refactor trait

refactor

remove fetch-accounts

renaming, simplify trait

fomat

excl photon-api submodule

fix: multi-pass cold account lookup in test indexer RPC

Align get_account_interface and get_multiple_account_interfaces with
Photon's lookup strategy: search compressed_accounts by onchain_pubkey,
then by PDA seed derivation, then token_compressed_accounts, then by
token_data.owner. Also fix as_mint() to accept ColdContext::Account
since Photon returns mints as generic compressed accounts.

Co-authored-by: Cursor <cursoragent@cursor.com>

lint

fix lint

fix: reject rent sponsor self-referencing the token account (#2257)

* fix: reject rent sponsor self-referencing the token account

Audit issue #9 (INFO): The rent payer could be the same account as
the target token account being created. Add a check that rejects
this self-reference to prevent accounting issues.

* test: add failing test rent sponsor self reference

fix: process metadata add/remove actions in sequential order (#2256)

* fix: process metadata add/remove actions in sequential order

Audit issue #16 (LOW): should_add_key checked for any add and any
remove independently, ignoring action ordering. An add-remove-add
sequence would incorrectly remove the key. Process actions
sequentially so the final state reflects the actual order.

* chore: format

* test: add randomized test for metadata action processing

Validates that process_extensions_config_with_actions produces correct
AdditionalMetadataConfig for random sequences of UpdateMetadataField
and RemoveMetadataKey actions, covering the add-remove-add bug from
audit issue #16.

* test: add integration test for audit issue #13 (no double rent charge)

Verifies that two compress operations targeting the same compressible
CToken account in a single Transfer2 instruction do not double-charge
the rent top-up budget.

* chore: format extensions_metadata test

fix: validate authority on self-transfer early return (#2252)

* fix: handle self-transfer in ctoken transfer and transfer_checked

Validate that the authority is a signer and is the owner or delegate
before allowing self-transfer early return. Previously the self-transfer
path returned Ok(()) without any authority validation.

* fix: simplify map_or to is_some_and per clippy

* fix: use pubkey_eq for self-transfer check

* refactor: extract self-transfer validation into shared function

Extract duplicate self-transfer check from default.rs and checked.rs
into validate_self_transfer() in shared.rs with cold path for authority
validation.

* chore: format

* fix: deduplicate random metadata keys in test_random_mint_action

Random key generation could produce duplicate keys, causing
DuplicateMetadataKey error (18040) with certain seeds.

fix: enforce mint extension checks in cToken-to-cToken decompress (#2246)

* fix: enforce mint extension checks in cToken-to-cToken decompress hot path

Add enforce_extension_state() to MintExtensionChecks and call it in the
Decompress branch when decompress_inputs is None (hot-path, not
CompressedOnly restore). This prevents cToken-to-cToken transfers from
bypassing pause, transfer fee, and transfer hook restrictions.

* fix test

chore: reject compress for mints with restricted extensions in build_mint_extension_cache (#2240)

* chore: reject compress for mints with restricted extensions in mint check

* Update programs/compressed-token/program/src/compressed_token/transfer2/check_extensions.rs

Co-authored-by: 0xa5df-c <172008956+0xa5df-c@users.noreply.github.com>

* fix: format else-if condition for lint

---------

Co-authored-by: 0xa5df-c <172008956+0xa5df-c@users.noreply.github.com>

fix: token-pool index 0 check (#2239)

fix(programs): add MintCloseAuthority as restricted extension (M-03) (#2263)

* fix: add MintCloseAuthority as restricted extension (M-03)

A mint with MintCloseAuthority can be closed and re-opened with
different extensions. Treating it as restricted ensures compressed
tokens from such mints require CompressedOnly mode.

* test: add MintCloseAuthority compression_only requirement tests

Add test coverage for MintCloseAuthority requiring compression_only mode,
complementing the fix in f2da063.

refactor: light program pinocchio macro (#2247)

* refactor: light program pinocchio macro

* fix: address CodeRabbit review comments on macro codegen

- Fix account order bug in process_update_config (config=0, authority=1)
- Use backend-provided serialize/deserialize derives in LightAccountData
- Remove redundant is_pinocchio() branch for has_le_bytes unpack fields
- DRY doc attribute generation across 4 struct generation methods
- Unify unpack_data path using account_crate re-export for both backends

chore(libs): bump versions (#2272)

fix(programs): allow account-level delegate to compress CToken (M-02) (#2262)

* fix: allow account-level delegate to compress tokens from CToken (M-02)

check_ctoken_owner() only checked owner and permanent delegate.
An account-level delegate (approved via CTokenApprove) could not
compress tokens. Added delegate check after permanent delegate.

* test: compress by delegate

fix: accumulate delegated amount at decompression (#2242)

* fix: accumulate delegated amount at decompression

* fix lint

* refactor: simplify apply_delegate to single accumulation path

* fix: ignore delegated_amount without delegate

* restore decompress amount check

fix programtest, wallet owner tracking for ata

fmt and lint

upd amm test

simplify client usage, remove unnecessary endpoints

clean

cleanup

lint

Author: SwenSchaeferjohann

forester/tests/test_indexer_interface.rs

@@ -11,7 +11,7 @@
 /// 4. Compressible token accounts - on-chain accounts that can be compressed
 use std::collections::HashMap;
 
-use anchor_lang::Discriminator;
+use anchor_lang::{AnchorDeserialize, Discriminator};
 use borsh::BorshSerialize;
 use create_address_test_program::create_invoke_cpi_instruction;
 use light_client::{
@@ -368,6 +368,13 @@ async fn test_indexer_interface_scenarios() {
         compressed_mint_pda, create_mint_sig
     );
 
+    // Warp forward so rent expires - required before CompressAndCloseMint
+    let current_slot = rpc.get_slot().await.unwrap();
+    let target_slot = current_slot + light_compressible::rent::SLOTS_PER_EPOCH * 30;
+    rpc.warp_to_slot(target_slot)
+        .await
+        .expect("warp_to_slot so mint rent expires");
+
     // Now compress and close the mint to make it fully compressed
     println!("Compressing mint via CompressAndCloseMint...");
 
@@ -483,36 +490,41 @@ async fn test_indexer_interface_scenarios() {
     );
     println!("  PASSED: Compressible account resolved from on-chain");
 
-    // ============ Test 2: getTokenAccountInterface with compressible token account (on-chain) ============
-    println!("\nTest 2: getTokenAccountInterface with compressible token account (on-chain)...");
-    let compressible_token_interface = photon_indexer
-        .get_token_account_interface(&compressible_token_account, None)
+    println!("\nTest 2: getAccountInterface for compressible token account (on-chain)...");
+    let compressible_token_interface = rpc
+        .get_account_interface(&compressible_token_account, None)
         .await
-        .expect("getTokenAccountInterface should not error")
+        .expect("getAccountInterface should not error")
         .value
-        .expect("Compressible token account should be found via token interface");
+        .expect("Compressible token account should be found");
 
     assert!(
-        compressible_token_interface.account.is_hot(),
+        compressible_token_interface.is_hot(),
         "Token account should be hot (on-chain)"
     );
     assert!(
-        compressible_token_interface.account.cold.is_none(),
+        compressible_token_interface.cold.is_none(),
         "On-chain token account should not have cold context"
     );
     assert_eq!(
-        compressible_token_interface.account.key, compressible_token_account,
+        compressible_token_interface.key, compressible_token_account,
         "Token account key should match"
     );
-    assert_eq!(
-        compressible_token_interface.token.mint, decompressed_mint_pda,
-        "Token mint should match decompressed mint"
-    );
-    assert_eq!(
-        compressible_token_interface.token.owner,
-        compressible_owner.pubkey(),
-        "Token owner should match compressible owner"
-    );
+    {
+        let token = light_token_interface::state::Token::deserialize(
+            &mut &compressible_token_interface.account.data[..],
+        )
+        .expect("parse token account");
+        assert_eq!(
+            token.mint, decompressed_mint_pda,
+            "Token mint should match decompressed mint"
+        );
+        assert_eq!(
+            token.owner,
+            compressible_owner.pubkey(),
+            "Token owner should match compressible owner"
+        );
+    }
     println!("  PASSED: Token account interface resolved with correct token data");
 
     // ============ Test 3: getMultipleAccountInterfaces batch lookup ============

sdk-libs/client/src/indexer/photon_indexer.rs

@@ -9,7 +9,7 @@ use tracing::{error, trace, warn};
 
 use super::types::{
     AccountInterface, CompressedAccount, CompressedTokenAccount, OwnerBalance,
-    SignatureWithMetadata, TokenAccountInterface, TokenBalance,
+    SignatureWithMetadata, TokenBalance,
 };
 use crate::indexer::{
     base58::Base58Conversions,
@@ -1761,46 +1761,6 @@ impl PhotonIndexer {
         .await
     }
 
-    pub async fn get_token_account_interface(
-        &self,
-        address: &Pubkey,
-        config: Option<IndexerRpcConfig>,
-    ) -> Result<Response<Option<TokenAccountInterface>>, IndexerError> {
-        let response = self.get_account_interface(address, config).await?;
-        let value = match response.value {
-            Some(ai) => {
-                let token = parse_token_data_from_indexer_account(&ai)?;
-                Some(TokenAccountInterface { account: ai, token })
-            }
-            None => None,
-        };
-        Ok(Response {
-            context: response.context,
-            value,
-        })
-    }
-
-    pub async fn get_associated_token_account_interface(
-        &self,
-        owner: &Pubkey,
-        mint: &Pubkey,
-        config: Option<IndexerRpcConfig>,
-    ) -> Result<Response<Option<TokenAccountInterface>>, IndexerError> {
-        let ata_address = light_token::instruction::get_associated_token_address(owner, mint);
-        let response = self.get_account_interface(&ata_address, config).await?;
-        let value = match response.value {
-            Some(ai) => {
-                let token = parse_token_data_from_indexer_account(&ai)?;
-                Some(TokenAccountInterface { account: ai, token })
-            }
-            None => None,
-        };
-        Ok(Response {
-            context: response.context,
-            value,
-        })
-    }
-
     pub async fn get_multiple_account_interfaces(
         &self,
         addresses: Vec<&Pubkey>,
@@ -1853,19 +1813,3 @@ impl PhotonIndexer {
         .await
     }
 }
-
-/// Parse token data from an indexer AccountInterface.
-/// For compressed (cold) accounts: borsh-deserializes TokenData from the cold data bytes.
-/// For on-chain (hot) accounts: returns default TokenData (downstream conversion re-parses from SPL layout).
-fn parse_token_data_from_indexer_account(
-    ai: &AccountInterface,
-) -> Result<light_token::compat::TokenData, IndexerError> {
-    match &ai.cold {
-        Some(cold) => borsh::BorshDeserialize::deserialize(&mut cold.data.data.as_slice())
-            .map_err(|e| IndexerError::decode_error("token_data", e)),
-        None => {
-            // Hot account — downstream will re-parse from SPL account data directly
-            Ok(light_token::compat::TokenData::default())
-        }
-    }
-}