Spec 21 (#92)

# Torus Network v0.5 Changelog

This release introduces major architectural changes to enable
decentralized economic relationships, improved governance flexibility,
and preparation for off-chain service integration. The changes span
several months of development focused on creating a more sophisticated
and scalable network.

## Major Features

### Permission System (permission0 pallet)

A comprehensive permission framework that revolutionizes how agents
interact economically within the network:

- Agents can now share their token emissions with contributors through
recursive permission trees. Supports percentage-based streams or fixed
amounts, with flexible distribution controls (manual, automatic
threshold, scheduled).
- Permissions can be managed by arbiters (multi-sig groups) for enhanced
security and decentralized control.
- Governance powers are now granular with specific permissions for
application review, whitelist management, and penalty control. Replaces
the old curator system with a more flexible approach.
- Built-in protections against double-spending and infinite recursion
ensure tokenomics.

### Namespace System

A hierarchical naming system that functions as decentralized
DNS/capability listing for agent services:

- Agents can create dot-separated paths like `agent.alice.api.v2` to
organize their off-chain services.
- Owning a namespace gives control over all sub-paths, enabling
structured delegation of services.
- Base fees go to treasury while refundable deposits incentivize
efficient storage use.
- Namespaces can be delegated through the permission system, enabling
complex service architectures.

### Agent Management Improvements

- Agent names are automatically converted to namespace-compliant format
(lowercase, no spaces) during the upgrade.
- Curators can now freeze/unfreeze agents, adding a new governance tool
for spam control.
- Agent metadata updates now have cooldowns to prevent spam and ensure
stability.
- Burn parameters adjusted for better economic balance during high
registration activity.

### Economic Enhancements

- All transaction fees now flow to the treasury instead of being burned,
providing sustainable funding for network development.
- Only whitelisted agents receive emissions, ensuring quality
participants chosen by the DAO are rewarded.
- Permission holders can dynamically adjust how they distribute received
emissions.
- Distribution remainders are now properly accumulated, preventing token
loss.

### Developer Experience

- Proof-of-work based faucet for obtaining testnet tokens, preventing
abuse while maintaining accessibility.
- Comprehensive docs for all pallets now auto-published to GitHub Pages.
- New `torus0_namespacePathCreationCost` RPC for calculating namespace
fees upfront.
- Integrated coverage reporting with `cargo xtask coverage` for
maintaining code quality.

## Bug Fixes & Safety Improvements

- Critical fix ensuring stakes are properly refunded before clearing
storage during de-registration.
- Banned arithmetic side effects throughout the runtime, using
saturating operations to prevent overflows.
- All agents now automatically delegate weights to allocators,
simplifying the onboarding process.

## Governance Changes

- Instead of all-or-nothing curator status, specific permissions can be
granted.
- Improved with better event emissions and clearer execution flows.
- Now integrated with the permission system for more flexible control.

## Infrastructure

- Enhanced GitHub Actions for automated testing, documentation, and
Docker builds.
- Added development container configuration for consistent environments.
- Migrated CI infrastructure for better performance.

This release represents a fundamental evolution of the Torus Network,
creating the foundation for a truly decentralized economy where agents
can form complex relationships, share resources, and organize their
services in meaningful ways.



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary by CodeRabbit

* **New Features**
* Introduced a comprehensive permission system enabling emission,
curator, and namespace permissions with fine-grained control,
revocation, and enforcement.
* Added namespace management: users can create and delete hierarchical
namespaces with associated economic and permission models.
* Added a testnet-only faucet feature allowing users to obtain test
tokens via proof-of-work.
* Expanded governance with freezing controls for agent/namespace
registration and more granular role/permission management.
  * Added new RPC endpoints for permission and namespace queries.
* Enhanced agent management with update cooldowns and namespace
integration.

* **Improvements**
* Unified numeric types for emission calculations, improving precision
and consistency.
* Refined governance proposal lifecycle, voting, and reward distribution
with improved type safety and fixed-point math.
* Strengthened access controls and permission checks across emission,
governance, and agent operations.
* Improved documentation, developer guides, and user manuals for new
features and workflows.
* Expanded benchmarking and test coverage for new and existing modules.

* **Bug Fixes**
* Fixed edge cases in emission and permission logic, including overflow
handling and delegation validation.
* Addressed governance and agent update race conditions with improved
cooldown and permission enforcement.

* **Chores**
* Updated dependencies, development environment, CI workflows, and added
new workspace members for modularity.
* Upgraded Nix flake and build tooling for improved developer
experience.

* **Documentation**
* Added detailed docs covering permission system, namespaces, emission
mechanics, governance structure, deployment, and developer tooling.

* **Style/Refactor**
* Refactored imports, code organization, and type usage for clarity and
maintainability.
* Removed deprecated benchmarking and test files, replacing them with
updated implementations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: saiintbrisson

.devcontainer/devcontainer.json

@@ -0,0 +1,8 @@
+{
+  "image": "mcr.microsoft.com/devcontainers/universal:2",
+  "features": {
+    "ghcr.io/devcontainers/features/nix:1": {
+      "flake": "github:nixos/nixpkgs/nixpkgs-unstable#direnv"
+    }
+  }
+}

.github/CODEOWNERS

@@ -1,4 +1,4 @@
-* @supremesource @saiintbrisson @steinerkelvin @devwckd
+* @functor-flow @saiintbrisson @steinerkelvin @devwckd
 
 /.github/workflows/* @steinerkelvin @daviptrs @saiintbrisson
 /docker/**/*         @steinerkelvin @daviptrs @saiintbrisson

.github/workflows/build-docker.yml .github/workflows/build-docker-node.yml.github/workflows/build-docker.yml renamed to .github/workflows/build-docker-node.yml

@@ -1,8 +1,12 @@
-name: Build and push Docker image
+name: Build Torus node Docker image
 
 on:
   push:
-    branches: [main, testnet, github-ci-test]
+    branches:
+      - main
+      - dev
+      - testnet
+      - github-ci-test
     tags:
       - "*"
 
@@ -13,9 +17,9 @@ concurrency:
 jobs:
   build-n-push:
     permissions: write-all
-    runs-on: ubuntu-22.04-32core-karl
+    runs-on: ubicloud-standard-16
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - id: commit
         uses: prompt/actions-commit-hash@v3

.github/workflows/build-docker-xtask.yml

@@ -0,0 +1,50 @@
+name: Build xtask cli tool Docker image
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+      - github-ci-test
+    paths:
+      - "xtask/**"
+      - ".github/workflows/build-docker-xtask.yml"
+      - "docker/xtask.dockerfile"
+
+jobs:
+  docker:
+    permissions:
+      contents: read
+      packages: write
+    runs-on: ubicloud-standard-2
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/torus-xtask
+          tags: |
+            type=sha,prefix=,enable=true
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          file: ./docker/xtask.dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/build-docs.yml

@@ -0,0 +1,46 @@
+name: Build docs and publish to github pages
+
+on:
+  push:
+    branches:
+      - main
+    
+jobs:
+  publish:
+    permissions:
+      contents: read
+      id-token: write
+      pages: write
+    runs-on: ubicloud-standard-2
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+      
+      - name: Install Rust toolchain
+        run: |
+          rustup set profile minimal
+          rustup show
+
+      - name: Install Protoc
+        uses: arduino/setup-protoc@v1
+        with:
+          version: 3.20.1
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate Docs
+        run: |
+          cargo doc --workspace --no-deps
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: 'target/doc/'
+
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/build.yml .github/workflows/build-runtime.yml.github/workflows/build.yml renamed to .github/workflows/build-runtime.yml

@@ -1,22 +1,22 @@
-name: Build Torus Runtime
+name: Build Torus runtime
 
 on:
   workflow_dispatch:
   push:
-    tags:
-      - "runtime/*"
     branches:
       - "github-ci-test"
       - "build-runtime*"
       - "testnet"
+    tags:
+      - "runtime/*"
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
   build:
-    runs-on: ubuntu-22.04-32core-karl
+    runs-on: ubicloud-standard-16
 
     steps:
       - uses: actions/checkout@v4
@@ -37,7 +37,8 @@ jobs:
 
       - name: Build runtime
         run: |
-          cargo build --release --timings --package torus-runtime
+          echo "Building ${{ startsWith(github.ref, 'refs/tags/runtime/testnet') && 'with testnet feature flag' || 'without testnet feature flag' }}"
+          cargo build --release --timings --package torus-runtime ${{ startsWith(github.ref, 'refs/tags/runtime/testnet') && '--features testnet' || '' }}
 
           export SHA256SUM=$(sha256sum target/release/wbuild/torus-runtime/torus_runtime.compact.compressed.wasm | cut -d ' ' -f1)
           echo Hash of compact and compressed WASM: $SHA256SUM

.github/workflows/check.yml

@@ -11,7 +11,14 @@ concurrency:
 
 jobs:
   check:
-    runs-on: ubuntu-24.04-8core-bakunin
+    permissions:
+      pull-requests: write
+      id-token: write
+      pages: write
+      checks: write
+      contents: write
+
+    runs-on: ubicloud-standard-8
 
     steps:
       - uses: actions/checkout@v4
@@ -44,8 +51,86 @@ jobs:
           args: --color=always --tests -- -D warnings
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Run tests
+      # - name: Run tests
+      #   env:
+      #     RUST_BACKTRACE: 1
+      #     SKIP_WASM_BUILD: 1
+      #   run: cargo test
+
+      - uses: jwalton/gh-find-current-pr@v1
+        id: findPr
+
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+        id: extractBranch
+
+      - name: Install cargo-llvm-cov
+        if: success() && steps.findPr.outputs.number && steps.extractBranch.outputs.branch
+        uses: taiki-e/install-action@cargo-llvm-cov
+
+      - name: Install cargo-xtask
+        if: success() && steps.findPr.outputs.number && steps.extractBranch.outputs.branch
+        run: cargo install cargo-xtask
+
+      - name: Generate lcov code coverage
+        if: success() && steps.findPr.outputs.number && steps.extractBranch.outputs.branch
+        run: cargo xtask coverage
         env:
           RUST_BACKTRACE: 1
           SKIP_WASM_BUILD: 1
-        run: cargo test
+
+      - name: Generate coverage summary report
+        if: success() && steps.findPr.outputs.number && steps.extractBranch.outputs.branch
+        uses: irongut/[email protected]
+        with:
+          filename: target/cov.xml
+          badge: true
+          format: markdown
+          hide_branch_rate: false
+          hide_complexity: true
+          indicators: true
+          output: both
+
+      - name: Generate html code coverage
+        if: success() && steps.findPr.outputs.number && steps.extractBranch.outputs.branch
+        run: cargo xtask coverage --html
+        env:
+          RUST_BACKTRACE: 1
+          SKIP_WASM_BUILD: 1
+
+      - name: Upload html report to S3 Bucket
+        if: success() && steps.findPr.outputs.number && steps.extractBranch.outputs.branch
+        id: htmlUpload
+        continue-on-error: true
+        run: |
+          aws --endpoint-url $ENDPOINT s3 sync ./target/llvm-cov/html s3://$BUCKET_NAME/$BRANCH --acl public-read
+          echo "link=https://$BUCKET_NAME.$REGION.$ENDPOINT_DOMAIN/$BRANCH/index.html" >> $GITHUB_OUTPUT
+        env:
+          BRANCH: ${{ steps.extractBranch.outputs.branch }}
+          ENDPOINT: ${{ vars.COV_ENDPOINT_URL }}
+          BUCKET_NAME: ${{ vars.COV_BUCKET_NAME }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.COV_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.COV_AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ vars.COV_DEFAULT_REGION }}
+          REGION: nyc3
+          ENDPOINT_DOMAIN: "digitaloceanspaces.com"
+
+      - name: Add coverage PR report comment
+        if: success() && steps.findPr.outputs.number
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: report
+          number: ${{ steps.findPr.outputs.pr }}
+          recreate: true
+          path: code-coverage-results.md
+
+      - name: Add coverage PR html comment
+        if: success() && steps.findPr.outputs.number
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: html
+          number: ${{ steps.findPr.outputs.pr }}
+          recreate: true
+          message: |
+            [Detailed coverage report](${{ steps.htmlUpload.outputs.link }})

.gitignore

@@ -1,3 +1,6 @@
+# Local files
+*.local.*
+
 # Temporary files
 /tmp/
 

.vscode/extensions.json

@@ -1,6 +1,7 @@
 {
   "recommendations": [
     "streetsidesoftware.code-spell-checker",
-    "rust-lang.rust-analyzer"
+    "rust-lang.rust-analyzer",
+    "ryanluker.vscode-coverage-gutters"
   ]
-}
+}

.vscode/settings.json

@@ -2,7 +2,25 @@
   // Editor
   "editor.formatOnSave": true,
   // Rust
-  "rust-analyzer.cargo.extraEnv": { "SKIP_WASM_BUILD": "1" },
-  "rust-analyzer.check.extraEnv": { "SKIP_WASM_BUILD": "1" },
-  "rust-analyzer.cargo.features": ["runtime-benchmarks"]
+  "rust-analyzer.cargo.extraEnv": {
+    "SKIP_WASM_BUILD": "1"
+  },
+  "rust-analyzer.check.extraEnv": {
+    "SKIP_WASM_BUILD": "1"
+  },
+  "rust-analyzer.cargo.features": ["runtime-benchmarks", "testnet"],
+  "coverage-gutters.coverageFileNames": ["target/cov.xml"],
+  // Spell checker
+  "cSpell.words": [
+    "alice",
+    "buildx",
+    "devcontainers",
+    "extrinsics",
+    "irongut",
+    "jwalton",
+    "mainnet",
+    "presign",
+    "Swatinem",
+    "wbuild"
+  ]
 }