feat(execution): create a package metadata object at publish time

[miker83z]

Description of change

This PR removes the previous method for verifying the authenticate functions which worked at runtime. Then, it introduces the creation of a Package Metadata immutable object during a package publishing/upgrade. Finally, it allows to use such metadata to create AuthenticatorInfoV1 instances for accounts.

Links to any relevant issues

Fixes #8861
Fixes #8862

How the change has been tested

• Basic tests (linting, compilation, formatting, unit/integration tests)
• Patch-specific tests (correctness, functionality coverage)
• I have added tests that prove my fix is effective or that my feature works
• I have checked that new and existing unit tests pass locally with my changes

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

6 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
apps-backend	Ignored	Preview		Nov 24, 2025 8:46pm
apps-ui-kit	Ignored	Preview		Nov 24, 2025 8:46pm
iota-evm-bridge	Ignored	Preview		Nov 24, 2025 8:46pm
iota-multisig-toolkit	Ignored	Preview		Nov 24, 2025 8:46pm
rebased-explorer	Ignored	Preview		Nov 24, 2025 8:46pm
wallet-dashboard	Ignored	Preview		Nov 24, 2025 8:46pm

[Dkwcs]

Correct me if I'm wrong, are there any possible exploits present in the runtime ?
We verify metadata during the publishing, but can we trust these data on 100% ?

[valeriyr]

Do we expect this change, or should it be reverted?
I see several links updated to iota-sim.

[miker83z]

I pushed the changes after running a sim test and without re-running cargo check or similar. Fixed 9fc51cc

[valeriyr]

We discussed an option of creating an account with a framework function:

public fun create_account_v1<T: key>(obj: T, info: AuthenticatorInfoV1<T>) {
    create_account_impl(obj, info)
}

So, maybe it would be better to leave the AuthenticatorInfoV1 generic parameter and not change the interface of the examples?
We don't really need to use PackageMetadataV1 here; it makes the account implementation and testing much more complex. AuthenticatorInfoV1 makes sense because we can easily limit the authenticator type that can be attached to an account.
Even if we leave the proof for a while, it will be cleaner to leave the generic parameter.

[miker83z]

To talk about

[valeriyr]

What is the reason for removing the return value?

[miker83z]

The return was introduced because drop was not used as ability for AuthenticatorInfoV1 . So, rotate_auth_info_v1 was never modified after adding drop to the abilities.

[valeriyr]

Vec can't be used here as is; we need to add validation that it doesn't contain duplicates.
There is no guarantee that it doesn't; in this struct we don't know from where this information is taken.

[miker83z]

Moved the creation up, where it is sure that the verifier was run. Then I added a check for duplicates in the verifier 6878cb6

[valeriyr]

Suggested change

	fn create_and_freeze_package_metadata_if_present(
	fn create_and_freeze_package_metadata_v1_if_present(

[miker83z]

Why? The inner logic can be easily modified to support a v2 in the future, I don't see necessary the creation of create_and_freeze_package_metadata_v2_if_present in that case.

[Dkwcs]

What did we decide about renaming this to more suitable name?
Like AuthenticatorDescriptor or similar?

[miker83z]

Should be done in a different PR!

[Dkwcs]

Is this comment useful in this context?
Could we elaborate the meaning or remove it?

[Dkwcs]

Is it should be V1 as well?

[miker83z]

Nope, this can be used without versioning as we won't have the need to have 2 different keys for 2 different versions in the future.