@agoric/fast-usdc 0.1.1-other-dev-3eb1a1d.0 → 0.1.1-upgrade-19-dev-c605745.0

package/src/exos/transaction-feed.js

@@ -1,28 +1,40 @@
 import { makeTracer } from '@agoric/internal';
 import { prepareDurablePublishKit } from '@agoric/notifier';
-import { M } from '@endo/patterns';
-import { CctpTxEvidenceShape } from '../type-guards.js';
+import { keyEQ, M } from '@endo/patterns';
+import { Fail, quote } from '@endo/errors';
+import { CctpTxEvidenceShape, RiskAssessmentShape } from '../type-guards.js';
 import { defineInertInvitation } from '../utils/zoe.js';
 import { prepareOperatorKit } from './operator-kit.js';
 
 /**
  * @import {Zone} from '@agoric/zone';
+ * @import {MapStore} from '@agoric/store';
  * @import {OperatorKit} from './operator-kit.js';
- * @import {CctpTxEvidence} from '../types.js';
+ * @import {CctpTxEvidence, EvidenceWithRisk, RiskAssessment} from '../types.js';
  */
 
 const trace = makeTracer('TxFeed', true);
 
+/**
+ * @typedef {Pick<OperatorKit, 'invitationMakers' | 'operator'>} OperatorOfferResult
+ */
+
 /** Name in the invitation purse (keyed also by this contract instance) */
 export const INVITATION_MAKERS_DESC = 'oracle operator invitation';
 
 const TransactionFeedKitI = harden({
   operatorPowers: M.interface('Transaction Feed Admin', {
-    submitEvidence: M.call(CctpTxEvidenceShape, M.any()).returns(),
+    attest: M.call(
+      CctpTxEvidenceShape,
+      RiskAssessmentShape,
+      M.string(),
+    ).returns(),
   }),
   creator: M.interface('Transaction Feed Creator', {
-    // TODO narrow the return shape to OperatorKit
-    initOperator: M.call(M.string()).returns(M.record()),
+    initOperator: M.call(M.string()).returns({
+      invitationMakers: M.remotable(),
+      operator: M.remotable(),
+    }),
     makeOperatorInvitation: M.call(M.string()).returns(M.promise()),
     removeOperator: M.call(M.string()).returns(),
   }),
@@ -31,6 +43,28 @@ const TransactionFeedKitI = harden({
   }),
 });
 
+/**
+ * @param {MapStore<string, RiskAssessment>[]} riskStores
+ * @param {string} txHash
+ */
+const allRisksIdentified = (riskStores, txHash) => {
+  /**  @type {Set<string>} */
+  const setOfRisks = new Set();
+  for (const store of riskStores) {
+    const next = store.get(txHash);
+    for (const risk of next.risksIdentified ?? []) {
+      setOfRisks.add(risk);
+    }
+  }
+  return [...setOfRisks.values()].sort();
+};
+
+export const stateShape = {
+  operators: M.remotable(),
+  pending: M.remotable(),
+  risks: M.remotable(),
+};
+
 /**
  * @param {Zone} zone
  * @param {ZCF} zcf
@@ -41,7 +75,7 @@ export const prepareTransactionFeedKit = (zone, zcf) => {
     kinds,
     'Transaction Feed',
   );
-  /** @type {PublishKit<CctpTxEvidence>} */
+  /** @type {PublishKit<EvidenceWithRisk>} */
   const { publisher, subscriber } = makeDurablePublishKit();
 
   const makeInertInvitation = defineInertInvitation(zcf, 'submitting evidence');
@@ -55,14 +89,12 @@ export const prepareTransactionFeedKit = (zone, zcf) => {
     TransactionFeedKitI,
     () => {
       /** @type {MapStore<string, OperatorKit>} */
-      const operators = zone.mapStore('operators', {
-        durable: true,
-      });
+      const operators = zone.mapStore('operators');
       /** @type {MapStore<string, MapStore<string, CctpTxEvidence>>} */
-      const pending = zone.mapStore('pending', {
-        durable: true,
-      });
-      return { operators, pending };
+      const pending = zone.mapStore('pending');
+      /** @type {MapStore<string, MapStore<string, RiskAssessment>>} */
+      const risks = zone.mapStore('risks');
+      return { operators, pending, risks };
     },
     {
       creator: {
@@ -72,14 +104,14 @@ export const prepareTransactionFeedKit = (zone, zcf) => {
          * CCTP transactions.
          *
          * @param {string} operatorId unique per contract instance
-         * @returns {Promise<Invitation<OperatorKit>>}
+         * @returns {Promise<Invitation<OperatorOfferResult>>}
          */
         makeOperatorInvitation(operatorId) {
           const { creator } = this.facets;
           trace('makeOperatorInvitation', operatorId);
 
           return zcf.makeInvitation(
-            /** @type {OfferHandler<OperatorKit>} */
+            /** @type {OfferHandler<OperatorOfferResult>} */
             seat => {
               seat.exit();
               return creator.initOperator(operatorId);
@@ -87,9 +119,12 @@ export const prepareTransactionFeedKit = (zone, zcf) => {
             INVITATION_MAKERS_DESC,
           );
         },
-        /** @param {string} operatorId */
+        /**
+         * @param {string} operatorId
+         * @returns {OperatorOfferResult}
+         */
         initOperator(operatorId) {
-          const { operators, pending } = this.state;
+          const { operators, pending, risks } = this.state;
           trace('initOperator', operatorId);
 
           const operatorKit = makeOperatorKit(
@@ -101,12 +136,18 @@ export const prepareTransactionFeedKit = (zone, zcf) => {
             operatorId,
             zone.detached().mapStore('pending evidence'),
           );
+          risks.init(operatorId, zone.detached().mapStore('risk assessments'));
 
-          return operatorKit;
+          // Subset facets to all the off-chain operator needs
+          const { invitationMakers, operator } = operatorKit;
+          return {
+            invitationMakers,
+            operator,
+          };
         },
 
         /** @param {string} operatorId */
-        async removeOperator(operatorId) {
+        removeOperator(operatorId) {
           const { operators } = this.state;
           trace('removeOperator', operatorId);
           const operatorKit = operators.get(operatorId);
@@ -118,23 +159,17 @@ export const prepareTransactionFeedKit = (zone, zcf) => {
         /**
          * Add evidence from an operator.
          *
+         * NB: the operatorKit is responsible for
+         *
          * @param {CctpTxEvidence} evidence
-         * @param {OperatorKit} operatorKit
+         * @param {RiskAssessment} riskAssessment
+         * @param {string} operatorId
          */
-        submitEvidence(evidence, operatorKit) {
-          const { pending } = this.state;
-          trace(
-            'submitEvidence',
-            operatorKit.operator.getStatus().operatorId,
-            evidence,
-          );
-          const { operatorId } = operatorKit.operator.getStatus();
-
-          // TODO should this verify that the operator is one made by this exo?
-          // This doesn't work...
-          // operatorKit === operators.get(operatorId) ||
-          //   Fail`operatorKit mismatch`;
+        attest(evidence, riskAssessment, operatorId) {
+          const { operators, pending, risks } = this.state;
+          trace('attest', operatorId, evidence);
 
+          // TODO https://github.com/Agoric/agoric-sdk/pull/10720
           // TODO validate that it's a valid for Fast USDC before accepting
           // E.g. that the `recipientAddress` is the FU settlement account and that
           // the EUD is a chain supported by FU.
@@ -147,6 +182,9 @@ export const prepareTransactionFeedKit = (zone, zcf) => {
               trace(`operator ${operatorId} already reported ${txHash}`);
             } else {
               pendingStore.init(txHash, evidence);
+              // accept the risk assessment as well
+              const riskStore = risks.get(operatorId);
+              riskStore.init(txHash, riskAssessment);
             }
           }
 
@@ -154,25 +192,66 @@ export const prepareTransactionFeedKit = (zone, zcf) => {
           const found = [...pending.values()].filter(store =>
             store.has(txHash),
           );
-          // TODO determine the real policy for checking agreement
-          if (found.length < pending.getSize()) {
-            // not all have seen it
+          const minAttestations = Math.ceil(operators.getSize() / 2);
+          trace(
+            'transaction',
+            txHash,
+            'has',
+            found.length,
+            'of',
+            minAttestations,
+            'necessary attestations',
+          );
+          if (found.length < minAttestations) {
             return;
           }
 
-          // TODO verify that all found deep equal
+          let lastEvidence;
+          for (const store of found) {
+            const next = store.get(txHash);
+            if (lastEvidence) {
+              if (keyEQ(lastEvidence, next)) {
+                lastEvidence = next;
+              } else {
+                trace(
+                  '🚨 conflicting evidence for',
+                  txHash,
+                  ':',
+                  lastEvidence,
+                  '!=',
+                  next,
+                );
+                Fail`conflicting evidence for ${quote(txHash)}`;
+              }
+            }
+            lastEvidence = next;
+          }
+
+          const riskStores = [...risks.values()].filter(store =>
+            store.has(txHash),
+          );
+          // take the union of risks identified from all operators
+          const risksIdentified = allRisksIdentified(riskStores, txHash);
 
-          // all agree, so remove from pending and publish
-          for (const pendingStore of pending.values()) {
-            pendingStore.delete(txHash);
+          // sufficient agreement, so remove from pending risks, then publish
+          for (const store of found) {
+            store.delete(txHash);
+          }
+          for (const store of riskStores) {
+            store.delete(txHash);
           }
-          publisher.publish(evidence);
+          trace('publishing evidence', evidence, risksIdentified);
+          publisher.publish({
+            evidence,
+            risk: { risksIdentified },
+          });
         },
       },
       public: {
         getEvidenceSubscriber: () => subscriber,
       },
     },
+    { stateShape },
   );
 };
 harden(prepareTransactionFeedKit);

package/src/fast-usdc-policy.core.js

@@ -0,0 +1,65 @@
+/** @file core-eval to publish update to Fast USDC feedPolicy */
+
+import { E } from '@endo/far';
+import { fromExternalConfig } from './utils/config-marshal.js';
+import { FeedPolicyShape } from './type-guards.js';
+import { publishFeedPolicy } from './utils/core-eval.js';
+
+/**
+ * @import {Issuer} from '@agoric/ertp';
+ * @import {Passable} from '@endo/pass-style'
+ * @import {BootstrapManifest} from '@agoric/vats/src/core/lib-boot.js'
+ * @import {LegibleCapData} from './utils/config-marshal.js'
+ * @import {FeedPolicy} from './types.js'
+ */
+
+const contractName = 'fastUsdc';
+
+/**
+ * @param {BootstrapPowers &
+ *  { consume: { chainStorage: Promise<StorageNode> }}
+ * } powers
+ * @param {{ options: LegibleCapData<{feedPolicy: FeedPolicy & Passable}> }} config
+ */
+export const updateFastUsdcPolicy = async (
+  { consume: { agoricNames, chainStorage } },
+  config,
+) => {
+  /** @type {Issuer<'nat'>} */
+  const USDCissuer = await E(agoricNames).lookup('issuer', 'USDC');
+  const brands = harden({
+    USDC: await E(USDCissuer).getBrand(),
+  });
+  const { feedPolicy } = fromExternalConfig(
+    config.options,
+    brands,
+    harden({ feedPolicy: FeedPolicyShape }),
+  );
+
+  const storageNode = await E(chainStorage).makeChildNode(contractName);
+
+  await publishFeedPolicy(storageNode, feedPolicy);
+};
+
+/**
+ * @param {unknown} _utils
+ * @param {{
+ *   options: LegibleCapData<{feedPolicy: FeedPolicy & Passable}>;
+ * }} param1
+ */
+export const getManifestForUpdateFastUsdcPolicy = (_utils, { options }) => {
+  return {
+    /** @type {BootstrapManifest} */
+    manifest: {
+      [updateFastUsdcPolicy.name]: {
+        consume: {
+          chainStorage: true,
+
+          // widely shared: name services
+          agoricNames: true,
+        },
+      },
+    },
+    options,
+  };
+};