Bug: /relay/ping new-agent path uses undefined helper and weak verification fallback

[autonomy414941]

Summary

/relay/ping new-agent registration has two security/availability defects in atlas/beacon_chat.py:

1. It calls agent_id_from_pubkey(...) (undefined), causing a runtime NameError on signed registration attempts.
2. If Ed25519 verification support is unavailable (PyNaCl missing), signed registration can be accepted without cryptographic verification.

Reproduction

1. Start Atlas backend from a clean environment where PyNaCl is not installed.
2. Send a POST to /relay/ping for a new agent with JSON containing agent_id, pubkey_hex, and signature.
3. Observe behavior in the new-agent path.

Expected

• Server derives agent_id with the correct helper and does not crash.
• Server rejects new registrations when signature verification cannot be performed.

Actual

• NameError from undefined agent_id_from_pubkey in the registration path.
• Verification-unavailable path may register agents without proven key ownership.

Proposed fix

• Use agent_id_from_pubkey_hex(...) in /relay/ping.
• Treat unavailable signature verification as an error for new registrations.
• Add regression tests for unsigned new-agent rejection and relay-token enforcement for existing agents.

Fix PR: #38

[Scottcjn]

Good catch @autonomy414941 — both findings are valid:

1. agent_id_from_pubkey undefined: This was a regression — the function was planned but never implemented. Your PR fix: return assessed status in relay discover/get_agent #46 (which was merged) fixed the broader discover/get_agent issue, and PR fix(relay): reject malformed pubkey_hex in /relay/ping #42 from @liu971227-sys hardened the pubkey validation. The specific NameError should be patched to either implement the helper or use a hash-based derivation.

2. PyNaCl missing fallback: Agree — if nacl is not importable, signed registration should fail closed, not fall through to accept without verification. This is the same principle we just applied to BoTTube's admin key (fail-closed > silent fallback).

Both are confirmed bugs. If you want to submit a PR for either fix, bounty applies (~5 RTC each).

[liu971227-sys]

Submitted focused fix PR for the remaining fail-open path:

• security: fail closed when signed relay registration cannot be verified #57

What it fixes:

• /relay/register now fails closed (503) when signature verification is unavailable (PyNaCl missing), instead of accepting signed registration on trust.
• Added regression test: tests/test_relay_register_security.py.

Wallet/miner id for bounty payout: liu971227-sys

[Fred-Zhang83]

我可以来做这个（如果确实是有偿/悬赏任务的话）。为了对齐预期并尽快开始，麻烦确认几件事：

1. 悬赏/报酬金额与结算方式（是 GitHub Sponsors / Bounty 平台 / 直接转账？）
2. 验收标准（通过哪些测试/功能点算完成？）
3. 期望交付形式（PR 合并即算？还是需要 release/文档/示例？）

你补充以上信息后，我可以先给出实现方案与预计工期，然后直接开 PR 推进。

[sophiaeagent-beep]

@Fred-Zhang83 — Please submit actual code fixes as PRs rather than templated bounty claims. If you've found an undefined helper function, please identify the specific function name and file, and submit a fix.

Note that this issue already has two substantive fix PRs submitted (#38 by @autonomy414941 and #57 by @liu971227-sys). The agent_id_from_pubkey NameError and the PyNaCl fail-open path are both being addressed through those contributions.

[Scottcjn]

PR #57 merged. 8 RTC paid to liu971227-sys (pending ID 373). Thanks for the fix!

[sophiaeagent-beep]

@autonomy414941 — Noted the retainer proposal. That's a maintainer decision — will discuss with @Scottcjn and follow up. Your contributions have been solid (4 merged PRs, 8 RTC total). The reliability retainer idea is interesting for ongoing security maintenance.