Quickstart

Quick Access

Check out example:

GitHub

Private Counter Anchor Implementation

Live Example App

Try the Private Counter

MagicBlock’s Private Ephemeral Rollup enforces compliance based on node-level IP geofencing, OFAC-sanction list and restricted jurisdictions at ingress, before any transaction is accepted or executed. Find out more

Step-By-Step Guide

Build your program and upgrade it with permission and delegation hooks that utilize MagicBlock’s Permission Program ACLseoPoyC3cBqoUtkbjZ4aDrkurZW86v19pXz2XQnp1 and Delegation Program DELeGGvXpWV2fqJUhqcF5ZSYMS4JTLjteaAMARRSaeSh:

Write your program

Write your Solana program as you normally.

Add delegation with restriction hooks in your program

A single delegate instruction creates the permission account, delegates it, and then delegates the permissioned account to the TEE validator. A symmetric undelegate instruction releases both accounts atomically on the way back to the base layer. See access control details.

These public validators are supported for development. Make sure to add the specific ER validator in your delegation instruction:

Mainnet

Asia (as.magicblock.app): MAS1Dt9qreoRMQ14YQuhg8UTZMMzDdKhmkZMECCzk57
EU (eu.magicblock.app): MEUGGrYPxKk17hCr7wpT6s8dtNokZj5U2L57vjYMS8e
US (us.magicblock.app): MUS3hc9TCw4cGC12vHNoYcCGzJG1txjgQLZWVoeNHNd
TEE (mainnet-tee.magicblock.app): MTEWGuqxUpYZGFJQcp8tLN7x5v9BSeoFHYWQQ3n3xzo

Devnet

Asia (devnet-as.magicblock.app): MAS1Dt9qreoRMQ14YQuhg8UTZMMzDdKhmkZMECCzk57
EU (devnet-eu.magicblock.app): MEUGGrYPxKk17hCr7wpT6s8dtNokZj5U2L57vjYMS8e
US (devnet-us.magicblock.app): MUS3hc9TCw4cGC12vHNoYcCGzJG1txjgQLZWVoeNHNd
TEE (devnet-tee.magicblock.app): MTEWGuqxUpYZGFJQcp8tLN7x5v9BSeoFHYWQQ3n3xzo

Localnet

Local ER (localhost:7799): mAGicPQYBMvcYveUZA5F5UNNwyHvfYh5xkLS2Fr1mev

Deploy your program on Solana

Deploy your Solana program using Anchor CLI.

Implement authorization in your client

Sign user message to retrieve authorization token from TEE endpoint.

Execute transactions and test privacy

Request for authorization token and send confidential transactions.

Private Counter Example

The following software packages may be required, other versions may also be compatible:

Software	Version	Installation Guide
Solana	2.3.13	Install Solana
Rust	1.85.0	Install Rust
Anchor	0.32.1	Install Anchor
Node	24.10.0	Install Node

The latest Permission Program requires SDK version >=0.8.0. See migration guide for details.

Code Snippets

1. Write program
2. Delegate with Restriction
3. Deploy
4. Authorize
5. Test

A simple counter program with initialize and increment instructions, identical in shape to the public counter — privacy is added in the next steps:

#[ephemeral]
#[program]
pub mod private_counter {
    use super::*;

    /// Initialize the counter.
    pub fn initialize(ctx: Context<Initialize>) -> Result<()> {
        let counter = &mut ctx.accounts.counter;
        counter.count = 0;
        Ok(())
    }

    /// Increment the counter.
    pub fn increment(ctx: Context<Increment>) -> Result<()> {
        let counter = &mut ctx.accounts.counter;
        counter.count += 1;
        Ok(())
    }

    /// ... Other instructions for delegation, permission, and privacy
}

pub const COUNTER_SEED: &[u8] = b"counter";

/// Context for initializing counter
#[derive(Accounts)]
pub struct Initialize<'info> {
    #[account(init_if_needed, payer = user, space = 8 + 8, seeds = [COUNTER_SEED], bump)]
    pub counter: Account<'info, Counter>,
    #[account(mut)]
    pub user: Signer<'info>,
    pub system_program: Program<'info, System>,
}

/// Context for incrementing counter
#[derive(Accounts)]
pub struct Increment<'info> {
    #[account(mut, seeds = [COUNTER_SEED], bump)]
    pub counter: Account<'info, Counter>,
}

/// Counter struct
#[account]
pub struct Counter {
    pub count: u64,
}

/// Other context and accounts for delegation and privacy ...

⬆️ Back to Top

Two symmetric instructions handle the full privacy lifecycle through MagicBlock’s Permission Program ACLseoPoyC3cBqoUtkbjZ4aDrkurZW86v19pXz2XQnp1 and Delegation Program DELeGGvXpWV2fqJUhqcF5ZSYMS4JTLjteaAMARRSaeSh. delegate creates the permission account, delegates it, and then delegates the counter to the TEE validator — all in one CPI flow. undelegate mirrors the reverse: it commits and undelegates both the permission account and the counter atomically in a single ER transaction. See access control for the full lifecycle.

These public validators are supported for development. Make sure to add the specific ER validator in your delegation instruction:

Mainnet

Asia (as.magicblock.app): MAS1Dt9qreoRMQ14YQuhg8UTZMMzDdKhmkZMECCzk57
EU (eu.magicblock.app): MEUGGrYPxKk17hCr7wpT6s8dtNokZj5U2L57vjYMS8e
US (us.magicblock.app): MUS3hc9TCw4cGC12vHNoYcCGzJG1txjgQLZWVoeNHNd
TEE (mainnet-tee.magicblock.app): MTEWGuqxUpYZGFJQcp8tLN7x5v9BSeoFHYWQQ3n3xzo

Devnet

Asia (devnet-as.magicblock.app): MAS1Dt9qreoRMQ14YQuhg8UTZMMzDdKhmkZMECCzk57
EU (devnet-eu.magicblock.app): MEUGGrYPxKk17hCr7wpT6s8dtNokZj5U2L57vjYMS8e
US (devnet-us.magicblock.app): MUS3hc9TCw4cGC12vHNoYcCGzJG1txjgQLZWVoeNHNd
TEE (devnet-tee.magicblock.app): MTEWGuqxUpYZGFJQcp8tLN7x5v9BSeoFHYWQQ3n3xzo

Localnet

Local ER (localhost:7799): mAGicPQYBMvcYveUZA5F5UNNwyHvfYh5xkLS2Fr1mev

use ephemeral_rollups_sdk::access_control::instructions::{
    CommitAndUndelegatePermissionCpiBuilder, CreatePermissionCpiBuilder,
    DelegatePermissionCpiBuilder,
};
use ephemeral_rollups_sdk::access_control::structs::{Member, MembersArgs, PERMISSION_SEED};
use ephemeral_rollups_sdk::anchor::{commit, delegate, ephemeral};
use ephemeral_rollups_sdk::consts::PERMISSION_PROGRAM_ID;
use ephemeral_rollups_sdk::cpi::DelegateConfig;
use ephemeral_rollups_sdk::ephem::MagicIntentBundleBuilder;

#[ephemeral] // Adds undelegation instruction for the ER validator
#[program]
pub mod private_counter {
    use super::*;

    /// Delegate the counter privately:
    /// 1. Create the permission account
    /// 2. Delegate the permission account
    /// 3. Delegate the counter itself
    pub fn delegate(
        ctx: Context<DelegateCounterPrivately>,
        members: Option<Vec<Member>>,
    ) -> Result<()> {
        let validator = ctx.accounts.validator.as_ref();

        // 1. Create the permission account (skip if it already exists).
        if ctx.accounts.permission.data_is_empty() {
            CreatePermissionCpiBuilder::new(&ctx.accounts.permission_program)
                .permissioned_account(&ctx.accounts.counter.to_account_info())
                .permission(&ctx.accounts.permission.to_account_info())
                .payer(&ctx.accounts.payer.to_account_info())
                .system_program(&ctx.accounts.system_program.to_account_info())
                .args(MembersArgs { members })
                .invoke_signed(&[&[COUNTER_SEED, &[ctx.bumps.counter]]])?;
        }

        // 2. Delegate the permission account (skip if already delegated).
        if ctx.accounts.permission.owner != &ephemeral_rollups_sdk::id() {
            DelegatePermissionCpiBuilder::new(&ctx.accounts.permission_program.to_account_info())
                .permissioned_account(&ctx.accounts.counter.to_account_info(), true)
                .permission(&ctx.accounts.permission.to_account_info())
                .payer(&ctx.accounts.payer.to_account_info())
                .authority(&ctx.accounts.counter.to_account_info(), false)
                .system_program(&ctx.accounts.system_program.to_account_info())
                .owner_program(&ctx.accounts.permission_program.to_account_info())
                .delegation_buffer(&ctx.accounts.buffer_permission.to_account_info())
                .delegation_metadata(&ctx.accounts.delegation_metadata_permission.to_account_info())
                .delegation_record(&ctx.accounts.delegation_record_permission.to_account_info())
                .delegation_program(&ctx.accounts.delegation_program.to_account_info())
                .validator(validator)
                .invoke_signed(&[&[COUNTER_SEED, &[ctx.bumps.counter]]])?;
        }

        // 3. Delegate the counter (skip if already delegated).
        if ctx.accounts.counter.owner != &ephemeral_rollups_sdk::id() {
            ctx.accounts.delegate_counter(
                &ctx.accounts.payer,
                &[COUNTER_SEED],
                DelegateConfig {
                    validator: validator.map(|v| v.key()),
                    ..Default::default()
                },
            )?;
        }
        Ok(())
    }

    /// Undelegate the counter privately:
    /// 1. Commit and undelegate the permission account via the Permission Program
    /// 2. Commit and undelegate the counter via the ephemeral rollups SDK
    ///
    /// Both intents are scheduled on `magic_context` in the same ER transaction
    /// and applied together when the transaction is sealed back to the base layer.
    pub fn undelegate(ctx: Context<UndelegateCounter>) -> Result<()> {
        // 1. Commit and undelegate the permission account
        CommitAndUndelegatePermissionCpiBuilder::new(
            &ctx.accounts.permission_program.to_account_info(),
        )
        .authority(&ctx.accounts.payer.to_account_info(), true)
        .permissioned_account(&ctx.accounts.counter.to_account_info(), true)
        .permission(&ctx.accounts.permission.to_account_info())
        .magic_context(&ctx.accounts.magic_context.to_account_info())
        .magic_program(&ctx.accounts.magic_program.to_account_info())
        .invoke_signed(&[&[COUNTER_SEED, &[ctx.bumps.counter]]])?;

        // 2. Commit and undelegate the counter
        MagicIntentBundleBuilder::new(
            ctx.accounts.payer.to_account_info(),
            ctx.accounts.magic_context.to_account_info(),
            ctx.accounts.magic_program.to_account_info(),
        )
        .commit_and_undelegate(&[ctx.accounts.counter.to_account_info()])
        .build_and_invoke()?;
        Ok(())
    }
}

/// Delegate context for the counter and its permission account.
#[delegate] // Enable delegation
#[derive(Accounts)]
pub struct DelegateCounterPrivately<'info> {
    pub payer: Signer<'info>,
    /// CHECK: The PDA to delegate
    #[account(mut, del, seeds = [COUNTER_SEED], bump)]
    pub counter: AccountInfo<'info>,
    /// CHECK: Permission account for the counter PDA
    #[account(
        mut,
        seeds = [PERMISSION_SEED, counter.key().as_ref()],
        bump,
        seeds::program = permission_program.key()
    )]
    pub permission: AccountInfo<'info>,
    /// CHECK: Buffer for permission delegation
    #[account(
        mut,
        seeds = [ephemeral_rollups_sdk::pda::DELEGATE_BUFFER_TAG, permission.key().as_ref()],
        bump,
        seeds::program = PERMISSION_PROGRAM_ID
    )]
    pub buffer_permission: AccountInfo<'info>,
    /// CHECK: Delegation record for permission
    #[account(
        mut,
        seeds = [ephemeral_rollups_sdk::pda::DELEGATION_RECORD_TAG, permission.key().as_ref()],
        bump,
        seeds::program = ephemeral_rollups_sdk::id()
    )]
    pub delegation_record_permission: AccountInfo<'info>,
    /// CHECK: Delegation metadata for permission
    #[account(
        mut,
        seeds = [ephemeral_rollups_sdk::pda::DELEGATION_METADATA_TAG, permission.key().as_ref()],
        bump,
        seeds::program = ephemeral_rollups_sdk::id()
    )]
    pub delegation_metadata_permission: AccountInfo<'info>,
    /// CHECK: Permission Program
    #[account(address = PERMISSION_PROGRAM_ID)]
    pub permission_program: AccountInfo<'info>,
    pub system_program: Program<'info, System>,
    /// CHECK: Checked by the delegate program
    pub validator: Option<AccountInfo<'info>>,
}

/// Undelegate context for the counter and its permission account.
/// `#[commit]` injects `magic_context` and `magic_program`.
#[commit]
#[derive(Accounts)]
pub struct UndelegateCounter<'info> {
    #[account(mut)]
    pub payer: Signer<'info>,
    #[account(mut, seeds = [COUNTER_SEED], bump)]
    pub counter: Account<'info, Counter>,
    /// CHECK: Checked by the permission program
    #[account(
        mut,
        seeds = [PERMISSION_SEED, counter.key().as_ref()],
        bump,
        seeds::program = permission_program.key()
    )]
    pub permission: AccountInfo<'info>,
    /// CHECK: Permission Program
    #[account(address = PERMISSION_PROGRAM_ID)]
    pub permission_program: UncheckedAccount<'info>,
}

⬆️ Back to Top

Now you’re program is upgraded and ready! Build and deploy to the desired cluster:

  anchor build && anchor deploy

⬆️ Back to Top

Set up interaction with ER RPC in TEE:

Verify integrity of TEE RPC via https://pccs.phala.network/tdx/certification/v4
Request an authorization token for user to interact with TEE endpoint

Web3.js

import {
  verifyTeeRpcIntegrity,
  getAuthToken,
} from "@magicblock-labs/ephemeral-rollups-sdk";

// Verify the integrity of the TEE RPC
const isVerified = await verifyTeeRpcIntegrity(EPHEMERAL_RPC_URL);

// Get an auth token before making requests to the TEE
const token = await getAuthToken(
  EPHEMERAL_RPC_URL,
  wallet.publicKey,
  (message: Uint8Array) =>
    Promise.resolve(nacl.sign.detached(message, wallet.secretKey)),
);

⬆️ Back to Top

Test your program with the Private Ephemeral Rollup connection:https://devnet-tee.magicblock.app?token=${token}

These public validators are supported for development. Make sure to add the specific ER validator in your delegation instruction:

Mainnet

Asia (as.magicblock.app): MAS1Dt9qreoRMQ14YQuhg8UTZMMzDdKhmkZMECCzk57
EU (eu.magicblock.app): MEUGGrYPxKk17hCr7wpT6s8dtNokZj5U2L57vjYMS8e
US (us.magicblock.app): MUS3hc9TCw4cGC12vHNoYcCGzJG1txjgQLZWVoeNHNd
TEE (mainnet-tee.magicblock.app): MTEWGuqxUpYZGFJQcp8tLN7x5v9BSeoFHYWQQ3n3xzo

Devnet

Asia (devnet-as.magicblock.app): MAS1Dt9qreoRMQ14YQuhg8UTZMMzDdKhmkZMECCzk57
EU (devnet-eu.magicblock.app): MEUGGrYPxKk17hCr7wpT6s8dtNokZj5U2L57vjYMS8e
US (devnet-us.magicblock.app): MUS3hc9TCw4cGC12vHNoYcCGzJG1txjgQLZWVoeNHNd
TEE (devnet-tee.magicblock.app): MTEWGuqxUpYZGFJQcp8tLN7x5v9BSeoFHYWQQ3n3xzo

Localnet

Local ER (localhost:7799): mAGicPQYBMvcYveUZA5F5UNNwyHvfYh5xkLS2Fr1mev

Quick Access

Check out example:

GitHub

Private Counter Anchor Implementation

Live Example App

Try the Private Counter

⬆️ Back to Top

Access Control

Fine-grained Access Control

On-chain Privacy

Privacy Mechanisms and Concepts

Authorization

Authorization Framework

Compliance Framework

Compliance Standards and Guidelines

Solana Explorer

Get insights about your transactions and accounts on Solana:

Solana Explorer

Official Solana Explorer

Solscan

Explore Solana Blockchain

Solana RPC Providers

Send transactions and requests through existing RPC providers:

Solana

Free Public Nodes

Helius

Free Shared Nodes

Triton

Dedicated High-Performance Nodes

Solana Validator Dashboard

Find real-time updates on Solana’s validator infrastructure:

Solana Beach

Get Validator Insights

Validators App

Discover Validator Metrics

Server Status

Subscribe to Solana’s and MagicBlock’s server status:

Solana Status

Subscribe to Solana Server Updates

MagicBlock Status

Subscribe to MagicBlock Server Status

MagicBlock Products

Ephemeral Rollup (ER)

Execute real-time, zero-fee transactions securely on Solana.

Private Ephemeral Rollup (PER)

Protect sensitive data with compliance — built on top of Ephemeral Rollups.

Private Payment API

Add private onchain transfers to your app in seconds — compliant by default.

Verifiable Randomness Function (VRF)

Add provably fair onchain randomness within a second — for free.

Pricing Oracle

Access low-latency onchain price feeds for trading and DeFi.

How-to-Guide

Reference Material

Private Payments API

Quick Access

GitHub

Live Example App

Step-By-Step Guide

Private Counter Example

Code Snippets

Quick Access

GitHub

Live Example App

Access Control

On-chain Privacy

Authorization

Compliance Framework

Solana Explorer

Solana Explorer

Solscan

Solana RPC Providers

Solana

Helius

Triton

Solana Validator Dashboard

Solana Beach

Validators App

Server Status

Solana Status

MagicBlock Status

MagicBlock Products

Ephemeral Rollup (ER)

Private Ephemeral Rollup (PER)

Private Payment API

Verifiable Randomness Function (VRF)

Pricing Oracle

How-to-Guide

Reference Material

Private Payments API

Documentation Index

​Quick Access

GitHub

Live Example App

​Step-By-Step Guide

​Private Counter Example

​Code Snippets

​Quick Access

GitHub

Live Example App

Access Control

On-chain Privacy

Authorization

Compliance Framework

​Solana Explorer

Solana Explorer

Solscan

​Solana RPC Providers

Solana

Helius

Triton

​Solana Validator Dashboard

Solana Beach

Validators App

​Server Status

Solana Status

MagicBlock Status

​MagicBlock Products

Ephemeral Rollup (ER)

Private Ephemeral Rollup (PER)

Private Payment API

Verifiable Randomness Function (VRF)

Pricing Oracle

Quick Access

Step-By-Step Guide

Private Counter Example

Code Snippets

Quick Access

Solana Explorer

Solana RPC Providers

Solana Validator Dashboard

Server Status

MagicBlock Products