OpenZeppelin · pasevin · Feb 9, 2026 · Feb 9, 2026 · Feb 9, 2026 · Feb 9, 2026
@@ -0,0 +1,9 @@
+---
+"@openzeppelin/ui-builder-adapter-evm": minor
+---
+
+Add access control service integration and indexer URL configuration
+
+- Implement `getAccessControlService()` with lazy initialization on EvmAdapter
+- Add `accessControlIndexerUrl` endpoints for all EVM mainnet networks (Ethereum, Polygon, Arbitrum, Optimism, Base, Avalanche, BSC, Gnosis, Celo, Scroll, ZKsync, Linea, Blast, Mantle, Mode)
+- Add `accessControlIndexerUrl` endpoints for all EVM testnet networks (Sepolia, Amoy, Arbitrum Sepolia, Optimism Sepolia, Base Sepolia, Fuji, BSC Testnet, Chiado, Alfajores, Scroll Sepolia, ZKsync Sepolia, Linea Sepolia, Blast Sepolia, Mantle Sepolia, Mode Sepolia)
@@ -0,0 +1,13 @@
+---
+"@openzeppelin/ui-builder-adapter-evm-core": minor
+---
+
+Add access control module for EVM-compatible contracts
+
+- Capability detection for Ownable, Ownable2Step, AccessControl, AccessControlEnumerable, and AccessControlDefaultAdminRules patterns via ABI analysis
+- On-chain reads for ownership state, admin state, role assignments, and role enumeration via viem public client
+- Transaction assembly for ownership transfer/accept/renounce, admin transfer/accept/cancel, admin delay change/rollback, and role grant/revoke/renounce as WriteContractParameters
+- GraphQL indexer client for historical event queries with filtering and pagination, role discovery, pending transfer queries, and grant timestamp enrichment
+- Input validation for EVM addresses and bytes32 role IDs
+- Full API parity with the Stellar adapter's AccessControlService (13 unified methods + EVM-specific extensions)
+- Graceful degradation when indexer is unavailable
@@ -0,0 +1,11 @@
+---
+'@openzeppelin/ui-builder-adapter-evm-core': minor
+---
+
+Add human-readable role labels for EVM access control
+
+- Well-known role dictionary (DEFAULT_ADMIN_ROLE, MINTER_ROLE, PAUSER_ROLE, BURNER_ROLE, UPGRADER_ROLE) with resolveRoleLabel()
+- ABI-based role constant extraction via findRoleConstantCandidates() and discoverRoleLabelsFromAbi()
+- addKnownRoleIds() accepts { id, label } pairs for externally-provided labels
+- roleLabelMap threaded through readCurrentRoles(), queryHistory(), and resolveRoleFromEvent()
+- Label resolution precedence: external > ABI-extracted > well-known > undefined
@@ -0,0 +1,12 @@
+---
+'@openzeppelin/ui-builder-adapter-stellar': patch
+---
+
+Add defense-in-depth capability checks to Stellar access control service
+
+- `getOwnership()` now validates `hasOwnable` capability before calling `get_owner()` when contract is registered
+- `getAdminInfo()` now validates `hasTwoStepAdmin` capability before calling `get_admin()` when contract is registered
+- `getAdminAccount()` now validates `hasTwoStepAdmin` capability before calling `get_admin()` when contract is registered
+- Checks are soft — skipped when contract is not registered to preserve backward compatibility
+- Throws descriptive `OperationFailed` errors instead of confusing on-chain failures
+- Mirrors the defense-in-depth pattern added to the EVM adapter
@@ -42,7 +42,7 @@
     "@openzeppelin/ui-renderer": "^1.0.2",
     "@openzeppelin/ui-storage": "^1.0.0",
     "@openzeppelin/ui-styles": "^1.0.0",
-    "@openzeppelin/ui-types": "^1.5.0",
+    "@openzeppelin/ui-types": "^1.7.0",
     "@openzeppelin/ui-utils": "^1.2.0",
     "@radix-ui/react-accordion": "^1.2.11",
     "@radix-ui/react-checkbox": "^1.3.2",

@@ -298,7 +298,7 @@ exports[`Export Snapshot Tests > EVM Export Snapshots > should match snapshot fo
     "@openzeppelin/ui-components": "^1.2.1",
     "@openzeppelin/ui-react": "^1.1.0",
     "@openzeppelin/ui-renderer": "^1.0.3",
-    "@openzeppelin/ui-types": "^1.6.0",
+    "@openzeppelin/ui-types": "^1.7.0",
     "@openzeppelin/ui-utils": "^1.2.1",
     "@tanstack/react-query": "^5.0.0",
     "@wagmi/core": "^2.20.3",
@@ -345,7 +345,7 @@ exports[`Export Snapshot Tests > Solana Export Snapshots > should match snapshot
     "@openzeppelin/ui-components": "^1.2.1",
     "@openzeppelin/ui-react": "^1.1.0",
     "@openzeppelin/ui-renderer": "^1.0.3",
-    "@openzeppelin/ui-types": "^1.6.0",
+    "@openzeppelin/ui-types": "^1.7.0",
     "@openzeppelin/ui-utils": "^1.2.1",
     "@tanstack/react-query": "^5.0.0",
     "@wagmi/core": "^2.20.3",

@@ -62,15 +62,17 @@ function _generateIndexerEndpointsConfigSection(
   const indexerNetworkIdKey = networkConfig.id;
 
   // Only add indexer config if the network has default indexer endpoints (indicating support)
-  if (networkConfig.indexerUri || networkConfig.indexerWsUri) {
+  // Prefer accessControlIndexerUrl (feature-specific) over indexerUri (generic)
+  const indexerHttpUrl = networkConfig.accessControlIndexerUrl ?? networkConfig.indexerUri;
+  if (indexerHttpUrl || networkConfig.indexerWsUri) {
     const config: { http?: string; ws?: string; _comment?: string } = {
       _comment:
         'Optional. Used for querying historical blockchain data (e.g., access control events). Remove if not needed.',
     };
 
-    // Only set http if indexerUri is actually provided
-    if (networkConfig.indexerUri) {
-      config.http = networkConfig.indexerUri;
+    // Only set http if an indexer URL is actually provided
+    if (indexerHttpUrl) {
+      config.http = indexerHttpUrl;
     }
 
     // Only set ws if indexerWsUri is actually provided

@@ -13,7 +13,7 @@ export const packageVersions = {
   '@openzeppelin/ui-react': '1.1.0',
   '@openzeppelin/ui-renderer': '1.0.3',
   '@openzeppelin/ui-storage': '1.0.0',
-  '@openzeppelin/ui-types': '1.6.0',
+  '@openzeppelin/ui-types': '1.7.0',
   '@openzeppelin/ui-components': '1.2.1',
   '@openzeppelin/ui-utils': '1.2.1',
   '@openzeppelin/ui-styles': '1.0.0',

@@ -31,7 +31,7 @@
   },
   "dependencies": {
     "@openzeppelin/relayer-sdk": "1.9.0",
-    "@openzeppelin/ui-types": "1.5.0",
+    "@openzeppelin/ui-types": "^1.7.0",
     "@openzeppelin/ui-utils": "^1.2.0",
     "@wagmi/connectors": "5.7.13",
     "@wagmi/core": "^2.20.3",