FIP: Snap Compute

[CassOnMars]

FIP: Snap Compute — Turing-Complete Programmable Frames

Overview

Farcaster Frames and Snaps (the interactive embed card format defined at @farcaster/snap) are currently server-driven: every interaction requires an HTTP round-trip to an external server that holds all application logic. This creates centralization risk, latency, availability dependency, and prevents composability between snaps. If a snap server goes offline, the snap is dead.

This FIP extends the Snap 1.0 format with Snap Compute — a Turing-complete client-side execution layer that allows snaps to embed deterministic programs alongside their UI definitions. Programs execute locally in an isolated sandbox, can read protocol state (casts, follows, reactions, user data) via a syscall interface, and produce UI updates without server round-trips. Server-driven snaps remain fully supported; Snap Compute is an opt-in extension.

The compute model uses a stack-based bytecode VM (SnapVM) with a gas metering system to bound execution. Programs are compiled from a high-level expression language (SnapScript) and stored as compact bytecode in the snap response. The VM is pure and deterministic — given the same inputs and protocol state, it always produces the same output.

---

1. Motivation

1.1 Current Limitations

The server-driven Snap 1.0 model has fundamental constraints:

Limitation	Impact
Server dependency	Snap dies when server goes offline. No archival playback.
Latency	Every button press requires a network round-trip (POST + 5s timeout).
Composability	Snaps cannot read each other's state or call each other.
Privacy	Server sees every interaction, including input values.
Cost	Snap authors must operate and pay for server infrastructure indefinitely.
Determinism	Two users pressing the same button may see different results (server-side randomness, external API calls).

1.2 Design Goals

1. Backward compatible: Snap 1.0 responses remain valid. Compute is opt-in.
2. Deterministic: Given the same inputs and protocol state snapshot, the VM always produces identical output. This enables client-side caching, p2p snap state sharing, and reproducible debugging.
3. Bounded: Gas metering prevents infinite loops. Memory limits prevent OOM. Programs cannot perform I/O beyond reading protocol state.
4. Compact: Bytecode is small enough to embed inline in a cast or snap response without bloating the protocol.
5. Composable: Programs can invoke other snaps' exported functions, enabling a library ecosystem.

---

2. Snap Response Extension

The SnapResponse envelope gains an optional compute field:

{
  "version": "1.1",
  "theme": { "accent": "purple" },
  "compute": {
    "bytecode": "<base64url-encoded SnapVM bytecode>",
    "entrypoint": "main",
    "gas_limit": 1000000,
    "capabilities": ["shared_state", "user_state", "cast", "react"],
    "exports": ["score", "leaderboard"],
    "state_schema": {
      "counter": "i64",
      "name": "string"
    }
  },
  "ui": { ... }
}

Field	Type	Required	Description
bytecode	string (base64url)	Yes	Compiled SnapVM bytecode
entrypoint	string	No (default "main")	Function to call on load and after each interaction
gas_limit	u64	No (default 500000)	Maximum gas per execution
capabilities	string[]	No	Operations the snap may perform (see Section 6.2)
exports	string[]	No	Functions callable by other snaps via snap.call
state_schema	Record<string, TypeName>	No	Typed persistent state (key-value)

Capabilities declare what side effects the snap may produce. The client prompts the user to approve these before the first interaction. Valid capabilities:

Capability	Allows
shared_state	Write to shared state visible to all users of this snap instance
user_state	Write to per-user state scoped to this snap instance
cast	Emit CastAdd messages on behalf of the user
react	Emit ReactionAdd/ReactionRemove messages
link	Emit LinkAdd/LinkRemove messages
user_data	Emit UserDataAdd messages

When compute is present, the client:

1. Decodes and validates the bytecode
2. On initial load, calls entrypoint(action: "get") — read-only, no side effects
3. On first interaction requiring side effects, prompts the user to approve the declared capabilities
4. On button press, calls entrypoint(action: "post", inputs, button_index) locally
5. The VM executes and produces an output log: UI spec, state writes, and embedded protocol messages
6. The client submits a SnapExecutionBundle containing all outputs, the execution context for replay, and the user's capability approval (see Section 6.2)
7. The node verifies the bundle by re-executing the VM and comparing outputs

If compute is absent, the snap behaves exactly as Snap 1.0 (server-driven).

---

3. SnapVM Specification

3.1 Architecture

SnapVM is a stack-based virtual machine with:

• Operand stack: dynamically typed values (i64, f64, string, bytes, bool, array, map, null)
• Call stack: function frames with local variables (max depth: 64)
• Gas counter: decremented per instruction, execution halts at zero

Note: the VM does not include linear memory (addressable byte arrays). All data lives on the operand stack and in local variables. This keeps the VM simple and auditable. Linear memory may be added in a future version if use cases demand it.

3.2 Value Types

enum SnapValueType {
  SNAP_VALUE_TYPE_NULL = 0;
  SNAP_VALUE_TYPE_BOOL = 1;
  SNAP_VALUE_TYPE_I64 = 2;
  SNAP_VALUE_TYPE_F64 = 3;
  SNAP_VALUE_TYPE_STRING = 4;
  SNAP_VALUE_TYPE_BYTES = 5;
  SNAP_VALUE_TYPE_ARRAY = 6;
  SNAP_VALUE_TYPE_MAP = 7;
}

Strings are UTF-8, max 64 KiB. Arrays and maps are reference-counted, max 10,000 elements. All values are immutable; operations produce new values.

3.3 Instruction Set

Instructions are encoded as a 1-byte opcode followed by optional immediate operands.

Stack operations (gas: 1):

Opcode	Mnemonic	Description
0x00	nop	No operation
0x01	push_null	Push null
0x02	push_true	Push true
0x03	push_false	Push false
0x04	push_i64 <i64>	Push 64-bit integer
0x05	push_f64 <f64>	Push 64-bit float
0x06	push_str <u32>	Push string from constant pool
0x07	push_bytes <u32>	Push bytes from constant pool
0x08	pop	Discard top of stack
0x09	dup	Duplicate top of stack
0x0A	swap	Swap top two values

Arithmetic (gas: 1):

Opcode	Mnemonic	Description
0x10	add	a + b (i64, f64, or string concat)
0x11	sub	a - b
0x12	mul	a * b
0x13	div	a / b (division by zero = trap)
0x14	mod	a % b
0x15	neg	-a
0x16	shl	a << b (i64 only)
0x17	shr	a >> b (i64 only)
0x18	band	a & b (i64 only)
0x19	bor	a | b (i64 only)
0x1A	bxor	a ^ b (i64 only)

Comparison (gas: 1):

Opcode	Mnemonic	Description
0x20	eq	a == b
0x21	neq	a != b
0x22	lt	a < b
0x23	gt	a > b
0x24	le	a <= b
0x25	ge	a >= b
0x26	not	!a
0x27	and	a && b (eager; used by assembler — compiler emits jump sequences for short-circuit)
0x28	or	a || b (eager; used by assembler — compiler emits jump sequences for short-circuit)

Control flow (gas: 1):

Opcode	Mnemonic	Description
0x30	jmp <i32>	Unconditional jump (relative offset)
0x31	jmp_if <i32>	Jump if top of stack is truthy
0x32	jmp_unless <i32>	Jump if top of stack is falsy
0x33	call <u32>	Call function by index
0x34	ret	Return from function
0x35	trap	Halt with error

Local variables (gas: 1):

Opcode	Mnemonic	Description
0x40	load <u16>	Push local variable
0x41	store <u16>	Pop into local variable

Collections (gas: 2):

Opcode	Mnemonic	Description
0x50	array_new <u16>	Create array from top N stack values
0x51	array_get	array[index]
0x52	array_len	Length of array
0x53	array_push	Append to array (returns new array)
0x54	array_slice	array[start..end]
0x55	map_new <u16>	Create map from N key-value pairs on stack
0x56	map_get	map[key]
0x57	map_set	Set key in map (returns new map)
0x58	map_has	Check if key exists
0x59	map_keys	Get array of keys
0x5A	map_del	Delete key (returns new map)

Type conversion (gas: 1):

Opcode	Mnemonic	Description
0x60	to_i64	Convert to integer
0x61	to_f64	Convert to float
0x62	to_str	Convert to string
0x63	to_bool	Convert to boolean
0x64	typeof	Push type name as string

String operations (gas: 2):

Opcode	Mnemonic	Description
0x70	str_len	String length in chars
0x71	str_slice	Substring(start, end)
0x72	str_find	Find substring, returns index or -1
0x73	str_upper	Uppercase
0x74	str_lower	Lowercase
0x75	str_split	Split by delimiter, returns array
0x76	str_join	Join array with delimiter
0x77	str_trim	Trim whitespace

Syscalls (gas: 100–10,000, see Section 4):

Opcode	Mnemonic	Description
0x80	syscall <u16>	Invoke a host-provided syscall by index

3.4 Bytecode Format

SnapVM Bytecode v1

Header (16 bytes):
  magic:     [0x53, 0x4E, 0x41, 0x50]  ("SNAP")
  version:   u16 (1)
  flags:     u16 (reserved, 0)
  const_offset: u32 (byte offset to constant pool)
  func_offset:  u32 (byte offset to function table)

Constant Pool:
  count:    u32
  entries:  [ConstEntry...]
    type:   u8 (0=string, 1=bytes)
    len:    u32
    data:   [u8; len]

Function Table:
  count:    u32
  entries:  [FuncEntry...]
    name_idx:   u32 (index into constant pool)
    arity:      u16
    locals:     u16
    code_len:   u32
    code:       [u8; code_len]

Maximum bytecode size: 256 KiB (after base64url decoding).

---

4. Syscall Interface

Syscalls are the only way the VM interacts with the outside world. They provide protocol state reads, persistent local and shared state, UI output, external HTTP requests, cross-snap calls, and cryptographic primitives.

4.1 Protocol State Reads

Index	Name	Stack Signature	Gas	Description
0x0000	farcaster.self_fid	() -> i64	100	Current user's FID
0x0001	farcaster.get_user_data	(fid: i64, type: str) -> str?	500	Get user data (pfp, display, bio, username, url)
0x0002	farcaster.get_cast	(fid: i64, hash: bytes) -> map?	1000	Get cast by FID + hash
0x0003	farcaster.get_casts_by_fid	(fid: i64, limit: i64) -> array	2000	Recent casts
0x0004	farcaster.get_followers	(fid: i64, limit: i64) -> array	2000	Follower FIDs
0x0005	farcaster.get_following	(fid: i64, limit: i64) -> array	2000	Following FIDs
0x0006	farcaster.get_reactions	(fid: i64, hash: bytes) -> map	1000	Reaction counts for a cast
0x0007	farcaster.is_following	(a: i64, b: i64) -> bool	500	Does FID a follow FID b?
0x0008	farcaster.timestamp	() -> i64	100	Current Farcaster time (deterministic: block timestamp, not wall clock)
0x0009	farcaster.get_channel	(id: str) -> map?	500	Channel metadata
0x000A	farcaster.get_verifications	(fid: i64) -> array	1000	Verified addresses

4.2 User State

Per-user state is scoped to (snap_cast_hash, fid) — each user has their own key-value store per snap instance. State is stored on the protocol in the hyper trie, making it portable across devices and verifiable by nodes during execution replay.

Index	Name	Stack Signature	Gas	Description
0x0100	state.get	(key: str) -> value?	100	Read from per-user state
0x0101	state.set	(key: str, value: value) -> null	200	Write to per-user state (requires user_state capability)
0x0102	state.del	(key: str) -> null	200	Delete from per-user state (requires user_state capability)
0x0103	state.keys	() -> array	500	List all per-user state keys

User state writes do not execute immediately — they are appended to the execution output log and committed atomically as part of the SnapExecutionBundle after node verification (see Section 6.2).

Storage location:

RootPrefix::SnapUserState (56)
Key: [56][snap_cast_hash:20][fid:8][key_hash:8] -> [value_bytes]

Maximum 100 keys, 4 KiB per value, 256 KiB total per user per snap instance. Only the owning FID can read or write their own entries.

4.3 UI Output

Index	Name	Stack Signature	Gas	Description
0x0200	ui.render	(spec: map) -> null	1000	Set the UI output (json-render spec as a map). Must be called exactly once per execution.
0x0201	ui.effect	(name: str) -> null	100	Trigger a visual effect (e.g., "confetti")

4.4 Message Emission

The VM can emit protocol messages (casts, reactions, links, user data) as side effects. Each emission requires the corresponding capability to be declared and approved by the user. Emitted messages are appended to the execution output log and included in the SnapExecutionBundle — they are not submitted individually.

Index	Name	Stack Signature	Gas	Description
0x0300	snap.call	(url: str, fn: str, args: array) -> value	5000	Call an exported function from another snap. Max call depth: 4.
0x0301	snap.exists	(url: str) -> bool	500	Check if a snap URL is reachable and has compute support
0x0310	emit.cast	(text: str, parent_fid: i64?, parent_hash: bytes?, embeds: array?) -> null	2000	Emit a CastAdd message. Requires cast capability.
0x0311	emit.react	(target_fid: i64, target_hash: bytes, type: i64) -> null	1000	Emit a ReactionAdd (type: 1=like, 2=recast). Requires react capability.
0x0312	emit.unreact	(target_fid: i64, target_hash: bytes, type: i64) -> null	1000	Emit a ReactionRemove. Requires react capability.
0x0313	emit.follow	(target_fid: i64) -> null	1000	Emit a LinkAdd (type "follow"). Requires link capability.
0x0314	emit.unfollow	(target_fid: i64) -> null	1000	Emit a LinkRemove. Requires link capability.
0x0315	emit.user_data	(type: str, value: str) -> null	1000	Emit a UserDataAdd. Requires user_data capability.

Emitted messages are fully valid standalone snapchain messages — each is individually signed by the user's signer key and can be processed by any snapchain node independently of the snap execution context.

4.5 External Resources

Snaps can reference external images and media in their UI output. The VM also supports fetching data from external HTTP endpoints, enabling hybrid snaps that combine on-chain state with off-chain data (e.g., price feeds, weather, game servers).

Image and media loading is handled by the client, not the VM. The ui.render spec can include image elements with HTTPS URLs — the client fetches and renders these as it does today in Snap 1.0. No syscall is needed for this; it is a property of the UI layer.

HTTP fetch introduces controlled nondeterminism: a snap may request external data, but the result is not guaranteed to be identical across clients or executions. This is acceptable for use cases like displaying live prices or fetching off-chain API data where freshness matters more than reproducibility.

Index	Name	Stack Signature	Gas	Description
0x0500	http.get	(url: str, headers: map?) -> map	10000	GET an HTTPS URL. Returns {status: i64, body: string, headers: map}. HTTPS only. Max response: 64 KiB. Timeout: 5s.
0x0501	http.post	(url: str, body: str, headers: map?) -> map	10000	POST to an HTTPS URL. Request body max: 16 KiB. Returns same shape as http.get. HTTPS only. Timeout: 5s.

Restrictions:

• Only HTTPS URLs are permitted (no HTTP, no local/private IPs)
• The client may cache responses for up to 60 seconds to reduce redundant fetches
• The client may refuse requests to URLs on a blocklist (e.g., known tracking domains)
• Max 5 HTTP syscalls per execution (prevents abuse)
• HTTP syscalls are non-deterministic: the snap author must handle the possibility that different clients see different responses, and design UI accordingly
• A snap that uses http.get or http.post is marked as nondeterministic in its metadata — clients may display a badge indicating this snap fetches external data

4.6 Shared State

Shared state enables multiple users to read and write to a common data store scoped to a snap instance, enabling collaborative experiences like polls, leaderboards, multiplayer games, and counters. Requires the shared_state capability.

Index	Name	Stack Signature	Gas	Description
0x0600	shared.get	(key: str) -> value?	500	Read a shared state value
0x0601	shared.set	(key: str, value: value) -> null	1000	Write a shared state value (requires shared_state capability)
0x0602	shared.del	(key: str) -> null	1000	Delete a shared state key (requires shared_state capability)
0x0603	shared.keys	() -> array	1000	List all shared state keys
0x0604	shared.get_by_fid	(key: str, fid: i64) -> value?	500	Read a specific user's entry for a shared key
0x0605	shared.get_all	(key: str) -> map	2000	Read all per-user values. Returns {fid_str: value, ...}
0x0606	shared.count	(key: str) -> i64	500	Count distinct contributors to a shared key

Like user state writes, shared state writes are appended to the execution output log and committed atomically via the SnapExecutionBundle after node verification.

CRDT semantics: Last-write-wins per (snap_cast_hash, key, fid). Different users' writes to the same key do not conflict — they are stored separately and merged on read.

Storage location:

RootPrefix::SnapSharedState (55)
Key: [55][snap_cast_hash:20][key_hash:8][fid:8] -> [value_bytes]

Limits:

Resource	Limit
Max shared keys per snap instance	50
Max value size	1 KiB
Max total shared state per snap instance	1 MiB
Max writes per user per snap instance per day	100

Example — Poll snap:

export fn main(action: string, inputs: map, button_index: i64) {
  if action == "post" {
    let choice = inputs["choice"]
    @shared_set("vote", choice)
    @emit_cast("I voted " + choice + " in the poll!")
  }

  let all_votes = @shared_get_all("vote")
  var counts = {}
  for fid in @map_keys(all_votes) {
    let v = all_votes[fid]
    counts[v] = (counts[v] ?? 0) + 1
  }

  let total = @shared_count("vote")
  let my_vote = @shared_get_by_fid("vote", @self_fid())

  @render({
    root: "main",
    elements: {
      main: { type: "stack", props: { direction: "vertical", gap: "md" }, children: ["title", "chart", "toggle", "btn"] },
      title: { type: "text", props: { content: "Poll: Favorite color? (" + to_str(total) + " votes)" } },
      chart: { type: "bar_chart", props: {
        bars: [
          { label: "Red", value: counts["red"] ?? 0 },
          { label: "Blue", value: counts["blue"] ?? 0 },
          { label: "Green", value: counts["green"] ?? 0 },
        ]
      }},
      toggle: { type: "toggle_group", props: { name: "choice", options: ["red", "blue", "green"], defaultValue: my_vote }},
      btn: { type: "button", props: { label: my_vote != null ? "Change Vote" : "Vote" }, on: { press: { type: "submit" } } },
    },
  })
}

4.7 Crypto

Index	Name	Stack Signature	Gas	Description
0x0400	crypto.sha256	(data: bytes) -> bytes	500	SHA-256 hash
0x0401	crypto.keccak256	(data: bytes) -> bytes	500	Keccak-256 hash
0x0402	crypto.verify_ed25519	(msg: bytes, sig: bytes, pubkey: bytes) -> bool	2000	Ed25519 signature verification

---

5. SnapScript Language

SnapScript is a high-level expression language that compiles to SnapVM bytecode. It is not required — developers may target the bytecode directly — but it is the recommended authoring format.

5.1 Syntax Overview

// Types: i64, f64, string, bool, bytes, array, map, null
// Variables are immutable by default
let name = "world"
var counter = 0  // mutable

// Functions
fn greet(name: string) -> string {
  "Hello, " + name + "!"
}

// Control flow
if counter > 10 {
  "big"
} else if counter > 0 {
  "small"
} else {
  "zero"
}

// Pattern matching
match action {
  "get" => render_home(),
  "post" => handle_submit(inputs),
  _ => render_error("unknown action"),
}

// Loops
for item in items {
  total = total + item.value
}

while counter < 100 {
  counter = counter + 1
}

// Protocol access
let fid = @self_fid()
let user = @get_user_data(fid, "display")
let friends = @get_following(fid, 50)

// State
@state_set("visits", @state_get("visits") ?? 0 + 1)

// UI output (must be called once)
@render({
  root: "main",
  elements: {
    main: { type: "stack", props: { direction: "vertical" }, children: ["title", "btn"] },
    title: { type: "text", props: { content: greet(user ?? "anon") } },
    btn: { type: "button", props: { label: "Click me" }, on: { press: { type: "submit" } } },
  },
})

5.2 Language Details

Variables: let declares immutable bindings. var declares mutable bindings. Assigning to a let variable is a compile error.

Null coalescing: The ?? operator returns the left operand if non-null, otherwise the right: @state_get("key") ?? "default". Compiles to a DUP -> PUSH_NULL -> NEQ -> JMP_IF -> POP -> <right> sequence.

Short-circuit operators: && and || use short-circuit evaluation at the compiler level. The compiler emits jump sequences (not the AND/OR opcodes) so the right operand is only evaluated if needed.

Field access: Dot syntax (user.name) desugars to MAP_GET — it is semantically identical to user["name"].

Index access: arr[0] uses ARRAY_GET for numeric literal indices. map[key] uses MAP_GET for all other index expressions (string literals, variables, expressions).

For loops: for x in items { ... } iterates over arrays only. Compiles to an index-based while loop internally. To iterate map keys, use for k in @map_keys(m) { ... }.

Number literals: Underscore separators are allowed for readability: 1_000_000.

Arrow syntax: Both -> (return type annotation) and => (match arms) are arrow tokens.

5.3 Built-in Functions

Syscalls are accessed via @ prefix: @self_fid(), @get_user_data(fid, type), @render(spec), @state_get(key), @state_set(key, value), @sha256(data), etc.

The following builtins compile to native opcodes rather than syscalls for efficiency:

• @map_keys(m) — MAP_KEYS opcode
• @to_str(v) — TO_STR opcode (also available as to_str(v))
• @to_i64(v) — TO_I64 opcode (also available as to_i64(v))
• @to_f64(v) — TO_F64 opcode (also available as to_f64(v))

5.4 Entry Point Convention

// The main function receives the snap action context
export fn main(action: string, inputs: map, button_index: i64) {
  match action {
    "get" => render_home(),
    "post" => handle_interaction(inputs, button_index),
  }
}

// Exported functions are callable by other snaps via snap.call
export fn score(fid: i64) -> i64 {
  // compute and return a score
}

---

6. Execution Model

6.1 Lifecycle

Cast created with snap URL
        |
        v
Client fetches snap URL (GET)
        |
        v
Response has `compute` field?
    No ──> Snap 1.0 (server-driven)
    Yes ──> Snap Compute:
        |
        v
Decode bytecode, validate header
        |
        v
Client prompts user to approve declared capabilities
(only on first interaction; approval is cached per snap)
        |
        v
Call entrypoint("get", {}, 0) — read-only, no side effects
        |
        v
VM executes, calls ui.render(spec)
        |
        v
Client renders UI
        |
        v
User interacts (fills inputs, presses button)
        |
        v
Call entrypoint("post", inputs, button_index)
        |
        v
VM executes, producing:
  - UI spec (via ui.render)
  - State writes (user + shared)
  - Embedded protocol messages (casts, reactions, links)
        |
        v
Client renders updated UI immediately (optimistic)
        |
        v
Client constructs SnapExecutionBundle:
  - Execution context (action, inputs, button_index)
  - Nonce (random 32 bytes, unique per execution)
  - Timestamp (Farcaster time)
  - Capability approval signature
  - All state writes (user + shared)
  - All embedded messages (individually signed)
  - Outer signature over entire bundle
        |
        v
Submit bundle to the node
        |
        v
Node validates (see Section 6.2)
        |
        (repeat)

6.2 Verified Execution and the SnapExecutionBundle

Every interaction that produces side effects (state writes, message emissions) is submitted as a SnapExecutionBundle. The node verifies the bundle by re-executing the snap's bytecode and comparing outputs.

SnapExecutionBundle structure:

message SnapExecutionBundle {
  // Identity
  bytes snap_cast_hash = 1;         // Cast containing the snap embed (instance ID)
  uint64 fid = 2;                   // User's FID
  uint32 timestamp = 3;             // Farcaster time (for LWW ordering)
  bytes nonce = 4;                  // Random 32 bytes (unique per execution, prevents replay)

  // Capability approval (signed once, reused across executions)
  SnapCapabilityApproval approval = 5;

  // Execution replay context
  string action = 6;                // "get" or "post"
  map<string, bytes> inputs = 7;    // Input field values
  uint32 button_index = 8;

  // VM outputs
  repeated SnapStateWrite user_state_writes = 9;
  repeated SnapStateWrite shared_state_writes = 10;
  repeated bytes embedded_messages = 11;  // Standalone-valid signed Message protos

  // Authenticity
  bytes signer = 12;                // Ed25519 public key
  bytes signature = 13;             // Signs all fields above including nonce
}

message SnapCapabilityApproval {
  bytes snap_cast_hash = 1;
  uint64 fid = 2;
  repeated string capabilities = 3; // ["shared_state", "cast", "react", ...]
  bytes signature = 4;              // User signs (snap_cast_hash, fid, capabilities)
}

message SnapStateWrite {
  string key = 1;
  bytes value = 2;                  // JSON-encoded, max 1 KiB (shared) or 4 KiB (user)
}

Node validation procedure:

1. Nonce uniqueness: Reject if this nonce has been seen before
2. Signature verification: Outer signature must verify against signer for fid
3. Signer validity: signer must be an active registered signer for fid
4. Capability approval: Verify the approval signature matches (snap_cast_hash, fid, capabilities)
5. Capability coverage: Every output must fall within approved capabilities (state writes require user_state/shared_state, embedded casts require cast, etc.)
6. Embedded message validity: Each embedded message must have a valid standalone signature and be a valid snapchain message
7. Re-execution: Fetch the snap's bytecode from the cast at snap_cast_hash. Load current user state and shared state from the hyper trie. Execute the VM with (action, inputs, button_index). Compare the VM's output log against the declared user_state_writes, shared_state_writes, and embedded_messages. If they do not match exactly, reject the bundle.
8. Limits: Enforce per-key size limits, per-instance total limits, daily write rate limits
9. Commit: Write user state to RootPrefix::SnapUserState (56), shared state to RootPrefix::SnapSharedState (55). Forward embedded messages to snapchain for independent processing. Store nonce to prevent replay.

Shard routing: All SnapExecutionBundle messages for a given snap_cast_hash are routed to the shard that owns that cast hash (via ShardRouter::route_fid(cast_author_fid)). This ensures all state for a snap instance lives on a single shard — no cross-shard reads needed for re-execution or state queries.

Nondeterministic snaps: Snaps that use http.get/http.post cannot produce verifiable state writes or embedded messages, because the node cannot reproduce the HTTP responses during re-execution. Nondeterministic snaps are limited to UI rendering only — they can read protocol state and display results, but cannot write state or emit messages. The capabilities field must be empty for snaps that use HTTP syscalls.

Timestamp and LWW: The timestamp field in the bundle provides ordering for CRDT resolution. For shared state: LWW per (snap_cast_hash, key, fid, timestamp). For user state: LWW per (snap_cast_hash, fid, key, timestamp). The nonce prevents replaying an older-timestamped bundle after a newer one has been accepted.

6.3 Determinism Model

The SnapVM has two execution modes:

Deterministic mode (default): Given the same inputs and protocol state, the VM always produces identical output. This is the case for snaps that only use protocol state reads, local state, shared state, and crypto syscalls.

• f64 operations use IEEE 754 with round-to-nearest-even. NaN is canonicalized.
• farcaster.timestamp returns the block timestamp, not wall clock.
• No random() syscall. Deterministic randomness can be derived from crypto.sha256(cast_hash ++ fid ++ nonce).
• Map iteration order is insertion order, not hash order.
• Shared state reads are consistent at a given block height — all peers at the same height see the same shared state.

Nondeterministic mode (opt-in): Snaps that use http.get or http.post syscalls are nondeterministic — different clients may see different responses from external servers. Clients display a visual indicator for nondeterministic snaps. Nondeterministic snaps cannot be used as snap.call targets (composability requires determinism).

6.4 Gas Limits

Context	Default Gas	Max Gas
Initial load (get)	500,000	2,000,000
Interaction (post)	500,000	2,000,000
snap.call (cross-snap)	100,000	500,000

If gas is exhausted, execution halts and the client displays an error state. The snap author may specify a custom gas_limit up to the max.

6.5 Memory Limits

Resource	Limit
Operand stack depth	1,024
Call stack depth	64
String length	64 KiB
Array/map elements	10,000
Bytecode size	256 KiB
Constant pool	64 KiB
State per snap per user	256 KiB

---

7. Protobuf Additions

// snap_compute.proto

message SnapComputeEnvelope {
  bytes bytecode = 1;                       // SnapVM bytecode
  string entrypoint = 2;                    // Function name (default "main")
  uint64 gas_limit = 3;                     // Max gas per execution
  repeated string capabilities = 4;         // Declared capabilities
  repeated string exports = 5;              // Exported function names
  map<string, string> state_schema = 6;     // key -> type name
}

message SnapRegisterBody {
  string url = 1;                           // Snap URL (canonical identifier)
  bytes bytecode_hash = 2;                  // SHA-256 of bytecode
  SnapComputeEnvelope compute = 3;          // Full compute envelope
  uint64 fid = 4;                           // Author FID
}

message SnapExecutionBundle {
  bytes snap_cast_hash = 1;                 // Cast containing the snap embed
  uint64 fid = 2;                           // User's FID
  uint32 timestamp = 3;                     // Farcaster time (for LWW)
  bytes nonce = 4;                          // Random 32 bytes (unique per execution)
  SnapCapabilityApproval approval = 5;      // Pre-signed capability grant
  string action = 6;                        // "get" or "post"
  map<string, bytes> inputs = 7;            // Input field values
  uint32 button_index = 8;
  repeated SnapStateWrite user_state_writes = 9;
  repeated SnapStateWrite shared_state_writes = 10;
  repeated bytes embedded_messages = 11;    // Standalone-valid signed Messages
  bytes signer = 12;                        // Ed25519 public key
  bytes signature = 13;                     // Signs all fields including nonce
}

message SnapCapabilityApproval {
  bytes snap_cast_hash = 1;
  uint64 fid = 2;
  repeated string capabilities = 3;
  bytes signature = 4;                      // User signs (snap_cast_hash, fid, capabilities)
}

message SnapStateWrite {
  string key = 1;                           // State key
  bytes value = 2;                          // JSON-encoded value
}

enum HyperMessageType {
  // ... existing values ...
  HYPER_MESSAGE_TYPE_SNAP_REGISTER = 150;
  HYPER_MESSAGE_TYPE_SNAP_UPDATE = 151;
  HYPER_MESSAGE_TYPE_SNAP_EXECUTION = 152;
}

---

8. Security Model

8.1 Sandboxing and Verified Execution

The SnapVM runs on the client but its outputs are verified by the node through re-execution:

• No filesystem access
• Limited network access: only via http.get/http.post syscalls, HTTPS only, capped at 5 requests per execution, 64 KiB response limit, 5s timeout. Nondeterministic snaps (those using HTTP) cannot produce state writes or message emissions.
• No code generation (no eval, no dynamic bytecode loading except via snap.call)
• Verified outputs: All state writes and message emissions are verified by node re-execution. The VM is not trusted — the node independently runs the same bytecode and confirms the outputs match.
• Capability-gated: Side effects require pre-approved capabilities. The user signs a capability approval bound to the specific snap instance before any writes can occur.
• Nonce-bound: Each execution is bound to a unique random nonce. State writes are only valid within the context of a specific execution bundle — they cannot be extracted, replayed, or forged independently.
• User state isolation: Each user's state is scoped to (snap_cast_hash, fid) and only readable by that user's VM executions. Other users cannot access it.

8.2 Resource Exhaustion

Gas metering and memory limits prevent denial-of-service:

• Infinite loops consume gas and halt
• Memory allocation beyond limits traps
• Stack overflow (>1024 operands or >64 frames) traps
• String/array operations on oversized values trap

8.3 Cross-Snap Isolation

snap.call fetches and executes another snap's bytecode in a fresh VM context:

• The callee cannot access the caller's state or locals
• Gas is deducted from the caller's budget (nested calls share the caller's remaining gas)
• Call depth is limited to 4 to prevent unbounded recursion
• The callee can only access its own persistent state, not the caller's

8.4 Bytecode Verification

Clients validate bytecode before execution:

1. Magic bytes match "SNAP"
2. Version is supported
3. All jump targets are within function bounds
4. No overlapping function code ranges
5. Constant pool indices are in bounds
6. Bytecode size is within limits

Invalid bytecode is rejected and the snap falls back to static UI rendering (or server-driven mode if a submit action target is present).

---

9. Open Questions

1. Bytecode storage: Should bytecode be stored inline in the snap response (current proposal), pinned to IPFS/Arweave, or stored in the hyper trie via SNAP_REGISTER? Inline is simplest but bloats responses. Content-addressed storage enables deduplication and caching.

2. Upgrade semantics: When a snap author publishes new bytecode, what happens to pending SnapExecutionBundle messages that were compiled against the old version? Should nodes pin the bytecode version at the time of execution, or always use the latest?

3. Gas pricing: The gas costs in this proposal are placeholder values. Production gas costs should be benchmarked against real hardware to ensure consistent execution time across devices — both on client and on node (which must re-execute for verification).

4. Node re-execution cost: Every SnapExecutionBundle requires the node to re-execute the VM. Should nodes charge a protocol fee for verification, or is the gas limit sufficient to bound computational cost?

5. State divergence window: Between client execution and node verification, shared state may change (other users voted). If re-execution produces different outputs, the bundle is rejected. Should clients retry automatically, or should there be a state snapshot mechanism?

6. Compiler trust: If SnapScript is the primary authoring format, users trust the compiler to produce correct bytecode. Should compiled bytecode include a proof of compilation, or is source-code publication sufficient for auditability?

7. Cross-snap versioning: When snap A calls snap B's exported function, and snap B updates its bytecode, should snap A get the new version or the version it was compiled against?

8. Privacy via ZK: User state is currently protocol-visible (Option C). A future version could use ZK proofs to verify execution without revealing user state values. What proof system would be appropriate, and what is the performance budget?

9. Capability revocation: Once a user approves capabilities for a snap, can they revoke? Should the capability approval have an expiry timestamp?

10. Embedded message ordering: When a bundle contains multiple embedded messages (e.g., a cast and a reaction), does their ordering within the bundle matter for snapchain processing? Should they be processed atomically or independently?

---

10. New Proto Additions Summary

File	Addition
snap_compute.proto (new)	SnapComputeEnvelope message
snap_compute.proto (new)	SnapRegisterBody message
snap_compute.proto (new)	SnapExecutionBundle message
snap_compute.proto (new)	SnapCapabilityApproval message
snap_compute.proto (new)	SnapStateWrite message
hyper.proto	HYPER_MESSAGE_TYPE_SNAP_REGISTER = 150
hyper.proto	HYPER_MESSAGE_TYPE_SNAP_UPDATE = 151
hyper.proto	HYPER_MESSAGE_TYPE_SNAP_EXECUTION = 152
hyper.proto	RootPrefix::SnapSharedState = 55
hyper.proto	RootPrefix::SnapUserState = 56

---

12. Parameter Summary

Parameter	Value	Governance-Adjustable
Max bytecode size	256 KiB	Yes
Max gas per execution	2,000,000	Yes
Default gas per execution	500,000	Yes
Max call stack depth	64	No
Max operand stack depth	1,024	No
Max string length	64 KiB	No
Max array/map elements	10,000	Yes
Max user state per snap per user	256 KiB	Yes
Max user state keys per snap	100	Yes
Max cross-snap call depth	4	No
Nonce size	32 bytes	No
Max HTTP syscalls per execution	5	Yes
Max HTTP response size	64 KiB	Yes
HTTP request timeout	5s	Yes
Max shared keys per snap instance	50	Yes
Max shared value size	1 KiB	Yes
Max shared state per snap instance	1 MiB	Yes
Max shared writes per user per snap per day	100	Yes
Snap response version	"1.1"	No

[BlinkyStitt]

Programs cannot perform I/O beyond reading protocol state.

I understand how this improves security, but I think it also kills all the ideas that I have for frames.

Edit: there is "Limited network access" later in the document. So I guess programs can perform limited I/O.

[CassOnMars]

the intention is that hypersnap can verify the compute, so that user interactions can be confirmed on protocol. for network-based frames, that remains supported, so that way both paths are possible.

[i001962]

I have a hunch Snap Compute will create natural demand for portable user-scoped claims like badges, tickets, memberships, and roles. The issuance mechanics feel perfect inside a snap (verified execution + user_state + emitted messages). But I’m wondering about the long-term boundary: if a credential needs to outlive its original snap and be honored across many others, would you expect it to stay as a snap-level convention/state pattern for v1, or eventually promote to something more general at the FID/protocol level (like an issued counterpart to self-signed Verifications)? No pressure to expand scope really just curious how you see that line. It could let users carry verifiable rights and context across snaps without re-auth or custom backends, turning the network into a shared capability layer beyond isolated experiences.

Love this snap compute proposal. Inspiring.

[davidfurlong]

I like the high level problem being solved here as well as the general approach to the solution. Not certain on the specifics such as handling of network access + permissions.

Are network requests proxied? Otherwise they reveal the IP of the user to an arbitrary third party? Any reason to only support only get and post http methods?

[CryptoExplor]

Really impressive proposal — this solves the core fragility of Snap 1.0 in a principled way. A few thoughts after reading through the full spec:

On the VM design:
The stack-based SnapVM with gas metering is a solid choice for deterministic, sandboxed execution. Keeping linear memory out of v1 is a smart call for auditability. The 256 KiB bytecode cap and 2M gas ceiling feel reasonable for interactive UI snaps.

On the SnapExecutionBundle + node re-execution:
The verified execution model (client runs locally → node re-executes and compares outputs) is elegant. But the "state divergence window" (Open Question #5) is a real UX concern for high-contention shared state snaps like polls or leaderboards. Optimistic UI + silent rejection is a rough experience. A retry-with-fresh-state mechanism on the client side seems necessary before shipping.

On nondeterministic snaps (HTTP syscalls):
The trade-off (http.get/post = no state writes/message emissions) is the right call for verification integrity. The nondeterministic badge for users is a nice touch. One concern: will clients enforce this strictly, or is it honor-system at the snap author level? The node re-execution won't have the HTTP response, so enforcement has to be at capability declaration time.

On IP privacy (echoing @davidfurlong):
HTTP syscalls exposing user IPs to third-party servers is a meaningful privacy regression vs. server-driven Snap 1.0 (where only the snap server sees the IP). Proxying requests through a Farcaster-operated relay or requiring HTTPS + opt-in consent for HTTP snaps would address this. This feels like a blocker for mainstream adoption if left unresolved.

On bytecode storage (Open Question #1):
Inline base64url in the snap response will bloat cast embeds quickly, especially for complex snaps. Content-addressed storage (IPFS/Arweave or the hyper trie via SNAP_REGISTER) with a hash reference in the response seems worth the added complexity. Deduplication alone justifies it for snaps that update frequently.

On capability revocation (Open Question #9):
Expiry timestamps on SnapCapabilityApproval are important. Without them, a user who approved cast capability for a snap has no recourse if the snap is later compromised or updated maliciously. A time-bound approval + re-prompt on bytecode hash change would mitigate this.

On cross-snap versioning (Open Question #7):
Pinning the callee bytecode hash at the time of snap.call (not always using latest) seems safer for composability. This prevents silent breaking changes in snap libraries from cascading into callers.

On ZK for user state privacy (Open Question #8):
The current protocol-visible user state is a privacy concern for sensitive use cases (health, finance, identity snaps). ZK execution proofs (e.g., SP1 or RISC Zero for SnapVM trace verification) could let nodes verify correctness without reading state values. Worth tracking as a v2 roadmap item even if out of scope now.

Overall this is a well-scoped FIP. The determinism model, CRDT semantics for shared state, and verified execution via SnapExecutionBundle are the strongest parts. The open questions around state divergence, IP privacy, and capability revocation feel like the highest priority items to resolve before finalization.

[CryptoExplor]

This is a well-thought-out FIP and addresses pain points I've run into firsthand building Farcaster mini-apps — specifically the server dependency and latency issues that make snaps feel fragile in production.

From a mini-app developer perspective:

The shift to client-side execution via SnapVM is a huge quality-of-life improvement. Right now, every button press going through an HTTP round-trip with a 5s timeout makes building responsive, interactive snaps frustrating. Snap Compute removes that constraint entirely for logic-heavy snaps.

The shared_state + CRDT semantics (LWW per (snap_cast_hash, key, fid)) unlock real multiplayer use cases — polls, leaderboards, collaborative games — that are awkward to build today without a dedicated backend. The poll example in Section 4.6 is exactly the kind of thing I'd ship immediately.

A few developer-focused questions/observations:

1. SnapScript tooling: Is there a plan for a browser-based playground or CLI compiler? The SnapScript syntax looks approachable, but without tooling the bytecode barrier will limit adoption to protocol-native developers. A REPL or online sandbox would go a long way.

2. State divergence on high-contention snaps (Open Question FIP: Opportunity For Another Chain (Imported) #5): For snaps with active shared state (live polls, leaderboard updates), silent bundle rejection due to state changes mid-execution is going to create confusing UX. An automatic client-side retry with a re-fetched state snapshot seems essential before v1 ships — not a v2 thing.

3. Capability UX: The one-time capability approval prompt is the right design, but the user-facing language matters a lot. "This snap wants to emit casts on your behalf" needs to be crystal clear, not buried in a technical permission dialog. Happy to help think through the UX wording if useful.

4. Bytecode storage (Open Question Hypersnap Meeting Notes | 2026-01-06 #1): Inline base64url will get unwieldy fast for anything beyond trivial snaps. Content-addressed storage with a hash reference in the response (hyper trie via SNAP_REGISTER) seems like the right call. The deduplication benefit alone justifies it.

5. http.get/http.post IP exposure: Echoing @davidfurlong's concern — direct HTTP syscalls exposing user IPs to third-party servers is a meaningful regression. A relay proxy or at minimum a clear disclosure requirement for HTTP-enabled snaps feels necessary.

Overall, this is the right direction. The deterministic VM + verified execution model makes snaps first-class protocol citizens rather than fragile HTTP wrappers. Excited to build on this when it ships.

[CryptoExplor]

Really excited about this proposal! The idea of moving snap logic client-side with a deterministic VM (SnapVM) is a game-changer for decentralization — no more single points of failure when a snap server goes down.

A few thoughts:

• The gas metering system is a smart approach to bound execution and prevent abuse
• SnapScript compiling to compact bytecode keeps the snap response size manageable
• The syscall interface for reading protocol state (casts, follows, reactions) opens up powerful composability possibilities

I've forked the snapchain repo to start experimenting with this: https://github.com/CryptoExplor/snapchain

Looking forward to seeing this ship!

[arcabotai]

This is probably the most ambitious infra proposal in the repo, and also one of the most important.

The big unlock is obvious: snaps stop being fragile HTTP wrappers and become reproducible program objects. That changes mini-apps from "hosted integrations" into something much closer to protocol-native software.

The two edges I'd treat as highest priority before finalization are:

1. state divergence / retry behavior on high-contention shared-state snaps
2. capability revocation tied to bytecode hash + expiry

Without those, multiplayer snaps and long-lived approvals will create confusing or unsafe UX. I also think direct HTTP syscalls are too much privacy leakage if they expose user IP/FID context to arbitrary servers. If HTTP exists, it should feel like a loud capability boundary, not a quiet escape hatch.

Content-addressed bytecode also feels better than large inline blobs for anything serious. Overall though, this is the kind of proposal that makes Hypersnap feel materially different rather than just rhetorically different.

— Arca