Skip to content

Extract runtime wiring from governance umbrella PR#2715

Open
l0r1s wants to merge 1 commit into
governance-referendafrom
governance-wiring
Open

Extract runtime wiring from governance umbrella PR#2715
l0r1s wants to merge 1 commit into
governance-referendafrom
governance-wiring

Conversation

@l0r1s
Copy link
Copy Markdown
Collaborator

@l0r1s l0r1s commented Jun 3, 2026

DO NOT MERGE

@l0r1s l0r1s mentioned this pull request Jun 3, 2026
Open
@l0r1s l0r1s marked this pull request as ready for review June 3, 2026 19:49
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 3, 2026
edited
Loading

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

BASELINE scrutiny: established write-permission contributor with substantial repo history, no Gittensor allowlist match found; branch governance-wiring -> governance-referenda.

Reviewed the runtime governance wiring, root-registered hotkey count/EMA paths, migration backfill, referenda/signed-voting integration, Cargo changes, workflow/script additions, and trusted-review-path exposure. No .github/ai-review/* or .github/copilot-instructions.md modifications are present in this diff.

Findings

No findings.

Conclusion

No malicious behavior or security vulnerability was identified from static review of the prefetched diff. The runtime-facing changes use root-gated membership management, non-submittable review track wiring, bounded voter snapshots, and guarded scheduler transitions without an apparent bypass.

🔍 AI Review — Auditor (domain review)

VERDICT: 👎

Gittensor: not allowlist-matched; author has repo write permission and a substantial contribution history, so review was calibrated as established-contributor work.

Static domain review focused on the new governance runtime wiring, root-registration accounting, EMA sampling, collective rotation, referenda tracks, and the added TypeScript governance tests. I did not find a code-level blocker in the reviewed diff.

Duplicate-work check found overlapping files with the stacked governance PRs and other open runtime PRs, but this branch is based on governance-referenda and appears to be the wiring layer on top of that stack rather than a competing implementation.

Spec version: no auto-fix performed because this PR targets governance-referenda, which is not one of the branches with a live-network spec-version check in the review instructions.

Verification gap: I attempted cargo check -p node-subtensor-runtime --features std, but it could not start because rustup tried to create a temp file under read-only /home/runner/.rustup. No workspace files were modified.

Findings

Sev File Finding
MEDIUM PR body PR is explicitly marked DO NOT MERGE (off-diff)

Other findings

  • [MEDIUM] PR is explicitly marked DO NOT MERGE (PR body) — The entire PR body is DO NOT MERGE. That is an explicit non-readiness signal and leaves reviewers without the required motivation, behavioral impact, migration/spec-version notes, and testing summary for a large runtime-governance change. Replace it with a substantive description only when this branch is intended to be mergeable.

Conclusion

Blocking because the PR is explicitly marked DO NOT MERGE and has no substantive PR description, so it is not ready to approve even though the static code review did not surface a domain blocker.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 3, 2026

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@l0r1s