Feat/upgrade kyc celo mainnet

[Tranquil-Flow]

Description

Merge in kyc mainnet deployments

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced KYC (Know Your Customer) identity registry contract with enhanced identity verification capabilities on Celo network.

• Updates

  • Upgraded IdentityVerificationHub to version 2.13.0 on Celo network with updated implementation details.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds a new IdentityRegistryKyc contract to the Celo network, upgrades IdentityVerificationHub to v2.13.0, deploys KYC registry modules and verifiers, removes PCR0Manager from deployment outputs, and updates registry configuration addresses across deployment artifacts.

Changes

Cohort / File(s)	Summary
Registry Configuration contracts/deployments/registry.json	Added IdentityRegistryKyc contract with v1.0.0 deployment to Celo; upgraded IdentityVerificationHub from v2.12.0 to v2.13.0 with new implementation address.
Deployed Addresses contracts/ignition/deployments/chain-42220/deployed_addresses.json	Added KYC registry module entries (PoseidonT3, IdentityRegistryKycImplV1, IdentityRegistry, Verifier_gcp_jwt) and verifiers (Verifier_register_kyc, Verifier_vc_and_disclose_kyc); updated UpdateAllRegistries#a3 address.
KYC Registry Module contracts/ignition/modules/registry/deployKycRegistry.ts	Removed PCR0Manager deployment (now references existing mainnet instance); updated return signature to exclude pcr0Manager property.
Registry Update Configuration contracts/ignition/modules/registry/updateRegistries.ts	Updated three registry configuration addresses: hub, gcpJWTVerifier, and pcr0Manager references for DeployKycRegistryModule#IdentityRegistry.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Upgrade/update celo sepolia hub kyc #1725 — Directly related PR that also modifies Celo deployments and ignition modules for KYC components and IdentityVerificationHub v2.13.0 upgrade.
• deploy: kyc scripts and addresses for staging #1679 — Overlapping changes to KYC registry deployment files (deployKycRegistry.ts, updateRegistries.ts) with shared module modifications.
• chore: circuits formatting 2026-02-02 #1683 — Modifies updateRegistries.ts in the same module, affecting registry address configurations and formatting.

Suggested reviewers

• remicolin
• motemotech
• 0xturboblitz

Poem

🔐 A KYC registry blooms on Celo's chain,
PCR0 steps back, verifiers remain,
Addresses align in perfect accord,
Version two-thirteen takes the board! 📜✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete; it lacks testing details and QA instructions required by the repository template.	Add 'Tested' and 'How to QA' sections explaining how deployments were validated and how to verify them on Celo mainnet.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: upgrading KYC-related contracts on Celo mainnet, which aligns with the registry and deployment updates across multiple files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/upgrade-kyc-celo-mainnet

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

contracts/deployments/registry.json (1)

155-182: ⚠️ Potential issue | 🔴 Critical

Duplicate JSON key "2.13.0" — celo-sepolia deployment data will be silently lost.

There are two "2.13.0" entries under versions.IdentityVerificationHub (lines 155 and 169). Per the JSON specification, duplicate keys have undefined behavior, and most parsers will only retain the last occurrence. This means the celo-sepolia deployment (lines 161–167) will be silently overwritten by the celo deployment (lines 174–181), losing the celo-sepolia record entirely.

Merge them into a single "2.13.0" block:

🐛 Proposed fix — merge both deployments under a single key

       "2.13.0": {
         "initializerVersion": 12,
         "initializerFunction": "",
         "changelog": "Upgrade to v2.13.0",
         "gitTag": "identityverificationhub-v2.13.0",
         "deployments": {
           "celo-sepolia": {
             "impl": "0x244c93516Abd58E1952452d3D8C4Ce7D454776B8",
             "deployedAt": "2026-02-02T14:47:21.882Z",
             "deployedBy": "0x82D8DaC3a386dec55a0a44DffBd3113e8A7D139B",
             "gitCommit": "33bca485"
-          }
-        }
-      },
-      "2.13.0": {
-        "initializerVersion": 12,
-        "initializerFunction": "",
-        "changelog": "Upgrade to v2.13.0",
-        "gitTag": "identityverificationhub-v2.13.0",
-        "deployments": {
-          "celo": {
+          },
+          "celo": {
             "impl": "0x0D911083b2F2236D79EF20bb58AAf6009a1220B5",
             "deployedAt": "2026-02-09T11:26:30.941Z",
             "deployedBy": "0xC1C860804EFdA544fe79194d1a37e60b846CEdeb",
             "gitCommit": "88ae00b1"
           }
         }
       }

🤖 Fix all issues with AI agents

In `@contracts/deployments/registry.json`:
- Around line 290-304: The IdentityRegistryKyc 1.0.0 deployment entry has empty
audit fields; populate the "gitTag" and "deployedBy" fields in the "deployments"
-> "celo" object for IdentityRegistryKyc version "1.0.0" with the correct
release tag and the deployer's identifier (e.g., CI tag or person) so the
registry.json audit trail matches other production deployments; locate the
IdentityRegistryKyc -> "1.0.0" block and update gitTag and deployedBy
accordingly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing metadata: gitTag and deployedBy are empty for the new KYC registry version.

Lines 295 and 300 have empty strings for gitTag and deployedBy. While not blocking, these fields are populated for all other production deployments in this file and serve as an audit trail for mainnet contracts.

Consider backfilling before merge.

🤖 Prompt for AI Agents

In `@contracts/deployments/registry.json` around lines 290 - 304, The
IdentityRegistryKyc 1.0.0 deployment entry has empty audit fields; populate the
"gitTag" and "deployedBy" fields in the "deployments" -> "celo" object for
IdentityRegistryKyc version "1.0.0" with the correct release tag and the
deployer's identifier (e.g., CI tag or person) so the registry.json audit trail
matches other production deployments; locate the IdentityRegistryKyc -> "1.0.0"
block and update gitTag and deployedBy accordingly.