feat: adds direct mode verification agent

Makefile

@@ -1,6 +1,6 @@
 .PHONY: build-sally
 
-VERSION=0.10.2
+VERSION=1.0.0-rc1
 REGISTRY=gleif
 IMAGE=sally
 IMAGE_TAG=$(REGISTRY)/$(IMAGE):latest
@@ -18,7 +18,6 @@ endef
 build-sally: .warn
 	@docker build \
 		--platform=linux/amd64,linux/arm64 \
-		--no-cache \
 		-f containers/sally.dockerfile \
 		-t $(VERSIONED_TAG) \
 		-t $(IMAGE_TAG) .

README.md

@@ -7,7 +7,7 @@ webhook URL.
 
 # Usage
 
-The below `sally server start` command shows how to use Sally.
+The below `sally server start` command shows how to use Sally, once it has been set up (see below for setup instructions).
 
 ```bash
 sally server start \
@@ -16,15 +16,9 @@ sally server start \
   --passcode VVmRdBTe5YCyLMmYRqTAi \
   --web-hook http://127.0.0.1:9923 \
   --auth EMHY2SRWuqcqlKv2tNQ9nBXyZYqhJ-qrDX70faMcGujF
-  --config-dir scripts \
-  --config-file sally-habery.json \
-  --incept-file sally-incept.json \
   --loglevel INFO
 ```
 
-You must specify both the keystore (Habery) configuration file and the identifier (Hab) inception file. The `--config-dir` argument applies to both the
-keystore and identifier files. For the keystore configuration the directory `keri/cf` is appended to the value of `--config-file` if it is not an absolute path.
-
 You can specify the `--salt` and `--passcode` arguments to set the salt and passcode for the identifier. If you do not specify these arguments, 
 Sally will use a random one by default.
 
@@ -167,7 +161,7 @@ technology(`pipenv` for example) for each repository.  Finally, many of the bash
 installation of `jq` running locally.
 
 
-## vLEI
+## ACDC schemas using the vLEI-server
 
 The vLEI server provides endpoints for Data OOBIs for the credential schema for the vLEI ecosystem.  To run the server,
 you must run:
@@ -179,7 +173,7 @@ vLEI-server -s schema/acdc -c samples/acdc -o samples/oobis
 
 And leave the server running to is accessible to Sally and the agents running from KERIpy.
 
-## KERIpy
+## Witnesses using KERIpy
 
 From KERIpy you will run 1 server that provide witnesses. In addition, you will run a shell script which uses `kli` to
 execute KERI commands to create identifiers and issue credentials.
@@ -211,14 +205,50 @@ KERI_SCRIPT_DIR=./scripts KERI_DEMO_SCRIPT_DIR=./scripts/demo ./scripts/demo/vLE
 Now that you have a sample vLEI ecosystem running you will need to configure and run the Sally server.  
 
 In order to start Sally you will need to either:
-1. Use the `--incept-file` and `--salt` arguments to instruct the `sally server start` command to create a new identifier, or
-2. Use the `kli init` and `kli incept` commands to create an AID for Sally to use.
+1. Use the `kli init` and `kli incept` commands to create an AID for Sally to use.
+2. (Not yet working) Use the `--incept-file` and `--salt` arguments to instruct the `sally server start` command to create a new identifier, or
 
 Both options require the following configuration files:
 
-### Configuration Files
+### Option 1 - `kli` commands
+
+Creating an identifier with the `kli init` and `kli incept` commands requires the following two commands to be run from an activated 
+Python virtual environment that has `keripy` configured to run so that the `kli` command is available. 
+
+We usually accomplish this by running `pip install -e .` from inside the keripy directory with the virtual environment configured
+for `Sally` though you can also run this command from a Python virtual environment created from this repository, the "sally" repository.
+
+You will need to adjust the paths in the commands below to point to the correct location of `keripy` or `sally` depending on what you use.
+
+```bash
+kli init --name sally --passcode VVmRdBTe5YCyLMmYRqTAi --salt 0AD45YWdzWSwNREuAoitH_CC \
+  --config-dir scripts --config-file sally-habery.json
+kli incept --name sally --passcode VVmRdBTe5YCyLMmYRqTAi --alias sally \
+  --file /scripts/sally-incept.json
+kli oobi resolve --name sally --passcode VVmRdBTe5YCyLMmYRqTAi \
+  --oobi-alias qvi --oobi http://127.0.0.1:5642/oobi/EHLWiN8Q617zXqb4Se4KfEGteHbn_way2VG5mcHYh5bm/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
+```
+
+Finally, you can start (and leave running) the Sally server with:
+
+```bash
+sally server start --name sally --alias sally --passcode VVmRdBTe5YCyLMmYRqTAi \
+  --web-hook http://127.0.0.1:9923 \
+  --auth EHOuGiHMxJShXHgSb6k_9pqxmRb8H-LT0R2hQouHp8pW
+```
+
+If you require a sample web hook to receive the notifications from the Sally server one is provided in this repo.  You
+can run the sample hook server in a separate terminal with the following command. The above Sally command assumes this 
+server and port by default. 
+
+### Option 2 (not yet working) - `sally server start` command
+
+You must specify both the keystore (Habery) configuration file and the identifier (Hab) inception file. The `--config-dir` argument applies to both the
+keystore and identifier files. For the keystore configuration the directory `keri/cf` is appended to the value of `--config-file` if it is not an absolute path.
+
+#### Configuration Files
 
-#### keystore (Habery) configuration file
+##### keystore (Habery) configuration file
 
 This configuration is keystore-wide, meaning available to all identifiers used in this keystore. We will only have one identifier in this
 keystore, the Sally identifier. Configuring this keystore (Habery) requires a configuration file set up similar to the following example. 
@@ -248,7 +278,7 @@ in which case the absolute path to the file is used and the `--config-dir` argum
 }
 ```
 
-#### Identifier (Hab) Inception File
+##### Identifier (Hab) Inception File
 
 Creating an identifier requires a configuration file set up similar to the following example. This file must be located at the path specified by
 the combination of the `--config-dir` and `--config-file` arguments for an end result of "config dir" / "config file" unless an absolute path is
@@ -269,7 +299,7 @@ specified for the `--config-file` argument in which case the absolute path to th
 
 ```
 
-### Option 1 - `sally server start` command
+#### Sally Start Command with new Identifier
 
 The following command will start the Sally server with a new identifier and salt:
 
@@ -286,38 +316,7 @@ sally server start \
   --loglevel INFO
 ```
 
-### Option 2 - `kli` commands
-
-Creating an identifier with the `kli init` and `kli incept` commands requires the following two commands to be run from an activated 
-Python virtual environment that has `keripy` configured to run so that the `kli` command is available. 
-
-We usually accomplish this by running `pip install -e .` from inside the keripy directory with the virtual environment configured
-for `Sally` though you can also run this command from a Python virtual environment created from this repository, the "sally" repository.
-
-You will need to adjust the paths in the commands below to point to the correct location of `keripy` or `sally` depending on what you use.
-
-```bash
-kli init --name sally --passcode VVmRdBTe5YCyLMmYRqTAi --salt 0AD45YWdzWSwNREuAoitH_CC \
-  --config-dir scripts --config-file sally-habery.json
-kli incept --name sally --passcode VVmRdBTe5YCyLMmYRqTAi --alias sally \
-  --file /scripts/sally-incept.json
-kli oobi resolve --name sally --passcode VVmRdBTe5YCyLMmYRqTAi \
-  --oobi-alias qvi --oobi http://127.0.0.1:5642/oobi/EHLWiN8Q617zXqb4Se4KfEGteHbn_way2VG5mcHYh5bm/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
-```
-
-Finally, you can start (and leave running) the Sally server with:
-
-```bash
-sally server start --name sally --alias sally --passcode VVmRdBTe5YCyLMmYRqTAi \
-  --web-hook http://127.0.0.1:9923 \
-  --auth EHOuGiHMxJShXHgSb6k_9pqxmRb8H-LT0R2hQouHp8pW
-```
-
-If you require a sample web hook to receive the notifications from the Sally server one is provided in this repo.  You
-can run the sample hook server in a separate terminal with the following command. The above Sally command assumes this 
-server and port by default. 
-
-## Sample Web Hook
+## Sample Web Hook - called after credential presentation
 ```bash
 sally hook demo
 ```

containers/sally.dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1
-FROM weboftrust/keri:1.2.6
+FROM gleif/keri:1.2.8-rc2
 LABEL maintainer="GLEIF"
 
 # Disable output bufferering any output

scripts/initialize.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
 
-kli init --name sally --nopasscode --config-dir ./scripts --config-file vlei-sally-oobis-schema
-kli incept --name sally --alias sally --file ./scripts/data/sally.json
+kli init --name sally --nopasscode --config-dir ./scripts --config-file sally.json
+kli incept --name sally --alias sally --file ./scripts/sally-incept.json
 

scripts/keri/cf/sally-habery.json → scripts/keri/cf/direct-sally.json

@@ -1,10 +1,10 @@
 {
   "dt": "2022-10-31T12:59:57.823350+00:00",
-  "iurls": [
-    "http://127.0.0.1:5642/oobi/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha/controller",
-    "http://127.0.0.1:5644/oobi/BIKKuvBwpmDVA4Ds-EpL5bt9OqPzWPja2LigFYZN2YfX/controller",
-    "http://127.0.0.1:5643/oobi/BLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM/controller"
-  ],
+   "direct-sally": {
+    "dt": "2022-01-20T12:57:59.823350+00:00",
+    "curls": ["http://127.0.0.1:9723/"]
+  },
+  "iurls": [],
   "durls": [
     "http://127.0.0.1:7723/oobi/EBNaNu-M9P5cgrnfl2Fvymy4E_jvxxyjb70PRtiANlJy",
     "http://127.0.0.1:7723/oobi/EH6ekLjSr8V32WyFbGe1zXjTzFs9PkTYmupJ9H65O14g",

scripts/keri/cf/sally.json

@@ -0,0 +1,16 @@
+{
+  "dt": "2022-10-31T12:59:57.823350+00:00",
+   "sally": {
+    "dt": "2022-01-20T12:57:59.823350+00:00",
+    "curls": ["http://127.0.0.1:9723/"]
+  },
+  "iurls": [],
+  "durls": [
+    "http://127.0.0.1:7723/oobi/EBNaNu-M9P5cgrnfl2Fvymy4E_jvxxyjb70PRtiANlJy",
+    "http://127.0.0.1:7723/oobi/EH6ekLjSr8V32WyFbGe1zXjTzFs9PkTYmupJ9H65O14g",
+    "http://127.0.0.1:7723/oobi/EKA57bKBKxr_kN7iN5i7lMUxpMG-s19dRcmov1iDxz-E",
+    "http://127.0.0.1:7723/oobi/ENPXp1vQzRF6JwIuS-mp2U8Uf1MoADoP_GqQ62VsDZWY",
+    "http://127.0.0.1:7723/oobi/EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao",
+    "http://127.0.0.1:7723/oobi/EEy9PkikFcANV1l7EHukCeXqrzT1hNZjGlUk7wuMO5jw"
+  ]
+}

scripts/sally-incept-no-wits.json

@@ -0,0 +1,9 @@
+{
+  "transferable": true,
+  "wits": [],
+  "toad": 0,
+  "icount": 1,
+  "ncount": 1,
+  "isith": "1",
+  "nsith": "1"
+}

scripts/start.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-sally server start --name sally --alias sally --web-hook http://127.0.0.1:9923 --auth EHOuGiHMxJShXHgSb6k_9pqxmRb8H-LT0R2hQouHp8pW
+sally server start --name sally --alias sally --web-hook http://127.0.0.1:9923 --auth EHOuGiHMxJShXHgSb6k_9pqxmRb8H-LT0R2hQouHp8pW --loglevel INFO

setup.py

@@ -39,7 +39,7 @@
 
 setup(
     name='sally',
-    version='0.10.2',  # also change in src/sally/__init__.py
+    version='1.0.0-rc1',  # also change in src/sally/__init__.py
     license='Apache Software License 2.0',
     description='vLEI Audit Reporting API',
     long_description=long_description,
@@ -78,7 +78,7 @@
     ],
     python_requires='>=3.12.3',
     install_requires=[
-        'cit-keri==1.2.7-rc1',
+        'cit-keri==1.2.8',
         'hio==0.6.14',
         'multicommand==1.0.0',
         'blake3==0.4.1',
@@ -95,7 +95,7 @@
         'pytest-mock-server==0.3.2'
     ],
     setup_requires=[
-        'setuptools==79.0.1'
+        'setuptools==80.3.1'
     ],
     entry_points={
         'console_scripts': [

src/sally/__init__.py

@@ -6,4 +6,4 @@
 
 """
 
-__version__ = '0.10.2'  # also change in setup.py
+__version__ = '1.0.0-rc1'  # also change in setup.py

src/sally/app/cli/commands/server/start.py

@@ -18,6 +18,9 @@
 parser.set_defaults(handler=lambda args: launch(args),
                     transferable=True)
 
+parser.add_argument(
+    "-d", "--direct", action="store_true", default=True,
+    help="Listen for direct-mode messages on HTTP port.  Default is True")
 parser.add_argument(
     '-p', '--http', action='store', default=9723,
     help="Port on which to listen for OOBI requests.  Defaults to 9723")
@@ -79,8 +82,12 @@ def launch(args, expire=0.0):
     salt = args.salt
     base = args.base
     bran = args.bran
-    http_port = args.http
+    try:
+        http_port = int(args.http)
+    except ValueError:
+        raise ValueError(f"Invalid port number: {args.http}. Must be an integer.")
     auth = args.auth
+    direct = args.direct
 
     timeout = args.escrow_timeout
     retry = args.retry_delay
@@ -116,7 +123,7 @@ def launch(args, expire=0.0):
 
     doers = [hbyDoer, *obl.doers]
     doers += serving.setup(hby, alias=alias, httpPort=http_port, hook=hook, auth=auth,
-                           timeout=timeout, retry=retry, incept_args=incept_args)
+                           timeout=timeout, retry=retry, direct=direct, incept_args=incept_args)
 
     logger.info(f"Sally Server v{sally.__version__} listening on {http_port} with DB version {hby.db.version}")
     directing.runController(doers=doers, expire=expire)

src/sally/core/handling.py

@@ -134,7 +134,7 @@ def processNotes(self):
         }
         """
         for keys, notice in self.notifier.noter.notes.getItemIter():
-            logger.info(f"Processing notice {notice}")
+            logger.info(f"Processing notice {notice.pretty()}")
             attrs = notice.attrs
             route = attrs['r']
 

src/sally/core/serving.py

@@ -15,7 +15,7 @@
 from keri import help
 from keri.app import indirecting, storing, notifying
 from keri.app.cli.commands import incept
-from keri.core import routing, eventing
+from keri.core import routing, eventing, parsing
 from keri.end import ending
 from keri.peer import exchanging
 from keri.vdr import viring, verifying
@@ -24,10 +24,11 @@
 
 from sally.core import handling, basing, monitoring, httping
 from sally.core.credentials import TeveryCuery
+from sally.core.verifying import VerificationAgent
 
 logger = help.ogler.getLogger()
 
-def setup(hby, *, alias, httpPort, hook, auth, timeout=10, retry=3, incept_args=None):
+def setup(hby, *, alias, httpPort, hook, auth, timeout=10, retry=3, direct=True, incept_args=None):
     """
     Setup components, HTTP endpoints, and MailboxDirector working with witnesses to receive events.
 
@@ -39,8 +40,10 @@ def setup(hby, *, alias, httpPort, hook, auth, timeout=10, retry=3, incept_args=
         auth (str): alias or AID of external authority for contacts and credentials
         timeout (int): escrow timeout (in minutes) for events not delivered to upstream web hook
         retry (int): retry delay (in seconds) for failed web hook attempts
+        direct (bool): listen for direct-mode messages on HTTP port or use indirect-mode mailbox
         incept_args (dict): arguments for incepting Sally's identifier if it does not exist
     """
+    cues = decking.Deck()
     # make hab
     if incept_args is None:
         incept_args = {}
@@ -68,6 +71,7 @@ def setup(hby, *, alias, httpPort, hook, auth, timeout=10, retry=3, incept_args=
 
     mbx = storing.Mailboxer(name=hby.name)
     exc = exchanging.Exchanger(hby=hby, handlers=[])
+    rep = storing.Respondant(hby=hby, mbx=mbx)
 
     cdb = basing.CueBaser(name=hby.name)
     clear_escrows(cdb)
@@ -84,21 +88,33 @@ def setup(hby, *, alias, httpPort, hook, auth, timeout=10, retry=3, incept_args=
     tvy.registerReplyRoutes(router=rvy.rtr)
     tc = TeveryCuery(cdb=cdb, reger=reger, cues=tvy.cues)
 
+    parser = parsing.Parser(framed=True, kvy=kvy, tvy=tvy, rvy=rvy, vry=verifier, exc=exc)
+
     comms = handling.Communicator(hby=hby, hab=hab, cdb=cdb, reger=reger,
                                   auth=auth, hook=hook, timeout=timeout, retry=retry)
     app.add_route("/health", monitoring.HealthEnd(cdb=cdb))
 
     ending.loadEnds(app, hby=hby, default=hab.pre)
 
-    rep = storing.Respondant(hby=hby, mbx=mbx)
-    mbd = indirecting.MailboxDirector(
-        hby=hby, exc=exc, kvy=kvy, tvy=tvy, rvy=rvy, verifier=verifier, rep=rep,
-        topics=["/receipt", "/replay", "/multisig", "/credential", "/delegate", "/challenge"])  # topics to listen for messages on
-
     doers = [httpServerDoer, comms, tc]
-    # reading notifications for received ipex grant exn messages
-    doers.extend(handling.loadHandlers(cdb=cdb, hby=hby, notifier=notifier, parser=mbd.parser))
-    doers.append(mbd)
+    if direct:
+        logger.info("Adding direct mode HTTP listener")
+        # reading notifications for received ipex grant exn messages
+        doers.extend(handling.loadHandlers(cdb=cdb, hby=hby, notifier=notifier, parser=parser))
+
+        # Set up HTTP endpoint for PUT-ing application/cesr streams to the SallyAgent at '/'
+        httpEnd = indirecting.HttpEnd(rxbs=parser.ims, mbx=mbx)
+        app.add_route('/', httpEnd)
+        agent = VerificationAgent(hab=hab, parser=parser, kvy=kvy, tvy=tvy, rvy=rvy, exc=exc, cues=cues)
+        doers.append(agent)
+    else:
+        logger.info("Adding indirect mode mailbox listener")
+        mbd = indirecting.MailboxDirector(
+            hby=hby, exc=exc, kvy=kvy, tvy=tvy, rvy=rvy, verifier=verifier, rep=rep,
+            topics=["/receipt", "/replay", "/multisig", "/credential", "/delegate", "/challenge"])  # topics to listen for messages on
+        # reading notifications for received ipex grant exn messages
+        doers.extend(handling.loadHandlers(cdb=cdb, hby=hby, notifier=notifier, parser=mbd.parser))
+        doers.append(mbd)
 
     return doers