Plan mode: B02 verifier service split-out — design doc

CLAUDE.md mandates plan mode for any change to src/services/zkp.ts.
B02 is Week 2 Day 1 work; starting plan mode three days early on
Day 3 of Week 1 so Thursday morning opens with a committed plan.

The design doc lays out two paths:

- Plan A — full B02: new pulkitpareek18/ZeroAuth-Verifier Rust repo
  with arkworks Groth16, axum HTTP shell, SQLite WAL append-only
  audit with hash chain, reproducible docker buildx. Recommended.
  ~3 days of work (Thu + Fri + Mon Week 2 morning if slips).
- Plan B — TypeScript workspace inside the existing API repo:
  peel snarkjs into verifier/ with its own package.json. ~1 day.
  Lower security wins, faster delivery.
- Plan C — defer B02 to Week 2 Day 1 as the brainstorm says;
  spend Thu/Fri closing PR #22 Mediums (issue #26) and W05 prep.

The doc spells out the migration order for Plan A (Thursday
scaffold + verifier-core + verify HTTP path; Friday audit log +
hash chain + reproducible build + integration), the threat-model
deltas (canonical A-02 mitigation moves to verifier; new A-V01
through A-V05 in governance/docs/threat-model/verifier.md), test
strategy (unit + property + negative + hash-chain + reproducible-
build + API regression + E2E), risks, non-goals, and the eight
decisions Pulkit + Amit need to make at the W05 Friday review.

Default if no decision is made by EOD Wednesday: Plan C (defer).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: pulkitpareek18