Add EVM support

[akobrin1]

Summary

This PR adds broad EVM support across supernode, SDK, CLI, and supporting modules, then brings the branch current with master. The migration tooling is one part of the branch, but the overall change is larger: it updates account/key handling, Lumera dependencies, client interfaces, signing paths, and operator workflows for the EVM-enabled Lumera stack.

What changed

• Switched new/recovered supernode keyring accounts to EVM-compatible eth_secp256k1 keys and the EVM coin type 60 derivation path (m/44'/60'/0'/0/0).
• Registered Cosmos EVM crypto interfaces so the keyring can store and load the new key type while retaining compatibility with existing keyring behavior.
• Updated private key derivation, account recovery, and signing-related tests to validate deterministic EVM key generation and distinguish it from legacy Cosmos secp256k1 accounts.
• Updated Lumera client, codec, bank, SDK task, and test utility interfaces for the EVM-enabled Lumera dependency set.
• Added EVM migration support through the evmigration supernode command, including proof generation/validation coverage and integration tests.
• Added operator documentation in docs/evm-migration.md for the migration workflow.
• Added safety handling so automatic migration is refused for multisig legacy accounts.
• Aligned dependency manifests across the root module, cmd/sncli, sn-manager, and tests/system with the EVM-enabled Lumera stack.
• Included the latest master changes via merge commit 25589ad, including the host reporter storage-full compatibility updates from 80ecbb7.

Why

The EVM-enabled Lumera path requires supernode and related tools to produce and understand EVM-compatible account keys, updated signing/proof payloads, and the newer Lumera module APIs. Without these changes, operators and developers would only have partial migration tooling, while normal account creation/recovery and SDK flows would still use the legacy key model.

User and developer impact

• New supernode accounts are created as EVM-compatible accounts by default.
• Recovered accounts use the EVM derivation path and key type, producing deterministic EVM-compatible addresses from the provided mnemonic.
• Developers get updated interfaces and tests around EVM key handling, proof generation, balance checks, and signing helpers.
• Operators get a documented evmigration workflow for preparing migration proofs.
• Multisig legacy accounts are not migrated automatically, which avoids silently applying an unsafe migration path.
• Downstream module users should expect dependency updates in all affected Go modules.

Validation

• go test ./... passed locally from the repository root on 2026-05-27.

Notes

This is the broader EVM support branch, not only an EVM migration PR. The migration command and docs are included because they are part of the operator path for adopting the EVM-enabled stack.

---

Update — merge with master, review fixes, and reliability hardening

Brought the branch current with master and resolved the follow-on issues found in review and CI.

Merge & dependency

• Resolved conflicts merging origin/master (go.mod/go.sum, host_reporter, tests/system).
• Bumped lumera to v1.20.0-rc3, which restores storage-truth recovery for POSTPONED nodes (lumera implemented p2p ping #139/sn-manager updates #143). rc2 excluded postponed nodes from storage-truth target assignment, which broke the postpone→recover lifecycle and the LEP-6 enforcement/heal e2e tests.
• Removed the local => ../../../lumera replace from cmd/sncli and sn-manager so clean checkouts build against the tagged dependency.

Reliability & concurrency hardening

• Finalize simulation retries transient account sequence mismatch (re-fetching account info) instead of failing the upload — matters when one SuperNode finalizes several cascade actions concurrently.
• Artefact storage retries transient P2P conditions (no eligible store peers, 0.00% successful, momentary zero peers) with bounded backoff, using the idempotent directory-upsert path on retries.
• SQLite P2P store Close now stops and waits for all background goroutines before closing the DB (broadcast quit + interruptible checkpoint worker), fixing a goroutine leak / WAL-write-after-close race that flaked unit tests.
• requireEVMChain distinguishes a transient chain-unreachable query failure (retry w/ backoff) from a definitive "EVM module absent" (fail fast), avoiding a boot crash-loop on a momentary blip.

Review fixes

• Stricter EVM key validation: isEthSecp256k1Key type-asserts *ethsecp256k1.PubKey (rejects ed25519/multisig/offline) instead of "anything not legacy".
• Documented the deliberately-65-byte EVM migration proof signature (chain verifier requires R||S||V) vs. the 64-byte SignBytes path; documented the unsigned migration broadcast tx.
• hasMinimumSpendableBalance reports actual+required from min/denom; docs typo + keys recover usage fixes; gofmt/import grouping.
• Fixed LEP-6 e2e identities/keys for coin type 60 (configs + tests) and test fakes for the EVM-extended lumera.Client/p2p.P2P interfaces.

Validation

• unit-tests, integration-tests, cascade-e2e, and build green on CI; the full LEP-6 enforcement/heal e2e suite passes on rc3. New unit tests added for every behavior change above.

[mateeullahmalik]

I reviewed this as the EVM support branch, not just the migration helper. The main migration path is directionally sound and I verified the important unsigned evmigration tx assumption against Lumera v1.20.0-rc2: the chain intentionally registers empty signers for MsgClaimLegacyAccount / MsgMigrateValidator, so the daemon-side direct broadcast is not a problem by itself.

I do not think this is mergeable yet though. Two blockers need fixing first:

1. The PR is currently conflicted with master. git merge-tree origin/master origin/pr-299 reports conflicts in go.mod, go.sum, supernode/host_reporter/service.go, tests/system/cli.go, tests/system/go.mod, tests/system/go.sum, and tests/system/main_test.go.
2. cmd/sncli does not build/test from a clean checkout because its module replaces Lumera with a local relative path.

Validation I ran locally:

• go test ./... from the repo root: passed.
• go test ./supernode/cmd ./pkg/keyring ./pkg/lumera/codec ./sdk/task: passed.
• go test ./... in sn-manager: passed.
• go test ./... in cmd/sncli: failed immediately due to the local Lumera replace.

Once the conflicts and nested-module replace are fixed, I’d re-run root + nested module tests and then do a devnet migration/cascade pass before calling this ready.

[Copilot]

Pull request overview

This PR introduces end-to-end EVM compatibility across supernode, SDK, CLI, and tests, centered on migrating legacy Cosmos secp256k1 (coin type 118) accounts to EVM eth_secp256k1 (coin type 60), plus aligning dependencies and operational workflows for the EVM-enabled Lumera stack.

Changes:

• Adds automatic legacy→EVM account migration at supernode startup (with chain capability checks, dual-signing proofs, config rewrite, and legacy key cleanup).
• Updates SDK/client plumbing for EVM-era chain interactions (gRPC conn exposure, spendable-balance checks, ICA signature logic tweaks, and codec registrations).
• Updates system/integration tests, docs, and module dependencies to the EVM-enabled Lumera versions and Go toolchain.

Reviewed changes

Copilot reviewed 39 out of 46 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
tests/system/main_test.go	Makes SDK bech32 config init resilient to sealed config / repeated init in system tests.
tests/system/go.mod	Aligns system test module dependencies (including cosmos/evm and go-ethereum replace) and Go version.
tests/system/e2e_cascade_test.go	Updates expected bech32 addresses for EVM-derived keys in E2E flow.
tests/system/config.test-1.yml	Updates test identity address to new EVM-derived address.
tests/system/config.test-2.yml	Updates test identity address to new EVM-derived address.
tests/system/config.test-3.yml	Updates test identity address to new EVM-derived address.
tests/system/cli.go	Increases default fee/amount used by system CLI helper.
tests/integration/evmigration/evmigration_test.go	Adds integration tests for legacy→EVM keyring lifecycle, dual-signing, and config persistence.
supernode/supernode_metrics/reachability_active_probing_test.go	Updates fake Lumera client to satisfy new Conn() method in interface.
supernode/host_reporter/service.go	Stops reporting cascade kademlia DB bytes in epoch report payload.
supernode/config/config.go	Adds evm_key_name config field to support one-time migration workflow.
supernode/cmd/start.go	Integrates EVM chain check + auto-migration at startup and triggers P2P refresh on migration.
supernode/cmd/evmigration.go	Implements chain detection, migration validation, dual signing, broadcast + confirmation polling, and local cleanup.
supernode/cmd/evmigration_test.go	Adds unit tests for migration decision logic, message selection, persistence, and tx confirmation polling.
sn-manager/go.sum	Updates checksums following dependency/toolchain alignment.
sn-manager/go.mod	Aligns sn-manager module dependencies and Go version; points Lumera to local checkout.
sdk/task/task.go	Switches eligibility check to use spendable balance and refactors probe logic.
sdk/task/spendable_balance_test.go	Adds unit tests for spendable-balance eligibility behavior.
sdk/task/ica_signature.go	Adds helper to detect whether an action creator is an ICA account.
sdk/task/ica_signature_test.go	Extends test fake client + adds tests around vesting/non-ICA creator behavior.
sdk/task/helpers.go	Restricts ICA fallback signature validation to configured ICA usage or actual ICA creators.
sdk/adapters/lumera/adapter.go	Adds spendable-balance query method to Lumera adapter interface and implementation.
pkg/testutil/lumera.go	Extends mock Lumera client/bank module with Conn() and spendable-balance support.
pkg/net/credentials/lumeratc.go	Adds cache-clearing hook for key exchanger instances after identity changes.
pkg/lumera/modules/bank/interface.go	Extends bank module interface with spendable-balance query.
pkg/lumera/modules/bank/impl.go	Implements spendable-balance query against gRPC bank client.
pkg/lumera/modules/bank/bank_mock.go	Updates generated mock to include spendable-balance method.
pkg/lumera/lumera_mock.go	Updates generated Lumera client mock to include Conn().
pkg/lumera/interface.go	Adds Conn() *grpc.ClientConn to Lumera client interface.
pkg/lumera/codec/encoding.go	Registers cosmos/evm, vesting, and evmigration interfaces for codec unpacking.
pkg/lumera/codec/encoding_test.go	Adds test ensuring delayed vesting accounts unpack via encoding config.
pkg/lumera/client.go	Exposes underlying gRPC connection via Conn().
pkg/keyring/keyring.go	Switches default derivation to coin type 60 and adds eth_secp256k1 support + signature normalization.
pkg/keyring/keyring_test.go	Adds EVM key derivation/signing/idempotent SDK config tests.
p2p/p2p.go	Adds P2P-level migration notification API.
p2p/kademlia/dht.go	Adds migration notification channel for bootstrap refresher acceleration.
p2p/kademlia/bootstrap.go	Implements migration-triggered immediate bootstrap refresh + temporary accelerated interval; clears credential cache/connection pool.
go.mod	Aligns root module deps for EVM-enabled Lumera + cosmos/evm and toolchain updates.
docs/evm-migration.md	Adds operator documentation for migration workflow, including multisig offline path.
cmd/sncli/go.mod	Aligns sncli module deps for EVM-enabled Lumera + toolchain updates.
CHANGELOG.md	Adds “Upcoming EVM Release” notes describing migration, keyring, P2P, SDK, and dependency changes.
.gitignore	Adds ignores for debug output and local Claude settings.
.github/workflows/build&release.yml	Adds [no-deploy] tag message handling to create draft releases.

Files not reviewed (2)

• pkg/lumera/lumera_mock.go: Language not supported
• pkg/lumera/modules/bank/bank_mock.go: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[a-ok123]

Review: EVM support (evm-support → master)

Architecturally solid and unusually well-tested for a migration of this scope. The migration flow in supernode/cmd/evmigration.go is the strongest part: idempotent/rerunnable (checks MigrationRecord before broadcasting), correct state-mutation ordering (config persisted to disk before legacy key deletion, with a config-restore-on-failure path), fail-closed on MigrationEstimate errors, and an explicit refusal for multisig accounts with an offline lumerad playbook. The migrationChainClient interface gives good unit-test coverage without a live gRPC connection, and the P2P refresh handling (NotifyEVMMigration → cache clear + conn-pool release + accelerated bootstrap) is well thought through, including the buffered-channel / migrationPending replay when the DHT isn't up yet.

CI: build, unit-tests, integration-tests, cascade-e2e-tests green. ⚠️ lep6-e2e-tests is failing — the one blocker (see inline comment).

Main points (details inline)

1. lep6-e2e red — package FAIL with passing visible subtests; needs root-causing before merge.
2. Signature-length inconsistency — migration EVM proof keeps the 65-byte sig (evmigration.go) while keyring.SignBytes now truncates to 64. Both may be correct for their respective verifiers, but please confirm + document.
3. Unsigned broadcast tx — depends on the chain's evmigration ante decorator; worth a code comment so it isn't "fixed" later.
4. requireEVMChain fatal on transient errors — a chain blip at boot becomes a crash; consider distinguishing "absent" from "unreachable".
5. Minor: return sig, nil clarity; import grouping in testutil/lumera.go.

Nothing here is architecturally wrong — the open items are the failing e2e job and a couple of "please confirm the chain side agrees" assumptions around signature encoding. Leaving as a non-blocking comment review since it's a draft.

---

Generated by Claude Code

[mateeullahmalik]

Re-reviewed current head 14bddf0e0fae6b0f413856cfe35698d0885a0b11.

The blockers from my previous change request are resolved:

• PR now merges cleanly with master; git merge-tree origin/master origin/pr-299 returns a clean tree hash, no conflict hunks.
• The committed local Lumera replaces are gone from the nested modules; clean-checkout go test ./... passes in both cmd/sncli and sn-manager.

I also checked the follow-up reliability commits after the green full-test run. The latest code delta adds bounded retries around transient P2P artefact-store failures and a focused test suite. It is context-aware, forces idempotent directory upsert on retry, and does not retry deterministic errors.

Local validation at PR head:

• go test ./... from repo root: PASS
• go test ./supernode/cascade: PASS
• go test ./supernode/cmd ./pkg/keyring ./pkg/lumera/codec ./sdk/task: PASS
• go test ./... in cmd/sncli: PASS
• go test ./... in sn-manager: PASS
• git diff --check origin/master...HEAD: PASS

CI evidence checked:

• Build green on current head 14bddf0.
• Full tests workflow green on fc063ff for unit, integration, cascade-e2e, and lep6-e2e; later commits are the artefact-store retry + tests and changelog.

[chatgpt-codex-connector]

💡 Codex Review

supernode/p2p/kademlia/store/sqlite/sqlite.go

Lines 453 to 457 in 14bddf0

	select {
	case <-ctx.Done():
	return ctx.Err()
	case err := <-done:
	return err

Avoid waiting forever on abandoned batch jobs

When Close races with an original/local StoreBatch after the job is queued, the DB worker can take the closed quit case and return without processing the queued job or sending on job.Done. In that case this wait has no escape unless the caller's context is canceled, so callers using context.Background() or a request context not tied to shutdown can hang indefinitely during store teardown; return on store shutdown or ensure pending Done channels are completed.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".