All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Breaking: Removed
Transport
and thehyper
andreqwest
features.ReqwestTransport
is now the default andHyperTransport
has been removed. ExistingReqwestTransport
functions have been moved toAgentBuilder
. Url
now implementsRouteProvider
.- Add canister snapshot methods to
ManagementCanister
.
- Bug fix: Add
api/v2
prefix to read_state requests for hyper transport
- Removed the Bitcoin query methods from
ManagementCanister
. Users should useBitcoinCanister
for that. - Added
BitcoinCanister
toic-utils
. - Upgraded MSRV to 1.75.0.
- Changed
ic_utils::interfaces::management_canister::builders::InstallMode::Upgrade
variant to beOption<CanisterUpgradeOptions>
:CanisterUpgradeOptions
is a new struct which covers the new upgrade option:wasm_memory_persistence: Option<WasmMemoryPersistence>
.WasmMemoryPersistence
is a new enum which controls Wasm main memory retention on upgrades which has two variants:Keep
andReplace
.
- Added an experimental feature,
experimental_sync_call
, to enable synchronous update calls. The feature adds a toggle to theReqwestTransport
andHyperTransport
to enable synchronous update calls.
- Added a default request timeout to
ReqwestTransport
. - Introduced transparent http request retry logic for network-related failures.
ReqwestTransport::with_max_tcp_errors_retries()
,HyperTransport::with_max_tcp_errors_retries()
. - Changed the SyncCall and AsyncCall traits to use an associated type for their output instead of a generic parameter.
- Call builders now generally implement
IntoFuture
, allowing.call_and_wait().await
to be shortened to.await
. - Added
log_visibility
to canister creation and canister setting update options.
- Added a limit to the concurrent requests an agent will make at once. This should make server-side ratelimiting much rarer to encounter, even when sending a high volume of requests (for example, a large
ic_utils::ManagementCanister::install
call). - The agent will now automatically retry 429 Too Many Requests responses after a short delay.
- BREAKING: Changed Chunk Store API to conform to the interface specification:
ChunkHash
was changed from[u8; 32]
to a struct.- Return types of
ManagementCanister::stored_chunks()
andManagementCanister::upload_chunk()
. - Argument type of
ManagementCanister::install_chunked_code()
. InstallChunkedCodeBuilder
.- All occurrences of
storage_canister
were changed tostore_canister
. - The field
chunk_hashes_list
was changed fromvec<vec<u8>>
tovec<ChunkHash>
.
- All occurrences of
- Changed
WalletCanister::from_canister/create
's version check to not rely on the reject code. - Added
QueryBuilder::call_with_verification()
andQueryBuilder::call_without_verification()
which always/never verify query signatures regardless the Agent level configuration fromAgentBuilder::with_verify_query_signatures
. - Function
Agent::fetch_api_boundary_nodes()
is split into two functions:fetch_api_boundary_nodes_by_canister_id()
andfetch_api_boundary_nodes_by_subnet_id()
. ReqwestTransport
andHyperTransport
structures storing the trait objectroute_provider: Box<dyn RouteProvider>
have been modified to allow for shared ownership viaArc<dyn RouteProvider>
.- Added
wasm_memory_limit
to canister creation and canister setting update options. - Bumped Reqwest version from
0.11.7
to0.12.4
- Changed
AgentError::ReplicaError
toCertifiedReject
orUncertifiedReject
.CertifiedReject
s went through consensus, andUncertifiedReject
s did not. If your code usesReplicaError
:- for queries: use
UncertifiedReject
in all cases (for now) - for updates: use
CertifiedReject
for errors raised after the message successfully reaches the canister, andUncertifiedReject
otherwise
- for queries: use
- Added
Agent::fetch_api_boundary_nodes
for looking up API boundary nodes in the state tree. - Timestamps are now being checked in
Agent::verify
andAgent::verify_for_subnet
. If you were using it with old certificates, increase the expiry timeout to continue to verify them. - Added node metrics, ECDSA, and Bitcoin functions to
MgmtMethod
. Most do not have wrappers inManagementCanister
because only canisters can call these functions. - Added
FetchCanisterLogs
function toMgmtMethod
and a corresponding wrapper toManagementCanister
. - Updated the
ring
crate to 0.17.7.ring
0.16 has a bug where it requires incorrect Ed25519 PEM encoding. 0.17.7 fixes that and is backwards compatible. - Removed serde and candid serialization traits from the
Status
type. - Added commas and newlines to the
Status
fmt::Display output. It is valid JSON now (it was close before).
- Changed the return type of
stored_chunks
to a struct. - Added a prime256v1-based
Identity
impl to complement the ed25519 and secp256k1Identity
impls. - Changed the type of
InstallMode.skip_pre_upgrade
frombool
toOption<bool>
to match the interface specification.
- Added the chunked wasm API to ic-utils. Existing code that uses
install_code
should probably update toinstall
, which works the same but silently handles large wasm modules. - Added query stats to
StatusCallResult
. - Upgraded
ic-certification
to v2.2.
- Breaking change: Bump candid to 0.10. Downstream libraries need to bump Candid to 0.10 as well.
- Feat: add
idle_cycles_burned_per_day
field toStatusCallResult
.
- Fixed a spurious certificate validation error in the five minutes after a node is added to a subnet
- Fixed
HyperTransport
endpoint construction (//
in the format/api/v2//canister/5v3p4-iyaaa-aaaaa-qaaaa-cai/query
)
- Added node signature certification to query calls, for protection against rogue boundary nodes. This can be disabled with
with_verify_query_signatures
. - Added
with_nonce_generation
toQueryBuilder
for precise cache control. - Added the ability to dispatch to multiple URLs to
ReqwestTransport
andHyperTransport
, with aRouteProvider
trait and a providedRoundRobinRouteProvider
implementation. - Added
read_subnet_state_raw
toAgent
andread_subnet_state
toTransport
for looking up raw state by subnet ID instead of canister ID. - Added
read_state_subnet_metrics
toAgent
to access subnet metrics, such as total spent cycles. - Types passed to the
to_request_id
function can now contain nested structs, signed integers, and externally tagged enums. Envelope
struct is public also outside of the crate.- Remove non-optional
ic_api_version
field (whose value is not meaningfully populated by the replica) and optionalimpl_source
andimpl_revision
fields (that are not populated by the replica) from the expected/api/v2/status
endpoint response. - Drop
senders
field from user delegations (typeDelegation
).
- Added
reserved_cycles_limit
to canister creation and canister setting update options. - Added
reserved_cycles
andreserved_cycles_limit
to canister status call result.
- Added
DelegatedIdentity
, anIdentity
implementation for consuming delegations such as those from Internet Identity. - Replica protocol type definitions have been moved to an
ic-transport-types
crate.ic-agent
still reexports the ones for its API. - The
Unknown
lookup of a request_status path in a certificate results in anAgentError
(the IC returnsAbsent
for non-existing paths). - For
Canister
type, added methods with no trailing underscore: update(), query(), canister_id(), clone_with()
- Breaking change: Remove argument builder form
ic-utils
.CallBuilder::with_arg
sets a single argument, instead of pushing a new argument to the list. This function can be called at most once. If it's called multiple times, it panics. If you have multiple arguments, useCallBuilder::with_args((arg1, arg2))
orCallBuilder::set_raw_arg(candid::Encode!(arg1, arg2)?)
. - feat: Added
public_key
,sign_arbitrary
,sign_delegation
functions toIdentity
. - Add
From
trait to coercecandid::Error
intoic_agent::AgentError
. - Add
Agent::set_arc_identity
method to switch identity.
Switched from rustls crate to rustls-webpki fork to address https://rustsec.org/advisories/RUSTSEC-2023-0052
Removed the arc_type
feature requirement for candid, in order to avoid deprecation warnings. This is a breaking change. The call and call_and_wait are no longer async fn
and instead return a Future or BoxFuture.
- Breaking Change: builders are now owning-style rather than borrowing-style; with_arg takes an owned Vec rather than a borrowed Vec
- Breaking Change: Identity::sign takes &EnvelopeContent rather than the request ID.
- Bump Candid crate to 0.9.0
-
fix: Adjust the default polling parameters to provide better UX. Remove the
CouldNotReadRootKey
error and panic on poisoned mutex. -
chore: remove deprecated code and fix style
-
Breaking Change: removing the PasswordManager
-
Breaking Change: Enum variant
AgentError::ReplicaError
is now a tuple struct containingRejectResponse
. -
Handling rejected update calls where status code is 200. See IC-1462
-
Reject code type is changed from
u64
to enumRejectCode
. -
Support WASM targets in the browser via
wasm-bindgen
. Featurewasm-bindgen
required. -
Do not send
certificate_version
on HTTP Update requests -
Update
certificate_version
tou16
instead ofu128
, fixes an issue where the asset canister always responds with v1 response verification
- Breaking change: Content and path storage has been changed from a
Cow<[u8]>
to a user-providedT: AsRef<u8>
, removing the lifetime from various types.
- Fixed issue where a missing request header caused the canister to not respond with an
ic-certificate
header.
- Expose the root key to clients through
read_root_key
- Add
lookup_subtree
method to HashTree & HashTreeNode to allow for subtree lookups. - Derive
Clone
onCertificate
andDelegation
structs. - Add certificate version to http_request canister interface.
- (ic-utils) Add specified_id in provisional_create_canister_with_cycles.
- Remove
garcon
from API. Callers can remove the dependency and any usages of it; all waiting functions no longer take a waiter parameter. - Create
ic-certification
crate and move HashTree and Certificate types.
- Drop
disable_range_check
flag from certificate delegation checking.
- Update
candid
to v0.8.0. - Move
hash_tree
fromic-types
and no more re-export ic-types.
- Set
default-features = false
foric-agent
interdependencies to reduce unused nested dependencies. - Bump
candid
to0.7.18
.
- Fixed custom configured HTTP headers - no longer is the header's value wrapped with double quotes.
- Switched to
ic-verify-bls-signature
crate for verify BLS signatures - Added new
hyper
transportHyperReplicaV2Transport
- Added Agent::set_identity method (#379)
- Updated lookup_request_status method to handle proofs of absent paths in certificates.
- Make it possible to specify effective canister id in CreateCanisterBuilder
- Remove
PrincipalInner
Principal
directly holdslen
andbytes
fields
PrincipalError
enum has different set of variants reflecting changes infrom_text
logic.from_text
accepts input containing uppercase letters which results in Err before.from_text
verifies CRC32 check sequence
Added support configurable inclusion and exclusion of files and directories (including dotfiles and dot directories), done via .ic-assets.json
config file:
- example of
.ic-assets.json
file format:[ { "match": ".*", "cache": { "max_age": 20 }, "headers": { "X-Content-Type-Options": "nosniff" }, "ignore": false } ]
- see PR and tests for more examples
Added support for configuring HTTP headers for assets in asset canister (via .ic-assets.json
config file):
- example of
.ic-assets.json
file format:[ { "match": "*", "cache": { "max_age": 20 }, "headers": { "X-Content-Type-Options": "nosniff" } }, { "match": "**/*", "headers": null }, ]
headers
from multiple applicable rules are being stacked/concatenated, unlessnull
is specified, which resets/empties the headers. Both"headers": {}
and absence ofheaders
don't have any effect on end result.
Added support for asset canister config files in ic-assets
.
- reads configuration from
.ic-assets.json
config files if placed inside assets directory, multiple config files can be used (nested in subdirectories) - runs successfully only if the config file is right format (valid JSON, valid glob pattern, JSON fields in correct format)
- example of
.ic-assets.json
file format:[ { "match": "*", "cache": { "max_age": 20 } } ]
- works only during asset creation
- the config file is being taken into account only when calling
ic_asset::sync
(i.e.dfx deploy
oricx-asset sync
)
Breaking change: ic-asset::sync() now synchronizes from multiple source directories.
This is to allow for configuration files located alongside assets in asset source directories.
Also, ic-asset::sync:
- skips files and directories that begin with a ".", as dfx does when copying assets to an output directory.
- reports an error if more than one asset file would resolve to the same asset key
agent-rs/349 feat: add with_max_response_body_size to ReqwestHttpReplicaV2Transport
Updated dependencies. Some had breaking changes: k256 0.11, pkcs 0.9, and sec1 0.3.
Fixed a potential panic in secp256k1 signature generation.
Added ReqwestHttpReplicaV2Transport::create_with_client
.
Remove openssl
in favor of pure rust libraries.
Updated minimum version of reqwest to 0.11.7. This is to avoid the following error, seen with reqwest 0.11.6:
Unknown TLS backend passed to use_preconfigured_tls
Updated wallet interface for 128-bit API.
Remove parameterized canister pattern. Use WalletCanister::create
rather than Wallet::create
.
wallet_send takes Principal instead of &Canister.
Updated ic_utils::interfaces::http_request
structures to use &str
to reduce copying.
Removed Deserialize
from HttpRequest
.
Changed HttpResponse
to be generic over entire callback instead of just ArgToken
.
Added HttpRequestStreamingCallbackAny
to deserialize any callback, regardless of signature.
Added conversion helpers for HttpResponse
, StreamingStrategy
and CallbackStrategy
across generics.
Changes to Canister<HttpRequestCanister>
interface.
- Made
http_request
,http_request_update
, andhttp_request_stream_callback
more generic and require fewer string copies. - Added
_custom
variants to enable customtoken
deserialization.
Introduced HttpRequestStreamingCallback to work around dfinity/candid#273.
Response certificate verification will check that the canister id falls within the range of valid canister ids for the subnet.
Secp256k1 identity now checks if a curve actually uses the secp256k1 parameters. It cannot be used to load non-secp256k1 identities anymore.
Data type of cycles
changed to u128
(was u64
).
fetch_root_key() only fetches on the first call.
Re-genericized Token to allow use of an arbitrary Token type with StreamingStrategy.
Renamed BatchOperationKind._Clear to Clear for compatibility with the certified assets canister. This avoids decode errors, even though the type isn't referenced here.
Changed the 'HttpRequest.upgrade' field to 'Option' from 'bool'.
The lookup_value
function now takes generics which can be iterated over (IntoIterator<Item = &'p Label>
) and transformed into a Vec<Label>
, rather than just a Vec<Label>
.
The lookup_path
method now takes an Iterator<Label>
rather than an AsRef<[Label]>
Added support for upgrading HTTP requests (http_request_update method)
Updated crate dependencies, most notably updating rustls, removing the direct dependency on webpki-roots, and allowing consumers of ic-agent to update to reqwest 0.11.7.
Implements https://github.com/dfinity-lab/ic-ref/pull/371
Fixed a defect in asset synchronization where no retries would be attempted after the first 30 seconds overall.
Unified all version numbers and removed the zzz-release tool.
It's now possible to specify which encodings will be accepted. The default (and previous) behavior is to accept only the identity encoding. Specifying encodings that browsers more commonly accept demonstrates the difference in the returned data and certificate.
For example, here is the data and certificate returned when only accepting the identity encoding.
$ cargo run -p icx-cert -- print 'http://localhost:8000/index.js?canisterId=ryjl3-tyaaa-aaaaa-aaaba-cai'
DATA HASH: 1495cd574831c23b4db97bc3860666ea495386f0ef0dab73c23ef31db5aa2765
Label("/index.js", Leaf(0x1495cd574831c23b4db97bc3860666ea495386f0ef0dab73c23ef31db5aa2765)),
Here is an example accepting the gzip encoding (as most browsers do), showing that the canister responded with different data having a different data hash.
$ cargo run -p icx-cert -- print --accept-encoding gzip 'http://localhost:8000/index.js?canisterId=ryjl3-tyaaa-aaaaa-aaaba-cai'
DATA HASH: 1770e76af0816ba951320c03eab1263c43de7ac4b0558dd9049cc532b7d6cd01
Label("/index.js", Leaf(0x1495cd574831c23b4db97bc3860666ea495386f0ef0dab73c23ef31db5aa2765)),
This project moved to https://github.com/dfinity/icx-proxy.
- Added field
replica_health_status
toStatus
.- typical values
healthy
waiting_for_certified_state
- typical values