Object operations
Creation and setup API
The Creation and Setup API provides fundamental operations for creating new objects and converting them into globally addressable entities. These operations form the foundation for object lifecycle management in the system.
OBJECT_NEW
This creates a new owned object instance within the caller's package.
The operation includes the following validations:
Package scoping
It ensures objects are only created within the caller's package scope:
let package_address = actor .blueprint_id() .map(|b| b.package_address) .ok_or(RuntimeError::SystemError(SystemError::NoPackageAddress))?;Field validation
It checks the validity of all field indexes against the blueprint definition:
let expected_num_fields = blueprint_interface.state.num_fields(); for field_index in fields.keys() { let field_index: usize = (*field_index) as u32 as usize; if field_index >= expected_num_fields { return Err(RuntimeError::SystemError(SystemError::CreateObjectError(...))); } }
Function: OBJECT_GLOBALIZE
This converts an owned object into a globally addressable one, attaching required modules and validating access.
The operation performs the following validations and checks:
Package authorization
It ensures only the original package can globalize its objects:
if Some(reserved_blueprint_id.package_address) != actor.package_address() { return Err(RuntimeError::SystemError( SystemError::InvalidGlobalizeAccess(Box::new(InvalidGlobalizeAccess { package_address: reserved_blueprint_id.package_address, blueprint_name: reserved_blueprint_id.blueprint_name, actor_package: actor.package_address(), })), )); }Required modules
It confirms mandatory modules (
RoleAssignment
andMetadata
) are included:if !modules.contains_key(&AttachedModuleId::RoleAssignment) { return Err(RuntimeError::SystemError(SystemError::MissingModule( ModuleId::RoleAssignment, ))); } if !modules.contains_key(&AttachedModuleId::Metadata) { return Err(RuntimeError::SystemError(SystemError::MissingModule( ModuleId::Metadata, ))); }Address reservation validation
It validates the global address reservation:
match type_info { Some(TypeInfoSubstate::GlobalAddressReservation(x)) => x, _ => { return Err(RuntimeError::SystemError( SystemError::InvalidGlobalAddressReservation, )); } }Module-type validation
It ensures attached modules align with their expected types:
let blueprint_id = self.get_object_info(node_id)?.blueprint_info.blueprint_id; let expected_blueprint = module_id.static_blueprint(); if !blueprint_id.eq(&expected_blueprint) { return Err(RuntimeError::SystemError(SystemError::InvalidModuleType( Box::new(InvalidModuleType { expected_blueprint, actual_blueprint: blueprint_id, }), ))); }Transient blueprint check
It prevents globalization of transient blueprints:
if blueprint_definition.interface.is_transient { return Err(RuntimeError::SystemError( SystemError::GlobalizingTransientBlueprint, )); }
Invocation API
The Invocation API enables invocation of functions on foreign blueprints or modules.
Function: OBJECT_CALL
This method enables the standard method invocation path on objects in the system — SystemModuleMixer::on_call_method()
, and hence AuthModule
, is used to establish an auth zone and resolve permissions, and the call itself is delegated to the kernel_invoke()
function after.
Authorization setup
It creates an auth zone for the current context using
create_auth_zone()
, retrieves the blueprint info of thereceiver
, and resolves the method permissions viaresolve_method_permission()
.Permission checks
Resolved permissions are checked through
check_permission()
, which validates access rules or role lists, enforces role-authorization boundaries, and returns anUnauthorized
error on failure.Function invocation
It passes the validated function call into the engine for execution using
kernel_invoke()
.Cleanup
It performs the required teardown via
teardown_auth_zone()
, detaching proofs from the auth zone, dropping owned proofs, and destroying the auth zone itself.Execution result
It returns SBOR-encoded data or an
InvokeError
for failures.
Function: BLUEPRINT_CALL
This method facilitates blueprint-level invocations, independent of any specific object instance. Unlike OBJECT_CALL
, it does not rely on object states.
Preparation and validation
It constructs a
BlueprintId
from thepackage_address
andblueprint_name
. Auth-zone creation is more generalized and not tied to a specific object instance.Blueprint permission resolution
It uses
SystemModuleMixer::on_call_function
to validate the package and blueprint existence. It also checks function accessibility rules defined at the blueprint level. Functions have no internal role enforcement but can include custom access checks using proofs or external authorization mechanisms.Function invocation
It passes the validated function call into the engine for execution using
kernel_invoke()
.Cleanup
It performs the required teardown via
teardown_auth_zone()
, similar toOBJECT_CALL
.Execution result
It returns SBOR-encoded data or an
InvokeError
for failures.
Function: OBJECT_CALL_MODULE
This method enables calls to attached modules (Metadata
, Royalty
, RoleAssignment
) on global objects. Each module enforces its own authorization templates and rules.
Module validation
It verifies that the object has global status, checks for module existence in the object's module map, ensures the module type aligns with system constraints, and rejects early if module requirements are not satisfied.
Authorization setup
It creates an auth zone specific to the module context, maps the
module_id
to the corresponding blueprint info, resolves the correct auth template for the module type, and handles additional requirements (e.g.,RoleAssignment
requiring global address context).Actor configuration
It configures the actor for the module-specific call.
Actor::Method(MethodActor { method_type: MethodType::Module(module_id), // Key distinction node_id: receiver.clone(), ident: method_name.to_string(), auth_zone: auth_actor_info.clone(), object_info, })Partition isolation
Module partitions are isolated from each other, ensuring the key space remains collision-free within the context of the same object boundary as well as preventing cross-module state access.
Function: OBJECT_CALL_DIRECT
This method is used for invocations similar to object_call()
but provides direct access to objects, bypassing certain authorization checks. It is specifically designed for high-privilege operations on objects like vaults.
Receiver-type validation
It validates that the receiver explicitly allows direct access.
Blueprint access control
Only specific system blueprints (like vaults) allow direct access.
Method actor setup
It creates a special method actor with the Direct
method type.
Authorization resolution
Direct access methods have specific restrictions around global addressing.
Address operations
The address API provides utilities for global address management.
Function: ADDRESS_ALLOCATE
This handles global address allocation.
Uniqueness guarantee
It ensures globally unique address generation.
let address = self.address_allocator.next_address()?; if self.address_exists(address) { return Err(RuntimeError::SystemError(SystemError::AddressCollision)); }Reservation management
It tracks address reservations until used.
self.reserved_addresses.insert( address, ReservationInfo { reserved_at: self.current_epoch(), reserved_by: self.get_current_actor() } );
Function: ADDRESS_GET_RESERVATION_ADDRESS
This retrieves an address from the reservation:
Reservation validation
It verifies a reservation exists and has not expired.
if !self.is_valid_reservation(reservation) { return Err(RuntimeError::SystemError(SystemError::InvalidReservation)); }Address resolution
It maps a reservation to a concrete address.
match self.reserved_addresses.get(&reservation.id) { Some(info) => Ok(info.address), None => Err(RuntimeError::SystemError(SystemError::ReservationNotFound)) }Life cycle management
It tracks reservation usage and expiration.
if self.is_reservation_expired(reservation) { self.reserved_addresses.remove(&reservation.id); return Err(RuntimeError::SystemError(SystemError::ReservationExpired)); }
Utility API
The Utility API provides a set of helper methods for querying and validating object properties, relationships, and type information. These methods support common object inspection and verification tasks.
Function: OBJECT_INSTANCE_OF
This method checks if an object is an instance of a specific blueprint by comparing the object's blueprint ID with the provided package address and blueprint name.
Function: OBJECT_GET_BLUEPRINT_ID
This method retrieves the blueprint ID of an object though the get_object_info()
method.
Function: OBJECT_GET_OUTER_OBJECT
This method retrieves the outer object of an object through the get_object_info()
method.