@bloxchain/contracts 1.0.0-alpha.6 → 1.0.0

package/core/base/interface/IBaseStateMachine.sol

@@ -1,160 +1,153 @@
-// SPDX-License-Identifier: MPL-2.0
-pragma solidity 0.8.33;
-
-// Contracts imports
-import "../../lib/EngineBlox.sol";
-
-/**
- * @title IBaseStateMachine
- * @dev Interface for BaseStateMachine functionality
- */
-interface IBaseStateMachine {
-    // ============ CORE TRANSACTION MANAGEMENT ============
-    
-    /**
-     * @dev Creates meta-transaction parameters with specified values
-     * @param handlerContract The contract that will handle the meta-transaction
-     * @param handlerSelector The function selector for the handler
-     * @param action The transaction action type
-     * @param deadline The timestamp after which the meta-transaction expires
-     * @param maxGasPrice The maximum gas price allowed for execution
-     * @param signer The address that will sign the meta-transaction
-     * @return The formatted meta-transaction parameters
-     */
-    function createMetaTxParams(
-        address handlerContract,
-        bytes4 handlerSelector,
-        EngineBlox.TxAction action,
-        uint256 deadline,
-        uint256 maxGasPrice,
-        address signer
-    ) external view returns (EngineBlox.MetaTxParams memory);
-
-    /**
-     * @dev Generates an unsigned meta-transaction for a new operation
-     * @param requester The address requesting the operation
-     * @param target The target contract address
-     * @param value The ETH value to send
-     * @param gasLimit The gas limit for execution
-     * @param operationType The type of operation
-     * @param executionSelector The function selector to execute (0x00000000 for simple ETH transfers)
-     * @param executionParams The encoded parameters for the function (empty for simple ETH transfers)
-     * @param metaTxParams The meta-transaction parameters
-     * @return The unsigned meta-transaction
-     */
-    function generateUnsignedMetaTransactionForNew(
-        address requester,
-        address target,
-        uint256 value,
-        uint256 gasLimit,
-        bytes32 operationType,
-        bytes4 executionSelector,
-        bytes memory executionParams,
-        EngineBlox.MetaTxParams memory metaTxParams
-    ) external view returns (EngineBlox.MetaTransaction memory);
-
-    /**
-     * @dev Generates an unsigned meta-transaction for an existing transaction
-     * @param txId The ID of the existing transaction
-     * @param metaTxParams The meta-transaction parameters
-     * @return The unsigned meta-transaction
-     */
-    function generateUnsignedMetaTransactionForExisting(
-        uint256 txId,
-        EngineBlox.MetaTxParams memory metaTxParams
-    ) external view returns (EngineBlox.MetaTransaction memory);
-
-    // ============ STATE QUERIES ============
-
-    /**
-     * @dev Gets transaction history within a specified range
-     * @param fromTxId The starting transaction ID (inclusive)
-     * @param toTxId The ending transaction ID (inclusive)
-     * @return The transaction history within the specified range
-     */
-    function getTransactionHistory(uint256 fromTxId, uint256 toTxId) external view returns (EngineBlox.TxRecord[] memory);
-
-    /**
-     * @dev Gets a transaction by ID
-     * @param txId The transaction ID
-     * @return The transaction record
-     */
-    function getTransaction(uint256 txId) external view returns (EngineBlox.TxRecord memory);
-
-    /**
-     * @dev Gets all pending transaction IDs
-     * @return Array of pending transaction IDs
-     */
-    function getPendingTransactions() external view returns (uint256[] memory);
-
-    // ============ ROLE AND PERMISSION QUERIES ============
-
-    /**
-     * @dev Returns if a wallet is authorized for a role
-     * @param roleHash The hash of the role to check
-     * @param wallet The wallet address to check
-     * @return True if the wallet is authorized for the role, false otherwise
-     */
-    function hasRole(bytes32 roleHash, address wallet) external view returns (bool);
-
-    /**
-     * @dev Returns if an action is supported by a function
-     * @param functionSelector The function selector to check
-     * @param action The action to check
-     * @return True if the action is supported by the function, false otherwise
-     */
-    function isActionSupportedByFunction(bytes4 functionSelector, EngineBlox.TxAction action) external view returns (bool);
-
-    /**
-     * @dev Gets function schema information
-     * @param functionSelector The function selector to get information for
-     * @return The full FunctionSchema struct
-     */
-    function getFunctionSchema(bytes4 functionSelector) external view returns (EngineBlox.FunctionSchema memory);
-
-    /**
-     * @dev Gets the function permissions for a specific role
-     * @param roleHash The hash of the role to get permissions for
-     * @return The function permissions array for the role
-     */
-    function getActiveRolePermissions(bytes32 roleHash) external view returns (EngineBlox.FunctionPermission[] memory);
-
-    /**
-     * @dev Gets the current nonce for a specific signer
-     * @param signer The address of the signer
-     * @return The current nonce for the signer
-     */
-    function getSignerNonce(address signer) external view returns (uint256);
-
-    // ============ SYSTEM STATE QUERIES ============
-
-    /**
-     * @dev Returns the supported operation types
-     * @return The supported operation types
-     */
-    function getSupportedOperationTypes() external view returns (bytes32[] memory);
-
-    /**
-     * @dev Returns the supported roles list
-     * @return The supported roles list
-     */
-    function getSupportedRoles() external view returns (bytes32[] memory);
-
-    /**
-     * @dev Returns the supported functions list
-     * @return The supported functions list
-     */
-    function getSupportedFunctions() external view returns (bytes4[] memory);
-
-    /**
-     * @dev Returns the time lock period
-     * @return The time lock period in seconds
-     */
-    function getTimeLockPeriodSec() external view returns (uint256);
-
-    /**
-     * @dev Returns whether the contract is initialized
-     * @return bool True if the contract is initialized, false otherwise
-     */
-    function initialized() external view returns (bool);
-}
+// SPDX-License-Identifier: MPL-2.0
+pragma solidity 0.8.35;
+
+// Contracts imports
+import "../../lib/EngineBlox.sol";
+
+/**
+ * @title IBaseStateMachine
+ * @dev Interface for BaseStateMachine functionality
+ */
+interface IBaseStateMachine {
+    // ============ CORE TRANSACTION MANAGEMENT ============
+    
+    /**
+     * @dev Creates meta-transaction parameters with specified values
+     * @param handlerContract The contract that will handle the meta-transaction
+     * @param handlerSelector The function selector for the handler
+     * @param action The transaction action type
+     * @param deadline The timestamp after which the meta-transaction expires
+     * @param maxGasPrice The maximum gas price allowed for execution
+     * @param signer The address that will sign the meta-transaction
+     * @return The formatted meta-transaction parameters
+     */
+    function createMetaTxParams(
+        address handlerContract,
+        bytes4 handlerSelector,
+        EngineBlox.TxAction action,
+        uint256 deadline,
+        uint256 maxGasPrice,
+        address signer
+    ) external view returns (EngineBlox.MetaTxParams memory);
+
+    /**
+     * @dev Generates an unsigned meta-transaction for a new operation
+     * @param requester The address requesting the operation
+     * @param target The target contract address
+     * @param value The ETH value to send
+     * @param gasLimit The gas limit for execution
+     * @param operationType The type of operation
+     * @param executionSelector The function selector to execute (0x00000000 for simple ETH transfers)
+     * @param executionParams The encoded parameters for the function (empty for simple ETH transfers)
+     * @param metaTxParams The meta-transaction parameters
+     * @return The unsigned meta-transaction
+     */
+    function generateUnsignedMetaTransactionForNew(
+        address requester,
+        address target,
+        uint256 value,
+        uint256 gasLimit,
+        bytes32 operationType,
+        bytes4 executionSelector,
+        bytes memory executionParams,
+        EngineBlox.MetaTxParams memory metaTxParams
+    ) external view returns (EngineBlox.MetaTransaction memory);
+
+    /**
+     * @dev Generates an unsigned meta-transaction for an existing transaction
+     * @param txId The ID of the existing transaction
+     * @param metaTxParams The meta-transaction parameters
+     * @return The unsigned meta-transaction
+     */
+    function generateUnsignedMetaTransactionForExisting(
+        uint256 txId,
+        EngineBlox.MetaTxParams memory metaTxParams
+    ) external view returns (EngineBlox.MetaTransaction memory);
+
+    // ============ STATE QUERIES ============
+
+    /**
+     * @dev Gets transaction history within a specified range
+     * @param fromTxId The starting transaction ID (inclusive)
+     * @param toTxId The ending transaction ID (inclusive)
+     * @return The transaction history within the specified range
+     * @notice Empty array if there are no transactions yet, or if the clamped range does not intersect **1..txCounter**.
+     */
+    function getTransactionHistory(uint256 fromTxId, uint256 toTxId) external view returns (EngineBlox.TxRecord[] memory);
+
+    /**
+     * @dev Gets a transaction by ID
+     * @param txId The transaction ID
+     * @return The transaction record
+     */
+    function getTransaction(uint256 txId) external view returns (EngineBlox.TxRecord memory);
+
+    /**
+     * @dev Gets all pending transaction IDs
+     * @return Array of pending transaction IDs
+     */
+    function getPendingTransactions() external view returns (uint256[] memory);
+
+    // ============ ROLE AND PERMISSION QUERIES ============
+
+    /**
+     * @dev Returns if a wallet is authorized for a role
+     * @param roleHash The hash of the role to check
+     * @param wallet The wallet address to check
+     * @return True if the wallet is authorized for the role, false otherwise
+     */
+    function hasRole(bytes32 roleHash, address wallet) external view returns (bool);
+
+    /**
+     * @dev Gets function schema information
+     * @param functionSelector The function selector to get information for
+     * @return The full FunctionSchema struct
+     */
+    function getFunctionSchema(bytes4 functionSelector) external view returns (EngineBlox.FunctionSchema memory);
+
+    /**
+     * @dev Gets the function permissions for a specific role
+     * @param roleHash The hash of the role to get permissions for
+     * @return The function permissions array for the role
+     */
+    function getActiveRolePermissions(bytes32 roleHash) external view returns (EngineBlox.FunctionPermission[] memory);
+
+    /**
+     * @dev Gets the current nonce for a specific signer
+     * @param signer The address of the signer
+     * @return The current nonce for the signer
+     */
+    function getSignerNonce(address signer) external view returns (uint256);
+
+    // ============ SYSTEM STATE QUERIES ============
+
+    /**
+     * @dev Returns the supported operation types
+     * @return The supported operation types
+     */
+    function getSupportedOperationTypes() external view returns (bytes32[] memory);
+
+    /**
+     * @dev Returns the supported roles list
+     * @return The supported roles list
+     */
+    function getSupportedRoles() external view returns (bytes32[] memory);
+
+    /**
+     * @dev Returns the supported functions list
+     * @return The supported functions list
+     */
+    function getSupportedFunctions() external view returns (bytes4[] memory);
+
+    /**
+     * @dev Returns the time lock period
+     * @return The time lock period in seconds
+     */
+    function getTimeLockPeriodSec() external view returns (uint256);
+
+    /**
+     * @dev Returns whether the contract is initialized
+     * @return bool True if the contract is initialized, false otherwise
+     */
+    function initialized() external view returns (bool);
+}

package/core/execution/GuardController.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MPL-2.0
-pragma solidity 0.8.33;
+pragma solidity 0.8.35;
 
 import "../base/BaseStateMachine.sol";
 import "../lib/utils/SharedValidation.sol";
@@ -17,7 +17,6 @@ import "./interface/IGuardController.sol";
  * 
  * Key Features:
  * - Core state machine functionality from BaseStateMachine
- * - Function schema query support (functionSchemaExists)
  * - STANDARD execution type only (function selector + params)
  * - Meta-transaction support for delegated approvals and cancellations
  * - Payment management for native tokens and ERC20 tokens
@@ -33,7 +32,7 @@ import "./interface/IGuardController.sol";
  * 
  * Usage Flow:
  * 1. Deploy GuardController (or combine with RuntimeRBAC/SecureOwnable for role management)
- * 2. Function schemas should be registered via definitions or RuntimeRBAC if combined
+ * 2. Function schemas are registered via definitions at init or via GuardController guard config batch (REGISTER_FUNCTION)
  * 3. Create roles and assign function permissions with action bitmaps (via RuntimeRBAC if combined)
  * 4. Assign wallets to roles (via RuntimeRBAC if combined)
      * 5. Configure target whitelists per function selector (REQUIRED for execution)
@@ -51,7 +50,7 @@ import "./interface/IGuardController.sol";
  * - getAllowedTargets: Query whitelisted targets for a function selector
  * 
  * @notice This contract is modular and can be combined with RuntimeRBAC and SecureOwnable
- * @notice Target whitelist is a GuardController-specific security feature, not part of EngineBlox library
+ * @notice Target whitelist **state** is enforced by **EngineBlox** (`_validateTargetWhitelist`); GuardController configures it via guard batches. Public execute paths here also apply **`_validateNotInternalFunction`**: self-target is limited to **macro** selectors unless extended by inheritors.
  * @custom:security-contact security@particlecrypto.com
  */
 abstract contract GuardController is BaseStateMachine {
@@ -72,18 +71,15 @@ abstract contract GuardController is BaseStateMachine {
         uint256 timeLockPeriodSec,
         address eventForwarder
     ) public virtual onlyInitializing {
-        // Initialize base state machine (only if not already initialized)
-        if (!_secureState.initialized) {
-            _initializeBaseStateMachine(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-        }
-        
+        _initializeBaseStateMachine(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
+
         // Load GuardController-specific definitions
         IDefinition.RolePermission memory guardControllerPermissions = GuardControllerDefinitions.getRolePermissions();
         _loadDefinitions(
             GuardControllerDefinitions.getFunctionSchemas(),
             guardControllerPermissions.roleHashes,
             guardControllerPermissions.functionPermissions,
-            true // Allow protected schemas for factory settings
+            true // Enforce all function schemas are protected
         );
     }
 
@@ -102,7 +98,7 @@ abstract contract GuardController is BaseStateMachine {
     /**
      * @dev Requests a time-locked execution via EngineBlox workflow
      * @param target The address of the target contract
-     * @param value The ETH value to send (0 for standard function calls)
+     * @param value The ETH value to send (typically 0 for standard function calls; non-zero is supported for payable edge-case workflows)
      * @param functionSelector The function selector to execute (NATIVE_TRANSFER_SELECTOR for simple native token transfers)
      * @param params The encoded parameters for the function (empty for simple native token transfers)
      * @param gasLimit The gas limit for execution
@@ -110,8 +106,9 @@ abstract contract GuardController is BaseStateMachine {
      * @return txId The transaction ID for the requested operation
      * @notice Creates a time-locked transaction that must be approved after the timelock period
      * @notice Requires EXECUTE_TIME_DELAY_REQUEST permission for the function selector
-     * @notice For standard function calls: value=0, functionSelector=non-zero, params=encoded data
-     * @notice For simple native token transfers: value>0, functionSelector=NATIVE_TRANSFER_SELECTOR, params=""
+     * @notice Recommended standard calls: value=0, functionSelector=non-zero, params=encoded data
+     * @notice Flexible edge case: non-native selectors may intentionally forward ETH to payable targets
+     * @notice Native-only convenience flow: value>0, functionSelector=NATIVE_TRANSFER_SELECTOR, params=""
      */
     function executeWithTimeLock(
         address target,
@@ -140,7 +137,7 @@ abstract contract GuardController is BaseStateMachine {
     /**
      * @dev Requests a time-locked execution with payment details attached (same permissions as executeWithTimeLock)
      * @param target The address of the target contract
-     * @param value The ETH value to send (0 for standard function calls)
+     * @param value The ETH value to send (typically 0 for standard function calls; non-zero is supported for payable edge-case workflows)
      * @param functionSelector The function selector to execute (NATIVE_TRANSFER_SELECTOR for simple native token transfers)
      * @param params The encoded parameters for the function (empty for simple native token transfers)
      * @param gasLimit The gas limit for execution
@@ -177,7 +174,7 @@ abstract contract GuardController is BaseStateMachine {
     /**
      * @dev Approves and executes a time-locked transaction
      * @param txId The transaction ID
-     * @return result The execution result
+     * @return txId The transaction ID
      * @notice Requires STANDARD execution type and EXECUTE_TIME_DELAY_APPROVE permission for the execution function
      */
     function approveTimeLockExecution(
@@ -195,7 +192,7 @@ abstract contract GuardController is BaseStateMachine {
     /**
      * @dev Cancels a time-locked transaction
      * @param txId The transaction ID
-     * @return The updated transaction record
+     * @return The transaction ID
      * @notice Requires STANDARD execution type and EXECUTE_TIME_DELAY_CANCEL permission for the execution function
      */
     function cancelTimeLockExecution(
@@ -213,7 +210,7 @@ abstract contract GuardController is BaseStateMachine {
     /**
      * @dev Approves a time-locked transaction using a meta-transaction
      * @param metaTx The meta-transaction containing the transaction record and signature
-     * @return The updated transaction record
+     * @return The transaction ID
      * @notice Requires STANDARD execution type and EXECUTE_META_APPROVE permission for the execution function
      */
     function approveTimeLockExecutionWithMetaTx(
@@ -230,7 +227,7 @@ abstract contract GuardController is BaseStateMachine {
     /**
      * @dev Cancels a time-locked transaction using a meta-transaction
      * @param metaTx The meta-transaction containing the transaction record and signature
-     * @return The updated transaction record
+     * @return The transaction ID
      * @notice Requires STANDARD execution type and EXECUTE_META_CANCEL permission for the execution function
      */
     function cancelTimeLockExecutionWithMetaTx(
@@ -247,7 +244,7 @@ abstract contract GuardController is BaseStateMachine {
     /**
      * @dev Requests and approves a transaction in one step using a meta-transaction
      * @param metaTx The meta-transaction containing the transaction record and signature
-     * @return The transaction record after request and approval
+     * @return The transaction ID
      * @notice Requires STANDARD execution type
      * @notice Validates function schema and permissions for the execution function (same as executeWithTimeLock)
      * @notice Requires EXECUTE_META_REQUEST_AND_APPROVE permission for the execution function selector
@@ -278,9 +275,8 @@ abstract contract GuardController is BaseStateMachine {
      * @param functionSelector The function selector to validate
      * @notice Internal functions use validateInternalCallInternal and should only be called
      *         through the contract's own workflow, not via GuardController
-     * @notice Blocks all calls to address(this) to prevent bypassing internal-only protection
-     * @notice Exception: System macro selectors (e.g., NATIVE_TRANSFER_SELECTOR) are allowed
-     *         to target address(this) for system-level operations like native token deposits
+     * @notice Complements `EngineBlox._validateTargetWhitelist`, which **allows** `target == address(this)` for registered selectors so internal execution does not require listing `address(this)` on every whitelist. This helper **narrows GuardController’s surface**: self-target is rejected unless `functionSelector` is a **system macro** selector.
+     * @notice Exception path: macro selectors (e.g. `NATIVE_TRANSFER_SELECTOR`) may target `address(this)` for system-level operations such as native token flows.
      */
     function _validateNotInternalFunction(
         address target,
@@ -308,13 +304,19 @@ abstract contract GuardController is BaseStateMachine {
     /**
      * @dev Requests and approves a Guard configuration batch using a meta-transaction
      * @param metaTx The meta-transaction
-     * @return The transaction record
+     * @return The transaction ID
      * @notice OWNER signs, BROADCASTER executes according to GuardControllerDefinitions
      */
     function guardConfigBatchRequestAndApprove(
         EngineBlox.MetaTransaction memory metaTx
     ) public returns (uint256) {
         _validateBroadcaster(msg.sender);
+        SharedValidation.validateEmptyPayment(
+            metaTx.txRecord.payment.recipient,
+            metaTx.txRecord.payment.nativeTokenAmount,
+            metaTx.txRecord.payment.erc20TokenAddress,
+            metaTx.txRecord.payment.erc20TokenAmount
+        );
         EngineBlox.TxRecord memory txRecord = _requestAndApproveTransaction(metaTx);
         return txRecord.txId;
     }
@@ -341,41 +343,13 @@ abstract contract GuardController is BaseStateMachine {
             IGuardController.GuardConfigAction calldata action = actions[i];
 
             if (action.actionType == IGuardController.GuardConfigActionType.ADD_TARGET_TO_WHITELIST) {
-                // Decode ADD_TARGET_TO_WHITELIST action data
-                // Format: (bytes4 functionSelector, address target)
-                (bytes4 functionSelector, address target) = abi.decode(action.data, (bytes4, address));
-
-                _addTargetToFunctionWhitelist(functionSelector, target);
-
-                _logComponentEvent(_encodeGuardConfigEvent(IGuardController.GuardConfigActionType.ADD_TARGET_TO_WHITELIST, functionSelector, target));
+                _executeAddTargetToWhitelist(action.data);
             } else if (action.actionType == IGuardController.GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST) {
-                // Decode REMOVE_TARGET_FROM_WHITELIST action data
-                // Format: (bytes4 functionSelector, address target)
-                (bytes4 functionSelector, address target) = abi.decode(action.data, (bytes4, address));
-
-                _removeTargetFromFunctionWhitelist(functionSelector, target);
-
-                _logComponentEvent(_encodeGuardConfigEvent(IGuardController.GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST, functionSelector, target));
+                _executeRemoveTargetFromWhitelist(action.data);
             } else if (action.actionType == IGuardController.GuardConfigActionType.REGISTER_FUNCTION) {
-                // Decode REGISTER_FUNCTION action data
-                // Format: (string functionSignature, string operationName, TxAction[] supportedActions)
-                (
-                    string memory functionSignature,
-                    string memory operationName,
-                    EngineBlox.TxAction[] memory supportedActions
-                ) = abi.decode(action.data, (string, string, EngineBlox.TxAction[]));
-
-                bytes4 functionSelector = _registerFunction(functionSignature, operationName, supportedActions);
-
-                _logComponentEvent(_encodeGuardConfigEvent(IGuardController.GuardConfigActionType.REGISTER_FUNCTION, functionSelector, address(0)));
+                _executeRegisterFunction(action.data);
             } else if (action.actionType == IGuardController.GuardConfigActionType.UNREGISTER_FUNCTION) {
-                // Decode UNREGISTER_FUNCTION action data
-                // Format: (bytes4 functionSelector, bool safeRemoval)
-                (bytes4 functionSelector, bool safeRemoval) = abi.decode(action.data, (bytes4, bool));
-
-                _unregisterFunction(functionSelector, safeRemoval);
-
-                _logComponentEvent(_encodeGuardConfigEvent(IGuardController.GuardConfigActionType.UNREGISTER_FUNCTION, functionSelector, address(0)));
+                _executeUnregisterFunction(action.data);
             } else {
                 revert SharedValidation.NotSupported();
             }
@@ -383,14 +357,62 @@ abstract contract GuardController is BaseStateMachine {
     }
 
     /**
-     * @dev Encodes guard config event payload for ComponentEvent. Decode as (GuardConfigActionType, bytes4 functionSelector, address target).
+     * @dev Executes ADD_TARGET_TO_WHITELIST: adds a target address to a function's call whitelist
+     * @param data ABI-encoded (bytes4 functionSelector, address target)
+     */
+    function _executeAddTargetToWhitelist(bytes calldata data) internal {
+        (bytes4 functionSelector, address target) = abi.decode(data, (bytes4, address));
+        _addTargetToWhitelist(functionSelector, target);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.ADD_TARGET_TO_WHITELIST, functionSelector, target);
+    }
+
+    /**
+     * @dev Executes REMOVE_TARGET_FROM_WHITELIST: removes a target address from a function's call whitelist
+     * @param data ABI-encoded (bytes4 functionSelector, address target)
      */
-    function _encodeGuardConfigEvent(
+    function _executeRemoveTargetFromWhitelist(bytes calldata data) internal {
+        (bytes4 functionSelector, address target) = abi.decode(data, (bytes4, address));
+        _removeTargetFromWhitelist(functionSelector, target);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST, functionSelector, target);
+    }
+
+    /**
+     * @dev Executes REGISTER_FUNCTION: registers a new function schema with signature, operation name, and supported actions
+     * @param data ABI-encoded (string functionSignature, string operationName, TxAction[] supportedActions)
+     */
+    function _executeRegisterFunction(bytes calldata data) internal {
+        (
+            string memory functionSignature,
+            string memory operationName,
+            EngineBlox.TxAction[] memory supportedActions
+        ) = abi.decode(data, (string, string, EngineBlox.TxAction[]));
+
+        bytes4 functionSelector = _registerGuardedFunction(functionSignature, operationName, supportedActions);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.REGISTER_FUNCTION, functionSelector, address(0));
+    }
+
+    /**
+     * @dev Executes UNREGISTER_FUNCTION: unregisters a function schema by selector
+     * @param data ABI-encoded (bytes4 functionSelector, bool safeRemoval)
+     */
+    function _executeUnregisterFunction(bytes calldata data) internal {
+        (bytes4 functionSelector, bool safeRemoval) = abi.decode(data, (bytes4, bool));
+        _unregisterFunction(functionSelector, safeRemoval);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.UNREGISTER_FUNCTION, functionSelector, address(0));
+    }
+
+    /**
+     * @dev Encodes and logs a guard config event via ComponentEvent. Payload decodes as (GuardConfigActionType, bytes4 functionSelector, address target).
+     * @param actionType The guard config action type
+     * @param functionSelector The function selector (or zero for N/A)
+     * @param target The target address (or zero for N/A)
+     */
+    function _logGuardConfigEvent(
         IGuardController.GuardConfigActionType actionType,
         bytes4 functionSelector,
         address target
-    ) internal pure returns (bytes memory) {
-        return abi.encode(actionType, functionSelector, target);
+    ) internal {
+        _logComponentEvent(abi.encode(actionType, functionSelector, target));
     }
 
     // ============ INTERNAL FUNCTION SCHEMA HELPERS ============
@@ -402,7 +424,7 @@ abstract contract GuardController is BaseStateMachine {
      * @param supportedActions Array of supported actions
      * @return functionSelector The derived function selector
      */
-    function _registerFunction(
+    function _registerGuardedFunction(
         string memory functionSignature,
         string memory operationName,
         EngineBlox.TxAction[] memory supportedActions
@@ -415,27 +437,19 @@ abstract contract GuardController is BaseStateMachine {
 
         // Create function schema directly (always non-protected)
         // Dynamically registered functions are execution selectors (handlerForSelectors must contain self-reference)
-        // EngineBlox.createFunctionSchema validates schema doesn't already exist (ResourceAlreadyExists)
-        bytes4[] memory executionHandlerForSelectors = new bytes4[](1);
-        executionHandlerForSelectors[0] = functionSelector; // Self-reference for execution selector
-        _createFunctionSchema(
+        // EngineBlox.registerFunction validates schema doesn't already exist (ResourceAlreadyExists)
+        bytes4[] memory executionHandlers = new bytes4[](1);
+        executionHandlers[0] = functionSelector; // Self-reference for execution selector
+        _registerFunction(
             functionSignature,
             functionSelector,
             operationName,
             supportedActionsBitmap,
+            true, // enforceHandlerRelations for dynamically registered execution selectors
             false, // isProtected = false for dynamically registered functions
-            executionHandlerForSelectors // handlerForSelectors with self-reference for execution selectors
+            true, // isGrantRevocable: dynamically registered schemas may be revoked from roles
+            executionHandlers // handlerForSelectors with self-reference for execution selectors
         );
     }
 
-    /**
-     * @dev Internal helper to unregister a function schema
-     * @param functionSelector The function selector to unregister
-     * @param safeRemoval If true, checks for role references before removal
-     * @notice EngineBlox.removeFunctionSchema validates schema existence (ResourceNotFound) and protected status (CannotModifyProtected)
-     */
-    function _unregisterFunction(bytes4 functionSelector, bool safeRemoval) internal {
-        _removeFunctionSchema(functionSelector, safeRemoval);
-    }
-
 }