@agoric/ertp 0.16.3-mainnet1B-dev-b0c1f78.0 → 0.16.3-orchestration-dev-096c4e8.0

package/src/paymentLedger.js

@@ -3,11 +3,6 @@
 /* eslint-disable no-use-before-define */
 import { isPromise } from '@endo/promise-kit';
 import { mustMatch, M, keyEQ } from '@agoric/store';
-import {
-  provideDurableWeakMapStore,
-  prepareExo,
-  provide,
-} from '@agoric/vat-data';
 import { AmountMath } from './amountMath.js';
 import { preparePaymentKind } from './payment.js';
 import { preparePurseKind } from './purse.js';
@@ -15,8 +10,6 @@ import { preparePurseKind } from './purse.js';
 import '@agoric/store/exported.js';
 import { BrandI, makeIssuerInterfaces } from './typeGuards.js';
 
-/** @typedef {import('@agoric/vat-data').Baggage} Baggage */
-
 const { details: X, quote: q, Fail } = assert;
 
 /**
@@ -70,29 +63,35 @@ const amountShapeFromElementShape = (brand, assetKind, elementShape) => {
 };
 
 /**
- * Make the paymentLedger, the source of truth for the balances of
- * payments. All minting and transfer authority originates here.
+ * Make the paymentLedger, the source of truth for the balances of payments. All
+ * minting and transfer authority originates here.
  *
  * @template {AssetKind} K
- * @param {Baggage} issuerBaggage
+ * @param {import('@agoric/zone').Zone} issuerZone
  * @param {string} name
  * @param {K} assetKind
  * @param {DisplayInfo<K>} displayInfo
  * @param {Pattern} elementShape
+ * @param {RecoverySetsOption} recoverySetsState
  * @param {ShutdownWithFailure} [optShutdownWithFailure]
  * @returns {PaymentLedger<K>}
  */
 export const preparePaymentLedger = (
-  issuerBaggage,
+  issuerZone,
   name,
   assetKind,
   displayInfo,
   elementShape,
+  recoverySetsState,
   optShutdownWithFailure = undefined,
 ) => {
   /** @type {Brand<K>} */
-  // @ts-expect-error XXX callWhen
-  const brand = prepareExo(issuerBaggage, `${name} brand`, BrandI, {
+  // Should be
+  // at-ts-expect-error XXX callWhen
+  // but ran into the usual disagreement between local lint and CI
+  // eslint-disable-next-line @typescript-eslint/prefer-ts-expect-error
+  // @ts-ignore
+  const brand = issuerZone.exo(`${name} brand`, BrandI, {
     isMyIssuer(allegedIssuer) {
       // BrandI delays calling this method until `allegedIssuer` is a Remotable
       return allegedIssuer === issuer;
@@ -121,7 +120,7 @@ export const preparePaymentLedger = (
     amountShape,
   );
 
-  const makePayment = preparePaymentKind(issuerBaggage, name, brand, PaymentI);
+  const makePayment = preparePaymentKind(issuerZone, name, brand, PaymentI);
 
   /** @type {ShutdownWithFailure} */
   const shutdownLedgerWithFailure = reason => {
@@ -139,48 +138,48 @@ export const preparePaymentLedger = (
   };
 
   /** @type {WeakMapStore<Payment, Amount>} */
-  const paymentLedger = provideDurableWeakMapStore(
-    issuerBaggage,
-    'paymentLedger',
-    { valueShape: amountShape },
-  );
+  const paymentLedger = issuerZone.weakMapStore('paymentLedger', {
+    valueShape: amountShape,
+  });
 
   /**
-   * A withdrawn live payment is associated with the recovery set of
-   * the purse it was withdrawn from. Let's call these "recoverable"
-   * payments. All recoverable payments are live, but not all live
-   * payments are recoverable. We do the bookkeeping for payment recovery
-   * with this weakmap from recoverable payments to the recovery set they are
-   * in.
-   * A bunch of interesting invariants here:
-   *    * Every payment that is a key in the outer `paymentRecoverySets`
-   *      weakMap is also in the recovery set indexed by that payment.
-   *    * Implied by the above but worth stating: the payment is only
-   *      in at most one recovery set.
-   *    * A recovery set only contains such payments.
-   *    * Every purse is associated with exactly one recovery set unique to
-   *      it.
-   *    * A purse's recovery set only contains payments withdrawn from
-   *      that purse and not yet consumed.
+   * A (non-empty) withdrawn live payment is associated with the recovery set of
+   * the purse it was withdrawn from. Let's call these "recoverable" payments.
+   * All recoverable payments are live, but not all live payments are
+   * recoverable. We do the bookkeeping for payment recovery with this weakmap
+   * from recoverable payments to the recovery set they are in. A bunch of
+   * interesting invariants here:
+   *
+   * - Every payment that is a key in the outer `paymentRecoverySets` weakMap is
+   *   also in the recovery set indexed by that payment.
+   * - Implied by the above but worth stating: the payment is only in at most one
+   *   recovery set.
+   * - A recovery set only contains such payments.
+   * - Every purse is associated with exactly one recovery set unique to it.
+   * - A purse's recovery set only contains payments withdrawn from that purse and
+   *   not yet consumed.
+   *
+   * If `recoverySetsState === 'noRecoverySets'`, then nothing should ever be
+   * added to this WeakStore.
    *
    * @type {WeakMapStore<Payment, SetStore<Payment>>}
    */
-  const paymentRecoverySets = provideDurableWeakMapStore(
-    issuerBaggage,
-    'paymentRecoverySets',
-  );
+  const paymentRecoverySets = issuerZone.weakMapStore('paymentRecoverySets');
 
   /**
    * To maintain the invariants listed in the `paymentRecoverySets` comment,
-   * `initPayment` should contain the only
-   * call to `paymentLedger.init`.
+   * `initPayment` should contain the only call to `paymentLedger.init`.
    *
    * @param {Payment} payment
    * @param {Amount} amount
    * @param {SetStore<Payment>} [optRecoverySet]
    */
   const initPayment = (payment, amount, optRecoverySet = undefined) => {
-    if (optRecoverySet !== undefined) {
+    if (recoverySetsState === 'noRecoverySets') {
+      optRecoverySet === undefined ||
+        Fail`when recoverSetsState === 'noRecoverySets', optRecoverySet must be empty`;
+    }
+    if (optRecoverySet !== undefined && !AmountMath.isEmpty(amount)) {
       optRecoverySet.add(payment);
       paymentRecoverySets.init(payment, optRecoverySet);
     }
@@ -189,8 +188,7 @@ export const preparePaymentLedger = (
 
   /**
    * To maintain the invariants listed in the `paymentRecoverySets` comment,
-   * `deletePayment` should contain the only
-   * call to `paymentLedger.delete`.
+   * `deletePayment` should contain the only call to `paymentLedger.delete`.
    *
    * @param {Payment} payment
    */
@@ -203,19 +201,14 @@ export const preparePaymentLedger = (
     }
   };
 
-  /** @type {(left: Amount, right: Amount) => Amount } */
-  const add = (left, right) => AmountMath.add(left, right, brand);
-  /** @type {(left: Amount, right: Amount) => Amount } */
-  const subtract = (left, right) => AmountMath.subtract(left, right, brand);
   /** @type {(allegedAmount: Amount) => Amount} */
   const coerce = allegedAmount => AmountMath.coerce(brand, allegedAmount);
-  /** @type {(left: Amount, right: Amount) => boolean } */
+  /** @type {(left: Amount, right: Amount) => boolean} */
 
   /**
-   * Methods like deposit() have an optional second parameter
-   * `optAmountShape`
-   * which, if present, is supposed to match the balance of the
-   * payment. This helper function does that check.
+   * Methods like deposit() have an optional second parameter `optAmountShape`
+   * which, if present, is supposed to match the balance of the payment. This
+   * helper function does that check.
    *
    * Note: `optAmountShape` is user-supplied with no previous validation.
    *
@@ -243,17 +236,13 @@ export const preparePaymentLedger = (
   /**
    * Used by the purse code to implement purse.deposit
    *
-   * @param {Amount} currentBalance - the current balance of the purse
-   * before a deposit
-   * @param {(newPurseBalance: Amount) => void} updatePurseBalance -
-   * commit the purse balance
+   * @param {import('./amountStore.js').AmountStore} balanceStore
    * @param {Payment} srcPayment
    * @param {Pattern} [optAmountShape]
    * @returns {Amount}
    */
   const depositInternal = (
-    currentBalance,
-    updatePurseBalance,
+    balanceStore,
     srcPayment,
     optAmountShape = undefined,
   ) => {
@@ -265,13 +254,12 @@ export const preparePaymentLedger = (
     assertLivePayment(srcPayment);
     const srcPaymentBalance = paymentLedger.get(srcPayment);
     assertAmountConsistent(srcPaymentBalance, optAmountShape);
-    const newPurseBalance = add(srcPaymentBalance, currentBalance);
     try {
       // COMMIT POINT
       // Move the assets in `srcPayment` into this purse, using up the
       // source payment, such that total assets are conserved.
       deletePayment(srcPayment);
-      updatePurseBalance(newPurseBalance);
+      balanceStore.increment(srcPaymentBalance);
     } catch (err) {
       shutdownLedgerWithFailure(err);
       throw err;
@@ -282,30 +270,19 @@ export const preparePaymentLedger = (
   /**
    * Used by the purse code to implement purse.withdraw
    *
-   * @param {Amount} currentBalance - the current balance of the purse
-   * before a withdrawal
-   * @param {(newPurseBalance: Amount) => void} updatePurseBalance -
-   * commit the purse balance
+   * @param {import('./amountStore.js').AmountStore} balanceStore
    * @param {Amount} amount - the amount to be withdrawn
-   * @param {SetStore<Payment>} recoverySet
+   * @param {SetStore<Payment>} [recoverySet]
    * @returns {Payment}
    */
-  const withdrawInternal = (
-    currentBalance,
-    updatePurseBalance,
-    amount,
-    recoverySet,
-  ) => {
+  const withdrawInternal = (balanceStore, amount, recoverySet = undefined) => {
     amount = coerce(amount);
-    AmountMath.isGTE(currentBalance, amount) ||
-      Fail`Withdrawal of ${amount} failed because the purse only contained ${currentBalance}`;
-    const newPurseBalance = subtract(currentBalance, amount);
-
     const payment = makePayment();
+    // COMMIT POINT Move the withdrawn assets from this purse into
+    // payment. Total assets must remain conserved.
+    balanceStore.decrement(amount) ||
+      Fail`Withdrawal of ${amount} failed because the purse only contained ${balanceStore.getAmount()}`;
     try {
-      // COMMIT POINT Move the withdrawn assets from this purse into
-      // payment. Total assets must remain conserved.
-      updatePurseBalance(newPurseBalance);
       initPayment(payment, amount, recoverySet);
     } catch (err) {
       shutdownLedgerWithFailure(err);
@@ -314,8 +291,10 @@ export const preparePaymentLedger = (
     return payment;
   };
 
+  /** @type {() => Purse<K>} */
+  // @ts-expect-error type parameter confusion
   const makeEmptyPurse = preparePurseKind(
-    issuerBaggage,
+    issuerZone,
     name,
     assetKind,
     brand,
@@ -324,11 +303,17 @@ export const preparePaymentLedger = (
       depositInternal,
       withdrawInternal,
     }),
+    recoverySetsState,
+    paymentRecoverySets,
   );
 
   /** @type {Issuer<K>} */
-  // @ts-expect-error cast due to callWhen discrepancy
-  const issuer = prepareExo(issuerBaggage, `${name} issuer`, IssuerI, {
+  // Should be
+  // at-ts-expect-error cast due to callWhen discrepancy
+  // but ran into the usual disagreement between local lint and CI
+  // eslint-disable-next-line @typescript-eslint/prefer-ts-expect-error
+  // @ts-ignore
+  const issuer = issuerZone.exo(`${name} issuer`, IssuerI, {
     getBrand() {
       return brand;
     },
@@ -378,23 +363,31 @@ export const preparePaymentLedger = (
   /**
    * Provides for the recovery of newly minted but not-yet-deposited payments.
    *
-   * Because the `mintRecoveryPurse` is placed in baggage, even if the
-   * caller of `makeIssuerKit` drops it on the floor, it can still be
-   * recovered in an emergency upgrade.
-   *
-   * @type {Purse<K>}
+   * Because the `mintRecoveryPurse` is placed in baggage, even if the caller of
+   * `makeIssuerKit` drops it on the floor, it can still be recovered in an
+   * emergency upgrade.
    */
-  const mintRecoveryPurse = provide(issuerBaggage, 'mintRecoveryPurse', () =>
-    makeEmptyPurse(),
+  // Should be
+  // at-ts-expect-error checked cast
+  // but ran into the usual disagreement between local lint and IDE lint.
+  // Don't know yet about lint under CI.
+  // eslint-disable-next-line @typescript-eslint/prefer-ts-expect-error
+  // @ts-ignore
+  const mintRecoveryPurse = /** @type {Purse<K>} */ (
+    issuerZone.makeOnce('mintRecoveryPurse', () => makeEmptyPurse())
   );
 
   /** @type {Mint<K>} */
-  const mint = prepareExo(issuerBaggage, `${name} mint`, MintI, {
+  const mint = issuerZone.exo(`${name} mint`, MintI, {
     getIssuer() {
       return issuer;
     },
     mintPayment(newAmount) {
-      // @ts-expect-error checked cast
+      // Should be
+      // at-ts-expect-error checked cast
+      // but ran into the usual disagreement between local lint and CI
+      // eslint-disable-next-line @typescript-eslint/prefer-ts-expect-error
+      // @ts-ignore
       newAmount = coerce(newAmount);
       mustMatch(newAmount, amountShape, 'minted amount');
       // `rawPayment` is not associated with any recovery set, and

package/src/purse.js

@@ -1,27 +1,72 @@
-import { M } from '@agoric/store';
-import { prepareExoClassKit, makeScalarBigSetStore } from '@agoric/vat-data';
+import { M, makeCopySet } from '@agoric/store';
 import { AmountMath } from './amountMath.js';
 import { makeTransientNotifierKit } from './transientNotifier.js';
+import { makeAmountStore } from './amountStore.js';
 
 const { Fail } = assert;
 
+const EMPTY_COPY_SET = makeCopySet([]);
+
+// TODO Type InterfaceGuard better than InterfaceGuard<any>
+/**
+ * @param {import('@agoric/zone').Zone} issuerZone
+ * @param {string} name
+ * @param {AssetKind} assetKind
+ * @param {Brand} brand
+ * @param {{
+ *   purse: import('@endo/patterns').InterfaceGuard<any>;
+ *   depositFacet: import('@endo/patterns').InterfaceGuard<any>;
+ * }} PurseIKit
+ * @param {{
+ *   depositInternal: any;
+ *   withdrawInternal: any;
+ * }} purseMethods
+ * @param {RecoverySetsOption} recoverySetsState
+ * @param {WeakMapStore<Payment, SetStore<Payment>>} paymentRecoverySets
+ */
 export const preparePurseKind = (
-  issuerBaggage,
+  issuerZone,
   name,
   assetKind,
   brand,
   PurseIKit,
   purseMethods,
+  recoverySetsState,
+  paymentRecoverySets,
 ) => {
   const amountShape = brand.getAmountShape();
 
   // Note: Virtual for high cardinality, but *not* durable, and so
   // broken across an upgrade.
+  // TODO propagate zonifying to notifiers, maybe?
   const { provideNotifier, update: updateBalance } = makeTransientNotifierKit();
 
-  const updatePurseBalance = (state, newPurseBalance, purse) => {
-    state.currentBalance = newPurseBalance;
-    updateBalance(purse, purse.getCurrentAmount());
+  /**
+   * If `recoverySetsState === 'hasRecoverySets'` (the normal state), then just
+   * return `state.recoverySet`.
+   *
+   * If `recoverySetsState === 'noRecoverySets'`, return `undefined`. Callers
+   * must be aware that the `undefined` return happens iff `recoverySetsState
+   * === 'noRecoverySets'`, and to avoid storing or retrieving anything from the
+   * actual recovery set.
+   *
+   * @param {{ recoverySet: SetStore<Payment> }} state
+   * @returns {SetStore<Payment> | undefined}
+   */
+  const maybeRecoverySet = state => {
+    const { recoverySet } = state;
+    if (recoverySetsState === 'hasRecoverySets') {
+      return recoverySet;
+    } else {
+      recoverySetsState === 'noRecoverySets' ||
+        Fail`recoverSetsState must be noRecoverySets if it isn't hasRecoverSets`;
+      paymentRecoverySets !== undefined ||
+        Fail`paymentRecoverySets must always be defined`;
+      recoverySet.getSize() === 0 ||
+        Fail`With noRecoverySets, recoverySet must be empty`;
+
+      return undefined;
+    }
   };
 
   // - This kind is a pair of purse and depositFacet that have a 1:1
@@ -31,17 +76,14 @@ export const preparePurseKind = (
   //   that created depositFacet as needed. But this approach ensures a constant
   //   identity for the facet and exercises the multi-faceted object style.
   const { depositInternal, withdrawInternal } = purseMethods;
-  const makePurseKit = prepareExoClassKit(
-    issuerBaggage,
+  const makePurseKit = issuerZone.exoClassKit(
     `${name} Purse`,
     PurseIKit,
     () => {
       const currentBalance = AmountMath.makeEmpty(brand, assetKind);
 
       /** @type {SetStore<Payment>} */
-      const recoverySet = makeScalarBigSetStore('recovery set', {
-        durable: true,
-      });
+      const recoverySet = issuerZone.detached().setStore('recovery set');
 
       return {
         currentBalance,
@@ -54,28 +96,36 @@ export const preparePurseKind = (
           // PurseI does *not* delay `deposit` until `srcPayment` is fulfulled.
           // See the comments on PurseI.deposit in typeGuards.js
           const { state } = this;
+          const { purse } = this.facets;
+          const balanceStore = makeAmountStore(state, 'currentBalance');
           // Note COMMIT POINT within deposit.
-          return depositInternal(
-            state.currentBalance,
-            newPurseBalance =>
-              updatePurseBalance(state, newPurseBalance, this.facets.purse),
+          const srcPaymentBalance = depositInternal(
+            balanceStore,
             srcPayment,
             optAmountShape,
           );
+          updateBalance(purse, balanceStore.getAmount());
+          return srcPaymentBalance;
         },
         withdraw(amount) {
           const { state } = this;
+          const { purse } = this.facets;
+
+          const optRecoverySet = maybeRecoverySet(state);
+          const balanceStore = makeAmountStore(state, 'currentBalance');
           // Note COMMIT POINT within withdraw.
-          return withdrawInternal(
-            state.currentBalance,
-            newPurseBalance =>
-              updatePurseBalance(state, newPurseBalance, this.facets.purse),
+          const payment = withdrawInternal(
+            balanceStore,
             amount,
-            state.recoverySet,
+            optRecoverySet,
           );
+          updateBalance(purse, balanceStore.getAmount());
+          return payment;
         },
         getCurrentAmount() {
-          return this.state.currentBalance;
+          const { state } = this;
+          const balanceStore = makeAmountStore(state, 'currentBalance');
+          return balanceStore.getAmount();
         },
         getCurrentAmountNotifier() {
           return provideNotifier(this.facets.purse);
@@ -89,18 +139,27 @@ export const preparePurseKind = (
         },
 
         getRecoverySet() {
-          return this.state.recoverySet.snapshot();
+          const { state } = this;
+          const optRecoverySet = maybeRecoverySet(state);
+          if (optRecoverySet === undefined) {
+            return EMPTY_COPY_SET;
+          }
+          return optRecoverySet.snapshot();
         },
         recoverAll() {
           const { state, facets } = this;
           let amount = AmountMath.makeEmpty(brand, assetKind);
-          for (const payment of state.recoverySet.keys()) {
+          const optRecoverySet = maybeRecoverySet(state);
+          if (optRecoverySet === undefined) {
+            return amount; // empty at this time
+          }
+          for (const payment of optRecoverySet.keys()) {
             // This does cause deletions from the set while iterating,
             // but this special case is allowed.
             const delta = facets.purse.deposit(payment);
             amount = AmountMath.add(amount, delta, brand);
           }
-          state.recoverySet.getSize() === 0 ||
+          optRecoverySet.getSize() === 0 ||
             Fail`internal: Remaining unrecovered payments: ${facets.purse.getRecoverySet()}`;
           return amount;
         },

package/src/typeGuards.js

@@ -1,6 +1,6 @@
 // @jessie-check
 
-import { M, matches } from '@agoric/store';
+import { M, matches, getInterfaceGuardPayload } from '@endo/patterns';
 
 export const BrandShape = M.remotable('Brand');
 export const IssuerShape = M.remotable('Issuer');
@@ -11,62 +11,56 @@ export const NotifierShape = M.remotable('Notifier');
 export const MintShape = M.remotable('Mint');
 
 /**
- * When the AmountValue of an Amount fits the NatValueShape, i.e., when it is
- * a non-negative bigint, then it represents that many units of the
- * fungible asset represented by that amount. The brand of that amount
- * should indeed represent a kind of asset consisting of a countable
- * set of fungible units.
+ * When the AmountValue of an Amount fits the NatValueShape, i.e., when it is a
+ * non-negative bigint, then it represents that many units of the fungible asset
+ * represented by that amount. The brand of that amount should indeed represent
+ * a kind of asset consisting of a countable set of fungible units.
  */
 const NatValueShape = M.nat();
 
 /**
  * When the AmountValue of an Amount fits the CopySetValueShape, i.e., when it
- * is a CopySet, then it represents the set of those
- * keys, where each key represents some individual non-fungible
- * item, like a concert ticket, from the non-fungible asset class
- * represented by that amount's brand. The amount itself represents
- * the set of these items, as opposed to any of the other items
- * from the same asset class.
+ * is a CopySet, then it represents the set of those keys, where each key
+ * represents some individual non-fungible item, like a concert ticket, from the
+ * non-fungible asset class represented by that amount's brand. The amount
+ * itself represents the set of these items, as opposed to any of the other
+ * items from the same asset class.
  *
- * If a given value class represents concert tickets, it seems bizarre
- * that we can form amounts of any key. The hard constraint is that
- * the code that holds the mint for that asset class---the one associated
- * with that brand, only mints the items representing the real units
- * of that asset class as defined by it. Anyone else can put together
- * an amount expressing, for example, that they "want" some items that
- * will never be minted. That want will never be satisfied.
- * "You can't always get..."
+ * If a given value class represents concert tickets, it seems bizarre that we
+ * can form amounts of any key. The hard constraint is that the code that holds
+ * the mint for that asset class---the one associated with that brand, only
+ * mints the items representing the real units of that asset class as defined by
+ * it. Anyone else can put together an amount expressing, for example, that they
+ * "want" some items that will never be minted. That want will never be
+ * satisfied. "You can't always get..."
  */
 const CopySetValueShape = M.set();
 
 /**
- * When the AmountValue of an Amount fits the SetValueShape, i.e., when it
- * is a CopyArray of passable Keys. This representation is deprecated.
+ * When the AmountValue of an Amount fits the SetValueShape, i.e., when it is a
+ * CopyArray of passable Keys. This representation is deprecated.
  *
  * @deprecated Please change from using array-based SetValues to CopySet-based
- * CopySetValues.
+ *   CopySetValues.
  */
 const SetValueShape = M.arrayOf(M.key());
 
 /**
  * When the AmountValue of an Amount fits the CopyBagValueShape, i.e., when it
- * is a CopyBag, then it represents the bag (multiset) of those
- * keys, where each key represents some individual semi-fungible
- * item, like a concert ticket, from the semi-fungible asset class
- * represented by that amount's brand. The number of times that key
- * appears in the bag is the number of fungible units of that key.
- * The amount itself represents
- * the bag of these items, as opposed to any of the other items
- * from the same asset class.
+ * is a CopyBag, then it represents the bag (multiset) of those keys, where each
+ * key represents some individual semi-fungible item, like a concert ticket,
+ * from the semi-fungible asset class represented by that amount's brand. The
+ * number of times that key appears in the bag is the number of fungible units
+ * of that key. The amount itself represents the bag of these items, as opposed
+ * to any of the other items from the same asset class.
  *
- * If a given value class represents concert tickets, it seems bizarre
- * that we can form amounts of any key. The hard constraint is that
- * the code that holds the mint for that asset class---the one associated
- * with that brand, only mints the items representing the real units
- * of that asset class as defined by it. Anyone else can put together
- * an amount expressing, for example, that they "want" some items that
- * will never be minted. That want will never be satisfied.
- * "You can't always get..."
+ * If a given value class represents concert tickets, it seems bizarre that we
+ * can form amounts of any key. The hard constraint is that the code that holds
+ * the mint for that asset class---the one associated with that brand, only
+ * mints the items representing the real units of that asset class as defined by
+ * it. Anyone else can put together an amount expressing, for example, that they
+ * "want" some items that will never be minted. That want will never be
+ * satisfied. "You can't always get..."
  */
 const CopyBagValueShape = M.bag();
 
@@ -106,11 +100,11 @@ export const isCopySetValue = value => matches(value, CopySetValueShape);
 harden(isCopySetValue);
 
 /**
- * Returns true if value is a pass by copy array structure. Does not
- * check for duplicates. To check for duplicates, use setMathHelpers.coerce.
+ * Returns true if value is a pass by copy array structure. Does not check for
+ * duplicates. To check for duplicates, use setMathHelpers.coerce.
  *
  * @deprecated Please change from using array-based SetValues to CopySet-based
- * CopySetValues.
+ *   CopySetValues.
  * @param {AmountValue} value
  * @returns {value is SetValue}
  */
@@ -218,7 +212,7 @@ export const makeIssuerInterfaces = (
   });
 
   const DepositFacetI = M.interface('DepositFacet', {
-    receive: PurseI.methodGuards.deposit,
+    receive: getInterfaceGuardPayload(PurseI).methodGuards.deposit,
   });
 
   const PurseIKit = harden({