Operations

Deploying to testnet & mainnet

Moving from a local run to Base Sepolia and, eventually, mainnet: swap the settlement endpoint and keys, deploy verifiers / pools / bridge, and respect the hardening gates that must pass before real funds.

The same images that run locally deploy against Base Sepolia or mainnet — you change the L1 (settlement) endpoint and the operator keys, not the privacy core.

Local deploy (baseline)

bash

pnpm deploy:local   # deploy the privacy core to the local node

This writes a deployment manifest (packages/contracts/deployments/<network>.json) recording the profile, denomination, and contract addresses — the same file the backend's /api/config reads.

Point at Base Sepolia

Set the settlement RPC and real operator keys in .env (see Configuration):

bash

BASE_SEPOLIA_RPC_URL=https://sepolia.base.org
DEPLOYER_PRIVATE_KEY=0x…       # a funded key — NOT the Hardhat default
ASP_SIGNER_PRIVATE_KEY=0x…
BASESCAN_API_KEY=…             # for verification

The bridge is deployed per side via deployShieldedBridge.ts with BRIDGE_SIDE=l1|l2, and wired to the live OP portal address from the booted devnet.

Testnet gate (Phase 7)

Deploy bridge + verifiers + pools to Base Sepolia.
Run a public devnet sequencer; host the explorer.
Gate: an external wallet completes the full deposit → transfer → withdraw flow on Base Sepolia.

Mainnet hardening (Phase 8)

Read Trusted setup & ceremony and the Threat model before any real-value deployment.

#Local deploy (baseline)

#Point at Base Sepolia

#Testnet gate (Phase 7)

#Mainnet hardening (Phase 8)

Local deploy (baseline)

Point at Base Sepolia

Testnet gate (Phase 7)

Mainnet hardening (Phase 8)