diff --git a/docs/ethereum-L2.md b/docs/ethereum-L2.md index a367c54..fd23051 100644 --- a/docs/ethereum-L2.md +++ b/docs/ethereum-L2.md @@ -82,7 +82,7 @@ Let’s remember that Zero Knowledge Proofs are probabilistic. The Verifier chec Let's say we have `S` threads and `N` validators, out of which M are malicious. For each thread, we choose `L` validators that will sign the block. If a group of validators gathers at least `C` malicious ones, the attack is considered successful. Let's calculate the probability of an attack on a single thread. -The total number of ways to choose validators for a thread is $C _{L} ^{N}$ +The total number of ways to choose validators for a thread is $C _{N} ^{L}$ Let `i` be the number of malicious validators gathered in a thread. To find the number of ways to choose at least `C` malicious validators, we need to multiply the number of ways to choose malicious validators by the number of ways to choose regular validators. @@ -98,7 +98,7 @@ $$\displaystyle\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}$$ The final probability of an attack on a single thread, without considering verifiers, is -$$P = \frac{\displaystyle\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{L} ^{N}}$$ +$$P = \frac{\displaystyle\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{N} ^{L}}$$ Let $T = \frac{N}{R}$ where `R` is some number. A validator becomes a verifier if the remainder of some hash when divided by ${T}$ equals zero. @@ -108,7 +108,7 @@ The probability of this is $(1 - \frac{1}{T}) ^{N-M}$ Thus, the final probability of the attack is -$$P = \frac{\displaystyle\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{L} ^{N}} * (1 - \frac{1}{T}) ^{N-M}$$ +$$P = \frac{\displaystyle\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{N} ^{L}} * (1 - \frac{1}{T}) ^{N-M}$$ Which is less of an a probability of successful attack on Bitcoin blockchain: @@ -146,12 +146,9 @@ Which is less of an a probability of successful attack on Bitcoin blockchain: ## **Usage** Any DAO on GOSH can become Ethereum Layer 2 with a click of a button. -DAO members can choose to have their token available in Ethereum, effectively making any project its own L2. And because GOSH L2 supports ERC-20 Tokenization, we offer easy ecosystem integration for any project. +DAO members can choose to have their token available in Ethereum, effectively making any project its own L2. And because GOSH L2 supports ERC-20 Tokenization, we offer easy ecosystem integration for any project............... - -................. - ## **Definitions** diff --git a/site/ethereum-L2/index.html b/site/ethereum-L2/index.html index 404273d..1d93570 100644 --- a/site/ethereum-L2/index.html +++ b/site/ethereum-L2/index.html @@ -800,19 +800,19 @@

Stage 3: Validium ZKP roll-upLet’s remember that Zero Knowledge Proofs are probabilistic. The Verifier check protocol is probabilistic as well. The ZKP does not prove that every operation on the L2 blockchain is correct because that would not only be costly but not necessarily increase the probability of the correctness in respect to Verifiers check.

Let's say we have S threads and N validators, out of which M are malicious. For each thread, we choose L validators that will sign the block. If a group of validators gathers at least C malicious ones, the attack is considered successful.
Let's calculate the probability of an attack on a single thread.

-

The total number of ways to choose validators for a thread is \(C _{L} ^{N}\)

+

The total number of ways to choose validators for a thread is \(C _{N} ^{L}\)

Let i be the number of malicious validators gathered in a thread. To find the number of ways to choose at least C malicious validators, we need to multiply the number of ways to choose malicious validators by the number of ways to choose regular validators.

That is \(C _{M} ^{i} * C _{N-M} ^{L-i}\)

Since we need to gather at least C malicious validators, the total number of ways will be the sum

of i from C to L :

\[\displaystyle\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}\]

The final probability of an attack on a single thread, without considering verifiers, is

-
\[P = \frac{\displaystyle\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{L} ^{N}}\]
+
\[P = \frac{\displaystyle\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{N} ^{L}}\]

Let \(T = \frac{N}{R}\) where R is some number. A validator becomes a verifier if the remainder of some hash when divided by \({T}\) equals zero.

In each round, the probability for a particular validator to become a verifier is \(\frac{1}{T}\). For the attack to be successful, none of the honest validators should become a verifier.

The probability of this is \((1 - \frac{1}{T}) ^{N-M}\)

Thus, the final probability of the attack is

-
\[P = \frac{\displaystyle\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{L} ^{N}} * (1 - \frac{1}{T}) ^{N-M}\]
+
\[P = \frac{\displaystyle\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{N} ^{L}} * (1 - \frac{1}{T}) ^{N-M}\]

Which is less of an a probability of successful attack on Bitcoin blockchain:

@@ -879,8 +879,7 @@

Contracts

Usage

Any DAO on GOSH can become Ethereum Layer 2 with a click of a button. -DAO members can choose to have their token available in Ethereum, effectively making any project its own L2. And because GOSH L2 supports ERC-20 Tokenization, we offer easy ecosystem integration for any project.

-

.................

+DAO members can choose to have their token available in Ethereum, effectively making any project its own L2. And because GOSH L2 supports ERC-20 Tokenization, we offer easy ecosystem integration for any project...............

Definitions

Proposer is an off-chain program that any user can run on their own machine. It packages all necessary data to prove to GOSH chain that a particular transaction (let’s call them “L2 transactions”) on Ethereum Network took place and vise versa — to prove to Ethereum ELOCK smart contract (i.e. Ethereum validators) that an L2 transaction took place on the GOSH Blockchain.

Proposer will always accumulate all transactions that are currently not applied to generate the proof, thus ensuring that all transactions of the opposite network are applied. If that is not the case the State Validation function will fail.

diff --git a/site/search/search_index.json b/site/search/search_index.json index c67b272..6fae23b 100644 --- a/site/search/search_index.json +++ b/site/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Git Open Source Hodler","text":"

(Yes, it's Hodler).

GOSH is a blockchain built around securing the software supply chain and capturing the immense value in open source projects. This is achieved through record-setting blockchain tech, distributed programming, and a decentralized architecture - integrated into the same familiar git, meaning there is no change to the workflow.

"},{"location":"#motivation","title":"Motivation","text":"

The Software Supply Chain is a high-impact area. Yet there exists a distinctive lack of secure, trustless, verifiable, and transparent delivery of source code/binaries to developers and users in all software fields. Storing your code on a git means it has an owner, a single point of control, which leads to security vulnerabilities. Currently there is no industrial solution available that is not centralized and thus not dependent on the decisions of a few actors. The main way in which GOSH solves this issue is through allowing developers to build consensus around their code, so the more code is written, the more secure it becomes.

"},{"location":"#objective","title":"Objective","text":"

To create a truly decentralized development environment so that open source repositories can be run, governed, and monetized collectively. All the while, mitigating security and transparency issues arising from a conventional software supply chain.

"},{"location":"#architecture","title":"Architecture","text":"
  1. Build a scalable multithreaded, multisharded content addressable blockchain
  2. Implement Git using smart contracts
  3. Implement DAO on top of that Git to allow building consensus around the code
  4. Formally verify the smart contracts
  5. Represent all entities by hashes (container images, git commits, bl\u043ebs, pull requests etc.);
  6. Allow anyone to add some metadata with signature to any entity;
  7. Allow anyone to decide whose metadata to trust;
  8. Build chain/tree of trust: dependencies can be organized using the same architecture, and containers built
"},{"location":"#instruments-and-utilities","title":"Instruments and utilities","text":"

A variety of utility tools to assist with all the aspects of the solution are under active development. Explore the tools available now to get started with GOSH:

  • create and manage your on-chain repositories through GOSH Web or directly in the Docker Extension
  • work with on-chain repository as if you use a regular git repository with Git Remote Helper
"},{"location":"anytree-all/","title":"AnyTree","text":""},{"location":"anytree-all/#overview","title":"Overview","text":"

GOSH introduces AnyTree \u2014 the first software deployment system secured by the blockchain.

With AnyTree, any mutations of your code, down to every dependency, as well as operations, including builds and every artifact, are logged, timestamped, signed, and verified when used on GOSH

Use AnyTree on GOSH to benefit from added security, not only for your builds, but also the source code itself. Every single object in code delivered by AnyTree on GOSH is wrapped in a special executable ontology object, making GOSH AnyTree an unparalleled tool to allow businesses to log, and clearly tell what they are deploying where

GOSH AnyTree works with any Git storage. There\u2019s no need to change workflows, no need to upload any private or public repositories to any external service, and you can keep using your favorite package managers, and be sure that your software supply chain is secured by AnyTree

It\u2019s worth noting, however, that while the integration of AnyTree for Git offers an enhanced layer of security, it might not include the full array of features available on GOSH.

Info

The current version of AnyTree only supports Linux.

"},{"location":"anytree-all/#working-with-anytree","title":"Working with AnyTree","text":"

Detailed info can be found here or use quick start.

"},{"location":"anytree-all/#quick-start","title":"Quick start","text":"

  1. Install Git Remote Helper using the installation script

    wget -O - \\\nhttps://raw.githubusercontent.com/gosh-sh/gosh/dev/install.sh \\\n| bash -s\n

    Checking the installation results.

  2. Install AnyTree using the installation script

    wget -O - \\\nhttps://raw.githubusercontent.com/gosh-sh/anytree/dev/install.sh | bash -s\n
    export PATH=$PATH:$HOME/.gosh\n

    By default, script installs latest release to the default path $HOME/.gosh/, but you can customize it with env variables:

    TAG=0.3.0 BINARY_PATH=/usr/local/bin ./install.sh\n

    You can check installation by running:

    anytree --help\n

  3. Setup a GOSH project

    You need a GOSH repository. If you haven't used a GOSH-repository you can upload your github-repository to GOSH through onboarding or create a GOSH-account and create a new one.

    Go to your GOSH-repository

    and run:

    gosh init\n

  4. Generation SBOM file

    Prerequisites:

    • Docker
    • Python3 with pip (required to generate a SBOM-file)

    To create artifacts, you will need an SBOM file created according to the Cyclone DX specification

    Info

    The example file can be viewed here: https://github.com/gosh-sh/anytree/blob/dev/tools/python/sbom.json

    If you have a Rust project, you can generate an SBOM file using the script generate-sbom.py (scripts for other programming languages will coming soon)

    Note

    either copy script to your cargo project and run python3 generate-sbom.py or check and configure variables in script

    Info

    If necessary, install the dependencies for the script to work. Run in the folder where the script is located:

    pip3 install -r requirements.txt\n

    Possible options are described in the help:

    python3 generate-sbom.py --help\n

    After running the script you should get the following output at the end:

    Updated SBOM written to /home/user/gosh/v5_x/v5.1.0/git-remote-gosh/sbom.json\n

  5. Now you are ready to build artifact

    run:

    anytree build sbom.json\n

    As a result, a binary file of project will be created and you should get similar output at the end:

    Successfully copied 15.8MB to /home/user/.cache/anytree/builder/anytree-builder-5aba4439-2642-4b7f-bc3c-affd8c9839fd/target\n
    And your artifacts will be accessible in this folder

    Warning

    If the hash that was calculated when creating the SBOM file differs from the hash that AnyTree checks, an error like this will be output:

    Tip

    Place the SBOM-file in the same folder where GOSH.yaml is located.

"},{"location":"anytree-all/#working-with-anytree-without-gosh","title":"Working with AnyTree without GOSH","text":"

Prerequisites:

* Docker\n* Python3 with pip (required to generate a `SBOM-file`)\n

  1. Install AnyTree

    wget -O - https://raw.githubusercontent.com/gosh-sh/anytree/dev/install.sh | bash -s\n
    export PATH=$PATH:$HOME/.gosh\n

    By default, script installs latest release to the default path $HOME/.gosh/, but you can customize it with env variables:

    TAG=0.3.0 BINARY_PATH=/usr/local/bin ./install.sh\n

  2. Now you need the SBOM file.

    Prerequisites:

    • Docker
    • Python3 with pip (required to generate a SBOM-file)

    To create artifacts, you will need an SBOM file created according to the Cyclone DX specification

    Info

    The example file can be viewed here: https://github.com/gosh-sh/anytree/blob/dev/tools/python/sbom.json

    If you have a Rust project, you can generate an SBOM file using the script generate-sbom.py (scripts for other programming languages will coming soon)

    Note

    either copy script to your cargo project and run python3 generate-sbom.py or check and configure variables in script

    Info

    If necessary, install the dependencies for the script to work. Run in the folder where the script is located:

    pip3 install -r requirements.txt\n

    Possible options are described in the help:

    python3 generate-sbom.py --help\n
    usage: generate-sbom.py [-h] [--cargo-lock CARGO_LOCK_PATH] [--cargo-toml CARGO_TOML_PATH] [--initial-sbom INITIAL_SBOM_PATH]\n                        [--sbom-output SBOM_OUTPUT_PATH] [--project-src PROJECT_SRC_PATH] [--project-commit PROJECT_COMMIT]\n                        [--project-url PROJECT_URL]\n\nGenerate software bill of materials (SBOM) for Rust project\n\noptions:\n-h, --help            show this help message and exit\n--cargo-lock CARGO_LOCK_PATH\n                        Path to Cargo.lock file. Default - ./Cargo.lock\n--cargo-toml CARGO_TOML_PATH\n                        Path to Cargo.toml file. Default - ./Cargo.toml\n--initial-sbom INITIAL_SBOM_PATH\n                        Optional. Path to initial SBOM JSON file if need to append existing SBOM. Default - initial-sbom.json. Will ignore\n                        if file doesn't exist.\n--sbom-output SBOM_OUTPUT_PATH\n                        Path to output SBOM JSON file. Default - sbom.json\n--project-src PROJECT_SRC_PATH\n                        Path to the Rust project source if not in root git directory. Not relates to local file system path. Relates to\n                        path inside repo structure. For example we can use v5_x/v5.1.0/git-remote-gosh which means https://github.com/gosh-\n                        sh/gosh/v5_x/v5.1.0/git-remote-gosh\n--project-commit PROJECT_COMMIT\n                        Commit of the project. Default - commit parsed with 'git rev-parse HEAD' command in dir where Cargo.lock is\n                        located.\n--project-url PROJECT_URL\n                        URL of the project's repository. Default - project URL parsed with 'git config --get remote.origin.url' command in\n                        dir where Cargo.lock is located.\n

    For_example

    Run the generation of the SBOM-file for the rust project Git Remote Helper latest version:

    python3 ~/gs/generate-sbom.py --cargo-lock ~/gosh/v5_x/v5.1.0/git-remote-gosh/Cargo.lock --cargo-toml ~/gosh/v5_x/v5.1.0/git-remote-gosh/Cargo.toml --sbom-output ~/gosh/v5_x/v5.1.0/git-remote-gosh/sbom.json --project-src v5_x/v5.1.0/git-remote-gosh\n

    The script downloads all dependencies specified in cargo.lock, counts all hashes and the generated sbom.json will be placed in the root folder of the project.

    After running the script you should get the following output at the end:

    Updated SBOM written to /home/user/gosh/v5_x/v5.1.0/git-remote-gosh/sbom.json\n

    And generated sbom.json file in the following format https://github.com/gosh-sh/anytree/blob/dev/tools/python/sbom.json

  3. Now you can use sbom.json to build your project. run:

    ```\n    anytree build sbom.json\n    ```\n

As a result, a binary file of project will be created and you should get similar output at the end:

Successfully copied 15.8MB to /home/user/.cache/anytree/builder/anytree-builder-5aba4439-2642-4b7f-bc3c-affd8c9839fd/target\n
And your artifacts will be accessible in this folder

Warning

If the hash that was calculated when creating the SBOM file differs from the hash that AnyTree checks, an error like this will be output:

"},{"location":"ethereum-L2/","title":"GOSH Ethereum L2","text":""},{"location":"ethereum-L2/#overview","title":"Overview","text":"

GOSH is an asynchronous, highly scalable validity rollup which enables any asset on Ethereum blockchain to be transferred into GOSH and vice versa. All ZK Proofs (Zero-knowledge proofs) are prepared on the user side by a Proposer. It then submitted to Independent Collator which receives user input and executes them on GOSH.

Anyone can submit a resulting L2 (GOSH Blokchain) state root to L1 (Etherium Blokchain). Randomly selected Verifiers run the state transition periodically and slash Collators in case of a fraud via decision by L1. Verifiers are slashed for false fraud alerts. If Collator is censoring users' transactions, it is possible to force the transaction via L1. Anyone can publish L2 state root but only Collator can propose L2 state change.

Constraints:

  • L1 can\u2019t have the L2 entire state (L2 state is too large)
  • There must be a mechanism to move funds from L2 even if: L2 is not moving; L2 has banned specific accounts
  • EVM and TVM are different. TVM is a reference VM for the L2 chain. This means that even if L1 has a state it can\u2019t execute transactions to verify correctness. But it can execute ZKP which will prove the correctness of operations in the particular circuit
"},{"location":"ethereum-L2/#development-process","title":"Development process","text":""},{"location":"ethereum-L2/#stage-1-trustless-bridge-kinda","title":"Stage 1: Trustless Bridge, kinda","text":"

Info

At this stage we assume: L2 fully trusts L1, it knows Validators (Committee) PubKeys and can always validate the chain of L1 blocks. We do not validate the smart contract execution on L2. We protect against any malicious 3rd party except for L1 and L2 Validators.

As an example we will talk about ETH moving from Ethereum mainnet into WETH Asset on GOSH L2 Blockchain and back. In general any asset on Ethereum can be supported with necessary adjustments made to ELOCK smart contract Deposit/Withdrawal functions.

Since GOSH uses ed25519 we use a double signature envelope scheme to prove signatures on GOSH to ELOCK Smart Contract on Ethereum (we could use ZKP to prove the ed25519 or a precompile proposed EIP665 whenever either of those solutions will be production ready).

The scheme for transferring assets from the Etherium to GOSH

The scheme for transferring assets from the GOSH to Etherium

Info

What we don\u2019t cover at this Stage?

  • L2 contract execution is not validated (no validity or fraud proofs)
  • Funds retrieval function in case of L2 censored / stopped
  • L1 Funds retrieval is complicated and expansive
"},{"location":"ethereum-L2/#stage-2-optimistic-roll-up-kinda","title":"Stage 2: Optimistic roll-up, kinda","text":"

Info

At this stage we add fraud and execution proofs for TIP-3 \u0441ontracts.

The Proposer constructs the TIP-3 execution proof and sends it together with block proofs. If the execution is correctly proved the funds can be withdrawn immediately. If the Proposer does not wish to pay the gas fees for ZKP execution it can supply the withdrawal request without any proof but with a bond. In which case the withholding period will be activated (hence optimistic rollup). Another Proposer can verify the correctness of execution of the TIP-3 in the proposed batch and if found incorrect execution can supply the fraud proof (consisting of proof of the correct execution of the corrupted TIP-3 transaction and proof of block tree hashes which will be incompatible with hashes provided by the first Proposer) and collect the Proposer Bond.

At this stage we have added a mechanism of Fraud proof of L2 validators making the network effectively on par with security assumptions of other \u043eptimistic rollups, but also providing a mechanism for immediate Validation of token contract execution on L2 network. We do not prove the whole network, but do we really need to? What difference does it make if the rest of state transition is corrupted if the contracts holding L1 balances are correct?

Info

What we don\u2019t cover at this Stage?

  • Funds retrieval function in case of L2 censored / stopped
  • L1 funds retrieval is complicated and expansive in case of immediate withdrawal
"},{"location":"ethereum-L2/#stage-3-validium-zkp-roll-up","title":"Stage 3: Validium ZKP roll-up","text":"

At this stage we are adding external Verifiers and putting a bond of L2 Collators on Ethereum mainnet. Verifiers will be able to supply fraud proofs as well as data availability proofs.

The Verifiers have the ability to slash the L2 Collators in case of misbehavior by supplying ZKPs proving the wrong block production, or by successfully challenging data availability proofs making it effectively an Ethereum Sharding design, since GOSH is multithreaded, multisharded blockchain.

Let\u2019s remember that Zero Knowledge Proofs are probabilistic. The Verifier check protocol is probabilistic as well. The ZKP does not prove that every operation on the L2 blockchain is correct because that would not only be costly but not necessarily increase the probability of the correctness in respect to Verifiers check.

Let's say we have S threads and N validators, out of which M are malicious. For each thread, we choose L validators that will sign the block. If a group of validators gathers at least C malicious ones, the attack is considered successful. Let's calculate the probability of an attack on a single thread.

The total number of ways to choose validators for a thread is \\(C _{L} ^{N}\\)

Let i be the number of malicious validators gathered in a thread. To find the number of ways to choose at least C malicious validators, we need to multiply the number of ways to choose malicious validators by the number of ways to choose regular validators.

That is \\(C _{M} ^{i} * C _{N-M} ^{L-i}\\)

Since we need to gather at least C malicious validators, the total number of ways will be the sum

of i from C to L :

\\[\\displaystyle\\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}\\]

The final probability of an attack on a single thread, without considering verifiers, is

\\[P = \\frac{\\displaystyle\\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{L} ^{N}}\\]

Let \\(T = \\frac{N}{R}\\) where R is some number. A validator becomes a verifier if the remainder of some hash when divided by \\({T}\\) equals zero.

In each round, the probability for a particular validator to become a verifier is \\(\\frac{1}{T}\\). For the attack to be successful, none of the honest validators should become a verifier.

The probability of this is \\((1 - \\frac{1}{T}) ^{N-M}\\)

Thus, the final probability of the attack is

\\[P = \\frac{\\displaystyle\\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{L} ^{N}} * (1 - \\frac{1}{T}) ^{N-M}\\]

Which is less of an a probability of successful attack on Bitcoin blockchain:

Important

At this stage there is no need to trust L2 Collators with anything. L1 is able to verify all L2 state transitions and L2 can verify L1 contract state transitions. Funds are easily withdrawn from either blockchain. To break the system both L1 and L2 need to be corrupted or stopped simultaneously.

"},{"location":"ethereum-L2/#proof-summary","title":"Proof Summary","text":"What do we Prove How do we Prove it L1 Blocks are correct BLS Signatures check L2 Blocks are correct Validator signatures + Verifiers Fraud Proofs L1 transaction are within the correct blocks Merkle tree proof from Transaction hash to L1 block hash L2 transaction are within the correct blocks Merkle tree proof from Transaction hash to L2 block hash All L1 transactions are provided to L2 from block A to block B Txn count in block a and Txn count in block B are known we can verify that total transaction count transferred to GLOCK is correct and since we have hashes it's impossible to cheat Transaction counts and Balances are correct for L1 Block transmitted to L2 Merkle tree of account states for a particular L1 block All L2 Withdrawal Transactions are transferred to L1 from Block A to Block B Txn count in block a and Txn count in block B are known we can verify that total transaction count transferred to ELOCK is correct and since we have hashes it's impossible to cheat TIP-3 Deposit/Transfer/Withdrawal Transaction Execution is correct ZKP for TIP-3 Circuit Validator set change from last KeyBlock is correct ZKP for Elector contract Circuit Validators Fraud Proofs Fraud detection mechanism by Verifiers"},{"location":"ethereum-L2/#contracts","title":"Contracts","text":"
  • ELOCK
  • GLOCK
  • tip3root
  • tip3wallet
"},{"location":"ethereum-L2/#usage","title":"Usage","text":"

Any DAO on GOSH can become Ethereum Layer 2 with a click of a button. DAO members can choose to have their token available in Ethereum, effectively making any project its own L2. And because GOSH L2 supports ERC-20 Tokenization, we offer easy ecosystem integration for any project.

.................

"},{"location":"ethereum-L2/#definitions","title":"Definitions","text":"

Proposer is an off-chain program that any user can run on their own machine. It packages all necessary data to prove to GOSH chain that a particular transaction (let\u2019s call them \u201cL2 transactions\u201d) on Ethereum Network took place and vise versa \u2014 to prove to Ethereum ELOCK smart contract (i.e. Ethereum validators) that an L2 transaction took place on the GOSH Blockchain.

Proposer will always accumulate all transactions that are currently not applied to generate the proof, thus ensuring that all transactions of the opposite network are applied. If that is not the case the State Validation function will fail.

ELOCK \u2014 is a GOSH L2 smart contract on Ethereum Blockchain. It receives deposits from users, manage withdrawals and locks user funds. ELOCK is also counting its total balance, total transaction count and stores root Merkle proofs, withdrawal smart contract code hash, etc. for L2 synchronization.

TIP-3 \u2014 is a distributed token smart contract standard on GOSH blockchain. It is formally verified scalable token design for sharded architecture optimized for parallelization.

GLOCK \u2014 is a special TIP-3 Token Root Contract on GOSH Blockchain. Aside from managing TIP-3 distributed token it also manages the deposits and withdrawals of ELOCK assets. It receives external message from Proposers, with Ethereum blockchain proofs signed by Ethereum committee, checks total transaction count consistency, checks Proposer message Merkle proofs, deploy or add to TIP-3 balances to corresponding User addresses.

WITHDRAWAL \u2014 is a smart contract on GOSH that manages user withdrawals. It receives TIP-3 transactions, verifies them and adds transactions to the counter index.

WETH TIP-3 Wallet \u2014 is a custom TIP-3 contract that runs in GOSH Masterchain and in addition to standard functions has Lock/Unlock method. Lock is called when WETH needs to be transferred to Ethereum Blockchain. Lock is proved to ELOCK contract in order to allow for ETH native token withdrawals.

VAULT \u2014 is GOSH Shardchain smart contract that Wraps WETH TIP-3 tokens into tradable assets on GOSH Network

TVM \u2014 is a Custom Virtual Machine GOSH Blockchain uses. For the GOSH L2 release we have added special TVM Opcodes for Ethereum signatures and Hash function, thus TVM smart contract can run Signature Verifications and Calculate Hash functions from Ethereum Data.

"},{"location":"links/","title":"Links","text":"

GOSH website

GOSH Web App

GOSH Blockchain Explorer

GOSH repository

"},{"location":"on-chain-architecture/gosh-smart-contracts/","title":"GOSH smart contracts","text":"

GOSH is open-source and freely available on GitHub and, obviously, on GOSH.

GOSH consists of the following contracts (latest version):

  • VersionController - a contract version manager used when upgrading GOSH smart contracts
  • SystemContract - main contract for hosting any specific version of GOSH smart contracts
  • Profile - a contract for a user's profile on GOSH
  • ProfileIndex - a contract for each user's public key
  • ProfileDao - a contract of a DAO's profile on GOSH
  • GOSHWallet - user wallet for all user interactions with GOSH
  • GoshDao - a contract storing organizations' objects
  • Repository - a contract storing repositorys' objects
  • Commit - a contract storing commits' objects
  • Tree - a contract storing trees' objects
  • Diff - a contract storing diffs' objects
  • Snapshot - a contract storing snapshots' objects
  • Tag - a contract storing gits' tag object
  • DaoTag - a contract responsible for tags in a DAO
  • RepoTagGosh - a contract responsible for tags in a repository
  • Task - a contract storing a task object
  • Topic - a contract storing the description of an object
"},{"location":"on-chain-architecture/gosh-wallet/","title":"GOSH Wallet","text":"

The GOSH blockchain is a system of interconnected smart contracts. Every repository, every file and commit are smart contracts, where data is written to the blockchain.

Writing data to the blockchain requires cryptographic signatures and fees.

For this reason every GOSH user needs to have a wallet and a pair of cryptographic keys.

Every operation on GOSH is carried out by user wallets.

Info

GOSH wallets are written with the express purpose of facilitating open-source development.

Fees on GOSH are not paid to Validators but are instead transferred to the Free Software Giver \u2014 Which funds the GOSH Free Service Area \u2014 these fees are used to replenish the Special User Wallet contracts to automatically pay for gas fees of other contracts in the Free Service Area.

These contracts can only transfer tokens between other contracts within the Area and are not transferable outside, meaning they are pure Utility Tokens. These tokens are SHELL coins, here used as a Unit of Account for Payment Gateways.

So in effect this means any developer can use the GOSH blockchain for free, without paying any gas, and sell their services using Fiat Payment Gateways without a need to KYC/AML. This payment Gateway is built into GOSH.

There are two types of wallets GOSH users can deploy:

  • A DAO Member Wallet, which is deployed to a GOSH user after they become a member of a DAO. This wallet stores both voting and non-voting tokens

  • A Limited Wallet (for non-DAO members), which is deployed to a GOSH user when they view any DAO or if non-voting tokens of any DAO were transferred to them.

    A user with a Limited Wallet in the DAO can:

    • create a proposal to add yourself to the DAO (if it is allowed in the dao);

    • can be assigned as a reviewer to the Task;

    • can create a proposal on PR (coming soon).

Info

For a DAO member, not one wallet is deployed, but a whole system of 64 wallet contracts. This allows for parallelization when sending external messages.

Refer to GOSH Web or Docker Extension sections to find out how to create your account and get started with GOSH.

"},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/","title":"Organizations: GOSH DAO and SMV","text":""},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/#dao","title":"DAO","text":"

Every repository on GOSH is managed as a Decentralized Autonomous Organization - DAO \u2013 a tool that allows every developer to build on GOSH in a way that is decentralized, secure, and scalable.

Every organization has, as a minimum, one member who creates and manages repositories. However, once more than one user is added to a DAO, it is then governed through decentralized management mechanisms.

Your can configure your DAO easily. The main of these mechanisms is voting. Any action in a DAO requires a vote and is created through proposals. For example, a user may propose to commit of file into a repository, and a soft-majority vote (SMV) of all other DAO members may be required to approve it. Branches could be locked to require any changes to them to be voted on by DAO SMV.

"},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/#soft-majority-voting","title":"Soft Majority Voting","text":"

Soft Majority Voting, or SMV for short, is a voting mechanism designed for transparency and optional participation.

The outcome of a Soft Majority Vote is decided by the difference between the number of votes for, and the number of votes against a proposal. If nobody objects, a minimum threshold of approving votes is required for the proposal to pass.

If everyone votes either for or against a proposal, 50% + 1 vote is required for the proposal to pass.

If the only votes given are for the proposal, and no one votes against, 10% approving votes are enough for the proposal to pass immediately.

Everything in between these two extremes is a linear dependency between the percentage of votes against and the percentage of votes for, that is required for the proposal to pass.

For important decisions a more strict super majority approval criteria may be set up.

All SMV proposals have a set deadline. When it is reached, accumulated votes are counted, the decision is made, and the proposal pass.

If, however, a majority of 50% + 1 vote is reached early, the proposal passes immediately.

"},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/#smv-in-gosh","title":"SMV in GOSH","text":"

In GOSH one vote is one token.

"},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/#tokens-and-karma","title":"Tokens and Karma","text":"

The total supply of tokens is set when a DAO is created.

A DAO's first user automatically gets 20 DAO tokens and 20 Karma.

Karma is the amount of tokens (upper limit) within which a DAO member can vote.

Karma is either granted by a DAO decision upon member acceptance or earned through repository contribution. This determines the reputation of a DAO member. The Karma can be changed only by voting.

See here for more information.

"},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/#voting","title":"Voting","text":"

If several members jointly vote for a proposal with 50% + 1 token of the Global Karma Count of a DAO then the proposal passes early.

Global Karma Count is the total amount of Karma calculated by summing up the Karma of all DAO members at the time of the proposal creation.

If no one objects to a proposal for the duration of its voting period, 10% of the Global Karma Count is enough, but the proposal will only pass at the end of the voting period.

If votes are split, and neither side achieves 50% + 1 token early, the proposal completes at the end of the voting period and the result is calculated according to the SMV diagram above.

"},{"location":"working-with-gosh/anytree-firewall-for-telepresence/","title":"AnyTree Firewall for Telepresence","text":""},{"location":"working-with-gosh/anytree-firewall-for-telepresence/#overview","title":"Overview","text":"

The GOSH AnyTree Firewall integration with Telepresence is designed to make sure everything developed with Telepresence for Docker will be identically reproduced with every build, regardless of other changes made in the development process. The integration tool provides an additional security measure, so developers can build software faster and with confidence.

Part of the GOSH AnyTree Firewall is the \u2018Deep SBOM\u2019 - a tool describing not only what, but also how something was built, and uses GOSH Anytree Builder to safely build reproducible containers in an isolated environment.

GOSH AnyTree Firewall is currently in Beta testing stages on Linux only, but will be available on other platforms and Docker Desktop in the near future.

"},{"location":"working-with-gosh/anytree-firewall-for-telepresence/#quick-start","title":"Quick start","text":""},{"location":"working-with-gosh/anytree-firewall-for-telepresence/#for-linux","title":"for Linux","text":"

  1. Install Git Remote Helper using the installation script

    wget -O - \\\nhttps://raw.githubusercontent.com/gosh-sh/gosh/dev/install.sh \\\n| bash -s\n

    Checking the installation results.

  2. Install GOSH AnyTree using the installation script

    wget -O - \\\nhttps://raw.githubusercontent.com/gosh-sh/gosh-build-tools/dev/install.sh \\\n| bash -s\n

    You can check installation by running:

    gosh anytree --help\n

  3. Install Kubernetes with Telepresence the Traffic Manager

    Warning

    We need to return docker's context to default.

    docker context use default\n

    To see all available docker's contexts type:

    docker context list\n

  4. Start Telepresence with AnyTree Firewall

    telepresence intercept [OPTIONS] --docker-build \\\ngosh://0:0d5...e92c/<your_dao>/<your_repo>#<commit_or_branch_or_tag> \\\n<k8s_pod_name>\n
"},{"location":"working-with-gosh/anytree/","title":"AnyTree","text":""},{"location":"working-with-gosh/anytree/#overview","title":"Overview","text":"

GOSH introduces AnyTree \u2014 a software deployment system built to guarantee the security of your software supply chain

With AnyTree, any mutations of your code, down to every dependency, as well as operations, including builds and every artifact, are logged, timestamped, signed, and verified when used on GOSH

Deep SBOM extends the SBOM surface to include all build environments. It is impossible to inject malicious commits backwards on GOSH and miss dependency tampering during the CI/CD process when using Deep SBOM. Integrating GOSH Builder with AnyTree proves builds on a developer machine and a server (or a cloud) are identical

AnyTree utilizes standard Docker Containers secured by GOSH AnyTree Builder and is currently available as Beta on Linux and is coming soon to Windows and macOS.

As the result of his work will be the creation of a binary file of project. It is describing not only what, but also how something was built.

Info

The current version of AnyTree only supports Linux.

"},{"location":"working-with-gosh/anytree/#installation-anytree","title":"Installation AnyTree","text":"

Before installing AnyTree, you must already have the Git Remote Helper installed.

If you have Linux you can use these installation methods:

"},{"location":"working-with-gosh/anytree/#install-anytree-using-the-installation-script","title":"Install AnyTree using the installation script","text":"
wget -O - https://raw.githubusercontent.com/gosh-sh/anytree/dev/install.sh | bash -s\n
"},{"location":"working-with-gosh/anytree/#install-anytree-from-source","title":"Install AnyTree from source","text":"

  1. Prerequisites:

    • Rust v1.66+
    • Protobuf Compiler
    • git
    • make

  2. Clone AnyTree repository

  3. Run make install to build GOSH anytree tool

"},{"location":"working-with-gosh/anytree/#setup-a-gosh-project","title":"Setup a GOSH project","text":"

You need a GOSH repository. If you haven't used a GOSH-repository you can upload your github-repository to GOSH through onboarding or create a GOSH-account and create a new one.

Go to your GOSH-repository you project

and run:

gosh init\n
"},{"location":"working-with-gosh/anytree/#generation-sbom-file","title":"Generation SBOM file","text":"

AnyTree builds the artifacts uses SBOM file that allows developers to see what they built and why and reproduce the same result.

To create artifacts, you will need an SBOM file created according to the Cyclone DX specification

Info

The example file can be viewed here: https://github.com/gosh-sh/anytree/blob/dev/tools/python/sbom.json

If you have a Rust project, you can generate an SBOM file using the script generate-sbom.py (scripts for other programming languages will coming soon)

Note

either copy script to your cargo project and run python3 generate-sbom.py or check and configure variables in script

Prerequisites:

  • Docker
  • Python3 with pip (required to generate a SBOM-file)

To generate a SBOM file for a Rust project, you can use the script generate-sbom.py

Info

If necessary, install the dependencies for the script to work. Run in the folder where the script is located:

pip3 install -r requirements.txt\n

Possible options are described in the help:

python3 generate-sbom.py --help\n
usage: generate-sbom.py [-h] [--cargo-lock CARGO_LOCK_PATH] [--cargo-toml CARGO_TOML_PATH] [--initial-sbom INITIAL_SBOM_PATH]\n                        [--sbom-output SBOM_OUTPUT_PATH] [--project-src PROJECT_SRC_PATH] [--project-commit PROJECT_COMMIT]\n                        [--project-url PROJECT_URL]\n\nGenerate software bill of materials (SBOM) for Rust project\n\noptions:\n-h, --help            show this help message and exit\n--cargo-lock CARGO_LOCK_PATH\n                        Path to Cargo.lock file. Default - ./Cargo.lock\n--cargo-toml CARGO_TOML_PATH\n                        Path to Cargo.toml file. Default - ./Cargo.toml\n--initial-sbom INITIAL_SBOM_PATH\n                        Optional. Path to initial SBOM JSON file if need to append existing SBOM. Default - initial-sbom.json. Will ignore\n                        if file doesn't exist.\n--sbom-output SBOM_OUTPUT_PATH\n                        Path to output SBOM JSON file. Default - sbom.json\n--project-src PROJECT_SRC_PATH\n                        Path to the Rust project source if not in root git directory. Not relates to local file system path. Relates to\n                        path inside repo structure. For example we can use v5_x/v5.1.0/git-remote-gosh which means https://github.com/gosh-\n                        sh/gosh/v5_x/v5.1.0/git-remote-gosh\n--project-commit PROJECT_COMMIT\n                        Commit of the project. Default - commit parsed with 'git rev-parse HEAD' command in dir where Cargo.lock is\n                        located.\n--project-url PROJECT_URL\n                        URL of the project's repository. Default - project URL parsed with 'git config --get remote.origin.url' command in\n                        dir where Cargo.lock is located.\n

For_example

Run the generation of the SBOM-file for the rust project Git Remote Helper latest version:

python3 ~/gs/generate-sbom.py --cargo-lock ~/gosh/v5_x/v5.1.0/git-remote-gosh/Cargo.lock --cargo-toml ~/gosh/v5_x/v5.1.0/git-remote-gosh/Cargo.toml --sbom-output ~/gosh/v5_x/v5.1.0/git-remote-gosh/sbom.json --project-src v5_x/v5.1.0/git-remote-gosh\n

The script downloads all dependencies specified in cargo.lock, counts all hashes and the generated sbom.json will be placed in the root folder of the project.

After running the script you should get the following output at the end:

Updated SBOM written to /home/user/gosh/v5_x/v5.1.0/git-remote-gosh/sbom.json\n

And generated sbom.json file in the following format https://github.com/gosh-sh/anytree/blob/dev/tools/python/sbom.json

"},{"location":"working-with-gosh/anytree/#working-with-anytree","title":"Working with AnyTree","text":"

run:

anytree build sbom.json\n

As a result, a binary file of project will be created and you should get similar output at the end:

Successfully copied 15.8MB to /home/user/.cache/anytree/builder/anytree-builder-5aba4439-2642-4b7f-bc3c-affd8c9839fd/target\n

And your artifacts will be accessible in this folder

If the hash that was calculated when creating the SBOM file differs from the hash that AnyTree checks, an error like this will be output:

Info

For more information about the options, see the Help section:

anytree --help\n

Info

The developer can put the generated specification in his repository for further verification.

"},{"location":"working-with-gosh/anytree/#options","title":"Options","text":""},{"location":"working-with-gosh/anytree/#build","title":"build","text":"

Print help

-h, --help\n

Print version

-V, --version\n
"},{"location":"working-with-gosh/anytree/#known-issues","title":"Known issues","text":"

We would like to bring to your attention a memory limitation concern that has been identified when working with large repositories. Under certain circumstances, you might encounter memory depletion issues which could potentially affect your work efficiency and system performance. We deeply apologize for any inconvenience this may cause.

Rest assured, we are committed to promptly resolving this issue. Our dedicated team of developers has already initiated efforts to address this, with an anticipated resolution targeted within the next two weeks. We appreciate your patience and understanding as we continue to enhance and streamline our services.

"},{"location":"working-with-gosh/anytree/#contact-us","title":"Contact us","text":"

If you have any questions or issues using GOSH AnyTree, please email us at help@gosh.sh

"},{"location":"working-with-gosh/build-and-sign-images/","title":"Build and Sign Images","text":"

With the Help of a custom Buildkit, you can build your Docker images directly from GOSH, and sign them so they can be verified by the GOSH docker extension.

Instead of a dockerfile, this Buildkit uses a special goshfile to ensure code is taken from GOSH.

"},{"location":"working-with-gosh/build-and-sign-images/#how-to-build-from-gosh","title":"How to build from GOSH","text":""},{"location":"working-with-gosh/build-and-sign-images/#1-setup-environment-variables-with-your-wallet","title":"1. Setup environment variables with your wallet","text":"
export WALLET=...\nexport WALLET_PUBLIC=...\nexport WALLET_SECRET=...\n

You received these when creating your account in GOSH Web or Docker Extension.

"},{"location":"working-with-gosh/build-and-sign-images/#2-create-goshfileyaml-this-specification-is-a-work-in-progress-and-subject-to-change","title":"2. Create goshfile.yaml (this specification is a work in progress and subject to change)","text":"
# syntax=teamgosh/goshfile\n\napiVersion: 1\nimage: bash:latest\nsteps:\n  - name: print date\n    run:\n      command: [\"/usr/local/bin/bash\"]\n      args:\n        - -c\n        - >-\n          (date +'%s %H:%M:%S %Z'; echo \"Hi there\") | tee /message.txt\n
"},{"location":"working-with-gosh/build-and-sign-images/#3-now-to-build-an-image","title":"3. Now to build an image","text":"
TARGET_IMAGE=\"my-target-super-image\"\n\ndocker buildx build \\\n    --push \\\n    --label WALLET_PUBLIC=\"$WALLET_PUBLIC\" \\\n    -f goshfile.yaml \\\n    -t \"$TARGET_IMAGE\" \\\n    .\n\n## OR more complicated way via buildctl directly\n# # run buildkitd containered\n# docker run -d --name buildkitd --privileged moby/buildkit:latest\n# # build image\n# buildctl --addr=docker-container://buildkitd build \\\n#         --frontend gateway.v0 \\\n#         --local dockerfile=. \\\n#         --local context=. \\\n#         --opt source=teamgosh/goshfile \\\n#         --opt filename=goshfile.yaml \\\n#         --opt wallet_public=\"$WALLET_PUBLIC\" \\\n#         --output type=image,name=\"$TARGET_IMAGE\",push=true\n

Here we parameterize the image build process with our wallet credentials.

"},{"location":"working-with-gosh/build-and-sign-images/#4-sign-the-image-wip-will-be-part-of-build-image-process","title":"4. Sign the image (WIP: will be part of build image process)","text":"
docker pull $TARGET_IMAGE # buildkit push image directly to the registry and it doesn't persist locally\n\n# my-target-super-image's sha256\nTARGET_IMAGE_SHA=`docker inspect --format='{{index (split (index .RepoDigests 0) \"@\") 1}}' $TARGET_IMAGE`\n\ndocker run --rm teamgosh/sign-cli sign \\\n    -n <blockchain_network e.g. https://gra01.net.everos.dev> \\\n    -g $WALLET \\\n    -s $WALLET_SECRET \\\n    $WALLET_SECRET \\  # signer secret can be different\n    $TARGET_IMAGE_SHA\n

Now you have signed the image.

"},{"location":"working-with-gosh/build-and-sign-images/#you-can-check-the-image-signature-with-your-public-key","title":"You can check the image signature with your public key","text":"
TARGET_IMAGE=\"my-target-super-image\"\n# or IMAGE_NAME=\"my_repo:5000/library/my-target-super-image:latest@sha256:...\"\n\nWALLET_PUBLIC=$(docker inspect --format='{{.Config.Labels.WALLET_PUBLIC}}' $TARGET_IMAGE)\n\nTARGET_IMAGE_SHA=$(docker inspect --format='{{index (split (index .RepoDigests 0) \"@\") 1}}' $TARGET_IMAGE)\n\ndocker run --rm teamgosh/sign-cli check \\\n    -n <blockchain_network e.g. https://gra01.net.everos.dev> \\\n    $WALLET_PUBLIC \\\n    $TARGET_IMAGE_SHA\n

NOTE: Anyone who has the image can validate it. The image has label WALLET_PUBLIC and image's sha256 also publicly available.

Additionally, signer tool can deploy a proof contract to GOSH blockchain that will be publicly available to all wanting to verify the image they pull from dockerhub.

"},{"location":"working-with-gosh/build-and-sign-images/#examples","title":"Examples","text":"

Publisher example

"},{"location":"working-with-gosh/docker-extension/","title":"Docker Extension","text":"

GOSH Docker Extension implements GOSH repository management and image verification as the newest feature of Docker - a Docker Extension.

You will be able to create your GOSH account and Decentralized Autonomous Organization (DAO), set up and manage repositories through a graphical interface directly in Docker Desktop. Repositories stored in GOSH can then be interacted with like any regular remote repository, with a few small configurations to git, making decentralized code management easily available to anyone.

Images built directly from code stored in GOSH can be verified as GOSH-sourced in the Docker Extension, ensuring security of the software supply chain. You will always know what code specifically is running in your containers, and that none of it was tampered with during build.

"},{"location":"working-with-gosh/docker-extension/#installation","title":"Installation","text":"

Get the latest Docker Desktop (4.8.0 or later), which supports extensions.

Launch the Desktop, go to the Extensions section, and click Add Extensions.

Select and install Gosh extension on the marketplace.

"},{"location":"working-with-gosh/docker-extension/#create-account","title":"Create account","text":"

Open the Gosh verified images extension in Docker Desktop. If you have a Gosh account, then enter your own one seed phrase, if not, you can create it by clicking on the link app.gosh.sh.

To get started with GOSH, you need an active Github-account.

Click Create account with Github.

After click Authorize gosh-sh

In the list of organizations received from Github, click on the organization

and select repositories for upload into Gosh

Do this for each organization for which you want to upload repositories to Gosh.

Danger

After registering on GOSH you will not be able to return to this step in this release.

This will be available later

Info

If you want other GOSH users to be able to find you by your email, give permission.

Then click Upload

\u200bIf you are familiar with blockchain, you know what to do with a seed phrase.

If you're new to blockchain, all you need to know, is that this is the key to your account and all your assets on GOSH. Your public key, which can identify you on the blockchain and the secret key you'll use to sign your actions can always be calculated from your seed phrase.

To create the GOSH-account, the seed phrase will be generated for you.

Danger

Write your seed phrase down and store it somewhere safe, and never share it with anyone. Avoid storing it in plain text or screenshots, or any other non-secure way. If you lose it, you lose access to your assets. Anyone who gets it, gets full access to your assets.

Info

Your seed phrase will be used to log into GOSH.

Once you have written down your seed phrase, click Continue.

Then choose a short nickname or create a new one and click Create account.

Warning

The Usernames must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

Info

When the repositories are uploaded, a notification will be sent to your email.

Follow the link in the email.

To log into Gosh open the Gosh verified images extension in Docker Desktop and enter the saved seed phrase and click Sign in.

GOSH will ask you to set up a PIN code:

And unlock with PIN code.

Once done, you will be logged into GOSH.

Info

The GOSH DAO Bot will be a member of your organization. In the future, it will track changes in your repositories on Github and synchronize them with Gosh.

The Bot can be removed from the DAO members by voting. But then there will be no automatic synchronization of repositories in GOSH if they have been changed in Github.

"},{"location":"working-with-gosh/docker-extension/#create-organization","title":"Create Organization","text":"

The Organizations page will open after your account is created.

Click New organization button in the Organizations section.

\u200bInput Organization name and members.

Warning

The Organizations name must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

The first mandatory member is the creator, identified by their username.

The second member is the GOSH DAO Bot. It will synchronize repositories with github on Gosh.

Any other members can be added at creation - just enter the username of each member in new line.

At any later time the list of members can be expanded by voting.

Click Create organization.

\u200bOnce created, your organization will appear in the organization list. Click on it to continue.

"},{"location":"working-with-gosh/docker-extension/#create-repository","title":"\u200bCreate Repository","text":"

To create a repository in your organization click Create in the Repositories section.

Enter repository name and click Create repository.

Warning

The repository name must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

"},{"location":"working-with-gosh/docker-extension/#create-branch","title":"Create Branch","text":"

Repository is created with default main branch. To create another branch, click on the branches counter.

Select the branch to be forked, enter new branch name, and click\u200b Create branch.

Warning

The branch name must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

Once the branch is created, it will appear in the branches list.

Switch to it via drop down list.

"},{"location":"working-with-gosh/docker-extension/#create-file","title":"Create File","text":"

To create file, click Add file button.

Enter file contents and name. MD syntax is supported for preview.

Once done, scroll down to Commit data, enter commit info and click Commit changes button.

Commit status will be displayed below.

If the branch you are working in requires no vote to commit to, the changes will be commited immediately/ Otherwise a DAO vote will be initiated.

"},{"location":"working-with-gosh/docker-extension/#create-pull-request","title":"Create Pull Request","text":"

Click on the Pull requests tab and set up the pull request: what branch to merge from and to.

View the diff, scroll down to Commit data, enter details and click Commit changes.

Info

When merging into the main branch, and in some other cases (depending on DAO setup), a DAO proposal will be initiated by trying to commit.

Organization Tokens have to be sent to the DAO Soft Majority Vote contract to start a proposal for DAO members to vote on.

"},{"location":"working-with-gosh/docker-extension/#voting-in-smv-soft-majority-vote","title":"Voting in SMV (Soft Majority Vote)","text":"

Actions that require a DAO vote, such as merging into main, are performed by creating a proposal.

To create a proposal, or to vote for a proposal someone else created, some of your tokens need to be allocated to SMV (once the proposal is completed), you can get them back.

For example, to merge into main, create a pull request from some other branch. A proposal will be generated and will appear on the Events page.

Open the proposal and review the contents.

The voting period is indicated on the proposal page. This is the time allotted for voting. Unless a decisive majority of >50% is achieved early, votes will be counted at the end of this period.

Voting statistics are located under the status Running. The green and red counters indicate how many tokens have been used at the moment to vote for and against the proposal.

The green indicator in the top right corner means that the SMV smart contracts are not currently processing any new votes. It turns red when the SMV contracts are busy.

Once you have made a decision, input the amount of tokens, select Approve or Reject and click Vote for proposal. Vote registration can take a bit of time.

Info

As per the rules of Soft Majority Voting, to have a proposal approved early, you need at least 50% of the total supply of tokens in the repository + 1 token used to vote for the proposal.

For example, in a repository with two members, where the total supply of tokens is 200, 101 token needs to be used to instantly approve a proposal. Thus with every member holding 100 tokens a proposal can never be instantly completed without the participation of members other than the proposal's author.

On the other hand, so as not to depend on all members of an organization to vote, soft majority vote will complete with an approval at the end of the voting period, if 10% of the total token supply were used to vote for, and no one voted against.

The more tokens are sent against the proposal, the higher the approving amount needs to be (up to 50% of the total supply + 1 token) for the proposal to pass.

Other members of the Organization, who have transferred their tokens to SMV, will be able to vote for the proposal on this page in their own accounts.

Info

Currently, even in organizations with a single member, voting still takes place when a proposal is created. 51 tokens are needed to approve a proposal in such a repository.

Once a majority has been reached early, or the voting period ended and the soft majority vote result was decided, the proposal completes and the proposed action is performed.

"},{"location":"working-with-gosh/docker-extension/#view-public-key","title":"View Public Key","text":"

A user needs to know their public key, for example, when joining an organization.

To view your public key go to the main page of your account and click Settings.

Danger

Avoid storing your private key and seed phrase in plain text or screenshots, or any other non-secure way. If you lose it, you lose access to your assets. Anyone who gets it, gets full access to your assets.

"},{"location":"working-with-gosh/docker-extension/#add-members-to-organization","title":"Add Members to Organization","text":"

Go to Organization Settings to the Members tab to manage your organization.

To add member enter the username of each candidate from a new line and click Add members button.

"},{"location":"working-with-gosh/docker-extension/#whats-next","title":"What's next?","text":"

Set up Git Remote Helper and continue working with your repository.

You'll need your wallet credentials. Go to the main page of your account and click Settings. Scroll down and copy them.

To view the command to clone your repo, click the Clone button on your repo page.

"},{"location":"working-with-gosh/docker-extension/#update-docker-extension","title":"Update Docker Extension","text":"

When you need to update the Gosh verified images extension in Docker Desktop, you will see an orange indicator.

To update the extension, go to the menu and select Manage

\u0412 \u043e\u0442\u043a\u0440\u044b\u0432\u0448\u0435\u0439\u0441\u044f \u0432\u043a\u043b\u0430\u0434\u043a\u0435 \u043d\u0430\u0436\u043c\u0438\u0442\u0435 Update

After downloading the update, click Open

"},{"location":"working-with-gosh/git-remote-helper/","title":"Git Remote Helper","text":"

Git Remote Helper (this is a standard mechanism for working with non-standard code storages) is a git-client helper to interact with remote repositories hosted on the GOSH blockchain.

"},{"location":"working-with-gosh/git-remote-helper/#installation","title":"Installation","text":""},{"location":"working-with-gosh/git-remote-helper/#install-helper-using-the-installation-script","title":"Install helper using the installation script","text":"

If you have macOS or Linux, you can use this installation method.

wget -O - \\\nhttps://raw.githubusercontent.com/gosh-sh/gosh/dev/install.sh \\\n| bash -s\n

Checking the installation results.

"},{"location":"working-with-gosh/git-remote-helper/#install-helper-using-the-installation-package","title":"Install helper using the installation package","text":"

If you have a Debian-based system, use the installation from the package:

wget https://github.com/gosh-sh/gosh/releases/download/4.1.20/git-remote-gosh-amd64.deb\n

then

sudo dpkg -i git-remote-gosh-amd64.deb\n

Checking the installation results.

If you have Windows, you can use the installation methods below.

"},{"location":"working-with-gosh/git-remote-helper/#install-helper-from-binary-releases","title":"Install helper from binary releases","text":"

  1. Follow the link and download the version of the Git Remote Helper for the required operating system (macOS, Linux, Windows).

  2. Extract files from tar-file

    (e.g. for Linux x64):

    tar xvf git-remote-gosh-linux-amd64.tar\n

  3. Move binary files to any searchable path

    (e.g. /usr/local/bin):

    mv git-remote-gosh /usr/local/bin\n
    mv git-remote-gosh_v?_0_0 /usr/local/bin\n

    and move dispatcher.ini to ~/.gosh/ folder:

    mkdir ~/.gosh || mv dispatcher.ini ~/.gosh/\n

Checking the installation results.

"},{"location":"working-with-gosh/git-remote-helper/#install-helper-from-source","title":"Install helper from source","text":"

  1. Prerequisites:

    • Rust v1.66+
    • Protobuf Compiler
    • git
    • make
    • gcc

    • openssl

      Note

      For Windows users:

      make sure that the appropriate Perl version is installed for your build environment.

  2. Clone gosh repository.

  3. Go to the gosh directory

      cd gosh\n

    Then build all the necessary components:

      cd v1_x/git-remote-gosh && make install\n
      cd v2_x/git-remote-gosh && make install\n
      cd v3_x/git-remote-gosh && make install\n
      cd v4_x/git-remote-gosh && make install\n
      cd gosh-dispatcher && make install\n

    Info

    After building all the components, the finished binary files will be located in the ~/.cargo/bin directory.

    You need to create a configuration file for the Git Remote Helper: ~/.gosh/dispatcher.ini

    with the following content:

      git-remote-gosh_v1_0_0\n
      git-remote-gosh_v2_0_0\n
      git-remote-gosh_v3_0_0\n
      git-remote-gosh_v4_0_0\n
"},{"location":"working-with-gosh/git-remote-helper/#verifying-the-installation-result","title":"Verifying the installation result","text":"

You can check the correctness of the configuration file by running the command:

git-remote-gosh dispatcher_ini\n

As a result, you will see the following:

Run the following command to make sure it's available:

which git-remote-gosh\n

If the Git Remote Helper is not available, then add path with git-remote-gosh

for availability via $PATH:

export PATH=~/.gosh:$PATH\n
"},{"location":"working-with-gosh/git-remote-helper/#setup-user-account","title":"Setup user account","text":"

When creating your account in GOSH Web or Docker extension you received a GOSH wallet address and keys.

To be able to push to Gosh repositories, you need to set up these credentials for Git Remote Helper.

The Git Remote Helper expects that the wallet credentials are in the file ~/.gosh/config.json or in the file specified in the environment variable GOSH_CONFIG_PATH,

for example:

{\n  \"primary-network\": \"mainnet\",\n  \"networks\": {\n    \"mainnet\": {\n      \"user-wallet\": {\n        \"profile\": \"USERNAME\",\n        \"pubkey\": \"655b120c996b4f69c686cb3b769fbdfa0141006ce6a88dc012bf323c30265924\",\n        \"secret\": \"6bdc38c0ecd6f74399f6b8ff2486f0e2abb32fca712caf3e4a47ef4a2634c4e8\"\n      },\n      \"endpoints\": [\n        \"https://bhs01.network.gosh.sh\",\n        \"https://eri01.network.gosh.sh\",\n        \"https://gra01.network.gosh.sh\"\n      ]\n    }\n  }\n}\n
"},{"location":"working-with-gosh/git-remote-helper/#use-gosh-as-remote","title":"Use GOSH as remote","text":"

For correct usage of the helper you should refer to remote in the following form:

gosh://SYSTEM_CONTRACT_ADDRESS/DAO_NAME/REPO_NAME\n
"},{"location":"working-with-gosh/git-remote-helper/#set-remote-for-existing-local-repository","title":"Set remote for existing local repository","text":"

\u0421opy the URL to configure the remote from the web interface, after creating a repository on GOSH.

Info

The address of the System Contract depends from the GOSH version of contracts.

for example setup for version 3:

git remote add origin gosh://0:8b1cbcd8b08a6c384e0db0d3513898d36203fced3e141a7f6b99cc580738fc22/my-DAO/my-repo\n
"},{"location":"working-with-gosh/git-remote-helper/#clone-repository","title":"Clone repository","text":"
git clone gosh://0:8b1cbcd8b08a6c384e0db0d3513898d36203fced3e141a7f6b99cc580738fc22/my-DAO/my-repo\n
"},{"location":"working-with-gosh/git-remote-helper/#ever-sdk-protocol","title":"Ever SDK protocol","text":"

By default, the SDK in Git Remote Helper uses the WebSocket protocol. If for some reason this does not suit you (for example, you are using Alpine Linux), then set the environment variable GOSH_PROTO to http

export GOSH_PROTO=http\n
"},{"location":"working-with-gosh/gosh-ai/","title":"GOSH.AI","text":""},{"location":"working-with-gosh/gosh-ai/#overview","title":"Overview","text":"

GOSH.AI will help you simplify the workflow of writing code.

Info

GOSH.AI only supports code for asynchronous Solidity at the moment

Now one person with technical knowledge can manage and deliver complex software in very little time.

GOSH.AI will create all project files in the repository on the blockchain and write code, tests and deploy scripts.

The generated code is immutable, has timestamps and is stored in a decentralized way.

"},{"location":"working-with-gosh/gosh-ai/#working-with-goshai","title":"Working with GOSH.AI","text":"

Start your acquaintance with GOSH.AI from this page

Click the button Try GOSH AI

If you already have a GOSH account, then go here:

If you are a new user, follow these instructions:

"},{"location":"working-with-gosh/gosh-ai/#start-for-new-users","title":"start for new users","text":"

If you haven't a GOSH account, then click Create account

To start with GOSH.AI we need a Spec.md file with a description of your project.

You can upload and edit later it by clicking on Attach Spec.md file

or create in the form that opens

Then a form for sending an prompt is activated on the right. Enter the name of the repository that will be created after processing the request.

You can also specify an email address (an email will be sent to it after the repository is downloaded)

After sending the prompt, the bot GOSH.AI will create the DAO for you, where your repository will be uploaded.

You can go to your GOSH.AI organization by clicking on it

Create a PIN code to log in to GOSH.AI

After uploading the repository, you can continue working with it

"},{"location":"working-with-gosh/gosh-ai/#start-for-gosh-users","title":"start for GOSH users","text":"

If you are a GOSH user, then click Log in with GOSH

and enter your seed phrase

To start with GOSH.AI we need a Spec.md file with a description of your project.

You can upload and edit later it by clicking on Attach Spec.md file

or create in the form that opens

Then a form for sending an prompt is activated on the right.

Select an organization or create new

and enter the name of the repository that will be created after processing the request.

Then click Develop code

After sending the prompt, the bot GOSH.AI will create the DAO for you, where your repository will be uploaded.

You can go to your GOSH.AI organization by clicking on it

Create a PIN code to log in to GOSH.AI

After uploading the repository, you can continue working with it

"},{"location":"working-with-gosh/gosh-ai/#working-with-the-result","title":"working with the result","text":"

After creating and processing the repository, you can enter into it and see what happened

You can view the received files, leave comments on the files.

After reviewing the files, send them to GOSH.AI for processing click by Finish review, request changes

after processing the comments, GOSH.AI creates a proposal with the modified files

You can view the event on the DAO tab:

Check out the results of GOSHA's work

If you are not satisfied with the result of the work, then you can comment on the diffs

in the section Your vote select Reject and write a comment on the vote

Warning

the voting comment must contain a certain number of characters.

then click Send vote

GOSH.AI will make changes to the code taking into account the comments.

Info

You can return to the repository, leave comments and create suggestions until you are satisfied with the result.

When the result of GOSH.AI work fully satisfies everyone, you can accept proposal

After accepting the proposal, you will receive a ready-made code.

"},{"location":"working-with-gosh/gosh-web/","title":"GOSH Web","text":"

GOSH Web is also a good way to get started with GOSH.

It implements GOSH repository management as a simple web interface.

You will be able to create your GOSH account and Decentralized Autonomous Organization (DAO), set up and manage repositories. Repositories stored in GOSH can then be interacted with like any regular remote repository, with a few small configurations to git, making decentralized code management easily available to anyone.

"},{"location":"working-with-gosh/gosh-web/#working-with-account","title":"Working with account","text":""},{"location":"working-with-gosh/gosh-web/#create-account","title":"Create account","text":"

To get started with GOSH, you need an active Github-account.

Click Create account with Github to start registering on GOSH

After click Authorize gosh-sh

Info

The special GOSH DAO Bot will help with registration in Gosh. It will deploy your DAO and upload your selected repositories to GOSH.

In the list of organizations received from Github, click on the organization

and select repositories for upload into Gosh.

Do this for each organization for which you want to upload repositories to Gosh.

Danger

After registering on GOSH you will not be able to return to this step in this release.

This will be available later

Info

If you want other GOSH users to be able to find you by your email, give permission.

Then click Upload

\u200bIf you are familiar with blockchain, you know what to do with a seed phrase.

If you're new to blockchain, all you need to know, is that this is the key to your account and all your assets on GOSH. Your public key, which can identify you on the blockchain and the secret key you'll use to sign your actions can always be calculated from your seed phrase.

To create the GOSH-account, the seed phrase will be generated for you. If you already have the GOSH-account, click Clear and enter your own one seed phrase.

Info

Your seed phrase will be used to log into GOSH.

Danger

Write your seed phrase down and store it somewhere safe, and never share it with anyone. Avoid storing it in plain text or screenshots, or any other non-secure way. If you lose it, you lose access to your assets. Anyone who gets it, gets full access to your assets.

Once you have written down your seed phrase, click Continue.

Then choose your username in GOSH. This is your unique cryptographic identifier in Gosh.

Danger

Please note that after creating your username it will be impossible to change it in the future.

if your username is already taken, please choose another one.

Warning

The username must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

And click Create account.

When entering the GOSH will ask you to set up a PIN code:

Info

Set a new PIN code for each new session.

And unlock with PIN code.

Warning

If the name of the organization or repository already exists, you will receive the message. Change the name, click save changes and confirm the action with a pin code.

The Organizations page will open after your account is created.

Info

When the repositories are uploaded, a notification will be sent to your email.

Follow the link in the letter.

Enter the saved seed phrase and click Sign in.

Also set up a PIN code and unlock with PIN code.

"},{"location":"working-with-gosh/gosh-web/#view-public-key","title":"View Public Key","text":"

A user needs to know their public key, for example, when joining an organization.

To view your public key go to the main page of your account and click Settings.

Danger

Avoid storing your private key and seed phrase in plain text or screenshots, or any other non-secure way. If you lose it, you lose access to your assets. Anyone who gets it, gets full access to your assets.

"},{"location":"working-with-gosh/gosh-web/#working-with-dao","title":"Working with DAO","text":"

\u200bOnce created, your organization will appear in the organization list. Click on it to continue.

The first mandatory member is the GOSH DAO Bot. It will synchronize repositories with github on Gosh.

The second member is the creator, identified by their username.

At any later time the list of members can be expanded by voting.

"},{"location":"working-with-gosh/gosh-web/#create-organization-dao","title":"Create Organization (DAO)","text":"

Click \u0421reate new DAO button in the Organizations section.

On the DAO settings page that opens, input:

  • Organization name

    Warning

    The Organizations name must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

  • Organization picture

    The icon will be generated automatically.

  • Theme tags

    You can add up to 3 tags separated by spaces. According to them, GOSH users will be able to find your DAO.

  • Description

    A short description that can be seen on the DAO tab under the heading.

    The extended description can be added to the Readme file into _index system repository from the Overview page after creating the DAO.

  • Total supply

    You also need to enter the number of tokens that will be issued for this DAO.

    The maximum value of the total supply can be the number 2^128.

  • Allow mint

    This is a permission to emission DAO tokens. It is enabled by default.

    In the future, it will be possible to disable the emission of DAO tokens through proposal and voting in the Settings section.

    Warning

    If you uncheck this option, the number of tokens issued for this DAO will be capped to the number entered during the initial setup

Click Create organization.

The DAO tab will open after its creation.

"},{"location":"working-with-gosh/gosh-web/#overview-of-the-dao","title":"Overview of the DAO","text":"

All information about your DAO and its activities will be displayed here.

Information about DAO assets is displayed on the right.

  • DAO total supply - the total issue of tokens of this DAO.

  • DAO reserve - unallocated tokens.

    Push on the Send button, you will create an proposal to transfer tokens from the DAO reserve to the DAO member.

    Push on the Mint button, you will create an proposal to mint additional tokens for this DAO.

  • Your wallet balance - the amount of tokens you have in this DAO.

    Info

    When creating a DAO, 20 tokens from the DAO reserve will be issued to your wallet.

    Push on the SEND button, you will to transfer your tokens to the DAO reserve or to the GOSH user.

  • Karma - the amount of tokens (upper limit) within which a DAO member can vote.

    It is assigned when accepted as a member of the DAO. This determines the reputation of the DAO member. The Karma can be changed only by voting.

  • Members - total number of DAO members.

    From here you can also send an invitation to become a member of the DAO.

  • Recent proposals

Information and status of the recent proposals will be displayed in this section. Click on the name of the proposal you can go to the event page and vote.

  • In the Repositories section, you can quickly find or create a repository.

  • DAO system repository

The _index is a DAO system repository that is created automatically.

Info

After creating the DAO, it will already contain a text file with a brief description of your DAO, which you added in the settings earlier.

To add a README for your DAO, go to the _index repository or follow the link in this section.

Make sure you are in the main branch and click Add file button.

Enter file contents and name.

You can use Preview if needed. MD syntax is supported for preview.

After scroll down and enter commit info:

  • Commit description - you can add a description of your commit;

  • Commit tags - this is a mutable pointer of the commit. You can add the tag to quickly go to this commit and see what has been done;

  • Select a task - if you want to attach your commit to the solution of the Task, then select the desired task from the list;

  • and add Assigners, Reviewers and Managers if necessary.

If a Task has been selected, check the Create proposal box.

And click Commit changes

After that a proposal to the pull request will be created.

When the proposal to the pull request is accepted, the description of the DAO will appear on the Overview tab.

"},{"location":"working-with-gosh/gosh-web/#dao-set-up","title":"DAO Set up","text":"

You can continue with the initial setup the DAO in the Settings tab.

In the Token Setup section, you can create a proposal to ban the issue of tokens from this DAO by unchecking the box.

Warning

After the ban on the issue of DAO tokens, it will be impossible to allow the issue.

In the Proposal setup section you can enable/disable the option to view the voting results before it ends.

And also allow or prohibit discussion when working with proposals.

In the Members setup section you can grant or deny external users the ability to request membership in this DAO.

Then add a comment on changing the settings for other members of the DAO and click Save changes and start proposal.

Info

All settings and actions in the DAO will be performed the voting procedure.

"},{"location":"working-with-gosh/gosh-web/#upgrade","title":"Upgrade","text":""},{"location":"working-with-gosh/gosh-web/#basic-information","title":"Basic information","text":"

When a new version of contracts is released in GOSH, the user needs to upgrade their contracts.

The upgrade is initiated by the proposal.

Warning

Make sure that the proposal for such an update has not yet been created.

Info

Complete all proposle before starting the upgrade. All uncompleted proposals will be rejected and will not be transferred to the upgraded version.

You can see a message about the availability of a new version and an invitation to update in the DAO.

Depending on which version you currently have, choose the appropriate update method.

It is recommended to upgrade to the latest version.

Info

All token holders after upgrading the DAO must transfer their tokens from previous versions.

"},{"location":"working-with-gosh/gosh-web/#from-version-1-to-version-2","title":"From version 1 to version 2","text":"

You can switch to the Upgrade section from the new version message or go to the Settings tab.

Select the version you want to upgrade and click Create proposal for DAO upgrade:

You will be taken to the DAO tab with events.

After accepting the proposal, the procedure for updating your DAO will begin.

Then you need to update all the Repositories.

To do this, go to their tab and click Get repositories

and then click Start repositories upgrade to create a proposal.

On the DAO tab, vote for the proposal to create a repository.

After the proposal is accepted, the contract version will be upgraded.

"},{"location":"working-with-gosh/gosh-web/#from-version-2-to-version-3","title":"From version 2 to version 3","text":"

The Tasks were added in contracts version 2.

Uninitialized Tasks will not be migrated to the new version. You will need to create these tasks in the new version.

Warning

Before starting the update make sure that there are commits in the Tasks.

Go to the Settings tab or follow the link in the upgrade message.

Select the version you want to update and click Create proposal for DAO upgrade

You will be taken to the DAO tab with events.

Inside the event, you can get acquainted with the details of the proposal.

After accepting the proposals, the DAO update process will begin. Before continuing, you need to transfer your tokens.

To do this, go to the Overview tab in the Your wallet balance section and click Transfer from previous version.

You can also do this on the Members tab.

Then you need to update the DAO repositories and tags. To do this, click upgrade in the information message

and go to the repository uprade page. Click Get repositories.

Then click Start repositories upgrade to create a proposal.

The process will be displayed below:

As a result, you will be redirected to the DAO events page.

The details of the Multi proposal can be found at the event.

Then click tasks upgrade page in the information message

and click Start tasks upgrade on the page that opens.

You will be taken to the DAO tab with events.

After accepting the proposal, the tasks will be transferred from the previous version and the contract upgrade to version 3 will be completed.

"},{"location":"working-with-gosh/gosh-web/#from-version-3-to-version-4","title":"From version 3 to version 4","text":"

Uninitialized Tasks will not be migrated to the new version. You will need to create these tasks in the new version.

Warning

Before starting the update make sure that there are commits in the Tasks.

Go to the Settings tab or follow the link in the upgrade message.

Select the version you want to update and click Create proposal for DAO upgrade

You will be taken to the DAO tab with events.

Inside the event, you can get acquainted with the details of the proposal.

After accepting the proposals, the DAO update process will begin. Before continuing, you need to transfer your tokens.

Info

Starting from the 5th version, tokens are transferred automatically.

Warning

If, at the time of the upgrade, you still have tokens that were locked into voting in previous versions of the DAO, then these tokens will be transferred only after the expiration of the proposal.

If you have a DAO version lower than the 4th inclusive, then to transfer tokens go to the Overview tab in the Your wallet balance section and click Transfer from previous version.

You can also do this on the Members tab.

Then you need to update the DAO repositories and tags. To do this, click upgrade in the information message

and go to the repository uprade page. Click Get repositories.

Then click Start repositories upgrade to create a proposal.

The process will be displayed below:

As a result, you will be redirected to the DAO events page.

The details of the Multi proposal can be found at the event.

Then click tasks upgrade page in the information message

and click Start tasks upgrade on the page that opens.

You will be taken to the DAO tab with events.

After accepting the proposal, the tasks will be transferred from the previous version and the contract upgrade to version 4 will be completed.

"},{"location":"working-with-gosh/gosh-web/#proposals-and-voting-in-smv-soft-majority-vote","title":"Proposals and voting in SMV (Soft Majority Vote)","text":"

Actions that require a DAO vote are performed by creating a proposal.

Warning

To create an proposal, you must have at least 20 tokens on your wallet balance.

  • Create a pull request
  • Add branch protection
  • Remove branch protection
  • Add DAO member
  • Remove DAO member
  • Upgrade DAO
  • Delete task
  • Create task
  • Create repository
  • Add voting tokens
  • Add regular tokens
  • Mint DAO tokens
  • Disable minting DAO tokens
  • Change DAO member Karma

  • Multi proposal - includes several offers at once.

    For example: adding members to the DAO by another DAO member

  • Allow event discussions
  • Show event progress
  • Ask DAO membership allowance

To vote for the proposal, some of your tokens must be be allocated to SMV (once the proposal is completed), you can get them back.

Info

You can vote for a proposal only once.

For example, to merge into main, create a pull request from some other branch. A proposal will be generated and will appear on the DAO tab.

Open the proposal and review the contents.

The voting period is indicated on the proposal page. This is the time allotted for voting.

Unless a decisive majority of >50% Global Karma Count is achieved early, votes will be counted at the end of this period.

Info

Global Karma Count is the total amount of Karma calculated by summing up the Karma of all DAO members at the time of the proposal creation.

Once you have made a decision, input the amount of tokens, select Approve or Reject and click Vote for proposal. Vote registration can take a bit of time.

Info

As per the rules of Soft Majority Voting, to have a proposal approved early, you need at least 50% of the total supply of tokens in the repository + 1 token used to vote for the proposal.

For example, in a repository with two members, where the total supply of tokens is 200, 101 token needs to be used to instantly approve a proposal. Thus with every member holding 100 tokens a proposal can never be instantly completed without the participation of members other than the proposal's author.

On the other hand, so as not to depend on all members of an organization to vote, soft majority vote will complete with an approval at the end of the voting period, if 10% of the total token supply were used to vote for, and no one voted against.

The more tokens are sent against the proposal, the higher the approving amount needs to be (up to 50% of the total supply + 1 token) for the proposal to pass.

Other members of the Organization, who have transferred their tokens to SMV, will be able to vote for the proposal on this page in their own accounts.

Info

Currently, even in organizations with a single member, voting still takes place when a proposal is created. 51 tokens are needed to approve a proposal in such a repository.

Once a majority has been reached early, or the voting period ended and the soft majority vote result was decided, the proposal completes and the proposed action is performed.

"},{"location":"working-with-gosh/gosh-web/#working-with-tokens-and-karma","title":"Working with tokens and Karma","text":""},{"location":"working-with-gosh/gosh-web/#additional-minting-of-tokens-for-dao","title":"Additional minting of tokens for DAO","text":"

Warning

The option allowing the minting of DAO tokens must be enabled on the Settings tab in the Token Settings section.

Click on the Mint button on the right on the Overview tab in the DAO Reserve section. You will create an proposal to mint additional tokens for this DAO.

In the window that appears, enter the amount of tokens to emission and add a description of the DAO members. Then click Create proposal to mint tokens

After creating the proposal, you will be redirected to the DAO tab with events.

Inside the event, you can get details of proposal.

After the proposal is accepted, the changes will take effect.

"},{"location":"working-with-gosh/gosh-web/#additional-voiting-tokens-and-karma","title":"Additional voiting tokens and Karma","text":"

Any member of the DAO can send a request to change Karma. To do this, go to the Members tab and change the number of Karma and token balance of one or more DAO members, including for yourself.

Warning

To create an proposal, you must have at least 20 tokens on your wallet balance.

Warning

Be careful when distributing karma among the members of the DAO. Avoid the possibility of a preponderance in the votes of one of the DAO members. To avoid a situation where one participant will be able to transfer the entire balance of the DAO to his wallet.

Then click Save changes and create proposal. As a result, a Multi proposal will be created and you will be redirected to the event tab Dao.

Inside the event, you can get details of Multi proposal.

After accepting the multi proposal, the user will receive tokens and Karma from DAO reserve. This can be seen on the Members tab.

"},{"location":"working-with-gosh/gosh-web/#transfer-of-tokens-from-dao-reserve","title":"Transfer of tokens from DAO reserve","text":"

Tokens can be sent from the DAO reserve to

  • a member of this DAO;
  • any GOSH user, who has visited this DAO at least once.

To do this, on the Overview tab in the DAO reserve section, click Send.

In the window that opens, enter the name of the GOSH user or the name of the DAO and the amount of tokens to send.

If you want the recipient's Karma to increase jointly with the token balance, then check this box. Also write a description for the token transfer. This will help the DAO members to make a decision when voting.

Warning

Be careful when distributing karma among the members of the DAO. Avoid the possibility of a preponderance in the votes of one of the DAO members. To avoid a situation where one participant will be able to transfer the entire balance of the DAO to his wallet.

Then click Create proposal to send tokens

After creating the offer, you will be redirected to the DAO page with events.

Inside the event, you can see detailed information about the proposal.

After the proposal is accepted, the tokens will be transferred to the balance wallet of the GOSH user or DAO.

"},{"location":"working-with-gosh/gosh-web/#transfer-of-tokens-from-users-wallet","title":"Transfer of tokens from user's wallet","text":"

Tokens can be sent from the DAO reserve to

  • a member of this DAO;
  • any GOSH user, who has visited this DAO at least once.

Info

Only regular tokens are transferred. You will not be able to vote with such tokens.

To send tokens from your wallet to the DAO, go to the Overview or DAO tab on the Your wallet balance section and click Send.

In the window that opens, enter the name of the member of the DAO and the amount of tokens to send. Then click Send tokens

After that, the tokens will be transferred to the recipient's wallet balance.

"},{"location":"working-with-gosh/gosh-web/#working-with-dao-members","title":"Working with DAO Members","text":""},{"location":"working-with-gosh/gosh-web/#adding-members-to-dao","title":"Adding Members to DAO","text":"

Membership in the DAO can be obtained in several ways.

The user can be invited to the DAO using a special form or by an invitation link.

Also, the user can independently create a membership request in the DAO.

Info

Adding a member to the DAO is possible only through an proposal.

Depending on the chosen path, tokens and Karma will be distributed immediately after acceptance proposal, or additional proposals will need to be created for this.

"},{"location":"working-with-gosh/gosh-web/#adding-by-gosh-username-or-e-mail","title":"Adding by GOSH username or e-mail","text":"

A DAO member can create a proposle to add GOSH user into the DAO.

To do this, go to the tab Members in the section Invite user to DAO.

  • If you know the GOSH username, then enter it.

  • If you don't know the name or the user doesn't have a GOSH account yet, enter their email address.

Info

The email address will change to the GOSH username if the user has given permission during registration so that it can be found by email.

Offer the amount of karma for him and please comment your decision.

Info

You can send an invitation proposal to several users at once.

And click Send invite.

Info

At the same time, a multi proposal will be created to add DAO members and provide voting tokens.

Go to the DAO tab and select the desired event for voting.

"},{"location":"working-with-gosh/gosh-web/#invite-by-link","title":"Invite by link","text":"

You can invite a user to the DAO by generating an invitation link for them.

Warning

Enable \"Allow external users to request DAO membership\" option in DAO settings to enable invites by email/link.

To do this, on the tab Members in the section Invite user to DAO click on Get one-time invitation link.

Info

The link to the invitation can only be used one time.

All active invitation links will be displayed in the section on the right.

When the invited user creates a membership proposle in the DAO, the link entry disappears.

You can also deactivate the link click on the Revoke.

When the user clicks the link, they will be able to create an account or log into GOSH.

Then input a short nickname or and click Create account and continue.

Enter a short comment who are you and click Accept invitation.

On the event page that opens, you can find a request for your acceptance as a member of the DAO.

Click on it you can track the results of voting and discussions.

After the proposal is accepted, its status will change to Accepted

Info

You will be able to request voting tokens after you are accepted into the DAO by creating your proposal.

"},{"location":"working-with-gosh/gosh-web/#request-dao-membership","title":"Request DAO membership","text":"

You can create a membership request in the DAO yourself. To do this, you need to know the link to this DAO.

Info

Only a registered user will be able to create a membership request.

Follow this link and you will see the overview tab of the DAO you are interested in.

Click Request membership.

In the window that opens, write who you are and why you want to become a member of this DAO. This description will help the members of the DAO to make a decision when voting.

Then click Create proposal.

On the event page that opens, you can find a request for your acceptance as a member of the DAO.

After the DAO members vote, the status of your request will change to Accepted or Rejected

You can follow the voting and discussion by opening the event.

"},{"location":"working-with-gosh/gosh-web/#delete-members-from-the-dao","title":"Delete Members from the DAO","text":"

To delete a member from the DAO, go to the Members tab and click on the cross to the desired member.

Warning

To create an proposal, you must have at least 20 tokens on your wallet balance.

Confirm the deletion by clicking OK.

As a result, a Multi proposal will be created and you will be redirected to the event tab Dao.

The details of the multi proposl can be seen by going to it.

After voting and accepting multi proposal, the user will be deleted from the list of members of the DAO.

The Karma of the deleted user will be equal to 0. But the tokens, if they were, will stay on the balance of the user's wallet.

Then click Save changes and create proposal. As a result, a Multi proposal will be created and you will be redirected to the event page Dao.

Inside the event, you can get details of Multi proposal.

After accepting the multi proposal, the user will receive tokens and Karma from DAO reserve. This can be seen on the Members tab

"},{"location":"working-with-gosh/gosh-web/#delete-members-from-the-dao_1","title":"Delete Members from the DAO","text":""},{"location":"working-with-gosh/gosh-web/#whats-next","title":"What's next?","text":"

Set up Git Remote Helper and continue working with your repository.

You'll need your wallet credentials. Go to the main page of your account and click User Settings.

Scroll down to the Git remote config section, click Show and unlock with PIN code

Download the configuration file by clicking on the icon and save it to folder ~/.gosh

To view the command to clone your repo, click the Clone button on your repo page.

"},{"location":"working-with-gosh/gosh-web/#working-with-repository","title":"Working with Repository","text":""},{"location":"working-with-gosh/gosh-web/#create-repository","title":"Create Repository","text":"

To create a repository in your DAO click Create new in the Repositories section or Overview section.\u200b

Enter repository name and its description and click Create repository.

Warning

The repository name must contain only Latin letters, numbers,hyphen, underscore character( a...z, 0...9, -, _ )

A page with DAO events will open for you.

Open the event click on its name.

The page that opens displays the name of the proposal, its status, and the time of creation and as well as the end of voting.

The scale shows the number of votes for the proposal and against.

Specify the number of tokens less than or equal to your Karma for voting and accept or reject this proposal.

Add your opinion about the proposal to the discussion below and click Send vote

The created repository will appear in the list on the Repositories tab.

"},{"location":"working-with-gosh/gosh-web/#create-branch","title":"\u200bCreate Branch","text":"

Repository is created with default main branch. To create another branch, click on the branches counter.\u200b

Select the branch to be forked, enter new branch name, and click\u200b Create branch.

Warning

The branch name must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

Once the branch is created, it will appear in the branches list.

Switch to it via drop down list.

"},{"location":"working-with-gosh/gosh-web/#create-file","title":"Create File","text":"

To create file, click Add file button.

Enter file contents and name.

You can use Preview if needed. MD syntax is supported for preview.

After scroll down and enter commit info:

  • Commit description - you can add a description of your commit;

  • Commit tags - this is a mutable pointer of the commit. You can add the tag to quickly go to this commit and see what has been done;

  • Select task - if the branch is not protected and your file is a solution to a problem, you can choose a particular task;

  • and add Assigners, Reviewers and Managers if necessary.

and click Commit changes

If the branch you are working in requires no voting to confirm commits, the file will be added. Otherwise a DAO vote will be initiated.

Commit status will be displayed below.

"},{"location":"working-with-gosh/gosh-web/#create-pull-request","title":"Create Pull Request","text":"

Click on the Pull requests tab and set up the pull request: what branch to merge from and to. Once selected, click Compare.

The branches will be compared. Review the changes, set up the pull request and click Commit changes.

Info

Note: When merging into the main branch, and in some other cases (depending on DAO setup), a DAO proposal will be initiated by trying to commit.

Organization Tokens have to be sent to the DAO Soft Majority Vote contract to start a proposal for DAO members to vote on.

"},{"location":"working-with-gosh/gosh-web/#add-protection-for-a-branch","title":"Add protection for a branch","text":"

If you want the changes to be added to the branch based on the voting results, then add protection to the branch.

This can be done by creating an appropriate proposal.

To do this, go from the Repositories tab to the repository you need.

Then, on the Branches tab, click the Protect button for the branch to which you want to add protection.

After creating the proposal, you will be redirected to the DAO page with events.

Inside the event, you can get details of proposal.

After the proposal is accepted the branch is marked as protected. A commit can be made to it only by voting.

"},{"location":"working-with-gosh/gosh-web/#remove-protection-for-a-branch","title":"Remove protection for a branch","text":"

If the branch no longer needs protection, you can remove it by initiating appropriate proposals.

To do this, go from the Repositories tab to the repository you need.

Then, on the Branches tab, click the Unprotect button for the branch to which you want to add protection.

A vote will be created and you will be redirected to the DAO page with events.

Inside the event, you can get details of proposal.

After accepting the proposal, the protection mark will be removed from the branch. Now everyone can upload changes to the branch without voting.

"},{"location":"working-with-gosh/gosh-web/#adding-comments-to-file","title":"Adding comments to file","text":"

You can add a comment to any line in the file.

Info

Comments are linked to a specific comment.

To do this, open the file and hover over a line or block of lines and click on the blue icon that appears on the left.

In the window that opens, enter your comment and click on the blue circle with an arrow to send it.

The comment line will be marked with a red icon on the left.

A thread of comments and replies to them will open on the right.

The discussion can be resolved. To do this, click the appropriate button:

Info

The discussion can be resumed if a new comment has been added to it.

Up to 3 discussions can be expanded in one line. You can switch between them.

"},{"location":"working-with-gosh/gosh-web/#adding-comments-to-pull-request","title":"Adding comments to Pull Request","text":"

You can also add comments to Pull Request. To do this, go from the DAO events page to the Pull Request vote in the Pull request diff section. you can leave comments on any line or block of lines in the same way as in commenting on a file.

"},{"location":"working-with-gosh/gosh-web/#working-with-task","title":"Working with Task","text":""},{"location":"working-with-gosh/gosh-web/#create-task","title":"Create Task","text":"

To create a Task, go to the Tasks tab and click Create Task

Then you need to fill in the Task conditions.

The result of the Task should be a pull request to include changes in the repository.

Select the repository for which the Task is being created.

Add the Task name.

You can add 3 tags separated by spaces to quickly find the task.

Then you need to evaluate the Task.

Task cost is the number of tokens that will be paid from the DAO reserve for its execution.

Info

The members of the DAO agree between themselves how to evaluate the Tasks.

After attaching a pull request to the Task, the tokens will be distributed between the author, reviewer and manager in the ratio you set.

Commit author - the person who executes the Task. Reviewer - the person who checks the correctness of the Task. Manager - the person who manages the Task execution process.

Info

The number of authors, areviewers and managers is set at your choice.

Select vesting and lock periods.

Lock (cliff) - the period after which the reward payments will begin. The countdown will start after accepting the proposal about completing the Task. Vesting - rules for transferring the fixed part of the tokens to the disposal of the contractor.

For example, lock - 12 months, vesting - 2 months.

Warning

In order for the investment scheme to be correct, the smaller of the number of tokens allocated to the members of the task must be a multiple of the number of months of investment.

Add a comment the token distribution rules and click Create task and start proposal

After creating the proposal, you will be taken to the DAO tab with events.

Inside the proposal you will be able to see all the conditions of the Task. In the table you can see the period since which month and in what parts the payments will be made to the members of the Task.

After accepting the proposal, the Task will appear in the list on the Tasks tab with the status Awaiting commits.

Info

When creating a Task the tokens (Task cost) from the DAO-reserve are written off and reserved on the Task-contract.

When the Author has completed the Task, he adds it to the commit.

Info

If you need to make several commits to complete a Task,, create a separate branch.

And do Select task when creating the proposal to the pull request.

Select the Task performed(s), reviewer(s), manager(s) if they worked on the task. The allocated shares of those who were not specified will be returned to the DAO-reserve.

After that a proposal to the pull request will be created.

Detailed information can be viewed by going to it on the DAO tab with events.

If the reviewer was specified during the commit, the event will wait for verification from them.

Then, after the reviewer send the solution, it will be possible to vote for the proposal. When the pull request is accepted, the Task status will change to Confirmed.

After the lock period ends, the members of the Task can receive a reward. To do this, go to the Tasks tab in the completed Task and click Claim reward.

Note

If Lock period (cliff) has been set to zero, then you can click Claim reward immediately after accepting the pull request.

Thus the tokens will begin to be transferred to the wallets of the members of the completed Task in accordance with the vesting scheme when the lock period ends.

"},{"location":"working-with-gosh/gosh-web/#delet-task","title":"Delet\u0435 Task","text":"

To delete a Task, go to it on the Tasks tab. And click to Delete task

After creating a proposal about deleting a Task, you will be redirected to the event tab Dao.

When the proposal is accepted, the Task will be deleted. The tokens allocated for this Task will be returned to the DAO reserve.

"},{"location":"working-with-gosh/verify-images-in-docker-extension/","title":"Verify Images in Docker Extension","text":"

Once you have pulled a GOSH image someone else built and uploaded to dockerhub, you can verify, that it was build from the exact code on GOSH that it claims to be built from.

To do that, go to Containers Tab in Docker Extension.

Your containers and their hashes are listed on this tab.

Scroll left to see the GOSH repository link it claims to be build from.

Click Validate.

GOSH docker extension will read the hash of the container, rebuild the container from the specified repository, compare resulting hash and report whether the hashes match.

"}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Git Open Source Hodler","text":"

(Yes, it's Hodler).

GOSH is a blockchain built around securing the software supply chain and capturing the immense value in open source projects. This is achieved through record-setting blockchain tech, distributed programming, and a decentralized architecture - integrated into the same familiar git, meaning there is no change to the workflow.

"},{"location":"#motivation","title":"Motivation","text":"

The Software Supply Chain is a high-impact area. Yet there exists a distinctive lack of secure, trustless, verifiable, and transparent delivery of source code/binaries to developers and users in all software fields. Storing your code on a git means it has an owner, a single point of control, which leads to security vulnerabilities. Currently there is no industrial solution available that is not centralized and thus not dependent on the decisions of a few actors. The main way in which GOSH solves this issue is through allowing developers to build consensus around their code, so the more code is written, the more secure it becomes.

"},{"location":"#objective","title":"Objective","text":"

To create a truly decentralized development environment so that open source repositories can be run, governed, and monetized collectively. All the while, mitigating security and transparency issues arising from a conventional software supply chain.

"},{"location":"#architecture","title":"Architecture","text":"
  1. Build a scalable multithreaded, multisharded content addressable blockchain
  2. Implement Git using smart contracts
  3. Implement DAO on top of that Git to allow building consensus around the code
  4. Formally verify the smart contracts
  5. Represent all entities by hashes (container images, git commits, bl\u043ebs, pull requests etc.);
  6. Allow anyone to add some metadata with signature to any entity;
  7. Allow anyone to decide whose metadata to trust;
  8. Build chain/tree of trust: dependencies can be organized using the same architecture, and containers built
"},{"location":"#instruments-and-utilities","title":"Instruments and utilities","text":"

A variety of utility tools to assist with all the aspects of the solution are under active development. Explore the tools available now to get started with GOSH:

  • create and manage your on-chain repositories through GOSH Web or directly in the Docker Extension
  • work with on-chain repository as if you use a regular git repository with Git Remote Helper
"},{"location":"anytree-all/","title":"AnyTree","text":""},{"location":"anytree-all/#overview","title":"Overview","text":"

GOSH introduces AnyTree \u2014 the first software deployment system secured by the blockchain.

With AnyTree, any mutations of your code, down to every dependency, as well as operations, including builds and every artifact, are logged, timestamped, signed, and verified when used on GOSH

Use AnyTree on GOSH to benefit from added security, not only for your builds, but also the source code itself. Every single object in code delivered by AnyTree on GOSH is wrapped in a special executable ontology object, making GOSH AnyTree an unparalleled tool to allow businesses to log, and clearly tell what they are deploying where

GOSH AnyTree works with any Git storage. There\u2019s no need to change workflows, no need to upload any private or public repositories to any external service, and you can keep using your favorite package managers, and be sure that your software supply chain is secured by AnyTree

It\u2019s worth noting, however, that while the integration of AnyTree for Git offers an enhanced layer of security, it might not include the full array of features available on GOSH.

Info

The current version of AnyTree only supports Linux.

"},{"location":"anytree-all/#working-with-anytree","title":"Working with AnyTree","text":"

Detailed info can be found here or use quick start.

"},{"location":"anytree-all/#quick-start","title":"Quick start","text":"

  1. Install Git Remote Helper using the installation script

    wget -O - \\\nhttps://raw.githubusercontent.com/gosh-sh/gosh/dev/install.sh \\\n| bash -s\n

    Checking the installation results.

  2. Install AnyTree using the installation script

    wget -O - \\\nhttps://raw.githubusercontent.com/gosh-sh/anytree/dev/install.sh | bash -s\n
    export PATH=$PATH:$HOME/.gosh\n

    By default, script installs latest release to the default path $HOME/.gosh/, but you can customize it with env variables:

    TAG=0.3.0 BINARY_PATH=/usr/local/bin ./install.sh\n

    You can check installation by running:

    anytree --help\n

  3. Setup a GOSH project

    You need a GOSH repository. If you haven't used a GOSH-repository you can upload your github-repository to GOSH through onboarding or create a GOSH-account and create a new one.

    Go to your GOSH-repository

    and run:

    gosh init\n

  4. Generation SBOM file

    Prerequisites:

    • Docker
    • Python3 with pip (required to generate a SBOM-file)

    To create artifacts, you will need an SBOM file created according to the Cyclone DX specification

    Info

    The example file can be viewed here: https://github.com/gosh-sh/anytree/blob/dev/tools/python/sbom.json

    If you have a Rust project, you can generate an SBOM file using the script generate-sbom.py (scripts for other programming languages will coming soon)

    Note

    either copy script to your cargo project and run python3 generate-sbom.py or check and configure variables in script

    Info

    If necessary, install the dependencies for the script to work. Run in the folder where the script is located:

    pip3 install -r requirements.txt\n

    Possible options are described in the help:

    python3 generate-sbom.py --help\n

    After running the script you should get the following output at the end:

    Updated SBOM written to /home/user/gosh/v5_x/v5.1.0/git-remote-gosh/sbom.json\n

  5. Now you are ready to build artifact

    run:

    anytree build sbom.json\n

    As a result, a binary file of project will be created and you should get similar output at the end:

    Successfully copied 15.8MB to /home/user/.cache/anytree/builder/anytree-builder-5aba4439-2642-4b7f-bc3c-affd8c9839fd/target\n
    And your artifacts will be accessible in this folder

    Warning

    If the hash that was calculated when creating the SBOM file differs from the hash that AnyTree checks, an error like this will be output:

    Tip

    Place the SBOM-file in the same folder where GOSH.yaml is located.

"},{"location":"anytree-all/#working-with-anytree-without-gosh","title":"Working with AnyTree without GOSH","text":"

Prerequisites:

* Docker\n* Python3 with pip (required to generate a `SBOM-file`)\n

  1. Install AnyTree

    wget -O - https://raw.githubusercontent.com/gosh-sh/anytree/dev/install.sh | bash -s\n
    export PATH=$PATH:$HOME/.gosh\n

    By default, script installs latest release to the default path $HOME/.gosh/, but you can customize it with env variables:

    TAG=0.3.0 BINARY_PATH=/usr/local/bin ./install.sh\n

  2. Now you need the SBOM file.

    Prerequisites:

    • Docker
    • Python3 with pip (required to generate a SBOM-file)

    To create artifacts, you will need an SBOM file created according to the Cyclone DX specification

    Info

    The example file can be viewed here: https://github.com/gosh-sh/anytree/blob/dev/tools/python/sbom.json

    If you have a Rust project, you can generate an SBOM file using the script generate-sbom.py (scripts for other programming languages will coming soon)

    Note

    either copy script to your cargo project and run python3 generate-sbom.py or check and configure variables in script

    Info

    If necessary, install the dependencies for the script to work. Run in the folder where the script is located:

    pip3 install -r requirements.txt\n

    Possible options are described in the help:

    python3 generate-sbom.py --help\n
    usage: generate-sbom.py [-h] [--cargo-lock CARGO_LOCK_PATH] [--cargo-toml CARGO_TOML_PATH] [--initial-sbom INITIAL_SBOM_PATH]\n                        [--sbom-output SBOM_OUTPUT_PATH] [--project-src PROJECT_SRC_PATH] [--project-commit PROJECT_COMMIT]\n                        [--project-url PROJECT_URL]\n\nGenerate software bill of materials (SBOM) for Rust project\n\noptions:\n-h, --help            show this help message and exit\n--cargo-lock CARGO_LOCK_PATH\n                        Path to Cargo.lock file. Default - ./Cargo.lock\n--cargo-toml CARGO_TOML_PATH\n                        Path to Cargo.toml file. Default - ./Cargo.toml\n--initial-sbom INITIAL_SBOM_PATH\n                        Optional. Path to initial SBOM JSON file if need to append existing SBOM. Default - initial-sbom.json. Will ignore\n                        if file doesn't exist.\n--sbom-output SBOM_OUTPUT_PATH\n                        Path to output SBOM JSON file. Default - sbom.json\n--project-src PROJECT_SRC_PATH\n                        Path to the Rust project source if not in root git directory. Not relates to local file system path. Relates to\n                        path inside repo structure. For example we can use v5_x/v5.1.0/git-remote-gosh which means https://github.com/gosh-\n                        sh/gosh/v5_x/v5.1.0/git-remote-gosh\n--project-commit PROJECT_COMMIT\n                        Commit of the project. Default - commit parsed with 'git rev-parse HEAD' command in dir where Cargo.lock is\n                        located.\n--project-url PROJECT_URL\n                        URL of the project's repository. Default - project URL parsed with 'git config --get remote.origin.url' command in\n                        dir where Cargo.lock is located.\n

    For_example

    Run the generation of the SBOM-file for the rust project Git Remote Helper latest version:

    python3 ~/gs/generate-sbom.py --cargo-lock ~/gosh/v5_x/v5.1.0/git-remote-gosh/Cargo.lock --cargo-toml ~/gosh/v5_x/v5.1.0/git-remote-gosh/Cargo.toml --sbom-output ~/gosh/v5_x/v5.1.0/git-remote-gosh/sbom.json --project-src v5_x/v5.1.0/git-remote-gosh\n

    The script downloads all dependencies specified in cargo.lock, counts all hashes and the generated sbom.json will be placed in the root folder of the project.

    After running the script you should get the following output at the end:

    Updated SBOM written to /home/user/gosh/v5_x/v5.1.0/git-remote-gosh/sbom.json\n

    And generated sbom.json file in the following format https://github.com/gosh-sh/anytree/blob/dev/tools/python/sbom.json

  3. Now you can use sbom.json to build your project. run:

    ```\n    anytree build sbom.json\n    ```\n

As a result, a binary file of project will be created and you should get similar output at the end:

Successfully copied 15.8MB to /home/user/.cache/anytree/builder/anytree-builder-5aba4439-2642-4b7f-bc3c-affd8c9839fd/target\n
And your artifacts will be accessible in this folder

Warning

If the hash that was calculated when creating the SBOM file differs from the hash that AnyTree checks, an error like this will be output:

"},{"location":"ethereum-L2/","title":"GOSH Ethereum L2","text":""},{"location":"ethereum-L2/#overview","title":"Overview","text":"

GOSH is an asynchronous, highly scalable validity rollup which enables any asset on Ethereum blockchain to be transferred into GOSH and vice versa. All ZK Proofs (Zero-knowledge proofs) are prepared on the user side by a Proposer. It then submitted to Independent Collator which receives user input and executes them on GOSH.

Anyone can submit a resulting L2 (GOSH Blokchain) state root to L1 (Etherium Blokchain). Randomly selected Verifiers run the state transition periodically and slash Collators in case of a fraud via decision by L1. Verifiers are slashed for false fraud alerts. If Collator is censoring users' transactions, it is possible to force the transaction via L1. Anyone can publish L2 state root but only Collator can propose L2 state change.

Constraints:

  • L1 can\u2019t have the L2 entire state (L2 state is too large)
  • There must be a mechanism to move funds from L2 even if: L2 is not moving; L2 has banned specific accounts
  • EVM and TVM are different. TVM is a reference VM for the L2 chain. This means that even if L1 has a state it can\u2019t execute transactions to verify correctness. But it can execute ZKP which will prove the correctness of operations in the particular circuit
"},{"location":"ethereum-L2/#development-process","title":"Development process","text":""},{"location":"ethereum-L2/#stage-1-trustless-bridge-kinda","title":"Stage 1: Trustless Bridge, kinda","text":"

Info

At this stage we assume: L2 fully trusts L1, it knows Validators (Committee) PubKeys and can always validate the chain of L1 blocks. We do not validate the smart contract execution on L2. We protect against any malicious 3rd party except for L1 and L2 Validators.

As an example we will talk about ETH moving from Ethereum mainnet into WETH Asset on GOSH L2 Blockchain and back. In general any asset on Ethereum can be supported with necessary adjustments made to ELOCK smart contract Deposit/Withdrawal functions.

Since GOSH uses ed25519 we use a double signature envelope scheme to prove signatures on GOSH to ELOCK Smart Contract on Ethereum (we could use ZKP to prove the ed25519 or a precompile proposed EIP665 whenever either of those solutions will be production ready).

The scheme for transferring assets from the Etherium to GOSH

The scheme for transferring assets from the GOSH to Etherium

Info

What we don\u2019t cover at this Stage?

  • L2 contract execution is not validated (no validity or fraud proofs)
  • Funds retrieval function in case of L2 censored / stopped
  • L1 Funds retrieval is complicated and expansive
"},{"location":"ethereum-L2/#stage-2-optimistic-roll-up-kinda","title":"Stage 2: Optimistic roll-up, kinda","text":"

Info

At this stage we add fraud and execution proofs for TIP-3 \u0441ontracts.

The Proposer constructs the TIP-3 execution proof and sends it together with block proofs. If the execution is correctly proved the funds can be withdrawn immediately. If the Proposer does not wish to pay the gas fees for ZKP execution it can supply the withdrawal request without any proof but with a bond. In which case the withholding period will be activated (hence optimistic rollup). Another Proposer can verify the correctness of execution of the TIP-3 in the proposed batch and if found incorrect execution can supply the fraud proof (consisting of proof of the correct execution of the corrupted TIP-3 transaction and proof of block tree hashes which will be incompatible with hashes provided by the first Proposer) and collect the Proposer Bond.

At this stage we have added a mechanism of Fraud proof of L2 validators making the network effectively on par with security assumptions of other \u043eptimistic rollups, but also providing a mechanism for immediate Validation of token contract execution on L2 network. We do not prove the whole network, but do we really need to? What difference does it make if the rest of state transition is corrupted if the contracts holding L1 balances are correct?

Info

What we don\u2019t cover at this Stage?

  • Funds retrieval function in case of L2 censored / stopped
  • L1 funds retrieval is complicated and expansive in case of immediate withdrawal
"},{"location":"ethereum-L2/#stage-3-validium-zkp-roll-up","title":"Stage 3: Validium ZKP roll-up","text":"

At this stage we are adding external Verifiers and putting a bond of L2 Collators on Ethereum mainnet. Verifiers will be able to supply fraud proofs as well as data availability proofs.

The Verifiers have the ability to slash the L2 Collators in case of misbehavior by supplying ZKPs proving the wrong block production, or by successfully challenging data availability proofs making it effectively an Ethereum Sharding design, since GOSH is multithreaded, multisharded blockchain.

Let\u2019s remember that Zero Knowledge Proofs are probabilistic. The Verifier check protocol is probabilistic as well. The ZKP does not prove that every operation on the L2 blockchain is correct because that would not only be costly but not necessarily increase the probability of the correctness in respect to Verifiers check.

Let's say we have S threads and N validators, out of which M are malicious. For each thread, we choose L validators that will sign the block. If a group of validators gathers at least C malicious ones, the attack is considered successful. Let's calculate the probability of an attack on a single thread.

The total number of ways to choose validators for a thread is \\(C _{N} ^{L}\\)

Let i be the number of malicious validators gathered in a thread. To find the number of ways to choose at least C malicious validators, we need to multiply the number of ways to choose malicious validators by the number of ways to choose regular validators.

That is \\(C _{M} ^{i} * C _{N-M} ^{L-i}\\)

Since we need to gather at least C malicious validators, the total number of ways will be the sum

of i from C to L :

\\[\\displaystyle\\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}\\]

The final probability of an attack on a single thread, without considering verifiers, is

\\[P = \\frac{\\displaystyle\\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{N} ^{L}}\\]

Let \\(T = \\frac{N}{R}\\) where R is some number. A validator becomes a verifier if the remainder of some hash when divided by \\({T}\\) equals zero.

In each round, the probability for a particular validator to become a verifier is \\(\\frac{1}{T}\\). For the attack to be successful, none of the honest validators should become a verifier.

The probability of this is \\((1 - \\frac{1}{T}) ^{N-M}\\)

Thus, the final probability of the attack is

\\[P = \\frac{\\displaystyle\\sum_{i=C}^{L} C _M^i * C _{N-M}^{L-i}}{C _{N} ^{L}} * (1 - \\frac{1}{T}) ^{N-M}\\]

Which is less of an a probability of successful attack on Bitcoin blockchain:

Important

At this stage there is no need to trust L2 Collators with anything. L1 is able to verify all L2 state transitions and L2 can verify L1 contract state transitions. Funds are easily withdrawn from either blockchain. To break the system both L1 and L2 need to be corrupted or stopped simultaneously.

"},{"location":"ethereum-L2/#proof-summary","title":"Proof Summary","text":"What do we Prove How do we Prove it L1 Blocks are correct BLS Signatures check L2 Blocks are correct Validator signatures + Verifiers Fraud Proofs L1 transaction are within the correct blocks Merkle tree proof from Transaction hash to L1 block hash L2 transaction are within the correct blocks Merkle tree proof from Transaction hash to L2 block hash All L1 transactions are provided to L2 from block A to block B Txn count in block a and Txn count in block B are known we can verify that total transaction count transferred to GLOCK is correct and since we have hashes it's impossible to cheat Transaction counts and Balances are correct for L1 Block transmitted to L2 Merkle tree of account states for a particular L1 block All L2 Withdrawal Transactions are transferred to L1 from Block A to Block B Txn count in block a and Txn count in block B are known we can verify that total transaction count transferred to ELOCK is correct and since we have hashes it's impossible to cheat TIP-3 Deposit/Transfer/Withdrawal Transaction Execution is correct ZKP for TIP-3 Circuit Validator set change from last KeyBlock is correct ZKP for Elector contract Circuit Validators Fraud Proofs Fraud detection mechanism by Verifiers"},{"location":"ethereum-L2/#contracts","title":"Contracts","text":"
  • ELOCK
  • GLOCK
  • tip3root
  • tip3wallet
"},{"location":"ethereum-L2/#usage","title":"Usage","text":"

Any DAO on GOSH can become Ethereum Layer 2 with a click of a button. DAO members can choose to have their token available in Ethereum, effectively making any project its own L2. And because GOSH L2 supports ERC-20 Tokenization, we offer easy ecosystem integration for any project...............

"},{"location":"ethereum-L2/#definitions","title":"Definitions","text":"

Proposer is an off-chain program that any user can run on their own machine. It packages all necessary data to prove to GOSH chain that a particular transaction (let\u2019s call them \u201cL2 transactions\u201d) on Ethereum Network took place and vise versa \u2014 to prove to Ethereum ELOCK smart contract (i.e. Ethereum validators) that an L2 transaction took place on the GOSH Blockchain.

Proposer will always accumulate all transactions that are currently not applied to generate the proof, thus ensuring that all transactions of the opposite network are applied. If that is not the case the State Validation function will fail.

ELOCK \u2014 is a GOSH L2 smart contract on Ethereum Blockchain. It receives deposits from users, manage withdrawals and locks user funds. ELOCK is also counting its total balance, total transaction count and stores root Merkle proofs, withdrawal smart contract code hash, etc. for L2 synchronization.

TIP-3 \u2014 is a distributed token smart contract standard on GOSH blockchain. It is formally verified scalable token design for sharded architecture optimized for parallelization.

GLOCK \u2014 is a special TIP-3 Token Root Contract on GOSH Blockchain. Aside from managing TIP-3 distributed token it also manages the deposits and withdrawals of ELOCK assets. It receives external message from Proposers, with Ethereum blockchain proofs signed by Ethereum committee, checks total transaction count consistency, checks Proposer message Merkle proofs, deploy or add to TIP-3 balances to corresponding User addresses.

WITHDRAWAL \u2014 is a smart contract on GOSH that manages user withdrawals. It receives TIP-3 transactions, verifies them and adds transactions to the counter index.

WETH TIP-3 Wallet \u2014 is a custom TIP-3 contract that runs in GOSH Masterchain and in addition to standard functions has Lock/Unlock method. Lock is called when WETH needs to be transferred to Ethereum Blockchain. Lock is proved to ELOCK contract in order to allow for ETH native token withdrawals.

VAULT \u2014 is GOSH Shardchain smart contract that Wraps WETH TIP-3 tokens into tradable assets on GOSH Network

TVM \u2014 is a Custom Virtual Machine GOSH Blockchain uses. For the GOSH L2 release we have added special TVM Opcodes for Ethereum signatures and Hash function, thus TVM smart contract can run Signature Verifications and Calculate Hash functions from Ethereum Data.

"},{"location":"links/","title":"Links","text":"

GOSH website

GOSH Web App

GOSH Blockchain Explorer

GOSH repository

"},{"location":"on-chain-architecture/gosh-smart-contracts/","title":"GOSH smart contracts","text":"

GOSH is open-source and freely available on GitHub and, obviously, on GOSH.

GOSH consists of the following contracts (latest version):

  • VersionController - a contract version manager used when upgrading GOSH smart contracts
  • SystemContract - main contract for hosting any specific version of GOSH smart contracts
  • Profile - a contract for a user's profile on GOSH
  • ProfileIndex - a contract for each user's public key
  • ProfileDao - a contract of a DAO's profile on GOSH
  • GOSHWallet - user wallet for all user interactions with GOSH
  • GoshDao - a contract storing organizations' objects
  • Repository - a contract storing repositorys' objects
  • Commit - a contract storing commits' objects
  • Tree - a contract storing trees' objects
  • Diff - a contract storing diffs' objects
  • Snapshot - a contract storing snapshots' objects
  • Tag - a contract storing gits' tag object
  • DaoTag - a contract responsible for tags in a DAO
  • RepoTagGosh - a contract responsible for tags in a repository
  • Task - a contract storing a task object
  • Topic - a contract storing the description of an object
"},{"location":"on-chain-architecture/gosh-wallet/","title":"GOSH Wallet","text":"

The GOSH blockchain is a system of interconnected smart contracts. Every repository, every file and commit are smart contracts, where data is written to the blockchain.

Writing data to the blockchain requires cryptographic signatures and fees.

For this reason every GOSH user needs to have a wallet and a pair of cryptographic keys.

Every operation on GOSH is carried out by user wallets.

Info

GOSH wallets are written with the express purpose of facilitating open-source development.

Fees on GOSH are not paid to Validators but are instead transferred to the Free Software Giver \u2014 Which funds the GOSH Free Service Area \u2014 these fees are used to replenish the Special User Wallet contracts to automatically pay for gas fees of other contracts in the Free Service Area.

These contracts can only transfer tokens between other contracts within the Area and are not transferable outside, meaning they are pure Utility Tokens. These tokens are SHELL coins, here used as a Unit of Account for Payment Gateways.

So in effect this means any developer can use the GOSH blockchain for free, without paying any gas, and sell their services using Fiat Payment Gateways without a need to KYC/AML. This payment Gateway is built into GOSH.

There are two types of wallets GOSH users can deploy:

  • A DAO Member Wallet, which is deployed to a GOSH user after they become a member of a DAO. This wallet stores both voting and non-voting tokens

  • A Limited Wallet (for non-DAO members), which is deployed to a GOSH user when they view any DAO or if non-voting tokens of any DAO were transferred to them.

    A user with a Limited Wallet in the DAO can:

    • create a proposal to add yourself to the DAO (if it is allowed in the dao);

    • can be assigned as a reviewer to the Task;

    • can create a proposal on PR (coming soon).

Info

For a DAO member, not one wallet is deployed, but a whole system of 64 wallet contracts. This allows for parallelization when sending external messages.

Refer to GOSH Web or Docker Extension sections to find out how to create your account and get started with GOSH.

"},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/","title":"Organizations: GOSH DAO and SMV","text":""},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/#dao","title":"DAO","text":"

Every repository on GOSH is managed as a Decentralized Autonomous Organization - DAO \u2013 a tool that allows every developer to build on GOSH in a way that is decentralized, secure, and scalable.

Every organization has, as a minimum, one member who creates and manages repositories. However, once more than one user is added to a DAO, it is then governed through decentralized management mechanisms.

Your can configure your DAO easily. The main of these mechanisms is voting. Any action in a DAO requires a vote and is created through proposals. For example, a user may propose to commit of file into a repository, and a soft-majority vote (SMV) of all other DAO members may be required to approve it. Branches could be locked to require any changes to them to be voted on by DAO SMV.

"},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/#soft-majority-voting","title":"Soft Majority Voting","text":"

Soft Majority Voting, or SMV for short, is a voting mechanism designed for transparency and optional participation.

The outcome of a Soft Majority Vote is decided by the difference between the number of votes for, and the number of votes against a proposal. If nobody objects, a minimum threshold of approving votes is required for the proposal to pass.

If everyone votes either for or against a proposal, 50% + 1 vote is required for the proposal to pass.

If the only votes given are for the proposal, and no one votes against, 10% approving votes are enough for the proposal to pass immediately.

Everything in between these two extremes is a linear dependency between the percentage of votes against and the percentage of votes for, that is required for the proposal to pass.

For important decisions a more strict super majority approval criteria may be set up.

All SMV proposals have a set deadline. When it is reached, accumulated votes are counted, the decision is made, and the proposal pass.

If, however, a majority of 50% + 1 vote is reached early, the proposal passes immediately.

"},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/#smv-in-gosh","title":"SMV in GOSH","text":"

In GOSH one vote is one token.

"},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/#tokens-and-karma","title":"Tokens and Karma","text":"

The total supply of tokens is set when a DAO is created.

A DAO's first user automatically gets 20 DAO tokens and 20 Karma.

Karma is the amount of tokens (upper limit) within which a DAO member can vote.

Karma is either granted by a DAO decision upon member acceptance or earned through repository contribution. This determines the reputation of a DAO member. The Karma can be changed only by voting.

See here for more information.

"},{"location":"on-chain-architecture/organizations-gosh-dao-and-smv/#voting","title":"Voting","text":"

If several members jointly vote for a proposal with 50% + 1 token of the Global Karma Count of a DAO then the proposal passes early.

Global Karma Count is the total amount of Karma calculated by summing up the Karma of all DAO members at the time of the proposal creation.

If no one objects to a proposal for the duration of its voting period, 10% of the Global Karma Count is enough, but the proposal will only pass at the end of the voting period.

If votes are split, and neither side achieves 50% + 1 token early, the proposal completes at the end of the voting period and the result is calculated according to the SMV diagram above.

"},{"location":"working-with-gosh/anytree-firewall-for-telepresence/","title":"AnyTree Firewall for Telepresence","text":""},{"location":"working-with-gosh/anytree-firewall-for-telepresence/#overview","title":"Overview","text":"

The GOSH AnyTree Firewall integration with Telepresence is designed to make sure everything developed with Telepresence for Docker will be identically reproduced with every build, regardless of other changes made in the development process. The integration tool provides an additional security measure, so developers can build software faster and with confidence.

Part of the GOSH AnyTree Firewall is the \u2018Deep SBOM\u2019 - a tool describing not only what, but also how something was built, and uses GOSH Anytree Builder to safely build reproducible containers in an isolated environment.

GOSH AnyTree Firewall is currently in Beta testing stages on Linux only, but will be available on other platforms and Docker Desktop in the near future.

"},{"location":"working-with-gosh/anytree-firewall-for-telepresence/#quick-start","title":"Quick start","text":""},{"location":"working-with-gosh/anytree-firewall-for-telepresence/#for-linux","title":"for Linux","text":"

  1. Install Git Remote Helper using the installation script

    wget -O - \\\nhttps://raw.githubusercontent.com/gosh-sh/gosh/dev/install.sh \\\n| bash -s\n

    Checking the installation results.

  2. Install GOSH AnyTree using the installation script

    wget -O - \\\nhttps://raw.githubusercontent.com/gosh-sh/gosh-build-tools/dev/install.sh \\\n| bash -s\n

    You can check installation by running:

    gosh anytree --help\n

  3. Install Kubernetes with Telepresence the Traffic Manager

    Warning

    We need to return docker's context to default.

    docker context use default\n

    To see all available docker's contexts type:

    docker context list\n

  4. Start Telepresence with AnyTree Firewall

    telepresence intercept [OPTIONS] --docker-build \\\ngosh://0:0d5...e92c/<your_dao>/<your_repo>#<commit_or_branch_or_tag> \\\n<k8s_pod_name>\n
"},{"location":"working-with-gosh/anytree/","title":"AnyTree","text":""},{"location":"working-with-gosh/anytree/#overview","title":"Overview","text":"

GOSH introduces AnyTree \u2014 a software deployment system built to guarantee the security of your software supply chain

With AnyTree, any mutations of your code, down to every dependency, as well as operations, including builds and every artifact, are logged, timestamped, signed, and verified when used on GOSH

Deep SBOM extends the SBOM surface to include all build environments. It is impossible to inject malicious commits backwards on GOSH and miss dependency tampering during the CI/CD process when using Deep SBOM. Integrating GOSH Builder with AnyTree proves builds on a developer machine and a server (or a cloud) are identical

AnyTree utilizes standard Docker Containers secured by GOSH AnyTree Builder and is currently available as Beta on Linux and is coming soon to Windows and macOS.

As the result of his work will be the creation of a binary file of project. It is describing not only what, but also how something was built.

Info

The current version of AnyTree only supports Linux.

"},{"location":"working-with-gosh/anytree/#installation-anytree","title":"Installation AnyTree","text":"

Before installing AnyTree, you must already have the Git Remote Helper installed.

If you have Linux you can use these installation methods:

"},{"location":"working-with-gosh/anytree/#install-anytree-using-the-installation-script","title":"Install AnyTree using the installation script","text":"
wget -O - https://raw.githubusercontent.com/gosh-sh/anytree/dev/install.sh | bash -s\n
"},{"location":"working-with-gosh/anytree/#install-anytree-from-source","title":"Install AnyTree from source","text":"

  1. Prerequisites:

    • Rust v1.66+
    • Protobuf Compiler
    • git
    • make

  2. Clone AnyTree repository

  3. Run make install to build GOSH anytree tool

"},{"location":"working-with-gosh/anytree/#setup-a-gosh-project","title":"Setup a GOSH project","text":"

You need a GOSH repository. If you haven't used a GOSH-repository you can upload your github-repository to GOSH through onboarding or create a GOSH-account and create a new one.

Go to your GOSH-repository you project

and run:

gosh init\n
"},{"location":"working-with-gosh/anytree/#generation-sbom-file","title":"Generation SBOM file","text":"

AnyTree builds the artifacts uses SBOM file that allows developers to see what they built and why and reproduce the same result.

To create artifacts, you will need an SBOM file created according to the Cyclone DX specification

Info

The example file can be viewed here: https://github.com/gosh-sh/anytree/blob/dev/tools/python/sbom.json

If you have a Rust project, you can generate an SBOM file using the script generate-sbom.py (scripts for other programming languages will coming soon)

Note

either copy script to your cargo project and run python3 generate-sbom.py or check and configure variables in script

Prerequisites:

  • Docker
  • Python3 with pip (required to generate a SBOM-file)

To generate a SBOM file for a Rust project, you can use the script generate-sbom.py

Info

If necessary, install the dependencies for the script to work. Run in the folder where the script is located:

pip3 install -r requirements.txt\n

Possible options are described in the help:

python3 generate-sbom.py --help\n
usage: generate-sbom.py [-h] [--cargo-lock CARGO_LOCK_PATH] [--cargo-toml CARGO_TOML_PATH] [--initial-sbom INITIAL_SBOM_PATH]\n                        [--sbom-output SBOM_OUTPUT_PATH] [--project-src PROJECT_SRC_PATH] [--project-commit PROJECT_COMMIT]\n                        [--project-url PROJECT_URL]\n\nGenerate software bill of materials (SBOM) for Rust project\n\noptions:\n-h, --help            show this help message and exit\n--cargo-lock CARGO_LOCK_PATH\n                        Path to Cargo.lock file. Default - ./Cargo.lock\n--cargo-toml CARGO_TOML_PATH\n                        Path to Cargo.toml file. Default - ./Cargo.toml\n--initial-sbom INITIAL_SBOM_PATH\n                        Optional. Path to initial SBOM JSON file if need to append existing SBOM. Default - initial-sbom.json. Will ignore\n                        if file doesn't exist.\n--sbom-output SBOM_OUTPUT_PATH\n                        Path to output SBOM JSON file. Default - sbom.json\n--project-src PROJECT_SRC_PATH\n                        Path to the Rust project source if not in root git directory. Not relates to local file system path. Relates to\n                        path inside repo structure. For example we can use v5_x/v5.1.0/git-remote-gosh which means https://github.com/gosh-\n                        sh/gosh/v5_x/v5.1.0/git-remote-gosh\n--project-commit PROJECT_COMMIT\n                        Commit of the project. Default - commit parsed with 'git rev-parse HEAD' command in dir where Cargo.lock is\n                        located.\n--project-url PROJECT_URL\n                        URL of the project's repository. Default - project URL parsed with 'git config --get remote.origin.url' command in\n                        dir where Cargo.lock is located.\n

For_example

Run the generation of the SBOM-file for the rust project Git Remote Helper latest version:

python3 ~/gs/generate-sbom.py --cargo-lock ~/gosh/v5_x/v5.1.0/git-remote-gosh/Cargo.lock --cargo-toml ~/gosh/v5_x/v5.1.0/git-remote-gosh/Cargo.toml --sbom-output ~/gosh/v5_x/v5.1.0/git-remote-gosh/sbom.json --project-src v5_x/v5.1.0/git-remote-gosh\n

The script downloads all dependencies specified in cargo.lock, counts all hashes and the generated sbom.json will be placed in the root folder of the project.

After running the script you should get the following output at the end:

Updated SBOM written to /home/user/gosh/v5_x/v5.1.0/git-remote-gosh/sbom.json\n

And generated sbom.json file in the following format https://github.com/gosh-sh/anytree/blob/dev/tools/python/sbom.json

"},{"location":"working-with-gosh/anytree/#working-with-anytree","title":"Working with AnyTree","text":"

run:

anytree build sbom.json\n

As a result, a binary file of project will be created and you should get similar output at the end:

Successfully copied 15.8MB to /home/user/.cache/anytree/builder/anytree-builder-5aba4439-2642-4b7f-bc3c-affd8c9839fd/target\n

And your artifacts will be accessible in this folder

If the hash that was calculated when creating the SBOM file differs from the hash that AnyTree checks, an error like this will be output:

Info

For more information about the options, see the Help section:

anytree --help\n

Info

The developer can put the generated specification in his repository for further verification.

"},{"location":"working-with-gosh/anytree/#options","title":"Options","text":""},{"location":"working-with-gosh/anytree/#build","title":"build","text":"

Print help

-h, --help\n

Print version

-V, --version\n
"},{"location":"working-with-gosh/anytree/#known-issues","title":"Known issues","text":"

We would like to bring to your attention a memory limitation concern that has been identified when working with large repositories. Under certain circumstances, you might encounter memory depletion issues which could potentially affect your work efficiency and system performance. We deeply apologize for any inconvenience this may cause.

Rest assured, we are committed to promptly resolving this issue. Our dedicated team of developers has already initiated efforts to address this, with an anticipated resolution targeted within the next two weeks. We appreciate your patience and understanding as we continue to enhance and streamline our services.

"},{"location":"working-with-gosh/anytree/#contact-us","title":"Contact us","text":"

If you have any questions or issues using GOSH AnyTree, please email us at help@gosh.sh

"},{"location":"working-with-gosh/build-and-sign-images/","title":"Build and Sign Images","text":"

With the Help of a custom Buildkit, you can build your Docker images directly from GOSH, and sign them so they can be verified by the GOSH docker extension.

Instead of a dockerfile, this Buildkit uses a special goshfile to ensure code is taken from GOSH.

"},{"location":"working-with-gosh/build-and-sign-images/#how-to-build-from-gosh","title":"How to build from GOSH","text":""},{"location":"working-with-gosh/build-and-sign-images/#1-setup-environment-variables-with-your-wallet","title":"1. Setup environment variables with your wallet","text":"
export WALLET=...\nexport WALLET_PUBLIC=...\nexport WALLET_SECRET=...\n

You received these when creating your account in GOSH Web or Docker Extension.

"},{"location":"working-with-gosh/build-and-sign-images/#2-create-goshfileyaml-this-specification-is-a-work-in-progress-and-subject-to-change","title":"2. Create goshfile.yaml (this specification is a work in progress and subject to change)","text":"
# syntax=teamgosh/goshfile\n\napiVersion: 1\nimage: bash:latest\nsteps:\n  - name: print date\n    run:\n      command: [\"/usr/local/bin/bash\"]\n      args:\n        - -c\n        - >-\n          (date +'%s %H:%M:%S %Z'; echo \"Hi there\") | tee /message.txt\n
"},{"location":"working-with-gosh/build-and-sign-images/#3-now-to-build-an-image","title":"3. Now to build an image","text":"
TARGET_IMAGE=\"my-target-super-image\"\n\ndocker buildx build \\\n    --push \\\n    --label WALLET_PUBLIC=\"$WALLET_PUBLIC\" \\\n    -f goshfile.yaml \\\n    -t \"$TARGET_IMAGE\" \\\n    .\n\n## OR more complicated way via buildctl directly\n# # run buildkitd containered\n# docker run -d --name buildkitd --privileged moby/buildkit:latest\n# # build image\n# buildctl --addr=docker-container://buildkitd build \\\n#         --frontend gateway.v0 \\\n#         --local dockerfile=. \\\n#         --local context=. \\\n#         --opt source=teamgosh/goshfile \\\n#         --opt filename=goshfile.yaml \\\n#         --opt wallet_public=\"$WALLET_PUBLIC\" \\\n#         --output type=image,name=\"$TARGET_IMAGE\",push=true\n

Here we parameterize the image build process with our wallet credentials.

"},{"location":"working-with-gosh/build-and-sign-images/#4-sign-the-image-wip-will-be-part-of-build-image-process","title":"4. Sign the image (WIP: will be part of build image process)","text":"
docker pull $TARGET_IMAGE # buildkit push image directly to the registry and it doesn't persist locally\n\n# my-target-super-image's sha256\nTARGET_IMAGE_SHA=`docker inspect --format='{{index (split (index .RepoDigests 0) \"@\") 1}}' $TARGET_IMAGE`\n\ndocker run --rm teamgosh/sign-cli sign \\\n    -n <blockchain_network e.g. https://gra01.net.everos.dev> \\\n    -g $WALLET \\\n    -s $WALLET_SECRET \\\n    $WALLET_SECRET \\  # signer secret can be different\n    $TARGET_IMAGE_SHA\n

Now you have signed the image.

"},{"location":"working-with-gosh/build-and-sign-images/#you-can-check-the-image-signature-with-your-public-key","title":"You can check the image signature with your public key","text":"
TARGET_IMAGE=\"my-target-super-image\"\n# or IMAGE_NAME=\"my_repo:5000/library/my-target-super-image:latest@sha256:...\"\n\nWALLET_PUBLIC=$(docker inspect --format='{{.Config.Labels.WALLET_PUBLIC}}' $TARGET_IMAGE)\n\nTARGET_IMAGE_SHA=$(docker inspect --format='{{index (split (index .RepoDigests 0) \"@\") 1}}' $TARGET_IMAGE)\n\ndocker run --rm teamgosh/sign-cli check \\\n    -n <blockchain_network e.g. https://gra01.net.everos.dev> \\\n    $WALLET_PUBLIC \\\n    $TARGET_IMAGE_SHA\n

NOTE: Anyone who has the image can validate it. The image has label WALLET_PUBLIC and image's sha256 also publicly available.

Additionally, signer tool can deploy a proof contract to GOSH blockchain that will be publicly available to all wanting to verify the image they pull from dockerhub.

"},{"location":"working-with-gosh/build-and-sign-images/#examples","title":"Examples","text":"

Publisher example

"},{"location":"working-with-gosh/docker-extension/","title":"Docker Extension","text":"

GOSH Docker Extension implements GOSH repository management and image verification as the newest feature of Docker - a Docker Extension.

You will be able to create your GOSH account and Decentralized Autonomous Organization (DAO), set up and manage repositories through a graphical interface directly in Docker Desktop. Repositories stored in GOSH can then be interacted with like any regular remote repository, with a few small configurations to git, making decentralized code management easily available to anyone.

Images built directly from code stored in GOSH can be verified as GOSH-sourced in the Docker Extension, ensuring security of the software supply chain. You will always know what code specifically is running in your containers, and that none of it was tampered with during build.

"},{"location":"working-with-gosh/docker-extension/#installation","title":"Installation","text":"

Get the latest Docker Desktop (4.8.0 or later), which supports extensions.

Launch the Desktop, go to the Extensions section, and click Add Extensions.

Select and install Gosh extension on the marketplace.

"},{"location":"working-with-gosh/docker-extension/#create-account","title":"Create account","text":"

Open the Gosh verified images extension in Docker Desktop. If you have a Gosh account, then enter your own one seed phrase, if not, you can create it by clicking on the link app.gosh.sh.

To get started with GOSH, you need an active Github-account.

Click Create account with Github.

After click Authorize gosh-sh

In the list of organizations received from Github, click on the organization

and select repositories for upload into Gosh

Do this for each organization for which you want to upload repositories to Gosh.

Danger

After registering on GOSH you will not be able to return to this step in this release.

This will be available later

Info

If you want other GOSH users to be able to find you by your email, give permission.

Then click Upload

\u200bIf you are familiar with blockchain, you know what to do with a seed phrase.

If you're new to blockchain, all you need to know, is that this is the key to your account and all your assets on GOSH. Your public key, which can identify you on the blockchain and the secret key you'll use to sign your actions can always be calculated from your seed phrase.

To create the GOSH-account, the seed phrase will be generated for you.

Danger

Write your seed phrase down and store it somewhere safe, and never share it with anyone. Avoid storing it in plain text or screenshots, or any other non-secure way. If you lose it, you lose access to your assets. Anyone who gets it, gets full access to your assets.

Info

Your seed phrase will be used to log into GOSH.

Once you have written down your seed phrase, click Continue.

Then choose a short nickname or create a new one and click Create account.

Warning

The Usernames must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

Info

When the repositories are uploaded, a notification will be sent to your email.

Follow the link in the email.

To log into Gosh open the Gosh verified images extension in Docker Desktop and enter the saved seed phrase and click Sign in.

GOSH will ask you to set up a PIN code:

And unlock with PIN code.

Once done, you will be logged into GOSH.

Info

The GOSH DAO Bot will be a member of your organization. In the future, it will track changes in your repositories on Github and synchronize them with Gosh.

The Bot can be removed from the DAO members by voting. But then there will be no automatic synchronization of repositories in GOSH if they have been changed in Github.

"},{"location":"working-with-gosh/docker-extension/#create-organization","title":"Create Organization","text":"

The Organizations page will open after your account is created.

Click New organization button in the Organizations section.

\u200bInput Organization name and members.

Warning

The Organizations name must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

The first mandatory member is the creator, identified by their username.

The second member is the GOSH DAO Bot. It will synchronize repositories with github on Gosh.

Any other members can be added at creation - just enter the username of each member in new line.

At any later time the list of members can be expanded by voting.

Click Create organization.

\u200bOnce created, your organization will appear in the organization list. Click on it to continue.

"},{"location":"working-with-gosh/docker-extension/#create-repository","title":"\u200bCreate Repository","text":"

To create a repository in your organization click Create in the Repositories section.

Enter repository name and click Create repository.

Warning

The repository name must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

"},{"location":"working-with-gosh/docker-extension/#create-branch","title":"Create Branch","text":"

Repository is created with default main branch. To create another branch, click on the branches counter.

Select the branch to be forked, enter new branch name, and click\u200b Create branch.

Warning

The branch name must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

Once the branch is created, it will appear in the branches list.

Switch to it via drop down list.

"},{"location":"working-with-gosh/docker-extension/#create-file","title":"Create File","text":"

To create file, click Add file button.

Enter file contents and name. MD syntax is supported for preview.

Once done, scroll down to Commit data, enter commit info and click Commit changes button.

Commit status will be displayed below.

If the branch you are working in requires no vote to commit to, the changes will be commited immediately/ Otherwise a DAO vote will be initiated.

"},{"location":"working-with-gosh/docker-extension/#create-pull-request","title":"Create Pull Request","text":"

Click on the Pull requests tab and set up the pull request: what branch to merge from and to.

View the diff, scroll down to Commit data, enter details and click Commit changes.

Info

When merging into the main branch, and in some other cases (depending on DAO setup), a DAO proposal will be initiated by trying to commit.

Organization Tokens have to be sent to the DAO Soft Majority Vote contract to start a proposal for DAO members to vote on.

"},{"location":"working-with-gosh/docker-extension/#voting-in-smv-soft-majority-vote","title":"Voting in SMV (Soft Majority Vote)","text":"

Actions that require a DAO vote, such as merging into main, are performed by creating a proposal.

To create a proposal, or to vote for a proposal someone else created, some of your tokens need to be allocated to SMV (once the proposal is completed), you can get them back.

For example, to merge into main, create a pull request from some other branch. A proposal will be generated and will appear on the Events page.

Open the proposal and review the contents.

The voting period is indicated on the proposal page. This is the time allotted for voting. Unless a decisive majority of >50% is achieved early, votes will be counted at the end of this period.

Voting statistics are located under the status Running. The green and red counters indicate how many tokens have been used at the moment to vote for and against the proposal.

The green indicator in the top right corner means that the SMV smart contracts are not currently processing any new votes. It turns red when the SMV contracts are busy.

Once you have made a decision, input the amount of tokens, select Approve or Reject and click Vote for proposal. Vote registration can take a bit of time.

Info

As per the rules of Soft Majority Voting, to have a proposal approved early, you need at least 50% of the total supply of tokens in the repository + 1 token used to vote for the proposal.

For example, in a repository with two members, where the total supply of tokens is 200, 101 token needs to be used to instantly approve a proposal. Thus with every member holding 100 tokens a proposal can never be instantly completed without the participation of members other than the proposal's author.

On the other hand, so as not to depend on all members of an organization to vote, soft majority vote will complete with an approval at the end of the voting period, if 10% of the total token supply were used to vote for, and no one voted against.

The more tokens are sent against the proposal, the higher the approving amount needs to be (up to 50% of the total supply + 1 token) for the proposal to pass.

Other members of the Organization, who have transferred their tokens to SMV, will be able to vote for the proposal on this page in their own accounts.

Info

Currently, even in organizations with a single member, voting still takes place when a proposal is created. 51 tokens are needed to approve a proposal in such a repository.

Once a majority has been reached early, or the voting period ended and the soft majority vote result was decided, the proposal completes and the proposed action is performed.

"},{"location":"working-with-gosh/docker-extension/#view-public-key","title":"View Public Key","text":"

A user needs to know their public key, for example, when joining an organization.

To view your public key go to the main page of your account and click Settings.

Danger

Avoid storing your private key and seed phrase in plain text or screenshots, or any other non-secure way. If you lose it, you lose access to your assets. Anyone who gets it, gets full access to your assets.

"},{"location":"working-with-gosh/docker-extension/#add-members-to-organization","title":"Add Members to Organization","text":"

Go to Organization Settings to the Members tab to manage your organization.

To add member enter the username of each candidate from a new line and click Add members button.

"},{"location":"working-with-gosh/docker-extension/#whats-next","title":"What's next?","text":"

Set up Git Remote Helper and continue working with your repository.

You'll need your wallet credentials. Go to the main page of your account and click Settings. Scroll down and copy them.

To view the command to clone your repo, click the Clone button on your repo page.

"},{"location":"working-with-gosh/docker-extension/#update-docker-extension","title":"Update Docker Extension","text":"

When you need to update the Gosh verified images extension in Docker Desktop, you will see an orange indicator.

To update the extension, go to the menu and select Manage

\u0412 \u043e\u0442\u043a\u0440\u044b\u0432\u0448\u0435\u0439\u0441\u044f \u0432\u043a\u043b\u0430\u0434\u043a\u0435 \u043d\u0430\u0436\u043c\u0438\u0442\u0435 Update

After downloading the update, click Open

"},{"location":"working-with-gosh/git-remote-helper/","title":"Git Remote Helper","text":"

Git Remote Helper (this is a standard mechanism for working with non-standard code storages) is a git-client helper to interact with remote repositories hosted on the GOSH blockchain.

"},{"location":"working-with-gosh/git-remote-helper/#installation","title":"Installation","text":""},{"location":"working-with-gosh/git-remote-helper/#install-helper-using-the-installation-script","title":"Install helper using the installation script","text":"

If you have macOS or Linux, you can use this installation method.

wget -O - \\\nhttps://raw.githubusercontent.com/gosh-sh/gosh/dev/install.sh \\\n| bash -s\n

Checking the installation results.

"},{"location":"working-with-gosh/git-remote-helper/#install-helper-using-the-installation-package","title":"Install helper using the installation package","text":"

If you have a Debian-based system, use the installation from the package:

wget https://github.com/gosh-sh/gosh/releases/download/4.1.20/git-remote-gosh-amd64.deb\n

then

sudo dpkg -i git-remote-gosh-amd64.deb\n

Checking the installation results.

If you have Windows, you can use the installation methods below.

"},{"location":"working-with-gosh/git-remote-helper/#install-helper-from-binary-releases","title":"Install helper from binary releases","text":"

  1. Follow the link and download the version of the Git Remote Helper for the required operating system (macOS, Linux, Windows).

  2. Extract files from tar-file

    (e.g. for Linux x64):

    tar xvf git-remote-gosh-linux-amd64.tar\n

  3. Move binary files to any searchable path

    (e.g. /usr/local/bin):

    mv git-remote-gosh /usr/local/bin\n
    mv git-remote-gosh_v?_0_0 /usr/local/bin\n

    and move dispatcher.ini to ~/.gosh/ folder:

    mkdir ~/.gosh || mv dispatcher.ini ~/.gosh/\n

Checking the installation results.

"},{"location":"working-with-gosh/git-remote-helper/#install-helper-from-source","title":"Install helper from source","text":"

  1. Prerequisites:

    • Rust v1.66+
    • Protobuf Compiler
    • git
    • make
    • gcc

    • openssl

      Note

      For Windows users:

      make sure that the appropriate Perl version is installed for your build environment.

  2. Clone gosh repository.

  3. Go to the gosh directory

      cd gosh\n

    Then build all the necessary components:

      cd v1_x/git-remote-gosh && make install\n
      cd v2_x/git-remote-gosh && make install\n
      cd v3_x/git-remote-gosh && make install\n
      cd v4_x/git-remote-gosh && make install\n
      cd gosh-dispatcher && make install\n

    Info

    After building all the components, the finished binary files will be located in the ~/.cargo/bin directory.

    You need to create a configuration file for the Git Remote Helper: ~/.gosh/dispatcher.ini

    with the following content:

      git-remote-gosh_v1_0_0\n
      git-remote-gosh_v2_0_0\n
      git-remote-gosh_v3_0_0\n
      git-remote-gosh_v4_0_0\n
"},{"location":"working-with-gosh/git-remote-helper/#verifying-the-installation-result","title":"Verifying the installation result","text":"

You can check the correctness of the configuration file by running the command:

git-remote-gosh dispatcher_ini\n

As a result, you will see the following:

Run the following command to make sure it's available:

which git-remote-gosh\n

If the Git Remote Helper is not available, then add path with git-remote-gosh

for availability via $PATH:

export PATH=~/.gosh:$PATH\n
"},{"location":"working-with-gosh/git-remote-helper/#setup-user-account","title":"Setup user account","text":"

When creating your account in GOSH Web or Docker extension you received a GOSH wallet address and keys.

To be able to push to Gosh repositories, you need to set up these credentials for Git Remote Helper.

The Git Remote Helper expects that the wallet credentials are in the file ~/.gosh/config.json or in the file specified in the environment variable GOSH_CONFIG_PATH,

for example:

{\n  \"primary-network\": \"mainnet\",\n  \"networks\": {\n    \"mainnet\": {\n      \"user-wallet\": {\n        \"profile\": \"USERNAME\",\n        \"pubkey\": \"655b120c996b4f69c686cb3b769fbdfa0141006ce6a88dc012bf323c30265924\",\n        \"secret\": \"6bdc38c0ecd6f74399f6b8ff2486f0e2abb32fca712caf3e4a47ef4a2634c4e8\"\n      },\n      \"endpoints\": [\n        \"https://bhs01.network.gosh.sh\",\n        \"https://eri01.network.gosh.sh\",\n        \"https://gra01.network.gosh.sh\"\n      ]\n    }\n  }\n}\n
"},{"location":"working-with-gosh/git-remote-helper/#use-gosh-as-remote","title":"Use GOSH as remote","text":"

For correct usage of the helper you should refer to remote in the following form:

gosh://SYSTEM_CONTRACT_ADDRESS/DAO_NAME/REPO_NAME\n
"},{"location":"working-with-gosh/git-remote-helper/#set-remote-for-existing-local-repository","title":"Set remote for existing local repository","text":"

\u0421opy the URL to configure the remote from the web interface, after creating a repository on GOSH.

Info

The address of the System Contract depends from the GOSH version of contracts.

for example setup for version 3:

git remote add origin gosh://0:8b1cbcd8b08a6c384e0db0d3513898d36203fced3e141a7f6b99cc580738fc22/my-DAO/my-repo\n
"},{"location":"working-with-gosh/git-remote-helper/#clone-repository","title":"Clone repository","text":"
git clone gosh://0:8b1cbcd8b08a6c384e0db0d3513898d36203fced3e141a7f6b99cc580738fc22/my-DAO/my-repo\n
"},{"location":"working-with-gosh/git-remote-helper/#ever-sdk-protocol","title":"Ever SDK protocol","text":"

By default, the SDK in Git Remote Helper uses the WebSocket protocol. If for some reason this does not suit you (for example, you are using Alpine Linux), then set the environment variable GOSH_PROTO to http

export GOSH_PROTO=http\n
"},{"location":"working-with-gosh/gosh-ai/","title":"GOSH.AI","text":""},{"location":"working-with-gosh/gosh-ai/#overview","title":"Overview","text":"

GOSH.AI will help you simplify the workflow of writing code.

Info

GOSH.AI only supports code for asynchronous Solidity at the moment

Now one person with technical knowledge can manage and deliver complex software in very little time.

GOSH.AI will create all project files in the repository on the blockchain and write code, tests and deploy scripts.

The generated code is immutable, has timestamps and is stored in a decentralized way.

"},{"location":"working-with-gosh/gosh-ai/#working-with-goshai","title":"Working with GOSH.AI","text":"

Start your acquaintance with GOSH.AI from this page

Click the button Try GOSH AI

If you already have a GOSH account, then go here:

If you are a new user, follow these instructions:

"},{"location":"working-with-gosh/gosh-ai/#start-for-new-users","title":"start for new users","text":"

If you haven't a GOSH account, then click Create account

To start with GOSH.AI we need a Spec.md file with a description of your project.

You can upload and edit later it by clicking on Attach Spec.md file

or create in the form that opens

Then a form for sending an prompt is activated on the right. Enter the name of the repository that will be created after processing the request.

You can also specify an email address (an email will be sent to it after the repository is downloaded)

After sending the prompt, the bot GOSH.AI will create the DAO for you, where your repository will be uploaded.

You can go to your GOSH.AI organization by clicking on it

Create a PIN code to log in to GOSH.AI

After uploading the repository, you can continue working with it

"},{"location":"working-with-gosh/gosh-ai/#start-for-gosh-users","title":"start for GOSH users","text":"

If you are a GOSH user, then click Log in with GOSH

and enter your seed phrase

To start with GOSH.AI we need a Spec.md file with a description of your project.

You can upload and edit later it by clicking on Attach Spec.md file

or create in the form that opens

Then a form for sending an prompt is activated on the right.

Select an organization or create new

and enter the name of the repository that will be created after processing the request.

Then click Develop code

After sending the prompt, the bot GOSH.AI will create the DAO for you, where your repository will be uploaded.

You can go to your GOSH.AI organization by clicking on it

Create a PIN code to log in to GOSH.AI

After uploading the repository, you can continue working with it

"},{"location":"working-with-gosh/gosh-ai/#working-with-the-result","title":"working with the result","text":"

After creating and processing the repository, you can enter into it and see what happened

You can view the received files, leave comments on the files.

After reviewing the files, send them to GOSH.AI for processing click by Finish review, request changes

after processing the comments, GOSH.AI creates a proposal with the modified files

You can view the event on the DAO tab:

Check out the results of GOSHA's work

If you are not satisfied with the result of the work, then you can comment on the diffs

in the section Your vote select Reject and write a comment on the vote

Warning

the voting comment must contain a certain number of characters.

then click Send vote

GOSH.AI will make changes to the code taking into account the comments.

Info

You can return to the repository, leave comments and create suggestions until you are satisfied with the result.

When the result of GOSH.AI work fully satisfies everyone, you can accept proposal

After accepting the proposal, you will receive a ready-made code.

"},{"location":"working-with-gosh/gosh-web/","title":"GOSH Web","text":"

GOSH Web is also a good way to get started with GOSH.

It implements GOSH repository management as a simple web interface.

You will be able to create your GOSH account and Decentralized Autonomous Organization (DAO), set up and manage repositories. Repositories stored in GOSH can then be interacted with like any regular remote repository, with a few small configurations to git, making decentralized code management easily available to anyone.

"},{"location":"working-with-gosh/gosh-web/#working-with-account","title":"Working with account","text":""},{"location":"working-with-gosh/gosh-web/#create-account","title":"Create account","text":"

To get started with GOSH, you need an active Github-account.

Click Create account with Github to start registering on GOSH

After click Authorize gosh-sh

Info

The special GOSH DAO Bot will help with registration in Gosh. It will deploy your DAO and upload your selected repositories to GOSH.

In the list of organizations received from Github, click on the organization

and select repositories for upload into Gosh.

Do this for each organization for which you want to upload repositories to Gosh.

Danger

After registering on GOSH you will not be able to return to this step in this release.

This will be available later

Info

If you want other GOSH users to be able to find you by your email, give permission.

Then click Upload

\u200bIf you are familiar with blockchain, you know what to do with a seed phrase.

If you're new to blockchain, all you need to know, is that this is the key to your account and all your assets on GOSH. Your public key, which can identify you on the blockchain and the secret key you'll use to sign your actions can always be calculated from your seed phrase.

To create the GOSH-account, the seed phrase will be generated for you. If you already have the GOSH-account, click Clear and enter your own one seed phrase.

Info

Your seed phrase will be used to log into GOSH.

Danger

Write your seed phrase down and store it somewhere safe, and never share it with anyone. Avoid storing it in plain text or screenshots, or any other non-secure way. If you lose it, you lose access to your assets. Anyone who gets it, gets full access to your assets.

Once you have written down your seed phrase, click Continue.

Then choose your username in GOSH. This is your unique cryptographic identifier in Gosh.

Danger

Please note that after creating your username it will be impossible to change it in the future.

if your username is already taken, please choose another one.

Warning

The username must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

And click Create account.

When entering the GOSH will ask you to set up a PIN code:

Info

Set a new PIN code for each new session.

And unlock with PIN code.

Warning

If the name of the organization or repository already exists, you will receive the message. Change the name, click save changes and confirm the action with a pin code.

The Organizations page will open after your account is created.

Info

When the repositories are uploaded, a notification will be sent to your email.

Follow the link in the letter.

Enter the saved seed phrase and click Sign in.

Also set up a PIN code and unlock with PIN code.

"},{"location":"working-with-gosh/gosh-web/#view-public-key","title":"View Public Key","text":"

A user needs to know their public key, for example, when joining an organization.

To view your public key go to the main page of your account and click Settings.

Danger

Avoid storing your private key and seed phrase in plain text or screenshots, or any other non-secure way. If you lose it, you lose access to your assets. Anyone who gets it, gets full access to your assets.

"},{"location":"working-with-gosh/gosh-web/#working-with-dao","title":"Working with DAO","text":"

\u200bOnce created, your organization will appear in the organization list. Click on it to continue.

The first mandatory member is the GOSH DAO Bot. It will synchronize repositories with github on Gosh.

The second member is the creator, identified by their username.

At any later time the list of members can be expanded by voting.

"},{"location":"working-with-gosh/gosh-web/#create-organization-dao","title":"Create Organization (DAO)","text":"

Click \u0421reate new DAO button in the Organizations section.

On the DAO settings page that opens, input:

  • Organization name

    Warning

    The Organizations name must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

  • Organization picture

    The icon will be generated automatically.

  • Theme tags

    You can add up to 3 tags separated by spaces. According to them, GOSH users will be able to find your DAO.

  • Description

    A short description that can be seen on the DAO tab under the heading.

    The extended description can be added to the Readme file into _index system repository from the Overview page after creating the DAO.

  • Total supply

    You also need to enter the number of tokens that will be issued for this DAO.

    The maximum value of the total supply can be the number 2^128.

  • Allow mint

    This is a permission to emission DAO tokens. It is enabled by default.

    In the future, it will be possible to disable the emission of DAO tokens through proposal and voting in the Settings section.

    Warning

    If you uncheck this option, the number of tokens issued for this DAO will be capped to the number entered during the initial setup

Click Create organization.

The DAO tab will open after its creation.

"},{"location":"working-with-gosh/gosh-web/#overview-of-the-dao","title":"Overview of the DAO","text":"

All information about your DAO and its activities will be displayed here.

Information about DAO assets is displayed on the right.

  • DAO total supply - the total issue of tokens of this DAO.

  • DAO reserve - unallocated tokens.

    Push on the Send button, you will create an proposal to transfer tokens from the DAO reserve to the DAO member.

    Push on the Mint button, you will create an proposal to mint additional tokens for this DAO.

  • Your wallet balance - the amount of tokens you have in this DAO.

    Info

    When creating a DAO, 20 tokens from the DAO reserve will be issued to your wallet.

    Push on the SEND button, you will to transfer your tokens to the DAO reserve or to the GOSH user.

  • Karma - the amount of tokens (upper limit) within which a DAO member can vote.

    It is assigned when accepted as a member of the DAO. This determines the reputation of the DAO member. The Karma can be changed only by voting.

  • Members - total number of DAO members.

    From here you can also send an invitation to become a member of the DAO.

  • Recent proposals

Information and status of the recent proposals will be displayed in this section. Click on the name of the proposal you can go to the event page and vote.

  • In the Repositories section, you can quickly find or create a repository.

  • DAO system repository

The _index is a DAO system repository that is created automatically.

Info

After creating the DAO, it will already contain a text file with a brief description of your DAO, which you added in the settings earlier.

To add a README for your DAO, go to the _index repository or follow the link in this section.

Make sure you are in the main branch and click Add file button.

Enter file contents and name.

You can use Preview if needed. MD syntax is supported for preview.

After scroll down and enter commit info:

  • Commit description - you can add a description of your commit;

  • Commit tags - this is a mutable pointer of the commit. You can add the tag to quickly go to this commit and see what has been done;

  • Select a task - if you want to attach your commit to the solution of the Task, then select the desired task from the list;

  • and add Assigners, Reviewers and Managers if necessary.

If a Task has been selected, check the Create proposal box.

And click Commit changes

After that a proposal to the pull request will be created.

When the proposal to the pull request is accepted, the description of the DAO will appear on the Overview tab.

"},{"location":"working-with-gosh/gosh-web/#dao-set-up","title":"DAO Set up","text":"

You can continue with the initial setup the DAO in the Settings tab.

In the Token Setup section, you can create a proposal to ban the issue of tokens from this DAO by unchecking the box.

Warning

After the ban on the issue of DAO tokens, it will be impossible to allow the issue.

In the Proposal setup section you can enable/disable the option to view the voting results before it ends.

And also allow or prohibit discussion when working with proposals.

In the Members setup section you can grant or deny external users the ability to request membership in this DAO.

Then add a comment on changing the settings for other members of the DAO and click Save changes and start proposal.

Info

All settings and actions in the DAO will be performed the voting procedure.

"},{"location":"working-with-gosh/gosh-web/#upgrade","title":"Upgrade","text":""},{"location":"working-with-gosh/gosh-web/#basic-information","title":"Basic information","text":"

When a new version of contracts is released in GOSH, the user needs to upgrade their contracts.

The upgrade is initiated by the proposal.

Warning

Make sure that the proposal for such an update has not yet been created.

Info

Complete all proposle before starting the upgrade. All uncompleted proposals will be rejected and will not be transferred to the upgraded version.

You can see a message about the availability of a new version and an invitation to update in the DAO.

Depending on which version you currently have, choose the appropriate update method.

It is recommended to upgrade to the latest version.

Info

All token holders after upgrading the DAO must transfer their tokens from previous versions.

"},{"location":"working-with-gosh/gosh-web/#from-version-1-to-version-2","title":"From version 1 to version 2","text":"

You can switch to the Upgrade section from the new version message or go to the Settings tab.

Select the version you want to upgrade and click Create proposal for DAO upgrade:

You will be taken to the DAO tab with events.

After accepting the proposal, the procedure for updating your DAO will begin.

Then you need to update all the Repositories.

To do this, go to their tab and click Get repositories

and then click Start repositories upgrade to create a proposal.

On the DAO tab, vote for the proposal to create a repository.

After the proposal is accepted, the contract version will be upgraded.

"},{"location":"working-with-gosh/gosh-web/#from-version-2-to-version-3","title":"From version 2 to version 3","text":"

The Tasks were added in contracts version 2.

Uninitialized Tasks will not be migrated to the new version. You will need to create these tasks in the new version.

Warning

Before starting the update make sure that there are commits in the Tasks.

Go to the Settings tab or follow the link in the upgrade message.

Select the version you want to update and click Create proposal for DAO upgrade

You will be taken to the DAO tab with events.

Inside the event, you can get acquainted with the details of the proposal.

After accepting the proposals, the DAO update process will begin. Before continuing, you need to transfer your tokens.

To do this, go to the Overview tab in the Your wallet balance section and click Transfer from previous version.

You can also do this on the Members tab.

Then you need to update the DAO repositories and tags. To do this, click upgrade in the information message

and go to the repository uprade page. Click Get repositories.

Then click Start repositories upgrade to create a proposal.

The process will be displayed below:

As a result, you will be redirected to the DAO events page.

The details of the Multi proposal can be found at the event.

Then click tasks upgrade page in the information message

and click Start tasks upgrade on the page that opens.

You will be taken to the DAO tab with events.

After accepting the proposal, the tasks will be transferred from the previous version and the contract upgrade to version 3 will be completed.

"},{"location":"working-with-gosh/gosh-web/#from-version-3-to-version-4","title":"From version 3 to version 4","text":"

Uninitialized Tasks will not be migrated to the new version. You will need to create these tasks in the new version.

Warning

Before starting the update make sure that there are commits in the Tasks.

Go to the Settings tab or follow the link in the upgrade message.

Select the version you want to update and click Create proposal for DAO upgrade

You will be taken to the DAO tab with events.

Inside the event, you can get acquainted with the details of the proposal.

After accepting the proposals, the DAO update process will begin. Before continuing, you need to transfer your tokens.

Info

Starting from the 5th version, tokens are transferred automatically.

Warning

If, at the time of the upgrade, you still have tokens that were locked into voting in previous versions of the DAO, then these tokens will be transferred only after the expiration of the proposal.

If you have a DAO version lower than the 4th inclusive, then to transfer tokens go to the Overview tab in the Your wallet balance section and click Transfer from previous version.

You can also do this on the Members tab.

Then you need to update the DAO repositories and tags. To do this, click upgrade in the information message

and go to the repository uprade page. Click Get repositories.

Then click Start repositories upgrade to create a proposal.

The process will be displayed below:

As a result, you will be redirected to the DAO events page.

The details of the Multi proposal can be found at the event.

Then click tasks upgrade page in the information message

and click Start tasks upgrade on the page that opens.

You will be taken to the DAO tab with events.

After accepting the proposal, the tasks will be transferred from the previous version and the contract upgrade to version 4 will be completed.

"},{"location":"working-with-gosh/gosh-web/#proposals-and-voting-in-smv-soft-majority-vote","title":"Proposals and voting in SMV (Soft Majority Vote)","text":"

Actions that require a DAO vote are performed by creating a proposal.

Warning

To create an proposal, you must have at least 20 tokens on your wallet balance.

  • Create a pull request
  • Add branch protection
  • Remove branch protection
  • Add DAO member
  • Remove DAO member
  • Upgrade DAO
  • Delete task
  • Create task
  • Create repository
  • Add voting tokens
  • Add regular tokens
  • Mint DAO tokens
  • Disable minting DAO tokens
  • Change DAO member Karma

  • Multi proposal - includes several offers at once.

    For example: adding members to the DAO by another DAO member

  • Allow event discussions
  • Show event progress
  • Ask DAO membership allowance

To vote for the proposal, some of your tokens must be be allocated to SMV (once the proposal is completed), you can get them back.

Info

You can vote for a proposal only once.

For example, to merge into main, create a pull request from some other branch. A proposal will be generated and will appear on the DAO tab.

Open the proposal and review the contents.

The voting period is indicated on the proposal page. This is the time allotted for voting.

Unless a decisive majority of >50% Global Karma Count is achieved early, votes will be counted at the end of this period.

Info

Global Karma Count is the total amount of Karma calculated by summing up the Karma of all DAO members at the time of the proposal creation.

Once you have made a decision, input the amount of tokens, select Approve or Reject and click Vote for proposal. Vote registration can take a bit of time.

Info

As per the rules of Soft Majority Voting, to have a proposal approved early, you need at least 50% of the total supply of tokens in the repository + 1 token used to vote for the proposal.

For example, in a repository with two members, where the total supply of tokens is 200, 101 token needs to be used to instantly approve a proposal. Thus with every member holding 100 tokens a proposal can never be instantly completed without the participation of members other than the proposal's author.

On the other hand, so as not to depend on all members of an organization to vote, soft majority vote will complete with an approval at the end of the voting period, if 10% of the total token supply were used to vote for, and no one voted against.

The more tokens are sent against the proposal, the higher the approving amount needs to be (up to 50% of the total supply + 1 token) for the proposal to pass.

Other members of the Organization, who have transferred their tokens to SMV, will be able to vote for the proposal on this page in their own accounts.

Info

Currently, even in organizations with a single member, voting still takes place when a proposal is created. 51 tokens are needed to approve a proposal in such a repository.

Once a majority has been reached early, or the voting period ended and the soft majority vote result was decided, the proposal completes and the proposed action is performed.

"},{"location":"working-with-gosh/gosh-web/#working-with-tokens-and-karma","title":"Working with tokens and Karma","text":""},{"location":"working-with-gosh/gosh-web/#additional-minting-of-tokens-for-dao","title":"Additional minting of tokens for DAO","text":"

Warning

The option allowing the minting of DAO tokens must be enabled on the Settings tab in the Token Settings section.

Click on the Mint button on the right on the Overview tab in the DAO Reserve section. You will create an proposal to mint additional tokens for this DAO.

In the window that appears, enter the amount of tokens to emission and add a description of the DAO members. Then click Create proposal to mint tokens

After creating the proposal, you will be redirected to the DAO tab with events.

Inside the event, you can get details of proposal.

After the proposal is accepted, the changes will take effect.

"},{"location":"working-with-gosh/gosh-web/#additional-voiting-tokens-and-karma","title":"Additional voiting tokens and Karma","text":"

Any member of the DAO can send a request to change Karma. To do this, go to the Members tab and change the number of Karma and token balance of one or more DAO members, including for yourself.

Warning

To create an proposal, you must have at least 20 tokens on your wallet balance.

Warning

Be careful when distributing karma among the members of the DAO. Avoid the possibility of a preponderance in the votes of one of the DAO members. To avoid a situation where one participant will be able to transfer the entire balance of the DAO to his wallet.

Then click Save changes and create proposal. As a result, a Multi proposal will be created and you will be redirected to the event tab Dao.

Inside the event, you can get details of Multi proposal.

After accepting the multi proposal, the user will receive tokens and Karma from DAO reserve. This can be seen on the Members tab.

"},{"location":"working-with-gosh/gosh-web/#transfer-of-tokens-from-dao-reserve","title":"Transfer of tokens from DAO reserve","text":"

Tokens can be sent from the DAO reserve to

  • a member of this DAO;
  • any GOSH user, who has visited this DAO at least once.

To do this, on the Overview tab in the DAO reserve section, click Send.

In the window that opens, enter the name of the GOSH user or the name of the DAO and the amount of tokens to send.

If you want the recipient's Karma to increase jointly with the token balance, then check this box. Also write a description for the token transfer. This will help the DAO members to make a decision when voting.

Warning

Be careful when distributing karma among the members of the DAO. Avoid the possibility of a preponderance in the votes of one of the DAO members. To avoid a situation where one participant will be able to transfer the entire balance of the DAO to his wallet.

Then click Create proposal to send tokens

After creating the offer, you will be redirected to the DAO page with events.

Inside the event, you can see detailed information about the proposal.

After the proposal is accepted, the tokens will be transferred to the balance wallet of the GOSH user or DAO.

"},{"location":"working-with-gosh/gosh-web/#transfer-of-tokens-from-users-wallet","title":"Transfer of tokens from user's wallet","text":"

Tokens can be sent from the DAO reserve to

  • a member of this DAO;
  • any GOSH user, who has visited this DAO at least once.

Info

Only regular tokens are transferred. You will not be able to vote with such tokens.

To send tokens from your wallet to the DAO, go to the Overview or DAO tab on the Your wallet balance section and click Send.

In the window that opens, enter the name of the member of the DAO and the amount of tokens to send. Then click Send tokens

After that, the tokens will be transferred to the recipient's wallet balance.

"},{"location":"working-with-gosh/gosh-web/#working-with-dao-members","title":"Working with DAO Members","text":""},{"location":"working-with-gosh/gosh-web/#adding-members-to-dao","title":"Adding Members to DAO","text":"

Membership in the DAO can be obtained in several ways.

The user can be invited to the DAO using a special form or by an invitation link.

Also, the user can independently create a membership request in the DAO.

Info

Adding a member to the DAO is possible only through an proposal.

Depending on the chosen path, tokens and Karma will be distributed immediately after acceptance proposal, or additional proposals will need to be created for this.

"},{"location":"working-with-gosh/gosh-web/#adding-by-gosh-username-or-e-mail","title":"Adding by GOSH username or e-mail","text":"

A DAO member can create a proposle to add GOSH user into the DAO.

To do this, go to the tab Members in the section Invite user to DAO.

  • If you know the GOSH username, then enter it.

  • If you don't know the name or the user doesn't have a GOSH account yet, enter their email address.

Info

The email address will change to the GOSH username if the user has given permission during registration so that it can be found by email.

Offer the amount of karma for him and please comment your decision.

Info

You can send an invitation proposal to several users at once.

And click Send invite.

Info

At the same time, a multi proposal will be created to add DAO members and provide voting tokens.

Go to the DAO tab and select the desired event for voting.

"},{"location":"working-with-gosh/gosh-web/#invite-by-link","title":"Invite by link","text":"

You can invite a user to the DAO by generating an invitation link for them.

Warning

Enable \"Allow external users to request DAO membership\" option in DAO settings to enable invites by email/link.

To do this, on the tab Members in the section Invite user to DAO click on Get one-time invitation link.

Info

The link to the invitation can only be used one time.

All active invitation links will be displayed in the section on the right.

When the invited user creates a membership proposle in the DAO, the link entry disappears.

You can also deactivate the link click on the Revoke.

When the user clicks the link, they will be able to create an account or log into GOSH.

Then input a short nickname or and click Create account and continue.

Enter a short comment who are you and click Accept invitation.

On the event page that opens, you can find a request for your acceptance as a member of the DAO.

Click on it you can track the results of voting and discussions.

After the proposal is accepted, its status will change to Accepted

Info

You will be able to request voting tokens after you are accepted into the DAO by creating your proposal.

"},{"location":"working-with-gosh/gosh-web/#request-dao-membership","title":"Request DAO membership","text":"

You can create a membership request in the DAO yourself. To do this, you need to know the link to this DAO.

Info

Only a registered user will be able to create a membership request.

Follow this link and you will see the overview tab of the DAO you are interested in.

Click Request membership.

In the window that opens, write who you are and why you want to become a member of this DAO. This description will help the members of the DAO to make a decision when voting.

Then click Create proposal.

On the event page that opens, you can find a request for your acceptance as a member of the DAO.

After the DAO members vote, the status of your request will change to Accepted or Rejected

You can follow the voting and discussion by opening the event.

"},{"location":"working-with-gosh/gosh-web/#delete-members-from-the-dao","title":"Delete Members from the DAO","text":"

To delete a member from the DAO, go to the Members tab and click on the cross to the desired member.

Warning

To create an proposal, you must have at least 20 tokens on your wallet balance.

Confirm the deletion by clicking OK.

As a result, a Multi proposal will be created and you will be redirected to the event tab Dao.

The details of the multi proposl can be seen by going to it.

After voting and accepting multi proposal, the user will be deleted from the list of members of the DAO.

The Karma of the deleted user will be equal to 0. But the tokens, if they were, will stay on the balance of the user's wallet.

Then click Save changes and create proposal. As a result, a Multi proposal will be created and you will be redirected to the event page Dao.

Inside the event, you can get details of Multi proposal.

After accepting the multi proposal, the user will receive tokens and Karma from DAO reserve. This can be seen on the Members tab

"},{"location":"working-with-gosh/gosh-web/#delete-members-from-the-dao_1","title":"Delete Members from the DAO","text":""},{"location":"working-with-gosh/gosh-web/#whats-next","title":"What's next?","text":"

Set up Git Remote Helper and continue working with your repository.

You'll need your wallet credentials. Go to the main page of your account and click User Settings.

Scroll down to the Git remote config section, click Show and unlock with PIN code

Download the configuration file by clicking on the icon and save it to folder ~/.gosh

To view the command to clone your repo, click the Clone button on your repo page.

"},{"location":"working-with-gosh/gosh-web/#working-with-repository","title":"Working with Repository","text":""},{"location":"working-with-gosh/gosh-web/#create-repository","title":"Create Repository","text":"

To create a repository in your DAO click Create new in the Repositories section or Overview section.\u200b

Enter repository name and its description and click Create repository.

Warning

The repository name must contain only Latin letters, numbers,hyphen, underscore character( a...z, 0...9, -, _ )

A page with DAO events will open for you.

Open the event click on its name.

The page that opens displays the name of the proposal, its status, and the time of creation and as well as the end of voting.

The scale shows the number of votes for the proposal and against.

Specify the number of tokens less than or equal to your Karma for voting and accept or reject this proposal.

Add your opinion about the proposal to the discussion below and click Send vote

The created repository will appear in the list on the Repositories tab.

"},{"location":"working-with-gosh/gosh-web/#create-branch","title":"\u200bCreate Branch","text":"

Repository is created with default main branch. To create another branch, click on the branches counter.\u200b

Select the branch to be forked, enter new branch name, and click\u200b Create branch.

Warning

The branch name must contain only Latin letters, numbers, hyphen, underscore character ( a...z, 0...9, -, _ )

Once the branch is created, it will appear in the branches list.

Switch to it via drop down list.

"},{"location":"working-with-gosh/gosh-web/#create-file","title":"Create File","text":"

To create file, click Add file button.

Enter file contents and name.

You can use Preview if needed. MD syntax is supported for preview.

After scroll down and enter commit info:

  • Commit description - you can add a description of your commit;

  • Commit tags - this is a mutable pointer of the commit. You can add the tag to quickly go to this commit and see what has been done;

  • Select task - if the branch is not protected and your file is a solution to a problem, you can choose a particular task;

  • and add Assigners, Reviewers and Managers if necessary.

and click Commit changes

If the branch you are working in requires no voting to confirm commits, the file will be added. Otherwise a DAO vote will be initiated.

Commit status will be displayed below.

"},{"location":"working-with-gosh/gosh-web/#create-pull-request","title":"Create Pull Request","text":"

Click on the Pull requests tab and set up the pull request: what branch to merge from and to. Once selected, click Compare.

The branches will be compared. Review the changes, set up the pull request and click Commit changes.

Info

Note: When merging into the main branch, and in some other cases (depending on DAO setup), a DAO proposal will be initiated by trying to commit.

Organization Tokens have to be sent to the DAO Soft Majority Vote contract to start a proposal for DAO members to vote on.

"},{"location":"working-with-gosh/gosh-web/#add-protection-for-a-branch","title":"Add protection for a branch","text":"

If you want the changes to be added to the branch based on the voting results, then add protection to the branch.

This can be done by creating an appropriate proposal.

To do this, go from the Repositories tab to the repository you need.

Then, on the Branches tab, click the Protect button for the branch to which you want to add protection.

After creating the proposal, you will be redirected to the DAO page with events.

Inside the event, you can get details of proposal.

After the proposal is accepted the branch is marked as protected. A commit can be made to it only by voting.

"},{"location":"working-with-gosh/gosh-web/#remove-protection-for-a-branch","title":"Remove protection for a branch","text":"

If the branch no longer needs protection, you can remove it by initiating appropriate proposals.

To do this, go from the Repositories tab to the repository you need.

Then, on the Branches tab, click the Unprotect button for the branch to which you want to add protection.

A vote will be created and you will be redirected to the DAO page with events.

Inside the event, you can get details of proposal.

After accepting the proposal, the protection mark will be removed from the branch. Now everyone can upload changes to the branch without voting.

"},{"location":"working-with-gosh/gosh-web/#adding-comments-to-file","title":"Adding comments to file","text":"

You can add a comment to any line in the file.

Info

Comments are linked to a specific comment.

To do this, open the file and hover over a line or block of lines and click on the blue icon that appears on the left.

In the window that opens, enter your comment and click on the blue circle with an arrow to send it.

The comment line will be marked with a red icon on the left.

A thread of comments and replies to them will open on the right.

The discussion can be resolved. To do this, click the appropriate button:

Info

The discussion can be resumed if a new comment has been added to it.

Up to 3 discussions can be expanded in one line. You can switch between them.

"},{"location":"working-with-gosh/gosh-web/#adding-comments-to-pull-request","title":"Adding comments to Pull Request","text":"

You can also add comments to Pull Request. To do this, go from the DAO events page to the Pull Request vote in the Pull request diff section. you can leave comments on any line or block of lines in the same way as in commenting on a file.

"},{"location":"working-with-gosh/gosh-web/#working-with-task","title":"Working with Task","text":""},{"location":"working-with-gosh/gosh-web/#create-task","title":"Create Task","text":"

To create a Task, go to the Tasks tab and click Create Task

Then you need to fill in the Task conditions.

The result of the Task should be a pull request to include changes in the repository.

Select the repository for which the Task is being created.

Add the Task name.

You can add 3 tags separated by spaces to quickly find the task.

Then you need to evaluate the Task.

Task cost is the number of tokens that will be paid from the DAO reserve for its execution.

Info

The members of the DAO agree between themselves how to evaluate the Tasks.

After attaching a pull request to the Task, the tokens will be distributed between the author, reviewer and manager in the ratio you set.

Commit author - the person who executes the Task. Reviewer - the person who checks the correctness of the Task. Manager - the person who manages the Task execution process.

Info

The number of authors, areviewers and managers is set at your choice.

Select vesting and lock periods.

Lock (cliff) - the period after which the reward payments will begin. The countdown will start after accepting the proposal about completing the Task. Vesting - rules for transferring the fixed part of the tokens to the disposal of the contractor.

For example, lock - 12 months, vesting - 2 months.

Warning

In order for the investment scheme to be correct, the smaller of the number of tokens allocated to the members of the task must be a multiple of the number of months of investment.

Add a comment the token distribution rules and click Create task and start proposal

After creating the proposal, you will be taken to the DAO tab with events.

Inside the proposal you will be able to see all the conditions of the Task. In the table you can see the period since which month and in what parts the payments will be made to the members of the Task.

After accepting the proposal, the Task will appear in the list on the Tasks tab with the status Awaiting commits.

Info

When creating a Task the tokens (Task cost) from the DAO-reserve are written off and reserved on the Task-contract.

When the Author has completed the Task, he adds it to the commit.

Info

If you need to make several commits to complete a Task,, create a separate branch.

And do Select task when creating the proposal to the pull request.

Select the Task performed(s), reviewer(s), manager(s) if they worked on the task. The allocated shares of those who were not specified will be returned to the DAO-reserve.

After that a proposal to the pull request will be created.

Detailed information can be viewed by going to it on the DAO tab with events.

If the reviewer was specified during the commit, the event will wait for verification from them.

Then, after the reviewer send the solution, it will be possible to vote for the proposal. When the pull request is accepted, the Task status will change to Confirmed.

After the lock period ends, the members of the Task can receive a reward. To do this, go to the Tasks tab in the completed Task and click Claim reward.

Note

If Lock period (cliff) has been set to zero, then you can click Claim reward immediately after accepting the pull request.

Thus the tokens will begin to be transferred to the wallets of the members of the completed Task in accordance with the vesting scheme when the lock period ends.

"},{"location":"working-with-gosh/gosh-web/#delet-task","title":"Delet\u0435 Task","text":"

To delete a Task, go to it on the Tasks tab. And click to Delete task

After creating a proposal about deleting a Task, you will be redirected to the event tab Dao.

When the proposal is accepted, the Task will be deleted. The tokens allocated for this Task will be returned to the DAO reserve.

"},{"location":"working-with-gosh/verify-images-in-docker-extension/","title":"Verify Images in Docker Extension","text":"

Once you have pulled a GOSH image someone else built and uploaded to dockerhub, you can verify, that it was build from the exact code on GOSH that it claims to be built from.

To do that, go to Containers Tab in Docker Extension.

Your containers and their hashes are listed on this tab.

Scroll left to see the GOSH repository link it claims to be build from.

Click Validate.

GOSH docker extension will read the hash of the container, rebuild the container from the specified repository, compare resulting hash and report whether the hashes match.

"}]} \ No newline at end of file diff --git a/site/sitemap.xml.gz b/site/sitemap.xml.gz index 131674f..0f7a9f3 100644 Binary files a/site/sitemap.xml.gz and b/site/sitemap.xml.gz differ