Sage Protocol implements a secure, transparent administrative architecture designed to manage critical protocol operations effectively. The architecture leverages clearly defined administrative capabilities, structured witness configurations, and explicit runtime validations to ensure strong security, controlled flexibility, and modular governance. Sage’s governance model explicitly embraces progressive decentralization. Currently managed through distinct roles and permissions, the protocol’s modular administrative design allows the Sage team to incrementally transition governance responsibilities to decentralized community control as governance mechanisms mature.

Administrative Capabilities

Sage governance relies on clearly defined administrative capabilities, each controlling specific governance domains:
  • AdminCap: Manages core administrative privileges, protocol-wide configurations, and critical updates.
  • FeeCap: Manages transaction fee configurations, allowing precise adjustments of fee parameters.
  • RewardCap: Controls reward configurations, overseeing reward parameters and distribution mechanisms.
  • InviteCap: Handles secure user onboarding through controlled invite creation and validation processes.
  • MintCap: Governs token minting operations, securely managing token issuance and overall supply control.
Separating these administrative capabilities into modular, explicit roles facilitates Sage’s long-term decentralization strategy. As community governance matures, individual capabilities can progressively transition from centralized team control to decentralized community oversight.

Governance Witness Pattern

Central to Sage’s governance model is a configurable witness-based authorization system. Specialized witness configurations explicitly authorize critical governance actions at runtime, ensuring secure and verifiable governance operations.
  • GovernanceWitnessConfig: Specifies authorized witness types allowed to perform sensitive governance actions.
For example, runtime witness validation is performed explicitly as follows: 
public fun update_mint_config_for_governance<GovernanceWitness: drop>(
    governance_witness: &GovernanceWitness,
    governance_witness_config: &GovernanceWitnessConfig,
    mint_config: &mut MintConfig,
    enabled: bool,
    max_supply: Option<u64>
) {
    access::assert_governance_witness(
        governance_witness,
        governance_witness_config
    );

    update_mint_config(
        mint_config,
        enabled,
        max_supply
    );
}
This clear prevents unauthorized governance operations and ensures only clearly authorized entities execute critical updates.

Upgradeability and Flexibility

A key advantage of Sage’s governance architecture is secure, dynamic configuration updates without requiring redeployment of core contracts. Administrative capabilities allow authorized entities to securely adjust governance parameters at runtime, significantly enhancing protocol flexibility and adaptability. For example, mint configurations can be securely updated at runtime by authorized administrators: 
public fun update_mint_config_admin(
    _: &MintCap,
    mint_config: &mut MintConfig,
    enabled: bool,
    max_supply: Option<u64>
) {
    update_mint_config(
        mint_config,
        enabled,
        max_supply
    );
}
This flexibility ensures Sage Protocol can seamlessly adapt to evolving ecosystem needs while minimizing operational disruptions and risks.

Practical Architectural Benefits

Sage’s governance model provides several tangible benefits:
  • Modular Security: Clearly separated administrative capabilities and witness configurations compartmentalize privilege management, reducing security risks through precise and modular access control.
  • Transparent Decision-Making: Explicit governance witness configurations transparently document all administrative actions, providing auditable visibility into governance processes. While witness configurations alone do not constitute full decentralization, they clearly facilitate community oversight and auditability, laying the groundwork for future decentralized governance mechanisms.
  • Runtime Security Enforcement: Sage’s explicit runtime validations through witness-based authorization prevent unauthorized actions and misconfigurations immediately, safeguarding governance integrity.
  • Adaptable Governance: Governance and administrative configurations are dynamically updatable at runtime, enabling rapid and secure responses to changes in community needs or market conditions without complex contract redeployments.