Skip to content

3. Operational readiness note

Product: api-billing-v2 pilot
Gate: cd verifier-api && npm run test:billing-pilot
Canonical env: docs/dev/verifier-api-test-setup.md
Status as of f67bf83: Production deployed; gates green


Release gates

GateStatusEvidence
Billing pilot integration suite15/15verifier-api/tests/billing-pilot.integration.test.js
Warm attest perf budgetEnforced (≤ 8s default)BILLING_ATTEST_PERF_BUDGET_MS
Artifact manifest validationBoot-time, 12 artifactsverifier-api/src/utils/artifactValidator.js
Production smokePass (with secret)scripts/smoke-billing-phase2.sh
Production health JSONenvironment: productionverifier-api/src/utils/healthPayload.js

What the pilot suite covers

  • Attest + verify — standard profile two-call flow
  • Deterministic billing — fingerprint and charge stability
  • Replay guard — duplicate event_id, crash recovery, concurrency race
  • Meter trust — external meter_envelope verification path
  • Strict profile — manifest authority + revocation when VDI_VERIFY_STRICT_V1
  • Transparency — head, checkpoint, consistency proof
  • Revocation feed/.well-known/vdi-billing-revocation.json
  • Phase-2 binding — prove at attest, verify at /billing/verify, tamper rejection
  • Perf budget — warm attest wall-clock ceiling (not a production SLO)

Observability at attest

stage_timings_ms returned on each attest:

StageField
Causal proofcausal_proof_ms
Phase-2 Groth16phase2_proof_ms
Replay DB checkdb_replay_ms
Transparency appendtransparency_append_ms
Receipt verifyverify_receipt_ms

Verify is measured independently in the test suite (fingerprint tamper, commitment binding, Phase-2 mismatch).


Trusted setup — apiBillingV2 Phase-2

ItemStatus
MPC Phase-2 ceremonyComplete (3 contributors)
Transcriptzk-cp/build/apiBillingV2/mpc_transcript_apiBillingV2.json
Artifact mirrorsverifier-api/, public/, protocol/packages/vdi-prover/
Manifest pinsverifier-api/circuits/apiBillingV2/ARTIFACT_MANIFEST.json
Rerun scriptbash zk-cp/scripts/mpc-api-billing-v2.sh

Before adversarial production trust: run contributions from independent operators (not one machine) and exercise rotation cutover per api-billing-v2 trusted setup.


Production configuration (Railway)

VariableProduction valueNotes
NODE_ENVproductionHealth JSON reports environment: production
VDI_BILLING_INCIRCUIT_BINDINGtruePhase-2 proofs attached at attest
VDI_ATTEST_SECRETSetRequired header on attest routes
VDI_SIGNING_KEYStable 64+ hexAttestation signatures survive redeploys
VDI_BILLING_METER_*Ed25519 meter keyServer or external envelope signing

Deploy surfaces

SurfaceHostRole
Verifier APIapi.quantzk.comAttest, verify, transparency, revocation
Trust indexquantzk.com/trustReviewer entry point
Billing demoquantzk.com/vdi-billingLive walkthrough
Offline verifierquantzk.com/protocol/verify.htmlCustomer-side verify

Not yet operational (disclosed)

  • Independent-host MPC ceremony for adversarial Groth16 trust
  • Formal third-party audit report on this surface
  • Redis-backed rate limiting as hard dependency (billing pilot runs with Redis disabled in CI)
  • Stripe / PSP integration (proof-of-charge layer only)

Verification keys are embedded in attestations. The verifier is open source.