Home / Docs / API / Development / Operations / Regression / Config
Raiko2 is a Shasta proof service for Taiko. It builds canonical guest inputs from RPC data, validates them, runs local or remote proving routes, and exposes an asynchronous Hoodi-compatible v3 API plus a typed v4 proposal-side proof endpoint.
- Asynchronous Hoodi-compatible v3 API plus a typed v4 proposal-side proof endpoint
- Canonical routes:
native/local,risc0/local,risc0/network,sp1/local,sp1/network - Default binaries include RISC Zero local/network proving and SP1 proving
- Optional remote SGX routes for configured external prover providers
- Shasta-first pipeline for preflight, validation, proving, and aggregation
- Config-driven RPC pair allowlist and optional L1 beacon overrides via
rpc.pairs - Persisted runtime state, task workdirs, and reusable proof artifacts under
./data/runtime - In-process memory queue by default, with an optional Redis-backed queue
Run the fixture-backed server for a dependency-free local API smoke test:
cargo run -p raiko2 --features fixture-server -- fixture-server --host 127.0.0.1 --port 8087Use this only for local API-surface smoke testing, request/response contract checks, and simple task/report workflow validation when you do not want real RPC or prover dependencies. It is not a substitute for preflight correctness, remote-provider integration, or full proposal regression.
Run the real server with an explicit config file:
cp config.example.toml config.toml
cargo run -r -p raiko2 -- --config config.tomlConfiguration is loaded from --config or RAIKO2_CONFIG. CLI flags and environment variables
override values from the file. The real server checks configured RPC endpoints and hosted prover
capabilities before it starts, so replace example RPC endpoints and set required prover secrets
such as NETWORK_PRIVATE_KEY for SP1 network proving or a Boundless signer key when the selected
route is risc0/network. The prover loads guest ELF files from RAIKO2_GUEST_ELF_DIR when set,
otherwise from crates/guests/elf. For unreleased testing, build ELFs locally with
just build-guest all. Packaged deployments can download released ELF assets with
cargo run -r -p xtask -- download-guest-elves --tag <tag> --dir <guest-elf-dir>.
Preflightresolves canonical Shasta inputs from L1 and L2 RPC.Validationchecks request invariants and witness-derived data.Proverruns the selected backend and runner.Aggregatecombines proposal proofs when the request asks for it.
flowchart LR
RPC["L1/L2 RPC"] --> PF["Preflight"]
PF --> VA["Validation"]
VA --> PR["Prover"]
PR --> AG["Aggregate"]
PR --> API["Task API"]
AG --> API
POST /v3/proof/batch/shastaregisters proposal proof work and, whenaggregate=true, also registers the aggregation work for that batch.POST /v3/proof/aggregateregisters aggregation work from externally supplied proposal proofs.- Single-proof aggregation is allowed for compatibility with existing
raikoclients. - Shasta manifests support
blob_proof_type = "proof_of_equivalence"only; legacykzg_versioned_hashmanifests are rejected. - Public batch request proof types are
native,risc0,sp1,sgx,sgxgeth, and admission-timezk_anyfor proposal sampling.nativeis accepted only for internal native regression when the server route isnative/local. - Hosted SP1 proposal proving emits Compressed proofs and SP1 aggregation emits Plonk proofs.
proof_type=risc0resolves to the server's configured RISC Zero prover type. Theprover_type=networkpath submits to Boundless and exposes Boundless quote metadata; Boundless is not a separate proof type.proof_type=boundlessis not accepted; useproof_type=risc0with the server configured forrisc0/networkwhen targeting Boundless.
native/localexecutes the proving pipeline locally and returns public inputs instead of a zk proof.risc0/localgenerates RISC Zero proofs locally.risc0/networksubmits RISC Zero proving directly to Boundless from theraiko2process.sp1/localandsp1/networkselect the SP1 pipeline. The taskprover_typereports whether SP1 ran inmock,local, ornetworkmode.sgx/remotesubmits Shasta proving to the dedicated remote SGX runtime. This repo now shipsraiko2-sgx-proverforproof_type=sgx; that runtime can run inteeornativemode without changing the remote API.proof_type=sgxgethis served by an external remote prover implementation such asgaiko2over the same remote protocol.docker/docker-compose.sgx.regression.ymlstarts both SGX remote services and can optionally add a dockerizedraiko2for regression work.
raiko2 owns the canonical remote prover request fixtures under:
tests/fixtures/remote_prover/shasta_aggregate_request_v1_single_fixture_proof.json
The aggregate request fixture is the strict protocol golden for:
raiko2-shasta-aggregate-request-v1
Run the ignored black-box conformance harness against a provider endpoint with:
RAIKO2_REMOTE_PROVER_BASE_URL=http://127.0.0.1:8080 \
cargo test -p raiko2-prover --no-default-features \
--test remote_prover_conformance -- --ignored --nocaptureThe harness builds the proposal request from the shared Shasta GuestInput fixture and posts it to:
POST /prove/shasta
This harness targets providers whose /prove/shasta input is the v1
raiko2-shasta-request-v1 packet with payload.guest_input. raiko2-sgx-prover consumes the
same request shape and runs the Shasta guest validation path before signing.
It then builds a live aggregate request from the returned proposal proof and posts that derived request to:
POST /prove/shasta-aggregate
This keeps aggregate conformance provider-agnostic while preserving provider identity continuity for implementations that require aggregate subproofs to come from the current prover instance.
The harness verifies the provider returns a raiko2-proof-v1 envelope with an input value that
is self-consistent with the submitted proof carry data.
For the first external provider migration, see
docs/gaiko2-remote-prover-integration.md.
bin/raiko2: HTTP server and CLIcrates/pipeline: preflight, manifest building, and validation wiringcrates/prover: prover backends and aggregation adaptersxtask: guest build, verifier registration, benchmarking, and release automation
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE)
- MIT License (LICENSE-MIT)
at your option.
Some files are derived from third-party projects and may include their own copyright and license notices; those file-level terms apply.
