test: enable force inclusion, re-enable fi e2e and add fi benchmarks

[julienrbrt]

ref: #2965 (comment)
ref: #2982 (comment)

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Jan 27, 2026, 8:34 AM

[gemini-code-assist]

Summary of Changes

Hello @julienrbrt, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enabling and validating the 'force inclusion' functionality within the system. It removes a previous block in the configuration validation that prevented the feature from being active and subsequently re-enables the comprehensive suite of end-to-end tests designed to verify its correct operation across various EVM components.

Highlights

• Force Inclusion Feature Activation: The 'forced inclusion' feature has been activated by removing a temporary error message that previously prevented its use in pkg/config/config.go. The configuration now correctly validates the ForcedInclusionNamespace.
• E2E Tests Re-enabled: All end-to-end tests related to EVM force inclusion, including sequencer, full node, and malicious sequencer scenarios, have been re-enabled in test/e2e/evm_force_inclusion_e2e_test.go by removing t.Skip() directives.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[claude]

Claude finished @julienrbrt's task in 2m 28s —— View job

---

Comprehensive Code Review

This PR successfully enables the force inclusion feature by removing the temporary block in configuration validation and re-enabling the complete E2E test suite. I've completed a thorough review covering code quality, security, performance, testing, and documentation.

---

Summary of Changes

✅ What Changed:

1. pkg/config/config.go: Uncommented the ForcedInclusionNamespace validation logic and removed the "forced inclusion is not yet live" error
2. test/e2e/evm_force_inclusion_e2e_test.go: Removed t.Skip() calls from 3 E2E tests (sequencer, full node sync, and malicious sequencer detection)
3. execution/evm/filter_bench_test.go: Added comprehensive benchmarks for FilterTxs performance with various scenarios

---

Code Quality & Architecture ⭐

Strengths:

• ✅ Clean, focused changes that accomplish the stated objective
• ✅ Benchmark suite follows Go best practices (using b.Helper(), b.ResetTimer(), b.ReportAllocs())
• ✅ Test architecture demonstrates proper understanding of force inclusion security model
• ✅ Good separation of concerns between normal mempool txs and force-included txs

Observations:

• Benchmark Design: The benchmarks effectively measure the performance impact of the hasForceIncludedTransaction flag, which triggers UnmarshalBinary validation. This is critical for understanding the overhead of force inclusion.
• Config Validation: The namespace validation now properly checks the ForcedInclusionNamespace when configured, maintaining consistency with Namespace and DataNamespace validation.

---

Error Handling & Resilience ⭐

Strengths:

• ✅ Namespace validation properly wrapped with context: fmt.Errorf("could not validate forced inclusion namespace (%s): %w", ...)
• ✅ E2E tests use require.Eventually with appropriate timeouts for async operations
• ✅ Tests include both happy path (valid txs) and error path (invalid/malicious behavior)

Observations:

• The validation at pkg/config/config.go:295-299 correctly handles empty namespace (skip validation) vs. invalid namespace (return error)
• E2E tests demonstrate graceful degradation when sequencer is malicious (sync node stops advancing)

---

Security 🔒

Strengths:

• ✅ Critical Security Test: TestEvmSyncerMaliciousSequencerForceInclusionE2E validates that honest full nodes detect and respond to sequencer censorship
• ✅ Force inclusion transactions are validated via UnmarshalBinary before inclusion (execution/evm/execution.go:860)
• ✅ Tests verify the grace period mechanism for force inclusion compliance
• ✅ Namespace isolation between normal operations and force inclusion

Key Security Property Validated:
The test suite validates the fundamental security guarantee: full nodes configured with the correct forced_inclusion_namespace can detect when a sequencer maliciously omits forced inclusion transactions. This is the cornerstone of censorship resistance.

Potential Concern - Coverage Gap:
⚠️ Codecov reports 0% patch coverage with 2 missing lines in pkg/config/config.go

Looking at the changes:

if len(c.DA.GetForcedInclusionNamespace()) > 0 {
    if err := validateNamespace(c.DA.GetForcedInclusionNamespace()); err != nil {  // ← line 296
        return fmt.Errorf("could not validate forced inclusion namespace (%s): %w", c.DA.GetForcedInclusionNamespace(), err)  // ← line 297
    }
}

Recommendation: Add a unit test in pkg/config/config_test.go that validates the error path for invalid ForcedInclusionNamespace values. This would:

1. Improve coverage to satisfy the CI requirement
2. Document expected validation behavior
3. Catch regressions if validation logic changes

Example test case needed:

func TestConfig_ValidateInvalidForcedInclusionNamespace(t *testing.T) {
    cfg := DefaultConfig()
    cfg.DA.ForcedInclusionNamespace = "invalid-namespace-format"
    err := cfg.Validate()
    require.Error(t, err)
    require.Contains(t, err.Error(), "could not validate forced inclusion namespace")
}

---

Performance & Resource Efficiency 🚀

Strengths:

• ✅ Excellent Benchmark Coverage: The new benchmarks measure the exact performance concern: overhead of UnmarshalBinary when force inclusion is enabled
• ✅ Smart Optimization: The code skips expensive validation (UnmarshalBinary) when hasForceIncludedTransaction=false (execution/evm/execution.go:858)
• ✅ Benchmarks cover realistic scenarios: 100, 1K, 10K transactions with various filter conditions

Benchmark Insights:
The benchmarks will quantify:

1. Unmarshal overhead: Direct comparison via BenchmarkFilterTxs_CompareUnmarshalOverhead
2. Mixed workload performance: With 10% invalid transactions via BenchmarkFilterTxs_MixedWithInvalidTxs
3. Gas/size limit performance: Real-world filtering scenarios

Minor Observation:

• Benchmark constants use hardcoded values (lines 18-21 in filter_bench_test.go). These are test-only and appropriate for benchmarking stability.

---

Testing & Reliability ✅

Strengths:

• ✅ Comprehensive E2E Coverage: Three critical scenarios tested

  1. Sequencer with force inclusion server
  2. Full node syncing force-included transactions
  3. Malicious sequencer detection by honest full node

• ✅ Realistic Test Configuration:

  • da_epoch_forced_inclusion: 2 for fast testing (line 98, 205, 296)
  • Appropriate timeouts (15-60 seconds) for async operations
  • Uses real EVM transactions with proper signing

• ✅ Test Quality:

  • Clear documentation explaining test architecture (lines 363-397)
  • Helper functions promote code reuse
  • Tests verify both positive (tx included) and negative (tx not included) outcomes

E2E Test Architecture Excellence:
The malicious sequencer test demonstrates sophisticated understanding:

// Sequencer listens to "wrong-namespace" (won't see forced txs)
"--evnode.da.forced_inclusion_namespace", "wrong-namespace",

// Full node listens to "forced-inc" (will detect violations)  
"--evnode.da.forced_inclusion_namespace", "forced-inc",

// Submit directly to DA on "forced-inc" namespace
result := daClient.Submit(ctx, [][]byte{txBytes}, -1, []byte("forced-inc"), nil)

This setup cleanly simulates a censoring sequencer without requiring actual malicious code.

Testing Observations:

• Tests run in //go:build evm mode, appropriately gated for EVM-specific functionality
• Genesis modification helper (line 28-47) is clean and well-documented
• Proper cleanup with defer client.Close() throughout

---

Documentation 📚

Strengths:

• ✅ Config field has comprehensive YAML comment explaining force inclusion namespace (pkg/config/config.go:189)
• ✅ E2E test has extensive documentation block (lines 363-397) explaining security model
• ✅ Benchmark functions have descriptive names and comments explaining what they measure
• ✅ FilterTxs function has clear docstring explaining behavior (execution/evm/execution.go:836-838)

Minor Enhancement Opportunity:
Consider adding a brief comment in pkg/config/config.go explaining why the namespace can be empty (optional feature):

// GetForcedInclusionNamespace returns the namespace for forced inclusion transactions.
// Returns empty string if force inclusion is not configured (feature is optional).
func (d *DAConfig) GetForcedInclusionNamespace() string {
    return d.ForcedInclusionNamespace
}

---

Flag Naming Consistency (Review Comment Thread)

Context: Review discussion between @randygrok and @julienrbrt about flag naming:

"is this expected? we move to rollkit flags?" → "consistency, but consistency should be the other way around indeed."

Analysis: Looking at test/e2e/evm_force_inclusion_e2e_test.go, all flags use the --evnode. prefix consistently:

"--evnode.node.aggregator=true"
"--evnode.da.forced_inclusion_namespace", "forced-inc"
"--evnode.p2p.listen_address"

The codebase uses FlagPrefixEvnode = "evnode." (pkg/config/config.go:23) as the standard prefix. The FlagPrefixRollkit = "rollkit." appears to be legacy support with normalization logic (lines 344-350) for backwards compatibility.

Conclusion: Current flag usage is correct and consistent with the evnode prefix. The comment suggests potential future refactoring to standardize away from rollkit naming, but that's outside the scope of this PR.

---

CI Status

• ✅ Semantic validation passed
• 🔄 Main CI suite in progress
• ⚠️ Codecov flagged 2 missing lines (validation error path)

---

Final Recommendations

High Priority

1. Add Unit Test for Coverage: Add test case for invalid ForcedInclusionNamespace validation to address the 0% patch coverage

Nice to Have

2. Benchmark Results Documentation: After merging, run benchmarks and document the overhead of force inclusion in performance docs or PR description
3. Genesis Modification: Consider extracting enableForceInclusionInGenesis to a shared test utility if more E2E tests need similar genesis modifications

---

Verdict: ✅ Approve with Minor Test Coverage Fix

This PR successfully enables a critical censorship-resistance feature with excellent test coverage and thoughtful performance benchmarking. The code quality is high, security properties are well-validated, and the architecture is sound.

The only blocker is the test coverage gap - please add a unit test for the forced inclusion namespace validation error path before merging.

Outstanding work on the comprehensive E2E tests - the malicious sequencer detection test is particularly well-designed and demonstrates deep understanding of the security model.

---

[gemini-code-assist]

Code Review

This pull request enables the force inclusion feature. The changes in pkg/config/config.go correctly re-enable the validation logic for the forced inclusion namespace, and the changes in test/e2e/evm_force_inclusion_e2e_test.go re-enable the end-to-end tests for this feature by removing t.Skip() calls. The changes are straightforward and effectively achieve the goal of activating the force inclusion functionality and its associated tests. The pull request title also mentions the addition of force inclusion benchmarks, but no new benchmark files were found in the changes; this might be planned for a subsequent pull request.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.91%. Comparing base (2325ace) to head (287ccc4).

Files with missing lines	Patch %	Lines
pkg/config/config.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3005      +/-   ##
==========================================
- Coverage   57.98%   57.91%   -0.08%     
==========================================
  Files         110      110              
  Lines       10522    10523       +1     
==========================================
- Hits         6101     6094       -7     
- Misses       3770     3778       +8     
  Partials      651      651              

Flag	Coverage Δ
combined	57.91% <0.00%> (-0.08%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.