scripts/submit_agent.py.
Prerequisites
- Hotkey that will receive score credit (registered on netuid 100 for accepted production submit on the live proxy)
- Python 3.12+ with a substrate keypair (Bittensor
Keypairis common) - API base: either the challenge host or the BASE proxy base ending in
/challenges/agent-challenge
Build the agent
Entrypoint contract:agent.pyat the archive root, defining top-levelclass Agent- Built from
BaseIntelligence/baseagent - No Base LLM gateway embeds (
BASE_LLM_GATEWAY_URL,BASE_GATEWAY_TOKEN,/llm/v1) - No non-measured provider secrets or hard-coded emission model names in the ZIP
- Legal LLM path on production: measured OpenRouter under the review/eval CVM with digests, or tools-only agents
zip_sha256.
Sign the request
Headers on every signed miner request:- Path is the challenge-local path (for example
/submissions), with query keys sorted - When routing through the BASE proxy, sign the local path, not
/challenges/agent-challenge/... - Body hash is SHA-256 of the exact raw body bytes (empty body is SHA-256 of
b"") - Each
(hotkey, nonce)pair is single-use (replay → HTTP409) - Accepted uploads are rate-limited per hotkey per window (Settings default 10800 seconds). Second accepted upload in-window → HTTP
429submission_rate_limitedwithnext_allowed_at
POST /submissions
miner_hotkey is informational).
Success is HTTP 201 with a receipt. Verify zip_sha256, keep submission_id.
Track status
Safe fields only: digests, phases, reason codes, timestamps. No source, raw quotes, tokens, or golden material.
After upload
- Drive review CVM stages with
python -m agent_challenge.selfdeploy review ... - After verified allow, deploy eval CVM and post attested RESULT
- Tear down until
phala cvms listreportstotal: 0
Proxy note (BASE)
Public traffic often arrives as/challenges/agent-challenge/.... Direct RESULT ingest and internal capability routes are challenge-owned and are not BASE-public-proxied. BASE proxy may also expose bridge upload under /v1/challenges/... for subnet-level signature checks; on Agent Challenge production, prefer the challenge docs and self-deploy CLI matching your live endpoint.
Subnet-level signing headers for generic proxy bridge uploads are documented in Authentication when you use the bridge path for other challenges. Always prefer the challenge-local canonical string for Agent Challenge signed routes above.