@bloxchain/contracts 1.0.0-alpha.7 → 1.0.0

package/core/execution/interface/IGuardController.sol

@@ -1,160 +1,146 @@
-// SPDX-License-Identifier: MPL-2.0
-pragma solidity 0.8.33;
-
-import "../../lib/EngineBlox.sol";
-
-/**
- * @title IGuardController
- * @dev Interface for GuardController contract that GuardianSafeV3 and other contracts delegate to
- * @notice This interface defines only GuardController-specific methods
- * @notice Functions from BaseStateMachine (createMetaTxParams, generateUnsignedMetaTransaction*, getTransaction, functionSchemaExists, getFunctionSchema, owner, getBroadcaster, getRecovery) should be accessed via IBaseStateMachine
- * @notice Functions from RuntimeRBAC (registerFunction, unregisterFunction, createNewRole, addWalletToRole, revokeWallet) should be accessed via IRuntimeRBAC
- * @custom:security-contact security@particlecrypto.com
- */
-interface IGuardController {
-    /**
-     * @dev Action types for batched Guard configuration
-     */
-    enum GuardConfigActionType {
-        ADD_TARGET_TO_WHITELIST,
-        REMOVE_TARGET_FROM_WHITELIST,
-        REGISTER_FUNCTION,
-        UNREGISTER_FUNCTION
-    }
-
-    /**
-     * @dev Encodes a single Guard configuration action in a batch
-     */
-    struct GuardConfigAction {
-        GuardConfigActionType actionType;
-        bytes data;
-    }
-
-    /**
-     * @notice Initializer to initialize GuardController
-     * @param initialOwner The initial owner address
-     * @param broadcaster The broadcaster address
-     * @param recovery The recovery address
-     * @param timeLockPeriodSec The timelock period in seconds
-     * @param eventForwarder The event forwarder address
-     */
-    function initialize(
-        address initialOwner,
-        address broadcaster,
-        address recovery,
-        uint256 timeLockPeriodSec,
-        address eventForwarder
-    ) external;
-
-    /**
-     * @dev Requests a time-locked execution via EngineBlox workflow
-     * @param target The address of the target contract
-     * @param value The ETH value to send (0 for standard function calls)
-     * @param functionSelector The function selector to execute (0x00000000 for simple ETH transfers)
-     * @param params The encoded parameters for the function (empty for simple ETH transfers)
-     * @param gasLimit The gas limit for execution
-     * @param operationType The operation type hash
-     * @return txId The transaction ID for the requested operation
-     * @notice Creates a time-locked transaction that must be approved after the timelock period
-     * @notice Requires EXECUTE_TIME_DELAY_REQUEST permission for the function selector
-     * @notice For standard function calls: value=0, functionSelector=non-zero, params=encoded data
-     * @notice For simple ETH transfers: value>0, functionSelector=0x00000000, params=""
-     */
-    function executeWithTimeLock(
-        address target,
-        uint256 value,
-        bytes4 functionSelector,
-        bytes memory params,
-        uint256 gasLimit,
-        bytes32 operationType
-    ) external returns (uint256 txId);
-
-    /**
-     * @dev Requests a time-locked execution with payment details attached (same permissions as executeWithTimeLock)
-     * @param target The address of the target contract
-     * @param value The ETH value to send (0 for standard function calls)
-     * @param functionSelector The function selector to execute (NATIVE_TRANSFER_SELECTOR for simple native token transfers)
-     * @param params The encoded parameters for the function (empty for simple native token transfers)
-     * @param gasLimit The gas limit for execution
-     * @param operationType The operation type hash
-     * @param paymentDetails The payment details to attach to the transaction
-     * @return txId The transaction ID for the requested operation (use getTransaction(txId) for full record)
-     * @notice Reuses EXECUTE_TIME_DELAY_REQUEST permission; approval/cancel same as executeWithTimeLock
-     */
-    function executeWithPayment(
-        address target,
-        uint256 value,
-        bytes4 functionSelector,
-        bytes memory params,
-        uint256 gasLimit,
-        bytes32 operationType,
-        EngineBlox.PaymentDetails memory paymentDetails
-    ) external returns (uint256 txId);
-
-    /**
-     * @dev Approves and executes a time-locked transaction
-     * @param txId The transaction ID
-     * @param expectedOperationType The expected operation type for validation
-     * @return txId The transaction ID (use getTransaction(txId) for full record and result)
-     * @notice Requires STANDARD execution type and EXECUTE_TIME_DELAY_APPROVE permission for the execution function
-     */
-    function approveTimeLockExecution(
-        uint256 txId,
-        bytes32 expectedOperationType
-    ) external returns (uint256);
-
-    /**
-     * @dev Cancels a time-locked transaction
-     * @param txId The transaction ID
-     * @param expectedOperationType The expected operation type for validation
-     * @return txId The transaction ID (use getTransaction(txId) for full record)
-     * @notice Requires STANDARD execution type and EXECUTE_TIME_DELAY_CANCEL permission for the execution function
-     */
-    function cancelTimeLockExecution(
-        uint256 txId,
-        bytes32 expectedOperationType
-    ) external returns (uint256);
-
-    /**
-     * @dev Approves a time-locked transaction using a meta-transaction
-     * @param metaTx The meta-transaction containing the transaction record and signature
-     * @param expectedOperationType The expected operation type for validation
-     * @param requiredSelector The handler selector for validation
-     * @return The transaction ID (use getTransaction(txId) for full record)
-     * @notice Requires STANDARD execution type and EXECUTE_META_APPROVE permission for the execution function
-     */
-    function approveTimeLockExecutionWithMetaTx(
-        EngineBlox.MetaTransaction memory metaTx,
-        bytes32 expectedOperationType,
-        bytes4 requiredSelector
-    ) external returns (uint256);
-
-    /**
-     * @dev Cancels a time-locked transaction using a meta-transaction
-     * @param metaTx The meta-transaction containing the transaction record and signature
-     * @param expectedOperationType The expected operation type for validation
-     * @param requiredSelector The handler selector for validation
-     * @return The transaction ID (use getTransaction(txId) for full record)
-     * @notice Requires STANDARD execution type and EXECUTE_META_CANCEL permission for the execution function
-     */
-    function cancelTimeLockExecutionWithMetaTx(
-        EngineBlox.MetaTransaction memory metaTx,
-        bytes32 expectedOperationType,
-        bytes4 requiredSelector
-    ) external returns (uint256);
-
-    /**
-     * @dev Requests and approves a transaction in one step using a meta-transaction
-     * @param metaTx The meta-transaction containing the transaction record and signature
-     * @param requiredSelector The handler selector for validation
-     * @return The transaction ID (use getTransaction(txId) for full record)
-     * @notice Requires STANDARD execution type
-     * @notice Validates function schema and permissions for the execution function (same as executeWithTimeLock)
-     * @notice Requires EXECUTE_META_REQUEST_AND_APPROVE permission for the execution function selector
-     */
-    function requestAndApproveExecution(
-        EngineBlox.MetaTransaction memory metaTx,
-        bytes4 requiredSelector
-    ) external returns (uint256);
-}
-
+// SPDX-License-Identifier: MPL-2.0
+pragma solidity 0.8.35;
+
+import "../../lib/EngineBlox.sol";
+
+/**
+ * @title IGuardController
+ * @dev Interface for GuardController contract that AccountBlox and other contracts delegate to
+ * @notice This interface defines only GuardController-specific methods
+ * @notice Functions from BaseStateMachine (createMetaTxParams, generateUnsignedMetaTransaction*, getTransaction, getFunctionSchema, owner, getBroadcasters, getRecovery) should be accessed via IBaseStateMachine
+ * @notice Functions from RuntimeRBAC (role management: createNewRole, addWalletToRole, revokeWallet, etc.) should be accessed via IRuntimeRBAC. Function schema registration is performed via GuardController (guard config batch), not RuntimeRBAC.
+ * @custom:security-contact security@particlecrypto.com
+ */
+interface IGuardController {
+    /**
+     * @dev Action types for batched Guard configuration
+     */
+    enum GuardConfigActionType {
+        ADD_TARGET_TO_WHITELIST,
+        REMOVE_TARGET_FROM_WHITELIST,
+        REGISTER_FUNCTION,
+        UNREGISTER_FUNCTION
+    }
+
+    /**
+     * @dev Encodes a single Guard configuration action in a batch
+     */
+    struct GuardConfigAction {
+        GuardConfigActionType actionType;
+        bytes data;
+    }
+
+    /**
+     * @notice Initializer to initialize GuardController
+     * @param initialOwner The initial owner address
+     * @param broadcaster The broadcaster address
+     * @param recovery The recovery address
+     * @param timeLockPeriodSec The timelock period in seconds
+     * @param eventForwarder The event forwarder address
+     */
+    function initialize(
+        address initialOwner,
+        address broadcaster,
+        address recovery,
+        uint256 timeLockPeriodSec,
+        address eventForwarder
+    ) external;
+
+    /**
+     * @dev Requests a time-locked execution via EngineBlox workflow
+     * @param target The address of the target contract
+     * @param value The ETH value to send (0 for standard function calls)
+     * @param functionSelector The function selector to execute (0x00000000 for simple ETH transfers)
+     * @param params The encoded parameters for the function (empty for simple ETH transfers)
+     * @param gasLimit The gas limit for execution
+     * @param operationType The operation type hash
+     * @return txId The transaction ID for the requested operation
+     * @notice Creates a time-locked transaction that must be approved after the timelock period
+     * @notice Requires EXECUTE_TIME_DELAY_REQUEST permission for the function selector
+     * @notice For standard function calls: value=0, functionSelector=non-zero, params=encoded data
+     * @notice For simple ETH transfers: value>0, functionSelector=0x00000000, params=""
+     */
+    function executeWithTimeLock(
+        address target,
+        uint256 value,
+        bytes4 functionSelector,
+        bytes memory params,
+        uint256 gasLimit,
+        bytes32 operationType
+    ) external returns (uint256 txId);
+
+    /**
+     * @dev Requests a time-locked execution with payment details attached (same permissions as executeWithTimeLock)
+     * @param target The address of the target contract
+     * @param value The ETH value to send (0 for standard function calls)
+     * @param functionSelector The function selector to execute (NATIVE_TRANSFER_SELECTOR for simple native token transfers)
+     * @param params The encoded parameters for the function (empty for simple native token transfers)
+     * @param gasLimit The gas limit for execution
+     * @param operationType The operation type hash
+     * @param paymentDetails The payment details to attach to the transaction
+     * @return txId The transaction ID for the requested operation (use getTransaction(txId) for full record)
+     * @notice Reuses EXECUTE_TIME_DELAY_REQUEST permission; approval/cancel same as executeWithTimeLock
+     */
+    function executeWithPayment(
+        address target,
+        uint256 value,
+        bytes4 functionSelector,
+        bytes memory params,
+        uint256 gasLimit,
+        bytes32 operationType,
+        EngineBlox.PaymentDetails memory paymentDetails
+    ) external returns (uint256 txId);
+
+    /**
+     * @dev Approves and executes a time-locked transaction
+     * @param txId The transaction ID
+     * @return txId The transaction ID (use getTransaction(txId) for full record and result)
+     * @notice Requires STANDARD execution type and EXECUTE_TIME_DELAY_APPROVE permission for the execution function
+     */
+    function approveTimeLockExecution(
+        uint256 txId
+    ) external returns (uint256);
+
+    /**
+     * @dev Cancels a time-locked transaction
+     * @param txId The transaction ID
+     * @return txId The transaction ID (use getTransaction(txId) for full record)
+     * @notice Requires STANDARD execution type and EXECUTE_TIME_DELAY_CANCEL permission for the execution function
+     */
+    function cancelTimeLockExecution(
+        uint256 txId
+    ) external returns (uint256);
+
+    /**
+     * @dev Approves a time-locked transaction using a meta-transaction
+     * @param metaTx The meta-transaction containing the transaction record and signature
+     * @return The transaction ID (use getTransaction(txId) for full record)
+     * @notice Requires STANDARD execution type and EXECUTE_META_APPROVE permission for the execution function
+     */
+    function approveTimeLockExecutionWithMetaTx(
+        EngineBlox.MetaTransaction memory metaTx
+    ) external returns (uint256);
+
+    /**
+     * @dev Cancels a time-locked transaction using a meta-transaction
+     * @param metaTx The meta-transaction containing the transaction record and signature
+     * @return The transaction ID (use getTransaction(txId) for full record)
+     * @notice Requires STANDARD execution type and EXECUTE_META_CANCEL permission for the execution function
+     */
+    function cancelTimeLockExecutionWithMetaTx(
+        EngineBlox.MetaTransaction memory metaTx
+    ) external returns (uint256);
+
+    /**
+     * @dev Requests and approves a transaction in one step using a meta-transaction
+     * @param metaTx The meta-transaction containing the transaction record and signature
+     * @return The transaction ID (use getTransaction(txId) for full record)
+     * @notice Requires STANDARD execution type
+     * @notice Validates function schema and permissions for the execution function (same as executeWithTimeLock)
+     * @notice Requires EXECUTE_META_REQUEST_AND_APPROVE permission for the execution function selector
+     */
+    function requestAndApproveExecution(
+        EngineBlox.MetaTransaction memory metaTx
+    ) external returns (uint256);
+}
+

package/core/execution/lib/definitions/GuardControllerDefinitions.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MPL-2.0
-pragma solidity 0.8.33;
+pragma solidity 0.8.35;
 
 import "@openzeppelin/contracts/utils/introspection/IERC165.sol";
 import "../../../lib/EngineBlox.sol";
@@ -16,7 +16,7 @@ import "../../interface/IGuardController.sol";
  * and role permissions for GuardController's public execution functions.
  * 
  * Key Features:
- * - Registers all 6 GuardController public execution functions
+ * - Registers all 9 GuardController public execution functions plus 3 attached-payment policy schemas
  * - Defines role permissions for OWNER_ROLE and BROADCASTER_ROLE
  * - Supports time-delay and meta-transaction workflows
  * - Matches EngineBloxDefinitions pattern for consistency
@@ -33,10 +33,15 @@ library GuardControllerDefinitions {
     
     // Operation Type Constants
     bytes32 public constant CONTROLLER_OPERATION = keccak256("CONTROLLER_OPERATION");
+    // Guard config batch only (whitelist / register-unregister function); distinct execution operation type bitmap.
+    bytes32 public constant CONTROLLER_CONFIG_BATCH = keccak256("CONTROLLER_CONFIG_BATCH");
     
     // Function Selector Constants
-    // GuardController: executeWithTimeLock(address,bytes4,bytes,uint256,bytes32)
-    bytes4 public constant EXECUTE_WITH_TIMELOCK_SELECTOR = bytes4(keccak256("executeWithTimeLock(address,bytes4,bytes,uint256,bytes32)"));
+    // GuardController: executeWithTimeLock(address,uint256,bytes4,bytes,uint256,bytes32)
+    bytes4 public constant EXECUTE_WITH_TIMELOCK_SELECTOR = bytes4(keccak256("executeWithTimeLock(address,uint256,bytes4,bytes,uint256,bytes32)"));
+    
+    // GuardController: executeWithPayment(address,uint256,bytes4,bytes,uint256,bytes32,(address,uint256,address,uint256))
+    bytes4 public constant EXECUTE_WITH_PAYMENT_SELECTOR = bytes4(keccak256("executeWithPayment(address,uint256,bytes4,bytes,uint256,bytes32,(address,uint256,address,uint256))"));
     
     // GuardController: approveTimeLockExecution(uint256)
     bytes4 public constant APPROVE_TIMELOCK_EXECUTION_SELECTOR = bytes4(keccak256("approveTimeLockExecution(uint256)"));
@@ -44,19 +49,32 @@ library GuardControllerDefinitions {
     // GuardController: cancelTimeLockExecution(uint256)
     bytes4 public constant CANCEL_TIMELOCK_EXECUTION_SELECTOR = bytes4(keccak256("cancelTimeLockExecution(uint256)"));
     
-    // GuardController: approveTimeLockExecutionWithMetaTx(...)
-    bytes4 public constant APPROVE_TIMELOCK_EXECUTION_META_SELECTOR = bytes4(keccak256("approveTimeLockExecutionWithMetaTx((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"));
+ 
+    // GuardController: approveTimeLockExecutionWithMetaTx(EngineBlox.MetaTransaction)
+    bytes4 public constant APPROVE_TIMELOCK_EXECUTION_META_SELECTOR = bytes4(
+        keccak256(
+            "approveTimeLockExecutionWithMetaTx(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"
+        )
+    );
     
-    // GuardController: cancelTimeLockExecutionWithMetaTx(...)
-    bytes4 public constant CANCEL_TIMELOCK_EXECUTION_META_SELECTOR = bytes4(keccak256("cancelTimeLockExecutionWithMetaTx((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"));
+    // GuardController: cancelTimeLockExecutionWithMetaTx(EngineBlox.MetaTransaction)
+    bytes4 public constant CANCEL_TIMELOCK_EXECUTION_META_SELECTOR = bytes4(
+        keccak256(
+            "cancelTimeLockExecutionWithMetaTx(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"
+        )
+    );
     
-    // GuardController: requestAndApproveExecution(...)
-    bytes4 public constant REQUEST_AND_APPROVE_EXECUTION_SELECTOR = bytes4(keccak256("requestAndApproveExecution((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"));
+    // GuardController: requestAndApproveExecution(EngineBlox.MetaTransaction)
+    bytes4 public constant REQUEST_AND_APPROVE_EXECUTION_SELECTOR = bytes4(
+        keccak256(
+            "requestAndApproveExecution(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"
+        )
+    );
 
     // GuardController: guardConfigBatchRequestAndApprove(...)
     bytes4 public constant GUARD_CONFIG_BATCH_META_SELECTOR = bytes4(
         keccak256(
-            "guardConfigBatchRequestAndApprove(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"
+            "guardConfigBatchRequestAndApprove(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))"
         )
     );
 
@@ -65,12 +83,12 @@ library GuardControllerDefinitions {
         bytes4(keccak256("executeGuardConfigBatch((uint8,bytes)[])"));
 
     /**
-     * @dev Returns predefined function schemas for GuardController execution functions
-     * @return Array of function schema definitions
+     * @dev Returns predefined function schemas for GuardController execution functions and attached-payment policy keys
+     * @return Array of function schema definitions (12 entries: 9 controller surfaces + 3 payment whitelist selectors)
      * 
      * Function schemas define:
      * - GuardController public execution functions
-     * - What operation types they belong to (CONTROLLER_OPERATION)
+     * - What operation types they belong to (CONTROLLER_OPERATION vs CONTROLLER_CONFIG_BATCH)
      * - What actions are supported (time-delay request/approve/cancel, meta-tx approve/cancel/request-and-approve)
      * - Whether they are protected
      * 
@@ -80,7 +98,7 @@ library GuardControllerDefinitions {
      * - Role permissions are defined in getRolePermissions() matching EngineBloxDefinitions pattern
      */
     function getFunctionSchemas() public pure returns (EngineBlox.FunctionSchema[] memory) {
-        EngineBlox.FunctionSchema[] memory schemas = new EngineBlox.FunctionSchema[](8);
+        EngineBlox.FunctionSchema[] memory schemas = new EngineBlox.FunctionSchema[](12);
         
         // ============ TIME-DELAY WORKFLOW ACTIONS ============
         // Request action for executeWithTimeLock
@@ -128,6 +146,9 @@ library GuardControllerDefinitions {
         requestAndApproveExecutionHandlerForSelectors[0] = REQUEST_AND_APPROVE_EXECUTION_SELECTOR;
         bytes4[] memory guardConfigBatchExecuteHandlerForSelectors = new bytes4[](1);
         guardConfigBatchExecuteHandlerForSelectors[0] = GUARD_CONFIG_BATCH_EXECUTE_SELECTOR;
+
+        bytes4[] memory executeWithPaymentHandlerForSelectors = new bytes4[](1);
+        executeWithPaymentHandlerForSelectors[0] = EXECUTE_WITH_PAYMENT_SELECTOR;
         
         // Handler selectors point to execution selectors
         bytes4[] memory guardConfigHandlerForSelectors = new bytes4[](1);
@@ -135,12 +156,14 @@ library GuardControllerDefinitions {
         
         // Schema 0: GuardController.executeWithTimeLock
         schemas[0] = EngineBlox.FunctionSchema({
-            functionSignature: "executeWithTimeLock(address,bytes4,bytes,uint256,bytes32)",
+            functionSignature: "executeWithTimeLock(address,uint256,bytes4,bytes,uint256,bytes32)",
             functionSelector: EXECUTE_WITH_TIMELOCK_SELECTOR,
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(timeDelayRequestActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: executeWithTimeLockHandlerForSelectors
         });
         
@@ -151,7 +174,9 @@ library GuardControllerDefinitions {
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(timeDelayApproveActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: approveTimeLockExecutionHandlerForSelectors
         });
         
@@ -162,51 +187,61 @@ library GuardControllerDefinitions {
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(timeDelayCancelActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: cancelTimeLockExecutionHandlerForSelectors
         });
         
         // Schema 3: GuardController.approveTimeLockExecutionWithMetaTx
         schemas[3] = EngineBlox.FunctionSchema({
-            functionSignature: "approveTimeLockExecutionWithMetaTx((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
+            functionSignature: "approveTimeLockExecutionWithMetaTx(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
             functionSelector: APPROVE_TIMELOCK_EXECUTION_META_SELECTOR,
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(metaTxApproveActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: approveTimeLockExecutionMetaHandlerForSelectors
         });
         
         // Schema 4: GuardController.cancelTimeLockExecutionWithMetaTx
         schemas[4] = EngineBlox.FunctionSchema({
-            functionSignature: "cancelTimeLockExecutionWithMetaTx((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
+            functionSignature: "cancelTimeLockExecutionWithMetaTx(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
             functionSelector: CANCEL_TIMELOCK_EXECUTION_META_SELECTOR,
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(metaTxCancelActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: cancelTimeLockExecutionMetaHandlerForSelectors
         });
         
         // Schema 5: GuardController.requestAndApproveExecution
         schemas[5] = EngineBlox.FunctionSchema({
-            functionSignature: "requestAndApproveExecution((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
+            functionSignature: "requestAndApproveExecution(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
             functionSelector: REQUEST_AND_APPROVE_EXECUTION_SELECTOR,
             operationType: CONTROLLER_OPERATION,
             operationName: "CONTROLLER_OPERATION",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(metaTxRequestApproveActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: requestAndApproveExecutionHandlerForSelectors
         });
 
         // Schema 6: GuardController.guardConfigBatchRequestAndApprove
         schemas[6] = EngineBlox.FunctionSchema({
-            functionSignature: "guardConfigBatchRequestAndApprove(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
+            functionSignature: "guardConfigBatchRequestAndApprove(((uint256,uint256,uint8,(address,address,uint256,uint256,bytes32,bytes4,bytes),bytes32,bytes32,(address,uint256,address,uint256)),(uint256,uint256,address,bytes4,uint8,uint256,uint256,address),bytes32,bytes,bytes))",
             functionSelector: GUARD_CONFIG_BATCH_META_SELECTOR,
-            operationType: CONTROLLER_OPERATION,
-            operationName: "CONTROLLER_OPERATION",
+            operationType: CONTROLLER_CONFIG_BATCH,
+            operationName: "CONTROLLER_CONFIG_BATCH",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(metaTxRequestApproveActions),
+            enforceHandlerRelations: true,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: guardConfigHandlerForSelectors
         });
 
@@ -218,13 +253,89 @@ library GuardControllerDefinitions {
         schemas[7] = EngineBlox.FunctionSchema({
             functionSignature: "executeGuardConfigBatch((uint8,bytes)[])",
             functionSelector: GUARD_CONFIG_BATCH_EXECUTE_SELECTOR,
-            operationType: CONTROLLER_OPERATION,
-            operationName: "CONTROLLER_OPERATION",
+            operationType: CONTROLLER_CONFIG_BATCH,
+            operationName: "CONTROLLER_CONFIG_BATCH",
             supportedActionsBitmap: EngineBlox.createBitmapFromActions(guardConfigExecutionActions),
+            enforceHandlerRelations: false,
             isProtected: true,
+            isGrantRevocable: false,
             handlerForSelectors: guardConfigBatchExecuteHandlerForSelectors
         });
 
+        // Schema 8: GuardController.executeWithPayment (same time-delay request action as executeWithTimeLock).
+        // Default definitions intentionally omit an OWNER_ROLE FunctionPermission for this selector (minimal surface).
+        // `getGuardConfigActionSpecs()` only exposes whitelist add/remove, REGISTER_FUNCTION, and UNREGISTER_FUNCTION —
+        // there is no guard-config action to attach `executeWithPayment` to a role. Deployments that need owner-driven
+        // `executeWithPayment` must add the FunctionPermission via an RBAC batch (`ADD_FUNCTION_TO_ROLE` / encoders in
+        // `RuntimeRBACDefinitions.sol`), following that file's ordering and action constraints and the handler/schema
+        // rules in this `GuardControllerDefinitions.sol` bundle.
+        schemas[8] = EngineBlox.FunctionSchema({
+            functionSignature: "executeWithPayment(address,uint256,bytes4,bytes,uint256,bytes32,(address,uint256,address,uint256))",
+            functionSelector: EXECUTE_WITH_PAYMENT_SELECTOR,
+            operationType: CONTROLLER_OPERATION,
+            operationName: "CONTROLLER_OPERATION",
+            supportedActionsBitmap: EngineBlox.createBitmapFromActions(timeDelayRequestActions),
+            enforceHandlerRelations: false,
+            isProtected: true,
+            isGrantRevocable: false,
+            handlerForSelectors: executeWithPaymentHandlerForSelectors
+        });
+
+        // Policy-only schemas for `executeWithPayment` whitelist keys; bitmap = all TxActions so roles may grant any action if needed.
+        EngineBlox.TxAction[] memory allTxActions = new EngineBlox.TxAction[](9);
+        allTxActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_REQUEST;
+        allTxActions[1] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_APPROVE;
+        allTxActions[2] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_CANCEL;
+        allTxActions[3] = EngineBlox.TxAction.SIGN_META_REQUEST_AND_APPROVE;
+        allTxActions[4] = EngineBlox.TxAction.SIGN_META_APPROVE;
+        allTxActions[5] = EngineBlox.TxAction.SIGN_META_CANCEL;
+        allTxActions[6] = EngineBlox.TxAction.EXECUTE_META_REQUEST_AND_APPROVE;
+        allTxActions[7] = EngineBlox.TxAction.EXECUTE_META_APPROVE;
+        allTxActions[8] = EngineBlox.TxAction.EXECUTE_META_CANCEL;
+        uint16 allActionsBitmap = EngineBlox.createBitmapFromActions(allTxActions);
+
+        bytes4[] memory attachedPaymentRecipientHandlers = new bytes4[](1);
+        attachedPaymentRecipientHandlers[0] = EngineBlox.ATTACHED_PAYMENT_RECIPIENT_SELECTOR;
+        schemas[9] = EngineBlox.FunctionSchema({
+            functionSignature: "__bloxchain_attached_payment_recipient__()",
+            functionSelector: EngineBlox.ATTACHED_PAYMENT_RECIPIENT_SELECTOR,
+            operationType: keccak256(bytes("ATTACHED_PAYMENT_RECIPIENT")),
+            operationName: "ATTACHED_PAYMENT_RECIPIENT",
+            supportedActionsBitmap: allActionsBitmap,
+            enforceHandlerRelations: false,
+            isProtected: true,
+            isGrantRevocable: true,
+            handlerForSelectors: attachedPaymentRecipientHandlers
+        });
+
+        bytes4[] memory nativeTransferHandlers = new bytes4[](1);
+        nativeTransferHandlers[0] = EngineBlox.NATIVE_TRANSFER_SELECTOR;
+        schemas[10] = EngineBlox.FunctionSchema({
+            functionSignature: "__bloxchain_native_transfer__()",
+            functionSelector: EngineBlox.NATIVE_TRANSFER_SELECTOR,
+            operationType: keccak256(bytes("NATIVE_TRANSFER")),
+            operationName: "NATIVE_TRANSFER",
+            supportedActionsBitmap: allActionsBitmap,
+            enforceHandlerRelations: false,
+            isProtected: true,
+            isGrantRevocable: true,
+            handlerForSelectors: nativeTransferHandlers
+        });
+
+        bytes4[] memory erc20TransferHandlers = new bytes4[](1);
+        erc20TransferHandlers[0] = EngineBlox.ERC20_TRANSFER_SELECTOR;
+        schemas[11] = EngineBlox.FunctionSchema({
+            functionSignature: "transfer(address,uint256)",
+            functionSelector: EngineBlox.ERC20_TRANSFER_SELECTOR,
+            operationType: keccak256(bytes("ERC20_TRANSFER")),
+            operationName: "ERC20_TRANSFER",
+            supportedActionsBitmap: allActionsBitmap,
+            enforceHandlerRelations: false,
+            isProtected: true,
+            isGrantRevocable: true,
+            handlerForSelectors: erc20TransferHandlers
+        });
+
         return schemas;
     }
     
@@ -463,7 +574,7 @@ library GuardControllerDefinitions {
     /**
      * @dev Encodes data for UNREGISTER_FUNCTION. Use with GuardConfigActionType.UNREGISTER_FUNCTION.
      * @param functionSelector Selector of the function to unregister
-     * @param safeRemoval If true, reverts when the function has whitelisted targets
+     * @param safeRemoval If true, `EngineBlox.unregisterFunction` reverts when **any role** still lists this selector (not a whitelist-emptiness check; whitelist/hook entries may remain).
      */
     function encodeUnregisterFunction(bytes4 functionSelector, bool safeRemoval) public pure returns (bytes memory) {
         return abi.encode(functionSelector, safeRemoval);