Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
732cab5
feat(agglayer): RBAC-based access control for bridge roles
claude Jun 24, 2026
4e43d7d
docs: add changelog entry for bridge RBAC access control (#3130)
claude Jun 24, 2026
2dfe41a
refactor(agglayer): drop redundant AggLayerBridge::new()
claude Jul 1, 2026
54a3f53
refactor(standards): model seeded RBAC roles as a map of sets
claude Jul 1, 2026
e4dfa28
Merge branch 'next' into fumuran-claude/agglayer-rbac-roles
Fumuran Jul 1, 2026
3ba3992
fix: address PR review feedback
claude Jul 1, 2026
f69a5e1
fix: address PR review feedback (round 2)
claude Jul 1, 2026
19bae19
Merge origin/next into fumuran-claude/agglayer-rbac-roles
claude Jul 3, 2026
d015264
fix: address PR review feedback (round 3)
claude Jul 6, 2026
5408fe4
fix: address post-commit review
claude Jul 6, 2026
8c004b4
test: drop redundant create_rbac_account_with_owner helper
claude Jul 7, 2026
8f6abc7
refactor(agglayer): inline create_existing_bridge_account
claude Jul 7, 2026
4a7bebb
docs: address review comments
claude Jul 7, 2026
cbd1e39
Merge origin/next into fumuran-claude/agglayer-rbac-roles
claude Jul 7, 2026
596d2b3
docs: align remaining bridge-admin wording to FAUCET_ADMIN role
claude Jul 7, 2026
b8273db
Merge origin/next: adopt #3215 fully role-based RBAC for the bridge
claude Jul 9, 2026
3a3ba8f
chore: update docs, reorganize test folder (no code changes)
Fumuran Jul 9, 2026
164a465
refactor: rename FAUCET_ADMIN to FAUCET_MNGR and disambiguate role maps
claude Jul 9, 2026
223a2a0
Merge remote-tracking branch 'origin/next' into fumuran-claude/agglay…
claude Jul 15, 2026
95c4e04
refactor: update doc comments, optimize RBAC constructors
Fumuran Jul 15, 2026
a51a672
chore: update doc comment
Fumuran Jul 15, 2026
5343b63
Merge branch 'next' into fumuran-claude/agglayer-rbac-roles
Fumuran Jul 15, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,22 @@

### Changes

- [BREAKING] Replaced the AggLayer bridge's hard-coded admin/injector/remover account-ID authorization with an RBAC access-control stack (`RoleBasedAccessControl` + `Authority`); `create_bridge_account` now takes `(seed, admin, BridgeRoles)` where `admin` seeds the built-in `ADMIN` role that administers the operational `FAUCET_MNGR` / `GER_INJECTOR` / `GER_REMOVER` roles, `AggLayerBridge` is now a stateless component, and `RoleBasedAccessControl::with_roles` seeds the initial `ADMIN` and operational-role holders at genesis ([#3130](https://github.com/0xMiden/protocol/pull/3130)).
- [BREAKING] Unified the MINT and BURN note scripts to serve both fungible and non-fungible faucets: the single `mint` / `burn` note now detects the faucet kind by reflection (the `CodeInspection` component's `has_procedure`, which the fungible and non-fungible faucet components now expose) and calls the matching `mint_and_send` / `receive_and_burn`. Removed the `mint_nft` / `burn_nft` note scripts and the `NonFungibleMintNote` / `NonFungibleBurnNote` / `NonFungibleMintNoteStorage` types; `MintNote` / `BurnNote` and `MintNoteStorage` (with fungible and non-fungible variants) now cover both faucet kinds ([#3222](https://github.com/0xMiden/protocol/pull/3222)).
- [BREAKING] Renamed the `miden::standards::metadata` module to `miden::standards::inspection` (in MASM, the `miden-standards` account components, and the `miden_standards::account::inspection` Rust module), scoping it as the home of `CodeInspection`, the storage schema, and future inspection components ([#3222](https://github.com/0xMiden/protocol/pull/3222)).
- Added `NonFungibleFaucet::asset_status` API and `AssetStatus` enum (`NotIssued` / `Issued` / `Burned`) for querying a commitment's issuance status from account storage, mirroring the on-chain `get_asset_status` procedure ([#3222](https://github.com/0xMiden/protocol/pull/3222)).
- [BREAKING] Moved the initial-state account getters (`get_initial_*`) from `miden::protocol::active_account` to `miden::protocol::native_account`. They now always operate on the native account and panic with `ERR_ACCOUNT_IS_NOT_NATIVE` when invoked from a foreign procedure invocation (FPI) context ([#2034](https://github.com/0xMiden/protocol/issues/2034)).
- Cleaned up `signature.masm` by removing redundant scheme-id validation and duplication, dropping the `neq.0` double-negation in `assert_supported_scheme_word`, and eliminating the unused `NUM_OF_APPROVERS_LOC` slot; also optimized `verify_signatures` to reuse the signer index and approver public key from the operand stack instead of round-tripping them through local memory ([#3230](https://github.com/0xMiden/protocol/pull/3230)).
- Fixed the transaction executor host honoring `AuthRequest` events emitted outside the registered auth procedure, which let untrusted note or transaction scripts force the host to sign; signature production is now restricted to the authentication procedure ([#3233](https://github.com/0xMiden/protocol/pull/3233)).
- Added the `miden::protocol::tx::compute_fee` procedure, which lets account and note code compute the transaction fee during execution ([#3211](https://github.com/0xMiden/protocol/issues/3211)).
- [BREAKING] Refactored RBAC role administration to be fully role-based, removing the `Ownable2Step` owner as an unconditional super-admin over the role graph. Replaced `RoleBasedAccessControl::empty()` with `RoleBasedAccessControl::new(initial_admin)` / `with_admins(..)` (which seed the `ADMIN` role), and renamed the `ERR_SENDER_NOT_OWNER_OR_ROLE_ADMIN` abort to `ERR_SENDER_NOT_ROLE_ADMIN` ([#3215](https://github.com/0xMiden/protocol/pull/3215)).
- Re-exported `LoadedMastForest` from `miden-tx` so consumers implementing the re-exported `MastForestStore` trait can name its return type without depending on `miden-processor` directly ([#3236](https://github.com/0xMiden/protocol/pull/3237)).
- Refactored to use `neq.1` instead of `not` in `AuthSingleSigAcl` exempt-map marker check so a non-binary marker (only reachable via storage authored outside the typed API) degrades to "authentication required" rather than aborting and permanently bricking the account ([#3206](https://github.com/0xMiden/protocol/pull/3206)).
- Split `account_id::validate` into `account_id::validate_structure` (version-independent structural checks) and `account_id::validate` (structure and the version check) ([#3188](https://github.com/0xMiden/protocol/pull/3188)).
- Added a non-zero version check to `account_id::validate_structure` so the zero account ID no longer passes structural validation ([#3216](https://github.com/0xMiden/protocol/pull/3216)).
- Changed the default `LocalTransactionProver` hash function from `BLAKE3` to `Poseidon2`, added ECDSA variants for every signature-authenticated transaction benchmark, and restructured the time counting benchmark IDs to encode the signing scheme and proving hash function (e.g. `poseidon2/falcon/single-p2id-note`) ([#3152](https://github.com/0xMiden/protocol/pull/3152)).
- [BREAKING] Renamed `AssetId` to `AssetClass`, the identifier that distinguishes assets within a faucet ([#3079](https://github.com/0xMiden/protocol/issues/3079)).
- [BREAKING] Renamed `AssetVaultKey` to `AssetId` (and `AssetVaultKeyHash` to `AssetIdHash`), so an asset is identified by an `AssetId` just as accounts and notes are identified by `AccountId` and `NoteId`. The `Asset::vault_key()` accessor is now `Asset::id()` ([#3079](https://github.com/0xMiden/protocol/issues/3079)).
- Added the `tx::get_fee_faucet_id` kernel accessor, exposing the fee faucet ID from the transaction's reference block to user code ([#2899](https://github.com/0xMiden/protocol/discussions/2899)).
- [BREAKING] Replaced the owner-only transfer allowlist/blocklist admin components (`AllowlistOwnerControlled` / `BlocklistOwnerControlled`) with authority-gated `AllowlistManager` / `BlocklistManager` ([#3277](https://github.com/0xMiden/protocol/pull/3277)).

Expand Down
22 changes: 11 additions & 11 deletions bin/bench-transaction/src/context_setups.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
use anyhow::Result;
pub use miden_agglayer::testing::ClaimDataSource;
use miden_agglayer::testing::create_existing_bridge_account_with_roles;
use miden_agglayer::{
AggLayerBridge,
B2AggNote,
Expand All @@ -11,7 +12,6 @@ use miden_agglayer::{
MetadataHash,
UpdateGerNote,
create_existing_agglayer_faucet,
create_existing_bridge_account,
};
use miden_protocol::account::auth::AuthScheme;
use miden_protocol::account::{Account, StorageMapKey};
Expand Down Expand Up @@ -191,8 +191,8 @@ fn tx_consume_two_p2id_notes_with_auth(auth_scheme: AuthScheme) -> Result<Transa
pub async fn tx_consume_claim_note(data_source: ClaimDataSource) -> Result<TransactionContext> {
let mut builder = MockChain::builder();

// CREATE BRIDGE ADMIN ACCOUNT (sends CONFIG_AGG_BRIDGE notes)
let bridge_admin = builder.add_existing_wallet(Auth::BasicAuth {
// CREATE FAUCET MANAGER ACCOUNT (sends CONFIG_AGG_BRIDGE notes)
let faucet_manager = builder.add_existing_wallet(Auth::BasicAuth {
auth_scheme: AuthScheme::Falcon512Poseidon2,
})?;

Expand All @@ -208,9 +208,9 @@ pub async fn tx_consume_claim_note(data_source: ClaimDataSource) -> Result<Trans

// CREATE BRIDGE ACCOUNT
let bridge_seed = builder.rng_mut().draw_word();
let bridge_account = create_existing_bridge_account(
let bridge_account = create_existing_bridge_account_with_roles(
bridge_seed,
bridge_admin.id(),
faucet_manager.id(),
ger_injector.id(),
ger_remover.id(),
);
Expand Down Expand Up @@ -281,7 +281,7 @@ pub async fn tx_consume_claim_note(data_source: ClaimDataSource) -> Result<Trans
is_native: false,
metadata_hash: config_metadata_hash,
},
bridge_admin.id(),
faucet_manager.id(),
bridge_account.id(),
builder.rng_mut(),
)?;
Expand Down Expand Up @@ -409,8 +409,8 @@ pub async fn tx_consume_b2agg_note(pre_populate_leaves: Option<u32>) -> Result<T

let mut builder = MockChain::builder();

// CREATE BRIDGE ADMIN ACCOUNT (sends CONFIG_AGG_BRIDGE notes)
let bridge_admin = builder.add_existing_wallet(Auth::BasicAuth {
// CREATE FAUCET MANAGER ACCOUNT (sends CONFIG_AGG_BRIDGE notes)
let faucet_manager = builder.add_existing_wallet(Auth::BasicAuth {
auth_scheme: AuthScheme::Falcon512Poseidon2,
})?;

Expand All @@ -425,9 +425,9 @@ pub async fn tx_consume_b2agg_note(pre_populate_leaves: Option<u32>) -> Result<T
})?;

// CREATE BRIDGE ACCOUNT
let mut bridge_account = create_existing_bridge_account(
let mut bridge_account = create_existing_bridge_account_with_roles(
builder.rng_mut().draw_word(),
bridge_admin.id(),
faucet_manager.id(),
ger_injector.id(),
ger_remover.id(),
);
Expand Down Expand Up @@ -467,7 +467,7 @@ pub async fn tx_consume_b2agg_note(pre_populate_leaves: Option<u32>) -> Result<T
is_native: false,
metadata_hash,
},
bridge_admin.id(),
faucet_manager.id(),
bridge_account.id(),
builder.rng_mut(),
)?;
Expand Down
Loading
Loading