Declaring Required Capabilities

Most contract deployments don't need everything in BootstrapPowers. Verifying by inspection that they don't use any more than they need is notoriously difficult. So proposals come with a BootstrapManifestPermit to declare an upper limit on the capabilities they access. For a property access powers.P, if the permit has { P: true }, then the access succeeds. In fact, any truthy value will do. And recursively, a property access powers.P.Q.R succeeds if the permit has { P: { Q: { R: true } } }.

The permit for startSellConcertTicketsContract is:

/** @type { import("@agoric/vats/src/core/lib-boot").BootstrapManifestPermit } */
export const permit = harden({
  consume: {
    agoricNames: true,
    brandAuxPublisher: true,
    startUpgradable: true, // to start contract and save adminFacet
    zoe: true, // to get contract terms, including issuer/brand
  },
  installation: {
    consume: { [contractName]: true },
    produce: { [contractName]: true },
  },
  instance: { produce: { [contractName]: true } },
  issuer: { consume: { IST: true }, produce: { Ticket: true } },
  brand: { consume: { IST: true }, produce: { Ticket: true } },
});

export const main = startSellConcertTicketsContract;

Selected BootstrapPowers

In the top level promise space, we have:

agoricNames: read-only access to the agoricNames name service.
agoricNamesAdmin: admin / update access to agoricNames and the name hubs it contains. Warning: this includes access to over-write existing bindings to instances, brands, etc.Warning: this includes the right to over-write existing bindings to instances, brands, etc.
bankManager: to manage reflection of cosmos assets as ERTP assets: to register an issuer to correspond to a denom or to get a bank of purses for any address. Warning: this includes the right to spend assets for any account.
board: the board name service. Note: the board only grows; no mechanism to reclaim storage has been established.
chainStorage: to make storage nodes to write to vstorage. Warning: this includes access to over-write previously allocated storage nodes.
chainTimerService: for getting the current timer and setting timer wake-ups; for example, at the conclusion of a governance vote. See Timer Service API. Note: this includes access to schedule infinitely repeating events.
namesByAddress: for looking up objects published under an address; in particular, a depositFacet.
namesByAddressAdmin: admin (write) access to namesByAddress. Warning: this includes access to re-direct where payments to an address go.
priceAuthority: access to get price quotes and triggers; see Price Authority Guide.
priceAuthorityAdmin: access to add and replace sources of price quotes using E(priceAuthorityAdmin).registerPriceAuthority()
zoe: the Zoe service

Getting Started

Smart Contract Basics

Permissioned Contract Deployment

Integrating with Agoric Network

Agoric CLI

ERTP API

Zoe API

Example Zoe Contracts

ERTP

Deployed Zoe Contracts

dapp-agoric-basics

UI Tutorial

Declaring Required Capabilities

Selected BootstrapPowers

Declaring Required Capabilities ​

Selected BootstrapPowers ​

Declaring Required Capabilities

Selected BootstrapPowers