StateSet Sequencer Architecture

This document describes the high-level architecture of the StateSet Sequencer, a Verifiable Event Sync (VES) v1.0 implementation for deterministic event ordering, cryptographic verification, and agent-to-agent payment sequencing.

System Overview

                                    ┌──────────────────────────────────────────────────────────────────────────┐
                                    │                         StateSet Sequencer                               │
                                    │                                                                          │
┌──────────────────┐               │  ┌─────────────┐    ┌─────────────┐    ┌─────────────────┐              │
│                  │  HTTP / gRPC  │  │             │    │             │    │                 │              │
│   AI Agent 1     │──────────────▶│  │   Ingest    │───▶│  Sequencer  │───▶│   Event Store   │              │
│  (Local SQLite)  │               │  │   Service   │    │             │    │   (PostgreSQL)  │              │
│                  │               │  │             │    │             │    │                 │              │
└──────────────────┘               │  └──────┬──────┘    └──────┬──────┘    └────────┬────────┘              │
                                    │         │                  │                    │                       │
┌──────────────────┐               │         ▼                  │                    │                       │
│                  │  HTTP / gRPC  │  ┌─────────────┐    ┌──────┴──────┐             │                       │
│   AI Agent 2     │──────────────▶│  │  Agent Key  │    │   Schema    │             │                       │
│  (Local SQLite)  │               │  │  Registry   │    │  Registry   │             │                       │
│                  │               │  │             │    │             │             │                       │
└──────────────────┘               │  └─────────────┘    └─────────────┘             │                       │
                                    │                                                 ▼                       │
┌──────────────────┐               │                     ┌─────────────┐    ┌─────────────────┐              │
│                  │  HTTP / gRPC  │                     │  Projector  │    │   Commitment    │              │
│   AI Agent N     │──────────────▶│                     │             │───▶│     Engine      │              │
│  (Local SQLite)  │               │                     │ (Domain     │    │   (Merkle)      │              │
│                  │               │                     │  Handlers)  │    │                 │              │
└──────────────────┘               │                     └──────┬──────┘    └────────┬────────┘              │
        │                          │                            │                    │                       │
        │                          │  ┌─────────────┐   ┌──────┴──────┐             │                       │
        │                          │  │  x402       │   │ Dead Letter │             │                       │
        │                          │  │  Payment    │   │   Queue     │             │                       │
        │                          │  │  Engine     │   └─────────────┘             │                       │
        │                          │  └──────┬──────┘                               │                       │
        │                          │         │                                       │                       │
        │                          │  ┌──────┴──────────────────────────────────────┴────────────────┐      │
        │                          │  │                  Operational Infrastructure                    │      │
        │                          │  │  ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌───────────────┐   │      │
        │                          │  │  │  Cache   │ │  Circuit │ │  Pool    │ │   Metrics &   │   │      │
        │                          │  │  │  Manager │ │  Breaker │ │  Monitor │ │   Telemetry   │   │      │
        │                          │  │  └──────────┘ └──────────┘ └──────────┘ └───────────────┘   │      │
        │                          │  └─────────────────────────────────────────────────────────────┘      │
        │                          │                                                                        │
        │                          │  ┌─────────────────────────────────────────┐                           │
        │                          │  │         Compliance Proof Engine         │                           │
        │                          │  │  (Verification + Storage)               │                           │
        │                          │  └──────────────────┬──────────────────────┘                           │
        │                          │                     │                                                   │
        │                          │  ┌─────────────────────────────────────────┐  ┌─────────────────┐      │
        │                          │  │       Validity Proof Registry           │  │  Anchor Service │      │
        │                          │  │  (External SNARK/ZK proofs)             │  │  (Ethereum L2)  │      │
        │                          │  └─────────────────────────────────────────┘  └────────┬────────┘      │
        │                          └────────────────────────────────────────────────────────┼────────────────┘
        │                                                                                   │
        │  ┌────────────────────┐                                                          ▼
        │  │                    │                                                 ┌─────────────────┐
        └─▶│   stateset-stark   │                                                 │   Set Chain     │
           │   (STARK Prover)   │                                                 │ (SetPaymentBatch│
           │                    │                                                 │  + StateSetAnchor)
           └────────────────────┘                                                 └─────────────────┘

Component Relationships

┌───────────────────────────────────────────────────────────────────────────────────────────────┐
│                                Full Stack Architecture                                         │
├───────────────────────────────────────────────────────────────────────────────────────────────┤
│                                                                                                │
│   ┌─────────────┐     ┌──────────────────┐     ┌──────────────────┐     ┌──────────────────┐ │
│   │  AI Agent   │────▶│ stateset-sequencer│────▶│  stateset-stark  │────▶│    Set Chain     │ │
│   │   (CLI)     │     │   (Event Sync +  │     │  (ZK Proofs)     │     │ (L2: Anchors +   │ │
│   │             │     │    Payments)      │     │                  │     │  Payments)        │ │
│   └─────────────┘     └──────────────────┘     └──────────────────┘     └──────────────────┘ │
│         │                      │                        │                        │             │
│         ▼                      ▼                        ▼                        ▼             │
│   ┌─────────────┐     ┌──────────────────┐     ┌──────────────────┐     ┌──────────────────┐ │
│   │   SQLite    │     │   PostgreSQL     │     │  STARK Proofs    │     │  On-Chain        │ │
│   │   Outbox    │     │  Event Store +   │     │  (~100-200KB)    │     │  Anchors +       │ │
│   │             │     │  Payment Intents │     │                  │     │  Settlements     │ │
│   └─────────────┘     └──────────────────┘     └──────────────────┘     └──────────────────┘ │
│                                                                                                │
│   Protocols:  HTTP REST  |  gRPC v1+v2 (streaming)  |  x402 (payments)  |  VES v1.0 (events) │
│                                                                                                │
└───────────────────────────────────────────────────────────────────────────────────────────────┘

Core Components

1. Ingest Service

Location: src/api/handlers/ingest.rs, src/server.rs The entry point for all events via HTTP REST and gRPC. Responsible for:

Authentication: Validates API keys, JWT tokens, or agent Ed25519 signatures
Schema Validation: Validates payloads against registered JSON Schemas (configurable: disabled, warn, strict)
Signature Verification: Verifies Ed25519 agent signatures with domain-separated hashing
Deduplication: Rejects duplicate event_id and command_id values
Batching: Groups events for efficient processing with parallel partitioning
Rate Limiting: Sliding-window per-tenant rate limiting

Request → Auth → Rate Limit → Validate Schema → Verify Sig → Dedupe → Sequencer

2. Agent Key Registry

Location: src/auth/agent_keys.rs, src/infra/postgres/agent_key_registry.rs Manages agent public keys for signature verification:

Key Registration: POST /api/v1/agents/keys (REST) and RegisterAgentKey (gRPC)
Key Lookup: (tenant_id, agent_id, key_id) -> public_key with LRU caching
Key Types: Ed25519 (signing) and X25519 (encryption)
Validity Windows: Keys have valid_from and valid_to timestamps
Revocation: Keys can be revoked to invalidate future signatures
Proof of Possession: Registration requires a signature proving key ownership

pub struct AgentKeyEntry {
    pub public_key: [u8; 32],    // Ed25519 or X25519 public key
    pub key_type: KeyType,       // Signing or Encryption
    pub status: KeyStatus,       // Active, Revoked, Expired
    pub valid_from: Option<DateTime<Utc>>,
    pub valid_to: Option<DateTime<Utc>>,
}

3. Sequencer

Location: src/infra/postgres/sequencer.rs, src/infra/postgres/ves_sequencer.rs Assigns monotonic sequence numbers to events:

Monotonic Ordering: Each (tenant_id, store_id) has independent sequence counter
Gap-Free: Sequence numbers are contiguous with no gaps
Atomic Assignment: Uses a single PostgreSQL transaction with SELECT ... FOR UPDATE on the per-stream counter
Receipt Generation: Produces signed receipts for each sequenced event (configurable via VES_SEQUENCER_SIGNING_KEY)
Sequencer Identity: Optional pinned sequencer ID via VES_SEQUENCER_ID

-- Sequence counter table
CREATE TABLE sequence_counters (
    tenant_id UUID NOT NULL,
    store_id UUID NOT NULL,
    current_sequence BIGINT NOT NULL DEFAULT 0,
    PRIMARY KEY (tenant_id, store_id)
);

4. Event Store

Location: src/infra/postgres/event_store.rs Append-only storage for sequenced events:

Immutability: Events are never modified or deleted
Encryption-at-Rest: Optional AES-256-GCM payload encryption (modes: disabled, optional, required)
Indexing: Efficient queries by sequence, entity, and time
Range Reads: Fetch events by sequence number range
Read/Write Splitting: Reads served from replica pool when configured

CREATE TABLE events (
    tenant_id UUID NOT NULL,
    store_id UUID NOT NULL,
    sequence_number BIGINT NOT NULL,
    event_id UUID UNIQUE NOT NULL,
    entity_type VARCHAR(64) NOT NULL,
    entity_id VARCHAR(256) NOT NULL,
    event_type VARCHAR(128) NOT NULL,
    payload JSONB NOT NULL,
    payload_hash BYTEA NOT NULL,
    created_at TIMESTAMPTZ NOT NULL,
    PRIMARY KEY (tenant_id, store_id, sequence_number)
);

5. Projector

Location: src/projection/handlers.rs, src/projection/runner.rs Applies events to domain projections:

Domain Handlers: Entity-specific projection logic
Optimistic Concurrency: Version checking prevents conflicts
Invariant Validation: Rejects events violating business rules
Checkpoint Tracking: Tracks last processed sequence per store
Dead Letter Queue: Failed projections are moved to DLQ for retry

Supported entity types:

Order: order.created, order.confirmed, order.shipped, etc.
Inventory: inventory.initialized, inventory.adjusted, inventory.reserved
Product: product.created, product.updated, product.deactivated
Customer: customer.created, customer.updated, customer.address_added
Return: return.requested, return.approved, return.refunded
x402 Payment: x402_payment.created, x402_payment.sequenced, x402_payment.settled
x402 Batch: x402_batch.created, x402_batch.committed, x402_batch.settled

6. Commitment Engine

Location: src/infra/postgres/commitment.rs, src/infra/ves_commitment.rs Creates Merkle tree commitments over event batches:

Merkle Roots: SHA-256 trees over event payload hashes
State Roots: Track state transitions (prev_root -> new_root)
Inclusion Proofs: Generate proofs for individual events
Batch Storage: Persist commitments for later verification
VES Commitments: Separate commitment engine for VES v1.0 events

pub struct BatchCommitment {
    pub batch_id: Uuid,
    pub tenant_id: TenantId,
    pub store_id: StoreId,
    pub prev_state_root: [u8; 32],
    pub new_state_root: [u8; 32],
    pub events_root: [u8; 32],      // Merkle root of payload hashes
    pub event_count: u32,
    pub sequence_range: (u64, u64),
    pub committed_at: DateTime<Utc>,
    pub chain_tx_hash: Option<[u8; 32]>,
}

7. Anchor Service

Location: src/anchor.rs Submits commitments to Ethereum L2:

StateSetAnchor Contract: On-chain batch commitment storage
SetPaymentBatch Contract: On-chain x402 payment batch settlement
Transaction Building: Constructs and signs anchor transactions using Alloy
Verification: Confirms anchoring status on-chain
Gas Management: Handles gas estimation and pricing
Circuit Breaker Protected: External calls guarded by circuit breaker

8. Compliance Proof Engine

Location: src/domain/ves_compliance.rs, src/infra/ves_compliance.rs Stores and verifies zero-knowledge compliance proofs generated by stateset-stark:

Proof Storage: Stores STARK proofs in ves_compliance_proofs table
Public Input Validation: Ensures canonical public inputs match event data
Policy Verification: Validates proof matches declared policy
Idempotency: Deduplicates by (event_id, proof_type, policy_hash)

CREATE TABLE ves_compliance_proofs (
    id UUID PRIMARY KEY,
    event_id UUID NOT NULL REFERENCES ves_events(event_id),
    proof_type VARCHAR(64) NOT NULL,       -- e.g., "stark.compliance.v1"
    proof_version INTEGER NOT NULL,
    policy_id VARCHAR(128) NOT NULL,       -- e.g., "aml.threshold"
    policy_params JSONB NOT NULL,          -- e.g., {"threshold": 10000}
    policy_hash BYTEA NOT NULL,            -- SHA256 of policy
    proof_hash BYTEA NOT NULL,             -- SHA256 of proof bytes
    proof_bytes BYTEA,                     -- Full STARK proof (~100-200KB)
    public_inputs JSONB NOT NULL,          -- Canonical JCS format
    witness_commitment BYTEA,              -- Rescue hash of private witness
    verified_at TIMESTAMPTZ,
    created_at TIMESTAMPTZ NOT NULL,
    UNIQUE (event_id, proof_type, proof_version, policy_hash)
);

9. Validity Proof Registry

Location: src/domain/ves_validity.rs, src/infra/ves_validity.rs External proof registry for SNARK/ZK proofs attesting to batch properties:

Proof Submission: External provers submit validity proofs for committed batches
Proof Storage: Persists proof bytes and public inputs
Proof Hashing: SHA-256 hash of proof for integrity
Stream Matching: Trigger enforces proofs reference valid batches

CREATE TABLE ves_validity_proofs (
    id UUID PRIMARY KEY,
    batch_id UUID NOT NULL REFERENCES ves_commitments(batch_id),
    proof_type VARCHAR(64) NOT NULL,
    proof_version INTEGER NOT NULL,
    proof_hash BYTEA NOT NULL,
    proof_bytes BYTEA,
    public_inputs JSONB NOT NULL,
    verified_at TIMESTAMPTZ,
    created_at TIMESTAMPTZ NOT NULL
);

10. x402 Payment Engine

Location: src/domain/x402_payment.rs, src/infra/postgres/x402_repository.rs, src/infra/x402_batch_worker.rs, src/api/handlers/x402.rs Implements the x402 protocol for agent-to-agent payment sequencing and batched L2 settlement:

Payment Intent Sequencing: Signed payment intents assigned sequence numbers
Signature Verification: Ed25519 signatures with X402_PAYMENT_V1 domain separator
Nonce-Based Replay Protection: Per-agent nonce tracking
Idempotency: Optional idempotency keys for at-most-once delivery
Batch Assembly: Configurable batch size (default 100, max 1000) and time thresholds
Merkle Commitments: Merkle root computation over batched payment intents
Multi-Chain Settlement: Settlement on Set Chain L2 via SetPaymentBatch contract
Multi-Asset Support: USDC, USDT, ssUSD, wssUSD, DAI, ETH

AI Agent
    |
    | Creates X402PaymentIntent (signed)
    v
Sequencer
    |
    | 1. Validates signature
    | 2. Checks nonce (replay protection)
    | 3. Assigns sequence number
    | 4. Batches into X402PaymentBatch
    v
Set Chain L2 (SetPaymentBatch contract)
    |
    | Executes aggregated transfers
    v
Settlement complete (receipt with Merkle inclusion proof)

Supported Networks:

Network	Chain ID	Type
Set Chain	84532001	Mainnet
Set Chain Testnet	84532002	Testnet
Arc	5042001	Mainnet
Base	8453	Mainnet
Ethereum	1	Mainnet
Arbitrum	42161	Mainnet
Optimism	10	Mainnet

Supported Assets:

Asset	Decimals	Description
USDC	6	USD Coin
USDT	6	Tether
ssUSD	6	StateSet USD (yield-bearing)
wssUSD	6	Wrapped StateSet USD (ERC-4626)
DAI	18	DAI stablecoin
ETH	18	Native ETH

Payment Intent Lifecycle:

Pending -> Sequenced -> Batched -> Settled
                                -> Failed
                     -> Expired

11. Schema Registry

Location: src/domain/schema.rs, src/infra/postgres/schema_store.rs, src/api/handlers/schemas.rs JSON Schema validation system for event payloads:

Schema Versioning: Monotonically increasing version per (tenant_id, event_type)
Compatibility Modes: Forward, Backward, Full, or None
Validation Modes: Disabled, Optional (warn), Required, Strict
Status Lifecycle: Active -> Deprecated -> Archived
LRU Caching: Configurable cache size and TTL for hot schemas
Detailed Errors: Validation errors include JSON paths and messages

pub struct Schema {
    pub id: SchemaId,
    pub tenant_id: TenantId,
    pub event_type: EventType,
    pub version: u32,
    pub schema_json: serde_json::Value,
    pub status: SchemaStatus,            // Active, Deprecated, Archived
    pub compatibility: SchemaCompatibility, // Forward, Backward, Full, None
    pub description: Option<String>,
    pub created_at: DateTime<Utc>,
}

gRPC API (v1 + v2)

Location: src/grpc/, proto/sequencer.proto, proto/sequencer_v2.proto The sequencer exposes dual gRPC services alongside the REST API:

gRPC v2 Service (Full VES v1.0 Protocol)

RPC	Type	Description
`Push`	Unary	Push a batch of events for sequencing
`PullEvents`	Unary	Pull events (simple polling)
`GetSyncState`	Unary	Get current sync state for store
`GetInclusionProof`	Unary	Get Merkle inclusion proof
`GetCommitment`	Unary	Get batch commitment
`GetEntityHistory`	Unary	Get entity event history
`GetHealth`	Unary	Health check
`StreamEvents`	Server streaming	Continuous event delivery with filters
`SyncStream`	Bidirectional streaming	Full-duplex agent sync
`SubscribeEntity`	Server streaming	Subscribe to entity updates

Key Management Service (gRPC)

RPC	Description
`RegisterAgentKey`	Register Ed25519/X25519 key with proof of possession
`GetAgentKeys`	List agent keys with optional filters
`RevokeAgentKey`	Revoke an agent key

Bidirectional Sync Protocol

The SyncStream RPC enables full-duplex communication:

Client -> Server:  Push, Pull, EventAck, Heartbeat
Server -> Client:  PushResponse, PullResponse, SequencedEvent, SyncState, Heartbeat

Agents can push events, receive real-time updates, and acknowledge processing in a single persistent connection with heartbeat-based liveness detection.

Operational Infrastructure

Authentication System

Location: src/auth/ Multi-method authentication with composable validators:

Method	Description
API Keys	SHA-256 hashed, scoped to tenant/store, stored in PostgreSQL
JWT Tokens	HS256/HS384/HS512 with configurable issuer/audience
Agent Keys	Ed25519 signature verification for VES events
Bootstrap Key	Initial admin key from `BOOTSTRAP_ADMIN_API_KEY` env var

Rate Limiting: Sliding-window algorithm, configurable per-minute limit
Permissions Model: Read, Write, Admin scopes per key
gRPC Auth Interceptor: Shared authenticator for gRPC services

Cache Manager

Location: src/infra/cache.rs Multi-layer LRU caching with configurable TTL per cache type:

Cache	Default Max	Description
Commitments	configurable	Merkle commitment lookups
Proofs	configurable	Inclusion proof results
VES Commitments	configurable	VES-specific commitments
VES Proofs	configurable	VES-specific proofs
Agent Keys	configurable	Agent public key lookups
Schemas	configurable	JSON Schema definitions

Pool Monitor

Location: src/infra/pool_monitor.rs Real-time database connection pool health tracking (15-second polling):

Health States: Healthy (< 50%), Moderate (50-80%), Stressed (80-95%), Critical (> 95%)
Metrics: Active/idle connections, acquisition latency, slow acquisition tracking
Integrated: Exposed via /health/detailed endpoint and Prometheus metrics

Circuit Breaker Registry

Location: src/infra/circuit_breaker.rs Failure resilience for external service calls (L2 anchoring, chain settlement):

States: Closed (normal) -> Open (fail-fast) -> HalfOpen (testing recovery)
Exponential Backoff: Configurable multiplier with jitter
Slow Call Detection: Configurable threshold for degraded performance
Per-Service Tracking: Independent breaker per external service

Dead Letter Queue

Location: src/infra/dead_letter.rs Handles events that fail projection processing:

Auto-Retry: Exponential backoff (1 min initial, 1 hour max, 10 retries)
Categorized Reasons: Schema validation, invariant violation, state transition errors
Non-Retryable: Invariant violations and invalid state transitions skip retry
Admin Operations: Retry, purge, and inspect via admin CLI

Payload Encryption-at-Rest

Location: src/infra/payload_encryption.rs, src/crypto/encrypt.rs Automatic event payload encryption in the database:

Modes: Disabled, Optional, Required
Algorithm: AES-256-GCM
HPKE Support: Multi-recipient encryption via X25519-HKDF-SHA256
Key Rotation: Supports key versioning and rotation

Audit Logging

Location: src/infra/audit.rs Comprehensive audit trail for administrative operations:

API key management (create, revoke, update)
Schema registry changes (register, deprecate, delete)
Agent key operations (register, rotate, revoke)
Authentication events (login, failure, token refresh)
Dead letter queue operations (retry, purge)

Metrics & Telemetry

Location: src/metrics/, src/telemetry/

Prometheus Export: /metrics endpoint with 40+ predefined metric names
Component Metrics: Background collection every 15 seconds (pool, circuit breaker stats)
OpenTelemetry: OTLP export for distributed tracing (OTEL_EXPORTER_OTLP_ENDPOINT)
Structured Logging: JSON or text format (LOG_FORMAT)
Counters, Gauges, Histograms: Full metric type support with labels

Graceful Shutdown

Location: src/infra/graceful_shutdown.rs Coordinated shutdown with request draining:

Request Tracking: Guard-based in-flight request monitoring
Shutdown Signals: Coordinated signal propagation to background tasks
Deadline Enforcement: Configurable drain timeout

stateset-stark (ZK Compliance Proofs)

Repository: stateset-stark A STARK proving system that enables cryptographic verification of compliance policies on encrypted event payloads without revealing the underlying data.

Purpose

When events contain encrypted payloads (e.g., order amounts), compliance rules (e.g., AML thresholds) need verification without exposing sensitive data. stateset-stark generates zero-knowledge proofs that:

The prover knows the plaintext payload
The payload satisfies the compliance policy
The payload matches the encrypted ciphertext hash

Architecture

stateset-stark/
├── crates/
│   ├── ves-stark-primitives/    # Goldilocks field, Rescue hash
│   ├── ves-stark-air/           # AIR constraint definitions (167 constraints)
│   ├── ves-stark-prover/        # Proof generation
│   ├── ves-stark-verifier/      # Proof verification
│   ├── ves-stark-batch/         # Batch proofs (Phase 2)
│   ├── ves-stark-client/        # HTTP client for sequencer
│   └── ves-stark-cli/           # Command-line tool

Cryptographic Foundation

Component	Choice	Notes
Field	Goldilocks (p = 2^64 - 2^32 + 1)	64-bit efficient arithmetic
Hash	Rescue-Prime	STARK-friendly algebraic hash
Commitment	Blake3-256 Merkle	Vector commitments
Security	~100 bits	Default proof options

Supported Policies

Policy ID	Constraint	Use Case
`aml.threshold`	`amount < threshold`	AML compliance (strict less-than)
`order_total.cap`	`amount <= cap`	Order limits (less-than-or-equal)

Proof Generation Flow

┌─────────────────────────────────────────────────────────────────────────┐
│                        Compliance Proof Generation                       │
├─────────────────────────────────────────────────────────────────────────┤
│                                                                          │
│  1. Agent decrypts VES event payload (ephemeral, off-chain)             │
│                            │                                             │
│                            ▼                                             │
│  2. Extract witness data (e.g., order amount = 5000)                    │
│                            │                                             │
│                            ▼                                             │
│  3. Fetch canonical public inputs from sequencer                        │
│     GET /api/v1/ves/compliance/{event_id}/inputs                        │
│                            │                                             │
│                            ▼                                             │
│  4. Build ComplianceWitness + CompliancePublicInputs                    │
│                            │                                             │
│                            ▼                                             │
│  5. Generate STARK proof (ves-stark-prover)                             │
│     - Build execution trace (105 columns, 128+ rows)                    │
│     - Apply AIR constraints (167 total)                                 │
│     - Produce proof (~100-200KB)                                        │
│                            │                                             │
│                            ▼                                             │
│  6. Submit proof to sequencer                                           │
│     POST /api/v1/ves/compliance/{event_id}/proofs                       │
│                            │                                             │
│                            ▼                                             │
│  7. Sequencer verifies and stores proof                                 │
│                                                                          │
└─────────────────────────────────────────────────────────────────────────┘

Public Inputs (Canonical JCS Format)

{
  "eventId": "550e8400-e29b-41d4-a716-446655440000",
  "tenantId": "tenant-uuid",
  "storeId": "store-uuid",
  "sequenceNumber": 42,
  "payloadKind": 1,
  "payloadPlainHash": "abc123...",
  "payloadCipherHash": "def456...",
  "eventSigningHash": "789abc...",
  "policyId": "aml.threshold",
  "policyParams": { "threshold": 10000 },
  "policyHash": "computed-sha256..."
}

CLI Usage

# Generate a compliance proof
ves-stark prove --amount 5000 --limit 10000 --policy aml.threshold

# Verify a proof
ves-stark verify --proof proof.stark --inputs inputs.json --limit 10000

# Benchmark proving performance
ves-stark benchmark -n 10 --max-amount 10000 --limit 10000

Integration Points

Sequencer Endpoint	Purpose
`GET /api/v1/ves/compliance/{event_id}/inputs`	Fetch canonical public inputs
`POST /api/v1/ves/compliance/{event_id}/proofs`	Submit generated proof
`GET /api/v1/ves/compliance/{event_id}/proofs`	List proofs for event
`GET /api/v1/ves/compliance/proofs/{proof_id}`	Get proof by ID
`GET /api/v1/ves/compliance/proofs/{proof_id}/verify`	Verify proof

REST API Reference

Event Ingestion

Method	Endpoint	Description
`POST`	`/api/v1/events/ingest`	Legacy event ingestion
`POST`	`/api/v1/ves/events/ingest`	VES v1.0 event ingestion with signatures

VES Commitments

Method	Endpoint	Description
`GET`	`/api/v1/ves/commitments`	List VES commitments
`POST`	`/api/v1/ves/commitments`	Create VES commitment
`POST`	`/api/v1/ves/commitments/anchor`	Commit and anchor
`GET`	`/api/v1/ves/commitments/:batch_id`	Get specific commitment

VES Proofs & Anchoring

Method	Endpoint	Description
`GET`	`/api/v1/ves/proofs/:sequence_number`	Get VES inclusion proof
`POST`	`/api/v1/ves/proofs/verify`	Verify VES proof
`POST`	`/api/v1/ves/anchor`	Anchor VES commitment
`GET`	`/api/v1/ves/anchor/:batch_id/verify`	Verify on-chain anchoring

VES Validity Proofs

Method	Endpoint	Description
`GET`	`/api/v1/ves/validity/:batch_id/inputs`	Get public inputs
`GET`	`/api/v1/ves/validity/:batch_id/proofs`	List validity proofs
`POST`	`/api/v1/ves/validity/:batch_id/proofs`	Submit validity proof
`GET`	`/api/v1/ves/validity/proofs/:proof_id`	Get proof by ID
`GET`	`/api/v1/ves/validity/proofs/:proof_id/verify`	Verify validity proof

VES Compliance Proofs

Method	Endpoint	Description
`POST`	`/api/v1/ves/compliance/:event_id/inputs`	Get public inputs
`GET`	`/api/v1/ves/compliance/:event_id/proofs`	List compliance proofs
`POST`	`/api/v1/ves/compliance/:event_id/proofs`	Submit compliance proof
`GET`	`/api/v1/ves/compliance/proofs/:proof_id`	Get proof by ID
`GET`	`/api/v1/ves/compliance/proofs/:proof_id/verify`	Verify compliance proof

x402 Payment Protocol

Method	Endpoint	Description
`POST`	`/api/v1/x402/payments`	Submit payment intent
`GET`	`/api/v1/x402/payments`	List payment intents
`GET`	`/api/v1/x402/payments/:intent_id`	Get payment intent
`GET`	`/api/v1/x402/payments/:intent_id/receipt`	Get payment receipt
`POST`	`/api/v1/x402/batches`	Create payment batch
`GET`	`/api/v1/x402/batches/:batch_id`	Get batch
`POST`	`/api/v1/x402/batches/settle`	Settle batch on-chain

Schema Registry

Method	Endpoint	Description
`GET`	`/api/v1/schemas`	List schemas
`POST`	`/api/v1/schemas`	Register schema
`POST`	`/api/v1/schemas/validate`	Validate payload
`GET`	`/api/v1/schemas/:schema_id`	Get schema
`PUT`	`/api/v1/schemas/:schema_id/status`	Update schema status
`DELETE`	`/api/v1/schemas/:schema_id`	Delete schema
`GET`	`/api/v1/schemas/event-type/:event_type`	Get schemas by event type
`GET`	`/api/v1/schemas/event-type/:event_type/latest`	Get latest schema

Legacy Events & Commitments

Method	Endpoint	Description
`GET`	`/api/v1/events`	List events
`GET`	`/api/v1/head`	Get current head sequence
`GET`	`/api/v1/entities/:entity_type/:entity_id`	Get entity history
`GET/POST`	`/api/v1/commitments`	List/create commitments
`GET`	`/api/v1/commitments/:batch_id`	Get commitment
`GET`	`/api/v1/proofs/:sequence_number`	Get inclusion proof
`POST`	`/api/v1/proofs/verify`	Verify proof

Health & Observability

Method	Endpoint	Description
`GET`	`/health`	Basic health check
`GET`	`/health/detailed`	Detailed health (pool, circuit breakers)
`GET`	`/ready`	Readiness probe
`GET`	`/metrics`	Prometheus metrics

Data Flow

Event Ingestion Flow

Agent creates event locally (SQLite outbox)
Agent signs event with Ed25519 private key
Agent POSTs to /api/v1/ves/events/ingest (or pushes via gRPC)
Sequencer authenticates request (API key, JWT, or agent signature)
Schema validation (if configured)
Sequencer verifies Ed25519 signature against registered public key
Sequencer deduplicates by event_id and command_id
Sequencer assigns sequence number atomically
Event stored in PostgreSQL events table (encrypted-at-rest if configured)
Sequencer returns receipt with sequence number
Agent marks event as synced locally

x402 Payment Flow

Agent creates X402PaymentIntent with payer/payee/amount/asset
Agent signs intent with Ed25519 key (X402_PAYMENT_V1 domain separator)
Agent POSTs to /api/v1/x402/payments
Sequencer validates signature, checks nonce, verifies expiration
Sequencer assigns x402 sequence number atomically
Intent stored with status=Sequenced
Batch worker assembles intents into X402PaymentBatch (configurable size/time)
Batch worker computes Merkle root over payment intents
Batch submitted to SetPaymentBatch contract on Set Chain L2
On confirmation, intents marked Settled with tx_hash and block_number
Payment receipt with Merkle inclusion proof available for verification

Commitment Flow

Client requests commitment for sequence range
Commitment Engine reads events from Event Store
Engine builds Merkle tree from payload hashes
Engine computes state root transition
Commitment stored in commitments table
(Optional) Anchor Service submits to StateSetAnchor
Chain tx hash stored with commitment

Verification Flow

Client requests inclusion proof for sequence N
Engine retrieves commitment containing N
Engine rebuilds Merkle tree for batch
Engine generates proof path for leaf N
Client verifies locally, then verifies the batch root is anchored on-chain

Compliance Proof Flow

Agent creates encrypted VES event (payload encrypted with HPKE)
Agent syncs event to sequencer (receives sequence number)
Agent decrypts payload locally (ephemeral)
Agent extracts witness data (e.g., order.total = 5000)
Agent fetches canonical public inputs from sequencer
Agent generates STARK proof using stateset-stark:
   - Builds execution trace (witness decomposition, Rescue hash)
   - Applies 167 AIR constraints
   - Produces ~100-200KB proof
Agent submits proof to sequencer
Sequencer validates public inputs match event
Sequencer stores proof in ves_compliance_proofs
(Future) Sequencer cryptographically verifies proof

Database Schema

Core Tables

Table	Purpose
`events`	Append-only event log (legacy)
`ves_events`	VES v1.0 events with signatures
`sequence_counters`	Per-store sequence tracking
`ves_sequencer_receipts`	VES sequencer signed receipts
`commitments`	Legacy Merkle commitment records
`ves_commitments`	VES v1.0 Merkle commitments
`ves_compliance_proofs`	STARK compliance proofs
`ves_validity_proofs`	Batch validity proofs
`agent_signing_keys`	Agent public key registry with rotation
`entity_versions`	Entity version tracking (OCC)
`projection_checkpoints`	Projector progress
`agent_sync_state`	Agent sync state tracking
`rejected_events_log`	Event rejection audit log
`ves_rejections`	VES event rejection log
`x402_payment_intents`	x402 payment authorizations
`x402_payment_batches`	x402 aggregated payment batches
`x402_sequence_counters`	Per-store x402 sequence tracking
`x402_nonce_tracking`	x402 nonce replay protection
`api_keys`	API key management

Migrations

Migration	Description
`001_production_postgres.sql`	Core event store, sequence counters, entity versions
`002_ves_v1_tables.sql`	VES v1.0 events, receipts, commitments, agent keys
`003_constraints.sql`	Unique indexes, chain TX hash validation
`004_ves_validity_proofs.sql`	Validity proof registry with stream matching
`005_ves_compliance_proofs.sql`	Compliance proof storage with stream matching
`006_key_rotation_policies.sql`	Agent key rotation policies
`007_encryption_groups.sql`	Encryption group management
`008_command_dedupe.sql`	Command deduplication indexes
`009_api_keys.sql`	API key management tables
`010_ves_sequence_counters.sql`	VES-specific sequence counters
`011_x402_payments.sql`	x402 payment intents and batches

Indexes

-- Fast event lookups
CREATE INDEX idx_events_entity ON events(tenant_id, store_id, entity_type, entity_id);
CREATE INDEX idx_events_type ON events(tenant_id, store_id, event_type);
CREATE INDEX idx_events_created ON events(tenant_id, store_id, created_at);

-- Agent key lookups
CREATE INDEX idx_agent_keys_lookup ON agent_keys(tenant_id, agent_id, key_id);

Cryptographic Design

Signing Hash Construction

Per VES v1.0 Section 8.3:

signing_hash = SHA256(
    "VES_EVENTSIG_V1" ||      // Domain separator
    event_id ||
    tenant_id ||
    store_id ||
    agent_id ||
    entity_type ||
    entity_id ||
    event_type ||
    payload_plain_hash ||
    occurred_at
)

agent_signature = Ed25519.Sign(agent_private_key, signing_hash)

x402 Payment Signing Hash

signing_hash = SHA256(
    "X402_PAYMENT_V1" ||      // Domain separator
    intent_id ||
    payer_address ||
    payee_address ||
    amount ||
    asset ||
    network ||
    chain_id ||
    nonce ||
    valid_until
)

payer_signature = Ed25519.Sign(agent_private_key, signing_hash)

Merkle Tree Construction

          [Root]
         /      \
     [H01]      [H23]
     /   \      /   \
  [H0]  [H1]  [H2]  [H3]
   |     |     |     |
  E0    E1    E2    E3    (Event payload hashes)

Domain-separated hashing:
- Leaf: SHA256("VES_LEAF_V1" || payload_hash)
- Node: SHA256("VES_NODE_V1" || left || right)

Encryption (HPKE)

Multi-recipient encryption for VES-ENC-1:

Parameter	Value
Mode	Base
KEM	X25519-HKDF-SHA256
KDF	HKDF-SHA256
AEAD	AES-256-GCM

Offline-First Architecture

Agents operate offline using SQLite:

┌─────────────────────────────────────────┐
│  Local Agent                            │
│                                         │
│  ┌─────────────┐    ┌───────────────┐  │
│  │  Business   │───▶│    Outbox     │  │
│  │   Logic     │    │   (SQLite)    │  │
│  └─────────────┘    └───────┬───────┘  │
│                             │           │
│                             ▼           │
│                     ┌───────────────┐  │
│                     │  Sync State   │  │
│                     │   Tracker     │  │
│                     └───────┬───────┘  │
└─────────────────────────────┼───────────┘
                              │
                              ▼ (when online)
                    ┌───────────────────┐
                    │ Remote Sequencer  │
                    │ (HTTP or gRPC)    │
                    └───────────────────┘

SQLite Tables:

-- Local event outbox
CREATE TABLE outbox (
    local_seq INTEGER PRIMARY KEY,
    event_id TEXT UNIQUE NOT NULL,
    payload TEXT NOT NULL,
    signature TEXT NOT NULL,
    pushed_at TEXT,
    remote_seq INTEGER
);

-- Sync state tracking
CREATE TABLE sync_state (
    key TEXT PRIMARY KEY,
    value TEXT NOT NULL
);

Scalability Considerations

Horizontal Scaling

Stateless API: Multiple sequencer instances behind load balancer
Read/Write Pool Splitting: Separate connection pools for reads (replica) and writes (primary)
Database Pooling: Configurable pool size, acquire timeout, idle timeout, max lifetime
Sequence Partitioning: Each (tenant_id, store_id) is independent

Performance Optimizations

Batch Inserts: Events ingested in batches with parallel partitioning
Read Replicas: Entity history and read queries served from replica pool
Multi-Layer Caching: LRU caches for commitments, proofs, schemas, and agent keys
Proof Memoization: Common proof paths cached with TTL
Connection Pool Monitoring: Automatic health degradation detection

Resilience

Circuit Breakers: External service calls (L2 anchoring) protected with exponential backoff
Dead Letter Queue: Failed projections queued with automatic retry
Graceful Shutdown: Request draining on SIGTERM
Rate Limiting: Per-tenant sliding-window rate limiter

Capacity Planning

Component	Recommended
PostgreSQL	16+ GB RAM, SSD storage
Sequencer	2-4 CPU cores, 4 GB RAM
Write Pool	10-20 connections per instance
Read Pool	10-20 connections per instance
Events/sec	~1000-5000 depending on payload size

Security Model

Trust Boundaries

Agent -> Sequencer: TLS + Ed25519 signatures + API key/JWT auth
Sequencer -> Database: Network isolation + credentials + session timeouts
Sequencer -> L2 Chain: Private key for signing + circuit breaker
Agent -> Agent (payments): Ed25519 signed payment intents + nonce replay protection

Key Management

Agent private keys: Never leave agent, stored securely
Sequencer signing key: For receipt signing (VES_SEQUENCER_SIGNING_KEY)
Sequencer anchor key: For L2 transactions (SEQUENCER_PRIVATE_KEY)
API keys: SHA-256 hashed, stored in PostgreSQL
Database credentials: Environment variables, not in code
Encryption keys: AES-256-GCM for payload encryption-at-rest

Audit Trail

All administrative operations logged via the audit system:

API key lifecycle (create, revoke, update)
Schema registry changes
Agent key operations
Authentication events
Dead letter queue operations

See SECURITY.md for detailed security guidance.

Configuration

Feature Flags (Cargo Features)

Feature	Default	Description
`full`	Yes	Enables all features
`grpc`	Yes	gRPC service (tonic/prost)
`telemetry`	Yes	OpenTelemetry distributed tracing
`anchoring`	Yes	L2 blockchain anchoring (alloy)
`schema-validation`	Yes	JSON Schema validation (jsonschema)
`sqlite`	No	SQLite backend for local agents
`encryption`	No	Payload encryption at rest

Key Environment Variables

Variable	Description
`DATABASE_URL`	PostgreSQL connection URL (primary)
`READ_DATABASE_URL`	PostgreSQL connection URL (read replica)
`PORT`	HTTP listen port (default: 8080)
`GRPC_PORT`	gRPC listen port (default: PORT + 1)
`GRPC_DISABLED`	Disable gRPC server
`AUTH_MODE`	`required` (default) or `disabled`
`BOOTSTRAP_ADMIN_API_KEY`	Initial admin API key
`JWT_SECRET`	JWT signing secret
`VES_SEQUENCER_ID`	Pinned sequencer UUID
`VES_SEQUENCER_SIGNING_KEY`	Ed25519 key for receipt signing
`PAYLOAD_ENCRYPTION_MODE`	`disabled`, `optional`, `required`
`SCHEMA_VALIDATION_MODE`	`disabled`, `warn`, `required`, `strict`
`RATE_LIMIT_PER_MINUTE`	Request rate limit
`L2_RPC_URL`	Ethereum L2 RPC endpoint
`SET_REGISTRY_ADDRESS`	StateSetAnchor contract address
`SEQUENCER_PRIVATE_KEY`	Anchor transaction signing key
`OTEL_EXPORTER_OTLP_ENDPOINT`	OpenTelemetry OTLP endpoint
`LOG_FORMAT`	`json` or `text` (default)
`CORS_ALLOW_ORIGINS`	Comma-separated origins or `*`
`DB_MIGRATE_ON_STARTUP`	Run migrations on boot (default: true)
`CACHE_*`	Cache size and TTL overrides
`MAX_DB_CONNECTIONS`	Write pool max connections
`READ_MAX_DB_CONNECTIONS`	Read pool max connections
`DB_STATEMENT_TIMEOUT_MS`	PostgreSQL statement timeout
`DB_IDLE_IN_TX_TIMEOUT_MS`	Idle-in-transaction timeout

Technology Stack

Component	Technology
Language	Rust (Edition 2021)
Web Framework	Axum 0.7
gRPC Framework	Tonic 0.12, Prost 0.13
Async Runtime	Tokio
Database	PostgreSQL 16+ (sqlx 0.8)
Local Storage	SQLite (sqlx)
Cryptography	ed25519-dalek 2, sha2, aes-gcm
Key Exchange	x25519-dalek 2, hpke 0.12
Merkle Trees	rs_merkle (custom domain separation)
Blockchain	Alloy 0.8 (Ethereum/EVM, Solidity ABI)
Schema Validation	jsonschema 0.26
Authentication	jsonwebtoken 9
Serialization	serde, serde_json, serde_json_canonicalizer (RFC 8785)
Observability	OpenTelemetry 0.24, tracing, Prometheus export
Testing	proptest, mockall, criterion, fake

Binaries

Binary	Path	Description
`stateset-sequencer`	`src/main.rs`	Main sequencer server (HTTP + gRPC)
`stateset-sequencer-admin`	`src/bin/admin.rs`	Admin CLI for key management, DLQ ops

Module Structure

src/
├── main.rs                  # Entry point
├── lib.rs                   # Library exports
├── server.rs                # HTTP + gRPC server bootstrap, config
├── anchor.rs                # On-chain anchoring (Alloy/Ethereum)
│
├── api/
│   ├── mod.rs               # REST router definition
│   └── handlers/
│       ├── agent_keys.rs    # Agent key registration
│       ├── anchoring.rs     # Commitment anchoring
│       ├── commitments.rs   # Commitment CRUD
│       ├── events.rs        # Event listing/retrieval
│       ├── health.rs        # Health, readiness, detailed checks
│       ├── ingest.rs        # Event ingestion pipeline
│       ├── proofs.rs        # Merkle proof generation/verification
│       ├── schemas.rs       # Schema registry management
│       ├── x402.rs          # x402 payment protocol
│       └── ves/
│           ├── mod.rs       # VES v1.0 handler organization
│           ├── anchoring.rs # VES commitment anchoring
│           ├── commitments.rs   # VES commitment management
│           ├── compliance_proofs.rs  # VES compliance proofs
│           ├── inclusion_proofs.rs   # VES inclusion proofs
│           └── validity_proofs.rs    # VES validity proofs
│
├── auth/
│   ├── mod.rs               # Auth module (Authenticator, ApiKeyValidator, JwtValidator)
│   ├── agent_keys.rs        # Agent key registry
│   └── middleware.rs         # Axum auth middleware + gRPC interceptor
│
├── crypto/
│   ├── hash.rs              # Domain-separated SHA-256 hashing
│   ├── signing.rs           # Ed25519 operations
│   └── encrypt.rs           # HPKE + AES-256-GCM encryption
│
├── domain/
│   ├── types.rs             # Core types (TenantId, StoreId, AgentId, etc.)
│   ├── event.rs             # EventEnvelope
│   ├── commitment.rs        # BatchCommitment, MerkleProof
│   ├── schema.rs            # Schema, SchemaId, SchemaCompatibility
│   ├── ves_event.rs         # VES v1.0 events
│   ├── ves_commitment.rs    # VES batch commitments
│   ├── ves_compliance.rs    # VES compliance proof types
│   ├── ves_validity.rs      # VES validity proof types
│   └── x402_payment.rs      # x402 payment intents, batches, receipts
│
├── grpc/
│   ├── mod.rs               # gRPC module
│   ├── service.rs           # gRPC v1 service implementation
│   ├── service_v2.rs        # gRPC v2 service (streaming, key management)
│   └── interceptor.rs       # gRPC auth interceptor
│
├── infra/
│   ├── mod.rs               # Infrastructure module + trait exports
│   ├── traits.rs            # Core service traits (EventStore, Sequencer, etc.)
│   ├── error.rs             # SequencerError, contextual errors
│   ├── audit.rs             # Audit logging
│   ├── batch.rs             # Batch operations, deduplication
│   ├── cache.rs             # Multi-layer LRU caching
│   ├── circuit_breaker.rs   # Circuit breaker pattern
│   ├── dead_letter.rs       # Dead letter queue
│   ├── graceful_shutdown.rs # Graceful shutdown coordination
│   ├── payload_encryption.rs # Encryption-at-rest configuration
│   ├── pool_monitor.rs      # Connection pool health monitoring
│   ├── retry.rs             # Exponential backoff retry
│   ├── schema_validation.rs # Schema validation mode handling
│   ├── x402_batch_worker.rs # x402 batch assembly background worker
│   ├── ves_commitment.rs    # PgVesCommitmentEngine
│   ├── ves_compliance.rs    # PgVesComplianceProofStore
│   ├── ves_validity.rs      # PgVesValidityProofStore
│   ├── postgres/
│   │   ├── sequencer.rs     # PgSequencer (legacy)
│   │   ├── ves_sequencer.rs # VesSequencer (VES v1.0)
│   │   ├── event_store.rs   # PgEventStore
│   │   ├── commitment.rs    # PgCommitmentEngine
│   │   ├── agent_key_registry.rs  # PgAgentKeyRegistry
│   │   ├── schema_store.rs  # PgSchemaStore
│   │   └── x402_repository.rs    # PgX402Repository
│   └── sqlite/
│       └── outbox.rs        # SqliteOutbox (local agents)
│
├── metrics/
│   └── mod.rs               # MetricsRegistry, ComponentMetrics, Prometheus export
│
├── migrations/
│   ├── mod.rs               # Migration runner
│   ├── postgres/            # 11 PostgreSQL migrations
│   └── sqlite/              # 1 SQLite migration
│
├── projection/
│   ├── runner.rs            # Projection executor
│   └── handlers.rs          # Domain projection handlers
│
├── proto/                   # Generated protobuf code
│   ├── mod.rs               # Proto module (v1 + v2)
│   └── v2/                  # gRPC v2 generated code
│
├── telemetry/
│   └── mod.rs               # OpenTelemetry setup, OTLP export
│
└── bin/
    └── admin.rs             # Admin CLI binary

Getting Started - Quick start guide
System Overview - High-level system overview
VES Specification - Full protocol spec
API Reference - REST API documentation
Event Types - Supported event types
Deployment Guide - Production deployment
Runbook - Operational runbook
Security Guide - Security best practices
ZK Integration Guide - STARK proof integration
Agent Integration - Agent SDK integration guide
Anchoring Overview - On-chain anchoring details

Repository	Purpose
`stateset-stark`	STARK proving system for compliance proofs
`@stateset/cli`	AI agent CLI with local SQLite outbox
`set-chain`	Ethereum L2 for anchoring commitments and payment settlement

Get started

Platform

StateSet One

StateSet Response

StateSet ResponseCX

StateSet iCommerce

StateSet Commerce

StateSet Sandbox

StateSet ACP

StateSet Sequencer

StateSet UCP

StateSet Cloud

Tools

​StateSet Sequencer Architecture

​System Overview

​Component Relationships

​Core Components

​1. Ingest Service

​2. Agent Key Registry

​3. Sequencer

​4. Event Store

​5. Projector

​6. Commitment Engine

​7. Anchor Service

​8. Compliance Proof Engine

​9. Validity Proof Registry

​10. x402 Payment Engine

​11. Schema Registry

​gRPC API (v1 + v2)

​gRPC v2 Service (Full VES v1.0 Protocol)

​Key Management Service (gRPC)

​Bidirectional Sync Protocol

​Operational Infrastructure

​Authentication System

​Cache Manager

​Pool Monitor

​Circuit Breaker Registry

​Dead Letter Queue

​Payload Encryption-at-Rest

​Audit Logging

​Metrics & Telemetry

​Graceful Shutdown

​stateset-stark (ZK Compliance Proofs)

​Purpose

​Architecture

​Cryptographic Foundation

​Supported Policies

​Proof Generation Flow

​Public Inputs (Canonical JCS Format)

​CLI Usage

​Integration Points

​REST API Reference

​Event Ingestion

​VES Commitments

​VES Proofs & Anchoring

​VES Validity Proofs

​VES Compliance Proofs

​x402 Payment Protocol

​Schema Registry

​Legacy Events & Commitments

​Health & Observability

​Data Flow

​Event Ingestion Flow

​x402 Payment Flow

​Commitment Flow

​Verification Flow

​Compliance Proof Flow

​Database Schema

​Core Tables

​Migrations

​Indexes

​Cryptographic Design

​Signing Hash Construction

​x402 Payment Signing Hash

​Merkle Tree Construction

​Encryption (HPKE)

​Offline-First Architecture

​Scalability Considerations

​Horizontal Scaling

​Performance Optimizations