Skip to content

sdk: migrate serviceability commands to RFC-26 instruction builders (R10)#4060

Open
juan-malbeclabs wants to merge 1 commit into
feat/rfc26-rf-fixturesfrom
feat/rfc26-r10-migrate-commands
Open

sdk: migrate serviceability commands to RFC-26 instruction builders (R10)#4060
juan-malbeclabs wants to merge 1 commit into
feat/rfc26-rf-fixturesfrom
feat/rfc26-r10-migrate-commands

Conversation

@juan-malbeclabs

Copy link
Copy Markdown
Contributor

Summary of Changes

  • Delegate every serviceability commands/* execute() to the pure doublezero-serviceability-instruction builders (RFC-26), so account layout has a single source of truth in the builder crate rather than being hand-assembled per command.
  • Replace the four DoubleZeroClient::execute_*(instruction, accounts) trait methods and the client-side account assembly with a single send_transaction(Instruction) (+ _quiet) that just prepends the compute-budget prelude, signs, and sends. Command execute() signatures/returns are unchanged, so CLI/sentinel/daemon consumers are unaffected.
  • Behavior change: the Rust SDK no longer attaches the payer's Permission PDA to serviceability transactions — authorize() uses the legacy GlobalState allowlist path until the builder-side Permission append is re-enabled per instruction (must be sequenced with the permission-model rollout).
  • Add a solana-program-test safety net that runs the highest-cardinality builders (create_device, create_link, create_subscribe_user, atomic delete_device, clear_topology) against the real program to catch account-order drift.
  • Remove the now-unreachable permission-resolve/cache/stale-retry machinery from client.rs (the append, when re-enabled, lands in the builder — derived offline — so the RPC-based path is not needed).

This is the final PR of the RFC-26 stack; it carries the global changelog entry. See rfcs/rfc26-rust-instruction-builder-library.md.

Stack (base of this PR is the RF branch): R0 → R1 → … → R9 → RF (feat/rfc26-rf-fixtures) → R10 (this PR). Merge the stack in order.

Diff Breakdown

Category Files Lines (+/-) Net
Core logic 8 +534 / -1271 -737
Scaffolding 78 +2238 / -3358 -1120
Tests 1 +696 / -0 +696
Config 3 +6 / -0 +6
Docs 2 +4 / -1 +3
Generated 1 +2 / -0 +2

Net −1150 lines: a mostly-mechanical migration (77 command delegations + a doc fix) on top of a genuine send-path/trait rewrite and one new program-test suite. This exceeds doublezero's ~500-line PR norm, but the migration + its program-test safety net are one logical unit and the net change is a reduction; splitting would land the safety net separately from the code it guards.

Key files (click to expand)
  • smartcontract/programs/doublezero-serviceability/tests/rfc26_builders_test.rs (+696) — new program-test safety net; builds via the RFC-26 builders and runs them against the real program.
  • smartcontract/sdk/rs/src/client.rs (+81/-539) — rework execute_transaction_inner into send_transaction_inner(ix, quiet); drop assemble_instructions, the permission-resolve/cache and stale-retry loop, and their tests.
  • smartcontract/sdk/rs/src/commands/exchange/setdevice.rs (+117/-131) — two-send command migrated to set_device_exchange builder.
  • smartcontract/sdk/rs/src/commands/user/delete.rs (+85/-215) — composed unsubscribe + delete_user builder; keeps cascade orchestration.
  • smartcontract/sdk/rs/src/commands/link/update.rs (+77/-81) — update_link builder with LinkUpdateAuthority; builder recomputes use_onchain_allocation.
  • smartcontract/sdk/rs/src/commands/tenant/delete.rs (+62/-127) — delete_tenant builder; keeps cascade + reference-count poll.
  • smartcontract/sdk/rs/src/commands/device/delete.rs (+59/-87) — legacy/atomic paths via delete_device + DeviceDeleteResources.
  • smartcontract/sdk/rs/src/doublezeroclient.rs (+9/-33) — trait: four execute_* methods → send_transaction / send_transaction_quiet.

Testing Verification

  • New solana-program-test suite (rfc26_builders_test.rs): 5 tests exercising the highest-cardinality builders against the real program — create_device, create_link + clear_topology, create_subscribe_user (atomic subscriber), and atomic delete_device (owners read on-chain in processor order). All pass.
  • cargo test -p doublezero_sdk: 164 passed (rewritten command tests now assert predicate::eq(builder(...)) on the exact instruction each command sends, including tightened expectations for the composed user/delete, tenant/delete, user/requestban commands and new unit tests for the resource/* commands).
  • Confirmed the batched topology and multi-send commands (exchange/setdevice, topology/clear, topology/assign_node_segments) preserve their per-instruction sequencing.

…R10)

Delegate every serviceability commands/* execute() to the pure
doublezero-serviceability-instruction builders and a new
DoubleZeroClient::send_transaction (compute-budget prelude + sign + send),
replacing the four execute_*(instruction, accounts) methods and the
client-side account assembly. Command execute() signatures/returns are
unchanged, so CLI/sentinel/daemon consumers are unaffected.

Behavior change: the Rust SDK no longer attaches the payer's Permission PDA
to serviceability transactions; authorize() uses the legacy GlobalState
allowlist path until the builder-side Permission append is re-enabled per
instruction (must be sequenced with the permission-model rollout).

Adds a solana-program-test safety net that runs the highest-cardinality
builders (create_device, create_link, create_subscribe_user, atomic
delete_device, clear_topology) against the real program to catch
account-order drift.
@juan-malbeclabs juan-malbeclabs force-pushed the feat/rfc26-r10-migrate-commands branch from 2194abb to 24c23fe Compare July 14, 2026 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant