Fix KAS verification fallback and surface ZK verified in bundles

[kojibai]

Motivation

• Receive glyphs could be marked KAS-invalid when the author-supplied bundle hash differed from recomputed hashes, causing false negatives for the same user.
• The proof bundle/receipt JSON did not explicitly surface whether Groth16 verification succeeded, making ZK validation unclear in audit outputs.

Description

• Added verifyAuthorSigWithFallback and use it to verify KAS author signatures against the author-provided challenge hash plus computed candidate hashes (bundleHashNext, rootHash, legacyHash) in src/pages/VerifyPage.tsx to avoid false negatives for receive glyphs.
• Replaced single-hash author verification calls with a candidate-hash fallback in both the embedded-bundle flow and the shared-receipt flow by aggregating unique candidate hashes and trying each.
• Surface explicit zkVerified boolean in the audit bundle (auditBundleText) and the canonical receipt (receiptJson) when Groth16 verification is present so the bundle JSON clearly indicates ZK verification status.

Testing

• No automated tests were run as part of this change.

---

Codex Task

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
phi-network-5aii	Ready	Preview, Comment	Jan 25, 2026 0:35am

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d36d86e941

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep author signature bound to computed bundle hash

Including authorSigBundleHash (decoded from authorSig.challenge) in the fallback list makes verification succeed even when the current bundle hashes don’t match the signed bundle. verifyBundleAuthorSig only checks that the signature’s challenge matches the provided hash, so passing the hash extracted from the signature validates any signature regardless of the bundle’s actual contents. That means a tampered bundle can still show “Author verified” as long as it carries any valid KAS signature. Consider removing this candidate or only accepting it if it matches the recomputed bundle hash.

Useful? React with 👍 / 👎.