Add allowlist

[andrew-fleming]

Resolves #607

The original idea was to consolidate allowlist with blocklist (similar to ERC20Restricted). The reason it was dismissed from this design was because we would not be able to cleanly support using both in a single contract due to compiler limitations. The other idea with consolidation would be to have two different sets: one for allows and one for blocks; however, this forces users who just want one to import ledger state that won't be used. Finally, keeping them as separate modules allows for it be explicit: There shouldn't be any confusion if a contract is using an allow list or a block list

As an aside, it is the author's opinion that these are security primitives; however, there is an argument that this belongs in accesscontrol/

Summary by CodeRabbit

Release Notes

• New Features
  • Introduced allowlist functionality for account-based membership management and access control
  • Provides account validation capabilities and dynamic membership list management
  • Supports membership queries and enforcement mechanisms for access control

[coderabbitai]

Walkthrough

Adds a new Allowlist compact contract module with a Map<Bytes<32>, Boolean> ledger, isAllowed/assertAllowed view circuits, and ungated _allow/_disallow mutators. Includes a MockAllowlist test wrapper, AllowlistSimulator TypeScript class, empty witness stubs, a Vitest test suite, and a changelog entry.

Changes

Allowlist Contract and Test Infrastructure

Layer / File(s)	Summary
Allowlist contract: state, view, and mutator circuits contracts/src/security/Allowlist.compact	Defines the Allowlist module with _allowed: Map<Bytes<32>, Boolean>, an isAllowed view circuit, an assertAllowed assertion gate, and two composable ungated mutators _allow and _disallow.
Mock contract, witnesses, and AllowlistSimulator contracts/src/security/test/mocks/MockAllowlist.compact, contracts/src/security/test/witnesses/AllowlistWitnesses.ts, contracts/src/security/test/simulators/AllowlistSimulator.ts	MockAllowlist.compact re-exports Allowlist__allowed and delegates all four circuits to the production module. AllowlistWitnesses provides an empty private state stub. AllowlistSimulator wires createSimulator with the mock and exposes isAllowed, assertAllowed, allow, and disallow via this.circuits.impure.
Vitest test suite and changelog contracts/src/security/test/Allowlist.test.ts, CHANGELOG.md	Defines ALICE/BOB 32-byte identifiers, resets the simulator in beforeEach, and covers default empty state, error message on non-member assertion, allow/disallow semantics, idempotency, no-op disallow, multi-account independence, allow→disallow→allow cycles, and getPublicState().Allowlist__allowed ledger reflection. Changelog entry added.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• 0xisk

Poem

🐇 Hop, hop, who may pass?
Only those on the list, alas!
_allow opens the gate,
_disallow seals their fate,
assertAllowed stands guard with care —
No uninvited bunnies there! 🚫🐾

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add allowlist' is concise and clearly describes the main change: adding allowlist functionality to the codebase.
Linked Issues check	✅ Passed	The PR implements allowlist functionality with per-account permit mechanism as required by issue #607, including a membership ledger, view/gate circuits, and mutator operations.
Out of Scope Changes check	✅ Passed	All changes are directly related to the allowlist implementation: the contract module, tests, simulator, and changelog updates are all within scope of the allowlist feature addition.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}