No project description provided
Project description
bt_ddos_shield_client
Validator-side client package for BT DDoS Shield.
The package resolves shielded miner endpoints from miner manifests and mutates validator-side neuron or metagraph data only when a miner publishes a valid encrypted entry for the validator hotkey.
Install
The base client supports Python 3.11 through 3.14.
pip install bt-ddos-shield-client
Install optional turbobt support with:
pip install "bt-ddos-shield-client[turbobt]"
The optional turbobt extra is currently limited to Python 3.11 through 3.13 because upstream turbobt depends on eciespy, which pulls coincurve.
Public API
bt_ddos_shield_client.ShieldMetagraphbt_ddos_shield_client.ShieldTestRigbt_ddos_shield_client.shielded_turbobt.ShieldedNeuronMutator
Certificate Handling
The client uses an Ed25519 ECIES-compatible key pair stored as a validator shield certificate. The public key is uploaded to the subnet certificate field when the local certificate does not match the value already stored on chain.
Certificate path resolution:
- Use
VALIDATOR_SHIELD_CERTIFICATE_PATHwhen the environment variable is set. - Otherwise store the certificate next to the wallet hotkey file as
<hotkey>.cert.pem, for example~/.bittensor/wallets/validator/hotkeys/default.cert.pem.
When the certificate file does not exist, the client creates it automatically.
ShieldMetagraph
Use ShieldMetagraph as the validator-side replacement for bittensor.core.metagraph.Metagraph:
from bt_ddos_shield_client import ShieldMetagraph
metagraph = ShieldMetagraph(wallet, netuid, subtensor=subtensor)
Constructor arguments mirror the common Bittensor metagraph flow:
ShieldMetagraph(
wallet,
netuid,
network=None,
lite=True,
sync=True,
block=None,
subtensor=None,
)
On sync(), the client:
- syncs the underlying Bittensor metagraph through the package contact layer;
- ensures the validator's public certificate is present on chain;
- fetches each miner manifest from
http://{axon_ip}:{axon_port}/shield_manifest.json; - decrypts the manifest entry for the validator hotkey and miner hotkey;
- replaces the miner axon IP and port when the shield address is valid.
Fetch failures, redirects that fail, malformed manifests, missing entries, decryption failures, and invalid shield address strings leave that miner's original axon endpoint unchanged.
turbobt Integration
Use ShieldedNeuronMutator when validator code works with turbobt neurons:
from bt_ddos_shield_client.shielded_turbobt import ShieldedNeuronMutator
mutator = ShieldedNeuronMutator(
wallet=wallet,
netuid=netuid,
)
neurons = await bittensor.subnet(netuid).list_neurons()
await mutator.mutate_neurons(bittensor, neurons)
The mutator performs the same certificate reconciliation and manifest resolution as ShieldMetagraph, then updates each matching neuron's axon_info.ip and axon_info.port.
Testing Helpers
ShieldTestRig installs public-boundary fakes for downstream validator tests. It patches the package contact factories and mocks miner manifest HTTP responses while keeping certificate generation, manifest serialization, encryption, and address parsing real.
from bt_ddos_shield_client import ShieldTestRig
rig = ShieldTestRig(wallet=wallet)
rig.add_miner("miner-a", "198.51.100.10", 8080, shield_address="203.0.113.10:3030")
rig.add_miner("miner-b", "198.51.100.11", 8080, shield_address=None)
with rig.install():
run_validator_code()
Enable turbobt test support explicitly:
rig = ShieldTestRig(wallet=wallet, with_turbobt=True)
shield_address=None makes the fixture return a missing manifest for that miner, so downstream tests can cover unshielded miners.
Tests
Run the default client test suite across every supported Python version from this directory:
uv tool run nox
Run one Python version with:
uv tool run nox -s tests-3.12
Pass pytest arguments after --:
uv tool run nox -s tests-3.12 -- tests/library -v
For a quick run against the current uv environment, use:
uv run --group test pytest tests -v
Default tests cover the public package boundary:
ShieldMetagraphShieldedNeuronMutator- certificate upload behavior through contact fakes
- manifest fetching through
aioresponses - downstream-facing
ShieldTestRigbehavior
Docker-backed real contact integration tests live under tests/contacts and are marked with subtensor_integration, so they are excluded by the default pytest configuration.
Run them explicitly with:
uv run --group test pytest tests/contacts -m subtensor_integration -v
The integration tests start a disposable local subtensor container, create test wallets and subnet state, and exercise the real BittensorSubtensorContact and TurboBittensorSubtensorContact public methods. They do not depend on manual_tests/.
The tests follow the active Docker context. SSH-based Docker contexts require paramiko, which is included in the test dependency group.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bt_ddos_shield_client-0.4.2.tar.gz.
File metadata
- Download URL: bt_ddos_shield_client-0.4.2.tar.gz
- Upload date:
- Size: 28.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9429b591c58b2cf34050f05432f55968bb812adb1423f926c6fd350f64640009
|
|
| MD5 |
6e9ec61e1b9f9993d838def36c9983ad
|
|
| BLAKE2b-256 |
87e64e1861d2e11b32978bdf32850867bf7bc9a1d1fbd6586ef050f39995bc22
|
Provenance
The following attestation bundles were made for bt_ddos_shield_client-0.4.2.tar.gz:
Publisher:
publish.yml on bittensor-church/bt-ddos-shield
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
bt_ddos_shield_client-0.4.2.tar.gz -
Subject digest:
9429b591c58b2cf34050f05432f55968bb812adb1423f926c6fd350f64640009 - Sigstore transparency entry: 1658295230
- Sigstore integration time:
-
Permalink:
bittensor-church/bt-ddos-shield@77103db51a48946afb165bb83fd467267bc5ac53 -
Branch / Tag:
refs/tags/v0.4.2 - Owner: https://github.com/bittensor-church
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@77103db51a48946afb165bb83fd467267bc5ac53 -
Trigger Event:
push
-
Statement type:
File details
Details for the file bt_ddos_shield_client-0.4.2-py3-none-any.whl.
File metadata
- Download URL: bt_ddos_shield_client-0.4.2-py3-none-any.whl
- Upload date:
- Size: 19.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bc6b5247f12a8d8ff49ec9226eb008fc5747fb8a02c04039a7ecbd870f2a46b3
|
|
| MD5 |
fd652e7b710491e930d7230eb16e52a2
|
|
| BLAKE2b-256 |
c16690e9cff51645b8655f2ece38f1b858979bd52d9faafa319d9628e356ee9c
|
Provenance
The following attestation bundles were made for bt_ddos_shield_client-0.4.2-py3-none-any.whl:
Publisher:
publish.yml on bittensor-church/bt-ddos-shield
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
bt_ddos_shield_client-0.4.2-py3-none-any.whl -
Subject digest:
bc6b5247f12a8d8ff49ec9226eb008fc5747fb8a02c04039a7ecbd870f2a46b3 - Sigstore transparency entry: 1658295305
- Sigstore integration time:
-
Permalink:
bittensor-church/bt-ddos-shield@77103db51a48946afb165bb83fd467267bc5ac53 -
Branch / Tag:
refs/tags/v0.4.2 - Owner: https://github.com/bittensor-church
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@77103db51a48946afb165bb83fd467267bc5ac53 -
Trigger Event:
push
-
Statement type: