Add alpha-hardening ADRs and issue plan from pre-release audit.

Lock alpha scope, tracker auth, TOPLOC fraud verification, and deferred multi-tracker money-path work; supersede legacy fraud issues with ADR-0018.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
D.Popov
2026-07-04 23:12:09 +03:00
parent 7caf12980a
commit 68e057209c
35 changed files with 1550 additions and 4 deletions

View File

@@ -0,0 +1,35 @@
Status: ready-for-agent
# 07 — FRAUD: On-demand commitment + hop bisection blame
## What to build
On audit selection, require nodes to supply TOPLOC-style fingerprints of **output boundary activations** per hop (on-demand, brief retention). On verify failure, referee identifies the **first divergent hop** — not always the last text node.
**Code refs:**
- `packages/validator/meshnet_validator/__init__.py``_slash_route`, `_final_text_node` bug (~102140) — blames `max(shard_end)` only
- `packages/tracker/meshnet_tracker/server.py` — route hop construction (~17741783) — cut-points for bisection
- Research: `.scratch/alpha-hardening/research-verifiable-inference.md` §1.2, §8 layer 3 (Verde **pattern**, not on-chain game)
## Test-first
1. Red: two-hop route, corrupt hop-0 activations — `_final_text_node` blames hop-1 — test must fail.
2. Green: bisection selects hop-0; forfeit targets hop-0 wallet.
3. On-demand: commitment requested only when audit flag set on proxied request.
## Acceptance criteria
- [ ] Audit requests carry tracker RNG/VRF flag indistinguishable from normal traffic (research §6)
- [ ] Nodes retain recent boundary activations for on-demand commit window (configurable TTL)
- [ ] Validator/tracker compares fingerprints at each hop cut-point; first mismatch = culprit
- [ ] `_final_text_node` removed or limited to text-only fallback
- [ ] Integration test: multi-hop pipeline, fault injected at known hop
## ADR links
- [ADR-0018](../../docs/adr/0018-fraud-detection-verification-and-reputation.md) §34
## Blocked by
- `06-fraud-toploc-integration.md`