Draft
Conversation
Contributor
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Contributor
|
Important Review skippedAuto reviews are limited based on label configuration. 🏷️ Required labels (at least one) (1)
Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+32
to
+100
| name: system-programs | ||
| if: github.event.pull_request.draft == false | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 60 | ||
|
|
||
| services: | ||
| redis: | ||
| image: redis:8.0.1 | ||
| ports: | ||
| - 6379:6379 | ||
| options: >- | ||
| --health-cmd "redis-cli ping" | ||
| --health-interval 10s | ||
| --health-timeout 5s | ||
| --health-retries 5 | ||
|
|
||
| env: | ||
| REDIS_URL: redis://localhost:6379 | ||
|
|
||
| strategy: | ||
| matrix: | ||
| include: | ||
| - program: sdk-test-program | ||
| sub-tests: '["cargo-test-sbf -p sdk-native-test"]' | ||
| - program: sdk-anchor-test-program | ||
| sub-tests: '["cargo-test-sbf -p sdk-anchor-test", "cargo-test-sbf -p sdk-pinocchio-test"]' | ||
| - program: sdk-libs | ||
| packages: light-macros light-sdk light-program-test light-client light-batched-merkle-tree | ||
| test_cmd: | | ||
| cargo test -p light-macros | ||
| cargo test -p light-sdk | ||
| cargo test -p light-program-test | ||
| cargo test -p light-client | ||
| cargo test -p client-test | ||
| cargo test -p light-sparse-merkle-tree | ||
| cargo test -p light-batched-merkle-tree --features test-only -- --skip test_simulate_transactions --skip test_e2e | ||
| steps: | ||
| - name: Checkout sources | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup and build | ||
| uses: ./.github/actions/setup-and-build | ||
| with: | ||
| skip-components: "redis" | ||
|
|
||
| - name: build-programs | ||
| run: | | ||
| source ./scripts/devenv.sh | ||
| npx nx build @lightprotocol/programs | ||
|
|
||
| - name: Run sub-tests for ${{ matrix.program }} | ||
| if: matrix.sub-tests != null | ||
| run: | | ||
| source ./scripts/devenv.sh | ||
| npx nx build @lightprotocol/zk-compression-cli | ||
|
|
||
| IFS=',' read -r -a sub_tests <<< "${{ join(fromJSON(matrix.sub-tests), ', ') }}" | ||
| for subtest in "${sub_tests[@]}" | ||
| do | ||
| echo "$subtest" | ||
| eval "RUSTFLAGS=\"-D warnings\" $subtest" | ||
| done | ||
|
|
||
| - name: Run tests for ${{ matrix.program }} | ||
| if: matrix.test_cmd != null | ||
| run: | | ||
| source ./scripts/devenv.sh | ||
| npx nx build @lightprotocol/zk-compression-cli | ||
| ${{ matrix.test_cmd }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 16 hours ago
In general, to fix this issue you add an explicit permissions: block either at the workflow root (so it applies to all jobs) or at the individual job level, and set it to the minimum required (often contents: read if the job only needs to check out code and run tests). This constrains the GITHUB_TOKEN so it cannot perform unintended write operations.
For this specific workflow, the job only checks out the repository and runs tests and package-manager operations; none of the steps need to write to GitHub resources. The simplest least-privilege fix is therefore to add a top-level permissions: block just after the name: section, setting contents: read. This will apply to the system-programs job and any other jobs in this workflow (none are shown, but this is safe). No changes to steps, actions versions, or additional imports are needed.
Concretely:
-
Edit
.github/workflows/sdk-tests.yml. -
After the
name: examples-testsline, insert:permissions: contents: read
This explicitly limits GITHUB_TOKEN to read-only repository contents while preserving existing functionality.
Suggested changeset
1
.github/workflows/sdk-tests.yml
| @@ -19,6 +19,9 @@ | ||
|
|
||
| name: examples-tests | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true |
Copilot is powered by AI and may make mistakes. Always verify output.
js/compressed-token/src/utils/pack-compressed-token-accounts.ts
Dismissed
Show dismissed
Hide dismissed
Comment on lines
+22
to
+96
| name: stateless-js-v1 | ||
| if: github.event.pull_request.draft == false | ||
| runs-on: ubuntu-latest | ||
|
|
||
| services: | ||
| redis: | ||
| image: redis:8.0.1 | ||
| ports: | ||
| - 6379:6379 | ||
| options: >- | ||
| --health-cmd "redis-cli ping" | ||
| --health-interval 10s | ||
| --health-timeout 5s | ||
| --health-retries 5 | ||
|
|
||
| env: | ||
| LIGHT_PROTOCOL_VERSION: V1 | ||
| REDIS_URL: redis://localhost:6379 | ||
| CI: true | ||
|
|
||
| steps: | ||
| - name: Checkout sources | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup and build | ||
| uses: ./.github/actions/setup-and-build | ||
| with: | ||
| skip-components: "redis,disk-cleanup" | ||
| cache-suffix: "js" | ||
|
|
||
| - name: Build stateless.js with V1 | ||
| run: | | ||
| cd js/stateless.js | ||
| pnpm build:v1 | ||
|
|
||
| - name: Build CLI | ||
| - name: Build compressed-token with V1 | ||
| run: | | ||
| source ./scripts/devenv.sh | ||
| npx nx build @lightprotocol/zk-compression-cli --skip-nx-cache | ||
| cd js/compressed-token | ||
| pnpm build:v1 | ||
|
|
||
| # Comment for breaking changes to Photon | ||
| - name: Run CLI tests | ||
| - name: Build CLI (CI mode - Linux x64 only) | ||
| run: | | ||
| source ./scripts/devenv.sh | ||
| npx nx test @lightprotocol/zk-compression-cli | ||
| npx nx build-ci @lightprotocol/zk-compression-cli | ||
|
|
||
| - name: Run stateless.js tests | ||
| - name: Run stateless.js tests with V1 | ||
| run: | | ||
| source ./scripts/devenv.sh | ||
| npx nx test @lightprotocol/stateless.js | ||
| echo "Running stateless.js tests with retry logic (max 2 attempts)..." | ||
| attempt=1 | ||
| max_attempts=2 | ||
| until npx nx test-ci @lightprotocol/stateless.js; do | ||
| attempt=$((attempt + 1)) | ||
| if [ $attempt -gt $max_attempts ]; then | ||
| echo "Tests failed after $max_attempts attempts" | ||
| exit 1 | ||
| fi | ||
| echo "Attempt $attempt/$max_attempts failed, retrying..." | ||
| sleep 5 | ||
| done | ||
| echo "Tests passed on attempt $attempt" | ||
|
|
||
| - name: Run compressed-token tests | ||
| - name: Run compressed-token tests with V1 | ||
| run: | | ||
| source ./scripts/devenv.sh | ||
| npx nx test @lightprotocol/compressed-token | ||
| echo "Running compressed-token tests with retry logic (max 2 attempts)..." | ||
| attempt=1 | ||
| max_attempts=2 | ||
| until npx nx test-ci @lightprotocol/compressed-token; do | ||
| attempt=$((attempt + 1)) | ||
| if [ $attempt -gt $max_attempts ]; then | ||
| echo "Tests failed after $max_attempts attempts" | ||
| exit 1 | ||
| fi | ||
| echo "Attempt $attempt/$max_attempts failed, retrying..." | ||
| sleep 5 | ||
| done | ||
| echo "Tests passed on attempt $attempt" |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 month ago
To fix the problem, explicitly define minimal GITHUB_TOKEN permissions for this workflow or for the specific job. Since the workflow only checks out code, builds, and runs tests, it normally only needs read access to repository contents. We can add a permissions block at the root of the workflow so it applies to all jobs (there is only one job in the snippet). This will ensure that even if the repository or org default is read-write, the workflow will only have contents: read.
Concretely, in .github/workflows/js.yml, add:
permissions:
contents: readbetween the name: js-tests-v1 section and the concurrency: block (lines 14–16 in the snippet). This does not change any existing behavior of steps, but constrains the token according to the principle of least privilege. No additional methods, definitions, or imports are needed.
Suggested changeset
1
.github/workflows/js.yml
| @@ -13,6 +13,9 @@ | ||
|
|
||
| name: js-tests-v1 | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true |
Copilot is powered by AI and may make mistakes. Always verify output.
* refactor: expose keccak feature * chore: add get_random_state_tree_info_v1 * fix: add MixedTreeVersions error * refactor: LightAccount with PubkeyTrait
* chore(program-libs): bump versions (#2012)
* chore: registry program throw on zero network fee * chore: set batched address tree default fee to 10k * chore: limit batched tree creations to light security group * chore: disable program owned trees * chore: cleanup features, add tests for mainnet tree config and features * cleanup * chore: fix nits * fix test * fix: impl feedback
* chore: add docker image publishing to prover release workflow * Add Go build and key download steps to prover release * Add disk space cleanup step to prover release workflow * Remove disk cleanup condition from prover release * Move disk space cleanup step to prover build job * Fix prover release workflow tag format
* chore: regenerate vkeys * update prover version tag
Bumps [nx](https://github.com/nrwl/nx/tree/HEAD/packages/nx) from 20.8.1 to 22.0.1. - [Release notes](https://github.com/nrwl/nx/releases) - [Commits](https://github.com/nrwl/nx/commits/22.0.1/packages/nx) --- updated-dependencies: - dependency-name: nx dependency-version: 22.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 6. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v6) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
SwenSchaeferjohann
temporarily deployed
to
github-pages
GitHub Actions
Inactive
…on phase time check (#2321) * feat: allow foresters to register at any time by disabling registration phase time check * test: add register any time functional test --------- Co-authored-by: ananas <jorrit@lightprotocol.com>
…me (#2318) * fix: batched address tree init assert tree and queue index are the same * fix: add cpi ix data address queue index assignment
* chore: add close-buffer xtask for Squads multisig Add xtask command to serialize a BPF Upgradeable Loader Close instruction as a bs58 message for the Squads TX builder, enabling buffer account closure when the authority is a multisig. * fix: use solana-loader-v3-interface instead of deprecated bpf_loader_upgradeable * fix lint
* fix: migrate trees ix preserve work * fix ci Entire-Checkpoint: c994844a3394
* test: add basic unit tests for light pda compression and decompression Entire-Checkpoint: 90f73237f4da * test: randomized decompress Entire-Checkpoint: 34ad2a47e6b5 * format * address feedback Entire-Checkpoint: 7c9c24f71fe9
* fix: init v1 tree with custom forester
* chore: add mint creation fee Entire-Checkpoint: 3b001a578b94 * fix tests Entire-Checkpoint: b5b9ac87e33d * fix tests Entire-Checkpoint: 75af397ef5ab * feat: allow create_mint in CPI context write mode Removes the restriction that blocked create_mint when write_to_cpi_context is true. This enables multi-mint creation (N-1 write-mode CPI calls + 1 execute-mode call). In write mode, the mint creation fee is charged by validating rent_sponsor against the hardcoded RENT_SPONSOR_V1 constant (no compressible_config account needed). The system program is included as a trailing account to enable the fee transfer CPI. Entire-Checkpoint: 3c0618ad006f * fix: update ctoken_pda test expected error code The wrapper program doesn't include rent_sponsor in its CPI, so the error changes from 6035 (CpiContextSetNotUsable) to 20009 (account iterator parse failure). * fix stuff * fix lint * chore: update docs, refactor: rent sponsor account check
* Refactor epoch processing logic in EpochManager - Simplified the handling of epoch registration and processing by removing redundant checks and consolidating error handling. - Enhanced logging for better traceability of epoch processing events. - Updated the logic to always process the current epoch regardless of registration status. - Improved the registration phase checks to determine if registration is open or closed. - Adjusted the handling of target epochs to streamline the flow of sending epochs for processing. Enhance ForesterStatus to include registration state - Added `registration_is_open` field to `ForesterStatus` to indicate if registration is currently open. - Updated logic in `get_forester_status_with_options` to determine the current registration state and adjust the next registration epoch accordingly. - Modified calculations for slots until next registration based on the registration state. Update queue helpers to track total ZKP batches - Extended `V2QueueInfo` and related structures to include `input_total_zkp_batches` and `output_total_zkp_batches`. - Adjusted parsing functions to calculate total ZKP batches based on batch size and ZKP batch size. - Ensured compatibility with existing queue processing logic. Deploy script adjustments - Updated the deploy script to focus on the `light_registry` library, removing references to other libraries. * refactor metrics * revert deploy.sh * feat: Add fallback RPC and indexer configuration options - Introduced fallback RPC and indexer URLs in the environment configuration and CLI arguments to enhance resilience. - Updated README.md to document new fallback options and their usage. - Modified the API server and RPC pool to support automatic failover to fallback URLs on health check failures. - Enhanced the configuration structs and tests to include fallback settings. - Refactored related code for improved readability and maintainability. * feat: Add metrics contract and update metrics registration logic * Enhance CLI argument validation and improve error handling - Added value parser with range validation for `rpc_pool_failure_threshold` and `rpc_pool_primary_probe_interval_secs` in CLI arguments to ensure they are greater than 0. - Updated error handling in `EpochManager` to return an error when the epoch channel is closed instead of continuing the loop. - Simplified queue capacity calculation in `parse_tree_status` by removing unnecessary checks for `zkp_batch_size`. - Moved the spawning of the primary recovery probe to after the pool is built in `run_pipeline_with_run_id` for better clarity and structure.
…ol authority (#2325) * chore: limit v1 state tree, v2 state&address tree creations to protocol authority Entire-Checkpoint: beb8e7abdeef * chore: use bigger stack in test Entire-Checkpoint: ed8d74024c1f
* feat: refinalization for late forester registrations * fix: improve wait_for_refinalize logic and remove unused epoch_pda parameter * feat: add registration trackers to manage re-finalization for mid-epoch forester registrations * cleanup
* chore: add v1 tree deprecation log messages Log warnings when v1 state trees or address trees are used, directing users to the v1-to-v2 migration guide. Entire-Checkpoint: 4a00fc4f40bb * feat: charge network fee on V1 output appends Add network fee (5,000 lamports per unique V1 output tree) to match the existing V2 output fee behavior and V1 input fee behavior. Entire-Checkpoint: 7423e3c1c43d * feat: reimburse forester for tx fees on V1 tree operations Transfer network_fee lamports from queue account to fee_payer when foresters perform nullify_leaves and update_address_merkle_tree operations on V1 trees with network_fee > 0. The registry CPI wrappers pass the forester's authority wallet as fee_payer. Entire-Checkpoint: 7071fd5951fd * fix: update JS tests for V1 output network fee Entire-Checkpoint: ecbda9cc501d * chore: clarify fee comment Entire-Checkpoint: 814bd0c10ab4 * stash * fix lint * fix: transfer nullify fee from merkle tree, fix borrow conflicts V1 state tree network fees accumulate in the merkle tree account (not the nullifier queue), so nullify reimbursement must transfer from the merkle tree. Also read network_fee before mutable data borrows to avoid RefCell conflicts in both nullify_leaves and update_address_merkle_tree. Entire-Checkpoint: 6941c31c12ec
* fix: ForesterNotEligible deadlock fix * refactor: add fee-filter to tree discovery * fix: adjust FORESTER_NOT_ELIGIBLE error code to include ERROR_CODE_OFFSET * feat: enhance tree discovery with retroactive filtering and add confirmation settings * cleanup
…Tree (#2335) Add fee_payer account to BatchAppend and BatchUpdateAddressTree instructions to reimburse foresters for network fees. BatchAppend transfers 2x network_fee from output_queue, BatchUpdateAddressTree transfers 1x network_fee from merkle_tree. Transfers only occur when network_fee >= 5000 lamports. Registry CPI wrappers pass fee_payer through; SDK builders set fee_payer to forester. Also adds create-address-test-program to the programs build.
* chore: add poseidon hash input error for non 32 bytes inputs * fix: pad RegisteredUser.data to 32 bytes for Poseidon hashv The on-chain Poseidon length check now enforces all inputs to be exactly 32 bytes. RegisteredUser.data is [u8; 31], so pad it into a 32-byte array (right-aligned, big-endian) before hashing. Entire-Checkpoint: 7de49f8e11b2 * fix: pad all Poseidon hash inputs to 32 bytes light-poseidon 0.4.0 enforces that all inputs are exactly 32 bytes. Pad smaller inputs (u64/u32/usize indices, [u8; 31] data) to 32-byte arrays before hashing. Also bump light-poseidon to 0.4.0 in workspace. Entire-Checkpoint: 140e93a9e15d * fix: pad Poseidon hash inputs to 32 bytes in compressed account tests The test_compressed_account_hash test was passing sub-32-byte slices (leaf_index, lamports, discriminator) directly to Poseidon::hashv. light-poseidon 0.4 requires all inputs to be exactly 32 bytes. Entire-Checkpoint: ee45a7a4e626 * fix: pad 31-byte data to 32 bytes in system-cpi-test assertion The test-side hash assertion also passes data.as_slice() (31 bytes) to Poseidon::hashv which now requires 32-byte inputs. Entire-Checkpoint: 1560c14e6263 * fix: pad Poseidon hash inputs to 32 bytes in indexed-merkle-tree tests The test_append and functional_non_inclusion_test tests were passing sub-32-byte slices to Poseidon::hashv. light-poseidon 0.4 requires all inputs to be exactly 32 bytes. Entire-Checkpoint: 716761bbe363 * fix: rustfmt formatting for indexed-merkle-tree tests Entire-Checkpoint: f7dc2aedbbc6
* rm decompressinterface test cov: offcurve, zero-amounts test cov: dupe hash failure, v1 reject at ixn boundary more test cov load, add freeze thaw, extend test cov add tests lint frozen handling more tests mark internals rm _tryfetchctokencoldbyaddress cleanups fmt * unwrap consistent * remove createLoadAccountsParams * add uni err * fix * remove layout serde, add load-ata instruction * apply review fixes, simplify delegate and frozen reasoning * update freeze thaw * test upd * fix cold load delegate * fmt * fix ci * add test cov: tx size * rename ctoken full v3 * renames * wip * checked for all interface, pass decimals * use destination directly in transferinterface * format * fix lint * fix lint * fix transfer-interface.test.ts * address last remaining comment * add changelog: br change decimals * fix mds * apply review comments * format * lint * for unwrap/wrap ixns we should always do wrap=false * fixes * lint * fix version mismatch between formatter and linter * better errors for getAccountInterface and getMintInterface * format * granualr typed errs on accountInfoInterface * lint, changelog, tests * v2 gate for getaccountinfointerface tests
SwenSchaeferjohann
temporarily deployed
to
github-pages
GitHub Actions
Inactive
* prep beta release * bump versions * fix comments and changelog
ananas-block
temporarily deployed
to
github-pages
GitHub Actions
Inactive
…tween v1, v2, and compression (#2331) * feat: add priority fee configuration and handling * fix: add Signature import to solana_sdk in epoch_manager * feat: add confirmation configuration for smart transactions and update related functions * format * refactor * fix: improve error handling * refactor * cleanup * - refactored transaction sending logic in `send_transaction.rs` and `tx_sender.rs` - enhanced error handling in transaction processing to differentiate between send failures and execution failures - modified `priority_fee.rs` to streamline error handling and improve fallback mechanisms - adjusted V2 error handling to include custom error codes for better debugging - improved the handling of transaction execution status * cleanup * cleanup * format * refactor error handling in transaction processing to include batch not ready state * add logging to forester tests workflow * dump photon.log on failure * add indexer health checks and tracker wait functions in tests * more logs * add local transaction dumping functionality and enhance test failure logging * refactor transaction extraction and block fetching in local transaction dump * refactor WorkReportError handling to use registry_error_code for improved clarity * refactor ForesterError handling to use registry_error_code for NotEligible checks * wip * refactor local transaction dumping to handle duplicates and improve output structure * cleanup * debugging * unify test validator and photon commiment * increase timeout for Forester e2e test to 120 minutes * custom surfpool branch * refactor: update surfpool version to 1.1.1 and remove unused binary path logic * fix: remove unnecessary environment variable from spawnBinary call * refactor: remove unused dependencies and streamline eligibility checks in epoch manager * format * format
* fix: handle mixed batch/non-batch inputs in create_nullifier_queue_indices When a transaction mixes batch (v2) and legacy/concurrent (v1) input accounts, the nullifier queue index assignment was using the raw position in input_compressed_accounts as the write index into nullifier_queue_indices. This caused an out-of-bounds panic when a non-batch account appeared between batch accounts (e.g. [batchA, legacy, batchB, batchA]). Fix by walking input_compressed_accounts in order and using a compact batch_idx counter that only advances for accounts with a matching sequence number entry. Non-batch accounts have no sequence number entry and are skipped without consuming a slot. * feat: add xtask fetch-block-events subcommand Fetches a configurable number of blocks starting at a given slot, parses every transaction using event_from_light_transaction, and prints a structured summary of all Light Protocol events found. Usage: cargo xtask fetch-block-events --start-slot <slot> --network mainnet cargo xtask fetch-block-events --start-slot <slot> --network devnet --num-blocks 5 * fix: format * chore: bump light-event 0.23.0 -> 0.23.1 * fix: extract ParsedInstruction struct to satisfy clippy::type_complexity * fix: rustfmt fetch_block_events * test(light-event): add regression tests for mixed batch/legacy nullifier OOB panic Transaction 3ybts1eFSC7QN6aU4ao6NJCgn7xTbtBVyzeLDZJf9eVN93vHZWupX4TXqHHgV18xf17eit7Uw5T135uabnpToKK4 at slot 407265372 panicked with "index out of bounds: len is 3 but index is 3" in create_nullifier_queue_indices when inputs mix batch and legacy trees. Adds two tests: - src/regression_test.rs: real mainnet instruction bytes decoded via bs58 - tests/parse_test.rs: synthetic test verifying exact nullifier_queue_indices [6, 3, 7] Also adds light-event to sdk-libs/justfile so it runs in CI.
* fixes * use slicelast * upd docs * format * upd cu, transferoptions, * add check * fmt ci
SwenSchaeferjohann
temporarily deployed
to
github-pages
GitHub Actions
Inactive
…rk-ff duplicate compilation (#2356) * perf: iteration 1 — skip zstd-sys C build on CI via system libzstd Install libzstd-dev on CI and set ZSTD_SYS_USE_PKG_CONFIG=1 so zstd-sys uses pkg-config to find the system library instead of compiling from C source. zstd-sys (~7.9s) is a transitive dep via Solana's reqwest 0.11 and cannot be removed from the dep graph, but the C build can be avoided with a system library present. Also includes lld, clang, and libssl-dev from previous optimization work (already in the working tree from the prior plan). Entire-Checkpoint: 549cca13d530 * perf: iteration 8 — compile proc-macro crates at opt-level 3 in dev profile Add [profile.dev.package.*] overrides for syn, proc-macro2, quote, serde_derive, ark-ff-macros, and ark-ff-asm. These crates execute at build time; compiling them at full optimization reduces the time they spend generating code for downstream crates. * perf: iteration 4 — eliminate ark-ff 0.4 duplicate compilation Patch groth16-solana via [patch.crates-io] with the local version which: - Uses ark-ff 0.5 (same as workspace) instead of 0.4 - Bumps solana-bn254 from 2.x to 3.x (which uses ark 0.5) - Sets default-features = false for ark/thiserror/serde deps Also bump workspace solana-bn254 from "2.2" to "3.2.1" to match. Fix typo in 104 light-verifier verifying_keys files: vk_gamme_g2 -> vk_gamma_g2 (the typo fix was shipped in groth16-solana PR #29). TODO: replace path patch with git dep once groth16-solana changes are pushed and merged (branch: jorrit/chore-bump-deps, commit: 4e6cacf). * perf: switch groth16-solana patch to git dep (rev 4e6cacf) Replace local path patch with git dep pointing to the pushed commit, making the ark-ff 0.4 elimination work on CI. * fix: update solana-bn254 v3 API and fix remaining vk_gamme_g2 typos solana-bn254 v3 deprecated the unversioned compress/decompress functions in favour of explicit _be variants. Update prover/client/src/proof.rs to use alt_bn128_g{1,2}_{compress,decompress}_be. Also fix the vk_gamme_g2 -> vk_gamma_g2 typo in xtask/src/create_vkeyrs_from_gnark_key.rs which was missed in the bulk rename (this file both constructs a Groth16Verifyingkey and generates source code using quote!). * fix: upgrade SOLANA_VERSION 2.2.15 -> 2.3.13 to fix edition 2024 CI failure Solana 2.2.15 ships platform-tools v1.46 (cargo 1.84.0), which cannot parse Cargo.toml manifests that use `edition = "2024"`. time-macros 0.2.27 (transitively required via solana-streamer -> x509-parser -> asn1-rs -> time 0.3.47) uses edition 2024. Main CI was not failing because its build cache was warm. Our Cargo.lock changes (solana-bn254 2.2 -> 3.2.1, groth16-solana patch) bust the cache, causing a fresh compile of time-macros 0.2.27 which then fails. Solana 2.3.13 ships platform-tools v1.48 (Rust 1.86+) which supports edition 2024. This also aligns the CLI version with the workspace library crates that are already pinned to "2.3". * fix: call ring provider install exactly once via Once Use std::sync::Once in ensure_ring_provider so that install_default() is only attempted on the first call per process, avoiding redundant global-state mutations on subsequent calls. * fix: pin time to 0.3.37 to avoid edition2024 in time-macros time 0.3.38+ depends on time-macros 0.2.20+ which uses edition = "2024" in its Cargo.toml. The Solana platform-tools ship Cargo 1.84.0 which cannot parse edition 2024 manifests. Pin time to 0.3.37 (time-macros 0.2.19) so cargo test-sbf can parse the full dep graph. Affects: e2e-test via solana-client -> solana-streamer -> x509-parser -> asn1-rs -> time -> time-macros
* chore: add forester tps xtask Entire-Checkpoint: ca2f5cb4ca53 * chore: allow rpc url from env variable Entire-Checkpoint: eb09f696bf72
* feat(compressed-token): add approve/revoke delegation for light-token ATAs Add TypeScript SDK functions to call the on-chain CTokenApprove (discriminator 4) and CTokenRevoke (discriminator 5) instruction handlers for light-token associated token accounts. New files: - instructions/approve-revoke.ts: sync instruction builders matching Rust SDK layout - actions/approve-interface.ts: async actions with cold loading + tx sending - tests/e2e/approve-revoke-light-token.test.ts: unit + E2E tests Also adds getLightTokenDelegate helper and extends FrozenOperation type. * fix(sdk): make decimals optional in unified approve/revoke wrappers Avoid unnecessary getMintInterface RPC call when caller provides decimals. * feat(sdk): add transferDelegated for light-token ATAs Add transferDelegatedInterface action and unified wrapper, completing the approve → transfer → revoke delegation flow for light-token ATAs. * add spl t22 support * refactor(sdk): align transferDelegated with wallet-recipient API Update transferDelegatedInterface and createTransferDelegatedInterfaceInstructions to accept a recipient wallet address instead of an explicit destination token account, matching the transferInterface convention from PR #2354. ATA derivation and idempotent creation now happen internally for all programId variants (light-token, SPL, Token-2022). * 1st batch commnets * docs(sdk): document load-all behavior in approve/revoke JSDoc; add owner==feePayer E2E test Add @remarks to approve/revoke functions documenting that for light-token mints, all cold (compressed) balances are loaded into the hot ATA regardless of the delegation amount. Add E2E test covering the owner==feePayer code path which was previously only tested at the unit level. * add regression tests * fixes * update changelog * upd changelog * fix: packedaccounts in js should not turn bool to number * cherry pick bool fix * bump versions again --------- Co-authored-by: tilo-14 <tilo@luminouslabs.com> Co-authored-by: Swenschaeferjohann <swen@lightprotocol.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.