chore: .gitignore and README updates

Made-with: Cursor
2026-04-21 22:00:55 -07:00
parent 843cdbf71c
commit 768168de5e
37 changed files with 505 additions and 118 deletions
--- a/script/deploy/DeploySingleCWToken.s.sol
+++ b/script/deploy/DeploySingleCWToken.s.sol
@@ -14,6 +14,9 @@ import {CompliantWrappedToken} from "../../contracts/tokens/CompliantWrappedToke
 *   CW_TOKEN_NAME (required)
 *   CW_TOKEN_SYMBOL (required)
 *   CW_TOKEN_DECIMALS (optional, default 6)
+ *   CW_STRICT_MODE=0 (optional override) — by default deployer MINTER/BURNER are revoked after bridge grant
+ *   CW_GOVERNANCE_ADMIN=0x... (optional) — grant DEFAULT_ADMIN_ROLE to governance; if strict, revoke deployer admin when governance is set
+ *   CW_FREEZE_OPERATIONAL_ROLES=0 (optional override) — by default freeze future MINTER/BURNER changes after setup
 */
 contract DeploySingleCWToken is Script {
    function run() external {
@@ -23,6 +26,9 @@ contract DeploySingleCWToken is Script {
        string memory tokenName = vm.envString("CW_TOKEN_NAME");
        string memory tokenSymbol = vm.envString("CW_TOKEN_SYMBOL");
        uint8 decimals_ = uint8(vm.envOr("CW_TOKEN_DECIMALS", uint256(6)));
+        bool strictMode = vm.envOr("CW_STRICT_MODE", uint256(1)) == 1;
+        bool freezeOperationalRoles = vm.envOr("CW_FREEZE_OPERATIONAL_ROLES", uint256(1)) == 1;
+        address governanceAdmin = vm.envOr("CW_GOVERNANCE_ADMIN", address(0));

        require(bridge != address(0), "CW_BRIDGE_ADDRESS required");
        require(bytes(tokenName).length != 0, "CW_TOKEN_NAME required");
@@ -34,10 +40,32 @@ contract DeploySingleCWToken is Script {
        token.grantRole(token.MINTER_ROLE(), bridge);
        token.grantRole(token.BURNER_ROLE(), bridge);

+        if (strictMode) {
+            token.revokeRole(token.MINTER_ROLE(), admin);
+            token.revokeRole(token.BURNER_ROLE(), admin);
+        }
+
+        if (governanceAdmin != address(0) && governanceAdmin != admin) {
+            token.grantRole(token.DEFAULT_ADMIN_ROLE(), governanceAdmin);
+        }
+
+        if (freezeOperationalRoles) {
+            token.freezeOperationalRoles();
+        }
+
+        if (strictMode && governanceAdmin != address(0) && governanceAdmin != admin) {
+            token.revokeRole(token.DEFAULT_ADMIN_ROLE(), admin);
+        }
+
        vm.stopBroadcast();

        console.log(tokenSymbol, address(token));
        console.log("  bridge", bridge);
+        console.log("  strictMode", strictMode);
+        console.log("  governanceAdmin", governanceAdmin);
+        console.log("  operationalRolesFrozen", token.operationalRolesFrozen());
+        console.log("  deployerHasMinter", token.hasRole(token.MINTER_ROLE(), admin));
+        console.log("  deployerHasBurner", token.hasRole(token.BURNER_ROLE(), admin));
        console.log("  bridgeHasMinter", token.hasRole(token.MINTER_ROLE(), bridge));
        console.log("  bridgeHasBurner", token.hasRole(token.BURNER_ROLE(), bridge));
    }