Skip to content

PRISM Compute Plane — miner-funded GPU worker plane (mission/compute-plane)#1

Merged
echobt merged 14 commits into
mainfrom
mission/compute-plane
Jul 7, 2026
Merged

PRISM Compute Plane — miner-funded GPU worker plane (mission/compute-plane)#1
echobt merged 14 commits into
mainfrom
mission/compute-plane

Conversation

@echobt

@echobt echobt commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Draft PR for the PRISM Compute Plane mission (worker plane behind feature flags).

This branch delivers the prism-side milestone prism-proof. First landed:

ExecutionProof emission (feature execution-proof-emission) — architecture.md §3.4/§3.5

  • src/prism_challenge/proof.py: ExecutionProof v1 envelope (schema-compatible with the base worker plane), canonical manifest hashing (sha256 over json.dumps(manifest, sort_keys=True, indent=2) == the exact on-disk bytes of prism_run_manifest.v2.json), tier computation from injected provider env (tier 0 default; tier 1 needs BOTH image digest AND pod metadata; tier 2 only with a non-null attestation payload), and an sr25519 worker signature over the pinned message sha256(f'{manifest_sha256}:{unit_id}') (identical to the base agent).
  • Emission wired into the validator finalization path so the work-unit result payload carries exactly one signed proof at successful finalization, gated on a new prism worker_plane config block (default OFF → legacy behavior byte-for-byte).
  • Proof construction reads only the manifest + a fixed non-secret provider env allowlist; never the held-out split config or LLM keys.

Fulfills VAL-PRISM-001/002/003/004/005/006/008.

Gate: ruff + mypy clean; pytest -m "not distributed_gloo" 816 passed, coverage 83.21%.

…m-proof)

Add src/prism_challenge/proof.py: ExecutionProof v1 envelope (schema-compatible
with the base worker plane), canonical manifest hashing (sha256 over
json.dumps(manifest, sort_keys=True, indent=2) == the exact on-disk bytes of
prism_run_manifest.v2.json), tier computation from injected provider env
(tier 0 default; tier 1 needs BOTH image digest AND pod metadata; tier 2 only
with a non-null attestation payload), and an sr25519 worker signature over the
pinned message sha256(f'{manifest_sha256}:{unit_id}') (identical to the base
agent, VAL-AGENT-008/VAL-PRISM-006).

Wire emission into the validator finalization path: the dispatch result payload
carries exactly one signed proof at successful finalization, gated on a new
prism worker_plane config block (enabled by default OFF -> legacy behavior).
Proof construction reads only the manifest + a fixed non-secret provider env
allowlist and never the held-out split config or LLM keys (VAL-PRISM-008).

Fulfills VAL-PRISM-001/002/003/004/005/006/008.
@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@echobt, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 59 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eb5953a9-9e9c-4dc9-844f-45a0ec55363d

📥 Commits

Reviewing files that changed from the base of the PR and between 5e0387f and cb8e9f2.

📒 Files selected for processing (37)
  • README.md
  • config.example.yaml
  • scripts/mission/launch.py
  • scripts/mission/legacy_smoke.py
  • scripts/mission/mission_legacy_validator.py
  • scripts/mission/mission_prism.py
  • scripts/mission/mission_validator.py
  • scripts/mission/mission_worker.py
  • src/prism_challenge/admission.py
  • src/prism_challenge/app.py
  • src/prism_challenge/audit.py
  • src/prism_challenge/config.py
  • src/prism_challenge/coordination.py
  • src/prism_challenge/db.py
  • src/prism_challenge/evaluator/cpu_test_mode.py
  • src/prism_challenge/evaluator/scoring.py
  • src/prism_challenge/ingestion.py
  • src/prism_challenge/plausibility.py
  • src/prism_challenge/proof.py
  • src/prism_challenge/queue.py
  • src/prism_challenge/repository.py
  • src/prism_challenge/routes.py
  • src/prism_challenge/validator_dispatch.py
  • src/prism_challenge/validator_executor.py
  • tests/test_cpu_test_mode.py
  • tests/test_prism_admission.py
  • tests/test_prism_audit_effective_tier.py
  • tests/test_prism_audit_execution_wiring.py
  • tests/test_prism_audit_scheduler.py
  • tests/test_prism_checkpoint_intake_worker_plane.py
  • tests/test_prism_finalization_robustness.py
  • tests/test_prism_plausibility.py
  • tests/test_prism_proof.py
  • tests/test_prism_proof_emission.py
  • tests/test_prism_result_ingestion.py
  • tests/test_prism_worker_plane_finalization.py
  • tests/test_prism_worker_plane_regressions.py
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch mission/compute-plane

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

echobt added 13 commits July 7, 2026 05:11
…ion + idempotent ingestion (M3 prism-proof)

CREATE POST /internal/v1/work_units/result (body {work_unit_id, submission_ref,
result}), the counterpart to base's HttpChallengeResultForwarder. Verify the
forwarded ExecutionProof BEFORE scoring: reject missing/malformed proof
(VAL-PRISM-018) and tampered manifest / forged digest (VAL-PRISM-007) 422 with a
distinguishable reason, leaving the unit eligible for retry. Downgrade
unverifiable tier claims to their effective tier for audit sampling
(VAL-PRISM-019). Finalize idempotently via a guarded work_unit_results key so a
duplicate delivery is a no-op and a conflicting one is refused 409, never mutating
a finalized score/leaderboard (VAL-PRISM-017). Gated behind worker_plane.enabled
(404 when off).
…proof)

Add a verify-only plausibility module (architecture.md 3.5) that rejects an
implausible prism_run_manifest.v2 before scoring and passes a plausible manifest
through unchanged:
- schema/version + metrics-block validation
- step-0 anomaly (initial loss below the from-scratch baseline)
- loss-trajectory sanity (final/late online loss at/above ~ln(vocab))
- log/score consistency
- wall-clock vs declared budget

Wired into the base->prism verify-only ingestion path with a distinct
plausibility_* rejection reason (never scored, unit stays retry-eligible);
plausible results finalize identically to the legacy path (VAL-PRISM-009/010).
…3 prism-proof)

Sample finalized worker results at per-tier rates (0.10/0.05/0.02, seeded);
sampled results create DISTINCT-id validator audit units on the existing
validator_dispatch path (pending-only listing). Audit mismatch invalidates the
submission score in its epoch leaderboard and propagates to crown/weights;
audit failure/timeout re-audits within bounds and never silently accepts.
R=1-degraded results stay audit-eligible at their effective-tier rate; worker
hotkeys still cannot publish checkpoints while resume refs reach reassigned units.

Fulfills VAL-PRISM-011,012,013,023,024,025,026.
…essions (M3 prism-proof)

Adds the fail-closed submission admission rule behind worker_plane.admission_requires_worker:
POST /v1/submissions and the base bridge path /internal/v1/bridge/submissions both query the
master's GET /v1/workers/active?hotkey= and reject with 403 NO_ACTIVE_WORKER unless >=1 active
worker is confirmed. Master unreachable/timeout/5xx folds into the same bounded 403 shape
(VAL-PRISM-014/020/021). Flag OFF is byte-identical to legacy with zero master calls
(VAL-PRISM-015). Scoring and get_weights/leaderboard/epoch surfaces are unchanged ON vs OFF
(VAL-PRISM-016/022).
…thout re-execution (M3 prism-finalization)

Under worker_plane.enabled, ingest_work_unit_result now finalizes the
submission score from the forwarded, verified+reconciled
prism_run_manifest.v2 via a new PrismWorker.finalize_worker_result that
takes NO GPU lease and NEVER constructs the evaluator
(no evaluator.evaluate / _evaluate_within_wall_time / _augment_with_heldout).
It reuses the _finalize_container_score tail with skip_heldout=True so the
score is prequential-bpb-only and the master-only secret val split
(base_eval_val_data_dir) is never read (architecture.md 4). Dedup/conflict
and proof+plausibility gates run before finalization exactly as-is; flag
OFF keeps the legacy process_submission re-execution path byte-identical.

Fulfills VAL-FINAL-001..004.
… audit sampler (M3 prism-finalization)

Wire the audit-only validator cycle end-to-end: enumerate pending audit: units
(is_audit_unit_id), replay the audited submission's evaluation deterministically
for a fresh manifest_sha256, and resolve via resolve_audit_unit -- matching replay
leaves the finalized score untouched, divergent replay invalidates it and records
a worker_fault. dispatch_assignment routes on unit type so validators run audits
while workers still execute primaries + emit proofs under the flag; the autonomous
run_validator_cycle is audit-only when the flag is on and legacy primary execution
when off. Mix a server-side secret WorkerPlaneConfig.audit_salt (repr=False) into
the AuditSampler seed so selection is unpredictable from submission_id yet
reproducible for a fixed salt, preserving per-tier rates (VAL-FINAL-005/006).
…VAL-FINAL-007)

On audit-mismatch invalidation, _recompute_family_after_invalidation now advances
architecture_families.owner_hotkey (and owner_submission_id) to the surviving best
submission's owner alongside canonical_submission_id/q_arch_best, so a proven-faulty
family creator loses the 0.60 architecture emission share that get_weights rewards and
the surviving co-owner is paid. The single-owner no-survivor burn (q_arch_best -> 0.0)
and the normal (non-invalidated) persistent-crown-pays-creator semantics are unchanged.

Adds a multi-owner-same-arch regression test proving the faulty owner loses the share
and get_weights pays the survivor.
…ents

Add worker_plane.cpu_reexec_test_mode config that installs the repo's own CPU
re-exec seam (mock_reexec.cpu_reexec_run) with a tiny deterministic PrismContext,
plus an evaluator/cpu_test_mode helper (stage data, install seam, normalize
volatile manifest fields so honest replicas agree on one manifest_sha256) wired
into create_app. Add the local mission worker/validator/prism agents and drill
launcher (scripts/mission) for the cross-repo e2e harness (VAL-CROSS-001..011).
…units

Extend drill 3 to rebuild the full dispute->audit->invalidation->fault story from
operator APIs alone (VAL-CROSS-011): (a)/(b) from the new master GET
/v1/workers/units, (c) from prism GET /v1/submissions/{id}, (d) fault on GET
/v1/workers + base worker status. Adds a master_units() signed-read helper.
Add a legacy validator that runs an assigned prism PRIMARY unit through the real
validator_dispatch path, plus a flags-OFF smoke orchestrator that stands up the
local mock-metagraph deployment with the worker plane OFF and drives one legacy
submission end-to-end. It asserts (via HTTP + master/prism DB reads) the
pre-mission behavior: submission accepted with no admission 403, exactly one gpu
work unit, the unit assigned to the VALIDATOR (never a worker) with no
worker-plane rows/side effects, and a score finalized via validator_dispatch.
Wire a worker_plane_enabled toggle into the mission prism service so the flag OFF
disables the worker plane + admission gate.
…aim lease

finalize_worker_result no longer returns a truthy submission_id when the
source-static derivation FAILS: it reverts the CAS claim to pending (retryable)
and raises WorkerFinalizationError, which ingestion surfaces as a distinct
finalization_failed outcome (finalized=False, nothing recorded, HTTP 503) so a
transient internal error is retried instead of being silently marked terminally
finalized (status=failed). Happy path and all VAL-FINAL assertions preserved.

run_validator_audit_cycle now claims each pending audit under a lightweight
per-audit lease (repository.claim_audit_unit + audit_units.claimed_at/by,
audit_claim_lease_seconds) before replaying it, so a multi-validator deployment
no longer has every validator redundantly replay the same audits; each pending
audit is replayed by at most one validator. The claim is cleared on resolution
so a re-audited unit is immediately reclaimable, and a crashed claimant's lease
expires. Single-validator behavior and VAL-FINAL-005 unchanged.
…; harness log/re-run hygiene

Strengthen the launch.py drills so PASS/FAIL derives strictly from operator-
observable API/CLI surfaces: CROSS-001 asserts the finalized score via prism
GET /v1/submissions/{id}; CROSS-002 asserts via GET /v1/workers/units that the
submitter's own worker never became a replica of its unit; CROSS-009 diffs
GET /v1/workers against parsed 'base worker status' (ids/owners/providers/
statuses/fault counts). Line-buffer + basicConfig mission_prism/mission_worker
so drill logs survive SIGTERM teardown; use a random submission nonce per run so
legacy_smoke (and the drills) are re-runnable against a reused --workdir.
@echobt echobt marked this pull request as ready for review July 7, 2026 22:32
@echobt echobt merged commit f788fc7 into main Jul 7, 2026
11 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant