feat: anchor ephemeral permission#84
Merged
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (2)
WalkthroughThis PR adds a new Anchor example project demonstrating a PDA-backed counter with Ephemeral Rollups private delegation/permission flows, updates CI/toolchain (Node/Rust/Solana/Anchor), provides project configuration (Cargo/Anchor/TS/package), implements the Anchor program, and adds an end-to-end TypeScript test suite and README. ChangesEphemeral Permissions Counter Example
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/test-examples.yml:
- Around line 26-29: Replace the archived actions-rs/toolchain@v1 usage with a
maintained action: swap the step that currently uses actions-rs/toolchain@v1
(and its inputs toolchain: "1.94.0" and override: true) to a supported
alternative such as dtolnay/rust-toolchain (or
actions-rust-lang/setup-rust-toolchain) and map the existing inputs accordingly
(preserve the rust version "1.94.0" and equivalent override behavior using the
chosen action's inputs); update the step's uses value to dtolnay/rust-toolchain
(or actions-rust-lang/setup-rust-toolchain) and adjust inputs to the target
action's expected fields.
In `@anchor-ephemeral-permission-counter/programs/private-counter/Cargo.toml`:
- Around line 24-28: The Cargo.toml dependency for ephemeral-rollups-sdk pins
rev to an abbreviated SHA; replace the short commit hash in the rev field for
the dependency declaration named ephemeral-rollups-sdk with the full
40-character commit SHA to ensure reproducible pinning (update the rev value in
the dependency block that includes features "anchor", "disable-realloc",
"access-control").
In `@anchor-ephemeral-permission-counter/programs/private-counter/src/lib.rs`:
- Around line 32-48: The initialize flow is currently re-runnable because the
transfer(...) and state assignments always execute; guard them so they only run
on first initialization: in the Initialize handler (the transfer(...) call,
counter.count and counter.authority assignments), check whether the counter is
uninitialized (e.g., counter.authority == Pubkey::default() or add an explicit
is_initialized flag) and only perform the ephemeral_accounts::rent transfer and
set counter.count = 0 and counter.authority = ctx.accounts.authority.key() when
that check passes; alternatively change the account constraint from
init_if_needed to a strict init so Anchor enforces single creation—apply this
guard to the same logic referenced by Initialize, transfer, and counter.* so
repeated calls no longer reset state or re-transfer lamports.
- Around line 60-65: The increment handler uses wrap logic (if counter.count >
1000 then reset to 0) but other handlers that also increment the account do not,
causing inconsistent semantics; make the behavior consistent by centralizing the
wrap logic into a single helper (e.g., implement a method on the account like
impl Counter { fn increment_wrapped(&mut self) { self.count += 1; if self.count
> 1000 { self.count = 0 } } }) and replace the inline increments in pub fn
increment(...) and all other handlers that mutate counter.count with a call to
that helper so every path uses identical wrap behavior.
- Around line 90-163: Permission lifecycle functions (initialize_permission,
update_permission, close_permission) lack an authority signer check in
PermissionContext, letting anyone call them; update the PermissionContext to
include an explicit authority Signer account and enforce that this signer equals
the counter.authority (so only the counter owner can call these instructions),
then adjust the CPI calls: pass the authority signer account as the authority
argument and set authority_is_signer = true for the CPIs that use an authority
(e.g., in UpdateEphemeralPermissionCpi and CloseEphemeralPermissionCpi) so the
external program sees the caller as a real signer.
In `@anchor-ephemeral-permission-counter/tests/private-counter.ts`:
- Around line 176-177: Several tests use fixed sleeps like await new
Promise((resolve) => setTimeout(resolve, 3000)); which makes E2E flaky; replace
each fixed delay with a bounded polling helper (e.g., implement a
pollForCondition or waitFor helper) that repeatedly checks the concrete
condition (owner change, account exists/absent, or whatever state the subsequent
assertions expect) until success or a max timeout, and use that helper in place
of the three setTimeout occurrences so tests wait deterministically for the
actual condition rather than a fixed interval.
- Around line 73-88: The provider recreation uses hardcoded teeUrl/teeWsUrl
which ignores a custom ephemeralRpcEndpoint; after obtaining authToken via
getAuthToken (called with ephemeralRpcEndpoint, payer.publicKey, ...), rebuild
providerEphemeralRollup using ephemeralRpcEndpoint (and its corresponding ws
endpoint) with the token appended instead of teeUrl/teeWsUrl so the configured
TEE_PROVIDER_ENDPOINT is honored; update the Connection instantiation in
providerEphemeralRollup to derive the RPC URL from ephemeralRpcEndpoint and the
wsEndpoint from the matching ws URL (or construct by replacing protocol/host as
needed) and append ?token=${authToken.token}.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: fb513a75-13a6-429f-964d-9ef7ae561d95
⛔ Files ignored due to path filters (2)
anchor-ephemeral-permission-counter/Cargo.lockis excluded by!**/*.lockanchor-ephemeral-permission-counter/yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (12)
.github/workflows/test-examples.yml.gitignoreanchor-ephemeral-permission-counter/.env.exampleanchor-ephemeral-permission-counter/.gitignoreanchor-ephemeral-permission-counter/Anchor.tomlanchor-ephemeral-permission-counter/Cargo.tomlanchor-ephemeral-permission-counter/README.mdanchor-ephemeral-permission-counter/package.jsonanchor-ephemeral-permission-counter/programs/private-counter/Cargo.tomlanchor-ephemeral-permission-counter/programs/private-counter/src/lib.rsanchor-ephemeral-permission-counter/tests/private-counter.tsanchor-ephemeral-permission-counter/tsconfig.json
💤 Files with no reviewable changes (1)
- .gitignore
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/test-examples.yml (1)
58-68:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winMissing CI test step for
anchor-ephemeral-permission-counter.The PR adds a new example project but no corresponding test step in CI. This means regressions in the new example won't be caught automatically.
🧪 Suggested test step
- name: Test anchor-counter env: PROVIDER_ENDPOINT: http://127.0.0.1:8899 WS_ENDPOINT: ws://127.0.0.1:8900 EPHEMERAL_PROVIDER_ENDPOINT: http://127.0.0.1:7799 EPHEMERAL_WS_ENDPOINT: ws://127.0.0.1:7800 run: | sudo prlimit --pid $$ --nofile=1048576:1048576 cd anchor-counter yarn install anchor test --provider.cluster localnet + + - name: Test anchor-ephemeral-permission-counter + env: + PROVIDER_ENDPOINT: http://127.0.0.1:8899 + WS_ENDPOINT: ws://127.0.0.1:8900 + TEE_PROVIDER_ENDPOINT: http://127.0.0.1:7799 + TEE_WS_ENDPOINT: ws://127.0.0.1:7800 + run: | + sudo prlimit --pid $$ --nofile=1048576:1048576 + cd anchor-ephemeral-permission-counter + yarn install + anchor test --provider.cluster localnet🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/test-examples.yml around lines 58 - 68, Add a new CI test step mirroring the existing "Test anchor-counter" job for the new example: create a step named "Test anchor-ephemeral-permission-counter" that sets the same environment variables (PROVIDER_ENDPOINT, WS_ENDPOINT, EPHEMERAL_PROVIDER_ENDPOINT, EPHEMERAL_WS_ENDPOINT), runs the same setup commands (sudo prlimit --pid $$ --nofile=1048576:1048576), changes into the anchor-ephemeral-permission-counter directory, runs yarn install, and executes anchor test --provider.cluster localnet so the new example is exercised in CI.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/test-examples.yml:
- Around line 25-28: The GitHub Actions step that uses the
dtolnay/rust-toolchain action ("Setup Rust") is pinned to `@master` which is
unsafe; update the action reference in that step (the uses field currently
`dtolnay/rust-toolchain@master`) to a stable ref such as `@stable`, `@v1`, or a
full commit SHA to ensure reproducible builds while keeping the existing
toolchain input ("toolchain": "1.94.0") unchanged.
---
Outside diff comments:
In @.github/workflows/test-examples.yml:
- Around line 58-68: Add a new CI test step mirroring the existing "Test
anchor-counter" job for the new example: create a step named "Test
anchor-ephemeral-permission-counter" that sets the same environment variables
(PROVIDER_ENDPOINT, WS_ENDPOINT, EPHEMERAL_PROVIDER_ENDPOINT,
EPHEMERAL_WS_ENDPOINT), runs the same setup commands (sudo prlimit --pid $$
--nofile=1048576:1048576), changes into the anchor-ephemeral-permission-counter
directory, runs yarn install, and executes anchor test --provider.cluster
localnet so the new example is exercised in CI.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 2d7ca9a8-e734-4273-9eab-edcb1f746bbd
⛔ Files ignored due to path filters (1)
anchor-ephemeral-permission-counter/Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (4)
.github/workflows/test-examples.ymlanchor-ephemeral-permission-counter/programs/private-counter/Cargo.tomlanchor-ephemeral-permission-counter/programs/private-counter/src/lib.rsanchor-ephemeral-permission-counter/tests/private-counter.ts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Documentation
Tests
Chores