add Go-Services

Author: meleksabit

.terraformignore

@@ -0,0 +1,74 @@
+# Terraform state and backup files
+*.tfstate
+*.tfstate.backup
+*.tfplan
+
+# Terraform internal directories
+.terraform/
+
+# Logs and debug artifacts
+*.log
+crash.log
+*.out
+*.err
+
+# AWS credentials and sensitive files
+.aws/
+*.pem
+*.key
+*.crt
+*.env
+.env.*
+credentials.json
+secrets/
+**/credentials.tfvars
+
+# Python artifacts
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+*.egg-info/
+*.dist-info/
+*.ipynb_checkpoints/
+*.sqlite3
+*.db
+.venv/
+venv/
+env/
+
+# Docker build cache and local overrides
+Dockerfile.*
+docker-compose.override.yml
+*.tar
+*.img
+
+# Node-related (if present)
+node_modules/
+npm-debug.log
+yarn-error.log
+
+# Editor/OS/CI-related
+.idea/
+.vscode/
+*.swp
+*.swo
+*.bak
+*.tmp
+.DS_Store
+Thumbs.db
+
+# Git
+.git/
+.gitignore
+.gitattributes
+
+# Tests & coverage (optional)
+coverage/
+tests/__pycache__/
+test-results/
+
+# Model cache (if using Hugging Face Transformers)
+model_cache/
+transformers_cache/
+huggingface/

Jenkinsfile

@@ -1,45 +1,25 @@
 pipeline {
     agent any
     environment {
-        // Set environment variables
         ECR_REGISTRY = credentials('ecr-registry-uri')
         AWS_REGION = 'eu-central-1'
         DOCKER_TAG = 'latest'
     }
     stages {
         stage('Build and Push ai-agent') {
-            agent {
-                docker {
-                    image 'docker:24-dind'
-                    args '--privileged'
-                    reuseNode true
-                }
-            }
-            when {
-                changeset "ai-agent/**"
-            }
+            agent { docker { image 'docker:24-dind'; args '--privileged'; reuseNode true } }
+            when { changeset "ai-agent/**" }
             steps {
-                withAWS(credentials: 'aws-credentials', region: "${AWS_REGION}") { // AWS creds stored in Jenkins
+                withAWS(credentials: 'aws-credentials', region: "${AWS_REGION}") {
                     sh 'aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${ECR_REGISTRY}'
                     sh 'docker build -t ${ECR_REGISTRY}/ai-agent:${DOCKER_TAG} ./ai-agent'
                     sh 'docker push ${ECR_REGISTRY}/ai-agent:${DOCKER_TAG}'
                 }
             }
         }
         stage('Build and Push Go Microservices') {
-            agent {
-                docker {
-                    image 'docker:24-dind'
-                    args '--privileged'
-                    reuseNode true
-                }
-            }
-            when {
-                anyOf {
-                    changeset "go-services/blockchain-monitor/**"
-                    changeset "go-services/anomaly-detector/**"
-                }
-            }
+            agent { docker { image 'docker:24-dind'; args '--privileged'; reuseNode true } }
+            when { anyOf { changeset "go-services/blockchain-monitor/**"; changeset "go-services/anomaly-detector/**" } }
             steps {
                 withAWS(credentials: 'aws-credentials', region: "${AWS_REGION}") {
                     sh 'aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${ECR_REGISTRY}'
@@ -54,20 +34,12 @@ pipeline {
             }
         }
         stage('Build and Push Dashboard') {
-            agent {
-                docker {
-                    image 'docker:24-dind'
-                    args '--privileged'
-                    reuseNode true
-                }
-            }
-            when {
-                changeset "dashboard/**"
-            }
+            agent { docker { image 'docker:24-dind'; args '--privileged'; reuseNode true } }
+            when { changeset "dashboard/**" }
             steps {
                 withAWS(credentials: 'aws-credentials', region: "${AWS_REGION}") {
                     sh 'aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${ECR_REGISTRY}'
-                    sh 'docker build -t ${ECR_REGISTRY}/dashboard:${DOCKER_TAG} ./dashboard'
+                    sh 'docker build -t ${ECR_REGISTRY}/dashboard:${DOCKER_TAG} ./dashboard'  // Adjust if merged with anomaly-detector
                     sh 'docker push ${ECR_REGISTRY}/dashboard:${DOCKER_TAG}'
                 }
             }
@@ -76,19 +48,15 @@ pipeline {
             steps {
                 withAWS(credentials: 'aws-credentials', region: "${AWS_REGION}") {
                     sh 'helm upgrade --install ai-agent ./helm/ai-agent --namespace default --set image.repository=${ECR_REGISTRY}/ai-agent'
-                    sh 'helm upgrade --install blockchain-monitor ./helm/go-microservices/blockchain-monitor --namespace default'
-                    sh 'helm upgrade --install anomaly-detector ./helm/go-microservices/anomaly-detector --namespace default'
-                    sh 'helm upgrade --install dashboard ./helm/dashboard --namespace default'
+                    sh 'helm upgrade --install blockchain-monitor ./helm/go-microservices/blockchain-monitor --namespace default --set image.repository=${ECR_REGISTRY}/blockchain-monitor'
+                    sh 'helm upgrade --install anomaly-detector ./helm/go-microservices/anomaly-detector --namespace default --set image.repository=${ECR_REGISTRY}/anomaly-detector'
+                    sh 'helm upgrade --install dashboard ./helm/dashboard --namespace default --set image.repository=${ECR_REGISTRY}/dashboard'
                 }
             }
         }
     }
     post {
-        always {
-            sh 'echo "Pipeline complete!"'
-        }
-        failure {
-            echo 'Build failed!'
-        }
+        always { sh 'echo "Pipeline complete!"' }
+        failure { echo 'Build failed!' }
     }
 }

ai-agent/Dockerfile

@@ -2,15 +2,18 @@
 FROM python:3.12-slim AS builder
 WORKDIR /app
 COPY requirements.txt .
-RUN pip install --no-cache-dir -r requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt && \
+    pip install --no-cache-dir hf_xet
 
 # Stage 2: Runtime image
 FROM python:3.12-slim
 WORKDIR /home/appuser/app
 COPY --from=builder /usr/local/lib/python3.12/site-packages/ /usr/local/lib/python3.12/site-packages/
 COPY --from=builder /usr/local/bin/ /usr/local/bin/
 COPY ai_agent.py .
-RUN useradd -m appuser && chown -R appuser:appuser /home/appuser/app
+RUN useradd -m appuser && \
+    mkdir -p /home/appuser/.cache && \
+    chown -R appuser:appuser /home/appuser
 USER appuser
 HEALTHCHECK --interval=30s --timeout=3s \
     CMD curl -f http://localhost:8000/health || exit 1

ai-agent/ai_agent.py

@@ -2,6 +2,7 @@
 import os
 import re
 import hvac
+import subprocess
 from fastapi import FastAPI, HTTPException
 from pydantic import BaseModel
 from transformers import AutoTokenizer, AutoModelForSequenceClassification
@@ -78,6 +79,14 @@ def analyze(self, tx_data, web3):
         else:
             return f"Normal Transaction (Score: {anomaly_score:.2f})"
 
+# Ensure hf_xet is installed
+def ensure_hf_xet():
+    try:
+        import hf_xet
+        logger.info("hf_xet package is already installed")
+    except ImportError:
+        logger.warning("hf_xet not installed in image, expected pre-installation. Falling back to HTTP download.")
+
 # Health endpoint
 @app.get("/health")
 async def health_check():
@@ -99,7 +108,8 @@ async def health_check():
 # Vault client setup
 @lru_cache(maxsize=1)
 def get_vault_client():
-    client = hvac.Client(url="http://vault.vault.svc.cluster.local:8200")
+    vault_addr = os.environ.get("VAULT_ADDR", "http://vault:8200")
+    client = hvac.Client(url=vault_addr)
     client.token = os.environ.get("VAULT_AUTH_TOKEN")
     if not client.is_authenticated():
         raise Exception("Vault authentication failed")
@@ -116,7 +126,7 @@ def get_infura_key():
         if api_key.startswith("https://"):
             logger.warning("Infura key from Vault appears to be a full URL - extracting key")
             api_key = api_key.split("/")[-1]
-        os.environ["INFURA_API_KEY"] = api_key  # For redaction in logs
+        os.environ["INFURA_API_KEY"] = api_key
         logger.info("Infura key retrieved from Vault")
         return api_key
     except Exception as e:
@@ -209,6 +219,7 @@ async def analyze_transaction(tx: Transaction):
 @app.on_event("startup")
 async def startup_event():
     try:
+        ensure_hf_xet()  # Ensure hf_xet is installed
         web3 = connect_web3()
         ai_model = AIModel.get_instance()
         logger.info("Starting blockchain polling and historical fetch in background")
@@ -240,4 +251,3 @@ async def poll_blockchain(web3):
 if __name__ == "__main__":
     import uvicorn
     uvicorn.run(app, host="0.0.0.0", port=8000)
-    

ai-agent/requirements.txt

@@ -12,3 +12,4 @@ gunicorn==23.0.0
 hvac==2.3.0
 psycopg2-binary==2.9.10
 pydantic==2.10.6
+huggingface-hub[hf_xet]

docker-compose.yml

@@ -1,20 +1,76 @@
 services:
+  vault:
+    image: hashicorp/vault:1.19.0
+    container_name: vault
+    ports:
+      - "8200:8200"
+    environment:
+      - VAULT_DEV_ROOT_TOKEN_ID=myroot
+      - VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200
+    command: server -dev
+    cap_add:
+      - IPC_LOCK
+    healthcheck:
+      test: ["CMD", "vault", "status", "-address=http://localhost:8200"]
+      interval: 5s
+      timeout: 2s
+      retries: 10
+
+  blockchain-monitor:
+    build:
+      context: ./go-services/blockchain-monitor
+      dockerfile: Dockerfile
+    container_name: blockchain-monitor
+    ports:
+      - "8081:8081"
+    environment:
+      - PORT=8081
+      - VAULT_ADDR=http://vault:8200
+      - VAULT_TOKEN=myroot
+    depends_on:
+      vault:
+        condition: service_healthy
+    command: "sh -c 'sleep 15 && ./blockchain-monitor'"
+  anomaly-detector:
+    build:
+      context: ./go-services/anomaly-detector
+      dockerfile: Dockerfile
+    container_name: anomaly-detector
+    ports:
+      - "8082:8082"
+    environment:
+      - PORT=8082
+      - VAULT_ADDR=http://vault:8200
+      - VAULT_TOKEN=myroot
+    depends_on:
+      - vault
+
+  dashboard:
+    build:
+      context: ./go-services/dashboard
+      dockerfile: Dockerfile
+    container_name: dashboard
+    ports:
+      - "8083:8083"
+    environment:
+      - PORT=8083
+      - VAULT_ADDR=http://vault:8200
+      - VAULT_TOKEN=myroot
+    depends_on:
+      - vault
+
   ai-agent:
     build:
       context: ./ai-agent
       dockerfile: Dockerfile
-    image: ${DOCKER_USERNAME}/ai-agent:${TAG}
+    container_name: ai-agent
     ports:
-      - "8000:8000"  # Exposes FastAPI API
-    user: "1000:1000"  # Run as non-root user
+      - "8000:8000"
     environment:
-      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
-      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
-      - AWS_REGION=eu-central-1
-    restart: unless-stopped
-    networks:
-      - ai-network
-
-networks:
-  ai-network:
-    driver: bridge
+      - PORT=8000
+      - VAULT_ADDR=http://vault:8200
+      - VAULT_AUTH_TOKEN=myroot
+    depends_on:
+      vault:
+        condition: service_healthy
+    command: "sh -c 'sleep 15 && gunicorn -k uvicorn.workers.UvicornWorker ai_agent:app'"

go-services/anomaly-detector/Dockerfile

@@ -0,0 +1,23 @@
+# Stage 1: Build the application
+FROM golang:1.24 AS builder
+
+WORKDIR /app
+
+COPY go.mod go.sum ./
+
+RUN go mod download
+
+COPY . .
+
+RUN CGO_ENABLED=0 GOOS=linux go build -o anomaly-detector
+
+# Stage 2: Copy the application to the runtime image
+FROM alpine:latest
+
+WORKDIR /app
+
+COPY --from=builder /app/anomaly-detector .
+
+EXPOSE 8082
+
+CMD ["./anomaly-detector"]