Admin Subnet

The admin subnet is a trusted coordination layer. It's used to authorize node identities, enforce subnet access rules, and route payments on the public network. Brokers query it to validate which workers are allowed to execute tasks. All logic follows TEP-5 and TEP-6.

Only required for public deployments. Private subnets do not use this system.

What It Controls

• Authorization: which identities are allowed to operate under a subnet
• Payout routing: where task rewards are sent
• Subnet metadata: stake owner and delegation rules

CLI Access

All interactions go through tl-admin, a CLI tool that connects to the admin WebSocket service and signs requests using a local wallet key.

You need:

• tl-admin binary
• Access to the admin WebSocket endpoint
• A private key with admin privileges (set via ADMIN_CLIENT_PRIVATE_KEY)

Commands

Credit a user on a specific subnet:

Authorize a delegate to operate in a subnet:

Update staking metadata for a subnet:

Internals

Delegation is public key based. A broker checks with the admin subnet to determine if a worker's identity is authorized under its subnet. Authorization is off-chain but enforced at runtime.

Reward routing uses credit records scoped to (user, subnet, currency). Tokens are handled as raw strings. The admin subnet does not validate currencies, does not enforce supply, and does not perform conversions. Payout logic is handled externally by the broker or subnet operator.

When Not Required

The admin subnet is not needed if:

• You're running a private or isolated subnet
• You don't handle rewards or payouts
• You're testing locally without staking or identity constraints