feat: migrate anti-abuse oracle from apps to pedalboard#29
Merged
Conversation
Track listens are no longer recorded on-chain. Removes the listen endpoint, rate limiting, Solana instruction builders, and all related config/env vars. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Brings the AAO service to parity with the version in apps/packages/discovery-provider/plugins/pedalboard/apps/anti-abuse-oracle: - Adds sdk.ts wrapper around @audius/sdk for getUserByHandle lookups - Adds useEmail + queryUsers to identity/actionLog so the UI can show the user's email and resolve fingerprint cohort handles - Adds block-user / unblock-user admin endpoints + UI (ensures the anti_abuse_blocked_users table at boot) - Renders has_profile_picture in the score breakdown - HashId.parse on SDK user.id when computing normalized score - Bumps deps to match apps version: @audius/sdk@5.0.0 + @audius/sdk-legacy alias, adds @solana/web3.js, bn.js, envalid The apps copy is left in place until the pedalboard image is deployed and verified. Follow-up: update aaoEndpoint default in apps/packages/identity-service/src/config.js (currently points to the old docker-compose hostname http://anti-abuse-oracle_anti_abuse_oracle_1:8000). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
`sdk.users.getUserByHandle` returns `{ data: User }` in @audius/sdk v5,
not `{ data: User[] }` as in legacy. Drop the array indexing so the
build's tsc step succeeds.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Brings the anti-abuse oracle (AAO) service over from
apps/packages/discovery-provider/plugins/pedalboard/apps/anti-abuse-oracleinto pedalboard, the same way solana-relay lives here. Source files are updated to parity with the apps version; the apps copy is left in place until this image is deployed and verified.apps/anti-abuse-oracle/src/server.tsx— Hono routes (/attestation/check,POST /attestation/:handle, block/unblock admin) + admin UI on port 6003apps/anti-abuse-oracle/src/actionLog.ts— discovery DB queries + scoring (now includeshas_profile_picture,queryUsers)apps/anti-abuse-oracle/src/identity.ts— fingerprint/email lookups from identity DB (now also exposesuseEmail)apps/anti-abuse-oracle/src/sdk.ts— new SDK wrapper forgetUserByHandleapps/anti-abuse-oracle/src/config.ts—Environmenttype for SDK env mappingapps/anti-abuse-oracle/package.json— bumped deps to mirror apps:@audius/sdk@5.0.0+@audius/sdk-legacy(npm:@audius/sdk@5.0.0 alias),@solana/web3.js,bn.js,envalidService is already registered in
.github/config/services.jsonand the rootdocker:anti-abuse-oraclescript, so the multiarch image build picks it up automatically.Follow-ups (separate PRs)
apps/packages/identity-service/src/config.js:689defaultsaaoEndpointtohttp://anti-abuse-oracle_anti_abuse_oracle_1:8000. Once the pedalboard image is deployed, this needs to point at the new k8s Service hostname.apps/packages/discovery-provider/plugins/pedalboard/apps/anti-abuse-oracle/after this is verified in prod.Test plan
audius/anti-abuse-oracle:<sha>turbo run lint --filter=@pedalboard/anti-abuse-oracle)npm run docker:anti-abuse-oraclebuilds cleanaudius_db_url+IDENTITY_DB_URLand hit/attestation/check?wallet=…; should return{data: "allowed"}or{data: "blocked"}/attestation/uiwith basic auth; recent claims table rendersPOST /attestation/<handle>with{challengeId, challengeSpecifier, amount}returns a signed attestation hex string🤖 Generated with Claude Code