build: migrate from Make to just as command runner

[tac0turtle]

Replace Makefile + 6 .mk include files with a single justfile. Update all CI workflows (setup-just action) and docs references.

Overview

Summary by CodeRabbit

• Chores

  • CI and developer workflows now use the "just" task runner; legacy Make targets removed and CI jobs updated to install and invoke Just.
  • New task runner recipes provide centralized build, test, lint, codegen, run, and tool orchestration, plus Docker test orchestration.

• Documentation

  • Guides, READMEs, and contributor docs updated to show "just" commands and examples.

[coderabbitai]

Warning

Rate limit exceeded

@tac0turtle has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 0 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 9755352 and da1f427.

📒 Files selected for processing (3)

• apps/grpc/Dockerfile
• apps/testapp/Dockerfile
• tools/local-da/Dockerfile

📝 Walkthrough

Walkthrough

Replace Make-based CI and local tooling with Just: remove modular Makefiles, add a top-level Justfile and multiple .just modules, and update GitHub workflows and documentation to invoke Just recipes instead of Make targets.

Changes

Cohort / File(s)	Summary
GitHub workflows \.github/workflows/benchmark.yml, \.github/workflows/dependabot-auto-fix.yml, \.github/workflows/docker-tests.yml, \.github/workflows/test.yml	Add "Install just" step and replace make invocations with just recipes across CI jobs.
Top-level Just config justfile, \.just/build.just, \.just/test.just, \.just/proto.just, \.just/lint.just, \.just/codegen.just, \.just/run.just, \.just/tools.just	Introduce centralized Just configuration and grouped recipes for build, test, proto, lint, codegen, run, and tools; inject version/ldflags and default listing behavior.
Removed Make-based scripts scripts/build.mk, scripts/test.mk, scripts/proto.mk, scripts/run.mk, scripts/utils.mk, tools/tools.mk	Delete modular Makefiles that provided build, test, proto, run, utils, and tools targets (functionality migrated to .just files).
Main Makefile Makefile	Strip includes, default goal, and help target; top-level Makefile no longer exposes prior aggregated targets.
Documentation and READMEs README.md, CLAUDE.md, docs/CLAUDE.md, docs/guides/create-genesis.md, docs/guides/evm/single.md, docs/guides/gm-world.md, docs/guides/quick-start.md, client/crates/types/README.md, pkg/cmd/README.md, tools/local-da/README.md	Update examples and instructions to use just <recipe> instead of make <target> throughout docs and READMEs.
Makefile targets removed → Just recipes added scripts/* → .just/* (implicit mapping)	Workflows formerly implemented as Make targets (build, install, proto-gen, lint, test suites, run, docker build/cleanup) now have corresponding Just recipes; various Make targets deleted.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• tuxcanfly
• yarikbratashchuk
• tzdybal
• gupadhyaya

Poem

🐰 I swapped my old Make-hoe for a bright little Just,

recipes in neat rows—no more tumble and rust.
CI hops along, docs sing a new tune,
builds, tests, and protos — all ready by noon.
A nibble of change, and the dev burrow’s plush.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description provides a brief overview of the changes but lacks detailed explanation of context, rationale, and motivation for the migration beyond the screenshot.	Expand the description to include the rationale for migrating from Make to just, any benefits or tradeoffs, and link to any related issues using 'Closes #' format.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly summarizes the main change: migrating from Make to just as the command runner, which is the primary focus of this comprehensive refactoring.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch migrate-make-to-just

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude finished @tac0turtle's task in 1m 51s —— View job

---

Code Review: build: migrate from Make to just as command runner

Overall this is a clean, well-organized migration. The split into per-group .just/*.just files is a nice touch for maintainability. I found a few bugs and issues worth addressing before merge.

---

Bugs / Correctness Issues

1. Missing -tags=tidy build constraint in deps recipe (.just/codegen.just:13)

scripts/tidy.go has a //go:build tidy constraint at line 1. The deps recipe calls it without the required flag:

@go run scripts/tidy.go          # ← fails: missing -tags=tidy

The tidy-all recipe on line 18 correctly uses -tags=tidy. The deps recipe needs the same fix:

@go run -tags=tidy scripts/tidy.go

Fix this →

2. rust-proto-check will always fail (.just/proto.just:24-25)

The recipe deletes the generated .rs files then runs cargo build without EV_TYPES_FORCE_PROTO_GEN=1. Since the env var is required to trigger proto regeneration, the files won't be regenerated, and git diff will always detect changes — making the check permanently broken:

@rm -rf client/crates/types/src/proto/*.rs
@cd client/crates/types && cargo build          # ← missing EV_TYPES_FORCE_PROTO_GEN=1

Fix:

@cd client/crates/types && EV_TYPES_FORCE_PROTO_GEN=1 cargo build

Fix this →

3. Inconsistent repo name check in test-docker-e2e (.just/test.just:59)

test-docker-e2e checks "ev-node" to determine if a local image is needed, but docker-build-if-local (line 81) checks "evstack". When EV_NODE_IMAGE_REPO=evstack, the build step treats it as local, but the verification step skips it — potentially running tests against a non-existent image:

# test-docker-e2e (line 59):
[ "${EV_NODE_IMAGE_REPO:-}" = "ev-node" ]   # ← wrong: should be "evstack"

# docker-build-if-local (line 81):  
[ "${EV_NODE_IMAGE_REPO:-}" = "evstack" ]   # ← correct value

Additionally, there's a duplicate unconditional echo at line 58 before the conditional block that also echoes the same message.

Fix this →

---

Security: Unpinned Action References

All 12 uses of extractions/setup-just across 4 workflow files use the mutable @v3 tag. The rest of the repo's actions in benchmark.yml are pinned to commit SHAs (e.g., actions/checkout@de0fac2e...). GitHub Advanced Security has flagged these as supply-chain risks.

Affected files: benchmark.yml (×2), docker-tests.yml (×3), test.yml (×6), dependabot-auto-fix.yml (×1)

The commit SHA for extractions/setup-just@v3 is dd8b084a74b2a7571 — find the correct full SHA from the action repository and pin it consistently, matching the pattern already used for other actions.

---

Minor Issues

4. Hardcoded path in build echo (.just/build.just:8)

@echo "    Check the version with: build/testapp version"    # ← hardcoded
@echo "    Check the binary with: {{ build_dir }}/testapp"   # ← uses variable

The first line should use {{ build_dir }}/testapp for consistency.

5. build-all duplicates individual recipe commands (.just/build.just:20-31)

build-all reimplements the build commands from build, build-evm, and build-da inline. This violates DRY and means any change to a sub-recipe won't be reflected in build-all. Use Just's dependency system instead:

build-all: build build-evm build-da
    @echo "--> All ev-node binaries built!"

6. Missing testlink recipe (docs/CLAUDE.md:13,47,54)

docs/CLAUDE.md references just testlink three times for link validation using lychee, but this recipe doesn't exist in the justfile. Either add a testlink recipe to .just/lint.just or update the docs to reflect the correct command.

7. Unnamed steps in go_mod_tidy_check (.github/workflows/test.yml:33-34)

Unlike every other job, the go_mod_tidy_check job uses unnamed - uses: / - run: steps, which makes GitHub Actions logs harder to read. Minor, but inconsistent with the rest of the file.

---

Positive Notes

• Clean separation into per-group .just/*.just files mirrors the old .mk files pattern while being more idiomatic
• Good use of justfile_directory() for build_dir — avoids CWD-sensitive bugs
• ldflags and tool_ldflags are correctly split between pkg/cmd and main packages
• Dockerfiles are simplified by removing the make dependency layer
• CI workflows correctly set just up before using it

---

Summary: The migration is solid overall. Issues #1 and #2 (missing build tag and missing env var) are actual functional bugs that will cause CI failures. Issue #3 (inconsistent repo name check) is also a functional bug. The rest are code quality improvements.

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Feb 26, 2026, 4:42 PM

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (4)

.github/workflows/benchmark.yml (2)

58-61: Same unpinned action concern applies here.

For consistency, this instance of extractions/setup-just@v4 should also be pinned to a commit SHA if you decide to pin the first occurrence.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/benchmark.yml around lines 58 - 61, The workflow uses the
unpinned action reference "extractions/setup-just@v4" in the "Install just"
step; replace that tag with the same commit SHA you pinned for the first
occurrence so the action is fixed to a specific commit (i.e., change uses:
extractions/setup-just@v4 to uses: extractions/setup-just@<COMMIT_SHA>),
ensuring consistency across both occurrences while leaving the subsequent "Build
binaries" run step unchanged.

---

26-29: Pin the setup-just action to a specific commit SHA for consistency and reproducibility.

All other actions in this workflow are pinned to specific commit SHAs (e.g., actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2), but extractions/setup-just uses an unpinned version tag @v4 on both lines 27 and 59. Version tags can be moved or updated unexpectedly, introducing non-deterministic behavior.

Suggested change

      - name: Install just
-       uses: extractions/setup-just@v4
+       uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v4

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/benchmark.yml around lines 26 - 29, Replace the unpinned
GitHub Action usage "extractions/setup-just@v4" with a specific commit SHA to
make the workflow deterministic; locate the two occurrences of the action in the
benchmark workflow (the "Install just" step and the second occurrence around
line 59) and update their ref from `@v4` to the exact commit SHA for the desired
v4 release (e.g., @<commit-sha>) so the action is pinned consistently.

justfile (1)

229-259: Consider adding a testlink recipe for link validation.

The documentation in docs/CLAUDE.md references just testlink for validating markdown links using lychee, but no such recipe is defined. Consider adding it to maintain parity with the documented workflow.

Suggested recipe to add

# Validate links in markdown files using lychee
[group('lint')]
testlink:
    `@echo` "--> Validating links in markdown files"
    `@lychee` --config .lychee.toml '**/*.md' || lychee '**/*.md'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@justfile` around lines 229 - 259, Add a new just recipe named testlink under
the existing group('lint') to match docs/CLAUDE.md; implement a recipe called
testlink that echoes a validating message and invokes lychee with the
.lychee.toml config falling back to a plain lychee run (use the same glob
'**/*.md'), ensuring it follows the pattern used by other recipes in the lint
group (see existing lint, lint-fix, vet recipes for style and placement).

.github/workflows/test.yml (1)

33-36: Minor style inconsistency in step naming.

This job uses implicit step syntax (- uses: / - run:) without step names, while other jobs in this workflow use explicit - name: labels. Consider adding step names for consistency and better readability in GitHub Actions logs.

Suggested improvement for consistency

-      - uses: extractions/setup-just@v4
-      - run: just deps
+      - name: Install just
+        uses: extractions/setup-just@v4
+      - name: Run dependency update
+        run: just deps

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/test.yml around lines 33 - 36, The workflow has unnamed
steps using "uses: extractions/setup-just@v4" and "run: just deps" which is
inconsistent with other jobs that use explicit step names; add descriptive
"name:" labels for those two steps (e.g., name: Setup just and name: Install
deps) so the steps referencing the uses: extractions/setup-just@v4 and the run:
just deps are named consistently with the existing named step "name: check for
diff" to improve readability in logs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/CLAUDE.md`:
- Line 13: The docs reference a missing Just recipe: add a `testlink` recipe to
the justfile (or update docs to the existing recipe name) so `just testlink`
actually runs lychee; implement a recipe named `testlink` in the justfile that
installs/uses lychee (or invokes the existing link-check target) and exits
non-zero on failures, or change the documentation lines (13, 47, 54) to the
current command name if you prefer not to add a recipe—look for the justfile and
the existing link-check task to ensure consistent naming between the justfile
(recipe `testlink`) and the docs.

In `@justfile`:
- Around line 151-155: Remove the duplicate unconditional echo of "--> Verifying
Docker image exists locally..." and keep a single verification message only
inside the conditional that checks EV_NODE_IMAGE_REPO (the block using the test
of "${EV_NODE_IMAGE_REPO:-}" and the docker image inspect evstack:local-dev
invocation); i.e., delete or relocate the standalone `@echo` "--> Verifying Docker
image exists locally..." so the message is emitted only when the conditional
runs around the docker image inspect command.

---

Nitpick comments:
In @.github/workflows/benchmark.yml:
- Around line 58-61: The workflow uses the unpinned action reference
"extractions/setup-just@v4" in the "Install just" step; replace that tag with
the same commit SHA you pinned for the first occurrence so the action is fixed
to a specific commit (i.e., change uses: extractions/setup-just@v4 to uses:
extractions/setup-just@<COMMIT_SHA>), ensuring consistency across both
occurrences while leaving the subsequent "Build binaries" run step unchanged.
- Around line 26-29: Replace the unpinned GitHub Action usage
"extractions/setup-just@v4" with a specific commit SHA to make the workflow
deterministic; locate the two occurrences of the action in the benchmark
workflow (the "Install just" step and the second occurrence around line 59) and
update their ref from `@v4` to the exact commit SHA for the desired v4 release
(e.g., @<commit-sha>) so the action is pinned consistently.

In @.github/workflows/test.yml:
- Around line 33-36: The workflow has unnamed steps using "uses:
extractions/setup-just@v4" and "run: just deps" which is inconsistent with other
jobs that use explicit step names; add descriptive "name:" labels for those two
steps (e.g., name: Setup just and name: Install deps) so the steps referencing
the uses: extractions/setup-just@v4 and the run: just deps are named
consistently with the existing named step "name: check for diff" to improve
readability in logs.

In `@justfile`:
- Around line 229-259: Add a new just recipe named testlink under the existing
group('lint') to match docs/CLAUDE.md; implement a recipe called testlink that
echoes a validating message and invokes lychee with the .lychee.toml config
falling back to a plain lychee run (use the same glob '**/*.md'), ensuring it
follows the pattern used by other recipes in the lint group (see existing lint,
lint-fix, vet recipes for style and placement).

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 212ac08 and 149b405.

📒 Files selected for processing (22)

• .github/workflows/benchmark.yml
• .github/workflows/dependabot-auto-fix.yml
• .github/workflows/docker-tests.yml
• .github/workflows/test.yml
• CLAUDE.md
• Makefile
• README.md
• client/crates/types/README.md
• docs/CLAUDE.md
• docs/guides/create-genesis.md
• docs/guides/evm/single.md
• docs/guides/gm-world.md
• docs/guides/quick-start.md
• justfile
• pkg/cmd/README.md
• scripts/build.mk
• scripts/proto.mk
• scripts/run.mk
• scripts/test.mk
• scripts/utils.mk
• tools/local-da/README.md
• tools/tools.mk

💤 Files with no reviewable changes (7)

• scripts/proto.mk
• scripts/utils.mk
• Makefile
• scripts/run.mk
• scripts/build.mk
• scripts/test.mk
• tools/tools.mk

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check for testlink recipe in justfile
if [ -f "justfile" ]; then
  echo "=== Checking justfile for testlink recipe ==="
  grep -n "testlink" justfile || echo "No testlink recipe found"
  echo ""
  echo "=== All recipes in justfile ==="
  grep -n "^[a-zA-Z_].*:" justfile | head -20
else
  echo "justfile not found"
fi

Repository: evstack/ev-node

Length of output: 863

---

🏁 Script executed:

#!/bin/bash
# Check docs/CLAUDE.md for references to testlink
echo "=== Checking docs/CLAUDE.md ==="
if [ -f "docs/CLAUDE.md" ]; then
  grep -n "testlink" docs/CLAUDE.md
  echo ""
  echo "=== Context around line 13 ==="
  sed -n '10,16p' docs/CLAUDE.md
else
  echo "docs/CLAUDE.md not found"
fi

Repository: evstack/ev-node

Length of output: 565

---

Add missing testlink recipe to justfile.

Documentation at lines 13, 47, and 54 instructs users to run just testlink for link validation using lychee, but this recipe is not defined in the justfile. Add the recipe or update the documentation to reflect the actual command.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/CLAUDE.md` at line 13, The docs reference a missing Just recipe: add a
`testlink` recipe to the justfile (or update docs to the existing recipe name)
so `just testlink` actually runs lychee; implement a recipe named `testlink` in
the justfile that installs/uses lychee (or invokes the existing link-check
target) and exits non-zero on failures, or change the documentation lines (13,
47, 54) to the current command name if you prefer not to add a recipe—look for
the justfile and the existing link-check task to ensure consistent naming
between the justfile (recipe `testlink`) and the docs.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Duplicate echo statement.

Lines 151-152 both echo messages about verifying Docker image existence, with line 154 being inside the conditional block. The first echo on line 152 runs unconditionally while line 154 runs conditionally.

Suggested fix

 test-docker-e2e: docker-build-if-local
     `@echo` "--> Running Docker E2E tests"
-    `@echo` "--> Verifying Docker image exists locally..."
     `@if` [ -z "${EV_NODE_IMAGE_REPO:-}" ] || [ "${EV_NODE_IMAGE_REPO:-}" = "ev-node" ]; then \
         echo "--> Verifying Docker image exists locally..."; \
         docker image inspect evstack:local-dev >/dev/null 2>&1 || (echo "ERROR: evstack:local-dev image not found. Run 'just docker-build' first." && exit 1); \
     fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	@echo "--> Running Docker E2E tests"
	@echo "--> Verifying Docker image exists locally..."
	@if [ -z "${EV_NODE_IMAGE_REPO:-}" ] || [ "${EV_NODE_IMAGE_REPO:-}" = "ev-node" ]; then \
	echo "--> Verifying Docker image exists locally..."; \
	docker image inspect evstack:local-dev >/dev/null 2>&1 || (echo "ERROR: evstack:local-dev image not found. Run 'just docker-build' first." && exit 1); \
	`@echo` "--> Running Docker E2E tests"
	`@if` [ -z "${EV_NODE_IMAGE_REPO:-}" ] || [ "${EV_NODE_IMAGE_REPO:-}" = "ev-node" ]; then \
	echo "--> Verifying Docker image exists locally..."; \
	docker image inspect evstack:local-dev >/dev/null 2>&1 || (echo "ERROR: evstack:local-dev image not found. Run 'just docker-build' first." && exit 1); \

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@justfile` around lines 151 - 155, Remove the duplicate unconditional echo of
"--> Verifying Docker image exists locally..." and keep a single verification
message only inside the conditional that checks EV_NODE_IMAGE_REPO (the block
using the test of "${EV_NODE_IMAGE_REPO:-}" and the docker image inspect
evstack:local-dev invocation); i.e., delete or relocate the standalone `@echo`
"--> Verifying Docker image exists locally..." so the message is emitted only
when the conditional runs around the docker image inspect command.

[julienrbrt]

lgtm! looks great

[auricom]

Better than make 😄

we could split the justfile into multiple small ones, like this : https://github.com/auricom/home-ops/blob/main/.justfile#L6-L10
but its not really needed atm

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (5)

.just/proto.just (1)

12-12: Consider pinning the buf Docker image version.

Using bufbuild/buf:latest can lead to inconsistent linting results across builds. Consider pinning to a specific version for reproducibility.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.just/proto.just at line 12, The Docker invocation uses the floating image
tag "bufbuild/buf:latest" which can cause non-reproducible lint results; change
the image reference in the Docker command (the line containing "docker run ...
bufbuild/buf:latest lint") to a fixed buf release tag (or move the image tag
into a variable and reference that) so the buf version is pinned for
reproducible linting across builds.

.just/codegen.just (1)

5-5: Consider pinning mockery version for reproducible builds.

Using @latest can lead to inconsistent builds if mockery releases breaking changes. Consider pinning to a specific version or using a version variable defined in the root justfile.

♻️ Suggested fix

-    go run github.com/vektra/mockery/v3@latest
+    go run github.com/vektra/mockery/v3@v3.1.0

Alternatively, define a mockery_version variable in the root justfile for easier updates.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.just/codegen.just at line 5, Replace the unstable use of "go run
github.com/vektra/mockery/v3@latest" with a pinned version or a variable
reference: either hardcode a specific tag (e.g., `@vX.Y.Z`) in the command or
reference a root-level variable like mockery_version (e.g.,
github.com/vektra/mockery/v3@${mockery_version}) so builds are reproducible and
upgrades are centralized; update the .just/codegen.just invocation to use that
pinned version or variable and add the mockery_version variable to the root
justfile.

.just/build.just (1)

20-31: Consider using dependencies to reduce duplication in build-all.

The build-all recipe duplicates the build commands from build, build-evm, and build-da. Using Just's dependency system would eliminate this duplication and ensure consistency.

♻️ Suggested refactor

 # Build all ev-node binaries
 [group('build')]
-build-all:
+build-all: build build-evm build-da
     `@echo` "--> Building all ev-node binaries"
-    `@mkdir` -p {{ build_dir }}
-    `@echo` "--> Building testapp"
-    `@cd` apps/testapp && go build -ldflags "{{ ldflags }}" -o {{ build_dir }}/testapp .
-    `@echo` "--> Building evm"
-    `@cd` apps/evm && go build -ldflags "{{ ldflags }}" -o {{ build_dir }}/evm .
-    `@echo` "--> Building local-da"
-    `@cd` tools/local-da && go build -ldflags "{{ ldflags }}" -o {{ build_dir }}/local-da .
     `@echo` "--> All ev-node binaries built!"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.just/build.just around lines 20 - 31, The build-all recipe duplicates the
commands in existing recipes; refactor it to declare dependencies on the
individual recipes (e.g., build, build-evm, build-da or whatever the
single-target recipes are named) instead of repeating their commands so Just
will run those recipes in order; update the build-all target under
group('build') to list those recipe names as prerequisites and remove the
duplicated mkdir/cd/go build lines, ensuring any shared variables (like
build_dir and ldflags) remain referenced by the depended-on recipes.

.just/lint.just (1)

8-9: Hadolint only checks one specific Dockerfile.

The hadolint check is hardcoded to test/docker/mockserv.Dockerfile. Other Dockerfiles in the repository (like apps/testapp/Dockerfile referenced in docker-build) won't be linted.

♻️ Consider linting all Dockerfiles

     `@echo` "--> Running hadolint"
-    `@hadolint` test/docker/mockserv.Dockerfile
+    `@fd` -e Dockerfile -x hadolint {}

Or explicitly list all Dockerfiles that should be linted.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.just/lint.just around lines 8 - 9, The hadolint invocation is hardcoded to
test/docker/mockserv.Dockerfile (the line invoking hadolint), so update the
hadolint step to lint all Dockerfiles instead of a single path: either replace
the hardcoded argument with a discovery command that finds all Dockerfiles
(e.g., find or git ls-files patterns) and passes them to hadolint, or explicitly
list every repo Dockerfile (including apps/testapp/Dockerfile and
test/docker/mockserv.Dockerfile) in that hadolint invocation; modify the
hadolint invocation line accordingly so it covers all Dockerfiles.

.just/test.just (1)

63-64: Cleanup runs even if tests fail.

The docker-cleanup-if-local call on Line 64 executes regardless of whether the tests on Line 63 pass or fail. If tests fail, the recipe exits before reaching Line 64, but if there's an intention to always cleanup, consider using Just's [no-exit-message] attribute or shell traps for guaranteed cleanup.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.just/test.just around lines 63 - 64, The cleanup currently invoked by the
separate line "@just docker-cleanup-if-local" may not run if the test command
fails; change the recipe so cleanup is guaranteed by installing an EXIT trap
before running the tests (e.g., add a line that runs "trap 'just
docker-cleanup-if-local' EXIT" prior to the "@cd test/docker-e2e && go test
-mod=readonly -failfast -v -tags='docker_e2e' -timeout=30m ./..." command and
remove the standalone "@just docker-cleanup-if-local" line), or alternatively
apply Just's "[no-exit-message]" attribute and wrap the test invocation to
ensure the cleanup command always executes on exit; update the lines referencing
the test command and the "@just docker-cleanup-if-local" invocation accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.just/build.just:
- Around line 8-9: The echo messages are inconsistent: one hardcodes
"build/testapp" while the other uses the template variable "{{ build_dir
}}/testapp"; update the first echo to use the same build_dir variable so both
lines reference "{{ build_dir }}/testapp" (edit the echo string in the `@echo`
that currently prints "Check the binary with: build/testapp" to use "{{
build_dir }}/testapp" instead).

In @.just/codegen.just:
- Around line 9-13: The deps recipe currently runs "go run scripts/tidy.go"
without the build tag, which fails because scripts/tidy.go has a //go:build tidy
constraint; update the deps recipe to invoke the script with the build tag (use
"go run -tags=tidy scripts/tidy.go") so it compiles like the tidy-all recipe and
includes the required -tags=tidy flag.

In @.just/proto.just:
- Around line 24-25: The rust-proto-check recipe deletes generated proto files
but then runs cargo build without setting EV_TYPES_FORCE_PROTO_GEN=1 so
rust-proto-gen won’t regenerate files and git diff will always fail; update the
rust-proto-check recipe (the block that runs the commands removing
client/crates/types/src/proto/*.rs and then "cd client/crates/types && cargo
build") to run cargo build with the env var set (e.g. prefix the build with
EV_TYPES_FORCE_PROTO_GEN=1 or export it before invoking cargo) so rust-proto-gen
is triggered during the check.

In @.just/test.just:
- Around line 57-62: Remove the duplicated echo and make the repo-name check
consistent with the docker-build-if-local logic: delete the repeated "@echo
\"--> Verifying Docker image exists locally...\"" and change the conditional
that currently compares EV_NODE_IMAGE_REPO to "ev-node" so it compares to
"evstack" (the same value used by docker-build-if-local); keep a single echo
before the conditional and ensure the docker image inspect line still checks
evstack:local-dev.

---

Nitpick comments:
In @.just/build.just:
- Around line 20-31: The build-all recipe duplicates the commands in existing
recipes; refactor it to declare dependencies on the individual recipes (e.g.,
build, build-evm, build-da or whatever the single-target recipes are named)
instead of repeating their commands so Just will run those recipes in order;
update the build-all target under group('build') to list those recipe names as
prerequisites and remove the duplicated mkdir/cd/go build lines, ensuring any
shared variables (like build_dir and ldflags) remain referenced by the
depended-on recipes.

In @.just/codegen.just:
- Line 5: Replace the unstable use of "go run
github.com/vektra/mockery/v3@latest" with a pinned version or a variable
reference: either hardcode a specific tag (e.g., `@vX.Y.Z`) in the command or
reference a root-level variable like mockery_version (e.g.,
github.com/vektra/mockery/v3@${mockery_version}) so builds are reproducible and
upgrades are centralized; update the .just/codegen.just invocation to use that
pinned version or variable and add the mockery_version variable to the root
justfile.

In @.just/lint.just:
- Around line 8-9: The hadolint invocation is hardcoded to
test/docker/mockserv.Dockerfile (the line invoking hadolint), so update the
hadolint step to lint all Dockerfiles instead of a single path: either replace
the hardcoded argument with a discovery command that finds all Dockerfiles
(e.g., find or git ls-files patterns) and passes them to hadolint, or explicitly
list every repo Dockerfile (including apps/testapp/Dockerfile and
test/docker/mockserv.Dockerfile) in that hadolint invocation; modify the
hadolint invocation line accordingly so it covers all Dockerfiles.

In @.just/proto.just:
- Line 12: The Docker invocation uses the floating image tag
"bufbuild/buf:latest" which can cause non-reproducible lint results; change the
image reference in the Docker command (the line containing "docker run ...
bufbuild/buf:latest lint") to a fixed buf release tag (or move the image tag
into a variable and reference that) so the buf version is pinned for
reproducible linting across builds.

In @.just/test.just:
- Around line 63-64: The cleanup currently invoked by the separate line "@just
docker-cleanup-if-local" may not run if the test command fails; change the
recipe so cleanup is guaranteed by installing an EXIT trap before running the
tests (e.g., add a line that runs "trap 'just docker-cleanup-if-local' EXIT"
prior to the "@cd test/docker-e2e && go test -mod=readonly -failfast -v
-tags='docker_e2e' -timeout=30m ./..." command and remove the standalone "@just
docker-cleanup-if-local" line), or alternatively apply Just's
"[no-exit-message]" attribute and wrap the test invocation to ensure the cleanup
command always executes on exit; update the lines referencing the test command
and the "@just docker-cleanup-if-local" invocation accordingly.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 149b405 and ffd24a5.

📒 Files selected for processing (8)

• .just/build.just
• .just/codegen.just
• .just/lint.just
• .just/proto.just
• .just/run.just
• .just/test.just
• .just/tools.just
• justfile

🚧 Files skipped from review as they are similar to previous changes (1)

• justfile

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Inconsistent path reference in echo message.

Line 8 uses a hardcoded path build/testapp while Line 9 correctly uses {{ build_dir }}/testapp. This could cause confusion if build_dir is changed.

🔧 Proposed fix

     `@echo` "--> Testapp CLI Built!"
-    `@echo` "    Check the version with: build/testapp version"
+    `@echo` "    Check the version with: {{ build_dir }}/testapp version"
     `@echo` "    Check the binary with: {{ build_dir }}/testapp"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	@echo " Check the version with: build/testapp version"
	@echo " Check the binary with: {{ build_dir }}/testapp"
	`@echo` " Check the version with: {{ build_dir }}/testapp version"
	`@echo` " Check the binary with: {{ build_dir }}/testapp"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.just/build.just around lines 8 - 9, The echo messages are inconsistent: one
hardcodes "build/testapp" while the other uses the template variable "{{
build_dir }}/testapp"; update the first echo to use the same build_dir variable
so both lines reference "{{ build_dir }}/testapp" (edit the echo string in the
`@echo` that currently prints "Check the binary with: build/testapp" to use "{{
build_dir }}/testapp" instead).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's look at the full codegen.just file to see both recipes
cat -n .just/codegen.just

Repository: evstack/ev-node

Length of output: 578

---

🏁 Script executed:

# Check for build constraints in scripts/tidy.go
head -30 scripts/tidy.go

Repository: evstack/ev-node

Length of output: 704

---

Add -tags=tidy flag to deps recipe on line 13.

The scripts/tidy.go file has a //go:build tidy build constraint (line 1), which requires the -tags=tidy flag to compile. Line 13 runs the script without this flag, causing it to fail. Align with the tidy-all recipe on line 18, which correctly includes -tags=tidy.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.just/codegen.just around lines 9 - 13, The deps recipe currently runs "go
run scripts/tidy.go" without the build tag, which fails because scripts/tidy.go
has a //go:build tidy constraint; update the deps recipe to invoke the script
with the build tag (use "go run -tags=tidy scripts/tidy.go") so it compiles like
the tidy-all recipe and includes the required -tags=tidy flag.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Missing EV_TYPES_FORCE_PROTO_GEN=1 in rust-proto-check will cause false failures.

The rust-proto-check recipe deletes the generated proto files and then runs cargo build without EV_TYPES_FORCE_PROTO_GEN=1. Since rust-proto-gen uses this env var to trigger regeneration, omitting it here means the proto files won't be regenerated during the check, causing git diff to always detect changes.

🐛 Proposed fix

     `@rm` -rf client/crates/types/src/proto/*.rs
-    `@cd` client/crates/types && cargo build
+    `@cd` client/crates/types && EV_TYPES_FORCE_PROTO_GEN=1 cargo build

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	@rm -rf client/crates/types/src/proto/*.rs
	@cd client/crates/types && cargo build
	`@rm` -rf client/crates/types/src/proto/*.rs
	`@cd` client/crates/types && EV_TYPES_FORCE_PROTO_GEN=1 cargo build

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.just/proto.just around lines 24 - 25, The rust-proto-check recipe deletes
generated proto files but then runs cargo build without setting
EV_TYPES_FORCE_PROTO_GEN=1 so rust-proto-gen won’t regenerate files and git diff
will always fail; update the rust-proto-check recipe (the block that runs the
commands removing client/crates/types/src/proto/*.rs and then "cd
client/crates/types && cargo build") to run cargo build with the env var set
(e.g. prefix the build with EV_TYPES_FORCE_PROTO_GEN=1 or export it before
invoking cargo) so rust-proto-gen is triggered during the check.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Duplicated echo message and inconsistent repo name check.

Two issues here:

1. Lines 58 and 60 duplicate the "Verifying Docker image exists locally..." message.
2. Line 59 checks for "ev-node" but docker-build-if-local on Line 81 checks for "evstack". This inconsistency will cause unexpected behavior when EV_NODE_IMAGE_REPO=evstack - the build recipe treats it as local, but this verification would skip it.

🐛 Proposed fix

 test-docker-e2e: docker-build-if-local
     `@echo` "--> Running Docker E2E tests"
-    `@echo` "--> Verifying Docker image exists locally..."
-    `@if` [ -z "${EV_NODE_IMAGE_REPO:-}" ] || [ "${EV_NODE_IMAGE_REPO:-}" = "ev-node" ]; then \
-        echo "--> Verifying Docker image exists locally..."; \
+    `@if` [ -z "${EV_NODE_IMAGE_REPO:-}" ] || [ "${EV_NODE_IMAGE_REPO:-}" = "evstack" ]; then \
         docker image inspect evstack:local-dev >/dev/null 2>&1 || (echo "ERROR: evstack:local-dev image not found. Run 'just docker-build' first." && exit 1); \
     fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	@echo "--> Running Docker E2E tests"
	@echo "--> Verifying Docker image exists locally..."
	@if [ -z "${EV_NODE_IMAGE_REPO:-}" ] || [ "${EV_NODE_IMAGE_REPO:-}" = "ev-node" ]; then \
	echo "--> Verifying Docker image exists locally..."; \
	docker image inspect evstack:local-dev >/dev/null 2>&1 || (echo "ERROR: evstack:local-dev image not found. Run 'just docker-build' first." && exit 1); \
	fi
	`@echo` "--> Running Docker E2E tests"
	`@if` [ -z "${EV_NODE_IMAGE_REPO:-}" ] || [ "${EV_NODE_IMAGE_REPO:-}" = "evstack" ]; then \
	echo "--> Verifying Docker image exists locally..."; \
	docker image inspect evstack:local-dev >/dev/null 2>&1 || (echo "ERROR: evstack:local-dev image not found. Run 'just docker-build' first." && exit 1); \
	fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.just/test.just around lines 57 - 62, Remove the duplicated echo and make
the repo-name check consistent with the docker-build-if-local logic: delete the
repeated "@echo \"--> Verifying Docker image exists locally...\"" and change the
conditional that currently compares EV_NODE_IMAGE_REPO to "ev-node" so it
compares to "evstack" (the same value used by docker-build-if-local); keep a
single echo before the conditional and ensure the docker image inspect line
still checks evstack:local-dev.

[coderabbitai]

♻️ Duplicate comments (4)

.github/workflows/benchmark.yml (1)

27-27: ⚠️ Potential issue | 🟠 Major

Pin extractions/setup-just to an immutable SHA.

Line 27 and Line 59 use extractions/setup-just@v3, which is mutable and has already been flagged by CodeQL. Please pin to a full commit hash.

🔒 Proposed fix

-      - name: Install just
-        uses: extractions/setup-just@v3
+      - name: Install just
+        uses: extractions/setup-just@<full-commit-sha> # v3

...
-      - name: Install just
-        uses: extractions/setup-just@v3
+      - name: Install just
+        uses: extractions/setup-just@<full-commit-sha> # v3

Also applies to: 59-59

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/benchmark.yml at line 27, Replace the mutable action
reference "extractions/setup-just@v3" with an immutable pinned commit SHA for
both occurrences; find the usages of extractions/setup-just@v3 in the workflow
and change them to extractions/setup-just@<full-commit-sha> (use the
authoritative commit hash from the action’s repository) so the workflow is
pinned to a specific immutable version.

.github/workflows/docker-tests.yml (1)

31-31: ⚠️ Potential issue | 🟠 Major

Pin extractions/setup-just in all three jobs.

Line 31, Line 50, and Line 69 use mutable @v3 tags. Please pin each usage to an immutable commit SHA.

🔒 Proposed fix

-      - name: Install just
-        uses: extractions/setup-just@v3
+      - name: Install just
+        uses: extractions/setup-just@<full-commit-sha> # v3

Also applies to: 50-50, 69-69

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/docker-tests.yml at line 31, Replace the mutable tag
"extractions/setup-just@v3" used in the workflow jobs with an immutable commit
SHA for each usage; locate the three occurrences of the uses string (currently
"extractions/setup-just@v3") and change them to
"extractions/setup-just@<full-commit-sha>" (the full 40-character SHA from the
setup-just repository) so the workflow is pinned to a specific commit. Ensure
each occurrence is updated (use the same pinned SHA if you want identical
behavior across jobs) and run a quick workflow lint or dry-run to verify the
action resolves correctly.

.github/workflows/dependabot-auto-fix.yml (1)

26-26: ⚠️ Potential issue | 🟠 Major

Use an immutable commit ref for setup-just.

Line 26 uses extractions/setup-just@v3 (mutable tag). Pinning to a commit SHA is recommended to avoid action supply-chain drift.

🔒 Proposed fix

-      - name: Install just
-        uses: extractions/setup-just@v3
+      - name: Install just
+        uses: extractions/setup-just@<full-commit-sha> # v3

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/dependabot-auto-fix.yml at line 26, The workflow currently
references the mutable tag "extractions/setup-just@v3"; replace that mutable tag
with an immutable commit SHA to prevent supply-chain drift. Locate the uses line
referencing "extractions/setup-just@v3" in the dependabot-auto-fix.yml and
update it to the action's pinned ref (extractions/setup-just@<commit-sha>) by
finding the latest commit SHA from the action's repository and substituting it
for the tag.

.github/workflows/test.yml (1)

21-21: ⚠️ Potential issue | 🟠 Major

Pin setup-just references to commit SHAs.

Line 21, Line 33, Line 51, Line 70, Line 104, and Line 119 use extractions/setup-just@v3 (mutable tag). Pinning to immutable commit hashes is safer.

🔒 Proposed fix

-      - name: Install just
-        uses: extractions/setup-just@v3
+      - name: Install just
+        uses: extractions/setup-just@<full-commit-sha> # v3

Also applies to: 33-33, 51-51, 70-70, 104-104, 119-119

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/test.yml at line 21, Replace mutable tag references of the
action "extractions/setup-just@v3" with immutable commit SHAs: locate every
occurrence of the string extractions/setup-just@v3 in the workflow and replace
each with extractions/setup-just@<commit-sha> using the specific commit hash
from the action's repository (one unique SHA per occurrence or the same pinned
SHA if you want a single fixed version across the file). Ensure you update all
occurrences noted (the instances that currently read extractions/setup-just@v3)
and commit the workflow changes so the runs use the pinned immutable SHAs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/benchmark.yml:
- Line 27: Replace the mutable action reference "extractions/setup-just@v3" with
an immutable pinned commit SHA for both occurrences; find the usages of
extractions/setup-just@v3 in the workflow and change them to
extractions/setup-just@<full-commit-sha> (use the authoritative commit hash from
the action’s repository) so the workflow is pinned to a specific immutable
version.

In @.github/workflows/dependabot-auto-fix.yml:
- Line 26: The workflow currently references the mutable tag
"extractions/setup-just@v3"; replace that mutable tag with an immutable commit
SHA to prevent supply-chain drift. Locate the uses line referencing
"extractions/setup-just@v3" in the dependabot-auto-fix.yml and update it to the
action's pinned ref (extractions/setup-just@<commit-sha>) by finding the latest
commit SHA from the action's repository and substituting it for the tag.

In @.github/workflows/docker-tests.yml:
- Line 31: Replace the mutable tag "extractions/setup-just@v3" used in the
workflow jobs with an immutable commit SHA for each usage; locate the three
occurrences of the uses string (currently "extractions/setup-just@v3") and
change them to "extractions/setup-just@<full-commit-sha>" (the full 40-character
SHA from the setup-just repository) so the workflow is pinned to a specific
commit. Ensure each occurrence is updated (use the same pinned SHA if you want
identical behavior across jobs) and run a quick workflow lint or dry-run to
verify the action resolves correctly.

In @.github/workflows/test.yml:
- Line 21: Replace mutable tag references of the action
"extractions/setup-just@v3" with immutable commit SHAs: locate every occurrence
of the string extractions/setup-just@v3 in the workflow and replace each with
extractions/setup-just@<commit-sha> using the specific commit hash from the
action's repository (one unique SHA per occurrence or the same pinned SHA if you
want a single fixed version across the file). Ensure you update all occurrences
noted (the instances that currently read extractions/setup-just@v3) and commit
the workflow changes so the runs use the pinned immutable SHAs.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ffd24a5 and 9755352.

📒 Files selected for processing (4)

• .github/workflows/benchmark.yml
• .github/workflows/dependabot-auto-fix.yml
• .github/workflows/docker-tests.yml
• .github/workflows/test.yml

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.91%. Comparing base (212ac08) to head (da1f427).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3110      +/-   ##
==========================================
- Coverage   60.95%   60.91%   -0.04%     
==========================================
  Files         113      113              
  Lines       11617    11617              
==========================================
- Hits         7081     7077       -4     
- Misses       3738     3740       +2     
- Partials      798      800       +2     

Flag	Coverage Δ
combined	60.91% <ø> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Spamoor Trace Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.50.

Benchmark suite	Current: da1f427	Previous: 212ac08	Ratio
SpamoorSmoke - Executor.GetTxs (avg)	1515.6944444444443 us	915 us	1.66
SpamoorSmoke - TxPool.GetTxs (avg)	1498.8333333333333 us	899.5588235294117 us	1.67

This comment was automatically generated by workflow using github-action-benchmark.

[github-actions]

PR Preview Action v1.8.1
Preview removed because the pull request was closed.
2026-02-26 20:31 UTC