Skip to content
ProveKit ProveKit ProveKit Docs

Production checklist

Use this checklist before shipping a workflow backed by ProveKit. It is intentionally conservative: ProveKit is still under active development and main may change proof, key, recursive-verifier, or API formats between commits.

1. Pin the implementation

Section titled “1. Pin the implementation”
  • Use v1 for the current stable interface; use main only for early-adopter work, with a migration or rollback plan.
  • Record the git commit, lockfile, toolchain, exact CLI commands, and the prepare --hash value used to generate every artifact set.

2. Control and handle artifacts

Section titled “2. Control and handle artifacts”

For every generated artifact, record the provenance below:

ArtifactRequired provenance
.pkpCircuit source, hash, commit, generating command.
.pkvSame generation record as the matching .pkp.
proof.np or JSON proofMatching .pkp, input file, public inputs, commit.
params_for_recursive_verifierMatching .pkv and proof.
r1cs.jsonMatching .pkv and recursive-verifier export command.
Groth16 pk / vkSetup ceremony or development-only generation record.

Handling rules:

  • Do not mix artifacts generated from different branches, commits, hash choices, circuits, or verifier/proof pairs.
  • Treat public input encoding as an API contract; review show-inputs --hex output as part of release sign-off.
  • Keep private witness values and prover keys out of logs unless explicitly approved.

3. Lock the end-to-end workflow

Section titled “3. Lock the end-to-end workflow”

Add a CI job that runs the exact deployment path:

Terminal window
mkdir -p artifacts
cargo run --release --bin provekit-cli -- prepare \
  . \
  --pkp artifacts/app.pkp \
  --pkv artifacts/app.pkv
cargo run --release --bin provekit-cli -- prove \
  --prover artifacts/app.pkp \
  --input Prover.toml \
  --out artifacts/proof.np
cargo run --release --bin provekit-cli -- verify \
  --verifier artifacts/app.pkv \
  --proof artifacts/proof.np
cargo run --release --bin provekit-cli -- show-inputs --hex \
  artifacts/app.pkv \
  artifacts/proof.np

If recursive verification is part of the product, add the export step and verify the Go/gnark path with the exact generated files:

Terminal window
cargo run --release --bin provekit-cli -- generate-gnark-inputs \
  artifacts/app.pkv \
  artifacts/proof.np \
  --params artifacts/params_for_recursive_verifier \
  --r1cs artifacts/r1cs.json

4. Harden integration hosts

Section titled “4. Harden integration hosts”

Rust services

Section titled “Rust services”
  • Reload or clone verifier state when verifying multiple proofs in one process.
  • Expose the --hash choice in configuration so the proving and verifying hosts stay aligned.
  • Add regression tests that confirm mismatched key/proof pairs are rejected.

WASM / JavaScript

Section titled “WASM / JavaScript”
  • Call initPanicHook() and initThreadPool() before proving when using threaded builds.
  • Create a new Prover for each proof; proveBytes() / proveJs() consume the prover.
  • Validate witness maps before calling proveBytes() or proveJs().
  • Load .pkp and .pkv artifacts from authenticated, integrity-checked sources.

FFI / mobile

Section titled “FFI / mobile”
  • Call pk_init() once before proving.
  • Configure the custom allocator or mmap memory before initialization.
  • Free every returned PKBuf with pk_free_buf().
  • Test low-memory and cancellation behavior on target devices.

Verifier server

Section titled “Verifier server”
  • Restrict artifact URL sources or proxy them through trusted storage.
  • Tune VERIFIER_MAX_REQUEST_SIZE, VERIFIER_REQUEST_TIMEOUT, VERIFIER_TIMEOUT_SECONDS, and VERIFIER_SEMAPHORE_LIMIT for real proof sizes.
  • Monitor /health, request IDs, verification latency, timeout rate, and invalid-proof rate.
  • Decide how long downloaded artifacts remain in VERIFIER_ARTIFACTS_DIR.

Recursive verifier

Section titled “Recursive verifier”
  • Generate the Groth16 trusted-setup proving and verifying keys with a production-grade ceremony, not the development helper.
  • Re-run the recursive export after changing the proof, verifier key, branch, circuit, or hash configuration.

5. Red flags

Section titled “5. Red flags”

Pause deployment if any of these are true:

  • Artifact provenance is unknown or spans multiple branches or commits.
  • verify fails locally for a proof the service plans to accept.
  • Recursive-verifier params or r1cs.json were not regenerated with the current .pkv and proof.
  • Public input ordering is not pinned by a show-inputs --hex test for the production circuit.
  • Verifier-server artifact URLs can be controlled by untrusted clients without filtering.
  • FFI buffers are not freed, or allocator setup happens after pk_init().
  • Browser proving reuses a consumed WASM Prover instance.
  • The deployment depends on main behavior without a migration or rollback plan.
Section titled “Related references”