Skip to content

Move module registry: on-chain namespace ownership object linking to Walrus blob + Harbor/SEAL refs #20

Description

@harrymove-ctrl

Context

Namespace ownership, visibility, and access are 100% off-chain in D1 todayCloudflareNamespaceStore in apps/api/src/worker.ts stores owner_id + visibility + ctxm_* read tokens, and docs/namespace-model.md confirms "private" is just a Bearer-token check, not anything on-chain. This module makes namespace ownership a real Sui object so it can be the authority record for provenance (roadmap §2) and the link target between a namespace and its Walrus blob / Harbor Bucket / SEAL policy.

Goal / user story

As a namespace owner, my namespace exists as an on-chain Namespace object that records who owns it, whether it's public/private, its SEAL policy (when private), and a pointer to its latest attribution receipt — so ownership and provenance are verifiable on Sui, not just trusted from a D1 row.

Acceptance criteria

  • module contextmem::registry defines a Namespace struct with: name: String (the demo:/web:/walrus: namespace string from docs/namespace-model.md), owner: address, visibility: u8 (0=public,1=private), seal_policy_id: Option<ID>, display_name: String, description: String, walrus_blob_id: Option<String>, created_at_ms: u64, head_receipt: Option<ID>.
  • public fun register_namespace(...) creates a shared Namespace (so the sponsored service signer and later readers can both touch it) and emits a NamespaceRegistered event.
  • Owner-gated mutators (assert ns.owner == ctx.sender() or an explicit cap): set_visibility, set_seal_policy, set_display, set_walrus_blob, transfer_ownership.
  • public fun set_head_receipt(ns: &mut Namespace, receipt_id: ID, ctx) — owner/authority gated — lets the receipt-mint flow advance the head pointer (consumed by the receipt module / on-chain TS client).
  • #[test] coverage: register, owner-only mutation succeeds, non-owner mutation aborts, visibility/seal-policy round-trip.
  • Getters for all fields for off-chain reads.

Implementation notes

  • Source-of-truth decision (roadmap open question §2): for the alpha, keep D1 authoritative and the on-chain Namespace as an attestation/mirror — far less plumbing than making chain authoritative. Document this; the TS client backfills/syncs D1 → chain.
  • Visibility ↔ SEAL: visibility=1 (private) should carry a seal_policy_id populated from Harbor's on-chain Seal policy object (private namespace ⇔ owned Seal policy, per roadmap §1). Confirm Harbor exposes the policy id to store here. walrus_blob_id mirrors the WalrusStorageReceipt.blobId.
  • Authority model: with the scaffold's signer decision (service key signs, Enoki sponsors gas), ns.owner will initially be the service key address. If/when user wallets land, transfer_ownership hands it to the user. Avoid baking user-wallet assumptions in now.
  • Cross-module head pointer: set_head_receipt is the seam the receipt mint calls; keep the auth check here so receipt stays a pure attestation minter. A dedicated WriterCap (roadmap §2 P2 cap module) can replace the sender-equality check later — out of scope.
  • Shared vs owned: prefer shared Namespace so a sponsored backend tx can mutate head_receipt without the object being in the user's address; document the consensus-cost tradeoff.

Sui Overflow angle

Turns "namespace ownership" from an invisible database column into a first-class Sui object that links Walrus storage + SEAL access control + attribution receipts into one verifiable graph — the on-chain backbone judges can inspect, and the natural home for the private-namespace SEAL story.

Dependencies

  • Requires the Move scaffold issue.
  • Pairs with the receipt module (its head_receipt/parents reference these objects).
  • SEAL policy id linkage depends on Harbor integration landing — the field can ship now and be populated later.

Part of the ContextMEM roadmap (#4) • Sui Overflow build.

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1Important: hardens the demo and core productfeatureUser- or agent-facing capabilitymoveSui Move smart-contract package (registry/receipt)suiSui chain: tx signing, objects, wallet, zkLogin, explorer

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions