feat: add Superfluid streaming payments integration — contracts, subgraph, monitoring, CI/CD

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Audityzer Bot

.github/workflows/deploy-superfluid.yml

@@ -0,0 +1,43 @@
+name: Audityzer Superfluid Deploy
+
+on:
+  push:
+    branches: [main, safe-improvements]
+    paths:
+      - 'superfluid/**'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: { node-version: '20' }
+      - run: cd superfluid && npm ci
+      - run: cd superfluid && npx hardhat compile
+      - run: cd superfluid && npx hardhat test
+
+  deploy-subgraph:
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: npm install -g @graphprotocol/graph-cli
+      - run: cd superfluid/subgraph && graph auth --studio ${{ secrets.GRAPH_ACCESS_TOKEN }}
+      - run: cd superfluid/subgraph && graph codegen && graph build
+      - run: |
+          cd superfluid/subgraph
+          graph deploy --studio audityzer-streams-op \
+            --version-label v${{ github.run_number }}.0.0
+
+  deploy-contracts:
+    needs: test
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - uses: actions/checkout@v4
+      - run: cd superfluid && npm ci
+      - run: cd superfluid && npx hardhat run scripts/deploy-rewards-macro.ts --network op-mainnet
+        env:
+          OP_MAINNET_RPC: ${{ secrets.OP_MAINNET_RPC }}
+          DEPLOYER_PRIVATE_KEY: ${{ secrets.DEPLOYER_PK }}

superfluid/.env.example

@@ -0,0 +1,18 @@
+# Graph Protocol
+GRAPH_API_KEY=
+GRAPH_ACCESS_TOKEN=
+
+# Alchemy
+ALCHEMY_WS_KEY=
+ALCHEMY_SEPOLIA_KEY=
+
+# Contract Addresses
+AUDITYZER_ADDR=
+DEPLOYER_PRIVATE_KEY=
+
+# RPC
+OP_MAINNET_RPC=https://mainnet.optimism.io
+OPTIMISTIC_ETHERSCAN_API_KEY=
+
+# Subgraph
+SUPERFLUID_OP_SUBGRAPH_ID=

superfluid/README.md

@@ -0,0 +1,62 @@
+# Audityzer × Superfluid Streaming Payments Integration
+
+Superfluid streaming payments integration for the Audityzer Web3 security platform. Enables real-time, continuous reward streams to security auditors and contributors.
+
+## Architecture
+
+- **RewardsMacro Contract** — Uses Superfluid's MacroForwarder (`IUserDefinedMacro`) to batch-create reward streams in a single transaction
+- **Subgraph** — Indexes `FlowUpdated` events on Optimism Sepolia for stream tracking and TVL monitoring
+- **Monitoring Service** — Real-time WebSocket listener + 120s polling for balance and flow rate metrics
+- **CI/CD** — GitHub Actions pipeline for testing, subgraph deployment, and contract deployment
+
+## Quick Start
+
+```bash
+# Install dependencies
+npm install
+
+# Copy env and configure
+cp .env.example .env
+
+# Compile contracts
+npm run compile
+
+# Run tests
+npm test
+
+# Deploy to Optimism Sepolia
+npm run deploy:sepolia
+```
+
+## Scripts
+
+| Command | Description |
+|---------|-------------|
+| `npm run compile` | Compile Solidity contracts |
+| `npm test` | Run Hardhat tests |
+| `npm run deploy:sepolia` | Deploy RewardsMacro to OP Sepolia |
+| `npm run deploy:mainnet` | Deploy RewardsMacro to OP Mainnet |
+| `npm run stream:test` | Create a test stream on Sepolia |
+| `npm run monitor` | Start the monitoring service |
+| `npm run subgraph:codegen` | Generate subgraph types |
+| `npm run subgraph:build` | Build the subgraph |
+| `npm run subgraph:deploy:dev` | Deploy subgraph to Studio |
+
+## Networks
+
+| Network | Chain ID | RPC |
+|---------|----------|-----|
+| Optimism Sepolia | 11155420 | https://sepolia.optimism.io |
+| Optimism Mainnet | 10 | https://mainnet.optimism.io |
+
+## Key Addresses
+
+- **MacroForwarder**: `0xcfA132E353cB4E398080B9700609bb008eceB125` (same on all networks)
+
+## Integration Notes
+
+- All addresses are lowercased in subgraph queries
+- Production subgraph queries use `gateway.thegraph.com`
+- SDK initialization uses auto-resolve (no `protocolReleaseVersion` or `resolverAddress`)
+- Monitoring poll interval: 120s minimum (free API quota compliance)
+- Use `accountTokenSnapshots` (not `streamAccounts`) for subgraph queries

superfluid/config/addresses.json

@@ -0,0 +1,11 @@
+{
+  "macroForwarder": "0xcfA132E353cB4E398080B9700609bb008eceB125",
+  "rewardsMacro": {
+    "opSepolia": "",
+    "opMainnet": ""
+  },
+  "audityzerProxy": {
+    "opSepolia": "",
+    "opMainnet": ""
+  }
+}

superfluid/config/subgraph.ts

@@ -0,0 +1,2 @@
+export const SUBGRAPH_URL =
+  `https://gateway.thegraph.com/api/${process.env.GRAPH_API_KEY}/subgraphs/id/${process.env.SUPERFLUID_OP_SUBGRAPH_ID}`;

superfluid/contracts/RewardsMacro.sol

@@ -0,0 +1,52 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import {ISuperfluid, ISuperToken} from "@superfluid-finance/ethereum-contracts/contracts/interfaces/superfluid/ISuperfluid.sol";
+import {IConstantFlowAgreementV1} from "@superfluid-finance/ethereum-contracts/contracts/interfaces/agreements/IConstantFlowAgreementV1.sol";
+import {SuperTokenV1Library} from "@superfluid-finance/ethereum-contracts/contracts/apps/SuperTokenV1Library.sol";
+import {MacroForwarder, IUserDefinedMacro} from "@superfluid-finance/ethereum-contracts/contracts/utils/MacroForwarder.sol";
+
+contract RewardsMacro is IUserDefinedMacro {
+    using SuperTokenV1Library for ISuperToken;
+
+    struct RewardStream {
+        address receiver;
+        int96 flowRate;
+    }
+
+    function buildBatchOperations(
+        ISuperfluid host,
+        bytes memory params,
+        address msgSender
+    ) external view override returns (ISuperfluid.Operation[] memory operations) {
+        (ISuperToken token, RewardStream[] memory streams) = abi.decode(
+            params,
+            (ISuperToken, RewardStream[])
+        );
+
+        operations = new ISuperfluid.Operation[](streams.length);
+
+        for (uint256 i = 0; i < streams.length; i++) {
+            // Create or update flow for each reward recipient
+            bytes memory callData = abi.encodeCall(
+                IConstantFlowAgreementV1.createFlow,
+                (token, streams[i].receiver, streams[i].flowRate, new bytes(0))
+            );
+            operations[i] = ISuperfluid.Operation({
+                operationType: 201, // OPERATION_TYPE_SUPERFLUID_CALL_AGREEMENT
+                target: address(host.getAgreementClass(
+                    keccak256("org.superfluid-finance.agreements.ConstantFlowAgreement.v1")
+                )),
+                data: abi.encode(callData, new bytes(0))
+            });
+        }
+    }
+
+    function postCheck(
+        ISuperfluid host,
+        bytes memory params,
+        address msgSender
+    ) external view override {
+        // Optional: verify all streams were created successfully
+    }
+}

superfluid/hardhat.config.ts

@@ -0,0 +1,27 @@
+import { HardhatUserConfig } from "hardhat/config";
+import "@nomicfoundation/hardhat-toolbox";
+import * as dotenv from "dotenv";
+dotenv.config();
+
+const config: HardhatUserConfig = {
+  solidity: {
+    version: "0.8.24",
+    settings: { optimizer: { enabled: true, runs: 200 } },
+  },
+  networks: {
+    "op-sepolia": {
+      url: "https://sepolia.optimism.io",
+      chainId: 11155420,
+      accounts: process.env.DEPLOYER_PRIVATE_KEY ? [process.env.DEPLOYER_PRIVATE_KEY] : [],
+    },
+    "op-mainnet": {
+      url: process.env.OP_MAINNET_RPC || "https://mainnet.optimism.io",
+      chainId: 10,
+      accounts: process.env.DEPLOYER_PRIVATE_KEY ? [process.env.DEPLOYER_PRIVATE_KEY] : [],
+    },
+  },
+  etherscan: {
+    apiKey: { optimisticEthereum: process.env.OPTIMISTIC_ETHERSCAN_API_KEY || "" },
+  },
+};
+export default config;

superfluid/monitoring/monitoring.ts

@@ -0,0 +1,54 @@
+import { Framework } from "@superfluid-finance/sdk-core";
+import { ethers } from "ethers";
+
+const CONFIG = {
+  chainId: 10,
+  wsUrl: `wss://opt-mainnet.g.alchemy.com/v2/${process.env.ALCHEMY_WS_KEY}`,
+  audityzerAddr: process.env.AUDITYZER_ADDR!.toLowerCase(),
+  pollIntervalMs: 120_000,
+};
+
+let provider: ethers.WebSocketProvider;
+let sf: Framework;
+
+async function initializeMonitoring() {
+  try {
+    provider = new ethers.WebSocketProvider(CONFIG.wsUrl);
+    sf = await Framework.create({ chainId: CONFIG.chainId, provider });
+    const usdcx = await sf.loadSuperToken("USDCx");
+
+    setInterval(async () => {
+      const [rtb, netFlow] = await Promise.all([
+        usdcx.realtimeBalanceOf({ account: CONFIG.audityzerAddr, providerOrSigner: provider }),
+        sf.cfaV1.getNetFlow({ superToken: usdcx.address, account: CONFIG.audityzerAddr, providerOrSigner: provider }),
+      ]);
+      console.log({
+        availableBalance: ethers.formatEther(rtb.availableBalance),
+        deposit: ethers.formatEther(rtb.deposit),
+        netFlowRateWeiPerSec: netFlow,
+      });
+    }, CONFIG.pollIntervalMs);
+
+    const cfaContract = new ethers.Contract(
+      sf.settings.config.cfaV1Address,
+      ["event FlowUpdated(address indexed token, address indexed sender, address indexed receiver, int96 flowRate, int256 totalSenderFlowRate, int256 totalReceiverFlowRate, bytes userData)"],
+      provider
+    );
+
+    cfaContract.on("FlowUpdated", (token: string, sender: string, receiver: string, flowRate: bigint) => {
+      if (receiver.toLowerCase() === CONFIG.audityzerAddr) {
+        console.log(`Stream update: ${sender} → rate ${flowRate}`);
+      }
+    });
+
+    provider.websocket.on("close", () => {
+      console.warn("WS disconnected — reconnecting in 5s...");
+      setTimeout(initializeMonitoring, 5000);
+    });
+  } catch (err) {
+    console.error("Monitor init failed:", err);
+    setTimeout(initializeMonitoring, 10_000);
+  }
+}
+
+initializeMonitoring();

superfluid/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "@audityzer/superfluid-integration",
+  "version": "1.0.0",
+  "description": "Audityzer × Superfluid streaming payments integration",
+  "scripts": {
+    "compile": "hardhat compile",
+    "test": "hardhat test",
+    "deploy:sepolia": "hardhat run scripts/deploy-rewards-macro.ts --network op-sepolia",
+    "deploy:mainnet": "hardhat run scripts/deploy-rewards-macro.ts --network op-mainnet",
+    "stream:test": "ts-node scripts/create-test-stream.ts",
+    "monitor": "ts-node monitoring/monitoring.ts",
+    "subgraph:codegen": "cd subgraph && graph codegen",
+    "subgraph:build": "cd subgraph && graph build",
+    "subgraph:deploy:dev": "cd subgraph && graph deploy --studio audityzer-streams-op-sepolia",
+    "test:e2e": "hardhat test --network op-sepolia"
+  },
+  "dependencies": {
+    "@superfluid-finance/sdk-core": "^0.9.0",
+    "@superfluid-finance/ethereum-contracts": "^1.10.0",
+    "ethers": "^6.13.0",
+    "@graphprotocol/graph-cli": "^0.80.0",
+    "@graphprotocol/graph-ts": "^0.35.0",
+    "dotenv": "^16.4.0"
+  },
+  "devDependencies": {
+    "@nomicfoundation/hardhat-toolbox": "^5.0.0",
+    "hardhat": "^2.22.0",
+    "typescript": "^5.5.0",
+    "ts-node": "^10.9.2",
+    "@types/node": "^22.0.0"
+  }
+}

superfluid/scripts/create-test-stream.ts

@@ -0,0 +1,25 @@
+import { Framework } from "@superfluid-finance/sdk-core";
+import { ethers } from "ethers";
+
+const AUDITYZER_TEST = process.env.AUDITYZER_ADDR!.toLowerCase();
+
+async function main() {
+  const provider = new ethers.JsonRpcProvider(
+    `https://opt-sepolia.g.alchemy.com/v2/${process.env.ALCHEMY_SEPOLIA_KEY}`
+  );
+  const signer = new ethers.Wallet(process.env.DEPLOYER_PK!, provider);
+  const sf = await Framework.create({ chainId: 11155420, provider });
+  const usdcx = await sf.loadSuperToken("USDCx");
+
+  const createOp = sf.cfaV1.createFlow({
+    sender: await signer.getAddress(),
+    receiver: AUDITYZER_TEST,
+    superToken: usdcx.address,
+    flowRate: "1000000",
+  });
+
+  const tx = await createOp.exec(signer);
+  await tx.wait();
+  console.log("Stream created:", tx.hash);
+}
+main();