Skip to content

CannonOps/backend

BranchesTags

Repository files navigation

Backend – Safe Transaction Aggregator

The backend powers Cannon Ops’ multi-chain DevOps workflows by acting as a lightweight replacement for Safe Transaction Service. It stages transactions, validates Safe signatures, deduplicates nonces, and (optionally) persists state to Redis so that multisig operators can collaborate before executing on-chain.

Features

  • Validates Safe transaction payloads via on-chain getTransactionHash, nonce, and checkNSignatures.
  • Enforces rate limits, payload size limits, and signature caps to harden the public surface.
  • Supports Redis-backed persistence (REDIS_URL) with automatic in-memory fallback.
  • Discovers RPCs via viem/chains.
  • Exposes /health for container/LB probes.

Prerequisites

  • Node.js 20+ and npm 10+.
  • Access to at least one RPC endpoint per supported chain.
  • Optional Redis deployment for persistence and HA setups.

Local development

npm install
npm run start

Use PORT to change the listener. Available scripts:

  • npm run start – launch the API server.
  • npm run lint – Prettier formatting checks.
  • npm run test – reserved for integration/unit suites.
  • npm run e2e – reserved for end-to-end flows.
  • npm run e2e:headless – reserved for CI-safe e2e runs.

Environment variables

Variable Description Default
PORT HTTP port 8080
REDIS_URL Optional Redis connection string (redis:// or rediss://) none
Additional advanced variables Configure metadata ingestion, fallbacks, etc. via your private .env. not documented publicly

Example custom RPC configuration:

RPC_URLS=https://mainnet.infura.io/v3/KEY,https://optimism.infura.io/v3/KEY npm run start

API surface

Method Route Description
GET /:chainId/:safeAddress Returns staged transactions sorted by nonce.
POST /:chainId/:safeAddress Validates and stores signatures for a Safe transaction.
GET /health Returns { status: "ok", version } if dependencies are reachable.

Payloads must include { txn, sigs, createdAt, updatedAt }. The service merges signatures and prunes stale entries automatically.

Deployment notes

  • Mount persistent Redis for multi-instance deployments so each replica can hydrate staged transactions on boot.
  • Use the readiness check to gate rolling updates; the server toggles _healthChecking to prevent overload.

Troubleshooting

  • invalid signature – Ensure signatures follow Safe concatenation ordering; the backend sorts them but expects recoverable payloads.
  • chain id not supported – Provide custom RPCs for networks not bundled in viem/chains.
  • proposed nonce ... errors – Operators tried to stage out-of-order nonces; enforce sequential signing in runbooks.

Refer to SECURITY.md for responsible disclosure and ABOUT.md for the broader roadmap context.

About

CannonOps backend - tx coordination layer

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

v2.26.2 Latest
Nov 28, 2025

Packages

No packages published

Contributors 2

  •  
  •  

Languages