SIP: Permissionless Package Introspection

[92GC]

Summary

Add native functions to sui::package for querying package metadata:

public native fun current_package_id(): address;
public native fun policy_for(package_id: address): u8;
public native fun is_immutable(package_id: address): bool;
public native fun version_for(package_id: address): u64;

Problem

These require new VM primitives—UpgradeCaps cannot solve this:

• current_package_id() needs VM introspection—no object can tell you which package version is currently executing
• Immutable packages have no UpgradeCap (it gets destroyed)
• Move cannot dynamically lookup objects by package ID at runtime

Use Cases

• Enforce "only immutable/additive modules" in DAO action registries
• Pin governance proposals to specific audited package versions
• Trustless runtime verification of third-party dependencies

[admin-aftermath]

Was anticipating writing a smaller SIP for the version_for function. Would simplify common package versioning pattern: replace const CURRENT_VERSION + Config.version + version check with a Config.min_acceptable_version + sui::package::version check. (I prefer version over version_for). No longer will you forget to update the const CURRENT_VERSION on a package upgrade.

I can see the other functions being useful in their own ways too. All in all, simple SIP but has an immediate impact.