t-isol 0.0.1

package/README.md

@@ -0,0 +1,15 @@
+# isol
+
+To install dependencies:
+
+```bash
+bun install
+```
+
+To run:
+
+```bash
+bun run index.ts
+```
+
+This project was created using `bun init` in bun v1.3.0. [Bun](https://bun.com) is a fast all-in-one JavaScript runtime.

package/bun.lock

@@ -0,0 +1,30 @@
+{
+  "lockfileVersion": 1,
+  "workspaces": {
+    "": {
+      "name": "isol",
+      "dependencies": {
+        "@openzeppelin/contracts": "^5.4.0",
+      },
+      "devDependencies": {
+        "@types/bun": "latest",
+      },
+      "peerDependencies": {
+        "typescript": "^5",
+      },
+    },
+  },
+  "packages": {
+    "@openzeppelin/contracts": ["@openzeppelin/contracts@5.4.0", "", {}, "sha512-eCYgWnLg6WO+X52I16TZt8uEjbtdkgLC0SUX/xnAksjjrQI4Xfn4iBRoI5j55dmlOhDv1Y7BoR3cU7e3WWhC6A=="],
+
+    "@types/bun": ["@types/bun@1.3.5", "", { "dependencies": { "bun-types": "1.3.5" } }, "sha512-RnygCqNrd3srIPEWBd5LFeUYG7plCoH2Yw9WaZGyNmdTEei+gWaHqydbaIRkIkcbXwhBT94q78QljxN0Sk838w=="],
+
+    "@types/node": ["@types/node@25.0.3", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-W609buLVRVmeW693xKfzHeIV6nJGGz98uCPfeXI1ELMLXVeKYZ9m15fAMSaUPBHYLGFsVRcMmSCksQOrZV9BYA=="],
+
+    "bun-types": ["bun-types@1.3.5", "", { "dependencies": { "@types/node": "*" } }, "sha512-inmAYe2PFLs0SUbFOWSVD24sg1jFlMPxOjOSSCYqUgn4Hsc3rDc7dFvfVYjFPNHtov6kgUeulV4SxbuIV/stPw=="],
+
+    "typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],
+
+    "undici-types": ["undici-types@7.16.0", "", {}, "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="],
+  }
+}

package/contracts/ITransferAuthorize.sol

@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+/// @title ITransferAuthorize
+/// @notice Interface for EIP-712 based transfer/receive authorizations (signed approvals)
+/// @dev Events and function signatures used by TransferAuthorize/implementations
+interface ITransferAuthorize {
+    /// @notice Emitted when an authorization (nonce) has been consumed for an authorizer
+    /// @param authorizer the account that signed the authorization
+    /// @param nonce unique nonce used by the authorization
+    event AuthorizeUsed(address indexed authorizer, bytes32 indexed nonce);
+
+    /// @notice Emitted when a transfer with authorization is executed
+    event TransferWithAuthorize(address indexed from, address indexed to, uint256 value, uint256 timeMFG, uint256 timeEXP, bytes32 indexed nonce, bytes auth);
+
+    /// @notice Emitted when a transferFrom with authorization is executed
+    event TransferFromWithAuthorize(address indexed from, address indexed to, uint256 value, uint256 timeMFG, uint256 timeEXP, bytes32 indexed nonce);
+
+    /// @notice Emitted when a burn with authorization is executed
+    event BurnWithAuthorize(address indexed from, uint256 value, uint256 timeMFG, uint256 timeEXP, bytes32 indexed nonce);
+
+    /// @notice Returns whether a nonce has been used for a given authorizer
+    /// @param authorizer the account that signed the authorization
+    /// @param nonce the nonce to check
+    /// @return true if the nonce was already used/consumed, false otherwise
+    function authorizeState(
+        address authorizer,
+        bytes32 nonce
+    ) external view returns (bool);
+
+    /// @notice Execute a "transfer with authorization" - typically any relayer may submit
+    function transferWithAuthorize(
+        address from,
+        address to,
+        uint256 value,
+        uint256 timeMFG,
+        uint256 timeEXP,
+        bytes32 nonce,
+        bytes calldata auth
+    ) external;
+    
+    /// @notice Execute a "transferFrom with authorization" - typically any relayer may submit
+    function transferFromWithAuthorize(
+        address from,
+        address to,
+        uint256 value,
+        uint256 timeMFG,
+        uint256 timeEXP,
+        bytes32 nonce,
+        bytes calldata auth
+    ) external;
+
+    /// @notice Execute a "burn with authorization" - typically any relayer may submit
+    function burnWithAuthorize(
+        address from,
+        // address to,
+        uint256 value,
+        uint256 timeMFG,
+        uint256 timeEXP,
+        bytes32 nonce,
+        bytes calldata auth
+    ) external;
+}

package/contracts/TransferAuthorize.sol

@@ -0,0 +1,131 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import "./ITransferAuthorize.sol";
+
+/// @title TransferAuthorize
+/// @notice Abstract helper implementing EIP-712 verification and nonce tracking for off-chain signed authorizations
+/// @dev Implementations should call `_verifyX..` and `_useAuthorize` before performing state changes
+abstract contract TransferAuthorize is ITransferAuthorize, EIP712 {
+    using ECDSA for bytes32;
+
+    /// @dev mapping to track used nonces per authorizer: authorizer => nonce => used
+    mapping(address => mapping(bytes32 => bool)) private _authorizeState;
+
+    /// @dev EIP-712 type hashes for the two supported authorization structures
+    bytes32 public constant TRANSFER_TYPEHASH =
+        keccak256("TransferWithAuthorize(address from, address to, uint256 value, uint256 timeMFG, uint256 timeEXP, bytes32 nonce)");
+
+    bytes32 public constant TRANSFERFROM_TYPEHASH =
+        keccak256("TransferFromWithAuthorize(address from, address to, uint256 value, uint256 timeMFG, uint256 timeEXP, bytes32 nonce)");
+
+    bytes32 public constant BURN_TYPEHASH =
+        keccak256("BurnWithAuthorize(address from, address to, uint256 value, uint256 timeMFG, uint256 timeEXP, bytes32 nonce)");
+
+    /// @param name EIP-712 domain name
+    /// @param version EIP-712 domain version
+    constructor(string memory name, string memory version) EIP712(name, version) {}
+
+    /// @notice Check whether a nonce has been used for an authorizer
+    /// @param authorizer signer address
+    /// @param nonce nonce value
+    /// @return true if used
+    function authorizeState(address authorizer, bytes32 nonce)
+        public
+        view
+        override
+        returns (bool)
+    {
+        return _authorizeState[authorizer][nonce];
+    }
+
+    /// @dev Mark an authorization (authorizer + nonce) as used. Emits AuthorizeUsed.
+    /// @param authorizer the signer of the authorization
+    /// @param nonce the nonce used in the signed authorization
+    function _useAuthorize(address authorizer, bytes32 nonce) internal {
+        require(!_authorizeState[authorizer][nonce], "TransferAuthorize: authorization already used");
+        _authorizeState[authorizer][nonce] = true;
+        emit AuthorizeUsed(authorizer, nonce);
+    }
+
+    /// @dev Verify an EIP-712 typed signature (auth) for TransferWithAuthorize and return the recovered signer
+    function _verifyTransfer(
+        address from,
+        address to,
+        uint256 value,
+        uint256 timeMFG,
+        uint256 timeEXP,
+        bytes32 nonce,
+        bytes calldata auth
+    ) internal returns (address signer) {
+        require(block.timestamp >= timeMFG, "TransferAuthorize: timestamp");
+        require(block.timestamp <= timeEXP, "TransferAuthorize: expired");
+        bytes32 structHash = keccak256(
+            abi.encode(
+                TRANSFER_TYPEHASH,
+                from,
+                to,
+                value,
+                timeMFG,
+                timeEXP,
+                nonce
+            )
+        );
+        signer = ECDSA.recover(_hashTypedDataV4(structHash), auth);
+        emit TransferWithAuthorize(from, to, value, timeMFG, timeEXP, nonce, auth); 
+    }
+
+    /// @dev Verify an EIP-712 typed signature (auth) for TransferFromWithAuthorize and return the recovered signer
+    function _verifyTransferFrom(
+        address from,
+        address to,
+        uint256 value,
+        uint256 timeMFG,
+        uint256 timeEXP,
+        bytes32 nonce,
+        bytes calldata auth
+    ) internal view returns (address signer) {
+        require(block.timestamp >= timeMFG, "TransferAuthorize: not yet time");
+        require(block.timestamp <= timeEXP, "TransferAuthorize: expired");
+        bytes32 structHash = keccak256(
+            abi.encode(
+                TRANSFERFROM_TYPEHASH,
+                from,
+                to,
+                value,
+                timeMFG,
+                timeEXP,
+                nonce
+            )
+        );
+        signer = ECDSA.recover(_hashTypedDataV4(structHash), auth);
+    }
+
+    /// @dev Verify an EIP-712 typed signature (auth) for BurnWithAuthorize and return the recovered signer
+    function _verifyBurn(
+        address from,
+        // address to,
+        uint256 value,
+        uint256 timeMFG,
+        uint256 timeEXP,
+        bytes32 nonce,
+        bytes calldata auth
+    ) internal view returns (address signer) {
+        require(block.timestamp >= timeMFG, "TransferAuthorize: not yet time");
+        require(block.timestamp <= timeEXP, "TransferAuthorize: expired");
+        bytes32 structHash = keccak256(
+            abi.encode(
+                BURN_TYPEHASH,
+                from,
+                // to,
+                value,
+                timeMFG,
+                timeEXP,
+                nonce
+            )
+        );
+        signer = ECDSA.recover(_hashTypedDataV4(structHash), auth);
+    }
+}

package/contracts/kit/ERC20xTransferWithAuthorize.sol

@@ -0,0 +1,102 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+import "../TransferAuthorize.sol";
+import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
+import "@openzeppelin/contracts/access/Ownable.sol";
+
+/// @title ERC20xTransferWithAuthorize
+/// @notice ERC20 extension that supports EIP-712 based `transferWithAuthorize` and `receiveWithAuthorize` flows
+/// @dev `receiveWithAuthorize` restricts the caller to the `to` address (recipient submits the proof). `transferWithAuthorize` is open to relayers.
+abstract contract ERC20xTransferWithAuthorize is ERC20, TransferAuthorize, ReentrancyGuard, Ownable {
+    constructor(
+        string memory name,
+        string memory symbol,
+        uint256 initialSupply,
+        string memory domainName,
+        string memory domainVersion
+    )
+        ERC20(name, symbol)
+        TransferAuthorize(domainName, domainVersion)
+        Ownable(msg.sender)
+    {
+        _mint(msg.sender, initialSupply * 10 ** decimals());
+    }
+
+    /// @notice Relayer-triggered transfer using an off-chain signature by `from`.
+    /// @dev This allows anyone (a relayer) to submit the signed authorization on-chain.
+    function transferWithAuthorize(
+        address from,
+        address to,
+        uint256 value,
+        uint256 validAfter,
+        uint256 validBefore,
+        bytes32 nonce,
+        bytes calldata signature
+    ) external override nonReentrant {
+        address signer = _verifyTransfer(
+            from,
+            to,
+            value,
+            validAfter,
+            validBefore,
+            nonce,
+            signature
+        );
+        require(signer == from, "ERC20TransferAuthorize: invalid signature");
+        _useAuthorize(from, nonce);
+        _transfer(from, to, value);
+    }
+
+    /// @notice Relayer-triggered transfer using an off-chain signature by `from`.
+    /// @dev This allows anyone (a relayer) to submit the signed authorization on-chain.
+    function transferFromWithAuthorize(
+        address from,
+        address to,
+        uint256 value,
+        uint256 validAfter,
+        uint256 validBefore,
+        bytes32 nonce,
+        bytes calldata signature
+    ) external override nonReentrant {
+        address signer = _verifyTransferFrom(
+            from,
+            to,
+            value,
+            validAfter,
+            validBefore,
+            nonce,
+            signature
+        );
+        require(signer == from, "ERC20TransferAuthorize: invalid signature");
+        _useAuthorize(from, nonce);
+        _spendAllowance(from, to, value);
+        _transfer(from, to, value);
+    }
+
+    /// @notice Relayer-triggered transfer using an off-chain signature by `from`.
+    /// @dev This allows anyone (a relayer) to submit the signed authorization on-chain.
+    function burnWithAuthorize(
+        address from,
+        // address to,
+        uint256 value,
+        uint256 validAfter,
+        uint256 validBefore,
+        bytes32 nonce,
+        bytes calldata signature
+    ) external override nonReentrant {
+        address signer = _verifyBurn(
+            from,
+            // to,
+            value,
+            validAfter,
+            validBefore,
+            nonce,
+            signature
+        );
+        require(signer == from, "ERC20TransferAuthorize: invalid signature");
+        _useAuthorize(from, nonce);
+        _burn(from, value);
+    }
+}

package/docs/README.md

@@ -0,0 +1 @@
+This is a [Vocs](https://vocs.dev) project bootstrapped with the Vocs CLI.