Zcash Web Gateway

Community Grants Applications
1

Application Owner

Ikeoluwa Oke

Organization Name

ZeroIq

Requested Grant Amount (USD)

$25,450

Category

Infrastructure

Project Lead

Name: Ikeoluwa Oke
Role: Technical Lead / Infrastructure Engineer
Background: Infrastructure and protocol engineering with deep expertise in proxy architectures, gRPC systems, and production-grade service deployment. Experienced in building scalable backend systems and developer tooling.
Responsibilities: Gateway stack architecture (Envoy/grpcwebproxy configuration); gRPC-web translation layer; TLS/CORS configuration; health checks and readiness probes; performance optimization and load testing; technical specification and review.

Additional Team Members

Name: Olowu Timilehin
Role: Protocol Engineer
Background: Protocol-level engineering and integration work across blockchain systems. Experience with lightwalletd, gRPC services, and network-level security patterns.
Github: Timi16 · GitHub

Responsibilities: lightwalletd integration layer; gRPC service compatibility testing; streaming protocols and connection management; security hardening (rate limiting, abuse prevention); conformance test suite design.

Name: Owoeye Ajuwonlo
Role: Software Engineer / DevOps
Background: Full-stack and DevOps engineering with focus on containerization, CI/CD, and infrastructure-as-code. Proficient in Docker, Kubernetes, Terraform, and monitoring systems.
Responsibilities: Deployment templates (Docker Compose, Helm, Terraform); CI/CD automation; monitoring and observability setup (Prometheus/Grafana); endpoint registry implementation; uptime dashboard; documentation and quickstart guides.

Project Summary

Zcash Web Gateway is the missing gRPC-web infrastructure layer that enables browser-based Zcash wallets to reliably connect to lightwalletd servers. It provides an open-source, production-ready gRPC-web proxy stack with deployment templates, conformance testing, and a public endpoint registry. This unlocks “web wallets that just work” without every team reinventing proxy infrastructure, reduces centralization risk, and standardizes the critical bridge between browsers and the Zcash light client protocol.

Project Description

Zcash Web Gateway is a foundational infrastructure project that solves a critical technical blocker for browser-based Zcash wallets: browsers cannot directly communicate with lightwalletd servers because lightwalletd uses gRPC, and standard gRPC (HTTP/2-based) is not implementable in browser environments due to networking API limitations.

WebZjs (ChainSafe’s browser wallet library) explicitly documents this constraint, stating that browser wallets require “a special gRPC-web proxy to a regular lightwalletd instance” and that “using an unproxied URL will NOT work.” Currently, teams either depend on ChainSafe’s hosted proxies (creating soft centralization) or build fragile one-off proxy setups with inconsistent security, no monitoring, and poor reliability.

Zcash Web Gateway standardizes this critical infrastructure layer by delivering:

  1. Open-source gateway stack - A production-ready gRPC-web proxy (Envoy-based) with Zcash-specific hardening including rate limiting, health checks, CORS configuration, privacy-preserving logging defaults, and clear protocol limitation documentation.

  2. Deployment templates - Docker Compose for local development, Helm charts for Kubernetes, and Terraform modules for multi-region cloud deployment, enabling any organization to stand up a gateway in hours rather than weeks.

  3. Conformance testing - A test suite that validates gRPC-web compatibility, correct headers/CORS, and streaming stability, ensuring consistent behavior across gateway deployments.

  4. Public endpoint registry + uptime dashboard - A coordination layer where developers can discover vetted, geographically distributed gateway endpoints with real-time health status, eliminating endpoint guessing and enabling informed routing decisions.

This project directly supports ZCG’s stated goals of decentralizing infrastructure and enabling browser-based wallet adoption. By making it easy for multiple independent operators to run standards-compliant gateways, we reduce single points of failure while preserving the privacy and self-custody properties that define Zcash.

Proposed Problem

The Core Technical Blocker

Browser-based Zcash wallets face a hard technical constraint: browsers cannot reliably communicate with lightwalletd servers directly because lightwalletd exposes a gRPC API, and standard gRPC (which relies on HTTP/2 features like trailers and bidirectional streaming) is not implementable within browser JavaScript networking APIs.

ChainSafe’s Zcash web wallet feasibility report explicitly states: “Block downloading is challenging because lightwalletd uses gRPC, and gRPC can’t be used from within a browser due to HTTP/2 configuration limitations; the workaround is a grpc-web proxy that translates browser-friendly grpc-web requests to native gRPC.”

WebZjs documentation confirms this is not optional: “To work in the web these need to be a special gRPC-web proxy to a regular lightwalletd instance. Using an unproxied URL will NOT work.”

Sources:

Current State: Fragmented and Centralized

Right now, teams building browser wallets face several compounding problems:

1. Reinventing the proxy wheel
Each team must either:

  • Hunt for working proxy endpoints (often just ChainSafe’s hosted infrastructure)

  • Build their own proxy setup, typically encountering CORS issues, TLS misconfigurations, timeout problems, streaming instability, and lack of proper health checks

  • Spend weeks troubleshooting issues that others have already solved

2. Soft centralization risk
ChainSafe currently hosts gRPC-web proxy endpoints as a stopgap, which is valuable but creates dependency: if a single proxy provider is rate-limited, blocked, attacked, or experiences downtime, all dependent web wallets suffer. Forum discussions show community members asking where proxy source code is so others (like zec.rocks) can host their own, highlighting the desire for decentralization.

3. No production-grade standards
Generic gRPC-web documentation explains how to configure Envoy as a proxy, but wallet infrastructure needs much more:

  • Rate limiting and abuse control

  • Comprehensive health checks and failover routing

  • Correct CORS configuration (a common pain point)

  • Appropriate caching policies

  • Observability (latency metrics, error rates, stream resets)

  • Privacy-preserving logging defaults

4. Privacy considerations
Light wallet servers can gather user metadata including IP addresses and correlated transaction patterns. The Zcash community has discussed using Tor and other privacy countermeasures. A standardized gateway layer can bake in privacy-aware defaults from day one.

5. No endpoint discovery mechanism
Web developers currently have no reliable way to know which endpoints:

  • Support gRPC-web correctly with proper CORS

  • Are currently operational with good uptime

  • Are geographically close for optimal latency

  • Are not overloaded

Why This Matters to the Zcash Ecosystem

Browser wallets unlock critical distribution channels:

  • Zero-install onboarding (users can receive/send shielded ZEC by opening a link)

  • Integration into web-based marketplaces, donation platforms, paywalls, and communities

  • Browser extension distribution (the dominant crypto wallet channel)

  • MetaMask Snap integration (potentially reaching millions of users)

  • Easier developer prototyping and hackathon participation

ZCG has already demonstrated belief in this vision by approving $150,000 for WebZjs (Q3 2024) and $168,000 for WebZjs maintenance (Q4 2024). However, WebZjs cannot function without the gRPC-web proxy layer. The gateway is not optional - it’s the missing infrastructure that makes browser wallets possible.

Alignment with ZCG infrastructure goals:
ZCG’s lightwalletd infrastructure RFP explicitly calls for “decentralize and distribute infrastructure amongst multiple providers.” The Web Gateway applies this same philosophy to the browser surface area, enabling a federated model where multiple independent operators can run standards-compliant gateways.

Proposed Solution

Zcash Web Gateway provides a maintained, production-ready gRPC-web infrastructure layer that standardizes how browser applications connect to lightwalletd, delivered as open-source software with deployment automation and a public coordination mechanism.

How It Closes the Gaps

1. Standard, reproducible gateway stack
Instead of fragmented proxy setups, we deliver a well-engineered, documented gateway based on proven components (Envoy with grpc_web filter) with Zcash-specific hardening:

  • Comprehensive health checks and readiness probes

  • Rate limiting hooks (with optional API key support)

  • CORS configuration tested against real browser environments

  • TLS/security baseline with documented best practices

  • Privacy-aware logging defaults (minimal retention, no IP logging by default)

  • Clear documentation of gRPC-web protocol limitations

2. Deployment made trivial
Pre-built templates for common deployment scenarios:

  • Docker Compose for local development and small-scale hosting

  • Helm charts for Kubernetes production deployments

  • Terraform modules for multi-region cloud infrastructure

  • Complete documentation enabling gateway deployment in hours, not weeks

3. Conformance and compatibility assurance
A test suite that validates:

  • End-to-end gRPC-web connectivity to lightwalletd

  • Correct headers and CORS configuration

  • Streaming stability under realistic load patterns

  • Compatibility matrix (lightwalletd versions, network upgrades)

4. Endpoint registry and discovery
A public registry providing:

  • Vetted list of operational gateway endpoints

  • Real-time health and uptime monitoring

  • Geographic distribution information

  • Performance metrics (latency, availability)

  • Operator guide for joining the registry

This transforms “random endpoint guessing” into informed, reliable developer experience.

What We Will Ship

Gateway Stack (open-source software)

  • zcash-web-gateway: Envoy-based gRPC-web proxy with Zcash configuration

  • Rate limiting and abuse protection configuration

  • Health check and monitoring integration

  • Privacy-preserving logging defaults

  • Comprehensive security documentation

Deployment Templates

  • Docker Compose profile for local development

  • Kubernetes Helm chart for production deployment

  • Terraform modules for AWS/GCP/Azure multi-region setup

  • Configuration examples and customization guides

Conformance Testing

  • CLI tool for endpoint validation

  • GitHub Action for continuous conformance testing

  • Test vectors covering common wallet operations

  • Load testing guidance and benchmarks

Endpoint Registry + Dashboard

  • Public registry with JSON schema and verification rules

  • Uptime monitoring with historical performance data

  • Web dashboard displaying endpoint status and metrics

  • Operator onboarding guide and contribution process

Documentation

  • “15-minute local gateway” quick start

  • Production deployment best practices

  • Security hardening checklist

  • Privacy considerations and Tor guidance

  • Troubleshooting common issues

  • Compatibility matrix (lightwalletd versions, Zcash network upgrades)

Solution Format

Type: Open-source infrastructure software with documentation, deployment automation, and public registry service.

Core Deliverables

1. Gateway Stack - zcash-web-gateway

  • Envoy configuration with grpc_web filter for lightwalletd translation

  • Rate limiting module with configurable thresholds

  • Health checks (startup probes, liveness probes, readiness probes)

  • CORS configuration validated against browser environments

  • TLS termination with documented certificate management

  • Privacy defaults: localhost-only binding option, minimal logging, short retention

  • Containerized for reproducible deployment

2. Deployment Templates

  • Docker Compose: Single-command local gateway for development

  • Helm Chart: Production-ready Kubernetes deployment with configurable replicas, ingress, monitoring

  • Terraform Modules: Multi-region infrastructure provisioning (AWS/GCP/Azure)

  • Configuration examples for different deployment scales

3. Conformance Testing Suite

  • CLI validator: zcash-gateway-test binary for endpoint verification

  • GitHub Action for continuous conformance monitoring

  • Test coverage: connection establishment, streaming operations, header validation, error handling

  • Load testing scripts and performance baselines

4. Endpoint Registry + Uptime Dashboard

  • Registry specification (JSON schema, verification process)

  • Public dashboard (uptime, latency, geographic distribution)

  • Automated health monitoring and alerting

  • Operator onboarding documentation

5. Documentation Package

  • Quick start guide (local deployment in 15 minutes)

  • Production deployment guide

  • Security best practices and hardening checklist

  • Privacy configuration (Tor integration guidance)

  • Troubleshooting guide

  • Compatibility matrix and version management

Release & Distribution

Licensing: MIT / Apache-2.0 dual license (ecosystem-friendly)

Releases:

  • Versioned Docker images published to GHCR

  • Helm charts versioned and published

  • Terraform modules tagged in Git

  • Binary releases for conformance testing tools

Artifacts:

  • Configuration templates

  • Documentation site (GitHub Pages or similar)

  • Public endpoint registry and dashboard

Maintenance Window

90-day post-release maintenance including:

  • Version compatibility updates (lightwalletd releases, Envoy updates)

  • Security patches and bug fixes

  • Documentation improvements based on user feedback

  • Monthly status updates to ZCG forum

  • Community support and issue triage

Handover plan: Invite wallet maintainers and infrastructure operators to co-maintain after initial delivery.

Dependencies

1) Technical Software & Runtime

Operating System

  • Linux (primary): Ubuntu 22.04+ or equivalent for production deployments

  • macOS/Windows (development): Docker Desktop for local testing

Container Stack

  • Docker Engine ≥ 24.x

  • Docker Compose v2

  • Kubernetes ≥ 1.27 (for Helm deployments)

Infrastructure-as-Code

  • Terraform ≥ 1.5

  • Helm ≥ 3.12

Gateway Components

  • Envoy Proxy (latest stable with grpc_web filter support)

  • lightwalletd (version-pinned for compatibility testing)

Monitoring & Observability

  • Prometheus-compatible metrics endpoint

  • Grafana dashboards (optional, templates provided)

Build Toolchain

  • Go (for conformance testing tools)

  • Node.js (for dashboard frontend)

Local Resources (typical deployment)

  • ~1-2 GB disk for containers and logs

  • 1-2 CPU cores, 2-4 GB RAM for single-instance gateway

  • Multi-region production: scaled based on expected traffic

Networking

  • Public IP and DNS for production endpoints

  • TLS certificates (Let’s Encrypt or equivalent)

  • DDoS protection recommended (Cloudflare or similar)

2) Documentation & Specifications Referenced

4) External Coordination

Potential upstream engagement:

  • ChainSafe (WebZjs maintainers) - validation of gateway requirements

  • lightwalletd maintainers - compatibility testing and documentation

  • Zcash Foundation - infrastructure coordination and registry hosting discussion

  • Community gateway operators - early feedback and testing

No mainnet keys or sensitive credentials required. Gateway operates as a translation layer; all security-sensitive operations remain in user wallets and lightwalletd servers.

Technical Approach

We will deliver a production-ready, reproducible gRPC-web gateway stack built on proven components (Envoy proxy), packaged with comprehensive deployment automation, conformance testing, and a public coordination layer (endpoint registry).

1) Architecture

Core Translation Layer

  • Envoy proxy with grpc_web filter configured for lightwalletd compatibility

  • Handles translation from browser-friendly gRPC-web (HTTP/1.1 with specific headers) to native gRPC (HTTP/2)

  • Supports both text and binary gRPC-web formats

Deployment Flexibility

  • Single-instance local development (Docker Compose)

  • Multi-replica production (Kubernetes + Helm)

  • Multi-region with load balancing (Terraform IaC)

Integration Points

  • Upstream: lightwalletd gRPC API (ZIP-307 spec)

  • Downstream: Browser-based wallets using gRPC-web protocol

  • Monitoring: Prometheus metrics, structured logging

2) Gateway Configuration & Hardening

Traffic Management

  • Request/response size limits appropriate for wallet operations

  • Timeout configuration for different operation types (quick vs. streaming)

  • Connection pooling and keepalive tuning

  • Rate limiting with configurable thresholds (per-IP, per-endpoint)

Security Baseline

  • TLS termination with modern cipher suites

  • CORS configuration tested against real browser environments

  • Request validation and sanitization

  • Optional API key authentication hooks

  • DDoS mitigation guidance (integration with Cloudflare/similar)

Privacy Defaults

  • Minimal logging (no IP addresses by default, configurable)

  • Short log retention policies

  • Guidance for Tor integration and .onion endpoint setup

  • Clear documentation of what metadata gateway operators can observe

Health & Reliability

  • Startup probes (wait for lightwalletd connectivity)

  • Liveness probes (gateway process health)

  • Readiness probes (backend availability)

  • Graceful shutdown and connection draining

  • Circuit breaker patterns for upstream failures

3) Deployment Templates

Docker Compose (local development)

  • Single-command local setup

  • Configured for localhost-only, development certificates

  • Includes example lightwalletd mock for testing

Helm Chart (Kubernetes production)

  • Configurable replica count and resource limits

  • Ingress configuration (domain, TLS)

  • Rate limiting thresholds

  • Monitoring integration

  • Multi-backend support (if running multiple lightwalletd instances)

Terraform Modules (multi-region infrastructure)

  • Provisions load balancer with health checks

  • Gateway instances in multiple regions

  • DNS configuration

  • TLS certificate management (Let’s Encrypt)

  • Monitoring and alerting

  • Auto-scaling based on traffic

4) Conformance Testing

Validation Coverage

  • gRPC-web connectivity (can browser reach lightwalletd operations?)

  • Header correctness (Content-Type, Accept, CORS headers)

  • Streaming stability (block streaming, transaction updates)

  • Error handling (proper HTTP status codes, error messages)

  • Performance baseline (latency, throughput)

Testing Tools

  • zcash-gateway-test CLI: validate any endpoint against conformance spec

  • GitHub Action: continuous conformance monitoring for registered endpoints

  • Load testing scripts: realistic wallet operation patterns

Compatibility Matrix

  • lightwalletd versions tested

  • Zcash network upgrade compatibility (Sapling, Orchard, future upgrades)

  • Browser compatibility (Chrome, Firefox, Safari, Edge)

5) Endpoint Registry & Discovery

Registry Design

  • JSON schema defining endpoint entries (URL, region, operator, capabilities)

  • Verification process (conformance testing required for listing)

  • Public GitHub repository or API endpoint for programmatic access

Uptime Dashboard

  • Real-time health checks (every 60 seconds)

  • Historical uptime data (30-day, 90-day availability)

  • Latency monitoring from multiple geographic probes

  • Visual status page (operational/degraded/down)

Operator Guide

  • How to deploy a conformant gateway

  • How to request registry inclusion

  • Expectations for operators (uptime SLO, security practices)

  • Community guidelines and support channels

6) Platform Support

Production Focus: Linux

  • All deployment templates and documentation optimized for Linux

  • CI/CD examples using Linux runners

  • Production deployment guides for major cloud providers

Development Support: Cross-platform

  • Docker Compose works on macOS and Windows via Docker Desktop

  • Clear documentation of platform-specific considerations

  • Troubleshooting guides for common development environment issues

Hardware/Software Costs (USD)

$200

Hardware/Software Justification

This project ships open-source infrastructure software and tooling. Most tools and platforms are free; the costs below represent minimal operational expenses required for stable development, testing, and registry hosting during the grant period.

Required Infrastructure

Development & Testing Environment

  • Small Linux VM (CI/CD and conformance testing)

    • Purpose: Automated testing of gateway deployments, conformance suite execution, documentation build verification

    • Specification: 2-4 vCPU, 4-8 GB RAM, 50 GB SSD

    • Duration: Development period + 90-day maintenance window (~5 months)

    • Estimated cost: $15-20/month = ~$100 total

Registry & Dashboard Hosting

  • Static site hosting (endpoint registry + uptime dashboard)

    • Purpose: Public-facing registry and uptime monitoring dashboard

    • Specification: 1 vCPU, 1 GB RAM for monitoring agent

    • Duration: Initial 6 months of operation

    • Estimated cost: $5-10/month = ~$50 total

Domain & DNS

  • Custom domain for registry/dashboard

    • Purpose: Professional endpoint

    • Cost: ~$15/year

Multi-Region Testing

  • Spot instance testing (~$35 for testing across 3 regions during final phase)

Total Estimated Hardware/Software Costs: $200

Service Costs (USD)

$200

Service Costs Justification

Service costs cover operational infrastructure required to develop, test, and initially operate the public gateway registry and conformance testing infrastructure during the grant period.

CI/CD Infrastructure ($100)

  • Self-hosted GitHub Actions runner for automated conformance testing, multi-container deployment validation, documentation build, and performance benchmarking

Registry & Monitoring Service ($50)

  • Uptime monitoring service infrastructure, endpoint health check automation, historical performance data collection, public dashboard hosting

Domain & DNS ($15)

  • Professional domain for registry and documentation

Multi-Region Testing ($35)

  • Spot instance testing across AWS/GCP/Azure regions, Terraform deployment validation, network performance benchmarking

Total Service Costs: $200

Compensation Costs (USD)

$23,050

Compensation Costs Justification

Compensation is calculated based on hourly rates aligned with market standards for blockchain infrastructure engineering and specialized gRPC/proxy expertise.

Total Budget (USD)

$25,450

Budget Breakdown:

  • Compensation: $23,050

  • Service Costs: $200

  • Hardware/Software: $200

  • Total: $25,450

Includes:

  • Startup funding request: $2,000

  • Remaining: $23,450 distributed across 5 milestones

Previous Funding

No

Previous Funding Details

N/A

Other Funding Sources

No

Other Funding Sources Details

No other funding sources.

Potential Side Effects

Infrastructure Centralization Perception

  • Risk: Registry could be perceived as centralizing control

  • Mitigation: Federated design; anyone can run registry; opt-in convenience layer

Privacy Metadata Leakage

  • Risk: Gateway operators could log user data

  • Mitigation: Privacy-preserving defaults; Tor guidance; multiple independent operators

False Sense of Security

  • Risk: Users might over-trust gateway endpoints

  • Mitigation: Clear documentation of trust model; conformance tests validate technical correctness only

Dependency on Envoy

  • Risk: Tight coupling to specific technology

  • Mitigation: Abstract requirements in specification; allow alternative implementations

Registry Maintenance

  • Risk: Registry becomes stale post-grant

  • Mitigation: Automated health monitoring; community onboarding; handover plan

Success Metrics

Adoption & Usage

  • Gateway deployments: ≥ 8 independent operators within 6 months

  • Wallet integrations: ≥ 3 browser wallet projects

  • Registry listings: ≥ 5 public endpoints across different operators/regions

  • Documentation reach: ≥ 500 unique visitors/month

  • Community contributions: ≥ 3 external PRs merged

Quality & Reliability

  • Conformance pass rate: 100% of deployed gateways

  • Registry uptime: ≥ 99%

  • Endpoint availability: ≥ 95% average across registered endpoints

  • Deployment success rate: ≥ 90% can deploy in ≤ 20 minutes

  • Browser compatibility: Works in Chrome, Firefox, Safari, Edge (latest 2 versions)

Security & Privacy

  • Security incidents: 0 critical issues

  • Privacy compliance: 100% of templates use privacy-preserving defaults

  • TLS coverage: 100% of registered endpoints use valid TLS

Documentation & DX

  • Quick start completion: ≥ 85% success rate

  • Production deployment: ≥ 75% success without custom troubleshooting

  • Documentation rating: ≥ 4.0/5.0 average

Ecosystem Impact

  • Decentralization: ≥ 3 independent organizations operating gateways

  • Geographic distribution: Endpoints in ≥ 3 continents

  • No single operator > 40% of traffic

Maintenance & Community

  • Issue response: ≤ 48 hours first response

  • Version updates: Within 14 days of releases

  • Monthly updates: 100% posted

  • Community handover: ≥ 2 external maintainers onboarded

Startup Funding (USD)

$2,000

Startup Funding Justification

Startup funding enables immediate project mobilization and critical infrastructure provisioning before Milestone 1 completion.

Infrastructure Setup ($800)

  • CI/CD runner provisioning

  • Registry/dashboard hosting environment

  • Development environment standardization

  • Cloud account setup

Team Mobilization ($800)

  • Kickoff meeting and sprint planning

  • Technical specification finalization

  • Tool and access provisioning

  • Stakeholder coordination

Documentation & Community ($400)

  • GitHub repository setup

  • Initial documentation structure

  • ZCG forum thread creation

  • Communication channels setup

Milestone Details

Milestone 1: Gateway Stack MVP + Deployment Foundation

Amount: $4,000
Expected Completion: Month 1

User Stories:

  • “As a browser wallet developer, I want a working gRPC-web proxy I can point my WebZjs app at so I can test basic lightwalletd connectivity”

  • “As a gateway operator, I want a Docker Compose file I can run locally so I can validate the gateway works”

Deliverables:

  1. Envoy-based gRPC-web gateway (working prototype)

  2. Docker Compose deployment template

  3. Technical specification document

  4. Project repository scaffolding

Acceptance Criteria:

  • Docker Compose brings up gateway in ≤ 5 minutes

  • Browser test app can connect and retrieve block height

  • Health check endpoint returns 200 OK

  • Repository public with clear README

Milestone 2: Production Hardening + Multi-Deployment

Amount: $7,500
Expected Completion: Month 2

User Stories:

  • “As a gateway operator, I want production-ready Helm charts so I can deploy to Kubernetes”

  • “As a security-conscious operator, I want rate limiting so my gateway doesn’t get overwhelmed”

Deliverables:

  1. Production gateway features (rate limiting, timeouts, connection pooling)

  2. Security hardening (TLS, CORS, request validation)

  3. Privacy defaults (no IP logging)

  4. Kubernetes Helm chart

  5. Monitoring integration (Prometheus/Grafana)

  6. Load testing & benchmarks

Acceptance Criteria:

  • Gateway survives 1000 concurrent connections

  • Rate limiting blocks excess requests

  • Helm chart deploys successfully

  • Default configuration logs zero IP addresses

  • All major browsers connect successfully

Milestone 3: Conformance Testing + Multi-Cloud Templates

Amount: $6,500
Expected Completion: Month 3

User Stories:

  • “As a registry operator, I want automated tests that validate gateway endpoints”

  • “As a multi-cloud user, I want Terraform templates for AWS and GCP”

Deliverables:

  1. Conformance testing suite (CLI tool)

  2. GitHub Action for continuous conformance

  3. Terraform modules (AWS + GCP)

  4. Compatibility matrix

  5. Advanced documentation

Acceptance Criteria:

  • Conformance CLI validates all critical operations

  • GitHub Action catches broken configurations

  • Terraform AWS module provisions working gateway

  • Terraform GCP module provisions working gateway

  • Production guide enables deployment in ≤ 2 hours

Milestone 4: Endpoint Registry + Public Dashboard

Amount: $3,450
Expected Completion: Month 4 (September 2025)

User Stories:

  • “As a browser wallet developer, I want a public registry so I don’t hardcode URLs”

  • “As a user, I want to see which gateways are operational”

Deliverables:

  1. Endpoint registry specification

  2. Registry backend (API + GitHub-based)

  3. Uptime monitoring service

  4. Public dashboard (web UI)

  5. Operator onboarding guide

  6. Initial registry population (≥ 3 endpoints)

Acceptance Criteria:

  • Registry API returns valid JSON with ≥ 3 endpoints

  • Dashboard shows real-time status

  • Uptime data collected for 7+ days

  • External operator successfully submits endpoint

Milestone 5: Documentation, Community Handover & Maintenance

Amount: $2,000
Expected Completion: Month 4 + 90-day maintenance (December 2025)

User Stories:

  • “As a new contributor, I want clear documentation”

  • “As a wallet developer, I want quick start guides”

Deliverables:

  1. Comprehensive documentation site

  2. Community resources (forum, GitHub Discussions, videos)

  3. 90-day post-delivery maintenance

  4. Community handover plan (≥ 2 co-maintainers)

  5. Final grant report

Acceptance Criteria:

  • Documentation site live with all sections

  • Video demo published

  • ≥ 4 monthly updates to ZCG forum

  • ≥ 2 external co-maintainers engaged

  • Final grant report submitted

Timeline Summary

Month 1 : Milestone 1 - Gateway MVP
Month 2: Milestone 2 - Production Hardening
Month 3 : Milestone 3 - Conformance + Multi-Cloud
Month 4 : Milestone 4 - Registry + Dashboard
Months 4-7: Milestone 5 - Docs + 90-day Maintenance

Total Timeline: ~7 months (4 months development + 3 months maintenance)

Supporting Documents

N/A

Zcash Community Grants Meeting Minutes 2/16/26
Zcash Web Gateway (REVISED)
5

Thank you for your submission. After consideration from ZCG and sufficient time for the community to provide feedback on the forum, the committee has decided to reject this proposal.

The committee appreciates your grant submission efforts and encourages you to continue as an active member of the Zcash community going forward! Further details will be available in the meeting minutes posted later this week.