Skip to main content

Evidence endpoint preview rehearsal

Version: 2026-07-04 · Status: Active · preview-only rehearsal, disabled in production Companion docs:

1. Purpose

This runbook documents how to turn on the hosted vault-evidence consumption rehearsal in a Vercel preview deployment only, so the Vault Candidate Readiness Packet section of /stablecoin-vault shows real, validated evidence fetched from the public Wallet-Wall/walletwall-vault repo’s committed static artifact — instead of the local reference packet. Production stays disabled. Nothing in this runbook changes a default: the app’s evidence-endpoint seam (src/lib/vault-evidence-endpoint-client.js) defaults to enabled: false, and the production Vercel environment never sets the two env vars below. test/vault-evidence-endpoint-status.test.mjs and test/vault-evidence-endpoint-page-state.test.mjs both assert the env-unset (disabled) path resolves to the same reference packet + disabled status the app has always shown.

2. What this rehearsal is (and is not)

  • It is a read-only, one-shot GET of a single static, versioned JSON file — no polling, no retries beyond the existing 2.5s timeout, no credentials, no request body, no wallet data.
  • It is not a live proof, a production ZK claim, or a mainnet-readiness signal — the fetched artifact itself says "mode": "spike-non-production" and "proof": { "status": "gated" }.
  • It never runs in production: only a preview deployment’s environment variables are changed by this runbook.

3. Vercel preview environment variables

Set these two variables on the Preview environment only (Vercel project settings → Environment Variables → scope: Preview) — never Production:
VariableValue
VITE_VAULT_EVIDENCE_ENDPOINT_ENABLEDtrue
VITE_VAULT_EVIDENCE_ENDPOINT_URLhttps://raw.githubusercontent.com/Wallet-Wall/walletwall-vault/0eaa94e425da955c4e9fb8278259a534129d78e7/evidence/zk/hosted/v1/zk-adapter-evidence-response.json
The URL is pinned to a specific commit SHA (0eaa94e425da955c4e9fb8278259a534129d78e7), not main — a moving branch ref would let the rehearsal silently start serving different bytes than what was reviewed. To rehearse against a newer published artifact, deliberately update the SHA in this table (and re-review), rather than pointing at a branch. After setting both variables, redeploy the preview (or push a new commit to the PR) so Vite picks up the new VITE_* values at build time.

4. What renders when live

With both variables set on a preview deployment, on /stablecoin-vault under “Vault Candidate Readiness Packet”:
  • The VaultEvidenceSourceStatus chip row shows source label “Validated endpoint evidence” (not “Reference packet”) and endpoint tag “Validated”, with detail text: “Packet enriched from a validated, fresh hosted evidence endpoint response.” This copy explicitly names the hosted endpoint as the data source — it is never rendered as if the data were locally derived (see test/hosted-evidence-endpoint-provenance.test.mjs).
  • The packet’s “Reference packet — example only” notice does not appear (it is gated on packet.referencePacket, which is false once enriched).
  • ProofEvidenceChainPanel (the six-step evidence chain elsewhere on the page) is unaffected and continues to render its static, locally-registered steps from src/lib/vaultEvidenceChain.js — it does not consume the endpoint seam and is not expected to change with this rehearsal.
If the fetch fails for any reason (timeout, non-200, malformed JSON, schema mismatch, or a stale servedAt older than 24h), the page falls back silently to the same reference-packet framing production always shows, with the status chip showing “Fallback active” and a calm, specific reason — never a raw error or a blank/broken section.

5. Rollback

Unset both VITE_VAULT_EVIDENCE_ENDPOINT_ENABLED and VITE_VAULT_EVIDENCE_ENDPOINT_URL on the Preview environment (or delete the env-var rows entirely) and redeploy. The page immediately reverts to the disabled state — the same reference packet and “Reference packet” / “Endpoint disabled” chip that renders when the variables were never set. No code change is required to roll back; this is a config-only rehearsal.

6. Safety boundaries

  • Production environment variables are never set by this runbook — confirmed by test/vault-evidence-endpoint-status.test.mjs and test/vault-evidence-endpoint-page-state.test.mjs, which both assert the env-unset path stays disabled.
  • test/vault-pq-integration-safety.test.mjs continues to guard the whole vault/pq surface set (no absolute-URL fetch literal, no Dune /execute, no overclaiming copy, no wallet-write route) — this rehearsal adds no exception to that guard.
  • No wallet data, address, or user identifier is ever sent with the fetch — the request is parameterless (see src/lib/vault-evidence-endpoint-runtime.js).