# v0.5 – Contract-Backed ACL for Dedicated Private Sessions (Session-Based Only) > Status: Design aligned with current mock implementation\ > Scope: **Session-based privacy and key access only** (no task-level ACL) *** ### 1. Purpose and Scope v0.5 introduces an **on-chain ACL layer** for **private, dedicated sessions**, replacing most router env-based ACL logic for these flows. Key points: * **Scope = session only** * Keys are derived and authorized **per `sessionId`**, not per task. * **One-way privacy** * A session becomes *encrypted/private* the first time a miner is added. * It **cannot** be downgraded back to non-encrypted. * **Router integration change** * Router must stop treating `ENCRYPTION_ALLOWED_LIST` as the primary ACL source for dedicated private sessions. * Router must read from the **session-level allowlist** in this module, **cache it**, and only fall back to env in explicit legacy/emergency modes. This doc describes the **actual mock implementation**: * State: * `sessionAllowedMiners` * `sessionAllowedMinerList` * `sessionAllowedMinerIndex` * `sessionEncryptionEnabled` * Functions: * `addSessionAllowedMiner` * `removeSessionAllowedMiner` * `getAllowedMinersCount` * `getAllowedMiners` Session ownership is still resolved via `SessionData` (not in this module). *** ### 2. On-Chain State (Current Mock Implementation) #### 2.1 Allowlist Core State layout: * `mapping(uint256 => mapping(address => bool)) public sessionAllowedMiners;`\ Membership mapping (already existed). * `mapping(uint256 => address[]) private sessionAllowedMinerList;`\ Backing array to enable enumeration/pagination (new, private). * `mapping(uint256 => mapping(address => uint256)) private sessionAllowedMinerIndex;`\ 1-based index for O(1) removal via swap-and-pop (new, private). * `mapping(uint256 => bool) public sessionEncryptionEnabled;`\ Session-level privacy flag. Semantics: * `sessionAllowedMiners[sessionId][miner]`\ → `true` if `miner` is currently allowlisted for that session. * `sessionAllowedMinerList[sessionId]`\ → backing array to enumerate allowlisted miners. * `sessionAllowedMinerIndex[sessionId][miner]`\ → 1-based index into `sessionAllowedMinerList[sessionId]`; `0` means “not present”.\ Used for **O(1)** removal via swap-and-pop. * `sessionEncryptionEnabled[sessionId]`\ → privacy flag for that session: * `false` (default): session is not private/encrypted. * `true`: session is **private/encrypted**, cannot be turned off. *** ### 3. Functions and Behavior #### 3.1 `addSessionAllowedMiner(sessionId, miner)` Purpose: * Add a miner to the allowlist for a session. * Auto-enable session encryption on first use. Key behavior: * **Ownership guard**: * Only the **session owner** (from `SessionData`) can call this. * **Idempotent**: * If `sessionAllowedMiners[sessionId][miner]` is already `true`, function is a no-op (beyond the ownership check). * **When miner is not present**: 1. Set `sessionAllowedMiners[sessionId][miner] = true`. 2. Append `miner` to `sessionAllowedMinerList[sessionId]`. 3. Set `sessionAllowedMinerIndex[sessionId][miner] = newIndex` (1-based). * **Auto-encryption**: * If this is the *first* miner added for the session: * Set `sessionEncryptionEnabled[sessionId] = true`. * This is **one-way**: there is no function to set it back to `false`. Complexity: * Time: **O(1)** for membership check + append. * Storage: grows with number of allowlisted miners per session. *** #### 3.2 `removeSessionAllowedMiner(sessionId, miner)` Purpose: * Remove a miner from the allowlist in **O(1)** time. Key behavior: * **Ownership guard**: * Only the **session owner** (from `SessionData`) can call this. * Removal pattern (swap-and-pop): * Look up `idx = sessionAllowedMinerIndex[sessionId][miner]`. * If `idx == 0`, miner not present → no-op or revert (implementation choice). * Else: * Compute `lastIdx = sessionAllowedMinerList[sessionId].length`. * If `idx != lastIdx`, swap: * `last = sessionAllowedMinerList[sessionId][lastIdx - 1]`. * `sessionAllowedMinerList[sessionId][idx - 1] = last`. * `sessionAllowedMinerIndex[sessionId][last] = idx`. * Pop the last element from `sessionAllowedMinerList[sessionId]`. * Set: * `sessionAllowedMinerIndex[sessionId][miner] = 0`. * `sessionAllowedMiners[sessionId][miner] = false`. Notes: * **Does not** change `sessionEncryptionEnabled[sessionId]`: * Once encryption is enabled, the session stays private/encrypted even if list becomes empty. Complexity: * Time: **O(1)**. *** #### 3.3 `getAllowedMinersCount(sessionId) → uint256` Purpose: * Return the size of the allowlist for a session. Implementation: * `return sessionAllowedMinerList[sessionId].length;` Use: * Call this first before pagination to ensure `offset < count`. *** #### 3.4 `getAllowedMiners(sessionId, offset, limit) → address[]` Purpose: * Paged enumeration of allowlisted miners. Constraints: * `offset < totalCount` must hold, otherwise the call will revert. * For an empty list (`totalCount == 0`), **any** call will revert: * Callers must always check `getAllowedMinersCount(sessionId)` first. Usage: 1. Get total: * `uint256 total = getAllowedMinersCount(sessionId);` 2. Page through: * Ensure `offset < total`. * Fetch a page of size `limit` starting at `offset`. Example: * `offset = 0`, `limit = 50` to fetch first page. * `offset = 50`, `limit = 50` for second page, etc. Complexity: * Time: **O(k)** where `k` = size of returned page (`limit`). *** ### 4. How Router Uses This ACL (v0.5, Session-Only) #### 4.1 Privacy Flag When a router handles a request for a given `sessionId`: * Check: * `isPrivate = sessionEncryptionEnabled(sessionId);` * If `isPrivate == true`: * Treat the session as **private/encrypted**. * All `/api/v2/completion` traffic for that session must: * Use **offchain payload v2** with encryption. * Disable streaming. * Key issuance must enforce ACL via `sessionAllowedMiners`. * If `isPrivate == false`: * Session is non-private/plain. * Router can treat it as a normal (unencrypted) session unless explicitly configured otherwise. *** #### 4.2 Key Issuance (`/api/v1/auth/payload_enc_key/session`) For **miners**: 1. Caller sends: * `session_id` * `address` (or implied from signature) * `signature` over canonical scope string. 2. Router constructs scope string, for example: * `"session:" + session_id` 3. Router verifies signature (e.g., `verify_addr_str_message(scope_str)`). 4. Router verifies ACL: * If `sessionEncryptionEnabled(sessionId) == true`: * Check `sessionAllowedMiners(sessionId, minerAddr)` via the **public getter**. * Else: * For non-private sessions, router may still support legacy env-based logic if needed. 5. If `allowed == true`: * Derive scoped key with current `key_version`. * Return key + version to miner. **Important:**\ Router implementation must be updated so that for **private dedicated sessions**: * **Primary ACL is the contract**, not `ENCRYPTION_ALLOWED_LIST`. * Env-based ACL is **optional fallback** and should be guarded by an explicit feature flag. *** #### 4.3 Router Caching Strategy Even though `sessionAllowedMiners` and `sessionEncryptionEnabled` are cheap to read: * Routers should **cache** for hot sessions: * `sessionEncryptionEnabled(sessionId)` * Membership checks for active `(sessionId, minerAddr)` pairs. * Cache invalidation/update should be driven by: * Events (if implemented), or * Periodic polling with TTL. This is especially important when many miners are requesting keys for the same active sessions. *** ### 5. Interaction With v0 Private / Encrypted Inference v0 private inference is **router-centric** and uses: * Session-scoped encryption keys derived from an `ENCRYPTION_SEED`/keyring. * Auth endpoints: * `/api/v1/auth/payload_enc_key/session` * Offchain v2 encrypted payloads with metadata such as: * `alg`, `scope_type`, `session_id`, `key_version`, `nonce`, `tag`, `ciphertext`, `created_at`. v0.5 changes **who is allowed** to get keys: * Instead of `.env`-only ACL (`ENCRYPTION_ALLOWED_LIST`), dedicated private sessions use: * `sessionEncryptionEnabled[sessionId]` * `sessionAllowedMiners[sessionId][miner]` for authorization. Env-based ACL can still exist for: * Non-private sessions. * Emergency overrides. * Legacy testing environments. But **for dedicated private sessions**, the on-chain ACL is canonical. *** ### 6. Dashboard / UX Flow #### 6.1 Enabling a Dedicated Private Session Typical flow: 1. User creates a session (`SessionData` + router). 2. Dashboard allows user to **configure a dedicated node address**. 3. When user chooses to **enable private mode**: * Dashboard calls `addSessionAllowedMiner(sessionId, dedicatedNodeAddr)` on-chain. 4. Effects: * `sessionAllowedMiners[sessionId][dedicatedNodeAddr] = true`. * `sessionEncryptionEnabled[sessionId] = true` (if first miner). * Dedicated node address appears in `sessionAllowedMinerList[sessionId]`. Dashboard UX: * Show a **one-way warning**: * Enabling privacy is **permanent** for this session. * Session will use encrypted offchain v2 payloads and **no streaming**. * Only allowlisted miners can obtain keys to decrypt payloads. #### 6.2 Managing Allowlisted Miners * Add a miner: * `addSessionAllowedMiner(sessionId, minerAddr)` (owner only). * Remove a miner: * `removeSessionAllowedMiner(sessionId, minerAddr)` (owner only). * Query size: * `count = getAllowedMinersCount(sessionId)`. * Paginate: * Use `getAllowedMiners(sessionId, offset, limit)` with `offset < count`. Notes: * Removing all miners **does not** revert `sessionEncryptionEnabled[sessionId]` to `false`. * Dashboard should surface this: * “Once privacy is enabled, this session stays private; you can change which miners are allowed, but not turn privacy off.” *** ### 7. Ownership & Guards * **Only the session owner** (as defined in `SessionData`) can: * Add miners via `addSessionAllowedMiner`. * Remove miners via `removeSessionAllowedMiner`. This keeps the ownership model simple: * One source of truth for *who controls a session* (SessionData owner). * Session-level ACL tracks *which miners are allowed* to serve its private workloads. There is **no separate router-owner** in this module; router identity/ownership is enforced via `SessionData`. *** ### 8. Optional Next Improvements The current mock implementation already covers: * O(1) add/remove membership. * Paged enumeration. * One-way privacy enable flag. Potential next steps: 1. **Events (recommended)** * `SessionEncryptionEnabled(sessionId, by, timestamp)` * `SessionMinerAllowedAdded(sessionId, miner, by, timestamp)` * `SessionMinerAllowedRemoved(sessionId, miner, by, timestamp)` These allow router processes to subscribe and immediately refresh caches instead of polling. 2. **Batch operations** * `addSessionAllowedMiners(sessionId, address[] miners)` * `removeSessionAllowedMiners(sessionId, address[] miners)` Most helpful when sessions need to add/remove many miners at once. 3. **Combined status view** * `getSessionPrivacyStatus(sessionId) returns (bool enabled, uint256 allowedCount)` Useful for: * Dashboards. * Router introspection APIs. * Scripts that need a quick privacy snapshot. *** ### 9. Summary * v0.5 defines a **contract-backed, session-based ACL** for private dedicated sessions. * Core state: * `sessionAllowedMiners[sessionId][miner]` * `sessionAllowedMinerList[sessionId]` * `sessionAllowedMinerIndex[sessionId][miner]` * `sessionEncryptionEnabled[sessionId]` * Core behaviors: * `addSessionAllowedMiner` (idempotent, O(1), auto-enables encryption on first use). * `removeSessionAllowedMiner` (O(1) swap-and-pop). * `getAllowedMinersCount` and `getAllowedMiners` (paged enumeration). * Router changes: * For **private dedicated sessions**, key issuance must use **this contract ACL**. * Env-based ACL becomes **legacy/emergency** only for these flows. * Router must be updated to **read from the contract, cache results**, and only fall back to env when explicitly configured. * UX: * Privacy is **one-way per session**. * Dashboard aligns with contract behavior and enforces that once `sessionEncryptionEnabled` is `true`, it stays `true`. This keeps v0.5 privacy **simple, session-scoped, and effective**, while still leaving room for future task-level scoping or more advanced privacy policies in later versions.