Skip to content

Audit: enumerate AMS's global-singleton state with tenant-leak risk #5218

Description

@JSONbored

Problem

AMS already has at least one confirmed, shipped example of untenant-scoped global state: packages/gittensory-miner/lib/governor-kill-switch.js resolves a kill-switch purely from process env (isGlobalMinerKillSwitch/resolveMinerKillSwitch) with no per-tenant key. ORB is running an equivalent sweep for itself (#4885-#4893: agent-controls table, contributor blacklist union, admin allowlist, etc.), but AMS has no tracked equivalent, so other instances of the same class of bug are likely still undiscovered.

Area

AMS / Multi-tenancy audit

Proposal

Systematically grep and document every module in packages/gittensory-miner and packages/gittensory-engine/src/miner that holds process-wide or file-scoped singleton state (kill switches, allowlists, blacklists, rate-limit counters, in-memory caches), and produce a findings doc listing each with its current scope and the risk if that same code ran as a shared hosted service across multiple tenants.

Deliverables

  • A findings document enumerating every global-singleton module found, with file:line references
  • A risk rating per item (leaks across tenants / safe as-is / needs redesign), to seed follow-up fix issues

Resources

Boundaries

  • Audit and documentation only — this issue must NOT fix any finding itself, even an obvious one; every confirmed leak gets its own follow-up issue.
  • Any follow-up fix issue that touches trust/safety-relevant global state (e.g. the kill-switch itself, blacklist/allowlist logic) must NOT be self-triaged as contributor-eligible by this audit — it needs maintainer review before it's labeled, the same way ORB's Redesign the global agent-controls table for per-tenant scoping #4885 redesign was maintainer-owned rather than opened as a generic contributor task.
  • This issue must NOT make an architecture decision about how the eventual tenant-scoping fix should work — it only documents what exists and how risky it is.

Metadata

Metadata

Assignees

Labels

gittensor:featureGittensor-scored feature linked to a feature issue — scores a 0.25x multiplier.maintainer-onlyOwner-only work — yields no Gittensor points.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions