@rootzero/contracts 0.9.0 → 0.9.1

package/commands/{admin → control}/Destroy.sol

@@ -3,8 +3,7 @@ pragma solidity ^0.8.33;
 
 import { CommandBase, CommandContext, Keys } from "../Base.sol";
 import { Cursors, Cur } from "../../Cursors.sol";
-
-string constant NAME = "destroy";
+import { ControlEvent } from "../../events/Control.sol";
 
 using Cursors for Cur;
 
@@ -15,13 +14,15 @@ abstract contract DestroyHook {
 }
 
 /// @title Destroy
-/// @notice Admin command that runs host teardown logic via a virtual hook.
+/// @notice Control command that runs host teardown logic via a virtual hook.
 /// The full request is passed to `destroy` as a cursor. Only callable by the admin account.
-abstract contract Destroy is CommandBase, DestroyHook {
+abstract contract Destroy is CommandBase, ControlEvent, DestroyHook {
+    string private constant NAME = "destroy";
+
     uint internal immutable destroyId = commandId(NAME);
 
     constructor(string memory input) {
-        emit Command(host, destroyId, NAME, input, Keys.Empty, Keys.Empty, false);
+        emit Control(host, destroyId, NAME, input, Keys.Empty, Keys.Empty, false);
     }
 
     function destroy(

package/commands/{admin → control}/Execute.sol

@@ -3,22 +3,23 @@ pragma solidity ^0.8.33;
 
 import {CommandContext, CommandPayable, Keys} from "../Base.sol";
 import {Cursors, Cur, Schemas} from "../../Cursors.sol";
+import {ControlEvent} from "../../events/Control.sol";
 import {Budget, Values} from "../../utils/Value.sol";
 import {Ids} from "../../utils/Ids.sol";
 
 using Cursors for Cur;
 
-string constant NAME = "executePayable";
-
 /// @title ExecutePayable
-/// @notice Admin command that forwards raw calldata to one or more target nodes.
+/// @notice Control command that forwards raw calldata to one or more target nodes.
 /// Each CALL block specifies a target node ID, native value, and raw calldata payload.
 /// Only callable by the admin account.
-abstract contract ExecutePayable is CommandPayable {
+abstract contract ExecutePayable is CommandPayable, ControlEvent {
+    string private constant NAME = "executePayable";
+
     uint internal immutable executePayableId = commandId(NAME);
 
     constructor() {
-        emit Command(host, executePayableId, NAME, Schemas.Call, Keys.Empty, Keys.Empty, true);
+        emit Control(host, executePayableId, NAME, Schemas.Call, Keys.Empty, Keys.Empty, true);
     }
 
     function executePayable(CommandContext calldata c) external payable onlyAdmin(c.account) returns (bytes memory) {

package/commands/{admin → control}/Init.sol

@@ -3,8 +3,7 @@ pragma solidity ^0.8.33;
 
 import { CommandBase, CommandContext, Keys } from "../Base.sol";
 import { Cursors, Cur } from "../../Cursors.sol";
-
-string constant NAME = "init";
+import { ControlEvent } from "../../events/Control.sol";
 
 using Cursors for Cur;
 
@@ -15,13 +14,15 @@ abstract contract InitHook {
 }
 
 /// @title Init
-/// @notice Admin command that runs host initialization logic via a virtual hook.
+/// @notice Control command that runs host initialization logic via a virtual hook.
 /// The full request is passed to `init` as a cursor. Only callable by the admin account.
-abstract contract Init is CommandBase, InitHook {
+abstract contract Init is CommandBase, ControlEvent, InitHook {
+    string private constant NAME = "init";
+
     uint internal immutable initId = commandId(NAME);
 
     constructor(string memory input) {
-        emit Command(host, initId, NAME, input, Keys.Empty, Keys.Empty, false);
+        emit Control(host, initId, NAME, input, Keys.Empty, Keys.Empty, false);
     }
 
     function init(

package/commands/{admin → control}/Unauthorize.sol

@@ -3,19 +3,20 @@ pragma solidity ^0.8.33;
 
 import { CommandBase, CommandContext, Keys } from "../Base.sol";
 import { Cursors, Cur, Schemas } from "../../Cursors.sol";
+import { ControlEvent } from "../../events/Control.sol";
 using Cursors for Cur;
 
-string constant NAME = "unauthorize";
-
 /// @title Unauthorize
-/// @notice Admin command that revokes authorization from a list of node IDs.
+/// @notice Control command that revokes authorization from a list of node IDs.
 /// Each NODE block in the request is deauthorized on the host.
 /// Only callable by the admin account.
-abstract contract Unauthorize is CommandBase {
+abstract contract Unauthorize is CommandBase, ControlEvent {
+    string private constant NAME = "unauthorize";
+
     uint internal immutable unauthorizeId = commandId(NAME);
 
     constructor() {
-        emit Command(host, unauthorizeId, NAME, Schemas.Node, Keys.Empty, Keys.Empty, false);
+        emit Control(host, unauthorizeId, NAME, Schemas.Node, Keys.Empty, Keys.Empty, false);
     }
 
     function unauthorize(

package/core/Access.sol

@@ -12,7 +12,7 @@ import {addrOr} from "../utils/Utils.sol";
 /// Tracks an immutable trusted commander, the host's own node ID, and a
 /// mapping of externally trusted node IDs. Inbound trust is host-based:
 /// trusted hosts, the commander, and this contract itself may interact
-/// with the host through the guarded command and peer entrypoints.
+/// with the host through the guarded command and remote entrypoints.
 abstract contract AccessControl is RootZeroContext, AccessEvent {
     /// @dev Trusted commander address. All calls from this address are implicitly trusted.
     /// Defaults to `address(this)` when no external commander is provided.
@@ -69,7 +69,7 @@ abstract contract AccessControl is RootZeroContext, AccessEvent {
     }
 
     /// @notice Assert that `caller` is trusted and return it.
-    /// Used by command and peer modifiers to gate execution to authorized senders.
+    /// Used by command and remote modifiers to gate execution to authorized senders.
     /// @param caller Address to validate.
     /// @return The same `caller` value if trusted.
     function enforceCaller(address caller) internal view returns (address) {

package/core/Host.sol

@@ -2,10 +2,9 @@
 pragma solidity ^0.8.33;
 
 import {AccessControl} from "./Access.sol";
-import {Authorize} from "../commands/admin/Authorize.sol";
-import {Unauthorize} from "../commands/admin/Unauthorize.sol";
-import {ExecutePayable} from "../commands/admin/Execute.sol";
-import {RelocatePayable} from "../commands/admin/Relocate.sol";
+import {Authorize} from "../commands/control/Authorize.sol";
+import {Unauthorize} from "../commands/control/Unauthorize.sol";
+import {ExecutePayable} from "../commands/control/Execute.sol";
 import {HostAnnouncedEvent} from "../events/Host.sol";
 import {IHostDiscovery} from "../interfaces/IHostDiscovery.sol";
 import {Ids} from "../utils/Ids.sol";
@@ -26,10 +25,10 @@ abstract contract HostDiscovery is HostAnnouncedEvent, IHostDiscovery {
 
 /// @title Host
 /// @notice Abstract base contract for rootzero host implementations.
-/// Inherits admin command support (authorize, unauthorize, executePayable, relocatePayable) and
+/// Inherits control command support (authorize, unauthorize, executePayable) and
 /// optionally announces itself to a discovery contract at deployment.
 /// Accepts native ETH payments via the `receive` function.
-abstract contract Host is Authorize, Unauthorize, ExecutePayable, RelocatePayable {
+abstract contract Host is Authorize, Unauthorize, ExecutePayable {
     /// @param cmdr Commander address; passed to `AccessControl`.
     ///        If `cmdr` is a deployed contract, the host calls `announceHost`
     ///        on it during construction to register with the discovery registry.

package/core/Types.sol

@@ -71,7 +71,7 @@ struct HostAccountAmount {
     uint amount;
 }
 
-/// @notice Transfer payload used by transaction blocks and peer settlement.
+/// @notice Transfer payload used by transaction blocks and remote settlement.
 struct Tx {
     /// @dev Sender account identifier.
     bytes32 from;

package/events/Control.sol

@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import { EventEmitter } from "./Emitter.sol";
+
+string constant ABI =
+    "event Control(uint indexed host, uint id, string name, string request, bytes4 state, bytes4 output, bool acceptsValue)";
+
+/// @notice Emitted once per control command during host deployment to publish its request schema and state keys.
+abstract contract ControlEvent is EventEmitter {
+    /// @param host Host node ID that owns this control command.
+    /// @param id Command node ID.
+    /// @param name Human-readable command name.
+    /// @param request Schema DSL string describing the request shape.
+    /// @param state Block key expected for input state, or `Keys.Empty`.
+    /// @param output Block key produced for output state, or `Keys.Empty`.
+    /// @param acceptsValue Whether the command entrypoint accepts nonzero `msg.value`.
+    event Control(
+        uint indexed host,
+        uint id,
+        string name,
+        string request,
+        bytes4 state,
+        bytes4 output,
+        bool acceptsValue
+    );
+
+    constructor() {
+        emit EventAbi(ABI);
+    }
+}

package/events/Query.sol

@@ -3,16 +3,16 @@ pragma solidity ^0.8.33;
 
 import {EventEmitter} from "./Emitter.sol";
 
-string constant ABI = "event Query(uint indexed host, uint id, string name, string input, string output)";
+string constant ABI = "event Query(uint indexed host, uint id, string name, string request, string response)";
 
 /// @notice Emitted once per query during host deployment to publish its request and response schemas.
 abstract contract QueryEvent is EventEmitter {
     /// @param host Host node ID that owns this query.
     /// @param id Query node ID.
     /// @param name Human-readable query name.
-    /// @param input Schema DSL string describing the query request shape.
-    /// @param output Schema DSL string describing the query response shape.
-    event Query(uint indexed host, uint id, string name, string input, string output);
+    /// @param request Schema DSL string describing the query request shape.
+    /// @param response Schema DSL string describing the query response shape.
+    event Query(uint indexed host, uint id, string name, string request, string response);
 
     constructor() {
         emit EventAbi(ABI);

package/events/Remote.sol

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import { EventEmitter } from "./Emitter.sol";
+
+string constant ABI =
+    "event Remote(uint indexed host, uint id, string name, string request, bool acceptsValue)";
+
+/// @notice Emitted once per remote during host deployment to publish its request schema.
+abstract contract RemoteEvent is EventEmitter {
+    /// @param host Host node ID that owns this remote.
+    /// @param id Remote node ID.
+    /// @param name Human-readable remote name.
+    /// @param request Schema DSL string describing the remote request shape.
+    /// @param acceptsValue Whether the remote entrypoint accepts nonzero `msg.value`.
+    event Remote(uint indexed host, uint id, string name, string request, bool acceptsValue);
+
+    constructor() {
+        emit EventAbi(ABI);
+    }
+}
+
+
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rootzero/contracts",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "Solidity contracts and protocol building blocks for rootzero hosts and commands.",
   "private": false,
   "license": "GPL-3.0-only",

package/remote/AllowAssets.sol

@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import { RemoteBase } from "./Base.sol";
+import { AllowAssetsHook } from "../commands/control/AllowAssets.sol";
+import { Cursors, Cur, Schemas } from "../Cursors.sol";
+
+using Cursors for Cur;
+
+string constant NAME = "remoteAllowAssets";
+
+/// @title RemoteAllowAssets
+/// @notice Remote that permits a list of (asset, meta) pairs on behalf of a remote host.
+/// Each ASSET block in the request calls `allowAsset`. Restricted to trusted remotes.
+abstract contract RemoteAllowAssets is RemoteBase, AllowAssetsHook {
+    uint internal immutable remoteAllowAssetsId = remoteId(NAME);
+
+    constructor() {
+        emit Remote(host, remoteAllowAssetsId, NAME, Schemas.Asset, false);
+    }
+
+    /// @notice Execute the allow-assets remote call.
+    function remoteAllowAssets(bytes calldata request) external onlyRemote returns (bytes memory) {
+        (Cur memory assets, , ) = cursor(request, 1);
+
+        while (assets.i < assets.bound) {
+            (bytes32 asset, bytes32 meta) = assets.unpackAsset();
+            allowAsset(asset, meta);
+        }
+
+        assets.complete();
+        return "";
+    }
+}
+
+
+
+
+

package/remote/Allowance.sol

@@ -0,0 +1,36 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {RemoteBase} from "./Base.sol";
+import {AllowanceHook} from "../commands/control/Allowance.sol";
+import {Cursors, Cur, Schemas} from "../Cursors.sol";
+
+using Cursors for Cur;
+
+string constant NAME = "remoteAllowance";
+
+/// @title RemoteAllowance
+/// @notice Remote that lets a trusted remote host request or refresh its own allowance.
+/// Each AMOUNT block in the request is scoped to the remote host and passed to the
+/// shared allowance hook as a host-scoped allowance. Restricted to trusted remotes.
+abstract contract RemoteAllowance is RemoteBase, AllowanceHook {
+    uint internal immutable remoteAllowanceId = remoteId(NAME);
+
+    constructor() {
+        emit Remote(host, remoteAllowanceId, NAME, Schemas.Amount, false);
+    }
+
+    /// @notice Execute the allowance remote call.
+    function remoteAllowance(bytes calldata request) external onlyRemote returns (bytes memory) {
+        (Cur memory amounts, , ) = cursor(request, 1);
+        uint remote = caller();
+
+        while (amounts.i < amounts.bound) {
+            (bytes32 asset, bytes32 meta, uint amount) = amounts.unpackAmount();
+            allowance(remote, asset, meta, amount);
+        }
+
+        amounts.complete();
+        return "";
+    }
+}

package/remote/AssetPull.sol

@@ -0,0 +1,44 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {RemoteBase} from "./Base.sol";
+import {Cursors, Cur, Schemas} from "../Cursors.sol";
+
+string constant NAME = "remoteAssetPull";
+
+using Cursors for Cur;
+
+abstract contract AssetPullHook {
+    /// @notice Override to process one incoming amount-based asset pull request from a remote host.
+    /// @param remote Remote host node ID for this request.
+    /// @param asset Requested asset identifier.
+    /// @param meta Requested asset metadata slot.
+    /// @param amount Requested amount in the asset's native units.
+    function assetPull(uint remote, bytes32 asset, bytes32 meta, uint amount) internal virtual;
+}
+
+/// @title RemoteAssetPull
+/// @notice Remote that pulls requested asset amounts from a remote host into this one.
+/// Each AMOUNT block in the request calls `assetPull(remote, asset, meta, amount)`.
+/// Restricted to trusted remotes.
+abstract contract RemoteAssetPull is RemoteBase, AssetPullHook {
+    uint internal immutable remoteAssetPullId = remoteId(NAME);
+
+    constructor() {
+        emit Remote(host, remoteAssetPullId, NAME, Schemas.Amount, false);
+    }
+
+    /// @notice Execute the asset-pull remote call.
+    function remoteAssetPull(bytes calldata request) external onlyRemote returns (bytes memory) {
+        (Cur memory assets, , ) = cursor(request, 1);
+        uint remote = caller();
+
+        while (assets.i < assets.bound) {
+            (bytes32 asset, bytes32 meta, uint amount) = assets.unpackAmount();
+            assetPull(remote, asset, meta, amount);
+        }
+
+        assets.complete();
+        return "";
+    }
+}

package/remote/Base.sol

@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import { NodeCalls } from "../core/Calls.sol";
+import { RemoteEvent } from "../events/Remote.sol";
+import { Ids, Selectors } from "../utils/Ids.sol";
+
+/// @notice ABI-encode a remote call from a target remote ID and request block stream.
+/// @dev Derives the function selector from `target` via `Ids.remoteSelector(target)`.
+/// Reverts if `target` is not a valid remote ID.
+/// @param target Destination remote node ID embedding the target selector.
+/// @param request Input block stream for the remote invocation.
+/// @return ABI-encoded calldata for the remote entry point.
+function encodeRemoteCall(uint target, bytes calldata request) pure returns (bytes memory) {
+    bytes4 selector = Ids.remoteSelector(target);
+    return abi.encodeWithSelector(selector, request);
+}
+
+/// @title RemoteBase
+/// @notice Abstract base for all rootzero remote contracts.
+/// Remotes handle inter-host operations and asset allow/deny management
+/// between cooperating hosts. Access is restricted to trusted callers via `onlyRemote`.
+abstract contract RemoteBase is NodeCalls, RemoteEvent {
+    /// @dev Thrown when the commander attempts to call a remote entrypoint directly.
+    error CommanderNotAllowed();
+
+    /// @dev Restrict execution to trusted callers, excluding the commander.
+    modifier onlyRemote() {
+        if (msg.sender == commander) revert CommanderNotAllowed();
+        enforceCaller(msg.sender);
+        _;
+    }
+
+    /// @notice Derive the deterministic node ID for a named remote on this contract.
+    /// @param name Remote function name (without argument list).
+    /// @return Remote node ID.
+    function remoteId(string memory name) internal view returns (uint) {
+        return Ids.toRemote(Selectors.remote(name), address(this));
+    }
+}

package/remote/DenyAssets.sol

@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {RemoteBase} from "./Base.sol";
+import {DenyAssetsHook} from "../commands/control/DenyAssets.sol";
+import {Cursors, Cur, Schemas} from "../Cursors.sol";
+
+using Cursors for Cur;
+
+string constant NAME = "remoteDenyAssets";
+
+/// @title RemoteDenyAssets
+/// @notice Remote that blocks a list of (asset, meta) pairs on behalf of a remote host.
+/// Each ASSET block in the request calls `denyAsset`. Restricted to trusted remotes.
+abstract contract RemoteDenyAssets is RemoteBase, DenyAssetsHook {
+    uint internal immutable remoteDenyAssetsId = remoteId(NAME);
+
+    constructor() {
+        emit Remote(host, remoteDenyAssetsId, NAME, Schemas.Asset, false);
+    }
+
+    /// @notice Execute the deny-assets remote call.
+    function remoteDenyAssets(bytes calldata request) external onlyRemote returns (bytes memory) {
+        (Cur memory assets, , ) = cursor(request, 1);
+
+        while (assets.i < assets.bound) {
+            (bytes32 asset, bytes32 meta) = assets.unpackAsset();
+            denyAsset(asset, meta);
+        }
+
+        assets.complete();
+        return "";
+    }
+}
+
+
+
+
+

package/remote/Settle.sol

@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import { RemoteBase } from "./Base.sol";
+import { TransferHook } from "../commands/Transfer.sol";
+import { Cursors, Cur, Schemas } from "../Cursors.sol";
+
+using Cursors for Cur;
+
+string constant NAME = "remoteSettle";
+
+/// @title RemoteSettle
+/// @notice Remote that consumes remote-supplied TRANSACTION blocks through the shared transfer hook.
+/// Each TRANSACTION block in the request calls `transfer(value)`. Restricted to trusted remotes.
+abstract contract RemoteSettle is RemoteBase, TransferHook {
+    uint internal immutable remoteSettleId = remoteId(NAME);
+
+    constructor() {
+        emit Remote(host, remoteSettleId, NAME, Schemas.Transaction, false);
+    }
+
+    /// @notice Execute the remote-settle call.
+    function remoteSettle(bytes calldata request) external onlyRemote returns (bytes memory) {
+        (Cur memory state, , ) = cursor(request, 1);
+
+        while (state.i < state.bound) {
+            transfer(state.unpackTxValue());
+        }
+
+        state.complete();
+        return "";
+    }
+}

package/utils/Ids.sol

@@ -8,9 +8,9 @@ import {isLocalFamily, matchesBase, toLocalBase} from "./Utils.sol";
 /// @notice Encoding and decoding helpers for 256-bit node identifiers.
 ///
 /// Node IDs share a common layout:
-///   - bits [255:224] — 4-byte type prefix (`Host`, `Command`, or `Peer`)
+///   - bits [255:224] — 4-byte type prefix (`Host`, `Command`, or `Remote`)
 ///   - bits [223:192] — current `block.chainid` (makes IDs chain-local)
-///   - bits [191:160] — 4-byte ABI selector (commands and peers only)
+///   - bits [191:160] — 4-byte ABI selector (commands and remotes only)
 ///   - bits [159:0]   — 160-bit EVM contract address
 library Ids {
     /// @dev Thrown when an ID does not match the expected node type or chain.
@@ -22,8 +22,8 @@ library Ids {
     uint32 constant Host = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Node) << 8) | uint32(Layout.Host);
     /// @dev Full 4-byte type prefix for command nodes.
     uint32 constant Command = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Node) << 8) | uint32(Layout.Command);
-    /// @dev Full 4-byte type prefix for peer nodes.
-    uint32 constant Peer = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Node) << 8) | uint32(Layout.Peer);
+    /// @dev Full 4-byte type prefix for remote nodes.
+    uint32 constant Remote = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Node) << 8) | uint32(Layout.Remote);
     /// @dev Full 4-byte type prefix for query nodes.
     uint32 constant Query = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Node) << 8) | uint32(Layout.Query);
 
@@ -37,9 +37,9 @@ library Ids {
         return uint32(id >> 224) == Command;
     }
 
-    /// @notice Return true if `id` is a peer node ID.
-    function isPeer(uint id) internal pure returns (bool) {
-        return uint32(id >> 224) == Peer;
+    /// @notice Return true if `id` is a remote node ID.
+    function isRemote(uint id) internal pure returns (bool) {
+        return uint32(id >> 224) == Remote;
     }
 
     /// @notice Return true if `id` is a query node ID.
@@ -63,19 +63,19 @@ library Ids {
         return bytes4(uint32(id >> 160));
     }
 
-    /// @notice Assert that `id` is a peer ID and return it unchanged.
+    /// @notice Assert that `id` is a remote ID and return it unchanged.
     /// @param id Node ID to validate.
-    /// @return pid The same `id` value if it is a peer.
-    function peer(uint id) internal pure returns (uint pid) {
-        if (!isPeer(id)) revert InvalidId();
+    /// @return pid The same `id` value if it is a remote.
+    function remote(uint id) internal pure returns (uint pid) {
+        if (!isRemote(id)) revert InvalidId();
         return id;
     }
 
-    /// @notice Assert that `id` is a peer ID and return its embedded ABI selector.
+    /// @notice Assert that `id` is a remote ID and return its embedded ABI selector.
     /// @param id Node ID to validate.
-    /// @return selector 4-byte peer selector stored in bits [191:160].
-    function peerSelector(uint id) internal pure returns (bytes4 selector) {
-        if (!isPeer(id)) revert InvalidId();
+    /// @return selector 4-byte remote selector stored in bits [191:160].
+    function remoteSelector(uint id) internal pure returns (bytes4 selector) {
+        if (!isRemote(id)) revert InvalidId();
         return bytes4(uint32(id >> 160));
     }
 
@@ -121,12 +121,12 @@ library Ids {
         return id;
     }
 
-    /// @notice Build a chain-local peer ID for the given selector and contract.
-    /// @param selector 4-byte ABI selector of the peer entry point.
-    /// @param target Peer contract address.
-    /// @return Peer node ID embedding both the selector and address.
-    function toPeer(bytes4 selector, address target) internal view returns (uint) {
-        uint id = toLocalBase(Peer) | uint(uint160(target));
+    /// @notice Build a chain-local remote ID for the given selector and contract.
+    /// @param selector 4-byte ABI selector of the remote entry point.
+    /// @param target Remote contract address.
+    /// @return Remote node ID embedding both the selector and address.
+    function toRemote(bytes4 selector, address target) internal view returns (uint) {
+        uint id = toLocalBase(Remote) | uint(uint160(target));
         id |= uint(uint32(selector)) << 160;
         return id;
     }
@@ -143,7 +143,7 @@ library Ids {
 
     /// @notice Extract the contract address from any local node ID.
     /// Reverts if `id` does not belong to the local node family.
-    /// @param id Node ID (host, command, or peer).
+    /// @param id Node ID (host, command, or remote).
     /// @return Contract address in the lower 160 bits of `id`.
     function nodeAddr(uint id) internal view returns (address) {
         if (!isLocalFamily(id, Node)) revert InvalidId();
@@ -161,12 +161,12 @@ library Ids {
 }
 
 /// @title Selectors
-/// @notice ABI-selector derivation helpers for command, peer, and query dispatch.
+/// @notice ABI-selector derivation helpers for command, remote, and query dispatch.
 library Selectors {
     /// @dev ABI argument encoding for command entry points: `((bytes32,bytes,bytes))`.
     string constant CommandArgs = "((bytes32,bytes,bytes))";
-    /// @dev ABI argument encoding for peer entry points: `(bytes)`.
-    string constant PeerArgs = "(bytes)";
+    /// @dev ABI argument encoding for remote entry points: `(bytes)`.
+    string constant RemoteArgs = "(bytes)";
     /// @dev ABI argument encoding for query entry points: `(bytes)`.
     string constant QueryArgs = "(bytes)";
 
@@ -178,12 +178,12 @@ library Selectors {
         return bytes4(keccak256(bytes.concat(bytes(name), bytes(CommandArgs))));
     }
 
-    /// @notice Derive the 4-byte ABI selector for a named peer.
-    /// The selector is `keccak256(name ++ PeerArgs)[0:4]`.
-    /// @param name Peer function name (without arguments).
+    /// @notice Derive the 4-byte ABI selector for a named remote.
+    /// The selector is `keccak256(name ++ RemoteArgs)[0:4]`.
+    /// @param name Remote function name (without arguments).
     /// @return 4-byte selector.
-    function peer(string memory name) internal pure returns (bytes4) {
-        return bytes4(keccak256(bytes.concat(bytes(name), bytes(PeerArgs))));
+    function remote(string memory name) internal pure returns (bytes4) {
+        return bytes4(keccak256(bytes.concat(bytes(name), bytes(RemoteArgs))));
     }
 
     /// @notice Derive the 4-byte ABI selector for a named query.

package/utils/Layout.sol

@@ -26,7 +26,7 @@ library Layout {
 
     /// @dev ID encodes an account.
     uint8 constant Account = 0x01;
-    /// @dev ID encodes a network node (host, command, or peer).
+    /// @dev ID encodes a network node (host, command, or remote).
     uint8 constant Node = 0x02;
     /// @dev ID encodes an asset.
     uint8 constant Asset = 0x03;
@@ -50,8 +50,8 @@ library Layout {
     uint8 constant Host = 0x01;
     /// @dev Node is a command contract.
     uint8 constant Command = 0x02;
-    /// @dev Node is a peer contract.
-    uint8 constant Peer = 0x03;
+    /// @dev Node is a remote contract.
+    uint8 constant Remote = 0x03;
     /// @dev Node is a query contract.
     uint8 constant Query = 0x04;