8445 add promiseWatcher to smartWallet #8488
Conversation
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
2 times, most recently
from
0584ef2
to
2096070
Compare
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
from
b5093a4
to
fb03e29
Compare
| /** @type {[PromiseRejectedResult]} */ | ||
| // @ts-expect-error cast | ||
| const result = status.result; | ||
| t.is(result[0].status, 'rejected'); |
There was a problem hiding this comment.
The previous code just happened to call updateStatus on a Promise.all() that covered this case. We get the same results without the Promise.all(), so there's nothing to log at that point. The 'rejected' status is redundant with the error detected just above.
There was a problem hiding this comment.
This is a breaking change and why test-oracle-integration is failing. When this code handles a rejection:
agoric-sdk/packages/smart-wallet/src/smartWallet.js
Lines 843 to 844 in 0e25d18
And so it's not getting thrown
to theexecuteOffer caller.
It's a smell that there are two error handlers which both do updateStatus({ error: err.toString() });. Let's see if we can refactor this to have one error handler that throws and executeOffer() waits for the offer to complete.
There was a problem hiding this comment.
this 'rejected' status came from tryReclaimingWithdrawnPayments(), which failed because the error happened before there was a seat. insufficientFunds was detected while attempting to create the payment to send to Zoe, so Zoe was never called.
The new approach doesn't attempt to collect those payments, so the rejected status is never set, which I think is fine. status.error tells all that needs to be understood.
test-oracle-integration now passes because of your fixes that pass the error through executeOffer.
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
from
65d8aef
to
d5d0bc1
Compare
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
2 times, most recently
from
9c8ec51
to
6730e01
Compare
| 'open-vault', | ||
| ), | ||
|
|
||
| // does not throw, because it's in the result, but it will show up in errors |
There was a problem hiding this comment.
this is a breaking change to the API. I don't think it's necessary. Let's discuss.
| LiquidationSetup, | ||
| } from './liquidation.ts'; | ||
|
|
||
| const test = anyTest as TestFn<LiquidationTestContext>; | ||
|
|
||
| //#region Product spec | ||
| const setup: LiquidationSetup = { |
There was a problem hiding this comment.
why is LiquidationSetup in a test about walletSurvivesZoeRestart?
There was a problem hiding this comment.
in order to test that the wallets survive, it's using a vaultLiquidation scenario to exercise the vaults.
packages/swingset-liveslots/test/virtual-objects/test-virtualObjectManager.js
Outdated
Show resolved
Hide resolved
turadg
force-pushed
the
8445-addWatcher
branch
from
d57aa5a
to
cbb2dae
Compare
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
from
54f15dc
to
b80246d
Compare
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
4 times, most recently
from
cb60b07
to
625f9dd
Compare
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
from
7bc60c4
to
3cf7cc4
Compare
| @@ -6,7 +6,7 @@ | |||
| */ | |||
|
|
|||
| import { makeHelpers } from '@agoric/deploy-script-support'; | |||
| import { getManifestForUpgrade } from '@agoric/smart-wallet/src/proposals/upgrade-walletFactory-proposal.js'; | |||
| import { getManifestForUpgrade } from '@agoric/vats/src/proposals/upgrade-wallet-factory-proposal.js'; | |||
There was a problem hiding this comment.
In master I see the file packages/smart-wallet/src/proposals/upgrade-walletFactory-proposal.js and when I run agoric run scripts/smart-wallet/build-walletFactory-upgrade.js it works.
Please revert moving the file. The proposal is about wallet-factory so belongs in smart-wallet.
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
from
6e79669
to
86b166c
Compare
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
from
2fd24cd
to
ec4cbce
Compare
| const buildAndExecuteProposal = async packageSpec => { | ||
| const buyer = await walletFactoryDriver.provideSmartWallet('agoric1buyer'); | ||
|
|
||
| const buildAndExecuteProposal = async (packageSpec: string) => { |
There was a problem hiding this comment.
Out of scope but we should move this to SwingsetTestKit
There was a problem hiding this comment.
take care to pass I/O access explicitly when doing so.
| @@ -218,6 +249,12 @@ export const prepareSmartWallet = (baggage, shared) => { | |||
| invitationDisplayInfo: DisplayInfoShape, | |||
| publicMarshaller: M.remotable('Marshaller'), | |||
| zoe: M.eref(M.remotable('ZoeService')), | |||
|
|
|||
| // known only to smartWallets and walletFactory, this allows the | |||
| purseForBrand: M.call(BrandShape).returns(M.promise()), | ||
| logWalletInfo: M.call(M.any()).returns(), | ||
| logWalletError: M.call(M.any()).returns(), | ||
| // XXX is there a better guard for a bigMapStore? |
There was a problem hiding this comment.
| // XXX is there a better guard for a bigMapStore? | |
| // XXX is there a tighter shape for a bigMapStore than M.any()? |
fwiw I don't think so
packages/smart-wallet/test/swingsetTests/upgradeWalletFactory/walletFactory-V2.js
Show resolved
Hide resolved
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
from
19bfad6
to
cd1c09a
Compare
* test: support for watchedPromises in fakeVirtualSupport Needed by #8488 * chore: update allocatePromiseID to use nextExportID * chore: distinct ID range for proises
|
@dckc, are you willing/able to approve this PR for merging. I believe I've addressed all the requested changes. |
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
3 times, most recently
from
3b6db32
to
50b525c
Compare
| purseForBrand: M.call(BrandShape).returns(M.promise()), | ||
| logWalletInfo: M.call().rest(M.arrayOf(M.any())).returns(), | ||
| logWalletError: M.call().rest(M.arrayOf(M.any())).returns(), | ||
| // XXX is there a tighter guard for a bigMapStore than M.any()? |
There was a problem hiding this comment.
there isn't, but there could be a shape for it. consider,
| // XXX is there a tighter guard for a bigMapStore than M.any()? | |
| // TODO define a shape for bigMapStore |
even better, make an issue and mention it here
There was a problem hiding this comment.
M.remotable() seems like the right shape.
or with a label such as M.remotable('mapStore').
There was a problem hiding this comment.
I assumed we could do better by including the actual properties (methods) of a mapStore. M.remotable() is incrementally better than M.any() but then the shape can't change later to one that is a local object with methods.
There was a problem hiding this comment.
Patterns only admit passables, such as a remotable or a copyRecord with properties (whose values are passable), but local objects with methods aren't passable, IIUC.
And even for a local Far() object, whether a pattern matches or not is pass-invariant, so you can't test its methods with patterns any more than you can for a remote presence.
There was a problem hiding this comment.
M.remotable('mapStore') is indeed better than M.any(). Thanks
There was a problem hiding this comment.
Thanks @dckc and sorry for steering your wrong @Chris-Hibbert . I neglected to think through it, and was yet was hasty in my certainty. I plead guilty by reason of fever.
| const { address, invitationPurse } = state; | ||
| const { liveOffers, liveOfferSeats } = state; | ||
| const { zoe, agoricNames } = shared; | ||
| const { invitationBrand, invitationIssuer } = shared; |
There was a problem hiding this comment.
I can't tell whether it was intentional to separate them. Please make these two lines or explain why it's four.
There was a problem hiding this comment.
I hate prettier.
It used to turn 2 lines here or 4 lines into 10 lines. Now it's happy with two lines per declaration. Hurrah!
But with longer names or more names, it will jump from 2 lines to 6, and I'll go back to multiple declarations, or not declaring them all, or declaring some later.
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
from
50b525c
to
37b4e84
Compare
pulled offers.js and payments.js into smartWallet.js as they shared plenty of state that needs to be durable in order to be callable from the watchedPromise. build an upgrade proposal; tested in Agoric/agoric-3-proposals#34
Chris-Hibbert
force-pushed
the
8445-addWatcher
branch
from
37b4e84
to
5ed5107
Compare
* test: support for watchedPromises in fakeVirtualSupport Needed by #8488 * chore: update allocatePromiseID to use nextExportID * chore: distinct ID range for proises
* test: support for watchedPromises in fakeVirtualSupport Needed by #8488 * chore: update allocatePromiseID to use nextExportID * chore: distinct ID range for proises
…ic#8772) * test: support for watchedPromises in fakeVirtualSupport Needed by Agoric#8488 * chore: update allocatePromiseID to use nextExportID * chore: distinct ID range for proises
closes: #8445
Description
Use watchedPromises to monitor expected payouts. This made it necessary to be able to call several functions from more than one location, so a lot of state and behavior that was ephemeral was made durable. I think the code is simpler now.
along the way
payments.tryReclaimingWithdrawnPayments()went away. I'm pretty sure it was redundant with ERTP recoverySets. If there was other functionality that we should keep, please let me know.Security Considerations
offer security, not operational security. Without this fix, wallets wouldn't be able to pay out if the Zoe vat upgraded.
Scaling Considerations
Repairs all the outstanding seats for each smartWallet on upgrade.
Documentation Considerations
not applicable
Testing Considerations
TBD. Not done yet.
Upgrade Considerations
It's all about upgrade.