* refactor: switch to multitiered governance with multisigs
* feat: add scripts for assisting with upgrading contracts and
* test: add tests for governance upgrade
* chore: install Foundry with Hardhat compatability
* fix: add separate intializeGovernance function for upgrading
Uses reinitializer modifier for proper security around function call
* feat: migrate new function to AccessControl governance
* test: full end to end upgrade typescript test
* chore: add hardhat-upgrade
* chore: add foundry outputs to gitignore
* test: add Foundry upgrade script and test for deployed contracts
* refactor: update PCR0 inputs to be 32 bytes for GCP image hashes
Still pad to 48 bytes to ensure compatibility with mobile app.
* feat: add PCR0 migration script + test file
* fix: use custom natspec to prevent constructor warnings on upgrade
* test: cleanup tests and add role transfer to upgrade script
* test: add deployed libraries to foundry.toml for proper library linking
* chore: add /contracts/broadcast to gitignore for foundry deployments
* fix: set variable in initializer instead of defining in declaration
* test: improve upgrade test script to check all state variables
* docs: better explain safety behind using unsafeSkipStorageCheck
* doc: add guide for upgrading to AccessControl governance
* style: change multisig role names
CRITICAL_ROLE -> SECURITY_ROLE (3/5)
STANDARD_ROLE -> OPERATIONRS_ROLE (2/5)
* refactor: change OFAC + CSCA root update functions to 2/5 multisig
* fix: package version clashes + outdated code from old ver of packages
OpenZeppelin v5.5.0 no longer requires __UUPS_Upgradeable_Init, new OZ version requires opcodes that need cancun evmVersion, hard defining @noble/hashes led to clashes with other dependencies
* fix: fix PCR0 tests broken from change in byte size
* feat: add contract upgrade tooling with Safe multisig integration
- Add unified 'upgrade' Hardhat task with automatic safety checks
- Add deployment registry for version tracking
- Add Safe SDK integration for auto-proposing upgrades
- Update UPGRADE_GUIDE.md with new workflow documentation
- Validate version increments, reinitializer, and storage layout
* fix: revert fix on Hub V1 contract that is not supported
* style: update upgraded contracts to not use custom:version-history
* fix: V1 test requires old style as well
* fix: correct registry currentVersion to reflect actual deployed versions
On-chain verification confirmed all contracts are using OLD Ownable2StepUpgradeable:
- Hub: 2.11.0 (was incorrectly 2.12.0)
- Registry: 1.1.0 (was incorrectly 1.2.0)
- IdCard: 1.1.0 (was incorrectly 1.2.0)
- Aadhaar: 1.1.0 (was incorrectly 1.2.0)
Owner address: 0xcaee7aaf115f04d836e2d362a7c07f04db436bd0
* fix: upgrade script now correctly handles pre-defined versions in registry
When upgrading to a version that already exists in registry.json (like 2.12.0),
the script now uses that version's initializerVersion instead of incrementing
from the latest version. This fixes the reinitializer validation for the
governance upgrade.
* fix: upgrade script handles Ownable contracts and outputs transaction data
- Detect Ownable pattern before creating Safe proposals
- Output transaction data for owner direct execution in --prepare-only mode
- Use initializerFunction from registry (initializeGovernance) instead of constructing names
- Skip Safe proposal creation for initial Ownable → AccessControl upgrade
- After upgrade, owner grants SECURITY_ROLE to Safe for future upgrades
* feat: IdentityVerificationHub v2.12.0 deployed on Celo
- Implementation: 0x05FB9D7830889cc389E88198f6A224eA87F01151
- Changelog: Governance upgrade
* feat: IdentityRegistryIdCard v1.2.0 deployed on Celo
- Implementation: 0x7d5e4b7D4c3029aF134D50642674Af8F875118a4
- Changelog: Governance upgrade
* feat: IdentityRegistryAadhaar v1.2.0 deployed on Celo
- Implementation: 0xbD861A9cecf7B0A9631029d55A8CE1155e50697c
- Changelog: Governance upgrade
* feat: IdentityRegistry v1.2.0 deployed on Celo
- Implementation: 0x81E7F74560FAF7eE8DE3a36A5a68B6cbc429Cd36
- Changelog: Governance upgrade
* feat: add multisig addresses to registry
* feat: PCR0Manager v1.2.0 deployed on Celo
- Implementation: 0x9743fe2C1c3D2b068c56dE314e9B10DA9c904717
- Changelog: Governance upgrade
* refactor: cleanup old scripts
* chore: yarn prettier formatting
* chore: remove android private modules doc
* private repo pull
* skip private modules
* remove unused circuits building
* save wip
* format
* restore tsconfig
* fix package install
* fix internal repo cloning
* unify logic and fix cloning
* git clone internal repos efficiently
* formatting
* run app yarn reinstall from root
* coderabbit feedback
* coderabbit suggestions
* remove skip private modules logic
* fix: ensure PAT is passed through yarn-install action and handle missing PAT gracefully
- Update yarn-install action to pass SELFXYZ_INTERNAL_REPO_PAT to yarn install
- Make setup-private-modules.cjs skip gracefully when PAT is unavailable in CI
- Fixes issue where setup script was throwing error instead of skipping for forks
* prettier
* fix clone ci
* clone ci fixes
* fix import export sorts
* fix instructions
* fix: remove SelfAppBuilder re-export to fix duplicate export error
- Remove SelfAppBuilder import/export from @selfxyz/qrcode
- Update README to import SelfAppBuilder directly from @selfxyz/common
- Fixes CI build failure with duplicate export error
* fix: unify eslint-plugin-sort-exports version across workspaces
- Update mobile-sdk-alpha from 0.8.0 to 0.9.1 to match other workspaces
- Removes yarn.lock version conflict causing CI/local behavior mismatch
- Fixes quality-checks workflow linting failure
* fix: bust qrcode SDK build cache to resolve stale SelfAppBuilder issue
- Increment GH_SDK_CACHE_VERSION from v1 to v2
- Forces CI to rebuild artifacts from scratch instead of using cached version
- Resolves quality-checks linter error showing removed SelfAppBuilder export
* skip job
* test yarn cache
* bump cache version to try and fix the issue
* revert cache version
* refactor: use direct re-exports for cleaner qrcode package structure
- Replace import-then-export pattern with direct re-exports
- Keep SelfAppBuilder export with proper alphabetical sorting (before SelfQRcode)
- Maintain API compatibility as documented in README
- Eliminates linter sorting issues while keeping clean code structure
* fix: separate type and value imports in README examples
- Import SelfApp as type since it's an interface
- Import SelfAppBuilder as value since it's a class
- Follows TypeScript best practices and improves tree shaking
* retrieve the ofac trees from the api
* remove the ofac trees from the common repo
* fix ofac test
* yarn nice
* yarn nice
* yarn nice
* refactor ofac fetching
