Agent of delegator cannot resolve oobi of a delegate

[lenkan]

See initial draft PR here: WebOfTrust/signify-ts#252, which is PR for using dev version of keria in sigts. I will inline the problem description here in this issue:

I found that there is a problem when an agent that contains a delegator tries to resolve an oobi for its delegatee. See the added steps in delegation.test.ts for a reproduction. The effects of this is that you cannot create a "contact" for the delegate, which means you cannot send an IPEX message to the delegate. This is needed for doing IPEX grant from GLEIF External to the QVI.

To reproduce this behaviour:

1. Pull the branch of sigTS PR add assertion for correct resolution of delegatee oobi signify-ts#252
2. npm run build
3. docker compose pull
4. docker compose up deps
5. npx jest examples/integration-scripts/delegation.test.ts

To explain what happens

1. X create delegator
2. Y create delegatee
3. X approve delegation
4. Y queries new state and sees approval
5. Y adds agent end role
6. Y generates OOBI url
7. X resolves OOBI url for delegator

After step 7, X nevers gets the AID of the delegator in its contact list. The oobi longrunning operation resolves with

  console.dir
    {
      name: 'oobi.AD-rrl0gMPRIhAl-42mMOaNL4PwCXfLPaX6-MhNt_aKw',
      metadata: {
        oobi: 'http://keria:3902/oobi/EJSmJgIGjJ5RcRd9WBz0tevFtauyT5FhoLdwIGVa19qh'
      },
      done: true,
      error: null,
      response: {
        oobi: 'http://keria:3902/oobi/EJSmJgIGjJ5RcRd9WBz0tevFtauyT5FhoLdwIGVa19qh'
      }
    }

Which only happens here:

keria/src/keria/core/longrunning.py

Lines 235 to 239 in 7ee5ba8

	if obr.cid and obr.cid in self.hby.kevers:
	kever = self.hby.kevers[obr.cid]
	operation.response = asdict(kever.state())
	else:
	operation.response = dict(oobi=oobi)

, when the AID is not in kevers.

Update: I have tried running the same tests using keria:latest and it works there.

[2byrds]

From our keri dev meeting:
Perhaps related to the change in order of the receipts?
Works on .1.3 docker image
@rodolfomiranda says Provenant has seen similar but more investigation is needed.
All the PRs in signify-ts are left hanging until this is resolved.
Stable versions are okay, this is a problem from main.

[2byrds]

I recreated the issue in my dev environment and walked through it with the debugger.

The reason that the response doesn't contain the event information (we expect an 'i' field in the response, that comes from the key state notice) is because the cid isn't in the kever list and so the oobi response won't contain the key state information:

And so during the contact creation/resolution the oobi is successfully retrieved

So far I believe the issue occurs during the parsing of the dip event, it is escrowed as a msifit as the delpre is consider non-local (i'm looking into what that means):

[2byrds]

Noting some potentially helpful activity regarding delegation/non-local/misfit info:
WebOfTrust/keripy#680
WebOfTrust/keripy#674

[2byrds]

Confirmed that the delegator is escrowing the dip event as a Misfit as part of the delegation approval/anchoring exchange.

It seems the escrow of the misfit dip key event prevents the contact from being created and so the oobi cid doesn't retrieve the key state for the delegate.

I checked to see if any Keripy tests exercise the exception and none seem to trigger a non-local delegation scenario.
I commented out the exception and all tests pass and so does the delegation contact retrieval.
I'm not sure yet how to modify the test or keripy eventing logic to provide the local/non-local protections that were intended while at the same time allowing the integration test to complete the full flow.

[2byrds]

Interestingly the dip is received by the deleGATOR automatically on creation of the deleGATE identifier. I asked about it on discord and got some additional information to consider regarding delegation/witness thresholding:
https://discord.com/channels/1148629222647148624/1148734044545228831/1241198502298517564

[2byrds]

deleGATE keria agent Anchorer (in delegating) sends the msg

keria/src/keria/app/delegating.py

Line 66 in 5bdc473

self.postman.send(hab=phab, dest=delpre, topic="delegate", serder=srdr, attachment=evt)

I'll look to see how the misfit escrow is processed. It looks like there should be a 'promotion' process that should lead to misfit escrow processing, which i'm guessing is currently broken.

[2byrds]

Some hints here

[2byrds]

Phil is making some changes to keripy for delegation. There will also be changes to KERIA https://discord.com/channels/1148629222647148624/1148734044545228831/1241438394207309844

[2byrds]

Phil is making some changes to keripy for delegation. There will also be changes to KERIA https://discord.com/channels/1148629222647148624/1148734044545228831/1241438394207309844

Phil has merged Keripy delegation fixes to reverse the order to check witness receipts and then check delegation approval. As well as some additional changes https://github.com/WebOfTrust/keripy/pull/784/files

[2byrds]

Phils changes allowed us to progress past the Misfit exception. But the delegation fails in the same way, this time it appears the delegation escrow isn't being processed once the delegation was confirmed with an ixn. More infor here https://discord.com/channels/1148629222647148624/1148734044545228831/1241881199102922752

[2byrds]

Good discussions this morning with Phil to identify the ideal fix. We are also discussing it in the community meeting today. https://discord.com/channels/1148629222647148624/1148734044545228831/1242475776813830234

[2byrds]

@pfeairheller is going to work on a delegable processor for KERIA and submit a PR

[2byrds]

WebOfTrust/keripy#785

[2byrds]

Summary of changes that are being tested/reviewed:
#230 is wrapping up.
@pfeairheller updated KERIpy to run parsing locally and provide a delegation escrow processor https://github.com/WebOfTrust/keripy/pull/786/files
@pfeairheller update KERIA agents to leverage the newly available delegation escrow #246
@2byrds made a complimentary PR to allow the user to approve the delegation after the interaction seal has been added to the KEL and successfully ran the test that @lenkan created as part of issue 230 https://github.com/WebOfTrust/keria/pull/247/files

[2byrds]

KERIA PR submitted but it's failing on a KERIpy error
#248
I have submitted an issue/fix for KERIpy so the KERIA PR will pass the testing.
WebOfTrust/keripy#789

[2byrds]

Delegator test is fixed by #250
Multisig-delegation test currently works because the only the delegatee is multi-sig but i'm upgrading it to make both sides multisig as part of #249 because multisig-vlei-issuance fails with a multisig delegator