Every protocol decision in Prova is pinned in a spec. Cryptographic choices, on-chain event formats, economic parameters, security threat model, governance lifecycle. If it's not in a spec, it's not in the product.
The proofs, the deals, the contracts. Everything that's enforceable on-chain.
The single storage-verification mechanism in Prova. Specifies CommP (piece commitment via sha2-256-trunc254-padded), Merkle tree construction over Fr32-padded leaves, on-chain ProofVerifier integration, and O(log N) gas verification. No sealing, no SNARKs, no TEE.
Deal lifecycle and settlement. Defines the state machine (Proposed → Downloading → Verifying → Accepting → Active → Completed / Cancelled / Slashed), escrow + streaming payment mechanics, and the 99/1 split between prover and protocol treasury.
Every log the chain emits, and why: DealProposed, DealAccepted, DealCompleted, DealCancelled, DealSlashed, PossessionProven, ProofMissed, DataSetFaulted, ProverRegistered, Staked, Withdrawn. Indexers, dashboards, and clients all live off this schema.
The GET /piece/{commp},
/.well-known/prova,
and /health HTTP endpoints
every prover exposes. Auth rules, rate limits, range-read semantics, gateway
conformance tests.
Threat models and audit checklists are public deliverables, not internal notes. If we can't enumerate the attacks, we can't claim safety.
STRIDE and asset-based threat enumeration across client, prover, contract, and chain surfaces. Mitigations map to specific code paths and test cases. Living document: new threats get added as the protocol evolves.
The exact list of items an external auditor is expected to verify: contract invariants, fund-flow paths, reentrancy surfaces, time assumptions, oracle dependencies (none), and upgrade authority. Pre-seeds the audit scope of work.
Where money comes from, where it goes, who decides. No hidden multisigs, no discretionary mints.
1B PROVA fixed supply, points-first pre-TGE with usage gates, 20% team (12mo cliff, 36mo vest), 40% storage rewards over 10 years, no ICO. The canonical source for every number that appears in marketing or listings.
Proposal lifecycle, voting weights, time-locked upgrade path, emergency brake powers. Starts as a 3-of-5 multisig at launch, transitions to token-weighted governance after year one with a 14-day timelock on every mutable parameter.
Retrieval, anchoring, data availability, and peer-to-peer discovery. Not everything is on Base; the parts that aren't, are specified here.
How clients discover provers, how provers announce themselves, and how retrieval degrades when a prover goes offline. Covers libp2p peer IDs, HTTPS fallback, and the announce/resolve flow against ProverRegistry.
Pre-pivot this described Prova L2 anchoring to Ethereum; post-pivot Prova is on Base which already inherits L1 security. Keeping the doc in-repo until the rewrite lands in case any of the merkle-range-proof primitives are reusable for cross-chain retrieval attestation.
DAS sampling strategy for piece retrievability when the assigned prover is temporarily offline. Erasure coding, challenge-response, and the relationship between DAS and the redundancy model.
Prova started as a standalone L1 chain with TEE-attested storage, confidential inference, and a QBP dispute protocol. The pivot to Base-native scope dropped eight specs into archive/specs-v1/: TEE storage proofs, confidential inference, model registry, activation merkle tree, audit protocol, QBP protocol, and the v1 security threat model + audit checklist. We keep them in-repo for historical traceability, not as product scope.