feat: alerts and validator updates

.github/workflows/bridge-explorer-develop-staging.yml

@@ -18,36 +18,8 @@ permissions:
   contents: write # This is required for actions/checkout
 
 jobs:
-  security-audit:
-    name: Dependency Security Audit
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
-        with:
-          fetch-depth: 0
-
-      - name: Enable Corepack
-        run: |
-          npm install -g corepack@0.34.6
-          corepack enable
-
-      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
-        with:
-          node-version-file: '.nvmrc'
-          cache: 'pnpm'
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Run security audit
-        run: pnpm audit --audit-level=high
-
   build-and-push:
     name: Build and Push to Artifact Registry
-    needs: security-audit
     runs-on: ubuntu-latest
     outputs:
       environment: ${{ steps.set-env.outputs.environment }}

.github/workflows/publish-ghcr-image-release.yml

@@ -11,7 +11,34 @@ permissions:
   packages: write # This is required for pushing to GHCR
 
 jobs:
+  security-audit:
+    name: Dependency Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        with:
+          fetch-depth: 0
+
+      - name: Enable Corepack
+        run: |
+          npm install -g corepack@0.34.6
+          corepack enable
+
+      - name: Setup Node
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run security audit
+        run: pnpm audit --audit-level=high
+
   Build_and_push_image_to_GHCR:
+    needs: security-audit
     runs-on: ubuntu-latest
     steps:
       - name: Git clone the repository

alerts/.dockerignore

@@ -0,0 +1,106 @@
+# Dependencies
+node_modules
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage
+.grunt
+
+# Bower dependency directory
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons
+build/Release
+
+# Dependency directories
+jspm_packages/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# Environment files
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# Runtime logs
+logs
+*.log
+
+# Build outputs (already copied from builder stage)
+dist
+
+# Development files
+src/**/*.test.ts
+src/**/*.spec.ts
+**/*.test.js
+**/*.spec.js
+
+# IDE files
+.vscode
+.idea
+*.swp
+*.swo
+*~
+
+# OS files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Git
+.git
+.gitignore
+.gitattributes
+
+# Docker
+Dockerfile
+docker-compose.yml
+docker-compose.*.yml
+.dockerignore
+
+# Documentation
+README.md
+*.md
+docs/
+
+# Alert state data (will be mounted as volume)
+data/
+
+# Monitoring config
+monitoring/

alerts/.env.example

@@ -4,10 +4,36 @@ SLACK_TOKEN=
 # Slack Channel to send a message
 SLACK_CHANNEL=
 
+# self-contained slack webhook, doesn't required SLACK_TOKEN & SLACK_CHANNEL if SLACK_WEBHOOK_URL is created
+SLACK_WEBHOOK_URL=
+
 # Providers URLs
 MAINNET_RPC_URL=https://rpc.ankr.com/eth
 GNOSIS_RPC_URL=https://rpc.ankr.com/gnosis
 
-# Subgraph URLs
-SUBGRAPH_API_NATIVE=https://api.thegraph.com/subgraphs/name/laimejesus/bridge-monitor-native
-SUBGRAPH_API_FOREIGN=https://api.thegraph.com/subgraphs/name/laimejesus/bridge-monitor-foreign
+# Envio Indexer URL
+ENVIO_INDEXER_URL=
+
+## Validator balance
+# true= only track validator balance on Gnosis Chain
+IS_VALIDATOR_BALANCE_ON_GC=true
+MIN_XDAI_BALANCE_THRESHOLD=1 # 1xdai
+MIN_ETH_BALANCE_THRESHOLD=0 # set to 0 because the validator doesn't require balance to claim on Ethereum
+
+## Inactive validator 
+# max hrs to consider a validator inactive (not calling on chain function)
+INACTIVITY_THRESHOLD_HOURS=12
+
+## Stucked tx
+# max hrs after first initiated a tx but still at 'COLLECTING' status
+TRANSACTION_TIMEOUT_HOURS=1
+
+# Scheduler Configuration
+SCHEDULE_ENABLED=true
+SCHEDULE_CRON=*/15 * * * *
+RUN_ONCE_ON_START=true
+
+# Alert State Management
+ALERT_STATE_FILE=./data/stuck-tx-alerts.json
+ALERT_CLEANUP_HOURS=48
+NODE_ENV=PROD # or DEV

alerts/.gitignore

@@ -10,5 +10,10 @@
 # custom logs
 /logs
 
+# alert state data
+/data
+
 #types
 src/types/
+
+/dist

alerts/Dockerfile

@@ -0,0 +1,37 @@
+# Production stage
+FROM node:22-alpine
+
+# Accept build arguments
+ARG ENVIO_INDEXER_URL
+
+ENV ENVIO_INDEXER_URL=$ENVIO_INDEXER_URL
+
+# Install dumb-init for proper signal handling
+RUN apk add --no-cache dumb-init
+
+# Set working directory
+WORKDIR /app
+
+# Copy package files
+COPY package.json ./
+
+# Install dependencies using pnpm
+RUN corepack enable && corepack prepare pnpm@latest --activate
+COPY pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile
+
+# Copy source code
+COPY . .
+
+# Generate types
+RUN pnpm typechain
+RUN pnpm build
+
+# Create data directory with correct ownership
+RUN mkdir -p /app/data
+
+# Use dumb-init to handle signals properly
+ENTRYPOINT ["dumb-init", "--"]
+
+# Default command
+CMD ["pnpm", "start"]

alerts/README.md

@@ -6,7 +6,22 @@ The alerts that will be sent are:
 
 - Low Balance (XDAI or ETH) for validators
 - Low Limits for XDAI Native and Foreign Bridge Contracts (dailyLimit and executionDailyLimit)
-- ....
+- Invalid validator: When validator is not signing transactions for threshold amount of time
+- Stucked Transaction: When a transaction is initiated but still in 'Collecting' status for threshold amount of time
+
+# Dev
+
+```shell
+cp .env.example .env
+pnpm install && pnpm typechain && pnpm build
+pnpm dev # or pnpm start
+```
+
+# Run docker
+
+```shell
+docker compose up --build
+```
 
 ### Validators
 
@@ -19,6 +34,7 @@ A limit is low when it is under 25%? of the total limit per day. (TBD)
 ## Configuration
 
 Remember to configure Slack App:
+
 - create slack app
 - add slack into workspace
 - create scope permissions for slack
@@ -29,10 +45,10 @@ Remember to configure Slack App:
 
 - Setup Env Variables
   - cp .env.example .env
-- Install npm dependencies
-  - yarn install
+- Install dependencies
+  - pnpm install
 - Run script
-  - yarn dev
+  - pnpm dev
 
 ### References
 

alerts/docker-compose.yml

@@ -0,0 +1,28 @@
+version: "3.8"
+
+services:
+  alerts:
+    build:
+      context: .
+      args:
+        - ENVIO_INDEXER_URL=${ENVIO_INDEXER_URL}
+    environment:
+      - SLACK_TOKEN=${SLACK_TOKEN}
+      - SLACK_CHANNEL=${SLACK_CHANNEL}
+      - SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL}
+      - MAINNET_RPC_URL=${MAINNET_RPC_URL}
+      - GNOSIS_RPC_URL=${GNOSIS_RPC_URL}
+      - ENVIO_INDEXER_URL=${ENVIO_INDEXER_URL}
+      - IS_VALIDATOR_BALANCE_ON_GC=${IS_VALIDATOR_BALANCE_ON_GC}
+      - INACTIVITY_THRESHOLD_HOURS=${INACTIVITY_THRESHOLD_HOURS}
+      - TRANSACTION_TIMEOUT_HOURS=${TRANSACTION_TIMEOUT_HOURS}
+      - SCHEDULE_ENABLED=${SCHEDULE_ENABLED:-true}
+      - SCHEDULE_CRON=${SCHEDULE_CRON}
+      - RUN_ONCE_ON_START=${RUN_ONCE_ON_START}
+      - ALERT_STATE_FILE=${ALERT_STATE_FILE:-./data/stuck-tx-alerts.json}
+      - ALERT_CLEANUP_HOURS=${ALERT_CLEANUP_HOURS:-48}
+    env_file:
+      - .env
+    volumes:
+      - ./data:/app/data
+    restart: unless-stopped