Running a Validator

Start the Validator Daemon

source .env
cargo run --release --bin vramhub-validator

The validator daemon each window:

  1. Reads the current window from chain
  2. Lists all registered miners from peer_registry.move
  3. Decrypts each miner's R2 credentials via Seal IBE
  4. Downloads each miner's gradient from their R2 bucket
  5. Sends each gradient to the Nautilus enclave for loss evaluation
  6. Receives the signed score from the enclave
  7. Submits all scores to score_ledger.move

Start the Aggregator (Same Machine, Separate Terminal)

source .env
cargo run --release --bin vramhub-aggregator

The aggregator runs alongside the validator. Every checkpoint_frequency windows it:

  1. Downloads all top-G miner gradients
  2. Aggregates them into a merged checkpoint
  3. Uploads the checkpoint to R2
  4. Submits the checkpoint hash to round_state.move

Running the validator without the aggregator means no new checkpoints are anchored. Miners will continue training from the last available checkpoint.

Log Output

Healthy validator output:

INFO vramhub_validator: Validator starting uid=0
INFO vramhub_validator: Starting window window=2957300
INFO vramhub_validator: Decrypting credentials for 12 miners
INFO vramhub_validator::evaluator: Sending gradient to enclave miner_uid=3 window=2957300
INFO vramhub_validator::evaluator: Enclave score miner_uid=3 score=142857 window=2957300
INFO vramhub_validator: Submitting 12 scores to chain window=2957300
INFO vramhub_validator: Scores submitted window=2957300 tx=0xabc...

Monitoring

Check submitted scores for the current window:

cargo run --release --bin vramhub-cli -- scores --window $(cargo run --bin vramhub-cli -- current-window)

Check validator status:

cargo run --release --bin vramhub-cli -- status --validator-uid $VRAMHUB_VALIDATOR_UID

Systemd Services (Production)

Validator Service

[Unit]
Description=VRAM HUB Validator
After=network.target

[Service]
Type=simple
User=vram
WorkingDirectory=/opt/vram-hub
EnvironmentFile=/opt/vram-hub/.env
ExecStart=/opt/vram-hub/target/release/vramhub-validator
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

Aggregator Service

[Unit]
Description=VRAM HUB Aggregator
After=network.target vram-validator.service

[Service]
Type=simple
User=vram
WorkingDirectory=/opt/vram-hub
EnvironmentFile=/opt/vram-hub/.env
ExecStart=/opt/vram-hub/target/release/vramhub-aggregator
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

sudo systemctl enable --now vram-validator vram-aggregator
sudo journalctl -u vram-validator -f

Enclave Management

The Nitro Enclave must be running before the validator starts. Consider a startup script:

#!/bin/bash
# /opt/vram-hub/scripts/start-enclave.sh

nitro-cli run-enclave \
  --eif-path /opt/vram-hub/vram-nautilus.eif \
  --memory 4096 \
  --cpu-count 2 \
  --enclave-cid 16

# Start vsock proxy
vsock-proxy 3000 localhost 3000 &

If the enclave crashes and restarts, the ephemeral signing key changes. Run register-enclave again before the next window:

cargo run --release --bin vramhub-cli -- register-enclave \
  --enclave-url http://localhost:3000 \
  --validator-uid $VRAMHUB_VALIDATOR_UID

Seal Key Server Configuration

The VRAMHUB_SEAL_THRESHOLD environment variable controls how many Seal key server responses are required to reconstruct the IBE key. The default is 2 (2-of-n threshold).

Set a higher threshold for stronger security at the cost of availability (if more than n-t key servers are down, decryption fails):

VRAMHUB_SEAL_THRESHOLD=3