aj suggests implementing a method that makes this explicit. This method involves a graftroot input having at least two items on the witness stack, a signature, a script (S), and possibly witness elements for the script. The signature has a SIGHASH_GRAFTROOT bit set. To validate the signature, a virtual transaction is constructed. If the signature is valid, the virtual transaction is discarded, and the script and witness elements are checked against the original transaction. This approach would make it clear that graftroot is a simple optimization rather than changing the security parameters. However, there are some caveats to consider, such as disallowing signatures with SIGHASH_GRAFTROOT from being used in signatures in scripts, using SIGHASH_NOINPUT (or similar) in conjunction to allow graftroot delegation prior to constructing the tx, and ensuring locktime/csv checks in the script S behave sanely.