Feat/accesscontrol temporal facets

[isihin-3]

Summary

Introduced temporal access control functionality with supporting facets, library helpers, and comprehensive tests to manage role expirations.

Changes Made

• Added AccessControlTemporalFacet providing grant/revoke flows with expiry validation.
• Added LibAccessControlTemporal exposing reusable storage helpers and events.
• Created harness contracts for both facets to support isolated testing.
• Wrote Forge tests covering expiry lookups, grant/revoke behaviour, and validation scenarios.

Checklist

Before submitting this PR, please ensure:

• Code follows the Solidity feature ban - No inheritance, constructors, modifiers, public/private variables, external library functions, using for directives, or selfdestruct

• Code follows Design Principles - Readable, uses diamond storage, favors composition over inheritance

• Code matches the codebase style - Consistent formatting, documentation, and patterns (e.g. ERC20Facet.sol)

• Code is formatted with forge fmt

• Tests are included - All new functionality has comprehensive tests

• All tests pass - Run forge test and ensure everything works

• Documentation updated - If applicable, update relevant documentation

Additional Notes

No documentation updates were required

[netlify]

‼️ Deploy request for compose-diamonds rejected.

Name	Link
🔨 Latest commit	9323621

[github-actions]

Coverage Report

Metric	Coverage	Details
Lines	63%	1052/1664 lines
Functions	71%	208/295 functions
Branches	44%	121/273 branches

Last updated: Thu, 13 Nov 2025 05:14:10 GMT for commit 67cb321

[github-actions]

Gas Report

No gas usage changes detected between main and feat/accesscontrol-temporal-facets.

All functions maintain the same gas costs. ✅

Last updated: Thu, 13 Nov 2025 05:14:34 GMT for commit 67cb321

[farismln]

hey thanks for the good work. I notice unintended outcome on the revokeTemporalRole function in certain cases. please check it out

[farismln]

there are security risk here, if _hasRole is already false it would still clear the expiry timestamp, making the said _account became permanent in the roles.

consider to only clear the expiry timestamp if _hasRole is true

[farismln]

this also have the same issue with the non Lib contract

[isihin-3]

@farismln changes are made please check the new commit

[farismln]

hey @isihin-3 the fix looks good!

also, I just realized for the revoke role that clearing the expiry is not necessary. what do you think? do you have any reason to clear the expiry time to 0 when revoking a role?
I think setting the AccessControlStorage for said account to false already sufficient, because there are checks whether the role is still true and there are checks if the expiry is not passed. maybe we can optimize gas cost that way? what is your opinion on this?

[isihin-3]

Hey @farismln , that's a great point on the gas angle. I looked into it, and I think we must keep the expiry clear for two big reasons:

• The "Re-Grant Bug": If we only set hasRole = false and leave the old expiry, a bug could happen. If an admin later grants a permanent role (using the base AccessControlFacet.grantRole), it will only set hasRole = true. The old "zombie" timestamp will still be there, accidentally turning the new permanent role into an expired one.

• Gas Cost is Negligible: As you pointed out, gas is key. But setting a non-zero storage slot to zero (non-zero -> zero) costs 5,000 gas but issues a 4,800 gas refund. The net cost is only ~200 gas.

Given the low cost, I think it's safer to clear the slot to 0 to prevent the re-grant bug and keep the state clean for off-chain tools. What do you think?

[farismln]

yeah fair point you mention @isihin-3

edit: maybe we can implement using 0 as expiry for it to be a permanent role. but maybe this would conflict with the normal access control behavior as there would be two way a permanent role can be granted when using the temporal one. but this would not be necessary if we think this temporal access control as extension of the normal facet.

[mudgen]

@isihin-3 Thanks very much for this pull request!

@farismln Thanks very much for reviewing this pull request. @farismln when you are complete with your review we can merge this pull request.

[isihin-3]

yeah fair point you mention @isihin-3

edit: maybe we can implement using 0 as expiry for it to be a permanent role. but maybe this would conflict with the normal access control behavior as there would be two way a permanent role can be granted when using the temporal one. but this would not be necessary if we think this temporal access control as extension of the normal facet.

The user has to check which facet is taken in use. According to that they can decide

[farismln]

the changes fixed the issue from before. looks good!!

[farismln]

looks good. thanks for the fix

[farismln]

the approach different with the non lib ones where this is return early. but the issue are fixed on both cases. thanks

[farismln]

hi @mudgen I already reviewed the fixes.

[mudgen]

@farismln @isihin-3 Thanks, good job!