@bloxchain/contracts 1.0.0-alpha → 1.0.0-alpha.10

package/core/research/erc20-blox/lib/definitions/ERC20BloxDefinitions.sol

@@ -0,0 +1,185 @@
+// SPDX-License-Identifier: MPL-2.0
+pragma solidity 0.8.33;
+
+import "../../../../lib/EngineBlox.sol";
+import "../../../../lib/interfaces/IDefinition.sol";
+
+/**
+ * @title ERC20BloxDefinitions
+ * @dev Definition library for ERC20Blox execution selectors (transfer, transferFrom, mint, burn, burnFrom).
+ * Registers function schemas and role permissions so the GuardController can execute these functions
+ * via time-lock and meta-transaction workflows. Handler permissions (executeWithTimeLock, etc.) are
+ * defined in GuardControllerDefinitions.
+ * @custom:security-contact security@particlecrypto.com
+ */
+library ERC20BloxDefinitions {
+
+    // System macro selectors (allowed to target address(this) for GuardController execution)
+    bytes4 public constant TRANSFER_SELECTOR = bytes4(keccak256("transfer(address,uint256)"));
+    bytes4 public constant TRANSFER_FROM_SELECTOR = bytes4(keccak256("transferFrom(address,address,uint256)"));
+    bytes4 public constant MINT_SELECTOR = bytes4(keccak256("mint(address,uint256)"));
+    bytes4 public constant BURN_SELECTOR = bytes4(keccak256("burn(uint256)"));
+    bytes4 public constant BURN_FROM_SELECTOR = bytes4(keccak256("burnFrom(address,uint256)"));
+
+    bytes32 public constant ERC20_OPERATION = keccak256("ERC20_OPERATION");
+
+    /**
+     * @dev Returns function schemas for ERC20Blox execution selectors (used by controller).
+     */
+    function getFunctionSchemas() public pure returns (EngineBlox.FunctionSchema[] memory) {
+        EngineBlox.FunctionSchema[] memory schemas = new EngineBlox.FunctionSchema[](5);
+
+        EngineBlox.TxAction[] memory timeDelayRequestActions = new EngineBlox.TxAction[](1);
+        timeDelayRequestActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_REQUEST;
+        EngineBlox.TxAction[] memory timeDelayApproveActions = new EngineBlox.TxAction[](1);
+        timeDelayApproveActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_APPROVE;
+        EngineBlox.TxAction[] memory timeDelayCancelActions = new EngineBlox.TxAction[](1);
+        timeDelayCancelActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_CANCEL;
+        EngineBlox.TxAction[] memory metaTxRequestApproveActions = new EngineBlox.TxAction[](2);
+        metaTxRequestApproveActions[0] = EngineBlox.TxAction.SIGN_META_REQUEST_AND_APPROVE;
+        metaTxRequestApproveActions[1] = EngineBlox.TxAction.EXECUTE_META_REQUEST_AND_APPROVE;
+        EngineBlox.TxAction[] memory metaTxApproveActions = new EngineBlox.TxAction[](2);
+        metaTxApproveActions[0] = EngineBlox.TxAction.SIGN_META_APPROVE;
+        metaTxApproveActions[1] = EngineBlox.TxAction.EXECUTE_META_APPROVE;
+        EngineBlox.TxAction[] memory metaTxCancelActions = new EngineBlox.TxAction[](2);
+        metaTxCancelActions[0] = EngineBlox.TxAction.SIGN_META_CANCEL;
+        metaTxCancelActions[1] = EngineBlox.TxAction.EXECUTE_META_CANCEL;
+
+        uint16 actionsBitmap = EngineBlox.createBitmapFromActions(timeDelayRequestActions)
+            | EngineBlox.createBitmapFromActions(timeDelayApproveActions)
+            | EngineBlox.createBitmapFromActions(timeDelayCancelActions)
+            | EngineBlox.createBitmapFromActions(metaTxRequestApproveActions)
+            | EngineBlox.createBitmapFromActions(metaTxApproveActions)
+            | EngineBlox.createBitmapFromActions(metaTxCancelActions);
+
+        bytes4[] memory transferHandlers = new bytes4[](1);
+        transferHandlers[0] = TRANSFER_SELECTOR;
+        bytes4[] memory transferFromHandlers = new bytes4[](1);
+        transferFromHandlers[0] = TRANSFER_FROM_SELECTOR;
+        bytes4[] memory mintHandlers = new bytes4[](1);
+        mintHandlers[0] = MINT_SELECTOR;
+        bytes4[] memory burnHandlers = new bytes4[](1);
+        burnHandlers[0] = BURN_SELECTOR;
+        bytes4[] memory burnFromHandlers = new bytes4[](1);
+        burnFromHandlers[0] = BURN_FROM_SELECTOR;
+
+        schemas[0] = EngineBlox.FunctionSchema({
+            functionSignature: "transfer(address,uint256)",
+            functionSelector: TRANSFER_SELECTOR,
+            operationType: ERC20_OPERATION,
+            operationName: "ERC20_TRANSFER",
+            supportedActionsBitmap: actionsBitmap,
+            isProtected: true,
+            handlerForSelectors: transferHandlers
+        });
+        schemas[1] = EngineBlox.FunctionSchema({
+            functionSignature: "transferFrom(address,address,uint256)",
+            functionSelector: TRANSFER_FROM_SELECTOR,
+            operationType: ERC20_OPERATION,
+            operationName: "ERC20_TRANSFER_FROM",
+            supportedActionsBitmap: actionsBitmap,
+            isProtected: true,
+            handlerForSelectors: transferFromHandlers
+        });
+        schemas[2] = EngineBlox.FunctionSchema({
+            functionSignature: "mint(address,uint256)",
+            functionSelector: MINT_SELECTOR,
+            operationType: ERC20_OPERATION,
+            operationName: "ERC20_MINT",
+            supportedActionsBitmap: actionsBitmap,
+            isProtected: true,
+            handlerForSelectors: mintHandlers
+        });
+        schemas[3] = EngineBlox.FunctionSchema({
+            functionSignature: "burn(uint256)",
+            functionSelector: BURN_SELECTOR,
+            operationType: ERC20_OPERATION,
+            operationName: "ERC20_BURN",
+            supportedActionsBitmap: actionsBitmap,
+            isProtected: true,
+            handlerForSelectors: burnHandlers
+        });
+        schemas[4] = EngineBlox.FunctionSchema({
+            functionSignature: "burnFrom(address,uint256)",
+            functionSelector: BURN_FROM_SELECTOR,
+            operationType: ERC20_OPERATION,
+            operationName: "ERC20_BURN_FROM",
+            supportedActionsBitmap: actionsBitmap,
+            isProtected: true,
+            handlerForSelectors: burnFromHandlers
+        });
+
+        return schemas;
+    }
+
+    /**
+     * @dev Returns role permissions for ERC20Blox execution selectors (OWNER and BROADCASTER).
+     */
+    function getRolePermissions() public pure returns (IDefinition.RolePermission memory) {
+        bytes32[] memory roleHashes = new bytes32[](10);
+        EngineBlox.FunctionPermission[] memory functionPermissions = new EngineBlox.FunctionPermission[](10);
+
+        EngineBlox.TxAction[] memory ownerTimeLockRequest = new EngineBlox.TxAction[](1);
+        ownerTimeLockRequest[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_REQUEST;
+        EngineBlox.TxAction[] memory ownerTimeLockApprove = new EngineBlox.TxAction[](1);
+        ownerTimeLockApprove[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_APPROVE;
+        EngineBlox.TxAction[] memory ownerTimeLockCancel = new EngineBlox.TxAction[](1);
+        ownerTimeLockCancel[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_CANCEL;
+        EngineBlox.TxAction[] memory ownerMetaSign = new EngineBlox.TxAction[](1);
+        ownerMetaSign[0] = EngineBlox.TxAction.SIGN_META_REQUEST_AND_APPROVE;
+        EngineBlox.TxAction[] memory ownerMetaApprove = new EngineBlox.TxAction[](1);
+        ownerMetaApprove[0] = EngineBlox.TxAction.SIGN_META_APPROVE;
+        EngineBlox.TxAction[] memory ownerMetaCancel = new EngineBlox.TxAction[](1);
+        ownerMetaCancel[0] = EngineBlox.TxAction.SIGN_META_CANCEL;
+        EngineBlox.TxAction[] memory broadcasterMetaExec = new EngineBlox.TxAction[](1);
+        broadcasterMetaExec[0] = EngineBlox.TxAction.EXECUTE_META_REQUEST_AND_APPROVE;
+        EngineBlox.TxAction[] memory broadcasterMetaApprove = new EngineBlox.TxAction[](1);
+        broadcasterMetaApprove[0] = EngineBlox.TxAction.EXECUTE_META_APPROVE;
+        EngineBlox.TxAction[] memory broadcasterMetaCancel = new EngineBlox.TxAction[](1);
+        broadcasterMetaCancel[0] = EngineBlox.TxAction.EXECUTE_META_CANCEL;
+
+        uint16 ownerBitmap = EngineBlox.createBitmapFromActions(ownerTimeLockRequest)
+            | EngineBlox.createBitmapFromActions(ownerTimeLockApprove)
+            | EngineBlox.createBitmapFromActions(ownerTimeLockCancel)
+            | EngineBlox.createBitmapFromActions(ownerMetaSign)
+            | EngineBlox.createBitmapFromActions(ownerMetaApprove)
+            | EngineBlox.createBitmapFromActions(ownerMetaCancel);
+        uint16 broadcasterBitmap = EngineBlox.createBitmapFromActions(broadcasterMetaExec)
+            | EngineBlox.createBitmapFromActions(broadcasterMetaApprove)
+            | EngineBlox.createBitmapFromActions(broadcasterMetaCancel);
+
+        bytes4[5] memory selectors = [TRANSFER_SELECTOR, TRANSFER_FROM_SELECTOR, MINT_SELECTOR, BURN_SELECTOR, BURN_FROM_SELECTOR];
+        for (uint256 i = 0; i < 5; i++) {
+            bytes4[] memory selfRef = new bytes4[](1);
+            selfRef[0] = selectors[i];
+            roleHashes[i] = EngineBlox.OWNER_ROLE;
+            functionPermissions[i] = EngineBlox.FunctionPermission({
+                functionSelector: selectors[i],
+                grantedActionsBitmap: ownerBitmap,
+                handlerForSelectors: selfRef
+            });
+        }
+        for (uint256 i = 0; i < 5; i++) {
+            bytes4[] memory selfRef = new bytes4[](1);
+            selfRef[0] = selectors[i];
+            roleHashes[5 + i] = EngineBlox.BROADCASTER_ROLE;
+            functionPermissions[5 + i] = EngineBlox.FunctionPermission({
+                functionSelector: selectors[i],
+                grantedActionsBitmap: broadcasterBitmap,
+                handlerForSelectors: selfRef
+            });
+        }
+
+        return IDefinition.RolePermission({
+            roleHashes: roleHashes,
+            functionPermissions: functionPermissions
+        });
+    }
+
+    /**
+     * @dev ERC165: report support for IDefinition when this library is used at an address
+     */
+    function supportsInterface(bytes4 interfaceId) external pure returns (bool) {
+        return interfaceId == type(IDefinition).interfaceId;
+    }
+}

package/core/research/erc721-blox/ERC721Blox.sol

@@ -0,0 +1,131 @@
+// SPDX-License-Identifier: AGPL-3.0-or-later
+// Copyright (c) 2025 Particle Crypto Security
+pragma solidity 0.8.33;
+
+// OpenZeppelin
+import "@openzeppelin/contracts-upgradeable/token/ERC721/ERC721Upgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/token/ERC721/extensions/ERC721BurnableUpgradeable.sol";
+import "@openzeppelin/contracts/token/ERC721/IERC721.sol";
+import "@openzeppelin/contracts/utils/introspection/IERC165.sol";
+
+// Core
+import "../../pattern/Account.sol";
+import "../../lib/interfaces/IDefinition.sol";
+import "../../lib/utils/SharedValidation.sol";
+import "./lib/definitions/ERC721BloxDefinitions.sol";
+
+// Standards
+import "../../../standards/behavior/ICopyable.sol";
+
+/**
+ * @title ERC721Blox
+ * @dev ERC721 NFT (IERC721) with Account pattern and ICopyable for cloning.
+ * Exposes transferFrom, safeTransferFrom (callable only via GuardController), mint (owner-only via controller), and burn (ERC721Burnable via controller).
+ * @custom:security-contact security@particlecrypto.com
+ */
+contract ERC721Blox is
+    IERC721,
+    ICopyable,
+    ERC721Upgradeable,
+    ERC721BurnableUpgradeable,
+    Account
+{
+    /// @custom:oz-upgrades-unsafe-allow constructor
+    constructor() {
+        _disableInitializers();
+    }
+
+    /**
+     * @dev ICopyable: full init with custom data. initData must be abi.encode(name, symbol).
+     * Runs Account init, ERC721Blox definitions, and ERC721 name/symbol in one step.
+     */
+    function initializeWithData(
+        address initialOwner,
+        address broadcaster,
+        address recovery,
+        uint256 timeLockPeriodSec,
+        address eventForwarder,
+        bytes calldata initData
+    ) external virtual initializer {
+        super.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
+
+        IDefinition.RolePermission memory erc721Permissions = ERC721BloxDefinitions.getRolePermissions();
+        _loadDefinitions(
+            ERC721BloxDefinitions.getFunctionSchemas(),
+            erc721Permissions.roleHashes,
+            erc721Permissions.functionPermissions,
+            true
+        );
+
+        _addMacroSelector(ERC721BloxDefinitions.TRANSFER_FROM_SELECTOR);
+        _addMacroSelector(ERC721BloxDefinitions.SAFE_TRANSFER_FROM_SELECTOR);
+        _addMacroSelector(ERC721BloxDefinitions.MINT_SELECTOR);
+        _addMacroSelector(ERC721BloxDefinitions.BURN_SELECTOR);
+        (string memory name, string memory symbol) = abi.decode(initData, (string, string));
+        __ERC721_init(name, symbol);
+    }
+
+    /**
+     * @notice Transfer NFT from one account to another; callable only by this contract via GuardController
+     * @param from Sender address
+     * @param to Recipient address
+     * @param tokenId Token ID to transfer
+     */
+    function transferFrom(address from, address to, uint256 tokenId) public virtual override(ERC721Upgradeable, IERC721) {
+        _validateExecuteBySelf();
+        super.transferFrom(from, to, tokenId);
+    }
+
+    /**
+     * @notice Safe transfer NFT from one account to another (with data); callable only by this contract via GuardController.
+     * The 3-arg overload (no data) in the base contract calls this with empty data, so it is also guarded.
+     * @param from Sender address
+     * @param to Recipient address
+     * @param tokenId Token ID to transfer
+     * @param data Additional data for recipient hook
+     */
+    function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory data)
+        public
+        virtual
+        override(ERC721Upgradeable, IERC721)
+    {
+        _validateExecuteBySelf();
+        super.safeTransferFrom(from, to, tokenId, data);
+    }
+
+    /**
+     * @notice Mint an NFT to an account (callable only by this contract via GuardController)
+     * @param to Recipient address
+     * @param tokenId Token ID to mint
+     */
+    function mint(address to, uint256 tokenId) external virtual {
+        _validateExecuteBySelf();
+        _mint(to, tokenId);
+    }
+
+    /**
+     * @notice Burn an NFT (callable only by this contract via GuardController)
+     * @param tokenId Token ID to burn
+     */
+    function burn(uint256 tokenId) public virtual override(ERC721BurnableUpgradeable) {
+        _validateExecuteBySelf();
+        super.burn(tokenId);
+    }
+
+    function supportsInterface(bytes4 interfaceId) public view virtual override(ERC721Upgradeable, Account, IERC165) returns (bool) {
+        return interfaceId == type(IERC721).interfaceId || interfaceId == type(ICopyable).interfaceId || super.supportsInterface(interfaceId);
+    }
+
+    /**
+     * @dev Base initialization (5 params only) is disallowed; use initializeWithData(..., initData) with abi.encode(name, symbol).
+     */
+    function initialize(
+        address initialOwner,
+        address broadcaster,
+        address recovery,
+        uint256 timeLockPeriodSec,
+        address eventForwarder
+    ) public virtual override(Account) initializer {
+        revert SharedValidation.NotSupported();
+    }
+}

package/core/research/erc721-blox/lib/definitions/ERC721BloxDefinitions.sol

@@ -0,0 +1,172 @@
+// SPDX-License-Identifier: MPL-2.0
+pragma solidity 0.8.33;
+
+import "../../../../lib/EngineBlox.sol";
+import "../../../../lib/interfaces/IDefinition.sol";
+
+/**
+ * @title ERC721BloxDefinitions
+ * @dev Definition library for ERC721Blox execution selectors (transferFrom, safeTransferFrom, mint, burn).
+ * Registers function schemas and role permissions so the GuardController can execute these functions
+ * via time-lock and meta-transaction workflows.
+ * @custom:security-contact security@particlecrypto.com
+ */
+library ERC721BloxDefinitions {
+
+    // System macro selectors (allowed to target address(this) for GuardController execution)
+    bytes4 public constant TRANSFER_FROM_SELECTOR = bytes4(keccak256("transferFrom(address,address,uint256)"));
+    bytes4 public constant SAFE_TRANSFER_FROM_SELECTOR = bytes4(keccak256("safeTransferFrom(address,address,uint256,bytes)"));
+    bytes4 public constant MINT_SELECTOR = bytes4(keccak256("mint(address,uint256)"));
+    bytes4 public constant BURN_SELECTOR = bytes4(keccak256("burn(uint256)"));
+
+    bytes32 public constant ERC721_OPERATION = keccak256("ERC721_OPERATION");
+
+    /**
+     * @dev Returns function schemas for ERC721Blox execution selectors (used by controller).
+     */
+    function getFunctionSchemas() public pure returns (EngineBlox.FunctionSchema[] memory) {
+        EngineBlox.FunctionSchema[] memory schemas = new EngineBlox.FunctionSchema[](4);
+
+        EngineBlox.TxAction[] memory timeDelayRequestActions = new EngineBlox.TxAction[](1);
+        timeDelayRequestActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_REQUEST;
+        EngineBlox.TxAction[] memory timeDelayApproveActions = new EngineBlox.TxAction[](1);
+        timeDelayApproveActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_APPROVE;
+        EngineBlox.TxAction[] memory timeDelayCancelActions = new EngineBlox.TxAction[](1);
+        timeDelayCancelActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_CANCEL;
+        EngineBlox.TxAction[] memory metaTxRequestApproveActions = new EngineBlox.TxAction[](2);
+        metaTxRequestApproveActions[0] = EngineBlox.TxAction.SIGN_META_REQUEST_AND_APPROVE;
+        metaTxRequestApproveActions[1] = EngineBlox.TxAction.EXECUTE_META_REQUEST_AND_APPROVE;
+        EngineBlox.TxAction[] memory metaTxApproveActions = new EngineBlox.TxAction[](2);
+        metaTxApproveActions[0] = EngineBlox.TxAction.SIGN_META_APPROVE;
+        metaTxApproveActions[1] = EngineBlox.TxAction.EXECUTE_META_APPROVE;
+        EngineBlox.TxAction[] memory metaTxCancelActions = new EngineBlox.TxAction[](2);
+        metaTxCancelActions[0] = EngineBlox.TxAction.SIGN_META_CANCEL;
+        metaTxCancelActions[1] = EngineBlox.TxAction.EXECUTE_META_CANCEL;
+
+        uint16 actionsBitmap = EngineBlox.createBitmapFromActions(timeDelayRequestActions)
+            | EngineBlox.createBitmapFromActions(timeDelayApproveActions)
+            | EngineBlox.createBitmapFromActions(timeDelayCancelActions)
+            | EngineBlox.createBitmapFromActions(metaTxRequestApproveActions)
+            | EngineBlox.createBitmapFromActions(metaTxApproveActions)
+            | EngineBlox.createBitmapFromActions(metaTxCancelActions);
+
+        bytes4[] memory transferFromHandlers = new bytes4[](1);
+        transferFromHandlers[0] = TRANSFER_FROM_SELECTOR;
+        bytes4[] memory safeTransferFromHandlers = new bytes4[](1);
+        safeTransferFromHandlers[0] = SAFE_TRANSFER_FROM_SELECTOR;
+        bytes4[] memory mintHandlers = new bytes4[](1);
+        mintHandlers[0] = MINT_SELECTOR;
+        bytes4[] memory burnHandlers = new bytes4[](1);
+        burnHandlers[0] = BURN_SELECTOR;
+
+        schemas[0] = EngineBlox.FunctionSchema({
+            functionSignature: "transferFrom(address,address,uint256)",
+            functionSelector: TRANSFER_FROM_SELECTOR,
+            operationType: ERC721_OPERATION,
+            operationName: "ERC721_TRANSFER_FROM",
+            supportedActionsBitmap: actionsBitmap,
+            isProtected: true,
+            handlerForSelectors: transferFromHandlers
+        });
+        schemas[1] = EngineBlox.FunctionSchema({
+            functionSignature: "safeTransferFrom(address,address,uint256,bytes)",
+            functionSelector: SAFE_TRANSFER_FROM_SELECTOR,
+            operationType: ERC721_OPERATION,
+            operationName: "ERC721_SAFE_TRANSFER_FROM",
+            supportedActionsBitmap: actionsBitmap,
+            isProtected: true,
+            handlerForSelectors: safeTransferFromHandlers
+        });
+        schemas[2] = EngineBlox.FunctionSchema({
+            functionSignature: "mint(address,uint256)",
+            functionSelector: MINT_SELECTOR,
+            operationType: ERC721_OPERATION,
+            operationName: "ERC721_MINT",
+            supportedActionsBitmap: actionsBitmap,
+            isProtected: true,
+            handlerForSelectors: mintHandlers
+        });
+        schemas[3] = EngineBlox.FunctionSchema({
+            functionSignature: "burn(uint256)",
+            functionSelector: BURN_SELECTOR,
+            operationType: ERC721_OPERATION,
+            operationName: "ERC721_BURN",
+            supportedActionsBitmap: actionsBitmap,
+            isProtected: true,
+            handlerForSelectors: burnHandlers
+        });
+
+        return schemas;
+    }
+
+    /**
+     * @dev Returns role permissions for ERC721Blox execution selectors (OWNER and BROADCASTER).
+     */
+    function getRolePermissions() public pure returns (IDefinition.RolePermission memory) {
+        bytes32[] memory roleHashes = new bytes32[](8);
+        EngineBlox.FunctionPermission[] memory functionPermissions = new EngineBlox.FunctionPermission[](8);
+
+        EngineBlox.TxAction[] memory ownerTimeLockRequest = new EngineBlox.TxAction[](1);
+        ownerTimeLockRequest[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_REQUEST;
+        EngineBlox.TxAction[] memory ownerTimeLockApprove = new EngineBlox.TxAction[](1);
+        ownerTimeLockApprove[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_APPROVE;
+        EngineBlox.TxAction[] memory ownerTimeLockCancel = new EngineBlox.TxAction[](1);
+        ownerTimeLockCancel[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_CANCEL;
+        EngineBlox.TxAction[] memory ownerMetaSign = new EngineBlox.TxAction[](1);
+        ownerMetaSign[0] = EngineBlox.TxAction.SIGN_META_REQUEST_AND_APPROVE;
+        EngineBlox.TxAction[] memory ownerMetaApprove = new EngineBlox.TxAction[](1);
+        ownerMetaApprove[0] = EngineBlox.TxAction.SIGN_META_APPROVE;
+        EngineBlox.TxAction[] memory ownerMetaCancel = new EngineBlox.TxAction[](1);
+        ownerMetaCancel[0] = EngineBlox.TxAction.SIGN_META_CANCEL;
+        EngineBlox.TxAction[] memory broadcasterMetaExec = new EngineBlox.TxAction[](1);
+        broadcasterMetaExec[0] = EngineBlox.TxAction.EXECUTE_META_REQUEST_AND_APPROVE;
+        EngineBlox.TxAction[] memory broadcasterMetaApprove = new EngineBlox.TxAction[](1);
+        broadcasterMetaApprove[0] = EngineBlox.TxAction.EXECUTE_META_APPROVE;
+        EngineBlox.TxAction[] memory broadcasterMetaCancel = new EngineBlox.TxAction[](1);
+        broadcasterMetaCancel[0] = EngineBlox.TxAction.EXECUTE_META_CANCEL;
+
+        uint16 ownerBitmap = EngineBlox.createBitmapFromActions(ownerTimeLockRequest)
+            | EngineBlox.createBitmapFromActions(ownerTimeLockApprove)
+            | EngineBlox.createBitmapFromActions(ownerTimeLockCancel)
+            | EngineBlox.createBitmapFromActions(ownerMetaSign)
+            | EngineBlox.createBitmapFromActions(ownerMetaApprove)
+            | EngineBlox.createBitmapFromActions(ownerMetaCancel);
+        uint16 broadcasterBitmap = EngineBlox.createBitmapFromActions(broadcasterMetaExec)
+            | EngineBlox.createBitmapFromActions(broadcasterMetaApprove)
+            | EngineBlox.createBitmapFromActions(broadcasterMetaCancel);
+
+        bytes4[4] memory selectors = [TRANSFER_FROM_SELECTOR, SAFE_TRANSFER_FROM_SELECTOR, MINT_SELECTOR, BURN_SELECTOR];
+        for (uint256 i = 0; i < 4; i++) {
+            bytes4[] memory selfRef = new bytes4[](1);
+            selfRef[0] = selectors[i];
+            roleHashes[i] = EngineBlox.OWNER_ROLE;
+            functionPermissions[i] = EngineBlox.FunctionPermission({
+                functionSelector: selectors[i],
+                grantedActionsBitmap: ownerBitmap,
+                handlerForSelectors: selfRef
+            });
+        }
+        for (uint256 i = 0; i < 4; i++) {
+            bytes4[] memory selfRef = new bytes4[](1);
+            selfRef[0] = selectors[i];
+            roleHashes[4 + i] = EngineBlox.BROADCASTER_ROLE;
+            functionPermissions[4 + i] = EngineBlox.FunctionPermission({
+                functionSelector: selectors[i],
+                grantedActionsBitmap: broadcasterBitmap,
+                handlerForSelectors: selfRef
+            });
+        }
+
+        return IDefinition.RolePermission({
+            roleHashes: roleHashes,
+            functionPermissions: functionPermissions
+        });
+    }
+
+    /**
+     * @dev ERC165: report support for IDefinition when this library is used at an address
+     */
+    function supportsInterface(bytes4 interfaceId) external pure returns (bool) {
+        return interfaceId == type(IDefinition).interfaceId;
+    }
+}

package/core/research/lending-blox/.gitkeep

@@ -0,0 +1 @@
+# Placeholder to keep lending-blox directory in version control