Every protocol decision in Prova is pinned in a spec. Cryptographic choices, on-chain event formats, economic parameters, security threat model, governance lifecycle. If it's not in a spec, it's not in the product.
The proofs, the deals, the contracts. Everything that's enforceable on-chain.
The single storage-verification mechanism in Prova. Specifies CommP (piece commitment via sha2-256-trunc254-padded), Merkle tree construction over Fr32-padded leaves, on-chain ProofVerifier integration, and O(log N) gas verification. No sealing, no SNARKs, no TEE.
Deal lifecycle and settlement. Defines the state machine (Proposed → Downloading → Verifying → Accepting → Active → Completed / Cancelled / Slashed), escrow + streaming payment mechanics, and the 99/1 split between prover and protocol treasury.
Every log the chain emits, and why: DealProposed, DealAccepted, DealCompleted, DealCancelled, DealSlashed, PossessionProven, ProofMissed, DataSetFaulted, ProverRegistered, Staked, Withdrawn. Indexers, dashboards, and clients all live off this schema.
The GET /piece/{commp},
/.well-known/prova,
and /health HTTP endpoints
every prover exposes. Auth rules, rate limits, range-read semantics, gateway
conformance tests.
Threat models and audit checklists are public deliverables, not internal notes. If we can't enumerate the attacks, we can't claim safety.
STRIDE and asset-based threat enumeration across client, prover, contract, and chain surfaces. Mitigations map to specific code paths and test cases. Living document: new threats get added as the protocol evolves.
The exact list of items an external auditor is expected to verify: contract invariants, fund-flow paths, reentrancy surfaces, time assumptions, oracle dependencies (none), and upgrade authority. Pre-seeds the audit scope of work.
Where money comes from, where it goes, who decides. No hidden multisigs, no discretionary mints.
100M PROVA fixed supply. Provers stake PROVA, slashing burns PROVA. Clients pay USDC; the 1% protocol fee swaps to PROVA on Uniswap V3 and burns. SAFT round + public LBP at TGE. Vesting on-chain.
Proposal lifecycle, voting weights, time-locked upgrade path, emergency brake powers. Starts as a 3-of-5 multisig at launch, transitions to token-weighted governance after year one with a 14-day timelock on every mutable parameter.
Retrieval, anchoring, data availability, and peer-to-peer discovery. Not everything is on Base; the parts that aren't, are specified here.
How clients discover provers, how provers announce themselves, and how retrieval degrades when a prover goes offline. Covers libp2p peer IDs, HTTPS fallback, and the announce/resolve flow against ProverRegistry.
Pre-pivot this described Prova L2 anchoring to Ethereum; post-pivot Prova is on Base which already inherits L1 security. Keeping the doc in-repo until the rewrite lands in case any of the merkle-range-proof primitives are reusable for cross-chain retrieval attestation.
DAS sampling strategy for piece retrievability when the assigned prover is temporarily offline. Erasure coding, challenge-response, and the relationship between DAS and the redundancy model.
Prova started as a standalone L1 chain with TEE-attested storage, confidential inference, and a QBP dispute protocol. The pivot to Base-native scope dropped eight specs into archive/specs-v1/: TEE storage proofs, confidential inference, model registry, activation merkle tree, audit protocol, QBP protocol, and the v1 security threat model + audit checklist. We keep them in-repo for historical traceability, not as product scope.