Operational Primitives for AA: Lane Separation, Fixed Execution Phases, and Versioned Upgrades

Ethereum Magicians

Hi Magicians, I’m sharing a design + reference implementation of a modular ERC-4337-style SmartAccount concept. The main goal is to make long-term operations (many modules, many “contexts”, frequent upgrades) less fragile by introducing: (Visual summary) DDD-style AA / laneKey / fixed phases / versioned ops: (Quick note on scope) This repository also contains a separate R&D/experiment section, but I’d like to explicitly keep this thread focused on the AA / SmartAccount architecture only. Please feel free to ignore the R&D part for now—I’ll share it in a separate thread later if it’s useful. Lane-keyed context domains Each “lane” represents a domain / execution context (e.g., app-specific scope). A lane has its own module slots (validator / executor / hooks). This is meant to be a namespacing primitive inside a single account. Fixed execution phases (stable core) + pluggable modules (variable surface) The account defines a deterministic phase boundary (validation + optional prehook, then execution: prehook → executor → posthook). The goal is to keep auditing/mental models stable even as modules change. Versioned operational primitives for upgrades/rollbacks Rather than only tracking modules, I’m experimenting with “version tags” at the aggregator/registry level to support upgrade history, rollback, and consistency checks across lanes. Repo (design docs + contracts): github.com GitHub - cancan007/LCG_contracts master Contribute to cancan007/LCG_contracts development by creating an account on GitHub. Questions (feedback I’m specifically looking for) Lane concept: Is lane-keyed namespacing a reasonable abstraction for modular accounts, or does it conflict with the direction of ERC-7579-style modular account thinking? What would you change in the lane semantics? Validation scope / safety: For those familiar with the “validation scope rules” discussions, what are the main pitfalls you’d expect with per-lane nonce/state and lane-specific validators? Are there obvious footguns? Upgrade/rollback primitive: If we wanted “upgrade / rollback” to be a first-class operational primitive, where should it live conceptually (account vs registry vs module manager)? Any known prior art I should align with? Non-goals (to keep scope tight) Not proposing a new EIP at this stage; just trying to validate the abstraction. Not optimizing for minimal bytecode; prioritizing clarity and operational safety. Any critique—especially on security model boundaries, module lifecycle, and compatibility framing—would be really appreciated. Thanks! 1 post - 1 participant Read full topic