feat: add onchain proofs to events

agent/flow-trace/00_INDEX.md

@@ -170,7 +170,7 @@ _Found during source-code cross-referencing of these trace documents._
 | 5   | `E3Requested` event is `(uint256 e3Id, E3 e3, IE3Program indexed e3Program)` — seed and params are inside the E3 struct, not separate parameters.                                                                                                              | IEnclave.sol:82                   | 03_E3_REQUEST   |
 | 6   | `finalizeCommittee()` checks `>=` deadline, not `>`.                                                                                                                                                                                                           | CiphernodeRegistryOwnable.sol     | 03_E3_REQUEST   |
 | 7   | `publishCommittee()` is `onlyOwner` restricted — centralized trust assumption acknowledged in contract TODOs.                                                                                                                                                  | CiphernodeRegistryOwnable.sol     | 04_DKG          |
-| 8   | `CommitteePublished` event emits `(e3Id, nodes, publicKey)` — full PK bytes, not just pkHash.                                                                                                                                                                  | CiphernodeRegistryOwnable.sol     | 04_DKG          |
+| 8   | `CommitteePublished` event emits `(e3Id, nodes, publicKey, proof)` — full PK bytes and C5 proof, not just pkHash.                                                                                                                                              | CiphernodeRegistryOwnable.sol     | 04_DKG          |
 | 9   | `_validateNodeEligibility` calls `bondingRegistry.getTicketBalanceAtBlock()` (not `ticketToken.getPastVotes()` directly).                                                                                                                                      | CiphernodeRegistryOwnable.sol:668 | 03_E3_REQUEST   |
 | 10  | Lane A slashing uses **attestation-based** verification (committee quorum votes), not direct ZK proof re-verification on-chain. `proposeSlash()` decodes voter addresses, agrees, data hashes, and ECDSA signatures — not ZK proofs.                           | SlashingManager.sol               | 05_FAILURE      |
 

agent/flow-trace/04_DKG_AND_COMPUTATION.md

@@ -505,7 +505,7 @@ PublicKeyAggregator (AGGREGATOR) collects KeyshareCreated events
         │  │       │  │    Emit E3StageChanged(KeyPublished)  │  │
         │  │       │  │  }                                   │  │
         │  │       │  └──────────────────────────────────────┘  │
-        │  │    6. Emit CommitteePublished(e3Id, nodes, pk)      │
+        │  │    6. Emit CommitteePublished(e3Id, nodes, pk, C5 proof) │
         │  │       → Note: emits full pk bytes, NOT just pkHash  │
         │  │  }                                                  │
         │  └─────────────────────────────────────────────────────┘
@@ -706,7 +706,7 @@ ThresholdPlaintextAggregator receives DecryptionshareCreated events
         │  │       │  │       registered operator            │  │
         │  │       │  │  6. Emit RewardsDistributed          │  │
         │  │       │  └──────────────────────────────────────┘  │
-        │  │    7. Emit PlaintextOutputPublished(e3Id, output)   │
+        │  │    7. Emit PlaintextOutputPublished(e3Id, output, C7 proof) │
         │  │    8. Emit E3StageChanged(Complete)                 │
         │  │  }                                                  │
         │  └─────────────────────────────────────────────────────┘

agent/flow-trace/06_DEACTIVATION_AND_COMPLETION.md

@@ -165,7 +165,7 @@ publishPlaintextOutput() succeeds
 │   │   │     remainder sent to protocol treasury
 │   │   │   → If no escrowed funds: no-op
 │   │   └─ Emit RewardsDistributed(e3Id)
-│   └─ Emit PlaintextOutputPublished, E3StageChanged(Complete)
+│   └─ Emit PlaintextOutputPublished(e3Id, plaintext, proof), E3StageChanged(Complete)
 │
 └─ RUST-SIDE (cleanup via E3RequestComplete):
     │

crates/events/src/enclave_event/committee_published.rs

@@ -15,16 +15,18 @@ pub struct CommitteePublished {
     pub e3_id: E3id,
     pub nodes: Vec<String>,
     pub public_key: Vec<u8>,
+    pub proof: Vec<u8>,
 }
 
 impl Display for CommitteePublished {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(
             f,
-            "e3_id: {}, nodes: {:?}, public_key_len: {}",
+            "e3_id: {}, nodes: {:?}, public_key_len: {}, proof_len: {}",
             self.e3_id,
             self.nodes,
-            self.public_key.len()
+            self.public_key.len(),
+            self.proof.len()
         )
     }
 }

crates/events/src/enclave_event/plaintext_output_published.rs

@@ -14,15 +14,17 @@ use std::fmt::{self, Display};
 pub struct PlaintextOutputPublished {
     pub e3_id: E3id,
     pub plaintext_output: Vec<u8>,
+    pub proof: Vec<u8>,
 }
 
 impl Display for PlaintextOutputPublished {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(
             f,
-            "e3_id: {}, plaintext_output_len: {}",
+            "e3_id: {}, plaintext_output_len: {}, proof_len: {}",
             self.e3_id,
-            self.plaintext_output.len()
+            self.plaintext_output.len(),
+            self.proof.len()
         )
     }
 }

crates/evm-helpers/src/events.rs

@@ -58,10 +58,10 @@ sol! {
     event CiphertextOutputPublished(uint256 indexed e3Id, bytes ciphertextOutput);
 
     #[derive(Debug)]
-    event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput);
+    event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput, bytes proof);
 
     #[derive(Debug)]
-    event CommitteePublished(uint256 indexed e3Id, address[] nodes, bytes publicKey);
+    event CommitteePublished(uint256 indexed e3Id, address[] nodes, bytes publicKey, bytes proof);
 
     #[derive(Debug)]
     enum E3Stage {

crates/evm-helpers/tests/fixtures/fake_enclave.sol

@@ -9,8 +9,8 @@ pragma solidity >=0.4.24;
 contract FakeEnclave {
   event InputPublished(uint256 indexed e3Id, bytes data, uint256 inputHash, uint256 index);
   event CiphertextOutputPublished(uint256 indexed e3Id, bytes ciphertextOutput);
-  event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput);
-  event CommitteePublished(uint256 indexed e3Id, address[] nodes, bytes publicKey);
+  event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput, bytes proof);
+  event CommitteePublished(uint256 indexed e3Id, address[] nodes, bytes publicKey, bytes proof);
 
   // Emit InputPublished event with passed test data
   function emitInputPublished(uint256 e3Id, bytes memory data, uint256 inputHash, uint256 index) public {
@@ -23,14 +23,14 @@ contract FakeEnclave {
   }
 
   // Emit PlaintextOutputPublished event with passed test data
-  function emitPlaintextOutputPublished(uint256 e3Id, bytes memory plaintextOutput) public {
-    emit PlaintextOutputPublished(e3Id, plaintextOutput);
+  function emitPlaintextOutputPublished(uint256 e3Id, bytes memory plaintextOutput, bytes memory proof) public {
+    emit PlaintextOutputPublished(e3Id, plaintextOutput, proof);
   }
 
   // Emit CommitteePublished event with passed test data
-  function emitCommitteePublished(uint256 e3Id, bytes memory publicKey) public {
+  function emitCommitteePublished(uint256 e3Id, bytes memory publicKey, bytes memory proof) public {
     address[] memory nodes = new address[](1);
-    emit CommitteePublished(e3Id, nodes, publicKey);
+    emit CommitteePublished(e3Id, nodes, publicKey, proof);
   }
 
   function getE3(uint256 _e3Id) external view returns (E3 memory e3) {

crates/indexer/src/indexer.rs

@@ -337,9 +337,10 @@ impl<S: DataStore, R: ProviderType> EnclaveIndexer<S, R> {
             let e3_id = u64_try_from(e.e3Id)?;
 
             info!(
-                "CommitteePublished: id={}, public_key_len={}",
+                "CommitteePublished: id={}, public_key_len={}, proof_len={}",
                 e.e3Id,
-                e.publicKey.len()
+                e.publicKey.len(),
+                e.proof.len()
             );
 
             let e3 = contract.get_e3(e.e3Id).await?;
@@ -403,9 +404,10 @@ impl<S: DataStore, R: ProviderType> EnclaveIndexer<S, R> {
         self.add_event_handler(move |e: PlaintextOutputPublished, ctx| async move {
             let store = ctx.store();
             info!(
-                "PlaintextOutputPublished: e3_id={}, output=0x{}...",
+                "PlaintextOutputPublished: e3_id={}, output=0x{}..., proof_len={}",
                 e.e3Id,
-                hex::encode(&e.plaintextOutput[..8.min(e.plaintextOutput.len())])
+                hex::encode(&e.plaintextOutput[..8.min(e.plaintextOutput.len())]),
+                e.proof.len()
             );
             let e3_id = u64_try_from(e.e3Id)?;
             let mut repo = E3Repository::new(store, e3_id);

crates/indexer/tests/fixtures/fake_enclave.sol

@@ -9,8 +9,8 @@ pragma solidity >=0.4.24;
 contract FakeEnclave {
   event InputPublished(uint256 indexed e3Id, bytes data, uint256 inputHash, uint256 index);
   event CiphertextOutputPublished(uint256 indexed e3Id, bytes ciphertextOutput);
-  event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput);
-  event CommitteePublished(uint256 indexed e3Id, address[] nodes, bytes publicKey);
+  event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput, bytes proof);
+  event CommitteePublished(uint256 indexed e3Id, address[] nodes, bytes publicKey, bytes proof);
 
   // Emit InputPublished event with passed test data
   function emitInputPublished(uint256 e3Id, bytes memory data, uint256 inputHash, uint256 index) public {
@@ -23,14 +23,14 @@ contract FakeEnclave {
   }
 
   // Emit PlaintextOutputPublished event with passed test data
-  function emitPlaintextOutputPublished(uint256 e3Id, bytes memory plaintextOutput) public {
-    emit PlaintextOutputPublished(e3Id, plaintextOutput);
+  function emitPlaintextOutputPublished(uint256 e3Id, bytes memory plaintextOutput, bytes memory proof) public {
+    emit PlaintextOutputPublished(e3Id, plaintextOutput, proof);
   }
 
   // Emit CommitteePublished event with passed test data
-  function emitCommitteePublished(uint256 e3Id, bytes memory publicKey) public {
+  function emitCommitteePublished(uint256 e3Id, bytes memory publicKey, bytes memory proof) public {
     address[] memory nodes = new address[](1);
-    emit CommitteePublished(e3Id, nodes, publicKey);
+    emit CommitteePublished(e3Id, nodes, publicKey, proof);
   }
 
   function getE3(uint256 _e3Id) external view returns (E3 memory e3) {

crates/indexer/tests/integration.rs

@@ -113,7 +113,11 @@ async fn test_indexer() -> Result<()> {
 
     // first publish committee pk
     enclave_contract
-        .emitCommitteePublished(Uint::from(E3_ID), Bytes::from(pk.to_bytes()))
+        .emitCommitteePublished(
+            Uint::from(E3_ID),
+            Bytes::from(pk.to_bytes()),
+            Bytes::default(),
+        )
         .send()
         .await?
         .watch()

docs/pages/building-with-enclave.mdx

@@ -223,7 +223,7 @@ event E3StageChanged(uint256 indexed e3Id, E3Stage previousStage, E3Stage newSta
 
 event CiphertextOutputPublished(uint256 indexed e3Id, bytes ciphertextOutput);
 
-event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput);
+event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput, bytes proof);
 
 event E3Failed(uint256 indexed e3Id, E3Stage failedAtStage, FailureReason reason);
 
@@ -273,8 +273,8 @@ const e3Id = receipt.logs
 ### Monitoring Results
 
 ```javascript
-enclaveContract.on('PlaintextOutputPublished', (e3Id, plaintext) => {
-  console.log(`Computation ${e3Id} completed with result:`, plaintext)
+enclaveContract.on('PlaintextOutputPublished', (e3Id, plaintext, proof) => {
+  console.log(`Computation ${e3Id} completed with result:`, plaintext, proof)
 })
 ```
 

docs/pages/computation-flow.mdx

@@ -113,7 +113,7 @@ function getE3(uint256 e3Id) external view returns (E3 memory e3);
 or by listening to the `PlaintextOutputPublished` event.
 
 ```solidity
-event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput);
+event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput, bytes proof);
 ```
 
 Upon successful decryption, rewards are distributed to the active committee members.

packages/enclave-contracts/artifacts/contracts/interfaces/IBondingRegistry.sol/IBondingRegistry.json

@@ -940,5 +940,5 @@
   "deployedLinkReferences": {},
   "immutableReferences": {},
   "inputSourceName": "project/contracts/interfaces/IBondingRegistry.sol",
-  "buildInfoId": "solc-0_8_28-561f4408bcfee777a1360e3f4f4b4e2d1bea7249"
+  "buildInfoId": "solc-0_8_28-4e1d4326aa586bce7ef3b38a9e93aeff5ca3ac8f"
 }

packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json

@@ -179,6 +179,12 @@
           "internalType": "bytes",
           "name": "publicKey",
           "type": "bytes"
+        },
+        {
+          "indexed": false,
+          "internalType": "bytes",
+          "name": "proof",
+          "type": "bytes"
         }
       ],
       "name": "CommitteePublished",
@@ -787,5 +793,5 @@
   "deployedLinkReferences": {},
   "immutableReferences": {},
   "inputSourceName": "project/contracts/interfaces/ICiphernodeRegistry.sol",
-  "buildInfoId": "solc-0_8_28-561f4408bcfee777a1360e3f4f4b4e2d1bea7249"
+  "buildInfoId": "solc-0_8_28-4e1d4326aa586bce7ef3b38a9e93aeff5ca3ac8f"
 }

packages/enclave-contracts/artifacts/contracts/interfaces/IEnclave.sol/IEnclave.json

@@ -432,6 +432,12 @@
           "internalType": "bytes",
           "name": "plaintextOutput",
           "type": "bytes"
+        },
+        {
+          "indexed": false,
+          "internalType": "bytes",
+          "name": "proof",
+          "type": "bytes"
         }
       ],
       "name": "PlaintextOutputPublished",
@@ -1395,5 +1401,5 @@
   "deployedLinkReferences": {},
   "immutableReferences": {},
   "inputSourceName": "project/contracts/interfaces/IEnclave.sol",
-  "buildInfoId": "solc-0_8_28-561f4408bcfee777a1360e3f4f4b4e2d1bea7249"
+  "buildInfoId": "solc-0_8_28-4e1d4326aa586bce7ef3b38a9e93aeff5ca3ac8f"
 }

packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json

@@ -954,5 +954,5 @@
   "deployedLinkReferences": {},
   "immutableReferences": {},
   "inputSourceName": "project/contracts/interfaces/ISlashingManager.sol",
-  "buildInfoId": "solc-0_8_28-561f4408bcfee777a1360e3f4f4b4e2d1bea7249"
+  "buildInfoId": "solc-0_8_28-4e1d4326aa586bce7ef3b38a9e93aeff5ca3ac8f"
 }

packages/enclave-contracts/artifacts/contracts/token/EnclaveTicketToken.sol/EnclaveTicketToken.json

@@ -1223,5 +1223,5 @@
     ]
   },
   "inputSourceName": "project/contracts/token/EnclaveTicketToken.sol",
-  "buildInfoId": "solc-0_8_28-16cf43f6814888a6b7f512f8d4a2a360fcb66d4c"
+  "buildInfoId": "solc-0_8_28-4e1d4326aa586bce7ef3b38a9e93aeff5ca3ac8f"
 }

packages/enclave-contracts/contracts/Enclave.sol

@@ -485,7 +485,7 @@ contract Enclave is IEnclave, OwnableUpgradeable {
 
         _distributeRewards(e3Id);
 
-        emit PlaintextOutputPublished(e3Id, plaintextOutput);
+        emit PlaintextOutputPublished(e3Id, plaintextOutput, proof);
         emit E3StageChanged(e3Id, E3Stage.CiphertextReady, E3Stage.Complete);
     }
 

packages/enclave-contracts/contracts/interfaces/ICiphernodeRegistry.sol

@@ -99,10 +99,12 @@ interface ICiphernodeRegistry {
     /// @notice This event MUST be emitted when a committee is selected for an E3.
     /// @param e3Id ID of the E3 for which the committee was selected.
     /// @param publicKey Public key of the committee.
+    /// @param proof C5 proof bytes verified prior to publication.
     event CommitteePublished(
         uint256 indexed e3Id,
         address[] nodes,
-        bytes publicKey
+        bytes publicKey,
+        bytes proof
     );
 
     /// @notice This event MUST be emitted when a committee's active status changes.

packages/enclave-contracts/contracts/interfaces/IEnclave.sol

@@ -104,7 +104,12 @@ interface IEnclave {
     /// is successfully published.
     /// @param e3Id ID of the E3.
     /// @param plaintextOutput ABI encoded plaintext output.
-    event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput);
+    /// @param proof ABI encoded verification proof (C7) for the plaintext output.
+    event PlaintextOutputPublished(
+        uint256 indexed e3Id,
+        bytes plaintextOutput,
+        bytes proof
+    );
 
     /// @notice This event MUST be emitted when the ciphertext output of an Encrypted Execution Environment (E3)
     /// is successfully published.

packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol

@@ -311,7 +311,7 @@ contract CiphernodeRegistryOwnable is ICiphernodeRegistry, OwnableUpgradeable {
 
         enclave.onCommitteePublished(e3Id, publicKeyHash);
 
-        emit CommitteePublished(e3Id, nodes, publicKey);
+        emit CommitteePublished(e3Id, nodes, publicKey, proof);
     }
 
     /// @inheritdoc ICiphernodeRegistry