feat: enable full e2e proof agg and slashing [skip-line-limit]

agent/flow-trace/05_FAILURE_REFUND_SLASHING.md

@@ -331,13 +331,20 @@ ProofFailureAccusation arrives via P2P from another committee member
 │
 ├─ 1. Verify accuser is a committee member
 │
-├─ 2. Verify accuser's ECDSA signature on accusation digest
+├─ 2. Validate accusation deadline against local policy:
+│     - reject if deadline <= now (expired)
+│     - reject if deadline > now + accusationVoteValidity + skew
+│     - reject all peer accusations when accusationVoteValidity == 0
+│     - `skew` defaults to 30s and is configurable via
+│       `ACCUSATION_DEADLINE_SKEW_SECS` on the node process
 │
-├─ 3. Compute accusation_id:
+├─ 3. Verify accuser's ECDSA signature on accusation digest
+│
+├─ 4. Compute accusation_id:
 │     keccak256(abi.encodePacked(chainId, e3Id, accused, proofType))
 │     → Deterministic: all nodes compute same ID for same accusation
 │
-├─ 4. Determine own vote based on local verification cache:
+├─ 5. Determine own vote based on local verification cache:
 │     │
 │     ├─ Case A: We already FAILED verification for (accused, proof_type):
 │     │   → Vote agrees = true
@@ -351,15 +358,15 @@ ProofFailureAccusation arrives via P2P from another committee member
 │         │   → Vote after re-verification completes
 │         └─ For other proofs: vote agrees = false (no local evidence)
 │
-├─ 5. Create and SIGN vote:
+├─ 6. Create and SIGN vote:
 │     AccusationVote {
 │       e3_id, accusation_id, voter: my_address,
 │       agrees: <determined above>, data_hash,
 │       signature: ecSign(vote_digest)
 │     }
 │     → Broadcast via P2P gossip
 │
-└─ 6. Check quorum immediately
+└─ 7. Check quorum immediately
 ```
 
 #### Step 3: Vote Digest & Accusation ID (Must Match Solidity)

circuits/.gitignore

@@ -1,2 +1,4 @@
 target/
-Prover.toml
+Prover.toml
+# Which BFV preset last populated circuits/bin/target/ (written by build-circuits hydrate/build).
+.active-preset.json

circuits/benchmarks/README.md

@@ -19,31 +19,71 @@ From this directory:
 
 Options and secure-only **config** circuit behavior are documented in the script and `config.json`.
 
+### Proof aggregation and folding (integration)
+
+The gas / integration stage runs `cargo test -p e3-tests test_trbfv_actor` with **proof aggregation
+enabled by default** (`E3Requested.proof_aggregation_enabled = true`): per-node `ZkNodeDkgFold`,
+fold attestations (EIP-712 against `DkgFoldAttestationVerifier`), and exported folded
+`dkg_aggregator` / `decryption_aggregator` proofs for Π_DKG / Π_dec on-chain gas.
+
+| Flag / env                                              | Effect                                                                               |
+| ------------------------------------------------------- | ------------------------------------------------------------------------------------ |
+| `--proof-aggregation on` (default)                      | Full fold + aggregator path; folded artifacts in report                              |
+| `--proof-aggregation off` / `--no-proof-aggregation`    | Baseline without node folds / folded export                                          |
+| `BENCHMARK_PROOF_AGGREGATION`                           | Same as above when calling `extract_crisp_verify_gas.sh` directly                    |
+| `BENCHMARK_MULTITHREAD_JOBS=N` / `--multithread-jobs N` | Rayon concurrent ZK jobs (default `1`)                                               |
+| `BENCHMARK_DKG_FOLD_ATTESTATION_VERIFIER=0x…`           | EIP-712 verifying contract for fold attestations (default: localhost deploy address) |
+
+**Default output directories** (under `circuits/benchmarks/`; aggregation on/off no longer
+overwrites the same folder):
+
+| Mode       | Proof aggregation on (default) | Proof aggregation off (`--no-proof-aggregation`) |
+| ---------- | ------------------------------ | ------------------------------------------------ |
+| `insecure` | `results_insecure_agg/`        | `results_insecure_no_agg/`                       |
+| `secure`   | `results_secure_agg/`          | `results_secure_no_agg/`                         |
+
+**A/B comparison** (from `circuits/benchmarks`):
+
+```bash
+./run_benchmarks.sh --mode insecure --no-proof-aggregation
+./run_benchmarks.sh --mode insecure
+# Compare results_insecure_no_agg/report.md vs results_insecure_agg/report.md
+```
+
+`report.md` includes **Audit status**, **Measurement methodology** (metric kinds), labeled **Role /
+Phase** rows (`wall_clock` vs `isolated_nargo` vs `tracked_job_wall`), **NodeDkgFold sub-steps**,
+and **Folded on-chain artifacts** when `integration_summary` is present. Verify gas must be complete
+(not N/A) for audit sign-off.
+
 ### What gets stored (secure / insecure)
 
-A full `./run_benchmarks.sh --mode <mode>` run writes:
+A full `./run_benchmarks.sh --mode <mode>` run writes to `results_<mode>_agg/` or
+`results_<mode>_no_agg/` (see table above):
+
+- `raw/*.json` — Nargo timing + artifact sizes (source for the **Circuit Benchmarks** table)
+- `crisp_verify_gas.json` — verify gas, calldata gas, artifact sizes, and **`integration_summary`**
+  from `test_trbfv_actor` when gas extraction succeeds
+- `integration_summary.json` — snapshot of `integration_summary` (phase timings, folded proofs,
+  multithread / operation timings)
+- `benchmark_run_meta.json` — CLI flags (mode, proof aggregation, multithread jobs, verbose)
+- `report.md` — rendered summary of all of the above
 
-- `results_<mode>/raw/*.json` — Nargo timing + artifact sizes (source for the **Circuit Benchmarks**
-  table)
-- `results_<mode>/crisp_verify_gas.json` — verify gas, calldata gas, artifact sizes, and
-  **`integration_summary`** from `test_trbfv_actor` when gas extraction succeeds
-- `results_<mode>/integration_summary.json` — snapshot of `.integration_summary` (phase timings,
-  folded proofs, **multithread / operation_timings** after a fresh integration export)
-- `results_<mode>/report.md` — rendered summary of all of the above
+Older runs used `results_<mode>/` without the `_agg` / `_no_agg` suffix; `regenerate_report.sh`
+still finds that layout as a fallback.
 
 ### Regenerate `report.md` only (no integration re-run)
 
 From this directory, after you already have `raw/` + `crisp_verify_gas.json`:
 
 ```bash
-./regenerate_report.sh
 ./regenerate_report.sh --mode insecure
+./regenerate_report.sh --mode insecure --no-proof-aggregation
 ```
 
 `crisp_verify_gas.json` embeds the integration timings; if you also keep `integration_summary.json`
 in the same folder, the script passes it explicitly (useful when gas JSON is missing a field but the
 snapshot is complete). `regenerate_report.sh` itself does not re-run `test_trbfv_actor`; it renders
-from `results_<mode>/raw`, `crisp_verify_gas.json`, and (optionally) `integration_summary.json`.
+from the matching `results_<mode>_{agg|no_agg}/` directory.
 
 ## Refresh after parameter changes
 
@@ -60,13 +100,13 @@ pnpm -C examples/CRISP/packages/crisp-sdk build
 
 # Extract on-chain verify gas from simulated verifier tests
 ./circuits/benchmarks/scripts/extract_crisp_verify_gas.sh \
-  --output "./circuits/benchmarks/results_insecure/crisp_verify_gas.json"
+  --output "./circuits/benchmarks/results_insecure_agg/crisp_verify_gas.json"
 
 # Regenerate report with gas values
 ./circuits/benchmarks/scripts/generate_report.sh \
-  --input-dir "./circuits/benchmarks/results_insecure/raw" \
-  --output "./circuits/benchmarks/results_insecure/report.md" \
-  --gas-json "./circuits/benchmarks/results_insecure/crisp_verify_gas.json"
+  --input-dir "./circuits/benchmarks/results_insecure_agg/raw" \
+  --output "./circuits/benchmarks/results_insecure_agg/report.md" \
+  --gas-json "./circuits/benchmarks/results_insecure_agg/crisp_verify_gas.json"
 ```
 
 If Π_DKG / Π_dec **verify gas** is `N/A` because `crisp_verify_gas.json` came from a failed extract,
@@ -77,7 +117,7 @@ step and merge **dkg** / **dec** into the gas file (no Rust re-run):
 # For secure folded proofs, align Solidity verifiers first (--build may take a while).
 ./circuits/benchmarks/scripts/replay_folded_verify_gas.sh \
   --summary "/tmp/summary_secure.json" \
-  --gas-json "./circuits/benchmarks/results_secure/crisp_verify_gas.json" \
+  --gas-json "./circuits/benchmarks/results_secure_agg/crisp_verify_gas.json" \
   --build secure-8192
 ```
 
@@ -87,13 +127,13 @@ If `crisp_verify_gas.json` has `integration_summary: null` but you still have th
 
 ```bash
 ./circuits/benchmarks/scripts/generate_report.sh \
-  --input-dir "./circuits/benchmarks/results_secure/raw" \
-  --output "./circuits/benchmarks/results_secure/report.md" \
-  --gas-json "./circuits/benchmarks/results_secure/crisp_verify_gas.json" \
+  --input-dir "./circuits/benchmarks/results_secure_agg/raw" \
+  --output "./circuits/benchmarks/results_secure_agg/report.md" \
+  --gas-json "./circuits/benchmarks/results_secure_agg/crisp_verify_gas.json" \
   --integration-summary "/tmp/summary_secure.json"
 ```
 
-For secure mode, use `--mode secure` and replace `results_insecure` with `results_secure`.
+For secure mode, use `--mode secure` and the `results_secure_{agg|no_agg}/` directories.
 
 ## Reported protocol tables
 
@@ -107,6 +147,9 @@ For secure mode, use `--mode secure` and replace `results_insecure` with `result
   - an `Integration test` section (end-to-end phase wall-clock timings)
   - a `Thread pool` section (Rayon threads / cores)
   - `CPU-bound operation timings` (tracked in-process averages/totals)
+  - `Proof aggregation / folding` (enabled flag, fold attestation verifier address)
+  - `Aggregation / fold operation timings` (`ZkNodeDkgFold`, `ZkDkgAggregation`, etc.)
+  - `Folded on-chain artifacts` (byte sizes used for Π_DKG / Π_dec gas replay)
 
 ## Derivation rules
 
@@ -136,10 +179,19 @@ EVM verifier `estimateGas` in `packages/enclave-contracts/scripts/benchmarkGasFr
 
 `extract_crisp_verify_gas.sh` (and `replay_folded_verify_gas.sh --build <preset>`) call
 `ensure_circuit_preset_built.sh`, which runs
-`pnpm build:circuits --skip-if-built --no-clean --no-clean-targets` by default (skips recompile when
-`dist/circuits/<preset>/.build-stamp.json` and marker artifacts match the current circuit sources).
-Then `pnpm generate:verifiers --no-compile` refreshes Honk contracts before integration export and
-Hardhat replay.
+`pnpm build:circuits --skip-if-built --no-clean --no-clean-targets` by default. When
+`dist/circuits/<preset>/` is already built but `circuits/bin/` still reflects another preset (e.g.
+you ran insecure benchmarks after a secure build), the build script **hydrates** `circuits/bin` from
+`dist/` in seconds instead of recompiling (~50 minutes for `secure-8192`). You only pay the full
+compile once per preset until circuit sources change. Then
+`pnpm generate:verifiers --check --no-compile --preset <preset>` verifies that
+`dist/circuits/<preset>/` is built and `circuits/bin/.active-preset.json` matches the benchmark mode
+(`insecure-512` for `--mode insecure`, `secure-8192` for `--mode secure`). For **insecure** runs it
+also diffs the committed Honk Solidity verifiers (`DkgAggregatorVerifier.sol`,
+`DecryptionAggregatorVerifier.sol`) against the current insecure VKs. For **secure** runs it skips
+that `.sol` diff (committed verifiers stay pinned to `insecure-512` for production deploy); gas
+replay deploys fresh aggregator verifiers from `circuits/bin` at runtime. If you see preset mismatch
+or insecure drift errors, follow the fix recipe printed by the script.
 
 - **`--force-build`** on extract/replay/ensure: full rebuild (same as a fresh `build:circuits`).
 - **`--skip-build`** on extract/replay: skip circuit build and Honk generation (only re-run

circuits/benchmarks/results_insecure_agg/benchmark_run_meta.json

@@ -0,0 +1,11 @@
+{
+  "benchmark_mode": "insecure",
+  "bfv_preset_subdir": "insecure-512",
+  "proof_aggregation": true,
+  "multithread_jobs": 13,
+  "verbose": true,
+  "nodes_spawned": 20,
+  "committee_size_n": 3,
+  "network_model": "in_process_bus",
+  "testmode_harness": true
+}