feat (devops): add local image build for releases

* this script is specifically for releases only (alt to ci)
* make sure to bump the tag after it is run

.gitlab-ci.yml

@@ -10,6 +10,7 @@ include:
     #- local: 'apps/data-seeding/.gitlab-ci.yml'
 
 stages:
+  - version
   - build
   - test
   - deploy
@@ -20,9 +21,41 @@ variables:
   DOCKER_BUILDKIT: "1"
   COMPOSE_DOCKER_CLI_BUILD: "1"
   CI_DEBUG_TRACE: "true"
+  SEMVERBOT_VERSION: "0.2.0"
 
-before_script:
-    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+  #before_script:
+  #  - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+
+version:
+  #image: python:3.7-stretch
+  image: registry.gitlab.com/grassrootseconomics/cic-base-images/ci-version:b01318ae 
+  stage: version
+  tags:
+    - integration
+  script:
+    - mkdir -p ~/.ssh && chmod 700 ~/.ssh
+    - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts && chmod 644 ~/.ssh/known_hosts
+    - eval $(ssh-agent -s)
+    - ssh-add <(echo "$SSH_PRIVATE_KEY")
+    - git remote set-url origin git@gitlab.com:grassrootseconomics/cic-internal-integration.git
+    - export TAG=$(sbot predict version -m auto)
+    - |
+      if [[ -z $TAG ]]
+      then
+        echo "tag could not be set $@"
+        exit 1
+      fi
+    - echo $TAG > version
+    - git tag -a v$TAG -m "ci tagged"
+    - git push origin v$TAG
+  artifacts:
+    paths:
+      - version
+  rules:
+  - if: $CI_COMMIT_REF_PROTECTED == "true"
+    when: always
+  - if: $CI_COMMIT_REF_NAME == "master"
+    when: always
 
 # runs on protected branches and pushes to repo
 build-push:
@@ -30,12 +63,17 @@ build-push:
   tags:
     - integration
   #script:
-  #  - TAG=$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA sh ./scripts/build-push.sh
+  #  - TAG=$CI_Cbefore_script:
+  before_script:
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
   script:
-    - TAG=latest sh ./scripts/build-push.sh
+    - TAG=latest ./scripts/build-push.sh
+    - TAG=$(cat ./version) ./scripts/build-push.sh
   rules:
   - if: $CI_COMMIT_REF_PROTECTED == "true"
     when: always
+  - if: $CI_COMMIT_REF_NAME == "master"
+    when: always
 
 deploy-dev:
   stage: deploy

.gitlab/issue_templates/bug.md

@@ -0,0 +1,44 @@
+<!---
+Please read this!
+
+Before opening a new issue, make sure to search for keywords in the issues
+filtered by the "bug" label:
+
+- https://gitlab.com/groups/grassrootseconomics/-/issues?scope=all&state=all&label_name[]=bug
+
+and verify the issue you're about to submit isn't a duplicate.
+--->
+
+### Summary
+
+<!-- Summarize the bug encountered concisely. -->
+
+### Steps to reproduce
+
+<!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. -->
+
+### Example Project
+
+<!-- If possible, please create an example project here on GitLab.com that exhibits the problematic 
+behavior, and link to it here in the bug report. If you are using an older version of GitLab, this 
+will also determine whether the bug is fixed in a more recent version. -->
+
+### What is the current *bug* behavior?
+
+<!-- Describe what actually happens. -->
+
+### What is the expected *correct* behavior?
+
+<!-- Describe what you should see instead. -->
+
+### Relevant logs and/or screenshots
+
+<!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code
+ as it's tough to read otherwise. -->
+
+
+### Possible fixes
+
+<!-- If you can, link to the line of code that might be responsible for the problem. -->
+
+/label ~"bug"

.semverbot.toml

@@ -0,0 +1,16 @@
+[git]
+
+[git.config]
+email = "semverbot@grassroots.org"
+name = "semvervot"
+
+[git.tags]
+prefix = "v"
+
+[semver]
+mode = "git-commit"
+
+[semver.detection]
+patch = ["fix", "[fix]", "patch", "[patch]"]
+minor = ["minor", "[minor]", "feat", "[feat]", "release", "[release]", "bump", "[bump]"]
+major = ["BREAKING CHANGE"]

CODE_OF_CONDUCT.md

@@ -0,0 +1,83 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to make participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all project spaces, and it also applies when
+an individual is representing the project or its community in public spaces.
+Examples of representing a project or community include using an official
+project e-mail address, posting via an official social media account, or acting
+as an appointed representative at an online or offline event. Representation of
+a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at [INSERT EMAIL ADDRESS]. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq
+
+
+
+
+...Try to keep in mind the immortal
+words of Bill and Ted, "Be excellent to each other."
+

CONTRIBUTING.md

@@ -0,0 +1,16 @@
+Hello and welcome to the CIC Stack repository. Targeted for use with the ethereum virtual machine and a ussd capable telecom provider. 
+
+__To request a change to the code please fork this repository and sumbit a merge request.__
+
+__If there is a Grassroots Economics Kanban Issue please include that in our MR it will help us track contributions. Karibu sana!__
+
+__Visit the Development Kanban board here: https://gitlab.com/grassrootseconomics/cic-internal-integration/-/boards/2419764__
+
+__Ask a question in our dev chat:__
+
+[Mattermost](https://chat.grassrootseconomics.net/cic/channels/dev)
+
+[Discord](https://discord.gg/XWunwAsX)
+
+[Matrix, IRC soon?]
+

LICENSE

@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    cic-internal-integration
+    Copyright (C) 2021  Grassroots Economics
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

README.md

@@ -4,6 +4,7 @@
 
 This repo uses docker-compose and docker buildkit. Set the following environment variables to get started:
 
+
 ```
 export COMPOSE_DOCKER_CLI_BUILD=1
 export DOCKER_BUILDKIT=1

apps/cic-base-os/aux/wait-for-it/.gitignore

@@ -0,0 +1,3 @@
+**/*.pyc
+.pydevproject
+/vendor/

apps/cic-base-os/aux/wait-for-it/.travis.yml

@@ -0,0 +1,7 @@
+language: python
+python:
+  - "2.7"
+
+script:
+  - python test/wait-for-it.py
+

apps/cic-base-os/aux/wait-for-it/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+Copyright (c) 2016 Giles Hall
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

apps/cic-base-os/aux/wait-for-it/README.md

@@ -0,0 +1,75 @@
+# wait-for-it
+
+`wait-for-it.sh` is a pure bash script that will wait on the availability of a
+host and TCP port.  It is useful for synchronizing the spin-up of
+interdependent services, such as linked docker containers.  Since it is a pure
+bash script, it does not have any external dependencies.
+
+## Usage
+
+```text
+wait-for-it.sh host:port [-s] [-t timeout] [-- command args]
+-h HOST | --host=HOST       Host or IP under test
+-p PORT | --port=PORT       TCP port under test
+                            Alternatively, you specify the host and port as host:port
+-s | --strict               Only execute subcommand if the test succeeds
+-q | --quiet                Don't output any status messages
+-t TIMEOUT | --timeout=TIMEOUT
+                            Timeout in seconds, zero for no timeout
+-- COMMAND ARGS             Execute command with args after the test finishes
+```
+
+## Examples
+
+For example, let's test to see if we can access port 80 on `www.google.com`,
+and if it is available, echo the message `google is up`.
+
+```text
+$ ./wait-for-it.sh www.google.com:80 -- echo "google is up"
+wait-for-it.sh: waiting 15 seconds for www.google.com:80
+wait-for-it.sh: www.google.com:80 is available after 0 seconds
+google is up
+```
+
+You can set your own timeout with the `-t` or `--timeout=` option.  Setting
+the timeout value to 0 will disable the timeout:
+
+```text
+$ ./wait-for-it.sh -t 0 www.google.com:80 -- echo "google is up"
+wait-for-it.sh: waiting for www.google.com:80 without a timeout
+wait-for-it.sh: www.google.com:80 is available after 0 seconds
+google is up
+```
+
+The subcommand will be executed regardless if the service is up or not.  If you
+wish to execute the subcommand only if the service is up, add the `--strict`
+argument. In this example, we will test port 81 on `www.google.com` which will
+fail:
+
+```text
+$ ./wait-for-it.sh www.google.com:81 --timeout=1 --strict -- echo "google is up"
+wait-for-it.sh: waiting 1 seconds for www.google.com:81
+wait-for-it.sh: timeout occurred after waiting 1 seconds for www.google.com:81
+wait-for-it.sh: strict mode, refusing to execute subprocess
+```
+
+If you don't want to execute a subcommand, leave off the `--` argument.  This
+way, you can test the exit condition of `wait-for-it.sh` in your own scripts,
+and determine how to proceed:
+
+```text
+$ ./wait-for-it.sh www.google.com:80
+wait-for-it.sh: waiting 15 seconds for www.google.com:80
+wait-for-it.sh: www.google.com:80 is available after 0 seconds
+$ echo $?
+0
+$ ./wait-for-it.sh www.google.com:81
+wait-for-it.sh: waiting 15 seconds for www.google.com:81
+wait-for-it.sh: timeout occurred after waiting 15 seconds for www.google.com:81
+$ echo $?
+124
+```
+
+## Community
+
+*Debian*: There is a [Debian package](https://tracker.debian.org/pkg/wait-for-it).

apps/cic-base-os/aux/wait-for-it/wait-for-it.sh

@@ -0,0 +1,182 @@
+#!/usr/bin/env bash
+# Use this script to test if a given TCP host/port are available
+
+WAITFORIT_cmdname=${0##*/}
+
+echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }
+
+usage()
+{
+    cat << USAGE >&2
+Usage:
+    $WAITFORIT_cmdname host:port [-s] [-t timeout] [-- command args]
+    -h HOST | --host=HOST       Host or IP under test
+    -p PORT | --port=PORT       TCP port under test
+                                Alternatively, you specify the host and port as host:port
+    -s | --strict               Only execute subcommand if the test succeeds
+    -q | --quiet                Don't output any status messages
+    -t TIMEOUT | --timeout=TIMEOUT
+                                Timeout in seconds, zero for no timeout
+    -- COMMAND ARGS             Execute command with args after the test finishes
+USAGE
+    exit 1
+}
+
+wait_for()
+{
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    else
+        echoerr "$WAITFORIT_cmdname: waiting for $WAITFORIT_HOST:$WAITFORIT_PORT without a timeout"
+    fi
+    WAITFORIT_start_ts=$(date +%s)
+    while :
+    do
+        if [[ $WAITFORIT_ISBUSY -eq 1 ]]; then
+            nc -z $WAITFORIT_HOST $WAITFORIT_PORT
+            WAITFORIT_result=$?
+        else
+            (echo -n > /dev/tcp/$WAITFORIT_HOST/$WAITFORIT_PORT) >/dev/null 2>&1
+            WAITFORIT_result=$?
+        fi
+        if [[ $WAITFORIT_result -eq 0 ]]; then
+            WAITFORIT_end_ts=$(date +%s)
+            echoerr "$WAITFORIT_cmdname: $WAITFORIT_HOST:$WAITFORIT_PORT is available after $((WAITFORIT_end_ts - WAITFORIT_start_ts)) seconds"
+            break
+        fi
+        sleep 1
+    done
+    return $WAITFORIT_result
+}
+
+wait_for_wrapper()
+{
+    # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
+    if [[ $WAITFORIT_QUIET -eq 1 ]]; then
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --quiet --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    else
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    fi
+    WAITFORIT_PID=$!
+    trap "kill -INT -$WAITFORIT_PID" INT
+    wait $WAITFORIT_PID
+    WAITFORIT_RESULT=$?
+    if [[ $WAITFORIT_RESULT -ne 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: timeout occurred after waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    fi
+    return $WAITFORIT_RESULT
+}
+
+# process arguments
+while [[ $# -gt 0 ]]
+do
+    case "$1" in
+        *:* )
+        WAITFORIT_hostport=(${1//:/ })
+        WAITFORIT_HOST=${WAITFORIT_hostport[0]}
+        WAITFORIT_PORT=${WAITFORIT_hostport[1]}
+        shift 1
+        ;;
+        --child)
+        WAITFORIT_CHILD=1
+        shift 1
+        ;;
+        -q | --quiet)
+        WAITFORIT_QUIET=1
+        shift 1
+        ;;
+        -s | --strict)
+        WAITFORIT_STRICT=1
+        shift 1
+        ;;
+        -h)
+        WAITFORIT_HOST="$2"
+        if [[ $WAITFORIT_HOST == "" ]]; then break; fi
+        shift 2
+        ;;
+        --host=*)
+        WAITFORIT_HOST="${1#*=}"
+        shift 1
+        ;;
+        -p)
+        WAITFORIT_PORT="$2"
+        if [[ $WAITFORIT_PORT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --port=*)
+        WAITFORIT_PORT="${1#*=}"
+        shift 1
+        ;;
+        -t)
+        WAITFORIT_TIMEOUT="$2"
+        if [[ $WAITFORIT_TIMEOUT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --timeout=*)
+        WAITFORIT_TIMEOUT="${1#*=}"
+        shift 1
+        ;;
+        --)
+        shift
+        WAITFORIT_CLI=("$@")
+        break
+        ;;
+        --help)
+        usage
+        ;;
+        *)
+        echoerr "Unknown argument: $1"
+        usage
+        ;;
+    esac
+done
+
+if [[ "$WAITFORIT_HOST" == "" || "$WAITFORIT_PORT" == "" ]]; then
+    echoerr "Error: you need to provide a host and port to test."
+    usage
+fi
+
+WAITFORIT_TIMEOUT=${WAITFORIT_TIMEOUT:-15}
+WAITFORIT_STRICT=${WAITFORIT_STRICT:-0}
+WAITFORIT_CHILD=${WAITFORIT_CHILD:-0}
+WAITFORIT_QUIET=${WAITFORIT_QUIET:-0}
+
+# Check to see if timeout is from busybox?
+WAITFORIT_TIMEOUT_PATH=$(type -p timeout)
+WAITFORIT_TIMEOUT_PATH=$(realpath $WAITFORIT_TIMEOUT_PATH 2>/dev/null || readlink -f $WAITFORIT_TIMEOUT_PATH)
+
+WAITFORIT_BUSYTIMEFLAG=""
+if [[ $WAITFORIT_TIMEOUT_PATH =~ "busybox" ]]; then
+    WAITFORIT_ISBUSY=1
+    # Check if busybox timeout uses -t flag
+    # (recent Alpine versions don't support -t anymore)
+    if timeout &>/dev/stdout | grep -q -e '-t '; then
+        WAITFORIT_BUSYTIMEFLAG="-t"
+    fi
+else
+    WAITFORIT_ISBUSY=0
+fi
+
+if [[ $WAITFORIT_CHILD -gt 0 ]]; then
+    wait_for
+    WAITFORIT_RESULT=$?
+    exit $WAITFORIT_RESULT
+else
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        wait_for_wrapper
+        WAITFORIT_RESULT=$?
+    else
+        wait_for
+        WAITFORIT_RESULT=$?
+    fi
+fi
+
+if [[ $WAITFORIT_CLI != "" ]]; then
+    if [[ $WAITFORIT_RESULT -ne 0 && $WAITFORIT_STRICT -eq 1 ]]; then
+        echoerr "$WAITFORIT_cmdname: strict mode, refusing to execute subprocess"
+        exit $WAITFORIT_RESULT
+    fi
+    exec "${WAITFORIT_CLI[@]}"
+else
+    exit $WAITFORIT_RESULT
+fi

apps/cic-cache/aux/wait-for-it/.gitignore

@@ -0,0 +1,3 @@
+**/*.pyc
+.pydevproject
+/vendor/

apps/cic-cache/aux/wait-for-it/.travis.yml

@@ -0,0 +1,7 @@
+language: python
+python:
+  - "2.7"
+
+script:
+  - python test/wait-for-it.py
+

apps/cic-cache/aux/wait-for-it/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+Copyright (c) 2016 Giles Hall
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

apps/cic-cache/aux/wait-for-it/README.md

@@ -0,0 +1,75 @@
+# wait-for-it
+
+`wait-for-it.sh` is a pure bash script that will wait on the availability of a
+host and TCP port.  It is useful for synchronizing the spin-up of
+interdependent services, such as linked docker containers.  Since it is a pure
+bash script, it does not have any external dependencies.
+
+## Usage
+
+```text
+wait-for-it.sh host:port [-s] [-t timeout] [-- command args]
+-h HOST | --host=HOST       Host or IP under test
+-p PORT | --port=PORT       TCP port under test
+                            Alternatively, you specify the host and port as host:port
+-s | --strict               Only execute subcommand if the test succeeds
+-q | --quiet                Don't output any status messages
+-t TIMEOUT | --timeout=TIMEOUT
+                            Timeout in seconds, zero for no timeout
+-- COMMAND ARGS             Execute command with args after the test finishes
+```
+
+## Examples
+
+For example, let's test to see if we can access port 80 on `www.google.com`,
+and if it is available, echo the message `google is up`.
+
+```text
+$ ./wait-for-it.sh www.google.com:80 -- echo "google is up"
+wait-for-it.sh: waiting 15 seconds for www.google.com:80
+wait-for-it.sh: www.google.com:80 is available after 0 seconds
+google is up
+```
+
+You can set your own timeout with the `-t` or `--timeout=` option.  Setting
+the timeout value to 0 will disable the timeout:
+
+```text
+$ ./wait-for-it.sh -t 0 www.google.com:80 -- echo "google is up"
+wait-for-it.sh: waiting for www.google.com:80 without a timeout
+wait-for-it.sh: www.google.com:80 is available after 0 seconds
+google is up
+```
+
+The subcommand will be executed regardless if the service is up or not.  If you
+wish to execute the subcommand only if the service is up, add the `--strict`
+argument. In this example, we will test port 81 on `www.google.com` which will
+fail:
+
+```text
+$ ./wait-for-it.sh www.google.com:81 --timeout=1 --strict -- echo "google is up"
+wait-for-it.sh: waiting 1 seconds for www.google.com:81
+wait-for-it.sh: timeout occurred after waiting 1 seconds for www.google.com:81
+wait-for-it.sh: strict mode, refusing to execute subprocess
+```
+
+If you don't want to execute a subcommand, leave off the `--` argument.  This
+way, you can test the exit condition of `wait-for-it.sh` in your own scripts,
+and determine how to proceed:
+
+```text
+$ ./wait-for-it.sh www.google.com:80
+wait-for-it.sh: waiting 15 seconds for www.google.com:80
+wait-for-it.sh: www.google.com:80 is available after 0 seconds
+$ echo $?
+0
+$ ./wait-for-it.sh www.google.com:81
+wait-for-it.sh: waiting 15 seconds for www.google.com:81
+wait-for-it.sh: timeout occurred after waiting 15 seconds for www.google.com:81
+$ echo $?
+124
+```
+
+## Community
+
+*Debian*: There is a [Debian package](https://tracker.debian.org/pkg/wait-for-it).

apps/cic-cache/aux/wait-for-it/wait-for-it.sh

@@ -0,0 +1,182 @@
+#!/usr/bin/env bash
+# Use this script to test if a given TCP host/port are available
+
+WAITFORIT_cmdname=${0##*/}
+
+echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }
+
+usage()
+{
+    cat << USAGE >&2
+Usage:
+    $WAITFORIT_cmdname host:port [-s] [-t timeout] [-- command args]
+    -h HOST | --host=HOST       Host or IP under test
+    -p PORT | --port=PORT       TCP port under test
+                                Alternatively, you specify the host and port as host:port
+    -s | --strict               Only execute subcommand if the test succeeds
+    -q | --quiet                Don't output any status messages
+    -t TIMEOUT | --timeout=TIMEOUT
+                                Timeout in seconds, zero for no timeout
+    -- COMMAND ARGS             Execute command with args after the test finishes
+USAGE
+    exit 1
+}
+
+wait_for()
+{
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    else
+        echoerr "$WAITFORIT_cmdname: waiting for $WAITFORIT_HOST:$WAITFORIT_PORT without a timeout"
+    fi
+    WAITFORIT_start_ts=$(date +%s)
+    while :
+    do
+        if [[ $WAITFORIT_ISBUSY -eq 1 ]]; then
+            nc -z $WAITFORIT_HOST $WAITFORIT_PORT
+            WAITFORIT_result=$?
+        else
+            (echo -n > /dev/tcp/$WAITFORIT_HOST/$WAITFORIT_PORT) >/dev/null 2>&1
+            WAITFORIT_result=$?
+        fi
+        if [[ $WAITFORIT_result -eq 0 ]]; then
+            WAITFORIT_end_ts=$(date +%s)
+            echoerr "$WAITFORIT_cmdname: $WAITFORIT_HOST:$WAITFORIT_PORT is available after $((WAITFORIT_end_ts - WAITFORIT_start_ts)) seconds"
+            break
+        fi
+        sleep 1
+    done
+    return $WAITFORIT_result
+}
+
+wait_for_wrapper()
+{
+    # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
+    if [[ $WAITFORIT_QUIET -eq 1 ]]; then
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --quiet --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    else
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    fi
+    WAITFORIT_PID=$!
+    trap "kill -INT -$WAITFORIT_PID" INT
+    wait $WAITFORIT_PID
+    WAITFORIT_RESULT=$?
+    if [[ $WAITFORIT_RESULT -ne 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: timeout occurred after waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    fi
+    return $WAITFORIT_RESULT
+}
+
+# process arguments
+while [[ $# -gt 0 ]]
+do
+    case "$1" in
+        *:* )
+        WAITFORIT_hostport=(${1//:/ })
+        WAITFORIT_HOST=${WAITFORIT_hostport[0]}
+        WAITFORIT_PORT=${WAITFORIT_hostport[1]}
+        shift 1
+        ;;
+        --child)
+        WAITFORIT_CHILD=1
+        shift 1
+        ;;
+        -q | --quiet)
+        WAITFORIT_QUIET=1
+        shift 1
+        ;;
+        -s | --strict)
+        WAITFORIT_STRICT=1
+        shift 1
+        ;;
+        -h)
+        WAITFORIT_HOST="$2"
+        if [[ $WAITFORIT_HOST == "" ]]; then break; fi
+        shift 2
+        ;;
+        --host=*)
+        WAITFORIT_HOST="${1#*=}"
+        shift 1
+        ;;
+        -p)
+        WAITFORIT_PORT="$2"
+        if [[ $WAITFORIT_PORT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --port=*)
+        WAITFORIT_PORT="${1#*=}"
+        shift 1
+        ;;
+        -t)
+        WAITFORIT_TIMEOUT="$2"
+        if [[ $WAITFORIT_TIMEOUT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --timeout=*)
+        WAITFORIT_TIMEOUT="${1#*=}"
+        shift 1
+        ;;
+        --)
+        shift
+        WAITFORIT_CLI=("$@")
+        break
+        ;;
+        --help)
+        usage
+        ;;
+        *)
+        echoerr "Unknown argument: $1"
+        usage
+        ;;
+    esac
+done
+
+if [[ "$WAITFORIT_HOST" == "" || "$WAITFORIT_PORT" == "" ]]; then
+    echoerr "Error: you need to provide a host and port to test."
+    usage
+fi
+
+WAITFORIT_TIMEOUT=${WAITFORIT_TIMEOUT:-15}
+WAITFORIT_STRICT=${WAITFORIT_STRICT:-0}
+WAITFORIT_CHILD=${WAITFORIT_CHILD:-0}
+WAITFORIT_QUIET=${WAITFORIT_QUIET:-0}
+
+# Check to see if timeout is from busybox?
+WAITFORIT_TIMEOUT_PATH=$(type -p timeout)
+WAITFORIT_TIMEOUT_PATH=$(realpath $WAITFORIT_TIMEOUT_PATH 2>/dev/null || readlink -f $WAITFORIT_TIMEOUT_PATH)
+
+WAITFORIT_BUSYTIMEFLAG=""
+if [[ $WAITFORIT_TIMEOUT_PATH =~ "busybox" ]]; then
+    WAITFORIT_ISBUSY=1
+    # Check if busybox timeout uses -t flag
+    # (recent Alpine versions don't support -t anymore)
+    if timeout &>/dev/stdout | grep -q -e '-t '; then
+        WAITFORIT_BUSYTIMEFLAG="-t"
+    fi
+else
+    WAITFORIT_ISBUSY=0
+fi
+
+if [[ $WAITFORIT_CHILD -gt 0 ]]; then
+    wait_for
+    WAITFORIT_RESULT=$?
+    exit $WAITFORIT_RESULT
+else
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        wait_for_wrapper
+        WAITFORIT_RESULT=$?
+    else
+        wait_for
+        WAITFORIT_RESULT=$?
+    fi
+fi
+
+if [[ $WAITFORIT_CLI != "" ]]; then
+    if [[ $WAITFORIT_RESULT -ne 0 && $WAITFORIT_STRICT -eq 1 ]]; then
+        echoerr "$WAITFORIT_cmdname: strict mode, refusing to execute subprocess"
+        exit $WAITFORIT_RESULT
+    fi
+    exec "${WAITFORIT_CLI[@]}"
+else
+    exit $WAITFORIT_RESULT
+fi

apps/cic-cache/cic_cache/runnable/daemons/server.py

@@ -8,6 +8,7 @@ import base64
 import confini
 
 # local imports
+import cic_cache.cli
 from cic_cache.db import dsn_from_config
 from cic_cache.db.models.base import SessionBase
 from cic_cache.runnable.daemons.query import (
@@ -23,26 +24,17 @@ rootdir = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
 dbdir = os.path.join(rootdir, 'cic_cache', 'db')
 migrationsdir = os.path.join(dbdir, 'migrations')
 
-config_dir = os.path.join('/usr/local/etc/cic-cache')
-
-argparser = argparse.ArgumentParser()
-argparser.add_argument('-c', type=str, default=config_dir, help='config file')
-argparser.add_argument('--env-prefix', default=os.environ.get('CONFINI_ENV_PREFIX'), dest='env_prefix', type=str, help='environment prefix for variables to overwrite configuration')
-argparser.add_argument('-v', action='store_true', help='be verbose')
-argparser.add_argument('-vv', action='store_true', help='be more verbose')
+# process args
+arg_flags = cic_cache.cli.argflag_std_base
+local_arg_flags = cic_cache.cli.argflag_local_task
+argparser = cic_cache.cli.ArgumentParser(arg_flags)
+argparser.process_local_flags(local_arg_flags)
 args = argparser.parse_args()
 
-if args.vv:
-    logging.getLogger().setLevel(logging.DEBUG)
-elif args.v:
-    logging.getLogger().setLevel(logging.INFO)
-
-config = confini.Config(args.c, args.env_prefix)
-config.process()
-config.censor('PASSWORD', 'DATABASE')
-config.censor('PASSWORD', 'SSL')
-logg.debug('config:\n{}'.format(config))
+# process config
+config = cic_cache.cli.Config.from_args(args, arg_flags, local_arg_flags)
 
+# connect to database
 dsn = dsn_from_config(config)
 SessionBase.connect(dsn, config.true('DATABASE_DEBUG'))
 

apps/cic-cache/cic_cache/runnable/daemons/tasker.py

@@ -9,6 +9,7 @@ import celery
 import confini
 
 # local imports
+import cic_cache.cli
 from cic_cache.db import dsn_from_config
 from cic_cache.db.models.base import SessionBase
 from cic_cache.tasks.tx import *
@@ -16,35 +17,20 @@ from cic_cache.tasks.tx import *
 logging.basicConfig(level=logging.WARNING)
 logg = logging.getLogger()
 
-config_dir = os.path.join('/usr/local/etc/cic-cache')
-
-
-argparser = argparse.ArgumentParser()
-argparser.add_argument('-c', type=str, default=config_dir, help='config file')
-argparser.add_argument('-q', type=str, default='cic-cache', help='queue name for worker tasks')
-argparser.add_argument('--env-prefix', default=os.environ.get('CONFINI_ENV_PREFIX'), dest='env_prefix', type=str, help='environment prefix for variables to overwrite configuration')
-argparser.add_argument('-v', action='store_true', help='be verbose')
-argparser.add_argument('-vv', action='store_true', help='be more verbose')
-
+# process args
+arg_flags = cic_cache.cli.argflag_std_base
+local_arg_flags = cic_cache.cli.argflag_local_task
+argparser = cic_cache.cli.ArgumentParser(arg_flags)
+argparser.process_local_flags(local_arg_flags)
 args = argparser.parse_args()
 
-if args.vv:
-    logging.getLogger().setLevel(logging.DEBUG)
-elif args.v:
-    logging.getLogger().setLevel(logging.INFO)
-
-config = confini.Config(args.c, args.env_prefix)
-config.process()
+# process config
+config = cic_cache.cli.Config.from_args(args, arg_flags, local_arg_flags)
 
 # connect to database
 dsn = dsn_from_config(config)
 SessionBase.connect(dsn)
 
-# verify database connection with minimal sanity query
-#session = SessionBase.create_session()
-#session.execute('select version_num from alembic_version')
-#session.close()
-
 # set up celery
 current_app = celery.Celery(__name__)
 
@@ -87,9 +73,9 @@ def main():
     elif args.v:
         argv.append('--loglevel=INFO')
     argv.append('-Q')
-    argv.append(args.q)
+    argv.append(config.get('CELERY_QUEUE'))
     argv.append('-n')
-    argv.append(args.q)
+    argv.append(config.get('CELERY_QUEUE'))
 
     current_app.worker_main(argv)
 

apps/cic-cache/cic_cache/runnable/daemons/tracker.py

@@ -40,7 +40,7 @@ logging.basicConfig(level=logging.WARNING)
 logg = logging.getLogger()
 
 # process args
-arg_flags = cic_cache.cli.argflag_std_read
+arg_flags = cic_cache.cli.argflag_std_base
 local_arg_flags = cic_cache.cli.argflag_local_sync
 argparser = cic_cache.cli.ArgumentParser(arg_flags)
 argparser.process_local_flags(local_arg_flags)

apps/cic-cache/docker/Dockerfile

@@ -1,19 +1,17 @@
-# syntax = docker/dockerfile:1.2
-FROM registry.gitlab.com/grassrootseconomics/cic-base-images:python-3.8.6-dev-55da5f4e as dev
- 
-# RUN pip install $pip_extra_index_url_flag cic-base[full_graph]==0.1.2b9
+ARG DOCKER_REGISTRY="registry.gitlab.com/grassrootseconomics"
+
+FROM $DOCKER_REGISTRY/cic-base-images:python-3.8.6-dev-e8eb2ee2
 
 COPY requirements.txt .
-#RUN pip install $pip_extra_index_url_flag -r test_requirements.txt
-#RUN pip install $pip_extra_index_url_flag .
-#RUN pip install .[server]
 
-ARG EXTRA_INDEX_URL="https://pip.grassrootseconomics.net:8433"
-ARG GITLAB_PYTHON_REGISTRY="https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple"
+ARG EXTRA_PIP_INDEX_URL="https://pip.grassrootseconomics.net:8433"
 ARG EXTRA_PIP_ARGS=""
+ARG PIP_INDEX_URL="https://pypi.org/simple"
+
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
-    pip install --index-url https://pypi.org/simple  \
-	  --extra-index-url $GITLAB_PYTHON_REGISTRY --extra-index-url $EXTRA_INDEX_URL $EXTRA_PIP_ARGS \
+    pip install --index-url $PIP_INDEX_URL \
+    --pre \
+    --extra-index-url $EXTRA_PIP_INDEX_URL $EXTRA_PIP_ARGS \
     -r requirements.txt
 
 COPY . . 
@@ -23,10 +21,10 @@ RUN python setup.py install
 # ini files in config directory defines the configurable parameters for the application
 # they can all be overridden by environment variables
 # to generate a list of environment variables from configuration, use: confini-dump -z <dir> (executable provided by confini package)
-COPY config/ /usr/local/etc/cic-cache/
+#COPY config/ /usr/local/etc/cic-cache/
 
 # for db migrations
-RUN git clone https://github.com/vishnubob/wait-for-it.git /usr/local/bin/wait-for-it/
+COPY ./aux/wait-for-it/wait-for-it.sh ./
 COPY cic_cache/db/migrations/ /usr/local/share/cic-cache/alembic/
 
 COPY /docker/start_tracker.sh ./start_tracker.sh

apps/cic-cache/scripts/migrate.py

@@ -17,11 +17,12 @@ logg = logging.getLogger()
 rootdir = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
 dbdir = os.path.join(rootdir, 'cic_cache', 'db')
 migrationsdir = os.path.join(dbdir, 'migrations')
+configdir = os.path.join(rootdir, 'cic_cache', 'data', 'config')
 
-config_dir = os.path.join('/usr/local/etc/cic-cache')
+#config_dir = os.path.join('/usr/local/etc/cic-cache')
 
 argparser = argparse.ArgumentParser()
-argparser.add_argument('-c', type=str, default=config_dir, help='config file')
+argparser.add_argument('-c', type=str, help='config file')
 argparser.add_argument('--env-prefix', default=os.environ.get('CONFINI_ENV_PREFIX'), dest='env_prefix', type=str, help='environment prefix for variables to overwrite configuration')
 argparser.add_argument('--migrations-dir', dest='migrations_dir', default=migrationsdir, type=str, help='path to alembic migrations directory')
 argparser.add_argument('--reset', action='store_true', help='downgrade before upgrading')
@@ -35,7 +36,7 @@ if args.vv:
 elif args.v:
     logging.getLogger().setLevel(logging.INFO)
 
-config = confini.Config(args.c, args.env_prefix)
+config = confini.Config(configdir, args.env_prefix)
 config.process()
 config.censor('PASSWORD', 'DATABASE')
 config.censor('PASSWORD', 'SSL')

apps/cic-eth-aux/erc20-demurrage-token/requirements.txt

@@ -1,4 +1,5 @@
 celery==4.4.7
-erc20-demurrage-token~=0.0.3a1
-cic-eth-registry>=0.6.1a2,<0.7.0
-cic-eth[services]~=0.12.4a8
+erc20-demurrage-token~=0.0.5a3
+cic-eth-registry~=0.6.1a6
+chainlib~=0.0.9rc1
+cic_eth~=0.12.4a11

apps/cic-eth-aux/erc20-demurrage-token/setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = cic-eth-aux-erc20-demurrage-token
-version = 0.0.2a6
+version = 0.0.2a7
 description = cic-eth tasks supporting erc20 demurrage token
 author = Louis Holbrook
 author_email = dev@holbrook.no

apps/cic-eth/admin_requirements.txt

@@ -1,5 +1,5 @@
 SQLAlchemy==1.3.20
-cic-eth-registry>=0.6.1a2,<0.7.0
+cic-eth-registry>=0.6.1a6,<0.7.0
 hexathon~=0.0.1a8
 chainqueue>=0.0.4a6,<0.1.0
 eth-erc20>=0.1.2a2,<0.2.0

apps/cic-eth/cic_eth/admin/token.py

@@ -1,21 +1,2 @@
-# standard imports
-import logging
-
-# external imports
-import celery
-
 # local imports
-from cic_eth.task import BaseTask
-
-celery_app = celery.current_app
-logg = logging.getLogger()
-
-
-@celery_app.task(bind=True, base=BaseTask)
-def default_token(self):
-    return {
-            'symbol': self.default_token_symbol,
-            'address': self.default_token_address,
-            'name': self.default_token_name,
-            'decimals': self.default_token_decimals,
-            }
+from cic_eth.eth.erc20 import default_token

apps/cic-eth/cic_eth/api/api_task.py

@@ -9,6 +9,7 @@ import logging
 # external imports 
 import celery
 from chainlib.chain import ChainSpec
+from hexathon import strip_0x
 
 # local imports
 from cic_eth.api.base import ApiBase
@@ -16,15 +17,50 @@ from cic_eth.enum import LockEnum
 
 app = celery.current_app
 
-logg = logging.getLogger(__name__)
+#logg = logging.getLogger(__name__)
+logg = logging.getLogger()
 
 
 class Api(ApiBase):
-    
+
+    @staticmethod
+    def to_v_list(v, n):
+        """Translate an arbitrary number of string and/or list arguments to a list of list of string arguments
+
+        :param v: Arguments
+        :type v: str or list
+        :param n: Number of elements to generate arguments for
+        :type n: int
+        :rtype: list
+        :returns: list of assembled arguments
+        """
+        if isinstance(v, str):
+            vv = v
+            v = []
+            for i in range(n):
+                v.append([vv])
+        elif not isinstance(v, list):
+            raise ValueError('argument must be single string, or list or strings or lists')
+        else:
+            if len(v) != n:
+                raise ValueError('v argument count must match integer n')
+            for i in range(n):
+                if isinstance(v[i], str):
+                    v[i] = [v[i]]
+                elif not isinstance(v, list):
+                    raise ValueError('proof argument must be single string, or list or strings or lists')
+
+        return v
+   
 
     def default_token(self):
+        """Retrieves the default fallback token of the custodial network.
+
+        :returns: uuid of root task
+        :rtype: celery.Task
+        """
         s_token = celery.signature(
-                'cic_eth.admin.token.default_token',
+                'cic_eth.eth.erc20.default_token',
                 [],
                 queue=self.queue,
                 )
@@ -34,6 +70,97 @@ class Api(ApiBase):
         return s_token.apply_async()
 
 
+    def token(self, token_symbol, proof=None):
+        """Single-token alias for tokens method.
+
+        See tokens method for details.
+
+        :param token_symbol: Token symbol to look up
+        :type token_symbol: str
+        :param proof: Proofs to add to signature verification for the token
+        :type proof: str or list
+        :returns: uuid of root task
+        :rtype: celery.Task
+        """
+        if not isinstance(token_symbol, str):
+            raise ValueError('token symbol must be string')
+
+        return self.tokens([token_symbol], proof=proof)
+
+
+    def tokens(self, token_symbols, proof=None):
+        """Perform a token data lookup from the token index. The token index will enforce unique associations between token symbol and contract address.
+
+        Token symbols are always strings, and should be specified using uppercase letters.
+
+        If the proof argument is included, the network will be queried for trusted signatures on the given proof(s). There must exist at least one trusted signature for every given proof for every token. Trusted signatures for the custodial system are provided at service startup.
+
+        The proof argument may be specified in a number of ways:
+
+        - as None, in which case proof checks are skipped (although there may still be builtin proof checks being performed)
+        - as a single string, where the same proof is used for each token lookup
+        - as an array of strings, where the respective proof is used for the respective token. number of proofs must match the number of tokens.
+        - as an array of lists, where the respective proofs in each list is used for the respective token. number of lists of proofs must match the number of tokens.
+
+        The success callback provided at the Api object instantiation will receive individual calls for each token that passes the proof checks. Each token that does not pass is passed to the Api error callback.
+
+        This method is not intended to be used synchronously. Do so at your peril.
+
+        :param token_symbols: Token symbol strings to look up
+        :type token_symbol: list
+        :param proof: Proof(s) to verify tokens against
+        :type proof: None, str or list
+        :returns: uuid of root task
+        :rtype: celery.Task
+        """
+        if not isinstance(token_symbols, list):
+            raise ValueError('token symbols argument must be list')
+
+        if proof == None:
+            logg.debug('looking up tokens without external proof check: {}'.format(','.join(token_symbols)))
+            proof = ''
+
+        logg.debug('proof is {}'.format(proof))
+        l = len(token_symbols)
+        if len(proof) == 0:
+            l = 0 
+        proof = Api.to_v_list(proof, l)
+
+        chain_spec_dict = self.chain_spec.asdict()
+
+        s_token_resolve = celery.signature(
+                'cic_eth.eth.erc20.resolve_tokens_by_symbol',
+                [
+                    token_symbols,
+                    chain_spec_dict,
+                    ],
+                queue=self.queue,
+                )
+
+        s_token_info = celery.signature(
+                'cic_eth.eth.erc20.token_info',
+                [
+                    chain_spec_dict,
+                    proof,
+                    ],
+                queue=self.queue,
+                )
+
+        s_token_verify = celery.signature(
+                    'cic_eth.eth.erc20.verify_token_info',
+                    [
+                        chain_spec_dict,
+                        self.callback_success,
+                        self.callback_error,
+                        ],
+                    queue=self.queue,
+                    )
+
+        s_token_info.link(s_token_verify)
+        s_token_resolve.link(s_token_info)
+        return s_token_resolve.apply_async()
+
+
 #    def convert_transfer(self, from_address, to_address, target_return, minimum_return, from_token_symbol, to_token_symbol):
 #        """Executes a chain of celery tasks that performs conversion between two ERC20 tokens, and transfers to a specified receipient after convert has completed.
 #
@@ -254,6 +381,8 @@ class Api(ApiBase):
         :returns: uuid of root task
         :rtype: celery.Task
         """
+        #from_address = strip_0x(from_address)
+        #to_address = strip_0x(to_address)
         s_check = celery.signature(
                 'cic_eth.admin.ctrl.check_lock',
                 [
@@ -554,3 +683,4 @@ class Api(ApiBase):
 
         t = self.callback_success.apply_async([r])
         return t
+

apps/cic-eth/cic_eth/callbacks/noop.py

@@ -1,7 +1,10 @@
+import logging
+
 import celery
 
 celery_app = celery.current_app
-logg = celery_app.log.get_default_logger()
+#logg = celery_app.log.get_default_logger()
+logg = logging.getLogger()
 
 
 @celery_app.task(bind=True)

apps/cic-eth/cic_eth/error.py

@@ -48,8 +48,6 @@ class RoleMissingError(Exception):
     pass
 
 
-
-
 class IntegrityError(Exception):
     """Exception raised to signal irregularities with deduplication and ordering of tasks
 
@@ -85,3 +83,8 @@ class RoleAgencyError(SeppukuError):
 class YouAreBrokeError(Exception):
     """Exception raised when a value transfer is attempted without access to sufficient funds
     """
+
+
+class TrustError(Exception):
+    """Exception raised when required trust proofs are missing for a request
+    """

apps/cic-eth/cic_eth/eth/account.py

@@ -13,7 +13,7 @@ from chainlib.eth.sign import (
         new_account,
         sign_message,
         )
-from chainlib.eth.address import to_checksum_address
+from chainlib.eth.address import to_checksum_address, is_address
 from chainlib.eth.tx import TxFormat
 from chainlib.chain import ChainSpec
 from chainlib.error import JSONRPCException
@@ -31,6 +31,7 @@ from cic_eth.eth.gas import (
 from cic_eth.db.models.nonce import Nonce
 from cic_eth.db.models.base import SessionBase
 from cic_eth.db.models.role import AccountRole
+from cic_eth.encode import tx_normalize
 from cic_eth.error import (
         RoleMissingError,
         SignerError,
@@ -49,6 +50,7 @@ from cic_eth.queue.tx import (
 from cic_eth.encode import (
         unpack_normal,
         ZERO_ADDRESS_NORMAL,
+        tx_normalize,
         )
 
 logg = logging.getLogger()
@@ -84,7 +86,7 @@ def create(self, password, chain_spec_dict):
     # TODO: It seems infeasible that a can be None in any case, verify
     if a == None:
         raise SignerError('create account')
-        
+    a = tx_normalize.wallet_address(a)
     logg.debug('created account {}'.format(a))
 
     # Initialize nonce provider record for account
@@ -175,6 +177,9 @@ def gift(self, account_address, chain_spec_dict):
     """
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
 
+    if is_address(account_address):
+        account_address = tx_normalize.wallet_address(account_address)
+
     logg.debug('gift account address {} to index'.format(account_address))
     queue = self.request.delivery_info.get('routing_key')
 
@@ -248,8 +253,9 @@ def have(self, account, chain_spec_dict):
 
 @celery_app.task(bind=True, base=CriticalSQLAlchemyTask)
 def set_role(self, tag, address, chain_spec_dict):
-    if not to_checksum_address(address):
-        raise ValueError('invalid checksum address {}'.format(address))
+    if not is_address(address):
+        raise ValueError('invalid address {}'.format(address))
+    address = tx_normalize.wallet_address(address)
     session = SessionBase.create_session()
     role = AccountRole.set(tag, address, session=session) 
     session.add(role)
@@ -298,13 +304,15 @@ def cache_gift_data(
     tx_signed_raw_bytes = bytes.fromhex(strip_0x(tx_signed_raw_hex))
     tx = unpack_normal(tx_signed_raw_bytes, chain_spec)
     tx_data = Faucet.parse_give_to_request(tx['data'])
+    sender_address = tx_normalize.wallet_address(tx['from'])
+    recipient_address = tx_normalize.wallet_address(tx['to'])
 
     session = self.create_session()
 
     tx_dict = {
             'hash': tx['hash'],
-            'from': tx['from'],
-            'to': tx['to'],
+            'from': sender_address,
+            'to': recipient_address,
             'source_token': ZERO_ADDRESS_NORMAL,
             'destination_token': ZERO_ADDRESS_NORMAL,
             'from_value': 0,
@@ -338,12 +346,14 @@ def cache_account_data(
     tx_signed_raw_bytes = bytes.fromhex(strip_0x(tx_signed_raw_hex))
     tx = unpack_normal(tx_signed_raw_bytes, chain_spec)
     tx_data = AccountsIndex.parse_add_request(tx['data'])
+    sender_address = tx_normalize.wallet_address(tx['from'])
+    recipient_address = tx_normalize.wallet_address(tx['to'])
 
     session = SessionBase.create_session()
     tx_dict = {
             'hash': tx['hash'],
-            'from': tx['from'],
-            'to': tx['to'],
+            'from': sender_address,
+            'to': recipient_address,
             'source_token': ZERO_ADDRESS_NORMAL,
             'destination_token': ZERO_ADDRESS_NORMAL,
             'from_value': 0,

apps/cic-eth/cic_eth/eth/erc20.py

@@ -12,10 +12,14 @@ from chainlib.eth.tx import (
         )
 from cic_eth_registry import CICRegistry
 from cic_eth_registry.erc20 import ERC20Token
-from hexathon import strip_0x
+from hexathon import (
+        strip_0x,
+        add_0x,
+        )
 from chainqueue.error import NotLocalTxError
 from eth_erc20 import ERC20
 from chainqueue.sql.tx import cache_tx_dict
+from okota.token_index import to_identifier
 
 # local imports
 from cic_eth.db.models.base import SessionBase
@@ -36,8 +40,11 @@ from cic_eth.task import (
         CriticalSQLAlchemyTask,
         CriticalWeb3Task,
         CriticalSQLAlchemyAndSignerTask,
+        BaseTask,
     )
 from cic_eth.eth.nonce import CustodialTaskNonceOracle
+from cic_eth.encode import tx_normalize
+from cic_eth.eth.trust import verify_proofs
 
 celery_app = celery.current_app
 logg = logging.getLogger()
@@ -62,7 +69,8 @@ def balance(tokens, holder_address, chain_spec_dict):
 
     for t in tokens:
         address = t['address']
-        token = ERC20Token(chain_spec, rpc, address)
+        logg.debug('address {} {}'.format(address, holder_address))
+        token = ERC20Token(chain_spec, rpc, add_0x(address))
         c = ERC20(chain_spec)
         o = c.balance_of(address, holder_address, sender_address=caller_address)
         r = rpc.do(o)
@@ -371,13 +379,15 @@ def cache_transfer_data(
     tx = unpack(tx_signed_raw_bytes, chain_spec)
 
     tx_data = ERC20.parse_transfer_request(tx['data'])
-    recipient_address = tx_data[0]
+    sender_address = tx_normalize.wallet_address(tx['from'])
+    recipient_address = tx_normalize.wallet_address(tx_data[0])
     token_value = tx_data[1]
 
+
     session = SessionBase.create_session()
     tx_dict = {
             'hash': tx_hash_hex,
-            'from': tx['from'],
+            'from': sender_address,
             'to': recipient_address,
             'source_token': tx['to'],
             'destination_token': tx['to'],
@@ -448,13 +458,14 @@ def cache_approve_data(
     tx = unpack(tx_signed_raw_bytes, chain_spec)
 
     tx_data = ERC20.parse_approve_request(tx['data'])
-    recipient_address = tx_data[0]
+    sender_address = tx_normalize.wallet_address(tx['from'])
+    recipient_address = tx_normalize.wallet_address(tx_data[0])
     token_value = tx_data[1]
 
     session = SessionBase.create_session()
     tx_dict = {
             'hash': tx_hash_hex,
-            'from': tx['from'],
+            'from': sender_address,
             'to': recipient_address,
             'source_token': tx['to'],
             'destination_token': tx['to'],
@@ -465,3 +476,69 @@ def cache_approve_data(
     session.close()
     return (tx_hash_hex, cache_id)
 
+
+@celery_app.task(bind=True, base=BaseTask)
+def token_info(self, tokens, chain_spec_dict, proofs=[]):
+    chain_spec = ChainSpec.from_dict(chain_spec_dict)
+    rpc = RPCConnection.connect(chain_spec, 'default')
+
+    i = 0
+
+    for token in tokens:
+        result_data = []
+        token_chain_object = ERC20Token(chain_spec, rpc, add_0x(token['address']))
+        token_chain_object.load(rpc)
+
+        token_symbol_proof_hex = to_identifier(token_chain_object.symbol)
+        token_proofs = [token_symbol_proof_hex]
+        if len(proofs) > 0:
+            token_proofs += proofs[i]
+
+        tokens[i] = {
+            'decimals': token_chain_object.decimals,
+            'name': token_chain_object.name,
+            'symbol': token_chain_object.symbol,
+            'address': tx_normalize.executable_address(token_chain_object.address),
+            'proofs': token_proofs,
+            'converters': tokens[i]['converters'],
+                }   
+        i += 1
+
+    return tokens
+
+
+@celery_app.task(bind=True, base=BaseTask)
+def verify_token_info(self, tokens, chain_spec_dict, success_callback, error_callback):
+    queue = self.request.delivery_info.get('routing_key')
+
+    for token in tokens:
+        s = celery.signature(
+                'cic_eth.eth.trust.verify_proofs',
+                [
+                    token,
+                    token['address'],
+                    token['proofs'],
+                    chain_spec_dict,
+                    success_callback,
+                    error_callback,
+                    ],
+                queue=queue,
+                )
+
+        if success_callback != None:
+            s.link(success_callback)
+        if error_callback != None:
+            s.on_error(error_callback)
+        s.apply_async()
+
+    return tokens
+
+
+@celery_app.task(bind=True, base=BaseTask)
+def default_token(self):
+    return {
+        'symbol': self.default_token_symbol,
+        'address': self.default_token_address,
+        'name': self.default_token_name,
+        'decimals': self.default_token_decimals,
+        }

apps/cic-eth/cic_eth/eth/gas.py

@@ -9,7 +9,11 @@ from hexathon import (
         )
 #from chainlib.eth.constant import ZERO_ADDRESS
 from chainlib.chain import ChainSpec
-from chainlib.eth.address import is_checksum_address
+from chainlib.eth.address import (
+        is_checksum_address,
+        to_checksum_address,
+        is_address
+        )
 from chainlib.connection import RPCConnection
 from chainqueue.db.enum import StatusBits
 from chainqueue.sql.tx import cache_tx_dict
@@ -74,7 +78,6 @@ class MaxGasOracle:
         return MAXIMUM_FEE_UNITS
 
 
-#def create_check_gas_task(tx_signed_raws_hex, chain_spec, holder_address, gas=None, tx_hashes_hex=None, queue=None):
 def create_check_gas_task(tx_signed_raws_hex, chain_spec, holder_address, gas=None, tx_hashes_hex=None, queue=None):
     """Creates a celery task signature for a check_gas task that adds the task to the outgoing queue to be processed by the dispatcher.
 
@@ -179,8 +182,9 @@ def check_gas(self, tx_hashes_hex, chain_spec_dict, txs_hex=[], address=None, ga
     :return: Signed raw transaction data list
     :rtype: param txs, unchanged
     """
+    rpc_format_address = None
     if address != None:
-        if not is_checksum_address(address):
+        if not is_address(address):
             raise ValueError('invalid address {}'.format(address))
         address = tx_normalize.wallet_address(address)
         address = add_0x(address)
@@ -195,7 +199,6 @@ def check_gas(self, tx_hashes_hex, chain_spec_dict, txs_hex=[], address=None, ga
         txs.append(tx)
 
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
-    logg.debug('txs {} tx_hashes {}'.format(txs, tx_hashes))
 
     addresspass = None
     if len(txs) == 0:
@@ -211,13 +214,15 @@ def check_gas(self, tx_hashes_hex, chain_spec_dict, txs_hex=[], address=None, ga
                 raise ValueError('txs passed to check gas must all have same sender; had {} got {}'.format(address, tx['from']))
             addresspass.append(address)
 
+    rpc_format_address = add_0x(to_checksum_address(address))
+
     queue = self.request.delivery_info.get('routing_key')
 
     conn = RPCConnection.connect(chain_spec)
 
     gas_balance = 0
     try:
-        o = balance(address)
+        o = balance(rpc_format_address)
         r = conn.do(o)
         conn.disconnect()
         gas_balance = abi_decode_single(ABIContractType.UINT256, r)

apps/cic-eth/cic_eth/eth/meta.py

@@ -2,8 +2,9 @@
 from chainlib.eth.constant import ZERO_ADDRESS
 from chainlib.status import Status as TxStatus
 from cic_eth_registry.erc20 import ERC20Token
+from hexathon import add_0x
 
-# local imports
+# local impor:ts
 from cic_eth.ext.address import translate_address
 
 
@@ -44,8 +45,8 @@ class ExtendedTx:
             destination = source
         if destination_value == None:
             destination_value = source_value
-        st = ERC20Token(self.chain_spec, self.rpc, source)
-        dt = ERC20Token(self.chain_spec, self.rpc, destination)
+        st = ERC20Token(self.chain_spec, self.rpc, add_0x(source))
+        dt = ERC20Token(self.chain_spec, self.rpc, add_0x(destination))
         self.source_token = source
         self.source_token_symbol = st.symbol
         self.source_token_name = st.name

apps/cic-eth/cic_eth/eth/nonce.py

@@ -3,11 +3,12 @@ import logging
 
 # external imports
 import celery
-from chainlib.eth.address import is_checksum_address
+from chainlib.eth.address import is_checksum_address, is_address, strip_0x
 
 # local imports
 from cic_eth.db.models.role import AccountRole
 from cic_eth.db.models.base import SessionBase
+from cic_eth.encode import tx_normalize
 from cic_eth.task import CriticalSQLAlchemyTask
 from cic_eth.db.models.nonce import (
         Nonce,
@@ -42,7 +43,8 @@ class CustodialTaskNonceOracle():
         :returns: Nonce
         :rtype: number
         """
-        r = NonceReservation.release(self.address, self.uuid, session=self.session)
+        address = tx_normalize.wallet_address(self.address)
+        r = NonceReservation.release(address, self.uuid, session=self.session)
         return r[1]
 
 
@@ -58,17 +60,18 @@ def reserve_nonce(self, chained_input, chain_spec_dict, signer_address=None):
         address = chained_input
         logg.debug('non-explicit address for reserve nonce, using arg head {}'.format(chained_input))
     else:
-        if is_checksum_address(signer_address):
+        if is_address(signer_address):
             address = signer_address
             logg.debug('explicit address for reserve nonce {}'.format(signer_address))
         else:
             address = AccountRole.get_address(signer_address, session=session)
             logg.debug('role for reserve nonce {} -> {}'.format(signer_address, address))
 
-    if not is_checksum_address(address):
+    if not is_address(address):
         raise ValueError('invalid result when resolving address for nonce {}'.format(address))
 
     root_id = self.request.root_id
+    address = tx_normalize.wallet_address(address)
     r = NonceReservation.next(address, root_id, session=session)
     logg.debug('nonce {} reserved for address {} task {}'.format(r[1], address, r[0]))
 

apps/cic-eth/cic_eth/eth/trust.py

@@ -0,0 +1,77 @@
+# standard imports
+import logging
+
+# external imports
+import celery
+from eth_address_declarator import Declarator
+from chainlib.connection import RPCConnection
+from chainlib.chain import ChainSpec
+from cic_eth.db.models.role import AccountRole
+from cic_eth_registry import CICRegistry
+from hexathon import strip_0x
+
+# local imports
+from cic_eth.task import BaseTask
+from cic_eth.error import TrustError
+
+celery_app = celery.current_app
+logg = logging.getLogger()
+
+
+@celery_app.task(bind=True, base=BaseTask)
+def verify_proof(self, chained_input, proof, subject, chain_spec_dict, success_callback, error_callback):
+    proof = strip_0x(proof)
+
+    proofs = []
+ 
+    logg.debug('proof count {}'.format(len(proofs)))
+    if len(proofs) == 0:
+        logg.debug('error {}'.format(len(proofs)))
+        raise TrustError('foo')
+
+    return (chained_input, (proof, proofs))
+
+
+@celery_app.task(bind=True, base=BaseTask)
+def verify_proofs(self, chained_input, subject, proofs, chain_spec_dict, success_callback, error_callback):
+    queue = self.request.delivery_info.get('routing_key')
+
+    chain_spec = ChainSpec.from_dict(chain_spec_dict)
+    rpc = RPCConnection.connect(chain_spec, 'default')
+
+    session = self.create_session()
+    sender_address = AccountRole.get_address('DEFAULT', session)
+
+    registry = CICRegistry(chain_spec, rpc)
+    declarator_address = registry.by_name('AddressDeclarator', sender_address=sender_address)
+
+    declarator = Declarator(chain_spec)
+
+    have_proofs = {}
+
+    for proof in proofs:
+
+        proof = strip_0x(proof)
+
+        have_proofs[proof] = []
+
+        for trusted_address in self.trusted_addresses:
+            o = declarator.declaration(declarator_address, trusted_address, subject, sender_address=sender_address)
+            r = rpc.do(o)
+            declarations = declarator.parse_declaration(r)
+            logg.debug('comparing proof {} with declarations for {} by {}: {}'.format(proof, subject, trusted_address, declarations))
+
+            for declaration in declarations:
+                declaration = strip_0x(declaration)
+                if declaration == proof:
+                    logg.debug('have token proof {} match for trusted address {}'.format(declaration, trusted_address))
+                    have_proofs[proof].append(trusted_address)
+
+    out_proofs = {}
+    for proof in have_proofs.keys():
+        if len(have_proofs[proof]) == 0:
+            logg.error('missing signer for proof {} subject {}'.format(proof, subject))
+            raise TrustError((subject, proof,))
+        out_proofs[proof] = have_proofs[proof]
+       
+    return (chained_input, out_proofs)

apps/cic-eth/cic_eth/ext/tx.py

@@ -32,6 +32,7 @@ from potaahto.symbols import snake_and_camel
 from cic_eth.queue.time import tx_times
 from cic_eth.task import BaseTask
 from cic_eth.db.models.base import SessionBase
+from cic_eth.encode import tx_normalize
 
 celery_app = celery.current_app
 logg = logging.getLogger()
@@ -134,7 +135,7 @@ def list_tx_by_bloom(self, bloomspec, address, chain_spec_dict):
                     tx_address = transfer_data[0]
                     tx_token_value = transfer_data[1]
                     
-                    if address == tx_address:
+                    if tx_normalize.wallet_address(address) == tx_normalize.wallet_address(tx_address):
                         status = StatusEnum.SENT
                         try:
                             o = receipt(tx['hash'])
@@ -152,8 +153,8 @@ def list_tx_by_bloom(self, bloomspec, address, chain_spec_dict):
                         times = tx_times(tx['hash'], chain_spec)
                         tx_r = {
                             'hash': tx['hash'],
-                            'sender': tx['from'],
-                            'recipient': tx_address,
+                            'sender': tx_normalize.wallet_address(tx['from']),
+                            'recipient': tx_normalize.wallet_address(tx_address),
                             'source_value': tx_token_value,
                             'destination_value': tx_token_value,
                             'source_token': tx['to'],
@@ -164,10 +165,10 @@ def list_tx_by_bloom(self, bloomspec, address, chain_spec_dict):
                             tx_r['date_created'] = times['queue']
                         else:
                             tx_r['date_created'] = times['network']
-                        txs[tx['hash']] = tx_r
+                        txs[strip_0x(tx['hash'])] = tx_r
                         break
-    return txs
 
+    return txs
 
 
 # TODO: Surely it must be possible to optimize this
@@ -230,6 +231,8 @@ def tx_collate(self, tx_batches, chain_spec_dict, offset, limit, newest_first=Tr
             except UnknownContractError:
                 logg.error('verify failed on tx {}, skipping'.format(tx['hash']))
                 continue
+        tx['recipient'] = tx_normalize.wallet_address(tx['recipient'])
+        tx['sender'] = tx_normalize.wallet_address(tx['sender'])
         txs.append(tx)
 
     return txs

apps/cic-eth/cic_eth/pytest/fixtures_celery.py

@@ -4,18 +4,21 @@ import tempfile
 import logging
 import shutil
 
-# local impors
+# local imports
 from cic_eth.task import BaseTask
 
 #logg = logging.getLogger(__name__)
 logg = logging.getLogger()
 
-
 @pytest.fixture(scope='function')
 def init_celery_tasks(
     contract_roles, 
         ):
     BaseTask.call_address = contract_roles['DEFAULT']
+    BaseTask.trusted_addresses = [
+            contract_roles['TRUSTED_DECLARATOR'],
+            contract_roles['CONTRACT_DEPLOYER'],
+            ]
 
 
 # celery fixtures
@@ -38,6 +41,7 @@ def celery_includes():
         'cic_eth.callbacks.noop',
         'cic_eth.callbacks.http',
         'cic_eth.pytest.mock.filter',
+        'cic_eth.pytest.mock.callback',
     ]
 
 

apps/cic-eth/cic_eth/pytest/mock/__init__.py

@@ -1 +1,2 @@
 from .filter import *
+from .callback import *

apps/cic-eth/cic_eth/pytest/mock/callback.py

@@ -0,0 +1,38 @@
+# standard imports
+import os
+import logging
+import mmap
+
+# standard imports
+import tempfile
+
+# external imports
+import celery
+
+#logg = logging.getLogger(__name__)
+logg = logging.getLogger()
+
+celery_app = celery.current_app
+
+
+class CallbackTask(celery.Task):
+
+    mmap_path = tempfile.mkdtemp()
+
+
+@celery_app.task(bind=True, base=CallbackTask)
+def test_callback(self, a, b, c):
+    s = 'ok'
+    if c > 0:
+        s = 'err'
+
+    fp = os.path.join(self.mmap_path, b)
+    f = open(fp, 'wb+')
+    f.write(b'\x00')
+    f.seek(0)
+    m = mmap.mmap(f.fileno(), length=1)
+    m.write(c.to_bytes(1, 'big'))
+    m.close()
+    f.close()
+
+    logg.debug('test callback ({}): {} {} {}'.format(s, a, b, c))

apps/cic-eth/cic_eth/queue/query.py

@@ -58,6 +58,7 @@ def get_tx_local(chain_spec, tx_hash, session=None):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def get_account_tx(chain_spec_dict, address, as_sender=True, as_recipient=True, counterpart=None):
+    address = tx_normalize.wallet_address(address)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     return get_account_tx_local(chain_spec, address, as_sender=as_sender, as_recipient=as_recipient, counterpart=counterpart)
 

apps/cic-eth/cic_eth/runnable/daemons/dispatcher.py

@@ -10,7 +10,6 @@ import datetime
 
 # external imports
 import celery
-from cic_eth_registry import CICRegistry
 from chainlib.chain import ChainSpec
 from chainlib.eth.tx import unpack
 from chainlib.connection import RPCConnection

apps/cic-eth/cic_eth/runnable/daemons/filters/callback.py

@@ -21,6 +21,7 @@ from erc20_faucet import Faucet
 # local imports
 from .base import SyncFilter
 from cic_eth.eth.meta import ExtendedTx
+from cic_eth.encode import tx_normalize
 
 logg = logging.getLogger().getChild(__name__)
 
@@ -42,9 +43,9 @@ class CallbackFilter(SyncFilter):
             return (None, None)
         r = ERC20.parse_transfer_request(tx.payload)
         transfer_data = {}
-        transfer_data['to'] = r[0]
+        transfer_data['to'] = tx_normalize.wallet_address(r[0])
         transfer_data['value'] = r[1]
-        transfer_data['from'] = tx.outputs[0]
+        transfer_data['from'] = tx_normalize.wallet_address(tx.outputs[0])
         transfer_data['token_address'] = tx.inputs[0]
         return ('transfer', transfer_data)
 
@@ -54,8 +55,8 @@ class CallbackFilter(SyncFilter):
             return (None, None)
         r = ERC20.parse_transfer_from_request(tx.payload)
         transfer_data = {}
-        transfer_data['from'] = r[0]
-        transfer_data['to'] = r[1]
+        transfer_data['from'] = tx_normalize.wallet_address(r[0])
+        transfer_data['to'] = tx_normalize.wallet_address(r[1])
         transfer_data['value'] = r[2]
         transfer_data['token_address'] = tx.inputs[0]
         return ('transferfrom', transfer_data)
@@ -66,9 +67,9 @@ class CallbackFilter(SyncFilter):
             return (None, None)
         r = Faucet.parse_give_to_request(tx.payload)
         transfer_data = {}
-        transfer_data['to'] = r[0]
+        transfer_data['to'] = tx_normalize.wallet_address(r[0])
         transfer_data['value'] = tx.value
-        transfer_data['from'] = tx.outputs[0]
+        transfer_data['from'] = tx_normalize.wallet_address(tx.outputs[0])
         #transfer_data['token_address'] = tx.inputs[0]
         faucet_contract = tx.inputs[0]
 

apps/cic-eth/cic_eth/runnable/daemons/filters/register.py

@@ -12,7 +12,8 @@ from hexathon import (
 # local imports
 from .base import SyncFilter
 
-logg = logging.getLogger(__name__)
+#logg = logging.getLogger(__name__)
+logg = logging.getLogger()
 
 account_registry_add_log_hash = '0x9cc987676e7d63379f176ea50df0ae8d2d9d1141d1231d4ce15b5965f73c9430'
 

apps/cic-eth/cic_eth/runnable/daemons/filters/transferauth.py

@@ -17,6 +17,7 @@ from cic_eth_registry import CICRegistry
 from erc20_transfer_authorization import TransferAuthorization
 
 # local imports
+from cic_eth.encode import tx_normalize
 from .base import SyncFilter
 
 
@@ -52,9 +53,9 @@ class TransferAuthFilter(SyncFilter):
 
         r = TransferAuthorization.parse_create_request_request(tx.payload) 
           
-        sender = r[0]
-        recipient = r[1]
-        token = r[2]
+        sender = tx_normalize.wallet_address(r[0])
+        recipient = tx_normalize.wallet_address(r[1])
+        token = tx_normalize.executable_address(r[2])
         value = r[3]
 
         token_data = {

apps/cic-eth/cic_eth/runnable/daemons/tasker.py

@@ -76,7 +76,7 @@ arg_flags = cic_eth.cli.argflag_std_read
 local_arg_flags = cic_eth.cli.argflag_local_task
 argparser = cic_eth.cli.ArgumentParser(arg_flags)
 argparser.process_local_flags(local_arg_flags)
-argparser.add_argument('--default-token-symbol', dest='default_token_symbol', type=str, help='Symbol of default token to use')
+#argparser.add_argument('--default-token-symbol', dest='default_token_symbol', type=str, help='Symbol of default token to use')
 argparser.add_argument('--trace-queue-status', default=None, dest='trace_queue_status', action='store_true', help='set to perist all queue entry status changes to storage')
 argparser.add_argument('--aux-all', action='store_true', help='include tasks from all submodules from the aux module path')
 argparser.add_argument('--aux', action='append', type=str, default=[], help='add single submodule from the aux module path')
@@ -84,7 +84,7 @@ args = argparser.parse_args()
 
 # process config
 extra_args = {
-    'default_token_symbol': 'CIC_DEFAULT_TOKEN_SYMBOL',
+#    'default_token_symbol': 'CIC_DEFAULT_TOKEN_SYMBOL',
     'aux_all': None,
     'aux': None,
     'trace_queue_status': 'TASKS_TRACE_QUEUE_STATUS',
@@ -187,6 +187,17 @@ elif len(args.aux) > 0:
         logg.info('aux module {} found in path {}'.format(v, aux_dir))
         aux.append(v)
 
+default_token_symbol = config.get('CIC_DEFAULT_TOKEN_SYMBOL')
+defaullt_token_address = None
+if default_token_symbol:
+    default_token_address = registry.by_name(default_token_symbol)
+else:
+    default_token_address = registry.by_name('DefaultToken')
+    c = ERC20Token(chain_spec, conn, default_token_address)
+    default_token_symbol = c.symbol
+    logg.info('found default token {} address {}'.format(default_token_symbol, default_token_address))
+    config.add(default_token_symbol, 'CIC_DEFAULT_TOKEN_SYMBOL', exists_ok=True)
+
 for v in aux:
     mname = 'cic_eth_aux.' + v
     mod = importlib.import_module(mname)
@@ -204,12 +215,13 @@ def main():
     argv.append('-n')
     argv.append(config.get('CELERY_QUEUE'))
 
-    BaseTask.default_token_symbol = config.get('CIC_DEFAULT_TOKEN_SYMBOL')
-    BaseTask.default_token_address = registry.by_name(BaseTask.default_token_symbol)
-    default_token = ERC20Token(chain_spec, conn, BaseTask.default_token_address)
+    BaseTask.default_token_symbol = default_token_symbol
+    BaseTask.default_token_address = default_token_address
+    default_token = ERC20Token(chain_spec, conn, add_0x(BaseTask.default_token_address))
     default_token.load(conn)
     BaseTask.default_token_decimals = default_token.decimals
     BaseTask.default_token_name = default_token.name
+    BaseTask.trusted_addresses = trusted_addresses
 
     BaseTask.run_dir = config.get('CIC_RUN_DIR')
     logg.info('default token set to {} {}'.format(BaseTask.default_token_symbol, BaseTask.default_token_address))

apps/cic-eth/cic_eth/task.py

@@ -28,6 +28,7 @@ class BaseTask(celery.Task):
 
     session_func = SessionBase.create_session
     call_address = ZERO_ADDRESS
+    trusted_addresses = []
     create_nonce_oracle = RPCNonceOracle
     create_gas_oracle = RPCGasOracle
     default_token_address = None

apps/cic-eth/cic_eth/version.py

@@ -10,7 +10,7 @@ version = (
         0,
         12,
         4,
-        'alpha.8',
+        'alpha.14',
         )
 
 version_object = semver.VersionInfo(

apps/cic-eth/doc/texinfo/accounts.texi

@@ -1,4 +1,3 @@
-@node cic-eth-accounts
 @section Accounts
 
 Accounts are private keys in the signer component keyed by "addresses," a one-way transformation of a public key. Data can be signed by using the account as identifier for corresponding RPC requests.

apps/cic-eth/doc/texinfo/admin.texi

@@ -1,4 +1,4 @@
-@node cic-eth system maintenance
+@anchor{cic-eth-appendix-system-maintenance}
 @appendix Admin API
 
 The admin API is still in an early stage of refinement. User friendliness can be considerably improved.
@@ -33,7 +33,7 @@ Get the current state of a lock
 
 @appendixsection tag_account
 
-Associate an identifier with an account address (@xref{cic-eth system accounts})
+Associate an identifier with an account address (@xref{cic-eth-system-accounts})
 
 @appendixsection have_account
 

apps/cic-eth/doc/texinfo/all.texi

@@ -14,5 +14,6 @@ Released 2021 under GPL3
 @c
 @contents
 
-@include index.texi
+@include content.texi
+@include appendix.texi
 

apps/cic-eth/doc/texinfo/appendix.texi

@@ -0,0 +1,3 @@
+@include admin.texi
+@include chains.texi
+@include transfertypes.texi

apps/cic-eth/doc/texinfo/chains.texi

@@ -1,4 +1,4 @@
-@node cic-eth Appendix Task chains
+@anchor{cic-eth-appendix-task-chains}
 @appendix Task chains
 
 TBC - explain here how to generate these chain diagrams

apps/cic-eth/doc/texinfo/configuration.texi

@@ -1,4 +1,3 @@
-@node cic-eth configuration
 @section Configuration
 
 Configuration parameters are grouped by configuration filename.

apps/cic-eth/doc/texinfo/content.texi

@@ -1,6 +1,6 @@
+@node cic-eth
 @top cic-eth
 
-@include intro.texi
 @include dependencies.texi
 @include configuration.texi
 @include system.texi
@@ -9,6 +9,3 @@
 @include incoming.texi
 @include services.texi
 @include tools.texi
-@include admin.texi
-@include chains.texi
-@include transfertypes.texi

apps/cic-eth/doc/texinfo/dependencies.texi

@@ -1,4 +1,3 @@
-@node cic-eth-dependencies
 @section Dependencies
 
 This application is written in Python 3.8. It is tightly coupled with @code{python-celery}, which provides the task worker ecosystem. It also uses @code{SQLAlchemy} which provides useful abstractions for persistent storage though SQL, and @code{alembic} for database schema migrations.

apps/cic-eth/doc/texinfo/incoming.texi

@@ -1,4 +1,4 @@
-@node cic-eth-incoming
+@anchor{cic-eth-incoming}
 @section Incoming transactions
 
 All transactions in mined blocks will be passed to a selection of plugin filters to the @code{chainsyncer} component. Each of these filters are individual python module files in @code{cic_eth.runnable.daemons.filters}. This section describes their function.

apps/cic-eth/doc/texinfo/interacting.texi

@@ -1,9 +1,8 @@
-@node cic-eth-interacting
 @section Interacting with the system
 
-The API to the @var{cic-eth} component is a proxy for executing @emph{chains of Celery tasks}. The tasks that compose individual chains are documented in @ref{cic-eth Appendix Task chains,the Task Chain appendix}, which also describes a CLI tool that can generate graph representationso of them.
+The API to the @var{cic-eth} component is a proxy for executing @emph{chains of Celery tasks}. The tasks that compose individual chains are documented in @ref{cic-eth-appendix-task-chains,the Task Chain appendix}, which also describes a CLI tool that can generate graph representationso of them.
 
-There are two API classes, @var{Api} and @var{AdminApi}. The former is described later in this section, the latter described in @ref{cic-eth system maintenance,the Admin API appendix}.
+There are two API classes, @var{Api} and @var{AdminApi}. The former is described later in this section, the latter described in @ref{cic-eth-appendix-system-maintenance,the Admin API appendix}.
 
 
 @subsection Interface

apps/cic-eth/doc/texinfo/outgoing.texi

@@ -1,4 +1,3 @@
-@node cic-eth-outgoing
 @section Outgoing transactions
 
 @strong{Important! A pre-requisite for proper functioning of the component is that no other agent is sending transactions to the network for any of the keys in the keystore.}

apps/cic-eth/doc/texinfo/services.texi

@@ -1,4 +1,3 @@
-@node cic-eth-services
 @section Services
 
 There are four daemons that together orchestrate all of the aforementioned recipes. This section will provide a high level description of them. 

apps/cic-eth/doc/texinfo/system.texi

@@ -1,10 +1,10 @@
-@node cic-eth system accounts
 @section System initialization
 
 When the system starts for the first time, it is locked for any state change request other than account creation@footnote{Specifically, the @code{INIT}, @code{SEND} and @code{QUEUE} lock bits are set.}. These locks should be @emph{reset} once system initialization has been completed. Currently, system initialization only involves creating and tagging required system accounts, as specified below.
 
 See @ref{cic-eth-locking,Locking} and @ref{cic-eth-tools-ctrl,ctrl in Tools} for details on locking.
 
+@anchor{cic-eth-system-accounts}
 @subsection System accounts
 
 Certain accounts in the system have special roles. These are defined by @emph{tagging} certain accounts addresses with well-known identifiers.

apps/cic-eth/doc/texinfo/tools.texi

@@ -1,4 +1,3 @@
-@node cic-eth-tools
 @section Tools
 
 A collection of CLI tools have been provided to help with diagnostics and other administrative tasks. These use the same configuration infrastructure as the daemons.
@@ -37,7 +36,7 @@ Execute a token transfer on behalf of a custodial account.
 
 @subsection tag (cic-eth-tag)
 
-Associate an account address with a string identifier. @xref{cic-eth system accounts}
+Associate an account address with a string identifier. @xref{cic-eth-system-accounts}
 
 
 @anchor{cic-eth-tools-ctrl}

apps/cic-eth/doc/texinfo/transfertypes.texi

@@ -1,4 +1,3 @@
-@node cic-eth Appendix Transaction types
 @appendix Transfer types
 
 @table @var

apps/cic-eth/docker/Dockerfile

@@ -1,46 +1,32 @@
-# syntax = docker/dockerfile:1.2
-FROM registry.gitlab.com/grassrootseconomics/cic-base-images:python-3.8.6-dev-55da5f4e as dev
+ARG DOCKER_REGISTRY="registry.gitlab.com/grassrootseconomics"
+
+FROM $DOCKER_REGISTRY/cic-base-images:python-3.8.6-dev-e8eb2ee2
 
 # Copy just the requirements and install....this _might_ give docker a hint on caching but we 
 # do load these all into setup.py later
 # TODO can we take all the requirements out of setup.py and just do a pip install -r requirements.txt && python setup.py
 #COPY cic-eth/requirements.txt .
 
-ARG EXTRA_INDEX_URL="https://pip.grassrootseconomics.net:8433"
-ARG GITLAB_PYTHON_REGISTRY="https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple"
+ARG EXTRA_PIP_INDEX_URL=https://pip.grassrootseconomics.net:8433
 ARG EXTRA_PIP_ARGS=""
-#RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
-#    pip install --index-url https://pypi.org/simple \
-#    --force-reinstall \
-#	--extra-index-url $GITLAB_PYTHON_REGISTRY --extra-index-url $EXTRA_INDEX_URL \
-#    -r requirements.txt
+ARG PIP_INDEX_URL=https://pypi.org/simple
 
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
-    pip install --index-url https://pypi.org/simple  \
-	  --extra-index-url $GITLAB_PYTHON_REGISTRY \
-    --extra-index-url $EXTRA_INDEX_URL \
-    $EXTRA_PIP_ARGS \
-    cic-eth-aux-erc20-demurrage-token~=0.0.2a6
+    pip install --index-url $PIP_INDEX_URL \
+    --pre \
+    --extra-index-url $EXTRA_PIP_INDEX_URL $EXTRA_PIP_ARGS \
+        cic-eth-aux-erc20-demurrage-token~=0.0.2a7
 
 
 COPY *requirements.txt ./
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
-    pip install --index-url https://pypi.org/simple  \
-	  --extra-index-url $GITLAB_PYTHON_REGISTRY \
-    --extra-index-url $EXTRA_INDEX_URL \
-    $EXTRA_PIP_ARGS \
+    pip install --index-url $PIP_INDEX_URL \
+    --pre \
+    --extra-index-url $EXTRA_PIP_INDEX_URL $EXTRA_PIP_ARGS \
     -r requirements.txt \
     -r services_requirements.txt \
     -r admin_requirements.txt 
-   
-# always install the latest signer 
-RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
-    pip install --index-url https://pypi.org/simple  \
-	  --extra-index-url $GITLAB_PYTHON_REGISTRY \
-    --extra-index-url $EXTRA_INDEX_URL \
-    $EXTRA_PIP_ARGS \
-    crypto-dev-signer
-
+  
 COPY . .
 RUN python setup.py install
 
@@ -53,7 +39,7 @@ RUN chmod 755 *.sh
 # # ini files in config directory defines the configurable parameters for the application
 # # they can all be overridden by environment variables
 # # to generate a list of environment variables from configuration, use: confini-dump -z <dir> (executable provided by confini package)
-COPY config/ /usr/local/etc/cic-eth/
+#COPY config/ /usr/local/etc/cic-eth/
 COPY cic_eth/db/migrations/ /usr/local/share/cic-eth/alembic/
 COPY crypto_dev_signer_config/ /usr/local/etc/crypto-dev-signer/
 

apps/cic-eth/docker/entrypoints/db.sh

@@ -2,5 +2,6 @@
 
 set -e
 >&2 echo executing database migration
-python scripts/migrate.py -c /usr/local/etc/cic-eth --migrations-dir /usr/local/share/cic-eth/alembic -vv
+#python scripts/migrate.py -c /usr/local/etc/cic-eth --migrations-dir /usr/local/share/cic-eth/alembic -vv
+python scripts/migrate.py --migrations-dir /usr/local/share/cic-eth/alembic -vv
 set +e

apps/cic-eth/requirements.txt

@@ -1,3 +1,4 @@
 celery==4.4.7
-chainlib-eth>=0.0.9a14,<0.1.0
+chainlib-eth>=0.0.10a16,<0.1.0
 semver==2.13.0
+crypto-dev-signer>=0.4.15rc2,<0.5.0

apps/cic-eth/services_requirements.txt

@@ -1,15 +1,16 @@
-chainqueue>=0.0.5a1,<0.1.0
-chainsyncer[sql]>=0.0.6a3,<0.1.0
+chainqueue>=0.0.6a1,<0.1.0
+chainsyncer[sql]>=0.0.7a3,<0.1.0
 alembic==1.4.2
 confini>=0.3.6rc4,<0.5.0
 redis==3.5.3
 hexathon~=0.0.1a8
 pycryptodome==3.10.1
 liveness~=0.0.1a7
-eth-address-index>=0.2.3a4,<0.3.0
+eth-address-index>=0.2.4a1,<0.3.0
 eth-accounts-index>=0.1.2a3,<0.2.0
-cic-eth-registry>=0.6.1a2,<0.7.0
+cic-eth-registry>=0.6.1a6,<0.7.0
 erc20-faucet>=0.3.2a2,<0.4.0
 erc20-transfer-authorization>=0.3.5a2,<0.4.0
 sarafu-faucet>=0.0.7a2,<0.1.0
 moolb~=0.1.1b2
+okota>=0.2.4a6,<0.3.0

apps/cic-eth/setup.cfg

@@ -1,6 +1,7 @@
 [metadata]
 name = cic-eth
-version = attr: cic_eth.version.__version_string__
+#version = attr: cic_eth.version.__version_string__
+version = 0.12.4a13
 description = CIC Network Ethereum interaction 
 author = Louis Holbrook
 author_email = dev@holbrook.no

apps/cic-eth/tests/filters/test_callback_filter.py

@@ -18,7 +18,10 @@ from eth_erc20 import ERC20
 from sarafu_faucet import MinterFaucet
 from eth_accounts_index.registry import AccountRegistry
 from potaahto.symbols import snake_and_camel
-from hexathon import add_0x
+from hexathon import (
+        add_0x,
+        strip_0x,
+        )
 
 # local imports
 from cic_eth.runnable.daemons.filters.callback import CallbackFilter
@@ -160,7 +163,7 @@ def test_faucet_gift_to_tx(
     assert transfer_data['token_address'] == foo_token
 
 
-def test_callback_filter(
+def test_callback_filter_filter(
         default_chain_spec,
         init_database,
         eth_rpc,
@@ -213,6 +216,7 @@ def test_callback_filter(
 
         def call_back(self, transfer_type, result):
             self.results[transfer_type] = result
+            logg.debug('result {}'.format(result))
             return self
 
     mock = CallbackMock()
@@ -221,4 +225,4 @@ def test_callback_filter(
     fltr.filter(eth_rpc, mockblock, tx, init_database)
 
     assert mock.results.get('transfer') != None
-    assert mock.results['transfer']['destination_token'] == foo_token
+    assert mock.results['transfer']['destination_token'] == strip_0x(foo_token)

apps/cic-eth/tests/filters/test_register_filter.py

@@ -17,6 +17,9 @@ from chainlib.eth.block import (
         block_by_number,
         Block,
         )
+from chainlib.eth.address import (
+        to_checksum_address,
+        )
 from erc20_faucet import Faucet
 from hexathon import (
         strip_0x,
@@ -25,7 +28,6 @@ from hexathon import (
 
 # local imports
 from cic_eth.runnable.daemons.filters.register import RegistrationFilter
-from cic_eth.encode import tx_normalize
 from cic_eth.queue.query import get_account_tx_local
 
 logg = logging.getLogger()
@@ -70,12 +72,13 @@ def test_register_filter(
     tx = Tx(tx_src, block=block, rcpt=rcpt)
     tx.apply_receipt(rcpt)
 
-    fltr = RegistrationFilter(default_chain_spec, add_0x(os.urandom(20).hex()), queue=None)
+    fltr = RegistrationFilter(default_chain_spec, to_checksum_address(os.urandom(20).hex()), queue=None)
     t = fltr.filter(eth_rpc, block, tx, db_session=init_database)
     assert t == None
 
-    fltr = RegistrationFilter(default_chain_spec, account_registry, queue=None)
+    fltr = RegistrationFilter(default_chain_spec, to_checksum_address(account_registry), queue=None)
     t = fltr.filter(eth_rpc, block, tx, db_session=init_database)
+    logg.debug('t {}'.format(t))
 
     t.get_leaf()
     assert t.successful()
@@ -89,4 +92,4 @@ def test_register_filter(
     gift_tx = unpack(tx_raw_signed_bytes, default_chain_spec)
 
     gift = Faucet.parse_give_to_request(gift_tx['data'])
-    assert gift[0] == agent_roles['ALICE']
+    assert add_0x(gift[0]) == agent_roles['ALICE']

apps/cic-eth/tests/filters/test_transferauth_filter.py

@@ -19,6 +19,7 @@ from chainqueue.sql.query import get_account_tx
 
 # local imports
 from cic_eth.runnable.daemons.filters.transferauth import TransferAuthFilter
+from cic_eth.encode import tx_normalize
 
 
 def test_filter_transferauth(
@@ -66,7 +67,8 @@ def test_filter_transferauth(
     t.get_leaf()
     assert t.successful()
 
-    approve_txs = get_account_tx(default_chain_spec.asdict(), agent_roles['ALICE'], as_sender=True, session=init_database)
+    #approve_txs = get_account_tx(default_chain_spec.asdict(), agent_roles['ALICE'], as_sender=True, session=init_database)
+    approve_txs = get_account_tx(default_chain_spec.asdict(), tx_normalize.wallet_address(agent_roles['ALICE']), as_sender=True, session=init_database)
     ks = list(approve_txs.keys())
     assert len(ks) == 1
 
@@ -76,4 +78,4 @@ def test_filter_transferauth(
 
     c = ERC20(default_chain_spec)
     approve = c.parse_approve_request(approve_tx['data']) 
-    assert approve[0] == agent_roles['BOB']
+    assert approve[0] == strip_0x(agent_roles['BOB'])

apps/cic-eth/tests/task/api/test_admin.py

@@ -110,8 +110,8 @@ def test_tag_account(
     t = api.tag_account('bar', agent_roles['CAROL'], default_chain_spec)
     t.get()
 
-    assert AccountRole.get_address('foo', init_database) == agent_roles['ALICE']
-    assert AccountRole.get_address('bar', init_database) == agent_roles['CAROL']
+    assert AccountRole.get_address('foo', init_database) == tx_normalize.wallet_address(agent_roles['ALICE'])
+    assert AccountRole.get_address('bar', init_database) == tx_normalize.wallet_address(agent_roles['CAROL'])
 
 
 def test_tx(

apps/cic-eth/tests/task/api/test_app.py

@@ -10,6 +10,7 @@ from cic_eth_registry.erc20 import ERC20Token
 from chainlib.chain import ChainSpec
 from eth_accounts_index import AccountsIndex
 from chainlib.eth.tx import (
+        receipt,
         transaction,
         )
 from chainqueue.sql.state import (
@@ -29,6 +30,7 @@ def test_account_api(
         init_database,
         init_eth_rpc,
         account_registry,
+        cic_registry,
         custodial_roles,
         celery_session_worker,
         ):
@@ -49,6 +51,7 @@ def test_account_api_register(
         eth_rpc,
         celery_session_worker,
         ):
+
     api = Api(str(default_chain_spec), callback_param='accounts', callback_task='cic_eth.callbacks.noop.noop', queue=None)
     t = api.create_account('')
     register_tx_hash = t.get_leaf()
@@ -69,12 +72,18 @@ def test_account_api_register(
     r = t.get_leaf()
     assert t.successful()
 
+    o = receipt(register_tx_hash)
+    r = eth_rpc.do(o)
+    assert r['status'] == 1
+
     o = transaction(register_tx_hash)
     tx_src = eth_rpc.do(o)
 
     c = AccountsIndex(default_chain_spec)
     address = c.parse_add_request(tx_src['data'])
+    logg.debug('address {} '.format(address))
     o = c.have(account_registry, address[0], sender_address=custodial_roles['CONTRACT_DEPLOYER'])
+    logg.debug('o {}'.format(o))
     r = eth_rpc.do(o)
     assert c.parse_have(r)
 

apps/cic-eth/tests/task/api/test_app_noncritical.py

@@ -1,6 +1,27 @@
+# standard imports
+import logging
+import os
+import uuid
+import time
+import mmap
+
+# external imports
+import celery
+import pytest
+from hexathon import (
+        strip_0x,
+        uniform as hex_uniform,
+        )
+
 # local imports
 from cic_eth.api.api_task import Api
 from cic_eth.task import BaseTask
+from cic_eth.error import TrustError
+from cic_eth.encode import tx_normalize
+from cic_eth.pytest.mock.callback import CallbackTask
+
+logg = logging.getLogger()
+
 
 def test_default_token(
         default_chain_spec,
@@ -17,3 +38,175 @@ def test_default_token(
     t = api.default_token()
     r = t.get_leaf()
     assert r['address'] == foo_token
+
+
+def test_to_v_list():
+    assert Api.to_v_list('', 0) == []
+    assert Api.to_v_list([], 0) == []
+    assert Api.to_v_list('foo', 1) == [['foo']]
+    assert Api.to_v_list(['foo'], 1) == [['foo']]
+    assert Api.to_v_list(['foo', 'bar'], 2) == [['foo'], ['bar']]
+    assert Api.to_v_list('foo', 3) == [['foo'], ['foo'], ['foo']]
+    assert Api.to_v_list([['foo'], ['bar']], 2) == [['foo'], ['bar']]
+    with pytest.raises(ValueError):
+        Api.to_v_list([['foo'], ['bar']], 3)
+    with pytest.raises(ValueError):
+        Api.to_v_list(['foo', 'bar'], 3)
+    with pytest.raises(ValueError):
+        Api.to_v_list([['foo'], ['bar'], ['baz']], 2)
+
+    assert Api.to_v_list([
+            ['foo'],
+            'bar',
+            ['inky', 'pinky', 'blinky', 'clyde'],
+        ], 3) == [
+            ['foo'],
+            ['bar'],
+            ['inky', 'pinky', 'blinky', 'clyde'],
+            ]
+
+
+def test_token_single(
+        default_chain_spec,
+        foo_token,
+        bar_token,
+        token_registry,
+        register_tokens,
+        register_lookups,
+        cic_registry,
+        init_database,
+        init_celery_tasks,
+        custodial_roles,
+        foo_token_declaration,
+        bar_token_declaration,
+        celery_session_worker,
+        ):
+
+    api = Api(str(default_chain_spec), queue=None, callback_param='foo')     
+
+    t = api.token('FOO', proof=None)
+    r = t.get()
+    logg.debug('rr {}'.format(r))
+    assert len(r) == 1
+    assert r[0]['address'] == strip_0x(foo_token)
+
+
+    t = api.token('FOO', proof=foo_token_declaration)
+    r = t.get()
+    assert len(r) == 1
+    assert r[0]['address'] == strip_0x(foo_token)
+
+
+def test_tokens_noproof(
+        default_chain_spec,
+        foo_token,
+        bar_token,
+        token_registry,
+        register_tokens,
+        register_lookups,
+        cic_registry,
+        init_database,
+        init_celery_tasks,
+        custodial_roles,
+        foo_token_declaration,
+        bar_token_declaration,
+        celery_session_worker,
+        ):
+
+    api = Api(str(default_chain_spec), queue=None, callback_param='foo')     
+
+    t = api.tokens(['FOO'], proof=[])
+    r = t.get()
+    assert len(r) == 1
+    assert r[0]['address'] == strip_0x(foo_token)
+
+    t = api.tokens(['BAR'], proof='')
+    r = t.get()
+    assert len(r) == 1
+    assert r[0]['address'] == strip_0x(bar_token)
+
+    t = api.tokens(['FOO'], proof=None)
+    r = t.get()
+    assert len(r) == 1
+    assert r[0]['address'] == strip_0x(foo_token)
+
+
+def test_tokens(
+        default_chain_spec,
+        foo_token,
+        bar_token,
+        token_registry,
+        register_tokens,
+        register_lookups,
+        cic_registry,
+        init_database,
+        init_celery_tasks,
+        custodial_roles,
+        foo_token_declaration,
+        bar_token_declaration,
+        celery_session_worker,
+        ):
+
+    api = Api(str(default_chain_spec), queue=None, callback_param='foo')     
+
+    t = api.tokens(['FOO'], proof=[[foo_token_declaration]])
+    r = t.get()
+    logg.debug('rr {}'.format(r))
+    assert len(r) == 1
+    assert r[0]['address'] == strip_0x(foo_token)
+    
+    t = api.tokens(['BAR', 'FOO'], proof=[[bar_token_declaration], [foo_token_declaration]])
+    r = t.get()
+    logg.debug('results {}'.format(r))
+    assert len(r) == 2
+    assert r[1]['address'] == strip_0x(foo_token)
+    assert r[0]['address'] == strip_0x(bar_token)
+
+    celery_app = celery.current_app
+
+    results = []
+    targets = []
+
+    api_param = str(uuid.uuid4())
+    api = Api(str(default_chain_spec), queue=None, callback_param=api_param, callback_task='cic_eth.pytest.mock.callback.test_callback')
+    bogus_proof = os.urandom(32).hex()
+    t = api.tokens(['FOO'], proof=[[bogus_proof]])
+    r = t.get()
+    logg.debug('r {}'.format(r))
+
+    while True:
+        fp = os.path.join(CallbackTask.mmap_path, api_param)
+        try:
+            f = open(fp, 'rb')
+        except FileNotFoundError:
+            time.sleep(0.1)
+            logg.debug('look for {}'.format(fp))
+            continue
+        f = open(fp, 'rb')
+        m = mmap.mmap(f.fileno(), access=mmap.ACCESS_READ, length=1)
+        v = m.read(1)
+        m.close()
+        f.close()
+        assert v == b'\x01'
+        break
+
+    api_param = str(uuid.uuid4())
+    api = Api(str(default_chain_spec), queue=None, callback_param=api_param, callback_task='cic_eth.pytest.mock.callback.test_callback')
+    t = api.tokens(['BAR'], proof=[[bar_token_declaration]])
+    r = t.get()
+    logg.debug('rr  {} {}'.format(r, t.children))
+
+    while True:
+        fp = os.path.join(CallbackTask.mmap_path, api_param)
+        try:
+            f = open(fp, 'rb')
+        except FileNotFoundError:
+            time.sleep(0.1)
+            continue
+        m = mmap.mmap(f.fileno(), access=mmap.ACCESS_READ, length=1)
+        v = m.read(1)
+        m.close()
+        f.close()
+        assert v == b'\x00'
+        break
+

apps/cic-eth/tests/task/api/test_balance.py

@@ -3,18 +3,22 @@ import os
 import logging
 
 # external imports
+import pytest
 from chainlib.eth.address import to_checksum_address
+from hexathon import add_0x
 
 # local imports
 from cic_eth.api.api_task import Api
 
 logg = logging.getLogger()
 
+
 def test_balance_simple_api(
         default_chain_spec,
         init_database,
         cic_registry,
         foo_token,
+        register_lookups,
         register_tokens,
         api,
         celery_session_worker,
@@ -22,7 +26,7 @@ def test_balance_simple_api(
 
     chain_str = str(default_chain_spec)
 
-    a = to_checksum_address('0x' + os.urandom(20).hex())
+    a = add_0x(to_checksum_address(os.urandom(20).hex()))
     t = api.balance(a, 'FOO', include_pending=False)
     r = t.get_leaf()
     assert t.successful()
@@ -36,6 +40,7 @@ def test_balance_complex_api(
         init_database,
         cic_registry,
         foo_token,
+        register_lookups,
         register_tokens,
         api,
         celery_session_worker,
@@ -43,7 +48,7 @@ def test_balance_complex_api(
 
     chain_str = str(default_chain_spec)
 
-    a = to_checksum_address('0x' + os.urandom(20).hex())
+    a = add_0x(to_checksum_address(os.urandom(20).hex()))
     t = api.balance(a, 'FOO', include_pending=True)
     r = t.get_leaf()
     assert t.successful()

apps/cic-eth/tests/task/api/test_list.py

@@ -6,6 +6,7 @@ import pytest
 from chainlib.eth.nonce import RPCNonceOracle
 from eth_erc20 import ERC20
 from chainlib.eth.tx import receipt
+from hexathon import strip_0x
 
 # local imports
 from cic_eth.api.api_task import Api
@@ -23,7 +24,6 @@ from cic_eth.pytest.mock.filter import (
 logg = logging.getLogger()
 
 
-@pytest.mark.xfail()
 def test_list_tx(
         default_chain_spec,
         init_database,
@@ -34,8 +34,10 @@ def test_list_tx(
         agent_roles,
         foo_token,
         register_tokens,
+        register_lookups,
         init_eth_tester,
         celery_session_worker,
+        init_celery_tasks,
         ):
 
     tx_hashes = []
@@ -63,13 +65,16 @@ def test_list_tx(
     o = receipt(tx_hash_hex)
     r = eth_rpc.do(o)
     assert r['status'] == 1
+
     a = r['block_number']
-    block_filter.add(a.to_bytes(4, 'big'))
+    ab = a.to_bytes(4, 'big')
+    block_filter.add(ab)
 
-    a = r['block_number'] + r['transaction_index']
-    tx_filter.add(a.to_bytes(4, 'big'))
+    bb = r['transaction_index'].to_bytes(4, 'big')
+    cb = ab + bb
+    tx_filter.add(cb)
 
-    tx_hashes.append(tx_hash_hex)
+    tx_hashes.append(strip_0x(tx_hash_hex))
 
     # external tx two
     Nonce.next(agent_roles['ALICE'], 'foo', session=init_database)
@@ -83,26 +88,29 @@ def test_list_tx(
     o = receipt(tx_hash_hex)
     r = eth_rpc.do(o)
     assert r['status'] == 1
+
     a = r['block_number']
-    block_filter.add(a.to_bytes(4, 'big'))
+    ab = a.to_bytes(4, 'big')
+    block_filter.add(ab)
 
-    a = r['block_number'] + r['transaction_index']
-    tx_filter.add(a.to_bytes(4, 'big'))
+    bb = r['transaction_index'].to_bytes(4, 'big')
+    cb = ab + bb
+    tx_filter.add(cb)
 
-    tx_hashes.append(tx_hash_hex)
+    tx_hashes.append(strip_0x(tx_hash_hex))
 
     init_eth_tester.mine_blocks(28)
 
     # custodial tx 1
     api = Api(str(default_chain_spec), queue=None)
-    t = api.transfer(agent_roles['ALICE'], agent_roles['CAROL'], 64, 'FOO') #, 'blinky')
+    t = api.transfer(agent_roles['ALICE'], agent_roles['CAROL'], 64, 'FOO')
     r = t.get_leaf()
     assert t.successful()
     tx_hashes.append(r)
 
     # custodial tx 2
     api = Api(str(default_chain_spec), queue=None)
-    t = api.transfer(agent_roles['ALICE'], agent_roles['DAVE'], 16, 'FOO') #, 'blinky')
+    t = api.transfer(agent_roles['ALICE'], agent_roles['DAVE'], 16, 'FOO')
     r = t.get_leaf()
     assert t.successful()
     tx_hashes.append(r)
@@ -117,7 +125,8 @@ def test_list_tx(
     assert len(r) == 3
     logg.debug('rrrr {}'.format(r))
 
+    logg.debug('testing against hashes {}'.format(tx_hashes))
     for tx in r:
         logg.debug('have tx {}'.format(tx))
-        tx_hashes.remove(tx['hash'])
+        tx_hashes.remove(strip_0x(tx['hash']))
     assert len(tx_hashes) == 1

apps/cic-eth/tests/task/test_ext_tx.py

@@ -10,6 +10,7 @@ from chainlib.eth.tx import (
         )
 from eth_erc20 import ERC20
 from chainlib.eth.nonce import RPCNonceOracle
+from hexathon import add_0x 
 
 # local imports
 from cic_eth.db.models.nonce import (
@@ -91,5 +92,5 @@ def test_filter_process(
 
     assert len(r) == 2
     for tx_hash in r.keys():
-        tx_hashes.remove(tx_hash)
+        tx_hashes.remove(add_0x(tx_hash))
     assert len(tx_hashes) == 0

apps/cic-eth/tests/unit/admin/test_default_token.py

@@ -10,7 +10,7 @@ def test_default_token(
         ):
       
     s = celery.signature(
-            'cic_eth.admin.token.default_token',
+            'cic_eth.eth.erc20.default_token',
             [],
             queue=None,
             )

apps/cic-eth/tools_requirements.txt

@@ -1,6 +1,6 @@
-crypto-dev-signer>=0.4.15a7,<=0.4.15
-chainqueue>=0.0.5a1,<0.1.0
-cic-eth-registry>=0.6.1a2,<0.7.0
+crypto-dev-signer>=0.4.15rc2,<=0.4.15
+chainqueue>=0.0.5a3,<0.1.0
+cic-eth-registry>=0.6.1a6,<0.7.0
 redis==3.5.3
 hexathon~=0.0.1a8
 pycryptodome==3.10.1

apps/cic-meta/docker/Dockerfile

@@ -1,19 +1,23 @@
-# syntax = docker/dockerfile:1.2
-#FROM node:15.3.0-alpine3.10
-FROM node:lts-alpine3.14
+FROM node:15.3.0-alpine3.10
 
 WORKDIR /root
 
 RUN apk add --no-cache postgresql bash
 
+ARG NPM_REPOSITORY=${NPM_REPOSITORY:-https://registry.npmjs.org}
+RUN npm config set snyk=false
+#RUN npm config set registry={NPM_REPOSITORY}
+RUN npm config set registry=${NPM_REPOSITORY}
+
 # copy the dependencies
-COPY package.json package-lock.json .
+COPY package.json package-lock.json ./
 RUN --mount=type=cache,mode=0755,target=/root/.npm \
     npm set cache /root/.npm && \
-    npm ci
+    npm cache verify && \
+    npm ci --verbose
 
-COPY webpack.config.js .
-COPY tsconfig.json . 
+COPY webpack.config.js ./
+COPY tsconfig.json ./
 ## required to build the cic-client-meta module
 COPY . .
 COPY tests/*.asc /root/pgp/

apps/cic-meta/scripts/initdb/server.postgres.sql

@@ -1,8 +1,9 @@
 create table if not exists store (
 	id serial primary key not null,
-	owner_fingerprint text not null,
+	owner_fingerprint text default null,
 	hash char(64) not null unique,
-	content text not null
+	content text not null,
+	mime_type text
 );
 
 create index if not exists idx_fp on store ((lower(owner_fingerprint)));

apps/cic-meta/scripts/initdb/server.sqlite.sql

@@ -1,9 +1,10 @@
 create table if not exists store (
 	/*id serial primary key not null,*/
 	id integer primary key autoincrement,
-	owner_fingerprint text not null,
+	owner_fingerprint text default null,
 	hash char(64) not null unique,
-	content text not null
+	content text not null,
+	mime_type text
 );
 
 create index if not exists idx_fp on store ((lower(owner_fingerprint)));

apps/cic-meta/scripts/server/handlers.ts

@@ -1,12 +1,13 @@
 import * as Automerge from 'automerge';
 import * as pgp from 'openpgp';
+import * as crypto from 'crypto';
 
-import { Envelope, Syncable } from '@cicnet/crdt-meta';
+import { Envelope, Syncable, bytesToHex } from '@cicnet/crdt-meta';
 
 
 function handleNoMergeGet(db, digest, keystore) {
-	const sql = "SELECT content FROM store WHERE hash = '" + digest + "'";
-	return new Promise<string|boolean>((whohoo, doh) => {
+	const sql = "SELECT owner_fingerprint, content, mime_type FROM store WHERE hash = '" + digest + "'";
+	return new Promise<any>((whohoo, doh) => {
 		db.query(sql, (e, rs) => {
 			if (e !== null && e !== undefined) {
 				doh(e);
@@ -16,16 +17,36 @@ function handleNoMergeGet(db, digest, keystore) {
 				return;
 			}
 
+			const immutable = rs.rows[0]['owner_fingerprint'] == undefined;
+			let mimeType;
+			if (immutable) {
+				if (rs.rows[0]['mime_type'] === undefined) {
+					mimeType = 'application/octet-stream';
+				} else {
+					mimeType = rs.rows[0]['mime_type'];
+				}
+			} else {
+				mimeType = 'application/json';
+			}
+
 			const cipherText = rs.rows[0]['content'];
 			pgp.message.readArmored(cipherText).then((m) => {
 				const opts = {
 					message: m,
 					privateKeys: [keystore.getPrivateKey()],
+					format: 'binary',
 				};
 				pgp.decrypt(opts).then((plainText) => {
-					const o = Syncable.fromJSON(plainText.data);
-					const r = JSON.stringify(o.m['data']);
-					whohoo(r);
+					let r;
+				     	if (immutable) {
+						r = plainText.data;
+					} else {
+						mimeType = 'application/json';
+						const d = new TextDecoder().decode(plainText.data);
+						const o = Syncable.fromJSON(d);
+						r = JSON.stringify(o.m['data']);
+					}
+					whohoo([r, mimeType]);
 				}).catch((e) => {
 					console.error('decrypt', e);
 					doh(e);
@@ -57,6 +78,7 @@ function handleServerMergePost(data, db, digest, keystore, signer) {
 			} else {
 				e = Envelope.fromJSON(v);
 				s = e.unwrap();
+				console.debug('s', s, o)
 				s.replace(o, 'server merge');
 				e.set(s);
 				s.onwrap = (e) => {
@@ -139,7 +161,13 @@ function handleClientMergeGet(db, digest, keystore) {
 					privateKeys: [keystore.getPrivateKey()],
 				};
 				pgp.decrypt(opts).then((plainText) => {
-					const o = Syncable.fromJSON(plainText.data);
+					let d;
+					if (typeof(plainText.data) == 'string') {
+						d = plainText.data;
+					} else {
+						d = new TextDecoder().decode(plainText.data);
+					}
+					const o = Syncable.fromJSON(d);
 					const e = new Envelope(o);
 					whohoo(e.toJSON());
 				}).catch((e) => {
@@ -201,10 +229,65 @@ function handleClientMergePut(data, db, digest, keystore, signer) {
 	});
 }
 
+
+function handleImmutablePost(data, db, digest, keystore, contentType) {
+	return new Promise<Array<string|boolean>>((whohoo, doh) => {
+		let data_binary = data;
+		const h = crypto.createHash('sha256');
+		h.update(data_binary);
+		const z = h.digest();
+		const r = bytesToHex(z);
+
+		if (digest) {
+			if (r != digest) {
+				doh('hash mismatch: ' + r + ' != ' +  digest);
+				return;
+			}
+		} else {
+			digest = r;
+			console.debug('calculated digest ' + digest);
+		}
+
+		handleNoMergeGet(db, digest, keystore).then((haveDigest) => {
+			if (haveDigest !== false) {
+				whohoo([false, digest]);
+				return;
+			}
+			let message;
+			if (typeof(data) == 'string') {
+				data_binary = new TextEncoder().encode(data);
+				message = pgp.message.fromText(data);
+			} else {
+				message = pgp.message.fromBinary(data);
+			}
+
+					const opts = {
+				message: message,
+				publicKeys: keystore.getEncryptKeys(),
+			};
+			pgp.encrypt(opts).then((cipherText) => {
+				const sql = "INSERT INTO store (hash, content, mime_type) VALUES ('" + digest + "', '" + cipherText.data + "', '" + contentType + "') ON CONFLICT (hash) DO UPDATE SET content = EXCLUDED.content;";
+				db.query(sql, (e, rs) => {
+					if (e !== null && e !== undefined) {
+						doh(e);
+						return;
+					}
+					whohoo([true, digest]);
+				});
+			}).catch((e) => {
+				doh(e);	
+			});
+		}).catch((e) => {
+			doh(e);	
+		});
+	});
+}
+
 export {
 	handleClientMergePut,
 	handleClientMergeGet,
 	handleServerMergePost,
 	handleServerMergePut,
 	handleNoMergeGet,
+	handleImmutablePost,
 };

apps/cic-meta/scripts/server/server.ts

@@ -118,37 +118,71 @@ async function processRequest(req, res) {
 		return;
 	}
 
+	let mod = req.method.toLowerCase() + ":automerge:";
+	let modDetail = undefined;
+	let immutablePost = false;
 	try {
 		digest = parseDigest(req.url);
 	} catch(e) {
-		console.error('digest error: ' + e)
-		res.writeHead(400, {"Content-Type": "text/plain"});
-		res.end();
-		return;
+		if (req.url == '/') {
+			immutablePost = true;
+			modDetail = 'immutable';
+		} else {
+			console.error('url is not empty (' + req.url + ') and not valid digest error: ' + e)
+			res.writeHead(400, {"Content-Type": "text/plain"});
+			res.end();
+			return;
+		}
 	}
 
-	const mergeHeader = req.headers['x-cic-automerge'];
-	let mod = req.method.toLowerCase() + ":automerge:";
-	switch (mergeHeader) {
-		case "client":
-			mod += "client"; // client handles merges
-			break;
-		case "server":
-			mod += "server"; // server handles merges
-			break;
-		default:
-			mod += "none"; // merged object only (get only)
+	if (modDetail === undefined) {
+		const mergeHeader = req.headers['x-cic-automerge'];
+		switch (mergeHeader) {
+			case "client":
+				if (immutablePost) {
+					res.writeHead(400, 'Valid digest missing', {"Content-Type": "text/plain"});
+					res.end();
+					return;
+				}
+				modDetail = "client"; // client handles merges
+				break;
+			case "server":
+				if (immutablePost) {
+					res.writeHead(400, 'Valid digest missing', {"Content-Type": "text/plain"});
+					res.end();
+					return;
+				}
+				modDetail = "server"; // server handles merges
+				break;
+			case "immutable":
+				modDetail = "immutable"; // no merging, literal immutable content with content-addressing
+				break;
+			default:
+				modDetail = "none"; // merged object only (get only)
+		}
 	}
+	mod += modDetail;
 
-	let data = '';
+
+	// handle bigger chunks of data
+	let data;
 	req.on('data', (d) => {
-		data += d;
+		if (data === undefined) {
+			data = d;
+		} else {
+			data += d;
+		}
 	});
-	req.on('end', async () => {
-		console.debug('mode', mod);
-		let content = '';
+	req.on('end', async (d) => {
+		let inputContentType = req.headers['content-type'];
+		let debugString = 'executing mode ' + mod ;
+		if (data !== undefined) {
+			debugString += ' for content type ' + inputContentType + ' length ' + data.length;
+		}
+		console.debug(debugString);
+		let content;
 		let contentType = 'application/json';
-		console.debug('handling data', data);
+		let statusCode = 200;
 		let r:any = undefined;
 		try {
 			switch (mod) {
@@ -159,6 +193,7 @@ async function processRequest(req, res) {
 						res.end();
 						return;
 					}
+					content = '';
 					break;
 
 				case 'get:automerge:client':
@@ -176,6 +211,7 @@ async function processRequest(req, res) {
 						res.end();
 						return;
 					}
+					content = '';
 					break;
 				//case 'get:automerge:server':
 				//	content = await handlers.handleServerMergeGet(db, digest, keystore);	
@@ -183,12 +219,24 @@ async function processRequest(req, res) {
 
 				case 'get:automerge:none':
 					r = await handlers.handleNoMergeGet(db, digest, keystore);	
-					if (r == false) {
+					if (r === false) {
 						res.writeHead(404, {"Content-Type": "text/plain"});
 						res.end();
 						return;
 					}
-					content = r;
+					content = r[0];
+					contentType = r[1];
+					break;
+
+				case 'post:automerge:immutable':
+					if (inputContentType === undefined) {
+						inputContentType = 'application/octet-stream';
+					}
+					r = await handlers.handleImmutablePost(data, db, digest, keystore, inputContentType);
+					if (r[0]) {
+						statusCode = 201;
+					}
+					content = r[1];
 					break;
 
 				default:
@@ -204,14 +252,21 @@ async function processRequest(req, res) {
 		}
 
 		if (content === undefined) {
-			console.error('empty content', data);
+			console.error('empty content', mod, digest, data);
 			res.writeHead(404, {"Content-Type": "text/plain"});
 			res.end();
 			return;
 		}
 
-		const responseContentLength = (new TextEncoder().encode(content)).length;
-		res.writeHead(200, {
+		//let responseContentLength;
+		//if (typeof(content) == 'string') {
+		//	(new TextEncoder().encode(content)).length;
+		//}
+		const responseContentLength = content.length;
+		//if (responseContentLength === undefined) {
+		//	responseContentLength = 0;
+		//}
+		res.writeHead(statusCode, {
 			"Access-Control-Allow-Origin": "*",
 			"Content-Type": contentType,
 			"Content-Length": responseContentLength,

apps/cic-meta/tests/server.ts

@@ -7,6 +7,8 @@ import * as handlers from '../scripts/server/handlers';
 import { Envelope, Syncable, ArgPair, PGPKeyStore, PGPSigner, KeyStore, Signer } from '@cicnet/crdt-meta';
 import { SqliteAdapter } from '../src/db';
 
+const hashOfFoo = '2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae';
+
 function createKeystore() {
 	const pksa = fs.readFileSync(__dirname + '/privatekeys.asc', 'utf-8');
 	const pubksa = fs.readFileSync(__dirname + '/publickeys.asc', 'utf-8');
@@ -44,11 +46,13 @@ function createDatabase(sqlite_file:string):Promise<any> {
 //				doh(e);
 //				return;
 //			}
+		// get this from real sql files sources
 			const sql = `CREATE TABLE store (
 id integer primary key autoincrement,
-owner_fingerprint text not null,
+owner_fingerprint text default null,
 hash char(64) not null unique,
-content text not null
+content text not null,
+mime_type text default null
 );
 `
 
@@ -111,15 +115,18 @@ describe('server', async () => {
 		let j = env.toJSON();
 		const content = await handlers.handleClientMergePut(j, db, digest, keystore, signer);
 		assert(content); // true-ish
+		console.debug('content', content);
 
 		let v = await handlers.handleNoMergeGet(db, digest, keystore);
-		if (v === undefined) {
+		if (v === false) {
 			db.close();
 			assert.fail('');
 		}
+		db.close();
+		return;
 
 		v = await handlers.handleClientMergeGet(db, digest, keystore);
-		if (v === undefined) {
+		if (v === false) {
 			db.close();
 			assert.fail('');
 		}
@@ -187,7 +194,7 @@ describe('server', async () => {
 		j = await handlers.handleNoMergeGet(db, digest, keystore);
 		assert(v); // true-ish
 
-		let o = JSON.parse(j);
+		let o = JSON.parse(j[0]);
 		o.bar = 'xyzzy';
 		j = JSON.stringify(o);
 
@@ -212,82 +219,39 @@ describe('server', async () => {
 
 		j = await handlers.handleNoMergeGet(db, digest, keystore);
 		assert(j); // true-ish
-		o = JSON.parse(j);
+		o = JSON.parse(j[0]);
 		console.log(o);
 
 		db.close();
 	});
 
-	await it('server_merge', async () => {
-		const keystore = await createKeystore();
-		const signer = new PGPSigner(keystore);
-
-		const db = await createDatabase(__dirname + '/db.three.sqlite');
-
-		const digest = 'deadbeef';
-		let s = new Syncable(digest, {
-			bar: 'baz',
-		});
-		let env = await wrap(s, signer)
-		let j:any = env.toJSON();
-
-		let v = await handlers.handleClientMergePut(j, db, digest, keystore, signer);
-		assert(v); // true-ish
-
-		j = await handlers.handleNoMergeGet(db, digest, keystore);
-		assert(v); // true-ish
-
-		let o = JSON.parse(j);
-		o.bar = 'xyzzy';
-		j = JSON.stringify(o);
-
-		let signMaterial = await handlers.handleServerMergePost(j, db, digest, keystore, signer);
-		assert(signMaterial)
-
-		env = Envelope.fromJSON(signMaterial);
-
-		console.log('envvvv', env);
-
-		const signedData = await signData(env.o['digest'], keystore);
-		console.log('signed', signedData);
-
-		o = {
-			'm': env,
-			's': signedData,
-		}
-		j = JSON.stringify(o);
-		console.log(j);
-
-		v = await handlers.handleServerMergePut(j, db, digest, keystore, signer);
-		assert(v);
-
-		j = await handlers.handleNoMergeGet(db, digest, keystore);
-		assert(j); // true-ish
-		o = JSON.parse(j);
-		console.log(o);
-
-		db.close();
-	});
-
-
-
-//	await it('server_merge_empty', async () => {
+//	await it('server_merge', async () => {
 //		const keystore = await createKeystore();
 //		const signer = new PGPSigner(keystore);
 //
 //		const db = await createDatabase(__dirname + '/db.three.sqlite');
 //
-//		const digest = '0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef';
-//		let o:any = {
-//			foo: 'bar',
-//			xyzzy: 42,
-//		}
-//		let j:any = JSON.stringify(o);
+//		const digest = 'deadbeef';
+//		let s = new Syncable(digest, {
+//			bar: 'baz',
+//		});
+//		let env = await wrap(s, signer)
+//		let j:any = env.toJSON();
+//
+//		let v = await handlers.handleClientMergePut(j, db, digest, keystore, signer);
+//		assert(v); // true-ish
+//
+//		j = await handlers.handleNoMergeGet(db, digest, keystore);
+//		assert(v); // true-ish
+//
+//		let o = JSON.parse(j);
+//		o.bar = 'xyzzy';
+//		j = JSON.stringify(o);
 //
 //		let signMaterial = await handlers.handleServerMergePost(j, db, digest, keystore, signer);
 //		assert(signMaterial)
 //
-//		const env = Envelope.fromJSON(signMaterial);
+//		env = Envelope.fromJSON(signMaterial);
 //
 //		console.log('envvvv', env);
 //
@@ -301,7 +265,7 @@ describe('server', async () => {
 //		j = JSON.stringify(o);
 //		console.log(j);
 //
-//		let v = await handlers.handleServerMergePut(j, db, digest, keystore, signer);
+//		v = await handlers.handleServerMergePut(j, db, digest, keystore, signer);
 //		assert(v);
 //
 //		j = await handlers.handleNoMergeGet(db, digest, keystore);
@@ -311,5 +275,88 @@ describe('server', async () => {
 //
 //		db.close();
 //	});
+//
+
+
+	await it('server_merge_empty', async () => {
+		const keystore = await createKeystore();
+		const signer = new PGPSigner(keystore);
+
+		const db = await createDatabase(__dirname + '/db.three.sqlite');
+
+		const digest = '0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef';
+		let o:any = {
+			foo: 'bar',
+			xyzzy: 42,
+		}
+		let j:any = JSON.stringify(o);
+
+		let signMaterial = await handlers.handleServerMergePost(j, db, digest, keystore, signer);
+		assert(signMaterial)
+
+		const env = Envelope.fromJSON(signMaterial);
+
+		console.log('envvvv', env);
+
+		const signedData = await signData(env.o['digest'], keystore);
+		console.log('signed', signedData);
+
+		o = {
+			'm': env,
+			's': signedData,
+		}
+		j = JSON.stringify(o);
+		console.log(j);
+
+		let v = await handlers.handleServerMergePut(j, db, digest, keystore, signer);
+		assert(v);
+
+		j = await handlers.handleNoMergeGet(db, digest, keystore);
+		assert(j); // true-ish
+		o = JSON.parse(j[0]);
+		console.log(o);
+
+		db.close();
+	});
+
+	await it('immutable_nodigest', async() => {
+		const keystore = await createKeystore();
+		const db = await createDatabase(__dirname + '/db.three.sqlite');
+
+		const s:string = 'foo';
+		let r;
+		r = await handlers.handleImmutablePost(s, db, undefined, keystore, 'text/plain');
+		assert(r[0]);
+		assert(hashOfFoo == r[1]);
+
+		r = await handlers.handleImmutablePost(s, db, undefined, keystore, 'text/plain');
+		assert(!r[0]);
+		assert(hashOfFoo == r[1]);
+
+		const b:Uint8Array = new TextEncoder().encode(s);
+		r = await handlers.handleImmutablePost(b, db, undefined, keystore, 'text/plain');
+		assert(!r[0]);
+		assert(hashOfFoo == r[1]);
+	});
+
+	await it('immutable_digest', async() => {
+		const keystore = await createKeystore();
+		const db = await createDatabase(__dirname + '/db.three.sqlite');
+
+		const s:string = 'foo';
+		const b:Uint8Array = new TextEncoder().encode(s);
+		let r;
+		r = await handlers.handleImmutablePost(b, db, hashOfFoo, keystore, 'application/octet-stream');
+		assert(r[0]);
+		assert(hashOfFoo == r[1]);
+
+		r = await handlers.handleImmutablePost(b, db, hashOfFoo, keystore, 'application/octet-stream');
+		assert(!r[0]);
+		assert(hashOfFoo == r[1]);
+
+		r = await handlers.handleImmutablePost(s, db, hashOfFoo, keystore, 'text/plain');
+		assert(!r[0]);
+		assert(hashOfFoo == r[1]);
+	});
 });
 

apps/cic-notify/cic_notify/version.py

@@ -9,7 +9,7 @@ import semver
 
 logg = logging.getLogger()
 
-version = (0, 4, 0, 'alpha.10')
+version = (0, 4, 0, 'alpha.11')
 
 version_object = semver.VersionInfo(
         major=version[0],

apps/cic-notify/docker/Dockerfile

@@ -1,22 +1,28 @@
-# syntax = docker/dockerfile:1.2
-FROM registry.gitlab.com/grassrootseconomics/cic-base-images:python-3.8.6-dev-55da5f4e as dev
+ARG DOCKER_REGISTRY="registry.gitlab.com/grassrootseconomics"
+
+FROM $DOCKER_REGISTRY/cic-base-images:python-3.8.6-dev-e8eb2ee2
 
 #RUN pip install $pip_extra_index_url_flag cic-base[full_graph]==0.1.2a62
+RUN apt-get install libffi-dev -y
+
+
+ARG EXTRA_PIP_INDEX_URL=https://pip.grassrootseconomics.net:8433
+ARG EXTRA_PIP_ARGS=""
+ARG PIP_INDEX_URL=https://pypi.org/simple
 
-ARG EXTRA_INDEX_URL="https://pip.grassrootseconomics.net:8433"
-ARG GITLAB_PYTHON_REGISTRY="https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple"
 COPY requirements.txt .
 
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
-    pip install --index-url https://pypi.org/simple  \
-	  --extra-index-url $GITLAB_PYTHON_REGISTRY --extra-index-url $EXTRA_INDEX_URL \
+    pip install --index-url $PIP_INDEX_URL \
+    --pre \
+    --extra-index-url $EXTRA_PIP_INDEX_URL $EXTRA_PIP_ARGS \
     -r requirements.txt
 
 COPY . .
 RUN python setup.py install
 
-COPY docker/*.sh .
-RUN chmod +x *.sh 
+COPY docker/*.sh ./
+RUN chmod +x /root/*.sh
 
 # ini files in config directory defines the configurable parameters for the application
 # they can all be overridden by environment variables

apps/cic-notify/requirements.txt

@@ -1,7 +1,8 @@
-confini~=0.4.1a1
+confini>=0.3.6rc4,<0.5.0
 africastalking==1.2.3
 SQLAlchemy==1.3.20
 alembic==1.4.2
 psycopg2==2.8.6
 celery==4.4.7
 redis==3.5.3
+semver==2.13.0

apps/cic-signer/Dockerfile

@@ -0,0 +1,22 @@
+ARG DOCKER_REGISTRY=registry.gitlab.com/grassrootseconomics
+
+FROM $DOCKER_REGISTRY/cic-base-images:python-3.8.6-dev-e8eb2ee2 as dev
+
+WORKDIR /root
+
+RUN apt-get install libffi-dev -y
+
+COPY requirements.txt . 
+
+ARG EXTRA_PIP_INDEX_URL="https://pip.grassrootseconomics.net:8433"
+ARG EXTRA_PIP_ARGS=""
+ARG PIP_INDEX_URL="https://pypi.org/simple"
+RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
+    pip install --index-url $PIP_INDEX_URL \
+    --pre \
+    --extra-index-url $EXTRA_PIP_INDEX_URL $EXTRA_PIP_ARGS \
+    -r requirements.txt
+
+COPY . .
+
+#RUN chmod +x *.sh

apps/cic-signer/requirements.txt

@@ -0,0 +1 @@
+funga-eth[sql]>=0.5.1a1,<0.6.0

apps/cic-ussd/cic_ussd/account/balance.py

@@ -2,18 +2,19 @@
 
 import json
 import logging
-from typing import Optional
+from typing import Union, Optional
 
 # third-party imports
 from cic_eth.api import Api
 from cic_eth_aux.erc20_demurrage_token.api import Api as DemurrageApi
+from cic_types.condiments import MetadataPointer
 
 # local imports
 from cic_ussd.account.transaction import from_wei
 from cic_ussd.cache import cache_data_key, get_cached_data
 from cic_ussd.error import CachedDataNotFoundError
 
-logg = logging.getLogger()
+logg = logging.getLogger(__file__)
 
 
 def get_balances(address: str,
@@ -42,7 +43,7 @@ def get_balances(address: str,
     :return: A list containing balance data if called synchronously. | None
     :rtype: list | None
     """
-    logg.debug(f'retrieving balance for address: {address}')
+    logg.debug(f'retrieving {token_symbol} balance for address: {address}')
     if asynchronous:
         cic_eth_api = Api(
             chain_str=chain_str,
@@ -59,11 +60,13 @@ def get_balances(address: str,
         return balance_request_task.get()
 
 
-def calculate_available_balance(balances: dict) -> float:
+def calculate_available_balance(balances: dict, decimals: int) -> float:
     """This function calculates an account's balance at a specific point in time by computing the difference from the
     outgoing balance and the sum of the incoming and network balances.
     :param balances: incoming, network and outgoing balances.
     :type balances: dict
+    :param decimals:
+    :type decimals: int
     :return: Token value of the available balance.
     :rtype: float
     """
@@ -72,7 +75,7 @@ def calculate_available_balance(balances: dict) -> float:
     network_balance = balances.get('balance_network')
 
     available_balance = (network_balance + incoming_balance) - outgoing_balance
-    return from_wei(value=available_balance)
+    return from_wei(decimals=decimals, value=available_balance)
 
 
 def get_adjusted_balance(balance: int, chain_str: str, timestamp: int, token_symbol: str):
@@ -93,29 +96,49 @@ def get_adjusted_balance(balance: int, chain_str: str, timestamp: int, token_sym
     return demurrage_api.get_adjusted_balance(token_symbol, balance, timestamp).result
 
 
-def get_cached_available_balance(blockchain_address: str) -> float:
+def get_cached_available_balance(decimals: int, identifier: Union[list, bytes]) -> float:
     """This function attempts to retrieve balance data from the redis cache.
-    :param blockchain_address: Ethereum address of an account.
-    :type blockchain_address: str
+    :param decimals:
+    :type decimals: int
+    :param identifier: An identifier needed to create a unique pointer to a balances resource.
+    :type identifier: bytes | list
     :raises CachedDataNotFoundError: No cached balance data could be found.
     :return: Operational balance of an account.
     :rtype: float
     """
-    identifier = bytes.fromhex(blockchain_address[2:])
-    key = cache_data_key(identifier, salt=':cic.balances')
+    key = cache_data_key(identifier=identifier, salt=MetadataPointer.BALANCES)
     cached_balances = get_cached_data(key=key)
     if cached_balances:
-        return calculate_available_balance(json.loads(cached_balances))
+        return calculate_available_balance(balances=json.loads(cached_balances), decimals=decimals)
     else:
-        raise CachedDataNotFoundError(f'No cached available balance for address: {blockchain_address}')
+        raise CachedDataNotFoundError(f'No cached available balance at {key}')
 
 
-def get_cached_adjusted_balance(identifier: bytes):
+def get_cached_adjusted_balance(identifier: Union[list, bytes]):
     """
     :param identifier:
     :type identifier:
     :return:
     :rtype:
     """
-    key = cache_data_key(identifier, ':cic.adjusted_balance')
+    key = cache_data_key(identifier, MetadataPointer.BALANCES_ADJUSTED)
     return get_cached_data(key)
+
+
+def get_account_tokens_balance(blockchain_address: str, chain_str: str, token_symbols_list: list):
+    """
+    :param blockchain_address:
+    :type blockchain_address:
+    :param chain_str:
+    :type chain_str:
+    :param token_symbols_list:
+    :type token_symbols_list:
+    :return:
+    :rtype:
+    """
+    for token_symbol in token_symbols_list:
+        get_balances(address=blockchain_address,
+                     chain_str=chain_str,
+                     token_symbol=token_symbol,
+                     asynchronous=True,
+                     callback_param=f'{blockchain_address},{token_symbol}')

apps/cic-ussd/cic_ussd/account/metadata.py

@@ -4,7 +4,6 @@ import logging
 from typing import Optional
 
 # external imports
-from chainlib.hash import strip_0x
 from cic_types.models.person import Person
 
 # local imports
@@ -20,7 +19,7 @@ def get_cached_preferred_language(blockchain_address: str) -> Optional[str]:
     :return: Account's set preferred language | Fallback preferred language.
     :rtype: str
     """
-    identifier = bytes.fromhex(strip_0x(blockchain_address))
+    identifier = bytes.fromhex(blockchain_address)
     preferences_metadata_handler = PreferencesMetadata(identifier)
     cached_preferences_metadata = preferences_metadata_handler.get_cached_metadata()
     if cached_preferences_metadata:

apps/cic-ussd/cic_ussd/account/statement.py

@@ -7,6 +7,7 @@ from typing import Optional
 import celery
 from chainlib.hash import strip_0x
 from cic_eth.api import Api
+from cic_types.condiments import MetadataPointer
 
 # local import
 from cic_ussd.account.chain import Chain
@@ -53,7 +54,7 @@ def get_cached_statement(blockchain_address: str) -> bytes:
     :rtype: str
     """
     identifier = bytes.fromhex(strip_0x(blockchain_address))
-    key = cache_data_key(identifier=identifier, salt=':cic.statement')
+    key = cache_data_key(identifier=identifier, salt=MetadataPointer.STATEMENT)
     return get_cached_data(key=key)
 
 
@@ -68,7 +69,8 @@ def parse_statement_transactions(statement: list):
     parsed_transactions = []
     for transaction in statement:
         action_tag = transaction.get('action_tag')
-        amount = from_wei(transaction.get('token_value'))
+        decimals = transaction.get('token_decimals')
+        amount = from_wei(decimals, transaction.get('token_value'))
         direction_tag = transaction.get('direction_tag')
         token_symbol = transaction.get('token_symbol')
         metadata_id = transaction.get('metadata_id')
@@ -86,7 +88,7 @@ def query_statement(blockchain_address: str, limit: int = 9):
     :param limit: Number of transactions to be returned.
     :type limit: int
     """
-    logg.debug(f'retrieving balance for address: {blockchain_address}')
+    logg.debug(f'retrieving statement for address: {blockchain_address}')
     chain_str = Chain.spec.__str__()
     cic_eth_api = Api(
         chain_str=chain_str,

apps/cic-ussd/cic_ussd/account/tokens.py

@@ -1,18 +1,115 @@
 # standard imports
+import hashlib
 import json
 import logging
-from typing import Dict, Optional
+from typing import Optional, Union
 
 # external imports
 from cic_eth.api import Api
+from cic_types.condiments import MetadataPointer
 
 # local imports
+from cic_ussd.account.balance import get_cached_available_balance
 from cic_ussd.account.chain import Chain
-from cic_ussd.cache import cache_data_key, get_cached_data
-from cic_ussd.error import SeppukuError
+from cic_ussd.cache import cache_data, cache_data_key, get_cached_data
+from cic_ussd.error import CachedDataNotFoundError, SeppukuError
+from cic_ussd.metadata.tokens import query_token_info, query_token_metadata
+from cic_ussd.processor.util import wait_for_cache
+from cic_ussd.translation import translation_for
+
+logg = logging.getLogger(__file__)
 
 
-logg = logging.getLogger(__name__)
+def collate_token_metadata(token_info: dict, token_metadata: dict) -> dict:
+    """
+    :param token_info:
+    :type token_info:
+    :param token_metadata:
+    :type token_metadata:
+    :return:
+    :rtype:
+    """
+    logg.debug(f'Collating token info: {token_info} and token metadata: {token_metadata}')
+    description = token_info.get('description')
+    issuer = token_info.get('issuer')
+    location = token_metadata.get('location')
+    contact = token_metadata.get('contact')
+    return {
+        'description': description,
+        'issuer': issuer,
+        'location': location,
+        'contact': contact
+    }
+
+
+def create_account_tokens_list(blockchain_address: str):
+    """
+    :param blockchain_address:
+    :type blockchain_address:
+    :return:
+    :rtype:
+    """
+    token_symbols_list = get_cached_token_symbol_list(blockchain_address=blockchain_address)
+    token_list_entries = []
+    if token_symbols_list:
+        logg.debug(f'Token symbols: {token_symbols_list} for account: {blockchain_address}')
+        for token_symbol in token_symbols_list:
+            entry = {}
+            logg.debug(f'Processing token data for: {token_symbol}')
+            key = cache_data_key([bytes.fromhex(blockchain_address), token_symbol.encode('utf-8')], MetadataPointer.TOKEN_DATA)
+            token_data = get_cached_data(key)
+            token_data = json.loads(token_data)
+            logg.debug(f'Retrieved token data: {token_data} for: {token_symbol}')
+            token_name = token_data.get('name')
+            entry['name'] = token_name
+            token_symbol = token_data.get('symbol')
+            entry['symbol'] = token_symbol
+            token_issuer = token_data.get('issuer')
+            entry['issuer'] = token_issuer
+            token_contact = token_data['contact'].get('phone')
+            entry['contact'] = token_contact
+            token_location = token_data.get('location')
+            entry['location'] = token_location
+            decimals = token_data.get('decimals')
+            identifier = [bytes.fromhex(blockchain_address), token_symbol.encode('utf-8')]
+            wait_for_cache(identifier, f'Cached available balance for token: {token_symbol}', MetadataPointer.BALANCES)
+            token_balance = get_cached_available_balance(decimals=decimals, identifier=identifier)
+            entry['balance'] = token_balance
+            token_list_entries.append(entry)
+    account_tokens_list = order_account_tokens_list(token_list_entries, bytes.fromhex(blockchain_address))
+    key = cache_data_key(bytes.fromhex(blockchain_address), MetadataPointer.TOKEN_DATA_LIST)
+    cache_data(key, json.dumps(account_tokens_list))
+
+
+def get_active_token_symbol(blockchain_address: str):
+    """
+    :param blockchain_address:
+    :type blockchain_address:
+    :return:
+    :rtype:
+    """
+    identifier = bytes.fromhex(blockchain_address)
+    key = cache_data_key(identifier=identifier, salt=MetadataPointer.TOKEN_ACTIVE)
+    active_token_symbol = get_cached_data(key)
+    if not active_token_symbol:
+        raise CachedDataNotFoundError('No active token set.')
+    return active_token_symbol
+
+
+def get_cached_token_data(blockchain_address: str, token_symbol: str):
+    """
+    :param blockchain_address:
+    :type blockchain_address:
+    :param token_symbol:
+    :type token_symbol:
+    :return:
+    :rtype:
+    """
+    identifier = [bytes.fromhex(blockchain_address), token_symbol.encode('utf-8')]
+    key = cache_data_key(identifier, MetadataPointer.TOKEN_DATA)
+    logg.debug(f'Retrieving token data for: {token_symbol} at: {key}')
+    token_data = get_cached_data(key)
+    return json.loads(token_data)
 
 
 def get_cached_default_token(chain_str: str) -> Optional[str]:
@@ -23,7 +120,7 @@ def get_cached_default_token(chain_str: str) -> Optional[str]:
     :rtype:
     """
     logg.debug(f'Retrieving default token from cache for chain: {chain_str}')
-    key = cache_data_key(identifier=chain_str.encode('utf-8'), salt=':cic.default_token_data')
+    key = cache_data_key(identifier=chain_str.encode('utf-8'), salt=MetadataPointer.TOKEN_DEFAULT)
     return get_cached_data(key=key)
 
 
@@ -48,6 +145,132 @@ def get_default_token_symbol():
             raise SeppukuError(f'Could not retrieve default token for: {chain_str}')
 
 
+def get_cached_token_symbol_list(blockchain_address: str) -> Optional[list]:
+    """
+    :param blockchain_address:
+    :type blockchain_address:
+    :return:
+    :rtype:
+    """
+    key = cache_data_key(identifier=bytes.fromhex(blockchain_address), salt=MetadataPointer.TOKEN_SYMBOLS_LIST)
+    token_symbols_list = get_cached_data(key)
+    if token_symbols_list:
+        return json.loads(token_symbols_list)
+    return token_symbols_list
+
+
+def get_cached_token_data_list(blockchain_address: str) -> Optional[list]:
+    """
+    :param blockchain_address:
+    :type blockchain_address:
+    :return:
+    :rtype:
+    """
+    key = cache_data_key(bytes.fromhex(blockchain_address), MetadataPointer.TOKEN_DATA_LIST)
+    token_data_list = get_cached_data(key)
+    if token_data_list:
+        return json.loads(token_data_list)
+    return token_data_list
+
+
+def handle_token_symbol_list(blockchain_address: str, token_symbol: str):
+    """
+    :param blockchain_address:
+    :type blockchain_address:
+    :param token_symbol:
+    :type token_symbol:
+    :return:
+    :rtype:
+    """
+    token_symbol_list = get_cached_token_symbol_list(blockchain_address)
+    if token_symbol_list:
+        if token_symbol not in token_symbol_list:
+            token_symbol_list.append(token_symbol)
+    else:
+        token_symbol_list = [token_symbol]
+
+    identifier = bytes.fromhex(blockchain_address)
+    key = cache_data_key(identifier=identifier, salt=MetadataPointer.TOKEN_SYMBOLS_LIST)
+    data = json.dumps(token_symbol_list)
+    cache_data(key, data)
+
+
+def hashed_token_proof(token_proof: Union[dict, str]) -> str:
+    """
+    :param token_proof:
+    :type token_proof:
+    :return:
+    :rtype:
+    """
+    if isinstance(token_proof, dict):
+        token_proof = json.dumps(token_proof)
+    logg.debug(f'Hashing token proof: {token_proof}')
+    hash_object = hashlib.new("sha256")
+    hash_object.update(token_proof.encode('utf-8'))
+    return hash_object.digest().hex()
+
+
+def order_account_tokens_list(account_tokens_list: list, identifier: bytes) -> list:
+    """
+    :param account_tokens_list:
+    :type account_tokens_list:
+    :param identifier:
+    :type identifier:
+    :return:
+    :rtype:
+    """
+    ordered_tokens_list = []
+    # get last sent token
+    key = cache_data_key(identifier=identifier, salt=MetadataPointer.TOKEN_LAST_SENT)
+    last_sent_token_symbol = get_cached_data(key)
+
+    # get last received token
+    key = cache_data_key(identifier=identifier, salt=MetadataPointer.TOKEN_LAST_RECEIVED)
+    last_received_token_symbol = get_cached_data(key)
+
+    last_sent_token_data, remaining_accounts_token_list = remove_from_account_tokens_list(account_tokens_list, last_sent_token_symbol)
+    if last_sent_token_data:
+        ordered_tokens_list.append(last_sent_token_data[0])
+
+    last_received_token_data, remaining_accounts_token_list = remove_from_account_tokens_list(remaining_accounts_token_list, last_received_token_symbol)
+    if last_received_token_data:
+        ordered_tokens_list.append(last_received_token_data[0])
+
+    # order the by balance
+    ordered_by_balance = sorted(remaining_accounts_token_list, key=lambda d: d['balance'], reverse=True)
+    return ordered_tokens_list + ordered_by_balance
+
+
+def parse_token_list(account_token_list: list):
+    parsed_token_list = []
+    for i in range(len(account_token_list)):
+        token_symbol = account_token_list[i].get('symbol')
+        token_balance = account_token_list[i].get('balance')
+        token_data_repr = f'{i+1}. {token_symbol} {token_balance}'
+        parsed_token_list.append(token_data_repr)
+    return parsed_token_list
+
+
+def process_token_data(blockchain_address: str, token_symbol: str):
+    """
+
+    :param blockchain_address:
+    :type blockchain_address:
+    :param token_symbol:
+    :type token_symbol:
+    :return:
+    :rtype:
+    """
+    logg.debug(f'Processing token data for token: {token_symbol}')
+    identifier = token_symbol.encode('utf-8')
+    query_token_metadata(identifier=identifier)
+    token_info = query_token_info(identifier=identifier)
+    hashed_token_info = hashed_token_proof(token_proof=token_info)
+    query_token_data(blockchain_address=blockchain_address,
+                     hashed_proofs=[hashed_token_info],
+                     token_symbols=[token_symbol])
+
+
 def query_default_token(chain_str: str):
     """This function synchronously queries cic-eth for the deployed system's default token.
     :param chain_str: Chain name and network id.
@@ -59,3 +282,60 @@ def query_default_token(chain_str: str):
     cic_eth_api = Api(chain_str=chain_str)
     default_token_request_task = cic_eth_api.default_token()
     return default_token_request_task.get()
+
+
+def query_token_data(blockchain_address: str, hashed_proofs: list, token_symbols: list):
+    """"""
+    logg.debug(f'Retrieving token metadata for tokens: {", ".join(token_symbols)}')
+    api = Api(callback_param=blockchain_address,
+              callback_queue='cic-ussd',
+              chain_str=Chain.spec.__str__(),
+              callback_task='cic_ussd.tasks.callback_handler.token_data_callback')
+    api.tokens(token_symbols=token_symbols, proof=hashed_proofs)
+
+
+def remove_from_account_tokens_list(account_tokens_list: list, token_symbol: str):
+    """
+    :param account_tokens_list:
+    :type account_tokens_list:
+    :param token_symbol:
+    :type token_symbol:
+    :return:
+    :rtype:
+    """
+    removed_token_data = []
+    for i in range(len(account_tokens_list)):
+        if account_tokens_list[i]['symbol'] == token_symbol:
+            removed_token_data.append(account_tokens_list[i])
+            del account_tokens_list[i]
+            break
+    return removed_token_data, account_tokens_list
+
+
+def set_active_token(blockchain_address: str, token_symbol: str):
+    """
+    :param blockchain_address:
+    :type blockchain_address:
+    :param token_symbol:
+    :type token_symbol:
+    :return:
+    :rtype:
+    """
+    logg.info(f'Active token set to: {token_symbol}')
+    key = cache_data_key(identifier=bytes.fromhex(blockchain_address), salt=MetadataPointer.TOKEN_ACTIVE)
+    cache_data(key=key, data=token_symbol)
+
+
+def token_list_set(preferred_language: str, token_data_reprs: list):
+    """
+    :param preferred_language:
+    :type preferred_language:
+    :param token_data_reprs:
+    :type token_data_reprs:
+    :return:
+    :rtype:
+    """
+    if not token_data_reprs:
+        return translation_for('helpers.no_tokens_list', preferred_language)
+    return ''.join(f'{token_data_repr}\n' for token_data_repr in token_data_reprs)
+

apps/cic-ussd/cic_ussd/account/transaction.py

@@ -1,7 +1,6 @@
 # standard import
-import decimal
-import json
 import logging
+from math import trunc
 from typing import Dict, Tuple
 
 # external import
@@ -9,8 +8,6 @@ from cic_eth.api import Api
 from sqlalchemy.orm.session import Session
 
 # local import
-from cic_ussd.account.chain import Chain
-from cic_ussd.account.tokens import get_cached_default_token
 from cic_ussd.db.models.account import Account
 from cic_ussd.db.models.base import SessionBase
 from cic_ussd.error import UnknownUssdRecipient
@@ -55,32 +52,32 @@ def aux_transaction_data(preferred_language: str, transaction: dict) -> dict:
     return transaction
 
 
-def from_wei(value: int) -> float:
+def from_wei(decimals: int, value: int) -> float:
     """This function converts values in Wei to a token in the cic network.
+    :param decimals: The decimals required for wei values.
+    :type decimals: int
     :param value: Value in Wei
     :type value: int
     :return: SRF equivalent of value in Wei
     :rtype: float
     """
-    cached_token_data = json.loads(get_cached_default_token(Chain.spec.__str__()))
-    token_decimals: int = cached_token_data.get('decimals')
-    value = float(value) / (10**token_decimals)
+    value = float(value) / (10**decimals)
     return truncate(value=value, decimals=2)
 
 
-def to_wei(value: int) -> int:
+def to_wei(decimals: int, value: int) -> int:
     """This functions converts values from a token in the cic network to Wei.
+    :param decimals: The decimals required for wei values.
+    :type decimals: int
     :param value: Value in SRF
     :type value: int
     :return: Wei equivalent of value in SRF
     :rtype: int
     """
-    cached_token_data = json.loads(get_cached_default_token(Chain.spec.__str__()))
-    token_decimals: int = cached_token_data.get('decimals')
-    return int(value * (10**token_decimals))
+    return int(value * (10**decimals))
 
 
-def truncate(value: float, decimals: int):
+def truncate(value: float, decimals: int) -> float:
     """This function truncates a value to a specified number of decimals places.
     :param value: The value to be truncated.
     :type value: float
@@ -89,9 +86,8 @@ def truncate(value: float, decimals: int):
     :return: The truncated value.
     :rtype: int
     """
-    decimal.getcontext().rounding = decimal.ROUND_DOWN
-    contextualized_value = decimal.Decimal(value)
-    return round(contextualized_value, decimals)
+    stepper = 10.0**decimals
+    return trunc(stepper*value) / stepper
 
 
 def transaction_actors(transaction: dict) -> Tuple[Dict, Dict]:
@@ -104,14 +100,17 @@ def transaction_actors(transaction: dict) -> Tuple[Dict, Dict]:
     """
     destination_token_symbol = transaction.get('destination_token_symbol')
     destination_token_value = transaction.get('destination_token_value') or transaction.get('to_value')
+    destination_token_decimals = transaction.get('destination_token_decimals')
     recipient_blockchain_address = transaction.get('recipient')
     sender_blockchain_address = transaction.get('sender')
     source_token_symbol = transaction.get('source_token_symbol')
     source_token_value = transaction.get('source_token_value') or transaction.get('from_value')
+    source_token_decimals = transaction.get('source_token_decimals')
 
     recipient_transaction_data = {
         "token_symbol": destination_token_symbol,
         "token_value": destination_token_value,
+        "token_decimals": destination_token_decimals,
         "blockchain_address": recipient_blockchain_address,
         "role": "recipient",
     }
@@ -119,6 +118,7 @@ def transaction_actors(transaction: dict) -> Tuple[Dict, Dict]:
         "blockchain_address": sender_blockchain_address,
         "token_symbol": source_token_symbol,
         "token_value": source_token_value,
+        "token_decimals": source_token_decimals,
         "role": "sender",
     }
     return recipient_transaction_data, sender_transaction_data
@@ -166,14 +166,16 @@ class OutgoingTransaction:
         self.from_address = from_address
         self.to_address = to_address
 
-    def transfer(self, amount: int, token_symbol: str):
+    def transfer(self, amount: int, decimals: int, token_symbol: str):
         """This function initiates standard transfers between one account to another
         :param amount: The amount of tokens to be sent
         :type amount: int
+        :param decimals: The decimals for the token being transferred.
+        :type decimals: int
         :param token_symbol: ERC20 token symbol of token to send
         :type token_symbol: str
         """
         self.cic_eth_api.transfer(from_address=self.from_address,
                                   to_address=self.to_address,
-                                  value=to_wei(value=amount),
+                                  value=to_wei(decimals=decimals, value=amount),
                                   token_symbol=token_symbol)

apps/cic-ussd/cic_ussd/cache.py

@@ -1,11 +1,13 @@
 # standard imports
 import hashlib
 import logging
+from typing import Union
 
-# third-party imports
+# external imports
+from cic_types.condiments import MetadataPointer
 from redis import Redis
 
-logg = logging.getLogger()
+logg = logging.getLogger(__file__)
 
 
 class Cache:
@@ -38,7 +40,7 @@ def get_cached_data(key: str):
     return cache.get(name=key)
 
 
-def cache_data_key(identifier: bytes, salt: str):
+def cache_data_key(identifier: Union[list, bytes], salt: MetadataPointer):
     """
     :param identifier:
     :type identifier:
@@ -48,6 +50,10 @@ def cache_data_key(identifier: bytes, salt: str):
     :rtype:
     """
     hash_object = hashlib.new("sha256")
-    hash_object.update(identifier)
-    hash_object.update(salt.encode(encoding="utf-8"))
+    if isinstance(identifier, list):
+        for identity in identifier:
+            hash_object.update(identity)
+    else:
+        hash_object.update(identifier)
+    hash_object.update(salt.value.encode(encoding="utf-8"))
     return hash_object.digest().hex()

apps/cic-ussd/cic_ussd/db/migrations/default/versions/f289e8510444_.py

@@ -24,6 +24,8 @@ def upgrade():
                     sa.Column('preferred_language', sa.String(), nullable=True),
                     sa.Column('password_hash', sa.String(), nullable=True),
                     sa.Column('failed_pin_attempts', sa.Integer(), nullable=False),
+                    sa.Column('guardians', sa.String(), nullable=True),
+                    sa.Column('guardian_quora', sa.Integer(), nullable=False),
                     sa.Column('status', sa.Integer(), nullable=False),
                     sa.Column('created', sa.DateTime(), nullable=False),
                     sa.Column('updated', sa.DateTime(), nullable=False),

apps/cic-ussd/cic_ussd/db/models/account.py

@@ -2,8 +2,10 @@
 import json
 
 # external imports
-from chainlib.hash import strip_0x
 from cic_eth.api import Api
+from cic_types.condiments import MetadataPointer
+from sqlalchemy import Column, Integer, String
+from sqlalchemy.orm.session import Session
 
 # local imports
 from cic_ussd.account.metadata import get_cached_preferred_language, parse_account_metadata
@@ -12,8 +14,9 @@ from cic_ussd.db.enum import AccountStatus
 from cic_ussd.db.models.base import SessionBase
 from cic_ussd.db.models.task_tracker import TaskTracker
 from cic_ussd.encoder import check_password_hash, create_password_hash
-from sqlalchemy import Column, Integer, String
-from sqlalchemy.orm.session import Session
+from cic_ussd.phone_number import Support
+
+support_phone = Support.phone_number
 
 
 class Account(SessionBase):
@@ -29,12 +32,16 @@ class Account(SessionBase):
     failed_pin_attempts = Column(Integer)
     status = Column(Integer)
     preferred_language = Column(String)
+    guardians = Column(String)
+    guardian_quora = Column(Integer)
 
     def __init__(self, blockchain_address, phone_number):
         self.blockchain_address = blockchain_address
         self.phone_number = phone_number
         self.password_hash = None
         self.failed_pin_attempts = 0
+        # self.guardians = f'{support_phone}' if support_phone else None
+        self.guardian_quora = 1
         self.status = AccountStatus.PENDING.value
 
     def __repr__(self):
@@ -45,6 +52,28 @@ class Account(SessionBase):
         self.failed_pin_attempts = 0
         self.status = AccountStatus.ACTIVE.value
 
+    def add_guardian(self, phone_number: str):
+        set_guardians = phone_number
+        if self.guardians:
+            set_guardians = self.guardians.split(',')
+            set_guardians.append(phone_number)
+            ','.join(set_guardians)
+        self.guardians = set_guardians
+
+    def remove_guardian(self, phone_number: str):
+        set_guardians = self.guardians.split(',')
+        set_guardians.remove(phone_number)
+        if len(set_guardians) > 1:
+            self.guardians = ','.join(set_guardians)
+        else:
+            self.guardians = set_guardians[0]
+
+    def get_guardians(self) -> list:
+        return self.guardians.split(',') if self.guardians else []
+
+    def set_guardian_quora(self, quora: int):
+        self.guardian_quora = quora
+
     def create_password(self, password):
         """This method takes a password value and hashes the value before assigning it to the corresponding
         `hashed_password` attribute in the user record.
@@ -101,7 +130,7 @@ class Account(SessionBase):
         session.add(self)
         session.flush()
         SessionBase.release_session(session=session)
-        return f'Pin reset successful.'
+        return 'Pin reset successful.'
 
     def standard_metadata_id(self) -> str:
         """This function creates an account's standard metadata identification information that contains an account owner's
@@ -109,8 +138,8 @@ class Account(SessionBase):
         :return: Standard metadata identification information | e164 formatted phone number.
         :rtype: str
         """
-        identifier = bytes.fromhex(strip_0x(self.blockchain_address))
-        key = cache_data_key(identifier, ':cic.person')
+        identifier = bytes.fromhex(self.blockchain_address)
+        key = cache_data_key(identifier, MetadataPointer.PERSON)
         account_metadata = get_cached_data(key)
         if not account_metadata:
             return self.phone_number

apps/cic-ussd/cic_ussd/db/ussd_menu.json

@@ -287,7 +287,132 @@
             "display_key": "ussd.kenya.dob_edit_pin_authorization",
             "name": "dob_edit_pin_authorization",
             "parent": "metadata_management"
+        },
+        "49": {
+            "description": "Menu to display first set of tokens in the account's token list.",
+            "display_key": "ussd.kenya.first_account_tokens_set",
+            "name": "first_account_tokens_set",
+            "parent": null
+        },
+        "50": {
+            "description": "Menu to display middle set of tokens in the account's token list.",
+            "display_key": "ussd.kenya.middle_account_tokens_set",
+            "name": "middle_account_tokens_set",
+            "parent": null
+        },
+        "51": {
+            "description": "Menu to display last set of tokens in the account's token list.",
+            "display_key": "ussd.kenya.last_account_tokens_set",
+            "name": "last_account_tokens_set",
+            "parent": null
+        },
+        "52": {
+            "description": "Pin entry menu for setting an active token.",
+            "display_key": "ussd.kenya.token_selection_pin_authorization",
+            "name": "token_selection_pin_authorization",
+            "parent": null
+        },
+        "53": {
+            "description": "Exit following a successful active token setting.",
+            "display_key": "ussd.kenya.exit_successful_token_selection",
+            "name": "exit_successful_token_selection",
+            "parent": null
+        },
+        "54": {
+            "description": "Pin management menu for operations related to an account's pin.",
+            "display_key": "ussd.kenya.pin_management",
+            "name": "pin_management",
+            "parent": "start"
+        },
+        "55": {
+            "description": "Phone number entry for account whose pin is being reset.",
+            "display_key": "ussd.kenya.reset_guarded_pin",
+            "name": "reset_guarded_pin",
+            "parent": "pin_management"
+        },
+        "56": {
+            "description": "Pin entry for initiating request to reset an account's pin.",
+            "display_key": "ussd.kenya.reset_guarded_pin_authorization",
+            "name": "reset_guarded_pin_authorization",
+            "parent": "pin_management"
+        },
+        "57": {
+            "description": "Exit menu following successful pin reset initiation.",
+            "display_key": "ussd.kenya.exit_pin_reset_initiated_success",
+            "name": "exit_pin_reset_initiated_success",
+            "parent": "pin_management"
+        },
+        "58": {
+            "description": "Exit menu in the event that an account is not a set guardian.",
+            "display_key": "ussd.kenya.exit_not_authorized_for_pin_reset",
+            "name": "exit_not_authorized_for_pin_reset",
+            "parent": "pin_management"
+        },
+        "59": {
+            "description": "Pin guard menu for handling guardianship operations.",
+            "display_key": "ussd.kenya.guard_pin",
+            "name": "guard_pin",
+            "parent": "pin_management"
+        },
+        "60": {
+            "description": "Pin entry to display a list of set guardians.",
+            "display_key": "ussd.kenya.guardian_list_pin_authorization",
+            "name": "guardian_list_pin_authorization",
+            "parent": "guard_pin"
+        },
+        "61": {
+            "description": "Menu to display list of set guardians.",
+            "display_key": "ussd.kenya.guardian_list",
+            "name": "guardian_list",
+            "parent": "guard_pin"
+        },
+        "62": {
+            "description": "Phone number entry to add an account as a guardian to reset pin.",
+            "display_key": "ussd.kenya.add_guardian",
+            "name": "add_guardian",
+            "parent": "guard_pin"
+        },
+        "63": {
+            "description": "Pin entry to confirm addition of an account as a guardian.",
+            "display_key": "ussd.kenya.add_guardian_pin_authorization",
+            "name": "add_guardian_pin_authorization",
+            "parent": "guard_pin"
+        },
+        "64": {
+            "description": "Exit menu when an account is successfully added as pin reset guardian.",
+            "display_key": "ussd.kenya.exit_guardian_addition_success",
+            "name": "exit_guardian_addition_success",
+            "parent": "guard_pin"
+        },
+        "65": {
+            "description": "Phone number entry to remove an account as a guardian to reset pin.",
+            "display_key": "ussd.kenya.remove_guardian",
+            "name": "remove_guardian",
+            "parent": "guard_pin"
+        },
+        "66": {
+            "description": "Pin entry to confirm removal of an account as a guardian.",
+            "display_key": "ussd.kenya.remove_guardian_pin_authorization",
+            "name": "remove_guardian_pin_authorization",
+            "parent": "guard_pin"
+        },
+        "67": {
+            "description": "Exit menu when an account is successfully removed as pin reset guardian.",
+            "display_key": "ussd.kenya.exit_guardian_removal_success",
+            "name": "exit_guardian_removal_success",
+            "parent": "guard_pin"
+        },
+        "68": {
+            "description": "Exit menu when invalid phone number entry for guardian addition. ",
+            "display_key": "ussd.kenya.exit_invalid_guardian_addition",
+            "name": "exit_invalid_guardian_addition",
+            "parent": "guard_pin"
+        },
+        "69": {
+            "description": "Exit menu when invalid phone number entry for guardian removal. ",
+            "display_key": "ussd.kenya.exit_invalid_guardian_removal",
+            "name": "exit_invalid_guardian_removal",
+            "parent": "guard_pin"
         }
-
     }
 }

apps/cic-ussd/cic_ussd/metadata/__init__.py

@@ -3,7 +3,6 @@
 # external imports
 
 # local imports
-from .base import Metadata
 from .custom import CustomMetadata
 from .person import PersonMetadata
 from .phone import PhonePointerMetadata