Infrastructure as Code in Surfpool

Surfpool introduces Infrastructure as Code (IaC) to the Solana ecosystem, enabling developers to achieve reproducible, secure, and automated deployments with minimal overhead. While simulation is a core feature of Surfpool, the underlying IaC system is equally critical in supporting modern Solana development workflows.

Overview

The concept of Crypto Infrastructure as Code (Crypto IaC) brings the same advantages familiar to traditional DevOps—automation, auditability, modularity—to the Web3 space. This model is designed to ensure consistent and scalable deployment practices across complex crypto environments.

Surfpool’s approach to Crypto IaC has been informed by years of hands-on work with advanced protocols including Pyth, Wormhole Core, Circle CCTP, Bitcoin Ordinals, and others.

A robust Crypto IaC system typically encompasses three categories of components: Onchain Infrastructure, Signing Infrastructure, and Offchain Infrastructure.

Onchain Infrastructure

This category includes:
- Solana Programs deployments
- Upgrades
- State migrations

A well-structured IaC implementation ensures these actions are reproducible, version-controlled, and auditable. Developers can trace every deployment and understand its impact before execution.

Signing Infrastructure

Secure transaction signing is fundamental in production environments. Instead of relying on local keypairs (which pose significant security risks), a modern IaC system supports: • Hardware wallets • Threshold cryptography • Multisig wallets

Signing modules in Surfpool IaC are modular and configurable. Transitioning from a hardcoded private key to a sophisticated signing scheme (e.g. Squads multisig) can be done by updating configuration—no code rewrites required.

Offchain Infrastructure

This includes: • Indexers • State watchers • Wallet sentinels • Automation scripts

These components often react to onchain events and should be treated as part of the deployment pipeline—testable, portable, and versioned like any other code artifact.

Note: Surfpool’s IaC deliberately excludes RPC and node provisioning. These lower-level concerns are already well-supported by tools like Terraform, Ansible, and cloud-native services, and are out of scope for application-level infrastructure management.

Language Design Principles

A critical design goal is static analysis. Developers should be able to produce an execution plan—including involved programs, expected signers, touched accounts, and estimated costs—without running the code.

Key principles: • Declarative syntax (no JS DSLs, no imperative shell scripts) • Composable structure • Minimal learning curve • Separation of concerns between infrastructure and logic

This enables seamless progression from local development to mainnet deployment by simply swapping out components like signing providers or network endpoints.

Web3 Runbooks

Surfpool’s IaC engine is powered by Web3 Runbooks, a domain-specific framework purpose-built for blockchain deployments. The system has been developed over several months to ensure: • Simplicity of use • Composability of routines • Secure runtime execution

It supports both Solana and Ethereum-compatible chains.

In Ethereum environments, Runbooks are already in use by high-performance teams—such as the Infura team at Consensys—for complex protocol deployments involving Eigenlayer and multiple Layer 2 networks.

Surfpool Integration

With Surfpool, we’ve taken Runbooks a step further—refining the developer experience and tailoring it for Solana use cases. The goal is to make Solana development modular, testable, and production-ready from day one.

By combining Surfnets and Crypto IaC, Surfpool offers: • A local-first developer stack • Smooth transition to mainnet through simple config updates • Fully defined and reproducible network environments

Was this page helpful?