<h2>Milestone 4<aclass="headerlink"href="#milestone-4"title="Permalink to this headline">¶</a></h2>
<p>New features in this release:</p>
<ul>
<li><pclass="first">Persistence:</p>
<blockquote>
<div><ulclass="simple">
<li>States can now be written into a relational database and queried using JDBC. The schemas are defined by the
smart contracts and schema versioning is supported. It is reasonable to write an app that stores data in a mix
of global ledger transactions and local database tables which are joined on demand, using join key slots that
are present in many state definitions. Read more about <aclass="reference internal"href="persistence.html"><spanclass="doc">Persistence</span></a>.</li>
<li>The embedded H2 SQL database is now exposed by default to any tool that can speak JDBC. The database URL is
printed during node startup and can be used to explore the database, which contains both node internal data
and tables generated from ledger states.</li>
<li>Protocol checkpoints are now stored in the database as well. Message processing is now atomic with protocol
checkpointing and run under the same RDBMS transaction.</li>
<li>MQ message deduplication is now handled at the app layer and performed under the RDMS transaction, so
ensuring messages are only replayed if the RDMS transaction rolled back.</li>
<li>“The wallet” has been renamed to “the vault”.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">Client RPC:</p>
<blockquote>
<div><ulclass="simple">
<li>New RPCs added to subscribe to snapshots and update streams state of the vault, currently executing protocols
and other important node information.</li>
<li>New tutorial added that shows how to use the RPC API to draw live transaction graphs on screen.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">Protocol framework:</p>
<blockquote>
<div><ulclass="simple">
<li>Large simplifications to the API. Session management is now handled automatically. Messages are now routed
based on identities rather than node IP addresses.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">Decentralised consensus:</p>
<blockquote>
<div><ulclass="simple">
<li>A standalone one-node notary backed by a JDBC store has been added.</li>
<li>A prototype RAFT based notary composed of multiple nodes is available on a branch.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">Data model:</p>
<blockquote>
<div><ulclass="simple">
<li>Compound keys have been added as preparation for merging a distributed RAFT based notary. Compound keys
are trees of public keys in which interior nodes can have validity thresholds attached, thus allowing
boolean formulas of keys to be created. This is similar to Bitcoin’s multi-sig support and the data model
is the same as the InterLedger Crypto-Conditions spec, which should aid interop in future. Read more about
key trees in the “<aclass="reference internal"href="transaction-data-types.html"><spanclass="doc">Data types</span></a>” article.</li>
<li>A new tutorial has been added showing how to use transaction attachments in more detail.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">Testnet</p>
<blockquote>
<div><ulclass="simple">
<li>Permissioning infrastructure phase one is built out. The node now has a notion of developer mode vs normal
mode. In developer mode it works like M3 and the SSL certificates used by nodes running on your local
machine all self-sign using a developer key included in the source tree. When developer mode is not active,
the node won’t start until it has a signed certificate. Such a certificate can be obtained by simply running
an included command line utility which generates a CSR and submits it to a permissioning service, then waits
for the signed certificate to be returned. Note that currently there is no public Corda testnet, so we are
not currently running a permissioning service.</li>
<li>The Corda libraries that app developers need to link against can now be installed into your local Maven
repository, where they can then be used like any other JAR. See <aclass="reference internal"href="creating-a-cordapp.html"><spanclass="doc">Creating a Cordapp</span></a>.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">User interfaces:</p>
<blockquote>
<div><ulclass="simple">
<li>Infrastructure work on the node explorer is now complete: it is fully switched to using the MQ based RPC system.</li>
<li>A library of additional reactive collections has been added. This API builds on top of Rx and the observable
collections API in Java 8 to give “live” data structures in which the state of the node and ledger can be
viewed as an ordinary Java <codeclass="docutils literal"><spanclass="pre">List</span></code>, <codeclass="docutils literal"><spanclass="pre">Map</span></code> and <codeclass="docutils literal"><spanclass="pre">Set</span></code>, but which also emit callbacks when these views
change, and which can have additional views derived in a functional manner (filtered, mapped, sorted, etc).
Finally, these views can then be bound directly into JavaFX UIs. This makes for a concise and functional
way of building application UIs that render data from the node, and the API is available for third party
app developers to use as well. We believe this will be highly productive and enjoyable for developers who
have the option of building JavaFX apps (vs web apps).</li>
<li>The visual network simulator tool that was demoed back in April as part of the first Corda live demo has
been merged into the main repository.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">Documentation</p>
<blockquote>
<div><ulclass="simple">
<li>New secure coding guidelines. Corda tries to eliminate as many security mistakes as practical via the type
system and other mechanically checkable processes, but there are still things that one must be aware of.</li>
<li>New attachments tutorial.</li>
<li>New Client RPC tutorial.</li>
<li>More tutorials on how to build a standalone CorDapp.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">Testing</p>
<blockquote>
<div><ulclass="simple">
<li>More integration testing support</li>
<li>New micro-DSLs for expressing expected sequences of operations with more or less relaxed ordering constraints.</li>
<li>QuickCheck generators to create streams of randomised transactions and other basic types. QuickCheck is a way
of writing unit tests that perform randomised fuzz testing of code, originally developed by the Haskell
<li>The transaction types (Signed, Wire, LedgerTransaction) have moved to <codeclass="docutils literal"><spanclass="pre">com.r3corda.core.transactions</span></code>. You can
update your code by just deleting the broken import lines and letting your IDE re-import them from the right
location.</li>
<li><codeclass="docutils literal"><spanclass="pre">AbstractStateReplacementProtocol.verifyProposal</span></code> has changed its prototype in a minor way.</li>
<li>The <codeclass="docutils literal"><spanclass="pre">UntrustworthyData<T>.validate</span></code> method has been renamed to <codeclass="docutils literal"><spanclass="pre">unwrap</span></code> - the old name is now deprecated.</li>
<li>The wallet, wallet service, etc. are now vault, vault service, etc. These better reflect the intent that they
are a generic secure data store, rather than something which holds cash.</li>
<li>Simplifications to the way the demo is used from the command line.</li>
<li><aclass="reference internal"href="contract-irs.html"><spanclass="doc">Detailed documentation on how the contract works and can be used</span></a> has been written.</li>
<li>Better integration testing of the app.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">Smart contracts have been redesigned around reusable components, referred to as “clauses”. The cash, commercial paper
and obligation contracts now share a common issue clause.</p>
</li>
<li><pclass="first">New code in the experimental module (note that this module is a place for work-in-progress code which has not yet gone
through code review and which may, in general, not even function correctly):</p>
<blockquote>
<div><ul>
<li><pclass="first">Thanks to the prolific Sofus Mortensen @ Nordea Bank, an experimental generic contract DSL that is based on the famous
2001 “Composing contracts” paper has been added. We thank Sofus for this great and promising research, which is so
relevant in the wake of TheDAO hack.</p>
</li>
<li><pclass="first">The contract code from the recent trade finance demos is now in experimental. This code comes thanks to a
collaboration of the members; all credit to:</p>
<blockquote>
<div><ulclass="simple">
<li>Mustafa Ozturk @ Natixis</li>
<li>David Nee @ US Bank</li>
<li>Johannes Albertsen @ Dankse Bank</li>
<li>Rui Hu @ Nordea</li>
<li>Daniele Barreca @ Unicredit</li>
<li>Sukrit Handa @ Scotiabank</li>
<li>Giuseppe Cardone @ Banco Intesa</li>
<li>Robert Santiago @ BBVA</li>
</ul>
</div></blockquote>
</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">The usability of the command line demo programs has been improved.</p>
</li>
<li><pclass="first">All example code and existing contracts have been ported to use the new Java/Kotlin unit testing domain-specific
languages (DSLs) which make it easy to construct chains of transactions and verify them together. This cleans up
and unifies the previous ad-hoc set of similar DSLs. A tutorial on how to use it has been added to the documentation.
We believe this largely completes our testing story for now around smart contracts. Feedback from bank developers
during the Trade Finance project has indicated that the next thing to tackle is docs and usability improvements in
the protocols API.</p>
</li>
<li><pclass="first">Significant work done towards defining the “CorDapp” concept in code, with dynamic loading of API services and more to
come.</p>
</li>
<li><pclass="first">Inter-node communication now uses SSL/TLS and AMQP/1.0, albeit without all nodes self-signing at the moment. A real
PKI for the p2p network will come later.</p>
</li>
<li><pclass="first">Logging is now saved to files with log rotation provided by Log4J.</p>
</li>
</ul>
<p>API changes:</p>
<ulclass="simple">
<li>Some utility methods and extension functions that are specific to certain contract types have moved packages: just
delete the import lines that no longer work and let IntelliJ replace them with the correct package paths.</li>
<li>The <codeclass="docutils literal"><spanclass="pre">arg</span></code> method in the test DSL is now called <codeclass="docutils literal"><spanclass="pre">command</span></code> to be consistent with the rest of the data model.</li>
<li>The messaging APIs have changed somewhat to now use a new <codeclass="docutils literal"><spanclass="pre">TopicSession</span></code> object. These APIs will continue to change
<li>Clauses now have default values provided for <codeclass="docutils literal"><spanclass="pre">ifMatched</span></code>, <codeclass="docutils literal"><spanclass="pre">ifNotMatched</span></code> and <codeclass="docutils literal"><spanclass="pre">requiredCommands</span></code>.</li>
<li><codeclass="docutils literal"><spanclass="pre">NotaryService</span></code> is now extensible.</li>
<li>Every <codeclass="docutils literal"><spanclass="pre">ContractState</span></code> now has to specify a <em>participants</em> field, which is a list of parties that are able to
consume this state in a valid transaction. This is used for e.g. making sure all relevant parties obtain the updated
state when changing a notary.</li>
<li>Introduced <codeclass="docutils literal"><spanclass="pre">TransactionState</span></code>, which wraps <codeclass="docutils literal"><spanclass="pre">ContractState</span></code>, and is used when defining a transaction output.
The notary field is moved from <codeclass="docutils literal"><spanclass="pre">ContractState</span></code> into <codeclass="docutils literal"><spanclass="pre">TransactionState</span></code>.</li>
<li>Every transaction now has a <em>type</em> field, which specifies custom build & validation rules for that transaction type.
Currently two types are supported: General (runs the default build and validation logic) and NotaryChange (
contract code is not run during validation, checks that the notary field is the only difference between the
inputs and outputs).
<codeclass="docutils literal"><spanclass="pre">TransactionBuilder()</span></code> is now abstract, you should use <codeclass="docutils literal"><spanclass="pre">TransactionType.General.Builder()</span></code> for building transactions.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">The cash contract has moved from <codeclass="docutils literal"><spanclass="pre">com.r3corda.contracts</span></code> to <codeclass="docutils literal"><spanclass="pre">com.r3corda.contracts.cash</span></code></p>
</li>
<li><pclass="first"><codeclass="docutils literal"><spanclass="pre">Amount</span></code> class is now generic, to support non-currency types such as physical assets. Where you previously had just
<codeclass="docutils literal"><spanclass="pre">Amount</span></code>, you should now use <codeclass="docutils literal"><spanclass="pre">Amount<Currency></span></code>.</p>
</li>
<li><pclass="first">Refactored the Cash contract to have a new FungibleAsset superclass, to model all countable assets that can be merged
and split (currency, barrels of oil, etc.)</p>
</li>
<li><pclass="first">Messaging:</p>
<blockquote>
<div><ulclass="simple">
<li><codeclass="docutils literal"><spanclass="pre">addMessageHandler</span></code> now has a different signature as part of error handling changes.</li>
<li>If you want to return nothing to a protocol, use <codeclass="docutils literal"><spanclass="pre">Ack</span></code> instead of <codeclass="docutils literal"><spanclass="pre">Unit</span></code> from now on.</li>
</ul>
</div></blockquote>
</li>
<li><pclass="first">In the IRS contract, dateOffset is now an integer instead of an enum.</p>
</li>
<li><pclass="first">In contracts, you now use <codeclass="docutils literal"><spanclass="pre">tx.getInputs</span></code> and <codeclass="docutils literal"><spanclass="pre">tx.getOutputs</span></code> instead of <codeclass="docutils literal"><spanclass="pre">getInStates</span></code> and <codeclass="docutils literal"><spanclass="pre">getOutStates</span></code>. This is
just a renaming.</p>
</li>
<li><pclass="first">A new <codeclass="docutils literal"><spanclass="pre">NonEmptySet</span></code> type has been added for cases where you wish to express that you have a collection of unique
objects which cannot be empty.</p>
</li>
<li><pclass="first">Please use the global <codeclass="docutils literal"><spanclass="pre">newSecureRandom()</span></code> function rather than instantiating your own SecureRandom’s from now on, as
the custom function forces the use of non-blocking random drivers on Linux.</p>
Built with <ahref="http://sphinx-doc.org/">Sphinx</a> using a <ahref="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <ahref="https://readthedocs.org">Read the Docs</a>.
