Note: public validation command changes must update validation-gates.md in the same change.This backlog turns the multi-chain design into reviewable engineering slices. It is intentionally scoped to local compiler, artifact, and smoke-test work. The cloud platform should wait until at least two materially different targets are working locally. Related docs:
- Design decisions
- Portable Contract IR
- Capability registry
- Shared scenario: Counter
- RFC 0002
- Target notes
- Validation gates
Primary-chain completion covenant (D-045)
Before adding implementation scope for more chains, ProofForge must complete the three priority chains in this order:solana-sbpf-asm— Solana direct sBPF assembly backend.evm— Ethereum/EVM backend and deployment lane.wasm-near— NEAR on the Wasm-family backend.
Workstream 1: Target Registry
Goal: make target selection explicit before adding more backends. Tasks:- Add target ids:
evm,wasm-near,wasm-cosmwasm,solana-sbpf-asm,solana-sbpf-linker(superseded),solana-zig-fork,move-sui,move-aptos,psy-dpn. - Define target family, artifact kind, required tools, and capability set (see capability-registry.md).
- Add a target lookup function for CLI and scripts.
- Done: add an EVM-compatible chain profile layer for deployment metadata,
starting with
robinhood-chain-testnetunder theevmcompiler target. - Add diagnostics for unknown targets and unsupported capabilities.
evmcan be represented as a target profile without changing current EVM behavior.- EVM-compatible chain profiles can reuse the
evmcompiler target without being returned by target-id lookup. - A target profile can declare external tool requirements.
- Unsupported capability errors include target id, capability id, and source location when available.
Workstream 1.5: Portable IR and Shared Scenario
Goal: define the contract IR and Counter scenario before non-EVM spikes. Tasks:- Implement IR node types per portable-ir.md.
- Express Counter per shared-scenario.md.
- Lower Counter IR to EVM (directly or via EmitYul adapter).
- Wire capability checker to capability-registry.md.
- Counter module is representable in IR without EVM opcodes in the IR layer.
- EVM build from IR matches existing Counter behavior.
- At least one unsupported capability is rejected with a clear diagnostic.
- IR version appears in artifact metadata when emitted.
Workstream 2: Artifact Metadata
See validation-gates.md for current and planned validation commands. Goal: every build should produce a machine-readable result that can later feed CI and the cloud platform. Tasks:- Done for EVM: add a
proof-forge-artifact.jsonschema for EVM bytecode builds. - Done for EVM: emit metadata for
--evm-bytecodeand portable IR EVM bytecode fixture builds. - Done for EVM: include source module, target id, artifact paths, SHA-256, byte sizes, solc path/version, selector/signature metadata, and validation status.
- Done for EVM: preserve SDK
.evm-methodsSolidity signatures inabi.methods[].signaturefor bothproof-forge-artifact.jsonandproof-forge-deploy.json; validators check selector shape, duplicate method selectors/functions/signatures, generated Yul function names, and signature/arg-count consistency, and SDK example gates require signatures. - Done for EVM: emit and validate a ProofForge deploy manifest for every EVM
bytecode build, recording runtime bytecode inputs, ABI selectors, deployable
initcode, and the current
not-generatedtransaction-broadcast status. - Done for EVM: generate an artifact-linked
.init.bincreation bytecode file for each EVM bytecode build, record it in bothproof-forge-artifact.jsonandproof-forge-deploy.json, and validate that the initcode header copies and returns the referenced runtime bytecode. - Done for EVM: add
--evm-chain-profile <id>so bytecode builds can record a known EVM chain profile such asrobinhood-chain-testnetoranvil-localinproof-forge-deploy.json; validators check profile id, chain id, RPC URLs, explorer, verifier, and deployment-block consistency without broadcasting. - Done for EVM: add
--evm-constructor-args-hex <hex>so bytecode builds can append explicit ABI-encoded constructor arguments to generated.init.bin, record normalized hex/byte-size/SHA-256 constructor metadata inproof-forge-deploy.json, and validate that the initcode tail matches the manifest. - Done for EVM: add
--evm-constructor-param <name:type>so bytecode builds can record static-word constructor ABI schema in artifact metadata and deploy manifests, validate supported schema types, and verify that an explicit ABI-encoded constructor-argument blob has the expected 32-byte word length. - Done for EVM: add
--evm-constructor-arg <name=value>so bytecode builds can ABI-encode typed constructor values foruint256,uint64,uint32,bool,bytes32, andaddress, record whether constructor args came from typed values or raw hex, reject missing/duplicate/out-of-range values, and validate the generated initcode tail against metadata and deploy manifests. - Done for EVM: record structured portable IR selector-facing entrypoint ABI
metadata in
abi.entrypoints, including Solidity-style selector signatures, IR type names, ABI parameter/return types, flattened calldata word types/counts, and flattened return word types/counts; validators check selector/signature consistency withcast sigandEvmAbiAggregateProbelocks aggregate word layouts with--expect-entrypoint-abi. - Done for EVM: record portable IR event ABI metadata in
abi.events, including Solidity-style event signatures,topic0, indexed/data fields, flattened ABI word types, and topic/data encodings; EventProbe validates every emitted event with--expect-eventandcast keccak. - Done for EVM: extend
scripts/evm/diagnostic-smoke.shto lock constructor CLI diagnostics for unsupported dynamic constructor ABI types, missing or duplicate typed values, mixed typed/raw constructor argument sources, overflow, and malformed static-word values such as short addresses. - Done for EVM: add an Anvil deploy smoke that sends generated Counter
.init.binwithcast send --create, records constructor ABI schema and typed constructor args plus aproof-forge-deploy-run.jsonartifact, records theeth_getTransactionByHashcreation transaction JSON, validates theanvil-localchain profile, receipt/deployed address/runtime-code match and transaction input initcode, and exercises the Counter lifecycle over JSON-RPC. - Keep schema versioned from day one.
- EVM bytecode build writes runtime bytecode, deployable initcode, metadata, and deploy manifest next to each other.
- Metadata and deploy manifests can be parsed independently by CI scripts.
- Portable IR bytecode metadata and deploy manifests can describe ABI-facing entrypoints, including selector signatures, flattened calldata word layout, and flattened return-data word layout.
- Portable IR bytecode metadata and deploy manifests can describe ABI-facing events, including indexed topic encoding and non-indexed data-word encoding.
- Deploy manifests can carry optional EVM chain profile metadata from the
target registry while keeping transaction broadcast artifacts explicitly
not-generated. - Local Anvil deployment can consume the generated deploy manifest and initcode, produce a validated deploy-run artifact, and prove the deployed runtime code matches the generated bytecode even when the initcode includes a typed or raw ABI-encoded constructor-argument tail with a recorded static constructor ABI schema; the deploy-run artifact also links the observed creation transaction JSON and validates that its input equals the generated initcode and that the deployment profile chain id matches the actual local chain.
- EVM metadata can represent missing optional version data as
null, not malformed metadata.
Workstream 3: EVM Baseline Hardening
See validation-gates.md for current and planned validation commands. Goal: keep EVM stable while the target model is introduced. Tasks:- Keep
proof-forge --evm-bytecodeworking. - EVM semantic plan migration TODO:
- Done: make
ModulePlantarget-driven so helper planning is derived fromTarget.resolveModule/resolveSpec Target.evmbefore Yul generation. - Split
ProofForge.Backend.Evm.IRintoValidate,Lower,ToYul, andMetadatamodules while keepingIR.leanas a compatibility facade until callers have moved. - Done: move scalar and map storage slot Yul construction to
StorageSlotPlan -> ToYul, starting with map value/presence slots used by storage paths. - Extend
StorageSlotPlan -> ToYulto array slots and struct-array field slots, then remove the old direct slot-expression builders fromIR.lean. - Add
ExprPlanandStmtPlanso expression and statement validation, helper discovery, and target-specific lowering happen before Yul AST assembly. - Add
EntrypointPlanfor selector dispatch, calldata guards, ABI word flattening, return-data encoding, and metadata selector layout. - Add
EventPlanfor event signature topics, indexed-topic hashing, non-indexed data flattening, and metadata event layout. - Add
CrosscallPlanfor typedcall, value-bearingcall,staticcall,delegatecall,create, andcreate2helpers. - Add
MetadataPlanand deploy-artifact planning so bytecode metadata, initcode, deployment manifests, and chain profile references are produced from the same semantic plan. - Delete the old custom semantic
IR.lean -> Yullowering only after each migrated capability is covered by plan-level diagnostics, golden Yul, solc bytecode generation, Foundry smokes, artifact metadata validation, and the EVM IR coverage manifest. - Keep
ProofForge.Compiler.Yul.ASTandProofForge.Compiler.Yul.Printer; the migration replaces backend semantic lowering, not the target AST/printer boundary.
- Done: make
- Done: add EVM IR diagnostic smoke so unsupported portable IR shapes fail before Yul generation with stable messages.
- Done: add an EVM IR coverage manifest gate so every portable IR constructor must be classified as lowered, validated, unsupported, or structural for the EVM backend.
- Done: add
AbiScalarProbefor portable IR EVM scalar ABI parameter decoding overU64,U32, andBool, with golden Yul, solc bytecode, and Foundry malformed-calldata validation. - Done: add EVM IR
assertandassert_eqlowering as Yul revert guards, withAssertProbegolden Yul, solc bytecode, and Foundry success/revert validation. - Done: add EVM IR mutable scalar local bindings and local assignment lowering,
with
AssignmentProbegolden Yul, solc bytecode, and Foundry success/revert validation. - Done: add EVM IR local and scalar storage compound assignment lowering for
all portable
AssignOpvariants, withEvmAssignOpProbegolden Yul, solc bytecode, Foundry runtime/raw-slot validation, metadata capability validation, and explicit diagnostics for malformed targets/types. - Done: add EVM IR statement-level
if/elselowering as Yulswitchblocks, withConditionalProbegolden Yul, solc bytecode, Foundry runtime validation, plus EVM-specific branch-local early-return validation throughEvmLoopProbe. - Done: add EVM IR
boundedForlowering as Yulforloops with static bounds, withEvmLoopProbegolden Yul, solc bytecode, Foundry runtime/raw storage validation, metadata capability validation, branch-local and loop-local early-return lowering through Yulleave, and explicit invalid range diagnostics. - Done: add EVM IR context read lowering for
userId,contractId, andcheckpointIdas Yulcaller(),address(), andnumber(), withContextProbegolden Yul, solc bytecode, Foundry runtime validation, and metadata capability validation. - Done: add EVM IR
nativeValuelowering as Yulcallvalue(), withContextProbegolden Yul, solc bytecode, Foundry value-bearing call validation, andvalue.nativemetadata capability validation. - Done: add EVM IR
eventEmitlowering to Yullog1withkeccak256(Solidity-style event signature)topic0 and 32-byte word data fields, withEventProbegolden Yul, solc bytecode, Foundry recorded-log validation, metadata capability validation, and explicit malformed event diagnostics. - Done: add EVM IR
eventEmitIndexedlowering to Yullog2/log3/log4for up to three scalar indexed fields, with signature topic0, indexed topics, non-indexed 32-byte word data,EventProbegolden Yul, solc bytecode, Foundry recorded-log validation, metadata capability validation, and explicit indexed event diagnostics. - Done: close the EventProbe validation gap for multi-topic scalar indexed
events.
IndexedTwoValues(uint64,uint64,uint64)andIndexedThreeValues(uint64,uint64,uint64,uint64)now prove the generated Yul emitslog3andlog4, preserves ordered scalar indexed topics, validates metadata selectors, compiles withsolc, and passes Foundry recorded-log assertions. - Done: close the EventProbe validation gap for typed scalar event fields.
TypedScalarEvent(bool,uint32,bytes32)andIndexedTypedScalar(bool,uint32,bytes32,uint64)now prove Bool, U32, and Hash event data words and indexed topics lower correctly, with Bool/U32 dispatcher guards, golden Yul, metadata selector checks,solc, and Foundry recorded-log assertions. - Done: extend EVM IR event data lowering beyond scalar words so non-indexed
flat struct fields, scalar fixed-array fields, and fixed arrays of flat
structs emit ABI-style flattened data words, with canonical Solidity-style
event signatures such as
PairEvent((uint64,uint64)),ArrayEvent(uint64[2]), andPairArrayEvent((uint64,uint64)[2]),EventProbegolden Yul, solc bytecode, Foundry recorded-log validation, metadata selector validation, and explicit diagnostics for unsupported aggregate indexed fields. - Done: extend EVM IR
eventEmitIndexedlowering so flat struct indexed fields and fixed-array indexed fields whose elements are flat structs hash their ABI-style flattened words into indexed topics.EventProbenow coversIndexedPair((uint64,uint64),uint64)andIndexedPairArray((uint64,uint64)[2],uint64)with golden Yul, solc bytecode, metadata selector validation, Foundry recorded-log topic-hash checks, and a diagnostic for nested/unsupported aggregate indexed shapes. - Done: close the EventProbe validation gap for scalar fixed-array indexed
topics by adding
IndexedArray(uint64[2],uint64)golden Yul, metadata selector validation, solc bytecode generation, and Foundry recorded-log topic-hash checks. - Done: extend EventProbe nested fixed-array event aggregate coverage.
MatrixEvent(uint64[2][2])andPairMatrixEvent((uint64,uint64)[2][2])prove recursive non-indexed data flattening for scalar and flat-struct leaves, whileIndexedMatrix(uint64[2][2],uint64)andIndexedPairMatrix((uint64,uint64)[2][2],uint64)prove indexed aggregate topic hashing over recursively flattened ABI-style words. The smoke now locks the new selectors, event ABI metadata, golden Yul,solcbytecode, and Foundry recorded-log assertions; nested arrays with unsupported or non-flat leaves remain explicit diagnostics. - Done: add EventProbe coverage for storage-backed flat struct event data and
indexed aggregate topics.
StoragePairEvent((uint64,uint64))andIndexedStoragePair((uint64,uint64),uint64)now prove that a whole scalar storage struct write can be read back throughstorageScalarRead, flattened into event data words, hashed into indexed topics, validated in golden Yul, checked in metadata selectors, compiled bysolc, and decoded by Foundry recorded logs. - Done: add EventProbe coverage for storage-backed fixed-array event aggregates.
StorageArrayEvent(uint64[2]),StoragePairArrayEvent((uint64,uint64)[2]),IndexedStorageArray(uint64[2],uint64), andIndexedStoragePairArray((uint64,uint64)[2],uint64)now prove that storage array reads and storage array struct field reads can feed non-indexed event data flattening and indexed aggregate topic hashing, with golden Yul, metadata selector checks,solc, and Foundry recorded-log validation. - Done: add EVM IR
crosscallInvokelowering to synchronous EVMcallhelpers with selector packing, word arguments, one-word returns, failed-call and short-return reverts, withEvmCrosscallProbegolden Yul, solc bytecode, Foundry runtime validation, metadata capability validation, and explicit malformed crosscall type diagnostics. - Done: add EVM IR
crosscallInvokeTypedlowering for typed scalar-word crosscalls overBool,U32,U64, andHash, with return-type-specific Yul helpers, Bool/U32 return-data guards,EvmCrosscallProbegolden Yul, solc bytecode, Foundry valid/invalid typed-return validation, metadata entrypoint validation, diagnostics for aggregate argument/return shapes not covered at that stage, and explicit Psy unsupported diagnostics. - Done: extend EVM IR normal
crosscallInvokeTypedreturn lowering beyond scalar words for direct entrypoint returns of flat structs and scalar fixed arrays, with ABI-word-shape-specific Yul helpers, multi-word return-data size checks, Bool/U32 range guards across aggregate return words,EvmCrosscallProbegolden Yul, solc bytecode, Foundry aggregate struct/array return validation, metadata selector validation, and explicit diagnostics for aggregate return shapes not covered at that stage. - Done: extend EVM IR typed crosscall argument lowering beyond scalar words so
normal, value-bearing, static, and delegate typed calls can flatten flat
struct and scalar fixed-array arguments into ABI words.
EvmCrosscallProbenow covers normal struct and fixed-array arguments plus value/static/delegate struct arguments through golden Yul, solc bytecode, Foundry runtime checks, metadata selector validation, and explicit diagnostics for aggregate argument shapes not covered at that stage. - Done: add EVM IR
crosscallInvokeValueTypedlowering for value-bearing typed crosscalls, forwarding an explicit U64 call-value expression through value-specific Yul helpers for scalar returns plus flat struct and scalar fixed-array entrypoint aggregate returns, withEvmCrosscallProbegolden Yul, solc bytecode, Foundrymsg.value/callee-balance validation, aggregate Bool/U32 malformed-return guards, metadata entrypoint validation, EVM malformed value/return diagnostics, and explicit Psy unsupported diagnostics. - Done: add EVM IR
crosscallInvokeStaticTypedlowering for typed staticcalls, using value-free Yulstaticcallhelpers with selector/scalar/flat-aggregate argument packing, scalar returns, flat struct and scalar fixed-array entrypoint aggregate returns, and Bool/U32 return guards, withEvmCrosscallProbegolden Yul, solc bytecode, Foundry U64 read-only return, Bool/U32/Hash static typed return, aggregate return validation, invalid typed-return, static-context state-write failure validation, metadata entrypoint validation, EVM malformed nested aggregate diagnostics, and explicit Psy unsupported diagnostics. - Done: add EVM IR
crosscallInvokeDelegateTypedlowering for typed delegatecalls, using value-free Yuldelegatecallhelpers with selector/scalar/flat-aggregate argument packing, scalar returns, flat struct and scalar fixed-array entrypoint aggregate returns, and Bool/U32 return guards, withEvmCrosscallProbegolden Yul, solc bytecode, Foundry caller-storage read/write validation, Bool/U32/Hash delegate typed return validation, aggregate return validation, invalid typed-return validation, metadata entrypoint validation, EVM malformed nested aggregate diagnostics, and explicit Psy unsupported diagnostics. - Done: extend EVM IR typed crosscall aggregate coverage to fixed arrays of
flat structs across normal, value-bearing, static, and delegate typed call
arguments and direct entrypoint returns.
EvmCrosscallProbenow validatesRemotePair[2]ABI-word flattening, Bool/U32 field return guards, golden Yul, solc bytecode, Foundry runtime behavior, and metadata selectors across all four call modes. - Done: extend EVM IR typed crosscall aggregate coverage to nested scalar fixed
arrays across normal, value-bearing, static, and delegate typed call
arguments and direct entrypoint returns.
EvmCrosscallProbenow validatesuint64[2][2]ABI-word flattening, golden Yul, solc bytecode, metadata selectors, Foundry runtime behavior, value forwarding, staticcall behavior, and delegatecall behavior across all four call modes. At that milestone, diagnostics still rejected struct and other non-scalar nested fixed-array leaves; flat struct leaves are now covered by the follow-up item below. - Done: extend EVM IR typed crosscall aggregate coverage to nested fixed arrays
whose leaves are flat structs.
EvmCrosscallProbenow validatesRemotePair[2][2]arguments and direct entrypoint returns across normal, value-bearing, static, and delegate typed calls, including ABI word flattening, Bool/U32 field guards, golden Yul, solc bytecode, metadata selectors, Foundry runtime behavior, value forwarding, staticcall behavior, and delegatecall behavior. Diagnostics still reject nested fixed-array leaves whose structs are non-flat or otherwise unsupported. - Done: add EVM IR
crosscallCreateandcrosscallCreate2lowering for fixed init-code hex. Creation helpers write init code to memory, call Yulcreate/create2, revert on zero-address failure, return the deployed address word, and validate golden Yul, solc bytecode, metadata selectors, Foundry deployed runtime calls, deterministic CREATE2 address derivation, EVM malformed creation diagnostics, and Psy unsupported diagnostics. - Done: add EVM IR direct scalar expression validation for
U64/U32arithmetic,U64exponentiation,U64/U32bitwise operations and shifts, predicates, boolean operators, literals, immutable locals, supported casts, one-word returns, dispatcher guards, and assertion guards, withEvmExpressionProbegolden Yul, solc bytecode, Foundry runtime/malformed calldata validation, metadata capability validation, and CI coverage. - Done: add EVM IR
Hashword lowering,hash4/hashValuepacking, andhash/hash_two_to_onelowering through Yulkeccak256helpers, withEvmHashProbegolden Yul, solc bytecode, Foundry ABI/storage validation, metadata capability validation, and explicit Hash/U64 mismatch diagnostics. - Done: add EVM IR
Map<U64, U64, N>storage lowering through Solidity-stylekeccak256(key, slot)mapping slots, withEvmMapProbegolden Yul, solc bytecode, Foundry runtime/raw-slot validation, metadata capability validation, and explicit diagnostics for unsupported map shapes and statement-position misuse. - Done: add EVM IR single-segment
mapKeystorage path compound assignment overMap<U64, U64, N>, withEvmMapProbegolden Yul, solc bytecode, Foundry runtime/raw-slot validation, metadata capability validation, and explicit diagnostics for expression-position and nested-path misuse. - Done: generalize EVM IR storage maps to word key/value shapes over
U32,U64,Bool, andHash, reusing Solidity-stylekeccak256(key, slot)mapping slots, withEvmTypedMapProbegolden Yul, solc bytecode, Foundry runtime/raw-slot validation,U32/Boolcalldata guards, metadata capability validation, CI coverage, and explicit diagnostics for non-word map shapes. - Done: add EVM IR
storage.map.containslowering through ProofForge-managed presence slots rooted atkeccak256(slot || PROOF_FORGE_MAP_PRESENCE), withEvmMapProbeandEvmTypedMapProbegolden Yul, solc bytecode, Foundry value/presence-slot validation for U64/U32/Bool/Hash maps, zero-valued present-key coverage, metadata validation, and explicit diagnostics for statement-position misuse. - Done: add EVM IR nested map storage paths over consecutive
mapKeysegments, folding Solidity-style mapping slots for value storage and ProofForge-managed presence slots for final keys, withEvmMapProbeandEvmTypedMapProbegolden Yul, solc bytecode, Foundry raw-slot validation, U32 dispatcher guard coverage, metadata validation, and explicit diagnostics for mixed map/aggregate storage paths. - Done: add EVM IR
U64fixed storage array lowering as contiguous storage slots with runtime bounds checks, withEvmStorageArrayProbegolden Yul, solc bytecode, Foundry runtime/raw-slot validation, metadata capability validation, and explicit diagnostics for unsupported array element types. - Done: add EVM IR single-segment
indexstorage path read/write/compound assignment overU64fixed storage arrays, reusing the bounded array slot helper and extendingEvmStorageArrayProbevalidation. - Done: generalize EVM IR word storage to
Boolscalar storage andU32/Bool/Hashfixed storage arrays, reusing the bounded array slot helper, withEvmTypedStorageProbegolden Yul, solc bytecode, Foundry runtime/raw-slot validation,U32calldata range guards, metadata capability validation, CI coverage, and explicit diagnostics for unsupported non-word storage element types. - Done: add EVM IR immutable local fixed-array value lowering for
U64,U32,Bool, andHashelements with static literal indexes, direct fixed-array literal indexing,EvmArrayValueProbegolden Yul, solc bytecode, Foundry runtime validation, metadata capability validation, and explicit diagnostics for static out-of-bounds indexes. - Done: extend EVM IR local fixed-array lowering to mutable aggregate locals,
including static element assignment, numeric element compound assignment, and
U32/Bool/Hashelement writes, withEvmArrayValueProbegolden Yul, solc bytecode, Foundry runtime validation, metadata entrypoint validation, CI coverage, and explicit diagnostics for immutable element assignment. - Done: extend EVM IR local fixed-array lowering to dynamic local/literal
indexes by threading a lowering environment through expressions, generating
length-specific Yul getter helpers for dynamic reads, lowering dynamic local
element assignment and numeric compound assignment to
switchblocks, and validating dynamic in-bounds/out-of-bounds behavior throughEvmArrayValueProbegolden Yul, metadata entrypoints, solc bytecode, and Foundry runtime checks. - Done: add EVM IR whole local fixed-array assignment from local values and
literals, snapshotting RHS elements into temporary Yul locals before writing
target elements, and validating local-source and self-referential literal RHS
behavior through
EvmArrayValueProbegolden Yul, metadata entrypoints, solc bytecode, and Foundry runtime checks. - Done: extend EVM IR local fixed-array lowering to static nested scalar arrays,
including immutable reads, mutable leaf assignment, numeric leaf compound
assignment, nested whole-local assignment, and RHS snapshotting, with
EvmArrayValueProbegolden Yul, metadata entrypoints, solc bytecode, and Foundry runtime checks. Flat struct nested leaves are covered byEvmStructArrayValueProbe; other unsupported aggregate leaves remain explicit diagnostics. - Done: extend EVM IR local fixed-array lowering to dynamic nested scalar array
indexes, including nested getter helpers for reads, nested
switchlowering for mutable leaf assignment and compound assignment, mixed static/dynamic path coverage, runtime out-of-bounds reverts,EvmArrayValueProbegolden Yul, metadata entrypoints, solc bytecode, and Foundry runtime checks. - Done: add EVM IR flat immutable local struct value lowering for
U64,U32,Bool, andHashfields, direct struct literal field access,EvmStructValueProbegolden Yul, solc bytecode, Foundry runtime validation, metadata capability validation, and explicit diagnostics for whole-struct storage misuse and nested fields. - Done: extend EVM IR flat local struct lowering to mutable aggregate locals,
including static field assignment, numeric field compound assignment, and
U32/Bool/Hashfield writes, withEvmStructValueProbegolden Yul, solc bytecode, Foundry runtime validation, metadata entrypoint validation, CI coverage, and explicit diagnostics for immutable field assignment. - Done: add EVM IR whole local struct assignment from local values and literals,
snapshotting RHS fields into temporary Yul locals before writing target
fields, and validating local-source and self-referential literal RHS behavior
through
EvmStructValueProbegolden Yul, metadata entrypoints, solc bytecode, and Foundry runtime checks. - Done: add EVM IR local fixed arrays of flat structs, expanding each element
field into deterministic Yul locals, supporting static and dynamic
field(arrayGet(localArray, index), name)reads, mutable field assignment, numeric field compound assignment, whole local assignment from local arrays and self-referential array literals with RHS snapshotting,U64/U32/Bool/Hashfield coverage, dynamic out-of-bounds reverts,EvmStructArrayValueProbegolden Yul, metadata entrypoint/capability validation, solc bytecode generation, Foundry runtime checks, and CI coverage. - Done: extend EVM IR nested local fixed arrays to flat struct leaves, expanding
each nested element field into deterministic Yul locals, supporting static and
dynamic nested field reads, nested mutable field assignment, numeric nested
field compound assignment, whole nested local assignment from local arrays and
self-referential nested array literals with RHS snapshotting, dynamic
out-of-bounds reverts, refreshed
EvmStructArrayValueProbegolden Yul, metadata entrypoint validation, solc bytecode generation, Foundry runtime checks, and coverage manifest updates. - Done: add EVM IR flat storage struct lowering for scalar storage structs and
fixed storage arrays of flat structs, including direct struct field effects,
scalar
fieldstorage paths, arrayindex+fieldstorage paths, numeric field compound assignment, whole scalar storage struct read/write with RHS snapshotting, storage-backed ABI struct returns,Bool/U32/Hashfield coverage,EvmStorageStructProbegolden Yul, solc bytecode, Foundry runtime/raw-slot validation, metadata capability validation, CI coverage, and explicit diagnostics for missing fields and non-flat storage structs. - Done: validate storage-backed aggregate ABI returns for EVM IR by extending
EvmStorageArrayProbewithreturn_values()over storage-array element reads andEvmStorageStructProbewithreturn_points()over fixed storage-array-of-struct field reads, including golden Yul, solc bytecode, metadata selector validation, Foundry ABI decoding, and raw-slot checks. - Done: add EVM IR static aggregate ABI lowering for fixed-array and struct
parameters/returns, including nested scalar fixed arrays and fixed arrays of
flat structs, with calldata word flattening,
U32/Boolaggregate word guards, multi-word return-data encoding,EvmAbiAggregateProbegolden Yul, solc bytecode, Foundry runtime/malformed calldata validation, metadata capability validation, structuredabi.entrypointsselector/calldata/return word-layout validation, CI coverage, and explicit diagnostics for Unit, zero-length arrays, non-flat struct fields, and crosscall-only unsupported nested fixed-array leaf shapes. - Done: close the EVM aggregate ABI validation gap for
Hashleaves.HashPair(bytes32,bytes32),pick_hash(bytes32[2]), andmake_hash_array(bytes32,bytes32)now proveHash/bytes32fields and fixed arrays flatten through calldata and return-data encoding, with golden Yul, metadata selector checks,solc, Foundry ABI decoding, and shortbytes32[2]calldata rejection. - Done: add golden Yul outputs for SDK EVM examples (
Counter,ArrayExample,SimpleToken,ERC20,Ownable,Pausable, andVerifiedVault) and makescripts/evm/build-examples.shdiff generated Yul against those fixtures before validating metadata. - Done: add metadata emission and validation around the current
solc --strict-assemblyflow for SDK and portable IR EVM bytecode builds. - Keep Foundry smoke as the mature EVM smoke test.
lake buildpasses.scripts/evm/diagnostic-smoke.shpasses.scripts/evm/check-ir-coverage-manifest.pypasses.scripts/evm/build-examples.shsucceeds on a machine withsolc.scripts/evm/foundry-smoke.shsucceeds on a machine with Foundry.- The generated metadata points to the bytecode artifact and records
target: evm.
Workstream 4: Wasm Host Runtime Split
Goal: make Wasm host adapters target-driven instead of assuming every Wasm contract is NEAR. Tasks:- Move chain extern declarations out of generic EmitZig runtime externs.
- Add a target-selected host bridge list.
- Keep NEAR bridge as the reference implementation.
- Add a CosmWasm bridge skeleton with allocator and region ABI.
- A Wasm build can select NEAR or CosmWasm bridge explicitly.
- Generic Wasm runtime does not force-link NEAR host functions.
wasm-nearandwasm-cosmwasmcan have different required exports.
Workstream 5: CosmWasm Spike
Goal: prove that ProofForge can target another Wasm host besides NEAR. Tasks:- Add
Lean.CosmWasmSDK skeleton (see wasm-family.md). - Add
zigc-cosmwasmwrapper. - Add
cosmwasm_contract_root.zig. - Export
interface_version_8,allocate,deallocate,instantiate,execute, andquery. - Add Counter example using JSON-backed messages.
- Add
cosmwasm-checksmoke.
- Counter Wasm passes
cosmwasm-check. instantiate,execute, andqueryare present in exports.- The smoke test can increment and query counter state.
Workstream 6: Solana sBPF Assembly Toolchain Integration (Phase 0)
Goal: validate the direct-assembly route end to end — a canned.s file
round-trips through the blueshift-gg/sbpf toolchain into a loadable ELF.
Supersedes the old sbpf-linker spike (D-026).
Tasks:
- Install
sbpfviacargo install --git https://github.com/blueshift-gg/sbpf.git. - Add
--emit-sbpf-asmCLI mode toproof-forgethat writes a cannedentrypoint.s(returns success, no account parsing). - Run
sbpf buildon the canned.s; verify a valid eBPF ELF is produced. - Verify
sbpf disassembleround-trips the ELF. - Record toolchain version in artifact metadata.
-
sbpf buildproduces a.sorecognized asELF 64-bit LSB ... eBPF. -
sbpf disassembleproduces assembly matching the input. -
--emit-sbpf-asmwrites valid.swithout assembly errors. -
proof-forge-artifact.jsonrecordstarget: "solana-sbpf-asm". -
sbpfinstalled to PATH viacargo install.
Workstream 7: Solana sBPF Assembly Counter Codegen (Phase 1)
Goal: lower the portable IR Counter module to sBPF assembly and passsbpf test.
This is the first real codegen backend for the assembly route.
Tasks:
- Implement
ProofForge.Backend.Solana.StateLayout— compute per-account field offsets from the instruction manifest; emit.equconstants. - Implement
ProofForge.Backend.Solana.SbpfAsm— lowerIR.Moduleto.s:- Entrypoint adapter: parse serialized accounts, dispatch on instruction discriminant.
- Account validation: signer, writable, owner checks per manifest.
- Expression lowering: literals, locals, add/sub, comparisons, casts.
- Statement lowering: letBind, assign, assignOp, ifElse, return, assert.
- Effect lowering: storageScalar read/write at account-data offsets.
- Add
--solana-elfCLI mode: emit.sthen invokesbpf build. - Generate instruction manifest (
manifest.toml) alongside the.s. - Create
Examples/Solana/Counter.lean+ manifest. - Run
sbpf test(Mollusk) and a Surfpool/Web3.js live deployment smoke.
- Counter scenario (initialize, increment, get) passes
sbpf test. - Surfpool/Web3.js live smoke passes (optional, gated on tool availability).
- Capability checker rejects IR modules using unsupported capabilities with a clear diagnostic citing target id and capability id.
- Same portable IR Counter module lowers to both EVM and Solana.
- Artifact metadata records
target: "solana-sbpf-asm",irVersion, entrypoints, and capabilities used.
Phase 1 progress (incremental sub-items)
The Workstream 7 Phase 1 backend (ProofForge.Backend.Solana.SbpfAsm) lands
incrementally. Each sub-item carries its own runnable validation gate so
partial progress is visible before the full acceptance criteria close:
- IR → sBPF AST → text pipeline; entrypoint adapter dispatches on the first instruction-data byte (V-GATE-SOLANA-01/02; Phase 0 baseline).
- Counter codegen (literals, locals,
add, scalar storage read/write/assignOp,letBind/letMutBind,assign,return); Mollusk smoke covers initialize / increment 0→1 / increment 5→6 / get→return_data (V-GATE-SOLANA-03). - Control-flow + assertion coverage: comparison expressions
(
.eq/.ne/.lt/.le/.gt/.ge), boolean expressions (.boolAnd/.boolOr/.boolNot), statement-level.ifElsethen/else lowering with fresh named labels,.assertand.assertEqlowering to the sharedassert_fail(exit 2) /assert_eq_fail(exit 3) labels. Fixture:ProofForge.IR.Examples.ControlFlowAssertProbe(three entrypoints:lifecycle,guarded_increment,equality_guard); CLI mode--emit-control-ir-sbpf; deterministic emission gatescripts/solana/emit-control-smoke.sh(nosbpfrequired); Mollusk runtime gatescripts/solana/control-smoke.sh(six checks: lifecycle x2, guarded_increment success + assert revert, equality_guard success- assertEq revert) (V-GATE-SOLANA-08).
- Instruction manifest (
manifest.toml) generation alongside the.s.ProofForge.Backend.Solana.SbpfAsm.renderManifestemits a TOML with target, program placeholder id, and per-entrypoint instruction tables using the Phase 1 default account convention (writable, signer=false, owner=program).--emit-counter-ir-sbpfand--emit-control-ir-sbpfwritemanifest.tomlnext to the.sand include it as an artifact. -
--solana-elfCLI mode: emits.s, writesmanifest.toml, scaffolds ansbpfproject, invokessbpf build, copies the resulting.soto the requested output, and recordssbpfBuild: passedin artifact metadata. - Account validation: signer / writable / owner checks per manifest. Each
entrypoint emits a prologue that checks
is_writableat account-header offset 10 and verifies the account owner equals the serialized program id. Failure exits are 4 (error_not_writable), 5 (error_signer), and 6 (error_owner). Phase 1 Mollusk runtime gates disable the direct-account-mapping ABI so the legacy embedded account-data layout is exercised. -
Examples/Solana/Counter.lean+ manifest as a self-contained example. Includes a trackedCounter.golden.sandCounter.manifest.tomland a CI-runnablescripts/solana/build-examples.shthat emits and diffs. - Capability checker rejects unsupported capability/target combinations
with a clear diagnostic citing target id and capability id. Basis for
V-GATE-SOLANA-05; exercised by
Tests/SolanaDiagnostics.leanandscripts/solana/diagnostic-smoke.sh. - Solana SDK target extensions route
ProofForge.SolanaPDA/CPI APIs through capability plan metadata, emitmanifest.tomlextension definitions plus entrypoint action sections, and inject handler-level helper calls (sol_pda_derive_<name>,sol_cpi_<name>) before the IR body while preserving the Solana input pointer inr1. Covered byTests/SolanaSdk.lean,Tests/SolanaSdkManifest.lean, andscripts/solana/sdk-smoke.shwithsbpf buildwhen available. - Surfpool/Web3.js live deployment smoke (V-GATE-SOLANA-04). The optional
scripts/solana/surfpool-web3-smoke.shgate builds the Counter ELF, starts Surfpool, deploys with the Solana CLI, creates a program-owned counter account via@solana/web3.js, invokes initialize/increment/get, checks account data 0→1→2, and validatesgetreturn data. The script passes--solana-sbpf-arch v0to produce a Solana CLI deploy-compatible ELF directly and uses--use-rpcfor Surfpool. -
--solana-elfexposes--solana-sbpf-arch v0|v3and records the chosen architecture inproof-forge-artifact.json. Default staysv3; Surfpool live deployment usesv0until the deployed CLI/runtime stack accepts the newer sbpf feature set without--skip-feature-verify. - PDA helper runtime packing now emits static ASCII seed byte buffers, Solana
Slice { ptr, len }seed tables, dynamic program-id pointer calculation, and a 32-byte PDA result buffer before callingsol_create_program_address. Covered byTests/SolanaSdkManifest.leanandscripts/solana/sdk-smoke.sh. - PDA typed seed lowering now keeps the compatibility
seedsfield while adding target-facing typed descriptors for literal/UTF-8 bytes, account pubkeys, bump seeds, and scalar instruction-data seeds. The Solana target extension consumes those descriptors, appendsbump?to the effective syscall seed list, emitstyped_seeds/typedSeedsin manifest/artifact metadata, and validates the derived PDA pubkey against the declared account whenaccount?is present. Covered byTests/SolanaSdk.lean,Tests/SolanaSdkManifest.lean,Tests/SolanaPdaSeeds.lean,scripts/solana/sdk-smoke.sh, andscripts/solana/pda-web3-smoke.sh. - Standard Solana protocol SDK helpers now cover System Program
transfer/create-account and SPL Token transfer_checked/mint_to/burn/
approve/revoke/set_authority. They route through target capability
metadata with
solana.cpi.protocol, canonicaldata_layout, account metas, signer seeds, and instruction-data source names, and are included in the generated manifest plus artifact JSON. Covered byTests/SolanaSdk.lean,Tests/SolanaSdkManifest.lean, andscripts/solana/sdk-smoke.sh. - Runtime allocator target extension now models Solana’s default
downward-bump allocator (
heap_start = "0x300000000",heap_bytes = 32768) plus anoAllocator/deny-dynamic option aligned with Pinocchio-style no-heap entrypoints. The selected allocator routes throughruntime.allocatorcapability metadata and appears inmanifest.toml,proof-forge-artifact.json, and assembly metadata. Covered byTests/SolanaAllocator.lean,Tests/SolanaSdk.lean,Tests/SolanaSdkManifest.lean, andscripts/solana/sdk-smoke.sh. - Runtime memory target extension now routes Solana-only SDK actions through
runtime.memorycapability metadata and lowers entrypoint actions tosol_memcpy_,sol_memcmp_, andsol_memset_helpers over generated state-account offsets. The generated manifest and artifact JSON record[[solana.entrypoint_memory]]/memoryActions; Web3.js verifies copied bytes, compare result, and fill pattern on a program-owned account. Covered byTests/SolanaMemory.leanandscripts/solana/memory-web3-smoke.sh. - Return-data and compute-budget target extensions now route Solana-only
SDK actions through
runtime.return_dataandruntime.compute_unitscapability metadata. Return-data actions lower state-backed byte slices tosol_set_return_dataand can read the most recent CPI return-data buffer/program id throughsol_get_return_data; compute-budget actions lower the feature-gatedsol_remaining_compute_unitssyscall and write the observed remaining CU value into state, and profiling actions lowersol_log_compute_units_. The generated manifest records[[solana.entrypoint_return_data]]and[[solana.entrypoint_compute_units]]. Covered byTests/SolanaReturnDataCompute.lean. - Generated Solana SDK instruction schemas now use a module-wide
multi-account account list instead of the old single-account manifest.
The schema includes the state account, PDA accounts, CPI accounts, and
executable CPI program accounts, and the sBPF backend computes
INSTRUCTION_DATAoffsets from that same schema. The generated prologue validates signer/writable constraints and program-owned accounts from the schema. The account list is emitted in bothmanifest.tomlandproof-forge-artifact.json. Covered byTests/SolanaSdkManifest.lean,Tests/SolanaCpiPacking.lean, andscripts/solana/sdk-smoke.sh. - System Program transfer/create-account and SPL Token CPI instruction-data
packing emit the standard instruction bytes into the C
SolInstructionpayload. System transfer/create-account use bincode-styleu32discriminators plusu64lamports/space and owner pubkey fields; SPL Tokentransfer_checked,mint_to,burn,approve, andrevokeuse the standard token instruction tags and amount/decimals layouts, whileset_authoritypacks instruction tag6, authority typeMintTokens, and a new-authority pubkey sourced from a readonly input account. Value sources can bind to generated scalar state offsets, numeric literals, or decoded scalar entrypoint parameters. The CPI helper also packs program id bytes, CSolAccountMeta[],SolAccountInfo[]entries bound to the generated multi-account input layout, signer seed tables, and syscall register setup. Covered byTests/SolanaCpiPacking.lean,Tests/SolanaSdkManifest.lean, andscripts/solana/sdk-smoke.sh. - System Program transfer CPI now has a live Surfpool/Web3.js behavior
gate.
ProofForge.Solana.Examples.SystemCpibuilds a generated--solana-system-cpi-elffixture whose entrypoint reads a scalarlamportsinstruction parameter, performs a System Program transfer CPI, and records the transferred amount in a program-owned state account.scripts/solana/system-cpi-web3-smoke.shvalidates the artifact schema, deploys the ELF on Surfpool with Solana CLI, invokes it through@solana/web3.js, and checks both recipient lamport delta and state data. The sBPF lowering computes the instruction-data pointer from the serialized account layout under direct account mapping and keeps it inr9so internal helper calls do not lose it across callee stack frames. Coverage:just solana-system-cpi-web3/ V-GATE-SOLANA-10. - System Program
create_accountCPI now has a live Surfpool/Web3.js behavior gate.ProofForge.Solana.Examples.SystemCreateAccountCpibuilds a generated--solana-system-create-account-cpi-elffixture whose entrypoint reads scalarlamportsandspaceinstruction parameters, performs a System Programcreate_accountCPI with payer and new-account signers, creates a program-owned account, and records both values in the existing program-owned state account. The Web3.js harness checks the new account owner, data length, lamports, and recorded state values. Coverage:just solana-system-create-account-cpi-web3/ V-GATE-SOLANA-11. - SPL Token
transfer_checkedCPI now has a live Surfpool/Web3.js behavior gate.ProofForge.Solana.Examples.SplTokenTransferCheckedCpibuilds a generated--solana-spl-token-transfer-cpi-elffixture whose entrypoint reads a scalaramountinstruction parameter, performs an SPL Tokentransfer_checkedCPI with the source authority signer, and records the amount in program-owned state. The Web3.js harness creates a mint plus source/destination token accounts through@solana/spl-token, checks the token balance deltas, and checks the state record. The sBPF lowering now builds a runtime account pointer table in each entry/helper stack frame so variable-size SPL Token account data does not invalidate account offsets across internal helper calls. Coverage:just solana-spl-token-transfer-cpi-web3/ V-GATE-SOLANA-12. - Entry instruction-data decoding now treats byte 0 as the entrypoint tag
and decodes packed scalar parameters from
instruction_data+1into stack locals. The initial scalar ABI supportsU64,U32, andBool, emits per-entrypoint parameter schemas and minimum instruction-data lengths inmanifest.toml/proof-forge-artifact.json, rejects short payloads witherror_instruction_data, and exposes the same fixed input offsets to CPI value bindings, so SDK calls such as SPL Tokentransfer_checkedcan sourceamountfrom a user instruction parameter instead of a placeholder. Covered byTests/SolanaCpiPacking.lean,Tests/SolanaSdkManifest.lean, andscripts/solana/sdk-smoke.sh.
Solana SDK completion roadmap
Reference docs driving this roadmap:- Solana CPI and PDA docs: <https://solana.com/docs/core/cpi> and <https://solana.com/docs/core/pda>.
- Anchor CPI/account-constraint docs: <https://www.anchor-lang.com/docs/basics/cpi> and <https://www.anchor-lang.com/docs/references/account-constraints>.
- Pinocchio no-dependency / no-std program model: <https://docs.rs/pinocchio> and <https://github.com/anza-xyz/pinocchio>.
transfer_checked CPI
validation, live SPL Token mint_to/burn/approve/revoke CPI validation,
and live SPL Token set_authority CPI validation, plus live scalar
events.emit log validation through
sol_log_64_, live account-pubkey log validation through sol_log_pubkey,
live state-backed data-log validation through sol_log_data, and live
Clock.slot sysvar validation for contextRead checkpointId, plus live
runtime.memory validation through sol_memcpy_, sol_memmove_,
sol_memcmp_, and sol_memset_, plus live Solana-only crypto.hash
validation through sol_sha256, sol_keccak256, and feature-gated
sol_blake3, plus live Rent.lamports_per_byte_year sysvar validation
through sol_get_rent_sysvar.
It also covers live validation for all current RPC-exposed EpochSchedule
fields through sol_get_epoch_schedule_sysvar: slots_per_epoch,
leader_schedule_slot_offset, warmup, first_normal_epoch, and
first_normal_slot, plus live EpochRewards validation through
sol_get_epoch_rewards_sysvar for
distribution_starting_block_height, num_partitions,
parent_blockhash_word0..3, total_points_low/high, total_rewards,
distributed_rewards, and active, plus feature-gated live
LastRestartSlot.last_restart_slot validation through sol_get_sysvar with
the SysvarLastRestartS1ot1111111111111111111111 sysvar id. Live SDK
coverage now includes runtime.return_data lowering to sol_set_return_data
and sol_get_return_data, with empty-read, set-return simulation, and
same-instruction set/get roundtrip checks, plus runtime.compute_units
lowering to feature-gated sol_remaining_compute_units state writes and
profiling logs through sol_log_compute_units_.
The estimates below assume one engineer working on this branch,
the current direct-assembly architecture staying stable, and local
sbpf/Surfpool/Solana CLI tooling remaining available.
| Level | Estimated effort | Done when |
|---|---|---|
| SDK alpha: usable Solana programs | 3-5 focused engineering days | Simple programs can use state, PDA seeds, scalar instruction parameters, System Program CPI, SPL Token CPI, logs/return data, and Web3.js behavior tests without hand-written assembly patches. |
| SDK beta: reference-comparable Solana backend | 2-3 focused weeks | ProofForge output is compared against Rust/Pinocchio fixtures for the same account schema, covers key syscalls, validates live CPI behavior, and supports per-entrypoint account schemas. |
| Anchor/Pinocchio-class developer surface | 4-6 focused weeks after beta | The SDK offers account constraints, typed account/data helpers, IDL/client generation, richer SPL/Token-2022 coverage, and stable diagnostics comparable to a framework-level workflow. |
- Instruction ABI hardening: parameter payload length bounds checks,
per-entrypoint parameter schemas in
manifest.tomlandproof-forge-artifact.json, and stable scalar parameter metadata are now in place. - PDA typed seed lowering:
literalSeed/utf8Seed,accountSeed,bumpSeed, andparamSeeddescriptors now lower to Solana seed slices,bump?participates in the effective seed list, and declared PDA accounts can be checked against the derived pubkey. - PDA/Web3.js derivation fixture:
scripts/solana/pda-web3-smoke.shreads the generated SDK VaulttypedSeedsartifact data and verifies literal/account/ bump descriptor semantics againstPublicKey.findProgramAddressSyncandPublicKey.createProgramAddressSync; the harness also covers UTF-8 and instruction-parameter resolver behavior. - Live System Program transfer CPI fixture:
scripts/solana/system-cpi-web3-smoke.shbuilds and deploys a generated transfer CPI program on Surfpool, invokes it through Web3.js, and proves both the lamport movement and state write. - Live System Program create-account CPI fixture:
scripts/solana/system-create-account-cpi-web3-smoke.shbuilds and deploys a generated create-account CPI program on Surfpool, invokes it through Web3.js, and proves the new account owner/space/lamports plus state writes. - Live SPL Token transfer-checked CPI fixture:
scripts/solana/spl-token-transfer-cpi-web3-smoke.shbuilds and deploys a generated transfer_checked CPI program on Surfpool, creates SPL Token test accounts with@solana/spl-token, invokes it through Web3.js, and proves the source/destination token balance deltas plus state writes. - Live SPL Token ops CPI fixture:
scripts/solana/spl-token-ops-cpi-web3-smoke.shbuilds and deploys a generatedmint_to/burn/approve/revokeCPI program on Surfpool, validates the generated four-entrypoint artifact schema, creates SPL Token test accounts with@solana/spl-token, invokes all four generated entrypoints through Web3.js, and proves supply/balance/delegate changes plus state writes. - Live SPL Token authority CPI fixture:
scripts/solana/spl-token-authority-cpi-web3-smoke.shbuilds and deploys a generatedset_authorityCPI program on Surfpool, validates the generated single-entrypoint artifact schema, creates an SPL Token mint through@solana/spl-token, invokes the generated entrypoint through Web3.js, and proves mint authority moved to the requested new authority plus the marker state write. - Live scalar event, pubkey log, and data log fixture:
scripts/solana/log-event-web3-smoke.shbuilds and deploys a generatedevents.emitprogram on Surfpool, invokes it through Web3.js, verifies the generatedsol_log_64_transaction log contains the stableAmountEventtag and scalaramountfield, and proves the program-owned state account recorded the same value. The same fixture now validates Solana-onlylogAccountPubkeymetadata, invokes the generatedlog_state_pubkeyentrypoint, and provessol_log_pubkeylogs the state account’s base58 pubkey. It also validates Solana-onlylogStateDatametadata, invokeslog_state_data, and provessol_log_dataemits a base64Program data:payload for the state-backedamountbytes. - Live Clock sysvar fixture:
scripts/solana/clock-sysvar-web3-smoke.shbuilds and deploys a generatedcontextRead checkpointIdprogram on Surfpool, lowers it tosol_get_clock_sysvar, invokes it through Web3.js, and proves the recordedClock.slotmatches the observed transaction slot. - Live memory syscall fixture:
scripts/solana/memory-web3-smoke.shbuilds and deploys a generatedruntime.memoryprogram on Surfpool, invokes it through Web3.js, and provessol_memcpy_,sol_memmove_,sol_memcmp_, andsol_memset_effects by reading copied value, moved value, compare result, and fill bytes from program-owned state. - Return-data/compute-units SDK fixture:
Tests/SolanaReturnDataCompute.leanprovesruntime.return_dataandruntime.compute_unitsroute through Solana-only capability metadata, rejects on EVM, and render manifest sections plus sBPF helper calls forsol_set_return_data,sol_get_return_data, feature-gatedsol_remaining_compute_units, andsol_log_compute_units_.scripts/solana/return-data-compute-web3-smoke.shbuilds and deploys the generated--solana-return-data-compute-elffixture on Surfpool, validates artifact action metadata, verifies no-datasol_get_return_datareads, confirmssol_set_return_datathrough Web3.js simulation returnData, checks a same-instruction set/get roundtrip including program id words, records a nonzero remaining-compute-units value, and confirms compute-unit logging. - Live SHA-256/Keccak-256/Blake3 syscall fixture:
scripts/solana/crypto-hash-web3-smoke.shbuilds and deploys a generated Solana-onlycrypto.hashprogram on Surfpool, invokesset_preimage,hash_preimage,keccak_preimage, andblake3_preimagethrough Web3.js, and proves the account-stored 32-byte digests match Node SHA-256 and@noble/hashesKeccak-256/Blake3 references for the same little-endian preimage. The Blake3 action is recorded as feature-gated in manifest and artifact metadata. - Live Rent sysvar fixture:
scripts/solana/rent-sysvar-web3-smoke.shbuilds and deploys a generated Solana-onlysysvartarget-extension program on Surfpool, invokesrecord_rentthrough Web3.js, and proves the recordedRent.lamports_per_byte_yearmatches the Rent sysvar account data. - Live EpochSchedule sysvar fixture:
scripts/solana/epoch-schedule-sysvar-web3-smoke.shbuilds and deploys a generated Solana-onlysysvartarget-extension program on Surfpool, invokesrecord_epoch_schedulethrough Web3.js, and proves the recordedEpochSchedule.slots_per_epoch,EpochSchedule.leader_schedule_slot_offset,EpochSchedule.warmup,EpochSchedule.first_normal_epoch, andEpochSchedule.first_normal_slotmatch RPCgetEpochSchedule()fields. - Live EpochRewards sysvar fixture:
scripts/solana/epoch-rewards-sysvar-web3-smoke.shbuilds and deploys a generated Solana-onlysysvartarget-extension program on Surfpool, invokesrecord_epoch_rewardsthrough Web3.js, and proves thatsol_get_epoch_rewards_sysvarrecordsEpochRewardsfields into state.parent_blockhashis exposed as four little-endianu64word views andtotal_pointsis exposed as low/highu64word views until the portable scalar layer has first-class wide-value output states. - Live LastRestartSlot sysvar fixture:
scripts/solana/last-restart-slot-sysvar-web3-smoke.shbuilds and deploys a generated Solana-onlysysvartarget-extension program on Surfpool, invokesrecord_last_restart_slotthrough Web3.js, and proves the feature-gatedLastRestartSlot.last_restart_slotread lowers throughsol_get_sysvarand matches the LastRestartSlot sysvar account data. The action is markedfeature_gatedin manifest and artifact metadata.
- Pinocchio System transfer reference contract:
references/solana/pinocchio/system-transfercontains a checked-in no-allocator Pinocchio reference for the same System transfer account schema asProofForge.Solana.Examples.SystemCpi. The gatescripts/solana/pinocchio-system-transfer-equivalence.shemits the ProofForge System CPI artifact and compares its instruction tag, parameter ABI, account order, signer/writable constraints, CPI protocol/data layout, and state-write contract against the reference manifest/source. - Pinocchio System transfer live-equivalence harness:
scripts/solana/pinocchio-system-transfer-live-equivalence.shis wired to build the ProofForge ELF and the checked-in Pinocchio reference ELF, deploy both programs to one Surfpool instance, invoke the same Web3.js transfer scenario for each, and compare recipient lamport deltas plus state writes. The harness currently skips whencargo-build-sbfcannot find Solana rustc/ platform-tools. - Pinocchio System create-account reference contract:
references/solana/pinocchio/system-create-accountcontains a checked-in no-allocator Pinocchio reference for the same System Programcreate_accountaccount schema asProofForge.Solana.Examples.SystemCreateAccountCpi. The gatescripts/solana/pinocchio-system-create-account-equivalence.shemits the ProofForge create-account CPI artifact and compares its instruction tag, two-parameter ABI, account order, signer/writable constraints, CPI protocol/data layout, lamports/space/owner contract, and two-field state-write contract against the reference manifest/source. WithPROOF_FORGE_PINOCCHIO_CARGO_CHECK=1, the same gate typechecks the reference againstpinocchio-system. - Pinocchio System create-account live-equivalence harness:
scripts/solana/pinocchio-system-create-account-live-equivalence.shis wired to build the ProofForge ELF and the checked-in Pinocchio reference ELF, deploy both programs to one Surfpool instance, invoke the same Web3.js create-account scenario for each, and compare lamports/space inputs plus both state writes. The harness currently skips whencargo-build-sbfcannot find Solana rustc/platform-tools. - Pinocchio SPL Token transfer reference contract:
references/solana/pinocchio/spl-token-transfercontains a checked-in no-allocator Pinocchio reference for the same SPL Tokentransfer_checkedaccount schema asProofForge.Solana.Examples.SplTokenTransferCheckedCpi. The gatescripts/solana/pinocchio-spl-token-transfer-equivalence.shemits the ProofForge SPL Token CPI artifact and compares its instruction tag, parameter ABI, account order, signer/writable constraints, CPI protocol/data layout, decimals/amount contract, and state-write contract against the reference manifest/source. WithPROOF_FORGE_PINOCCHIO_CARGO_CHECK=1, the same gate typechecks the reference againstpinocchio-token. - Pinocchio SPL Token transfer live-equivalence harness:
scripts/solana/pinocchio-spl-token-transfer-live-equivalence.shis wired to build the ProofForge ELF and the checked-in Pinocchio Token reference ELF, deploy both programs to one Surfpool instance, invoke the same Web3.js +@solana/spl-tokentransfer_checked scenario for each, and compare source/destination token balance deltas plus the amount state write. The harness currently skips whencargo-build-sbfcannot find Solana rustc/ platform-tools. - Pinocchio SPL Token ops reference contract:
references/solana/pinocchio/spl-token-opscontains a checked-in no-allocator Pinocchio reference for the same SPL Tokenmint_to/burn/approve/revokeaccount schema asProofForge.Solana.Examples.SplTokenOpsCpi. The gatescripts/solana/pinocchio-spl-token-ops-equivalence.shemits the ProofForge SPL Token ops CPI artifact and compares its four instruction tags, parameter ABI, account order, signer/writable constraints, CPI protocol/data layout, SPL Token instruction contract, and state-write contract against the reference manifest/source. WithPROOF_FORGE_PINOCCHIO_CARGO_CHECK=1, the same gate typechecks the reference againstpinocchio-token. - Pinocchio SPL Token ops live-equivalence harness:
scripts/solana/pinocchio-spl-token-ops-live-equivalence.shis wired to build the ProofForge ELF and the checked-in Pinocchio Token ops reference ELF, deploy both programs to one Surfpool instance, invoke the same Web3.js +@solana/spl-tokenmint/burn/approve/revoke scenario for each, and compare token effects plus all four amount/marker state writes. The harness currently skips whencargo-build-sbfcannot find Solana rustc/platform-tools. - Pinocchio SPL Token authority reference contract:
references/solana/pinocchio/spl-token-authoritycontains a checked-in no-allocator Pinocchio reference for the same SPL Tokenset_authorityaccount schema asProofForge.Solana.Examples.SplTokenAuthorityCpi. The gatescripts/solana/pinocchio-spl-token-authority-equivalence.shemits the ProofForge SPL Token authority CPI artifact and compares its instruction ABI, account order, signer/writable constraints, CPI protocol/data layout,SetAuthorityinstruction contract, and marker state-write contract against the reference manifest/source. WithPROOF_FORGE_PINOCCHIO_CARGO_CHECK=1, the same gate typechecks the reference againstpinocchio-token. - Pinocchio SPL Token authority live-equivalence harness:
scripts/solana/pinocchio-spl-token-authority-live-equivalence.shis wired to build the ProofForge ELF and the checked-in Pinocchio Token authority reference ELF, deploy both programs to one Surfpool instance, invoke the same Web3.js +@solana/spl-tokenmint-authority transfer scenario for each, and compare mint authority plus marker state writes. The harness currently skips whencargo-build-sbfcannot find Solana rustc/platform-tools.
- Portable ValueVault surface source:
ProofForge.Contract.Surfacenow lets examples declare state slots, parameters, methods, and event fields once, then write entrypoint bodies through typed refs (read,write,bind,emit,ret) instead of rawContractSpecstring plumbing.ProofForge.Contract.Examples.ValueVaultuses this layer and intentionally leavesselector? = nonein the source. - Declaration-derived IR names:
state_decl,binding_decl,method_decl,method_return_decl, andevent_declmacros now derive IR names from Lean declarations, so the portable Counter and ValueVault sources no longer repeat raw strings for state slots, inputs, locals, method names, or event names. Tests assert the derived snake-case state/parameter/method names and PascalCase event names before routing the same source across EVM and Solana. - Source-facing declaration facade:
contract_decl Name do ...derives the module name from a Lean identifier and keepsContractSpecas the compiler-owned intermediate product rather than the user-visible authoring model.ProofForge.Contract.Examples.CounterandProofForge.Contract.Examples.ValueVaultnow use this facade; the older*_refmacros remain as compatibility shims for older downstream source. - Contract Source Syntax v1:
ProofForge.Contract.Sourceadds scopedcontract_sourcesyntax for state declarations, events, entrypoints, queries, source-local bindings, state assignment, event emission, returns, typed arithmetic operators, and Solana extension declarations for allocator, accounts, PDA derivation, and SPL Token CPI calls.ProofForge.Contract.Examples.CounterandProofForge.Contract.Examples.ValueVaultnow author portable logic through this source block while the macro emits the sameContractSpec/portable IR boundary used by routing, EVM selector hydration, Solana instruction tags, IDL, and client artifact generation. - Legacy
.learnparser/lowering seed:ProofForge.Contract.Learnnow lexes and parses checked-in.learnfiles underExamples/Learn/into a small source AST for the portable scalar/event subset, lowers that AST toContractSpec/portable IR, and serves as a compatibility validation entrypoint rather than a new product source language. The primary authoring surface remains Lean.leanfiles and Lean SDK helpers. It proves thatCounter.learnandValueVault.learnproduce the same IR modules as the currentcontract_sourceexamples. The CLI still accepts.learnfiles through--learn --target evmand--learn --target solana-sbpf-asm, with--learn-yul,--learn-bytecode, and--learn-sbpfretained as lower-level compatibility convenience paths.scripts/portable/value-vault-smoke.shusesExamples/Learn/ValueVault.learnas a legacy equivalence fixture and proves that compatibility entrypoint can route to EVM Yul/bytecode metadata and Solana sBPF assembly/manifest/IDL/client artifacts without hand-authoringContractSpec. - Learn Solana target-extension syntax:
ProofForge.Contract.Learnnow parsesSolanaVault.learnforms forsolana allocator,solana account,solana pda,solana cpi ... spl_token_transfer_checked(...), and entry-levelsolana derive/solana invoke. The lowering reusesProofForge.Solanabuilder helpers, so account/PDA/CPI metadata still flows through the existing capability plan, manifest, IDL, client, and sBPF assembly paths.Tests/LearnSource.leanchecks that Learn-lowered SolanaVault has the same IR module and generated manifest asProofForge.Solana.Examples.Vault. - Learn System Program CPI syntax:
SystemCpi.learnandSystemCreateAccountCpi.learnnow coversolana cpi ... system_transfer(...),solana cpi ... system_create_account(...) owner ..., and matching entry-levelsolana invokestatements.Tests/LearnSource.leanproves both Learn files lower to the same IR modules and generated manifests as the existingProofForge.Solana.Examples.SystemCpiandProofForge.Solana.Examples.SystemCreateAccountCpisource examples. - Learn SPL Token ops syntax:
SplTokenOpsCpi.learnnow covers selector-bearing Learn entrypoints plusspl_token_mint_to,spl_token_burn,spl_token_approve, andspl_token_revokedeclarations/invocations.Tests/LearnSource.leanproves the Learn file lowers to the same IR module and generated manifest asProofForge.Solana.Examples.SplTokenOpsCpi, keeping the string-heavy Builder code as an internal expected fixture rather than the user-facing syntax. - Learn log/return-data/compute-unit syntax:
LogEvent.learnandReturnDataCompute.learnnow cover Solana pubkey/data log helper statements, return-data set/get statements, and remaining compute-unit read/log statements.Tests/LearnSource.leanproves both Learn files lower to the same IR modules and generated manifests asProofForge.Solana.Examples.LogEventandProofForge.Solana.Examples.ReturnDataCompute, moving another syscall-facing SDK slice from Builder-only fixtures into user-facing Learn source. - Learn memory/crypto/sysvar syntax:
Memory.learn,Crypto.learn,Rent.learn,EpochSchedule.learn,EpochRewards.learn,LastRestartSlot.learn, andClock.learnnow cover Solana memory helpers, SHA-256/Keccak-256/BLAKE3 helpers, and sysvar/context reads in user-facing Learn source.Tests/LearnSource.leanproves these Learn files lower to the same IR modules and generated manifests as the correspondingProofForge.Solana.Examples.*fixtures. - Learn reference diagnostics:
ProofForge.Contract.Learnnow builds a declaration reference index while lowering and rejects unknown or mismatched Solana CPI invocations, unknown PDA derivations, invalid signer seeds, CPI declarations that use undeclared accounts, CPI account declarations that do not satisfy required writable or signer constraints, and helper statements that reference undeclared state/account names.Tests/LearnDiagnostics.leanpins these messages so Learn behaves like a checked language frontend instead of asking users to hand-author uncheckedContractSpecdata. - Solana typed account surface:
ProofForge.Solana.Surfacenow addsaccount_ref,pda_ref, andcpi_refdeclarations plus typed PDA seed, account constraint, and SPL/System CPI helpers.ProofForge.Solana.Examples.Vaultnow uses dedicatedcontract_sourceitems such asallocator bump,account ... writable,pda ... seeds [...],cpi ... spl_token_transfer_checked(...),derive pda ...,invoke ... spl_token_transfer_checked(...), and the same first-class source-syntax path now coversspl_token_set_authority(...)instead of raw account/PDA/CPI strings oruse/dohelper plumbing. The target extension emits declared account constraints intomanifest.toml,proof-forge-artifact.json(solanaExtensions.accounts), and the generated account-validation schema. - System create-account source syntax:
ProofForge.Contract.Sourcenow exposes source-levelcpi ... system_create_account(...) owner ...andinvoke ... system_create_account(...) owner ...forms.ProofForge.Solana.Examples.SystemCreateAccountCpiuses those forms instead of the lower-level builder API while preserving the existing generated assembly, manifest, artifact, and Surfpool/Web3.js behavior gate. - SPL Token authority source syntax:
ProofForge.Contract.Sourcenow exposes source-levelcpi ... spl_token_set_authority(...) authority_type(...) signer_seeds [...]andinvoke ... spl_token_set_authority(...) authority_type(...) signer_seeds [...]forms.ProofForge.Solana.Examples.SplTokenAuthorityCpiuses those forms in a Lean.leanfixture, and the generated artifact, Surfpool/Web3.js behavior gate, and Pinocchio reference gates all validate the same lowering boundary. - Target-stage ABI selector hydration:
the Learn/ValueVault CLI emit paths derive EVM selectors from each
entrypoint’s Solidity ABI signature with
cast sigimmediately before EVM Yul/bytecode emission, validate any explicit selector against the derived value, and keep Solana routing independent by continuing to use target instruction tags.scripts/portable/value-vault-smoke.shproves the same.learnsource emits EVM Yul/bytecode metadata plus Solana sBPF assembly/manifest/artifact metadata. - Solana IDL and TypeScript client package output:
ProofForge.Backend.Solana.Idlrendersproof-forge-idl.jsonfrom the same instruction/account/PDA/CPI schema used bymanifest.tomland artifact metadata.ProofForge.Backend.Solana.Clientrendersproof-forge-client.tswith Web3.jsTransactionInstructionhelpers, instruction-data encoding, and account-meta construction. Solana package printing,--emit-solana-sdk-sbpf,--emit-value-vault-ir-sbpf, and the Solana ELF contract-sdk path now emit and hash both files.
ProofForge.Contract.Learnis now a legacy.learncompatibility parser/lowering seed rather than a new product source language. It covers the portable Counter/ValueVault subset and the Vault-level Solana account/PDA/SPL Token transfer CPI subset, System Program transfer/create-account CPI, SPL Token mint/burn/approve/revoke CPI, and Solana log/return-data/compute-unit/memory/crypto/sysvar helper statements. During lowering, Solana CPI/PDA declarations and entrypoint helper statements are cross-checked against declared references. CPI account operands must be declared withsolana account ...; CPI writable/signer requirements are checked against those declarations, so the remaining string names are compiler-owned identifiers rather than unchecked user-authored specs.ProofForge.Contract.Sourceand Lean SDK helpers remain the primary authoring frontend;.learnfiles are retained only as legacy compatibility and equivalence fixtures that reuse the same lowering boundary by compile-time target id. The next authoring gap is to extend the Lean.leansurface to Token-2022, typed account/data references, and richer Pinocchio-style account validation ergonomics; legacy--learnpackage emission is not the direction for new syntax work.
- Rust/Pinocchio equivalence fixtures (2-4 days): make the Pinocchio live equivalence harnesses pass in CI/local environments by installing Solana rustc/platform-tools reliably, then extend static and live reference coverage to Token-2022 and remaining SPL helper paths beyond the checked transfer/mint/burn/approve/revoke/set-authority set. The key comparison points are account order, signer/writable checks, CPI instruction data, and observable state changes.
- Richer structured logs, account data, and typed return helpers (3-5 days):
extend the current scalar
sol_log_64_/sol_log_dataevent path to string logs, Anchor-style discriminator/Borsh payloads, and indexed event forms; add typed return payload helpers beyondu64, portableExpr.hashrouting where the hash semantics match the target, and broader account/data packing helpers that reuse the new memory/syscall path, with JavaScript reference checks. - Runtime allocation lowering (1-2 days): route heap-backed SDK structures
through
runtime.allocator, emit actual downward bump-pointer allocation code when needed, and reject allocation-using structures undernoAllocator. - Dynamic per-entrypoint account schemas (3-5 days): replace the current module-wide fixed schema with runtime account parsing before dispatch, so instruction-data offsets no longer depend on every entrypoint sharing the same account list.
- Token-2022 and richer SPL coverage (3-5 days per iteration): add checked
Token-2022 extension routes, associated-token account setup flows, and
remaining SPL variants beyond the covered mint-authority
set_authoritypath without moving those details into portable IR. - Developer ergonomics and framework surface (3-5 days per iteration): extend
the new surface layer toward Lean
.lean/Lean SDK contract syntax with richer typed account/data wrappers, richer generated client APIs, broader SPL/Token-2022 helper coverage, and diagnostics that map generated assembly failures back to SDK declarations.
Workstream 8: Move Source Generation POC (Aptos first)
Goal: avoid pretending Move is another Lean runtime target. Tasks:- Done: define a Move-compatible subset of the portable IR (see move-family.md).
- Done: generate one Aptos Move counter package via
proof-forge --emit-counter-ir-aptos. - Done: generate
Move.toml,sources/counter.move, andtests/counter_tests.move. - Done: add golden fixtures and
scripts/aptos/build-examples.shdiff gate. - Done: add
Tests/AptosDiagnostics.leanso unsupported capabilities fail before codegen. - In CI: run
aptos move compile/test(the AptosFramework git dependency fetch is slow and may time out locally; the CI job uses a 10-minute timeout). - Document verifier restrictions that must feed back into IR design.
- Generated Aptos Move source shape is locked by golden fixtures and diff gate.
- Generated package has unit tests (
tests/counter_tests.move). - Unsupported Lean constructs fail before codegen.
- Follow-up Sui object POC is documented as a separate milestone.
Workstream 9: CI Expansion
See validation-gates.md for current and planned validation commands. Goal: keep CI useful without requiring every external chain tool on day one. Tasks:- Keep
lake buildas always-on CI. - Add EVM smoke only when
solcand Foundry are available. - Add optional jobs for CosmWasm, Solana, and Move with clear tool checks.
- Add artifact metadata validation as a tool-independent job.
- Base CI does not fail because optional chain tools are missing.
- Target-specific CI jobs fail loudly when their toolchain is present but the target build fails.
- Metadata schema validation runs without chain tools.
Workstream 10: Psy DPN ZK Target Spike
Goal: validate a ZK circuit sourcegen target without coupling ProofForge to Psy compiler internals. Tasks:- Done: generate one Counter
.psysource file from a portable IR fixture. - Done: add a temporary Dargo package generator in
scripts/psy/counter-smoke.sh. - Done: document
dargo test --fileas the first local smoke runner. - Done: run
dargo compilewith thepsyupv0.1.0 macOS arm64 toolchain and capture DPN circuit JSON. - Done: run
dargo executeas a local user/contract session and assert the Counter result after two increments. - Done: call
dargo generate-abiand capture non-empty ABI JSON. - Done: emit
proof-forge-artifact.jsonwith target idpsy-dpnfor Psy smoke artifacts. - Done: add ContextProbe as a non-Counter fixture for parameter lowering and context reads.
- Done: add HashProbe for
Hash, typed hash let-bindings,hash, andhash_two_to_one, aligned with upstream Psy hash tests. - Done: validate Psy artifact metadata, including hashes, byte sizes, capabilities, validation flags, and expected execution results.
- Done: add map/storage-map, assertions, bounded-loop, array, struct,
aggregate ABI, nested aggregate, storage nested aggregate, U32 arithmetic,
and bitwise coverage from the upstream
psy-compiler/testsandpsy-precompilescorpus. - Done: add U32/Hash limb packing coverage for local arrays and ABI parameters
from the upstream
psy-precompilescorpus. - Done: emit and validate ProofForge deploy manifests for all Dargo-backed Psy smoke compile outputs.
- Done: add map storage path coverage for
Map<Hash, Hash, N>with Dargo compile/execute validation. - Done: add expression-position
storageMapSetlowering and MapProbe coverage for upstream map edge semantics wheresetand repeatedinsertreturn the previousHashvalue. - Done: add storage-reference compound assignment coverage for scalar storage and generic storage paths with Dargo compile/execute validation.
- Done: add native U32 scalar storage coverage using Psy
pub value: u32storage plus scalar+=assignment, with Dargo compile/execute validation. - Done: add native Bool scalar storage coverage using Psy
pub flag: boolstorage plusbool as Feltreturn casts, with Dargo compile/execute validation. - Done: add native Bool fixed-array and storage-array coverage using Psy
[bool; N]literals/indexing pluspub flags: [bool; N]storage, with Dargo compile/execute validation. - Done: add native Hash scalar and storage-array coverage using Psy
pub root: Hashandpub roots: [Hash; N], with Dargo compile/execute validation. - Done: add fixed-array equality coverage using Psy
assert_eq,==, and!=over[Felt; N]locals, with Dargo compile/execute validation. - Done: add U32 storage array coverage using Felt-backed storage plus explicit U32 read/write casts, with Dargo compile/execute validation.
- Done: add Felt-backed U32 storage-array path compound assignment lowering as explicit read/update/write casts, with Dargo compile/execute validation.
- Done: add native U32 storage struct field path writes, reads, and compound assignment coverage, with Dargo compile/execute validation.
- Done: add a Psy IR coverage manifest gate so every portable IR constructor must be classified as lowered, validated, unsupported, or structural for the Psy backend.
- Done: factor Dargo smoke package generation into a shared writer so every
Psy smoke creates the same
src/main.psyandDargo.tomllayout before metadata validation. - Done: allow EVM-style entrypoint selectors in the Psy backend as target-specific ABI metadata; Psy source generation uses method names only and may record the selector in artifact metadata for cross-target traceability.
- Done: validate Psy identifiers and duplicate declarations before source generation so invalid names do not fall through to Dargo parser/typechecker failures.
- Done: add a generic generated test fallback for valid Psy IR modules that do
not have fixture-specific assertions, backed by
GenericEntrypointProbe, golden source, Dargo compile/execute validation, ABI generation, deploy manifest generation, and artifact metadata validation. - Convert the deploy manifest path to upstream compressed genesis deploy JSON once the Psy tooling exposes a stable boundary, then exercise a local node/prover deployment smoke.
- Record Dargo/Psy compiler version or commit once the toolchain exposes a stable value.
- Generated
.psysource is readable and checked into a golden fixture or snapshot. dargo compileproduces a non-empty JSON artifact on a machine with the Psy toolchain.dargo executereturnsresult_vm: [2]for the Counter lifecycle.dargo executereturnsresult_vm: [15]for ContextProbe’ssum_context(2,3)lifecycle.dargo executereturns deterministic four-Felt outputs for HashProbe’sposeidon_hashandposeidon_pair_hashentrypoints.dargo generate-abiproduces a non-empty ABI JSON artifact.dargo executereturnsresult_vm: [42]for the generic non-whitelistedGenericEntrypointProbe.- Artifact metadata records target id, fixture id, used capabilities, artifact paths, hashes, byte sizes, Dargo package source copy, Dargo package manifest, and validation status.
- Artifact metadata is machine-validated by the Psy smoke scripts.
- Artifact metadata records Dargo/Psy compiler version or commit once available.
- Unsupported non-circuit-friendly IR nodes fail before source generation.
- CI either pins a known-good
psyuprelease or skips this gate clearly when a matching toolchain tarball is unavailable.
Workstream 11: Kaspa Toccata Research Target
Goal: decide whether and how ProofForge should support Kaspa’s Toccata programmability stack without pretending it is an EVM, account-state, or generic ZK circuit target. Tasks:- Done: add a docs-first target note for candidate id
kaspa-toccata. - Classify the target as UTXO covenant/based-app research, not
zk-circuit-sourcegen. - Review candidate capabilities for UTXO state, covenant lineage, transaction v1, user lanes, compute budgets, and inline proof verification.
- Decide whether the first spike should generate Silverscript or only produce a target manifest around hand-authored covenant source.
- Define a tiny L1 covenant Counter-like scenario with successor-output validation.
- Define the minimal artifact metadata shape for covenant source, transaction v1 manifest, covenant lineage manifest, and optional proof verifier manifest.
- Defer based-app support until the L1 covenant artifact shape is clear.
docs/targets/kaspa-toccata.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish inline ZK verification from
psy-dpn-style circuit source generation.
Workstream 12: Stellar Soroban Research Target
Goal: decide whether and how ProofForge should support Stellar smart contracts without treating all Wasm contract chains as one target. Tasks:- Done: add a docs-first target note for candidate id
wasm-stellar-soroban. - Classify Soroban as a Wasm-host candidate, not a generic Wasm artifact target.
- Decide whether the first spike should generate a native Rust/Soroban package or wait for a direct Lean-to-Wasm host bridge.
- Review candidate capabilities for address authorization, contract-account authorization, storage TTL, contract spec metadata, and Stellar assets.
- Define a tiny Counter-like scenario that exercises storage and event output.
- Define artifact metadata for Wasm, contract spec, deployment manifest, toolchain versions, and validation result.
- Identify the local smoke command set:
stellar contract build, sandbox or testnet deploy, and invoke.
docs/targets/stellar-soroban.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish Soroban from NEAR and CosmWasm despite all three using Wasm artifacts.
Workstream 13: Internet Computer Research Target
Goal: decide whether and how ProofForge should support Internet Computer canisters without treating every Wasm artifact as the same contract target. Tasks:- Done: add a docs-first target note for candidate id
wasm-icp-canister. - Classify ICP canisters as a Wasm-host candidate, not a generic Wasm artifact target.
- Decide whether the first spike should generate a native Motoko/Rust CDK package or wait for a direct Lean-to-Wasm canister bridge.
- Review candidate capabilities for Candid, update/query method modes, stable memory, orthogonal persistence, principals, cycles, async inter-canister calls, canister lifecycle, certified data, and management canister APIs.
- Define a tiny Counter-like scenario with one update method and one query method.
- Define artifact metadata for Wasm, Candid, canister manifest, stable-state or upgrade policy, toolchain versions, and validation result.
- Identify the local smoke command set: local replica, PocketIC, or ICP CLI canister install/call flow.
docs/targets/internet-computer.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish ICP canisters from NEAR, CosmWasm, and Soroban despite all using Wasm artifacts.
Workstream 14: TON TVM Research Target
Goal: decide whether and how ProofForge should support TON smart contracts without pretending TVM contracts are EVM, Wasm-host, Move, or ZK targets. Tasks:- Done: add a docs-first target note for candidate id
ton-tvm. - Classify TON as a TVM/Tolk sourcegen candidate.
- Decide whether the first spike should generate Tolk source/package artifacts or wait for a lower-level TVM/cell IR.
- Review candidate capabilities for cells, TL-B metadata, inbound messages,
outbound messages, get methods, action lists,
StateInit, account status, TVM gas, and jetton/token integration. - Define a tiny Counter-like scenario with one internal message and one get method.
- Define artifact metadata for source, TVM/BOC output, interface metadata, initial state, message/action schema, toolchain versions, and validation result.
- Identify the local smoke command set: Acton/Tolk compile and local test or emulator validation.
docs/targets/ton-tvm.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish TON TVM from Wasm-host, EVM, Move, and ZK targets.
Workstream 15: Bitcoin Cash CashScript Research Target
Goal: decide whether and how ProofForge should support Bitcoin Cash smart contracts without pretending UTXO spend paths are stateful contract method calls. Tasks:- Done: add a docs-first target note for candidate id
bch-cashscript. - Classify BCH/CashScript as a UTXO script/covenant sourcegen candidate.
- Decide whether the first spike should generate CashScript source/package artifacts before any lower-level BCH Script path.
- Review candidate capabilities for UTXO state, P2SH scripts, unlockers, transaction introspection, covenants, local state, CashTokens, timelocks, signature checks, CashScript artifacts, and transaction-builder validation.
- Define a tiny UTXO spend scenario with at least one contract function and a transaction-builder smoke.
- Define artifact metadata for
.cashsource, cashc artifact JSON, bytecode, constructor/unlocker manifest, transaction scenario, toolchain versions, and validation result. - Identify the local smoke command set:
cashc, CashScript SDK,MockNetworkProvider, and optional chipnet/node-backed validation.
docs/targets/bitcoin-cash-cashscript.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish BCH/CashScript from EVM, Wasm-host, Move, generic Bitcoin, and Kaspa/Toccata targets.
Workstream 16: Algorand AVM Research Target
Goal: decide whether and how ProofForge should support Algorand smart contracts without pretending AVM applications are EVM, Wasm-host, Move, Solana, TVM, UTXO, or ZK circuit targets. Tasks:- Done: add a docs-first target note for candidate id
algorand-avm. - Classify Algorand as an AVM/TEAL source or package-generation candidate.
- Decide whether the first spike should generate Algorand Python or Algorand TypeScript package artifacts before any direct TEAL emitter path.
- Review candidate capabilities for stateful applications, LogicSig programs, ARC-4 ABI/app specs, global/local/box storage, transaction groups, resource references, inner transactions, Algorand Standard Assets, AVM budget, and AlgoKit/Puya artifacts.
- Define a tiny stateful Counter-like application with one update method, one read/query path, explicit storage schema, and localnet or simulator-backed validation.
- Define artifact metadata for source, approval bytecode, clear-state bytecode, optional LogicSig bytecode, ABI/app spec, storage schema, resource references, toolchain versions, and validation result.
- Identify the local smoke command set: AlgoKit/Puya compile plus LocalNet or simulator-backed create/call/query validation.
docs/targets/algorand-avm.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish Algorand AVM from Wasm-host, EVM, Move, Solana, TVM, UTXO, and ZK targets.
Workstream 17: Cardano Plutus/Aiken Research Target
Goal: decide whether and how ProofForge should support Cardano smart contracts without pretending eUTXO validators are stateful method-call contracts. Tasks:- Done: add a docs-first target note for candidate id
cardano-plutus-aiken. - Classify Cardano as an eUTXO validator sourcegen candidate.
- Decide whether the first spike should generate Aiken source before any direct Plutus/UPLC path.
- Review candidate capabilities for eUTXO state, validator roles, datum, redeemer, script context, validity ranges, transaction balancing, native tokens, execution units, and Plutus blueprints.
- Define a tiny Counter-like eUTXO state-machine scenario with successor-output validation.
- Define artifact metadata for Aiken source, UPLC/Plutus validators, blueprint, datum/redeemer schemas, transaction scenario, execution units, toolchain versions, and validation result.
- Identify the local smoke command set: Aiken compile/test plus emulator, SDK-backed transaction, or cardano-node-backed validation.
docs/targets/cardano-plutus-aiken.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish Cardano from EVM, Wasm-host, Move, Solana, TVM, AVM, generic Bitcoin, BCH/CashScript, and Kaspa/Toccata targets.
Workstream 18: Tezos Michelson/LIGO Research Target
Goal: decide whether and how ProofForge should support Tezos smart contracts without hiding Michelson operation-list semantics behind generic contract calls. Tasks:- Done: add a docs-first target note for candidate id
tezos-michelson-ligo. - Classify Tezos as a Michelson source/artifact target with LIGO as the first sourcegen path.
- Review candidate capabilities for Michelson code, entrypoints, typed
Micheline storage,
big_map, operation lists, views, events, tickets, Sapling, delegation, gas/storage burn, and LIGO artifacts. - Define a tiny Counter-like contract with one entrypoint, one view, typed storage, and a local test or sandbox validation flow.
- Define artifact metadata for LIGO source, Michelson output, parameter/storage schema, operation list, view/event manifest, toolchain versions, and validation result.
- Identify the local smoke command set: LIGO compile/test plus Octez sandbox or equivalent Tezos local validation.
docs/targets/tezos-michelson-ligo.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish Tezos from EVM, Wasm-host, Move, Solana, TVM, AVM, UTXO, and ZK targets.
Workstream 19: Starknet Cairo Research Target
Goal: decide whether and how ProofForge should support Starknet smart contracts without treating Cairo chain contracts as generic ZK circuits. Tasks:- Done: add a docs-first target note for candidate id
starknet-cairo. - Classify Starknet as a Cairo/Sierra/CASM sourcegen candidate.
- Review candidate capabilities for Cairo source, Sierra, CASM, class declaration, class hash, Starknet ABI, storage, account abstraction, syscalls, L1/L2 messaging, Starknet fee/resource constraints, and Starknet Foundry validation.
- Define a tiny Counter-like contract with storage, an increment external function, a read function, and one event.
- Define artifact metadata for Cairo source, Sierra/CASM artifacts, ABI, selector/class-hash metadata, deployment manifest, toolchain versions, and validation result.
- Identify the local smoke command set: Scarb build plus
snforgeor devnet-backed tests.
docs/targets/starknet-cairo.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish Starknet from EVM, Wasm-host, Move, Solana, TVM, AVM,
UTXO, and
psy-dpn-style ZK circuit targets.
Workstream 22: Aleo Leo Research Target
Goal: decide whether and how ProofForge should support Aleo programs without treating Aleo as only a generic ZK circuit target or confusing Aleo VM with Algorand AVM. Tasks:- Done: add a docs-first target note for candidate id
aleo-leo. - Classify Aleo as a ZK application sourcegen candidate with Leo as the first source boundary, Aleo Instructions as the lower-level compiler target, and Aleo VM bytecode as the deployable execution artifact.
- Review candidate capabilities for Leo source, Aleo Instructions, Aleo VM, AVM bytecode, ABI, prover/verifier artifacts, transitions, finalization, records, mappings, storage, public/private inputs and outputs, program imports/upgrades, execute/deploy transactions, Credits fees, Leo tests, and devnet validation.
- Define a tiny Counter-like program with one entry
fn, one publicmapping, and onefinal { }block. - Define a second private-record scenario that consumes one encrypted record, creates a successor record, and records public/finalization effects only when required.
- Define artifact metadata for Leo source, program id/imports, record/mapping schemas, finalization manifest, Aleo Instructions, Aleo VM bytecode, ABI, prover/verifier artifacts, execute/deploy transaction metadata, toolchain versions, and validation result.
- Identify the local smoke command set:
leo build,leo test, optionalleo test --prove,leo execute --print, and devnet/devnode-backed deploy or execute validation.
docs/targets/aleo-leo.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish Aleo from
psy-dpn, Zcash Shielded, Kaspa/Toccata inline ZK, Starknet Cairo, Algorand AVM, and generic source-generation targets.
Workstream 20: Bitcoin Script/Miniscript Research Target
Goal: decide whether and how ProofForge should support Bitcoin base-layer spending policies without pretending Bitcoin Script is a general smart-contract runtime. Tasks:- Done: add a docs-first target note for candidate id
bitcoin-script-miniscript. - Classify Bitcoin as a limited UTXO spending-policy target through Script, Miniscript, descriptors, PSBT, and Bitcoin Core validation.
- Review candidate capabilities for Bitcoin Script, Miniscript, descriptors, SegWit, Taproot, Tapscript, witness stacks, sighash modes, hash locks, threshold multisig, PSBT flows, standardness, weight/fee constraints, and Bitcoin Core regtest validation.
- Define a tiny spending-policy scenario such as “A can spend immediately, or B can spend after a relative timelock.”
- Define artifact metadata for policy, descriptor, output script, witness requirements, PSBT/raw transaction scenario, weight/fee, toolchain versions, and validation result.
- Identify the local smoke command set: Bitcoin Core regtest, descriptor import
or address derivation, PSBT signing/finalization, and
testmempoolacceptor equivalent spend validation.
docs/targets/bitcoin-script-miniscript.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish Bitcoin Script/Miniscript from EVM, Wasm-host, Move, Solana, TVM, AVM, Cardano eUTXO, BCH/CashScript, Kaspa/Toccata, and generic smart-contract targets.
Workstream 21: Zcash Shielded Research Target
Goal: decide whether and how ProofForge should support Zcash shielded payments without treating Zcash as either plain Bitcoin Script or a generic ZK smart-contract chain. Tasks:- Done: add a docs-first target note for candidate id
zcash-shielded. - Classify Zcash as a privacy UTXO/ZK payment candidate with transparent Zcash flows plus Sapling/Orchard shielded pools.
- Review candidate capabilities for shielded privacy, transparent pool crossings, Sapling, Orchard, shielded notes, note commitments, nullifiers, commitment tree anchors, Zcash protocol proofs, private witnesses, value-balance constraints, viewing keys, unified addresses, privacy policy, and zcashd/library validation.
- Define a tiny shielded payment scenario such as “spend one Orchard note, create one Orchard note, reveal one nullifier, preserve value balance, and pay a transparent fee.”
- Define how a JDL-Z11-like script may express
shield,spendNote,createNote,revealNullifier,selectAnchor, andprivacyPolicywhile rejecting global mutable shielded storage, method dispatch, and arbitrary proof verification. - Define artifact metadata for transparent inputs/outputs, shielded pool, note input/output schema, nullifiers, anchors, value balance, witness/proving requirements, viewing-key disclosure, toolchain versions, and validation result.
- Identify the local smoke command set: zcashd RPC or a compatible Rust wallet/protocol library, with an explicit fallback blocker if local proving is too heavy for CI.
docs/targets/zcash-shielded.mdrecords the target classification and non-goals.- Capability candidates remain documented but are not added to
ProofForge.Target.Capabilityuntil reviewed. - The first spike has a reproducible local validation command or a documented external-tool blocker.
- The docs distinguish Zcash from Bitcoin Script/Miniscript, BCH/CashScript,
Kaspa/Toccata inline ZK,
psy-dpncircuit sourcegen, and generic smart contracts.
Workstream 23: Multi-Chain Token SDK
Goal: let users describe fungible token intent once, then let--target
choose ERC-20 contract generation on EVM or SPL Token / Token-2022 plans on
Solana without exposing chain-specific code at the user-facing SDK layer.
Tasks:
- Done: add RFC 0006,
ProofForge.Contract.Token.TokenSpec, target token plans, andTests/TokenSpec.lean. - Done: add legacy Learn token intent source syntax,
ProofForge.Contract.Token.Learn,Examples/Learn/ProofToken.learn,Examples/Learn/FeeToken.learn,Tests/TokenLearn.lean, andproof-forge --learn-token --target <id>plan emission as a compatibility path intoTokenSpec. - Done: add the first EVM ERC-20 artifact emitter for Learn token sources:
ProofForge.Contract.Token.Evm,Tests/TokenEvm.lean, standard ERC-20 selectors/events in metadata, Yul generation, andsolc --strict-assemblybytecode validation through--learn-token --target evm. - Done: add
scripts/portable/learn-token-smoke.sh/just learn-token-smoketo validate the EVM ERC-20 token artifact path and the Solana Token-2022 plan path from Learn source. - Done: add
scripts/evm/learn-token-erc20-vm-smoke.sh/just learn-token-evm-vmto deploy the generated ERC-20 creation bytecode in an EthereumJS VM and validate standard ERC-20 calls, Transfer/Approval topics, and insufficient-balance revert behavior. - Done: implement Solana SPL Token / Token-2022 deployment plan rendering at
the Lean
TokenSpeclayer.solanaTokenDeploymentPlannow records mint account creation, associated token accounts,mint_to,transfer_checked,approve,burn,revoke, authority changes, Token-2022 extension initialization, Solana program ids, and source documentation references. - Done: route Token-2022 features such as
transfer_fee,non_transferable,confidential_transfer, andtransfer_hookto Token-2022 extension metadata rather than custom per-token programs. The planner rejects the documented incompatibletransfer_fee+non_transferablecombination. - Done: extend
scripts/portable/learn-token-smoke.shso the legacy.learninput path reuses the LeanTokenSpecplan, emits both SPL Token and Token-2022 structured plan JSON, and validates the plan offline with@solana/spl-token/@solana/web3.jsinstruction builders. - Done: add
scripts/solana/token-plan-web3-smoke.sh/just solana-token-plan-web3to execute the structured legacy SPL Token plan on Surfpool. The live runner creates the mint and associated token accounts, mints initial supply, executes the plannedmint_to,transfer_checked,approve,burn,revoke, and mint-authorityset_authorityoperations, and validates balances, supply, delegate state, and authority revocation with Web3.js reads. - Done: add
scripts/solana/token-2022-transfer-fee-web3-smoke.sh/just solana-token-2022-transfer-fee-web3to execute the structured Token-2022 transfer-fee plan on Surfpool. The live runner initializesTransferFeeConfig, creates Token-2022 associated token accounts, mints initial supply, executesTransferCheckedWithFee, validates the source balance, recipient net balance, and recipient withheld fee, directly withdraws withheld fees from a token account, then runs a second transfer, harvests withheld fees to the mint, withdraws them from the mint, and validates the fee receiver balance plus cleared account/mint withheld amounts with Web3.js reads. - Done: add
ProofForge.Contract.Token.Examples.SoulboundToken,Tests/TokenPlanEmit.lean,scripts/solana/token-2022-non-transferable-web3-smoke.sh, andjust solana-token-2022-non-transferable-web3to execute a Lean.leanTokenSpec-backed Token-2022 non-transferable plan on Surfpool. The live runner initializesNonTransferable, creates Token-2022 associated token accounts, mints initial supply, verifies mint/account extensions, provesTransferCheckedis rejected, then burns the token and validates balances and supply with Web3.js reads. - Implement EVM ERC-20 lowering: ABI/selectors, balance/allowance storage, total supply, transfer/approve/transferFrom, mint/burn options, events, and broader Foundry/Web3 behavior tests.
- Continue Surfpool live validation for Token-2022 extension plans beyond the transfer-fee initialization, checked-transfer, direct withdraw, and harvest-to-mint withdraw paths plus non-transferable transfer rejection: confidential transfer setup and transfer-hook routing.
- Add optional Solana wrapper/authority/transfer-hook program generation for custom policies such as capped supply or custom transfer restrictions.
- Extend token-specific artifact metadata with live deployment accounts, tool versions, and validation-run results once the Surfpool plan runner lands.
- A Lean-authored
TokenSpechas deterministic EVM and Solana token plans; the legacy Learn token source lowers to the sameTokenSpecboundary. - EVM output emits ERC-20 Yul/bytecode and passes ERC-20 behavior tests using standard Web3/Foundry calls.
- Solana output renders structured SPL Token / Token-2022 plans, validates the
instruction builders offline with
@solana/spl-token, and now executes the legacy SPL Token plan plus the Token-2022 transfer-fee and non-transferable plans on Surfpool to create mints and token accounts, mint supply, transfer tokens where allowed, validate balances, verify withheld transfer fees, collect those fees through both direct account withdraw and harvest-to-mint plus mint withdraw, reject non-transferableTransferChecked, and burn non-transferable supply. Confidential transfer and transfer-hook behavior remains follow-up. - Documentation clearly says Solana does not default to a per-token SPL contract; it uses SPL Token / Token-2022 programs by plan and CPI.
Workstream 24: Architecture Convergence Follow-ups (post-merge)
The 2026-07 branch consolidation mergedsolana-supprot, lookdown
(Wasm/NEAR), aleo-support, and cloudflare-support into the trunk, resolved
the D-025/D-026/D-027 decision-id collisions (NEAR decisions renumbered to
D-029–D-031, Aleo to D-032, Cloudflare to D-033), unified the capability
matrix, and fixed the IR.Statement.release semantic conflicts in the EVM
event walker, Leo emitter, and TS emitter. Remaining follow-ups:
Tasks:
- Record the branch policy in
development-standards.md: chains are directories and target ids, not branches; changes toProofForge/IR/*,ProofForge/Target/*,ProofForge/Contract/{Spec,Intent,Source}*,docs/capability-registry.md,docs/decisions.md, anddocs/portable-ir.mdland onmainin standalone PRs. - Record the i18n rule: feature branches do not touch
docs/zh/*.zh.mdorscripts/i18n/manifest.json; translation sync runs onmainonly. - Retire the merged remote branches (
DaviRain-Su/solana-supprot,DaviRain-Su/lookdown,DaviRain-Su/aleo-support,DaviRain-Su/cloudflare-support) after the consolidation PR lands. - Regenerate stale
docs/zhtranslations flagged by the post-merge manifest (hand-merged decision/capability tables are synced; narrative docs that changed under auto-merge should be re-run throughtranslate-docs.py). - Decide whether the Solana bump-allocator selection unifies under the
merged
TargetProfile.deploymentAllocator?abstraction or stays target-local; record the outcome indecisions.md. - Unify the CI workflow: the merged
.github/workflows/ci.ymlnow carries EVM, Solana-light, NEAR, and Psy gates; add the Aleo and TS/Cloudflare smokes as optional jobs once their toolchains (leo,tsc/wrangler) are pinned. - Naming cleanup: decide the public SDK name, schedule the
Lean.Evm→ProofForge.*namespace rename, and enforce the Learn freeze (authoring-model). - Declare
ContractSpec→ EVM Plan → Yul the EVM product pipeline in RFC 0004; label LCNF →EmitYulas the Lean-native experimental path. - Decide whether
wasm-cloudflare-workerskeeps its registry entry underwasmHostor moves to a distinct off-chain host family (no consensus, no on-chain state) so it does not dilute capability semantics; record indecisions.mdalongside D-033. - Done: record Gate G0 and the stricter Gate P0 primary-chain completion
covenant in
decisions.md,target-roadmap.md, andgate-status.md. Gate G0 closes the shared behavior/budget slice; until Gate P0 closes, new and non-primary targets stay docs-only or maintenance-only — no registry, capability, testkit, CI, or product-scope advancement.
docs/decisions.mdshows one linear decision log (D-001…D-045, no duplicate ids), records the allocator-unification outcome, and aligns D-039/RFC 0009 plus D-045/Gate P0 with the codebase’s actual state.- Development standards contain the branch and i18n rules.
- All four merged chain branches are deleted or archived.
Workstream 25: Formal Verification Roadmap
Goal: convert the platform’s core promises into machine-checked theorems, per formal-verification.md. Tasks (see the roadmap for full statements):- FV-1: prove capability routing soundness, rejection completeness, and
Solana target-extension isolation for
resolveSpec(D-027/D-028 as theorems). - FV-2: extend
ProofForge/IR/Semantics.leanbeyond the scalar subset (maps, arrays, structs,ifElse,boundedFor, events) and prove determinism plus bounded-loop termination. - FV-3: prove the
IR/Ownership.leanchecker sound against release-aware semantics (no use-after-release, no double release), justifying the three divergentreleaselowerings (EmitWat allocator, EVM/Psy reject, TS no-op). - FV-4: EVM Counter, ValueVault, and EvmExpressionProbe executable trace
obligations are done in
Backend/Evm/Refinement.lean, backed byBackend/Evm/YulSemantics.lean. The obligations mirrorBackend/WasmNear/Refinement.leanfor scalar IR traces, check the selector-dispatched Yul surface, and execute the focused emitted Yul subset (calldataload,calldatasize,sstore,sload, scalar arithmetic,exp, bitwise/shift operators, comparisons, casts, assertions,number,keccak256,log0-log4,mstore,return) to compare observable EVM return words against the IR trace. ValueVault covers calldata arguments, multi-entry scalar storage updates, block-number context reads, event field evaluation, and return words; EvmExpressionProbe covers assertion success paths,assertEq, predicate expressions, U32/U64 arithmetic, casts, bitwise operators, and shifts. Next: extend the interpreter and obligations toward maps, arrays, structs, and aggregate return/state shapes; keep Psy/Solana on differential gates until interpreters exist. - FV-5: state checked-arithmetic overflow/division semantics once in the IR value domain and add the overflow branch to backend obligations.
- FV-6: prove
.learn-vs-contract_sourcelowering equivalence for the paired fixture subset (decidableContractSpecequality). - FV-7: prove Token SDK plan invariants (total feature routing, documented incompatibility diagnostics, plan well-formedness).
- FV-8: user-facing contract invariants over IR semantics, ValueVault as the worked example.
- Each landed FV item is a
decide-checkable theorem or Lean test wired into CI, not an external-tool dependency. - A backend cannot move from Experimental to Supported without its FV-4 trace obligation and shared-scenario differential gate.
Workstream 26: Unified Rust Test Framework (testkit)
Goal: replace per-chain shell/Node harness sprawl with one declarative scenario format and Rust in-process executors, per RFC 0007. Tasks (one milestone per implementing branch):- M1: create the
testkit/Cargo workspace (core+ scenario TOML model, discovery, reporting); portruntime/offline-hostintoharness-near(wasmtime + NEAR host shim, allocator counters preserved); Counter scenario green onwasm-near; addjust testkitand one CI step. - M2:
harness-evmon revm — load emitted runtime bytecode, dispatch via.evm-methodsselectors, decode return words; Counter green onevm; first cross-target equivalence assertion (evm ↔ wasm-near observable traces). - M3:
harness-solanaon mollusk-svm — absorb theTests/solana/*_mollusk.rs.tpllogic as library code; Counter green on all three targets. Status: Counter is now wired throughmollusk-svmintestkit/harness-solana, including golden assembly, manifest, artifact metadata, sBPF ELF build, stateful scenario execution, and three-target trace parity whensbpfandsolana-keygenare available. ValueVault is now covered bytestkit/scenarios/value-vault.toml, typed scalar scenario args,runtime/offline-host --inputs-hex, the NEAR/Wasm EmitWat fixture, the Solana ValueVault sBPF/Mollusk harness, and the EVM/revm harness when Foundrycastis available for selector hydration. - M4: migrate golden-file comparisons and per-fixture behavior scripts into
scenario steps; retire duplicated shell scripts; collapse the per-fixture
CI steps into the testkit run. Live/chain-authentic gates (Foundry, Anvil
deploy, Surfpool, near-sandbox, dargo, leo) remain separate scheduled or
labeled jobs. Status: the first M4 slice is in place through
scenario-declared
[[artifact]]expectations. Counter’s Solana golden assembly/manifest checks and ValueVault’s WAT/Yul/sBPF/manifest/metadata source-shape checks now live in scenario TOML instead of hardcoded fixture-specific harness branches. The second slice adds nested[[artifact.json]]and[[artifact.toml]]checks so Solana Counter and ValueVault metadata/manifest fields, instruction names/tags, capability membership, and validation status are asserted declaratively by the scenario runner. The follow-up slice removes the duplicated Solana harness-internal metadata/manifest semantic validators and leaves only runtime dispatch parsing intestkit/harness-solana. The next slice tightens scenario discovery so empty or duplicate target ids and artifact expectations for undeclared targets fail before any harness runs. The current EVM slice moves EVM artifact metadata identity, capability, validation, and ABI entrypoint-name expectations into scenario-declared[[artifact.json]]checks, leavingtestkit/harness-evmresponsible only for selector parsing and runtime execution. The current diagnostic slice adds scenario-declared[[diagnostic]]expectations and a diagnostic-onlyunsupported-crosscallscenario that provessolana-sbpf-asmrejects the portablecrosscall.invokecapability with the expected target/capability message. The current EVM golden slice addsExamples/Evm/Counter.golden.yulas the portable IR Counter Yul golden and makestestkit/scenarios/counter.tomlassert the generated EVM Yul throughmatches_file; the older Lean SDK contract golden stays underExamples/Evm/Contracts/. The current Wasm/NEAR golden slice addsExamples/WasmNear/Counter.golden.watand makes the same Counter scenario assert generated EmitWat output throughmatches_file, so Counter now has scenario-declared source equality forwasm-near,evm, andsolana-sbpf-asm. The current ValueVault Wasm/NEAR golden slice addsExamples/WasmNear/ValueVault.golden.watand makestestkit/scenarios/value-vault.tomlassert generated EmitWat output throughmatches_file. The current ValueVault Solana golden slice addsExamples/Solana/ValueVault.golden.sandExamples/Solana/ValueVault.manifest.toml, making the same scenario assert generated sBPF assembly and manifest output throughmatches_file. The current ValueVault EVM golden slice addsExamples/Evm/ValueVault.golden.yuland makes the same scenario assert generated EVM Yul throughmatches_file, so ValueVault now has scenario-declared source equality forwasm-near,solana-sbpf-asm, andevm. The current metadata file-reference slice adds nested[[artifact.file]]checks, makes scenarios assert that JSON metadata file entries point at harness-produced artifacts and match path, byte size, and SHA-256 hash, and exposes EVM init-code/deploy-manifest outputs as testkit artifacts. The current cross-artifact JSON slice adds nested[[artifact.jsonArtifact]]checks, validates that Solana ValueVault metadata embeds the same IDL JSON as the generated IDL artifact, and moves the ValueVault IDL/client schema-shape checks into scenario TOML. The current structured-length slice addslengthassertions to nested[[artifact.json]]/[[artifact.toml]]checks and uses them to pin Counter and ValueVault ABI entrypoint, event, capability, artifact, manifest instruction, Solana instruction, and IDL instruction counts declaratively. The current structured-schema slice addsexists,kind, andnon_emptychecks for nested JSON/TOML artifact assertions, then makes Counter and ValueVault validate EVM deploy manifests as first-class scenario artifacts, including init-code mode, absent chain profile, not-generated broadcast status, ABI and capability shape, and file references back to generated Yul, bytecode, and init-code artifacts.
- One scenario file drives all three priority targets when optional Solana tooling is available; adding a covered feature requires no new script, recipe, or CI step.
- A scenario using an unsupported capability asserts compile-time rejection with a diagnostic (never silently skips a target).
- Runner is deterministic and network-free by default;
revm,mollusk-svm, andwasmtimeversions are pinned. - Lean-side compiler tests (diagnostics, coverage manifests, formal anchors)
remain in
Tests/*.leanand are not moved.
Workstream 27: Allocator Abstraction Unification
Goal: one chain-neutral allocator model bound per target, per RFC 0008; resolves the Workstream 24 allocator-unification decision. Tasks:- M1: generalize
ProofForge/IR/Allocator.leanto the strategy/region/release triple (existing constructors map onto it; EmitWat behavior unchanged); record the decision indecisions.md. - M2: fold Solana’s
RuntimeAllocator(Backend/Solana/Extension.lean) into the shared model —solana.allocator.*metadata keys stay as the Solana configuration syntax but populate the shared type; IDL renders from it;Tests/SolanaAllocator.leanupdated. - M3: add the explicit EVM binding (bump over call-scratch memory; documents
what EmitYul/EVM plan already do); define the criteria for moving EVM
releasefrom rejection to checked no-op (blocked on FV-3 ownership soundness). - M4: allocator behavior scenario in testkit (Workstream 26) across the
three harnesses; NEAR asserts allocator counters, EVM/Solana assert
observable-trace equality with
releaseas no-op.
- One
AllocatorModeltype is consumed by EmitWat, the Solana backend, and the EVM binding; no parallel allocator records remain. - Persistent-state models (EVM storage, Solana accounts, NEAR storage) are explicitly out of scope and unchanged.
- Capability gating via
runtime.allocatorcitesalloc.*ids in diagnostics for unsupported release/strategy demands.
Workstream 28: Target Portfolio Sequencing
Goal: execute the tiered portfolio in target-roadmap.md (D-034). Gates, not dates; one milestone per implementing branch. Completion-first rule (D-044, 2026-07-03): finish the three Tier-0 targets —solana-sbpf-asm, evm, wasm-near, in that implementation priority — to
full DoD (behavior parity and resource budgets per D-040) before any new-chain
advancement. Per-criterion status lives in gate-status.md.
Tier-0 completion (current top priority, blocks everything below)
- Done: NEAR budget reporting is wired through the testkit as a wasmtime-fuel proxy, with Counter and ValueVault baselines pinned alongside Solana CU and EVM gas. A precise NEAR host-gas model remains a P0 hardening refinement, not a Gate G0 blocker.
- Done: ValueVault budget baselines are pinned for
solana_cu,evm_gas, andnear_gasacross the three primary targets intestkit/scenarios/value-vault.toml. - EVM semantic-plan migration (Workstream 3): ExprPlan, StmtPlan,
EntrypointPlan, EventPlan, CrosscallPlan, MetadataPlan — then retire the old
IR.lean -> Yullowering. Non-blocking for Gate G0 budgets but on the EVM hardening track. - Solana Pinocchio CI equivalence (Workstream 7): the source/reference
equivalence suite is included in
just solana-light; remaining work is to make the live-equivalence harnesses pass in CI by installing Solana rustc/ platform-tools reliably. - Freeze the landed Aptos/CosmWasm spikes at their current M1/M2 state: no Tier-1 M3/M4, no registry stage, no Tier-2 start, until Gate P0 closes.
- Done: Gate G0 (Tier-0 behavior/budget slice) is closed. Evidence lives in gate-status.md.
- Gate P0 (primary-chain sign-off): Gate G0 plus the remaining production-grade hardening for Solana, Ethereum/EVM, and NEAR/Wasm from D-045.
- Tier 1a
wasm-cosmwasm: M1 CosmWasm host imports + region-allocator ABI in EmitWat (thecosmWasmRegionbinding from RFC 0008); M2 Counter artifact passescosmwasm-check; M3 testkitharness-cosmwasmscenario green with cross-target equivalence vswasm-near; M4 registry stage → Experimental. - Tier 1b
move-aptos(parallel to 1a): M1 IR → Move module printer for the Counter subset; M2aptos move testgate + golden fixture; M3 testkit CLI-wrapped executor; M4 capability rows validated;move-suionly after M4. - Tier 2 (each behind its enabler, see roadmap):
wasm-stellar-sorobanafter CosmWasm M4;wasm-icp-canisteradditionally requires an async/inter-canister design note before any code;starknet-cairois the first sourcegen-lane pick after Aptos M4;ton-tvm,algorand-avm,cardano-plutus-aiken,tezos-michelson-ligofollow the one-active-sourcegen-spike rule. - Tier 3 Bitcoin policy family (opens at Gate G2 = both Tier-1 exits):
M1 policy IR (predicate tree) +
policy.*capability ids in the registry docs; M2 rust-miniscript/descriptor emission for the 2-of-3 + timelock-recovery shared policy scenario; M3 PSBT/regtest testkit gate; M4 Lean policy-property checks (path reachability, participant non-omission) as decide-checked theorems.bch-cashscript,zcash-shielded, andkaspa-toccatastay parked behind M4.
- Primary-chain completion covenant (D-045):
solana-sbpf-asm,evm,wasm-nearreach production-grade DoD before any Tier-1 advancement; the landed Aptos/CosmWasm spikes stay frozen at M1/M2. - No Tier-1 code lands before Gate P0; no Tier-2 target starts before its listed enabler; at most one sourcegen spike is active at any time.
- Policy-family targets never appear in contract-family capability rows;
they get a separate
policy.*section in the capability registry when Tier 3 opens.
Workstreams 29–33: Platform Hardening (planning-first)
These come from the 2026-07 gap analysis. Each starts as an RFC, not code; sequencing hooks are listed in the gap doc.-
Workstream 29 — CLI product surface. RFC 0009 is accepted and M1 is
landed:
proof-forge build|emit|check --target <id> --fixture <id>exists through the compatibility layer,checkis a real validation verb, list commands are wired, and legacy flags have alias/deprecation metadata. Remaining work is M3/M4: migrate scripts/testkit callers to the target-first surface and delete the legacy flag zoo only after the compatibility window. - Workstream 30 — Versioning and compatibility policy. RFC covering IR version rules (tied to the coverage-manifest gate), artifact/deploy schema stability, append-only capability ids, and SDK deprecation policy.
-
Workstream 31 — Resource budgets as gates. ✅ Implemented. The
testkit scenario schema supports per-step
solana_cu,evm_gas, andnear_gasbudgets with baselines and tolerance bands; the runner reports measured budgets and fails on regression. Counter baselines are locked for Solana CU and EVM gas; NEAR gas is reported as wasmtime fuel (info-only proxy) until a precise host-gas model lands. Gate G0 intarget-roadmap.mdandvalidation-gates.mdnow requires budget assertions. -
Workstream 32 — Deployment lifecycle, upgrades, signing. RFC for an
upgrade-policy intent (
immutable | authority | governance) lowered honestly per chain (Solana upgrade authority, EVM immutable/proxy, NEAR account keys, Aleo@noupgrade) or rejected; unsigned-transaction signing boundary; live-gate key conventions. M1 is implemented:ContractSpec.upgradePolicy?is serialized in ContractSpec JSON, the target resolver rejects unsupported target/policy combinations before code generation, and resolved plans emitupgrade.policy.*artifact metadata for supported policies. -
Workstream 33 — Runtime error model + client generation. Portable
error codes with per-target encodings and
expect.errorscenario vocabulary (plan with Workstream 31’s schema change); then a client-schema layer generalizing the Solana IDL/TS client generation to all targets (implementation waits for testkit M3). Milestones:- M1: Add
ErrorRef(assertion_id+ optionaluser_code) to the portable IRassert/assertEqconstructors and update every backend pattern match to compile with the new shape.messageremains the fallback text. ✅ Implemented. - M2: Implement per-target error encodings for EVM, Solana, and NEAR:
EVM reverts with
abi.encode(uint32 assertion_id, string user_code); Solana returnsProgramError::Custom(assertion_id); NEAR panics with aPF:{id}:{code}prefix. ✅ Implemented. - M3: Extend testkit schema and harnesses with
expect.errorso a scenario step can assert the exactassertion_id/user_codeon failure. - M4: Define target-neutral
ContractSpecJSON schema and generate Solana IDL/client, EVM ABI wrapper, and NEAR wrapper sketches from it.
- M1: Add
Suggested Order
Workstreams 1, 1.5, 2–3, 6–7 (registry, portable IR, EVM metadata, Solana asm) are substantially complete; remaining per-target detail lives in each workstream. The forward order follows the tier gates of target-roadmap.md (D-034):- Architecture convergence follow-ups (Workstream 24) and FV-1/FV-2 from the formal verification roadmap (Workstream 25). In parallel, finish the platform-hardening follow-through from the gap analysis: CLI M3/M4 migration after RFC 0009 M1, runtime error vocabulary for testkit, and the versioning / deployment lifecycle policies (30/32, docs-agent parallel track).
- Parallel: unified testkit (Workstream 26) and allocator unification (Workstream 27) — testkit M1/M2 has no dependency on allocator M1/M2; allocator M4 lands after testkit M3.
- Gate P0 (primary-chain completion covenant, D-045): finish
solana-sbpf-asm,evm,wasm-near— in that implementation priority — to production-grade DoD. Gate G0 is the behavior/resource-budget slice; Gate P0 also includes Solana Pinocchio CI equivalence, EVM semantic-plan migration, and NEAR/Wasm local execution, artifact, diagnostic, and CI sign-off. The landed Aptos/CosmWasm spikes stay frozen at M1/M2 until this closes. Per-criterion status: gate-status.md. - Parallel Tier 1 (only after Gate P0 closes):
wasm-cosmwasm(Workstreams 5/28) andmove-aptos(Workstreams 8/28). - Tier 2 per enabler: Soroban after CosmWasm; Sui and the sourcegen lane (Starknet first pick) after Aptos; ICP additionally behind an async design note; one sourcegen spike at a time (Workstreams 12–19/22, 28).
- Bitcoin policy family at Gate G2 (Workstreams 11/15/20/21, 28) — miniscript first, then CashScript/Zcash/Kaspa behind it.
- Multi-chain Token SDK follow-ups (Workstream 23) continue alongside, and the remaining live-gate CI matrix (Workstream 9) grows with each target.
- Cloud platform design refresh (prerequisite: two+ targets at Experimental with shared-scenario parity; D-010).