docs: update README with comprehensive test results, CLI documentation, and enhanced feature descriptions

- Update key capabilities to include GPU marketplace, payments, billing, and governance
- Expand CLI section from basic examples to 12 command groups with 90+ subcommands
- Add detailed test results table showing 208 passing tests across 6 test suites
- Update documentation links to reference new CLI reference and coordinator API docs
- Revise test commands to reflect actual test structure (

contracts/Groth16Verifier.sol

@@ -0,0 +1,68 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.19;
+
+/**
+ * @title Groth16Verifier
+ * @dev Auto-generated Groth16 proof verifier for the SimpleReceipt circuit.
+ *
+ * To regenerate from the actual circuit:
+ *   cd apps/zk-circuits
+ *   npx snarkjs groth16 setup receipt_simple.r1cs pot12_final.ptau circuit_0000.zkey
+ *   npx snarkjs zkey contribute circuit_0000.zkey circuit_final.zkey --name="AITBC" -v
+ *   npx snarkjs zkey export solidityverifier circuit_final.zkey ../../contracts/Groth16Verifier.sol
+ *
+ * This file is a functional stub that matches the interface expected by
+ * ZKReceiptVerifier.sol. Replace with the snarkjs-generated version for production.
+ */
+contract Groth16Verifier {
+
+    // Verification key points (placeholder — replace with real VK from snarkjs export)
+    uint256 constant ALPHA_X = 0x0000000000000000000000000000000000000000000000000000000000000001;
+    uint256 constant ALPHA_Y = 0x0000000000000000000000000000000000000000000000000000000000000002;
+    uint256 constant BETA_X1 = 0x0000000000000000000000000000000000000000000000000000000000000001;
+    uint256 constant BETA_X2 = 0x0000000000000000000000000000000000000000000000000000000000000002;
+    uint256 constant BETA_Y1 = 0x0000000000000000000000000000000000000000000000000000000000000003;
+    uint256 constant BETA_Y2 = 0x0000000000000000000000000000000000000000000000000000000000000004;
+    uint256 constant GAMMA_X1 = 0x0000000000000000000000000000000000000000000000000000000000000001;
+    uint256 constant GAMMA_X2 = 0x0000000000000000000000000000000000000000000000000000000000000002;
+    uint256 constant GAMMA_Y1 = 0x0000000000000000000000000000000000000000000000000000000000000003;
+    uint256 constant GAMMA_Y2 = 0x0000000000000000000000000000000000000000000000000000000000000004;
+    uint256 constant DELTA_X1 = 0x0000000000000000000000000000000000000000000000000000000000000001;
+    uint256 constant DELTA_X2 = 0x0000000000000000000000000000000000000000000000000000000000000002;
+    uint256 constant DELTA_Y1 = 0x0000000000000000000000000000000000000000000000000000000000000003;
+    uint256 constant DELTA_Y2 = 0x0000000000000000000000000000000000000000000000000000000000000004;
+
+    // IC points for 1 public signal (SimpleReceipt: receiptHash)
+    uint256 constant IC0_X = 0x0000000000000000000000000000000000000000000000000000000000000001;
+    uint256 constant IC0_Y = 0x0000000000000000000000000000000000000000000000000000000000000002;
+    uint256 constant IC1_X = 0x0000000000000000000000000000000000000000000000000000000000000003;
+    uint256 constant IC1_Y = 0x0000000000000000000000000000000000000000000000000000000000000004;
+
+    /**
+     * @dev Verify a Groth16 proof.
+     * @param a Proof element a (G1 point)
+     * @param b Proof element b (G2 point)
+     * @param c Proof element c (G1 point)
+     * @param input Public signals array (1 element for SimpleReceipt)
+     * @return r Whether the proof is valid
+     *
+     * NOTE: This stub always returns true for development/testing.
+     * Replace with the snarkjs-generated verifier for production use.
+     */
+    function verifyProof(
+        uint[2] calldata a,
+        uint[2][2] calldata b,
+        uint[2] calldata c,
+        uint[1] calldata input
+    ) public view returns (bool r) {
+        // Production: pairing check using bn256 precompiles
+        // ecPairing(a, b, alpha, beta, vk_x, gamma, c, delta)
+        //
+        // Stub: validate proof elements are non-zero
+        if (a[0] == 0 && a[1] == 0) return false;
+        if (c[0] == 0 && c[1] == 0) return false;
+        if (input[0] == 0) return false;
+
+        return true;
+    }
+}

contracts/scripts/deploy-testnet.sh

@@ -0,0 +1,90 @@
+#!/usr/bin/env bash
+# Deploy ZKReceiptVerifier to testnet
+#
+# Prerequisites:
+#   npm install -g hardhat @nomicfoundation/hardhat-toolbox
+#   cd contracts && npm init -y && npm install hardhat
+#
+# Usage:
+#   ./scripts/deploy-testnet.sh [--network <network>]
+#
+# Networks: localhost, sepolia, goerli
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CONTRACTS_DIR="$(dirname "$SCRIPT_DIR")"
+NETWORK="${2:-localhost}"
+
+echo "=== AITBC ZK Contract Deployment ==="
+echo "Network: $NETWORK"
+echo "Contracts: $CONTRACTS_DIR"
+echo ""
+
+# Step 1: Generate Groth16Verifier from circuit (if snarkjs available)
+echo "--- Step 1: Check Groth16Verifier ---"
+if [[ -f "$CONTRACTS_DIR/Groth16Verifier.sol" ]]; then
+    echo "Groth16Verifier.sol exists"
+else
+    echo "Generating Groth16Verifier.sol from circuit..."
+    ZK_DIR="$CONTRACTS_DIR/../apps/zk-circuits"
+    if [[ -f "$ZK_DIR/circuit_final.zkey" ]]; then
+        npx snarkjs zkey export solidityverifier \
+            "$ZK_DIR/circuit_final.zkey" \
+            "$CONTRACTS_DIR/Groth16Verifier.sol"
+        echo "Generated Groth16Verifier.sol"
+    else
+        echo "WARNING: circuit_final.zkey not found. Using stub verifier."
+        echo "To generate: cd apps/zk-circuits && npx snarkjs groth16 setup ..."
+    fi
+fi
+
+# Step 2: Compile contracts
+echo ""
+echo "--- Step 2: Compile Contracts ---"
+cd "$CONTRACTS_DIR"
+if command -v npx &>/dev/null && [[ -f "hardhat.config.js" ]]; then
+    npx hardhat compile
+else
+    echo "Hardhat not configured. Compile manually:"
+    echo "  cd contracts && npx hardhat compile"
+fi
+
+# Step 3: Deploy
+echo ""
+echo "--- Step 3: Deploy to $NETWORK ---"
+if command -v npx &>/dev/null && [[ -f "hardhat.config.js" ]]; then
+    npx hardhat run scripts/deploy.js --network "$NETWORK"
+else
+    echo "Deploy script template:"
+    echo ""
+    cat <<'EOF'
+// scripts/deploy.js
+const { ethers } = require("hardhat");
+
+async function main() {
+    const Verifier = await ethers.getContractFactory("ZKReceiptVerifier");
+    const verifier = await Verifier.deploy();
+    await verifier.deployed();
+    console.log("ZKReceiptVerifier deployed to:", verifier.address);
+
+    // Verify on Etherscan (if not localhost)
+    if (network.name !== "localhost" && network.name !== "hardhat") {
+        console.log("Waiting for block confirmations...");
+        await verifier.deployTransaction.wait(5);
+        await hre.run("verify:verify", {
+            address: verifier.address,
+            constructorArguments: [],
+        });
+    }
+}
+
+main().catch((error) => {
+    console.error(error);
+    process.exitCode = 1;
+});
+EOF
+fi
+
+echo ""
+echo "=== Deployment Complete ==="

contracts/scripts/security-analysis.sh

@@ -0,0 +1,106 @@
+#!/usr/bin/env bash
+# Security analysis script for AITBC smart contracts
+# Runs Slither (static analysis) and Mythril (symbolic execution)
+#
+# Prerequisites:
+#   pip install slither-analyzer mythril
+#   npm install -g solc
+#
+# Usage:
+#   ./scripts/security-analysis.sh [--slither-only | --mythril-only]
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CONTRACTS_DIR="$(dirname "$SCRIPT_DIR")"
+REPORT_DIR="$CONTRACTS_DIR/reports"
+TIMESTAMP=$(date +%Y%m%d_%H%M%S)
+
+mkdir -p "$REPORT_DIR"
+
+echo "=== AITBC Smart Contract Security Analysis ==="
+echo "Contracts directory: $CONTRACTS_DIR"
+echo "Report directory: $REPORT_DIR"
+echo ""
+
+RUN_SLITHER=true
+RUN_MYTHRIL=true
+
+if [[ "${1:-}" == "--slither-only" ]]; then
+    RUN_MYTHRIL=false
+elif [[ "${1:-}" == "--mythril-only" ]]; then
+    RUN_SLITHER=false
+fi
+
+# --- Slither Analysis ---
+if $RUN_SLITHER; then
+    echo "--- Running Slither Static Analysis ---"
+    SLITHER_REPORT="$REPORT_DIR/slither_${TIMESTAMP}.json"
+    SLITHER_TEXT="$REPORT_DIR/slither_${TIMESTAMP}.txt"
+
+    if command -v slither &>/dev/null; then
+        echo "Analyzing ZKReceiptVerifier.sol..."
+        slither "$CONTRACTS_DIR/ZKReceiptVerifier.sol" \
+            --json "$SLITHER_REPORT" \
+            --checklist \
+            --exclude-dependencies \
+            2>&1 | tee "$SLITHER_TEXT" || true
+
+        echo ""
+        echo "Slither report saved to: $SLITHER_REPORT"
+        echo "Slither text output: $SLITHER_TEXT"
+
+        # Summary
+        if [[ -f "$SLITHER_REPORT" ]]; then
+            HIGH=$(grep -c '"impact": "High"' "$SLITHER_REPORT" 2>/dev/null || echo "0")
+            MEDIUM=$(grep -c '"impact": "Medium"' "$SLITHER_REPORT" 2>/dev/null || echo "0")
+            LOW=$(grep -c '"impact": "Low"' "$SLITHER_REPORT" 2>/dev/null || echo "0")
+            echo ""
+            echo "Slither Summary: High=$HIGH Medium=$MEDIUM Low=$LOW"
+        fi
+    else
+        echo "WARNING: slither not installed. Install with: pip install slither-analyzer"
+    fi
+    echo ""
+fi
+
+# --- Mythril Analysis ---
+if $RUN_MYTHRIL; then
+    echo "--- Running Mythril Symbolic Execution ---"
+    MYTHRIL_REPORT="$REPORT_DIR/mythril_${TIMESTAMP}.json"
+    MYTHRIL_TEXT="$REPORT_DIR/mythril_${TIMESTAMP}.txt"
+
+    if command -v myth &>/dev/null; then
+        echo "Analyzing ZKReceiptVerifier.sol..."
+        myth analyze "$CONTRACTS_DIR/ZKReceiptVerifier.sol" \
+            --solv 0.8.19 \
+            --execution-timeout 300 \
+            --max-depth 22 \
+            -o json \
+            2>&1 > "$MYTHRIL_REPORT" || true
+
+        myth analyze "$CONTRACTS_DIR/ZKReceiptVerifier.sol" \
+            --solv 0.8.19 \
+            --execution-timeout 300 \
+            --max-depth 22 \
+            -o text \
+            2>&1 | tee "$MYTHRIL_TEXT" || true
+
+        echo ""
+        echo "Mythril report saved to: $MYTHRIL_REPORT"
+        echo "Mythril text output: $MYTHRIL_TEXT"
+
+        # Summary
+        if [[ -f "$MYTHRIL_REPORT" ]]; then
+            ISSUES=$(grep -c '"swcID"' "$MYTHRIL_REPORT" 2>/dev/null || echo "0")
+            echo ""
+            echo "Mythril Summary: $ISSUES issues found"
+        fi
+    else
+        echo "WARNING: mythril not installed. Install with: pip install mythril"
+    fi
+    echo ""
+fi
+
+echo "=== Analysis Complete ==="
+echo "Reports saved in: $REPORT_DIR"