[pull] main from openwallet-foundation:main

.devcontainer/Dockerfile

@@ -1,5 +1,5 @@
 # See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.134.0/containers/python-3/.devcontainer/base.Dockerfile
-ARG VARIANT="3.12"
+ARG VARIANT="3.13"
 FROM mcr.microsoft.com/devcontainers/python:${VARIANT}
 
 ARG POETRY_VERSION="2.1.1"

.devcontainer/devcontainer.json

@@ -6,7 +6,7 @@
         "dockerfile": "Dockerfile",
         "context": "..",
         "args": {
-          "VARIANT": "3.12-bookworm",
+          "VARIANT": "3.13-bookworm",
           "POETRY_VERSION": "2.1.1"
         }
     },

.github/LTS-README.md

@@ -0,0 +1,45 @@
+# LTS Version Configuration
+
+This file controls which version patterns are treated as Long Term Support (LTS) releases.
+
+## How it works
+
+When a release is published, the LTS workflow automatically:
+1. Checks if the release version (major.minor) is listed in this file
+2. If it matches, creates an LTS tag and GitHub release
+3. Tags the published container images with the LTS tag
+
+## Format
+
+- One version pattern per line in `major.minor` format (e.g., `1.2` for versions 1.2.x)
+- Lines starting with `#` are comments and will be ignored
+- Empty lines are ignored
+
+## Example
+
+To enable LTS for versions 0.11.x and 1.0.x, add:
+```
+0.11
+1.0
+```
+
+## Adding a new LTS version
+
+1. Edit `.github/lts-versions.txt`
+2. Add the major.minor version pattern (e.g., `1.3`)
+3. Commit and push the changes
+4. Future releases matching that pattern (e.g., `1.3.0`, `1.3.1`, etc.) will automatically be tagged as LTS
+
+## Behavior
+
+- For release `1.2.3` with `1.2` in this file:
+  - Creates git tag: `1.2-lts`
+  - Creates GitHub release: `1.2-lts`
+  - Tags images: `py3.12-1.2-lts`
+
+- When `1.2.4` is released:
+  - Moves `1.2-lts` tag to point to `1.2.4`
+  - Updates the `1.2-lts` GitHub release
+  - Re-tags images so `py3.12-1.2-lts` points to the `1.2.4` image
+
+This ensures the LTS tag always points to the latest patch release for that major.minor version.

.github/actions/run-integration-tests/action.yml

@@ -9,7 +9,7 @@ inputs:
   IN_LEDGER_URL:
     description: "URL to the von network ledger browser"
     required: false
-    default: "http://test.bcovrin.vonx.io"
+    default: "https://test.bcovrin.vonx.io"
   IN_PUBLIC_TAILS_URL:
     description: "URL to the tails server"
     required: false
@@ -19,14 +19,15 @@ runs:
   steps:
     - name: run-integration-tests-acapy
       # to run with external ledger and tails server run as follows (and remove the ledger and tails actions from the workflow):
-      # run: LEDGER_URL=http://test.bcovrin.vonx.io PUBLIC_TAILS_URL=https://tails.vonx.io ./run_bdd ${{ inputs.TEST_SCOPE }}
+      # run: LEDGER_URL=https://test.bcovrin.vonx.io PUBLIC_TAILS_URL=https://tails.vonx.io ./run_bdd ${{ inputs.TEST_SCOPE }}
       run: ./run_bdd ${{ inputs.TEST_SCOPE }}
       shell: bash
       env:
         LEDGER_URL: ${{ inputs.IN_LEDGER_URL }}
         PUBLIC_TAILS_URL: ${{ inputs.IN_PUBLIC_TAILS_URL }}
         LOG_LEVEL: warning
         NO_TTY: "1"
+        ACAPY_DEBUG_WEBHOOKS: true
       working-directory: ./demo
 branding:
   icon: "mic"

.github/actions/run-postgres-tests/action.yml

@@ -0,0 +1,237 @@
+name: Run PostgreSQL Integration Tests
+description: "Run integration tests against PostgreSQL database"
+
+inputs:
+  python-version:
+    description: "Python version"
+    required: true
+  os:
+    description: "Operating system"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up Python ${{ inputs.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ inputs.python-version }}
+        cache: 'pip'
+        cache-dependency-path: 'requirements*.txt'
+
+    - name: Install PostgreSQL client tools
+      shell: bash
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y postgresql-client
+
+    - name: Wait for PostgreSQL to be ready
+      shell: bash
+      run: |
+        echo "Waiting for PostgreSQL to be ready..."
+        for i in {1..30}; do
+          if pg_isready -h localhost -p 5432 -U acapy_test; then
+            echo "PostgreSQL is ready!"
+            break
+          fi
+          echo "Attempt $i: PostgreSQL not ready yet, waiting..."
+          sleep 2
+        done
+
+        # Final check
+        if ! pg_isready -h localhost -p 5432 -U acapy_test; then
+          echo "ERROR: PostgreSQL failed to become ready"
+          exit 1
+        fi
+
+    - name: Verify PostgreSQL connection
+      shell: bash
+      env:
+        PGPASSWORD: acapy_test_pass
+      run: |
+        echo "Testing PostgreSQL connection..."
+        psql -h localhost -U acapy_test -d acapy_test_db -c "SELECT version();"
+        echo "PostgreSQL connection verified!"
+
+    - name: Create additional test databases
+      shell: bash
+      env:
+        PGPASSWORD: acapy_test_pass
+      run: |
+        echo "Creating additional test databases..."
+        createdb -h localhost -U acapy_test test_kanon_db || true
+        createdb -h localhost -U acapy_test test_dbstore_db || true
+        createdb -h localhost -U acapy_test test_normalize || true
+        createdb -h localhost -U acapy_test test_generic || true
+        echo "Additional databases created"
+
+    - name: Grant database privileges
+      shell: bash
+      env:
+        PGPASSWORD: acapy_test_pass
+      run: |
+        echo "Granting database privileges..."
+        psql -h localhost -U acapy_test -d acapy_test_db -c "ALTER USER acapy_test WITH CREATEDB CREATEROLE;"
+        echo "Privileges granted"
+
+    - name: Install project dependencies
+      shell: bash
+      run: |
+        pip install poetry
+        poetry install --all-extras
+
+    - name: Run Kanon PostgreSQL Tests
+      shell: bash
+      env:
+        POSTGRES_HOST: localhost
+        POSTGRES_PORT: 5432
+        POSTGRES_USER: acapy_test
+        POSTGRES_PASSWORD: acapy_test_pass
+        POSTGRES_DB: acapy_test_db
+        ENABLE_DBSTORE_TESTS: "1"
+        LOG_LEVEL: WARNING
+      run: |
+        export POSTGRES_URL="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}"
+
+        echo "========================================="
+        echo "Running Kanon Integration Tests"
+        echo "Database: ${POSTGRES_DB} on ${POSTGRES_HOST}:${POSTGRES_PORT}"
+        echo "========================================="
+
+        poetry run pytest \
+          acapy_agent/kanon/tests/ \
+          -v \
+          --cov=acapy_agent.kanon \
+          --cov-report term-missing \
+          --cov-report xml:./test-reports/kanon-postgres-coverage.xml \
+          --junitxml=./test-reports/kanon-postgres-junit.xml \
+          2>&1 | tee kanon-postgres-tests.log
+
+        KANON_EXIT_CODE=${PIPESTATUS[0]}
+
+        echo ""
+        echo "========================================="
+        echo "Kanon tests completed with exit code: $KANON_EXIT_CODE"
+        echo "========================================="
+
+        # Check for unawaited coroutines
+        if grep -Eq "RuntimeWarning: coroutine .* was never awaited" kanon-postgres-tests.log; then
+          echo "ERROR: Detected unawaited coroutine warning in Kanon tests"
+          exit 1
+        fi
+
+        if [ $KANON_EXIT_CODE -ne 0 ]; then
+          echo "ERROR: Kanon PostgreSQL tests failed"
+          exit $KANON_EXIT_CODE
+        fi
+
+    - name: Run DBStore PostgreSQL Integration Tests
+      shell: bash
+      env:
+        POSTGRES_HOST: localhost
+        POSTGRES_PORT: 5432
+        POSTGRES_USER: acapy_test
+        POSTGRES_PASSWORD: acapy_test_pass
+        POSTGRES_DB: acapy_test_db
+        ENABLE_DBSTORE_TESTS: "1"
+        LOG_LEVEL: WARNING
+      run: |
+        export POSTGRES_URL="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}"
+
+        echo "========================================="
+        echo "Running DBStore PostgreSQL Integration Tests"
+        echo "Database: ${POSTGRES_DB} on ${POSTGRES_HOST}:${POSTGRES_PORT}"
+        echo "========================================="
+
+        echo "Running core DBStore provisioning tests..."
+
+        # Test 1: PostgreSQL Normalized Provisioning (validates our provisioning bug fix)
+        poetry run pytest \
+          -v \
+          --tb=short \
+          acapy_agent/database_manager/tests/dbstore/test_db_store_postgresql_normalized_provision.py::test_provision \
+          2>&1 | tee -a dbstore-postgres-tests.log
+
+        PROVISION_TEST_1=$?
+
+        # Test 2: PostgreSQL Normalized Schema
+        poetry run pytest \
+          -v \
+          --tb=short \
+          acapy_agent/database_manager/tests/dbstore/test_db_store_postgresql_normalized.py::test_provision \
+          2>&1 | tee -a dbstore-postgres-tests.log
+
+        PROVISION_TEST_2=$?
+
+        # Test 3: PostgreSQL Generic Schema
+        poetry run pytest \
+          -v \
+          --tb=short \
+          acapy_agent/database_manager/tests/dbstore/test_db_store_postgresql_generic.py::test_provision \
+          2>&1 | tee -a dbstore-postgres-tests.log
+
+        PROVISION_TEST_3=$?
+
+        # Calculate overall exit code
+        DBSTORE_EXIT_CODE=0
+        if [ $PROVISION_TEST_1 -ne 0 ] || [ $PROVISION_TEST_2 -ne 0 ] || [ $PROVISION_TEST_3 -ne 0 ]; then
+          DBSTORE_EXIT_CODE=1
+        fi
+
+        # Generate coverage report for all tests
+        poetry run pytest \
+          --cov=acapy_agent.database_manager \
+          --cov-report term-missing \
+          --cov-report xml:./test-reports/dbstore-postgres-coverage.xml \
+          --junitxml=./test-reports/dbstore-postgres-junit.xml \
+          --co \
+          acapy_agent/database_manager/tests/dbstore/test_db_store_postgresql*.py 2>/dev/null || true
+
+        echo ""
+        echo "========================================="
+        echo "DBStore tests completed with exit code: $DBSTORE_EXIT_CODE"
+        echo "========================================="
+
+        # Check for unawaited coroutines
+        if grep -Eq "RuntimeWarning: coroutine .* was never awaited" dbstore-postgres-tests.log; then
+          echo "ERROR: Detected unawaited coroutine warning in DBStore tests"
+          exit 1
+        fi
+
+        if [ $DBSTORE_EXIT_CODE -ne 0 ]; then
+          echo "ERROR: DBStore PostgreSQL tests failed"
+          exit $DBSTORE_EXIT_CODE
+        fi
+
+    - name: Upload Kanon PostgreSQL Test Reports
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: kanon-postgres-test-reports-${{ inputs.python-version }}-${{ inputs.os }}
+        path: |
+          test-reports/kanon-postgres-coverage.xml
+          test-reports/kanon-postgres-junit.xml
+          kanon-postgres-tests.log
+
+    - name: Upload DBStore PostgreSQL Test Reports
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: dbstore-postgres-test-reports-${{ inputs.python-version }}-${{ inputs.os }}
+        path: |
+          test-reports/dbstore-postgres-coverage.xml
+          test-reports/dbstore-postgres-junit.xml
+          dbstore-postgres-tests.log
+
+    - name: Test Summary
+      if: always()
+      shell: bash
+      run: |
+        echo "========================================="
+        echo "PostgreSQL Integration Tests Summary"
+        echo "========================================="
+        echo "✅ PostgreSQL service: Ready"
+        echo "✅ Database connection: Verified"
+        echo "✅ Kanon tests: Check artifacts"
+        echo "✅ DBStore tests: Check artifacts"
+        echo "========================================="

.github/lts-versions.txt

@@ -0,0 +1,13 @@
+# LTS Version Patterns
+# Each line represents a version pattern that should be treated as LTS
+# Use major.minor format (e.g., 1.2 for versions 1.2.x)
+# Lines starting with # are comments and will be ignored
+# Empty lines are ignored
+
+# Example: Uncomment the lines below to enable LTS for specific versions
+0.12
+1.2
+1.3
+
+# For testing purposes (remove in production):
+# 0.0

.github/workflows/bdd-integration-tests.yml

@@ -31,12 +31,12 @@ jobs:
       is_release: ${{ steps.check_if_release.outputs.is_release }}
     steps:
       - name: checkout-acapy
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           fetch-depth: 0
       - name: Check changed files
         id: check-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
         with:
           files_yaml: |
             src: 

.github/workflows/bdd-interop-tests.yml

@@ -31,12 +31,12 @@ jobs:
       is_release: ${{ steps.check_if_release.outputs.is_release }}
     steps:
       - name: checkout-acapy
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           fetch-depth: 0
       - name: Check changed files
         id: check-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
         with:
           files_yaml: |
             src: 
@@ -83,17 +83,17 @@ jobs:
         if: (steps.check_if_release.outputs.is_release != 'true' && github.event_name == 'pull_request' && steps.check-if-src-changed.outputs.run_tests != 'false')
         run: |
           cd owl-agent-test-harness
-          NO_TTY=1 LEDGER_URL_CONFIG=http://test.bcovrin.vonx.io TAILS_SERVER_URL_CONFIG=https://tails.vonx.io ./manage run -d acapy-main -t @critical -t ~@wip -t ~@T004-RFC0211 -t ~@DidMethod_orb -t ~@Transport_NoHttpOutbound -t ~@Anoncreds >> output.txt
+          NO_TTY=1 LEDGER_URL_CONFIG=https://test.bcovrin.vonx.io TAILS_SERVER_URL_CONFIG=https://tails.vonx.io ./manage run -d acapy-main -t @critical -t ~@wip -t ~@T004-RFC0211 -t ~@DidMethod_orb -t ~@Transport_NoHttpOutbound -t ~@Anoncreds >> output.txt
       - name: Run Release or Nightly Interop Tests Indy
         if: (steps.check_if_release.outputs.is_release == 'true' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' && steps.check-if-src-changed.outputs.run_tests != 'false')
         run: |
           cd owl-agent-test-harness
-          NO_TTY=1 LEDGER_URL_CONFIG=http://test.bcovrin.vonx.io TAILS_SERVER_URL_CONFIG=https://tails.vonx.io ./manage run -d acapy-main -t @critical -t ~@wip -t ~@T004-RFC0211 -t ~@DidMethod_orb -t ~@Transport_NoHttpOutbound -t ~@Anoncreds >> output.txt
+          NO_TTY=1 LEDGER_URL_CONFIG=https://test.bcovrin.vonx.io TAILS_SERVER_URL_CONFIG=https://tails.vonx.io ./manage run -d acapy-main -t @critical -t ~@wip -t ~@T004-RFC0211 -t ~@DidMethod_orb -t ~@Transport_NoHttpOutbound -t ~@Anoncreds >> output.txt
       - name: Run Release or Nightly Interop Tests AnonCreds
         if: (steps.check_if_release.outputs.is_release == 'true' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' && steps.check-if-src-changed.outputs.run_tests != 'false')
         run: |
           cd owl-agent-test-harness
-          BACKCHANNEL_EXTRA_acapy_main="{\"wallet-type\":\"askar-anoncreds\"}" NO_TTY=1 LEDGER_URL_CONFIG=http://test.bcovrin.vonx.io TAILS_SERVER_URL_CONFIG=https://tails.vonx.io ./manage run -d acapy-main -t @AcceptanceTest -t ~@wip -t ~@T004-RFC0211 -t ~@DidMethod_orb -t ~@Transport_NoHttpOutbound -t ~@Indy -t ~@CredFormat_Indy >> output.txt
+          BACKCHANNEL_EXTRA_acapy_main="{\"wallet-type\":\"askar-anoncreds\"}" NO_TTY=1 LEDGER_URL_CONFIG=https://test.bcovrin.vonx.io TAILS_SERVER_URL_CONFIG=https://tails.vonx.io ./manage run -d acapy-main -t @AcceptanceTest -t ~@wip -t ~@T004-RFC0211 -t ~@DidMethod_orb -t ~@Transport_NoHttpOutbound -t ~@Indy -t ~@CredFormat_Indy >> output.txt
       - name: Check If Tests Failed
         if: steps.check-if-src-changed.outputs.run_tests != 'false'
         run: |