feat: add suppport for ephemeral accounts

[bmuddha]

This PR moves the pre-execution check to the post - execution. This is necessary to allow the ephemeral accounts (which are not delegated) to be mutated (created) first. In addition ephmeral accounts are also alowed to be writeable (while not being delegated).

Summary by CodeRabbit

• New Features

  • Writable-account rules broadened to allow delegated, undelegating, and ephemeral accounts.

• Bug Fixes

  • Added post-execution access checks that log violations and preserve executed transaction state (including fee effects) instead of aborting.
  • Transactions with access violations now record status and diagnostics for improved visibility.

• Tests

  • Expanded tests to validate post-execution behavior and account/state consistency.

• Chores

  • Updated solana-account dependency revision.

[coderabbitai]

Walkthrough

Updated a crate patch revision and moved account-access validation from pre-execution to post-execution; writable-account checks now allow delegated, undelegating, or ephemeral states and validation failures are recorded on the executed transaction with diagnostic logs instead of short-circuiting.

Changes

Cohort / File(s)	Summary
Dependency Update Cargo.toml	Bumped [patch.crates-io] entry for solana-account from rev 731fa50 to 6eae52b.
Access validation logic src/access_permissions.rs	Added use solana_account::AccountSharedData; introduced mutation_allowed predicate and updated writability checks to permit delegated, undelegating, or ephemeral accounts; replaced direct acc.delegated() checks.
Transaction processing src/transaction_processor.rs	Moved validate_accounts_access from pre-execution to post-execution, made executed transaction mutable to record validation failures, set execution status on violation, appended offender diagnostic log, and persisted executed transactions instead of aborting early.
Tests / Integration tests/integration_test.rs	Adjusted assertions to check account existence and use accounts_equal for comparisons; updated expectations to reflect post-execution state changes (e.g., ExecutedFailed) and fee-payer lamport adjustments.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat: on failed txn checks, return more diagnostics info #6 — Modifies account-access validation and records/persists validation failures on executed transactions.

Suggested reviewers

• GabrielePicco

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title mentions 'ephemeral accounts' which is the core feature being added, and the changes across multiple files (access permissions, transaction processor, tests) all support implementing this feature.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bmuddha/feat/ephemeral-accounts

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/transaction_processor.rs`:
- Around line 484-502: The post-execution access check
(`validate_accounts_access`) currently returns early after setting
`executed_tx.execution_details.status` and pushing the processed result, but it
skips extending `balances.post`, leaving `balances.pre` populated and
`balances.post` missing; to fix, ensure you extend `balances.post` for the same
accounts that were used pre-execution before the `continue` (e.g. call the same
routine that populated `balances.post` or move the `balances.post` extension
logic to happen before `validate_accounts_access`), so that
`executed_tx.balances.post` is populated even when `validate_accounts_access`
fails and you still push `ProcessedTransaction::Executed(Box::new(executed_tx))`
into `processing_results`.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/access_permissions.rs`:
- Around line 39-47: The logic currently errors when mutation_allowed(acc) is
true, which is inverted; change the condition inside the loop that iterates
self.accounts (skipping index 0) so that it returns
Err(TransactionError::InvalidWritableAccount, *pk) when message.is_writable(i)
&& !mutation_allowed(acc) instead of when mutation_allowed(acc) is true; update
the check that references the mutation_allowed closure and message.is_writable
to negate mutation_allowed(acc) so protected accounts
(delegated/undelegating/ephemeral) cause the error.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/transaction_processor.rs (1)

483-529: ⚠️ Potential issue | 🟠 Major

Ensure access-violation path updates account cache (fees/nonce/intra-batch state).

Line 508-528: when validate_accounts_access fails, the account cache is never updated. That leaves fee payer/nonce state stale and can let later txs in the batch see pre-fee balances or reuse nonces. Update the cache regardless; only gate program-cache merge on success.

🔧 Suggested fix

-                    let result = if let Err((err, offender)) = result {
+                    if let Err((err, offender)) = result {
                         // If an account access violation was detected, we construct extra
                         // log message, and replace the status, so that the transaction will
                         // be persisted to the ledger with some useful debug information
                         executed_tx.execution_details.status = Err(err);
                         let logs = executed_tx
                             .execution_details
                             .log_messages
                             .get_or_insert_default();
                         let msg = format!("Account {offender} was illegally used as writeable");
                         logs.push(msg);
-                        ProcessedTransaction::Executed(Box::new(executed_tx))
-                    } else {
-                        // Update loaded accounts cache with account states which might have changed.
-                        // Also update local program cache with modifications made by the transaction,
-                        // if it executed successfully.
-                        account_loader.update_accounts_for_executed_tx(tx, &executed_tx);
-                        if executed_tx.was_successful() {
-                            program_cache_for_tx_batch.merge(&executed_tx.programs_modified_by_tx);
-                        }
-                        ProcessedTransaction::Executed(Box::new(executed_tx))
-                    };
+                    }
+                    // Update loaded accounts cache with account states which might have changed.
+                    account_loader.update_accounts_for_executed_tx(tx, &executed_tx);
+                    // Only merge program cache on successful execution.
+                    if executed_tx.was_successful() {
+                        program_cache_for_tx_batch.merge(&executed_tx.programs_modified_by_tx);
+                    }
+                    let result = ProcessedTransaction::Executed(Box::new(executed_tx));