Skip to content

Gate legacy element attestations behind the operator role#27

Merged
0xMuang merged 2 commits into
mainfrom
chore/legacy-element-gating
Jul 14, 2026
Merged

Gate legacy element attestations behind the operator role#27
0xMuang merged 2 commits into
mainfrom
chore/legacy-element-gating

Conversation

@heijiLee

@heijiLee heijiLee commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Stacked on #26. Closes the hardening divergence recorded in D008: the legacy mock elements (Sanctions A-01, AccreditedInvestor A-03, QualifiedPurchaser A-13) had ungated, eventless setters while the CMP-001 elements are operator-gated.

  • All three now extend Governed with onlyOperator setters and *Set events matching the newer elements' shape
  • Lockup (C-01) verified to have no mutator — untouched
  • Tests: forge test --offline 233/233 (+6: per-element outsider auth revert + set/emit)

Sanctions (A-01), AccreditedInvestor (A-03), and QualifiedPurchaser
(A-13) had ungated, eventless attestation setters, diverging from the
Governed/onlyOperator + event pattern used by the six CMP-001 elements
(Jurisdiction, UsTaxResident, etc). Extend Governed on all three, gate
setBlocked/setAccredited/setQp with onlyOperator, and emit an event per
change. Lockup (C-01) has no settable mutator (state is injected via
IAcquisitionSource), so it is left untouched.

Add per-element outsider-auth-revert and set+emit tests to
Elements.t.sol, written RED first against the unmodified elements.
Existing fixtures (Engine.t.sol, IntegrationBase.sol, MultiRecipe.t.sol,
SwapFlow.t.sol) call these setters from the deploying test contract
itself, i.e. as owner, which onlyOperator already admits, so no fixture
changes were needed.
0xMuang added a commit that referenced this pull request Jul 14, 2026
Resolve the stacked PR branch after main advanced with the router venue binding fix, Phase 1 architecture baseline, and RFQ backend SDK documentation/code.

Constraint: PR #24 must merge after #23 and before the higher stacked PRs.

Rejected: Dropping either RFQ-002 or RFQ-SDK documentation state | both are accepted completed work on main/stack.

Confidence: high

Scope-risk: moderate

Directive: Continue stacked PR merges in order after #24 lands: #25, #26, #27, #28, #29, #30.

Tested: git diff --cached --check; scripts/check.sh

Not-tested: GitHub CI after push
0xMuang added a commit that referenced this pull request Jul 14, 2026
Resolve the stacked PR branch after main advanced with RFQ hardening, Phase 1 architecture baseline, and RFQ SDK work.

Constraint: PR #25 must land after #24 and before the higher stacked manifest/E2E/CLI PRs.

Rejected: Keeping duplicate D008 decision numbering | would make the decision log ambiguous after merging RFQ-002 and CMP-001.

Confidence: high

Scope-risk: moderate

Directive: Continue stacked PR merges in order after #25 lands: #26, #27, #28, #29, #30.

Tested: git diff --cached --check

Not-tested: full local scripts/check.sh for this conflict-only reconciliation; rely on GitHub CI after push
0xMuang added a commit that referenced this pull request Jul 14, 2026
Resolve the stacked PR branch after main advanced with RFQ hardening, Reg D compliance elements, Phase 1 architecture baseline, and RFQ SDK work.

Constraint: PR #26 must land after #25 and before the higher stacked RFQ integration/E2E/CLI PRs.

Rejected: Keeping duplicate D009 decision numbering | would make CMP-001 and CMP-002 ambiguous in the decision log.

Confidence: high

Scope-risk: moderate

Directive: Continue stacked PR merges in order after #26 lands: #27, #28, #29, #30.

Tested: git diff --cached --check

Not-tested: full local scripts/check.sh for this conflict-only reconciliation; rely on GitHub CI after push
@0xMuang 0xMuang changed the base branch from feature/manifest-lifecycle to main July 14, 2026 08:28
Resolve the stacked PR branch after main advanced with the manifest lifecycle, Reg D compliance, RFQ hardening, and RFQ SDK work.

Constraint: PR #27 must land after #26 and before RFQ integration/E2E/CLI PRs.

Confidence: high

Scope-risk: narrow

Directive: Continue stacked PR merges in order after #27 lands: #28, #29, #30.

Tested: git diff --check; git diff --cached --check

Not-tested: full local scripts/check.sh for this progress-only reconciliation; rely on GitHub CI after push
@0xMuang 0xMuang merged commit 29d6373 into main Jul 14, 2026
1 check passed
0xMuang added a commit that referenced this pull request Jul 14, 2026
Resolve the stacked PR branch after main advanced with legacy element gating and earlier RFQ/compliance work.

Constraint: PR #28 must land after #27 and before live-Anvil E2E and CLI PRs.

Confidence: high

Scope-risk: narrow

Directive: Continue stacked PR merges in order after #28 lands: #29, #30.

Tested: git diff --check; git diff --cached --check

Not-tested: full local scripts/check.sh for this progress-only reconciliation; rely on GitHub CI after push
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants