@aztec/bb-prover 0.87.0 → 0.87.2-nightly.20250523

package/dest/verification_key/verification_key_data.js

@@ -1,5 +1,6 @@
-import { AVM_VERIFICATION_KEY_LENGTH_IN_FIELDS } from '@aztec/constants';
+import { AVM_V2_VERIFICATION_KEY_LENGTH_IN_FIELDS_PADDED } from '@aztec/constants';
 import { Fr } from '@aztec/foundation/fields';
+import { BufferReader } from '@aztec/foundation/serialize';
 import { hashVK } from '@aztec/stdlib/hash';
 import { VerificationKeyAsFields, VerificationKeyData } from '@aztec/stdlib/vks';
 import { strict as assert } from 'assert';
@@ -24,21 +25,20 @@ import { VK_FIELDS_FILENAME, VK_FILENAME } from '../bb/execute.js';
     const vkAsFields = new VerificationKeyAsFields(fields, vkHash);
     return new VerificationKeyData(vkAsFields, rawBinary);
 }
-// TODO: This was adapted from the above function. A refactor might be needed.
-export async function extractAvmVkData(vkDirectoryPath) {
-    const [rawFields, rawBinary] = await Promise.all([
-        fs.readFile(path.join(vkDirectoryPath, VK_FIELDS_FILENAME), {
-            encoding: 'utf-8'
-        }),
-        fs.readFile(path.join(vkDirectoryPath, VK_FILENAME))
-    ]);
-    const fieldsJson = JSON.parse(rawFields);
-    const fields = fieldsJson.map(Fr.fromHexString);
-    // The first item is the hash, this is not part of the actual VK
-    // TODO: is the above actually the case?
-    const vkHash = fields[0];
-    assert(fields.length === AVM_VERIFICATION_KEY_LENGTH_IN_FIELDS, 'Invalid AVM verification key length');
-    const vkAsFields = new VerificationKeyAsFields(fields, vkHash);
+/**
+ * Reads the verification key data stored in a binary file at the specified directory location and parses into a VerificationKeyData.
+ * We do not assume any JSON file available but only the binary version, contrary to the above extractVkData() method.
+ * @param vkDirectoryPath - The directory containing the verification key binary data file.
+ * @returns The verification key data
+ */ export async function extractAvmVkData(vkDirectoryPath) {
+    const rawBinary = await fs.readFile(path.join(vkDirectoryPath, VK_FILENAME));
+    const numFields = rawBinary.length / Fr.SIZE_IN_BYTES;
+    assert(numFields <= AVM_V2_VERIFICATION_KEY_LENGTH_IN_FIELDS_PADDED, 'Invalid AVM verification key length');
+    const reader = BufferReader.asReader(rawBinary);
+    const fieldsArray = reader.readArray(numFields, Fr);
+    const fieldsArrayPadded = fieldsArray.concat(Array(AVM_V2_VERIFICATION_KEY_LENGTH_IN_FIELDS_PADDED - fieldsArray.length).fill(new Fr(0)));
+    // Currently, we do not need the vk hash for the AVM as we are not adding in the vk tree.
+    const vkAsFields = new VerificationKeyAsFields(fieldsArrayPadded, new Fr(0));
     const vk = new VerificationKeyData(vkAsFields, rawBinary);
     return vk;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aztec/bb-prover",
-  "version": "0.87.0",
+  "version": "0.87.2-nightly.20250523",
   "type": "module",
   "exports": {
     ".": "./dest/index.js",
@@ -66,27 +66,27 @@
     ]
   },
   "dependencies": {
-    "@aztec/bb.js": "0.87.0",
-    "@aztec/constants": "0.87.0",
-    "@aztec/foundation": "0.87.0",
-    "@aztec/noir-noirc_abi": "0.87.0",
-    "@aztec/noir-protocol-circuits-types": "0.87.0",
-    "@aztec/noir-types": "0.87.0",
-    "@aztec/simulator": "0.87.0",
-    "@aztec/stdlib": "0.87.0",
-    "@aztec/telemetry-client": "0.87.0",
-    "@aztec/world-state": "0.87.0",
+    "@aztec/bb.js": "0.87.2-nightly.20250523",
+    "@aztec/constants": "0.87.2-nightly.20250523",
+    "@aztec/foundation": "0.87.2-nightly.20250523",
+    "@aztec/noir-noirc_abi": "0.87.2-nightly.20250523",
+    "@aztec/noir-protocol-circuits-types": "0.87.2-nightly.20250523",
+    "@aztec/noir-types": "0.87.2-nightly.20250523",
+    "@aztec/simulator": "0.87.2-nightly.20250523",
+    "@aztec/stdlib": "0.87.2-nightly.20250523",
+    "@aztec/telemetry-client": "0.87.2-nightly.20250523",
+    "@aztec/world-state": "0.87.2-nightly.20250523",
     "commander": "^12.1.0",
     "pako": "^2.1.0",
     "source-map-support": "^0.5.21",
     "tslib": "^2.4.0"
   },
   "devDependencies": {
-    "@aztec/ethereum": "0.87.0",
-    "@aztec/kv-store": "0.87.0",
-    "@aztec/noir-contracts.js": "0.87.0",
-    "@aztec/noir-test-contracts.js": "0.87.0",
-    "@aztec/protocol-contracts": "0.87.0",
+    "@aztec/ethereum": "0.87.2-nightly.20250523",
+    "@aztec/kv-store": "0.87.2-nightly.20250523",
+    "@aztec/noir-contracts.js": "0.87.2-nightly.20250523",
+    "@aztec/noir-test-contracts.js": "0.87.2-nightly.20250523",
+    "@aztec/protocol-contracts": "0.87.2-nightly.20250523",
     "@jest/globals": "^29.5.0",
     "@types/jest": "^29.5.0",
     "@types/node": "^22.15.17",

package/src/avm_proving_tests/avm_proving_tester.ts

@@ -7,7 +7,6 @@ import { type AvmCircuitInputs, AvmCircuitPublicInputs } from '@aztec/stdlib/avm
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { MerkleTreeWriteOperations } from '@aztec/stdlib/interfaces/server';
 import type { GlobalVariables } from '@aztec/stdlib/tx';
-import { VerificationKeyData } from '@aztec/stdlib/vks';
 import { NativeWorldStateService } from '@aztec/world-state';
 
 import fs from 'node:fs/promises';
@@ -18,12 +17,10 @@ import {
   type BBResult,
   type BBSuccess,
   BB_RESULT,
+  VK_FILENAME,
   generateAvmProof,
-  generateAvmProofV2,
   verifyAvmProof,
-  verifyAvmProofV2,
 } from '../bb/execute.js';
-import { extractAvmVkData } from '../verification_key/verification_key_data.js';
 
 const BB_PATH = path.resolve('../../barretenberg/cpp/build/bin/bb');
 
@@ -31,20 +28,19 @@ export class AvmProvingTester extends PublicTxSimulationTester {
   constructor(
     private bbWorkingDirectory: string,
     private checkCircuitOnly: boolean,
-    merkleTree: MerkleTreeWriteOperations,
     contractDataSource: SimpleContractDataSource,
+    merkleTrees: MerkleTreeWriteOperations,
     globals?: GlobalVariables,
   ) {
-    super(merkleTree, contractDataSource, globals);
+    super(merkleTrees, contractDataSource, globals);
   }
 
-  // overriding parent class' create is a pain, so we use a different nam
   static async new(checkCircuitOnly: boolean = false, globals?: GlobalVariables) {
     const bbWorkingDirectory = await fs.mkdtemp(path.join(tmpdir(), 'bb-'));
 
     const contractDataSource = new SimpleContractDataSource();
     const merkleTrees = await (await NativeWorldStateService.tmp()).fork();
-    return new AvmProvingTester(bbWorkingDirectory, checkCircuitOnly, merkleTrees, contractDataSource, globals);
+    return new AvmProvingTester(bbWorkingDirectory, checkCircuitOnly, contractDataSource, merkleTrees, globals);
   }
 
   async prove(avmCircuitInputs: AvmCircuitInputs): Promise<BBResult> {
@@ -59,95 +55,36 @@ export class AvmProvingTester extends PublicTxSimulationTester {
     if (proofRes.status === BB_RESULT.FAILURE) {
       this.logger.error(`Proof generation failed: ${proofRes.reason}`);
     }
-    return proofRes;
+    expect(proofRes.status).toEqual(BB_RESULT.SUCCESS);
+    return proofRes as BBSuccess;
   }
 
-  async verify(proofRes: BBSuccess): Promise<BBResult> {
+  async verify(proofRes: BBSuccess, publicInputs: AvmCircuitPublicInputs): Promise<BBResult> {
     if (this.checkCircuitOnly) {
-      // Skip verification if we're only checking the circuit.
-      // Check-circuit doesn't generate a proof to verify.
+      // Skip verification if we are only checking the circuit.
+      // Check-circuit does not generate a proof to verify.
       return proofRes;
     }
-    // Then we test VK extraction and serialization.
-    const succeededRes = proofRes as BBSuccess;
-    const vkData = await extractAvmVkData(succeededRes.vkPath!);
-    VerificationKeyData.fromBuffer(vkData.toBuffer());
-
-    // Then we verify.
-    const rawVkPath = path.join(succeededRes.vkPath!, 'vk');
-    return await verifyAvmProof(BB_PATH, succeededRes.proofPath!, rawVkPath, this.logger);
-  }
-
-  public async simProveVerify(
-    sender: AztecAddress,
-    setupCalls: TestEnqueuedCall[],
-    appCalls: TestEnqueuedCall[],
-    teardownCall: TestEnqueuedCall | undefined,
-    expectRevert: boolean | undefined,
-    feePayer = sender,
-  ) {
-    const simRes = await this.simulateTx(sender, setupCalls, appCalls, teardownCall, feePayer);
-    expect(simRes.revertCode.isOK()).toBe(expectRevert ? false : true);
-    const avmCircuitInputs = simRes.avmProvingRequest.inputs;
-    const provingRes = await this.prove(avmCircuitInputs);
-    expect(provingRes.status).toEqual(BB_RESULT.SUCCESS);
-    const verificationRes = await this.verify(provingRes as BBSuccess);
-    expect(verificationRes.status).toBe(BB_RESULT.SUCCESS);
-  }
-
-  public async simProveVerifyAppLogic(appCall: TestEnqueuedCall, expectRevert?: boolean) {
-    const simRes = await this.simulateTx(/*sender=*/ AztecAddress.fromNumber(42), /*setupCalls=*/ [], [appCall]);
-    expect(simRes.revertCode.isOK()).toBe(expectRevert ? false : true);
-
-    const avmCircuitInputs = simRes.avmProvingRequest.inputs;
-    const provingRes = await this.prove(avmCircuitInputs);
-    expect(provingRes.status).toEqual(BB_RESULT.SUCCESS);
-
-    const verificationRes = await this.verify(provingRes as BBSuccess);
-    expect(verificationRes.status).toBe(BB_RESULT.SUCCESS);
-  }
-}
-
-export class AvmProvingTesterV2 extends PublicTxSimulationTester {
-  constructor(
-    private bbWorkingDirectory: string,
-    contractDataSource: SimpleContractDataSource,
-    merkleTrees: MerkleTreeWriteOperations,
-    globals?: GlobalVariables,
-  ) {
-    super(merkleTrees, contractDataSource, globals);
-  }
-
-  static async new(globals?: GlobalVariables) {
-    const bbWorkingDirectory = await fs.mkdtemp(path.join(tmpdir(), 'bb-'));
-
-    const contractDataSource = new SimpleContractDataSource();
-    const merkleTrees = await (await NativeWorldStateService.tmp()).fork();
-    return new AvmProvingTesterV2(bbWorkingDirectory, contractDataSource, merkleTrees, globals);
-  }
-
-  async proveV2(avmCircuitInputs: AvmCircuitInputs): Promise<BBResult> {
-    // Then we prove.
-    const proofRes = await generateAvmProofV2(BB_PATH, this.bbWorkingDirectory, avmCircuitInputs, this.logger);
-    if (proofRes.status === BB_RESULT.FAILURE) {
-      this.logger.error(`Proof generation failed: ${proofRes.reason}`);
-    }
-    expect(proofRes.status).toEqual(BB_RESULT.SUCCESS);
-    return proofRes as BBSuccess;
-  }
 
-  async verifyV2(proofRes: BBSuccess, publicInputs: AvmCircuitPublicInputs): Promise<BBResult> {
-    return await verifyAvmProofV2(
+    return await verifyAvmProof(
       BB_PATH,
       this.bbWorkingDirectory,
       proofRes.proofPath!,
       publicInputs,
-      proofRes.vkPath!,
+      path.join(proofRes.vkDirectoryPath!, VK_FILENAME),
       this.logger,
     );
   }
 
-  public async simProveVerifyV2(
+  public async proveVerify(avmCircuitInputs: AvmCircuitInputs) {
+    const provingRes = await this.prove(avmCircuitInputs);
+    expect(provingRes.status).toEqual(BB_RESULT.SUCCESS);
+
+    const verificationRes = await this.verify(provingRes as BBSuccess, avmCircuitInputs.publicInputs);
+    expect(verificationRes.status).toBe(BB_RESULT.SUCCESS);
+  }
+
+  public async simProveVerify(
     sender: AztecAddress,
     setupCalls: TestEnqueuedCall[],
     appCalls: TestEnqueuedCall[],
@@ -159,10 +96,16 @@ export class AvmProvingTesterV2 extends PublicTxSimulationTester {
     expect(simRes.revertCode.isOK()).toBe(expectRevert ? false : true);
 
     const avmCircuitInputs = simRes.avmProvingRequest.inputs;
-    const provingRes = await this.proveV2(avmCircuitInputs);
-    expect(provingRes.status).toEqual(BB_RESULT.SUCCESS);
+    await this.proveVerify(avmCircuitInputs);
+  }
 
-    const verificationRes = await this.verifyV2(provingRes as BBSuccess, avmCircuitInputs.publicInputs);
-    expect(verificationRes.status).toBe(BB_RESULT.SUCCESS);
+  public async simProveVerifyAppLogic(appCall: TestEnqueuedCall, expectRevert?: boolean) {
+    await this.simProveVerify(
+      /*sender=*/ AztecAddress.fromNumber(42),
+      /*setupCalls=*/ [],
+      [appCall],
+      undefined,
+      expectRevert,
+    );
   }
 }

package/src/bb/execute.ts

@@ -32,7 +32,7 @@ export type BBSuccess = {
   /** Full path of the public key. */
   pkPath?: string;
   /** Base directory for the VKs (raw, fields). */
-  vkPath?: string;
+  vkDirectoryPath?: string;
   /** Full path of the proof. */
   proofPath?: string;
   /** Full path of the contract. */
@@ -49,8 +49,6 @@ export type BBFailure = {
 
 export type BBResult = BBSuccess | BBFailure;
 
-export type VerificationFunction = typeof verifyProof | typeof verifyAvmProof;
-
 type BBExecResult = {
   status: BB_RESULT;
   exitCode: number;
@@ -162,7 +160,7 @@ export async function executeBbClientIvcProof(
         durationMs,
         proofPath: `${outputPath}`,
         pkPath: undefined,
-        vkPath: `${outputPath}`,
+        vkDirectoryPath: `${outputPath}`,
       };
     }
     // Not a great error message here but it is difficult to decipher what comes from bb
@@ -266,7 +264,7 @@ export async function generateProof(
         durationMs: duration,
         proofPath: `${outputPath}`,
         pkPath: undefined,
-        vkPath: `${outputPath}`,
+        vkDirectoryPath: `${outputPath}`,
       };
     }
     // Not a great error message here but it is difficult to decipher what comes from bb
@@ -334,7 +332,7 @@ export async function generateTubeProof(
         durationMs,
         proofPath: outputPath,
         pkPath: undefined,
-        vkPath: outputPath,
+        vkDirectoryPath: outputPath,
       };
     }
     // Not a great error message here but it is difficult to decipher what comes from bb
@@ -354,14 +352,16 @@ export async function generateTubeProof(
  * @param pathToBB - The full path to the bb binary
  * @param workingDirectory - A working directory for use by bb
  * @param input - The inputs for the public function to be proven
- * @param log - A logging function
+ * @param logger - A logging function
+ * @param checkCircuitOnly - A boolean to toggle a "check-circuit only" operation instead of proving.
  * @returns An object containing a result indication, the location of the proof and the duration taken
  */
-export async function generateAvmProofV2(
+export async function generateAvmProof(
   pathToBB: string,
   workingDirectory: string,
   input: AvmCircuitInputs,
   logger: Logger,
+  checkCircuitOnly: boolean = false,
 ): Promise<BBFailure | BBSuccess> {
   // Check that the working directory exists
   try {
@@ -401,99 +401,12 @@ export async function generateAvmProofV2(
       args.push(loggingArg);
     }
     const timer = new Timer();
-    const logFunction = (message: string) => {
-      logger.verbose(`AvmCircuit (prove) BB out - ${message}`);
-    };
-    const result = await executeBB(pathToBB, 'avm2_prove', args, logFunction);
-    const duration = timer.ms();
 
-    if (result.status == BB_RESULT.SUCCESS) {
-      return {
-        status: BB_RESULT.SUCCESS,
-        durationMs: duration,
-        proofPath: join(outputPath, PROOF_FILENAME),
-        pkPath: undefined,
-        vkPath: join(outputPath, VK_FILENAME),
-      };
-    }
-    // Not a great error message here but it is difficult to decipher what comes from bb
-    return {
-      status: BB_RESULT.FAILURE,
-      reason: `Failed to generate proof. Exit code ${result.exitCode}. Signal ${result.signal}.`,
-      retry: !!result.signal,
-    };
-  } catch (error) {
-    return { status: BB_RESULT.FAILURE, reason: `${error}` };
-  }
-}
-
-/**
- * Used for generating AVM proofs (or doing check-circuit).
- * It is assumed that the working directory is a temporary and/or random directory used solely for generating this proof.
- * @param pathToBB - The full path to the bb binary
- * @param workingDirectory - A working directory for use by bb
- * @param bytecode - The AVM bytecode for the public function to be proven (expected to be decompressed)
- * @param log - A logging function
- * @returns An object containing a result indication, the location of the proof and the duration taken
- */
-export async function generateAvmProof(
-  pathToBB: string,
-  workingDirectory: string,
-  _input: AvmCircuitInputs,
-  logger: Logger,
-  checkCircuitOnly: boolean = false,
-): Promise<BBFailure | BBSuccess> {
-  // Check that the working directory exists
-  try {
-    await fs.access(workingDirectory);
-  } catch {
-    return { status: BB_RESULT.FAILURE, reason: `Working directory ${workingDirectory} does not exist` };
-  }
-
-  // Paths for the inputs
-  const publicInputsPath = join(workingDirectory, AVM_PUBLIC_INPUTS_FILENAME);
-
-  // The proof is written to e.g. /workingDirectory/proof
-  const outputPath = workingDirectory;
-
-  const filePresent = async (file: string) =>
-    await fs
-      .access(file, fs.constants.R_OK)
-      .then(_ => true)
-      .catch(_ => false);
-
-  const binaryPresent = await filePresent(pathToBB);
-  if (!binaryPresent) {
-    return { status: BB_RESULT.FAILURE, reason: `Failed to find bb binary at ${pathToBB}` };
-  }
-
-  try {
-    // Write the inputs to the working directory.
-
-    // WARNING: Not writing the inputs since VM1 is disabled!
-    // await fs.writeFile(publicInputsPath, input.publicInputs.toBuffer());
-    // if (!(await filePresent(publicInputsPath))) {
-    //   return { status: BB_RESULT.FAILURE, reason: `Could not write publicInputs at ${publicInputsPath}` };
-    // }
-
-    // await fs.writeFile(avmHintsPath, input.avmHints.toBuffer());
-    // if (!(await filePresent(avmHintsPath))) {
-    //   return { status: BB_RESULT.FAILURE, reason: `Could not write avmHints at ${avmHintsPath}` };
-    // }
-
-    const args = ['--avm-public-inputs', publicInputsPath, '-o', outputPath];
-    const loggingArg =
-      logger.level === 'debug' || logger.level === 'trace' ? '-d' : logger.level === 'verbose' ? '-v' : '';
-    if (loggingArg !== '') {
-      args.push(loggingArg);
-    }
-
-    const timer = new Timer();
-    const cmd = checkCircuitOnly ? 'check_circuit' : 'prove';
+    const cmd = checkCircuitOnly ? 'avm_check_circuit' : 'avm_prove';
     const logFunction = (message: string) => {
       logger.verbose(`AvmCircuit (${cmd}) BB out - ${message}`);
     };
-    const result = await executeBB(pathToBB, `avm_${cmd}`, args, logFunction);
+    const result = await executeBB(pathToBB, cmd, args, logFunction);
     const duration = timer.ms();
 
     if (result.status == BB_RESULT.SUCCESS) {
@@ -502,7 +415,7 @@ export async function generateAvmProof(
         durationMs: duration,
         proofPath: join(outputPath, PROOF_FILENAME),
         pkPath: undefined,
-        vkPath: outputPath,
+        vkDirectoryPath: outputPath,
       };
     }
     // Not a great error message here but it is difficult to decipher what comes from bb
@@ -541,24 +454,7 @@ export async function verifyProof(
   );
 }
 
-/**
- * Used for verifying proofs of the AVM
- * @param pathToBB - The full path to the bb binary
- * @param proofFullPath - The full path to the proof to be verified
- * @param verificationKeyPath - The full path to the circuit verification key
- * @param log - A logging function
- * @returns An object containing a result indication and duration taken
- */
 export async function verifyAvmProof(
-  pathToBB: string,
-  proofFullPath: string,
-  verificationKeyPath: string,
-  logger: Logger,
-): Promise<BBFailure | BBSuccess> {
-  return await verifyProofInternal(pathToBB, proofFullPath, verificationKeyPath, 'avm_verify', logger);
-}
-
-export async function verifyAvmProofV2(
   pathToBB: string,
   workingDirectory: string,
   proofFullPath: string,
@@ -580,7 +476,7 @@ export async function verifyAvmProofV2(
     return { status: BB_RESULT.FAILURE, reason: `Could not write avm inputs to ${avmInputsPath}` };
   }
 
-  return await verifyProofInternal(pathToBB, proofFullPath, verificationKeyPath, 'avm2_verify', logger, [
+  return await verifyProofInternal(pathToBB, proofFullPath, verificationKeyPath, 'avm_verify', logger, [
     '--avm-public-inputs',
     avmInputsPath,
   ]);
@@ -641,7 +537,7 @@ async function verifyProofInternal(
   pathToBB: string,
   proofFullPath: string,
   verificationKeyPath: string,
-  command: 'verify' | 'avm_verify' | 'avm2_verify',
+  command: 'verify' | 'avm_verify',
   logger: Logger,
   extraArgs: string[] = [],
 ): Promise<BBFailure | BBSuccess> {
@@ -657,24 +553,27 @@ async function verifyProofInternal(
     logger.verbose(`bb-prover (verify) BB out - ${message}`);
   };
 
-  // take proofFullPath and remove the suffix past the / to get the directory
-  const proofDir = proofFullPath.substring(0, proofFullPath.lastIndexOf('/'));
-  const publicInputsFullPath = join(proofDir, '/public_inputs');
-
-  logger.debug(`public inputs path: ${publicInputsFullPath}`);
   try {
     let args;
-    // Specify the public inputs path in the case of UH verification.
+
     if (command == 'verify') {
+      // Specify the public inputs path in the case of UH verification.
+      // Take proofFullPath and remove the suffix past the / to get the directory.
+      const proofDir = proofFullPath.substring(0, proofFullPath.lastIndexOf('/'));
+      const publicInputsFullPath = join(proofDir, '/public_inputs');
+      logger.debug(`public inputs path: ${publicInputsFullPath}`);
+
       args = ['-p', proofFullPath, '-k', verificationKeyPath, '-i', publicInputsFullPath, ...extraArgs];
     } else {
       args = ['-p', proofFullPath, '-k', verificationKeyPath, ...extraArgs];
     }
+
     const loggingArg =
       logger.level === 'debug' || logger.level === 'trace' ? '-d' : logger.level === 'verbose' ? '-v' : '';
     if (loggingArg !== '') {
       args.push(loggingArg);
     }
+
     const timer = new Timer();
     const result = await executeBB(pathToBB, command, args, logFunction);
     const duration = timer.ms();

package/src/prover/server/bb_prover.ts

@@ -1,5 +1,5 @@
 import {
-  AVM_PROOF_LENGTH_IN_FIELDS,
+  AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED,
   NESTED_RECURSIVE_PROOF_LENGTH,
   NESTED_RECURSIVE_ROLLUP_HONK_PROOF_LENGTH,
   PAIRING_POINTS_SIZE,
@@ -37,7 +37,7 @@ import {
 import { ServerCircuitVks } from '@aztec/noir-protocol-circuits-types/server/vks';
 import type { WitnessMap } from '@aztec/noir-types';
 import { NativeACVMSimulator } from '@aztec/simulator/server';
-import type { AvmCircuitInputs } from '@aztec/stdlib/avm';
+import type { AvmCircuitInputs, AvmCircuitPublicInputs } from '@aztec/stdlib/avm';
 import { ProvingError } from '@aztec/stdlib/errors';
 import {
   type ProofAndVerificationKey,
@@ -48,19 +48,20 @@ import {
 } from '@aztec/stdlib/interfaces/server';
 import type { BaseParityInputs, ParityPublicInputs, RootParityInputs } from '@aztec/stdlib/parity';
 import { Proof, RecursiveProof, makeRecursiveProofFromBinary } from '@aztec/stdlib/proofs';
-import type {
-  BaseOrMergeRollupPublicInputs,
-  BlockMergeRollupInputs,
-  BlockRootOrBlockMergePublicInputs,
-  BlockRootRollupInputs,
-  EmptyBlockRootRollupInputs,
-  MergeRollupInputs,
-  PrivateBaseRollupInputs,
+import {
+  type BaseOrMergeRollupPublicInputs,
+  type BlockMergeRollupInputs,
+  type BlockRootOrBlockMergePublicInputs,
+  type BlockRootRollupInputs,
+  type EmptyBlockRootRollupInputs,
+  type MergeRollupInputs,
+  type PrivateBaseRollupInputs,
   PublicBaseRollupInputs,
-  RootRollupInputs,
-  RootRollupPublicInputs,
-  SingleTxBlockRootRollupInputs,
-  TubeInputs,
+  type RootRollupInputs,
+  type RootRollupPublicInputs,
+  type SingleTxBlockRootRollupInputs,
+  type TubeInputs,
+  enhanceProofWithPiValidationFlag,
 } from '@aztec/stdlib/rollup';
 import type { CircuitProvingStats, CircuitWitnessGenerationStats } from '@aztec/stdlib/stats';
 import type { VerificationKeyData } from '@aztec/stdlib/vks';
@@ -185,9 +186,13 @@ export class BBNativeRollupProver implements ServerCircuitProver {
   }))
   public async getAvmProof(
     inputs: AvmCircuitInputs,
-  ): Promise<ProofAndVerificationKey<typeof AVM_PROOF_LENGTH_IN_FIELDS>> {
+    skipPublicInputsValidation: boolean = false,
+  ): Promise<ProofAndVerificationKey<typeof AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED>> {
     const proofAndVk = await this.createAvmProof(inputs);
-    await this.verifyAvmProof(proofAndVk.proof.binaryProof, proofAndVk.verificationKey);
+    await this.verifyAvmProof(proofAndVk.proof.binaryProof, proofAndVk.verificationKey, inputs.publicInputs);
+
+    // TODO(#14234)[Unconditional PIs validation]: remove next lines and directly return proofAndVk
+    proofAndVk.proof.proof = enhanceProofWithPiValidationFlag(proofAndVk.proof.proof, skipPublicInputsValidation);
     return proofAndVk;
   }
 
@@ -536,13 +541,13 @@ export class BBNativeRollupProver implements ServerCircuitProver {
 
   private async createAvmProof(
     input: AvmCircuitInputs,
-  ): Promise<ProofAndVerificationKey<typeof AVM_PROOF_LENGTH_IN_FIELDS>> {
+  ): Promise<ProofAndVerificationKey<typeof AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED>> {
     const operation = async (bbWorkingDirectory: string) => {
       const provingResult = await this.generateAvmProofWithBB(input, bbWorkingDirectory);
 
       // TODO(https://github.com/AztecProtocol/aztec-packages/issues/6773): this VK data format is wrong.
       // In particular, the number of public inputs, etc will be wrong.
-      const verificationKey = await extractAvmVkData(provingResult.vkPath!);
+      const verificationKey = await extractAvmVkData(provingResult.vkDirectoryPath!);
       const avmProof = await this.readAvmProofAsFields(provingResult.proofPath!, verificationKey);
 
       const circuitType = 'avm-circuit' as const;
@@ -579,7 +584,7 @@ export class BBNativeRollupProver implements ServerCircuitProver {
 
       // Read the proof as fields
       // TODO(AD): this is the only remaining use of extractVkData.
-      const tubeVK = await extractVkData(provingResult.vkPath!);
+      const tubeVK = await extractVkData(provingResult.vkDirectoryPath!);
       const tubeProof = await readProofAsFields(provingResult.proofPath!, tubeVK, TUBE_PROOF_LENGTH, logger);
 
       this.instrumentation.recordDuration('provingDuration', 'tubeCircuit', provingResult.durationMs);
@@ -673,9 +678,13 @@ export class BBNativeRollupProver implements ServerCircuitProver {
     return await this.verifyWithKey(getUltraHonkFlavorForCircuit(circuitType), verificationKey, proof);
   }
 
-  public async verifyAvmProof(proof: Proof, verificationKey: VerificationKeyData) {
+  public async verifyAvmProof(
+    proof: Proof,
+    verificationKey: VerificationKeyData,
+    publicInputs: AvmCircuitPublicInputs,
+  ) {
     return await this.verifyWithKeyInternal(proof, verificationKey, (proofPath, vkPath) =>
-      verifyAvmProof(this.config.bbBinaryPath, proofPath, vkPath, logger),
+      verifyAvmProof(this.config.bbBinaryPath, this.config.bbWorkingDirectory, proofPath, publicInputs, vkPath, logger),
     );
   }
 
@@ -728,16 +737,25 @@ export class BBNativeRollupProver implements ServerCircuitProver {
   private async readAvmProofAsFields(
     proofFilename: string,
     vkData: VerificationKeyData,
-  ): Promise<RecursiveProof<typeof AVM_PROOF_LENGTH_IN_FIELDS>> {
-    const rawProof = await fs.readFile(proofFilename);
-
-    const reader = BufferReader.asReader(rawProof);
-    const fields = reader.readArray(rawProof.length / Fr.SIZE_IN_BYTES, Fr);
-    const fieldsWithoutPublicCols = fields.slice(-1 * AVM_PROOF_LENGTH_IN_FIELDS);
-
-    const proof = new Proof(rawProof, vkData.numPublicInputs);
+  ): Promise<RecursiveProof<typeof AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED>> {
+    const rawProofBuffer = await fs.readFile(proofFilename);
+    const reader = BufferReader.asReader(rawProofBuffer);
+    const proofFields = reader.readArray(rawProofBuffer.length / Fr.SIZE_IN_BYTES, Fr);
+
+    // We extend to a fixed-size padded proof as during development any new AVM circuit column changes the
+    // proof length and we do not have a mechanism to feedback a cpp constant to noir/TS.
+    // TODO(#13390): Revive a non-padded AVM proof
+    if (proofFields.length > AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED) {
+      throw new Error(
+        `Proof has ${proofFields.length} fields, expected no more than ${AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED}.`,
+      );
+    }
+    const proofFieldsPadded = proofFields.concat(
+      Array(AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED - proofFields.length).fill(new Fr(0)),
+    );
 
-    return new RecursiveProof(fieldsWithoutPublicCols, proof, true, AVM_PROOF_LENGTH_IN_FIELDS);
+    const proof = new Proof(rawProofBuffer, vkData.numPublicInputs);
+    return new RecursiveProof(proofFieldsPadded, proof, true, AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED);
   }
 
   private runInDirectory<T>(fn: (dir: string) => Promise<T>) {