deprecate: redirect submissions API to term-challenge

echobt · echobt · commit d1870226131c · 2025-12-29T21:57:14.000Z
Phase 8 of migration complete:
- submit_agent now returns 410 GONE with redirect to term-challenge
- get_submission_source now returns 410 GONE with auth instructions
- list_submissions and get_submission still work for backward compat
- Removed signature verification code (now in term-challenge)
- Removed rate limiting code (now in term-challenge)
- Removed job creation code (now in term-challenge)

Users should update their CLI to point to term-challenge:
  POST /api/v1/submit (submissions)
  POST /api/v1/my/agents/:hash/source (owner source access)
  POST /api/v1/validator/claim_job (validator source access)
diff --git a/crates/platform-server/src/api/submissions.rs b/crates/platform-server/src/api/submissions.rs
@@ -1,4 +1,8 @@
-//! Submissions API handlers
+//! Submissions API handlers - DEPRECATED
+//!
+//! Submissions have been migrated to term-challenge.
+//! These endpoints now return deprecation notices directing users
+//! to use the term-challenge API instead.
 
 use crate::db::queries;
 use crate::models::*;
@@ -9,13 +13,11 @@ use axum::{
     Json,
 };
 use serde::Deserialize;
-use sha2::Digest;
-use sp_core::crypto::Ss58Codec;
 use std::sync::Arc;
 
-/// Validate that a string is a valid SS58 hotkey address
-fn is_valid_ss58_hotkey(hotkey: &str) -> bool {
-    sp_core::crypto::AccountId32::from_ss58check(hotkey).is_ok()
+/// Term-challenge URL for submissions (configured via TERM_CHALLENGE_URL env)
+fn get_term_challenge_url() -> String {
+    std::env::var("TERM_CHALLENGE_URL").unwrap_or_else(|_| "http://localhost:8081".to_string())
 }
 
 #[derive(Debug, Deserialize)]
@@ -24,10 +26,13 @@ pub struct ListSubmissionsQuery {
     pub status: Option<String>,
 }
 
+/// DEPRECATED: List submissions
+/// Submissions are now managed by term-challenge.
 pub async fn list_submissions(
     State(state): State<Arc<AppState>>,
     Query(query): Query<ListSubmissionsQuery>,
 ) -> Result<Json<Vec<Submission>>, StatusCode> {
+    // Still return data from local DB for backward compatibility during migration
     let submissions = if query.status.as_deref() == Some("pending") {
         queries::get_pending_submissions(&state.db).await
     } else {
@@ -40,6 +45,8 @@ pub async fn list_submissions(
     Ok(Json(limited))
 }
 
+/// DEPRECATED: Get submission by ID
+/// Submissions are now managed by term-challenge.
 pub async fn get_submission(
     State(state): State<Arc<AppState>>,
     Path(id): Path<String>,
@@ -51,165 +58,49 @@ pub async fn get_submission(
     Ok(Json(submission))
 }
 
+/// DEPRECATED: Get submission source code
+/// Source code access is now managed by term-challenge with proper authentication.
 pub async fn get_submission_source(
-    State(state): State<Arc<AppState>>,
-    Path(id): Path<String>,
-) -> Result<Json<serde_json::Value>, StatusCode> {
-    let submission = queries::get_submission(&state.db, &id)
-        .await
-        .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
-        .ok_or(StatusCode::NOT_FOUND)?;
-
-    Ok(Json(serde_json::json!({
-        "agent_hash": submission.agent_hash,
-        "source_code": submission.source_code,
-    })))
+    State(_state): State<Arc<AppState>>,
+    Path(_id): Path<String>,
+) -> Result<Json<serde_json::Value>, (StatusCode, Json<serde_json::Value>)> {
+    // No longer expose source code from platform-server
+    // Users must use term-challenge API with proper authentication
+    Err((
+        StatusCode::GONE,
+        Json(serde_json::json!({
+            "error": "Source code access has been migrated to term-challenge",
+            "message": "Use the term-challenge API to access source code with proper authentication",
+            "term_challenge_url": get_term_challenge_url(),
+            "endpoints": {
+                "owner_source": "POST /api/v1/my/agents/:hash/source",
+                "validator_claim": "POST /api/v1/validator/claim_job"
+            }
+        })),
+    ))
 }
 
+/// DEPRECATED: Submit agent endpoint
+/// Agent submissions have been migrated to term-challenge.
+/// This endpoint returns a redirect notice.
 pub async fn submit_agent(
-    State(state): State<Arc<AppState>>,
-    Json(req): Json<SubmitAgentRequest>,
+    State(_state): State<Arc<AppState>>,
+    Json(_req): Json<SubmitAgentRequest>,
 ) -> Result<Json<SubmitAgentResponse>, (StatusCode, Json<SubmitAgentResponse>)> {
-    // Validate miner_hotkey is a valid SS58 address
-    if !is_valid_ss58_hotkey(&req.miner_hotkey) {
-        tracing::warn!(
-            "Invalid miner_hotkey format: {} (expected SS58 address starting with '5')",
-            &req.miner_hotkey[..32.min(req.miner_hotkey.len())]
-        );
-        return Err((
-            StatusCode::BAD_REQUEST,
-            Json(SubmitAgentResponse {
-                success: false,
-                submission_id: None,
-                agent_hash: None,
-                error: Some(format!(
-                    "Invalid miner_hotkey: must be a valid SS58 address (e.g., '5GrwvaEF...'). Received: {}",
-                    &req.miner_hotkey[..32.min(req.miner_hotkey.len())]
-                )),
-            }),
-        ));
-    }
-
-    // Verify signature: miner must sign their source code hash to prove ownership
-    // Message format: "submit_agent:<sha256_of_source_code>"
-    let source_hash = hex::encode(sha2::Sha256::digest(req.source_code.as_bytes()));
-    let message = format!("submit_agent:{}", source_hash);
-
-    if !crate::api::auth::verify_signature(&req.miner_hotkey, &message, &req.signature) {
-        tracing::warn!(
-            "Invalid signature for submission from {}",
-            &req.miner_hotkey[..16.min(req.miner_hotkey.len())]
-        );
-        return Err((
-            StatusCode::UNAUTHORIZED,
-            Json(SubmitAgentResponse {
-                success: false,
-                submission_id: None,
-                agent_hash: None,
-                error: Some(format!(
-                    "Invalid signature. Message to sign: '{}'. Use sr25519 signature from your hotkey.",
-                    message
-                )),
-            }),
-        ));
-    }
-
-    let epoch = queries::get_current_epoch(&state.db).await.unwrap_or(0);
-
-    // Rate limiting: 0.33 submissions per epoch (1 every 3 epochs)
-    let can_submit = match queries::can_miner_submit(&state.db, &req.miner_hotkey, epoch).await {
-        Ok(can) => can,
-        Err(e) => {
-            tracing::error!("Rate limit check failed for {}: {}", req.miner_hotkey, e);
-            true // Allow submission if rate limit check fails
-        }
-    };
-
-    tracing::debug!(
-        "Submission check: miner={}, epoch={}, can_submit={}",
-        &req.miner_hotkey[..16.min(req.miner_hotkey.len())],
-        epoch,
-        can_submit
-    );
-
-    if !can_submit {
-        return Err((
-            StatusCode::TOO_MANY_REQUESTS,
-            Json(SubmitAgentResponse {
-                success: false,
-                submission_id: None,
-                agent_hash: None,
-                error: Some("Rate limit: 1 submission per 3 epochs".to_string()),
-            }),
-        ));
-    }
-
-    // Create submission with API key for centralized LLM inference
-    let submission = queries::create_submission(
-        &state.db,
-        &req.miner_hotkey,
-        &req.source_code,
-        req.name.as_deref(),
-        req.api_key.as_deref(),
-        req.api_provider.as_deref(),
-        req.api_keys_encrypted.as_deref(),
-        epoch,
-    )
-    .await
-    .map_err(|e| {
-        (
-            StatusCode::INTERNAL_SERVER_ERROR,
-            Json(SubmitAgentResponse {
-                success: false,
-                submission_id: None,
-                agent_hash: None,
-                error: Some(e.to_string()),
-            }),
-        )
-    })?;
-
-    tracing::info!(
-        "Agent submitted: {} (hash: {}) from {} with provider: {:?}",
-        submission.name.as_deref().unwrap_or("unnamed"),
-        &submission.agent_hash[..16],
-        &req.miner_hotkey,
-        req.api_provider
-    );
-
-    // Create evaluation job for each active challenge
-    let challenges = queries::get_challenges(&state.db).await.unwrap_or_default();
-
-    for challenge in challenges.iter().filter(|c| c.status == "active") {
-        match queries::create_job(&state.db, &submission.id, &challenge.id).await {
-            Ok(job) => {
-                tracing::info!(
-                    "Created job {} for submission {} on challenge {}",
-                    job.id,
-                    &submission.id[..8],
-                    challenge.id
-                );
-            }
-            Err(e) => {
-                tracing::warn!("Failed to create job for challenge {}: {}", challenge.id, e);
-            }
-        }
-    }
-
-    // Broadcast submission event
-    state
-        .broadcast_event(WsEvent::SubmissionReceived(SubmissionEvent {
-            submission_id: submission.id.clone(),
-            agent_hash: submission.agent_hash.clone(),
-            miner_hotkey: submission.miner_hotkey.clone(),
-            name: submission.name.clone(),
-            epoch,
-        }))
-        .await;
-
-    Ok(Json(SubmitAgentResponse {
-        success: true,
-        submission_id: Some(submission.id),
-        agent_hash: Some(submission.agent_hash),
-        error: None,
-    }))
+    // Submissions are now handled by term-challenge
+    tracing::warn!("Deprecated submit_agent endpoint called - redirecting to term-challenge");
+
+    Err((
+        StatusCode::GONE,
+        Json(SubmitAgentResponse {
+            success: false,
+            submission_id: None,
+            agent_hash: None,
+            error: Some(format!(
+                "Agent submissions have been migrated to term-challenge. \
+                 Please use: POST {}/api/v1/submit",
+                get_term_challenge_url()
+            )),
+        }),
+    ))
 }
