credebl · tipusinghaw · Aug 7, 2025 · Aug 5, 2025 · Aug 6, 2025 · Aug 7, 2025
diff --git a/.env.demo b/.env.demo
@@ -161,6 +161,9 @@ HOSTNAME='localhost'
 # To add more clients, simply add comma separated values of client names
 SUPPORTED_SSO_CLIENTS=CREDEBL
 
+# Key for agent base wallet
+AGENT_API_KEY='supersecret-that-too-16chars'
+
 # To add more client add the following variables for each additional client.
 # Replace the `CLIENT-NAME` with the appropriate client name as added in `SUPPORTED_SSO_CLIENTS`
 # Default client will not need the following details

diff --git a/.env.sample b/.env.sample
@@ -181,6 +181,9 @@ HOSTNAME='localhost'                             # Hostname or unique identifier
 # To add more clients, simply add comma separated values of client names
 SUPPORTED_SSO_CLIENTS=CREDEBL
 
+# Key for agent base wallet
+AGENT_API_KEY='supersecret-that-too-16chars'
+
 # To add more client add the following variables for each additional client.
 # Replace the `CLIENT-NAME` with the appropriate client name as added in `SUPPORTED_SSO_CLIENTS`
 # Default client will not need the following details

diff --git a/.eslintrc.js b/.eslintrc.js
@@ -101,4 +101,4 @@ module.exports = {
     'prefer-template': 'error',
     quotes: ['warn', 'single', { allowTemplateLiterals: true }]
   }
-};
+};
diff --git a/.github/dco.yml b/.github/dco.yml
@@ -0,0 +1,3 @@
+allowRemediationCommits:
+  individual: true
+  thirdParty: true
diff --git a/.github/workflows/continuous-delivery.yml b/.github/workflows/continuous-delivery.yml
@@ -44,6 +44,12 @@ jobs:
         id: get_tag
         run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -57,6 +63,7 @@ jobs:
           context: .
           file: Dockerfiles/Dockerfile.${{ matrix.service }}
           push: true
+          platforms: linux/amd64,linux/arm64
           tags: |
             ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.service }}:${{ env.TAG }}
-            ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.service }}:latest
+            ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.service }}:latest
diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent.sh b/apps/agent-provisioning/AFJ/scripts/start_agent.sh
@@ -19,7 +19,7 @@ AFJ_VERSION=${14}
 INDY_LEDGER=${15}
 INBOUND_ENDPOINT=${16}
 SCHEMA_FILE_SERVER_URL=${17}
-
+AGENT_API_KEY="${18}"
 ADMIN_PORT_FILE="$PWD/apps/agent-provisioning/AFJ/port-file/last-admin-port.txt"
 INBOUND_PORT_FILE="$PWD/apps/agent-provisioning/AFJ/port-file/last-inbound-port.txt"
 ADMIN_PORT=8001
@@ -122,7 +122,7 @@ if [ -f "$CONFIG_FILE" ]; then
   rm "$CONFIG_FILE"
 fi
 
-cat <<EOF >${CONFIG_FILE}
+cat <<EOF >"$CONFIG_FILE"
 {
   "label": "${AGENCY}_${CONTAINER_NAME}",
   "walletId": "$WALLET_NAME",
@@ -154,7 +154,8 @@ cat <<EOF >${CONFIG_FILE}
   "webhookUrl": "$WEBHOOK_HOST/wh/$AGENCY",
   "adminPort": $ADMIN_PORT,
   "tenancy": $TENANT,
-  "schemaFileServerURL": "$SCHEMA_FILE_SERVER_URL"
+  "schemaFileServerURL": "$SCHEMA_FILE_SERVER_URL",
+  "apiKey": "$AGENT_API_KEY"
 }
 EOF
 
@@ -238,7 +239,7 @@ if [ $? -eq 0 ]; then
     container_logs=$(docker logs $(docker ps -q --filter "name=${AGENCY}_${CONTAINER_NAME}"))
 
     # Extract the token from the logs using sed
-    token=$(echo "$container_logs" | sed -nE 's/.*API Token: ([^ ]+).*/\1/p')
+    token=$(echo "$container_logs" | sed -nE 's/.*** API Key: ([^ ]+).*/\1/p')
 
     # Print the extracted token
     echo "Token: $token"

diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh
@@ -37,7 +37,7 @@ random_string=$(generate_random_string)
 # Print the generated random string
 echo "Random String: $random_string"
 
-SERVICE_NAME="${AGENCY}-${CONTAINER_NAME}-service-${random_string}"
+SERVICE_NAME="${CONTAINER_NAME}-service-test"
 EXTERNAL_IP=$(echo "$2" | tr -d '[:space:]')
 ADMIN_PORT_FILE="$PWD/agent-provisioning/AFJ/port-file/last-admin-port.txt"
 INBOUND_PORT_FILE="$PWD/agent-provisioning/AFJ/port-file/last-inbound-port.txt"
@@ -153,7 +153,7 @@ CONTAINER_DEFINITIONS=$(
 [
   {
     "name": "$CONTAINER_NAME",
-    "image": "${AFJ_IMAGE_URL}",
+    "image": "${AFJ_VERSION}",
     "cpu": 154,
     "memory": 307,
     "portMappings": [
@@ -194,6 +194,14 @@ CONTAINER_DEFINITIONS=$(
                 }
             ],
     "volumesFrom": [],
+    "logConfiguration": {
+        "logDriver": "awslogs",
+        "options": {
+          "awslogs-group": "/ecs/$TESKDEFINITION_FAMILY",
+          "awslogs-create-group": "true",
+          "awslogs-region": "ap-south-1",
+          "awslogs-stream-prefix": "ecs"
+        },
     "ulimits": []
   }
 ]
@@ -262,6 +270,67 @@ if [ $? -eq 0 ]; then
       sleep 10
     fi
   done
+# Describe the ECS service and filter by service name
+service_description=$(aws ecs describe-services --service $SERVICE_NAME --cluster $CLUSTER_NAME --region $AWS_PUBLIC_REGION)
+echo "service_description=$service_description"
+
+
+# Extract Task ID from the service description events
+task_id=$(echo "$service_description" | jq -r '.services[0].events[] | select(.message | test("has started 1 tasks")) | .message | capture("\\(task (?<id>[^)]+)\\)") | .id')
+#echo "task_id=$task_id"
+
+# to fetch log group of container 
+.............................................................
+log_group=/ecs/$TESKDEFINITION_FAMILY
+echo "log_group=$log_group"
+
+# Get Log Stream Name
+log_stream=ecs/$CONTAINER_NAME/$task_id
+
+echo "logstrem=$log_stream"
+
+
+# Fetch logs
+#echo "$(aws logs get-log-events --log-group-name "/ecs/$TESKDEFINITION_FAMILY/$CONTAINER_NAME" --log-stream-name "$log_stream" --region $AWS_PUBLIC_REGION)"
+
+# Check if the token folder exists, and create it if it doesn't
+token_folder="$PWD/agent-provisioning/AFJ/token"
+if [ ! -d "$token_folder" ]; then
+    mkdir -p "$token_folder"
+fi
+
+# Set maximum retry attempts
+RETRIES=3
+
+# Loop to attempt retrieving token from logs
+# Loop to attempt retrieving token from logs
+for attempt in $(seq 1 $RETRIES); do
+    echo "Attempt $attempt: Checking service logs for token..."
+
+    # Fetch logs and grep for API token
+    token=$(aws logs get-log-events \
+    --log-group-name "$log_group" \
+    --log-stream-name "$log_stream" \
+    --region ap-southeast-1 \
+    | grep -o '*** API Key: [^ ]*' \
+    | cut -d ' ' -f 3
+)
+   # echo "token=$token"
+    if [ -n "$token" ]; then
+        echo "Token found: $token"
+        # Write token to a file
+        echo "{\"token\": \"$token\"}" > "$PWD/agent-provisioning/AFJ/token/${AGENCY}_${CONTAINER_NAME}.json"
+        break  # Exit loop if token is found
+    else
+        echo "Token not found in logs. Retrying..."
+        if [ $attempt -eq $RETRIES ]; then
+            echo "Reached maximum retry attempts. Token not found."
+        fi
+    fi
+    # Add a delay of 10 seconds between retries
+    sleep 10
+done
+
 
   echo "Creating agent config"
   cat <<EOF >${PWD}/agent-provisioning/AFJ/endpoints/${AGENCY}_${CONTAINER_NAME}.json
@@ -273,7 +342,7 @@ EOF
 
   cat <<EOF >${PWD}/agent-provisioning/AFJ/token/${AGENCY}_${CONTAINER_NAME}.json
     {
-        "token" : ""
+        "token" : "$token"
     }
 EOF
 

diff --git a/apps/agent-provisioning/src/agent-provisioning.service.ts b/apps/agent-provisioning/src/agent-provisioning.service.ts
@@ -9,25 +9,39 @@
 
 @Injectable()
 export class AgentProvisioningService {
-
-  constructor(
-    private readonly logger: Logger
-  ) { }
+  constructor(private readonly logger: Logger) {}
 
   /**
    * Description: Wallet provision
-   * @param payload 
+   * @param payload
    * @returns Get DID and verkey
    */
   async walletProvision(payload: IWalletProvision): Promise<object> {
     try {
-
-      const { containerName, externalIp, orgId, seed, walletName, walletPassword, walletStorageHost, walletStoragePassword, walletStoragePort, walletStorageUser, webhookEndpoint, agentType, protocol, credoImage, tenant, indyLedger, inboundEndpoint } = payload;
+      const {
+        containerName,
+        externalIp,
+        orgId,
+        seed,
+        walletName,
+        walletPassword,
+        walletStorageHost,
+        walletStoragePassword,
+        walletStoragePort,
+        walletStorageUser,
@@ -42,5 +42,30 @@
        // The wallet provision command is used to invoke a shell script
-        const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${apiKey} ${process.env.AGENT_HOST} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TESKDEFINITION_FAMILY}`;
+        const scriptPath = process.cwd() + process.env.AFJ_AGENT_SPIN_UP;
+        const walletProvisionArgs = [
+          orgId,
+          externalIp,
+          walletName,
+          walletPassword,
+          seed,
+          webhookEndpoint,
+          walletStorageHost,
+          walletStoragePort,
+          walletStorageUser,
+          walletStoragePassword,
+          containerName,
+          protocol,
+          tenant,
+          credoImage,
+          indyLedger,
+          inboundEndpoint,
+          process.env.SCHEMA_FILE_SERVER_URL,
+          apiKey,
+          process.env.AGENT_HOST,
+          process.env.AWS_ACCOUNT_ID,
+          process.env.S3_BUCKET_ARN,
+          process.env.CLUSTER_NAME,
+          process.env.TESKDEFINITION_FAMILY
+        ];
        const spinUpResponse: object = new Promise(async (resolve) => {
-          await exec(walletProvision, async (err, stdout, stderr) => {
+          await execFile(scriptPath, walletProvisionArgs, async (err, stdout, stderr) => {
            this.logger.log(`shell script output: ${stdout}`);
@@ -42,5 +42,30 @@
        // The wallet provision command is used to invoke a shell script
-        const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${apiKey} ${process.env.AGENT_HOST} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TESKDEFINITION_FAMILY}`;
+        const scriptPath = process.cwd() + process.env.AFJ_AGENT_SPIN_UP;
+        const walletProvisionArgs = [
+          orgId,
+          externalIp,
+          walletName,
+          walletPassword,
+          seed,
+          webhookEndpoint,
+          walletStorageHost,
+          walletStoragePort,
+          walletStorageUser,
+          walletStoragePassword,
+          containerName,
+          protocol,
+          tenant,
+          credoImage,
+          indyLedger,
+          inboundEndpoint,
+          process.env.SCHEMA_FILE_SERVER_URL,
+          apiKey,
+          process.env.AGENT_HOST,
+          process.env.AWS_ACCOUNT_ID,
+          process.env.S3_BUCKET_ARN,
+          process.env.CLUSTER_NAME,
+          process.env.TESKDEFINITION_FAMILY
+        ];
        const spinUpResponse: object = new Promise(async (resolve) => {
-          await exec(walletProvision, async (err, stdout, stderr) => {
+          await execFile(scriptPath, walletProvisionArgs, async (err, stdout, stderr) => {
            this.logger.log(`shell script output: ${stdout}`);
+        webhookEndpoint,
+        agentType,
+        protocol,
+        credoImage,
+        tenant,
+        indyLedger,
+        inboundEndpoint,
+        apiKey
+      } = payload;
       if (agentType === AgentType.AFJ) {
         // The wallet provision command is used to invoke a shell script
-        const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_HOST} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TESKDEFINITION_FAMILY}`;
+        const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${apiKey} ${process.env.AGENT_HOST} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TESKDEFINITION_FAMILY}`;
         const spinUpResponse: object = new Promise(async (resolve) => {
-
           await exec(walletProvision, async (err, stdout, stderr) => {
             this.logger.log(`shell script output: ${stdout}`);
             if (stderr) {
-Original file line number
+Diff line change
@@ Expand Up / @@ -101,4 +101,4 @@ module.exports = { @@
         'prefer-template': 'error',
         quotes: ['warn', 'single', { allowTemplateLiterals: true }]
       }
-    };
+    };