Skip to content

[Governance 2/4] Introduce pallet-signed-voting#2806

Draft
l0r1s wants to merge 1 commit into
governance-multi-collectivefrom
governance-signed-voting
Draft

[Governance 2/4] Introduce pallet-signed-voting#2806
l0r1s wants to merge 1 commit into
governance-multi-collectivefrom
governance-signed-voting

Conversation

@l0r1s

@l0r1s l0r1s commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

Summary

Introduces pallet-signed-voting, a per-account voting backend for governance poll producers. The pallet snapshots a poll's eligible voter set at creation time, accepts signed aye/nay votes from snapshot members, maintains exact raw vote counts, converts them to VoteTally ratios, and pushes tally updates back to the poll producer.

What Changed

  • Added shared governance primitives in subtensor-runtime-common:
    • VoteTally for approval/rejection/abstention ratios.
    • SetLike, Polls, OnPollCreated, and OnPollCompleted traits for producer/backend integration.
  • Added pallet-signed-voting with:
    • vote and remove_vote extrinsics.
    • Frozen voter-set snapshots in VoterSetOf.
    • Per-poll raw counts in TallyOf.
    • Per-voter vote records in VotingFor.
    • Lazy VotingFor cleanup through PendingCleanup and on_idle.
  • Added pallet benchmarks, generated weights, README documentation, mocks, and unit tests.
  • Registered the new pallet crate in the workspace Cargo.toml and Cargo.lock.

Behavioral Impact

The pallet is not wired into the runtime in this PR. Once integrated by a poll producer, eligibility is fixed at poll creation: members rotated out after creation retain voting rights for that poll, and members rotated in later cannot vote on already-created polls. Completed polls remove tally and voter-set state synchronously, while per-voter records are reclaimed over idle blocks to avoid unbounded completion work.

Migration / Spec Version

No runtime wiring is included here, and the PR targets governance-multi-collective, which has no configured spec-version check mapping. No spec-version bump is required for this branch.

Testing

The PR includes unit coverage for vote casting, vote flipping, duplicate rejection, non-member rejection, root-origin rejection, vote removal, lifecycle hooks, voter-set snapshot sorting/deduplication, zero-total tally conversion, cleanup queue behavior, cursor-based lazy cleanup, and integrity-test configuration guards.

Auditor attempted cargo test -p pallet-signed-voting, but the CI review environment could not start the test because the installed rustup/cargo setup tried to write under read-only home-directory cache paths.

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

BASELINE scrutiny: l0r1s has write permission, an established account, substantial prior subtensor PR history, and no in-PR author/committer mismatch; branch governance-signed-voting -> governance-multi-collective.

Reviewed the prefetched PR metadata, prior Skeptic sticky, changed-file list, and full diff. The PR does not modify .github/ai-review/* or .github/copilot-instructions.md, and it adds only a local workspace pallet dependency with existing workspace dependencies. Static review found signed origins, scheme/ongoing/eligibility checks on the public calls, bounded voter snapshots, saturating tally arithmetic, and bounded lazy cleanup; no malicious pattern or security vulnerability was identified.

Findings

No findings.

Conclusion

No actionable security findings were found in this static Skeptic pass, so the PR is SAFE from the malicious/vulnerability perspective.


🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor UNKNOWN; author has write permission and substantial prior PR history, so reviewed as an established repo contributor.

PR body was empty/trivial; the Auditor has auto-filled it. Please review.

PR body is currently trivial (WIP), so I prepared an autofill description. No duplicate-work recommendation: the overlaps appear to be stacked governance PRs or shared workspace files, not competing implementations.

Spec version: not applicable for base branch governance-multi-collective because the configured spec-version checks only map deployment/devnet/testnet/main branches.

Verification: attempted cargo test -p pallet-signed-voting, but the environment could not run it. rustup first tried to write under read-only /home/runner/.rustup/tmp; bypassing rustup then failed because cargo needed to create git cache entries under read-only /home/runner/.cargo/git. Static review found no actionable domain issues.

Findings

No findings.

Conclusion

The new signed-voting pallet has explicit signed origins, bounded storage snapshots, lazy cleanup with queue overflow handling, generated weights, and broad tests for voting, removal, lifecycle, tally conversion, and cleanup behavior. I found no blocking domain issues in the diff.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant