@layerzerolabs/protocol-stellar-v2 0.2.40 → 0.2.41

package/contracts/macro-integration-tests/tests/runtime/oapp/mod.rs

@@ -1,7 +1,12 @@
 use endpoint_v2::Origin;
+use oapp::oapp_core::OAPP_ADMIN_ROLE;
 use oapp::oapp_receiver::LzReceiveInternal;
 use oapp_macros::oapp;
-use soroban_sdk::{contractimpl, symbol_short, Address, Bytes, BytesN, Env};
+use soroban_sdk::{
+    contractimpl, symbol_short,
+    testutils::{MockAuth, MockAuthInvoke},
+    Address, Bytes, BytesN, Env, IntoVal, Symbol,
+};
 
 mod oapp_core;
 mod options_type3;
@@ -46,3 +51,19 @@ impl TestOApp {
         env.storage().instance().get(&symbol_short!("lzr_c")).unwrap_or(false)
     }
 }
+
+/// Grants `OAPP_ADMIN_ROLE` to `owner` via the public `grant_role` interface.
+/// Call after `init()` in tests that exercise RBAC-protected entrypoints.
+pub fn grant_oapp_admin(env: &Env, contract: &Address, owner: &Address) {
+    let role = Symbol::new(env, OAPP_ADMIN_ROLE);
+    env.mock_auths(&[MockAuth {
+        address: owner,
+        invoke: &MockAuthInvoke {
+            contract,
+            fn_name: "grant_role",
+            args: (owner, &role, owner).into_val(env),
+            sub_invokes: &[],
+        },
+    }]);
+    utils::rbac::RoleBasedAccessControlClient::new(env, contract).grant_role(owner, &role, owner);
+}

package/contracts/macro-integration-tests/tests/runtime/oapp/oapp_core.rs

@@ -1,6 +1,6 @@
 // Runtime tests: OAppCore behavior generated by `#[oapp]`.
 
-use super::{TestOApp, TestOAppClient};
+use super::{grant_oapp_admin, TestOApp, TestOAppClient};
 use oapp::oapp_core::{OAppCoreStorage, PeerSet};
 use soroban_sdk::{
     contract, contractimpl,
@@ -64,6 +64,7 @@ fn set_peer_requires_auth_and_updates_storage() {
     let owner = Address::generate(&env);
     let endpoint = Address::generate(&env);
     client.init(&owner, &endpoint);
+    grant_oapp_admin(&env, &contract_id, &owner);
 
     let eid: u32 = 101;
     let peer = Some(BytesN::<32>::from_array(&env, &[7u8; 32]));
@@ -72,7 +73,7 @@ fn set_peer_requires_auth_and_updates_storage() {
     assert_eq!(client.peer(&eid), None);
 
     // Unauthorized set should fail.
-    let unauthorized = client.try_set_peer(&eid, &peer);
+    let unauthorized = client.try_set_peer(&eid, &peer, &owner);
     assert_eq!(
         unauthorized.unwrap_err().unwrap(),
         Error::from_type_and_code(ScErrorType::Context, ScErrorCode::InvalidAction)
@@ -85,11 +86,11 @@ fn set_peer_requires_auth_and_updates_storage() {
             invoke: &MockAuthInvoke {
                 contract: &contract_id,
                 fn_name: "set_peer",
-                args: (&eid, &peer).into_val(&env),
+                args: (&eid, &peer, &owner).into_val(&env),
                 sub_invokes: &[],
             },
         }])
-        .set_peer(&eid, &peer);
+        .set_peer(&eid, &peer, &owner);
 
     // Assert event before any other contract call (Soroban events are per-call).
     assert_contains_event(&env, &contract_id, PeerSet { eid, peer: peer.clone() });
@@ -106,11 +107,11 @@ fn set_peer_requires_auth_and_updates_storage() {
         invoke: &MockAuthInvoke {
             contract: &contract_id,
             fn_name: "set_peer",
-            args: (&eid, &none).into_val(&env),
+            args: (&eid, &none, &owner).into_val(&env),
             sub_invokes: &[],
         },
     }]);
-    client.set_peer(&eid, &none);
+    client.set_peer(&eid, &none, &owner);
     assert_contains_event(&env, &contract_id, PeerSet { eid, peer: None });
     env.as_contract(&contract_id, || {
         assert_eq!(OAppCoreStorage::peer(&env, eid), None);
@@ -128,10 +129,11 @@ fn set_delegate_requires_auth_and_updates_endpoint() {
 
     let owner = Address::generate(&env);
     client.init(&owner, &endpoint_id);
+    grant_oapp_admin(&env, &contract_id, &owner);
 
     // Unauthorized set should fail.
     let delegate = Some(Address::generate(&env));
-    let unauthorized = client.try_set_delegate(&delegate);
+    let unauthorized = client.try_set_delegate(&delegate, &owner);
     assert_eq!(
         unauthorized.unwrap_err().unwrap(),
         Error::from_type_and_code(ScErrorType::Context, ScErrorCode::InvalidAction)
@@ -144,11 +146,11 @@ fn set_delegate_requires_auth_and_updates_endpoint() {
             invoke: &MockAuthInvoke {
                 contract: &contract_id,
                 fn_name: "set_delegate",
-                args: (&delegate,).into_val(&env),
+                args: (&delegate, &owner).into_val(&env),
                 sub_invokes: &[],
             },
         }])
-        .set_delegate(&delegate);
+        .set_delegate(&delegate, &owner);
 
     assert_eq!(endpoint_client.delegate(&contract_id), delegate);
 
@@ -160,11 +162,11 @@ fn set_delegate_requires_auth_and_updates_endpoint() {
             invoke: &MockAuthInvoke {
                 contract: &contract_id,
                 fn_name: "set_delegate",
-                args: (&none,).into_val(&env),
+                args: (&none, &owner).into_val(&env),
                 sub_invokes: &[],
             },
         }])
-        .set_delegate(&none);
+        .set_delegate(&none, &owner);
 
     assert_eq!(endpoint_client.delegate(&contract_id), None);
 }

package/contracts/macro-integration-tests/tests/runtime/oapp/options_type3.rs

@@ -1,6 +1,6 @@
 // Runtime tests: OAppOptionsType3 defaults generated by `#[oapp]`.
 
-use super::{TestOApp, TestOAppClient};
+use super::{grant_oapp_admin, TestOApp, TestOAppClient};
 use oapp::oapp_options_type3::{EnforcedOptionParam, EnforcedOptionSet};
 use oapp::OAppError;
 use soroban_sdk::{
@@ -28,6 +28,7 @@ fn enforced_options_lifecycle_and_auth() {
 
     let owner = Address::generate(&env);
     client.init(&owner, &Address::generate(&env));
+    grant_oapp_admin(&env, &contract_id, &owner);
 
     // Unset returns None (storage default).
     assert_eq!(client.enforced_options(&999, &999), None);
@@ -41,7 +42,7 @@ fn enforced_options_lifecycle_and_auth() {
     ];
 
     // Unauthorized set should fail (only_auth).
-    assert!(client.try_set_enforced_options(&params).is_err());
+    assert!(client.try_set_enforced_options(&params, &owner).is_err());
 
     // Non-owner authorized should also fail.
     let non_owner = Address::generate(&env);
@@ -50,11 +51,11 @@ fn enforced_options_lifecycle_and_auth() {
         invoke: &MockAuthInvoke {
             contract: &contract_id,
             fn_name: "set_enforced_options",
-            args: (&params,).into_val(&env),
+            args: (&params, &non_owner).into_val(&env),
             sub_invokes: &[],
         },
     }]);
-    assert!(client.try_set_enforced_options(&params).is_err());
+    assert!(client.try_set_enforced_options(&params, &non_owner).is_err());
 
     // Owner-authorized set should succeed.
     env.mock_auths(&[MockAuth {
@@ -62,11 +63,11 @@ fn enforced_options_lifecycle_and_auth() {
         invoke: &MockAuthInvoke {
             contract: &contract_id,
             fn_name: "set_enforced_options",
-            args: (&params,).into_val(&env),
+            args: (&params, &owner).into_val(&env),
             sub_invokes: &[],
         },
     }]);
-    client.set_enforced_options(&params);
+    client.set_enforced_options(&params, &owner);
 
     assert_contains_event(&env, &contract_id, EnforcedOptionSet { enforced_options: params.clone() });
 
@@ -82,6 +83,7 @@ fn set_enforced_options_rejects_invalid_option_type() {
 
     let owner = Address::generate(&env);
     client.init(&owner, &Address::generate(&env));
+    grant_oapp_admin(&env, &contract_id, &owner);
 
     // wrong type header (not 3)
     let mut invalid = Bytes::from_array(&env, &(4u16).to_be_bytes());
@@ -94,11 +96,11 @@ fn set_enforced_options_rejects_invalid_option_type() {
         invoke: &MockAuthInvoke {
             contract: &contract_id,
             fn_name: "set_enforced_options",
-            args: (&params,).into_val(&env),
+            args: (&params, &owner).into_val(&env),
             sub_invokes: &[],
         },
     }]);
-    let result = client.try_set_enforced_options(&params);
+    let result = client.try_set_enforced_options(&params, &owner);
     assert_eq!(result.err().unwrap().ok().unwrap(), OAppError::InvalidOptions.into());
 }
 
@@ -110,6 +112,7 @@ fn combine_options_behavior_and_validation() {
 
     let owner = Address::generate(&env);
     client.init(&owner, &Address::generate(&env));
+    grant_oapp_admin(&env, &contract_id, &owner);
 
     // No enforced => returns extra (including empty).
     let extra_only = create_valid_options(&env, &[9, 10, 11]);
@@ -126,11 +129,11 @@ fn combine_options_behavior_and_validation() {
         invoke: &MockAuthInvoke {
             contract: &contract_id,
             fn_name: "set_enforced_options",
-            args: (&params,).into_val(&env),
+            args: (&params, &owner).into_val(&env),
             sub_invokes: &[],
         },
     }]);
-    client.set_enforced_options(&params);
+    client.set_enforced_options(&params, &owner);
 
     // Enforced present: empty extra => enforced.
     assert_eq!(client.combine_options(&REMOTE_EID_1, &MSG_TYPE_SEND, &Bytes::new(&env)), enforced.clone());

package/contracts/macro-integration-tests/tests/runtime/oapp/receiver.rs

@@ -1,6 +1,6 @@
 // Runtime tests: OAppReceiver defaults generated by `#[oapp]`.
 
-use super::{TestOApp, TestOAppClient};
+use super::{grant_oapp_admin, TestOApp, TestOAppClient};
 use endpoint_v2::Origin;
 use oapp::OAppError;
 use soroban_sdk::{
@@ -87,6 +87,7 @@ fn allow_initialize_path_follows_peer_configuration() {
     let owner = Address::generate(&env);
     let endpoint = Address::generate(&env);
     client.init(&owner, &endpoint);
+    grant_oapp_admin(&env, &contract_id, &owner);
 
     let eid: u32 = REMOTE_EID_FOR_ALLOW_INIT;
     let sender = BytesN::<32>::from_array(&env, &[3u8; 32]);
@@ -103,11 +104,11 @@ fn allow_initialize_path_follows_peer_configuration() {
         invoke: &MockAuthInvoke {
             contract: &contract_id,
             fn_name: "set_peer",
-            args: (&eid, &other_peer).into_val(&env),
+            args: (&eid, &other_peer, &owner).into_val(&env),
             sub_invokes: &[],
         },
     }]);
-    client.set_peer(&eid, &other_peer);
+    client.set_peer(&eid, &other_peer, &owner);
     assert_eq!(client.allow_initialize_path(&origin), false);
 
     // Set matching peer => true.
@@ -117,11 +118,11 @@ fn allow_initialize_path_follows_peer_configuration() {
         invoke: &MockAuthInvoke {
             contract: &contract_id,
             fn_name: "set_peer",
-            args: (&eid, &matching_peer).into_val(&env),
+            args: (&eid, &matching_peer, &owner).into_val(&env),
             sub_invokes: &[],
         },
     }]);
-    client.set_peer(&eid, &matching_peer);
+    client.set_peer(&eid, &matching_peer, &owner);
 
     assert_eq!(client.allow_initialize_path(&origin), true);
 }
@@ -140,6 +141,7 @@ fn lz_receive_clears_payload_transfers_value_and_calls_internal_handler() {
     let oapp = env.register(TestOApp, ());
     let oapp_client = TestOAppClient::new(&env, &oapp);
     oapp_client.init(&owner, &endpoint);
+    grant_oapp_admin(&env, &oapp, &owner);
 
     // Configure peer so peer check passes.
     let peer = BytesN::<32>::from_array(&env, &[9u8; 32]);
@@ -149,11 +151,11 @@ fn lz_receive_clears_payload_transfers_value_and_calls_internal_handler() {
         invoke: &MockAuthInvoke {
             contract: &oapp,
             fn_name: "set_peer",
-            args: (&REMOTE_EID, &peer_opt).into_val(&env),
+            args: (&REMOTE_EID, &peer_opt, &owner).into_val(&env),
             sub_invokes: &[],
         },
     }]);
-    oapp_client.set_peer(&REMOTE_EID, &peer_opt);
+    oapp_client.set_peer(&REMOTE_EID, &peer_opt, &owner);
 
     // Before any lz_receive call, internal handler should not have been invoked.
     assert_eq!(oapp_client.lz_receive_called(), false);
@@ -226,6 +228,7 @@ fn lz_receive_wrong_peer_returns_only_peer() {
     let oapp = env.register(TestOApp, ());
     let oapp_client = TestOAppClient::new(&env, &oapp);
     oapp_client.init(&owner, &endpoint);
+    grant_oapp_admin(&env, &oapp, &owner);
 
     // Set peer to some value...
     let configured_peer = BytesN::<32>::from_array(&env, &[7u8; 32]);
@@ -235,11 +238,11 @@ fn lz_receive_wrong_peer_returns_only_peer() {
         invoke: &MockAuthInvoke {
             contract: &oapp,
             fn_name: "set_peer",
-            args: (&REMOTE_EID, &peer_opt).into_val(&env),
+            args: (&REMOTE_EID, &peer_opt, &owner).into_val(&env),
             sub_invokes: &[],
         },
     }]);
-    oapp_client.set_peer(&REMOTE_EID, &peer_opt);
+    oapp_client.set_peer(&REMOTE_EID, &peer_opt, &owner);
 
     // ...but call lz_receive with a different sender.
     let executor = Address::generate(&env);
@@ -312,6 +315,7 @@ fn lz_receive_requires_executor_auth() {
     let oapp = env.register(TestOApp, ());
     let oapp_client = TestOAppClient::new(&env, &oapp);
     oapp_client.init(&owner, &endpoint);
+    grant_oapp_admin(&env, &oapp, &owner);
 
     // Configure peer so we fail specifically at executor.require_auth().
     let peer = BytesN::<32>::from_array(&env, &[7u8; 32]);
@@ -321,11 +325,11 @@ fn lz_receive_requires_executor_auth() {
         invoke: &MockAuthInvoke {
             contract: &oapp,
             fn_name: "set_peer",
-            args: (&REMOTE_EID, &peer_opt).into_val(&env),
+            args: (&REMOTE_EID, &peer_opt, &owner).into_val(&env),
             sub_invokes: &[],
         },
     }]);
-    oapp_client.set_peer(&REMOTE_EID, &peer_opt);
+    oapp_client.set_peer(&REMOTE_EID, &peer_opt, &owner);
 
     let executor = Address::generate(&env);
     let origin = Origin { src_eid: REMOTE_EID, sender: peer, nonce: 1 };

package/contracts/macro-integration-tests/tests/runtime/oapp/sender.rs

@@ -129,11 +129,11 @@ fn set_peer(
         invoke: &MockAuthInvoke {
             contract: oapp,
             fn_name: "set_peer",
-            args: (&eid, &peer_opt).into_val(env),
+            args: (&eid, &peer_opt, owner).into_val(env),
             sub_invokes: &[],
         },
     }]);
-    client.set_peer(&eid, &peer_opt);
+    client.set_peer(&eid, &peer_opt, owner);
 }
 
 fn mint_to(
@@ -210,6 +210,7 @@ fn setup() -> Setup {
     let oapp = env.register(TestOAppSender, ());
     let client = TestOAppSenderClient::new(&env, &oapp);
     client.init(&owner, &endpoint);
+    super::grant_oapp_admin(&env, &oapp, &owner);
 
     Setup { env, owner, token_admin, native_token, zro_token, endpoint, oapp }
 }

package/contracts/macro-integration-tests/tests/runtime/ownable/two_step_transfer.rs

@@ -1,4 +1,4 @@
-// Runtime tests: 2-step ownership transfer behavior (`propose_ownership_transfer` + `accept_ownership`).
+// Runtime tests: 2-step ownership transfer behavior (`begin_ownership_transfer` + `accept_ownership`).
 //
 // Ownable supports a safer two-step flow using temporary storage with TTL. These tests ensure
 // the macro-exported contract entrypoints are wired and behave correctly at runtime.
@@ -24,10 +24,13 @@ fn propose_requires_owner_auth() {
 
     // No auth provided -> should fail at require_auth.
     let ttl = 10u32;
-    let res = client.try_propose_ownership_transfer(&new_owner, &ttl);
+    let res = client.try_begin_ownership_transfer(&new_owner, &ttl);
     assert_eq!(
         res.err().unwrap().ok().unwrap(),
-        soroban_sdk::Error::from_type_and_code(soroban_sdk::xdr::ScErrorType::Context, soroban_sdk::xdr::ScErrorCode::InvalidAction)
+        soroban_sdk::Error::from_type_and_code(
+            soroban_sdk::xdr::ScErrorType::Context,
+            soroban_sdk::xdr::ScErrorCode::InvalidAction
+        )
     );
 }
 
@@ -47,12 +50,12 @@ fn propose_rejects_invalid_ttl() {
             address: &owner,
             invoke: &MockAuthInvoke {
                 contract: &contract_id,
-                fn_name: "propose_ownership_transfer",
+                fn_name: "begin_ownership_transfer",
                 args: (&new_owner, &ttl).into_val(&env),
                 sub_invokes: &[],
             },
         }])
-        .try_propose_ownership_transfer(&new_owner, &ttl);
+        .try_begin_ownership_transfer(&new_owner, &ttl);
     assert_eq!(res.err().unwrap().ok().unwrap(), OwnableError::InvalidTtl.into());
     assert_eq!(client.pending_owner(), None);
 }
@@ -74,12 +77,12 @@ fn propose_and_accept_transfers_ownership() {
             address: &owner,
             invoke: &MockAuthInvoke {
                 contract: &contract_id,
-                fn_name: "propose_ownership_transfer",
+                fn_name: "begin_ownership_transfer",
                 args: (&new_owner, &ttl).into_val(&env),
                 sub_invokes: &[],
             },
         }])
-        .propose_ownership_transfer(&new_owner, &ttl);
+        .begin_ownership_transfer(&new_owner, &ttl);
 
     assert_eq_event(
         &env,
@@ -128,12 +131,12 @@ fn pending_transfer_blocks_single_step_transfer_and_renounce() {
             address: &owner,
             invoke: &MockAuthInvoke {
                 contract: &contract_id,
-                fn_name: "propose_ownership_transfer",
+                fn_name: "begin_ownership_transfer",
                 args: (&pending, &ttl).into_val(&env),
                 sub_invokes: &[],
             },
         }])
-        .propose_ownership_transfer(&pending, &ttl);
+        .begin_ownership_transfer(&pending, &ttl);
 
     // With owner auth, immediate transfer should fail due to TransferInProgress.
     let transfer = client
@@ -180,12 +183,12 @@ fn pending_transfer_expires_and_cannot_be_accepted() {
             address: &owner,
             invoke: &MockAuthInvoke {
                 contract: &contract_id,
-                fn_name: "propose_ownership_transfer",
+                fn_name: "begin_ownership_transfer",
                 args: (&pending, &ttl).into_val(&env),
                 sub_invokes: &[],
             },
         }])
-        .propose_ownership_transfer(&pending, &ttl);
+        .begin_ownership_transfer(&pending, &ttl);
 
     assert_eq!(client.pending_owner(), Some(pending.clone()));
 
@@ -216,4 +219,3 @@ fn pending_transfer_expires_and_cannot_be_accepted() {
     // Owner should remain unchanged.
     assert_eq!(client.owner(), Some(owner));
 }
-

package/contracts/macro-integration-tests/tests/runtime/upgradeable/migrate_guard_and_state.rs

@@ -13,8 +13,8 @@ use soroban_sdk::{
     xdr::{ScErrorCode, ScErrorType},
     Address, Bytes, BytesN, Env, Error, IntoVal, Val,
 };
-use utils::upgradeable::{UpgradeableInternal, UpgradeableStorage};
 use utils::errors::AuthError;
+use utils::upgradeable::{UpgradeableInternal, UpgradeableStorage};
 
 // A small, known-good contract WASM used for upgrade() testing.
 // Sourced from the `upgrader` crate test fixtures.
@@ -202,10 +202,7 @@ fn upgrade_and_migrate_fail_before_owner_init() {
         UpgradeableStorage::set_migrating(&env, &true);
     });
     let migration_data = 1u32.to_xdr(&env);
-    assert_eq!(
-        client.try_migrate(&migration_data).unwrap_err().unwrap(),
-        AuthError::AuthorizerNotFound.into()
-    );
+    assert_eq!(client.try_migrate(&migration_data).unwrap_err().unwrap(), AuthError::AuthorizerNotFound.into());
 }
 
 #[test]
@@ -237,10 +234,7 @@ fn migrate_rejects_invalid_migration_data_and_does_not_clear_flag() {
         }])
         .try_migrate(&bad_bytes);
 
-    assert_eq!(
-        res.err().unwrap().ok().unwrap(),
-        utils::errors::UpgradeableError::InvalidMigrationData.into()
-    );
+    assert_eq!(res.err().unwrap().ok().unwrap(), utils::errors::UpgradeableError::InvalidMigrationData.into());
 
     // Since migration failed before reaching the "clear flag" line, migrating should still be true.
     env.as_contract(&contract_id, || {

package/contracts/macro-integration-tests/tests/ui/lz_contract/fail/upgradeable_invalid_inner_option.stderr

@@ -4,4 +4,27 @@ error: custom attribute panicked
 7 | #[common_macros::lz_contract(upgradeable(bad_inner))]
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   |
-  = help: message: failed to parse lz_contract config: expected `no_migration`
+  = help: message: failed to parse upgradeable config: expected `no_migration` or `rbac`
+  = note: this error originates in the attribute macro `common_macros::lz_contract` (in Nightly builds, run with -Z macro-backtrace for more info)
+
+error[E0433]: failed to resolve: could not find `MyContract` in the crate root
+ --> tests/ui/lz_contract/fail/upgradeable_invalid_inner_option.rs:7:1
+  |
+7 | #[common_macros::lz_contract(upgradeable(bad_inner))]
+  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ could not find `MyContract` in the crate root
+  |
+  = note: this error originates in the attribute macro `soroban_sdk::contractimpl` (in Nightly builds, run with -Z macro-backtrace for more info)
+
+error[E0412]: cannot find type `MyContract` in this scope
+ --> tests/ui/lz_contract/fail/upgradeable_invalid_inner_option.rs:8:12
+  |
+8 | pub struct MyContract;
+  |            ^^^^^^^^^^ not found in this scope
+
+error[E0412]: cannot find type `MyContract` in this scope
+ --> tests/ui/lz_contract/fail/upgradeable_invalid_inner_option.rs:7:1
+  |
+7 | #[common_macros::lz_contract(upgradeable(bad_inner))]
+  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ not found in this scope
+  |
+  = note: this error originates in the attribute macro `soroban_sdk::contractimpl` (in Nightly builds, run with -Z macro-backtrace for more info)

package/contracts/macro-integration-tests/tests/ui/lz_contract/fail/upgradeable_missing_internal.stderr

@@ -16,7 +16,7 @@ error[E0277]: the trait bound `MyContract: UpgradeableInternal` is not satisfied
 12 | pub struct MyContract;
    |            ^^^^^^^^^^ the trait `UpgradeableInternal` is not implemented for `MyContract`
    |
-note: required by a bound in `upgrade`
+note: required by a bound in `utils::upgradeable::Upgradeable::upgrade`
   --> $WORKSPACE/contracts/utils/src/upgradeable.rs
    |
    | pub trait Upgradeable: UpgradeableInternal + Auth {
@@ -31,7 +31,7 @@ error[E0277]: the trait bound `MyContract: UpgradeableInternal` is not satisfied
 12 | pub struct MyContract;
    |            ^^^^^^^^^^ the trait `UpgradeableInternal` is not implemented for `MyContract`
    |
-note: required by a bound in `migrate`
+note: required by a bound in `utils::upgradeable::Upgradeable::migrate`
   --> $WORKSPACE/contracts/utils/src/upgradeable.rs
    |
    | pub trait Upgradeable: UpgradeableInternal + Auth {
@@ -46,7 +46,7 @@ error[E0277]: the trait bound `MyContract: UpgradeableInternal` is not satisfied
 17 |     MyContract::upgrade(env, &hash);
    |     ^^^^^^^^^^ the trait `UpgradeableInternal` is not implemented for `MyContract`
    |
-note: required by a bound in `upgrade`
+note: required by a bound in `utils::upgradeable::Upgradeable::upgrade`
   --> $WORKSPACE/contracts/utils/src/upgradeable.rs
    |
    | pub trait Upgradeable: UpgradeableInternal + Auth {

package/contracts/macro-integration-tests/tests/ui/lz_contract/pass/upgradeable_rbac.rs

@@ -0,0 +1,44 @@
+// UI (trybuild) test: `#[lz_contract(upgradeable)]` compiles with RBAC.
+//
+// Purpose:
+// - Ensures lz_contract upgradeable wrapper can coexist with RoleBasedAccessControl.
+
+use soroban_sdk::{contractimpl, Address, Bytes, BytesN, Env};
+use utils::rbac::{grant_role_no_auth, RoleBasedAccessControl};
+use utils::ttl_configurable::TtlConfig;
+use utils::upgradeable::UpgradeableInternal;
+
+#[common_macros::lz_contract(upgradeable)]
+pub struct MyContract;
+
+impl UpgradeableInternal for MyContract {
+    type MigrationData = ();
+
+    fn __migrate(_env: &Env, _migration_data: &Self::MigrationData) {}
+}
+
+#[contractimpl(contracttrait)]
+impl RoleBasedAccessControl for MyContract {}
+
+#[contractimpl]
+impl MyContract {
+    pub fn init(env: Env, owner: Address) {
+        Self::init_owner(&env, &owner);
+    }
+
+    pub fn smoke(env: Env, operator: Address) {
+        // Smoke-use RBAC helper (doesn't execute in trybuild).
+        let role = soroban_sdk::Symbol::new(&env, "SOME_ROLE");
+        grant_role_no_auth(&env, &operator, &role, &env.current_contract_address());
+
+        let _cfg: (Option<TtlConfig>, Option<TtlConfig>) = Self::ttl_configs(&env);
+        Self::extend_instance_ttl(&env, 1, 2);
+
+        let hash = BytesN::<32>::from_array(&env, &[0u8; 32]);
+        let migration_data = Bytes::new(&env);
+        Self::upgrade(&env, &hash);
+        Self::migrate(&env, &migration_data);
+    }
+}
+
+fn main() {}

package/contracts/macro-integration-tests/tests/ui/oapp/pass/custom_all.rs

@@ -7,6 +7,7 @@ use oapp::oapp_receiver::{LzReceiveInternal, OAppReceiver};
 use oapp::oapp_sender::OAppSenderInternal;
 use oapp_macros::oapp;
 use soroban_sdk::{contractimpl, Address, Bytes, BytesN, Env};
+use utils::rbac::RoleBasedAccessControl;
 
 #[oapp(custom = [core, sender, receiver, options_type3])]
 pub struct MyOApp;
@@ -24,6 +25,8 @@ impl LzReceiveInternal for MyOApp {
     }
 }
 
+impl RoleBasedAccessControl for MyOApp {}
+
 #[contractimpl(contracttrait)]
 impl OAppCore for MyOApp {}
 

package/contracts/macro-integration-tests/tests/ui/oapp/pass/custom_single_trait.rs

@@ -13,6 +13,7 @@ use oapp::oapp_receiver::{LzReceiveInternal, OAppReceiver};
 use oapp::oapp_sender::OAppSenderInternal;
 use oapp_macros::oapp;
 use soroban_sdk::{contractimpl, Address, Bytes, BytesN, Env};
+use utils::rbac::RoleBasedAccessControl;
 
 #[oapp(custom = [core])]
 pub struct MyOAppCustomCore;
@@ -30,6 +31,8 @@ impl LzReceiveInternal for MyOAppCustomCore {
     }
 }
 
+impl RoleBasedAccessControl for MyOAppCustomCore {}
+
 #[contractimpl(contracttrait)]
 impl OAppCore for MyOAppCustomCore {
     fn oapp_version(_env: &Env) -> (u64, u64) {

package/contracts/macro-integration-tests/tests/ui/ownable/pass/basic.rs

@@ -30,7 +30,7 @@ impl MyContract {
 
         // A couple key Ownable APIs type-check.
         <Self as utils::ownable::Ownable>::transfer_ownership(&env, &owner);
-        <Self as utils::ownable::Ownable>::propose_ownership_transfer(&env, &owner, 1);
+        <Self as utils::ownable::Ownable>::begin_ownership_transfer(&env, &owner, 1);
         <Self as utils::ownable::Ownable>::accept_ownership(&env);
         <Self as utils::ownable::Ownable>::renounce_ownership(&env);
     }

package/contracts/macro-integration-tests/tests/ui/upgradeable/fail/attr_args.stderr

@@ -4,7 +4,7 @@ error: custom attribute panicked
 7 | #[common_macros::upgradeable(not_migration)]
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   |
-  = help: message: failed to parse upgradeable config: expected `no_migration`
+  = help: message: failed to parse upgradeable config: expected `no_migration` or `rbac`
 
 error[E0433]: failed to resolve: could not find `MyContract` in the crate root
  --> tests/ui/upgradeable/fail/attr_args.rs:6:1

package/contracts/macro-integration-tests/tests/ui/upgradeable/fail/missing_auth_trait.stderr

@@ -16,7 +16,7 @@ error[E0277]: the trait bound `MyContract: utils::auth::Auth` is not satisfied
 12 | pub struct MyContract;
    |            ^^^^^^^^^^ the trait `utils::auth::Auth` is not implemented for `MyContract`
    |
-note: required by a bound in `upgrade`
+note: required by a bound in `utils::upgradeable::Upgradeable::upgrade`
   --> $WORKSPACE/contracts/utils/src/upgradeable.rs
    |
    | pub trait Upgradeable: UpgradeableInternal + Auth {
@@ -31,7 +31,7 @@ error[E0277]: the trait bound `MyContract: utils::auth::Auth` is not satisfied
 12 | pub struct MyContract;
    |            ^^^^^^^^^^ the trait `utils::auth::Auth` is not implemented for `MyContract`
    |
-note: required by a bound in `migrate`
+note: required by a bound in `utils::upgradeable::Upgradeable::migrate`
   --> $WORKSPACE/contracts/utils/src/upgradeable.rs
    |
    | pub trait Upgradeable: UpgradeableInternal + Auth {

package/contracts/macro-integration-tests/tests/ui/upgradeable/fail/missing_upgradeable_internal.stderr

@@ -24,7 +24,7 @@ error[E0277]: the trait bound `MyContract: UpgradeableInternal` is not satisfied
 8 | pub struct MyContract;
   |            ^^^^^^^^^^ the trait `UpgradeableInternal` is not implemented for `MyContract`
   |
-note: required by a bound in `upgrade`
+note: required by a bound in `utils::upgradeable::Upgradeable::upgrade`
  --> $WORKSPACE/contracts/utils/src/upgradeable.rs
   |
   | pub trait Upgradeable: UpgradeableInternal + Auth {
@@ -39,7 +39,7 @@ error[E0277]: the trait bound `MyContract: UpgradeableInternal` is not satisfied
 8 | pub struct MyContract;
   |            ^^^^^^^^^^ the trait `UpgradeableInternal` is not implemented for `MyContract`
   |
-note: required by a bound in `migrate`
+note: required by a bound in `utils::upgradeable::Upgradeable::migrate`
  --> $WORKSPACE/contracts/utils/src/upgradeable.rs
   |
   | pub trait Upgradeable: UpgradeableInternal + Auth {