System Factory
How DALP creates a system for an organization, keeps assets scoped to that system, and uses the token factory registry to isolate multi-tenant reads.
DALP creates one system per organization through a System Factory contract. Token reads then use the active system's token factory registry to keep assets isolated across organizations on the same network.
Prerequisites
- You have an onboarded organization with signing available for system creation.
- The directory exposes the current System Factory address for the target network, or you pass an explicit factory contract address.
- Your API credential can call system routes for the organization.
Quickstart
Create the organization's system by calling the system creation endpoint. Omit contract when you want DALP to use the System Factory address from the indexed directory.
curl -X POST "https://your-platform.example.com/api/v2/systems" \
-H "X-Api-Key: $DALP_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"walletVerification": {
"verificationType": "PINCODE",
"secretVerificationCode": "123456"
}
}'A synchronous success returns the deployed system address inside the mutation envelope.
{
"data": {
"systemAddress": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F"
},
"meta": {
"txHashes": ["0x4f3d5e9b2a9f6d2f0b6b4d8a3e1c5f7a9b0c2d4e6f8a1b3c5d7e9f0a2b4c6d8e"]
},
"links": {
"self": "/v2/systems"
}
}When the request is accepted asynchronously, DALP returns a transaction status response instead of the data envelope. Persist the returned status URL and poll it before retrying the business operation.
The request is idempotent per organization while the deployment workflow runs. If the organization already has a stored system address, DALP rejects a second create request instead of deploying another system.
What the system factory creates
The System Factory deploys a new system access manager and a new system proxy. The new system receives the directory reference during initialization and resolves implementation addresses from that directory. This keeps the factory responsible for system creation while the directory remains the source of implementation addresses.
The initial caller becomes the first system administrator. During bootstrap, the factory temporarily holds the permissions it needs to grant roles. After it grants the administrator and system roles, the factory renounces its temporary administrator role for that system.
The factory records every system it creates. Indexers can use the emitted creation event and the factory's stored system list to connect systems, access managers, and directory versions.
Asset isolation model
A system is the organization-level boundary for assets, identities, registries, and factory-scoped reads. Assets are isolated in two ways:
- The deployed token stores the system address resolved by the indexer.
- The active system stores a token factory registry with the token factories that belong to that system.
Read handlers use both signals. A token is in scope when its resolved system address matches the active system or when its factory address appears in the active system's token factory registry. This covers assets whose system address is available directly and assets that need to be resolved through their creating factory.
If the active system has no token factories in its registry, scoped reads fail closed and return no rows for that predicate. This prevents a stale or incomplete system context from disclosing assets from another organization.
Multi-tenant read behavior
DALP applies the system factory scope to user asset lists, token search, and related indexer-backed token views. The rule is the same across those surfaces: the active system controls the factory set used to filter rows.
| Read surface | Isolation check | Result when the registry is empty |
|---|---|---|
| Token search | Token system address or token factory address must match the active system set. | No cross-system token rows. |
| User asset queries | Balance rows resolve through tokens in the active system's factory scope. | No cross-system balances. |
| Fixed-yield schedules | Schedules resolve through tokens in the active system's factory scope. | No cross-system schedules. |
| User asset route output | The route uses the same active-system factory predicate as the query helper. | No cross-system assets. |
This design lets DALP run multiple organizations on one indexed network without relying only on user identity or wallet address. Wallets can appear in more than one system, but token visibility still follows the active system context.
Idempotency and failure behavior
System creation runs through a durable workflow keyed by the organization id. A retry, double-click, or duplicate client submission joins the same workflow instance while creation is in progress.
| Condition | DALP behavior |
|---|---|
| Directory has no System Factory address | The create request fails before deployment. |
| Organization already has a stored system | The create request fails with an existing resource error. |
| Workflow service is unavailable | The create request fails before submitting deployment work. |
| Workflow fails | The create request returns the workflow failure state. |
| Deployment does not resolve within 120 seconds | The HTTP request times out. Retry later or use the resume path when available. |
The settings table is the durable source for the organization system address after deployment. DALP checks that stored value before it submits a new workflow.
Production notes
- Treat one system as the administrative boundary for one organization on a network.
- Keep the token factory registry current before relying on aggregate asset or user-asset reads.
- Do not use wallet address alone as an isolation boundary. Use the active system context and token factory registry.
- Monitor system creation as an asynchronous deployment. The HTTP request can time out before the workflow has reached a terminal state.
- Verify the directory address set for the network before creating systems in a new environment.
Related primitives
- System context explains where systems sit in the DALP architecture.
- Asset issuance flow shows how asset creation depends on the active system.
- Unified API describes the API surface that exposes system operations.
- Contract runtime explains how DALP executes contract operations.
Unified API
The Unified API provides type-safe programmatic access to all digital asset lifecycle operations. With automatic OpenAPI generation, the API combines type safety, comprehensive documentation, and multi-layer security including wallet verification for blockchain transactions.
Overview
The infrastructure layer contains the backend services that orchestrate workflows, manage cryptographic keys, sign transactions, index blockchain events, and provide network connectivity. These services are not accessed directly by users -- they operate behind the platform interfaces.