Skip to content

SIP: PTB Dynamic Dispatch via Command Context & Scoped Execution#70

Open
92GC wants to merge 4 commits intosui-foundation:mainfrom
92GC:sip-ptb-command-context
Open

SIP: PTB Dynamic Dispatch via Command Context & Scoped Execution#70
92GC wants to merge 4 commits intosui-foundation:mainfrom
92GC:sip-ptb-command-context

Conversation

@92GC
Copy link

@92GC 92GC commented Feb 5, 2026
edited
Loading

Add a new sui::ptb_context module with native functions for inspecting PTB execution context:

public native fun current_index(ctx: &TxContext): u16;
public native fun total_commands(ctx: &TxContext): u16;
public native fun command_at(ctx: &TxContext, index: u16): Option<CommandInfo>;
public native fun scope_depth(ctx: &TxContext): u8;
public native fun argument_source(ctx: &TxContext, arg_index: u8): Option<ArgumentSource>;
public native fun create_scope_witness(ctx: &mut TxContext): ScopeWitness;
public native fun in_same_scope(ctx: &TxContext, witness: &ScopeWitness): bool;

Plus a new Scope { commands, inherit_context } PTB command variant.

Problem

Composing Move protocols requires pre-built hot potato wrappers for every integration. A DAO executing "vault spend → DEX swap → vault deposit" needs a custom wrapper per DEX. New DEX = new code to write, audit, and deploy. There's no way for a contract to verify at runtime who produced a value or which commands are in the transaction.

Use Cases

  • Dynamic dispatch — verify a coin came from an approved package at runtime, no wrapper needed. Adding a new DEX becomes an allowlist update, not new code.
  • Scoped isolation — partition PTB commands so protocols can't see (or censor) each other. Prevents AMMs from refusing arbitrage by detecting competitors in the same transaction.

92GC and others added 4 commits February 5, 2026 21:36
@92GC @claude
SIP: PTB Command Context & Scoped Execution
2ef34b4 
Propose three related enhancements to PTBs:
- Command Context: Expose previous command info to Move
- Scoped Execution: Isolate groups of commands within transactions
- Scope Witness: Cryptographic proof for same-scope verification

Key design decision: scope_depth() returns 1 for both top-level PTB
and explicit scope, preventing contracts from detecting isolation.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@92GC @claude
Add Argument Provenance (Part 2), reframe motivation
1b29f41 
Major changes:
- Lead with dynamic dispatch use case (eliminating hot potato wrappers)
- Add Part 2: Argument Provenance - track where values came from
  - argument_source() returns Input/Result/NestedResult
  - Enables "accept coin only if from approved protocol" pattern
- AMM censorship now secondary benefit of scopes
- Add new open questions for argument indexing

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@92GC
rewrite SIP: concise, full scope visibility
7f9e529 
- All commands in a scope can see each other (not past-only)
- Cut from 355 to ~190 lines — removed redundant explanations
- Tightened rationale, security, backwards compat sections
@92GC
lead with dynamic dispatch, defer mechanism names to spec
d67adb6
@92GC 92GC changed the title SIP: PTB Command Context & Scoped Execution SIP: PTB Dynamic Dispatch via Command Context & Scoped Execution Feb 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@92GC