> For the complete documentation index, see [llms.txt](https://worlddao.gitbook.io/worlddao-white-paper/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://worlddao.gitbook.io/worlddao-white-paper/advancing-decentralization/user-agent.md).

# User Agent

The user agent, i.e. the *wallet*, is what connects the user to the system and executes all user actions. It manages the user’s keys for both finance and identity. The finance part is a self-custody crypto wallet and thus permissionless. For the identity part, the user agent combines independent components into a functional system.

World App was launched as the first user agent to support the Worldcoin protocol, enabling people to get their World ID verified at an Orb and, if eligible, receive their share of WLD tokens.

Eventually, when verifying with an Orb, users should be able either to export their accounts into other wallets or to use a third-party wallet. Additionally, a World ID Wallet Kit could incorporate all the required capabilities so that other wallets could integrate World ID. This gives the user the choice of which user agent to use.

On the frontend, World ID is already available to any developer that wants to use Sybil protection in their application through the IDkit and developer portal. Users are able to use any third-party application through the World App.

<figure><img src="/files/EhwfvlZ6dtHRtW6eytau" alt=""><figcaption><p>The graph represents possible ways to increase the robustness and availability of user agents and their respective dependencies. Diversity in user agents also allows catering to the needs of specific user segments.</p></figcaption></figure>

The following sections walk through the displayed potential further improvements in more detail.

#### [Self-custodial Wallet](https://whitepaper.worldcoin.org/#self-custodial-wallet) <a href="#self-custodial-wallet" id="self-custodial-wallet"></a>

Users should be able to access and control their funds and World ID in a self-custodial and censorship-resistant way; wallets should still allow for robust recovery solutions in case users’ phones are lost or stolen. Users should also not need to have prior knowledge about blockchains or deal with lower-level blockchain fee-pricing mechanisms. Users should also be always able to switch between different wallet implementations, optimally by keeping their public-facing account address if they wish. Finally, a wallet should be extendable and designed to allow for e.g. technological upgrades. Most of this is already implemented in the World App. While a self custodial recovery solution is implemented via iCloud and GDrive, better solutions are still an active area of research and development in order to enable a more seamless user experience.

#### [Independent World ID Client](https://whitepaper.worldcoin.org/#independent-world-id-client) <a href="#independent-world-id-client" id="independent-world-id-client"></a>

There should be multiple clients for users to choose from at the time of verification at an Orb or when using World ID to receive the WLD airdrop, where available. This reduces the risk of any vulnerability affecting all users, while also helping to ensure that wallets are available (e.g. in app stores).

[**Integrity Gateway**](https://whitepaper.worldcoin.org/#integrity-gateway)

World ID Face Auth requires verifying the authenticity of the client app, because the comparison happens only locally on the user’s phone. While local computation could potentially be secured through zero-knowledge proofs and the Orb’s image is signed, the second input image has to be taken through the phone’s camera. Unless manufacturers begin attaching hardware attestations to those images, it fully relies on trusting the integrity of the phone’s hardware and software. However, those attestations already exist on an app level (e.g. [Apple App Attest](https://developer.apple.com/documentation/devicecheck/establishing_your_app_s_integrity) or [Google Play Integrity](https://developer.android.com/google/play/integrity)) and can be used as attestations. The verification of those can be handled by “gateways” that sign off on individual requests and provide onchain verifiable signatures. Those gateways would ultimately also need to be provided with a list of accepted apps, managed via governance.

[**Orb Connect**](https://whitepaper.worldcoin.org/#orb-connect)

The Orb currently relies on one-way communication with the app through the QR code and the permissioned Orb backend. To instead share more data with the user, this model could be replaced by an end-to-end encrypted connection between the app and Orb. It could not only facilitate the exchange of public keys but also the encrypted images from the Orb. This enables self-custody of images on the user’s phone and allows for future upgrades of the system without trusting an external custodian.

[**World ID Wallet Kit**](https://whitepaper.worldcoin.org/#world-id-wallet-kit)

The World App already contains all the logic for handling an Orb verification and using World ID to generate and submit proofs (such as when receiving WLD grants). This process can be made simpler and quicker for new teams building their own wallets. Wallet Kit should handle Orb Connect and establish the privileged execution environment on the phone through the integrity gateway. Importantly, it should also contain the mobile-optimized proof generation library.

#### [Multi-Wallet Infrastructure](https://whitepaper.worldcoin.org/#multi-wallet-infrastructure) <a href="#multi-wallet-infrastructure" id="multi-wallet-infrastructure"></a>

Users should be able to use World App in a fully self-custodial and censorship-resistant manner. They should also be able to switch between wallet providers. An open-source stack will enable this by making it easier for new wallets to be created. The following subsections detail milestones towards such an open-source stack.

[**ERC4337 Support**](https://whitepaper.worldcoin.org/#erc-4337-support)

User transactions in the World App are currently based on Safe transactions; the custom format makes it less likely for teams to implement and run the infrastructure around it (e.g. bundlers). ERC4337 defines a common API for smart contract wallets and allows for interoperability. There are already multiple different smart contract and bundler implementations for ERC4337, which is the fastest and most flexible way to facilitate the integration for other wallets.

[**Bundler**](https://whitepaper.worldcoin.org/#bundler)

Meta-transactions allow the batching of multiple users’ transactions and compress them permissionlessly without any sacrifices on self-custody. This significantly reduces the costs for users, with the minor downside of small additional latency. While bundlers are trustless, it’s beneficial for censorship resistance to have many of them and allow the user to switch between them. Also, the World ID proof could be combined with other proofs in a batch proof to make its usage more affordable on the Ethereum mainnet.

[**Wallet Support**](https://whitepaper.worldcoin.org/#wallet-support)

ERC4337 transactions have their own format. The client and Safe contract (and perhaps Wallet Kit) should support this standard.

[**Relayer**](https://whitepaper.worldcoin.org/#relayer)

Especially at scale, it is important for bundlers to be able to send transactions reliably. This seems to be a general-enough problem that it would benefit from a dedicated component (with optimally different implementations). A similar, currently closed-source service, is Open Zeppelin Defender.

#### [Multiple Implementations](https://whitepaper.worldcoin.org/#multiple-implementations) <a href="#multiple-implementations" id="multiple-implementations"></a>

All of the above applies here as well. Due to the requirement of establishing device integrity of the phone in order to increase the trust in local computation, supported wallet apps should be whitelisted individually. The biggest requirement for going from 1 to n wallets will be a more scalable governance process to audit and whitelist those wallets and to refresh this list from time to time. Therefore, the community should create guidelines (e.g. a requirement for open source or a code audit) for wallet providers. Ideally, integrity would be ensured by multiple public providers, not only single gateway.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://worlddao.gitbook.io/worlddao-white-paper/advancing-decentralization/user-agent.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.