Merge branch 'main' into dependabot/pip/aiohttp-3.14.0

jamshale · web-flow · commit 80104fe6b84f · 2026-06-03T08:14:55.000-07:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -22,9 +22,9 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.29.5
+        uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v3.29.5
         with:
           languages: python
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.29.5
+        uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v3.29.5
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -73,6 +73,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.29.5
+        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v3.29.5
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -56,6 +56,6 @@ jobs:
         sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
     
     - name: Upload result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.29.5
+      uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v3.29.5
       with:
         sarif_file: snyk.sarif
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
@@ -1,9 +1,9 @@
 # ACA-Py Governance
 
-Maintainers and contributors are welcome to review the [draft technical charter for ACA-Py](https://docs.google.com/document/d/1fNndB1G-P5KcKbpPROrVGWI7U5Yt7rf5vphssNokn9o/edit?tab=t.0). Comments are welcome, but note that the ACA-Py Maintainers have already approved the document (via [ACA-Py PR 3857](https://github.com/openwallet-foundation/acapy/pull/3857)), and LF Project Formation is in the process of finalizing the document.
+The Adaptive Cloud Agent-Python (ACA-Py) project is governed by the [Technical Charter](TECHNICAL_CHARTER.md).
 
 Per the Linux Foundation:
 
-- A technical charter is created for all new projects to define both the project operations and the IP policy.  
-- We have proposed that the technical oversight for the ACA_Py project be handled by a “Technical Steering Committee” made up initially of the project’s maintainers.
-- At a later date the ACA-Py TSC is free to evolve how membership on the TSC is determined to accommodate project growth and the evolution of its governance.
+- A technical charter is created for all projects to define both the project operations and the IP policy.  
+- The technical oversight for the ACA-Py project is handled by the “Technical Steering Committee” made up of the project’s maintainers.
+- The ACA-Py TSC is free to evolve how membership on the TSC is determined to accommodate project growth and the evolution of its governance.
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# ACA-Py -- A Cloud Agent - Python  <!-- omit in toc -->
+# ACA-Py -- Adaptive Cloud Agent - Python  <!-- omit in toc -->
 
 ![Python](https://img.shields.io/badge/python-3.13-blue.svg)
 [![PyPI version](https://img.shields.io/pypi/v/acapy-agent)](https://pypi.org/project/acapy-agent/)
@@ -9,10 +9,10 @@
 [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/openwallet-foundation/acapy/badge)](https://scorecard.dev/viewer/?uri=github.com/openwallet-foundation/acapy)
 [![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/openwallet-foundation/acapy)
 
-ACA-Py is a production-ready, open-source self-sovereign identity (SSI) agent for building non-mobile decentralized trust services—such as verifiable credential issuers, holders, and verifiers—using any language capable of sending and receiving HTTP requests. Maintained by the OpenWallet Foundation, ACA-Py began in the Hyperledger Indy/AnonCreds/Aries ecosystem and has evolved to include support multiple verifiable credential formats and exchange protocols. It serves as a foundational building block for Trust Over IP-based ecosystems.
+Adaptive Cloud Agent - Python (ACA-Py) is a production-ready, open-source self-sovereign identity (SSI) agent for building non-mobile decentralized trust services—such as verifiable credential issuers, holders, and verifiers—using any language capable of sending and receiving HTTP requests. Maintained by the OpenWallet Foundation, ACA-Py began in the Hyperledger Indy/AnonCreds/Aries ecosystem and has evolved to include support multiple verifiable credential formats and exchange protocols. It serves as a foundational building block for Trust Over IP-based ecosystems.
 
 Full access to an organized set of all of the ACA-Py documents is available at [https://aca-py.org](https://aca-py.org).
-Check it out! It's much easier to navigate than the ACA-Py GitHub repo for reading the documentation. ACA-Py documentation is also AI-generated on the [DeepWiki] website at [DeepWiki ACA-Py]. DeepWiki provides a chatbot interface that can be used to ask questions about ACA-Py and get answers based on the documentation.
+It's much easier to navigate than the ACA-Py GitHub repo for reading the documentation. ACA-Py documentation is also AI-generated on the [DeepWiki] website at [DeepWiki ACA-Py]. DeepWiki provides a chatbot interface that can be used to ask questions about ACA-Py and get answers based on the documentation.
 
 [DeepWiki]: https://deepwiki.com
 [DeepWiki ACA-Py]: https://deepwiki.com/openwallet-foundation/acapy
@@ -23,12 +23,12 @@ Visit the ACA-Py Plugins Store at [https://plugins.aca-py.org](https://plugins.a
 
 ACA-Py is a foundation for building Verifiable Credential (VC) ecosystems. It operates in the second and third layers of the [Trust Over IP Model](https://trustoverip.org/wp-content/uploads/model-panel-full-2048x1146.png) using a variety of verifiable credential formats and protocols. ACA-Py runs on servers (cloud, enterprise, IoT devices, and so forth), and is not designed to run on mobile devices.
 
-ACA-Py includes support for the concepts and features that make up [Aries Interop Profile (AIP) 2.0](https://github.com/decentralized-identity/aries-rfcs/tree/main/concepts/0302-aries-interop-profile#aries-interop-profile-version-20). [ACA-Py’s supported features](./docs/features/SupportedRFCs.md) include, most importantly, protocols for issuing, verifying, and holding verifiable credentials using both [Hyperledger AnonCreds] verifiable credential format, and the [W3C Standard Verifiable Credential Data Model] format using JSON-LD with LD-Signatures and BBS+ Signatures. Coming soon -- issuing and presenting [Hyperledger AnonCreds] verifiable credentials using the [W3C Standard Verifiable Credential Data Model] format.
+ACA-Py includes support for the concepts and features that make up [Aries Interop Profile (AIP) 2.0](https://github.com/decentralized-identity/aries-rfcs/tree/main/concepts/0302-aries-interop-profile#aries-interop-profile-version-20). [ACA-Py’s supported features](./docs/features/SupportedRFCs.md) include, most importantly, protocols for issuing, verifying, and holding verifiable credentials using both [AnonCreds] verifiable credential format, and the [W3C Standard Verifiable Credential Data Model] format using JSON-LD with Data Integrity Proofs and BBS+ Signatures. It is also possible to issue and present [AnonCreds] verifiable credentials using the [W3C Standard Verifiable Credential Data Model] format.
 
-[Hyperledger AnonCreds]: https://www.lfdecentralizedtrust.org/projects/anoncreds
+[AnonCreds]: https://www.lfdecentralizedtrust.org/projects/anoncreds
 [W3C Standard Verifiable Credential Data Model]: https://www.w3.org/TR/vc-data-model/
 
-To use ACA-Py you create a business logic "controller" that talks to an ACA-Py instance (sending HTTP requests and receiving webhook notifications), and ACA-Py handles the various protocols and related functionality. Your controller can be built in any language that supports making and receiving HTTP requests; knowledge of Python is not needed. Together, this means you can focus on building VC solutions using familiar web development technologies, instead of having to learn the nuts and bolts of low-level cryptography and Trust over IP-type protocols.
+To use ACA-Py you create a business logic "controller" that talks to an ACA-Py instance (sending HTTP requests and receiving webhook notifications), and ACA-Py handles the various protocols and related functionality. Your controller can be built in any language that supports making and receiving HTTP requests; knowledge of Python is not needed. This approach means you can focus on building VC solutions using familiar web development technologies, instead of having to learn the nuts and bolts of low-level cryptography and Trust over IP-type protocols.
 
 This [checklist-style overview document](./docs/features/SupportedRFCs.md) provides a full list of the features in ACA-Py.
 The following is a list of some of the core features needed for a production deployment, with a link to detailed information about the capability.
diff --git a/TECHNICAL-CHARTER.pdf b/TECHNICAL-CHARTER.pdf
