refactor: clean-ups prompted by failing regression tests

A test cued me that between giveWanted and
tryReclaimingWithdrawnPayments, it's crucial that we save state as we
go, so if there's a problem later, the earlier withdrawals will be
reclaimed.

packages/inter-protocol/src/price/roundsManager.js

@@ -432,8 +432,10 @@ export const prepareRoundsManagerKit = baggage =>
             );
           }
 
-          if (status.lastReportedRound >= roundId)
+          if (status.lastReportedRound >= roundId) {
             return 'cannot report on previous rounds';
+          }
+
           if (
             roundId !== reportingRoundId &&
             roundId !== add(reportingRoundId, 1) &&

packages/inter-protocol/test/smartWallet/test-psm-integration.js

@@ -193,11 +193,6 @@ test('want stable (insufficient funds)', async t => {
     'Withdrawal of {"brand":"[Alleged: AUSD brand]","value":"[20000n]"} failed because the purse only contained {"brand":"[Alleged: AUSD brand]","value":"[10000n]"}';
   const status = computedState.offerStatuses.get('insufficientFunds');
   t.is(status?.error, `Error: ${msg}`);
-  /** @type {[PromiseRejectedResult]} */
-  // @ts-expect-error cast
-  const result = status.result;
-  t.is(result[0].status, 'rejected');
-  t.is(result[0].reason.message, msg);
 });
 
 test('govern offerFilter', async t => {
@@ -384,6 +379,8 @@ test('deposit multiple payments to unknown brand', async t => {
   }
 });
 
+// related to recovering dropped Payments
+
 // XXX belongs in smart-wallet package, but needs lots of set-up that's handy here.
 test('recover when some withdrawals succeed and others fail', async t => {
   const { fromEntries } = Object;

packages/smart-wallet/src/offerWatcher.js

@@ -10,7 +10,7 @@ import {
   SeatShape,
 } from '@agoric/zoe/src/typeGuards.js';
 import { AmountShape } from '@agoric/store/test/borrow-guards.js';
-import { objectMap } from '@agoric/internal';
+import { objectMap, deeplyFulfilledObject } from '@agoric/internal';
 
 /** Value for "result" field when the result can't be published */
 export const UNPUBLISHED_RESULT = 'UNPUBLISHED';
@@ -59,7 +59,9 @@ const offerWatcherGuard = harden({
     exitOpenSeats: M.call(M.any()).returns(),
   }),
   paymentWatcher: M.interface('paymentWatcher', {
-    onFulfilled: M.call(PaymentPKeywordRecordShape, SeatShape).returns(),
+    onFulfilled: M.call(PaymentPKeywordRecordShape, SeatShape).returns(
+      M.promise(),
+    ),
     onRejected: M.call(M.any(), SeatShape).returns(),
   }),
   resultWatcher: M.interface('resultWatcher', {
@@ -158,18 +160,16 @@ export const makeOfferWatcherMaker = baggage => {
       },
 
       paymentWatcher: {
-        onFulfilled(payouts) {
+        async onFulfilled(payouts) {
           const { state, facets } = this;
 
           // This will block until all payouts succeed, but user will be updated
-          // as each payout will trigger its corresponding purse notifier.
-          objectMap(payouts, paymentRef =>
-            E.when(paymentRef, payment =>
-              state.deposit.receive(payment).then(amountsOrDeferred => {
-                facets.helper.updateStatus({ payouts: amountsOrDeferred });
-              }),
-            ),
+          // since each payout will trigger its corresponding purse notifier.
+          const amountPKeywordRecord = objectMap(payouts, paymentRef =>
+            E.when(paymentRef, payment => state.deposit.receive(payment)),
           );
+          const amounts = await deeplyFulfilledObject(amountPKeywordRecord);
+          facets.helper.updateStatus({ payouts: amounts });
         },
         onRejected(reason, seat) {
           const { facets } = this;

packages/smart-wallet/src/smartWallet.js

@@ -34,6 +34,7 @@ import {
   AmountKeywordRecordShape,
   PaymentPKeywordRecordShape,
 } from '@agoric/zoe/src/typeGuards.js';
+
 import { makeInvitationsHelper } from './invitations.js';
 import { shape } from './typeGuards.js';
 import { objectMapStoragePath } from './utils.js';
@@ -175,6 +176,7 @@ const trace = makeTracer('SmrtWlt');
  *   currentRecorderKit: import('@agoric/zoe/src/contractSupport/recorder.js').RecorderKit<CurrentWalletRecord>,
  *   liveOffers: MapStore<OfferId, import('./offerWatcher.js').OfferStatus>,
  *   liveOfferSeats: MapStore<OfferId, UserSeat<unknown>>,
+ *   liveOfferPayments: MapStore<OfferId, MapStore<Brand, Payment>>,
  * }>} ImmutableState
  *
  * @typedef {BrandDescriptor & { purse: Purse }} PurseRecord
@@ -231,7 +233,7 @@ const getBrandToPurses = (walletPurses, key) => {
   return brandToPurses;
 };
 
-const REPAIRED_UNWATCHED_SEATS = 'true';
+const REPAIRED_UNWATCHED_SEATS = 'repairedUnwatchedSeats';
 
 /**
  * @param {import('@agoric/vat-data').Baggage} baggage
@@ -328,6 +330,9 @@ export const prepareSmartWallet = (baggage, shared) => {
       liveOfferSeats: makeScalarBigMapStore('live offer seats', {
         durable: true,
       }),
+      liveOfferPayments: makeScalarBigMapStore('live offer payments', {
+        durable: true,
+      }),
     };
 
     return {
@@ -357,14 +362,15 @@ export const prepareSmartWallet = (baggage, shared) => {
       ).returns(M.promise()),
       purseForBrand: M.call(BrandShape).returns(M.promise()),
     }),
+
     deposit: M.interface('depositFacetI', {
       receive: M.callWhen(M.await(M.eref(PaymentShape))).returns(AmountShape),
     }),
     payments: M.interface('payments support', {
       withdrawGive: M.call(AmountKeywordRecordShape).returns(
         PaymentPKeywordRecordShape,
       ),
-      depositPayouts: M.call(PaymentPKeywordRecordShape).returns(M.promise()),
+      tryReclaimingWithdrawnPayments: M.call(M.string()).returns(M.promise()),
     }),
     offers: M.interface('offers facet', {
       executeOffer: M.call(shape.OfferSpec).returns(M.promise()),
@@ -405,13 +411,15 @@ export const prepareSmartWallet = (baggage, shared) => {
           const {
             liveOffers,
             liveOfferSeats,
+            liveOfferPayments,
             offerToInvitationMakers,
             offerToPublicSubscriberPaths,
             offerToUsedInvitation,
           } = this.state;
           const used =
             liveOffers.has(id) ||
             liveOfferSeats.has(id) ||
+            liveOfferPayments.has(id) ||
             offerToInvitationMakers.has(id) ||
             offerToPublicSubscriberPaths.has(id) ||
             offerToUsedInvitation.has(id);
@@ -554,6 +562,7 @@ export const prepareSmartWallet = (baggage, shared) => {
           if (baggage.has(REPAIRED_UNWATCHED_SEATS)) {
             return;
           }
+          baggage.init(REPAIRED_UNWATCHED_SEATS, true);
 
           const invitationFromSpec = makeInvitationsHelper(
             zoe,
@@ -594,6 +603,10 @@ export const prepareSmartWallet = (baggage, shared) => {
               state.liveOfferSeats.delete(offerStatus.id);
             }
 
+            if (state.liveOfferPayments.has(offerStatus.id)) {
+              state.liveOfferPayments.delete(offerStatus.id);
+            }
+
             if (state.liveOffers.has(offerStatus.id)) {
               state.liveOffers.delete(offerStatus.id);
               facets.helper.publishCurrentState();
@@ -694,28 +707,58 @@ export const prepareSmartWallet = (baggage, shared) => {
       payments: {
         /**
          * @param {AmountKeywordRecord} give
+         * @param {OfferId} offerId
          * @returns {PaymentPKeywordRecord}
          */
-        withdrawGive(give) {
-          const { facets } = this;
+        withdrawGive(give, offerId) {
+          const { state, facets } = this;
+
+          /** @type {MapStore<Brand, Payment>} */
+          const brandPaymentRecord = makeScalarBigMapStore('paymentToBrand', {
+            durable: true,
+          });
+          state.liveOfferPayments.init(offerId, brandPaymentRecord);
+
+          // Add each payment to liveOfferPayments as it is withdrawn. If
+          // there's an error partway through, we can recover the withdrawals.
           return objectMap(give, amount => {
             /** @type {Promise<Purse>} */
             const purseP = facets.helper.purseForBrand(amount.brand);
-            return E(purseP).withdraw(amount);
+            const paymentP = E(purseP).withdraw(amount);
+            void E.when(
+              paymentP,
+              payment => brandPaymentRecord.init(amount.brand, payment),
+              e => {
+                // recovery will be handled by tryReclaimingWithdrawnPayments()
+                console.log(`Payment withdrawal failed.`, offerId, e);
+              },
+            );
+            return paymentP;
           });
         },
 
-        /**
-         * @param {PaymentPKeywordRecord} payouts
-         * @returns {Promise<AmountKeywordRecord>} amounts for deferred deposits will be empty
-         */
-        async depositPayouts(payouts) {
-          const { facets } = this;
-          /** Record<string, Promise<Amount>> */
-          const amountPKeywordRecord = objectMap(payouts, paymentRef =>
-            E.when(paymentRef, payment => facets.deposit.receive(payment)),
-          );
-          return deeplyFulfilledObject(amountPKeywordRecord);
+        async tryReclaimingWithdrawnPayments(offerId) {
+          const { state, facets } = this;
+          const { liveOfferPayments } = state;
+
+          if (liveOfferPayments.has(offerId)) {
+            const brandPaymentRecord = liveOfferPayments.get(offerId);
+            if (!brandPaymentRecord) {
+              return Promise.resolve(undefined);
+            }
+            // Use allSettled to ensure we attempt all the deposits, regardless of
+            // individual rejections.
+            return Promise.allSettled(
+              Array.from(brandPaymentRecord.entries()).map(async ([b, p]) => {
+                // Wait for the withdrawal to complete.  This protects against a
+                // race when updating paymentToPurse.
+                const purseP = facets.helper.purseForBrand(b);
+
+                // Now send it back to the purse.
+                return E(purseP).deposit(p);
+              }),
+            );
+          }
         },
       },
 
@@ -735,6 +778,8 @@ export const prepareSmartWallet = (baggage, shared) => {
 
           facets.helper.assertUniqueOfferId(String(offerSpec.id));
 
+          await null;
+
           let seatRef;
           let watcher;
           try {
@@ -761,7 +806,7 @@ export const prepareSmartWallet = (baggage, shared) => {
             const [paymentKeywordRecord, invitationAmount] = await Promise.all([
               proposal?.give &&
                 deeplyFulfilledObject(
-                  facets.payments.withdrawGive(proposal.give),
+                  facets.payments.withdrawGive(proposal.give, offerSpec.id),
                 ),
               E(invitationIssuer).getAmountOf(invitation),
             ]);
@@ -795,7 +840,6 @@ export const prepareSmartWallet = (baggage, shared) => {
           } catch (err) {
             console.error('OFFER ERROR:', err);
             // Notify the user
-            debugger;
             if (watcher) {
               watcher.helper.updateStatus({ error: err.toString() });
             } else {
@@ -808,8 +852,16 @@ export const prepareSmartWallet = (baggage, shared) => {
               );
             }
 
+            if (offerSpec?.proposal?.give) {
+              facets.payments
+                .tryReclaimingWithdrawnPayments(offerSpec.id)
+                .catch(e =>
+                  console.error('recovery failed reclaiming payments', e),
+                );
+            }
+
             if (seatRef) {
-              E.when(E(seatRef).hasExited(), hasExited => {
+              void E.when(E(seatRef).hasExited(), hasExited => {
                 if (!hasExited) {
                   void E(seatRef).tryExit();
                 }

packages/smart-wallet/src/walletFactory.js

@@ -129,7 +129,7 @@ export const makeAssetRegistry = assetPublisher => {
  * }} WalletReviver
  */
 
-// NB: even though all the wallets share this contract, they
+// NB: even though all the wallets share this contract,
 // 1. they should not rely on that; they may be partitioned later
 // 2. they should never be able to detect behaviors from another wallet
 /**