# \[WIP/DRFAT] Agent Validator / COR Prover (Agentic, MCP + ERC‑8004) ### 0) Purpose & Summary Design a public‑facing validator that external agents can invoke via MCP (Model Context Protocol) or HTTP and that publishes ERC‑8004‑compatible artifacts for discovery/verification. The service validates agent tasks by comparing candidate outputs against redundant miner consensus (via Cortensor Sessions) and/or against optional expected outputs. #### Background & Existing Capabilities * **Validator v3 (internal):** LLM‑based evaluation used for Cortensor network tasks (PoI/PoUW). It is tightly coupled to Cortensor‑native events and schemas. * **Gap:** Not generalized for public/agentic use; lacks MCP surface and 8004‑ready outputs. * **Direction:** Keep **v3** for network ops; build a **generalized public validator** with normalized I/O, MCP + HTTP surfaces, ERC‑8004 mapping, and clean integration to Cortensor Sessions for redundant inference. * **Analogy:** Conceptually similar to a "prover network" pattern—independent workers produce evidence and a validator verifies/aggregates—**but** built as a public‑good, open service with MCP/HTTP interfaces and ERC‑8004‑compatible artifacts so anyone can integrate and verify. * **Philosophy:** Open interfaces, portable evidence (CIDs), and signed results to enable cross‑ecosystem verification without vendor lock‑in. ### 1) Goals & Non‑Goals **Goals** * Standardized **MCP** and **HTTP** interfaces (capabilities, evaluate, health, pricing). * **Agent Task Validation**: accept `input` + `candidateOutputs` (+ optional `expected`), compute scores using miner consensus and policy engine (LLM + embeddings). * Two access paths: **x402 pay‑per‑call** and **Cortensor Delegated Session** (pre‑funded $COR). * Strong observability, security, and multi‑tenant controls. *** ### 2) Reference Architecture #### 2.1 High‑Level Overview ``` ┌───────────────┐ MCP / HTTP ┌───────────────────┐ │ External │────────────────────────▶│ Validator Service │ │ Agent/Client │ │ (MCP + HTTP) │ └───────────────┘◀────────────────────────┤ Policy Engine │ 402 (x402) / credit └───┬──────────────┘ │ ┌──────────────────────┴─────────────────────┐ │ │ ┌──────────────┐ ┌──────────────┐ │ x402 Handler │ │ Storage/ │ │ + Receipt │ │ Index (CIDs) │ │ Verifier │ └──────────────┘ └──────┬───────┘ │ │ credit │ evidence ▼ ▼ ┌─────────────────────┐ ┌──────────────┐ │ Cortensor Session │ REST (Session API) │ 8004 Adapter │ │ (Delegated Session) │◀───────────────────────┤ (read‑write) │ └──────────┬──────────┘ └──────────────┘ │ submit task ▼ enqueues ┌──────────────┐ dispatch ┌──────────────┐ │ SessionQueue │────────────▶│ Router/Alloc │ │ V2 │ └──────┬───────┘ └──────────────┘ │ assigns ▼ ┌──────────────┐ │ Miners (R) │ └──────────────┘ ``` #### 2.2 Artifact Flow (Concept) ``` input (URI/hash) ─┐ ┌─► scores/confidence + evidence CIDs candidateOutputs ─┼─► Validator (policy) ────┤ expected (opt) ───┘ └─► 8004‑compatible signed object ▲ │ (if required by policy) └─► Cortensor Session → SessionQueueV2 → Miners (redundant outputs) ``` *** ### 3) Interfaces #### 3.1 MCP Surface (proposed) **Capabilities (`mcp.capabilities`)** ```json { "name": "cortensor-validator-agent", "version": "0.1.0", "capabilities": ["evaluate", "health", "pricing"], "schemas": { "input": "cortensor.validator.input.v1", "output": "cortensor.validator.output.v1" } } ``` **Evaluate (`mcp.evaluate`)** — `cortensor.validator.input.v1` ```json { "taskRef": "string", "input": { "uri": "ipfs://...|https://...", "hash": "0x...", "type": "text|image|audio|json" }, "candidateOutputs": [ { "uri": "ipfs://...", "hash": "0x...", "meta": {"model":"qwen2-7b"} } ], "expected": { "uri": "ipfs://...", "hash": "0x..." }, "policy": { "id": "embedding-cluster-v2", "params": { "redundancy": 2 } }, "constraints": { "deterministic": true, "timeoutMs": 15000 } } ``` **Output (`cortensor.validator.output.v1`)** ```json { "taskRef": "string", "scores": [{ "candidate": 0, "score": 0.93 }], "consensus": { "method": "centroid", "agreement": 0.88 }, "method": { "id": "embedding-cluster-v2", "version": "2.1.0" }, "evidence": { "centroids": "ipfs://...", "distances": "ipfs://..." }, "rationale": "short text", "timestamps": { "received": "...", "completed": "..." }, "observability": { "latencyMs": 1830, "redundancy": 2 } } ``` **Health (`mcp.health`)** → `{ "ok": true }` **Pricing (`mcp.pricing`)** → `{ "unit": "credits", "pricePerUnit": "0.0005", "alt": [{"asset":"USDC","chain":"...","unitPrice":"..."}] }` #### 3.2 HTTP/JSON API (mirror) * `POST /v1/validate` — body = MCP input; returns MCP output * `GET /v1/healthz` * `GET /v1/pricing` **`validateAgentTask` (alias)** ```json { "taskRef": "agent-123", "input": {"uri":"ipfs://bafy...","hash":"0x...","type":"text"}, "candidateOutputs": [ {"uri":"ipfs://bafy...cand0","hash":"0x..."} ], "expected": {"uri":"ipfs://bafy...gt","hash":"0x..."}, "policy": {"id":"embedding-cluster-v2","params":{"redundancy":3}}, "constraints": {"timeoutMs": 20000} } ``` *** ### 4) Payments & Access #### 4.1 x402 (Pay‑Per‑Call) **Flow** 1. Client calls `/v1/validate` without credit → service returns **HTTP 402** `{ price, asset, payTo, memo }`. 2. Client pays; obtains **receipt** (on‑/off‑chain proof). 3. Client retries with `Authorization: X402 `. 4. Service **verifies receipt**, mints internal credits, runs validation. #### 4.2 Cortensor Delegated Session (Pre‑Funded $COR) **Flow** 1. Developer/partner pre‑funds a **Cortensor Session** in $COR (the delegated session). 2. Validator attaches the **session token** when it needs redundant inference. 3. Validator submits tasks to **Session** → they enter **SessionQueueV2**. 4. **SessionQueueV2** dispatches to eligible miners via Router/allocator. 5. Validator consumes miner results, evaluates, and returns verdict. **Notes** * Delegated session **is** Cortensor Session; same construct, funded ahead of time. * Staking‑aware throttles and rate limits may apply based on session tier. *** ### 5) Evaluation Policies (examples) * **Embedding‑Cluster‑v2**: cosine/Euclidean, centroid voting, outlier detection, deterministic seeds. * **Rule‑Based**: structural JSON checks, regex guardrails. * **Hybrid**: small verifier LLM + embeddings. **Policy Manifest** ```json { "id": "embedding-cluster-v2", "version": "2.1.0", "models": {"embed": "text-emb-..."}, "parameters": {"redundancy": 3, "minAgreement": 0.6, "outlierZ": 2.5}, "deterministic": true } ``` *** ### 6) Storage & Indexing Persist `taskRef`, input/candidate CIDs+hashes, miner outputs CIDs, policy manifest, scores, rationale, timestamps, and signatures. Index by `taskRef`, `agentId`, `policy id@version`. *** ### 7) Auth, Quota, Throttles API keys, session tokens, and X402 receipts. Per‑tenant QPS/burst caps; stake‑tiered limits for delegated sessions. Size limits and URI allow‑lists for artifact fetch. *** ### 8) Observability & Events Metrics: request count, P50/90/99, acceptance, disagreement, drift. Events: `PaymentReceived`, `CreditApplied`, `ValidationStarted`, `ValidationCompleted`, `EvidencePublished`. *** ### 9) Security Considerations Artifact integrity (hash+length), sandboxed evaluators, signed outputs (Ed25519/SECP256K1), JWKS rotation, redaction of PII, miner ID tokenization in public artifacts. *** ### 10) Error Model | Code | HTTP | Meaning | Client Action | | ---------------------- | ---- | -------------------------- | ------------------------------------ | | `NO_CREDIT` | 402 | Payment required | Follow x402 or use delegated session | | `INVALID_RECEIPT` | 400 | Unverifiable payment | Recheck asset/amount/txid | | `POLICY_UNSUPPORTED` | 400 | Unknown policy | Query capabilities, retry | | `ARTIFACT_UNAVAILABLE` | 424 | Unfetchable inputs/outputs | Re‑upload or pin CIDs | | `TIMEOUT` | 504 | Exceeded compute budget | Increase timeout or reduce size | *** ### 11) ERC‑8004 Mapping (read‑only) Minimal object emitted for discovery/verification: ```json { "agentId": "did:pkh:eip155:1:0xValidator...", "agentType": "validator", "taskRef": "bafy...", "evidenceUri": ["ipfs://bafy...centroids", "ipfs://bafy...distances"], "scoreVectorUri": "ipfs://bafy...scores", "policyManifestUri": "ipfs://bafy...policy.json", "signature": "0x..." } ``` *** ### 12) Sequences **A) Basic Validation (no auxiliary inference)** 1. Client → `/v1/validate` with input + candidates. 2. Policy runs (no miner calls); result returned with evidence. **B) Delegated Session (redundant inference)** 1. Validator attaches session token → submits task to **Session**. 2. **SessionQueueV2** → miners → outputs return. 3. Policy compares candidates vs consensus → verdict. **C) External Agent + Auxiliary Inference (fallback)** 1. Client submits artifacts; policy deems confidence low. 2. Validator triggers Session path to gather redundant outputs. 3. Recompute verdict with augmented evidence. **D) Oracle‑Style Agent Task Validation** 1. Client includes `expected` output. 2. Policy computes candidate vs expected and candidate vs consensus scores. 3. Evidence published; 8004 object signed and emitted. *** ### 13) SDK Sketches **TypeScript** ```ts const body = { taskRef:"demo-1", input:{uri:"ipfs://...",hash:"0x...",type:"text"}, candidateOutputs:[{uri:"ipfs://...",hash:"0x..."}], policy:{id:"embedding-cluster-v2",params:{redundancy:3}} }; let r = await fetch(base+'/v1/validate',{method:'POST',headers:{'content-type':'application/json'},body:JSON.stringify(body)}); if (r.status===402){ const info = await r.json(); const receipt = await pay(info); r = await fetch(base+'/v1/validate',{method:'POST',headers:{'content-type':'application/json','Authorization':`X402 ${receipt}`},body:JSON.stringify(body)}); } const out = await r.json(); ``` **Python** ```python import requests body = {"taskRef":"demo-1","input":{"uri":"ipfs://...","hash":"0x...","type":"text"},"candidateOutputs":[{"uri":"ipfs://...","hash":"0x..."}],"policy":{"id":"embedding-cluster-v2","params":{"redundancy":3}}} resp = requests.post(url+'/v1/validate', json=body) if resp.status_code==402: info = resp.json(); receipt = pay(info) resp = requests.post(url+'/v1/validate', json=body, headers={'Authorization': f'X402 {receipt}'}) print(resp.json()) ``` *** ### 14) Deployment & Ops Gateway + horizontal scale; sticky routing by `taskRef`. Pre‑warm embedding caches. Backpressure with per‑tenant queues and circuit breakers. *** ### 15) Roadmap * **M1:** Freeze schemas (MCP/HTTP), 8004 mapping; publish OpenAPI + example artifacts. * **M2:** x402 verifier + delegated session hooks; events `PaymentReceived/Applied`. * **M3:** Policy Engine v1 (Embedding‑Cluster‑v2, Rule‑based); deterministic mode. * **M4:** Observability/security hardening; JWKS rotation; artifact pinning. * **M5:** Limited partner pilot; publish SDKs and 8004 sample verifications. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cortensor.network/technical-architecture/designs-wip/wip-drfat-agent-validator-cor-prover-agentic-mcp-+-erc-8004.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.