I keep noticing that upgradeability is usually discussed as a contract problem.

Newton’s Smart Contract Integration docs made me look at it differently: what if the contract address stays stable while the authorization logic behind it evolves?

@NewtonProtocol $NEWT #Newt

In NewtonProtocol, an existing PolicyClient can be pointed to a newer policy using:

setPolicyAddress(newPolicy)

But this isn’t just a blind pointer update.

When setPolicyAddress() is called, the policy’s factory version is checked against the TaskManager’s minimum compatible runtime version. If the version is incompatible, the update reverts instead of attaching unsupported policy logic.

The migration flow goes further:

Check compatibility



Redeploy incompatible policy data



Deploy policy via latest factory



Update existing PolicyClient



Verify migration

What stood out to me is what doesn’t move.

The PolicyClient address stays the same.

That means the execution-facing client can remain stable while policy implementation and compatible policy data evolve. Newton’s docs also note that identity links and user consent remain intact because the client address doesn’t change.

To me, that creates an interesting architectural separation:

Stable client identity ≠ frozen authorization logic

The client provides continuity.

The policy provides change.

The compatibility check defines which changes are safe to attach.

That feels more important than a simple “upgrade” feature. Authorization systems need to evolve, but integrations built around them also need continuity.

The question I’m left with is about consent:

If the PolicyClient stays the same but its policy changes, what should users think they approved?

The client itself, or the specific policy version behind it?

Where should consent attach?
#VitalikOutlinesLeanEthereumRoadmap #BrazilCentralBankSaysStablecoinsElectronicMoney #UKFCAPublishesCryptoRegFramework #BitcoinFallsOver50%FromOctoberHigh
$LAB $VANRY
🔗 PolicyClient
📜 Policy version
17 ч. осталось