@rootzero/contracts 1.1.0 → 1.3.0

package/commands/admin/Unauthorize.sol

@@ -11,12 +11,11 @@ using Cursors for Cur;
 /// Each NODE block in the request is deauthorized on the host.
 /// Only callable by the admin account.
 abstract contract Unauthorize is CommandBase, AdminEvent {
-    string private constant NAME = "unauthorize";
-
-    uint internal immutable unauthorizeId = commandId(NAME);
+    uint internal immutable unauthorizeId = commandId(this.unauthorize.selector);
 
     constructor() {
-        emit Admin(host, unauthorizeId, NAME, "1:0:0", Schemas.Node, Keys.Empty, Keys.Empty, false, false);
+        emit Admin(host, unauthorizeId, "1:0:0", Schemas.Node, Keys.Empty, Keys.Empty, false);
+        emit Labeled(unauthorizeId, bytes32(0), "unauthorize");
     }
 
     /// @notice Unauthorize each NODE block in the admin request.
@@ -25,7 +24,7 @@ abstract contract Unauthorize is CommandBase, AdminEvent {
     function unauthorize(
         CommandContext calldata c
     ) external onlyAdmin(c.account) returns (bytes memory) {
-        (Cur memory request, , ) = Cursors.init(c.request, 0, 1);
+        (Cur memory request, , ) = Cursors.init(c.request, 1);
 
         while (request.i < request.len) {
             uint node = request.unpackNode();

package/core/Host.sol

@@ -7,6 +7,7 @@ import {Authorize} from "../commands/admin/Authorize.sol";
 import {Dismiss} from "../commands/admin/Dismiss.sol";
 import {Unauthorize} from "../commands/admin/Unauthorize.sol";
 import {ExecutePayable} from "../commands/admin/Execute.sol";
+import {Label} from "../commands/admin/Label.sol";
 import {Revoke} from "../guards/Revoke.sol";
 import {IntroductionEvent} from "../events/Introduction.sol";
 import {Ids} from "../utils/Ids.sol";
@@ -17,9 +18,7 @@ interface IHostIntroduction {
     /// @notice Record a host introduction claim.
     /// @param peer Host node ID being introduced.
     /// @param blocknum Block number at which the introduction was made.
-    /// @param version Protocol version the host is running.
-    /// @param namespace Human-readable namespace or label for the host.
-    function introduce(uint peer, uint blocknum, uint16 version, string calldata namespace) external;
+    function introduce(uint peer, uint blocknum) external;
 }
 
 /// @title Host
@@ -34,6 +33,7 @@ abstract contract Host is
     Revoke,
     Appoint,
     Dismiss,
+    Label,
     ExecutePayable,
     IntroductionEvent,
     IHostIntroduction
@@ -41,21 +41,17 @@ abstract contract Host is
     /// @param cmdr Commander address; passed to `AccessControl`.
     ///        If `cmdr` is a deployed contract, the host calls `introduce`
     ///        on it during construction.
-    /// @param version Protocol version number to publish in the announcement.
-    /// @param namespace Human-readable namespace string for the host.
-    constructor(address cmdr, uint16 version, string memory namespace) AccessControl(cmdr) {
+    constructor(address cmdr) AccessControl(cmdr) {
         if (cmdr == address(0) || cmdr == address(this) || cmdr.code.length == 0) return;
-        IHostIntroduction(cmdr).introduce(host, block.number, version, namespace);
+        IHostIntroduction(cmdr).introduce(host, block.number);
     }
 
     /// @notice Record a host introduction claim.
     /// @dev Validates that `peer` matches `msg.sender`; it does not authorize or trust the introduced host.
     /// @param peer Host node ID being introduced.
     /// @param blocknum Block number at which the host was deployed.
-    /// @param version Protocol version the host implements.
-    /// @param namespace Human-readable namespace string for the host.
-    function introduce(uint peer, uint blocknum, uint16 version, string calldata namespace) external {
-        emit Introduction(Ids.matchHost(peer, msg.sender), blocknum, version, namespace);
+    function introduce(uint peer, uint blocknum) external {
+        emit Introduction(Ids.matchHost(peer, msg.sender), blocknum);
     }
 
     /// @notice Accept native ETH transfers (e.g. from command value flows).

package/core/Pipeline.sol

@@ -42,7 +42,7 @@ abstract contract Pipeline is Payable {
         bytes calldata steps,
         Budget memory budget
     ) internal {
-        (Cur memory input, , ) = Cursors.init(steps, 0, 1);
+        (Cur memory input, , ) = Cursors.init(steps, 1);
 
         while (input.i < input.len) {
             (uint target, uint resources, bytes calldata request) = input.unpackStep();

package/docs/Schema.md

@@ -101,6 +101,11 @@ the whole batch and are not counted as per-operation prime blocks.
 The prime item cannot be optional. If a command needs a per-operation marker with
 no payload, use a zero-payload block such as `#unit`.
 
+Command request and state streams currently use a narrower convention than the
+full block grammar: each is a single run of blocks, without additional global
+items. Future protocol surfaces may use the more flexible top-level structure,
+but command discovery metadata should describe only that one-run shape.
+
 ## Aliases
 
 Aliases are presentation metadata for tooling. They do not change payload layout
@@ -113,6 +118,53 @@ maybe #account { bytes32 account } as recipient
 
 Aliases may be used on any block item, including child blocks and prime items.
 
+## Field Paths
+
+Field names and aliases may use dotted paths for offchain projection. A dotted
+path does not change the block key, payload bytes, payload length, cursor
+behavior, or any onchain validation. It is metadata only.
+
+```txt
+#dispatch { uint dst.chain, uint dst.resources, #bytes as dst.payload }
+```
+
+This has the same runtime layout as:
+
+```txt
+#dispatch { uint chain, uint resources, #bytes as payload }
+```
+
+Offchain tooling may decode the dotted form into a nested object:
+
+```ts
+{
+  dst: {
+    chain,
+    resources,
+    payload
+  }
+}
+```
+
+Encoding and decoding must still follow schema declaration order, not object
+property order. Fields with the same path prefix do not need to be contiguous,
+although contiguous fields are easier to read when they represent one logical
+object.
+
+Tooling should reject duplicate full paths and prefix/value collisions:
+
+```txt
+uint dst.chain, uint dst.chain      // duplicate path
+uint dst, uint dst.chain            // prefix/value collision
+```
+
+The same rule applies to block aliases:
+
+```txt
+#call { uint target, uint resources, #bytes as calldata.payload }
+maybe #account { bytes32 account } as recipient.account
+```
+
 ## Field Types
 
 Supported field types are chain-neutral:
@@ -140,10 +192,12 @@ endowment in wei; higher bits are reserved for execution resources such as gas.
 
 ## Identifiers
 
-Block names, field names, and aliases use lower camelCase ASCII identifiers:
+Block names use lower camelCase ASCII identifiers. Field names and aliases use
+one or more lower camelCase path segments separated by dots:
 
 ```txt
 [a-z][a-zA-Z0-9]*
+[a-z][a-zA-Z0-9]*(\.[a-z][a-zA-Z0-9]*)*
 ```
 
 Invalid examples:
@@ -153,10 +207,13 @@ Amount
 asset_meta
 asset-meta
 0account
+asset.
+.asset
 ```
 
 Reserved words include `maybe`, `many`, `as`, all field type names, and the
-reserved block names `bytes`, `data`, and `list`.
+reserved block names `bytes`, `data`, and `list`. For dotted paths, reserved
+words are invalid in any path segment.
 
 ## Reserved Blocks
 

package/events/Admin.sol

@@ -1,34 +1,28 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { EventEmitter } from "./Emitter.sol";
+import {EventEmitter} from "./Emitter.sol";
 
 /// @notice Emitted once per admin command during host deployment to publish its request schema and state keys.
 abstract contract AdminEvent is EventEmitter {
     string private constant ABI =
-        "event Admin(uint indexed host, uint id, string name, bytes32 shape, string request, bytes4 state, bytes4 output, bool postcheck, bool funded)";
+        "event Admin(uint indexed host, uint id, bytes32 shape, string request, bytes4 state, bytes4 output, bool funded)";
 
     /// @param host Host node ID that owns this admin command.
     /// @param id Command node ID.
-    /// @param name Human-readable command name.
     /// @param shape Per-operation block counts encoded as `request:state:output`.
-    /// The request count covers only the input request run. If `postcheck` is true,
-    /// a constraint run follows the input run, or starts the request when `request`
-    /// is empty. State globals may follow the state run and are excluded.
+    /// Request and state are each a single run of blocks under the current command convention.
     /// @param request Schema DSL string describing the input request run, or empty if none.
     /// @param state Block key expected for input state, `Keys.Empty`, or `Keys.Any`.
     /// @param output Block key produced for output state, or `Keys.Empty`.
-    /// @param postcheck Whether command output is validated after execution.
     /// @param funded Whether the command entrypoint accepts nonzero `msg.value`.
     event Admin(
         uint indexed host,
         uint id,
-        string name,
         bytes32 shape,
         string request,
         bytes4 state,
         bytes4 output,
-        bool postcheck,
         bool funded
     );
 

package/events/Chain.sol

@@ -5,14 +5,13 @@ import {EventEmitter} from "./Emitter.sol";
 
 /// @notice Emitted when a chain/domain node is announced.
 abstract contract ChainEvent is EventEmitter {
-    string private constant ABI = "event Chain(uint indexed chain, bytes32 native, uint commander, bytes32 admin, string name)";
+    string private constant ABI = "event Chain(uint indexed chain, bytes32 native, uint commander, bytes32 admin)";
 
     /// @param chain Chain node ID.
     /// @param native Native asset ID for the chain.
     /// @param commander Commander host node ID for the chain.
     /// @param admin Admin account for the commander host on the chain.
-    /// @param name Chain or domain name.
-    event Chain(uint indexed chain, bytes32 native, uint commander, bytes32 admin, string name);
+    event Chain(uint indexed chain, bytes32 native, uint commander, bytes32 admin);
 
     constructor() {
         emit EventAbi(ABI);

package/events/Command.sol

@@ -1,34 +1,28 @@
 // SPDX-License-Identifier: GPL-3.0-only
 pragma solidity ^0.8.33;
 
-import { EventEmitter } from "./Emitter.sol";
+import {EventEmitter} from "./Emitter.sol";
 
 /// @notice Emitted once per command during host deployment to publish its request schema and state keys.
 abstract contract CommandEvent is EventEmitter {
     string private constant ABI =
-        "event Command(uint indexed host, uint id, string name, bytes32 shape, string request, bytes4 state, bytes4 output, bool postcheck, bool funded)";
+        "event Command(uint indexed host, uint id, bytes32 shape, string request, bytes4 state, bytes4 output, bool funded)";
 
     /// @param host Host node ID that owns this command.
     /// @param id Command node ID.
-    /// @param name Human-readable command name.
     /// @param shape Per-operation block counts encoded as `request:state:output`.
-    /// The request count covers only the input request run. If `postcheck` is true,
-    /// a constraint run follows the input run, or starts the request when `request`
-    /// is empty. State globals may follow the state run and are excluded.
+    /// Request and state are each a single run of blocks under the current command convention.
     /// @param request Schema string describing the input request run, or empty if none.
     /// @param state Block key expected for input state, `Keys.Empty`, or `Keys.Any`.
     /// @param output Block key produced for output state, or `Keys.Empty`.
-    /// @param postcheck Whether command output is validated after execution.
     /// @param funded Whether the command entrypoint accepts nonzero `msg.value`.
     event Command(
         uint indexed host,
         uint id,
-        string name,
         bytes32 shape,
         string request,
         bytes4 state,
         bytes4 output,
-        bool postcheck,
         bool funded
     );
 

package/events/Guard.sol

@@ -5,13 +5,12 @@ import {EventEmitter} from "./Emitter.sol";
 
 /// @notice Emitted once per guard action during host deployment to publish its request schema.
 abstract contract GuardEvent is EventEmitter {
-    string private constant ABI = "event Guard(uint indexed host, uint id, string name, string request)";
+    string private constant ABI = "event Guard(uint indexed host, uint id, string request)";
 
     /// @param host Host node ID that owns this guard action.
     /// @param id Guard action node ID.
-    /// @param name Human-readable guard action name.
     /// @param request Schema DSL string describing the guard action request shape.
-    event Guard(uint indexed host, uint id, string name, string request);
+    event Guard(uint indexed host, uint id, string request);
 
     constructor() {
         emit EventAbi(ABI);

package/events/Introduction.sol

@@ -5,13 +5,11 @@ import { EventEmitter } from "./Emitter.sol";
 
 /// @notice Emitted when a host introduces itself to another host.
 abstract contract IntroductionEvent is EventEmitter {
-    string private constant ABI = "event Introduction(uint indexed host, uint blocknum, uint16 version, string namespace)";
+    string private constant ABI = "event Introduction(uint indexed host, uint blocknum)";
 
     /// @param host Host node ID of the introducing contract.
     /// @param blocknum Block number at which the host was deployed.
-    /// @param version Protocol version the host implements.
-    /// @param namespace Human-readable namespace string for the host.
-    event Introduction(uint indexed host, uint blocknum, uint16 version, string namespace);
+    event Introduction(uint indexed host, uint blocknum);
 
     constructor() {
         emit EventAbi(ABI);

package/events/Labeled.sol

@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {EventEmitter} from "./Emitter.sol";
+
+/// @notice Emitted to attach a human-readable namespaced label to a node ID.
+/// @dev Labels are claims by the emitting contract. Any contract may emit a
+/// label for any ID, so off-chain indexers must decide which emitters are
+/// trusted for each labeled ID or namespace.
+abstract contract LabeledEvent is EventEmitter {
+    string private constant ABI = "event Labeled(uint indexed id, bytes32 namespace, string name)";
+
+    /// @param id Node or capability ID being labeled.
+    /// @param namespace Label namespace.
+    /// @param name Human-readable name within the namespace.
+    event Labeled(uint indexed id, bytes32 namespace, string name);
+
+    constructor() {
+        emit EventAbi(ABI);
+    }
+}

package/events/Peer.sol

@@ -6,24 +6,15 @@ import {EventEmitter} from "./Emitter.sol";
 /// @notice Emitted once per peer during host deployment to publish its request and response schemas.
 abstract contract PeerEvent is EventEmitter {
     string private constant ABI =
-        "event Peer(uint indexed host, uint id, string name, bytes32 shape, string request, string response, bool funded)";
+        "event Peer(uint indexed host, uint id, bytes32 shape, string request, string response, bool funded)";
 
     /// @param host Host node ID that owns this peer.
     /// @param id Peer node ID.
-    /// @param name Human-readable peer name.
     /// @param shape Per-operation block counts encoded as `request:response`.
     /// @param request Schema DSL string describing the input request run, or empty if none.
     /// @param response Schema DSL string describing the peer response shape.
     /// @param funded Whether the peer entrypoint accepts nonzero `msg.value`.
-    event Peer(
-        uint indexed host,
-        uint id,
-        string name,
-        bytes32 shape,
-        string request,
-        string response,
-        bool funded
-    );
+    event Peer(uint indexed host, uint id, bytes32 shape, string request, string response, bool funded);
 
     constructor() {
         emit EventAbi(ABI);

package/events/Query.sol

@@ -5,15 +5,14 @@ import {EventEmitter} from "./Emitter.sol";
 
 /// @notice Emitted once per query during host deployment to publish its request and response schemas.
 abstract contract QueryEvent is EventEmitter {
-    string private constant ABI = "event Query(uint indexed host, uint id, string name, bytes32 shape, string request, string response)";
+    string private constant ABI = "event Query(uint indexed host, uint id, bytes32 shape, string request, string response)";
 
     /// @param host Host node ID that owns this query.
     /// @param id Query node ID.
-    /// @param name Human-readable query name.
     /// @param shape Per-operation block counts encoded as `request:response`.
     /// @param request Schema DSL string describing the input request run, or empty if none.
     /// @param response Schema DSL string describing the query response shape.
-    event Query(uint indexed host, uint id, string name, bytes32 shape, string request, string response);
+    event Query(uint indexed host, uint id, bytes32 shape, string request, string response);
 
     constructor() {
         emit EventAbi(ABI);

package/events/Transfer.sol

@@ -5,7 +5,7 @@ import { EventEmitter } from "./Emitter.sol";
 
 /// @notice Emitted when an asset moves from one account to another.
 abstract contract TransferEvent is EventEmitter {
-    string private constant ABI = "event Transfer(bytes32 indexed from, bytes32 to, bytes32 asset, bytes32 meta, uint amount, uint32 action, uint context)";
+    string private constant ABI = "event Transfer(bytes32 indexed account, bytes32 to, bytes32 asset, bytes32 meta, uint amount, uint32 action, uint context)";
 
     /// @param account Source account identifier.
     /// @param to Destination account identifier.

package/guards/Base.sol

@@ -3,7 +3,8 @@ pragma solidity ^0.8.33;
 
 import {AccessControl} from "../core/Access.sol";
 import {GuardEvent} from "../events/Guard.sol";
-import {Ids, Selectors} from "../utils/Ids.sol";
+import {LabeledEvent} from "../events/Labeled.sol";
+import {Ids} from "../utils/Ids.sol";
 
 /// @notice ABI-encode a guard action call from a target guard ID and request block stream.
 /// @dev Derives the function selector from `target` via `Ids.guardSelector(target)`.
@@ -19,17 +20,17 @@ function encodeGuardCall(uint target, bytes calldata request) pure returns (byte
 /// @title GuardBase
 /// @notice Abstract base for guardian-only direct host actions.
 /// Guard actions are non-payable direct calls with no command context, state, or response.
-abstract contract GuardBase is AccessControl, GuardEvent {
+abstract contract GuardBase is AccessControl, GuardEvent, LabeledEvent {
     /// @dev Restrict execution to active guardian addresses.
     modifier onlyGuardian() {
         if (!isGuardian(msg.sender)) revert AccessDenied();
         _;
     }
 
-    /// @notice Derive the deterministic node ID for a named guard action on this contract.
-    /// @param name Guard action function name (without argument list).
+    /// @notice Derive the deterministic node ID for a guard action selector on this contract.
+    /// @param selector Guard action entrypoint selector.
     /// @return Guard action node ID.
-    function guardId(string memory name) internal view returns (uint) {
-        return Ids.toGuard(Selectors.guard(name), address(this));
+    function guardId(bytes4 selector) internal view returns (uint) {
+        return Ids.toGuard(selector, address(this));
     }
 }

package/guards/Revoke.sol

@@ -10,16 +10,15 @@ using Cursors for Cur;
 /// Each NODE block in the request is deauthorized on the host.
 /// Only callable by active guardian addresses.
 abstract contract Revoke is GuardBase {
-    string private constant NAME = "revoke";
-
-    uint internal immutable revokeId = guardId(NAME);
+    uint internal immutable revokeId = guardId(this.revoke.selector);
 
     constructor() {
-        emit Guard(host, revokeId, NAME, Schemas.Node);
+        emit Guard(host, revokeId, Schemas.Node);
+        emit Labeled(revokeId, bytes32(0), "revoke");
     }
 
     function revoke(bytes calldata request) external onlyGuardian {
-        (Cur memory input, , ) = Cursors.init(request, 0, 1);
+        (Cur memory input, , ) = Cursors.init(request, 1);
 
         while (input.i < input.len) {
             uint node = input.unpackNode();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rootzero/contracts",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "Solidity contracts and protocol building blocks for rootzero hosts and commands.",
   "private": false,
   "license": "GPL-3.0-only",

package/peer/AllowAssets.sol

@@ -7,22 +7,26 @@ import { Cursors, Cur, Schemas } from "../Cursors.sol";
 
 using Cursors for Cur;
 
+interface IPeerAllowAssets {
+    function peerAllowAssets(bytes calldata request) external returns (bytes memory);
+}
+
 /// @title PeerAllowAssets
 /// @notice Peer that permits a list of (asset, meta) pairs on behalf of a peer host.
 /// Each ASSET block in the request calls `allowAsset`. Restricted to trusted peers.
-abstract contract PeerAllowAssets is PeerBase, AllowAssetsHook {
-    string private constant NAME = "peerAllowAssets";
-    uint internal immutable peerAllowAssetsId = peerId(NAME);
+abstract contract PeerAllowAssets is PeerBase, AllowAssetsHook, IPeerAllowAssets {
+    uint internal immutable peerAllowAssetsId = peerId(this.peerAllowAssets.selector);
 
     constructor() {
-        emit Peer(host, peerAllowAssetsId, NAME, "1:0", Schemas.Asset, "", false);
+        emit Peer(host, peerAllowAssetsId, "1:0", Schemas.Asset, "", false);
+        emit Labeled(peerAllowAssetsId, bytes32(0), "peerAllowAssets");
     }
 
     /// @notice Execute the allow-assets peer call.
     /// @param request ASSET block stream supplied by the trusted peer.
     /// @return Empty response bytes.
     function peerAllowAssets(bytes calldata request) external onlyPeer returns (bytes memory) {
-        (Cur memory assets, , ) = Cursors.init(request, 0, 1);
+        (Cur memory assets, , ) = Cursors.init(request, 1);
 
         while (assets.i < assets.len) {
             (bytes32 asset, bytes32 meta) = assets.unpackAsset();

package/peer/Allowance.sol

@@ -7,23 +7,27 @@ import {Cursors, Cur, Schemas} from "../Cursors.sol";
 
 using Cursors for Cur;
 
+interface IPeerAllowance {
+    function peerAllowance(bytes calldata request) external returns (bytes memory);
+}
+
 /// @title PeerAllowance
 /// @notice Peer that lets a trusted peer host request or refresh its own allowance.
 /// Each AMOUNT block in the request is scoped to the peer host and passed to the
 /// shared allowance hook as a host-scoped allowance. Restricted to trusted peers.
-abstract contract PeerAllowance is PeerBase, AllowanceHook {
-    string private constant NAME = "peerAllowance";
-    uint internal immutable peerAllowanceId = peerId(NAME);
+abstract contract PeerAllowance is PeerBase, AllowanceHook, IPeerAllowance {
+    uint internal immutable peerAllowanceId = peerId(this.peerAllowance.selector);
 
     constructor() {
-        emit Peer(host, peerAllowanceId, NAME, "1:0", Schemas.Amount, "", false);
+        emit Peer(host, peerAllowanceId, "1:0", Schemas.Amount, "", false);
+        emit Labeled(peerAllowanceId, bytes32(0), "peerAllowance");
     }
 
     /// @notice Execute the allowance peer call.
     /// @param request AMOUNT block stream requested by the trusted peer.
     /// @return Empty response bytes.
     function peerAllowance(bytes calldata request) external onlyPeer returns (bytes memory) {
-        (Cur memory amounts, , ) = Cursors.init(request, 0, 1);
+        (Cur memory amounts, , ) = Cursors.init(request, 1);
         uint peer = caller();
 
         while (amounts.i < amounts.len) {

package/peer/BalancePull.sol

@@ -6,6 +6,10 @@ import {Cursors, Cur, Schemas} from "../Cursors.sol";
 
 using Cursors for Cur;
 
+interface IPeerBalancePull {
+    function peerBalancePull(bytes calldata request) external returns (bytes memory);
+}
+
 abstract contract BalancePullHook {
     /// @notice Override to process one incoming balance-based pull request from a peer host.
     /// @param peer Peer host node ID for this request.
@@ -19,19 +23,19 @@ abstract contract BalancePullHook {
 /// @notice Peer that pulls requested balances from a peer host into this one.
 /// Each BALANCE block in the request calls `balancePull(peer, asset, meta, amount)`.
 /// Restricted to trusted peers.
-abstract contract PeerBalancePull is PeerBase, BalancePullHook {
-    string private constant NAME = "peerBalancePull";
-    uint internal immutable peerBalancePullId = peerId(NAME);
+abstract contract PeerBalancePull is PeerBase, BalancePullHook, IPeerBalancePull {
+    uint internal immutable peerBalancePullId = peerId(this.peerBalancePull.selector);
 
     constructor() {
-        emit Peer(host, peerBalancePullId, NAME, "1:0", Schemas.Balance, "", false);
+        emit Peer(host, peerBalancePullId, "1:0", Schemas.Balance, "", false);
+        emit Labeled(peerBalancePullId, bytes32(0), "peerBalancePull");
     }
 
     /// @notice Execute the balance-pull peer call.
     /// @param request BALANCE block stream requested by the trusted peer.
     /// @return Empty response bytes.
     function peerBalancePull(bytes calldata request) external onlyPeer returns (bytes memory) {
-        (Cur memory input, , ) = Cursors.init(request, 0, 1);
+        (Cur memory input, , ) = Cursors.init(request, 1);
         uint peer = caller();
 
         while (input.i < input.len) {

package/peer/Base.sol

@@ -3,7 +3,8 @@ pragma solidity ^0.8.33;
 
 import { NodeCalls } from "../core/Calls.sol";
 import { PeerEvent } from "../events/Peer.sol";
-import { Ids, Selectors } from "../utils/Ids.sol";
+import { LabeledEvent } from "../events/Labeled.sol";
+import { Ids } from "../utils/Ids.sol";
 
 /// @notice ABI-encode a peer call from a target peer ID and request block stream.
 /// @dev Derives the function selector from `target` via `Ids.peerSelector(target)`.
@@ -20,7 +21,7 @@ function encodePeerCall(uint target, bytes calldata request) pure returns (bytes
 /// @notice Abstract base for all rootzero peer contracts.
 /// Peers handle inter-host operations and asset allow/deny management
 /// between cooperating hosts. Access is restricted to trusted callers via `onlyPeer`.
-abstract contract PeerBase is NodeCalls, PeerEvent {
+abstract contract PeerBase is NodeCalls, PeerEvent, LabeledEvent {
     /// @dev Thrown when the commander attempts to call a peer entrypoint directly.
     error CommanderNotAllowed();
 
@@ -31,10 +32,10 @@ abstract contract PeerBase is NodeCalls, PeerEvent {
         _;
     }
 
-    /// @notice Derive the deterministic node ID for a named peer on this contract.
-    /// @param name Peer function name (without argument list).
+    /// @notice Derive the deterministic node ID for a peer selector on this contract.
+    /// @param selector Peer entrypoint selector.
     /// @return Peer node ID.
-    function peerId(string memory name) internal view returns (uint) {
-        return Ids.toPeer(Selectors.peer(name), address(this));
+    function peerId(bytes4 selector) internal view returns (uint) {
+        return Ids.toPeer(selector, address(this));
     }
 }

package/peer/Credit.sol

@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import { PeerBase } from "./Base.sol";
+import { CreditAccountHook } from "../commands/Credit.sol";
+import { Cursors, Cur, Forms } from "../Cursors.sol";
+
+using Cursors for Cur;
+
+interface IPeerCreditTo {
+    function peerCreditTo(bytes calldata request) external returns (bytes memory);
+}
+
+/// @title PeerCreditTo
+/// @notice Peer that lets a trusted peer credit supplied accounts directly.
+/// Each ACCOUNT_AMOUNT block calls `creditAccount` for its account.
+abstract contract PeerCreditTo is PeerBase, CreditAccountHook, IPeerCreditTo {
+    uint internal immutable peerCreditToId = peerId(this.peerCreditTo.selector);
+
+    constructor() {
+        emit Peer(host, peerCreditToId, "1:0", Forms.AccountAmount, "", false);
+        emit Labeled(peerCreditToId, bytes32(0), "peerCreditTo");
+    }
+
+    /// @notice Execute the peer-credit call.
+    /// @param request ACCOUNT_AMOUNT block stream supplied by the trusted peer.
+    /// @return Empty response bytes.
+    function peerCreditTo(bytes calldata request) external onlyPeer returns (bytes memory) {
+        (Cur memory amounts, , ) = Cursors.init(request, 1);
+
+        while (amounts.i < amounts.len) {
+            (bytes32 account, bytes32 asset, bytes32 meta, uint amount) = amounts.unpackAccountAmount();
+            creditAccount(account, asset, meta, amount);
+        }
+
+        amounts.complete();
+        return "";
+    }
+}