Module migrate 

Schema-epoch in-place migration runtime.

Closes the Hopper Safety Audit’s innovation item I4 (“Schema epoch with in-place migration helpers”). The header’s schema_epoch: u32 lets accounts self-identify the ABI version they were written in. When a program later loads an account written at an older epoch, the runtime consults a declared migration chain, applies each edge in sequence atomically with a schema_epoch bump, and only then hands the caller a typed Ref<'_, T> of the current shape.

Design rules

• In-place. no allocation, no CPI. Migration rewrites the account body (within its existing byte range) and the 16-byte Hopper header.
• Atomic per edge. each migration edge updates both the body and the schema_epoch header field under a single mutable byte borrow. A mid-migration abort leaves the header and body consistent with one of the two endpoints, never a hybrid.
• Idempotent. re-running an already-applied edge is a no-op (the header epoch mismatch returns MigrationMismatch).
• Deterministic. edges are applied in strict from_epoch → to_epoch order, and any gap in the chain fails.

Structs

MigrationEdge

One step in a layout’s migration chain.

Traits

LayoutMigration

Layouts opt into in-place migration by providing a MIGRATIONS constant. The default (empty slice) means “no migrations declared” and any mismatch between header and AccountLayout::SCHEMA_EPOCH is a hard failure.

Functions

apply_pending_migrations

Apply all pending migrations needed to bring the account at current_epoch up to AccountLayout::SCHEMA_EPOCH.