chore: limit v1 state tree, v2 state&address tree creations to protocol authority

[ananas-block]

1. Added authority signer check requiring protocol_config_pda.authority for v1 state tree initialization with
   network fee
2. Added authority signer check requiring protocol_config_pda.authority for v2 batched state tree initialization
3. Added authority signer check requiring protocol_config_pda.authority for v2 batched address tree
   initialization
4. Renamed payer parameter to authority in create_initialize_merkle_tree_instruction,
   create_initialize_batched_merkle_tree_instruction, and create_initialize_batched_address_merkle_tree_instruction

Entire-Checkpoint: beb8e7abdeef

Summary by CodeRabbit

• Bug Fixes

  • Enhanced authorization and permission validation for merkle tree initialization to ensure transactions are signed by the proper authority.

• Chores

  • Updated test infrastructure to properly support authority-based signing and validation checks across merkle tree creation operations.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• program-tests/justfile is excluded by none and included by none

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Semantic renaming of authorization parameters from payer to authority across the SDK and test infrastructure, with the introduction of a new governance_authority field to test structures, addition of authority validation checks in initialization paths, and updated CPI account wiring to include protocol configuration and light system program references.

Changes

Cohort / File(s)	Summary
Registry CPI SDK programs/registry/src/account_compression_cpi/sdk.rs, programs/registry/src/lib.rs	Renamed payer parameter to authority in initialization instruction constructors; added protocol_config_pda and light_system_program fields to CPI accounts; introduced authority validation checks to ensure signers match PDA authority.
State Tree Test Infrastructure sdk-libs/program-test/src/accounts/state_tree.rs, sdk-libs/program-test/src/accounts/state_tree_v2.rs	Added authority parameter to public functions; updated instruction calls to use authority pubkey; implemented dynamic signer vectors that conditionally include authority when different from payer.
Address Tree Test Infrastructure sdk-libs/program-test/src/accounts/address_tree_v2.rs	Added authority parameter; replaced payer pubkey with authority pubkey in initialization; updated transaction signing to use dynamic signers vector.
Test Core & Initialization sdk-libs/program-test/src/accounts/initialize.rs, sdk-libs/program-test/src/indexer/test_indexer.rs	Added governance_authority field to TestIndexer struct; updated all tree creation function calls to pass governance_authority as authority parameter; propagated governance_authority through initialization paths.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• chore: pre release #2014 — Modifies registry initialization and authorization paths with CPI account wiring updates for authorities and forester parameters
• chore: update light sdk docs, upstream fixes #1954 — Updates CPI/authority wiring and caller-side signer flows, including payer-to-authority renaming and system program references

Suggested labels

ai-review

Suggested reviewers

• sergeytimoshin
• SwenSchaeferjohann

Poem

🏛️ Authority flows through the system now,
No longer just a payer's vow,
Governance keeps watch with careful eyes,
While signers dance in proper size,
CPI calls know who's in charge ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 35.29% which is insufficient. The required threshold is 70.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: limiting tree creation operations to protocol authority across v1 state trees and v2 state & address trees, which aligns with the parameter renames and validation logic added throughout the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jorrit/chore-limit-tree-creations-to-protocol-auth

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@programs/registry/src/lib.rs`:
- Around line 348-350: The authority check that compares
ctx.accounts.authority.key() to ctx.accounts.protocol_config_pda.authority must
run on all initialization paths (including the network_fee == None &&
forester.is_some() branch) so protocol-authority cannot be bypassed; modify the
v1 state tree creation logic to perform this comparison unconditionally before
branching on network_fee/forester (or add the same check into the forester-only
branch) so that non-protocol signers are rejected in both cases.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 14adf27 and 4bc5eae.

⛔ Files ignored due to path filters (8)

• program-tests/account-compression-test/tests/batched_merkle_tree_test.rs is excluded by none and included by none
• program-tests/registry-test/tests/tests.rs is excluded by none and included by none
• program-tests/system-test/tests/test.rs is excluded by none and included by none
• program-tests/utils/src/e2e_test_env.rs is excluded by none and included by none
• xtask/src/create_batch_address_tree.rs is excluded by none and included by none
• xtask/src/create_batch_state_tree.rs is excluded by none and included by none
• xtask/src/create_state_tree.rs is excluded by none and included by none
• xtask/src/new_deployment.rs is excluded by none and included by none

📒 Files selected for processing (7)

• programs/registry/src/account_compression_cpi/sdk.rs
• programs/registry/src/lib.rs
• sdk-libs/program-test/src/accounts/address_tree_v2.rs
• sdk-libs/program-test/src/accounts/initialize.rs
• sdk-libs/program-test/src/accounts/state_tree.rs
• sdk-libs/program-test/src/accounts/state_tree_v2.rs
• sdk-libs/program-test/src/indexer/test_indexer.rs