Skip to content

fix(data-api): stop dropping auth_required/public_safe from RPC pool artifacts#4979

Merged
JSONbored merged 2 commits into
mainfrom
fix/rpc-pool-eligibility-fields
Jul 12, 2026
Merged

fix(data-api): stop dropping auth_required/public_safe from RPC pool artifacts#4979
JSONbored merged 2 commits into
mainfrom
fix/rpc-pool-eligibility-fields

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Summary

POST /rpc/v1/finney currently returns 503 for every request — live-confirmed. endpointPool() (scripts/lib/endpoint-artifacts.mjs) builds each served pool endpoint from an explicit field allowlist that never included auth_required/public_safe, even though both fields are correctly present on the registry source and the intermediate rpc-endpoints.json artifact. Both rpc/pools.json and endpoint-pools.json are built through this same function.

The Worker's live health overlay (overlayRpcPoolEligibility, src/health-serving.mjs, shipped in #4958 earlier today) re-derives pool_eligible on every request from these same serialized fields — undefined !== false and undefined !== true both evaluate true, so every endpoint fails the structural eligibility check regardless of real health. This is the actual root cause of the ongoing finney-RPC outage; #4958 fixed a real but secondary bug in the overlay's staleness-recompute logic without catching that the fields never reached the artifact at all.

Closes #4978

Fix

Add auth_required/public_safe to endpointPool()'s per-endpoint output object. Both are already part of the documented contract (schemas/components/07-endpoints-rpc.schema.json) for this shape — no schema change needed.

Testing

  • Local npm run build: confirmed dist/metagraph-r2/metagraph/rpc/pools.json now carries correct auth_required/public_safe for all 5 finney-rpc pool endpoints (previously all null).
  • New regression test asserting these fields survive onto the served pool endpoint objects (not just the build-time pool_eligible computation, which was already correct and didn't catch this). Verified it fails pre-fix (undefined !== false) and passes post-fix.
  • Full suite: 7597/7597 passing.
  • eslint/prettier --check clean.

Expected outcome

Once merged and the next build+publish cycle runs, GET /api/v1/rpc/pools should show eligible_count > 0 for finney-rpc, and POST /rpc/v1/finney should serve real proxied responses instead of 503.

…artifacts

endpointPool() built each served pool endpoint object from an explicit
field allowlist that omitted auth_required and public_safe entirely.
Both rpc/pools.json and endpoint-pools.json go through this function,
so both artifacts serialized every endpoint without these two fields
even though the registry source and the intermediate rpc-endpoints.json
artifact both carry them correctly.

The Worker's live health overlay (overlayRpcPoolEligibility,
src/health-serving.mjs, #4958) re-derives pool_eligible on every
request by reading these same serialized fields -- undefined fails
both the auth_required!==false and public_safe!==true checks
unconditionally, so every RPC pool endpoint was excluded regardless of
real health. This is the actual root cause of the ongoing finney-RPC
proxy 503 outage; #4958 fixed a real but secondary staleness-recompute
bug in the overlay without addressing that the fields never reached
the artifact in the first place.

Closes #4978
@superagent-security

Copy link
Copy Markdown

Superagent didn't find any vulnerabilities or security issues in this PR.

@codecov

codecov Bot commented Jul 12, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.94%. Comparing base (11de1c3) to head (7ec916d).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #4979   +/-   ##
=======================================
  Coverage   97.94%   97.94%           
=======================================
  Files         163      163           
  Lines       19440    19440           
  Branches     7385     7385           
=======================================
  Hits        19040    19040           
  Misses         53       53           
  Partials      347      347           
Files with missing lines Coverage Δ
scripts/lib/endpoint-artifacts.mjs 95.40% <ø> (ø)
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix or unsolicited PR — scores a 0.05x multiplier. label Jul 12, 2026
@gittensory-orb

gittensory-orb Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-12 21:32:16 UTC

9 files · 1 AI reviewer · no blockers · readiness 100/100 · CI green · clean

⏸️ Suggested Action - Manual Review

  • Touches a guarded path — held for manual review: This PR changes guardrail-protected path(s): scripts/lib/endpoint-artifacts.mjs (matched scripts/**).

Review summary
This is a minimal, correct fix: it adds `auth_required`/`public_safe` to the per-endpoint output object built by `endpointPool()` in scripts/lib/endpoint-artifacts.mjs, so these fields now survive from the source surfaces onto the served `rpc/pools.json`/`endpoint-pools.json` artifacts. The root-cause chain checks out against the visible code: `endpointPool()` previously allowlisted an explicit set of fields excluding these two, and the Worker's live overlay re-derives `pool_eligible` from these same serialized fields (per PR description), so `undefined !== false`/`undefined !== true` would always fail eligibility. The new regression test directly asserts both fields on the served pool endpoint object, matching the stated pre/post-fix behavior.

Nits — 7 non-blocking
  • The regression test only checks `endpoint-a`; consider also asserting `endpoint-c`'s auth_required/public_safe survive to fully lock in the fix across the eligible and ineligible cases.
  • Consider a short comment in endpointPool() noting that this endpoints array is the literal contract consumed by the Worker's overlayRpcPoolEligibility, to prevent a repeat field-drop when the allowlist is next edited.
  • tests/endpoint-artifacts.test.mjs:418 adds a long production-outage explanation inside a unit test; the assertion is useful, but most of that rationale would be easier to maintain as a shorter comment or PR context.
  • tests/endpoint-artifacts.test.mjs:424 only asserts the positive eligible endpoint; adding one assertion for a non-eligible endpoint such as `endpoint-b` would lock in that `auth_required: true` also survives the pool serialization path.
  • Add `assert.equal(wssPool.endpoints[0].auth_required, true)` and `assert.equal(wssPool.endpoints[0].public_safe, true)` in `tests/endpoint-artifacts.test.mjs` to cover both boolean values through `endpointPool()`.
  • PR author also opened the linked issue — Link an issue that was opened by a different contributor, or provide a rationale for why this self-authored issue represents genuine discovery work.
  • Touches a guarded path — held for manual review — A maintainer must review and merge this change.
Signal Result Evidence
Code review ✅ No blockers 1 reviewer
Linked issue ✅ Linked #4978
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (1 linked issue).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 44 registered-repo PR(s), 36 merged, 435 issue(s).
Contributor context ✅ Confirmed Gittensor contributor JSONbored; Gittensor profile; 44 PR(s), 435 issue(s).
Gate result ⚠️ Not blocking Advisory; not blocking this PR.
Review context
  • Author: JSONbored
  • Role context: owner (maintainer lane)
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: not available
  • Official Gittensor activity: 44 PR(s), 435 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Treat this as maintainer-lane context rather than normal contributor-lane activity.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
[BETA] Chat with Gittensory

Ask Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @gittensory ask &lt;question&gt; answers contribution-quality Q&A with source citations and freshness.
  • @gittensory chat &lt;question&gt; answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @gittensory mention with a real question is routed to the closest matching read-only command automatically -- no exact syntax required.

Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands

Visual preview
Route Viewport Before (production) After (this PR's preview) Diff
/ desktop before / after /
/ mobile before / (mobile) after / (mobile)

Click any thumbnail to open the full-size screenshot. Before = production · After = this PR's preview deploy.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@gittensory-orb gittensory-orb Bot added the manual-review Gittensor contributor context label Jul 12, 2026
…chema

The schema previously omitted these two fields with additionalProperties:
false, so the code fix in the prior commit (adding them to endpointPool()'s
output) failed contract validation. They're structural pool-eligibility
inputs the Worker's live overlay genuinely needs to read back from the
served artifact -- the schema was simply never updated for them.

Regenerates openapi.json/types.d.ts/contracts.json via npm run build, and
patch-bumps packages/client per the contract-change convention.
@JSONbored JSONbored merged commit a1c9c8e into main Jul 12, 2026
13 checks passed
@JSONbored JSONbored deleted the fix/rpc-pool-eligibility-fields branch July 12, 2026 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix or unsolicited PR — scores a 0.05x multiplier. manual-review Gittensor contributor context

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix(data-api): RPC proxy pool permanently 0 eligible — auth_required/public_safe dropped from pool artifact

1 participant