PlatformNetwork
diff --git a/‎Cargo.lock‎
Lines changed: 750 additions & 82 deletions b/‎Cargo.lock‎
Lines changed: 750 additions & 82 deletions
diff --git a/‎bins/csudo/src/main.rs‎
Lines changed: 249 additions & 67 deletions b/‎bins/csudo/src/main.rs‎
Lines changed: 249 additions & 67 deletions
diff --git a/‎bins/validator-node/src/main.rs‎
Lines changed: 27 additions & 29 deletions b/‎bins/validator-node/src/main.rs‎
Lines changed: 27 additions & 29 deletions
diff --git a/‎crates/challenge-orchestrator/src/docker.rs‎
Lines changed: 62 additions & 4 deletions b/‎crates/challenge-orchestrator/src/docker.rs‎
Lines changed: 62 additions & 4 deletions
diff --git a/‎crates/challenge-runtime/src/docker_runner.rs‎
Lines changed: 47 additions & 3 deletions b/‎crates/challenge-runtime/src/docker_runner.rs‎
Lines changed: 47 additions & 3 deletions
diff --git a/‎crates/consensus/src/pbft.rs‎
Lines changed: 75 additions & 3 deletions b/‎crates/consensus/src/pbft.rs‎
Lines changed: 75 additions & 3 deletions
diff --git a/‎crates/core/Cargo.toml‎
Lines changed: 4 additions & 1 deletion b/‎crates/core/Cargo.toml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎crates/core/src/constants.rs‎
Lines changed: 4 additions & 3 deletions b/‎crates/core/src/constants.rs‎
Lines changed: 4 additions & 3 deletions
@@ -143,44 +143,42 @@ async fn main() -> Result<()> {
     let bittensor_seed = args.secret_key.clone();
 
     // Derive keypair using proper Substrate SR25519 derivation (same as Bittensor)
-    // This ensures the hotkey matches what Bittensor expects
-    let (keypair, identity_seed) = {
-        let secret = &args.secret_key;
+    // Derive sr25519 keypair - compatible with Bittensor/Substrate
+    // Hotkey will be the sr25519 public key that can be verified on Bittensor metagraph
+    let keypair = {
+        let secret = args.secret_key.trim();
 
         // Strip 0x prefix if present
         let hex_str = secret.strip_prefix("0x").unwrap_or(secret);
 
-        // Try hex decode first (32 bytes = raw seed)
-        if let Ok(bytes) = hex::decode(hex_str) {
-            if bytes.len() != 32 {
-                anyhow::bail!("Hex secret key must be 32 bytes");
+        // Try hex decode first (64 hex chars = 32 bytes seed)
+        if hex_str.len() == 64 {
+            if let Ok(bytes) = hex::decode(hex_str) {
+                if bytes.len() != 32 {
+                    anyhow::bail!("Hex seed must be 32 bytes");
+                }
+                let mut arr = [0u8; 32];
+                arr.copy_from_slice(&bytes);
+                info!("Loading sr25519 keypair from hex seed");
+                Keypair::from_seed(&arr)?
+            } else {
+                // Not valid hex, try as mnemonic
+                info!("Loading sr25519 keypair from mnemonic");
+                Keypair::from_mnemonic(secret)?
             }
-            let mut arr = [0u8; 32];
-            arr.copy_from_slice(&bytes);
-            let kp = Keypair::from_bytes(&arr)?;
-            (kp, arr)
         } else {
-            // Mnemonic phrase - use proper Substrate SR25519 derivation
-            use sp_core::crypto::Pair as CryptoPair;
-            use sp_core::sr25519;
-
-            // Derive SR25519 keypair using same method as bittensor-rs
-            let sr25519_pair = sr25519::Pair::from_string(secret, None)
-                .map_err(|e| anyhow::anyhow!("Invalid mnemonic: {:?}", e))?;
-
-            // Get the public key bytes (32 bytes) - this is the hotkey
-            let pubkey_bytes: [u8; 32] = sr25519_pair.public().0;
-
-            // Use public key bytes as seed for internal Ed25519 keypair
-            // This ensures peer ID is derived from the hotkey
-            let kp = Keypair::from_bytes(&pubkey_bytes)?;
-
-            info!("Derived keypair from Substrate mnemonic (SR25519)");
-            (kp, pubkey_bytes)
+            // Assume it's a mnemonic phrase
+            info!("Loading sr25519 keypair from mnemonic");
+            Keypair::from_mnemonic(secret)?
         }
     };
 
-    info!("Internal keypair derived (P2P signing)");
+    // Log the derived hotkey for verification against Bittensor metagraph
+    info!("Validator hotkey (hex): {}", keypair.hotkey().to_hex());
+    info!("Validator SS58 address: {}", keypair.ss58_address());
+
+    // The identity seed for P2P is derived from the keypair seed
+    let identity_seed = keypair.seed();
 
     // Canonicalize data directory to ensure absolute paths for Docker
     let data_dir = if args.data_dir.exists() {
 
@@ -1,4 +1,7 @@
 //! Docker client wrapper for container management
+//!
+//! SECURITY: Only images from whitelisted registries (ghcr.io/platformnetwork/)
+//! are allowed to be pulled or run. This prevents malicious container attacks.
 
 use crate::{ChallengeContainerConfig, ChallengeInstance, ContainerStatus};
 use bollard::container::{
@@ -9,8 +12,9 @@ use bollard::image::CreateImageOptions;
 use bollard::models::{DeviceRequest, HostConfig, PortBinding};
 use bollard::Docker;
 use futures::StreamExt;
+use platform_core::ALLOWED_DOCKER_PREFIXES;
 use std::collections::HashMap;
-use tracing::{debug, info, warn};
+use tracing::{debug, error, info, warn};
 
 /// Docker client for managing challenge containers
 pub struct DockerClient {
@@ -71,9 +75,31 @@ impl DockerClient {
         Ok(())
     }
 
-    /// Pull a Docker image
+    /// Check if a Docker image is from an allowed registry
+    /// SECURITY: This prevents pulling/running malicious containers
+    fn is_image_allowed(image: &str) -> bool {
+        let image_lower = image.to_lowercase();
+        ALLOWED_DOCKER_PREFIXES
+            .iter()
+            .any(|prefix| image_lower.starts_with(&prefix.to_lowercase()))
+    }
+
+    /// Pull a Docker image (only from whitelisted registries)
     pub async fn pull_image(&self, image: &str) -> anyhow::Result<()> {
-        info!(image = %image, "Pulling Docker image");
+        // SECURITY: Verify image is from allowed registry before pulling
+        if !Self::is_image_allowed(image) {
+            error!(
+                image = %image,
+                "SECURITY: Attempted to pull image from non-whitelisted registry!"
+            );
+            anyhow::bail!(
+                "Docker image '{}' is not from an allowed registry. \
+                 Only images from ghcr.io/platformnetwork/ are permitted.",
+                image
+            );
+        }
+
+        info!(image = %image, "Pulling Docker image (whitelisted)");
 
         let options = CreateImageOptions {
             from_image: image,
@@ -99,11 +125,43 @@ impl DockerClient {
         Ok(())
     }
 
-    /// Start a challenge container
+    /// Start a challenge container (only from whitelisted registries)
     pub async fn start_challenge(
         &self,
         config: &ChallengeContainerConfig,
     ) -> anyhow::Result<ChallengeInstance> {
+        // SECURITY: Verify image is from allowed registry before starting
+        if !Self::is_image_allowed(&config.docker_image) {
+            error!(
+                image = %config.docker_image,
+                challenge = %config.name,
+                "SECURITY: Attempted to start container from non-whitelisted registry!"
+            );
+            anyhow::bail!(
+                "Docker image '{}' is not from an allowed registry. \
+                 Only images from ghcr.io/platformnetwork/ are permitted. \
+                 Challenge '{}' rejected.",
+                config.docker_image,
+                config.name
+            );
+        }
+
+        // Also run full config validation
+        if let Err(reason) = config.validate() {
+            error!(
+                challenge = %config.name,
+                reason = %reason,
+                "Challenge config validation failed"
+            );
+            anyhow::bail!("Challenge config validation failed: {}", reason);
+        }
+
+        info!(
+            image = %config.docker_image,
+            challenge = %config.name,
+            "Starting challenge container (whitelisted)"
+        );
+
         // Ensure network exists
         self.ensure_network().await?;
 
 
@@ -5,6 +5,8 @@
 //! - Resource limits (CPU, memory, time)
 //! - LLM API proxy injection
 //! - Output capture
+//!
+//! SECURITY: Only whitelisted base images are allowed for agent execution.
 
 use crate::host_functions::{
     ExecuteAgentRequest, ExecuteAgentResult, LLMCallRecord, TestResult, VerifyTaskRequest,
@@ -22,10 +24,24 @@ use tokio::sync::RwLock;
 use tracing::{debug, error, info, warn};
 use uuid::Uuid;
 
+/// Allowed base images for agent execution
+/// SECURITY: Only these images are allowed to run agents
+pub const ALLOWED_BASE_IMAGES: &[&str] = &[
+    "python:3.11-slim",
+    "python:3.12-slim",
+    "python:3.11",
+    "python:3.12",
+    "node:20-slim",
+    "node:22-slim",
+    "rust:1.75-slim",
+    "rust:1.76-slim",
+    "ghcr.io/platformnetwork/agent-runner:", // Custom runner images
+];
+
 /// Docker runner configuration
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct DockerRunnerConfig {
-    /// Base image for agent execution
+    /// Base image for agent execution (must be whitelisted)
     pub base_image: String,
     /// Docker socket path
     pub docker_socket: String,
@@ -87,11 +103,39 @@ struct RunningContainer {
 }
 
 impl DockerRunner {
-    pub fn new(config: DockerRunnerConfig) -> Self {
-        Self {
+    /// Check if a base image is allowed
+    /// SECURITY: Prevents running agents with unauthorized images
+    fn is_base_image_allowed(image: &str) -> bool {
+        let image_lower = image.to_lowercase();
+        ALLOWED_BASE_IMAGES.iter().any(|allowed| {
+            let allowed_lower = allowed.to_lowercase();
+            // Exact match or prefix match (for versioned images like ghcr.io/platformnetwork/agent-runner:v1)
+            image_lower == allowed_lower || image_lower.starts_with(&allowed_lower)
+        })
+    }
+
+    pub fn new(config: DockerRunnerConfig) -> Result<Self, String> {
+        // SECURITY: Validate base image on creation
+        if !Self::is_base_image_allowed(&config.base_image) {
+            return Err(format!(
+                "Base image '{}' is not whitelisted. Allowed images: {:?}",
+                config.base_image, ALLOWED_BASE_IMAGES
+            ));
+        }
+
+        Ok(Self {
             config,
             running_containers: Arc::new(RwLock::new(HashMap::new())),
             llm_records: Arc::new(RwLock::new(Vec::new())),
+        })
+    }
+
+    /// Create with default config (always uses whitelisted image)
+    pub fn with_defaults() -> Self {
+        Self {
+            config: DockerRunnerConfig::default(),
+            running_containers: Arc::new(RwLock::new(HashMap::new())),
+            llm_records: Arc::new(RwLock::new(Vec::new())),
         }
     }
 
 
@@ -301,6 +301,51 @@ impl PBFTEngine {
                 *state = new_state;
                 warn!("Force state update applied");
             }
+            SudoAction::SetChallengeWeight {
+                challenge_id,
+                mechanism_id,
+                weight_ratio,
+            } => {
+                let allocation = platform_core::ChallengeWeightAllocation::new(
+                    challenge_id,
+                    mechanism_id,
+                    weight_ratio,
+                );
+                state.challenge_weights.insert(challenge_id, allocation);
+                info!(
+                    "Challenge weight set: {:?} on mechanism {} = {:.2}%",
+                    challenge_id,
+                    mechanism_id,
+                    weight_ratio * 100.0
+                );
+            }
+            SudoAction::SetMechanismBurnRate {
+                mechanism_id,
+                burn_rate,
+            } => {
+                let config = state
+                    .mechanism_configs
+                    .entry(mechanism_id)
+                    .or_insert_with(|| platform_core::MechanismWeightConfig::new(mechanism_id));
+                config.base_burn_rate = burn_rate.clamp(0.0, 1.0);
+                info!(
+                    "Mechanism {} burn rate set to {:.2}%",
+                    mechanism_id,
+                    burn_rate * 100.0
+                );
+            }
+            SudoAction::SetMechanismConfig {
+                mechanism_id,
+                config,
+            } => {
+                state.mechanism_configs.insert(mechanism_id, config.clone());
+                info!(
+                    "Mechanism {} config updated: burn={:.2}%, cap={:.2}%",
+                    mechanism_id,
+                    config.base_burn_rate * 100.0,
+                    config.max_weight_cap * 100.0
+                );
+            }
         }
 
         state.update_hash();
@@ -334,10 +379,37 @@ impl PBFTEngine {
     fn validate_sudo_action(&self, _state: &ChainState, action: &SudoAction) -> bool {
         match action {
             SudoAction::AddChallenge { config } => {
-                // Validate docker image is specified
-                !config.docker_image.is_empty() && !config.name.is_empty()
+                // Full validation including Docker image whitelist
+                match config.validate() {
+                    Ok(()) => {
+                        info!(
+                            "Challenge config validated: {} ({})",
+                            config.name, config.docker_image
+                        );
+                        true
+                    }
+                    Err(reason) => {
+                        warn!("Challenge config rejected: {}", reason);
+                        false
+                    }
+                }
+            }
+            SudoAction::UpdateChallenge { config } => {
+                // Validate updated config including Docker image whitelist
+                match config.validate() {
+                    Ok(()) => {
+                        info!(
+                            "Challenge update validated: {} ({})",
+                            config.name, config.docker_image
+                        );
+                        true
+                    }
+                    Err(reason) => {
+                        warn!("Challenge update rejected: {}", reason);
+                        false
+                    }
+                }
             }
-            SudoAction::UpdateChallenge { config } => !config.docker_image.is_empty(),
             _ => true,
         }
     }
 
@@ -7,7 +7,6 @@ edition.workspace = true
 serde = { workspace = true }
 serde_json = { workspace = true }
 bincode = { workspace = true }
-ed25519-dalek = { workspace = true }
 sha2 = { workspace = true }
 rand = { workspace = true }
 hex = { workspace = true }
@@ -17,3 +16,7 @@ thiserror = { workspace = true }
 anyhow = { workspace = true }
 tracing = { workspace = true }
 bs58 = "0.5"
+
+# Sr25519 crypto (Substrate standard)
+sp-core = { version = "31.0", default-features = false, features = ["std"] }
+schnorrkel = "0.11"
@@ -42,17 +42,18 @@ pub fn protocol_version() -> (u32, u32, u32) {
 }
 
 // ============================================================================
-// SUDO KEY
+// SUDO KEY (sr25519 - Substrate/Bittensor compatible)
 // ============================================================================
 
-/// Production Sudo Key (Coldkey: 5GziQCcRpN8NCJktX343brnfuVe3w6gUYieeStXPD1Dag2At)
+/// Production Sudo Key (sr25519 public key)
+/// SS58 Address: 5GziQCcRpN8NCJktX343brnfuVe3w6gUYieeStXPD1Dag2At
 /// All requests signed by this key are treated as root and can update the network.
 pub const SUDO_KEY_BYTES: [u8; 32] = [
     0xda, 0x22, 0x04, 0x09, 0x67, 0x8d, 0xf5, 0xf0, 0x60, 0x74, 0xa6, 0x71, 0xab, 0xdc, 0x1f, 0x19,
     0xbc, 0x2b, 0xa1, 0x51, 0x72, 0x9f, 0xdb, 0x9a, 0x8e, 0x4b, 0xe2, 0x84, 0xe6, 0x0c, 0x94, 0x01,
 ];
 
-/// Production Sudo Key as hex string
+/// Production Sudo Key as hex string (sr25519)
 pub const SUDO_KEY_HEX: &str = "da220409678df5f06074a671abdc1f19bc2ba151729fdb9a8e4be284e60c9401";
 
 /// Production Sudo Key SS58 address