Monday September 21

  • Agoric Alpha has been released. Now developers can build, deploy, and operate sophisticated dApps and DeFi markets.

Monday September 14

  • SES 0.10.3 released with Compartment.evaluate in the minified 35KB ses/lockdown layer, named compartments, and module aliases / redirects.

  • For Zoe and ERTP, we merged in the OTC Desk contract, made the covered call more flexible and added a number of more tests.

  • We’ve updated the docs for the Alpha Release, improved the testing framework to enable better white-box testing of contracts and the contract framework, and started integration of code covered tools.

  • The kernel team spent time designing infrastructure to allow contracts to be upgraded in-place in the future.

  • We’ve deployed our first demonstration Dapp to the testnet.

  • We now have 12 external validators on our testnet, plus the 7 Agoric-operated validators.

Monday September 7

  • Testnet-2.7.2 has been deployed with code from the Agoric alpha release candidate 2.

  • Improved the testing framework and coverage of key APIs like Zoe’s contract facet.

  • Karma 5.2.5 was released today with this change that makes it compatible with SES. Now Karma can verify that systems work even while their environment is frozen to prevent prototype pollution attacks.

  • SES 0.10.3 released with Compartment.evaluate in the minified 35KB ses/lockdown layer, named compartments, and module aliases / redirects.

  • The Agoric “SwingSet” kernel now thoroughly cleans up (unwinding all side-effects) after vats which have been terminated, either by explicit command, or because they overran their metering limits.

Monday August 31

Monday August 24

  • The agoric-sdk repository is moving to the AVA unit test framework.

  • We’re creating a separate alpha release candidate testnet to help polish the alpha release before migrating our current testnet to it.

  • This week we focused on cleaning up the Zoe and ERTP packages in alpha release candidate, closing a large number of open issues in the process. We have some additional updates to the documentation and contracts in the pipeline that will be landing soon, and we will be rewriting and restructuring the tests to be make better use of jigs so as not to have to duplicate the setup code for tests.

  • SES 0.10.2 released with a new moduleMapHook option on Compartment. This enables wildcard and cyclic dependencies between compartments.

Monday August 17

  • This week we merged the alpha release candidate 1 into agoric-sdk master. It includes a redesign of Zoe and ERTP. In ERTP, we made it easier to use different amountMath without needing to understand how amountMath are created. We also organized the files such that everything that is needed can be imported from @agoric/ertp. In Zoe, the APIs on both the contract side and the user side have changed significantly. Rather than using opaque offerHandles to track offers, we took a more object-oriented approach and created a seat abstraction. Clients can manage their position in a contract by calling methods on the seat that they obtain when they make an offer. We believe that these improvements in ERTP and Zoe make both much easier to use. We will be testing and hardening up the code in the next week.

  • The Agoric Swingset kernel now uses a shared “ZCF” bundle for each new contract, reducing transcript storage considerably.

  • We have published SES 0.10.1 to make space for our remote promise shim and a tiny patch defineProperty.

Monday August 10

  • The Agoric Swingset kernel gained the ability to run vats in separate processes, paving the way towards using the XS JavaScript engine.

  • We landed a new design for the default Agoric wallet, using @agoric/captp (an implementation of our remote object protocol), as well as SES in the browser.

  • Our latest testnet has passed 1,000,000 blocks. It will be restarted when we have a new alpha software release.

  • We have published SES 0.10.0 which has a lightweight “ses/lockdown” entry point that includes only “lockdown” and “harden” and only weighs 32KB.

  • We are putting together a Zoe release candidate for the new redesign.

Monday August 3

Monday July 27

  • The SwingSet kernel is undergoing refactoring to enable vats to be run in a child process using the XS JavaScript engine. Dynamic vats have an option to enable or disable metering.

  • We have solidified a plan for basing our VatTP communications layer on IBC, and have begun implementing it this week.

  • Zoe/ERTP: We released a new version of ERTP with a few name changes: We merged in a large refactoring of Zoe such that each contract instance is running in a new vat with its own copy of the Zoe contract facet: . We’re currently working on cleaning up the JSDoc/TypeScript types for the Zoe and ERTP APIs and checking in CI and we’ve started on a second refactoring of Zoe. This second refactoring changes many of the APIs, so please be on the lookout for the release and documentation changes in the new few weeks.

  • Changes landed in SES that will allow more off-the-shelf software to run after SES lockdown without compromising the integrity of code run in compartments. In particular, SES now virtualizes V8’s Error API to the extent common software takes advantage of it, and if software needs powers like Math.random or, they can have it in the start compartment without compromising child compartments.

  • At the TC39 meeting in July Yulia of Mozilla and Agoric’s Chief Scientist Mark S. Miller gave a coordinated pair of presentations on Writing Down Invariants for JavaScript. Yulia’s presentation is at Mark’s at They were received very well, and the committee will proceed along these lines.

Monday July 20

  • We incorporated the feedback from the internal hackathon into a new Zoe design which will be rolling out in the next few weeks.

  • We made each contract running under Zoe get spawned in a separate vat, which means that one contract instance crashing won’t affect other contracts. The changes to Zoe’s API are very minor.

Monday July 13

  • SES 0.9.0 has been released.

  • The entire company and few guests participated in an internal hackathon to really dig into our developer experience, documentation, and APIs. We built contracts with Zoe and ERTP for DeFi, pegging, voting, and gaming.

Monday June 29

Monday June 15

  • We now have a proof-of-concept for running, archiving, and running-from-an-archive applications composed of Node.js-style packages, in SES compartments.

  • We’ve won the Gaia award (best technical documentation) for participating in Game of Zones.

Monday June 8

  • We’ve been accumulating changes to Zoe based on feedback from the recent Gitcoin hackathon that will be released soon.

  • For GoZ phase 3, Agoric put together a proof-of-concept Smart Relayer that combines the Agoric JavaScript programming model with Iqlusion’s relayer. The Smart Relayer supports simple JavaScript programs to inspect, analyze, and manipulate packets being relayed. The relayers can talk to smart contracts on an agoric-based “commander” zone, or run standalone. They also should work for any IBC chain that the iqlusion relayer can support.

  • Users can now send and receive payments from other users in the REPL as of this PR.

Monday June 1

  • In Zoe, we split our non-fungible token contract example into a generic contract to sell items and a generic contract that mints the items and launches instances of the sales contract.

  • We’ve added ADR as a proposal to enable “passive” IBC relayers (ones that manage a whole connection and detect when channels come and go), as well as “channel control” messages to allow an application to decide how and whether to handle channel open and close handshakes.

Monday May 18

Monday May 4

  • We made a number of small changes to make Zoe easier to use, including adding two new helpers. escrowAndAllocateTo is a zoeHelper to be used within contracts to escrow a payment and allocate it to a recipient. checkHook is a helper that wraps an offerHook with a check of whether the offer matches the expected proposal format before calling the offerHook.

  • Agoric SDK version 2.3.0 has been released, and the testnet has been updated to it. News includes Zoe 0.6.0 and the dynamic IBC network interface.

Monday April 27

Monday April 20

  • The Agoric dIBC implementation now works across chains, tested with a relayer from gaia<->agoric and agoric<->agoric.

  • Added a notification facility for Zoe so that contract clients can be notified when offers change state, or when the contract signals an event.

  • Refactored the Zoe API to be a) simpler for the contract author, b) simpler for the contract participant, c) simpler to explain, and d) without any loss of expressive power.

Monday April 13

  • Cosmic-swingset (our testnet chain) switched to a more-efficient database-backed kernel storage system.

  • We’ve begun working on loading modules in compartments and decoupling compartments from SES lockdown.

  • Testing interoperability of IBC on Agoric (to and from other chains) has begun. End-to-end dynamic IBC channels in Javascript is the target.

  • This week we added a new example contract running on Zoe which shows how to mint non-fungible tickets for seats at an Opera. The contract sells the tickets for a specific amount per ticket, as set by the user who instantiates the contract. Ticket buyers can look up the available tickets and leverage Zoe for offer safety, guaranteeing that they will either get the tickets they specified or that they will get their money back.

Monday April 6

  • We released v0.5.1 of ERTP. We changed most of the methods in ERTP that accept payments such that they now accept payments or promises that resolve to a payment. The only exception is purse.deposit, which only accepts payments and does not accept promises. This ensures correct ordering, so that a withdrawal call, if made after a deposit call, will always be carried out after the deposit.

  • New testnet with the latest pre-alpha Zoe and the beginnings of dIBC support has been released.

  • Compartments (which is most of SES) made it to stage 1 at TC39.

Monday March 30

  • We released a new version of Zoe (v0.3.0), which makes it easier for users to escrow with Zoe and receive their payouts. This version eliminates the array structure for offer rules and instead allows the user to make their offer using Javascript objects with specialized keys called “keywords”.

  • We’ve started Dynamic IBC implementation.

Friday March 20

  • We have been hard at work on a new release of Zoe. The previous version of Zoe required users to make their offer in the form of arrays that needed elements to be in a specific order. This new version of Zoe introduces the concept of “keywords”. Each contract has its own specific keywords. For instance, an auction might have “Asset” and “Bid”. Keywords are unique identifiers per contract, that tie together the user’s proposal (previously called “offerRules”), the user’s payments to be escrowed by Zoe, and Zoe’s payouts to the user. We think this is a major usability improvement.

  • We now have 4 external validators.

Friday March 13

  • Agoric testnet block explorer is live, and working with the Cosmos SDK IBC branch.

Friday March 6

  • We added the concept of a brand, because the assay (renamed to issuer) was serving two purposes: it was indicating the kind and was a trusted authority for payment and purse validity. This was a problem because where it was used to indicate the kind, like in payment.getBalance(), a user could obtain an assay from the payment, then try to use the assay to verify the payment.

  • New ERTP guide is up.

  • SES v.0.7.0 is up.

Friday February 28

  • Testnet has been upgraded: it now has Zoe and IBC-Alpha integrated, and the Pixel Demo has been scraped off in favor of a simple wallet. Please note you will need to update your SOLO_NAME and request a new provisioning code.

  • New ERTP API has a separation of Brand from Issuer. More general remote creations of amountMath, enabling Zoe to handle more kinds of remote assets.

  • New versions of realms-shim and SES were published to NPM. These add support for the instrumentation of code for basic “gas metering”.

Friday February 7

  • We released ERTP 0.3.0 which strips down ERTP to the essentials. Other files such as utility functions were moved to their own npm packages. The “contractHost” has been moved out of ERTP and shelved.

  • Work is underway to port the “Swingset” execution environment to the new version of SES.

  • Working on integrating module support to ses-beta.

Friday January 31

Friday January 24

  • SwingSet can now install new code in a distinct vat at runtime.

  • Zoe v0.2.0 was released! This update simplifies the process of escrowing with Zoe.

Friday January 17

  • We’ve made good progress on rewriting the purse and paymentKeepers to make sure that currency is conserved on each call.

  • We’ve created a Compartment ShIm in XS that overrides the native one and allows us to experience non-flat module maps.

Friday January 10

  • We’ve completed the SES-shim 2.0 beta which is public now.

  • All of the current ERTP and Zoe tasks are now organized into project boards and we’ve grouped the breaking changes into expected release milestones.

  • Made usability improvements for external validators in our testnet.

Friday December 20

  • We released v0.1.2 of Zoe which went through a major internal refactoring. We have several PRs in flight that will become v0.2.0 of Zoe, which will have breaking changes.

  • We’ve added the first validator to our testnet.

  • We’ve made some releases to the agoric-sdk repository: @agoric/eventual-send 0.5.0, @agoric/default-evalute-options 0.3.0, @agoric/evaluate 2.2.0, @agoric/marshal 0.1.2, and @agoric/captp 1.2.0.

Friday December 13

  • The new SES monorepo is in beta, public. It integrates all current SES assets, including harden, it’s also using lerna and a simple dependency manager (there is no need to use lerna bootstrap).

  • We’re getting a “playground” up for Zoe - a repo that just imports the ERTP and Zoe packages and gives people the example contracts with tape or jest and placeholders for where they should put their custom logic. Think “myFirstDapp” but just the “myFirstSmartContract” on Zoe part.

Friday December 6

  • We’ve moved ERTP into the monorepo, Zoe is now its own npm package at “@agoric/zoe”.

  • Testnet is now being updated from the agoric-sdk monorepo.

Friday November 22

  • We’re working on changing Zoe such that users always use an invite to join a contract when they escrow with Zoe. This simplifies the user flow and gets rid of an older concept, “escrowReceipts”.

  • Completed a test runner for JavaScript modules. It uses the official EcmaScript specifications tests. At the moment, 35% of the tests are enabled and passing in our experimental module rewriter and importer.

Friday November 8

  • Agoric Dev Tools can be found here.

  • Added the pre-alpha Autoswap backend to the testnet.

  • Learn about the winners’ projects built using Agoric stack during the DeFi Hackathon.

Friday November 1

Friday October 25

  • We’re preparing the pre-alpha version of Zoe for SF Blockchain Week. Zoe now includes six default smart contracts: automaticRefund, used for testing and tutorials, which just gives the user their digital assets back, autoswap, a Uniswap implementation, coveredCall which involves an invite to make an offer that can act as an option, publicAuction which is a second-price auction, publicSwap which has the same swap logic as the coveredCall contract, but which doesn’t use invites, and simpleExchange which is a naive decentralized exchange.

  • Security bug blog post was released by our engineering team. Our development efforts are shifting to the evaluator-shim at the moment.

  • We’re preparing for the DeFi Hackathon, check our documentation here if you’re coming to build on our stack.

Friday October 18

Friday October 11

  • MetaMask demoed two amazing new projects, both of which use Agoric’s Secure ECMAScript (SES): LavaMoat, which protects against malicious JavaScript dependencies, and MetaMask Snaps, a plugin system for MetaMask. Users such as Starkware were able to easily build their own plugin running securely under SES.

  • Kate spoke on whether blockchains can provide rule of law at Devcon5 in Osaka as part of the Governance Track with over 10 speakers from various blockchain projects.

  • We’ve released @agoric/swingset-vat-0.0.27, with new state management API and fixing an infinite loop in promise chaining.

Friday October 4

Friday September 27

Friday September 20

Friday September 13

Monday September 9

  • On our testnet, we enabled “mutable globals” and “sloppyGlobals” in the gallery demo. This allows direct assignment to unreferenced global variables such as “myvar = 123” assigning to the global “myvar”.

  • We made a number of updates to SES, including fixing the “override mistake.” In the “override mistake,” any instance that tries to shadow a prototype definition (i.e. override it) will fail if the prototype is frozen. For instance, if Object.prototype is frozen, trying to set myObject.toString will fail. For security purposes, we want to be able to freeze the JavaScript prototypes, so this was a necessary fix for usability.

Friday August 30

  • Agoric and the Cosmos team started the review of IBC specification (release candidate 2). (PDF, comments)

  • MetaMask executed their first test transaction that uses our secure runtime for JavaScript, SES, to secure their JavaScript dependencies.

Friday August 23

  • The beginnings of a publically-accessible testnet dashboard are now available.

  • Our Testnet logs are now being stored in bulk, and we’re working on making it more available as well as improving it to make it part of a block explorer.

  • On ERTP, we’ve made it even easier to configure a custom Mint by extracting the custom logic for adding and subtracting balances. We’re calling this custom logic a Strategy, and it works for both fungible and non-fungible tokens.

Friday August 16

Friday August 9

  • We upgraded our private testnet with new performance enhancements, making persistence much more efficient.

  • We created a reusable abstraction for revocable property rights for our pixel demo, where users are able to buy, sell, and color pixels on a website on our private testnet. We wanted to represent owner, tenant, and subtenant relationships for owning a pixel. In this world, “ownership” means having the ability to give other people the right to color the pixel. This access can be revoked by anyone “higher up” in the hierarchy, so tenants can kick out subtenants, owners can kick out tenants, etc. This pattern of separating use from ownership shows up again and again in property rights of various sorts, so we expect it to be helpful going forward.

Friday August 2

  • We built a parser from our existing Javascript PEG (Parsing Expression Grammar) library, and verified that the Assay, Issuer, and Contract Host Chainmail IDL produced legitimate ASTs. The IDL is based on Cap’n Proto and we plan to use the ASTs for things such as enforcing types at the CapTP level,for TypeScript style type checking, for generating documentation, or for generating stubs for calling from other languages.

  • We’ve made revisions to how users can check the terms of a contract, and refactored our makeMint function to be more readable.

  • We released new versions of SwingSet and cosmic-swingset.

Friday July 26

  • We hosted a very successful token design workshop last weekend. A big thanks to all of the guests willing to share their knowledge.

  • We analyzed performance issues on our testnet and came up with some concrete solutions.

  • We designed and documented a new SwingSet kernel API.

  • Mark, Dean, and Aaron Davis (kumavis) from Metamask presented at TC39 (the JavaScript standards committee) on SES, sesify, and “infix bang”, i.e., distributed object programming in js with promise pipelining.

Friday July 12

Friday June 28

  • We began work on an experimental Rust port of our Node.js-based “SwingSet” vat-execution platform, to refine the API and interface types used at the vat/kernel boundary.

  • Kate spoke at QCon New York on using SES and Realms to make ‘npm install’ safe (article here). Many of the solutions to attacks like the event-stream incident have focused on the open source developer community, but SES and Realms focus on eliminating the unnecessary authority (like access to the file system and access to the network) that were required for the attack.

Friday June 21

  • We are excited to announce Agoric’s partnership with Cosmos and Cosmos’ Interchain Foundation. Agoric and Cosmos are jointly creating the IBC (Inter­Blockchain Communication) protocol. IBC will provide true interoperability across multiple blockchains, and expand the market available to millions of current and future smart contracts developers worldwide.

  • Dean spoke at Zcon1 (video here) with an update on what we’ve accomplished since last year’s Zcon0, including the creation of a secure runtime for JavaScript (SES), a running end-to-end Cosmos-based testnet, the Cosmos IBC collaboration, and further work on our smart contract framework and components.

Friday June 14

  • We had a blast working with Cosmos this week in Berlin at the Interchain Conversations conference and their hackathon. Two Agoric-related entries won at the hackathon:
    • Aaron Davis (kumavis) of MetaMask has created a plugin for browserify using Agoric’s SES that reduces the risk of using third-party packages. At the hackathon, he additionally built a visualizer for JavaScript package dependencies that colors each module node based on the level of security exposure.

    • We demoed our integration with Cosmos, running “Swingset” on a cosmos chain. In order to show our full stack, we built a simple pixel marketplace (think Million Dollar Homepage or Reddit’s /r/Place) that uses our Electronic Rights Protocol and provides the ability to color, buy, and sell pixels as well as create further abstractions.

Friday June 7

  • The team has been hard at work getting the Swingset demo ready for Berlin.

Friday May 31

  • We’ve been continuing progress towards our upcoming initial testnet, including new releases of our Swingset environment. The new features include a different way of handling the state of our “nanokernel”, merging Mark’s higher order contracts onto trunk, and adding new devices to enable interaction with HTTP requests.

  • We’ll be joining Cosmos in Berlin next week at their Interchain Conversations unconference and their HackAtom hackathon. Mark will be participating in the Interoperability panel and Brian and Dean will be presenting on our integration with Cosmos. Hope to see you there

Friday May 24

  • This week Mark successfully implemented a particular example of higher order contracts. “Higher order” contracts allow you to effectively tokenize positions in contracts. In this particular scenario, Bob writes a covered call giving Alice the option to buy Bob’s stock shares. Alice makes a new escrow agent that allows her to trade this seat at the table to Fred, and Fred is able to verify that these are the rights he is interested in. The escrow agent code is able to treat the “seat at the table” as if it were a straightforward token, allowing us to use these “higher order” tokens in any smart contract component that accepts tokens.

Friday May 17

  • Our team grew! We’d like to welcome four new hires: Michael Fig, Chris Hibbert, Tatyana Roberts, and Paul Walton. They will be contributing in engineering, operations, and business development.

  • We’ve been hard at work on our testnet, building on our “SwingSet” environment.

Friday May 10

  • We’re very pleased to announce that we’ve secured $4 million in new funding from Ripple’s Xpring, gumi Cryptos Capital, Kilowatt Capital, MetaStable Capital, Outlier Ventures, Lemniscap, Rockaway Blockchain and the Interchain Foundation, as well as additional funding from the Electric Coin Company (sometimes referred to as the Zcash Company, the for-profit institution behind the privacy-focused cryptocurrency zcash), Naval Ravikant and Polychain.

  • Dean gave an impassioned speech on smart contracts at the Blockchain in Transport Alliance (BiTA) Spring Symposium. Dean explained that the ultimate vision for smart contracts is to bring the entire economy of the world online. “The diverse, vibrant world economy”, he said, “needs high integrity computation, a security model that works for software components, broad scope and interoperability with other chains.”

Friday May 3

  • On our Electronic Rights Transfer Protocol (ERTP) branch, Mark has made some major advances. We’ve split our purse abstraction into ‘purses’ and ‘payments,’ where payments represent digital assets in transit, with the transfer rights locked up. We’ve also added a way to generalize kinds of digital assets (fungible, non-fungible) and valid operations on them. Lastly, our contracts now have a flexible API for representing a particular position in an ongoing smart contract, which can itself be bought and sold. Someone who buys a position in a smart contract can verify with the contract host to see what they would be joining.

  • We implemented a new device model for their “SwingSet” environment, in which external functions are made available as capability-oriented “device nodes”, allowing them to be shared between vats and managed just like normal objects. This will support inter-machine and inter-chain communication links in the next few weeks.

  • We’ve added a “Comms” vat to our SwingSet environment, which is responsible for sending and receiving messages from external machines and translating and relaying them to other vats on the same machine.

Friday April 26

Friday April 19

  • At our SES meeting this week (recording here), we reviewed the proposed minimal translation from modules to evaluable scripts (a step towards being able to use SES with JavaScript packages), and got agreement from key stakeholders, including John-David Dalton, creator of the lodash and esm packages, who has joined the Salesforce team working with SES.

  • We released @agoric/make-hardener-0.0.6 to NPM, a library to make defensible API surfaces by transitively freezing JavaScript objects in-place.

  • We’ve continued work on the “SwingSet” environment, which contains a JS “exo-kernel” and messaging/execution framework inspired by the KeyKOS operating system, extended with asynchronous messaging.

Friday April 12

  • We merged in a number of small pull requests this week and have been working on better tutorials for our “SwingSet” vat platform for testing out smart contracts. Some of the pull requests included:
    • Using the realms-shim repo in SES rather than the TC39 Realms proposal specification repo.
    • Deleting a property called “domain” that the Node.js REPL adds to promises. When SES tries to harden (deep freeze) all of the objects provided by Node.js, it notices that it didn’t expect the “domain” property and purposefully errors to avoid a potential vulnerability.

Friday April 5

  • Agoric released version 0.5.0 of SES, “Secure ECMAScript”, a library for safely executing and interacting with potentially-hostile JavaScript code. This release improves bundling for use in web browser contexts (UMD), Node.js environments (CommonJS), and as ES6 Module imports. It also fixes incompatibilities with Chrome-73 and Browserify.

Friday March 29

  • Agoric’s “SwingSet” vat platform now supports evaluation of contract code outside of SES, providing a fallback for use in typical standard JS development tools, to preserve line numbers and stack traces.
  • The shim which implements the proposed Javascript “Realms” API is being moved out of the TC39 proposal repository into a dedicated repository. The TC39 repo will continue to host the specification text itself.

Friday March 22

  • Mark wrote the draft specification for a standalone SES engine. Rather than taking an existing JavaScript engine and creating a SES runtime within it, this would be SES compliant from the beginning, meaning that many of the problematic and non-deterministic parts of JavaScript just wouldn’t exist in the first place.

  • Agoric’s new “SwingSet” vat implementation is now feature complete and passes all tests, including the ERTP contract host examples (Mint, Purse, ContractHost, and Escrow Agent).

Friday March 15

Friday March 8

Friday March 1

  • Mark Miller gave a presentation to TC53, the standards committee for JavaScript applications on wearable devices/IoT, on SES and Jessie. Peter Hoddie of Moddable described it as an “amazing talk about a future where JavaScript code from multiple parties securely co-exists, where program logic is exchanged as easily as JSON data, and standard JavaScript works even better on constrained devices.”
  • Metamask presented their browserify plugin, sesify, at our weekly meeting on SES. Recording here.
  • We’ve been working on making our utility libraries usable as CommonJS modules, ES6 modules, and UMD files, so that they can easily be used in Node.js, the browser, and bundlers.

Friday Feb 22

  • We released a new version of the “SES” Secure EcmaScript library (0.4.0). This version adds a limited form of require() to the confined code, allowing it to perform a few specific module imports, fully controlled by the enclosing realm.
  • We also released new utility libraries (@agoric/nat, @agoric/make-hardener, and @agoric/harden), which used to be part of SES. By splitting these out into external modules, application code which uses them can be unit-tested either inside or outside of a SES environment. “Harden” performs a deep Object.freeze, to protect an API object from external tampering, facilitating safe interaction between mutually suspicious code.

Friday Feb 15

  • We’ve moved a couple of libraries out of SES so that they can be used outside of a SES environment.
  • One of them is Nat. Nat() can be used to check that a value is a safe integer and should be used on things like account balances and any kind of manipulation of value represented in JavaScript numbers.
  • Another library is makeHardener, which creates a function (harden) that performs a full “deep freeze” on JavaScript objects. More information on why you might want to “harden” an object here.

Friday Feb 8

  • SES-0.3.0 is released and up on npm. This release improves security and functionality and fixes all known confinement leaks. It also improves usability by allowing the user to turn on console.log and display uncaught exceptions.

  • This week we had a lot of great activity on, the community forum for discussing object capabilities in JavaScript.

Friday Feb 1

Friday Jan 25

  • Mark Miller will be speaking at the Stanford Blockchain Conference on Agoric’s smart contract platform, including eventual-sends. Eventual-sends provide a solution to the reentrancy vulnerabilities that have been plaguing smart contracts.

  • Bill and Kate had a blast connecting with the larger JavaScript world at the ForwardJS Conference in San Francisco

  • We made good progress on one of the remaining security bugs for SES.

Friday Jan 18

  • This week was all about SES. In SES, you can run code in a featherweight compartment that has no access to things like window or document, keeping the data on your page safe from exfiltration. SES also can keep third party code from accessing other third party code, making it perfect for a plugin or module architecture. This week we:

  • Released 0.2.0 on npm

  • fixed a confinement bypass found by Matt Austin which enabled access to and other forms of unsanctioned nondeterminism

  • fixed a security failure in the confined Function constructor, also found by Matt Austin

  • improved confinement of RegExp and platform-specific debugging functions

  • added options to control access to Math.random() and i18n nondeterminism

  • Also, we wanted to highlight an awesome MetaMask project that is in process. Sesify applies SES to browserify, keeping your code safe from the modules you might want to import.

Friday Jan 11

  • We’re doing a major overhaul of our planning document for Safe JavaScript Modules, adding a concrete example throughout the document.  It’s a great overview of how Realms and SES can load modules securely, and actually prevent incidents like the event-stream exploit. Feel free to check it out and add comments. We’re also discussing it on

  • This week we got the first version of our security kernel running on the XS JavaScript engine. This is huge because it means that the features of JavaScript that our security kernel and smart contract platform rely on are implemented in XS.

Friday Jan 4

  • Happy New Year! This week we worked with RMIT to release a medium post by economists Chris Berg, Sinclair Davidson, Jason Potts and our very own Bill Tulloh. It’s on “nanoeconomics,” meaning a layer below microeconomics, including a market in computational resources. This builds on the concepts in the original Agoric papers by Mark S. Miller and K. Eric Drexler.

  • We’ve just launched a new site for discussing object capabilities in JavaScript at We were noticing a lot of people were exploring solutions for safe module loading, and we wanted a place to be able to discuss it. Feel free to join the discussion!

  • We wanted to give a shoutout to two members of the community:

  • Michael Fig has started to build an amazing tool called Jessica, which is a Jessie (one of our subsets of JavaScript) runtime environment created using only Jessie modules, containing also translators from Jessie to other languages.

  • Bradley Farias has done a significant amount of work on a tool that analyzes the use of authority in JavaScript packages. He says that the tool will include “listing all potential resource authority usages. This is the full set of all free variables and dependencies a resource can obtain directly.”

Friday Dec 21

  • We got the XS JavaScript engine compiled to WASM and got “hello world” running on XS on WASM on Node.js. This is super exciting because it’s the first step to run our smart contracts on chains that support WASM.

  • Our least authority module system for JavaScript now has a planning document that is in progress. It’s a great overview of how Realms and SES can load modules securely. Feel free to check it out and add comments. We will be making some major changes in the near future to the later sections of the document.

Friday Dec 14

  • This week, we continued work on the least authority module system for JavaScript with partners from academia and industry.

  • We also continued work on compiling XS (Moddable’s JavaScript engine) into WASM for use with the Substrate runtime system.

  • We updated our eslint config package for Jessie (our subset of JavaScript for smart contracts) to include better error messages and tests. We also built a testing utility for eslint configs that can be used separately.

Friday Dec 7

  • We are working with the Moddable team to retarget their XS JavaScript engine to WASM. We can use this tiny and reliable embedded JS engine for smart contracts!

  • We are working with partners at Salesforce, Node.js, Carnegie Mellon, and others to design a module system for JavaScript that enables bringing in third party code safely.

Friday Nov 30

  • We published a piece on the recent npm package event-stream incident. At Agoric, we think that the incident was entirely preventable - if you enforce the principle of least authority (POLA), which says that code should be granted only the authority it needs and no more. Read about how enforcing POLA would change Node.js and prevent these kinds of attacks here.  

  • TC39, the JavaScript Standards committee, had their November meeting, which Mark Miller of Agoric presented at.

  • Given the recent event-stream exploit, Mark presented on a module system that would have granted modules least authority and would have prevented the exploit.

  • Mark presented on Jessie, our secure subset of JavaScript for smart contracts

  • Mark and Alan Schmitt of JSCert planned how to proceed towards a mechanized formalization of Jessie.

  • Dean and Mark and Till Schneidereit of Mozilla refined the weak references API.

Friday Nov 16

  • We’ve added updated versions of the Agoric Open Systems papers to the website, including pdfs and the full text of each of the three papers! These papers are listed as part of Andreessen Horowitz’s Crypto Canon, so we’re glad to get them updated.

  • We’re continuing to make progress on hardening our proof of concept, exploring use cases and talking with entrepreneurs looking to write smart contracts, and building developer tools.

Friday Nov 9

Friday Nov 2

  • Our Chief Scientist, Mark Miller, is the co-author on a new paper, “Abstract and Concrete Data Types vs Object Capabilities.” The paper explores how abstract data types can be implemented in an object-capability language. A number of the examples in the paper involve the exchange of digital assets. Download here.

  • We’ve released an eslint package for Jessie, a Turing complete minimal subset of JavaScript designed for smart contract programming. Jessie is designed to yield small programs that are easy to review both formally and informally, enabling programmers to write non-trivial, non-exploitable smart contracts.

  • We are making steady progress on integrating with Parity Substrate.

Friday Oct 26

  • Our in-house economist, Bill Tulloh, will be presenting at Research and Practice on Blockchain October 27th, on “A Principal-Agent Approach to Securing Smart Contracts.”

  • Mark Miller and Bill Tulloh are organizing this year’s OCAP Workshop during SPLASH in Boston on November 6th. The workshop is designed to explore the latest developments in the theory and practice of the object-capability approach, and provide a forum for knowledge exchange and collaboration.

Friday Oct 19

  • We made progress towards parachain design, specifically in terms of serializing our JavaScript contract objects as merklized data structures.

  • Dean will be speaking on “The Duality of Smart Contracts and Electronic Rights” at the Web3 Summit on Tuesday October 23rd at 14:15.

  • Our in-house economist, Bill Tulloh, will be presenting at Research and Practice on Blockchain October 27th, on “A Principal-Agent Approach to Securing Smart Contracts.” You can see more upcoming events on our events page.

Friday Oct 12

  • We had a blast meeting everyone during SFBW. Mark Miller has uploaded a recording of his talk about secure smart contracts to the SF Cryptocurrency Devs which can be listened to here. Video coming soon!

Friday Oct 5

  • Mark has been writing smart contracts using our proof of concept. We are particularly excited about the covered call option contract, which demonstrates the ability of our smart contract framework to allow access to contracts to be traded as easily as native tokens. This ability to derive new rights from positions in contracts and use them in other contracts will be necessary for a vibrant crypto-economy. The code is still a work in progress, but feel free to take a look!

  • We have two events during SF Blockchain Week: Dean is talking about Authority in Smart Contracts at SFBW Epicenter on October 8th at 2:20pm and Mark is presenting on the Agoric platform and framework on October 10th at 7pm. For more information, see our events page. Hope to see you there!

Friday Sept 28

  • We sent out our first newsletter this week! Sign up here to get on our email list.

  • We have a number of events coming up during SF Blockchain Week:

  • Dean is giving a talk on “Authority in Smart Contracts” at the Titans of Tech stage at SFBW Epicenter on October 8th at 2:20pm

  • Mark is speaking about the Agoric approach to smart contracts at the SF Cryptocurrency Devs Meetup October 10th at 7pm. There are only 8 spots left, so RSVP today!

Friday Sept 21

Friday Sept 14

  • We continued to improve our proof-of-concept, and hope to release it to the public next week.

  • To let people know where we’ll be headed and where we will be speaking, we’ve created a new upcoming events page on our website. Check back after events for links to recordings and slides!

  • As part of SF Blockchain week, we will be doing an overview of the Agoric platform and approach to smart contracts at the SF Cryptocurrency Devs meetup on October 10th at 7pm in San Francisco. Additionally, Dean will be giving a talk during Epicenter (Oct 8th 2:20PM - 2:45PM) on “Authority in Smart Contracts” and the problems of identity-based access control in smart contracts.

Friday Sept 7

  • The first proof-of-concept implementation of our smart contract execution engine (the “Vat”) is now feature-complete. It exercises secure libp2p-based messaging between both solo and quorum (replicated) Vats, durable state checkpointing via deterministic replay of inbound messages, small-scale distributed consensus about message delivery order, and downstream enforcement of the consensus rules for messages emitted by quorum Vats.

  • Based on a previous conversation between Mark Miller and the Node Security Workgroup, Bradley Meck has put together a draft document that “proposes a way to introduce a set of features to Node.js in order to achieve a reasonable security model based upon the Object-Capability Model and verification of resources loaded by Node.js”

Friday Sept 2

  • We’ve been working hard on the end-to-end proof of concept. In addition to porting over all of the contracts from Distributed Electronic Rights In Javascript, the proof of concept includes communication between “vats”, a term that comes from the influential programming language E and refers to separate computational subworlds that can proceed forward simultaneously. More on this to come.

  • If you’re attending ETHBerlin or live in the area, be on the lookout for Kate and Dean this upcoming week. You can reach them on Twitter

Fri Aug 24

  • Mark gave a talk to the Node.js Security Workgroup about SES (Secure ECMAScript, the secure subset of JavaScript) and the membrane programming pattern.

  • Agoric released a new version of SES. SES-0.1.3 adds utility functions and fixes an accidental vulnerability in the web-based demonstration code.

Fri Aug 17

Fri Aug 10

Fri Aug 3

Fri Jul 27

  • We announced the release of SES, a secure subset of JavaScript. SES enables untrusted JavaScript programs to execute in the same environment safely.

  • To showcase SES’s ability, we’ve released a SES Challenge. A random code is generated, and we invite you to put SES to the test with various attacks and guess the code! Any security-sensitive issues can be reported using our vulnerability disclosure process.

  • At the TC39 meeting, Mark Miller of Agoric presented on the results of the Realms shim security review. Realms is a standards track proposal for JavaScript that SES builds on.

  • Brian Warner of Agoric will be speaking at the Decentralized Web Summit. Hope to see you there!

Fri Jul 20

  • Set a goal of 100% code coverage of the Realms shim code

  • Passed 90% coverage of the Realms shim code

Fri Jul 13

  • Announced that Agoric has officially joined TC39, the JavaScript standards working group.

  • Filed all issues from the Realms shim security review for reconciliation with the proposed specification.

Fri Jul 6

  • Worked with Salesforce to do a careful line-by-line security review and revision of the Realms shim, which is our security kernel in modern JavaScript.

  • Led a workshop on secure smart contracts and object capabilities at Zcon0