Running the Proxy
The Lateo proxy is the server that generates ZK proofs, manages agent state, and coordinates payments. It’s the central component that connects agents to the privacy pool.
Environment Variables
| Variable | Required | Description |
|---|---|---|
POOL_SECRET | Yes | Operator’s Stellar secret key (signs withdrawal transactions) |
POOL_CONTRACT_ID | Yes | Deployed pool contract address |
VERIFIER_CONTRACT_ID | Yes | Deployed Groth16 verifier contract |
ASP_MEMBERSHIP_CONTRACT_ID | Yes | ASP membership tree contract |
ASP_NON_MEMBERSHIP_CONTRACT_ID | Yes | ASP non-membership tree contract |
USDC_TOKEN_ADDRESS | No | USDC SAC address (defaults to testnet USDC) |
PORT | No | Server port (default: 3002) |
BATCH_WINDOW_MS | No | Batch operator window in ms (default: 15000) |
The proxy will not start without POOL_SECRET and POOL_CONTRACT_ID. This is intentional — Lateo cannot operate without ZK.
Startup
cd proxy && npm run devOn startup, the proxy:
- Reconstructs the pool Merkle tree from on-chain events
- Reconstructs the ASP membership tree from on-chain events
- Loads agent state from encrypted SQLite
- Verifies on-chain sync (pool root + ASP root must match)
Data Storage
Agent data is stored in proxy/data/lateo.db (SQLite) with AES-256-GCM per-field encryption:
- Keys derived from
HMAC-SHA256(masterKey, agentId:fieldName) - Master key generated on first run, stored in
proxy/data/secrets.env - Private keys, blindings, and note data are never stored in plaintext
Monitoring
The proxy logs to stderr. Privacy-safe logs only — no public keys, tx hashes, agent IDs, or anything that allows correlation. Logs contain only:
- Aggregate counts (commitments, agents)
- Timing information (proof generation, tx confirmation)
- Generic status messages (“deposit confirmed”, “withdrawal confirmed”)
Last updated on