@rootzero/contracts 0.9.1 → 0.9.2

package/peer/Allowance.sol

@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {PeerBase} from "./Base.sol";
+import {AllowanceHook} from "../commands/admin/Allowance.sol";
+import {Cursors, Cur, Schemas} from "../Cursors.sol";
+
+using Cursors for Cur;
+
+/// @title PeerAllowance
+/// @notice Peer that lets a trusted peer host request or refresh its own allowance.
+/// Each AMOUNT block in the request is scoped to the peer host and passed to the
+/// shared allowance hook as a host-scoped allowance. Restricted to trusted peers.
+abstract contract PeerAllowance is PeerBase, AllowanceHook {
+    string private constant NAME = "peerAllowance";
+    uint internal immutable peerAllowanceId = peerId(NAME);
+
+    constructor() {
+        emit Peer(host, peerAllowanceId, NAME, Schemas.Amount, false);
+    }
+
+    /// @notice Execute the allowance peer call.
+    function peerAllowance(bytes calldata request) external onlyPeer returns (bytes memory) {
+        (Cur memory amounts, , ) = cursor(request, 1);
+        uint peer = caller();
+
+        while (amounts.i < amounts.bound) {
+            (bytes32 asset, bytes32 meta, uint amount) = amounts.unpackAmount();
+            allowance(peer, asset, meta, amount);
+        }
+
+        amounts.complete();
+        return "";
+    }
+}

package/peer/AssetPull.sol

@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {PeerBase} from "./Base.sol";
+import {Cursors, Cur, Schemas} from "../Cursors.sol";
+
+using Cursors for Cur;
+
+abstract contract AssetPullHook {
+    /// @notice Override to process one incoming amount-based asset pull request from a peer host.
+    /// @param peer Peer host node ID for this request.
+    /// @param asset Requested asset identifier.
+    /// @param meta Requested asset metadata slot.
+    /// @param amount Requested amount in the asset's native units.
+    function assetPull(uint peer, bytes32 asset, bytes32 meta, uint amount) internal virtual;
+}
+
+/// @title PeerAssetPull
+/// @notice Peer that pulls requested asset amounts from a peer host into this one.
+/// Each AMOUNT block in the request calls `assetPull(peer, asset, meta, amount)`.
+/// Restricted to trusted peers.
+abstract contract PeerAssetPull is PeerBase, AssetPullHook {
+    string private constant NAME = "peerAssetPull";
+    uint internal immutable peerAssetPullId = peerId(NAME);
+
+    constructor() {
+        emit Peer(host, peerAssetPullId, NAME, Schemas.Amount, false);
+    }
+
+    /// @notice Execute the asset-pull peer call.
+    function peerAssetPull(bytes calldata request) external onlyPeer returns (bytes memory) {
+        (Cur memory assets, , ) = cursor(request, 1);
+        uint peer = caller();
+
+        while (assets.i < assets.bound) {
+            (bytes32 asset, bytes32 meta, uint amount) = assets.unpackAmount();
+            assetPull(peer, asset, meta, amount);
+        }
+
+        assets.complete();
+        return "";
+    }
+}

package/peer/Base.sol

@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import { NodeCalls } from "../core/Calls.sol";
+import { PeerEvent } from "../events/Peer.sol";
+import { Ids, Selectors } from "../utils/Ids.sol";
+
+/// @notice ABI-encode a peer call from a target peer ID and request block stream.
+/// @dev Derives the function selector from `target` via `Ids.peerSelector(target)`.
+/// Reverts if `target` is not a valid peer ID.
+/// @param target Destination peer node ID embedding the target selector.
+/// @param request Input block stream for the peer invocation.
+/// @return ABI-encoded calldata for the peer entry point.
+function encodePeerCall(uint target, bytes calldata request) pure returns (bytes memory) {
+    bytes4 selector = Ids.peerSelector(target);
+    return abi.encodeWithSelector(selector, request);
+}
+
+/// @title PeerBase
+/// @notice Abstract base for all rootzero peer contracts.
+/// Peers handle inter-host operations and asset allow/deny management
+/// between cooperating hosts. Access is restricted to trusted callers via `onlyPeer`.
+abstract contract PeerBase is NodeCalls, PeerEvent {
+    /// @dev Thrown when the commander attempts to call a peer entrypoint directly.
+    error CommanderNotAllowed();
+
+    /// @dev Restrict execution to trusted callers, excluding the commander.
+    modifier onlyPeer() {
+        if (msg.sender == commander) revert CommanderNotAllowed();
+        enforceCaller(msg.sender);
+        _;
+    }
+
+    /// @notice Derive the deterministic node ID for a named peer on this contract.
+    /// @param name Peer function name (without argument list).
+    /// @return Peer node ID.
+    function peerId(string memory name) internal view returns (uint) {
+        return Ids.toPeer(Selectors.peer(name), address(this));
+    }
+}

package/peer/DenyAssets.sol

@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {PeerBase} from "./Base.sol";
+import {DenyAssetsHook} from "../commands/admin/DenyAssets.sol";
+import {Cursors, Cur, Schemas} from "../Cursors.sol";
+
+using Cursors for Cur;
+
+/// @title PeerDenyAssets
+/// @notice Peer that blocks a list of (asset, meta) pairs on behalf of a peer host.
+/// Each ASSET block in the request calls `denyAsset`. Restricted to trusted peers.
+abstract contract PeerDenyAssets is PeerBase, DenyAssetsHook {
+    string private constant NAME = "peerDenyAssets";
+    uint internal immutable peerDenyAssetsId = peerId(NAME);
+
+    constructor() {
+        emit Peer(host, peerDenyAssetsId, NAME, Schemas.Asset, false);
+    }
+
+    /// @notice Execute the deny-assets peer call.
+    function peerDenyAssets(bytes calldata request) external onlyPeer returns (bytes memory) {
+        (Cur memory assets, , ) = cursor(request, 1);
+
+        while (assets.i < assets.bound) {
+            (bytes32 asset, bytes32 meta) = assets.unpackAsset();
+            denyAsset(asset, meta);
+        }
+
+        assets.complete();
+        return "";
+    }
+}
+
+
+
+
+

package/peer/Settle.sol

@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import { PeerBase } from "./Base.sol";
+import { TransferHook } from "../commands/Transfer.sol";
+import { Cursors, Cur, Schemas } from "../Cursors.sol";
+
+using Cursors for Cur;
+
+/// @title PeerSettle
+/// @notice Peer that consumes peer-supplied TRANSACTION blocks through the shared transfer hook.
+/// Each TRANSACTION block in the request calls `transfer(value)`. Restricted to trusted peers.
+abstract contract PeerSettle is PeerBase, TransferHook {
+    string private constant NAME = "peerSettle";
+    uint internal immutable peerSettleId = peerId(NAME);
+
+    constructor() {
+        emit Peer(host, peerSettleId, NAME, Schemas.Transaction, false);
+    }
+
+    /// @notice Execute the peer-settle call.
+    function peerSettle(bytes calldata request) external onlyPeer returns (bytes memory) {
+        (Cur memory state, , ) = cursor(request, 1);
+
+        while (state.i < state.bound) {
+            transfer(state.unpackTxValue());
+        }
+
+        state.complete();
+        return "";
+    }
+}

package/queries/Assets.sol

@@ -8,8 +8,6 @@ import {QueryBase} from "./Base.sol";
 using Cursors for Cur;
 using Writers for Writer;
 
-string constant NAME = "isAllowedAsset";
-
 abstract contract IsAllowedAssetHook {
     /// @notice Resolve whether one asset tuple is allowed.
     /// Concrete implementations define the allowlist policy.
@@ -24,6 +22,7 @@ abstract contract IsAllowedAssetHook {
 /// The request is a run of `ASSET` blocks.
 /// The response returns one `STATUS` form block per query entry, preserving request order.
 abstract contract IsAllowedAsset is QueryBase, IsAllowedAssetHook {
+    string private constant NAME = "isAllowedAsset";
     uint public immutable isAllowedAssetId = queryId(NAME);
 
     constructor() {

package/queries/Balances.sol

@@ -7,8 +7,6 @@ import {QueryBase} from "./Base.sol";
 using Cursors for Cur;
 using Writers for Writer;
 
-string constant NAME = "getBalances";
-
 abstract contract GetBalancesHook {
     /// @notice Resolve one account's balance for one supported asset.
     /// Concrete implementations define how assets are resolved.
@@ -24,6 +22,7 @@ abstract contract GetBalancesHook {
 /// The request is a run of `ACCOUNT_ASSET` form blocks.
 /// The response returns one `ACCOUNT_AMOUNT` form block per requested position, preserving request order.
 abstract contract GetBalances is QueryBase, GetBalancesHook {
+    string private constant NAME = "getBalances";
     uint public immutable getBalancesId = queryId(NAME);
 
     constructor() {

package/queries/Positions.sol

@@ -7,8 +7,6 @@ import {QueryBase} from "./Base.sol";
 
 using Cursors for Cur;
 
-string constant NAME = "getPosition";
-
 abstract contract GetPositionHook {
     /// @notice Resolve the position payload for one requested position.
     /// Concrete implementations must append exactly one `RESPONSE` block whose payload
@@ -30,6 +28,7 @@ abstract contract GetPositionHook {
 /// The request is a run of `ACCOUNT_ASSET` form blocks.
 /// The response returns one dynamic `RESPONSE` block per position entry, preserving request order.
 abstract contract GetPosition is QueryBase, GetPositionHook {
+    string private constant NAME = "getPosition";
     uint public immutable getPositionId = queryId(NAME);
     uint internal immutable positionResponseSize;
 

package/utils/Accounts.sol

@@ -92,6 +92,14 @@ library Accounts {
         return account;
     }
 
+    /// @notice Assert that `account` is not an admin account and return it unchanged.
+    /// @param account Account ID to validate.
+    /// @return The same `account` value if valid.
+    function ensureNotAdmin(bytes32 account) internal pure returns (bytes32) {
+        if (isAdmin(account)) revert InvalidAccount();
+        return account;
+    }
+
     /// @notice Extract the EVM address embedded in an EVM-family account ID.
     /// Reverts if `account` is not an EVM-family account.
     /// @param account EVM-family account ID.

package/utils/Ids.sol

@@ -8,9 +8,9 @@ import {isLocalFamily, matchesBase, toLocalBase} from "./Utils.sol";
 /// @notice Encoding and decoding helpers for 256-bit node identifiers.
 ///
 /// Node IDs share a common layout:
-///   - bits [255:224] — 4-byte type prefix (`Host`, `Command`, or `Remote`)
+///   - bits [255:224] — 4-byte type prefix (`Host`, `Command`, or `Peer`)
 ///   - bits [223:192] — current `block.chainid` (makes IDs chain-local)
-///   - bits [191:160] — 4-byte ABI selector (commands and remotes only)
+///   - bits [191:160] — 4-byte ABI selector (commands and peers only)
 ///   - bits [159:0]   — 160-bit EVM contract address
 library Ids {
     /// @dev Thrown when an ID does not match the expected node type or chain.
@@ -22,8 +22,8 @@ library Ids {
     uint32 constant Host = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Node) << 8) | uint32(Layout.Host);
     /// @dev Full 4-byte type prefix for command nodes.
     uint32 constant Command = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Node) << 8) | uint32(Layout.Command);
-    /// @dev Full 4-byte type prefix for remote nodes.
-    uint32 constant Remote = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Node) << 8) | uint32(Layout.Remote);
+    /// @dev Full 4-byte type prefix for peer nodes.
+    uint32 constant Peer = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Node) << 8) | uint32(Layout.Peer);
     /// @dev Full 4-byte type prefix for query nodes.
     uint32 constant Query = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Node) << 8) | uint32(Layout.Query);
 
@@ -37,9 +37,9 @@ library Ids {
         return uint32(id >> 224) == Command;
     }
 
-    /// @notice Return true if `id` is a remote node ID.
-    function isRemote(uint id) internal pure returns (bool) {
-        return uint32(id >> 224) == Remote;
+    /// @notice Return true if `id` is a peer node ID.
+    function isPeer(uint id) internal pure returns (bool) {
+        return uint32(id >> 224) == Peer;
     }
 
     /// @notice Return true if `id` is a query node ID.
@@ -47,6 +47,11 @@ library Ids {
         return uint32(id >> 224) == Query;
     }
 
+    /// @notice Return true if `id` is a local node ID for this contract.
+    function isLocalNode(uint id) internal view returns (bool) {
+        return isLocalFamily(id, Node) && address(uint160(id)) == address(this);
+    }
+
     /// @notice Assert that `id` is a command ID and return it unchanged.
     /// @param id Node ID to validate.
     /// @return cid The same `id` value if it is a command.
@@ -63,19 +68,19 @@ library Ids {
         return bytes4(uint32(id >> 160));
     }
 
-    /// @notice Assert that `id` is a remote ID and return it unchanged.
+    /// @notice Assert that `id` is a peer ID and return it unchanged.
     /// @param id Node ID to validate.
-    /// @return pid The same `id` value if it is a remote.
-    function remote(uint id) internal pure returns (uint pid) {
-        if (!isRemote(id)) revert InvalidId();
+    /// @return pid The same `id` value if it is a peer.
+    function peer(uint id) internal pure returns (uint pid) {
+        if (!isPeer(id)) revert InvalidId();
         return id;
     }
 
-    /// @notice Assert that `id` is a remote ID and return its embedded ABI selector.
+    /// @notice Assert that `id` is a peer ID and return its embedded ABI selector.
     /// @param id Node ID to validate.
-    /// @return selector 4-byte remote selector stored in bits [191:160].
-    function remoteSelector(uint id) internal pure returns (bytes4 selector) {
-        if (!isRemote(id)) revert InvalidId();
+    /// @return selector 4-byte peer selector stored in bits [191:160].
+    function peerSelector(uint id) internal pure returns (bytes4 selector) {
+        if (!isPeer(id)) revert InvalidId();
         return bytes4(uint32(id >> 160));
     }
 
@@ -121,12 +126,12 @@ library Ids {
         return id;
     }
 
-    /// @notice Build a chain-local remote ID for the given selector and contract.
-    /// @param selector 4-byte ABI selector of the remote entry point.
-    /// @param target Remote contract address.
-    /// @return Remote node ID embedding both the selector and address.
-    function toRemote(bytes4 selector, address target) internal view returns (uint) {
-        uint id = toLocalBase(Remote) | uint(uint160(target));
+    /// @notice Build a chain-local peer ID for the given selector and contract.
+    /// @param selector 4-byte ABI selector of the peer entry point.
+    /// @param target Peer contract address.
+    /// @return Peer node ID embedding both the selector and address.
+    function toPeer(bytes4 selector, address target) internal view returns (uint) {
+        uint id = toLocalBase(Peer) | uint(uint160(target));
         id |= uint(uint32(selector)) << 160;
         return id;
     }
@@ -143,7 +148,7 @@ library Ids {
 
     /// @notice Extract the contract address from any local node ID.
     /// Reverts if `id` does not belong to the local node family.
-    /// @param id Node ID (host, command, or remote).
+    /// @param id Node ID (host, command, or peer).
     /// @return Contract address in the lower 160 bits of `id`.
     function nodeAddr(uint id) internal view returns (address) {
         if (!isLocalFamily(id, Node)) revert InvalidId();
@@ -161,12 +166,12 @@ library Ids {
 }
 
 /// @title Selectors
-/// @notice ABI-selector derivation helpers for command, remote, and query dispatch.
+/// @notice ABI-selector derivation helpers for command, peer, and query dispatch.
 library Selectors {
     /// @dev ABI argument encoding for command entry points: `((bytes32,bytes,bytes))`.
     string constant CommandArgs = "((bytes32,bytes,bytes))";
-    /// @dev ABI argument encoding for remote entry points: `(bytes)`.
-    string constant RemoteArgs = "(bytes)";
+    /// @dev ABI argument encoding for peer entry points: `(bytes)`.
+    string constant PeerArgs = "(bytes)";
     /// @dev ABI argument encoding for query entry points: `(bytes)`.
     string constant QueryArgs = "(bytes)";
 
@@ -178,12 +183,12 @@ library Selectors {
         return bytes4(keccak256(bytes.concat(bytes(name), bytes(CommandArgs))));
     }
 
-    /// @notice Derive the 4-byte ABI selector for a named remote.
-    /// The selector is `keccak256(name ++ RemoteArgs)[0:4]`.
-    /// @param name Remote function name (without arguments).
+    /// @notice Derive the 4-byte ABI selector for a named peer.
+    /// The selector is `keccak256(name ++ PeerArgs)[0:4]`.
+    /// @param name Peer function name (without arguments).
     /// @return 4-byte selector.
-    function remote(string memory name) internal pure returns (bytes4) {
-        return bytes4(keccak256(bytes.concat(bytes(name), bytes(RemoteArgs))));
+    function peer(string memory name) internal pure returns (bytes4) {
+        return bytes4(keccak256(bytes.concat(bytes(name), bytes(PeerArgs))));
     }
 
     /// @notice Derive the 4-byte ABI selector for a named query.

package/utils/Layout.sol

@@ -26,7 +26,7 @@ library Layout {
 
     /// @dev ID encodes an account.
     uint8 constant Account = 0x01;
-    /// @dev ID encodes a network node (host, command, or remote).
+    /// @dev ID encodes a network node (host, command, or peer).
     uint8 constant Node = 0x02;
     /// @dev ID encodes an asset.
     uint8 constant Asset = 0x03;
@@ -50,8 +50,8 @@ library Layout {
     uint8 constant Host = 0x01;
     /// @dev Node is a command contract.
     uint8 constant Command = 0x02;
-    /// @dev Node is a remote contract.
-    uint8 constant Remote = 0x03;
+    /// @dev Node is a peer contract.
+    uint8 constant Peer = 0x03;
     /// @dev Node is a query contract.
     uint8 constant Query = 0x04;
 

package/utils/Utils.sol

@@ -170,7 +170,7 @@ function isFamily(uint value, uint24 family) pure returns (bool) {
 /// @notice Check whether `value` was created on the current chain.
 /// @param value ID to test.
 /// @return True if bits [223:192] of `value` equal `block.chainid`.
-function isLocal(uint value) view returns (bool) {
+function isLocalChain(uint value) view returns (bool) {
     return uint32(value >> 192) == block.chainid;
 }
 
@@ -179,7 +179,7 @@ function isLocal(uint value) view returns (bool) {
 /// @param family Expected 24-bit family tag.
 /// @return True if both the family and chainid fields match.
 function isLocalFamily(uint value, uint24 family) view returns (bool) {
-    return isFamily(value, family) && isLocal(value);
+    return isFamily(value, family) && isLocalChain(value);
 }
 
 /// @notice Check whether two IDs share the same 64-bit base (type tag + chainid).

package/events/Remote.sol

@@ -1,24 +0,0 @@
-// SPDX-License-Identifier: GPL-3.0-only
-pragma solidity ^0.8.33;
-
-import { EventEmitter } from "./Emitter.sol";
-
-string constant ABI =
-    "event Remote(uint indexed host, uint id, string name, string request, bool acceptsValue)";
-
-/// @notice Emitted once per remote during host deployment to publish its request schema.
-abstract contract RemoteEvent is EventEmitter {
-    /// @param host Host node ID that owns this remote.
-    /// @param id Remote node ID.
-    /// @param name Human-readable remote name.
-    /// @param request Schema DSL string describing the remote request shape.
-    /// @param acceptsValue Whether the remote entrypoint accepts nonzero `msg.value`.
-    event Remote(uint indexed host, uint id, string name, string request, bool acceptsValue);
-
-    constructor() {
-        emit EventAbi(ABI);
-    }
-}
-
-
-

package/remote/AllowAssets.sol

@@ -1,39 +0,0 @@
-// SPDX-License-Identifier: GPL-3.0-only
-pragma solidity ^0.8.33;
-
-import { RemoteBase } from "./Base.sol";
-import { AllowAssetsHook } from "../commands/control/AllowAssets.sol";
-import { Cursors, Cur, Schemas } from "../Cursors.sol";
-
-using Cursors for Cur;
-
-string constant NAME = "remoteAllowAssets";
-
-/// @title RemoteAllowAssets
-/// @notice Remote that permits a list of (asset, meta) pairs on behalf of a remote host.
-/// Each ASSET block in the request calls `allowAsset`. Restricted to trusted remotes.
-abstract contract RemoteAllowAssets is RemoteBase, AllowAssetsHook {
-    uint internal immutable remoteAllowAssetsId = remoteId(NAME);
-
-    constructor() {
-        emit Remote(host, remoteAllowAssetsId, NAME, Schemas.Asset, false);
-    }
-
-    /// @notice Execute the allow-assets remote call.
-    function remoteAllowAssets(bytes calldata request) external onlyRemote returns (bytes memory) {
-        (Cur memory assets, , ) = cursor(request, 1);
-
-        while (assets.i < assets.bound) {
-            (bytes32 asset, bytes32 meta) = assets.unpackAsset();
-            allowAsset(asset, meta);
-        }
-
-        assets.complete();
-        return "";
-    }
-}
-
-
-
-
-

package/remote/Allowance.sol

@@ -1,36 +0,0 @@
-// SPDX-License-Identifier: GPL-3.0-only
-pragma solidity ^0.8.33;
-
-import {RemoteBase} from "./Base.sol";
-import {AllowanceHook} from "../commands/control/Allowance.sol";
-import {Cursors, Cur, Schemas} from "../Cursors.sol";
-
-using Cursors for Cur;
-
-string constant NAME = "remoteAllowance";
-
-/// @title RemoteAllowance
-/// @notice Remote that lets a trusted remote host request or refresh its own allowance.
-/// Each AMOUNT block in the request is scoped to the remote host and passed to the
-/// shared allowance hook as a host-scoped allowance. Restricted to trusted remotes.
-abstract contract RemoteAllowance is RemoteBase, AllowanceHook {
-    uint internal immutable remoteAllowanceId = remoteId(NAME);
-
-    constructor() {
-        emit Remote(host, remoteAllowanceId, NAME, Schemas.Amount, false);
-    }
-
-    /// @notice Execute the allowance remote call.
-    function remoteAllowance(bytes calldata request) external onlyRemote returns (bytes memory) {
-        (Cur memory amounts, , ) = cursor(request, 1);
-        uint remote = caller();
-
-        while (amounts.i < amounts.bound) {
-            (bytes32 asset, bytes32 meta, uint amount) = amounts.unpackAmount();
-            allowance(remote, asset, meta, amount);
-        }
-
-        amounts.complete();
-        return "";
-    }
-}

package/remote/AssetPull.sol

@@ -1,44 +0,0 @@
-// SPDX-License-Identifier: GPL-3.0-only
-pragma solidity ^0.8.33;
-
-import {RemoteBase} from "./Base.sol";
-import {Cursors, Cur, Schemas} from "../Cursors.sol";
-
-string constant NAME = "remoteAssetPull";
-
-using Cursors for Cur;
-
-abstract contract AssetPullHook {
-    /// @notice Override to process one incoming amount-based asset pull request from a remote host.
-    /// @param remote Remote host node ID for this request.
-    /// @param asset Requested asset identifier.
-    /// @param meta Requested asset metadata slot.
-    /// @param amount Requested amount in the asset's native units.
-    function assetPull(uint remote, bytes32 asset, bytes32 meta, uint amount) internal virtual;
-}
-
-/// @title RemoteAssetPull
-/// @notice Remote that pulls requested asset amounts from a remote host into this one.
-/// Each AMOUNT block in the request calls `assetPull(remote, asset, meta, amount)`.
-/// Restricted to trusted remotes.
-abstract contract RemoteAssetPull is RemoteBase, AssetPullHook {
-    uint internal immutable remoteAssetPullId = remoteId(NAME);
-
-    constructor() {
-        emit Remote(host, remoteAssetPullId, NAME, Schemas.Amount, false);
-    }
-
-    /// @notice Execute the asset-pull remote call.
-    function remoteAssetPull(bytes calldata request) external onlyRemote returns (bytes memory) {
-        (Cur memory assets, , ) = cursor(request, 1);
-        uint remote = caller();
-
-        while (assets.i < assets.bound) {
-            (bytes32 asset, bytes32 meta, uint amount) = assets.unpackAmount();
-            assetPull(remote, asset, meta, amount);
-        }
-
-        assets.complete();
-        return "";
-    }
-}

package/remote/Base.sol

@@ -1,40 +0,0 @@
-// SPDX-License-Identifier: GPL-3.0-only
-pragma solidity ^0.8.33;
-
-import { NodeCalls } from "../core/Calls.sol";
-import { RemoteEvent } from "../events/Remote.sol";
-import { Ids, Selectors } from "../utils/Ids.sol";
-
-/// @notice ABI-encode a remote call from a target remote ID and request block stream.
-/// @dev Derives the function selector from `target` via `Ids.remoteSelector(target)`.
-/// Reverts if `target` is not a valid remote ID.
-/// @param target Destination remote node ID embedding the target selector.
-/// @param request Input block stream for the remote invocation.
-/// @return ABI-encoded calldata for the remote entry point.
-function encodeRemoteCall(uint target, bytes calldata request) pure returns (bytes memory) {
-    bytes4 selector = Ids.remoteSelector(target);
-    return abi.encodeWithSelector(selector, request);
-}
-
-/// @title RemoteBase
-/// @notice Abstract base for all rootzero remote contracts.
-/// Remotes handle inter-host operations and asset allow/deny management
-/// between cooperating hosts. Access is restricted to trusted callers via `onlyRemote`.
-abstract contract RemoteBase is NodeCalls, RemoteEvent {
-    /// @dev Thrown when the commander attempts to call a remote entrypoint directly.
-    error CommanderNotAllowed();
-
-    /// @dev Restrict execution to trusted callers, excluding the commander.
-    modifier onlyRemote() {
-        if (msg.sender == commander) revert CommanderNotAllowed();
-        enforceCaller(msg.sender);
-        _;
-    }
-
-    /// @notice Derive the deterministic node ID for a named remote on this contract.
-    /// @param name Remote function name (without argument list).
-    /// @return Remote node ID.
-    function remoteId(string memory name) internal view returns (uint) {
-        return Ids.toRemote(Selectors.remote(name), address(this));
-    }
-}

package/remote/DenyAssets.sol

@@ -1,39 +0,0 @@
-// SPDX-License-Identifier: GPL-3.0-only
-pragma solidity ^0.8.33;
-
-import {RemoteBase} from "./Base.sol";
-import {DenyAssetsHook} from "../commands/control/DenyAssets.sol";
-import {Cursors, Cur, Schemas} from "../Cursors.sol";
-
-using Cursors for Cur;
-
-string constant NAME = "remoteDenyAssets";
-
-/// @title RemoteDenyAssets
-/// @notice Remote that blocks a list of (asset, meta) pairs on behalf of a remote host.
-/// Each ASSET block in the request calls `denyAsset`. Restricted to trusted remotes.
-abstract contract RemoteDenyAssets is RemoteBase, DenyAssetsHook {
-    uint internal immutable remoteDenyAssetsId = remoteId(NAME);
-
-    constructor() {
-        emit Remote(host, remoteDenyAssetsId, NAME, Schemas.Asset, false);
-    }
-
-    /// @notice Execute the deny-assets remote call.
-    function remoteDenyAssets(bytes calldata request) external onlyRemote returns (bytes memory) {
-        (Cur memory assets, , ) = cursor(request, 1);
-
-        while (assets.i < assets.bound) {
-            (bytes32 asset, bytes32 meta) = assets.unpackAsset();
-            denyAsset(asset, meta);
-        }
-
-        assets.complete();
-        return "";
-    }
-}
-
-
-
-
-