feat: ETHR multiledger suport

[flaviocgarcia78]

Summary

This PR introduces support for multi-ledger configuration when resolving the did:ethr method in Indy-Besu.

With this change, the resolver can interact with multiple EVM-compatible ledgers instead of relying on a single configured network. This enables broader interoperability and flexibility when working with decentralized identity deployments across different Ethereum-based networks.

Motivation

Currently, the did:ethr integration assumes a single ledger configuration. However, real-world deployments often require interacting with multiple networks (e.g., mainnet, testnets, or permissioned EVM chains).

Supporting multiple ledgers allows implementers to:

• Resolve DIDs across different Ethereum-based networks
• Improve interoperability between deployments
• Support environments where identity infrastructure spans multiple chains

Changes

• Added multi-ledger configuration support for the did:ethr method
• Updated resolver logic to select the appropriate ledger
• Added configuration structure for defining multiple EVM networks
• Refactored related components to support ledger selection

Testing

The following tests were performed:

• Verified DID resolution against multiple configured ledgers
• Ensured backward compatibility with single-ledger configurations
• Confirmed correct behavior for existing DID resolution flows

Compatibility

This change is backward compatible. Existing configurations using a single ledger will continue to function without modification.

Related Work

Related to ongoing work around multi-network interoperability in DID resolution.

Contributor

Contribution by external collaborator.

[flaviocgarcia78]

Hi @Artemkaaas and @Toktar,

I've just opened this PR adding multi-ledger support for the did:ethr method.
Could you please take a look and let me know if the approach aligns with the project expectations?

If there are any adjustments needed (design, configuration format, tests, etc.), I'm happy to update the implementation.

Thanks!

[Toktar]

Hi @flaviocgarcia78, thank you for this contribution! It is a valuable addition. Appreciate the tests and the comprehensive demo script as well.

Before we can move forward with merging, I'd like to flag a few architectural and code quality concerns:

Architectural

No client caching. get_ledger_for_identifier() and ping_all() instantiate a new LedgerClient on every call. This is expensive (HTTP connections, potential TLS handshake). Looking at Arc I guess, caching was planned, could you add a client cache?

Fragile DID parsing. extract_network() takes parts[2] without validating the DID method. It makes sense to check if it's did:ethr and if there's a namespaces

VdrError::ClientInvalidResponse is used for configuration errors (missing network, wrong mode). These are semantically different. A dedicated variant like ConfigError or NetworkNotFound would be clearer.

Scope

This PR mixes several unrelated changes. I'd recommend splitting this into focused PRs, it's very hard to review as-is.

Internal infrastructure leak. The .gitlab-ci.yml references gitcorporativo.serpro (internal GitLab) with hardcoded project IDs and SSL certificate workarounds. This shouldn't land in a Hyperledger open-source repo.

Committed artifacts. The file vdr/uniffi/--out-dir is a CLI typo artifact, and the 5090-line Swift file should be generated in CI rather than committed.

What is the reason of monitoring stack removal from docker-compose? Could you please return it?

LedgerMode, LedgerResult, and LedgerClientConfig lack Debug, this makes debugging difficult.

And could you please fix linter errors and DCO?

Thank you!

[Toktar]

Mutex is imported but unused. Could you implement client caching please?

[Toktar]

Could you please use English language for comments?

[Toktar]

Could you please use English language for comments?

[Toktar]

Could you please use English language for comments?

[Toktar]

Could you please use English language for comments?

[Toktar]

The magic strings "default" and the implicit ConfigOnly default appear in several places.

[Toktar]

quorum_config from LedgerClientConfig is available but not passed to LedgerClient::new() — None is used instead. This looks like an oversight or I missed something

[Toktar]

DID can contain more then 3 prefixes.

[Toktar]

Can be an issue if the script is called from a different working directory. os.path.dirname(os.path.abspath(file)) with relative navigation would be more robust.

[Toktar]

deprecated since Python 3.10. asyncio.run(demo()) is the modern replacement.

[Artemkaaas]

I think we should use HashMap<String, Arc<LedgerClient>> as a cache because now it does parsing of all contract ABIs and opens a connection on every call of get_ledger_for_identifier, which is called per operation.

[Artemkaaas]

Should it also contain LedgerMode as a property? I see LedgerMode::LedgerClient is hardcoded below, while the actual definition provides two options.

[flaviocgarcia78]

Good point.
At the moment, I kept LedgerMode hardcoded to LedgerClient in the FFI layer to keep the API simpler and avoid introducing additional enum mappings in UniFFI.
Since the main goal of this PR is to introduce multi-ledger routing and caching, I suggest we keep this behavior for now and handle exposing LedgerMode as a follow-up improvement (it will require proper UniFFI enum support and bindings update).

[Artemkaaas]

It looks like LedgerRouter is not integrated into methods like resolve_did, resolve_schema, and so on. They still accept client instances.

I think we should define a common trait for LedgerRouter and LedgerClient, so all existing resolution methods can accept any of the client implementations. At the FFI layer, we can provide duplicate methods if we face an issue.

[Artemkaaas]

I do not really think that this demo actually verifies the multi-ledger behaviour correctness. All three configurations use identical chainId and nodeAddress. This is the same single ledger registered under three names.

[flaviocgarcia78]

You're right — the current demo validates routing behavior rather than real multi-ledger connectivity.

Each network is registered under a distinct name, so the router logic (network resolution and client selection) is exercised, even though the underlying node is the same.

I will clarify this in the demo comments to avoid confusion, and we can extend it later with distinct endpoints if needed.

[Artemkaaas]

Label says network1 but client resolves did defined via network2

[Artemkaaas]

It seems to refer to a private corporate GitLab instance (gitcorporativo.serpro) with a hardcoded project ID (21675). It has no relation to this project. This job needs to be deleted.

[Artemkaaas]

The change added in the PR is definitely valuable - named-network routing for multi-ledger support fills a real gap.
Apart from several clean-up comments, I have only the two main technical comments before getting this PR ready to merge:

1. Adding client caching
2. Router integration into resolution methods

[flaviocgarcia78]

@Artemkaaas

**Artemkaaas **

First of all, thank you for the opportunity to contribute to the indy-besu project — it’s a great initiative and very interesting work.

Special thanks to @Artemkaaas and @Toktar for the thorough review and valuable feedback. It really helped to refine the approach and improve the implementation.

I’ve pushed updates addressing the main points discussed. Happy to iterate further if needed.
Addressing the main review point: Router integration into resolution methods

I took a deeper look into integrating the router directly into resolution flows (e.g. resolve_did, resolve_schema), and I agree this is a valuable direction.

However, I believe it is safer to keep the current approach for now, where the caller explicitly resolves the LedgerClient via the router:

client = router.get_ledger_for_identifier(identifier)

and then passes it to the corresponding operation.

The main reason is that not all flows have a reliable identifier to derive the target ledger. For example, in write operations such as schema creation:

SchemaRegistry.build_create_schema_endorsing_data(client, schema)

the schema may not yet have a fully qualified identifier (or network information), making automatic routing ambiguous or error-prone.

Because of that, introducing router-based delegation at this stage could lead to implicit behavior and edge cases that are harder to reason about.

For this PR, I focused on:

• introducing named-network routing
• adding client caching to avoid repeated instantiation
• keeping routing explicit and predictable

I suggest handling router-based delegation (especially for read/resolve methods) as a follow-up improvement.

Happy to extend in that direction in a next PR if that sounds good 👍

— Flavio Garcia

[Artemkaaas]

@flaviocgarcia78
Thank you for processing comments.

#174 (comment)
Sounds reasonable. Explicit routing at the call site is safer for now. A follow-up PR is a fair call.

Could you fix markdown linter issues and remove one unprocessed Portuguese comment - https://github.com/hyperledger-indy/indy-besu/pull/174/changes#diff-3739dfc2ecb3a79bfb86811a09028efd7279f2743ecec65bf4917cb2fa6ded08R78
And after that, we will merge the PR.

[flaviocgarcia78]

@flaviocgarcia78 Thank you for processing comments.

#174 (comment) Sounds reasonable. Explicit routing at the call site is safer for now. A follow-up PR is a fair call.

Could you fix markdown linter issues and remove one unprocessed Portuguese comment - https://github.com/hyperledger-indy/indy-besu/pull/174/changes#diff-3739dfc2ecb3a79bfb86811a09028efd7279f2743ecec65bf4917cb2fa6ded08R78 And after that, we will merge the PR.

@Artemkaaas,
Thank you for the review and guidance.

I have addressed the requested adjustments:

• fixed the markdown linter issue by replacing the root-relative link with a relative path
• removed the remaining Portuguese comment and replaced it with an English comment

The branch was updated with the latest changes.