feat(wireguard): cap EvidenceList.evidence, byzantine_validators, Proposal.tx_keys

[wen-coding]

Summary

Three repeated fields reachable from active wireguard schemas had no (wireguard.max_count) annotation, leaving them unbounded on the wire pre-decode.

Field	Cap	Rationale
EvidenceList.evidence	100	bounded by validator set size
LightClientAttackEvidence.byzantine_validators	100	bounded by validator set size
Proposal.tx_keys	2000	matches MaxTxsPerBlock

These fields are reachable from SchemaForBlock, SchemaForProposal, and SchemaForEvidenceList, which are all on active scan paths via protoutils.Unmarshal.

Test plan

• go build ./sei-tendermint/... — clean build
• go test ./sei-tendermint/... — passes

🤖 Generated with Claude Code

[cursor]

PR Summary

Medium Risk
Touches active protobuf scan paths for blocks/proposals/evidence; caps must stay aligned with chain limits or valid messages could be rejected.

Overview
Adds (wireguard.max_count) limits on three previously unbounded repeated Tendermint protobuf fields so protoutils can reject oversized wire payloads before full decode.

EvidenceList.evidence and LightClientAttackEvidence.byzantine_validators are capped at 100 (validator-set scale). Proposal.tx_keys is capped at 2000 to match MaxTxsPerBlock. Matching runtime.Schema entries are registered in types.wireguard.go, and wireguard_test.go gains accept-at-cap / reject-over-cap coverage for those messages.

The staking.pb.go change is regenerated embedded descriptor bytes only (no hand-written logic).

^{Reviewed by Cursor Bugbot for commit e096c33. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	✅ passed	✅ passed	✅ passed	Jun 20, 2026, 4:02 PM

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.14%. Comparing base (f83a111) to head (e096c33).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3614      +/-   ##
==========================================
- Coverage   59.01%   58.14%   -0.88%     
==========================================
  Files        2224     2150      -74     
  Lines      182814   174269    -8545     
==========================================
- Hits       107893   101321    -6572     
+ Misses      65220    63948    -1272     
+ Partials     9701     9000     -701     

Flag	Coverage Δ
sei-chain-pr	80.20% <100.00%> (?)
sei-db	70.41% <ø> (-0.22%)	⬇️
sei-db-state-db	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...ndermint/proto/tendermint/types/types.wireguard.go	100.00% <100.00%> (ø)

... and 76 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.