# \[WIP/DRFAT] Agent Validator / COR Prover (Agentic, MCP + ERC‑8004) ### 0) Purpose & Summary Design a public‑facing validator that external agents can invoke via MCP (Model Context Protocol) or HTTP and that publishes ERC‑8004‑compatible artifacts for discovery/verification. The service validates agent tasks by comparing candidate outputs against redundant miner consensus (via Cortensor Sessions) and/or against optional expected outputs. #### Background & Existing Capabilities * **Validator v3 (internal):** LLM‑based evaluation used for Cortensor network tasks (PoI/PoUW). It is tightly coupled to Cortensor‑native events and schemas. * **Gap:** Not generalized for public/agentic use; lacks MCP surface and 8004‑ready outputs. * **Direction:** Keep **v3** for network ops; build a **generalized public validator** with normalized I/O, MCP + HTTP surfaces, ERC‑8004 mapping, and clean integration to Cortensor Sessions for redundant inference. * **Analogy:** Conceptually similar to a "prover network" pattern—independent workers produce evidence and a validator verifies/aggregates—**but** built as a public‑good, open service with MCP/HTTP interfaces and ERC‑8004‑compatible artifacts so anyone can integrate and verify. * **Philosophy:** Open interfaces, portable evidence (CIDs), and signed results to enable cross‑ecosystem verification without vendor lock‑in. ### 1) Goals & Non‑Goals **Goals** * Standardized **MCP** and **HTTP** interfaces (capabilities, evaluate, health, pricing). * **Agent Task Validation**: accept `input` + `candidateOutputs` (+ optional `expected`), compute scores using miner consensus and policy engine (LLM + embeddings). * Two access paths: **x402 pay‑per‑call** and **Cortensor Delegated Session** (pre‑funded $COR). * Strong observability, security, and multi‑tenant controls. *** ### 2) Reference Architecture #### 2.1 High‑Level Overview ``` ┌───────────────┐ MCP / HTTP ┌───────────────────┐ │ External │────────────────────────▶│ Validator Service │ │ Agent/Client │ │ (MCP + HTTP) │ └───────────────┘◀────────────────────────┤ Policy Engine │ 402 (x402) / credit └───┬──────────────┘ │ ┌──────────────────────┴─────────────────────┐ │ │ ┌──────────────┐ ┌──────────────┐ │ x402 Handler │ │ Storage/ │ │ + Receipt │ │ Index (CIDs) │ │ Verifier │ └──────────────┘ └──────┬───────┘ │ │ credit │ evidence ▼ ▼ ┌─────────────────────┐ ┌──────────────┐ │ Cortensor Session │ REST (Session API) │ 8004 Adapter │ │ (Delegated Session) │◀───────────────────────┤ (read‑write) │ └──────────┬──────────┘ └──────────────┘ │ submit task ▼ enqueues ┌──────────────┐ dispatch ┌──────────────┐ │ SessionQueue │────────────▶│ Router/Alloc │ │ V2 │ └──────┬───────┘ └──────────────┘ │ assigns ▼ ┌──────────────┐ │ Miners (R) │ └──────────────┘ ``` #### 2.2 Artifact Flow (Concept) ``` input (URI/hash) ─┐ ┌─► scores/confidence + evidence CIDs candidateOutputs ─┼─► Validator (policy) ────┤ expected (opt) ───┘ └─► 8004‑compatible signed object ▲ │ (if required by policy) └─► Cortensor Session → SessionQueueV2 → Miners (redundant outputs) ``` *** ### 3) Interfaces #### 3.1 MCP Surface (proposed) **Capabilities (`mcp.capabilities`)** ```json { "name": "cortensor-validator-agent", "version": "0.1.0", "capabilities": ["evaluate", "health", "pricing"], "schemas": { "input": "cortensor.validator.input.v1", "output": "cortensor.validator.output.v1" } } ``` **Evaluate (`mcp.evaluate`)** — `cortensor.validator.input.v1` ```json { "taskRef": "string", "input": { "uri": "ipfs://...|https://...", "hash": "0x...", "type": "text|image|audio|json" }, "candidateOutputs": [ { "uri": "ipfs://...", "hash": "0x...", "meta": {"model":"qwen2-7b"} } ], "expected": { "uri": "ipfs://...", "hash": "0x..." }, "policy": { "id": "embedding-cluster-v2", "params": { "redundancy": 2 } }, "constraints": { "deterministic": true, "timeoutMs": 15000 } } ``` **Output (`cortensor.validator.output.v1`)** ```json { "taskRef": "string", "scores": [{ "candidate": 0, "score": 0.93 }], "consensus": { "method": "centroid", "agreement": 0.88 }, "method": { "id": "embedding-cluster-v2", "version": "2.1.0" }, "evidence": { "centroids": "ipfs://...", "distances": "ipfs://..." }, "rationale": "short text", "timestamps": { "received": "...", "completed": "..." }, "observability": { "latencyMs": 1830, "redundancy": 2 } } ``` **Health (`mcp.health`)** → `{ "ok": true }` **Pricing (`mcp.pricing`)** → `{ "unit": "credits", "pricePerUnit": "0.0005", "alt": [{"asset":"USDC","chain":"...","unitPrice":"..."}] }` #### 3.2 HTTP/JSON API (mirror) * `POST /v1/validate` — body = MCP input; returns MCP output * `GET /v1/healthz` * `GET /v1/pricing` **`validateAgentTask` (alias)** ```json { "taskRef": "agent-123", "input": {"uri":"ipfs://bafy...","hash":"0x...","type":"text"}, "candidateOutputs": [ {"uri":"ipfs://bafy...cand0","hash":"0x..."} ], "expected": {"uri":"ipfs://bafy...gt","hash":"0x..."}, "policy": {"id":"embedding-cluster-v2","params":{"redundancy":3}}, "constraints": {"timeoutMs": 20000} } ``` *** ### 4) Payments & Access #### 4.1 x402 (Pay‑Per‑Call) **Flow** 1. Client calls `/v1/validate` without credit → service returns **HTTP 402** `{ price, asset, payTo, memo }`. 2. Client pays; obtains **receipt** (on‑/off‑chain proof). 3. Client retries with `Authorization: X402 `. 4. Service **verifies receipt**, mints internal credits, runs validation. #### 4.2 Cortensor Delegated Session (Pre‑Funded $COR) **Flow** 1. Developer/partner pre‑funds a **Cortensor Session** in $COR (the delegated session). 2. Validator attaches the **session token** when it needs redundant inference. 3. Validator submits tasks to **Session** → they enter **SessionQueueV2**. 4. **SessionQueueV2** dispatches to eligible miners via Router/allocator. 5. Validator consumes miner results, evaluates, and returns verdict. **Notes** * Delegated session **is** Cortensor Session; same construct, funded ahead of time. * Staking‑aware throttles and rate limits may apply based on session tier. *** ### 5) Evaluation Policies (examples) * **Embedding‑Cluster‑v2**: cosine/Euclidean, centroid voting, outlier detection, deterministic seeds. * **Rule‑Based**: structural JSON checks, regex guardrails. * **Hybrid**: small verifier LLM + embeddings. **Policy Manifest** ```json { "id": "embedding-cluster-v2", "version": "2.1.0", "models": {"embed": "text-emb-..."}, "parameters": {"redundancy": 3, "minAgreement": 0.6, "outlierZ": 2.5}, "deterministic": true } ``` *** ### 6) Storage & Indexing Persist `taskRef`, input/candidate CIDs+hashes, miner outputs CIDs, policy manifest, scores, rationale, timestamps, and signatures. Index by `taskRef`, `agentId`, `policy id@version`. *** ### 7) Auth, Quota, Throttles API keys, session tokens, and X402 receipts. Per‑tenant QPS/burst caps; stake‑tiered limits for delegated sessions. Size limits and URI allow‑lists for artifact fetch. *** ### 8) Observability & Events Metrics: request count, P50/90/99, acceptance, disagreement, drift. Events: `PaymentReceived`, `CreditApplied`, `ValidationStarted`, `ValidationCompleted`, `EvidencePublished`. *** ### 9) Security Considerations Artifact integrity (hash+length), sandboxed evaluators, signed outputs (Ed25519/SECP256K1), JWKS rotation, redaction of PII, miner ID tokenization in public artifacts. *** ### 10) Error Model | Code | HTTP | Meaning | Client Action | | ---------------------- | ---- | -------------------------- | ------------------------------------ | | `NO_CREDIT` | 402 | Payment required | Follow x402 or use delegated session | | `INVALID_RECEIPT` | 400 | Unverifiable payment | Recheck asset/amount/txid | | `POLICY_UNSUPPORTED` | 400 | Unknown policy | Query capabilities, retry | | `ARTIFACT_UNAVAILABLE` | 424 | Unfetchable inputs/outputs | Re‑upload or pin CIDs | | `TIMEOUT` | 504 | Exceeded compute budget | Increase timeout or reduce size | *** ### 11) ERC‑8004 Mapping (read‑only) Minimal object emitted for discovery/verification: ```json { "agentId": "did:pkh:eip155:1:0xValidator...", "agentType": "validator", "taskRef": "bafy...", "evidenceUri": ["ipfs://bafy...centroids", "ipfs://bafy...distances"], "scoreVectorUri": "ipfs://bafy...scores", "policyManifestUri": "ipfs://bafy...policy.json", "signature": "0x..." } ``` *** ### 12) Sequences **A) Basic Validation (no auxiliary inference)** 1. Client → `/v1/validate` with input + candidates. 2. Policy runs (no miner calls); result returned with evidence. **B) Delegated Session (redundant inference)** 1. Validator attaches session token → submits task to **Session**. 2. **SessionQueueV2** → miners → outputs return. 3. Policy compares candidates vs consensus → verdict. **C) External Agent + Auxiliary Inference (fallback)** 1. Client submits artifacts; policy deems confidence low. 2. Validator triggers Session path to gather redundant outputs. 3. Recompute verdict with augmented evidence. **D) Oracle‑Style Agent Task Validation** 1. Client includes `expected` output. 2. Policy computes candidate vs expected and candidate vs consensus scores. 3. Evidence published; 8004 object signed and emitted. *** ### 13) SDK Sketches **TypeScript** ```ts const body = { taskRef:"demo-1", input:{uri:"ipfs://...",hash:"0x...",type:"text"}, candidateOutputs:[{uri:"ipfs://...",hash:"0x..."}], policy:{id:"embedding-cluster-v2",params:{redundancy:3}} }; let r = await fetch(base+'/v1/validate',{method:'POST',headers:{'content-type':'application/json'},body:JSON.stringify(body)}); if (r.status===402){ const info = await r.json(); const receipt = await pay(info); r = await fetch(base+'/v1/validate',{method:'POST',headers:{'content-type':'application/json','Authorization':`X402 ${receipt}`},body:JSON.stringify(body)}); } const out = await r.json(); ``` **Python** ```python import requests body = {"taskRef":"demo-1","input":{"uri":"ipfs://...","hash":"0x...","type":"text"},"candidateOutputs":[{"uri":"ipfs://...","hash":"0x..."}],"policy":{"id":"embedding-cluster-v2","params":{"redundancy":3}}} resp = requests.post(url+'/v1/validate', json=body) if resp.status_code==402: info = resp.json(); receipt = pay(info) resp = requests.post(url+'/v1/validate', json=body, headers={'Authorization': f'X402 {receipt}'}) print(resp.json()) ``` *** ### 14) Deployment & Ops Gateway + horizontal scale; sticky routing by `taskRef`. Pre‑warm embedding caches. Backpressure with per‑tenant queues and circuit breakers. *** ### 15) Roadmap * **M1:** Freeze schemas (MCP/HTTP), 8004 mapping; publish OpenAPI + example artifacts. * **M2:** x402 verifier + delegated session hooks; events `PaymentReceived/Applied`. * **M3:** Policy Engine v1 (Embedding‑Cluster‑v2, Rule‑based); deterministic mode. * **M4:** Observability/security hardening; JWKS rotation; artifact pinning. * **M5:** Limited partner pilot; publish SDKs and 8004 sample verifications.