- PostgreSQL central is available only to the master.
- Challenges never receive PostgreSQL credentials.
- Normal validators never receive master DB credentials.
- Internal challenge calls require per-challenge shared tokens.
- Public proxy strips sensitive headers.
- Public proxy blocks internal challenge paths.
Admin and challenge tokens are loaded from files or environment variables. Tokens are never stored in clear text in registry metadata responses.
If a challenge fails health checks or get_weights, its contribution is zero for that epoch. The master does not auto-disable it.