feat: introduce CONTROLLER_CONFIG_OPERATION and enhance GuardControll…

[JaCoderX]

…er functionality

This commit adds a new operation type, CONTROLLER_CONFIG_OPERATION, to the GuardControllerDefinitions, allowing for distinct handling of guard configuration batch operations. It updates the relevant function schemas and modifies the associated logic in the GuardController to support this new operation type. Additionally, it refines the documentation to clarify the differentiation between CONTROLLER_OPERATION and CONTROLLER_CONFIG_OPERATION, improving the overall structure and usability of the GuardController's execution functions.

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced CONTROLLER_CONFIG_OPERATION for guard configuration batch actions, distinct from guard execution operations.
  • Added request-time validation for payment details, requiring valid recipient and token addresses when payment amounts are specified.
  • Enabled concurrent ownership and broadcaster update requests—both can now be pending simultaneously.

• Tests

  • Added validation tests for payment configuration enforcement.
  • Added tests for concurrent operation request handling.

• Documentation

  • Clarified operation type distinctions in guard controller definitions.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces a new CONTROLLER_CONFIG_OPERATION constant to distinguish guard-configuration batch operations from standard controller operations, updates corresponding function schemas and ABI definitions, adds request-time validation for payment details, refactors SecureOwnable to independently track pending ownership and broadcaster requests, and migrates test infrastructure from AccountBlox to AccountPatternTest throughout the test suite.

Changes

Cohort / File(s)	Summary
Operation Type Definition abi/GuardControllerDefinitions.abi.json, sdk/typescript/abi/GuardControllerDefinitions.abi.json, contracts/core/execution/lib/definitions/GuardControllerDefinitions.sol, sdk/typescript/types/core.execution.index.tsx	Added new CONTROLLER_CONFIG_OPERATION constant and corresponding ABI function entry (keccak256 of "CONTROLLER_CONFIG_OPERATION") alongside existing controller operation types.
Guard Controller Schemas contracts/core/execution/lib/definitions/GuardControllerDefinitions.sol	Registered new executeWithPayment(...) execution function schema (schemas array size 8→9); updated guard-config workflow operation types from CONTROLLER_OPERATION to CONTROLLER_CONFIG_OPERATION for both guardConfigBatchRequestAndApprove(...) and executeGuardConfigBatch(...); added handler selector linkage for executeWithPayment(...).
Payment Validation contracts/core/lib/EngineBlox.sol, test/foundry/fuzz/ComprehensivePaymentSecurityFuzz.t.sol	Added request-time validation in txRequestWithPayment(...) and requestAndApprove(...) to enforce non-zero paymentDetails.recipient when payment amounts are non-zero and non-zero erc20TokenAddress when ERC20 transfers occur; added corresponding test cases asserting validation reverts.
Pending Request Refactoring contracts/core/security/SecureOwnable.sol	Replaced single global _hasOpenRequest flag with independent _hasOpenOwnershipRequest and _hasOpenBroadcasterRequest flags to allow concurrent ownership and broadcaster requests; updated approval/cancellation logic to clear only the matching operation-type flag via new _clearPendingFlagForOperation(...) helper.
Interface Support contracts/core/pattern/Account.sol	Updated supportsInterface(...) to explicitly recognize interface IDs for IGuardController, IRuntimeRBAC, and ISecureOwnable via type(...).interfaceId instead of delegating to component contracts.
Test Infrastructure Migration test/foundry/CommonBase.sol, test/foundry/helpers/AccountPatternTest.sol, test/foundry/unit/SecureOwnable.t.sol, test/foundry/fuzz/ComprehensiveInitializationFuzz.t.sol, test/foundry/fuzz/ComprehensiveEventForwardingFuzz.t.sol, test/foundry/fuzz/ComprehensiveDefinitionSecurityFuzz.t.sol, test/foundry/fuzz/SecureOwnableFuzz.t.sol	Replaced AccountBlox with new AccountPatternTest test helper contract (which extends Account and provides public initializer); updated all test instantiations and type declarations to use AccountPatternTest.
Operation Type Updates in Tests test/foundry/fuzz/ComprehensiveCompositeFuzz.t.sol, test/foundry/fuzz/ComprehensiveStateMachineFuzz.t.sol, test/foundry/fuzz/ComprehensiveGasExhaustionFuzz.t.sol, scripts/sanity-sdk/guard-controller/base-test.ts, scripts/sanity/guard-controller/base-test.cjs	Updated meta-transaction generation for guard configuration batch operations to use CONTROLLER_CONFIG_OPERATION instead of CONTROLLER_OPERATION in generateUnsignedMetaTransactionForNew(...) calls and helper methods.
Concurrent Request Testing test/foundry/security/EdgeCases.t.sol, test/foundry/fuzz/SecureOwnableFuzz.t.sol	Added new test cases (test_OwnershipRequest_AllowedWhileBroadcasterPending, testFuzz_OwnershipRequest_WithBroadcasterUpdatePending) validating that ownership and broadcaster requests can coexist pending in the queue.
Documentation Updates docs/core/execution/lib/definitions/GuardControllerDefinitions.md, sdk/typescript/docs/guard-controller.md	Updated documentation to clarify distinction between CONTROLLER_OPERATION (GuardController execution) and CONTROLLER_CONFIG_OPERATION (guard configuration batch actions); updated SDK example to reference new operation type.
Minor Optimizations contracts/core/access/RuntimeRBAC.sol	Changed loop increment from i++ to ++i in _executeRoleConfigBatch(...).
Housekeeping test/foundry/fuzz/ComprehensiveHookSystemFuzz.t.sol, test/foundry/fuzz/ComprehensiveWhitelistSchemaFuzz.t.sol	Removed unused AccountBlox.sol imports from fuzz test files.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~55 minutes

Possibly related PRs

• Dev #37 — Directly modifies GuardControllerDefinitions for guard-config batch operation type handling and schema registration, overlapping core operation-type refactoring.
• Work #81 — Updates GuardControllerDefinitions to register executeWithPayment schema and related handler linkage, same code sections as this PR.
• Dev #138 — Modifies guard-controller sanity SDK test base class (base-test.ts) for operation type and meta-transaction helper updates, directly related code regions.

Poem

🐰 New constants hop into place, segregating guard config's sacred space,
While pending flags split their embrace—one for owners, one for broadcasters' grace.
Payment gates stand firm at the line, ensuring addresses are never zero or maligned.
Tests now dance with AccountPatternTest, hopping toward a safer nest! 🌙

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: introducing CONTROLLER_CONFIG_OPERATION and enhancing GuardController functionality.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch work

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can make CodeRabbit's review stricter and more nitpicky using the `assertive` profile, if that's what you prefer.

Change the reviews.profile setting to assertive to make CodeRabbit's nitpick more issues in your PRs.

[coderabbitai]

🧹 Nitpick comments (4)

contracts/core/security/SecureOwnable.sol (2)

326-334: Consider using a custom error instead of bare revert().

The bare revert() at lines 332-333 provides no diagnostic information. While this path should only be hit by internal misuse (passing an unsupported requestOperationType), using a custom error like SharedValidation.NotSupported() would improve debuggability.

🔧 Optional: Use custom error for clarity

         } else if (requestOperationType == SecureOwnableDefinitions.BROADCASTER_UPDATE) {
             if (_hasOpenBroadcasterRequest) revert SharedValidation.PendingSecureRequest();
         } else {
-            revert();
+            revert SharedValidation.NotSupported();
         }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@contracts/core/security/SecureOwnable.sol` around lines 326 - 334, In
_requireNoPendingRequest(bytes32 requestOperationType) replace the bare revert()
in the final else branch with a descriptive custom error to aid debugging — e.g.
revert SharedValidation.NotSupported() (or add SharedValidation.NotSupported()
if it doesn't exist) so that invalid requestOperationType paths in
_requireNoPendingRequest are clearly reported instead of silently reverting.

---

340-348: Same suggestion: use custom error in _clearPendingFlagForOperation.

The bare revert() at line 346-347 should also use a custom error for consistency and debuggability.

🔧 Optional: Use custom error

         } else if (operationType == SecureOwnableDefinitions.BROADCASTER_UPDATE) {
             _hasOpenBroadcasterRequest = false;
         } else {
-            revert();
+            revert SharedValidation.NotSupported();
         }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@contracts/core/security/SecureOwnable.sol` around lines 340 - 348, Replace
the bare revert() in _clearPendingFlagForOperation with a custom error to match
other error handling: define (or reuse) a custom error such as
InvalidOperationType(bytes32 operationType) and throw it with the incoming
operationType in the final else branch of _clearPendingFlagForOperation;
reference SecureOwnableDefinitions and the _clearPendingFlagForOperation
function when making the change so logs/stack traces include the failing
operation value.

test/foundry/fuzz/ComprehensiveInitializationFuzz.t.sol (1)

282-289: Use the explicit initialized() flag in _isInitialized.

AccountPatternTest already exposes the authoritative initialization state, so probing owner() here couples the helper to accessor revert behavior instead of the actual initialization flag.

♻️ Suggested cleanup

 function _isInitialized(AccountPatternTest contractInstance) internal view returns (bool) {
-        // Try to get owner - if initialized, this will return an address
-        // If not initialized, it will revert
-        try contractInstance.owner() returns (address) {
-            return true;
-        } catch {
-            return false;
-        }
+        return contractInstance.initialized();
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/foundry/fuzz/ComprehensiveInitializationFuzz.t.sol` around lines 282 -
289, Replace the try/catch probing of contractInstance.owner() in the helper
function _isInitialized with a direct call to the contract's authoritative
initialization flag by calling AccountPatternTest.initialized() (or the exact
boolean accessor exposed, e.g., initialized()). Update _isInitialized to return
the boolean from contractInstance.initialized() instead of catching owner()
reverts so it relies on the explicit initialization state.

test/foundry/fuzz/ComprehensivePaymentSecurityFuzz.t.sol (1)

530-535: Use or remove _timeAdvance to avoid no-op fuzz permutations.

_timeAdvance is currently unused, so it increases fuzz input space without increasing behavioral coverage in this test.

♻️ Minimal cleanup diff

 function testFuzz_PaymentUpdateTiming(
     address originalRecipient,
     address newRecipient,
-    uint256 paymentAmount,
-    uint256 _timeAdvance
+    uint256 paymentAmount
 ) public {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/foundry/fuzz/ComprehensivePaymentSecurityFuzz.t.sol` around lines 530 -
535, The fuzz parameter _timeAdvance in testFuzz_PaymentUpdateTiming is unused,
bloating the fuzz space—either remove the parameter from the function signature
or consume it to advance time; to fix, update the testFuzz_PaymentUpdateTiming
signature to drop _timeAdvance, or use _timeAdvance (e.g., normalize it to a
safe range and call the test harness time-travel helper such as vm.warp or the
project’s equivalent) before exercising payment update logic so the fuzz input
affects behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@contracts/core/security/SecureOwnable.sol`:
- Around line 326-334: In _requireNoPendingRequest(bytes32 requestOperationType)
replace the bare revert() in the final else branch with a descriptive custom
error to aid debugging — e.g. revert SharedValidation.NotSupported() (or add
SharedValidation.NotSupported() if it doesn't exist) so that invalid
requestOperationType paths in _requireNoPendingRequest are clearly reported
instead of silently reverting.
- Around line 340-348: Replace the bare revert() in
_clearPendingFlagForOperation with a custom error to match other error handling:
define (or reuse) a custom error such as InvalidOperationType(bytes32
operationType) and throw it with the incoming operationType in the final else
branch of _clearPendingFlagForOperation; reference SecureOwnableDefinitions and
the _clearPendingFlagForOperation function when making the change so logs/stack
traces include the failing operation value.

In `@test/foundry/fuzz/ComprehensiveInitializationFuzz.t.sol`:
- Around line 282-289: Replace the try/catch probing of contractInstance.owner()
in the helper function _isInitialized with a direct call to the contract's
authoritative initialization flag by calling AccountPatternTest.initialized()
(or the exact boolean accessor exposed, e.g., initialized()). Update
_isInitialized to return the boolean from contractInstance.initialized() instead
of catching owner() reverts so it relies on the explicit initialization state.

In `@test/foundry/fuzz/ComprehensivePaymentSecurityFuzz.t.sol`:
- Around line 530-535: The fuzz parameter _timeAdvance in
testFuzz_PaymentUpdateTiming is unused, bloating the fuzz space—either remove
the parameter from the function signature or consume it to advance time; to fix,
update the testFuzz_PaymentUpdateTiming signature to drop _timeAdvance, or use
_timeAdvance (e.g., normalize it to a safe range and call the test harness
time-travel helper such as vm.warp or the project’s equivalent) before
exercising payment update logic so the fuzz input affects behavior.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: fc8ac5a4-7d06-4729-9fdf-ca266710ba2d

📥 Commits

Reviewing files that changed from the base of the PR and between 711c46c and 4eef1c8.

📒 Files selected for processing (27)

• abi/GuardControllerDefinitions.abi.json
• contracts/core/access/RuntimeRBAC.sol
• contracts/core/execution/lib/definitions/GuardControllerDefinitions.sol
• contracts/core/lib/EngineBlox.sol
• contracts/core/pattern/Account.sol
• contracts/core/security/SecureOwnable.sol
• docs/core/execution/lib/definitions/GuardControllerDefinitions.md
• scripts/sanity-sdk/guard-controller/base-test.ts
• scripts/sanity/guard-controller/base-test.cjs
• sdk/typescript/abi/GuardControllerDefinitions.abi.json
• sdk/typescript/docs/guard-controller.md
• sdk/typescript/types/core.execution.index.tsx
• test/foundry/CommonBase.sol
• test/foundry/fuzz/ComprehensiveCompositeFuzz.t.sol
• test/foundry/fuzz/ComprehensiveDefinitionSecurityFuzz.t.sol
• test/foundry/fuzz/ComprehensiveEventForwardingFuzz.t.sol
• test/foundry/fuzz/ComprehensiveGasExhaustionFuzz.t.sol
• test/foundry/fuzz/ComprehensiveHookSystemFuzz.t.sol
• test/foundry/fuzz/ComprehensiveInitializationFuzz.t.sol
• test/foundry/fuzz/ComprehensivePaymentSecurityFuzz.t.sol
• test/foundry/fuzz/ComprehensiveStateMachineFuzz.t.sol
• test/foundry/fuzz/ComprehensiveWhitelistSchemaFuzz.t.sol
• test/foundry/fuzz/SecureOwnableFuzz.t.sol
• test/foundry/helpers/AccountPatternTest.sol
• test/foundry/security/EdgeCases.t.sol
• test/foundry/unit/BaseStateMachine.t.sol
• test/foundry/unit/SecureOwnable.t.sol

💤 Files with no reviewable changes (2)

• test/foundry/fuzz/ComprehensiveHookSystemFuzz.t.sol
• test/foundry/fuzz/ComprehensiveWhitelistSchemaFuzz.t.sol