Update to CMTAT v3.3.0-rc1

Author: rya-sge

AGENTS.md

@@ -127,12 +127,19 @@ function _checkRule(address rule_) internal view virtual override {
 ### Rule Execution Flow
 
 ```
-Token.transfer() → RuleEngine.transferred(from, to, value)
-                    ├── onlyBoundToken modifier (caller must be bound)
-                    └── for each rule in _rules:
-                          rule.transferred(from, to, value)  // reverts if disallowed
+Token operation → RuleEngine.transferred(spender, from, to, value)   ← used by CMTAT v3.3.0+ for all operations
+                   ├── onlyBoundToken modifier (caller must be bound)
+                   └── for each rule in _rules:
+                         rule.transferred(spender, from, to, value)  // reverts if disallowed
+
+                  RuleEngine.transferred(from, to, value)            ← 3-arg fallback (spender == address(0))
+                   ├── onlyBoundToken modifier
+                   └── for each rule in _rules:
+                         rule.transferred(from, to, value)
 ```
 
+Since CMTAT v3.3.0, mint (`from == address(0)`) and burn (`to == address(0)`) also go through the 4-argument overload with the operator as `spender`. Rules that check `spender` must skip or adapt that check for mint/burn to avoid blocking those operations unintentionally.
+
 View path: `detectTransferRestriction()` iterates rules, returns first non-zero code.
 
 ### Storage: EnumerableSet

CLAUDE.md

@@ -127,12 +127,19 @@ function _checkRule(address rule_) internal view virtual override {
 ### Rule Execution Flow
 
 ```
-Token.transfer() → RuleEngine.transferred(from, to, value)
-                    ├── onlyBoundToken modifier (caller must be bound)
-                    └── for each rule in _rules:
-                          rule.transferred(from, to, value)  // reverts if disallowed
+Token operation → RuleEngine.transferred(spender, from, to, value)   ← used by CMTAT v3.3.0+ for all operations
+                   ├── onlyBoundToken modifier (caller must be bound)
+                   └── for each rule in _rules:
+                         rule.transferred(spender, from, to, value)  // reverts if disallowed
+
+                  RuleEngine.transferred(from, to, value)            ← 3-arg fallback (spender == address(0))
+                   ├── onlyBoundToken modifier
+                   └── for each rule in _rules:
+                         rule.transferred(from, to, value)
 ```
 
+Since CMTAT v3.3.0, mint (`from == address(0)`) and burn (`to == address(0)`) also go through the 4-argument overload with the operator as `spender`. Rules that check `spender` must skip or adapt that check for mint/burn to avoid blocking those operations unintentionally.
+
 View path: `detectTransferRestriction()` iterates rules, returns first non-zero code.
 
 ### Storage: EnumerableSet

README.md

@@ -77,7 +77,7 @@ This diagram illustrates how a transfer with a CMTAT or ERC-3643 token with a Ru
 
 | RuleEngine version                                           | Compatible Versions                                          |
 | ------------------------------------------------------------ | ------------------------------------------------------------ |
-| **v3.0.0-rc3**                                               | CMTAT ≥ v3.0.0<br />CMTAT target version: [v3.2.0](https://github.com/CMTA/CMTAT/releases/tag/v3.2.0) |
+| **v3.0.0-rc3**                                               | CMTAT ≥ v3.0.0<br />CMTAT target version: [v3.3.0](https://github.com/CMTA/CMTAT/releases/tag/v3.3.0) |
 | **v3.0.0-rc2**                                               | CMTAT ≥ v3.0.0<br />CMTAT target version: [v3.2.0](https://github.com/CMTA/CMTAT/releases/tag/v3.2.0) |
 | **v3.0.0-rc1**                                               | CMTAT ≥ v3.0.0<br />CMTAT target version: [v3.2.0](https://github.com/CMTA/CMTAT/releases/tag/v3.2.0) |
 | **v3.0.0-rc0**                                               | CMTAT ≥ v3.0.0<br />                                         |
@@ -147,17 +147,29 @@ If you need non-standard helper functions (batch bind/unbind, self-binding appro
 
 ### Like CMTAT
 
-Before each ERC-20 transfer, the CMTAT calls the function `transferred` which is the entrypoint for the RuleEngine.
+Before each ERC-20 transfer, mint, or burn, CMTAT calls the RuleEngine through the internal function `_checkTransferred`, which dispatches to one of two `transferred` overloads depending on whether a non-zero spender is present.
 
 ```solidity
-function transferred(address from,address to,uint256 value)
+// Called when spender == address(0)
+function transferred(address from, address to, uint256 value)
+
+// Called when spender != address(0)
+function transferred(address spender, address from, address to, uint256 value)
 ```
 
-If you want to apply restrictions on the spender address, you have to call the `transferred` function which takes the spender argument in your ERC-20  function `transferFrom`.
+#### CMTAT v3.3.0 — mint and burn use the spender path
 
-```solidity
-function transferred(address spender,address from,address to,uint256 value)
-```
+Since CMTAT v3.3.0, **mint and burn operations also go through the 4-argument overload**, with the operator (minter or burner) passed as `spender`:
+
+| Operation | `spender` | `from` | `to` |
+|-----------|-----------|--------|------|
+| `transfer` / `transferFrom` | caller / approved spender | token holder | recipient |
+| `mint` | minter (`_msgSender()`) | `address(0)` | recipient |
+| `burn` | burner (`_msgSender()`) | token holder | `address(0)` |
+
+The 3-argument overload is only called when `spender == address(0)`, which does not occur in normal CMTAT v3.3.0 flows.
+
+> **Rule authoring note:** Rules that check the `spender` argument in `transferred(spender, from, to, value)` must explicitly handle the mint (`from == address(0)`) and burn (`to == address(0)`) cases. A spender check that is intended only for `transferFrom` will also fire for mints and burns unless the rule skips it when `from` or `to` is the zero address. See `RuleWhitelist` and `RuleSpenderWhitelist` in the Rules repository for reference implementations.
 
 For example, CMTAT defines the interaction with the RuleEngine inside a specific module, [ValidationModuleRuleEngine](https://github.com/CMTA/CMTAT/blob/master/contracts/modules/wrapper/extensions/ValidationModule/ValidationModuleRuleEngine.sol) and [CMTATBaseRuleEngine](https://github.com/CMTA/CMTAT/blob/master/contracts/modules/1_CMTATBaseRuleEngine.sol).
 
@@ -169,7 +181,7 @@ For example, CMTAT defines the interaction with the RuleEngine inside a specific
 
 ![checkTransferred](./doc/other/CMTAT/checkTransferred.png)
 
-This function `_transferred` is called before each transfer/burn/mint through the internal function `_checkTransferred` defined in [CMTAT_BASE](https://github.com/CMTA/CMTAT/blob/23a1e59f913d079d0c09d32fafbd95ab2d426093/contracts/modules/CMTAT_BASE.sol#L198).
+This function `_transferred` is called before each transfer/burn/mint through the internal function `_checkTransferred`.
 
 ### Like ERC-3643
 

script/CMTATWithRuleEngineScript.s.sol

@@ -5,7 +5,7 @@
 pragma solidity ^0.8.20;
 
 import {Script, console} from "forge-std/Script.sol";
-import {ICMTATConstructor, CMTATStandalone} from "CMTAT/deployment/CMTATStandalone.sol";
+import {ICMTATConstructor, CMTATStandardStandalone} from "CMTAT/deployment/CMTATStandardStandalone.sol";
 import {IERC1643CMTAT} from "CMTAT/interfaces/tokenization/draft-IERC1643CMTAT.sol";
 import {IRuleEngine} from "CMTAT/interfaces/engine/IRuleEngine.sol";
 import {RuleEngine} from "src/deployment/RuleEngine.sol";
@@ -35,8 +35,8 @@ contract CMTATWithRuleEngineScript is Script {
                 "CMTAT_info"
             );
         ICMTATConstructor.Engine memory engines = ICMTATConstructor.Engine(IRuleEngine(address(0)));
-        CMTATStandalone cmtatContract =
-            new CMTATStandalone(trustedForwarder, admin, erc20Attributes, extraInformationAttributes, engines);
+        CMTATStandardStandalone cmtatContract =
+            new CMTATStandardStandalone(trustedForwarder, admin, erc20Attributes, extraInformationAttributes, engines);
         console.log("CMTAT cmtatContract : ", address(cmtatContract));
         // whitelist
         RuleWhitelist ruleWhitelist = new RuleWhitelist(admin, trustedForwarder);

src/mocks/rules/operation/RuleMintAllowance.sol

@@ -0,0 +1,123 @@
+// SPDX-License-Identifier: MPL-2.0
+pragma solidity ^0.8.20;
+
+import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
+import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
+import {IRule} from "../../../interfaces/IRule.sol";
+import {RuleInterfaceId} from "../../../modules/library/RuleInterfaceId.sol";
+import {RuleMintAllowanceInvariantStorage} from "./abstract/RuleMintAllowanceInvariantStorage.sol";
+
+/**
+ * @title RuleMintAllowance
+ * @notice Rule that enforces per-minter mint allowances set by the contract admin.
+ *         The admin grants each minter address a maximum amount they may mint in total.
+ *         Each mint deducts from the minter's remaining allowance.
+ *         Burns and regular transfers are unrestricted by this rule.
+ */
+contract RuleMintAllowance is AccessControl, RuleMintAllowanceInvariantStorage, IRule {
+    bytes4 private constant RULE_ENGINE_INTERFACE_ID = 0x20c49ce7;
+    bytes4 private constant ERC1404EXTEND_INTERFACE_ID = 0x78a8de7d;
+
+    mapping(address minter => uint256 allowance) public mintAllowance;
+
+    /**
+     * @param admin Address granted DEFAULT_ADMIN_ROLE
+     */
+    constructor(address admin) {
+        require(admin != address(0), "RuleMintAllowance: zero admin");
+        _grantRole(DEFAULT_ADMIN_ROLE, admin);
+    }
+
+    /* ============ ERC-165 ============ */
+
+    function supportsInterface(bytes4 interfaceId) public view virtual override(AccessControl, IERC165) returns (bool) {
+        return interfaceId == RULE_ENGINE_INTERFACE_ID || interfaceId == ERC1404EXTEND_INTERFACE_ID
+            || interfaceId == RuleInterfaceId.IRULE_INTERFACE_ID || AccessControl.supportsInterface(interfaceId);
+    }
+
+    /* ============ Admin ============ */
+
+    /**
+     * @notice Set the mint allowance for a minter.
+     * @param minter  Address of the minter.
+     * @param amount  Maximum amount the minter is allowed to mint.
+     */
+    function setMintAllowance(address minter, uint256 amount) external onlyRole(DEFAULT_ADMIN_ROLE) {
+        mintAllowance[minter] = amount;
+        emit MintAllowanceSet(minter, amount);
+    }
+
+    /* ============ IRule — state-changing ============ */
+
+    /**
+     * @notice Called for transfers where no spender context is available.
+     *         Mint allowance cannot be enforced without a spender; passes through.
+     */
+    function transferred(address from, address to, uint256 value) public view {
+        // no-op: spender unknown, enforcement requires transferred(spender,...)
+    }
+
+    /**
+     * @notice Called for every token operation (transfer, mint, burn) with spender context.
+     *         Deducts from the minter's allowance for mints; passes through for burns and transfers.
+     */
+    function transferred(address spender, address from, address /* to */, uint256 value) public {
+        if (from == address(0)) {
+            uint256 allowance = mintAllowance[spender];
+            if (allowance < value) {
+                revert RuleMintAllowance_InsufficientAllowance(spender, allowance, value);
+            }
+            mintAllowance[spender] = allowance - value;
+            emit MintAllowanceConsumed(spender, value, mintAllowance[spender]);
+        }
+    }
+
+    /* ============ IRule — view ============ */
+
+    /**
+     * @notice Returns TRANSFER_OK; without spender context mint allowance cannot be evaluated.
+     */
+    function detectTransferRestriction(address, address, uint256) public pure override returns (uint8) {
+        return uint8(REJECTED_CODE_BASE.TRANSFER_OK);
+    }
+
+    /**
+     * @notice Returns CODE_MINTER_INSUFFICIENT_ALLOWANCE when a minter's allowance would be
+     *         exceeded. Burns and regular transfers always return TRANSFER_OK.
+     */
+    function detectTransferRestrictionFrom(address spender, address from, address, uint256 value)
+        public
+        view
+        override
+        returns (uint8)
+    {
+        if (from == address(0) && mintAllowance[spender] < value) {
+            return CODE_MINTER_INSUFFICIENT_ALLOWANCE;
+        }
+        return uint8(REJECTED_CODE_BASE.TRANSFER_OK);
+    }
+
+    function canTransfer(address from, address to, uint256 value) public pure override returns (bool) {
+        return detectTransferRestriction(from, to, value) == uint8(REJECTED_CODE_BASE.TRANSFER_OK);
+    }
+
+    function canTransferFrom(address spender, address from, address to, uint256 value)
+        public
+        view
+        override
+        returns (bool)
+    {
+        return detectTransferRestrictionFrom(spender, from, to, value) == uint8(REJECTED_CODE_BASE.TRANSFER_OK);
+    }
+
+    function canReturnTransferRestrictionCode(uint8 restrictionCode) external pure override returns (bool) {
+        return restrictionCode == CODE_MINTER_INSUFFICIENT_ALLOWANCE;
+    }
+
+    function messageForTransferRestriction(uint8 restrictionCode) external pure override returns (string memory) {
+        if (restrictionCode == CODE_MINTER_INSUFFICIENT_ALLOWANCE) {
+            return TEXT_MINTER_INSUFFICIENT_ALLOWANCE;
+        }
+        return TEXT_CODE_NOT_FOUND;
+    }
+}

src/mocks/rules/operation/abstract/RuleMintAllowanceInvariantStorage.sol

@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: MPL-2.0
+pragma solidity ^0.8.20;
+
+// forge-lint: disable-next-line(unaliased-plain-import)
+import "../../validation/abstract/RuleCommonInvariantStorage.sol";
+
+abstract contract RuleMintAllowanceInvariantStorage is RuleCommonInvariantStorage {
+    /* ============ Error ============ */
+    error RuleMintAllowance_InsufficientAllowance(address minter, uint256 allowance, uint256 value);
+
+    /* ============ Events ============ */
+    event MintAllowanceSet(address indexed minter, uint256 allowance);
+    event MintAllowanceConsumed(address indexed minter, uint256 consumed, uint256 remaining);
+
+    /* ============ Restriction codes ============ */
+    // It is very important that each rule uses a unique code
+    uint8 public constant CODE_MINTER_INSUFFICIENT_ALLOWANCE = 81;
+
+    /* ============ Restriction messages ============ */
+    string constant TEXT_MINTER_INSUFFICIENT_ALLOWANCE = "MintAllowance: Insufficient allowance for minter";
+}

src/mocks/rules/validation/RuleWhitelist.sol

@@ -84,7 +84,8 @@ contract RuleWhitelist is RuleAddressList, RuleWhitelistCommon {
         override
         returns (uint8)
     {
-        if (!addressIsListed(spender)) {
+        // Mint (from == address(0)) and burn (to == address(0)) are exempt from spender check
+        if (from != address(0) && to != address(0) && !addressIsListed(spender)) {
             return CODE_ADDRESS_SPENDER_NOT_WHITELISTED;
         } else {
             return detectTransferRestriction(from, to, value);

test/HelperContract.sol

@@ -3,7 +3,7 @@ pragma solidity ^0.8.20;
 
 // forge-lint: disable-next-line(unused-import)
 import {Test} from "forge-std/Test.sol";
-import {CMTATStandalone} from "CMTAT/deployment/CMTATStandalone.sol";
+import {CMTATStandardStandalone} from "CMTAT/deployment/CMTATStandardStandalone.sol";
 
 import {RuleEngineInvariantStorage} from "src/modules/library/RuleEngineInvariantStorage.sol";
 import {RulesManagementModuleInvariantStorage} from "src/modules/library/RulesManagementModuleInvariantStorage.sol";
@@ -72,7 +72,7 @@ abstract contract HelperContract is
 
     // CMTAT
     CMTATDeployment cmtatDeployment;
-    CMTATStandalone cmtatContract;
+    CMTATStandardStandalone cmtatContract;
 
     // RuleEngine Mock
     RuleEngine public ruleEngineMock;

test/HelperContractOwnable.sol

@@ -3,7 +3,7 @@ pragma solidity ^0.8.20;
 
 // forge-lint: disable-next-line(unused-import)
 import {Test} from "forge-std/Test.sol";
-import {CMTATStandalone} from "CMTAT/deployment/CMTATStandalone.sol";
+import {CMTATStandardStandalone} from "CMTAT/deployment/CMTATStandardStandalone.sol";
 
 import {RuleEngineInvariantStorage} from "src/modules/library/RuleEngineInvariantStorage.sol";
 import {RulesManagementModuleInvariantStorage} from "src/modules/library/RulesManagementModuleInvariantStorage.sol";
@@ -69,7 +69,7 @@ abstract contract HelperContractOwnable is
 
     // CMTAT
     CMTATDeployment cmtatDeployment;
-    CMTATStandalone cmtatContract;
+    CMTATStandardStandalone cmtatContract;
 
     // RuleEngineOwnable Mock
     RuleEngineOwnable public ruleEngineMock;

test/RuleEngine/RulesManagementModuleTest/CMTATIntegration.t.sol

@@ -8,7 +8,7 @@ import "./CMTATIntegrationBase.sol";
  * @title General functions of the RuleEngine (v3.2.0-rc2)
  */
 contract RuleEngineCMTATIntegrationTest is RuleEngineCMTATIntegrationBase {
-    function _deployCmtat() internal override returns (CMTATStandalone) {
+    function _deployCmtat() internal override returns (CMTATStandardStandalone) {
         cmtatDeployment = new CMTATDeployment();
         return cmtatDeployment.cmtat();
     }