Rate Limits per Endpoint (Cost-Aware)#1
Open
Menjay7 wants to merge 48 commits into
Open
Conversation
Closes #430: evidence upload session
feat: implement persistent background sync queue with retry logic and…
…vability Add testnet observability metrics
Entity Linking to Projects, Assets, and Ecosystem Registry
feat(tx): add transaction tracking models
Add staging/testnet environment profile and config validation for AI …
Exposes GET /onchain/aid-escrow/transactions/:hash/status for frontend/mobile to poll Soroban RPC and get normalized tx status during Testnet. - Add TxStatus type and GetTransactionStatus interfaces to OnchainAdapter - Implement getTransactionStatus in SorobanAdapter using getTransaction RPC call, mapping NOT_FOUND→pending, SUCCESS→succeeded, FAILED→failed, else→unknown - Add deterministic mock implementation in MockOnchainAdapter for testing - Add getTransactionStatus method to AidEscrowService - Add GET transactions/:hash/status endpoint to AidEscrowController with Swagger docs - Add 18 tests covering all status mappings, response shape, timeout behaviour, service delegation, and controller validation
Satisfies the OnchainAdapter interface contract added in the previous commit. Uses the getTransaction JSON-RPC call and maps the raw status to the normalized TxStatus type.
feat(onchain): add transaction status polling endpoint
Testnet Demo Seed Endpoint
chore: update gitignore for python and kiro artifacts
feat: add on-chain health probe endpoint
Feature/ledger backfill 419
…l-frontend-db-metadata Resolve README merge conflict and keep branded header/logo Sync upstream removals of obsolete docs, cache/db artifacts, and temp output files Include backend idempotency interceptor and verification flow updates Add repository logo asset
) - Add deployment record: deployments/testnet-2026-06-03.md - Contract ID: CDSBJ27PKTNFTRW6OKPCVXDRUSSRUIQUG6DW5PUTKLDXTDT23NQIS6JG - WASM Hash: 24328e15b7c11c7ff07caeaf0328da591b3b63e84af57fa03623c10126eabc8d - Deployer: GA5TBSBGERHVMEFBJGEM3KYMRLWO73Y2QRAV6P66GPEBOJ5ZMJUT7LLY - Transaction hashes and verification steps included - Update DEPLOY_TESTNET_RUNBOOK.md - Add Recorded Deployments table at top - Fix WASM target throughout: wasm32-unknown-unknown to wasm32v1-none (Stellar CLI 26+) - Update build and deploy commands to use stellar CLI - Link to deployment records - Document deployed contract in READMEs - contracts/aid_escrow/README.md: add testnet deployment table - README.md: add Deployed Contract (Testnet) section with explorer links - Update deploy toolchain - scripts/deploy.sh: use wasm32v1-none path, switch to stellar CLI, graceful fallback - .cargo/config.toml: add wasm32v1-none target, retain legacy aliases - .env.example: add CONTRACT_ID placeholder Req: Build and deploy aid_escrow to Testnet; record artifacts, TX hashes, and verification steps. Initialize with deployer as admin. Verify core package lifecycle flows (create, claim, revoke, cancel).
Add database persistence for contract deployment metadata to enable the backend to report currently configured contracts and their provenance. Changes: - Add DeploymentMetadata Prisma model with fields: contractName, network, contractId, wasmHash, deployedAt, commitSha, deployer, transactionHash, and additional metadata - Create migration 20260603000000_add_deployment_metadata with unique constraint on (network, contractName) for tenant safety - Implement DeploymentMetadataService with CRUD operations and query methods (findByNetwork, findByNetworkAndContractName, findByContractId) - Implement DeploymentMetadataController with admin-only REST endpoints: * POST /deployment-metadata - Create metadata * GET /deployment-metadata - List all * GET /deployment-metadata/by-network/:network - Filter by network * GET /deployment-metadata/by-contract/:network/:contractName - Lookup contract * GET /deployment-metadata/by-contract-id/:contractId - Lookup by ID * PUT /deployment-metadata/:id - Update metadata * DELETE /deployment-metadata/:id - Delete metadata - Add unit tests (deployment-metadata.service.spec.ts) covering CRUD operations and tenant isolation - Add e2e tests (deployment-metadata.e2e-spec.ts) covering full HTTP stack, authorization, and tenant safety - Update seed.ts to persist testnet AidEscrow contract metadata: * Contract ID: CDSBJ27PKTNFTRW6OKPCVXDRUSSRUIQUG6DW5PUTKLDXTDT23NQIS6JG * WASM Hash: 24328e15b7c11c7ff07caeaf0328da591b3b63e84af57fa03623c10126eabc8d * Deployer: GA5TBSBGERHVMEFBJGEM3KYMRLWO73Y2QRAV6P66GPEBOJ5ZMJUT7LLY * Transaction Hash: 292bf42f063310028456890e88861cd1650149ef0d4e66ba2a22ea5769964e64 - Register DeploymentMetadataModule in AppModule - Add comprehensive module documentation Security and Tenant Safety: - All endpoints protected with admin role authentication - Network-based isolation prevents cross-network access - Unique constraint enforces one deployment per contract per network - Full audit trail with timestamps
…ions - Add clsx and tailwind-merge dependencies for cn() utility function - Replace JSX component assignment pattern with icon render functions in ErrorInline - Remove duplicate exports from InlineFeedback (each component already exported individually) - Add TransactionStatus enum, Transaction interface, and useTransactionTracker hook with proper state management - Update MutationVariables interface to use campaignName instead of name for optimistic mutations - Align TransactionRecord createdAt type to Date across storage and hooks - Add complete transaction storage CRUD operations with type-safe date handling
…romise
- Refactor 'src/i18n.ts' to consume the asynchronous 'requestLocale' promise parameter per Next.js 16 requirements, eliminating the premature 'notFound()' root loop.
- Convert 'src/app/[locale]/page.tsx' into an async server component to cleanly await dynamic routing parameters before execution.
- Hard-harden 'src/app/global-error.tsx' by using semantic, layout-insulated HTML instead of complex local sub-components to prevent root shell initialization traps.
- Housekeeping: Dropped deprecated legacy files ('src/app/help/page.tsx' and root level 'src/middleware.ts') to avoid routing manifest layout collisions.
…files - Remove duplicate 'package-lock.json' and 'pnpm-lock.yaml' files to resolve remote builder environment conflicts. - Add 'vercel.json' configuration to lock down project metadata parameters. - Sync 'package.json' settings to align with the active production profile. - Successfully deployed live web frontend instance at https://soter-ashen.vercel.app
- Align database inserts with Prisma schema by changing 'otpHash' to 'code' in internal notes spec - Fix compilation failures in verification lifecycle teardown loops by resolving unmapped property filters - Standardize NestJS application initialization and validation pipe transform configurations - Ensure complete database isolation by expanding cleanup coverage across related relational entities
Fixes structural equality failure in campaigns.service.spec.ts by replacing strict .toEqual() and expect.any(Object) with .toMatchObject(). This accurately matches the primitive number forwarded by the service instead of assuming a Decimal object wrapper.
…-frontend-db-metadata deploy: testnet escrow vercel frontend db-metadata
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Description
Overview
This PR introduces endpoint-specific, cost-aware rate limiting to better manage API resource consumption and ensure fair usage across different request types.
Problem
The previous rate-limiting strategy applied uniform limits across endpoints, despite significant differences in computational cost and resource usage. This could lead to:
inefficient resource allocation
increased risk of abuse on expensive endpoints
unfair throttling of lightweight requests
degraded system performance under load
Changes Made
Added endpoint-specific rate limit configuration
Introduced cost-based request weighting for rate limit calculations
Implemented differentiated limits for low-, medium-, and high-cost operations
Refactored rate-limiting middleware to support weighted consumption
Added configuration support for custom endpoint cost definitions
Improved monitoring and visibility into rate limit utilization
Benefits
Better protection for resource-intensive endpoints
More efficient use of infrastructure capacity
Fairer request handling across different API operations
Improved system stability during traffic spikes
Greater flexibility in managing API consumption policies
Testing
Verified endpoint-specific rate limits are enforced correctly
Tested weighted request consumption across varying endpoint costs
Confirmed low-cost endpoints remain accessible under normal usage
Validated throttling behavior for high-cost operations
Ensured no regression in existing authentication and request flows.... Closed Pulsefy#460