From 5a786f60e9150ff3a5ad06dff9d1c1a1aea654c3 Mon Sep 17 00:00:00 2001 From: Tranquil-Flow Date: Mon, 15 Jun 2026 12:44:51 +0200 Subject: [PATCH 1/3] Solution: LP-0002 Private M-of-N Multisig --- solutions/LP-0002.md | 94 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 solutions/LP-0002.md diff --git a/solutions/LP-0002.md b/solutions/LP-0002.md new file mode 100644 index 0000000..a3ca316 --- /dev/null +++ b/solutions/LP-0002.md @@ -0,0 +1,94 @@ +# LP-0002 Solution: Private M-of-N Multisig + +**Submitted by:** Tranquil-Flow + +## Summary + +This submission implements a private M-of-N multisig primitive for LEZ. Shielded members approve a proposal client-side, produce unlinkable per-proposal nullifiers, and execute a threshold-gated action without revealing which members approved. The repository includes the Rust workspace, SDK, SPEL IDL, RISC0 heavy-lane artifacts, public LEZ testnet evidence, a native Qt/QML Basecamp `.lgx` package with alice/bob install evidence, and reproducible evaluator scripts. The fresh human-recorded narrated demo is available at https://youtu.be/Wssfp_rkC54. + +## Repository + +- **Repo:** https://github.com/Tranquil-Flow/lp-0002-private-multisig +- **License:** MIT +- **Narrated demo:** https://youtu.be/Wssfp_rkC54 + +## Approach + +The system is split into audit-friendly layers: + +1. `core/` implements member commitments, proposal binding, threshold relation checks, context-bound nullifiers, replay identifiers, and the public journal privacy boundary. +2. `sdk/` exposes a high-level `MultisigSession` workflow for create, propose, approve, prove, and execute. +3. `consumer-demo/` is a standalone clone-and-run integration app that imports the public crates as library dependencies and exercises five realistic multisig scenarios. +4. `methods/` and `methods/guest/` contain the RISC0 threshold-proof guest and executable wrapper guest. +5. `host/` verifies real RISC0 receipt artifacts, prepares LEZ/NSSA payloads, and records file-backed evidence for the heavy lane. +6. `lez-program/` models the LEZ verifier gate with deterministic account-state mutation and replay protection. +7. `basecamp-app/` contains the native Qt/QML Logos Basecamp plugin package; `flake.nix`/`flake.lock` package it as `.lgx`, and `submission/BASECAMP_INSTALL_EVIDENCE.json` records M4 alice/bob profile install evidence. + +The proof design keeps member identity private. The public journal reveals multisig/proposal/action binding, threshold and approval counts, sorted nullifiers, member root/count, and proof identifiers, but not raw member secrets or member commitments. Nullifiers bind approvals to the proposal context so a member cannot approve twice while remaining unlinkable across proposals. + +The LEZ evidence is intentionally explicit about the current transport boundary. The full RISC0 receipt is verified host-side and persisted as file-backed evidence. The included LEZ public-testnet wrapper transaction carries compact receipt/journal commitments because raw receipt bytes exceed the current public-program session transport limit. The reproducible `verify_and_execute_bytes` wrapper program is deployed and executed on the public LEZ testnet (https://testnet.lez.logos.co/): deploy tx `82516880f60c2076d78b28ad7b147ac0b05ed247b7bc33a27ac8f68b1d809c56` in block `39547` and execute tx `cb8bfd5afca3c88a99b12b42a6875bcc2cad419d394da0e39d8ca463ee376697` in block `39548`, signed by funded testnet account `6iArKUXxhUJqS7kCaPNhwMWt3ro71PDyBj7jwAyE2VQV`. The confirmed transaction evidence is recorded in `submission/TESTNET_EVIDENCE.json`. + +## Success Criteria Checklist + +### Functionality + +- [x] Any M-of-N member holding a shielded LEZ account can submit an approval without revealing their identity to on-chain observers or other members. +- [x] The verifier confirms a threshold of M approvals without recording which members approved. +- [x] Double-vote prevention is implemented through context-bound nullifiers. +- [x] A completed execution is unlinkable to an individual member's shielded account. +- [x] Proof generation runs client-side; the repository includes real `RISC0_DEV_MODE=0` proof artifacts and host verification scripts. +- [x] A reference threshold-gated action is delivered through the SDK, consumer demo, LEZ-shaped wrapper, and recorded public-testnet evidence. +- [x] At least one multisig instance/proposal/approval/execution path is evidenced in `submission/TESTNET_EVIDENCE.json` with confirmed transaction hash and block reference. +- [x] Full documentation and a clean public repository are delivered. + +### Usability + +- [x] Module/SDK provided via the `sdk/` crate and `MultisigSession` API. +- [x] Logos Basecamp GUI package provided under `basecamp-app/`, including native Qt/QML plugin source, metadata, CMake build instructions, `.lgx` packaging, and alice/bob profile install evidence. +- [x] SPEL IDL provided under `interfaces/lp0002.idl.json` with discriminators and documented instruction/error surfaces. + +### Reliability + +- [x] Proof generation and verification failures surface deterministic typed errors. +- [x] Partial approvals are preserved and resumable through serde round-tripping of the approval accumulator. +- [x] Verifier errors and SDK errors are deterministic and documented in `docs/PROTOCOL.md`. + +### Performance + +- [x] Proof-generation measurements, receipt/journal sizes, wrapper payload metrics, and public LEZ testnet cost evidence are documented in `submission/BENCHMARKS.md` and `submission/LEZ_COST_BENCHMARKS.json`. +- [x] Current LEZ tooling does not expose stable per-transaction CU counters; the submission records this limitation explicitly rather than inventing CU numbers. + +### Supportability + +- [x] Program deployment and execution evidence is recorded for the public LEZ testnet (https://testnet.lez.logos.co/). +- [x] End-to-end LEZ/RISC0 smoke scripts are included, with evaluator commands in `submission/EVALUATOR_GUIDE.md`. +- [x] CI configuration is present in the linked repository as `.github/workflows/ci.yml` and `.gitlab-ci.yml`; local/evaluator validation evidence is also documented in `submission/CI_EVIDENCE.md`. +- [x] README documents deployment, program identifiers, SDK usage, CLI/demo usage, and Basecamp package usage. +- [x] A reproducible demo script is provided at repository root as `demo.sh`; the heavy-lane path is available through `scripts/demo-heavy-lane.sh`. +- [x] Fresh narrated demo video: https://youtu.be/Wssfp_rkC54 + +## FURPS Self-Assessment + +### Functionality + +The workspace implements the private threshold relation, proposal binding, nullifier-based double-vote prevention, replay protection, SDK integration, consumer app, native Basecamp package, SPEL IDL, real RISC0 proof verification, and confirmed public LEZ testnet inclusion evidence. The main caveat is transparently documented: compact commitments are transported through the wrapper transaction while the full receipt remains host-verified and file-backed due to current LEZ session limits. + +### Usability + +Evaluators can start with `./demo.sh` for the fast clone-and-run consumer flow, then use `submission/EVALUATOR_GUIDE.md` for the heavy-lane evidence path. Developers can import the SDK crate, inspect the consumer demo, or build the native Basecamp plugin from `basecamp-app/`. + +### Reliability + +The Rust workspace includes unit and integration tests for privacy boundaries, duplicate approvals, invalid indices, insufficient approvals, replay protection, serialization/resume behavior, IDL consistency, and verifier errors. Readiness validators catch stale documentation, missing artifacts, IDL drift, and publication-gate regressions. + +### Performance + +The submission includes safe-lane timings, RISC0 fixture measurements, serialized receipt/journal sizes, NSSA wrapper payload metrics, account counts, and public-testnet inclusion evidence. LEZ per-transaction CU counters are not currently exposed by the available tooling, so the cost evidence records that limitation in machine-readable form. + +### Supportability + +The repository is MIT licensed, public, documented, and organized as a reproducible Rust workspace. `submission/EVALUATOR_GUIDE.md`, `docs/SPEC_COMPLIANCE.md`, `docs/PROTOCOL.md`, `submission/TESTNET_EVIDENCE.json`, and `submission/BENCHMARKS.md` give reviewers the paths, commands, evidence identifiers, and known limitations needed to independently assess the submission. + +## Terms & Conditions + +I have read and agree to the Logos Lambda Prize TERMS.md and confirm that this submission is original work published under the MIT license. From 4d24b46b1ea6f8e5c16364409b34ca4053d226c6 Mon Sep 17 00:00:00 2001 From: Tranquil-Flow Date: Sat, 27 Jun 2026 17:13:28 +0000 Subject: [PATCH 2/3] Mark LP-0002 testnet evidence historical after reset --- solutions/LP-0002.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/solutions/LP-0002.md b/solutions/LP-0002.md index a3ca316..d78cfed 100644 --- a/solutions/LP-0002.md +++ b/solutions/LP-0002.md @@ -4,7 +4,7 @@ ## Summary -This submission implements a private M-of-N multisig primitive for LEZ. Shielded members approve a proposal client-side, produce unlinkable per-proposal nullifiers, and execute a threshold-gated action without revealing which members approved. The repository includes the Rust workspace, SDK, SPEL IDL, RISC0 heavy-lane artifacts, public LEZ testnet evidence, a native Qt/QML Basecamp `.lgx` package with alice/bob install evidence, and reproducible evaluator scripts. The fresh human-recorded narrated demo is available at https://youtu.be/Wssfp_rkC54. +This submission implements a private M-of-N multisig primitive for LEZ. Shielded members approve a proposal client-side, produce unlinkable per-proposal nullifiers, and execute a threshold-gated action without revealing which members approved. The repository includes the Rust workspace, SDK, SPEL IDL, RISC0 heavy-lane artifacts, historical public LEZ testnet evidence with fail-closed reset handling, a native Qt/QML Basecamp `.lgx-portable` evaluator package with alice/bob install evidence, and reproducible evaluator scripts. The fresh human-recorded narrated demo is available at https://youtu.be/Wssfp_rkC54. ## Repository @@ -22,11 +22,11 @@ The system is split into audit-friendly layers: 4. `methods/` and `methods/guest/` contain the RISC0 threshold-proof guest and executable wrapper guest. 5. `host/` verifies real RISC0 receipt artifacts, prepares LEZ/NSSA payloads, and records file-backed evidence for the heavy lane. 6. `lez-program/` models the LEZ verifier gate with deterministic account-state mutation and replay protection. -7. `basecamp-app/` contains the native Qt/QML Logos Basecamp plugin package; `flake.nix`/`flake.lock` package it as `.lgx`, and `submission/BASECAMP_INSTALL_EVIDENCE.json` records M4 alice/bob profile install evidence. +7. `basecamp-app/` contains the native Qt/QML Logos Basecamp plugin package; `flake.nix`/`flake.lock` expose `.#lgx-portable` for evaluator-loadable packages and `.#lgx` for local scaffold installs, and `submission/BASECAMP_INSTALL_EVIDENCE.json` records M4 alice/bob profile install evidence. The proof design keeps member identity private. The public journal reveals multisig/proposal/action binding, threshold and approval counts, sorted nullifiers, member root/count, and proof identifiers, but not raw member secrets or member commitments. Nullifiers bind approvals to the proposal context so a member cannot approve twice while remaining unlinkable across proposals. -The LEZ evidence is intentionally explicit about the current transport boundary. The full RISC0 receipt is verified host-side and persisted as file-backed evidence. The included LEZ public-testnet wrapper transaction carries compact receipt/journal commitments because raw receipt bytes exceed the current public-program session transport limit. The reproducible `verify_and_execute_bytes` wrapper program is deployed and executed on the public LEZ testnet (https://testnet.lez.logos.co/): deploy tx `82516880f60c2076d78b28ad7b147ac0b05ed247b7bc33a27ac8f68b1d809c56` in block `39547` and execute tx `cb8bfd5afca3c88a99b12b42a6875bcc2cad419d394da0e39d8ca463ee376697` in block `39548`, signed by funded testnet account `6iArKUXxhUJqS7kCaPNhwMWt3ro71PDyBj7jwAyE2VQV`. The confirmed transaction evidence is recorded in `submission/TESTNET_EVIDENCE.json`. +The LEZ evidence is intentionally explicit about the current transport boundary. The full RISC0 receipt is verified host-side and persisted as file-backed evidence. The included historical LEZ public-testnet wrapper transaction carried compact receipt/journal commitments because raw receipt bytes exceed the public-program session transport limit. The reproducible `verify_and_execute_bytes` wrapper program was deployed and executed on the public LEZ testnet before the June 2026 reset: deploy tx `82516880f60c2076d78b28ad7b147ac0b05ed247b7bc33a27ac8f68b1d809c56` in block `39547` and execute tx `cb8bfd5afca3c88a99b12b42a6875bcc2cad419d394da0e39d8ca463ee376697` in block `39548`, signed by funded testnet account `6iArKUXxhUJqS7kCaPNhwMWt3ro71PDyBj7jwAyE2VQV`. As of the current public testnet, those tx hashes now re-query as null, so they are historical evidence only; `python3 scripts/ci-verify-testnet.py` fails closed on the current endpoint, and a fresh reset-era deploy/execute is still required before claiming current live on-chain verification. ## Success Criteria Checklist @@ -37,14 +37,14 @@ The LEZ evidence is intentionally explicit about the current transport boundary. - [x] Double-vote prevention is implemented through context-bound nullifiers. - [x] A completed execution is unlinkable to an individual member's shielded account. - [x] Proof generation runs client-side; the repository includes real `RISC0_DEV_MODE=0` proof artifacts and host verification scripts. -- [x] A reference threshold-gated action is delivered through the SDK, consumer demo, LEZ-shaped wrapper, and recorded public-testnet evidence. -- [x] At least one multisig instance/proposal/approval/execution path is evidenced in `submission/TESTNET_EVIDENCE.json` with confirmed transaction hash and block reference. +- [x] A reference threshold-gated action is delivered through the SDK, consumer demo, LEZ-shaped wrapper, and recorded historical public-testnet evidence. +- [ ] Current reset-era public LEZ testnet deploy/execute evidence. `submission/TESTNET_EVIDENCE.json` records pre-reset tx hashes that now fail closed on re-query; redeploy/re-execute is required before claiming current-live on-chain verification. - [x] Full documentation and a clean public repository are delivered. ### Usability - [x] Module/SDK provided via the `sdk/` crate and `MultisigSession` API. -- [x] Logos Basecamp GUI package provided under `basecamp-app/`, including native Qt/QML plugin source, metadata, CMake build instructions, `.lgx` packaging, and alice/bob profile install evidence. +- [x] Logos Basecamp GUI package provided under `basecamp-app/`, including native Qt/QML plugin source, metadata, CMake build instructions, `.#lgx-portable` evaluator packaging, and alice/bob profile install evidence. - [x] SPEL IDL provided under `interfaces/lp0002.idl.json` with discriminators and documented instruction/error surfaces. ### Reliability @@ -55,12 +55,12 @@ The LEZ evidence is intentionally explicit about the current transport boundary. ### Performance -- [x] Proof-generation measurements, receipt/journal sizes, wrapper payload metrics, and public LEZ testnet cost evidence are documented in `submission/BENCHMARKS.md` and `submission/LEZ_COST_BENCHMARKS.json`. +- [x] Proof-generation measurements, receipt/journal sizes, wrapper payload metrics, and historical public LEZ testnet cost evidence are documented in `submission/BENCHMARKS.md` and `submission/LEZ_COST_BENCHMARKS.json`; current reset-era tx refresh remains open. - [x] Current LEZ tooling does not expose stable per-transaction CU counters; the submission records this limitation explicitly rather than inventing CU numbers. ### Supportability -- [x] Program deployment and execution evidence is recorded for the public LEZ testnet (https://testnet.lez.logos.co/). +- [ ] Current program deployment and execution evidence on the reset-era public LEZ testnet. Historical deploy/execute evidence is recorded, but current re-query returns null. - [x] End-to-end LEZ/RISC0 smoke scripts are included, with evaluator commands in `submission/EVALUATOR_GUIDE.md`. - [x] CI configuration is present in the linked repository as `.github/workflows/ci.yml` and `.gitlab-ci.yml`; local/evaluator validation evidence is also documented in `submission/CI_EVIDENCE.md`. - [x] README documents deployment, program identifiers, SDK usage, CLI/demo usage, and Basecamp package usage. @@ -71,7 +71,7 @@ The LEZ evidence is intentionally explicit about the current transport boundary. ### Functionality -The workspace implements the private threshold relation, proposal binding, nullifier-based double-vote prevention, replay protection, SDK integration, consumer app, native Basecamp package, SPEL IDL, real RISC0 proof verification, and confirmed public LEZ testnet inclusion evidence. The main caveat is transparently documented: compact commitments are transported through the wrapper transaction while the full receipt remains host-verified and file-backed due to current LEZ session limits. +The workspace implements the private threshold relation, proposal binding, nullifier-based double-vote prevention, replay protection, SDK integration, consumer app, native Basecamp package, SPEL IDL, real RISC0 proof verification, and historical public LEZ testnet inclusion evidence. The main caveat is transparently documented: compact commitments were transported through the wrapper transaction while the full receipt remains host-verified and file-backed; those txs are now pre-reset evidence and not current-live proof. ### Usability @@ -83,7 +83,7 @@ The Rust workspace includes unit and integration tests for privacy boundaries, d ### Performance -The submission includes safe-lane timings, RISC0 fixture measurements, serialized receipt/journal sizes, NSSA wrapper payload metrics, account counts, and public-testnet inclusion evidence. LEZ per-transaction CU counters are not currently exposed by the available tooling, so the cost evidence records that limitation in machine-readable form. +The submission includes safe-lane timings, RISC0 fixture measurements, serialized receipt/journal sizes, NSSA wrapper payload metrics, account counts, and historical public-testnet inclusion evidence. LEZ per-transaction CU counters are not currently exposed by the available tooling, so the cost evidence records that limitation in machine-readable form, and current reset-era tx refresh is still required. ### Supportability From 59ac37ed84ab9fd82a158262bbfabd0413e5d178 Mon Sep 17 00:00:00 2001 From: Tranquil-Flow Date: Sun, 28 Jun 2026 12:58:57 +0000 Subject: [PATCH 3/3] Clarify LP-0002 current testnet status --- solutions/LP-0002.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/solutions/LP-0002.md b/solutions/LP-0002.md index d78cfed..6544d9a 100644 --- a/solutions/LP-0002.md +++ b/solutions/LP-0002.md @@ -26,7 +26,7 @@ The system is split into audit-friendly layers: The proof design keeps member identity private. The public journal reveals multisig/proposal/action binding, threshold and approval counts, sorted nullifiers, member root/count, and proof identifiers, but not raw member secrets or member commitments. Nullifiers bind approvals to the proposal context so a member cannot approve twice while remaining unlinkable across proposals. -The LEZ evidence is intentionally explicit about the current transport boundary. The full RISC0 receipt is verified host-side and persisted as file-backed evidence. The included historical LEZ public-testnet wrapper transaction carried compact receipt/journal commitments because raw receipt bytes exceed the public-program session transport limit. The reproducible `verify_and_execute_bytes` wrapper program was deployed and executed on the public LEZ testnet before the June 2026 reset: deploy tx `82516880f60c2076d78b28ad7b147ac0b05ed247b7bc33a27ac8f68b1d809c56` in block `39547` and execute tx `cb8bfd5afca3c88a99b12b42a6875bcc2cad419d394da0e39d8ca463ee376697` in block `39548`, signed by funded testnet account `6iArKUXxhUJqS7kCaPNhwMWt3ro71PDyBj7jwAyE2VQV`. As of the current public testnet, those tx hashes now re-query as null, so they are historical evidence only; `python3 scripts/ci-verify-testnet.py` fails closed on the current endpoint, and a fresh reset-era deploy/execute is still required before claiming current live on-chain verification. +The LEZ evidence is intentionally explicit about the current transport boundary. The full RISC0 receipt is verified host-side and persisted as file-backed evidence. Historical pre-reset public-testnet deploy/execute evidence is retained for audit. A reset-era v0.2.0 refresh on 2026-06-28 produced a fresh current public-testnet deploy tx `c7157a473cb512bf7e1803d4377d9f65e9406a7ff98efeda48b65c0d4915a13b` for ProgramBinary SHA-256 `8f74ccc446990f5437b5f6c6e731deac6653992e0a64abcecdff7bff0c5575e1` / program id `1557176a639868b0363e9106c75fe0748ceb42e65f5f1a6778dd05b6baebb57d`. The same input shape passes local v0.2.0 `Program::execute` and `ValidatedStateDiff::from_public_transaction`, but current public execute attempts `352eb699507aea4d4ca6963a50bef1473a2b944dfd7713116cbf82eabfeec3bf` and `fc4165ac2437bd6533444c5e010b2d248aed678daadfad277af1dd0f1fef6ca8` are not included by the endpoint. Therefore this submission claims current deploy evidence plus local v0.2.0 execution validation, not current live execute inclusion. ## Success Criteria Checklist @@ -38,7 +38,8 @@ The LEZ evidence is intentionally explicit about the current transport boundary. - [x] A completed execution is unlinkable to an individual member's shielded account. - [x] Proof generation runs client-side; the repository includes real `RISC0_DEV_MODE=0` proof artifacts and host verification scripts. - [x] A reference threshold-gated action is delivered through the SDK, consumer demo, LEZ-shaped wrapper, and recorded historical public-testnet evidence. -- [ ] Current reset-era public LEZ testnet deploy/execute evidence. `submission/TESTNET_EVIDENCE.json` records pre-reset tx hashes that now fail closed on re-query; redeploy/re-execute is required before claiming current-live on-chain verification. +- [x] Current reset-era public LEZ testnet deploy evidence: `c7157a473cb512bf7e1803d4377d9f65e9406a7ff98efeda48b65c0d4915a13b`. +- [ ] Current reset-era public LEZ testnet execute inclusion. v0.2.0 local execution/diff validation passes, but public execute attempts `352eb699507aea4d4ca6963a50bef1473a2b944dfd7713116cbf82eabfeec3bf` and `fc4165ac2437bd6533444c5e010b2d248aed678daadfad277af1dd0f1fef6ca8` are not included; this remains a transparent blocker. - [x] Full documentation and a clean public repository are delivered. ### Usability @@ -60,7 +61,8 @@ The LEZ evidence is intentionally explicit about the current transport boundary. ### Supportability -- [ ] Current program deployment and execution evidence on the reset-era public LEZ testnet. Historical deploy/execute evidence is recorded, but current re-query returns null. +- [x] Current program deployment evidence on the reset-era public LEZ testnet: `c7157a473cb512bf7e1803d4377d9f65e9406a7ff98efeda48b65c0d4915a13b`. +- [ ] Current execute inclusion on the reset-era public LEZ testnet; public execute attempts are retained as blocker evidence and do not support a current-live execute claim. - [x] End-to-end LEZ/RISC0 smoke scripts are included, with evaluator commands in `submission/EVALUATOR_GUIDE.md`. - [x] CI configuration is present in the linked repository as `.github/workflows/ci.yml` and `.gitlab-ci.yml`; local/evaluator validation evidence is also documented in `submission/CI_EVIDENCE.md`. - [x] README documents deployment, program identifiers, SDK usage, CLI/demo usage, and Basecamp package usage. @@ -71,7 +73,7 @@ The LEZ evidence is intentionally explicit about the current transport boundary. ### Functionality -The workspace implements the private threshold relation, proposal binding, nullifier-based double-vote prevention, replay protection, SDK integration, consumer app, native Basecamp package, SPEL IDL, real RISC0 proof verification, and historical public LEZ testnet inclusion evidence. The main caveat is transparently documented: compact commitments were transported through the wrapper transaction while the full receipt remains host-verified and file-backed; those txs are now pre-reset evidence and not current-live proof. +The workspace implements the private threshold relation, proposal binding, nullifier-based double-vote prevention, replay protection, SDK integration, consumer app, native Basecamp package, SPEL IDL, real RISC0 proof verification, historical public LEZ testnet inclusion evidence, and fresh current public-testnet deploy evidence. The main caveat is transparently documented: current reset-era public execute inclusion is still blocked even though local v0.2.0 execution/diff validation passes. ### Usability @@ -83,7 +85,7 @@ The Rust workspace includes unit and integration tests for privacy boundaries, d ### Performance -The submission includes safe-lane timings, RISC0 fixture measurements, serialized receipt/journal sizes, NSSA wrapper payload metrics, account counts, and historical public-testnet inclusion evidence. LEZ per-transaction CU counters are not currently exposed by the available tooling, so the cost evidence records that limitation in machine-readable form, and current reset-era tx refresh is still required. +The submission includes safe-lane timings, RISC0 fixture measurements, serialized receipt/journal sizes, NSSA wrapper payload metrics, account counts, and historical public-testnet inclusion evidence plus current reset-era deploy evidence. LEZ per-transaction CU counters are not currently exposed by the available tooling, so the cost evidence records that limitation in machine-readable form; current reset-era execute inclusion remains blocked and is not overclaimed. ### Supportability