Add ERC7579 Executors

[ernestognw]

Smaller version of #5888 for executor modules

PR Checklist

• Tests
• Documentation
• Changeset entry (run npx changeset add)

Summary by Sourcery

Introduce two new ERC-7579 executor modules for smart accounts: a basic executor for immediate calls and an advanced delayed executor that supports scheduling, delay periods, expiration windows, and cancellation of operations per the ERC-7579 specification.

New Features:

• Add ERC7579Executor module enabling accounts to execute arbitrary operations.
• Add ERC7579DelayedExecutor module providing scheduling, time-delayed execution, expiration, and cancellation of operations.

Enhancements:

• Extend the operation state enum to cover Unknown, Scheduled, Ready, Expired, Executed, and Canceled states.

Documentation:

• Document the delayed executor module’s lifecycle, delay management, and authorization in README.
• Add README comments and examples for onInstall, onUninstall, and scheduling methods.

Tests:

• Add comprehensive unit tests for executor and delayed executor modules, covering installation, execution, state transitions, delay/expiration updates, and cancellation.
• Provide mock contracts and shared behavior tests for module type validation.

Chores:

• Add changeset entries for the new executor modules.

Summary by CodeRabbit

• New Features

  • Added ERC7579Executor for executing calls from installed accounts.
  • Added ERC7579DelayedExecutor enabling scheduled, delayed execution with expiration, cancellation, state queries, and configuration of per-account delay/expiration.

• Documentation

  • Updated account docs with a new Executors section covering ERC7579Executor and ERC7579DelayedExecutor.

• Tests

  • Introduced comprehensive test suites for both executors and shared ERC7579 module behaviors; added an operation-state helper.

• Chores

  • Bumped OpenZeppelin Solidity to a new minor version and added corresponding changesets.

[changeset-bot]

🦋 Changeset detected

Latest commit: 59870af

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
openzeppelin-solidity	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[sourcery-ai]

Reviewer's Guide

This PR introduces two new ERC-7579 executor modules: a basic immediate executor and an advanced delayed executor with configurable scheduling, expiration, and cancellation. The delayed executor tracks operations in a Schedule struct, enforces time-based state transitions via a state bitmap, and provides account-specific delay/expiration settings. Comprehensive tests, mocks, and changesets are included to cover installation, scheduling, execution, expiration, and cancellation workflows.

Sequence diagram for operation cancellation in ERC7579DelayedExecutor

sequenceDiagram
    participant Account
    participant ERC7579DelayedExecutor
    Account->>ERC7579DelayedExecutor: cancel(account, salt, mode, data)
    ERC7579DelayedExecutor->>ERC7579DelayedExecutor: _validateCancel(account, salt, mode, data)
    ERC7579DelayedExecutor->>ERC7579DelayedExecutor: _cancel(account, mode, data, salt)
    Note over ERC7579DelayedExecutor: Operation marked as Canceled

Loading

Class diagram for ERC7579Executor and ERC7579DelayedExecutor modules

classDiagram
    class ERC7579Executor {
        +execute(account, salt, mode, data)
        +isModuleType(moduleTypeId)
        #_validateExecution(account, salt, mode, data)
        #_execute(account, mode, salt, executionCalldata)
        <<abstract>>
    }
    class ERC7579DelayedExecutor {
        +schedule(account, salt, mode, data)
        +cancel(account, salt, mode, data)
        +setDelay(newDelay)
        +setExpiration(newExpiration)
        +onInstall(initData)
        +onUninstall(data)
        +state(account, salt, mode, executionCalldata)
        +getDelay(account)
        +getExpiration(account)
        +getSchedule(account, salt, mode, executionCalldata)
        +hashOperation(account, salt, mode, executionCalldata)
        #_validateSchedule(account, salt, mode, data)
        #_validateCancel(account, salt, mode, data)
        #_scheduleAt(account, salt, mode, executionCalldata, timepoint, delay)
        #_setDelay(account, newDelay, minimumSetback)
        #_setExpiration(account, newExpiration)
        #_execute(account, salt, mode, executionCalldata)
        #_cancel(account, mode, executionCalldata, salt)
        #_validateStateBitmap(operationId, allowedStates)
        #_encodeStateBitmap(operationState)
        <<abstract>>
        Schedule
        ExecutionConfig
        OperationState
    }
    ERC7579DelayedExecutor --|> ERC7579Executor
    class Schedule {
        uint48 scheduledAt
        uint32 executableAfter
        uint32 expiresAfter
        bool executed
        bool canceled
    }
    class ExecutionConfig {
        Time.Delay delay
        uint32 expiration
        bool installed
    }
    class OperationState {
        Unknown
        Scheduled
        Ready
        Expired
        Executed
        Canceled
    }
    ERC7579DelayedExecutor o-- Schedule
    ERC7579DelayedExecutor o-- ExecutionConfig
    ERC7579DelayedExecutor o-- OperationState

Loading

File-Level Changes

Change	Details	Files
Add basic ERC7579Executor module	Define execute entrypoint with abstract _validateExecution hook Emit ERC7579ExecutorOperationExecuted and call executeFromExecutor on accounts Implement _execute logic and module type check	contracts/account/modules/ERC7579Executor.sol
Implement ERC7579DelayedExecutor with scheduling and expiration	Define Schedule and ExecutionConfig structs with delay and expiration fields Add state() function computing Unknown/Scheduled/Ready/Expired/Executed/Canceled Implement scheduling (_scheduleAt), execution (_execute override), cancellation (_cancel), and state validation Provide onInstall/onUninstall, setDelay/setExpiration, and internal _setDelay/_setExpiration logic Encode state as bitmap for permission checks	contracts/account/modules/ERC7579DelayedExecutor.sol
Add executor module tests	Write ERC7579Executor tests for execute flow and module behavior Write ERC7579DelayedExecutor tests covering installation, state transitions, delay updates, and cancellation	test/account/modules/ERC7579Executor.test.js test/account/modules/ERC7579DelayedExecutor.test.js
Provide mocks and test utilities	Extend test enums to include ERC7579OperationState Add mocks ERC7579ExecutorMock and ERC7579DelayedExecutorMock with override hooks Add shared ERC7579Module.behavior tests for installation/uninstallation and module type	test/helpers/enums.js contracts/mocks/account/modules/ERC7579ExecutorMocks.sol test/account/modules/ERC7579Module.behavior.js
Add changeset entries for executor modules	Include minor bump entries for 'openzeppelin-solidity' in two changeset files	.changeset/free-waves-draw.md .changeset/weak-chefs-open.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Walkthrough

Adds two new executor modules for ERC-7579 accounts: a base ERC7579Executor and an extended ERC7579DelayedExecutor with scheduling, delay, and expiration. Introduces corresponding mocks, tests, and documentation. Updates changesets for a minor release. No modifications to existing contracts; all additions are new files and docs.

Changes

Cohort / File(s)	Summary of changes
Release metadata .changeset/free-waves-draw.md, .changeset/weak-chefs-open.md	Adds changeset entries for a minor release; announces new public modules ERC7579Executor and ERC7579DelayedExecutor.
Executor base module contracts/account/modules/ERC7579Executor.sol	Introduces abstract ERC7579Executor with execute pathway, event emission, module type detection, and validation/execute hooks.
Delayed executor module contracts/account/modules/ERC7579DelayedExecutor.sol	Adds abstract ERC7579DelayedExecutor extending the base executor with delayed scheduling, expiration, state machine, events, errors, config getters/setters, and lifecycle hooks.
Mocks contracts/mocks/account/modules/ERC7579ExecutorMocks.sol	Adds ERC7579ExecutorMock (no-op install/uninstall, passthrough validate) and ERC7579DelayedExecutorMock (account-only schedule/cancel checks).
Docs contracts/account/README.adoc	Updates README to list ERC7579Executor and ERC7579DelayedExecutor under Modules → Executors.
Executor tests test/account/modules/ERC7579Executor.test.js, test/account/modules/ERC7579Module.behavior.js	Adds executor integration test and shared ERC7579 module behavior tests.
Delayed executor tests test/account/modules/ERC7579DelayedExecutor.test.js	Adds comprehensive lifecycle tests for scheduling, execution, expiration, and cancellation with events and state assertions.
Test helpers test/helpers/enums.js	Exports ERC7579OperationState enum for tests.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Caller
  participant Exec as ERC7579Executor
  participant Account as IERC7579Execution (Account)

  Caller->>Exec: execute(account, salt, mode, data)
  activate Exec
  Exec->>Exec: _validateExecution(...)\n(return executionCalldata)
  Exec->>Account: executeFromExecutor(mode, executionCalldata)
  activate Account
  Account-->>Exec: return bytes[]
  deactivate Account
  Exec-->>Caller: return bytes[]
  deactivate Exec
  Note over Exec: Emits ERC7579ExecutorOperationExecuted

Loading

sequenceDiagram
  autonumber
  actor Account
  participant DExec as ERC7579DelayedExecutor
  participant Time as Blockchain Time
  participant Target as IERC7579Execution (Account)

  Account->>DExec: onInstall(initData)\n(set delay/expiration)
  Note over DExec: Emits Delay/Expiration Updated

  Account->>DExec: schedule(account, salt, mode, data)
  Note over DExec: State: Unknown → Scheduled\nEmits OperationScheduled

  Time-->>DExec: advance past delay
  alt before expiration
    Account->>DExec: execute(account, salt, mode, data)
    DExec->>DExec: validate state (Ready)
    DExec->>Target: executeFromExecutor(mode, calldata)
    Note over DExec: State: Scheduled/Ready → Executed
  else after expiration
    Account->>DExec: execute(...)
    DExec-->>Account: revert UnexpectedOperationState\n(State = Expired)
  end

  opt cancellation path
    Account->>DExec: cancel(account, salt, mode, data)
    Note over DExec: State: Scheduled/Ready → Canceled\nEmits OperationCanceled
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Poem

I hop through bytes with punctual cheer,
New executors springing near—
One runs now, one waits in line,
Ticking clocks in EVM time.
Delays and calls, all neatly queued—
A rabbit approves: deploy! Test! Conclude. 🐇✨

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• The _execute override in ERC7579DelayedExecutor has swapped salt and mode parameters compared to the base implementation, causing the super call to receive them in the wrong order—please align the parameter order to match the parent signature.
• The _scheduleAt function returns an uninitialized Schedule memory schedule_ that is never used—consider removing this unused return value or properly populating it if needed.
• The minSetback comment “Up to ~136 years” is confusing since the function returns a constant 5 days; please clarify or correct the remark to avoid misunderstandings.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- The `_execute` override in ERC7579DelayedExecutor has swapped `salt` and `mode` parameters compared to the base implementation, causing the super call to receive them in the wrong order—please align the parameter order to match the parent signature.
- The `_scheduleAt` function returns an uninitialized `Schedule memory schedule_` that is never used—consider removing this unused return value or properly populating it if needed.
- The `minSetback` comment “Up to ~136 years” is confusing since the function returns a constant 5 days; please clarify or correct the remark to avoid misunderstandings.

## Individual Comments

### Comment 1
<location> `contracts/account/modules/ERC7579DelayedExecutor.sol:199` </location>
<code_context>
+     * * The account (i.e `msg.sender`) must implement the {IERC7579ModuleConfig} interface.
+     * * `initData` must be empty or decode correctly to `(uint32, uint32)`.
+     */
+    function onInstall(bytes calldata initData) public virtual {
+        if (!_config[msg.sender].installed) {
+            _config[msg.sender].installed = true;
+            (uint32 initialDelay, uint32 initialExpiration) = initData.length > 0
+                ? abi.decode(initData, (uint32, uint32))
+                : (minSetback(), defaultExpiration());
+            // An old delay might be still present
+            // So we set 0 for the minimum setback relying on any old value as the minimum delay
+            _setDelay(msg.sender, initialDelay, 0);
+            _setExpiration(msg.sender, initialExpiration);
+        }
+    }
</code_context>

<issue_to_address>
Potential issue with decoding initData if length is nonzero but not valid.

If initData is non-empty but incorrectly formatted, abi.decode will revert. Consider adding validation or custom error handling to improve robustness.
</issue_to_address>

### Comment 2
<location> `contracts/account/modules/ERC7579DelayedExecutor.sol:244` </location>
<code_context>
+     * @dev Cancels a previously scheduled operation. Can only be called by the account that
+     * scheduled the operation. See {_cancel}.
+     */
+    function cancel(address account, bytes32 salt, bytes32 mode, bytes calldata data) public virtual {
+        _validateCancel(account, salt, mode, data);
+        _cancel(account, mode, data, salt); // Prioritize errors thrown in _cancel
</code_context>

<issue_to_address>
Parameter order in _cancel differs from schedule/execute.

Standardizing the parameter order across these functions will improve consistency and maintainability.

Suggested implementation:

```
        _cancel(account, salt, mode, data); // Prioritize errors thrown in _cancel

```

You must also update the definition of the `_cancel` function and all its internal calls/usages to use the standardized parameter order: `(address account, bytes32 salt, bytes32 mode, bytes calldata data)`. This ensures consistency throughout the codebase.
</issue_to_address>

### Comment 3
<location> `contracts/account/modules/ERC7579DelayedExecutor.sol:352` </location>
<code_context>
+     *
+     * Emits an {ERC7579ExecutorOperationScheduled} event.
+     */
+    function _scheduleAt(
+        address account,
+        bytes32 salt,
+        bytes32 mode,
+        bytes calldata executionCalldata,
+        uint48 timepoint,
+        uint32 delay
+    ) internal virtual returns (bytes32 operationId, Schedule memory schedule_) {
+        bytes32 id = hashOperation(account, salt, mode, executionCalldata);
+        _validateStateBitmap(id, _encodeStateBitmap(OperationState.Unknown));
+
+        _schedules[id].scheduledAt = timepoint;
+        _schedules[id].executableAfter = delay;
+        _schedules[id].expiresAfter = getExpiration(account);
+
+        emit ERC7579ExecutorOperationScheduled(account, id, salt, mode, executionCalldata, timepoint + delay);
+        return (id, schedule_);
+    }
</code_context>

<issue_to_address>
schedule_ is returned but never assigned.

Assign schedule_ to _schedules[id] before returning to ensure the function returns the correct Schedule value.
</issue_to_address>

### Comment 4
<location> `contracts/account/modules/ERC7579Executor.sol:38` </location>
<code_context>
+     * Restricted to the account itself by default. See {_execute} for requirements and
+     * {_validateExecution} for authorization checks.
+     */
+    function execute(
+        address account,
+        bytes32 salt,
+        bytes32 mode,
+        bytes calldata data
+    ) public virtual returns (bytes[] memory returnData) {
+        bytes calldata executionCalldata = _validateExecution(account, salt, mode, data);
+        returnData = _execute(account, mode, salt, executionCalldata); // Prioritize errors thrown in _execute
+        return returnData;
+    }
+
</code_context>

<issue_to_address>
Parameter order in _execute differs from execute.

Standardize the parameter order between execute and _execute to improve consistency and maintainability.

Suggested implementation:

```
    function execute(
        address account,
        bytes32 salt,
        bytes32 mode,
        bytes calldata data
    ) public virtual returns (bytes[] memory returnData) {
        bytes calldata executionCalldata = _validateExecution(account, salt, mode, data);
        returnData = _execute(account, salt, mode, executionCalldata); // Prioritize errors thrown in _execute
        return returnData;
    }

```

```
        returnData = _execute(account, salt, mode, executionCalldata); // Prioritize errors thrown in _execute

```

You must also update the definition of `_execute` and all its usages throughout the codebase to use the standardized parameter order: `(address account, bytes32 salt, bytes32 mode, bytes calldata executionCalldata)`.
</issue_to_address>

### Comment 5
<location> `contracts/mocks/account/modules/ERC7579ExecutorMocks.sol:9` </location>
<code_context>
+import {ERC7579DelayedExecutor} from "../../../account/modules/ERC7579DelayedExecutor.sol";
+
+abstract contract ERC7579ExecutorMock is ERC7579Executor {
+    function onInstall(bytes calldata data) external {}
+
+    function onUninstall(bytes calldata data) external {}
+
+    function _validateExecution(
</code_context>

<issue_to_address>
Empty onInstall and onUninstall implementations may be misleading.

If these are intentionally no-ops for mocks, please add a comment clarifying this to prevent confusion for future maintainers.
</issue_to_address>

<suggested_fix>
<<<<<<< SEARCH
    function onInstall(bytes calldata data) external {}

    function onUninstall(bytes calldata data) external {}
=======
    /// @dev No-op implementation for mocks. Intentionally left empty.
    function onInstall(bytes calldata data) external {}

    /// @dev No-op implementation for mocks. Intentionally left empty.
    function onUninstall(bytes calldata data) external {}
>>>>>>> REPLACE

</suggested_fix>

### Comment 6
<location> `.changeset/weak-chefs-open.md:5` </location>
<code_context>
+'openzeppelin-solidity': minor
+---
+
+`ERC7579Executor`: Add an executor module that enables executing calls from accounts where the it's installed.
</code_context>

<issue_to_address>
Correct the grammatical error in 'where the it's installed'.

Change to 'where it's installed' or 'where the module is installed' for correct grammar.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue: Potential issue with decoding initData if length is nonzero but not valid.

If initData is non-empty but incorrectly formatted, abi.decode will revert. Consider adding validation or custom error handling to improve robustness.

[sourcery-ai]

suggestion: Parameter order in _cancel differs from schedule/execute.

Standardizing the parameter order across these functions will improve consistency and maintainability.

Suggested implementation:

        _cancel(account, salt, mode, data); // Prioritize errors thrown in _cancel

You must also update the definition of the _cancel function and all its internal calls/usages to use the standardized parameter order: (address account, bytes32 salt, bytes32 mode, bytes calldata data). This ensures consistency throughout the codebase.

[sourcery-ai]

issue (bug_risk): schedule_ is returned but never assigned.

Assign schedule_ to _schedules[id] before returning to ensure the function returns the correct Schedule value.

[sourcery-ai]

suggestion: Parameter order in _execute differs from execute.

Standardize the parameter order between execute and _execute to improve consistency and maintainability.

Suggested implementation:

    function execute(
        address account,
        bytes32 salt,
        bytes32 mode,
        bytes calldata data
    ) public virtual returns (bytes[] memory returnData) {
        bytes calldata executionCalldata = _validateExecution(account, salt, mode, data);
        returnData = _execute(account, salt, mode, executionCalldata); // Prioritize errors thrown in _execute
        return returnData;
    }

        returnData = _execute(account, salt, mode, executionCalldata); // Prioritize errors thrown in _execute

You must also update the definition of _execute and all its usages throughout the codebase to use the standardized parameter order: (address account, bytes32 salt, bytes32 mode, bytes calldata executionCalldata).

[sourcery-ai]

suggestion: Empty onInstall and onUninstall implementations may be misleading.

If these are intentionally no-ops for mocks, please add a comment clarifying this to prevent confusion for future maintainers.

Suggested change

	function onInstall(bytes calldata data) external {}
	function onUninstall(bytes calldata data) external {}
	/// @dev No-op implementation for mocks. Intentionally left empty.
	function onInstall(bytes calldata data) external {}
	/// @dev No-op implementation for mocks. Intentionally left empty.
	function onUninstall(bytes calldata data) external {}

[sourcery-ai]

issue (typo): Correct the grammatical error in 'where the it's installed'.

Change to 'where it's installed' or 'where the module is installed' for correct grammar.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (19)

.changeset/weak-chefs-open.md (1)

5-5: Fix grammar in summary line.

Replace “where the it's” with a grammatically correct phrase.

-`ERC7579Executor`: Add an executor module that enables executing calls from accounts where the it's installed.
+`ERC7579Executor`: Add an executor module that enables executing calls from the account where it's installed.

.changeset/free-waves-draw.md (1)

5-5: Tighten wording for clarity.

Minor style improvement; current sentence is redundant.

-`ERC7579DelayedExecutor`: Add executor module that adds a delay before executing an account operation.
+`ERC7579DelayedExecutor`: Add an executor module that delays execution of account operations.

contracts/account/README.adoc (1)

10-11: Fix grammar in module descriptions.

Correct the phrasing in the first bullet; the second is fine but can be tightened if desired.

-* {ERC7579Executor}: An executor module that enables executing calls from accounts where the it's installed.
+* {ERC7579Executor}: An executor module that enables executing calls from the account where it's installed.

Optional:

-* {ERC7579DelayedExecutor}: An executor module that adds a delay before executing an account operation.
+* {ERC7579DelayedExecutor}: An executor module that delays execution of account operations.

test/account/modules/ERC7579Executor.test.js (2)

18-21: Fix comment: this deploys an executor, not a validator.

Keep comments accurate to avoid confusion with validator modules.

-  // Deploy ERC-7579 validator module
+  // Deploy ERC-7579 executor module

---

40-44: Use bigint literal for uint256 value.

Prefer 0n to match the encodeSingle signature and avoid BigNumberish coercion edge cases.

-  const calldata = encodeSingle(target, 0, data);
+  const calldata = encodeSingle(target, 0n, data);

contracts/mocks/account/modules/ERC7579ExecutorMocks.sol (2)

9-12: Silence unused-parameter warnings in no-op hooks.

Mark these as pure and drop param names to avoid warnings and tighten intent.

-    function onInstall(bytes calldata data) external {}
+    function onInstall(bytes calldata) external pure {}
@@
-    function onUninstall(bytes calldata data) external {}
+    function onUninstall(bytes calldata) external pure {}

---

24-30: Add explicit revert reason or custom error for clearer failures.

Bare require makes debugging test failures harder. Add a short reason.

-    function _validateSchedule(address account, bytes32, bytes32, bytes calldata) internal view override {
-        require(msg.sender == account);
-    }
+    function _validateSchedule(address account, bytes32, bytes32, bytes calldata) internal view override {
+        require(msg.sender == account, "ERC7579DelayedExecutorMock: only account");
+    }
@@
-    function _validateCancel(address account, bytes32, bytes32, bytes calldata) internal view override {
-        require(msg.sender == account);
-    }
+    function _validateCancel(address account, bytes32, bytes32, bytes calldata) internal view override {
+        require(msg.sender == account, "ERC7579DelayedExecutorMock: only account");
+    }

test/account/modules/ERC7579Module.behavior.js (3)

7-10: Avoid eventually for simple view returns; await the call directly.

Hardhat tests in this repo typically use awaited values; this also avoids reliance on chai-as-promised.

-      await expect(this.mock.isModuleType(this.moduleType)).to.eventually.be.true;
-      await expect(this.mock.isModuleType(999)).to.eventually.be.false; // Using random unassigned module type
+      expect(await this.mock.isModuleType(this.moduleType)).to.equal(true);
+      expect(await this.mock.isModuleType(999)).to.equal(false); // Using random unassigned module type

---

47-54: Consistently call from the account wrapper; drop eventually.

Keep caller consistent between valid/invalid branches and avoid eventually.

-        await expect(this.mockFromAccount.isValidSignatureWithSender(this.other, hash, signature)).to.eventually.equal(
-          MAGIC_VALUE,
-        );
+        expect(
+          await this.mockFromAccount.isValidSignatureWithSender(this.other, hash, signature)
+        ).to.equal(MAGIC_VALUE);

---

56-62: Use the same contract instance as above (mockFromAccount) and avoid eventually.

Minor consistency fix.

-        const signature = this.invalidSignature || '0x00';
-        await expect(this.mock.isValidSignatureWithSender(this.other, hash, signature)).to.eventually.equal(
-          INVALID_VALUE,
-        );
+        const signature = this.invalidSignature || '0x00';
+        expect(
+          await this.mockFromAccount.isValidSignatureWithSender(this.other, hash, signature)
+        ).to.equal(INVALID_VALUE);

test/account/modules/ERC7579DelayedExecutor.test.js (4)

77-94: Add assertion for OperationExecuted event to catch parameter-order regressions.

Validates we emit with the right (account, salt, mode, calldata).

-    await this.mock.execute(this.mockAccount.address, salt, this.mode, this.calldata);
+    await expect(
+      this.mock.execute(this.mockAccount.address, salt, this.mode, this.calldata)
+    )
+      .to.emit(this.mock, 'ERC7579ExecutorOperationExecuted')
+      .withArgs(this.mockAccount.address, salt, this.mode, this.calldata);

---

247-255: Also assert OperationExecuted during execution path (any caller).

-      await expect(this.mock.execute(this.mockAccount.address, salt, this.mode, this.calldata))
+      await expect(this.mock.execute(this.mockAccount.address, salt, this.mode, this.calldata))
         .to.emit(this.target, 'MockFunctionCalledWithArgs')
         .withArgs(...this.args);
+      await expect(this.mock.execute(this.mockAccount.address, salt, this.mode, this.calldata))
+        .to.be.revertedWithCustomError(this.mock, 'ERC7579ExecutorUnexpectedOperationState');

---

257-265: Mirror the event assertion for account-caller path.

-      await expect(this.mockFromAccount.execute(this.mockAccount.address, salt, this.mode, this.calldata))
+      await expect(this.mockFromAccount.execute(this.mockAccount.address, salt, this.mode, this.calldata))
         .to.emit(this.target, 'MockFunctionCalledWithArgs')
         .withArgs(...this.args);

---

134-149: Minor wording: test title typo.

“schedule delay unset and unsets expiration on uninstallation” → “schedules delay reset and unsets expiration on uninstallation”.

contracts/account/modules/ERC7579Executor.sol (2)

33-47: Doc says “Restricted to the account itself by default” but code does not enforce it.

Clarify that access control is left to _validateExecution and/or the account’s executeFromExecutor.

-     * @dev Executes an operation and returns the result data from the executed operation.
-     * Restricted to the account itself by default. See {_execute} for requirements and
-     * {_validateExecution} for authorization checks.
+     * @dev Executes an operation and returns the result data from the executed operation.
+     * Access control is delegated to {_validateExecution} and/or the account’s
+     * {IERC7579Execution-executeFromExecutor} implementation.

---

84-92: Parameter order increases footguns across overrides. Consider aligning with public execute(account, salt, mode, …).

Not a blocker for this PR, but reordering to (account, salt, mode, executionCalldata) would reduce mistakes in derived contracts.

contracts/account/modules/ERC7579DelayedExecutor.sol (3)

170-177: hashOperation can be pure.

No state read; makes intent explicit and can slightly reduce gas.

-    function hashOperation(
+    function hashOperation(
         address account,
         bytes32 salt,
         bytes32 mode,
         bytes calldata executionCalldata
-    ) public view virtual returns (bytes32) {
+    ) public pure virtual returns (bytes32) {
         return keccak256(abi.encode(account, salt, mode, executionCalldata));
     }

---

352-369: Remove unused Schedule return to simplify API.

The second return value is never populated/used; trimming avoids confusion.

-    function _scheduleAt(
+    function _scheduleAt(
         address account,
         bytes32 salt,
         bytes32 mode,
         bytes calldata executionCalldata,
         uint48 timepoint,
         uint32 delay
-    ) internal virtual returns (bytes32 operationId, Schedule memory schedule_) {
+    ) internal virtual returns (bytes32 operationId) {
         bytes32 id = hashOperation(account, salt, mode, executionCalldata);
         _validateStateBitmap(id, _encodeStateBitmap(OperationState.Unknown));
 
         _schedules[id].scheduledAt = timepoint;
         _schedules[id].executableAfter = delay;
         _schedules[id].expiresAfter = getExpiration(account);
 
         emit ERC7579ExecutorOperationScheduled(account, id, salt, mode, executionCalldata, timepoint + delay);
-        return (id, schedule_);
+        return id;
     }

---

235-238: Name nit: executableAfter local reads the configured “delay”.

Minor: consider renaming the local to delay for clarity.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 53bb340 and 59870af.

📒 Files selected for processing (10)

• .changeset/free-waves-draw.md (1 hunks)
• .changeset/weak-chefs-open.md (1 hunks)
• contracts/account/README.adoc (2 hunks)
• contracts/account/modules/ERC7579DelayedExecutor.sol (1 hunks)
• contracts/account/modules/ERC7579Executor.sol (1 hunks)
• contracts/mocks/account/modules/ERC7579ExecutorMocks.sol (1 hunks)
• test/account/modules/ERC7579DelayedExecutor.test.js (1 hunks)
• test/account/modules/ERC7579Executor.test.js (1 hunks)
• test/account/modules/ERC7579Module.behavior.js (1 hunks)
• test/helpers/enums.js (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (3)

test/account/modules/ERC7579Executor.test.js (2)

test/helpers/account.js (1)

• impersonate (7-10)

test/helpers/erc7579.js (5)

• MODULE_TYPE_EXECUTOR (4-4)
• encodeSingle (26-27)
• encodeMode (15-24)
• CALL_TYPE_CALL (11-11)
• EXEC_TYPE_DEFAULT (8-8)

test/account/modules/ERC7579Module.behavior.js (1)

test/helpers/erc4337.js (1)

• SIG_VALIDATION_FAILURE (4-4)

test/account/modules/ERC7579DelayedExecutor.test.js (2)

test/helpers/account.js (1)

• impersonate (7-10)

test/helpers/erc7579.js (5)

• MODULE_TYPE_EXECUTOR (4-4)
• encodeSingle (26-27)
• encodeMode (15-24)
• CALL_TYPE_CALL (11-11)
• EXEC_TYPE_DEFAULT (8-8)

🪛 LanguageTool

.changeset/weak-chefs-open.md

[grammar] ~5-~5: There might be a mistake here.
Context: ... from accounts where the it's installed.

(QB_NEW_EN)

.changeset/free-waves-draw.md

[grammar] ~5-~5: There might be a mistake here.
Context: ...': minor --- ERC7579DelayedExecutor: Add executor module that adds a delay befor...

(QB_NEW_EN)

---

[grammar] ~5-~5: There might be a mistake here.
Context: ...y before executing an account operation.

(QB_NEW_EN)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: slither
• GitHub Check: tests-foundry
• GitHub Check: coverage
• GitHub Check: tests-upgradeable
• GitHub Check: tests
• GitHub Check: halmos

🔇 Additional comments (5)

.changeset/weak-chefs-open.md (1)

2-2: No action needed – changeset key matches package.json name
The package.json name field is “openzeppelin-solidity” and all changesets target 'openzeppelin-solidity', so the original concern is outdated.

.changeset/free-waves-draw.md (1)

2-2: No changes needed—package name in changeset is correct

The changeset key 'openzeppelin-solidity' exactly matches the name field in package.json, so no updates are required.

test/helpers/enums.js (1)

14-15: ✅ ERC7579OperationState enum matches Solidity definition

The JS enum in test/helpers/enums.js exactly mirrors the Solidity enum OperationState in contracts/account/modules/ERC7579DelayedExecutor.sol (both define Unknown, Scheduled, Ready, Expired, Executed, Canceled in the same order). No further changes are needed.

contracts/mocks/account/modules/ERC7579ExecutorMocks.sol (1)

13-20: LGTM: pass-through validation for tests.

Returning calldata verbatim is appropriate for the mock.

test/account/modules/ERC7579DelayedExecutor.test.js (1)

200-226: Ignore missing _scheduleAt wrapper check
The external schedule(...) function in ERC7579DelayedExecutor.sol (line 233) invokes the internal _scheduleAt method (line 237), so tests calling schedule already exercise _scheduleAt. No separate public wrapper for _scheduleAt is required and the existing tests will not fail at runtime.

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue

Use custom error style instead of require(..., CustomError()) (won’t compile).

Switch to explicit revert with the custom error.

-    function schedule(address account, bytes32 salt, bytes32 mode, bytes calldata data) public virtual {
-        require(_config[account].installed, ERC7579ExecutorModuleNotInstalled());
+    function schedule(address account, bytes32 salt, bytes32 mode, bytes calldata data) public virtual {
+        if (!_config[account].installed) revert ERC7579ExecutorModuleNotInstalled();
         _validateSchedule(account, salt, mode, data);
         (uint32 executableAfter, , ) = getDelay(account);
         _scheduleAt(account, salt, mode, data, Time.timestamp(), executableAfter);
     }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	function schedule(address account, bytes32 salt, bytes32 mode, bytes calldata data) public virtual {
	require(_config[account].installed, ERC7579ExecutorModuleNotInstalled());
	_validateSchedule(account, salt, mode, data);
	(uint32 executableAfter, , ) = getDelay(account);
	_scheduleAt(account, salt, mode, data, Time.timestamp(), executableAfter);
	}
	function schedule(address account, bytes32 salt, bytes32 mode, bytes calldata data) public virtual {
	if (!_config[account].installed) revert ERC7579ExecutorModuleNotInstalled();
	_validateSchedule(account, salt, mode, data);
	(uint32 executableAfter, , ) = getDelay(account);
	_scheduleAt(account, salt, mode, data, Time.timestamp(), executableAfter);
	}

🤖 Prompt for AI Agents

In contracts/account/modules/ERC7579DelayedExecutor.sol around lines 233 to 238,
the require call using a custom error (require(_config[account].installed,
ERC7579ExecutorModuleNotInstalled());) is invalid; replace it with an explicit
revert: check the condition and if false revert
ERC7579ExecutorModuleNotInstalled(); keeping the rest of the function logic
intact so _validateSchedule and subsequent calls execute only when installed is
true.

[coderabbitai]

⚠️ Potential issue

Parameter-order mismatch in _execute override breaks scheduling/execution IDs and emitted events.

The override flips salt and mode. This will cause false UnexpectedOperationState reverts and wrong event fields. Align with the base signature (account, mode, salt, executionCalldata).

-    function _execute(
-        address account,
-        bytes32 salt,
-        bytes32 mode,
-        bytes calldata executionCalldata
-    ) internal virtual override returns (bytes[] memory returnData) {
-        bytes32 id = hashOperation(account, salt, mode, executionCalldata);
-        _validateStateBitmap(id, _encodeStateBitmap(OperationState.Ready));
-
-        _schedules[id].executed = true;
-
-        return super._execute(account, salt, mode, executionCalldata);
-    }
+    function _execute(
+        address account,
+        bytes32 mode,
+        bytes32 salt,
+        bytes calldata executionCalldata
+    ) internal virtual override returns (bytes[] memory returnData) {
+        bytes32 id = hashOperation(account, salt, mode, executionCalldata);
+        _validateStateBitmap(id, _encodeStateBitmap(OperationState.Ready));
+        _schedules[id].executed = true;
+        return super._execute(account, mode, salt, executionCalldata);
+    }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	function _execute(
	address account,
	bytes32 salt,
	bytes32 mode,
	bytes calldata executionCalldata
	) internal virtual override returns (bytes[] memory returnData) {
	bytes32 id = hashOperation(account, salt, mode, executionCalldata);
	_validateStateBitmap(id, _encodeStateBitmap(OperationState.Ready));
	_schedules[id].executed = true;
	return super._execute(account, salt, mode, executionCalldata);
	}
	function _execute(
	address account,
	bytes32 mode,
	bytes32 salt,
	bytes calldata executionCalldata
	) internal virtual override returns (bytes[] memory returnData) {
	bytes32 id = hashOperation(account, salt, mode, executionCalldata);
	_validateStateBitmap(id, _encodeStateBitmap(OperationState.Ready));
	_schedules[id].executed = true;
	return super._execute(account, mode, salt, executionCalldata);
	}

🤖 Prompt for AI Agents

In contracts/account/modules/ERC7579DelayedExecutor.sol around lines 378 to 390,
the overridden _execute flips the order of `salt` and `mode`, causing wrong
operation IDs and events; change the function signature to match the base
signature (account, mode, salt, executionCalldata), update all uses inside
(_hashOperation/validateStateBitmap/_schedules keying and the super._execute
call) to use the corrected parameter order so the computed id, state checks,
schedule flagging, and emitted event fields align with the base implementation.

[coderabbitai]

⚠️ Potential issue

Custom error with require is invalid; revert explicitly.

Fixes a hard compile error and preserves the rich error data.

-        require(
-            _encodeStateBitmap(currentState) & allowedStates != bytes32(0),
-            ERC7579ExecutorUnexpectedOperationState(operationId, currentState, allowedStates)
-        );
+        if (_encodeStateBitmap(currentState) & allowedStates == bytes32(0)) {
+            revert ERC7579ExecutorUnexpectedOperationState(operationId, currentState, allowedStates);
+        }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	function _validateStateBitmap(bytes32 operationId, bytes32 allowedStates) internal view returns (OperationState) {
	OperationState currentState = state(operationId);
	require(
	_encodeStateBitmap(currentState) & allowedStates != bytes32(0),
	ERC7579ExecutorUnexpectedOperationState(operationId, currentState, allowedStates)
	);
	return currentState;
	function _validateStateBitmap(bytes32 operationId, bytes32 allowedStates) internal view returns (OperationState) {
	OperationState currentState = state(operationId);
	if (_encodeStateBitmap(currentState) & allowedStates == bytes32(0)) {
	revert ERC7579ExecutorUnexpectedOperationState(operationId, currentState, allowedStates);
	}
	return currentState;
	}

🤖 Prompt for AI Agents

In contracts/account/modules/ERC7579DelayedExecutor.sol around lines 417 to 423,
the use of a custom error as the third argument to require is invalid; replace
the require(...) call with an explicit if-check that reverts using the custom
error (e.g., if ((_encodeStateBitmap(currentState) & allowedStates) ==
bytes32(0)) revert ERC7579ExecutorUnexpectedOperationState(operationId,
currentState, allowedStates);) so the rich error data is preserved and the
contract compiles.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Confirm $_execute parameter order matches the exposed signature.

Depending on the exposed harness, $_execute may take (account, mode, salt, calldata). If so, swap salt and mode.

If needed:

-await expect(this.mockFromAccount.$_execute(this.mockAccount.address, ethers.ZeroHash, this.mode, this.calldata))
+await expect(this.mockFromAccount.$_execute(this.mockAccount.address, this.mode, ethers.ZeroHash, this.calldata))

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# Inspect the exposed function signature
rg -nP "(function\\s+\\$?_execute\\s*\\(|\\$?_execute\\()"
rg -nP "_execute\\s*\\(" contracts/account/modules/ERC7579Executor.sol -n -C2 || true

Length of output: 72

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# List available Solidity files in the module directory
find contracts/account/modules -maxdepth 1 -type f -name '*.sol'

# Search for the _execute function declaration with and without the dollar prefix
rg -nP 'function\s+\$?_execute\s*\(' -g 'contracts/account/modules/ERC7579Executor.sol' -n -C3 || true
rg -nP 'function\s+_execute\s*\(' -g 'contracts/account/modules/ERC7579Executor.sol' -n -C3 || true

Length of output: 1456

---

Swap mode and salt arguments in the test to match _execute signature

The _execute function in contracts/account/modules/ERC7579Executor.sol is declared as:

function _execute(
    address account,
    bytes32 mode,
    bytes32 salt,
    bytes calldata data
) …

(lines 84–87) – it expects mode as the second argument and salt as the third. The test currently passes them in the opposite order, which will cause the emitted events check to run against the wrong values.

• File: test/account/modules/ERC7579Executor.test.js
• Lines: 66–70

Required change:

- await expect(this.mockFromAccount.$_execute(
-     this.mockAccount.address,
-     ethers.ZeroHash,   // ← salt
-     this.mode,         // ← mode
-     this.calldata
- ))
+ await expect(this.mockFromAccount.$_execute(
+     this.mockAccount.address,
+     this.mode,         // ← mode
+     ethers.ZeroHash,   // ← salt
+     this.calldata
+ ))
     .to.emit(this.mock, 'ERC7579ExecutorOperationExecuted')
     .to.emit(this.target, 'MockFunctionCalledWithArgs')
     .withArgs(...this.args);

Please swap the mode and salt parameters so the test aligns with the on-chain signature.

🤖 Prompt for AI Agents

In test/account/modules/ERC7579Executor.test.js around lines 66 to 70 the test
calls this.mockFromAccount.$_execute(this.mockAccount.address, ethers.ZeroHash,
this.mode, this.calldata) but the contract signature expects (address account,
bytes32 mode, bytes32 salt, bytes calldata data); swap the second and third
arguments so you pass mode then salt (i.e., this.mode then ethers.ZeroHash) to
align the test with the on-chain `_execute` signature and ensure the emitted
events/assertions check the correct values.