PyPI - blockmachine - Versions diffs - 0.2.1__tar.gz → 0.3.2__tar.gz - Mend

blockmachine 0.2.1tar.gz → 0.3.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

{blockmachine-0.2.1 → blockmachine-0.3.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: blockmachine
-Version: 0.2.1
+Version: 0.3.2
 Summary: Blockmachine CLI - Miner and validator operator interface
 License-Expression: MIT
 Project-URL: Homepage, https://github.com/taostat/blockmachine

{blockmachine-0.2.1 → blockmachine-0.3.2}/blockmachine.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: blockmachine
-Version: 0.2.1
+Version: 0.3.2
 Summary: Blockmachine CLI - Miner and validator operator interface
 License-Expression: MIT
 Project-URL: Homepage, https://github.com/taostat/blockmachine

{blockmachine-0.2.1 → blockmachine-0.3.2}/commands/miner.py RENAMED Viewed

@@ -1,9 +1,17 @@
 """Miner commands: node registration, secrets, and pricing"""
 import getpass
+import hashlib
+import ipaddress
+import json
+import logging
+import socket
+import ssl
 import time
-from typing import Optional
+from typing import Callable, Optional
+from urllib.parse import urlparse
+import httpx
 import typer
 from rich.console import Console
 from rich.table import Table
@@ -22,6 +30,7 @@ app.add_typer(secret_app, name="secret")
 app.add_typer(price_app, name="price")
 console = Console()
+logger = logging.getLogger(__name__)
 CHAIN = "tao"
@@ -89,6 +98,61 @@ def logout() -> None:
     do_logout()
+# ── TLS ──────────────────────────────────────────────────────────
+def _test_tls(hostname: str, port: int) -> tuple[bool, Optional[str], str]:
+    """Test TLS handshake. Return (ok, fingerprint, message)."""
+    try:
+        ctx = ssl.create_default_context()
+        ctx.check_hostname = False
+        ctx.verify_mode = ssl.CERT_NONE
+        with socket.create_connection((hostname, port), timeout=10) as sock:
+            with ctx.wrap_socket(sock, server_hostname=hostname) as tls:
+                der = tls.getpeercert(binary_form=True)
+                fp = hashlib.sha256(der).hexdigest() if der else None
+                return True, fp, "OK"
+    except Exception as e:
+        return False, None, str(e)
+def _bracket_ipv6(hostname: str) -> str:
+    """Wrap bare IPv6 addresses in brackets for use in URLs."""
+    try:
+        addr = ipaddress.ip_address(hostname)
+        if addr.version == 6:
+            return f"[{hostname}]"
+    except ValueError:
+        pass
+    return hostname
+def _is_ip_endpoint(endpoint: str) -> bool:
+    """Return True if the endpoint hostname is an IP address (not a domain)."""
+    hostname = urlparse(endpoint).hostname
+    if not hostname:
+        return False
+    try:
+        ipaddress.ip_address(hostname)
+        return True
+    except ValueError:
+        return False
+def _get_cert_fingerprint(endpoint: str) -> Optional[str]:
+    """Fetch the SHA256 fingerprint of the TLS leaf certificate."""
+    parsed = urlparse(endpoint)
+    hostname = parsed.hostname
+    port = parsed.port or 443
+    if not hostname:
+        return None
+    ok, fingerprint, _ = _test_tls(hostname, port)
+    if not ok:
+        logger.warning("Could not fetch TLS certificate from %s", endpoint)
+        return None
+    return fingerprint
 # ── Node CRUD ────────────────────────────────────────────────────
@@ -114,9 +178,22 @@ def add(
         console.print("[red]Secret must be at least 16 characters[/red]")
         raise typer.Exit(1)
+    fp = None
+    if _is_ip_endpoint(endpoint):
+        fp = _get_cert_fingerprint(endpoint)
+        if fp:
+            console.print(f"[dim]TLS fingerprint (pinned): {fp}[/dim]")
+        else:
+            console.print(
+                "[yellow]Warning: Could not fetch TLS certificate from endpoint.[/yellow]\n"
+                "[yellow]The gateway will not be able to verify this miner's identity.[/yellow]"
+            )
+    else:
+        console.print("[dim]Domain endpoint — using standard CA verification[/dim]")
     config = load_config()
     with RegistryClient(config) as client:
-        node_id = _create_node(client, endpoint, alias)
+        node_id = _create_node(client, endpoint, alias, cert_fingerprint=fp)
         _set_node_secret(client, node_id, secret)
         _set_node_price(client, node_id, price)
@@ -133,12 +210,17 @@ def _default_alias(endpoint: str) -> str:
     return f"tao-{host.replace('.', '-')}"
-def _create_node(client: RegistryClient, endpoint: str, alias: str) -> str:
+def _create_node(
+    client: RegistryClient,
+    endpoint: str,
+    alias: str,
+    cert_fingerprint: Optional[str] = None,
+) -> str:
     """Register a node and return its ID."""
-    response = client.post(
-        "/nodes",
-        json={"endpoint": endpoint, "chain": CHAIN, "alias": alias},
-    )
+    payload: dict = {"endpoint": endpoint, "chain": CHAIN, "alias": alias}
+    if cert_fingerprint is not None:
+        payload["cert_fingerprint"] = cert_fingerprint
+    response = client.post("/nodes", json=payload)
     if response.status_code == 201:
         data = response.json()
         console.print(f"[green]Node registered:[/green] {data['id'][:8]}")
@@ -273,23 +355,100 @@ def show(
         node_id = _resolve_node(client, alias)
         response = client.get(f"/nodes/{node_id}")
-    if response.status_code == 404:
-        console.print(f"[red]Node not found:[/red] {alias}")
-        raise typer.Exit(1)
-    if response.status_code != 200:
-        console.print(f"[red]Error:[/red] {response.status_code} - {response.text}")
-        raise typer.Exit(1)
+        if response.status_code == 404:
+            console.print(f"[red]Node not found:[/red] {alias}")
+            raise typer.Exit(1)
+        if response.status_code != 200:
+            console.print(f"[red]Error:[/red] {response.status_code} - {response.text}")
+            raise typer.Exit(1)
-    node = response.json()
-    console.print(f"[bold]ID:[/bold] {node['id']}")
-    console.print(f"[bold]Alias:[/bold] {node.get('alias') or '-'}")
-    console.print(f"[bold]Chain:[/bold] {node['chain']}")
-    console.print(f"[bold]Status:[/bold] {node['status']}")
-    console.print(f"[bold]Endpoint:[/bold] {node['endpoint']}")
-    console.print(f"[bold]Created:[/bold] {format_timestamp(node['created_at'])}")
-    console.print(
-        f"[bold]Last Seen:[/bold] {format_timestamp(node.get('last_seen_at'))}"
-    )
+        node = response.json()
+        console.print(f"[bold]ID:[/bold] {node['id']}")
+        console.print(f"[bold]Alias:[/bold] {node.get('alias') or '-'}")
+        console.print(f"[bold]Chain:[/bold] {node['chain']}")
+        console.print(f"[bold]Status:[/bold] {node['status']}")
+        console.print(f"[bold]Endpoint:[/bold] {node['endpoint']}")
+        console.print(f"[bold]Created:[/bold] {format_timestamp(node['created_at'])}")
+        console.print(
+            f"[bold]Last Seen:[/bold] {format_timestamp(node.get('last_seen_at'))}"
+        )
+        m_resp = client.get(f"/nodes/{node_id}/metrics")
+        if m_resp.status_code == 200:
+            m = m_resp.json()
+            if m.get("available"):
+                console.print()
+                console.print("[bold]Routing Metrics[/bold]")
+                _print_metrics(m)
+def _fmt_success_rate(v: float) -> str:
+    pct = v * 100
+    color = "green" if pct >= 99 else "yellow" if pct >= 95 else "red"
+    return f"[{color}]{pct:.1f}%[/{color}]"
+_METRIC_FIELDS: list[tuple[str, str, Callable]] = [
+    ("request_count", "Requests", lambda v: f"{v:,}"),
+    ("success_rate", "Success Rate", _fmt_success_rate),
+    ("p95_ms", "P95 Latency", lambda v: f"{v:.0f} ms"),
+    ("latency_score", "Latency Score", lambda v: f"{v:.4f}"),
+    ("routing_score", "Routing Score", lambda v: f"{v:.4f}"),
+    ("traffic_pct", "Traffic Share", lambda v: f"{v:.1f}%"),
+    ("reliability", "Reliability", lambda v: f"{v:.4f}"),
+    ("epochs_good", "Epochs Good", str),
+    ("bid", "Bid", lambda v: f"${v:.6f}"),
+    ("cohort_median", "Cohort Median", lambda v: f"${v:.6f}"),
+    ("price_factor", "Price Factor", lambda v: f"{v:.4f}"),
+]
+def _print_metrics(m: dict) -> None:
+    """Print routing metrics from a metrics API response."""
+    table = Table(show_header=False, box=None, padding=(0, 2))
+    table.add_column("Key", style="bold")
+    table.add_column("Value")
+    for key, label, fmt in _METRIC_FIELDS:
+        val = m.get(key)
+        if val is not None:
+            table.add_row(label, fmt(val))
+    console.print(table)
+@app.command("metrics")
+def metrics(
+    alias: str = typer.Argument(None, help="Node alias or ID"),
+) -> None:
+    """Show routing metrics for a miner node."""
+    alias = _get_alias(alias)
+    config = load_config()
+    with RegistryClient(config) as client:
+        node_id = _resolve_node(client, alias)
+        response = client.get(f"/nodes/{node_id}/metrics")
+        if response.status_code == 503:
+            console.print(
+                "[yellow]Metrics not available (scoring not enabled)[/yellow]"
+            )
+            raise typer.Exit(1)
+        if response.status_code != 200:
+            console.print(f"[red]Error:[/red] {response.status_code} - {response.text}")
+            raise typer.Exit(1)
+        m = response.json()
+        if not m.get("available"):
+            console.print(
+                f"[yellow]No metrics available for {alias}[/yellow]\n"
+                "[dim]The gateway may not have routed traffic to this"
+                " node yet.[/dim]"
+            )
+            return
+        console.print(f"[bold]Routing Metrics: {alias}[/bold]\n")
+        _print_metrics(m)
 @app.command("rm")
@@ -365,6 +524,157 @@ def update(
         raise typer.Exit(1)
+# ── Test ─────────────────────────────────────────────────────────
+def _test_health(hostname: str) -> tuple[bool, str]:
+    """Test HTTP health endpoint on port 80."""
+    try:
+        r = httpx.get(
+            f"http://{_bracket_ipv6(hostname)}/health",
+            timeout=10,
+            follow_redirects=True,
+        )
+        if r.status_code == 200:
+            return True, "OK"
+        return False, f"HTTP {r.status_code}"
+    except Exception as e:
+        return False, str(e)
+def _test_rpc(
+    hostname: str, port: int, secret: str
+) -> tuple[bool, Optional[float], str]:
+    """Send system_health RPC over HTTPS. Return (ok, latency_ms, message)."""
+    url = f"https://{_bracket_ipv6(hostname)}:{port}"
+    payload = {
+        "jsonrpc": "2.0",
+        "method": "system_health",
+        "params": [],
+        "id": 1,
+    }
+    try:
+        start = time.monotonic()
+        r = httpx.post(
+            url,
+            json=payload,
+            headers={"Authorization": f"Bearer {secret}"},
+            timeout=10,
+            verify=False,
+        )
+        latency = (time.monotonic() - start) * 1000
+        if r.status_code == 401:
+            return False, None, "Authentication failed (secret mismatch)"
+        if r.status_code != 200:
+            return False, None, f"HTTP {r.status_code}"
+        data = r.json()
+        if "result" in data:
+            result = data["result"]
+            peers = result.get("peers", "?")
+            syncing = result.get("isSyncing", False)
+            status = "syncing" if syncing else "synced"
+            return True, latency, f"peers={peers}, {status}"
+        error = data.get("error", {}).get("message", json.dumps(data))
+        return False, latency, f"RPC error: {error}"
+    except Exception as e:
+        return False, None, str(e)
+def _fetch_active_secret(client: RegistryClient, node_id: str) -> Optional[str]:
+    """Fetch the decrypted active secret from the registry."""
+    response = client.get(f"/nodes/{node_id}/secret")
+    if response.status_code != 200:
+        return None
+    for s in response.json().get("secrets", []):
+        if s.get("state") == "active" and s.get("secret"):
+            return s["secret"]
+    return None
+@app.command("test")
+def test(
+    alias: Optional[str] = typer.Argument(None, help="Node alias or ID"),
+    endpoint: Optional[str] = typer.Option(
+        None, "--endpoint", "-e", help="Endpoint URL (skip registry lookup)"
+    ),
+    secret: Optional[str] = typer.Option(
+        None, "--secret", help="Bearer token (overrides registry)"
+    ),
+) -> None:
+    """Test connectivity to a miner node (TLS, health, auth, RPC).
+    For registered nodes, fetches the secret from the registry
+    automatically. Use --endpoint and --secret for pre-registration
+    testing.
+    """
+    if not endpoint:
+        alias = _get_alias(alias)
+        config = load_config()
+        with RegistryClient(config) as client:
+            node_id = _resolve_node(client, alias)
+            response = client.get(f"/nodes/{node_id}")
+            if response.status_code != 200:
+                console.print(f"[red]Error:[/red] {response.status_code}")
+                raise typer.Exit(1)
+            node = response.json()
+            endpoint = node["endpoint"]
+            if not secret:
+                secret = _fetch_active_secret(client, node_id)
+        console.print(f"[bold]Alias:[/bold]    {alias}")
+    parsed = urlparse(endpoint)
+    hostname = parsed.hostname
+    port = parsed.port or 443
+    if not hostname:
+        console.print(f"[red]Cannot parse endpoint:[/red] {endpoint}")
+        raise typer.Exit(1)
+    console.print(f"[bold]Endpoint:[/bold] {endpoint}\n")
+    all_ok = True
+    # 1. TLS
+    console.print("TLS handshake... ", end="")
+    tls_ok, fingerprint, tls_msg = _test_tls(hostname, port)
+    if tls_ok:
+        is_ip = _is_ip_endpoint(endpoint)
+        mode = "pinned" if is_ip else "CA-verified"
+        fp_short = fingerprint[:16] + "..." if fingerprint else "none"
+        console.print(f"[green]OK[/green] ({mode}, {fp_short})")
+    else:
+        console.print(f"[red]FAIL[/red] {tls_msg}")
+        all_ok = False
+    # 2. Health
+    console.print("Health check...  ", end="")
+    health_ok, health_msg = _test_health(hostname)
+    if health_ok:
+        console.print("[green]OK[/green]")
+    else:
+        console.print(f"[red]FAIL[/red] {health_msg}")
+        all_ok = False
+    # 3. RPC with auth (only if secret provided)
+    if secret:
+        console.print("RPC query...     ", end="")
+        rpc_ok, latency, rpc_msg = _test_rpc(hostname, port, secret)
+        if rpc_ok:
+            console.print(f"[green]OK[/green] ({rpc_msg}, {latency:.0f}ms)")
+        else:
+            console.print(f"[red]FAIL[/red] {rpc_msg}")
+            all_ok = False
+    else:
+        console.print("[dim]Pass --secret to also test auth and RPC[/dim]")
+    console.print()
+    if all_ok:
+        console.print("[green]All checks passed[/green]")
+    else:
+        console.print("[red]Some checks failed[/red]")
+        raise typer.Exit(1)
 # ── Snapshots ────────────────────────────────────────────────────

{blockmachine-0.2.1 → blockmachine-0.3.2}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "blockmachine"
-version = "0.2.1"
+version = "0.3.2"
 description = "Blockmachine CLI - Miner and validator operator interface"
 requires-python = ">=3.10"
 license = "MIT"

{blockmachine-0.2.1 → blockmachine-0.3.2}/settings.py RENAMED Viewed

@@ -20,7 +20,7 @@ MAINNET = NetworkConfig(
 TESTNET = NetworkConfig(
     auth_url="https://test-auth.taostats.io",
-    api_url="http://blockmachine-registry-service.blockmachine-testnet.blockmachine-dev",
+    api_url="https://testnet-registry.blockmachine.io",
     netuid=417,
 )