Governance
Multisig, overrides, authority and guardian rotation, config changes, and recovery.
The governance domain covers the emergency multisig, guardian overrides,
authority/guardian rotation, timelocked config changes, and break-glass
recovery. Builders live under instructions::governance::* (recovery builders
under instructions::recovery). Examples assume:
use aura_sdk::{anchor_accounts as accounts, types::*, AuraClient};
use solana_sdk::signature::{Keypair, Signer};
let client = AuraClient::devnet();
let now = chrono::Utc::now().timestamp();
// `treasury` is the treasury PDA; `owner`/`guardian` are Keypairs.configure_multisig
Sets guardians, per-guardian weights, and the approval threshold. Accounts:
owner (s), treasury (w).
let sig = client.configure_multisig(&owner, treasury, ConfigureMultisigArgs {
required_signatures: 1,
guardians: vec![guardian1.pubkey(), guardian2.pubkey()],
guardian_weights: vec![1, 1], // empty = plain M-of-N
required_approval_weight: 1, // 0 falls back to the count quorum
timestamp: now,
})?;propose_override
Guardian-proposes a temporary daily-limit override (positional args). Accounts:
guardian (s), treasury (w).
let sig = client.propose_override(&guardian1, treasury, 50_000 /* new_daily_limit_usd */, now)?;collect_override_signature
Adds another guardian's signature to a pending override. Accounts: guardian
(s), treasury (w).
let sig = client.collect_override_signature(&guardian2, treasury, now)?;propose_ai_rotation
Proposes rotating the AI authority (starts the timelock). Accounts: owner (s),
treasury (w).
let sig = client.propose_ai_rotation(&owner, treasury, next_ai.pubkey(), now)?;execute_ai_rotation
Executes a matured AI-authority rotation. Accounts: owner (s), treasury (w).
let sig = client.execute_ai_rotation(&owner, treasury, now)?;cancel_ai_rotation
Cancels a pending AI-authority rotation. Accounts: owner (s), treasury (w).
let sig = client.cancel_ai_rotation(&owner, treasury, now)?;propose_config_change
Proposes a timelocked policy-config change. new_policy_config is a full
PolicyConfigRecord. Accounts:
owner (s), treasury (w).
let sig = client.propose_config_change(&owner, treasury, 1 /* change_id */, new_policy_config, now)?;execute_config_change
Executes a matured config change. Accounts: owner (s), treasury (w).
let sig = client.execute_config_change(&owner, treasury, 1 /* change_id */, now)?;veto_config_change
Guardian-vetoes a pending config change during the timelock. Accounts:
guardian (s), treasury (w).
let sig = client.veto_config_change(&guardian1, treasury, 1 /* change_id */, now)?;propose_guardian_rotation
Proposes adding (action: 0) or removing (action: 1) a guardian. Accounts:
guardian (s), treasury (w).
let sig = client.propose_guardian_rotation(&guardian1, treasury, 0, guardian3.pubkey(), now)?;execute_guardian_rotation
Executes a matured guardian rotation. Accounts: guardian (s), treasury (w).
let sig = client.execute_guardian_rotation(&guardian1, treasury, now)?;emergency_shutdown
Halts the treasury and records a recovery key. Accounts: owner (s), treasury
(w).
let sig = client.emergency_shutdown(&owner, treasury, recovery.pubkey(), now)?;register_recovery_destination
Registers a break-glass recovery destination for a chain. Accounts: owner (s),
treasury (w) via RecoveryConfig.
let sig = client.register_recovery_destination(
&owner,
accounts::RecoveryConfig { owner: owner.pubkey(), treasury },
RegisterRecoveryDestinationArgs {
chain: 2,
address: "0x000000000000000000000000000000000000dead".to_string(),
now,
},
)?;break_glass_recover
Break-glass recovers funds to the registered destination. Accounts: owner (s),
treasury (w) via BreakGlassRecover.
let sig = client.break_glass_recover(
&owner,
accounts::BreakGlassRecover { owner: owner.pubkey(), treasury },
BreakGlassRecoverArgs { chain: 2, amount_usd: 1_000, now },
)?;break_glass_transfer_authority
Break-glass transfers dWallet authority (dWallet CPI). Accounts: owner (s),
treasury (w), dwallet (w), caller_program, cpi_authority,
dwallet_program.
let sig = client.break_glass_transfer_authority(
&owner,
accounts::BreakGlassTransferAuthority {
owner: owner.pubkey(),
treasury,
dwallet,
caller_program,
cpi_authority,
dwallet_program,
},
BreakGlassTransferAuthorityArgs { chain: 2, new_authority: recovery.pubkey(), now },
)?;Break-glass transfers use dWallet CPI
break_glass_transfer_authority co-signs through the Ika dWallet program —
derive the authorities with the
dWallet PDA helpers.