PlatformNetwork
diff --git a/‎.cargo/config.toml‎
Lines changed: 0 additions & 2 deletions b/‎.cargo/config.toml‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎.sisyphus/plans/subtensor-connection-retry.md‎
Lines changed: 14 additions & 14 deletions b/‎.sisyphus/plans/subtensor-connection-retry.md‎
Lines changed: 14 additions & 14 deletions
diff --git a/‎AGENTS.md‎
Lines changed: 78 additions & 0 deletions b/‎AGENTS.md‎
Lines changed: 78 additions & 0 deletions
@@ -36,5 +36,3 @@ PLATFORM_LINKER_RUSTFLAGS = { value = "${PLATFORM_LINKER_RUSTFLAGS}", force = fa
 PLATFORM_LINKER_RUSTFLAGS_DARWIN = { value = "${PLATFORM_LINKER_RUSTFLAGS_DARWIN}", force = false }
 RUSTFLAGS = { value = "${RUSTFLAGS} ${PLATFORM_NIGHTLY_RUSTFLAGS} ${PLATFORM_FAST_LINKER_RUSTFLAGS} ${PLATFORM_LINKER_RUSTFLAGS}", force = true }
 
-[target.'cfg(target_os = "macos")'.env]
-RUSTFLAGS = { value = "${RUSTFLAGS} ${PLATFORM_NIGHTLY_RUSTFLAGS} ${PLATFORM_FAST_LINKER_RUSTFLAGS_DARWIN} ${PLATFORM_LINKER_RUSTFLAGS_DARWIN}", force = true }
@@ -119,7 +119,7 @@ Wave FINAL (After ALL tasks - verification):
 
 ## TODOs
 
-- [ ] 1. Add retry configuration to SubtensorClient
+- [x] 1. Add retry configuration to SubtensorClient
 
   **What to do**:
   - Add `RetryConfig` struct to client.rs with `max_retries` and `retry_delay_ms`
@@ -161,7 +161,7 @@ Wave FINAL (After ALL tasks - verification):
     Evidence: .sisyphus/evidence/task-01-check.log
   ```
 
-- [ ] 2. Add with_retry() method for generic operations
+- [x] 2. Add with_retry() method for generic operations
 
   **What to do**:
   - Add async `with_retry<F, T>(&mut self, operation: F) -> Result<T>` method
@@ -228,7 +228,7 @@ Wave FINAL (After ALL tasks - verification):
     Evidence: .sisyphus/evidence/task-02-check.log
   ```
 
-- [ ] 3. Wrap WeightSubmitter methods with retry
+- [x] 3. Wrap WeightSubmitter methods with retry
 
   **What to do**:
   - Refactor `submit_direct()` to use retry
@@ -286,7 +286,7 @@ Wave FINAL (After ALL tasks - verification):
     Evidence: .sisyphus/evidence/task-03-build.log
   ```
 
-- [ ] 4. Wrap MechanismWeightManager methods with retry
+- [x] 4. Wrap MechanismWeightManager methods with retry
 
   **What to do**:
   - Refactor `submit_mechanism_direct()` to use retry
@@ -314,7 +314,7 @@ Wave FINAL (After ALL tasks - verification):
   - [ ] All mechanism weight methods use retry
   - [ ] `cargo test -p platform-bittensor --lib` passes
 
-- [ ] 5. Wrap ValidatorSync with retry
+- [x] 5. Wrap ValidatorSync with retry
 
   **What to do**:
   - Modify `sync()` method to use retry for `sync_metagraph()` call
@@ -341,13 +341,13 @@ Wave FINAL (After ALL tasks - verification):
 
 ## Final Verification Wave
 
-- [ ] F1. Add retry scenario tests
+- [x] F1. Add retry scenario tests
   Add unit tests that simulate connection failures and verify retry behavior.
 
-- [ ] F2. Run full test suite
+- [x] F2. Run full test suite
   Verify no regressions: `cargo test --workspace --all-features`
 
-- [ ] F3. Integration verification
+- [x] F3. Integration verification
   Manual verification that weight submission recovers from simulated disconnects.
 
 ---
@@ -368,9 +368,9 @@ cargo test --workspace --all-features   # Expected: all tests pass
 ```
 
 ### Final Checklist
-- [ ] RetryConfig added to SubtensorClient
-- [ ] with_retry() method implemented with exponential backoff
-- [ ] WeightSubmitter methods wrapped with retry
-- [ ] MechanismWeightManager methods wrapped with retry
-- [ ] ValidatorSync wrapped with retry
-- [ ] Tests for retry scenarios added
+- [x] RetryConfig added to SubtensorClient
+- [x] with_retry() method implemented with exponential backoff
+- [x] WeightSubmitter methods wrapped with retry
+- [x] MechanismWeightManager methods wrapped with retry
+- [x] ValidatorSync wrapped with retry
+- [x] Tests for retry scenarios added
@@ -202,3 +202,81 @@ Platform is fully decentralized—validators communicate directly via P2P withou
 See the main README for deployment instructions.
 
 For challenge-specific questions, refer to the appropriate challenge crate or repository.
+
+---
+
+## Security Patterns (CRITICAL)
+
+### sudo_key Protection
+
+**INVARIANT**: The `sudo_key` field in `ChainState` CANNOT be changed via:
+- Peer state synchronization (`merge_from()`)
+- ForceStateUpdate action
+- Direct state manipulation
+
+**Implementation** (`core/state.rs`):
+```rust
+// merge_from() preserves local sudo_key
+let local_sudo_key = self.sudo_key.clone();
+// ... merge other fields ...
+self.sudo_key = local_sudo_key;  // RESTORE
+
+// ForceStateUpdate also preserves sudo_key
+*self = state.clone();
+self.sudo_key = local_sudo_key;  // SECURITY
+```
+
+### Authorization Check Pattern
+
+All privileged operations require `is_sudo()` verification:
+```rust
+// consensus.rs lines 221, 363
+if change_type == StateChangeType::ConfigUpdate {
+    let is_sudo = self.state_manager.read(|s| s.is_sudo(&proposer));
+    if !is_sudo {
+        return Err(ConsensusError::InvalidProposal(...));
+    }
+}
+```
+
+### CRITICAL Warning Pattern
+
+"CRITICAL: must use chain state, not system time" appears in:
+- `vendor/bittensor-rs/src/crv4/mod.rs`
+- `vendor/bittensor-rs/src/subtensor.rs`
+- `crates/bittensor-integration/src/weights.rs`
+
+Prevents clock skew manipulation attacks.
+
+---
+
+## Test Patterns
+
+**Integration Tests** (`tests/`):
+- Separate workspace member (`platform-e2e-tests`)
+- Fixture helpers: `create_chain_state()`, `create_five_validators()`
+- `tempfile::tempdir()` for storage isolation
+- `MockChallenge` pattern for challenge testing
+
+**Unit Tests** (inline):
+- `#[cfg(test)] mod tests` at file end
+- `use super::*` for parent access
+- `#[tokio::test]` for async
+
+---
+
+## Commands Quick Reference
+
+```bash
+# Development
+cargo build --release           # Full build
+cargo test --workspace         # All unit tests
+cargo clippy --all-targets     # Lint check
+
+# Integration (requires Docker)
+cargo test -p platform-e2e-tests --test integration_test
+
+# Single crate
+cargo test -p platform-core
+cargo test -p platform-p2p-consensus
+```