@bloxchain/contracts 1.0.0-alpha.2 → 1.0.0-alpha.21

package/core/execution/lib/definitions/GuardControllerDefinitions.sol

@@ -1,9 +1,10 @@
 // SPDX-License-Identifier: MPL-2.0
-pragma solidity 0.8.33;
+pragma solidity 0.8.35;
 
 import "@openzeppelin/contracts/utils/introspection/IERC165.sol";
 import "../../../lib/EngineBlox.sol";
-import "../../../../interfaces/IDefinition.sol";
+import "../../../lib/interfaces/IDefinition.sol";
+import "../../interface/IGuardController.sol";
 
 /**
  * @title GuardControllerDefinitions
@@ -15,7 +16,7 @@ import "../../../../interfaces/IDefinition.sol";
  * and role permissions for GuardController's public execution functions.
  * 
  * Key Features:
- * - Registers all 6 GuardController public execution functions
+ * - Registers all 9 GuardController public execution functions plus 3 attached-payment policy schemas
  * - Defines role permissions for OWNER_ROLE and BROADCASTER_ROLE
  * - Supports time-delay and meta-transaction workflows
  * - Matches EngineBloxDefinitions pattern for consistency
@@ -32,10 +33,15 @@ library GuardControllerDefinitions {
     
     // Operation Type Constants
     bytes32 public constant CONTROLLER_OPERATION = keccak256("CONTROLLER_OPERATION");
+    // Guard config batch only (whitelist / register-unregister function); distinct execution operation type bitmap.
+    bytes32 public constant CONTROLLER_CONFIG_BATCH = keccak256("CONTROLLER_CONFIG_BATCH");
     
     // Function Selector Constants
-    // GuardController: executeWithTimeLock(address,bytes4,bytes,uint256,bytes32)
-    bytes4 public constant EXECUTE_WITH_TIMELOCK_SELECTOR = bytes4(keccak256("executeWithTimeLock(address,bytes4,bytes,uint256,bytes32)"));
+    // GuardController: executeWithTimeLock(address,uint256,bytes4,bytes,uint256,bytes32)
+    bytes4 public constant EXECUTE_WITH_TIMELOCK_SELECTOR = bytes4(keccak256("executeWithTimeLock(address,uint256,bytes4,bytes,uint256,bytes32)"));
+    
+    // GuardController: executeWithPayment(address,uint256,bytes4,bytes,uint256,bytes32,(address,uint256,address,uint256))
+    bytes4 public constant EXECUTE_WITH_PAYMENT_SELECTOR = bytes4(keccak256("executeWithPayment(address,uint256,bytes4,bytes,uint256,bytes32,(address,uint256,address,uint256))"));
     
     // GuardController: approveTimeLockExecution(uint256)
     bytes4 public constant APPROVE_TIMELOCK_EXECUTION_SELECTOR = bytes4(keccak256("approveTimeLockExecution(uint256)"));
@@ -43,19 +49,32 @@ library GuardControllerDefinitions {
     // GuardController: cancelTimeLockExecution(uint256)
     bytes4 public constant CANCEL_TIMELOCK_EXECUTION_SELECTOR = bytes4(keccak256("cancelTimeLockExecution(uint256)"));
     
-    // GuardController: approveTimeLockExecutionWithMetaTx(...)
-    bytes4 public constant APPROVE_TIMELOCK_EXECUTION_META_SELECTOR = bytes4(keccak256("approveTimeLockExecutionWithMetaTx((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"));
+ 
+    // GuardController: approveTimeLockExecutionWithMetaTx(EngineBlox.MetaTransaction)
+    bytes4 public constant APPROVE_TIMELOCK_EXECUTION_META_SELECTOR = bytes4(
+        keccak256(
+            "approveTimeLockExecutionWithMetaTx(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"
+        )
+    );
     
-    // GuardController: cancelTimeLockExecutionWithMetaTx(...)
-    bytes4 public constant CANCEL_TIMELOCK_EXECUTION_META_SELECTOR = bytes4(keccak256("cancelTimeLockExecutionWithMetaTx((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"));
+    // GuardController: cancelTimeLockExecutionWithMetaTx(EngineBlox.MetaTransaction)
+    bytes4 public constant CANCEL_TIMELOCK_EXECUTION_META_SELECTOR = bytes4(
+        keccak256(
+            "cancelTimeLockExecutionWithMetaTx(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"
+        )
+    );
     
-    // GuardController: requestAndApproveExecution(...)
-    bytes4 public constant REQUEST_AND_APPROVE_EXECUTION_SELECTOR = bytes4(keccak256("requestAndApproveExecution((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"));
+    // GuardController: requestAndApproveExecution(EngineBlox.MetaTransaction)
+    bytes4 public constant REQUEST_AND_APPROVE_EXECUTION_SELECTOR = bytes4(
+        keccak256(
+            "requestAndApproveExecution(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"
+        )
+    );
 
     // GuardController: guardConfigBatchRequestAndApprove(...)
     bytes4 public constant GUARD_CONFIG_BATCH_META_SELECTOR = bytes4(
         keccak256(
-            "guardConfigBatchRequestAndApprove(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"
+            "guardConfigBatchRequestAndApprove(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"
         )
     );
 
@@ -64,30 +83,12 @@ library GuardControllerDefinitions {
         bytes4(keccak256("executeGuardConfigBatch((uint8,bytes)[])"));
 
     /**
-     * @dev Action types for batched Guard configuration (matches GuardController for encoding)
-     */
-    enum GuardConfigActionType {
-        ADD_TARGET_TO_WHITELIST,
-        REMOVE_TARGET_FROM_WHITELIST,
-        REGISTER_FUNCTION,
-        UNREGISTER_FUNCTION
-    }
-
-    /**
-     * @dev Encodes a single Guard configuration action in a batch (matches GuardController for encoding)
-     */
-    struct GuardConfigAction {
-        GuardConfigActionType actionType;
-        bytes data;
-    }
-
-    /**
-     * @dev Returns predefined function schemas for GuardController execution functions
-     * @return Array of function schema definitions
+     * @dev Returns predefined function schemas for GuardController execution functions and attached-payment policy keys
+     * @return Array of function schema definitions (12 entries: 9 controller surfaces + 3 payment whitelist selectors)
      * 
      * Function schemas define:
      * - GuardController public execution functions
-     * - What operation types they belong to (CONTROLLER_OPERATION)
+     * - What operation types they belong to (CONTROLLER_OPERATION vs CONTROLLER_CONFIG_BATCH)
      * - What actions are supported (time-delay request/approve/cancel, meta-tx approve/cancel/request-and-approve)
      * - Whether they are protected
      * 
@@ -97,7 +98,7 @@ library GuardControllerDefinitions {
      * - Role permissions are defined in getRolePermissions() matching EngineBloxDefinitions pattern
      */
     function getFunctionSchemas() public pure returns (EngineBlox.FunctionSchema[] memory) {
-        EngineBlox.FunctionSchema[] memory schemas = new EngineBlox.FunctionSchema[](8);
+        EngineBlox.FunctionSchema[] memory schemas = new EngineBlox.FunctionSchema[](12);
         
         // ============ TIME-DELAY WORKFLOW ACTIONS ============
         // Request action for executeWithTimeLock
@@ -145,6 +146,9 @@ library GuardControllerDefinitions {
         requestAndApproveExecutionHandlerForSelectors[0] = REQUEST_AND_APPROVE_EXECUTION_SELECTOR;
         bytes4[] memory guardConfigBatchExecuteHandlerForSelectors = new bytes4[](1);
         guardConfigBatchExecuteHandlerForSelectors[0] = GUARD_CONFIG_BATCH_EXECUTE_SELECTOR;
+
+        bytes4[] memory executeWithPaymentHandlerForSelectors = new bytes4[](1);
+        executeWithPaymentHandlerForSelectors[0] = EXECUTE_WITH_PAYMENT_SELECTOR;
         
         // Handler selectors point to execution selectors
         bytes4[] memory guardConfigHandlerForSelectors = new bytes4[](1);
@@ -152,12 +156,14 @@ library GuardControllerDefinitions {
         
         // Schema 0: GuardController.executeWithTimeLock
         schemas[0] = EngineBlox.FunctionSchema({
-            functionSignature: "executeWithTimeLock(address,bytes4,bytes,uint256,bytes32)",
+            functionSignature: "executeWithTimeLock(address,uint256,bytes4,bytes,uint256,bytes32)",
             functionSelector: EXECUTE_WITH_TIMELOCK_SELECTOR,
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(timeDelayRequestActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: executeWithTimeLockHandlerForSelectors
         });
         
@@ -168,7 +174,9 @@ library GuardControllerDefinitions {
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(timeDelayApproveActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: approveTimeLockExecutionHandlerForSelectors
         });
         
@@ -179,51 +187,61 @@ library GuardControllerDefinitions {
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(timeDelayCancelActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: cancelTimeLockExecutionHandlerForSelectors
         });
         
         // Schema 3: GuardController.approveTimeLockExecutionWithMetaTx
         schemas[3] = EngineBlox.FunctionSchema({
-            functionSignature: "approveTimeLockExecutionWithMetaTx((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
+            functionSignature: "approveTimeLockExecutionWithMetaTx(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
             functionSelector: APPROVE_TIMELOCK_EXECUTION_META_SELECTOR,
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(metaTxApproveActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: approveTimeLockExecutionMetaHandlerForSelectors
         });
         
         // Schema 4: GuardController.cancelTimeLockExecutionWithMetaTx
         schemas[4] = EngineBlox.FunctionSchema({
-            functionSignature: "cancelTimeLockExecutionWithMetaTx((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
+            functionSignature: "cancelTimeLockExecutionWithMetaTx(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
             functionSelector: CANCEL_TIMELOCK_EXECUTION_META_SELECTOR,
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(metaTxCancelActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: cancelTimeLockExecutionMetaHandlerForSelectors
         });
         
         // Schema 5: GuardController.requestAndApproveExecution
         schemas[5] = EngineBlox.FunctionSchema({
-            functionSignature: "requestAndApproveExecution((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
+            functionSignature: "requestAndApproveExecution(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
             functionSelector: REQUEST_AND_APPROVE_EXECUTION_SELECTOR,
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(metaTxRequestApproveActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: requestAndApproveExecutionHandlerForSelectors
         });
 
         // Schema 6: GuardController.guardConfigBatchRequestAndApprove
         schemas[6] = EngineBlox.FunctionSchema({
-            functionSignature: "guardConfigBatchRequestAndApprove(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
+            functionSignature: "guardConfigBatchRequestAndApprove(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
             functionSelector: GUARD_CONFIG_BATCH_META_SELECTOR,
-            operationType: CONTROLLER_OPERATION,
-            operationName: "CONTROLLER_OPERATION",
+            operationType: CONTROLLER_CONFIG_BATCH,
+            operationName: "CONTROLLER_CONFIG_BATCH",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(metaTxRequestApproveActions),
+            enforceHandlerRelations: true,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: guardConfigHandlerForSelectors
         });
 
@@ -235,13 +253,89 @@ library GuardControllerDefinitions {
         schemas[7] = EngineBlox.FunctionSchema({
             functionSignature: "executeGuardConfigBatch((uint8,bytes)[])",
             functionSelector: GUARD_CONFIG_BATCH_EXECUTE_SELECTOR,
-            operationType: CONTROLLER_OPERATION,
-            operationName: "CONTROLLER_OPERATION",
+            operationType: CONTROLLER_CONFIG_BATCH,
+            operationName: "CONTROLLER_CONFIG_BATCH",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(guardConfigExecutionActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: guardConfigBatchExecuteHandlerForSelectors
         });
 
+        // Schema 8: GuardController.executeWithPayment (same time-delay request action as executeWithTimeLock).
+        // Default definitions intentionally omit an OWNER_ROLE FunctionPermission for this selector (minimal surface).
+        // `getGuardConfigActionSpecs()` only exposes whitelist add/remove, REGISTER_FUNCTION, and UNREGISTER_FUNCTION —
+        // there is no guard-config action to attach `executeWithPayment` to a role. Deployments that need owner-driven
+        // `executeWithPayment` must add the FunctionPermission via an RBAC batch (`ADD_FUNCTION_TO_ROLE` / encoders in
+        // `RuntimeRBACDefinitions.sol`), following that file's ordering and action constraints and the handler/schema
+        // rules in this `GuardControllerDefinitions.sol` bundle.
+        schemas[8] = EngineBlox.FunctionSchema({
+            functionSignature: "executeWithPayment(address,uint256,bytes4,bytes,uint256,bytes32,(address,uint256,address,uint256))",
+            functionSelector: EXECUTE_WITH_PAYMENT_SELECTOR,
+            operationType: CONTROLLER_OPERATION,
+            operationName: "CONTROLLER_OPERATION",
+            supportedActionsBitmap: EngineBlox.createBitmapFromActions(timeDelayRequestActions),
+            enforceHandlerRelations: false,
+            isProtected: true,
+            isGrantRevocable: false,
+            handlerForSelectors: executeWithPaymentHandlerForSelectors
+        });
+
+        // Policy-only schemas for `executeWithPayment` whitelist keys; bitmap = all TxActions so roles may grant any action if needed.
+        EngineBlox.TxAction[] memory allTxActions = new EngineBlox.TxAction[](9);
+        allTxActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_REQUEST;
+        allTxActions[1] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_APPROVE;
+        allTxActions[2] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_CANCEL;
+        allTxActions[3] = EngineBlox.TxAction.SIGN_META_REQUEST_AND_APPROVE;
+        allTxActions[4] = EngineBlox.TxAction.SIGN_META_APPROVE;
+        allTxActions[5] = EngineBlox.TxAction.SIGN_META_CANCEL;
+        allTxActions[6] = EngineBlox.TxAction.EXECUTE_META_REQUEST_AND_APPROVE;
+        allTxActions[7] = EngineBlox.TxAction.EXECUTE_META_APPROVE;
+        allTxActions[8] = EngineBlox.TxAction.EXECUTE_META_CANCEL;
+        uint16 allActionsBitmap = EngineBlox.createBitmapFromActions(allTxActions);
+
+        bytes4[] memory attachedPaymentRecipientHandlers = new bytes4[](1);
+        attachedPaymentRecipientHandlers[0] = EngineBlox.ATTACHED_PAYMENT_RECIPIENT_SELECTOR;
+        schemas[9] = EngineBlox.FunctionSchema({
+            functionSignature: "__bloxchain_attached_payment_recipient__()",
+            functionSelector: EngineBlox.ATTACHED_PAYMENT_RECIPIENT_SELECTOR,
+            operationType: keccak256(bytes("ATTACHED_PAYMENT_RECIPIENT")),
+            operationName: "ATTACHED_PAYMENT_RECIPIENT",
+            supportedActionsBitmap: allActionsBitmap,
+            enforceHandlerRelations: false,
+            isProtected: true,
+            isGrantRevocable: true,
+            handlerForSelectors: attachedPaymentRecipientHandlers
+        });
+
+        bytes4[] memory nativeTransferHandlers = new bytes4[](1);
+        nativeTransferHandlers[0] = EngineBlox.NATIVE_TRANSFER_SELECTOR;
+        schemas[10] = EngineBlox.FunctionSchema({
+            functionSignature: "__bloxchain_native_transfer__()",
+            functionSelector: EngineBlox.NATIVE_TRANSFER_SELECTOR,
+            operationType: keccak256(bytes("NATIVE_TRANSFER")),
+            operationName: "NATIVE_TRANSFER",
+            supportedActionsBitmap: allActionsBitmap,
+            enforceHandlerRelations: false,
+            isProtected: true,
+            isGrantRevocable: true,
+            handlerForSelectors: nativeTransferHandlers
+        });
+
+        bytes4[] memory erc20TransferHandlers = new bytes4[](1);
+        erc20TransferHandlers[0] = EngineBlox.ERC20_TRANSFER_SELECTOR;
+        schemas[11] = EngineBlox.FunctionSchema({
+            functionSignature: "transfer(address,uint256)",
+            functionSelector: EngineBlox.ERC20_TRANSFER_SELECTOR,
+            operationType: keccak256(bytes("ERC20_TRANSFER")),
+            operationName: "ERC20_TRANSFER",
+            supportedActionsBitmap: allActionsBitmap,
+            enforceHandlerRelations: false,
+            isProtected: true,
+            isGrantRevocable: true,
+            handlerForSelectors: erc20TransferHandlers
+        });
+
         return schemas;
     }
     
@@ -418,13 +512,81 @@ library GuardControllerDefinitions {
         });
     }
 
+    /**
+     * @dev Returns all available GuardConfig action types and their decode formats for discovery.
+     * @return actionNames Human-readable action names (same order as GuardConfigActionType enum)
+     * @return formats ABI decode format for each action's data, e.g. "(bytes4 functionSelector, address target)"
+     * @notice Use with GuardConfigActionType enum: actionNames[i] and formats[i] describe enum value i
+     */
+    function getGuardConfigActionSpecs() public pure returns (string[] memory actionNames, string[] memory formats) {
+        actionNames = new string[](4);
+        formats = new string[](4);
+
+        actionNames[0] = "ADD_TARGET_TO_WHITELIST";
+        formats[0] = "(bytes4 functionSelector, address target)";
+
+        actionNames[1] = "REMOVE_TARGET_FROM_WHITELIST";
+        formats[1] = "(bytes4 functionSelector, address target)";
+
+        actionNames[2] = "REGISTER_FUNCTION";
+        formats[2] = "(string functionSignature, string operationName, TxAction[] supportedActions)";
+
+        actionNames[3] = "UNREGISTER_FUNCTION";
+        formats[3] = "(bytes4 functionSelector, bool safeRemoval)";
+    }
+
+    // ============ GUARD CONFIG ACTION DATA ENCODERS ============
+    // Use these helpers to build action.data for each GuardConfigActionType without reading the contract.
+    // Each encoder returns bytes suitable for GuardConfigAction(actionType, data).
+
+    /**
+     * @dev Encodes data for ADD_TARGET_TO_WHITELIST. Use with GuardConfigActionType.ADD_TARGET_TO_WHITELIST.
+     * @param functionSelector Function whose whitelist is updated
+     * @param target Address to add to the whitelist
+     */
+    function encodeAddTargetToWhitelist(bytes4 functionSelector, address target) public pure returns (bytes memory) {
+        return abi.encode(functionSelector, target);
+    }
+
+    /**
+     * @dev Encodes data for REMOVE_TARGET_FROM_WHITELIST. Use with GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST.
+     * @param functionSelector Function whose whitelist is updated
+     * @param target Address to remove from the whitelist
+     */
+    function encodeRemoveTargetFromWhitelist(bytes4 functionSelector, address target) public pure returns (bytes memory) {
+        return abi.encode(functionSelector, target);
+    }
+
+    /**
+     * @dev Encodes data for REGISTER_FUNCTION. Use with GuardConfigActionType.REGISTER_FUNCTION.
+     * @param functionSignature Full function signature string (e.g. "executeWithTimeLock(address,bytes4,bytes,uint256,bytes32)")
+     * @param operationName Human-readable operation name
+     * @param supportedActions TxActions supported by this function (e.g. EXECUTE_TIME_DELAY_REQUEST)
+     */
+    function encodeRegisterFunction(
+        string memory functionSignature,
+        string memory operationName,
+        EngineBlox.TxAction[] memory supportedActions
+    ) public pure returns (bytes memory) {
+        return abi.encode(functionSignature, operationName, supportedActions);
+    }
+
+    /**
+     * @dev Encodes data for UNREGISTER_FUNCTION. Use with GuardConfigActionType.UNREGISTER_FUNCTION.
+     * @param functionSelector Selector of the function to unregister
+     * @param safeRemoval If true, `EngineBlox.unregisterFunction` reverts when **any role** still lists this selector (not a whitelist-emptiness check; whitelist/hook entries may remain).
+     */
+    function encodeUnregisterFunction(bytes4 functionSelector, bool safeRemoval) public pure returns (bytes memory) {
+        return abi.encode(functionSelector, safeRemoval);
+    }
+
     /**
      * @dev Creates execution params for a Guard configuration batch (pure helper for EngineBlox).
-     * @param actions Encoded guard configuration actions (same layout as GuardControllerDefinitions.GuardConfigAction[])
+     * @param actions Encoded guard configuration actions (same layout as IGuardController.GuardConfigAction[])
      * @return The execution params for EngineBlox
      */
     function guardConfigBatchExecutionParams(
-        GuardConfigAction[] memory actions
+        IGuardController.GuardConfigAction[] memory actions
     ) public pure returns (bytes memory) {
         return abi.encode(actions);
     }