Skip to content

verification-gates.md

Latest commit

 

History

History
442 lines (295 loc) · 12.2 KB

verification-gates.md

File metadata and controls

442 lines (295 loc) · 12.2 KB

Verification Gates

PrivateDAO maintains a reviewer-visible verification layer so the repository can be checked without trusting prose alone.

Core Gates

Run these from the repository root.

Strategy Surface

npm run verify:strategy-surface

Checks that the strategy-facing review package is present and internally coherent.

Submission Registry

npm run verify:submission-registry

Checks that the canonical submission registry contains the required packages, links, gates, and core identity values.

Registry Consistency

npm run verify:registry-consistency

Checks that the submission registry and proof registry stay aligned on canonical live references.

Generated Artifacts

npm run verify:generated-artifacts

Checks that generated reviewer artifacts such as the audit packet and review attestation exist and remain structurally valid.

Devnet Stress Harness

npm run test:devnet:all

Runs the full 50-wallet Devnet harness, then rebuilds and verifies the reviewer artifacts that bind:

  • wallet registry
  • DAO bootstrap record
  • explorer transaction registry
  • adversarial rejection report
  • zk proof registry
  • performance metrics
  • load-test report

This is the canonical reproducible multi-wallet execution command for the live Devnet package.

Devnet Extended Isolation And Race Harness

npm run test:devnet:multi
npm run test:devnet:race
npm run test:devnet:extended

These commands extend the canonical 50-wallet run with:

  • three live proposals executed in one DAO to prove proposal isolation
  • cross-proposal voter-record and delegation-marker rejection evidence
  • concurrent finalize races with one valid winner
  • concurrent execute races with one valid winner

The generated reviewer-facing artifacts are:

  • docs/devnet-multi-proposal-report.json
  • docs/devnet-multi-proposal-report.md
  • docs/devnet-race-report.json
  • docs/devnet-race-report.md

Devnet Resilience Harness

npm run test:devnet:resilience
npm run verify:devnet:resilience-report

This command adds operator-grade recovery evidence on Devnet for:

  • fallback from a dead-end RPC endpoint
  • stale blockhash rejection
  • rebuilt transaction recovery on a fresh blockhash

The generated reviewer-facing artifacts are:

  • docs/devnet-resilience-report.json
  • docs/devnet-resilience-report.md

Cryptographic Integrity

npm run verify:cryptographic-manifest

Checks that the sha256 manifest covering zk artifacts, live-proof anchors, and generated review materials still matches the canonical files on disk.

Mainnet Readiness Report

npm run build:mainnet-readiness-report
npm run verify:mainnet-readiness-report

Builds and verifies the generated readiness report that summarizes what is already verified inside the repository and what still remains external before any production cutover should be claimed.

Mainnet Go-Live Checklist

Review:

  • docs/mainnet-go-live-checklist.md

ZK Phase C Hardening

Review:

  • docs/phase-c-hardening.md

This document makes the current boundary explicit:

  • Phase A is live
  • Phase B is live
  • zk_enforced is usable
  • zk_enforced is not yet promoted as the strongest production path

Related review docs:

  • docs/zk-verifier-strategy.md
  • docs/zk-enforced-threat-review.md
  • docs/zk/enforced-runtime-evidence.md
  • docs/zk/enforced-operator-flow.md
  • docs/zk-external-audit-scope.md
  • docs/canonical-verifier-boundary-decision.md
  • docs/zk/external-closure.generated.md

Commands:

npm run build:zk-enforced-runtime
npm run verify:zk-enforced-runtime
npm run build:zk-external-closure
npm run verify:zk-external-closure

This checklist is the shortest go or no-go surface for production cutover. It does not replace the generated proof package; it compresses the final blockers into one operator-facing checklist.

Deployment Attestation

npm run build:deployment-attestation
npm run verify:deployment-attestation

Builds and verifies a machine-readable deployment attestation that binds the canonical program, governance anchors, token surface, readiness status, and verification gates into one review artifact.

Go-Live Attestation

npm run build:go-live-attestation
npm run verify:go-live-attestation

Builds and verifies a machine-readable go-live decision artifact that makes the current mainnet block conditions explicit instead of leaving them implicit in prose.

Runtime Attestation

npm run build:runtime-attestation
npm run verify:runtime-attestation

Builds and verifies a machine-readable runtime summary for supported Devnet wallets, the diagnostics page, and the reviewer-visible wallet runtime surface.

Runtime Surface

npm run verify:runtime-surface

Checks that the live diagnostics page, supported wallet labels, runtime attestation, and PDAO/runtime anchors stay aligned in the frontend itself.

Runtime Evidence

npm run build:runtime-evidence
npm run verify:runtime-evidence

Builds and verifies a generated runtime-evidence package that consolidates runtime attestation, wallet compatibility, Devnet canary, and resilience behavior into one reviewer-facing summary.

Real-Device Runtime Intake

npm run build:real-device-runtime
npm run verify:real-device-runtime

Builds and verifies the reviewer-facing intake package for real desktop and mobile wallet captures. This package keeps the boundary honest: diagnostics and wallet matrices are useful, but real-device evidence is tracked separately until actual captures are committed.

Operational Evidence

npm run build:operational-evidence
npm run verify:operational-evidence

Builds and verifies a generated operational-evidence package that consolidates:

  • full 50-wallet lifecycle execution
  • zk companion proof activity
  • adversarial rejection coverage
  • multi-proposal isolation
  • finalize and execute race behavior
  • RPC interruption and stale-blockhash recovery

This package is the shortest reviewer-facing path for the project's preserved Devnet execution evidence, while the current operating path is Testnet.

Extended Devnet Profiles

npm run test:devnet:100
npm run test:devnet:500

Runs the same Devnet stress harness at larger wallet counts while writing to profile-specific artifacts so the canonical 50-wallet reviewer package remains stable and explorer-visible.

Wallet Compatibility Matrix

npm run build:wallet-matrix
npm run verify:wallet-matrix

Builds and verifies a generated wallet compatibility matrix that documents the detected providers, connection fallback, transaction fallback, diagnostics visibility, and honest runtime-QA boundary for each supported wallet class.

Devnet Canary

npm run build:devnet-canary
npm run verify:devnet-canary
npm run ops:canary

Builds and verifies a lightweight read-only Devnet canary that checks:

  • primary and fallback RPC health
  • canonical PrivateDAO anchor accounts
  • governance mint supply visibility
  • sustainable operational readiness between heavier stress runs

Supply-Chain Attestation

npm run build:supply-chain-attestation
npm run verify:supply-chain-attestation

Builds and verifies a generated supply-chain attestation that binds the top-level Cargo, Anchor, npm, and Yarn manifests and lockfiles into the reviewer-visible integrity surface.

Release Ceremony Attestation

npm run build:release-ceremony-attestation
npm run verify:release-ceremony-attestation

Builds and verifies a generated release-ceremony attestation that ties reviewed commit identity, required release gates, operator-facing cutover docs, and unresolved external blockers into one reviewer-visible artifact.

Release Drill Evidence

npm run build:release-drill
npm run verify:release-drill

Builds and verifies a repository-simulated release drill that makes the pre-cutover and blocked-external stages explicit rather than leaving them implied. The generated trace now also records which repository commands and reviewer-visible artifacts participated in the simulated release path.

Mainnet Acceptance Package

npm run build:mainnet-acceptance-matrix
npm run verify:mainnet-acceptance-matrix
npm run build:mainnet-proof-package
npm run verify:mainnet-proof-package

Builds and verifies the reviewer-facing acceptance matrix and proof package that separate repository-accepted surfaces from external blockers such as audit, real-device QA, and live rollout.

Artifact Freshness

npm run verify:artifact-freshness

Rebuilds the deterministic generated reviewer artifacts and packaged review bundle, then rejects drift between committed outputs and the current builders.

ZK Registry

npm run build:zk-registry
npm run verify:zk-registry

Builds and verifies the machine-readable registry for the live Circom and Groth16 stack, including artifact paths, public signal counts, and per-layer commands.

ZK Transcript

npm run build:zk-transcript
npm run verify:zk-transcript

Builds and verifies the reviewer-readable zk transcript that carries the proving system, ptau reference, per-layer commands, and tracked artifact hashes.

ZK Attestation

npm run build:zk-attestation
npm run verify:zk-attestation

Builds and verifies a machine-readable zk attestation that binds the registry, transcript, proving system, ptau, and per-layer proof artifacts into one reviewer-facing summary.

ZK Docs

npm run verify:zk-docs

Checks that the zk reviewer docs stay aligned on layer names, replay boundaries, and verification commands. This includes:

  • threat extension
  • assumption matrix
  • capability matrix
  • verification flow

ZK Consistency And Tamper Rejection

npm run verify:zk-consistency
npm run verify:zk-negative

Checks that recomputed public signals match the stored outputs and that tampered public signals or proof objects are rejected.

Live Proof

npm run verify:live-proof

Checks that the live-proof document stays aligned with the canonical proof registry and expected devnet evidence.

The wider review surface also tracks the documented Devnet governance-token profile:

  • docs/pdao-token.md
  • docs/token.md

Token Presence Gate

The token presence gate confirms that governance identity and structured participation are visible in the reviewer surface.

This means the repository should make clear:

  • why the governance token exists
  • how it supports proposal participation
  • how it reinforces lifecycle accountability
  • how it fits inside the wider governance security model

Release Manifest

npm run verify:release-manifest

Checks that the release manifest, proof registry, README references, and generated handoff surfaces remain consistent.

Program ID Consistency

npm run verify:program-id-consistency

Checks that the canonical PrivateDAO program id stays aligned across Anchor.toml, declare_id!, reviewer docs, the frontend constant, and supporting tooling.

PDAO Token Surface

npm run build:pdao-attestation
npm run verify:pdao-surface
npm run verify:pdao-attestation
npm run verify:pdao-live

Checks that the published PDAO token docs, local metadata asset, generated attestation, reviewer-facing surfaces, and preserved Devnet token state stay aligned with the canonical proof registry.

Review Links

npm run verify:review-links

Checks that the canonical reviewer path remains visible from the README and the GitHub Pages frontend.

Ops Surface

npm run verify:ops-surface

Checks that production-ops, incident-response, monitoring, cutover, and operator docs remain present.

Review Surface

npm run verify:review-surface

Runs the broader review-surface gate, including release-manifest, live-proof, registry, and reviewer-link consistency.

Unified Gate

npm run verify:all

This is the canonical repo-wide verification command. It rebuilds generated reviewer artifacts and runs the verification gates needed to keep the reviewer, operator, and proof surfaces coherent.

CI Enforcement

The unified gate is also enforced in CI on push and pull request events, so review-surface drift is caught automatically.