Replies: 2 comments 1 reply
-
|
I think the proposal doesn't completely take into account Short story: My intention is that any changes and proposals for legacy inference handling (not with devshard) are just out of date. We should design things that will feat future infrastructure. |
Beta Was this translation helpful? Give feedback.
-
|
Got it. Moving this to the devshard path and closing #1232. Should the verifier live inside dl/devshards-gateway-to-main, or as a sidecar in front of the devshard? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
@gmorgachev, picking up your broker-side suggestion from #1185 with a concrete envelope schema and a reference implementation. I'd like input on placement and v1 scope before opening the PR.
Proposal
Add an optional signed agent request envelope on
/v1/chat/completionsand/v1/completions. When theX-Agent-Passportheader is absent, request behavior is byte-identical to today. Default config disables the layer. The envelope is additive metadata. No chain change, no new consensus message.What gap does it close
Gonka authenticates the network actors: Developer, Transfer Agent, Executor.
MsgFinishInferencerecordsRequestedBy,TransferredBy,ExecutedBy. The signature chain works. AuthKey replay protection works.x/authzwarm-key delegation works.The narrower gap is agent-subject context when an automated agent calls Gonka under an already-authorized principal:
RequestedByresolves to the Developer or warm-key Grantee; the actual agent making the call is not on the wire.x/authzis message-type scoped, not attribute scoped. A Developer cannot grant a warm key the right to run inference only for model X, only for purpose Y, only until next Tuesday. A customInferenceAuthorizationtype inx/authzwould address this but requires a chain change.What the envelope does
When
X-Agent-Passportis present, the verifier checks that:signArbitrarycompatible). The principal pubkey is embedded; the verifier derives the address locally and asserts equality with the envelope's principal address. No chain query needed, which eliminates the first-tx-pubkey lookup and the associated DoS surface.chain_id, HTTP method, full request URI, the JCS-canonicalized envelope, and the request body.MaxEnvelopeTTL(default 1h, configurable), and falls withinnot_beforeif present.allowed_modelsis present, the requested model must be listed. If omitted, the envelope does not restrict model choice.RequesterAddress, orx/authzshows an active Grantee to Granter relationship for/inference.inference.MsgStartInference.After
s.recorder.StartInferencesucceeds, a structured attribution event is emitted asynchronously through a bounded queue. Drop-on-full with a counter; never blocks the request path.Composition with existing primitives
This follows existing Cosmos patterns and adds no new root of trust:
signArbitraryproduces.x/authzfor warm-key resolution when the request comes from a Grantee distinct from the principal. Uses Gonka's existingAuthzCache.GetPubKeyForSignerdirectly.The envelope is an off-chain request-layer extension. Not a consensus message. Not a chain message. Not a new identity layer underneath the Developer key.
Why request-layer first
A chain-native version could eventually add optional
AgentIdandBeneficiaryfields toMsgFinishInference, but that's a separate governance discussion. For v1, broker-side middleware looks like the safer starting point:If you see a different placement that closes the gap with less surface area, I'd rather hear it now than after the PR is up.
What stays unchanged
Listing the surface concerns explicitly because that's where reviewer attention naturally goes on any envelope proposal. This PR does NOT modify:
calculations.ValidateTimestamp, orcheckAndRecordAuthKeyMsgStartInferenceorMsgFinishInferenceschemasDefault config is
enabled: false. Operators opt in.What might come later
One Phase 2 direction worth flagging: extending
MsgFinishInferencewith optionalAgentIdandBeneficiaryfields so the data the envelope carries off-chain in v1 becomes queryable on-chain. That's a chain change requiring governance and is not assumed by this PR. If interest exists, it gets a separate Discussion.Other items explicitly deferred to Phase 2: scoped delegation chains, multi-hop attribution receipts, multi-sig principal support, devshard daemon integration, and revocation beyond short TTL. @a-kuprin, the devshard authentication piece you raised in #1185 falls under devshard daemon integration here; I think that wants its own Discussion once v1 settles.
What I'm asking for
Two things before opening the PR:
/v1/chat/completionsand/v1/completionsmatches your [Public Review] Gonka Network Development Roadmap #1185 suggestion. Confirm or redirect.The reference implementation is ready: single PR, single new package
internal/agentenvelope/, ~25 modified lines across two existing files, opt-in via config, backward compatible by construction. I can open it as a linked PR shortly, but the design points above are the substance of the Discussion. Code can wait on placement confirmation if that's the cleaner sequence.Disclosure
I maintain APS (Agent Passport System), an Apache 2.0 open protocol for AI agent identity. The envelope format here is APS-compatible. The integration is fully isolated in
internal/agentenvelope/, so the wire format can be swapped without re-architecting anything else. Adopting it Gonka-side does not require Gonka to adopt APS network-wide.Linked PR: #1232 — reference implementation matching the design points above.
Beta Was this translation helpful? Give feedback.
All reactions