The Proof Engine receives:

Inputs:

1. state_commitment
2. identity_root
3. attribute(s) (only inside the vault)
4. proof template (e.g. AgeOver18)
5. policy rules
6. signing key (control key)

Outputs:

1. ZK Proof
2. Signature (control key)
3. Verifier Metadata
4. Validity Window
5. Optional Attestations from institutions

The verifier only sees the output, not the attributes.