Adds Program Exec Authority #107
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tracy-codes
requested changes
Oct 19, 2025
Contributor
tracy-codes
left a comment
tracy-codes
left a comment
There was a problem hiding this comment.
A couple of comments + change suggestions
tracy-codes
reviewed
Oct 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR adds comprehensive ProgramExec authority support to all instruction interfaces in the Swig SDK, enabling program-based authentication for all wallet operations. ProgramExec allows instructions to be authenticated by verifying that a preceding instruction in the transaction matches a configured program ID and instruction discriminator, rather than requiring a cryptographic signature. This work establishes a foundation for more complex authority types like Zero-Knowledge proofs (ZK), Multi-Party Computation (MPC), and other programmable authentication mechanisms that can leverage the preceding instruction pattern.
Security Model
Trust Assumptions:
The authority that adds a ProgramExec authority to the Swig wallet explicitly trusts the configured program ID and instruction discriminator
⚠️ Requires careful configuration - incorrect program ID or discriminator could allow unintended access
This is a delegation of trust: the wallet owner is stating "I trust this specific program and instruction to authenticate operations on my behalf"
Validation Requirements: The ProgramExec authority enforces strict validation:
Program ID Match: The preceding instruction's program ID must exactly match the configured program ID
Discriminator Match: The instruction data must start with the configured instruction prefix/discriminator
Account Ordering: The preceding instruction's first two accounts must be:
Account 0: The Swig config account
Account 1: The Swig wallet address account
Execution Success: The preceding instruction must succeed for the Swig instruction to proceed
If the preceding instruction fails, the entire transaction fails
This ensures the trusted program has validated whatever conditions it checks
Security Implications:
✅ Prevents unauthorized programs from authenticating operations
✅ Prevents instruction replay with different discriminators
✅ Ensures the trusted program is aware of which wallet it's authorizing for
✅ Ties authentication to successful program execution (not just presence)