Split check from load so check can be called under execution aswell

.gitignore

@@ -4,3 +4,7 @@ service-configs/*
 __pycache__
 *.pyc
 *.o
+gmon.out
+*.egg-info
+dist/
+build/

apps/cic-cache/docker/start_tracker.sh

@@ -2,4 +2,9 @@
 
 . ./db.sh
 
+if [ $? -ne "0" ]; then
+	>&2 echo db migrate fail
+	exit 1
+fi
+
 /usr/local/bin/cic-cache-trackerd $@

apps/cic-eth/cic_eth/k8s/db.py

@@ -0,0 +1,7 @@
+from cic_eth.db.models.base import SessionBase
+
+def health(*args, **kwargs):
+    session = SessionBase.create_session()
+    session.execute('SELECT count(*) from alembic_version')
+    session.close()
+    return True

apps/cic-eth/cic_eth/runnable/daemons/tasker.py

@@ -15,6 +15,7 @@ from chainlib.connection import RPCConnection
 from chainlib.eth.connection import EthUnixSignerConnection
 from chainlib.chain import ChainSpec
 from chainqueue.db.models.otx import Otx
+import liveness.linux
 
 # local imports
 from cic_eth.eth import (
@@ -52,6 +53,7 @@ from cic_eth.registry import (
         connect_token_registry,
         )
 
+
 logging.basicConfig(level=logging.WARNING)
 logg = logging.getLogger()
 
@@ -90,14 +92,15 @@ config.censor('PASSWORD', 'DATABASE')
 config.censor('PASSWORD', 'SSL')
 logg.debug('config loaded from {}:\n{}'.format(args.c, config))
 
+health_modules = config.get('CIC_HEALTH_MODULES', [])
+if len(health_modules) != 0:
+    health_modules = health_modules.split(',')
+logg.debug('health mods {}'.format(health_modules))
+
 # connect to database
 dsn = dsn_from_config(config)
 SessionBase.connect(dsn, pool_size=int(config.get('DATABASE_POOL_SIZE')), debug=config.true('DATABASE_DEBUG'))
 
-# verify database connection with minimal sanity query
-session = SessionBase.create_session()
-session.execute('select version_num from alembic_version')
-session.close()
 
 # set up celery
 current_app = celery.Celery(__name__)
@@ -139,6 +142,7 @@ RPCConnection.register_location(config.get('SIGNER_SOCKET_PATH'), chain_spec, 's
 
 Otx.tracing = config.true('TASKS_TRACE_QUEUE_STATUS')
 
+liveness.linux.load(health_modules)
 
 def main():
     argv = ['worker']
@@ -173,8 +177,10 @@ def main():
         logg.info('using trusted address {}'.format(address))
     connect_declarator(rpc, chain_spec, trusted_addresses)
     connect_token_registry(rpc, chain_spec)
-    
+   
+    liveness.linux.set()
     current_app.worker_main(argv)
+    liveness.linux.reset()
 
 
 @celery.signals.eventlet_pool_postshutdown.connect

apps/cic-eth/config/cic.ini

@@ -3,3 +3,4 @@ registry_address =
 chain_spec = evm:bloxberg:8996
 tx_retry_delay = 
 trust_address =
+health_modules = cic_eth.k8s.db

apps/cic-eth/docker/Dockerfile

@@ -53,3 +53,5 @@ COPY cic-eth/crypto_dev_signer_config/ /usr/local/etc/crypto-dev-signer/
 RUN git clone https://gitlab.com/grassrootseconomics/cic-contracts.git && \
 	mkdir -p /usr/local/share/cic/solidity && \
 	cp -R cic-contracts/abis /usr/local/share/cic/solidity/abi
+
+COPY util/liveness/health.sh /usr/local/bin/health.sh

apps/cic-eth/requirements.txt

@@ -1,4 +1,4 @@
-cic-base~=0.1.2a76
+cic-base==0.1.2a79+build.35e442bc
 celery==4.4.7
 crypto-dev-signer~=0.4.14b2
 confini~=0.3.6rc3

apps/cic-eth/setup.cfg

@@ -38,6 +38,7 @@ packages =
 	cic_eth.runnable.daemons.filters
 	cic_eth.callbacks
 	cic_eth.sync
+	cic_eth.k8s
 scripts =
 	./scripts/migrate.py
 

apps/cic-meta/.gitignore

@@ -3,3 +3,4 @@ dist
 dist-web
 dist-server
 scratch
+tests

apps/cic-meta/package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "cic-client-meta",
-	"version": "0.0.7-alpha.7",
+	"version": "0.0.7-alpha.2",
 	"lockfileVersion": 1,
 	"requires": true,
 	"dependencies": {
@@ -852,75 +852,6 @@
 				"printj": "~1.1.0"
 			}
 		},
-		"crdt-meta": {
-			"version": "0.0.8",
-			"resolved": "https://registry.npmjs.org/crdt-meta/-/crdt-meta-0.0.8.tgz",
-			"integrity": "sha512-CS0sS0L2QWthz7vmu6vzl3p4kcpJ+IKILBJ4tbgN4A3iNG8wnBeuDIv/z3KFFQjcfuP4QAh6E9LywKUTxtDc3g==",
-			"requires": {
-				"automerge": "^0.14.2",
-				"ini": "^1.3.8",
-				"openpgp": "^4.10.8",
-				"pg": "^8.5.1",
-				"sqlite3": "^5.0.2"
-			},
-			"dependencies": {
-				"automerge": {
-					"version": "0.14.2",
-					"resolved": "https://registry.npmjs.org/automerge/-/automerge-0.14.2.tgz",
-					"integrity": "sha512-shiwuJHCbNRI23WZyIECLV4Ovf3WiAFJ7P9BH4l5gON1In/UUbjcSJKRygtIirObw2UQumeYxp3F2XBdSvQHnA==",
-					"requires": {
-						"immutable": "^3.8.2",
-						"transit-immutable-js": "^0.7.0",
-						"transit-js": "^0.8.861",
-						"uuid": "^3.4.0"
-					}
-				},
-				"node-addon-api": {
-					"version": "3.1.0",
-					"resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-3.1.0.tgz",
-					"integrity": "sha512-flmrDNB06LIl5lywUz7YlNGZH/5p0M7W28k8hzd9Lshtdh1wshD2Y+U4h9LD6KObOy1f+fEVdgprPrEymjM5uw=="
-				},
-				"pg": {
-					"version": "8.6.0",
-					"resolved": "https://registry.npmjs.org/pg/-/pg-8.6.0.tgz",
-					"integrity": "sha512-qNS9u61lqljTDFvmk/N66EeGq3n6Ujzj0FFyNMGQr6XuEv4tgNTXvJQTfJdcvGit5p5/DWPu+wj920hAJFI+QQ==",
-					"requires": {
-						"buffer-writer": "2.0.0",
-						"packet-reader": "1.0.0",
-						"pg-connection-string": "^2.5.0",
-						"pg-pool": "^3.3.0",
-						"pg-protocol": "^1.5.0",
-						"pg-types": "^2.1.0",
-						"pgpass": "1.x"
-					}
-				},
-				"pg-connection-string": {
-					"version": "2.5.0",
-					"resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.5.0.tgz",
-					"integrity": "sha512-r5o/V/ORTA6TmUnyWZR9nCj1klXCO2CEKNRlVuJptZe85QuhFayC7WeMic7ndayT5IRIR0S0xFxFi2ousartlQ=="
-				},
-				"pg-pool": {
-					"version": "3.3.0",
-					"resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.3.0.tgz",
-					"integrity": "sha512-0O5huCql8/D6PIRFAlmccjphLYWC+JIzvUhSzXSpGaf+tjTZc4nn+Lr7mLXBbFJfvwbP0ywDv73EiaBsxn7zdg=="
-				},
-				"pg-protocol": {
-					"version": "1.5.0",
-					"resolved": "https://registry.npmjs.org/pg-protocol/-/pg-protocol-1.5.0.tgz",
-					"integrity": "sha512-muRttij7H8TqRNu/DxrAJQITO4Ac7RmX3Klyr/9mJEOBeIpgnF8f9jAfRz5d3XwQZl5qBjF9gLsUtMPJE0vezQ=="
-				},
-				"sqlite3": {
-					"version": "5.0.2",
-					"resolved": "https://registry.npmjs.org/sqlite3/-/sqlite3-5.0.2.tgz",
-					"integrity": "sha512-1SdTNo+BVU211Xj1csWa8lV6KM0CtucDwRyA0VHl91wEH1Mgh7RxUpI4rVvG7OhHrzCSGaVyW5g8vKvlrk9DJA==",
-					"requires": {
-						"node-addon-api": "^3.0.0",
-						"node-gyp": "3.x",
-						"node-pre-gyp": "^0.11.0"
-					}
-				}
-			}
-		},
 		"create-hash": {
 			"version": "1.2.0",
 			"resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
@@ -1035,17 +966,17 @@
 			"dev": true
 		},
 		"elliptic": {
-			"version": "6.5.4",
-			"resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz",
-			"integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==",
+			"version": "6.5.3",
+			"resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz",
+			"integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==",
 			"requires": {
-				"bn.js": "^4.11.9",
-				"brorand": "^1.1.0",
+				"bn.js": "^4.4.0",
+				"brorand": "^1.0.1",
 				"hash.js": "^1.0.0",
-				"hmac-drbg": "^1.0.1",
-				"inherits": "^2.0.4",
-				"minimalistic-assert": "^1.0.1",
-				"minimalistic-crypto-utils": "^1.0.1"
+				"hmac-drbg": "^1.0.0",
+				"inherits": "^2.0.1",
+				"minimalistic-assert": "^1.0.0",
+				"minimalistic-crypto-utils": "^1.0.0"
 			}
 		},
 		"emoji-regex": {
@@ -1558,9 +1489,9 @@
 			"integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
 		},
 		"ini": {
-			"version": "1.3.8",
-			"resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz",
-			"integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew=="
+			"version": "1.3.5",
+			"resolved": "https://registry.npmjs.org/ini/-/ini-1.3.5.tgz",
+			"integrity": "sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw=="
 		},
 		"interpret": {
 			"version": "2.2.0",
@@ -2026,9 +1957,9 @@
 					}
 				},
 				"y18n": {
-					"version": "4.0.3",
-					"resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz",
-					"integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==",
+					"version": "4.0.0",
+					"resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz",
+					"integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==",
 					"dev": true
 				},
 				"yargs": {

apps/cic-meta/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "cic-client-meta",
-	"version": "0.0.7-alpha.8",
+	"version": "0.0.7-alpha.6",
 	"description": "Signed CRDT metadata graphs for the CIC network",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",
@@ -15,9 +15,8 @@
 	"dependencies": {
 		"@ethereumjs/tx": "^3.0.0-beta.1",
 		"automerge": "^0.14.1",
-		"crdt-meta": "0.0.8",
 		"ethereumjs-wallet": "^1.0.1",
-		"ini": "^1.3.8",
+		"ini": "^1.3.5",
 		"openpgp": "^4.10.8",
 		"pg": "^8.4.2",
 		"sqlite3": "^5.0.0",
@@ -41,6 +40,6 @@
 	],
 	"license": "GPL-3.0-or-later",
 	"engines": {
-		"node": ">=14.16.1"
+		"node": "~14.16.1"
 	}
 }

apps/cic-meta/scripts/dumpconfig.js

@@ -1,4 +1,4 @@
-import { Config } from 'crdt-meta';
+const config = require('./src/config');
 const fs = require('fs');
 
 if (process.argv[2] === undefined) {
@@ -15,6 +15,6 @@ try {
 	process.exit(1);
 }
 
-const c = new Config(process.argv[2], process.env['CONFINI_ENV_PREFIX']);
+const c = new config.Config(process.argv[2], process.env['CONFINI_ENV_PREFIX']);
 c.process();
 process.stdout.write(c.toString());

apps/cic-meta/scripts/server/handlers.ts

@@ -1,7 +1,8 @@
 import * as Automerge from 'automerge';
 import * as pgp from 'openpgp';
+import * as pg from 'pg';
 
-import { Envelope, Syncable } from 'crdt-meta';
+import { Envelope, Syncable } from '../../src/sync';
 
 
 function handleNoMergeGet(db, digest, keystore) {

apps/cic-meta/scripts/server/server.ts

@@ -1,11 +1,15 @@
 import * as http from 'http';
 import * as fs from 'fs';
 import * as path from 'path';
+import * as pgp from 'openpgp';
 
 import * as handlers from './handlers';
-import { PGPKeyStore, PGPSigner, Config, SqliteAdapter, PostgresAdapter } from 'crdt-meta';
+import { Envelope, Syncable } from '../../src/sync';
+import { PGPKeyStore, PGPSigner } from '../../src/auth';
 
 import { standardArgs } from './args';
+import { Config } from '../../src/config';
+import { SqliteAdapter, PostgresAdapter } from '../../src/db';
 
 let configPath = '/usr/local/etc/cic-meta';
 

apps/cic-meta/src/assets/phone.ts

@@ -1,4 +1,5 @@
-import { Syncable, Addressable, mergeKey } from 'crdt-meta';
+import { ArgPair, Syncable } from '../sync';
+import { Addressable, mergeKey } from '../digest';
 
 class Phone extends Syncable implements Addressable {
 

apps/cic-meta/src/assets/user.ts

@@ -1,4 +1,5 @@
-import { Syncable, Addressable, toAddressKey } from 'crdt-meta';
+import { ArgPair, Syncable } from '../sync';
+import { Addressable, addressToBytes, bytesToHex, toAddressKey } from '../digest';
 
 const keySalt = new TextEncoder().encode(':cic.person');
 class User extends Syncable implements Addressable {

apps/cic-meta/src/auth.ts

@@ -0,0 +1,191 @@
+import * as pgp from 'openpgp';
+import * as crypto from 'crypto';
+
+interface Signable {
+	digest():string;
+}
+
+type KeyGetter = () => any;
+
+type Signature = {
+	engine:string
+	algo:string
+	data:string
+	digest:string
+}
+
+interface Signer { 
+	prepare(Signable):boolean;
+	onsign(Signature):void;
+	onverify(boolean):void;
+	sign(digest:string):void
+	verify(digest:string, signature:Signature):void
+	fingerprint():string
+}
+
+interface Authoritative {
+}
+
+interface KeyStore {
+	getPrivateKey:		KeyGetter
+	getFingerprint:		() => string
+	getTrustedKeys: 	() => Array<any>
+	getTrustedActiveKeys: 	() => Array<any>
+	getEncryptKeys: 	() => Array<any>
+}
+
+class PGPKeyStore implements KeyStore {
+
+	fingerprint:	string
+	pk:		any
+
+	pubk = {
+		active: [],
+		trusted: [],
+		encrypt: [],
+	}
+	loads = 0x00;
+	loadsTarget = 0x0f;
+	onload: (k:KeyStore) => void;
+
+	constructor(passphrase:string, pkArmor:string, pubkActiveArmor:string, pubkTrustedArmor:string, pubkEncryptArmor:string, onload = (ks:KeyStore) => {}) {
+		this._readKey(pkArmor, undefined, 1, passphrase);
+		this._readKey(pubkActiveArmor, 'active', 2);
+		this._readKey(pubkTrustedArmor, 'trusted', 4);
+		this._readKey(pubkEncryptArmor, 'encrypt', 8);
+		this.onload = onload;
+	}
+
+	private _readKey(a:string, x:any, n:number, pass?:string) {
+		pgp.key.readArmored(a).then((k) => {
+			if (pass !== undefined) {
+				this.pk = k.keys[0];
+				this.pk.decrypt(pass).then(() => {
+					this.fingerprint = this.pk.getFingerprint();
+					console.log('private key (sign)', this.fingerprint);
+					this._registerLoad(n);
+				});
+			} else {
+				this.pubk[x] = k.keys;
+				k.keys.forEach((pubk) => {
+					console.log('public key (' + x + ')', pubk.getFingerprint());
+				});
+				this._registerLoad(n);
+			}
+		});
+	}
+
+	private _registerLoad(b:number) {
+		this.loads |= b;
+		if (this.loads == this.loadsTarget) {
+			this.onload(this);
+		}
+	}
+
+	public getTrustedKeys(): Array<any> {
+		return this.pubk['trusted'];
+	}
+
+	public getTrustedActiveKeys(): Array<any> {
+		return this.pubk['active'];
+
+	}
+
+	public getEncryptKeys(): Array<any> {
+		return this.pubk['encrypt'];
+
+	}
+
+	public getPrivateKey(): any {
+		return this.pk;
+	}
+
+	public getFingerprint(): string {
+		return this.fingerprint;
+	}
+}
+
+class PGPSigner implements Signer {
+
+	engine	= 'pgp'
+	algo	= 'sha256'
+	dgst:		string
+	signature:	Signature
+	keyStore:	KeyStore
+	onsign:		(Signature) => void
+	onverify:	(boolean) => void
+
+	constructor(keyStore:KeyStore) {
+		this.keyStore = keyStore
+		this.onsign = (string) => {};
+		this.onverify = (boolean) => {};
+	}
+
+	public fingerprint(): string {
+		return this.keyStore.getFingerprint();
+	}
+
+	public prepare(material:Signable):boolean {
+		this.dgst = material.digest();
+		return true;
+	}
+
+	public verify(digest:string, signature:Signature) {
+		pgp.signature.readArmored(signature.data).then((s) => {
+			const opts = {
+				message: pgp.cleartext.fromText(digest),
+				publicKeys: this.keyStore.getTrustedKeys(),
+				signature: s,
+			};
+			pgp.verify(opts).then((v) => {
+				let i = 0;
+				for (i = 0; i < v.signatures.length; i++) {
+					const s = v.signatures[i];
+					if (s.valid) {
+						this.onverify(s);
+						return;
+					}
+				}
+				console.error('checked ' + i + ' signature(s) but none valid');
+				this.onverify(false);
+			});
+		}).catch((e) => {
+			console.error(e);
+			this.onverify(false);
+		});
+	}
+
+	public sign(digest:string) {
+		const m = pgp.cleartext.fromText(digest);
+		const pk = this.keyStore.getPrivateKey();
+		const opts = {
+			message: m,
+			privateKeys: [pk],
+			detached: true,
+		}
+		pgp.sign(opts).then((s) => {
+			this.signature = {
+				engine: this.engine,
+				algo: this.algo,
+				data: s.signature,
+				// TODO: fix for browser later
+				digest: digest,
+			};
+			this.onsign(this.signature);
+		}).catch((e) => {
+			console.error(e);
+			this.onsign(undefined);
+		});
+	}
+}
+
+export {
+	Signature,
+	Authoritative,
+       	Signer,
+	KeyGetter,
+	Signable,
+	KeyStore,
+	PGPSigner,
+	PGPKeyStore,
+};

apps/cic-meta/src/config.ts

@@ -0,0 +1,71 @@
+import * as fs from 'fs';
+import * as ini from 'ini';
+import * as path from 'path';
+
+class Config {
+
+	filepath: 	string
+	store:		Object
+	censor:		Array<string>
+	require:	Array<string>
+	env_prefix:	string
+
+	constructor(filepath:string, env_prefix?:string) {
+		this.filepath = filepath;
+		this.store = {};
+		this.censor = [];
+		this.require = [];
+		this.env_prefix = '';
+		if (env_prefix !== undefined) {
+			this.env_prefix = env_prefix + "_";
+		}
+	}
+
+	public process() {
+		const d = fs.readdirSync(this.filepath);
+		
+		const r = /.*\.ini$/;
+		for (let i = 0; i < d.length; i++) {
+			const f = d[i];
+			if (!f.match(r)) {
+				return;
+			}
+
+			const fp = path.join(this.filepath, f);
+			const v = fs.readFileSync(fp, 'utf-8');
+			const inid = ini.decode(v);
+			const inik = Object.keys(inid);
+			for (let j = 0; j < inik.length; j++) {
+				const k_section = inik[j]
+				const k = k_section.toUpperCase();
+				Object.keys(inid[k_section]).forEach((k_directive) => {
+					const kk = k_directive.toUpperCase();
+					const kkk = k + '_' + kk;
+
+					let r = inid[k_section][k_directive];
+					const k_env = this.env_prefix + kkk
+					const env = process.env[k_env];
+					if (env !== undefined) {
+						console.debug('Environment variable ' + k_env + ' overrides ' + kkk);
+						r = env;
+					}
+					this.store[kkk] = r;
+				});
+			}
+		}
+	}
+
+	public get(s:string) {
+		return this.store[s];
+	}
+
+	public toString() {
+		let s = '';
+		Object.keys(this.store).forEach((k) => {
+			s += k + '=' + this.store[k] + '\n';
+		});
+		return s;
+	}	
+}
+
+export { Config };

apps/cic-meta/src/constants.ts

@@ -0,0 +1,38 @@
+import { JSONSerializable } from './format';
+
+const ENGINE_NAME = 'automerge';
+const ENGINE_VERSION = '0.14.1';
+
+const NETWORK_NAME = 'cic';
+const NETWORK_VERSION = '1';
+
+const CRYPTO_NAME = 'pgp';
+const CRYPTO_VERSION = '2';
+
+type VersionedSpec = {
+	name:		string
+	version: 	string
+	ext?:		Object
+}
+
+const engineSpec:VersionedSpec = {
+	name: ENGINE_NAME,
+	version: ENGINE_VERSION,			
+}
+
+const cryptoSpec:VersionedSpec = {
+	name: CRYPTO_NAME,
+	version: CRYPTO_VERSION,
+}
+
+const networkSpec:VersionedSpec = {
+	name: NETWORK_NAME,
+	version: NETWORK_VERSION,
+}
+
+export {
+	engineSpec,
+	cryptoSpec,
+	networkSpec,
+	VersionedSpec,
+};

apps/cic-meta/src/crypto.ts

@@ -0,0 +1,27 @@
+import * as crypto from 'crypto';
+
+const _algs = {
+	'SHA-256': 'sha256',
+}
+
+function cryptoWrapper() {
+}
+
+cryptoWrapper.prototype.digest = async function(s, d) {
+	const h = crypto.createHash(_algs[s]);
+	h.update(d);
+	return h.digest();
+}
+
+let subtle = undefined;
+if (typeof window !== 'undefined') {
+	subtle = window.crypto.subtle;
+} else {
+	subtle = new cryptoWrapper();
+}
+
+
+export {
+	subtle,
+}
+

apps/cic-meta/src/db.ts

@@ -0,0 +1,90 @@
+import * as pg from 'pg';
+import * as sqlite from 'sqlite3';
+
+type DbConfig = {
+	name:		string
+	host:		string
+	port:		number
+	user:		string
+	password:	string	
+}
+
+interface DbAdapter {
+	query:	(s:string, callback:(e:any, rs:any) => void) => void
+	close: 	() => void
+}
+
+const re_creatematch = /^(CREATE)/i
+const re_getmatch = /^(SELECT)/i;
+const re_setmatch = /^(INSERT|UPDATE)/i;
+
+class SqliteAdapter implements DbAdapter {
+
+	db:		any
+
+	constructor(dbConfig:DbConfig, callback?:(any) => void) {
+		this.db = new sqlite.Database(dbConfig.name); //, callback);
+	}
+
+	public query(s:string, callback:(e:any, rs?:any) => void): void {
+		const local_callback = (e, rs) => {
+			let r = undefined;
+			if (rs !== undefined) {
+				r = {
+					rowCount: rs.length,
+					rows: rs,
+				}
+			}
+			callback(e, r);
+		};
+		if (s.match(re_getmatch)) {
+			this.db.all(s, local_callback);
+		} else if (s.match(re_setmatch)) {
+			this.db.run(s, local_callback);
+		} else if (s.match(re_creatematch)) {
+			this.db.run(s, callback);
+		} else {
+			throw 'unhandled query';
+		}
+	}
+
+	public close() {
+		this.db.close();
+	}
+}
+
+class PostgresAdapter implements DbAdapter {
+
+	db:		any
+
+	constructor(dbConfig:DbConfig) {
+		let o = dbConfig;
+		o['database'] = o.name;
+		this.db = new pg.Pool(o);
+		return this.db;
+	}
+
+	public query(s:string, callback:(e:any, rs:any) => void): void {
+		this.db.query(s, (e, rs) => {
+			let r = {
+				length: rs.rowCount,
+			}
+			rs.length = rs.rowCount;
+			if (e === undefined) {
+				e = null;
+			}
+			console.debug(e, rs);
+			callback(e, rs);
+		});
+	}
+
+	public close() {
+		this.db.end();
+	}
+}
+
+export {
+	DbConfig,
+	SqliteAdapter,
+	PostgresAdapter,
+}

apps/cic-meta/src/digest.ts

@@ -0,0 +1,68 @@
+import * as crypto from './crypto';
+
+interface Addressable {
+	key(): string
+	digest(): string
+}
+
+function stringToBytes(s:string) {
+	const a = new Uint8Array(20);
+	let j = 2;
+	for (let i = 0; i < a.byteLength; i++) {
+		const n = parseInt(s.substring(j, j+2), 16);
+		a[i] = n;
+		j += 2;
+	}
+	return a;
+}
+
+function bytesToHex(a:Uint8Array) {
+	let s = '';
+	for (let i = 0; i < a.byteLength; i++) {
+		const h = '00' + a[i].toString(16);
+		s += h.slice(-2);
+	}
+	return s;
+}
+
+async function mergeKey(a:Uint8Array, s:Uint8Array) {
+	const y = new Uint8Array(a.byteLength + s.byteLength);
+	for (let i = 0; i < a.byteLength; i++) {
+		y[i] = a[i];
+	}
+	for (let i = 0; i < s.byteLength; i++) {
+		y[a.byteLength + i] = s[i];
+	}
+	const z = await crypto.subtle.digest('SHA-256', y);
+	return bytesToHex(new Uint8Array(z));
+}
+
+async function toKey(v:string, salt:string) {
+	const a = stringToBytes(v);
+	const s = new TextEncoder().encode(salt);
+	return await mergeKey(a, s);
+}
+
+
+async function toAddressKey(zeroExHex:string, salt:string) {
+	const a = addressToBytes(zeroExHex);
+	const s = new TextEncoder().encode(salt);
+	return await mergeKey(a, s);
+}
+
+const re_addrHex = /^0[xX][a-fA-F0-9]{40}$/;
+function addressToBytes(s:string) {
+	if (!s.match(re_addrHex)) {
+		throw 'invalid address hex';
+	}
+	return stringToBytes(s);
+}
+
+export {
+	toKey,
+	toAddressKey,
+	mergeKey,
+	bytesToHex,
+	addressToBytes,
+	Addressable,
+}

apps/cic-meta/src/dispatch.ts

@@ -0,0 +1,58 @@
+import { v4 as uuidv4 } from 'uuid';
+import { Syncable } from './sync';
+import { Store } from './store';
+import { PubSub } from './transport';
+
+function toIndexKey(id:string):string {
+	const d = Date.now();
+	return d + '_' + id + '_' + uuidv4();
+}
+
+const _re_indexKey = /^\d+_(.+)_[-\d\w]+$/;
+function fromIndexKey(s:string):string {
+	const m = s.match(_re_indexKey);
+	if (m === null) {
+		throw 'Invalid index key';
+	}
+	return m[1];
+}
+
+class Dispatcher {
+
+	idx:		Array<string>
+	syncer:		PubSub
+	store:		Store
+
+	constructor(store:Store, syncer:PubSub) {
+		this.idx = new Array<string>()
+		this.syncer = syncer;
+		this.store = store;
+	}
+
+	public isDirty(): boolean {
+		return this.idx.length > 0;
+	}
+
+	public add(id:string, item:Syncable): string {
+		const v = item.toJSON();
+		const k = toIndexKey(id);
+		this.store.put(k, v, true);
+		localStorage.setItem(k, v);
+		this.idx.push(k);
+		return k;
+	}
+
+	public sync(offset:number): number {
+		let i = 0;
+		this.idx.forEach((k) => {
+			const v = localStorage.getItem(k);
+			const k_id = fromIndexKey(k);
+			this.syncer.pub(v); // this must block until guaranteed delivery
+			localStorage.removeItem(k);
+			i++;
+		});
+		return i;
+	}
+}
+
+export { Dispatcher, toIndexKey, fromIndexKey }

apps/cic-meta/src/format.ts

@@ -0,0 +1,5 @@
+interface JSONSerializable {
+	toJSON(): string
+}
+
+export { JSONSerializable };

apps/cic-meta/src/index.ts

@@ -1,2 +1,5 @@
-export { User } from './user';
-export { Phone } from './phone';
+export { PGPSigner, PGPKeyStore, Signer, KeyStore } from './auth';
+export { ArgPair,  Envelope, Syncable } from './sync';
+export { User } from './assets/user';
+export { Phone } from './assets/phone';
+export { Config } from './config';

apps/cic-meta/src/store.ts

@@ -0,0 +1,9 @@
+import { Syncable } from './sync';
+
+interface Store {
+	put(string, Syncable, boolean?)
+	get(string):Syncable
+	delete(string)
+}
+
+export { Store };

apps/cic-meta/src/sync.ts

@@ -0,0 +1,266 @@
+import * as Automerge from 'automerge';
+
+import { JSONSerializable } from './format';
+
+import { Authoritative, Signer, PGPSigner, Signable, Signature } from './auth';
+
+import { engineSpec, cryptoSpec, networkSpec, VersionedSpec  } from './constants';
+
+const fullSpec:VersionedSpec = {
+	name: 'cic',
+	version: '1',
+	ext: {
+		network: cryptoSpec,
+		engine: engineSpec,
+	},
+}
+
+class Envelope {
+
+	o = fullSpec
+
+	constructor(payload:Object) {
+		this.set(payload);
+	}
+
+	public set(payload:Object) {
+		this.o['payload'] = payload
+	}
+
+	public get():string {
+		return this.o['payload'];
+	}
+
+	public toJSON() {
+		return JSON.stringify(this.o);
+	}
+
+	public static fromJSON(s:string): Envelope {
+		const e = new Envelope(undefined);
+		e.o = JSON.parse(s);
+		return e;
+	}
+
+	public unwrap(): Syncable {
+		return Syncable.fromJSON(this.o['payload']);
+	}
+}
+
+class ArgPair {
+
+	k:string
+	v:any
+
+	constructor(k:string, v:any) {
+		this.k = k;
+		this.v = v;
+	}
+}
+
+class SignablePart implements Signable {
+
+	s: string
+
+	constructor(s:string) {
+		this.s = s;
+	}
+
+	public digest():string {
+		return this.s;
+	}
+}
+
+function orderDict(src) {
+	let dst;
+	if (Array.isArray(src)) {
+		dst = [];
+		src.forEach((v) => {
+			if (typeof(v) == 'object') {
+				v = orderDict(v);
+			}
+			dst.push(v);
+		});
+	} else {
+		dst = {}
+		Object.keys(src).sort().forEach((k) => {
+			let v = src[k];
+			if (typeof(v) == 'object') {
+				v = orderDict(v);
+			}
+			dst[k] = v;
+		});
+	} 
+	return dst;
+}
+
+class Syncable implements JSONSerializable, Authoritative, Signable {
+
+	id:		string
+	timestamp:	number
+	m:		any // automerge object
+	e:		Envelope
+	signer:		Signer
+	onwrap: 	(string) => void
+	onauthenticate:	(boolean) => void
+
+	// TODO: Move data to sub-object so timestamp, id, signature don't collide
+	constructor(id:string, v:Object) {
+		this.id = id;
+		const o = {
+			'id': id,
+			'timestamp': Math.floor(Date.now() / 1000),
+			'data': v,
+		}
+		//this.m = Automerge.from(v)
+		this.m = Automerge.from(o)
+	}
+
+	public setSigner(signer:Signer) {
+		this.signer = signer;
+		this.signer.onsign = (s) => {
+			this.wrap(s);
+		};
+	}
+
+	// TODO: To keep integrity, the non-link key/value pairs for each step also need to be hashed
+	public digest(): string {
+		const links = [];
+		Automerge.getAllChanges(this.m).forEach((ch:Object) => {
+			const op:Array<any> = ch['ops'];
+			ch['ops'].forEach((op:Array<Object>) => {
+				if (op['action'] == 'link') {
+					//console.log('op link', op);
+					links.push([op['obj'], op['value']]);
+				}
+			});
+		});
+		//return JSON.stringify(links);
+		const j = JSON.stringify(links);
+		return Buffer.from(j).toString('base64');
+	}
+
+	private wrap(s:any) {
+		this.m = Automerge.change(this.m, 'sign', (doc) => {
+			doc['signature'] = s;
+		});
+		this.e = new Envelope(this.toJSON());
+		console.log('wrappin s', s, typeof(s));
+		this.e.o['digest'] = s.digest;
+		if (this.onwrap !== undefined) {
+			this.onwrap(this.e);
+		}
+
+	}
+
+//	private _verifyLoop(i:number, history:Array<any>, signable:Signable, result:boolean) {
+//		if (!result) {
+//			this.onauthenticate(false);
+//			return;
+//		} else if (history.length == 0) {
+//			this.onauthenticate(true);
+//			return;
+//		}
+//		const h = history.shift()
+//		if (i % 2 == 0) {
+//			i++;
+//			signable = {
+//				digest: () => {
+//					return Automerge.save(h.snapshot)
+//				},
+//			};
+//			this._verifyLoop(i, history, signable, true);
+//		} else {
+//			i++;
+//			const signature = h.snapshot['signature'];
+//			console.debug('signature', signature, signable.digest());
+//			this.signer.onverify = (v) => {
+//				this._verifyLoop(i, history, signable, v)
+//			}
+//			this.signer.verify(signable, signature);
+//		}
+//	}
+//
+//	// TODO: This should replay the graph and check signatures on each step
+//	public _authenticate(full:boolean=false) {
+//		let h = Automerge.getHistory(this.m);
+//		h.forEach((m) => {
+//			//console.debug(m.snapshot);
+//		});
+//		const signable = {
+//			digest: () => { return '' },
+//		}
+//		if (!full) {
+//			h = h.slice(h.length-2);
+//		}
+//		this._verifyLoop(0, h, signable, true);
+//	}
+
+	public authenticate(full:boolean=false) {
+		if (full) {
+			console.warn('only doing shallow authentication for now, sorry');			
+		}
+		//console.log('authenticating', signable.digest());
+		//console.log('signature', this.m.signature);
+		this.signer.onverify = (v) => {
+			//this._verifyLoop(i, history, signable, v)
+			this.onauthenticate(v);
+		}
+		this.signer.verify(this.m.signature.digest, this.m.signature);
+	}
+
+
+	public sign() {
+		//this.signer.prepare(this);
+		this.signer.sign(this.digest());
+	}
+
+	public update(changes:Array<ArgPair>, changesDescription:string) {
+		this.m = Automerge.change(this.m, changesDescription, (m) => {
+			changes.forEach((c) => {
+				let path = c.k.split('.');
+				let target = m['data'];
+				while (path.length > 1) {
+					const part = path.shift();
+					target = target[part];
+				}
+				target[path[0]] = c.v;
+			});
+			m['timestamp'] = Math.floor(Date.now() / 1000);
+		});
+	}
+
+	public replace(o:Object, changesDescription:string) {
+		this.m = Automerge.change(this.m, changesDescription, (m) => {
+			Object.keys(o).forEach((k) => {
+				m['data'][k] = o[k];
+			});
+			Object.keys(m).forEach((k) => {
+				if (o[k] == undefined) {
+					delete m['data'][k];
+				}
+			});
+			m['timestamp'] = Math.floor(Date.now() / 1000);
+		});
+	}
+
+	public merge(s:Syncable) {
+		this.m = Automerge.merge(s.m, this.m);
+	}
+
+	public toJSON(): string {
+		const s = Automerge.save(this.m);
+		const o = JSON.parse(s);
+		const oo = orderDict(o)
+		return JSON.stringify(oo);
+
+	}
+
+	public static fromJSON(s:string): Syncable {
+		const doc = Automerge.load(s);
+		let y = new Syncable(doc['id'], {});
+		y.m = doc
+		return y
+	}
+}
+
+export { JSONSerializable, Syncable, ArgPair, Envelope };

apps/cic-meta/src/transport.ts

@@ -0,0 +1,11 @@
+interface SubConsumer {
+	post(string)
+}
+
+interface PubSub {
+	pub(v:string):boolean
+	close()
+}
+
+export { PubSub, SubConsumer };
+

apps/cic-meta/tests/1_basic.ts

@@ -0,0 +1,50 @@
+import * as Automerge from 'automerge';
+import assert = require('assert');
+
+import { Dispatcher, toIndexKey, fromIndexKey } from '../src/dispatch';
+import { User } from '../src/assets/user';
+import { Syncable, ArgPair } from '../src/sync';
+
+import { MockSigner, MockStore } from './mock';
+
+describe('basic', () => {
+
+	it('store', () => {
+		const store = new MockStore('s');
+		assert.equal(store.name, 's');
+
+		const mockSigner = new MockSigner();
+		const v = new Syncable('foo', {baz: 42});
+		v.setSigner(mockSigner);
+		store.put('foo', v);
+		const one = store.get('foo').toJSON();
+		const vv = new Syncable('bar', {baz: 666});
+		vv.setSigner(mockSigner);
+		assert.throws(() => {
+			store.put('foo', vv)
+		});
+		store.put('foo', vv, true);
+		const other = store.get('foo').toJSON();
+		assert.notEqual(one, other);
+		store.delete('foo');
+		assert.equal(store.get('foo'), undefined);
+	});
+
+	it('add_doc_to_dispatcher', () => {
+		const store = new MockStore('s');
+		//const syncer = new MockSyncer();
+		const dispatcher = new Dispatcher(store, undefined);
+		const user = new User('foo'); 
+		dispatcher.add(user.id, user);
+		assert(dispatcher.isDirty());
+	});
+
+	it('dispatch_keyindex', () => {
+		const s = 'foo';
+		const k = toIndexKey(s);
+		const v = fromIndexKey(k);
+		assert.equal(s, v);
+	});
+
+
+});

apps/cic-meta/tests/2_sync.ts

@@ -0,0 +1,212 @@
+import * as Automerge from 'automerge';
+import assert = require('assert');
+
+import * as pgp from 'openpgp';
+import * as fs from 'fs';
+
+import { PGPSigner } from '../src/auth';
+
+import { Syncable, ArgPair } from '../src/sync';
+
+import { MockKeyStore, MockSigner } from './mock';
+
+
+describe('sync', async () => {
+	it('sync_merge', () => {
+		const mockSigner = new MockSigner();
+		const s = new Syncable('foo', {
+			bar: 'baz',
+		});
+		s.setSigner(mockSigner);
+		const changePair = new ArgPair('xyzzy', 42);
+		s.update([changePair], 'ch-ch-cha-changes');
+		assert.equal(s.m.data['xyzzy'], 42)
+		assert.equal(s.m.data['bar'], 'baz')
+		assert.equal(s.m['id'], 'foo')
+		assert.equal(Automerge.getHistory(s.m).length, 2);
+	});
+
+	it('sync_serialize', () => {
+		const mockSigner = new MockSigner();
+		const s = new Syncable('foo', {
+			bar: 'baz',
+		});
+		s.setSigner(mockSigner);
+		const j = s.toJSON();
+		const ss = Syncable.fromJSON(j);
+		assert.equal(ss.m['id'], 'foo');
+		assert.equal(ss.m['data']['bar'], 'baz');
+		assert.equal(Automerge.getHistory(ss.m).length, 1);
+	});
+
+	it('sync_sign_and_wrap', () => {
+		const mockSigner = new MockSigner();
+		const s = new Syncable('foo', {
+			bar: 'baz',
+		});
+		s.setSigner(mockSigner);
+		s.onwrap = (e) => {
+			const j = e.toJSON();
+			const v = JSON.parse(j);
+			assert.deepEqual(v.payload, e.o.payload);
+
+		}
+		s.sign();
+	});
+	it('sync_verify_success', async () => {
+		const pksa = fs.readFileSync(__dirname + '/privatekeys.asc');
+		const pks = await pgp.key.readArmored(pksa);
+		await pks.keys[0].decrypt('merman');
+		await pks.keys[1].decrypt('beastman');
+
+		const pubksa = fs.readFileSync(__dirname + '/publickeys.asc');
+		const pubks = await pgp.key.readArmored(pubksa);
+
+		const oneStore = new MockKeyStore(pks.keys[0], pubks.keys);
+		const twoStore = new MockKeyStore(pks.keys[1], pubks.keys);
+		const threeStore = new MockKeyStore(pks.keys[2], [pubks.keys[0], pubks.keys[2]]);
+
+		const oneSigner = new PGPSigner(oneStore);
+		const twoSigner = new PGPSigner(twoStore);
+		const threeSigner = new PGPSigner(threeStore);
+
+		const x = new Syncable('foo', {
+			bar: 'baz',		  
+		});
+		x.setSigner(oneSigner);
+
+		// TODO: make this look better
+		x.onwrap = (e) => {
+			let updateData = new ArgPair('bar', 'xyzzy');
+			x.update([updateData], 'change one');
+
+			x.onwrap = (e) => {
+				x.setSigner(twoSigner);
+				updateData = new ArgPair('bar', 42);
+				x.update([updateData], 'change two');
+
+				x.onwrap = (e) => {
+					const p = e.unwrap();
+					p.setSigner(twoSigner);
+					p.onauthenticate = (v) => {
+						assert(v);
+					}
+					p.authenticate();
+				}
+
+				x.sign();
+			};
+
+			x.sign();
+		}
+
+		x.sign();
+
+	});
+
+	it('sync_verify_fail', async () => {
+		const pksa = fs.readFileSync(__dirname + '/privatekeys.asc');
+		const pks = await pgp.key.readArmored(pksa);
+		await pks.keys[0].decrypt('merman');
+		await pks.keys[1].decrypt('beastman');
+
+		const pubksa = fs.readFileSync(__dirname + '/publickeys.asc');
+		const pubks = await pgp.key.readArmored(pubksa);
+
+		const oneStore = new MockKeyStore(pks.keys[0], pubks.keys);
+		const twoStore = new MockKeyStore(pks.keys[1], pubks.keys);
+		const threeStore = new MockKeyStore(pks.keys[2], [pubks.keys[0], pubks.keys[2]]);
+
+		const oneSigner = new PGPSigner(oneStore);
+		const twoSigner = new PGPSigner(twoStore);
+		const threeSigner = new PGPSigner(threeStore);
+
+		const x = new Syncable('foo', {
+			bar: 'baz',		  
+		});
+		x.setSigner(oneSigner);
+
+		// TODO: make this look better
+		x.onwrap = (e) => {
+			let updateData = new ArgPair('bar', 'xyzzy');
+			x.update([updateData], 'change one');
+
+			x.onwrap = (e) => {
+				x.setSigner(twoSigner);
+				updateData = new ArgPair('bar', 42);
+				x.update([updateData], 'change two');
+
+				x.onwrap = (e) => {
+					const p = e.unwrap();
+					p.setSigner(threeSigner);
+					p.onauthenticate = (v) => {
+						assert(!v);
+					}
+					p.authenticate();
+				}
+
+				x.sign();
+			};
+
+			x.sign();
+		}
+
+		x.sign();
+
+	});
+
+	xit('sync_verify_shallow_tricked', async () => {
+		const pksa = fs.readFileSync(__dirname + '/privatekeys.asc');
+		const pks = await pgp.key.readArmored(pksa);
+		await pks.keys[0].decrypt('merman');
+		await pks.keys[1].decrypt('beastman');
+
+		const pubksa = fs.readFileSync(__dirname + '/publickeys.asc');
+		const pubks = await pgp.key.readArmored(pubksa);
+
+		const oneStore = new MockKeyStore(pks.keys[0], pubks.keys);
+		const twoStore = new MockKeyStore(pks.keys[1], pubks.keys);
+		const threeStore = new MockKeyStore(pks.keys[2], [pubks.keys[0], pubks.keys[2]]);
+
+		const oneSigner = new PGPSigner(oneStore);
+		const twoSigner = new PGPSigner(twoStore);
+		const threeSigner = new PGPSigner(threeStore);
+
+		const x = new Syncable('foo', {
+			bar: 'baz',		  
+		});
+		x.setSigner(twoSigner);
+
+		// TODO: make this look better
+		x.onwrap = (e) => {
+			let updateData = new ArgPair('bar', 'xyzzy');
+			x.update([updateData], 'change one');
+
+			x.onwrap = (e) => {
+				updateData = new ArgPair('bar', 42);
+				x.update([updateData], 'change two');
+				x.setSigner(oneSigner);
+
+				x.onwrap = (e) => {
+					const p = e.unwrap();
+					p.setSigner(threeSigner);
+					p.onauthenticate = (v) => {
+						assert(v);
+						p.onauthenticate = (v) => {
+							assert(!v);
+						}
+						p.authenticate(true);
+					}
+					p.authenticate();
+				}
+
+				x.sign();
+			};
+
+			x.sign();
+		}
+
+		x.sign();
+
+	});
+});

apps/cic-meta/tests/3_transport.ts

@@ -0,0 +1,14 @@
+import * as assert from 'assert';
+
+import { MockPubSub, MockConsumer } from './mock';
+
+describe('transport', () => {
+	it('pub_sub', () => {
+		const c = new MockConsumer();
+		const ps = new MockPubSub('foo', c);
+		ps.pub('foo');	
+		ps.pub('bar');
+		ps.flush();
+		assert.deepEqual(c.omnoms, ['foo', 'bar']);
+	});
+});

apps/cic-meta/tests/4_auth.ts

@@ -0,0 +1,46 @@
+import assert = require('assert');
+import pgp = require('openpgp');
+import crypto  = require('crypto');
+
+import { Syncable, ArgPair } from '../src/sync';
+
+import { MockKeyStore, MockSignable } from './mock';
+
+import { PGPSigner } from '../src/auth';
+
+
+describe('auth', async () => {
+	await it('digest', async () => {
+		const opts = {
+			userIds: [
+				{
+					name: 'John Marston',
+					email: 'red@dead.com',
+				},
+			],
+			numBits: 2048,
+			passphrase: 'foo',
+		};
+		const pkgen = await pgp.generateKey(opts);
+		const pka = pkgen.privateKeyArmored;
+		const pks = await pgp.key.readArmored(pka);
+		await pks.keys[0].decrypt('foo');
+		const pubka = pkgen.publicKeyArmored;
+		const pubks = await pgp.key.readArmored(pubka);
+		const keyStore = new MockKeyStore(pks.keys[0], pubks.keys);
+		const s = new PGPSigner(keyStore);
+
+		const message = await pgp.cleartext.fromText('foo');
+		s.onverify = (ok) => {
+			assert(ok);
+		}
+		s.onsign = (signature) => {
+			s.onverify((v) => {
+				console.log('bar', v);
+			});
+			s.verify('foo', signature);
+		}
+		
+		await s.sign('foo');
+	});
+});	

apps/cic-meta/tests/999_functional.ts

@@ -0,0 +1,47 @@
+import * as assert from 'assert';
+import * as pgp from 'openpgp';
+
+import { Dispatcher } from '../src/dispatch';
+import { User } from '../src/assets/user';
+import { PGPSigner, KeyStore } from '../src/auth';
+import { SubConsumer } from '../src/transport';
+
+import { MockStore, MockPubSub, MockConsumer, MockKeyStore } from './mock';
+
+async function createKeyStore() {
+	const opts = {
+		userIds: [
+			{
+				name: 'John Marston',
+				email: 'red@dead.com',
+			},
+		],
+		numBits: 2048,
+		passphrase: 'foo',
+	};
+	const pkgen = await pgp.generateKey(opts);
+	const pka = pkgen.privateKeyArmored;
+	const pks = await pgp.key.readArmored(pka);
+	await pks.keys[0].decrypt('foo');
+	return new MockKeyStore(pks.keys[0], []);
+}
+
+describe('fullchain', async () => {
+	it('dispatch_and_publish_user', async () => {
+		const g = await createKeyStore();
+		const n = new PGPSigner(g);
+		const u = new User('u1', {});
+		u.setSigner(n);
+		u.setName('Nico', 'Bellic');
+		const s = new MockStore('fooStore');
+		const c = new MockConsumer();
+		const p = new MockPubSub('fooPubSub', c);
+		const d = new Dispatcher(s, p);
+		u.onwrap = (e) => {
+			d.add(u.id, e);
+			d.sync(0);
+			assert.equal(p.pubs.length, 1);
+		};
+		u.sign();
+	});
+});

apps/cic-meta/tests/mock.ts

@@ -0,0 +1,150 @@
+import * as crypto from 'crypto';
+
+import { Signable, Signature, KeyStore } from '../src/auth';
+import { Store } from '../src/store';
+import { PubSub, SubConsumer } from '../src/transport';
+import { Syncable } from '../src/sync';
+
+class MockStore implements Store {
+	
+	contents:	Object
+	name:		string
+
+	constructor(name:string) {
+		this.name = name;
+		this.contents = {};
+	}
+
+	public put(k:string, v:Syncable, existsOk = false) {
+		if (!existsOk && this.contents[k] !== undefined) {
+			throw '"' + k + '" already exists in store ' + this.name;
+		} 
+		this.contents[k] = v;
+	}
+
+	public get(k:string): Syncable {
+		return this.contents[k];
+	}
+
+	public delete(k:string) {
+		delete this.contents[k];
+	}
+}
+
+class MockSigner {
+	onsign: (string) => void
+	onverify: (boolean) => void
+	public verify(src:string, signature:Signature) {
+		return true;
+	}
+
+	public sign(s:string):boolean {
+		this.onsign('there would be a signature here');
+		return true;
+	}
+
+	public prepare(m:Signable):boolean {
+		return true;
+	}
+
+	public fingerprint():string {
+		return '';
+	}
+}
+
+class MockConsumer implements SubConsumer {
+
+	omnoms:	Array<string>
+
+	constructor() {
+		this.omnoms = Array<string>();
+	}
+
+	public post(v:string) {
+		this.omnoms.push(v);
+	}
+}
+
+class MockPubSub implements PubSub {
+
+	pubs:		Array<string>
+	consumer:	SubConsumer
+
+	constructor(name:string, consumer:SubConsumer) {
+		this.pubs = Array<string>();	
+		this.consumer = consumer;
+	}
+	
+	public pub(v:string): boolean {
+		this.pubs.push(v);
+		return true;
+	}
+
+	public flush() {
+		while (this.pubs.length > 0) {
+			const s = this.pubs.shift();
+			this.consumer.post(s);
+		}
+	}
+
+	public close() {
+	}
+}
+
+class MockSignable implements Signable {
+
+	src:	string
+	dst:	string
+
+	constructor(src:string) {
+		this.src = src;
+	}
+
+	public digest():string {
+		const h = crypto.createHash('sha256');
+		h.update(this.src);
+		this.dst= h.digest('hex');
+		return this.dst;
+	}
+
+}
+
+class MockKeyStore implements KeyStore {
+
+	pk: any
+	pubks: Array<any>
+
+	constructor(pk:any, pubks:Array<any>) {
+		this.pk = pk;
+		this.pubks = pubks;	
+	}
+
+	public getPrivateKey(): any {
+		return this.pk;
+	}
+
+	public getTrustedKeys(): Array<any> {
+		return this.pubks;
+	}
+
+	public getTrustedActiveKeys(): Array<any> {
+		return [];
+	}
+
+	public getEncryptKeys(): Array<any> {
+		return [];
+	}
+
+	public getFingerprint(): string {
+		return '';
+	}
+}
+
+export {
+	MockStore,
+	MockPubSub,
+	MockConsumer,
+	MockSignable,
+	MockKeyStore,
+	MockSigner,
+};

apps/cic-meta/tests/server.ts

@@ -1,10 +1,13 @@
+import Automerge = require('automerge');
 import assert = require('assert');
 import fs = require('fs');
 import pgp = require('openpgp');
 import sqlite = require('sqlite3');
 
 import * as handlers from '../scripts/server/handlers';
-import { Envelope, Syncable, ArgPair, PGPKeyStore, PGPSigner, KeyStore, Signer, SqliteAdapter } from 'crdt-meta';
+import { Envelope, Syncable, ArgPair } from '../src/sync';
+import { PGPKeyStore, PGPSigner, KeyStore, Signer } from '../src/auth';
+import { SqliteAdapter } from '../src/db';
 
 function createKeystore() {
 	const pksa = fs.readFileSync(__dirname + '/privatekeys.asc', 'utf-8');

apps/cic-ussd/.config/app.ini

@@ -20,5 +20,5 @@ TRANSITIONS=/usr/src/cic-ussd/transitions/
 
 [client]
 host =
-port = 
+port =
 ssl =

apps/contract-migration/docker/Dockerfile

@@ -60,19 +60,16 @@ ARG pip_extra_index_url=https://pip.grassrootseconomics.net:8433
 ARG cic_base_version=0.1.2a77
 ARG cic_eth_version=0.11.0b6
 ARG sarafu_faucet_version=0.0.2a28
-ARG sarafu_token_version==0.0.1a6
 ARG cic_contracts_version=0.0.2a2
 RUN pip install --user --extra-index-url $pip_extra_index_url cic-base[full_graph]==$cic_base_version \
 	cic-eth==$cic_eth_version \
 	cic-contracts==$cic_contracts_version \
-	sarafu-faucet==$sarafu_faucet_version \
-	sarafu-token==$sarafu_token_version
+	sarafu-faucet==$sarafu_faucet_version
 
 FROM python:3.8.6-slim-buster as runtime-image
 
 RUN apt-get update
-RUN apt-get install -y --no-install-recommends gnupg libpq-dev 
-RUN apt-get install -y --no-install-recommends jq
+RUN apt-get install -y --no-install-recommends gnupg libpq-dev
 
 COPY --from=compile-image /usr/local/bin/ /usr/local/bin/
 COPY --from=compile-image /usr/local/etc/cic/ /usr/local/etc/cic/

apps/contract-migration/reset.sh

@@ -2,112 +2,82 @@
 
 set -a
 
-CIC_CHAIN_SPEC=${CIC_CHAIN_SPEC:-evm:bloxberg:8995}
-DEV_TOKEN_TYPE=${DEV_TOKEN_TYPE:-giftable}
+DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER=0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C
 DEV_ETH_ACCOUNT_RESERVE_MINTER=${DEV_ETH_ACCOUNT_RESERVE_MINTER:-$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER}
 DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER=${DEV_ETH_ACCOUNT_RESERVE_MINTER:-$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER}
 DEV_RESERVE_AMOUNT=${DEV_ETH_RESERVE_AMOUNT:-""10000000000000000000000000000000000}
-DEV_FAUCET_AMOUNT=${DEV_FAUCET_AMOUNT:-0}
-DEV_ETH_KEYSTORE_FILE=${DEV_ETH_KEYSTORE_FILE:-`realpath ./keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c`}
-
-set -e
-
-DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER=`eth-checksum $(cat $DEV_ETH_KEYSTORE_FILE | jq -r .address)`
-
-if [ ! -z $DEV_ETH_GAS_PRICE ]; then
-	gas_price_arg="--gas-price $DEV_ETH_GAS_PRICE"
-	>&2 echo using static gas price $DEV_ETH_GAS_PRICE
-fi
-
-if [[ $DEV_TOKEN_TYPE != 'giftable' && $DEV_TOKEN_TYPE != 'sarafu' ]]; then
-	echo $DEV_TOKEN_TYPE
-	>&2 echo DEV_TOKEN_TYPE must be one of [giftable,sarafu]
-	exit 1
-fi
+faucet_amount=${DEV_FAUCET_AMOUNT:-0}
+keystore_file=$(realpath ./keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c)
 
 echo "environment:"
 printenv
 echo \n
 
-echo "using wallet address '$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER' from keystore file $DEV_ETH_KEYSTORE_FILE"
-
 # This is a grassroots team convention for building the Bancor contracts using the bancor protocol repository truffle setup
 # Running this in docker-internal dev container (built from Docker folder in this repo) will write a
 # source-able env file to CIC_DATA_DIR. Services dependent on these contracts can mount this file OR 
 # define these parameters at runtime
 # pushd /usr/src
 
-if [ -z $CIC_DATA_DIR ]; then
-	CIC_DATA_DIR=`mktemp -d`
-fi
->&2 echo using data dir $CIC_DATA_DIR
-
 init_level_file=${CIC_DATA_DIR}/.init
 if [ ! -f ${CIC_DATA_DIR}/.init ]; then
   echo "Creating .init file..."
   mkdir -p $CIC_DATA_DIR
-  touch $CIC_DATA_DIR/.init
+  touch /tmp/cic/config/.init
 #   touch $init_level_file
 fi
 echo -n 1 > $init_level_file
 
 # Abort on any error (including if wait-for-it fails).
+set -e
 
 # Wait for the backend to be up, if we know where it is.
 if [[ -n "${ETH_PROVIDER}" ]]; then
+	echo "waiting for ${ETH_PROVIDER}..."
+  	./wait-for-it.sh "${ETH_PROVIDER_HOST}:${ETH_PROVIDER_PORT}"
 
-	if [ ! -z "$DEV_USE_DOCKER_WAIT_SCRIPT" ]; then
-		echo "waiting for ${ETH_PROVIDER}..."
-		./wait-for-it.sh "${ETH_PROVIDER_HOST}:${ETH_PROVIDER_PORT}"
-	fi
+	DEV_RESERVE_ADDRESS=`giftable-token-deploy -p $ETH_PROVIDER -y $keystore_file -i $CIC_CHAIN_SPEC -v -w --name "Sarafu" --symbol "SRF" --decimals 6`
+	giftable-token-gift -p $ETH_PROVIDER -y $keystore_file -i $CIC_CHAIN_SPEC -v -w -a $DEV_RESERVE_ADDRESS $DEV_RESERVE_AMOUNT
 
-	if [ $DEV_TOKEN_TYPE == 'giftable' ]; then
-		>&2 echo "deploying 'giftable token'"
-		DEV_RESERVE_ADDRESS=`giftable-token-deploy $gas_price_arg -p $ETH_PROVIDER -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -vv -w --name "Giftable Token" --symbol "GFT" --decimals 6 -vv`
-	else
-		>&2 echo "deploying 'sarafu' token'"
-		DEV_RESERVE_ADDRESS=`sarafu-token-deploy $gas_price_arg -p $ETH_PROVIDER -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -vv -w --name "Sarafu" --decimals 6 -vv SRF $DEV_SARAFU_DEMURRAGE_LEVEL`
-	fi
-	giftable-token-gift $gas_price_arg -p $ETH_PROVIDER -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -vv -w -a $DEV_RESERVE_ADDRESS $DEV_RESERVE_AMOUNT
-
-	#BANCOR_REGISTRY_ADDRESS=`cic-bancor-deploy $gas_price_arg --bancor-dir /usr/local/share/cic/bancor -z $DEV_ETH_RESERVE_ADDRESS -p $ETH_PROVIDER -o $DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER`
+	#BANCOR_REGISTRY_ADDRESS=`cic-bancor-deploy --bancor-dir /usr/local/share/cic/bancor -z $DEV_ETH_RESERVE_ADDRESS -p $ETH_PROVIDER -o $DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER`
 
 	>&2 echo "deploy account index contract"
-	DEV_ACCOUNT_INDEX_ADDRESS=`eth-accounts-index-deploy $gas_price_arg -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -y $DEV_ETH_KEYSTORE_FILE -vv -w`
+	DEV_ACCOUNT_INDEX_ADDRESS=`eth-accounts-index-deploy -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -y $keystore_file -vv -w`
 	>&2 echo "add deployer address as account index writer"
-	eth-accounts-index-writer $gas_price_arg -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -a $DEV_ACCOUNT_INDEX_ADDRESS -ww -vv $debug $DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER
+	eth-accounts-index-writer -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -a $DEV_ACCOUNT_INDEX_ADDRESS -ww $debug $DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER
 
-	CIC_REGISTRY_ADDRESS=`eth-contract-registry-deploy $gas_price_arg -i $CIC_CHAIN_SPEC -y $DEV_ETH_KEYSTORE_FILE --identifier BancorRegistry --identifier AccountRegistry --identifier TokenRegistry --identifier AddressDeclarator --identifier Faucet --identifier TransferAuthorization -p $ETH_PROVIDER -vv -w`
-	eth-contract-registry-set $gas_price_arg -w -y $DEV_ETH_KEYSTORE_FILE -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC  -p $ETH_PROVIDER -vv ContractRegistry $CIC_REGISTRY_ADDRESS
-	eth-contract-registry-set $gas_price_arg -w -y $DEV_ETH_KEYSTORE_FILE -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv AccountRegistry $DEV_ACCOUNT_INDEX_ADDRESS
+	CIC_REGISTRY_ADDRESS=`eth-contract-registry-deploy -i $CIC_CHAIN_SPEC -y $keystore_file --identifier BancorRegistry --identifier AccountRegistry --identifier TokenRegistry --identifier AddressDeclarator --identifier Faucet --identifier TransferAuthorization -p $ETH_PROVIDER -vv -w`
+	eth-contract-registry-set -w -y $keystore_file -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC  -p $ETH_PROVIDER -vv ContractRegistry $CIC_REGISTRY_ADDRESS
+	#cic-registry-set -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -k BancorRegistry -p $ETH_PROVIDER $BANCOR_REGISTRY_ADDRESS -vv
+	eth-contract-registry-set -w -y $keystore_file -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv AccountRegistry $DEV_ACCOUNT_INDEX_ADDRESS
 
 	# Deploy address declarator registry
 	>&2 echo "deploy address declarator contract"
 	declarator_description=0x546869732069732074686520434943206e6574776f726b000000000000000000
-	DEV_DECLARATOR_ADDRESS=`eth-address-declarator-deploy -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -vv $declarator_description`
-	eth-contract-registry-set $gas_price_arg -w -y $DEV_ETH_KEYSTORE_FILE -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv AddressDeclarator $DEV_DECLARATOR_ADDRESS
+	DEV_DECLARATOR_ADDRESS=`eth-address-declarator-deploy -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -v $declarator_description`
+	eth-contract-registry-set -w -y $keystore_file -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv AddressDeclarator $DEV_DECLARATOR_ADDRESS
 
 	# Deploy transfer authorization contact
 	>&2 echo "deploy address declarator contract"
-	DEV_TRANSFER_AUTHORIZATION_ADDRESS=`erc20-transfer-auth-deploy $gas_price_arg -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -vv`
-	eth-contract-registry-set $gas_price_arg -w -y $DEV_ETH_KEYSTORE_FILE -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC  -p $ETH_PROVIDER -vv TransferAuthorization $DEV_TRANSFER_AUTHORIZATION_ADDRESS
+	DEV_TRANSFER_AUTHORIZATION_ADDRESS=`erc20-transfer-auth-deploy -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -v`
+	eth-contract-registry-set -w -y $keystore_file -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC  -p $ETH_PROVIDER -vv TransferAuthorization $DEV_TRANSFER_AUTHORIZATION_ADDRESS
 
 	# Deploy token index contract
 	>&2 echo "deploy token index contract"
-	DEV_TOKEN_INDEX_ADDRESS=`eth-token-index-deploy $gas_price_arg -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -vv`
-	eth-contract-registry-set $gas_price_arg -w -y $DEV_ETH_KEYSTORE_FILE -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv TokenRegistry $DEV_TOKEN_INDEX_ADDRESS 
+	DEV_TOKEN_INDEX_ADDRESS=`eth-token-index-deploy -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -v`
+	eth-contract-registry-set -w -y $keystore_file -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv TokenRegistry $DEV_TOKEN_INDEX_ADDRESS 
 	>&2 echo "add reserve token to token index"
-	eth-token-index-add $gas_price_arg -w -y $DEV_ETH_KEYSTORE_FILE  -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv -a $DEV_TOKEN_INDEX_ADDRESS $DEV_RESERVE_ADDRESS
+	eth-token-index-add -w -y $keystore_file  -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv -a $DEV_TOKEN_INDEX_ADDRESS $DEV_RESERVE_ADDRESS
 
 	# Sarafu faucet contract
 	>&2 echo "deploy token faucet contract"
-	DEV_FAUCET_ADDRESS=`sarafu-faucet-deploy $gas_price_arg -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -vv --account-index-address $DEV_ACCOUNT_INDEX_ADDRESS $DEV_RESERVE_ADDRESS`
-	eth-contract-registry-set $gas_price_arg -w -y $DEV_ETH_KEYSTORE_FILE -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv Faucet $DEV_FAUCET_ADDRESS
+	DEV_FAUCET_ADDRESS=`sarafu-faucet-deploy -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -v --account-index-address $DEV_ACCOUNT_INDEX_ADDRESS $DEV_RESERVE_ADDRESS`
+	eth-contract-registry-set -w -y $keystore_file -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv Faucet $DEV_FAUCET_ADDRESS
 	>&2 echo "set faucet as token minter"
-	giftable-token-minter $gas_price_arg -w -y $DEV_ETH_KEYSTORE_FILE -a $DEV_RESERVE_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv $DEV_FAUCET_ADDRESS
+	giftable-token-minter -w -y $keystore_file -a $DEV_RESERVE_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv $DEV_FAUCET_ADDRESS
 
 	>&2 echo "set token faucet amount"
-	sarafu-faucet-set $gas_price_arg -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -a $DEV_FAUCET_ADDRESS -vv $DEV_FAUCET_AMOUNT
+	sarafu-faucet-set -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -a $DEV_FAUCET_ADDRESS $faucet_amount
 
 
 else

apps/contract-migration/scripts/cic_meta/import_meta.js

@@ -3,11 +3,10 @@ const path = require('path');
 const http = require('http');
 
 const cic = require('cic-client-meta');
-const crdt = require('crdt-meta');
 
 //const conf = JSON.parse(fs.readFileSync('./cic.conf'));
 
-const config = new crdt.Config('./config');
+const config = new cic.Config('./config'); 
 config.process();
 console.log(config);
 
@@ -42,7 +41,7 @@ function sendit(uid, envelope) {
 }
 
 function doOne(keystore, filePath) {
-	const signer = new crdt.PGPSigner(keystore);
+	const signer = new cic.PGPSigner(keystore);
 	const parts = path.basename(filePath).split('.');
 	const ethereum_address = path.basename(parts[0]);
 
@@ -52,7 +51,7 @@ function doOne(keystore, filePath) {
 		//console.log(o);
 		fs.unlinkSync(filePath);
 
-		const s = new crdt.Syncable(uid, o);
+		const s = new cic.Syncable(uid, o);
 		s.setSigner(signer);
 		s.onwrap = (env) => {
 			sendit(uid, env);
@@ -66,7 +65,7 @@ const publicKeyPath = path.join(config.get('PGP_EXPORTS_DIR'), config.get('PGP_P
 pk = fs.readFileSync(privateKeyPath);
 pubk = fs.readFileSync(publicKeyPath);
 
-new crdt.PGPKeyStore(
+new cic.PGPKeyStore(
 	config.get('PGP_PASSPHRASE'),
 	pk,
 	pubk,

apps/contract-migration/scripts/cic_meta/import_meta_phone.js

@@ -4,11 +4,10 @@ const http = require('http');
 
 const cic = require('cic-client-meta');
 const vcfp = require('vcard-parser');
-const crdt = require('crdt-meta');
 
 //const conf = JSON.parse(fs.readFileSync('./cic.conf'));
 
-const config = new crdt.Config('./config');
+const config = new cic.Config('./config'); 
 config.process();
 console.log(config);
 
@@ -43,7 +42,7 @@ function sendit(uid, envelope) {
 }
 
 function doOne(keystore, filePath, address) {
-	const signer = new crdt.PGPSigner(keystore);
+	const signer = new cic.PGPSigner(keystore);
 
 	const j = JSON.parse(fs.readFileSync(filePath).toString());
 	const b = Buffer.from(j['vcard'], 'base64');
@@ -52,8 +51,9 @@ function doOne(keystore, filePath, address) {
 	const phone = o.tel[0].value;
 
 	cic.Phone.toKey(phone).then((uid) => {
+		const o = fs.readFileSync(filePath, 'utf-8');
 
-		const s = new crdt.Syncable(uid, address);
+		const s = new cic.Syncable(uid, o);
 		s.setSigner(signer);
 		s.onwrap = (env) => {
 			sendit(uid, env);
@@ -67,7 +67,7 @@ const publicKeyPath = path.join(config.get('PGP_EXPORTS_DIR'), config.get('PGP_P
 pk = fs.readFileSync(privateKeyPath);
 pubk = fs.readFileSync(publicKeyPath);
 
-new crdt.PGPKeyStore(
+new cic.PGPKeyStore(
 	config.get('PGP_PASSPHRASE'),
 	pk,
 	pubk,
@@ -123,7 +123,7 @@ function importMetaPhone(keystore) {
 		if (batchCount == batchSize) {
 			console.debug('reached batch size, breathing');
 			batchCount=0;
-			setTimeout(importMetaPhone, batchDelay, keystore);
+			setTimeout(importMeta, batchDelay, keystore);
 			return;
 		}
 	}

apps/contract-migration/scripts/package-lock.json

@@ -29,9 +29,9 @@
       }
     },
     "@types/node": {
-      "version": "14.14.39",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.14.39.tgz",
-      "integrity": "sha512-Qipn7rfTxGEDqZiezH+wxqWYR8vcXq5LRpZrETD19Gs4o8LbklbmqotSUsMU+s5G3PJwMRDfNEYoxrcBwIxOuw=="
+      "version": "14.14.41",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.14.41.tgz",
+      "integrity": "sha512-dueRKfaJL4RTtSa7bWeTK1M+VH+Gns73oCgzvYfHZywRCoPSd8EkXBL0mZ9unPTveBn+D9phZBaxuzpwjWkW0g=="
     },
     "@types/pbkdf2": {
       "version": "3.1.0",
@@ -297,15 +297,14 @@
       "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg=="
     },
     "cic-client-meta": {
-      "version": "0.0.7-alpha.8",
-      "resolved": "https://registry.npmjs.org/cic-client-meta/-/cic-client-meta-0.0.7-alpha.8.tgz",
-      "integrity": "sha512-NtU4b4dptG2gsKXIvAv1xCxxxhrr801tb8+Co1O+VLx+wvxFyPRxqa2f2eN5nrSnFnljNsWWpE6K5bJZb1+Rqw==",
+      "version": "0.0.7-alpha.6",
+      "resolved": "https://registry.npmjs.org/cic-client-meta/-/cic-client-meta-0.0.7-alpha.6.tgz",
+      "integrity": "sha512-oIN1aHkPHfsxJKDV6k4f1kX2tcppw3Q+D1b4BoPh0hYjNKNb7gImBMWnGsy8uiD9W6SNYE4sIXyrtct8mvrhsw==",
       "requires": {
         "@ethereumjs/tx": "^3.0.0-beta.1",
         "automerge": "^0.14.1",
-        "crdt-meta": "0.0.8",
         "ethereumjs-wallet": "^1.0.1",
-        "ini": "^1.3.8",
+        "ini": "^1.3.5",
         "openpgp": "^4.10.8",
         "pg": "^8.4.2",
         "sqlite3": "^5.0.0",
@@ -412,18 +411,6 @@
         "printj": "~1.1.0"
       }
     },
-    "crdt-meta": {
-      "version": "0.0.8",
-      "resolved": "https://registry.npmjs.org/crdt-meta/-/crdt-meta-0.0.8.tgz",
-      "integrity": "sha512-CS0sS0L2QWthz7vmu6vzl3p4kcpJ+IKILBJ4tbgN4A3iNG8wnBeuDIv/z3KFFQjcfuP4QAh6E9LywKUTxtDc3g==",
-      "requires": {
-        "automerge": "^0.14.2",
-        "ini": "^1.3.8",
-        "openpgp": "^4.10.8",
-        "pg": "^8.5.1",
-        "sqlite3": "^5.0.2"
-      }
-    },
     "create-hash": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",

apps/contract-migration/scripts/package.json

@@ -1,7 +1,6 @@
 {
   "dependencies": {
-    "cic-client-meta": "^0.0.7-alpha.8",
-    "crdt-meta": "0.0.8",
+    "cic-client-meta": "0.0.7-alpha.6",
     "vcard-parser": "^1.0.0"
   }
 }

apps/contract-migration/scripts/verify.py

@@ -345,11 +345,12 @@ class Verifier:
         address_recovered = address_recovered.replace('"', '')
 
         try:
-            upper_address_recovered = strip_0x(address_recovered).upper()
+            address = strip_0x(address)
+            address_recovered = strip_0x(address_recovered)
         except ValueError:
             raise VerifierError(address_recovered, 'metadata (phone) address {} address recovered {}'.format(address, address_recovered))
 
-        if upper_address != upper_address_recovered:
+        if address != address_recovered:
             raise VerifierError(address_recovered, 'metadata (phone)')
 
 

apps/util/liveness/MANIFEST.in

@@ -0,0 +1 @@
+include *health*.sh

apps/util/liveness/Makefile

@@ -0,0 +1,10 @@
+docs:
+	mkdir -p doc/texinfo/html
+	makeinfo doc/texinfo/index.texi --html -o doc/texinfo/html/
+
+markdown: doc
+	pandoc -f html -t markdown --standalone doc/texinfo/html/liveness.html -o README.md
+
+
+.PHONY dist:
+	python setup.py sdist

apps/util/liveness/README.md

@@ -0,0 +1,105 @@
+---
+description: liveness (Untitled Document)
+distribution: global
+Generator: makeinfo
+keywords: liveness (Untitled Document)
+lang: en
+resource-type: document
+title: liveness (Untitled Document)
+---
+
+[]{#liveness}[]{#liveness-1}
+
+## 1 liveness {#liveness .chapter}
+
+[]{#ilveness_005foverview}[]{#Overview}
+
+### 1.1 Overview {#overview .section}
+
+This is a cluster-specific convenience setup for enabling a
+Kubernetes-style liveness/readiness test as outlined in
+<https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>.
+
+Conceptually, it provides an application with means to:
+
+-   Run a collection of functions to validate sanity of the environment
+-   Set a no-error state before execution of the main routine
+-   Modify the error state during execution
+-   Invalidating all state when execution ends
+
+[]{#Python-module}
+
+### 1.2 Python module {#python-module .section}
+
+Three python methods are provided.
+
+[]{#load}
+
+#### 1.2.1 load {#load .subsection}
+
+This is meant to be called after configurations and environment has been
+set up, but before the execution logic has commenced.
+
+It receives a list of externally defined fully-qualified python modules.
+Each of these modules must implement the method `health(*args,**kwargs)`
+in its global namespace.
+
+Any module returning `False` will cause a `RuntimeException`.
+
+The component will not trap any other exception from the modules.
+
+If successful, it will write the `pid` of the application to the
+specified run data folder. By default this is `/run/<HOSTNAME>`, but the
+path can be modified if desired.
+
+[]{#set}
+
+#### 1.2.2 set {#set .subsection}
+
+This is meant to be called during the execution of the main program
+routine begins.
+
+[]{#at-startup}
+
+#### 1.2.2.1 at startup {#at-startup .subsubsection}
+
+It should be called once at the *start* of execution of the main program
+routine.
+
+For one-shot routines, this would mean the start of any code only run
+when the module name is `__main__`.
+
+For daemons, it would be just before handing over execution to the main
+loop.
+
+[]{#during-execution}
+
+#### 1.2.2.2 during execution {#during-execution .subsubsection}
+
+Call `set(error_code=<error>, ...` any time the health state temporarily
+changes. Any `error` value other than `0` is considered an unhealthy
+state.
+
+[]{#at-shutdown}
+
+#### 1.2.2.3 at shutdown {#at-shutdown .subsubsection}
+
+Call `reset(...)`, which will indicate that the state is to be
+considered the same as at startup.
+
+[]{#shell}
+
+### 1.3 shell {#shell .section}
+
+A bash script is provided for *Kubernetes* to perform the health check.
+
+It performs the following checks:
+
+1.  A numeric value exists in `<rundir>/<unitname>/pid`{.sample}.
+2.  The numeric value is a directory in `/proc`{.sample} (a valid pid)
+3.  The file `<rundir>/<unitname>/error`{.sample} contains \"0\"
+
+If any of these checks fail should inditcate that the container is
+unhealthy.
+
+------------------------------------------------------------------------

apps/util/liveness/doc/texinfo/index.texi

@@ -0,0 +1,71 @@
+@node liveness
+@chapter liveness
+
+@anchor{ilveness_overview}
+@section Overview
+
+This is a cluster-specific convenience setup for enabling a Kubernetes-style liveness/readiness test as outlined in @url{https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/}.
+
+Conceptually, it provides an application with means to:
+
+@itemize
+@item Run a collection of functions to validate sanity of the environment
+@item Set a no-error state before execution of the main routine
+@item Modify the error state during execution
+@item Invalidating all state when execution ends
+@end itemize
+
+
+@section Python module
+
+Three python methods are provided.
+
+@subsection load
+
+This is meant to be called after configurations and environment has been set up, but before the execution logic has commenced.
+
+It receives a list of externally defined fully-qualified python modules. Each of these modules must implement the method @code{health(*args,**kwargs)} in its global namespace.
+
+Any module returning @code{False} will cause a @code{RuntimeException}.
+
+The component will not trap any other exception from the modules.
+
+If successful, it will write the @code{pid}  of the application to the specified run data folder. By default this is @code{/run/<HOSTNAME>}, but the path can be modified if desired.
+
+
+@subsection set
+
+This is meant to be called during the execution of the main program routine begins.
+
+@subsubsection at startup
+
+It should be called once at the @emph{start} of execution of the main program routine.
+
+For one-shot routines, this would mean the start of any code only run when the module name is @code{__main__}. 
+
+For daemons, it would be just before handing over execution to the main loop.
+
+
+@subsubsection during execution
+
+Call @code{set(error_code=<error>, ...} any time the health state temporarily changes. Any @code{error} value other than @code{0} is considered an unhealthy state.
+
+
+@subsubsection at shutdown
+
+Call @code{reset(...)}, which will indicate that the state is to be considered the same as at startup.
+
+
+@section shell
+
+A bash script is provided for @emph{Kubernetes} to perform the health check. 
+
+It performs the following checks:
+
+@enumerate
+@item A numeric value exists in @file{<rundir>/<unitname>/pid}.
+@item The numeric value is a directory in @file{/proc} (a valid pid)
+@item The file @file{<rundir>/<unitname>/error} contains "0"
+@end enumerate
+
+If any of these checks fail should inditcate that the container is unhealthy.

apps/util/liveness/health.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+rundir=${CIC_RUNDIR:-/run}
+unit=${CIC_UNIT:-$HOSTNAME}
+
+read p < $rundir/$unit/pid
+
+if [ -z $p ]; then
+	>&2 echo unit $unit has no pid
+	exit 1
+fi
+
+if [ ! -d /proc/$p ]; then
+	>&2 echo unit $unit reports non-existent pid $p
+	exit 1
+fi	
+
+>&2 echo unit $unit has pid $p
+
+if [ ! -f $rundir/$unit/error ]; then
+	>&2 echo unit $unit has unspecified state
+	exit 1
+fi
+
+read e 2> /dev/null < $rundir/$unit/error 
+if [ -z $e ]; then
+	>&2 echo unit $unit has unspecified state
+	exit 1
+fi
+
+>&2 echo unit $unit has error $e
+
+if [ $e -gt 0 ]; then
+	exit 1;
+fi

apps/util/liveness/liveness/linux.py

@@ -0,0 +1,61 @@
+# standard imports
+import importlib
+import sys
+import os
+import logging
+
+logg = logging.getLogger().getChild(__name__)
+
+pid = os.getpid()
+
+default_namespace = os.environ.get('LIVENESS_UNIT_NAME')
+if default_namespace == None:
+    import socket
+    default_namespace = socket.gethostname()
+
+
+def check_by_module(checks, *args, **kwargs):
+    for check in checks:
+        r = check.health(args, kwargs)
+        if r == False:
+            raise RuntimeError('liveness check {} failed'.format(str(check)))
+        logg.info('liveness check passed: {}'.format(str(check)))
+
+
+def check_by_string(check_strs, *args, **kwargs):
+    checks = []
+    for m in check_strs:
+        logg.debug('added liveness check: {}'.format(str(m)))
+        module = importlib.import_module(m)
+        checks.append(module)
+    return check_by_module(checks, args, kwargs)
+   
+
+def load(check_strs, namespace=default_namespace, rundir='/run', *args, **kwargs):
+
+    if namespace == None:
+        import socket
+        namespace = socket.gethostname()
+
+    check_by_string(check_strs)
+
+    logg.info('pid ' + str(pid))
+
+    app_rundir = os.path.join(rundir, namespace)
+    os.makedirs(app_rundir, exist_ok=True) # should not already exist
+    f = open(os.path.join(app_rundir, 'pid'), 'w')
+    f.write(str(pid))
+    f.close()
+
+
+def set(error=0, namespace=default_namespace, rundir='/run'):
+    app_rundir = os.path.join(rundir, namespace)
+    f = open(os.path.join(app_rundir, 'error'), 'w')
+    f.write(str(error))
+    f.close()
+
+
+def reset(namespace=default_namespace, rundir='/run'):
+    app_rundir = os.path.join(rundir, namespace)
+    os.unlink(os.path.join(app_rundir, 'pid'))
+    os.unlink(os.path.join(app_rundir, 'error'))

apps/util/liveness/setup.py

@@ -0,0 +1,7 @@
+from setuptools import setup
+setup(
+        name='liveness',
+        version='0.0.1a6',
+        packages=['liveness'],
+        include_package_data=True,
+        )

apps/util/liveness/test_health.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+export CIC_RUNDIR=`realpath ./tests/testdata/run`
+t=`mktemp -d -p $CIC_RUNDIR`
+export CIC_UNIT=`basename $t`
+
+>&2 echo test pid $$
+echo $$ > $t/pid
+echo 0 > $t/error
+
+. health.sh
+
+echo 1 > $t/error
+#unlink $t/error
+. health.sh
+
+echo if error this is not printed

apps/util/liveness/tests/imports/import_args.py

@@ -0,0 +1,8 @@
+a = ['foo']
+kw = {
+    'bar': 42,
+        }
+
+def health(*args, **kwargs):
+    args[0] == a[0]
+    kwargs['bar'] = kw['bar']

apps/util/liveness/tests/imports/import_false.py

@@ -0,0 +1,2 @@
+def health(*args, **kwargs):
+    return False

apps/util/liveness/tests/imports/import_true.py

@@ -0,0 +1,2 @@
+def health(*args, **kwargs):
+    return True

apps/util/liveness/tests/test_imports.py

@@ -0,0 +1,127 @@
+# standard imports
+import os
+import unittest
+import logging
+import tempfile
+import socket
+
+# local imports
+import liveness.linux 
+
+## test imports
+import tests.imports
+
+
+logging.basicConfig(level=logging.DEBUG)
+logg = logging.getLogger()
+script_dir = os.path.realpath(os.path.dirname(__file__))
+data_dir = os.path.join(script_dir, 'testdata')
+run_base_dir = os.path.join(data_dir, 'run')
+
+
+class TestImports(unittest.TestCase):
+
+    def setUp(self):
+        os.makedirs(run_base_dir, exist_ok=True)
+        self.run_dir = tempfile.mkdtemp(dir=run_base_dir)
+        self.unit = 'unittest'
+        self.unit_dir = os.path.join(self.run_dir, self.unit)
+        self.pid_path = os.path.join(self.unit_dir, 'pid')
+        self.error_path = os.path.join(self.unit_dir, 'error')
+        self.host_path = os.path.join(self.run_dir, socket.gethostname())
+
+
+    def test_no_import(self):
+        liveness.linux.load([], namespace=self.unit, rundir=self.run_dir)
+        f = open(self.pid_path, 'r')
+        r = f.read()
+        f.close()
+        self.assertEqual(str(os.getpid()), r)
+
+ 
+    def test_hostname(self):
+        liveness.linux.load([], rundir=self.run_dir)
+        f = open(os.path.join(self.host_path, 'pid'), 'r')
+        r = f.read()
+        f.close()
+        self.assertEqual(str(os.getpid()), r)
+
+   
+    def test_import_single_true(self):
+        checks = ['tests.imports.import_true']
+        liveness.linux.load(checks, namespace=self.unit, rundir=self.run_dir)
+        f = open(self.pid_path, 'r')
+        r = f.read()
+        f.close()
+        self.assertEqual(str(os.getpid()), r)
+
+
+    def test_import_single_false(self):
+        checks = ['tests.imports.import_false']
+        with self.assertRaises(RuntimeError):
+            liveness.linux.load(checks, namespace=self.unit, rundir=self.run_dir)
+        with self.assertRaises(FileNotFoundError):
+            os.stat(self.pid_path)
+
+
+    def test_import_false_then_true(self):
+        checks = ['tests.imports.import_false', 'tests.imports.import_true']
+        with self.assertRaises(RuntimeError):
+            liveness.linux.load(checks, namespace=self.unit, rundir=self.run_dir)
+        with self.assertRaises(FileNotFoundError):
+            os.stat(self.pid_path)
+
+
+    def test_import_multiple_true(self):
+        checks = ['tests.imports.import_true', 'tests.imports.import_true']
+        liveness.linux.load(checks, namespace=self.unit, rundir=self.run_dir)
+        f = open(self.pid_path, 'r')
+        r = f.read()
+        f.close()
+        self.assertEqual(str(os.getpid()), r)
+
+
+    def test_set(self):
+        liveness.linux.load([], namespace='unittest', rundir=self.run_dir)
+        liveness.linux.set(namespace='unittest', rundir=self.run_dir)
+        f = open(self.error_path, 'r')
+        r = f.read()
+        f.close()
+        self.assertEqual('0', r)
+
+        liveness.linux.set(error=42, namespace='unittest', rundir=self.run_dir)
+        f = open(self.error_path, 'r')
+        r = f.read()
+        f.close()
+        self.assertEqual('42', r)
+
+        liveness.linux.reset(namespace='unittest', rundir=self.run_dir)
+        with self.assertRaises(FileNotFoundError):
+            os.stat(self.error_path)
+            
+
+    def test_set_hostname(self):
+        liveness.linux.load([], rundir=self.run_dir)
+        liveness.linux.set(rundir=self.run_dir)
+        error_path = os.path.join(self.host_path, 'error')
+        f = open(error_path, 'r')
+        r = f.read()
+        f.close()
+        self.assertEqual('0', r)
+
+        liveness.linux.reset(rundir=self.run_dir)
+        with self.assertRaises(FileNotFoundError):
+            os.stat(error_path)
+    
+
+    def test_args(self):
+        checks = ['tests.imports.import_args']
+        liveness.linux.load(checks, namespace=self.unit, rundir=self.run_dir, args=['foo'], kwargs={'bar': 42})
+        f = open(self.pid_path, 'r')
+        r = f.read()
+        f.close()
+        self.assertEqual(str(os.getpid()), r)
+
+
+if __name__ == '__main__':
+    unittest.main()

docker-compose.yml

@@ -85,7 +85,6 @@ services:
       # ETH_PROVIDER should be broken out into host/port but cic-eth expects this
       ETH_PROVIDER: http://eth:8545
       # And these two are for wait-for-it (could parse this)
-      DEV_USE_DOCKER_WAIT_SCRIPT: 1
       ETH_PROVIDER_HOST: eth 
       ETH_PROVIDER_PORT: 8545
       CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-evm:bloxberg:8996}
@@ -104,9 +103,6 @@ services:
       DEV_PIP_EXTRA_INDEX_URL: ${DEV_PIP_EXTRA_INDEX_URL:-https://pip.grassrootseconomics.net:8433}
       RUN_MASK: ${RUN_MASK:-0} # bit flags; 1: contract migrations 2: seed data
       DEV_FAUCET_AMOUNT: ${DEV_FAUCET_AMOUNT:-0}
-      DEV_TOKEN_TYPE: ${DEV_TOKEN_TYPE:-giftable}
-      DEV_SARAFU_DEMURRAGE_LEVEL: ${DEV_SARAFU_DEMURRAGE_LEVEL:-196454828847045000000000000000000}
-      DEV_ETH_GAS_PRICE: ${DEV_ETH_GAS_PRICE:-1}
     command: ["./run_job.sh"]
         #command: ["./reset.sh"]
     depends_on: