PrivateDO
Search or ask AI
Root docs
Repository viewer
Legacy docs parity surface
Back to repository viewer
Repository document

REFHE Operator Flow

refhe-operator-flow.md

Boundary

This route preserves legacy markdown access inside the Next.js surface. The raw repository file remains authoritative.

Open raw file

<!-- SPDX-License-Identifier: AGPL-3.0-or-later -->

REFHE Operator Flow

Use this when a confidential payroll, bonus, or grant proposal requires encrypted evaluation before settlement.

Flow

  • Create the proposal.
  • Configure the confidential payout plan.
  • Configure the REFHE envelope.
  • Complete voting and reveal.
  • Finalize the proposal.
  • Run the encrypted evaluation off-chain.
  • Settle the REFHE envelope on-chain from the DAO authority wallet.
  • Execute the confidential payout.

Frontend Flow

In the web app:

  • Open `Proposals`
  • Create a confidential payroll or bonus proposal
  • Fill:
  • encrypted manifest URI
  • manifest hash
  • ciphertext hash
  • REFHE model URI
  • REFHE policy hash
  • REFHE input ciphertext hash
  • REFHE evaluation key hash
  • Submit in wallet
  • After finalization, inspect `REFHE READINESS` in the selected proposal panel
  • Do not execute until the panel reports `Ready`

CLI Flow

npm run create-proposal -- ...
PROPOSAL_PDA="$PROPOSAL_PDA" npm run inspect:confidential-payout -- --proposal "$PROPOSAL_PDA"
PROPOSAL_PDA="$PROPOSAL_PDA" npm run inspect:refhe -- --proposal "$PROPOSAL_PDA"
DAO_PDA="$DAO_PDA" PROPOSAL_PDA="$PROPOSAL_PDA" \
REFHE_RESULT_CIPHERTEXT_HASH="$REFHE_RESULT_CIPHERTEXT_HASH" \
REFHE_RESULT_COMMITMENT_HASH="$REFHE_RESULT_COMMITMENT_HASH" \
REFHE_PROOF_BUNDLE_HASH="$REFHE_PROOF_BUNDLE_HASH" \
REFHE_VERIFIER_PROGRAM="$REFHE_VERIFIER_PROGRAM" \
npm run settle:refhe -- --dao "$DAO_PDA" --proposal "$PROPOSAL_PDA" --result-ciphertext-hash "$REFHE_RESULT_CIPHERTEXT_HASH" --result-commitment-hash "$REFHE_RESULT_COMMITMENT_HASH" --proof-bundle-hash "$REFHE_PROOF_BUNDLE_HASH" --verifier-program "$REFHE_VERIFIER_PROGRAM"
PROPOSAL_PDA="$PROPOSAL_PDA" npm run execute -- --proposal "$PROPOSAL_PDA"

Required Checks

Before settlement:

  • `input_ciphertext_hash` matches the payout plan ciphertext hash
  • payout plan belongs to the same proposal
  • proposal is still the intended confidential payout proposal

Before execution:

  • proposal status is `Passed`
  • timelock is cleared
  • payout plan status is still `Configured`
  • REFHE envelope status is `Settled`
  • REFHE envelope was settled by the DAO authority
  • verifier program is present

This is an authority-settled execution gate. It does not claim that the PrivateDAO program re-executes or cryptographically verifies REFHE computation on-chain.

Failure States

  • `RefheSettlementRequired`
  • configure/settle REFHE before execution
  • `RefheVerifierProgramRequired`
  • settle again with a verifier program binding
  • `RefheEnvelopeMismatch`
  • the wrong proposal or payout plan is being used
  • `RefheEnvelopeLocked`
  • the proposal or payout plan moved past the allowed configuration window