Merge branch 'main' into feat/sd-jwt-implementation

.devcontainer/Dockerfile

@@ -16,8 +16,6 @@ RUN curl -sSL https://install.python-poetry.org | python3 - \
     && echo "fpath+=~/.zfunc\nautoload -Uz compinit && compinit" >> /home/vscode/.zshrc
 
 COPY pyproject.toml poetry.lock ./
-# we do not want the packages defined for this install, comment out the line.
-RUN sed -i 's/^[^#]*packages/#&/' pyproject.toml
 RUN poetry config virtualenvs.create false \
-    && poetry install --no-interaction --all-extras \
+    && poetry install --no-root --no-interaction --all-extras \
     && rm -rf /root/.cache/pypoetry

.devcontainer/post-install.sh

@@ -9,4 +9,7 @@ python -m pip install --upgrade pip
 pip3 install -r demo/requirements.txt -r demo/requirements.behave.txt
 
 # install black for formatting
-pip3 install black
+pip3 install black
+
+# install a version of aries-cloudagent so the pytests can pick up a version
+pip3 install aries-cloudagent

.dockerignore

@@ -9,3 +9,4 @@ test-reports
 .python-version
 docker
 env
+.venv

.vscode-sample/launch.json

@@ -16,34 +16,37 @@
             ]
         },
         {
-            "name": "flake8 - aries_cloudagent",
+            "name": "ruff - aries_cloudagent",
             "type": "python",
             "request": "launch",
-            "module": "flake8",
+            "module": "ruff",
             "console": "integratedTerminal",
+            "sudo": true,
             "justMyCode": true,
             "cwd": "${workspaceFolder}/aries_cloudagent",
-            "args": [
-                "--max-line-length=90",
-                "--exclude=*/tests/**",
-                "--extend-ignore=D202,W503",
-                "--per-file-ignores=*/__init__.py:D104"
-            ],
+            "args": ["check", "."],
         },
         {
-            "name": "flake8 - current file",
+            "name": "ruff fix - aries_cloudagent",
             "type": "python",
             "request": "launch",
-            "module": "flake8",
+            "module": "ruff",
             "console": "integratedTerminal",
+            "sudo": true,
             "justMyCode": true,
-            "args": [
-                "--max-line-length=90",
-                "--exclude=*/tests/**",
-                "--extend-ignore=D202,W503",
-                "--per-file-ignores=*/__init__.py:D104",
-                "${file}"
-            ],
+            "cwd": "${workspaceFolder}/aries_cloudagent",
+            "args": ["check", ".", "--fix"],
+        },
+        {
+            "name": "ruff - current file",
+            "type": "python",
+            "request": "launch",
+            "module": "ruff",
+            "console": "integratedTerminal",
+            "sudo": true,
+            "justMyCode": true,
+            "cwd": "${workspaceFolder}/aries_cloudagent",
+            "args": ["check", ".", "${file}"],
         },
         {
             "name": "black (check) - aries_cloudagent",

CONTRIBUTING.md

@@ -19,7 +19,7 @@ Contributions are made pursuant to the Developer's Certificate of Origin, availa
 
 A configuration for [pre-commit](https://pre-commit.com/) is included in this repository. This is an optional tool to help contributors commit code that follows the formatting requirements enforced by the CI pipeline. Additionally, it can be used to help contributors write descriptive commit messages that can be parsed by changelog generators.
 
-On each commit, pre-commit hooks will run that verify the committed code complies with flake8 and is formatted with black. To install the flake8 and black checks:
+On each commit, pre-commit hooks will run that verify the committed code complies with ruff and is formatted with black. To install the ruff and black checks:
 
 ```
 $ pre-commit install

DevReadMe.md

@@ -211,7 +211,7 @@ The `manage` script is described in detail [here](https://github.com/hyperledger
 
 ## Development Workflow
 
-We use [Flake8](http://flake8.pycqa.org/en/latest/) to enforce a coding style guide.
+We use [Ruff](https://github.com/astral-sh/ruff) to enforce a coding style guide.
 
 We use [Black](https://black.readthedocs.io/en/stable/) to automatically format code.
 

aries_cloudagent/ledger/indy.py

@@ -981,7 +981,11 @@ def taa_rough_timestamp(self) -> int:
 
         Anything more accurate is a privacy concern.
         """
-        return int(datetime.combine(date.today(), datetime.min.time()).timestamp())
+        return int(
+            datetime.combine(
+                date.today(), datetime.min.time(), datetime.timezone.utc
+            ).timestamp()
+        )
 
     async def accept_txn_author_agreement(
         self, taa_record: dict, mechanism: str, accept_time: int = None

aries_cloudagent/ledger/indy_vdr.py

@@ -921,7 +921,11 @@ def taa_rough_timestamp(self) -> int:
 
         Anything more accurate is a privacy concern.
         """
-        return int(datetime.combine(date.today(), datetime.min.time()).timestamp())
+        return int(
+            datetime.combine(
+                date.today(), datetime.min.time(), datetime.timezone.utc
+            ).timestamp()
+        )
 
     async def accept_txn_author_agreement(
         self, taa_record: dict, mechanism: str, accept_time: int = None

aries_cloudagent/messaging/valid.py

@@ -792,10 +792,10 @@ def __call__(self, value):
             if "id" in subject:
                 uri_validator = Uri()
                 try:
-                    uri_validator(value["id"])
+                    uri_validator(subject["id"])
                 except ValidationError:
                     raise ValidationError(
-                        f"credential subject id {value[0]} must be URI"
+                        f'credential subject id {subject["id"]} must be URI'
                     ) from None
 
         return value

devcontainer.md

@@ -75,7 +75,7 @@ In VS Code, open a Terminal, you should be able to run the following commands:
 ```
 python -m aries_cloudagent -v
 cd aries_cloudagent
-flake8 --max-line-length=90 --exclude=*/tests/** --extend-ignore=D202,W503 --per-file-ignores=*/__init__.py:D104
+ruff check .
 black . --check
 ```
 

docker/Dockerfile.test

@@ -12,8 +12,9 @@ WORKDIR /usr/src/app
 RUN pip install --no-cache-dir poetry
 
 ADD ./README.md pyproject.toml ./poetry.lock ./
+RUN mkdir aries_cloudagent && touch aries_cloudagent/__init__.py
 
-RUN poetry install --no-root --no-directory -E "askar bbs"
+RUN poetry install --no-directory -E "askar bbs" --with=dev
 
 ADD . .
 

docs/GettingStartedAriesDev/CredentialRevocation.md

@@ -246,7 +246,7 @@ thread ID and comment is emitted to registered webhook urls.
 
 ## Manually Creating Revocation Registries
 
-> NOTE: This capability is deprecated and will likely be removed entirely in an upcoming release of ACA-Py. 
+> NOTE: This capability is deprecated and will likely be removed entirely in an upcoming release of ACA-Py.
 
 The process for creating revocation registries is completely automated - when you create a Credential Definition with revocation enabled, a revocation registry is automatically created (in fact 2 registries are created), and when a registry fills up, a new one is automatically created.
 
@@ -276,14 +276,16 @@ There are several endpoints that must be called, and they must be called in this
 
    - the tails server will check that the registry definition is already written to the ledger
 
-## Revocation Registry Rotation
+5. Post the initial accumulator value to the ledger `POST /revocation/registry/{rev_reg_id}/entry`
 
-From time to time an Issuer may want to issue credentials from a new Revocation Registry. That can be done by changing the Credential Definition, but that could impact verifiers. 
-Revocation Registries go through a series of state changes: `init`, `generated`, `posted`, `active`, `full`, `decommissioned`. When issuing revocable credentials, the work is done with the `active` registry record. There are always 2 `active` registry records: one for tracking revocation until it is full, and the second to act as a "hot swap" in case issuance is done when the primary is full and being replaced. This ensures that there is always an `active` registry. When rotating, all registry records (except records in `init` state) are `decommissioned` and a new pair of `active` registry records are created.  
-
-Issuers can rotate their Credential Definition Revocation Registry records with a simple call: `POST /revocation/active-registry/{cred_def_id}/rotate`
+   - if you are an author (i.e. have a DID with restricted ledger write access) then this transaction may need to go through an endorser
+   - this operation **MUST** be performed on the the new revoc registry def **BEFORE** any revocation operations are performed
 
-It is advised that Issuers ensure the active registry is ready by calling `GET /revocation/active-registry/{cred_def_id}` after rotation and before issuance (if possible).
+## Revocation Registry Rotation
 
+From time to time an Issuer may want to issue credentials from a new Revocation Registry. That can be done by changing the Credential Definition, but that could impact verifiers.
+Revocation Registries go through a series of state changes: `init`, `generated`, `posted`, `active`, `full`, `decommissioned`. When issuing revocable credentials, the work is done with the `active` registry record. There are always 2 `active` registry records: one for tracking revocation until it is full, and the second to act as a "hot swap" in case issuance is done when the primary is full and being replaced. This ensures that there is always an `active` registry. When rotating, all registry records (except records in `init` state) are `decommissioned` and a new pair of `active` registry records are created.
 
+Issuers can rotate their Credential Definition Revocation Registry records with a simple call: `POST /revocation/active-registry/{cred_def_id}/rotate`
 
+It is advised that Issuers ensure the active registry is ready by calling `GET /revocation/active-registry/{cred_def_id}` after rotation and before issuance (if possible).