Skip to content

[Hackathon] edge: EMPIC escrow payments plugin and adversarial validators#41

Open
tedschw wants to merge 6 commits into
projnanda:mainfrom
tedschw:hackathon/edge-empic-escrow-payments
Open

[Hackathon] edge: EMPIC escrow payments plugin and adversarial validators#41
tedschw wants to merge 6 commits into
projnanda:mainfrom
tedschw:hackathon/edge-empic-escrow-payments

Conversation

@tedschw

@tedschw tedschw commented Jun 26, 2026

Copy link
Copy Markdown

Summary

Adds EMPICEscrowPayments, a deterministic EMPIC-inspired payments plugin registered as empic_escrow.

The plugin preserves the existing Payments protocol while adding EMPIC-style escrow behavior for provider service registration, pull delivery, pubsub streaming, consumer acceptance policy, escrow release, and refund.

Problem Addressed

NANDA Town's current payments layer can model simple prepaid transfers, but it does not model evidence-gated settlement for metered data services. This contribution lets NANDA Town test whether autonomous consumers and providers can coordinate around paid data delivery under adversarial conditions.

What Changed

  • Added EMPICEscrowPayments
  • Registered empic_escrow as a built-in payments plugin
  • Added EMPIC weather-data market scenarios
  • Added pull escrow flow: quote, pay/fund escrow, delivery, accept/reject, fulfill/refund
  • Added pubsub streaming flow: open stream, record delivery, bill valid ticks only, close stream
  • Added declarative consumer acceptance policy
  • Added adversarial cases for malformed data, wrong provider/service/consumer binding, stale delivery, invalid numeric ranges, drain-after-close, partition overbilling, and secret leakage
  • Added validators for ledger conservation, release safety, participant binding, close behavior, partition billing, and no secret material in traces

Duplicate-Work Check

I reviewed PRs #2-#11 and later related payments PRs, including PR #38.

The nearest related submissions are PR #7, htlc_escrow, and PR #38, escrow.

PR #7 implements hash/time-locked conditional payments as a primitive. PR #38 implements a generic arbitrated escrow state machine with payer/payee/arbiter roles, delivery acknowledgement, dispute, arbitration, release, and refund.

This PR is distinct: it models EMPIC-style escrowed data-service settlement with provider service registration, consumer/provider/service binding, declarative acceptance policy, pull and pubsub delivery modes, metered billing for valid delivery evidence, and adversarial trace validators for invalid delivery, wrong bindings, drain-after-close, partition overbilling, and secret leakage.

In short:

PR #7: HTLC escrow primitive
PR #38: generic arbitrated escrow primitive
This PR: evidence-gated data-service settlement protocol

Determinism

All Step 1 behavior is deterministic and in-memory. There are no live EMPIC services, wallets, network calls, secrets, Base Sepolia dependencies, Stripe dependencies, Coinbase dependencies, or local EMPIC repo dependencies.

Validation

make ci-local passed.

Result:

uv sync
uv run ruff check .
uv run ruff format --check .
uv run pyright
uv run pytest -v

581 passed, 1 skipped, 1 deselected
The skipped test is the existing optional matplotlib plotting test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant