fix(access): l-07 missing admin role holder

[0xisk]

Types of changes

What types of changes does your code introduce to OpenZeppelin Midnight Contracts?
Put an x in the boxes that apply

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation Update (if none of the other choices apply)

Fixes #432

PR Checklist

• I have read the Contributing Guide
• I have added tests that prove my fix is effective or that my feature works. See GUIDELINES.md#testing for more information.
• I have added documentation for new methods or changes to existing method behavior. See GUIDELINES.md#documentation for more information.
• CI Workflows Are Passing

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

Summary by CodeRabbit

• Bug Fixes
  • Enhanced access control system initialization with proper admin role setup and instance configuration.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8a1b8fe5-1c6a-4226-9b09-7fce890ce742

📥 Commits

Reviewing files that changed from the base of the PR and between 736e289 and 39c7cda.

📒 Files selected for processing (1)

• contracts/src/access/ShieldedAccessControl.compact

---

Walkthrough

Updated the example constructor in ShieldedAccessControl to accept instanceSalt and defaultAdmin parameters. The constructor now explicitly initializes the instance and grants the default admin role to the specified account, addressing a missing initialization requirement.

Changes

Cohort / File(s)	Summary
ShieldedAccessControl Constructor contracts/src/access/ShieldedAccessControl.compact	Updated constructor signature from parameterless to accept instanceSalt: Bytes<32> and defaultAdmin: ShieldedAccessControl_AccountIdentifier. Constructor body now calls ShieldedAccessControl_initialize(instanceSalt) and ShieldedAccessControl__grantRole(ShieldedAccessControl_DEFAULT_ADMIN_ROLE(), defaultAdmin) to properly initialize the instance and assign the default admin role.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A hop, a initialize, a role so grand,
The admin now has his rightful stand,
No more empty crowns in the access land,
The contract blooms as the audit planned! 🌿✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(access): l-07 missing admin role holder' directly and specifically describes the main change: addressing the L-07 audit finding about missing admin role holder initialization in ShieldedAccessControl.
Linked Issues check	✅ Passed	The pull request addresses the core requirement from issue #432 by updating the constructor documentation to initialize ShieldedAccessControl with instanceSalt and grant the DEFAULT_ADMIN_ROLE to a provided defaultAdmin account, resolving the missing role holder issue.
Out of Scope Changes check	✅ Passed	All changes are scoped to the constructor documentation/example in ShieldedAccessControl.compact, directly addressing the linked issue's recommendation to document calling the initializer and granting the admin role.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/l-07

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}