Lock alpha scope, tracker auth, TOPLOC fraud verification, and deferred multi-tracker money-path work; supersede legacy fraud issues with ADR-0018. Co-authored-by: Cursor <cursoragent@cursor.com>
1.8 KiB
1.8 KiB
Status: ready-for-agent
04 — H2: Tracker-authoritative token and work-unit accounting
What to build
Stop trusting node-reported usage for billing. The tracker already proxies responses — count tokens from the proxied stream/body and compute work units from the route it constructed, not node declarations.
Code refs:
packages/tracker/meshnet_tracker/server.py—node_workfrom route construction (~1776–1782, ~1781–1782)packages/tracker/meshnet_tracker/server.py— streaming token/chunk billing (~1890–1921)packages/tracker/meshnet_tracker/server.py— non-streaming_usage_total_tokens(~1938–1943)packages/tracker/meshnet_tracker/billing.py—charge_requestnode_work split (~104–151)
Accounting fraud = inflating tokens or shard span. Per ADR-0018 §5.
Test-first
- Red: mock upstream returns inflated
usage.total_tokensin body but tracker bills that value — test expects tracker-measured count. - Red: node registers false
shard_end; billing uses tracker route span, not registration field alone. - Green: authoritative counters; ignore node-reported work units on charge path.
Acceptance criteria
- Token count for billing derived from tracker-parsed proxy response — prefer tracker-measured stream chunk count; when upstream
usage.total_tokensis present, use the minimum of tracker count and node-reported value (cap inflated node usage) - Work units = tracker-computed layer span per hop at route build time (~1781–1782)
- Nodes cannot increase payout by lying about shard range mid-request
- Integration test: malicious node metadata does not inflate
charge_requestshares
ADR links
- ADR-0018 §5
Blocked by
02-a2-unified-auth-boundary.md