token-cli: Bump version to 2.0.13

* chore: move realm from config to governance account direct field

* chore: move governed_account from config to governance account direct field

* chore: update comments

* chore: make clippy happy

Co-authored-by: Jon Cinque <jon.cinque@gmail.com>

.github/workflows/pull-request-binary-oracle-pair.yml

@@ -0,0 +1,59 @@
+name: Binary Oracle Pair Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'binary-oracle-pair/**'
+    - 'token/**'
+  push:
+    branches: [master]
+    paths:
+    - 'binary-oracle-pair/**'
+    - 'token/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh binary-oracle-pair

.github/workflows/pull-request-docs.yml

@@ -10,7 +10,34 @@ on:
     - 'docs/**'
 
 jobs:
-  all_github_action_checks:
+  check_non_docs:
+    outputs:
+      run_all_github_action_checks: ${{ steps.check_files.outputs.run_all_github_action_checks }}
     runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - name: check modified files
+        id: check_files
+        run: |
+          echo "========== check paths of modified files =========="
+          echo "::set-output name=run_all_github_action_checks::true"
+          git diff --name-only HEAD^ HEAD > files.txt
+          while IFS= read -r file
+          do
+            if [[ $file != docs/** ]]; then
+              echo "Found modified non-'docs' file(s)"
+              echo "::set-output name=run_all_github_action_checks::false"
+              break
+            fi
+          done < files.txt
+
+  all_github_action_checks:
+    runs-on: ubuntu-latest
+    needs: check_non_docs
+    if: needs.check_non_docs.outputs.run_all_github_action_checks == 'true'
     steps:
       - run: echo "Done"

.github/workflows/pull-request-examples.yml

@@ -0,0 +1,57 @@
+name: Examples Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'examples/rust/**'
+  push:
+    branches: [master]
+    paths:
+    - 'examples/rust/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh examples/rust

.github/workflows/pull-request-feature-proposal.yml

@@ -0,0 +1,59 @@
+name: Feature Proposal Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'feature-proposal/**'
+    - 'token/**'
+  push:
+    branches: [master]
+    paths:
+    - 'feature-proposal/**'
+    - 'token/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh feature-proposal

.github/workflows/pull-request-governance.yml

@@ -0,0 +1,59 @@
+name: Governance Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'governance/**'
+    - 'token/**'
+  push:
+    branches: [master]
+    paths:
+    - 'governance/**'
+    - 'token/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh governance

.github/workflows/pull-request-libraries.yml

@@ -0,0 +1,57 @@
+name: Libraries Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'libraries/**'
+  push:
+    branches: [master]
+    paths:
+    - 'libraries/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh libraries

.github/workflows/pull-request-memo.yml

@@ -0,0 +1,57 @@
+name: Memo Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'memo/**'
+  push:
+    branches: [master]
+    paths:
+    - 'memo/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh memo

.github/workflows/pull-request-name-service.yml

@@ -0,0 +1,57 @@
+name: Name Service Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'name-service/**'
+  push:
+    branches: [master]
+    paths:
+    - 'name-service/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh name-service

.github/workflows/pull-request-record.yml

@@ -0,0 +1,57 @@
+name: Record Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'record/**'
+  push:
+    branches: [master]
+    paths:
+    - 'record/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh record

.github/workflows/pull-request-shared-memory.yml

@@ -0,0 +1,57 @@
+name: Shared Memory Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'shared-memory/**'
+  push:
+    branches: [master]
+    paths:
+    - 'shared-memory/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh shared-memory

.github/workflows/pull-request-stake-pool.yml

@@ -0,0 +1,59 @@
+name: Stake Pool Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'stake-pool/**'
+    - 'token/**'
+  push:
+    branches: [master]
+    paths:
+    - 'stake-pool/**'
+    - 'token/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh stake-pool

.github/workflows/pull-request-token-lending.yml

@@ -0,0 +1,90 @@
+name: Token Lending Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'token-lending/**'
+    - 'token/**'
+  push:
+    branches: [master]
+    paths:
+    - 'token-lending/**'
+    - 'token/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh token-lending
+
+      - name: Upload programs
+        uses: actions/upload-artifact@v2
+        with:
+          name: token-lending-programs
+          path: "target/deploy/*.so"
+          if-no-files-found: error
+
+  js-test:
+    runs-on: ubuntu-latest
+    env:
+      NODE_VERSION: 12.x
+    needs: cargo-test-bpf
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+      - uses: actions/cache@v2
+        with:
+          path: ~/.npm
+          key: node-${{ hashFiles('token-lending/js/package-lock.json') }}
+          restore-keys: |
+            node-
+      - name: Download programs
+        uses: actions/download-artifact@v2
+        with:
+          name: token-lending-programs
+          path: target/deploy
+      - run: ./ci/js-test-token-lending.sh

.github/workflows/pull-request-token-swap.yml

@@ -0,0 +1,154 @@
+name: Token Swap Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'token-swap/**'
+    - 'token/**'
+    - 'libraries/math/**'
+  push:
+    branches: [master]
+    paths:
+    - 'token-swap/**'
+    - 'token/**'
+    - 'libraries/math/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh token-swap
+
+      - name: Build production version
+        run: |
+          cargo +"$RUST_STABLE" build-bpf \
+            --manifest-path=token-swap/program/Cargo.toml \
+            --features production \
+            --bpf-out-dir target/deploy-production
+        env:
+          SWAP_PROGRAM_OWNER_FEE_ADDRESS: HfoTxFR1Tm6kGmWgYWD6J7YHVy1UwqSULUGVLXkJqaKN
+
+      - name: Move production version for upload
+        run: |
+          mv target/deploy-production/spl_token_swap.so target/deploy/spl_token_swap_production.so
+
+      - name: Upload programs
+        uses: actions/upload-artifact@v2
+        with:
+          name: token-swap-programs
+          path: "target/deploy/*.so"
+          if-no-files-found: error
+
+  js-test:
+    runs-on: ubuntu-latest
+    env:
+      NODE_VERSION: 12.x
+    needs: cargo-test-bpf
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+      - uses: actions/cache@v2
+        with:
+          path: ~/.npm
+          key: node-${{ hashFiles('token-swap/js/package-lock.json') }}
+          restore-keys: |
+            node-
+      - name: Download programs
+        uses: actions/download-artifact@v2
+        with:
+          name: token-swap-programs
+          path: target/deploy
+      - run: ./ci/js-test-token-swap.sh
+
+  fuzz:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: token-swap-fuzz-${{ hashFiles('**/Cargo.lock') }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/cargo-hfuzz
+            ~/.cargo/bin/cargo-honggfuzz
+          key: cargo-fuzz-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+          restore-keys: |
+            solana-
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Run fuzz target
+        run: ./ci/fuzz.sh token-swap-instructions 30 # 30 seconds, just to check everything is ok

.github/workflows/pull-request-token.yml

@@ -0,0 +1,93 @@
+name: Token Pull Request
+
+on:
+  pull_request:
+    paths:
+    - 'associated-token-account/**'
+    - 'token/**'
+  push:
+    branches: [master]
+    paths:
+    - 'associated-token-account/**'
+    - 'token/**'
+
+jobs:
+  cargo-test-bpf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set env vars
+        run: |
+          source ci/rust-version.sh
+          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
+          source ci/solana-version.sh
+          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_STABLE }}
+          override: true
+          profile: minimal
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-build-${{ hashFiles('**/Cargo.lock') }}-${{ env.RUST_STABLE}}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cargo/bin/rustfilt
+          key: cargo-bpf-bins-${{ runner.os }}
+
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache
+          key: solana-${{ env.SOLANA_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          ./ci/install-build-deps.sh
+          ./ci/install-program-deps.sh
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh token
+
+      - name: Build and test
+        run: ./ci/cargo-test-bpf.sh associated-token-account
+
+      - name: Upload programs
+        uses: actions/upload-artifact@v2
+        with:
+          name: token-programs
+          path: "target/deploy/*.so"
+          if-no-files-found: error
+
+  js-test:
+    runs-on: ubuntu-latest
+    env:
+      NODE_VERSION: 12.x
+    needs: cargo-test-bpf
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+      - uses: actions/cache@v2
+        with:
+          path: ~/.npm
+          key: node-${{ hashFiles('token/js/package-lock.json') }}
+          restore-keys: |
+            node-
+      - name: Download programs
+        uses: actions/download-artifact@v2
+        with:
+          name: token-programs
+          path: target/deploy
+      - run: ./ci/js-test-token.sh

.github/workflows/pull-request.yml

@@ -16,10 +16,6 @@ jobs:
       - rustfmt
       - clippy
       - cargo-build-test
-      - js-test-token
-      - js-test-token-swap
-      - js-test-token-lending
-      - fuzz
     steps:
       - run: echo "Done"
 
@@ -128,135 +124,3 @@ jobs:
 
       - name: Build and test
         run: ./ci/cargo-build-test.sh
-
-      - name: Upload programs
-        uses: actions/upload-artifact@v2
-        with:
-          name: programs
-          path: "target/deploy/*.so"
-          if-no-files-found: error
-
-  js-test-token:
-    runs-on: ubuntu-latest
-    env:
-      NODE_VERSION: 12.x
-    needs: cargo-build-test
-    steps:
-      - uses: actions/checkout@v2
-      - name: Use Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@v1
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-      - uses: actions/cache@v2
-        with:
-          path: ~/.npm
-          key: node-token-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            node-token-
-      - name: Download programs
-        uses: actions/download-artifact@v2
-        with:
-          name: programs
-          path: target/bpfel-unknown-unknown/release
-      - run: ./ci/js-test-token.sh
-
-  js-test-token-swap:
-    runs-on: ubuntu-latest
-    env:
-      NODE_VERSION: 12.x
-    needs: cargo-build-test
-    steps:
-      - uses: actions/checkout@v2
-      - name: Use Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@v1
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-      - uses: actions/cache@v2
-        with:
-          path: ~/.npm
-          key: node-token-swap-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            node-token-swap-
-      - name: Download programs
-        uses: actions/download-artifact@v2
-        with:
-          name: programs
-          path: target/deploy
-      - run: ./ci/js-test-token-swap.sh
-
-  js-test-token-lending:
-    runs-on: ubuntu-latest
-    env:
-      NODE_VERSION: 12.x
-    needs: cargo-build-test
-    steps:
-      - uses: actions/checkout@v2
-      - name: Use Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@v1
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-      - uses: actions/cache@v2
-        with:
-          path: ~/.npm
-          key: node-token-lending-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            node-token-lending-
-      - name: Download programs
-        uses: actions/download-artifact@v2
-        with:
-          name: programs
-          path: target/deploy
-      - run: ./ci/js-test-token-lending.sh
-
-  fuzz:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        fuzz_target: [token-swap-instructions]
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Set env vars
-        run: |
-          source ci/rust-version.sh
-          echo "RUST_STABLE=$rust_stable" >> $GITHUB_ENV
-          source ci/solana-version.sh
-          echo "SOLANA_VERSION=$solana_version" >> $GITHUB_ENV
-
-      - uses: actions-rs/toolchain@v1
-        with:
-          toolchain: ${{ env.RUST_STABLE }}
-          override: true
-          profile: minimal
-
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            target
-          key: cargo-fuzz-${{ hashFiles('**/Cargo.lock') }}
-
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/bin/cargo-hfuzz
-            ~/.cargo/bin/cargo-honggfuzz
-          key: cargo-fuzz-bins-${{ runner.os }}
-
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cache
-          key: solana-${{ env.SOLANA_VERSION }}
-          restore-keys: |
-            solana-
-
-      - name: Install dependencies
-        run: |
-          ./ci/install-build-deps.sh
-          ./ci/install-program-deps.sh
-          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
-
-      - name: Run fuzz target
-        run: ./ci/fuzz.sh ${{ matrix.fuzz_target }} 30 # 30 seconds, just to check everything is ok

.gitignore

@@ -8,3 +8,5 @@ node_modules
 hfuzz_target
 hfuzz_workspace
 **/*.so
+**/.DS_Store
+test-ledger

.mergify.yml

@@ -4,10 +4,21 @@
 #
 # https://doc.mergify.io/
 pull_request_rules:
+  - name: label changes from community
+    conditions:
+      - author≠@core-contributors
+      - author≠mergify[bot]
+      - author≠dependabot[bot]
+    actions:
+      label:
+        add:
+          - community
   - name: automatic merge (squash) on CI success
     conditions:
       - check-success=Travis CI - Pull Request
       - check-success=all_github_action_checks
+      - "#status-failure=0"
+      - "#status-neutral=0"
       - label=automerge
       - author≠@dont-squash-my-commits
     actions:
@@ -18,6 +29,8 @@ pull_request_rules:
     conditions:
       - check-success=Travis CI - Pull Request
       - check-success=all_github_action_checks
+      - "#status-failure=0"
+      - "#status-neutral=0"
       - label=automerge
       - author=@dont-squash-my-commits
     actions:

Cargo.toml

@@ -9,14 +9,16 @@ members = [
   "examples/rust/transfer-lamports",
   "feature-proposal/program",
   "feature-proposal/cli",
+  "governance/program",
   "libraries/math",
   "memo/program",
+  "name-service/program",
   "record/program",
   "shared-memory/program",
   "stake-pool/cli",
   "stake-pool/program",
+  "token-lending/cli",
   "token-lending/program",
-  "token-lending/client",
   "token-swap/program",
   "token-swap/program/fuzz",
   "token/cli",
@@ -29,3 +31,6 @@ exclude = [
   "themis/program_ristretto",
   "token/perf-monitor", # TODO: Rework perf-monitor to use solana-program-test, avoiding the need to link directly with the BPF VM
 ]
+
+[profile.dev]
+split-debuginfo = "unpacked"

associated-token-account/program/Cargo.toml

@@ -12,12 +12,12 @@ no-entrypoint = []
 test-bpf = []
 
 [dependencies]
-solana-program = "1.6.2"
+solana-program = "1.7.4"
 spl-token = { version = "3.1", path = "../../token/program", features = ["no-entrypoint"] }
 
 [dev-dependencies]
-solana-program-test = "1.6.2"
+solana-program-test = "1.7.4"
-solana-sdk = "1.6.2"
+solana-sdk = "1.7.4"
 
 [lib]
 crate-type = ["cdylib", "lib"]

associated-token-account/program/src/lib.rs

@@ -34,7 +34,7 @@ pub fn get_associated_token_address(
     wallet_address: &Pubkey,
     spl_token_mint_address: &Pubkey,
 ) -> Pubkey {
-    get_associated_token_address_and_bump_seed(&wallet_address, &spl_token_mint_address, &id()).0
+    get_associated_token_address_and_bump_seed(wallet_address, spl_token_mint_address, &id()).0
 }
 
 fn get_associated_token_address_and_bump_seed_internal(

associated-token-account/program/src/processor.rs

@@ -31,10 +31,10 @@ pub fn process_instruction(
     let rent_sysvar_info = next_account_info(account_info_iter)?;
 
     let (associated_token_address, bump_seed) = get_associated_token_address_and_bump_seed_internal(
-        &wallet_account_info.key,
+        wallet_account_info.key,
-        &spl_token_mint_info.key,
+        spl_token_mint_info.key,
         program_id,
-        &spl_token_program_id,
+        spl_token_program_id,
     );
     if associated_token_address != *associated_token_account_info.key {
         msg!("Error: Associated address does not match seed derivation");
@@ -62,7 +62,7 @@ pub fn process_instruction(
         );
         invoke(
             &system_instruction::transfer(
-                &funder_info.key,
+                funder_info.key,
                 associated_token_account_info.key,
                 required_lamports,
             ),
@@ -84,23 +84,23 @@ pub fn process_instruction(
             associated_token_account_info.clone(),
             system_program_info.clone(),
         ],
-        &[&associated_token_account_signer_seeds],
+        &[associated_token_account_signer_seeds],
     )?;
 
     msg!("Assign the associated token account to the SPL Token program");
     invoke_signed(
-        &system_instruction::assign(associated_token_account_info.key, &spl_token_program_id),
+        &system_instruction::assign(associated_token_account_info.key, spl_token_program_id),
         &[
             associated_token_account_info.clone(),
             system_program_info.clone(),
         ],
-        &[&associated_token_account_signer_seeds],
+        &[associated_token_account_signer_seeds],
     )?;
 
     msg!("Initialize the associated token account");
     invoke(
         &spl_token::instruction::initialize_account(
-            &spl_token_program_id,
+            spl_token_program_id,
             associated_token_account_info.key,
             spl_token_mint_info.key,
             wallet_account_info.key,

binary-oracle-pair/program/Cargo.toml

@@ -13,16 +13,16 @@ test-bpf = []
 [dependencies]
 num-derive = "0.3"
 num-traits = "0.2"
-solana-program = "1.6.2"
+solana-program = "1.7.4"
-spl-token = { version = "3.0", path = "../../token/program", features = [ "no-entrypoint" ] }
+spl-token = { version = "3.1", path = "../../token/program", features = [ "no-entrypoint" ] }
 thiserror = "1.0"
-uint = "0.8"
+uint = "0.9"
 arbitrary = { version = "0.4", features = ["derive"], optional = true }
-borsh = "0.8.2"
+borsh = "0.9.0"
 
 [dev-dependencies]
-solana-program-test = "1.6.2"
+solana-program-test = "1.7.4"
-solana-sdk = "1.6.2"
+solana-sdk = "1.7.4"
 
 [lib]
 crate-type = ["cdylib", "lib"]

binary-oracle-pair/program/src/processor.rs

@@ -421,7 +421,7 @@ impl Processor {
                     authority_account_info.clone(),
                     user_transfer_authority_info.clone(),
                     amount,
-                    &pool_account_info.key,
+                    pool_account_info.key,
                     pool.bump_seed,
                 )?;
 
@@ -446,7 +446,7 @@ impl Processor {
                     authority_account_info.clone(),
                     user_transfer_authority_info.clone(),
                     amount,
-                    &pool_account_info.key,
+                    pool_account_info.key,
                     pool.bump_seed,
                 )?;
 
@@ -477,7 +477,7 @@ impl Processor {
                         authority_account_info.clone(),
                         user_transfer_authority_info.clone(),
                         possible_withdraw_amount,
-                        &pool_account_info.key,
+                        pool_account_info.key,
                         pool.bump_seed,
                     )?;
 
@@ -489,7 +489,7 @@ impl Processor {
                         authority_account_info.clone(),
                         user_transfer_authority_info.clone(),
                         amount,
-                        &pool_account_info.key,
+                        pool_account_info.key,
                         pool.bump_seed,
                     )?;
 

ci/cargo-build-test.sh

@@ -14,10 +14,6 @@ set -x
 # Build all C examples
 make -C examples/c
 
-# Build/test all BPF programs
-cargo +"$rust_stable" test-bpf -- --nocapture
-rm -rf target/debug # Prevents running out of space on github action runners
-
 # Build/test all host crates
 cargo +"$rust_stable" build
 cargo +"$rust_stable" test -- --nocapture
@@ -29,13 +25,6 @@ cargo +"$rust_stable" run --manifest-path=utils/test-client/Cargo.toml
 # client_ristretto disabled because it requires RpcBanksService, which is no longer supported.
 #cargo +"$rust_stable" test --manifest-path=themis/client_ristretto/Cargo.toml -- --nocapture
 
-SWAP_PROGRAM_OWNER_FEE_ADDRESS="HfoTxFR1Tm6kGmWgYWD6J7YHVy1UwqSULUGVLXkJqaKN" \
-  cargo +"$rust_stable" build-bpf \
-    --manifest-path=token-swap/program/Cargo.toml \
-    --features production \
-    --bpf-out-dir target/deploy-production
-mv target/deploy-production/spl_token_swap.so target/deploy/spl_token_swap_production.so
-
 #  # Check generated C headers
 #  cargo run --manifest-path=utils/cgen/Cargo.toml
 #

ci/cargo-test-bpf.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+set -e
+cd "$(dirname "$0")/.."
+
+source ./ci/rust-version.sh stable
+source ./ci/solana-version.sh
+
+export RUSTFLAGS="-D warnings"
+export RUSTBACKTRACE=1
+
+usage() {
+  exitcode=0
+  if [[ -n "$1" ]]; then
+    exitcode=1
+    echo "Error: $*"
+  fi
+  echo "Usage: $0 [program-directory]"
+  exit $exitcode
+}
+
+program_directory=$1
+if [[ -z $program_directory ]]; then
+  usage "No program directory provided"
+fi
+
+set -x
+
+cd $program_directory
+run_dir=$(pwd)
+
+if [[ -d $run_dir/program ]]; then
+  # Build/test just one BPF program
+  cd $run_dir/program
+  cargo +"$rust_stable" test-bpf -- --nocapture
+else
+  # Build/test all BPF programs
+  for directory in $(ls -d $run_dir/*/); do
+    cd $directory
+    cargo +"$rust_stable" test-bpf -- --nocapture
+  done
+fi

ci/js-test-token-lending.sh

@@ -4,9 +4,10 @@ set -e
 cd "$(dirname "$0")/.."
 source ./ci/solana-version.sh install
 
+npm install --global yarn
+
 set -x
 cd token-lending/js
-npm install
+yarn install --pure-lockfile
-npm run lint
+yarn run lint
-npm run build
+yarn run build
-npm run start-with-test-validator

ci/js-test-token-swap.sh

@@ -4,13 +4,10 @@ set -ex
 cd "$(dirname "$0")/.."
 source ./ci/solana-version.sh install
 
-(cd token/js && npm install)
-
 cd token-swap/js
 npm install
 npm run lint
-npm run flow
+npm run build
-npx tsc module.d.ts
 npm run start-with-test-validator
 (cd ../../target/deploy && mv spl_token_swap_production.so spl_token_swap.so)
 SWAP_PROGRAM_OWNER_FEE_ADDRESS="HfoTxFR1Tm6kGmWgYWD6J7YHVy1UwqSULUGVLXkJqaKN" npm run start-with-test-validator

ci/rust-version.sh

@@ -18,13 +18,13 @@
 if [[ -n $RUST_STABLE_VERSION ]]; then
   stable_version="$RUST_STABLE_VERSION"
 else
-  stable_version=1.50.0
+  stable_version=1.53.0
 fi
 
 if [[ -n $RUST_NIGHTLY_VERSION ]]; then
   nightly_version="$RUST_NIGHTLY_VERSION"
 else
-  nightly_version=2021-02-18
+  nightly_version=2021-06-09
 fi
 
 

ci/solana-version.sh

@@ -14,11 +14,10 @@
 if [[ -n $SOLANA_VERSION ]]; then
   solana_version="$SOLANA_VERSION"
 else
-  solana_version=v1.5.15
+  solana_version=v1.7.3
 fi
 
 export solana_version="$solana_version"
-export solana_docker_image=solanalabs/solana:"$solana_version"
 export PATH="$HOME"/.local/share/solana/install/active_release/bin:"$PATH"
 
 if [[ -n $1 ]]; then

docs/sidebars.js

@@ -8,6 +8,7 @@ module.exports = {
       "token-lending",
       "associated-token-account",
       "memo",
+      "name-service",
       "shared-memory",
       "stake-pool",
       "feature-proposal",

docs/src/associated-token-account.md

@@ -55,7 +55,7 @@ The [get_associated_token_address](https://docs.rs/spl-associated-token-account/
 Rust function may be used by clients to derive the wallet's associated token address.
 
 
-The associated account address can be derived in Javascript with:
+The associated account address can be derived in TypeScript with:
 ```ts
 import { PublicKey } from '@solana/web3.js';
 import { TOKEN_PROGRAM_ID } from '@solana/spl-token';

docs/src/memo.md

@@ -62,7 +62,7 @@ Logging ends with the status of the instruction, one of:
 
 For more information about exposing program logs on a node, head to the
 [developer
-docs](https://docs.solana.com/developing/deployed-programs/debugging#logging)
+docs](https://docs.solana.com/developing/on-chain-programs/debugging#logging)
 
 ### Compute Limits
 

docs/src/name-service.md

@@ -0,0 +1,57 @@
+---
+title: Name Service
+---
+
+A SPL program for issuing and managing ownership of: domain names, Solana Pubkeys, URLs, Twitter handles, ipfs cid's etc..
+
+This program could be used for dns, pubkey etc lookups via a browser extension
+for example, the goal is to create an easy way to identify Solana public keys
+with various links.
+
+Broader use cases are also imaginable.
+
+Key points:
+- A Name is a string that maps to a record (program derived account) which can hold data.
+- Each name is of a certain class and has a certain owner, both are identified
+  by their pubkeys. The class of a name needs to sign the issuance of it.
+- A name can have a parent name that is identified by the address of its record.
+  The owner of the parent name (when it exists) needs to sign the issuance of
+  the child name.
+- The data of a name registry is controlled by the class keypair or, when it is
+  set to `Pubkey::default()`, by the name owner keypair.
+- Only the owner can delete a name registry.
+
+
+Remarks and use cases:
+- Domain name declarations: One could arbitrarily set-up a class that we can call
+  Top-Level-Domain names. Names in this class can only be issued with the
+  permission of the class keypair, ie the administrator, who can enforce that
+  TLD names are of the type `".something"`. From then on one could create and
+  own the TLD `".sol"` and create a class of ".sol" sub-domains, administrating
+  the issuance of the `"something.sol"` sub-domains that way (by setting the
+  parent name to the address of the `".sol"` registry).
+
+An off-chain browser extension could then, similarly to DNS, parse the user SPL
+name service URL input and descend the chain of names, verifying that the names
+exist with the correct parenthood, and finally use the data of the last child
+name (or also a combination of the parents data) in order to resolve this call
+towards a real DNS URL or any kind of data.
+
+Although the ownership and class system makes the administration a given class
+centralized, the creation of new classes is permissionless and as a class owner
+any kind of decentralized governance signing program could be used.
+
+- Twitter handles can be added as names of one specific name class. The class
+  authority of will therefore hold the right to add a Twitter handle name. This
+  enables the verification of Twitter accounts for example by asking the user to
+  tweet his pubkey or a signed message. A bot that holds the private issuing
+  authority key can then sign the Create instruction (with a metadata_authority
+  that is the tweeted pubkey) and send it back to the user who will then submit
+  it to the program.
+In this case the class will still be able to control the data of the name registry, and not the user for example.
+
+Therefore, another way of using this program would be to create a name
+(`"verified-twitter-handles"` for example) with the `Pubkey::default()` class
+and with the owner being the authority. That way verified Twitter names could be
+issued as child names of this parent by the owner, leaving the user as being
+able to modify the data of his Twitter name registry.

docs/src/stake-pool.md

@@ -3,7 +3,7 @@ title: Stake Pool Program
 ---
 
 A program for pooling together SOL to be staked by an off-chain agent running
-a Delegation bot which redistributes the stakes across the network and tries
+a Delegation Bot which redistributes the stakes across the network and tries
 to maximize censorship resistance and rewards.
 
 ## Overview
@@ -14,7 +14,7 @@ inflation rate, total number of SOL staked on the network, and an individual
 validator’s uptime and commission (fee).
 
 Stake pools are an alternative method of earning staking rewards. This on-chain
-program pools together SOL to be staked by a manager, allowing SOL holders to
+program pools together SOL to be staked by a staker, allowing SOL holders to
 stake and earn rewards without managing stakes.
 
 Additional information regarding staking and stake programming is available at:
@@ -24,16 +24,18 @@ Additional information regarding staking and stake programming is available at:
 
 ## Motivation
 
-This document is intended for stake pool managers who want to create or manage
+This document is intended for the main actors of the stake pool system:
-stake pools, and users who want to provide staked SOL into an existing stake
+
-pool.
+* manager: creates and manages the stake pool, earns fees, can update the fee, staker, and manager
+* staker: adds and removes validators to the pool, rebalances stake among validators
+* user: provides staked SOL into an existing stake pool
 
 In its current iteration, the stake pool only processes totally active stakes.
 Deposits must come from fully active stakes, and withdrawals return a fully
 active stake account.
 
-This means that stake pool managers and users must be comfortable with creating
+This means that stake pool managers, stakers, and users must be comfortable with
-and delegating stakes, which are more advanced operations than sending and
+creating and delegating stakes, which are more advanced operations than sending and
 receiving SPL tokens and SOL. Additional information on stake operations are
 available at:
 
@@ -46,27 +48,28 @@ like [Token Swap](token-swap.md).
 
 ## Operation
 
-A stake pool manager creates a stake pool and includes validators that will
+A stake pool manager creates a stake pool, and the staker includes validators that will
 receive delegations from the pool by creating "validator stake accounts" and
 activating a delegation on them. Once a validator stake account's delegation is
-active, the stake pool manager adds it to the stake pool.
+active, the staker adds it to the stake pool.
 
 At this point, users can participate with deposits. They must delegate a stake
 account to the one of the validators in the stake pool. Once it's active, the
 user can deposit their stake into the pool in exchange for SPL staking derivatives
-representing their fractional ownership in pool. A percentage of the user's
+representing their fractional ownership in pool. A percentage of the rewards
-deposit goes to the pool manager as a fee.
+earned by the pool goes to the pool manager as a fee.
 
-Over time, as the stake pool accrues staking rewards, the user's fractional
+Over time, as the stakes in the stake pool accrue staking rewards, the user's fractional
 ownership will be worth more than their initial deposit. Whenever the user chooses,
 they can withdraw their SPL staking derivatives in exchange for an activated stake.
 
-The stake pool manager can add and remove validators, or rebalance the pool by
+The stake pool staker can add and remove validators, or rebalance the pool by
-withdrawing stakes from the pool, deactivating them, reactivating them on another
+decreasing the stake on a validator, waiting an epoch to move it into the stake
-validator, then depositing back into the pool.
+pool's reserve account, then increasing the stake on another validator.
 
-These manager operations require SPL staking derivatives and staked SOL, so the
+The staker operation to add a new validator requires roughly 1.003 SOL to create
-stake pool manager will need liquidity on hand to properly manage the pool.
+the stake account on a validator, so the stake pool staker will need liquidity
+on hand to fully manage the pool stakes.
 
 ## Background
 
@@ -112,7 +115,7 @@ Keypair Path: ${HOME}/.config/solana/id.json
 
 See [Solana clusters](https://docs.solana.com/clusters) for cluster-specific RPC URLs
 ```sh
-solana config set --url https://devnet.solana.com
+solana config set --url https://api.devnet.solana.com
 ```
 
 #### Default Keypair
@@ -130,32 +133,111 @@ Hardware Wallet URL (See [URL spec](https://docs.solana.com/wallet-guide/hardwar
 solana config set --keypair usb://ledger/
 ```
 
-### Stake Pool Administrator Examples
+#### Run Locally
+
+If you would like to test a stake pool locally without having to wait for stakes
+to activate and deactivate, you can run the stake pool locally using the
+`solana-test-validator` tool with shorter epochs, and pulling the current program
+from devnet, testnet, or mainnet.
+
+```sh
+$ solana-test-validator -c poo1B9L9nR3CrcaziKVYVpRX6A9Y1LAXYasjjfCbApj -c 5TfMPP2zwrXWTUvkg5AG54QWpEkwjeBUhpP7x99kkvEj --url devnet --slots-per-epoch 32
+$ solana config set --url http://127.0.0.1:8899
+```
+
+### Stake Pool Manager Examples
 
 #### Create a stake pool
 
-The pool administrator manages the stake accounts in a stake pool, and in exchange
+The stake pool manager controls the stake pool from a high level, and in exchange
-receives a fee in the form of SPL token staking derivatives. The administrator
+receives a fee in the form of SPL token staking derivatives. The manager
-sets the fee on creation. Let's create a pool with a 3% fee:
+sets the fee on creation. Let's create a pool with a 3% fee and a maximum of 1000
+validator stake accounts:
 
 ```sh
-$ spl-stake-pool create-pool --fee-numerator 3 --fee-denominator 100
+$ spl-stake-pool create-pool --fee-numerator 3 --fee-denominator 100 --max-validators 1000
-Creating mint Gmk71cM7j2RMorRsQrsyysM4HsByQx5PuDGtDdqGLWCS
+Creating reserve stake 33Hg3bvYrAwfqCzTMjAWZNAWC6H96qJNEdzGamfFjG4J
-Creating pool fee collection account 3xvXPfQi2SaTkqPV9A7BQwh4GyTe2ZPasfoaCBCnTAJ5
+Creating mint D5yiK1tE1yAXBnrV9ZrSUJCw8WiQctZ8ekbv1U6ATVZ
-Creating stake pool 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC
+Creating pool fee collection account 5gpuSdutGY98KKbgmR5CfLK7toFcQD69JzKDwseegzXE
-Signature: 5HdDoPssqwyLjt2QvhRbnSATZqFLGKha92zMuJiBUpKeKYKGURRV41N5ydCQxqnFjCud3xv85Z6ghErppNJzaYM8
+Signature: 2dvCtHMcqxibckhvVgFQeFCRb7VcHbuFLRf71Aqd9PtzFzdbG3gAkNpxYznfpKDx2vTRrVtwW81sZAx5U3Frb5Uu
+Creating stake pool EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1
+Signature: 2kYDVyJp8FVrLmEZyW9ivMYcXEsgWm4hFyhp5omxVtonjhYG6WS1S85sPTCdsQWe3idof6ZqsY8F3oaMXwrEkAYK
 ```
 
-The unique stake pool identifier is `3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC`.
+The unique stake pool identifier is `EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1`.
 
 The identifier for the SPL token for staking derivatives is
-`Gmk71cM7j2RMorRsQrsyysM4HsByQx5PuDGtDdqGLWCS`. The stake pool has full control
+`D5yiK1tE1yAXBnrV9ZrSUJCw8WiQctZ8ekbv1U6ATVZ`. The stake pool has full control
 over the mint.
 
 The pool creator's fee account identifier is
-`3xvXPfQi2SaTkqPV9A7BQwh4GyTe2ZPasfoaCBCnTAJ5`. When users deposit warmed up
+`5gpuSdutGY98KKbgmR5CfLK7toFcQD69JzKDwseegzXE`. Every epoch, as stake accounts
-stake accounts into the stake pool, the program will transfer 3% of their
+in the stake pool earn rewards, the program will mint SPL token staking derivatives
-contribution into this account in the form of SPL token staking derivatives.
+equal to 3% of the gains on that epoch into this account. If no gains were observed,
+nothing will be deposited.
+
+The reserve stake account identifier is `33Hg3bvYrAwfqCzTMjAWZNAWC6H96qJNEdzGamfFjG4J`.
+This account holds onto additional stake used when rebalancing between validators.
+
+For a stake pool with 1000 validators, the cost to create a stake pool is less
+than 0.5 SOL.
+
+#### Set manager
+
+The stake pool manager may pass their administrator privileges to another account.
+
+```sh
+$ spl-stake-pool set-manager EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 --new-manager 4SnSuUtJGKvk2GYpBwmEsWG53zTurVM8yXGsoiZQyMJn
+Signature: 39N5gkaqXuWm6JPEUWfenKXeG4nSa71p7iHb9zurvdZcsWmbjdmSXwLVYfhAVHWucTY77sJ8SkUNpVpVAhe4eZ53
+```
+
+At the same time, they may also change the SPL token account that receives fees
+every epoch. The mint for the provided token account must be the SPL token mint,
+`D5yiK1tE1yAXBnrV9ZrSUJCw8WiQctZ8ekbv1U6ATVZ` in our example.
+
+```sh
+$ spl-stake-pool set-manager EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 --new-fee-receiver HoCsh97wRxRXVjtG7dyfsXSwH9VxdDzC7GvAsBE1eqJz
+Signature: 4aK8yzYvPBkP4PyuXTcCm529kjEH6tTt4ixc5D5ZyCrHwc4pvxAHj6wcr4cpAE1e3LddE87J1GLD466aiifcXoAY
+```
+
+#### Set fee
+
+The stake pool manager may update the fee assessed every epoch, passing the
+numerator and denominator for the fraction that make up the fee. For a fee of
+10%, they could run:
+
+```sh
+$ spl-stake-pool set-fee EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 10 100
+Signature: 5yPXfVj5cbKBfZiEVi2UR5bXzVDuc2c3ruBwSjkAqpvxPHigwGHiS1mXQVE4qwok5moMWT5RNYAMvkE9bnfQ1i93
+```
+
+In order to protect stake pool depositors from malicious managers, the program
+applies the new fee for the following epoch. For example, if the fee is 1% at
+epoch 100, and the manager sets it to 10%, the manager will still gain 1% for
+the rewards earned during epoch 100. Starting with epoch 101, the manager will
+earn 10%.
+
+#### Set staker
+
+In order to manage the stake accounts, the stake pool manager or
+staker can set the staker authority of the stake pool's managed accounts.
+
+```sh
+$ spl-stake-pool set-staker EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 4SnSuUtJGKvk2GYpBwmEsWG53zTurVM8yXGsoiZQyMJn
+Signature: 39N5gkaqXuWm6JPEUWfenKXeG4nSa71p7iHb9zurvdZcsWmbjdmSXwLVYfhAVHWucTY77sJ8SkUNpVpVAhe4eZ53
+```
+
+Now, the new staker can perform any normal stake pool operations, including
+adding and removing validators and rebalancing stake.
+
+Important security note: the stake pool program only gives staking authority to
+the pool staker and always retains withdraw authority. Therefore, a malicious
+stake pool staker cannot steal funds from the stake pool.
+
+Note: to avoid "disturbing the manager", the staker can also reassign their stake
+authority.
+
+### Stake Pool Staker Examples
 
 #### Create a validator stake account
 
@@ -170,7 +252,7 @@ lists, we choose some validators at random and start with identity
 delegated to that vote account.
 
 ```sh
-$ spl-stake-pool create-validator-stake 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC 2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3
+$ spl-stake-pool create-validator-stake EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3
 Creating stake account FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN
 Signature: 4pA2WKT6d2wkXEtSpiQswv22WyoFad2KX6FdPEzwBiEquvaUBEtzenys5Jh1ABPCh7yc4w8kzqMRRCwDj6ZSUV1K
 ```
@@ -179,13 +261,13 @@ In order to maximize censorship resistance, we want to distribute our SOL to as
 many validators as possible, so let's add a few more.
 
 ```sh
-$ spl-stake-pool create-validator-stake 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC HJiC8iJ4Sj846SswQuauFJK93UvV6zp3c2T6jzGqzhhz
+$ spl-stake-pool create-validator-stake EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 HJiC8iJ4Sj846SswQuauFJK93UvV6zp3c2T6jzGqzhhz
 Creating stake account E5KBATUd21Dnjnh5sGFw5ngp9kdVXCcAAYMRe2WsVXie
 Signature: 4pyRZzjsWG7jP3GRZeZCo2Eb2TPjHM4kAYRFMivimme6HAee1nhzoNJBe3VSt2sv7acp5fwT7J8omBM8o3niY8gu
-$ spl-stake-pool create-validator-stake 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC AUCzCaGAGjL3uyjFBtJs7KuJcgQWvNZu1Z2S9G3pw77G
+$ spl-stake-pool create-validator-stake EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 AUCzCaGAGjL3uyjFBtJs7KuJcgQWvNZu1Z2S9G3pw77G
 Creating stake account CrStLEWfme37kDc3nubK9HsmWR5dsuVUuqEKqTR4Mc5E
 Signature: 4ZUdZzUARgUCPuY8nVsJbN6vRDbVX8sYAQGYYXj2YVvjoJ2oevq2H8uzrhYApe419uoP7QYukqNstiti5p5DDukN
-$ spl-stake-pool create-validator-stake 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC 8r1f8mwrUiYdg2Rx9sxTh4M3UAUcCBBrmRA3nxk3Z6Lm
+$ spl-stake-pool create-validator-stake EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 8r1f8mwrUiYdg2Rx9sxTh4M3UAUcCBBrmRA3nxk3Z6Lm
 Creating stake account FhFft7ArhZZkh6q4ir1JZMYFgXdH6wkT5M5nmDDb1Q13
 Signature: yQqXCbuA66wQsHtkziNg3XadfZF5aCmvjfentwbZJnSPeEjJwPka3M1QY5GmR1efprptqaePn71BTMSLscX8DLr
 ```
@@ -235,22 +317,21 @@ We created new validator stake accounts in the last step and staked them. Once
 the stake activates, we can add them to the stake pool.
 
 ```sh
-$ spl-stake-pool add-validator 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN
+$ spl-stake-pool add-validator EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3
-Creating account to receive tokens Gu8xqzYFg2sPHWHhUivKNBeF9uikiauihLs9hLzziKu7
 Signature: 3N1K89rGV9gWueTTrPGTDBwKAp8BikQhKHMFoREw98Q1piXFeZSSxqfnRQexrfAZQfrpYH9qwsaPWRruwkVeBivV
 ```
 
 Users can start depositing their activated stakes into the stake pool, as
 long as they are delegated to the same vote account, which was
-`FhFft7ArhZZkh6q4ir1JZMYFgXdH6wkT5M5nmDDb1Q13` in this example.  You can also
+`FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN` in this example.  You can also
 double-check that at any time using the Solana command-line utility.
 
 ```sh
 $ solana stake-account FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN
 Balance: 0.002282881 SOL
 Rent Exempt Reserve: 0.00228288 SOL
-Delegated Stake: 0.000000001 SOL
+Delegated Stake: 1.000000000 SOL
-Active Stake: 0.000000001 SOL
+Active Stake: 1.000000000 SOL
 Activating Stake: 0 SOL
 Stake activates starting from epoch: 161
 Delegated Vote Account Address: 2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3
@@ -260,26 +341,31 @@ Withdraw Authority: 4SnSuUtJGKvk2GYpBwmEsWG53zTurVM8yXGsoiZQyMJn
 
 #### Remove validator stake account
 
-If the stake pool manager wants to stop delegating to a vote account, they can
+If the stake pool staker wants to stop delegating to a vote account, they can
-totally remove the validator stake account from the stake pool by providing
+totally remove the validator stake account from the stake pool.
-staking derivatives, just like `withdraw`.
 
 ```sh
-$ spl-stake-pool remove-validator 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC CrStLEWfme37kDc3nubK9HsmWR5dsuVUuqEKqTR4Mc5E --withdraw-from 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF
+$ spl-stake-pool remove-validator EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 AUCzCaGAGjL3uyjFBtJs7KuJcgQWvNZu1Z2S9G3pw77G
 Signature: 5rrQ3xhDWyiPkUTAQkNAeq31n6sMf1xsg2x9hVY8Vj1NonwBnhxuTv87nADLkwC8Xzc4CGTNCTX2Vph9esWnXk2d
 ```
 
 The difference with `withdraw` is that the validator stake account is totally
-removed from the stake pool and now belongs to the administrator.
+removed from the stake pool and now belongs to the administrator. The authority
+for the withdrawn stake account can also be specified using the `--new-authority` flag:
+
+```sh
+$ spl-stake-pool remove-validator EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 AUCzCaGAGjL3uyjFBtJs7KuJcgQWvNZu1Z2S9G3pw77G --new-authority 4SnSuUtJGKvk2GYpBwmEsWG53zTurVM8yXGsoiZQyMJn
+Signature: 5rrQ3xhDWyiPkUTAQkNAeq31n6sMf1xsg2x9hVY8Vj1NonwBnhxuTv87nADLkwC8Xzc4CGTNCTX2Vph9esWnXk2d
+```
 
 We can check the removed stake account:
 
 ```sh
 $ solana stake-account CrStLEWfme37kDc3nubK9HsmWR5dsuVUuqEKqTR4Mc5E
-Balance: 1.002282881 SOL
+Balance: 1.002282880 SOL
 Rent Exempt Reserve: 0.00228288 SOL
-Delegated Stake: 1.000000001 SOL
+Delegated Stake: 1.000000000 SOL
-Active Stake: 1.000000001 SOL
+Active Stake: 1.000000000 SOL
 Delegated Vote Account Address: AUCzCaGAGjL3uyjFBtJs7KuJcgQWvNZu1Z2S9G3pw77G
 Stake Authority: 4SnSuUtJGKvk2GYpBwmEsWG53zTurVM8yXGsoiZQyMJn
 Withdraw Authority: 4SnSuUtJGKvk2GYpBwmEsWG53zTurVM8yXGsoiZQyMJn
@@ -291,7 +377,7 @@ removal of staked SOL from the pool.
 We can also double-check that the stake pool no longer shows the stake account:
 
 ```sh
-$ spl-stake-pool list 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC
+$ spl-stake-pool list EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1
 Pubkey: FhFft7ArhZZkh6q4ir1JZMYFgXdH6wkT5M5nmDDb1Q13    Vote: 8r1f8mwrUiYdg2Rx9sxTh4M3UAUcCBBrmRA3nxk3Z6Lm ◎1.002282881
 Pubkey: FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN    Vote: 2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3 ◎3.410872673
 Pubkey: E5KBATUd21Dnjnh5sGFw5ngp9kdVXCcAAYMRe2WsVXie    Vote: HJiC8iJ4Sj846SswQuauFJK93UvV6zp3c2T6jzGqzhhz ◎11.436803652
@@ -300,14 +386,14 @@ Total: ◎15.849959206
 
 #### Rebalance the stake pool
 
-As time goes on, deposits and withdrawals will happen to all of the stake accounts
+As time goes on, users will deposit to and withdraw from all of the stake accounts
-managed by the pool, and the stake pool manager may want to rebalance the stakes.
+managed by the pool, and the stake pool staker may want to rebalance the stakes.
 
-For example, let's say the manager wants the same delegation to every validator
+For example, let's say the staker wants the same delegation to every validator
 in the pool. When they look at the state of the pool, they see:
 
 ```sh
-$ spl-stake-pool list 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC
+$ spl-stake-pool list EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1
 Pubkey: FhFft7ArhZZkh6q4ir1JZMYFgXdH6wkT5M5nmDDb1Q13    Vote: 8r1f8mwrUiYdg2Rx9sxTh4M3UAUcCBBrmRA3nxk3Z6Lm ◎1.002282881
 Pubkey: FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN    Vote: 2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3 ◎3.410872673
 Pubkey: E5KBATUd21Dnjnh5sGFw5ngp9kdVXCcAAYMRe2WsVXie    Vote: HJiC8iJ4Sj846SswQuauFJK93UvV6zp3c2T6jzGqzhhz ◎11.436803652
@@ -315,75 +401,63 @@ Total: ◎15.849959206
 ```
 
 This isn't great! The last stake account, `E5KBATUd21Dnjnh5sGFw5ngp9kdVXCcAAYMRe2WsVXie`
-has too much allocated. For their strategy, the manager wants the `15.849959206`
+has too much allocated. For their strategy, the staker wants the `15.849959206`
 SOL to be distributed evenly, meaning around `5.283319735` in each account. They need
 to move `4.281036854` to `FhFft7ArhZZkh6q4ir1JZMYFgXdH6wkT5M5nmDDb1Q13` and
 `1.872447062` to `FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN`.
 
-First, they need to withdraw a total of `6.153483916` from
+##### Decrease validator stake
-`E5KBATUd21Dnjnh5sGFw5ngp9kdVXCcAAYMRe2WsVXie`. Using the `spl-token` utility,
+
-let's check the total supply of pool tokens:
+First, they need to decrease the amount on stake account
+`E5KBATUd21Dnjnh5sGFw5ngp9kdVXCcAAYMRe2WsVXie`, delegated to
+`HJiC8iJ4Sj846SswQuauFJK93UvV6zp3c2T6jzGqzhhz`, by total of `6.153483916` SOL.
+
+They decrease that amount of SOL:
 
 ```sh
-$ spl-token supply Gmk71cM7j2RMorRsQrsyysM4HsByQx5PuDGtDdqGLWCS
+$ spl-stake-pool decrease-validator-stake EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 HJiC8iJ4Sj846SswQuauFJK93UvV6zp3c2T6jzGqzhhz 6.153483916
-0.034692168
+Signature: ZpQGwT85rJ8Y9afdkXhKo3TVv4xgTz741mmZj2vW7mihYseAkFsazWxza2y8eNGY4HDJm15c1cStwyiQzaM3RpH
 ```
 
-Given a total pool token supply of `0.034692168` and total staked SOL amount of
+Internally, this instruction splits and deactivates 6.153483916 SOL from the
-`15.849959206`, let's calculate how many pool tokens to withdraw from the pool:
+validator stake account `E5KBATUd21Dnjnh5sGFw5ngp9kdVXCcAAYMRe2WsVXie` into a
+transient stake account, owned and managed entirely by the stake pool.
 
-```
+Once the stake is deactivated during the next epoch, the `update` command will
-sol_to_withdraw * total_pool_tokens / total_sol_staked = pool_tokens_to_withdraw
+automatically merge the transient stake account into a reserve stake account,
-6.153483916 * 0.034692168 / 15.849959206 ~ 0.013468659
+also entirely owned and managed by the stake pool.
-```
 
-They withdraw that amount of pool tokens:
+##### Increase validator stake
+
+Now that the reserve stake account has enough to perform the rebalance, the staker
+can increase the stake on the two other validators,
+`8r1f8mwrUiYdg2Rx9sxTh4M3UAUcCBBrmRA3nxk3Z6Lm` and
+`2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3`.
+
+They add 4.281036854 SOL to `8r1f8mwrUiYdg2Rx9sxTh4M3UAUcCBBrmRA3nxk3Z6Lm`:
 
 ```sh
-$ spl-stake-pool withdraw 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC --amount 0.013468659 --withdraw-from 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF
+$ spl-stake-pool increase-validator-stake EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 8r1f8mwrUiYdg2Rx9sxTh4M3UAUcCBBrmRA3nxk3Z6Lm 4.281036854
-Withdrawing from account E5KBATUd21Dnjnh5sGFw5ngp9kdVXCcAAYMRe2WsVXie, amount ◎6.153483855, 0.013468659 pool tokens
+Signature: 3GJACzjUGLPjcd9RLUW86AfBLWKapZRkxnEMc2yHT6erYtcKBgCapzyrVH6VN8Utxj7e2mtvzcigwLm6ZafXyTMw
-Creating account to receive stake 8ykyY7maA9HUfUphZHBkhsnydY5gFfyHFSfxCA7imqrk
-Signature: z8a5ZRfWdj8Fcsr3ttCJ731wFKyhZNcqoKEdV1RBCkzr3tHGQNCC56qvRVJ6oxyCVDqWZ3KL1Bkyn3sDpjYPDku
 ```
 
-Because of rounding in the calculation a few lines above, it looks like we receive
+And they add 1.872447062 SOL to `2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3`:
-less than we should.  If we play that back the other way, we'll see that all is well:
-
-```
-pool_tokens_to_withdraw * total_sol_staked / total_pool_tokens = sol_to_withdraw
-0.013468659 * 15.849959206 / 0.034692168 ~ 6.153483855
-```
-
-Next, they deactivate the new received stake:
 
 ```sh
-$ solana deactivate-stake 8ykyY7maA9HUfUphZHBkhsnydY5gFfyHFSfxCA7imqrk
+$ spl-stake-pool increase-validator-stake EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3 1.872447062
-Signature: 4SuwZK5JvYkYVkM5yfu2x8x6iou6558teMwzphGECLmstMVoWbSvngUH48Ra24PrxtgUDyVDA8SXYS1qMyx3fjMj
+Signature: 4zaKYu3MQ3as8reLbuHKaXN8FNaHvpHuiZtsJeARo67UKMo6wUUoWE88Fy8N4EYQYicuwULTNffcUD3a9jY88PoU
 ```
 
-Once the stake is deactivated during the next epoch, they split the stake
+Internally, this instruction also uses transient stake accounts.  This time, the
-and activate it on the other two validator vote accounts. For brevity, those
+stake pool splits from the reserve stake, into the transient stake account,
-commands are omitted.
+then activates it to the appropriate validator.
 
-Eventually, we are left with stake account `4zppED2kFodUS2hBf8Fzeepu6yZ6QuyeNPBXCT9VU6fK`
+One to two epochs later, once the transient stakes activate, the `update` command
-with `4.281036854` delegated to `8r1f8mwrUiYdg2Rx9sxTh4M3UAUcCBBrmRA3nxk3Z6Lm`
+automatically merges the transient stakes into the validator stake account, leaving
-and stake account `GCJnuFGCDzaToPwJtG5GiK4g3DJBfuhQy6388NyGcfwf` with `1.872447062`
+a fully rebalanced stake pool:
-delegated to `2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3`.
-
-Once the new stakes are ready, the manager deposits them back into the stake pool:
-```sh
-$ spl-stake-pool deposit 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC GCJnuFGCDzaToPwJtG5GiK4g3DJBfuhQy6388NyGcfwf --token-receiver 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF
-Depositing into stake account FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN
-Signature: jKsdEr3zxF2zZs78rmrP3PmQiTwE7v15ieEuxp4db1VQe9owXVGM8nM3dJqVRHXPsS4frQW4gJ6xBfTTk2HvKDX
-$ spl-stake-pool deposit 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC 4zppED2kFodUS2hBf8Fzeepu6yZ6QuyeNPBXCT9VU6fK --token-receiver 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF
-Depositing into stake account FhFft7ArhZZkh6q4ir1JZMYFgXdH6wkT5M5nmDDb1Q13
-Signature: 3JXvTvea6F4Epd2krSxnTRZPB4gLZ8GqisFE58Z4ocV92fDN1HRMVPoPhJtYcfuF12vyQZUueKwVmkvL6Wgf2evc
-```
-
-Leaving them with a rebalanced stake pool!
 
 ```sh
-$ spl-stake-pool list 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC
+$ spl-stake-pool list EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1
 Pubkey: FhFft7ArhZZkh6q4ir1JZMYFgXdH6wkT5M5nmDDb1Q13    Vote: 8r1f8mwrUiYdg2Rx9sxTh4M3UAUcCBBrmRA3nxk3Z6Lm ◎5.283340235
 Pubkey: FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN    Vote: 2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3 ◎5.283612231
 Pubkey: E5KBATUd21Dnjnh5sGFw5ngp9kdVXCcAAYMRe2WsVXie    Vote: HJiC8iJ4Sj846SswQuauFJK93UvV6zp3c2T6jzGqzhhz ◎5.284317422
@@ -391,33 +465,7 @@ Total: ◎15.851269888
 ```
 
 Due to staking rewards that accrued during the rebalancing process, the pool is
-not prefectly balanced. This is completely normal.
+not perfectly balanced. This is completely normal.
-
-#### Set staking authority
-
-In order to manage the stake accounts more directly, the stake pool owner can
-set the stake authority of the stake pool's managed accounts.
-
-```sh
-$ spl-stake-pool set-staking-auth 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC --stake-account FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN --new-staker 4SnSuUtJGKvk2GYpBwmEsWG53zTurVM8yXGsoiZQyMJn
-Signature: 39N5gkaqXuWm6JPEUWfenKXeG4nSa71p7iHb9zurvdZcsWmbjdmSXwLVYfhAVHWucTY77sJ8SkUNpVpVAhe4eZ53
-```
-
-Now, the new staking authority can perform any normal staking operations,
-including deactivating or re-staking.
-
-Important security note: the stake pool program only gives staking authority to
-the pool owner and always retains withdraw authority. Therefore, a malicious
-stake pool manager cannot steal funds from the stake pool.
-
-#### Set owner
-
-The stake pool owner may pass their administrator privileges to another account.
-
-```sh
-$ spl-stake-pool 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC --new-owner 4SnSuUtJGKvk2GYpBwmEsWG53zTurVM8yXGsoiZQyMJn
-Signature: 39N5gkaqXuWm6JPEUWfenKXeG4nSa71p7iHb9zurvdZcsWmbjdmSXwLVYfhAVHWucTY77sJ8SkUNpVpVAhe4eZ53
-```
 
 ### User Examples
 
@@ -429,7 +477,7 @@ command-line utility has a special instruction for finding out which vote
 accounts are already associated with the stake pool.
 
 ```sh
-$ spl-stake-pool list 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC
+$ spl-stake-pool list EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1
 CrStLEWfme37kDc3nubK9HsmWR5dsuVUuqEKqTR4Mc5E    1.002282880 SOL
 E5KBATUd21Dnjnh5sGFw5ngp9kdVXCcAAYMRe2WsVXie    1.002282880 SOL
 FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN    1.002282880 SOL
@@ -441,13 +489,13 @@ If the manager has recently created the stake pool, and there are no stake
 accounts present yet, the command-line utility will inform us.
 
 ```sh
-$ spl-stake-pool list 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC
+$ spl-stake-pool list EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1
 No accounts found.
 ```
 
 #### Deposit stake
 
-Stake pools only accept deposits from fully staked accounts, so we must first
+Stake pools only accept deposits from active accounts, so we must first
 create stake accounts and delegate them to one of the validators managed by the
 stake pool. Using the `list` command from the previous section, we see that
 `2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3` is a valid vote account, so let's
@@ -473,17 +521,19 @@ Two epochs later, when the stake is fully active and has received one epoch of
 rewards, we can deposit the stake into the stake pool.
 
 ```sh
-$ spl-stake-pool deposit 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC 4F4AYKZbNtDnu7uQey2Vkz9VgkVtLE6XWLezYjc9yxZa
+$ spl-stake-pool deposit EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 4F4AYKZbNtDnu7uQey2Vkz9VgkVtLE6XWLezYjc9yxZa
 Depositing into stake account FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN
 Creating account to receive tokens 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF
 Signature: 4AESGZzqBVfj5xQnMiPWAwzJnAtQDRFK1Ha6jqKKTs46Zm5fw3LqgU1mRAT6CKTywVfFMHZCLm1hcQNScSMwVvjQ
 ```
 
+The CLI will default to using the fee payer's
+[Associated Token Account](associated-token-account.md) for stake pool tokens.
 Alternatively, you can create an SPL token account yourself and pass it as the
 `token-receiver` for the command.
 
 ```sh
-$ spl-stake-pool deposit 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC 4F4AYKZbNtDnu7uQey2Vkz9VgkVtLE6XWLezYjc9yxZa --token-receiver 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF
+$ spl-stake-pool deposit EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 4F4AYKZbNtDnu7uQey2Vkz9VgkVtLE6XWLezYjc9yxZa --token-receiver 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF
 Depositing into stake account FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN
 Signature: 4AESGZzqBVfj5xQnMiPWAwzJnAtQDRFK1Ha6jqKKTs46Zm5fw3LqgU1mRAT6CKTywVfFMHZCLm1hcQNScSMwVvjQ
 ```
@@ -505,7 +555,8 @@ In order to calculate the proper value of these stake pool tokens, we must updat
 the total value managed by the stake pool every epoch.
 
 ```sh
-$ spl-stake-pool update 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC
+$ spl-stake-pool update EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1
+Updating stake pool...
 Signature: 3Yx1RH3Afqj5ckX8YvPCRt1DudVP4HuRPkh1dBPvTM9GqGxcB9ZXHGZPADVSZiaqKi166fevMG232EWxrRWswPtt
 ```
 
@@ -513,13 +564,33 @@ If another user already updated the stake pool balance for the current epoch, we
 see a different output.
 
 ```sh
-$ spl-stake-pool update 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC
+$ spl-stake-pool update EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1
-Stake pool balances are up to date, no update required.
+Update not required
 ```
 
 If no one updates the stake pool in the current epoch, the deposit and withdraw
 instructions will fail. The update instruction is permissionless, so any user
-can run it before depositing or withdrawing.
+can run it before depositing or withdrawing. As a convenience, the CLI attempts
+to update before running any instruction on the stake pool.
+
+If the stake pool transient stakes are in an unexpected state, and merges are
+not possible, there is the option to only update the stake pool balances without
+performing merges using the `--no-merge` flag.
+
+```sh
+$ spl-stake-pool update EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 --no-merge
+Updating stake pool...
+Signature: 3Yx1RH3Afqj5ckX8YvPCRt1DudVP4HuRPkh1dBPvTM9GqGxcB9ZXHGZPADVSZiaqKi166fevMG232EWxrRWswPtt
+```
+
+Later on, whenever the transient stakes are ready to be merged, it is possible to
+force another update in the same epoch using the `--force` flag.
+
+```sh
+$ spl-stake-pool update EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 --force
+Updating stake pool...
+Signature: 3Yx1RH3Afqj5ckX8YvPCRt1DudVP4HuRPkh1dBPvTM9GqGxcB9ZXHGZPADVSZiaqKi166fevMG232EWxrRWswPtt
+```
 
 #### Withdraw stake
 
@@ -529,7 +600,7 @@ staking derivative SPL tokens in exchange for an activated stake account.
 Let's withdraw 0.02 staking derivative tokens from the stake pool.
 
 ```sh
-$ spl-stake-pool withdraw 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC --amount 0.02 --withdraw-from 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF
+$ spl-stake-pool withdraw EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 0.02
 Withdrawing from account FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN, amount 8.867176377 SOL, 0.02 pool tokens
 Creating account to receive stake CZF2z3JJoDmJRcVjtsrz1BKUUGNL3VPW5FPFqge1bzmQ
 Signature: 2xBPVPJ749AE4hHNCNYdjuHv1EdMvxm9uvvraWfTA7Urrvecwh9w64URCyLLroLQ2RKDGE2QELM2ZHd8qRkjavJM
@@ -550,15 +621,58 @@ Stake Authority: 4SnSuUtJGKvk2GYpBwmEsWG53zTurVM8yXGsoiZQyMJn
 Withdraw Authority: 4SnSuUtJGKvk2GYpBwmEsWG53zTurVM8yXGsoiZQyMJn
 ```
 
-Alternatively, the user can specify an existing stake account to receive their
+Alternatively, the user can specify an existing uninitialized stake account to
-stake using the `stake-receiver` parameter.
+receive their stake using the `--stake-receiver` parameter.
 
 ```sh
-$ spl-stake-pool withdraw 3CLwo9CntMi4D1enHEFBe3pRJQzGJBCAYe66xFuEbmhC  --amount 0.02 --withdraw-from 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF --stake-receiver CZF2z3JJoDmJRcVjtsrz1BKUUGNL3VPW5FPFqge1bzmQ
+$ spl-stake-pool withdraw EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1  --amount 0.02 --withdraw-from 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF --stake-receiver CZF2z3JJoDmJRcVjtsrz1BKUUGNL3VPW5FPFqge1bzmQ
 Withdrawing from account FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN, amount 8.867176377 SOL, 0.02 pool tokens
 Signature: 2xBPVPJ749AE4hHNCNYdjuHv1EdMvxm9uvvraWfTA7Urrvecwh9w64URCyLLroLQ2RKDGE2QELM2ZHd8qRkjavJM
 ```
 
+By default, the withdraw command uses the fee payer's associated token account to
+source the derivative tokens. It's possible to specify the SPL token account using
+the `--pool-account` flag.
+
+```sh
+$ spl-stake-pool withdraw EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 0.02 --pool-account 34XMHa3JUPv46ftU4dGHvemZ9oKVjnciRePYMcX3rjEF
+Withdrawing from account FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN, amount 8.867176377 SOL, 0.02 pool tokens
+Creating account to receive stake CZF2z3JJoDmJRcVjtsrz1BKUUGNL3VPW5FPFqge1bzmQ
+Signature: 2xBPVPJ749AE4hHNCNYdjuHv1EdMvxm9uvvraWfTA7Urrvecwh9w64URCyLLroLQ2RKDGE2QELM2ZHd8qRkjavJM
+```
+
+By default, the withdraw command will withdraw from the largest validator stake
+accounts in the pool. It's also possible to specify a specific vote account for
+the withdraw using the `--vote-account` flag.
+
+```sh
+$ spl-stake-pool withdraw EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 0.02 --vote-account 2HUKQz7W2nXZSwrdX5RkfS2rLU4j1QZLjdGCHcoUKFh3
+Withdrawing from account FYQB64aEzSmECvnG8RVvdAXBxRnzrLvcA3R22aGH2hUN, amount 8.867176377 SOL, 0.02 pool tokens
+Creating account to receive stake CZF2z3JJoDmJRcVjtsrz1BKUUGNL3VPW5FPFqge1bzmQ
+Signature: 2xBPVPJ749AE4hHNCNYdjuHv1EdMvxm9uvvraWfTA7Urrvecwh9w64URCyLLroLQ2RKDGE2QELM2ZHd8qRkjavJM
+```
+
+Note that the associated validator stake account must have enough lamports to
+satisfy the pool token amount requested.
+
+##### Special case: exiting pool with a delinquent staker
+
+With the reserve stake, it's possible for a delinquent or malicious staker to
+move all stake into the reserve through `decrease-validator-stake`, so the
+staking derivatives will not gain rewards, and the stake pool users will not
+be able to withdraw their funds.
+
+To get around this case, it is also possible to withdraw from the stake pool's
+reserve, but only if all of the validator stake accounts are at the minimum amount of
+`1 SOL + stake account rent exemption`.
+
+```sh
+$ spl-stake-pool withdraw EjspffVUi2Tivszzs2JVj4GiSiMNYKyqZpgP3NeefBU1 0.02 --use-reserve
+Withdrawing from account 33Hg3bvYrAwfqCzTMjAWZNAWC6H96qJNEdzGamfFjG4J, amount 8.867176377 SOL, 0.02 pool tokens
+Creating account to receive stake 9E5YzXXu9NDhtMxWJKCwe2M8Sdz6vL6bcBS92U76PVtE
+Signature: 4aZaeT9Azcq23PdKcjbQLseNveZVAQ4xMabBGQspfX316cE62Q2hoES373ExbT9y2JUhug7SgdybNaCjuZ6uqNYf
+```
+
 ## Appendix
 
 ### Activated stakes
@@ -569,6 +683,22 @@ are not equivalent to inactive, activating, or deactivating stakes due to the
 time cost of staking. Otherwise, malicious actors can deposit stake in one state
 and withdraw it in another state without waiting.
 
+### Transient stake accounts
+
+Each validator gets one transient stake account, so the staker can only
+perform one action at a time on a validator. It's impossible to increase
+and decrease the stake on a validator at the same time. The staker must wait for
+the existing transient stake account to get merged during an `update` instruction
+before performing a new action.
+
+### Reserve stake account
+
+Every stake pool is initialized with an undelegated reserve stake account, used
+to hold undelegated stake in process of rebalancing. After the staker decreases
+the stake on a validator, one epoch later, the update operation will merge the
+decreased stake into the reserve. Conversely, whenever the staker increases the
+stake on a validator, the lamports are drawn from the reserve stake account.
+
 ### Staking Credits Observed on Deposit
 
 A deposited stake account's "credits observed" must match the destination

docs/src/token.md

@@ -38,7 +38,7 @@ convention around wallet address to token account mapping and funding.
 
 The `spl-token` command-line utility can be used to experiment with SPL
 tokens.  Once you have [Rust installed](https://rustup.rs/), run:
-```sh
+```console
 $ cargo install spl-token-cli
 ```
 
@@ -50,11 +50,8 @@ The `spl-token` configuration is shared with the `solana` command-line tool.
 
 #### Current Configuration
 
-```
+```console
-solana config get
+$ solana config get
-```
-
-```
 Config File: ${HOME}/.config/solana/cli/config.yml
 RPC URL: https://api.mainnet-beta.solana.com
 WebSocket URL: wss://api.mainnet-beta.solana.com/ (computed)
@@ -64,8 +61,8 @@ Keypair Path: ${HOME}/.config/solana/id.json
 #### Cluster RPC URL
 
 See [Solana clusters](https://docs.solana.com/clusters) for cluster-specific RPC URLs
-```
+```console
-solana config set --url https://devnet.solana.com
+$ solana config set --url https://api.devnet.solana.com
 ```
 
 #### Default Keypair
@@ -74,18 +71,27 @@ See [Keypair conventions](https://docs.solana.com/cli/conventions#keypair-conven
 for information on how to setup a keypair if you don't already have one.
 
 Keypair File
-```
+```console
-solana config set --keypair ${HOME}/new-keypair.json
+$ solana config set --keypair ${HOME}/new-keypair.json
 ```
 
 Hardware Wallet URL (See [URL spec](https://docs.solana.com/wallet-guide/hardware-wallets#specify-a-keypair-url))
+```console
+$ solana config set --keypair usb://ledger/
 ```
-solana config set --keypair usb://ledger/
+
+#### Airdrop SOL
+
+Creating tokens and accounts requires SOL for account rent deposits and
+transaction fees. If the cluster you are targeting offers a faucet, you can get
+a little SOL for testing:
+```console
+$ solana airdrop 1
 ```
 
 ### Example: Creating your own fungible token
 
-```sh
+```console
 $ spl-token create-token
 Creating token AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM
 Signature: 47hsLFxWRCg8azaZZPSnQR8DNTRsGyPNfUK7jqyzgt7wf9eag3nSnewqoZrVZHKm8zt3B6gzxhr91gdQ5qYrsRG4
@@ -94,27 +100,27 @@ Signature: 47hsLFxWRCg8azaZZPSnQR8DNTRsGyPNfUK7jqyzgt7wf9eag3nSnewqoZrVZHKm8zt3B
 The unique identifier of the token is `AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM`.
 
 Tokens when initially created by `spl-token` have no supply:
-```sh
+```console
-spl-token supply AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM
+$ spl-token supply AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM
 0
 ```
 
 Let's mint some.  First create an account to hold a balance of the new
 `AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM` token:
-```sh
+```console
 $ spl-token create-account AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM
 Creating account 7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi
 Signature: 42Sa5eK9dMEQyvD9GMHuKxXf55WLZ7tfjabUKDhNoZRAxj9MsnN7omriWMEHXLea3aYpjZ862qocRLVikvkHkyfy
 ```
 
 `7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi` is now an empty account:
-```sh
+```console
-$ spl-token balance 7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi
+$ spl-token balance AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM
 0
 ```
 
 Mint 100 tokens into the account:
-```sh
+```console
 $ spl-token mint AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM 100
 Minting 100 tokens
   Token: AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM
@@ -123,16 +129,19 @@ Signature: 41mARH42fPkbYn1mvQ6hYLjmJtjW98NXwd6pHqEYg9p8RnuoUsMxVd16RkStDHEzcS2sf
 ```
 
 The token `supply` and account `balance` now reflect the result of minting:
-```sh
+```console
 $ spl-token supply AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM
 100
-$ spl-token balance 7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi
+```
+
+```console
+$ spl-token balance AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM
 100
 ```
 
 ### Example: View all Tokens that you own
 
-```sh
+```console
 $ spl-token accounts
 Token                                         Balance
 ------------------------------------------------------------
@@ -144,14 +153,14 @@ AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM  1    (Aux-2*)
 
 ### Example: Wrapping SOL in a Token
 
-```sh
+```console
 $ spl-token wrap 1
 Wrapping 1 SOL into GJTxcnA5Sydy8YRhqvHxbQ5QNsPyRKvzguodQEaShJje
 Signature: 4f4s5QVMKisLS6ihZcXXPbiBAzjnvkBcp2A7KKER7k9DwJ4qjbVsQBKv2rAyBumXC1gLn8EJQhwWkybE4yJGnw2Y
 ```
 
 To unwrap the Token back to SOL:
-```
+```console
 $ spl-token unwrap GJTxcnA5Sydy8YRhqvHxbQ5QNsPyRKvzguodQEaShJje
 Unwrapping GJTxcnA5Sydy8YRhqvHxbQ5QNsPyRKvzguodQEaShJje
   Amount: 1 SOL
@@ -165,8 +174,8 @@ token account for the Token type.  Then the receiver obtains their wallet
 address by running `solana address` and provides it to the sender.
 
 The sender then runs:
-```
+```console
-$ spl-token transfer 7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi 50 vines1vzrYbzLMRdu58ou5XTby4qAqVRLmqo36NKPTg
+$ spl-token transfer AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM 50 vines1vzrYbzLMRdu58ou5XTby4qAqVRLmqo36NKPTg
 Transfer 50 tokens
   Sender: 7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi
   Recipient: vines1vzrYbzLMRdu58ou5XTby4qAqVRLmqo36NKPTg
@@ -183,8 +192,8 @@ The receiver obtains their wallet address by running `solana address` and provid
 
 The sender then runs to fund the receiver's associated token account, at the
 sender's expense, and then transfers 50 tokens into it:
-```
+```console
-$ spl-token transfer --fund-recipient 7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi 50 vines1vzrYbzLMRdu58ou5XTby4qAqVRLmqo36NKPTg
+$ spl-token transfer --fund-recipient AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM 50 vines1vzrYbzLMRdu58ou5XTby4qAqVRLmqo36NKPTg
 Transfer 50 tokens
   Sender: 7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi
   Recipient: vines1vzrYbzLMRdu58ou5XTby4qAqVRLmqo36NKPTg
@@ -198,19 +207,21 @@ Signature: 5a3qbvoJQnTAxGPHCugibZTbSu7xuTgkxvF4EJupRjRXGgZZrnWFmKzfEzcqKF2ogCaF4
 Tokens may be transferred to a specific recipient token account.  The recipient
 token account must already exist and be of the same Token type.
 
-```
+```console
-$ spl-token create-account AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM
+$ spl-token create-account AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM /path/to/auxiliary_keypair.json
 Creating account CqAxDdBRnawzx9q4PYM3wrybLHBhDZ4P6BTV13WsRJYJ
 Signature: 4yPWj22mbyLu5mhfZ5WATNfYzTt5EQ7LGzryxM7Ufu7QCVjTE7czZdEBqdKR7vjKsfAqsBdjU58NJvXrTqCXvfWW
 ```
-```
+
+```console
 $ spl-token accounts AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM -v
 Account                                       Token                                         Balance
 --------------------------------------------------------------------------------------------------------
 7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi  AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM  100
 CqAxDdBRnawzx9q4PYM3wrybLHBhDZ4P6BTV13WsRJYJ  AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM  0    (Aux-1*)
 ```
-```
+
+```console
 $ spl-token transfer 7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi 50 CqAxDdBRnawzx9q4PYM3wrybLHBhDZ4P6BTV13WsRJYJ
 Transfer 50 tokens
   Sender: 7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi
@@ -218,7 +229,8 @@ Transfer 50 tokens
 
 Signature: 5a3qbvoJQnTAxGPHCugibZTbSu7xuTgkxvF4EJupRjRXGgZZrnWFmKzfEzcqKF2ogCaF4QKVbAtuFx7xGwrDUcGd
 ```
-```
+
+```console
 $ spl-token accounts AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe1TTJC9wajM -v
 Account                                       Token                                         Balance
 --------------------------------------------------------------------------------------------------------
@@ -228,22 +240,22 @@ CqAxDdBRnawzx9q4PYM3wrybLHBhDZ4P6BTV13WsRJYJ  AQoKYV7tYpTrFZN6P5oUufbQKAUr9mNYGe
 
 ### Example: Create a non-fungible token
 
-Create the token type,
+Create the token type with zero decimal place,
-```
+```console
-$ spl-token create-token
+$ spl-token create-token --decimals 0
 Creating token 559u4Tdr9umKwft3yHMsnAxohhzkFnUBPAFtibwuZD9z
 Signature: 4kz82JUey1B9ki1McPW7NYv1NqPKCod6WNptSkYqtuiEsQb9exHaktSAHJJsm4YxuGNW4NugPJMFX9ee6WA2dXts
 ```
 
 then create an account to hold tokens of this new type:
-```
+```console
 $ spl-token create-account 559u4Tdr9umKwft3yHMsnAxohhzkFnUBPAFtibwuZD9z
 Creating account 7KqpRwzkkeweW5jQoETyLzhvs9rcCj9dVQ1MnzudirsM
 Signature: sjChze6ecaRtvuQVZuwURyg6teYeiH8ZwT6UTuFNKjrdayQQ3KNdPB7d2DtUZ6McafBfEefejHkJ6MWQEfVHLtC
 ```
 
 Now mint only one token into the account,
-```
+```console
 $ spl-token mint 559u4Tdr9umKwft3yHMsnAxohhzkFnUBPAFtibwuZD9z 1 7KqpRwzkkeweW5jQoETyLzhvs9rcCj9dVQ1MnzudirsM
 Minting 1 tokens
   Token: 559u4Tdr9umKwft3yHMsnAxohhzkFnUBPAFtibwuZD9z
@@ -252,7 +264,7 @@ Signature: 2Kzg6ZArQRCRvcoKSiievYy3sfPqGV91Whnz6SeimhJQXKBTYQf3E54tWg3zPpYLbcDex
 ```
 
 and disable future minting:
-```
+```console
 $ spl-token authorize 559u4Tdr9umKwft3yHMsnAxohhzkFnUBPAFtibwuZD9z mint --disable
 Updating 559u4Tdr9umKwft3yHMsnAxohhzkFnUBPAFtibwuZD9z
   Current mint authority: vines1vzrYbzLMRdu58ou5XTby4qAqVRLmqo36NKPTg
@@ -263,8 +275,8 @@ Signature: 5QpykLzZsceoKcVRRFow9QCdae4Dp2zQAcjebyEWoezPFg2Np73gHKWQicHG1mqRdXu3y
 Now the `7KqpRwzkkeweW5jQoETyLzhvs9rcCj9dVQ1MnzudirsM` account holds the
 one and only `559u4Tdr9umKwft3yHMsnAxohhzkFnUBPAFtibwuZD9z` token:
 
-```
+```console
-$ spl-token account-info 7KqpRwzkkeweW5jQoETyLzhvs9rcCj9dVQ1MnzudirsM
+$ spl-token account-info 559u4Tdr9umKwft3yHMsnAxohhzkFnUBPAFtibwuZD9z
 
 Address: 7KqpRwzkkeweW5jQoETyLzhvs9rcCj9dVQ1MnzudirsM
 Balance: 1
@@ -275,7 +287,7 @@ Delegation: (not set)
 Close authority: (not set)
 ```
 
-```
+```console
 $ spl-token supply 559u4Tdr9umKwft3yHMsnAxohhzkFnUBPAFtibwuZD9z
 1
 ```
@@ -304,7 +316,7 @@ account.
 First create keypairs to act as the multisig signer-set. In reality, these can
 be any supported signer, like: a Ledger hardware wallet, a keypair file, or
 a paper wallet. For convenience, keypair files will be used in this example.
-```
+```console
 $ for i in $(seq 3); do solana-keygen new --no-passphrase -so "signer-${i}.json"; done
 Wrote new keypair to signer-1.json
 Wrote new keypair to signer-2.json
@@ -313,7 +325,7 @@ Wrote new keypair to signer-3.json
 
 In order to create the multisig account, the public keys of the signer-set must
 be collected.
-```
+```console
 $ for i in $(seq 3); do SIGNER="signer-${i}.json"; echo "$SIGNER: $(solana-keygen pubkey "$SIGNER")"; done
 signer-1.json: BzWpkuRrwXHq4SSSFHa8FJf6DRQy4TaeoXnkA89vTgHZ
 signer-2.json: DhkUfKgfZ8CF6PAGKwdABRL1VqkeNrTSRx8LZfpPFVNY
@@ -333,13 +345,15 @@ NOTE: SPL Token Multisig accounts are limited to a signer-set of eleven signers
 ```
 $ spl-token create-multisig 2 BzWpkuRrwXHq4SSSFHa8FJf6DRQy4TaeoXnkA89vTgHZ \
 DhkUfKgfZ8CF6PAGKwdABRL1VqkeNrTSRx8LZfpPFVNY D7ssXHrZJjfpZXsmDf8RwfPxe1BMMMmP1CtmX3WojPmG
+```
+```console
 Creating 2/3 multisig 46ed77fd4WTN144q62BwjU2B3ogX3Xmmc8PT5Z3Xc2re
 Signature: 2FN4KXnczAz33SAxwsuevqrD1BvikP6LUhLie5Lz4ETt594X8R7yvMZzZW2zjmFLPsLQNHsRuhQeumExHbnUGC9A
 ```
 
 Next create the token mint and receiving accounts
 [as previously described](#example-creating-your-own-fungible-token)
-```
+```console
 $ spl-token create-token
 Creating token 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o
 Signature: 3n6zmw3hS5Hyo5duuhnNvwjAbjzC42uzCA3TTsrgr9htUonzDUXdK1d8b8J77XoeSherqWQM8mD8E1TMYCpksS2r
@@ -350,7 +364,7 @@ Signature: 5mVes7wjE7avuFqzrmSCWneKBQyPAjasCLYZPNSkmqmk2YFosYWAP9hYSiZ7b7NKpV866
 ```
 
 Then set the mint account's minting authority to the multisig account
-```
+```console
 $ spl-token authorize 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o mint 46ed77fd4WTN144q62BwjU2B3ogX3Xmmc8PT5Z3Xc2re
 Updating 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o
   Current mint authority: 5hbZyJ3KRuFvdy5QBxvE9KwK17hzkAUkQHZTxPbiWffE
@@ -364,6 +378,8 @@ account, attempting to mint with one multisig signer fails
 $ spl-token mint 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o 1 EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC \
 --owner 46ed77fd4WTN144q62BwjU2B3ogX3Xmmc8PT5Z3Xc2re \
 --multisig-signer signer-1.json
+```
+```console
 Minting 1 tokens
   Token: 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o
   Recipient: EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC
@@ -372,28 +388,43 @@ RPC response error -32002: Transaction simulation failed: Error processing Instr
 
 But repeating with a second multisig signer, succeeds
 ```
-spl-token mint 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o 1 EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC \
+$ spl-token mint 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o 1 EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC \
 --owner 46ed77fd4WTN144q62BwjU2B3ogX3Xmmc8PT5Z3Xc2re \
 --multisig-signer signer-1.json \
 --multisig-signer signer-2.json
+```
+```console
 Minting 1 tokens
   Token: 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o
   Recipient: EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC
 Signature: 2ubqWqZb3ooDuc8FLaBkqZwzguhtMgQpgMAHhKsWcUzjy61qtJ7cZ1bfmYktKUfnbMYWTC1S8zdKgU6m4THsgspT
 ```
 
-### Example: Mint with multisig authority and offline signers
+### Example: Offline signing with multisig 
 
-This example builds off of the [online mint with multisig](#example-mint-with-multisig-authority)
+Sometimes online signing is not possible or desireable. Such is the case for example when signers are not in the same geographic location  
-example. Be sure to familiarize yourself with that process, [offline signing](https://docs.solana.com/offline-signing),
+or when they use air-gapped devices not connected to the network.  In this case, we use offline signing which combines the   
-and the [durable nonce](https://docs.solana.com/offline-signing/durable-nonce)
+previous examples of [multisig](#example-mint-with-multisig-authority) with [offline signing](https://docs.solana.com/offline-signing)
-feature before continuing.
+and a [nonce account](https://docs.solana.com/offline-signing/durable-nonce).
 
 This example will use the same mint account, token account, multisig account,
-and multisig signer-set keypair filenames as the online example.
+and multisig signer-set keypair filenames as the online example, as well as a nonce
+account that we create here:
 
-A nonce account at `Fjyud2VXixk2vCs4DkBpfpsq48d81rbEzh6deKt7WvPj` will be used
+```console
+$ solana-keygen new -o nonce-keypair.json
+...
+======================================================================
+pubkey: Fjyud2VXixk2vCs4DkBpfpsq48d81rbEzh6deKt7WvPj
+======================================================================
 ```
+
+```console
+$ solana create-nonce-account nonce-keypair.json 1
+Signature: 3DALwrAAmCDxqeb4qXZ44WjpFcwVtgmJKhV4MW5qLJVtWeZ288j6Pzz1F4BmyPpnGLfx2P8MEJXmqPchX5y2Lf3r
+```
+
+```console
 $ solana nonce-account Fjyud2VXixk2vCs4DkBpfpsq48d81rbEzh6deKt7WvPj
 Balance: 0.01 SOL
 Minimum Balance Required: 0.00144768 SOL
@@ -424,6 +455,9 @@ $ spl-token mint 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o 1 EX8zyi2ZQUuoYtXd
 --nonce-authority 5hbZyJ3KRuFvdy5QBxvE9KwK17hzkAUkQHZTxPbiWffE \
 --sign-only \
 --mint-decimals 9
+```
+
+```console
 Minting 1 tokens
   Token: 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o
   Recipient: EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC
@@ -438,7 +472,7 @@ Absent Signers (Pubkey):
 Next each offline signer executes the template command, replacing each instance
 of their public key with the corresponding keypair.
 ```
-spl-token mint 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o 1 EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC \
+$ spl-token mint 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o 1 EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC \
 --owner 46ed77fd4WTN144q62BwjU2B3ogX3Xmmc8PT5Z3Xc2re \
 --multisig-signer signer-1.json \
 --multisig-signer DhkUfKgfZ8CF6PAGKwdABRL1VqkeNrTSRx8LZfpPFVNY \
@@ -448,6 +482,8 @@ spl-token mint 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o 1 EX8zyi2ZQUuoYtXd4M
 --nonce-authority 5hbZyJ3KRuFvdy5QBxvE9KwK17hzkAUkQHZTxPbiWffE \
 --sign-only \
 --mint-decimals 9
+```
+```console
 Minting 1 tokens
   Token: 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o
   Recipient: EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC
@@ -471,6 +507,8 @@ $ spl-token mint 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o 1 EX8zyi2ZQUuoYtXd
 --nonce-authority 5hbZyJ3KRuFvdy5QBxvE9KwK17hzkAUkQHZTxPbiWffE \
 --sign-only \
 --mint-decimals 9
+```
+```console
 Minting 1 tokens
   Token: 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o
   Recipient: EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC
@@ -503,6 +541,8 @@ $ spl-token mint 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o 1 EX8zyi2ZQUuoYtXd
 --nonce-authority hot-wallet.json \
 --signer BzWpkuRrwXHq4SSSFHa8FJf6DRQy4TaeoXnkA89vTgHZ=2QVah9XtvPAuhDB2QwE7gNaY962DhrGP6uy9zeN4sTWvY2xDUUzce6zkQeuT3xg44wsgtUw2H5Rf8pEArPSzJvHX \
 --signer DhkUfKgfZ8CF6PAGKwdABRL1VqkeNrTSRx8LZfpPFVNY=2brZbTiCfyVYSCp6vZE3p7qCDeFf3z1JFmJHPBrz8SnWSDZPjbpjsW2kxFHkktTNkhES3y6UULqS4eaWztLW7FrU
+```
+```console
 Minting 1 tokens
   Token: 4VNVRJetwapjwYU8jf4qPgaCeD76wyz8DuNj8yMCQ62o
   Recipient: EX8zyi2ZQUuoYtXd4MKmyHYLTjqFdWeuoTHcsTdJcKHC
@@ -520,7 +560,7 @@ There is a rich set of JSON RPC methods available for use with SPL Token:
 
 See https://docs.solana.com/apps/jsonrpc-api for more details.
 
-Additionally the versatile `getProgramAcccounts` JSON RPC method can be employed in various ways to fetch SPL Token accounts of interest.
+Additionally the versatile `getProgramAccounts` JSON RPC method can be employed in various ways to fetch SPL Token accounts of interest.
 
 ### Finding all token accounts for a specific mint
 
@@ -553,7 +593,7 @@ curl http://api.mainnet-beta.solana.com -X POST -H "Content-Type: application/js
 ```
 
 The `"dataSize": 165` filter selects all [Token
-Acccount](https://github.com/solana-labs/solana-program-library/blob/08d9999f997a8bf38719679be9d572f119d0d960/token/program/src/state.rs#L86-L106)s,
+Account](https://github.com/solana-labs/solana-program-library/blob/08d9999f997a8bf38719679be9d572f119d0d960/token/program/src/state.rs#L86-L106)s,
 and then the `"memcmp": ...` filter selects based on the
 [mint](https://github.com/solana-labs/solana-program-library/blob/08d9999f997a8bf38719679be9d572f119d0d960/token/program/src/state.rs#L88)
 address within each token account.
@@ -588,7 +628,7 @@ curl http://api.mainnet-beta.solana.com -X POST -H "Content-Type: application/js
 ```
 
 The `"dataSize": 165` filter selects all [Token
-Acccount](https://github.com/solana-labs/solana-program-library/blob/08d9999f997a8bf38719679be9d572f119d0d960/token/program/src/state.rs#L86-L106)s,
+Account](https://github.com/solana-labs/solana-program-library/blob/08d9999f997a8bf38719679be9d572f119d0d960/token/program/src/state.rs#L86-L106)s,
 and then the `"memcmp": ...` filter selects based on the
 [owner](https://github.com/solana-labs/solana-program-library/blob/08d9999f997a8bf38719679be9d572f119d0d960/token/program/src/state.rs#L90)
 address within each token account.
@@ -825,7 +865,13 @@ The sender's wallet must not require that the recipient's main wallet address
 hold a balance before allowing the transfer.
 
 ### Registry for token details
-At the moment Token Mint addresses need to be hard coded by each wallet.  **Improving this situation is a work in progress.**
+At the moment there exist two solutions for Token Mint registries:
+
+* hard coded addresses in the wallet or dapp
+* [spl-token-registry](https://www.npmjs.com/package/@solana/spl-token-registry)
+package, maintained at [https://github.com/solana-labs/token-list](https://github.com/solana-labs/token-list)
+
+**A decentralized solution is in progress.**
 
 ### Garbage Collecting Ancillary Token Accounts
 Wallets should empty ancillary token accounts as quickly as practical by
@@ -852,3 +898,13 @@ the maximum allowed transaction size, remove those extra clean up instructions.
 They can be cleaned up during the next send operation.
 
 The `spl-token gc` command provides an example implementation of this cleanup process.
+
+
+### Token Vesting Contract:
+This program allows you to lock arbitrary SPL tokens and release the locked tokens with a determined unlock schedule. An `unlock schedule` is made of a `unix timestamp` and a token `amount`, when initializing a vesting contract, the creator can pass an array of `unlock schedule` with an arbitrary size giving the creator of the contract complete control of how the tokens unlock over time.
+
+Unlocking works by pushing a permissionless crank on the contract that moves the tokens to the pre-specified address. The recipient address of a vesting contract can be modified by the owner of the current recipient key, meaning that vesting contract locked tokens can be traded.
+
+- Code: [https://github.com/Bonfida/token-vesting](https://github.com/Bonfida/token-vesting)
+- UI: [https://vesting.bonfida.com/#/](https://vesting.bonfida.com/#/)
+- Audit: The audit was conducted by Kudelski, the report can be found [here](https://github.com/Bonfida/token-vesting/blob/master/audit/Bonfida_SecurityAssessment_Vesting_Final050521.pdf)

examples/c/src/cross-program-invocation/cross-program-invocation.c

@@ -22,7 +22,7 @@ extern uint64_t do_invoke(SolParameters *params) {
   const SolSignerSeeds signers_seeds[] = {{seeds, SOL_ARRAY_SIZE(seeds)}};
 
   SolPubkey expected_allocated_key;
-  if (SUCCESS == sol_create_program_address(seeds, SOL_ARRAY_SIZE(seeds),
+  if (SUCCESS != sol_create_program_address(seeds, SOL_ARRAY_SIZE(seeds),
                                             params->program_id,
                                             &expected_allocated_key)) {
     return ERROR_INVALID_INSTRUCTION_DATA;
@@ -31,8 +31,7 @@ extern uint64_t do_invoke(SolParameters *params) {
     return ERROR_INVALID_ARGUMENT;
   }
 
-  SolAccountMeta arguments[] = {{system_program_info->key, false, false},
+  SolAccountMeta arguments[] = {{allocated_info->key, true, true}};
-                                {allocated_info->key, true, true}};
   uint8_t data[4 + 8];            // Enough room for the Allocate instruction
   *(uint16_t *)data = 8;          // Allocate instruction enum value
   *(uint64_t *)(data + 4) = SIZE; // Size to allocate

examples/rust/README.md

@@ -1,4 +1,3 @@
-
 # Program examples written in Rust
 
 The examples in this directory demonstrate various Solana program mechanisms.

examples/rust/cross-program-invocation/Cargo.toml

@@ -13,11 +13,11 @@ no-entrypoint = []
 test-bpf = []
 
 [dependencies]
-solana-program = "1.6.2"
+solana-program = "1.7.3"
 
 [dev-dependencies]
-solana-program-test = "1.6.2"
+solana-program-test = "1.7.3"
-solana-sdk = "1.6.2"
+solana-sdk = "1.7.3"
 
 [lib]
 crate-type = ["cdylib", "lib"]

examples/rust/custom-heap/Cargo.toml

@@ -15,11 +15,11 @@ no-entrypoint = []
 test-bpf = []
 
 [dependencies]
-solana-program = "1.6.2"
+solana-program = "1.7.3"
 
 [dev-dependencies]
-solana-program-test = "1.6.2"
+solana-program-test = "1.7.3"
-solana-sdk = "1.6.2"
+solana-sdk = "1.7.3"
 
 [lib]
 crate-type = ["cdylib", "lib"]

examples/rust/custom-heap/tests/functional.rs

@@ -8,7 +8,7 @@ use {
 
 #[tokio::test]
 async fn test_custom_heap() {
-    let program_id = Pubkey::from_str(&"CustomHeap111111111111111111111111111111111").unwrap();
+    let program_id = Pubkey::from_str("CustomHeap111111111111111111111111111111111").unwrap();
     let (mut banks_client, payer, recent_blockhash) = ProgramTest::new(
         "spl_example_custom_heap",
         program_id,

examples/rust/logging/Cargo.toml

@@ -13,11 +13,11 @@ no-entrypoint = []
 test-bpf = []
 
 [dependencies]
-solana-program = "1.6.2"
+solana-program = "1.7.3"
 
 [dev-dependencies]
-solana-program-test = "1.6.2"
+solana-program-test = "1.7.3"
-solana-sdk = "1.6.2"
+solana-sdk = "1.7.3"
 
 [lib]
 crate-type = ["cdylib", "lib"]

examples/rust/logging/tests/functional.rs

@@ -11,7 +11,7 @@ use {
 
 #[tokio::test]
 async fn test_logging() {
-    let program_id = Pubkey::from_str(&"Logging111111111111111111111111111111111111").unwrap();
+    let program_id = Pubkey::from_str("Logging111111111111111111111111111111111111").unwrap();
     let (mut banks_client, payer, recent_blockhash) = ProgramTest::new(
         "spl_example_logging",
         program_id,

examples/rust/sysvar/Cargo.toml

@@ -13,11 +13,11 @@ no-entrypoint = []
 test-bpf = []
 
 [dependencies]
-solana-program = "1.6.2"
+solana-program = "1.7.3"
 
 [dev-dependencies]
-solana-program-test = "1.6.2"
+solana-program-test = "1.7.3"
-solana-sdk = "1.6.2"
+solana-sdk = "1.7.3"
 
 [lib]
 crate-type = ["cdylib", "lib"]

examples/rust/sysvar/src/processor.rs

@@ -17,24 +17,28 @@ pub fn process_instruction(
     // Create in iterator to safety reference accounts in the slice
     let account_info_iter = &mut accounts.iter();
 
-    // The first account is the clock sysvar
+    // Get the clock sysvar via syscall
+    let clock_via_sysvar = Clock::get()?;
+    // Or deserialize the account into a clock struct
     let clock_sysvar_info = next_account_info(account_info_iter)?;
-    // The second account is the rent sysvar
+    let clock_via_account = Clock::from_account_info(clock_sysvar_info)?;
-    let rent_sysvar_info = next_account_info(account_info_iter)?;
+    // Both produce the same sysvar
-
+    assert_eq!(clock_via_sysvar, clock_via_account);
-    // Deserialize the account into a clock struct
-    let clock = Clock::from_account_info(&clock_sysvar_info)?;
-
-    // Deserialize the account into a rent struct
-    let rent = Rent::from_account_info(&rent_sysvar_info)?;
-
     // Note: `format!` can be very expensive, use cautiously
-    msg!("{:?}", clock);
+    msg!("{:?}", clock_via_sysvar);
+
+    // Get the rent sysvar via syscall
+    let rent_via_sysvar = Rent::get()?;
+    // Or deserialize the account into a rent struct
+    let rent_sysvar_info = next_account_info(account_info_iter)?;
+    let rent_via_account = Rent::from_account_info(rent_sysvar_info)?;
+    // Both produce the same sysvar
+    assert_eq!(rent_via_sysvar, rent_via_account);
     // Can't print `exemption_threshold` because BPF does not support printing floats
     msg!(
         "Rent: lamports_per_byte_year: {:?}, burn_percent: {:?}",
-        rent.lamports_per_byte_year,
+        rent_via_sysvar.lamports_per_byte_year,
-        rent.burn_percent
+        rent_via_sysvar.burn_percent
     );
 
     Ok(())

examples/rust/sysvar/tests/functional.rs

@@ -12,7 +12,7 @@ use {
 
 #[tokio::test]
 async fn test_sysvar() {
-    let program_id = Pubkey::from_str(&"Sysvar1111111111111111111111111111111111111").unwrap();
+    let program_id = Pubkey::from_str("Sysvar1111111111111111111111111111111111111").unwrap();
     let (mut banks_client, payer, recent_blockhash) = ProgramTest::new(
         "spl_example_sysvar",
         program_id,

examples/rust/transfer-lamports/Cargo.toml

@@ -12,11 +12,11 @@ no-entrypoint = []
 test-bpf = []
 
 [dependencies]
-solana-program = "1.6.2"
+solana-program = "1.7.3"
 
 [dev-dependencies]
-solana-program-test = "1.6.2"
+solana-program-test = "1.7.3"
-solana-sdk = "1.6.2"
+solana-sdk = "1.7.3"
 
 [lib]
 crate-type = ["cdylib", "lib"]

examples/rust/transfer-lamports/tests/functional.rs

@@ -11,7 +11,7 @@ use {
 
 #[tokio::test]
 async fn test_lamport_transfer() {
-    let program_id = Pubkey::from_str(&"TransferLamports111111111111111111111111111").unwrap();
+    let program_id = Pubkey::from_str("TransferLamports111111111111111111111111111").unwrap();
     let source_pubkey = Pubkey::new_unique();
     let destination_pubkey = Pubkey::new_unique();
     let mut program_test = ProgramTest::new(

feature-proposal/cli/Cargo.toml

@@ -10,11 +10,11 @@ edition = "2018"
 [dependencies]
 chrono = "0.4.19"
 clap = "2.33.3"
-solana-clap-utils = "1.6.2"
+solana-clap-utils = "1.7.4"
-solana-cli-config = "1.6.2"
+solana-cli-config = "1.7.4"
-solana-client = "1.6.2"
+solana-client = "1.7.4"
-solana-logger = "1.6.2"
+solana-logger = "1.7.4"
-solana-sdk = "1.6.2"
+solana-sdk = "1.7.4"
 spl-feature-proposal = { version = "1.0", path = "../program", features = ["no-entrypoint"] }
 
 [[bin]]

feature-proposal/cli/src/main.rs

@@ -46,7 +46,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
                 .global(true)
                 .help("Configuration file to use");
             if let Some(ref config_file) = *solana_cli_config::CONFIG_FILE {
-                arg.default_value(&config_file)
+                arg.default_value(config_file)
             } else {
                 arg
             }
@@ -329,7 +329,7 @@ fn process_propose(
         Some(&config.keypair.pubkey()),
     );
     let blockhash = rpc_client.get_recent_blockhash()?.0;
-    transaction.try_sign(&[&config.keypair, &feature_proposal_keypair], blockhash)?;
+    transaction.try_sign(&[&config.keypair, feature_proposal_keypair], blockhash)?;
 
     println!("JSON RPC URL: {}", config.json_rpc_url);
 
@@ -399,10 +399,9 @@ fn process_tally(
 ) -> Result<(), Box<dyn std::error::Error>> {
     let feature_proposal = get_feature_proposal(rpc_client, feature_proposal_address)?;
 
-    let feature_id_address =
+    let feature_id_address = spl_feature_proposal::get_feature_id_address(feature_proposal_address);
-        spl_feature_proposal::get_feature_id_address(&feature_proposal_address);
     let acceptance_token_address =
-        spl_feature_proposal::get_acceptance_token_address(&feature_proposal_address);
+        spl_feature_proposal::get_acceptance_token_address(feature_proposal_address);
 
     println!("Feature Id: {}", feature_id_address);
     println!("Acceptance Token Address: {}", acceptance_token_address);

feature-proposal/program/Cargo.toml

@@ -12,15 +12,14 @@ no-entrypoint = []
 test-bpf = []
 
 [dependencies]
-borsh = "0.7.1"
+borsh = "0.9"
-borsh-derive = "0.8.1"
+borsh-derive = "0.9.0"
-solana-program = "1.6.2"
+solana-program = "1.7.4"
 spl-token = { version = "3.1", path = "../../token/program", features = ["no-entrypoint"] }
 
 [dev-dependencies]
-futures = "0.3"
+solana-program-test = "1.7.4"
-solana-program-test = "1.6.2"
+solana-sdk = "1.7.4"
-solana-sdk = "1.6.2"
 
 [lib]
 crate-type = ["cdylib", "lib"]

feature-proposal/program/src/instruction.rs

@@ -155,13 +155,12 @@ pub fn tally(feature_proposal_address: &Pubkey) -> Instruction {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::borsh_utils;
 
     #[test]
     fn test_get_packed_len() {
         assert_eq!(
             FeatureProposalInstruction::get_packed_len(),
-            borsh_utils::get_packed_len::<FeatureProposalInstruction>()
+            solana_program::borsh::get_packed_len::<FeatureProposalInstruction>()
         )
     }
 

feature-proposal/program/src/lib.rs

@@ -2,7 +2,6 @@
 #![deny(missing_docs)]
 #![forbid(unsafe_code)]
 
-pub mod borsh_utils;
 mod entrypoint;
 pub mod instruction;
 pub mod processor;

feature-proposal/program/src/processor.rs

@@ -126,7 +126,7 @@ pub fn process_instruction(
                     mint_info.clone(),
                     system_program_info.clone(),
                 ],
-                &[&mint_signer_seeds],
+                &[mint_signer_seeds],
             )?;
 
             msg!("Initializing mint");
@@ -159,7 +159,7 @@ pub fn process_instruction(
                     distributor_token_info.clone(),
                     system_program_info.clone(),
                 ],
-                &[&distributor_token_signer_seeds],
+                &[distributor_token_signer_seeds],
             )?;
 
             msg!("Initializing distributor token account");
@@ -193,7 +193,7 @@ pub fn process_instruction(
                     acceptance_token_info.clone(),
                     system_program_info.clone(),
                 ],
-                &[&acceptance_token_signer_seeds],
+                &[acceptance_token_signer_seeds],
             )?;
 
             msg!("Initializing acceptance token account");
@@ -216,7 +216,7 @@ pub fn process_instruction(
                 &spl_token::instruction::set_authority(
                     &spl_token::id(),
                     acceptance_token_info.key,
-                    Some(&feature_proposal_info.key),
+                    Some(feature_proposal_info.key),
                     spl_token::instruction::AuthorityType::CloseAccount,
                     feature_proposal_info.key,
                     &[],
@@ -231,7 +231,7 @@ pub fn process_instruction(
                 &spl_token::instruction::set_authority(
                     &spl_token::id(),
                     acceptance_token_info.key,
-                    Some(&program_id),
+                    Some(program_id),
                     spl_token::instruction::AuthorityType::AccountOwner,
                     feature_proposal_info.key,
                     &[],
@@ -260,7 +260,7 @@ pub fn process_instruction(
                     distributor_token_info.clone(),
                     spl_token_program_info.clone(),
                 ],
-                &[&mint_signer_seeds],
+                &[mint_signer_seeds],
             )?;
 
             // Fully fund the feature id account so the `Tally` instruction will not require any
@@ -283,7 +283,7 @@ pub fn process_instruction(
             invoke_signed(
                 &system_instruction::allocate(feature_id_info.key, Feature::size_of() as u64),
                 &[feature_id_info.clone(), system_program_info.clone()],
-                &[&feature_id_signer_seeds],
+                &[feature_id_signer_seeds],
             )?;
         }
 
@@ -348,7 +348,7 @@ pub fn process_instruction(
                     invoke_signed(
                         &system_instruction::assign(feature_id_info.key, &feature::id()),
                         &[feature_id_info.clone(), system_program_info.clone()],
-                        &[&feature_id_signer_seeds],
+                        &[feature_id_signer_seeds],
                     )?;
 
                     msg!("Feature proposal accepted");

feature-proposal/program/src/state.rs

@@ -59,13 +59,12 @@ impl Pack for FeatureProposal {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::borsh_utils;
 
     #[test]
     fn test_get_packed_len() {
         assert_eq!(
             FeatureProposal::get_packed_len(),
-            borsh_utils::get_packed_len::<FeatureProposal>()
+            solana_program::borsh::get_packed_len::<FeatureProposal>()
         );
     }
 

feature-proposal/program/tests/functional.rs

@@ -1,21 +1,20 @@
 // Mark this test as BPF-only due to current `ProgramTest` limitations when CPIing into the system program
 #![cfg(feature = "test-bpf")]
 
-use futures::{Future, FutureExt};
+use {
-use solana_program::{
+    solana_program::{
         feature::{self, Feature},
         program_option::COption,
-    program_pack::Pack,
         pubkey::Pubkey,
         system_program,
-};
+    },
-use solana_program_test::*;
+    solana_program_test::*,
-use solana_sdk::{
+    solana_sdk::{
         signature::{Keypair, Signer},
         transaction::Transaction,
+    },
+    spl_feature_proposal::{instruction::*, state::*, *},
 };
-use spl_feature_proposal::{instruction::*, state::*, *};
-use std::io;
 
 fn program_test() -> ProgramTest {
     ProgramTest::new(
@@ -25,21 +24,6 @@ fn program_test() -> ProgramTest {
     )
 }
 
-/// Fetch and unpack account data
-fn get_account_data<T: Pack>(
-    banks_client: &mut BanksClient,
-    address: Pubkey,
-) -> impl Future<Output = std::io::Result<T>> + '_ {
-    banks_client.get_account(address).map(|result| {
-        let account =
-            result?.ok_or_else(|| io::Error::new(io::ErrorKind::Other, "account not found"))?;
-
-        T::unpack_from_slice(&account.data)
-            .ok()
-            .ok_or_else(|| io::Error::new(io::ErrorKind::Other, "Failed to deserialize account"))
-    })
-}
-
 #[tokio::test]
 async fn test_basic() {
     let feature_proposal = Keypair::new();
@@ -68,16 +52,17 @@ async fn test_basic() {
     banks_client.process_transaction(transaction).await.unwrap();
 
     // Confirm feature id account is now funded and allocated, but not assigned
-    let feature_id_acccount = banks_client
+    let feature_id_account = banks_client
         .get_account(feature_id_address)
         .await
         .expect("success")
         .expect("some account");
-    assert_eq!(feature_id_acccount.owner, system_program::id());
+    assert_eq!(feature_id_account.owner, system_program::id());
-    assert_eq!(feature_id_acccount.data.len(), Feature::size_of());
+    assert_eq!(feature_id_account.data.len(), Feature::size_of());
 
     // Confirm mint account state
-    let mint = get_account_data::<spl_token::state::Mint>(&mut banks_client, mint_address)
+    let mint = banks_client
+        .get_packed_account_data::<spl_token::state::Mint>(mint_address)
         .await
         .unwrap();
     assert_eq!(mint.supply, 42);
@@ -86,8 +71,8 @@ async fn test_basic() {
     assert_eq!(mint.mint_authority, COption::Some(mint_address));
 
     // Confirm distributor token account state
-    let distributor_token =
+    let distributor_token = banks_client
-        get_account_data::<spl_token::state::Account>(&mut banks_client, distributor_token_address)
+        .get_packed_account_data::<spl_token::state::Account>(distributor_token_address)
         .await
         .unwrap();
     assert_eq!(distributor_token.amount, 42);
@@ -96,8 +81,8 @@ async fn test_basic() {
     assert!(distributor_token.close_authority.is_none());
 
     // Confirm acceptance token account state
-    let acceptance_token =
+    let acceptance_token = banks_client
-        get_account_data::<spl_token::state::Account>(&mut banks_client, acceptance_token_address)
+        .get_packed_account_data::<spl_token::state::Account>(acceptance_token_address)
         .await
         .unwrap();
     assert_eq!(acceptance_token.amount, 0);
@@ -115,15 +100,17 @@ async fn test_basic() {
     banks_client.process_transaction(transaction).await.unwrap();
 
     // Confirm feature id account is not yet assigned
-    let feature_id_acccount = banks_client
+    let feature_id_account = banks_client
         .get_account(feature_id_address)
         .await
         .expect("success")
         .expect("some account");
-    assert_eq!(feature_id_acccount.owner, system_program::id());
+    assert_eq!(feature_id_account.owner, system_program::id());
 
     assert!(matches!(
-        get_account_data::<FeatureProposal>(&mut banks_client, feature_proposal.pubkey()).await,
+        banks_client
+            .get_packed_account_data::<FeatureProposal>(feature_proposal.pubkey())
+            .await,
         Ok(FeatureProposal::Pending(_))
     ));
 
@@ -158,16 +145,18 @@ async fn test_basic() {
     banks_client.process_transaction(transaction).await.unwrap();
 
     // Confirm feature id account is now assigned
-    let feature_id_acccount = banks_client
+    let feature_id_account = banks_client
         .get_account(feature_id_address)
         .await
         .expect("success")
         .expect("some account");
-    assert_eq!(feature_id_acccount.owner, feature::id());
+    assert_eq!(feature_id_account.owner, feature::id());
 
     // Confirm feature proposal account state
     assert!(matches!(
-        get_account_data::<FeatureProposal>(&mut banks_client, feature_proposal.pubkey()).await,
+        banks_client
+            .get_packed_account_data::<FeatureProposal>(feature_proposal.pubkey())
+            .await,
         Ok(FeatureProposal::Accepted {
             tokens_upon_acceptance: 42
         })
@@ -197,7 +186,9 @@ async fn test_expired() {
     banks_client.process_transaction(transaction).await.unwrap();
 
     assert!(matches!(
-        get_account_data::<FeatureProposal>(&mut banks_client, feature_proposal.pubkey()).await,
+        banks_client
+            .get_packed_account_data::<FeatureProposal>(feature_proposal.pubkey())
+            .await,
         Ok(FeatureProposal::Pending(_))
     ));
 
@@ -208,7 +199,9 @@ async fn test_expired() {
     banks_client.process_transaction(transaction).await.unwrap();
 
     assert!(matches!(
-        get_account_data::<FeatureProposal>(&mut banks_client, feature_proposal.pubkey()).await,
+        banks_client
+            .get_packed_account_data::<FeatureProposal>(feature_proposal.pubkey())
+            .await,
         Ok(FeatureProposal::Expired)
     ));
 }

governance/README.md

@@ -0,0 +1,117 @@
+# Governance
+
+Governance is a program the chief purpose of which is to control the upgrade of other programs through democratic means.
+It can also be used as an authority provider for mints and other forms of access control as well where we may want
+a voting population to vote on disbursement of access or funds collectively.
+
+## Architecture
+
+### Accounts diagram (Program Governance use case)
+
+![Accounts diagram](./resources/governance-accounts.jpg)
+
+### Realm account
+
+Realm account ties Community Token Mint and optional Council Token mint to create a realm
+for any governance pertaining to the community of the token holders.
+For example a trading protocol can issue a governance token and use it to create its governance realm.
+
+Once a realm is created voters can deposit Governing tokens (Community or Council) to the realm and
+use the deposited amount as their voting weight to vote on Proposals within that realm.
+
+### Program Governance account
+
+The basic building block of governance to update programs is the ProgramGovernance account.
+It ties a governed Program ID and holds configuration options defining governance rules.
+The governed Program ID is used as the seed for a [Program Derived Address](https://docs.solana.com/developing/programming-model/calling-between-programs#program-derived-addresses),
+and this program derived address is what is used as the address of the Governance account for your Program ID.
+
+What this means is that there can only ever be ONE Governance account for a given Program.
+The governance program validates at creation time of the Governance account that the current upgrade authority of the program
+taken under governance signed the transaction. Optionally `CreateProgramGovernance` instruction can also transfer `upgrade_authority`
+of the governed program to the Governance PDA at the creation time of the Governance account.
+
+### Mint Governance account
+
+A mint governance account allows a mint authority to setup governance over an SPL Mint account.
+The Governance program validates at creation time that the current mint authority signed the transaction to
+create the governance and optionally can transfer the authority to the Governance account.
+Once setup the Mint Governance allows governance participants to create Proposals which execute mint instructions for
+the governed Mint.
+
+### Token Governance account
+
+A token governance account allows a token account owner to setup governance over an SPL Token account.
+The Governance program validates at creation time the current owner signed the transaction to
+create the governance and optionally can transfer the owner to the Governance account.
+Once setup the Token Governance allows participants to create Proposals to execute transfer instructions
+from the governed token account.
+
+### How does the authority work?
+
+Governance can handle arbitrary executions of code, but it's real power lies in the power to upgrade programs.
+It does this through executing instructions to the bpf-upgradable-loader program.
+Bpf-upgradable-loader allows any signer who has Upgrade authority over a Buffer account and the Program account itself
+to upgrade it using its Upgrade command.
+Normally, this is the developer who created and deployed the program, and this creation of the Buffer account containing
+the new program data and overwriting of the existing Program account's data with it is handled in the background for you
+by the Solana program deploy cli command.
+However, in order for Governance to be useful, Governance now needs this authority.
+
+In similar fashion for Mint and Token governances the relevant authorities to mint and transfer tokens
+are transferred to the Governance account. It in turn allows participants to create and vote on Proposals
+which can then execute
+mint and transfer instructions for the governed accounts.
+
+### Proposal accounts
+
+A Proposal is an instance of a Governance created to vote on and execute given set of changes.
+It is created by someone (Proposal Owner) and tied to a given Governance account
+and has a set of executable instructions to it, a name and a description.
+It goes through various states (draft, voting, executing, ...) and users can vote on it
+if they have relevant Community or Council tokens.
+Its rules are determined by the Governance account that it is tied to, and when it executes,
+it is only eligible to use the [Program Derived Address](https://docs.solana.com/developing/programming-model/calling-between-programs#program-derived-addresses)
+authority given by the Governance account.
+So a Proposal for Sushi cannot for instance upgrade the Program for Uniswap.
+
+When a Proposal is created by a user then the user becomes Proposal Owner and receives permission to edit the Proposal.
+With this power the Owner can edit the Proposal, add/remove Signatories to the Proposal and also cancel it.
+These Signatories can then show their approval of the Proposal by signing it off.
+Once all Signatories have signed off the Proposal the Proposal leaves Draft state and enters Voting state.
+Voting state lasts as long as the Governance has it configured to last, and during this time
+people holding Community (or Council) tokens may vote on the Proposal.
+Once the Proposal is "tipped" it either enters the Defeated or Succeeded state. If the vote can't be tipped automatically
+during the voting period but still reaches the required Yes vote threshold it can be manually transitioned to Succeeded state
+using FinalizeVote instruction.
+Once all Proposal instructions are executed the Proposal enters Completed state.
+
+In the Executing state an instruction can be run by any one at any time after the `instruction_hold_up_time` period has
+transpired.
+
+### ProposalInstruction
+
+A Proposal can have multiple Proposal Instructions, and they run independently of each other.
+These contain the actual data for an instruction, and how long after the voting phase a user must wait before they can
+be executed.
+
+### Voting Dynamics
+
+When a Proposal is created and signed by its Signatories voters can start voting on it using their voting weight,
+equal to deposited governing tokens into the realm. A vote is tipped once it passes the defined `vote_threshold` of votes
+and enters Succeeded or Defeated state. If Succeeded then Proposal instructions can be executed after they hold_up_time passes.
+
+Users can relinquish their vote any time during Proposal lifetime, but once Proposal it decided their vote can't be changed.
+
+### Community and Councils governing tokens
+
+Each Governance Realm that gets created has the option to also have a Council mint.
+A council mint is simply a separate mint from the Community mint.
+What this means is that users can submit Proposals that have a different voting population from a different mint
+that can affect the same program. A practical application of this policy may be to have a very large population control
+major version bumps of Solana via normal SOL, for instance, but hot fixes be controlled via Council tokens,
+of which there may be only 30, and which may be themselves minted and distributed via proposals by the governing population.
+
+### Proposal Workflow
+
+![Proposal Workflow](./resources/governance-workflow.jpg)

governance/program/Cargo.toml

@@ -0,0 +1,34 @@
+[package]
+name = "spl-governance"
+version = "1.0.1"
+description = "Solana Program Library Governance Program"
+authors = ["Solana Maintainers <maintainers@solana.foundation>"]
+repository = "https://github.com/solana-labs/solana-program-library"
+license = "Apache-2.0"
+edition = "2018"
+
+[features]
+no-entrypoint = []
+test-bpf = []
+
+[dependencies]
+arrayref = "0.3.6"
+bincode = "1.3.2"
+borsh = "0.9.0"
+num-derive = "0.3"
+num-traits = "0.2"
+serde = "1.0.126"
+serde_derive = "1.0.103"
+solana-program = "1.7.4"
+spl-token = { version = "3.1.1", path = "../../token/program", features = [ "no-entrypoint" ] }
+thiserror = "1.0"
+
+[dev-dependencies]
+assert_matches = "1.5.0"
+base64 = "0.13"
+proptest = "1.0"
+solana-program-test = "1.7.4"
+solana-sdk = "1.7.4"
+
+[lib]
+crate-type = ["cdylib", "lib"]

governance/program/Xargo.toml

@@ -0,0 +1,2 @@
+[target.bpfel-unknown-unknown.dependencies.std]
+features = []

governance/program/src/entrypoint.rs

@@ -0,0 +1,22 @@
+//! Program entrypoint definitions
+#![cfg(all(target_arch = "bpf", not(feature = "no-entrypoint")))]
+
+use crate::{error::GovernanceError, processor};
+use solana_program::{
+    account_info::AccountInfo, entrypoint, entrypoint::ProgramResult,
+    program_error::PrintProgramError, pubkey::Pubkey,
+};
+
+entrypoint!(process_instruction);
+fn process_instruction(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    instruction_data: &[u8],
+) -> ProgramResult {
+    if let Err(error) = processor::process_instruction(program_id, accounts, instruction_data) {
+        // catch the error so we can print it
+        error.print::<GovernanceError>();
+        return Err(error);
+    }
+    Ok(())
+}

governance/program/src/error.rs

@@ -0,0 +1,296 @@
+//! Error types
+
+use num_derive::FromPrimitive;
+use solana_program::{
+    decode_error::DecodeError,
+    msg,
+    program_error::{PrintProgramError, ProgramError},
+};
+use thiserror::Error;
+
+/// Errors that may be returned by the Governance program
+#[derive(Clone, Debug, Eq, Error, FromPrimitive, PartialEq)]
+pub enum GovernanceError {
+    /// Invalid instruction passed to program
+    #[error("Invalid instruction passed to program")]
+    InvalidInstruction = 500, // Start Governance custom errors from 500 to avoid conflicts with programs invoked via CPI
+
+    /// Realm with the given name and governing mints already exists
+    #[error("Realm with the given name and governing mints already exists")]
+    RealmAlreadyExists,
+
+    /// Invalid Realm
+    #[error("Invalid realm")]
+    InvalidRealm,
+
+    /// Invalid Governing Token Mint
+    #[error("Invalid Governing Token Mint")]
+    InvalidGoverningTokenMint,
+
+    /// Governing Token Owner must sign transaction
+    #[error("Governing Token Owner must sign transaction")]
+    GoverningTokenOwnerMustSign,
+
+    /// Governing Token Owner or Delegate  must sign transaction
+    #[error("Governing Token Owner or Delegate  must sign transaction")]
+    GoverningTokenOwnerOrDelegateMustSign,
+
+    /// All votes must be relinquished to withdraw governing tokens
+    #[error("All votes must be relinquished to withdraw governing tokens")]
+    AllVotesMustBeRelinquishedToWithdrawGoverningTokens,
+
+    /// Invalid Token Owner Record account address
+    #[error("Invalid Token Owner Record account address")]
+    InvalidTokenOwnerRecordAccountAddress,
+
+    /// Invalid GoverningMint for TokenOwnerRecord
+    #[error("Invalid GoverningMint for TokenOwnerRecord")]
+    InvalidGoverningMintForTokenOwnerRecord,
+
+    /// Invalid Realm for TokenOwnerRecord
+    #[error("Invalid Realm for TokenOwnerRecord")]
+    InvalidRealmForTokenOwnerRecord,
+
+    /// Invalid Proposal for ProposalInstruction
+    #[error("Invalid Proposal for ProposalInstruction")]
+    InvalidProposalForProposalInstruction,
+
+    /// Invalid Signatory account address
+    #[error("Invalid Signatory account address")]
+    InvalidSignatoryAddress,
+
+    /// Signatory already signed off
+    #[error("Signatory already signed off")]
+    SignatoryAlreadySignedOff,
+
+    /// Signatory must sign
+    #[error("Signatory must sign")]
+    SignatoryMustSign,
+
+    /// Invalid Proposal Owner
+    #[error("Invalid Proposal Owner")]
+    InvalidProposalOwnerAccount,
+
+    /// Invalid Proposal for VoterRecord
+    #[error("Invalid Proposal for VoterRecord")]
+    InvalidProposalForVoterRecord,
+
+    /// Invalid GoverningTokenOwner  for VoteRecord
+    #[error("Invalid GoverningTokenOwner for VoteRecord")]
+    InvalidGoverningTokenOwnerForVoteRecord,
+
+    /// Invalid Governance config: Vote threshold percentage out of range"
+    #[error("Invalid Governance config: Vote threshold percentage out of range")]
+    InvalidVoteThresholdPercentage,
+
+    /// Proposal for the given Governance, Governing Token Mint and index already exists
+    #[error("Proposal for the given Governance, Governing Token Mint and index already exists")]
+    ProposalAlreadyExists,
+
+    /// Token Owner already voted on the Proposal
+    #[error("Token Owner already voted on the Proposal")]
+    VoteAlreadyExists,
+
+    /// Owner doesn't have enough governing tokens to create Proposal
+    #[error("Owner doesn't have enough governing tokens to create Proposal")]
+    NotEnoughTokensToCreateProposal,
+
+    /// Invalid State: Can't edit Signatories
+    #[error("Invalid State: Can't edit Signatories")]
+    InvalidStateCannotEditSignatories,
+
+    /// Invalid Proposal state
+    #[error("Invalid Proposal state")]
+    InvalidProposalState,
+    /// Invalid State: Can't edit instructions
+    #[error("Invalid State: Can't edit instructions")]
+    InvalidStateCannotEditInstructions,
+
+    /// Invalid State: Can't execute instruction
+    #[error("Invalid State: Can't execute instruction")]
+    InvalidStateCannotExecuteInstruction,
+
+    /// Can't execute instruction within its hold up time
+    #[error("Can't execute instruction within its hold up time")]
+    CannotExecuteInstructionWithinHoldUpTime,
+
+    /// Instruction already executed
+    #[error("Instruction already executed")]
+    InstructionAlreadyExecuted,
+
+    /// Invalid Instruction index
+    #[error("Invalid Instruction index")]
+    InvalidInstructionIndex,
+
+    /// Instruction hold up time is below the min specified by Governance
+    #[error("Instruction hold up time is below the min specified by Governance")]
+    InstructionHoldUpTimeBelowRequiredMin,
+
+    /// Instruction at the given index for the Proposal already exists
+    #[error("Instruction at the given index for the Proposal already exists")]
+    InstructionAlreadyExists,
+
+    /// Invalid State: Can't sign off
+    #[error("Invalid State: Can't sign off")]
+    InvalidStateCannotSignOff,
+
+    /// Invalid State: Can't vote
+    #[error("Invalid State: Can't vote")]
+    InvalidStateCannotVote,
+
+    /// Invalid State: Can't finalize vote
+    #[error("Invalid State: Can't finalize vote")]
+    InvalidStateCannotFinalize,
+
+    /// Invalid State: Can't cancel Proposal
+    #[error("Invalid State: Can't cancel Proposal")]
+    InvalidStateCannotCancelProposal,
+
+    /// Vote already relinquished
+    #[error("Vote already relinquished")]
+    VoteAlreadyRelinquished,
+
+    /// Can't finalize vote. Voting still in progress
+    #[error("Can't finalize vote. Voting still in progress")]
+    CannotFinalizeVotingInProgress,
+
+    /// Proposal voting time expired
+    #[error("Proposal voting time expired")]
+    ProposalVotingTimeExpired,
+
+    /// Invalid Signatory Mint
+    #[error("Invalid Signatory Mint")]
+    InvalidSignatoryMint,
+
+    /// ---- Account Tools Errors ----
+
+    /// Invalid account owner
+    #[error("Invalid account owner")]
+    InvalidAccountOwner,
+
+    /// Account doesn't exist
+    #[error("Account doesn't exist")]
+    AccountDoesNotExist,
+
+    /// Invalid Account type
+    #[error("Invalid Account type")]
+    InvalidAccountType,
+
+    /// Proposal does not belong to the given Governance
+    #[error("Proposal does not belong to the given Governance")]
+    InvalidGovernanceForProposal,
+
+    /// Proposal does not belong to given Governing Mint"
+    #[error("Proposal does not belong to given Governing Mint")]
+    InvalidGoverningMintForProposal,
+
+    /// Current mint authority must sign transaction
+    #[error("Current mint authority must sign transaction")]
+    MintAuthorityMustSign,
+
+    /// Invalid mint authority
+    #[error("Invalid mint authority")]
+    InvalidMintAuthority,
+
+    /// Mint has no authority
+    #[error("Mint has no authority")]
+    MintHasNoAuthority,
+
+    /// ---- SPL Token Tools Errors ----
+
+    /// Invalid Token account owner
+    #[error("Invalid Token account owner")]
+    SplTokenAccountWithInvalidOwner,
+
+    /// Invalid Mint account owner
+    #[error("Invalid Mint account owner")]
+    SplTokenMintWithInvalidOwner,
+
+    /// Token Account is not initialized
+    #[error("Token Account is not initialized")]
+    SplTokenAccountNotInitialized,
+
+    /// Token Account doesn't exist
+    #[error("Token Account doesn't exist")]
+    SplTokenAccountDoesNotExist,
+
+    /// Token account data is invalid
+    #[error("Token account data is invalid")]
+    SplTokenInvalidTokenAccountData,
+
+    /// Token mint account data is invalid
+    #[error("Token mint account data is invalid")]
+    SplTokenInvalidMintAccountData,
+
+    /// Token Mint is not initialized
+    #[error("Token Mint account is not initialized")]
+    SplTokenMintNotInitialized,
+
+    /// Token Mint account doesn't exist
+    #[error("Token Mint account doesn't exist")]
+    SplTokenMintDoesNotExist,
+
+    /// ---- Bpf Upgradable Loader Tools Errors ----
+
+    /// Invalid ProgramData account Address
+    #[error("Invalid ProgramData account address")]
+    InvalidProgramDataAccountAddress,
+
+    /// Invalid ProgramData account data
+    #[error("Invalid ProgramData account Data")]
+    InvalidProgramDataAccountData,
+
+    /// Provided upgrade authority doesn't match current program upgrade authority
+    #[error("Provided upgrade authority doesn't match current program upgrade authority")]
+    InvalidUpgradeAuthority,
+
+    /// Current program upgrade authority must sign transaction
+    #[error("Current program upgrade authority must sign transaction")]
+    UpgradeAuthorityMustSign,
+
+    /// Given program is not upgradable
+    #[error("Given program is not upgradable")]
+    ProgramNotUpgradable,
+
+    /// Invalid token owner
+    #[error("Invalid token owner")]
+    InvalidTokenOwner,
+
+    /// Current token owner must sign transaction
+    #[error("Current token owner must sign transaction")]
+    TokenOwnerMustSign,
+
+    /// Given VoteThresholdPercentageType is not supported
+    #[error("Given VoteThresholdPercentageType is not supported")]
+    VoteThresholdPercentageTypeNotSupported,
+
+    /// Given VoteWeightSource is not supported
+    #[error("Given VoteWeightSource is not supported")]
+    VoteWeightSourceNotSupported,
+
+    /// Proposal cool off time is not supported
+    #[error("Proposal cool off time is not supported")]
+    ProposalCoolOffTimeNotSupported,
+
+    /// Governance PDA must sign
+    #[error("Governance PDA must sign")]
+    GovernancePdaMustSign,
+}
+
+impl PrintProgramError for GovernanceError {
+    fn print<E>(&self) {
+        msg!("GOVERNANCE-ERROR: {}", &self.to_string());
+    }
+}
+
+impl From<GovernanceError> for ProgramError {
+    fn from(e: GovernanceError) -> Self {
+        ProgramError::Custom(e as u32)
+    }
+}
+
+impl<T> DecodeError<T> for GovernanceError {
+    fn type_of() -> &'static str {
+        "Governance Error"
+    }
+}

governance/program/src/lib.rs

@@ -0,0 +1,15 @@
+#![deny(missing_docs)]
+//! A Governance program for the Solana blockchain.
+
+pub mod entrypoint;
+pub mod error;
+pub mod instruction;
+pub mod processor;
+pub mod state;
+pub mod tools;
+
+// Export current sdk types for downstream users building with a different sdk version
+pub use solana_program;
+
+/// Seed prefix for Governance  PDAs
+pub const PROGRAM_AUTHORITY_SEED: &[u8] = b"governance";

governance/program/src/processor/mod.rs

@@ -0,0 +1,164 @@
+//! Program processor
+
+mod process_add_signatory;
+mod process_cancel_proposal;
+mod process_cast_vote;
+mod process_create_account_governance;
+mod process_create_mint_governance;
+mod process_create_program_governance;
+mod process_create_proposal;
+mod process_create_realm;
+mod process_create_token_governance;
+mod process_deposit_governing_tokens;
+mod process_execute_instruction;
+mod process_finalize_vote;
+mod process_insert_instruction;
+mod process_relinquish_vote;
+mod process_remove_instruction;
+mod process_remove_signatory;
+mod process_set_governance_config;
+mod process_set_governance_delegate;
+mod process_sign_off_proposal;
+mod process_withdraw_governing_tokens;
+
+use crate::instruction::GovernanceInstruction;
+use borsh::BorshDeserialize;
+
+use process_add_signatory::*;
+use process_cancel_proposal::*;
+use process_cast_vote::*;
+use process_create_account_governance::*;
+use process_create_mint_governance::*;
+use process_create_program_governance::*;
+use process_create_proposal::*;
+use process_create_realm::*;
+use process_create_token_governance::*;
+use process_deposit_governing_tokens::*;
+use process_execute_instruction::*;
+use process_finalize_vote::*;
+use process_insert_instruction::*;
+use process_relinquish_vote::*;
+use process_remove_instruction::*;
+use process_remove_signatory::*;
+use process_set_governance_config::*;
+use process_set_governance_delegate::*;
+use process_sign_off_proposal::*;
+use process_withdraw_governing_tokens::*;
+
+use solana_program::{
+    account_info::AccountInfo, entrypoint::ProgramResult, msg, program_error::ProgramError,
+    pubkey::Pubkey,
+};
+
+/// Processes an instruction
+pub fn process_instruction(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    input: &[u8],
+) -> ProgramResult {
+    let instruction = GovernanceInstruction::try_from_slice(input)
+        .map_err(|_| ProgramError::InvalidInstructionData)?;
+
+    if let GovernanceInstruction::InsertInstruction {
+        index,
+        hold_up_time,
+        instruction: _,
+    } = instruction
+    {
+        // Do not dump instruction data into logs
+        msg!(
+            "GOVERNANCE-INSTRUCTION: InsertInstruction {{ index: {:?}, hold_up_time: {:?} }}",
+            index,
+            hold_up_time
+        );
+    } else {
+        msg!("GOVERNANCE-INSTRUCTION: {:?}", instruction);
+    }
+
+    match instruction {
+        GovernanceInstruction::CreateRealm { name } => {
+            process_create_realm(program_id, accounts, name)
+        }
+
+        GovernanceInstruction::DepositGoverningTokens {} => {
+            process_deposit_governing_tokens(program_id, accounts)
+        }
+
+        GovernanceInstruction::WithdrawGoverningTokens {} => {
+            process_withdraw_governing_tokens(program_id, accounts)
+        }
+
+        GovernanceInstruction::SetGovernanceDelegate {
+            new_governance_delegate,
+        } => process_set_governance_delegate(program_id, accounts, &new_governance_delegate),
+
+        GovernanceInstruction::CreateProgramGovernance {
+            config,
+            transfer_upgrade_authority,
+        } => process_create_program_governance(
+            program_id,
+            accounts,
+            config,
+            transfer_upgrade_authority,
+        ),
+
+        GovernanceInstruction::CreateMintGovernance {
+            config,
+            transfer_mint_authority,
+        } => process_create_mint_governance(program_id, accounts, config, transfer_mint_authority),
+
+        GovernanceInstruction::CreateTokenGovernance {
+            config,
+            transfer_token_owner,
+        } => process_create_token_governance(program_id, accounts, config, transfer_token_owner),
+
+        GovernanceInstruction::CreateAccountGovernance { config } => {
+            process_create_account_governance(program_id, accounts, config)
+        }
+
+        GovernanceInstruction::CreateProposal {
+            name,
+            description_link,
+            governing_token_mint,
+        } => process_create_proposal(
+            program_id,
+            accounts,
+            name,
+            description_link,
+            governing_token_mint,
+        ),
+        GovernanceInstruction::AddSignatory { signatory } => {
+            process_add_signatory(program_id, accounts, signatory)
+        }
+        GovernanceInstruction::RemoveSignatory { signatory } => {
+            process_remove_signatory(program_id, accounts, signatory)
+        }
+        GovernanceInstruction::SignOffProposal {} => {
+            process_sign_off_proposal(program_id, accounts)
+        }
+        GovernanceInstruction::CastVote { vote } => process_cast_vote(program_id, accounts, vote),
+
+        GovernanceInstruction::FinalizeVote {} => process_finalize_vote(program_id, accounts),
+
+        GovernanceInstruction::RelinquishVote {} => process_relinquish_vote(program_id, accounts),
+
+        GovernanceInstruction::CancelProposal {} => process_cancel_proposal(program_id, accounts),
+
+        GovernanceInstruction::InsertInstruction {
+            index,
+            hold_up_time,
+            instruction,
+        } => process_insert_instruction(program_id, accounts, index, hold_up_time, instruction),
+
+        GovernanceInstruction::RemoveInstruction {} => {
+            process_remove_instruction(program_id, accounts)
+        }
+        GovernanceInstruction::ExecuteInstruction {} => {
+            process_execute_instruction(program_id, accounts)
+        }
+
+        GovernanceInstruction::SetGovernanceConfig { config } => {
+            process_set_governance_config(program_id, accounts, config)
+        }
+    }
+}

governance/program/src/processor/process_add_signatory.rs

@@ -0,0 +1,74 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    rent::Rent,
+    sysvar::Sysvar,
+};
+
+use crate::{
+    state::{
+        enums::GovernanceAccountType,
+        proposal::get_proposal_data,
+        signatory_record::{get_signatory_record_address_seeds, SignatoryRecord},
+        token_owner_record::get_token_owner_record_data_for_proposal_owner,
+    },
+    tools::account::create_and_serialize_account_signed,
+};
+
+/// Processes AddSignatory instruction
+pub fn process_add_signatory(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    signatory: Pubkey,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let proposal_info = next_account_info(account_info_iter)?; // 0
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 1
+    let governance_authority_info = next_account_info(account_info_iter)?; // 2
+
+    let signatory_record_info = next_account_info(account_info_iter)?; // 3
+
+    let payer_info = next_account_info(account_info_iter)?; // 4
+    let system_info = next_account_info(account_info_iter)?; // 5
+
+    let rent_sysvar_info = next_account_info(account_info_iter)?; // 6
+    let rent = &Rent::from_account_info(rent_sysvar_info)?;
+
+    let mut proposal_data = get_proposal_data(program_id, proposal_info)?;
+    proposal_data.assert_can_edit_signatories()?;
+
+    let token_owner_record_data = get_token_owner_record_data_for_proposal_owner(
+        program_id,
+        token_owner_record_info,
+        &proposal_data.token_owner_record,
+    )?;
+
+    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
+
+    let signatory_record_data = SignatoryRecord {
+        account_type: GovernanceAccountType::SignatoryRecord,
+        proposal: *proposal_info.key,
+        signatory,
+        signed_off: false,
+    };
+
+    create_and_serialize_account_signed::<SignatoryRecord>(
+        payer_info,
+        signatory_record_info,
+        &signatory_record_data,
+        &get_signatory_record_address_seeds(proposal_info.key, &signatory),
+        program_id,
+        system_info,
+        rent,
+    )?;
+
+    proposal_data.signatories_count = proposal_data.signatories_count.checked_add(1).unwrap();
+    proposal_data.serialize(&mut *proposal_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/processor/process_cancel_proposal.rs

@@ -0,0 +1,45 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    clock::Clock,
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    sysvar::Sysvar,
+};
+
+use crate::state::{
+    enums::ProposalState, proposal::get_proposal_data,
+    token_owner_record::get_token_owner_record_data_for_proposal_owner,
+};
+
+/// Processes CancelProposal instruction
+pub fn process_cancel_proposal(program_id: &Pubkey, accounts: &[AccountInfo]) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let proposal_info = next_account_info(account_info_iter)?; // 0
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 1
+    let governance_authority_info = next_account_info(account_info_iter)?; // 2
+
+    let clock_info = next_account_info(account_info_iter)?; // 3
+    let clock = Clock::from_account_info(clock_info)?;
+
+    let mut proposal_data = get_proposal_data(program_id, proposal_info)?;
+    proposal_data.assert_can_cancel()?;
+
+    let token_owner_record_data = get_token_owner_record_data_for_proposal_owner(
+        program_id,
+        token_owner_record_info,
+        &proposal_data.token_owner_record,
+    )?;
+
+    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
+
+    proposal_data.state = ProposalState::Cancelled;
+    proposal_data.closed_at = Some(clock.unix_timestamp);
+
+    proposal_data.serialize(&mut *proposal_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/processor/process_cast_vote.rs

@@ -0,0 +1,136 @@
+//! Program state processor
+
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    clock::Clock,
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    rent::Rent,
+    sysvar::Sysvar,
+};
+
+use crate::{
+    error::GovernanceError,
+    instruction::Vote,
+    state::{
+        enums::{GovernanceAccountType, VoteWeight},
+        governance::get_governance_data,
+        proposal::get_proposal_data_for_governance_and_governing_mint,
+        token_owner_record::get_token_owner_record_data_for_realm_and_governing_mint,
+        vote_record::{get_vote_record_address_seeds, VoteRecord},
+    },
+    tools::{account::create_and_serialize_account_signed, spl_token::get_spl_token_mint_supply},
+};
+
+use borsh::BorshSerialize;
+
+/// Processes CastVote instruction
+pub fn process_cast_vote(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    vote: Vote,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let governance_info = next_account_info(account_info_iter)?; // 0
+    let proposal_info = next_account_info(account_info_iter)?; // 1
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 2
+    let governance_authority_info = next_account_info(account_info_iter)?; // 3
+
+    let vote_record_info = next_account_info(account_info_iter)?; // 4
+    let governing_token_mint_info = next_account_info(account_info_iter)?; // 5
+
+    let payer_info = next_account_info(account_info_iter)?; // 6
+    let system_info = next_account_info(account_info_iter)?; // 7
+
+    let rent_sysvar_info = next_account_info(account_info_iter)?; // 8
+    let rent = &Rent::from_account_info(rent_sysvar_info)?;
+
+    let clock_info = next_account_info(account_info_iter)?; // 9
+    let clock = Clock::from_account_info(clock_info)?;
+
+    if !vote_record_info.data_is_empty() {
+        return Err(GovernanceError::VoteAlreadyExists.into());
+    }
+
+    let governance_data = get_governance_data(program_id, governance_info)?;
+
+    let mut proposal_data = get_proposal_data_for_governance_and_governing_mint(
+        program_id,
+        proposal_info,
+        governance_info.key,
+        governing_token_mint_info.key,
+    )?;
+    proposal_data.assert_can_cast_vote(&governance_data.config, clock.unix_timestamp)?;
+
+    let mut token_owner_record_data = get_token_owner_record_data_for_realm_and_governing_mint(
+        program_id,
+        token_owner_record_info,
+        &governance_data.realm,
+        governing_token_mint_info.key,
+    )?;
+    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
+
+    // Update TokenOwnerRecord vote counts
+    token_owner_record_data.unrelinquished_votes_count = token_owner_record_data
+        .unrelinquished_votes_count
+        .checked_add(1)
+        .unwrap();
+
+    token_owner_record_data.total_votes_count = token_owner_record_data
+        .total_votes_count
+        .checked_add(1)
+        .unwrap();
+
+    token_owner_record_data.serialize(&mut *token_owner_record_info.data.borrow_mut())?;
+
+    let vote_amount = token_owner_record_data.governing_token_deposit_amount;
+
+    // Calculate Proposal voting weights
+    let vote_weight = match vote {
+        Vote::Yes => {
+            proposal_data.yes_votes_count = proposal_data
+                .yes_votes_count
+                .checked_add(vote_amount)
+                .unwrap();
+            VoteWeight::Yes(vote_amount)
+        }
+        Vote::No => {
+            proposal_data.no_votes_count = proposal_data
+                .no_votes_count
+                .checked_add(vote_amount)
+                .unwrap();
+            VoteWeight::No(vote_amount)
+        }
+    };
+
+    let governing_token_supply = get_spl_token_mint_supply(governing_token_mint_info)?;
+    proposal_data.try_tip_vote(
+        governing_token_supply,
+        &governance_data.config,
+        clock.unix_timestamp,
+    );
+
+    proposal_data.serialize(&mut *proposal_info.data.borrow_mut())?;
+
+    // Create and serialize VoteRecord
+    let vote_record_data = VoteRecord {
+        account_type: GovernanceAccountType::VoteRecord,
+        proposal: *proposal_info.key,
+        governing_token_owner: token_owner_record_data.governing_token_owner,
+        vote_weight,
+        is_relinquished: false,
+    };
+
+    create_and_serialize_account_signed::<VoteRecord>(
+        payer_info,
+        vote_record_info,
+        &vote_record_data,
+        &get_vote_record_address_seeds(proposal_info.key, token_owner_record_info.key),
+        program_id,
+        system_info,
+        rent,
+    )?;
+
+    Ok(())
+}

governance/program/src/processor/process_create_account_governance.rs

@@ -0,0 +1,60 @@
+//! Program state processor
+
+use crate::{
+    state::{
+        enums::GovernanceAccountType,
+        governance::{
+            assert_valid_create_governance_args, get_account_governance_address_seeds, Governance,
+            GovernanceConfig,
+        },
+    },
+    tools::account::create_and_serialize_account_signed,
+};
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    rent::Rent,
+    sysvar::Sysvar,
+};
+
+/// Processes CreateAccountGovernance instruction
+pub fn process_create_account_governance(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    config: GovernanceConfig,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let realm_info = next_account_info(account_info_iter)?; // 0
+    let account_governance_info = next_account_info(account_info_iter)?; // 1
+    let governed_account_info = next_account_info(account_info_iter)?; // 2
+    let payer_info = next_account_info(account_info_iter)?; // 3
+    let system_info = next_account_info(account_info_iter)?; // 4
+
+    let rent_sysvar_info = next_account_info(account_info_iter)?; // 5
+    let rent = &Rent::from_account_info(rent_sysvar_info)?;
+
+    assert_valid_create_governance_args(program_id, &config, realm_info)?;
+
+    let account_governance_data = Governance {
+        account_type: GovernanceAccountType::AccountGovernance,
+        realm: *realm_info.key,
+        governed_account: *governed_account_info.key,
+        config,
+        proposals_count: 0,
+        reserved: [0; 8],
+    };
+
+    create_and_serialize_account_signed::<Governance>(
+        payer_info,
+        account_governance_info,
+        &account_governance_data,
+        &get_account_governance_address_seeds(realm_info.key, governed_account_info.key),
+        program_id,
+        system_info,
+        rent,
+    )?;
+
+    Ok(())
+}

governance/program/src/processor/process_create_mint_governance.rs

@@ -0,0 +1,83 @@
+//! Program state processor
+
+use crate::{
+    state::{
+        enums::GovernanceAccountType,
+        governance::{
+            assert_valid_create_governance_args, get_mint_governance_address_seeds, Governance,
+            GovernanceConfig,
+        },
+    },
+    tools::{
+        account::create_and_serialize_account_signed,
+        spl_token::{assert_spl_token_mint_authority_is_signer, set_spl_token_mint_authority},
+    },
+};
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    rent::Rent,
+    sysvar::Sysvar,
+};
+
+/// Processes CreateMintGovernance instruction
+pub fn process_create_mint_governance(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    config: GovernanceConfig,
+    transfer_mint_authority: bool,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let realm_info = next_account_info(account_info_iter)?; // 0
+    let mint_governance_info = next_account_info(account_info_iter)?; // 1
+
+    let governed_mint_info = next_account_info(account_info_iter)?; // 2
+    let governed_mint_authority_info = next_account_info(account_info_iter)?; // 3
+
+    let payer_info = next_account_info(account_info_iter)?; // 4
+    let spl_token_info = next_account_info(account_info_iter)?; // 5
+
+    let system_info = next_account_info(account_info_iter)?; // 6
+
+    let rent_sysvar_info = next_account_info(account_info_iter)?; // 7
+    let rent = &Rent::from_account_info(rent_sysvar_info)?;
+
+    assert_valid_create_governance_args(program_id, &config, realm_info)?;
+
+    let mint_governance_data = Governance {
+        account_type: GovernanceAccountType::MintGovernance,
+        realm: *realm_info.key,
+        governed_account: *governed_mint_info.key,
+        config,
+        proposals_count: 0,
+        reserved: [0; 8],
+    };
+
+    create_and_serialize_account_signed::<Governance>(
+        payer_info,
+        mint_governance_info,
+        &mint_governance_data,
+        &get_mint_governance_address_seeds(realm_info.key, governed_mint_info.key),
+        program_id,
+        system_info,
+        rent,
+    )?;
+
+    if transfer_mint_authority {
+        set_spl_token_mint_authority(
+            governed_mint_info,
+            governed_mint_authority_info,
+            mint_governance_info.key,
+            spl_token_info,
+        )?;
+    } else {
+        assert_spl_token_mint_authority_is_signer(
+            governed_mint_info,
+            governed_mint_authority_info,
+        )?;
+    }
+
+    Ok(())
+}

governance/program/src/processor/process_create_program_governance.rs

@@ -0,0 +1,89 @@
+//! Program state processor
+
+use crate::{
+    state::governance::Governance,
+    state::{
+        enums::GovernanceAccountType,
+        governance::{
+            assert_valid_create_governance_args, get_program_governance_address_seeds,
+            GovernanceConfig,
+        },
+    },
+    tools::{
+        account::create_and_serialize_account_signed,
+        bpf_loader_upgradeable::{
+            assert_program_upgrade_authority_is_signer, set_program_upgrade_authority,
+        },
+    },
+};
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    rent::Rent,
+    sysvar::Sysvar,
+};
+
+/// Processes CreateProgramGovernance instruction
+pub fn process_create_program_governance(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    config: GovernanceConfig,
+    transfer_upgrade_authority: bool,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let realm_info = next_account_info(account_info_iter)?; // 0
+    let program_governance_info = next_account_info(account_info_iter)?; // 0
+
+    let governed_program_info = next_account_info(account_info_iter)?; // 1
+    let governed_program_data_info = next_account_info(account_info_iter)?; // 2
+    let governed_program_upgrade_authority_info = next_account_info(account_info_iter)?; // 3
+
+    let payer_info = next_account_info(account_info_iter)?; // 4
+    let bpf_upgrade_loader_info = next_account_info(account_info_iter)?; // 5
+
+    let system_info = next_account_info(account_info_iter)?; // 6
+
+    let rent_sysvar_info = next_account_info(account_info_iter)?; // 7
+    let rent = &Rent::from_account_info(rent_sysvar_info)?;
+
+    assert_valid_create_governance_args(program_id, &config, realm_info)?;
+
+    let program_governance_data = Governance {
+        account_type: GovernanceAccountType::ProgramGovernance,
+        realm: *realm_info.key,
+        governed_account: *governed_program_info.key,
+        config,
+        proposals_count: 0,
+        reserved: [0; 8],
+    };
+
+    create_and_serialize_account_signed::<Governance>(
+        payer_info,
+        program_governance_info,
+        &program_governance_data,
+        &get_program_governance_address_seeds(realm_info.key, governed_program_info.key),
+        program_id,
+        system_info,
+        rent,
+    )?;
+
+    if transfer_upgrade_authority {
+        set_program_upgrade_authority(
+            governed_program_info.key,
+            governed_program_data_info,
+            governed_program_upgrade_authority_info,
+            program_governance_info,
+            bpf_upgrade_loader_info,
+        )?;
+    } else {
+        assert_program_upgrade_authority_is_signer(
+            governed_program_info.key,
+            governed_program_data_info,
+            governed_program_upgrade_authority_info,
+        )?;
+    }
+
+    Ok(())
+}

governance/program/src/processor/process_create_proposal.rs

@@ -0,0 +1,120 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    clock::Clock,
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    rent::Rent,
+    sysvar::Sysvar,
+};
+
+use crate::{
+    error::GovernanceError,
+    state::{
+        enums::{GovernanceAccountType, InstructionExecutionFlags, ProposalState},
+        governance::get_governance_data,
+        proposal::{get_proposal_address_seeds, Proposal},
+        token_owner_record::get_token_owner_record_data_for_realm_and_governing_mint,
+    },
+    tools::account::create_and_serialize_account_signed,
+};
+
+/// Processes CreateProposal instruction
+pub fn process_create_proposal(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    name: String,
+    description_link: String,
+    governing_token_mint: Pubkey,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let proposal_info = next_account_info(account_info_iter)?; // 0
+    let governance_info = next_account_info(account_info_iter)?; // 1
+
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 2
+    let governance_authority_info = next_account_info(account_info_iter)?; // 3
+
+    let payer_info = next_account_info(account_info_iter)?; // 4
+    let system_info = next_account_info(account_info_iter)?; // 5
+
+    let rent_sysvar_info = next_account_info(account_info_iter)?; // 6
+    let rent = &Rent::from_account_info(rent_sysvar_info)?;
+
+    let clock_info = next_account_info(account_info_iter)?; // 7
+    let clock = Clock::from_account_info(clock_info)?;
+
+    if !proposal_info.data_is_empty() {
+        return Err(GovernanceError::ProposalAlreadyExists.into());
+    }
+
+    let mut governance_data = get_governance_data(program_id, governance_info)?;
+
+    let token_owner_record_data = get_token_owner_record_data_for_realm_and_governing_mint(
+        program_id,
+        token_owner_record_info,
+        &governance_data.realm,
+        &governing_token_mint,
+    )?;
+
+    // proposal_owner must be either governing token owner or governance_delegate and must sign this transaction
+    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
+
+    if token_owner_record_data.governing_token_deposit_amount
+        < governance_data.config.min_tokens_to_create_proposal as u64
+    {
+        return Err(GovernanceError::NotEnoughTokensToCreateProposal.into());
+    }
+
+    let proposal_data = Proposal {
+        account_type: GovernanceAccountType::Proposal,
+        governance: *governance_info.key,
+        governing_token_mint,
+        state: ProposalState::Draft,
+        token_owner_record: *token_owner_record_info.key,
+
+        signatories_count: 0,
+        signatories_signed_off_count: 0,
+
+        name,
+        description_link,
+
+        draft_at: clock.unix_timestamp,
+        signing_off_at: None,
+        voting_at: None,
+        voting_at_slot: None,
+        voting_completed_at: None,
+        executing_at: None,
+        closed_at: None,
+
+        instructions_executed_count: 0,
+        instructions_count: 0,
+        instructions_next_index: 0,
+
+        execution_flags: InstructionExecutionFlags::None,
+
+        yes_votes_count: 0,
+        no_votes_count: 0,
+    };
+
+    create_and_serialize_account_signed::<Proposal>(
+        payer_info,
+        proposal_info,
+        &proposal_data,
+        &get_proposal_address_seeds(
+            governance_info.key,
+            &governing_token_mint,
+            &governance_data.proposals_count.to_le_bytes(),
+        ),
+        program_id,
+        system_info,
+        rent,
+    )?;
+
+    governance_data.proposals_count = governance_data.proposals_count.checked_add(1).unwrap();
+    governance_data.serialize(&mut *governance_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/processor/process_create_realm.rs

@@ -0,0 +1,100 @@
+//! Program state processor
+
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    rent::Rent,
+    sysvar::Sysvar,
+};
+
+use crate::{
+    error::GovernanceError,
+    state::{
+        enums::GovernanceAccountType,
+        realm::{get_governing_token_holding_address_seeds, get_realm_address_seeds, Realm},
+    },
+    tools::{
+        account::create_and_serialize_account_signed, spl_token::create_spl_token_account_signed,
+    },
+};
+
+/// Processes CreateRealm instruction
+pub fn process_create_realm(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    name: String,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let realm_info = next_account_info(account_info_iter)?; // 0
+    let governance_token_mint_info = next_account_info(account_info_iter)?; // 1
+    let governance_token_holding_info = next_account_info(account_info_iter)?; // 2
+    let payer_info = next_account_info(account_info_iter)?; // 3
+    let system_info = next_account_info(account_info_iter)?; // 4
+    let spl_token_info = next_account_info(account_info_iter)?; // 5
+
+    let rent_sysvar_info = next_account_info(account_info_iter)?; // 6
+    let rent = &Rent::from_account_info(rent_sysvar_info)?;
+
+    if !realm_info.data_is_empty() {
+        return Err(GovernanceError::RealmAlreadyExists.into());
+    }
+
+    create_spl_token_account_signed(
+        payer_info,
+        governance_token_holding_info,
+        &get_governing_token_holding_address_seeds(realm_info.key, governance_token_mint_info.key),
+        governance_token_mint_info,
+        realm_info,
+        program_id,
+        system_info,
+        spl_token_info,
+        rent_sysvar_info,
+        rent,
+    )?;
+
+    let council_token_mint_address = if let Ok(council_token_mint_info) =
+        next_account_info(account_info_iter)
+    // 7
+    {
+        let council_token_holding_info = next_account_info(account_info_iter)?; //8
+
+        create_spl_token_account_signed(
+            payer_info,
+            council_token_holding_info,
+            &get_governing_token_holding_address_seeds(realm_info.key, council_token_mint_info.key),
+            council_token_mint_info,
+            realm_info,
+            program_id,
+            system_info,
+            spl_token_info,
+            rent_sysvar_info,
+            rent,
+        )?;
+
+        Some(*council_token_mint_info.key)
+    } else {
+        None
+    };
+
+    let realm_data = Realm {
+        account_type: GovernanceAccountType::Realm,
+        community_mint: *governance_token_mint_info.key,
+        council_mint: council_token_mint_address,
+        name: name.clone(),
+        reserved: [0; 8],
+    };
+
+    create_and_serialize_account_signed::<Realm>(
+        payer_info,
+        realm_info,
+        &realm_data,
+        &get_realm_address_seeds(&name),
+        program_id,
+        system_info,
+        rent,
+    )?;
+
+    Ok(())
+}

governance/program/src/processor/process_create_token_governance.rs

@@ -0,0 +1,80 @@
+//! Program state processor
+
+use crate::{
+    state::{
+        enums::GovernanceAccountType,
+        governance::{
+            assert_valid_create_governance_args, get_token_governance_address_seeds, Governance,
+            GovernanceConfig,
+        },
+    },
+    tools::{
+        account::create_and_serialize_account_signed,
+        spl_token::{assert_spl_token_owner_is_signer, set_spl_token_owner},
+    },
+};
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    rent::Rent,
+    sysvar::Sysvar,
+};
+
+/// Processes CreateTokenGovernance instruction
+pub fn process_create_token_governance(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    config: GovernanceConfig,
+    transfer_token_owner: bool,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let realm_info = next_account_info(account_info_iter)?; // 0
+    let token_governance_info = next_account_info(account_info_iter)?; // 1
+
+    let governed_token_info = next_account_info(account_info_iter)?; // 2
+    let governed_token_owner_info = next_account_info(account_info_iter)?; // 3
+
+    let payer_info = next_account_info(account_info_iter)?; // 4
+    let spl_token_info = next_account_info(account_info_iter)?; // 5
+
+    let system_info = next_account_info(account_info_iter)?; // 6
+
+    let rent_sysvar_info = next_account_info(account_info_iter)?; // 7
+    let rent = &Rent::from_account_info(rent_sysvar_info)?;
+
+    assert_valid_create_governance_args(program_id, &config, realm_info)?;
+
+    let token_governance_data = Governance {
+        account_type: GovernanceAccountType::TokenGovernance,
+        realm: *realm_info.key,
+        governed_account: *governed_token_info.key,
+        config,
+        proposals_count: 0,
+        reserved: [0; 8],
+    };
+
+    create_and_serialize_account_signed::<Governance>(
+        payer_info,
+        token_governance_info,
+        &token_governance_data,
+        &get_token_governance_address_seeds(realm_info.key, governed_token_info.key),
+        program_id,
+        system_info,
+        rent,
+    )?;
+
+    if transfer_token_owner {
+        set_spl_token_owner(
+            governed_token_info,
+            governed_token_owner_info,
+            token_governance_info.key,
+            spl_token_info,
+        )?;
+    } else {
+        assert_spl_token_owner_is_signer(governed_token_info, governed_token_owner_info)?;
+    }
+
+    Ok(())
+}

governance/program/src/processor/process_deposit_governing_tokens.rs

@@ -0,0 +1,118 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    rent::Rent,
+    sysvar::Sysvar,
+};
+
+use crate::{
+    error::GovernanceError,
+    state::{
+        enums::GovernanceAccountType,
+        realm::get_realm_data,
+        token_owner_record::{
+            get_token_owner_record_address_seeds, get_token_owner_record_data_for_seeds,
+            TokenOwnerRecord,
+        },
+    },
+    tools::{
+        account::create_and_serialize_account_signed,
+        spl_token::{
+            get_spl_token_amount, get_spl_token_mint, get_spl_token_owner, transfer_spl_tokens,
+        },
+    },
+};
+
+/// Processes DepositGoverningTokens instruction
+pub fn process_deposit_governing_tokens(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let realm_info = next_account_info(account_info_iter)?; // 0
+    let governing_token_holding_info = next_account_info(account_info_iter)?; // 1
+    let governing_token_source_info = next_account_info(account_info_iter)?; // 2
+    let governing_token_owner_info = next_account_info(account_info_iter)?; // 3
+    let governing_token_transfer_authority_info = next_account_info(account_info_iter)?; // 4
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 5
+    let payer_info = next_account_info(account_info_iter)?; // 6
+    let system_info = next_account_info(account_info_iter)?; // 7
+    let spl_token_info = next_account_info(account_info_iter)?; // 8
+
+    let rent_sysvar_info = next_account_info(account_info_iter)?; // 9
+    let rent = &Rent::from_account_info(rent_sysvar_info)?;
+
+    let realm_data = get_realm_data(program_id, realm_info)?;
+    let governing_token_mint = get_spl_token_mint(governing_token_holding_info)?;
+
+    realm_data.assert_is_valid_governing_token_mint(&governing_token_mint)?;
+
+    let amount = get_spl_token_amount(governing_token_source_info)?;
+
+    transfer_spl_tokens(
+        governing_token_source_info,
+        governing_token_holding_info,
+        governing_token_transfer_authority_info,
+        amount,
+        spl_token_info,
+    )?;
+
+    let token_owner_record_address_seeds = get_token_owner_record_address_seeds(
+        realm_info.key,
+        &governing_token_mint,
+        governing_token_owner_info.key,
+    );
+
+    if token_owner_record_info.data_is_empty() {
+        // Deposited tokens can only be withdrawn by the owner so let's make sure the owner signed the transaction
+        let governing_token_owner = get_spl_token_owner(governing_token_source_info)?;
+
+        if !(governing_token_owner == *governing_token_owner_info.key
+            && governing_token_owner_info.is_signer)
+        {
+            return Err(GovernanceError::GoverningTokenOwnerMustSign.into());
+        }
+
+        let token_owner_record_data = TokenOwnerRecord {
+            account_type: GovernanceAccountType::TokenOwnerRecord,
+            realm: *realm_info.key,
+            governing_token_owner: *governing_token_owner_info.key,
+            governing_token_deposit_amount: amount,
+            governing_token_mint,
+            governance_delegate: None,
+            unrelinquished_votes_count: 0,
+            total_votes_count: 0,
+            reserved: [0; 8],
+        };
+
+        create_and_serialize_account_signed(
+            payer_info,
+            token_owner_record_info,
+            &token_owner_record_data,
+            &token_owner_record_address_seeds,
+            program_id,
+            system_info,
+            rent,
+        )?;
+    } else {
+        let mut token_owner_record_data = get_token_owner_record_data_for_seeds(
+            program_id,
+            token_owner_record_info,
+            &token_owner_record_address_seeds,
+        )?;
+
+        token_owner_record_data.governing_token_deposit_amount = token_owner_record_data
+            .governing_token_deposit_amount
+            .checked_add(amount)
+            .unwrap();
+
+        token_owner_record_data.serialize(&mut *token_owner_record_info.data.borrow_mut())?;
+    }
+
+    Ok(())
+}

governance/program/src/processor/process_execute_instruction.rs

@@ -0,0 +1,87 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    clock::Clock,
+    entrypoint::ProgramResult,
+    instruction::Instruction,
+    program::invoke_signed,
+    pubkey::Pubkey,
+    sysvar::Sysvar,
+};
+
+use crate::state::{
+    enums::{InstructionExecutionStatus, ProposalState},
+    governance::get_governance_data,
+    proposal::get_proposal_data_for_governance,
+    proposal_instruction::get_proposal_instruction_data_for_proposal,
+};
+
+/// Processes ExecuteInstruction instruction
+pub fn process_execute_instruction(program_id: &Pubkey, accounts: &[AccountInfo]) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let governance_info = next_account_info(account_info_iter)?; // 0
+    let proposal_info = next_account_info(account_info_iter)?; // 1
+    let proposal_instruction_info = next_account_info(account_info_iter)?; // 2
+
+    let clock_info = next_account_info(account_info_iter)?; // 3
+    let clock = Clock::from_account_info(clock_info)?;
+
+    let governance_data = get_governance_data(program_id, governance_info)?;
+
+    let mut proposal_data =
+        get_proposal_data_for_governance(program_id, proposal_info, governance_info.key)?;
+
+    let mut proposal_instruction_data = get_proposal_instruction_data_for_proposal(
+        program_id,
+        proposal_instruction_info,
+        proposal_info.key,
+    )?;
+
+    proposal_data
+        .assert_can_execute_instruction(&proposal_instruction_data, clock.unix_timestamp)?;
+
+    // Execute instruction with Governance PDA as signer
+    let instruction = Instruction::from(&proposal_instruction_data.instruction);
+
+    let instruction_account_infos = account_info_iter.as_slice();
+
+    let mut governance_seeds = governance_data.get_governance_address_seeds()?.to_vec();
+    let (_, bump_seed) = Pubkey::find_program_address(&governance_seeds, program_id);
+    let bump = &[bump_seed];
+    governance_seeds.push(bump);
+
+    invoke_signed(
+        &instruction,
+        instruction_account_infos,
+        &[&governance_seeds[..]],
+    )?;
+
+    // Update proposal and instruction accounts
+    if proposal_data.state == ProposalState::Succeeded {
+        proposal_data.executing_at = Some(clock.unix_timestamp);
+        proposal_data.state = ProposalState::Executing;
+    }
+
+    proposal_data.instructions_executed_count = proposal_data
+        .instructions_executed_count
+        .checked_add(1)
+        .unwrap();
+
+    if proposal_data.state == ProposalState::Executing
+        && proposal_data.instructions_executed_count == proposal_data.instructions_count
+    {
+        proposal_data.closed_at = Some(clock.unix_timestamp);
+        proposal_data.state = ProposalState::Completed;
+    }
+
+    proposal_data.serialize(&mut *proposal_info.data.borrow_mut())?;
+
+    proposal_instruction_data.executed_at = Some(clock.unix_timestamp);
+    proposal_instruction_data.execution_status = InstructionExecutionStatus::Success;
+    proposal_instruction_data.serialize(&mut *proposal_instruction_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/processor/process_finalize_vote.rs

@@ -0,0 +1,53 @@
+//! Program state processor
+
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    clock::Clock,
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    sysvar::Sysvar,
+};
+
+use crate::{
+    state::{
+        governance::get_governance_data,
+        proposal::get_proposal_data_for_governance_and_governing_mint,
+    },
+    tools::spl_token::get_spl_token_mint_supply,
+};
+
+use borsh::BorshSerialize;
+
+/// Processes FinalizeVote instruction
+pub fn process_finalize_vote(program_id: &Pubkey, accounts: &[AccountInfo]) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let governance_info = next_account_info(account_info_iter)?; // 0
+    let proposal_info = next_account_info(account_info_iter)?; // 1
+
+    let governing_token_mint_info = next_account_info(account_info_iter)?; // 2
+
+    let clock_info = next_account_info(account_info_iter)?; // 3
+    let clock = Clock::from_account_info(clock_info)?;
+
+    let governance_data = get_governance_data(program_id, governance_info)?;
+
+    let mut proposal_data = get_proposal_data_for_governance_and_governing_mint(
+        program_id,
+        proposal_info,
+        governance_info.key,
+        governing_token_mint_info.key,
+    )?;
+
+    let governing_token_supply = get_spl_token_mint_supply(governing_token_mint_info)?;
+
+    proposal_data.finalize_vote(
+        governing_token_supply,
+        &governance_data.config,
+        clock.unix_timestamp,
+    )?;
+
+    proposal_data.serialize(&mut *proposal_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/processor/process_insert_instruction.rs

@@ -0,0 +1,113 @@
+//! Program state processor
+
+use std::cmp::Ordering;
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    rent::Rent,
+    sysvar::Sysvar,
+};
+
+use crate::{
+    error::GovernanceError,
+    state::{
+        enums::{GovernanceAccountType, InstructionExecutionStatus},
+        governance::get_governance_data,
+        proposal::get_proposal_data_for_governance,
+        proposal_instruction::{
+            get_proposal_instruction_address_seeds, InstructionData, ProposalInstruction,
+        },
+        token_owner_record::get_token_owner_record_data_for_proposal_owner,
+    },
+    tools::account::create_and_serialize_account_signed,
+};
+
+/// Processes InsertInstruction instruction
+pub fn process_insert_instruction(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    instruction_index: u16,
+    hold_up_time: u32,
+    instruction: InstructionData,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let governance_info = next_account_info(account_info_iter)?; // 0
+    let proposal_info = next_account_info(account_info_iter)?; // 1
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 2
+    let governance_authority_info = next_account_info(account_info_iter)?; // 3
+
+    let proposal_instruction_info = next_account_info(account_info_iter)?; // 4
+
+    let payer_info = next_account_info(account_info_iter)?; // 5
+    let system_info = next_account_info(account_info_iter)?; // 6
+
+    let rent_sysvar_info = next_account_info(account_info_iter)?; // 7
+    let rent = &Rent::from_account_info(rent_sysvar_info)?;
+
+    if !proposal_instruction_info.data_is_empty() {
+        return Err(GovernanceError::InstructionAlreadyExists.into());
+    }
+
+    let governance_data = get_governance_data(program_id, governance_info)?;
+
+    if hold_up_time < governance_data.config.min_instruction_hold_up_time {
+        return Err(GovernanceError::InstructionHoldUpTimeBelowRequiredMin.into());
+    }
+
+    let mut proposal_data =
+        get_proposal_data_for_governance(program_id, proposal_info, governance_info.key)?;
+    proposal_data.assert_can_edit_instructions()?;
+
+    let token_owner_record_data = get_token_owner_record_data_for_proposal_owner(
+        program_id,
+        token_owner_record_info,
+        &proposal_data.token_owner_record,
+    )?;
+
+    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
+
+    match instruction_index.cmp(&proposal_data.instructions_next_index) {
+        Ordering::Greater => return Err(GovernanceError::InvalidInstructionIndex.into()),
+        // If the index is the same as instructions_next_index then we are adding a new instruction
+        // If the index is below instructions_next_index then we are inserting into an existing empty space
+        Ordering::Equal => {
+            proposal_data.instructions_next_index = proposal_data
+                .instructions_next_index
+                .checked_add(1)
+                .unwrap();
+        }
+        Ordering::Less => {}
+    }
+
+    proposal_data.instructions_count = proposal_data.instructions_count.checked_add(1).unwrap();
+    proposal_data.serialize(&mut *proposal_info.data.borrow_mut())?;
+
+    let proposal_instruction_data = ProposalInstruction {
+        account_type: GovernanceAccountType::ProposalInstruction,
+        instruction_index,
+        hold_up_time,
+        instruction,
+        executed_at: None,
+        execution_status: InstructionExecutionStatus::None,
+        proposal: *proposal_info.key,
+    };
+
+    create_and_serialize_account_signed::<ProposalInstruction>(
+        payer_info,
+        proposal_instruction_info,
+        &proposal_instruction_data,
+        &get_proposal_instruction_address_seeds(
+            proposal_info.key,
+            &instruction_index.to_le_bytes(),
+        ),
+        program_id,
+        system_info,
+        rent,
+    )?;
+
+    Ok(())
+}

governance/program/src/processor/process_relinquish_vote.rs

@@ -0,0 +1,103 @@
+//! Program state processor
+
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+};
+
+use crate::{
+    state::{
+        enums::{ProposalState, VoteWeight},
+        governance::get_governance_data,
+        proposal::get_proposal_data_for_governance_and_governing_mint,
+        token_owner_record::get_token_owner_record_data_for_realm_and_governing_mint,
+        vote_record::get_vote_record_data_for_proposal_and_token_owner,
+    },
+    tools::account::dispose_account,
+};
+
+use borsh::BorshSerialize;
+
+/// Processes RelinquishVote instruction
+pub fn process_relinquish_vote(program_id: &Pubkey, accounts: &[AccountInfo]) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let governance_info = next_account_info(account_info_iter)?; // 0
+    let proposal_info = next_account_info(account_info_iter)?; // 1
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 2
+
+    let vote_record_info = next_account_info(account_info_iter)?; // 3
+    let governing_token_mint_info = next_account_info(account_info_iter)?; // 4
+
+    let governance_data = get_governance_data(program_id, governance_info)?;
+
+    let mut proposal_data = get_proposal_data_for_governance_and_governing_mint(
+        program_id,
+        proposal_info,
+        governance_info.key,
+        governing_token_mint_info.key,
+    )?;
+
+    let mut token_owner_record_data = get_token_owner_record_data_for_realm_and_governing_mint(
+        program_id,
+        token_owner_record_info,
+        &governance_data.realm,
+        governing_token_mint_info.key,
+    )?;
+
+    let mut vote_record_data = get_vote_record_data_for_proposal_and_token_owner(
+        program_id,
+        vote_record_info,
+        proposal_info.key,
+        &token_owner_record_data.governing_token_owner,
+    )?;
+    vote_record_data.assert_can_relinquish_vote()?;
+
+    // If the Proposal is still being voted on then the token owner vote won't count towards the outcome
+    if proposal_data.state == ProposalState::Voting {
+        let governance_authority_info = next_account_info(account_info_iter)?; // 5
+        let beneficiary_info = next_account_info(account_info_iter)?; // 6
+
+        // Note: It's only required to sign by governing_authority if relinquishing the vote results in vote change
+        // If the Proposal is already decided then anybody can prune active votes for token owner
+        token_owner_record_data
+            .assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
+
+        match vote_record_data.vote_weight {
+            VoteWeight::Yes(vote_amount) => {
+                proposal_data.yes_votes_count = proposal_data
+                    .yes_votes_count
+                    .checked_sub(vote_amount)
+                    .unwrap();
+            }
+            VoteWeight::No(vote_amount) => {
+                proposal_data.no_votes_count = proposal_data
+                    .no_votes_count
+                    .checked_sub(vote_amount)
+                    .unwrap();
+            }
+        };
+        proposal_data.serialize(&mut *proposal_info.data.borrow_mut())?;
+
+        dispose_account(vote_record_info, beneficiary_info);
+
+        token_owner_record_data.total_votes_count = token_owner_record_data
+            .total_votes_count
+            .checked_sub(1)
+            .unwrap();
+    } else {
+        vote_record_data.is_relinquished = true;
+        vote_record_data.serialize(&mut *vote_record_info.data.borrow_mut())?;
+    }
+
+    // If the Proposal has been already voted on then we only have to decrease unrelinquished_votes_count
+    token_owner_record_data.unrelinquished_votes_count = token_owner_record_data
+        .unrelinquished_votes_count
+        .checked_sub(1)
+        .unwrap();
+
+    token_owner_record_data.serialize(&mut *token_owner_record_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/processor/process_remove_instruction.rs

@@ -0,0 +1,54 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+};
+
+use crate::{
+    state::{
+        proposal::get_proposal_data,
+        proposal_instruction::assert_proposal_instruction_for_proposal,
+        token_owner_record::get_token_owner_record_data_for_proposal_owner,
+    },
+    tools::account::dispose_account,
+};
+
+/// Processes RemoveInstruction instruction
+pub fn process_remove_instruction(program_id: &Pubkey, accounts: &[AccountInfo]) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let proposal_info = next_account_info(account_info_iter)?; // 0
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 1
+    let governance_authority_info = next_account_info(account_info_iter)?; // 2
+
+    let proposal_instruction_info = next_account_info(account_info_iter)?; // 3
+
+    let beneficiary_info = next_account_info(account_info_iter)?; // 4
+
+    let mut proposal_data = get_proposal_data(program_id, proposal_info)?;
+    proposal_data.assert_can_edit_instructions()?;
+
+    let token_owner_record_data = get_token_owner_record_data_for_proposal_owner(
+        program_id,
+        token_owner_record_info,
+        &proposal_data.token_owner_record,
+    )?;
+
+    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
+
+    assert_proposal_instruction_for_proposal(
+        program_id,
+        proposal_instruction_info,
+        proposal_info.key,
+    )?;
+
+    dispose_account(proposal_instruction_info, beneficiary_info);
+
+    proposal_data.instructions_count = proposal_data.instructions_count.checked_sub(1).unwrap();
+    proposal_data.serialize(&mut *proposal_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/processor/process_remove_signatory.rs

@@ -0,0 +1,59 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+};
+
+use crate::{
+    state::{
+        proposal::get_proposal_data, signatory_record::get_signatory_record_data_for_seeds,
+        token_owner_record::get_token_owner_record_data_for_proposal_owner,
+    },
+    tools::account::dispose_account,
+};
+
+/// Processes RemoveSignatory instruction
+pub fn process_remove_signatory(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    signatory: Pubkey,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let proposal_info = next_account_info(account_info_iter)?; // 0
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 1
+    let governance_authority_info = next_account_info(account_info_iter)?; // 2
+
+    let signatory_record_info = next_account_info(account_info_iter)?; // 3
+    let beneficiary_info = next_account_info(account_info_iter)?; // 4
+
+    let mut proposal_data = get_proposal_data(program_id, proposal_info)?;
+    proposal_data.assert_can_edit_signatories()?;
+
+    let token_owner_record_data = get_token_owner_record_data_for_proposal_owner(
+        program_id,
+        token_owner_record_info,
+        &proposal_data.token_owner_record,
+    )?;
+
+    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
+
+    let signatory_record_data = get_signatory_record_data_for_seeds(
+        program_id,
+        signatory_record_info,
+        proposal_info.key,
+        &signatory,
+    )?;
+    signatory_record_data.assert_can_remove_signatory()?;
+
+    proposal_data.signatories_count = proposal_data.signatories_count.checked_sub(1).unwrap();
+
+    proposal_data.serialize(&mut *proposal_info.data.borrow_mut())?;
+
+    dispose_account(signatory_record_info, beneficiary_info);
+
+    Ok(())
+}

governance/program/src/processor/process_set_governance_config.rs

@@ -0,0 +1,38 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+};
+
+use crate::{
+    error::GovernanceError,
+    state::governance::{assert_is_valid_governance_config, get_governance_data, GovernanceConfig},
+};
+
+/// Processes SetGovernanceConfig instruction
+pub fn process_set_governance_config(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    config: GovernanceConfig,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let governance_info = next_account_info(account_info_iter)?; // 0
+
+    // Only governance PDA via a proposal can authorize change to its own config
+    if !governance_info.is_signer {
+        return Err(GovernanceError::GovernancePdaMustSign.into());
+    }
+
+    assert_is_valid_governance_config(&config)?;
+
+    let mut governance_data = get_governance_data(program_id, governance_info)?;
+    governance_data.config = config;
+
+    governance_data.serialize(&mut *governance_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/processor/process_set_governance_delegate.rs

@@ -0,0 +1,32 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+};
+
+use crate::state::token_owner_record::get_token_owner_record_data;
+
+/// Processes SetGovernanceDelegate instruction
+pub fn process_set_governance_delegate(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    new_governance_delegate: &Option<Pubkey>,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let governance_authority_info = next_account_info(account_info_iter)?; // 0
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 1
+
+    let mut token_owner_record_data =
+        get_token_owner_record_data(program_id, token_owner_record_info)?;
+
+    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
+
+    token_owner_record_data.governance_delegate = *new_governance_delegate;
+    token_owner_record_data.serialize(&mut *token_owner_record_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/processor/process_sign_off_proposal.rs

@@ -0,0 +1,63 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    clock::Clock,
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+    sysvar::Sysvar,
+};
+
+use crate::state::{
+    enums::ProposalState, proposal::get_proposal_data,
+    signatory_record::get_signatory_record_data_for_seeds,
+};
+
+/// Processes SignOffProposal instruction
+pub fn process_sign_off_proposal(program_id: &Pubkey, accounts: &[AccountInfo]) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let proposal_info = next_account_info(account_info_iter)?; // 0
+
+    let signatory_record_info = next_account_info(account_info_iter)?; // 1
+    let signatory_info = next_account_info(account_info_iter)?; // 2
+
+    let clock_info = next_account_info(account_info_iter)?; // 3
+    let clock = Clock::from_account_info(clock_info)?;
+
+    let mut proposal_data = get_proposal_data(program_id, proposal_info)?;
+    proposal_data.assert_can_sign_off()?;
+
+    let mut signatory_record_data = get_signatory_record_data_for_seeds(
+        program_id,
+        signatory_record_info,
+        proposal_info.key,
+        signatory_info.key,
+    )?;
+    signatory_record_data.assert_can_sign_off(signatory_info)?;
+
+    signatory_record_data.signed_off = true;
+    signatory_record_data.serialize(&mut *signatory_record_info.data.borrow_mut())?;
+
+    if proposal_data.signatories_signed_off_count == 0 {
+        proposal_data.signing_off_at = Some(clock.unix_timestamp);
+        proposal_data.state = ProposalState::SigningOff;
+    }
+
+    proposal_data.signatories_signed_off_count = proposal_data
+        .signatories_signed_off_count
+        .checked_add(1)
+        .unwrap();
+
+    // If all Signatories signed off we can start voting
+    if proposal_data.signatories_signed_off_count == proposal_data.signatories_count {
+        proposal_data.voting_at = Some(clock.unix_timestamp);
+        proposal_data.voting_at_slot = Some(clock.slot);
+        proposal_data.state = ProposalState::Voting;
+    }
+
+    proposal_data.serialize(&mut *proposal_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/processor/process_withdraw_governing_tokens.rs

@@ -0,0 +1,72 @@
+//! Program state processor
+
+use borsh::BorshSerialize;
+use solana_program::{
+    account_info::{next_account_info, AccountInfo},
+    entrypoint::ProgramResult,
+    pubkey::Pubkey,
+};
+
+use crate::{
+    error::GovernanceError,
+    state::{
+        realm::{get_realm_address_seeds, get_realm_data},
+        token_owner_record::{
+            get_token_owner_record_address_seeds, get_token_owner_record_data_for_seeds,
+        },
+    },
+    tools::spl_token::{get_spl_token_mint, transfer_spl_tokens_signed},
+};
+
+/// Processes WithdrawGoverningTokens instruction
+pub fn process_withdraw_governing_tokens(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let realm_info = next_account_info(account_info_iter)?; // 0
+    let governing_token_holding_info = next_account_info(account_info_iter)?; // 1
+    let governing_token_destination_info = next_account_info(account_info_iter)?; // 2
+    let governing_token_owner_info = next_account_info(account_info_iter)?; // 3
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 4
+    let spl_token_info = next_account_info(account_info_iter)?; // 5
+
+    if !governing_token_owner_info.is_signer {
+        return Err(GovernanceError::GoverningTokenOwnerMustSign.into());
+    }
+
+    let realm_data = get_realm_data(program_id, realm_info)?;
+    let governing_token_mint = get_spl_token_mint(governing_token_holding_info)?;
+
+    let token_owner_record_address_seeds = get_token_owner_record_address_seeds(
+        realm_info.key,
+        &governing_token_mint,
+        governing_token_owner_info.key,
+    );
+
+    let mut token_owner_record_data = get_token_owner_record_data_for_seeds(
+        program_id,
+        token_owner_record_info,
+        &token_owner_record_address_seeds,
+    )?;
+
+    if token_owner_record_data.unrelinquished_votes_count > 0 {
+        return Err(GovernanceError::AllVotesMustBeRelinquishedToWithdrawGoverningTokens.into());
+    }
+
+    transfer_spl_tokens_signed(
+        governing_token_holding_info,
+        governing_token_destination_info,
+        realm_info,
+        &get_realm_address_seeds(&realm_data.name),
+        program_id,
+        token_owner_record_data.governing_token_deposit_amount,
+        spl_token_info,
+    )?;
+
+    token_owner_record_data.governing_token_deposit_amount = 0;
+    token_owner_record_data.serialize(&mut *token_owner_record_info.data.borrow_mut())?;
+
+    Ok(())
+}

governance/program/src/state/enums.rs

@@ -0,0 +1,158 @@
+//! State enumerations
+
+use borsh::{BorshDeserialize, BorshSchema, BorshSerialize};
+
+/// Defines all Governance accounts types
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub enum GovernanceAccountType {
+    /// Default uninitialized account state
+    Uninitialized,
+
+    /// Top level aggregation for governances with Community Token (and optional Council Token)
+    Realm,
+
+    /// Token Owner Record for given governing token owner within a Realm
+    TokenOwnerRecord,
+
+    /// Generic Account Governance account
+    AccountGovernance,
+
+    /// Program Governance account
+    ProgramGovernance,
+
+    /// Proposal account for Governance account. A single Governance account can have multiple Proposal accounts
+    Proposal,
+
+    /// Proposal Signatory account
+    SignatoryRecord,
+
+    /// Vote record account for a given Proposal.  Proposal can have 0..n voting records
+    VoteRecord,
+
+    /// ProposalInstruction account which holds an instruction to execute for Proposal
+    ProposalInstruction,
+
+    /// Mint Governance account
+    MintGovernance,
+
+    /// Token Governance account
+    TokenGovernance,
+}
+
+impl Default for GovernanceAccountType {
+    fn default() -> Self {
+        GovernanceAccountType::Uninitialized
+    }
+}
+
+/// Vote  with number of votes
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub enum VoteWeight {
+    /// Yes vote
+    Yes(u64),
+
+    /// No vote
+    No(u64),
+}
+
+/// What state a Proposal is in
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub enum ProposalState {
+    /// Draft - Proposal enters Draft state when it's created
+    Draft,
+
+    /// SigningOff - The Proposal is being signed off by Signatories
+    /// Proposal enters the state when first Signatory Sings and leaves it when last Signatory signs
+    SigningOff,
+
+    /// Taking votes
+    Voting,
+
+    /// Voting ended with success
+    Succeeded,
+
+    /// Voting completed and now instructions are being execute. Proposal enter this state when first instruction is executed and leaves when the last instruction is executed
+    Executing,
+
+    /// Completed
+    Completed,
+
+    /// Cancelled
+    Cancelled,
+
+    /// Defeated
+    Defeated,
+}
+
+impl Default for ProposalState {
+    fn default() -> Self {
+        ProposalState::Draft
+    }
+}
+
+/// The type of the vote threshold percentage used to resolve a vote on a Proposal
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub enum VoteThresholdPercentage {
+    /// Voting threshold of Yes votes in % required to tip the vote
+    /// It's the percentage of tokens out of the entire pool of governance tokens eligible to vote
+    /// Note: If the threshold is below or equal to 50% then an even split of votes ex: 50:50 or 40:40 is always resolved as Defeated
+    /// In other words a '+1 vote' tie breaker is always required to have a successful vote
+    YesVote(u8),
+
+    /// The minimum number of votes in % out of the entire pool of governance tokens eligible to vote
+    /// which must be cast for the vote to be valid
+    /// Once the quorum is achieved a simple majority (50%+1) of Yes votes is required for the vote to succeed
+    /// Note: Quorum is not implemented in the current version
+    Quorum(u8),
+}
+
+/// The source of voter weights used to vote on proposals
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub enum VoteWeightSource {
+    /// Governing token deposits into the Realm are used as voter weights
+    Deposit,
+    /// Governing token account snapshots as of the time a proposal entered voting state are used as voter weights
+    /// Note: Snapshot source is not supported in the current version
+    /// Support for account snapshots are required in solana and/or arweave as a prerequisite
+    Snapshot,
+}
+
+/// The status of instruction execution
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub enum InstructionExecutionStatus {
+    /// Instruction was not executed yet
+    None,
+
+    /// Instruction was executed successfully
+    Success,
+
+    /// Instruction execution failed
+    /// Note: Error status is not supported yet because when CPI call fails it always terminates parent instruction
+    /// We either have to make it possible to change that behavior or add an instruction to manually set the status
+    Error,
+}
+
+/// Instruction execution flags defining how instructions are executed for a Proposal
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub enum InstructionExecutionFlags {
+    /// No execution flags are specified
+    /// Instructions can be executed individually, in any order, as soon as they hold_up time expires
+    None,
+
+    /// Instructions are executed in a specific order
+    /// Note: Ordered execution is not supported in the current version
+    /// The implementation requires another account type to track deleted instructions
+    Ordered,
+
+    /// Multiple instructions can be executed as a single transaction
+    /// Note: Transactions are not supported in the current version
+    /// The implementation requires another account type to group instructions within a transaction
+    UseTransaction,
+}

governance/program/src/state/governance.rs

@@ -0,0 +1,244 @@
+//! Governance Account
+
+use crate::{
+    error::GovernanceError,
+    state::{
+        enums::{GovernanceAccountType, VoteThresholdPercentage, VoteWeightSource},
+        realm::assert_is_valid_realm,
+    },
+    tools::account::{get_account_data, AccountMaxSize},
+};
+use borsh::{BorshDeserialize, BorshSchema, BorshSerialize};
+use solana_program::{
+    account_info::AccountInfo, program_error::ProgramError, program_pack::IsInitialized,
+    pubkey::Pubkey,
+};
+
+/// Governance config
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub struct GovernanceConfig {
+    /// The type of the vote threshold used for voting
+    /// Note: In the current version only YesVote threshold is supported
+    pub vote_threshold_percentage: VoteThresholdPercentage,
+
+    /// Minimum number of tokens a governance token owner must possess to be able to create a proposal
+    pub min_tokens_to_create_proposal: u64,
+
+    /// Minimum waiting time in seconds for an instruction to be executed after proposal is voted on
+    pub min_instruction_hold_up_time: u32,
+
+    /// Time limit in seconds for proposal to be open for voting
+    pub max_voting_time: u32,
+
+    /// The source of vote weight for voters
+    /// Note: In the current version only token deposits are accepted as vote weight
+    pub vote_weight_source: VoteWeightSource,
+
+    /// The time period in seconds within which a Proposal can be still cancelled after being voted on
+    /// Once cool off time expires Proposal can't be cancelled any longer and becomes a law
+    /// Note: This field is not implemented in the current version
+    pub proposal_cool_off_time: u32,
+}
+
+/// Governance Account
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub struct Governance {
+    /// Account type. It can be Uninitialized, AccountGovernance or ProgramGovernance
+    pub account_type: GovernanceAccountType,
+
+    /// Governance Realm
+    pub realm: Pubkey,
+
+    /// Account governed by this Governance. It can be for example Program account, Mint account or Token Account
+    pub governed_account: Pubkey,
+
+    /// Governance config
+    pub config: GovernanceConfig,
+
+    /// Reserved space for future versions
+    pub reserved: [u8; 8],
+
+    /// Running count of proposals
+    pub proposals_count: u32,
+}
+
+impl AccountMaxSize for Governance {}
+
+impl IsInitialized for Governance {
+    fn is_initialized(&self) -> bool {
+        self.account_type == GovernanceAccountType::AccountGovernance
+            || self.account_type == GovernanceAccountType::ProgramGovernance
+            || self.account_type == GovernanceAccountType::MintGovernance
+            || self.account_type == GovernanceAccountType::TokenGovernance
+    }
+}
+
+impl Governance {
+    /// Returns Governance PDA seeds
+    pub fn get_governance_address_seeds(&self) -> Result<[&[u8]; 3], ProgramError> {
+        let seeds = match self.account_type {
+            GovernanceAccountType::AccountGovernance => {
+                get_account_governance_address_seeds(&self.realm, &self.governed_account)
+            }
+            GovernanceAccountType::ProgramGovernance => {
+                get_program_governance_address_seeds(&self.realm, &self.governed_account)
+            }
+            GovernanceAccountType::MintGovernance => {
+                get_mint_governance_address_seeds(&self.realm, &self.governed_account)
+            }
+            GovernanceAccountType::TokenGovernance => {
+                get_token_governance_address_seeds(&self.realm, &self.governed_account)
+            }
+            _ => return Err(GovernanceError::InvalidAccountType.into()),
+        };
+
+        Ok(seeds)
+    }
+}
+
+/// Deserializes account and checks owner program
+pub fn get_governance_data(
+    program_id: &Pubkey,
+    governance_info: &AccountInfo,
+) -> Result<Governance, ProgramError> {
+    get_account_data::<Governance>(governance_info, program_id)
+}
+
+/// Returns ProgramGovernance PDA seeds
+pub fn get_program_governance_address_seeds<'a>(
+    realm: &'a Pubkey,
+    governed_program: &'a Pubkey,
+) -> [&'a [u8]; 3] {
+    // 'program-governance' prefix ensures uniqueness of the PDA
+    // Note: Only the current program upgrade authority can create an account with this PDA using CreateProgramGovernance instruction
+    [
+        b"program-governance",
+        realm.as_ref(),
+        governed_program.as_ref(),
+    ]
+}
+
+/// Returns ProgramGovernance PDA address
+pub fn get_program_governance_address<'a>(
+    program_id: &Pubkey,
+    realm: &'a Pubkey,
+    governed_program: &'a Pubkey,
+) -> Pubkey {
+    Pubkey::find_program_address(
+        &get_program_governance_address_seeds(realm, governed_program),
+        program_id,
+    )
+    .0
+}
+
+/// Returns MintGovernance PDA seeds
+pub fn get_mint_governance_address_seeds<'a>(
+    realm: &'a Pubkey,
+    governed_mint: &'a Pubkey,
+) -> [&'a [u8]; 3] {
+    // 'mint-governance' prefix ensures uniqueness of the PDA
+    // Note: Only the current mint authority can create an account with this PDA using CreateMintGovernance instruction
+    [b"mint-governance", realm.as_ref(), governed_mint.as_ref()]
+}
+
+/// Returns MintGovernance PDA address
+pub fn get_mint_governance_address<'a>(
+    program_id: &Pubkey,
+    realm: &'a Pubkey,
+    governed_mint: &'a Pubkey,
+) -> Pubkey {
+    Pubkey::find_program_address(
+        &get_mint_governance_address_seeds(realm, governed_mint),
+        program_id,
+    )
+    .0
+}
+
+/// Returns TokenGovernance PDA seeds
+pub fn get_token_governance_address_seeds<'a>(
+    realm: &'a Pubkey,
+    governed_token: &'a Pubkey,
+) -> [&'a [u8]; 3] {
+    // 'token-governance' prefix ensures uniqueness of the PDA
+    // Note: Only the current token account owner can create an account with this PDA using CreateTokenGovernance instruction
+    [b"token-governance", realm.as_ref(), governed_token.as_ref()]
+}
+
+/// Returns TokenGovernance PDA address
+pub fn get_token_governance_address<'a>(
+    program_id: &Pubkey,
+    realm: &'a Pubkey,
+    governed_token: &'a Pubkey,
+) -> Pubkey {
+    Pubkey::find_program_address(
+        &get_token_governance_address_seeds(realm, governed_token),
+        program_id,
+    )
+    .0
+}
+
+/// Returns AccountGovernance PDA seeds
+pub fn get_account_governance_address_seeds<'a>(
+    realm: &'a Pubkey,
+    governed_account: &'a Pubkey,
+) -> [&'a [u8]; 3] {
+    [
+        b"account-governance",
+        realm.as_ref(),
+        governed_account.as_ref(),
+    ]
+}
+
+/// Returns AccountGovernance PDA address
+pub fn get_account_governance_address<'a>(
+    program_id: &Pubkey,
+    realm: &'a Pubkey,
+    governed_account: &'a Pubkey,
+) -> Pubkey {
+    Pubkey::find_program_address(
+        &get_account_governance_address_seeds(realm, governed_account),
+        program_id,
+    )
+    .0
+}
+
+/// Validates args supplied to create governance account
+pub fn assert_valid_create_governance_args(
+    program_id: &Pubkey,
+    governance_config: &GovernanceConfig,
+    realm_info: &AccountInfo,
+) -> Result<(), ProgramError> {
+    assert_is_valid_realm(program_id, realm_info)?;
+
+    assert_is_valid_governance_config(governance_config)?;
+
+    Ok(())
+}
+
+/// Validates governance config parameters
+pub fn assert_is_valid_governance_config(
+    governance_config: &GovernanceConfig,
+) -> Result<(), ProgramError> {
+    match governance_config.vote_threshold_percentage {
+        VoteThresholdPercentage::YesVote(yes_vote_threshold_percentage) => {
+            if !(1..=100).contains(&yes_vote_threshold_percentage) {
+                return Err(GovernanceError::InvalidVoteThresholdPercentage.into());
+            }
+        }
+        _ => {
+            return Err(GovernanceError::VoteThresholdPercentageTypeNotSupported.into());
+        }
+    }
+
+    if governance_config.vote_weight_source != VoteWeightSource::Deposit {
+        return Err(GovernanceError::VoteWeightSourceNotSupported.into());
+    }
+
+    if governance_config.proposal_cool_off_time > 0 {
+        return Err(GovernanceError::ProposalCoolOffTimeNotSupported.into());
+    }
+
+    Ok(())
+}

governance/program/src/state/mod.rs

@@ -0,0 +1,10 @@
+//! Program accounts
+
+pub mod enums;
+pub mod governance;
+pub mod proposal;
+pub mod proposal_instruction;
+pub mod realm;
+pub mod signatory_record;
+pub mod token_owner_record;
+pub mod vote_record;

governance/program/src/state/proposal_instruction.rs

@@ -0,0 +1,282 @@
+//! ProposalInstruction Account
+
+use crate::{
+    error::GovernanceError,
+    state::enums::{GovernanceAccountType, InstructionExecutionStatus},
+    tools::account::{get_account_data, AccountMaxSize},
+    PROGRAM_AUTHORITY_SEED,
+};
+use borsh::{BorshDeserialize, BorshSchema, BorshSerialize};
+use solana_program::{
+    account_info::AccountInfo,
+    clock::UnixTimestamp,
+    instruction::{AccountMeta, Instruction},
+    program_error::ProgramError,
+    program_pack::IsInitialized,
+    pubkey::Pubkey,
+};
+
+/// InstructionData wrapper. It can be removed once Borsh serialization for Instruction is supported in the SDK
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+#[repr(C)]
+pub struct InstructionData {
+    /// Pubkey of the instruction processor that executes this instruction
+    pub program_id: Pubkey,
+    /// Metadata for what accounts should be passed to the instruction processor
+    pub accounts: Vec<AccountMetaData>,
+    /// Opaque data passed to the instruction processor
+    pub data: Vec<u8>,
+}
+
+/// Account metadata used to define Instructions
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+#[repr(C)]
+pub struct AccountMetaData {
+    /// An account's public key
+    pub pubkey: Pubkey,
+    /// True if an Instruction requires a Transaction signature matching `pubkey`.
+    pub is_signer: bool,
+    /// True if the `pubkey` can be loaded as a read-write account.
+    pub is_writable: bool,
+}
+
+impl From<Instruction> for InstructionData {
+    fn from(instruction: Instruction) -> Self {
+        InstructionData {
+            program_id: instruction.program_id,
+            accounts: instruction
+                .accounts
+                .iter()
+                .map(|a| AccountMetaData {
+                    pubkey: a.pubkey,
+                    is_signer: a.is_signer,
+                    is_writable: a.is_writable,
+                })
+                .collect(),
+            data: instruction.data,
+        }
+    }
+}
+
+impl From<&InstructionData> for Instruction {
+    fn from(instruction: &InstructionData) -> Self {
+        Instruction {
+            program_id: instruction.program_id,
+            accounts: instruction
+                .accounts
+                .iter()
+                .map(|a| AccountMeta {
+                    pubkey: a.pubkey,
+                    is_signer: a.is_signer,
+                    is_writable: a.is_writable,
+                })
+                .collect(),
+            data: instruction.data.clone(),
+        }
+    }
+}
+
+/// Account for an instruction to be executed for Proposal
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub struct ProposalInstruction {
+    /// Governance Account type
+    pub account_type: GovernanceAccountType,
+
+    /// The Proposal the instruction belongs to
+    pub proposal: Pubkey,
+
+    /// Unique instruction index within it's parent Proposal
+    pub instruction_index: u16,
+
+    /// Minimum waiting time in seconds for the  instruction to be executed once proposal is voted on
+    pub hold_up_time: u32,
+
+    /// Instruction to execute
+    /// The instruction will be signed by Governance PDA the Proposal belongs to
+    // For example for ProgramGovernance the instruction to upgrade program will be signed by ProgramGovernance PDA
+    pub instruction: InstructionData,
+
+    /// Executed at flag
+    pub executed_at: Option<UnixTimestamp>,
+
+    /// Instruction execution status
+    /// Note: The field is not used in the current version
+    pub execution_status: InstructionExecutionStatus,
+}
+
+impl AccountMaxSize for ProposalInstruction {
+    fn get_max_size(&self) -> Option<usize> {
+        Some(self.instruction.accounts.len() * 34 + self.instruction.data.len() + 89)
+    }
+}
+
+impl IsInitialized for ProposalInstruction {
+    fn is_initialized(&self) -> bool {
+        self.account_type == GovernanceAccountType::ProposalInstruction
+    }
+}
+
+/// Returns ProposalInstruction PDA seeds
+pub fn get_proposal_instruction_address_seeds<'a>(
+    proposal: &'a Pubkey,
+    instruction_index_le_bytes: &'a [u8],
+) -> [&'a [u8]; 3] {
+    [
+        PROGRAM_AUTHORITY_SEED,
+        proposal.as_ref(),
+        instruction_index_le_bytes,
+    ]
+}
+
+/// Returns ProposalInstruction PDA address
+pub fn get_proposal_instruction_address<'a>(
+    program_id: &Pubkey,
+    proposal: &'a Pubkey,
+    instruction_index_le_bytes: &'a [u8],
+) -> Pubkey {
+    Pubkey::find_program_address(
+        &get_proposal_instruction_address_seeds(proposal, instruction_index_le_bytes),
+        program_id,
+    )
+    .0
+}
+
+/// Deserializes ProposalInstruction account and checks owner program
+pub fn get_proposal_instruction_data(
+    program_id: &Pubkey,
+    proposal_instruction_info: &AccountInfo,
+) -> Result<ProposalInstruction, ProgramError> {
+    get_account_data::<ProposalInstruction>(proposal_instruction_info, program_id)
+}
+
+///  Deserializes and returns ProposalInstruction account and checks it belongs to the given Proposal
+pub fn get_proposal_instruction_data_for_proposal(
+    program_id: &Pubkey,
+    proposal_instruction_info: &AccountInfo,
+    proposal: &Pubkey,
+) -> Result<ProposalInstruction, ProgramError> {
+    let proposal_instruction_data =
+        get_proposal_instruction_data(program_id, proposal_instruction_info)?;
+
+    if proposal_instruction_data.proposal != *proposal {
+        return Err(GovernanceError::InvalidProposalForProposalInstruction.into());
+    }
+
+    Ok(proposal_instruction_data)
+}
+
+///  Deserializes ProposalInstruction account and checks it belongs to the given Proposal
+pub fn assert_proposal_instruction_for_proposal(
+    program_id: &Pubkey,
+    proposal_instruction_info: &AccountInfo,
+    proposal: &Pubkey,
+) -> Result<(), ProgramError> {
+    get_proposal_instruction_data_for_proposal(program_id, proposal_instruction_info, proposal)
+        .map(|_| ())
+}
+
+#[cfg(test)]
+mod test {
+
+    use std::str::FromStr;
+
+    use solana_program::bpf_loader_upgradeable;
+
+    use super::*;
+
+    fn create_test_account_meta_data() -> AccountMetaData {
+        AccountMetaData {
+            pubkey: Pubkey::new_unique(),
+            is_signer: true,
+            is_writable: false,
+        }
+    }
+
+    fn create_test_instruction_data() -> InstructionData {
+        InstructionData {
+            program_id: Pubkey::new_unique(),
+            accounts: vec![
+                create_test_account_meta_data(),
+                create_test_account_meta_data(),
+            ],
+            data: vec![1, 2, 3],
+        }
+    }
+
+    fn create_test_proposal_instruction() -> ProposalInstruction {
+        ProposalInstruction {
+            account_type: GovernanceAccountType::ProposalInstruction,
+            proposal: Pubkey::new_unique(),
+            instruction_index: 1,
+            hold_up_time: 10,
+            instruction: create_test_instruction_data(),
+            executed_at: Some(100),
+            execution_status: InstructionExecutionStatus::Success,
+        }
+    }
+
+    #[test]
+    fn test_account_meta_data_size() {
+        let account_meta_data = create_test_account_meta_data();
+        let size = account_meta_data.try_to_vec().unwrap().len();
+
+        assert_eq!(34, size);
+    }
+
+    #[test]
+    fn test_proposal_instruction_max_size() {
+        // Arrange
+        let proposal_instruction = create_test_proposal_instruction();
+        let size = proposal_instruction.try_to_vec().unwrap().len();
+
+        // Act, Assert
+        assert_eq!(proposal_instruction.get_max_size(), Some(size));
+    }
+
+    #[test]
+    fn test_empty_proposal_instruction_max_size() {
+        // Arrange
+        let mut proposal_instruction = create_test_proposal_instruction();
+        proposal_instruction.instruction.data = vec![];
+        proposal_instruction.instruction.accounts = vec![];
+
+        let size = proposal_instruction.try_to_vec().unwrap().len();
+
+        // Act, Assert
+        assert_eq!(proposal_instruction.get_max_size(), Some(size));
+    }
+
+    #[test]
+    fn test_upgrade_instruction_serialization() {
+        // Arrange
+        let program_address =
+            Pubkey::from_str("Hita5Lun87S4MADAF4vGoWEgFm5DyuVqxoWzzqYxS3AD").unwrap();
+        let buffer_address =
+            Pubkey::from_str("5XqXkgJGAUwrUHBkxbKpYMGqsRoQLfyqRbYUEkjNY6hL").unwrap();
+        let governance = Pubkey::from_str("FqSReK9R8QxvFZgdrAwGT3gsYp1ZGfiFjS8xrzyyadn3").unwrap();
+
+        let upgrade_instruction = bpf_loader_upgradeable::upgrade(
+            &program_address,
+            &buffer_address,
+            &governance,
+            &governance,
+        );
+
+        // Act
+        let instruction_data: InstructionData = upgrade_instruction.clone().into();
+        let mut instruction_bytes = vec![];
+        instruction_data.serialize(&mut instruction_bytes).unwrap();
+
+        // base64 encoded message is accepted as the input in the UI
+        let base64 = base64::encode(instruction_bytes.clone());
+
+        // Assert
+        let instruction =
+            Instruction::from(&InstructionData::deserialize(&mut &instruction_bytes[..]).unwrap());
+
+        assert_eq!(upgrade_instruction, instruction);
+
+        assert_eq!(base64,"Aqj2kU6IobDiEBU+92OuKwDCuT0WwSTSwFN6EASAAAAHAAAAchkHXTU9jF+rKpILT6dzsVyNI9NsQy9cab+GGvdwNn0AAfh2HVruy2YibpgcQUmJf5att5YdPXSv1k2pRAKAfpSWAAFDVQuXWos2urmegSPblI813GlTm7CJ/8rv+9yzNE3yfwAB3Gw+apCyfrRNqJ6f1160Htkx+uYZT6FIILQ3WzNA4KwAAQan1RcZLFxRIYzJTD1K8X9Y2u4Im6H9ROPb2YoAAAAAAAAGp9UXGMd0yShWY5hpHV62i164o5tLbVxzVVshAAAAAAAA3Gw+apCyfrRNqJ6f1160Htkx+uYZT6FIILQ3WzNA4KwBAAQAAAADAAAA");
+    }
+}

governance/program/src/state/realm.rs

@@ -0,0 +1,113 @@
+//! Realm Account
+
+use borsh::{BorshDeserialize, BorshSchema, BorshSerialize};
+use solana_program::{
+    account_info::AccountInfo, program_error::ProgramError, program_pack::IsInitialized,
+    pubkey::Pubkey,
+};
+
+use crate::{
+    error::GovernanceError,
+    tools::account::{assert_is_valid_account, get_account_data, AccountMaxSize},
+    PROGRAM_AUTHORITY_SEED,
+};
+
+use crate::state::enums::GovernanceAccountType;
+
+/// Governance Realm Account
+/// Account PDA seeds" ['governance', name]
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub struct Realm {
+    /// Governance account type
+    pub account_type: GovernanceAccountType,
+
+    /// Community mint
+    pub community_mint: Pubkey,
+
+    /// Reserved space for future versions
+    pub reserved: [u8; 8],
+
+    /// Council mint
+    pub council_mint: Option<Pubkey>,
+
+    /// Governance Realm name
+    pub name: String,
+}
+
+impl AccountMaxSize for Realm {}
+
+impl IsInitialized for Realm {
+    fn is_initialized(&self) -> bool {
+        self.account_type == GovernanceAccountType::Realm
+    }
+}
+
+impl Realm {
+    /// Asserts the given mint is either Community or Council mint of the Realm
+    pub fn assert_is_valid_governing_token_mint(
+        &self,
+        governing_token_mint: &Pubkey,
+    ) -> Result<(), ProgramError> {
+        if self.community_mint == *governing_token_mint {
+            return Ok(());
+        }
+
+        if self.council_mint == Some(*governing_token_mint) {
+            return Ok(());
+        }
+
+        Err(GovernanceError::InvalidGoverningTokenMint.into())
+    }
+}
+
+/// Checks whether realm account exists, is initialized and  owned by Governance program
+pub fn assert_is_valid_realm(
+    program_id: &Pubkey,
+    realm_info: &AccountInfo,
+) -> Result<(), ProgramError> {
+    assert_is_valid_account(realm_info, GovernanceAccountType::Realm, program_id)
+}
+
+/// Deserializes account and checks owner program
+pub fn get_realm_data(
+    program_id: &Pubkey,
+    realm_info: &AccountInfo,
+) -> Result<Realm, ProgramError> {
+    get_account_data::<Realm>(realm_info, program_id)
+}
+
+/// Returns Realm PDA seeds
+pub fn get_realm_address_seeds(name: &str) -> [&[u8]; 2] {
+    [PROGRAM_AUTHORITY_SEED, name.as_bytes()]
+}
+
+/// Returns Realm PDA address
+pub fn get_realm_address(program_id: &Pubkey, name: &str) -> Pubkey {
+    Pubkey::find_program_address(&get_realm_address_seeds(name), program_id).0
+}
+
+/// Returns Realm Token Holding PDA seeds
+pub fn get_governing_token_holding_address_seeds<'a>(
+    realm: &'a Pubkey,
+    governing_token_mint: &'a Pubkey,
+) -> [&'a [u8]; 3] {
+    [
+        PROGRAM_AUTHORITY_SEED,
+        realm.as_ref(),
+        governing_token_mint.as_ref(),
+    ]
+}
+
+/// Returns Realm Token Holding PDA address
+pub fn get_governing_token_holding_address(
+    program_id: &Pubkey,
+    realm: &Pubkey,
+    governing_token_mint: &Pubkey,
+) -> Pubkey {
+    Pubkey::find_program_address(
+        &get_governing_token_holding_address_seeds(realm, governing_token_mint),
+        program_id,
+    )
+    .0
+}

governance/program/src/state/signatory_record.rs

@@ -0,0 +1,116 @@
+//! Signatory Record
+
+use borsh::{BorshDeserialize, BorshSchema, BorshSerialize};
+use solana_program::{
+    account_info::AccountInfo, program_error::ProgramError, program_pack::IsInitialized,
+    pubkey::Pubkey,
+};
+
+use crate::{
+    error::GovernanceError,
+    tools::account::{get_account_data, AccountMaxSize},
+    PROGRAM_AUTHORITY_SEED,
+};
+
+use crate::state::enums::GovernanceAccountType;
+
+/// Account PDA seeds: ['governance', proposal, signatory]
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub struct SignatoryRecord {
+    /// Governance account type
+    pub account_type: GovernanceAccountType,
+
+    /// Proposal the signatory is assigned for
+    pub proposal: Pubkey,
+
+    /// The account of the signatory who can sign off the proposal
+    pub signatory: Pubkey,
+
+    /// Indicates whether the signatory signed off the proposal
+    pub signed_off: bool,
+}
+
+impl AccountMaxSize for SignatoryRecord {}
+
+impl IsInitialized for SignatoryRecord {
+    fn is_initialized(&self) -> bool {
+        self.account_type == GovernanceAccountType::SignatoryRecord
+    }
+}
+
+impl SignatoryRecord {
+    /// Checks signatory hasn't signed off yet and is transaction signer
+    pub fn assert_can_sign_off(&self, signatory_info: &AccountInfo) -> Result<(), ProgramError> {
+        if self.signed_off {
+            return Err(GovernanceError::SignatoryAlreadySignedOff.into());
+        }
+
+        if !signatory_info.is_signer {
+            return Err(GovernanceError::SignatoryMustSign.into());
+        }
+
+        Ok(())
+    }
+
+    /// Checks signatory can be removed from Proposal
+    pub fn assert_can_remove_signatory(&self) -> Result<(), ProgramError> {
+        if self.signed_off {
+            return Err(GovernanceError::SignatoryAlreadySignedOff.into());
+        }
+
+        Ok(())
+    }
+}
+
+/// Returns SignatoryRecord PDA seeds
+pub fn get_signatory_record_address_seeds<'a>(
+    proposal: &'a Pubkey,
+    signatory: &'a Pubkey,
+) -> [&'a [u8]; 3] {
+    [
+        PROGRAM_AUTHORITY_SEED,
+        proposal.as_ref(),
+        signatory.as_ref(),
+    ]
+}
+
+/// Returns SignatoryRecord PDA address
+pub fn get_signatory_record_address<'a>(
+    program_id: &Pubkey,
+    proposal: &'a Pubkey,
+    signatory: &'a Pubkey,
+) -> Pubkey {
+    Pubkey::find_program_address(
+        &get_signatory_record_address_seeds(proposal, signatory),
+        program_id,
+    )
+    .0
+}
+
+/// Deserializes SignatoryRecord account and checks owner program
+pub fn get_signatory_record_data(
+    program_id: &Pubkey,
+    signatory_record_info: &AccountInfo,
+) -> Result<SignatoryRecord, ProgramError> {
+    get_account_data::<SignatoryRecord>(signatory_record_info, program_id)
+}
+
+/// Deserializes SignatoryRecord  and validates its PDA
+pub fn get_signatory_record_data_for_seeds(
+    program_id: &Pubkey,
+    signatory_record_info: &AccountInfo,
+    proposal: &Pubkey,
+    signatory: &Pubkey,
+) -> Result<SignatoryRecord, ProgramError> {
+    let (signatory_record_address, _) = Pubkey::find_program_address(
+        &get_signatory_record_address_seeds(proposal, signatory),
+        program_id,
+    );
+
+    if signatory_record_address != *signatory_record_info.key {
+        return Err(GovernanceError::InvalidSignatoryAddress.into());
+    }
+
+    get_signatory_record_data(program_id, signatory_record_info)
+}

governance/program/src/state/token_owner_record.rs

@@ -0,0 +1,198 @@
+//! Token Owner Record Account
+
+use crate::{
+    error::GovernanceError,
+    tools::account::{get_account_data, AccountMaxSize},
+    PROGRAM_AUTHORITY_SEED,
+};
+
+use crate::state::enums::GovernanceAccountType;
+
+use borsh::{BorshDeserialize, BorshSchema, BorshSerialize};
+use solana_program::{
+    account_info::AccountInfo, program_error::ProgramError, program_pack::IsInitialized,
+    pubkey::Pubkey,
+};
+
+/// Governance Token Owner Record
+/// Account PDA seeds: ['governance', realm, token_mint, token_owner ]
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub struct TokenOwnerRecord {
+    /// Governance account type
+    pub account_type: GovernanceAccountType,
+
+    /// The Realm the TokenOwnerRecord belongs to
+    pub realm: Pubkey,
+
+    /// Governing Token Mint the TokenOwnerRecord holds deposit for
+    pub governing_token_mint: Pubkey,
+
+    /// The owner (either single or multisig) of the deposited governing SPL Tokens
+    /// This is who can authorize a withdrawal of the tokens
+    pub governing_token_owner: Pubkey,
+
+    /// The amount of governing tokens deposited into the Realm
+    /// This amount is the voter weight used when voting on proposals
+    pub governing_token_deposit_amount: u64,
+
+    /// The number of votes cast by TokenOwner but not relinquished yet
+    /// Every time a vote is cast this number is increased and it's always decreased when relinquishing a vote regardless of the vote state
+    pub unrelinquished_votes_count: u32,
+
+    /// The total number of votes cast by the TokenOwner
+    /// If TokenOwner withdraws vote while voting is still in progress total_votes_count is decreased  and the vote doesn't count towards the total
+    pub total_votes_count: u32,
+
+    /// Reserved space for future versions
+    pub reserved: [u8; 8],
+
+    /// A single account that is allowed to operate governance with the deposited governing tokens
+    /// It can be delegated to by the governing_token_owner or current governance_delegate
+    pub governance_delegate: Option<Pubkey>,
+}
+
+impl AccountMaxSize for TokenOwnerRecord {
+    fn get_max_size(&self) -> Option<usize> {
+        Some(154)
+    }
+}
+
+impl IsInitialized for TokenOwnerRecord {
+    fn is_initialized(&self) -> bool {
+        self.account_type == GovernanceAccountType::TokenOwnerRecord
+    }
+}
+
+impl TokenOwnerRecord {
+    /// Checks whether the provided Governance Authority signed transaction
+    pub fn assert_token_owner_or_delegate_is_signer(
+        &self,
+        governance_authority_info: &AccountInfo,
+    ) -> Result<(), ProgramError> {
+        if governance_authority_info.is_signer {
+            if &self.governing_token_owner == governance_authority_info.key {
+                return Ok(());
+            }
+
+            if let Some(governance_delegate) = self.governance_delegate {
+                if &governance_delegate == governance_authority_info.key {
+                    return Ok(());
+                }
+            };
+        }
+
+        Err(GovernanceError::GoverningTokenOwnerOrDelegateMustSign.into())
+    }
+}
+
+/// Returns TokenOwnerRecord PDA address
+pub fn get_token_owner_record_address(
+    program_id: &Pubkey,
+    realm: &Pubkey,
+    governing_token_mint: &Pubkey,
+    governing_token_owner: &Pubkey,
+) -> Pubkey {
+    Pubkey::find_program_address(
+        &get_token_owner_record_address_seeds(realm, governing_token_mint, governing_token_owner),
+        program_id,
+    )
+    .0
+}
+
+/// Returns TokenOwnerRecord PDA seeds
+pub fn get_token_owner_record_address_seeds<'a>(
+    realm: &'a Pubkey,
+    governing_token_mint: &'a Pubkey,
+    governing_token_owner: &'a Pubkey,
+) -> [&'a [u8]; 4] {
+    [
+        PROGRAM_AUTHORITY_SEED,
+        realm.as_ref(),
+        governing_token_mint.as_ref(),
+        governing_token_owner.as_ref(),
+    ]
+}
+
+/// Deserializes TokenOwnerRecord account and checks owner program
+pub fn get_token_owner_record_data(
+    program_id: &Pubkey,
+    token_owner_record_info: &AccountInfo,
+) -> Result<TokenOwnerRecord, ProgramError> {
+    get_account_data::<TokenOwnerRecord>(token_owner_record_info, program_id)
+}
+
+/// Deserializes TokenOwnerRecord account and checks its PDA against the provided seeds
+pub fn get_token_owner_record_data_for_seeds(
+    program_id: &Pubkey,
+    token_owner_record_info: &AccountInfo,
+    token_owner_record_seeds: &[&[u8]],
+) -> Result<TokenOwnerRecord, ProgramError> {
+    let (token_owner_record_address, _) =
+        Pubkey::find_program_address(token_owner_record_seeds, program_id);
+
+    if token_owner_record_address != *token_owner_record_info.key {
+        return Err(GovernanceError::InvalidTokenOwnerRecordAccountAddress.into());
+    }
+
+    get_token_owner_record_data(program_id, token_owner_record_info)
+}
+
+/// Deserializes TokenOwnerRecord account and checks that its PDA matches the given realm and governing mint
+pub fn get_token_owner_record_data_for_realm_and_governing_mint(
+    program_id: &Pubkey,
+    token_owner_record_info: &AccountInfo,
+    realm: &Pubkey,
+    governing_token_mint: &Pubkey,
+) -> Result<TokenOwnerRecord, ProgramError> {
+    let token_owner_record_data = get_token_owner_record_data(program_id, token_owner_record_info)?;
+
+    if token_owner_record_data.governing_token_mint != *governing_token_mint {
+        return Err(GovernanceError::InvalidGoverningMintForTokenOwnerRecord.into());
+    }
+
+    if token_owner_record_data.realm != *realm {
+        return Err(GovernanceError::InvalidRealmForTokenOwnerRecord.into());
+    }
+
+    Ok(token_owner_record_data)
+}
+
+///  Deserializes TokenOwnerRecord account and checks its address is the give proposal_owner
+pub fn get_token_owner_record_data_for_proposal_owner(
+    program_id: &Pubkey,
+    token_owner_record_info: &AccountInfo,
+    proposal_owner: &Pubkey,
+) -> Result<TokenOwnerRecord, ProgramError> {
+    if token_owner_record_info.key != proposal_owner {
+        return Err(GovernanceError::InvalidProposalOwnerAccount.into());
+    }
+
+    get_token_owner_record_data(program_id, token_owner_record_info)
+}
+
+#[cfg(test)]
+mod test {
+    use solana_program::borsh::get_packed_len;
+
+    use super::*;
+
+    #[test]
+    fn test_max_size() {
+        let token_owner_record = TokenOwnerRecord {
+            account_type: GovernanceAccountType::TokenOwnerRecord,
+            realm: Pubkey::new_unique(),
+            governing_token_mint: Pubkey::new_unique(),
+            governing_token_owner: Pubkey::new_unique(),
+            governing_token_deposit_amount: 10,
+            governance_delegate: Some(Pubkey::new_unique()),
+            unrelinquished_votes_count: 1,
+            total_votes_count: 1,
+            reserved: [0; 8],
+        };
+
+        let size = get_packed_len::<TokenOwnerRecord>();
+
+        assert_eq!(token_owner_record.get_max_size(), Some(size));
+    }
+}

governance/program/src/state/vote_record.rs

@@ -0,0 +1,104 @@
+//! Proposal Vote Record Account
+
+use borsh::{BorshDeserialize, BorshSchema, BorshSerialize};
+use solana_program::account_info::AccountInfo;
+use solana_program::program_error::ProgramError;
+use solana_program::{program_pack::IsInitialized, pubkey::Pubkey};
+
+use crate::error::GovernanceError;
+use crate::tools::account::get_account_data;
+use crate::{tools::account::AccountMaxSize, PROGRAM_AUTHORITY_SEED};
+
+use crate::state::enums::{GovernanceAccountType, VoteWeight};
+
+/// Proposal VoteRecord
+#[repr(C)]
+#[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
+pub struct VoteRecord {
+    /// Governance account type
+    pub account_type: GovernanceAccountType,
+
+    /// Proposal account
+    pub proposal: Pubkey,
+
+    /// The user who casted this vote
+    /// This is the Governing Token Owner who deposited governing tokens into the Realm
+    pub governing_token_owner: Pubkey,
+
+    /// Indicates whether the vote was relinquished by voter
+    pub is_relinquished: bool,
+
+    /// Voter's vote: Yes/No and amount
+    pub vote_weight: VoteWeight,
+}
+
+impl AccountMaxSize for VoteRecord {}
+
+impl IsInitialized for VoteRecord {
+    fn is_initialized(&self) -> bool {
+        self.account_type == GovernanceAccountType::VoteRecord
+    }
+}
+impl VoteRecord {
+    /// Checks the vote can be relinquished
+    pub fn assert_can_relinquish_vote(&self) -> Result<(), ProgramError> {
+        if self.is_relinquished {
+            return Err(GovernanceError::VoteAlreadyRelinquished.into());
+        }
+
+        Ok(())
+    }
+}
+
+/// Deserializes VoteRecord account and checks owner program
+pub fn get_vote_record_data(
+    program_id: &Pubkey,
+    vote_record_info: &AccountInfo,
+) -> Result<VoteRecord, ProgramError> {
+    get_account_data::<VoteRecord>(vote_record_info, program_id)
+}
+
+/// Deserializes VoteRecord and checks it belongs to the provided Proposal and Governing Token Owner
+pub fn get_vote_record_data_for_proposal_and_token_owner(
+    program_id: &Pubkey,
+    vote_record_info: &AccountInfo,
+    proposal: &Pubkey,
+    governing_token_owner: &Pubkey,
+) -> Result<VoteRecord, ProgramError> {
+    let vote_record_data = get_vote_record_data(program_id, vote_record_info)?;
+
+    if vote_record_data.proposal != *proposal {
+        return Err(GovernanceError::InvalidProposalForVoterRecord.into());
+    }
+
+    if vote_record_data.governing_token_owner != *governing_token_owner {
+        return Err(GovernanceError::InvalidGoverningTokenOwnerForVoteRecord.into());
+    }
+
+    Ok(vote_record_data)
+}
+
+/// Returns VoteRecord PDA seeds
+pub fn get_vote_record_address_seeds<'a>(
+    proposal: &'a Pubkey,
+    token_owner_record: &'a Pubkey,
+) -> [&'a [u8]; 3] {
+    [
+        PROGRAM_AUTHORITY_SEED,
+        proposal.as_ref(),
+        token_owner_record.as_ref(),
+    ]
+}
+
+/// Returns VoteRecord PDA address
+pub fn get_vote_record_address<'a>(
+    program_id: &Pubkey,
+    proposal: &'a Pubkey,
+    token_owner_record: &'a Pubkey,
+) -> Pubkey {
+    Pubkey::find_program_address(
+        &get_vote_record_address_seeds(proposal, token_owner_record),
+        program_id,
+    )
+    .0
+}

governance/program/src/tools/account.rs

@@ -0,0 +1,144 @@
+//! General purpose account utility functions
+
+use borsh::{BorshDeserialize, BorshSerialize};
+use solana_program::{
+    account_info::AccountInfo, borsh::try_from_slice_unchecked, msg, program::invoke_signed,
+    program_error::ProgramError, program_pack::IsInitialized, pubkey::Pubkey, rent::Rent,
+    system_instruction::create_account,
+};
+
+use crate::error::GovernanceError;
+
+/// Trait for accounts to return their max size
+pub trait AccountMaxSize {
+    /// Returns max account size or None if max size is not known and actual instance size should be used
+    fn get_max_size(&self) -> Option<usize> {
+        None
+    }
+}
+
+/// Creates a new account and serializes data into it using the provided seeds to invoke signed CPI call
+/// Note: This functions also checks the provided account PDA matches the supplied seeds
+pub fn create_and_serialize_account_signed<'a, T: BorshSerialize + AccountMaxSize>(
+    payer_info: &AccountInfo<'a>,
+    account_info: &AccountInfo<'a>,
+    account_data: &T,
+    account_address_seeds: &[&[u8]],
+    program_id: &Pubkey,
+    system_info: &AccountInfo<'a>,
+    rent: &Rent,
+) -> Result<(), ProgramError> {
+    // Get PDA and assert it's the same as the requested account address
+    let (account_address, bump_seed) =
+        Pubkey::find_program_address(account_address_seeds, program_id);
+
+    if account_address != *account_info.key {
+        msg!(
+            "Create account with PDA: {:?} was requested while PDA: {:?} was expected",
+            account_info.key,
+            account_address
+        );
+        return Err(ProgramError::InvalidSeeds);
+    }
+
+    let (serialized_data, account_size) = if let Some(max_size) = account_data.get_max_size() {
+        (None, max_size)
+    } else {
+        let serialized_data = account_data.try_to_vec()?;
+        let account_size = serialized_data.len();
+        (Some(serialized_data), account_size)
+    };
+
+    let create_account_instruction = create_account(
+        payer_info.key,
+        account_info.key,
+        rent.minimum_balance(account_size),
+        account_size as u64,
+        program_id,
+    );
+
+    let mut signers_seeds = account_address_seeds.to_vec();
+    let bump = &[bump_seed];
+    signers_seeds.push(bump);
+
+    invoke_signed(
+        &create_account_instruction,
+        &[
+            payer_info.clone(),
+            account_info.clone(),
+            system_info.clone(),
+        ],
+        &[&signers_seeds[..]],
+    )?;
+
+    if let Some(serialized_data) = serialized_data {
+        account_info
+            .data
+            .borrow_mut()
+            .copy_from_slice(&serialized_data);
+    } else {
+        account_data.serialize(&mut *account_info.data.borrow_mut())?;
+    }
+
+    Ok(())
+}
+
+/// Deserializes account and checks it's initialized and owned by the specified program
+pub fn get_account_data<T: BorshDeserialize + IsInitialized>(
+    account_info: &AccountInfo,
+    owner_program_id: &Pubkey,
+) -> Result<T, ProgramError> {
+    if account_info.data_is_empty() {
+        return Err(GovernanceError::AccountDoesNotExist.into());
+    }
+    if account_info.owner != owner_program_id {
+        return Err(GovernanceError::InvalidAccountOwner.into());
+    }
+
+    let account: T = try_from_slice_unchecked(&account_info.data.borrow())?;
+    if !account.is_initialized() {
+        Err(ProgramError::UninitializedAccount)
+    } else {
+        Ok(account)
+    }
+}
+
+/// Asserts the given account is not empty, owned by the given program and of the expected type
+/// Note: The function assumes the account type T is stored as the first element in the account data
+pub fn assert_is_valid_account<T: BorshDeserialize + PartialEq>(
+    account_info: &AccountInfo,
+    expected_account_type: T,
+    owner_program_id: &Pubkey,
+) -> Result<(), ProgramError> {
+    if account_info.owner != owner_program_id {
+        return Err(GovernanceError::InvalidAccountOwner.into());
+    }
+
+    if account_info.data_is_empty() {
+        return Err(GovernanceError::AccountDoesNotExist.into());
+    }
+
+    let account_type: T = try_from_slice_unchecked(&account_info.data.borrow())?;
+
+    if account_type != expected_account_type {
+        return Err(GovernanceError::InvalidAccountType.into());
+    };
+
+    Ok(())
+}
+
+/// Disposes account by transferring its lamports to the beneficiary account and zeros its data
+// After transaction completes the runtime would remove the account with no lamports
+pub fn dispose_account(account_info: &AccountInfo, beneficiary_info: &AccountInfo) {
+    let account_lamports = account_info.lamports();
+    **account_info.lamports.borrow_mut() = 0;
+
+    **beneficiary_info.lamports.borrow_mut() = beneficiary_info
+        .lamports()
+        .checked_add(account_lamports)
+        .unwrap();
+
+    let mut account_data = account_info.data.borrow_mut();
+
+    account_data.fill(0);
+}

governance/program/src/tools/bpf_loader_upgradeable.rs

@@ -0,0 +1,96 @@
+//! General purpose bpf_loader_upgradeable utility functions
+
+use solana_program::{
+    account_info::AccountInfo,
+    bpf_loader_upgradeable::{self, UpgradeableLoaderState},
+    program::invoke,
+    program_error::ProgramError,
+    pubkey::Pubkey,
+};
+
+use bincode::deserialize;
+
+use crate::error::GovernanceError;
+
+/// Returns ProgramData account address for the given Program
+pub fn get_program_data_address(program: &Pubkey) -> Pubkey {
+    Pubkey::find_program_address(&[program.as_ref()], &bpf_loader_upgradeable::id()).0
+}
+
+/// Returns upgrade_authority from the given Upgradable Loader Account
+pub fn get_program_upgrade_authority(
+    upgradable_loader_state: &UpgradeableLoaderState,
+) -> Result<Option<Pubkey>, ProgramError> {
+    let upgrade_authority = match upgradable_loader_state {
+        UpgradeableLoaderState::ProgramData {
+            slot: _,
+            upgrade_authority_address,
+        } => *upgrade_authority_address,
+        _ => return Err(ProgramError::InvalidAccountData),
+    };
+
+    Ok(upgrade_authority)
+}
+
+/// Sets new upgrade authority for the given upgradable program
+pub fn set_program_upgrade_authority<'a>(
+    program_address: &Pubkey,
+    program_data_info: &AccountInfo<'a>,
+    program_upgrade_authority_info: &AccountInfo<'a>,
+    new_authority_info: &AccountInfo<'a>,
+    bpf_upgrade_loader_info: &AccountInfo<'a>,
+) -> Result<(), ProgramError> {
+    let set_upgrade_authority_instruction = bpf_loader_upgradeable::set_upgrade_authority(
+        program_address,
+        program_upgrade_authority_info.key,
+        Some(new_authority_info.key),
+    );
+
+    invoke(
+        &set_upgrade_authority_instruction,
+        &[
+            program_data_info.clone(),
+            program_upgrade_authority_info.clone(),
+            bpf_upgrade_loader_info.clone(),
+            new_authority_info.clone(),
+        ],
+    )
+}
+
+/// Asserts the program  is upgradable and its upgrade authority is a signer of the transaction
+pub fn assert_program_upgrade_authority_is_signer(
+    program_address: &Pubkey,
+    program_data_info: &AccountInfo,
+    program_upgrade_authority_info: &AccountInfo,
+) -> Result<(), ProgramError> {
+    if program_data_info.owner != &bpf_loader_upgradeable::id() {
+        return Err(ProgramError::IncorrectProgramId);
+    }
+    let program_data_address = get_program_data_address(program_address);
+
+    if program_data_address != *program_data_info.key {
+        return Err(GovernanceError::InvalidProgramDataAccountAddress.into());
+    }
+
+    let upgrade_authority = if let UpgradeableLoaderState::ProgramData {
+        slot: _,
+        upgrade_authority_address,
+    } = deserialize(&program_data_info.data.borrow())
+        .map_err(|_| GovernanceError::InvalidProgramDataAccountData)?
+    {
+        upgrade_authority_address
+    } else {
+        None
+    };
+
+    let upgrade_authority = upgrade_authority.ok_or(GovernanceError::ProgramNotUpgradable)?;
+
+    if upgrade_authority != *program_upgrade_authority_info.key {
+        return Err(GovernanceError::InvalidUpgradeAuthority.into());
+    }
+    if !program_upgrade_authority_info.is_signer {
+        return Err(GovernanceError::UpgradeAuthorityMustSign.into());
+    }
+
+    Ok(())
+}

governance/program/src/tools/mod.rs

@@ -0,0 +1,9 @@
+//! Utility functions
+
+pub mod account;
+
+pub mod spl_token;
+
+pub mod bpf_loader_upgradeable;
+
+pub mod pack;

governance/program/src/tools/pack.rs

@@ -0,0 +1,14 @@
+//! General purpose packing utility functions
+
+use arrayref::array_refs;
+use solana_program::{program_error::ProgramError, program_option::COption, pubkey::Pubkey};
+
+/// Unpacks COption from a slice
+pub fn unpack_coption_pubkey(src: &[u8; 36]) -> Result<COption<Pubkey>, ProgramError> {
+    let (tag, body) = array_refs![src, 4, 32];
+    match *tag {
+        [0, 0, 0, 0] => Ok(COption::None),
+        [1, 0, 0, 0] => Ok(COption::Some(Pubkey::new_from_array(*body))),
+        _ => Err(ProgramError::InvalidAccountData),
+    }
+}

governance/program/src/tools/spl_token.rs

@@ -0,0 +1,373 @@
+//! General purpose SPL token utility functions
+
+use arrayref::array_ref;
+use solana_program::{
+    account_info::AccountInfo,
+    entrypoint::ProgramResult,
+    msg,
+    program::{invoke, invoke_signed},
+    program_error::ProgramError,
+    program_option::COption,
+    program_pack::Pack,
+    pubkey::Pubkey,
+    rent::Rent,
+    system_instruction,
+};
+use spl_token::{
+    instruction::set_authority,
+    state::{Account, Mint},
+};
+
+use crate::{error::GovernanceError, tools::pack::unpack_coption_pubkey};
+
+/// Creates and initializes SPL token account with PDA using the provided PDA seeds
+#[allow(clippy::too_many_arguments)]
+pub fn create_spl_token_account_signed<'a>(
+    payer_info: &AccountInfo<'a>,
+    token_account_info: &AccountInfo<'a>,
+    token_account_address_seeds: &[&[u8]],
+    token_mint_info: &AccountInfo<'a>,
+    token_account_owner_info: &AccountInfo<'a>,
+    program_id: &Pubkey,
+    system_info: &AccountInfo<'a>,
+    spl_token_info: &AccountInfo<'a>,
+    rent_sysvar_info: &AccountInfo<'a>,
+    rent: &Rent,
+) -> Result<(), ProgramError> {
+    let create_account_instruction = system_instruction::create_account(
+        payer_info.key,
+        token_account_info.key,
+        1.max(rent.minimum_balance(spl_token::state::Account::get_packed_len())),
+        spl_token::state::Account::get_packed_len() as u64,
+        &spl_token::id(),
+    );
+
+    let (account_address, bump_seed) =
+        Pubkey::find_program_address(token_account_address_seeds, program_id);
+
+    if account_address != *token_account_info.key {
+        msg!(
+            "Create SPL Token Account with PDA: {:?} was requested while PDA: {:?} was expected",
+            token_account_info.key,
+            account_address
+        );
+        return Err(ProgramError::InvalidSeeds);
+    }
+
+    let mut signers_seeds = token_account_address_seeds.to_vec();
+    let bump = &[bump_seed];
+    signers_seeds.push(bump);
+
+    invoke_signed(
+        &create_account_instruction,
+        &[
+            payer_info.clone(),
+            token_account_info.clone(),
+            system_info.clone(),
+        ],
+        &[&signers_seeds[..]],
+    )?;
+
+    let initialize_account_instruction = spl_token::instruction::initialize_account(
+        &spl_token::id(),
+        token_account_info.key,
+        token_mint_info.key,
+        token_account_owner_info.key,
+    )?;
+
+    invoke(
+        &initialize_account_instruction,
+        &[
+            payer_info.clone(),
+            token_account_info.clone(),
+            token_account_owner_info.clone(),
+            token_mint_info.clone(),
+            spl_token_info.clone(),
+            rent_sysvar_info.clone(),
+        ],
+    )?;
+
+    Ok(())
+}
+
+/// Transfers SPL Tokens
+pub fn transfer_spl_tokens<'a>(
+    source_info: &AccountInfo<'a>,
+    destination_info: &AccountInfo<'a>,
+    authority_info: &AccountInfo<'a>,
+    amount: u64,
+    spl_token_info: &AccountInfo<'a>,
+) -> ProgramResult {
+    let transfer_instruction = spl_token::instruction::transfer(
+        &spl_token::id(),
+        source_info.key,
+        destination_info.key,
+        authority_info.key,
+        &[],
+        amount,
+    )
+    .unwrap();
+
+    invoke(
+        &transfer_instruction,
+        &[
+            spl_token_info.clone(),
+            authority_info.clone(),
+            source_info.clone(),
+            destination_info.clone(),
+        ],
+    )?;
+
+    Ok(())
+}
+
+/// Transfers SPL Tokens from a token account owned by the provided PDA authority with seeds
+pub fn transfer_spl_tokens_signed<'a>(
+    source_info: &AccountInfo<'a>,
+    destination_info: &AccountInfo<'a>,
+    authority_info: &AccountInfo<'a>,
+    authority_seeds: &[&[u8]],
+    program_id: &Pubkey,
+    amount: u64,
+    spl_token_info: &AccountInfo<'a>,
+) -> ProgramResult {
+    let (authority_address, bump_seed) = Pubkey::find_program_address(authority_seeds, program_id);
+
+    if authority_address != *authority_info.key {
+        msg!(
+                "Transfer SPL Token with Authority PDA: {:?} was requested while PDA: {:?} was expected",
+                authority_info.key,
+                authority_address
+            );
+        return Err(ProgramError::InvalidSeeds);
+    }
+
+    let transfer_instruction = spl_token::instruction::transfer(
+        &spl_token::id(),
+        source_info.key,
+        destination_info.key,
+        authority_info.key,
+        &[],
+        amount,
+    )
+    .unwrap();
+
+    let mut signers_seeds = authority_seeds.to_vec();
+    let bump = &[bump_seed];
+    signers_seeds.push(bump);
+
+    invoke_signed(
+        &transfer_instruction,
+        &[
+            spl_token_info.clone(),
+            authority_info.clone(),
+            source_info.clone(),
+            destination_info.clone(),
+        ],
+        &[&signers_seeds[..]],
+    )?;
+
+    Ok(())
+}
+
+/// Asserts the given account_info represents a valid SPL Token account which is initialized and belongs to spl_token program
+pub fn assert_is_valid_spl_token_account(account_info: &AccountInfo) -> Result<(), ProgramError> {
+    if account_info.data_is_empty() {
+        return Err(GovernanceError::SplTokenAccountDoesNotExist.into());
+    }
+
+    if account_info.owner != &spl_token::id() {
+        return Err(GovernanceError::SplTokenAccountWithInvalidOwner.into());
+    }
+
+    if account_info.data_len() != Account::LEN {
+        return Err(GovernanceError::SplTokenInvalidTokenAccountData.into());
+    }
+
+    // TokeAccount layout:   mint(32), owner(32), amount(8), delegate(36), state(1), ...
+    let data = account_info.try_borrow_data()?;
+    let state = array_ref![data, 108, 1];
+
+    if state == &[0] {
+        return Err(GovernanceError::SplTokenAccountNotInitialized.into());
+    }
+
+    Ok(())
+}
+
+/// Asserts the given mint_info represents a valid SPL Token Mint account  which is initialized and belongs to spl_token program
+pub fn assert_is_valid_spl_token_mint(mint_info: &AccountInfo) -> Result<(), ProgramError> {
+    if mint_info.data_is_empty() {
+        return Err(GovernanceError::SplTokenMintDoesNotExist.into());
+    }
+
+    if mint_info.owner != &spl_token::id() {
+        return Err(GovernanceError::SplTokenMintWithInvalidOwner.into());
+    }
+
+    if mint_info.data_len() != Mint::LEN {
+        return Err(GovernanceError::SplTokenInvalidMintAccountData.into());
+    }
+
+    // In token program [36, 8, 1, is_initialized(1), 36] is the layout
+    let data = mint_info.try_borrow_data().unwrap();
+    let is_initialized = array_ref![data, 45, 1];
+
+    if is_initialized == &[0] {
+        return Err(GovernanceError::SplTokenMintNotInitialized.into());
+    }
+
+    Ok(())
+}
+
+/// Computationally cheap method to get amount from a token account
+/// It reads amount without deserializing full account data
+pub fn get_spl_token_amount(token_account_info: &AccountInfo) -> Result<u64, ProgramError> {
+    assert_is_valid_spl_token_account(token_account_info)?;
+
+    // TokeAccount layout:   mint(32), owner(32), amount(8), ...
+    let data = token_account_info.try_borrow_data()?;
+    let amount = array_ref![data, 64, 8];
+    Ok(u64::from_le_bytes(*amount))
+}
+
+/// Computationally cheap method to get mint from a token account
+/// It reads mint without deserializing full account data
+pub fn get_spl_token_mint(token_account_info: &AccountInfo) -> Result<Pubkey, ProgramError> {
+    assert_is_valid_spl_token_account(token_account_info)?;
+
+    // TokeAccount layout:   mint(32), owner(32), amount(8), ...
+    let data = token_account_info.try_borrow_data()?;
+    let mint_data = array_ref![data, 0, 32];
+    Ok(Pubkey::new_from_array(*mint_data))
+}
+
+/// Computationally cheap method to get owner from a token account
+/// It reads owner without deserializing full account data
+pub fn get_spl_token_owner(token_account_info: &AccountInfo) -> Result<Pubkey, ProgramError> {
+    assert_is_valid_spl_token_account(token_account_info)?;
+
+    // TokeAccount layout:   mint(32), owner(32), amount(8)
+    let data = token_account_info.try_borrow_data()?;
+    let owner_data = array_ref![data, 32, 32];
+    Ok(Pubkey::new_from_array(*owner_data))
+}
+
+/// Computationally cheap method to just get supply from a mint without unpacking the whole object
+pub fn get_spl_token_mint_supply(mint_info: &AccountInfo) -> Result<u64, ProgramError> {
+    assert_is_valid_spl_token_mint(mint_info)?;
+    // In token program, 36, 8, 1, 1 is the layout, where the first 8 is supply u64.
+    // so we start at 36.
+    let data = mint_info.try_borrow_data().unwrap();
+    let bytes = array_ref![data, 36, 8];
+
+    Ok(u64::from_le_bytes(*bytes))
+}
+
+/// Computationally cheap method to just get authority from a mint without unpacking the whole object
+pub fn get_spl_token_mint_authority(
+    mint_info: &AccountInfo,
+) -> Result<COption<Pubkey>, ProgramError> {
+    assert_is_valid_spl_token_mint(mint_info)?;
+    // In token program, 36, 8, 1, 1 is the layout, where the first 36 is authority.
+    let data = mint_info.try_borrow_data().unwrap();
+    let bytes = array_ref![data, 0, 36];
+
+    unpack_coption_pubkey(bytes)
+}
+
+/// Asserts current mint authority matches the given authority and it's signer of the transaction
+pub fn assert_spl_token_mint_authority_is_signer(
+    mint_info: &AccountInfo,
+    mint_authority_info: &AccountInfo,
+) -> Result<(), ProgramError> {
+    let mint_authority = get_spl_token_mint_authority(mint_info)?;
+
+    if mint_authority.is_none() {
+        return Err(GovernanceError::MintHasNoAuthority.into());
+    }
+
+    if !mint_authority.contains(mint_authority_info.key) {
+        return Err(GovernanceError::InvalidMintAuthority.into());
+    }
+
+    if !mint_authority_info.is_signer {
+        return Err(GovernanceError::MintAuthorityMustSign.into());
+    }
+
+    Ok(())
+}
+
+/// Sets new mint authority
+pub fn set_spl_token_mint_authority<'a>(
+    mint_info: &AccountInfo<'a>,
+    mint_authority: &AccountInfo<'a>,
+    new_mint_authority: &Pubkey,
+    spl_token_info: &AccountInfo<'a>,
+) -> Result<(), ProgramError> {
+    let set_authority_ix = set_authority(
+        &spl_token::id(),
+        mint_info.key,
+        Some(new_mint_authority),
+        spl_token::instruction::AuthorityType::MintTokens,
+        mint_authority.key,
+        &[],
+    )?;
+
+    invoke(
+        &set_authority_ix,
+        &[
+            mint_info.clone(),
+            mint_authority.clone(),
+            spl_token_info.clone(),
+        ],
+    )?;
+
+    Ok(())
+}
+
+/// Asserts current token owner matches the given owner and it's signer of the transaction
+pub fn assert_spl_token_owner_is_signer(
+    token_info: &AccountInfo,
+    token_owner_info: &AccountInfo,
+) -> Result<(), ProgramError> {
+    let token_owner = get_spl_token_owner(token_info)?;
+
+    if token_owner != *token_owner_info.key {
+        return Err(GovernanceError::InvalidTokenOwner.into());
+    }
+
+    if !token_owner_info.is_signer {
+        return Err(GovernanceError::TokenOwnerMustSign.into());
+    }
+
+    Ok(())
+}
+
+/// Sets new token account owner
+pub fn set_spl_token_owner<'a>(
+    token_info: &AccountInfo<'a>,
+    token_owner: &AccountInfo<'a>,
+    new_token_owner: &Pubkey,
+    spl_token_info: &AccountInfo<'a>,
+) -> Result<(), ProgramError> {
+    let set_authority_ix = set_authority(
+        &spl_token::id(),
+        token_info.key,
+        Some(new_token_owner),
+        spl_token::instruction::AuthorityType::AccountOwner,
+        token_owner.key,
+        &[],
+    )?;
+
+    invoke(
+        &set_authority_ix,
+        &[
+            token_info.clone(),
+            token_owner.clone(),
+            spl_token_info.clone(),
+        ],
+    )?;
+
+    Ok(())
+}

governance/program/tests/fixtures/.gitignore

@@ -0,0 +1 @@
+!*.so