High-level pipeline:

1. Request arrives at Identity / Proof API with:
   • template_id
   • identity_id
   • commitment
   • verifier_id
   • nonce
2. Policy Engine check
   • Is this verifier allowed to request this template?
   • Are additional conditions (jurisdiction, consent, MFA) required?
3. Vault data retrieval
   • Identity Service asks Vault for:
     • attribute opening(s) (never plaintext)
     • Merkle path(s) for relevant attributes
     • attributes_root for this Identity State
4. Consistency check
   • Ensure supplied attributes_root matches the one committed in the Identity State with the given identity_commitment.
5. Proof Engine execution
   • Load proof template by template_id
   • Build witness from:
     • attribute values (inside secure execution)
     • Merkle paths
     • commitment
   • Run ZK / GC / MPC protocol.
6. Output proof bundle
   • proof
   • public_inputs
   • referenced identity_commitment
   • template metadata (ID, version)
   • validity timestamps
7. Return to Agent / Verifier
   • Either via Agent (user in the loop), or directly to Verifier API.