VatTP over solo IBC

[michaelfig]

What is the Problem Being Solved?

We want to be able to use IBC to communicate between the Agoric solo machine to the Agoric chain.

Description of the Design

• Use CosmJS's light client to connect to chain
  • remove all ag-solo Golang dependencies: use existing SwingSet-specific queries/transactions in JS
• Implement solo IBC in Javascript
  • relayer functionality in JS
  • create a new Network API protocol to expose this functionality to ag-solo
• Demonstrate establishing a new solo client and using VatTP over IBC as with Support IBC for comm #259

Security Considerations

Improved security, as we won't be trusting the full node we're connected to; we'll use CosmJS's light client to verify that they're telling the truth.

Test Plan

TBD, but based on #259

[dckc]

Interesting.

It looks to me like the problem being solved is rather:

• The ag-solo wallet trusts the node that it connects to, which makes sense only for validators, not typical users (it's sort of OK in dev mode, since the dev can pretend to be a validator)
• a separate solo/chain protocol is a source of design risk (e.g. overhaul solo-to-chain txn sending loop #2855)
• golang code and dependencies are
  • a (small to moderate) burden on customers of the SDK who want to build from source
  • incompatible with ocap discipline (the go stdlib has lots of ambient authority and there's no feasible mechanism to confine go code)
  • a separate set of development practices and expertise (for example, unit test coverage for our go code is slim to none)

"We want to X" is rarely a useful problem statement :)

cc @warner @rowgraus