@rootzero/contracts 1.3.0 → 1.5.0

package/peer/DenyAssets.sol

@@ -12,7 +12,7 @@ interface IPeerDenyAssets {
 }
 
 /// @title PeerDenyAssets
-/// @notice Peer that blocks a list of (asset, meta) pairs on behalf of a peer host.
+/// @notice Peer that blocks a list of assets on behalf of a peer host.
 /// Each ASSET block in the request calls `denyAsset`. Restricted to trusted peers.
 abstract contract PeerDenyAssets is PeerBase, DenyAssetsHook, IPeerDenyAssets {
     uint internal immutable peerDenyAssetsId = peerId(this.peerDenyAssets.selector);
@@ -29,8 +29,8 @@ abstract contract PeerDenyAssets is PeerBase, DenyAssetsHook, IPeerDenyAssets {
         (Cur memory assets, , ) = Cursors.init(request, 1);
 
         while (assets.i < assets.len) {
-            (bytes32 asset, bytes32 meta) = assets.unpackAsset();
-            denyAsset(asset, meta);
+            bytes32 asset = assets.unpackAsset();
+            denyAsset(asset);
         }
 
         assets.complete();

package/peer/Recover.sol

@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {PeerBase} from "./Base.sol";
+import {Cursors, Cur, Schemas} from "../Cursors.sol";
+
+using Cursors for Cur;
+
+interface IPeerRecover {
+    function peerRecover(bytes calldata request) external returns (bytes memory);
+}
+
+abstract contract RecoverHook {
+    /// @notice Override to recover one incoming pipe context from a peer host.
+    /// @dev Implementations may refund, retry, compensate, reconcile, or otherwise
+    ///      handle the supplied state and remaining steps.
+    /// @param account Account identifier for the recovery context.
+    /// @param state Embedded recovery state block stream.
+    /// @param steps Embedded recovery step block stream.
+    function recover(bytes32 account, bytes calldata state, bytes calldata steps) internal virtual;
+}
+
+/// @title PeerRecover
+/// @notice Peer endpoint for recovering an interrupted or failed pipe context.
+/// @dev Commonly used when a cross-chain pipe fails at its destination, but the
+///      hook is host-defined and may implement any recovery strategy. Each PIPE
+///      block carries chain resources plus a CONTEXT block; the nested context
+///      is passed to the recovery hook and resources are not allocated.
+abstract contract PeerRecover is PeerBase, RecoverHook, IPeerRecover {
+    uint internal immutable peerRecoverId = peerId(this.peerRecover.selector);
+
+    constructor() {
+        emit Peer(host, peerRecoverId, "1:0", Schemas.Pipe, "", false);
+        emit Labeled(peerRecoverId, bytes32(0), "peerRecover");
+    }
+
+    /// @notice Forward peer-supplied recovery pipes to the host-defined recovery hook.
+    /// @param request PIPE block stream supplied by the trusted peer.
+    /// @return Empty response bytes.
+    function peerRecover(bytes calldata request) external onlyPeer returns (bytes memory) {
+        (Cur memory input, , ) = Cursors.init(request, 1);
+
+        while (input.i < input.len) {
+            (, bytes32 account, bytes calldata state, bytes calldata steps) = input.unpackPipe();
+            recover(account, state, steps);
+        }
+
+        input.complete();
+        return "";
+    }
+}

package/peer/Redeem.sol

@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity ^0.8.33;
+
+import {PeerBase} from "./Base.sol";
+import {Cursors, Cur, Schemas} from "../Cursors.sol";
+
+using Cursors for Cur;
+
+interface IPeerRedeemBalance {
+    function peerRedeemBalance(bytes calldata request) external returns (bytes memory);
+}
+
+abstract contract RedeemBalanceHook {
+    /// @notice Override to redeem one balance claim from a peer host into local assets.
+    /// @param peer Peer host node ID for this request.
+    /// @param asset Asset identifier to redeem locally.
+    /// @param amount Amount to redeem in the asset's native units.
+    function redeemBalance(uint peer, bytes32 asset, uint amount) internal virtual;
+}
+
+/// @title PeerRedeemBalance
+/// @notice Peer that redeems balance state from a peer host into local assets.
+/// Each BALANCE block in the request calls `redeemBalance(peer, asset, amount)`.
+/// Restricted to trusted peers.
+abstract contract PeerRedeemBalance is PeerBase, RedeemBalanceHook, IPeerRedeemBalance {
+    uint internal immutable peerRedeemBalanceId = peerId(this.peerRedeemBalance.selector);
+
+    constructor() {
+        emit Peer(host, peerRedeemBalanceId, "1:0", Schemas.Balance, "", false);
+        emit Labeled(peerRedeemBalanceId, bytes32(0), "peerRedeemBalance");
+    }
+
+    /// @notice Execute the balance redemption peer call.
+    /// @param request BALANCE block stream supplied by the trusted peer.
+    /// @return Empty response bytes.
+    function peerRedeemBalance(bytes calldata request) external onlyPeer returns (bytes memory) {
+        (Cur memory input, , ) = Cursors.init(request, 1);
+        uint peer = caller();
+
+        while (input.i < input.len) {
+            (bytes32 asset, uint amount) = input.unpackBalance();
+            redeemBalance(peer, asset, amount);
+        }
+
+        input.complete();
+        return "";
+    }
+}

package/peer/Settle.sol

@@ -30,9 +30,9 @@ abstract contract PeerSettle is PeerBase, DebitAccountHook, CreditAccountHook, I
         (Cur memory state, , ) = Cursors.init(request, 1);
 
         while (state.i < state.len) {
-            (bytes32 from, bytes32 to, bytes32 asset, bytes32 meta, uint amount) = state.unpackTransaction();
-            if (from != 0) debitAccount(from, asset, meta, amount);
-            if (to != 0) creditAccount(to, asset, meta, amount);
+            (bytes32 from, bytes32 to, bytes32 asset, uint amount) = state.unpackTransaction();
+            if (from != 0) debitAccount(from, asset, amount);
+            if (to != 0) creditAccount(to, asset, amount);
         }
 
         state.complete();

package/queries/Assets.sol

@@ -9,16 +9,15 @@ using Cursors for Cur;
 using Writers for Writer;
 
 abstract contract AssetStatusHook {
-    /// @notice Resolve support status for one asset tuple.
+    /// @notice Resolve support status for one asset.
     /// Concrete implementations define the support policy and optional context codes.
     /// @param asset Requested asset identifier.
-    /// @param meta Requested asset metadata slot.
     /// @return status Asset support status. Zero means unsupported; nonzero means supported.
-    function assetStatus(bytes32 asset, bytes32 meta) internal view virtual returns (uint status);
+    function assetStatus(bytes32 asset) internal view virtual returns (uint status);
 }
 
 /// @title AssetStatus
-/// @notice Rootzero query that checks support status for one or more `(asset, meta)` tuples.
+/// @notice Rootzero query that checks support status for one or more assets.
 /// The request is a run of `ASSET` blocks.
 /// The response returns one `STATUS` form block per query entry, preserving request order.
 abstract contract AssetStatus is QueryBase, AssetStatusHook {
@@ -29,16 +28,16 @@ abstract contract AssetStatus is QueryBase, AssetStatusHook {
         emit Labeled(assetStatusId, bytes32(0), "assetStatus");
     }
 
-    /// @notice Resolve asset support status for a run of requested `(asset, meta)` tuples.
-    /// @param request Block-stream request consisting of `#asset { bytes32 asset, bytes32 meta }` blocks.
+    /// @notice Resolve asset support status for a run of requested assets.
+    /// @param request Block-stream request consisting of `#asset { bytes32 asset }` blocks.
     /// @return Block-stream response containing one `#status { uint code }` per asset block.
     function assetStatus(bytes calldata request) external view returns (bytes memory) {
         (Cur memory query, uint groups, ) = Cursors.init(request, 1);
         Writer memory response = Writers.allocStatuses(groups);
 
         while (query.i < query.len) {
-            (bytes32 asset, bytes32 meta) = query.unpackAsset();
-            uint status = assetStatus(asset, meta);
+            bytes32 asset = query.unpackAsset();
+            uint status = assetStatus(asset);
             response.appendStatus(status);
         }
 

package/queries/Balances.sol

@@ -12,13 +12,12 @@ abstract contract GetBalancesHook {
     /// Concrete implementations define how assets are resolved.
     /// @param account Account identifier carried by the query payload.
     /// @param asset Requested asset identifier.
-    /// @param meta Requested asset metadata slot.
     /// @return amount Current balance in the asset's native units.
-    function getBalance(bytes32 account, bytes32 asset, bytes32 meta) internal view virtual returns (uint amount);
+    function getBalance(bytes32 account, bytes32 asset) internal view virtual returns (uint amount);
 }
 
 /// @title GetBalances
-/// @notice Rootzero query that resolves balances for one or more `(account, asset, meta)` tuples.
+/// @notice Rootzero query that resolves balances for one or more `(account, asset)` tuples.
 /// The request is a run of `ACCOUNT_ASSET` form blocks.
 /// The response returns one `ACCOUNT_AMOUNT` form block per requested position, preserving request order.
 abstract contract GetBalances is QueryBase, GetBalancesHook {
@@ -29,17 +28,17 @@ abstract contract GetBalances is QueryBase, GetBalancesHook {
         emit Labeled(getBalancesId, bytes32(0), "getBalances");
     }
 
-    /// @notice Resolve balances for a run of requested `(account, asset, meta)` tuples.
-    /// @param request Block-stream request consisting of `accountAsset(account, asset, meta)*`.
-    /// @return Block-stream response containing one `accountAmount(account, asset, meta, amount)` block per request block.
+    /// @notice Resolve balances for a run of requested `(account, asset)` tuples.
+    /// @param request Block-stream request consisting of `accountAsset(account, asset)*`.
+    /// @return Block-stream response containing one `accountAmount(account, asset, amount)` block per request block.
     function getBalances(bytes calldata request) external view returns (bytes memory) {
         (Cur memory query, uint groups, ) = Cursors.init(request, 1);
         Writer memory response = Writers.allocAccountAmounts(groups);
 
         while (query.i < query.len) {
-            (bytes32 account, bytes32 asset, bytes32 meta) = query.unpackAccountAsset();
-            uint amount = getBalance(account, asset, meta);
-            response.appendAccountAmount(account, asset, meta, amount);
+            (bytes32 account, bytes32 asset) = query.unpackAccountAsset();
+            uint amount = getBalance(account, asset);
+            response.appendAccountAmount(account, asset, amount);
         }
 
         query.complete();

package/queries/Base.sol

@@ -4,16 +4,16 @@ pragma solidity ^0.8.33;
 import { Runtime } from "../core/Runtime.sol";
 import { LabeledEvent } from "../events/Labeled.sol";
 import { QueryEvent } from "../events/Query.sol";
-import { Ids } from "../utils/Ids.sol";
+import { Nodes } from "../utils/Nodes.sol";
 
 /// @notice ABI-encode a query call from a target query ID and request block stream.
-/// @dev Derives the function selector from `target` via `Ids.querySelector(target)`.
+/// @dev Derives the function selector from `target` via `Nodes.querySelector(target)`.
 /// Reverts if `target` is not a valid query ID.
 /// @param target Destination query node ID embedding the target selector.
 /// @param request Input block stream for the query invocation.
 /// @return ABI-encoded calldata for the query entry point.
 function encodeQueryCall(uint target, bytes calldata request) pure returns (bytes memory) {
-    bytes4 selector = Ids.querySelector(target);
+    bytes4 selector = Nodes.querySelector(target);
     return abi.encodeWithSelector(selector, request);
 }
 
@@ -29,6 +29,6 @@ abstract contract QueryBase is Runtime, QueryEvent, LabeledEvent {
     /// @param selector Query entrypoint selector.
     /// @return Query node ID.
     function queryId(bytes4 selector) internal view returns (uint) {
-        return Ids.toQuery(selector, address(this));
+        return Nodes.toQuery(selector, address(this));
     }
 }

package/queries/Positions.sol

@@ -14,12 +14,10 @@ abstract contract GetPositionHook {
     /// the query output schema.
     /// @param account Requested account identifier.
     /// @param asset Requested asset identifier.
-    /// @param meta Requested asset metadata slot.
     /// @param response Destination writer for the response stream.
     function appendPosition(
         bytes32 account,
         bytes32 asset,
-        bytes32 meta,
         Writer memory response
     ) internal view virtual;
 }
@@ -36,17 +34,17 @@ abstract contract GetPosition is QueryBase, GetPositionHook {
         emit Labeled(getPositionId, bytes32(0), "getPosition");
     }
 
-    /// @notice Resolve positions for a run of requested `(account, asset, meta)` tuples.
+    /// @notice Resolve positions for a run of requested `(account, asset)` tuples.
     /// @dev Allocates from a per-block capacity hint and grows when position outputs exceed it.
-    /// @param request Block-stream request consisting of `accountAsset(account, asset, meta)*`.
+    /// @param request Block-stream request consisting of `accountAsset(account, asset)*`.
     /// @return Block-stream response containing one output-schema block per position block.
     function getPosition(bytes calldata request) external view returns (bytes memory) {
         (Cur memory query, uint groups, ) = Cursors.init(request, 1);
         Writer memory response = Writers.allocAny(groups);
 
         while (query.i < query.len) {
-            (bytes32 account, bytes32 asset, bytes32 meta) = query.unpackAccountAsset();
-            appendPosition(account, asset, meta, response);
+            (bytes32 account, bytes32 asset) = query.unpackAccountAsset();
+            appendPosition(account, asset, response);
         }
 
         query.complete();

package/utils/Accounts.sol

@@ -2,7 +2,8 @@
 pragma solidity ^0.8.33;
 
 import {Layout} from "./Layout.sol";
-import {isFamily, toLocalBase, toUnspecifiedBase} from "./Utils.sol";
+import {Ids} from "./Ids.sol";
+import {ensureAddr, isFamily, toLocalBase, toUnspecifiedBase} from "./Utils.sol";
 
 /// @title Accounts
 /// @notice Encoding and decoding helpers for 256-bit account identifiers.
@@ -11,18 +12,24 @@ import {isFamily, toLocalBase, toUnspecifiedBase} from "./Utils.sol";
 ///   - `Admin`    — chain-local EVM address in bits [191:32]
 ///   - `Guardian` — chain-local EVM address in bits [191:32]
 ///   - `User`     — chain-agnostic EVM address in bits [191:32]
+///
+/// If the first byte is zero, the account is an opaque
+/// `0x00 || bytes31(hash)` ID. The full account identity must be supplied by
+/// lookup or witness data when native account metadata is needed.
+///
+/// The helpers in this library validate and deconstruct structured account IDs.
 library Accounts {
     /// @dev Thrown when an account ID does not belong to the EVM family.
     error InvalidAccount();
 
     /// @dev 24-bit family tag shared by all EVM-backed account types.
-    uint24 constant Family = (uint24(Layout.Evm32) << 8) | uint24(Layout.Account);
+    uint24 constant Family = (uint24(Layout.Evm) << 8) | uint24(Layout.Account);
     /// @dev Full 4-byte type prefix for admin accounts (chain-local EVM address).
-    uint32 constant Admin = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Account) << 8) | uint32(Layout.Admin);
+    uint32 constant Admin = (uint32(Layout.Evm) << 16) | (uint32(Layout.Account) << 8) | uint32(Layout.Admin);
     /// @dev Full 4-byte type prefix for guardian accounts (chain-local EVM address).
-    uint32 constant Guardian = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Account) << 8) | uint32(Layout.Guardian);
+    uint32 constant Guardian = (uint32(Layout.Evm) << 16) | (uint32(Layout.Account) << 8) | uint32(Layout.Guardian);
     /// @dev Full 4-byte type prefix for user accounts (chain-agnostic EVM address).
-    uint32 constant User = (uint32(Layout.Evm32) << 16) | (uint32(Layout.Account) << 8) | uint32(Layout.User);
+    uint32 constant User = (uint32(Layout.Evm) << 16) | (uint32(Layout.Account) << 8) | uint32(Layout.User);
 
     /// @notice Extract the 4-byte type prefix from an account ID.
     /// @param account Account identifier.
@@ -31,9 +38,14 @@ library Accounts {
         return uint32(uint(account) >> 224);
     }
 
-    /// @notice Return true if `account` uses the Account category tag in the type field.
-    function isAccount(bytes32 account) internal pure returns (bool) {
-        return uint8(uint(account) >> 232) == Layout.Account;
+    /// @notice Return true if `account` belongs to the EVM account family.
+    function isEvm(bytes32 account) internal pure returns (bool) {
+        return isFamily(uint(account), Family);
+    }
+
+    /// @notice Return true if `account` is opaque.
+    function isOpaque(bytes32 account) internal pure returns (bool) {
+        return Ids.isOpaque(account);
     }
 
     /// @notice Return true if `account` is an admin account.
@@ -51,82 +63,88 @@ library Accounts {
         return prefix(account) == User;
     }
 
-    /// @notice Assert that `input` is an account and return it unchanged.
-    /// @param input Account identifier to validate.
-    /// @return account The same `input` if it is an account.
-    function ensure(bytes32 input) internal pure returns (bytes32 account) {
-        if (!isAccount(input)) revert InvalidAccount();
-        return input;
+    /// @notice Assert that `value` belongs to the EVM account family and return it unchanged.
+    /// @param value Account identifier to validate.
+    /// @return account The same `value` if it is an EVM account.
+    function evm(bytes32 value) internal pure returns (bytes32 account) {
+        if (!isEvm(value)) revert InvalidAccount();
+        return value;
     }
 
-    /// @notice Assert that `input` is an admin account and return it unchanged.
-    /// @param input Account identifier to validate.
-    /// @return account The same `input` if it is an admin account.
-    function admin(bytes32 input) internal pure returns (bytes32 account) {
-        if (!isAdmin(input)) revert InvalidAccount();
-        return input;
+    /// @notice Assert that `value` is an opaque account and return it unchanged.
+    /// @param value Account identifier to validate.
+    /// @return account The same `value` if it is opaque.
+    function opaque(bytes32 value) internal pure returns (bytes32 account) {
+        if (!Ids.isOpaque(value)) revert InvalidAccount();
+        return value;
     }
 
-    /// @notice Assert that `input` is a guardian account and return it unchanged.
-    /// @param input Account identifier to validate.
-    /// @return account The same `input` if it is a guardian account.
-    function guardian(bytes32 input) internal pure returns (bytes32 account) {
-        if (!isGuardian(input)) revert InvalidAccount();
-        return input;
+    /// @notice Assert that `value` is an admin account and return it unchanged.
+    /// @param value Account identifier to validate.
+    /// @return account The same `value` if it is an admin account.
+    function admin(bytes32 value) internal pure returns (bytes32 account) {
+        if (!isAdmin(value)) revert InvalidAccount();
+        return value;
     }
 
-    /// @notice Assert that `input` is a user account and return it unchanged.
-    /// @param input Account identifier to validate.
-    /// @return account The same `input` if it is a user account.
-    function user(bytes32 input) internal pure returns (bytes32 account) {
-        if (!isUser(input)) revert InvalidAccount();
-        return input;
+    /// @notice Assert that `value` is a guardian account and return it unchanged.
+    /// @param value Account identifier to validate.
+    /// @return account The same `value` if it is a guardian account.
+    function guardian(bytes32 value) internal pure returns (bytes32 account) {
+        if (!isGuardian(value)) revert InvalidAccount();
+        return value;
+    }
+
+    /// @notice Assert that `value` is a user account and return it unchanged.
+    /// @param value Account identifier to validate.
+    /// @return account The same `value` if it is a user account.
+    function user(bytes32 value) internal pure returns (bytes32 account) {
+        if (!isUser(value)) revert InvalidAccount();
+        return value;
     }
 
     /// @notice Encode an EVM address as a chain-local admin account ID.
-    /// @param addr EVM address to embed.
+    /// @param account EVM address to embed.
     /// @return Admin account ID bound to the current chain.
-    function toAdmin(address addr) internal view returns (bytes32) {
-        return bytes32(toLocalBase(Admin) | (uint(uint160(addr)) << 32));
+    function toAdmin(address account) internal view returns (bytes32) {
+        return bytes32(toLocalBase(Admin) | (uint(uint160(account)) << 32));
     }
 
     /// @notice Encode an EVM address as a chain-local guardian account ID.
-    /// @param addr EVM address to embed.
+    /// @param account EVM address to embed.
     /// @return Guardian account ID bound to the current chain.
-    function toGuardian(address addr) internal view returns (bytes32) {
-        return bytes32(toLocalBase(Guardian) | (uint(uint160(addr)) << 32));
+    function toGuardian(address account) internal view returns (bytes32) {
+        return bytes32(toLocalBase(Guardian) | (uint(uint160(account)) << 32));
     }
 
     /// @notice Encode an EVM address as a chain-agnostic user account ID.
-    /// @param addr EVM address to embed.
+    /// @param account EVM address to embed.
     /// @return User account ID without a chain binding.
-    function toUser(address addr) internal pure returns (bytes32) {
-        return bytes32(toUnspecifiedBase(User) | (uint(uint160(addr)) << 32));
+    function toUser(address account) internal pure returns (bytes32) {
+        return bytes32(toUnspecifiedBase(User) | (uint(uint160(account)) << 32));
     }
 
-    /// @notice Assert that `account` belongs to the EVM account family and return it unchanged.
-    /// @param account Account ID to validate.
-    /// @return The same `account` value if valid.
-    function ensureEvm(bytes32 account) internal pure returns (bytes32) {
-        if (!isFamily(uint(account), Family)) {
-            revert InvalidAccount();
-        }
-        return account;
+    /// @notice Derive an opaque account ID from a keccak preimage.
+    /// @param preimage Preimage whose first byte is `0x01`.
+    /// @return account `0x00 || bytes31(keccak256(preimage))`.
+    function toKeccak(bytes memory preimage) internal pure returns (bytes32 account) {
+        return Ids.toKeccak(preimage);
     }
 
-    /// @notice Assert that `account` is not an admin account and return it unchanged.
-    /// @param account Account ID to validate.
-    /// @return The same `account` value if valid.
-    function ensureNotAdmin(bytes32 account) internal pure returns (bytes32) {
-        if (isAdmin(account)) revert InvalidAccount();
+    /// @notice Assert that `account` matches the opaque keccak ID for `preimage`.
+    /// @param account Opaque account ID to validate.
+    /// @param preimage Preimage whose first byte is `0x01`.
+    /// @return The same `account` value if it matches.
+    function matchKeccak(bytes32 account, bytes memory preimage) internal pure returns (bytes32) {
+        if (account != Ids.toKeccak(preimage)) revert InvalidAccount();
         return account;
     }
 
-    /// @notice Extract the EVM address embedded in an EVM-family account ID.
+    /// @notice Extract the address embedded in an EVM-family account ID.
     /// Reverts if `account` is not an EVM-family account.
     /// @param account EVM-family account ID.
-    /// @return Embedded EVM address (bits [191:32] of the ID).
-    function addrEvm(bytes32 account) internal pure returns (address) {
-        return address(uint160(uint(ensureEvm(account)) >> 32));
+    /// @return Embedded address (bits [191:32] of the ID).
+    function addr(bytes32 account) internal pure returns (address) {
+        return ensureAddr(address(uint160(uint(evm(account)) >> 32)));
     }
 }

package/utils/Actions.sol

@@ -15,4 +15,5 @@ library Actions {
     uint32 constant Borrow = 10;
     uint32 constant Repay = 11;
     uint32 constant Liquidate = 12;
+    uint32 constant Refund = 13;
 }