Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cloak.ag/llms.txt

Use this file to discover all available pages before exploring further.

Trust boundaries

  • Program: verifies proofs, enforces nullifier uniqueness, validates roots, and applies transfer invariants.
  • Client SDK: derives keys, builds witness/proof inputs, and enforces registration paths by default.

Key controls

  • Viewing-key registration uses one-time nonce challenge + Ed25519 signature.
  • Identifier canonicalization prevents mismatched key mapping.

On-chain protections

  • Root membership checks against ring-buffered root history.
  • Nullifier PDA checks prevent double spend.
  • Mint-scoped PDA checks for pool/treasury/merkle isolation.
  • Swap state timeout + close paths for stuck settlement handling.

Compliance and privacy posture

  • Chain-note scanner flow is chain-native — history is reconstructed directly from on-chain data using the viewing key.
  • Registered viewing keys enable compliance export for authorized admin paths.
  • Client apps should never log raw keys, seed material, or decrypted note payloads.
  • Transaction signatures are public, but only log them when needed for support/debugging.
  • Rotate admin credentials and encryption keys under change control.
  • Monitor swap timeout/close frequency and root-staleness retries.