@rootzero/contracts 0.8.0 → 0.9.0

package/commands/admin/DenyAssets.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { CommandBase, CommandContext, State } from "../Base.sol";
+import { CommandBase, CommandContext, Keys } from "../Base.sol";
 import { Cursors, Cur, Schemas } from "../../Cursors.sol";
 using Cursors for Cur;
 
@@ -20,12 +20,12 @@ abstract contract DenyAssets is CommandBase, DenyAssetsHook {
     uint internal immutable denyAssetsId = commandId(NAME);
 
     constructor() {
-        emit Command(host, NAME, Schemas.Asset, denyAssetsId, State.Empty, State.Empty, false);
+        emit Command(host, denyAssetsId, NAME, Schemas.Asset, Keys.Empty, Keys.Empty, false);
     }
 
     function denyAssets(
         CommandContext calldata c
-    ) external onlyAdmin(c.account) onlyCommand(denyAssetsId, c.target) returns (bytes memory) {
+    ) external onlyAdmin(c.account) returns (bytes memory) {
         (Cur memory request, , ) = cursor(c.request, 1);
 
         while (request.i < request.bound) {

package/commands/admin/Destroy.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { CommandBase, CommandContext, State } from "../Base.sol";
+import { CommandBase, CommandContext, Keys } from "../Base.sol";
 import { Cursors, Cur } from "../../Cursors.sol";
 
 string constant NAME = "destroy";
@@ -21,12 +21,12 @@ abstract contract Destroy is CommandBase, DestroyHook {
     uint internal immutable destroyId = commandId(NAME);
 
     constructor(string memory input) {
-        emit Command(host, NAME, input, destroyId, State.Empty, State.Empty, false);
+        emit Command(host, destroyId, NAME, input, Keys.Empty, Keys.Empty, false);
     }
 
     function destroy(
         CommandContext calldata c
-    ) external onlyAdmin(c.account) onlyCommand(destroyId, c.target) returns (bytes memory) {
+    ) external onlyAdmin(c.account) returns (bytes memory) {
         Cur memory input = cursor(c.request);
         destroy(input);
         return "";

package/commands/admin/Execute.sol

@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {CommandContext, CommandPayable, Keys} from "../Base.sol";
+import {Cursors, Cur, Schemas} from "../../Cursors.sol";
+import {Budget, Values} from "../../utils/Value.sol";
+import {Ids} from "../../utils/Ids.sol";
+
+using Cursors for Cur;
+
+string constant NAME = "executePayable";
+
+/// @title ExecutePayable
+/// @notice Admin command that forwards raw calldata to one or more target nodes.
+/// Each CALL block specifies a target node ID, native value, and raw calldata payload.
+/// Only callable by the admin account.
+abstract contract ExecutePayable is CommandPayable {
+    uint internal immutable executePayableId = commandId(NAME);
+
+    constructor() {
+        emit Command(host, executePayableId, NAME, Schemas.Call, Keys.Empty, Keys.Empty, true);
+    }
+
+    function executePayable(CommandContext calldata c) external payable onlyAdmin(c.account) returns (bytes memory) {
+        (Cur memory request, , ) = cursor(c.request, 1);
+        Budget memory budget = Values.fromMsg();
+
+        while (request.i < request.bound) {
+            (uint target, uint value, bytes calldata data) = request.unpackCall();
+            address addr = Ids.nodeAddr(target);
+            callAddr(addr, Values.use(budget, value), data);
+        }
+
+        request.complete();
+        settleValue(c.account, budget);
+        return "";
+    }
+}

package/commands/admin/Init.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { CommandBase, CommandContext, State } from "../Base.sol";
+import { CommandBase, CommandContext, Keys } from "../Base.sol";
 import { Cursors, Cur } from "../../Cursors.sol";
 
 string constant NAME = "init";
@@ -21,12 +21,12 @@ abstract contract Init is CommandBase, InitHook {
     uint internal immutable initId = commandId(NAME);
 
     constructor(string memory input) {
-        emit Command(host, NAME, input, initId, State.Empty, State.Empty, false);
+        emit Command(host, initId, NAME, input, Keys.Empty, Keys.Empty, false);
     }
 
     function init(
         CommandContext calldata c
-    ) external onlyAdmin(c.account) onlyCommand(initId, c.target) returns (bytes memory) {
+    ) external onlyAdmin(c.account) returns (bytes memory) {
         Cur memory input = cursor(c.request);
         init(input);
         return "";

package/commands/admin/Relocate.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { CommandContext, CommandPayable, State } from "../Base.sol";
+import { CommandContext, CommandPayable, Keys } from "../Base.sol";
 import { Cursors, Cur, Schemas } from "../../Cursors.sol";
 import { Budget, Values } from "../../utils/Value.sol";
 using Cursors for Cur;
@@ -10,23 +10,23 @@ string constant NAME = "relocatePayable";
 
 /// @title RelocatePayable
 /// @notice Admin command that forwards native value (ETH) to one or more destination hosts.
-/// Each FUNDING block in the request specifies a target host node ID and an amount to forward.
+/// Each RELOCATION block in the request specifies a target host node ID and an amount to forward.
 /// Only callable by the admin account.
 abstract contract RelocatePayable is CommandPayable {
     uint internal immutable relocatePayableId = commandId(NAME);
 
     constructor() {
-        emit Command(host, NAME, Schemas.Funding, relocatePayableId, State.Empty, State.Empty, true);
+        emit Command(host, relocatePayableId, NAME, Schemas.Relocation, Keys.Empty, Keys.Empty, true);
     }
 
     function relocatePayable(
         CommandContext calldata c
-    ) external payable onlyAdmin(c.account) onlyCommand(relocatePayableId, c.target) returns (bytes memory) {
+    ) external payable onlyAdmin(c.account) returns (bytes memory) {
         (Cur memory request, , ) = cursor(c.request, 1);
         Budget memory budget = Values.fromMsg();
 
         while (request.i < request.bound) {
-            (uint peer, uint amount) = request.unpackFunding();
+            (uint peer, uint amount) = request.unpackRelocation();
             callTo(peer, Values.use(budget, amount), "");
         }
 

package/commands/admin/Unauthorize.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { CommandBase, CommandContext, State } from "../Base.sol";
+import { CommandBase, CommandContext, Keys } from "../Base.sol";
 import { Cursors, Cur, Schemas } from "../../Cursors.sol";
 using Cursors for Cur;
 
@@ -15,17 +15,17 @@ abstract contract Unauthorize is CommandBase {
     uint internal immutable unauthorizeId = commandId(NAME);
 
     constructor() {
-        emit Command(host, NAME, Schemas.Node, unauthorizeId, State.Empty, State.Empty, false);
+        emit Command(host, unauthorizeId, NAME, Schemas.Node, Keys.Empty, Keys.Empty, false);
     }
 
     function unauthorize(
         CommandContext calldata c
-    ) external onlyAdmin(c.account) onlyCommand(unauthorizeId, c.target) returns (bytes memory) {
+    ) external onlyAdmin(c.account) returns (bytes memory) {
         (Cur memory request, , ) = cursor(c.request, 1);
 
         while (request.i < request.bound) {
             uint node = request.unpackNode();
-            access(node, false);
+            unauthorize(node);
         }
 
         request.complete();

package/core/Access.sol

@@ -1,46 +1,53 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { AccessEvent } from "../events/Access.sol";
-import { HostBound } from "./HostBound.sol";
-import { Accounts } from "../utils/Accounts.sol";
-import { Ids } from "../utils/Ids.sol";
-import { addrOr } from "../utils/Utils.sol";
+import {AccessEvent} from "../events/Access.sol";
+import {RootZeroContext} from "./Context.sol";
+import {Accounts} from "../utils/Accounts.sol";
+import {Ids} from "../utils/Ids.sol";
+import {addrOr} from "../utils/Utils.sol";
 
 /// @title AccessControl
 /// @notice Host access control layer.
 /// Tracks an immutable trusted commander, the host's own node ID, and a
-/// mapping of externally authorized node IDs. Inbound trust is host-based:
-/// authorized hosts, the commander, and this contract itself may interact
+/// mapping of externally trusted node IDs. Inbound trust is host-based:
+/// trusted hosts, the commander, and this contract itself may interact
 /// with the host through the guarded command and peer entrypoints.
-abstract contract AccessControl is HostBound, AccessEvent {
+abstract contract AccessControl is RootZeroContext, AccessEvent {
     /// @dev Trusted commander address. All calls from this address are implicitly trusted.
     /// Defaults to `address(this)` when no external commander is provided.
     address internal immutable commander;
     /// @dev Admin account ID derived from the commander address at construction time.
     bytes32 internal immutable adminAccount;
 
-    /// @dev Mapping from node ID to authorization status.
-    /// Authorised nodes may interact with the host as trusted callers or call targets.
-    mapping(uint => bool) internal authorized;
+    /// @dev Mapping from node ID to trust status.
+    mapping(uint node => bool) internal trusted;
 
-    /// @dev Thrown when `ensureTrusted` is called with a node that is not authorized.
-    error UnauthorizedNode(uint node);
     /// @dev Thrown when `enforceCaller` is called by an address that is not trusted.
     error UnauthorizedCaller(address addr);
 
+    /// @dev Thrown when a required trusted node is missing from the trusted set.
+    error UnauthorizedNode(uint node);
+
     constructor(address cmdr) {
         commander = addrOr(cmdr, address(this));
         adminAccount = Accounts.toAdmin(commander);
     }
 
-    /// @notice Grant or revoke authorization for a node.
-    /// Inbound authentication is host-based: the node ID used here should be a host ID.
-    /// @param node Node ID to authorize or deauthorize.
-    /// @param allow True to grant authorization, false to revoke it.
-    function access(uint node, bool allow) internal {
-        authorized[node] = allow;
-        emit Access(host, node, allow);
+    /// @notice Grant authorization for a node.
+    /// Accepts any node ID that should be trusted by this contract.
+    /// @param node Node ID to authorize.
+    function authorize(uint node) internal {
+        trusted[node] = true;
+        emit Access(host, node, true);
+    }
+
+    /// @notice Revoke authorization for a node.
+    /// Accepts any node ID that should no longer be trusted by this contract.
+    /// @param node Node ID to unauthorize.
+    function unauthorize(uint node) internal {
+        trusted[node] = false;
+        emit Access(host, node, false);
     }
 
     /// @notice Return true if `caller` is an implicitly trusted address.
@@ -48,7 +55,17 @@ abstract contract AccessControl is HostBound, AccessEvent {
     /// whose host ID has been explicitly authorized.
     /// @param caller Address to check.
     function isTrusted(address caller) internal view returns (bool) {
-        return caller == commander || caller == address(this) || authorized[Ids.toHost(caller)];
+        return caller == commander || caller == address(this) || trusted[Ids.toHost(caller)];
+    }
+
+    /// @notice Assert that `node` is in the trusted set and return it.
+    /// @param node Node ID to validate.
+    /// @return The same `node` value if trusted.
+    function ensureTrusted(uint node) internal view returns (uint) {
+        if (node == 0 || !trusted[node]) {
+            revert UnauthorizedNode(node);
+        }
+        return node;
     }
 
     /// @notice Assert that `caller` is trusted and return it.
@@ -61,17 +78,4 @@ abstract contract AccessControl is HostBound, AccessEvent {
         }
         return caller;
     }
-
-    /// @notice Assert that `node` is in the authorized set and return it.
-    /// Used for outbound trust checks before calling another node.
-    /// Accepts any authorized node ID (host or command).
-    /// Inbound caller authentication is host-only via `enforceCaller(msg.sender)`.
-    /// @param node Node ID to validate.
-    /// @return The same `node` value if authorized.
-    function ensureTrusted(uint node) internal view returns (uint) {
-        if (node == 0 || !authorized[node]) {
-            revert UnauthorizedNode(node);
-        }
-        return node;
-    }
 }

package/core/Balances.sol

@@ -7,34 +7,33 @@ import {BalanceEvent} from "../events/Balance.sol";
 error InsufficientFunds();
 
 /// @title Balances
-/// @notice On-chain ledger for per-account, per-asset token balances.
-/// Balances are keyed by `(account, assetKey)` where `assetKey` is the
-/// value returned by `Assets.key(asset, meta)`.
+/// @notice On-chain ledger for per-account, per-slot balances.
+/// Higher-level modules decide how slots are derived and validated.
 abstract contract Balances is BalanceEvent {
-    /// @dev account -> assetKey -> balance (in the asset's native units).
-    mapping(bytes32 account => mapping(bytes32 assetKey => uint amount)) internal balances;
+    /// @dev account -> slot -> balance.
+    mapping(bytes32 account => mapping(bytes32 slot => uint amount)) internal balances;
+
+    /// @notice Add `amount` to an account balance and return the new balance.
+    /// @param account Account identifier.
+    /// @param slot Storage slot for the position being credited.
+    /// @param amount Amount to credit.
+    /// @return balance New balance after the credit.
+    function creditTo(bytes32 account, bytes32 slot, uint amount) internal returns (uint balance) {
+        balance = balances[account][slot] += amount;
+    }
 
     /// @notice Deduct `amount` from an account balance and return the new balance.
     /// Reverts with `InsufficientFunds` if the current balance is less than `amount`.
     /// @param account Account identifier.
-    /// @param assetKey Storage key for the (asset, meta) pair.
+    /// @param slot Storage slot for the position being debited.
     /// @param amount Amount to deduct.
     /// @return balance New balance after the debit.
-    function debitFrom(bytes32 account, bytes32 assetKey, uint amount) internal returns (uint balance) {
-        balance = balances[account][assetKey];
+    function debitFrom(bytes32 account, bytes32 slot, uint amount) internal returns (uint balance) {
+        balance = balances[account][slot];
         if (balance < amount) revert InsufficientFunds();
         unchecked {
             balance -= amount;
         }
-        balances[account][assetKey] = balance;
-    }
-
-    /// @notice Add `amount` to an account balance and return the new balance.
-    /// @param account Account identifier.
-    /// @param assetKey Storage key for the (asset, meta) pair.
-    /// @param amount Amount to credit.
-    /// @return balance New balance after the credit.
-    function creditTo(bytes32 account, bytes32 assetKey, uint amount) internal returns (uint balance) {
-        balance = balances[account][assetKey] += amount;
+        balances[account][slot] = balance;
     }
 }

package/core/{Operation.sol → Calls.sol}

@@ -1,9 +1,8 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { AccessControl } from "./Access.sol";
-import { CursorBase } from "./CursorBase.sol";
-import { Ids } from "../utils/Ids.sol";
+import {AccessControl} from "./Access.sol";
+import {Ids} from "../utils/Ids.sol";
 
 /// @dev Emitted when a trusted inter-node call fails.
 /// @param addr Contract address that was called.
@@ -11,11 +10,9 @@ import { Ids } from "../utils/Ids.sol";
 /// @param err Revert data returned by the failed call.
 error FailedCall(address addr, bytes4 selector, bytes err);
 
-/// @title OperationBase
-/// @notice Shared base for command and peer contracts.
-/// Provides convenience wrappers for cursor construction, quotient validation,
-/// and trusted inter-node calls. Inherits access control from `AccessControl`.
-abstract contract OperationBase is CursorBase, AccessControl {
+/// @title NodeCalls
+/// @notice Shared trusted inter-node call helpers for contracts that can talk to other nodes.
+abstract contract NodeCalls is AccessControl {
     /// @notice Return the host node ID corresponding to the current caller.
     /// @dev Encodes `msg.sender` as a host ID using the local-chain host layout.
     /// @return Host node ID for `msg.sender`.

package/core/{CursorBase.sol → Context.sol}

@@ -1,13 +1,20 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { Cur, Cursors } from "../Cursors.sol";
+import {Cur, Cursors} from "../Cursors.sol";
+import {Assets} from "../utils/Assets.sol";
+import {Ids} from "../utils/Ids.sol";
 
 using Cursors for Cur;
 
-/// @title CursorBase
-/// @notice Shared cursor convenience helpers for contracts that consume block streams.
-abstract contract CursorBase {
+/// @title RootZeroContext
+/// @notice Shared rootzero contract context for host identity, native value identity, and block-stream cursors.
+abstract contract RootZeroContext {
+    /// @dev This contract's host node ID, set to `Ids.toHost(address(this))` at construction.
+    uint public immutable host = Ids.toHost(address(this));
+    /// @dev Asset ID for the native chain value (ETH), bound to the current chain at deployment.
+    bytes32 internal immutable valueAsset = Assets.toValue();
+
     /// @notice Open a cursor over a calldata block stream.
     /// @param source Calldata slice to parse.
     /// @return cur Cursor positioned at the beginning of `source`.
@@ -39,5 +46,4 @@ abstract contract CursorBase {
         (, , uint quotient) = cur.primeRun(group);
         if (quotient != expectedQuotient) revert Cursors.BadRatio();
     }
-
 }

package/core/Host.sol

@@ -1,13 +1,14 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { AccessControl } from "./Access.sol";
-import { Authorize } from "../commands/admin/Authorize.sol";
-import { Unauthorize } from "../commands/admin/Unauthorize.sol";
-import { RelocatePayable } from "../commands/admin/Relocate.sol";
-import { HostAnnouncedEvent } from "../events/Host.sol";
-import { IHostDiscovery } from "../interfaces/IHostDiscovery.sol";
-import { Ids } from "../utils/Ids.sol";
+import {AccessControl} from "./Access.sol";
+import {Authorize} from "../commands/admin/Authorize.sol";
+import {Unauthorize} from "../commands/admin/Unauthorize.sol";
+import {ExecutePayable} from "../commands/admin/Execute.sol";
+import {RelocatePayable} from "../commands/admin/Relocate.sol";
+import {HostAnnouncedEvent} from "../events/Host.sol";
+import {IHostDiscovery} from "../interfaces/IHostDiscovery.sol";
+import {Ids} from "../utils/Ids.sol";
 
 /// @notice Mixin that allows a contract to act as a host discovery registry.
 /// Hosts call `announceHost` on a discovery contract to register themselves.
@@ -25,10 +26,10 @@ abstract contract HostDiscovery is HostAnnouncedEvent, IHostDiscovery {
 
 /// @title Host
 /// @notice Abstract base contract for rootzero host implementations.
-/// Inherits admin command support (authorize, unauthorize, relocatePayable) and
+/// Inherits admin command support (authorize, unauthorize, executePayable, relocatePayable) and
 /// optionally announces itself to a discovery contract at deployment.
 /// Accepts native ETH payments via the `receive` function.
-abstract contract Host is Authorize, Unauthorize, RelocatePayable {
+abstract contract Host is Authorize, Unauthorize, ExecutePayable, RelocatePayable {
     /// @param cmdr Commander address; passed to `AccessControl`.
     ///        If `cmdr` is a deployed contract, the host calls `announceHost`
     ///        on it during construction to register with the discovery registry.

package/core/Types.sol

@@ -0,0 +1,86 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+/// @notice Asset and amount pair used across ledger, command, and block flows.
+struct AssetAmount {
+    /// @dev Asset identifier.
+    bytes32 asset;
+    /// @dev Asset metadata slot.
+    bytes32 meta;
+    /// @dev Token amount in the asset's native units.
+    uint amount;
+}
+
+/// @notice Account-scoped asset shape.
+struct AccountAsset {
+    /// @dev Account identifier.
+    bytes32 account;
+    /// @dev Asset identifier.
+    bytes32 asset;
+    /// @dev Asset metadata slot.
+    bytes32 meta;
+}
+
+/// @notice Account-scoped amount shape used by payout blocks and query responses.
+struct AccountAmount {
+    /// @dev Account identifier.
+    bytes32 account;
+    /// @dev Asset identifier.
+    bytes32 asset;
+    /// @dev Asset metadata slot.
+    bytes32 meta;
+    /// @dev Token amount in the asset's native units.
+    uint amount;
+}
+
+/// @notice Host-scoped asset and amount shape.
+struct HostAmount {
+    /// @dev Host node identifier.
+    uint host;
+    /// @dev Asset identifier.
+    bytes32 asset;
+    /// @dev Asset metadata slot.
+    bytes32 meta;
+    /// @dev Token amount in the asset's native units.
+    uint amount;
+}
+
+/// @notice Host-scoped account asset shape.
+struct HostAccountAsset {
+    /// @dev Host node identifier.
+    uint host;
+    /// @dev Account identifier.
+    bytes32 account;
+    /// @dev Asset identifier.
+    bytes32 asset;
+    /// @dev Asset metadata slot.
+    bytes32 meta;
+}
+
+/// @notice Host-scoped account amount shape.
+struct HostAccountAmount {
+    /// @dev Host node identifier.
+    uint host;
+    /// @dev Account identifier.
+    bytes32 account;
+    /// @dev Asset identifier.
+    bytes32 asset;
+    /// @dev Asset metadata slot.
+    bytes32 meta;
+    /// @dev Token amount in the asset's native units.
+    uint amount;
+}
+
+/// @notice Transfer payload used by transaction blocks and peer settlement.
+struct Tx {
+    /// @dev Sender account identifier.
+    bytes32 from;
+    /// @dev Destination account identifier.
+    bytes32 to;
+    /// @dev Asset identifier.
+    bytes32 asset;
+    /// @dev Asset metadata slot.
+    bytes32 meta;
+    /// @dev Transfer amount in the asset's native units.
+    uint amount;
+}