feat: add subnet_getWeights RPC and HTTP weight fallback for peerless validators

echobt · echobt · commit 5864c70b882a · 2026-02-24T07:10:05.000Z
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/bins/validator-node/Cargo.toml b/bins/validator-node/Cargo.toml
@@ -52,6 +52,9 @@ bincode = { workspace = true }
 sha2 = { workspace = true }
 rand = { workspace = true }
 
+# HTTP client (for weight fallback)
+reqwest = { version = "0.12", features = ["json", "rustls-tls"], default-features = false }
+
 # Error tracking
 sentry = { version = "0.46", features = ["tracing"] }
 sentry-tracing = "0.46"
diff --git a/bins/validator-node/src/main.rs b/bins/validator-node/src/main.rs
@@ -3726,6 +3726,43 @@ async fn handle_block_event(
                     }
                 };
 
+                // Fallback: if all weights are burn-only, try fetching from
+                // the primary validator's RPC (chain.platform.network).
+                let all_burn_only = weights_to_submit
+                    .iter()
+                    .all(|(_, uids, _)| uids.len() == 1 && uids[0] == 0);
+                let weights_to_submit = if all_burn_only {
+                    info!("All local weights are burn-only, attempting HTTP fallback from chain.platform.network");
+                    match fetch_remote_weights().await {
+                        Ok(remote) if !remote.is_empty() => {
+                            info!(
+                                "Fetched {} mechanism weight entries from remote",
+                                remote.len()
+                            );
+                            remote
+                        }
+                        Ok(_) => {
+                            warn!("Remote returned empty weights, using local burn-only");
+                            weights_to_submit
+                        }
+                        Err(e) => {
+                            warn!(
+                                "Failed to fetch remote weights: {}, using local burn-only",
+                                e
+                            );
+                            weights_to_submit
+                        }
+                    }
+                } else {
+                    weights_to_submit
+                };
+
+                // Store computed weights in chain state for the subnet_getWeights RPC
+                {
+                    let mut cs = chain_state.write();
+                    cs.last_computed_weights = weights_to_submit.clone();
+                }
+
                 for (mechanism_id, uids, weights) in weights_to_submit {
                     info!(
                         "Submitting weights for mechanism {} ({} UIDs)",
@@ -4006,4 +4043,62 @@ async fn process_wasm_evaluations(
         }
     }
 }
+/// Fetch pre-computed weights from the primary validator's RPC endpoint.
+/// Returns Vec<(mechanism_id, uids, weights)> ready for submission.
+async fn fetch_remote_weights() -> anyhow::Result<Vec<(u8, Vec<u16>, Vec<u16>)>> {
+    let url = "https://chain.platform.network/rpc";
+    let body = serde_json::json!({
+        "jsonrpc": "2.0",
+        "method": "subnet_getWeights",
+        "params": {},
+        "id": 1
+    });
+
+    let client = reqwest::Client::builder()
+        .timeout(std::time::Duration::from_secs(10))
+        .build()?;
+
+    let resp = client
+        .post(url)
+        .header("Content-Type", "application/json")
+        .json(&body)
+        .send()
+        .await?
+        .json::<serde_json::Value>()
+        .await?;
+
+    let weights_arr = resp
+        .get("result")
+        .and_then(|r| r.get("weights"))
+        .and_then(|w| w.as_array())
+        .ok_or_else(|| anyhow::anyhow!("Invalid response: missing result.weights"))?;
+
+    let mut result = Vec::new();
+    for entry in weights_arr {
+        let mechanism_id = entry
+            .get("mechanismId")
+            .and_then(|v| v.as_u64())
+            .unwrap_or(0) as u8;
+        let entries = entry
+            .get("entries")
+            .and_then(|v| v.as_array())
+            .ok_or_else(|| anyhow::anyhow!("Missing entries in weight entry"))?;
+
+        let mut uids = Vec::new();
+        let mut vals = Vec::new();
+        for e in entries {
+            let uid = e.get("uid").and_then(|v| v.as_u64()).unwrap_or(0) as u16;
+            let weight = e.get("weight").and_then(|v| v.as_u64()).unwrap_or(0) as u16;
+            uids.push(uid);
+            vals.push(weight);
+        }
+
+        if !uids.is_empty() {
+            result.push((mechanism_id, uids, vals));
+        }
+    }
+
+    Ok(result)
+}
+
 // Build trigger: 1771754356
diff --git a/crates/core/src/state.rs b/crates/core/src/state.rs
@@ -210,6 +210,11 @@ pub struct ChainState {
     /// Validators that have announced LLM inference capability (Chutes API key)
     #[serde(default, with = "hotkey_set_serde")]
     pub llm_capable_validators: std::collections::HashSet<Hotkey>,
+
+    /// Last computed subnet weights (mechanism_id -> (uids, u16 weights))
+    /// Updated at each commit window, served via `subnet_getWeights` RPC.
+    #[serde(skip)]
+    pub last_computed_weights: Vec<(u8, Vec<u16>, Vec<u16>)>,
 }
 
 /// Route information for a challenge
@@ -247,6 +252,7 @@ impl Default for ChainState {
             pause_reason: None,
             mutation_sequence: 0,
             llm_capable_validators: std::collections::HashSet::new(),
+            last_computed_weights: Vec::new(),
         }
     }
 }
@@ -274,6 +280,7 @@ impl ChainState {
             pause_reason: None,
             mutation_sequence: 0,
             llm_capable_validators: std::collections::HashSet::new(),
+            last_computed_weights: Vec::new(),
         };
         state.update_hash();
         state
diff --git a/crates/core/src/state_versioning.rs b/crates/core/src/state_versioning.rs
@@ -163,6 +163,7 @@ impl ChainStateV1 {
             pause_reason: None,
             mutation_sequence: 0,
             llm_capable_validators: HashSet::new(),
+            last_computed_weights: Vec::new(),
         }
     }
 }
@@ -218,6 +219,7 @@ impl ChainStateV2 {
             pause_reason: None,
             mutation_sequence: 0,
             llm_capable_validators: HashSet::new(),
+            last_computed_weights: Vec::new(),
         }
     }
 }
diff --git a/crates/rpc-server/src/auth.rs b/crates/rpc-server/src/auth.rs
@@ -197,59 +197,74 @@ fn canonicalize_json_value(value: &serde_json::Value) -> String {
     }
 }
 
-/// Parse and verify a Bearer session token.
+/// Verify a session token from the Authorization header.
 ///
-/// Token format: `{hotkey_hex}:{expiry_ms}:{nonce}:{signature_hex}`
-/// Signed message: `session:{hotkey_ss58}:{expiry_ms}:{nonce}`
+/// Token format: `{session_pubkey_hex}:{timestamp}:{nonce}:{signature_hex}`
 ///
-/// Returns the hotkey hex string if the token is valid.
-/// Does NOT check revocation (that requires a WASM call to the auth challenge).
-pub fn verify_bearer_token(token: &str) -> Result<BearerTokenInfo, AuthError> {
+/// The signature is over:
+///   `{method}:{path}:{body_hash}:{timestamp}:{nonce}`
+///
+/// The session_pubkey is an ephemeral sr25519 public key registered via
+/// the auth challenge `/login`. The RPC verifies the signature, then calls
+/// the auth WASM challenge `/verify` to resolve the hotkey and check revocation.
+///
+/// Validators cannot forge requests because they don't have the ephemeral
+/// private key. Each request has a unique signature (timestamp + nonce).
+pub fn verify_session_token(
+    token: &str,
+    method: &str,
+    path: &str,
+    body: &[u8],
+) -> Result<SessionTokenInfo, AuthError> {
     let parts: Vec<&str> = token.splitn(4, ':').collect();
     if parts.len() != 4 {
         return Err(AuthError::InvalidSignature);
     }
 
-    let hotkey_hex = parts[0];
-    let expiry_str = parts[1];
+    let session_pubkey_hex = parts[0];
+    let timestamp_str = parts[1];
     let nonce = parts[2];
     let signature_hex = parts[3];
 
-    // Parse hotkey
-    let hotkey = Hotkey::from_hex(hotkey_hex).ok_or(AuthError::InvalidHotkey)?;
-
-    // Parse expiry
-    let expiry: i64 = expiry_str.parse().map_err(|_| AuthError::InvalidNonce)?;
+    // Validate session pubkey format (64 hex chars = 32 bytes)
+    if session_pubkey_hex.len() != 64 {
+        return Err(AuthError::InvalidHotkey);
+    }
 
-    // Check expiry
-    let now_ms = chrono::Utc::now().timestamp_millis();
-    if now_ms > expiry {
+    // Parse timestamp and check freshness (5 min window)
+    let timestamp: i64 = timestamp_str.parse().map_err(|_| AuthError::InvalidNonce)?;
+    if !verify_timestamp(timestamp) {
         return Err(AuthError::MessageExpired);
     }
 
-    // Verify signature
-    let hotkey_ss58 = hotkey.to_ss58();
-    let message = format!("session:{}:{}:{}", hotkey_ss58, expiry, nonce);
+    // Build the signed message and verify
+    let body_hash = {
+        let canonical = if let Ok(val) = serde_json::from_slice::<serde_json::Value>(body) {
+            canonicalize_json_value(&val).into_bytes()
+        } else {
+            body.to_vec()
+        };
+        hex::encode(Sha256::digest(&canonical))
+    };
+
+    let message = format!("{}:{}:{}:{}:{}", method, path, body_hash, timestamp, nonce);
 
-    match verify_validator_signature(hotkey_hex, &message, signature_hex)? {
-        true => Ok(BearerTokenInfo {
-            hotkey_hex: hotkey_hex.to_string(),
-            expiry,
-            nonce: nonce.to_string(),
+    match verify_validator_signature(session_pubkey_hex, &message, signature_hex)? {
+        true => Ok(SessionTokenInfo {
+            session_pubkey_hex: session_pubkey_hex.to_string(),
         }),
         false => Err(AuthError::VerificationFailed),
     }
 }
 
-/// Parsed and verified bearer token info.
-pub struct BearerTokenInfo {
-    pub hotkey_hex: String,
-    pub expiry: i64,
-    pub nonce: String,
+/// Parsed and verified session token info.
+pub struct SessionTokenInfo {
+    pub session_pubkey_hex: String,
 }
 
-/// Extract Bearer token from Authorization header.
-pub fn extract_bearer_token(headers: &HashMap<String, String>) -> Option<String> {
+/// Extract session token from Authorization header.
+/// Supports: `Authorization: Session {token}`
+pub fn extract_session_token(headers: &HashMap<String, String>) -> Option<String> {
     let headers_lower: HashMap<String, String> = headers
         .iter()
         .map(|(k, v)| (k.to_lowercase(), v.clone()))
@@ -258,8 +273,8 @@ pub fn extract_bearer_token(headers: &HashMap<String, String>) -> Option<String>
     headers_lower
         .get("authorization")
         .and_then(|v| {
-            v.strip_prefix("Bearer ")
-                .or_else(|| v.strip_prefix("bearer "))
+            v.strip_prefix("Session ")
+                .or_else(|| v.strip_prefix("session "))
         })
         .map(|t| t.trim().to_string())
 }
diff --git a/crates/rpc-server/src/jsonrpc.rs b/crates/rpc-server/src/jsonrpc.rs
@@ -319,6 +319,9 @@ impl RpcHandler {
             ["epoch", "current"] => self.epoch_current(req.id),
             ["epoch", "getPhase"] => self.epoch_get_phase(req.id),
 
+            // Subnet namespace
+            ["subnet", "getWeights"] => self.subnet_get_weights(req.id),
+
             // Leaderboard namespace
             ["leaderboard", "get"] => self.leaderboard_get(req.id, req.params),
 
@@ -376,6 +379,8 @@ impl RpcHandler {
                     "job_list", "job_get",
                     // Epoch
                     "epoch_current", "epoch_getPhase",
+                    // Subnet
+                    "subnet_getWeights",
                     // Leaderboard
                     "leaderboard_get",
                     // Evaluation
@@ -1451,6 +1456,43 @@ impl RpcHandler {
         JsonRpcResponse::result(id, json!(phase))
     }
 
+    // ==================== Subnet Namespace ====================
+
+    fn subnet_get_weights(&self, id: Value) -> JsonRpcResponse {
+        let chain = self.chain_state.read();
+        let weights = &chain.last_computed_weights;
+
+        if weights.is_empty() {
+            return JsonRpcResponse::result(
+                id,
+                json!({
+                    "weights": [],
+                    "message": "No weights computed yet. Weights are calculated at each commit window."
+                }),
+            );
+        }
+
+        let entries: Vec<Value> = weights
+            .iter()
+            .map(|(mechanism_id, uids, vals)| {
+                let pairs: Vec<Value> = uids
+                    .iter()
+                    .zip(vals.iter())
+                    .map(|(uid, val)| json!({"uid": uid, "weight": val}))
+                    .collect();
+                let total: u64 = vals.iter().map(|v| *v as u64).sum();
+                json!({
+                    "mechanismId": mechanism_id,
+                    "entries": pairs,
+                    "totalWeight": total,
+                    "count": uids.len(),
+                })
+            })
+            .collect();
+
+        JsonRpcResponse::result(id, json!({ "weights": entries }))
+    }
+
     // ==================== Leaderboard Namespace ====================
 
     fn leaderboard_get(&self, id: Value, params: Value) -> JsonRpcResponse {
diff --git a/crates/rpc-server/src/server.rs b/crates/rpc-server/src/server.rs
diff --git a/docker-compose.yml b/docker-compose.yml

Original file line number	Diff line number	Diff line change
`@@ -163,6 +163,7 @@ impl ChainStateV1 {`
`163`	`163`	`pause_reason: None,`
`164`	`164`	`mutation_sequence: 0,`
`165`	`165`	`llm_capable_validators: HashSet::new(),`
	`166`	`+ last_computed_weights: Vec::new(),`
`166`	`167`	`}`
`167`	`168`	`}`
`168`	`169`	`}`
`@@ -218,6 +219,7 @@ impl ChainStateV2 {`
`218`	`219`	`pause_reason: None,`
`219`	`220`	`mutation_sequence: 0,`
`220`	`221`	`llm_capable_validators: HashSet::new(),`
	`222`	`+ last_computed_weights: Vec::new(),`
`221`	`223`	`}`
`222`	`224`	`}`
`223`	`225`	`}`