Skip to content

Releases: didx-xyz/acapy-cloud

v4.3.1

03 Mar 13:26
a417085
Compare
Choose a tag to compare

acapy-cloud v4.3.1 Release Notes

This patch release includes minor improvements to enhance performance and stability.

Key changes:

  • Waypoint enhancements – Improved NATS subscription config and better handling of timeouts.
  • Added credential_id field to the IndyCredPrecis / IndyCredInfo model, since referent is deprecated. The OpenAPI names for these models have been modified to CredPrecis / CredInfo
  • Various dependency upgrades, DevOps improvements and deployment optimizations.

What's Changed

Full Changelog: v4.3.0...v4.3.1

v4.3.0

17 Feb 16:41
b07db08
Compare
Choose a tag to compare

acapy-cloud v4.3.0 Release Notes

This marks the first release under our new project name: acapy-cloud!

Previously called aries-cloudapi-python, our project has been rebranded to align with the hyperledger/aries-cloudagent-python project's move to the OpenWallet Foundation under its new official name: acapy.

Along with this milestone, we are pleased to announce that the project is now fully open-sourced. 🎉

Summary

There are no breaking changes or deprecation announcements.

Since the previous release, a primary focus has been to make end-to-end tests more robust, and to achieve stability under high loads.

Our CICD pipelines have been extensively refactored, ensuring faster deployments, and using our newly open-sourced Helm charts that were previously tucked away on a private repo. Special shoutout to @rblaine95 for the great work! 👏

What's Changed

Full Changelog: v4.2.0...v4.3.0

v4.2.0

13 Dec 14:39
059be4c
Compare
Choose a tag to compare

This release includes various improvements - a detailed summary is as follows:

💥 API Changes:
Tenant-Admin changes:

  • the success status code for the delete tenant endpoint has changed from 200 to 204
  • GET /v1/tenants/{wallet_id}/access-token has been deprecated in favour of POST /v1/tenants/{wallet_id}/access-token

Tenant changes:

  • DIDCreate has an options field which is now deprecated, where the nested key_type and did fields that it contained have been moved up one level to the main request body.
  • OpenAPI change: revocation endpoints are now tagged under revocation, instead of issuer

✨ New features:

  • A new endpoint has been added for fixing revocation registry state, when the issuer state is out of sync with the ledger: /v1/issuer/credentials/fix-revocation-registry/{revocation_registry_id}
  • A new query param has been added for POST /v1/issuer/{credential_exchange_id}/request: save_exchange_record, to control whether record is preserved from holder's side.
  • save_exchange_record is now Optional
    • previously it was either True or False; meaning that the wallet's default settings were always overridden with the specific request. We now support a "None" option as well, which uses the wallet's configuration.
    • affects the issuer and verifier endpoints for sending/accepting credentials or proofs.

👷 Internal improvements:

  • fixed a bug where onboarding an issuer could fail, but still write their public did to the ledger
  • automatically resubscribe NATS upon timeout errors in the endorser and waypoint services
  • improved ACA-Py log levels and reduced noise

What's Changed

Full Changelog: v4.1.0...v4.2.0

v4.1.0-1

02 Dec 21:23
Compare
Choose a tag to compare

Relevant changes in v4.1.0 and v4.1.0-1

Breaking Changes

  1. GET /v1/wallet/credentials

    • Query parameters count and start have been renamed to limit and offset.
  2. GET /v1/wallet/credentials/w3c

    • Changes to query parameters:
      • count has been renamed to limit.
      • start and wql parameters have been removed, as these are not implemented in ACA-Py.
      • New filtering fields issuer_did and schema_ids have been added.

Deprecations

  1. Field Deprecations in Indy Credentials

    • The referent field in the Indy credential object (IndyCredInfo) and the list response (CredInfoList) is now deprecated.
    • A new field credential_id has been introduced as its replacement.
    • Affected endpoints:
      • GET /v1/wallet/credentials
      • GET /v1/wallet/credentials/{credential_id}
  2. Field Deprecations in W3C Credentials

    • The record_id field in the W3C credential object (VCRecord) and the list response (VCRecordList) is now deprecated.
    • A new field credential_id has been introduced as its replacement.
    • Affected endpoints:
      • GET /v1/wallet/credentials/w3c
      • GET /v1/wallet/credentials/w3c/{credential_id}

Full Changelog: v4.1.0...v4.1.0-1

v4.1.0

14 Nov 16:32
01e1d67
Compare
Choose a tag to compare

What's Changed

Full Changelog: v4.0.1...v4.1.0

v4.0.1-1

12 Nov 08:25
Compare
Choose a tag to compare

Full Changelog: v4.0.1...v4.0.1-1

v4.0.1

07 Nov 13:12
96560f1
Compare
Choose a tag to compare

What's Changed

  • 🧪 Skip test which modifies Faber wallet settings by @ff137 in #1126
  • ⬆️ Bump helmfile/helmfile-action from 1.9.2 to 1.9.3 by @dependabot in #1131
  • ⬆️ Upgrade uvicorn and update lock files by @ff137 in #1132
  • 📝 Update Waypoint doc & SSE docstring by @cl0ete in #1118
  • ⬆️ Upgrade ddtrace (2.14.4) by @ff137 in #1134
  • ⬆️ Upgrade to our 1.1.1b0 acapy release by @ff137 in #1136
  • ⬆️ Bump MishaKav/pytest-coverage-comment from 1.1.52 to 1.1.53 by @dependabot in #1117
  • 🐛 fix DidRotate Hangup error by @ff137 in #1138
  • ⚡ Waypoint start time by @cl0ete in #1137
  • ➕ Add ddtrace to waypoint by @ff137 in #1139
  • ⬆️ Upgrade cloudcontroller by @ff137 in #1140
  • ✨ Implement retry logic in RichAsyncClient by @ff137 in #1141
  • ⚡ replace FastAPI JSONResponse with ORJSONResponse by @ff137 in #1144
  • ✨ improve acapy exception handling by @ff137 in #1142
  • ⚡️ add state monitoring stream by @henrymsiska in #1143

Full Changelog: v4.0.0...v4.0.1

v4.0.0

17 Oct 15:38
c6b887e
Compare
Choose a tag to compare

v4.0.0 Release Summary

We’re excited to announce the release of v4.0.0, which marks a significant milestone in our platform's evolution. This release is packed with new features, improvements, and critical changes that streamline development, enhance integration with webhook events, and simplify protocol interactions. Read on for all the details!

✨ New Features

NATS for Webhook Event Processing & SSE Changes

We’ve replaced our Webhook service, previously reliant on Redis, with NATS JetStream and Benthos for storing and processing webhook events. This update significantly improves scalability and reliability for event processing. As a result, all consumers are now recommended to use NATS for webhook event subscriptions.

Additionally, the deprecated /webhooks and websocket endpoints have been completely removed. Several SSE endpoints have also been removed as part of this migration, simplifying the system. The following SSE endpoints are no longer available:

  • /sse/{wallet_id}
  • /sse/{wallet_id}/{topic}
  • /sse/{wallet_id}/{topic}/{desired_state}
  • /sse/{wallet_id}/{topic}/{field}/{field_id}

Moving forward, there is only one SSE endpoint:

  • /sse/{wallet_id}/{topic}/{field}/{field_id}/{desired_state}

For all other event subscriptions, we recommend switching to NATS.

DID-Rotate and DID-Exchange Protocol Support

We’ve introduced support for DID-Rotate and DID-Exchange methods, providing more flexible DID management throughout the lifecycle of a connection.

Notably, connections established using the DID-Exchange protocol can now utilize the hangup feature, which automatically deletes the connection record for both parties. Previously, with the old connections protocol, deleting a connection record would leave the other party with an unusable connection, as they would not be aware of its deletion. With DID-Exchange, this issue is resolved, and connections are automatically hung up when the DID-Exchange record is deleted.

The old connections protocol has now been marked as deprecated in favor of DID-Exchange.

To clarify: connection records themselves are not deprecated—they are still fetched and returned the same way. However, if a connection is established using DID-Exchange, the connection_protocol field in the record will now be labeled as didexchange/1.0, instead of connections/1.0.

Issuer & Verifier Image URL in Trust Registry

We’ve introduced an image_url field for both issuers and verifiers in the trust registry, allowing a visual representation to accompany their names. Tenant-admins can now onboard or update actors with an image using the PUT /tenant-admin/{wallet_id} endpoint, enhancing the clarity and recognition of trusted parties in the registry.

Swagger Replaced by Scalar

You will notice that our API Docs have gotten a make-over, as the Swagger OpenAPI documentation interface has been replaced with Scalar. Scalar offers a sleeker, more modern interface for exploring our API documentation. It’s easier to navigate, and we hope you’ll love the new look and feel!


🗑️ Deprecations and 💥 Breaking Changes

Protocol Version Cleanup

With the removal of v1 protocol support, there’s no longer a need to specify a protocol_version in your requests. We now default to v2, simplifying interactions and ensuring the latest features are used.

Deprecation of Old Connections Protocol

The old connections protocol has officially been deprecated. We recommend migrating to the DID-Exchange protocol for all new integrations to benefit from improved DID management and secure connection flows. Please see the Action Required section for more detail.

Webhook Event Changes

As stated in the new features: websocket subscription of webhook events is now removed; bulk fetching using the deprecated /webhooks endpoint is also no longer available; and some of the SSE endpoints mentioned above have been removed.


📝 Documentation Improvements

We’ve added several new and detailed documentation guides to help you get the most out of our platform. These additions provide clear guidance on managing proofs, revocations, and restrictions during verification processes:

  • Self-Attested Proofs: Learn how to handle and process self-attested attributes when responding to proof requests.
  • Predicate Proofs: Detailed guides on using predicates in proofs, allowing verifiers to request conditions on attributes, such as proving someone is over a certain age without revealing the actual value.
  • Revocation: Updated instructions on managing credential revocation, including how to handle revoked credentials during verification and ensure validity using NATS-based event subscriptions.
  • Proof Restrictions: New guidance on applying restrictions to proofs, allowing verifiers to set conditions on attributes, such as schema, issuer, or attribute values.

You can explore these guides in more detail on our public docs page.

👷 Developer Improvements

Kubernetes Native Development with Mise, Kind, and Tilt

We’ve officially migrated away from ./manage up and Docker Compose in favor of a Kubernetes-native setup using Mise, Kind, and Tilt. This powerful combination enables live reloading and a more standardized development environment. Say goodbye to local inconsistencies and embrace a more seamless workflow! 🎉


❗ Action Required

To ensure smooth transitions and compatibility, please review the following:

  • For webhook consumers: If you’re still using SSE or websockets for webhook event subscription, you’ll need to switch to NATS JetStream. Please contact us if you need help with this integration.

  • Connections protocol: Please begin migrating to use the DID-Exchange protocol, as the old one is deprecated. You'll find that the flow is now much simpler: every issuer has a public DID, and a tenant can now connect to them directly in a single call, using the new /connections/did-exchange/create-request endpoint. For connections with verifiers that don't have a public DID, please use the Out-Of-Band protocol instead of the connections protocol. If you need any assistance with this migration, please contact us.

  • Protocol version changes: Please search for where you make use of specifying a protocol_version in the issuer or verifying flows. This field can be removed as it will now have no effect. The v1 protocol is no longer supported, and we now default to using the recommended v2 protocols.

We also recommend regenerating any OpenAPI clients to reflect all the latest changes.


We hope you enjoy the improvements in v4.0.0! If you have any questions or need further assistance, feel free to reach out.


What's Changed

Read more

v3.4.0

03 Sep 11:48
6df55dd
Compare
Choose a tag to compare

v3.4.0 Release Summary

Our latest release is packed with improvements, including an upgrade to ACA-Py's latest v1.0.0 release, together with performance enhancements and new features!

Below are the detailed changes, with recommended actions at the end:

✨ New Features

Pagination with Ordering Support

A key feature in this release is pagination support for fetching tenants, connection records, credential exchange records, and proof records. This allows for improved performance and scalability when working with potentially thousands of tenants or records.

The following query parameters are now available:

  • limit: Specifies the number of records to return.
  • offset: Specifies the starting point for fetching records.
  • descending: Controls the order of results based on the created_at timestamp.

These parameters are supported on the following routes:

  • Tenant-admin API: GET /v1/tenants
  • Tenant API: GET /v1/connections, GET /v1/issuer/credentials, GET /v1/verifier/proofs

By default, results are ordered with descending=true, which returns the most recently created records at the top. Set descending=false to retrieve the oldest records first.

Example usage:

  • GET /v1/tenants?limit=10&descending=false will fetch the oldest 10 tenant records.
  • GET /v1/tenants?limit=10&offset=10&descending=false will return the next 10 records.
  • GET /v1/connections?limit=1 will return the most recently created connection record.

The maximum allowable limit is 10'000, to prevent excessively large fetch queries.

NB: The default behaviour, when limit is not specified, will now return 1'000 records, instead of the previous default of returning all records. This represents a 💥 breaking change for integrations that previously expected all records to be returned in a single call.

Note on Custom Ordering:
Due to encrypted storage, custom ordering during record retrieval is not supported. Therefore, to correctly order by updated_at, for example, all records must be fetched before applying custom ordering in post-processing. We plan to support this in a future release, but for now, clients requiring custom ordering will need to implement it after retrieving all records.

New Query Parameters for Fetching Matching Credentials

The GET /v1/verifier/proofs/{proof_id}/credentials endpoint returns matching credentials for a proof request. Previously the default behaviour would return up to 10 valid credentials. This endpoint now also supports limit and offset query parameters, to benefit from pagination functionality, together with an additional referent query parameter that allows filtering by presentation referent as well.

New Response Model for /revoke Endpoint

The /v1/issuer/credentials/revoke endpoint no longer returns an empty success response (204). Instead, it now returns a RevokedResponse model, providing clearer confirmation of which credential revocation IDs have been successfully published in the request.

New Endpoint: Get Pending Revocations

We’ve introduced a new endpoint, GET /v1/issuer/credentials/get-pending-revocations/{revocation_registry_id}, which allows you to retrieve pending revocations for a given revocation registry ID. This provides better insight into revocation statuses and assists in managing revocation workflows more effectively.

❗ Action Required

To maintain compatibility with the changes in this release, please take the following actions:

  • For the /v1/issuer/credentials/revoke endpoint: Update your integrations to handle the new RevokedResponse model.
  • For pagination: Review and update any usage of the affected endpoints to incorporate limit, offset, and descending parameters as necessary.
    • If you previously expected all records to be returned in a single call, you must now explicitly specify a limit that meets your needs. If your dataset exceeds 10,000 records, fetching all records will require multiple iterative calls.
    • To fetch all records:
      • Begin by calling the endpoint with your desired limit (up to 10,000) and an initial offset of 0.
      • Continue making calls, incrementing the offset by the limit value, until the response is either empty or contains fewer records than the requested limit.

We also recommend regenerating any OpenAPI clients to reflect all the latest changes.


If you have any questions about these changes, please feel free to contact us!


What's Changed

  • ⬆️ Bump docker/build-push-action from 5 to 6 by @dependabot in #849
  • ⬆️ upgrade to latest ACA-Py build by @ff137 in #839
  • Update Helm, Helmfile, and Tailscale by @rblaine95 in #853
  • Create a service for definitions endpoints by @cl0ete in #842
  • ⬆️ Update setuptools requirement from ~=70.1.0 to ~=70.2.0 by @dependabot in #858
  • ⬆️ Update pydantic requirement from ~=2.7.0 to ~=2.8.2 by @dependabot in #859
  • ⬆️ ACA-Py 1.0.0rc4 by @ff137 in #861
  • ⬆️ Bump MishaKav/pytest-coverage-comment from 1.1.51 to 1.1.52 by @dependabot in #852
  • ⬆️ Bump codacy/codacy-analysis-cli-action from 4.4.1 to 4.4.5 by @dependabot in #865
  • ✨ Pagination support for fetching wallets, connections, cred ex and proof records by @ff137 in #850
  • ⬆️ update redis events plugin to latest release by @ff137 in #870
  • Definition routes/services unit tests by @cl0ete in #857
  • ✅ ensure test tenants are deleted upon test failure by @ff137 in #878
  • ✅ adjust sleep durations in tests by @ff137 in #879
  • ✨ better dependency management with Poetry by @ff137 in #863
  • ⬆️ Bulk dependency upgrades by @ff137 in #900
  • 🐛 Fix scanning of redis keys by @ff137 in #898
  • ⬆️ Bump pytest from 8.3.1 to 8.3.2 in /app by @dependabot in #913
  • 👷 K6 by @wdbasson in #897
  • 👷 K6 refactor by @wdbasson in #917
  • 👷 K6 create issuers by @wdbasson in #918
  • 🎨 👷‍♂️ Make Markdownlint happy in k6 readme by @rblaine95 in #920
  • 🎨 👷‍♂️ K6 run Biome Lint and Format by @rblaine95 in #921
  • 🔧 Increase default pagination limit to 1000 and ✅ fix regression tests when fetching many records by @ff137 in #953
  • ⬆️ Bump docker/build-push-action from 5 to 6 by @dependabot in #952
  • ⬆️ Bulk dependency upgrades: black, fastapi, uvicorn, aiohttp by @ff137 in #950
  • 🎨 fix lint warnings by @ff137 in #951
  • ⬆️ Upgrade redis and redis_events plugin dependencies by @ff137 in #956
  • Revoc reg size by @wdbasson in #958
  • 👷 Increase deploy timeout by @wdbasson in #960
  • ✅ Add self_attested_attributes e2e test by @cl0ete in #922
  • 🩹 Remove _backfill_events method from webhooks service startup by @ff137 in #961
  • 🩹 Increase expiry time of redis webhook event locks by @ff137 in #963
  • ✅ K6 cred def by @wdbasson in #974
  • ⬆️ Upgrade dependencies: aiohttp, orjson, pyjwt, pyyaml by @ff137 in #973
  • Configure global concurrency by @wdbasson in #976
  • 🩹 Increase issuer-endorser connection timeout to 15s by @wdbasson in #964
  • ✅ fix regression tests when fetching "trust registry" connections by @ff137 in #975
  • ⚡✅ Add pytest-xdist to pytest container by @wdbasson in #977
  • ✅ Ensure e2e test resources are always cleaned up by @ff137 in #981
  • 🎨 Ensure appropriate log levels for a production context by @ff137 in #980
  • 🧑‍💻 Remove patch proxy CICD logic by @wdbasson in #979
  • ✅ fix test to work with pytest-xdist by @ff137 in #98...
Read more

v3.3.2-0.12.1

29 Jul 12:08
Compare
Choose a tag to compare
v3.3.2-0.12.1 Pre-release
Pre-release