Releases: IsSlashy/Protocol-01
Release list
v1.0.3 Frost — Fable-5 security audit fixes + relayer health parity
Hardening release: ships the Fable-5 deep-reverify audit fixes, all validated end-to-end on a real device against devnet.
Security (Fable-5 audit)
- subscribe_private_stark + split_note_stark now enforce a C3 Merkle-membership gate (closes drain-from-undeposited-note).
- circuit-5 value conservation enforced on-chain (out1+out2-in1-in2 == public_amount).
- License keys use a blake3 commitment scheme (no shared secret): the chain stores blake3(licenseSecret); merchants verify blake3(decode(key)) == vault.license_commitment with public on-chain data only.
- Relayer refund job no longer closes principal to the keeper; principal returns to the original payer.
On-device validation (devnet)
- shield, unshield (C1+C3), subscribe-private (ownership + C3) all pass through the upgraded p01_relayer.
- License key distribution -> merchant verification confirmed; tampered keys rejected.
Fixes
- Mobile relayer health indicator matched the website (reads the shared /api/relayer-health proxy with a direct-probe fallback); no more false red on IPv6/Private-DNS networks.
Android: versionCode 30 / versionName 1.0.3.
v1.0.2 — Chrome extension parity, Privy removed, stabilized
Protocol 01 v1.0.2. The Chrome extension reaches feature parity with the mobile app, Privy is removed, and the privacy stack is stabilized end to end on devnet. Install over an existing build (same signing key, data preserved).
What's new
- Chrome extension = mobile app. The extension now matches mobile feature for feature: wallet, stealth addresses, shielded notes, and recurring subscriptions.
- Cross-device subscription sync. Subscribe on your phone, see it in the extension. Same wallet, same merchants, same prices, read on-chain by both apps (P01_SUB_V1 memos).
- Connect your phone wallet to the extension over a one-time encrypted channel (works on a cameraless laptop).
- On-chain merchant registry in the extension, so merchants and prices match the mobile app exactly (no more hardcoded catalog).
- Relayer health indicator in the app (Privacy page) and on the website.
Stabilization
- Shield, unshield and sweep work end to end on devnet (V3 STARK pipeline).
- Private denominated transfers fixed (merkle frontier off-by-one + new_subtrees length).
- subscribe_normal on-chain builder corrected (argument order + accounts).
- Relayers made self-healing (RPC reconnect on bad-slot wedge).
Removed
- Privy is gone. Wallets are local seed phrases only, generated on your device and never sent anywhere.
Devnet artifacts
- zk_shielded: GbVM5yvetrSD194Hnn1BXnR56F8ZWNKnij7DoVP9j27c
- p01_stark_verifier: DGY37k3Jt7cbrfNa9rxyLZVcFB7S7A2NqtVpkh9fWQvs
- p01_registry: QaQwpvBi1EQpevNE21D2oNBHFsLtoLwa7aXH26zRhQB
Install
- Android: protocol-01-v1.0.2.apk below (sha256: 3abf8b74a11d2c64a19934daa0a9c43f6c067049593fd1336db8421b7dd24227). Android may warn about installing outside the Play Store; allow it for this build.
- Chrome extension (beta, devnet): https://protocol-01.dev/extension
v1.0.1 — X Quantum Dublin demo build
Hotfix rebuild — 2026-05-29. Same v1.0.1, fresh APK with the on-device fixes below. Install over the existing v1.0.1 (same signing key, data preserved).
Hotfix — 2026-05-29
- Privy embedded-wallet recovery & signing fixed —
PrivyElementsis now mounted so the embedded wallet's UI/unlock can render;signMessageno longer hangs onuser-signer:sign. The deterministic note-seed is persisted in SecureStore, so recovery runs offline on every boot instead of re-hitting the remote wallet WebView. - Transaction serialization fixed — the
@noble/curvesv2 migration had brokenTransaction.serialize()(every on-chain op threwundefined is not a function); the Hermes shims now point at the real v2 module paths. - C3 merkle_path STARK verifier fixed —
verify_constraints_merkle_pathtreated the 32 padding rows (480–511) as active Poseidon rounds, rejecting valid V3 unshield proofs withInvalidProof(deterministic per note). Verifier rebuilt and redeployed on devnet (DGY37k…, slot 465731409). - Resilience — transient RPC network retry + ephemeral crash-sweep with fresh balance.
- Build — pnpm 10 monorepo Android autolinking workaround.
Verified end-to-end on device (devnet): shield, emergency unshield + sweep, private merchant subscribe, and the classic local-keypair flow.
Dublin demo build, submitted to the X Quantum hackathon (Dogs Patch, 2026-05-24).
Highlights
p01_quantum_walletscaffold (Phase A) — first cut of the post-quantum smart-contract wallet program (STARK-authorized), groundwork for the full PQ end-to-end plan.- Mobile quantum wallet UX layer (Phase B) — boot scaffold +
WalletSignerabstraction so the wallet path is keypair / Privy agnostic. - Real-time progress bars across subscribe / shield / unshield / confidential / cancel.
- License key card on the subscription detail screen.
Fixes (Dublin)
stark gen_proofJSON output: commitment now quoted as a string (avoids JS number-precision truncation on the mobile side).- STARK proof generation timeout bumped 60s → 180s for slower Android devices.
Devnet artifacts
zk_shielded:GbVM5yvetrSD194Hnn1BXnR56F8ZWNKnij7DoVP9j27cp01_relayer:2okhzLVr6FEq5jP19KT6VurcSutx2zE4RhkRamrk5WpWp01_stark_verifier:DGY37k3Jt7cbrfNa9rxyLZVcFB7S7A2NqtVpkh9fWQvs- 13 V4 denominated pools live.
Install
Download protocol-01-v1.0.1.apk below. Android may warn about installing outside the Play Store; allow it for this build.
v1.0.0 — STARK V3 cancel + refund-via-relayer pipeline live
Highlights
- STARK V3 cancel unblocked end-to-end on devnet (private subscription cancel via STARK proof + retailer payout + close).
- Refund-via-relayer pipeline (
p01_relayer::submit_refund_job/process_refund_job): residual lamports go to a RefundJob PDA, a keeper delivers a stealth-encrypted re-shielded note to the subscriber. - Validated live: shield, classic recurring subscriptions, private recurring subscriptions (subscribe / pause / resume / cancel with STARK proof).
Fixes
claimable_periods()now caps at remaining funded periods to prevent u64 underflow at retailer payout when a vault's elapsed window outruns its funding.cancel_private_starkaccounts switched toOption<UncheckedAccount<'info>>for the optional pool / tree / refund-job slots so Anchor 0.32's program-id sentinel is honored cleanly.
Devnet artifacts
- Program:
GbVM5yvetrSD194Hnn1BXnR56F8ZWNKnij7DoVP9j27c(zk_shielded) - Relayer:
2okhzLVr6FEq5jP19KT6VurcSutx2zE4RhkRamrk5WpW(p01_relayer) - STARK verifier:
DGY37k3Jt7cbrfNa9rxyLZVcFB7S7A2NqtVpkh9fWQvs(p01_stark_verifier) - 13 V4 denominated pools live.
Install
The Android APK is also mirrored at:
https://github.com/IsSlashy/Protocol-01-releases/releases/tag/v1.0.0
adb install -r protocol-01-v1.0.0.apk
Notes from a v0.9.x install are preserved if both APKs were signed with the same release keystore.
v0.9.11 — V3 STARK Quantum-Safe Pools
v0.9.11 — V3 STARK Quantum-Safe Pools
First release with the V3 denominated pools running fully on STARK proofs over Goldilocks. Privacy-side BN254/Groth16 dependency is gone for the new pools — proofs and commitments are post-quantum end-to-end on the ZK side.
Headline
- V3 STARK pools live on devnet — 13 fresh pools (6 SOL + 7 USDC) using the universal
LeafInsertedevent and the newdenominated_pool_v3seed. - Full lifecycle validated on both wallet paths — shield → wipe → restore → recover → emergency unshield, on Privy AND classic (BIP39 seed) wallets.
- Bumps mobile to 0.9.11 (versionCode 26).
What changed
ZK / Pools
- New
p01_quantum_poolinstructions:shield_denominated_v3,unshield_denominated_stark_v3. - Universal
LeafInsertedevent on every commit (ends the 6-event-layout decoder mess). - Goldilocks Poseidon TS port — bit-exact parity with the Rust AIR (locked by tests:
hash2(0,0)=18051734659105196655,hash4(1,2,3,4)=3933389460072713373). - C3 STARK proof for unshield, sub-1.4M CU (well under Solana cap).
Mobile app
- Shield V3 / Unshield V3 / Batch UI feature-flagged behind V3 pool routing.
findSafeShieldCounterwalks per-pool nullifier counter to avoid commitment collisions across pools.- Recovery flow auto-iterates V3 pools alongside V2 (legacy).
- Subscription + classic P2P stream recovery now stamps
P01_SUB_V1memo on first payment so subs survive wipes; cancel publishesP01_SUB_UPDmemo so deletions survive too. - v2 stale-subtree pattern can now be replayed at recovery time (
replayMerkleProofFromEvents), so old v2 notes recover correctly even after the rebuild divergent-root bug.
Bugs squashed during V3 bring-up
- Off-by-one on
newSubtrees(was 16 entries, must be 15). - Recovered notes lacked
merkleRoot→ now extracted fromc3ProofResult.publicInputs[1]. - C3 public-inputs hash format corrected to 16 bytes (
leaf || root_u64). - Commitment formula rewritten as nested
hash2(hash2(nul, sec), hash2(epoch, mint))— matches AIR. - Rescan dispatcher now V3-aware (separate path with Goldilocks decoder).
- Counter=0 collision on V3 shield resolved by per-pool counter walk.
Devnet program IDs (unchanged)
zk_shielded:GbVM5yvetrSD194Hnn1BXnR56F8ZWNKnij7DoVP9j27cp01_stark_verifier:DGY37k3Jt7cbrfNa9rxyLZVcFB7S7A2NqtVpkh9fWQvs
Known limitations
- V3 is devnet-only for now. Mainnet ship pending audit closure.
- V3 transfer / split / escrow / cancel / prefund instructions not yet ported (V2 paths still in use for those flows).
- Stealth key exchange and wallet-level signing remain on Ed25519/X25519 — full PQ end-to-end requires a quantum wallet program (planned, separate roadmap item).
Honest crypto claim
V3 ZK proofs and pool commitments are quantum-resistant (STARK + Poseidon over Goldilocks; preimage resistance survives Shor/Grover). Solana L1 transaction signing is still Ed25519 — funds in your everyday wallet inherit Solana's quantum risk like every other Solana wallet. The privacy guarantees of Protocol-01 (unlinkability of past shielded transfers) are quantum-safe.
Install
The release APK below is signed with the production keystore. Installing over a debug build wipes AsyncStorage / SecureStore — uninstall first if you were on a debug build.
v0.9.10 — Recovery Loop: Notes + Streams + Cancel Persistence
🛡️ Recovery loop closed — notes, streams, and cancellations now survive a wipe + Privy re-login.
This release fixes 8 bugs surfaced during a long live-test session on devnet. After this update, a user who wipes the app and logs back in via Privy can fully reconstruct:
- Their shielded ZK notes (denominated pool merkle tree)
- Their classic P2P payment streams (via on-chain memo P01_SUB_V1)
- Their cancelled subscriptions (via on-chain memo P01_SUB_UPD)
Critical fixes
-
Merkle rebuild — replay stale-subtrees pattern. The on-chain
insert_with_rootonly persistsfilled_subtrees[0]; levels 1+ stay at their per-level zero-hash init values. Past clients computing roots used these stale subtrees, so a "true" client-side merkle rebuild produced roots that were never in the on-chain historical ring → recovered notes hit fail-loud abort and could not be unshielded. NewreplayMerkleProofFromEvents()replays the same stale-subtrees insertion pattern past clients used. Verified: stuck note1c831772b1448960recovered + emergency-unshielded successfully. -
Classic P2P streams — fire first payment immediately + tag with recovery memo.
create.tsxpreviously saved a local-only scheduler entry withnextPaymentDate = now + 24hand no on-chain trace. Now it sends the first payment as a real SOL tx and stamps aP01_SUB_V1memo sosyncFromBlockchaincan reconstruct the stream after wipe. Privy follow-up memo-only tx + local-keypair combined-tx both supported. -
Cancel publishes on-chain.
[id].tsxcancel handler now sends aP01_SUB_UPDmemo withs:'c'so cross-device sync (and post-wipe recovery) sees the cancellation. PreviouslycancelStream()was local-only — a wipe would resurrect cancelled streams from their originalP01_SUB_V1memo as active. -
Auto-sync streams on mount.
(streams)/index.tsxtriggersrefresh(publicKey)automatically when entering the Streams tab, so subscriptions reappear after re-login without requiring a manual pull-to-refresh. -
Memo
pm: 1(first payment counted). Bothcreate.tsxandsubscribe.tsxnow encodepm: 1in the recovery memo because the subscribe/create flow always pays the first period in the same flow as the memo write. Without this, recovered streams showed misleading "0/N completed". -
Vault subscription → Stream record sync.
subscriptionVaultStore.tsnow callsupsertStreamFromVault()aftersubscribeNormalandsubscribePrivateStarksucceed. The Streams tab now reflects new vault subscriptions immediately instead of waiting for the next reboot. -
Removed dead "Stream privé" toggle in form. The in-form toggle was collected into
StreamFormDatabut never read by any caller. Confusing UX (default opposite to the parent screen's actual control). Removed. -
pm clearrecovery validated end-to-end on devnet — see commit message ofd9bb24efor the full reproduction recipe.
Live verification
Pool HkzArVjUuZTRZPzCP7jAm5Fe6R9yrRAsmWZmDArY43FN (SOL 0.1 v2):
- Shield → wipe → Privy recovery → emergency unshield: ✅ sweep 0.099495 SOL sig
5x9satuFVHxCZz5Z… - Create classic P2P "Dev" → SOL tx
3yPTjzA6…+ memo tx2TKUJk4X… - Wipe → Privy login → Streams auto-syncs → stream reappears with 1/7 progress preserved
- Cancel both streams → P01_SUB_UPD memos
5YBXTqs…+4FM3Fjv…on-chain - Wipe → Privy login → Streams stays empty (cancellations applied via chronological merge)
APK
- Size: 120 MB (no change from v0.9.9; APK size optimization tracked separately for V3)
- Min Android: as set by Expo SDK 54
- versionCode: 25 (was 23 in v0.9.9)
- ABI: arm64-v8a only
Known limitations
- Existing P2P streams created before v0.9.10 (with no on-chain recovery memo) are still local-only — they will not survive a wipe. Re-create them in v0.9.10 to make them recoverable.
- Existing cancelled subscriptions whose cancellation was made before v0.9.10 (no
P01_SUB_UPDmemo on-chain) will resurrect after a wipe. Re-cancel them in v0.9.10 to publish the on-chain memo. - Auto-sync at mount can be silently dropped during heavy 429 rate-limit storms from Helius devnet RPC. Manual pull-to-refresh recovers it.
Commits
098a2aefix(mobile/denominatedPool): replay stale-subtrees on recovery + bump v0.9.10d9bb24efix(mobile/streams): full recovery loop for classic + private subscriptions
v0.9.9 Frost — Privy auth + recovery silenced + UI polish
Hotfix on top of the original v0.9.9 build.
- Stable Privy embedded wallet — same Google account always resolves to the same Solana address. Auto-create now waits 3s for Privy to surface existing wallets before minting a new one.
- Boot recovery modal silenced for fresh wallets and Privy logins. Pre-stamps the recovery flag at the wallet-creation source (
services/createWallet,walletStore.initializeWithPrivy) so the auto scan only fires for genuine cross-device seed imports. - Stream P2P private mode UI cleaned up — no more total-amount input when the per-payment rate is derived from the denominated note on the next screen.
- APK 125 MB → 96 MB — three.js / WebGL deps dropped, drawables trimmed, JS bundle slimmed.
- Web download CTA size label updated to match.
v0.9.8 — Repo Cleanup for Public Release
Public Release Cleanup
Repo cleaned and ready for Colosseum Frontier hackathon submission.
Security Hardening
- Removed all hardcoded secrets (Privy client ID, Railway URLs)
- Purged
.zkeyproving keys, APKs, extension zips from git history - Removed personal documents and debug keystores
- Reinforced
.gitignoreto prevent re-commit of sensitive files - Removed
cloudflared.exebinary (65MB)
Lint Fix
- Fixed
@typescript-eslint/no-unsafe-function-typein extension polyfills
Stats
- 15 Solana programs
- 15 ZK circuits (9 Circom + 6 STARK)
- 14 SDKs
- 3 client apps (web, mobile, extension)
- 464 commits preserved, zero secrets in history
v0.9.7 — Privacy Shield Fix + Founder Page
Privacy Shield Fix (Critical)
- Stealth addresses now applied on subscription payments (was stored but never used)
- Ephemeral fee payer hides sender identity on-chain (auto-deleted after tx, 0 lamports remaining)
- Works with both local keypair and Privy wallets
- Uses stealth spending seed for address derivation
- Relay fallback: direct send when relayer not initialized
Founder Page
- New
/founderpage on protocol-01.vercel.app - Full profile: timeline, mission, technical scope
- i18n: EN/FR/JA
Demo Videos
- Remotion-powered 4K demo videos (FR + EN)
- 7 app screenshots, phone 3D mockup, animated backgrounds
- Factory ambient soundtrack
Stats
- 14 Solana programs
- 15 ZK circuits (9 Circom + 6 STARK)
- 16 SDKs
- 3 client apps
v0.9.6 — Fix native wallet unshield + Privy auth guard
Protocol 01 v0.9.6 (Standalone APK)
Bug Fixes
- fix: getKeypair static import — Fixes unshield crash for native wallets (Hermes dynamic import broken)
- fix: Privy "Already logged in" guard — OAuth login checks auth state first
- fix: graceful redirect on Privy session conflict — Auto-redirect instead of error
Build
- versionCode: 18 | versionName: 0.9.6 | Standalone (no Metro) | NDK 27.2 | ~111 MB