feat: Add DeviceWrapRegistry with Hats-based Guardian System

[hudsonhrh]

Summary

• Add DeviceWrapRegistry with guardian-gated approval system for device wraps (4th+ generation) and account recovery
• Integrate Hats Protocol for guardian role management, allowing POA Manager to control guardian membership via hat IDs
• Update UniversalAccountRegistry with recovery mechanism that allows authorized contracts to transfer usernames between addresses

Key Features

DeviceWrapRegistry

• Instant approval for first 3 devices (configurable via maxInstantWraps)
• Guardian quorum required for 4th+ devices with configurable threshold
• Account recovery system with guardian consensus and auto-execution
• Hats-based guardian checks via isWearerOfHat() instead of simple mapping
• Double-vote prevention and comprehensive access control

UniversalAccountRegistry

• New recoverAccount(from, to) function for authorized account recovery
• recoveryCaller field to authorize DeviceWrapRegistry as recovery executor
• Optional orgApprover field for additional recovery authorization layer

POA Manager Controls

• setGuardianHat(hatId) - Set which hat grants guardian permissions
• setGuardianThreshold(n) - Configure approval quorum (default: 1)
• setMaxInstantWraps(n) - Configure instant approval limit (default: 3)

Architecture

POA Manager
    ↓
    ├─→ Hats Protocol (manages guardian hat)
    ├─→ DeviceWrapRegistry (references guardian hat)
    │       ↓
    │   Guardian Approvals → Auto-finalize wraps/transfers
    │       ↓
    └─→ UniversalAccountRegistry (executes recovery)

Test Plan

• All 12 DeviceWrapRegistry tests passing
  • Initialization and configuration
  • Guardian role verification via Hats
  • Instant wrap approval within cap
  • Pending wrap status for over-cap devices
  • Guardian approval with threshold=1
  • Multi-guardian approval with threshold=2
  • Wrap revocation
  • Account transfer proposal
  • Account transfer execution
  • Double-vote prevention
  • Non-guardian access control
• Contract compilation successful
• Storage layout follows ERC-7201 standard
• Integration with existing Hats Protocol infrastructure

Files Changed

• src/DeviceWrapRegistry.sol - New guardian-gated registry (337 lines)
• src/UniversalAccountRegistry.sol - Added recovery mechanism
• test/DeviceWrapRegistry.t.sol - Comprehensive test suite (12 tests)
• IMPLEMENTATION_SUMMARY.md - Detailed documentation

Deployment Flow

// 1. Deploy & initialize contracts
uar.initialize(poaManager);
dwr.initialize(poaManager, address(uar), address(hats));

// 2. Configure guardian system
dwr.setGuardianHat(GUARDIAN_HAT_ID);
dwr.setGuardianThreshold(2); // Optional

// 3. Authorize recovery
uar.setRecoveryCaller(address(dwr));

// 4. Guardian management via Hats Protocol
hats.mintHat(GUARDIAN_HAT_ID, guardian1);
hats.mintHat(GUARDIAN_HAT_ID, guardian2);

🤖 Generated with Claude Code