Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

replace ROLE with 3 bootstrap modules; audit contents #7049

Merged
merged 38 commits into from
Mar 14, 2023
Merged

replace ROLE with 3 bootstrap modules; audit contents #7049

merged 38 commits into from
Mar 14, 2023

Conversation

dckc
Copy link
Member

@dckc dckc commented Feb 22, 2023
edited
Loading

refs: #6687, #7044

Description

boot.js included everything for production chain, sim, and solo and dispatched at runtime based on ROLE arg. Instead, we choose between boot-chain.js, boot-sim.js, boot-solo.js modules in the swingset config, so that boot-chain.js has only production code.

This introduces a notForProductionUse() "poison pill" and any bundle that includes its module is flagged.

Tasks
Beta Give feedback
  1. feat(AMM)!: remove the AMM and cleanup bootstrap etc. dependencies #7074
    Inter-protocol MUST-HAVE Vaults automerge:squash force:integration hygiene
    Chris-Hibbert

Some items in the list of non-upgradeable vats are commented out; follow-on PRs should address them.

Security Considerations

Eliminates need to evaluate bootstrap logic to determine that test code is never run.

Scaling Considerations

Small code size reduction in production?

Documentation Considerations

Documentation about which bootstrap config files are used for what is still pretty messy.

Testing Considerations

Figuring out all the constraints on bootstrap and all the different bootstrap configs is challenging. I added tests for some of them, I think.

This was referenced Feb 24, 2023
Merged
Closed
@dckc dckc force-pushed the dc-boot-check branch 3 times, most recently from 6aa1dde to a57cc44 Compare February 25, 2023 14:38
@dckc dckc added the force:integration Force integration tests to run on PR label Feb 25, 2023
@dckc dckc force-pushed the dc-boot-check branch 5 times, most recently from b43084f to 3194c47 Compare March 2, 2023 18:47
@dckc dckc removed the force:integration Force integration tests to run on PR label Mar 2, 2023
@dckc dckc force-pushed the dc-boot-check branch 3 times, most recently from b2d2f00 to 37c10aa Compare March 3, 2023 18:04
@datadog-full-agoric
Copy link

datadog-full-agoric bot commented Mar 3, 2023
edited
Loading

Datadog Report

Branch report: dc-boot-check
Commit report: aea28d3

agoric-sdk: 0 Failed, 0 New Flaky, 3673 Passed, 57 Skipped, 15m 25.07s Wall Time

@dckc
Copy link
Member Author

dckc commented Mar 6, 2023

@michaelfig in agoric start --dev mode, the wallet ui shows "Disconnected from http://localhost:8000".

Is that what you would expect? Is this where the trick with the old wallet package comes in somehow? I'm looking at wallet/README and I don't see what I'm missing.

@dckc dckc changed the title audit bootstrap contents: bundles, behaviors / manifests / permits (WIP) replace ROLE with 3 bootstrap modules; audit contents Mar 7, 2023
@dckc dckc marked this pull request as ready for review March 7, 2023 20:56
@dckc
Copy link
Member Author

dckc commented Mar 7, 2023

@warner this PR includes a unit test to audit bundles similar to our Jan discussion.

There's more to do: currently the prohibition on vat-network is commented out. If I un-comment it, we get:

  ✘ [fail]: no test-only code is in production configs decentral-test-vaults-config.json bundle /home/connolly/projects/agoric-sdk/packages/vats/src/vat-network.js not upgradeable

It checks every module in each bundle for a 'magic-cookie-test-only' module. Stuff like vat-mints.js imports notForProductionUse from that module. Currently decentral-core-config.json includes vat-mints, so if we put it in PROD_CONFIG_FILES we get:

  ✘ [fail]: no test-only code is in production configs decentral-core-config.json bundle mints: ../../../internal/src/magic-cookie-test-only.js

This does enumerate all the bundles, both directly in the swingset config and indirectly via coreProposals:

  ✔ no test-only code is in production configs (438ms)
    ℹ checking config decentral-main-psm-config.json
    ℹ decentral-main-psm-config.json : check bundle: walletFactory walletFactory.js
    ℹ decentral-main-psm-config.json : check bundle: provisionPool provisionPool.js
    ℹ decentral-main-psm-config.json : check bundle: committee committee.js
    ℹ decentral-main-psm-config.json : check bundle: contractGovernor contractGovernor.js
    ℹ decentral-main-psm-config.json : check bundle: binaryVoteCounter binaryVoteCounter.js
    ℹ decentral-main-psm-config.json : check bundle: psm psm.js
    ℹ decentral-main-psm-config.json : check bundle: bank vat-bank.js
    ℹ decentral-main-psm-config.json : check bundle: centralSupply centralSupply.js
    ℹ decentral-main-psm-config.json : check bundle: mintHolder mintHolder.js
    ℹ decentral-main-psm-config.json : check bundle: board vat-board.js
    ℹ decentral-main-psm-config.json : check bundle: chainStorage vat-chainStorage.js
    ℹ decentral-main-psm-config.json : check bundle: zcf contractFacet.js
    ℹ decentral-main-psm-config.json : check bundle: zoe vat-zoe.js
    ℹ checking config decentral-psm-config.json
    ℹ decentral-psm-config.json : check bundle: auction auctioneer.js
    ℹ decentral-psm-config.json : check bundle: econCommitteeCharter econCommitteeCharter.js
    ℹ checking config decentral-test-vaults-config.json
    ℹ decentral-test-vaults-config.json : check bundle: ibc vat-ibc.js
    ℹ decentral-test-vaults-config.json : check bundle: network vat-network.js
    ℹ decentral-test-vaults-config.json : check bundle: priceAuthority vat-priceAuthority.js
    ℹ decentral-test-vaults-config.json : check bundle: provisioning vat-provisioning.js
    ℹ checking config decentral-test-psm-config.json
  ✔ no test-only code is in production proposals (455ms)
    ℹ checking config decentral-main-psm-config.json
    ℹ checking config decentral-psm-config.json
    ℹ checking config decentral-test-vaults-config.json
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal0_behaviors startWalletFactory.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal0_0 walletFactory.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal0_1 provisionPool.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal1_behaviors core-proposal.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal1_0 binaryVoteCounter.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal1_1 committee.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal1_2 contractGovernor.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal1_3 auctioneer.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal1_4 feeDistributor.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal1_5 assetReserve.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal1_6 stakeFactory.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal1_7 vaultFactory.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal2_behaviors core-proposal.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal2_0 pegasus.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal3_behaviors startPSM.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal3_4 econCommitteeCharter.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal3_5 psm.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal4_behaviors addAssetToVault.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal4_0 scaledPriceAuthority.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal5_1 mintHolder.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal10_behaviors price-feed-proposal.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal10_0 fluxAggregatorContract.js
    ℹ decentral-test-vaults-config.json : check bundle: coreProposal11_behaviors committee-proposal.js
    ℹ checking config decentral-test-psm-config.json

@michaelfig @turadg please take a look. I wonder about breaking it into pieces, but I've been smushing the parts around for so long that I think I need other eyes on it to make useful progress.

turadg
turadg reviewed Mar 7, 2023
View reviewed changes
Copy link
Member

@turadg turadg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Support the motivation. Reducing deep imports looks good. Poison pill is clever and helpful. Glad to have the visualization tool become part of CI.

Won't approve because I don't know what to expect for testing the sim-chain changes.

packages/inter-protocol/src/proposals/startPSM.js Outdated
@@ -345,7 +347,7 @@ export const PSM_GOV_MANIFEST = {
};

export const INVITE_PSM_COMMITTEE_MANIFEST = harden(
/** @type {import('@agoric/vats/src/core/manifest.js').BootstrapManifest} */
/** @type {import('@agoric/vats/src/core/lib-boot.js').BootstrapManifest} */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

defined up top

Suggested change
/** @type {import('@agoric/vats/src/core/lib-boot.js').BootstrapManifest} */
/** @type {BootstrapManifest} */

packages/inter-protocol/src/proposals/startPSM.js Outdated
export const PSM_MANIFEST = harden({
/** @type {import('@agoric/vats/src/core/manifest.js').BootstrapManifestPermit} */
/** @type {import('@agoric/vats/src/core/lib-boot.js').BootstrapManifestPermit} */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

implied by being a property of BootstrapManifest

Suggested change
/** @type {import('@agoric/vats/src/core/lib-boot.js').BootstrapManifestPermit} */

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like the BootstrapManifest declaration has to go inside harden() too.

packages/inter-protocol/test/supports.js Outdated
Comment on lines 7 to 8
import { makeAgoricNamesAccess } from '@agoric/vats/src/core/utils.js';
import { makePromiseSpace } from '@agoric/vats';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
import { makeAgoricNamesAccess } from '@agoric/vats/src/core/utils.js';
import { makePromiseSpace } from '@agoric/vats';
import { makeAgoricNamesAccess, makePromiseSpace } from '@agoric/vats';

packages/smart-wallet/test/supports.js Outdated
makeAgoricNamesAccess,
makePromiseSpace,
} from '@agoric/vats/src/core/utils.js';
import { makeAgoricNamesAccess } from '@agoric/vats/src/core/utils.js';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

top-level now

packages/vats/src/core/basic-behaviors.js Show resolved Hide resolved
packages/vats/src/core/basic-behaviors.js Outdated

/** @type {import('./lib-boot').BootstrapManifest} */
export const BASIC_BOOTSTRAP_PERMITS = harden({
/** @type {import('./lib-boot').BootstrapManifestPermit} */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

type is implied I think

packages/vats/src/core/boot-chain.js Outdated
Comment on lines 11 to 16
const {
BASIC_BOOTSTRAP_PERMITS: _5,
PowerFlags: _3,
makeMyAddressNameAdminKit: _4,
...basicBehaviors
} = basicBehaviorsPlus;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the numbers seem significant but aren't. consider:

Suggested change
const {
BASIC_BOOTSTRAP_PERMITS: _5,
PowerFlags: _3,
makeMyAddressNameAdminKit: _4,
...basicBehaviors
} = basicBehaviorsPlus;
const {
BASIC_BOOTSTRAP_PERMITS: _B,
PowerFlags: _P,
makeMyAddressNameAdminKit: _m,
...basicBehaviors
} = basicBehaviorsPlus;

packages/vats/src/core/demoIssuers.js Outdated
Comment on lines 180 to 184
/**
* WARNING: not for production use
*
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the import and the line below seem sufficient:

notForProductionUse();

packages/vats/test/test-boot-config.js Show resolved Hide resolved
packages/vats/test/upgrading/test-upgrade-vats.js Show resolved Hide resolved
@dckc dckc added the force:integration Force integration tests to run on PR label Mar 8, 2023
dckc added 26 commits March 14, 2023 20:11
@dckc
chore(vats): restore authorityViz.js to working order
89dd260 
 - misc static types
 - note TODO ideas
 - make executable
@dckc
refactor(vats): factor out promise-space.js
7831f99
@dckc
test(inter-protocol): update makePromiseSpace import
107bd10
@dckc
test(vats): parameterize config in makeSwingsetTestKit()
ef850ab
@dckc
test(vats): bootstrap support for solo dev: home.myAddressNameAdmin
8f1f657
@dckc
feat(vats): export makeAgoricNamesAccess at package level
9ae7701
@dckc
test(vats): no test-only code is in production configs
7db2f17 
 - toward test for non-upgradeable vats
@dckc
fix(vats): prune mints/faucet from prod-like vats config
74d5f33
@dckc
chore(vats): prune sharing vat from test-vaults-config
46d1ed2
@dckc
chore: move sim stuff out of inter-protocol
394b154
@dckc
chore(vats): clarify which vat bootstrap items go
d1e8740
@dckc
test(vats): bootstrap visualization snapshot
b2f49e3
@dckc
test(vats): check production constraints on coreProposals
15682d8
@dckc
docs(vats): document purpose etc. of config files
b820735
@dckc
docs: bootstrapArgs is arbitrary JSON-serializable data
ce4aa3c 
No change to the runtime names, for now: vatParams.argv
@dckc
chore: prune remaining uses of bootstrap sim/chain/client ROLE
c62a0d6
@dckc
chore: prune pegasus from test-vaults-config
bca19bb
@dckc
chore(vats): demo-config meets loadgen constraints: vaults, USDC
1326966 
 - test: sim/demo config launches Vaults as expected by loadgen
 - demo-config: add missing proposals:
   - add-collateral-core for IbcATOM
   - price-feed-core
 - test: fill out expected home properties
 - installSimEgress: make hardcodedClientAddresses optional
 - type: prune governanceActions (obsolete in favor of coreProposals)
 - type: prune bootstrapManifest from BootstrapVatParams - no longer dynamic

 - rename USDC -> DAI in connectFaucet()
 - add missing harden()s in nameHub, connectFaucet()
 - factor out makeHomeFor()
@dckc
chore(vats): clean up BootstrapManifest typing
4b9b7c3
@dckc
chore(vats): reorg to avoid exporting non-behaviors
0d352cf 
 - move makeMyAddressNameAdminKit to utils
   - bonus: avoids importing all of basic-behaviors
     into places such as provisionPool.js
 - move PowerFlags to walletFlags.js
 - avoid redundant imports in boot-chain.js, -sim, -client
@dckc
test(vats): rename test-solo-dev -> test-demo-config
1f42034
@dckc
fixup! chore: move sim stuff out of inter-protocol
84e0608
@dckc
fixup! test(vats): stub test for bootstrap upgrade
a36df1e
@dckc
fixup! chore(vats): restore authorityViz.js to working order
879b8cb
@dckc
fixup! docs(vats): document purpose etc. of config files
f2dbe66
@dckc
chore(vats): fewer PSMs to speed up loadgen ci
478dc43
@mergify mergify bot merged commit 3d87d1d into master Mar 14, 2023
@mergify mergify bot deleted the dc-boot-check branch March 14, 2023 20:53
@dckc dckc mentioned this pull request Mar 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@turadg turadg turadg left review comments

@michaelfig michaelfig michaelfig approved these changes

@mhofman mhofman Awaiting requested review from mhofman

Assignees
No one assigned
Labels
automerge:rebase Automatically rebase updates, then merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dckc @turadg @michaelfig