April 5, 2021

March 22, 2021

  • We have published SES v0.12.4 with five features that expand usability.

  • Zoe and Zoe contracts now use the new, static version of AmountMath, which is a lot easier to use. The old version is still available but is deprecated and will be removed in the next few weeks, so please upgrade your contracts and dapps!

  • We deployed a new devnet to get some experience with the latest software release we’re going to use in our first phase of the incentivized testnet.

  • We added a new package to agoric-sdk called ui-components. Dapp developers can use these reusable React MaterialUI components for things such as displaying and collecting user input for amounts of fungible tokens. We will be adding more to this package and releasing it to npm soon!

  • Work continues to move contract execution to the XS JavaScript engine. Instrumentation was added to collect detailed timing statistics from running validators and follower nodes.

March 15, 2021

  • We made a change to ERTP to reduce the amount of RAM needed. Payments are now “virtual objects”, meaning that payments are in external storage, and new payment objects are created to represent each payment as needed. Importantly, payments no longer retain the same object identity, so please be careful not to depend on identity comparison for payments. For more on the low-level technology, see this writeup on virtual objects.

  • The SwingSet kernel now supports invoking the asyncIterator method between vats. The comms protocol handles previously-resolved Promises better than before. Work has begun on cross-vat garbage collection, to reduce memory usage for long-running contracts.

  • In contracts and other vat code, all empty objects (harden( { } )) are now pass-by-copy, just like any other form of data. Previously they were pass-by-reference, like objects with methods. It was common to use an empty object as a “handle” or key in a store or a WeakMap. Now you must use Far(‘some interface name’, {}) to create such handles. The @agoric/store table will reject attempts to use a pass-by-copy empty object as a key to detect mistakes.

  • Errors that occur during vat operations may now be reported differently. We’re working to include better stack traces for user display, but also hide confidential details from intermediate code which might try to catch the exceptions.

March 8, 2021

  • We added a new, static form of AmountMath that simplifies its usage. Instead of keeping an amountMath per brand in ERTP, developers can now simply import amountMath from @agoric/ertp and use it directly. The old version of amountMath is deprecated and will be removed in the next few weeks.

  • The SES Compartment Mapper is now fully checked with TypeScript. The next release of SES exports more Compartment related type definitions.

March 1, 2021

  • We added support for ratios for scaling amounts. We’ve noticed that contracts (loan, call spread, autoswap) often want to multiply an amount by a ratio (interest rate, reserve ratio, long/short share). Our ratios know what brands they can be applied to, which can help prevent a variety of errors.

  • The failures of different forms of assert can now cause different severities of termination/recovery action, from throwing an error to abruptly terminating the containing vat. We plan to use this in Zoe for contract failure.

  • The SES Demo Console page and the SES Challenge page are both operational again and work well across all browsers. However these pages are not yet hosted and live.

  • Preparations are underway to support distributed garbage collection in the SwingSet comms protocol.

February 22, 2021

  • For ERTP/Zoe, we are in the process of upgrading to Nat 4.0.0, which uses BigInts. The fungible token values are now BigInts rather than numbers, and all deadlines, expiration dates, and other time-related values are also BigInts. If you currently are working on a dapp, we will have documentation to help with the upgrade process, as this is a breaking change.

  • We completed the Stargate upgrade, including IBC, and joined the rest of the Cosmos ecosystem in supporting and celebrating the launch of Stargate.

February 15, 2021

  • We added Prometheus metrics to cosmic-swingset to facilitate analyzing actual validator behaviour. This gives us data for tuning scheduler parameters.

  • The SwingSet kernel now returns fine-grained metering information to the host application, allowing hosts (such as the cosmic-swingset blockchain environment) to more accurately limit the amount of work done in each block.

  • After some collaboration on the Cosmos IBC Relayer, the next testnet upgrade to a post-Stargate Cosmos SDK will continue to work with our dIBC (dynamic IBC) system.

February 8, 2021

  • The Agoric “SwingSet” kernel can now run most vats under the XS JavaScript engine using a helper tool named “xsnap”, which will enable fast restarts of vat snapshots. Also, the kernel now retires all locally-resolved Promises, reducing memory and storage needs.

  • We integrated cosmos-sdk v0.41.0 (post-Stargate) in the agoric-sdk repository.

  • We are working on a refactoring of amountMath to make it easier to use, and changed percentMath to allow for percents over 100%, such as for collateral requirements.

February 1, 2021

  • We’ve made excellent progress towards integrating the XS JavaScript engine into the Agoric “SwingSet” kernel, via the “xsnap” tool, which will enable fast resumption of a previously-saved vat snapshot.

  • Our work on making Nat work for BigInts is published on npm.

  • We fixed a bug in Multipool Autoswap that was calculating prices incorrectly, and also changed Multipool Autoswap to give users more a refund back if they could pay less to get the same outcome.

  • We’ve explained our deep stacks logging for distributed debugging.

January 25, 2021

Monday January 18

  • We created an end-to-end demo of our economic system, including transferring wrapped ETH from Ethereum to Peggy, then to the Agoric chain using IBC and Pegasus. The demo included taking out a loan using the wrapped ETH on the Agoric chain, receiving Agoric tokens in return, and then using a constant-product AMM to trade the Agoric tokens for a leveraged position.

Monday January 11

  • New package, deploy-script-support, has been added to agoric-sdk and is full of helpers that make it easier to install contracts, start contract instances, and make Zoe offers.

  • In collaboration with Moddable, we’ve built a JavaScript worker that can save to and load from snapshots of a running process. This will allow Agoric chain validators to restart swiftly, and to page out inactive vats to reduce memory consumption.

Monday December 21

  • We’re putting together a package of helpers to add new ways of interacting with Zoe contracts. This is part of a larger goal of improving the Agoric wallet.

  • Work continues on garbage collection and integration with the XS runtime.

  • We’re setting up a temporary Peggy chain to help refine its integration with IBC.

  • We are working with Moddable to streamline debugging run-time evaluated code with the XS engine.

Monday December 14

  • Testnet was updated to Stargate-rc4.

  • We are working on improving the wallet experience so that users can more easily interact with Zoe contracts.

  • Work continues on improving promise retirement and garbage collection in the Agoric “SwingSet” kernel.

  • We are testing the Agoric JavaScript execution environment on the Moddable XS engine.

Monday December 7

  • We added a new helper to Zoe (offerTo) that makes it easy for one contract instance to make offers to another contract instance.

  • We are working on a demo of end-to-end foreign token transfers over IBC.

  • SES and Agoric SDK now both use Ava for tests and conform to the same style guide.

Monday November 23

  • We updated agoric-sdk to Stargate rc3 with the intent of deploying it to the testnet in the coming weeks.

  • Meeting with ECMA TC-39 last week, in particular we’re excited to see progress for module blocks, JSON modules, and error cause properties.

  • We now have a second call-spread contract, funded by the parties holding the two positions.

Monday November 16

  • We added a displayInfo parameter to makeIssuerKit in ERTP. displayInfo allows the creator of a new kind of digital asset to set properties such as the number of decimal places to move the decimal to the left when displaying. The settings can be obtained by calling brand.getDisplayInfo()

  • We also added more documentation for oracles, and the call spread and loan contract.

Monday November 9

  • We have published SES version 0.11.0 that hides stack traces from callers and reveals them to the console, and an assert global that similarly carries error details.

  • We made several ergonomic improvements to the SwingSet “virtual object” APIs, which enable large tables to be kept in secondary storage rather than RAM.

  • We’ve deployed a new hacktheorb testnet where hackathon participants can test their dapps.

  • We added a basic loan contract, which allows a borrower to take out a loan if they escrow adequate collateral. If the value of the collateral falls, the collateral may be liquidated (sold for money) to pay back the lender.

Monday November 2

  • We wrote a contract that implements a fully collateralized financially settled call-spread option contract.

  • We designed and tested the API for an on-chain home.priceAuthority to allow convenient price data triggers for contracts to use. Next is wiring that up to the Chainlink oracles and other sources (such as on-chain AMMs).

  • Vats can now store large tables on disk, instead of purely in memory, with elegant code that mimics what an in-memory store would look like.

Monday October 26

  • The core Chainlink integration works end-to-end.

  • Zip archives will soon be available as an alternative to Rollup for deployment: progress toward carrying non-JS resources and sandboxing third-party dependencies.

  • We added a new demo, dapp-card-store, that shows how to sell baseball cards as non-fungible tokens in an online store. Buying a card is as simple as clicking on a card and approving the offer in your wallet. This demo has a few easter eggs within it, so make sure to check it out locally.

  • Work has begun on adding cross-vat garbage collection to the swingset kernel, using JavaScript WeakRefs in a locally-non-deterministic mode.

Monday October 19

  • The Stargate-based Agoric testnet-3 is up-and-smoke-tested.

  • We added a new, very simple dapp that mints fungible tokens. It’s a great place to get started with development on Agoric.

  • SwingSet has received the first set of secondary-storage syscalls, and work is underway on user-level APIs.

  • Improvements to debugging under SES are coming. Errors can be privately annotated for “debugger eyes only”.

Monday October 12

  • This week we updated the Agoric SDK to Cosmos SDK pre-0.40 (the Stargate version).

  • We have the new call-spread option contract working now.

  • We are in the progress of adding offline secondary storage to SwingSet vats, enabling them to address larger data sets without consuming unnecessary RAM.

  • We have made some progress getting more npm ecosystem libraries running under SES.

  • CosmJS will soon be able to run and run its tests with SES enabled.

Monday October 5

  • We’ve published SES v0.10.4 with a fix for ses/lockdown and an improved solution to the “property override mistake”.

  • There’s a new repository for the OTC Desk Contract and tests.

  • The Agoric “SwingSet” kernel can now terminate vats cleanly from inside, enabling contracts to indicate when their job is done and their code should be deleted to reclaim space. In addition, the Moddable “XS” JavaScript engine is now used to build a vat worker which is tested as part of the regular CI job.

  • We are continuing ChainLink oracle integration with a basic oracle contract that will be consumed by higher-order contracts.

Monday September 28

  • The Agoric “SwingSet” kernel now has a clean separation between the “initialize” operation and the “run” phase, making it easier to upgrade the underlying blockchain or solo host application without affecting vat state.

  • We deployed a new testnet corresponding to our alpha Adriatic release.

  • We began work on a simple oracle dApp.

  • We have released the first version of the SES Compartment Mapper, for loading Node.js packages (ESM & CJS) as separate Compartments.

  • On our documentation site, we instituted a number of continuous integration checks and best practices, including HTML5 validation and automatic spell checking.

  • We worked on cleaning up after vats finish, either successfully or with an error. The party who started a contract instance will be notified when the vat is done. The SwingSet kernel will get notified so it can clean up.

Monday September 21

  • Agoric Alpha has been released. Now developers can build, deploy, and operate sophisticated dApps and DeFi markets.

Monday September 14

  • SES 0.10.3 released with Compartment.evaluate in the minified 35KB ses/lockdown layer, named compartments, and module aliases / redirects.

  • For Zoe and ERTP, we merged in the OTC Desk contract, made the covered call more flexible and added a number of more tests.

  • We’ve updated the docs for the Alpha Release, improved the testing framework to enable better white-box testing of contracts and the contract framework, and started integration of code covered tools.

  • The kernel team spent time designing infrastructure to allow contracts to be upgraded in-place in the future.

  • We’ve deployed our first demonstration Dapp to the testnet.

  • We now have 12 external validators on our testnet, plus the 7 Agoric-operated validators.

Monday September 7

  • Testnet-2.7.2 has been deployed with code from the Agoric alpha release candidate 2.

  • Improved the testing framework and coverage of key APIs like Zoe’s contract facet.

  • Karma 5.2.5 was released today with this change that makes it compatible with SES. Now Karma can verify that systems work even while their environment is frozen to prevent prototype pollution attacks.

  • SES 0.10.3 released with Compartment.evaluate in the minified 35KB ses/lockdown layer, named compartments, and module aliases / redirects.

  • The Agoric “SwingSet” kernel now thoroughly cleans up (unwinding all side-effects) after vats which have been terminated, either by explicit command, or because they overran their metering limits.

Monday August 31

Monday August 24

  • The agoric-sdk repository is moving to the AVA unit test framework.

  • We’re creating a separate alpha release candidate testnet to help polish the alpha release before migrating our current testnet to it.

  • This week we focused on cleaning up the Zoe and ERTP packages in alpha release candidate, closing a large number of open issues in the process. We have some additional updates to the documentation and contracts in the pipeline that will be landing soon, and we will be rewriting and restructuring the tests to be make better use of jigs so as not to have to duplicate the setup code for tests.

  • SES 0.10.2 released with a new moduleMapHook option on Compartment. This enables wildcard and cyclic dependencies between compartments.

Monday August 17

  • This week we merged the alpha release candidate 1 into agoric-sdk master. It includes a redesign of Zoe and ERTP. In ERTP, we made it easier to use different amountMath without needing to understand how amountMath are created. We also organized the files such that everything that is needed can be imported from @agoric/ertp. In Zoe, the APIs on both the contract side and the user side have changed significantly. Rather than using opaque offerHandles to track offers, we took a more object-oriented approach and created a seat abstraction. Clients can manage their position in a contract by calling methods on the seat that they obtain when they make an offer. We believe that these improvements in ERTP and Zoe make both much easier to use. We will be testing and hardening up the code in the next week.

  • The Agoric Swingset kernel now uses a shared “ZCF” bundle for each new contract, reducing transcript storage considerably.

  • We have published SES 0.10.1 to make space for our remote promise shim and a tiny patch defineProperty.

Monday August 10

  • The Agoric Swingset kernel gained the ability to run vats in separate processes, paving the way towards using the XS JavaScript engine.

  • We landed a new design for the default Agoric wallet, using @agoric/captp (an implementation of our remote object protocol), as well as SES in the browser.

  • Our latest testnet has passed 1,000,000 blocks. It will be restarted when we have a new alpha software release.

  • We have published SES 0.10.0 which has a lightweight “ses/lockdown” entry point that includes only “lockdown” and “harden” and only weighs 32KB.

  • We are putting together a Zoe release candidate for the new redesign.

Monday August 3

Monday July 27

  • The SwingSet kernel is undergoing refactoring to enable vats to be run in a child process using the XS JavaScript engine. Dynamic vats have an option to enable or disable metering.

  • We have solidified a plan for basing our VatTP communications layer on IBC, and have begun implementing it this week.

  • Zoe/ERTP: We released a new version of ERTP with a few name changes: https://github.com/Agoric/agoric-sdk/pull/1317. We merged in a large refactoring of Zoe such that each contract instance is running in a new vat with its own copy of the Zoe contract facet: https://github.com/Agoric/agoric-sdk/pull/1288 . We’re currently working on cleaning up the JSDoc/TypeScript types for the Zoe and ERTP APIs and checking in CI and we’ve started on a second refactoring of Zoe. This second refactoring changes many of the APIs, so please be on the lookout for the release and documentation changes in the new few weeks.

  • Changes landed in SES that will allow more off-the-shelf software to run after SES lockdown without compromising the integrity of code run in compartments. In particular, SES now virtualizes V8’s Error API to the extent common software takes advantage of it, and if software needs powers like Math.random or Date.now, they can have it in the start compartment without compromising child compartments.

  • At the TC39 meeting in July Yulia of Mozilla and Agoric’s Chief Scientist Mark S. Miller gave a coordinated pair of presentations on Writing Down Invariants for JavaScript. Yulia’s presentation is at https://docs.google.com/presentation/d/1a9-E87grtSbFGTHMfEJJoVjbHbSTe2PH_ed8StssZ_w/edit#slide=id.p. Mark’s at https://github.com/tc39/agendas/raw/master/2020/07-slides-some-invariants.pdf. They were received very well, and the committee will proceed along these lines.

Monday July 20

  • We incorporated the feedback from the internal hackathon into a new Zoe design which will be rolling out in the next few weeks.

  • We made each contract running under Zoe get spawned in a separate vat, which means that one contract instance crashing won’t affect other contracts. The changes to Zoe’s API are very minor.

Monday July 13

  • SES 0.9.0 has been released.

  • The entire company and few guests participated in an internal hackathon to really dig into our developer experience, documentation, and APIs. We built contracts with Zoe and ERTP for DeFi, pegging, voting, and gaming.

Monday June 29

Monday June 15

  • We now have a proof-of-concept for running, archiving, and running-from-an-archive applications composed of Node.js-style packages, in SES compartments.

  • We’ve won the Gaia award (best technical documentation) for participating in Game of Zones.

Monday June 8

  • We’ve been accumulating changes to Zoe based on feedback from the recent Gitcoin hackathon that will be released soon.

  • For GoZ phase 3, Agoric put together a proof-of-concept Smart Relayer that combines the Agoric JavaScript programming model with Iqlusion’s relayer. The Smart Relayer supports simple JavaScript programs to inspect, analyze, and manipulate packets being relayed. The relayers can talk to smart contracts on an agoric-based “commander” zone, or run standalone. They also should work for any IBC chain that the iqlusion relayer can support.

  • Users can now send and receive payments from other users in the REPL as of this PR.

Monday June 1

  • In Zoe, we split our non-fungible token contract example into a generic contract to sell items and a generic contract that mints the items and launches instances of the sales contract.

  • We’ve added ADR as a proposal to enable “passive” IBC relayers (ones that manage a whole connection and detect when channels come and go), as well as “channel control” messages to allow an application to decide how and whether to handle channel open and close handshakes.

Monday May 18

Monday May 4

  • We made a number of small changes to make Zoe easier to use, including adding two new helpers. escrowAndAllocateTo is a zoeHelper to be used within contracts to escrow a payment and allocate it to a recipient. checkHook is a helper that wraps an offerHook with a check of whether the offer matches the expected proposal format before calling the offerHook.

  • Agoric SDK version 2.3.0 has been released, and the testnet has been updated to it. News includes Zoe 0.6.0 and the dynamic IBC network interface.

Monday April 27

Monday April 20

  • The Agoric dIBC implementation now works across chains, tested with a relayer from gaia<->agoric and agoric<->agoric.

  • Added a notification facility for Zoe so that contract clients can be notified when offers change state, or when the contract signals an event.

  • Refactored the Zoe API to be a) simpler for the contract author, b) simpler for the contract participant, c) simpler to explain, and d) without any loss of expressive power.

Monday April 13

  • Cosmic-swingset (our testnet chain) switched to a more-efficient database-backed kernel storage system.

  • We’ve begun working on loading modules in compartments and decoupling compartments from SES lockdown.

  • Testing interoperability of IBC on Agoric (to and from other chains) has begun. End-to-end dynamic IBC channels in Javascript is the target.

  • This week we added a new example contract running on Zoe which shows how to mint non-fungible tickets for seats at an Opera. The contract sells the tickets for a specific amount per ticket, as set by the user who instantiates the contract. Ticket buyers can look up the available tickets and leverage Zoe for offer safety, guaranteeing that they will either get the tickets they specified or that they will get their money back.

Monday April 6

  • We released v0.5.1 of ERTP. We changed most of the methods in ERTP that accept payments such that they now accept payments or promises that resolve to a payment. The only exception is purse.deposit, which only accepts payments and does not accept promises. This ensures correct ordering, so that a withdrawal call, if made after a deposit call, will always be carried out after the deposit.

  • New testnet with the latest pre-alpha Zoe and the beginnings of dIBC support has been released.

  • Compartments (which is most of SES) made it to stage 1 at TC39.

Monday March 30

  • We released a new version of Zoe (v0.3.0), which makes it easier for users to escrow with Zoe and receive their payouts. This version eliminates the array structure for offer rules and instead allows the user to make their offer using Javascript objects with specialized keys called “keywords”.

  • We’ve started Dynamic IBC implementation.

Friday March 20

  • We have been hard at work on a new release of Zoe. The previous version of Zoe required users to make their offer in the form of arrays that needed elements to be in a specific order. This new version of Zoe introduces the concept of “keywords”. Each contract has its own specific keywords. For instance, an auction might have “Asset” and “Bid”. Keywords are unique identifiers per contract, that tie together the user’s proposal (previously called “offerRules”), the user’s payments to be escrowed by Zoe, and Zoe’s payouts to the user. We think this is a major usability improvement.

  • We now have 4 external validators.

Friday March 13

  • Agoric testnet block explorer is live, and working with the Cosmos SDK IBC branch.

Friday March 6

  • We added the concept of a brand, because the assay (renamed to issuer) was serving two purposes: it was indicating the kind and was a trusted authority for payment and purse validity. This was a problem because where it was used to indicate the kind, like in payment.getBalance(), a user could obtain an assay from the payment, then try to use the assay to verify the payment.

  • New ERTP guide is up.

  • SES v.0.7.0 is up.

Friday February 28

  • Testnet has been upgraded: it now has Zoe and IBC-Alpha integrated, and the Pixel Demo has been scraped off in favor of a simple wallet. Please note you will need to update your SOLO_NAME and request a new provisioning code.

  • New ERTP API has a separation of Brand from Issuer. More general remote creations of amountMath, enabling Zoe to handle more kinds of remote assets.

  • New versions of realms-shim and SES were published to NPM. These add support for the instrumentation of code for basic “gas metering”.

Friday February 7

  • We released ERTP 0.3.0 which strips down ERTP to the essentials. Other files such as utility functions were moved to their own npm packages. The “contractHost” has been moved out of ERTP and shelved.

  • Work is underway to port the “Swingset” execution environment to the new version of SES.

  • Working on integrating module support to ses-beta.

Friday January 31

Friday January 24

  • SwingSet can now install new code in a distinct vat at runtime.

  • Zoe v0.2.0 was released! This update simplifies the process of escrowing with Zoe.

Friday January 17

  • We’ve made good progress on rewriting the purse and paymentKeepers to make sure that currency is conserved on each call.

  • We’ve created a Compartment ShIm in XS that overrides the native one and allows us to experience non-flat module maps.

Friday January 10

  • We’ve completed the SES-shim 2.0 beta which is public now.

  • All of the current ERTP and Zoe tasks are now organized into project boards and we’ve grouped the breaking changes into expected release milestones.

  • Made usability improvements for external validators in our testnet.

Friday December 20

  • We released v0.1.2 of Zoe which went through a major internal refactoring. We have several PRs in flight that will become v0.2.0 of Zoe, which will have breaking changes.

  • We’ve added the first validator to our testnet.

  • We’ve made some releases to the agoric-sdk repository: @agoric/eventual-send 0.5.0, @agoric/default-evalute-options 0.3.0, @agoric/evaluate 2.2.0, @agoric/marshal 0.1.2, and @agoric/captp 1.2.0.

Friday December 13

  • The new SES monorepo is in beta, public. It integrates all current SES assets, including harden, it’s also using lerna and a simple dependency manager (there is no need to use lerna bootstrap).

  • We’re getting a “playground” up for Zoe - a repo that just imports the ERTP and Zoe packages and gives people the example contracts with tape or jest and placeholders for where they should put their custom logic. Think “myFirstDapp” but just the “myFirstSmartContract” on Zoe part.

Friday December 6

  • We’ve moved ERTP into the monorepo, Zoe is now its own npm package at “@agoric/zoe”.

  • Testnet is now being updated from the agoric-sdk monorepo.

Friday November 22

  • We’re working on changing Zoe such that users always use an invite to join a contract when they escrow with Zoe. This simplifies the user flow and gets rid of an older concept, “escrowReceipts”.

  • Completed a test runner for JavaScript modules. It uses the official EcmaScript specifications tests. At the moment, 35% of the tests are enabled and passing in our experimental module rewriter and importer.

Friday November 8

  • Agoric Dev Tools can be found here.

  • Added the pre-alpha Autoswap backend to the testnet.

  • Learn about the winners’ projects built using Agoric stack during the DeFi Hackathon.

Friday November 1

Friday October 25

  • We’re preparing the pre-alpha version of Zoe for SF Blockchain Week. Zoe now includes six default smart contracts: automaticRefund, used for testing and tutorials, which just gives the user their digital assets back, autoswap, a Uniswap implementation, coveredCall which involves an invite to make an offer that can act as an option, publicAuction which is a second-price auction, publicSwap which has the same swap logic as the coveredCall contract, but which doesn’t use invites, and simpleExchange which is a naive decentralized exchange.

  • Security bug blog post was released by our engineering team. Our development efforts are shifting to the evaluator-shim at the moment.

  • We’re preparing for the DeFi Hackathon, check our documentation here if you’re coming to build on our stack.

Friday October 18

Friday October 11

  • MetaMask demoed two amazing new projects, both of which use Agoric’s Secure ECMAScript (SES): LavaMoat, which protects against malicious JavaScript dependencies, and MetaMask Snaps, a plugin system for MetaMask. Users such as Starkware were able to easily build their own plugin running securely under SES.

  • Kate spoke on whether blockchains can provide rule of law at Devcon5 in Osaka as part of the Governance Track with over 10 speakers from various blockchain projects.

  • We’ve released @agoric/swingset-vat-0.0.27, with new state management API and fixing an infinite loop in promise chaining.

Friday October 4

Friday September 27

Friday September 20

Friday September 13

Monday September 9

  • On our testnet, we enabled “mutable globals” and “sloppyGlobals” in the gallery demo. This allows direct assignment to unreferenced global variables such as “myvar = 123” assigning to the global “myvar”.

  • We made a number of updates to SES, including fixing the “override mistake.” In the “override mistake,” any instance that tries to shadow a prototype definition (i.e. override it) will fail if the prototype is frozen. For instance, if Object.prototype is frozen, trying to set myObject.toString will fail. For security purposes, we want to be able to freeze the JavaScript prototypes, so this was a necessary fix for usability.

Friday August 30

  • Agoric and the Cosmos team started the review of IBC specification (release candidate 2). (PDF, comments)

  • MetaMask executed their first test transaction that uses our secure runtime for JavaScript, SES, to secure their JavaScript dependencies.

Friday August 23

  • The beginnings of a publically-accessible testnet dashboard are now available.

  • Our Testnet logs are now being stored in bulk, and we’re working on making it more available as well as improving it to make it part of a block explorer.

  • On ERTP, we’ve made it even easier to configure a custom Mint by extracting the custom logic for adding and subtracting balances. We’re calling this custom logic a Strategy, and it works for both fungible and non-fungible tokens.

Friday August 16

Friday August 9

  • We upgraded our private testnet with new performance enhancements, making persistence much more efficient.

  • We created a reusable abstraction for revocable property rights for our pixel demo, where users are able to buy, sell, and color pixels on a website on our private testnet. We wanted to represent owner, tenant, and subtenant relationships for owning a pixel. In this world, “ownership” means having the ability to give other people the right to color the pixel. This access can be revoked by anyone “higher up” in the hierarchy, so tenants can kick out subtenants, owners can kick out tenants, etc. This pattern of separating use from ownership shows up again and again in property rights of various sorts, so we expect it to be helpful going forward.

Friday August 2

  • We built a parser from our existing Javascript PEG (Parsing Expression Grammar) library, and verified that the Assay, Issuer, and Contract Host Chainmail IDL produced legitimate ASTs. The IDL is based on Cap’n Proto and we plan to use the ASTs for things such as enforcing types at the CapTP level,for TypeScript style type checking, for generating documentation, or for generating stubs for calling from other languages.

  • We’ve made revisions to how users can check the terms of a contract, and refactored our makeMint function to be more readable.

  • We released new versions of SwingSet and cosmic-swingset.

Friday July 26

  • We hosted a very successful token design workshop last weekend. A big thanks to all of the guests willing to share their knowledge.

  • We analyzed performance issues on our testnet and came up with some concrete solutions.

  • We designed and documented a new SwingSet kernel API.

  • Mark, Dean, and Aaron Davis (kumavis) from Metamask presented at TC39 (the JavaScript standards committee) on SES, sesify, and “infix bang”, i.e., distributed object programming in js with promise pipelining.

Friday July 12

Friday June 28

  • We began work on an experimental Rust port of our Node.js-based “SwingSet” vat-execution platform, to refine the API and interface types used at the vat/kernel boundary.

  • Kate spoke at QCon New York on using SES and Realms to make ‘npm install’ safe (article here). Many of the solutions to attacks like the event-stream incident have focused on the open source developer community, but SES and Realms focus on eliminating the unnecessary authority (like access to the file system and access to the network) that were required for the attack.

Friday June 21

  • We are excited to announce Agoric’s partnership with Cosmos and Cosmos’ Interchain Foundation. Agoric and Cosmos are jointly creating the IBC (Inter­Blockchain Communication) protocol. IBC will provide true interoperability across multiple blockchains, and expand the market available to millions of current and future smart contracts developers worldwide.

  • Dean spoke at Zcon1 (video here) with an update on what we’ve accomplished since last year’s Zcon0, including the creation of a secure runtime for JavaScript (SES), a running end-to-end Cosmos-based testnet, the Cosmos IBC collaboration, and further work on our smart contract framework and components.

Friday June 14

  • We had a blast working with Cosmos this week in Berlin at the Interchain Conversations conference and their hackathon. Two Agoric-related entries won at the hackathon:

    • Aaron Davis (kumavis) of MetaMask has created a plugin for browserify using Agoric’s SES that reduces the risk of using third-party packages. At the hackathon, he additionally built a visualizer for JavaScript package dependencies that colors each module node based on the level of security exposure.

    • We demoed our integration with Cosmos, running “Swingset” on a cosmos chain. In order to show our full stack, we built a simple pixel marketplace (think Million Dollar Homepage or Reddit’s /r/Place) that uses our Electronic Rights Protocol and provides the ability to color, buy, and sell pixels as well as create further abstractions.

Friday June 7

  • The team has been hard at work getting the Swingset demo ready for Berlin.

Friday May 31

  • We’ve been continuing progress towards our upcoming initial testnet, including new releases of our Swingset environment. The new features include a different way of handling the state of our “nanokernel”, merging Mark’s higher order contracts onto trunk, and adding new devices to enable interaction with HTTP requests.

  • We’ll be joining Cosmos in Berlin next week at their Interchain Conversations unconference and their HackAtom hackathon. Mark will be participating in the Interoperability panel and Brian and Dean will be presenting on our integration with Cosmos. Hope to see you there

Friday May 24

  • This week Mark successfully implemented a particular example of higher order contracts. “Higher order” contracts allow you to effectively tokenize positions in contracts. In this particular scenario, Bob writes a covered call giving Alice the option to buy Bob’s stock shares. Alice makes a new escrow agent that allows her to trade this seat at the table to Fred, and Fred is able to verify that these are the rights he is interested in. The escrow agent code is able to treat the “seat at the table” as if it were a straightforward token, allowing us to use these “higher order” tokens in any smart contract component that accepts tokens.

Friday May 17

  • Our team grew! We’d like to welcome four new hires: Michael Fig, Chris Hibbert, Tatyana Roberts, and Paul Walton. They will be contributing in engineering, operations, and business development.

  • We’ve been hard at work on our testnet, building on our “SwingSet” environment.

Friday May 10

  • We’re very pleased to announce that we’ve secured $4 million in new funding from Ripple’s Xpring, gumi Cryptos Capital, Kilowatt Capital, MetaStable Capital, Outlier Ventures, Lemniscap, Rockaway Blockchain and the Interchain Foundation, as well as additional funding from the Electric Coin Company (sometimes referred to as the Zcash Company, the for-profit institution behind the privacy-focused cryptocurrency zcash), Naval Ravikant and Polychain.

  • Dean gave an impassioned speech on smart contracts at the Blockchain in Transport Alliance (BiTA) Spring Symposium. Dean explained that the ultimate vision for smart contracts is to bring the entire economy of the world online. “The diverse, vibrant world economy”, he said, “needs high integrity computation, a security model that works for software components, broad scope and interoperability with other chains.”

Friday May 3

  • On our Electronic Rights Transfer Protocol (ERTP) branch, Mark has made some major advances. We’ve split our purse abstraction into ‘purses’ and ‘payments,’ where payments represent digital assets in transit, with the transfer rights locked up. We’ve also added a way to generalize kinds of digital assets (fungible, non-fungible) and valid operations on them. Lastly, our contracts now have a flexible API for representing a particular position in an ongoing smart contract, which can itself be bought and sold. Someone who buys a position in a smart contract can verify with the contract host to see what they would be joining.

  • We implemented a new device model for their “SwingSet” environment, in which external functions are made available as capability-oriented “device nodes”, allowing them to be shared between vats and managed just like normal objects. This will support inter-machine and inter-chain communication links in the next few weeks.

  • We’ve added a “Comms” vat to our SwingSet environment, which is responsible for sending and receiving messages from external machines and translating and relaying them to other vats on the same machine.

Friday April 26

Friday April 19

  • At our SES meeting this week (recording here), we reviewed the proposed minimal translation from modules to evaluable scripts (a step towards being able to use SES with JavaScript packages), and got agreement from key stakeholders, including John-David Dalton, creator of the lodash and esm packages, who has joined the Salesforce team working with SES.

  • We released @agoric/make-hardener-0.0.6 to NPM, a library to make defensible API surfaces by transitively freezing JavaScript objects in-place.

  • We’ve continued work on the “SwingSet” environment, which contains a JS “exo-kernel” and messaging/execution framework inspired by the KeyKOS operating system, extended with asynchronous messaging.

Friday April 12

  • We merged in a number of small pull requests this week and have been working on better tutorials for our “SwingSet” vat platform for testing out smart contracts. Some of the pull requests included:
    • Using the realms-shim repo in SES rather than the TC39 Realms proposal specification repo.
    • Deleting a property called “domain” that the Node.js REPL adds to promises. When SES tries to harden (deep freeze) all of the objects provided by Node.js, it notices that it didn’t expect the “domain” property and purposefully errors to avoid a potential vulnerability.

Friday April 5

  • Agoric released version 0.5.0 of SES, “Secure ECMAScript”, a library for safely executing and interacting with potentially-hostile JavaScript code. This release improves bundling for use in web browser contexts (UMD), Node.js environments (CommonJS), and as ES6 Module imports. It also fixes incompatibilities with Chrome-73 and Browserify.

Friday March 29

  • Agoric’s “SwingSet” vat platform now supports evaluation of contract code outside of SES, providing a fallback for use in typical standard JS development tools, to preserve line numbers and stack traces.
  • The shim which implements the proposed Javascript “Realms” API is being moved out of the TC39 proposal repository into a dedicated repository. The TC39 repo will continue to host the specification text itself.

Friday March 22

  • Mark wrote the draft specification for a standalone SES engine. Rather than taking an existing JavaScript engine and creating a SES runtime within it, this would be SES compliant from the beginning, meaning that many of the problematic and non-deterministic parts of JavaScript just wouldn’t exist in the first place.

  • Agoric’s new “SwingSet” vat implementation is now feature complete and passes all tests, including the ERTP contract host examples (Mint, Purse, ContractHost, and Escrow Agent).

Friday March 15

Friday March 8

Friday March 1

  • Mark Miller gave a presentation to TC53, the standards committee for JavaScript applications on wearable devices/IoT, on SES and Jessie. Peter Hoddie of Moddable described it as an “amazing talk about a future where JavaScript code from multiple parties securely co-exists, where program logic is exchanged as easily as JSON data, and standard JavaScript works even better on constrained devices.”
  • Metamask presented their browserify plugin, sesify, at our weekly meeting on SES. Recording here.
  • We’ve been working on making our utility libraries usable as CommonJS modules, ES6 modules, and UMD files, so that they can easily be used in Node.js, the browser, and bundlers.

Friday Feb 22

  • We released a new version of the “SES” Secure EcmaScript library (0.4.0). This version adds a limited form of require() to the confined code, allowing it to perform a few specific module imports, fully controlled by the enclosing realm.
  • We also released new utility libraries (@agoric/nat, @agoric/make-hardener, and @agoric/harden), which used to be part of SES. By splitting these out into external modules, application code which uses them can be unit-tested either inside or outside of a SES environment. “Harden” performs a deep Object.freeze, to protect an API object from external tampering, facilitating safe interaction between mutually suspicious code.

Friday Feb 15

  • We’ve moved a couple of libraries out of SES so that they can be used outside of a SES environment.
  • One of them is Nat. Nat() can be used to check that a value is a safe integer and should be used on things like account balances and any kind of manipulation of value represented in JavaScript numbers.
  • Another library is makeHardener, which creates a function (harden) that performs a full “deep freeze” on JavaScript objects. More information on why you might want to “harden” an object here.

Friday Feb 8

  • SES-0.3.0 is released and up on npm. This release improves security and functionality and fixes all known confinement leaks. It also improves usability by allowing the user to turn on console.log and display uncaught exceptions.

  • This week we had a lot of great activity on ocapjs.org, the community forum for discussing object capabilities in JavaScript.

Friday Feb 1

Friday Jan 25

  • Mark Miller will be speaking at the Stanford Blockchain Conference on Agoric’s smart contract platform, including eventual-sends. Eventual-sends provide a solution to the reentrancy vulnerabilities that have been plaguing smart contracts.

  • Bill and Kate had a blast connecting with the larger JavaScript world at the ForwardJS Conference in San Francisco

  • We made good progress on one of the remaining security bugs for SES.

Friday Jan 18

  • This week was all about SES. In SES, you can run code in a featherweight compartment that has no access to things like window or document, keeping the data on your page safe from exfiltration. SES also can keep third party code from accessing other third party code, making it perfect for a plugin or module architecture. This week we:

  • Released 0.2.0 on npm

  • fixed a confinement bypass found by Matt Austin which enabled access to Date.now() and other forms of unsanctioned nondeterminism

  • fixed a security failure in the confined Function constructor, also found by Matt Austin

  • improved confinement of RegExp and platform-specific debugging functions

  • added options to control access to Math.random() and i18n nondeterminism

  • Also, we wanted to highlight an awesome MetaMask project that is in process. Sesify applies SES to browserify, keeping your code safe from the modules you might want to import.

Friday Jan 11

  • We’re doing a major overhaul of our planning document for Safe JavaScript Modules, adding a concrete example throughout the document.  It’s a great overview of how Realms and SES can load modules securely, and actually prevent incidents like the event-stream exploit. Feel free to check it out and add comments. We’re also discussing it on ocapjs.org.

  • This week we got the first version of our security kernel running on the XS JavaScript engine. This is huge because it means that the features of JavaScript that our security kernel and smart contract platform rely on are implemented in XS.

Friday Jan 4

  • Happy New Year! This week we worked with RMIT to release a medium post by economists Chris Berg, Sinclair Davidson, Jason Potts and our very own Bill Tulloh. It’s on “nanoeconomics,” meaning a layer below microeconomics, including a market in computational resources. This builds on the concepts in the original Agoric papers by Mark S. Miller and K. Eric Drexler.

  • We’ve just launched a new site for discussing object capabilities in JavaScript at Ocapjs.org. We were noticing a lot of people were exploring solutions for safe module loading, and we wanted a place to be able to discuss it. Feel free to join the discussion!

  • We wanted to give a shoutout to two members of the community:

  • Michael Fig has started to build an amazing tool called Jessica, which is a Jessie (one of our subsets of JavaScript) runtime environment created using only Jessie modules, containing also translators from Jessie to other languages.

  • Bradley Farias has done a significant amount of work on a tool that analyzes the use of authority in JavaScript packages. He says that the tool will include “listing all potential resource authority usages. This is the full set of all free variables and dependencies a resource can obtain directly.”

Friday Dec 21

  • We got the XS JavaScript engine compiled to WASM and got “hello world” running on XS on WASM on Node.js. This is super exciting because it’s the first step to run our smart contracts on chains that support WASM.

  • Our least authority module system for JavaScript now has a planning document that is in progress. It’s a great overview of how Realms and SES can load modules securely. Feel free to check it out and add comments. We will be making some major changes in the near future to the later sections of the document.

Friday Dec 14

  • This week, we continued work on the least authority module system for JavaScript with partners from academia and industry.

  • We also continued work on compiling XS (Moddable’s JavaScript engine) into WASM for use with the Substrate runtime system.

  • We updated our eslint config package for Jessie (our subset of JavaScript for smart contracts) to include better error messages and tests. We also built a testing utility for eslint configs that can be used separately.

Friday Dec 7

  • We are working with the Moddable team to retarget their XS JavaScript engine to WASM. We can use this tiny and reliable embedded JS engine for smart contracts!

  • We are working with partners at Salesforce, Node.js, Carnegie Mellon, and others to design a module system for JavaScript that enables bringing in third party code safely.

Friday Nov 30

  • We published a piece on the recent npm package event-stream incident. At Agoric, we think that the incident was entirely preventable - if you enforce the principle of least authority (POLA), which says that code should be granted only the authority it needs and no more. Read about how enforcing POLA would change Node.js and prevent these kinds of attacks here.

  • TC39, the JavaScript Standards committee, had their November meeting, which Mark Miller of Agoric presented at.

  • Given the recent event-stream exploit, Mark presented on a module system that would have granted modules least authority and would have prevented the exploit.

  • Mark presented on Jessie, our secure subset of JavaScript for smart contracts

  • Mark and Alan Schmitt of JSCert planned how to proceed towards a mechanized formalization of Jessie.

  • Dean and Mark and Till Schneidereit of Mozilla refined the weak references API.

Friday Nov 16

  • We’ve added updated versions of the Agoric Open Systems papers to the website, including pdfs and the full text of each of the three papers! These papers are listed as part of Andreessen Horowitz’s Crypto Canon, so we’re glad to get them updated.

  • We’re continuing to make progress on hardening our proof of concept, exploring use cases and talking with entrepreneurs looking to write smart contracts, and building developer tools.

Friday Nov 9

Friday Nov 2

  • Our Chief Scientist, Mark Miller, is the co-author on a new paper, “Abstract and Concrete Data Types vs Object Capabilities.” The paper explores how abstract data types can be implemented in an object-capability language. A number of the examples in the paper involve the exchange of digital assets. Download here.

  • We’ve released an eslint package for Jessie, a Turing complete minimal subset of JavaScript designed for smart contract programming. Jessie is designed to yield small programs that are easy to review both formally and informally, enabling programmers to write non-trivial, non-exploitable smart contracts.

  • We are making steady progress on integrating with Parity Substrate.

Friday Oct 26

  • Our in-house economist, Bill Tulloh, will be presenting at Research and Practice on Blockchain October 27th, on “A Principal-Agent Approach to Securing Smart Contracts.”

  • Mark Miller and Bill Tulloh are organizing this year’s OCAP Workshop during SPLASH in Boston on November 6th. The workshop is designed to explore the latest developments in the theory and practice of the object-capability approach, and provide a forum for knowledge exchange and collaboration.

Friday Oct 19

  • We made progress towards parachain design, specifically in terms of serializing our JavaScript contract objects as merklized data structures.

  • Dean will be speaking on “The Duality of Smart Contracts and Electronic Rights” at the Web3 Summit on Tuesday October 23rd at 14:15.

  • Our in-house economist, Bill Tulloh, will be presenting at Research and Practice on Blockchain October 27th, on “A Principal-Agent Approach to Securing Smart Contracts.” You can see more upcoming events on our events page.

Friday Oct 12

  • We had a blast meeting everyone during SFBW. Mark Miller has uploaded a recording of his talk about secure smart contracts to the SF Cryptocurrency Devs which can be listened to here. Video coming soon!

Friday Oct 5

  • Mark has been writing smart contracts using our proof of concept. We are particularly excited about the covered call option contract, which demonstrates the ability of our smart contract framework to allow access to contracts to be traded as easily as native tokens. This ability to derive new rights from positions in contracts and use them in other contracts will be necessary for a vibrant crypto-economy. The code is still a work in progress, but feel free to take a look!

  • We have two events during SF Blockchain Week: Dean is talking about Authority in Smart Contracts at SFBW Epicenter on October 8th at 2:20pm and Mark is presenting on the Agoric platform and framework on October 10th at 7pm. For more information, see our events page. Hope to see you there!

Friday Sept 28

  • We sent out our first newsletter this week! Sign up here to get on our email list.

  • We have a number of events coming up during SF Blockchain Week:

  • Dean is giving a talk on “Authority in Smart Contracts” at the Titans of Tech stage at SFBW Epicenter on October 8th at 2:20pm

  • Mark is speaking about the Agoric approach to smart contracts at the SF Cryptocurrency Devs Meetup October 10th at 7pm. There are only 8 spots left, so RSVP today!

Friday Sept 21

Friday Sept 14

  • We continued to improve our proof-of-concept, and hope to release it to the public next week.

  • To let people know where we’ll be headed and where we will be speaking, we’ve created a new upcoming events page on our website. Check back after events for links to recordings and slides!

  • As part of SF Blockchain week, we will be doing an overview of the Agoric platform and approach to smart contracts at the SF Cryptocurrency Devs meetup on October 10th at 7pm in San Francisco. Additionally, Dean will be giving a talk during Epicenter (Oct 8th 2:20PM - 2:45PM) on “Authority in Smart Contracts” and the problems of identity-based access control in smart contracts.

Friday Sept 7

  • The first proof-of-concept implementation of our smart contract execution engine (the “Vat”) is now feature-complete. It exercises secure libp2p-based messaging between both solo and quorum (replicated) Vats, durable state checkpointing via deterministic replay of inbound messages, small-scale distributed consensus about message delivery order, and downstream enforcement of the consensus rules for messages emitted by quorum Vats.

  • Based on a previous conversation between Mark Miller and the Node Security Workgroup, Bradley Meck has put together a draft document that “proposes a way to introduce a set of features to Node.js in order to achieve a reasonable security model based upon the Object-Capability Model and verification of resources loaded by Node.js”

Friday Sept 2

  • We’ve been working hard on the end-to-end proof of concept. In addition to porting over all of the contracts from Distributed Electronic Rights In Javascript, the proof of concept includes communication between “vats”, a term that comes from the influential programming language E and refers to separate computational subworlds that can proceed forward simultaneously. More on this to come.

  • If you’re attending ETHBerlin or live in the area, be on the lookout for Kate and Dean this upcoming week. You can reach them on Twitter

Fri Aug 24

  • Mark gave a talk to the Node.js Security Workgroup about SES (Secure ECMAScript, the secure subset of JavaScript) and the membrane programming pattern.

  • Agoric released a new version of SES. SES-0.1.3 adds utility functions and fixes an accidental vulnerability in the web-based demonstration code.

Fri Aug 17

Fri Aug 10

Fri Aug 3

Fri Jul 27

  • We announced the release of SES, a secure subset of JavaScript. SES enables untrusted JavaScript programs to execute in the same environment safely.

  • To showcase SES’s ability, we’ve released a SES Challenge. A random code is generated, and we invite you to put SES to the test with various attacks and guess the code! Any security-sensitive issues can be reported using our vulnerability disclosure process.

  • At the TC39 meeting, Mark Miller of Agoric presented on the results of the Realms shim security review. Realms is a standards track proposal for JavaScript that SES builds on.

  • Brian Warner of Agoric will be speaking at the Decentralized Web Summit. Hope to see you there!

Fri Jul 20

  • Set a goal of 100% code coverage of the Realms shim code.

  • Passed 90% coverage of the Realms shim code.

Fri Jul 13

  • Announced that Agoric has officially joined TC39, the JavaScript standards working group.

  • Filed all issues from the Realms shim security review for reconciliation with the proposed specification.

Fri Jul 6

  • Worked with Salesforce to do a careful line-by-line security review and revision of the Realms shim, which is our security kernel in modern JavaScript.

  • Led a workshop on secure smart contracts and object capabilities at Zcon0