Merge remote-tracking branch 'origin/0.12.lts' into feat/indy-besu-cpqd

Author: thiagoromanos

.github/workflows/blackformat.yml

@@ -17,4 +17,4 @@ jobs:
       - name: Black Code Formatter Check
         # The version of black should be adjusted at the same time dev
         # dependencies are updated.
-        uses: psf/black@24.4.0
+        uses: psf/black@24.4.2

.github/workflows/publish.yml

@@ -51,12 +51,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref || '' }}
-
-      - name: Gather image info
-        id: info
-        run: |
-          echo "repo-owner=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_OUTPUT
-
       - name: Cache Docker layers
         uses: actions/cache@v4
         with:
@@ -72,15 +66,15 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: hyperledger
+          password: ${{ secrets.HYPERLEDGER_GHCR_PAT }}
 
       - name: Setup Image Metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: |
-            ghcr.io/${{ steps.info.outputs.repo-owner }}/aries-cloudagent-python
+            ghcr.io/hyperledger/aries-cloudagent-python
           tags: |
             type=raw,value=py${{ matrix.python-version }}-${{ inputs.tag || github.event.release.tag_name }}
 

.github/workflows/pythonpublish.yml

@@ -7,20 +7,25 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/aries-cloudagent
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.x"
-      - name: Install dependencies
+          python-version: "3.9"
+      - name: Install build and publish dependencies
         run: |
           python -m pip install --upgrade pip
           pip install setuptools wheel twine poetry
       - name: Build and publish
-        env:
-          TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
         run: |
           poetry build
-          twine upload dist/*
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          password: ${{ secrets.PYPI_HYPERLEDGER }}

.pre-commit-config.yaml

@@ -19,3 +19,6 @@ repos:
       - id: ruff
         stages: [commit]
         args: [--fix, --exit-non-zero-on-fix]
+      # Run the formatter
+      - id: ruff-format
+        stages: [commit]

CHANGELOG.md

@@ -1,16 +1,122 @@
 # Aries Cloud Agent Python Changelog
 
-## 0.12.1rc1
+## 0.12.6
+
+### March 13, 2025
+
+This patch release addresses a bug in the handling connection reuse in multitenancy environments. This is a backport of the PR [fix: connection reuse with multi-tenancy #3543](https://github.com/openwallet-foundation/acapy/pull/3543). This fixes the issue when using multi-tenancy, calls to `POST /out-of-band/receive-invitation?use_existing_connection=true` failing with a record not found error, despite connection reuse actually being completed in the background.
+
+### 0.12.6 Breaking Changes
+
+There are no breaking changes in this release.
+
+#### 0.12.6 Categorized List of Pull Requests
+
+- Multitenancy Fixes
+  - fix: cherry-pick fixes from main to 0.12.lts [\#3578](https://github.com/openwallet-foundation/acapy/pull/3578) [thiagoromanos](https://github.com/thiagoromanos)
+
+- Release management pull requests:
+  - 0.12.6 [\#3583](https://github.com/openwallet-foundation/acapy/pull/3583) [swcurran](https://github.com/swcurran)
+
+## 0.12.5
+
+### March 6, 2025
+
+This patch release addresses a bug in the publishing of AnonCreds revocation entries that caused the ledger and issuer wallet to become out of sync. As a result, revoked credentials were not being correctly flagged as revoked when presented. Previously, this issue was mitigated by an automatic “sync-revocation” process, which generally resolved the problem. However, we recently identified scenarios where the presence of an Indy Endorser in the revocation publication flow caused the “sync-revocation” process to fail silently.
+
+This patch resolves that issue. Once applied, if a revocation batch results in an out-of-sync state, the “sync-revocation” process will automatically run to correct it.
+
+For more details, see [Issue 3546](https://github.com/openwallet-foundation/acapy/issues/3546).
+
+### 0.12.5 Breaking Changes
+
+There are no breaking changes in this release.
+
+#### 0.12.5 Categorized List of Pull Requests
+
+- AnonCreds Revocation Fixes
+  - 0.12.lts Patch the fix_ledger_entry improvements [\#3558](https://github.com/openwallet-foundation/acapy/pull/3558) [jamshale](https://github.com/jamshale)
+  - 0.12.lts Fix revocation accum sync when endorsement txn fails (#3547) [\#3554](https://github.com/openwallet-foundation/acapy/pull/3554) [jamshale](https://github.com/jamshale)
+
+- Release management pull requests:
+  - 0.12.5 [\#3560](https://github.com/openwallet-foundation/acapy/pull/3560) [swcurran](https://github.com/swcurran)
+
+## 0.12.4
+
+### January 30, 2025
+
+A patch release to upgrade [Askar](https://github.com/openwallet-foundation/askar) to [0.4.3](https://github.com/openwallet-foundation/askar/releases/tag/v0.4.3) and fixes a problem with wallet names in a multitenant, single-wallet configuration.
+
+Addresses the problem outlined in [#3471](https://github.com/openwallet-foundation/acapy/issues/3471) around profiles in multi-tenant/single wallet deployments. The update to Askar addresses an intermittent hang on startup, and a dependency change that can result in a substantial performance improvement in some cases. See issues: [openwallet-foundation/askar#350](https://github.com/openwallet-foundation/askar/pull/350), [openwallet-foundation/askar#351](https://github.com/openwallet-foundation/askar/pull/351), [openwallet-foundation/askar#354](https://github.com/openwallet-foundation/askar/pull/354). This [comment on one of the PRs](https://github.com/openwallet-foundation/askar/pull/350#issuecomment-2615727109) describes the scenario where a substantial performance improvement was seen as a result of the change in Askar.
+
+### 0.12.4 Breaking Changes
+
+There are no breaking changes in this release.
+
+#### 0.12.4 Categorized List of Pull Requests
+
+- Multitenant Single Wallet Configurations
+  - 0.12 LTS: Askar upgrade and fix profile unique names [\#3475](https://github.com/openwallet-foundation/acapy/pull/3475)
+- Release management pull requests
+  - 0.12.4 [\#3481](https://github.com/hyperledger/aries-cloudagent-python/pull/3481) [swcurran](https://github.com/swcurran)
+
+## 0.12.3
+
+### December 17, 2024
+
+A patch release to add address a bug found in the Linked Data Verifiable Credential handling for multi-tenant holders. The bug was fixed in the main branch, [PR 3391 - BREAKING: VCHolder multitenant binding](https://github.com/openwallet-foundation/acapy/pull/3391), and with this release is backported to 0.12 Long Term Support branch. Prior to this release, holder credentials received into a tenant wallet were actually received into the multi-tenant admin wallet.
+
+### 0.12.3 Breaking Changes
+
+There are no breaking changes in this release.
+
+#### 0.12.3 Categorized List of Pull Requests
+
+- Multitenant LD-VC Holders
+  - Patch PR 3391 - 0.12.lts [\#3396](https://github.com/openwallet-foundation/acapy/pull/3396)
+- Release management pull requests
+  - 0.12.3 [\#3408](https://github.com/hyperledger/aries-cloudagent-python/pull/3408) [swcurran](https://github.com/swcurran)
+  - 0.12.3rc0 [\#3406](https://github.com/hyperledger/aries-cloudagent-python/pull/3406) [swcurran](https://github.com/swcurran)
+
+## 0.12.2
+
+### August 2, 2024
+
+A patch release to add the verification of a linkage between an inbound message and its associated connection (if any) before processing the message. Also adds some additional cleanup/fix PRs from the main branch (see list below) that might be useful for deployments currently using [Release 0.12.1](#0121) or [0.12.0](#0120).
+
+### 0.12.2 Breaking Changes
+
+There are no breaking changes in this release.
+
+#### 0.12.2 Categorized List of Pull Requests
+
+- Dependency update and release PR
+  - [ PATCH ] 0.12.x with PR 3081 terse webhooks [\#3141](https://github.com/hyperledger/aries-cloudagent-python/pull/3141) [jamshale](https://github.com/jamshale)
+  - Patch release 0.12.x [\#3121](https://github.com/hyperledger/aries-cloudagent-python/pull/3121) [jamshale](https://github.com/jamshale)
+- Release management pull requests
+  - 0.12.2 [\#3145](https://github.com/hyperledger/aries-cloudagent-python/pull/3145) [swcurran](https://github.com/swcurran)
+  - 0.12.2rc1 [\#3123](https://github.com/hyperledger/aries-cloudagent-python/pull/3123) [swcurran](https://github.com/swcurran)
+- PRs cherry-picked into [\#3121](https://github.com/hyperledger/aries-cloudagent-python/pull/3120) from the `main` branch:
+  - fix: multiuse invites with did peer 4 [\#3112](https://github.com/hyperledger/aries-cloudagent-python/pull/3112) [dbluhm](https://github.com/dbluhm)
+  - Check connection is ready in all connection required handlers [\#3095](https://github.com/hyperledger/aries-cloudagent-python/pull/3095) [jamshale](https://github.com/jamshale)
+  - Add by_format to terse webhook for presentations [\#3081](https://github.com/hyperledger/aries-cloudagent-python/pull/3081) [ianco](https://github.com/ianco)
+  - fix: respond to did:peer:1 with did:peer:4 [\#3050](https://github.com/hyperledger/aries-cloudagent-python/pull/3050) [dbluhm](https://github.com/dbluhm)
+  - feat: soft binding for plugin flexibility [\#3010](https://github.com/hyperledger/aries-cloudagent-python/pull/3010) [dbluhm](https://github.com/dbluhm)
+  - feat: inject profile and session [\#2997](https://github.com/hyperledger/aries-cloudagent-python/pull/2997) [dbluhm](https://github.com/dbluhm)
+  - feat: external signature suite provider interface [\#2835](https://github.com/hyperledger/aries-cloudagent-python/pull/2835) [dbluhm](https://github.com/dbluhm)
+  - fix(interop): overly strict validation [\#2943](https://github.com/hyperledger/aries-cloudagent-python/pull/2943) [dbluhm](https://github.com/dbluhm)
+
+## 0.12.1
 
 ### April 26, 2024
 
-Release 0.12.1rc1 is a small patch to cleanup some edge case issues in the handling of Out of Band invitations, revocation notification webhooks, and connection querying uncovered after the 0.12.0 release. Fixes and improvements were also made to the generation of ACA-Py's OpenAPI specifications.
+Release 0.12.1 is a small patch to cleanup some edge case issues in the handling of Out of Band invitations, revocation notification webhooks, and connection querying uncovered after the 0.12.0 release. Fixes and improvements were also made to the generation of ACA-Py's OpenAPI specifications.
 
-### 0.12.1rc1 Breaking Changes
+### 0.12.1 Breaking Changes
 
 There are no breaking changes in this release.
 
-#### 0.12.1rc1 Categorized List of Pull Requests
+#### 0.12.1 Categorized List of Pull Requests
 
 - Out of Band Invitations and Connection Establishment updates/fixes:
   - 🐛 Fix ServiceDecorator parsing in oob record handling [\#2910](https://github.com/hyperledger/aries-cloudagent-python/pull/2910) [ff137](https://github.com/ff137)
@@ -40,6 +146,7 @@ There are no breaking changes in this release.
   - Update GHA so that broken image links work on docs site - without breaking them on GitHub [\#2852](https://github.com/hyperledger/aries-cloudagent-python/pull/2852) [swcurran](https://github.com/swcurran)
 
 - Dependencies and Internal Updates:
+  - chore(deps): Bump psf/black from 24.4.0 to 24.4.2 in the all-actions group [\#2924](https://github.com/hyperledger/aries-cloudagent-python/pull/2924) [dependabot bot](https://github.com/dependabot bot)
   - fix: fixes a regression that requires a log file in multi-tenant mode [\#2918](https://github.com/hyperledger/aries-cloudagent-python/pull/2918) [amanji](https://github.com/amanji)
   - Update AnonCreds to 0.2.2 [\#2917](https://github.com/hyperledger/aries-cloudagent-python/pull/2917) [swcurran](https://github.com/swcurran)
   - chore(deps): Bump aiohttp from 3.9.3 to 3.9.4  dependencies python [\#2902](https://github.com/hyperledger/aries-cloudagent-python/pull/2902) [dependabot bot](https://github.com/dependabot bot)
@@ -49,6 +156,7 @@ There are no breaking changes in this release.
   - refactor: logging configs setup [\#2870](https://github.com/hyperledger/aries-cloudagent-python/pull/2870) [amanji](https://github.com/amanji)
 
 - Release management pull requests:
+  - 0.12.1 [\#2926](https://github.com/hyperledger/aries-cloudagent-python/pull/2926) [swcurran](https://github.com/swcurran)
   - 0.12.1rc1 [\#2921](https://github.com/hyperledger/aries-cloudagent-python/pull/2921) [swcurran](https://github.com/swcurran)
   - 0.12.1rc0 [\#2912](https://github.com/hyperledger/aries-cloudagent-python/pull/2912) [swcurran](https://github.com/swcurran)
 

aries_cloudagent/admin/request_context.py

@@ -21,13 +21,13 @@ def __init__(
         self,
         profile: Profile,
         *,
-        context: InjectionContext = None,
-        settings: Mapping[str, object] = None,
-        root_profile: Profile = None,
-        metadata: dict = None
+        context: Optional[InjectionContext] = None,
+        settings: Optional[Mapping[str, object]] = None,
+        root_profile: Optional[Profile] = None,
+        metadata: Optional[dict] = None
     ):
         """Initialize an instance of AdminRequestContext."""
-        self._context = (context or profile.context).start_scope("admin", settings)
+        self._context = (context or profile.context).start_scope(settings)
         self._profile = profile
         self._root_profile = root_profile
         self._metadata = metadata
@@ -72,7 +72,7 @@ def transaction(self) -> ProfileSession:
     def inject(
         self,
         base_cls: Type[InjectType],
-        settings: Mapping[str, object] = None,
+        settings: Optional[Mapping[str, object]] = None,
     ) -> InjectType:
         """Get the provided instance of a given class identifier.
 
@@ -89,7 +89,7 @@ def inject(
     def inject_or(
         self,
         base_cls: Type[InjectType],
-        settings: Mapping[str, object] = None,
+        settings: Optional[Mapping[str, object]] = None,
         default: Optional[InjectType] = None,
     ) -> Optional[InjectType]:
         """Get the provided instance of a given class identifier or default if not found.
@@ -111,7 +111,7 @@ def update_settings(self, settings: Mapping[str, object]):
 
     @classmethod
     def test_context(
-        cls, session_inject: dict = None, profile: Profile = None
+        cls, session_inject: Optional[dict] = None, profile: Optional[Profile] = None
     ) -> "AdminRequestContext":
         """Quickly set up a new admin request context for tests."""
         ctx = AdminRequestContext(profile or IN_MEM.resolved.test_profile())

aries_cloudagent/askar/profile.py

@@ -55,7 +55,7 @@ def __init__(
     @property
     def name(self) -> str:
         """Accessor for the profile name."""
-        return self.opened.name
+        return self.profile_id or self.opened.name
 
     @property
     def store(self) -> Store:
@@ -114,11 +114,11 @@ def bind_providers(self):
                 "aries_cloudagent.indy.credx.issuer.IndyCredxIssuer", ref(self)
             ),
         )
-        injector.bind_provider(
+        injector.soft_bind_provider(
             VCHolder,
             ClassProvider(
                 "aries_cloudagent.storage.vc_holder.askar.AskarVCHolder",
-                ref(self),
+                ClassProvider.Inject(Profile),
             ),
         )
         if (

aries_cloudagent/askar/profile_anon.py

@@ -62,7 +62,7 @@ def __init__(
     @property
     def name(self) -> str:
         """Accessor for the profile name."""
-        return self.opened.name
+        return self.profile_id or self.opened.name
 
     @property
     def store(self) -> Store:

aries_cloudagent/config/injection_context.py

@@ -21,12 +21,14 @@ class InjectionContext(BaseInjector):
     ROOT_SCOPE = "application"
 
     def __init__(
-        self, *, settings: Mapping[str, object] = None, enforce_typing: bool = True
+        self,
+        *,
+        settings: Optional[Mapping[str, object]] = None,
+        enforce_typing: bool = True
     ):
         """Initialize a `ServiceConfig`."""
         self._injector = Injector(settings, enforce_typing=enforce_typing)
         self._scope_name = InjectionContext.ROOT_SCOPE
-        self._scopes = []
 
     @property
     def injector(self) -> Injector:
@@ -38,16 +40,6 @@ def injector(self, injector: Injector):
         """Setter for scope-specific injector."""
         self._injector = injector
 
-    @property
-    def scope_name(self) -> str:
-        """Accessor for the current scope name."""
-        return self._scope_name
-
-    @scope_name.setter
-    def scope_name(self, scope_name: str):
-        """Accessor for the current scope name."""
-        self._scope_name = scope_name
-
     @property
     def settings(self) -> Settings:
         """Accessor for scope-specific settings."""
@@ -64,7 +56,7 @@ def update_settings(self, settings: Mapping[str, object]):
             self.injector.settings.update(settings)
 
     def start_scope(
-        self, scope_name: str, settings: Optional[Mapping[str, object]] = None
+        self, settings: Optional[Mapping[str, object]] = None
     ) -> "InjectionContext":
         """Begin a new named scope.
 
@@ -76,39 +68,15 @@ def start_scope(
             A new injection context representing the scope
 
         """
-        if not scope_name:
-            raise InjectionContextError("Scope name must be non-empty")
-        if self._scope_name == scope_name:
-            raise InjectionContextError("Cannot re-enter scope: {}".format(scope_name))
-        for scope in self._scopes:
-            if scope.name == scope_name:
-                raise InjectionContextError(
-                    "Cannot re-enter scope: {}".format(scope_name)
-                )
         result = self.copy()
-        result._scopes.append(Scope(name=self.scope_name, injector=self.injector))
-        result._scope_name = scope_name
         if settings:
             result.update_settings(settings)
         return result
 
-    def injector_for_scope(self, scope_name: str) -> Injector:
-        """Fetch the injector for a specific scope.
-
-        Args:
-            scope_name: The unique scope identifier
-        """
-        if scope_name == self.scope_name:
-            return self.injector
-        for scope in self._scopes:
-            if scope.name == scope_name:
-                return scope.injector
-        return None
-
     def inject(
         self,
         base_cls: Type[InjectType],
-        settings: Mapping[str, object] = None,
+        settings: Optional[Mapping[str, object]] = None,
     ) -> InjectType:
         """Get the provided instance of a given class identifier.
 
@@ -125,7 +93,7 @@ def inject(
     def inject_or(
         self,
         base_cls: Type[InjectType],
-        settings: Mapping[str, object] = None,
+        settings: Optional[Mapping[str, object]] = None,
         default: Optional[InjectType] = None,
     ) -> Optional[InjectType]:
         """Get the provided instance of a given class identifier or default if not found.
@@ -145,5 +113,4 @@ def copy(self) -> "InjectionContext":
         """Produce a copy of the injector instance."""
         result = copy.copy(self)
         result._injector = self.injector.copy()
-        result._scopes = self._scopes.copy()
         return result