@bananapus/permission-ids-v6 0.0.2 → 0.0.4

package/README.md

@@ -1,23 +1,98 @@
-# nana-permission-ids-v6
+# Juicebox Permission IDs
 
-Library of `uint8` constants defining all permission IDs used with `JBPermissions` across the Juicebox V6 ecosystem.
+The single source of truth for access control across the Juicebox V6 ecosystem. This library defines 32 `uint8` constants -- one for each permission ID used with [`JBPermissions`](https://github.com/Bananapus/nana-core-v6/blob/main/src/JBPermissions.sol) -- ensuring every contract references the same IDs.
+
+## How permissions work
+
+Juicebox V6 access control is built on a simple model: an **account** (typically a project owner) grants an **operator** (any address) a set of permission IDs scoped to a specific **project ID**. When a permissioned function is called, the contract checks that the caller either *is* the account or *has* the required permission ID for that project.
+
+Permissions are stored as a 256-bit packed integer in `JBPermissions`, where each bit position corresponds to a permission ID. This library provides human-readable names for those bit positions.
+
+```
+permissionsOf[operator][account][projectId] => uint256 (packed bits)
+```
 
 ## Architecture
 
 | Contract | Description |
 |----------|-------------|
-| `JBPermissionIds` | Solidity library with 32 `uint8 internal constant` permission IDs. No state, no functions. |
-
-### Permission ID Ranges
-
-| IDs | Repository | Permissions |
-|-----|------------|-------------|
-| 1 | All | `ROOT` -- grants all permissions. |
-| 2--20 | nana-core-v6 | `QUEUE_RULESETS`, `LAUNCH_RULESETS`, `CASH_OUT_TOKENS`, `SEND_PAYOUTS`, `MIGRATE_TERMINAL`, `SET_PROJECT_URI`, `DEPLOY_ERC20`, `SET_TOKEN`, `MINT_TOKENS`, `BURN_TOKENS`, `CLAIM_TOKENS`, `TRANSFER_CREDITS`, `SET_CONTROLLER`, `SET_TERMINALS`, `SET_PRIMARY_TERMINAL`, `USE_ALLOWANCE`, `SET_SPLIT_GROUPS`, `ADD_PRICE_FEED`, `ADD_ACCOUNTING_CONTEXTS` |
-| 21--24 | nana-721-hook-v6 | `ADJUST_721_TIERS`, `SET_721_METADATA`, `MINT_721`, `SET_721_DISCOUNT_PERCENT` |
-| 25--27 | nana-buyback-hook-v6 | `SET_BUYBACK_TWAP`, `SET_BUYBACK_POOL`, `SET_BUYBACK_HOOK` |
-| 28 | nana-router-terminal-v6 | `SET_ROUTER_TERMINAL` |
-| 29--32 | nana-suckers-v6 | `MAP_SUCKER_TOKEN`, `DEPLOY_SUCKERS`, `SUCKER_SAFETY`, `SET_SUCKER_DEPRECATION` |
+| `JBPermissionIds` | Solidity library with 32 `uint8 internal constant` permission IDs (values 1--32). No state, no functions, no dependencies. Pragma `^0.8.0` for maximum compatibility. |
+
+## All permission IDs
+
+### Global (ID 1)
+
+| ID | Name | Description |
+|----|------|-------------|
+| 1 | `ROOT` | Grants **all** permissions across every contract. An operator with ROOT can call any permissioned function on behalf of the account. Must be granted with extreme care. See [Gotchas](#gotchas) for restrictions. |
+
+### Core (IDs 2--20) -- [nana-core-v6](https://github.com/Bananapus/nana-core-v6)
+
+| ID | Name | Checked in | Description |
+|----|------|------------|-------------|
+| 2 | `QUEUE_RULESETS` | `JBController.queueRulesetsOf` | Queue new rulesets for a project. Also required by `JB721TiersHookProjectDeployer` and `JBOmnichainDeployer`. |
+| 3 | `LAUNCH_RULESETS` | `JBController.launchRulesetsFor` | Launch a project's initial rulesets and terminals. Note: the caller also needs `SET_TERMINALS` (ID 15) since this function configures terminals. |
+| 4 | `CASH_OUT_TOKENS` | `JBMultiTerminal.cashOutTokensOf` | Cash out (redeem) a holder's tokens for a share of the project's surplus. Checked against the **token holder**, not the project owner. |
+| 5 | `SEND_PAYOUTS` | `JBMultiTerminal.sendPayoutsOf` | Send payouts to a project's splits up to its payout limit. |
+| 6 | `MIGRATE_TERMINAL` | `JBMultiTerminal.migrateBalanceOf` | Migrate a project's balance from one terminal to another. |
+| 7 | `SET_PROJECT_URI` | `JBController.setUriOf` | Set a project's metadata URI. |
+| 8 | `DEPLOY_ERC20` | `JBController.deployERC20For` | Deploy a new ERC-20 token for a project. |
+| 9 | `SET_TOKEN` | `JBController.setTokenFor` | Set an existing ERC-20 token for a project. |
+| 10 | `MINT_TOKENS` | `JBController.mintTokensOf` | Mint new project tokens. Only works if the current ruleset allows owner minting. |
+| 11 | `BURN_TOKENS` | `JBController.burnTokensOf` | Burn a holder's project tokens. Checked against the **token holder**, not the project owner. |
+| 12 | `CLAIM_TOKENS` | `JBController.claimTokensFor` | Claim a holder's internal credit balance as ERC-20 tokens. Checked against the **token holder**. |
+| 13 | `TRANSFER_CREDITS` | `JBController.transferCreditsFrom` | Transfer a holder's internal credit balance to another address. Checked against the **token holder**. |
+| 14 | `SET_CONTROLLER` | `JBDirectory.setControllerOf` | Set a project's controller in the directory. |
+| 15 | `SET_TERMINALS` | `JBDirectory.setTerminalsOf` | Set a project's terminals. **Warning:** can remove the primary terminal. Also required by `LAUNCH_RULESETS` (ID 3). |
+| 16 | `SET_PRIMARY_TERMINAL` | `JBDirectory.setPrimaryTerminalOf` | Set a project's primary terminal for a given token. |
+| 17 | `USE_ALLOWANCE` | `JBMultiTerminal.useAllowanceOf` | Use a project's surplus allowance to send funds to an arbitrary address. |
+| 18 | `SET_SPLIT_GROUPS` | `JBController.setSplitGroupsOf` | Set a project's split groups (how payouts and reserved tokens are distributed). |
+| 19 | `ADD_PRICE_FEED` | `JBController.addPriceFeed` | Add a price feed for a project. The controller checks this permission before calling `JBPrices.addPriceFeedFor`. |
+| 20 | `ADD_ACCOUNTING_CONTEXTS` | `JBMultiTerminal.addAccountingContextsFor` | Add accounting contexts (accepted tokens) to a terminal for a project. |
+
+### 721 Hook (IDs 21--24) -- [nana-721-hook-v6](https://github.com/Bananapus/nana-721-hook-v6)
+
+| ID | Name | Checked in | Description |
+|----|------|------------|-------------|
+| 21 | `ADJUST_721_TIERS` | `JB721TiersHook.adjustTiers` | Add or remove NFT tiers. Also used by `CTPublisher` and `CTProjectOwner` in croptop-core-v6. |
+| 22 | `SET_721_METADATA` | `JB721TiersHook.setMetadata` | Set the metadata (base URI, contract URI, token URI resolver) for a 721 hook. |
+| 23 | `MINT_721` | `JB721TiersHook.mintFor` | Manually mint NFTs from specific tiers to a beneficiary. |
+| 24 | `SET_721_DISCOUNT_PERCENT` | `JB721TiersHook.setDiscountPercentOf` | Set the discount percent for one or more NFT tiers. |
+
+### Buyback Hook (IDs 25--27) -- [nana-buyback-hook-v6](https://github.com/Bananapus/nana-buyback-hook-v6)
+
+| ID | Name | Checked in | Description |
+|----|------|------------|-------------|
+| 25 | `SET_BUYBACK_TWAP` | `JBBuybackHook.setTwapWindowOf` | Set the TWAP (time-weighted average price) oracle window for a project's buyback hook. |
+| 26 | `SET_BUYBACK_POOL` | `JBBuybackHook.setPoolFor`, `JBBuybackHookRegistry.setHookFor`, `JBBuybackHookRegistry.lockHookFor` | Set the Uniswap pool for a project's buyback. Also guards setting and locking the hook in `JBBuybackHookRegistry`. |
+| 27 | `SET_BUYBACK_HOOK` | *Reserved / revnet-core-v6* | Defined in `JBPermissionIds` for `JBBuybackHookRegistry.setHookFor` and `lockHookFor`, but the registry currently checks `SET_BUYBACK_POOL` (ID 26) for those functions. Used by `REVDeployer` in revnet-core-v6 as an operator permission grant. |
+
+### Router Terminal (ID 28) -- [nana-router-terminal-v6](https://github.com/Bananapus/nana-router-terminal-v6)
+
+| ID | Name | Checked in | Description |
+|----|------|------------|-------------|
+| 28 | `SET_ROUTER_TERMINAL` | `JBRouterTerminalRegistry.setTerminalFor`, `JBRouterTerminalRegistry.lockTerminalFor` | Set or lock the router terminal for a project. |
+
+### Suckers / Omnichain (IDs 29--32) -- [nana-suckers-v6](https://github.com/Bananapus/nana-suckers-v6)
+
+| ID | Name | Checked in | Description |
+|----|------|------------|-------------|
+| 29 | `MAP_SUCKER_TOKEN` | `JBSucker.mapToken` | Map an ERC-20 token to its remote chain counterpart in a sucker. Mapping is immutable once the outbox tree has entries. |
+| 30 | `DEPLOY_SUCKERS` | `JBSuckerRegistry.deploySuckersFor` | Deploy new sucker contracts for a project. Also checked by `JBOmnichainDeployer` and `CTDeployer`. |
+| 31 | `SUCKER_SAFETY` | `JBSucker.enableEmergencyHatchFor` | Enable the emergency hatch for a sucker, allowing the project owner to recover stuck tokens. |
+| 32 | `SET_SUCKER_DEPRECATION` | `JBSucker.setDeprecation` | Set the deprecation status of a sucker (ENABLED, DEPRECATION_PENDING, SENDING_DISABLED, DEPRECATED). |
+
+## Gotchas
+
+- **ROOT is dangerous.** It grants every permission on every contract. An operator with ROOT for project 5 can queue rulesets, send payouts, migrate terminals, mint tokens, etc. -- all on behalf of the granting account for that project.
+- **ROOT cannot be granted for the wildcard project ID.** `JBPermissions` reverts with `JBPermissions_CantSetRootPermissionForWildcardProject()` if you try to set ROOT with `projectId = 0`. This prevents a single operator from controlling all of an account's projects.
+- **ROOT operators can set permissions for others, but cannot grant ROOT.** A ROOT operator can call `setPermissionsFor` on behalf of the account, but only if the new permission set does NOT include ROOT and is NOT for the wildcard project ID.
+- **Permission ID 0 is reserved.** `JBPermissions` reverts with `JBPermissions_NoZeroPermission()` if bit 0 is set in any packed permission value. IDs start at 1.
+- **Wildcard project ID (0) applies to all projects.** Granting a permission with `projectId = 0` means the operator has that permission for every project owned by the account. Use with caution.
+- **SET_TERMINALS can remove the primary terminal.** The source code warns about this. Replacing the terminal list can drop the primary terminal, breaking payments and cashouts.
+- **LAUNCH_RULESETS requires SET_TERMINALS.** `launchRulesetsFor` enforces both `LAUNCH_RULESETS` and `SET_TERMINALS` because it configures terminals as part of the launch.
+- **Holder vs. owner permissions.** Most permissions are checked against the project owner, but `CASH_OUT_TOKENS`, `BURN_TOKENS`, `CLAIM_TOKENS`, and `TRANSFER_CREDITS` are checked against the **token holder**. This means a holder can grant an operator permission to cash out or burn their own tokens.
+- **The uint8 type limits IDs to 0--255.** Currently 32 are defined (1--32), leaving room for future extensions.
 
 ## Install
 

package/SKILLS.md

@@ -1,75 +1,137 @@
-# nana-permission-ids-v5
+# Juicebox Permission IDs
 
 ## Purpose
 
-Defines all `uint8` permission ID constants used across the Juicebox V5 ecosystem, passed to `JBPermissions.setPermissionsFor()` to grant scoped access to protocol functions.
+Defines all `uint8` permission ID constants used across the Juicebox V6 ecosystem. These IDs are passed to `JBPermissions.setPermissionsFor()` to grant scoped access to protocol functions. The library has no state, no functions, and no dependencies -- it exists solely so that every contract references the same numeric IDs by name.
 
 ## Contracts
 
 | Contract | Role |
 |----------|------|
-| `JBPermissionIds` | Constants-only library. No state, no functions. Pragma `^0.8.0` for maximum compatibility. |
+| `JBPermissionIds` | Constants-only library. 32 `uint8 internal constant` values (1--32). Pragma `^0.8.0` for maximum compatibility across all Juicebox contracts. |
 
 ## Key Functions
 
 N/A -- this is a constants-only library with no callable functions.
 
+## How permissions work
+
+Permissions are stored in `JBPermissions` as a 256-bit packed integer:
+
+```
+permissionsOf[operator][account][projectId] => uint256 (one bit per permission ID)
+```
+
+When a permissioned function is called, the contract checks whether the caller either **is** the account or **has** the required permission ID for that project. The check also considers:
+
+1. **ROOT override** -- if the operator has ROOT (ID 1) for the project (or wildcard), all permission checks pass.
+2. **Wildcard project ID** -- permissions granted with `projectId = 0` apply to all projects for that account.
+
 ## All Permission IDs
 
-| ID | Name | Grants access to |
-|----|------|-----------------|
-| 1 | `ROOT` | All permissions across every contract. |
-| 2 | `QUEUE_RULESETS` | `JBController.queueRulesetsOf`, `launchRulesetsFor` |
-| 3 | `CASH_OUT_TOKENS` | `JBMultiTerminal.cashOutTokensOf` |
-| 4 | `SEND_PAYOUTS` | `JBMultiTerminal.sendPayoutsOf` |
-| 5 | `MIGRATE_TERMINAL` | `JBMultiTerminal.migrateBalanceOf` |
-| 6 | `SET_PROJECT_URI` | `JBController.setUriOf` |
-| 7 | `DEPLOY_ERC20` | `JBController.deployERC20For` |
-| 8 | `SET_TOKEN` | `JBController.setTokenFor` |
-| 9 | `MINT_TOKENS` | `JBController.mintTokensOf` |
-| 10 | `BURN_TOKENS` | `JBController.burnTokensOf` |
-| 11 | `CLAIM_TOKENS` | `JBController.claimTokensFor` |
-| 12 | `TRANSFER_CREDITS` | `JBController.transferCreditsFrom` |
-| 13 | `SET_CONTROLLER` | `JBDirectory.setControllerOf` |
-| 14 | `SET_TERMINALS` | `JBDirectory.setTerminalsOf` |
-| 15 | `SET_PRIMARY_TERMINAL` | `JBDirectory.setPrimaryTerminalOf` |
-| 16 | `USE_ALLOWANCE` | `JBMultiTerminal.useAllowanceOf` |
-| 17 | `SET_SPLIT_GROUPS` | `JBController.setSplitGroupsOf` |
-| 18 | `ADD_PRICE_FEED` | `JBPrices.addPriceFeedFor` |
-| 19 | `ADD_ACCOUNTING_CONTEXTS` | `JBMultiTerminal.addAccountingContextsFor` |
-| 20 | `ADJUST_721_TIERS` | `JB721TiersHook.adjustTiers` |
-| 21 | `SET_721_METADATA` | `JB721TiersHook.setMetadata` |
-| 22 | `MINT_721` | `JB721TiersHook.mintFor` |
-| 23 | `SET_721_DISCOUNT_PERCENT` | `JB721TiersHook.setDiscountPercentOf` |
-| 24 | `SET_BUYBACK_TWAP` | `JBBuybackHook.setTwapWindowOf`, `setTwapSlippageToleranceOf` |
-| 25 | `SET_BUYBACK_POOL` | `JBBuybackHook.setPoolFor` |
-| 26 | `ADD_SWAP_TERMINAL_POOL` | `JBSwapTerminal.addDefaultPool` |
-| 27 | `ADD_SWAP_TERMINAL_TWAP_PARAMS` | `JBSwapTerminal.addTwapParamsFor` |
-| 28 | `MAP_SUCKER_TOKEN` | `BPSucker.mapToken` |
-| 29 | `DEPLOY_SUCKERS` | `BPSuckerRegistry.deploySuckersFor` |
-| 30 | `SUCKER_SAFETY` | `BPSucker.enableEmergencyHatchFor`, `setDeprecation` |
+### Global
+
+| ID | Name | Checked in | Permission scope |
+|----|------|------------|-----------------|
+| 1 | `ROOT` | `JBPermissions` (implicit) | All permissions across every contract. Checked as a fallback in `hasPermission()` and `hasPermissions()`. Cannot be granted for wildcard `projectId = 0`. A ROOT operator can call `setPermissionsFor` on behalf of the account but cannot grant ROOT to others or set wildcard permissions. |
+
+### nana-core-v6
+
+| ID | Name | Checked in | Permission scope |
+|----|------|------------|-----------------|
+| 2 | `QUEUE_RULESETS` | `JBController.queueRulesetsOf` | Queue new rulesets. Checked against project owner. Also required by `JB721TiersHookProjectDeployer.queueRulesetsOf` and `JBOmnichainDeployer` functions. |
+| 3 | `LAUNCH_RULESETS` | `JBController.launchRulesetsFor` | Launch initial rulesets. Checked against project owner. **Also requires `SET_TERMINALS` (ID 15)** since the function configures terminals. |
+| 4 | `CASH_OUT_TOKENS` | `JBMultiTerminal.cashOutTokensOf` | Cash out tokens for surplus. Checked against the **token holder** (not the project owner). |
+| 5 | `SEND_PAYOUTS` | `JBMultiTerminal.sendPayoutsOf` | Send payouts to splits up to the payout limit. Checked against project owner (inside `_sendPayoutsOf`). |
+| 6 | `MIGRATE_TERMINAL` | `JBMultiTerminal.migrateBalanceOf` | Migrate a project's balance to a different terminal. Checked against project owner. |
+| 7 | `SET_PROJECT_URI` | `JBController.setUriOf` | Set a project's metadata URI. Checked against project owner. |
+| 8 | `DEPLOY_ERC20` | `JBController.deployERC20For` | Deploy a cloneable ERC-20 token for a project. Checked against project owner. |
+| 9 | `SET_TOKEN` | `JBController.setTokenFor` | Set an existing ERC-20 token for a project. Checked against project owner. |
+| 10 | `MINT_TOKENS` | `JBController.mintTokensOf` | Mint new project tokens. Checked against project owner. Only effective if the current ruleset allows owner minting. |
+| 11 | `BURN_TOKENS` | `JBController.burnTokensOf` | Burn project tokens. Checked against the **token holder**. |
+| 12 | `CLAIM_TOKENS` | `JBController.claimTokensFor` | Claim internal credits as ERC-20 tokens. Checked against the **token holder**. |
+| 13 | `TRANSFER_CREDITS` | `JBController.transferCreditsFrom` | Transfer internal credit balance to another address. Checked against the **token holder**. |
+| 14 | `SET_CONTROLLER` | `JBDirectory.setControllerOf` | Set a project's controller. Checked against project owner. |
+| 15 | `SET_TERMINALS` | `JBDirectory.setTerminalsOf` | Set a project's terminals. Checked against project owner. **Warning:** can remove the primary terminal. Also checked by `JBController.launchRulesetsFor` (ID 3) and `JBController.launchProjectFor`. |
+| 16 | `SET_PRIMARY_TERMINAL` | `JBDirectory.setPrimaryTerminalOf` | Set the primary terminal for a given token. Checked against project owner. |
+| 17 | `USE_ALLOWANCE` | `JBMultiTerminal.useAllowanceOf` | Use surplus allowance to send funds to an arbitrary address. Checked against project owner. |
+| 18 | `SET_SPLIT_GROUPS` | `JBController.setSplitGroupsOf` | Set how payouts and reserved tokens are distributed. Checked against project owner. |
+| 19 | `ADD_PRICE_FEED` | `JBController.addPriceFeed` | Add a price feed for a project. The controller checks this permission, then calls `JBPrices.addPriceFeedFor` internally. Checked against project owner. |
+| 20 | `ADD_ACCOUNTING_CONTEXTS` | `JBMultiTerminal.addAccountingContextsFor` | Add accepted token accounting contexts to a terminal. Checked against project owner. |
+
+### nana-721-hook-v6
+
+| ID | Name | Checked in | Permission scope |
+|----|------|------------|-----------------|
+| 21 | `ADJUST_721_TIERS` | `JB721TiersHook.adjustTiers` | Add or remove NFT tiers. Checked against `owner()` (the project's controller). Also used by `CTPublisher`, `CTProjectOwner`, and `REVDeployer`. |
+| 22 | `SET_721_METADATA` | `JB721TiersHook.setMetadata` | Set base URI, contract URI, or token URI resolver. Checked against `owner()`. |
+| 23 | `MINT_721` | `JB721TiersHook.mintFor` | Manually mint NFTs from specific tiers. Checked against `owner()`. |
+| 24 | `SET_721_DISCOUNT_PERCENT` | `JB721TiersHook.setDiscountPercentOf` | Set the discount percent for NFT tiers. Checked against `owner()`. Called twice in the function for two separate code paths. |
+
+### nana-buyback-hook-v6
+
+| ID | Name | Checked in | Permission scope |
+|----|------|------------|-----------------|
+| 25 | `SET_BUYBACK_TWAP` | `JBBuybackHook.setTwapWindowOf` | Set the TWAP oracle window duration. Checked against project owner. |
+| 26 | `SET_BUYBACK_POOL` | `JBBuybackHook.setPoolFor`, `JBBuybackHookRegistry.setHookFor`, `JBBuybackHookRegistry.lockHookFor` | Set the Uniswap pool for a project's buyback. Also guards setting and locking the hook in `JBBuybackHookRegistry`. Checked against project owner. |
+| 27 | `SET_BUYBACK_HOOK` | *Currently unused in buyback hook code* | Defined for `JBBuybackHookRegistry.setHookFor` and `lockHookFor` per the source comment, but the registry actually checks `SET_BUYBACK_POOL` (ID 26) for those functions. Referenced by `REVDeployer` in revnet-core-v6 as an operator permission grant. |
+
+### nana-router-terminal-v6
+
+| ID | Name | Checked in | Permission scope |
+|----|------|------------|-----------------|
+| 28 | `SET_ROUTER_TERMINAL` | `JBRouterTerminalRegistry.setTerminalFor`, `JBRouterTerminalRegistry.lockTerminalFor` | Set or lock the router terminal for a project. Checked against project owner. |
+
+### nana-suckers-v6
+
+| ID | Name | Checked in | Permission scope |
+|----|------|------------|-----------------|
+| 29 | `MAP_SUCKER_TOKEN` | `JBSucker.mapToken` | Map an ERC-20 token to its remote chain counterpart. Immutable once the outbox merkle tree has entries. Checked against project owner. |
+| 30 | `DEPLOY_SUCKERS` | `JBSuckerRegistry.deploySuckersFor` | Deploy sucker contracts for cross-chain bridging. Checked against project owner. Also checked by `JBOmnichainDeployer` and `CTDeployer`. |
+| 31 | `SUCKER_SAFETY` | `JBSucker.enableEmergencyHatchFor` | Enable the emergency hatch to recover stuck tokens. Checked against project owner. |
+| 32 | `SET_SUCKER_DEPRECATION` | `JBSucker.setDeprecation` | Move a sucker through the deprecation lifecycle (ENABLED -> DEPRECATION_PENDING -> SENDING_DISABLED -> DEPRECATED). Checked against project owner. |
 
 ## Integration Points
 
 | Dependency | Import | Used For |
 |------------|--------|----------|
-| None | -- | This library has no dependencies. It is imported by all permission-gated Juicebox contracts. |
+| None | -- | This library has no dependencies. It is imported by permission-gated contracts across the ecosystem. |
+
+### Repos that import JBPermissionIds
+
+| Repository | Contracts |
+|------------|-----------|
+| nana-core-v6 | `JBPermissions`, `JBController`, `JBMultiTerminal`, `JBDirectory` |
+| nana-721-hook-v6 | `JB721TiersHook`, `JB721TiersHookProjectDeployer` |
+| nana-buyback-hook-v6 | `JBBuybackHook`, `JBBuybackHookRegistry` |
+| nana-router-terminal-v6 | `JBRouterTerminalRegistry` |
+| nana-suckers-v6 | `JBSucker`, `JBSuckerRegistry` |
+| nana-omnichain-deployers-v6 | `JBOmnichainDeployer` |
+| revnet-core-v6 | `REVDeployer` |
+| croptop-core-v6 | `CTDeployer`, `CTProjectOwner`, `CTPublisher` |
 
 ## Key Types
 
-N/A -- no structs or enums.
+N/A -- no structs or enums. All values are `uint8 internal constant`.
 
 ## Gotchas
 
-- `ROOT` (ID 1) grants all permissions across every contract. Must be granted with extreme care.
-- `SET_TERMINALS` (ID 14) can be used to remove the primary terminal -- the comment in the source warns about this.
-- Permissions are scoped by `(operator, account, projectId)` tuple. Granting with `projectId=0` is a wildcard that applies to all projects for that account.
-- The `uint8` type limits IDs to 0--255. Currently 30 are defined (1--30).
+- **ROOT (ID 1) grants everything.** Any permission check that passes `includeRoot: true` (which all standard `_requirePermissionFrom` calls do) will succeed if the operator has ROOT.
+- **ROOT cannot be granted for wildcard project ID (0).** `JBPermissions.setPermissionsFor` reverts with `JBPermissions_CantSetRootPermissionForWildcardProject()`. This is a critical safety rail.
+- **ROOT operators can delegate, but not escalate.** A ROOT operator can call `setPermissionsFor` on behalf of the account, but the call reverts if the new permission set includes ROOT or targets the wildcard project ID.
+- **Permission ID 0 is forbidden.** `JBPermissions` reverts with `JBPermissions_NoZeroPermission()` if bit 0 is set. Valid IDs start at 1.
+- **Wildcard project ID (0) grants cross-project access.** Granting `QUEUE_RULESETS` with `projectId = 0` means the operator can queue rulesets for *every* project the account owns. This is powerful and should be used sparingly.
+- **SET_TERMINALS (ID 15) can break a project.** Replacing the terminal list without including the current primary terminal will remove it, breaking payments and cashouts until a new primary is set.
+- **LAUNCH_RULESETS (ID 3) requires both IDs 3 and 15.** The function enforces two separate permission checks because it configures terminals in addition to launching rulesets.
+- **Holder-scoped permissions.** IDs 4 (`CASH_OUT_TOKENS`), 11 (`BURN_TOKENS`), 12 (`CLAIM_TOKENS`), and 13 (`TRANSFER_CREDITS`) are checked against the **token holder**, not the project owner. This means a holder grants an operator permission to act on the holder's own tokens.
+- **SET_BUYBACK_HOOK (ID 27) mismatch.** The source comment says it guards `JBBuybackHookRegistry.setHookFor` and `lockHookFor`, but those functions actually check `SET_BUYBACK_POOL` (ID 26). The ID is still granted by `REVDeployer` as an operator permission.
+- **ADD_PRICE_FEED (ID 19) is checked on JBController, not JBPrices.** The permission gate is on `JBController.addPriceFeed`, which then calls `JBPrices.addPriceFeedFor` internally.
+- **uint8 range.** IDs are `uint8` (0--255) but the packed storage is `uint256`, so the system supports up to 256 permission bits. Currently 32 are defined (1--32).
 
 ## Example Integration
 
 ```solidity
-import {JBPermissionIds} from "@bananapus/permission-ids-v5/src/JBPermissionIds.sol";
+import {JBPermissionIds} from "@bananapus/permission-ids-v6/src/JBPermissionIds.sol";
 
 // Grant an operator permission to queue rulesets for project 5
 uint8[] memory permissionIds = new uint8[](1);
@@ -80,3 +142,28 @@ permissions.setPermissionsFor(account, JBPermissionsData({
     permissionIds: permissionIds
 }));
 ```
+
+```solidity
+// Grant multiple permissions at once
+uint8[] memory permissionIds = new uint8[](3);
+permissionIds[0] = JBPermissionIds.QUEUE_RULESETS;
+permissionIds[1] = JBPermissionIds.SET_SPLIT_GROUPS;
+permissionIds[2] = JBPermissionIds.SET_PROJECT_URI;
+permissions.setPermissionsFor(account, JBPermissionsData({
+    operator: operatorAddress,
+    projectId: 5,
+    permissionIds: permissionIds
+}));
+```
+
+```solidity
+// Check if an operator has a permission
+bool canQueue = permissions.hasPermission({
+    operator: operatorAddress,
+    account: projectOwner,
+    projectId: 5,
+    permissionId: JBPermissionIds.QUEUE_RULESETS,
+    includeRoot: true,              // ROOT holders pass this check
+    includeWildcardProjectId: true  // Also check projectId=0 grants
+});
+```

package/foundry.toml

@@ -1,5 +1,5 @@
 [profile.default]
-solc = '0.8.23'
+solc = '0.8.26'
 evm_version = 'paris'                   # Required for L2s (Optimism, Arbitrum, etc.)
 match_contract = "_Local"               # Do not run fork tests
 sizes = true

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bananapus/permission-ids-v6",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "license": "MIT",
   "repository": {
     "type": "git",

package/slither-ci.config.json

@@ -5,6 +5,6 @@
     "exclude_medium": false,
     "exclude_high": false,
     "disable_color": false,
-    "filter_paths": "(mocks/|test/|node_modules/)",
+    "filter_paths": "(mocks/|test/|node_modules/|lib/)",
     "legacy_ast": false
 }

package/src/JBPermissionIds.sol

@@ -41,10 +41,19 @@ library JBPermissionIds {
     /* Used by `nana-buyback-hook`: https://github.com/Bananapus/nana-buyback-hook */
     uint8 internal constant SET_BUYBACK_TWAP = 25; // Permission to call `JBBuybackHook.setTwapWindowOf`.
     uint8 internal constant SET_BUYBACK_POOL = 26; // Permission to call `JBBuybackHook.setPoolFor`.
+    /// @dev This single ID intentionally gates both setting and locking the buyback hook as a simplification.
+    /// Granting this permission allows the operator to call both `JBBuybackHookRegistry.setHookFor` (to configure the
+    /// hook) and `JBBuybackHookRegistry.lockHookFor` (to permanently lock the hook configuration). Project owners
+    /// should be aware that an operator with this permission can lock the hook, preventing future changes.
     uint8 internal constant SET_BUYBACK_HOOK = 27; // Permission to call `JBBuybackHookRegistry.setHookFor` and
     // `JBBuybackHookRegistry.lockHookFor`.
 
     /* Used by `nana-router-terminal`: https://github.com/Bananapus/nana-router-terminal-v6 */
+    /// @dev This single ID intentionally gates both setting and locking the router terminal as a simplification.
+    /// Granting this permission allows the operator to call both `JBRouterTerminalRegistry.setTerminalFor` (to
+    /// configure the terminal) and `JBRouterTerminalRegistry.lockTerminalFor` (to permanently lock the terminal
+    /// configuration). Project owners should be aware that an operator with this permission can lock the terminal,
+    /// preventing future changes.
     uint8 internal constant SET_ROUTER_TERMINAL = 28; // Permission to call
     // `JBRouterTerminalRegistry.setTerminalFor` and `JBRouterTerminalRegistry.lockTerminalFor`.