diff --git a/src/pages/docs/Architecture.tsx b/src/pages/docs/Architecture.tsx index 2dbe283..e732b3b 100644 --- a/src/pages/docs/Architecture.tsx +++ b/src/pages/docs/Architecture.tsx @@ -126,7 +126,8 @@ export default function Architecture() {
- The FHE layer uses a coprocessor-based system. Encrypted types (
+ The FHE layer is Fhenix CoFHE — a coprocessor that holds the secret key
+ off-chain and exposes precompiles to the EVM. Encrypted types (
euint64
@@ -141,9 +142,10 @@ export default function Architecture() {
) are stored as handles managed by the coprocessor. Client-side
encryption uses{" "}
- cofhejs
+ @cofhe/sdk
{" "}
- with input types (
+ (the v0.5 successor to the earlier cofhejs) with input
+ types (
InEuint64
@@ -180,8 +182,13 @@ export default function Architecture() {
content: " ebool isRedeemed; // encrypted redemption flag",
highlighted: true,
},
- { content: " bool exists; // cleartext existence flag" },
{ content: "}" },
+ { content: "" },
+ { content: "// Existence is derived from the next-id counter," },
+ {
+ content:
+ "// not a per-escrow plaintext flag — leaving zero plaintext on the struct.",
+ },
]}
/>
@@ -197,24 +204,29 @@ export default function Architecture() {
escrowId
- . Every protocol contract is deployed as an{" "}
- immutable singleton{" "}
- at a fixed address — there is no UUPS proxy, no{" "}
-
- _authorizeUpgrade
- {" "}
- hook, and no owner or admin upgrade key. Contracts still use ERC-7201
- namespaced storage with{" "}
+ . Contracts use ERC-7201 namespaced storage with{" "}
__gap[50]
-
- , but for layout compatibility across deployment versions rather than
- in-place upgrades. ERC-2771 meta-transaction support is provided via a
- base contract (
+ {" "}
+ reserves and inherit a shared base. On chaos-net testnet that base is{" "}
TestnetCoreBase
-
- ).
+ {" "}
+ (Initializable + UUPS + Ownable + ReentrancyGuard + ERC-2771) so we can
+ iterate without breaking integrators. The v1.0 mainnet deployment drops
+ UUPS entirely: every protocol contract becomes an immutable singleton —
+ no{" "}
+
+ _authorizeUpgrade
+ {" "}
+ hook, no owner or admin upgrade key. ERC-2771 meta-transaction support
+ carries over.
+
+ Storage namespace today: privara.storage.* (legacy,
+ retained for cross-deployment-version compatibility per Whitepaper
+ §6.2). The reineira.storage.* prefix is canonical from v1.0
+ mainnet onwards.
@@ -237,9 +249,10 @@ export default function Architecture() {
Public mode can deploy on any EVM chain; the current chaos-net
- deployment runs on Arbitrum L2. Cross-chain funding arrives over two
- rails — Circle CCTP V2 for USDC, and LayerZero OFT / USDT0 for USDT
- (available to non-U.S. and non-EU users) — both of which funnel into{" "}
+ deployment runs on Arbitrum L2. Cross-chain funding arrives over Circle
+ CCTP V2 for USDC today; the LayerZero OFT / USDT0 rail for USDT
+ (available to non-U.S. and non-EU users) is specified for v1.0. Both
+ funnel into{" "}
+ Each Solidity example below shows only
All contracts below are deployed on{" "}
-
+ Two postures coexist between testnet and mainnet:
+
- Every contract below is an immutable singleton{" "}
- deployed at a fixed address. There is no UUPS proxy, no{" "}
-
+ Plaintext state, no FHE dependency. This is the path that powers the
+ chaos-net mainnet launch on Arbitrum L2 and underpins the SDK's{" "}
+
+ Encrypted state using
+ Individual
+ Shared by both modes — operator registry, task execution, fee
+ collection, and CCTP relay.
+
+ Operator stake is denominated in cUSDC on chaos-net
+ (Whitepaper §8.1) — REINEIRA token issuance is conditional on the TGE
+ triggers in §12.11.
+
+ Cross-chain funding originates on one of the supported source chains and
+ is relayed to Arbitrum Sepolia (destination domain
+ These contracts are part of the v1.0 protocol specification but have no
+ canonical Arbitrum Sepolia deployment yet. Most are tracked toward
+ chaos-net Q4 2026 hardening or post-TGE.
+
- These are the two interfaces you implement to extend the protocol:
+ Two pluggable interfaces extend the protocol. Both require ERC-165 so
+ the registries can validate at registration time. The underwriter policy
+ has two variants — pick the one matching your deployment mode.
+ Implemented by Gate plugins.
+ Returned
- Both interfaces require ERC-165 support. Your contract must implement{" "}
-
ConfidentialEscrow.fundFrom
@@ -263,7 +276,7 @@ export default function Architecture() {
- cofhejs.encrypt()
+ @cofhe/sdk
{" "}
- with the network's public FHE key.
+ (encryptInputs([...]).execute()) with the network's
+ public FHE key.
onConditionSet and{" "}
+ isConditionMet for clarity. A production resolver must
+ also implement{" "}
+
+ getConditionFee(uint256 escrowId) view returns (uint16 bps, address
+ recipient)
+ {" "}
+ — the simplest stub is {`{ return (0, address(0)); }`}{" "}
+ when you don't charge a resolver-author fee. The protocol calls it
+ once at escrow creation to stamp the Condition fee slot; the sum of
+ all stamped fees is bounded by MAX_TOTAL_BPS = 10000.
+
The fastest way to build a resolver is with{" "}
ReineiraOS Code
@@ -1090,7 +1122,7 @@ export default function ConditionPlugins() {
title: "ReineiraOS Code",
description:
"Generate production-ready resolvers with AI-assisted development",
- href: "/developers/reineira-code",
+ href: "/developer-tools/reineira-code",
icon: Code2,
},
]}
diff --git a/src/pages/docs/Contracts.tsx b/src/pages/docs/Contracts.tsx
index 6a91b62..3ca4e3f 100644
--- a/src/pages/docs/Contracts.tsx
+++ b/src/pages/docs/Contracts.tsx
@@ -10,25 +10,62 @@ import { getPrevNext } from "@/data/navigation";
import type { TocItem } from "@/components/layout/TableOfContents";
const toc: TocItem[] = [
- { id: "escrow", title: "Escrow", level: 2 },
- { id: "insurance", title: "Insurance", level: 2 },
+ { id: "deployment-posture", title: "Deployment posture", level: 2 },
+ { id: "plain-mode", title: "Plain mode (mainnet launch path)", level: 2 },
+ { id: "confidential-mode", title: "Confidential mode (FHE)", level: 2 },
{ id: "orchestration", title: "Orchestration", level: 2 },
{ id: "tokens", title: "Tokens", level: 2 },
{ id: "external-dependencies", title: "External dependencies", level: 2 },
{ id: "cctp-source-chains", title: "CCTP source chains", level: 2 },
+ { id: "not-yet-deployed", title: "Specified, not yet deployed", level: 2 },
{ id: "plugin-interfaces", title: "Plugin interfaces", level: 2 },
{ id: "iconditionresolver", title: "IConditionResolver", level: 3 },
{ id: "iunderwriterpolicy", title: "IUnderwriterPolicy", level: 3 },
+ {
+ id: "iconfidentialunderwriterpolicy",
+ title: "IConfidentialUnderwriterPolicy",
+ level: 3,
+ },
];
const { prev, next } = getPrevNext("/reference/contracts");
const contractColumns = [
- { header: "Contract", key: "name", width: "260px" },
+ { header: "Contract", key: "name", width: "280px" },
{ header: "Address", key: "address", mono: true },
];
-const escrowRows = [
+const plainEscrowRows = [
+ {
+ name: "Escrow",
+ address: "0xa125db70c1f17E395AfFa30b32e1e4A94aF3A81c",
+ },
+ {
+ name: "CCTPV2EscrowReceiver",
+ address: "0xD4cb6F1B679C3b16AE02aAdc66e172142EAAC5a2",
+ },
+];
+
+const plainInsuranceRows = [
+ {
+ name: "PolicyRegistry",
+ address: "0xAf23b86086FC6DC74796865be3B3a8bBAd68AB95",
+ },
+ {
+ name: "CoverageManager",
+ address: "0x3fcD1896745B2b91b4397e7E762910Fbf7eE9D22",
+ },
+ {
+ name: "PoolFactory",
+ address: "0xA2D78bfaB94B93106c8Da17E6967501D54DfE772",
+ },
+ {
+ name: "InsurancePool (implementation template)",
+ address: "0xCd05D0B8854ff030d874Ec346EbB883C40E63C33",
+ },
+];
+
+const confidentialEscrowRows = [
{
name: "ConfidentialEscrow",
address: "0xbe1eEB78504B71beEE1b33D3E3D367A2F9a549A6",
@@ -38,12 +75,12 @@ const escrowRows = [
address: "0x67AE0C5fE86716441B38b73A66F21c6aC8e338d0",
},
{
- name: "SimpleCondition",
+ name: "SimpleCondition (example plugin)",
address: "0xA0f6F26de1D3289425aA8A7fDDb769c61CD38e97",
},
];
-const insuranceRows = [
+const confidentialInsuranceRows = [
{
name: "ConfidentialPolicyRegistry",
address: "0x962A6c7Be4fC765B0E8B601ab4BB210938660190",
@@ -79,16 +116,19 @@ const tokenRows = [
name: "ConfidentialUSDC (cUSDC)",
address: "0x42E47f9bA89712C317f60A72C81A610A2b68c48a",
},
- { name: "USDC", address: "0x75faf114eafb1BDbe2F0316DF893fd58CE46AA4d" },
{
- name: "GovernanceToken",
+ name: "USDC (Arbitrum Sepolia)",
+ address: "0x75faf114eafb1BDbe2F0316DF893fd58CE46AA4d",
+ },
+ {
+ name: "GovernanceToken (REINEIRA)",
address: "0xb847e041bB3bC78C3CD951286AbCa28593739D12",
},
];
const externalRows = [
{
- name: "CCTP MessageTransmitter",
+ name: "CCTP MessageTransmitter V2",
address: "0xE737e5cEBEEBa77EFE34D4aa090756590b1CE275",
},
{
@@ -99,29 +139,81 @@ const externalRows = [
const cctpColumns = [
{ header: "Chain", key: "chain", width: "160px" },
- { header: "Domain", key: "domain", width: "140px" },
+ { header: "Chain ID", key: "chainId", width: "120px" },
+ { header: "Domain", key: "domain", width: "120px" },
{ header: "USDC Address", key: "usdc", mono: true },
- { header: "TokenMessenger", key: "messenger", mono: true },
+ { header: "TokenMessenger V2", key: "messenger", mono: true },
];
const cctpRows = [
{
chain: "Ethereum Sepolia",
+ chainId: "11155111",
domain: "0",
usdc: "0x1c7D4B196Cb0C7B01d743Fbc6116a902379C7238",
messenger: "0x8FE6B999Dc680CcFDD5Bf7EB0974218be2542DAA",
},
{
chain: "Base Sepolia",
+ chainId: "84532",
domain: "6",
usdc: "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
messenger: "0x8FE6B999Dc680CcFDD5Bf7EB0974218be2542DAA",
},
{
chain: "Arbitrum Sepolia",
+ chainId: "421614",
domain: "3 (destination)",
usdc: "0x75faf114eafb1BDbe2F0316DF893fd58CE46AA4d",
- messenger: "\u2014",
+ messenger: "—",
+ },
+];
+
+const notYetDeployedColumns = [
+ { header: "Contract", key: "name", width: "260px" },
+ { header: "Source / status", key: "status" },
+];
+
+const notYetDeployedRows = [
+ {
+ name: "StrategyRouter",
+ status:
+ "packages/insurance — pool liquidity routing; landed on main, no testnet deployment yet",
+ },
+ {
+ name: "OperatorSlashingManager",
+ status:
+ "packages/orchestration — four-stage slashing pipeline (3-day challenge / 4-day vote / 14-day expiry); contract present, not separately deployed (current slashing surface lives inside OperatorRegistry)",
+ },
+ {
+ name: "OperatorSubsidyManager",
+ status:
+ "Whitepaper §8.9 — chaos-net per-task subsidy paid in cUSDC; contract not in repo yet",
+ },
+ {
+ name: "CoordinatorRegistry",
+ status:
+ "Whitepaper §8.10 — on-chain coordinator registration & cross-graph slashing; v1.0-track",
+ },
+ {
+ name: "QuorumRegistry, RiskScoreAttestor",
+ status:
+ "Whitepaper §7.8, §8.10 — agentic/risk-attestation registries; deferred past v1.0 RSS",
+ },
+ {
+ name: "ConfidentialUSDT (cUSDT)",
+ status:
+ "Whitepaper §9.1, §9.6 — USDT0 wrapper via LayerZero OFT; tracked for v1.0, non-U.S./non-EU only",
+ },
+ {
+ name: "LZOFTHandler / LZOFTEscrowReceiver / LZOFTForwarder",
+ status:
+ "Whitepaper §9.2 — LayerZero OFT handler family for USDT0; tracked for v1.0",
+ },
+ {
+ name: "ParticipationBond",
+ status:
+ "Whitepaper §11.6 — $1M cUSDC bond; deployed empty pre-TGE as immutable commitment shell, funded conditionally on TGE",
},
];
@@ -132,59 +224,119 @@ export default function Contracts() {
+ : the proposer posts a 5% bond and submits an evidence hash; a 3-day{" "}
+ sdk.escrow / sdk.escrowPlain etc.).
+ Deployment posture
+
+
+
+
+
+ TestnetCoreBase (Initializable + UUPS +
+ Ownable + ReentrancyGuard + ERC-2771). This lets us iterate during the
+ chaos-net runway without breaking integrators on every patch.
+ _authorizeUpgrade{" "}
+ hook, no owner or admin upgrade key. Bug fixes ship as new contract
+ deployments at new addresses — users opt in by migration. ERC-7201
+ namespaced storage with __gap[50] reserves protects
+ storage layout across deployment versions.
+
- _authorizeUpgrade
- {" "}
- hook, and no owner or admin upgrade key — these addresses cannot be
- upgraded in place. Functional changes ship as new contract deployments
- at new addresses that you opt into by migration. The tables on this
- page form the canonical-deployment registry: a documentation surface,
- not an on-chain contract, listing the v1.0 addresses across host
- chains. You may interact with any other bytecode deployment. ERC-7201
- namespaced storage with{" "}
-
- __gap[50]
- {" "}
- is kept for layout compatibility across deployment versions, not for
- in-place upgrades.
+ The tables on this page are the documentation surface of the
+ canonical-deployment registry — not an on-chain contract. They list
+ the addresses ReineiraOS treats as canonical on each host. Other
+ bytecode-equivalent deployments may exist; you may interact with any
+ of them, but Foundation services (relayer, coordinator, app frontend)
+ connect only to the canonical set.
- Escrow
+ Plain mode (mainnet launch path)
- escrowPlain / insurancePlain modules.
+
+ Escrow
+
+
+ Insurance
+
+
- Insurance
+ Confidential mode (FHE)
- euint64, eaddress, and{" "}
+ ebool via Fhenix CoFHE precompiles. This is a separate
+ immutable deployment; mainnet activation is gated on Fhenix CoFHE
+ readiness (target Q4 2026 hardening lock). The silent-failure pattern
+ (Whitepaper §4.5, Proposition 4.3) applies to all confidential
+ contracts.
+
+ Escrow
+
+
+ Insurance
+
+ ConfidentialInsurancePool instances are deployed
+ lazily by ConfidentialPoolFactory.createPool() as{" "}
+ ERC1967Proxy clones — they do not have a single canonical
+ address.
+
+
+
3) via
+ Circle CCTP V2.
+
+ Specified, not yet deployed
+
+
+
+
onConditionSet fires at escrow
+ creation; getConditionFee is read once at stamp time;{" "}
+ isConditionMet is called at redemption.
+ bps is bounded by{" "}
+ MAX_TOTAL_BPS = 10000 via the fee-sum invariant in{" "}
+ Escrow._stampFee. There is no per-fee on-chain cap; UI is
+ expected to sanity-check.
+
- IUnderwriterPolicy
+ IUnderwriterPolicy
+ IConfidentialUnderwriterPolicy{" "}
+
+
+
- supportsInterface(bytes4)
- {" "}
- and return{" "}
-
- true
- {" "}
- for the relevant interface ID.
+ All three interfaces extend IERC165. Your contract must
+ implement supportsInterface(bytes4) and return{" "}
+ true for the relevant interface ID, otherwise the escrow
+ / policy registry will reject it.
+ CHALLENGE_PERIOD
+ {" "}
+ opens; if challenged within the window, a stake-weighted vote runs for{" "}
+
+ VOTING_PERIOD
+ {" "}
+ of 4 days; unchallenged proposals execute after the challenge window and
+ the proposer recovers their bond plus a 10% slasher reward; the proposal
+ expires past{" "}
+
+ EXPIRY_PERIOD
+ {" "}
+ (14 days) and both bonds return. The vote quorum is{" "}
+
+ QUORUM_BPS = 1000
+ {" "}
+ (10% of total active stake) — the safety argument is the four-stage moat
+ (evidence hash + asymmetric bond + slow pipeline + owner backstop), not
+ the quorum threshold itself (Whitepaper §8.6).
diff --git a/src/pages/docs/CrossChain.tsx b/src/pages/docs/CrossChain.tsx
index 7d7f79b..2c1cc8e 100644
--- a/src/pages/docs/CrossChain.tsx
+++ b/src/pages/docs/CrossChain.tsx
@@ -72,7 +72,7 @@ export default function CrossChain() {
- Two transport rails ship at v1.0: + Two transport rails are designed into the system; only one is shipped + today:
LZOFTHandler,{" "}
+ LZOFTEscrowReceiver, LZOFTForwarder) is
+ specified in Whitepaper §9.2; the ConfidentialUSDT{" "}
+ wrapper is also tracked for v1.0. Non-U.S./non-EU-only on launch.{" "}
+
+ The schedule above is the activated rate.{" "}
+
+ FeeManager
+ {" "}
+ is pinned to zero in bytecode while{" "}
+
+ block.number < MAINNET_ACTIVATION_BLOCK
+ {" "}
+ — collectFee() returns 0 for every relay until activation
+ (Whitepaper §8.8). During chaos-net, operators receive per-task cUSDC
+ subsidies from the Foundation-funded{" "}
+ OperatorSubsidyManager instead of bridged-amount
+ deductions.
+
- Fees are deducted from the bridged amount before settlement. For a - 10,000 USDC transfer, 50 USDC goes to the operator, 30 USDC to the - protocol (FeeManager), and 9,920 USDC reaches the destination escrow. + Post-activation: fees are deducted from the bridged amount before + settlement. For a 10,000 USDC transfer, 35 USDC goes to the operator, 15 + USDC to the protocol (FeeManager), and 9,950 USDC reaches the + destination escrow.
- Conditional settlement infrastructure — encrypted Escrows, pluggable - Gates, protocol-native Shields. Everything you need to make money + Conditional settlement infrastructure — confidential Escrows, + pluggable Gates, protocol-native Insurance, and an operator-secured + cross-chain settlement layer. Everything you need to make money conditional and private.
diff --git a/src/pages/docs/EnterpriseChecklist.tsx b/src/pages/docs/EnterpriseChecklist.tsx deleted file mode 100644 index 9f6953b..0000000 --- a/src/pages/docs/EnterpriseChecklist.tsx +++ /dev/null @@ -1,440 +0,0 @@ -import DocsLayout from "@/components/layout/DocsLayout"; -import Breadcrumbs from "@/components/docs/Breadcrumbs"; -import PageHeader from "@/components/docs/PageHeader"; -import Callout from "@/components/docs/Callout"; -import DocsTable from "@/components/docs/DocsTable"; -import PageNav from "@/components/docs/PageNav"; -import DocsBadge from "@/components/docs/DocsBadge"; -import Steps, { Step } from "@/components/docs/Steps"; -import LinkCard from "@/components/docs/LinkCard"; -import { getPrevNext } from "@/data/navigation"; -import type { TocItem } from "@/components/layout/TableOfContents"; -import { BookOpen, Rocket } from "lucide-react"; - -const toc: TocItem[] = [ - { id: "overview", title: "Overview", level: 2 }, - { id: "adoption-phases", title: "Adoption phases", level: 2 }, - { id: "technical-requirements", title: "Technical requirements", level: 2 }, - { id: "security-audit-status", title: "Security audit status", level: 2 }, - { id: "support-sla", title: "Support & SLA", level: 2 }, - { id: "next-steps", title: "Next steps", level: 2 }, -]; - -const { prev, next } = getPrevNext("/get-started/enterprise-checklist"); - -// -- Table data --------------------------------------------------------------- - -const techReqColumns = [ - { header: "Requirement", key: "requirement", width: "200px" }, - { header: "Details", key: "details" }, -]; - -const techReqRows = [ - { requirement: "Runtime", details: "Node.js 18+" }, - { requirement: "SDK", details: "@reineira-os/sdk" }, - { requirement: "Smart contracts", details: "Solidity 0.8.24+, Hardhat" }, - { requirement: "FHE backend", details: "CoFHE coprocessor" }, - { requirement: "Testnet chain", details: "Arbitrum Sepolia" }, - { requirement: "Cross-chain", details: "Circle CCTP V2" }, - { requirement: "Smart accounts", details: "ERC-4337 compatible" }, - { requirement: "Meta-transactions", details: "ERC-2771 support" }, - { - requirement: "Contract pattern", - details: "UUPS upgradeable, ERC-7201 namespaced storage", - }, -]; - -const auditColumns = [ - { header: "Component", key: "component", width: "220px" }, - { header: "Status", key: "status" }, -]; - -const auditRows = [ - { - component: "Escrow (ConfidentialEscrow)", - status:- This checklist walks engineering teams through five phases of ReineiraOS - adoption — from initial evaluation through production launch. Each phase - builds on the previous one and includes concrete deliverables. -
- -- While the phases are numbered sequentially, compliance and security - reviews often run in parallel with integration work. Start Phase 4 - early to avoid blocking your launch timeline. -
-- Build a mental model of the protocol and assess fit for your use - case. -
-
- IConditionResolver
- {" "}
- pattern that fits your release conditions
- - Build and connect your application to the ReineiraOS protocol. -
-
- IConditionResolver
- {" "}
- implementation
- - Validate correctness, security, and performance before going to - production. -
-- Address regulatory and legal requirements for your jurisdiction. -
-- Deploy to production and establish operational readiness. -
-- FHE operations behave differently under load than standard EVM calls. - Gas estimation, transaction ordering, and decryption latency can all - surface issues that only appear at scale. Test thoroughly on testnet - before committing to production. -
-- The following tools and standards are required or recommended for - building on ReineiraOS: -
- -- Current audit and review status for each protocol component: -
- -- A comprehensive third-party audit is planned prior to production - launch. Follow the{" "} - - Security - {" "} - page for updates. -
-- Available support channels and expected response times: -
- -- Ready to start? Begin with Phase 1: -
- -
Deposit USDC into the Escrow via{" "}
- fund(escrowId, amount)
+ fund(escrowId, encryptedPayment)
{" "}
- or{" "}
+ — the SDK encrypts the payment amount client-side as{" "}
- fundFrom(escrowId, amount, payer)
-
- . The contract wraps the USDC into ConfidentialUSDC and updates the
- encrypted{" "}
+ InEuint64
+ {" "}
+ before submission. Cross-chain receivers call{" "}
+
+ fundFrom(escrowId, euint64 amount)
+ {" "}
+ with a pre-existing encrypted-amount handle that the CCTP receiver
+ derives from the attested mint delta. The contract wraps USDC into
+ ConfidentialUSDC and updates the encrypted{" "}
paidAmount
@@ -312,6 +329,17 @@ export default function EscrowLifecycle() {
{" "}
flag)
+
+ paidAmount
+ {" "}
+ is at least the target{" "}
+
+ amount
+ {" "}
+ (homomorphic ≥)
+
@@ -335,7 +363,13 @@ export default function EscrowLifecycle() {
redeemMultiple(escrowIds)
{" "}
- to settle multiple Escrows in a single transaction.
+ to settle up to{" "}
+
+ MAX_BATCH_SIZE = 20
+ {" "}
+ Escrows in a single transaction. Per-id failures are silent: an
+ ineligible Escrow contributes zero to the accumulated transfer instead
+ of reverting the batch.
",
- desc: "Wait for funding event",
+ prop: "waitForFunded(timeoutMs?)",
+ type: "Promise",
+ desc: "Wait for funding event (default timeout 600_000 ms)",
},
{
prop: "waitForRedeemable(opts?)",
@@ -189,7 +189,7 @@ export default function EscrowModule() {
@@ -408,10 +408,25 @@ export default function EscrowModule() {
filename="static-methods.ts"
language="typescript"
lines={[
- { content: "sdk.escrow.get(42n) // get EscrowInstance by ID" },
{
content:
- "sdk.escrow.total() // total escrows created (Promise)",
+ "sdk.escrow.get(42n) // synchronous — get EscrowInstance by ID",
+ },
+ {
+ content:
+ "sdk.escrow.exists(42n) // Promise — verify on-chain",
+ },
+ {
+ content:
+ "sdk.escrow.total() // Promise — total escrows created",
+ },
+ {
+ content:
+ "sdk.escrow.redeemMultiple([0n,1n]) // Promise — batch redeem, cap 20",
+ },
+ {
+ content:
+ "sdk.escrow.build() // EscrowBuilder — fluent builder",
},
]}
/>
diff --git a/src/pages/docs/GasPerformance.tsx b/src/pages/docs/GasPerformance.tsx
index b44500d..8dc70bb 100644
--- a/src/pages/docs/GasPerformance.tsx
+++ b/src/pages/docs/GasPerformance.tsx
@@ -429,11 +429,21 @@ export default function GasPerformance() {
you design resolvers and integrations that stay fast and affordable.
-
+
All numbers below are testnet estimates measured on Arbitrum Sepolia
- with FHE coprocessor devnet. Mainnet costs will vary with network
- congestion, L1 calldata pricing, and CoFHE operator fees.
+ with the FHE coprocessor devnet and apply to the{" "}
+ confidential-mode contracts. Mainnet costs will vary
+ with network congestion, L1 calldata pricing, and CoFHE operator fees.
+
+
+ Plain mode (the chaos-net launch path) uses no FHE
+ operations; expect roughly 40–60% of the gas figures below, because
+ the encryption / decryption / select calls drop out entirely.
+ Lifecycle, events, and ABI surface are the same.
diff --git a/src/pages/docs/Governance.tsx b/src/pages/docs/Governance.tsx
deleted file mode 100644
index cf7fb2d..0000000
--- a/src/pages/docs/Governance.tsx
+++ /dev/null
@@ -1,276 +0,0 @@
-import DocsLayout from "@/components/layout/DocsLayout";
-import Breadcrumbs from "@/components/docs/Breadcrumbs";
-import PageHeader from "@/components/docs/PageHeader";
-import Callout from "@/components/docs/Callout";
-import PageNav from "@/components/docs/PageNav";
-import DocsTable from "@/components/docs/DocsTable";
-import DocsBadge from "@/components/docs/DocsBadge";
-import Steps, { Step } from "@/components/docs/Steps";
-import { getPrevNext } from "@/data/navigation";
-import type { TocItem } from "@/components/layout/TableOfContents";
-
-const toc: TocItem[] = [
- { id: "posture", title: "Public-Infrastructure posture", level: 2 },
- { id: "entity-stack", title: "Three-entity stack", level: 2 },
- { id: "immutable", title: "Immutable contracts", level: 2 },
- { id: "authorities", title: "What the privileged roles can do", level: 2 },
- { id: "participation", title: "Participation Policy & bond", level: 2 },
- { id: "conditional-tge", title: "Conditional TGE & the DAO", level: 2 },
- { id: "phases", title: "Phases", level: 2 },
-];
-
-const { prev, next } = getPrevNext("/learn/governance");
-
-const entityColumns = [
- { header: "Entity", key: "entity", width: "200px" },
- { header: "Jurisdiction", key: "juris", width: "130px" },
- { header: "Role", key: "role" },
-];
-
-const entityRows = [
- {
- entity: "Reineira Labs Limited (DevCo)",
- juris: "RAK DAO Free Zone, UAE",
- role: "Software Vendor — authors the contracts, publishes the RSS standard, maintains docs, deploys the canonical reference implementation, coordinates audits. Does not operate the protocol, custody funds, or provide financial services.",
- },
- {
- entity: "Reineira HoldCo",
- juris: "British Virgin Islands",
- role: "Parent entity; counterparty to Convertible Note / SAFE instruments (Reg S, non-U.S. investors). Holds equity in DevCo. Does not custody protocol IP.",
- },
- {
- entity: "Reineira Foundation",
- juris: "Cayman Islands",
- role: "IP assignee from Phase 2; conditional token issuance (if the token-launch triggers are met); DAO custody; ParticipationBond custody; grant-programme and Foundation-operated-services administrator.",
- },
-];
-
-const authorityColumns = [
- { header: "Authority", key: "auth", width: "210px" },
- { header: "Can", key: "can" },
-];
-
-const authorityRows = [
- {
- auth: "Upgrade authority",
- can: "None. Contracts are immutable singletons — no UUPS proxy, no _authorizeUpgrade hook, no admin upgrade key on any contract.",
- },
- {
- auth: "slashingManager",
- can: "Execute OperatorRegistry.slash and route slashed stake, via OperatorSlashingManager (with owner as backstop).",
- },
- {
- auth: "Coverage Manager admin",
- can: "Admin setters (setEscrow, setPoolFactory) and policy registration. Cannot upgrade or migrate state-bearing contracts. DevCo (Phase 1) → Foundation multisig (Phase 2).",
- },
- {
- auth: "Fee governance (post-activation)",
- can: "Set fee bps into storage within an immutable bytecode ceiling. Cannot raise the ceiling (requires a new immutable FeeManager) and cannot collect any fee before MAINNET_ACTIVATION_BLOCK.",
- },
- {
- auth: "Trusted Forwarder (ERC-2771)",
- can: "Attribute the original signer for sponsored gas. Foundation-published, KYB-pinned allowlist.",
- },
-];
-
-export default function Governance() {
- return (
-
-
-
-
-
-
- Public-Infrastructure posture
-
-
- ReineiraOS launches as Public Infrastructure. Every contract is an{" "}
- immutable singleton with no upgrade authority; protocol
- fees are pinned at zero through chaos-net by a block-locked activation
- constant; operators bond cUSDC, not a token; and a{" "}
- REINEIRA token does not exist yet — any issuance is
- conditional on the token-launch trigger conditions. Reineira Labs
- Limited (RAK DAO Free Zone, UAE) deploys the contracts as a{" "}
- Software Vendor, not as an operator of the protocol.
-
-
-
-
- Because the contracts are immutable, there is no upgrade to govern. No
- entity — DevCo, HoldCo, Foundation, or any future DAO — holds upgrade
- authority. New functionality ships as{" "}
- new contract deployments at new addresses that you
- opt into.
-
-
-
-
- Three-entity stack
-
-
- Governance is split across three entities. The full stack is reached at
- Phase 2.{" "}
- Spec'd · Phase 2 (Q1–Q2 2027)
-
-
-
-
- Immutable contracts
-
-
-
- Every contract is an immutable singleton at a fixed address. No entity
- holds upgrade authority. There is no UUPS proxy, no{" "}
- _authorizeUpgrade hook, no Owner
- role with upgrade privileges, and no admin key on any escrow, coverage
- manager, operator registry, fee manager, or token wrapper. Storage and
- logic are both frozen at deployment.
-
-
-
- Contracts still use ERC-7201 namespaced storage and carry a{" "}
-
- __gap[50]
- {" "}
- reserve — not for in-place upgrades (there are none) but so a future
- immutable redeployment can share storage conventions.
-
-
-
- What the privileged roles can do
-
-
- Five authorities partition the protocol's privileged surface. None can
- upgrade a contract, withdraw escrowed funds, modify escrow terms,
- force-resolve a gate, or decrypt FHE state without explicit permission.
-
-
-
-
- Participation Policy & bond
-
-
- Under the Participation Policy, the Foundation commits to{" "}
- not act as operator, pool creator, pool manager, or
- curator on any role-collapsed venue. The commitment is collateralised by
- a $1M-equivalent ParticipationBond denominated in cUSDC
- , deployed empty at chaos-net and funded from Phase 2 capital if and
- when SAFT/QF rounds execute. Any Foundation key that participates on a
- role-collapsed venue forfeits the bond; quarterly{" "}
-
- NonParticipationAttestation
- {" "}
- events build an immutable record.
-
-
-
- -
- Phase 1 — DevCo publishes Participation Policy v0.1
- as a bylaws-draft commitment.
-
- -
- Phase 2 — Foundation adopts v1.0 as a board-level
- commitment (modifiable only by board 2/3 supermajority).
-
- -
- Phase 3 (conditional, post-TGE) — Foundation
- deploys v1.1 to an immutable contract for 3 years, modifiable only
- by token-holder 2/3 supermajority under a 30-day timelock.
-
-
-
-
-
- Conditional TGE & the DAO
-
-
- Research · conditional There is
- no REINEIRA token and no DAO today. The Foundation executes a Token
- Generation Event only if all four triggers are met:
-
-
- -
- A basin condition sustained ≥12 months: ≥30 operator entities,
- cumulative GMV ≥$5B, LP TVL ≥$10M, ≥50 integrated applications, across
- 4 consecutive quarters.
-
- -
- External-counsel sign-off on digital-commodity classification OR a
- permanent U.S. geo-fence.
-
- - A Foundation board 2/3 supermajority attestation.
- - A completed independent governance-design review.
-
-
- If a TGE occurs, the DAO governs grant/treasury and Participation-Policy
- parameters — never contract upgrades, which do not exist.
-
-
-
- Phases
-
-
-
-
- Reineira Labs Limited authors and deploys the immutable contracts,
- publishes RSS, and coordinates audits. IP held under BUSL-1.1.
- Capital via the BVI HoldCo Convertible Note (Reg S). No token, no
- SAFT, no DAO.
-
-
-
-
- The Cayman Foundation becomes operational; IP transfers from DevCo
- to Foundation via the CLA assignment chain; DevCo continues as
- Software Vendor under a maintenance contract. Token issuance is{" "}
- not a Phase 2 milestone.
-
-
-
-
- Only if the four triggers are satisfied, a TGE issues the REINEIRA
- token, the DAO activates, and Participation Policy v1.1 is deployed
- immutable. The protocol operates fully without ever reaching this
- phase.
-
-
-
-
-
-
- Because contracts are immutable and non-custodial, you do not need to
- trust any entity to use the protocol safely: no admin can steal funds,
- change escrow terms, bypass a gate, or decrypt your state. The entity
- stack governs grants, audits, and the standard — not your money.
-
-
-
-
-
- );
-}
diff --git a/src/pages/docs/InsuranceModule.tsx b/src/pages/docs/InsuranceModule.tsx
index 812d0d5..a9bf668 100644
--- a/src/pages/docs/InsuranceModule.tsx
+++ b/src/pages/docs/InsuranceModule.tsx
@@ -139,7 +139,7 @@ export default function InsuranceModule() {
@@ -167,11 +167,31 @@ export default function InsuranceModule() {
content: " paymentToken: sdk.addresses.confidentialUSDC,",
highlighted: true,
},
+ {
+ content:
+ " initialManager: '0xManager...', // optional, defaults to caller (Creator)",
+ },
+ {
+ content:
+ " guardian: '0xGuardian...', // optional, zero address allowed",
+ },
+ {
+ content:
+ " isOpen: true, // false = private (EIP-712 voucher-gated)",
+ },
{ content: "})" },
{ content: "// pool.id, pool.address, pool.createTx.hash" },
]}
/>
+
+ The four-role separation (Creator / Manager / Guardian / Underwriter)
+ from Whitepaper §7.2 maps onto these parameters.{" "}
+ isOpen: false gates buyers behind a manager-signed{" "}
+ CoverageInvite (EIP-712) — useful for closed cohorts and
+ pilot underwriting.
+
+
+
+ The encrypted-mode interface — used by the example below:
+
+
+
+ The plain-mode interface, used by the mainnet launch path, swaps the FHE
+ types for primitives but keeps the same shape:
+
+
+
+
@@ -272,7 +305,7 @@ export default function InsurancePolicies() {
{ content: "" },
{
content:
- 'import { IUnderwriterPolicy } from "@reineira-os/shared/contracts/interfaces/plugins/IUnderwriterPolicy.sol";',
+ 'import { IConfidentialUnderwriterPolicy } from "@reineira-os/shared/contracts/interfaces/plugins/IConfidentialUnderwriterPolicy.sol";',
},
{
content:
@@ -285,7 +318,7 @@ export default function InsurancePolicies() {
{ content: "" },
{
content:
- "contract P2PMarketplacePolicy is IUnderwriterPolicy, ERC165 {",
+ "contract P2PMarketplacePolicy is IConfidentialUnderwriterPolicy, ERC165 {",
},
{
content: " // Risk tiers in basis points (100 bps = 1%)",
@@ -491,7 +524,7 @@ export default function InsurancePolicies() {
},
{
content:
- " return interfaceId == type(IUnderwriterPolicy).interfaceId",
+ " return interfaceId == type(IConfidentialUnderwriterPolicy).interfaceId",
},
{
content: " || super.supportsInterface(interfaceId);",
diff --git a/src/pages/docs/InsurancePools.tsx b/src/pages/docs/InsurancePools.tsx
index b56b5d5..ae05be8 100644
--- a/src/pages/docs/InsurancePools.tsx
+++ b/src/pages/docs/InsurancePools.tsx
@@ -102,11 +102,27 @@ export default function InsurancePools() {
/>
- Anyone can create an Insurance pool, attach policies, provide liquidity,
- and earn premiums. This is the open economy layer of ReineiraOS — the
- best underwriters build the best pools and earn the most.
+ Anyone can create an Insurance pool (with an allowlisted payment token),
+ attach policies, provide liquidity, and earn premiums. This is the open
+ economy layer of ReineiraOS — the best underwriters build the best pools
+ and earn the most.
+
+
+ Every pool has four roles: Pool Creator (deploys via
+ factory, owns immutable creator royalty),{" "}
+ Pool Manager (parameter custody, policy admission;
+ transferable to DAO/multisig), Guardian (safety veto
+ and emergency-deallocate only, no earnings), and{" "}
+ Operator (executes pool-routing tasks under the
+ orchestration layer). Creator and Manager can be the same address at
+ deploy time — pass initialManager and{" "}
+ guardian to createPool to set them
+ explicitly.
+
+
+
{/* ------------------------------------------------------------------ */}
- All financial values in the insurance system are FHE-encrypted:
+ In confidential (FHE) mode, per-buyer financial values are encrypted{" "}
+
+ euint64
+ {" "}
+ and never leak through events (per-buyer premium and payout are emitted
+ as 0). Plain mode ships the same lifecycle without encryption.
+
+
+
+ Confidential in encrypted mode:
+
+
+
+ - Per-buyer stake amounts
+ - Per-buyer coverage amounts and risk scores
+ - Per-buyer premium payments and payout amounts
+ - Total liquidity and total premiums (aggregates also encrypted)
+
+
+
+ Public on both modes:
- - Stake amounts
- - Coverage amounts
- - Risk scores
- - Premium payments
- - Claim payouts
+ - Coverage lifecycle events (without amounts)
+ - Policy and pool addresses (publishable for discovery)
+ - Pool-creation event
+ - Dispute event (with caller, without verdict)
-
+
- On-chain events emit only indexed IDs. No amounts, no addresses, no
- policy details are visible to chain observers.
+ The Premium/Loss-Ratio Disclosure Bound formalises this split. In
+ encrypted mode, per-buyer financial values cannot be reconstructed
+ from chain state under TFHE IND-CPA security — but policy/pool
+ identities and lifecycle existence remain observable so integrators
+ can find your pool.
diff --git a/src/pages/docs/McpServer.tsx b/src/pages/docs/McpServer.tsx
index e3c7527..b7059f4 100644
--- a/src/pages/docs/McpServer.tsx
+++ b/src/pages/docs/McpServer.tsx
@@ -31,7 +31,7 @@ const toolColumns = [
const toolRows = [
{
tool: "get_docs",
- desc: "Browse documentation by section and topic. Sections: overview, guides, protocol, reference, whitepaper, litepaper.",
+ desc: "Browse documentation by section and topic. Sections: overview, guides, protocol, reference, whitepaper, root.",
},
{
tool: "search_docs",
@@ -218,7 +218,7 @@ export default function McpServer() {
{" "}
+ return euint64 / ebool. The plaintext{" "}
- ebool
-
- ). The protocol never exposes risk scores or verdicts in cleartext
- on-chain.
+ IUnderwriterPolicy
+ {" "}
+ variant has the same shape but returns uint256 /{" "}
+ bool and powers the chaos-net launch path. Both extend
+ ERC-165 so the policy registry can validate at registration time.
diff --git a/src/pages/docs/PlatformModules.tsx b/src/pages/docs/PlatformModules.tsx
index d2139cf..19b9570 100644
--- a/src/pages/docs/PlatformModules.tsx
+++ b/src/pages/docs/PlatformModules.tsx
@@ -48,7 +48,13 @@ const packageRows = [
package: "app",
name: "@reineira-os/modules-app",
stack: "React 19 + Vite + ZeroDev",
- purpose: "Platform dashboard with smart accounts",
+ purpose: "Platform dashboard with smart accounts and passkey auth",
+ },
+ {
+ package: "landing",
+ name: "@reineira-os/modules-landing",
+ stack: "Next.js + React 19",
+ purpose: "Marketing landing page starter for the venture",
},
];
diff --git a/src/pages/docs/ReineiraCode.tsx b/src/pages/docs/ReineiraCode.tsx
index 4a6fbbf..3793067 100644
--- a/src/pages/docs/ReineiraCode.tsx
+++ b/src/pages/docs/ReineiraCode.tsx
@@ -82,8 +82,8 @@ export default function ReineiraCode() {
Test harness
{" "}
- — FHE-enabled test suite with cofhejs mocks so you can test encrypted
- logic locally
+ — FHE-enabled test suite with @cofhe/sdk mocks so you can test
+ encrypted logic locally
- The SDK exposes four modules accessible as properties:
+ The SDK exposes six modules accessible as properties.{" "}
+ escrow and insurance hit the confidential
+ (FHE) deployment; escrowPlain and{" "}
+ insurancePlain hit the mainnet-launch plaintext deployment.
+ Modules return instance objects (EscrowInstance,{" "}
+ PoolInstance, CoverageInstance, and their
+ plain variants) representing a single on-chain artifact —{" "}
+ escrow.fund(), pool.stake(),{" "}
+ coverage.dispute() etc. all live on the returned instances.
+ See the individual module pages for the full method surface.
+
+ The fee schedule above is the activated rate. During
+ chaos-net,{" "}
+
+ FeeManager
+ {" "}
+ is pinned to zero in bytecode:{" "}
+
+ collectFee()
+ {" "}
+ returns 0 for every task until{" "}
+
+ block.number ≥ MAINNET_ACTIVATION_BLOCK
+ {" "}
+ (Whitepaper §8.8). Operator income during chaos-net comes from the
+ Foundation-funded{" "}
+
+ OperatorSubsidyManager
+ {" "}
+ (per-task cUSDC payments, capacity-bounded). Rates can be staged into
+ storage during chaos-net, but they do not apply until the activation
+ block.
+
- Fees are deducted from the bridged amount before settlement. For a - 10,000 USDC transfer, 50 USDC goes to the operator, 30 USDC to the - protocol, and 9,920 USDC reaches the destination escrow. + Post-activation: fees are deducted from the bridged amount before + settlement. For a 10,000 USDC transfer, 35 USDC goes to the operator, 15 + USDC to the protocol, and 9,950 USDC reaches the destination escrow.
{/* Monitoring */} diff --git a/src/pages/docs/Security.tsx b/src/pages/docs/Security.tsx index 08577a6..b9aad43 100644 --- a/src/pages/docs/Security.tsx +++ b/src/pages/docs/Security.tsx @@ -102,10 +102,10 @@ const contractSecurityColumns = [ ]; const contractSecurityRows = [ { - mechanism: "Proxy pattern", + mechanism: "Proxy pattern (testnet only)", standard: "UUPS", purpose: - "Upgradeable contracts with minimal proxy overhead. Upgrade logic lives in the implementation, not the proxy.", + "UUPS upgradeable on chaos-net testnet via TestnetCoreBase. Removed at v1.0 mainnet: every contract becomes an immutable singleton, no _authorizeUpgrade hook, no upgrade authority (Whitepaper §11.8).", }, { mechanism: "Namespaced storage", @@ -129,7 +129,7 @@ const contractSecurityRows = [ mechanism: "Access control", standard: "Ownable", purpose: - "Single-owner admin pattern for testnet. Multi-sig and timelock planned for future releases.", + "Single-owner admin pattern on chaos-net for parameter custody and emergency response. Deploy posture is a Safe multisig behind a TimelockController (Whitepaper §10.6). Upgrade authority is eliminated entirely at v1.0 mainnet.", }, { mechanism: "Initializer", @@ -146,34 +146,40 @@ const limitationColumns = [ ]; const limitationRows = [ { - limitation: "Single coordinator", + limitation: "Single canonical coordinator in production", impact: - "Single point of failure for relay task distribution. If the coordinator goes down, cross-chain settlement stalls.", - plan: "Redundant coordinator instances with failover.", + "Only the Foundation-operated coordinator runs in chaos-net. If it stalls, the canonical relay queue backs up. Third parties may already run independent coordinators against the same OperatorRegistry / TaskExecutor contracts.", + plan: "On-chain CoordinatorRegistry + cross-graph slashing (votes spanning ≥3 independent coordinator–operator graphs) on the v1.0 track.", }, { limitation: "In-memory operator state", impact: - "Operator relay state is lost on restart. Pending messages may need manual resubmission.", + "Operator relay job state is held in-memory; on restart, pending jobs may need manual resubmission via the operator CLI.", plan: "Persistent state store with automatic recovery.", }, { - limitation: "Single-quorum slashing only", + limitation: "Cross-graph slashing not yet shipped", impact: - "OperatorSlashingManager enforces a single stake-weighted quorum across the active set. Cross-graph slashing (votes spanning ≥3 independent coordinator–operator graphs) is spec'd but not yet shipped.", - plan: "CoordinatorRegistry with cross-graph slashing on the v1.0 track.", + "The four-stage pipeline (5% bond → 3-day challenge → 4-day vote → 14-day expiry, QUORUM_BPS = 1000) is shipped. Whitepaper §8.6 argues the four-stage moat — not the quorum threshold — is the load-bearing safety property; the 10% quorum is intentional, not a transitional limitation.", + plan: "Cross-graph slashing (multi-graph attestation) is tracked for the v1.0 hardening lock; not a blocker for chaos-net.", }, { - limitation: "Testnet FHE", + limitation: "Testnet UUPS proxy posture", impact: - "FHE coprocessor is testnet-grade. Encryption is functional but security parameters may change before production.", - plan: "Production FHE parameters audited by cryptography team.", + "Testnet contracts inherit TestnetCoreBase (Initializable + UUPS + Ownable + ReentrancyGuard + ERC-2771) so we can iterate. The owner can still upgrade contracts; trust is not yet structurally eliminated.", + plan: "v1.0 mainnet contracts drop UUPS entirely and ship as immutable singletons (Whitepaper §11.8). Upgrade authority is removed at the bytecode level.", }, { - limitation: "No timelock", + limitation: "CoFHE substrate trust (encrypted mode)", impact: - "Admin upgrades are immediate with no delay. No governance review period.", - plan: "Timelock on admin actions with emergency multisig override.", + "FHE coprocessor is a single-substrate trust counterparty: liveness, key management, and attestation rest on its operator quorum, not on the host chain's validator set. Confidentiality is conditional on TFHE IND-CPA security (TA1) and CoFHE correctness (TA2).", + plan: "Threshold-FHE, MPC distribution, or hardware attestation — tracked as Open Problem 4.1 in the whitepaper, decision target pre-mainnet.", + }, + { + limitation: "No external audit at chaos-net launch", + impact: + "Phase 7 internal review remediated ~85 findings including 8 mainnet blockers; Slither / Aderyn baselines dated 2026-05-04. Use of chaos-net during Jun 2026 → Q4 2026 is at the user's own risk (Whitepaper §10.6).", + plan: "External audit committed for v1.0 hardening (Q4 2026 mainnet); auditor selection gated on Standard-tier budget.", }, ]; diff --git a/src/pages/docs/Status.tsx b/src/pages/docs/Status.tsx index b1ce8e4..8de8bd7 100644 --- a/src/pages/docs/Status.tsx +++ b/src/pages/docs/Status.tsx @@ -89,7 +89,7 @@ const componentRows = [ component: "OperatorSlashingManager", status:
+ Implementation note: chaos-net deployments retain the legacy{" "}
+
+ privara.storage.*
+ {" "}
+ slot prefix for cross-deployment-version compatibility (Whitepaper
+ §6.2). The{" "}
+
+ reineira.storage.*
+ {" "}
+ prefix is canonical from v1.0 mainnet onwards; the migration is a new
+ immutable deployment, not an in-place rename.
+
RSS does not mandate upgradeability — conforming implementations may be upgradeable, immutable, or hybrid (the v1.0