Installation
Installation
Section titled “Installation”ZEVM can be built from source or from release artifact jobs. Source builds use Zig package-manager pins in build.zig.zon.
Prerequisites
Section titled “Prerequisites”- Zig
0.15.2or newer (minimum_zig_versioninbuild.zig.zon) - Rust/Cargo for Voltaire’s Rust crypto archive
- Git
- Node
22or newer for TypeScript/N-API package checks
Clone And Fetch Dependencies
Section titled “Clone And Fetch Dependencies”Clone ZEVM and let Zig fetch pinned package dependencies:
mkdir -p ~/code/zevm-workspacecd ~/code/zevm-workspace
git clone git@github.com:evmts/zevm.git zevmcd zevmzig build --fetchIf you use HTTPS, replace the clone URLs accordingly.
For canonical release-metadata reproducibility, use Release Metadata Runbook.
That runbook is the authoritative phase-1 flow for selecting releaseIdentifier, validating release-tuple.json and light-default-checkpoints.json, handling metadata-invalid identifiers, and recording operator provenance.
Its default artifact output path (.ops/release-metadata/$RELEASE_IDENTIFIER/) is reused by Run Light Mode when selecting startup checkpoints from release metadata defaults.
Optional: Pin Build Inputs From Release Tuple
Section titled “Optional: Pin Build Inputs From Release Tuple”If you want a pinned source build without running the full runbook automation:
- Open the selected release on ZEVM release metadata and fetch both
release-tuple.jsonandlight-default-checkpoints.jsonfor the samereleaseIdentifier. - Check out
zevmto the pinnedzevmGitRevision;voltaireGitRevisionandguillotineMiniGitRevisionare materialized throughbuild.zig.zonURL pins. - Confirm local Zig matches tuple
zigVersionwithzig version. - Run
zig build dependency-preflight -- --voltaire-revision "$VOLTAIRE_REVISION" --guillotine-mini-revision "$GUILLOTINE_MINI_REVISION" --zig-version "$PINNED_ZIG_VERSION". - Keep
light-default-checkpoints.jsonavailable for Run Light Mode checkpoint selection.
For canonical public reproducibility claims, do not stop at tuple pinning alone; complete the full Release Metadata Runbook.
Build ZEVM
Section titled “Build ZEVM”From the zevm repository root:
zig build --fetchzig buildThe executable is installed to:
./zig-out/bin/zevmRun ZEVM
Section titled “Run ZEVM”Run the installed binary directly:
./zig-out/bin/zevmOr run through Zig’s run step and pass runtime flags after --:
zig build run -- --mode trusted --host 127.0.0.1 --port 8545Run Tests
Section titled “Run Tests”npm --prefix npm/zevm install --ignore-scriptszig build testzig build c-smokezig build npm-smokenpm --prefix npm/zevm run typecheckBuild Release Artifacts
Section titled “Build Release Artifacts”Build release-style artifacts for the selected target:
zig build release-binaries -Doptimize=ReleaseSafezig build c-ffi -Doptimize=ReleaseSafezig build npm-platform-artifacts -Doptimize=ReleaseSafeOutputs:
zig-out/dist/<target>/bin/zevmzig-out/lib/libzevm.azig-out/lib/libzevm.*zig-out/include/zevm.hzig-out/npm/prebuilds/<platform>/zevm.nodeMulti-platform releases should run those commands in an OS/architecture matrix. Voltaire’s Rust crypto archive is target-specific, so do not assume one host can produce every supported target without the matching Rust target and C toolchain.
Setup Notes
Section titled “Setup Notes”- In this docs site, phase 1 means the current public ZEVM contract: two runtime modes (
trusted,light) and HTTP JSON-RPC only (no built-in TLS/auth). build.zig.zonmust use immutable URL/hash dependency pins, not sibling path dependencies.- Align
zevm,voltaire, andguillotine-minirevisions through release tuple metadata before making reproducibility claims. - For canonical release-metadata reproducibility, follow Release Metadata Runbook end-to-end.
- If the selected
releaseIdentifierdoes not publish validrelease-tuple.jsonandlight-default-checkpoints.json, treat it as an unpublished source-build boundary in this workflow. - Phase-1 limitation: ZEVM does not expose
releaseIdentifiervia runtime JSON-RPC or CLI; keep operator provenance records for release/build identity. - ZEVM phase 1 serves JSON-RPC over plain HTTP only and does not provide built-in TLS or JSON-RPC authentication.
- Default RPC listener is
127.0.0.1:8545; binding--hostbeyond localhost exposes RPC to reachable networks. - Keep
--host 127.0.0.1unless remote access is required; if remote access is required, restrict ingress and place TLS/auth in front of ZEVM (reverse proxy or gateway).