Dev/0.2.0

.gitignore

@@ -1 +1,19 @@
-**/log
+# Compiler files
+cache/
+out/
+
+# Ignores development broadcast logs
+!/broadcast
+/broadcast/*/31337/
+/broadcast/**/dry-run/
+
+# Docs
+docs/
+
+# Dotenv file
+.env
+
+coverage/
+lcov.info
+log/
+

.gitmodules

@@ -1,110 +0,0 @@
-[submodule "validators/webauthn/lib/forge-std"]
-	path = validators/webauthn/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "signers/ecdsa/lib/forge-std"]
-	path = signers/ecdsa/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "validators/webauthn/lib/openzeppelin-contracts"]
-	path = validators/webauthn/lib/openzeppelin-contracts
-	url = https://github.com/openzeppelin/openzeppelin-contracts
-[submodule "signers/ecdsa/lib/kernel_v3"]
-	path = signers/ecdsa/lib/kernel_v3
-	url = https://github.com/zerodevapp/kernel
-	branch = release/v3.1
-[submodule "signers/ecdsa/lib/solady"]
-	path = signers/ecdsa/lib/solady
-	url = https://github.com/vectorized/solady
-[submodule "policies/signature-caller/lib/forge-std"]
-	path = policies/signature-caller/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "policies/signature-caller/lib/kernel_v3"]
-	path = policies/signature-caller/lib/kernel_v3
-	url = https://github.com/zerodevapp/kernel
-branch = release/v3.1
-[submodule "policies/call-policy/lib/forge-std"]
-	path = policies/call-policy/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "policies/call-policy/lib/kernel_v3"]
-	path = policies/call-policy/lib/kernel_v3
-	url = https://github.com/zerodevapp/kernel
-branch = release/v3.1
-[submodule "policies/ratelimit/lib/forge-std"]
-	path = policies/ratelimit/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "policies/gas/lib/forge-std"]
-	path = policies/gas/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "policies/gas/lib/kernel_v3"]
-	path = policies/gas/lib/kernel_v3
-	url = https://github.com/zerodevapp/kernel
-branch = release/v3.1
-[submodule "policies/ratelimit/lib/kernel_v3"]
-	path = policies/ratelimit/lib/kernel_v3
-	url = https://github.com/zerodevapp/kernel
-branch = release/v3.1
-[submodule "policies/timestamp/lib/forge-std"]
-	path = policies/timestamp/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "policies/timestamp/lib/kernel_v3"]
-	path = policies/timestamp/lib/kernel_v3
-	url = https://github.com/zerodevapp/kernel
-branch = release/v3.1
-[submodule "signers/webauthn/lib/forge-std"]
-	path = signers/webauthn/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "signers/webauthn/lib/openzeppelin-contracts"]
-	path = signers/webauthn/lib/openzeppelin-contracts
-	url = https://github.com/openzeppelin/openzeppelin-contracts
-[submodule "policies/sudo/lib/forge-std"]
-	path = policies/sudo/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "policies/sudo/lib/kernel_v3"]
-	path = policies/sudo/lib/kernel_v3
-	url = https://github.com/zerodevapp/kernel
-branch = release/v3.1
-[submodule "actions/recovery/lib/forge-std"]
-	path = actions/recovery/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "actions/recovery/lib/kernel_v3"]
-	path = actions/recovery/lib/kernel_v3
-	url = https://github.com/zerodevapp/kernel
-branch = release/v3.1
-[submodule "hooks/onlyEntrypoint/lib/forge-std"]
-	path = hooks/onlyEntrypoint/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "hooks/onlyEntrypoint/lib/kernel_v3"]
-	path = hooks/onlyEntrypoint/lib/kernel_v3
-	url = https://github.com/zerodevapp/kernel
-	branch = release/v3.1
-[submodule "signers/webauthn/lib/kernel"]
-	path = signers/webauthn/lib/kernel
-	url = https://github.com/zerodevapp/kernel
-	branch = release/v3.1
-[submodule "hooks/spendlingLimits/lib/forge-std"]
-	path = hooks/spendlingLimits/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "hooks/spendlingLimits/lib/kernel"]
-	path = hooks/spendlingLimits/lib/kernel
-	url = https://github.com/zerodevapp/kernel
-	branch = release/v3.1
-[submodule "hooks/spendlingLimits/lib/solady"]
-	path = hooks/spendlingLimits/lib/solady
-	url = https://github.com/vectorized/solady
-[submodule "hooks/caller/lib/forge-std"]
-	path = hooks/caller/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "hooks/caller/lib/kernel"]
-	path = hooks/caller/lib/kernel
-	url = https://github.com/zerodevapp/kernel
-[submodule "validators/erc1271/lib/forge-std"]
-	path = validators/erc1271/lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
-[submodule "validators/erc1271/lib/kernel"]
-	path = validators/erc1271/lib/kernel
-	url = https://github.com/zerodevapp/kernel
-[submodule "validators/erc1271/lib/safe-smart-account"]
-	path = validators/erc1271/lib/safe-smart-account
-	url = https://github.com/safe-global/safe-smart-account
-[submodule "lib/safe-smart-account"]
-	path = lib/safe-smart-account
-	url = https://github.com/safe-global/safe-smart-account

AUDIT_OVERVIEW.md

@@ -0,0 +1,16 @@
+# Audit Overview – ERC-7579 Plugins
+
+**Scope** `src/policies`, `src/signers`, `src/validators` (WebAuthn excluded) **Rev** 1.2 **Date** 2025-11-06
+
+**Module IDs** 1 `VALIDATOR`, 2 `EXECUTOR` (unused), 3 `FALLBACK` (unused), 4 `HOOK`, 5 `POLICY`, 6 `SIGNER`, 7 `STATELESS_VALIDATOR`, 8 `STATELESS_VALIDATOR_WITH_SENDER`. Modules only claim IDs they fully implement.
+
+**Policies**
+- SignaturePolicy — types 5/10; tracks caller allowlists per `(id, wallet)`; stateless helper expects caller list in calldata.
+- TimelockPolicy — types 5/7/10; proposal → execute flow with delay/expiry; detects no-op calldata; proposals keyed by `(account, calldata hash, nonce)`.
+
+**Signers**
+- ECDSASigner — types 6/7/10; one signer per `(id, wallet)`; eth-signed fallback; stateless helpers take signer address from calldata.
+- WeightedECDSASigner — types 6/7/10; weighted guardians + threshold; enforces ascending signer order; stateless helper uses supplied guardian data.
+
+**Validators**
+- ECDSAValidator — types 1/4/7/10; single owner per account; `preCheck` enforces owner-only execution; stateless helpers take owner from calldata.