Why request auhtority as signer when creating an ALT? #3762
Description
Motivation
Address Lookup Table creation currently requires the authority to be an isSigner when using @solana/web3.js v1.x. This contradicts the on-chain behavior introduced in Solana PR #27248, “Relax authority signer check for lookup table creation,” which removed the runtime requirement for the authority signature to unblock multisig/governance workflows link.
Example use case
const { lookupTableAddress, instruction } =
AddressLookupTableProgram.createLookupTable({
authority: squadsVaultPubkey, // PDA controlled by Squads multisig
payer: eoaKeypair.publicKey, // EOA signs and funds the tx
recentSlot,
});
// We need the EOA to sign but keep the Squads vault set as authority.
const tx = new Transaction().add(instruction);
tx.sign(eoaKeypair); // Squads vault cannot sign here
await connection.sendRawTransaction(tx.serialize());Despite the runtime allowing this pattern, instruction.keys marks the authority as isSigner: true, so serialization fails with “Missing signature for public key …” unless the authority keypair (the Squads vault) also signs—defeating the purpose.
Details
Please update the AddressLookupTableProgram.createLookupTable helper (and related helpers such as createLookupTableInstruction, createLookupTableSigned, etc.) so the authority key is not forced to be a signer once the lookupTableCreationRelaxSignerCheck feature gate is active on the targeted cluster. Ideally, the API would:
- Detect whether the cluster has the relaxed signer check (e.g., via feature gate status or explicit parameter) and only mark
authorityasisSigner: falsewhen safe. - Provide separate helpers (similar to the on-chain split between signed/unsigned creation) so downstream projects can opt into the new behavior without breaking older clusters.
- Document the behavior so builders understand when the authority signature is optional and how to migrate.
Aligning the JS SDK with the runtime change will let multisig/governance programs create ALTs atomically (EOA pays + signs, multisig remains authority) and avoid blockhash-expiration failures for slot-derived addresses.