Skip to content

v0.3.0

Choose a tag to compare

View all tags
@stormer78 stormer78 released this 01 Apr 09:38
· 1040 commits to main since this release
v0.3.0
300ac3c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v0.3.0

Highlights

  • Reader role — new context-scoped read-only role for observing keys, contexts, and DIDs without write access. Every endpoint is now classified as read, write, or manage.
  • Integration module (vta_sdk::integration) — one-call startup() for services that manage their DID and secrets through a VTA, with offline resilience via a pluggable SecretCache trait.
  • Integration guide — new docs/integration-guide.md for 3rd-party developers.
  • GitHub Actions CI — automated check, test, clippy, and fmt on every push and PR.

Role Hierarchy

Super Admin > Admin > Initiator > Application > Reader > Monitor
Action Minimum Role
Read keys, contexts, DIDs, config Reader
Sign, cache write/delete Application
ACL management, credentials Initiator
Key create/delete/import, seeds, audit Admin
Config update, context CRUD, backup, restart Super Admin
Metrics and health only Monitor

What's Changed

Features

  • Reader role with read/write action classification
  • VTA SDK integration module with startup(), SecretCache, and authenticate()
  • Key labels used as verification method IDs in fetch_did_secrets_bundle()
  • Lightweight DIDComm auth (auth_light) without ATM/TDK runtime
  • VtaClient::from_credential() with automatic token refresh
  • Keyspaces struct and DIDCommSendParams for cleaner operation signatures

Security

  • 17 DIDComm handlers fixed with explicit role checks matching REST counterparts
  • Sign and cache write endpoints tightened to require Application+
  • Backup export route uses SuperAdminAuth extractor
  • VTC key material zeroization with proper error propagation
  • Session backend errors now logged instead of silently swallowed

Architecture

  • Shared SeedStore trait extracted to vti-common
  • Workspace dependencies consolidated (ed25519-dalek, dialoguer, chrono)
  • HTTP client reuse in auth_light for connection pooling
  • WebvhClient refactored with send()/with_auth() helpers
  • Zero clippy warnings across the entire workspace

Testing & CI

  • 263 tests (up from ~230), zero failures
  • GitHub Actions CI with parallel check, test, clippy (-D warnings), fmt jobs
  • Operation-level unit tests for create_key, sign_payload, rotate_seed

Documentation

  • Integration guide for 3rd-party developers
  • Updated security architecture with role hierarchy and action categories
  • Comprehensive changelog

Full Changelog: v0.2.1...v0.3.0

Assets 2
Loading