-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WalletFactory survive upgrades and repair outstanding purses and offers #8773
Conversation
2bf69c3
to
51b96eb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
more after a short meeting...
@@ -0,0 +1,29 @@ | |||
import { makeHelpers } from '@agoric/deploy-script-support'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see a builders
package on the branch that this is going into.
I think this needs to be somewhere with a package.json
to work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a duplicate of one in vats anyway. Gone.
* @param {*} wallet | ||
* @param {import('@agoric/smart-wallet/src/smartWallet.js').SmartWallet} wallet |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MH usually avoids changes that have no runtime impact on the release branch. I'm not sure whether that matters here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not a problem in test files
@@ -26,6 +27,7 @@ | |||
"dependencies": { | |||
"@agoric/assert": "^0.6.1-u11wf.0", | |||
"@agoric/casting": "^0.4.3-u13.0", | |||
"@agoric/deploy-script-support": "^0.10.4-u13.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if that could be moved to devDependencies
.
not sure it matters, much, though...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question, which we can punt on for now.
walletFactoryStartResult, | ||
provisionPoolStartResult, | ||
chainStorage, | ||
walletBridgeManager: walletBridgeManagerP, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👏 This is a pretty clean set of bootstrap powers to be using.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks like there's an extra copy of a file. not fatal
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some tests that the upgrade succeeds in A3P are here. Further tests from #8557 will be added separately. Some manual tests in the A3P environment will be automated and also added separately.
I am confused. I do not see any a3p-integration changes here, so what exactly is related to A3P? I understand the wallet factory work may not be complete, but from what I understand, the upgrade of the wallet factory vat with the core proposal included in this PR should go through, right? Can we at least add that to a3p-integration in this PR, something along the lines of 65d8c5b
* @param {*} wallet | ||
* @param {import('@agoric/smart-wallet/src/smartWallet.js').SmartWallet} wallet |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not a problem in test files
@@ -26,6 +27,7 @@ | |||
"dependencies": { | |||
"@agoric/assert": "^0.6.1-u11wf.0", | |||
"@agoric/casting": "^0.4.3-u13.0", | |||
"@agoric/deploy-script-support": "^0.10.4-u13.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question, which we can punt on for now.
I have done just that in 016da83, and a crude test seems to pass! https://github.com/Agoric/agoric-sdk/actions/runs/7578792312/job/20641968845?pr=8773#step:6:1012 https://github.com/Agoric/agoric-sdk/actions/runs/7578792312/job/20641968845?pr=8773#step:7:196 |
I ran manuall tests in a3p-integration based on a proposals I wrote myself. I didn't have a version of a3p-integration that added upgrade-14, so it didn't make sense to check them in. Since you have that, it's a good addition. Your simple test is the same thing I used as a first cut. I'm working on converting the manual tests to ones I can script (shell vs. js invocations). My expectation was that they would go in master, but I can bring them here as well once there's a here to target. |
Sorry for the miscommunication, the whole point of the |
f31ccb0
to
c02c973
Compare
pulled offers.js and payments.js into smartWallet.js as they shared plenty of state that needs to be durable in order to be callable from the watchedPromise. build an upgrade proposal; tested in Agoric/agoric-3-proposals#34
observeNotifier() would handle upgrade disconnects if the notifiers were durable. But in @agoric/ertp, they're ephemeral, so we open-code the loop. When the offerWatchers detect an upgrade, they reschedule the watchers. We needed to ensure the wallet itself doesn't do its cleanup in that case. The test updates purse balance across upgrade - provision a smartWallet for an oracle operator - upgrade zoe; reproduce smartWallet bug - check for new invitation
feat: include invitation purses in repairUnwatchedPurses
covered better by a3p integration tests
016da83
to
d58948e
Compare
#8775 will merge all the new code back to master. |
closes: #8488
closes: #8292
closes: #8293
closes: #8286
refs: #8445
refs: #8609
refs: #8445
refs: #8557
refs: a3p#34
Description
Fix the WalletFactory to survive upgrade, and repair all outstanding offers and purses.
Security Considerations
Ensure survival of outstanding SmartWallets.
Scaling Considerations
Some work is done for existing purses and offers when WalletFactory is upgraded to incarnation 2. It's a small amount of work for each, and there aren't many on the chain at this point.
Documentation Considerations
No changes to user-visible behavior are intended.
Testing Considerations
Some unit tests are included. Some tests that the upgrade succeeds in A3P are here. Further tests from #8557 will be added separately. Some manual tests in the A3P environment will be automated and also added separately.
Upgrade Considerations
Oh, yeah. It's all about upgrading.