@rootzero/contracts 0.6.3 → 0.7.1

package/commands/Base.sol

@@ -20,6 +20,25 @@ struct CommandContext {
     bytes request;
 }
 
+/// @notice ABI-encode a command call from a target command ID and execution context.
+/// @dev Derives the function selector from `target` via `Ids.commandSelector(target)`.
+/// Reverts if `target` is not a valid command ID.
+/// @param target Destination command node ID embedding the target selector.
+/// @param account Caller account identifier for the command context.
+/// @param state Current state block stream passed to the command.
+/// @param request Input block stream for the command invocation.
+/// @return ABI-encoded calldata for the command entry point.
+function encodeCommandCall(
+    uint target,
+    bytes32 account,
+    bytes memory state,
+    bytes calldata request
+) pure returns (bytes memory) {
+    bytes4 selector = Ids.commandSelector(target);
+    CommandContext memory ctx = CommandContext(target, account, state, request);
+    return abi.encodeWithSelector(selector, ctx);
+}
+
 /// @title CommandBase
 /// @notice Abstract base for all rootzero command contracts.
 /// Provides access control modifiers, event emission, and the `commandId`
@@ -78,10 +97,7 @@ abstract contract CommandPayable is CommandBase {
     /// @dev Calls the amount-based `settleValue` hook only when some value remains.
     /// @param account Caller's account identifier for the current invocation.
     /// @param budget Mutable native-value budget used during command execution.
-    function settleValue(
-        bytes32 account,
-        Budget memory budget
-    ) internal {
+    function settleValue(bytes32 account, Budget memory budget) internal {
         uint remaining = Values.drain(budget);
         if (remaining != 0) settleValue(account, remaining);
     }
@@ -96,5 +112,3 @@ abstract contract CommandPayable is CommandBase {
         revert UnusedValue(remaining);
     }
 }
-
-

package/commands/Provision.sol

@@ -29,11 +29,7 @@ abstract contract ProvisionPayableHook {
     /// @param account Caller's account identifier.
     /// @param custody Destination host plus asset amount to provision.
     /// @param budget Mutable native-value budget drawn from `msg.value`.
-    function provision(
-        bytes32 account,
-        HostAmount memory custody,
-        Budget memory budget
-    ) internal virtual;
+    function provision(bytes32 account, HostAmount memory custody, Budget memory budget) internal virtual;
 }
 
 /// @title Provision
@@ -46,9 +42,7 @@ abstract contract Provision is CommandBase, ProvisionHook {
         emit Command(host, PROVISION, Schemas.Custody, provisionId, State.Empty, State.Custodies, false);
     }
 
-    function provision(
-        CommandContext calldata c
-    ) external onlyCommand(provisionId, c.target) returns (bytes memory) {
+    function provision(CommandContext calldata c) external onlyCommand(provisionId, c.target) returns (bytes memory) {
         (Cur memory request, uint count, ) = cursor(c.request, 1);
         Writer memory writer = Writers.allocCustodies(count);
 
@@ -107,12 +101,12 @@ abstract contract ProvisionFromBalance is CommandBase, ProvisionHook {
         (Cur memory state, uint stateCount, ) = cursor(c.state, 1);
         Cur memory request = cursor(c.request);
         Writer memory writer = Writers.allocCustodies(stateCount);
-        uint toHost = request.nodeAfter(0);
-        if (toHost == 0) revert Cursors.ZeroNode();
+        uint peer = request.nodeAfter(0);
+        if (peer == 0) revert Cursors.ZeroNode();
 
         while (state.i < state.bound) {
             (bytes32 asset, bytes32 meta, uint amount) = state.unpackBalance();
-            HostAmount memory custody = HostAmount(toHost, asset, meta, amount);
+            HostAmount memory custody = HostAmount(peer, asset, meta, amount);
             provision(c.account, custody);
             writer.appendCustody(custody);
         }
@@ -120,4 +114,3 @@ abstract contract ProvisionFromBalance is CommandBase, ProvisionHook {
         return state.complete(writer);
     }
 }
-

package/commands/Stake.sol

@@ -2,94 +2,11 @@
 pragma solidity ^0.8.33;
 
 import { CommandContext, CommandBase, State } from "./Base.sol";
-import { AssetAmount, HostAmount, Cur, Cursors, Writer, Writers } from "../Cursors.sol";
+import { HostAmount, Cur, Cursors } from "../Cursors.sol";
 
-string constant SBTB = "stakeBalanceToBalances";
-string constant SCTB = "stakeCustodyToBalances";
 string constant SCTP = "stakeCustodyToPosition";
 
 using Cursors for Cur;
-using Writers for Writer;
-
-/// @title StakeBalanceToBalances
-/// @notice Command that stakes BALANCE state positions and emits BALANCE outputs.
-/// The output-to-input ratio is set at construction via `scaledRatio`.
-abstract contract StakeBalanceToBalances is CommandBase {
-    uint internal immutable stakeBalanceToBalancesId = commandId(SBTB);
-    uint private immutable outScale;
-
-    constructor(string memory input, uint scaledRatio) {
-        outScale = scaledRatio;
-        emit Command(host, SBTB, input, stakeBalanceToBalancesId, State.Balances, State.Balances, false);
-    }
-
-    /// @dev Override to stake a balance position and append resulting balances
-    /// to `out`. `request` is the live auxiliary request cursor for this
-    /// command; implementations validate and unpack it as needed and may
-    /// append BALANCE outputs within the capacity implied by this command's
-    /// configured `scaledRatio`.
-    function stakeBalanceToBalances(
-        bytes32 account,
-        AssetAmount memory balance,
-        Cur memory request,
-        Writer memory out
-    ) internal virtual;
-
-    function stakeBalanceToBalances(
-        CommandContext calldata c
-    ) external onlyCommand(stakeBalanceToBalancesId, c.target) returns (bytes memory) {
-        (Cur memory state, uint stateCount, ) = cursor(c.state, 1);
-        Cur memory request = cursor(c.request);
-        Writer memory writer = Writers.allocScaledBalances(stateCount, outScale);
-
-        while (state.i < state.bound) {
-            AssetAmount memory balance = state.unpackBalanceValue();
-            stakeBalanceToBalances(c.account, balance, request, writer);
-        }
-
-        return state.complete(writer);
-    }
-}
-
-/// @title StakeCustodyToBalances
-/// @notice Command that stakes CUSTODY state positions and emits BALANCE outputs.
-/// The output-to-input ratio is set at construction via `scaledRatio`.
-abstract contract StakeCustodyToBalances is CommandBase {
-    uint internal immutable stakeCustodyToBalancesId = commandId(SCTB);
-    uint private immutable outScale;
-
-    constructor(string memory input, uint scaledRatio) {
-        outScale = scaledRatio;
-        emit Command(host, SCTB, input, stakeCustodyToBalancesId, State.Custodies, State.Balances, false);
-    }
-
-    /// @dev Override to stake a custody position and append resulting balances
-    /// to `out`. `request` is the live auxiliary request cursor for this
-    /// command; implementations validate and unpack it as needed and may
-    /// append BALANCE outputs within the capacity implied by this command's
-    /// configured `scaledRatio`.
-    function stakeCustodyToBalances(
-        bytes32 account,
-        HostAmount memory custody,
-        Cur memory request,
-        Writer memory out
-    ) internal virtual;
-
-    function stakeCustodyToBalances(
-        CommandContext calldata c
-    ) external onlyCommand(stakeCustodyToBalancesId, c.target) returns (bytes memory) {
-        (Cur memory state, uint stateCount, ) = cursor(c.state, 1);
-        Cur memory request = cursor(c.request);
-        Writer memory writer = Writers.allocScaledBalances(stateCount, outScale);
-
-        while (state.i < state.bound) {
-            HostAmount memory custody = state.unpackCustodyValue();
-            stakeCustodyToBalances(c.account, custody, request, writer);
-        }
-
-        return state.complete(writer);
-    }
-}
 
 /// @title StakeCustodyToPosition
 /// @notice Command that stakes CUSTODY state positions into a non-balance target

package/commands/admin/AllowAssets.sol

@@ -7,20 +7,22 @@ using Cursors for Cur;
 
 string constant NAME = "allowAssets";
 
+abstract contract AllowAssetsHook {
+    /// @dev Override to allow a single asset/meta pair.
+    /// Called once per ASSET block in the request.
+    function allowAsset(bytes32 asset, bytes32 meta) internal virtual returns (bool);
+}
+
 /// @title AllowAssets
 /// @notice Admin command that permits a list of (asset, meta) pairs via a virtual hook.
 /// Each ASSET block in the request calls `allowAsset`. Only callable by the admin account.
-abstract contract AllowAssets is CommandBase {
+abstract contract AllowAssets is CommandBase, AllowAssetsHook {
     uint internal immutable allowAssetsId = commandId(NAME);
 
     constructor() {
         emit Command(host, NAME, Schemas.Asset, allowAssetsId, State.Empty, State.Empty, false);
     }
 
-    /// @dev Override to allow a single asset/meta pair.
-    /// Called once per ASSET block in the request.
-    function allowAsset(bytes32 asset, bytes32 meta) internal virtual returns (bool);
-
     function allowAssets(
         CommandContext calldata c
     ) external onlyAdmin(c.account) onlyCommand(allowAssetsId, c.target) returns (bytes memory) {

package/commands/admin/DenyAssets.sol

@@ -7,20 +7,22 @@ using Cursors for Cur;
 
 string constant NAME = "denyAssets";
 
+abstract contract DenyAssetsHook {
+    /// @dev Override to deny a single asset/meta pair.
+    /// Called once per ASSET block in the request.
+    function denyAsset(bytes32 asset, bytes32 meta) internal virtual returns (bool);
+}
+
 /// @title DenyAssets
 /// @notice Admin command that blocks a list of (asset, meta) pairs via a virtual hook.
 /// Each ASSET block in the request calls `denyAsset`. Only callable by the admin account.
-abstract contract DenyAssets is CommandBase {
+abstract contract DenyAssets is CommandBase, DenyAssetsHook {
     uint internal immutable denyAssetsId = commandId(NAME);
 
     constructor() {
         emit Command(host, NAME, Schemas.Asset, denyAssetsId, State.Empty, State.Empty, false);
     }
 
-    /// @dev Override to deny a single asset/meta pair.
-    /// Called once per ASSET block in the request.
-    function denyAsset(bytes32 asset, bytes32 meta) internal virtual returns (bool);
-
     function denyAssets(
         CommandContext calldata c
     ) external onlyAdmin(c.account) onlyCommand(denyAssetsId, c.target) returns (bytes memory) {

package/commands/admin/Relocate.sol

@@ -26,8 +26,8 @@ abstract contract RelocatePayable is CommandPayable {
         Budget memory budget = Values.fromMsg();
 
         while (request.i < request.bound) {
-            (uint host, uint amount) = request.unpackFunding();
-            callTo(host, Values.use(budget, amount), "");
+            (uint peer, uint amount) = request.unpackFunding();
+            callTo(peer, Values.use(budget, amount), "");
         }
 
         request.complete();

package/core/Access.sol

@@ -2,6 +2,7 @@
 pragma solidity ^0.8.33;
 
 import { AccessEvent } from "../events/Access.sol";
+import { HostBound } from "./HostBound.sol";
 import { Accounts } from "../utils/Accounts.sol";
 import { Ids } from "../utils/Ids.sol";
 import { addrOr } from "../utils/Utils.sol";
@@ -12,14 +13,12 @@ import { addrOr } from "../utils/Utils.sol";
 /// mapping of externally authorized node IDs. Inbound trust is host-based:
 /// authorized hosts, the commander, and this contract itself may interact
 /// with the host through the guarded command and peer entrypoints.
-abstract contract AccessControl is AccessEvent {
+abstract contract AccessControl is HostBound, AccessEvent {
     /// @dev Trusted commander address. All calls from this address are implicitly trusted.
     /// Defaults to `address(this)` when no external commander is provided.
     address internal immutable commander;
     /// @dev Admin account ID derived from the commander address at construction time.
     bytes32 internal immutable adminAccount;
-    /// @dev This host's node ID, set to `Ids.toHost(address(this))` at construction.
-    uint public immutable host;
 
     /// @dev Mapping from node ID to authorization status.
     /// Authorised nodes may interact with the host as trusted callers or call targets.
@@ -33,7 +32,6 @@ abstract contract AccessControl is AccessEvent {
     constructor(address cmdr) {
         commander = addrOr(cmdr, address(this));
         adminAccount = Accounts.toAdmin(commander);
-        host = Ids.toHost(address(this));
     }
 
     /// @notice Grant or revoke authorization for a node.

package/core/CursorBase.sol

@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import { Cur, Cursors } from "../Cursors.sol";
+
+using Cursors for Cur;
+
+/// @title CursorBase
+/// @notice Shared cursor convenience helpers for contracts that consume block streams.
+abstract contract CursorBase {
+    /// @notice Open a cursor over a calldata block stream.
+    /// @param source Calldata slice to parse.
+    /// @return cur Cursor positioned at the beginning of `source`.
+    function cursor(bytes calldata source) internal pure returns (Cur memory cur) {
+        return Cursors.open(source);
+    }
+
+    /// @notice Open a cursor and prime it for a grouped iteration pass in one call.
+    /// Equivalent to `open(source)` followed by `primeRun(group)`.
+    /// @param source Calldata slice to parse.
+    /// @param group Expected block group size (e.g. 1 for single, 2 for paired).
+    /// @return cur Cursor with `bound` set to the end of the first run.
+    /// @return count Total number of blocks in the run (a multiple of `group`).
+    /// @return quotient Number of groups in the run (`count / group`).
+    function cursor(bytes calldata source, uint group) internal pure returns (Cur memory cur, uint count, uint quotient) {
+        cur = Cursors.open(source);
+        (, count, quotient) = cur.primeRun(group);
+    }
+
+    /// @notice Open a cursor, prime it, and assert that its normalized quotient matches `expectedQuotient`.
+    /// Equivalent to `open(source)` followed by `primeRun(group)` and a direct quotient equality check.
+    /// Reverts with `Cursors.BadRatio` when the quotient does not match.
+    /// @param source Calldata slice to parse.
+    /// @param group Expected block group size (e.g. 1 for single, 2 for paired).
+    /// @param expectedQuotient Required number of groups in the first run.
+    /// @return cur Cursor with `bound` set to the end of the first run.
+    function cursor(bytes calldata source, uint group, uint expectedQuotient) internal pure returns (Cur memory cur) {
+        cur = Cursors.open(source);
+        (, , uint quotient) = cur.primeRun(group);
+        if (quotient != expectedQuotient) revert Cursors.BadRatio();
+    }
+
+}

package/core/Host.sol

@@ -5,7 +5,7 @@ import { AccessControl } from "./Access.sol";
 import { Authorize } from "../commands/admin/Authorize.sol";
 import { Unauthorize } from "../commands/admin/Unauthorize.sol";
 import { RelocatePayable } from "../commands/admin/Relocate.sol";
-import { HostAnnouncedEvent } from "../events/HostAnnounced.sol";
+import { HostAnnouncedEvent } from "../events/Host.sol";
 import { IHostDiscovery } from "../interfaces/IHostDiscovery.sol";
 import { Ids } from "../utils/Ids.sol";
 

package/core/HostBound.sol

@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {Assets} from "../utils/Assets.sol";
+import {Ids} from "../utils/Ids.sol";
+
+/// @title HostBound
+/// @notice Minimal base for contracts that need host-scoped identity constants.
+abstract contract HostBound {
+    /// @dev This contract's host node ID, set to `Ids.toHost(address(this))` at construction.
+    uint public immutable host = Ids.toHost(address(this));
+    /// @dev Asset ID for the native chain value (ETH), bound to the current chain at deployment.
+    bytes32 internal immutable valueAsset = Assets.toValue();
+}

package/core/Operation.sol

@@ -2,81 +2,72 @@
 pragma solidity ^0.8.33;
 
 import { AccessControl } from "./Access.sol";
-import { Assets } from "../utils/Assets.sol";
+import { CursorBase } from "./CursorBase.sol";
 import { Ids } from "../utils/Ids.sol";
-import { Cur, Cursors } from "../Cursors.sol";
-
-using Cursors for Cur;
 
 /// @dev Emitted when a trusted inter-node call fails.
 /// @param addr Contract address that was called.
-/// @param node Node ID of the callee.
 /// @param selector 4-byte selector of the called function.
 /// @param err Revert data returned by the failed call.
-error FailedCall(address addr, uint node, bytes4 selector, bytes err);
+error FailedCall(address addr, bytes4 selector, bytes err);
 
 /// @title OperationBase
 /// @notice Shared base for command and peer contracts.
 /// Provides convenience wrappers for cursor construction, quotient validation,
 /// and trusted inter-node calls. Inherits access control from `AccessControl`.
-abstract contract OperationBase is AccessControl {
-    /// @dev Asset ID for the native chain value (ETH), bound to the current chain at deployment.
-    bytes32 public immutable valueAsset = Assets.toValue();
-
-    /// @notice Open a cursor over a calldata block stream.
-    /// @param source Calldata slice to parse.
-    /// @return cur Cursor positioned at the beginning of `source`.
-    function cursor(bytes calldata source) internal pure returns (Cur memory cur) {
-        return Cursors.open(source);
-    }
-
-    /// @notice Open a cursor and prime it for a grouped iteration pass in one call.
-    /// Equivalent to `open(source)` followed by `primeRun(group)`.
-    /// @param source Calldata slice to parse.
-    /// @param group Expected block group size (e.g. 1 for single, 2 for paired).
-    /// @return cur Cursor with `bound` set to the end of the first run.
-    /// @return count Total number of blocks in the run (a multiple of `group`).
-    /// @return quotient Number of groups in the run (`count / group`).
-    function cursor(bytes calldata source, uint group) internal pure returns (Cur memory cur, uint count, uint quotient) {
-        cur = Cursors.open(source);
-        (, count, quotient) = cur.primeRun(group);
+abstract contract OperationBase is AccessControl, CursorBase {
+    /// @notice Return the host node ID corresponding to the current caller.
+    /// @dev Encodes `msg.sender` as a host ID using the local-chain host layout.
+    /// @return Host node ID for `msg.sender`.
+    function caller() internal view returns (uint) {
+        return Ids.toHost(msg.sender);
     }
 
-    /// @notice Open a cursor, prime it, and assert that its normalized quotient matches `expectedQuotient`.
-    /// Equivalent to `open(source)` followed by `primeRun(group)` and `checkQuotient(quotient, expectedQuotient)`.
-    /// Reverts with `Cursors.BadRatio` when the quotient does not match.
-    /// @param source Calldata slice to parse.
-    /// @param group Expected block group size (e.g. 1 for single, 2 for paired).
-    /// @param expectedQuotient Required number of groups in the first run.
-    /// @return cur Cursor with `bound` set to the end of the first run.
-    function cursor(bytes calldata source, uint group, uint expectedQuotient) internal pure returns (Cur memory cur) {
-        cur = Cursors.open(source);
-        (, , uint quotient) = cur.primeRun(group);
-        if (quotient != expectedQuotient) revert Cursors.BadRatio();
+    /// @notice Make a low-level call to an address.
+    /// Forwards `value` ETH and `data` to `addr`.
+    /// Reverts with `FailedCall` if the call is unsuccessful.
+    /// @param addr Contract address to call.
+    /// @param value Native value to forward in wei.
+    /// @param data Encoded calldata to send.
+    /// @return out Return data from the successful call.
+    function callAddr(address addr, uint value, bytes memory data) internal returns (bytes memory out) {
+        bool success;
+        (success, out) = payable(addr).call{value: value}(data);
+        if (!success) revert FailedCall(addr, bytes4(data), out);
     }
 
-    /// @notice Assert that two normalized group quotients are equal.
-    /// Reverts with `Cursors.BadRatio` when `lq != rq`.
-    /// @param lq Left-hand quotient.
-    /// @param rq Right-hand quotient.
-    function checkQuotient(uint lq, uint rq) internal pure {
-        if (lq != rq) revert Cursors.BadRatio();
+    /// @notice Make a low-level read-only query to an address.
+    /// Issues a low-level `staticcall` with `data`.
+    /// Reverts with `FailedCall` if the call is unsuccessful.
+    /// @param addr Contract address to query.
+    /// @param data Encoded calldata to send.
+    /// @return out Return data from the successful query.
+    function queryAddr(address addr, bytes memory data) internal view returns (bytes memory out) {
+        bool success;
+        (success, out) = addr.staticcall(data);
+        if (!success) revert FailedCall(addr, bytes4(data), out);
     }
 
     /// @notice Make a trusted call to another node in the network.
     /// Looks up the node's contract address via `ensureTrusted` + `Ids.nodeAddr`,
     /// then issues a low-level call forwarding `value` ETH and `data`.
-    /// Reverts with `FailedCall` if the call is unsuccessful.
     /// @param node Node ID of the callee (must be in the authorized set).
     /// @param value Native value to forward in wei.
     /// @param data Encoded calldata to send.
     /// @return out Return data from the successful call.
     function callTo(uint node, uint value, bytes memory data) internal returns (bytes memory out) {
-        bool success;
         address addr = Ids.nodeAddr(ensureTrusted(node));
-        (success, out) = payable(addr).call{value: value}(data);
-        if (!success) {
-            revert FailedCall(addr, node, bytes4(data), out);
-        }
+        return callAddr(addr, value, data);
+    }
+
+    /// @notice Make a trusted query to another node in the network.
+    /// Looks up the node's contract address via `ensureTrusted` + `Ids.nodeAddr`,
+    /// then issues a low-level `staticcall` with `data`.
+    /// @param node Node ID of the callee (must be in the authorized set).
+    /// @param data Encoded calldata to send.
+    /// @return out Return data from the successful query.
+    function queryTo(uint node, bytes memory data) internal view returns (bytes memory out) {
+        address addr = Ids.nodeAddr(ensureTrusted(node));
+        return queryAddr(addr, data);
     }
 }

package/events/Erc721.sol

@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {EventEmitter} from "./Emitter.sol";
+
+string constant ABI = "event Erc721Position(bytes32 indexed account, bytes32 asset, bytes32 meta, uint position, uint qid)";
+
+/// @notice Emitted when the lifecycle state of an ERC-721-backed position changes.
+abstract contract Erc721PositionEvent is EventEmitter {
+    /// @param account Account identifier that owns or is associated with the position.
+    /// @param asset Asset identifier for the ERC-721 class.
+    /// @param meta Asset metadata slot, typically carrying the token-specific position context.
+    /// @param position Context-specific position value; positive means active and 0 means closed.
+    /// @param qid Query ID associated with the position lookup or reporting context.
+    event Erc721Position(bytes32 indexed account, bytes32 asset, bytes32 meta, uint position, uint qid);
+
+    constructor() {
+        emit EventAbi(ABI);
+    }
+}

package/events/Query.sol

@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {EventEmitter} from "./Emitter.sol";
+
+string constant ABI = "event Query(uint indexed host, string name, string input, string output, uint qid)";
+
+/// @notice Emitted once per query during host deployment to publish its request and response schemas.
+abstract contract QueryEvent is EventEmitter {
+    /// @param host Host node ID that owns this query.
+    /// @param name Human-readable query name.
+    /// @param input Schema DSL string describing the query request shape.
+    /// @param output Schema DSL string describing the query response shape.
+    /// @param qid Query node ID.
+    event Query(uint indexed host, string name, string input, string output, uint qid);
+
+    constructor() {
+        emit EventAbi(ABI);
+    }
+}

package/events/Swap.sol

@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import { EventEmitter } from "./Emitter.sol";
+
+string constant ABI = "event Swap(bytes32 indexed account, bytes32 assetIn, uint amountIn, bytes32 assetOut, uint amountOut)";
+
+/// @notice Emitted when an account swaps one asset for another.
+abstract contract SwapEvent is EventEmitter {
+    /// @param account Account identifier performing the swap.
+    /// @param assetIn Input asset identifier.
+    /// @param amountIn Input amount spent.
+    /// @param assetOut Output asset identifier.
+    /// @param amountOut Output amount received.
+    event Swap(bytes32 indexed account, bytes32 assetIn, uint amountIn, bytes32 assetOut, uint amountOut);
+
+    constructor() {
+        emit EventAbi(ABI);
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rootzero/contracts",
-  "version": "0.6.3",
+  "version": "0.7.1",
   "description": "Solidity contracts and protocol building blocks for rootzero hosts and commands.",
   "private": false,
   "license": "GPL-3.0-only",

package/peer/AllowAssets.sol

@@ -2,6 +2,7 @@
 pragma solidity ^0.8.33;
 
 import { PeerBase } from "./Base.sol";
+import { AllowAssetsHook } from "../commands/admin/AllowAssets.sol";
 import { Cursors, Cur, Schemas } from "../Cursors.sol";
 
 using Cursors for Cur;
@@ -10,27 +11,21 @@ string constant NAME = "peerAllowAssets";
 
 /// @title PeerAllowAssets
 /// @notice Peer that permits a list of (asset, meta) pairs on behalf of a remote host.
-/// Each ASSET block in the request calls `peerAllowAsset`. Restricted to trusted peers.
-abstract contract PeerAllowAssets is PeerBase {
+/// Each ASSET block in the request calls `allowAsset`. Restricted to trusted peers.
+abstract contract PeerAllowAssets is PeerBase, AllowAssetsHook {
     uint internal immutable peerAllowAssetsId = peerId(NAME);
 
     constructor() {
         emit Peer(host, NAME, Schemas.Asset, peerAllowAssetsId, false);
     }
 
-    /// @notice Override to permit a single (asset, meta) pair.
-    /// @param asset Asset identifier.
-    /// @param meta Asset metadata slot.
-    /// @return True if the asset was newly allowed, false if it was already allowed.
-    function peerAllowAsset(bytes32 asset, bytes32 meta) internal virtual returns (bool);
-
     /// @notice Execute the allow-assets peer call.
     function peerAllowAssets(bytes calldata request) external onlyPeer returns (bytes memory) {
         (Cur memory assets, , ) = cursor(request, 1);
 
         while (assets.i < assets.bound) {
             (bytes32 asset, bytes32 meta) = assets.unpackAsset();
-            peerAllowAsset(asset, meta);
+            allowAsset(asset, meta);
         }
 
         assets.complete();

package/peer/AssetPull.sol

@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {PeerBase} from "./Base.sol";
+import {Cursors, Cur, Schemas} from "../Cursors.sol";
+
+string constant NAME = "peerAssetPull";
+
+using Cursors for Cur;
+
+/// @title PeerAssetPull
+/// @notice Peer that pulls requested asset amounts from a remote host into this one.
+/// Each AMOUNT block in the request calls `peerAssetPull(peer, asset, meta, amount)`, where `peer`
+/// is derived from `msg.sender`. Restricted to trusted peers.
+abstract contract PeerAssetPull is PeerBase {
+    uint internal immutable peerAssetPullId = peerId(NAME);
+
+    constructor() {
+        emit Peer(host, NAME, Schemas.Amount, peerAssetPullId, false);
+    }
+
+    /// @notice Override to process one incoming amount-based asset pull request from a remote host.
+    /// @param peer Host node ID derived from the caller address.
+    /// @param asset Requested asset identifier.
+    /// @param meta Requested asset metadata slot.
+    /// @param amount Requested amount in the asset's native units.
+    function peerAssetPull(uint peer, bytes32 asset, bytes32 meta, uint amount) internal virtual;
+
+    /// @notice Execute the asset-pull peer call.
+    function peerAssetPull(bytes calldata request) external onlyPeer returns (bytes memory) {
+        (Cur memory assets, , ) = cursor(request, 1);
+        uint peer = caller();
+
+        while (assets.i < assets.bound) {
+            (bytes32 asset, bytes32 meta, uint amount) = assets.unpackAmount();
+            peerAssetPull(peer, asset, meta, amount);
+        }
+
+        assets.complete();
+        return "";
+    }
+}