@bloxchain/contracts 1.0.0-alpha.2 → 1.0.0-alpha.20

package/core/access/interface/IRuntimeRBAC.sol

@@ -1,84 +1,55 @@
-// SPDX-License-Identifier: MPL-2.0
-pragma solidity 0.8.33;
-
-import "../../lib/EngineBlox.sol";
-
-/**
- * @title IRuntimeRBAC
- * @dev Interface for Runtime Role-Based Access Control system
- * 
- * This interface defines the functions for managing runtime roles through batch operations.
- * All role management operations are performed via the batch interface for atomic execution.
- * 
- * Key Features:
- * - Batch-based role configuration (atomic operations)
- * - Runtime function schema registration
- * - Integration with EngineBlox for secure operations
- * - Query functions for role and permission inspection
- * 
- * Note: This contract inherits from BaseStateMachine which provides additional query functions
- * such as getRole(), hasRole(), getActiveRolePermissions(), getSupportedRoles(), etc.
- */
-interface IRuntimeRBAC {
-    /**
-     * @dev Action types for batched RBAC configuration
-     */
-    enum RoleConfigActionType {
-        CREATE_ROLE,
-        REMOVE_ROLE,
-        ADD_WALLET,
-        REVOKE_WALLET,
-        ADD_FUNCTION_TO_ROLE,
-        REMOVE_FUNCTION_FROM_ROLE
-    }
-
-    /**
-     * @dev Encodes a single RBAC configuration action in a batch
-     */
-    struct RoleConfigAction {
-        RoleConfigActionType actionType;
-        bytes data;
-    }
-
-    /// @dev RBAC config changes are emitted via BaseStateMachine.ComponentEvent with functionSelector = msg.sig (executeRoleConfigBatch). Decode data as (RoleConfigActionType, bytes32 roleHash, bytes4 functionSelector).
-
-    // ============ ROLE CONFIGURATION BATCH INTERFACE ============
-
-    /**
-     * @dev Requests and approves a RBAC configuration batch using a meta-transaction
-     * @param metaTx The meta-transaction
-     * @return The transaction record
-     */
-    function roleConfigBatchRequestAndApprove(
-        EngineBlox.MetaTransaction memory metaTx
-    ) external returns (EngineBlox.TxRecord memory);
-
-    // ============ QUERY FUNCTIONS ============
-
-    /**
-     * @dev Gets function schema information
-     * @param functionSelector The function selector to get information for
-     * @return functionSignature The function signature or name
-     * @return functionSelectorReturn The function selector
-     * @return operationType The operation type
-     * @return operationName The operation name
-     * @return supportedActions The supported actions
-     * @return isProtected Whether the function schema is protected
-     */
-    function getFunctionSchema(bytes4 functionSelector) external view returns (
-        string memory functionSignature,
-        bytes4 functionSelectorReturn,
-        bytes32 operationType,
-        string memory operationName,
-        EngineBlox.TxAction[] memory supportedActions,
-        bool isProtected
-    );
-
-    /**
-     * @dev Gets all authorized wallets for a role
-     * @param roleHash The role hash to get wallets for
-     * @return Array of authorized wallet addresses
-     * @notice Requires caller to have any role (via _validateAnyRole) for privacy protection
-     */
-    function getWalletsInRole(bytes32 roleHash) external view returns (address[] memory);
-}
+// SPDX-License-Identifier: MPL-2.0
+pragma solidity 0.8.34;
+
+import "../../lib/EngineBlox.sol";
+
+/**
+ * @title IRuntimeRBAC
+ * @dev Interface for Runtime Role-Based Access Control system
+ * 
+ * This interface defines the functions for managing runtime roles through batch operations.
+ * All role management operations are performed via the batch interface for atomic execution.
+ * 
+ * Key Features:
+ * - Batch-based role configuration (atomic operations)
+ * - Role and permission management (function schema registration is handled by GuardController)
+ * - Integration with EngineBlox for secure operations
+ * - Query functions for role and permission inspection
+ * 
+ * Note: This contract inherits from BaseStateMachine which provides additional query functions
+ * such as getRole(), hasRole(), getActiveRolePermissions(), getSupportedRoles(), etc.
+ */
+interface IRuntimeRBAC {
+    /**
+     * @dev Action types for batched RBAC configuration
+     */
+    enum RoleConfigActionType {
+        CREATE_ROLE,
+        REMOVE_ROLE,
+        ADD_WALLET,
+        REVOKE_WALLET,
+        ADD_FUNCTION_TO_ROLE,
+        REMOVE_FUNCTION_FROM_ROLE
+    }
+
+    /**
+     * @dev Encodes a single RBAC configuration action in a batch
+     */
+    struct RoleConfigAction {
+        RoleConfigActionType actionType;
+        bytes data;
+    }
+
+    /// @dev RBAC config changes are emitted via BaseStateMachine.ComponentEvent with functionSelector = msg.sig (executeRoleConfigBatch). Decode data as (RoleConfigActionType, bytes32 roleHash, bytes4 functionSelector).
+
+    // ============ ROLE CONFIGURATION BATCH INTERFACE ============
+
+    /**
+     * @dev Requests and approves a RBAC configuration batch using a meta-transaction
+     * @param metaTx The meta-transaction
+     * @return The transaction ID of the applied batch
+     */
+    function roleConfigBatchRequestAndApprove(
+        EngineBlox.MetaTransaction memory metaTx
+    ) external returns (uint256);
+}

package/core/access/lib/definitions/RuntimeRBACDefinitions.sol

@@ -1,9 +1,9 @@
 // SPDX-License-Identifier: MPL-2.0
-pragma solidity 0.8.33;
+pragma solidity 0.8.34;
 
 import "@openzeppelin/contracts/utils/introspection/IERC165.sol";
 import "../../../lib/EngineBlox.sol";
-import "../../../../interfaces/IDefinition.sol";
+import "../../../lib/interfaces/IDefinition.sol";
 import "../../../access/interface/IRuntimeRBAC.sol";
 
 /**
@@ -62,6 +62,7 @@ library RuntimeRBACDefinitions {
             operationType: ROLE_CONFIG_BATCH,
             operationName: "ROLE_CONFIG_BATCH",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(metaRequestApproveActions),
+            enforceHandlerRelations: true,
             isProtected: true,
             handlerForSelectors: handlerForSelectors
         });
@@ -83,6 +84,7 @@ library RuntimeRBACDefinitions {
             operationType: ROLE_CONFIG_BATCH,
             operationName: "ROLE_CONFIG_BATCH",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(executionActions),
+            enforceHandlerRelations: false,
             isProtected: true,
             handlerForSelectors: executionHandlerForSelectors
         });
@@ -168,6 +170,95 @@ library RuntimeRBACDefinitions {
         });
     }
 
+    /**
+     * @dev Returns all available RoleConfig action types and their decode formats for discovery.
+     * @return actionNames Human-readable action names (same order as RoleConfigActionType enum)
+     * @return formats ABI decode format for each action's data, e.g. "(string roleName, uint256 maxWallets)"
+     * @notice Use with RoleConfigActionType enum: actionNames[i] and formats[i] describe enum value i
+     */
+    function getRoleConfigActionSpecs() public pure returns (string[] memory actionNames, string[] memory formats) {
+        actionNames = new string[](6);
+        formats = new string[](6);
+
+        actionNames[0] = "CREATE_ROLE";
+        formats[0] = "(string roleName, uint256 maxWallets)";
+
+        actionNames[1] = "REMOVE_ROLE";
+        formats[1] = "(bytes32 roleHash)";
+
+        actionNames[2] = "ADD_WALLET";
+        formats[2] = "(bytes32 roleHash, address wallet)";
+
+        actionNames[3] = "REVOKE_WALLET";
+        formats[3] = "(bytes32 roleHash, address wallet)";
+
+        actionNames[4] = "ADD_FUNCTION_TO_ROLE";
+        formats[4] = "(bytes32 roleHash, FunctionPermission functionPermission)";
+
+        actionNames[5] = "REMOVE_FUNCTION_FROM_ROLE";
+        formats[5] = "(bytes32 roleHash, bytes4 functionSelector)";
+    }
+
+    // ============ ROLE CONFIG ACTION DATA ENCODERS ============
+    // Use these helpers to build action.data for each RoleConfigActionType without reading the contract.
+    // Each encoder returns bytes suitable for RoleConfigAction(actionType, data).
+
+    /**
+     * @dev Encodes data for CREATE_ROLE. Use with RoleConfigActionType.CREATE_ROLE.
+     * @param roleName Name of the role to create
+     * @param maxWallets Maximum number of wallets that can be assigned to this role
+     */
+    function encodeCreateRole(string memory roleName, uint256 maxWallets) public pure returns (bytes memory) {
+        return abi.encode(roleName, maxWallets);
+    }
+
+    /**
+     * @dev Encodes data for REMOVE_ROLE. Use with RoleConfigActionType.REMOVE_ROLE.
+     * @param roleHash keccak256 hash of the role name
+     */
+    function encodeRemoveRole(bytes32 roleHash) public pure returns (bytes memory) {
+        return abi.encode(roleHash);
+    }
+
+    /**
+     * @dev Encodes data for ADD_WALLET. Use with RoleConfigActionType.ADD_WALLET.
+     * @param roleHash Role to add the wallet to
+     * @param wallet Address to assign to the role
+     */
+    function encodeAddWallet(bytes32 roleHash, address wallet) public pure returns (bytes memory) {
+        return abi.encode(roleHash, wallet);
+    }
+
+    /**
+     * @dev Encodes data for REVOKE_WALLET. Use with RoleConfigActionType.REVOKE_WALLET.
+     * @param roleHash Role to revoke the wallet from
+     * @param wallet Address to revoke
+     */
+    function encodeRevokeWallet(bytes32 roleHash, address wallet) public pure returns (bytes memory) {
+        return abi.encode(roleHash, wallet);
+    }
+
+    /**
+     * @dev Encodes data for ADD_FUNCTION_TO_ROLE. Use with RoleConfigActionType.ADD_FUNCTION_TO_ROLE.
+     * @param roleHash Role to grant the function permission to
+     * @param functionPermission FunctionPermission (functionSelector, grantedActionsBitmap, handlerForSelectors)
+     */
+    function encodeAddFunctionToRole(
+        bytes32 roleHash,
+        EngineBlox.FunctionPermission memory functionPermission
+    ) public pure returns (bytes memory) {
+        return abi.encode(roleHash, functionPermission);
+    }
+
+    /**
+     * @dev Encodes data for REMOVE_FUNCTION_FROM_ROLE. Use with RoleConfigActionType.REMOVE_FUNCTION_FROM_ROLE.
+     * @param roleHash Role to remove the function from
+     * @param functionSelector Selector of the function to remove
+     */
+    function encodeRemoveFunctionFromRole(bytes32 roleHash, bytes4 functionSelector) public pure returns (bytes memory) {
+        return abi.encode(roleHash, functionSelector);
+    }
+
     /**
      * @dev Creates execution params for a RBAC configuration batch (pure helper for EngineBlox).
      * @param actions Encoded role configuration actions (IRuntimeRBAC.RoleConfigAction[] layout)