Best Practices

Design & Operations Best Practices

Competitor docs such as Fhenix's "Key Considerations" and Ritual's architecture primers emphasize clear guardrails for confidential compute. This guide distills the equivalent playbook for Enclave.

Parameter Strategy

  • Thresholds: Choose threshold = [t, n] so that t withstands your adversary model while n matches available Ciphernodes. Higher thresholds improve collusion resistance but increase fees.
  • Timing Windows: Ensure startWindow leaves enough time for committee selection (a few blocks) and duration matches the longest credible compute time plus buffer.
  • Custom Params: Use customParams in E3RequestParams to tag jurisdiction, use case, or feature toggles without redeploying contracts.

Input Validation

  • Push logic to validators: Implement IE3Program.validateInput so ZK proofs and policy checks happen before the Secure Process. This mirrors how CoFHE tutorials offload range proofs from the heavy computation path.
  • Replay protection: Include round identifiers or nullifiers inside inputs before you hash them into the Lean IMT.
  • Access control: Gate inputs via registries (e.g., DAO membership) or staking requirements to keep spam out of the queue.

Secure Process & Compute Providers

  • Determinism: Reconstruct the on-chain Merkle root inside the Secure Process, then assert equality prior to any heavy math.
  • Proof hooks: When using RISC Zero or other verifiable CPs, keep witness blobs small and reserve computeProviderParams for runtime toggles (precision, chunk size, etc.).
  • Failover: Decide how your app reacts if CiphertextOutputPublished never arrives—e.g., allow a guardian to cancel the round and refund deposits.

Key Material & Ciphernodes

  • Key hygiene: dev:setup wipes .enclave directories for you; mimic that behavior in production by rotating committee keys when nodes churn.
  • Monitoring: Subscribe to E3Activated and PlaintextOutputPublished events to ensure the CiCo publishes keys and decryptions on schedule.
  • Operator docs: Keep the Ciphernode Operators runbooks close to your app documentation so node providers can mirror your expectations.

Observability & Tooling

  • Structured logs: Adopt the logging schema from the CRISP server (JSON with e3_id and phase) so you can stitch together end-to-end traces.
  • Synthetic tests: Reuse pnpm dev:up + Playwright to run rehearsal rounds on CI before shipping new circuits or SDK releases.
  • Dashboarding: Track request fees, committee saturation, and mean time from request to PlaintextOutputPublished just like Ritual exposes node specialization metrics.

Deployment Checklist

  1. Run pnpm dev:build to preflight the entire stack.
  2. Execute integration tests that cover request → publishInput → publishCiphertextOutput with mock proofs.
  3. Verify wallet funding for any automation (enclave CLI, Hardhat deployers).
  4. Update onboarding docs (MetaMask, scripts) when RPC URLs or ports change.
  5. Publish a postmortem template so incidents have consistent follow-up.

Pair these practices with the Use Cases catalog to craft predictable launch plans.

Building with EnclaveInstallation