TinyZKP Guard

The operational layer around a proof job.

Guard is a local CLI and OCI workflow for teams that need a supported proof job to respect a RAM ceiling, fail early when resources are insufficient, and recover predictably after interruption.

Pre-release: the commercial artifact is not available until the release evidence, legal review, merchant lifecycle, and external-customer gates shown on the Releases page have passed.

One local control loop

Plan

Compatibility and preflight

Reject unsupported proof profiles, unsafe paths, symlinks, devices, oversized inputs, insufficient RAM, and insufficient scratch before proving.

Supervise

Automatic mode selection

Use conventional proving only when estimated peak use is within 70% of the configured RAM budget. Otherwise choose bounded mode with at least 10% scratch headroom.

Report

Stable machine output

Emit a versioned JSON result for schedulers and JSON Lines progress for operators, with stable classes for resource, checkpoint, verifier, license, input, and internal failures.

Proof-critical code stays open

The MIT engine owns AIR evaluation, commitments, FRI, proof assembly, verification, resource estimation, conventional and bounded execution, and public schemas. Guard calls that engine through versioned file contracts; it does not change proof semantics.

SurfaceCommunity engineGuard supervisor
Proof behaviorOpen and MITCalls the exact released engine
Doctor and compatibilityIncludedOrchestrates policy and diagnostics
Automatic mode selectionPrimitive estimatorsIncluded
Checkpoint supervisionCheckpoint primitivesIncluded
CI regression policyReportsIncluded
Hosted serviceNoneNone

Offline after activation

Each exact Guard release is activated once. Successful activation writes a release-scoped local entitlement. Proving, resume, verification, and continued use of that activated release make no license-network request. A current subscription is required only to activate a newer release.

Deliberately absent

No operations service

No TinyZKP worker fleet, queue, database, metering, artifact upload, account dashboard, or pager sits in the proof path.

No bespoke integration promise

No custom AIR work, private branches, service-bureau rights, onboarding calls, SLA, SSO, or architecture consulting is included.