A mechanism for one program to call another program's instructions during execution. CPIs enable composability—e.g., a DeFi program can call the Token Program to transfer tokens. CPI depth is limited to 4 levels. The caller passes accounts and instruction data, and the callee runs with the same transaction context.
Start with the shortest useful explanation before going deeper.
A mechanism for one program to call another program's instructions during execution. CPIs enable composability—e.g., a DeFi program can call the Token Program to transfer tokens. CPI depth is limited to 4 levels. The caller passes accounts and instruction data, and the callee runs with the same transaction context.
Use the quick analogy first so the term is easier to reason about when you meet it in code, docs, or prompts.
Think of it as one Solana program calling another program during execution.
Place the term inside its Solana layer so the definition is easier to reason about.
Accounts, instructions, PDAs, transactions, and execution flow.
Turn the term from vocabulary into something operational for product and engineering work.
Most useful when you are moving through Anchor Builder Path and need grounded vocabulary inside a real build flow.
Use this compact block when you want to give an agent or assistant grounded context without dumping the entire page.
Cross-Program Invocation (CPI) (cpi) Category: Programming Model Definition: A mechanism for one program to call another program's instructions during execution. CPIs enable composability—e.g., a DeFi program can call the Token Program to transfer tokens. CPI depth is limited to 4 levels. The caller passes accounts and instruction data, and the callee runs with the same transaction context. Aliases: CPI Related: Program, Instruction, invoke(), invoke_signed()
Use glossary context, relationships, mental models, and builder paths to get structured answers instead of generic chat output.
Optional: paste Anchor, Solana, or Rust code so the Copilot can map primitives back to glossary terms.
The Copilot will answer using the current term, related concepts, mental models, and the surrounding glossary graph.
These branches show which concepts this term touches directly and what sits one layer beyond them.
Executable code deployed on-chain, equivalent to a smart contract on other blockchains. Programs are stateless—they store no data themselves but read/write data in separate accounts they own. Programs are compiled to SBF bytecode and loaded via the BPF Loader. Every program has a unique Program ID (its account's public key).
A single operation within a transaction that invokes a program. An instruction specifies: (1) the program ID to call, (2) an array of account metas (pubkey, is_signer, is_writable), and (3) an opaque data byte array. Programs decode the instruction data to determine which operation to perform.
The Solana SDK function used to execute a CPI without PDA signing: `invoke(instruction, account_infos)`. All required signers must have already signed the outer transaction. Use invoke when calling programs that only need signatures from user wallets, not from PDAs.
The Solana SDK function for CPIs where a PDA must sign: `invoke_signed(instruction, account_infos, signer_seeds)`. The runtime verifies that the seeds + bump produce the expected PDA pubkey and grants signer privileges for that account. This is how programs authorize actions on behalf of PDAs they own.
These are the next concepts worth opening if you want this term to make more sense inside a real Solana workflow.
These entries are easy to mix up when you are reading quickly, prompting an LLM, or onboarding into a new layer of Solana.
A native Solana program (address: ComputeBudget111111111111111111111111111111) that allows transactions to configure their compute resource limits. It provides two key instructions: SetComputeUnitLimit (set the max CU a transaction can consume, up to 1.4M) and SetComputeUnitPrice (set the micro-lamport price per CU for priority fees). These instructions must appear before any program instructions in the transaction.
A function that derives a PDA by iterating bump seeds from 255 down to 0 until finding a pubkey not on the Ed25519 curve. It returns (pubkey, bump). In Anchor, the #[account(seeds=[...], bump)] constraint calls this automatically. The corresponding create_program_address skips iteration and takes an explicit bump.
A program compiled directly into the validator binary rather than deployed as SBF bytecode. Native programs include the System Program, Vote Program, Stake Program, BPF Loader, and others. They have hardcoded addresses and cannot be upgraded through the normal program upgrade mechanism—they change only with validator software updates.
Glossary entries become useful when they are connected. These links are the shortest path to adjacent ideas.
Executable code deployed on-chain, equivalent to a smart contract on other blockchains. Programs are stateless—they store no data themselves but read/write data in separate accounts they own. Programs are compiled to SBF bytecode and loaded via the BPF Loader. Every program has a unique Program ID (its account's public key).
A single operation within a transaction that invokes a program. An instruction specifies: (1) the program ID to call, (2) an array of account metas (pubkey, is_signer, is_writable), and (3) an opaque data byte array. Programs decode the instruction data to determine which operation to perform.
The Solana SDK function used to execute a CPI without PDA signing: `invoke(instruction, account_infos)`. All required signers must have already signed the outer transaction. Use invoke when calling programs that only need signatures from user wallets, not from PDAs.
The Solana SDK function for CPIs where a PDA must sign: `invoke_signed(instruction, account_infos, signer_seeds)`. The runtime verifies that the seeds + bump produce the expected PDA pubkey and grants signer privileges for that account. This is how programs authorize actions on behalf of PDAs they own.
Use these paths when you want to move from isolated lookup into guided exploration.
Start with the abstractions most teams rely on to ship programs fast.
These entries live beside the current term and help the page feel like part of a larger knowledge graph instead of a dead end.
The fundamental data storage unit on Solana. Every piece of state is stored in an account identified by a 32-byte public key. Accounts hold a lamport balance, an owner program, a data byte array (up to 10MB), and an executable flag. Only the owning program can modify an account's data, but anyone can credit lamports to it.
Executable code deployed on-chain, equivalent to a smart contract on other blockchains. Programs are stateless—they store no data themselves but read/write data in separate accounts they own. Programs are compiled to SBF bytecode and loaded via the BPF Loader. Every program has a unique Program ID (its account's public key).
A single operation within a transaction that invokes a program. An instruction specifies: (1) the program ID to call, (2) an array of account metas (pubkey, is_signer, is_writable), and (3) an opaque data byte array. Programs decode the instruction data to determine which operation to perform.
An atomic unit of execution containing one or more instructions, a recent blockhash, and one or more signatures. All instructions in a transaction execute sequentially and atomically—if any instruction fails, the entire transaction reverts. Transactions have a 1,232-byte size limit (matching IPv6 MTU) and a default 200,000 CU budget.