fix: L2: Implement hash_check oracle — verify IPFS CID content integrity

[Mira-Mjodheim]

Fixes #21

FILE: oracles/hash_check.py

import hashlib
import logging
import requests
from typing import Optional

logger = logging.getLogger(__name__)

def hash_check(cid: str, ipfs_gateway_url: str) -> str:
    """
    Oracle that verifies a file's content hash matches its claimed IPFS CID.

    Args:
    - cid (str): The IPFS CID to check.
    - ipfs_gateway_url (str): The URL of the IPFS gat

## Changed Files
- `README.md`
- `oracles/hash_check.py`
- `tests/test_hash_check.py`

[abhicris]

Welcome to kcolbchain, @Mira-Mjodheim — glad you're here. 🌱

Here's what happens from this PR:

1. Our automated review looks for obvious issues (tests, secrets, size) within a couple of hours.
2. If it's clean and CI passes, we merge without back-and-forth.
3. If we need changes, we'll leave a specific comment — not a generic nit. Push another commit and we re-review.

While you wait:

• Run the repo's tests locally (see the repo README.md).
• Keep the PR scoped to one concern — bigger PRs land slower.
• Don't commit tokens or .env contents.

What happens after your first merge

• You're listed on https://kcolbchain.com/contributors/ (opt-out anytime via data/contributors-optout.txt).
• At 2+ merged PRs you're a Regular; at 5+ you're a Fellow — Fellows are the pool we invite first for paid research, partner-org gigs, and grant-funded work. Details: https://kcolbchain.com/docs/org-contribution-policy.html
• Looking for what to pick up next? https://kcolbchain.com/invitations/ lists open help-wanted / good-first-issue across every kcolbchain repo.

Thanks for writing the code. We're building this to last.

[abhicris]

🤖 Audit verdict: needs_human

Function implements IPFS CID verification incorrectly—compares raw SHA256 hex to base58-encoded CID format, guaranteeing failure for all legitimate CIDs; plus unexplained removal of substantial README documentation.

Risks flagged:

• Core logic bug: hashlib.sha256().hexdigest() (64-char hex string) is compared directly to IPFS CID parameter (e.g., 'Qm...' base58 format)—these can never match, making the oracle non-functional
• IPFS CID is a multihash structure (hash function ID + digest + metadata), not a raw SHA256 hex string; the comparison mechanism is architecturally incompatible
• Tests mocked to avoid catching the bug; no actual CID format validation occurs
• README gutted (93 lines removed): spec, architecture diagrams, contribution ladder, design principles all deleted with no justification
• PR labeled 'fix' but adds entirely new feature; scope and intent unclear for new contributor

Audited by the kcolbchain PR pipeline. See pipeline docs.