// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/AccessControl.sol)

pragma solidity ^0.8.0;

import "./IAccessControl.sol";
import "../utils/Context.sol";
import "../utils/Strings.sol";
import "../utils/introspection/ERC165.sol";

/**
 * @dev Contract module that allows children to implement role-based access
 * control mechanisms. This is a lightweight version that doesn't allow enumerating role
 * members except through off-chain means by accessing the contract event logs. Some
 * applications may benefit from on-chain enumerability, for those cases see
 * {AccessControlEnumerable}.
 *
 * Roles are referred to by their `bytes32` identifier. These should be exposed
 * in the external API and be unique. The best way to achieve this is by
 * using `public constant` hash digests:
 *
 * ```solidity
 * bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
 * ```
 *
 * Roles can be used to represent a set of permissions. To restrict access to a
 * function call, use {hasRole}:
 *
 * ```solidity
 * function foo() public {
 *     require(hasRole(MY_ROLE, msg.sender));
 *     ...
 * }
 * ```
 *
 * Roles can be granted and revoked dynamically via the {grantRole} and
 * {revokeRole} functions. Each role has an associated admin role, and only
 * accounts that have a role's admin role can call {grantRole} and {revokeRole}.
 *
 * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
 * that only accounts with this role will be able to grant or revoke other
 * roles. More complex role relationships can be created by using
 * {_setRoleAdmin}.
 *
 * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
 * grant and revoke this role. Extra precautions should be taken to secure
 * accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
 * to enforce additional security measures for this role.
 */
abstract contract AccessControl is Context, IAccessControl, ERC165 {
    struct RoleData {
        mapping(address => bool) members;
        bytes32 adminRole;
    }

    mapping(bytes32 => RoleData) private _roles;

    bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;

    /**
     * @dev Modifier that checks that an account has a specific role. Reverts
     * with a standardized message including the required role.
     *
     * The format of the revert reason is given by the following regular expression:
     *
     *  /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
     *
     * _Available since v4.1._
     */
    modifier onlyRole(bytes32 role) {
        _checkRole(role);
        _;
    }

    /**
     * @dev See {IERC165-supportsInterface}.
     */
    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
        return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
    }

    /**
     * @dev Returns `true` if `account` has been granted `role`.
     */
    function hasRole(bytes32 role, address account) public view virtual override returns (bool) {
        return _roles[role].members[account];
    }

    /**
     * @dev Revert with a standard message if `_msgSender()` is missing `role`.
     * Overriding this function changes the behavior of the {onlyRole} modifier.
     *
     * Format of the revert message is described in {_checkRole}.
     *
     * _Available since v4.6._
     */
    function _checkRole(bytes32 role) internal view virtual {
        _checkRole(role, _msgSender());
    }

    /**
     * @dev Revert with a standard message if `account` is missing `role`.
     *
     * The format of the revert reason is given by the following regular expression:
     *
     *  /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
     */
    function _checkRole(bytes32 role, address account) internal view virtual {
        if (!hasRole(role, account)) {
            revert(
                string(
                    abi.encodePacked(
                        "AccessControl: account ",
                        Strings.toHexString(account),
                        " is missing role ",
                        Strings.toHexString(uint256(role), 32)
                    )
                )
            );
        }
    }

    /**
     * @dev Returns the admin role that controls `role`. See {grantRole} and
     * {revokeRole}.
     *
     * To change a role's admin, use {_setRoleAdmin}.
     */
    function getRoleAdmin(bytes32 role) public view virtual override returns (bytes32) {
        return _roles[role].adminRole;
    }

    /**
     * @dev Grants `role` to `account`.
     *
     * If `account` had not been already granted `role`, emits a {RoleGranted}
     * event.
     *
     * Requirements:
     *
     * - the caller must have ``role``'s admin role.
     *
     * May emit a {RoleGranted} event.
     */
    function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
        _grantRole(role, account);
    }

    /**
     * @dev Revokes `role` from `account`.
     *
     * If `account` had been granted `role`, emits a {RoleRevoked} event.
     *
     * Requirements:
     *
     * - the caller must have ``role``'s admin role.
     *
     * May emit a {RoleRevoked} event.
     */
    function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
        _revokeRole(role, account);
    }

    /**
     * @dev Revokes `role` from the calling account.
     *
     * Roles are often managed via {grantRole} and {revokeRole}: this function's
     * purpose is to provide a mechanism for accounts to lose their privileges
     * if they are compromised (such as when a trusted device is misplaced).
     *
     * If the calling account had been revoked `role`, emits a {RoleRevoked}
     * event.
     *
     * Requirements:
     *
     * - the caller must be `account`.
     *
     * May emit a {RoleRevoked} event.
     */
    function renounceRole(bytes32 role, address account) public virtual override {
        require(account == _msgSender(), "AccessControl: can only renounce roles for self");

        _revokeRole(role, account);
    }

    /**
     * @dev Grants `role` to `account`.
     *
     * If `account` had not been already granted `role`, emits a {RoleGranted}
     * event. Note that unlike {grantRole}, this function doesn't perform any
     * checks on the calling account.
     *
     * May emit a {RoleGranted} event.
     *
     * [WARNING]
     * ====
     * This function should only be called from the constructor when setting
     * up the initial roles for the system.
     *
     * Using this function in any other way is effectively circumventing the admin
     * system imposed by {AccessControl}.
     * ====
     *
     * NOTE: This function is deprecated in favor of {_grantRole}.
     */
    function _setupRole(bytes32 role, address account) internal virtual {
        _grantRole(role, account);
    }

    /**
     * @dev Sets `adminRole` as ``role``'s admin role.
     *
     * Emits a {RoleAdminChanged} event.
     */
    function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
        bytes32 previousAdminRole = getRoleAdmin(role);
        _roles[role].adminRole = adminRole;
        emit RoleAdminChanged(role, previousAdminRole, adminRole);
    }

    /**
     * @dev Grants `role` to `account`.
     *
     * Internal function without access restriction.
     *
     * May emit a {RoleGranted} event.
     */
    function _grantRole(bytes32 role, address account) internal virtual {
        if (!hasRole(role, account)) {
            _roles[role].members[account] = true;
            emit RoleGranted(role, account, _msgSender());
        }
    }

    /**
     * @dev Revokes `role` from `account`.
     *
     * Internal function without access restriction.
     *
     * May emit a {RoleRevoked} event.
     */
    function _revokeRole(bytes32 role, address account) internal virtual {
        if (hasRole(role, account)) {
            _roles[role].members[account] = false;
            emit RoleRevoked(role, account, _msgSender());
        }
    }
}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

/**
 * @notice Key sets with enumeration and delete. Uses mappings for random access and existence checks,
 * and dynamic arrays for enumeration. Key uniqueness is enforced.
 * @dev Sets are unordered. Delete operations reorder keys.
 */

library AddressSet {

    struct Set {
        mapping(address => uint256) keyPointers;
        address[] keyList;
    }

    string private constant MODULE = "AddressSet";

    error AddressSetConsistency(string module, string method, string reason, string context);

    /**
     * @notice Insert a key to store.
     * @dev Duplicate keys are not permitted.
     * @param self A Set struct
     * @param key A key to insert cast as an address.
     * @param context A message string about interpretation of the issue. Normally the calling function.
     */
    function insert(
        Set storage self,
        address key,
        string memory context
    ) internal {
        if (exists(self, key))
            revert AddressSetConsistency({
                module: MODULE,
                method: "insert",
                reason: "exists",
                context: context
            });
        self.keyList.push(key);
        self.keyPointers[key] = self.keyList.length - 1;
    }

    /**
     * @notice Remove a key from the store.
     * @dev The key to remove must exist.
     * @param self A Set struct
     * @param key An address to remove from the Set.
     * @param context A message string about interpretation of the issue. Normally the calling function.
     */
    function remove(
        Set storage self,
        address key,
        string memory context
    ) internal {
        if (!exists(self, key))
            revert AddressSetConsistency({
                module: MODULE,
                method: "remove",
                reason: "does not exist",
                context: context
            });
        address keyToMove = self.keyList[count(self) - 1];
        uint256 rowToReplace = self.keyPointers[key];
        self.keyPointers[keyToMove] = rowToReplace;
        self.keyList[rowToReplace] = keyToMove;
        delete self.keyPointers[key];
        self.keyList.pop();
    }

    /**
     * @notice Count the keys.
     * @param self A Set struct
     * @return uint256 Length of the `keyList`, which correspond to the number of elements
     * stored in the `keyPointers` mapping.
     */
    function count(Set storage self) internal view returns (uint256) {
        return (self.keyList.length);
    }

    /**
     * @notice Check if a key exists in the Set.
     * @param self A Set struct
     * @param key An address to look for in the Set.
     * @return bool True if the key exists in the Set, otherwise false.
     */
    function exists(Set storage self, address key) internal view returns (bool) {
        if (self.keyList.length == 0) return false;
        return self.keyList[self.keyPointers[key]] == key;
    }

    /**
     * @notice Retrieve an address by its position in the set. Use for enumeration.
     * @param self A Set struct
     * @param index The internal index to inspect.
     * @return address Address value stored at the index position in the Set.
     */
    function keyAtIndex(Set storage self, uint256 index) internal view returns (address) {
        return self.keyList[index];
    }
}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

/**
 * @notice Key sets with enumeration. Uses mappings for random and existence checks
 * and dynamic arrays for enumeration. Key uniqueness is enforced.
 * @dev This implementation has deletion disabled (removed) because doesn't require it. Therefore, keys
 are organized in order of insertion.
 */

library Bytes32Set {

    struct Set {
        mapping(bytes32 => uint256) keyPointers;
        bytes32[] keyList;
    }

    string private constant MODULE = "Bytes32Set";

    error Bytes32SetConsistency(string module, string method, string reason, string context);

    /**
     * @notice Insert a key to store.
     * @dev Duplicate keys are not permitted.
     * @param self A Set struct
     * @param key A value in the Set.
     * @param context A message string about interpretation of the issue. Normally the calling function.
     */
    function insert(
        Set storage self,
        bytes32 key,
        string memory context
    ) internal {
        if (exists(self, key))
            revert Bytes32SetConsistency({
                module: MODULE,
                method: "insert",
                reason: "exists",
                context: context
            });
        self.keyPointers[key] = self.keyList.length;
        self.keyList.push(key);
    }


    /**
     * @notice Remove a key from the store.
     * @dev The key to remove must exist.
     * @param self A Set struct
     * @param key An address to remove from the Set.
     * @param context A message string about interpretation of the issue. Normally the calling function.
     */
    function remove(
        Set storage self,
        bytes32 key,
        string memory context
    ) internal {
        if (!exists(self, key))
            revert Bytes32SetConsistency({
                module: MODULE,
                method: "remove",
                reason: "does not exist",
                context: context
            });
        bytes32 keyToMove = self.keyList[count(self) - 1];
        uint256 rowToReplace = self.keyPointers[key];
        self.keyPointers[keyToMove] = rowToReplace;
        self.keyList[rowToReplace] = keyToMove;
        delete self.keyPointers[key];
        self.keyList.pop();
    }

    /**
     * @notice Count the keys.
     * @param self A Set struct
     * @return uint256 Length of the `keyList` which is the count of keys contained in the Set.
     */
    function count(Set storage self) internal view returns (uint256) {
        return (self.keyList.length);
    }

    /**
     * @notice Check if a key exists in the Set.
     * @param self A Set struct
     * @param key A key to look for.
     * @return bool True if the key exists in the Set, otherwise false.
     */
    function exists(Set storage self, bytes32 key) internal view returns (bool) {
        if (self.keyList.length == 0) return false;
        return self.keyList[self.keyPointers[key]] == key;
    }

    /**
     * @notice Retrieve an bytes32 by its position in the Set. Use for enumeration.
     * @param self A Set struct
     * @param index The position in the Set to inspect.
     * @return bytes32 The key stored in the Set at the index position.
     */
    function keyAtIndex(Set storage self, uint256 index) internal view returns (bytes32) {
        return self.keyList[index];
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)

pragma solidity ^0.8.0;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)

pragma solidity ^0.8.0;

import "./IERC165.sol";

/**
 * @dev Implementation of the {IERC165} interface.
 *
 * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
 * for the additional interface id that will be supported. For example:
 *
 * ```solidity
 * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
 *     return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
 * }
 * ```
 *
 * Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
 */
abstract contract ERC165 is IERC165 {
    /**
     * @dev See {IERC165-supportsInterface}.
     */
    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
        return interfaceId == type(IERC165).interfaceId;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (metatx/ERC2771Context.sol)

pragma solidity ^0.8.9;

import "../utils/Context.sol";

/**
 * @dev Context variant with ERC2771 support.
 */
abstract contract ERC2771Context is Context {
    /// @custom:oz-upgrades-unsafe-allow state-variable-immutable
    address private immutable _trustedForwarder;

    /// @custom:oz-upgrades-unsafe-allow constructor
    constructor(address trustedForwarder) {
        _trustedForwarder = trustedForwarder;
    }

    function isTrustedForwarder(address forwarder) public view virtual returns (bool) {
        return forwarder == _trustedForwarder;
    }

    function _msgSender() internal view virtual override returns (address sender) {
        if (isTrustedForwarder(msg.sender)) {
            // The assembly code is more direct than the Solidity version using `abi.decode`.
            /// @solidity memory-safe-assembly
            assembly {
                sender := shr(96, calldataload(sub(calldatasize(), 20)))
            }
        } else {
            return super._msgSender();
        }
    }

    function _msgData() internal view virtual override returns (bytes calldata) {
        if (isTrustedForwarder(msg.sender)) {
            return msg.data[:msg.data.length - 20];
        } else {
            return super._msgData();
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControl.sol)

pragma solidity ^0.8.0;

/**
 * @dev External interface of AccessControl declared to support ERC165 detection.
 */
interface IAccessControl {
    /**
     * @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
     *
     * `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
     * {RoleAdminChanged} not being emitted signaling this.
     *
     * _Available since v3.1._
     */
    event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);

    /**
     * @dev Emitted when `account` is granted `role`.
     *
     * `sender` is the account that originated the contract call, an admin role
     * bearer except when using {AccessControl-_setupRole}.
     */
    event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);

    /**
     * @dev Emitted when `account` is revoked `role`.
     *
     * `sender` is the account that originated the contract call:
     *   - if using `revokeRole`, it is the admin role bearer
     *   - if using `renounceRole`, it is the role bearer (i.e. `account`)
     */
    event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);

    /**
     * @dev Returns `true` if `account` has been granted `role`.
     */
    function hasRole(bytes32 role, address account) external view returns (bool);

    /**
     * @dev Returns the admin role that controls `role`. See {grantRole} and
     * {revokeRole}.
     *
     * To change a role's admin, use {AccessControl-_setRoleAdmin}.
     */
    function getRoleAdmin(bytes32 role) external view returns (bytes32);

    /**
     * @dev Grants `role` to `account`.
     *
     * If `account` had not been already granted `role`, emits a {RoleGranted}
     * event.
     *
     * Requirements:
     *
     * - the caller must have ``role``'s admin role.
     */
    function grantRole(bytes32 role, address account) external;

    /**
     * @dev Revokes `role` from `account`.
     *
     * If `account` had been granted `role`, emits a {RoleRevoked} event.
     *
     * Requirements:
     *
     * - the caller must have ``role``'s admin role.
     */
    function revokeRole(bytes32 role, address account) external;

    /**
     * @dev Revokes `role` from the calling account.
     *
     * Roles are often managed via {grantRole} and {revokeRole}: this function's
     * purpose is to provide a mechanism for accounts to lose their privileges
     * if they are compromised (such as when a trusted device is misplaced).
     *
     * If the calling account had been granted `role`, emits a {RoleRevoked}
     * event.
     *
     * Requirements:
     *
     * - the caller must be `account`.
     */
    function renounceRole(bytes32 role, address account) external;
}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

interface IDegradable {

    event SetPolicyParameters(
        address indexed admin, 
        uint32 indexed policyId, 
        uint256 degradationPeriod, 
        uint256 degradationFreshness);

    struct MitigationParameters {
        uint256 degradationPeriod;
        uint256 degradationFreshness;
    }

    function ROLE_SERVICE_SUPERVISOR() external view returns (bytes32);

    function defaultDegradationPeriod() external view returns (uint256);

    function defaultFreshnessPeriod() external view returns (uint256);

    function policyManager() external view returns (address);

    function lastUpdate() external view returns (uint256);

    function subjectUpdates(bytes32 subject) external view returns (uint256 timestamp);

    function setPolicyParameters(
        uint32 policyId,
        uint256 degradationPeriod,
        uint256 degradationFreshness
    ) external;

    function canMitigate(
        address observer, 
        bytes32 subject, 
        uint32 policyId
    ) external view returns (bool canIndeed) ;

    function isDegraded(uint32 policyId) external view returns (bool isIndeed);

    function isMitigationQualified(
        bytes32 subject,
        uint32 policyId
    ) external view returns (bool qualifies);

    function degradationPeriod(uint32 policyId) external view returns (uint256 inSeconds);

    function degradationFreshness(uint32 policyId) external view returns (uint256 inSeconds);

    function mitigationCutoff(uint32 policyId) external view returns (uint256 cutoffTime);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC165 standard, as defined in the
 * https://eips.ethereum.org/EIPS/eip-165[EIP].
 *
 * Implementers can declare support of contract interfaces, which can then be
 * queried by others ({ERC165Checker}).
 *
 * For an implementation, see {ERC165}.
 */
interface IERC165 {
    /**
     * @dev Returns true if this contract implements the interface defined by
     * `interfaceId`. See the corresponding
     * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
     * to learn more about how these ids are created.
     *
     * This function call must use less than 30 000 gas.
     */
    function supportsInterface(bytes4 interfaceId) external view returns (bool);
}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

interface IIdentityTree {

    event Deployed(
        address admin, 
        address trustedForwarder_, 
        address policyManager_, 
        uint256 maximumConsentPeriod);
    
    event SetMerkleRootBirthday(bytes32 merkleRoot, uint256 birthday);

    struct PolicyMitigation {
        uint256 mitigationFreshness;
        uint256 degradationPeriod;
    }

    function ROLE_AGGREGATOR() external view returns (bytes32);
   
    function setMerkleRootBirthday(bytes32 root, uint256 birthday) external;

    function checkRoot(
        address observer, 
        bytes32 merkleRoot,
        uint32 admissionPolicyId
    ) external returns (bool passed);

    function merkleRootCount() external view returns (uint256 count);

    function merkleRootAtIndex(uint256 index) external view returns (bytes32 merkleRoot);

    function isMerkleRoot(bytes32 merkleRoot) external view returns (bool isIndeed);

    function latestRoot() external view returns (bytes32 root);
}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

interface IKeyringCredentials {
    
    event CredentialsDeployed(
        address deployer, 
        address trustedForwarder, 
        address policyManager, 
        uint256 maximumConsentPeriod);

    event CredentialsInitialized(address admin);

    event UpdateCredential(
        uint8 version, 
        address updater, 
        address indexed trader, 
        uint32 indexed admissionPolicyId);

    function ROLE_CREDENTIAL_UPDATER() external view returns (bytes32);

    function init() external;

    function setCredential(
        address trader,  
        uint32 admissionPolicyId,
        uint256 timestamp
    ) external;

    function checkCredential(
        address observer,
        address subject,
        uint32 admissionPolicyId
    ) external returns (bool passed);

    function keyGen(
        address trader,
        uint32 admissionPolicyId
    ) external pure returns (bytes32 key);

}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

import "./IKeyringZkVerifier.sol";

interface IKeyringZkCredentialUpdater {
    
    event CredentialUpdaterDeployed(
        address deployer,
        address trustedForwarder,
        address keyringCache,
        address admissionPolicyManager,
        address keyringZkVerifier
    );

    event AdmitIdentityTree(address admin, address identityTree);

    event RemoveIdentityTree(address admin, address identityTree);

    event AcceptCredentialUpdate(
        address sender, 
        address trader, 
        IKeyringZkVerifier.IdentityMembershipProof membershipProof, 
        IKeyringZkVerifier.IdentityAuthorisationProof authorizationProof, 
        uint256 rootTime);

    function POLICY_MANAGER() external view returns (address);
    function KEYRING_CREDENTIALS() external view returns (address);
    function KEYRING_ZK_VERIFIER() external view returns (address);

    function updateCredentials(
        address attestor,
        IKeyringZkVerifier.IdentityMembershipProof calldata membershipProof,
        IKeyringZkVerifier.IdentityAuthorisationProof calldata authorizationProof
    ) external;

    function checkPolicy( 
        uint32 policyId, 
        address attestor
    ) external returns (bool acceptable);

    function pack12x20(uint32[12] calldata input) external pure returns (uint256 packed);

    function unpack12x20(uint256 packed) external pure returns (uint32[12] memory unpacked);
 
}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

interface IKeyringZkVerifier {
    
    error Unacceptable(string reason);

    event Deployed(
        address deployer,
        address identityConstructionProofVerifier,
        address membershipProofVerifier,
        address authorisationProofVerifier
    );

    struct Backdoor {
        uint256[2] c1;
        uint256[2] c2;
    }

    struct Groth16Proof {
        uint256[2] a;
        uint256[2][2] b;
        uint256[2] c;
    }

    /**
     @dev the order of the inputs should be:
        [
            uint256[2] identityPK,
            uint256 identityCommitment,
            uint256[4][16] backdoor,
            uint256 policyCommitment,
            uint256 maxAddresses,
            uint256[2] regimeKey,
        ]
     */
    struct IdentityConstructionProof {
        Groth16Proof proof;
        uint256[71] inputs;
    }

    struct IdentityMembershipProof {
        Groth16Proof proof;
        uint256 root;
        uint256 nullifierHash;
        uint256 signalHash;
        uint256 externalNullifier;
    }

    struct IdentityAuthorisationProof {
        Groth16Proof proof;
        Backdoor backdoor;
        uint256 externalNullifier;
        uint256 nullifierHash;
        uint256[2] policyDisclosures;
        uint256 tradingAddress;
        uint256[2] regimeKey;
    }

    function IDENTITY_MEMBERSHIP_PROOF_VERIFIER() external returns (address);

    function IDENTITY_CONSTRUCTION_PROOF_VERIFIER() external returns (address);

    function AUTHORIZATION_PROOF_VERIFIER() external returns (address);

    function checkClaim(
        IdentityMembershipProof calldata membershipProof,
        IdentityAuthorisationProof calldata authorisationProof
    ) external view returns (bool verified);

    function checkIdentityConstructionProof(
        IdentityConstructionProof calldata constructionProof
    ) external view returns (bool verified);

    function checkIdentityMembershipProof(
        IdentityMembershipProof calldata membershipProof
    ) external view returns (bool verified);

    function checkIdentityAuthorisationProof(
        IdentityAuthorisationProof calldata authorisationProof
    ) external view returns (bool verified);
}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

import "../lib/PolicyStorage.sol";

interface IPolicyManager {

    event PolicyManagerDeployed(
        address deployer, 
        address trustedForwarder, 
        address ruleRegistry);
    
    event PolicyManagerInitialized(address admin);

    event CreatePolicy(
        address indexed owner,
        uint32 indexed policyId,
        PolicyStorage.PolicyScalar policyScalar,
        address[] attestors,
        address[] walletChecks,
        bytes32 policyOwnerRole,
        bytes32 policyUserAdminRole
    );

    event DisablePolicy(address user, uint32 policyId);

    event UpdatePolicyScalar(
        address indexed owner,
        uint32 indexed policyId,
        PolicyStorage.PolicyScalar policyScalar,
        uint256 deadline);

    event UpdatePolicyDescription(address indexed owner, uint32 indexed policyId, string description, uint256 deadline);
    
    event UpdatePolicyRuleId(address indexed owner, uint32 indexed policyId, bytes32 indexed ruleId, uint256 deadline);

    event UpdatePolicyTtl(address indexed owner, uint32 indexed policyId, uint128 ttl, uint256 deadline);

    event UpdatePolicyGracePeriod(
        address indexed owner, 
        uint32 indexed policyId, 
        uint128 gracePeriod, 
        uint256 deadline);

    event UpdatePolicyLock(address indexed owner, uint32 indexed policyId, bool locked, uint256 deadline);

    event UpdatePolicyAllowApprovedCounterparties(
        address indexed owner, 
        uint32 indexed policyId, 
        bool allowApprovedCounterparties, 
        uint256 deadline);

    event UpdatePolicyDisablementPeriod(
        address indexed admin, 
        uint32 indexed policyId, 
        uint256 disablementPeriod, 
        uint256 deadline
    );

    event PolicyDisabled(address indexed sender, uint32 indexed policyId);

    event UpdatePolicyDeadline(address indexed owner, uint32 indexed policyId, uint256 deadline);

    event AddPolicyAttestors(
        address indexed owner,
        uint32 indexed policyId,
        address[] attestors,
        uint256 deadline
    );
    
    event RemovePolicyAttestors(
        address indexed owner,
        uint32 indexed policyId,
        address[] attestor,
        uint256 deadline
    );

    event AddPolicyWalletChecks(
        address indexed owner,
        uint32 indexed policyId,
        address[] walletChecks,
        uint256 deadline
    );

    event RemovePolicyWalletChecks(
        address indexed owner,
        uint32 indexed policyId,
        address[] walletChecks,
        uint256 deadline
    );

    event AddPolicyBackdoor(
        address indexed owner,
        uint32 indexed policyId,
        bytes32 backdoorId,
        uint256 deadline
    );

    event RemovePolicyBackdoor(
        address indexed owner,
        uint32 indexed policyId,
        bytes32 backdoorId,
        uint256 deadline
    );  

    event AdmitAttestor(address indexed admin, address indexed attestor, string uri);
    
    event UpdateAttestorUri(address indexed admin, address indexed attestor, string uri);
    
    event RemoveAttestor(address indexed admin, address indexed attestor);

    event AdmitWalletCheck(address indexed admin, address indexed walletCheck);

    event RemoveWalletCheck(address indexed admin, address indexed walletCheck);

    event AdmitBackdoor(address indexed admin, bytes32 id, uint256[2] pubKey);

    event MinimumPolicyDisablementPeriodUpdated(uint256 newPeriod);

    function ROLE_POLICY_CREATOR() external view returns (bytes32);

    function ROLE_GLOBAL_ATTESTOR_ADMIN() external view returns (bytes32);

    function ROLE_GLOBAL_WALLETCHECK_ADMIN() external view returns (bytes32);

    function ROLE_GLOBAL_VALIDATION_ADMIN() external view returns (bytes32);

    function ROLE_GLOBAL_BACKDOOR_ADMIN() external view returns (bytes32);

    function ruleRegistry() external view returns (address);

    function init() external;

    function createPolicy(
        PolicyStorage.PolicyScalar calldata policyScalar,
        address[] calldata attestors,
        address[] calldata walletChecks
    ) external returns (uint32 policyId, bytes32 policyOwnerRoleId, bytes32 policyUserAdminRoleId);

    function disablePolicy(uint32 policyId) external;

    function updatePolicyScalar(
        uint32 policyId,
        PolicyStorage.PolicyScalar calldata policyScalar,
        uint256 deadline
    ) external;

    function updatePolicyDescription(uint32 policyId, string memory descriptionUtf8, uint256 deadline) external;

    function updatePolicyRuleId(uint32 policyId, bytes32 ruleId, uint256 deadline) external;

    function updatePolicyTtl(uint32 policyId, uint32 ttl, uint256 deadline) external;

    function updatePolicyGracePeriod(uint32 policyId, uint32 gracePeriod, uint256 deadline) external;

    function updatePolicyAllowApprovedCounterparties(
        uint32 policyId, 
        bool allowApprovedCounterparties,uint256 deadline
    ) external;
    
    function updatePolicyLock(uint32 policyId, bool locked, uint256 deadline) external;

    function updatePolicyDisablementPeriod(uint32 policyId, uint256 disablementPeriod, uint256 deadline) external;

    function setDeadline(uint32 policyId, uint256 deadline) external;

    function addPolicyAttestors(uint32 policyId, address[] calldata attestors, uint256 deadline) external;

    function removePolicyAttestors(uint32 policyId, address[] calldata attestors, uint256 deadline) external;

    function addPolicyWalletChecks(uint32 policyId, address[] calldata walletChecks, uint256 deadline) external;

    function removePolicyWalletChecks(uint32 policyId, address[] calldata walletChecks, uint256 deadline) external;

    function addPolicyBackdoor(uint32 policyId, bytes32 backdoorId, uint256 deadline) external;

    function removePolicyBackdoor(uint32 policyId, bytes32 backdoorId, uint256 deadline) external;

    function admitAttestor(address attestor, string calldata uri) external;

    function updateAttestorUri(address attestor, string calldata uri) external;

    function removeAttestor(address attestor) external;

    function admitWalletCheck(address walletCheck) external;

    function removeWalletCheck(address walletCheck) external;

    function admitBackdoor(uint256[2] memory pubKey) external;

    function updateMinimumPolicyDisablementPeriod(uint256 minimumDisablementPeriod) external;

    function policyOwnerRole(uint32 policyId) external pure returns (bytes32 ownerRole);

    function policy(uint32 policyId)
        external
        returns (
            PolicyStorage.PolicyScalar memory scalar,
            address[] memory attestors,
            address[] memory walletChecks,
            bytes32[] memory backdoorRegimes,
            uint256 deadline
        );

    function policyRawData(uint32 policyId)
        external
        view
        returns(
            uint256 deadline,
            PolicyStorage.PolicyScalar memory scalarActive,
            PolicyStorage.PolicyScalar memory scalarPending,
            address[] memory attestorsActive,
            address[] memory attestorsPendingAdditions,
            address[] memory attestorsPendingRemovals,
            address[] memory walletChecksActive,
            address[] memory walletChecksPendingAdditions,
            address[] memory walletChecksPendingRemovals,
            bytes32[] memory backdoorsActive,
            bytes32[] memory backdoorsPendingAdditions,
            bytes32[] memory backdoorsPendingRemovals);

    function policyScalarActive(uint32 policyId) 
        external 
        returns (PolicyStorage.PolicyScalar memory scalarActive);

    function policyRuleId(uint32 policyId)
        external
        returns (bytes32 ruleId);

    function policyTtl(uint32 policyId) 
        external
        returns (uint32 ttl);

    function policyAllowApprovedCounterparties(uint32 policyId) 
        external
        returns (bool isAllowed);

    function policyDisabled(uint32 policyId) external view returns (bool isDisabled);

    function policyCanBeDisabled(uint32 policyId) 
        external
        returns (bool canIndeed);

    function policyAttestorCount(uint32 policyId) external returns (uint256 count);

    function policyAttestorAtIndex(uint32 policyId, uint256 index)
        external
        returns (address attestor);

    function policyAttestors(uint32 policyId) external returns (address[] memory attestors);

    function isPolicyAttestor(uint32 policyId, address attestor)
        external
        returns (bool isIndeed);

    function policyWalletCheckCount(uint32 policyId) external returns (uint256 count);

    function policyWalletCheckAtIndex(uint32 policyId, uint256 index)
        external
        returns (address walletCheck);

    function policyWalletChecks(uint32 policyId) external returns (address[] memory walletChecks);

    function isPolicyWalletCheck(uint32 policyId, address walletCheck)
        external
        returns (bool isIndeed);

    function policyBackdoorCount(uint32 policyId) external returns (uint256 count);

    function policyBackdoorAtIndex(uint32 policyId, uint256 index) external returns (bytes32 backdoorId);

    function policyBackdoors(uint32 policyId) external returns (bytes32[] memory backdoors);

    function isPolicyBackdoor(uint32 policyId, bytes32 backdoorId) external returns (bool isIndeed);

    function policyCount() external view returns (uint256 count);

    function isPolicy(uint32 policyId) external view returns (bool isIndeed);

    function globalAttestorCount() external view returns (uint256 count);

    function globalAttestorAtIndex(uint256 index) external view returns (address attestor);

    function isGlobalAttestor(address attestor) external view returns (bool isIndeed);

    function globalWalletCheckCount() external view returns (uint256 count);

    function globalWalletCheckAtIndex(uint256 index) external view returns(address walletCheck);

    function isGlobalWalletCheck(address walletCheck) external view returns (bool isIndeed);

    function globalBackdoorCount() external view returns (uint256 count);

    function globalBackdoorAtIndex(uint256 index) external view returns (bytes32 backdoorId);

    function isGlobalBackdoor(bytes32 backdoorId) external view returns (bool isIndeed);    

    function backdoorPubKey(bytes32 backdoorId) external view returns (uint256[2] memory pubKey);
    
    function attestorUri(address attestor) external view returns (string memory);

    function hasRole(bytes32 role, address user) external view returns (bool);

    function minimumPolicyDisablementPeriod()  external view returns (uint256 period);
  }

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

import "../lib/Bytes32Set.sol";

interface IRuleRegistry {

    enum Operator {
        Base,
        Union,
        Intersection,
        Complement
    }

    struct Rule {
        string description;
        string uri;
        Bytes32Set.Set operandSet;
        Operator operator;
        bool toxic;
    }

    event RuleRegistryDeployed(address deployer, address trustedForwarder);

    event RuleRegistryInitialized(
        address admin,
        string universeDescription,
        string universeUri,
        string emptyDescription,
        string emptyUri,
        bytes32 universeRule,
        bytes32 emptyRule
    );

    event CreateRule(
        address indexed user,
        bytes32 indexed ruleId,
        string description,
        string uri,
        bool toxic,
        Operator operator,
        bytes32[] operands
    );

    event SetToxic(address admin, bytes32 ruleId, bool isToxic);

    function ROLE_RULE_ADMIN() external view returns (bytes32);

    function init(
        string calldata universeDescription,
        string calldata universeUri,
        string calldata emptyDescription,
        string calldata emptyUri
    ) external;

    function createRule(
        string calldata description,
        string calldata uri,
        Operator operator,
        bytes32[] calldata operands
    ) external returns (bytes32 ruleId);

    function setToxic(bytes32 ruleId, bool toxic) external;

    function genesis() external view returns (bytes32 universeRule, bytes32 emptyRule);

    function ruleCount() external view returns (uint256 count);

    function ruleAtIndex(uint256 index) external view returns (bytes32 ruleId);

    function isRule(bytes32 ruleId) external view returns (bool isIndeed);

    function rule(bytes32 ruleId)
        external
        view
        returns (
            string memory description,
            string memory uri,
            Operator operator,
            uint256 operandCount
        );

    function ruleDescription(bytes32 ruleId) external view returns (string memory description);

    function ruleUri(bytes32 ruleId) external view returns (string memory uri);

    function ruleIsToxic(bytes32 ruleId) external view returns (bool isIndeed);

    function ruleOperator(bytes32 ruleId) external view returns (Operator operator);

    function ruleOperandCount(bytes32 ruleId) external view returns (uint256 count);

    function ruleOperandAtIndex(bytes32 ruleId, uint256 index)
        external
        view
        returns (bytes32 operandId);

    function generateRuleId(
        string calldata description,
        Operator operator,
        bytes32[] calldata operands
    ) external pure returns (bytes32 ruleId);

}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

interface IWalletCheck {

    event Deployed(
        address indexed admin, 
        address trustedForwarder,
        address policyManager,
        uint256 maximumConsentPeriod,
        string uri);

    event UpdateUri(address indexed admin, string uri);
    
    event SetWalletCheck(address indexed admin, address indexed wallet, bool isWhitelisted);

    function ROLE_WALLETCHECK_LIST_ADMIN() external view returns (bytes32);

    function ROLE_WALLETCHECK_META_ADMIN() external view returns (bytes32);

    function updateUri(string calldata uri_) external;

    function setWalletCheck(address wallet, bool whitelisted, uint256 timestamp) external;

    function checkWallet(
        address observer, 
        address wallet,
        uint32 admissionPolicyId
    ) external returns (bool passed);
}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

import "@openzeppelin/contracts/access/AccessControl.sol";
import "@openzeppelin/contracts/metatx/ERC2771Context.sol";

/**
 @notice This contract manages the role-based access control via _checkRole() with meaningful 
 error messages if the user does not have the requested role. This contract is inherited by 
 PolicyManager, RuleRegistry, KeyringCredentials, IdentityTree, WalletCheck and 
 KeyringZkCredentialUpdater.
 */

abstract contract KeyringAccessControl is ERC2771Context, AccessControl {

    address private constant NULL_ADDRESS = address(0);

    // Reservations hold space in upgradeable contracts for future versions of this module.
    bytes32[50] private _reservedSlots;

    error Unacceptable(string reason);

    error Unauthorized(
        address sender,
        string module,
        string method,
        bytes32 role,
        string reason,
        string context
    );

    /**
     * @param trustedForwarder Contract address that is allowed to relay message signers.
     */
    constructor(address trustedForwarder) ERC2771Context(trustedForwarder) {
        if (trustedForwarder == NULL_ADDRESS)
            revert Unacceptable({
                reason: "trustedForwarder cannot be empty"
            });
    }

    /**
     * @notice Disables incomplete ERC165 support inherited from oz/AccessControl.sol
     * @return bool Never returned.
     * @dev Always reverts. Do not rely on ERC165 support to interact with this contract.
     */
    function supportsInterface(bytes4 /*interfaceId */) public view virtual override returns (bool) {
        revert Unacceptable ({ reason: "ERC2165 is unsupported" });
    }

    /**
     * @notice Role-based access control.
     * @dev Reverts if the account is missing the role.
     * @param role The role to check. 
     * @param account An address to check for the role.
     * @param context For reporting purposes. Usually the function that requested the permission check.
     */
    function _checkRole(
        bytes32 role,
        address account,
        string memory context
    ) internal view {
        if (!hasRole(role, account))
            revert Unauthorized({
                sender: account,
                module: "KeyringAccessControl",
                method: "_checkRole",
                role: role,
                reason: "sender does not have the required role",
                context: context
            });
    }

    /**
     * @notice Returns ERC2771 signer if msg.sender is a trusted forwarder, otherwise returns msg.sender.
     * @return sender User deemed to have signed the transaction.
     */
    function _msgSender()
        internal
        view
        virtual
        override(Context, ERC2771Context)
        returns (address sender)
    {
        return ERC2771Context._msgSender();
    }

    /**
     * @notice Returns msg.data if not from a trusted forwarder, or truncated msg.data if the signer was 
     appended to msg.data
     * @dev Although not currently used, this function forms part of ERC2771 so is included for completeness.
     * @return data Data deemed to be the msg.data
     */
    function _msgData()
        internal
        view
        virtual
        override(Context, ERC2771Context)
        returns (bytes calldata)
    {
        return ERC2771Context._msgData();
    }
}

// SPDX-License-Identifier: BUSL-1.1

pragma solidity 0.8.14;

import "../interfaces/IKeyringZkCredentialUpdater.sol";
import "../interfaces/IPolicyManager.sol";
import "../interfaces/IKeyringCredentials.sol";
import "../interfaces/IRuleRegistry.sol";
import "../interfaces/IWalletCheck.sol";
import "../interfaces/IKeyringZkVerifier.sol";
import "../lib/Pack12x20.sol";
import "../access/KeyringAccessControl.sol";

/**
 @notice This contract acts as a credentials cache updater. It needs the ROLE_CREDENTIAL_UPDATER 
 permission in the KeyringCredentials contract in order to record credentials. The contract checks 
 client-generated zero-knowledge proofs of attestations about admission policy eligibility and 
 therefore enforces the protocol.
 */

contract KeyringZkCredentialUpdater is
    IKeyringZkCredentialUpdater,
    KeyringAccessControl
{
    using Pack12x20 for uint32[12];
    using Pack12x20 for uint256;

    address private constant NULL_ADDRESS = address(0);
    bytes32 private constant NULL_BYTES32 = bytes32(0);
    IRuleRegistry private immutable RULE_REGISTRY;
    address public immutable override POLICY_MANAGER;
    address public immutable override KEYRING_CREDENTIALS;
    address public immutable override KEYRING_ZK_VERIFIER;

    /**
     * @param trustedForwarder Contract address that is allowed to relay message signers.
     * @param keyringCredentials The address for the deployed KeyringCredentials contract to write to.
     * @param policyManager The address for the deployed PolicyManager contract to read from.
     * @param keyringZkVerifier On-chain instance of the stateless Keyring ZK verifier contract.
     */
    constructor(
        address trustedForwarder,
        address keyringCredentials,
        address policyManager,
        address keyringZkVerifier
    ) KeyringAccessControl(trustedForwarder) {
        if (keyringCredentials == NULL_ADDRESS)
            revert Unacceptable({
                reason: "keyringCredentials cannot be empty"
            });
        if (policyManager == NULL_ADDRESS)
            revert Unacceptable({
                reason: "policyManager cannot be empty"
            });
        if (keyringZkVerifier == NULL_ADDRESS)
            revert Unacceptable({
                reason: "keyringZkVerifier cannot be empty"
            });
        RULE_REGISTRY = IRuleRegistry(IPolicyManager(policyManager).ruleRegistry());
        _grantRole(DEFAULT_ADMIN_ROLE, _msgSender());

        POLICY_MANAGER = policyManager;
        KEYRING_CREDENTIALS = keyringCredentials;
        KEYRING_ZK_VERIFIER = keyringZkVerifier;
        
        emit CredentialUpdaterDeployed(
            _msgSender(),
            trustedForwarder,
            keyringCredentials,
            policyManager,
            keyringZkVerifier
        );
    }

    /**
     * @notice Updates the credential cache if the request is acceptable.
     * @dev The attestor must be valid for all policy disclosures. For this to be possible, it must have been admitted
     to the system globally before it was selected for a policy. The two zero-knowledge proof share parameters that 
     ensure that both proofs were derived from the same identity commitment. If the root age used to construct proofs
     if older than the policy time to live (ttl), the root will be considered acceptable with an age of zero, provided
     that the number of root successors is less than or equal to the policy acceptRoots (accept most recent n roots).
     * @param attestor The identityTree contract with a root that contains the user's identity commitment. Must be 
     present in the current attestor list for all policy disclosures in the authorization proof. 
     * @param membershipProof A zero-knowledge proof of identity commitment membership in the identity tree. Contains an
     external nullifier and nullifier hash that must match the parameters of the authorization proof. 
     * @param authorizationProof A zero-knowledge proof of compliance with up to 24 policy disclosures. Contains an
     external nullifier and nullifier hash that must match the parameters of the membershiip proof. 
     */
    function updateCredentials(
        address attestor,
        IKeyringZkVerifier.IdentityMembershipProof calldata membershipProof,
        IKeyringZkVerifier.IdentityAuthorisationProof calldata authorizationProof
    ) external override {

        bytes32 requireBackdoor;

        if (!IPolicyManager(POLICY_MANAGER).isGlobalAttestor(attestor))
            revert Unacceptable({ reason: "attestor unacceptable" });
        
        uint32 policyId;
        address sender = _msgSender();
        address trader = address(uint160(authorizationProof.tradingAddress));
        if (sender != trader)
            revert Unacceptable ({ reason: "only trader can update trader credentials" });
        bytes32 root = bytes32(membershipProof.root);

        uint32[12] memory policyList0 = unpack12x20(authorizationProof.policyDisclosures[0]);
        uint32[12] memory policyList1 = unpack12x20(authorizationProof.policyDisclosures[1]);

        if(!IKeyringZkVerifier(KEYRING_ZK_VERIFIER).checkClaim(
            membershipProof,
            authorizationProof
        )) revert Unacceptable({
            reason: "Proof unacceptable"});

        uint256 rootTime = IDegradable(attestor).subjectUpdates(root);
        
        for(uint256 i = 0; i < 24; i++) {

            policyId = (i / 12 == 0) ? policyList0[i % 12] : policyList1[i % 12];
            if(policyId == 0) break;
            
            if(!checkPolicy(policyId, attestor))
                revert Unacceptable({
                    reason: "policy or attestor unacceptable"
                });

            /**
             @dev Set the credential cache. 
             */
            IKeyringCredentials(KEYRING_CREDENTIALS).setCredential(
                trader, 
                policyId,                
                rootTime);

            /**
             @dev This verifier supports exactly one backdoor per proof. Therefore, all policies in the
             disclosure must require the same backdoor, or no backdoor. 
             */
            uint256 policyBackdoorCount = IPolicyManager(POLICY_MANAGER).policyBackdoorCount(policyId);
            if (policyBackdoorCount > 1) revert Unacceptable({ reason: "multiple policy backdoors are not supported" });
            if (policyBackdoorCount == 1) {
                if (requireBackdoor == NULL_BYTES32) {
                    requireBackdoor = IPolicyManager(POLICY_MANAGER).policyBackdoorAtIndex(policyId, 0);
                } else {
                    if(requireBackdoor != IPolicyManager(POLICY_MANAGER).policyBackdoorAtIndex(policyId,0))
                        revert Unacceptable({
                            reason: "all policies in the proof must rely on the same backdoor or no backdoor"
                        });
                }
            }
        }

        /**
         @dev If any policy requires a backdoor, confirm the backdoor is contained in the Proof. 
         */
        if (requireBackdoor != NULL_BYTES32) {
            uint256[2] memory requirePubKey = IPolicyManager(POLICY_MANAGER).backdoorPubKey(requireBackdoor);
            if (requirePubKey[0] != authorizationProof.regimeKey[0] ||
                requirePubKey[1] != authorizationProof.regimeKey[1]) 
            {
                revert Unacceptable ({
                    reason: "Proof does not contain required backdoor regimeKey"
                });
            }
        }

        emit AcceptCredentialUpdate(
            sender, 
            trader, 
            membershipProof, 
            authorizationProof, 
            rootTime);
    }

    /**
     * @notice The identity tree must be a policy attestor and the policy rule cannot be toxic.
     * @dev Use static call to inspect response.
     * @param policyId The policy to inspect.
     * @param attestor The identity tree contract address to compare to the policy attestors.
     * @return acceptable True if the policy rule is not toxic and the identity tree is authoritative for the policy.
     */    
    function checkPolicy(
        uint32 policyId, 
        address attestor
    ) public override returns (bool acceptable)
    {
        IPolicyManager p = IPolicyManager(POLICY_MANAGER);
        if(!p.isPolicy(policyId)) return false;

        PolicyStorage.PolicyScalar memory policyScalar = 
            IPolicyManager(POLICY_MANAGER).policyScalarActive(policyId);

        acceptable = !(RULE_REGISTRY.ruleIsToxic(policyScalar.ruleId)) &&
            p.isPolicyAttestor(policyId, attestor);
    }

    /**
     * @notice Packs uint32[12] into uint256 with 20-bit precision.
     * @dev uint32 Inputs are limited to 20 bits of magnitude.
     * @param input 20 bit unsigned integers cast as uint32.
     * @return packed Uint256 packed format contained encoding of 12 20-bit uints. 
     */
    function pack12x20(uint32[12] calldata input) public pure override returns (uint256 packed) {
        packed = input.pack();
    }

    /**
     * @notice Unpacks packed elements as 20-bit uint32[12].
     * @param packed Packed format, 12 x 20-bit unsigned integers, tightly packed. 
     * @return unpacked Uint32[12], 20-bit precision.
     */
    function unpack12x20(uint256 packed) public pure override returns (uint32[12] memory unpacked) {
        unpacked = packed.unpack();
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)

pragma solidity ^0.8.0;

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library Math {
    enum Rounding {
        Down, // Toward negative infinity
        Up, // Toward infinity
        Zero // Toward zero
    }

    /**
     * @dev Returns the largest of two numbers.
     */
    function max(uint256 a, uint256 b) internal pure returns (uint256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two numbers.
     */
    function min(uint256 a, uint256 b) internal pure returns (uint256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two numbers. The result is rounded towards
     * zero.
     */
    function average(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b) / 2 can overflow.
        return (a & b) + (a ^ b) / 2;
    }

    /**
     * @dev Returns the ceiling of the division of two numbers.
     *
     * This differs from standard division with `/` in that it rounds up instead
     * of rounding down.
     */
    function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b - 1) / b can overflow on addition, so we distribute.
        return a == 0 ? 0 : (a - 1) / b + 1;
    }

    /**
     * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
     * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
     * with further edits by Uniswap Labs also under MIT license.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
        unchecked {
            // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
            // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
            // variables such that product = prod1 * 2^256 + prod0.
            uint256 prod0; // Least significant 256 bits of the product
            uint256 prod1; // Most significant 256 bits of the product
            assembly {
                let mm := mulmod(x, y, not(0))
                prod0 := mul(x, y)
                prod1 := sub(sub(mm, prod0), lt(mm, prod0))
            }

            // Handle non-overflow cases, 256 by 256 division.
            if (prod1 == 0) {
                // Solidity will revert if denominator == 0, unlike the div opcode on its own.
                // The surrounding unchecked block does not change this fact.
                // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
                return prod0 / denominator;
            }

            // Make sure the result is less than 2^256. Also prevents denominator == 0.
            require(denominator > prod1, "Math: mulDiv overflow");

            ///////////////////////////////////////////////
            // 512 by 256 division.
            ///////////////////////////////////////////////

            // Make division exact by subtracting the remainder from [prod1 prod0].
            uint256 remainder;
            assembly {
                // Compute remainder using mulmod.
                remainder := mulmod(x, y, denominator)

                // Subtract 256 bit number from 512 bit number.
                prod1 := sub(prod1, gt(remainder, prod0))
                prod0 := sub(prod0, remainder)
            }

            // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
            // See https://cs.stackexchange.com/q/138556/92363.

            // Does not overflow because the denominator cannot be zero at this stage in the function.
            uint256 twos = denominator & (~denominator + 1);
            assembly {
                // Divide denominator by twos.
                denominator := div(denominator, twos)

                // Divide [prod1 prod0] by twos.
                prod0 := div(prod0, twos)

                // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                twos := add(div(sub(0, twos), twos), 1)
            }

            // Shift in bits from prod1 into prod0.
            prod0 |= prod1 * twos;

            // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
            // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
            // four bits. That is, denominator * inv = 1 mod 2^4.
            uint256 inverse = (3 * denominator) ^ 2;

            // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
            // in modular arithmetic, doubling the correct bits in each step.
            inverse *= 2 - denominator * inverse; // inverse mod 2^8
            inverse *= 2 - denominator * inverse; // inverse mod 2^16
            inverse *= 2 - denominator * inverse; // inverse mod 2^32
            inverse *= 2 - denominator * inverse; // inverse mod 2^64
            inverse *= 2 - denominator * inverse; // inverse mod 2^128
            inverse *= 2 - denominator * inverse; // inverse mod 2^256

            // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
            // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
            // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
            // is no longer required.
            result = prod0 * inverse;
            return result;
        }
    }

    /**
     * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
        uint256 result = mulDiv(x, y, denominator);
        if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
            result += 1;
        }
        return result;
    }

    /**
     * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
     *
     * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
     */
    function sqrt(uint256 a) internal pure returns (uint256) {
        if (a == 0) {
            return 0;
        }

        // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
        //
        // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
        // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
        //
        // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
        // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
        // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
        //
        // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
        uint256 result = 1 << (log2(a) >> 1);

        // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
        // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
        // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
        // into the expected uint128 result.
        unchecked {
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            return min(result, a / result);
        }
    }

    /**
     * @notice Calculates sqrt(a), following the selected rounding direction.
     */
    function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = sqrt(a);
            return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 2, rounded down, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 128;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 64;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 32;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 16;
            }
            if (value >> 8 > 0) {
                value >>= 8;
                result += 8;
            }
            if (value >> 4 > 0) {
                value >>= 4;
                result += 4;
            }
            if (value >> 2 > 0) {
                value >>= 2;
                result += 2;
            }
            if (value >> 1 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log2(value);
            return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 10, rounded down, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >= 10 ** 64) {
                value /= 10 ** 64;
                result += 64;
            }
            if (value >= 10 ** 32) {
                value /= 10 ** 32;
                result += 32;
            }
            if (value >= 10 ** 16) {
                value /= 10 ** 16;
                result += 16;
            }
            if (value >= 10 ** 8) {
                value /= 10 ** 8;
                result += 8;
            }
            if (value >= 10 ** 4) {
                value /= 10 ** 4;
                result += 4;
            }
            if (value >= 10 ** 2) {
                value /= 10 ** 2;
                result += 2;
            }
            if (value >= 10 ** 1) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log10(value);
            return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 256, rounded down, of a positive value.
     * Returns 0 if given 0.
     *
     * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
     */
    function log256(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 16;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 8;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 4;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 2;
            }
            if (value >> 8 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log256(value);
            return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
        }
    }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.14;

library Pack12x20 {

    error OutOfRange(uint32 input);
    uint8 constant FIELD_SIZE = 20;
    uint256 constant MASK = 2 ** FIELD_SIZE - 1;

    /**
     @notice Pack 12 20-bit integers into a 240-bit object.
     @dev uint32 Inputs are limited to 20 bits of magnitude.
     @param input Array of 20-bit integers to pack cast as an array of uint32. 
     **/
    function pack(uint32[12] calldata input) 
        internal pure returns(uint256 packed) 
    {
        if (input[0] > MASK) revert OutOfRange(input[0]);
        packed = uint256(input[0]);
        packed = packed << FIELD_SIZE;
        if (input[1] > MASK) revert OutOfRange(input[1]);
        packed = packed + input[1];
        packed = packed << FIELD_SIZE;
        if (input[2] > MASK) revert OutOfRange(input[2]);
        packed = packed + input[2];
        packed = packed << FIELD_SIZE;
        if (input[3] > MASK) revert OutOfRange(input[3]);
        packed = packed + input[3];
        packed = packed << FIELD_SIZE;
        if (input[4] > MASK) revert OutOfRange(input[4]);
        packed = packed + input[4];
        packed = packed << FIELD_SIZE;
        if (input[5] > MASK) revert OutOfRange(input[5]);
        packed = packed + input[5];
        packed = packed << FIELD_SIZE;
        if (input[6] > MASK) revert OutOfRange(input[6]);
        packed = packed + input[6];
        packed = packed << FIELD_SIZE;
        if (input[7] > MASK) revert OutOfRange(input[7]);
        packed = packed + input[7];
        packed = packed << FIELD_SIZE;
        if (input[8] > MASK) revert OutOfRange(input[8]);
        packed = packed + input[8];
        packed = packed << FIELD_SIZE;
        if (input[9] > MASK) revert OutOfRange(input[9]);
        packed = packed + input[9];
        packed = packed << FIELD_SIZE;
        if (input[10] > MASK) revert OutOfRange(input[10]);
        packed = packed + input[10];
        packed = packed << FIELD_SIZE;
        if (input[11] > MASK) revert OutOfRange(input[11]);
        packed = packed + input[11];        
    }

    /**
     @notice Unpack 12 20-bit integers from 240-bit input
     @dev Data beyond the first 240 bits is ignored.
     @param packed 12 20-bit integers packed into 240 bits.
     @return output 12 20-bit integers cast as an array of 32-bit integers.
     **/
    function unpack(uint256 packed) 
        internal pure returns(uint32[12] memory output)
    {
        require(
            packed == uint256(uint240(packed)),
            "input out of range"
        );
        output[11] = uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[10] = uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[9] = uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[8]= uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[7] = uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[6] = uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[5] = uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[4] = uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[3] = uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[2] = uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[1] = uint32(packed & MASK);
        packed = packed >> FIELD_SIZE;
        output[0] = uint32(packed);
    }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.14;

import "./AddressSet.sol";
import "../interfaces/IRuleRegistry.sol";
import "../interfaces/IIdentityTree.sol";
import "../interfaces/IDegradable.sol";
import "../interfaces/IKeyringCredentials.sol";

/**
 @notice PolicyStorage attends to state management concerns for the PolicyManager. It establishes the
 storage layout and is responsible for internal state integrity and managing state transitions. The 
 PolicyManager is responsible for orchestration of the functions implemented here as well as access
 control. 
 */

library PolicyStorage {

    using AddressSet for AddressSet.Set;
    using Bytes32Set for Bytes32Set.Set;

    uint32 private constant MAX_POLICIES = 2 ** 20;
    uint32 private constant MAX_TTL = 2 * 365 days;
    uint256 public constant MAX_DISABLEMENT_PERIOD = 120 days;
    uint256 private constant MAX_BACKDOORS = 1;
    uint256 private constant UNIVERSAL_RULE = 0;
    address private constant NULL_ADDRESS = address(0);

    error Unacceptable(string reason);

    /// @dev The App struct contains the essential PolicyManager state including an array of Policies. 

    struct App {
        uint256 minimumPolicyDisablementPeriod;
        Policy[] policies;
        AddressSet.Set globalWalletCheckSet;
        AddressSet.Set globalAttestorSet;        
        mapping(address => string) attestorUris;
        Bytes32Set.Set backdoorSet;
        mapping(bytes32 => uint256[2]) backdoorPubKey;
    }

    /// @dev PolicyScalar contains the non-indexed values in a policy configuration.

    struct PolicyScalar {
        bytes32 ruleId;
        string descriptionUtf8;
        uint32 ttl;
        uint32 gracePeriod;
        bool allowApprovedCounterparties;
        uint256 disablementPeriod;
        bool locked;
    }

    /// @dev PolicyAttestors contains the active policy attestors as well as scheduled changes. 

    struct PolicyAttestors {
        AddressSet.Set activeSet;
        AddressSet.Set pendingAdditionSet;
        AddressSet.Set pendingRemovalSet;
    }

    /// @dev PolicyWalletChecks contains the active policy wallet checks as well as scheduled changes.

    struct PolicyWalletChecks {
        AddressSet.Set activeSet;
        AddressSet.Set pendingAdditionSet;
        AddressSet.Set pendingRemovalSet;
    }

    /// @dev PolicyBackdoors contain and active policy backdoors (identifiers) as well as scheduled changes. 

    struct PolicyBackdoors {
        Bytes32Set.Set activeSet;
        Bytes32Set.Set pendingAdditionSet;
        Bytes32Set.Set pendingRemovalSet;
    }

    /// @dev Policy contains the active and scheduled changes and the deadline when the changes will
    /// take effect.
    
    struct Policy {
        bool disabled;
        uint256 deadline;
        PolicyScalar scalarActive;
        PolicyScalar scalarPending;
        PolicyAttestors attestors;
        PolicyWalletChecks walletChecks;
        PolicyBackdoors backdoors;
    }

    /** 
     * @notice A policy can be disabled if the policy is deemed failed. 
     * @param policyObj The policy to disable.
     */
    function disablePolicy(
        Policy storage policyObj
    ) public 
    {
        if (!policyHasFailed(policyObj))
            revert Unacceptable({
                reason: "only failed policies can be disabled"
            });
        policyObj.disabled = true;
        policyObj.deadline = ~uint(0);
    }

    /**
     * @notice A policy is deemed failed if all attestors or any wallet check is inactive
     * over the policyDisablement period. 
     * @param policyObj The policy to inspect.
     * @return hasIndeed True if all attestors have failed or any wallet check has failed, 
     where "failure" is no updates over the policyDisablement period. 
     */
    function policyHasFailed(
        Policy storage policyObj
    ) public view returns (bool hasIndeed) 
    {
        if (policyObj.disabled == true) 
            revert Unacceptable({
                reason: "policy is already disabled"
            });
        
        uint256 i;
        uint256 disablementPeriod = policyObj.scalarActive.disablementPeriod;

        // If all attestors have failed
        bool allAttestorsHaveFailed = true;
        uint256 policyAttestorsCount = policyObj.attestors.activeSet.count();
        for (i=0; i<policyAttestorsCount; i++) {
            uint256 lastUpdate = IDegradable(policyObj.attestors.activeSet.keyAtIndex(i)).lastUpdate();
            // We ignore unitialized services to prevent interference with new policies.
            if (lastUpdate > 0) {
               if(block.timestamp < lastUpdate + disablementPeriod) {
                    allAttestorsHaveFailed = false;
               }
            } else {
                // No evidence of interrupted activity yet
                allAttestorsHaveFailed = false;
            }
        }

        if(!allAttestorsHaveFailed) {
            // If any wallet check has failed
            uint256 policyWalletChecksCount = policyObj.walletChecks.activeSet.count();
            for (i=0; i<policyWalletChecksCount; i++) {
                uint256 lastUpdate = IDegradable(policyObj.walletChecks.activeSet.keyAtIndex(i)).lastUpdate();
                if (lastUpdate > 0) {
                    if(block.timestamp > lastUpdate + disablementPeriod) return true;
                }
            }
        }
        hasIndeed = allAttestorsHaveFailed;
    }

    /**
     * @notice Updates the minimumPolicyDisablementPeriod property of the Policy struct.
     * @param self A storage reference to the App storage
     * @param minimumDisablementPeriod The new value for the minimumPolicyDisablementPeriod property.
     */
    function updateMinimumPolicyDisablementPeriod(
        App storage self, 
        uint256 minimumDisablementPeriod 
    ) public 
    {
        if (minimumDisablementPeriod >= MAX_DISABLEMENT_PERIOD) 
            revert Unacceptable({
                reason: "minimum disablement period is too long"
            });
        self.minimumPolicyDisablementPeriod = minimumDisablementPeriod;
    }

    /**
     * @notice The attestor admin can admit attestors into the global attestor whitelist. 
     * @param self PolicyManager App state.
     * @param attestor Address of the attestor's identity tree contract.
     * @param uri The URI refers to detailed information about the attestor.
     */
    function insertGlobalAttestor(
        App storage self,
        address attestor,
        string memory uri
    ) public
    {
        if (attestor == NULL_ADDRESS)
            revert Unacceptable({
                reason: "attestor cannot be empty"
            });
        if (bytes(uri).length == 0) 
            revert Unacceptable({
                reason: "uri cannot be empty"
            });        
        self.globalAttestorSet.insert(attestor, "PolicyStorage:insertGlobalAttestor");
        self.attestorUris[attestor] = uri;
    }

    /**
     * @notice The attestor admin can update the informational URIs for attestors on the whitelist.
     * @dev No onchain logic relies on the URI.
     * @param self PolicyManager App state.
     * @param attestor Address of an attestor's identity tree contract on the whitelist. 
     * @param uri The URI refers to detailed information about the attestor.
     */
    function updateGlobalAttestorUri(
        App storage self, 
        address attestor,
        string memory uri
    ) public
    {
        if (!self.globalAttestorSet.exists(attestor))
            revert Unacceptable({
                reason: "attestor not found"
            });
        if (bytes(uri).length == 0) 
            revert Unacceptable({
                reason: "uri cannot be empty"
            });  
        self.attestorUris[attestor] = uri;
    }

    /**
     * @notice The attestor admin can remove attestors from the whitelist.
     * @dev Does not remove attestors from policies that recognise the attestor to remove. 
     * @param self PolicyManager App state.
     * @param attestor Address of an attestor identity tree to remove from the whitelist. 
     */
    function removeGlobalAttestor(
        App storage self,
        address attestor
    ) public
    {
        self.globalAttestorSet.remove(attestor, "PolicyStorage:removeGlobalAttestor");
    }

    /**
     * @notice The wallet check admin can admit wallet check contracts into the system.
     * @dev Wallet checks implement the IWalletCheck interface.
     * @param self PolicyManager App state.
     * @param walletCheck The address of a Wallet Check to admit into the global whitelist.
     */
    function insertGlobalWalletCheck(
        App storage self,
        address walletCheck
    ) public
    {
        if (walletCheck == NULL_ADDRESS)
            revert Unacceptable({
                reason: "walletCheck cannot be empty"
            });
        self.globalWalletCheckSet.insert(walletCheck, "PolicyStorage:insertGlobalWalletCheck");
    }

    /**
     * @notice The wallet check admin can remove a wallet check from the system.
     * @dev Does not affect policies that utilize the wallet check. 
     * @param self PolicyManager App state.
     * @param walletCheck The address of a Wallet Check to admit into the global whitelist.
     */
    function removeGlobalWalletCheck(
        App storage self,
        address walletCheck
    ) public
    {
        self.globalWalletCheckSet.remove(walletCheck, "PolicyStorage:removeGlobalWalletCheck");
    }

    /**
     * @notice The backdoor admin can add a backdoor.
     * @dev pubKey must be unique.
     * @param self PolicyManager App state.
     * @param pubKey The public key for backdoor encryption. 
     */
    function insertGlobalBackdoor(
        App storage self, 
        uint256[2] calldata pubKey
    ) public returns (bytes32 id)
    {
        id = keccak256(abi.encodePacked(pubKey));
        self.backdoorPubKey[id] = pubKey;
        self.backdoorSet.insert(
                id,
                "PolicyStorage:insertGlobalBackdoor"
        );
    }

    /**
     * @notice Creates a new policy that is owned by the creator.
     * @dev Maximum unique policies is 2 ^ 20. Must be at least 1 attestor.
     * @param self PolicyManager App state.
     * @param policyScalar The new policy's non-indexed values. 
     * @param attestors A list of attestor identity tree contracts.
     * @param walletChecks The address of one or more Wallet Checks to add to the Policy.
     * @param ruleRegistry The address of the deployed RuleRegistry contract.
     * @return policyId A PolicyStorage struct.Id The unique identifier of a Policy.
     */
    function newPolicy(
        App storage self,
        PolicyScalar calldata policyScalar,
        address[] memory attestors,
        address[] memory walletChecks,
        address ruleRegistry
    ) public returns (uint32 policyId) 
    {
        (bytes32 universeRule, bytes32 emptyRule) = IRuleRegistry(ruleRegistry).genesis();
        
        // Check that there is at least one attestor for the policy
        if (
            attestors.length < 1 && 
            policyScalar.ruleId != universeRule &&
            policyScalar.ruleId != emptyRule) 
        {
            revert Unacceptable({
                reason: "every policy needs at least one attestor"
            });
        }
        
        uint256 i;
        self.policies.push();
        policyId = uint32(self.policies.length - 1);
        if (policyId >= MAX_POLICIES)
            revert Unacceptable({
                reason: "max policies exceeded"
            });
        Policy storage policyObj = policyRawData(self, policyId);
        uint256 deadline = block.timestamp;

        writePolicyScalar(
            self,
            policyId,
            policyScalar,
            ruleRegistry,
            deadline
        );

        processStaged(policyObj);

        for (i=0; i<attestors.length; i++) {
            address attestor = attestors[i];
            if (!self.globalAttestorSet.exists(attestor))
                revert Unacceptable({
                    reason: "attestor not found"
                });
            policyObj.attestors.activeSet.insert(attestor, "PolicyStorage:newPolicy");
        }

        for (i=0; i<walletChecks.length; i++) {
            address walletCheck = walletChecks[i];
            if (!self.globalWalletCheckSet.exists(walletCheck))
                revert Unacceptable({
                    reason: "walletCheck not found"
                });
            policyObj.walletChecks.activeSet.insert(walletCheck, "PolicyStorage:newPolicy");
        }
    }

    /**
     * @notice Returns the internal policy state without processing staged changes. 
     * @dev Staged changes with deadlines in the past are presented as pending. 
     * @param self PolicyManager App state.
     * @param policyId A PolicyStorage struct.Id The unique identifier of a Policy.
     * @return policyInfo Policy info in the internal storage format without processing.
     */
    function policyRawData(
        App storage self, 
        uint32 policyId
    ) public view returns (Policy storage policyInfo) 
    {
        policyInfo = self.policies[policyId];
    }

    /**
     * @param activeSet The active set of addresses.
     * @param additionSet The set of pending addresses to add to the active set.
     */
    function _processAdditions(
    AddressSet.Set storage activeSet, 
    AddressSet.Set storage additionSet
    ) private {
        uint256 count = additionSet.count();
        while (count > 0) {
            address entity = additionSet.keyAtIndex(additionSet.count() - 1);
            activeSet.insert(entity, "policyStorage:_processAdditions");
            additionSet.remove(entity, "policyStorage:_processAdditions");
            count--;
        }
    }

    /**
     * @param activeSet The active set of bytes32.
     * @param additionSet The set of pending bytes32 to add to the active set.
     */
    function _processAdditions(
    Bytes32Set.Set storage activeSet, 
    Bytes32Set.Set storage additionSet
    ) private {
        uint256 count = additionSet.count();
        while (count > 0) {
            bytes32 entity = additionSet.keyAtIndex(additionSet.count() - 1);
            activeSet.insert(entity, "policyStorage:_processAdditions");
            additionSet.remove(entity, "policyStorage:_processAdditions");
            count--;
        }
    }

    /**
     * @param activeSet The active set of addresses.
     * @param removalSet The set of pending addresses to remove from the active set.
     */
    function _processRemovals(
        AddressSet.Set storage activeSet, 
        AddressSet.Set storage removalSet
    ) private {
        uint256 count = removalSet.count();
        while (count > 0) {
            address entity = removalSet.keyAtIndex(removalSet.count() - 1);
            activeSet.remove(entity, "policyStorage:_processRemovals");
            removalSet.remove(entity, "policyStorage:_processRemovals");
            count--;
        }
    }

    /**
     * @param activeSet The active set of bytes32.
     * @param removalSet The set of pending bytes32 to remove from the active set.
     */
    function _processRemovals(
        Bytes32Set.Set storage activeSet, 
        Bytes32Set.Set storage removalSet
    ) private {
        uint256 count = removalSet.count();
        while (count > 0) {
            bytes32 entity = removalSet.keyAtIndex(removalSet.count() - 1);
            activeSet.remove(entity, "policyStorage:_processRemovals");
            removalSet.remove(entity, "policyStorage:_processRemovals");
            count--;
        }
    }

    /**
     * @notice Processes staged changes to the policy state if the deadline is in the past.
     * @dev Always call this before inspecting the the active policy state. .
     * @param policyObj A Policy object.
     */
    function processStaged(Policy storage policyObj) public {
        uint256 deadline = policyObj.deadline;
        if (deadline > 0 && deadline <= block.timestamp) {
            policyObj.scalarActive = policyObj.scalarPending;

            _processAdditions(policyObj.attestors.activeSet, policyObj.attestors.pendingAdditionSet);
            _processRemovals(policyObj.attestors.activeSet, policyObj.attestors.pendingRemovalSet);

            _processAdditions(policyObj.walletChecks.activeSet, policyObj.walletChecks.pendingAdditionSet);
            _processRemovals(policyObj.walletChecks.activeSet, policyObj.walletChecks.pendingRemovalSet);

            _processAdditions(policyObj.backdoors.activeSet, policyObj.backdoors.pendingAdditionSet);
            _processRemovals(policyObj.backdoors.activeSet, policyObj.backdoors.pendingRemovalSet);

            policyObj.deadline = 0;
        }
    }


    /**
     * @notice Prevents changes to locked and disabled Policies.
     * @dev Reverts if the active policy lock is set to true or the Policy is disabled.
     * @param policyObj A Policy object.
     */
    function checkLock(
        Policy storage policyObj
    ) public view 
    {
        if (isLocked(policyObj) || policyObj.disabled)
            revert Unacceptable({
                reason: "policy is locked"
            });
    }

    /**
     * @notice Inspect the active policy lock.
     * @param policyObj A Policy object.
     * @return isIndeed True if the active policy locked parameter is set to true. True value if PolicyStorage
     is locked, otherwise False.
     */
    function isLocked(Policy storage policyObj) public view returns(bool isIndeed) {
        isIndeed = policyObj.scalarActive.locked;
    }

    /**
     * @notice Processes staged changes if the current deadline has passed and updates the deadline. 
     * @dev The deadline must be at least as far in the future as the active policy gracePeriod. 
     * @param policyObj A Policy object.
     * @param deadline The timestamp when the staged changes will take effect. Overrides previous deadline.
     */
    function setDeadline(
        Policy storage policyObj, 
        uint256 deadline
    ) public
    {
        checkLock(policyObj);

        // Deadline of 0 allows staging of changes with no implementation schedule.
        // Positive deadlines must be at least graceTime seconds in the future.
     
        if (deadline != 0 && 
            (deadline < block.timestamp + policyObj.scalarActive.gracePeriod)
        )
            revert Unacceptable({
                reason: "deadline in the past or too soon"
        });
        policyObj.deadline = deadline;
    }

    /**
     * @notice Non-indexed Policy values can be updated in one step. 
     * @param self PolicyManager App state.
     * @param policyId A PolicyStorage struct.Id The unique identifier of a Policy.
     * @param policyScalar The new non-indexed properties. 
     * @param ruleRegistry The address of the deployed RuleRegistry contract. 
     * @param deadline The timestamp when the staged changes will take effect. Overrides previous deadline.
     */
    function writePolicyScalar(
        App storage self,
        uint32 policyId,
        PolicyStorage.PolicyScalar calldata policyScalar,
        address ruleRegistry,
        uint256 deadline
    ) public {
        PolicyStorage.Policy storage policyObj = policyRawData(self, policyId);
        processStaged(policyObj);
        writeRuleId(policyObj, policyScalar.ruleId, ruleRegistry);
        writeDescription(policyObj, policyScalar.descriptionUtf8);
        writeTtl(policyObj, policyScalar.ttl);
        writeGracePeriod(policyObj, policyScalar.gracePeriod);
        writeAllowApprovedCounterparties(policyObj, policyScalar.allowApprovedCounterparties);
        writePolicyLock(policyObj, policyScalar.locked);
        writeDisablementPeriod(self, policyId, policyScalar.disablementPeriod);
        setDeadline(policyObj, deadline);
    }

    /**
     * @notice Writes a new RuleId to the pending Policy changes in a Policy.
     * @param self A Policy object.
     * @param ruleId The unique identifier of a Rule.
     * @param ruleRegistry The address of the deployed RuleRegistry contract. 
     */
    function writeRuleId(
        Policy storage self, 
        bytes32 ruleId, 
        address ruleRegistry
    ) public
    {
        if (!IRuleRegistry(ruleRegistry).isRule(ruleId))
            revert Unacceptable({
                reason: "rule not found"
            });
        self.scalarPending.ruleId = ruleId;
    }

    /**
     * @notice Writes a new descriptionUtf8 to the pending Policy changes in a Policy.
     * @param self A Policy object.
     * @param descriptionUtf8 Policy description in UTF-8 format. 
     */
    function writeDescription(
        Policy storage self, 
        string memory descriptionUtf8
    ) public
    {
        if (bytes(descriptionUtf8).length == 0) 
            revert Unacceptable({
                reason: "descriptionUtf8 cannot be empty"
            });
        self.scalarPending.descriptionUtf8 = descriptionUtf8;
    }

    /**
     * @notice Writes a new ttl to the pending Policy changes in a Policy.
     * @param self A Policy object.
     * @param ttl The maximum acceptable credential age in seconds.
     */
    function writeTtl(
        Policy storage self,
        uint32 ttl
    ) public
    {
        if (ttl > MAX_TTL) 
            revert Unacceptable({ reason: "ttl exceeds maximum duration" });
        self.scalarPending.ttl = ttl;
    }

    /**
     * @notice Writes a new gracePeriod to the pending Policy changes in a Policy. 
     * @dev Deadlines must always be >= the active policy grace period. 
     * @param self A Policy object.
     * @param gracePeriod The minimum acceptable deadline.
     */
    function writeGracePeriod(
        Policy storage self,
        uint32 gracePeriod
    ) public
    {
        // 0 is acceptable
        self.scalarPending.gracePeriod = gracePeriod;
    }

    /**
     * @notice Writes a new allowApprovedCounterparties state in the pending Policy changes in a Policy. 
     * @param self A Policy object.
     * @param allowApprovedCounterparties True if whitelists are allowed, otherwise false.
     */
    function writeAllowApprovedCounterparties(
        Policy storage self,
        bool allowApprovedCounterparties
    ) public
    {
        self.scalarPending.allowApprovedCounterparties = allowApprovedCounterparties;
    }

    /**
     * @notice Writes a new locked state in the pending Policy changes in a Policy.
     * @param self A Policy object.
     * @param setPolicyLocked True if the policy is to be locked, otherwise false.
     */
    function writePolicyLock(
        Policy storage self,
        bool setPolicyLocked
    ) public
    {
        self.scalarPending.locked = setPolicyLocked;
    }

    /**
     * @notice Writes a new disablement deadline to the pending Policy changes of a Policy.
     * @dev If the provided disablement deadline is in the past, this function will revert. 
     * @param self A PolicyStorage object.
     * @param disablementPeriod The new disablement deadline to set, in seconds since the Unix epoch.
     *   If set to 0, the policy can be disabled at any time.
     *   If set to a non-zero value, the policy can only be disabled after that time.
     */

    function writeDisablementPeriod(
        App storage self,
        uint32 policyId,
        uint256 disablementPeriod
    ) public {
        // Check that the new disablement period is greater than or equal to the minimum
        if (disablementPeriod < self.minimumPolicyDisablementPeriod) {
            revert Unacceptable({
                reason: "disablement period is too short"
            });
        }
        if (disablementPeriod >= MAX_DISABLEMENT_PERIOD) {
            revert Unacceptable({
                reason: "disablement period is too long"
            });
        }
        Policy storage policyObj = self.policies[policyId];
        policyObj.scalarPending.disablementPeriod = disablementPeriod;
    }

    /**
     * @notice Writes attestors to pending Policy attestor additions. 
     * @param self PolicyManager App state.
     * @param policyObj A Policy object.
     * @param attestors The address of one or more Attestors to add to the Policy.
     */
    function writeAttestorAdditions(
        App storage self,
        Policy storage policyObj,
        address[] calldata attestors
    ) public
    {
        for (uint i = 0; i < attestors.length; i++) {
            _writeAttestorAddition(self, policyObj, attestors[i]);
        }        
    }

    /**
     * @notice Writes an attestor to pending Policy attestor additions. 
     * @dev If the attestor is scheduled to be remove, unschedules the removal. 
     * @param self PolicyManager App state.
     * @param policyObj A Policy object. 
     * @param attestor The address of an Attestor to add to the Policy.
     */
    function _writeAttestorAddition(
        App storage self,
        Policy storage policyObj,
        address attestor
    ) private
    {
        if (!self.globalAttestorSet.exists(attestor))
            revert Unacceptable({
                reason: "attestor not found"
            });
        if (policyObj.attestors.pendingRemovalSet.exists(attestor)) {
            policyObj.attestors.pendingRemovalSet.remove(attestor, "PolicyStorage:_writeAttestorAddition");
        } else {
            if (policyObj.attestors.activeSet.exists(attestor)) {
                revert Unacceptable({
                    reason: "attestor already in policy"
                });
            }
            policyObj.attestors.pendingAdditionSet.insert(attestor, "PolicyStorage:_writeAttestorAddition");
        }
    }

    /**
     * @notice Writes attestors to pending Policy attestor removals. 
     * @param self A Policy object.
     * @param attestors The address of one or more Attestors to remove from the Policy.
     */
    function writeAttestorRemovals(
        Policy storage self,
        address[] calldata attestors
    ) public
    {
        for (uint i = 0; i < attestors.length; i++) {
            _writeAttestorRemoval(self, attestors[i]);
        }
    }

    /**
     * @notice Writes an attestor to a Policy's pending attestor removals. 
     * @dev Cancels the addition if the attestor is scheduled to be added. 
     * @param self PolicyManager App state.
     * @param attestor The address of a Attestor to remove from the Policy.
     */
    function _writeAttestorRemoval(
        Policy storage self,
        address attestor
    ) private
    {
        
        uint currentAttestorCount = self.attestors.activeSet.count();
        uint pendingAdditionsCount = self.attestors.pendingAdditionSet.count();
        uint pendingRemovalsCount = self.attestors.pendingRemovalSet.count();

        if (currentAttestorCount + pendingAdditionsCount - pendingRemovalsCount < 2) {
            revert Unacceptable({
                reason: "Cannot remove the last attestor. Add a replacement first"
            });
        }
        
        if (self.attestors.pendingAdditionSet.exists(attestor)) {
            self.attestors.pendingAdditionSet.remove(attestor, "PolicyStorage:_writeAttestorRemoval");
        } else {
            if (!self.attestors.activeSet.exists(attestor)) {
                revert Unacceptable({
                    reason: "attestor not found"
                });
            }
            self.attestors.pendingRemovalSet.insert(attestor, "PolicyStorage:_writeAttestorRemoval");
        }
    }

    /**
     * @notice Writes wallet checks to a Policy's pending wallet check additions.
     * @param self PolicyManager App state.
     * @param policyObj A PolicyStorage object.
     * @param walletChecks The address of one or more Wallet Checks to add to the Policy.
     */
    function writeWalletCheckAdditions(
        App storage self,
        Policy storage policyObj,
        address[] memory walletChecks
    ) public
    {
        for (uint i = 0; i < walletChecks.length; i++) {
            _writeWalletCheckAddition(self, policyObj, walletChecks[i]);
        }
    }

    /**
     * @notice Writes a wallet check to a Policy's pending wallet check additions. 
     * @dev Cancels removal if the wallet check is scheduled for removal. 
     * @param self PolicyManager App state.
     * @param policyObj A Policy object. 
     * @param walletCheck The address of a Wallet Check to admit into the global whitelist.
     */
    function _writeWalletCheckAddition(
        App storage self,
        Policy storage policyObj,
        address walletCheck
    ) private
    {
        if (!self.globalWalletCheckSet.exists(walletCheck))
            revert Unacceptable({
                reason: "walletCheck not found"
            });
        if (policyObj.walletChecks.pendingRemovalSet.exists(walletCheck)) {
            policyObj.walletChecks.pendingRemovalSet.remove(walletCheck, "PolicyStorage:_writeWalletCheckAddition");
        } else {
            if (policyObj.walletChecks.activeSet.exists(walletCheck)) {
                revert Unacceptable({
                    reason: "walletCheck already in policy"
                });
            }
            if (policyObj.walletChecks.pendingAdditionSet.exists(walletCheck)) {
                revert Unacceptable({
                    reason: "walletCheck addition already scheduled"
                });
            }
            policyObj.walletChecks.pendingAdditionSet.insert(walletCheck, "PolicyStorage:_writeWalletCheckAddition");
        }
    }

    /**
     * @notice Writes wallet checks to a Policy's pending wallet check removals. 
     * @param self A Policy object.
     * @param walletChecks The address of one or more Wallet Checks to add to the Policy.
     */
    function writeWalletCheckRemovals(
        Policy storage self,
        address[] memory walletChecks
    ) public
    {
        for (uint i = 0; i < walletChecks.length; i++) {
            _writeWalletCheckRemoval(self, walletChecks[i]);
        }
    }

    /**
     * @notice Writes a wallet check to a Policy's pending wallet check removals. 
     * @dev Unschedules addition if the wallet check is present in the Policy's pending wallet check additions. 
     * @param self A Policy object.
     * @param walletCheck The address of a Wallet Check to remove from the Policy. 
     */
    function _writeWalletCheckRemoval(
        Policy storage self,
        address walletCheck
    ) private
    {
        if (self.walletChecks.pendingAdditionSet.exists(walletCheck)) {
            self.walletChecks.pendingAdditionSet.remove(walletCheck, "PolicyStorage:_writeWalletCheckRemoval");
        } else {
            if (!self.walletChecks.activeSet.exists(walletCheck)) {
                revert Unacceptable({
                    reason: "walletCheck is not in policy"
                });
            }
            if (self.walletChecks.pendingRemovalSet.exists(walletCheck)) {
                revert Unacceptable({
                    reason: "walletCheck removal already scheduled"
                });
            }
            self.walletChecks.pendingRemovalSet.insert(walletCheck, "PolicyStorage:_writeWalletCheckRemoval");
        }
    }

    /**
     * @notice Add a backdoor to a policy.
     * @param self The application state. 
     * @param policyObj A Policy object.
     * @param backdoorId The ID of a backdoor. 
     */
    function writeBackdoorAddition(
        App storage self,
        Policy storage policyObj,
        bytes32 backdoorId
    ) public {
        if (!self.backdoorSet.exists(backdoorId)) {
            revert Unacceptable({
                reason: "unknown backdoor"
            });
        }
        if (policyObj.backdoors.pendingRemovalSet.exists(backdoorId)) {
            policyObj.backdoors.pendingRemovalSet.remove(backdoorId, 
            "PolicyStorage:writeBackdoorAddition");
        } else {
            if (policyObj.backdoors.activeSet.exists(backdoorId)) {
                revert Unacceptable({
                    reason: "backdoor exists in policy"
                });
            }
            if (policyObj.backdoors.pendingAdditionSet.exists(backdoorId)) {
                revert Unacceptable({
                    reason: "backdoor addition already scheduled"
                });
            }
            policyObj.backdoors.pendingAdditionSet.insert(backdoorId, 
            "PolicyStorage:_writeWalletCheckAddition");
            _checkBackdoorConfiguration(policyObj);
        }
    }

    /**
     * @notice Writes a wallet check to a Policy's pending wallet check removals. 
     * @dev Unschedules addition if the wallet check is present in the Policy's pending wallet check additions. 
     * @param self A Policy object.
     * @param backdoorId The address of a Wallet Check to remove from the Policy. 
     */
    function writeBackdoorRemoval(
        Policy storage self,
        bytes32 backdoorId
    ) public
    {
        if (self.backdoors.pendingAdditionSet.exists(backdoorId)) {
            self.backdoors.pendingAdditionSet.remove(backdoorId, 
            "PolicyStorage:writeBackdoorRemoval");
        } else {
            if (!self.backdoors.activeSet.exists(backdoorId)) {
                revert Unacceptable({
                    reason: "backdoor is not in policy"
                });
            }
            if (self.backdoors.pendingRemovalSet.exists(backdoorId)) {
                revert Unacceptable({
                    reason: "backdoor removal already scheduled"
                });
            }
            self.backdoors.pendingRemovalSet.insert(backdoorId, 
            "PolicyStorage:writeBackdoorRemoval");
        }
    }

    /**
     * @notice Checks the net count of backdoors.
     * @dev Current zkVerifier supports only one backdoor per policy.
     * @param self A policy object.
     */
    function _checkBackdoorConfiguration(
        Policy storage self
    ) internal view {
        uint256 activeCount = self.backdoors.activeSet.count();
        uint256 pendingAdditionsCount = self.backdoors.pendingAdditionSet.count();
        uint256 pendingRemovalsCount = self.backdoors.pendingRemovalSet.count();
        if(activeCount + pendingAdditionsCount - pendingRemovalsCount > MAX_BACKDOORS) {
            revert Unacceptable({ reason: "too many backdoors requested" });
        }
    }

    /**********************************************************
     Inspection
     **********************************************************/

    /**
     * @param self Application state.
     * @param policyId The unique identifier of a Policy.
     * @return policyObj Policy object with staged updates processed.
     */
    function policy(App storage self, uint32 policyId)
        public
        returns (Policy storage policyObj)
    {
        policyObj = self.policies[policyId];
        processStaged(policyObj);
    }

}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)

pragma solidity ^0.8.0;

/**
 * @dev Standard signed math utilities missing in the Solidity language.
 */
library SignedMath {
    /**
     * @dev Returns the largest of two signed numbers.
     */
    function max(int256 a, int256 b) internal pure returns (int256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two signed numbers.
     */
    function min(int256 a, int256 b) internal pure returns (int256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two signed numbers without overflow.
     * The result is rounded towards zero.
     */
    function average(int256 a, int256 b) internal pure returns (int256) {
        // Formula from the book "Hacker's Delight"
        int256 x = (a & b) + ((a ^ b) >> 1);
        return x + (int256(uint256(x) >> 255) & (a ^ b));
    }

    /**
     * @dev Returns the absolute unsigned value of a signed value.
     */
    function abs(int256 n) internal pure returns (uint256) {
        unchecked {
            // must be unchecked in order to support `n = type(int256).min`
            return uint256(n >= 0 ? n : -n);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)

pragma solidity ^0.8.0;

import "./math/Math.sol";
import "./math/SignedMath.sol";

/**
 * @dev String operations.
 */
library Strings {
    bytes16 private constant _SYMBOLS = "0123456789abcdef";
    uint8 private constant _ADDRESS_LENGTH = 20;

    /**
     * @dev Converts a `uint256` to its ASCII `string` decimal representation.
     */
    function toString(uint256 value) internal pure returns (string memory) {
        unchecked {
            uint256 length = Math.log10(value) + 1;
            string memory buffer = new string(length);
            uint256 ptr;
            /// @solidity memory-safe-assembly
            assembly {
                ptr := add(buffer, add(32, length))
            }
            while (true) {
                ptr--;
                /// @solidity memory-safe-assembly
                assembly {
                    mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
                }
                value /= 10;
                if (value == 0) break;
            }
            return buffer;
        }
    }

    /**
     * @dev Converts a `int256` to its ASCII `string` decimal representation.
     */
    function toString(int256 value) internal pure returns (string memory) {
        return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMath.abs(value))));
    }

    /**
     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
     */
    function toHexString(uint256 value) internal pure returns (string memory) {
        unchecked {
            return toHexString(value, Math.log256(value) + 1);
        }
    }

    /**
     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
     */
    function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
        bytes memory buffer = new bytes(2 * length + 2);
        buffer[0] = "0";
        buffer[1] = "x";
        for (uint256 i = 2 * length + 1; i > 1; --i) {
            buffer[i] = _SYMBOLS[value & 0xf];
            value >>= 4;
        }
        require(value == 0, "Strings: hex length insufficient");
        return string(buffer);
    }

    /**
     * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
     */
    function toHexString(address addr) internal pure returns (string memory) {
        return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
    }

    /**
     * @dev Returns true if the two strings are equal.
     */
    function equal(string memory a, string memory b) internal pure returns (bool) {
        return keccak256(bytes(a)) == keccak256(bytes(b));
    }
}

{
  "compilationTarget": {
    "contracts/credentialUpdater/KeyringZkCredentialUpdater.sol": "KeyringZkCredentialUpdater"
  },
  "evmVersion": "london",
  "libraries": {},
  "metadata": {
    "bytecodeHash": "none",
    "useLiteralContent": true
  },
  "optimizer": {
    "enabled": true,
    "runs": 200
  },
  "remappings": []
}