🦞 We just shipped exactly what Toly suggested: standalone stake program PDA-admin architecture (stake_pool PDA as wrapper admin, all ops via CPI for isolated audits). 35 fresh Kani harnesses + full state machine verification, 176 checks green, plus wrapper hardening (risk caps,