[pull] main from openwallet-foundation:main

.devcontainer/Dockerfile

@@ -2,7 +2,7 @@
 ARG VARIANT="3.12"
 FROM mcr.microsoft.com/devcontainers/python:${VARIANT}
 
-ARG POETRY_VERSION="1.4"
+ARG POETRY_VERSION="1.8.3"
 ENV POETRY_HOME="/opt/poetry" \
     POETRY_VERSION=${POETRY_VERSION}
 
@@ -17,5 +17,5 @@ RUN curl -sSL https://install.python-poetry.org | python3 - \
 
 COPY pyproject.toml poetry.lock ./
 RUN poetry config virtualenvs.create false \
-    && poetry install --no-root --no-interaction -E "askar didcommv2" \
+    && poetry install --no-root --no-interaction -E "didcommv2" \
     && rm -rf /root/.cache/pypoetry

.github/workflows/bdd-integration-tests.yml

@@ -38,6 +38,7 @@ jobs:
               - acapy_agent/**/*
               - poetry.lock
               - pyproject.toml
+              - docker/*
             demo: "demo/**/*"
       - name: Check if demo or src files changed
         id: check-if-demo-or-src-changed

.github/workflows/bdd-interop-tests.yml

@@ -38,6 +38,7 @@ jobs:
               - acapy_agent/**/*
               - poetry.lock
               - pyproject.toml
+              - docker/*
       - name: Check if src files changed
         id: check-if-src-changed
         run: |

.github/workflows/format.yml

@@ -17,5 +17,5 @@ jobs:
       - name: Ruff Format and Lint Check
         uses: chartboost/ruff-action@v1
         with:
-          version: 0.8.0
+          version: 0.9.2
           args: "format --check"

.github/workflows/snyk-lts.yml

@@ -5,8 +5,9 @@ on:
     # These branches represent the LTS releases
     branches:
       - 0.12.lts
-      - 0.11.lts
+      - 1.2.lts
     paths:
+      - aries_cloudagent/**
       - acapy_agent/**
       - docker/**
 

.pre-commit-config.yaml

@@ -8,7 +8,7 @@ repos:
         additional_dependencies: ['@commitlint/config-conventional']
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ensure this is synced with pyproject.toml
-    rev: v0.8.1
+    rev: v0.9.2
     hooks:
       # Run the linter
       - id: ruff

Managing-ACA-Py-Doc-Site.md

@@ -20,7 +20,7 @@ and mkdocs configuration.
 
 When the GitHub Action fires, it runs a container that carries out the following steps:
 
-- Checks out the triggering branch, either `main` or `docs-v<version>` (e.g `docs-v1.1.1`).
+- Checks out the triggering branch, either `main` or `docs-v<version>` (e.g `docs-v1.2.1`).
 - Runs the script [scripts/prepmkdocs.sh], which moves and updates some of the
   markdown files so that they fit into the generated site. See the comments in
   the scripts for details about the copying and editing done via the script. In
@@ -97,39 +97,10 @@ To delete the documentation version, do the following:
 - Check your `git status` and make sure there are no changes in the branch --
   e.g., new files that shouldn't be added to the `gh-pages` branch. If there are
   any -- delete the files so they are not added.
-- Remove the folder for the RC.  For example `rm -rf 1.1.1rc0`
+- Remove the folder for the RC.  For example `rm -rf 1.2.1rc0`
 - Edit the `versions.json` file and remove the reference to the RC release in
   the file.
 - Push the changes via a PR to the ACA-Py `gh-pages` branch (don't PR them into
   `main`!!).
 - Merge the PR and verify (after a few minutes) that the drop down no longer has
   the RC in it.
-
-## Adding new 0.11.x Releases
-
-The automatic generation process from ACA-Py started with release 0.12.0.
-Unfortunately, we declared release 0.11.x to be an Long Term Support version and
-so we still need to add 0.11.x version documentation to the generated site.
-Here's the (lousy) process to do this. Typically, [swcurran] will do this and no
-one else needs to worry about it. But for completeness, here is the process:
-
-- Follow the instructions in the [aries-acapy-docs] repository to generate and
-  publish the documentation site for the new 0.11.x version.
-- Have a local copy of the [aries-acapy-docs] repository. In that repo, run `git
-  checkout -b gh-pages --track upstream/gh-pages` to checkout a local copy of
-  the generated pages from that repo.
-- In ACA-Py, run `git checkout -b gh-pages --track upstream/gh-pages` to create
-  a local branch from which you will push a PR.
-- Copy the v0.11.x folder from [aries-acapy-docs] local to a new 0.11.x folder
-  in the ACA-Py local. Note the "v" that is on the folder in [aries-acapy-docs],
-  but not in ACA-Py.
-- Edit the `versions.json` file to add the 0.11.x reference into the file.
-- Push the changes via a PR to the ACA-Py `gh-pages` branch (don't PR them into
-  `main`!!).
-- Merge the PR and verify (after a few minutes) that the drop down includes the
-  0.11.x version.
-
-Ugly! The LTS for 0.11 ends in January 2025 and this process can be dropped.
-
-[swcurran]: https://github.com/swcurran
-[aries-acapy-docs]: https://github.com/hyperledger/aries-acapy-docs

PUBLISHING.md

@@ -6,7 +6,7 @@ a major, minor or patch release, per [semver](https://semver.org/) rules.
 
 Once ready to do a release, create a local branch that includes the following updates:
 
-1. Create a local PR branch from an updated `main` branch, e.g. "1.1.1".
+1. Create a local PR branch from an updated `main` branch, e.g. "1.2.1".
 
 2. See if there are any Document Site `mkdocs` changes needed. Run the script
    `./scripts/prepmkdocs.sh; mkdocs`. Watch the log, noting particularly if
@@ -78,17 +78,17 @@ Once you have the list of PRs:
 - Check the dates in the `dependabot` URL to make sure the full period between the previous non-RC release to the date of the non-RC release you are preparing.
 - Include a PR in the list for this soon-to-be PR, initially with the "next to be issued" number for PRs/Issues. At the end output of the script is the highest numbered PR and issue. Your PR will be one higher than the highest of those two numbers. Note that you still might have to correct the number after you create the PR if someone sneaks an issue or PR in before you submit your PR.
 
-1. Check to see if there are any other PRs that should be included in the release.
+5. Check to see if there are any other PRs that should be included in the release.
 
-2. Update the ReadTheDocs in the `/docs` folder by following the instructions in
+6. Update the ReadTheDocs in the `/docs` folder by following the instructions in
    the `docs/UpdateRTD.md` file. That will likely add a number of new and modified
    files to the PR. Eliminate all of the errors in the generation process,
    either by mocking external dependencies or by fixing ACA-Py code. If
    necessary, create an issue with the errors and assign it to the appropriate
    developer. Experience has demonstrated to use that documentation generation
    errors should be fixed in the code.
 
-3. Search across the repository for the previous version number and update it
+7. Search across the repository for the previous version number and update it
    everywhere that makes sense. The CHANGELOG.md entry for the previous release
    is a likely exception, and the `pyproject.toml` in the root **MUST** be
    updated. You can skip (although it won't hurt) to update the files in the
@@ -101,28 +101,28 @@ Once you have the list of PRs:
    have dropped the previously used `-` in the release candidate version string
    to better follow the semver rules.
 
-4. Regenerate openapi.json and swagger.json by running
+8. Regenerate openapi.json and swagger.json by running
    `scripts/generate-open-api-spec` from within the `acapy_agent` folder.
 
    Command: `cd acapy_agent;../scripts/generate-open-api-spec;cd ..`
 
    Folders may not be cleaned up by the script, so the following can be run, likely with `sudo` -- `rm -rf open-api/.build`. The folder is `.gitignore`d, so there is not a danger they will be pushed, even if they are not deleted.
 
-5.  Double check all of these steps above, and then submit a PR from the branch.
+9.  Double check all of these steps above, and then submit a PR from the branch.
    Add this new PR to CHANGELOG.md so that all the PRs are included.
    If there are still further changes to be merged, mark the PR as "Draft",
    repeat **ALL** of the steps again, and then mark this PR as ready and then
    wait until it is merged. It's embarrassing when you have to do a whole new
    release just because you missed something silly...I know!
 
-6.    Immediately after it is merged, create a new GitHub tag representing the
+10.    Immediately after it is merged, create a new GitHub tag representing the
    version. The tag name and title of the release should be the same as the
    version in [pyproject.toml](https://github.com/openwallet-foundation/acapy/tree/main/pyproject.toml). Use
    the "Generate Release Notes" capability to get a sequential listing of the
    PRs in the release, to complement the manually curated Changelog. Verify on
    PyPi that the version is published.
 
-7.     New images for the release are automatically published by the GitHubAction
+11.     New images for the release are automatically published by the GitHubAction
    Workflows: [publish.yml] and [publish-indy.yml]. The actions are triggered
    when a release is tagged, so no manual action is needed. The images are
    published in the [OpenWallet Foundation Package Repository under
@@ -139,8 +139,8 @@ Once you have the list of PRs:
 [publish.yml]: https://github.com/openwallet-foundation/acapy/blob/main/.github/workflows/publish.yml
 [publish-indy.yml]: https://github.com/openwallet-foundation/acapy/blob/main/.github/workflows/publish-indy.yml
 
-1.   When a new release is tagged, create a new branch at the same commit with
-    the branch name in the format `docs-v<version>`, for example, `docs-v1.1.1`.
+12.   When a new release is tagged, create a new branch at the same commit with
+    the branch name in the format `docs-v<version>`, for example, `docs-v1.2.1`.
     The creation of the branch triggers the execution of the [publish-docs]
     GitHub Action which generates the documentation for the new release,
     publishing it at [https://aca-py.org]. The GitHub Action also executes when

README.md

@@ -1,16 +1,17 @@
 # ACA-Py -- A Cloud Agent - Python  <!-- omit in toc -->
 
-🚨 **ACA-Py is transitioning to the [OpenWallet Foundation] (OWF)!** 🚨
+🚨 **ACA-Py is part of the [OpenWallet Foundation] (OWF)!** 🚨
 
 [OpenWallet Foundation]: https://openwallet.foundation/
 
-We’re excited to announce that the ACA-Py project has moved to the OWF's GitHub organization as the [new "acapy" project](https://github.com/openwallet-foundation/project-proposals/blob/main/projects/aca-py.md).
+The move of ACA-Py to the OWF is now complete. If you haven't done so already, please update your ACA-Py deployment to use:
 
-For details on what this means for ACA-Py users, including steps for updating deployments, please follow the updates in [GitHub Issue #3250]. We'll keep you informed about how to update your deployment to reflect this change. Stay tuned!
-
-[GitHub Issue #3250]: https://github.com/openwallet-foundation/acapy/issues/3250
+- the [ACA-Py OWF repository](https://github.com/openwallet-foundation/acapy),
+- the new [acapy-agent in PyPi](https://pypi.org/project/acapy-agent/), and
+- the container images for ACA-Py hosted by the OpenWallet Foundation GitHub organization within the GitHub Container Repository (GHCR).
 
 <p float="left">
+  <a href="https://scorecard.dev/viewer/?uri=github.com/openwallet-foundation/acapy"><img src="https://api.scorecard.dev/projects/github.com/openwallet-foundation/acapy/badge" />
   <a href="https://pypi.org/project/acapy-agent/"><img src="https://img.shields.io/pypi/v/acapy-agent" width="100" height="20" />
   <img src="https://sonarcloud.io/images/project_badges/sonarcloud-white.svg" width="120" height="20" />
   <img src="https://sonarcloud.io/api/project_badges/measure?project=openwallet-foundation_acapy&metric=coverage" width="120"  height="20" />
@@ -50,10 +51,14 @@ the active LTS releases. Each LTS release will be supported with patches for **9
 months** following the designation of the **next** LTS Release. For more details see
 the [LTS strategy](./LTS-Strategy.md).
 
-Current LTS releases are:
+Current LTS releases:
+
+- Release [1.2](https://github.com/openwallet-foundation/acapy/releases/tag/1.2.1) **Current LTS Release**
+- Release [0.12](https://github.com/openwallet-foundation/acapy/releases/tag/0.12.3) **End of Life: October 2025**
+
+Past LTS releases:
 
-- [0.12](https://github.com/openwallet-foundation/acapy/releases/tag/0.12.1) **Current LTS Release**
-- [0.11](https://github.com/openwallet-foundation/acapy/releases/tag/0.11.1) **End of Life: January 2025**
+- Release [0.11](https://github.com/openwallet-foundation/acapy/releases/tag/0.11.3) **End of Life: January 2025**
 
 Unless specified in the **Breaking Changes** section of the ACA-Py
 [CHANGELOG](./CHANGELOG.md), all LTS patch releases will be able to be deployed

acapy_agent/admin/decorators/auth.py

@@ -2,7 +2,7 @@
 
 import functools
 import re
-from typing import Optional, Pattern
+from typing import List, Optional, Pattern
 
 from aiohttp import web
 
@@ -65,8 +65,12 @@ async def tenant_auth(request):
         )
         insecure_mode = bool(profile.settings.get("admin.admin_insecure_mode"))
         multitenant_enabled = profile.settings.get("multitenant.enabled")
+        base_wallet_routes = profile.settings.get("multitenant.base_wallet_routes")
         base_wallet_allowed_route = _base_wallet_route_access(
-            profile.settings.get("multitenant.base_wallet_routes"), request.path
+            [base_wallet_routes]
+            if isinstance(base_wallet_routes, str)
+            else base_wallet_routes,
+            request.path,
         )
 
         # CORS fix: allow OPTIONS method access to paths without a token
@@ -88,19 +92,22 @@ async def tenant_auth(request):
     return tenant_auth
 
 
-def _base_wallet_route_access(additional_routes: str, request_path: str) -> bool:
+def _base_wallet_route_access(additional_routes: List[str], request_path: str) -> bool:
     """Check if request path matches additional routes."""
-    additional_routes_pattern = _build_additional_routes_pattern(additional_routes)
+    additional_routes_pattern = (
+        _build_additional_routes_pattern(additional_routes) if additional_routes else None
+    )
     return _matches_additional_routes(additional_routes_pattern, request_path)
 
 
-def _build_additional_routes_pattern(pattern_string: str) -> Optional[Pattern]:
+def _build_additional_routes_pattern(pattern_list: List[str]) -> Optional[Pattern]:
     """Build pattern from space delimited list of paths."""
     # create array and add word boundary to avoid false positives
-    if pattern_string:
-        paths = pattern_string.split(" ")
-        return re.compile("^((?:)" + "|".join(paths) + ")$")
-    return None
+    all_paths = []
+    for pattern in pattern_list:
+        paths = pattern.split(" ")
+        all_paths = all_paths + paths
+    return re.compile("^((?:)" + "|".join(all_paths) + ")$")
 
 
 def _matches_additional_routes(pattern: Pattern, path: str) -> bool:

acapy_agent/admin/tests/test_auth.py

@@ -134,8 +134,25 @@ async def test_multi_tenant_valid_auth_header(self):
         await decor_func(self.request)
         self.decorated_handler.assert_called_once_with(self.request)
 
-    async def test_base_wallet_additional_route_allowed(self):
-        self.profile.settings["multitenant.base_wallet_routes"] = "/extra-route"
+    async def test_base_wallet_additional_route_allowed_string(self):
+        self.profile.settings["multitenant.base_wallet_routes"] = (
+            "/not-this-route /extra-route"
+        )
+        self.request = mock.MagicMock(
+            __getitem__=lambda _, k: self.request_dict[k],
+            headers={"x-api-key": "admin_api_key"},
+            method="POST",
+            path="/extra-route",
+        )
+        decor_func = tenant_authentication(self.decorated_handler)
+        await decor_func(self.request)
+        self.decorated_handler.assert_called_once_with(self.request)
+
+    async def test_base_wallet_additional_route_allowed_list(self):
+        self.profile.settings["multitenant.base_wallet_routes"] = [
+            "/extra-route",
+            "/not-this-route",
+        ]
         self.request = mock.MagicMock(
             __getitem__=lambda _, k: self.request_dict[k],
             headers={"x-api-key": "admin_api_key"},

acapy_agent/anoncreds/base.py

@@ -16,6 +16,7 @@
     RevRegDefResult,
 )
 from .models.schema import AnonCredsSchema, GetSchemaResult, SchemaResult
+from .models.schema_info import AnoncredsSchemaInfo
 
 T = TypeVar("T")
 
@@ -130,9 +131,15 @@ async def get_revocation_list(
     ) -> GetRevListResult:
         """Get a revocation list from the registry."""
 
+    @abstractmethod
+    async def get_schema_info_by_id(
+        self, profile: Profile, schema_id: str
+    ) -> AnoncredsSchemaInfo:
+        """Get a schema info from the registry."""
+
 
 class BaseAnonCredsRegistrar(BaseAnonCredsHandler):
-    """Base Anon Creds Registrar."""
+    """Base Anoncreds Registrar."""
 
     @abstractmethod
     async def register_schema(

acapy_agent/anoncreds/default/did_indy/registry.py

@@ -17,6 +17,7 @@
     RevRegDefResult,
 )
 from ...models.schema import AnonCredsSchema, GetSchemaResult, SchemaResult
+from ...models.schema_info import AnoncredsSchemaInfo
 
 LOGGER = logging.getLogger(__name__)
 
@@ -118,3 +119,9 @@ async def update_revocation_list(
     ) -> RevListResult:
         """Update a revocation list on the registry."""
         raise NotImplementedError()
+
+    async def get_schema_info_by_id(
+        self, profile: Profile, schema_id: str
+    ) -> AnoncredsSchemaInfo:
+        """Get a schema info from the registry."""
+        return await super().get_schema_info_by_id(schema_id)

acapy_agent/anoncreds/default/did_web/registry.py

@@ -16,6 +16,7 @@
     RevRegDefResult,
 )
 from ...models.schema import AnonCredsSchema, GetSchemaResult, SchemaResult
+from ...models.schema_info import AnoncredsSchemaInfo
 
 
 class DIDWebRegistry(BaseAnonCredsResolver, BaseAnonCredsRegistrar):
@@ -113,3 +114,9 @@ async def update_revocation_list(
     ) -> RevListResult:
         """Update a revocation list on the registry."""
         raise NotImplementedError()
+
+    async def get_schema_info_by_id(
+        self, profile: Profile, schema_id: str
+    ) -> AnoncredsSchemaInfo:
+        """Get a schema info from the registry."""
+        return await super().get_schema_info_by_id(schema_id)

acapy_agent/anoncreds/default/legacy_indy/registry.py

@@ -80,6 +80,7 @@
     SchemaResult,
     SchemaState,
 )
+from ...models.schema_info import AnoncredsSchemaInfo
 from ...revocation import (
     CATEGORY_REV_LIST,
     CATEGORY_REV_REG_DEF,
@@ -1229,3 +1230,14 @@ async def txn_submit(
                 )
         except LedgerError as err:
             raise AnonCredsRegistrationError(err.roll_up) from err
+
+    async def get_schema_info_by_id(
+        self, profile: Profile, schema_id: str
+    ) -> AnoncredsSchemaInfo:
+        """Get schema info by schema id."""
+        schema_id_parts = re.match(r"^(\w+):2:([^:]+):([^:]+)$", schema_id)
+        return AnoncredsSchemaInfo(
+            issuer_id=schema_id_parts.group(1),
+            name=schema_id_parts.group(2),
+            version=schema_id_parts.group(3),
+        )