WalletFactory survive upgrades and repair outstanding purses and offers #8773
Conversation
Chris-Hibbert
added
wallet
contract-upgrade
next-release
Chris-Hibbert
force-pushed
the
8445-upgradeWF-a3p-test
branch
from
2bf69c3
to
51b96eb
Compare
| @@ -0,0 +1,29 @@ | |||
| import { makeHelpers } from '@agoric/deploy-script-support'; | |||
There was a problem hiding this comment.
I don't see a builders package on the branch that this is going into.
I think this needs to be somewhere with a package.json to work.
There was a problem hiding this comment.
It's a duplicate of one in vats anyway. Gone.
| * @param {*} wallet | ||
| * @param {import('@agoric/smart-wallet/src/smartWallet.js').SmartWallet} wallet |
There was a problem hiding this comment.
MH usually avoids changes that have no runtime impact on the release branch. I'm not sure whether that matters here.
| @@ -26,6 +27,7 @@ | |||
| "dependencies": { | |||
| "@agoric/assert": "^0.6.1-u11wf.0", | |||
| "@agoric/casting": "^0.4.3-u13.0", | |||
| "@agoric/deploy-script-support": "^0.10.4-u13.0", | |||
There was a problem hiding this comment.
I wonder if that could be moved to devDependencies.
not sure it matters, much, though...
There was a problem hiding this comment.
Good question, which we can punt on for now.
| walletFactoryStartResult, | ||
| provisionPoolStartResult, | ||
| chainStorage, | ||
| walletBridgeManager: walletBridgeManagerP, |
There was a problem hiding this comment.
👏 This is a pretty clean set of bootstrap powers to be using.
There was a problem hiding this comment.
Some tests that the upgrade succeeds in A3P are here. Further tests from #8557 will be added separately. Some manual tests in the A3P environment will be automated and also added separately.
I am confused. I do not see any a3p-integration changes here, so what exactly is related to A3P? I understand the wallet factory work may not be complete, but from what I understand, the upgrade of the wallet factory vat with the core proposal included in this PR should go through, right? Can we at least add that to a3p-integration in this PR, something along the lines of 65d8c5b
| * @param {*} wallet | ||
| * @param {import('@agoric/smart-wallet/src/smartWallet.js').SmartWallet} wallet |
| @@ -26,6 +27,7 @@ | |||
| "dependencies": { | |||
| "@agoric/assert": "^0.6.1-u11wf.0", | |||
| "@agoric/casting": "^0.4.3-u13.0", | |||
| "@agoric/deploy-script-support": "^0.10.4-u13.0", | |||
There was a problem hiding this comment.
Good question, which we can punt on for now.
I have done just that in 016da83, and a crude test seems to pass! https://github.com/Agoric/agoric-sdk/actions/runs/7578792312/job/20641968845?pr=8773#step:6:1012 https://github.com/Agoric/agoric-sdk/actions/runs/7578792312/job/20641968845?pr=8773#step:7:196 |
I ran manuall tests in a3p-integration based on a proposals I wrote myself. I didn't have a version of a3p-integration that added upgrade-14, so it didn't make sense to check them in. Since you have that, it's a good addition. Your simple test is the same thing I used as a first cut. I'm working on converting the manual tests to ones I can script (shell vs. js invocations). My expectation was that they would go in master, but I can bring them here as well once there's a here to target. |
Sorry for the miscommunication, the whole point of the |
mhofman
force-pushed
the
8618-fakeVirtual-watchedPromises-14
branch
from
f31ccb0
to
c02c973
Compare
pulled offers.js and payments.js into smartWallet.js as they shared plenty of state that needs to be durable in order to be callable from the watchedPromise. build an upgrade proposal; tested in Agoric/agoric-3-proposals#34
observeNotifier() would handle upgrade disconnects if the notifiers were durable. But in @agoric/ertp, they're ephemeral, so we open-code the loop. When the offerWatchers detect an upgrade, they reschedule the watchers. We needed to ensure the wallet itself doesn't do its cleanup in that case. The test updates purse balance across upgrade - provision a smartWallet for an oracle operator - upgrade zoe; reproduce smartWallet bug - check for new invitation
feat: include invitation purses in repairUnwatchedPurses
covered better by a3p integration tests
mhofman
force-pushed
the
8445-upgradeWF-a3p-test
branch
from
016da83
to
d58948e
Compare
#8775 will merge all the new code back to master. |
closes: #8488
closes: #8292
closes: #8293
closes: #8286
refs: #8445
refs: #8609
refs: #8445
refs: #8557
refs: a3p#34
Description
Fix the WalletFactory to survive upgrade, and repair all outstanding offers and purses.
Security Considerations
Ensure survival of outstanding SmartWallets.
Scaling Considerations
Some work is done for existing purses and offers when WalletFactory is upgraded to incarnation 2. It's a small amount of work for each, and there aren't many on the chain at this point.
Documentation Considerations
No changes to user-visible behavior are intended.
Testing Considerations
Some unit tests are included. Some tests that the upgrade succeeds in A3P are here. Further tests from #8557 will be added separately. Some manual tests in the A3P environment will be automated and also added separately.
Upgrade Considerations
Oh, yeah. It's all about upgrading.