Slack Archive

usage: kli witness start [-h] [-V] [-H HTTP] [-T TCP] [-n NAME] [--base BASE] --alias ALIAS [--passcode BRAN]

Runs KERI witness controller. Example: witness -H 5631 -t 5632

options:
  -h, --help            show this help message and exit
  -V, --version         Prints out version of script runner.
  -H HTTP, --http HTTP  Local port number the HTTP server listens on. Default is 5631.
  -T TCP, --tcp TCP     Local port number the HTTP server listens on. Default is 5632.
  -n NAME, --name NAME  Name of controller. Default is witness.
  --base BASE, -b BASE  additional optional prefix to file location of KERI keystore
  --alias ALIAS, -a ALIAS
                        human readable alias for the new identifier prefix
  --passcode BRAN, -p BRAN
                        22 character encryption passcode for keystore (is not saved)

{"v":"KERI10JSON0000fd_","t":"icp","d":"EGAOl2cFdAzUmVpMBfXPyN43sIg--ebodoHANM12oW1u","i":"BG5PdBRNDWWbqCF0VEMjX6K77Jy94A0aI7QECVUidnlJ","s":"0","kt":"1","k":["BG5PdBRNDWWbqCF0VEMjX6K77Jy94A0aI7QECVUidnlJ"],"nt":"0","n":[],"bt":"0","b":[],"c":[],"a":[]}-VAn-AABAADjn9mG0CTEJNXotZn0nq-mpV0Yw5923thvoaxmldtj5wzEneVaoSWpEZXMZFH7QkXIEZZvVI8CI_hZNK-8TE0O-EAB0AAAAAAAAAAAAAAAAAAAAAAA1AAG2022-10-12T00c52c22d370749p00c00

{"v":"KERI10JSON0000fa_","t":"rpy","d":"EPLIonLx_5QWAL7LUanf8Jx2D7tyt799aNPw_gcktdtK","dt":"2022-10-13T11:13:43.367604+00:00","r":"/loc/scheme","a":{"eid":"BLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM","scheme":"http","url":""}}-VAi-CABBLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM0BDMmGW-cRRZCG4cAERC5hA9qguWk2FAdYyWSNrImMAD8JPNoLh4vmcntpy5fwfobl1RgZmQtCE1G4THfq1Kee8H{"v":"KERI10JSON0000f8_","t":"rpy","d":"EOKwPkc9V6OK1vEZ6k3m2nVTwGMypQkXkIriTV4YO36J","dt":"2022-10-13T11:13:43.369834+00:00","r":"/loc/scheme","a":{"eid":"BLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM","scheme":"tcp","url":""}}-VAi-CABBLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM0BDxhAOgPpf73lPRj8VEPkRLBiQoxSSfHdnwBWZ6UKDGq-Ov_j4s7FDhB4ty6NQ4mkNUSKvh_VUZB1vmhvmiHSMF{"v":"KERI10JSON0001b7_","t":"icp","d":"EHlNJJ1O-s2BlqngkY7mYbVamK0Z7ISkru6TkjLG7yUi","i":"EHlNJJ1O-s2BlqngkY7mYbVamK0Z7ISkru6TkjLG7yUi","s":"0","kt":"1","k":["DC2vlPbLRy-f7gIDWBiabmmtQoJRJbai9nk990OcWdcx"],"nt":"1","n":["EIZ44CF_RRCxHbd4zxdc5QIZQZXNWlwyU636bV9-rXIT"],"bt":"3","b":["BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha","BLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM","BIKKuvBwpmDVA4Ds-EpL5bt9OqPzWPja2LigFYZN2YfX"],"c":[],"a":[]}-VBq-AABAADu-Una0rLg3DA1d8qZ_LWcP6KEVCWMaAF4UKPGfT9b8ct2g9Q1hejXBfvHZQ90agEGBFr3yu-Bo5_EtIsY0icJ-BADAACbkEz96qyDWS5IlByP-gh_tiNrQf0iiGg9TU8QOrOC1h1hjVs2ar6fMmsCSXe5xStP2uFYi58EEHFtnFNiPFgLABALwJvk7b0tlBMG3WL-ZF1fF1oESsvNh04_9gsLZhxIFh_Opgt_mfKOH-1xeDn2pyHUM4rbiwFQSa7O4zfxRqcDACBbX6tGNnF0kWkLCPUDpVFTxlfnqDaN9THymUj875gHimFhGokaZm05zh4--vLwmBSdTGvP3UyrFfubFn3mBMwD-EAB0AAAAAAAAAAAAAAAAAAAAAAA1AAG2022-10-08T17c08c16d113607p00c00

{
  "dt": "2022-01-20T12:57:59.823350+00:00",
  "wan": {
    "dt": "2022-01-20T12:57:59.823350+00:00",
    "curls": ["", ""]
  },
  "iurls": [
  ]
}

"witness_signatures": [
    {
     "index": 0,
     "signature": "AACzmKxv-Gttw3GImcJIqwB_l8giL_M95YBFHA3rjx4rMfh6d4KWpa8r4ALRDkjF1FktHrxU0XMMnyHaBWkJUvMC"
    },
    {
     "index": 1,
     "signature": "ABCuC53p3BF8pPWb_i6vo5JAIPSQI3az80OKH9VSejkaS1eLcLxwUKUp1I867oGQ-VyRO-neFsi7CTWGW0RiamAC"
    },
    {
     "index": 2,
     "signature": "ACChnhDjCVEpf2LclwF0ErLPQtFLoVyxxF4nAXItpPqXxFG6aZi2Kpdjwrny9NUriRWC4obDr3MzplSaImoykcYF"
    }
   ],
   "receipts": {},
Shouldn’t receipts be there? Or some extra action need to be performed at witnesses?

2- how can I get Alice’s KEL from Bob's agent? I tried `kli query` but always receive the error `ERR: WitnessInquisitor.__init__() missing 1 required positional argument: 'hby'`

pris (subing.CryptSignerSuber): named sub DB whose keys are public key
>     from key pair and values are private keys from key pair
>     Key is public key (fully qualified qb64)
>     Value is private key (fully qualified qb64)

kli present --name mydb \
  --base ${MYDIR} \
  --alias mydid \
  --said <the SAID from issuance> \
  --include \
  --recipient <what do I do here?>
Given that, what would I need to do in order to make the recipient be a separate agent? I see the docs for that argument indicates it is an
> 
alias or qb64 AID
which makes me think the credentials can only presented to locally stored recipients. Is that correct or can the AID be something tied to another agent?

additional optional prefix to file location of KERI keystore
and `hio/base/filing.py` constructs the path as so:
path = os.path.abspath(
                        os.path.expanduser(
                            os.path.join(headDirPath,
                                         tailDirPath,
                                         base,
                                         name)))
This led me to believe that the `base` attribute was originally intended to be used as an optional segment of the path like so:
`/headDirPath/tailDirPath/base/name`

Because of this code segment in `Filer` I assumed that both `headDirPath` and `base` must be specified together

However, the `existing.existingHby` context manager does not have a property for specifying the configuration directory, headDirPath, which leads me to believe base is being used with an assumption of using the default `HeadDirPath` or `AltHeadDirPath` from the `Keeper` class.

kli multisig incept --name multisig1 --alias multisig1 --group multisig --file ${KERI_DEMO_SCRIPT_DIR}/data/multisig-triple-sample.json &
Now I just need a nexample of the Base 16 hex string.

 not found

kli agent demo --config-file demo-witness-oobis-schema
It showed that
******* Starting Multisig Delegation Agents on ports 5623, 5723, 5823, 5923 .******
However,
1. I cannot access any of the swagger html page on any of `` or other ports
2. What is `demo-witness-oobis-schema` file? Is it stored in the OOBI database as well?

assert hab.kever.verfers[0].verify(sig=raw, ser=ser) is True

mbd = indirecting.MailboxDirector(
  hby=hby, 
  exc=exc,
  kvy=kvy,
  tvy=tvy,
  rvy=rvy,
  verifier=verifier,
  rep=rep,
  topics=["/receipt", "/replay", "/multisig", "/credential", "/delegate", "/challenge"])

witDoer = agenting.WitnessReceiptor(hby=self.hby)
        self.extend(doers=[witDoer])

        if hab.kever.wits:
            witDoer.msgs.append(dict(pre=hab.pre))
            while not witDoer.cues:
                _ = yield self.tock

mbd = indirecting.MailboxDirector(
>   hby=hby, 
>   exc=exc,
>   kvy=kvy,
>   tvy=tvy,
>   rvy=rvy,
>   verifier=verifier,
>   rep=rep,
>   topics=["/receipt", "/replay", "/multisig", "/credential", "/delegate", "/challenge"])

def list_credentials(args):
    """ Command line list credential registries handler

    """
    ld = ListDoer(name=args.name,
                  alias=args.alias,
                  base=args.base,
                  bran=args.bran,
                  verbose=args.verbose,
                  poll=args.poll,
                  said=args.said,
                  issued=args.issued,
                  schema=args.schema)
    return [ld]
Is the ListDoer invoked on instantiation or by something that executes all doers in the returned list?

def runController(doers, expire=0.0):
    """
    Utiitity Function to create doist to run doers
    """
    tock = 0.03125
    doist = doing.Doist(limit=expire, tock=tock, real=True)
    (doers=doers)

    try:
        doers = args.handler(args)
        directing.runController(doers=doers, expire=0.0)
`kli` main runs all of the commands created by the handler factories.
This is enough to get me started.

kli agent start -a 5630
and then tried to navigate to  but am getting a 400 responce.

        if not hab.group:
            if estOnly:
                hab.rotate(data=[rseal])
            else:
                hab.interact(data=[rseal])
What is the thinking behind when a registry inception event is also an establishment event?
Why would it be different?
Is it that for establishment only KELs that registry inception is allowed in that registry creation can be seen as a type of establishment event, the establishment of a credential?

kli init --name witness --nopasscode --config-dir ${KERI_SCRIPT_DIR} --config-file witness
There is an argument `--config-file witness` but I cannot fathom which configuration file `witness`  is it referring to?

for i in `seq 0 1 4`
do
    echo "Start witness_${i}"
    kli witness start --name witness_${i} --alias witness_${i}_alias &
done
And I have set each witness configuration file to use different port (by using different configuration file)

Witness witness_0 : BH1Cw8JeU4Aa1BR2SVzNlGJWOHNkSW1aFyOxivIlO7EK
ERR: 'NoneType' object has no attribute 'accept' # witness_1
ERR: 'NoneType' object has no attribute 'accept' # witness_2
ERR: 'NoneType' object has no attribute 'accept' # witness_3
ERR: 'NoneType' object has no attribute 'accept' # witness_4

def scoobiDo(self, tymth=None, tock=0.0):

#!/bin/bash
cd ~/keripy/scripts || exit 1
. ./demo/demo-scripts.sh || exit 1
name=wan
salt=0AB3YW5uLXRoZS13aXRuZXNz
tcp=5632
http=5642
kli init --name $name --nopasscode --salt $salt
kli incept --name $name --alias=$name --config ${KERI_SCRIPT_DIR} --file ${KERI_DEMO_SCRIPT_DIR}/data/wil-witness-sample.json
exec kli witness start --name $name --alias=$name -T $tcp -H $http
Then I start all witnesses with the following script. Put this into `witness-demo.sh`

#!/bin/bash

function stop-all {
    kill $(jobs -p)
}

trap stop-all EXIT

bash wan.sh &
bash wil.sh &
bash wes.sh &

wait $(jobs -p)
To start all witnesses run `bash witness-demo.sh`

kli oobi resolve --name qvi --oobi-alias external \
  --oobi 

OOBI_RE = re.compile('\\A/oobi/(?P<cid>[^/]+)/(?P<role>[^/]+)(?:/(?P<eid>[^/]+))?\\Z', re.IGNORECASE)
These questions are really part of my attempt to understand what OOBI resolution does. The question below is a clearer ask than the low level details I asked about above.

Since
• *wan* is `BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha` (`…f2ha`) and 
• *external* is `EHOuGiHMxJShXHgSb6k_9pqxmRb8H-LT0R2hQouHp8pW` (`…p8pW`)
Then is this OOBI resolution command telling the `qvi` database about the *external* AID `...p8pW` and to use *wan* `…f2ha` as a witness to check *external*’s KEL for key authority? And a follow up, on every OOBI resolution is a verification of key state completed to verify that the AID in the OOBI is authentic?

class SchemaEnd:
    ...

    def on_get(self, _, rep, said):
        if said in self.schemaCache:
            data = self.schemaCache[said]

            rep.status = falcon.HTTP_200
            rep.content_type = "application/schema+json"
            rep.data = data
            return

        if said in self.credentialCache:
            data = self.credentialCache[said]

            rep.status = falcon.HTTP_200
            rep.content_type = "application/acdc+json"
            rep.data = data.encode("utf-8")
            return
That return the `-acdc.cesr` files and the other code that shows ACDCs can be resolved by OOBI, I presume a data OOBI.

{
  "$id": "EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao",
  "$schema": "",
  ...
}
2. How do I compute the `$id` property in the `"a"` and `"r"` sections later on in the file:
{
  ...
  "a": {
      "oneOf": [
        {
          "description": "Attributes block SAID",
          "type": "string"
        },
        {
          "$id": "ELGgI0fkloqKWREXgqUfgS0bJybP1LChxCO3sqPSFHCj",
          "description": "Attributes block",
  ...
  "r": {
      "oneOf": [
        {
          "description": "Rules block SAID",
          "type": "string"
        },
        {
          "$id": "ECllqarpkZrSIWCb97XlMpEZZH3q4kc--FQ9mbkFMb_5",
          "description": "Rules block",
}
Once I know this I may have everything I need to write schemas other than a knowledge of how edges work, though the `issue-xbrl-attestation.sh` script gives me an idea.

{
  "dt": "2023-02-26T12:57:59.823350+00:00",
  "iurls": [
    "",
    "",
    "",
    "",
    ""
  ]
}
I can load all 5 OOBIs for Alice to incept her local AID in the next step
===========================================================
However, for this `incept` step, when I ran the `kli incept` command and pass the `--file` as shown below
{
  "transferable": true,
  "wits": [
    "BC7qjybOGR7-UPVp-R-gqPmeeFY2eI6FYr-OE2OI8iMX",
    "BLQOLhl3SAhuBEWbNT3CzyU2u4gesbpKx70Tzvkrk-1Y",
    "BAHVSvATS6N8fQfV-UfJB_xZXzRuEL5mX7cWKdxNKVzK",
    "BBmSeiRdPwwH3Ph5VSPJXFa1ub2zfYiR1XS7LUqGyJ_g",
    "BMF2DG6OJ-En0Rb2UqSfZ0g5VtruxhIIrOE-XNcBprpR"
  ],
  "toad": 5,
  "icount": 1,
  "ncount": 1,
  "isith": "1",
  "nsith": "1"
}
It shows an error that it cannot receive any receipts from any of 5 witnesses
Waiting for witness receipts...
`ERR: unable to find a valid endpoint for witness BC7qjybOGR7-UPVp-R-gqPmeeFY2eI6FYr-OE2OI8iMX`

Alias:  Alice Alicia
Identifier: EOBA19qSkKfflSMXj28FlV8i5JwTkYSUX4vZjeLSsMLV
Seq No: 0

Witnesses:
Count:          5
Receipts:       0
Threshold:      5

Public Keys:
        1. DD5K6t_-cV2cijPpXAU6Ajs_GI6tYVmtbhDE35eX08BL
So the received Receipts are at `0`
*Did I miss anything?* 

KERI Keystore created at: /home/ubuntu/.keri/ks/QAR-ALICE
KERI Database created at: /home/ubuntu/.keri/db/QAR-ALICE
KERI Credential Store created at: /home/ubuntu/.keri/reg/QAR-ALICE
        aeid: BN7nMtdIVbhhY8c6Vslof3AhvaVT1KQY2scX_XLZsW9t

Loading 5 OOBIs...
 succeeded
 succeeded
 succeeded
 succeeded
 succeeded

{
  "dt": "2022-01-20T12:57:59.823350+00:00",
  "wan": {
    "dt": "2022-01-20T12:57:59.823350+00:00",
    "curls": ["", ""]
  },
  "iurls": [
  ]
}
This config file for the witness launched with the name of "wan" is being told to generate endpoint responses for 2 endpoints, one HTTP and one TCP.

kli init --name wan --salt 0AB3YW5uLXRoZS13aXRuZXNz --nopasscode --config-dir "${KERI_SCRIPT_DIR}" --config-file wan-witness
I was missing a `main/` path segment on the `wan-witness` file I was using.
Due to the default arguments for the `Configer` class it uses the path segment `"main"` when looking for configuration files.
class Configer(filing.Filer):
  ...
  TailDirPath = "keri/cf"
  ...
   def __init__(self, name="conf", base="main", filed=True, mode="r+b",
                 fext="json", human=True, **kwa):
    ...
The problem can be worked around (solved?) by just putting a prefix on the path given to the `--config-file` argument as so:
--config-file main/wan-witness

for msg in self.db.clonePreIter(pre=pre, fn=0):
                msgs.append(msg)

parser.add_argument('-c', '--controller',
                    action='store',
                    default="E59KmDbpjK0tRf9Rmc7OlueZVz7LB94DdD3cjQVvPcng",
                    help="Identifier prefix to accept control messages from.")
Does this mean that the prefix should be set up prior to starting the agent, so `kli init` and `kli incept` prior to `kli agent start`?

        sig = req.headers.get("SIGNATURE")
        ked = req.media
        ser = json.dumps(ked).encode("utf-8")
        if not self.validate(sig=sig, ser=ser):
            resp.complete = True
            resp.status = falcon.HTTP_401
            return

"topics":{
      "/receipt":0,
      "/replay":0,
      "/reply":0
    },
What does the `0` mean after each topic?
I also saw other queries that express a single topic as `"topic":"challenge"` without the `/` and the `0`.

id: 14
event: /receipt
retry: 5000
data: {"v":"KERI10JSON000091_","t":"rct","d":"ELdorFEqtQyGObZRWf54IoKQ5zNdSSA0lvk-VN5lllGs","i":"EAR1eNUllla9Y7l0ru0btqGrFoWuhLk8BkMWFUMEljUY","s":"a"}-CABBEXBtyNmAdUiEMsPYamGdMq4TEQfmitcFAyUYcY15Im20BCMbqyPh0dY2n4AyKw7TX2jsixbqX2nIuNey0QsZmMRTsGMulnjkG76EBYlQdD-q7hgkSSXn_xKhIvUkHB9Ni0H
where `id: 14` is the index of the response and  `event: /receipt` is the topic  that the `qry` asked for.

pris (subing.CryptSignerSuber): named sub DB whose keys are public key
            from key pair and values are private keys from key pair
            Key is public key (fully qualified qb64)
            Value is private key (fully qualified qb64)