search

社会恢复 + 企业 IAM — 实现

For Claude: REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.

Goal: Extend the BabyDriver DID system with social recovery (N-of-M guardians + timelock), enterprise IAM (organizations + roles + permission bitmaps), and selective disclosure (ZK-based attribute-level verification).

Architecture: Extend DIDRegistry (0x8017) with recovery logic, extend IdentityVerifier (0x8019) with disclosure policies, and create new EnterpriseIAM system contract (0x801A). Each has a Local test variant for Foundry testing. All L1-sync via L1Messenger.

Tech Stack: Solidity ^0.8.26/^0.8.28, Foundry (forge test), zksync system contracts, L1Messenger

Design doc: docs/plans/2026-03-06-phase5c-design.md

hashtag
Key Paths

Alias
Path

CONTRACTS

/Users/judybaby/CodeBase/github/Layer2/contracts

SYS

/Users/judybaby/CodeBase/github/Layer2/era-contracts-l1/system-contracts/contracts

TEST

/Users/judybaby/CodeBase/github/Layer2/contracts/test

DID_SRC

/Users/judybaby/CodeBase/github/Layer2/contracts/src/did

hashtag
Existing Files Reference

Interfaces (system contract):

  • SYS/interfaces/IDIDRegistry.sol — 36 lines, struct DIDDocument, 5 events, 9 functions

  • SYS/interfaces/IIdentityVerifier.sol — 53 lines, enum VerificationMode, 6 events, 14 functions

Implementations (system contract):

  • SYS/DIDRegistry.sol — 180 lines, uses onlySystemCall, L1Messenger sync

  • SYS/IdentityVerifier.sol — 299 lines, uses onlySystemCall, Groth16 dispatch

Local test variants:

  • DID_SRC/IDIDRegistryLocal.sol — 30 lines, mirrors IDIDRegistry without system deps

  • DID_SRC/DIDRegistryLocal.sol — 111 lines, no onlySystemCall, no L1Messenger

  • DID_SRC/IdentityVerifierLocal.sol — 217 lines, constructor(didReg, credReg, admin)

  • DID_SRC/CredentialRegistryLocal.sol — 103 lines, constructor(didReg)

Constants:

  • SYS/Constants.sol:111-121 — BabyDriver system contracts 0x8016-0x8019

  • New 0x801A goes after line 121

Test pattern (from TEST/DIDRegistry.t.sol):

hashtag
Task 1: IDIDRegistryLocal — Add Recovery Interface

Files:

  • Modify: DID_SRC/IDIDRegistryLocal.sol:1-30

Step 1: Add recovery events and functions to the interface

Open contracts/src/did/IDIDRegistryLocal.sol and append the following after line 19 (after DelegateRevoked event) and before line 21 (before createDID function):

And append the following after line 29 (after getNonce function), before the closing }:

Step 2: Verify it compiles

Run: cd /Users/judybaby/CodeBase/github/Layer2/contracts && forge build Expected: Compilation warnings about unimplemented functions (DIDRegistryLocal doesn't yet implement the new functions) — this is correct, the interface compiles.

Step 3: Commit

hashtag
Task 2: DIDRegistryLocal — Implement Social Recovery

Files:

  • Modify: DID_SRC/DIDRegistryLocal.sol:1-111

Step 1: Add recovery storage and errors after existing errors (line 20)

After the existing error declarations (line 20 EmptyVerificationMethods), add:

Step 2: Add recovery structs and storage after _nonces mapping (line 12)

After line 12 (mapping(address => uint256) private _nonces;), add:

Step 3: Add recovery implementation functions before the closing }

Append these functions at the end of the contract (before closing }):

Step 4: Verify compilation

Run: cd /Users/judybaby/CodeBase/github/Layer2/contracts && forge build Expected: Compiles clean

Step 5: Commit

hashtag
Task 3: Social Recovery Tests

Files:

  • Create: TEST/DIDRegistryRecovery.t.sol

Step 1: Write the test file

Create contracts/test/DIDRegistryRecovery.t.sol:

Step 2: Run tests to verify they pass

Run: cd /Users/judybaby/CodeBase/github/Layer2/contracts && forge test --match-contract DIDRegistryRecoveryTest -v Expected: All tests pass (20 tests)

Step 3: Commit

hashtag
Task 4: IEnterpriseIAM Interface + EnterpriseIAMLocal Contract

Files:

  • Create: DID_SRC/IEnterpriseIAMLocal.sol

  • Create: DID_SRC/EnterpriseIAMLocal.sol

Step 1: Create the interface

Create contracts/src/did/IEnterpriseIAMLocal.sol:

Step 2: Create the implementation

Create contracts/src/did/EnterpriseIAMLocal.sol:

Step 3: Verify compilation

Run: cd /Users/judybaby/CodeBase/github/Layer2/contracts && forge build Expected: Compiles clean

Step 4: Commit

hashtag
Task 5: Enterprise IAM Tests

Files:

  • Create: TEST/EnterpriseIAM.t.sol

Step 1: Write the test file

Create contracts/test/EnterpriseIAM.t.sol:

Step 2: Run tests

Run: cd /Users/judybaby/CodeBase/github/Layer2/contracts && forge test --match-contract EnterpriseIAMTest -v Expected: All tests pass (~22 tests)

Step 3: Commit

hashtag
Task 6: IdentityVerifierLocal — Add Selective Disclosure

Files:

  • Modify: DID_SRC/IdentityVerifierLocal.sol:1-217

Step 1: Add disclosure storage after _usedProofs (line 27)

After mapping(bytes32 => bool) private _usedProofs; (line 27), add:

Step 2: Add new errors after existing errors (after line 36 InvalidProof)

Step 3: Add disclosure functions before setOracleHub (before line 162)

Insert before the setOracleHub function:

Step 4: Verify compilation

Run: cd /Users/judybaby/CodeBase/github/Layer2/contracts && forge build Expected: Compiles clean

Step 5: Commit

hashtag
Task 7: Selective Disclosure Tests

Files:

  • Create: TEST/IdentityVerifierDisclosure.t.sol

Step 1: Write the test file

Create contracts/test/IdentityVerifierDisclosure.t.sol:

Step 2: Run tests

Run: cd /Users/judybaby/CodeBase/github/Layer2/contracts && forge test --match-contract IdentityVerifierDisclosureTest -v Expected: All tests pass (~13 tests)

Step 3: Commit

hashtag
Task 8: System Contracts — Update IDIDRegistry Interface

Files:

  • Modify: SYS/interfaces/IDIDRegistry.sol:1-36

Step 1: Add recovery events and functions to the system contract interface

After line 20 (DelegateRevoked event), add:

After line 35 (getNonce function), before the closing }, add:

Step 2: Commit

hashtag
Task 9: System Contracts — DIDRegistry Social Recovery Implementation

Files:

  • Modify: SYS/DIDRegistry.sol:1-180

Step 1: Add recovery errors after existing errors (after line 28 EmptyVerificationMethods)

Step 2: Add recovery storage after _nonces (after line 18)

Step 3: Add recovery functions at the end of the contract (before closing })

Same logic as DIDRegistryLocal (Task 2), but with L1Messenger sync for initiateRecovery and executeRecovery:

Step 4: Commit

hashtag
Task 10: System Contracts — IEnterpriseIAM + EnterpriseIAM + Constants Registration

Files:

  • Create: SYS/interfaces/IEnterpriseIAM.sol

  • Create: SYS/EnterpriseIAM.sol

  • Modify: SYS/Constants.sol:121

Step 1: Add constant to Constants.sol after line 121 (after IDENTITY_VERIFIER)

After line 121 (address constant IDENTITY_VERIFIER_SYSTEM_CONTRACT = ...;), add:

Step 2: Create the IEnterpriseIAM interface

Create SYS/interfaces/IEnterpriseIAM.sol:

Step 3: Create the EnterpriseIAM system contract

Create SYS/EnterpriseIAM.sol:

Step 4: Commit

hashtag
Task 11: System Contracts — IIdentityVerifier + IdentityVerifier Selective Disclosure

Files:

  • Modify: SYS/interfaces/IIdentityVerifier.sol:1-53

  • Modify: SYS/IdentityVerifier.sol:1-299

Step 1: Add disclosure events and functions to IIdentityVerifier

After line 39 (CircuitVerifierSet event), add:

Step 2: Add disclosure storage and errors to IdentityVerifier.sol

After mapping(bytes32 => bool) private _usedProofs; (line 22), add:

After error InvalidProof(); (line 31), add:

Step 3: Add disclosure functions before the credit score section (before getPersonalCreditScore)

Step 4: Commit

hashtag
Task 12: E2E Cross-Contract Tests

Files:

  • Create: TEST/Phase5cE2E.t.sol

Step 1: Write cross-contract E2E test

Create contracts/test/Phase5cE2E.t.sol:

Step 2: Run all tests

Run: cd /Users/judybaby/CodeBase/github/Layer2/contracts && forge test --match-contract Phase5cE2ETest -v Expected: All 4 E2E tests pass

Step 3: Commit

hashtag
Task 13: Full Regression + Compile System Contracts

Files: All existing test files

Step 1: Run full Foundry test suite

Run: cd /Users/judybaby/CodeBase/github/Layer2/contracts && forge test -v Expected: All tests pass (existing ~58 + new ~59 = ~117 total)

Step 2: Compile system contracts

Run:

Expected: Preprocessing completes (copies modified DIDRegistry, IdentityVerifier, and new EnterpriseIAM to contracts-preprocessed/)

Note: Full yarn build for system contracts may require additional setup (hardhat-zksync-solc, zksolc). If it fails on compiler, that's expected in local dev — the preprocessed files are the key output.

Step 3: Verify EnterpriseIAM appears in contracts-preprocessed

Run: ls /Users/judybaby/CodeBase/github/Layer2/era-contracts-l1/system-contracts/contracts-preprocessed/EnterpriseIAM.sol Expected: File exists

hashtag
Task 14: Update dev-log + Final Commit

Files:

  • Modify: /Users/judybaby/CodeBase/github/Layer2/docs/dev-log.md

Step 1: Add Phase 5c entry to dev-log

Append to docs/dev-log.md:

Step 2: Commit everything

hashtag
Summary

Task
Description
Tests
Files

1

IDIDRegistryLocal recovery interface

1 modify

2

DIDRegistryLocal recovery impl

1 modify

3

Social recovery tests

20

1 create

4

IEnterpriseIAMLocal + EnterpriseIAMLocal

2 create

5

Enterprise IAM tests

22

1 create

6

IdentityVerifierLocal disclosure impl

1 modify

7

Selective disclosure tests

13

1 create

8

IDIDRegistry system interface

1 modify

9

DIDRegistry system contract recovery

1 modify

10

IEnterpriseIAM + EnterpriseIAM sys + Constants

3 create, 1 modify

11

IIdentityVerifier + IdentityVerifier disclosure

2 modify

12

E2E cross-contract tests

4

1 create

13

Full regression + compile system contracts

14

Dev-log update

1 modify

Total

~59 new tests

9 create, 8 modify

Previous社会恢复 + 企业 IAM — 设计NextSepolia AWS 全球部署

Last updated