feat: Propose project structure with access control core module

[PersonaNormale]

Access Control Infrastructure Implementation

Overview

This PR establishes the initial project structure and implements phantom type-based role management as the first module for Aptos MoveKit. The implementation provides a foundation for secure access control patterns that other modules can build upon.

Changes Included

Project Structure

• Modular architecture with separation between admin registry and role management
• CI/CD pipeline configuration for formatting, testing, and linting

Access Control Module

• Core role management using phantom types for compile-time safety
• Two-step admin transfer mechanism to prevent accidental privilege loss
• Event emission for audit trails and off-chain monitoring
• Graceful error handling with descriptive error codes

Admin Registry System

• Secure admin transfer with proposal/acceptance pattern
• Protection against self-transfers and unauthorized operations
• Pending transfer cancellation functionality
• State consistency between admin registry and role assignments

Technical Implementation

Architecture

• RoleRegistry: Maps addresses to roles using Table<address, OrderedMap<TypeInfo, bool>>
• AdminRegistry: Manages current and pending admin states with Option<address>
• Admin phantom type: Reserved role managed exclusively through transfer mechanism

Key Features

• Phantom types provide compile-time role validation
• Idempotent operations handle duplicate role assignments safely
• Automatic cleanup of empty role mappings for storage efficiency
• Atomic admin transfers maintain system consistency

API Surface

Public Functions

• has_role<T>(addr): bool - Check role assignment
• get_current_admin(): address - Retrieve current admin
• require_role<T>(account: &signer) - Assert role requirement
• get_roles(addr): vector<TypeInfo> - List assigned roles
• get_role_count(addr): u64 - Count role assignments

Package Functions

• grant_role<T>(admin: &signer, target: address) - Role assignment
• revoke_role<T>(admin: &signer, target: address) - Role removal
• transfer_admin(admin: &signer, new_admin: address) - Initiate admin transfer
• accept_pending_admin(new_admin: &signer) - Complete admin transfer

Usage Example

use movekit::access_control_core;

struct Treasurer has copy, drop {}

public entry fun withdraw(account: &signer, amount: u64) {
    access_control_core::require_role<Treasurer>(account);
    // withdrawal logic
}

Testing

The implementation includes test coverage for:

• Normal role management operations
• Admin transfer workflows
• Error conditions and edge cases
• Security boundary validation
• State consistency verification

Design Rationale

• Phantom types: Leverages Move's type system for zero-cost role validation
• Two-step transfers: Reduces risk of accidental admin key loss
• Modular design: Separates concerns for maintainability and reusability
• Event-driven: Enables off-chain monitoring and audit capabilities

Future Considerations

• Role hierarchies and inheritance patterns
• Time-based permission expiration

I’d appreciate your eyes on both the security assumptions and the Move on Aptos style, please flag anything unclear or fragile so we can tighten it up before merge.