Skip to content

fix(ocap-kernel): accept durable/virtual/faceted vrefs in isVRef#949

Open
FUDCo wants to merge 2 commits intomainfrom
chip/fix-vref-durable-grammar
Open

fix(ocap-kernel): accept durable/virtual/faceted vrefs in isVRef#949
FUDCo wants to merge 2 commits intomainfrom
chip/fix-vref-durable-grammar

Conversation

@FUDCo
Copy link
Copy Markdown
Contributor

@FUDCo FUDCo commented May 7, 2026
edited by cursor Bot
Loading

Summary

  • Widens isVRef to match the full vref grammar produced by @agoric/swingset-liveslots's parseVatSlot — durable (o+d10/1), virtual (o+v3/4), and faceted (o+d10/1:0) forms.
  • Previously the regex was ^[op][+-]\d+$, which rejected any vat using defineDurableKind. The branding refactor in refactor(ocap-kernel): branded kernel identifiers with runtime validation #917 made isVRef load-bearing through EndpointMessageStruct, insistERef, and parseReachableAndVatSlot, so any vat using durable kinds would fail outgoing-send validation and persisted-slot reads. Existing kernel-internal tests didn't exercise this path; the bug surfaced when a vat in a downstream branch used defineDurableKind for a public facet and bootstrap died with not a valid endpoint message.

isKRef and isRRef are unchanged — kernel and remote allocators don't emit durability suffixes.

Test plan

  • yarn workspace @metamask/ocap-kernel test (2341 passing locally)
  • Live verification: a vat using VatData.defineDurableKind for its public facet now boots cleanly through launchSubcluster (previously failed at the first outgoing eventual-send from bootstrap)
  • CI green

🤖 Generated with Claude Code

Note

Medium Risk
Changes core reference validation (isVRef/insistERef) used at RPC and message translation boundaries; a regex bug could either reject valid traffic or inadvertently accept malformed refs.

Overview
Fixes vat reference validation to accept the full liveslots vref grammar, including durable (o+d10/1), virtual (o+v3/4), and faceted (o+d10/1:0) object refs.

Updates isVRef to a stricter grammar-aware regex (only allowing durability/subid/facet syntax on o+), expands unit tests for isVRef/insistVRef/isERef/insistERef, and records the fix in the changelog to prevent endpoint message validation from breaking vats that use durable kinds.

Reviewed by Cursor Bugbot for commit 9c1cffa. Bugbot is set up for automated code reviews on this repo. Configure here.

@FUDCo @claude
fix(ocap-kernel): accept durable/virtual/faceted vrefs in isVRef
bcb65af 
The previous regex only matched plain `[op][+-]N`, rejecting
liveslots-allocated durable-kind refs like `o+d10/1` and faceted
forms like `o+d10/1:0`. Any vat using `defineDurableKind` would
fail EndpointMessage validation on outgoing sends and reachable.ts
on persisted-slot reads.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@FUDCo FUDCo requested a review from a team as a code owner May 7, 2026 23:45
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 7, 2026
edited
Loading

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 71.43%
🟰 ±0%		 8259 / 11561
🔵 Statements 71.26%
🟰 ±0%		 8395 / 11780
🔵 Functions 72.25%
🟰 ±0%		 1992 / 2757
🔵 Branches 65.09%
🟰 ±0%		 3342 / 5134
File Coverage
File Stmts Branches Functions Lines Uncovered Lines
Changed Files
packages/ocap-kernel/src/types.ts 100%
🟰 ±0%		 100%
🟰 ±0%		 100%
🟰 ±0%		 100%
🟰 ±0%
Generated in workflow #4405 for commit 9c1cffa by the Vitest Coverage Report Action

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@FUDCo