@bananapus/omnichain-deployers-v6 0.0.31 → 0.0.35

package/CHANGELOG.md

@@ -1,6 +1,6 @@
 # Changelog
 
-## v6 post-audit (M-11 fix)
+## v6 carry-forward hook fix
 
 - **Carry-forward hook selection improved.** `queueRulesetsOf` now checks `latestQueuedOf(projectId)` before falling back to `currentOf(projectId)` when carrying forward a 721 hook. Previously it only read `currentOf`, which could miss a recently queued (and approved) ruleset's hook config. The source ruleset must have approval status `Approved` or `Empty` and a stored hook config in the deployer.
 - The `useDataHookForCashOut` flag is preserved from whichever source ruleset is selected during carry-forward.

package/README.md

@@ -69,8 +69,8 @@ npm install @bananapus/omnichain-deployers-v6
 
 ```bash
 npm install
-forge build
-forge test
+forge build --deny notes
+forge test --deny notes --fail-fast --summary --detailed --skip "*/script/**"
 ```
 
 Useful scripts:

package/foundry.toml

@@ -15,7 +15,8 @@ depth = 100
 fail_on_revert = false
 
 [lint]
-exclude_lints = ["pascal-case-struct", "mixed-case-variable"]
+exclude_lints = ["mixed-case-variable", "pascal-case-struct"]
+
 [fmt]
 number_underscore = "thousands"
 multiline_func_header = "all"

package/package.json

@@ -1,11 +1,20 @@
 {
   "name": "@bananapus/omnichain-deployers-v6",
-  "version": "0.0.31",
+  "version": "0.0.35",
   "license": "MIT",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/Bananapus/nana-omnichain-deployers-v6"
   },
+  "files": [
+    "CHANGELOG.md",
+    "foundry.toml",
+    "references/",
+    "remappings.txt",
+    "script/Deploy.s.sol",
+    "script/helpers/",
+    "src/"
+  ],
   "engines": {
     "node": ">=20.0.0"
   },
@@ -17,17 +26,17 @@
     "artifacts": "source ./.env && npx sphinx artifacts --org-id 'ea165b21-7cdc-4d7b-be59-ecdd4c26bee4' --project-name 'nana-omnichain-deployers-v6'"
   },
   "dependencies": {
-    "@bananapus/721-hook-v6": "^0.0.41",
-    "@bananapus/buyback-hook-v6": "^0.0.30",
-    "@bananapus/core-v6": "^0.0.36",
-    "@bananapus/ownable-v6": "^0.0.20",
-    "@bananapus/permission-ids-v6": "^0.0.19",
-    "@bananapus/suckers-v6": "^0.0.28",
-    "@openzeppelin/contracts": "^5.6.1",
-    "@uniswap/v4-core": "^1.0.2"
+    "@bananapus/721-hook-v6": "0.0.43",
+    "@bananapus/core-v6": "0.0.39",
+    "@bananapus/ownable-v6": "0.0.24",
+    "@bananapus/permission-ids-v6": "0.0.22",
+    "@bananapus/suckers-v6": "0.0.32",
+    "@openzeppelin/contracts": "5.6.1"
   },
   "devDependencies": {
-    "@bananapus/address-registry-v6": "^0.0.20",
-    "@sphinx-labs/plugins": "^0.33.2"
+    "@bananapus/address-registry-v6": "0.0.25",
+    "@bananapus/buyback-hook-v6": "0.0.37",
+    "@sphinx-labs/plugins": "0.33.3",
+    "@uniswap/v4-core": "1.0.2"
   }
 }

package/src/JBOmnichainDeployer.sol

@@ -32,11 +32,17 @@ import {JBSuckerDeploymentConfig} from "./structs/JBSuckerDeploymentConfig.sol";
 import {JBTiered721HookConfig} from "./structs/JBTiered721HookConfig.sol";
 import {mulDiv} from "@prb/math/src/Common.sol";
 
-/// @notice Deploys, manages, and operates Juicebox projects with suckers.
-// Project NFTs sent to this contract are not recoverable. The deployer does not
-// implement any NFT rescue mechanism beyond onERC721Received for JBProjects. This is acceptable
-// because the deployer should never own project NFTs — it creates projects and transfers ownership
-// in the same transaction.
+/// @notice One-stop deployer and data hook wrapper for omnichain Juicebox projects. Launches a project with a tiered
+/// 721 hook and cross-chain suckers in a single transaction, then inserts itself as every ruleset's data hook so it can
+/// coordinate between the 721 hook, an optional extra hook (e.g. buyback), and the sucker registry at pay/cash-out
+/// time. At pay time it merges weight and hook specifications from both the 721 hook and the extra hook. At cash-out
+/// time it
+/// computes cross-chain total supply and surplus (so the bonding curve reflects all chains), grants suckers 0% cash-out
+/// tax, and delegates tax-rate adjustments to the underlying hooks.
+/// @dev Project NFTs sent to this contract are not recoverable. The deployer does not implement any NFT rescue
+/// mechanism beyond `onERC721Received` for `JBProjects`. This is acceptable because the deployer should never own
+/// project NFTs —
+/// it creates projects and transfers ownership in the same transaction.
 contract JBOmnichainDeployer is
     ERC2771Context,
     JBPermissioned,
@@ -142,10 +148,12 @@ contract JBOmnichainDeployer is
     // ---------------------- external transactions ---------------------- //
     //*********************************************************************//
 
-    /// @notice Deploy new suckers for an existing project.
-    /// @dev Only the juicebox's owner or an operator with `JBPermissionIds.DEPLOY_SUCKERS` can call this entrypoint.
-    /// The downstream registry call also maps the configured tokens on each newly created sucker, so the same
-    /// end-to-end operation depends on the project's token-mapping authority being arranged for the registry.
+    /// @notice Deploy new cross-chain suckers for an existing project. Each sucker enables token bridging between this
+    /// chain and a peer chain. The registry also maps configured tokens on each new sucker in the same call.
+    /// @dev Only the project's owner or an operator with `JBPermissionIds.DEPLOY_SUCKERS` can call this. The salt
+    /// includes `msg.sender` for replay protection — the same sender must call on both chains for deterministic
+    /// address
+    /// matching.
     /// @param projectId The ID of the project to deploy suckers for.
     /// @param suckerDeploymentConfiguration The suckers to set up for the project.
     function deploySuckersFor(
@@ -252,6 +260,7 @@ contract JBOmnichainDeployer is
     /// @notice Launches new rulesets for a project with a 721 tiers hook attached, using this contract as the data
     /// hook.
     /// @param projectId The ID of the project to launch the rulesets for.
+    /// @param projectUri The project's metadata URI. Pass an empty string to leave it unchanged.
     /// @param deploy721Config The 721 hook deployment config (hook config + cash-out flag + salt).
     /// @param rulesetConfigurations The rulesets to launch. Custom data hooks are read from each ruleset's metadata.
     /// @param terminalConfigurations The terminals to set up for the project.
@@ -261,6 +270,7 @@ contract JBOmnichainDeployer is
     /// @return hook The 721 tiers hook that was deployed for the project.
     function launchRulesetsFor(
         uint256 projectId,
+        string calldata projectUri,
         JBOmnichain721Config memory deploy721Config,
         JBRulesetConfig[] memory rulesetConfigurations,
         JBTerminalConfig[] calldata terminalConfigurations,
@@ -273,6 +283,7 @@ contract JBOmnichainDeployer is
     {
         return _launchRulesetsFor({
             projectId: projectId,
+            projectUri: projectUri,
             deploy721Config: deploy721Config,
             rulesetConfigurations: rulesetConfigurations,
             terminalConfigurations: terminalConfigurations,
@@ -284,6 +295,7 @@ contract JBOmnichainDeployer is
     /// @notice Launches new rulesets for a project with a default (empty-tier) 721 hook.
     /// @dev Uses `baseCurrency` from the first ruleset and `decimals = 18` for the default 721 config.
     /// @param projectId The ID of the project to launch the rulesets for.
+    /// @param projectUri The project's metadata URI. Pass an empty string to leave it unchanged.
     /// @param rulesetConfigurations The rulesets to launch.
     /// @param terminalConfigurations The terminals to set up for the project.
     /// @param memo A memo to pass along to the emitted event.
@@ -292,6 +304,7 @@ contract JBOmnichainDeployer is
     /// @return hook The 721 tiers hook that was deployed for the project.
     function launchRulesetsFor(
         uint256 projectId,
+        string calldata projectUri,
         JBRulesetConfig[] memory rulesetConfigurations,
         JBTerminalConfig[] calldata terminalConfigurations,
         string calldata memo,
@@ -303,6 +316,7 @@ contract JBOmnichainDeployer is
     {
         return _launchRulesetsFor({
             projectId: projectId,
+            projectUri: projectUri,
             deploy721Config: _default721Config(rulesetConfigurations),
             rulesetConfigurations: rulesetConfigurations,
             terminalConfigurations: terminalConfigurations,
@@ -382,8 +396,13 @@ contract JBOmnichainDeployer is
     // ------------------------- external views -------------------------- //
     //*********************************************************************//
 
-    /// @notice Allow cash outs from suckers without a tax, and compute cross-chain tax supply for non-sucker cash outs.
-    /// @dev This function is part of `IJBRulesetDataHook`, and gets called before the revnet processes a cash out.
+    /// @notice Called by the terminal before recording a cash out. Suckers get 0% tax so bridged tokens redeem at face
+    /// value. For all other holders, this function aggregates total supply and surplus across all peer chains so the
+    /// bonding curve reflects the project's global state, then delegates to the 721 hook and extra hook for further
+    /// adjustments.
+    /// @dev Part of `IJBRulesetDataHook`. The 721 hook's returned `totalSupply` and `effectiveSurplusValue` are used
+    /// when it handles cash outs (NFT redemptions use local denominators). Otherwise this contract's cross-chain values
+    /// take precedence.
     /// @param context Standard Juicebox cash out context. See `JBBeforeCashOutRecordedContext`.
     /// @return cashOutTaxRate The cash out tax rate, which influences the amount of terminal tokens which get cashed
     /// out.
@@ -497,8 +516,13 @@ contract JBOmnichainDeployer is
         return (cashOutTaxRate, cashOutCount, totalSupply, effectiveSurplusValue, hookSpecifications);
     }
 
-    /// @notice Forward the call to the original data hook.
-    /// @dev This function is part of `IJBRulesetDataHook`, and gets called before the revnet processes a payment.
+    /// @notice Called by the terminal before recording a payment. Coordinates the 721 hook (which handles tier-based
+    /// NFT minting and split deductions) with the extra hook (e.g. buyback, which may swap for a better token price).
+    /// Merges
+    /// their weight adjustments and hook specifications into a single response for the terminal.
+    /// @dev Part of `IJBRulesetDataHook`. The 721 hook's weight already accounts for tier-split deductions. The extra
+    /// hook receives the post-split amount so it only routes funds actually entering the project. If both return
+    /// specifications, the 721 spec comes first.
     /// @param context Standard Juicebox payment context. See `JBBeforePayRecordedContext`.
     /// @return weight The weight which project tokens are minted relative to. This can be used to customize how many
     /// tokens get minted by a payment.
@@ -618,8 +642,9 @@ contract JBOmnichainDeployer is
         return _extraDataHookOf[projectId][rulesetId];
     }
 
-    /// @notice A flag indicating whether an address has permission to mint a project's tokens on-demand.
-    /// @dev A project's data hook can allow any address to mint its tokens.
+    /// @notice Returns whether an address may mint a project's tokens on-demand. Suckers always get mint permission (so
+    /// bridged tokens can be minted on the destination chain). Otherwise delegates to the extra data hook.
+    /// @dev Part of `IJBRulesetDataHook`. The 721 hook never grants mint permission, so only the extra hook is checked.
     /// @param projectId The ID of the project whose token can be minted.
     /// @param ruleset The ruleset to check the token minting permission of.
     /// @param addr The address to check the token minting permission of.
@@ -720,11 +745,12 @@ contract JBOmnichainDeployer is
         internal
         returns (uint256 projectId, IJB721TiersHook hook, address[] memory suckers)
     {
-        // Get the next project ID.
-        projectId = PROJECTS.count() + 1;
+        // Reserve the project ID up front so permissionless project creations cannot invalidate hook deployment.
+        projectId = PROJECTS.createFor(address(this));
 
         // Deploy a 721 hook and set up rulesets.
         hook = _deploy721Hook({projectId: projectId, config: deploy721Config});
+        // slither-disable-next-line reentrancy-benign
         rulesetConfigurations = _setup721({
             projectId: projectId,
             rulesetConfigurations: rulesetConfigurations,
@@ -732,18 +758,16 @@ contract JBOmnichainDeployer is
             use721ForCashOut: deploy721Config.useDataHookForCashOut
         });
 
-        // Launch the project, and sanity check the project ID.
-        // slither-disable-next-line reentrancy-benign
-        if (
-            projectId
-                != controller.launchProjectFor({
-                    owner: address(this),
-                    projectUri: projectUri,
-                    rulesetConfigurations: rulesetConfigurations,
-                    terminalConfigurations: terminalConfigurations,
-                    memo: memo
-                })
-        ) revert JBOmnichainDeployer_ProjectIdMismatch();
+        // Launch the rulesets for the reserved project.
+        // slither-disable-start unused-return
+        controller.launchRulesetsFor({
+            projectId: projectId,
+            projectUri: projectUri,
+            rulesetConfigurations: rulesetConfigurations,
+            terminalConfigurations: terminalConfigurations,
+            memo: memo
+        });
+        // slither-disable-end unused-return
 
         // Transfer the hook's ownership to the project (now that the project NFT has been minted).
         JBOwnable(address(hook)).transferOwnershipToProject(projectId);
@@ -766,6 +790,7 @@ contract JBOmnichainDeployer is
     /// @notice Internal implementation of `launchRulesetsFor`.
     function _launchRulesetsFor(
         uint256 projectId,
+        string calldata projectUri,
         JBOmnichain721Config memory deploy721Config,
         JBRulesetConfig[] memory rulesetConfigurations,
         JBTerminalConfig[] calldata terminalConfigurations,
@@ -775,15 +800,19 @@ contract JBOmnichainDeployer is
         internal
         returns (uint256 rulesetId, IJB721TiersHook hook)
     {
+        address owner = PROJECTS.ownerOf(projectId);
+
         // Enforce permissions. Use LAUNCH_RULESETS (not QUEUE_RULESETS) because this function calls
         // controller.launchRulesetsFor, which sets terminals and requires the broader launch permission.
-        _requirePermissionFrom({
-            account: PROJECTS.ownerOf(projectId), projectId: projectId, permissionId: JBPermissionIds.LAUNCH_RULESETS
-        });
+        _requirePermissionFrom({account: owner, projectId: projectId, permissionId: JBPermissionIds.LAUNCH_RULESETS});
 
-        _requirePermissionFrom({
-            account: PROJECTS.ownerOf(projectId), projectId: projectId, permissionId: JBPermissionIds.SET_TERMINALS
-        });
+        _requirePermissionFrom({account: owner, projectId: projectId, permissionId: JBPermissionIds.SET_TERMINALS});
+
+        if (bytes(projectUri).length != 0) {
+            _requirePermissionFrom({
+                account: owner, projectId: projectId, permissionId: JBPermissionIds.SET_PROJECT_URI
+            });
+        }
 
         // Validate that the controller matches the project's controller in the directory.
         _validateController({projectId: projectId, controller: controller});
@@ -802,6 +831,7 @@ contract JBOmnichainDeployer is
         // Configure the rulesets.
         rulesetId = controller.launchRulesetsFor({
             projectId: projectId,
+            projectUri: projectUri,
             rulesetConfigurations: rulesetConfigurations,
             terminalConfigurations: terminalConfigurations,
             memo: memo
@@ -830,6 +860,7 @@ contract JBOmnichainDeployer is
         // Revert if the project already had rulesets queued in this block, which would make our
         // `block.timestamp + i` ruleset ID prediction incorrect.
         uint256 latestRulesetId = controller.RULESETS().latestRulesetIdOf(projectId);
+        // forge-lint: disable-next-line(block-timestamp)
         if (latestRulesetId >= block.timestamp) {
             revert JBOmnichainDeployer_RulesetIdsUnpredictable();
         }
@@ -887,9 +918,11 @@ contract JBOmnichainDeployer is
         });
     }
 
-    /// @notice Sets up a project's rulesets with a 721 hook.
+    /// @notice Wires up each ruleset so this contract acts as the data hook wrapper. Stores the 721 hook and any extra
+    /// data hook (from the ruleset's metadata) in per-project/per-ruleset mappings, then overwrites each ruleset's
+    /// metadata to point at this contract with both pay and cash-out delegation enabled.
     /// @dev Stores the 721 hook in `_tiered721HookOf` per-ruleset and any custom hook (from metadata) in
-    /// `_extraDataHookOf`.
+    /// `_extraDataHookOf`. Ruleset IDs are predicted as `block.timestamp + i`.
     /// @param projectId The ID of the project to set up.
     /// @param rulesetConfigurations The rulesets to set up.
     /// @param hook721 The 721 tiers hook.
@@ -910,11 +943,13 @@ contract JBOmnichainDeployer is
 
             // Store the 721 hook config per-ruleset.
             // slither-disable-next-line reentrancy-benign
+            // forge-lint: disable-next-line(block-timestamp)
             _tiered721HookOf[projectId][block.timestamp + i] =
                 JBTiered721HookConfig({hook: hook721, useDataHookForCashOut: use721ForCashOut});
 
             // Store custom hook from metadata (same as _setup).
             if (rulesetConfigurations[i].metadata.dataHook != address(0)) {
+                // forge-lint: disable-next-line(block-timestamp)
                 _extraDataHookOf[projectId][block.timestamp + i] = JBDeployerHookConfig({
                     dataHook: IJBRulesetDataHook(rulesetConfigurations[i].metadata.dataHook),
                     useDataHookForPay: rulesetConfigurations[i].metadata.useDataHookForPay,

package/src/interfaces/IJBOmnichainDeployer.sol

@@ -9,7 +9,10 @@ import {JBDeployerHookConfig} from "../structs/JBDeployerHookConfig.sol";
 import {JBOmnichain721Config} from "../structs/JBOmnichain721Config.sol";
 import {JBSuckerDeploymentConfig} from "../structs/JBSuckerDeploymentConfig.sol";
 
-/// @notice Deploys Juicebox projects with omnichain sucker support.
+/// @notice Interface for the omnichain deployer — a one-stop contract that launches Juicebox projects with a tiered
+/// 721
+/// hook and cross-chain suckers, then serves as the data hook wrapper that coordinates pay/cash-out logic across all
+/// chains.
 interface IJBOmnichainDeployer {
     /// @notice Get the extra data hook for a project and ruleset.
     /// @param projectId The ID of the project to get the extra data hook for.
@@ -100,6 +103,7 @@ interface IJBOmnichainDeployer {
 
     /// @notice Launches new rulesets for a project with a 721 tiers hook attached.
     /// @param projectId The ID of the project to launch the rulesets for.
+    /// @param projectUri The project's metadata URI. Pass an empty string to leave it unchanged.
     /// @param deploy721Config The 721 hook deployment config (hook config + cash-out flag + salt).
     /// @param rulesetConfigurations The rulesets to launch. Custom data hooks are read from each ruleset's metadata.
     /// @param terminalConfigurations The terminals to set up for the project.
@@ -109,6 +113,7 @@ interface IJBOmnichainDeployer {
     /// @return hook The 721 tiers hook that was deployed for the project.
     function launchRulesetsFor(
         uint256 projectId,
+        string calldata projectUri,
         JBOmnichain721Config memory deploy721Config,
         JBRulesetConfig[] memory rulesetConfigurations,
         JBTerminalConfig[] calldata terminalConfigurations,
@@ -120,6 +125,7 @@ interface IJBOmnichainDeployer {
 
     /// @notice Launches new rulesets for a project with a default (empty-tier) 721 hook.
     /// @param projectId The ID of the project to launch the rulesets for.
+    /// @param projectUri The project's metadata URI. Pass an empty string to leave it unchanged.
     /// @param rulesetConfigurations The rulesets to launch.
     /// @param terminalConfigurations The terminals to set up for the project.
     /// @param memo A memo to pass along to the emitted event.
@@ -128,6 +134,7 @@ interface IJBOmnichainDeployer {
     /// @return hook The 721 tiers hook that was deployed for the project.
     function launchRulesetsFor(
         uint256 projectId,
+        string calldata projectUri,
         JBRulesetConfig[] memory rulesetConfigurations,
         JBTerminalConfig[] calldata terminalConfigurations,
         string calldata memo,

package/src/structs/JBDeployerHookConfig.sol

@@ -3,6 +3,11 @@ pragma solidity ^0.8.0;
 
 import {IJBRulesetDataHook} from "@bananapus/core-v6/src/interfaces/IJBRulesetDataHook.sol";
 
+/// @notice Configuration for an extra data hook (e.g. a buyback hook) that the omnichain deployer delegates to
+/// alongside the primary 721 hook. Stored per project per ruleset.
+/// @param dataHook The extra data hook contract to delegate to.
+/// @param useDataHookForPay Whether to call this hook's `beforePayRecordedWith` during payments.
+/// @param useDataHookForCashOut Whether to call this hook's `beforeCashOutRecordedWith` during cash outs.
 struct JBDeployerHookConfig {
     IJBRulesetDataHook dataHook;
     bool useDataHookForPay;

package/src/structs/JBTiered721HookConfig.sol

@@ -3,6 +3,10 @@ pragma solidity ^0.8.0;
 
 import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
 
+/// @notice Stored configuration for a project's tiered 721 hook within a specific ruleset.
+/// @param hook The tiered 721 hook contract used for NFT minting on payments.
+/// @param useDataHookForCashOut Whether the 721 hook should participate in cash-out tax calculations and NFT
+/// redemptions.
 struct JBTiered721HookConfig {
     IJB721TiersHook hook;
     bool useDataHookForCashOut;

package/ADMINISTRATION.md

@@ -1,29 +0,0 @@
-# Administration
-
-## At A Glance
-
-| Item | Details |
-| --- | --- |
-| Scope | Omnichain launch orchestration and wrapper behavior |
-| Control posture | Mixed deployer logic, project permissions, and registry trust |
-| Highest-risk actions | Wrong hook composition, wrong sucker wiring, and bad registry trust |
-| Recovery posture | Often requires redeploying or re-launching around bad wiring |
-
-## Purpose
-
-This repo controls how omnichain projects are launched and wrapped, not the low-level runtime logic of suckers or 721 hooks.
-
-## Control Model
-
-- launch paths are largely permissionless for new projects
-- later ruleset changes depend on project permissions
-- registry and sucker trust surfaces can widen authority if misconfigured
-
-## Recovery
-
-- bad launch wiring usually means a new deployment path rather than a local patch
-
-## Admin Boundaries
-
-- this repo does not override locked runtime behavior in sibling repos
-

package/ARCHITECTURE.md

@@ -1,31 +0,0 @@
-# Architecture
-
-## Purpose
-
-`nana-omnichain-deployers-v6` packages a Juicebox project, a 721 hook, and sucker deployment into one omnichain launch surface.
-
-## System Overview
-
-`JBOmnichainDeployer` launches the project, stores per-ruleset hook composition, and wraps sucker behavior so bridge-triggered flows can bypass project-specific logic where intended.
-
-## Core Invariants
-
-- launch wiring must match the intended omnichain project shape
-- hook composition must stay consistent with the created ruleset IDs
-- sucker-specific privileged paths must remain limited to trusted suckers
-- project NFT ownership and hook ownership must end in the intended place
-
-## Trust Boundaries
-
-- bridge runtime trust lives in `nana-suckers-v6`
-- 721 runtime trust lives in `nana-721-hook-v6`
-- this repo mainly owns orchestration and wrapper semantics
-
-## Security Model
-
-- the main risks are hook composition, ruleset ID prediction, and registry-trusted sucker bypasses
-- this repo is not the source of underlying bridge or 721 behavior, but it can wire them together incorrectly
-
-## Source Map
-
-- `src/JBOmnichainDeployer.sol`

package/AUDIT_INSTRUCTIONS.md

@@ -1,29 +0,0 @@
-# Audit Instructions
-
-Audit this repo as an orchestration layer that composes 721 hooks, suckers, and optional extra data hooks.
-
-## Audit Objective
-
-Find issues that:
-
-- launch the wrong project shape
-- miscompose hooks or wrapper behavior
-- grant privileged sucker behavior to the wrong addresses
-- create cross-chain drift or bad deterministic assumptions
-
-## Scope
-
-In scope:
-
-- `src/JBOmnichainDeployer.sol`
-- related tests under `test/`
-
-## Start Here
-
-1. `src/JBOmnichainDeployer.sol`
-
-## Verification
-
-- `npm install`
-- `forge build`
-- `forge test`

package/RISKS.md

@@ -1,97 +0,0 @@
-# Omnichain Deployers Risk Register
-
-This file covers the risks in the deployer layer that launches Juicebox projects across chains while composing 721 hooks, suckers, and optional custom data hooks.
-
-## How To Use This File
-
-- Read `Priority risks` first. They capture the highest-blast-radius deployment and cash-out assumptions.
-- Treat `Invariants to verify` as required checks for any new omnichain deployment flow.
-
-## Priority Risks
-
-| Priority | Risk | Why it matters | Primary controls |
-|----------|------|----------------|------------------|
-| P0 | Registry-trusted sucker bypass | This deployer gives suckers privileged cash-out behavior based on registry answers. A bad registry entry can affect many projects. | Registry allowlists, deployment verification, and explicit registry scrutiny. |
-| P1 | Cross-chain deployment drift | Omnichain assumptions fail if chain-specific wiring, peers, or composed hooks do not match. | Deterministic deploy ordering, parity checks, and post-deploy peer verification. |
-| P1 | Data-hook composition mistakes | The deployer wraps or forwards custom data hooks. A bad composition can alter pay or cash-out semantics unexpectedly. | Integration tests and careful forwarding review. |
-
-## 1. Trust Assumptions
-
-- **Trusted forwarder is trusted.**
-- **Sucker registry answers are trusted.**
-- **Controller trust matters.**
-- **Extra data hooks are trusted code.**
-
-## 2. Economic Risks
-
-- **Sucker cashout bypass exists for registered suckers.**
-- **Extra data hooks can manipulate weight or cash-out behavior.**
-- **721 hook amount splitting can zero out project amount in edge cases.**
-- **Cross-chain sender dependence affects deterministic sucker salts.**
-
-## 3. Access Control
-
-- **Wildcard `MAP_SUCKER_TOKEN` permission is broad.**
-- **`launchRulesetsFor` requires combined permissions.**
-- **`launchProjectFor` is intentionally permissionless for new projects.**
-
-## 4. DoS Vectors
-
-- **Ruleset ID collision can block queueing.**
-- **External hook reverts can block pay or cash-out flows.**
-- **721 hook deployment revert blocks launch.**
-- **Non-safe NFT transfers can still strand assets.**
-
-## 5. Reentrancy Surface
-
-- **`launchProjectFor` makes several external calls in sequence.**
-- **`beforePayRecordedWith` delegates to external hooks.**
-- **`beforeCashOutRecordedWith` delegates to external hooks.**
-- **There is no `ReentrancyGuard`.** The deployer relies on being effectively stateless during pay and cash-out operations.
-
-## 6. Integration Risks
-
-- **Hook config is keyed by predicted ruleset ID.**
-- **Carried-forward 721 hook behavior on queue depends on prior ruleset state.**
-- **ERC721Receiver restrictions are narrow but non-safe transfers can still strand assets.**
-- **Empty simplified launch config reverts.**
-
-## 7. Invariants To Verify
-
-- launched projects point at the intended controller
-- stored 721 hook config exists for every ruleset created through this deployer
-- sucker cashouts always get the intended zero-tax path
-- self-reference prevention holds after setup
-- the project NFT ends owned by the intended owner
-
-## 8. Accepted Behaviors
-
-### 8.1 Controller validation is skipped during initial launch
-
-Pre-launch controller validation is impossible because the project does not yet exist. The accepted safeguard is the post-launch project ID match check.
-
-### 8.2 Registered suckers receive 0% cashout tax
-
-This is intentional and shares the same trust boundary as the sucker registry.
-
-## 9. Accepted Security Risks
-
-Documented risks that were reviewed and accepted.
-
-### Configuration Risks
-
-**Unvalidated extra data hooks can brick live flows.** *(Minor)*
-Extra data hooks provided by the project owner in `_setup721` configuration can fail and brick live pay/cashout flows. Accepted because this is self-inflicted misconfiguration — only the project owner can set these hooks.
-
-**Missing hook721 alias check enables double invocation.** *(Minor)*
-If the project owner configures the 721 hook as both the primary hook and as an extra data hook, it could be invoked twice. Accepted because this is self-inflicted misconfiguration — the deployer correctly processes each hook independently.
-
-### Hook Selection
-
-**ApprovalExpected rulesets excluded from hook carry-forward.**
-When no new tiers are provided, the deployer carries forward the 721 hook from the most recent approved ruleset. Rulesets with `ApprovalExpected` status are intentionally excluded even though they may become active. Hook selection is irreversible — if the pending ruleset is later rejected by the approval hook, we'd have locked in a hook from a ruleset that never became active. The deployer falls back to the current (already-approved) ruleset in this case.
-
-### Cross-Chain Deployment
-
-**`_msgSender()` in deployment salt breaks cross-chain determinism.** *(Minor)*
-`deploySuckersFor` includes `_msgSender()` in the CREATE2 salt, which means the same deployment from different callers produces different addresses across chains. Accepted because this is intentional replay protection — prevents frontrunning of cross-chain deployments.

package/SKILLS.md

@@ -1,25 +0,0 @@
-# Juicebox Omnichain Deployers
-
-## Use This File For
-
-- Use this file when the task involves omnichain project launch, sucker deployment, or wrapped 721-hook composition.
-- Start here, then decide whether the issue is in launch orchestration, hook composition, or bridge-specific runtime behavior.
-
-## Read This Next
-
-| If you need... | Open this next |
-|---|---|
-| Repo overview and architecture | [`README.md`](./README.md), [`ARCHITECTURE.md`](./ARCHITECTURE.md) |
-| Main deployer | [`src/JBOmnichainDeployer.sol`](./src/JBOmnichainDeployer.sol) |
-| Bridge runtime | [`../nana-suckers-v6/src/JBSucker.sol`](../nana-suckers-v6/src/JBSucker.sol) |
-| 721 hook runtime | [`../nana-721-hook-v6/src/JB721TiersHook.sol`](../nana-721-hook-v6/src/JB721TiersHook.sol) |
-
-## Purpose
-
-Orchestration and wrapper layer for launching projects with suckers and a 721 hook already wired in.
-
-## Working Rules
-
-- Start in [`src/JBOmnichainDeployer.sol`](./src/JBOmnichainDeployer.sol).
-- Treat ruleset ID prediction as a real implementation dependency.
-- Keep wrapper behavior and the underlying 721 or sucker behavior separate in your reasoning.