Every app simply checks:

  1. identity_root (permanent identity anchor)
  2. state_commitment (current state snapshot)
  3. A zero-knowledge proof (from the user vault)
  4. A valid signature from a current control key

This means: