docs: add v0.4.0 upgrade guide

[randygrok]

Description

Add upgrade guide for v0.4.0, covering all changes since v0.3.0: reth v2.0.0 upgrade, ev-deployer CLI, ev-dev local chain, transaction sponsor service, granular tracing with EV_TRACE_LEVEL, EIP-2718 decode fix, and txpool fallback restricted to dev mode. The existing v0.3.0 upgrade guide is left as-is.

Summary by CodeRabbit

• Documentation
  • Added comprehensive v0.4.0 upgrade guide with detailed migration steps, chainspec references, and examples; removed the v0.3.0 upgrade guide.
• New Features
  • Added an ev-deployer CLI and finer-grained tracing instrumentation.
• Changed
  • Upgraded to Reth v2.0.0; default Storage V2 for new nodes; build system migrated from Makefile to just.
• Bug Fixes
  • Fixed Engine API payload decoding; restricted txpool fallback behavior to dev mode; added related test coverage.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 808504ae-1f7d-4d6f-9166-26d85a16e84d

📥 Commits

Reviewing files that changed from the base of the PR and between 4c1ead3 and 109c69f.

📒 Files selected for processing (3)

• CHANGELOG.md
• docs/UPGRADE-v0.3.0.md
• docs/UPGRADE-v0.4.0.md

💤 Files with no reviewable changes (1)

• docs/UPGRADE-v0.3.0.md

✅ Files skipped from review due to trivial changes (2)

• docs/UPGRADE-v0.4.0.md
• CHANGELOG.md

---

📝 Walkthrough

Walkthrough

Adds a new upgrade guide docs/UPGRADE-v0.4.0.md, updates the changelog with v0.4.0 notes, and removes the previous docs/UPGRADE-v0.3.0.md; changes document Reth v2.0.0 migration, config/behavior adjustments, payload decode fix, and build-tool migration to just.

Changes

Cohort / File(s)	Summary
New Upgrade Guide docs/UPGRADE-v0.4.0.md	Adds a comprehensive v0.4.0 upgrade guide detailing unchanged/changed behaviors, Reth v2.0.0 migration (Storage V2 default), Storage V1 compatibility, txpool fallback restricted to --dev, EIP-2718 payload decode fix, chainspec field references, examples, and operational notes (make→just).
Changelog Update CHANGELOG.md	Updates Unreleased section: adds ev-deployer CLI, tracing spans, reorders EV_TRACE_LEVEL, notes Reth v2.0.0 upgrade details (revm/alloy versions), txpool fallback restriction, payload decode fix, and build migration to Justfile.
Removed Old Guide docs/UPGRADE-v0.3.0.md	Deletes the v0.3.0 upgrade document and its historical migration instructions and examples.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 I hopped through changelogs late at night,
Wrote a guide to make migrations light,
With Reth and storage set anew,
A carrot of docs to guide your view,
✨🐾

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is missing critical template sections including Type of Change checkbox, Related Issues, Checklist items, Testing details, and Additional Notes.	Complete the PR description by filling out all required template sections: select appropriate Type of Change option(s), link any related issues, check off relevant checklist items, describe testing performed, and add any additional context needed.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly matches the main changeset: it introduces a new v0.4.0 upgrade guide documentation file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch jgimeno/retract-v03x-upgrade-doc

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude finished @randygrok's task —— View job

---

Code Review Complete

I've thoroughly reviewed this PR and have several findings regarding code quality, security, and documentation structure.

Review Tasks:

• Read and analyze the new upgrade guide document
• Check the deleted upgrade guide for context
• Review CHANGELOG.md changes
• Read repository setup instructions
• Analyze documentation structure and content quality
• Check for security concerns (especially around secrets)
• Evaluate reviewer feedback and provide recommendations
• Provide comprehensive review feedback

---

🔍 Review Findings

🚨 Security Concerns

1. Missing Security Guidance for Sensitive Configuration

• Lines 94-227: The document references sensitive configurations like SPONSOR_PRIVATE_KEY, admin addresses, and mint authorities without security warnings
• Risk: Users may inadvertently commit secrets to git or expose them in logs
• Recommendation: Add prominent security warnings for all sensitive fields, especially private keys and admin addresses

2. Admin Address Examples

• Lines 125, 196: Uses placeholder addresses like 0x000000000000000000000000000000000000Ad00
• Recommendation: Add clear warnings that these are examples and must be replaced with actual secure addresses

📋 Documentation Quality Issues

3. Version Reference Inconsistency (Aligns with CodeRabbit feedback)

• Line 5: References "v0.3.0" but context suggests only "v0.3.0-beta" was released
• Impact: May confuse operators about which version they're upgrading from
• Recommendation: Update all references to clarify "v0.3.0-beta" where appropriate

4. Document Structure Concern (Aligns with tac0turtle feedback)

• The document mixes migration instructions with feature descriptions and changelog-style content
• Issue: Lines 10-15 read like changelog entries rather than migration steps
• Recommendation: Consider splitting into focused migration guide (config changes only) vs. feature documentation

📝 Content and Structure

5. Excellent Upgrade Path Coverage

• Document provides clear upgrade paths from v0.1.x → v0.4.0 with cumulative instructions
• Good use of tables for configuration reference (lines 153-166)
• Comprehensive chainspec examples

6. Clear Breaking Changes Documentation

• Well-documented breaking changes: Storage V2, txpool fallback restrictions, import path changes
• Good migration notes for build system changes (Makefile → just)

🔧 Technical Accuracy

7. Configuration Examples

• JSON examples appear technically sound and follow proper chainspec format
• Environment variable references are consistent
• Proper use of activation heights for network upgrades

8. Missing Information

• No mention of backup/rollback procedures for Storage V2 migration
• Could benefit from estimated downtime or migration duration guidance

---

💡 Recommendations

High Priority

1. Add Security Section: Include a dedicated security section with warnings about private keys, admin addresses, and secret management
2. Version Clarity: Update v0.3.0 references to v0.3.0-beta where appropriate
3. Consider Document Split: Evaluate splitting into pure migration guide vs. feature overview

Medium Priority

4. Add Backup Guidance: Include backup recommendations before Storage V2 migration
5. Placeholder Warnings: Add clear warnings that example addresses must be replaced
6. Migration Testing: Consider adding a testing/validation section

Low Priority

7. Link Validation: Verify all internal documentation links are valid
8. Formatting: Consider consistent formatting for code snippets and configuration blocks

---

🎯 Addressing Reviewer Feedback

CodeRabbit's Security Concern: Valid - the document needs security warnings for SPONSOR_PRIVATE_KEY and other sensitive configs.

tac0turtle's Structure Concern: Valid - the document does blend changelog and migration content. Consider:

• Moving feature descriptions to CHANGELOG.md
• Keeping only configuration changes and migration steps in this guide
• Or clearly separating "What Changed" vs "What You Need to Do" sections

---

✅ Overall Assessment

This is a high-quality documentation PR with:

• ✅ Comprehensive upgrade coverage
• ✅ Clear technical instructions
• ✅ Good organization and examples
• ⚠️ Security guidance needs improvement
• ⚠️ Structure could be more focused

The code quality is excellent for documentation, with no malicious content detected. The main issues are around security best practices and document structure rather than technical correctness.

---

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

docs/UPGRADE-v0.4.0.md (1)

94-105: Add secret-handling guidance for SPONSOR_PRIVATE_KEY.

The configuration table exposes a high-risk secret variable but does not state operational handling requirements (no plaintext commits/logging, prefer secret manager). A short warning would reduce accidental key leakage risk.

🔐 Suggested addition

 ### Transaction Sponsor Service
@@
 **Configuration (environment variables):**
+
+> Security note: `SPONSOR_PRIVATE_KEY` is sensitive. Store it in a secret manager (or equivalent),
+> never commit it to git, and avoid printing it in logs.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/UPGRADE-v0.4.0.md` around lines 94 - 105, Add a short, prominent warning
under the configuration table about the SPONSOR_PRIVATE_KEY variable: state that
it is a high-risk secret, must never be committed to source control or printed
to logs, and recommend using a secrets manager (or env injection via CI/CD),
restricted IAM, and regular rotation; update the table row for
SPONSOR_PRIVATE_KEY (in the docs/UPGRADE-v0.4.0.md section) to reference this
guidance and ensure the note mentions avoiding plaintext storage and disabling
debug/stack traces that might leak it.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/UPGRADE-v0.4.0.md`:
- Line 3: Replace any references that imply a stable v0.3.0 release with the
beta tag and clarify wording: update the header sentence that currently says
"since v0.3.0" (and the occurrences around lines 139–144) to explicitly state
"since v0.3.0‑beta" or "since v0.3.0 (beta)", and rephrase any sentences that
suggest a stable v0.3.0 was shipped so they clearly indicate the prior release
was a beta (e.g., change "v0.3.0" -> "v0.3.0-beta" and add "beta release"
wording where necessary).

---

Nitpick comments:
In `@docs/UPGRADE-v0.4.0.md`:
- Around line 94-105: Add a short, prominent warning under the configuration
table about the SPONSOR_PRIVATE_KEY variable: state that it is a high-risk
secret, must never be committed to source control or printed to logs, and
recommend using a secrets manager (or env injection via CI/CD), restricted IAM,
and regular rotation; update the table row for SPONSOR_PRIVATE_KEY (in the
docs/UPGRADE-v0.4.0.md section) to reference this guidance and ensure the note
mentions avoiding plaintext storage and disabling debug/stack traces that might
leak it.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 57f475ef-e030-439d-9339-b19abaf6a319

📥 Commits

Reviewing files that changed from the base of the PR and between d0bc639 and 4c1ead3.

📒 Files selected for processing (1)

• docs/UPGRADE-v0.4.0.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Clarify version naming to avoid implying a stable v0.3.0 release.

Line 3 and Line 139 currently read as if stable v0.3.0 existed. PR context says only v0.3.0-beta shipped, so this wording can mislead operators during planning.

✏️ Proposed doc wording update

-This guide covers the changes in ev-reth v0.4.0 since v0.3.0.
+This guide covers the changes in ev-reth v0.4.0 since the v0.3.0-beta line.

-v0.4.0 is a drop-in replacement for v0.3.0. No chainspec modifications are required.
+v0.4.0 is a drop-in replacement for the v0.3.0-beta line at the chainspec level. No chainspec modifications are required.

Also applies to: 139-144

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/UPGRADE-v0.4.0.md` at line 3, Replace any references that imply a stable
v0.3.0 release with the beta tag and clarify wording: update the header sentence
that currently says "since v0.3.0" (and the occurrences around lines 139–144) to
explicitly state "since v0.3.0‑beta" or "since v0.3.0 (beta)", and rephrase any
sentences that suggest a stable v0.3.0 was shipped so they clearly indicate the
prior release was a beta (e.g., change "v0.3.0" -> "v0.3.0-beta" and add "beta
release" wording where necessary).

[tac0turtle]

this seems more like a changelog and a migration guide, can you split the two. move things to changelog and then slim this down to only migration

[tac0turtle]

can we point people to other upgrade guides to avoid mentioning everything every time

[tac0turtle]

v0.3.0 was never released lets treat it as such and just do upgrade from 0.2.x to 0.4.x