core bootstrap: subsume non-core #4541
Conversation
dckc
force-pushed
the
bootstrap-core
branch
10 times, most recently
from
cdccd78 to
90e8986
Compare
dckc
requested review from
michaelfig,
Chris-Hibbert and
turadg
and removed request for
michaelfig
There was a problem hiding this comment.
I took a pass with some comments and questions. They're mostly superficial as I'm not well acquainted with the bootstrap.
Besides those, nothing stands out to me as problematic but I won't feel comfortable giving an Approval without a walk-through. I'm leaving a Comment review and hoping one of the other reviewers can provide assess whether it's merge-ready.
| epochInterval: 60n * 60n, // 1 hour | ||
| }; | ||
| const [centralIssuer, centralBrand] = await Promise.all([ | ||
| E(agoricNames).lookup('issuer', 'RUN'), // TODO: constant for RUN |
There was a problem hiding this comment.
is this to do before merging or in the future? If the latter, it's best to have a ticket or a comment about who will do it.
There was a problem hiding this comment.
Good question. It's at least intended to start a conversation with reviewers.
There was a problem hiding this comment.
I think last time this came up we discussed a set of "well known names". "RUN" would be one of them. Seems like it wouldn't hurt to have a constant file now for what would eventually be well-known names, as long as we understand what the semantics are of a name being well-known. Though I can't say that I'm certain.
There was a problem hiding this comment.
Yesterday I decided that both constants and static types were worth doing, as part of integrating agoricNames with the permits system:
agoric-sdk/packages/vats/src/core/utils.js
Lines 18 to 22 in 1a8fab6
agoric-sdk/packages/vats/src/core/types.js
Lines 119 to 122 in 1a8fab6
...
agoric-sdk/packages/vats/src/core/types.js
Lines 136 to 143 in 1a8fab6
| epochTimerService, | ||
| harden(distributorParams), | ||
| ) | ||
| .catch(e => console.error('Error building fee distributor', e)); |
There was a problem hiding this comment.
why is this better than letting the error propagate?
There was a problem hiding this comment.
I'm not sure; I copied / moved this code from elsewhere. @Chris-Hibbert ? @michaelfig ?
There was a problem hiding this comment.
I think this catch was done before we "only distribute fees if there is a collector". You can remove it with impunity.
| allValues: async obj => | ||
| fromEntries(Collect.zip(keys(obj), await Promise.all(values(obj)))), | ||
| }; | ||
| /** @type { <T, U>(obj: Record<string, T>, f: (t: T) => U) => Record<string, U>} */ |
There was a problem hiding this comment.
👌 I'm a fan of using as little JSDoc as necessary.
| */ | ||
|
|
||
| /** | ||
| * @callback CreateUserBundle | ||
| * @param {string} nickname | ||
| * @param {string} clientAddress | ||
| * @param {string[]} powerFlags | ||
| * @returns {Promise<Record<string, unknown>>} | ||
| * @returns {Promise<Record<string, Promise<any>>>} |
There was a problem hiding this comment.
This looks like a regression in type safety. How hard would it be to keep the unknown instead of any?
There was a problem hiding this comment.
this justification belongs in the code...
The userBundle really is an arbitrary pile of properties. And it's not like you can check them with typeof. You are either in a position to trust them or you're not. With unknown, each client that wants to call a method such as E(userBundle.bank).deposit(payment) has to cast userBundle.bank; ideally, the cast is to some useful type. But unknown can't be cast directly to some other type; it has to be cast to any first. I'm not sure all that hassle is cost-effective.
| * ROLE: string, | ||
| * hardcodedClientAddresses: string[], | ||
| * noFakeCurrencies: boolean, | ||
| * FIXME_GCI: string, |
There was a problem hiding this comment.
it hasn't been for some number of years :)
again, this code is copied / moved from bootstrap.js.
|
I just added several commits based on testing in the context of work on getRUN bootstrap for a demo. Some of these could perhaps go in separate PRs; for example: |
dckc
changed the title
| vatPowers, | ||
| ); | ||
|
|
||
| // TODO: Remove this alias when we can. |
There was a problem hiding this comment.
Can you add an indication of the time frame or blocking factors?
There was a problem hiding this comment.
That comment is unchanged from bootstrap.js. But it's a good question..
Maybe now is the time to remove home.uploads? @michaelfig ?
There was a problem hiding this comment.
Maybe now is the time to remove
home.uploads?
I think so. We'd need to audit the dapps, but I'm pretty sure it's okay, and we can fix them if they break. But maybe in a follow-on PR.
| { template } = { | ||
| template: { | ||
| agoricNames: true, | ||
| bank: true, | ||
| namesByAddress: true, | ||
| myAddressNameAdmin: true, | ||
| board: true, | ||
| faucet: true, | ||
| zoe: true, | ||
| }, | ||
| }, |
There was a problem hiding this comment.
Why is this better than
| { template } = { | |
| template: { | |
| agoricNames: true, | |
| bank: true, | |
| namesByAddress: true, | |
| myAddressNameAdmin: true, | |
| board: true, | |
| faucet: true, | |
| zoe: true, | |
| }, | |
| }, | |
| template = { | |
| agoricNames: true, | |
| bank: true, | |
| namesByAddress: true, | |
| myAddressNameAdmin: true, | |
| board: true, | |
| faucet: true, | |
| zoe: true, | |
| }, |
There was a problem hiding this comment.
This justification belongs in the code somewhere.
The idea is that the 2nd argument for all boostrap behaviors (functions) is an optional "config" argument that can be set in the bootstrap config file. So template isn't the whole config; it's one option in the config for this behavior.
dckc
force-pushed
the
bootstrap-core
branch
6 times, most recently
from
c465d64 to
1a8fab6
Compare
- consume pegasusBundle from the bootstrap promise space.
- no need to exclude install-on-chain.js from lint, so move to src/
- there's only one bundle, so never mind the Promise.all loop.
- take care not to give Zoe.install a Promise<bundle>; that fails
with: unrecognized moduleFormat ' undefined '
- export CONTRACT_NAME = 'Pegasus' (capital P)
- since we get nameAdmins from the promise space,
use eventual send to call it.
- never mind creatorFacet; Pegasus doesn't have one.
- prune unused uiConfig
- prune import of BootstrapPowers type
ran into trouble with ambient types
closes #4021 BREAKING CHANGE: removes getBootstrapPayment from VaultFactory
In order to test the new bootstrap with older versions of the UI, publish the VaultFactory instance and uiConfig under 'Treasury' as well as 'VaultFactory'. - combine awaits for vaultFactoryInstance, vaultFactoryCreator - we share vaultFactory instance in startVaultFactory; no need to do it again in configureVaultFactoryUI - docs: makeCollectFeesInvitation type conflicted with something
- basic-behaviors:
- mintInitialSupply, w/unit test
- factor out BLD, RUN info as Tokens
- example bootMsg for type
- addBankAssets, w/unit test
- publish runIssuer, runBrand here rather than buildZoe
- subsume makeBLDKit
- produce namesByAddress, namesByAddressAdmin
- makeClientBanks: add home.bank
- chain-behaviors:
- makeClientManager: delay resolution of chainBundle
until expected contents are available
- TECHDEBT: factor out expected contents for
use in solo's test-home.js
- support multiple properties in E(client).assignBundle()
- shareEconomyBundles: no getRUNBundle yet
- registerNetworkProtocols: IBC, ...
- update to use makePegasusConnectionKit
- update Collect usage
- integrate installPegasusOnChain behavior
- manifest: installPegasusOnChain permit
- share pegasusBundle from shareBootContractBundles
- reserve Pegasus instance in nameHub
- client-behaviors: startClient
- parameterize logging in makePromiseSpace()
- manifest:
- track containing vat
- TECHDEBT: not enforced as part of permit
- track produce / consume for
home: installation, instance, issuer, brand
- parameterize governance actions by ROLE
- core/types.js
- factor BootstrapSpace, BootDevices<T> out of BootstrapPowers
- chase down lots of vat, device types
- SwingsetDevices was a misnomer; devices are chosen
by the host application
- resolve Device type conflicts
- grantRunBehaviors - test connectFaucet - don't bother with ATOM, moola, simolean faucet payments - coordinate faucet, amm using provideIssuerKit in vat-mints.js - factor out fundAMM calculations for testing - demoIssuers: export utilities for testing - update Collect usage
- don't try to startRewardDistributor on sim-chain
- update CHAIN_BOOTSTRAP_VAT_CONFIG docs in env.md
fixes #4165 BREAKING CHANGE: decentral-config.json config file is no longer available. Use decentral-core-config.js, which starts core services by not RUN protocol etc., or decentral-demo-config.js, which does start the RUN protocol and provides demo funds in wallets, AMM.
Separate demo/test bootstrap from production. BREAKING CHANGE: RUN protocol etc. is not started by default. To start RUN protocol, Pegasus, etc., use: CHAIN_BOOTSTRAP_VAT_CONFIG=@agoric/vats/decentral-demo-config.json \ agoric start local-chain Stay tuned for a mechanism to turn them on via governance.
- shared: factor out duplication
This gives senders (such as a committee electorate sending out voter invitations) a promise for the depositFacet rather than having their lookup fail.
... zoe invitations, in particular.
For static typing and integrating with the bootstrap permit system,
we expose { produce, consume } spaces rather than NameAdmins.
The idiom `E(agoricNames).lookup('instance', 'economicCommittee')`
becomes `instance.consume.economicCommittee`, replacing magic
strings with statically checked names.
Likewise, the idiom `E(instanceAdmin).update('economicCommittee', instance)`
becomes `economicCommittee.resolve(instance)`.
chore(vats): avoid magic strings for agoricNames (SQUASHME prod)
- manifest: adapt permits from nameHubs to instance.produce and such
- configureVaultFactoryUI: no need to produce amm instance;
it's done in setupAMM
- buildZoe doesn't produce the RUN issuer, brand;
no need for agoricNames, nameAdmins, which are
now obsolete in any case
- test-boot.js to test manifest.js without starting the whole chain:
test all 3 roles, with and without post-boot governance actions
- makeAddressNameHubs: consume agoricNames,
which is produced in boot.js
- addBankVats no longer uses bootMsg
- no more collectNameAdmins, rarely need to consume agoricNames
- makeAgoricNames -> makeAgoricNamesAccess, which connects
the promise spaces with the nameAdmins.
- chore(pegasus): nameAdmins -> spaces
- adapt startRewardDistributor to promise spaces for agoricNames
- boot.js: parameterize logging higher
- avoid harden() on module object
- provide better diagnostic for bad behavior name
- produce home.chainTimerService
- docs: build scripts for visualizing initial conditions (SQUASHME prod)
- vats: genesis typo
- style(vats): mgr -> bankMgr
- style(run-protocol): vats.distributeFees
- makePriceAuthority -> makePriceAuthorityRegistry
it's making more than a price authority
- docs(vats): cite BLD issuer vat TODO issue
- avoid hardening `deprecated` (SQUASHME prod)
In a test, some calls that usually cross vats do not, so args get
hardened. Since this deprecated thing should go away, let's copy it to
make building the test easier.
- test-clientBundle for spaces
- fix(vats): fix home.chainTimerService
- chore(run-protocol): fee distributor etc.
- liquidate installation in configureVaultFactoryUI
- bundles check is subsumed by permits
- obsolete fee distributor .catch()
- style(run-protocol): reformat in econ-behaviors
- docs(vats): misc.
- justify use of any in getChainBundle
- TODO: shut down centralSupply contract?
- NameHub, NameAdmin are not exposed in WellKnownSpaces
Co-authored-by: Chris Hibbert <Chris-Hibbert@users.noreply.github.com>
closes: #4165, #4021
I (sort of) recommend reviewing the commits separately. In particular, the
run-protocolcommits are separate from `vats and such. And demo stuff is in a separate commit from production stuff. This strategy fell down a bit with the move from the nameAdmins store to using promise spaces for issuers, brands, etc.Security Considerations
completes the work of separating demo / test materials from production bootstrap begun in #4309, #4437
Documentation Considerations
and enumeration of what's in home is in here somewhere. (see also #4347)
Testing Considerations
unit test coverage is better but still not good. I'm still struggling to figure out what features to check for regressions.
production:
packages/run-protocol)test-home.jsinpackages/solotestswallet,board, etc. (pre-dates this PR)client(solo) bootstrapmakeFeeCollector(unit tests, separate from bootstrap)demo/test:
Postponed to separate issues: