Phase 7 follow-up: end-to-end simulation test for governance ban chain

[sanity]

Context

Spawned from PR #4299 multi-model review. Per the tracking issue #4296 this is a required gate before flipping Enforce mode on gateways.

PR #4299 adds a synchronous end-to-end regression test (`contract::governance::tests::governance_to_ban_list_end_to_end`) that drives a contract through evict → recover → re-feed → BanTriggered via `GovernanceManager`, runs decisions through `Ring::apply_ban_decisions`, and asserts the contract lands on a fresh `ContractBanList`. That covers the wiring at the unit level.

What is missing is a simulation-network test that:

1. Spins up a small `run_simulation_direct` network (~5-10 nodes).
2. Injects the May 21 incident pattern (one abuser contract that triggers repeated evictions via the rate-limit → MAD → eviction → ban chain).
3. Asserts the full chain fires on each node observing the abuse:
   • Rate limit rejects excess UPDATE traffic for the abuser.
   • MAD detector flags the abuser in the cost distribution.
   • State machine transitions Normal → Borderline → WouldEvict → Evicted.
   • Re-eviction within ban_window triggers Banned.
   • ContractBanList drops subsequent wire traffic for the abuser.
4. Asserts non-abuser contracts in the simulation continue to function (no collateral damage).

Why this matters

The unit and pin tests in #4299 lock the wiring in place, but they cannot detect emergent issues from the chain running against real network traffic (timing assumptions, message ordering, multi-node consensus on who's the abuser). The deferred sim test is the only way to validate "Enforce mode actually works as designed in a real network" before flipping the gateway config.

Spawned from

• Testing review (Critical NAT traversal #2 — Missing regression test for the May 21 incident pattern)
• Big-picture review (end-to-end simulation test is explicitly listed as a gate before Enforce flip in tracking: contract + peer resource-usage governance #4296)

[AI-assisted - Claude]

[github-actions]

🤖 Auto-labeled

Applied labels:

• T-enhancement (95% confidence)
• P-high (90% confidence)
• E-hard (80% confidence)
• A-networking (95% confidence)
• A-contracts (90% confidence)
• A-developer-xp (85% confidence)

Reasoning: The issue requests adding a new end-to-end simulation test to validate the governance ban chain across a small simulated network — this is an enhancement to the test suite rather than a bug or documentation change. It's high priority because the test is described as a required gate before flipping Enforce mode on gateways. Implementing a multi-node simulation that reproduces the May 21 incident pattern and checks timing, message ordering, and cross-node state transitions is non-trivial (likely E-hard). Relevant areas include networking (multi-node simulation, Ring behavior), contracts/governance (GovernanceManager, ContractBanList, state transitions), and developer experience/testing infrastructure (simulation test, CI gating). Confidence reflects clarity of the request and its scope.

Previous labels: P-high, T-enhancement, A-networking

If these labels are incorrect, please update them. This helps improve the auto-labeling system.