Revocation service can now accept credential_exchange_id's prefixed with v1- or v2- #776
• ✨ Rejecting a proof request now has a flag to optionally delete the proof exchange record that is associated with the proof being rejected #783
• 👷 Implementation of Lago Billing manager service #715
• 👷 Initial NATS JetStream infra config #754
• 🧪 Initial regression testing framework #780

What's Changed

• ⏪ Remove wallet-patch endpoint and revert valid group assertion by @ff137 in #751
• 👷 Update dependabot schedule by @ff137 in #755
• ✅ Enhanced test coverage for endorser service by @ff137 in #752
• Unit tests for trustregistry.crud by @cl0ete in #757
• ✅ Remove sleeps from public did tests by @ff137 in #753
• ⬆️ Upgrade python version to 3.12 by @ff137 in #702
• ⬆️ Update pydantic requirement from ~=2.6.4 to ~=2.7.0 by @dependabot in #761
• ⬆️ Update black requirement from ~=24.3.0 to ~=24.4.0 by @dependabot in #760
• Test trust registry endpoints by @cl0ete in #759
• ✅ Test coverage for verifier service by @ff137 in #762
• Add nats jetstream cluster for local dev with persistent storage by @henrymsiska in #754
• Add Lago billing manager by @cl0ete in #715
• 📝 Add openapi specs to project by @ff137 in #763
• ⬆️ Upgrade to latest cloudcontroller (openapi v7.4.0) by @ff137 in #734
• Added test for StringList type decorator by @cl0ete in #764
• ⬆️ Upgrade to latest cloudcontroller (openapi v7.5.0) by @ff137 in #765
• Add tests for trustregistry/main.py by @cl0ete in #766
• ✅ Test coverage for app.main and app.dependencies by @ff137 in #767
• Added tests for trustregistry/db.py by @cl0ete in #768
• ✅ Test coverage for app.models by @ff137 in #769
• ⬆️ Update setuptools requirement from ~=69.2.0 to ~=69.5.1 by @dependabot in #770
• 🐛 fix ValidationError exception handling by @ff137 in #772
• ✨ strip protocol prefix from cred ex id in revocation service by @ff137 in #776
• Fix reject proof request by @cl0ete in #783
• 🎨 Cleanup and parametrize verifier tests by @ff137 in #789
• ⬆️ Update fastapi requirement from ~=0.110.0 to ~=0.111.0 by @dependabot in #790
• ⬆️ Update pytest requirement from ~=8.1.1 to ~=8.2.0 by @dependabot in #791
• 🧪 Initial regression testing framework by @ff137 in #780
• 📝 Update openapi spec by @ff137 in #794

New Contributors

• @henrymsiska made their first contribution in #754

Full Changelog: v3.2.3-0.11.0...v3.2.4-0.11.0

v3.2.3-0.11.0

What's Changed

• ✅ Enhanced test coverage for webhooks service by @ff137 in #748
• ✨ Implement temporary endpoint to patch wallets with old group_id by @ff137 in #750

Full Changelog: v3.2.2-0.11.0...v3.2.3-0.11.0

v3.2.2-0.11.0

Summary

🐛 Bug fix:

• Fixed a race condition when creating credential definitions, where a 404 could be raised after successfully creating a cred def

🩹 Patch wallet access for wallets with None group_id:

• Fixed a breaking change where the group-scoping for wallet access would prevent access to wallets that were created before the group_id plugin was fixed to register the attribute correctly

Apart from that, changes include dependency upgrades and expanded test coverage.

What's Changed

• Make the latest docker tag condition more concise by @rblaine95 in #736
• ✅ Test coverage for admin-tenants route by @ff137 in #738
• ⬆️ Update typing-extensions requirement from ~=4.10.0 to ~=4.11.0 by @dependabot in #740
• ⬆️ Update sse-starlette requirement from ~=2.0.0 to ~=2.1.0 by @dependabot in #739
• ⬆️ Update orjson requirement from ~=3.9.15 to ~=3.10.0 by @dependabot in #742
• ⬆️ Bump helmfile/helmfile-action from 1.8.0 to 1.9.0 by @dependabot in #743
• Bump Helm, Helmfile, and Tailscale by @rblaine95 in #744
• 🐛 Fix race condition when creating credential definitions by @ff137 in #746
• ✅ Test coverage for webhooks SSE route by @ff137 in #745
• 🩹 Fix wallet access being restricted when group_id is null by @ff137 in #747

Full Changelog: v3.2.1-0.11.0...v3.2.2-0.11.0

v3.2.1-0.11.0

What's Changed

• 🔒 Forbid wallet actions if wallet doesn't belong to group by @ff137 in #730
• 📝 Update tenant-admin Swagger docs to include CloudAPI description by @ff137 in #731
• ✅ Tests: parametrize protocol version in issuer tests by @ff137 in #589
• 🩹 Invalidate proof if no associated schema_ids found by @ff137 in #732
• ⬆️ Upgrade pydantic and cloudcontroller by @ff137 in #733
• 🩹 Fix WebSocket callback function by @ff137 in #735

Full Changelog: v3.2.0-0.11.0...v3.2.1-0.11.0

v3.2.0-0.11.0

🔒 Webhook event scoping by group

• For SSE and Websocket events, tenant-admins can now only subscribe to wallet_ids for their group (i.e. wallets they've created).
• With Websockets, subscribing by topic (/ws/topic/) now only returns webhook events belonging to that group.

✨ New Features

• New websocket endpoint:
  • the base websocket route (/ws/) now returns all webhook events belonging to the tenant-admin's group.
• look_back query parameter option for SSE endpoints:
  • This specifies a duration in seconds for recent events to be included in the response.
  • Default behaviour is to include events from 30 seconds before the stream started.

What's Changed

• ✨ Validate wallet_id belongs to group_id in SSE subscriptions by @ff137 in #712
• Don't write Pytest Coverage unless PR by @rblaine95 in #713
• ✨ Configure SseListeners in tests with retry logic by @ff137 in #716
• ✨ add group_id to websocket subscriptions by @ff137 in #714
• ✨ Add group_id query parameter to SSE endpoints by @ff137 in #717
• ⬆️ Update pytest-cov requirement from ~=4.1.0 to ~=5.0.0 by @dependabot in #721
• ⬆️ Update pre-commit requirement from ~=3.6.0 to ~=3.7.0 by @dependabot in #720
• ✅ Test coverage for SSE service by @ff137 in #718
• ✨ add look_back query param to SSE routes by @ff137 in #723
• ✏️ Resolve typos by @ff137 in #724
• 🔇 Do not log credential attributes by @ff137 in #725
• 📝 Update websocket documentation to include new endpoint by @ff137 in #729

Full Changelog: v3.1.1-0.11.0...v3.2.0-0.11.0