[Governance 2/4] Introduce pallet-signed-voting

[l0r1s]

Summary

Introduces pallet-signed-voting, a per-account voting backend for governance poll producers. The pallet snapshots a poll's eligible voter set at creation time, accepts signed aye/nay votes from snapshot members, maintains exact raw vote counts, converts them to VoteTally ratios, and pushes tally updates back to the poll producer.

What Changed

• Added shared governance primitives in subtensor-runtime-common:
  • VoteTally for approval/rejection/abstention ratios.
  • SetLike, Polls, OnPollCreated, and OnPollCompleted traits for producer/backend integration.
• Added pallet-signed-voting with:
  • vote and remove_vote extrinsics.
  • Frozen voter-set snapshots in VoterSetOf.
  • Per-poll raw counts in TallyOf.
  • Per-voter vote records in VotingFor.
  • Lazy VotingFor cleanup through PendingCleanup and on_idle.
• Added pallet benchmarks, generated weights, README documentation, mocks, and unit tests.
• Registered the new pallet crate in the workspace Cargo.toml and Cargo.lock.

Behavioral Impact

The pallet is not wired into the runtime in this PR. Once integrated by a poll producer, eligibility is fixed at poll creation: members rotated out after creation retain voting rights for that poll, and members rotated in later cannot vote on already-created polls. Completed polls remove tally and voter-set state synchronously, while per-voter records are reclaimed over idle blocks to avoid unbounded completion work.

Migration / Spec Version

No runtime wiring is included here, and the PR targets governance-multi-collective, which has no configured spec-version check mapping. No spec-version bump is required for this branch.

Testing

The PR includes unit coverage for vote casting, vote flipping, duplicate rejection, non-member rejection, root-origin rejection, vote removal, lifecycle hooks, voter-set snapshot sorting/deduplication, zero-total tally conversion, cleanup queue behavior, cursor-based lazy cleanup, and integrity-test configuration guards.

Auditor attempted cargo test -p pallet-signed-voting, but the CI review environment could not start the test because the installed rustup/cargo setup tried to write under read-only home-directory cache paths.

[github-actions]

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

BASELINE scrutiny: l0r1s has write permission, an established account, substantial prior subtensor PR history, and no in-PR author/committer mismatch; branch governance-signed-voting -> governance-multi-collective.

Reviewed the prefetched PR metadata, prior Skeptic sticky, changed-file list, and full diff. The PR does not modify .github/ai-review/* or .github/copilot-instructions.md, and it adds only a local workspace pallet dependency with existing workspace dependencies. Static review found signed origins, scheme/ongoing/eligibility checks on the public calls, bounded voter snapshots, saturating tally arithmetic, and bounded lazy cleanup; no malicious pattern or security vulnerability was identified.

Findings

No findings.

Conclusion

No actionable security findings were found in this static Skeptic pass, so the PR is SAFE from the malicious/vulnerability perspective.

---

🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor UNKNOWN; author has write permission and substantial prior PR history, so reviewed as an established repo contributor.

PR body was empty/trivial; the Auditor has auto-filled it. Please review.

PR body is currently trivial (WIP), so I prepared an autofill description. No duplicate-work recommendation: the overlaps appear to be stacked governance PRs or shared workspace files, not competing implementations.

Spec version: not applicable for base branch governance-multi-collective because the configured spec-version checks only map deployment/devnet/testnet/main branches.

Verification: attempted cargo test -p pallet-signed-voting, but the environment could not run it. rustup first tried to write under read-only /home/runner/.rustup/tmp; bypassing rustup then failed because cargo needed to create git cache entries under read-only /home/runner/.cargo/git. Static review found no actionable domain issues.

Findings

No findings.

Conclusion

The new signed-voting pallet has explicit signed origins, bounded storage snapshots, lazy cleanup with queue overflow handling, generated weights, and broad tests for voting, removal, lifecycle, tally conversion, and cleanup behavior. I found no blocking domain issues in the diff.

[github-actions]

🔄 AI review updated — Skeptic: SAFE Auditor: 👍