swift and kotlin credential storage tests

.github/workflows/ci.yml

@@ -1,5 +1,10 @@
 name: CI
 
+# Unless we are on the main branch, the workflow should stop and yield to a new run if new code is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/main' && github.sha || github.ref }}
+  cancel-in-progress: ${{ !contains(github.ref, 'main')}}
+
 on:
   push:
     branches: [main]
@@ -17,19 +22,28 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Rust
         uses: dtolnay/rust-toolchain@master
         with:
           toolchain: 1.92.0
           components: clippy,rustfmt
 
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
       - name: Check code formatting
         run: cargo fmt -- --check
 
-      - name: Run clippy
-        run: cargo clippy --workspace --all-targets --all-features
+      - name: Run clippy (all features)
+        run: cargo clippy --workspace --all-targets --all-features -- -D warnings
+
+      - name: Run clippy (default features)
+        run: cargo clippy --workspace --all-targets -- -D warnings
+
+      - name: Run clippy (no default features)
+        run: cargo clippy --workspace --all-targets --no-default-features -- -D warnings
 
   swift-build-and-test:
     name: Swift Build & Foreign Binding Tests
@@ -39,7 +53,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Rust
         uses: dtolnay/rust-toolchain@master
@@ -53,12 +67,55 @@ jobs:
         with:
           xcode-version: "16.2"
 
-      - name: Run Swift foreign binding tests
+      # Includes temporary downstream UniFFI callback vtable patch:
+      # https://github.com/mozilla/uniffi-rs/pull/2821
+      - name: Run Swift foreign binding tests (with temporary UniFFI ASan workaround)
         run: ./swift/test_swift.sh
 
+      - name: Install SwiftLint
+        run: |
+          brew install swiftlint
+
+      - name: Lint Swift Tests
+        run: swiftlint swift/tests
+
+  kotlin-build-and-test:
+    name: Kotlin Build & Foreign Binding Tests
+    runs-on: arc-public-8xlarge-amd64-runner # uses the same runner as the release workflow to ensure consistency
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Set up Rust
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: 1.92.0
+
+      - name: Setup Java
+        uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Install ktlint
+        run: |
+          curl -sSLO https://github.com/pinterest/ktlint/releases/latest/download/ktlint &&
+          chmod a+x ktlint &&
+          sudo mv ktlint /usr/local/bin/
+
+      - name: Build and test Kotlin bindings
+        run: ./kotlin/test_kotlin.sh
+
+      - name: Lint Kotlin Tests
+        run: |
+          ktlint kotlin/walletkit-tests/src/test/kotlin
+
   test:
     name: Tests
-    runs-on: ubuntu-latest
+    runs-on: arc-public-xlarge-arm64-runner
     permissions:
       contents: read
 
@@ -71,7 +128,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Rust
         uses: dtolnay/rust-toolchain@master
@@ -85,8 +142,10 @@ jobs:
         env:
           WORLDCHAIN_SEPOLIA_RPC_URL: ${{ secrets.WORLDCHAIN_SEPOLIA_RPC_URL || 'https://worldchain-sepolia.g.alchemy.com/public' }}
           WORLDCHAIN_RPC_URL: ${{ secrets.WORLDCHAIN_RPC_URL || 'https://worldchain-mainnet.g.alchemy.com/public' }}
+        # we don't do --all-features because `compress-zkeys` is very expensive for the CI and doesn't need to be tested on every PR
+        # we add the remainder of non-default features to include them in tests
         run: |
-          cargo test --all --all-features
+          cargo test --workspace --features walletkit-core/legacy-nullifiers
 
       - name: Build non-default features
         run: |
@@ -107,12 +166,12 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - uses: EmbarkStudios/cargo-deny-action@v2
         with:
           command: check ${{ matrix.checks }}
-          rust-version: stable
+          rust-version: 1.92.0
 
   docs:
     name: Check docs
@@ -122,7 +181,7 @@ jobs:
     env:
       RUSTDOCFLAGS: -Dwarnings
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: dtolnay/rust-toolchain@nightly
       - uses: dtolnay/install@cargo-docs-rs
       - run: |

.github/workflows/initiate-release.yml

@@ -20,7 +20,7 @@ jobs:
     outputs:
       new_version: ${{ steps.version.outputs.new_version }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: main
 
@@ -29,15 +29,17 @@ jobs:
         env:
           BUMP_TYPE: ${{ github.event.inputs.bump_type }}
         run: |
-          # Get current version from Cargo.toml
-          CURRENT_VERSION=$(grep -m 1 'version = ' Cargo.toml | cut -d '"' -f 2)
+          # Get current version from workspace package in Cargo.toml
+          CURRENT_VERSION=$(cargo metadata --no-deps --format-version 1 | jq -r '.workspace_members[0]' | cut -d '#' -f2)
 
           # Ensure CURRENT_VERSION is in semantic versioning format
           if [[ ! "$CURRENT_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
               echo "CRITICAL ERROR: CURRENT_VERSION '$CURRENT_VERSION' is not in semantic versioning format (MAJOR.MINOR.PATCH)."
               exit 1
           fi
 
+          cargo metadata --no-deps --format-version 1 | jq -r '.workspace_members'
+
           # Split version into components
           IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT_VERSION"
 

.github/workflows/release.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Get new version
         id: version
@@ -56,7 +56,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ needs.pre-release-checks.outputs.commit_sha }} # to ensure all builds are consistent
 
@@ -67,15 +67,17 @@ jobs:
           targets: aarch64-apple-ios-sim,aarch64-apple-ios,x86_64-apple-ios
           components: rustfmt
 
-      - name: Build the project (iOS)
-        run: ./build_swift.sh
+      # Includes temporary downstream UniFFI callback vtable patch:
+      # https://github.com/mozilla/uniffi-rs/pull/2821
+      - name: Build the project (iOS, with temporary UniFFI ASan workaround)
+        run: ./swift/build_swift.sh
 
       - name: Compress XCFramework binary
         run: |
-          zip -r WalletKit.xcframework.zip WalletKit.xcframework
+          zip -r WalletKit.xcframework.zip swift/WalletKit.xcframework
 
       - name: Checkout swift repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: worldcoin/walletkit-swift
           token: ${{ secrets.WALLETKIT_BOT_TOKEN }}
@@ -112,11 +114,11 @@ jobs:
 
         run: |
           # Copy non-binary source files
-          cp -r Sources/ target-repo/Sources
+          cp -r swift/Sources/ target-repo/Sources
 
           # Prepare Package.swift
           brew install swiftlint
-          ./archive_swift.sh --asset-url "$ASSET_URL" --checksum "$CHECKSUM" --release-version "$NEW_VERSION"
+          ./swift/archive_swift.sh --asset-url "$ASSET_URL" --checksum "$CHECKSUM" --release-version "$NEW_VERSION"
           cp Package.swift target-repo/
 
           # Commit changes
@@ -133,8 +135,11 @@ jobs:
 
   prepare-kotlin:
     name: Prepare Kotlin
-    runs-on: ubuntu-22.04-32core
+    runs-on: arc-public-8xlarge-amd64-runner
     needs: [pre-release-checks]
+    env:
+      CARGO_HOME: /home/runner/_work/_cargo
+      RUSTUP_HOME: /home/runner/_work/_rustup
     permissions:
       contents: write # to upload artifacts
 
@@ -149,8 +154,11 @@ jobs:
           - target: i686-linux-android
 
     steps:
+      - name: Add Cargo to PATH
+        run: echo "$CARGO_HOME/bin" >> $GITHUB_PATH
+
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ needs.pre-release-checks.outputs.commit_sha }} # to ensure all builds are consistent
 
@@ -167,7 +175,7 @@ jobs:
 
       - name: Build for target
         run: |
-          CROSS_NO_WARNINGS=0 cross build -p walletkit --target ${{ matrix.settings.target }} --release --locked
+          CROSS_NO_WARNINGS=0 cross build -p walletkit --target ${{ matrix.settings.target }} --release --locked --features compress-zkeys
 
       - name: Upload artifact
         uses: actions/upload-artifact@v4
@@ -186,7 +194,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ needs.pre-release-checks.outputs.commit_sha }} # to ensure all builds are consistent
 
@@ -210,7 +218,7 @@ jobs:
 
       - name: Move artifacts
         run: |
-          mkdir -p kotlin/lib/src/main/jniLibs && cd kotlin/lib/src/main/jniLibs
+          mkdir -p kotlin/walletkit/src/main/jniLibs && cd kotlin/walletkit/src/main/jniLibs
           mkdir armeabi-v7a arm64-v8a x86 x86_64
           mv /home/runner/work/walletkit/walletkit/android-armv7-linux-androideabi/libwalletkit.so ./armeabi-v7a/libwalletkit.so
           mv /home/runner/work/walletkit/walletkit/android-aarch64-linux-android/libwalletkit.so ./arm64-v8a/libwalletkit.so
@@ -219,11 +227,11 @@ jobs:
 
       - name: Generate bindings
         working-directory: kotlin
-        run: cargo run -p uniffi-bindgen generate ./lib/src/main/jniLibs/arm64-v8a/libwalletkit.so --library --language kotlin --no-format --out-dir lib/src/main/java
+        run: cargo run -p uniffi-bindgen generate ./walletkit/src/main/jniLibs/arm64-v8a/libwalletkit.so --library --language kotlin --no-format --out-dir walletkit/src/main/java
 
       - name: Publish
         working-directory: kotlin
-        run: ./gradlew lib:publish -PversionName=${{ needs.pre-release-checks.outputs.new_version }}
+        run: ./gradlew walletkit:publish
         env:
           GITHUB_ACTOR: wld-walletkit-bot
           GITHUB_TOKEN: ${{ github.token }}
@@ -243,16 +251,13 @@ jobs:
           make_latest: true
 
       - name: Create Release in swift repo
-        uses: softprops/action-gh-release@v2
-        with:
-          repository: worldcoin/walletkit-swift
-          token: ${{ secrets.WALLETKIT_BOT_TOKEN }}
-          name: ${{ needs.pre-release-checks.outputs.new_version }}
-          tag_name: ${{ needs.pre-release-checks.outputs.new_version }}
-          body: |
-            ## Version ${{ needs.pre-release-checks.outputs.new_version }}
-            For full release notes, see the [main repo release](https://github.com/worldcoin/walletkit/releases/tag/${{ needs.pre-release-checks.outputs.new_version }}).
-          make_latest: true
+        env:
+          GH_TOKEN: ${{ secrets.WALLETKIT_BOT_TOKEN }}
+        run: |
+          gh release edit ${{ needs.pre-release-checks.outputs.new_version }} \
+            --repo worldcoin/walletkit-swift \
+            --draft=false \
+            --latest
 
   publish-to-crates-io:
     needs: [pre-release-checks, create-github-release]
@@ -264,7 +269,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ needs.pre-release-checks.outputs.commit_sha }} # to ensure all builds are consistent
 
@@ -275,7 +280,7 @@ jobs:
 
       - uses: rust-lang/crates-io-auth-action@v1
         id: auth
-          
+
       - name: Publish to crates.io
         env:
           CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}

.gitignore

@@ -12,7 +12,16 @@ target/
 # Swift build outputs are not committed to this repo.
 WalletKit.xcframework/
 Sources/
-
+swift/WalletKit.xcframework/
+swift/Sources/
+swift/ios_build/
+swift/local_build/
+swift/tests/Sources/
+swift/tests/.build/
+# Kotlin bindings and native libs
+kotlin/libs/
+kotlin/walletkit/src/main/java/uniffi/
+kotlin/walletkit-tests/build/
 .build/
 
 .env
@@ -21,4 +30,8 @@ Sources/
 cache/
 **/out/build-info
 
+# Allow storage cache module sources.
+!walletkit-core/src/storage/cache/
+!walletkit-core/src/storage/cache/**
+
 # NOTE: Cargo.lock is not ignored because it is used for FFI builds (Swift & Kotlin)

AGENTS.md

@@ -0,0 +1,5 @@
+# WalletKit Agent Guidelines
+
+## UniFFI Naming
+
+Never name a UniFFI-exported method `to_string`. UniFFI maps Rust's `to_string` to Kotlin's `toString`, which conflicts with `Any.toString()` and causes a compilation error (`'toString' hides member of supertype 'Any' and needs 'override' modifier`). Use a descriptive name instead (e.g., `to_hex_string`, `to_decimal_string`, `to_json`).

CONTRIBUTING.md

@@ -17,9 +17,9 @@ Thank you for your interest in contributing to our project! This document provid
    curl -L https://foundry.paradigm.xyz | bash
    foundryup
    ```
-3. Run tests to ensure everything is working as expected. It's important to run with `all-features` as integration tests have dependencies on non-default features.
+3. Run tests to ensure everything is working as expected. Note: `compress-zkeys` is excluded because ARK point decompression is expensive and only needed for release builds.
    ```bash
-   cargo test --all --all-features
+   cargo test --workspace
    ```
 
 ## Code of Conduct