iot/demo: per-Pramaan — sensor for capture+match only, host owns everything else

Previously the sensor's flash slot was load-bearing: signup wrote the
template at slot N, login did a 1:N search across the sensor's library,
and the host stored {email, slot}. That capped the demo at 1000
accounts AND meant the sensor was the source of truth for "who's
enrolled."

This refactor inverts the relationship per the patent's intent. The
sensor is reduced to two roles:

  1. capture+combine to produce the stable template (signup)
  2. 1:1 MATCH between a fresh capture and a host-supplied template
     (login)

The host owns the template, the commitment, and the proof. Capacity
is bound by disk, not by sensor flash.

sensor.ts
- downloadCharacteristic(buffer, data): DOWN_CHAR (0x09) opcode +
  followup data packets terminated by PID.END_DATA. Chunks the
  template to the sensor's configured packet size (128 B by default
  on R307). Used by the login flow to push the host's stored
  template back into buf2 right before MATCH.
- match(): MATCH (0x03) opcode. Returns {score} on CONF.OK, null on
  CONF.NOT_MATCH. R307 score range 0–300+ at security level 3; well
  above MATCH_THRESHOLD = 50 for the same finger.

crypto.ts
- biometricId() now hashes the actual template bytes, not a synthetic
  slotSeed(slot, pepper). Same Patent-Claim-3 construction, real
  biometric input.
- deriveSignals() takes templateBytes instead of {slot, pepper}. The
  pepper concept is gone — the template IS the secret. Same Poseidon
  derivation downstream.

bridge.ts
- Account schema: drops `slot`; adds `template` (base64 of the 768-byte
  R307 template). isValidAccount tightened to match.
- nextFreeSlot() deleted.
- enroll(): capture 1 → lift → capture 2 → combine → upload via
  UpChar → derive signals from templateBytes → Groth16 prove + verify
  → persist {email, template, salt, commitment, didHash,
  identityBinding, did, createdAt}. Sensor flash never written.
- authenticate(): capture fresh → imageToCharBuffer(1) → look up
  account → downloadCharacteristic(2, storedTemplate) → match() →
  if score ≥ MATCH_THRESHOLD: re-derive (using stored salt for
  determinism), prove, public-signal-check, verify. Any divergence
  between recomputed and stored public signals is treated as account
  tampering (proof_failed).
- reset(): no longer emptyDatabase()s the sensor. Host-only.
- New Phase events: uploading_template, loading_template, matching.
  Per the streaming UI's contract; old `storing` + `searching` are
  retired because neither operation happens anymore.

iot/demo/index.html
- Hero copy rewritten to describe the new flow.
- Sign-up card subtitle: "combines them into a stable template, uploads
  it to the host, derives a Poseidon commitment…"
- Log-in card subtitle: "host pushes the stored template back into the
  sensor and asks for a 1:1 match…"
- New phase handlers — uploading_template, loading_template, matching
  — all working-mood spinners with explanatory subline.
- Accounts table swaps the Slot column for DID (last 12 chars).
- Reset button + dialog updated to say "Clear all accounts" (sensor
  flash isn't being wiped because we never used it).

Tested
- typecheck clean across crypto.ts, proof.ts, sensor.ts, bridge.ts
- bridge boots, preloads Groth16 keys, opens the serial port (when the
  R307 is connected)
- Legacy {email, slot, ...} entries from the prior schema are detected
  and skipped at load time — operator re-signs up under the new schema

Author: pulkitpareek18

iot/demo/index.html

@@ -280,18 +280,19 @@ <h1>ZeroAuth — Fingerprint demo</h1>
     <section class="hero">
       <h2>Email + <em>finger</em>. That's it.</h2>
       <p>
-        Type your email, press a button, then follow the on-screen prompts.
-        The R307 captures the print, the bridge tells you exactly when to
-        place and lift your finger, and your login is bound to the slot
-        the sensor stored your template at.
+        The sensor captures, the host runs everything else. At signup we
+        upload the stable template, derive a Poseidon commitment, and
+        generate a Groth16 proof. At login we download the stored template
+        back into the sensor, ask for a 1:1 match, and re-verify the proof.
+        Capacity is bound by disk, not by the sensor's 1000-slot flash.
       </p>
     </section>
 
     <div class="grid">
 
       <div class="card">
         <h3>Sign up</h3>
-        <p>Two captures. The bridge will prompt you to place your finger, lift it, then place it again. Both scans are combined into one on-sensor template.</p>
+        <p>Two captures. The bridge combines them into a stable template, uploads it to the host, derives a Poseidon commitment, and generates + verifies a Groth16 proof.</p>
         <div>
           <label for="signup-email">Email</label>
           <input id="signup-email" type="email" placeholder="you@example.com" autocomplete="email" />
@@ -311,7 +312,7 @@ <h3>Sign up</h3>
 
       <div class="card">
         <h3>Log in</h3>
-        <p>Single capture. The sensor runs a 1:N match and we accept iff the slot it returns is the one bound to this email.</p>
+        <p>Single capture. The host pushes the stored template back into the sensor and asks for a 1:1 match; on success it re-derives the commitment and verifies the proof.</p>
         <div>
           <label for="login-email">Email</label>
           <input id="login-email" type="email" placeholder="you@example.com" autocomplete="email" />
@@ -328,15 +329,15 @@ <h3>Log in</h3>
     </div>
 
     <div class="accounts">
-      <h4>Bound accounts <span style="color:#8e8e8e">(in-memory + JSON mirror)</span></h4>
+      <h4>Bound accounts <span style="color:#8e8e8e">(host-side; sensor flash unused)</span></h4>
       <table id="accounts-table">
         <thead>
-          <tr><th>Email</th><th>Slot</th><th>Created</th></tr>
+          <tr><th>Email</th><th>DID</th><th>Created</th></tr>
         </thead>
         <tbody><tr><td class="empty" colspan="3">No accounts yet.</td></tr></tbody>
       </table>
       <div class="reset">
-        <button class="ghost" id="reset-btn">Wipe sensor + clear accounts</button>
+        <button class="ghost" id="reset-btn">Clear all accounts</button>
       </div>
     </div>
 
@@ -500,12 +501,12 @@ <h4>Bound accounts <span style="color:#8e8e8e">(in-memory + JSON mirror)</span><
               detail: '',
             });
             return;
-          case 'storing':
+          case 'uploading_template':
             renderState('signup', {
               mood: 'working',
               icon: 'i-spinner',
-              line: 'Storing template on the sensor',
-              sub: 'Almost there',
+              line: 'Uploading template to host',
+              sub: 'sensor flash untouched',
               detail: '',
             });
             renderSteps(0, 2);
@@ -593,12 +594,21 @@ <h4>Bound accounts <span style="color:#8e8e8e">(in-memory + JSON mirror)</span><
               detail: '',
             });
             return;
-          case 'searching':
+          case 'loading_template':
             renderState('login', {
               mood: 'working',
               icon: 'i-spinner',
-              line: 'Matching against stored fingerprints',
-              sub: '1:N search',
+              line: 'Pushing stored template into the sensor',
+              sub: 'down_char → buf2',
+              detail: '',
+            });
+            return;
+          case 'matching':
+            renderState('login', {
+              mood: 'working',
+              icon: 'i-spinner',
+              line: '1:1 match — fresh capture vs stored template',
+              sub: evt.score !== undefined ? `score ${evt.score}` : 'sensor side',
               detail: '',
             });
             return;
@@ -643,7 +653,7 @@ <h4>Bound accounts <span style="color:#8e8e8e">(in-memory + JSON mirror)</span><
               const explain =
                 r.reason === 'no_account'   ? 'No account bound to this email — sign up first.' :
                 r.reason === 'no_match'     ? 'Sensor did not recognise this finger.' :
-                r.reason === 'wrong_finger' ? `Matched a different account's slot${r.score ? ` (score ${r.score})` : ''}.` :
+                r.reason === 'wrong_finger' ? `Sensor refused the 1:1 match against the stored template${r.score !== undefined ? ` (score ${r.score})` : ''}.` :
                 r.reason === 'proof_failed' ? 'Groth16 verification failed — refusing to authenticate.' :
                 'Login rejected.';
               renderState('login', {
@@ -685,7 +695,7 @@ <h4>Bound accounts <span style="color:#8e8e8e">(in-memory + JSON mirror)</span><
               mood: 'error',
               icon: 'i-cross',
               line: 'This email is already signed up',
-              sub: `bound to slot ${r.data.slot}`,
+              sub: r.data.did ? `did ${r.data.did.slice(-8)}` : '',
               detail: 'Use the Log in card to sign in with your fingerprint.',
             });
             $('login-email').value = email;
@@ -721,7 +731,7 @@ <h4>Bound accounts <span style="color:#8e8e8e">(in-memory + JSON mirror)</span><
       }
 
       async function handleReset() {
-        if (!confirm('Wipe ALL templates on the sensor and clear the accounts map?')) return;
+        if (!confirm('Clear ALL host-stored accounts? The sensor flash isn\'t touched.')) return;
         signupBtn.disabled = true;
         loginBtn.disabled = true;
         resetBtn.disabled = true;
@@ -730,7 +740,7 @@ <h4>Bound accounts <span style="color:#8e8e8e">(in-memory + JSON mirror)</span><
           if (!r.ok) throw new Error(`HTTP ${r.status}`);
           resetIndicator('signup');
           resetIndicator('login');
-          renderState('signup', { mood: 'success', icon: 'i-check', line: 'Sensor wiped', sub: 'All accounts cleared', detail: '' });
+          renderState('signup', { mood: 'success', icon: 'i-check', line: 'Accounts cleared', sub: '', detail: '' });
           await refreshAccounts();
         } catch (err) {
           renderState('signup', { mood: 'error', icon: 'i-cross', line: 'Reset failed', sub: '', detail: err.message });
@@ -750,11 +760,11 @@ <h4>Bound accounts <span style="color:#8e8e8e">(in-memory + JSON mirror)</span><
             return;
           }
           tableBody.innerHTML = arr
-            .sort((a, b) => a.slot - b.slot)
+            .sort((a, b) => new Date(a.createdAt).getTime() - new Date(b.createdAt).getTime())
             .map((a) => `
               <tr>
                 <td>${escapeHtml(a.email)}</td>
-                <td>${a.slot}</td>
+                <td>${escapeHtml((a.did || '').slice(-12))}</td>
                 <td>${new Date(a.createdAt).toLocaleString()}</td>
               </tr>
             `)