feat: added a way to verify validator identity within ER

[taco-paco]

Summary

With callbacks it is importmant for developers to verify if callback was triggered by validator and not someone else. For that purpose they can now call VerifyValidatorIdentity in magicblock-program with "validator" account, magic-program will compare pubkeys and error if they do not match.

Compatibility

• No breaking changes
• Config change (describe):
• Migration needed (describe):

Testing

• tests (or explain)

Checklist

• docs updated (if needed)
• closes #

Summary by CodeRabbit

• New Features
  • Added a new validator identity verification instruction to the MagicBlock program, enabling validation of validator authority accounts against expected identities.

[github-actions]

Manual Deploy Available

You can trigger a manual deploy of this PR branch to testnet:

Deploy to Testnet 🚀

Alternative: Comment /deploy on this PR to trigger deployment directly.

⚠️ Note: Manual deploy requires authorization. Only authorized users can trigger deployments.

Comment updated automatically when the PR is synchronized.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a new VerifyValidatorIdentity instruction to the MagicBlock program. The instruction definition was added to the instruction set, and a corresponding handler was implemented in a new module. The handler validates that the validator authority account provided in the transaction matches the expected validator authority identifier, after confirming the MagicBlock program account exists and the magic context is correct. Unit tests cover success and failure scenarios for validator identity verification.

Suggested reviewers

• GabrielePicco

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/magic-program/is-validator-check

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@magicblock-magic-program-api/src/instruction.rs`:
- Around line 306-310: Update the VerifyValidatorIdentity instruction docs to
match the handler in verify_validator_identity.rs: list index 0 as the Magic
Context account (MAGIC_CONTEXT_PUBKEY) and index 1 as the Validator Authority,
and ensure the account reference descriptions and ordering reflect that the
handler expects the magic context first and validator authority second (so the
documented account layout aligns with VerifyValidatorIdentity and
MAGIC_CONTEXT_PUBKEY usage).

In `@programs/magicblock/src/verify_validator_identity.rs`:
- Around line 32-35: Update the error logging string in the
VerifyValidatorIdentity handler so it correctly references the instruction name
instead of "ScheduleCommit"; locate the ic_msg! call in the
VerifyValidatorIdentity logic that currently logs "ScheduleCommit ERR: Magic
program account not found" and change it to a descriptive message like
"VerifyValidatorIdentity ERR: Magic program account not found" (or similar) so
logs correctly reflect the VerifyValidatorIdentity instruction context.
- Around line 86-101: In setup_transaction_accounts(), avoid using
HashMap::remove().unwrap() which yields an opaque panic; replace both unwrap()
calls with expect(...) that include descriptive messages referencing the keys
and the helper that should have populated them (e.g., mention
MAGIC_CONTEXT_PUBKEY and the validator returned by validator_authority_id()) so
if ensure_started_validator(...) failed to insert the entries the test failure
will report which key was missing and where (setup_transaction_accounts /
ensure_started_validator).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: ce461575-ae50-45d1-acf6-5288481e2219

📥 Commits

Reviewing files that changed from the base of the PR and between b9d2ada and c59a386.

⛔ Files ignored due to path filters (1)

• test-integration/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• magicblock-magic-program-api/src/instruction.rs
• programs/magicblock/src/lib.rs
• programs/magicblock/src/magicblock_processor.rs
• programs/magicblock/src/verify_validator_identity.rs

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Instruction documentation does not match the handler's expected account layout.

The handler in verify_validator_identity.rs expects:

• Index 0: Magic Context account (MAGIC_CONTEXT_PUBKEY)
• Index 1: Validator Authority

However, the documentation only lists the Validator Authority at index 0. This mismatch could cause integration issues for developers using this instruction.

📝 Suggested documentation fix

     /// Verifies if account's pubkey corresponds to current validator identity
     /// # Account references
-    /// - **0.** `[]`  Validator Authority
+    /// - **0.** `[]`  Magic Context account
+    /// - **1.** `[]`  Validator Authority
     VerifyValidatorIdentity,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	/// Verifies if account's pubkey corresponds to current validator identity
	/// # Account references
	/// - **0.** `[]` Validator Authority
	VerifyValidatorIdentity,
	/// Verifies if account's pubkey corresponds to current validator identity
	/// # Account references
	/// - **0.** `[]` Magic Context account
	/// - **1.** `[]` Validator Authority
	VerifyValidatorIdentity,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@magicblock-magic-program-api/src/instruction.rs` around lines 306 - 310,
Update the VerifyValidatorIdentity instruction docs to match the handler in
verify_validator_identity.rs: list index 0 as the Magic Context account
(MAGIC_CONTEXT_PUBKEY) and index 1 as the Validator Authority, and ensure the
account reference descriptions and ordering reflect that the handler expects the
magic context first and validator authority second (so the documented account
layout aligns with VerifyValidatorIdentity and MAGIC_CONTEXT_PUBKEY usage).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Error message references wrong instruction.

The error message says "ScheduleCommit ERR" but this is the VerifyValidatorIdentity instruction handler. This appears to be a copy-paste artifact that could confuse debugging.

📝 Suggested fix

         .ok_or_else(|| {
             ic_msg!(
                 invoke_context,
-                "ScheduleCommit ERR: Magic program account not found"
+                "VerifyValidatorIdentity ERR: Magic program account not found"
             );
             InstructionError::UnsupportedProgramId
         })?;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ic_msg!(
	invoke_context,
	"ScheduleCommit ERR: Magic program account not found"
	);
	.ok_or_else(|| {
	ic_msg!(
	invoke_context,
	"VerifyValidatorIdentity ERR: Magic program account not found"
	);
	InstructionError::UnsupportedProgramId
	})?;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@programs/magicblock/src/verify_validator_identity.rs` around lines 32 - 35,
Update the error logging string in the VerifyValidatorIdentity handler so it
correctly references the instruction name instead of "ScheduleCommit"; locate
the ic_msg! call in the VerifyValidatorIdentity logic that currently logs
"ScheduleCommit ERR: Magic program account not found" and change it to a
descriptive message like "VerifyValidatorIdentity ERR: Magic program account not
found" (or similar) so logs correctly reflect the VerifyValidatorIdentity
instruction context.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Test helper uses .unwrap() on HashMap::remove() which could silently fail.

While .unwrap() is acceptable in test code, if ensure_started_validator doesn't populate the expected keys, the test would panic with a generic message. Consider using .expect() with a descriptive message for better debugging.

💡 Optional improvement for test debuggability

         vec![
             (
                 MAGIC_CONTEXT_PUBKEY,
-                account_data.remove(&MAGIC_CONTEXT_PUBKEY).unwrap(),
+                account_data.remove(&MAGIC_CONTEXT_PUBKEY)
+                    .expect("MAGIC_CONTEXT_PUBKEY should be in account_data"),
             ),
-            (validator, account_data.remove(&validator).unwrap()),
+            (validator, account_data.remove(&validator)
+                .expect("validator should be in account_data")),
         ]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	fn setup_transaction_accounts() -> Vec<(Pubkey, AccountSharedData)> {
	let mut account_data = HashMap::new();
	account_data.insert(
	MAGIC_CONTEXT_PUBKEY,
	AccountSharedData::new(u64::MAX, MagicContext::SIZE, &crate::id()),
	);
	ensure_started_validator(&mut account_data, None);
	let validator = validator_authority_id();
	vec![
	(
	MAGIC_CONTEXT_PUBKEY,
	account_data.remove(&MAGIC_CONTEXT_PUBKEY).unwrap(),
	),
	(validator, account_data.remove(&validator).unwrap()),
	]
	}
	fn setup_transaction_accounts() -> Vec<(Pubkey, AccountSharedData)> {
	let mut account_data = HashMap::new();
	account_data.insert(
	MAGIC_CONTEXT_PUBKEY,
	AccountSharedData::new(u64::MAX, MagicContext::SIZE, &crate::id()),
	);
	ensure_started_validator(&mut account_data, None);
	let validator = validator_authority_id();
	vec![
	(
	MAGIC_CONTEXT_PUBKEY,
	account_data.remove(&MAGIC_CONTEXT_PUBKEY)
	.expect("MAGIC_CONTEXT_PUBKEY should be in account_data"),
	),
	(validator, account_data.remove(&validator)
	.expect("validator should be in account_data")),
	]
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@programs/magicblock/src/verify_validator_identity.rs` around lines 86 - 101,
In setup_transaction_accounts(), avoid using HashMap::remove().unwrap() which
yields an opaque panic; replace both unwrap() calls with expect(...) that
include descriptive messages referencing the keys and the helper that should
have populated them (e.g., mention MAGIC_CONTEXT_PUBKEY and the validator
returned by validator_authority_id()) so if ensure_started_validator(...) failed
to insert the entries the test failure will report which key was missing and
where (setup_transaction_accounts / ensure_started_validator).

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7120c00c0c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Require validator signature for identity verification

This check only compares the provided account pubkey to the configured validator key and returns success without verifying signer privileges, so any caller can pass the validator pubkey as a readonly account and satisfy the instruction. That means callback programs using this as an authorization gate can be spoofed by non-validator transactions, which defeats the feature’s stated purpose of proving validator-originated execution.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Respect authority override when verifying validator identity

The expected key is taken from validator_authority_id() instead of the override-aware effective_validator_authority_id(), so verification can fail in replication/replay configurations that set validator_authority_override. In those modes this instruction will reject the active validator identity even though other validator checks in the codebase accept the override, making behavior inconsistent and breaking callback validation for those deployments.

Useful? React with 👍 / 👎.

[GabrielePicco]

The current implementation exposes the active validator identity directly to user programs and requires each callback handler to remember to authenticate it explicitly. “opt-in security” here is unavoidable, but could rework to make it much harder to mis-use/forget.

Additionally, the current implementation couples app behavior to validator identity / authority overrides, and pushes a security-sensitive check into every integrator's code.

I suggest reworking this so that the the service submit a DispatchCallback instruction to the magic program. The magic program validates internal state, then CPI’s into the destination program with invoke_signed using a deterministic callback-authority PDA. The app checks that PDA signer, not the active validator identity.
This keeps the trust boundary inside the magic program, and gives materially better developer experience with a much lower misuse risk as the program just need to validate that the PDA is a signer (with Anchor, just marking it as a signer).

To evaluate, but the PDA could also be scoped (derived) from the callback domain as well: intent_id, action_index, source_program.

[Dodecahedr0x]

Magic context seems like a mistake here

[Dodecahedr0x]

Makes no sense to include magic context

[Dodecahedr0x]

Ix could also be idempotent but use return_data (depending on the use case)