Lock alpha scope, tracker auth, TOPLOC fraud verification, and deferred multi-tracker money-path work; supersede legacy fraud issues with ADR-0018. Co-authored-by: Cursor <cursoragent@cursor.com>
1.6 KiB
1.6 KiB
Status: ready-for-agent
07 — FRAUD: On-demand commitment + hop bisection blame
What to build
On audit selection, require nodes to supply TOPLOC-style fingerprints of output boundary activations per hop (on-demand, brief retention). On verify failure, referee identifies the first divergent hop — not always the last text node.
Code refs:
packages/validator/meshnet_validator/__init__.py—_slash_route,_final_text_nodebug (~102–140) — blamesmax(shard_end)onlypackages/tracker/meshnet_tracker/server.py— route hop construction (~1774–1783) — cut-points for bisection- Research:
.scratch/alpha-hardening/research-verifiable-inference.md§1.2, §8 layer 3 (Verde pattern, not on-chain game)
Test-first
- Red: two-hop route, corrupt hop-0 activations —
_final_text_nodeblames hop-1 — test must fail. - Green: bisection selects hop-0; forfeit targets hop-0 wallet.
- On-demand: commitment requested only when audit flag set on proxied request.
Acceptance criteria
- Audit requests carry tracker RNG/VRF flag indistinguishable from normal traffic (research §6)
- Nodes retain recent boundary activations for on-demand commit window (configurable TTL)
- Validator/tracker compares fingerprints at each hop cut-point; first mismatch = culprit
_final_text_noderemoved or limited to text-only fallback- Integration test: multi-hop pipeline, fault injected at known hop
ADR links
- ADR-0018 §3–4
Blocked by
06-fraud-toploc-integration.md