Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
55c61c1
feat(alerts): add inactiveValidator and stuckedTx alerts
zengzengzenghuy Sep 4, 2025
5520236
feat(alerts): create cronjob, write stuckedtx into /data
zengzengzenghuy Sep 4, 2025
01ab06a
Merge remote-tracking branch 'origin/main' into feat/alerts
zengzengzenghuy Sep 4, 2025
c8eadc5
feat(alerts): add docker logic
zengzengzenghuy Sep 5, 2025
0def818
docs(alerts): update README.md
zengzengzenghuy Sep 5, 2025
a53a4df
chore(alerts): update message format
zengzengzenghuy Sep 8, 2025
aad43c5
fix(alerts): stuckedTx schedule logic
zengzengzenghuy Sep 8, 2025
86a47e6
chore(alerts): update .env.example
zengzengzenghuy Sep 8, 2025
c5fcad4
(chore(env): remove subgraph api value
zengzengzenghuy Sep 11, 2025
2da1edd
fix(alerts): stuckedTx logic
zengzengzenghuy Sep 11, 2025
538d605
chore(alerts): remove unused log
zengzengzenghuy Sep 11, 2025
2d22607
chore(alerts): update docker config, pin graphql-request to version 5…
zengzengzenghuy Sep 29, 2025
f409894
Merge branch 'develop' into feat/alerts
zengzengzenghuy Oct 28, 2025
f5d4925
Merge branch 'develop' into feat/alerts
zengzengzenghuy Nov 10, 2025
ff94eba
feat(alerts): replace with Envio indexer query
zengzengzenghuy Nov 24, 2025
ecb3b8b
chore(alerts): pin package version and update version according to de…
zengzengzenghuy Jan 22, 2026
e990405
envio bump
ilge-ustun Apr 9, 2026
ce1e79b
Merge pull request #351 from gnosischain/chore/update-envio
ilge-ustun Apr 9, 2026
eb8d4e8
Merge branch 'main' into feat/alerts
zengzengzenghuy Apr 9, 2026
44f9a31
feat: replace subgraph with envio
zengzengzenghuy Apr 9, 2026
96e53df
chore: update dependencies version
zengzengzenghuy Apr 9, 2026
77e72c2
Merge branch 'develop' into feat/alerts
zengzengzenghuy Apr 9, 2026
9361425
chore: update Dockerfile and docker-compose.yml
zengzengzenghuy Apr 9, 2026
1587677
docs: update README
zengzengzenghuy Apr 9, 2026
e00e34d
chore: delete .yarn files
zengzengzenghuy Apr 10, 2026
3041ca9
Merge pull request #188 from gnosischain/feat/alerts
zengzengzenghuy Apr 10, 2026
c7cd797
chore: update validator addresses
Wagalidoom Apr 13, 2026
fc999a5
Merge pull request #353 from gnosischain/chore/update-validator-addre…
Wagalidoom Apr 13, 2026
ebc99fb
fix: audit
Wagalidoom Apr 13, 2026
9d6129d
Merge pull request #354 from gnosischain/fix/audit
Wagalidoom Apr 13, 2026
947bc03
Merge pull request #355 from gnosischain/develop
Wagalidoom Apr 14, 2026
66cf07b
Removing env block from workflow
atifather Apr 9, 2026
93be9cd
chore: move security audit from dev/staging to production workflow
atifather Apr 14, 2026
cf2779e
Merge pull request #360 from gnosischain/chore/security-audit-replace…
atifather Apr 15, 2026
0196398
Merge remote-tracking branch 'origin/main' into develop
Wagalidoom Apr 15, 2026
1905c50
Merge pull request #363 from gnosischain/chore/backport-main
Wagalidoom Apr 15, 2026
a09d785
Merge pull request #364 from gnosischain/develop
Wagalidoom Apr 15, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 0 additions & 28 deletions .github/workflows/bridge-explorer-develop-staging.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,36 +18,8 @@ permissions:
contents: write # This is required for actions/checkout

jobs:
security-audit:
name: Dependency Security Audit
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0

- name: Enable Corepack
run: |
npm install -g corepack@0.34.6
corepack enable

- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version-file: '.nvmrc'
cache: 'pnpm'

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Run security audit
run: pnpm audit --audit-level=high

build-and-push:
name: Build and Push to Artifact Registry
needs: security-audit
runs-on: ubuntu-latest
outputs:
environment: ${{ steps.set-env.outputs.environment }}
Expand Down
27 changes: 27 additions & 0 deletions .github/workflows/publish-ghcr-image-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,34 @@ permissions:
packages: write # This is required for pushing to GHCR

jobs:
security-audit:
name: Dependency Security Audit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0

- name: Enable Corepack
run: |
npm install -g corepack@0.34.6
corepack enable

- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version-file: '.nvmrc'
cache: 'pnpm'

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Run security audit
run: pnpm audit --audit-level=high

Build_and_push_image_to_GHCR:
needs: security-audit
runs-on: ubuntu-latest
steps:
- name: Git clone the repository
Expand Down
106 changes: 106 additions & 0 deletions alerts/.dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
# Dependencies
node_modules
npm-debug.log*
yarn-debug.log*
yarn-error.log*

# Runtime data
pids
*.pid
*.seed
*.pid.lock

# Coverage directory used by tools like istanbul
coverage
*.lcov

# nyc test coverage
.nyc_output

# Grunt intermediate storage
.grunt

# Bower dependency directory
bower_components

# node-waf configuration
.lock-wscript

# Compiled binary addons
build/Release

# Dependency directories
jspm_packages/

# Optional npm cache directory
.npm

# Optional eslint cache
.eslintcache

# Optional REPL history
.node_repl_history

# Output of 'npm pack'
*.tgz

# Yarn Integrity file
.yarn-integrity

# Environment files
.env
.env.local
.env.development.local
.env.test.local
.env.production.local

# Runtime logs
logs
*.log

# Build outputs (already copied from builder stage)
dist

# Development files
src/**/*.test.ts
src/**/*.spec.ts
**/*.test.js
**/*.spec.js

# IDE files
.vscode
.idea
*.swp
*.swo
*~

# OS files
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db

# Git
.git
.gitignore
.gitattributes

# Docker
Dockerfile
docker-compose.yml
docker-compose.*.yml
.dockerignore

# Documentation
README.md
*.md
docs/

# Alert state data (will be mounted as volume)
data/

# Monitoring config
monitoring/
32 changes: 29 additions & 3 deletions alerts/.env.example
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,36 @@ SLACK_TOKEN=
# Slack Channel to send a message
SLACK_CHANNEL=

# self-contained slack webhook, doesn't required SLACK_TOKEN & SLACK_CHANNEL if SLACK_WEBHOOK_URL is created
SLACK_WEBHOOK_URL=

# Providers URLs
MAINNET_RPC_URL=https://rpc.ankr.com/eth
GNOSIS_RPC_URL=https://rpc.ankr.com/gnosis

# Subgraph URLs
SUBGRAPH_API_NATIVE=https://api.thegraph.com/subgraphs/name/laimejesus/bridge-monitor-native
SUBGRAPH_API_FOREIGN=https://api.thegraph.com/subgraphs/name/laimejesus/bridge-monitor-foreign
# Envio Indexer URL
ENVIO_INDEXER_URL=

## Validator balance
# true= only track validator balance on Gnosis Chain
IS_VALIDATOR_BALANCE_ON_GC=true
MIN_XDAI_BALANCE_THRESHOLD=1 # 1xdai
MIN_ETH_BALANCE_THRESHOLD=0 # set to 0 because the validator doesn't require balance to claim on Ethereum

## Inactive validator
# max hrs to consider a validator inactive (not calling on chain function)
INACTIVITY_THRESHOLD_HOURS=12

## Stucked tx
# max hrs after first initiated a tx but still at 'COLLECTING' status
TRANSACTION_TIMEOUT_HOURS=1

# Scheduler Configuration
SCHEDULE_ENABLED=true
SCHEDULE_CRON=*/15 * * * *
RUN_ONCE_ON_START=true

# Alert State Management
ALERT_STATE_FILE=./data/stuck-tx-alerts.json
ALERT_CLEANUP_HOURS=48
NODE_ENV=PROD # or DEV
5 changes: 5 additions & 0 deletions alerts/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,10 @@
# custom logs
/logs

# alert state data
/data

#types
src/types/

/dist
37 changes: 37 additions & 0 deletions alerts/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Production stage
FROM node:22-alpine

# Accept build arguments
ARG ENVIO_INDEXER_URL

ENV ENVIO_INDEXER_URL=$ENVIO_INDEXER_URL

# Install dumb-init for proper signal handling
RUN apk add --no-cache dumb-init

# Set working directory
WORKDIR /app

# Copy package files
COPY package.json ./

# Install dependencies using pnpm
RUN corepack enable && corepack prepare pnpm@latest --activate
COPY pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile

# Copy source code
COPY . .

# Generate types
RUN pnpm typechain
RUN pnpm build

# Create data directory with correct ownership
RUN mkdir -p /app/data

# Use dumb-init to handle signals properly
ENTRYPOINT ["dumb-init", "--"]

# Default command
CMD ["pnpm", "start"]
24 changes: 20 additions & 4 deletions alerts/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,22 @@ The alerts that will be sent are:

- Low Balance (XDAI or ETH) for validators
- Low Limits for XDAI Native and Foreign Bridge Contracts (dailyLimit and executionDailyLimit)
- ....
- Invalid validator: When validator is not signing transactions for threshold amount of time
- Stucked Transaction: When a transaction is initiated but still in 'Collecting' status for threshold amount of time

# Dev

```shell
cp .env.example .env
pnpm install && pnpm typechain && pnpm build
pnpm dev # or pnpm start
```

# Run docker

```shell
docker compose up --build
```

### Validators

Expand All @@ -19,6 +34,7 @@ A limit is low when it is under 25%? of the total limit per day. (TBD)
## Configuration

Remember to configure Slack App:

- create slack app
- add slack into workspace
- create scope permissions for slack
Expand All @@ -29,10 +45,10 @@ Remember to configure Slack App:

- Setup Env Variables
- cp .env.example .env
- Install npm dependencies
- yarn install
- Install dependencies
- pnpm install
- Run script
- yarn dev
- pnpm dev

### References

Expand Down
28 changes: 28 additions & 0 deletions alerts/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
version: "3.8"

services:
alerts:
build:
context: .
args:
- ENVIO_INDEXER_URL=${ENVIO_INDEXER_URL}
environment:
- SLACK_TOKEN=${SLACK_TOKEN}
- SLACK_CHANNEL=${SLACK_CHANNEL}
- SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL}
- MAINNET_RPC_URL=${MAINNET_RPC_URL}
- GNOSIS_RPC_URL=${GNOSIS_RPC_URL}
- ENVIO_INDEXER_URL=${ENVIO_INDEXER_URL}
- IS_VALIDATOR_BALANCE_ON_GC=${IS_VALIDATOR_BALANCE_ON_GC}
- INACTIVITY_THRESHOLD_HOURS=${INACTIVITY_THRESHOLD_HOURS}
- TRANSACTION_TIMEOUT_HOURS=${TRANSACTION_TIMEOUT_HOURS}
- SCHEDULE_ENABLED=${SCHEDULE_ENABLED:-true}
- SCHEDULE_CRON=${SCHEDULE_CRON}
- RUN_ONCE_ON_START=${RUN_ONCE_ON_START}
- ALERT_STATE_FILE=${ALERT_STATE_FILE:-./data/stuck-tx-alerts.json}
- ALERT_CLEANUP_HOURS=${ALERT_CLEANUP_HOURS:-48}
env_file:
- .env
volumes:
- ./data:/app/data
restart: unless-stopped
Loading
Loading