@bananapus/ownable-v6 0.0.8 → 0.0.10

package/USER_JOURNEYS.md

@@ -0,0 +1,245 @@
+# User Journeys -- nana-ownable-v6
+
+Concrete end-to-end flows through the JBOwnable system. Each journey traces the exact function calls, state changes, and external interactions.
+
+## Journey 1: Deploy a Project-Owned Contract
+
+**Actor:** Protocol developer deploying a hook or extension that should be owned by a Juicebox project.
+**Goal:** Create a contract where the project NFT holder has owner access.
+
+### Precondition
+
+A Juicebox project exists with ID `projectId`. The `JBProjects` and `JBPermissions` contracts are deployed.
+
+### Steps
+
+1. **Developer deploys a contract inheriting `JBOwnable`**
+
+   ```solidity
+   new MyHook(permissions, projects, address(0), projectId)
+   ```
+
+   - `initialOwner = address(0)` because ownership is project-based
+   - `initialProjectIdOwner = projectId`
+
+2. **Constructor execution in `JBOwnableOverrides`**
+
+   - Stores `PROJECTS = projects` (immutable)
+   - Validates: `initialProjectIdOwner != 0` AND `address(projects) != address(0)` -- passes
+   - Validates: not both zero (passes because `initialProjectIdOwner != 0`)
+   - Calls `_transferOwnership(address(0), projectId)`:
+     - Sets `jbOwner = JBOwner({owner: address(0), projectId: projectId, permissionId: 0})`
+     - Calls `_emitTransferEvent(address(0), address(0), projectId)`
+   - In `JBOwnable._emitTransferEvent`: emits `OwnershipTransferred(address(0), PROJECTS.ownerOf(projectId), msg.sender)`
+
+3. **Ownership is now live**
+
+   - `owner()` calls `PROJECTS.ownerOf(projectId)` and returns the current NFT holder
+   - `_checkOwner()` validates `msg.sender` against the NFT holder (or permission delegates)
+
+### Result
+
+The contract is owned by whichever address holds the project NFT. If the NFT is transferred, ownership automatically follows -- no on-chain update to the JBOwnable contract is needed.
+
+### What to verify
+
+- `jbOwner.owner == address(0)` and `jbOwner.projectId == projectId` after construction.
+- `jbOwner.permissionId == 0` (no delegated access until explicitly configured).
+- `owner()` returns the current NFT holder, not a cached value.
+- If the project does not exist (ID > `PROJECTS.count()`), the constructor still succeeds -- the existence check is only enforced in `transferOwnershipToProject`, not the constructor. Verify whether this is safe (the deployer presumably knows the project exists).
+
+---
+
+## Journey 2: Transfer Ownership to a Different Address
+
+**Actor:** Current owner (direct address or project NFT holder).
+**Goal:** Transfer ownership from the current owner to a new direct address.
+
+### Precondition
+
+The caller is the current owner or has the configured `permissionId` (or ROOT) via `JBPermissions`.
+
+### Steps
+
+1. **Owner calls `transferOwnership(newOwner)`**
+
+   - `newOwner` must not be `address(0)` (reverts with `JBOwnableOverrides_InvalidNewOwner`)
+
+2. **`_checkOwner()` validates the caller**
+
+   - Resolves the current owner (via `PROJECTS.ownerOf()` if project-owned, or `jbOwner.owner` if address-owned)
+   - Calls `_requirePermissionFrom(resolvedOwner, projectId, permissionId)`
+   - Passes if `msg.sender == resolvedOwner` OR `msg.sender` has the required permission
+
+3. **`_transferOwnership(newOwner, 0)` executes the transfer**
+
+   - Records `oldOwner` (resolved from current `jbOwner`)
+   - Overwrites `jbOwner = JBOwner({owner: newOwner, projectId: 0, permissionId: 0})`
+   - Calls `_emitTransferEvent(oldOwner, newOwner, 0)`
+
+4. **`_emitTransferEvent` in `JBOwnable`**
+
+   - Since `newProjectId == 0`: emits `OwnershipTransferred(oldOwner, newOwner, msg.sender)`
+
+### Result
+
+`jbOwner.owner == newOwner`, `jbOwner.projectId == 0`, `jbOwner.permissionId == 0`. The new owner must call `setPermissionId()` to re-enable delegated access.
+
+### What to verify
+
+- If the contract was previously project-owned, `projectId` is now 0 (project ownership is cleared).
+- `permissionId` is reset to 0, revoking all previously delegated permissions.
+- The previous owner (or their delegates) can no longer call `onlyOwner` functions.
+- `newOwner` can immediately call `onlyOwner` functions without any additional setup.
+
+---
+
+## Journey 3: Transfer Ownership to a Juicebox Project
+
+**Actor:** Current owner (direct address or project NFT holder).
+**Goal:** Transfer ownership from the current owner to a Juicebox project, so the NFT holder becomes the new owner.
+
+### Precondition
+
+The target project exists (ID <= `PROJECTS.count()`). The caller is the current owner or has adequate permissions.
+
+### Steps
+
+1. **Owner calls `transferOwnershipToProject(projectId)`**
+
+   - Validates: `projectId != 0` (reverts with `JBOwnableOverrides_InvalidNewOwner`)
+   - Validates: `projectId <= type(uint88).max` (reverts with `JBOwnableOverrides_InvalidNewOwner`)
+   - Validates: `projectId <= PROJECTS.count()` (reverts with `JBOwnableOverrides_ProjectDoesNotExist`)
+
+2. **`_checkOwner()` validates the caller** (same as Journey 2, Step 2)
+
+3. **`_transferOwnership(address(0), uint88(projectId))` executes the transfer**
+
+   - Records `oldOwner` (resolved from current `jbOwner`)
+   - Overwrites `jbOwner = JBOwner({owner: address(0), projectId: uint88(projectId), permissionId: 0})`
+   - Calls `_emitTransferEvent(oldOwner, address(0), uint88(projectId))`
+
+4. **`_emitTransferEvent` in `JBOwnable`**
+
+   - Since `newProjectId != 0`: emits `OwnershipTransferred(oldOwner, PROJECTS.ownerOf(projectId), msg.sender)`
+
+### Result
+
+`jbOwner.owner == address(0)`, `jbOwner.projectId == projectId`, `jbOwner.permissionId == 0`. The project NFT holder is now the owner. Ownership dynamically follows NFT transfers.
+
+### What to verify
+
+- The project existence check (`projectId <= PROJECTS.count()`) prevents transferring to a nonexistent project.
+- The `uint88` cast does not truncate (the preceding `type(uint88).max` check ensures this).
+- If the project NFT is subsequently burned (hypothetically), `owner()` returns `address(0)` and the contract is effectively renounced.
+
+---
+
+## Journey 4: Delegate Access via Permission ID
+
+**Actor:** Current owner.
+**Goal:** Allow additional addresses to call `onlyOwner` functions through the JBPermissions system.
+
+### Precondition
+
+The contract has an owner. The owner wants to delegate access to one or more operators.
+
+### Steps
+
+1. **Owner calls `setPermissionId(permissionId)`**
+
+   - `_checkOwner()` validates the caller
+   - `_setPermissionId(permissionId)` writes `jbOwner.permissionId = permissionId`
+   - Emits `PermissionIdChanged(permissionId, msg.sender)`
+
+2. **Owner grants the permission to operators via JBPermissions**
+
+   - `permissions.setPermissionsFor(account, JBPermissionsData({operator: operatorAddress, projectId: projectId, permissionIds: [permissionId]}))`
+   - This is an external call on the JBPermissions contract, not on the JBOwnable contract
+
+3. **Operator calls an `onlyOwner` function**
+
+   - `_checkOwner()` resolves the owner and calls `_requirePermissionFrom(resolvedOwner, projectId, permissionId)`
+   - `JBPermissioned._requirePermissionFrom` checks `JBPermissions.hasPermission(msg.sender, resolvedOwner, projectId, permissionId)` -- passes
+
+### Result
+
+The operator can call any function protected by `onlyOwner` on this contract. The permission is scoped to the owner's account and project ID.
+
+### What to verify
+
+- `permissionId == 0` effectively disables delegation (permission ID 0 cannot be set in `JBPermissions`). Only the owner (or ROOT holders) can call `onlyOwner` functions.
+- If the owner transfers ownership, `permissionId` resets to 0. The new owner must re-configure delegation.
+- ROOT (permission ID 1) always grants access regardless of the configured `permissionId`. This is a feature of `JBPermissioned`, not specific to `JBOwnable`.
+- The operator's access is not stored on the JBOwnable contract -- it lives in JBPermissions. Changing the `permissionId` on JBOwnable instantly changes which JBPermissions grants are recognized.
+
+---
+
+## Journey 5: Renounce Ownership
+
+**Actor:** Current owner.
+**Goal:** Permanently give up ownership, making `onlyOwner` functions uncallable.
+
+### Precondition
+
+The caller is the current owner and understands this action is irreversible.
+
+### Steps
+
+1. **Owner calls `renounceOwnership()`**
+
+   - `_checkOwner()` validates the caller
+
+2. **`_transferOwnership(address(0), 0)` executes**
+
+   - Records `oldOwner` (resolved from current `jbOwner`)
+   - Overwrites `jbOwner = JBOwner({owner: address(0), projectId: 0, permissionId: 0})`
+   - Calls `_emitTransferEvent(oldOwner, address(0), 0)`
+   - Emits `OwnershipTransferred(oldOwner, address(0), msg.sender)`
+
+### Result
+
+`jbOwner` is zeroed out. `owner()` returns `address(0)`. All future calls to `_checkOwner()` revert because `_requirePermissionFrom(address(0), 0, 0)` fails for any `msg.sender` (no address equals `address(0)`, and no permission can satisfy the check against a zero-address account).
+
+### What to verify
+
+- After renouncing, `transferOwnership`, `transferOwnershipToProject`, `setPermissionId`, and `renounceOwnership` all revert.
+- There is no recovery mechanism. No admin backdoor. No timelock. Renouncement is permanent.
+- A second call to `renounceOwnership()` also reverts (because `_checkOwner()` fails).
+- Even ROOT holders cannot act as owner after renouncement, because `_requirePermissionFrom(address(0), 0, 0)` does not recognize ROOT as a valid bypass when the account is `address(0)`.
+
+---
+
+## Journey 6: Implicit Renouncement via Project NFT Burn
+
+**Actor:** None (system behavior).
+**Goal:** Understand what happens when the project NFT underlying a project-owned contract ceases to exist.
+
+### Precondition
+
+The contract is project-owned (`jbOwner.projectId != 0`). The project NFT is burned or otherwise invalidated (note: JBProjects V6 has no burn function, so this is a defensive scenario).
+
+### Steps
+
+1. **`PROJECTS.ownerOf(projectId)` starts reverting**
+
+   - The ERC-721 `ownerOf` function reverts for burned tokens
+
+2. **`owner()` catches the revert and returns `address(0)`**
+
+   - The try-catch in `owner()` returns `address(0)` when `ownerOf` reverts
+
+3. **`_checkOwner()` catches the revert and resolves owner to `address(0)`**
+
+   - `_requirePermissionFrom(address(0), projectId, permissionId)` is called
+   - No `msg.sender` can equal `address(0)`, so the check always fails
+
+### Result
+
+The contract is effectively renounced without anyone calling `renounceOwnership()`. All `onlyOwner` functions permanently revert. The `jbOwner` struct still contains the old `projectId`, but it has no practical effect.
+
+### What to verify
+
+- There is no way to "revive" ownership after the NFT is burned. Even re-minting an NFT with the same ID (if possible) would restore ownership.
+- The `jbOwner` struct is NOT cleared in this scenario -- it still shows the old `projectId`. Only the resolved owner is `address(0)`.
+- This behavior is consistent between `owner()` and `_checkOwner()` (both use the same try-catch pattern).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bananapus/ownable-v6",
-  "version": "0.0.8",
+  "version": "0.0.10",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -10,8 +10,8 @@
     "node": ">=20.0.0"
   },
   "dependencies": {
-    "@bananapus/core-v6": "^0.0.15",
-    "@bananapus/permission-ids-v6": "^0.0.7",
+    "@bananapus/core-v6": "^0.0.17",
+    "@bananapus/permission-ids-v6": "^0.0.10",
     "@openzeppelin/contracts": "^5.6.1"
   },
   "scripts": {

package/src/JBOwnable.sol

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: MIT
 // Juicebox variation on OpenZeppelin Ownable
-pragma solidity ^0.8.26;
+pragma solidity 0.8.26;
 
 import {IJBProjects} from "@bananapus/core-v6/src/interfaces/IJBProjects.sol";
 import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
@@ -58,6 +58,9 @@ contract JBOwnable is JBOwnableOverrides {
     /// @notice Either `newOwner` or `newProjectId` is non-zero or both are zero. But they can never both be non-zero.
     /// @dev This function exists because some contracts need to deploy contracts for a project before the project's NFT
     /// has been minted, so the transfer event resolves the project's current owner at emission time.
+    /// @dev Unlike `_transferOwnership` (which uses try-catch to resolve the *old* owner in case its project NFT was
+    /// burned), this function intentionally lets `PROJECTS.ownerOf(newProjectId)` revert if the new project doesn't
+    /// exist. A revert here is desirable — it prevents transferring ownership to a non-existent project.
     function _emitTransferEvent(
         address previousOwner,
         address newOwner,

package/src/JBOwnableOverrides.sol

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: MIT
 // Juicebox variation on OpenZeppelin Ownable
-pragma solidity ^0.8.26;
+pragma solidity 0.8.26;
 
 import {JBPermissioned} from "@bananapus/core-v6/src/abstract/JBPermissioned.sol";
 import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
@@ -75,7 +75,11 @@ abstract contract JBOwnableOverrides is Context, JBPermissioned, IJBOwnable {
             revert JBOwnableOverrides_InvalidNewOwner();
         }
 
-        _transferOwnership(initialOwner, initialProjectIdOwner);
+        // No explicit project existence check here — if `initialProjectIdOwner` refers to an unminted project,
+        // `owner()` will resolve via `PROJECTS.ownerOf()`, which reverts for non-existent tokens. The try-catch
+        // in `owner()` treats this as renounced (returns address(0)), effectively locking the contract until
+        // the project is minted. This is acceptable because deployers control the constructor arguments.
+        _transferOwnership({newOwner: initialOwner, projectId: initialProjectIdOwner});
     }
 
     //*********************************************************************//
@@ -140,7 +144,7 @@ abstract contract JBOwnableOverrides is Context, JBPermissioned, IJBOwnable {
     /// @dev This can only be called by the current owner.
     function renounceOwnership() public virtual override {
         _checkOwner();
-        _transferOwnership(address(0), 0);
+        _transferOwnership({newOwner: address(0), projectId: 0});
     }
 
     /// @notice Sets the permission ID the owner can use to give other addresses owner access.
@@ -162,7 +166,7 @@ abstract contract JBOwnableOverrides is Context, JBPermissioned, IJBOwnable {
             revert JBOwnableOverrides_InvalidNewOwner();
         }
 
-        _transferOwnership(newOwner, 0);
+        _transferOwnership({newOwner: newOwner, projectId: 0});
     }
 
     /// @notice Transfer ownership of this contract to a new Juicebox project.
@@ -181,7 +185,8 @@ abstract contract JBOwnableOverrides is Context, JBPermissioned, IJBOwnable {
             revert JBOwnableOverrides_ProjectDoesNotExist();
         }
 
-        _transferOwnership(address(0), uint88(projectId));
+        // forge-lint: disable-next-line(unsafe-typecast)
+        _transferOwnership({newOwner: address(0), projectId: uint88(projectId)});
     }
 
     //*********************************************************************//
@@ -207,7 +212,7 @@ abstract contract JBOwnableOverrides is Context, JBPermissioned, IJBOwnable {
     /// @notice Helper to allow for drop-in replacement of OpenZeppelin `Ownable`.
     /// @param newOwner The address that should receive ownership of this contract.
     function _transferOwnership(address newOwner) internal virtual {
-        _transferOwnership(newOwner, 0);
+        _transferOwnership({newOwner: newOwner, projectId: 0});
     }
 
     /// @notice Transfers this contract's ownership to an address (`newOwner`) OR a Juicebox project (`projectId`).
@@ -238,6 +243,6 @@ abstract contract JBOwnableOverrides is Context, JBPermissioned, IJBOwnable {
         // This is to prevent permissions clashes for the new user/owner.
         jbOwner = JBOwner({owner: newOwner, projectId: projectId, permissionId: 0});
         // Emit a transfer event with the new owner's address.
-        _emitTransferEvent(oldOwner, newOwner, projectId);
+        _emitTransferEvent({previousOwner: oldOwner, newOwner: newOwner, newProjectId: projectId});
     }
 }

package/src/structs/JBOwner.sol

@@ -7,6 +7,7 @@ pragma solidity ^0.8.0;
 /// `owner` address has owner access.
 /// @custom:member permissionId The permission ID which corresponds to owner access. See `JBPermissions` in `nana-core`
 /// and `nana-permission-ids`.
+// forge-lint: disable-next-line(pascal-case-struct)
 struct JBOwner {
     address owner;
     uint88 projectId;

package/test/Ownable.t.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: UNLICENSED
 pragma solidity ^0.8.26;
 
-import "forge-std/Test.sol";
+import {Test} from "forge-std/Test.sol";
 import {MockOwnable} from "./mocks/MockOwnable.sol";
 import {JBOwnableOverrides} from "../src/JBOwnableOverrides.sol";
 
@@ -13,8 +13,8 @@ import {JBPermissionsData} from "@bananapus/core-v6/src/structs/JBPermissionsDat
 import {IJBProjects} from "@bananapus/core-v6/src/interfaces/IJBProjects.sol";
 
 contract OwnableTest is Test {
-    IJBProjects PROJECTS;
-    IJBPermissions PERMISSIONS;
+    IJBProjects projects;
+    IJBPermissions permissions;
 
     modifier isNotContract(address a) {
         uint256 size;
@@ -27,9 +27,9 @@ contract OwnableTest is Test {
 
     function setUp() public {
         // Deploy the permissions contract.
-        PERMISSIONS = new JBPermissions(address(0));
+        permissions = new JBPermissions(address(0));
         // Deploy the projects contract.
-        PROJECTS = new JBProjects(address(123), address(0), address(0));
+        projects = new JBProjects(address(123), address(0), address(0));
     }
 
     function testDeployerDoesNotBecomeOwner(address deployer, address owner) public isNotContract(owner) {
@@ -37,7 +37,7 @@ contract OwnableTest is Test {
         vm.assume(owner != address(0));
 
         vm.prank(deployer);
-        MockOwnable ownable = new MockOwnable(PROJECTS, PERMISSIONS, owner, uint88(0));
+        MockOwnable ownable = new MockOwnable(projects, permissions, owner, uint88(0));
 
         assertEq(owner, ownable.owner(), "Deployer did not become the owner.");
     }
@@ -56,17 +56,18 @@ contract OwnableTest is Test {
         vm.assume(newProjectOwner != address(0));
 
         // Create a project for the owner.
-        uint256 projectId = PROJECTS.createFor(projectOwner);
+        uint256 projectId = projects.createFor(projectOwner);
 
         // Create the `Ownable` contract.
-        MockOwnable ownable = new MockOwnable(PROJECTS, PERMISSIONS, address(0), uint88(projectId));
+        // forge-lint: disable-next-line(unsafe-typecast)
+        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(projectId));
 
         // Make sure the deployer owns it.
         assertEq(projectOwner, ownable.owner(), "Deployer is not the owner.");
 
         // Transfer the project's ownership.
         vm.prank(projectOwner);
-        PROJECTS.transferFrom(projectOwner, newProjectOwner, projectId);
+        projects.transferFrom(projectOwner, newProjectOwner, projectId);
 
         // Make sure the `Ownable` contract has also been transferred to the new project owner.
         assertEq(newProjectOwner, ownable.owner(), "Ownable did not follow the Project owner.");
@@ -86,10 +87,11 @@ contract OwnableTest is Test {
         vm.assume(projectOwner != address(0));
 
         // Create a project for the owner.
-        uint256 _projectId = PROJECTS.createFor(projectOwner);
+        uint256 _projectId = projects.createFor(projectOwner);
 
         // Create the `Ownable` contract.
-        MockOwnable ownable = new MockOwnable(PROJECTS, PERMISSIONS, address(0), uint88(_projectId));
+        // forge-lint: disable-next-line(unsafe-typecast)
+        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(_projectId));
 
         // Make sure the project owner owns it.
         assertEq(projectOwner, ownable.owner(), "Deployer is not the owner.");
@@ -100,7 +102,7 @@ contract OwnableTest is Test {
         // Make sure it was transferred to the new owner.
         assertEq(newOwnableOwner, ownable.owner());
         // Sanity check to make sure it only the `Ownable` changed, and that the project did not.
-        assertEq(PROJECTS.ownerOf(_projectId), projectOwner);
+        assertEq(projects.ownerOf(_projectId), projectOwner);
     }
 
     function testCantTransferToProjectZero(address owner) public {
@@ -108,7 +110,7 @@ contract OwnableTest is Test {
         vm.startPrank(owner);
 
         // Create the `Ownable` contract.
-        MockOwnable ownable = new MockOwnable(PROJECTS, PERMISSIONS, owner, 0);
+        MockOwnable ownable = new MockOwnable(projects, permissions, owner, 0);
 
         vm.expectRevert(abi.encodeWithSelector(JBOwnableOverrides.JBOwnableOverrides_InvalidNewOwner.selector));
 
@@ -122,7 +124,7 @@ contract OwnableTest is Test {
         vm.startPrank(owner);
 
         // Create the `Ownable` contract.
-        MockOwnable ownable = new MockOwnable(PROJECTS, PERMISSIONS, owner, uint88(0));
+        MockOwnable ownable = new MockOwnable(projects, permissions, owner, uint88(0));
 
         vm.expectRevert(abi.encodeWithSelector(JBOwnableOverrides.JBOwnableOverrides_InvalidNewOwner.selector));
 
@@ -145,18 +147,19 @@ contract OwnableTest is Test {
         vm.assume(newProjectOwner != address(0));
 
         // Create a project for the owner.
-        uint256 _projectId = PROJECTS.createFor(projectOwner);
+        uint256 _projectId = projects.createFor(projectOwner);
 
         // Create the `Ownable` contract.
-        MockOwnable ownable = new MockOwnable(PROJECTS, PERMISSIONS, address(0), uint88(_projectId));
+        // forge-lint: disable-next-line(unsafe-typecast)
+        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(_projectId));
 
         // Make sure the project owner owns it.
         assertEq(projectOwner, ownable.owner(), "Deployer is not the owner.");
 
         // Transfer the project ownership.
         vm.prank(projectOwner);
-        PROJECTS.transferFrom(projectOwner, newProjectOwner, _projectId);
-        assertEq(PROJECTS.ownerOf(_projectId), newProjectOwner);
+        projects.transferFrom(projectOwner, newProjectOwner, _projectId);
+        assertEq(projects.ownerOf(_projectId), newProjectOwner);
 
         // Make sure the `Ownable` contract has also been transferred to the new project owner.
         assertEq(newProjectOwner, ownable.owner());
@@ -167,7 +170,7 @@ contract OwnableTest is Test {
         vm.assume(deployer != owner);
 
         // Create the `Ownable` contract.
-        MockOwnable ownable = new MockOwnable(PROJECTS, PERMISSIONS, owner, uint88(0));
+        MockOwnable ownable = new MockOwnable(projects, permissions, owner, uint88(0));
 
         // Transfer ownership to the project owner.
         vm.prank(owner);
@@ -185,11 +188,12 @@ contract OwnableTest is Test {
         vm.assume(projectOwner != address(0));
 
         // Create a project for the owner.
-        uint256 _projectId = PROJECTS.createFor(projectOwner);
+        uint256 _projectId = projects.createFor(projectOwner);
 
         // Create the `Ownable` contract.
         vm.prank(deployer);
-        MockOwnable ownable = new MockOwnable(PROJECTS, PERMISSIONS, address(0), uint88(_projectId));
+        // forge-lint: disable-next-line(unsafe-typecast)
+        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(_projectId));
 
         // Renounce the ownership.
         vm.prank(projectOwner);
@@ -218,10 +222,11 @@ contract OwnableTest is Test {
         }
 
         // Create a project for the owner.
-        uint256 _projectId = PROJECTS.createFor(projectOwner);
+        uint256 _projectId = projects.createFor(projectOwner);
 
         // Create the `Ownable` contract.
-        MockOwnable ownable = new MockOwnable(PROJECTS, PERMISSIONS, address(0), uint88(_projectId));
+        // forge-lint: disable-next-line(unsafe-typecast)
+        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(_projectId));
 
         // Set the required permission.
         vm.prank(projectOwner);
@@ -254,8 +259,9 @@ contract OwnableTest is Test {
 
         // The owner gives permission to the caller.
         vm.prank(projectOwner);
-        PERMISSIONS.setPermissionsFor(
+        permissions.setPermissionsFor(
             projectOwner,
+            // forge-lint: disable-next-line(unsafe-typecast)
             JBPermissionsData({operator: callerAddress, projectId: uint56(_projectId), permissionIds: _permissionIds})
         );
 
@@ -296,10 +302,11 @@ contract OwnableTest is Test {
         }
 
         // Create a project for the owner.
-        uint256 _projectId = PROJECTS.createFor(projectOwner);
+        uint256 _projectId = projects.createFor(projectOwner);
 
         // Create the `Ownable` contract.
-        MockOwnable ownable = new MockOwnable(PROJECTS, PERMISSIONS, address(0), uint88(_projectId));
+        // forge-lint: disable-next-line(unsafe-typecast)
+        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(_projectId));
 
         // Set the permission that is required.
         ownable.setPermission(requiredPermissionId);
@@ -331,8 +338,9 @@ contract OwnableTest is Test {
 
         // The owner gives permission to the caller.
         vm.prank(projectOwner);
-        PERMISSIONS.setPermissionsFor(
+        permissions.setPermissionsFor(
             projectOwner,
+            // forge-lint: disable-next-line(unsafe-typecast)
             JBPermissionsData({operator: callerAddress, projectId: uint56(_projectId), permissionIds: _permissionIds})
         );
 
@@ -356,19 +364,20 @@ contract OwnableTest is Test {
         vm.assume(owner != address(0) && projectOwner != address(0));
 
         // Create a project for the owner.
-        uint256 _projectId = PROJECTS.createFor(projectOwner);
+        uint256 _projectId = projects.createFor(projectOwner);
 
         // Should revert because we set both a owner and a projectOwner
         vm.expectRevert(abi.encodeWithSelector(JBOwnableOverrides.JBOwnableOverrides_InvalidNewOwner.selector));
 
         // Create the `Ownable` contract.
-        new MockOwnable(PROJECTS, PERMISSIONS, address(owner), uint88(_projectId));
+        // forge-lint: disable-next-line(unsafe-typecast)
+        new MockOwnable(projects, permissions, address(owner), uint88(_projectId));
     }
 
     function testCantInitializeAsRenounced() public {
         // Should revert because we set both a owner and a projectOwner
         vm.expectRevert(abi.encodeWithSelector(JBOwnableOverrides.JBOwnableOverrides_InvalidNewOwner.selector));
         // Create the `Ownable` contract.
-        new MockOwnable(PROJECTS, PERMISSIONS, address(0), uint88(0));
+        new MockOwnable(projects, permissions, address(0), uint88(0));
     }
 }