feat: re-add lifecycle modes

[thlorenz]

Summary

Implement lifecycle mode support for configuring account cloning and access control behavior.
This allows validators to run in different modes (ephemeral vs non-ephemeral) with separate
enforcement of access permissions and program cloning restrictions.

Details

Lifecycle Mode Configuration

Added configurable lifecycle mode that can be set per validator instance, allowing different operational modes with distinct cloning and access control behaviors:

• Ephemeral mode: Temporary accounts for testing, supports full cloning and account state modification
• Non-ephemeral modes: Offline/Replica/Program Replica

Account Cloning and Access Control

• Added configuration option to enforce access permissions at the account state verification level
• Implemented program cloning restrictions that respect the lifecycle mode
• Passes lifecycle mode through the account fetching and cloning decision pipeline

Test Infrastructure Improvements

• Extracted test setup utilities to test-tools/src/scenario_setup.rs for reuse across integration tests
• Added comprehensive lifecycle mode tests covering both access permissions and cloning behavior
• Improved test context initialization and logging to aid in debugging

Chainlink Integration

• Updated fetch cloner pipeline to respect lifecycle mode constraints
• Improved program replica cloning to verify full program cloning when required
• Enhanced test context setup with lifecycle mode awareness

Test Ledger Restore

• Refactored common test setup logic using the new scenario setup utilities
• Improved test isolation and consistency across multiple restore scenarios

Summary by CodeRabbit

• New Features

  • Lifecycle mode now controls cloning scope and can enforce access-permissions at runtime.

• Behavioral Changes

  • Cloning, account validation, and transaction scheduling respect lifecycle and access-permission settings.

• Tests

  • Added extensive integration tests validating lifecycle modes, program vs. account cloning, and transfer behaviors.

• Chores

  • Integration test tooling and helpers reorganized and consolidated; unified airdrop and scenario setup utilities.

[github-actions]

Manual Deploy Available

You can trigger a manual deploy of this PR branch to testnet:

Deploy to Testnet 🚀

Alternative: Comment /deploy on this PR to trigger deployment directly.

⚠️ Note: Manual deploy requires authorization. Only authorized users can trigger deployments.

Comment updated automatically when the PR is synchronized.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds lifecycle-mode awareness across the codebase and a new access-permission enforcement flag. Two new LifecycleMode predicates, clones_programs_only() and enforce_access_permissions(), were introduced; an existing requires_ephemeral_validation method was removed. FetchCloner now stores a LifecycleMode, uses it to filter cloned accounts (programs-only behavior), and its cloning pipeline function was converted to an inherent method. TransactionScheduler and TransactionExecutor constructors gained an enforce_access_permissions: bool parameter; executor validation is gated by that flag. Many tests and integration helpers were updated or reorganized (including a new scenario_setup module). Workspace revision for solana-svm was updated.

Suggested reviewers

• GabrielePicco
• bmuddha
• Dodecahedr0x

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch thlorenz/mode01

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

test-integration/test-tools/src/integration_test_context.rs (1)

495-522: ⚠️ Potential issue | 🟡 Minor

Use dump_ephemeral_logs for ephem airdrop failures.

airdrop_ephem wires the failure callback to dump_chain_logs, so ephem failures log the wrong cluster.

Proposed fix

-                Some(&(|sig| self.dump_chain_logs(sig))),
+                Some(&(|sig| self.dump_ephemeral_logs(sig))),

🤖 Fix all issues with AI agents

In `@Cargo.toml`:
- Line 235: The workspace lists solana-svm as a git dependency at rev "569cb82"
but the crates-io patch points to a different source which can create mixed
sources; inspect the dependency graph and ensure all references to solana-svm
resolve to a single source (either make the patch point to the same git rev
"569cb82" or switch the workspace dependency to a path override), update the
crates-io patch or workspace dependency so transitive crates cannot pull a
different solana-svm source, and re-run cargo update/cargo metadata to verify a
single source for the solana-svm crate.

In `@test-integration/test-config/tests/lifecycle_modes_cloning.rs`:
- Around line 200-203: The fixed 500ms sleep before calling
ctx.fetch_ephem_account(pubkey) can cause flakiness; replace the unconditional
std::thread::sleep(...) + immediate ctx.fetch_ephem_account call with a bounded
polling loop that repeatedly calls ctx.fetch_ephem_account(pubkey) (or a
light-weight status check on the ephemeral validator) until the account is
present or a deadline is reached (e.g., loop with small sleep intervals and a
total timeout), and return or assert failure if the timeout elapses to avoid
indefinite waits.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

test-integration/test-tools/src/integration_test_context.rs (1)

673-689: ⚠️ Potential issue | 🟡 Minor

Invoke on_error on confirmation errors too.
If confirm_transaction returns Err, the callback never runs, so logs aren’t dumped. Trigger it before returning the error to aid debugging.

Proposed fix

-                    let succeeded = confirm_transaction(
-                        &sig,
-                        rpc_client,
-                        commitment_config,
-                        None,
-                    )
-                    .with_context(|| {
-                        format!(
-                            "Failed to confirm airdrop chain account '{:?}'",
-                            pubkey
-                        )
-                    })?;
-                    if !succeeded {
-                        if let Some(on_error) = on_error {
-                            on_error(sig);
-                        }
-                        return Err(anyhow::anyhow!(
-                            "Failed to airdrop chain account '{:?}'",
-                            pubkey
-                        ));
-                    }
-                    return Ok(sig);
+                    let succeeded = confirm_transaction(
+                        &sig,
+                        rpc_client,
+                        commitment_config,
+                        None,
+                    )
+                    .with_context(|| {
+                        format!(
+                            "Failed to confirm airdrop chain account '{:?}'",
+                            pubkey
+                        )
+                    });
+                    match succeeded {
+                        Ok(true) => return Ok(sig),
+                        Ok(false) => {
+                            if let Some(on_error) = on_error {
+                                on_error(sig);
+                            }
+                            return Err(anyhow::anyhow!(
+                                "Failed to airdrop chain account '{:?}'",
+                                pubkey
+                            ));
+                        }
+                        Err(err) => {
+                            if let Some(on_error) = on_error {
+                                on_error(sig);
+                            }
+                            return Err(err);
+                        }
+                    }

🤖 Fix all issues with AI agents

In `@test-integration/test-config/tests/lifecycle_modes_cloning.rs`:
- Around line 211-229: The assertion messages for cloned_account lack the
account pubkey and the "for" fragment is incomplete; update both assert_eq!
calls to include the relevant account pubkey and lifecycle_mode in the message
(e.g., add the account's pubkey obtained from the test context or the account
variable — reference symbols: cloned_account, expect_clone, lifecycle_mode, ctx,
validator, cleanup) so the failure message reads something like "Account
{pubkey} should have been cloned in {:?} mode" or "Account {pubkey} should NOT
have been cloned in {:?} mode" and keep the existing cleanup(&mut validator)
call as the custom message parameter.