feat: add Shadow network simulator automation

[GrapeBaBa]

Summary

• Add client-agnostic Shadow network simulator automation scripts
• run-shadow.sh orchestrates genesis generation, shadow.yaml creation, and shadow execution
• generate-shadow-yaml.sh reads validator-config.yaml and sources each client's client-cmds/<client>-cmd.sh to emit shadow.yaml
• shadow-devnet/genesis/validator-config.yaml provides a 4-node Shadow config with virtual IPs (100.0.0.x)
• client-cmds/leanspec-cmd.sh adds leanSpec client support
• generate-genesis.sh gains --genesis-time <timestamp> flag for fixed timestamps (Shadow uses epoch 946684860)

Usage

# From any client repo with lean-quickstart as submodule:
cd lean-quickstart
./run-shadow.sh

The scripts auto-detect which clients are configured in shadow-devnet/genesis/validator-config.yaml and source matching client-cmds/<name>-cmd.sh files.

Test plan

• Run ./run-shadow.sh on a Codespace with Shadow installed
• Verify 4 nodes reach consensus (finalized slot > 0)
• Verify generate-genesis.sh --genesis-time 946684860 produces correct fixed-time genesis

[Copilot]

Pull request overview

Adds automation to run a multi-node devnet inside the Shadow network simulator, including fixed-time genesis generation and client-agnostic Shadow config generation based on validator-config.yaml.

Changes:

• Added run-shadow.sh to orchestrate genesis generation, Shadow config generation, and Shadow execution.
• Added generate-shadow-yaml.sh to emit shadow.yaml by sourcing client-cmds/<client>-cmd.sh and parsing validator-config.yaml.
• Extended generate-genesis.sh with --genesis-time <timestamp> to support fixed genesis timestamps (used by Shadow), plus added a Shadow-specific 4-node config and a new leanspec client cmd.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
shadow-devnet/genesis/validator-config.yaml	Adds a 4-node Shadow validator config with virtual IPs and ports.
run-shadow.sh	New top-level runner script to generate genesis + shadow.yaml and run Shadow.
generate-shadow-yaml.sh	New generator that converts validator config + client command scripts into shadow.yaml.
generate-genesis.sh	Adds support for exact genesis timestamps via --genesis-time.
client-cmds/leanspec-cmd.sh	Adds leanspec client command definitions for quickstart automation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

yq is used to read validator names before any dependency check, so if yq is missing this script will fail with a generic "command not found". Add an explicit command -v yq check (similar to parse-vc.sh) near the top and exit with a clear install hint.

[Copilot]

The client value is derived from validator-config.yaml and then interpolated into a path that is sourced. If a user points --genesis-dir at an untrusted config, a crafted validator name could trigger path traversal (e.g., ../../...) and execute arbitrary code. Restrict client to a safe allowlist pattern (e.g., [a-z0-9-]+), reject values containing / or .., and fail fast with an error before sourcing.

Suggested change

	# Validate client name to prevent path traversal and restrict characters
	# Allowed: lowercase letters, digits, and hyphens. Disallow '/' and '..'.
	if [[ "$client" == *"/"* || "$client" == *".."* || ! "$client" =~ ^[a-z0-9-]+$ ]]; then
	echo "❌ Error: Invalid client name '$client'. Allowed pattern: [a-z0-9-]+ and no '/' or '..'."
	exit 1
	fi

[Copilot]

The logic that makes binary_path absolute treats any command that doesn't start with / as a filesystem path. This breaks PATH-resolved commands like uv (used by leanspec-cmd.sh), turning it into <cwd>/uv which likely doesn't exist. Only absolutize when the command contains a / (i.e., is a path), or resolve bare commands via command -v and keep them unchanged if found on PATH.

Suggested change

	# Make binary path absolute
	if [[ "$binary_path" != /* ]]; then
	binary_path="$(cd "$(dirname "$binary_path")" 2>/dev/null && pwd)/$(basename "$binary_path")" 2>/dev/null || binary_path="$PROJECT_ROOT/${binary_path#./}"
	# Make binary path absolute when it is a filesystem path.
	# - If binary_path starts with '/', it is already absolute.
	# - If binary_path contains '/', treat it as a path and absolutize it.
	# - If binary_path has no '/', treat it as a bare command and leave it for PATH resolution.
	if [[ "$binary_path" != /* ]]; then
	if [[ "$binary_path" == */* ]]; then
	binary_path="$(cd "$(dirname "$binary_path")" 2>/dev/null && pwd)/$(basename "$binary_path")" 2>/dev/null || binary_path="$PROJECT_ROOT/${binary_path#./}"
	else
	# Bare command: verify it exists on PATH but do not rewrite it into a filesystem path.
	if ! command -v "$binary_path" >/dev/null 2>&1; then
	echo "⚠️ Warning: binary '$binary_path' not found on PATH; Shadow may fail to start this process." >&2
	fi
	fi

[Copilot]

--genesis-dir is resolved via cd "$2" && pwd under set -e. If the path is missing/invalid, the script exits with a raw cd error rather than a user-friendly message. Add an explicit directory existence check and print a clear error (including the provided value) before exiting.

Suggested change

	--genesis-dir)
	--genesis-dir)
	if [ -z "$2" ]; then
	echo "❌ Error: --genesis-dir requires a path argument." >&2
	exit 1
	fi
	if [ ! -d "$2" ]; then
	echo "❌ Error: Genesis directory '$2' does not exist or is not a directory." >&2
	exit 1
	fi

[Copilot]

This script sources each client-cmds/*-cmd.sh, which (per existing quickstart contract) sets node_setup and provides both node_binary and node_docker. However, the generated Shadow config always uses node_binary later, even when node_setup="docker" (e.g., leanspec-cmd.sh explicitly selects docker). Either honor node_setup (and build an executable command accordingly), or fail fast with a clear error if a client is configured for docker-only so Shadow runs don’t silently generate a non-working config.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The generated YAML under processes: is incorrectly indented (- path is aligned with processes:). This will produce invalid YAML (or an unexpected structure) for Shadow. Indent the process list items under processes: (and their nested keys accordingly).

Suggested change

	- path: $binary_path
	args: >-
	$binary_args
	start_time: 1s
	expected_final_state: running
	- path: $binary_path
	args: >-
	$binary_args
	start_time: 1s
	expected_final_state: running

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This script calls yq before any dependency validation (e.g., when building node_names). If generate-shadow-yaml.sh is run directly and yq is missing, it will fail with a generic command-not-found rather than a clear error. Consider adding an explicit command -v yq check near the top (similar to parse-vc.sh / generate-genesis.sh) before the first yq eval invocation.

[Copilot]

show_usage always exits with status 1, and --help|-h calls show_usage, so ./run-shadow.sh --help currently returns a non-zero exit code. Consider exiting 0 for help output (e.g., have show_usage accept an exit code, or handle --help|-h separately).

[Copilot]

Argument parsing for --stop-time and --genesis-dir assumes $2 exists. If a user passes --stop-time (or --genesis-dir) as the last argument, STOP_TIME/GENESIS_DIR will be set to empty and shift 2 will run, leading to confusing downstream failures (or an immediate exit due to set -e on the cd). Consider validating that $2 is present and not another flag before consuming it (as done in generate-shadow-yaml.sh).

[Copilot]

PR description mentions adding client-cmds/leanspec-cmd.sh for leanSpec support, but there is no such script present in the repo contents. Either add the missing client-cmds/leanspec-cmd.sh (and update shadow-devnet/genesis/validator-config.yaml/docs accordingly), or remove/adjust the leanSpec references so the automation matches what’s actually included.

[Copilot]

node_binary from existing client-cmds/*-cmd.sh scripts is formatted for eval (multi-line with trailing \ line continuations and sometimes escaped quotes). Writing the raw remainder into shadow.yaml via a folded block (>-) turns \<newline> into \ , which changes argument tokenization and will likely break client startup under Shadow. Suggest normalizing node_binary before splitting (e.g., strip end-of-line \ continuations and join lines), or switch to emitting an explicit YAML args list derived from a properly tokenized argv representation rather than a shell-formatted string.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 7 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

After resolving binary_path, the script should verify the file exists and is executable before writing shadow.yaml. Add an [[ -x "$binary_path" ]] (or similar) check and fail with a clear error so users don’t discover missing builds only after starting Shadow.

Suggested change

	if [[ ! -x "$binary_path" ]]; then
	echo "❌ Error: Resolved binary for node '$item' (client '$client') is missing or not executable: $binary_path"
	echo " Build the client first or fix the path returned by $client_cmd."
	exit 1
	fi

[Copilot]

PROJECT_ROOT is set to the parent of SCRIPT_DIR. If run-shadow.sh is executed from a standalone lean-quickstart checkout (not as a submodule), this points outside the repo, and later steps will write/delete files in the parent directory. Consider defaulting PROJECT_ROOT to SCRIPT_DIR (and/or adding an override flag) and/or validating that the parent actually contains the expected client repo layout before using it.

[Copilot]

rm -rf "$PROJECT_ROOT/shadow.data" is destructive, and combined with PROJECT_ROOT being the parent of SCRIPT_DIR it can delete data outside the repo when the script is run from an unexpected location. Add a safety guard (e.g., ensure the path is within the intended workspace and not //$HOME/etc., or require an explicit --project-root confirmation) before removing.

[Copilot]

show_usage exits with status 1 unconditionally, so --help also returns a failure code. Consider returning exit code 0 for --help (and keeping non-zero exit codes for invalid usage) to match common CLI behavior.

[Copilot]

GENESIS_VALIDATORS in config.yaml is documented (and previously generated) as a list of pubkey strings, but this change writes a list of objects with attestation_pubkey / proposal_pubkey. This is a breaking change for any client tooling that parses GENESIS_VALIDATORS as a string list (as described in README). Keep the existing string list format, or introduce a new separate field for the expanded structure while preserving backward compatibility.

[Copilot]

validatorConfig is exported as the genesis directory path, but the repo/README treat validator_config as a path (or the special value genesis_bootnode). For clients like zeam-cmd.sh that pass --validator_config $validatorConfig, a directory here is likely incorrect. Set validatorConfig to the intended value (e.g., $GENESIS_DIR/validator-config.yaml or genesis_bootnode) and keep it consistent with spin-node.sh semantics.

Suggested change

	export validatorConfig="$GENESIS_DIR"
	export validatorConfig="$VALIDATOR_CONFIG"

[Copilot]

This script invokes yq before sourcing parse-vc.sh (which does the dependency check), so if yq isn't installed the failure will be a generic "command not found". Add an explicit yq presence check near the top (similar to parse-vc.sh / generate-genesis.sh) so running generate-shadow-yaml.sh directly produces a clear error message.