rpc sharding by tx sender for autobahn

[pompon0]

For giga testnet we need every account to send transaction only to a single lane, so that they are included in nonce order. In this pr we are adding proxying of transactions to the correct lane (validator). How it works:

• only evmrpc endpoint is handled
• it is using http evmrpc connections for proxying (ws connections are also supported, but with the current impl they would be inefficient - see the comments in code)
• [evm account -> lane] mapping is deterministic and defined by autobahn committee
• evmrpc urls of validators of each lane are specified in autobahn config
• whenever user calls sendRawTransaction or getTransactionCount rpcs to a node, the lane of the evm account is computed. If the lane is produced by the local node, it is added to the mempool. Otherwise url of the lane owner is fetched and the same evmrpc is called on that url.
• If autobahn is not enabled, we fallback to the previous semantics.

---

Note

Medium Risk
Introduces request redirection for eth_sendRawTransaction and pending eth_getTransactionCount, which changes transaction submission/nonce semantics and adds cross-validator HTTP RPC dependencies driven by config.

Overview
Adds sender-based RPC sharding for Autobahn by introducing LocalClient.EvmProxy(sender) and wiring it through the Tendermint local client/environment and GigaRouter (deterministic shard selection via Committee.EvmShard).

evmrpc now redirects eth_sendRawTransaction and pending eth_getTransactionCount to the shard owner’s EVM RPC HTTP endpoint when the sender maps to a different validator, with a fallback to existing local behavior when no proxy is configured or Autobahn isn’t active. Adds a new OpenTelemetry counter evmrpc_redirected_requests_total.

Extends Autobahn config generation/consumption to include per-validator evmrpc URLs (new evmrpc_url.txt in localnode init, new evmrpc field in config with URL marshal/unmarshal) and updates/expands tests to cover proxy behavior and the shard→URL mapping.

^{Reviewed by Cursor Bugbot for commit 33794ff. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	✅ passed	✅ passed	✅ passed	May 15, 2026, 11:21 AM

[codecov]

Codecov Report

❌ Patch coverage is 53.84615% with 42 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.31%. Comparing base (5060dcd) to head (33794ff).

Files with missing lines	Patch %	Lines
evmrpc/send.go	48.64%	15 Missing and 4 partials ⚠️
...int/cmd/tendermint/commands/gen_autobahn_config.go	0.00%	7 Missing ⚠️
evmrpc/tx.go	60.00%	2 Missing and 2 partials ⚠️
sei-tendermint/config/autobahn.go	63.63%	2 Missing and 2 partials ⚠️
sei-tendermint/internal/rpc/core/mempool.go	0.00%	4 Missing ⚠️
evmrpc/tests/mock_client.go	0.00%	2 Missing ⚠️
sei-tendermint/rpc/client/local/local.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3438      +/-   ##
==========================================
- Coverage   59.31%   59.31%   -0.01%     
==========================================
  Files        2120     2120              
  Lines      175523   175583      +60     
==========================================
+ Hits       104106   104139      +33     
- Misses      62338    62358      +20     
- Partials     9079     9086       +7     

Flag	Coverage Δ
sei-chain-pr	67.89% <53.84%> (?)
sei-db	70.41% <ø> (-0.22%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
evmrpc/metrics.go	96.00% <100.00%> (+0.65%)	⬆️
sei-cosmos/client/context.go	86.07% <ø> (ø)
...ei-tendermint/internal/autobahn/types/committee.go	96.42% <100.00%> (+0.35%)	⬆️
sei-tendermint/internal/p2p/giga_router.go	69.75% <100.00%> (+0.75%)	⬆️
sei-tendermint/node/setup.go	69.67% <100.00%> (+0.09%)	⬆️
evmrpc/tests/mock_client.go	56.66% <0.00%> (-0.77%)	⬇️
sei-tendermint/rpc/client/local/local.go	55.17% <0.00%> (-0.78%)	⬇️
evmrpc/tx.go	84.68% <60.00%> (-0.80%)	⬇️
sei-tendermint/config/autobahn.go	44.00% <63.63%> (+15.42%)	⬆️
sei-tendermint/internal/rpc/core/mempool.go	63.82% <0.00%> (-2.84%)	⬇️
... and 2 more

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 9c3516e. Configure here.}

[wen-coding]

nit: would be nice if both ports come from a common config

[wen-coding]

nit: can you clarify whether this is request you forwarded to someone else or it is request you received from redirection?

[wen-coding]

Would we see one error log per tx when one validator is down? That would be too spammy

[wen-coding]

What's our plan for handling the case where one validator is down?

[wen-coding]

Would we always have NewEIP155Signer in tx.Protected()? Would ethtypes.LatestSignerForChainID(chainID)) be better? So we accept non-1559 transactions?

[wen-coding]

Can we just use LatestSignerForChainID(chainID).Sender(tx) so we don't need to do the switch ourselves?

[wen-coding]

We don't have that many validators so maybe we can use a cheaper algorithm?

i := int(binary.BigEndian.Uint64(addr[:8]) % uint64(c.replicas.Len()))

I suppose we will have a different algorithm when Autobahn hits mainnet, so we don't need to worry about attacker reverse-engineering this algorithm for now?