// MAINNET ROADMAP

Devnet today.
Mainnet earned.

Three items gate the flip from devnet to mainnet: a public trusted setup ceremony, an external security audit, and the operational lift to run a treasury and incident response on live infrastructure. Each is a public artifact. None gets shortcut.

See the timelineRead the paper

// GATES TO MAINNET

  1. 01

    Trusted setup ceremony

    June 2026 target window

  2. 02

    External security audit

    July–August 2026 target window

  3. 03

    Operational lift

    Pre-flip

// THE THREE GATES

What gates the flip.

The first gate is a cryptographic ceremony. The second is an independent review. The third is the operational work to run real money on real infrastructure. Each clears before the next begins.

Trusted setup ceremony

June 2026 target window

Multiple participants run the ceremony in sequence, each contributing random entropy and destroying it after use. The resulting verifying key replaces the one currently compiled into entros-verifier. The math holds when one participant is honest about the destruction step. Ecosystem builders and integrators sign up to participate; contributors fill the remaining slots.

External security audit

July–August 2026 target window

An established Solana audit firm reviews the three on-chain programs and the on-chain proof flow. entros-verifier carries the highest stakes; entros-registry handles fees and validator staking; entros-anchor mints the non-transferable token. The firm publishes its report on completion, with findings remediated in public.

Operational lift

Pre-flip

Paid RPC capacity, a hardware-wallet upgrade authority, treasury backup and recovery procedures, monitoring, an incident-response runbook, and a partner integrator on standby for the first live mainnet verification. Each item is small. The items run in sequence.

// TIMELINE

The path from devnet to mainnet.

Each date is a target window. The decision criteria below govern the flip itself.

  1. May 2026

    Submission shipped

    The devnet pilot is open at entros.io/verify. Three Anchor programs run live. The Solana Attestation Service issues an attestation on every verification. Realms voter-weight plugin and Agent Anchor for the 8004 registry both ship.

  2. June 2026

    Ceremony window

    Recruit participants from across the ecosystem. Run the multi-party setup. Recompile entros-verifier against the new key. Publish the log and hash chain at entros.io/ceremony.

  3. July–August 2026

    External audit window

    Four to eight weeks of active review, then one to two weeks of fix verification. The audit firm publishes its final report; we publish the patch trail alongside.

  4. August–September 2026

    Mainnet deploy

    The team deploys all three programs under a hardware-wallet upgrade authority. Smoke tests run from web, mobile, and a partner integrator's staging environment. The treasury and incident procedures get tested against real flow.

  5. September 2026

    Public mainnet launch

    Public announcement. Partner co-announcements. Token-related launches stay deferred until adoption and community involvement support them.

// DECISION GATES

What clears the flip.

The calendar moves around the checklist. If an item is missing on the target date, the flip waits.

  • 01

    Trusted setup ceremony complete, with the public log and at least one independent participant on record

  • 02

    Audit report published, with all critical and high findings remediated

  • 03

    Hardware-wallet upgrade authority configured

  • 04

    Deploy procedure verified end-to-end against a mainnet-cloned local validator

  • 05

    Monitoring and incident-response runbook documented

  • 06

    Treasury backup and recovery procedure tested

  • 07

    Partner integrator on standby for the first live mainnet verification

// WHY WAIT

The cost of going early.

Shipping mainnet ahead of the ceremony leaves the verifying key compiled from a single-party setup. Whoever ran that setup holds the keys to forge proofs against the deployed verifier. On devnet that matters to nobody. On mainnet, with users paying fees and integrators reading attestations as authoritative, that is a protocol-ending vulnerability.

Shipping mainnet ahead of the audit means a bug in the cryptographic anchor only surfaces under live traffic. We would rather find the bug under contract with an audit firm than under contract with our integrators.

The label change from devnet to mainnet is worth less than the integrity of what the label points at. Entros runs on devnet until the gates clear.

Devnet today.
Mainnet earned.

Security programTry the devnet pilot