[WIP/DRFAT] Agent Validator / COR Prover (Agentic, MCP + ERC‑8004)
Technical Design & Payments (x402 + Native $COR)
0) Purpose & Summary
Design a public‑facing validator that external agents can invoke via MCP (Model Context Protocol) or HTTP and that publishes ERC‑8004‑compatible artifacts for discovery/verification. The service validates agent tasks by comparing candidate outputs against redundant miner consensus (via Cortensor Sessions) and/or against optional expected outputs.
Background & Existing Capabilities
Validator v3 (internal): LLM‑based evaluation used for Cortensor network tasks (PoI/PoUW). It is tightly coupled to Cortensor‑native events and schemas.
Gap: Not generalized for public/agentic use; lacks MCP surface and 8004‑ready outputs.
Direction: Keep v3 for network ops; build a generalized public validator with normalized I/O, MCP + HTTP surfaces, ERC‑8004 mapping, and clean integration to Cortensor Sessions for redundant inference.
Analogy: Conceptually similar to a "prover network" pattern—independent workers produce evidence and a validator verifies/aggregates—but built as a public‑good, open service with MCP/HTTP interfaces and ERC‑8004‑compatible artifacts so anyone can integrate and verify.
Philosophy: Open interfaces, portable evidence (CIDs), and signed results to enable cross‑ecosystem verification without vendor lock‑in.
1) Goals & Non‑Goals
Goals
Standardized MCP and HTTP interfaces (capabilities, evaluate, health, pricing).
Agent Task Validation: accept
input+candidateOutputs(+ optionalexpected), compute scores using miner consensus and policy engine (LLM + embeddings).Two access paths: x402 pay‑per‑call and Cortensor Delegated Session (pre‑funded $COR).
Strong observability, security, and multi‑tenant controls.
2) Reference Architecture
2.1 High‑Level Overview
┌───────────────┐ MCP / HTTP ┌───────────────────┐
│ External │────────────────────────▶│ Validator Service │
│ Agent/Client │ │ (MCP + HTTP) │
└───────────────┘◀────────────────────────┤ Policy Engine │
402 (x402) / credit └───┬──────────────┘
│
┌──────────────────────┴─────────────────────┐
│ │
┌──────────────┐ ┌──────────────┐
│ x402 Handler │ │ Storage/ │
│ + Receipt │ │ Index (CIDs) │
│ Verifier │ └──────────────┘
└──────┬───────┘ │
│ credit │ evidence
▼ ▼
┌─────────────────────┐ ┌──────────────┐
│ Cortensor Session │ REST (Session API) │ 8004 Adapter │
│ (Delegated Session) │◀───────────────────────┤ (read‑write) │
└──────────┬──────────┘ └──────────────┘
│ submit task
▼ enqueues
┌──────────────┐ dispatch ┌──────────────┐
│ SessionQueue │────────────▶│ Router/Alloc │
│ V2 │ └──────┬───────┘
└──────────────┘ │ assigns
▼
┌──────────────┐
│ Miners (R) │
└──────────────┘2.2 Artifact Flow (Concept)
input (URI/hash) ─┐ ┌─► scores/confidence + evidence CIDs
candidateOutputs ─┼─► Validator (policy) ────┤
expected (opt) ───┘ └─► 8004‑compatible signed object
▲
│ (if required by policy)
└─► Cortensor Session → SessionQueueV2 → Miners (redundant outputs)3) Interfaces
3.1 MCP Surface (proposed)
Capabilities (mcp.capabilities)
{
"name": "cortensor-validator-agent",
"version": "0.1.0",
"capabilities": ["evaluate", "health", "pricing"],
"schemas": {
"input": "cortensor.validator.input.v1",
"output": "cortensor.validator.output.v1"
}
}Evaluate (mcp.evaluate) — cortensor.validator.input.v1
{
"taskRef": "string",
"input": { "uri": "ipfs://...|https://...", "hash": "0x...", "type": "text|image|audio|json" },
"candidateOutputs": [ { "uri": "ipfs://...", "hash": "0x...", "meta": {"model":"qwen2-7b"} } ],
"expected": { "uri": "ipfs://...", "hash": "0x..." },
"policy": { "id": "embedding-cluster-v2", "params": { "redundancy": 2 } },
"constraints": { "deterministic": true, "timeoutMs": 15000 }
}Output (cortensor.validator.output.v1)
{
"taskRef": "string",
"scores": [{ "candidate": 0, "score": 0.93 }],
"consensus": { "method": "centroid", "agreement": 0.88 },
"method": { "id": "embedding-cluster-v2", "version": "2.1.0" },
"evidence": { "centroids": "ipfs://...", "distances": "ipfs://..." },
"rationale": "short text",
"timestamps": { "received": "...", "completed": "..." },
"observability": { "latencyMs": 1830, "redundancy": 2 }
}Health (mcp.health) → { "ok": true }
Pricing (mcp.pricing) → { "unit": "credits", "pricePerUnit": "0.0005", "alt": [{"asset":"USDC","chain":"...","unitPrice":"..."}] }
3.2 HTTP/JSON API (mirror)
POST /v1/validate— body = MCP input; returns MCP outputGET /v1/healthzGET /v1/pricing
validateAgentTask (alias)
{
"taskRef": "agent-123",
"input": {"uri":"ipfs://bafy...","hash":"0x...","type":"text"},
"candidateOutputs": [ {"uri":"ipfs://bafy...cand0","hash":"0x..."} ],
"expected": {"uri":"ipfs://bafy...gt","hash":"0x..."},
"policy": {"id":"embedding-cluster-v2","params":{"redundancy":3}},
"constraints": {"timeoutMs": 20000}
}4) Payments & Access
4.1 x402 (Pay‑Per‑Call)
Flow
Client calls
/v1/validatewithout credit → service returns HTTP 402{ price, asset, payTo, memo }.Client pays; obtains receipt (on‑/off‑chain proof).
Client retries with
Authorization: X402 <receipt>.Service verifies receipt, mints internal credits, runs validation.
4.2 Cortensor Delegated Session (Pre‑Funded $COR)
Flow
Developer/partner pre‑funds a Cortensor Session in $COR (the delegated session).
Validator attaches the session token when it needs redundant inference.
Validator submits tasks to Session → they enter SessionQueueV2.
SessionQueueV2 dispatches to eligible miners via Router/allocator.
Validator consumes miner results, evaluates, and returns verdict.
Notes
Delegated session is Cortensor Session; same construct, funded ahead of time.
Staking‑aware throttles and rate limits may apply based on session tier.
5) Evaluation Policies (examples)
Embedding‑Cluster‑v2: cosine/Euclidean, centroid voting, outlier detection, deterministic seeds.
Rule‑Based: structural JSON checks, regex guardrails.
Hybrid: small verifier LLM + embeddings.
Policy Manifest
{
"id": "embedding-cluster-v2",
"version": "2.1.0",
"models": {"embed": "text-emb-..."},
"parameters": {"redundancy": 3, "minAgreement": 0.6, "outlierZ": 2.5},
"deterministic": true
}6) Storage & Indexing
Persist taskRef, input/candidate CIDs+hashes, miner outputs CIDs, policy manifest, scores, rationale, timestamps, and signatures. Index by taskRef, agentId, policy id@version.
7) Auth, Quota, Throttles
API keys, session tokens, and X402 receipts. Per‑tenant QPS/burst caps; stake‑tiered limits for delegated sessions. Size limits and URI allow‑lists for artifact fetch.
8) Observability & Events
Metrics: request count, P50/90/99, acceptance, disagreement, drift. Events: PaymentReceived, CreditApplied, ValidationStarted, ValidationCompleted, EvidencePublished.
9) Security Considerations
Artifact integrity (hash+length), sandboxed evaluators, signed outputs (Ed25519/SECP256K1), JWKS rotation, redaction of PII, miner ID tokenization in public artifacts.
10) Error Model
NO_CREDIT
402
Payment required
Follow x402 or use delegated session
INVALID_RECEIPT
400
Unverifiable payment
Recheck asset/amount/txid
POLICY_UNSUPPORTED
400
Unknown policy
Query capabilities, retry
ARTIFACT_UNAVAILABLE
424
Unfetchable inputs/outputs
Re‑upload or pin CIDs
TIMEOUT
504
Exceeded compute budget
Increase timeout or reduce size
11) ERC‑8004 Mapping (read‑only)
Minimal object emitted for discovery/verification:
{
"agentId": "did:pkh:eip155:1:0xValidator...",
"agentType": "validator",
"taskRef": "bafy...",
"evidenceUri": ["ipfs://bafy...centroids", "ipfs://bafy...distances"],
"scoreVectorUri": "ipfs://bafy...scores",
"policyManifestUri": "ipfs://bafy...policy.json",
"signature": "0x..."
}12) Sequences
A) Basic Validation (no auxiliary inference)
Client →
/v1/validatewith input + candidates.Policy runs (no miner calls); result returned with evidence.
B) Delegated Session (redundant inference)
Validator attaches session token → submits task to Session.
SessionQueueV2 → miners → outputs return.
Policy compares candidates vs consensus → verdict.
C) External Agent + Auxiliary Inference (fallback)
Client submits artifacts; policy deems confidence low.
Validator triggers Session path to gather redundant outputs.
Recompute verdict with augmented evidence.
D) Oracle‑Style Agent Task Validation
Client includes
expectedoutput.Policy computes candidate vs expected and candidate vs consensus scores.
Evidence published; 8004 object signed and emitted.
13) SDK Sketches
TypeScript
const body = { taskRef:"demo-1", input:{uri:"ipfs://...",hash:"0x...",type:"text"}, candidateOutputs:[{uri:"ipfs://...",hash:"0x..."}], policy:{id:"embedding-cluster-v2",params:{redundancy:3}} };
let r = await fetch(base+'/v1/validate',{method:'POST',headers:{'content-type':'application/json'},body:JSON.stringify(body)});
if (r.status===402){ const info = await r.json(); const receipt = await pay(info); r = await fetch(base+'/v1/validate',{method:'POST',headers:{'content-type':'application/json','Authorization':`X402 ${receipt}`},body:JSON.stringify(body)}); }
const out = await r.json();Python
import requests
body = {"taskRef":"demo-1","input":{"uri":"ipfs://...","hash":"0x...","type":"text"},"candidateOutputs":[{"uri":"ipfs://...","hash":"0x..."}],"policy":{"id":"embedding-cluster-v2","params":{"redundancy":3}}}
resp = requests.post(url+'/v1/validate', json=body)
if resp.status_code==402:
info = resp.json(); receipt = pay(info)
resp = requests.post(url+'/v1/validate', json=body, headers={'Authorization': f'X402 {receipt}'})
print(resp.json())14) Deployment & Ops
Gateway + horizontal scale; sticky routing by taskRef. Pre‑warm embedding caches. Backpressure with per‑tenant queues and circuit breakers.
15) Roadmap
M1: Freeze schemas (MCP/HTTP), 8004 mapping; publish OpenAPI + example artifacts.
M2: x402 verifier + delegated session hooks; events
PaymentReceived/Applied.M3: Policy Engine v1 (Embedding‑Cluster‑v2, Rule‑based); deterministic mode.
M4: Observability/security hardening; JWKS rotation; artifact pinning.
M5: Limited partner pilot; publish SDKs and 8004 sample verifications.
Last updated