Skip to content

Releases: IsSlashy/Protocol-01

v1.0.3 Frost — Fable-5 security audit fixes + relayer health parity

Choose a tag to compare

@IsSlashy IsSlashy released this 16 Jun 18:07

Hardening release: ships the Fable-5 deep-reverify audit fixes, all validated end-to-end on a real device against devnet.

Security (Fable-5 audit)

  • subscribe_private_stark + split_note_stark now enforce a C3 Merkle-membership gate (closes drain-from-undeposited-note).
  • circuit-5 value conservation enforced on-chain (out1+out2-in1-in2 == public_amount).
  • License keys use a blake3 commitment scheme (no shared secret): the chain stores blake3(licenseSecret); merchants verify blake3(decode(key)) == vault.license_commitment with public on-chain data only.
  • Relayer refund job no longer closes principal to the keeper; principal returns to the original payer.

On-device validation (devnet)

  • shield, unshield (C1+C3), subscribe-private (ownership + C3) all pass through the upgraded p01_relayer.
  • License key distribution -> merchant verification confirmed; tampered keys rejected.

Fixes

  • Mobile relayer health indicator matched the website (reads the shared /api/relayer-health proxy with a direct-probe fallback); no more false red on IPv6/Private-DNS networks.

Android: versionCode 30 / versionName 1.0.3.

v1.0.2 — Chrome extension parity, Privy removed, stabilized

Choose a tag to compare

@IsSlashy IsSlashy released this 04 Jun 01:47

Protocol 01 v1.0.2. The Chrome extension reaches feature parity with the mobile app, Privy is removed, and the privacy stack is stabilized end to end on devnet. Install over an existing build (same signing key, data preserved).

What's new

  • Chrome extension = mobile app. The extension now matches mobile feature for feature: wallet, stealth addresses, shielded notes, and recurring subscriptions.
  • Cross-device subscription sync. Subscribe on your phone, see it in the extension. Same wallet, same merchants, same prices, read on-chain by both apps (P01_SUB_V1 memos).
  • Connect your phone wallet to the extension over a one-time encrypted channel (works on a cameraless laptop).
  • On-chain merchant registry in the extension, so merchants and prices match the mobile app exactly (no more hardcoded catalog).
  • Relayer health indicator in the app (Privacy page) and on the website.

Stabilization

  • Shield, unshield and sweep work end to end on devnet (V3 STARK pipeline).
  • Private denominated transfers fixed (merkle frontier off-by-one + new_subtrees length).
  • subscribe_normal on-chain builder corrected (argument order + accounts).
  • Relayers made self-healing (RPC reconnect on bad-slot wedge).

Removed

  • Privy is gone. Wallets are local seed phrases only, generated on your device and never sent anywhere.

Devnet artifacts

  • zk_shielded: GbVM5yvetrSD194Hnn1BXnR56F8ZWNKnij7DoVP9j27c
  • p01_stark_verifier: DGY37k3Jt7cbrfNa9rxyLZVcFB7S7A2NqtVpkh9fWQvs
  • p01_registry: QaQwpvBi1EQpevNE21D2oNBHFsLtoLwa7aXH26zRhQB

Install

  • Android: protocol-01-v1.0.2.apk below (sha256: 3abf8b74a11d2c64a19934daa0a9c43f6c067049593fd1336db8421b7dd24227). Android may warn about installing outside the Play Store; allow it for this build.
  • Chrome extension (beta, devnet): https://protocol-01.dev/extension

v1.0.1 — X Quantum Dublin demo build

Choose a tag to compare

@IsSlashy IsSlashy released this 27 May 16:01

Hotfix rebuild — 2026-05-29. Same v1.0.1, fresh APK with the on-device fixes below. Install over the existing v1.0.1 (same signing key, data preserved).

Hotfix — 2026-05-29

  • Privy embedded-wallet recovery & signing fixedPrivyElements is now mounted so the embedded wallet's UI/unlock can render; signMessage no longer hangs on user-signer:sign. The deterministic note-seed is persisted in SecureStore, so recovery runs offline on every boot instead of re-hitting the remote wallet WebView.
  • Transaction serialization fixed — the @noble/curves v2 migration had broken Transaction.serialize() (every on-chain op threw undefined is not a function); the Hermes shims now point at the real v2 module paths.
  • C3 merkle_path STARK verifier fixedverify_constraints_merkle_path treated the 32 padding rows (480–511) as active Poseidon rounds, rejecting valid V3 unshield proofs with InvalidProof (deterministic per note). Verifier rebuilt and redeployed on devnet (DGY37k…, slot 465731409).
  • Resilience — transient RPC network retry + ephemeral crash-sweep with fresh balance.
  • Build — pnpm 10 monorepo Android autolinking workaround.

Verified end-to-end on device (devnet): shield, emergency unshield + sweep, private merchant subscribe, and the classic local-keypair flow.


Dublin demo build, submitted to the X Quantum hackathon (Dogs Patch, 2026-05-24).

Highlights

  • p01_quantum_wallet scaffold (Phase A) — first cut of the post-quantum smart-contract wallet program (STARK-authorized), groundwork for the full PQ end-to-end plan.
  • Mobile quantum wallet UX layer (Phase B) — boot scaffold + WalletSigner abstraction so the wallet path is keypair / Privy agnostic.
  • Real-time progress bars across subscribe / shield / unshield / confidential / cancel.
  • License key card on the subscription detail screen.

Fixes (Dublin)

  • stark gen_proof JSON output: commitment now quoted as a string (avoids JS number-precision truncation on the mobile side).
  • STARK proof generation timeout bumped 60s → 180s for slower Android devices.

Devnet artifacts

  • zk_shielded: GbVM5yvetrSD194Hnn1BXnR56F8ZWNKnij7DoVP9j27c
  • p01_relayer: 2okhzLVr6FEq5jP19KT6VurcSutx2zE4RhkRamrk5WpW
  • p01_stark_verifier: DGY37k3Jt7cbrfNa9rxyLZVcFB7S7A2NqtVpkh9fWQvs
  • 13 V4 denominated pools live.

Install

Download protocol-01-v1.0.1.apk below. Android may warn about installing outside the Play Store; allow it for this build.

v1.0.0 — STARK V3 cancel + refund-via-relayer pipeline live

Choose a tag to compare

@IsSlashy IsSlashy released this 12 May 01:48

Highlights

  • STARK V3 cancel unblocked end-to-end on devnet (private subscription cancel via STARK proof + retailer payout + close).
  • Refund-via-relayer pipeline (p01_relayer::submit_refund_job / process_refund_job): residual lamports go to a RefundJob PDA, a keeper delivers a stealth-encrypted re-shielded note to the subscriber.
  • Validated live: shield, classic recurring subscriptions, private recurring subscriptions (subscribe / pause / resume / cancel with STARK proof).

Fixes

  • claimable_periods() now caps at remaining funded periods to prevent u64 underflow at retailer payout when a vault's elapsed window outruns its funding.
  • cancel_private_stark accounts switched to Option<UncheckedAccount<'info>> for the optional pool / tree / refund-job slots so Anchor 0.32's program-id sentinel is honored cleanly.

Devnet artifacts

  • Program: GbVM5yvetrSD194Hnn1BXnR56F8ZWNKnij7DoVP9j27c (zk_shielded)
  • Relayer: 2okhzLVr6FEq5jP19KT6VurcSutx2zE4RhkRamrk5WpW (p01_relayer)
  • STARK verifier: DGY37k3Jt7cbrfNa9rxyLZVcFB7S7A2NqtVpkh9fWQvs (p01_stark_verifier)
  • 13 V4 denominated pools live.

Install

The Android APK is also mirrored at:
https://github.com/IsSlashy/Protocol-01-releases/releases/tag/v1.0.0

adb install -r protocol-01-v1.0.0.apk

Notes from a v0.9.x install are preserved if both APKs were signed with the same release keystore.

v0.9.11 — V3 STARK Quantum-Safe Pools

Choose a tag to compare

@IsSlashy IsSlashy released this 03 May 02:42

v0.9.11 — V3 STARK Quantum-Safe Pools

First release with the V3 denominated pools running fully on STARK proofs over Goldilocks. Privacy-side BN254/Groth16 dependency is gone for the new pools — proofs and commitments are post-quantum end-to-end on the ZK side.

Headline

  • V3 STARK pools live on devnet — 13 fresh pools (6 SOL + 7 USDC) using the universal LeafInserted event and the new denominated_pool_v3 seed.
  • Full lifecycle validated on both wallet paths — shield → wipe → restore → recover → emergency unshield, on Privy AND classic (BIP39 seed) wallets.
  • Bumps mobile to 0.9.11 (versionCode 26).

What changed

ZK / Pools

  • New p01_quantum_pool instructions: shield_denominated_v3, unshield_denominated_stark_v3.
  • Universal LeafInserted event on every commit (ends the 6-event-layout decoder mess).
  • Goldilocks Poseidon TS port — bit-exact parity with the Rust AIR (locked by tests: hash2(0,0)=18051734659105196655, hash4(1,2,3,4)=3933389460072713373).
  • C3 STARK proof for unshield, sub-1.4M CU (well under Solana cap).

Mobile app

  • Shield V3 / Unshield V3 / Batch UI feature-flagged behind V3 pool routing.
  • findSafeShieldCounter walks per-pool nullifier counter to avoid commitment collisions across pools.
  • Recovery flow auto-iterates V3 pools alongside V2 (legacy).
  • Subscription + classic P2P stream recovery now stamps P01_SUB_V1 memo on first payment so subs survive wipes; cancel publishes P01_SUB_UPD memo so deletions survive too.
  • v2 stale-subtree pattern can now be replayed at recovery time (replayMerkleProofFromEvents), so old v2 notes recover correctly even after the rebuild divergent-root bug.

Bugs squashed during V3 bring-up

  • Off-by-one on newSubtrees (was 16 entries, must be 15).
  • Recovered notes lacked merkleRoot → now extracted from c3ProofResult.publicInputs[1].
  • C3 public-inputs hash format corrected to 16 bytes (leaf || root_u64).
  • Commitment formula rewritten as nested hash2(hash2(nul, sec), hash2(epoch, mint)) — matches AIR.
  • Rescan dispatcher now V3-aware (separate path with Goldilocks decoder).
  • Counter=0 collision on V3 shield resolved by per-pool counter walk.

Devnet program IDs (unchanged)

  • zk_shielded: GbVM5yvetrSD194Hnn1BXnR56F8ZWNKnij7DoVP9j27c
  • p01_stark_verifier: DGY37k3Jt7cbrfNa9rxyLZVcFB7S7A2NqtVpkh9fWQvs

Known limitations

  • V3 is devnet-only for now. Mainnet ship pending audit closure.
  • V3 transfer / split / escrow / cancel / prefund instructions not yet ported (V2 paths still in use for those flows).
  • Stealth key exchange and wallet-level signing remain on Ed25519/X25519 — full PQ end-to-end requires a quantum wallet program (planned, separate roadmap item).

Honest crypto claim

V3 ZK proofs and pool commitments are quantum-resistant (STARK + Poseidon over Goldilocks; preimage resistance survives Shor/Grover). Solana L1 transaction signing is still Ed25519 — funds in your everyday wallet inherit Solana's quantum risk like every other Solana wallet. The privacy guarantees of Protocol-01 (unlinkability of past shielded transfers) are quantum-safe.

Install

The release APK below is signed with the production keystore. Installing over a debug build wipes AsyncStorage / SecureStore — uninstall first if you were on a debug build.

v0.9.10 — Recovery Loop: Notes + Streams + Cancel Persistence

Choose a tag to compare

@IsSlashy IsSlashy released this 02 May 22:12

🛡️ Recovery loop closed — notes, streams, and cancellations now survive a wipe + Privy re-login.

This release fixes 8 bugs surfaced during a long live-test session on devnet. After this update, a user who wipes the app and logs back in via Privy can fully reconstruct:

  • Their shielded ZK notes (denominated pool merkle tree)
  • Their classic P2P payment streams (via on-chain memo P01_SUB_V1)
  • Their cancelled subscriptions (via on-chain memo P01_SUB_UPD)

Critical fixes

  • Merkle rebuild — replay stale-subtrees pattern. The on-chain insert_with_root only persists filled_subtrees[0]; levels 1+ stay at their per-level zero-hash init values. Past clients computing roots used these stale subtrees, so a "true" client-side merkle rebuild produced roots that were never in the on-chain historical ring → recovered notes hit fail-loud abort and could not be unshielded. New replayMerkleProofFromEvents() replays the same stale-subtrees insertion pattern past clients used. Verified: stuck note 1c831772b1448960 recovered + emergency-unshielded successfully.

  • Classic P2P streams — fire first payment immediately + tag with recovery memo. create.tsx previously saved a local-only scheduler entry with nextPaymentDate = now + 24h and no on-chain trace. Now it sends the first payment as a real SOL tx and stamps a P01_SUB_V1 memo so syncFromBlockchain can reconstruct the stream after wipe. Privy follow-up memo-only tx + local-keypair combined-tx both supported.

  • Cancel publishes on-chain. [id].tsx cancel handler now sends a P01_SUB_UPD memo with s:'c' so cross-device sync (and post-wipe recovery) sees the cancellation. Previously cancelStream() was local-only — a wipe would resurrect cancelled streams from their original P01_SUB_V1 memo as active.

  • Auto-sync streams on mount. (streams)/index.tsx triggers refresh(publicKey) automatically when entering the Streams tab, so subscriptions reappear after re-login without requiring a manual pull-to-refresh.

  • Memo pm: 1 (first payment counted). Both create.tsx and subscribe.tsx now encode pm: 1 in the recovery memo because the subscribe/create flow always pays the first period in the same flow as the memo write. Without this, recovered streams showed misleading "0/N completed".

  • Vault subscription → Stream record sync. subscriptionVaultStore.ts now calls upsertStreamFromVault() after subscribeNormal and subscribePrivateStark succeed. The Streams tab now reflects new vault subscriptions immediately instead of waiting for the next reboot.

  • Removed dead "Stream privé" toggle in form. The in-form toggle was collected into StreamFormData but never read by any caller. Confusing UX (default opposite to the parent screen's actual control). Removed.

  • pm clear recovery validated end-to-end on devnet — see commit message of d9bb24e for the full reproduction recipe.

Live verification

Pool HkzArVjUuZTRZPzCP7jAm5Fe6R9yrRAsmWZmDArY43FN (SOL 0.1 v2):

  • Shield → wipe → Privy recovery → emergency unshield: ✅ sweep 0.099495 SOL sig 5x9satuFVHxCZz5Z…
  • Create classic P2P "Dev" → SOL tx 3yPTjzA6… + memo tx 2TKUJk4X…
  • Wipe → Privy login → Streams auto-syncs → stream reappears with 1/7 progress preserved
  • Cancel both streams → P01_SUB_UPD memos 5YBXTqs… + 4FM3Fjv… on-chain
  • Wipe → Privy login → Streams stays empty (cancellations applied via chronological merge)

APK

  • Size: 120 MB (no change from v0.9.9; APK size optimization tracked separately for V3)
  • Min Android: as set by Expo SDK 54
  • versionCode: 25 (was 23 in v0.9.9)
  • ABI: arm64-v8a only

Known limitations

  • Existing P2P streams created before v0.9.10 (with no on-chain recovery memo) are still local-only — they will not survive a wipe. Re-create them in v0.9.10 to make them recoverable.
  • Existing cancelled subscriptions whose cancellation was made before v0.9.10 (no P01_SUB_UPD memo on-chain) will resurrect after a wipe. Re-cancel them in v0.9.10 to publish the on-chain memo.
  • Auto-sync at mount can be silently dropped during heavy 429 rate-limit storms from Helius devnet RPC. Manual pull-to-refresh recovers it.

Commits

  • 098a2ae fix(mobile/denominatedPool): replay stale-subtrees on recovery + bump v0.9.10
  • d9bb24e fix(mobile/streams): full recovery loop for classic + private subscriptions

v0.9.9 Frost — Privy auth + recovery silenced + UI polish

Choose a tag to compare

@IsSlashy IsSlashy released this 23 Apr 08:26

Hotfix on top of the original v0.9.9 build.

  • Stable Privy embedded wallet — same Google account always resolves to the same Solana address. Auto-create now waits 3s for Privy to surface existing wallets before minting a new one.
  • Boot recovery modal silenced for fresh wallets and Privy logins. Pre-stamps the recovery flag at the wallet-creation source (services/createWallet, walletStore.initializeWithPrivy) so the auto scan only fires for genuine cross-device seed imports.
  • Stream P2P private mode UI cleaned up — no more total-amount input when the per-payment rate is derived from the denominated note on the next screen.
  • APK 125 MB → 96 MB — three.js / WebGL deps dropped, drawables trimmed, JS bundle slimmed.
  • Web download CTA size label updated to match.

v0.9.8 — Repo Cleanup for Public Release

Choose a tag to compare

@IsSlashy IsSlashy released this 06 Apr 19:40

Public Release Cleanup

Repo cleaned and ready for Colosseum Frontier hackathon submission.

Security Hardening

  • Removed all hardcoded secrets (Privy client ID, Railway URLs)
  • Purged .zkey proving keys, APKs, extension zips from git history
  • Removed personal documents and debug keystores
  • Reinforced .gitignore to prevent re-commit of sensitive files
  • Removed cloudflared.exe binary (65MB)

Lint Fix

  • Fixed @typescript-eslint/no-unsafe-function-type in extension polyfills

Stats

  • 15 Solana programs
  • 15 ZK circuits (9 Circom + 6 STARK)
  • 14 SDKs
  • 3 client apps (web, mobile, extension)
  • 464 commits preserved, zero secrets in history

v0.9.7 — Privacy Shield Fix + Founder Page

Choose a tag to compare

@IsSlashy IsSlashy released this 29 Mar 23:30

Privacy Shield Fix (Critical)

  • Stealth addresses now applied on subscription payments (was stored but never used)
  • Ephemeral fee payer hides sender identity on-chain (auto-deleted after tx, 0 lamports remaining)
  • Works with both local keypair and Privy wallets
  • Uses stealth spending seed for address derivation
  • Relay fallback: direct send when relayer not initialized

Founder Page

  • New /founder page on protocol-01.vercel.app
  • Full profile: timeline, mission, technical scope
  • i18n: EN/FR/JA

Demo Videos

  • Remotion-powered 4K demo videos (FR + EN)
  • 7 app screenshots, phone 3D mockup, animated backgrounds
  • Factory ambient soundtrack

Stats

  • 14 Solana programs
  • 15 ZK circuits (9 Circom + 6 STARK)
  • 16 SDKs
  • 3 client apps

v0.9.6 — Fix native wallet unshield + Privy auth guard

Choose a tag to compare

@IsSlashy IsSlashy released this 28 Mar 00:52

Protocol 01 v0.9.6 (Standalone APK)

Bug Fixes

  • fix: getKeypair static import — Fixes unshield crash for native wallets (Hermes dynamic import broken)
  • fix: Privy "Already logged in" guard — OAuth login checks auth state first
  • fix: graceful redirect on Privy session conflict — Auto-redirect instead of error

Build

  • versionCode: 18 | versionName: 0.9.6 | Standalone (no Metro) | NDK 27.2 | ~111 MB