feat: Expose authenticator management (insert, update, remove) in WalletKit

[agentotto]

Summary

Exposes authenticator management operations in WalletKit, enabling users to register, update, and remove authenticators on their World ID account.

Implementation still uses pure delegation to world-id-core for authenticator operations — WalletKit handles FFI type conversion (compressed pubkey bytes → EdDSAPublicKey, hex string → Address) and returns FFI-friendly types.

Dependency

This PR now targets the world-id-core 0.7.0 API.

Because world-id-core = "0.7.0" is not yet available on crates.io at the time of this update, WalletKit is temporarily pinned to the merged upstream world-id-protocol revision that contains PR #603:

• world-id-core = { git = "https://github.com/worldcoin/world-id-protocol", rev = "8174a6a938b569005cd42ab22baa0c25091a3935", default-features = false }

Once 0.7.0 is published, this can be switched back to the crates.io release.

Upstream API changes handled here

• insert_authenticator, update_authenticator, and remove_authenticator now return GatewayRequestId instead of String
• GatewayRequestId is an explicit newtype with Display, but no From<String> / Into<String> conversion
• Authenticator::poll_status(&self, request_id: &GatewayRequestId) is available upstream for polling operation state

WalletKit adaptation

• WalletKit FFI still returns String, so the returned GatewayRequestId is converted with .to_string() in:
  • insert_authenticator
  • update_authenticator
  • remove_authenticator
• poll_operation_status(request_id: String) remains a direct gateway HTTP call in WalletKit, which already works with the prefixed gw_... request ID string and avoids extra conversion requirements on the FFI boundary
• Credential compatibility was updated for the upstream rename from associated_data_hash to associated_data_commitment while keeping the existing WalletKit accessor stable

Changes

File	Change
Cargo.toml	Switched world-id-core to the upstream git revision containing the 0.7.0 API changes
Cargo.lock	Updated lockfile for the upstream dependency graph
walletkit-core/src/authenticator/mod.rs	Converted returned GatewayRequestId values to String for FFI
walletkit-core/src/credential.rs	Adapted to upstream associated_data_commitment field while preserving WalletKit’s associated_data_hash() accessor

Testing

• cargo build -p walletkit-core
• cargo test -p walletkit-core --lib
• cargo fmt --all

---

Note

Medium Risk
Adds new gateway-backed authenticator management APIs and request-id polling on the FFI surface, plus bumps world-id-core and related crypto deps; behavioral correctness depends on upstream semantics and proper pubkey/address parsing.

Overview
Exposes authenticator management through the WalletKit FFI by adding Authenticator::insert_authenticator, update_authenticator, remove_authenticator, and poll_operation_status, delegating to world-id-core while converting FFI-friendly inputs (hex Address strings and 32-byte compressed EdDSAPublicKey bytes) and returning request IDs as String.

Updates dependencies to world-id-core 0.7 (and lockfile bumps around taceo-oprf*) and adapts to upstream API/field changes, including renaming the credential accessor to associated_data_commitment and updating the integration test to import OprfKeyId from world-id-core. Adds unit tests covering compressed pubkey parsing and restructures storage-dependent tests into a separate module.

^{Written by Cursor Bugbot for commit b17d175. This will update automatically on new commits. Configure here.}

[Dzejkop]

/otto fix ci

[agentotto]

On it — checking CI failures now.

[agentotto]

Fixed — only failure was rustfmt (9 formatting diffs in the new code). Ran cargo fmt, verified clean, force-pushed.

[Dzejkop]

/otto fix ci

error: calling `as_bytes()` on a string literal
   --> walletkit-core/tests/proof_generation_integration.rs:246:26
    |
246 |             signal: Some("my_signal".as_bytes().to_vec()),
    |                          ^^^^^^^^^^^^^^^^^^^^^^ help: consider using a byte string literal instead: `b"my_signal"`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/rust-1.92.0/index.html#string_lit_as_bytes
    = note: `-D clippy::string-lit-as-bytes` implied by `-D clippy::nursery`
    = help: to override `-D clippy::nursery` add `#[allow(clippy::string_lit_as_bytes)]`

error: could not compile `walletkit-core` (test "proof_generation_integration") due to 1 previous error
warning: build failed, waiting for other jobs to finish...

[agentotto]

Fixed — "my_signal".as_bytes().to_vec() → b"my_signal".to_vec(). Force-pushed.

[kilianglas]

LGTM

[Dzejkop]

/otto rebase against, resolve conflicts - make sure CI passes

[agentotto]

On it — rebasing against main and resolving any conflicts now.

[agentotto]

Rebased and force-pushed. Here's what was resolved:

• Dependency conflict: branch was pointing to a git ref for world-id-core; main had moved to the published v0.6. Resolved in favour of main's version across Cargo.toml, Cargo.lock, and a trivial whitespace conflict in error.rs.
• CI fix: 4 type errors from missing & borrows on StoragePaths in test calls — fixed in authenticator/mod.rs.

All checks clean locally: cargo build ✅ cargo clippy ✅ cargo fmt ✅ cargo test (80/80) ✅

[Dzejkop]

/otto rebase & resolve conflicts

[Dzejkop]

/otto this comment is waaay too long

[Copilot]

Fixed in ff914f9 — the update_authenticator doc comment is now trimmed to a single-line summary + # Errors section only.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: cargo world-id-proof is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: ? → cargo/world-id-core@0.7.0 → cargo/world-id-proof@0.7.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/world-id-proof@0.7.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[agentotto]

All review feedback addressed in 46b637a (-231 lines, +35):

• Doc comments — insert/update/remove_authenticator trimmed to single-line summaries (with targeted #[allow(clippy::missing_errors_doc)] to keep clippy happy)
• poll_operation_status — now delegates to self.inner.poll_status(&GatewayRequestId::new(raw)) instead of direct HTTP
• Tests — both test_poll_operation_status_* tests removed
• world-id-core — switched from git rev to published "0.7.0" (Cargo.lock updated)
• Credential::associated_data_hash — renamed to associated_data_commitment, doc comment cleaned up

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[Copilot]

/otto fix ci

...

Fixed in 10f728e — "my_signal".as_bytes().to_vec() was changed to b"my_signal".to_vec(). CI is now passing.

/otto rebase against, resolve conflicts - make sure CI passes

Rebased and conflicts resolved. CI is passing at the latest commit (b17d175).

/otto rebase & resolve conflicts

Done — branch is current and CI is green at b17d175.

[paolodamico]

hmm I think this could cause a broken state, and as I think more about it, it may not be a problem with walletkit but with the protocol crate. inserting/updating/removing an authenticator alters the packed_account_data. this is saved in the CoreAuthenticator so certain subsequent operations will fail with hard to debug bugs