diff --git a/Cargo.lock b/Cargo.lock
index aa5b2d20..aef41222 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -6848,9 +6848,9 @@ dependencies = [
 
 [[package]]
 name = "world-id-authenticator"
-version = "0.7.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1713b3c70d6f2822f8ec0c12e313a74616fce2aa86c5cb54a991d13be5fe625"
+checksum = "511e21e8801843ef147f4a3fb84377ed1e6b4916af305cd570aec3f75b674c12"
 dependencies = [
  "alloy",
  "anyhow",
@@ -6878,9 +6878,9 @@ dependencies = [
 
 [[package]]
 name = "world-id-core"
-version = "0.7.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0f0b7dab893d2588e13b3d3a0c6259467c7079b7cbe4a41db5a6bf4a04f46be"
+checksum = "04e3b9ec6be2b4008893b2a6586e2ec36b43de3b2c9e6f86ff3470051e2c8a76"
 dependencies = [
  "taceo-eddsa-babyjubjub",
  "world-id-authenticator",
@@ -6890,9 +6890,9 @@ dependencies = [
 
 [[package]]
 name = "world-id-primitives"
-version = "0.7.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a38588112438f94966aef95559b48a0c3d4ae627c0ebc680ae4739ca0538c29"
+checksum = "d6b9b9de182db121d86f81ed3887649374fc2f0948b13a9d2347986f9d1b0dfd"
 dependencies = [
  "alloy",
  "alloy-primitives",
@@ -6927,9 +6927,9 @@ dependencies = [
 
 [[package]]
 name = "world-id-proof"
-version = "0.7.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0685fc6fcb0fef10a7caa80f7d4ac09727ee582934c2da39bdd82a423ab7abe"
+checksum = "2c42636c2db4e2252815112d733932c271bcd1fad07a9308440b0f0500b05821"
 dependencies = [
  "ark-bn254",
  "ark-ec",
diff --git a/walletkit-core/src/authenticator/mod.rs b/walletkit-core/src/authenticator/mod.rs
index 50232381..dd81f50c 100644
--- a/walletkit-core/src/authenticator/mod.rs
+++ b/walletkit-core/src/authenticator/mod.rs
@@ -230,6 +230,69 @@ impl Authenticator {
         let signature = self.inner.danger_sign_challenge(challenge)?;
         Ok(signature.as_bytes().to_vec())
     }
+
+    /// Initiates a time-locked recovery agent update (14-day cooldown).
+    ///
+    /// Signs an EIP-712 `InitiateRecoveryAgentUpdate` payload and submits it to
+    /// the gateway. Returns the gateway request ID that can be used to poll
+    /// status.
+    ///
+    /// # Arguments
+    /// * `new_recovery_agent` — the checksummed hex address of the new recovery
+    ///   agent (e.g. `"0x1234…"`).
+    ///
+    /// # Errors
+    /// - Returns [`WalletKitError::InvalidInput`] if `new_recovery_agent` is not
+    ///   a valid address.
+    /// - Returns a network error if the gateway request fails.
+    pub async fn initiate_recovery_agent_update(
+        &self,
+        new_recovery_agent: String,
+    ) -> Result<String, WalletKitError> {
+        let new_recovery_agent =
+            Address::parse_from_ffi(&new_recovery_agent, "new_recovery_agent")?;
+
+        let request_id = self
+            .inner
+            .initiate_recovery_agent_update(new_recovery_agent)
+            .await?;
+
+        Ok(request_id.to_string())
+    }
+
+    /// Executes a pending recovery agent update after the 14-day cooldown has
+    /// elapsed.
+    ///
+    /// This call is **permissionless** — no signature is required. The contract
+    /// enforces the cooldown and will revert with
+    /// `RecoveryAgentUpdateStillInCooldown` if called too early.
+    ///
+    /// Returns the gateway request ID that can be used to poll status.
+    ///
+    /// # Errors
+    /// Returns a network error if the gateway request fails.
+    pub async fn execute_recovery_agent_update(
+        &self,
+    ) -> Result<String, WalletKitError> {
+        let request_id = self.inner.execute_recovery_agent_update().await?;
+
+        Ok(request_id.to_string())
+    }
+
+    /// Cancels a pending time-locked recovery agent update before the cooldown
+    /// expires.
+    ///
+    /// Signs an EIP-712 `CancelRecoveryAgentUpdate` payload and submits it to
+    /// the gateway. Returns the gateway request ID that can be used to poll
+    /// status.
+    ///
+    /// # Errors
+    /// Returns a network error if the gateway request fails.
+    pub async fn cancel_recovery_agent_update(&self) -> Result<String, WalletKitError> {
+        let request_id = self.inner.cancel_recovery_agent_update().await?;
+
+        Ok(request_id.to_string())
+    }
 }
 
 #[cfg(not(feature = "storage"))]
diff --git a/walletkit-core/src/credential.rs b/walletkit-core/src/credential.rs
index 4b72c297..34f68e14 100644
--- a/walletkit-core/src/credential.rs
+++ b/walletkit-core/src/credential.rs
@@ -52,7 +52,9 @@ impl Credential {
         self.0.expires_at
     }
 
-    /// Returns the associated-data commitment field element for this credential.
+    /// Returns the credential's `associated_data_commitment` field element.
+    ///
+    /// The commitment scheme is issuer-defined.
     #[must_use]
     pub fn associated_data_commitment(&self) -> FieldElement {
         self.0.associated_data_commitment.into()