PrivateDAO now ships a cryptographic integrity layer above the existing review and zk surfaces.
The goal is simple: reviewer-facing evidence should be tamper-evident, not just well documented.
docs/cryptographic-manifest.generated.jsonscripts/build-cryptographic-manifest.tsscripts/verify-cryptographic-manifest.ts
The manifest currently records sha256 digests for the highest-signal artifacts:
- zk circuit sources
- zk verification keys
- zk sample proofs
- zk public inputs
- proof registry
- devnet release manifest
- live proof note
- submission registry
- independent verification guide
- security review
- zk layer note
- zk stack note
- verification-gates note
These hashes do not replace on-chain verification.
They serve a different purpose:
- prevent silent drift across critical reviewer-facing artifacts
- make zk evidence tamper-evident
- let reviewers verify that the same canonical evidence surface is being referenced everywhere
Rebuild the manifest:
npm run build:cryptographic-manifestVerify the manifest:
npm run verify:cryptographic-manifestRun the full verification stack:
npm run verify:allThis layer is additive and non-breaking.
It does not:
- change deployed contracts
- change PDA derivations
- change instruction interfaces
- replace existing proof, replay, or lifecycle validation
It strengthens artifact integrity on top of the existing protocol and review surface.