chore: bump anchor v1

[codewithgun]

Changes

• Upgrade to anchor v1
• Use only bun as package manager + runtime for test instead of combined package manager such as pnpm + yarn. bun is more memory efficient
• Added cargo fmt check for CI

TODO

• Close existing IDL account before deployment because the IDL account update will no longer in the program itself.

1. Close existing IDL account before deployment
2. Deploy anchor v1.0.0 program
3. anchor idl init
   https://github.com/solana-foundation/anchor/blob/7b108db7987afedd1e72edd783d7fc00416e213f/docs/content/docs/updates/release-notes/1-0-0.mdx#legacy-idl-instructions-replaced-by-program-metadata

Program metadata: https://github.com/solana-program/program-metadata

[codewithgun]

/bot review

[metoeraag-bot]

Bot Agent progress: /bot review

• PR: chore: bump anchor v1 #201
• Started: 2026-04-07T06:22:51.056Z
• Last update: 2026-04-07T06:31:36.287Z

Progress:

• Repo checks (2 ok, 0 failed)
• Context build
• Codex review (1 pass)
• Parallel review (Claude (API) + Codex merged)
• Post review

[metoeraag-bot]

Verdict

Comment

Summary

Posted 1 validated inline finding(s) after final filtering.

Findings

• [P3] .gitignore:14 Nit: file doesn't end with a newline (\ No newline at end of file). Consider adding a trailing newline for POSIX compliance.

Potential concerns (lower confidence)

• [P1] .github/workflows/ci.yml:137 The CI test job runs bun run build-local-test which does bun run build-local && bun run test. The test script sets ANCHOR_WALLET=keys/local/admin-bossj3JvwiNK7pvjr149DqdtJxf2gdygbcmEPTkb2F1.json. This wallet key file must exist in the repo/CI environment. If it's gitignored or not committed, CI will fail. Please verify this key file is checked into the repository.
• [P2] .github/actions/setup-anchor/action.yml:10 The cache only covers ~/.cargo/bin/anchor, but cargo install may also place related files or dependencies elsewhere. Consider expanding the cache path to ~/.cargo/bin/anchor* or verifying that caching just the binary is sufficient for your use case. Also, if the anchor binary links to shared libraries, a cached binary from a different runner image version might not work.
• [P2] .github/workflows/ci.yml:68 The setup-bun step is added for anchor_build but missing the bun install step. The bun run build-local command at line 78 invokes anchor build --ignore-keys -- --features local which shouldn't need node_modules, but if anchor's build process or any tooling requires JS dependencies, this could fail. Verify that bun install isn't needed here (it is added for the test job but not the build job).
• [P2] Anchor.toml:15 The [hooks] section is empty. In anchor v1, [scripts] was replaced by [hooks], but an empty hooks section means anchor test won't run any test command. This is fine if you only use bun run test directly, but worth noting that anchor test will no longer work as before.
• [P3] programs/cp-amm/src/lib.rs:1 The comment says "Ignored due to solana-foundation/anchor#4378" but the #![allow(unexpected_cfgs)] was removed. The workspace Cargo.toml now has unexpected_cfgs as a warn with check-cfg. If anchor issue 4378 is about unexpected cfg warnings from anchor macros, the workspace-level check-cfg should handle it. Just confirm that the anchor macros don't emit cfgs outside of target_os = "solana".

Repo checks

Repo Checks

• LLM checks planner: Failed to parse LLM output as JSON.

• cargo fetch --locked: ok

• cargo check --workspace: ok

 solana-loader-v2-interface v2.2.1
    Checking spl-pod v0.7.3
    Checking spl-token-confidential-transfer-proof-generation v0.5.1
    Checking solana-loader-v3-interface v6.1.0
    Checking spl-token-group-interface v0.7.2
    Checking solana-feature-gate-interface v3.1.0
    Checking spl-token-confidential-transfer-proof-extraction v0.5.1
    Checking spl-token-metadata-interface v0.8.0
    Checking zap-sdk v0.1.0 (https://github.com/MeteoraAg/zap-program?rev=064c58b317b9a85f212c0de72caea286fc72fdb4#064c58b3)
    Checking spl-token-interface v2.0.0
   Compiling anchor-derive-serde v1.0.0
   Compiling anchor-attribute-account v1.0.0
   Compiling anchor-attribute-event v1.0.0
   Compiling anchor-attribute-error v1.0.0
   Compiling anchor-attribute-constant v1.0.0
   Compiling anchor-derive-accounts v1.0.0
   Compiling anchor-attribute-program v1.0.0
    Checking spl-token-2022-interface v2.1.0
    Checking spl-associated-token-account-interface v2.0.0
    Checking solana-secp256k1-recover v2.2.1
    Checking solana-program v2.3.0
   Compiling anchor-attribute-account v0.31.1
   Compiling anchor-attribute-access-control v0.31.1
   Compiling anchor-attribute-error v0.31.1
   Compiling anchor-derive-serde v0.31.1
   Compiling anchor-derive-accounts v0.31.1
   Compiling anchor-attribute-event v0.31.1
   Compiling anchor-attribute-constant v0.31.1
   Compiling anchor-attribute-program v0.31.1
    Checking anchor-lang v1.0.0
    Checking anchor-lang v0.31.1
    Checking anchor-spl v1.0.0
    Checking jupiter v0.1.0 (https://github.com/MeteoraAg/zap-program?rev=064c58b317b9a85f212c0de72caea286fc72fdb4#064c58b3)
    Checking protocol-zap v0.1.0 (https://github.com/MeteoraAg/zap-program?rev=064c58b317b9a85f212c0de72caea286fc72fdb4#064c58b3)
    Checking cp-amm v0.2.1 (/data/workdir/2962945/MeteoraAg/damm-v2/programs/cp-amm)
    Checking rust-sdk v0.2.0 (/data/workdir/2962945/MeteoraAg/damm-v2/rust-sdk)
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 23.74s

[codewithgun]

/bot review

[metoeraag-bot]

Bot Agent progress: /bot review

• PR: chore: bump anchor v1 #201
• Started: 2026-04-07T06:48:41.856Z
• Last update: 2026-04-07T06:57:06.050Z

Progress:

• Repo checks (2 ok, 0 failed)
• Context build
• Codex review (1 pass)
• Parallel review (Claude (API) + Codex merged)
• Post review

[metoeraag-bot]

Verdict

Request changes

Summary

Posted 1 validated inline finding(s) after final filtering.

Findings

• [P1] .github/workflows/ci.yml:68 The anchor_build job now uses bun run build-local (which builds with --features local) instead of the previous anchor build (no features). This means CI is no longer building the production (non-local) variant. If there are any #[cfg(feature = "local")] guards that change behavior, CI won't catch compilation issues in the default/production build. Consider adding a separate step or job that runs anchor build --ignore-keys without --features local to validate the production build.

Potential concerns (lower confidence)

• [P1] programs/cp-amm/src/instructions/ix_close_position.rs:64 The change from ctx.accounts.token_program.to_account_info() to *ctx.accounts.token_program.key changes the first argument to CpiContext::new from an AccountInfo to a Pubkey. In Anchor v1, CpiContext::new expects a program ID (Pubkey) as the first argument instead of AccountInfo. Please verify this matches the Anchor v1 API — if CpiContext::new still expects AccountInfo, this would be a compilation error (though cargo check passes, so this is likely correct for v1).
• [P2] .github/actions/setup-anchor/action.yml:10 The cache only stores ~/.cargo/bin/anchor, but anchor-cli may also install other binaries or depend on shared libraries. If the anchor CLI is a single static binary this is fine, but if it has dependencies in ~/.cargo/registry or elsewhere, the cache restore could result in a broken installation. Consider also caching ~/.cargo/registry and ~/.cargo/git or verifying the cached binary works with a health check step (e.g., anchor --version).
• [P2] .github/workflows/ci.yml:134 The setup-bun action is placed after the node_modules cache step. If the cache is hit, bun install will still run but should be a no-op. However, setup-bun should ideally be placed before the cache check so that the bun version is available when computing the cache key (though the cache key is based on bun.lock hash, not bun version, so this is minor).
• [P2] .github/workflows/ci.yml:137 The anchor_test job runs bun run build-local-test which does bun run build-local && bun run test. But the anchor_build job (which this depends on via needs: anchor_build) already builds. The build artifact isn't shared between jobs (no artifact upload/download), so this job will rebuild from scratch. Consider either: (1) uploading the build artifact from anchor_build and downloading it here, or (2) removing the anchor_build dependency since this job rebuilds anyway.
• [P2] Anchor.toml:15 The [hooks] section is empty. In Anchor v1, if you previously relied on [scripts] for anchor test, the empty [hooks] section means anchor test won't run any test command. This is likely intentional since tests are now run via bun run test directly, but worth confirming that no CI or developer workflow depends on anchor test.
• [P3] programs/cp-amm/src/instructions/swap/ix_p_swap.rs:17 The import of get_processed_sibling_instruction changed from anchor_lang::solana_program::instruction to solana_instruction::syscalls. This is a necessary change for the Solana SDK v3 migration. Just confirming the function signature is compatible — the solana_instruction::syscalls::get_processed_sibling_instruction should have the same behavior as the previous one.
• [P3] programs/cp-amm/src/lib.rs:1 The comment references solana-foundation/anchor#4378 but the #![allow(unexpected_cfgs)] was removed. Is the linked issue resolved in Anchor v1? The workspace Cargo.toml now has unexpected_cfgs in [workspace.lints.rust] with check-cfg, so this is likely handled there. The comment on this line seems orphaned — it says "Ignored due to..." but there's nothing being ignored on this line anymore. Consider removing the comment.

Repo checks

Repo Checks

• LLM checks planner: Failed to parse LLM output as JSON.

• cargo fetch --locked: ok

• cargo check --workspace: ok

Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.29s