Skip to main content

What Probe Events Are

Every dispatch carries a random 32 byte nonce. The validator deterministically derives three probe events from the nonce. The miner’s sandbox must perform all three events. Their presence in the resulting trace files proves the miner actually ran the bundle in the sandbox they claim.
Probe eventWhat the miner doesWhere it appears in traces
File writeWrite a known string to a known pathfs.jsonl
DNS lookupResolve a known hostnamenetwork.jsonl
Process echoSpawn a process that echoes a known stringprocess.jsonl
A miner that did not execute the bundle cannot produce these events. A miner that pre computed the events cannot, because the nonce is fresh per dispatch.

Probe Derivation

The derivation is deterministic. 
nonce = 32 bytes from synapse
slug = first 8 hex chars of nonce

file_path = "/tmp/phylax/probe-" + slug + ".txt"
file_content = slug + "probe"
dns_host = slug + ".probe.phylax.local"
process_echo = slug + "probe-echo"
The validator and the miner derive the same four values from the same nonce. The miner returns them in synapse.probe_evidence. The validator re derives and compares.

What the Miner Does

The miner’s sandbox harness, before running the bundle, performs all three probe events. 
import os
import socket
import subprocess

slug = nonce[:8].hex()

# 1. File write
path = f"/tmp/phylax/probe-{slug}.txt"
os.makedirs(os.path.dirname(path), exist_ok=True)
with open(path, "w") as f:
    f.write(f"{slug}probe")

# 2. DNS lookup
try:
    socket.gethostbyname(f"{slug}.probe.phylax.local")
except socket.gaierror:
    pass  # The hostname does not resolve. The lookup attempt is what counts.

# 3. Process spawn
subprocess.run(["echo", f"{slug}probe-echo"], check=True)
The events go into the same trace JSONL files the rest of the bundle’s behaviour goes into. The probe events are mixed in with all other fs writes, DNS lookups, and process spawns, with no special marker, so a miner cannot synthesise probe events without also synthesising the surrounding trace data correctly.

What the Validator Checks

On synapse receipt, the validator runs two checks:

Synapse Level

expected = derive_probes(nonce)

if synapse.probe_evidence != expected:
    reject(score=0, reputation_flag="invalid_probe")
The miner must echo the right four values in the synapse field. Failure here is the cheapest gate.

Trace Level (primaries, runtime types)

fs_records = decompress_and_parse("fs.jsonl")
net_records = decompress_and_parse("network.jsonl")
proc_records = decompress_and_parse("process.jsonl")

assert any(r.path == expected.file_path and r.op == "write" for r in fs_records)
assert any(r.host == expected.dns_host for r in net_records)
assert any(r.argv[1] == expected.process_echo for r in proc_records)
The probe events must appear in the actual trace bundle. The trace bundle hash is independently verified (see SSSA Schema), so this means the miner produced a real trace bundle that contains evidence of the probe events.

Why Three Events

A single probe event would be enough to detect a totally fake miner. Three events provide:
  • Resilience against partial trace synthesis: a miner who can fake fs traces still needs to fake matching network and process traces
  • Coverage across the three trace dimensions Phylax cares about: filesystem, network, process. Any sandbox detonation worth signing should be tracking all three.
  • A weak collusion check: three independent values change per nonce, so caching strategies across miners would need to cache across all three.

Why /tmp/phylax/ for the File Path

Standard sandbox containers mount a tmpfs at /tmp. The miner can always write here, even in --read-only rootfs mode. Sandboxes that disable /tmp would fail to run any code that depends on standard library temp paths, so requiring writable /tmp is not a meaningful additional constraint. The /tmp/phylax/ subdirectory groups probe artifacts so they are easy to identify in the trace.

Why /probe/phylax.local for the DNS Host

The hostname is intentionally not resolvable. The miner only needs to attempt the lookup. The attempt itself appears in network.jsonl regardless of whether DNS returns NOERROR or NXDOMAIN. This avoids requiring the sandbox to have any real network connectivity. If the sandbox is --network none, the lookup still attempts and still logs through whatever DNS interceptor the miner has wired in. If it does not log, the miner is not correctly recording network activity, which is a problem the probe check should detect.

Why “echo” for the Process Spawn

echo is universally present in any reasonable Linux container. It is short, predictable, and produces a single process record with a known argv. This makes the trace check unambiguous. A miner who uses a custom shell harness that avoids exec calls would fail this probe, which is the intended outcome: any meaningful behavioural sandbox does need to track process spawns.

Failure Modes

What the miner didWhat the validator seesOutcome
Did not run the bundle at allprobe_evidence returns empty or wrong valuesSynapse rejected. Reputation invalid.
Ran the bundle but missed probe injectionprobe_evidence correct, but probe events not in trace JSONLsTrace level check fails. Score 0. Reputation x 0.7.
Used a different sandbox than registeredProbe events may not even reach network.jsonl if the sandbox does not intercept DNSTrace level check fails. Reputation penalty.
Synthesised probe records into trace without running the bundleTrace hashes don’t reconcile with what other miners reportedConsensus penalty plus rerun divergence in async.

Integration with Sandbox Reruns

The async rerun reuses the same nonce as the original dispatch. The validator’s rerun pulls the miner’s image, runs it on the same bundle with the same nonce, and gets the same probe events back. The fs trace from the canary write is byte identical, allowing exact hash comparison. The probe events sit alongside. This means the validator gets two independent verifications of probe events: synapse time (against the miner’s submission) and rerun time (against the validator’s own execution of the miner’s image).

What’s Next

SSSA Schema

Where probe evidence lives in the SSSA.

Sandbox Reruns

The async rerun that also verifies probe events.

Round Flow

Where probe derivation fits in the per round timing.

Protocol Reference

The synapse field shape.