Skip to content

docs: add coprocessor docs for signed apps#438

Merged
vlopes11 merged 1 commit into
mainfrom
vlopes11/docs/coprocessor-owned-app
Sep 29, 2025
Merged

docs: add coprocessor docs for signed apps#438
vlopes11 merged 1 commit into
mainfrom
vlopes11/docs/coprocessor-owned-app

Conversation

@vlopes11

Copy link
Copy Markdown
Contributor

No description provided.

@vlopes11 vlopes11 requested a review from hxrts September 23, 2025 23:19
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello @vlopes11, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces crucial documentation for Valence Coprocessor users, specifically addressing the ownership and secure management of deployed applications. It outlines the process for signing app deployments with a private key, which then governs the mutability of the app's bytecode, storage, and associated provers. The added content provides a step-by-step guide from installation to key generation and prover allocation, enhancing the security and control aspects for coprocessor app developers.

Highlights

  • New Documentation Section: Added a comprehensive section on 'Apps ownership' to the developing_coprocessor_apps.md documentation.
  • Signed Application Ownership: The new documentation details how Valence Coprocessor applications can be owned and managed via private key signatures, ensuring secure deployment and mutation.
  • Setup and Configuration: Instructions are provided for installing the valence-coprocessor binary, generating signer keys using Foundry, and configuring the VALENCE_SIGNER environment variable.
  • Prover Management: Guidance is included on how to check and allocate dedicated GPU provers for signed applications, which will then be used in a round-robin fashion for proof generation.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

The pull request adds documentation for signed apps and app ownership. However, the new section contains a large block of duplicated content, which appears to be an unedited draft alongside the final version. My review focuses on removing this duplication to improve the clarity and correctness of the documentation.

Comment on lines +98 to +217
### Apps ownership

The apps will be owned by a private key, if their deployment is signed by the client. The Valence Domain client uses an environment varialbe `VALENCE_SIGNER` to have its secret key specified for signature purposes. When a signature is available for a deployed app, such app controller bytecode, storage, and dedicated provers list will be available for mutation only when the request is signed by the provided secret key.

The first step is to install the valence-coprocessor binary:

```sh
cargo install valence-domain-clients \
--no-default-features \
--features coprocessor-bin \
--bin valence-coprocessor
```

You can check the installation via:

```sh
valence-coprocessor --version
```

To generate the signer key, the foundry tool can be used:

https://getfoundry.sh/cast/reference/wallet/

```sh
cast wallet new --account valence
```

The private key can be obtained via:

```sh
cast wallet private-key --account valence
```

To export it to the respective environment variable:

```sh
export VALENCE_SIGNER='{"SecretEccNistP256":"'$(cast wallet private-key --account valence)'"}'
```

This will prepare the environment to use a NistP256 signer. All calls to the `valence-coprocessor` binary will consume such environment variable and sign the requests.

To check the allocated GPU workers for the key:

```sh
$ valence-coprocessor provers get
Using valence signer `EccNistP256(...)`...
Fetching provers...
{"owned":[],"public":["wss://prover.coprocessor.valence.zone"]}
```

The user can allocate a specific prover to its app:

```sh
valence-coprocessor provers add 'wss://prover.coprocessor.valence.zone'
```

The co-processor will round-robin the available dedicated GPU provers of the app in order to generate proofs.










The apps will be owned by a private key, only if their deployment is signed by the client. The Valence Domain client employs an environment variable `VALENCE_SIGNER` for specifying its secret key during signature processes. When a signature becomes available for a deployed app, the controller bytecode, storage, and dedicated prover list will only be modifiable upon signing a request using the provided secret key.

The initial phase involves installing the valence-coprocessor binary:

```sh
cargo install valence-domain-clients \
--no-default-features \
--features coprocessor-bin \
--bin valence-coprocessor
```

You can verify the installation by running:

```sh
valence-coprocessor --version
```

To create the signer key, utilize the [foundry](https://getfoundry.sh/cast/reference/wallet/) tool:

```sh
cast wallet new --account valence
```

The private key can be retrieved as follows:

```sh
cast wallet private-key --account valence
```

An easy way to store it in the appropriate environment variable:

```sh
export VALENCE_SIGNER='{"SecretEccNistP256":"'$(cast wallet private-key --account valence)'"}'
```

This readies the environment for utilizing an EccNistP256 signer. Every invocation of the `valence-coprocessor` binary will leverage such environment variable and sign the requests accordingly.

To view the allocated GPU workers associated with the key:

```sh
$ valence-coprocessor provers get
Using valence signer `EccNistP256(...)`...
Fetching provers...
{"owned":[],"public":["wss://prover.coprocessor.valence.zone"]}
```

The user may assign a specific prover to their app:

```sh
valence-coprocessor provers add 'wss://prover.coprocessor.valence.zone'
```

The co-processor will cycle through the available dedicated GPU provers of the app to generate proofs.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This section contains duplicated content. It seems like a draft was accidentally committed along with the final version. The second block of text is an improved version of the first, with better phrasing, a helpful link, and a typo fix. This suggestion removes the duplicated parts and extra newlines, keeping the improved content while preserving the section header.

### Apps ownership

The apps will be owned by a private key, only if their deployment is signed by the client. The Valence Domain client employs an environment variable `VALENCE_SIGNER` for specifying its secret key during signature processes. When a signature becomes available for a deployed app, the controller bytecode, storage, and dedicated prover list will only be modifiable upon signing a request using the provided secret key.

The initial phase involves installing the valence-coprocessor binary:

```sh
cargo install valence-domain-clients \
  --no-default-features \
  --features coprocessor-bin \
  --bin valence-coprocessor

You can verify the installation by running:

valence-coprocessor --version

To create the signer key, utilize the foundry tool:

cast wallet new --account valence

The private key can be retrieved as follows:

cast wallet private-key --account valence

An easy way to store it in the appropriate environment variable:

export VALENCE_SIGNER='{"SecretEccNistP256":"'$(cast wallet private-key --account valence)'"}'

This readies the environment for utilizing an EccNistP256 signer. Every invocation of the valence-coprocessor binary will leverage such environment variable and sign the requests accordingly.

To view the allocated GPU workers associated with the key:

$ valence-coprocessor provers get
Using valence signer `EccNistP256(...)`...
Fetching provers...
{"owned":[],"public":["wss://prover.coprocessor.valence.zone"]}

The user may assign a specific prover to their app:

valence-coprocessor provers add 'wss://prover.coprocessor.valence.zone'

The co-processor will cycle through the available dedicated GPU provers of the app to generate proofs.


### Apps ownership

The apps will be owned by a private key, if their deployment is signed by the client. The Valence Domain client uses an environment varialbe `VALENCE_SIGNER` to have its secret key specified for signature purposes. When a signature is available for a deployed app, such app controller bytecode, storage, and dedicated provers list will be available for mutation only when the request is signed by the provided secret key.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The apps will be owned by a private key, if their deployment is signed by the client. The Valence Domain client uses an environment varialbe `VALENCE_SIGNER` to have its secret key specified for signature purposes. When a signature is available for a deployed app, such app controller bytecode, storage, and dedicated provers list will be available for mutation only when the request is signed by the provided secret key.
The apps will be owned by a private key, if their deployment is signed by the client. The Valence Domain client uses an environment variable `VALENCE_SIGNER` to have its secret key specified for signature purposes. When a signature is available for a deployed app, the app controller bytecode, storage, and dedicated provers list will only be available for mutation when the request is signed by the provided secret key.




The apps will be owned by a private key, only if their deployment is signed by the client. The Valence Domain client employs an environment variable `VALENCE_SIGNER` for specifying its secret key during signature processes. When a signature becomes available for a deployed app, the controller bytecode, storage, and dedicated prover list will only be modifiable upon signing a request using the provided secret key.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this section intentional? looks like a rewording of what you have above

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point; it was a nit to push the two together.

@vlopes11 vlopes11 force-pushed the vlopes11/docs/coprocessor-owned-app branch from c44c19e to 527193c Compare September 24, 2025 15:35

@hxrts hxrts left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but the gemini comment about duplicated content should be addressed before merge (approving anyway for ease of merging). there are two copies of most text.

@vlopes11 vlopes11 merged commit 01ecd86 into main Sep 29, 2025
21 checks passed
@vlopes11 vlopes11 deleted the vlopes11/docs/coprocessor-owned-app branch September 29, 2025 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants