Fix seid static-link paths for missing .a files

[masih]

The static-build path for seid was broken in two ways that masked each other and only surfaced when goreleaser first tried it:

• The sei-wasmd v152/v155 archives were named libwasmvmstatic.a, but link_muslc.go wants -lwasmvm_muslc — so the linker said "cannot find -lwasmvm155_muslc" and never noticed the static.a files were also wrong (Mach-O arm64, not Linux musl ELF).
• sei-wasmvm/internal/api was missing libwasmvmstatic_darwin.a entirely.

Fixes:

• Rename the misnamed Mach-O archives to libwasmvm*static_darwin.a to match link_mac_static.go.
• Add libwasmvm{152,155}_muslc{,.aarch64}.a from the sei-wasmd v0.3.6 release, with SHA256s pinned via Go tests.
• Add libwasmvmstatic_darwin.a, produced reproducibly by the new macos-static target rather than someone's laptop.

CI:

• cross-arch-build.yml: new linux-amd64-static job that asserts the resulting seid is actually statically linked. Would have caught this at PR time.
• libwasmvm.yml: add release-build-macos-static to the matrix so the darwin static archive can be regenerated on demand.

Additionally, add tests that assert the consistency of shasums for checked in .a files. The missing files are ported over from:

• https://github.com/sei-protocol/sei-wasmd/releases/tag/v0.3.6

Add tests to programmatically assert existence of linked libraries across the entire codebase.

Note: for internal/api/libwasmvm I stripped off debugging info to reduce the size of the .a file since GitHub does not accept sole files with size over 100MiB.

Relates to: PLT-41

[github-actions]

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	✅ passed	✅ passed	✅ passed	May 18, 2026, 9:09 AM

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.37%. Comparing base (458db63) to head (a4c7e1b).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3426      +/-   ##
==========================================
+ Coverage   59.29%   59.37%   +0.07%     
==========================================
  Files        2126     2112      -14     
  Lines      175702   173527    -2175     
==========================================
- Hits       104188   103028    -1160     
+ Misses      62440    61517     -923     
+ Partials     9074     8982      -92     

Flag	Coverage Δ
sei-chain-pr	53.00% <ø> (?)
sei-db	70.41% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 152 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cursor]

PR Summary

Medium Risk
Medium risk because it changes build/CI behavior around cross-platform static linking and will fail builds if vendored libwasmvm archives or cgo link directives drift or are misnamed.

Overview
Adds CI coverage and repo tests to prevent broken seid static-link builds by validating vendored libwasmvm artifacts.

Updates the libwasmvm GitHub Actions workflow to also build a release-build-macos-static target, and tweaks the FlatKV crash-recovery integration test to give slower CI runners more time for proposer rotation.

Introduces new Go tests that (1) ensure every link_*.go #cgo LDFLAGS: ... -l<name> resolves to a real, non-trivial lib<name>.{a,so,dylib} in the same directory, (2) ensure there are no orphaned library files, and (3) pin SHA256 checksums for the checked-in v152/v155 musl static archives.

^{Reviewed by Cursor Bugbot for commit a4c7e1b. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 5d56365. Configure here.}

[cursor]

Missing "lib" prefix guard causes potential panic

Low Severity

TestArtifactsHaveNoOrphans documents that it processes "every lib*.{a,so,dylib}" but only filters by extension, not by the "lib" prefix. The slice name[len("lib") : len(name)-len(ext)] assumes the filename starts with "lib" and is long enough. A non-lib-prefixed file with a library extension (e.g. ab.a) would cause a slice-bounds panic since len("lib") exceeds len(name)-len(ext). Adding a strings.HasPrefix(name, "lib") guard would match the documented intent and prevent a test-suite crash.

 

^{Reviewed by Cursor Bugbot for commit 5d56365. Configure here.}

[cursor]

Custom stripSuffix reimplements strings.TrimSuffix

Low Severity

The stripSuffix helper has identical semantics to strings.TrimSuffix from the standard library — both check if the string ends with the suffix and return it stripped, or the original string unchanged. Replacing it with strings.TrimSuffix removes unnecessary code and is more idiomatic Go.

 

^{Reviewed by Cursor Bugbot for commit 5d56365. Configure here.}