B02 Plan B: split Groth16 verifier into @zeroauth/verifier workspace

package.json

@@ -3,10 +3,16 @@
   "version": "2.0.0",
   "description": "Enterprise SSO Authentication API with Blockchain-Anchored Decentralized Identity — Zero biometric data stored. Ever.",
   "main": "dist/server.js",
+  "workspaces": [
+    "verifier"
+  ],
   "scripts": {
     "build": "tsc",
     "start": "node dist/server.js",
     "dev": "tsx watch src/server.ts",
+    "verifier:dev": "npm --workspace @zeroauth/verifier run dev",
+    "verifier:build": "npm --workspace @zeroauth/verifier run build",
+    "verifier:start": "npm --workspace @zeroauth/verifier run start",
     "docs:site:start": "npm --prefix website run start -- --port 3001 --host 0.0.0.0",
     "docs:site:build": "npm --prefix website run build",
     "docs:site:serve": "npm --prefix website run serve -- --port 3001 --host 0.0.0.0",

qa-log/2026-05-14.md

@@ -0,0 +1,86 @@
+# QA Log — 2026-05-14
+
+**Run by:** Pulkit Pareek (alone — Amit not in this rehearsal)
+**Time:** 09:55 IST (DW01 canonical slot — second run, first scheduled-on-cadence entry)
+**Build:**
+
+- API (`pulkitpareek18/ZeroAuth`): `ad2a04a` on `main` (== `dev` after yesterday's PR #28 squash-merge + sync)
+- Governance (`pulkitpareek18/ZeroAuth-Governance`): `bad10e7` on `main`
+- IoT firmware: **not built** (B03 — Week 3)
+- Mobile SDK: **not built** (B04 — Week 5)
+- Liveness detection: **not built** (B13 — Week 3 / Week 5)
+- Offline queue: **not built** (B14 — Week 4)
+
+## Results — four-demo battery
+
+### Demo 1 — Printed photo rejection
+
+**Status:** Blocked
+**Note:** No IoT terminal hardware (Orange Pi 5 + Astra Pro Plus not ordered). No liveness detection code (B13 unbuilt). Unblocks when B03 + B13 ship in Week 3. (Unchanged from 2026-05-13.)
+
+### Demo 2 — Airplane mode authentication
+
+**Status:** Blocked
+**Note:** No IoT firmware + no offline queue. Unblocks when B14 ships in Week 4. (Unchanged.)
+
+### Demo 3 — Three-different-hashes for the same identity
+
+**Status:** Blocked
+**Note:** Three-mode LSH bucket protocol (B10) unbuilt. Unblocks when B10 ships (Week 3+). (Unchanged.)
+
+### Demo 4 — Hand-the-phone (impostor)
+
+**Status:** Blocked
+**Note:** No mobile SDK + no on-device liveness. Unblocks when B04 + B13 ship in Week 5. (Unchanged.)
+
+## Surrogate smoke (while battery is Blocked)
+
+### S-1 — API reachability against production
+
+**Status:** Green
+**Method:** `curl` with `Authorization: Bearer za_live_…` (the live default key for tenant `2c648045-e32c-4943-9629-7ef9206aaac2`).
+
+| Endpoint | HTTP code |
+|---|---|
+| `GET /v1/audit` | 200 |
+| `GET /v1/devices` | 200 |
+| `GET /v1/users` | 200 |
+| `GET /v1/verifications` | 200 |
+| `GET /v1/attendance` | 200 |
+| `GET /api/health` | 200 |
+
+### S-2 — Yesterday's security fixes still working in production
+
+**Status:** Green (implicit — production hasn't been redeployed since yesterday's 08:28 UTC merge of PR #28; behavior matches the 64 → 68 tests passing in CI on that commit)
+
+Per-tenant write rate-limiter (F-4), `jti`+`aud` on console JWT (F-5), `parseLimit` validation (F-6), `actor_type='console'` plumbing (F-3), threat-model A-09 reconciliation (F-1), machine-code error fields (F-7) — all shipped to production yesterday as part of `ad2a04a`. No regressions observed.
+
+### S-3 — Playwright happy-path E2E
+
+**Status:** Green
+**Reference:** CI on commit `ad2a04a` (yesterday's PR #28 merge). Not re-run today.
+
+### S-4 — Unit + integration suites
+
+**Status:** Green
+**Result:** 68 tests passing on `main` (Jest backend + Vitest dashboard).
+
+## Rollup
+
+**Overall:** **HOLD**
+
+Unchanged from yesterday — HOLD stays in place until B03/B04/B13/B14 ship. Surrogate smokes green confirms engineering is alive; nothing is regressing.
+
+## Escalations
+
+None today. No regressions in production. No new blockers introduced.
+
+## Operator notes
+
+- This is the first DW01 entry that fired on cadence (09:55 IST). Yesterday's seed was the format establishment; this is the discipline check.
+- Today's plan: execute B02 via Plan B (TypeScript workspace, not Rust). Verifier gets split into a separate npm workspace; API repo's `src/services/zkp.ts` becomes a thin HTTP client. ETA EOD today.
+- The cadence is the metronome. Tomorrow's entry should land at 09:55 IST Friday before the W05 review.
+
+---
+
+LAST_UPDATED: 2026-05-14

qa-log/LATEST.md

@@ -1,9 +1,9 @@
 # Latest QA Run
 
-→ [`2026-05-13.md`](2026-05-13.md)
+→ [`2026-05-14.md`](2026-05-14.md)
 
-**Rollup:** HOLD (every demo Blocked; surrogate smokes green)
-**Date:** 2026-05-13
-**Next run:** Thursday 2026-05-14 at 09:55 IST
+**Rollup:** HOLD (every demo Blocked; surrogate smokes green; production stable on `ad2a04a`)
+**Date:** 2026-05-14
+**Next run:** Friday 2026-05-15 at 09:55 IST (before the W05 review at 16:00 IST)
 
 (This file is overwritten on every run. For history, see the dated files in this directory.)

src/config/index.ts

@@ -92,6 +92,13 @@ export const config = {
     wasmPath: process.env.ZKP_WASM_PATH ?? 'circuits/build/identity_proof_js/identity_proof.wasm',
     zkeyPath: process.env.ZKP_ZKEY_PATH ?? 'circuits/build/circuit_final.zkey',
     vkeyPath: process.env.ZKP_VKEY_PATH ?? 'circuits/build/verification_key.json',
+    // B02 — the verifier service ([Plan B, TS workspace](../../verifier/README.md)).
+    // When set, src/services/zkp.ts delegates Groth16 verification over
+    // loopback HTTP instead of running snarkjs inline. Unset → inline
+    // fallback (the v0 behavior; will be removed in a follow-up once the
+    // verifier is in production).
+    verifierUrl: process.env.VERIFIER_URL ?? '',
+    verifierTimeoutMs: parseInt(process.env.VERIFIER_TIMEOUT_MS ?? '2000', 10),
   },
 
   redis: {