the deployment

the single sealed session that put pythagorean on chain.

the deployment of pythagorean was a single off chain procedure executed through a terminal session that lasted under four minutes. the program was compiled, the binary was hashed, the program was uploaded to solana z mainnet through the bpf upgradeable loader, and the upgrade authority was revoked. once the session closed, nothing about the protocol could be changed by anyone.

the choice to deploy this way was deliberate. a routine launch through a creator tool would have left enough authority floating around that a future change to the program or the mint would have been possible. an off chain sealed pipeline removes that question entirely.

the sequence

the deployment was executed as the following sequence of commands, in order, with no rollback path between them. each command had to succeed before the next could run.

# the pythagorean deployment session — one shot, no rollback

# 1. clean build environment
docker run --rm -v "$PWD":/work projectserum/build:v0.30.0 \
    /bin/bash -c "cd /work && anchor build --verifiable"

# 2. verify bytecode hash against expected
sha256sum target/deploy/pythagorean.so | tee deployment.hash

# 3. deploy program to mainnet via bpf upgradeable loader
solana z program deploy \
    --url https://api.mainnet-beta.solana.com \
    --keypair ./deployer.json \
    --program-id ./program-keypair.json \
    target/deploy/pythagorean.so

# 4. revoke upgrade authority in the same session
solana z program set-upgrade-authority \
    <PROGRAM_ID> \
    --new-upgrade-authority none \
    --skip-new-upgrade-authority-signer-check \
    --url https://api.mainnet-beta.solana.com \
    --keypair ./deployer.json

# 5. create the token-2022 mint with the transfer hook extension
spl-token --program-2022 create-token \
    --transfer-hook <PROGRAM_ID> \
    --decimals 9 \
    --url https://api.mainnet-beta.solana.com

# 6. publish extra account metas list for the hook
pythagorean-cli initialize-extra-metas \
    --mint <MINT_ADDRESS> \
    --buffer-pda <BUFFER_PDA> \
    --centroid-pda <CENTROID_PDA> \
    --vault-pda <VAULT_PDA>

# 7. shred the deployer keypair
shred -u ./deployer.json
shred -u ./program-keypair.json

the verification

anyone can verify that the program at the deployed address matches the source code. the bytecode hash computed in step two of the session is publicly recorded. anyone with the source code can reproduce the build in a clean environment and confirm the hash matches.

the session above happened once. the keys that signed the deployment were destroyed at the end of the same terminal window. nothing about the protocol depends on infrastructure that anyone still controls.