feat(drive-abci): gate shielded-pool seeding behind shielded_test_data feature

[shumkov]

Summary

Two related changes, both keeping the shielded-pool stress-test path strictly opt-in:

1. Bump grovedb pin to a18f7929 (develop tip post-merge of dashpay/grovedb#752)

Picks up the squash-merge of dashpay/grovedb#752 on grovedb develop. Net contribution to platform: three snapshot-bootstrap primitives behind grovedb's unsafe-dump-load feature:

• GroveDb::raw_storage() — borrow underlying RocksDbStorage
• RocksDbStorage::ingest_subtree_sst() — bulk-load an SST into a CF
• GroveDb::replace_subtree_root() — patch a parent Merk leaf with a caller-provided child hash + element

Un-ignores snapshot_dump_apply_preserves_anchor in drive-abci (was gated on the unmerged grovedb branch).

2. Gate shielded-pool seeding behind a new shielded_test_data Cargo feature

The 1M-note shielded-pool seeding (and the bake/apply machinery added in #3732) used to ride along with every SDK_TEST_DATA=true build. That's expensive and undesirable for most devnet setups — they just want the base SDK fixtures (addresses, group token queries, token direct prices) like before #3732.

Single feature chain controls both the in-tree code paths AND the underlying grovedb primitives:

drive-abci/shielded_test_data
 └── drive/shielded_test_data
     └── grovedb/unsafe-dump-load

• drive-abci/shielded_test_data compiles in mod shielded, mod shielded_snapshot, and the snapshot-bake CLI subcommand.
• It forwards to drive/shielded_test_data → grovedb/unsafe-dump-load so the grovedb APIs above are unlocked through the dep chain.
• The outer create_sdk_test_data cfg gate is unchanged (still rustc cfg, still activated by .cargo/config-test-sdk-data.toml). The shielded gate is purely additive inside it.

Build matrix:

Mode	SDK_TEST_DATA	SHIELDED_TEST_DATA	What's compiled in
Production	unset	unset	nothing test-related
Base SDK (pre-#3732 shape)	true	unset	addresses + token fixtures only
Full	true	true	base + shielded seeder + snapshot bake/apply

Dockerfile

SHIELDED_TEST_DATA=true adds --features=shielded_test_data to both cargo chef cook and cargo build. Bake stage produces /artifacts/shielded-pool.snap; runtime stage wires DRIVE_SHIELDED_SNAPSHOT into the binary's .env only when that file exists. SDK-only builds (SDK_TEST_DATA=true without SHIELDED_TEST_DATA) skip the feature, the bake, and the env wiring entirely.

SHIELDED_TEST_DATA=true implies SDK_TEST_DATA=true — the shielded seeder runs inside create_sdk_test_data.

Why a feature, not another cfg flag?

First iteration of this PR used a second cfg (create_shielded_test_data) paired with a .cargo/config-shielded-test-data.toml profile. The codex review on the original commit pointed out the obvious risk: cargo config files can't enable Cargo features, so the cfg could be set without the grovedb feature being enabled, which would surface as cryptic "method not found" compile errors rather than a clear opt-in message.

The simplification: drop the second cfg, use a single Cargo feature, let cargo's normal feature resolution handle the in-tree gating AND the cross-crate API availability. The outer create_sdk_test_data stays a cfg because its project-stated rationale ("don't activate this with cargo test --all-features") was load-bearing for the SDK-fixture path; the shielded add-on doesn't need that protection since the feature itself is the opt-in.

Verified locally

Build mode	cargo check -p drive-abci
Default (no feature)	✅
--features shielded_test_data	✅
cargo fmt --check --all	✅

snapshot_dump_apply_preserves_anchor (debug, 8 min): 30k notes → 8.6 MB SST → applied to fresh platform → byte-equivalent Sinsemilla anchor df37726e…4c2300. The 6 existing shielded seed tests stay green.

Notes

• The grovedb side (now merged to develop) keeps its unsafe-dump-load feature name — the name describes the primitive correctly there. The drive-abci/drive features are named shielded_test_data because in this tree the only consumer of those primitives is shielded-pool test seeding.
• Coverage on the new bootstrap primitives is exercised in-grovedb via the roundtrip test added in feat: subtree dump/restore primitives grovedb#752 (unsafe_dump_load_subtree_roundtrip_preserves_root_hash), plus consumer-level via snapshot_dump_apply_preserves_anchor here.

Test plan

• CI green on this branch.
• Build with SHIELDED_TEST_DATA=true produces a runtime image with /opt/dashmate/snapshots/shielded-pool.snap and the DRIVE_SHIELDED_SNAPSHOT env var set.
• Build with only SDK_TEST_DATA=true (no SHIELDED_TEST_DATA) produces a working drive-abci with the base SDK fixtures and no shielded snapshot.

🤖 Generated with Claude Code

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR updates the grovedb dependency revision across six packages; introduces a new shielded_test_data cargo feature that gates snapshot-bake and shielded seeding behind an explicit opt-in; refactors the snapshot-bake CLI subcommand wiring; updates the parent-Merk subtree-patching API usage to use the new replace_subtree_root method; and adds Docker build-arg support for independent control of shielded snapshot baking.

Changes

Grovedb revision bump and shielded test-data gating

Layer / File(s)	Summary
Update grovedb git revisions across packages packages/rs-dpp/Cargo.toml, packages/rs-drive/Cargo.toml, packages/rs-platform-version/Cargo.toml, packages/rs-platform-wallet/Cargo.toml, packages/rs-sdk/Cargo.toml, packages/rs-drive-abci/Cargo.toml	Bump grovedb and related crate git rev from 5eb7a5380a6e974513343352acfd6b30a8c1f87c to a18f7929460ef9c5d814f61ff84d8805b2a1761b across all affected packages.
Add shielded_test_data cargo feature and documentation packages/rs-drive/Cargo.toml, packages/rs-drive-abci/Cargo.toml	Introduce shielded_test_data feature that forwards to grovedb/unsafe-dump-load; document the feature's role in enabling snapshot dump/load escape hatches and shielded-pool seeding.
Gate modules and refactor snapshot-bake wiring packages/rs-drive-abci/src/execution/.../create_genesis_state/test/mod.rs, packages/rs-drive-abci/src/lib.rs, packages/rs-drive-abci/src/main.rs	Switch compile gates from create_sdk_test_data to shielded_test_data; gate shielded test module and seeding steps; refactor snapshot-bake from top-level function to snapshot_bake_main::run module; update main() config-selection logic to use local GroveDB when shielded_test_data is enabled and SnapshotBake subcommand is selected.
Update parent-Merk subtree patching and enable snapshot test packages/rs-drive-abci/src/execution/.../create_genesis_state/test/shielded.rs, packages/rs-drive-abci/src/shielded_snapshot/mod.rs	Replace replace_commitment_tree_subtree_root(...) calls with Element::new_commitment_tree(...) + replace_subtree_root(...) pattern; remove #[ignore] attribute from snapshot_dump_apply_preserves_anchor test to enable it.
Dockerfile SHIELDED_TEST_DATA build argument and baking logic Dockerfile	Add SHIELDED_TEST_DATA build argument separate from SDK_TEST_DATA; condition cargo-chef and drive-abci builds to use test Cargo config when either flag is true, but only append shielded_test_data feature when SHIELDED_TEST_DATA=true; gate shielded-pool snapshot baking entirely on SHIELDED_TEST_DATA; update runtime-stage comments to reflect new gating.

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• QuantumExplorer
• thepastaclaw

🐰 A grovedb bump, a feature gate so fine,
Shielded snapshots now dance by design,
From test-data control to parent-Merk grace,
New APIs in place, at a measured pace! 🌳

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the primary change: introducing a feature gate (shielded_test_data) for shielded-pool seeding in the drive-abci package.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/gate-shielded-test

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[thepastaclaw]

✅ Review complete (commit e4b1008)

[github-actions]

✅ DashSDKFFI.xcframework built for this PR.

• Workflow run: https://github.com/dashpay/platform/actions/runs/26815372803
• Artifacts: DashSDKFFI.xcframework (folder), DashSDKFFI.xcframework.zip, xc_checksum.txt

SwiftPM (host the zip at a stable URL, then use):

.binaryTarget(
  name: "DashSDKFFI",
  url: "https://your.cdn.example/DashSDKFFI.xcframework.zip",
  checksum: "507d9f857f49d5f07dba03e69ee717dd67fc806ee89f634922cb57f97e375ada"
)

Xcode manual integration:

• Download 'DashSDKFFI.xcframework' artifact from the run link above.
• Drag it into your app target (Frameworks, Libraries & Embedded Content) and set Embed & Sign.
• If using the Swift wrapper package, point its binaryTarget to the xcframework location or add the package and place the xcframework at the expected path.

[thepastaclaw]

Code Review

PR's in-scope changes are a mechanical grovedb pin bump (5eb7a538 → 67acdbcb) across six Cargo.toml manifests + Cargo.lock and removal of one #[ignore] attribute on snapshot_dump_apply_preserves_anchor. Both changes are minimal, internally consistent, and the un-ignored test matches the new grovedb API (ingest_subtree_sst, replace_commitment_tree_subtree_root) that the rev brings in. No in-scope blocking or suggestion-level issues identified.

[coderabbitai]

🧹 Nitpick comments (1)

packages/rs-drive-abci/src/execution/platform_events/initialization/create_genesis_state/test/mod.rs (1)

10-14: 💤 Low value

Gating is consistent; note the implicit cfg dependency.

Shielded seeding only runs when create_shielded_test_data is set, and the surrounding create_sdk_test_data call in create_genesis_state only runs under create_sdk_test_data. So a bake produces non-empty shielded data only when both cfgs are active. The .cargo/config-shielded-test-data.toml profile sets both, so the Docker path holds — but create_shielded_test_data set alone (e.g. a manual --cfg) would silently bake an empty snapshot. The doc comments capture this; no code change needed.

Also applies to: 46-53

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@packages/rs-drive-abci/src/execution/platform_events/initialization/create_genesis_state/test/mod.rs`
around lines 10 - 14, Add a clarifying comment above the `mod shielded;`
declaration to state that shielded seeding only produces non-empty data when
both cfgs are active (the `create_shielded_test_data` flag and the surrounding
`create_sdk_test_data` call in `create_genesis_state`), and reference the
`.cargo/config-shielded-test-data.toml` profile; this makes the implicit cfg
dependency explicit without changing behavior of `mod shielded` or the
`create_genesis_state` / `create_sdk_test_data` logic.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
`@packages/rs-drive-abci/src/execution/platform_events/initialization/create_genesis_state/test/mod.rs`:
- Around line 10-14: Add a clarifying comment above the `mod shielded;`
declaration to state that shielded seeding only produces non-empty data when
both cfgs are active (the `create_shielded_test_data` flag and the surrounding
`create_sdk_test_data` call in `create_genesis_state`), and reference the
`.cargo/config-shielded-test-data.toml` profile; this makes the implicit cfg
dependency explicit without changing behavior of `mod shielded` or the
`create_genesis_state` / `create_sdk_test_data` logic.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 982960e4-b61f-4ffe-8949-f2d6d955a10a

📥 Commits

Reviewing files that changed from the base of the PR and between 52acd3f and bf2efc5.

📒 Files selected for processing (6)

• .cargo/config-shielded-test-data.toml
• Dockerfile
• packages/rs-drive-abci/Cargo.toml
• packages/rs-drive-abci/src/execution/platform_events/initialization/create_genesis_state/test/mod.rs
• packages/rs-drive-abci/src/lib.rs
• packages/rs-drive-abci/src/main.rs

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/rs-drive-abci/Cargo.toml

[thepastaclaw]

Code Review

Verified the PR's cfg gating against the worktree at bf2efc5. The single nitpick from Claude is real-but-speculative: under the documented invocation contract (.cargo/config-shielded-test-data.toml sets both cfgs; the SHIELDED_TEST_DATA Dockerfile arg implies SDK_TEST_DATA), the asymmetric cfg keys never produce a silent no-op, and the author already documents the invariant in both mod.rs and test/mod.rs. Dropping it as speculative, low-value, and outside the PR's stated goal.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.18%. Comparing base (745eb5a) to head (e4b1008).
⚠️ Report is 6 commits behind head on v3.1-dev.

Additional details and impacted files

@@             Coverage Diff              @@
##           v3.1-dev    #3774      +/-   ##
============================================
+ Coverage     87.16%   87.18%   +0.02%     
============================================
  Files          2621     2624       +3     
  Lines        320743   321014     +271     
============================================
+ Hits         279583   279892     +309     
+ Misses        41160    41122      -38     

Components	Coverage Δ
dpp	87.73% <ø> (-0.01%)	⬇️
drive	86.05% <ø> (+0.03%)	⬆️
drive-abci	89.54% <ø> (ø)
sdk	∅ <ø> (∅)
dapi-client	∅ <ø> (∅)
platform-version	∅ <ø> (∅)
platform-value	92.17% <ø> (ø)
platform-wallet	∅ <ø> (∅)
drive-proof-verifier	47.85% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[thepastaclaw]

Code Review

Latest delta cleanly forwards a new unsafe-dump-load feature through drive-abci → drive → grovedb to gate the snapshot-bootstrap APIs, and adapts call sites to grovedb's renamed replace_subtree_root. Carried-forward prior findings: none (the prior no-finding review at bf2efc5 remains applicable). Two suggestion-level findings remain about build-invariant enforcement: the new create_shielded_test_data cfg and the unsafe-dump-load feature are coupled only by convention/Dockerfile, with no compile-time guard if someone hand-rolls a build.

🟡 2 suggestion(s)

1 additional finding(s) omitted (not in diff).

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `packages/rs-drive-abci/src/main.rs`:
- [SUGGESTION] packages/rs-drive-abci/src/main.rs:83-89: `SnapshotBake` compiles without `create_sdk_test_data`, yielding a silently empty snapshot
  `SnapshotBake` is gated only by `#[cfg(create_shielded_test_data)]`, but the genesis hook that actually seeds the shielded pool lives behind `#[cfg(create_sdk_test_data)]` in `create_genesis_state/mod.rs:53-57` (it dispatches to `create_sdk_test_data`, which then runs `create_data_for_shielded_pool` under its own `#[cfg(create_shielded_test_data)]`). The `.cargo/config-shielded-test-data.toml` profile sets both cfgs together, but the invariant exists only in comments — a direct `cargo build --cfg create_shielded_test_data` produces a valid `snapshot-bake` command whose `create_genesis_state()` skips `create_sdk_test_data` entirely, baking a snapshot with no shielded data. Add a compile-time guard so this fails fast.

In `.cargo/config-shielded-test-data.toml`:
- [SUGGESTION] .cargo/config-shielded-test-data.toml:30-38: Shielded-test-data cargo profile activates cfgs without the `unsafe-dump-load` feature they require
  This profile injects `create_sdk_test_data` and `create_shielded_test_data` cfgs, which activate `shielded_snapshot/mod.rs` and the seeding path in `test/shielded.rs`. Those modules now call grovedb APIs (`raw_storage`, `ingest_subtree_sst`, `replace_subtree_root`) that are gated behind the new `unsafe-dump-load` feature on drive-abci → drive → grovedb (this commit). The Dockerfile correctly appends `--features unsafe-dump-load` when `SHIELDED_TEST_DATA=true`, but cargo config files cannot enable Cargo features, so a direct `cargo build` against just this profile will fail with method-missing errors with no clear pointer to the missing feature. Either add a `compile_error!` guard when the cfg is set without the feature, or document the required `--features` flag in the profile's header comment.

[thepastaclaw]

Code Review

Latest delta 614ae01..e8f3099 is a cargo-fmt-only change (collapses snapshot_bake_main::run signature) with no semantic effect. Both prior findings remain STILL VALID at the current head: SnapshotBake is still gated on create_shielded_test_data alone while the seeder it depends on is reached only under create_sdk_test_data, and .cargo/config-shielded-test-data.toml still activates cfgs without enabling the unsafe-dump-load cargo feature those cfgs require.

🟡 1 suggestion(s)

1 additional finding(s) omitted (not in diff).

1 carried-forward finding(s) already raised on this PR; not re-posting as new inline comments.

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `packages/rs-drive-abci/src/main.rs`:
- [SUGGESTION] packages/rs-drive-abci/src/main.rs:83-89: [Carried-forward — STILL VALID] Gate `SnapshotBake` on both `create_sdk_test_data` and `create_shielded_test_data`
  `SnapshotBake` is gated only by `#[cfg(create_shielded_test_data)]` at main.rs:83 (and the dispatch at main.rs:188-189 and config branch at main.rs:209-214). However, the shielded seeder is only reached through `create_sdk_test_data`: `create_genesis_state` calls `self.create_sdk_test_data(...)` under `#[cfg(create_sdk_test_data)]` at packages/rs-drive-abci/src/execution/platform_events/initialization/create_genesis_state/mod.rs:53-57, and that function in turn dispatches to `create_data_for_shielded_pool` under `#[cfg(create_shielded_test_data)]`. A build that sets only `--cfg create_shielded_test_data` (without `create_sdk_test_data`) will compile the `snapshot-bake` CLI, run a full genesis cycle, skip the entire SDK-test-data seeding branch, and then write a snapshot of an unseeded shielded subtree — a silent empty-bake rather than a loud failure. The new cargo profile happens to set both cfgs, but the binary itself doesn't enforce the invariant. Gating `SnapshotBake` (and the surrounding match arm / config branch) on `all(create_sdk_test_data, create_shielded_test_data)` turns the only invalid combination into a compile-time error.

[thepastaclaw]

Code Review

Latest delta is solely a grovedb dependency rev bump (2e9dff50 → a18f7929) across six Cargo.toml files and Cargo.lock; no code logic changed since the prior reviewed SHA. Both prior structural-robustness suggestions are re-verified STILL VALID at e230766 — SnapshotBake's cfg gate and the shielded cargo config remain decoupled from the genesis-seed gate and the unsafe-dump-load feature respectively. No new defects introduced in this delta; carrying forward both prior suggestions.

🟡 1 suggestion(s)

1 additional finding(s) omitted (not in diff).

1 carried-forward finding(s) already raised on this PR; not re-posting as new inline comments.

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `packages/rs-drive-abci/src/main.rs`:
- [SUGGESTION] packages/rs-drive-abci/src/main.rs:83-89: [Carried-forward — STILL VALID] Gate `SnapshotBake` on both `create_sdk_test_data` and `create_shielded_test_data`
  `Commands::SnapshotBake` (main.rs:83-89) is still gated only by `#[cfg(create_shielded_test_data)]`, while the genesis seeding hook lives behind a different cfg: `create_genesis_state/mod.rs:53-57` only calls `self.create_sdk_test_data(...)` under `#[cfg(create_sdk_test_data)]`, and the shielded-pool seeder runs from inside that `create_sdk_test_data` path. The two cfgs are independent, so a build that activates `create_shielded_test_data` alone (e.g. through `RUSTFLAGS` rather than the Docker/cargo profile that today sets both) would expose `snapshot-bake` while compiling the seeder out. In that case the command runs to completion against a fresh genesis with no shielded notes inserted, producing an empty-but-successful snapshot rather than failing. The doc comment on main.rs:80-82 even acknowledges that the seeder is what makes the command meaningful, but the cfg only enforces half of that contract. Tighten the gate to `#[cfg(all(create_sdk_test_data, create_shielded_test_data))]`, or add a `compile_error!` when only one of the two is active, so the misuse is loud at build time.

[thepastaclaw]

Code Review

The cfg→Cargo-feature refactor cleanly resolves the prior cargo-profile/grovedb feature-resolution mismatch by deleting .cargo/config-shielded-test-data.toml and chaining drive-abci/shielded_test_data → drive/shielded_test_data → grovedb/unsafe-dump-load. One prior structural finding remains valid: SnapshotBake is now gated only on the new Cargo feature while the seeder dispatch in create_genesis_state still requires the unchanged cfg(create_sdk_test_data), so a feature-only build can still produce an empty-but-successful snapshot. One new minor doc inconsistency was introduced in the Dockerfile bake-stage comment.

🟡 1 suggestion(s) | 💬 1 nitpick(s)

1 additional finding(s) omitted (not in diff).

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `packages/rs-drive-abci/src/main.rs`:
- [SUGGESTION] packages/rs-drive-abci/src/main.rs:83-89: [Carried-forward — STILL VALID] `SnapshotBake` is exposed under `feature = "shielded_test_data"` without the `create_sdk_test_data` genesis hook it depends on
  `Commands::SnapshotBake` (main.rs:83), the dispatch arm (main.rs:188-189), and the `load_config` bypass (main.rs:209-215) are gated only on `#[cfg(feature = "shielded_test_data")]`. The seeder is reached via `Platform::create_sdk_test_data`, but that call is gated on `#[cfg(create_sdk_test_data)]` in `packages/rs-drive-abci/src/execution/platform_events/initialization/create_genesis_state/mod.rs:53-57`, and the shielded seeder inside it is further gated on `#[cfg(feature = "shielded_test_data")]` (`create_genesis_state/test/mod.rs:50-51`). Cargo features cannot enable rustc `--cfg` flags, so an ad-hoc `cargo build -p drive-abci --features shielded_test_data` (or any path that doesn't also install `.cargo/config-test-sdk-data.toml`) compiles the `snapshot-bake` CLI yet `create_genesis_state` never invokes `create_sdk_test_data`, producing an empty-but-successful snapshot that would later be applied by `DRIVE_SHIELDED_SNAPSHOT`. The Dockerfile (Dockerfile:570-574) sets both correctly so production/devnet images are unaffected, and `create_sdk_test_data` runtime-rejects non-Regtest/Devnet networks (test/mod.rs:33-40) so there is no mainnet/testnet exposure. The remaining risk is a latent build-integrity footgun against direct `cargo` invocations and future refactors. Fix by either also gating `SnapshotBake` on `cfg(create_sdk_test_data)`, or adding a `compile_error!` when `feature = "shielded_test_data"` is enabled without the cfg. The docstring at main.rs:78-82 ("Requires the binary to be built with `--features=shielded_test_data`") should also be updated to mention the `create_sdk_test_data` cfg requirement.

[thepastaclaw]

💬 Nitpick: Stale Dockerfile bake-stage comment still references --cfg create_shielded_test_data

The bake-stage comment claims the snapshot-bake subcommand is only present "when built with --cfg create_shielded_test_data", but the build stage above now activates the subcommand via --features=shielded_test_data (Dockerfile:573-574, 584, 619). Update the comment so the gate description matches the actual build invocation; otherwise a future reader patching this stage may set a no-longer-recognized cfg.

Suggested change

	# The drive-abci binary itself only contains the `snapshot-bake` subcommand
	# when built with `--cfg create_shielded_test_data` (selected by the
	# SHIELDED_TEST_DATA build arg in the build stage), so invoking it on an
	# SDK-only binary would fail with "unknown subcommand" anyway.
	# The drive-abci binary itself only contains the `snapshot-bake` subcommand
	# when built with `--features=shielded_test_data` (selected by the
	# SHIELDED_TEST_DATA build arg in the build stage), so invoking it on an
	# SDK-only binary would fail with "unknown subcommand" anyway.

_{source: ['claude']}