Stellar: smart accounts and access control update

[brozorec]

Documentation Pull Request

Summary

Updates Stellar smart accounts documentation to reflect the new authorization model based on explicit context rule selection (context_rule_ids) and the new AuthPayload shape, plus related updates to policies and access control examples. Also clarifies and corrects code examples for consistency with the updated model across multiple pages.

Type of Change

• New documentation
• Documentation update/revision
• Fix typos or grammar
• Restructure/reorganize content
• Add examples or tutorials
• Update API documentation
• Other: ___________

Related Issues

Relates to #

Checklist

• Build succeeds locally with pnpm run build
• Lint is successful when running pnpm run check
• Docs follow OpenZeppelin Documentation Standards

Additional Notes

• The signAndSendTx TypeScript example in signers-and-verifiers.mdx now includes ruleId: number as an explicit function parameter (with a comment explaining it is obtained from context rule creation/lookup), resolving the previously undefined variable.
• The Rust __check_auth example in signers-and-verifiers.mdx renames the parameter from signatures to auth_payload (with matching usage update) to accurately reflect that it carries the full AuthPayload struct, not just signatures.
• Removed the "Maximum context rules per smart account: 15" limit from authorization-flow.mdx, as this limit no longer exists in the framework.
• Updated grant_role_no_auth call signatures in sac-admin-wrapper.mdx and rwa.mdx to use the correct argument order (env, account, role, granting_admin), matching the updated signature documented in access-control.mdx.

[netlify]

✅ Deploy Preview for openzeppelin-docs-v2 ready!

Name	Link
🔨 Latest commit	55d5936
🔍 Latest deploy log	https://app.netlify.com/projects/openzeppelin-docs-v2/deploys/69d628f5a456af0008c919fe
😎 Deploy Preview	https://deploy-preview-139--openzeppelin-docs-v2.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Copilot]

Pull request overview

Updates the Stellar smart accounts documentation to reflect the new authorization model based on explicit context rule selection (context_rule_ids) and the new AuthPayload shape, plus related updates to policies and access control examples.

Changes:

• Replace “rule iteration / precedence” narrative with explicit rule lookup via context_rule_ids across multiple docs.
• Update signer/verifier docs and examples to use AuthPayload { signers, context_rule_ids } and describe off-chain encoding/digest considerations.
• Refresh policy and access control documentation to match updated interfaces/behavior (panic-based enforcement, ID-based removal, updated helper signatures).

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
content/stellar-contracts/accounts/smart-account.mdx	Updates the high-level authorization flow summary to explicit rule lookup.
content/stellar-contracts/accounts/signers-and-verifiers.mdx	Introduces AuthPayload, updates Rust/TS examples, and adds off-chain client guidance.
content/stellar-contracts/accounts/policies.mdx	Updates the policy model to a single enforce() method that validates + mutates and panics on failure.
content/stellar-contracts/accounts/context-rules.mdx	Updates context rule semantics/limits and matching description for explicit rule selection.
content/stellar-contracts/accounts/authorization-flow.mdx	Updates the detailed flow and examples to the explicit rule ID model.
content/stellar-contracts/access/access-control.mdx	Updates access control example calls to revised helper signatures / argument ordering.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[ozgunozerk]

Mermaid diagram generated on the root Accounts page is not readable due to background and text color contrast.

Also found similar problems in other mermaid diagrams throughout the accounts section

[ozgunozerk]

Not exactly related to the changes in this PR, but would be also good to update this part from previous documentation:

separating three distinct concerns: who is allowed to act (signers), what they are allowed to do (scope or context rules), and how those permissions are enforced (policies).

I recall we had a through discussion about this. Context Rules, are not defining the action itself, but the scope.

Here is how we changed it in stellar-contracts repo's accounts/readme.md file:

It separates authentication (signers prove identity), authorization scope (context rules bind signers and policies to specific operations), and enforcement logic (policies apply business constraints like spending limits or thresholds).

Would you agree updating the docs here as well with respect to this who, what, how sections?

[brozorec]

@ozgunozerk I agree with the above points, plz review

[ozgunozerk]

There is this one left:

[Core Components](https://deploy-preview-139--openzeppelin-docs-v2.netlify.app/stellar-contracts/accounts/smart-account#core-components)
The framework separates three distinct concerns:

What (Context Rules): Defines the scope (e.g. call transfer() on some token, call any function of a specific contract, deploy contracts, or just any call to any contract)
Who (Signers): Identifies the authorized entities (e.g. cryptographic keys, G-accounts, or other C-accounts)
How (Policies): Enforces business logic and constraints (e.g. amount < 500, every month, or 2-of-3 threshold)

---

Other than that, LGTM, approving