The on-chain Anchor program exposes four instructions. Everything else is account state.
create_commitment
Initialises a new Commitment + PaymentVault, pulls escrow.
| signer | owner (creator + sole canceler) |
| args | CreateCommitmentArgs (see Commitments page) |
| creates | Commitment PDA, payment vault ATA |
| transfers | payment_amount from owner's ATA → vault |
| errors | InvalidPrice, InvalidMinFill, ExpiryInPast, BountyTooLow, UnsupportedPaymentMint, UnsupportedExtension, SameMint |
execute_commitment
Permissionless. CPIs Jupiter, enforces bounds, pays bounty.
| signer | keeper (anyone with SOL) |
| args | swap_data: Vec<u8> — Jupiter sharedAccountsRoute payload |
| remaining accounts | programAuthority + programSourceTokenAccount + programDestinationTokenAccount + per-AMM tail |
| trigger gate | TriggerNotReached if timestamp condition unmet |
| expiry gate | Expired if now ≥ expiry_ts |
| fee | 20 bps payment → treasury via signed TransferChecked |
| bounds | tokens_out ≥ min_fill AND effective_price ≤ max_price (post-CPI reload) |
| errors | PriceCapExceeded, MinFillNotMet, InvalidRouteDiscriminator, InvalidJupiterProgram, WrongOutputMint, UnsupportedExtension, BadTreasury |
cancel_commitment
Owner-signed. Refunds payment and bounty, closes accounts.
| signer | must equal commitment.owner |
| errors | NotOwner, NotActive |
expire_commitment
Permissionless after expiry_ts.
| signer | any keeper |
| errors | NotYetExpired, NotActive |
Commitment account state
See Commitments → Fields for the full field-by-field breakdown.