github solana-foundation/kora v2.0.0
Kora v2.0.0
on GitHub

latest releases: ts-sdk-v0.1.4, ts-sdk-v0.1.3, v2.0.4...
3 months ago

Crates

Changelog

[2.0.0] - 2025-11-24

This release represents a major evolution of Kora with major improvements in security (authentication), observability (metrics), developer experience (SDK improvements, documentation), and operational flexibility (enhanced configuration options). The addition of comprehensive authentication, monitoring capabilities, usage limits, and improved fee estimation makes Kora more suitable for production deployments at scale.

The Audit for this release is included here.

Added

Major Features

  • Authentication System: Implemented optional API Key and HMAC authentication

    • API Key: Added support for x-api-key header authentication
    • HMAC: Implemented HMAC-SHA256 signature verification with x-timestamp and x-hmac-signature headers
    • Configurable authentication methods via kora.toml
    • TypeScript SDK: Updated with authentication support
    • Added comprehensive integration tests for auth flows

  • Usage Limits System: Rate limiting and usage control for production environments

    • Implemented configurable usage limits with Redis backend support
    • Per-user/per-API-key rate limiting capabilities
    • Automatic tracking and enforcement of usage quotas
    • Comprehensive documentation for usage limit configuration

  • Multi-Signer Architecture: Implemented signer pool support for production scalability

    • Support for multiple signers with configurable selection strategies
    • Round-robin and other load balancing strategies for signer selection
    • Enhanced fault tolerance and account lock distribution
    • Configurable via signers.toml configuration file

  • Metrics & Monitoring: Introduced Prometheus metrics collection and Grafana monitoring

    • New kora-metrics crate for metrics infrastructure
    • Pre-configured Grafana dashboards for Kora node monitoring
    • Docker Compose setup for Prometheus and Grafana stack
    • Makefile targets for easy monitoring deployment
    • Fee Payer Balance Tracking: Real-time metrics for fee payer account balances
    • Automatic monitoring and alerting for low balance conditions

  • Enhanced Fee Estimation: Improved transaction fee calculation

    • Added fee_in_token field to EstimateTransactionFeeResponse for fee estimates in the configured token
    • Implemented compute budget introspection for accurate priority fee calculation
    • Calculate priority fees from transaction's compute unit instructions instead of generic estimates
    • Enhanced token price calculations using configured price sources
    • Transfer Fee Calculation: Added support for Token-2022 transfer fees in fee estimation
    • Automatic detection and calculation of transfer fees for tokens with transfer fee extension

  • Configuration Flexibility: Expanded configuration options

    • Added per-method enable/disable configuration via enabled_methods in kora.toml
    • Implemented pricing model configuration (Margin, Fixed, Free)
    • Added --validate-config and --validate-config-with-rpc CLI flags for configuration validation with detailed error reporting
    • Enhanced fee structure validation ensuring proper token configurations
    • Support for custom price oracle endpoints
    • Flexible Token Support: Added allow_any_spl_paid_token flag for dynamic token acceptance

  • Enhanced Fee Payer Protection: Additional security measures

    • Extended fee payer policy system with more granular controls
    • Added protection against token burns and account closures
    • Improved total outflow calculation to include all transfer methods
    • Added allow_approve policy for token delegate operations
    • Enhanced signer parsing with support for byte arrays and JSON files
    • Better fee payer protection with enhanced validation
    • Token2022 configuration with extension blocking

Token & Transaction Features

  • Token-2022 Enhancements: Comprehensive Token-2022 support

    • Full support for Token-2022 program and extensions
    • Transfer hook example and infrastructure for custom token logic
    • Proper handling of transfer fees and other extensions
    • Enhanced validation for Token-2022 specific operations

  • Signature Verification: Optional signature verification for transactions

    • Added signature_verification flag to transaction methods
    • Configurable validation of transaction signatures before processing
    • Enhanced security for transaction submission flows

  • Inner Instruction Support: Deep transaction introspection

    • Full support for inner instructions in transaction validation
    • Proper handling of CPI (Cross-Program Invocation) calls
    • Enhanced fee calculation for complex transactions with nested instructions

Changed

  • Transaction Handling: Full support for Versioned Transactions (V0) with Address Lookup Tables (LUT)

    • Refactored to use VersionedTransaction and VersionedMessage throughout
    • Added lookup table resolution for accurate fee calculation
    • Updated all transaction processing to handle both legacy and V0 transactions
    • Implemented proper LUT support for transaction processing

  • Price Oracle Updates: Removed direct Jupiter dependency

    • Migrated from deprecated Jupiter v2 to configurable price sources
    • Removed hardcoded Jupiter endpoints
    • Added support for custom price oracle configuration

  • Testing Infrastructure: Improved test suite performance and coverage

    • Parallelized integration tests for faster execution
    • Added unit and integration tests for TypeScript SDK
    • Separated auth integration tests with dedicated configuration
    • Improved local test environment setup
    • Integration testing infrastructure rehaul with better organization
    • Enhanced unit testing coverage across all modules
    • CI/CD: Added comprehensive testing workflows

  • Improved CLI Options: Enhanced command-line interface

    • Added --version flag to display current version
    • Improved --help documentation with detailed descriptions
    • Support for multiple private key formats (Base58, U8Array, JSON file path)
    • Environment variable support for authentication credentials (API key and HMAC can be set via env vars)
    • New CLI Command: Added kora rpc initialize-atas for automated ATA creation for payment tokens

  • Associated Token Account (ATA) Improvements:

    • Automatic ATA creation when processing transfers if account doesn't exist
    • Enhanced transfer processing to handle Token-2022 ATAs with TransferChecked
    • Improved ATA detection and management across token programs

Fixed

  • Privy Integration: Fixed transaction serialization
    • Corrected Privy signer to expect serialized transaction instead of message
    • Ensured compatibility with Privy API requirements

Developer Experience

  • SDK Improvements:

    • Added comprehensive unit tests for TypeScript SDK
    • Added proper type guards and request validation
    • Enhanced client with authentication options (API key and HMAC)
    • Implemented authentication support in SDK
    • Added changesets for version management
    • New SDK Methods: Added getPaymentInstruction() and getPayerSigner() methods
    • Auto Instruction Parsing: Automatic parsing of transaction instructions from base64 messages
    • Enhanced transaction handling with automatic deserialization and validation
    • TypeDoc Generation: Auto-generated comprehensive API documentation
    • Improved TypeScript types and interfaces for better developer experience

  • Tooling:

    • Enhanced Makefile with new targets for monitoring stack
    • Improved linting and formatting workflows
    • Added pre-commit hooks for code quality
    • Multi-Signer Support: Implemented signer pool architecture with configurable strategies

  • Documentation: Added guides & documentation

    • Refreshed README.md and added /docs directory
    • Enhanced operator documentation,
    • Added comprehensive client flow examples and integration guides
    • Quick start guide for local development setup

Infrastructure

  • Docker Support:

    • Added Dockerfile optimizations
    • Created docker-compose configurations for metrics stack
    • Added .dockerignore for build efficiency

  • Caching Infrastructure:

    • Redis Integration: Full Redis caching support for account data with configurable TTL
    • Automatic fallback to direct RPC calls when cache unavailable
    • Significant performance improvements for high-traffic deployments

Security & Architecture

  • Enhanced Validation:

    • Improved configuration validation with RPC verification
    • Added checks for program and mint validity
    • Enhanced transaction validation logic
    • Enhanced error handling across the codebase

  • Code Quality & Maintenance:

    • Major Refactoring: Comprehensive code organization and cleanup
    • Overflow Protection: Enhanced margin and token value calculations with overflow protection
    • Better architecture with enhanced signer parsing
    • Improved error handling patterns throughout
    • Cleaned up unused dependencies and legacy code
    • Removed deprecated net-ts SDK and related scripts
    • Enhanced CI workflows with reusable GitHub Actions
Check out latest releases or
releases around solana-foundation/kora v2.0.0

Don't miss a new kora release

NewReleases is sending notifications on new releases.

Get notifications