Merge pull request #923 from rsksmart/master

master -> v2.4.1

Author: Luisfc68

.github/copilot-instructions.md

@@ -0,0 +1,3 @@
+When performing a code review, apply the checks in the prompts/review-code.prompt.md file.
+
+When performing a code review, focus on readability and avoid nested ternary operators.

.github/prompts/review-code.prompt.md

@@ -0,0 +1,59 @@
+---
+agent: 'agent'
+description: 'Perform a comprehensive code review'
+---
+
+## Role
+
+You're a senior software engineer conducting a thorough code review. Provide constructive, actionable feedback.
+
+## Review Areas
+
+Analyze the selected code for:
+
+1. **Security Issues**
+   - Input validation and sanitization
+   - Data exposure risks
+   - Injection vulnerabilities
+   - OWASP Top 10 risks
+
+2. **Performance & Efficiency**
+   - Algorithm complexity
+   - Memory usage patterns
+   - Database query optimization
+   - Unnecessary computations
+
+3. **Code Quality**
+   - Readability and maintainability
+   - Proper naming conventions
+   - Function/class size and responsibility
+   - Code duplication
+
+4. **Architecture & Design**
+   - Design pattern usage
+   - Separation of concerns
+   - Dependency management
+   - Error handling strategy
+
+5. **Testing & Documentation**
+   - Test coverage and quality
+   - Documentation completeness
+   - Comment clarity and necessity
+
+## Output Format
+
+Provide feedback as:
+
+**🔴 Critical Issues** - Must fix before merge
+**🟡 Suggestions** - Improvements to consider
+**✅ Good Practices** - What's done well
+
+For each issue:
+- Specific line references
+- Clear explanation of the problem
+- Suggested solution with code example
+- Rationale for the change
+
+Focus on: ${input:focus:Any specific areas to emphasize in the review?}
+
+Be constructive and educational in your feedback.

.github/workflows/devPortal-update.yml

@@ -16,21 +16,29 @@ jobs:
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      # Step 1: Clone the Devportal Repository
+      # Step 1: Generate GitHub App Token
+      - name: Generate GitHub App Token
+        id: generate_token
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        with:
+          app-id: ${{ secrets.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: rsksmart
+          repositories: devportal
+
+      # Step 2: Clone the Devportal Repository
       - name: Clone Devportal Repository
-        env:
-          GITHUB_TOKEN: ${{ secrets.DEVPORTAL_DOCS_UPDATE_TOKEN }}
         run: |
           TIMESTAMP=$(date +'%Y%m%d-%H%M%S')
           BRANCH_NAME="update-from-lps-${TIMESTAMP}"
           echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV
 
-          git clone https://github.com/rsksmart/devportal.git
+          git clone https://x-access-token:${{ steps.generate_token.outputs.token }}@github.com/rsksmart/devportal.git
           cd devportal
           git checkout -b ${BRANCH_NAME} || git checkout ${BRANCH_NAME}
           cd ..
 
-      # Step 2: Transform Each File and Copy to Devportal Repository
+      # Step 3: Transform Each File and Copy to Devportal Repository
       - name: Transform Files for Devportal
         run: |
           set -e
@@ -232,27 +240,23 @@ jobs:
           rm ${TEMP_FILE}
           cp ${TRANSFORMED_FILE} ${BASE_DST}/trusted-accounts.md
 
-      # Step 3: Commit and Push Changes to Devportal Repository
+      # Step 4: Commit and Push Changes to Devportal Repository
       - name: Commit and Push Changes
-        env:
-          GITHUB_TOKEN: ${{ secrets.DEVPORTAL_DOCS_UPDATE_TOKEN }}
         run: |
           cd devportal
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
           git add docs/02-developers/06-integrate/02-flyover/
           git commit -m "Automated update from Liquidity Provider Server repository"
-          git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/rsksmart/devportal.git
+          git remote set-url origin https://x-access-token:${{ steps.generate_token.outputs.token }}@github.com/rsksmart/devportal.git
           git push -f origin ${BRANCH_NAME}
 
-      # Step 4: Create a Pull Request in the Devportal Repository
+      # Step 5: Create a Pull Request in the Devportal Repository
       - name: Create Pull Request
-        env:
-          GITHUB_TOKEN: ${{ secrets.DEVPORTAL_DOCS_UPDATE_TOKEN }}
         run: |
           cd devportal
           curl -L -X POST -H "Accept: application/vnd.github+json" \
-          -H "Authorization: Bearer ${{ secrets.DEVPORTAL_DOCS_UPDATE_TOKEN }}" \
+          -H "Authorization: Bearer ${{ steps.generate_token.outputs.token }}" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
           https://api.github.com/repos/rsksmart/devportal/pulls \
           -d "{\"title\":\"Liquidity-provider-server automated update of documentation ${BRANCH_NAME}\",\"body\":\"This PR updates the Devportal documentation with the latest changes from the Liquidity Provider Server repository.\",\"head\":\"${BRANCH_NAME}\",\"base\":\"main\"}"

README.md

@@ -195,6 +195,9 @@ The service is configured in `docker-compose/monitoring/src/config.ts` and suppo
 
 The service can be configured to monitor other addresses by modifying the `MONITORED_ADDRESSES` array in `docker-compose/monitoring/src/config.ts`.
 
+## Additional clarifications
+- The liquidity provider server is designed to run with an exclusive wallet. Horizontal scaling requires a separate wallet per instance. This codebase assumes a non-shared wallet.
+
 ## More Information
 
 If you're looking forward to integrate with Flyover Protocol then you can check the [Flyover SDK repository](https://github.com/rsksmart/flyover-sdk/blob/main/README.md).

SECURITY.md

@@ -1,37 +1,25 @@
-# Liquidity Provider Server Security Process
+# RootstockLabs's Security Process
 
 We are committed to conduct our security process in a professional and civil manner. Public shaming, under-reporting or misrepresentation of vulnerabilities will not be tolerated.
 
 ## Responsible Disclosure
 
-For all security related issues, Liquidity Provider Server has two main points of contact. Reach us at `security@rootstocklabs.com` or refer to our [Bug Bounty Program](https://www.rootstocklabs.com/bug-bounty-program). **Do not open up a GitHub issue if the bug is a security vulnerability**
+For all security related issues, RootstockLabs has two main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program](https://www.rootstocklabs.com/bug-bounty-program/). **Do not open up a GitHub issue if the bug is a security vulnerability**
 
 **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rsksmart/liquidity-provider-server/issues).
 
-## Vulnerability Handling
+## Disclosure Policy
 
-### Response Time
+- Follow Immunefi's [disclosure guidelines](https://immunefi.com/responsible-publication/).
+- Public disclosure of a vulnerability makes it ineligible for a bounty.
 
-RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities:
-
-* Time to first response (from report submit) - 5 business days
-* Time to triage (from report submit) - 7 business days
-* Time to bounty (from triage) - 15 business days
-
-We'll try to keep you informed about our progress throughout the process.
-
-### Disclouse Policy
-
-* Follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
-* Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ethereum or ETC) but reports to RootstockLabs with considerable delay, then RootstockLabs may reduce or cancel the bounty.
-
-For more information check RootstockLabs bounty program policy at [HackerOne](https://hackerone.com/rootstocklabs)
+For more information, check RootstockLabs bounty program policy at [Immunefi](https://immunefi.com/bug-bounty/rootstocklabs/information)
 
 ## Public Keys
 
 ### Security
 
-```
+```gpg
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v2
 
@@ -140,4 +128,4 @@ v0FjOkVKB3PSHj1q4fogldX0Yb55tUa3rX0Rb8QEKInQj8FFPd44XHclv9PTv0OL
 IfHtYt8huvu34FA85HR8wAOPiqvyJ7Oj
 =r7Yf
 -----END PGP PUBLIC KEY BLOCK-----
-```
+```