feat(op-interop-filter): implement core filtering logic

[karlfloersch]

Description

PR implementing the op-transaction-filter logic. This does not include sysgo integration. Sysgo integration (preset as well as the core tests) will be included in a followup PR.

Design doc here: https://www.notion.so/oplabs/Interop-Filter-Design-Doc-2bdf153ee16280bbb514f72c1ae93218?source=copy_link

The interop filter API supports the interop API integrated into both op-geth and proxyd

Tests

• Unit tests
• Manual testing via https://github.com/opsuperchain/interop-filter-utils
• See the readme for more information about manual testing
• Deployed and hooked up to proxyd, observed interop transactions correctly being filtered out

Sysgo tests to be added in follow up PR.

Additional context

Review Guide

This is a big boy. Here's some extra context:

Architecture

                                 ┌─────────────────────────────────────────┐
                                 │                Service                  │
                                 │  (Lifecycle, config, pprof, metrics)    │
                                 └───────────────────┬─────────────────────┘
                                                     │
                    ┌────────────────────────────────┼────────────────────────────────┐
                    │                                │                                │
                    ▼                                ▼                                ▼
           ┌────────────────┐             ┌──────────────────┐             ┌──────────────────┐
           │  RPC Server    │             │     Backend      │             │  Metrics Server  │
           │  (geth RPC)    │             │  (coordinator)   │             │  (prometheus)    │
           └───────┬────────┘             └────────┬─────────┘             └──────────────────┘
                   │                               │
         ┌─────────┴─────────┐                     │
         │                   │                     │
         ▼                   ▼                     │
 ┌───────────────┐  ┌────────────────┐             │
 │ QueryFrontend │  │ AdminFrontend  │             │
 │ (supervisor)  │  │ (admin, JWT)   │             │
 └───────┬───────┘  └───────┬────────┘             │
         │                  │                      │
         └────────┬─────────┘                      │
                  │                                │
                  ▼                                ▼
           ┌─────────────────────────────────────────────────────────────────┐
           │                            Backend                              │
           │   - Coordinates chain ingesters and cross-validator             │
           │   - Manages failsafe mode (manual + error-based)                │
           │   - Routes CheckAccessList requests                             │
           └──────────────┬───────────────────────────────┬──────────────────┘
                          │                               │
                          ▼                               ▼
           ┌──────────────────────────────┐   ┌──────────────────────────────┐
           │   LockstepCrossValidator     │   │  ChainIngesters (per chain)  │
           │                              │   │                              │
           │  - Validates executing msgs  │◄──┤  - LogsDBChainIngester       │
           │  - Tracks cross-validated    │   │    (RPC + logsdb)            │
           │    timestamp across chains   │   │  - MockChainIngester         │
           │  - Lockstep advancement:     │   │    (in-memory for tests)     │
           │    waits for ALL chains      │   │                              │
           └──────────────────────────────┘   └──────────────┬───────────────┘
                                                             │
                                              ┌──────────────┴──────────────┐
                                              │                             │
                                              ▼                             ▼
                                       ┌────────────┐                ┌────────────┐
                                       │  Chain A   │                │  Chain B   │
                                       │  LogsDB    │                │  LogsDB    │
                                       │  (local)   │                │  (local)   │
                                       └────────────┘                └────────────┘

Files Overview

File	Purpose
interfaces.go	Core interfaces: ChainIngester and CrossValidator
backend.go	Central coordinator managing chain ingesters and failsafe state
logsdb_chain_ingester.go	Production ChainIngester: RPC + logsdb + reorg detection
lockstep_cross_validator.go	Production CrossValidator: timestamp advancement + validation
frontend.go	RPC frontends: public query + JWT-protected admin
service.go	Top-level lifecycle orchestration
config.go	CLI flag parsing
validation.go	Message timing validation
errors.go	Ingester error types
mock_ingester_test.go	In-memory ChainIngester for unit tests
backend_test.go	Comprehensive unit tests

Review Guide

Recommended order:

1. interfaces.go - Core abstractions (ChainIngester, CrossValidator)
2. backend.go - How components connect
3. lockstep_cross_validator.go - Cross-chain validation logic
4. logsdb_chain_ingester.go - Block ingestion and reorg detection
5. frontend.go - RPC layer
6. backend_test.go - Validate understanding through tests

Test Coverage

• Message Timing: init < inclusion, expiry boundaries
• Failsafe: manual toggle, automatic on chain errors
• Ready State: chain readiness tracking
• CheckAccessList: failsafe, uninitialized, safety levels
• CrossValidator: timeout expiry, cross-unsafe timestamps, unknown chains, checksum verification, error propagation

Future Improvements

1. Reorg handling - Recovery logic for chain reorganizations
2. Specific invalid message flagging - See TODO in lockstep_cross_validator.go:217
3. Recoverable error states - Recover without full restart
4. Kurtosis/devstack integration tests - Follow-up PR
5. Per-chain validation advancement - Remove lockstep bottleneck

Test Plan

• Unit tests pass
• Manual testing with interop-filter-utils

[wiz-inc-a178a98b5d]

Wiz Scan Summary

Scanner	Findings
Vulnerabilities	-
Sensitive Data	-
Secrets	-
IaC Misconfigurations	-
SAST Findings	1
Software Management Findings	-
Total	1

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.55%. Comparing base (e7cc171) to head (25f97aa).
⚠️ Report is 2 commits behind head on develop.

❗ There is a different number of reports uploaded between BASE (e7cc171) and HEAD (25f97aa). Click for more details.

HEAD has 18 uploads less than BASE

Flag	BASE (e7cc171)	HEAD (25f97aa)
cannon-go-tests-64	7	1
contracts-bedrock-tests	13	1

Additional details and impacted files

@@             Coverage Diff              @@
##           develop   #18604       +/-   ##
============================================
- Coverage    72.23%   60.55%   -11.69%     
============================================
  Files          189      189               
  Lines        11163    11163               
============================================
- Hits          8064     6760     -1304     
- Misses        2953     4259     +1306     
+ Partials       146      144        -2     

Flag	Coverage Δ
cannon-go-tests-64	66.58% <ø> (-0.82%)	⬇️
contracts-bedrock-tests	57.15% <ø> (-17.83%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 52 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[opgitgovernance]

This pr has been automatically marked as stale and will be closed in 5 days if no updates

[opsuperchain]

Review Guide: PR #18604 Refactoring Commit

This commit addresses all review feedback from the upstream PR. Below is a comprehensive guide for reviewing the changes.

Quick Stats

• Files changed: 15
• Lines: +2,268 / -675
• Test functions: 43 total (38 top-level + 5 subtests)

---

High-Level Changes

1. Validation Logic Consolidation

Files: lockstep_cross_validator.go, validation.go (deleted)

Moved all validation logic into the cross-validator. This eliminates the separate validation.go file and makes the validation path clearer.

2. Ingestion Loop Improvements

Files: logsdb_chain_ingester.go

• Replaced time.Sleep polling with time.Ticker for cleaner shutdown
• Added parent hash validation on every block (catches reorgs immediately)
• Added constants for magic numbers (progressLogInterval, dataDirPermissions)
• Improved checkReorg() to distinguish expected vs unexpected cases:
  • Head before earliest block → expected, debug log (we started later)
  • Have block but can't get hash → unexpected, error log
  • Hash mismatch → reorg detected, trigger failsafe

3. Safety: Panic → Error Returns

Files: lockstep_cross_validator.go:137-143, 193-196

Replaced 3 panics with proper error returns to prevent DoS via crafted timestamps. Example:

// Before (panic reachable from RPC)
if expiresAt < access.Timestamp {
    panic("overflow in expiry calculation")
}

// After (returns error)
if expiresAt < access.Timestamp {
    return fmt.Errorf("overflow in expiry calculation: %w", types.ErrConflict)
}

4. Dead Code Removal

Files: logsdb_chain_ingester.go

Deleted unused findBlockByTimestamp() binary search function (50 lines).

5. Error Handling Improvements

Files: errors.go, logsdb_chain_ingester.go

• Added ErrInvalidLog sentinel error
• Added ErrorInvalidExecutingMessage ingester error reason
• Added failsafe triggers for ErrDataCorruption and ErrInvalidExecutingMessage

6. Config Integration

Files: config.go, flags/flags.go, service.go

Added --networks and --rollup-configs flags for chain configuration via superchain-registry.

---

Test Coverage: Complete Breakdown

Backend Tests (backend_test.go) - 6 tests

Test	Code Path	What It Verifies
TestBackend_Failsafe_ManualEnabled	SetFailsafeEnabled(), FailsafeEnabled()	Manual failsafe toggle works
TestBackend_Failsafe_ChainError	FailsafeEnabled() with chain error	Chain ingester errors trigger failsafe
TestBackend_Failsafe_CrossValidatorError	FailsafeEnabled() with validator error	Validator errors trigger failsafe
TestBackend_Failsafe_AllClear	FailsafeEnabled() normal state	No errors = no failsafe
TestBackend_Ready	Ready()	Backend ready state with/without chains
TestBackend_CheckAccessList	CheckAccessList()	Failsafe, not ready, safety levels, unknown chain, happy path

Cross-Validator Tests (lockstep_cross_validator_test.go) - 12 tests

Test	Code Path	What It Verifies
TestCrossValidator_TimeoutExceedsExpiry	Expiry calculation	Rejects if timeout > expiry window
TestCrossValidator_CrossUnsafe_Boundary	CrossUnsafe validation	At boundary accepts, beyond rejects
TestCrossValidator_KnownChain	Chain lookup	Succeeds for known chains
TestCrossValidator_UnknownChain	Chain lookup	Returns error for unknown chains
TestCrossValidator_ValidationFailureSetsError	Error state	Validation failure sets validator error
TestValidateAccessEntry_TimestampNotIngested	Min ingested check	Rejects if timestamp not yet ingested
TestValidateExecMsg_InitBeforeInclusion	Temporal validation	Rejects when init timestamp not before inclusion
TestValidateExecMsg_MessageExpired	Expiry validation	Rejects expired messages
TestAdvanceValidation_WaitsForChainsReady	advanceValidation()	Waits until all chains ready
TestAdvanceValidation_InitializesToStartTimestamp	advanceValidation()	Initializes to start timestamp
TestAdvanceValidation_AdvancesTimestamp	advanceValidation()	Advances crossValidatedTs over time
TestAdvanceValidation_StopsAtMinIngested	advanceValidation()	Stops at slowest chain timestamp

Chain Ingester Tests (logsdb_chain_ingester_test.go) - 18 tests

Test	Code Path	What It Verifies
TestLogsDBChainIngester_InitLogsDB	initLogsDB()	Creates logsDB and chain directory
TestLogsDBChainIngester_SealParentBlock	sealParentBlock()	Seals parent block from RPC
TestLogsDBChainIngester_IngestBlock	ingestBlock()	Ingests block and stores logs
TestLogsDBChainIngester_IngestMultipleBlocks	ingestBlock() x N	Sequential block ingestion
TestLogsDBChainIngester_Ready	Ready()	Reports ready after reaching start timestamp
TestLogsDBChainIngester_ErrorState	SetError(), Error(), ClearError()	Error state management works
TestLogsDBChainIngester_Contains	Contains()	Queries stored logs correctly
TestLogsDBChainIngester_ReorgDetection	Parent hash validation	Detects reorg via parent hash mismatch
TestLogsDBChainIngester_QueryMethods	GetExecMsgsAtTimestamp(), BlockHashAt()	Query methods work correctly
TestLogsDBChainIngester_Integration_RealLogsDB	Full flow	End-to-end ingestion with real logsDB
TestLogsDBChainIngester_InitIngestion_FreshStart	initIngestion() fresh	Starts from calculated backfill block
TestLogsDBChainIngester_InitIngestion_ResumeFromExistingDB	initIngestion() resume	Resumes from existing DB state
TestLogsDBChainIngester_InitIngestion_ErrorGettingHead	initIngestion() RPC error	Handles RPC failure gracefully
TestLogsDBChainIngester_IngestBlock_NonSequentialError	Block ordering	Rejects non-sequential blocks
TestLogsDBChainIngester_IngestBlock_RPCError	RPC failure	Handles missing block gracefully
TestLogsDBChainIngester_IngestBlock_ReceiptsError	Receipts failure	Handles missing receipts gracefully
TestLogsDBChainIngester_IngestBlock_ErrorStateSkipsIngestion	Error state	Skips ingestion when in error state
TestLogsDBChainIngester_ErrorTypes	Error type strings	New error reasons have correct strings

JWT Auth Tests (jwt_auth_test.go) - 2 tests (5 subtests)

Test	Code Path	What It Verifies
TestJWTAuthentication	JWT middleware	Valid JWT allows access, invalid rejected, supervisor API not gated
TestSupervisorAPIWithoutJWT	JWT middleware	Supervisor API works without JWT configured

---

Testing Approach

Mock Strategy

mockChainIngester - In-memory implementation for unit tests:

• Stores logs in a map[logKey]BlockSeal
• Simple state management (ready, err, latestBlock)
• Thread-safe with sync.RWMutex
• Used by: Backend tests, Cross-validator tests

MockEthClient - RPC mock for integration tests:

• Stores blocks and receipts in maps
• Supports error injection (SetInfoByLabelErr, etc.)
• Used by: LogsDBChainIngester tests

mockCrossValidator - Simple validator mock:

• Returns configurable errors
• Used by: Backend tests

Test Categories

1. Unit tests - Test individual methods with mocks
2. Integration tests - Test component interactions with real logsDB
3. Error injection tests - Verify graceful handling of failures
4. Boundary tests - Test edge cases (overflow, expiry, timestamps)

What's NOT Tested (Known Gaps)

• Start()/Stop() lifecycle (requires goroutine coordination)
• runIngestion() loop (tested indirectly via ingestBlock())
• Concurrent access (no explicit race tests, but uses atomic/mutex)

---

Review Checklist

• Validation logic correctly moved from validation.go to cross-validator
• Panics replaced with error returns (3 locations)
• Dead code removed (findBlockByTimestamp)
• New error types used correctly (ErrDataCorruption, ErrorInvalidExecutingMessage)
• Tests cover the documented code paths
• Mock naming is consistent (mockChainIngester, mockCrossValidator, MockEthClient)