Make privilege first-class across intents, CLI, and docs; add root emission intent#2910
Make privilege first-class across intents, CLI, and docs; add root emission intent#2910unarbos wants to merge 2 commits into
Conversation
Co-authored-by: Cursor <cursoragent@cursor.com>
…ission intent. Every intent now declares its chain origin (signed / subnet_owner / root) and a paired verify read, surfaced in the tool catalog, btcli tx help and pre-sign flow, and the generated docs. First root intent: set_subnet_emission_enabled (multi-netuid batch_all under Sudo.sudo) with a subnet_emission_enabled read and hyperparams entry, plus an active-vs-emission-enabled decision tree in the subnets guide. Co-authored-by: Cursor <cursoragent@cursor.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🛡️ AI Review — Skeptic (security review)VERDICT: SAFE MEDIUM scrutiny: ~4-month-old account, mitigated by repository write access and substantial merged contribution history; no Gittensor association found. Branch targets main. Static review found the new root intent correctly composes the administrative calls into an atomic batch and wraps that batch in FindingsNo findings. ConclusionNo malicious behavior or security vulnerability was found in the PR. 🔍 AI Review — Auditor (domain review)VERDICT: 👍 UNKNOWN gittensor association; newer GitHub account but substantial contribution history and repository write access. No meaningful duplicate overlap found. The root intent is correctly wrapped through Findings
ConclusionThe implementation is ready after correcting the misleading generated label for ordinary signed origins. No blocking domain, runtime, migration, or spec-version issue was found. |
|
|
||
| # `Intent.origin` classvar -> the human phrasing the docs show for it. | ||
| ORIGIN_LABELS = { | ||
| "signed": "any signed key", |
There was a problem hiding this comment.
[MEDIUM] Do not imply every signed intent accepts any key
origin == "signed" describes the dispatch-origin class, not authorization by an arbitrary funded account. Many such intents still require a particular owner, creator, contributor, hotkey, or proxy. Rendering this as “any signed key” gives users and agents incorrect privilege guidance; label it simply as a signed origin. The matching comment in intents/base.py should also be aligned.
| "signed": "any signed key", | |
| "signed": "signed", |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
Summary
origin(signed/subnet_owner/root) and an optional pairedverifyread, surfaced throughlist_tools()into the agent catalog (catalog/intents.json), the generatedbtcli txhelp (own "Root (chain sudo)" panel, generated "Requires:" / "Verify afterwards:" footers), the pre-sign confirmation flow, and the generated docs (Origin column + Verify section per tx page).set_subnet_emission_enabled— takes--netuids 89,127, batches atomically viaUtility.batch_all, wraps itself inSudo.sudo, and replaces the raw-only escape hatch forAdminUtils.sudo_set_subnet_emission_enabled. Paired with a newsubnet_emission_enabledread and a hyperparams-table entry so the flag shows next tosubnet_is_active.origin="root"intent must declare averifyread, and every declaredverifymust name a registered read — a privileged write can no longer ship without a way to check it.origin="subnet_owner"(verified against the runtime):set_hyperparameter,start_call,trim_subnet,set_mechanism_count,set_subnet_identity,update_symbol.hyperparameters/subnet-emission-enabledexplainer and an "active vs emission-enabled" decision tree in the subnets guide, plus regenerated reference pages/catalogs.Test plan
codegen.check --coverage / --names / --units / --namespacesall green (includes the new verify-integrity gate)pytest: 952 passed, 1 skippedruff check/ruff format --check/ty checkcleangenerate.py --check: generated docs up to datebtcli tx set-subnet-emission-enabled --helprenders privilege + verify footers; catalog JSON carriesorigin/verifyMade with Cursor