installCircuitKeysFromAssets
Install a dApp's own contract circuit keys from the APK's bundled assets into the prover's keysDir, where the local prover resolves them.
Contract keys (e.g. bboard's post/takeDown) are compactc build outputs of the dApp's .compact source — unique to that contract, hosted nowhere — so the dApp ships them inside the APK and this copies them onto device storage once. This is the contract-key counterpart to ensureWalletKeysAvailable, which provisions the protocol-level wallet keys (zswap/dust/BLS) that are shared across all dApps and downloaded from S3. Wallet keys download; contract keys bundle.
Reads every .prover/.verifier/.bzkir under assets/[assetDir].
Content-aware (not just presence-aware). A recompiled circuit ships new key bytes in the APK, but the device may already hold the OLD key from a prior install. A presence/size check can't tell them apart, so it would keep the stale key — and the local prover would then prove against an outdated verifier key the chain rejects (node error 115 / InvalidProof). This caused Kicks's revealRegulation to fail after the 0.16 recompile while commitRegulation (unchanged) kept working.
The fix verifies content. Bundled assets can only change when the APK is (re)installed, which bumps apkStamp; so:
stamp unchanged (the hot path): trust the cached copies, skip hashing.
stamp changed / absent / overwrite: SHA-256 each key against the asset and re-copy ONLY the ones whose bytes drifted (here, just the recompiled circuit's files — not the whole set).
Idempotent and self-healing: writes via temp-file + rename (never a partial key), and stamps LAST so an interrupted refresh re-verifies next launch.