v41.0.0

[Phinetwork]

v41.0.0 — Kai Sigil-Glyph Attestation (Proof of Breath™)

This release locks in the full proof-first verification loop: anyone can verify authenticity from a URL, and only the real holder can elevate that verification into live identity control via passkeys (Face ID / Touch ID), across devices — no database trust, no accounts, no “badge theater.”

Highlights

• Kai Sigil-Glyph Attestation panel now expresses the full chain clearly: Kai-Signature → Φ-Key → Proofs → Presence.
• Public URL verification proves a glyph is authentic and attested (KAS + Groth16), without requiring login.
• Live Ownership / Identity Control is proven only via WebAuthn passkeys (Face ID / Touch ID), preventing “ownership by forwarding.”
• Cross-device continuity: the same Φ-Key can be proven on iPhone and Mac with different biometrics because the proof is the passkey, not the biometric.

---

What shipped

✅ Verification that’s real (not UI)

• KAS VERIFIED + G16 VERIFIED are now first-class, always visible, and treated as cryptographic gates — not labels.
• Proof of Breath™ resolves as an output of verification (human-origin seal affirmed), not a claim.

🔒 Identity vs Sigil-Glyph Presence (the critical separation)

You now have two independent truths displayed as separate states:

• Sigil-Glyph: Present / Not present

  • “Present” means the sigil-glyph artifact (file/payload) is physically available in the current view/context.

• Identity: Verified / Not present

  • “Verified” means the viewer produced (or presented) the required identity proof.
  • URL-only contexts can verify proofs while still showing identity as not present unless the user performs the live control step.

This is exactly the behavior you wanted: authenticity is shareable, ownership is not transferable by forwarding.

🌬️ Inhale flow upgraded

• Inhale ΦKey is the single action to “bring the sealed ΦKey into the verifier.”
• Deep payloads reliably open in Expanded Views (no cramped mobile experiences).
• Works cleanly with previously saved glyphs that include the auth signature — old seals remain verifiable forever.

🔑 Passkey-based “I am this Φ-Key” proof (FaceID / TouchID)

• The verifier now triggers platform passkey prompts keyed to the specific Φ-Key being proven.

• iOS/macOS correctly surfaces different saved credentials (“passkey for 1AjR5…” vs “passkey for 1KsFn…”) and the flow remains seamless.

• Identity verification succeeds on:

  • iPhone via Face ID
  • MacBook via Touch ID
  • …because the biometric is only the unlock gate; the proof is the cryptographic signature bound to that Φ-Key.

🧾 Proof exports & shareability (Receipt-grade)

• Proof formats are now cleanly separated and exportable:

  • KPV-1 (Proof Capsule) for the compact, portable claim
  • KVPF-1 (Proof Receipt / Frame) for the full shareable verification context (hashes, canon, verifier URL/base/slug, etc.)

• Verification links are now capable of carrying proof receipt material (the r= payload pattern) so opening a URL can hydrate the verifier state without needing a database.

🧠 ZK bundle retention for sealed payloads

• Decoding logic now retains the full ZK bundle where previously it could be trimmed, ensuring exporters can embed the original proof into manifests / SVG metadata when needed.

---

UX / Stability

• Mobile verifier remains “no-scroll” at the page level; panels scroll only when necessary.
• Effect-safe derivations: no cascading render loops / no “sync setState inside effects” behavior.
• Small polish improvements to keep iconography and controls visually centered and consistent under motion/glow styling.

---

The net result (what this release means)

You now have a verifier that can say, with zero ambiguity:

• This sigil-glyph is real (URL-only verification: integrity + attestation + ZK validity)
• This sigil-glyph is present (artifact is in-hand / in-context)
• This person controls this Φ-Key (live passkey challenge-response via FaceID/TouchID)

That trio is the difference between “verified badge UI” and verifiable reality.