Governance V1

[l0r1s]

On-Chain Governance System

Summary

This PR introduces a comprehensive on-chain governance system to replace the current governance implementation that relies on a sudo-based triumvirate multisig. The new system implements a separation of powers model with three key components: (1) multiple proposer accounts (mostly controlled by OTF) to submit proposals, (2) a three-member Triumvirate that votes on proposals, and (3) two collective bodies (Economic Power and Building Power) that can delay, cancel, or fast-track proposals.

README

Changes

New Governance Pallet (pallet-governance)

• Allowed Proposers: Authorized accounts (mostly OTF-controlled) that can submit proposals for execution with root privileges
• Triumvirate: 3-member approval body requiring 2-of-3 votes to approve proposals
• Economic and Building Collectives: Oversight bodies representing top 16 validators by stake and top 16 subnet owners by moving average price
• Governance Flow:
  1. Allowed proposers submit proposals
  2. Triumvirate votes (7-day voting period, 2-of-3 approval required)
  3. Approved proposals enter delay period (1 hour initial delay)
  4. Collectives can vote to delay, cancel, or fast-track proposals using exponential delay calculation based on net score
  5. Proposals execute automatically after delay period or when fast-tracked

Infrastructure Updates

• Weight Template: Updated .maintain/frame-weight-template.hbs to use ParityDbWeight instead of RocksDbWeight for consistency with the runtime's database backend
• Cargo Configuration: Added pallet-governance to workspace dependencies
• Test Cleanup: Removed unused NoPreimagePostponement constant from admin-utils test mock

Implementation Details

The governance pallet includes:

• Full implementation with comprehensive test coverage
• Runtime benchmarking support
• Weight calculations using ParityDbWeight
• Integration with pallet-preimage and pallet-scheduler for proposal execution
• Support for proposal cancellation, withdrawal, and emergency procedures

Deployment Strategy

The system will be deployed in two phases:

1. Phase 1 (Coexistence): Deploy alongside existing sudo multisig for validation
2. Phase 2 (Refining): Add triumvirate seat election and refine the logic to fit what's needed.
3. Phase 3 (Full Migration): Disable sudo pallet via governance vote, making the new system the sole authority

Documentation

See pallets/governance/README.md for detailed specification of the governance system, including:

• Actor roles and permissions
• Governance process flow
• Delay period calculations
• Replacement mechanisms
• Implementation phases

Testing

• Comprehensive unit tests covering all governance flows
• Mock runtime for testing
• Benchmarking support for weight calculation

Related

This addresses the issues with the current centralized sudo-based governance system by introducing:

• On-chain transparency and auditability
• Stakeholder representation through collectives
• Separation of powers with checks and balances

[travellingsoldier85]

I propose any TAO Governance proposal should satisfy these Core Goals:

1. Decentralization:

• No single actor (or top-5 cartel) should be able to suppress emissions.
• Decisions must be stake-representative but not purely plutocratic.
• Prevent censorship capture via multi-chamber voting + judicial confirmation + expiry.

2. Anti-scammers / anti-rugpull / anti-extractors:

• Ability to stop ongoing extraction quickly.
• But also avoid “governance-as-a-weapon” (censorship of competitors).
• Add a rule-of-law safety system for scams/extraction.

3. Fairness / equality / democracy / justice / civilization:

• Explicit due process: claims → evidence → time to respond → appeal.
• Transparent reasoning and auditability (on-chain commitments to evidence).
• Decouple staking yield from political power.

4. Evolving + incentive + natural selection:

• Preserve Taoflow as the default allocator (market-based / behavior-based).
• Use discretionary intervention only as a bounded “circuit breaker,” then revert to market selection unless renewed.
• Enforce honesty with bonding/slashing and transparent evidence.

[travellingsoldier85]

This is my TAO GOVERNANCE Proposal:

Constitutional OpenGov n Safety Track
aka. [CONST]

It has 5 layers:
1. A Constitution (hard constraints),
2. Separation of powers (legislative / executive / judicial),
3. A ladder of interventions (watchlist → quarantine → suppression → deregistration),
4. Stakeholder-representative democracy that is NOT hijacked by yield-chasing delegation,
5. Economic incentives and penalties (bonding/slashing) so truth wins.

---

Layer 1 : The Constitution: what governance is allowed to do

Constitutional invariants (hard-coded or extremely high-bar):

1. Dynamic TAO (TAOFlow) is the default allocator. Governance cannot override it for “quality” or “competition.”

2. Governance may only intervene under a narrow set of Safety Violations, such as:

• proven theft/rugpull mechanics,
• protocol exploit / critical security risk,
• systematic manipulation (e.g., bribery to fake flows),
• malware / illegal content distribution,
• repeatable fraud claims with cryptographic evidence.

3. Any “turn emissions to 0” action must be:

• time-limited, and
• renewable only by re-vote (no permanent censorship switch).

4. Every intervention must include:

• an on-chain reason code + evidence hash,
• a time-lock (except emergency pause),
• a guaranteed appeal path.

This is the rule of law.

---

Layer 2 : Separation of powers: prevent validator oligarchy

Today’s bicameral system (Triumvirate + Senate) is a step toward decentralization but still transitional.
CONST upgrades it into a 3-branch model:

A) Legislative: make/modify rules:

• Protocol upgrades, parameter changes, governance rules.
• Should evolve toward OpenGov-style referenda tracks (anyone can propose with deposit; multiple tracks with different thresholds/time-locks).

B) Executive: fast operations:
Emergency response capability (pause/quarantine) but cannot finalize long-term punishments.

C) Judicial: decide disputed facts:

• Determines whether a subnet committed a Safety Violation.
• Validators should not be judge + jury + executioner.

---

Layer 3 : The Intervention Ladder

Instead of PR #2420’s “emissions → 0” hammer, CONST uses a 4-step ladder:

Step 0: Watchlist (no penalty):
Trigger: credible report + deposit
Effect: flag subnet as “under review”; publish evidence hash.

Step 1: Quarantine (soft brake)
Effect (7–14 days):

• reduce TAO emissions multiplier (e.g., 100% → 20%)
• optionally restrict certain admin actions (e.g., registration toggles)
• force extra transparency requirements
  Why: Most “scam signals” are uncertain at first. A quarantine limits damage without full censorship.

Step 2: Suppression (hard brake)
Effect (≤ 30 days, auto-expire):

• TAO emissions multiplier can go to 0
• but it must auto revert unless renewed by a new vote.
  This directly addresses the PR Emission suppression via root validator voting #2420 intent while preventing permanent capture.

Step 3: Deregistration/Dissolution (nuclear option)
Use the chain’s subnet deregistration mechanics when appropriate:

• alpha tokens are converted back to TAO and distributed to alpha holders,
• owner refund is computed as max (0, lock_cost - owner_received_emission_in_tao).

Why this matters for anti-rugpull:
It gives a clean unwind path that returns capital to token holders as best as possible under protocol rules.

---

Layer 4 : Voting that’s democratic”

A core problem that the PR discussion implies is:
delegators are often yield-driven; they delegate to the best APY operator; who then accumulates political power.

So CONST introduces a very important separation:

4.1. Separate “staking delegation” from “governance representation”:

• You can stake with validator A for yield/infrastructure.
• But your governance voting power can be represented by delegate B (or by yourself).

This is liquid democracy done correctly:

• It breaks the “0% take-rate → political monopoly” loop.
• It makes “ethics/governance competence” a competitive market separate from “staking yield.”

4.2. Governance voting bodies for Safety actions:
For Quarantine/Suppression, you need multi-chamber approval:

Chamber 1 : Root security electorate (stake-weighted, but with quorum-by-count)
Require:

• ≥ 67% stake-weight approval AND
• minimum N distinct root voters (e.g., 20 - 30)
  This prevents “top 5 validators decide everything” even if stake is concentrated.

Chamber 2 : Network stakeholders (all TAO-at-risk across root + subnets)

• Weight by total TAO-at-risk (root stake + TAO-equivalent value of alpha stake positions).
• This fixes the “subnet investors have no voice” criticism.

Chamber 3 : Judicial jury (randomized from long-term stakers)

• Randomly sampled jury of stakers with locked conviction (time-locked stake).
• They vote on “did a Safety Violation occur?” [not on “do I like this subnet?”]

=

✅ Action passes only if:
(Chamber 3 confirms violation) AND (either Chamber 1 or Chamber 2 approves the sanction).
That’s checks & balances.

---

Layer 5 : Incentives that make the truthful outcome the profitable outcome

Governance without economic incentives becomes theater.
CONST adds bonding & slashing to punish scammers and also punish false accusers.

5.1. Subnet Owner Integrity Bond (skin-in-the-game)
Subnet owners already earn a meaningful slice of emissions (e.g., ~18% of daily TAO emissions).
CONST requires an additional Integrity Bond (locked TAO) that can be slashed if the subnet is convicted of a Safety Violation.

This is the cleanest “anti-rugpull” mechanic: if you want to run a subnet and earn emissions, you post collateral.

5.2. Challenger Bond (anti-griefing)
Anyone can open a case, but must post a bond:

• If the case is frivolous/bad-faith → bond slashed.
• If the case is validated → bond returned + incentive reward.

5.3. Voter accountability (anti-extractor governance)
For Safety Track votes, require a small voter bond that can be slashed if the voter is proven to have participated in bribery/collusion (adjudicated by the judicial process).

This makes governance bribery expensive.

[nardiell]

Could you explain why the top16 subnet was categorized based on the moving average price?