npm - @etherisc/gif-next - Versions diffs - 0.0.2-e769e2e-077 → 0.0.2-e802d97-713 - Mend

@etherisc/gif-next 0.0.2-e769e2e-077 → 0.0.2-e802d97-713

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (378) hide show

package/contracts/registry/ReleaseManager.sol CHANGED Viewed

@@ -1,265 +1,370 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
+import {Create2} from "@openzeppelin/contracts/utils/Create2.sol";
+import {Clones} from "@openzeppelin/contracts/proxy/Clones.sol";
+import {IAccessManager} from "@openzeppelin/contracts/access/manager/IAccessManager.sol";
+import {Initializable} from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
 import {AccessManaged} from "@openzeppelin/contracts/access/manager/AccessManaged.sol";
+import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
 import {NftId} from "../type/NftId.sol";
-import {RoleId} from "../type/RoleId.sol";
-import {ObjectType, ObjectTypeLib, zeroObjectType, REGISTRY, SERVICE, STAKING} from "../type/ObjectType.sol";
+import {RoleId, ADMIN_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
+import {ObjectType, ObjectTypeLib, RELEASE, REGISTRY, SERVICE, STAKING} from "../type/ObjectType.sol";
+import {Version, VersionLib, VersionPart, VersionPartLib} from "../type/Version.sol";
+import {Timestamp, TimestampLib, zeroTimestamp, ltTimestamp} from "../type/Timestamp.sol";
+import {Seconds, SecondsLib} from "../type/Seconds.sol";
+import {StateId, INITIAL, SCHEDULED, DEPLOYING, ACTIVE} from "../type/StateId.sol";
 import {Version, VersionLib, VersionPart, VersionPartLib} from "../type/Version.sol";
-import {Timestamp, TimestampLib} from "../type/Timestamp.sol";
+import {IService} from "../shared/IService.sol";
+import {AccessManagerExtendedWithDisableInitializeable} from "../shared/AccessManagerExtendedWithDisableInitializeable.sol";
+import {ILifecycle} from "../shared/ILifecycle.sol";
+import {INftOwnable} from "../shared/INftOwnable.sol";
 import {IRegisterable} from "../shared/IRegisterable.sol";
 import {IRegistry} from "./IRegistry.sol";
+import {IRegistryLinked} from "../shared/IRegistryLinked.sol";
 import {IRegistryService} from "./IRegistryService.sol";
-import {IService} from "../shared/IService.sol";
-import {IStaking} from "../staking/IStaking.sol";
+import {RegistryAdmin} from "./RegistryAdmin.sol";
 import {Registry} from "./Registry.sol";
-import {RegistryAccessManager} from "./RegistryAccessManager.sol";
-import {ServiceAuthorizationsLib} from "./ServiceAuthorizationsLib.sol";
 import {TokenRegistry} from "./TokenRegistry.sol";
+import {ServiceAuthorizationsLib} from "./ServiceAuthorizationsLib.sol";
-contract ReleaseManager is AccessManaged
+contract ReleaseManager is
+    AccessManaged,
+    ILifecycle,
+    IRegistryLinked
 {
     using ObjectTypeLib for ObjectType;
-    event LogReleaseCreation(VersionPart version);
+    uint256 public constant INITIAL_GIF_VERSION = 3;
+    event LogReleaseCreation(VersionPart version, bytes32 salt, AccessManagerExtendedWithDisableInitializeable accessManager);
     event LogReleaseActivation(VersionPart version);
+    // constructor
+    error ErrorReleaseManagerNotRegistry(Registry registry);
     // createNextRelease
-    error NotRegistryService();
-    error UnexpectedServiceAuthority(address expected, address found);
+    error ErrorReleaseManagerReleaseCreationDisallowed(StateId currentStateId);
+    // prepareRelease
+    error ErrorReleaseManagerReleasePreparationDisallowed(StateId currentStateId);
+    error ErrorReleaseManagerReleaseAlreadyPrepared(VersionPart version);
     // register staking
-    error ErrorReleaseManagerStakingAlreadySet(address stakingAddress);
+    //error ErrorReleaseManagerStakingAlreadySet(address stakingAddress);
     // registerService
-    error NotService();
+    error ErrorReleaseManagerNoServiceRegistrationExpected();
+    error ErrorReleaseManagerServiceRegistrationDisallowed(StateId currentStateId);
+    error ErrorReleaseManagerNotService(IService service);
+    error ErrorReleaseManagerServiceAddressInvalid(IService given, address expected);
     // activateNextRelease
-    error ReleaseNotCreated();
-    error ReleaseRegistrationNotFinished();
+    error ErrorReleaseManagerReleaseActivationDisallowed(StateId currentStateId);
+    error ErrorReleaseManagerReleaseNotCreated(VersionPart releaseVersion);
+    error ErrorReleaseManagerReleaseRegistrationNotFinished(VersionPart releaseVersion, uint awaitingRegistration);
+    error ErrorReleaseManagerReleaseAlreadyActivated(VersionPart releaseVersion);
-    // _getAndVerifyContractInfo
-    error ErrorReleaseManagerUnexpectedRegisterableAddress(address expected, address actual);
-    error ErrorReleaseManagerIsInterceptorTrue();
-    error UnexpectedRegisterableType(ObjectType expected, ObjectType found);
-    error NotRegisterableOwner(address expectedOwner, address actualOwner);
-    error SelfRegistration();
-    error RegisterableOwnerIsRegistered();
+    // disableRelease
+    error ErrorReleaseManagerReleaseNotActivated(VersionPart releaseVersion);
+    error ErrorReleaseManagerReleaseAlreadyDisabled(VersionPart releaseVersion);
     // _verifyService
-    error UnexpectedServiceVersion(VersionPart expected, VersionPart found);
-    error UnexpectedServiceDomain(ObjectType expected, ObjectType found);
-    // _verifyAndStoreConfig
-    error ConfigMissing();
-    error ConfigServiceDomainInvalid(uint configArrayIndex, ObjectType domain);
-    error ConfigSelectorZero(uint configArrayIndex);
-    error SelectorAlreadyExists(VersionPart releaseVersion, ObjectType serviceDomain);
-    RegistryAccessManager private immutable _accessManager;
-    Registry private immutable _registry;
-    TokenRegistry private immutable _tokenRegistry;
-    IStaking private _staking;
-    VersionPart immutable _initial;// first active major version
-    VersionPart _latest;// latest active major version
-    VersionPart _next;// major version to create and activate
+    error ErrorReleaseManagerServiceReleaseAuthorityMismatch(IService service, address serviceAuthority, address releaseAuthority);
+    error ErrorReleaseManagerServiceReleaseVersionMismatch(IService service, VersionPart serviceVersion, VersionPart releaseVersion);
+    // _verifyServiceInfo
+    error ErrorReleaseManagerServiceInfoAddressInvalid(IService service, address expected);
+    error ErrorReleaseManagerServiceInfoInterceptorInvalid(IService service, bool isInterceptor);
+    error ErrorReleaseManagerServiceInfoTypeInvalid(IService service, ObjectType expected, ObjectType found);
+    error ErrorReleaseManagerServiceInfoOwnerInvalid(IService service, address expected, address found);
+    error ErrorReleaseManagerServiceSelfRegistration(IService service);
+    error ErrorReleaseManagerServiceOwnerRegistered(IService service, address owner);
+    // _verifyReleaseAuthorizations
+    error ErrorReleaseManagerReleaseEmpty();
+    error ErrorReleaseManagerReleaseServiceRoleInvalid(uint serviceIdx, address service, RoleId role);
+    Seconds public constant MIN_DISABLE_DELAY = Seconds.wrap(60 * 24 * 365); // 1 year
+    RegistryAdmin public immutable _admin;
+    address public immutable _releaseAccessManagerCodeAddress;
+    Registry public immutable _registry;
+    IRegisterable private _staking;
+    address private _stakingOwner;
+    mapping(VersionPart version => AccessManagerExtendedWithDisableInitializeable accessManager) internal _releaseAccessManager;
+    mapping(VersionPart version => IRegistry.ReleaseInfo info) internal _releaseInfo;
+    mapping(address registryService => VersionPart version) _releaseVersionByAddress;
+    VersionPart immutable internal _initial;// first active version
+    VersionPart internal _latest; // latest active version
+    VersionPart internal _next; // version to create and activate
+    StateId internal _state; // current state of release manager
+    uint256 internal _awaitingRegistration; // "services left to register" counter
+    // deployer of this contract must be gif admin
+    constructor(Registry registry)
+        AccessManaged(msg.sender)
+    {
+        // TODO move this part to RegistryLinked constructor
+        if(!_isRegistry(address(registry))) {
+            revert ErrorReleaseManagerNotRegistry(registry);
+        }
-    mapping(VersionPart majorVersion => IRegistry.ReleaseInfo info) _release;
+        _registry = registry;
+        setAuthority(_registry.getAuthority());
+        _admin = RegistryAdmin(_registry.getRegistryAdminAddress());
-    // registry service function selector assigned to domain
-    mapping(VersionPart majorVersion => mapping(ObjectType serviceDomain => bytes4[])) _selectors;
+        _initial = VersionPartLib.toVersionPart(INITIAL_GIF_VERSION);
+        _next = VersionPartLib.toVersionPart(INITIAL_GIF_VERSION - 1);
+        _state = getInitialState(RELEASE());
+        AccessManagerExtendedWithDisableInitializeable masterReleaseAccessManager = new AccessManagerExtendedWithDisableInitializeable();
+        masterReleaseAccessManager.initialize(_registry.NFT_LOCK_ADDRESS(), VersionLib.toVersionPart(0));
+        //masterReleaseAccessManager.disable();
+        _releaseAccessManagerCodeAddress = address(masterReleaseAccessManager);
+    }
-    uint _awaitingRegistration; // "services left to register" counter
+    /// @dev skips previous release if was not activated
+    /// sets release manager into state SCHEDULED
+    function createNextRelease()
+        external
+        restricted() // GIF_ADMIN_ROLE
+        returns(VersionPart)
+    {
+        if (!isValidTransition(RELEASE(), _state, SCHEDULED())) {
+            revert ErrorReleaseManagerReleaseCreationDisallowed(_state);
+        }
-    mapping(address registryService => bool isActive) _active;
+        _next = VersionPartLib.toVersionPart(_next.toInt() + 1);
+        _awaitingRegistration = 0;
+        _state = SCHEDULED();
-    mapping(VersionPart majorVersion => bool isValid) _valid; // TODO refactor to use _active only
+        return _next;
+    }
-    constructor(
-        RegistryAccessManager accessManager,
-        VersionPart initialVersion
+    // TODO order of events
+    function prepareNextRelease(
+        address[] memory addresses,
+        string[] memory names,
+        RoleId[][] memory serviceRoles,
+        string[][] memory serviceRoleNames,
+        RoleId[][] memory functionRoles,
+        string[][] memory functionRoleNames,
+        bytes4[][][] memory selectors,
+        bytes32 salt
     )
-        AccessManaged(accessManager.authority())
+        external
+        restricted() // GIF_MANAGER_ROLE
+        returns(
+            address releaseAccessManagerAddress,
+            VersionPart version,
+            bytes32 releaseSalt
+        )
     {
-        require(initialVersion.toInt() > 0, "ReleaseManager: initial version is 0");
+        version = getNextVersion();
-        _accessManager = accessManager;
+        // ensures unique salt
+        releaseSalt = keccak256(
+            bytes.concat(
+                bytes32(version.toInt()),
+                salt));
-        _initial = initialVersion;
-        _next = initialVersion;
+        releaseAccessManagerAddress = Clones.cloneDeterministic(_releaseAccessManagerCodeAddress, releaseSalt);
+        AccessManagerExtendedWithDisableInitializeable releaseAccessManager = AccessManagerExtendedWithDisableInitializeable(releaseAccessManagerAddress);
+        releaseAccessManager.initialize(address(this), version);
+        if (!isValidTransition(RELEASE(), _state, DEPLOYING())) {
+            revert ErrorReleaseManagerReleasePreparationDisallowed(_state);
+        }
-        _registry = new Registry();
-        _tokenRegistry = new TokenRegistry(address(_registry));
+        _verifyReleaseAuthorizations(addresses, serviceRoles, functionRoles, selectors);
-        _registry.setTokenRegistry(address(_tokenRegistry));
+        if(_awaitingRegistration > 0) {
+            revert ErrorReleaseManagerReleaseAlreadyPrepared(version);
+        }
+        // TODO instead of copying just set ServiceAuthorizationsLib for release and array of domains???
+        _releaseInfo[version].version = version;
+        _releaseInfo[version].salt = releaseSalt;
+        _releaseInfo[version].addresses = addresses;
+        _releaseInfo[version].names = names;
+        _releaseInfo[version].serviceRoles = serviceRoles;
+        _releaseInfo[version].serviceRoleNames = serviceRoleNames;
+        _releaseInfo[version].functionRoles = functionRoles;
+        _releaseInfo[version].functionRoleNames = functionRoleNames;
+        _releaseInfo[version].selectors = selectors;
+        _awaitingRegistration = addresses.length;
+        _state = DEPLOYING();
+        _releaseAccessManager[version] = releaseAccessManager;
+        emit LogReleaseCreation(version, releaseSalt, releaseAccessManager);
     }
-    function registerStaking(
-        address stakingAddress,
-        address stakingOwner
-    )
+    function registerService(IService service)
         external
-        restricted // GIF_ADMIN_ROLE
+        restricted // GIF_MANAGER_ROLE
         returns(NftId nftId)
     {
-        // verify staking contract
-        _getAndVerifyContractInfo(stakingAddress, STAKING(), stakingOwner);
-        _staking = IStaking(stakingAddress);
+        if (!isValidTransition(RELEASE(), _state, DEPLOYING())) {
+            revert ErrorReleaseManagerServiceRegistrationDisallowed(_state);
+        }
-        nftId = _registry.registerStaking(
-            stakingAddress,
-            stakingOwner);
+        (
+            IRegistry.ObjectInfo memory info,
+            ObjectType domain,
+            VersionPart version
+        ) = _verifyService(service);
-        _staking.linkToRegisteredNftId();
-    }
-    /// @dev skips previous release if was not activated
-    function createNextRelease()
-        external
-        restricted // GIF_ADMIN_ROLE
-    {
-        // allow to register new registry service for next version
-        // TODO check/test: assignment to _next likely missing ...
-        VersionPartLib.toVersionPart(_next.toInt() + 1);
+        // redundant with state var
+        if (_awaitingRegistration == 0) {
+            revert ErrorReleaseManagerNoServiceRegistrationExpected();
+        }
-        // disallow registration of regular services for next version while registry service is not registered
-        _awaitingRegistration = 0;
+        uint serviceIdx = _awaitingRegistration - 1;
+        address serviceAddress = _releaseInfo[version].addresses[serviceIdx];
+        // TODO temp, while typescript addresses computation is not implemented
+        /*if(address(service) != serviceAddress) {
+            revert ErrorReleaseManagerServiceAddressInvalid(service, serviceAddress);
+        }*/
+        _setServiceAuthorizations(
+            _releaseAccessManager[version],
+            // TODO temp, while typescript addresses computation is not implemented
+            address(service),//serviceAddress,
+            _releaseInfo[version].names[serviceIdx],
+            _releaseInfo[version].serviceRoles[serviceIdx],
+            _releaseInfo[version].serviceRoleNames[serviceIdx],
+            _releaseInfo[version].functionRoles[serviceIdx],
+            _releaseInfo[version].functionRoleNames[serviceIdx],
+            _releaseInfo[version].selectors[serviceIdx]);
+        // TODO decide for one of the approaches
+        // // service to service authorization
+        // ServiceAuthorizationsLib.ServiceAuthorization memory authz = ServiceAuthorizationsLib.getAuthorizations(domain);
+        // for(uint8 idx = 0; idx < authz.authorizedRole.length; idx++) {
+        //     _accessManager.setTargetFunctionRole(
+        //         address(service),
+        //         authz.authorizedSelectors[idx],
+        //         authz.authorizedRole[idx]);
+        // }
+        _awaitingRegistration = serviceIdx;
+        // TODO end state depends on (_awaitingRegistration == 0)
+        _state = DEPLOYING();
+        // checked in registry
+        _releaseInfo[version].domains.push(domain);
+        nftId = _registry.registerService(info, version, domain);
-        emit LogReleaseCreation(_next);
+        service.linkToRegisteredNftId();
     }
     function activateNextRelease()
         external
         restricted // GIF_ADMIN_ROLE
     {
+        if (!isValidTransition(RELEASE(), _state, ACTIVE())) {
+            revert ErrorReleaseManagerReleaseActivationDisallowed(_state);
+        }
         VersionPart version = _next;
         address service = _registry.getServiceAddress(REGISTRY(), version);
-        // release was created
+        // release exists, registry service is a MUST
+        //if(_releaseAccessManager[version] == address(0)) {
         if(service == address(0)) {
-            revert ReleaseNotCreated();
+            revert ErrorReleaseManagerReleaseNotCreated(version);
         }
         // release fully deployed
         if(_awaitingRegistration > 0) {
-            revert ReleaseRegistrationNotFinished();
+            revert ErrorReleaseManagerReleaseRegistrationNotFinished(version, _awaitingRegistration);
         }
-        //setTargetClosed(service, false);
+        // release is not activated
+        if(_releaseInfo[version].activatedAt.gtz()) {
+            revert ErrorReleaseManagerReleaseAlreadyActivated(version);
+        }
         _latest = version;
+        _state = ACTIVE();
-        _active[service] = true;
-        _valid[version] = true;
+        _releaseVersionByAddress[service] = version;
+        _releaseInfo[version].activatedAt = TimestampLib.blockTimestamp();
         emit LogReleaseActivation(version);
     }
-    // TODO implement reliable way this function can only be called directly after createNextRelease()
-    // IMPORTANT: MUST never be possible to create with access/release manager, token registry
-    // callable once per release after release creation
-    // can not register regular services
-    function registerRegistryService(IRegistryService service)
+    // release becomes disabled after delay expiration (can be reenabled before that)
+    function disableRelease(VersionPart version, Seconds disableDelay)
         external
-        restricted // GIF_MANAGER_ROLE
-        returns(NftId nftId)
+        restricted // GIF_ADMIN_ROLE
     {
-        if(!service.supportsInterface(type(IRegistryService).interfaceId)) {
-            revert NotRegistryService();
+        // release was activated
+        if(_releaseInfo[version].activatedAt.eqz()) {
+            revert ErrorReleaseManagerReleaseNotActivated(version);
         }
-        // TODO unreliable! MUST guarantee the same authority -> how?
-        address serviceAuthority = service.authority();
-        if(serviceAuthority != authority()) {
-            revert UnexpectedServiceAuthority(
-                authority(),
-                serviceAuthority);
+        // release not disabled already
+        if(_releaseInfo[version].disabledAt.gtz()) {
+            revert ErrorReleaseManagerReleaseAlreadyDisabled(version);
         }
-        IRegistry.ObjectInfo memory info = _getAndVerifyContractInfo(address(service), SERVICE(), msg.sender);
+        disableDelay = SecondsLib.toSeconds(Math.max(disableDelay.toInt(), MIN_DISABLE_DELAY.toInt()));
-        VersionPart majorVersion = _next;
-        ObjectType domain = REGISTRY();
-        _verifyService(service, majorVersion, domain);
-        _createRelease(service.getFunctionConfigs());
-        nftId = _registry.registerService(info, majorVersion, domain);
+        _releaseAccessManager[version].disable(disableDelay);
-        // external call
-        service.linkToRegisteredNftId();
+        _releaseInfo[version].disabledAt = TimestampLib.blockTimestamp().addSeconds(disableDelay);
     }
-    // TODO adding service to release -> synchronized with proxy upgrades or simple addServiceToRelease(service, version, selector)?
-    // TODO removing service from release? -> set _active to false forever, but keep all other records?
-    function registerService(IService service)
+    function enableRelease(VersionPart version)
         external
-        restricted // GIF_MANAGER_ROLE
-        returns(NftId nftId)
+        restricted // GIF_ADMIN_ROLE
     {
-        if(!service.supportsInterface(type(IService).interfaceId)) {
-            revert NotService();
-        }
+        // release was disabled
+        //if(_releaseInfo[version].disabledAt.eqz()) {
+        //    revert ErrorReleaseManagerReleaseAlreadyEnabled(version);
+        //}
-        IRegistry.ObjectInfo memory info = _getAndVerifyContractInfo(address(service), SERVICE(), msg.sender);
-        VersionPart majorVersion = getNextVersion();
-        ObjectType domain = _release[majorVersion].domains[_awaitingRegistration];// reversed registration order of services specified in RegistryService config
-        _verifyService(service, majorVersion, domain);
-        // setup and grant unique role if service does registrations
-        bytes4[] memory selectors = _selectors[majorVersion][domain];
-        address registryService = _registry.getServiceAddress(REGISTRY(), majorVersion);
-        if(selectors.length > 0) {
-            _accessManager.setAndGrantUniqueRole(
-                address(service),
-                registryService,
-                selectors);
-        }
+        // reverts if disable delay expired
+        _releaseAccessManager[version].enable();
-        // service to service authorization
-        ServiceAuthorizationsLib.ServiceAuthorization memory authz = ServiceAuthorizationsLib.getAuthorizations(domain);
-        for(uint8 idx = 0; idx < authz.authorizedRole.length; idx++) {
-            _accessManager.setTargetFunctionRole(
-                address(service),
-                authz.authorizedSelectors[idx],
-                authz.authorizedRole[idx]);
-        }
-        _awaitingRegistration--;
-        nftId = _registry.registerService(info, majorVersion, domain);
-        // external call
-        service.linkToRegisteredNftId();
+        _releaseInfo[version].disabledAt = zeroTimestamp();
     }
     //--- view functions ----------------------------------------------------//
-    function isActiveRegistryService(address service) external view returns(bool)
-    {
-        return _active[service];
+    function predictDeterministicAddress(
+        address implementation,
+        bytes32 salt,
+        address deployer
+    ) external pure returns (address predicted) {
+        return Clones.predictDeterministicAddress(implementation, salt, deployer);
     }
-    function isValidRelease(VersionPart version) external view returns(bool)
-    {
-        return _valid[version];
+    function isActiveRegistryService(address service) external view returns(bool) {
+        VersionPart version = _releaseVersionByAddress[service];
+        return isActiveRelease(version);
     }
-    function getRegistryAddress() external view returns(address)
-    {
-        return address(_registry);
+    function isActiveRelease(VersionPart version) public view returns(bool) {
+        return _releaseInfo[version].activatedAt.gtz();
     }
-    function getReleaseInfo(VersionPart version) external view returns(IRegistry.ReleaseInfo memory)
-    {
-        return _release[version];
+    function getReleaseInfo(VersionPart version) external view returns(IRegistry.ReleaseInfo memory) {
+        return _releaseInfo[version];
     }
-    function getNextVersion() public view returns(VersionPart)
-    {
+    function getNextVersion() public view returns(VersionPart) {
         return _next;
     }
@@ -271,105 +376,225 @@ contract ReleaseManager is AccessManaged
         return _initial;
     }
-    //--- private functions ----------------------------------------------------//
+    function getState() external view returns (StateId stateId) {
+        return _state;
+    }
-    function _getAndVerifyContractInfo(
-        address registerableAddress,
-        ObjectType expectedType,
-        address expectedOwner // assume always valid, can not be 0
+    function getRemainingServicesToRegister() external view returns (uint256 services) {
+        return _awaitingRegistration;
+    }
+    function getReleaseAccessManager(VersionPart version) external view returns(AccessManagerExtendedWithDisableInitializeable) {
+        return _releaseAccessManager[version];
+    }
+    // TODO tokenr registry knows nothing about adfmin, only registry
+    function getRegistryAdmin() external view returns (address) {
+        return address(_admin);
+    }
+    //--- IRegistryLinked ------------------------------------------------------//
+    function getRegistry() external view returns (IRegistry) {
+        return _registry;
+    }
+    //--- ILifecycle -----------------------------------------------------------//
+    function hasLifecycle(ObjectType objectType) external pure returns (bool) { return objectType == RELEASE(); }
+    function getInitialState(ObjectType objectType) public pure returns (StateId stateId) {
+        if (objectType == RELEASE()) {
+            stateId = INITIAL();
+        }
+    }
+    function isValidTransition(
+        ObjectType objectType,
+        StateId fromId,
+        StateId toId
     )
+        public
+        pure
+        returns (bool isValid)
+    {
+        if (objectType != RELEASE()) { return false; }
+        if (fromId == INITIAL() && toId == SCHEDULED()) { return true; }
+        if (fromId == SCHEDULED() && toId == DEPLOYING()) { return true; }
+        if (fromId == DEPLOYING() && toId == SCHEDULED()) { return true; }
+        if (fromId == DEPLOYING() && toId == DEPLOYING()) { return true; }
+        if (fromId == DEPLOYING() && toId == ACTIVE()) { return true; }
+        // TODO active -> scheduled missing, add tests to cover this and more scenarios (#358)
+        return false;
+    }
+    //--- private functions ----------------------------------------------------//
+    function _verifyService(IService service)
         internal
-        // view
+        view
         returns(
-            IRegistry.ObjectInfo memory info
+            IRegistry.ObjectInfo memory serviceInfo,
+            ObjectType serviceDomain,
+            VersionPart serviceVersion
         )
     {
-        info = IRegisterable(registerableAddress).getInitialInfo();
+        if(!service.supportsInterface(type(IService).interfaceId)) {
+            revert ErrorReleaseManagerNotService(service);
+        }
-        if(info.objectAddress != registerableAddress) {
-            revert ErrorReleaseManagerUnexpectedRegisterableAddress(registerableAddress, info.objectAddress);
+        address owner = msg.sender;
+        address serviceAuthority = service.authority();
+        serviceVersion = service.getVersion().toMajorPart();
+        serviceDomain = service.getDomain();// checked in registry
+        serviceInfo = service.getInitialInfo();
+        _verifyServiceInfo(service, serviceInfo, owner);
+        VersionPart releaseVersion = getNextVersion(); // never 0
+        address releaseAuthority = address(_releaseAccessManager[releaseVersion]); // can be zero if registering service when release is not created
+        // IMPORTANT: can not guarantee service access is actually controlled by authority
+        if(serviceAuthority != releaseAuthority) {
+            revert ErrorReleaseManagerServiceReleaseAuthorityMismatch(
+                service,
+                serviceAuthority,
+                releaseAuthority);
         }
-        if(info.isInterceptor) {
-            revert ErrorReleaseManagerIsInterceptorTrue();
+        if(serviceVersion != releaseVersion) {
+            revert ErrorReleaseManagerServiceReleaseVersionMismatch(
+                service,
+                serviceVersion,
+                releaseVersion);
         }
+    }
-        if(info.objectType != expectedType) {// type is checked in registry anyway...but service logic may depend on expected value
-            revert UnexpectedRegisterableType(expectedType, info.objectType);
+    function _verifyServiceInfo(
+        IService service,
+        IRegistry.ObjectInfo memory info,
+        address expectedOwner // assume always valid, can not be 0
+    )
+        internal
+        view
+    {
+        if(info.objectAddress != address(service)) {
+            revert ErrorReleaseManagerServiceInfoAddressInvalid(service, address(service));
+        }
+        if(info.isInterceptor != false) { // service is never interceptor
+            revert ErrorReleaseManagerServiceInfoInterceptorInvalid(service, info.isInterceptor);
+        }
+        if(info.objectType != SERVICE()) {// type is checked in registry anyway...but service logic may depend on expected value
+            revert ErrorReleaseManagerServiceInfoTypeInvalid(service, SERVICE(), info.objectType);
         }
         address owner = info.initialOwner;
         if(owner != expectedOwner) { // registerable owner protection
-            revert NotRegisterableOwner(expectedOwner, owner);
+            revert ErrorReleaseManagerServiceInfoOwnerInvalid(service, expectedOwner, owner);
         }
-        if(owner == address(registerableAddress)) {
-            revert SelfRegistration();
+        if(owner == address(service)) {
+            revert ErrorReleaseManagerServiceSelfRegistration(service);
         }
         if(_registry.isRegistered(owner)) {
-            revert RegisterableOwnerIsRegistered();
+            revert ErrorReleaseManagerServiceOwnerRegistered(service, owner);
         }
     }
-    function _verifyService(
-        IService service,
-        VersionPart expectedVersion,
-        ObjectType expectedDomain
+    function _verifyReleaseAuthorizations(
+        address[] memory serviceAddress,
+        RoleId[][] memory serviceRoles,
+        RoleId[][] memory functionRoles,
+        bytes4[][][] memory selectors
     )
         internal
-        view
-        returns(ObjectType)
+        pure
     {
-        Version version = service.getVersion();
-        VersionPart majorVersion = version.toMajorPart();
-        if(majorVersion != expectedVersion) {
-            revert UnexpectedServiceVersion(expectedVersion, majorVersion);
+        if(serviceAddress.length == 0) {
+            revert ErrorReleaseManagerReleaseEmpty();
         }
-        if(service.getDomain() != expectedDomain) {
-            revert UnexpectedServiceDomain(expectedDomain, service.getDomain());
+        for(uint serviceIdx = 0; serviceIdx < serviceAddress.length; serviceIdx++)
+        {
+            for(uint roleIdx = 0; roleIdx < serviceRoles[serviceIdx].length; roleIdx++)
+            {
+                RoleId role = serviceRoles[serviceIdx][roleIdx];
+                if(role == ADMIN_ROLE() || role == PUBLIC_ROLE()) {
+                    revert ErrorReleaseManagerReleaseServiceRoleInvalid(serviceIdx, serviceAddress[serviceIdx], role);
+                }
+            }
         }
-        return expectedDomain;
+        // TODO no duplicate service "domain" role per release
+        // TODO no duplicate service roles per service
+        // TODO no duplicate service function roles per service
+        // TODO no duplicate service function selectors per service
     }
-    // TODO check if registry supports types specified in the config array
-    function _createRelease(IRegistryService.FunctionConfig[] memory config)
+    function _setServiceAuthorizations(
+        AccessManagerExtendedWithDisableInitializeable accessManager, // release access manager
+        address serviceAddress,
+        string memory serviceName,
+        RoleId[] memory serviceRoles,
+        string[] memory serviceRoleNames,
+        RoleId[] memory functionRoles,
+        string[] memory functionRoleNames,
+        bytes4[][] memory selectors
+    )
         internal
     {
-        VersionPart version = getNextVersion();
+        accessManager.createTarget(serviceAddress, serviceName);
+        for(uint idx = 0; idx < functionRoles.length; idx++)
+        {
+            uint64 roleInt = functionRoles[idx].toInt();
+            if(!accessManager.isRoleExists(roleInt)) {
+                accessManager.createRole(roleInt, functionRoleNames[idx]);
+            }
-        if(config.length == 0) {
-            revert ConfigMissing();
+            accessManager.setTargetFunctionRole(
+                serviceAddress,
+                selectors[idx],
+                functionRoles[idx].toInt());
         }
-        // always in release
-        _release[version].domains.push(REGISTRY());
-        for(uint idx = 0; idx < config.length; idx++)
+        for(uint idx = 0; idx < serviceRoles.length; idx++)
         {
-            ObjectType domain = config[idx].serviceDomain;
-            // not "registry service" / zero domain
-            if(
-                domain == REGISTRY() ||
-                domain.eqz()
-            ) { revert ConfigServiceDomainInvalid(idx, domain); }
-            bytes4[] memory selectors = config[idx].authorizedSelectors;
-            // TODO can be zero -> e.g. duplicate domain, first with zero selector, second with non zero selector -> need to check _release[version].domains.contains(domain) instead
-            // no overwrite
-            if(_selectors[version][domain].length > 0) {
-                revert SelectorAlreadyExists(version, domain);
+            uint64 roleInt = serviceRoles[idx].toInt();
+            if(!accessManager.isRoleExists(roleInt)) {
+                accessManager.createRole(roleInt, serviceRoleNames[idx]);
             }
-            _selectors[version][domain] = selectors;
-            _release[version].domains.push(domain);
+            accessManager.grantRole(
+                serviceRoles[idx].toInt(),
+                serviceAddress,
+                0);
+        }
+    }
+    // returns true iff a the address passes some simple proxy tests.
+    function _isRegistry(address registryAddress) internal view returns (bool) {
+        // zero address is certainly not registry
+        if (registryAddress == address(0)) {
+            return false;
+        }
+        // TODO try catch and return false in case of revert
+        // a just panic
+        // check if contract returns a zero nft id for its own address
+        if (IRegistry(registryAddress).getNftId(registryAddress).eqz()) {
+            return false;
         }
-        // TODO set when activated?
-        _release[version].createdAt = TimestampLib.blockTimestamp();
-        //_release[version].updatedAt = TimestampLib.blockTimestamp();
-        _awaitingRegistration = config.length;
+        return true;
     }
 }