* test: ofac updating tests
* feat: add registry deployment info
* chore: add gitignore for generated files
* feat: add kyc documents to upgrade scripts
* docs: update upgrade script readme for kyc
* feat: IdentityRegistryKyc v1.1.0 deployed on Celo-sepolia
Add TEE-attested OFAC root updates via updateOfacRootsWithProof
- Implementation: 0x530eEA7E5b286108926B05510491560c4bAE018e
- Adds updateOfacRootsWithProof() for ZK-verified OFAC root updates
- New errors: InvalidRootsHash, InvalidRootsCount
- New event: OfacRootsUpdatedWithProof
* feat: add OFAC rolling root window to all 4 registries
Add previousRoot storage variables to all identity registries so that
checkOfacRoots accepts both the current and previous root for each OFAC tree. This prevents verification failures for users mid-proof when roots are updated on-chain between proof generation and on-chain verification.
- Passport: 3 prev roots (passportNo, nameAndDob, nameAndYob)
- KYC, ID Card, Aadhaar: 2 prev roots each (nameAndDob, nameAndYob)
- KYC updateOfacRootsWithProof also rotates previous roots
- Added getPrev* getter functions on all registries
- Storage appended at end of each storage contract (UUPS-safe)
- 17 new tests covering all registries (window=1 acceptance/rejection)
* feat: deploy IdentityRegistryKyc v1.2.0 to Celo Sepolia
Add rolling OFAC root window: store previous roots alongside current, accept either in checkOfacRoots for graceful mid-verification transitions.
New impl: 0x6E2889Bc9baa6F53bDdf4843675155811F0AAAEd
Proxy: 0x90e907E4AaB6e9bcFB94997Af4A097e8CAadBdf3
Pending Safe multisig execution for proxy upgrade.
* feat: add TEE-attested OFAC root updates to Aadhaar, IdCard, and Passport registries
Extend updateOfacRootsWithProof() to the remaining 3 identity registries, matching the pattern already deployed on the KYC registry (v1.1.0).
- Add GCP JWT verifier, PCR0Manager, TEE address, and root CA pubkey hash storage to each registry
- Add initializeOfacProof() reinitializer for upgrade path
- Add onlyTEE modifier and updateOfacRootsWithProof() with Groth16 proof verification, TEE attestation validation, timestamp checks, and global roots hash commitment verification
- Rolling window behavior preserved: previous roots saved before overwrite
- Admin functions for updating TEE infrastructure (SECURITY_ROLE gated)
- Bumps all 3 registries to v1.3.0
* refactor: simplify updateOfacRootsWithProof to use per-registry roots hash as nonce
* fix: address CodeRabbit review comments on OFAC proof upgrade
- Add onlyProxy + onlyRole(DEFAULT_ADMIN_ROLE) guard to initializeOfacProof()
on Passport, Aadhaar, and IdCard registries to prevent front-running during
the window between upgradeToAndCall and the separate initializer call
- Fix checkOfacRoots() across all 4 registries to use atomic snapshot comparison
instead of per-root matching — prevents accepting Frankenstein pairs like
(new DOB root, old YOB root) that were never attested together
- Add IdentityRegistryKycImplV1 to PoseidonT3 linking branch in prepare.ts so
upgrade:prepare works correctly for KYC
- Add prev* slot assertions and mixed-pair rejection test to ofacUpgradePath.test.ts
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: add view getters, fix initializeOfacProof guard, add upgrade scripts
- Add getGcpJwtVerifier() and getPcr0Manager() getters to KYC and Aadhaar
- Fix initializeOfacProof guard: SECURITY_ROLE instead of DEFAULT_ADMIN_ROLE
(DEFAULT_ADMIN_ROLE is never granted in governance setup)
- Add Ignition upgrade scripts for KYC and Aadhaar registries
- Comment out registry deploy in deployKycRegistry (verifier-only redeploy)
- Update deployed_addresses.json with sepolia upgrade artifacts
- Bump KYC to v1.2.1, Aadhaar to v1.3.1
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: addresses and error selectors
* style: format registry contracts and upgrade scripts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: formatting
* fix: error selectors
* fix: error selectors
* fix: error selectors
---------
Co-authored-by: Evi Nova <tranquil_flow@protonmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor: switch to multitiered governance with multisigs
* feat: add scripts for assisting with upgrading contracts and
* test: add tests for governance upgrade
* chore: install Foundry with Hardhat compatability
* fix: add separate intializeGovernance function for upgrading
Uses reinitializer modifier for proper security around function call
* feat: migrate new function to AccessControl governance
* test: full end to end upgrade typescript test
* chore: add hardhat-upgrade
* chore: add foundry outputs to gitignore
* test: add Foundry upgrade script and test for deployed contracts
* refactor: update PCR0 inputs to be 32 bytes for GCP image hashes
Still pad to 48 bytes to ensure compatibility with mobile app.
* feat: add PCR0 migration script + test file
* fix: use custom natspec to prevent constructor warnings on upgrade
* test: cleanup tests and add role transfer to upgrade script
* test: add deployed libraries to foundry.toml for proper library linking
* chore: add /contracts/broadcast to gitignore for foundry deployments
* fix: set variable in initializer instead of defining in declaration
* test: improve upgrade test script to check all state variables
* docs: better explain safety behind using unsafeSkipStorageCheck
* doc: add guide for upgrading to AccessControl governance
* style: change multisig role names
CRITICAL_ROLE -> SECURITY_ROLE (3/5)
STANDARD_ROLE -> OPERATIONRS_ROLE (2/5)
* refactor: change OFAC + CSCA root update functions to 2/5 multisig
* fix: package version clashes + outdated code from old ver of packages
OpenZeppelin v5.5.0 no longer requires __UUPS_Upgradeable_Init, new OZ version requires opcodes that need cancun evmVersion, hard defining @noble/hashes led to clashes with other dependencies
* fix: fix PCR0 tests broken from change in byte size
* feat: add contract upgrade tooling with Safe multisig integration
- Add unified 'upgrade' Hardhat task with automatic safety checks
- Add deployment registry for version tracking
- Add Safe SDK integration for auto-proposing upgrades
- Update UPGRADE_GUIDE.md with new workflow documentation
- Validate version increments, reinitializer, and storage layout
* fix: revert fix on Hub V1 contract that is not supported
* style: update upgraded contracts to not use custom:version-history
* fix: V1 test requires old style as well
* fix: correct registry currentVersion to reflect actual deployed versions
On-chain verification confirmed all contracts are using OLD Ownable2StepUpgradeable:
- Hub: 2.11.0 (was incorrectly 2.12.0)
- Registry: 1.1.0 (was incorrectly 1.2.0)
- IdCard: 1.1.0 (was incorrectly 1.2.0)
- Aadhaar: 1.1.0 (was incorrectly 1.2.0)
Owner address: 0xcaee7aaf115f04d836e2d362a7c07f04db436bd0
* fix: upgrade script now correctly handles pre-defined versions in registry
When upgrading to a version that already exists in registry.json (like 2.12.0),
the script now uses that version's initializerVersion instead of incrementing
from the latest version. This fixes the reinitializer validation for the
governance upgrade.
* fix: upgrade script handles Ownable contracts and outputs transaction data
- Detect Ownable pattern before creating Safe proposals
- Output transaction data for owner direct execution in --prepare-only mode
- Use initializerFunction from registry (initializeGovernance) instead of constructing names
- Skip Safe proposal creation for initial Ownable → AccessControl upgrade
- After upgrade, owner grants SECURITY_ROLE to Safe for future upgrades
* feat: IdentityVerificationHub v2.12.0 deployed on Celo
- Implementation: 0x05FB9D7830889cc389E88198f6A224eA87F01151
- Changelog: Governance upgrade
* feat: IdentityRegistryIdCard v1.2.0 deployed on Celo
- Implementation: 0x7d5e4b7D4c3029aF134D50642674Af8F875118a4
- Changelog: Governance upgrade
* feat: IdentityRegistryAadhaar v1.2.0 deployed on Celo
- Implementation: 0xbD861A9cecf7B0A9631029d55A8CE1155e50697c
- Changelog: Governance upgrade
* feat: IdentityRegistry v1.2.0 deployed on Celo
- Implementation: 0x81E7F74560FAF7eE8DE3a36A5a68B6cbc429Cd36
- Changelog: Governance upgrade
* feat: add multisig addresses to registry
* feat: PCR0Manager v1.2.0 deployed on Celo
- Implementation: 0x9743fe2C1c3D2b068c56dE314e9B10DA9c904717
- Changelog: Governance upgrade
* refactor: cleanup old scripts
* chore: yarn prettier formatting
