Add alpha-hardening ADRs and issue plan from pre-release audit.
Lock alpha scope, tracker auth, TOPLOC fraud verification, and deferred multi-tracker money-path work; supersede legacy fraud issues with ADR-0018. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
93
.scratch/alpha-hardening/README.md
Normal file
93
.scratch/alpha-hardening/README.md
Normal file
@@ -0,0 +1,93 @@
|
||||
# Alpha hardening — planning index
|
||||
|
||||
Pre-release alpha audit + grilling (2026-07-04). **Research complete; planning complete; Bucket 1 blockers next.**
|
||||
|
||||
Locked scope: one settlement tracker, open node join, devnet mock-USDT, reputation carries forward → fraud must be bounded. See [ADR-0016](../../docs/adr/0016-alpha-scope-and-known-limitations.md).
|
||||
|
||||
## Artifacts
|
||||
|
||||
| Path | Status |
|
||||
|---|---|
|
||||
| [research-verifiable-inference.md](./research-verifiable-inference.md) | Complete — SOTA research, §8 layered scheme, TOPLOC adopt |
|
||||
| [handoff.md](./handoff.md) | Session handoff — locked decisions, env notes |
|
||||
| [docs/adr/0016–0019](../../docs/adr/) | Alpha scope, auth, fraud, multi-tracker design |
|
||||
| [issues/](./issues/) | 22 work items (Buckets 1–3) |
|
||||
|
||||
## ADRs (this feature)
|
||||
|
||||
| ADR | Title |
|
||||
|---|---|
|
||||
| [0016](../../docs/adr/0016-alpha-scope-and-known-limitations.md) | Alpha scope & known limitations |
|
||||
| [0017](../../docs/adr/0017-tracker-authentication-and-authorization.md) | Tracker authentication & authorization |
|
||||
| [0018](../../docs/adr/0018-fraud-detection-verification-and-reputation.md) | Fraud detection, verification & reputation (flagship) |
|
||||
| [0019](../../docs/adr/0019-money-path-consistency-multi-tracker.md) | Money-path consistency — design accepted, impl deferred |
|
||||
| [0002](../../docs/adr/0002-dual-token-payment-model.md) | Amended — settlement superseded by 0015 |
|
||||
| [0010](../../docs/adr/0010-p2p-gossip-and-nat-relay.md) | Amended — TLS alpha reality (relay only) |
|
||||
|
||||
## Recommended implementation order
|
||||
|
||||
**Implement Bucket 1 first.** Fraud arc depends on **auth (01–02, 20)** and **persistence (05)**.
|
||||
|
||||
### Phase 1 — Trust boundary (alpha blockers)
|
||||
|
||||
| Order | Issue | ID | Depends on |
|
||||
|---|---|---|---|
|
||||
| 1 | [Unified auth + gossip auth](./issues/02-a2-unified-auth-boundary.md) + [C1 gossip](./issues/01-c1-gossip-auth.md) + [Validator service token](./issues/20-validator-service-token.md) | A2, C1, — | — |
|
||||
| 2 | [Persist strike/ban/reputation](./issues/05-a1-a5-persist-strike-ban-reputation.md) | A1/A5 | 02 |
|
||||
| 3 | [Starting credit 0 + spend cap](./issues/03-c5-starting-credit-zero.md) | C5, M1 | 02 |
|
||||
| 4 | [Tracker-authoritative accounting](./issues/04-h2-tracker-authoritative-accounting.md) | H2 | 02 |
|
||||
| 5 | [Wallet binding proof](./issues/11-c6-wallet-binding-proof.md) | C6 | 02, 03 |
|
||||
|
||||
### Phase 2 — Fraud arc (after Phase 1)
|
||||
|
||||
| Order | Issue | Depends on |
|
||||
|---|---|---|
|
||||
| 6 | [TOPLOC integration](./issues/06-fraud-toploc-integration.md) | 05 |
|
||||
| 7 | [Commitment + bisection blame](./issues/07-fraud-commitment-bisection-blame.md) | 06 |
|
||||
| 8 | [Reputation model](./issues/08-fraud-reputation-model-persistence.md) | 05, 07 |
|
||||
| 9 | [Routing + adaptive audit](./issues/09-fraud-reputation-routing-adaptive-audit.md) | 08 |
|
||||
| 10 | [Penalty calibration wiring](./issues/10-fraud-penalty-calibration-wiring.md) | 07, 08, 02 |
|
||||
|
||||
**Prod gate:** [21 honest-noise calibration corpus](./issues/21-honest-noise-calibration-corpus.md) must complete before enabling production TOPLOC audit thresholds (issues 09–10 in prod). Dev/staging TOPLOC wiring (06–08) may proceed in parallel.
|
||||
|
||||
### Phase 3 — Bucket 2 (post-alpha, design tracked)
|
||||
|
||||
| Issue | ADR |
|
||||
|---|---|
|
||||
| [12 C2 on-chain idempotency](./issues/12-c2-on-chain-idempotency.md) | 0019 §1 |
|
||||
| [13 C3/C4 consensus-gated settlement](./issues/13-c3-c4-consensus-gated-settlement.md) | 0019 §2 |
|
||||
| [14 A3 durable Raft term/vote](./issues/14-a3-raft-durable-term-vote.md) | 0019 §3 |
|
||||
| [15 H1 commutative forfeit](./issues/15-h1-commutative-forfeit.md) | 0019 §4 |
|
||||
|
||||
### Phase 4 — Doc hygiene (parallel anytime)
|
||||
|
||||
| Issue |
|
||||
|---|
|
||||
| [16 US-006 + fraud issue reconciliation](./issues/16-doc-us006-reconciliation.md) |
|
||||
| [17 Duplicate US-020 dedup](./issues/17-doc-duplicate-us020-dedup.md) |
|
||||
| [18 Operational runbooks](./issues/18-doc-operational-runbooks.md) |
|
||||
| [19 Cryptography + test env](./issues/19-doc-cryptography-test-env.md) |
|
||||
| [22 MEMORY + project-status index](./issues/22-doc-memory-project-status.md) |
|
||||
| [21 Honest-noise calibration corpus](./issues/21-honest-noise-calibration-corpus.md) (ops; prod gate for audits) |
|
||||
|
||||
## First 3 to implement
|
||||
|
||||
1. **01 + 02 + 20** — Gossip auth + unified auth boundary + validator service token (unblocks financial endpoints)
|
||||
2. **05** — Persist strike/ban/reputation (penalties must survive restart)
|
||||
3. **03** — Starting credit 0 + funded-account gate (closes free-credit faucet)
|
||||
|
||||
## Research anchor
|
||||
|
||||
Fraud design cites [.scratch/alpha-hardening/research-verifiable-inference.md](./research-verifiable-inference.md):
|
||||
|
||||
- **ADOPT** TOPLOC (§8–9, build-vs-adopt table)
|
||||
- **On-demand** commitments, not every request (§8 layer 1 footnote; ADR-0018 §3)
|
||||
- **5% audit budget** as target, not cap (§1.1, §6)
|
||||
- **19× deterrence** via full pending forfeiture (§1.1)
|
||||
- **Hop bisection** blame pattern (§1.2, §8 layer 3)
|
||||
- **Honest-noise corpus** before prod thresholds (§8 layer 3; issue 21)
|
||||
- **Roadmap-only:** zkML, TEE, Gensyn RepOps (§9)
|
||||
|
||||
## Comments
|
||||
|
||||
<!-- Append triage / implementation notes below -->
|
||||
Reference in New Issue
Block a user