+
+
+
+
+
+
+
+
+
+
+
+
+
+
Drag & drop circuit files
+
Required: prover.pkp, verifier.pkv, inputs.json
+
+
+
+
+
+
+
REQUIREMENT CHECKLIST
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
PROOF GENERATION STEPS
+
+
+
+
+
1
+
+
Load WASM Modules
+
Status: Waiting...
+
+
+
+
+
2
+
+
Load Circuit & Artifacts
+
Status: Waiting...
+
+
+
+
+
3
+
+
Generate Witness (noir_js)
+
Status: Waiting...
+
+
+
+
+
4
+
+
Generate Proof (ProveKit WASM)
+
Status: Waiting...
+
+
+
+
+
5
+
+
Verify Proof (ProveKit WASM)
+
Status: Waiting...
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
TOTAL TIME (WITNESS + PROOF)
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/playground/wasm-demo/noir-web/noir-init.mjs b/playground/wasm-demo/noir-web/noir-init.mjs
new file mode 100644
index 000000000..fdcfab778
--- /dev/null
+++ b/playground/wasm-demo/noir-web/noir-init.mjs
@@ -0,0 +1,82 @@
+/**
+ * noir_js browser initialization wrapper
+ *
+ * This module handles loading and initializing the Noir WASM modules
+ * for browser usage. It uses the web builds of acvm_js and noirc_abi.
+ */
+
+// Import web builds (resolved via import map)
+import initACVM, * as acvm from '@noir-lang/acvm_js';
+import initNoirC, * as noirc_abi from '@noir-lang/noirc_abi';
+
+let initialized = false;
+
+/**
+ * Decode base64 string to Uint8Array (browser implementation)
+ */
+function base64Decode(input) {
+ return Uint8Array.from(atob(input), (c) => c.charCodeAt(0));
+}
+
+// Simple Noir class implementation for browser
+// Based on the official noir_js implementation
+export class Noir {
+ constructor(circuit) {
+ this.circuit = circuit;
+ }
+
+ async execute(inputs, foreignCallHandler) {
+ if (!initialized) {
+ throw new Error('Call initNoir() before executing');
+ }
+
+ // Default foreign call handler
+ const defaultHandler = async (name, args) => {
+ if (name === 'print') {
+ return [];
+ }
+ throw new Error(`Unexpected oracle during execution: ${name}(${args.join(', ')})`);
+ };
+
+ const handler = foreignCallHandler || defaultHandler;
+
+ // Encode inputs using noirc_abi
+ const witnessMap = noirc_abi.abiEncode(this.circuit.abi, inputs);
+
+ // Decode bytecode from base64 and execute
+ const decodedBytecode = base64Decode(this.circuit.bytecode);
+ const witnessStack = await acvm.executeProgram(decodedBytecode, witnessMap, handler);
+
+ // Compress the witness stack
+ const witness = acvm.compressWitnessStack(witnessStack);
+
+ return { witness };
+ }
+}
+
+/**
+ * Initialize the Noir WASM modules.
+ * Must be called before using Noir or decompressWitness.
+ */
+export async function initNoir() {
+ if (initialized) return;
+
+ // Initialize ACVM and NoirC WASM modules in parallel
+ await Promise.all([
+ initACVM(),
+ initNoirC()
+ ]);
+
+ initialized = true;
+}
+
+/**
+ * Decompress a witness from compressed format.
+ * Note: This returns a witness stack, use [0].witness for the main witness.
+ */
+export function decompressWitness(compressed) {
+ if (!initialized) {
+ throw new Error('Call initNoir() before using decompressWitness');
+ }
+ return acvm.decompressWitnessStack(compressed);
+}
diff --git a/playground/wasm-demo/package.json b/playground/wasm-demo/package.json
new file mode 100644
index 000000000..b3a2db1cb
--- /dev/null
+++ b/playground/wasm-demo/package.json
@@ -0,0 +1,17 @@
+{
+ "name": "provekit-wasm-demo",
+ "version": "1.0.0",
+ "description": "ProveKit WASM browser demo",
+ "type": "module",
+ "scripts": {
+ "setup": "node scripts/setup.mjs",
+ "demo:web": "node scripts/serve.mjs",
+ "serve": "node scripts/serve.mjs",
+ "clean": "rm -rf artifacts pkg pkg-web"
+ },
+ "dependencies": {
+ "@noir-lang/acvm_js": "1.0.0-beta.11",
+ "@noir-lang/noir_js": "1.0.0-beta.11",
+ "@noir-lang/noirc_abi": "1.0.0-beta.11"
+ }
+}
diff --git a/playground/wasm-demo/scripts/serve.mjs b/playground/wasm-demo/scripts/serve.mjs
new file mode 100644
index 000000000..d81e88829
--- /dev/null
+++ b/playground/wasm-demo/scripts/serve.mjs
@@ -0,0 +1,139 @@
+#!/usr/bin/env node
+/**
+ * Simple HTTP server for the web demo with Cross-Origin Isolation.
+ *
+ * Serves static files with proper MIME types and required headers for:
+ * - SharedArrayBuffer (needed for wasm-bindgen-rayon thread pool)
+ * - Cross-Origin Isolation (COOP + COEP headers)
+ */
+
+import { createServer } from "http";
+import { readFile, stat } from "fs/promises";
+import { extname, join, resolve } from "path";
+import { fileURLToPath } from "url";
+
+const __dirname = fileURLToPath(new URL(".", import.meta.url));
+const ROOT = resolve(__dirname, "..");
+const START_PORT = parseInt(process.env.PORT || "8080");
+
+const MIME_TYPES = {
+ ".html": "text/html",
+ ".js": "text/javascript",
+ ".mjs": "text/javascript",
+ ".css": "text/css",
+ ".json": "application/json",
+ ".wasm": "application/wasm",
+ ".toml": "text/plain",
+ ".png": "image/png",
+ ".jpg": "image/jpeg",
+ ".svg": "image/svg+xml",
+};
+
+async function serveFile(res, filePath) {
+ try {
+ const data = await readFile(filePath);
+ const ext = extname(filePath).toLowerCase();
+ const contentType = MIME_TYPES[ext] || "application/octet-stream";
+
+ res.writeHead(200, {
+ "Content-Type": contentType,
+ "Access-Control-Allow-Origin": "*",
+ // Cross-Origin Isolation headers required for SharedArrayBuffer
+ // These enable wasm-bindgen-rayon's Web Worker-based parallelism
+ "Cross-Origin-Opener-Policy": "same-origin",
+ "Cross-Origin-Embedder-Policy": "require-corp",
+ });
+ res.end(data);
+ } catch (err) {
+ if (err.code === "ENOENT") {
+ res.writeHead(404, { "Content-Type": "text/plain" });
+ res.end("Not Found");
+ } else {
+ console.error(err);
+ res.writeHead(500, { "Content-Type": "text/plain" });
+ res.end("Internal Server Error");
+ }
+ }
+}
+
+async function handleRequest(req, res) {
+ let urlPath = req.url.split("?")[0];
+
+ // Default to index.html
+ if (urlPath === "/") {
+ urlPath = "/index.html";
+ }
+
+ const filePath = join(ROOT, urlPath);
+
+ // Security: prevent directory traversal
+ if (!filePath.startsWith(ROOT)) {
+ res.writeHead(403, { "Content-Type": "text/plain" });
+ res.end("Forbidden");
+ return;
+ }
+
+ // Check if it's a directory
+ try {
+ const stats = await stat(filePath);
+ if (stats.isDirectory()) {
+ // For the pkg/ directory, serve the WASM JS entry point.
+ // wasm-bindgen-rayon workers do `import('../../..')` which resolves to
+ // the pkg/ directory. Browsers can't import directories, so we serve
+ // the main JS module directly.
+ const pkgEntry = join(filePath, "provekit_wasm.js");
+ try {
+ await stat(pkgEntry);
+ await serveFile(res, pkgEntry);
+ return;
+ } catch (_) {
+ // No provekit_wasm.js — fall back to index.html
+ }
+ await serveFile(res, join(filePath, "index.html"));
+ } else {
+ await serveFile(res, filePath);
+ }
+ } catch (err) {
+ if (err.code === "ENOENT") {
+ res.writeHead(404, { "Content-Type": "text/plain" });
+ res.end("Not Found");
+ } else {
+ console.error(err);
+ res.writeHead(500, { "Content-Type": "text/plain" });
+ res.end("Internal Server Error");
+ }
+ }
+}
+
+async function startServer(port, maxAttempts = 10) {
+ for (let attempt = 0; attempt < maxAttempts; attempt++) {
+ const currentPort = port + attempt;
+ try {
+ await new Promise((resolve, reject) => {
+ const server = createServer(handleRequest);
+ server.once("error", reject);
+ server.listen(currentPort, () => {
+ console.log(`\n🌐 ProveKit WASM Web Demo (with parallelism)`);
+ console.log(` Server running at http://localhost:${currentPort}`);
+ console.log(`\n Cross-Origin Isolation: ENABLED`);
+ console.log(` SharedArrayBuffer: AVAILABLE`);
+ console.log(` Thread pool: SUPPORTED`);
+ console.log(`\n Open the URL above in your browser to run the demo.`);
+ console.log(` Press Ctrl+C to stop.\n`);
+ resolve();
+ });
+ });
+ return; // Success
+ } catch (err) {
+ if (err.code === "EADDRINUSE") {
+ console.log(`Port ${currentPort} is in use, trying ${currentPort + 1}...`);
+ } else {
+ throw err;
+ }
+ }
+ }
+ console.error(`Could not find an available port after ${maxAttempts} attempts`);
+ process.exit(1);
+}
+
+startServer(START_PORT);
diff --git a/playground/wasm-demo/scripts/setup.mjs b/playground/wasm-demo/scripts/setup.mjs
new file mode 100644
index 000000000..84eb7ca37
--- /dev/null
+++ b/playground/wasm-demo/scripts/setup.mjs
@@ -0,0 +1,556 @@
+#!/usr/bin/env node
+/**
+ * Setup script for ProveKit WASM browser demo.
+ *
+ * Usage:
+ * node scripts/setup.mjs
+ *
+ * Builds WASM + CLI once, then prepares both SHA256 and Poseidon circuits
+ * into artifacts/sha256/ and artifacts/poseidon/ respectively.
+ */
+
+import { execSync, spawnSync } from "child_process";
+import {
+ existsSync,
+ mkdirSync,
+ copyFileSync,
+ readFileSync,
+ writeFileSync,
+ readdirSync,
+} from "fs";
+import { dirname, join, resolve } from "path";
+import { fileURLToPath } from "url";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const ROOT_DIR = resolve(__dirname, "../../..");
+const DEMO_DIR = resolve(__dirname, "..");
+const WASM_PKG_DIR = join(ROOT_DIR, "tooling/provekit-wasm/pkg");
+
+const CIRCUITS = [
+ { name: "sha256", path: join(ROOT_DIR, "noir-examples/noir_sha256") },
+ { name: "poseidon", path: join(ROOT_DIR, "noir-examples/poseidon-rounds") },
+];
+
+// Colors for console output
+const colors = {
+ reset: "\x1b[0m",
+ bright: "\x1b[1m",
+ green: "\x1b[32m",
+ yellow: "\x1b[33m",
+ blue: "\x1b[34m",
+ red: "\x1b[31m",
+};
+
+function log(msg, color = colors.reset) {
+ console.log(`${color}${msg}${colors.reset}`);
+}
+
+function logStep(step, msg) {
+ console.log(
+ `\n${colors.blue}[${step}]${colors.reset} ${colors.bright}${msg}${colors.reset}`
+ );
+}
+
+function logSuccess(msg) {
+ console.log(`${colors.green}✓${colors.reset} ${msg}`);
+}
+
+function logError(msg) {
+ console.error(`${colors.red}✗ ${msg}${colors.reset}`);
+}
+
+function run(cmd, opts = {}) {
+ log(` $ ${cmd}`, colors.yellow);
+ try {
+ execSync(cmd, { stdio: "inherit", ...opts });
+ return true;
+ } catch (e) {
+ logError(`Command failed: ${cmd}`);
+ return false;
+ }
+}
+
+function checkCommand(cmd, name) {
+ const result = spawnSync("which", [cmd], { stdio: "pipe" });
+ if (result.status !== 0) {
+ logError(`${name} not found. Please install it first.`);
+ return false;
+ }
+ return true;
+}
+
+/**
+ * Get circuit name from Nargo.toml
+ */
+function getCircuitName(circuitDir) {
+ const nargoToml = join(circuitDir, "Nargo.toml");
+ if (!existsSync(nargoToml)) {
+ throw new Error(`Nargo.toml not found in ${circuitDir}`);
+ }
+
+ const content = readFileSync(nargoToml, "utf-8");
+ const match = content.match(/^name\s*=\s*"([^"]+)"/m);
+ if (!match) {
+ throw new Error("Could not find circuit name in Nargo.toml");
+ }
+ return match[1];
+}
+
+/**
+ * Parse a TOML value (handles strings, arrays, inline tables)
+ */
+function parseTomlValue(valueStr) {
+ valueStr = valueStr.trim();
+
+ // String
+ if (valueStr.startsWith('"') && valueStr.endsWith('"')) {
+ return valueStr.slice(1, -1);
+ }
+
+ // Single-quoted literal string (TOML literal strings)
+ if (valueStr.startsWith("'") && valueStr.endsWith("'")) {
+ return valueStr.slice(1, -1);
+ }
+
+ // Inline table { key = "value", ... }
+ if (valueStr.startsWith("{") && valueStr.endsWith("}")) {
+ const inner = valueStr.slice(1, -1).trim();
+ const obj = {};
+ // Parse key = value pairs, handling nested structures
+ let depth = 0;
+ let currentKey = "";
+ let currentValue = "";
+ let inKey = true;
+ let inString = false;
+
+ for (let i = 0; i < inner.length; i++) {
+ const char = inner[i];
+
+ if (char === '"' && inner[i - 1] !== "\\") {
+ inString = !inString;
+ }
+
+ if (!inString) {
+ if (char === "{" || char === "[") depth++;
+ if (char === "}" || char === "]") depth--;
+
+ if (char === "=" && depth === 0 && inKey) {
+ inKey = false;
+ continue;
+ }
+
+ if (char === "," && depth === 0) {
+ if (currentKey.trim() && currentValue.trim()) {
+ obj[currentKey.trim()] = parseTomlValue(currentValue.trim());
+ }
+ currentKey = "";
+ currentValue = "";
+ inKey = true;
+ continue;
+ }
+ }
+
+ if (inKey) {
+ currentKey += char;
+ } else {
+ currentValue += char;
+ }
+ }
+
+ // Handle last key-value pair
+ if (currentKey.trim() && currentValue.trim()) {
+ obj[currentKey.trim()] = parseTomlValue(currentValue.trim());
+ }
+
+ return obj;
+ }
+
+ // Array [ ... ]
+ if (valueStr.startsWith("[") && valueStr.endsWith("]")) {
+ const inner = valueStr.slice(1, -1).trim();
+ if (!inner) return [];
+
+ const items = [];
+ let depth = 0;
+ let current = "";
+ let inString = false;
+
+ for (let i = 0; i < inner.length; i++) {
+ const char = inner[i];
+
+ if (char === '"' && inner[i - 1] !== "\\") {
+ inString = !inString;
+ }
+
+ if (!inString) {
+ if (char === "{" || char === "[") depth++;
+ if (char === "}" || char === "]") depth--;
+
+ if (char === "," && depth === 0) {
+ if (current.trim()) {
+ items.push(parseTomlValue(current.trim()));
+ }
+ current = "";
+ continue;
+ }
+ }
+
+ current += char;
+ }
+
+ if (current.trim()) {
+ items.push(parseTomlValue(current.trim()));
+ }
+
+ return items;
+ }
+
+ // Number or bare string
+ return valueStr;
+}
+
+/**
+ * Check if brackets are balanced in a string
+ */
+function areBracketsBalanced(str) {
+ let depth = 0;
+ let inString = false;
+ for (let i = 0; i < str.length; i++) {
+ const char = str[i];
+ if (char === '"' && str[i - 1] !== "\\") {
+ inString = !inString;
+ }
+ if (!inString) {
+ if (char === "[" || char === "{") depth++;
+ if (char === "]" || char === "}") depth--;
+ }
+ }
+ return depth === 0;
+}
+
+/**
+ * Parse Prover.toml to JSON for browser demo
+ */
+function parseProverToml(content) {
+ const result = {};
+ const lines = content.split("\n");
+ let currentSection = null;
+ let pendingLine = "";
+
+ for (let i = 0; i < lines.length; i++) {
+ let line = lines[i].trim();
+
+ // Skip comments and empty lines (unless we're accumulating a multi-line value)
+ if (!pendingLine && (!line || line.startsWith("#"))) continue;
+
+ // If we have a pending line, append this line to it
+ if (pendingLine) {
+ // Skip comment lines within multi-line values
+ if (line.startsWith("#")) continue;
+ pendingLine += " " + line;
+ line = pendingLine;
+
+ // Check if brackets are balanced now
+ if (!areBracketsBalanced(line)) {
+ continue; // Keep accumulating
+ }
+ pendingLine = "";
+ }
+
+ // Section header [section]
+ const sectionMatch = line.match(/^\[([^\]]+)\]$/);
+ if (sectionMatch) {
+ currentSection = sectionMatch[1];
+ continue;
+ }
+
+ // Key = value (find first = that's not inside a string or nested structure)
+ const eqIndex = findTopLevelEquals(line);
+ if (eqIndex !== -1) {
+ const key = line.slice(0, eqIndex).trim();
+ const valueStr = line.slice(eqIndex + 1).trim();
+
+ // Check if this is an incomplete multi-line value
+ if (!areBracketsBalanced(valueStr)) {
+ pendingLine = line;
+ continue;
+ }
+
+ const value = parseTomlValue(valueStr);
+
+ const fullKey = currentSection ? `${currentSection}.${key}` : key;
+ setNestedValue(result, fullKey, value);
+ }
+ }
+
+ return result;
+}
+
+/**
+ * Find the first = that's not inside quotes or nested structures
+ */
+function findTopLevelEquals(line) {
+ let inString = false;
+ let depth = 0;
+
+ for (let i = 0; i < line.length; i++) {
+ const char = line[i];
+
+ if (char === '"' && line[i - 1] !== "\\") {
+ inString = !inString;
+ }
+
+ if (!inString) {
+ if (char === "{" || char === "[") depth++;
+ if (char === "}" || char === "]") depth--;
+ if (char === "=" && depth === 0) {
+ return i;
+ }
+ }
+ }
+
+ return -1;
+}
+
+function setNestedValue(obj, path, value) {
+ const parts = path.split(".");
+ let current = obj;
+ for (let i = 0; i < parts.length - 1; i++) {
+ if (!(parts[i] in current)) {
+ current[parts[i]] = {};
+ }
+ current = current[parts[i]];
+ }
+ current[parts[parts.length - 1]] = value;
+}
+
+async function buildShared() {
+ log("\n🔧 ProveKit WASM Demo Setup\n", colors.bright);
+
+ // Check prerequisites
+ logStep("1/5", "Checking prerequisites...");
+
+ if (!checkCommand("nargo", "Noir (nargo)")) {
+ log(
+ "\nInstall Noir:\n curl -L https://raw.githubusercontent.com/noir-lang/noirup/refs/heads/main/install | bash"
+ );
+ log(" noirup --version v1.0.0-beta.11");
+ process.exit(1);
+ }
+ logSuccess("nargo found");
+
+ if (!checkCommand("wasm-bindgen", "wasm-bindgen-cli")) {
+ log("\nInstall wasm-bindgen-cli:\n cargo install wasm-bindgen-cli");
+ process.exit(1);
+ }
+ logSuccess("wasm-bindgen found");
+
+ if (!checkCommand("cargo", "Rust (cargo)")) {
+ log("\nInstall Rust: https://rustup.rs");
+ process.exit(1);
+ }
+ logSuccess("cargo found");
+
+ // Install npm deps and copy vendor files for browser import map
+ logStep("2/5", "Installing noir-lang npm packages...");
+ if (!run("npm install --legacy-peer-deps", { cwd: DEMO_DIR })) {
+ process.exit(1);
+ }
+ const vendorDir = join(DEMO_DIR, "vendor");
+ const vendorMappings = [
+ { pkg: "@noir-lang/acvm_js", dest: "acvm_js" },
+ { pkg: "@noir-lang/noirc_abi", dest: "noirc_abi" },
+ ];
+ for (const { pkg, dest } of vendorMappings) {
+ const srcDir = join(DEMO_DIR, "node_modules", pkg);
+ const destDir = join(vendorDir, dest);
+ if (!existsSync(destDir)) mkdirSync(destDir, { recursive: true });
+ for (const entry of readdirSync(srcDir)) {
+ if (entry.endsWith(".js") || entry.endsWith(".wasm") || entry.endsWith(".d.ts")) {
+ copyFileSync(join(srcDir, entry), join(destDir, entry));
+ }
+ }
+ }
+ logSuccess("Vendor files copied from node_modules");
+
+ // Build WASM package with thread support (requires -Z build-std for atomics)
+ logStep("3/5", "Building WASM package with thread support...");
+
+ // cargo build with -Z build-std to rebuild std with atomics support
+ // RUSTFLAGS for atomics/shared-memory are in .cargo/config.toml
+ if (!run(
+ `cargo build --release --target wasm32-unknown-unknown -p provekit-wasm -Z build-std=panic_abort,std`,
+ { cwd: ROOT_DIR }
+ )) {
+ process.exit(1);
+ }
+
+ // Generate JS bindings from the built .wasm
+ if (!run(
+ `wasm-bindgen --target web --out-dir tooling/provekit-wasm/pkg target/wasm32-unknown-unknown/release/provekit_wasm.wasm`,
+ { cwd: ROOT_DIR }
+ )) {
+ process.exit(1);
+ }
+ logSuccess("WASM package built");
+
+ // Copy WASM package to demo/pkg
+ const wasmDestDir = join(DEMO_DIR, "pkg");
+ if (!existsSync(wasmDestDir)) {
+ mkdirSync(wasmDestDir, { recursive: true });
+ }
+
+ for (const file of [
+ "provekit_wasm_bg.wasm",
+ "provekit_wasm.js",
+ "provekit_wasm.d.ts",
+ "package.json",
+ ]) {
+ const src = join(WASM_PKG_DIR, file);
+ const dest = join(wasmDestDir, file);
+ if (existsSync(src)) {
+ copyFileSync(src, dest);
+ }
+ }
+
+ // Copy snippets directory (for wasm-bindgen-rayon worker helpers)
+ const snippetsDir = join(WASM_PKG_DIR, "snippets");
+ if (existsSync(snippetsDir)) {
+ const snippetsDestDir = join(wasmDestDir, "snippets");
+ if (!existsSync(snippetsDestDir)) {
+ mkdirSync(snippetsDestDir, { recursive: true });
+ }
+ function copyDirRecursive(src, dest) {
+ if (!existsSync(dest)) mkdirSync(dest, { recursive: true });
+ for (const entry of readdirSync(src, { withFileTypes: true })) {
+ const srcPath = join(src, entry.name);
+ const destPath = join(dest, entry.name);
+ if (entry.isDirectory()) {
+ copyDirRecursive(srcPath, destPath);
+ } else {
+ copyFileSync(srcPath, destPath);
+ }
+ }
+ }
+ copyDirRecursive(snippetsDir, snippetsDestDir);
+ logSuccess("WASM snippets copied (for thread pool)");
+
+ function patchWorkerHelpers(dir) {
+ for (const entry of readdirSync(dir, { withFileTypes: true })) {
+ const fullPath = join(dir, entry.name);
+ if (entry.isDirectory()) {
+ patchWorkerHelpers(fullPath);
+ } else if (entry.name === "workerHelpers.js") {
+ let content = readFileSync(fullPath, "utf-8");
+ content = content.replace(
+ "import('../../..')",
+ "import('../../../provekit_wasm.js')"
+ );
+ writeFileSync(fullPath, content);
+ }
+ }
+ }
+ patchWorkerHelpers(snippetsDestDir);
+ logSuccess("Worker helpers patched for browser imports");
+ }
+ logSuccess("WASM package copied to demo/pkg");
+
+ // Build native CLI
+ logStep("4/5", "Building native CLI...");
+ if (!run("cargo build --profile release-fast --bin provekit-cli", { cwd: ROOT_DIR })) {
+ process.exit(1);
+ }
+ logSuccess("Native CLI built");
+}
+
+async function prepareCircuit({ name, path: circuitDir }) {
+ const artifactsDir = join(DEMO_DIR, "artifacts", name);
+ if (!existsSync(artifactsDir)) {
+ mkdirSync(artifactsDir, { recursive: true });
+ }
+
+ // Validate circuit directory
+ if (!existsSync(circuitDir)) {
+ logError(`Circuit directory not found: ${circuitDir}`);
+ process.exit(1);
+ }
+
+ const circuitName = getCircuitName(circuitDir);
+ log(`\n📦 Preparing circuit: ${name} (${circuitName})`, colors.bright);
+ log(` Path: ${circuitDir}`);
+
+ // Compile Noir circuit
+ logStep(`${name}`, `Compiling Noir circuit (${circuitName})...`);
+ if (!run("nargo compile", { cwd: circuitDir })) {
+ process.exit(1);
+ }
+ logSuccess("Circuit compiled");
+
+ // Copy compiled circuit
+ const circuitSrc = join(circuitDir, `target/${circuitName}.json`);
+ const circuitDest = join(artifactsDir, "circuit.json");
+ if (!existsSync(circuitSrc)) {
+ logError(`Compiled circuit not found: ${circuitSrc}`);
+ process.exit(1);
+ }
+ copyFileSync(circuitSrc, circuitDest);
+ logSuccess(`Circuit artifact copied (${circuitName}.json -> circuit.json)`);
+
+ // Prepare prover/verifier artifacts
+ logStep(`${name}`, "Preparing prover/verifier artifacts...");
+ const cliPath = join(ROOT_DIR, "target/release-fast/provekit-cli");
+ const proverBinPath = join(artifactsDir, "prover.pkp");
+ const verifierBinPath = join(artifactsDir, "verifier.pkv");
+
+ if (
+ !run(
+ `${cliPath} prepare ${circuitDest} --pkp ${proverBinPath} --pkv ${verifierBinPath} --hash blake3`,
+ { cwd: artifactsDir }
+ )
+ ) {
+ process.exit(1);
+ }
+ logSuccess("prover.pkp and verifier.pkv created");
+
+
+ // Copy Prover.toml and convert to inputs.json
+ logStep(`${name}`, "Preparing inputs...");
+ const proverTomlSrc = join(circuitDir, "Prover.toml");
+ const proverTomlDest = join(artifactsDir, "Prover.toml");
+ copyFileSync(proverTomlSrc, proverTomlDest);
+ logSuccess("Prover.toml copied");
+
+ // Convert Prover.toml to inputs.json for browser demo
+ const tomlContent = readFileSync(proverTomlSrc, "utf-8");
+ const inputs = parseProverToml(tomlContent);
+ const inputsJsonPath = join(artifactsDir, "inputs.json");
+ writeFileSync(inputsJsonPath, JSON.stringify(inputs, null, 2));
+ logSuccess("inputs.json created");
+
+ // Save circuit metadata
+ const metadataPath = join(artifactsDir, "metadata.json");
+ writeFileSync(
+ metadataPath,
+ JSON.stringify({ name: circuitName, path: circuitDir }, null, 2)
+ );
+ logSuccess("metadata.json created");
+}
+
+async function main() {
+ await buildShared();
+
+ logStep("5/5", `Preparing ${CIRCUITS.length} circuits...`);
+ for (const circuit of CIRCUITS) {
+ await prepareCircuit(circuit);
+ }
+
+ log("\n\u2705 Setup complete!\n", colors.green + colors.bright);
+ log("Run the demo with:", colors.bright);
+ log(" node scripts/serve.mjs # Start browser demo server");
+ log(" # Open http://localhost:8080\n");
+}
+
+main().catch((err) => {
+ logError(err.message);
+ process.exit(1);
+});
diff --git a/playground/wasm-demo/src/demo-web.mjs b/playground/wasm-demo/src/demo-web.mjs
new file mode 100644
index 000000000..c329f626c
--- /dev/null
+++ b/playground/wasm-demo/src/demo-web.mjs
@@ -0,0 +1,566 @@
+/**
+ * ProveKit WASM Browser Demo
+ *
+ * Demonstrates zero-knowledge proof generation using ProveKit WASM bindings in the browser:
+ * 1. Load compiled Noir circuit
+ * 2. Generate witness using @noir-lang/noir_js (local web bundles)
+ * 3. Generate proof using ProveKit WASM
+ */
+
+// DOM elements
+const logContainer = document.getElementById("logContainer");
+const runBtn = document.getElementById("runBtn");
+const verifyBtn = document.getElementById("verifyBtn");
+
+function log(msg, type = "info") {
+ const line = document.createElement("div");
+ line.className = `log-line log-${type}`;
+ line.textContent = msg;
+ logContainer.appendChild(line);
+ logContainer.scrollTop = logContainer.scrollHeight;
+}
+
+function updateStep(step, status, statusClass = "") {
+ const el = document.getElementById(`step${step}-status`);
+ if (el) {
+ el.innerHTML = status;
+ el.className = `step-status ${statusClass}`;
+ }
+}
+
+function logMemory(label, extras = {}) {
+ let msg = `📊 ${label}`;
+
+ for (const [name, obj] of Object.entries(extras)) {
+ if (obj instanceof ArrayBuffer) {
+ msg += ` | ${name}: ${(obj.byteLength / 1024 / 1024).toFixed(2)} MB`;
+ } else if (obj instanceof Uint8Array) {
+ msg += ` | ${name}: ${(obj.byteLength / 1024 / 1024).toFixed(2)} MB`;
+ } else if (typeof obj === 'object' && obj !== null) {
+ const jsonSize = JSON.stringify(obj).length;
+ msg += ` | ${name}: ~${(jsonSize / 1024).toFixed(0)} KB`;
+ }
+ }
+
+ if (performance.memory) {
+ const used = (performance.memory.usedJSHeapSize / 1024 / 1024).toFixed(1);
+ msg += ` | heap: ${used} MB`;
+ }
+
+ log(msg, "info");
+}
+
+/**
+ * Convert a Noir witness map to the format expected by ProveKit WASM.
+ */
+function convertWitnessMap(witnessMap) {
+ const result = {};
+ if (witnessMap instanceof Map) {
+ for (const [index, value] of witnessMap.entries()) {
+ result[index] = value;
+ }
+ } else if (typeof witnessMap === "object" && witnessMap !== null) {
+ for (const [index, value] of Object.entries(witnessMap)) {
+ result[Number(index)] = value;
+ }
+ } else {
+ throw new Error(`Unexpected witness map type: ${typeof witnessMap}`);
+ }
+ return result;
+}
+
+function getArtifactBase() {
+ const circuit = window.activeCircuit || 'sha256';
+ return `artifacts/${circuit}/`;
+}
+
+async function loadInputs() {
+ const response = await fetch(getArtifactBase() + "inputs.json");
+ if (!response.ok) {
+ throw new Error("inputs.json not found. Run setup first.");
+ }
+ return response.json();
+}
+
+/**
+ * TOML parser for Noir Prover.toml files (browser-side).
+ * Handles inline tables { k = "v" }, arrays of inline tables,
+ * multi-line arrays, dotted keys (a.b.c), and [section] headers.
+ */
+
+/** Split string by delimiter, respecting quoted strings and nested {} [] */
+function splitTopLevel(str, delimiter) {
+ const parts = [];
+ let current = '';
+ let inStr = false;
+ let strCh = '';
+ let braces = 0;
+ let brackets = 0;
+ for (let i = 0; i < str.length; i++) {
+ const ch = str[i];
+ if (inStr) {
+ current += ch;
+ if (ch === strCh && str[i - 1] !== '\\') inStr = false;
+ continue;
+ }
+ if (ch === '"' || ch === "'") { inStr = true; strCh = ch; current += ch; continue; }
+ if (ch === '{') braces++;
+ if (ch === '}') braces--;
+ if (ch === '[') brackets++;
+ if (ch === ']') brackets--;
+ if (ch === delimiter && braces === 0 && brackets === 0) {
+ parts.push(current);
+ current = '';
+ continue;
+ }
+ current += ch;
+ }
+ if (current.trim()) parts.push(current);
+ return parts;
+}
+
+function parseInlineTable(str) {
+ const inner = str.slice(1, -1).trim();
+ if (!inner) return {};
+ const result = {};
+ for (const pair of splitTopLevel(inner, ',')) {
+ const t = pair.trim();
+ if (!t) continue;
+ const eq = t.indexOf('=');
+ if (eq === -1) continue;
+ result[t.slice(0, eq).trim()] = parseTomlValue(t.slice(eq + 1).trim());
+ }
+ return result;
+}
+
+function parseTomlArray(str) {
+ const inner = str.slice(1, -1).trim();
+ if (!inner) return [];
+ return splitTopLevel(inner, ',')
+ .map(el => el.trim())
+ .filter(el => el.length > 0)
+ .map(el => parseTomlValue(el));
+}
+
+function parseTomlValue(raw) {
+ if (raw.startsWith('{') && raw.endsWith('}')) return parseInlineTable(raw);
+ if (raw.startsWith('[') && raw.endsWith(']')) return parseTomlArray(raw);
+ if ((raw.startsWith('"') && raw.endsWith('"')) ||
+ (raw.startsWith("'") && raw.endsWith("'"))) return raw.slice(1, -1);
+ return raw; // keep as string — noir_js expects string numbers
+}
+
+/** Set a value at a nested dotted path, creating intermediate objects */
+function setNested(obj, path, val) {
+ let cur = obj;
+ for (let i = 0; i < path.length - 1; i++) {
+ if (!(path[i] in cur) || typeof cur[path[i]] !== 'object' ||
+ cur[path[i]] === null || Array.isArray(cur[path[i]])) {
+ cur[path[i]] = {};
+ }
+ cur = cur[path[i]];
+ }
+ cur[path[path.length - 1]] = val;
+}
+
+function parseSimpleToml(content) {
+ // Phase 1: Join multi-line arrays into single logical lines
+ const logicalLines = [];
+ const rawLines = content.split('\n');
+ let buffer = '';
+ let depth = 0;
+ for (const rawLine of rawLines) {
+ const stripped = rawLine.trim();
+ if (!stripped || stripped.startsWith('#')) continue;
+ if (depth > 0) {
+ buffer += ' ' + stripped;
+ for (const ch of stripped) {
+ if (ch === '[') depth++;
+ else if (ch === ']') depth--;
+ }
+ if (depth <= 0) { logicalLines.push(buffer); buffer = ''; depth = 0; }
+ continue;
+ }
+ const eqIdx = stripped.indexOf('=');
+ if (eqIdx !== -1) {
+ const valPart = stripped.slice(eqIdx + 1).trim();
+ let d = 0;
+ for (const ch of valPart) { if (ch === '[') d++; else if (ch === ']') d--; }
+ if (d > 0) { buffer = stripped; depth = d; continue; }
+ }
+ logicalLines.push(stripped);
+ }
+
+ // Phase 2: Parse logical lines into nested object
+ const result = {};
+ let section = null;
+ for (const line of logicalLines) {
+ const trimmed = line.trim();
+ if (!trimmed || trimmed.startsWith('#')) continue;
+ const secMatch = trimmed.match(/^\[([^\]]+)\]$/);
+ if (secMatch) { section = secMatch[1]; continue; }
+ const eqIdx = trimmed.indexOf('=');
+ if (eqIdx === -1) continue;
+ const key = trimmed.slice(0, eqIdx).trim();
+ const val = parseTomlValue(trimmed.slice(eqIdx + 1).trim());
+ const fullPath = section ? [section, ...key.split('.')] : key.split('.');
+ setNested(result, fullPath, val);
+ }
+ return result;
+}
+
+// Global state
+let provekit = null;
+let circuitJson = null;
+let proverBin = null;
+let verifierBin = null;
+let lastProofBytes = null;
+
+async function initWasm() {
+ try {
+ updateStep(1, '
Loading...', "running");
+ log("Loading ProveKit WASM module...");
+
+ const wasmModule = await import("../pkg/provekit_wasm.js");
+ const wasmBinary = await fetch("pkg/provekit_wasm_bg.wasm");
+ const wasmBytes = await wasmBinary.arrayBuffer();
+ await wasmModule.default(wasmBytes);
+
+ if (wasmModule.initPanicHook) {
+ wasmModule.initPanicHook();
+ }
+
+ const isIOS = /iPhone|iPad|iPod/.test(navigator.userAgent);
+ const isAndroid = /Android/.test(navigator.userAgent);
+ const isMobile = isIOS || isAndroid;
+ const maxThreads = navigator.hardwareConcurrency || 4;
+ const threadCountEl = document.getElementById("threadCount");
+ const hasSharedArrayBuffer = typeof SharedArrayBuffer !== 'undefined';
+
+ // iOS WebKit has unreliable WASM threading — don't even try
+ if (isIOS) {
+ log("📱 iOS detected - WebKit WASM threading is unreliable");
+ log("Running in single-threaded mode (optimized for iOS)");
+ if (threadCountEl) threadCountEl.textContent = 1;
+ } else if (isAndroid && hasSharedArrayBuffer) {
+ const androidThreads = Math.min(maxThreads, 4);
+ log(`📱 Android detected, trying ${androidThreads} threads...`);
+ try {
+ await wasmModule.initThreadPool(androidThreads);
+ log(`Thread pool ready (${androidThreads} workers)`);
+ if (threadCountEl) threadCountEl.textContent = androidThreads;
+ } catch (e) {
+ log(`Thread pool failed: ${e.message}`, "warn");
+ log("Falling back to single-threaded mode", "warn");
+ if (threadCountEl) threadCountEl.textContent = 1;
+ }
+ } else if (!isMobile && hasSharedArrayBuffer) {
+ try {
+ log(`Initializing thread pool with ${maxThreads} workers...`);
+ await wasmModule.initThreadPool(maxThreads);
+ log(`Thread pool ready (${maxThreads} workers)`);
+ if (threadCountEl) threadCountEl.textContent = maxThreads;
+ } catch (e) {
+ log(`Thread pool failed: ${e.message}`, "warn");
+ log("Falling back to single-threaded mode", "warn");
+ if (threadCountEl) threadCountEl.textContent = 1;
+ }
+ } else {
+ if (!isMobile) {
+ log("SharedArrayBuffer not available, running single-threaded", "warn");
+ } else {
+ log("Mobile: running in single-threaded mode");
+ }
+ if (threadCountEl) threadCountEl.textContent = 1;
+ }
+
+ provekit = wasmModule;
+ log("Initializing noir_js WASM modules...");
+
+ let attempts = 0;
+ while (!window.Noir && attempts < 50) {
+ await new Promise((r) => setTimeout(r, 100));
+ attempts++;
+ }
+
+ if (!window.Noir) {
+ throw new Error("Failed to load noir_js");
+ }
+
+ if (window.initNoir) {
+ await window.initNoir();
+ }
+
+ log("noir_js initialized");
+ updateStep(1, "Loaded", "success");
+ runBtn.disabled = false;
+ window.wasmReady = true;
+
+ } catch (error) {
+ log(`Error initializing WASM: ${error.message}`, "error");
+ console.error(error);
+ updateStep(1, "Failed", "error");
+ }
+}
+
+async function runDemo() {
+ runBtn.disabled = true;
+ const logLines = logContainer.querySelectorAll('.log-line, .log-error-block');
+ logLines.forEach(el => el.remove());
+
+ for (let i = 2; i <= 5; i++) {
+ updateStep(i, "Waiting...");
+ }
+ verifyBtn.disabled = true;
+ lastProofBytes = null;
+
+ let witnessTime = 0;
+ let proofTime = 0;
+ let witnessSize = 0;
+ let proofSize = 0;
+ let numConstraints = 0;
+ let numWitnesses = 0;
+ let inputs = {};
+ let prover = null;
+ try {
+ updateStep(2, '
Loading artifacts...', "running");
+ const isCustom = window.activeCircuit === 'custom';
+
+ // --- Load artifacts (mode-specific) ---
+ if (isCustom && window.customFiles) {
+ log("Loading uploaded prover and verifier artifacts...");
+ logMemory("Before loading artifacts");
+ proverBin = await window.customFiles.prover.arrayBuffer();
+ verifierBin = await window.customFiles.verifier.arrayBuffer();
+ } else {
+ const base = getArtifactBase();
+ let circuitName = "unknown";
+ try {
+ const metadataResponse = await fetch(base + "metadata.json");
+ if (metadataResponse.ok) {
+ const metadata = await metadataResponse.json();
+ circuitName = metadata.name || "unknown";
+ }
+ } catch (e) {
+ // metadata.json is optional
+ }
+ log(`Circuit: ${circuitName}`);
+ log("Loading prover (.pkp) and verifier (.pkv) artifacts...");
+ logMemory("Before loading artifacts");
+ const [proverResponse, verifierResponse] = await Promise.all([
+ fetch(base + "prover.pkp"),
+ fetch(base + "verifier.pkv"),
+ ]);
+ proverBin = await proverResponse.arrayBuffer();
+ verifierBin = await verifierResponse.arrayBuffer();
+ }
+
+ // --- Common: log sizes, create prover, extract circuit ---
+ log(`Prover artifact: ${(proverBin.byteLength / 1024 / 1024).toFixed(2)} MB`);
+ log(`Verifier artifact: ${(verifierBin.byteLength / 1024 / 1024).toFixed(2)} MB`);
+ logMemory("After loading artifacts", { proverBin, verifierBin });
+
+ log("Creating Prover instance...");
+ prover = new provekit.Prover(new Uint8Array(proverBin));
+ proverBin = null;
+
+ numConstraints = prover.getNumConstraints();
+ numWitnesses = prover.getNumWitnesses();
+ log(`Circuit: ${numConstraints.toLocaleString()} constraints, ${numWitnesses.toLocaleString()} witnesses`);
+
+ const circuitBytes = prover.getCircuit();
+ circuitJson = JSON.parse(new TextDecoder().decode(circuitBytes));
+ log("Circuit extracted from prover artifact");
+ logMemory("After creating Prover (freed proverBin)");
+ updateStep(2, "Loaded", "success");
+
+ // --- Load inputs (mode-specific) ---
+ updateStep(3, '
Generating witness...', "running");
+ if (isCustom && window.customFiles) {
+ const inputsFile = window.customFiles.inputs;
+ if (inputsFile.name.endsWith('.toml')) {
+ log("Parsing Prover.toml...");
+ const tomlText = await inputsFile.text();
+ inputs = parseSimpleToml(tomlText);
+ } else {
+ const inputsText = await inputsFile.text();
+ inputs = JSON.parse(inputsText);
+ }
+ } else {
+ log("Loading inputs...");
+ inputs = await loadInputs();
+ }
+ log(`Inputs loaded (${Object.keys(inputs).length} top-level keys)`);
+
+ // --- Generate witness ---
+ log("Generating witness using noir_js...");
+ logMemory("Before witness generation", { circuitJson, inputs });
+
+ await new Promise((r) => setTimeout(r, 50)); // Let UI update
+
+ const witnessStart = performance.now();
+ const noir = new window.Noir(circuitJson);
+ const { witness: compressedWitness } = await noir.execute(inputs);
+ const witnessStack = window.decompressWitness(compressedWitness);
+ const witnessMap = witnessStack[0].witness;
+ witnessTime = performance.now() - witnessStart;
+
+ const witnessObjSize = witnessMap instanceof Map
+ ? witnessMap.size * 64
+ : Object.keys(witnessMap).length * 64;
+ log(`\u{1F4CA} Witness object: ~${(witnessObjSize / 1024).toFixed(0)} KB estimated`);
+ logMemory("After witness generation");
+
+ witnessSize =
+ witnessMap instanceof Map
+ ? witnessMap.size
+ : Object.keys(witnessMap).length;
+ log(`Witness size: ${witnessSize} elements`);
+ log(`Witness generation time: ${witnessTime.toFixed(0)}ms`);
+
+ updateStep(3, `Done (${witnessTime.toFixed(0)}ms)`, "success");
+
+ // --- Generate proof ---
+ updateStep(4, '
Generating proof...', "running");
+ log("Converting witness format...");
+
+ const convertedWitness = convertWitnessMap(witnessMap);
+ log(`Converted ${Object.keys(convertedWitness).length} witness entries`);
+
+ log("Generating proof (this may take a while)...");
+ logMemory("Before proveBytes");
+
+ await new Promise((r) => setTimeout(r, 50)); // Let UI update
+
+ const proofStart = performance.now();
+ log("Starting proof computation...");
+ const proofBytes = prover.proveBytes(convertedWitness);
+ logMemory("After proveBytes");
+ proofTime = performance.now() - proofStart;
+
+ proofSize = proofBytes.length;
+ log(`Proof size: ${(proofSize / 1024).toFixed(1)} KB`);
+ log(`Proving time: ${(proofTime / 1000).toFixed(2)}s`);
+
+ try {
+ const proofJson = JSON.parse(new TextDecoder().decode(proofBytes));
+ const pi = proofJson.public_inputs;
+ if (pi && pi.length > 0) {
+ const values = pi.map(hex => {
+ const be = hex.match(/.{2}/g).slice().reverse().join('');
+ return BigInt('0x' + be);
+ });
+ const allBytes = values.every(v => v < 256n);
+ if (allBytes) {
+ const hexStr = values.map(v => v.toString(16).padStart(2, '0')).join('');
+ log(`Public inputs (${pi.length}): 0x${hexStr}`);
+ } else {
+ log(`Public inputs (${pi.length}):`);
+ for (let i = 0; i < values.length; i++) {
+ log(` [${i}]: 0x${values[i].toString(16)}`);
+ }
+ }
+ }
+ } catch (_) {
+ // non-critical — proof bytes may not be JSON in all modes
+ }
+
+ updateStep(4, `Done (${(proofTime / 1000).toFixed(2)}s)`, "success");
+
+ lastProofBytes = proofBytes;
+
+ const totalTimeMs = witnessTime + proofTime;
+ document.getElementById("totalTimeUi").textContent =
+ `${(totalTimeMs / 1000).toFixed(2)}s`;
+ document.getElementById("proofSizeUi").textContent =
+ `${(proofSize / 1024).toFixed(1)} KB`;
+ document.getElementById("constraintsUi").textContent =
+ numConstraints.toLocaleString();
+ document.getElementById("witnessesUi").textContent =
+ numWitnesses.toLocaleString();
+
+ const proofText = new TextDecoder().decode(proofBytes);
+ const truncated =
+ proofText.length > 2000
+ ? proofText.substring(0, 2000) + "..."
+ : proofText;
+ const proofOutputEl = document.getElementById("proofOutput");
+ if (proofOutputEl) proofOutputEl.textContent = truncated;
+ const proofCardEl = document.getElementById("proofCard");
+ if (proofCardEl) proofCardEl.style.display = "block";
+
+ updateStep(5, "Ready \u2014 click Verify Proof");
+ verifyBtn.disabled = false;
+ } catch (error) {
+ log(`Error: ${error.message}`, "error");
+ console.error(error);
+
+ for (let i = 2; i <= 4; i++) {
+ const el = document.getElementById(`step${i}-status`);
+ if (el && el.classList.contains("running")) {
+ updateStep(i, "Failed", "error");
+ break;
+ }
+ }
+ } finally {
+ runBtn.disabled = false;
+ }
+}
+
+async function verifyProof() {
+ if (!lastProofBytes || !verifierBin || !provekit) {
+ log("No proof available. Generate a proof first.", "error");
+ return;
+ }
+
+ verifyBtn.disabled = true;
+
+ try {
+ updateStep(5, '
Verifying...', "running");
+ log("Creating verifier instance...");
+ const verifier = new provekit.Verifier(new Uint8Array(verifierBin));
+ log("Verifying proof...");
+
+ await new Promise((r) => setTimeout(r, 50)); // Let UI update
+
+ const verifyStart = performance.now();
+ verifier.verifyBytes(lastProofBytes);
+ const verifyTime = performance.now() - verifyStart;
+ log(`Verification time: ${verifyTime.toFixed(0)}ms`);
+ log("Proof verified successfully!", "success");
+ updateStep(5, `Verified ✓ (${verifyTime.toFixed(0)}ms)`, "success");
+ } catch (error) {
+ log(`Verification error: ${error.message}`, "error");
+ console.error(error);
+ updateStep(5, "Failed", "error");
+ } finally {
+ verifyBtn.disabled = false;
+ }
+}
+
+function onCircuitChanged(circuit) {
+ circuitJson = null;
+ proverBin = null;
+ verifierBin = null;
+ lastProofBytes = null;
+
+ for (let i = 2; i <= 5; i++) {
+ updateStep(i, "Status: Waiting...");
+ }
+
+ document.getElementById("totalTimeUi").textContent = "-";
+ document.getElementById("proofSizeUi").textContent = "-";
+ document.getElementById("constraintsUi").textContent = "-";
+ document.getElementById("witnessesUi").textContent = "-";
+
+ if (provekit) runBtn.disabled = false;
+ verifyBtn.disabled = true;
+
+ log(`Switched to ${circuit.toUpperCase()} circuit`, "info");
+}
+
+initWasm();
+
+window.runDemo = runDemo;
+window.verifyProof = verifyProof;
+window.onCircuitChanged = onCircuitChanged;
diff --git a/provekit/common/Cargo.toml b/provekit/common/Cargo.toml
index ed5547761..5621d0c1e 100644
--- a/provekit/common/Cargo.toml
+++ b/provekit/common/Cargo.toml
@@ -9,7 +9,8 @@ homepage.workspace = true
repository.workspace = true
[features]
-default = []
+default = ["parallel"]
+parallel = []
[dependencies]
# Workspace crates
@@ -40,11 +41,14 @@ ruint.workspace = true
serde.workspace = true
serde_json.workspace = true
tracing.workspace = true
-xz2.workspace = true
zerocopy.workspace = true
+
+# Target-specific dependencies: only on non-WASM targets
+[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
+zstd.workspace = true
mavros-vm.workspace = true
mavros-artifacts.workspace = true
-zstd.workspace = true
+xz2.workspace = true
[lints]
workspace = true
diff --git a/provekit/common/src/file/binary_format.rs b/provekit/common/src/file/binary_format.rs
new file mode 100644
index 000000000..44ff55717
--- /dev/null
+++ b/provekit/common/src/file/binary_format.rs
@@ -0,0 +1,27 @@
+pub const MAGIC_BYTES: &[u8] = b"\xDC\xDFOZkp\x01\x00";
+
+/// Header layout: MAGIC(8) + FORMAT(8) + MAJOR(2) + MINOR(2) + HASH_CONFIG(1) =
+/// 21 bytes
+pub const HEADER_SIZE: usize = 21;
+
+/// Zstd magic number: `28 B5 2F FD`.
+pub const ZSTD_MAGIC: [u8; 4] = [0x28, 0xb5, 0x2f, 0xfd];
+
+/// XZ magic number: `FD 37 7A 58 5A 00`.
+pub const XZ_MAGIC: [u8; 6] = [0xfd, 0x37, 0x7a, 0x58, 0x5a, 0x00];
+
+// ---------------------------------------------------------------------------
+// Per-format identifiers and versions
+// ---------------------------------------------------------------------------
+
+pub const PROVER_FORMAT: [u8; 8] = *b"PrvKitPr";
+pub const PROVER_VERSION: (u16, u16) = (1, 2);
+
+pub const VERIFIER_FORMAT: [u8; 8] = *b"PrvKitVr";
+pub const VERIFIER_VERSION: (u16, u16) = (1, 3);
+
+pub const NOIR_PROOF_SCHEME_FORMAT: [u8; 8] = *b"NrProScm";
+pub const NOIR_PROOF_SCHEME_VERSION: (u16, u16) = (1, 2);
+
+pub const NOIR_PROOF_FORMAT: [u8; 8] = *b"NPSProof";
+pub const NOIR_PROOF_VERSION: (u16, u16) = (1, 1);
diff --git a/provekit/common/src/file/bin.rs b/provekit/common/src/file/io/bin.rs
similarity index 93%
rename from provekit/common/src/file/bin.rs
rename to provekit/common/src/file/io/bin.rs
index 09cb66350..cb5ff2f48 100644
--- a/provekit/common/src/file/bin.rs
+++ b/provekit/common/src/file/io/bin.rs
@@ -1,6 +1,10 @@
use {
super::BufExt as _,
- crate::{utils::human, HashConfig},
+ crate::{
+ binary_format::{HEADER_SIZE, MAGIC_BYTES, XZ_MAGIC, ZSTD_MAGIC},
+ utils::human,
+ HashConfig,
+ },
anyhow::{ensure, Context as _, Result},
bytes::{Buf, BufMut as _, Bytes, BytesMut},
serde::{Deserialize, Serialize},
@@ -12,20 +16,10 @@ use {
tracing::{info, instrument},
};
-/// Header layout: MAGIC(8) + FORMAT(8) + MAJOR(2) + MINOR(2) + HASH_CONFIG(1) =
-/// 21 bytes
-const HEADER_SIZE: usize = 21;
-const MAGIC_BYTES: &[u8] = b"\xDC\xDFOZkp\x01\x00";
/// Byte offset where hash config is stored: MAGIC(8) + FORMAT(8) + MAJOR(2) +
/// MINOR(2) = 20
const HASH_CONFIG_OFFSET: usize = 20;
-/// Zstd magic number: `28 B5 2F FD`.
-const ZSTD_MAGIC: [u8; 4] = [0x28, 0xb5, 0x2f, 0xfd];
-
-/// XZ magic number: `FD 37 7A 58 5A 00`.
-const XZ_MAGIC: [u8; 6] = [0xfd, 0x37, 0x7a, 0x58, 0x5a, 0x00];
-
/// Compression algorithm for binary file output.
#[derive(Debug, Clone, Copy)]
pub enum Compression {
diff --git a/provekit/common/src/file/buf_ext.rs b/provekit/common/src/file/io/buf_ext.rs
similarity index 100%
rename from provekit/common/src/file/buf_ext.rs
rename to provekit/common/src/file/io/buf_ext.rs
diff --git a/provekit/common/src/file/counting_writer.rs b/provekit/common/src/file/io/counting_writer.rs
similarity index 100%
rename from provekit/common/src/file/counting_writer.rs
rename to provekit/common/src/file/io/counting_writer.rs
diff --git a/provekit/common/src/file/json.rs b/provekit/common/src/file/io/json.rs
similarity index 100%
rename from provekit/common/src/file/json.rs
rename to provekit/common/src/file/io/json.rs
diff --git a/provekit/common/src/file/io/mod.rs b/provekit/common/src/file/io/mod.rs
new file mode 100644
index 000000000..4d04680a3
--- /dev/null
+++ b/provekit/common/src/file/io/mod.rs
@@ -0,0 +1,156 @@
+mod bin;
+mod buf_ext;
+mod counting_writer;
+mod json;
+
+use {
+ self::{
+ bin::{read_bin, read_hash_config as read_hash_config_bin, write_bin, Compression},
+ buf_ext::BufExt,
+ counting_writer::CountingWriter,
+ json::{read_json, write_json},
+ },
+ crate::{HashConfig, NoirProof, NoirProofScheme, Prover, Verifier},
+ anyhow::Result,
+ serde::{Deserialize, Serialize},
+ std::{ffi::OsStr, path::Path},
+ tracing::instrument,
+};
+
+/// Trait for structures that can be serialized to and deserialized from files.
+pub trait FileFormat: Serialize + for<'a> Deserialize<'a> {
+ const FORMAT: [u8; 8];
+ const EXTENSION: &'static str;
+ const VERSION: (u16, u16);
+ const COMPRESSION: Compression;
+}
+
+/// Helper trait to optionally extract hash config.
+pub(crate) trait MaybeHashAware {
+ fn maybe_hash_config(&self) -> Option
;
+}
+
+/// Impl for Prover (has hash config).
+impl MaybeHashAware for Prover {
+ fn maybe_hash_config(&self) -> Option {
+ match self {
+ Prover::Noir(p) => Some(p.hash_config),
+ Prover::Mavros(p) => Some(p.hash_config),
+ }
+ }
+}
+
+/// Impl for Verifier (has hash config).
+impl MaybeHashAware for Verifier {
+ fn maybe_hash_config(&self) -> Option {
+ Some(self.hash_config)
+ }
+}
+
+/// Impl for NoirProof (no hash config).
+impl MaybeHashAware for NoirProof {
+ fn maybe_hash_config(&self) -> Option {
+ None
+ }
+}
+
+/// Impl for NoirProofScheme (has hash config).
+impl MaybeHashAware for NoirProofScheme {
+ fn maybe_hash_config(&self) -> Option {
+ match self {
+ NoirProofScheme::Noir(d) => Some(d.hash_config),
+ NoirProofScheme::Mavros(d) => Some(d.hash_config),
+ }
+ }
+}
+
+impl FileFormat for NoirProofScheme {
+ const FORMAT: [u8; 8] = crate::binary_format::NOIR_PROOF_SCHEME_FORMAT;
+ const EXTENSION: &'static str = "nps";
+ const VERSION: (u16, u16) = crate::binary_format::NOIR_PROOF_SCHEME_VERSION;
+ const COMPRESSION: Compression = Compression::Zstd;
+}
+
+impl FileFormat for Prover {
+ const FORMAT: [u8; 8] = crate::binary_format::PROVER_FORMAT;
+ const EXTENSION: &'static str = "pkp";
+ const VERSION: (u16, u16) = crate::binary_format::PROVER_VERSION;
+ const COMPRESSION: Compression = Compression::Xz;
+}
+
+impl FileFormat for Verifier {
+ const FORMAT: [u8; 8] = crate::binary_format::VERIFIER_FORMAT;
+ const EXTENSION: &'static str = "pkv";
+ const VERSION: (u16, u16) = crate::binary_format::VERIFIER_VERSION;
+ const COMPRESSION: Compression = Compression::Zstd;
+}
+
+impl FileFormat for NoirProof {
+ const FORMAT: [u8; 8] = crate::binary_format::NOIR_PROOF_FORMAT;
+ const EXTENSION: &'static str = "np";
+ const VERSION: (u16, u16) = crate::binary_format::NOIR_PROOF_VERSION;
+ const COMPRESSION: Compression = Compression::Zstd;
+}
+
+/// Write a file with format determined from extension.
+#[allow(private_bounds)]
+#[instrument(skip(value))]
+pub fn write(value: &T, path: &Path) -> Result<()> {
+ match path.extension().and_then(OsStr::to_str) {
+ Some("json") => write_json(value, path),
+ Some(ext) if ext == T::EXTENSION => {
+ write_bin_with_hash_config(value, path, T::FORMAT, T::VERSION, T::COMPRESSION)
+ }
+ _ => Err(anyhow::anyhow!(
+ "Unsupported file extension, please specify .{} or .json",
+ T::EXTENSION
+ )),
+ }
+}
+
+/// Helper to write binary files with hash_config if T implements
+/// MaybeHashAware.
+fn write_bin_with_hash_config(
+ value: &T,
+ path: &Path,
+ format: [u8; 8],
+ version: (u16, u16),
+ compression: Compression,
+) -> Result<()> {
+ let hash_config = value.maybe_hash_config();
+ write_bin(value, path, format, version, compression, hash_config)
+}
+
+/// Read a file with format determined from extension.
+#[instrument()]
+pub fn read(path: &Path) -> Result {
+ match path.extension().and_then(OsStr::to_str) {
+ Some("json") => read_json(path),
+ Some(ext) if ext == T::EXTENSION => read_bin(path, T::FORMAT, T::VERSION),
+ _ => Err(anyhow::anyhow!(
+ "Unsupported file extension, please specify .{} or .json",
+ T::EXTENSION
+ )),
+ }
+}
+
+/// Read just the hash configuration from a file.
+#[instrument()]
+pub fn read_hash_config(path: &Path) -> Result {
+ match path.extension().and_then(OsStr::to_str) {
+ Some("json") => {
+ // For JSON, parse and extract hash_config field (required)
+ let json_str = std::fs::read_to_string(path)?;
+ let value: serde_json::Value = serde_json::from_str(&json_str)?;
+ value
+ .get("hash_config")
+ .and_then(|v| serde_json::from_value(v.clone()).ok())
+ .ok_or_else(|| anyhow::anyhow!("Missing hash_config field in JSON file"))
+ }
+ Some(ext) if ext == T::EXTENSION => read_hash_config_bin(path, T::FORMAT, T::VERSION),
+ _ => Err(anyhow::anyhow!(
+ "Unsupported file extension, please specify .{} or .json",
+ T::EXTENSION
+ )),
+ }
+}
diff --git a/provekit/common/src/file/mod.rs b/provekit/common/src/file/mod.rs
index 06f6f34f9..d8a733da0 100644
--- a/provekit/common/src/file/mod.rs
+++ b/provekit/common/src/file/mod.rs
@@ -1,156 +1,7 @@
-mod bin;
-mod buf_ext;
-mod counting_writer;
-mod json;
+pub mod binary_format;
-use {
- self::{
- bin::{read_bin, read_hash_config as read_hash_config_bin, write_bin, Compression},
- buf_ext::BufExt,
- counting_writer::CountingWriter,
- json::{read_json, write_json},
- },
- crate::{HashConfig, NoirProof, NoirProofScheme, Prover, Verifier},
- anyhow::Result,
- serde::{Deserialize, Serialize},
- std::{ffi::OsStr, path::Path},
- tracing::instrument,
-};
+#[cfg(not(target_arch = "wasm32"))]
+mod io;
-/// Trait for structures that can be serialized to and deserialized from files.
-pub trait FileFormat: Serialize + for<'a> Deserialize<'a> {
- const FORMAT: [u8; 8];
- const EXTENSION: &'static str;
- const VERSION: (u16, u16);
- const COMPRESSION: Compression;
-}
-
-/// Helper trait to optionally extract hash config.
-pub(crate) trait MaybeHashAware {
- fn maybe_hash_config(&self) -> Option;
-}
-
-/// Impl for Prover (has hash config).
-impl MaybeHashAware for Prover {
- fn maybe_hash_config(&self) -> Option {
- match self {
- Prover::Noir(p) => Some(p.hash_config),
- Prover::Mavros(p) => Some(p.hash_config),
- }
- }
-}
-
-/// Impl for Verifier (has hash config).
-impl MaybeHashAware for Verifier {
- fn maybe_hash_config(&self) -> Option {
- Some(self.hash_config)
- }
-}
-
-/// Impl for NoirProof (no hash config).
-impl MaybeHashAware for NoirProof {
- fn maybe_hash_config(&self) -> Option {
- None
- }
-}
-
-/// Impl for NoirProofScheme (has hash config).
-impl MaybeHashAware for NoirProofScheme {
- fn maybe_hash_config(&self) -> Option {
- match self {
- NoirProofScheme::Noir(d) => Some(d.hash_config),
- NoirProofScheme::Mavros(d) => Some(d.hash_config),
- }
- }
-}
-
-impl FileFormat for NoirProofScheme {
- const FORMAT: [u8; 8] = *b"NrProScm";
- const EXTENSION: &'static str = "nps";
- const VERSION: (u16, u16) = (1, 2);
- const COMPRESSION: Compression = Compression::Zstd;
-}
-
-impl FileFormat for Prover {
- const FORMAT: [u8; 8] = *b"PrvKitPr";
- const EXTENSION: &'static str = "pkp";
- const VERSION: (u16, u16) = (1, 2);
- const COMPRESSION: Compression = Compression::Xz;
-}
-
-impl FileFormat for Verifier {
- const FORMAT: [u8; 8] = *b"PrvKitVr";
- const EXTENSION: &'static str = "pkv";
- const VERSION: (u16, u16) = (1, 3);
- const COMPRESSION: Compression = Compression::Zstd;
-}
-
-impl FileFormat for NoirProof {
- const FORMAT: [u8; 8] = *b"NPSProof";
- const EXTENSION: &'static str = "np";
- const VERSION: (u16, u16) = (1, 1);
- const COMPRESSION: Compression = Compression::Zstd;
-}
-
-/// Write a file with format determined from extension.
-#[allow(private_bounds)]
-#[instrument(skip(value))]
-pub fn write(value: &T, path: &Path) -> Result<()> {
- match path.extension().and_then(OsStr::to_str) {
- Some("json") => write_json(value, path),
- Some(ext) if ext == T::EXTENSION => {
- write_bin_with_hash_config(value, path, T::FORMAT, T::VERSION, T::COMPRESSION)
- }
- _ => Err(anyhow::anyhow!(
- "Unsupported file extension, please specify .{} or .json",
- T::EXTENSION
- )),
- }
-}
-
-/// Helper to write binary files with hash_config if T implements
-/// MaybeHashAware.
-fn write_bin_with_hash_config(
- value: &T,
- path: &Path,
- format: [u8; 8],
- version: (u16, u16),
- compression: Compression,
-) -> Result<()> {
- let hash_config = value.maybe_hash_config();
- write_bin(value, path, format, version, compression, hash_config)
-}
-
-/// Read a file with format determined from extension.
-#[instrument()]
-pub fn read(path: &Path) -> Result {
- match path.extension().and_then(OsStr::to_str) {
- Some("json") => read_json(path),
- Some(ext) if ext == T::EXTENSION => read_bin(path, T::FORMAT, T::VERSION),
- _ => Err(anyhow::anyhow!(
- "Unsupported file extension, please specify .{} or .json",
- T::EXTENSION
- )),
- }
-}
-
-/// Read just the hash configuration from a file.
-#[instrument()]
-pub fn read_hash_config(path: &Path) -> Result {
- match path.extension().and_then(OsStr::to_str) {
- Some("json") => {
- // For JSON, parse and extract hash_config field (required)
- let json_str = std::fs::read_to_string(path)?;
- let value: serde_json::Value = serde_json::from_str(&json_str)?;
- value
- .get("hash_config")
- .and_then(|v| serde_json::from_value(v.clone()).ok())
- .ok_or_else(|| anyhow::anyhow!("Missing hash_config field in JSON file"))
- }
- Some(ext) if ext == T::EXTENSION => read_hash_config_bin(path, T::FORMAT, T::VERSION),
- _ => Err(anyhow::anyhow!(
- "Unsupported file extension, please specify .{} or .json",
- T::EXTENSION
- )),
- }
-}
+#[cfg(not(target_arch = "wasm32"))]
+pub use io::*;
diff --git a/provekit/common/src/lib.rs b/provekit/common/src/lib.rs
index 29ec40b5f..a2376382a 100644
--- a/provekit/common/src/lib.rs
+++ b/provekit/common/src/lib.rs
@@ -1,6 +1,8 @@
pub mod file;
+pub use file::binary_format;
pub mod hash_config;
mod interner;
+mod mavros;
mod noir_proof_scheme;
pub mod optimize;
pub mod prefix_covector;
@@ -22,9 +24,10 @@ pub use {
acir::FieldElement as NoirElement,
ark_bn254::Fr as FieldElement,
hash_config::HashConfig,
- noir_proof_scheme::{MavrosSchemeData, NoirProof, NoirProofScheme, NoirSchemeData},
+ mavros::{MavrosProver, MavrosSchemeData},
+ noir_proof_scheme::{NoirProof, NoirProofScheme, NoirSchemeData},
prefix_covector::{OffsetCovector, PrefixCovector},
- prover::{MavrosProver, NoirProver, Prover},
+ prover::{NoirProver, Prover},
r1cs::R1CS,
transcript_sponge::TranscriptSponge,
verifier::Verifier,
diff --git a/provekit/common/src/mavros.rs b/provekit/common/src/mavros.rs
new file mode 100644
index 000000000..64e023bec
--- /dev/null
+++ b/provekit/common/src/mavros.rs
@@ -0,0 +1,60 @@
+#[cfg(target_arch = "wasm32")]
+pub use self::wasm_stubs::{ConstraintsLayout, WitnessLayout};
+#[cfg(not(target_arch = "wasm32"))]
+pub use mavros_vm::{ConstraintsLayout, WitnessLayout};
+use {
+ crate::{whir_r1cs::WhirR1CSScheme, HashConfig, R1CS},
+ noirc_abi::Abi,
+ serde::{Deserialize, Serialize},
+};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct MavrosProver {
+ #[serde(with = "crate::utils::serde_jsonify")]
+ pub abi: Abi,
+ pub num_public_inputs: usize,
+ pub whir_for_witness: WhirR1CSScheme,
+ pub witgen_binary: Vec,
+ pub ad_binary: Vec,
+ pub constraints_layout: ConstraintsLayout,
+ pub witness_layout: WitnessLayout,
+ pub hash_config: HashConfig,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct MavrosSchemeData {
+ #[serde(with = "crate::utils::serde_jsonify")]
+ pub abi: Abi,
+ pub num_public_inputs: usize,
+ pub r1cs: R1CS,
+ pub whir_for_witness: WhirR1CSScheme,
+ pub witgen_binary: Vec,
+ pub ad_binary: Vec,
+ pub constraints_layout: ConstraintsLayout,
+ pub witness_layout: WitnessLayout,
+ pub hash_config: HashConfig,
+}
+
+// Wire-compatible stubs for WASM targets where mavros_vm (C bindings) is
+// unavailable. Field names, types, and ordering MUST match the real mavros_vm
+// types exactly.
+#[cfg(target_arch = "wasm32")]
+mod wasm_stubs {
+ use serde::{Deserialize, Serialize};
+
+ #[derive(Debug, Clone, Copy, Serialize, Deserialize)]
+ pub struct WitnessLayout {
+ pub algebraic_size: usize,
+ pub multiplicities_size: usize,
+ pub challenges_size: usize,
+ pub tables_data_size: usize,
+ pub lookups_data_size: usize,
+ }
+
+ #[derive(Debug, Clone, Copy, Serialize, Deserialize)]
+ pub struct ConstraintsLayout {
+ pub algebraic_size: usize,
+ pub tables_data_size: usize,
+ pub lookups_data_size: usize,
+ }
+}
diff --git a/provekit/common/src/noir_proof_scheme.rs b/provekit/common/src/noir_proof_scheme.rs
index ee52e9599..a43377eae 100644
--- a/provekit/common/src/noir_proof_scheme.rs
+++ b/provekit/common/src/noir_proof_scheme.rs
@@ -2,11 +2,9 @@ use {
crate::{
whir_r1cs::{WhirR1CSProof, WhirR1CSScheme},
witness::{NoirWitnessGenerator, SplitWitnessBuilders},
- HashConfig, NoirElement, PublicInputs, R1CS,
+ HashConfig, MavrosSchemeData, NoirElement, PublicInputs, R1CS,
},
acir::circuit::Program,
- mavros_vm::{ConstraintsLayout, WitnessLayout},
- noirc_abi::Abi,
serde::{Deserialize, Serialize},
};
@@ -20,20 +18,9 @@ pub struct NoirSchemeData {
pub hash_config: HashConfig,
}
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct MavrosSchemeData {
- #[serde(with = "crate::utils::serde_jsonify")]
- pub abi: Abi,
- pub num_public_inputs: usize,
- pub r1cs: R1CS,
- pub whir_for_witness: WhirR1CSScheme,
- pub witgen_binary: Vec,
- pub ad_binary: Vec,
- pub constraints_layout: ConstraintsLayout,
- pub witness_layout: WitnessLayout,
- pub hash_config: HashConfig,
-}
-
+// INVARIANT: Variant order is wire-format-critical (postcard uses positional
+// discriminants). Do not reorder, cfg-gate, or insert variants without
+// verifying cross-target deserialization (native <-> WASM).
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum NoirProofScheme {
Noir(NoirSchemeData),
diff --git a/provekit/common/src/prover.rs b/provekit/common/src/prover.rs
index 974850607..a8d09c9d2 100644
--- a/provekit/common/src/prover.rs
+++ b/provekit/common/src/prover.rs
@@ -3,11 +3,9 @@ use {
noir_proof_scheme::NoirProofScheme,
whir_r1cs::WhirR1CSScheme,
witness::{NoirWitnessGenerator, SplitWitnessBuilders},
- HashConfig, NoirElement, R1CS,
+ HashConfig, MavrosProver, NoirElement, R1CS,
},
acir::circuit::Program,
- mavros_vm::{ConstraintsLayout, WitnessLayout},
- noirc_abi::Abi,
serde::{Deserialize, Serialize},
};
@@ -21,19 +19,9 @@ pub struct NoirProver {
pub whir_for_witness: WhirR1CSScheme,
}
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct MavrosProver {
- #[serde(with = "crate::utils::serde_jsonify")]
- pub abi: Abi,
- pub num_public_inputs: usize,
- pub whir_for_witness: WhirR1CSScheme,
- pub witgen_binary: Vec,
- pub ad_binary: Vec,
- pub constraints_layout: ConstraintsLayout,
- pub witness_layout: WitnessLayout,
- pub hash_config: HashConfig,
-}
-
+// INVARIANT: Variant order is wire-format-critical (postcard uses positional
+// discriminants). Do not reorder, cfg-gate, or insert variants without
+// verifying cross-target deserialization (native <-> WASM).
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum Prover {
Noir(NoirProver),
@@ -41,6 +29,7 @@ pub enum Prover {
}
impl Prover {
+ /// Convert a compilation output into the on-disk prover format.
pub fn from_noir_proof_scheme(scheme: NoirProofScheme) -> Self {
match scheme {
NoirProofScheme::Noir(d) => Prover::Noir(NoirProver {
diff --git a/provekit/common/src/utils/mod.rs b/provekit/common/src/utils/mod.rs
index 9dbfafdf4..c73189d95 100644
--- a/provekit/common/src/utils/mod.rs
+++ b/provekit/common/src/utils/mod.rs
@@ -161,6 +161,7 @@ pub fn batch_inverse_montgomery(values: &[FieldElement]) -> Vec {
inverses
}
+#[cfg(not(target_arch = "wasm32"))]
pub fn convert_mavros_r1cs_to_provekit(mavros_r1cs: &mavros_artifacts::R1CS) -> crate::R1CS {
let num_witnesses = mavros_r1cs.witness_layout.size();
let num_constraints = mavros_r1cs.constraints.len();
diff --git a/provekit/common/src/utils/sumcheck.rs b/provekit/common/src/utils/sumcheck.rs
index f6f6ec543..207d76be4 100644
--- a/provekit/common/src/utils/sumcheck.rs
+++ b/provekit/common/src/utils/sumcheck.rs
@@ -5,7 +5,6 @@ use {
FieldElement, R1CS,
},
ark_std::{One, Zero},
- rayon::iter::{IndexedParallelIterator as _, IntoParallelRefIterator, ParallelIterator as _},
std::array,
tracing::instrument,
};
@@ -223,6 +222,7 @@ pub fn multiply_transposed_by_eq_alpha(
},
|| ct.hydrate(interner) * eq_alpha.as_slice(),
);
+
[a, b, c]
}
diff --git a/provekit/prover/Cargo.toml b/provekit/prover/Cargo.toml
index f8ab4e06e..cc6b3654f 100644
--- a/provekit/prover/Cargo.toml
+++ b/provekit/prover/Cargo.toml
@@ -9,7 +9,9 @@ homepage.workspace = true
repository.workspace = true
[features]
-default = []
+default = ["witness-generation", "parallel"]
+witness-generation = ["nargo", "bn254_blackbox_solver", "noir_artifact_cli"]
+parallel = ["provekit-common/parallel"]
[dependencies]
# Workspace crates
@@ -17,9 +19,6 @@ provekit-common.workspace = true
# Noir language
acir.workspace = true
-bn254_blackbox_solver.workspace = true
-nargo.workspace = true
-noir_artifact_cli.workspace = true
noirc_abi.workspace = true
# Cryptography and proof systems
@@ -31,6 +30,12 @@ whir.workspace = true
anyhow.workspace = true
postcard.workspace = true
tracing.workspace = true
+
+# Target-specific dependencies: only on non-WASM targets
+[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
+bn254_blackbox_solver = { workspace = true, optional = true }
+nargo = { workspace = true, optional = true }
+noir_artifact_cli = { workspace = true, optional = true }
mavros-vm.workspace = true
mavros-artifacts.workspace = true
diff --git a/provekit/prover/src/input_utils.rs b/provekit/prover/src/input_utils.rs
index 4e3d1833a..b8c2e7768 100644
--- a/provekit/prover/src/input_utils.rs
+++ b/provekit/prover/src/input_utils.rs
@@ -1,4 +1,5 @@
use {
+ anyhow::{Context, Result},
mavros_artifacts::InputValueOrdered,
noirc_abi::{
input_parser::{Format, InputValue},
@@ -18,11 +19,13 @@ pub fn read_prover_inputs(
.unwrap_or_default();
let Some(format) = Format::from_ext(ext) else {
- return Err(anyhow::anyhow!("Unsupported input extension: {}", ext));
+ anyhow::bail!("Unsupported input extension: {}", ext);
};
let inputs_src = fs::read_to_string(&file_path)?;
- let inputs: BTreeMap = format.parse(&inputs_src, abi).unwrap();
+ let inputs: BTreeMap = format
+ .parse(&inputs_src, abi)
+ .context("while parsing Prover.toml inputs")?;
Ok(inputs)
}
@@ -30,51 +33,58 @@ pub fn read_prover_inputs(
pub fn ordered_params_from_btreemap(
abi: &noirc_abi::Abi,
unordered_params: &BTreeMap,
-) -> Vec {
+) -> Result> {
let mut ordered_params = Vec::new();
for param in &abi.parameters {
let param_value = unordered_params
.get(¶m.name)
- .expect("Parameter not found in unordered params");
+ .ok_or_else(|| anyhow::anyhow!("Parameter '{}' not found in inputs", param.name))?;
- ordered_params.push(ordered_param(¶m.typ, param_value));
+ ordered_params.push(ordered_param(¶m.typ, param_value)?);
}
if let Some(return_type) = &abi.return_type {
if let Some(return_value) = unordered_params.get(MAIN_RETURN_NAME) {
- ordered_params.push(ordered_param(&return_type.abi_type, return_value));
+ ordered_params.push(ordered_param(&return_type.abi_type, return_value)?);
}
}
- ordered_params
+ Ok(ordered_params)
}
-fn ordered_param(abi_type: &AbiType, value: &InputValue) -> InputValueOrdered {
+fn ordered_param(abi_type: &AbiType, value: &InputValue) -> Result {
match (value, abi_type) {
- (InputValue::Field(elem), _) => InputValueOrdered::Field(elem.into_repr()),
+ (InputValue::Field(elem), _) => Ok(InputValueOrdered::Field(elem.into_repr())),
- (InputValue::Vec(vec_elements), AbiType::Array { typ, .. }) => InputValueOrdered::Vec(
- vec_elements
+ (InputValue::Vec(vec_elements), AbiType::Array { typ, .. }) => {
+ let items = vec_elements
.iter()
.map(|elem| ordered_param(typ, elem))
- .collect(),
- ),
- (InputValue::Struct(object), AbiType::Struct { fields, .. }) => InputValueOrdered::Struct(
- fields
+ .collect::>>()?;
+ Ok(InputValueOrdered::Vec(items))
+ }
+ (InputValue::Struct(object), AbiType::Struct { fields, .. }) => {
+ let items = fields
.iter()
.map(|(field_name, field_type)| {
- let field_value = object.get(field_name).expect("Field not found in struct");
- (field_name.clone(), ordered_param(field_type, field_value))
+ let field_value = object.get(field_name).ok_or_else(|| {
+ anyhow::anyhow!("Field '{}' not found in struct input", field_name)
+ })?;
+ Ok((field_name.clone(), ordered_param(field_type, field_value)?))
})
- .collect::>(),
- ),
- (InputValue::String(_string), _) => {
- panic!("Strings are not supported in ordered params");
+ .collect::>>()?;
+ Ok(InputValueOrdered::Struct(items))
}
-
- (InputValue::Vec(_vec_elements), AbiType::Tuple { fields: _fields }) => {
- panic!("Tuples are not supported in ordered params");
+ (InputValue::String(_), _) => {
+ anyhow::bail!("String inputs are not supported for ordered params")
+ }
+ (InputValue::Vec(_), AbiType::Tuple { .. }) => {
+ anyhow::bail!("Tuple inputs are not supported for ordered params")
}
- _ => unreachable!("value should have already been checked to match abi type"),
+ _ => anyhow::bail!(
+ "Input value does not match ABI type: {:?} vs {:?}",
+ value,
+ abi_type
+ ),
}
}
diff --git a/provekit/prover/src/lib.rs b/provekit/prover/src/lib.rs
index bbac4de0a..5f1f165de 100644
--- a/provekit/prover/src/lib.rs
+++ b/provekit/prover/src/lib.rs
@@ -7,32 +7,45 @@ use {
},
acir::native_types::WitnessMap,
anyhow::{Context, Result},
- bn254_blackbox_solver::Bn254BlackBoxSolver,
- mavros_vm::interpreter as mavros_interpreter,
- nargo::foreign_calls::DefaultForeignCallBuilder,
- noir_artifact_cli::fs::inputs::read_inputs_from_file,
- noirc_abi::InputMap,
provekit_common::{
- FieldElement, MavrosProver, NoirElement, NoirProof, NoirProver, Prover, PublicInputs,
- TranscriptSponge,
+ FieldElement, NoirElement, NoirProof, NoirProver, Prover, PublicInputs, TranscriptSponge,
},
- std::{mem::size_of, path::Path},
+ std::mem::size_of,
tracing::{debug, info_span, instrument},
- whir::transcript::{codecs::Empty, ProverState, VerifierMessage},
+ whir::transcript::{codecs::Empty, ProverState},
+};
+#[cfg(all(feature = "witness-generation", not(target_arch = "wasm32")))]
+use {
+ bn254_blackbox_solver::Bn254BlackBoxSolver, nargo::foreign_calls::DefaultForeignCallBuilder,
+ noir_artifact_cli::fs::inputs::read_inputs_from_file, noirc_abi::InputMap,
+};
+#[cfg(not(target_arch = "wasm32"))]
+use {
+ mavros_vm::interpreter as mavros_interpreter, provekit_common::MavrosProver, std::path::Path,
+ whir::transcript::VerifierMessage,
};
+#[cfg(not(target_arch = "wasm32"))]
pub mod input_utils;
mod r1cs;
mod whir_r1cs;
mod witness;
+/// `prove` and `prove_with_toml` are native-only (cfg-gated out on wasm32).
+/// `prove_with_witness` is available on all targets. `MavrosProver` does not
+/// support `prove_with_witness` (errors at runtime).
pub trait Prove {
+ #[cfg(all(feature = "witness-generation", not(target_arch = "wasm32")))]
fn prove(self, input_map: InputMap) -> Result;
+ #[cfg(all(feature = "witness-generation", not(target_arch = "wasm32")))]
fn prove_with_toml(self, prover_toml: impl AsRef) -> Result;
+
+ fn prove_with_witness(self, witness: WitnessMap) -> Result;
}
#[instrument(skip_all)]
+#[cfg(all(feature = "witness-generation", not(target_arch = "wasm32")))]
fn generate_noir_witness(
prover: &mut NoirProver,
input_map: InputMap,
@@ -64,11 +77,28 @@ fn generate_noir_witness(
}
impl Prove for NoirProver {
+ #[cfg(all(feature = "witness-generation", not(target_arch = "wasm32")))]
#[instrument(skip_all)]
fn prove(mut self, input_map: InputMap) -> Result {
+ let witness = generate_noir_witness(&mut self, input_map)?;
+ self.prove_with_witness(witness)
+ }
+
+ #[cfg(all(feature = "witness-generation", not(target_arch = "wasm32")))]
+ #[instrument(skip_all)]
+ fn prove_with_toml(self, prover_toml: impl AsRef) -> Result {
+ let (input_map, _return_value) =
+ read_inputs_from_file(prover_toml.as_ref(), self.witness_generator.abi())?;
+ self.prove(input_map)
+ }
+
+ #[instrument(skip_all)]
+ fn prove_with_witness(
+ self,
+ acir_witness_idx_to_value_map: WitnessMap,
+ ) -> Result {
provekit_common::register_ntt();
- let acir_witness_idx_to_value_map = generate_noir_witness(&mut self, input_map)?;
let num_public_inputs = self.program.functions[0].public_inputs().indices().len();
drop(self.program);
drop(self.witness_generator);
@@ -205,21 +235,15 @@ impl Prove for NoirProver {
whir_r1cs_proof,
})
}
-
- #[instrument(skip_all)]
- fn prove_with_toml(self, prover_toml: impl AsRef) -> Result {
- let (input_map, _return_value) =
- read_inputs_from_file(prover_toml.as_ref(), self.witness_generator.abi())?;
- self.prove(input_map)
- }
}
+#[cfg(not(target_arch = "wasm32"))]
impl Prove for MavrosProver {
- #[instrument(skip_all)]
+ #[cfg(feature = "witness-generation")]
fn prove(mut self, input_map: InputMap) -> Result {
provekit_common::register_ntt();
- let params = crate::input_utils::ordered_params_from_btreemap(&self.abi, &input_map);
+ let params = crate::input_utils::ordered_params_from_btreemap(&self.abi, &input_map)?;
let phase1 = mavros_interpreter::run_phase1(
&mut self.witgen_binary,
self.witness_layout,
@@ -304,6 +328,7 @@ impl Prove for MavrosProver {
})
}
+ #[cfg(feature = "witness-generation")]
#[instrument(skip_all)]
fn prove_with_toml(self, prover_toml: impl AsRef) -> Result {
let project_path = prover_toml
@@ -315,22 +340,40 @@ impl Prove for MavrosProver {
crate::input_utils::read_prover_inputs(&project_path.to_path_buf(), &self.abi)?;
self.prove(input_map)
}
+
+ fn prove_with_witness(self, _witness: WitnessMap) -> Result {
+ Err(anyhow::anyhow!(
+ "prove_with_witness is not supported for Mavros prover"
+ ))
+ }
}
impl Prove for Prover {
+ #[cfg(all(feature = "witness-generation", not(target_arch = "wasm32")))]
fn prove(self, input_map: InputMap) -> Result {
match self {
Prover::Noir(p) => p.prove(input_map),
Prover::Mavros(p) => p.prove(input_map),
}
}
+
+ #[cfg(all(feature = "witness-generation", not(target_arch = "wasm32")))]
fn prove_with_toml(self, prover_toml: impl AsRef) -> Result {
match self {
Prover::Noir(p) => p.prove_with_toml(prover_toml),
Prover::Mavros(p) => p.prove_with_toml(prover_toml),
}
}
-}
-#[cfg(test)]
-mod tests {}
+ fn prove_with_witness(self, witness: WitnessMap) -> Result {
+ match self {
+ Prover::Noir(p) => p.prove_with_witness(witness),
+ #[cfg(not(target_arch = "wasm32"))]
+ Prover::Mavros(p) => p.prove_with_witness(witness),
+ #[cfg(target_arch = "wasm32")]
+ Prover::Mavros(_) => {
+ anyhow::bail!("Mavros prover is not supported on WASM")
+ }
+ }
+ }
+}
diff --git a/provekit/prover/src/whir_r1cs.rs b/provekit/prover/src/whir_r1cs.rs
index 08920f3bd..6532a772a 100644
--- a/provekit/prover/src/whir_r1cs.rs
+++ b/provekit/prover/src/whir_r1cs.rs
@@ -2,8 +2,6 @@ use {
anyhow::{ensure, Result},
ark_ff::UniformRand,
ark_std::{One, Zero},
- mavros_artifacts::{ConstraintsLayout, WitnessLayout},
- mavros_vm::interpreter::Phase1Result,
provekit_common::{
prefix_covector::{
build_prefix_covectors, compute_alpha_evals, compute_public_eval, expand_powers,
@@ -29,6 +27,11 @@ use {
transcript::{ProverState, VerifierMessage},
},
};
+#[cfg(not(target_arch = "wasm32"))]
+use {
+ mavros_artifacts::{ConstraintsLayout, WitnessLayout},
+ mavros_vm::interpreter::Phase1Result,
+};
pub struct BlindingState {
pub polynomial: Vec<[FieldElement; 4]>,
@@ -60,6 +63,7 @@ pub trait WhirR1CSProver {
public_inputs: &PublicInputs,
) -> Result;
+ #[cfg(not(target_arch = "wasm32"))]
fn prove_mavros(
&self,
merlin: ProverState,
@@ -181,6 +185,7 @@ impl WhirR1CSProver for WhirR1CSScheme {
)
}
+ #[cfg(not(target_arch = "wasm32"))]
#[instrument(skip_all)]
fn prove_mavros(
&self,
@@ -199,10 +204,11 @@ impl WhirR1CSProver for WhirR1CSScheme {
.as_ref()
.expect("c1 must carry blinding state");
+ let [a, b, c] = [phase1.out_a, phase1.out_b, phase1.out_c];
let (alpha, blinding_eval) = run_zk_sumcheck_prover(
- phase1.out_a,
- phase1.out_b,
- phase1.out_c,
+ a,
+ b,
+ c,
&mut merlin,
self.m_0,
&blinding.polynomial,
diff --git a/provekit/r1cs-compiler/Cargo.toml b/provekit/r1cs-compiler/Cargo.toml
index 8752fd2cf..05630a4dd 100644
--- a/provekit/r1cs-compiler/Cargo.toml
+++ b/provekit/r1cs-compiler/Cargo.toml
@@ -8,9 +8,6 @@ license.workspace = true
homepage.workspace = true
repository.workspace = true
-[features]
-default = []
-
[dependencies]
# Workspace crates
provekit-common.workspace = true
diff --git a/rust-toolchain.toml b/rust-toolchain.toml
index 343270f65..d895a33cf 100644
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@@ -1,3 +1,4 @@
[toolchain]
channel = "nightly-2026-03-04"
-components = ["rustfmt", "rust-analyzer", "clippy"]
+components = ["rustfmt", "rust-analyzer", "clippy", "rust-src"]
+targets = ["wasm32-unknown-unknown"]
diff --git a/tooling/cli/Cargo.toml b/tooling/cli/Cargo.toml
index 4e88e0918..59369b84d 100644
--- a/tooling/cli/Cargo.toml
+++ b/tooling/cli/Cargo.toml
@@ -12,7 +12,7 @@ repository.workspace = true
# Workspace crates
provekit-common.workspace = true
provekit-gnark.workspace = true
-provekit-prover.workspace = true
+provekit-prover = { workspace = true, features = ["witness-generation", "parallel"] }
provekit-r1cs-compiler.workspace = true
provekit-verifier.workspace = true
diff --git a/tooling/cli/src/cmd/prepare.rs b/tooling/cli/src/cmd/prepare.rs
index a491e69bc..814371eb3 100644
--- a/tooling/cli/src/cmd/prepare.rs
+++ b/tooling/cli/src/cmd/prepare.rs
@@ -84,13 +84,11 @@ impl Command for Args {
}
};
- write(
- &Prover::from_noir_proof_scheme(scheme.clone()),
- &self.pkp_path,
- )
- .context("while writing Provekit Prover")?;
- write(&Verifier::from_noir_proof_scheme(scheme), &self.pkv_path)
- .context("while writing Provekit Verifier")?;
+ let prover = Prover::from_noir_proof_scheme(scheme.clone());
+ let verifier = Verifier::from_noir_proof_scheme(scheme);
+
+ write(&prover, &self.pkp_path).context("while writing Provekit Prover")?;
+ write(&verifier, &self.pkv_path).context("while writing Provekit Verifier")?;
Ok(())
}
}
diff --git a/tooling/provekit-bench/Cargo.toml b/tooling/provekit-bench/Cargo.toml
index 52b52b57d..043abb280 100644
--- a/tooling/provekit-bench/Cargo.toml
+++ b/tooling/provekit-bench/Cargo.toml
@@ -11,7 +11,7 @@ repository.workspace = true
[dependencies]
# Workspace crates
provekit-common.workspace = true
-provekit-prover.workspace = true
+provekit-prover = { workspace = true, features = ["witness-generation", "parallel"] }
provekit-r1cs-compiler.workspace = true
provekit-verifier.workspace = true
@@ -35,5 +35,3 @@ workspace = true
name = "bench"
harness = false
-[features]
-default = []
\ No newline at end of file
diff --git a/tooling/provekit-ffi/Cargo.toml b/tooling/provekit-ffi/Cargo.toml
index e699ea6a9..e0d1fe318 100644
--- a/tooling/provekit-ffi/Cargo.toml
+++ b/tooling/provekit-ffi/Cargo.toml
@@ -14,7 +14,7 @@ crate-type = ["staticlib"]
[dependencies]
# Workspace crates
provekit-common.workspace = true
-provekit-prover.workspace = true
+provekit-prover = { workspace = true, features = ["witness-generation", "parallel"] }
# 3rd party
anyhow.workspace = true
diff --git a/tooling/provekit-wasm/Cargo.toml b/tooling/provekit-wasm/Cargo.toml
new file mode 100644
index 000000000..44c7b271d
--- /dev/null
+++ b/tooling/provekit-wasm/Cargo.toml
@@ -0,0 +1,55 @@
+# WASM build:
+# cargo build --release --target wasm32-unknown-unknown -p provekit-wasm -Z build-std=panic_abort,std
+# wasm-bindgen --target web --out-dir tooling/provekit-wasm/pkg target/wasm32-unknown-unknown/release/provekit_wasm.wasm
+# wasm-opt -O3 --enable-simd --enable-threads --enable-bulk-memory --enable-mutable-globals --enable-nontrapping-float-to-int --enable-sign-ext --fast-math --low-memory-unused -o pkg/provekit_wasm_bg.wasm pkg/provekit_wasm_bg.wasm
+#
+# RUSTFLAGS and linker args are in .cargo/config.toml under [target.wasm32-unknown-unknown].
+# The browser must serve with Cross-Origin-Opener-Policy: same-origin and
+# Cross-Origin-Embedder-Policy: require-corp headers for SharedArrayBuffer.
+
+[package]
+name = "provekit-wasm"
+version = "0.1.0"
+edition.workspace = true
+rust-version.workspace = true
+authors.workspace = true
+license.workspace = true
+homepage.workspace = true
+repository.workspace = true
+
+[lib]
+crate-type = ["cdylib", "rlib"]
+
+[dependencies]
+# Workspace crates - enable parallel features with wasm-bindgen-rayon
+provekit-common.workspace = true
+provekit-prover = { workspace = true, default-features = false, features = ["parallel"] }
+provekit-verifier.workspace = true
+
+# Noir language
+acir.workspace = true
+
+
+# 3rd party
+anyhow.workspace = true
+base64.workspace = true
+console_error_panic_hook.workspace = true
+getrandom.workspace = true # Enable js feature for WASM via feature unification (v0.2)
+getrandom03.workspace = true # Enable wasm_js feature for WASM via feature unification (v0.3)
+hex.workspace = true
+js-sys.workspace = true
+lzma-rs.workspace = true
+postcard.workspace = true
+ruzstd.workspace = true # Pure-Rust Zstd decompressor (native crate zstd uses C bindings, incompatible with WASM)
+serde_json.workspace = true
+serde-wasm-bindgen.workspace = true
+wasm-bindgen.workspace = true
+
+# WASM parallelism via Web Workers
+wasm-bindgen-rayon.workspace = true
+
+[package.metadata.cargo-machete]
+ignored = ["getrandom", "getrandom03"]
+
+[lints]
+workspace = true
diff --git a/tooling/provekit-wasm/src/format.rs b/tooling/provekit-wasm/src/format.rs
new file mode 100644
index 000000000..b96b36595
--- /dev/null
+++ b/tooling/provekit-wasm/src/format.rs
@@ -0,0 +1,210 @@
+use {
+ provekit_common::{
+ binary_format::{
+ HEADER_SIZE, MAGIC_BYTES, PROVER_FORMAT, PROVER_VERSION, VERIFIER_FORMAT,
+ VERIFIER_VERSION, XZ_MAGIC, ZSTD_MAGIC,
+ },
+ Prover, Verifier,
+ },
+ wasm_bindgen::prelude::*,
+};
+
+pub(crate) fn parse_binary_header<'a>(
+ data: &'a [u8],
+ expected_format: &[u8; 8],
+ (expected_major, min_minor): (u16, u16),
+ label: &str,
+) -> Result<&'a [u8], JsError> {
+ parse_binary_header_impl(data, expected_format, (expected_major, min_minor), label)
+ .map_err(|msg| JsError::new(&msg))
+}
+
+fn parse_binary_header_impl<'a>(
+ data: &'a [u8],
+ expected_format: &[u8; 8],
+ (expected_major, min_minor): (u16, u16),
+ label: &str,
+) -> Result<&'a [u8], String> {
+ if data.len() < HEADER_SIZE {
+ return Err(format!("{label} data too short for binary format"));
+ }
+ if &data[..8] != MAGIC_BYTES {
+ return Err(format!("Invalid magic bytes in {label} data"));
+ }
+ if &data[8..16] != expected_format {
+ return Err(format!("Invalid format identifier in {label} data"));
+ }
+
+ let major = u16::from_le_bytes([data[16], data[17]]);
+ let minor = u16::from_le_bytes([data[18], data[19]]);
+ if major != expected_major {
+ return Err(format!(
+ "Incompatible {label} format: major version {major}, expected {expected_major}"
+ ));
+ }
+ if minor < min_minor {
+ return Err(format!(
+ "Incompatible {label} format: minor version {minor}, expected >= {min_minor}"
+ ));
+ }
+
+ Ok(&data[HEADER_SIZE..])
+}
+
+pub(crate) fn decompress(data: &[u8]) -> Result, JsError> {
+ decompress_impl(data).map_err(|msg| JsError::new(&msg))
+}
+
+fn decompress_impl(data: &[u8]) -> Result, String> {
+ if data.len() >= 4 && data[..4] == ZSTD_MAGIC {
+ let mut decoder = ruzstd::decoding::StreamingDecoder::new(std::io::Cursor::new(data))
+ .map_err(|e| format!("Failed to init Zstd decoder: {e}"))?;
+ let hint = usize::try_from(decoder.decoder.content_size()).unwrap_or(0);
+ let mut out = Vec::with_capacity(hint);
+ std::io::Read::read_to_end(&mut decoder, &mut out)
+ .map_err(|e| format!("Failed to decompress Zstd data: {e}"))?;
+ Ok(out)
+ } else if data.len() >= 6 && data[..6] == XZ_MAGIC {
+ let mut out = Vec::new();
+ lzma_rs::xz_decompress(&mut std::io::Cursor::new(data), &mut out)
+ .map_err(|e| format!("Failed to decompress XZ data: {e}"))?;
+ Ok(out)
+ } else {
+ Err(format!(
+ "Unknown compression format (first bytes: {:02X?})",
+ &data[..data.len().min(6)]
+ ))
+ }
+}
+
+/// Parses a binary prover artifact (.pkp format).
+pub fn parse_binary_prover(data: &[u8]) -> Result {
+ let payload = parse_binary_header(data, &PROVER_FORMAT, PROVER_VERSION, "prover")?;
+ let decompressed = decompress(payload)?;
+ postcard::from_bytes(&decompressed)
+ .map_err(|err| JsError::new(&format!("Failed to deserialize prover data: {err}")))
+}
+
+/// Parses a binary verifier artifact (.pkv format).
+pub fn parse_binary_verifier(data: &[u8]) -> Result {
+ let payload = parse_binary_header(data, &VERIFIER_FORMAT, VERIFIER_VERSION, "verifier")?;
+ let decompressed = decompress(payload)?;
+ postcard::from_bytes(&decompressed)
+ .map_err(|err| JsError::new(&format!("Failed to deserialize verifier data: {err}")))
+}
+
+#[cfg(test)]
+mod tests {
+ use {
+ super::*,
+ ruzstd::encoding::{compress_to_vec, CompressionLevel},
+ };
+
+ fn build_header(
+ format: [u8; 8],
+ version: (u16, u16),
+ hash_config: u8,
+ payload: &[u8],
+ ) -> Vec {
+ let mut data = Vec::with_capacity(HEADER_SIZE + payload.len());
+ data.extend_from_slice(MAGIC_BYTES);
+ data.extend_from_slice(&format);
+ data.extend_from_slice(&version.0.to_le_bytes());
+ data.extend_from_slice(&version.1.to_le_bytes());
+ data.push(hash_config);
+ data.extend_from_slice(payload);
+ data
+ }
+
+ #[test]
+ fn parse_binary_header_accepts_valid_header() {
+ let payload = b"payload-bytes";
+ let data = build_header(PROVER_FORMAT, PROVER_VERSION, 0xff, payload);
+
+ let parsed = parse_binary_header(&data, &PROVER_FORMAT, PROVER_VERSION, "prover").unwrap();
+
+ assert_eq!(parsed, payload);
+ }
+
+ #[test]
+ fn parse_binary_header_rejects_magic_mismatch() {
+ let mut data = build_header(PROVER_FORMAT, PROVER_VERSION, 0xff, b"x");
+ data[0] ^= 0x01;
+
+ let err =
+ parse_binary_header_impl(&data, &PROVER_FORMAT, PROVER_VERSION, "prover").unwrap_err();
+ assert!(err.contains("Invalid magic bytes in prover data"));
+ }
+
+ #[test]
+ fn parse_binary_header_rejects_format_mismatch() {
+ let data = build_header(VERIFIER_FORMAT, PROVER_VERSION, 0xff, b"x");
+
+ let err =
+ parse_binary_header_impl(&data, &PROVER_FORMAT, PROVER_VERSION, "prover").unwrap_err();
+ assert!(err.contains("Invalid format identifier in prover data"));
+ }
+
+ #[test]
+ fn parse_binary_header_rejects_major_version_mismatch() {
+ let bad_major = (PROVER_VERSION.0 + 1, PROVER_VERSION.1);
+ let data = build_header(PROVER_FORMAT, bad_major, 0xff, b"x");
+
+ let err =
+ parse_binary_header_impl(&data, &PROVER_FORMAT, PROVER_VERSION, "prover").unwrap_err();
+ assert!(err.contains("Incompatible prover format: major version"));
+ }
+
+ #[test]
+ fn parse_binary_header_rejects_minor_version_too_low() {
+ let min_minor = PROVER_VERSION.1 + 1;
+ let data = build_header(PROVER_FORMAT, PROVER_VERSION, 0xff, b"x");
+
+ let err = parse_binary_header_impl(
+ &data,
+ &PROVER_FORMAT,
+ (PROVER_VERSION.0, min_minor),
+ "prover",
+ )
+ .unwrap_err();
+ assert!(err.contains("Incompatible prover format: minor version"));
+ }
+
+ #[test]
+ fn parse_binary_header_rejects_data_too_short() {
+ let too_short = vec![0_u8; HEADER_SIZE - 1];
+
+ let err = parse_binary_header_impl(&too_short, &PROVER_FORMAT, PROVER_VERSION, "prover")
+ .unwrap_err();
+ assert!(err.contains("prover data too short for binary format"));
+ }
+
+ #[test]
+ fn decompress_rejects_unknown_magic() {
+ let err = decompress_impl(b"\x01\x02\x03\x04").unwrap_err();
+ assert!(err.contains("Unknown compression format"));
+ }
+
+ #[test]
+ fn decompress_roundtrips_zstd_data() {
+ let payload = b"provekit-zstd-roundtrip";
+ let compressed = compress_to_vec(payload.as_slice(), CompressionLevel::Fastest);
+
+ assert_eq!(&compressed[..4], ZSTD_MAGIC.as_slice());
+
+ let decompressed = decompress_impl(&compressed).unwrap();
+ assert_eq!(decompressed, payload);
+ }
+
+ #[test]
+ fn decompress_roundtrips_xz_data() {
+ let payload = b"provekit-xz-roundtrip";
+ let mut compressed = Vec::new();
+ lzma_rs::xz_compress(&mut std::io::Cursor::new(payload), &mut compressed).unwrap();
+
+ assert_eq!(&compressed[..6], XZ_MAGIC.as_slice());
+
+ let decompressed = decompress_impl(&compressed).unwrap();
+ assert_eq!(decompressed, payload);
+ }
+}
diff --git a/tooling/provekit-wasm/src/lib.rs b/tooling/provekit-wasm/src/lib.rs
new file mode 100644
index 000000000..884d02632
--- /dev/null
+++ b/tooling/provekit-wasm/src/lib.rs
@@ -0,0 +1,32 @@
+//! WebAssembly bindings for ProveKit.
+//!
+//! # Example
+//!
+//! ```javascript
+//! import { initPanicHook, initThreadPool, Prover } from "./pkg/provekit_wasm.js";
+//!
+//! // Initialize panic hook and thread pool
+//! initPanicHook();
+//! await initThreadPool(navigator.hardwareConcurrency);
+//!
+//! // Load prover artifact (.pkp file — same as native CLI uses)
+//! const proverBin = new Uint8Array(await (await fetch("/prover.pkp")).arrayBuffer());
+//! const prover = new Prover(proverBin);
+//!
+//! // Extract circuit for noir_js witness generation
+//! const circuitJson = JSON.parse(new TextDecoder().decode(prover.getCircuit()));
+//! const noir = new Noir(circuitJson);
+//! const { witness } = await noir.execute(inputs);
+//! const proof = prover.proveBytes(decompressWitness(witness)[0].witness);
+//! ```
+
+mod format;
+mod prover;
+mod verifier;
+
+pub use wasm_bindgen_rayon::init_thread_pool;
+
+#[wasm_bindgen::prelude::wasm_bindgen(js_name = initPanicHook)]
+pub fn init_panic_hook() {
+ console_error_panic_hook::set_once();
+}
diff --git a/tooling/provekit-wasm/src/prover.rs b/tooling/provekit-wasm/src/prover.rs
new file mode 100644
index 000000000..e14d70a52
--- /dev/null
+++ b/tooling/provekit-wasm/src/prover.rs
@@ -0,0 +1,285 @@
+use {
+ crate::format::parse_binary_prover,
+ acir::{
+ circuit::Program,
+ native_types::{Witness, WitnessMap},
+ AcirField, FieldElement,
+ },
+ anyhow::Context,
+ base64::{engine::general_purpose::STANDARD as BASE64, Engine as _},
+ provekit_common::{
+ binary_format::{HEADER_SIZE, MAGIC_BYTES},
+ NoirElement, NoirProof, Prover as ProverCore,
+ },
+ provekit_prover::Prove,
+ std::{cell::RefCell, collections::BTreeMap},
+ wasm_bindgen::prelude::*,
+};
+
+/// WASM bindings for proof generation. Consumed after `proveBytes`/`proveJs`.
+#[wasm_bindgen]
+pub struct Prover {
+ inner: Option,
+}
+
+#[wasm_bindgen]
+impl Prover {
+ #[wasm_bindgen(constructor)]
+ pub fn new(prover_data: &[u8]) -> Result {
+ let is_binary = prover_data.len() >= HEADER_SIZE && &prover_data[..8] == MAGIC_BYTES;
+
+ let inner = if is_binary {
+ parse_binary_prover(prover_data)?
+ } else {
+ serde_json::from_slice(prover_data).map_err(|err| {
+ JsError::new(&format!(
+ "Failed to parse prover JSON: {err}. Data length: {}, first bytes: {:02X?}",
+ prover_data.len(),
+ &prover_data[..prover_data.len().min(20)]
+ ))
+ })?
+ };
+ Ok(Self { inner: Some(inner) })
+ }
+
+ /// `witness_map`: JS `Map` or plain object `{ "0": "0xhex…"
+ /// }`.
+ #[wasm_bindgen(js_name = proveBytes)]
+ pub fn prove_bytes(&mut self, witness_map: JsValue) -> Result, JsError> {
+ let proof = self.prove_inner(witness_map)?;
+ serde_json::to_vec(&proof)
+ .map(|bytes| bytes.into_boxed_slice())
+ .map_err(|err| JsError::new(&format!("Failed to serialize proof to JSON: {err}")))
+ }
+
+ #[wasm_bindgen(js_name = proveJs)]
+ pub fn prove_js(&mut self, witness_map: JsValue) -> Result {
+ let proof = self.prove_inner(witness_map)?;
+ serde_wasm_bindgen::to_value(&proof)
+ .map_err(|err| JsError::new(&format!("Failed to convert proof to JsValue: {err}")))
+ }
+
+ /// Returns circuit JSON for `@noir-lang/noir_js`.
+ ///
+ /// ```js
+ /// const prover = new Prover(pkpBytes);
+ /// const circuitJson = JSON.parse(new TextDecoder().decode(prover.getCircuit()));
+ /// const noir = new Noir(circuitJson);
+ /// ```
+ #[wasm_bindgen(js_name = getCircuit)]
+ pub fn get_circuit(&self) -> Result, JsError> {
+ let noir_prover = match self.inner_ref()? {
+ ProverCore::Noir(p) => p,
+ ProverCore::Mavros(_) => {
+ return Err(JsError::new("Only Noir provers are supported in WASM"))
+ }
+ };
+
+ let program_bytes = Program::::serialize_program(&noir_prover.program);
+ let bytecode_b64 = BASE64.encode(&program_bytes);
+
+ let abi_json = serde_json::to_value(&noir_prover.witness_generator.abi)
+ .map_err(|e| JsError::new(&format!("Failed to serialize ABI: {e}")))?;
+
+ let circuit = serde_json::json!({
+ "abi": abi_json,
+ "bytecode": bytecode_b64,
+ });
+
+ serde_json::to_vec(&circuit)
+ .map(|b| b.into_boxed_slice())
+ .map_err(|e| JsError::new(&format!("Failed to serialize circuit JSON: {e}")))
+ }
+
+ #[wasm_bindgen(js_name = getNumConstraints)]
+ pub fn get_num_constraints(&self) -> Result {
+ Ok(self.inner_ref()?.size().0)
+ }
+
+ #[wasm_bindgen(js_name = getNumWitnesses)]
+ pub fn get_num_witnesses(&self) -> Result {
+ Ok(self.inner_ref()?.size().1)
+ }
+}
+
+impl Prover {
+ fn inner_ref(&self) -> Result<&ProverCore, JsError> {
+ self.inner
+ .as_ref()
+ .ok_or_else(|| JsError::new("Prover has been consumed by a previous prove() call"))
+ }
+
+ fn prove_inner(&mut self, witness_map: JsValue) -> Result {
+ let witness = parse_witness_map(witness_map)?;
+ let inner = self
+ .inner
+ .take()
+ .ok_or_else(|| JsError::new("Prover has been consumed by a previous prove() call"))?;
+ inner
+ .prove_with_witness(witness)
+ .context("Failed to generate proof")
+ .map_err(|err| JsError::new(&format!("{err:#}")))
+ }
+}
+
+/// Max byte length for a BN254 field element (32 bytes = 64 hex chars).
+pub(crate) const MAX_FIELD_ELEMENT_BYTES: usize = 32;
+
+/// Accepts a JS `Map` or a plain object `{ "idx":
+/// "0xhex…" }`.
+pub(crate) fn parse_witness_map(js_value: JsValue) -> Result, JsError> {
+ let map: BTreeMap = if js_value.is_instance_of::() {
+ js_map_to_btree(&js_sys::Map::from(js_value))?
+ } else {
+ serde_wasm_bindgen::from_value(js_value).map_err(|err| {
+ JsError::new(&format!(
+ "Expected a Map or plain object mapping witness indices to hex strings: {err}"
+ ))
+ })?
+ };
+
+ parse_witness_map_entries(map)
+}
+
+fn parse_witness_map_entries(
+ map: BTreeMap,
+) -> Result, JsError> {
+ parse_witness_map_entries_impl(map).map_err(|msg| JsError::new(&msg))
+}
+
+fn parse_witness_map_entries_impl(
+ map: BTreeMap,
+) -> Result, String> {
+ if map.is_empty() {
+ return Err("Witness map is empty".to_owned());
+ }
+
+ let mut witness_map = WitnessMap::new();
+
+ for (index_str, hex_value) in map {
+ let index: u32 = index_str
+ .parse()
+ .map_err(|err| format!("Failed to parse witness index '{index_str}': {err}"))?;
+
+ let hex_str = hex_value.trim_start_matches("0x");
+
+ let bytes = hex::decode(hex_str)
+ .map_err(|err| format!("Failed to parse hex string at index {index}: {err}"))?;
+
+ if bytes.len() > MAX_FIELD_ELEMENT_BYTES {
+ return Err(format!(
+ "Hex value at index {index} is {} bytes, exceeds BN254 field element size (32 \
+ bytes)",
+ bytes.len()
+ ));
+ }
+
+ let field_element = FieldElement::from_be_bytes_reduce(&bytes);
+ witness_map.insert(Witness(index), field_element);
+ }
+
+ Ok(witness_map)
+}
+
+/// Converts a JS `Map` to `BTreeMap`, handling numeric and
+/// string keys and Witness objects with an `inner` property.
+fn js_map_to_btree(map: &js_sys::Map) -> Result, JsError> {
+ let mut result = BTreeMap::new();
+ let err: RefCell> = RefCell::new(None);
+
+ map.for_each(&mut |value: JsValue, key: JsValue| {
+ if err.borrow().is_some() {
+ return;
+ }
+
+ let key_str = if let Some(n) = key.as_f64() {
+ (n as u32).to_string()
+ } else if let Some(s) = key.as_string() {
+ s
+ } else if let Ok(inner) = js_sys::Reflect::get(&key, &"inner".into()) {
+ if let Some(n) = inner.as_f64() {
+ (n as u32).to_string()
+ } else {
+ *err.borrow_mut() = Some(format!("Map key has non-numeric .inner property"));
+ return;
+ }
+ } else {
+ *err.borrow_mut() = Some(format!("Unsupported Map key type"));
+ return;
+ };
+
+ let val_str = match value.as_string() {
+ Some(s) => s,
+ None => {
+ *err.borrow_mut() = Some(format!("Map value at key {key_str} is not a string"));
+ return;
+ }
+ };
+
+ result.insert(key_str, val_str);
+ });
+
+ if let Some(msg) = err.into_inner() {
+ return Err(JsError::new(&msg));
+ }
+ Ok(result)
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+
+ fn witness_map_from_pairs(pairs: &[(&str, &str)]) -> BTreeMap {
+ pairs
+ .iter()
+ .map(|(k, v)| ((*k).to_owned(), (*v).to_owned()))
+ .collect()
+ }
+
+ #[test]
+ fn max_field_element_bytes_is_32() {
+ assert_eq!(MAX_FIELD_ELEMENT_BYTES, 32);
+ }
+
+ #[test]
+ fn parse_witness_map_entries_parses_valid_hex_values() {
+ let input = witness_map_from_pairs(&[("1", "0x01"), ("2", "ff")]);
+
+ let parsed = parse_witness_map_entries(input).unwrap();
+
+ assert_eq!(parsed.get(&Witness(1)), Some(&FieldElement::from(1_u128)));
+ assert_eq!(parsed.get(&Witness(2)), Some(&FieldElement::from(255_u128)));
+ }
+
+ #[test]
+ fn parse_witness_map_entries_rejects_empty_map() {
+ let err = parse_witness_map_entries_impl(BTreeMap::new()).unwrap_err();
+ assert!(err.contains("Witness map is empty"));
+ }
+
+ #[test]
+ fn parse_witness_map_entries_rejects_invalid_index() {
+ let input = witness_map_from_pairs(&[("abc", "0x01")]);
+
+ let err = parse_witness_map_entries_impl(input).unwrap_err();
+ assert!(err.contains("Failed to parse witness index 'abc'"));
+ }
+
+ #[test]
+ fn parse_witness_map_entries_rejects_invalid_hex() {
+ let input = witness_map_from_pairs(&[("1", "0xzz")]);
+
+ let err = parse_witness_map_entries_impl(input).unwrap_err();
+ assert!(err.contains("Failed to parse hex string at index 1"));
+ }
+
+ #[test]
+ fn parse_witness_map_entries_rejects_too_many_bytes() {
+ let too_long_hex = format!("0x{}", "11".repeat(MAX_FIELD_ELEMENT_BYTES + 1));
+ let mut input = BTreeMap::new();
+ input.insert("5".to_owned(), too_long_hex);
+
+ let err = parse_witness_map_entries_impl(input).unwrap_err();
+ assert!(err.contains("exceeds BN254 field element size (32 bytes)"));
+ }
+}
diff --git a/tooling/provekit-wasm/src/verifier.rs b/tooling/provekit-wasm/src/verifier.rs
new file mode 100644
index 000000000..85b555cab
--- /dev/null
+++ b/tooling/provekit-wasm/src/verifier.rs
@@ -0,0 +1,60 @@
+use {
+ crate::format::parse_binary_verifier,
+ provekit_common::{
+ binary_format::{HEADER_SIZE, MAGIC_BYTES},
+ NoirProof, Verifier as VerifierCore,
+ },
+ provekit_verifier::Verify,
+ wasm_bindgen::prelude::*,
+};
+
+/// WASM bindings for proof verification. Reusable across multiple proofs.
+#[wasm_bindgen]
+pub struct Verifier {
+ inner: VerifierCore,
+}
+
+#[wasm_bindgen]
+impl Verifier {
+ /// Creates a new verifier from a `.pkv` verifier artifact.
+ #[wasm_bindgen(constructor)]
+ pub fn new(verifier_data: &[u8]) -> Result {
+ let is_binary = verifier_data.len() >= HEADER_SIZE && &verifier_data[..8] == MAGIC_BYTES;
+
+ let inner = if is_binary {
+ parse_binary_verifier(verifier_data)?
+ } else {
+ serde_json::from_slice(verifier_data)
+ .map_err(|err| JsError::new(&format!("Failed to parse verifier JSON: {err}")))?
+ };
+ Ok(Self { inner })
+ }
+
+ /// Verifies a proof provided as JSON bytes. The verifier is **not**
+ /// consumed.
+ #[wasm_bindgen(js_name = verifyBytes)]
+ pub fn verify_bytes(&self, proof_json: &[u8]) -> Result<(), JsError> {
+ let proof: NoirProof = serde_json::from_slice(proof_json)
+ .map_err(|err| JsError::new(&format!("Failed to parse proof JSON: {err}")))?;
+ self.verify_proof(&proof)
+ }
+
+ /// Verifies a proof provided as a JavaScript object. The verifier is
+ /// **not** consumed.
+ #[wasm_bindgen(js_name = verifyJs)]
+ pub fn verify_js(&self, proof: JsValue) -> Result<(), JsError> {
+ let proof: NoirProof = serde_wasm_bindgen::from_value(proof)
+ .map_err(|err| JsError::new(&format!("Failed to parse proof: {err}")))?;
+ self.verify_proof(&proof)
+ }
+}
+
+impl Verifier {
+ fn verify_proof(&self, proof: &NoirProof) -> Result<(), JsError> {
+ // Clone so the core verifier's .take() consumption doesn't prevent reuse.
+ let mut verifier = self.inner.clone();
+ verifier
+ .verify(proof)
+ .map_err(|err| JsError::new(&format!("{err:#}")))
+ }
+}