What Phylax Is
Phylax is a Bittensor subnet running on testnet netuid 486. The network exists to analyse AI agent skill bundles and produce signed safety attestations that runtimes can rely on. Two participant roles run the subnet.Miners
Run analysis pipelines against skill bundles. Produce signed SSSA documents. Compete on quality.
Validators
Dispatch tasks, verify miner submissions, compute consensus, and push weights on-chain.
What the Network Analyses
Skill bundles fall into six skill types. Each type has its own bundle structure, analysis approach, and scoring formula. Miners choose which skill types they want to support. The network does not assign types.| Skill type | What it is | Analysis approach |
|---|---|---|
rag_knowledge | Documents and knowledge base content. No code. | Content scanning, no sandbox. |
declarative | Natural language instructions for an agent. | Static text analysis, no sandbox. |
executable_python | Python source plus dependencies. | Static analysis, SBOM, sandbox detonation. |
executable_script | Shell scripts. | Taint analysis and sandbox detonation. |
mcp_server | Model Context Protocol server. | MCP test client, tool exercising, manifest integrity. |
agent_composition | Composition manifest orchestrating child skills. | Cascading detonation across containers. |
How a Round Works
Every round consists of twelve tasks. The validator runs the same flow for each.Fetch and compose tasks
The validator pulls twelve tasks per round, two per skill type. For declarative and
mcp_server slots tagged as canary, the validator generates a synthetic safe bundle locally.Prepare bundles
For
rag_knowledge and declarative types, the validator mutates the bundle to embed a canary marker. For all types it derives a probe specification from the nonce.Select a verification group
For each task the validator selects five miners: three primaries by highest reputation plus two random auditors from the rest of the pool.
Dispatch concurrently
All five miners receive the synapse at the same time. Primaries get the full deadline window. Auditors get a tighter window.
Verify each response
Seven sequential gates: deadline, SSSA parse, SSSA validity, sandbox manifest digest, trace bundle hash consistency, probe presence, axis scoring.
Compute SSSA consensus
Verdict, risk, findings, capabilities, dependencies, and policy are compared across the group. Each miner gets a consensus score in [0, 1] that multiplies their emission.
Why It Works
Three independent verification layers protect the network from gaming.The probe events prove execution
The probe events prove execution
Every task carries a nonce. From the nonce the validator derives three probe events: a file write, a DNS lookup, and a process spawn. The miner’s harness must perform all three inside the sandbox so they appear in the trace files. A miner who did not run the bundle cannot produce these events. A miner who guessed the nonce ahead of time cannot, because the nonce is randomised per dispatch.
The trace bundle proves the sandbox produced the hashes
The trace bundle proves the sandbox produced the hashes
The miner returns the actual gzipped trace files alongside the SSSA. The validator decompresses each file, normalises the JSONL records, and recomputes the hash. The computed hash must equal what the miner declared in the SSSA. A miner who fabricated hashes cannot pass this check.
The consensus proves the analysis was honest
The consensus proves the analysis was honest
Five miners independently analyse the same bundle. The validator compares verdict, risk score, findings, capabilities, dependencies, and recommended policy across all five. A miner who diverges from the group on findings or capabilities, even if they got the verdict right, takes a consensus penalty that multiplies their emission down.
The sandbox rerun proves the registered image was used
The sandbox rerun proves the registered image was used
Miners declare their Docker sandbox image hash at registration time. The validator pulls that exact image and reruns it. A miner who runs one image but declares a different one is caught when the rerun produces different traces.
What’s Next
- Read the Incentive Mechanism to understand how rewards are distributed.
- Pick a setup path: Miner or Validator.
- Browse Core Components for reference detail on individual subsystems.