That is the design goal. Each entity has a fixed
capability set registered at creation. The protocol
checks capabilities before any transaction
executes. An entity without emit_proposals cannot
publish signals. An entity without
read_memory_objects cannot access on-chain storage.
The enforcement is at the dispatcher, not in
application logic.
The boundary between entities is the same idea as
your bounded contexts. Entity A cannot reach into
Entity B's memory. The only integration surface is
the chain's RPC and signal indexes. If A wants to
use B's service, it discovers B through the
service registry,pays through Native Agent Payments (NAP), and
attests delivery. All protocol-level, no direct coupling.
Right. That sounds like the kind of system I have in mind. Clear capability boundaries and constraints.
That is the design goal. Each entity has a fixed
capability set registered at creation. The protocol
checks capabilities before any transaction
executes. An entity without emit_proposals cannot
publish signals. An entity without
read_memory_objects cannot access on-chain storage.
The enforcement is at the dispatcher, not in
application logic.
The boundary between entities is the same idea as
your bounded contexts. Entity A cannot reach into
Entity B's memory. The only integration surface is
the chain's RPC and signal indexes. If A wants to
use B's service, it discovers B through the
service registry,pays through Native Agent Payments (NAP), and
attests delivery. All protocol-level, no direct coupling.
That makes a lot of sense, thank you for sharing!