Client Implementation

Quick Access

Check out private transfer example:

GitHub

Anchor Implementation

dApp (Coming soon!)

Play Now

Frontends interface with the Private Ephemeral Rollup (PER) using two concepts: Authorization and Permissions

Authorization: Verify RPC integrity, request authorization token and create connection.
Permissions: Manage permissions from the client and define members with fine-grained access to permissioned accounts.

Authorization

Verify the TEE RPC server runs on genuine Intel TDX hardware using its TDX quote and Intel-issued attestation certificates
Request and sign challenge to receive an authorization token
Create connection by passing the authorization token inside header or as query parameter

import {
  verifyTeeRpcIntegrity,
  getAuthToken,
} from "@magicblock-labs/ephemeral-rollups-sdk";

// if not using wallet:
// import * as nacl from "tweetnacl";

const teeUrl = "https://tee.magicblock.app";
const teeWsUrl = "wss://tee.magicblock.app";

// 1. Verify the integrity of TEE RPC
const isVerified = await verifyTeeRpcIntegrity(teeUrl);

// 2. Get AuthToken before making request to TEE
const token = await getAuthToken(
  teeUrl,
  wallet.publicKey,
  signMessage
  // if not using wallet:
  // (message: Uint8Array) =>
  //  Promise.resolve(nacl.sign.detached(message, wallet.secretKey))
);

// 3. Create connection with TEE
const connection = new web3.Connection(`${teeUrl}?token=${authToken.token}`, {
  wsEndpoint: `${teeWsUrl}?token=${authToken.token}`,
});

Permissions

Create permissions on Solana, manage and enforce them in the Private Ephemeral Rollup through delegation:

1. Create
2. Delegate
3. Update
4. Undelegate
5. Close

Create permission for account through CPI call to Permission Program:

web3js

import {
  Member,
  createCreatePermissionInstruction,
} from "@magicblock-labs/ephemeral-rollups-sdk";

// Define members
let members: Member[] | null = [
  {
    flags: AUTHORITY_FLAG | TX_LOGS_FLAG,
    pubkey: payer.publicKey,
  },
  {
    flags: TX_LOGS_FLAG,
    pubkey: user2.publicKey,
  },
];

// Build the instruction
const createPermissionIx = createCreatePermissionInstruction(
  {
    permissionedAccount: permissionedAccount.publicKey,
    payer: payer.publicKey,
  },
  {
    members,
  }
);

// Create a transaction
const tx = new Transaction().add(createPermissionIx);

// Send the transaction
const txSig = await sendAndConfirmTransaction(connection, tx, [payer]);
console.log("TX:", txSig);

⬆️ Back to Top

Delegate permission and permissioned account to enforce privacy:

web3js

import {
  PERMISSION_PROGRAM_ID,
  createDelegatePermissionInstruction,
} from "@magicblock-labs/ephemeral-rollups-sdk";


// Build the instruction
const delegatePermissionIx = createDelegatePermissionInstruction({
  payer: payer.publicKey,
    authority: [payer.publicKey, true], // defined as authority in permission members
    permissionedAccount: [permissionedAccountKeypair.publicKey, false], // optional signer, since payer is defined as authority in permission members
  ownerProgram: PERMISSION_PROGRAM_ID
  validator,
});

// Create a transaction
const tx = new Transaction().add(delegatePermissionIx);

// Send the transaction
const txSig = await sendAndConfirmTransaction(connection, tx, [payer]);
console.log("TX:", txSig);

⬆️ Back to Top

Make permissioned account visible in PER:

web3js

import { createUpdatePermissionInstruction } from "@magicblock-labs/ephemeral-rollups-sdk";

// Build the instruction
const updatePermissionIx = createUpdatePermissionInstruction(
  {
    authority: [payer.publicKey, true], // defined as authority in permission members
    permissionedAccount: [permissionedAccountKeypair.publicKey, false], // optional signer, since payer is defined as authority in permission members
  },
  {
    members: [],
  }
);

// Create a transaction
const tx = new Transaction().add(updatePermissionIx);

// Send the transaction
const txSig = await sendAndConfirmTransaction(connection, tx, [payer]);
console.log("TX:", txSig);

⬆️ Back to Top

Commit and undelegate permissions to Solana:

web3js

import { createCommitAndUndelegatePermissionInstruction } from "@magicblock-labs/ephemeral-rollups-sdk";

// Build the instruction
const commitAndUndelegatePermissionIx =
  createCommitAndUndelegatePermissionInstruction({
    authority: [payer.publicKey, true], // defined as authority in permission members
    permissionedAccount: [permissionedAccountKeypair.publicKey, false], // optional signer, since payer is defined as authority in permission members
  });

// Create a transaction
const tx = new Transaction().add(commitAndUndelegatePermissionIx);

// Send the transaction
const txSig = await sendAndConfirmTransaction(connection, tx, [payer]);
console.log("TX:", txSig);

⬆️ Back to Top

Close permission to receive deposit back:

web3js

import { createClosePermissionInstruction } from "@magicblock-labs/ephemeral-rollups-sdk";

// Build the instruction
const closePermissionIx = createClosePermissionInstruction({
  payer: payer.publicKey,
  authority: [payer.publicKey, true], // defined as authority in permission members
  permissionedAccount: [permissionedAccount.publicKey, false], // optional signer, since payer is defined as authority in permission members
});

// Create a transaction
const tx = new Transaction().add(closePermissionIx);

// Send the transaction
const txSig = await sendAndConfirmTransaction(connection, tx, [payer]);
console.log("TX:", txSig);

⬆️ Back to Top

Private Ephemeral Rollup (devnet) endpoint: https://tee.magicblock.app/

Program Implementation

Manage Permissions via CPI