fix(namespaces): prevent de-registering root (#117)

saiintbrisson · web-flow · commit 5d79e22fd8d3 · 2025-07-06T22:02:47.000+02:00
This patch prevents a registered agent from de-registering the agent
entry (`agent.&lt;name&gt;`) through the `delete_namespace` extrinsic.
diff --git a/flake.lock b/flake.lock
diff --git a/node/src/cli/eth.rs b/node/src/cli/eth.rs
@@ -1,3 +1,5 @@
+#![allow(clippy::result_large_err)]
+
 use std::{
     collections::BTreeMap,
     path::PathBuf,
diff --git a/node/src/command/benchmarking.rs b/node/src/command/benchmarking.rs
@@ -171,6 +171,6 @@ pub fn inherent_benchmark_data() -> Result<InherentData> {
     let timestamp = sp_timestamp::InherentDataProvider::new(d.into());
 
     futures::executor::block_on(timestamp.provide_inherent_data(&mut inherent_data))
-        .map_err(|e| format!("creating inherent data: {:?}", e))?;
+        .map_err(|e| format!("creating inherent data: {e:?}"))?;
     Ok(inherent_data)
 }
diff --git a/node/src/main.rs b/node/src/main.rs
@@ -1,3 +1,4 @@
+#![allow(clippy::result_large_err)]
 //! The Torus node implementation.
 
 mod chain_spec;
diff --git a/node/src/service.rs b/node/src/service.rs
@@ -14,6 +14,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+#![allow(clippy::result_large_err)]
 
 use std::{pin::Pin, sync::Arc, time::Duration};
 
diff --git a/pallets/emission0/src/distribute.rs b/pallets/emission0/src/distribute.rs
@@ -204,9 +204,11 @@ impl<T: Config> ConsensusMemberInput<T> {
 
         let validator_permit = total_stake >= min_validator_stake && !weights.is_empty();
 
-        let weights = validator_permit
-            .then(|| Self::prepare_weights(weights, &agent_id))
-            .unwrap_or_default();
+        let weights = if validator_permit {
+            Self::prepare_weights(weights, &agent_id)
+        } else {
+            Default::default()
+        };
 
         ConsensusMemberInput {
             registered: <T::Torus>::is_agent_registered(&agent_id)
diff --git a/pallets/torus0/api/src/lib.rs b/pallets/torus0/api/src/lib.rs
@@ -82,6 +82,12 @@ impl NamespacePath {
         NamespacePath(b"agent".to_vec().try_into().unwrap())
     }
 
+    /// Create a new root agent namespace path from the agent name
+    pub fn new_agent_root(agent_name: &[u8]) -> Result<Self, &'static str> {
+        let namespace_path: Vec<_> = [NAMESPACE_AGENT_PREFIX, agent_name].concat();
+        Self::new_agent(&namespace_path)
+    }
+
     /// Create a new namespace path from bytes with validation
     pub fn new_agent(bytes: &[u8]) -> Result<Self, &'static str> {
         if bytes.is_empty() {
@@ -192,6 +198,19 @@ impl NamespacePath {
 
         parents
     }
+
+    /// Wether the namespace is an agent root path: "agent.<name>".
+    pub fn is_agent_root(&self) -> bool {
+        if self.depth() != 2 {
+            return false;
+        }
+
+        if let Some(root) = self.segments().next() {
+            root == b"agent"
+        } else {
+            false
+        }
+    }
 }
 
 impl Debug for NamespacePath {
@@ -293,4 +312,47 @@ mod tests {
         assert_eq!(parents[1].as_bytes(), b"agent.alice");
         assert_eq!(parents[2].as_bytes(), b"agent");
     }
+
+    #[test]
+    fn test_is_agent_root() {
+        let agent_alice = NamespacePath::new_agent(b"agent.alice").unwrap();
+        assert!(agent_alice.is_agent_root());
+
+        let agent_bob = NamespacePath::new_agent(b"agent.bob").unwrap();
+        assert!(agent_bob.is_agent_root());
+
+        let deeper = NamespacePath::new_agent(b"agent.alice.memory").unwrap();
+        assert!(!deeper.is_agent_root());
+
+        let just_agent = NamespacePath::agent_root();
+        assert!(!just_agent.is_agent_root());
+    }
+
+    #[test]
+    fn test_new_agent_root() {
+        let alice_root = NamespacePath::new_agent_root(b"alice").unwrap();
+        assert_eq!(alice_root.as_bytes(), b"agent.alice");
+        assert!(alice_root.is_agent_root());
+
+        let bob_root = NamespacePath::new_agent_root(b"bob").unwrap();
+        assert_eq!(bob_root.as_bytes(), b"agent.bob");
+        assert!(bob_root.is_agent_root());
+
+        assert!(NamespacePath::new_agent_root(b"alice123").is_ok());
+        assert!(NamespacePath::new_agent_root(b"alice-test").is_ok());
+        assert!(NamespacePath::new_agent_root(b"alice_test").is_ok());
+
+        assert!(
+            NamespacePath::new_agent_root(b"Alice").is_err(),
+            "uppercase should fail"
+        );
+        assert!(
+            NamespacePath::new_agent_root(b"alice!").is_err(),
+            "special chars should fail"
+        );
+        assert!(
+            NamespacePath::new_agent_root(b"").is_err(),
+            "empty name should fail"
+        );
+    }
 }
diff --git a/pallets/torus0/src/agent.rs b/pallets/torus0/src/agent.rs
@@ -1,7 +1,7 @@
 use codec::{Decode, Encode, MaxEncodedLen};
 use pallet_emission0_api::Emission0Api;
 use pallet_governance_api::GovernanceApi;
-use pallet_torus0_api::{NamespacePath, NAMESPACE_AGENT_PREFIX};
+use pallet_torus0_api::NamespacePath;
 use polkadot_sdk::{
     frame_election_provider_support::Get,
     frame_support::{
@@ -78,8 +78,7 @@ pub fn register<T: crate::Config>(
         crate::Error::<T>::TooManyAgentRegistrationsThisInterval
     );
 
-    let namespace_path: Vec<_> = [NAMESPACE_AGENT_PREFIX, &name].concat();
-    let namespace_path = NamespacePath::new_agent(&namespace_path).map_err(|err| {
+    let namespace_path = NamespacePath::new_agent_root(&name).map_err(|err| {
         warn!("{agent_key:?} tried using invalid name: {err:?}");
         crate::Error::<T>::InvalidNamespacePath
     })?;
@@ -140,8 +139,7 @@ pub fn unregister<T: crate::Config>(agent_key: AccountIdOf<T>) -> DispatchResult
 
     let agent = crate::Agents::<T>::get(&agent_key).ok_or(crate::Error::<T>::AgentDoesNotExist)?;
 
-    let namespace_path: Vec<_> = [NAMESPACE_AGENT_PREFIX, &agent.name].concat();
-    let namespace_path = NamespacePath::new_agent(&namespace_path)
+    let namespace_path = NamespacePath::new_agent_root(&agent.name)
         .map_err(|_| crate::Error::<T>::InvalidNamespacePath)?;
     crate::namespace::delete_namespace::<T>(
         crate::namespace::NamespaceOwnership::Account(agent_key.clone()),
diff --git a/pallets/torus0/src/lib.rs b/pallets/torus0/src/lib.rs
@@ -390,8 +390,8 @@ pub mod pallet {
                 NamespacePath::new_agent(&path).map_err(|_| Error::<T>::InvalidNamespacePath)?;
 
             ensure!(
-                !T::Permission0::is_delegating_namespace(&owner, &namespace_path),
-                Error::<T>::NamespaceBeingDelegated
+                !namespace_path.is_agent_root(),
+                Error::<T>::InvalidNamespacePath
             );
 
             namespace::delete_namespace::<T>(NamespaceOwnership::Account(owner), namespace_path)
diff --git a/pallets/torus0/src/migrations.rs b/pallets/torus0/src/migrations.rs
@@ -64,7 +64,7 @@ pub mod v4 {
 }
 
 pub mod v5 {
-    use pallet_torus0_api::{NamespacePath, NAMESPACE_AGENT_PREFIX};
+    use pallet_torus0_api::NamespacePath;
     use polkadot_sdk::{
         frame_support::{migrations::VersionedMigration, traits::UncheckedOnRuntimeUpgrade},
         sp_tracing::{error, info},
@@ -138,15 +138,10 @@ pub mod v5 {
                     continue;
                 };
 
-                let path: polkadot_sdk::sp_std::vec::Vec<_> =
-                    [NAMESPACE_AGENT_PREFIX, agent_name.as_bytes()].concat();
-                let path = match NamespacePath::new_agent(&path) {
+                let path = match NamespacePath::new_agent_root(agent_name.as_bytes()) {
                     Ok(path) => path,
                     Err(err) => {
-                        error!(
-                            "cannot create path for agent {agent_name:?} ({:?}): {err:?}",
-                            core::str::from_utf8(&path)
-                        );
+                        error!("cannot create path for agent {agent_name:?}: {err:?}");
                         continue;
                     }
                 };
diff --git a/pallets/torus0/src/namespace.rs b/pallets/torus0/src/namespace.rs
@@ -1,5 +1,6 @@
 use codec::{Decode, Encode, MaxEncodedLen};
 use pallet_governance_api::GovernanceApi;
+use pallet_permission0_api::Permission0NamespacesApi;
 use polkadot_sdk::{
     frame_support::{
         traits::{ExistenceRequirement, ReservableCurrency},
@@ -262,6 +263,13 @@ pub fn delete_namespace<T: Config>(
         Error::<T>::NamespaceNotFound
     );
 
+    if let NamespaceOwnership::Account(owner) = &owner {
+        ensure!(
+            !T::Permission0::is_delegating_namespace(owner, &path),
+            Error::<T>::NamespaceBeingDelegated
+        );
+    }
+
     let mut total_deposit = BalanceOf::<T>::zero();
     let namespaces_to_delete: Vec<_> = Namespaces::<T>::iter_prefix(&owner)
         .filter_map(|(other, metadata)| {
diff --git a/pallets/torus0/tests/agent.rs b/pallets/torus0/tests/agent.rs
@@ -1,5 +1,6 @@
 use pallet_governance_api::GovernanceApi;
 use pallet_torus0::{agent::Agent, AgentUpdateCooldown, Agents, Burn, Error};
+use pallet_torus0_api::NamespacePath;
 use polkadot_sdk::{frame_support::assert_err, sp_core::Get, sp_runtime::Percent};
 use test_utils::{
     assert_ok, clear_cooldown, get_balance, get_origin,
@@ -18,7 +19,7 @@ fn register_correctly() {
         let agent_id = 0;
         let allocator_id = 1;
 
-        let name = b"agent".to_vec();
+        let name = b"alice".to_vec();
         let url = b"idk://agent".to_vec();
         let metadata = b"idk://agent".to_vec();
 
@@ -64,6 +65,11 @@ fn register_correctly() {
             Some(allocator_id)
         );
 
+        assert!(pallet_torus0::Namespaces::<Test>::contains_key(
+            pallet_torus0::namespace::NamespaceOwnership::Account(agent_id),
+            "agent.alice".parse::<NamespacePath>().unwrap()
+        ));
+
         assert_err!(
             pallet_torus0::agent::register::<Test>(
                 agent_id,
@@ -339,7 +345,7 @@ fn register_more_than_registrations_per_interval() {
 fn unregister_correctly() {
     test_utils::new_test_ext().execute_with(|| {
         let agent = 0;
-        let name = b"agent".to_vec();
+        let name = b"alice".to_vec();
         let url = b"idk://agent".to_vec();
         let metadata = b"idk://agent".to_vec();
 
@@ -355,10 +361,20 @@ fn unregister_correctly() {
             metadata.clone(),
         ));
 
+        assert!(pallet_torus0::Namespaces::<Test>::contains_key(
+            pallet_torus0::namespace::NamespaceOwnership::Account(agent),
+            "agent.alice".parse::<NamespacePath>().unwrap()
+        ));
+
         assert_ok!(pallet_torus0::Pallet::<Test>::unregister_agent(get_origin(
             agent
         )));
 
+        assert!(!pallet_torus0::Namespaces::<Test>::contains_key(
+            pallet_torus0::namespace::NamespaceOwnership::Account(agent),
+            "agent.alice".parse::<NamespacePath>().unwrap()
+        ));
+
         assert!(pallet_torus0::Agents::<Test>::get(agent).is_none());
     });
 }
diff --git a/pallets/torus0/tests/namespace.rs b/pallets/torus0/tests/namespace.rs
diff --git a/rust-toolchain.toml b/rust-toolchain.toml
diff --git a/test-utils/src/lib.rs b/test-utils/src/lib.rs

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+#![allow(clippy::result_large_err)]`
	`2`	`+`
`1`	`3`	`use std::{`
`2`	`4`	`collections::BTreeMap,`
`3`	`5`	`path::PathBuf,`
Original file line number	Diff line number	Diff line change
`@@ -171,6 +171,6 @@ pub fn inherent_benchmark_data() -> Result<InherentData> {`
`171`	`171`	`let timestamp = sp_timestamp::InherentDataProvider::new(d.into());`
`172`	`172`
`173`	`173`	`futures::executor::block_on(timestamp.provide_inherent_data(&mut inherent_data))`
`174`		`- .map_err(\|e\| format!("creating inherent data: {:?}", e))?;`
	`174`	`+ .map_err(\|e\| format!("creating inherent data: {e:?}"))?;`
`175`	`175`	`Ok(inherent_data)`
`176`	`176`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+#![allow(clippy::result_large_err)]`
`1`	`2`	`//! The Torus node implementation.`
`2`	`3`
`3`	`4`	`mod chain_spec;`