6. Architecture — api-billing-v2 trust stack
Billing-specific architecture for Halborn review. For the full VDI protocol stack (identity, compliance, causal proof), see protocol/ARCHITECTURE.md.
Diagram 1: Billing trust stack
Four layers from integrator API down to cryptographic primitives. Phase-2 binding is additive on top of deterministic fingerprint binding.
Diagram 2: Attest → verify lifecycle
Sequence for the two-call pilot surface. Phase-2 proof generation happens inside attest when VDI_BILLING_INCIRCUIT_BINDING=true.
Diagram 3: Bundle object structure
Self-contained JSON artifact. Verifier needs no network call if using offline verify.html.
Diagram 4: Verify algorithm (billing)
Deterministic ordered checks. Failure at any step returns valid: false with reason.
Diagram 5: Artifact governance
MPC ceremony outputs are pinned at deploy. Boot validator rejects hash drift.
Canonical vkey hash (smoke pin): a486fb22805a60df7608e70a2939c178c2b12d9e84a4b94152c98e4859815bcf
Diagram 6: Trust boundaries
What each party must trust at dispute time.
Key file map
| Layer | Path |
|---|---|
| API routes | verifier-api/src/routes/vdi.js |
| Phase-2 prove/verify | protocol/packages/vdi-billing/commitmentBindingV2.js |
| Circuit source | zk-cp/circuits/apiBillingV2.circom |
| Compiled artifacts | verifier-api/circuits/apiBillingV2/ |
| Manifest | verifier-api/circuits/apiBillingV2/ARTIFACT_MANIFEST.json |
| Boot validator | verifier-api/src/utils/artifactValidator.js |
| Integration tests | verifier-api/tests/billing-pilot.integration.test.js |
| Offline verifier | protocol/site/verify.html |
| MPC script | zk-cp/scripts/mpc-api-billing-v2.sh |
