feat(fiber): object-form-only _transferAsset recipient, fail-loud#193
Open
ottobot-ai wants to merge 1 commit into
Open
feat(fiber): object-form-only _transferAsset recipient, fail-loud#193ottobot-ai wants to merge 1 commit into
ottobot-ai wants to merge 1 commit into
Conversation
The `_transferAsset` directive recipient is now the canonical AssetHolder
OBJECT form ONLY (`{"Fiber":{"fiberId":..}}` / `{"Wallet":{"address":..}}`),
decoded strictly through the same magnolia codec as every other holder
surface. The legacy bare-string UUID/DAG-address disambiguation is removed
(greenfield — no back-compat).
Any malformed directive — a non-object item, missing/non-UUID assetId, a
recipient that is not a well-formed AssetHolder object, or a gas/eval
failure — now raises a graceful CombineRejected instead of being silently
dropped. A silently-dropped transfer is a latent bug; surfacing it is
deliberate. Safe because effect extraction runs only on the combiner apply
path (never validateSignedUpdate), so the raise is caught at insert ->
RejectionReceipt (rule #2), the same authoritative-gate pattern AssetCombiner
already uses for the R1 holder check. The static recipient SHAPE is caught
earlier/advisory by the DefinitionLinter (linter-only, no hard registration
gate).
Migrates every call site:
- chain: AssetFiberTransferSuite (escrow E2E + extractor units),
AssetTransferRecipientObjectFormSuite (contract). Full sharedData/test
green (572).
- e2e defs: riverdale-economy (7 recipients -> Fiber), staked-oracle-pool
(4 -> Wallet). sigma-mixer has no _transferAsset recipients. Validated
by the e2e lanes on CI.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01R5TUSJPD8FCtJagf7siXgt
ottobot-ai
changed the title
ottobot-ai
force-pushed
the
feat/transfer-asset-recipient-object-form
branch
from
72646ab to
877dac7
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements F2 of the fiber-ergonomics program, revised per review to drop back-compat (greenfield) and surface parse failures instead of dropping them.
The new contract for
_transferAssetrecipient{"Fiber":{"fiberId":..}}/{"Wallet":{"address":..}}, decoded strictly through the same magnoliaAssetHoldercodec as every other holder surface. The legacy bare-string UUID/DAG-address disambiguation is removed.assetId, a recipient that isn't a well-formedAssetHolderobject, or a gas/eval failure) raises a gracefulCombineRejectedinstead of being silently dropped. A silently-dropped transfer is a latent bug; surfacing it is deliberate.Why combine is the right layer (and what's caught earlier)
The recipient isn't in the signed
TransitionStateMachinemessage — it's the evaluated output of the definition's effect against runtime context (usually dynamic,{"Fiber":{"fiberId":{"var":"event.x"}}}). So the resolved holder is only knowable at combine, and extraction runs only on the combiner apply path (nevervalidateSignedUpdate) — making the raise a rule-#2 graceful reject (caught atinsert→RejectionReceipt), the same patternAssetCombineralready uses for the R1 holder check. The static recipient shape is caught earlier and advisory by theDefinitionLinter(linter-only — no hard registration gate, per review).Migrates every call site
AssetFiberTransferSuite(escrow E2E + extractor units — escrow now moves to bothFiberandWalletobject recipients through the full combiner; "malformed dropped" → "malformed REJECTED"),AssetTransferRecipientObjectFormSuite(the contract). FullsharedData/testgreen (572/0).riverdale-economy(7 recipients →Fiber),staked-oracle-pool(4 →Wallet,event.agent= a wallet address).sigma-mixerhas no_transferAssetrecipients. Validated end-to-end by the e2e lanes on CI.The SDK builder side (
@ottochain/sdktransferAsset/toFiber/toWallet→ object form + app examples) is migrated separately on the SDK PR (#227).Part of the fiber-ergonomics implementation set (RFCs in #192).
🤖 Generated with Claude Code