PrivateDO
ConnectReviewSignVerify
Root docs
Repository viewer
Legacy docs parity surface
Back to repository viewer
Repository document

Phase C Hardening

phase-c-hardening.md

Boundary

This route preserves legacy markdown access inside the Next.js surface. The raw repository file remains authoritative.

Open raw file

Phase C Hardening

PrivateDAO is not yet claiming full production-grade zk_enforced dominance.

The repository is now at:

  • Phase A: proposal-bound on-chain proof anchors and parallel verification receipts
  • Phase B: proposal-level zk_enforced mode with frontend and CLI support
  • Phase C: pending hardening before zk_enforced can become the stronger production path

What Is Already Live

  • commit-reveal remains the canonical live governance path
  • verify_zk_proof_on_chain records proposal-bound verification receipts on chain
  • verification receipts can now be upgraded from parallel to zk_enforced
  • configure_proposal_zk_mode can lock a proposal into zk_enforced
  • finalize_zk_enforced_proposal is available and surfaced in the frontend and CLI
  • once a proposal is locked to zk_enforced, the policy cannot be downgraded
  • zk_enforced proposals require the stronger receipt mode, not only Phase A parallel receipts

What Still Blocks Phase C

1. Verifier Boundary

The current stack records anchors and verification receipts on chain, but the proving and verification workflow is still generated and checked off chain before receipts are written.

To move to a stronger production-grade zk_enforced model, the project still needs:

  • a final verifier boundary decision
  • production compute-budget analysis
  • final proof/public-input policy for vote, delegation, and tally
  • verifier-program provenance and versioning discipline

2. Runtime Validation

zk_enforced must be validated through:

  • wallet-connected proposal creation
  • proof anchoring
  • receipt recording
  • mode activation
  • finalize path execution

This must be repeated across:

  • Phantom
  • Solflare
  • Backpack
  • Glow
  • Android runtime captures

3. Multi-Proposal And Negative Paths

The stronger path still needs expanded coverage for:

  • missing receipt rejection
  • wrong receipt rejection
  • policy immutability after zk_enforced
  • cross-proposal receipt substitution rejection
  • mixed proposal sets where some DAOs remain companion mode and others use zk_enforced

4. External Security Review

Before zk_enforced becomes the strongest production recommendation, the repo still needs:

  • external audit coverage for the new policy account and finalize path
  • review of verifier receipts as a trust boundary
  • operational review of upgrade, rollback, and authority handling

Safe Execution Path

Use the following order:

  1. keep commit-reveal live as the default path
  2. expand zk_enforced Devnet evidence with more proposal runs
  3. validate wallet/runtime behavior on real devices
  4. complete external review
  5. only then consider promoting zk_enforced as the stronger production path

Current Rule

The repo is deliberately explicit:

  • zk_enforced exists
  • zk_enforced is usable
  • zk_enforced is not yet declared the dominant production path

That promotion requires additional runtime evidence, review, and operator confidence beyond the current repository state.