feat: GovDAO implementation proposal.

[ajnavarro]

GovDAO following Jae's specs:

https://gist.github.com/jaekwon/918ad325c4c8f7fb5d6e022e33cb7eb3

Notes:

Ignore all deleted files. I had to remove all previous govDAO implementations because it was too difficult (and worthless) to make it backward compatible, so I thought the best thing to do was remove it.

Issues needed to be fixed:

• [gnoweb]: Markdown links not rendering the expected path #3865

Main concepts

gno.land/r/gov/dao/proxy

This is the cornerstone of the architecture and cannot be changed. It uses the proxy pattern to interact with the actual govDAO implementation. GovDAO implementations will be upgraded through Proposals.

gno.land/r/gov/dao/v3/memberstore

This realm manages member data. Anyone can read from it, but only the current govDAO (which the proxy package points to) can write to it. Rather than offering generic “GET” and “SET” methods, it provides specific methods tailored to the v3 use cases (for example, storing members by tier).

gno.land/r/gov/dao/v3/impl

This realm contains the actual govDAO v3 implementation and focuses solely on business logic. By storing members in separate packages, we enable future govDAO implementations to reuse and migrate data as needed.

Imports for Each Package

Example flow diagram for creating a new Proposal

Screenshots

Code used to create the screenshots

func CreateTestProposals() {
	nm1 := std.Address("g1us8428u2a5satrlxzagqqa5m6vmuze025anjlj")

	portfolio := "### This is my portfolio:\n\n- THINGS"

	proxy.MustCreateProposal(NewAddMemberRequest(nm1, memberstore.T2, portfolio))

	proxy.MustCreateProposal(NewChangeLawRequest(law))

	removeAddr := std.Address("g1dfr24yhk5ztwtqn2a36m8f6ud8cx5hww4dkjfl")
	proxy.MustCreateProposal(NewWithdrawMemberRequest(removeAddr, "This is the removal reason text."))

	proxy.MustCreateProposal(blog.NewPostProposalRequest("slug", "Post Title", "Post Body", "01/03/2025", "AUTHOR ONE", "TAG1, TAG2"))

	proxy.MustCreateProposal(params.NewStringPropRequest("KEY", "VALUE"))

	proxy.MustCreateProposal(NewAddMemberRequest(nm1, memberstore.T2, portfolio))

	proxy.MustVoteOnProposal(proxy.VoteRequest{
		Option:     proxy.YesVote,
	ProposalID: proxy.ProposalID(1),
	})

	proxy.MustVoteOnProposal(proxy.VoteRequest{
		Option:     proxy.NoVote,
	ProposalID: proxy.ProposalID(2),
	})

	ExecuteProposal(proxy.ProposalID(2))
}

[Gno2D2]

🛠 PR Checks Summary

All Automated Checks passed. ✅

Manual Checks (for Reviewers):

• IGNORE the bot requirements for this PR (force green CI check)

Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

🟢 Maintainers must be able to edit this pull request (more info)

☑️ Contributor Actions:

1. Fix any issues flagged by automated checks.
2. Follow the Contributor Checklist to ensure your PR is ready for review.
   • Add new tests, or document why they are unnecessary.
   • Provide clear examples/screenshots, if necessary.
   • Update documentation, if required.
   • Ensure no breaking changes, or include BREAKING CHANGE notes.
   • Link related issues/PRs, where applicable.

☑️ Reviewer Actions:

1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.

📚 Resources:

• Report a bug with the bot.
• View the bot’s configuration file.

Debug

Automated Checks

Maintainers must be able to edit this pull request (more info)

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 The pull request was created from a fork (head branch repo: ajnavarro/gno)

Then

🟢 Requirement satisfied
└── 🟢 Maintainer can modify this pull request

Manual Checks

**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

• Any user with comment edit permission

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

[leohhhn]

Maybe this file should be called render.gno?

[ajnavarro]

that file is the govdao implementation, the render method is at impl.gno

[MikaelVallenet]

Hello 👋

I worked on the subject and wrote down some things, here is some:

I think there is a mistake unless I misunderstand but a user needs 2 invitation points from different sources (or rather each source can only delegate a point to one person) to become a T3 and here I have the impression that only 1 is enough in your implementation from AddMember func in dao/v3/impl/impl.gno

"2 invitation points from 2 members must be delegated for T3 membership. Delegation/invitation can be withdrawn at any time." jae specs

I also find the implemtation of invitation points a bit confusing, like the AddMember function, which in reality only works for adding T3s, otherwise you have to go through a proposal, here's the implementation I made: https://github.com/TERITORI/teritori-dapp/blob/main/gno/r/govdao/invitations.gno

I also find it odd to have render logic on a file other than render.gno, as Léon indicates: #3389 (comment)

The proxy pattern is ingenious and I think it's a good solution.

I also see the user author type, which in the end isn't used? but the caller addr could be passed in the proxy request instead of what is done rn, which would eventually, depending on future choices, potentially allow realms (could be sub-daos) to be accepted as members, whereas we're using OriginCaller() and therefore necessarily an EOA.

Here's a link to our implementation using daokit, a framework we've developed to build dao based on complex conditions: https://github.com/TERITORI/teritori-dapp/tree/main/gno/r/govdao

Feel freel to answer and create a thread/conversation about my feedbacks ❤️

[moul]

I like this pattern of providing default values while allowing new implementations to extend or change them. However, I dislike using the proxy package and its prefix. One option is to create a dedicated package for types, which would require two imports. Alternatively, we could rename the proxy package to "govdao." This way, when you import govdao, you import "the component to communicate with govdao." The implementation can remain internal, so users don't need to worry about it or import it. In my opinion, it makes sense to consider the proxy as the front-facing package and name it govdao. We can specify in the comments that it follows the proxy pattern.

[ajnavarro]

Done. Now the package is gno.land/r/gov/dao directly.

[moul]

what prevent me to do this:

proxy.NewWithdrawMemberRequest("g12345", "foo").Callback(proxy.RemoveMemberMetadata{Addr: "g12345"})

We should unexport Callback.

[ajnavarro]

Calls to member storage are protected, and can only be done by the actual govDAO implementation, so that specific call will fail. In any case, I'll make callback private to avoid confusion in other implementations.

[ajnavarro]

Callback was moved to private and added the ProposalRequestBuilder struct to generate the Proposal requests without being able to access the internal fields.

[jeronimoalbi]

Is there a reason for the first proposal to be ID 0, or is just for convenience?

[ajnavarro]

Convenience and just a programming standard.

[jeronimoalbi]

Wouldn't a call to this function or MustGetProposal() allow overwriting Proposal.Executor? For example:

MustGetProposal(2).Executor = nil

[ajnavarro]

Yes. I'll address this problem making it private like Callback.

[ajnavarro]

Moved the executor to a private field. Because of that, the method to execute proposals has to be moved to the proxy realm.

[jeronimoalbi]

Isn't this one an error case?

[ajnavarro]

Instead of erroring, I wanted to return nil if there was no proposal.

[jeronimoalbi]

Maybe if it's the new realm implementation version the one making the update request, and after it's allowed, it could prepend itself to the list of AllowedDAOs to make sure that the last realm version is always allowed to update the implementation 🤔. It might help avoiding a deadlock, if I understand correctly.

Maybe it might even be worth considering having a RollbackImpl() feature that is independent of the allowed DAO list and UpdateImpl(UpdateRequest) mechanic.

[ajnavarro]

hmm, interesting, I'll have a look.

[jeronimoalbi]

Also, an alternative could be something in a "similar" fashion as the error interface:

type Metadata interface {
  Metadata() string
}

If the smaller interface would make sense.

[ajnavarro]

String() string is implementing the Stringer interface: https://pkg.go.dev/fmt#Stringer

IsMetadata() is a flag intended to avoid sending any random object that is not specifically intended to be used as metadata.

So we need both sadly.

[jeronimoalbi]

It seems that InvitationPoints property could be private to make sure only RemoveInvitationPoint() is used to change its value

[ajnavarro]

Might be an option, but doing that won't allow us to easily create Members from outside the memberstorage package. Also, I should add extra methods to get how many invitation points are available. Do you see any corner case where we must make that field private?

[jeronimoalbi]

Isn't the max size size(T1) * 2, or the ratio changed?

[ajnavarro]

Changed.

[moul]

I'm initiating a new review round. There are conflicts with the master branch. Could you please merge the master branch? I expect this to be the last time.

[ajnavarro]

Answering to @MikaelVallenet:

I think there is a mistake unless I misunderstand but a user needs 2 invitation points from different sources (or rather each source can only delegate a point to one person) to become a T3 and here I have the impression that only 1 is enough in your implementation from AddMember func in dao/v3/impl/impl.gno

"2 invitation points from 2 members must be delegated for T3 membership. Delegation/invitation can be withdrawn at any time." jae specs

Yes, you are right. I have to change that on the actual implementation. Still a TODO.

I also find the implemtation of invitation points a bit confusing, like the AddMember function, which in reality only works for adding T3s, otherwise you have to go through a proposal, here's the implementation I made: TERITORI/teritori-dapp@main/gno/r/govdao/invitations.gno

It is done that way to be able to migrate data to future govDAOs implementations as easy as possible. Implementing invitation points the way you did makes it impossible to get data from future DAOs and use it from there.

I also find it odd to have render logic on a file other than render.gno, as Léon indicates: #3389 (comment)

That struct implements all the business logic. Part of the business logic is the Render function, that will be used on the proxy realm directly. How do you suggest to implement it, taking into account that Render is just a small part of all the business logic implemented to fulfill all the needed methods from the govDAO interface?

I also see the user author type, which in the end isn't used? but the caller addr could be passed in the proxy request instead of what is done rn, which would eventually, depending on future choices, potentially allow realms (could be sub-daos) to be accepted as members, whereas we're using OriginCaller() and therefore necessarily an EOA.

Author interface is intended to make possible to implement any kind of Author in the future, like other DAOs. Right now it is just returning a Member Author. The information about who is the caller is gathered on the implementation itself, because it can change. If we send the address as part of the function contract, we are limiting the future functionalities that are possible to implement eventually, without giving any new information that couldn't be gathered by other methods like the ones living in std.

[jeronimoalbi]

Should invitation points also be considered when adding a T1 or T2 member?

[aeddi]

Same question, but I don't get it either when I read the specs directly.

[ajnavarro]

They are being used when the Proposal is executed.

[aeddi]

Looks like you're adding v3, not v5.

[ajnavarro]

Fixed.

[aeddi]

Noob question: does std.TestSetRealm(std.NewCodeRealm(v3)) reset the state of the Realm?
If yes: shouldn't this test try to update AllowedDAOs two times?
If no: why all these occurence of std.TestSetRealm(std.NewCodeRealm(v3)) if they're not resetting the state or something else?

[ajnavarro]

One of the annoying bugs existing right now is that the state does not change between tests. I'm changing the caller just to be sure that everything will work on different use cases.

[aeddi]

Is the comment outdated? I don't see any trace of newDAOUpdaters

[ajnavarro]

fixed.

[aeddi]

Can you comment / provide more details on why these two attributes are optional? Naively, I would have said that they cannot be nil at the risk of breaking the system. It could be useful to clarify.

[ajnavarro]

This is done that way to allow updating the list of allowed DAOs or the DAO implementation separately if needed.

So after a DAO update, you can eventually remove from AllowedDAOs through a proposal the previous DAO implementation (when everything seems to be working properly).

[aeddi]

Still WIP or leftover?

[zivkovicmilos]

Same question :)

[ajnavarro]

Yes. Removed. I thought that for removing a T1 member there was a special case, but it is not.

[aeddi]

Should we not check if toTier > fromTier?

[ajnavarro]

there is no correlation between tiers, they are just keys. So technically you can demote too.

[aeddi]

withdrawn by supermajority vote from T1?

[ajnavarro]

AFAIK for all of members, right? Ping me if I misunderstood something.

[aeddi]

Membership can be withdrawn with T3 abstaining?

[aeddi]

What is the meaning of permissionless in this context? T1, T2 and T3 all use their invitation points so what's the difference between T1/T2 and T3?

[ajnavarro]

AFAIK, adding them without asking other members, a.k.a outside a proposal. That's why there is a specific method to add T3 members using your invitation points on govdao/v3 implementation.

[aeddi]

Is it planned to implement the "time based requirements"? I mean at least 70 after 7 years, 2 new T1 members per quarter, etc.

[ajnavarro]

I think so, but I didn't find a good way of implementing that programmatically.

[zivkovicmilos]

It's finally happening, isn't it? :)

Amazing work 👏

[zivkovicmilos]

Just curious, why a slice and not an AVL?

[moul]

shouldn't be a slice; a p/moul/ulist or avl.Tree + seqid seems better.

[ajnavarro]

Changing that to an avl tree

[zivkovicmilos]

Leftover?

[zivkovicmilos]

Is it possible to delete a proposal?

[moul]

no, we can eventually mark them as cancelled, but shouldn't delete them.

[ajnavarro]

proposals will be there forever, no deletion. The dao implementation will decide witch ones to show, and the state of them.

[zivkovicmilos]

What's the idea behind PreGetProposal?

[zivkovicmilos]

And of course PostGetProposal?

[ajnavarro]

Give to the implementation the ability of do any business logic before returning the proposal to the user, for example, only allow x requests per member, or limit who is able to read the proposals, or charge a fee for getting old proposals are a few of the possible implementations here.

PostGetProposal is more or less the same, but now you have some information about the Proposal itself, so you can filter or do some logic depending on that information. For example, have an historic about who queried the proposals.

[zivkovicmilos]

The most revolutionary search method :)

[zivkovicmilos]

I would probably change this comment to:
tier name -> address -> member

[ajnavarro]

done

[zivkovicmilos]

Do we test this functionality out somewhere?

[ajnavarro]

yes, at memberstore_test.gno

[zivkovicmilos]

Leftover?

[ajnavarro]

yes and no, we need to implement a TreasuryDAO or similar to be able to pay Members

[zivkovicmilos]

Just a note, it's a bit confusing to have proposals for T1 / T2, but have a public func for T3 additions. Maybe they should all go through a proposal, but T1 / T2 can only initiate it through invitation points (that get deducted after the proposal is resolved)?

[ajnavarro]

From the specs, T3 member invitations must be permisionless. If we do them through a proposal, then there are not permisionless, right? maybe I misunderstood the specs.

[zivkovicmilos]

I would like to see more tests for this functionality. I figured you were holding off on them until the implementation settled

[ajnavarro]

Totally, more tests are needed in general. Waiting to write them until all the nits, name changes, and the base implementation is settled as you said.