refactor: remove bump from create ata instruction data

[ananas-block]

Issue:

• create ata passes a bump which allows to create multiple cmint accounts from a single seed provided multiple bumps that result in an offcurve pda exist.

Changes:

• remove mint_bump from create mint instruction data

Summary by CodeRabbit

Release Notes

• Refactor

  • Simplified Associated Token Account creation API by removing bump parameter variants and consolidating functions into a unified approach.
  • Moved PDA verification logic to occur internally during account creation rather than through separate validation steps.

• Tests

  • Updated tests to validate deterministic ATA address derivation across different owners and mints.

[coderabbitai]

Walkthrough

This PR removes the bump: u8 field from ATA instruction data types, eliminates bump propagation through SDK and program call paths, and replaces the exported validate_ata_derivation helper with inline PDA derivation/verification computed where needed.

Changes

Cohort / File(s)	Summary
Instruction Data Types program-libs/ctoken-types/src/instructions/create_associated_token_account.rs, program-libs/ctoken-types/src/instructions/create_associated_token_account2.rs	Removed pub bump: u8 from CreateAssociatedTokenAccountInstructionData and CreateAssociatedTokenAccount2InstructionData structs
Program ATA Creation Logic programs/compressed-token/program/src/create_associated_token_account.rs	Removed bump parameter from process_create_associated_token_account_inner; compute PDA locally via find_program_address, compare expected_address with associated_token_account.key() and return InvalidSeeds on mismatch; updated process_compressible_config to accept ata_bump_seed: &[u8; 1] and adjusted seeds usage; removed validate_ata_derivation import/usage
Program ATA Creation Caller programs/compressed-token/program/src/create_associated_token_account2.rs	Removed bump argument from call sites to process_create_associated_token_account_inner; call signatures updated accordingly
Shared Validation Module programs/compressed-token/program/src/shared/mod.rs, programs/compressed-token/program/src/shared/validate_ata_derivation.rs	Removed validate_ata_derivation module and its public re-export; deleted validate_ata_derivation function
SDK Instruction Builder sdk-libs/compressed-token-sdk/src/instructions/create_associated_token_account.rs	Removed bump-bearing helper functions (e.g., *_with_bump / *_with_bump_and_mode variants); consolidated instruction builders into unified create_ata_instruction_unified / create_ata2_instruction_unified that no longer accept bump; callers derive ATA and ignore returned bump
SDK Tests sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs	Renamed/reworked test to test_ata_address_derivation() validating deterministic ATA derivation across owners/mints; removed assertions tied to bump-bearing instruction variants

Sequence Diagram

sequenceDiagram
    participant SDK as SDK Builder
    participant Program as Compressed Token Program
    participant PDA as PDA Derivation

    Note over SDK,Program: New flow (bump removed)
    SDK->>SDK: derive_ctoken_ata(owner,mint) -> (ata_pubkey, _bump)
    SDK->>Program: invoke create ATA instruction (no bump)
    Program->>PDA: find_program_address(seeds) 
    PDA-->>Program: (expected_ata, bump_seed)
    Program->>Program: compare expected_ata == provided ATA account
    alt match
        Program->>Program: continue create flow (possibly compressible)
    else mismatch
        Program-->>Program: return InvalidSeeds
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Areas requiring extra attention:

• Correctness of inline PDA derivation in process_create_associated_token_account_inner and its seed composition (ensure it matches the previous validate_ata_derivation behavior).
• Conversion of bump handling to &[u8;1] in process_compressible_config and all seed concatenations to ensure no endianness/byte-layout mistakes.
• SDK public API changes: removed bump-bearing helpers — verify downstream callers and tests compile against the consolidated API.
• Serialization/deserialization of instruction data after removing the bump field (cross-check ctoken-types and SDK builders for alignment).

Possibly related PRs

• feat: add create_ata2 instructions with owner/mint as accounts #2000 — touches the same ATA instruction types and bump propagation; likely conflicts due to inverse bump handling changes.
• fix: prevent compressible account funding with 1 epoch #1993 — modifies process_create_associated_token_account_inner / compressible config handling and overlaps on PDA/seed logic.

Suggested reviewers

• sergeytimoshin
• SwenSchaeferjohann

Poem

The bump has left the passing line,
Now PDAs recompute just fine.
Seeds are checked where logic sings,
Compact flows and fewer things.
🎉 Keys align — errno wings.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately captures the main structural change: removing the bump field from ATA instruction data structs and refactoring related code paths.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 70.00%.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jorrit/refator-remove-create-ata-bump

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9f769b0 and 0ccd318.

📒 Files selected for processing (3)

• programs/compressed-token/program/src/shared/mod.rs (0 hunks)
• programs/compressed-token/program/src/shared/validate_ata_derivation.rs (0 hunks)
• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs (1 hunks)

💤 Files with no reviewable changes (2)

• programs/compressed-token/program/src/shared/mod.rs
• programs/compressed-token/program/src/shared/validate_ata_derivation.rs

🧰 Additional context used

🧠 Learnings (10)

📚 Learning: 2025-10-15T03:46:26.767Z

Learnt from: CR
Repo: Lightprotocol/light-protocol PR: 0
File: programs/registry/CLAUDE.md:0-0
Timestamp: 2025-10-15T03:46:26.767Z
Learning: Applies to programs/registry/src/account_compression_cpi/**/*.rs : CPI processing functions must derive PDA signer seeds as [CPI_AUTHORITY_PDA_SEED, bump] and use CpiContext::new_with_signer with cpi_authority as the authority account and mapped target accounts.

Applied to files:

• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs

📚 Learning: 2025-10-11T21:59:25.222Z

Learnt from: CR
Repo: Lightprotocol/light-protocol PR: 0
File: program-libs/account-checks/CLAUDE.md:0-0
Timestamp: 2025-10-11T21:59:25.222Z
Learning: Applies to program-libs/account-checks/src/account_info/{solana.rs,pinocchio.rs,test_account_info.rs} : Gate SDK-specific implementations with #[cfg(feature = "solana"|"pinocchio"|"test-only")]

Applied to files:

• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs

📚 Learning: 2025-10-16T06:33:55.362Z

Learnt from: CR
Repo: Lightprotocol/light-protocol PR: 0
File: programs/compressed-token/program/CLAUDE.md:0-0
Timestamp: 2025-10-16T06:33:55.362Z
Learning: Applies to programs/compressed-token/program/src/create_associated_token_account.rs : Create Associated Token Account instruction must validate that the config state is ACTIVE only

Applied to files:

• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs

📚 Learning: 2025-10-16T06:33:19.426Z

Learnt from: CR
Repo: Lightprotocol/light-protocol PR: 0
File: program-libs/compressible/CLAUDE.md:0-0
Timestamp: 2025-10-16T06:33:19.426Z
Learning: Applies to program-libs/compressible/src/config.rs : Ensure serialization compatibility across Anchor, Pinocchio, and Borsh for core account types used by dependent programs

Applied to files:

• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs

📚 Learning: 2025-10-11T21:59:25.222Z

Learnt from: CR
Repo: Lightprotocol/light-protocol PR: 0
File: program-libs/account-checks/CLAUDE.md:0-0
Timestamp: 2025-10-11T21:59:25.222Z
Learning: Applies to program-libs/account-checks/src/account_info/{solana.rs,pinocchio.rs,test_account_info.rs} : Provide SDK-specific AccountInfoTrait implementations in account_info/{solana.rs,pinocchio.rs,test_account_info.rs}

Applied to files:

• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs

📚 Learning: 2025-10-15T03:46:43.242Z

Learnt from: CR
Repo: Lightprotocol/light-protocol PR: 0
File: sdk-tests/sdk-token-test/CLAUDE.md:0-0
Timestamp: 2025-10-15T03:46:43.242Z
Learning: Applies to sdk-tests/sdk-token-test/**/tests/**/*.rs : Every test should only contain functional integration tests

Applied to files:

• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs

📚 Learning: 2025-10-11T21:59:25.222Z

Learnt from: CR
Repo: Lightprotocol/light-protocol PR: 0
File: program-libs/account-checks/CLAUDE.md:0-0
Timestamp: 2025-10-11T21:59:25.222Z
Learning: Applies to program-libs/account-checks/src/account_info/test_account_info.rs : Use the mock AccountInfo implementation under the test-only feature for unit tests

Applied to files:

• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs

📚 Learning: 2025-10-11T21:59:25.222Z

Learnt from: CR
Repo: Lightprotocol/light-protocol PR: 0
File: program-libs/account-checks/CLAUDE.md:0-0
Timestamp: 2025-10-11T21:59:25.222Z
Learning: Applies to program-libs/account-checks/src/account_info/account_info_trait.rs : Ensure the crate compiles with no features enabled by keeping trait definitions free of SDK-specific dependencies

Applied to files:

• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs

📚 Learning: 2025-10-11T21:59:25.222Z

Learnt from: CR
Repo: Lightprotocol/light-protocol PR: 0
File: program-libs/account-checks/CLAUDE.md:0-0
Timestamp: 2025-10-11T21:59:25.222Z
Learning: Applies to program-libs/account-checks/src/**/*.rs : Validate account type with 8-byte discriminators using check_discriminator before deserialization

Applied to files:

• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs

📚 Learning: 2025-10-16T06:33:55.362Z

Learnt from: CR
Repo: Lightprotocol/light-protocol PR: 0
File: programs/compressed-token/program/CLAUDE.md:0-0
Timestamp: 2025-10-16T06:33:55.362Z
Learning: Applies to programs/compressed-token/program/src/create_token_account.rs : Create Token Account instruction must validate that the config state is ACTIVE only

Applied to files:

• sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs

🧬 Code graph analysis (1)

sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs (2)

program-libs/compressed-account/src/pubkey.rs (1)

• new_unique (200-202)

sdk-libs/compressed-token-sdk/src/instructions/create_associated_token_account.rs (1)

• derive_ctoken_ata (178-187)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Test refactoring looks good; verify if derive_ctoken_ata should still return the bump.

The test logic correctly verifies deterministic ATA derivation and uniqueness across different owners and mints. The rename from test_with_bump_functions to test_ata_address_derivation accurately reflects the new focus.

However, derive_ctoken_ata still returns (Pubkey, u8) but the bump is now completely unused across all tests (and presumably throughout the codebase per the PR objective). Consider whether the function signature should be simplified to return only Pubkey since the bump is no longer propagated to instruction data or used elsewhere.

Run the following script to check if the bump returned by derive_ctoken_ata is used anywhere in the codebase:

---

🏁 Script executed:

#!/bin/bash
# Description: Search for usages of derive_ctoken_ata where the bump (second tuple element) is actually used.

# Search for patterns where derive_ctoken_ata's bump is captured and used (not ignored with _)
rg -nP --type=rust -C3 'derive_ctoken_ata\([^)]+\)' | rg -v '_bump'

# Also search for destructuring patterns that capture the bump
rg -nP --type=rust -C3 'let \([^,]+,\s*(?!_)[a-z_][a-z0-9_]*\)\s*=\s*derive_ctoken_ata'

Length of output: 6573

---

Refactor derive_ctoken_ata to remove the unused bump return value.

The bump returned by derive_ctoken_ata is dead code—it's discarded at every call site throughout the codebase. I verified all usages:

• sdk-libs/token-client/src/actions/mint_action.rs:109 – bump ignored
• All test call sites – bump ignored

Required changes:

1. Update derive_ctoken_ata signature to return only Pubkey (not (Pubkey, u8))
2. Update call site in sdk-libs/token-client/src/actions/mint_action.rs:109
3. Update all call sites in the test file (lines 89, 92, 100, 108)

The test logic itself is solid—it correctly validates deterministic derivation and address uniqueness—but clean up the signature to eliminate the unused return value.

🤖 Prompt for AI Agents

In sdk-libs/compressed-token-sdk/tests/create_associated_token_account.rs around
lines 86 to 113, the test (and other call sites) call derive_ctoken_ata and
ignore the returned bump; change derive_ctoken_ata to return only Pubkey instead
of (Pubkey, u8), then update all call sites to accept a single Pubkey return
(remove unpacking of the bump). Specifically update
sdk-libs/token-client/src/actions/mint_action.rs at line 109 and this test file
at the call sites on lines ~89, ~92, ~100, and ~108 to stop destructuring the
(pubkey, bump) tuple and just assign the returned Pubkey; no behavior changes
beyond removing the unused bump.

[SwenSchaeferjohann]

lgtm. that said, I think it'd be good to let people pass the bump and just provide a helper that derives it for them. it will be really hard to accidentally create the wrong ata

[ananas-block]

too CU intensive