inductive proof chain#

deep notes on atproto's commit verification mechanism and the general patterns it surfaces for the zat SDK.

context#

a relay receives ~2,750 PDS streams of signed commits. it needs to verify each commit is a valid state transition without storing full repo state. the solution is an inductive proof: verify each diff against the previous commit's MST root, chaining trust back to a known-good state.

zat implements the core verification. zlay (relay) is the primary downstream consumer.

files#

• algorithm.md — the inversion algorithm, step by step, with code references
• relay-integration.md — how zlay uses these APIs in production, what works, what's still being built
• sdk-affordances.md — general patterns that could become SDK primitives

see also#

• sync-verification.md — spec-level overview (fields, wire format, error cases)
• firehose.md — event stream basics
• zat source: src/internal/repo/repo_verifier.zig, src/internal/mst/mst.zig
• zlay source: src/validator.zig, src/frame_worker.zig, src/event_log.zig