feat: expose initiateRecoveryAgentUpdate and executeRecoveryAgentUpdate

[agentotto]

Summary

Adds three new methods to the WalletKit Authenticator:

• initiate_recovery_agent_update(new_recovery_agent) — signs an EIP-712 InitiateRecoveryAgentUpdate payload and submits it to the gateway, starting the 14-day cooldown.
• execute_recovery_agent_update() — submits the permissionless execute call to the gateway after the cooldown has elapsed.
• cancel_recovery_agent_update() — signs an EIP-712 CancelRecoveryAgentUpdate payload and submits it to the gateway, cancelling a pending update before the cooldown expires.

All three methods return the gateway request ID for status polling, following the same pattern as existing gateway operations (insert_authenticator, remove_authenticator, etc.) in world-id-core.

Changes

• Cargo.toml — world-id-core uses version = "0.7" (crates.io); Cargo.lock pins to 0.7.1.
• walletkit-core/src/authenticator/mod.rs — Store a Signer alongside CoreAuthenticator (derived from the same seed) so recovery-agent signing can be performed at the WalletKit layer. Add three new UniFFI-exported async methods: initiate_recovery_agent_update, execute_recovery_agent_update, and cancel_recovery_agent_update.
• walletkit-core/src/credential.rs — Adapt to upstream rename associated_data_hash → associated_data_commitment.

Notes

• Rebased against main (resolving conflicts with chore: bump world-id-core 0.6 → 0.7 #325 which bumped world-id-core 0.6 → 0.7).
• Switched from git dependency to crates.io release (world-id-core 0.7.1 in lockfile).
• cancel_recovery_agent_update is fully exposed via UniFFI (#[uniffi::export(async_runtime = "tokio")] impl block).
• Adapted to upstream GatewayRequestId newtype (.to_string() for the UniFFI String return type).

References

• Linear: PROTO-4429
• Upstream: feat: recovery agent management gateway endpoints world-id-protocol#589, feat: add recovery agent update methods to CoreAuthenticator world-id-protocol#602

---

Note

Medium Risk
Adds new gateway-facing APIs that can change a user’s recovery agent (including a permissionless execute), so incorrect wiring/validation could impact account recovery behavior. Changes are otherwise localized and mostly wrap world-id-core methods.

Overview
Exposes the recovery-agent update lifecycle through WalletKit’s UniFFI Authenticator: initiate_recovery_agent_update(new_recovery_agent) (EIP-712-signed), execute_recovery_agent_update() (permissionless), and cancel_recovery_agent_update() (EIP-712-signed), each returning a gateway request ID as String.

Updates dependencies by bumping world-id-* crates to 0.7.1 in Cargo.lock, and tweaks Credential docs to reflect the associated_data_commitment naming.

^{Written by Cursor Bugbot for commit e8a8e23. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: cargo world-id-core is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: walletkit-cli/Cargo.toml → cargo/world-id-core@0.7.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/world-id-core@0.7.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report