feat: Implement access pass management commands and global state authority updates #1272
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR implements a comprehensive access pass management system and global state authority updates for the DoubleZero CLI tools. The changes introduce new access pass functionality, restructure device and global config commands for better authority management, and establish a more flexible authentication system.
- Adds Access Pass management commands (
Set,List) to both client and admin CLI tools with support for prepaid/postpaid types - Introduces global state authority management with separate activator and access authorities replacing foundation allowlist checks
- Updates test utilities to properly initialize authority keys with unique payers for improved test coverage
Reviewed Changes
Copilot reviewed 75 out of 75 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| smartcontract/test/start-test.sh | Adds authority configuration and access pass creation commands to test setup |
| smartcontract/sdk/rs/src/tests.rs | Updates test utilities to initialize authority keys with unique payers |
| smartcontract/programs/doublezero-serviceability/src/state/globalstate.rs | Adds activator_authority_pk and access_authority_pk fields to GlobalState |
| smartcontract/programs/doublezero-serviceability/src/state/accesspass.rs | Implements new AccessPass state with type, status, and payment tracking |
| smartcontract/programs/doublezero-serviceability/src/processors/globalstate/setauthority.rs | Adds processor for setting global state authorities |
| smartcontract/programs/doublezero-serviceability/src/processors/accesspass/setaccesspass.rs | Implements access pass creation and update functionality |
| smartcontract/cli/src/globalconfig/authority/set.rs | Adds CLI command for setting global configuration authorities |
| smartcontract/cli/src/accesspass/set.rs | Implements CLI command for setting access passes |
| controlplane/doublezero-admin/src/main.rs | Integrates new access pass and authority commands into admin CLI |
| client/doublezero/src/main.rs | Integrates new access pass and authority commands into client CLI |
Comments suppressed due to low confidence (1)
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
smartcontract/programs/doublezero-serviceability/src/processors/globalstate/setauthority.rs
Show resolved
Hide resolved
smartcontract/programs/doublezero-serviceability/src/processors/accesspass/setaccesspass.rs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
is the intent for the activator to validate a pass PDA by reconstructing the pubkey and seed for the AccessPass from the connecting client's IP address and ensure it matches the one in the pass account? otherwise what's to stop a connecting client from submitting any valid account on behalf of a host at a given IP address without ensuring the client is indeed connecting from the IP address that got authorized and encoded in the access pass?
smartcontract/programs/doublezero-serviceability/src/processors/accesspass/set.rs
Show resolved
Hide resolved
smartcontract/programs/doublezero-serviceability/src/state/accesspass.rs
Show resolved
Hide resolved
|
Access control is handled in the create user instruction. The idea is that the User.Create instruction receives the AccessPass account corresponding to the IP to be connected. If it has been previously created, it will validate the epoch; if not, it will reject the connection. |
karl-dz
requested changes
Aug 18, 2025
smartcontract/programs/doublezero-serviceability/src/state/accesspass.rs
Show resolved
Hide resolved
smartcontract/programs/doublezero-serviceability/src/state/accesspass.rs
Outdated
Show resolved
Hide resolved
smartcontract/programs/doublezero-serviceability/src/processors/accesspass/set.rs
Outdated
Show resolved
Hide resolved
smartcontract/programs/doublezero-serviceability/src/processors/accesspass/set.rs
Outdated
Show resolved
Hide resolved
smartcontract/programs/doublezero-serviceability/src/state/accesspass.rs
Show resolved
Hide resolved
smartcontract/programs/doublezero-serviceability/src/state/globalstate.rs
Outdated
Show resolved
Hide resolved
smartcontract/programs/doublezero-serviceability/src/state/globalstate.rs
Outdated
Show resolved
Hide resolved
smartcontract/programs/doublezero-serviceability/src/processors/globalstate/setauthority.rs
Outdated
Show resolved
Hide resolved
smartcontract/programs/doublezero-serviceability/src/processors/globalstate/setauthority.rs
Outdated
Show resolved
Hide resolved
juan-malbeclabs
force-pushed
the
jo/1264
branch
from
0facd2a to
d0565a5
Compare
jeffgrunewald
approved these changes
Aug 19, 2025
…ority updates - Added `SetAccessPassCliCommand` for setting access pass details including type, client IP, payer, and last access epoch. - Introduced `GetAuthorityCliCommand` to retrieve current authority settings. - Created `SetAuthorityCliCommand` for updating activator and access authority public keys. - Implemented `ListAccessPassCommand` for listing all access passes. - Developed processor functions for handling access pass creation and updates in the serviceability program. - Added serialization and deserialization for `AccessPass` state management. - Enhanced tests for command execution and processor functionality to ensure reliability.
juan-malbeclabs
force-pushed
the
jo/1264
branch
from
8a4f4d9 to
7293041
Compare
karl-dz
approved these changes
Aug 19, 2025
…rror messaging in user creation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The most important changes include adding Access Pass management commands, restructuring device and global config commands for better authority and interface management, and introducing new link acceptance functionality. These updates enhance the flexibility and extensibility of the CLI tools, making them easier to use and maintain.
The Access Pass will be implemented without being used for validation in order to test the development, and later it will be integrated with user validation.
New CLI Features
accesspassCLI module and commands (Set,List) to bothclient/doublezeroandcontrolplane/doublezero-admin, allowing users to manage access passes directly from the CLI. [1] [2] [3] [4] [5]Global Configuration Improvements
Test and Utility Updates
Testing Verification