feat(operator): plain-USDC Direct rail alongside shielded SpendAuth#13
Merged
Conversation
- Add VllmConfig.tuner_app_shared_secret field (env: VLLM_OP__VLLM__TUNER_APP_SHARED_SECRET) - chat_completions handler checks x-tuner-app-secret header before billing - When secret matches, skips entire SpendAuth/x402 validation flow - Provides defense-in-depth: private models are unusable even if endpoint URL leaks
A buyer can now pay per inference call in plain USDC (an ERC-20 transfer to the operator) with no shielded pool — the "normal crypto" pay-as-you-go rail — served by the same decentralized vLLM operator. Additive: the shielded SpendAuth path is untouched. ChatCompletionRequest gains `payment: Option<PaymentProof>`. When a DirectTransfer proof is present and no spend_auth is, the handler verifies the on-chain transfer via the generic `payment_provider` (active under payment_mode = direct | both), checks vLLM health first, and serves — no preauth ceiling and no nonce store (the Direct rail's persistent replay store guards reuse; the transfer already happened, so settle is a no-op). The billing-required gate is satisfied by EITHER rail. Pinned to tangle-inference-core rev 8b1b2f3 (direct-rail-payment branch) for the replay-persistence + CompositeProvider hardening that makes the Direct rail safe; repoint to branch=master after that merges. Also fixes a pre-existing broken test: test_max_spend_per_request_rejection sent snake_case spend_auth keys (service_id/job_index) that no longer match the camelCase SpendAuthPayload wire format, so the body 422'd on deserialize instead of exercising the rejection path. server_tests now 26/26 green.
tangletools
approved these changes
Jun 11, 2026
tangletools
left a comment
tangletools
left a comment
Contributor
There was a problem hiding this comment.
✅ Auto-approved PR — 6d376375
Blanket team auto-approval is enabled for this reviewer service.
The full PR reviewer audit still runs separately and will publish findings if it detects issues.
tangletools · auto-approval · reason: blanket_auto_approve · 2026-06-11T20:32:47Z
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A buyer can now pay per inference call in plain USDC (an ERC-20 transfer to the operator) with no shielded pool — the "normal crypto" pay-as-you-go rail — served by the same decentralized vLLM operator. Additive: the shielded SpendAuth path is untouched.
What
ChatCompletionRequestgainspayment: Option<PaymentProof>.DirectTransferproof is present and nospend_authis, the handler verifies the on-chain transfer via the genericpayment_provider(active underpayment_mode = direct | both), checks vLLM health first, and serves — no preauth ceiling, no nonce store (the Direct rail's persistent replay store guards reuse; the transfer already happened, so settle is a no-op). The billing-required gate is satisfied by either rail.Dependency
Pinned to
tangle-inference-corerev8b1b2f3(PR tangle-network/tangle-inference-core#1 — persistent replay store +CompositeProvider), which makes the Direct rail replay-safe. Repoint tobranch="master"after that merges.Tests
server_tests26/26 green against the pinned core. Also fixes a pre-existing broken test (test_max_spend_per_request_rejectionsent snake_caseservice_id/job_indexthat no longer match the camelCaseSpendAuthPayload, so the body 422'd on deserialize instead of exercising the rejection path).