Add explicit proof bundle bindings and ZK statement metadata

[kojibai]

Motivation

• Make proof bundle integrity and ZK verification rules explicit so auditors and verifiers can read deterministic binding rules without recomputing implementation details.
• Surface a simple ZK statement binding (capsule + svg + domain) so public inputs are clearly documented and avoid drift across versions.

Description

• Introduce PROOF_BINDINGS, ZK_STATEMENT_BINDING, and ZK_STATEMENT_DOMAIN constants and corresponding types ProofBundleBindings and ZkStatement in src/components/KaiVoh/verifierProof.ts.
• Extend proof bundle shapes to include bindings and zkStatement (ProofBundleLike / ProofBundle), and populate these fields when building bundles in SigilModal, KaiVohApp, and pages/SigilPage/exportZip.ts so exported/embedded metadata carries the explicit rules.
• Update SVG metadata parsing in src/utils/sigilMetadata.ts to extract bindings and zkStatement from embedded proof blocks, and include them in extractProofBundleMetaFromSvg results.
• Include the new bindings / zkStatement entries in the verifier audit/receipt output in src/pages/VerifyPage.tsx so audit JSON shows the declared binding and ZK statement.

Testing

• No automated tests were run as part of this change (no CI/test commands executed).

---

Codex Task

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
phi-network-5aii	Ready	Preview, Comment	Jan 25, 2026 11:07am

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 58a38ea161

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Align ZK statement binding with actual hash inputs

The new ZK_STATEMENT_BINDING claims the public input is Poseidon(capsuleHash|svgHash|domainTag), but the code actually derives zkPoseidonHash from the payload hash (computeZkPoseidonHash(payloadHashHex) in src/utils/kai.ts:95-100, used when generating bundles e.g. SigilModal.tsx:1336-1338). Any verifier or auditor trusting this binding string will recompute the wrong public input and conclude valid bundles are invalid. Either update the binding string to reflect the payload-hash input, or change the hash derivation to match the declared statement.

Useful? React with 👍 / 👎.