chore: bump core

[tac0turtle]

Overview

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Nov 20, 2025, 1:58 PM

[claude]

Claude finished @tac0turtle's task —— View job

---

Claude finished @tac0turtle's task —— View job

---

Code Review: Core Module Version Bump to v1.0.0-beta.5

Summary

This PR updates the ev-node/core dependency from v1.0.0-beta.4 to v1.0.0-beta.5 across all modules and removes local replace directives, transitioning to use the published module version. This is a critical dependency management change that affects the entire codebase.

---

Overall Assessment

Status: ⚠️ Concerns Identified - Review Required

While this is a straightforward dependency update, there are several important considerations and potential risks that need to be addressed before merging.

---

Code Quality & Architecture

✅ Strengths

1. Consistent Version Updates: All 16 go.mod files have been updated consistently to use v1.0.0-beta.5
2. Clean Dependency Management: Removing local replace directives is the right approach for published modules
3. Proper Checksums: All go.sum files have been updated with correct checksums for the new version
4. Module Structure: The changes respect the multi-module architecture of the project

⚠️ Critical Concerns

1. Missing PR Description

   • Issue: The PR body is completely empty with just "## Overview"
   • Impact: No context about what changed in core v1.0.0-beta.5, why the upgrade is needed, or what testing was performed
   • Recommendation: Add a comprehensive description including:
     • Summary of changes in core v1.0.0-beta.5
     • Breaking changes (if any)
     • Migration steps required (if any)
     • Testing performed
     • Link to core module release notes or changelog

2. Undocumented Version in CHANGELOG.md

   • Issue: The CHANGELOG.md shows v1.0.0-beta.9 as the latest version, but there's no entry for v1.0.0-beta.5
   • Location: /home/runner/work/ev-node/ev-node/CHANGELOG.md:35
   • Impact: The changelog doesn't document what changed in beta.5, making it impossible to assess breaking changes
   • Recommendation: Either:
     • Add a v1.0.0-beta.5 section to the CHANGELOG
     • Reference the core module's changelog if it exists separately
     • Document in the PR description what changed

3. Potential Breaking Changes

   • Issue: According to CHANGELOG.md lines 28-29, the "Unreleased" section contains breaking changes:
     • Removed evnode.v1.HealthService gRPC endpoint
     • Removed TrustedHash configuration option
   • Concern: If v1.0.0-beta.5 includes these changes, this could break existing deployments
   • Recommendation:
     • Clarify if these breaking changes are in beta.5 or still unreleased
     • If included, document migration path in PR description
     • Verify all references to removed APIs have been updated

4. Commit Message Quality

   • Issue: Commit messages are minimal ("more", "tag core")
   • Location: Commits a517d6e and c73a4ee
   • Impact: Poor commit history makes it difficult to understand the change history
   • Recommendation: Use descriptive commit messages following the project's conventions

---

Dependency Management Issues

⚠️ Replace Directive Removal

Files Affected:

• go.mod:164 (removed: replace github.com/evstack/ev-node/core => ./core)
• da/go.mod:33 (removed: replace github.com/evstack/ev-node/core => ../core)

Analysis:

• ✅ Good: This is the correct approach for published modules
• ⚠️ Concern: This assumes v1.0.0-beta.5 has been published to a Go module registry
• ❓ Question: Has the core module been properly tagged and published?

Verification Needed:

# Verify the module is accessible
go list -m github.com/evstack/ev-node/[email protected]

Recommendation: Confirm in the PR description that:

1. The core module has been tagged as v1.0.0-beta.5
2. The tag is pushed to the remote repository
3. The module is accessible via Go's module proxy

⚠️ Inconsistent Local Replace Directives

Issue: Some go.mod files still use local replace directives for other modules:

• apps/evm/single/go.mod:7 - replace github.com/evstack/ev-node => ../../../
• apps/evm/single/go.mod:195-197 - Local replaces for core and da modules
• test/e2e/go.mod:17-21 - Local replaces for ev-node and execution modules

Analysis:

• This is expected for apps and test modules during development
• However, creates an inconsistency where some modules use published versions and others use local paths

Recommendation: Document the replace directive strategy in CONTRIBUTING.md or CLAUDE.md

---

Testing & Reliability

⚠️ CI Status

Current Status:

• 4 workflows still queued/in-progress
• No test failures reported yet (Buf checks passed)
• Main CI workflow still running

Concerns:

1. Cannot fully assess if the upgrade breaks anything until CI completes
2. No information about what tests cover core module interface changes
3. E2E tests not yet run

Recommendations:

1. Wait for CI completion before merging
2. Monitor these specific test suites:
   • Integration tests (make test-integration)
   • E2E tests (make test-e2e)
   • Build tests (make build-all)
3. Add test results summary to PR description once complete

📋 Testing Checklist

Based on CLAUDE.md, verify these commands pass:

• make test - Unit tests
• make test-integration - Integration tests (15m timeout)
• make test-e2e - End-to-end tests
• make build-all - All binaries build successfully
• make lint - Linting passes

---

Security Considerations

✅ Dependency Integrity

• ✅ All go.sum checksums properly updated
• ✅ No suspicious changes to dependency versions
• ✅ Core module maintains zero-dependency policy (verified in core/go.mod:5)

⚠️ Potential Risks

1. Removed Security Features: If the breaking changes in the unreleased section are included in beta.5, removing HealthService endpoint might affect monitoring and alerting
2. Configuration Changes: Removed TrustedHash configuration could affect node bootstrapping security

Recommendation: Document any security implications of the upgrade in the PR description

---

Documentation & Developer Experience

❌ Critical Gaps

1. No PR Description: Makes it impossible for reviewers to understand the change
2. No Migration Guide: If breaking changes exist, developers need migration instructions
3. No Testing Evidence: No information about what testing was performed
4. No Rollback Plan: No documentation on how to rollback if issues arise

📝 Recommended PR Description Template

## Overview

This PR bumps the ev-node/core dependency from v1.0.0-beta.4 to v1.0.0-beta.5.

## Changes in core v1.0.0-beta.5

[List of changes, or link to core module changelog]

## Breaking Changes

- [ ] None
- [ ] Yes (describe below)

[If breaking changes, describe migration steps]

## Testing Performed

- [ ] Unit tests pass (`make test`)
- [ ] Integration tests pass (`make test-integration`)
- [ ] E2E tests pass (`make test-e2e`)
- [ ] All binaries build (`make build-all`)
- [ ] Manual testing: [describe]

## Module Publication Status

- [ ] core v1.0.0-beta.5 tagged and pushed
- [ ] Verified module is accessible via Go proxy
- [ ] All checksums verified

## Rollback Plan

If issues arise: Revert this PR and use v1.0.0-beta.4

---

Performance & Resource Efficiency

No concerns identified - This is a dependency version update with no expected performance impact.

---

Action Items

🔴 Before Merging (Blockers)

1. Add comprehensive PR description - Critical for understanding the change
2. Wait for CI to complete - Verify all tests pass
3. Verify core module publication - Confirm v1.0.0-beta.5 is accessible
4. Document breaking changes - If any exist in beta.5

🟡 Recommended Improvements

1. Update CHANGELOG.md to document beta.5 release
2. Improve commit messages for better git history
3. Add migration guide if breaking changes exist
4. Document replace directive strategy in project docs

🟢 Nice to Have

1. Add automated checks for version consistency across modules
2. Consider semantic versioning adherence for beta releases
3. Document core module release process

---

Files Reviewed

Modified go.mod files (10):

• ✅ go.mod:13
• ✅ da/go.mod:6
• ✅ apps/evm/single/go.mod:13
• ✅ apps/grpc/single/go.mod
• ✅ apps/testapp/go.mod
• ✅ execution/evm/go.mod:7
• ✅ execution/evm/test/go.mod
• ✅ execution/grpc/go.mod:9
• ✅ test/e2e/go.mod
• ✅ tools/da-debug/go.mod

Modified go.sum files (6):

• ✅ go.sum
• ✅ da/go.sum
• ✅ execution/evm/go.sum
• ✅ execution/evm/test/go.sum
• ✅ execution/grpc/go.sum
• ✅ test/e2e/go.sum

---

Conclusion

This is a necessary dependency update, but the PR lacks essential information for safe merging. The changes themselves are mechanically correct, but without documentation of what changed in core v1.0.0-beta.5 and verification that all tests pass, I cannot recommend merging at this time.

Recommended Next Steps:

1. Add comprehensive PR description
2. Wait for full CI completion
3. Verify no breaking changes or document migration path
4. Confirm core module publication

Once these items are addressed, this PR should be safe to merge.

---

CI Status

⏳ Waiting for CI to complete - 4 workflows still pending:

• Semantic Pull Request: queued
• CI: queued
• Claude Code Review: in progress
• PR chore: bump core #2865: queued

[gemini-code-assist]

Summary of Changes

Hello @tac0turtle, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the ev-node/core dependency to its latest beta version (v1.0.0-beta.5) across various applications and modules within the project. This ensures that all components are utilizing the most recent features and bug fixes from the core library. Additionally, it streamlines dependency management by removing local replace directives, allowing the project to rely on the officially published core module.

Highlights

• Dependency Update: The github.com/evstack/ev-node/core dependency has been bumped from v1.0.0-beta.4 to v1.0.0-beta.5 across multiple modules.
• Module Replacement Removal: Local replace directives for github.com/evstack/ev-node/core have been removed from the da and root go.mod files, indicating a shift to using the published module directly.
• Checksum Updates: Corresponding go.sum files have been updated to reflect the new v1.0.0-beta.5 version and its checksums.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request bumps the github.com/evstack/ev-node/core dependency to v1.0.0-beta.5. While the changes in this PR are a step in the right direction, they highlight significant inconsistencies in dependency management across the monorepo.

The most critical issue is the partial removal of replace directives for the core module. They are removed from the root and da/ go.mod files, but remain in apps/* and tools/da-debug. This will cause different parts of the project to build against different versions of core (the new tag vs. a local directory), which can lead to hard-to-debug issues. I've left a specific comment on this.

I also noticed other dependency version mismatches between modules (e.g., for github.com/evstack/ev-node/da) and inconsistent go versions in go.mod files. While these are outside the scope of this PR's changes, it would be beneficial to address them in a follow-up to improve the project's stability and maintainability.

Finally, the PR title has a minor typo (double space), and the description is empty; adding a brief summary would improve clarity for future reference.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.80%. Comparing base (e5aa2c3) to head (f296814).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2865   +/-   ##
=======================================
  Coverage   64.80%   64.80%           
=======================================
  Files          81       81           
  Lines        7243     7243           
=======================================
  Hits         4694     4694           
  Misses       2005     2005           
  Partials      544      544           

Flag	Coverage Δ
combined	64.80% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.