Revert ":sparkles: CPI Authentication using a World PDA (#196)"

[notdanilo]

Reverts PR #196

Summary by CodeRabbit

• Refactor
  • Replaced CpiAuth with InstructionSysvarAccount across SDKs (C#, TypeScript, Rust).
  • Removed CPI_AUTH_ADDRESS constant from TypeScript SDK.
  • Simplified account builder signatures by removing signer seeds parameters in Rust SDK.
  • Updated all account structures and transaction builders to use the new instruction sysvar account pattern.

[coderabbitai]

Walkthrough

This pull request replaces CPI authentication across multiple codebases, transitioning from a signer-based cpi_auth approach to using the Solana instruction sysvar account. Changes span C#, TypeScript, and Rust, updating account structures, transaction builders, trait signatures, and CPI context construction throughout.

Changes

Cohort / File(s)	Summary
C# Generated Client clients/csharp/Solana.Unity.Bolt/WorldProgram/Generated.cs	Replaces CpiAuth public key property with InstructionSysvarAccount across ApplyAccounts, ApplyWithSessionAccounts, DestroyComponentAccounts, and InitializeComponentAccounts classes. Updates all AccountMeta initializations and transaction builder methods to reference the new property with default value pointing to sysvar instructions address.
TypeScript Transaction Source clients/typescript/src/world/transactions.ts	Removes CPI_AUTH_ADDRESS constant export. Changes web3.js import to type-only. Adds instructionSysvarAccount: SYSVAR_INSTRUCTIONS_PUBKEY to InitializeComponent instruction creation. Removes cpiAuth parameter from DestroyComponent, Apply, and ApplyWithSession account blocks.
TypeScript Tests clients/typescript/test/low-level/ecs.ts, clients/typescript/test/low-level/session.ts, clients/typescript/test/low-level/permissioning/component.ts, clients/typescript/test/low-level/permissioning/world.ts	Removes CPI_AUTH_ADDRESS imports and eliminates cpiAuth field from instruction account blocks across multiple test cases in ECS, session, and permissioning test flows.
Rust Attribute Macro crates/bolt-lang/attribute/bolt-program/src/lib.rs	Removes CPI checker integration and replaces with instruction-caller validation using get_instruction_relative and World::id() comparison. Adds instruction_sysvar_account fields (address-wrapped) to Initialize, Destroy, Update, and UpdateWithSession account structs. Removes cpi_auth: Signer fields. Inlines instruction-caller checks in initialize, destroy, and update paths.
Rust Component Program crates/programs/bolt-component/src/lib.rs	Removes cpi_auth: Signer field from Update, UpdateWithSession, Initialize, and Destroy account structs. Adds instruction_sysvar_account: AccountInfo with fixed sysvar instructions address. Simplifies CpiContextBuilder trait from multi-lifetime generics to single 'info lifetime. Changes build_cpi_context to accept program only (removes signer seeds) and use CpiContext::new instead of new_with_signer.
Rust World Program crates/programs/world/src/lib.rs	Removes World::cpi_auth_seeds() and World::cpi_auth_address() utility methods. Replaces cpi_auth: UncheckedAccount with instruction_sysvar_account: UncheckedAccount (with sysvar instructions address check) in InitializeComponent, DestroyComponent, Apply, and ApplyWithSession account structs. Updates CPI context build calls to remove signer seeds. Simplifies build_update_context and build_update_context_with_session function signatures by replacing cpi_auth parameter with instruction_sysvar_account and removing lifetime parameters.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Program as World Program
    participant Comp as Component Program
    participant Sysvar as Sysvar Instructions

    rect rgb(200, 220, 255)
    Note over Client,Sysvar: Old Flow (CPI Auth Signer)
    Client->>Program: Send instruction with cpi_auth signer
    Program->>Program: Validate cpi_auth signer seeds
    Program->>Comp: CPI call with signer seeds
    end

    rect rgb(220, 255, 200)
    Note over Client,Sysvar: New Flow (Instruction Sysvar)
    Client->>Program: Send instruction with sysvar account
    Program->>Sysvar: Read instruction sysvar
    Program->>Program: Verify instruction caller via get_instruction_relative
    Program->>Comp: CPI call (direct, no signer seeds)
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Reasoning: Multi-language refactor spanning 6 distinct files across C#, TypeScript, and Rust with significant structural changes. Includes trait signature modifications, public API surface changes, logic replacement (CPI checker to instruction-caller validation), and cascading updates across account structures and context builders. Requires understanding CPI semantics, lifetime parameters, and cross-cutting authentication flow changes. Changes are largely cohesive (single semantic replacement) but affect multiple interdependent systems, necessitating careful verification of consistency across all codebases.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The PR description provided is minimal and largely incomplete relative to the repository's template. The description consists only of "Reverts PR #196" without following any of the template's structured sections: no problem statement explaining why the revert is necessary, no solution details, no status table, no deploy notes, and no other contextual information. While the description is not off-topic (it correctly identifies the purpose of the PR), it lacks the substantive information expected by the template, making it difficult for reviewers to understand the full implications, reasoning, and any deployment considerations for this revert.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The PR title "Revert ":sparkles: CPI Authentication using a World PDA (#196)"" is fully related to the changeset. The raw summary confirms that all changes are removing CPI authentication features (CPI_AUTH_ADDRESS, cpi_auth fields, etc.) and replacing them with instruction_sysvar_account, which is exactly what a revert of PR #196 (which introduced CPI authentication) would entail. The title is concise, specific, and a teammate scanning the history would immediately understand that this PR reverts a previous CPI authentication feature. The reference to PR #196 provides helpful context for understanding the scope of changes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch revert/cpi-auth

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f5186d9 and a801d9f.

⛔ Files ignored due to path filters (4)

• clients/typescript/src/generated/idl/world.json is excluded by !**/generated/**
• clients/typescript/src/generated/instructions/apply.ts is excluded by !**/generated/**
• clients/typescript/src/generated/instructions/initializeComponent.ts is excluded by !**/generated/**
• clients/typescript/src/generated/types/world.ts is excluded by !**/generated/**

📒 Files selected for processing (9)

• clients/csharp/Solana.Unity.Bolt/WorldProgram/Generated.cs (8 hunks)
• clients/typescript/src/world/transactions.ts (2 hunks)
• clients/typescript/test/low-level/ecs.ts (0 hunks)
• clients/typescript/test/low-level/permissioning/component.ts (0 hunks)
• clients/typescript/test/low-level/permissioning/world.ts (1 hunks)
• clients/typescript/test/low-level/session.ts (0 hunks)
• crates/bolt-lang/attribute/bolt-program/src/lib.rs (8 hunks)
• crates/programs/bolt-component/src/lib.rs (4 hunks)
• crates/programs/world/src/lib.rs (9 hunks)

💤 Files with no reviewable changes (3)

• clients/typescript/test/low-level/permissioning/component.ts
• clients/typescript/test/low-level/ecs.ts
• clients/typescript/test/low-level/session.ts

🧰 Additional context used

🧬 Code graph analysis (4)

clients/csharp/Solana.Unity.Bolt/WorldProgram/Generated.cs (2)

clients/csharp/Solana.Unity.Bolt.Test/Velocity.cs (6)

• Solana (305-317)
• Solana (319-335)
• SessionToken (55-89)
• SessionToken (68-88)
• Entity (31-53)
• Entity (38-52)

clients/typescript/src/generated/types/world.ts (1)

• World (7-467)

crates/bolt-lang/attribute/bolt-program/src/lib.rs (1)

clients/typescript/src/generated/types/world.ts (1)

• World (7-467)

crates/programs/world/src/lib.rs (2)

crates/programs/bolt-component/src/lib.rs (2)

• initialize (9-11)
• destroy (13-15)

clients/typescript/src/world/transactions.ts (1)

• InitializeComponent (393-428)

clients/typescript/src/world/transactions.ts (1)

clients/typescript/src/index.ts (1)

• SYSVAR_INSTRUCTIONS_PUBKEY (20-22)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: lint (yarn)
• GitHub Check: lint (clippy)
• GitHub Check: test

🔇 Additional comments (14)

crates/programs/bolt-component/src/lib.rs (2)

33-36: Sysvar wiring looks correct

Adding instruction_sysvar_account with the fixed address is appropriate for these handlers. No issues found.

Also applies to: 46-49, 68-71, 90-93

---

101-107: All verification checks passed—change is consistent and complete

The code shows:

• Both trait implementations (lines 110–118, 121–129) consistently use CpiContext::new() instead of new_with_signer()
• Downstream usages in crates/programs/world/src/lib.rs (lines 721, 743) invoke .build_cpi_context() without signer seed parameters
• No lingering references to new_with_signer, signer_seeds, or cpi_auth exist in the codebase

The migration from signer support to basic CPI contexts is complete and has no unresolved dependencies.

clients/typescript/test/low-level/permissioning/world.ts (1)

2-2: Removed CPI auth import — OK

Import cleanup aligns with sysvar-based auth. No concerns.

clients/typescript/src/world/transactions.ts (1)

419-421: InitializeComponent now passes instruction sysvar explicitly — good

Explicitly providing SYSVAR_INSTRUCTIONS_PUBKEY is correct and future‑proof.

clients/csharp/Solana.Unity.Bolt/WorldProgram/Generated.cs (1)

280-282: C# bindings updated to InstructionSysvarAccount — looks good

Defaults point to Sysvar1nstructions..., and instruction key order includes the sysvar. All consistent with the IDL.

Also applies to: 290-294, 321-323, 337-339, 435-436, 453-454, 485-486, 499-500

crates/bolt-lang/attribute/bolt-program/src/lib.rs (1)

150-156: Instruction-sysvar caller check — pattern verified, runtime testing required

The code pattern is correctly and consistently implemented across all four locations (lines 150, 187, 229, 255), and the TypeScript IDL properly includes instructionSysvarAccount. However, the core concern—that get_instruction_relative(0) returns the outermost transaction instruction during CPI (not intermediate calls)—remains a runtime semantic that requires empirical testing on your target Solana cluster. You should verify this behavior through integration tests that confirm:

• Direct component calls without World fail with InvalidCaller
• Calls routed through World succeed
• CPI scenarios from other programs are correctly rejected

crates/programs/world/src/lib.rs (8)

260-271: LGTM: CPI calls correctly simplified.

The removal of signer seeds from build() calls is correct for the instruction sysvar authentication approach. These functions now properly delegate authentication to the instruction sysvar verification performed in the account structs.

---

299-324: LGTM: Instruction sysvar authentication properly implemented.

The instruction_sysvar_account with address constraint correctly implements the standard Solana pattern for CPI verification. The address check at line 308 ensures only the legitimate instruction sysvar account can be used.

---

353-381: LGTM: Session-based apply context correctly updated.

The ApplyWithSession struct properly mirrors the Apply struct changes, maintaining consistency in how instruction sysvar authentication is handled across both session and non-session flows.

---

523-558: LGTM: InitializeComponent correctly refactored.

The removal of lifetime parameters and signer seeds from the build() method is appropriate for the instruction sysvar approach. The method now correctly constructs a CpiContext without PDA signing, relying on the instruction sysvar for authentication verification.

---

560-599: LGTM: DestroyComponent consistently updated.

The changes mirror those in InitializeComponent, ensuring consistency across component lifecycle operations. The instruction sysvar approach is correctly applied.

---

706-722: LGTM: Update context builder properly refactored.

The build_update_context function correctly transitions to the instruction sysvar approach. The simplified lifetime parameters and the use of build_cpi_context() improve code clarity while maintaining correctness.

---

724-744: LGTM: Session update context builder consistently updated.

The build_update_context_with_session function maintains consistency with build_update_context, correctly applying the instruction sysvar pattern while preserving session token handling.

---

1-744: No issues found—migration complete and consistent.

All concerns have been verified:

• ✅ No remaining cpi_auth references in Rust code
• ✅ TypeScript client updated (no CPI_AUTH_ADDRESS references)
• ✅ C# client updated (no CpiAuth references)
• ✅ instruction_sysvar_account pattern applied consistently across bolt-component, world program, and bolt-lang attribute

The revert is clean and fully propagated across all client SDKs and program implementations.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Invalid TS type import for @solana/web3.js (breaks types like web3.PublicKey)

There is no default export. Use a type namespace import.

Apply this diff:

-import type web3 from "@solana/web3.js";
+import type * as web3 from "@solana/web3.js";

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	import type web3 from "@solana/web3.js";
	import type * as web3 from "@solana/web3.js";

🤖 Prompt for AI Agents

In clients/typescript/src/world/transactions.ts around line 21, the current line
uses an invalid default type import "import type web3 from '@solana/web3.js'";
replace it with a type namespace import so named exports like web3.PublicKey
work correctly: change to "import type * as web3 from '@solana/web3.js'". Ensure
any subsequent type references remain qualified (web3.PublicKey,
web3.Transaction, etc.).

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Account type consistency for instruction_sysvar_account

You mix AccountInfo and UncheckedAccount across structs. It works, but pick one for consistency (prefer AccountInfo for exactness).

Also applies to: 210-212, 272-274, 284-286

🤖 Prompt for AI Agents

In crates/bolt-lang/attribute/bolt-program/src/lib.rs around lines 173-175 (and
similarly at 210-212, 272-274, 284-286), the instruction_sysvar_account (and
equivalent fields) are inconsistently typed as a mix of AccountInfo and
UncheckedAccount; pick AccountInfo for consistency and precision: change the
field types declared as UncheckedAccount to AccountInfo<'info> for each listed
location and ensure the appropriate anchor_lang::prelude::AccountInfo is in
scope (adjust imports if needed).