PGDN Discord Bot

A Discord bot for Sui validator security scanning services, providing comprehensive security analysis and verification tools for validators on the Pagoda Network.

Features

• Validator Security Scanning: Request comprehensive security scans of Sui validators
• Ownership Verification: Prove ownership of validators through IP-based validation
• Real-time Notifications: Receive scan completion notifications via Discord DMs
• Multi-validator Management: Manage and monitor multiple validators
• Privacy-focused: All interactions are DM-only for enhanced security

Commands

• /start - Get started with the bot and see available commands
• /info [validator_id] - View detailed validator information and security scores
• /list - List all your claimed validators
• /claim <validator_id> - Generate validation token to prove validator ownership
• /add <validator_id> - Add a new validator to the system
• /rescan [validator_id] - Request a fresh security scan
• /help - Show detailed help information
• /privacy - View privacy policy and data handling information
• /recommendations [validator_id] - Get security recommendations
• /feedback - Provide feedback about the bot

Setup

Prerequisites

• Python 3.8+
• Discord Bot Token
• PGDN API access
• Redis instance

Installation

1. Clone the repository:

git clone <repository-url>
cd pgdn-discord

2. Create a virtual environment:

python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

3. Install dependencies:

pip install -r requirements.txt

4. Configure environment variables:

cp .env.example .env
# Edit .env with your configuration

Environment Variables

Required variables in your .env file:

# Discord Bot Token from https://discord.com/developers/applications
DISCORD_BOT_TOKEN=your_discord_bot_token_here

# PGDN API Configuration
API_BASE_URL=http://localhost:8000/api/v1/lite
API_AUTH_TOKEN=your_api_auth_token_here

# Redis Configuration
REDIS_URL=redis://localhost:6379

# Security Configuration
STATE_SIGNING_KEY=your_secret_hmac_signing_key_here

Generate a secure signing key:

python -c "import secrets; print(secrets.token_urlsafe(32))"

Running the Bot

python main.py

Architecture

The bot is built with a modular architecture:

• DM-Only Security Model: All commands restricted to direct messages
• Webhook Integration: HTTP server for scan completion notifications
• Rate Limiting: Built-in rate limiting for API protection
• Event Logging: Structured logging with user ID hashing for privacy
• Redis Caching: Verification status caching for performance

Security Features

• IP-based Validation: Validators must be validated from their server's IP
• Token Expiration: All validation tokens expire in 30 minutes
• Privacy Protection: User IDs are hashed in all log outputs
• Webhook Authentication: All webhook endpoints require Bearer token authentication
• Secure Configuration: All secrets managed via environment variables

Development

Testing

pytest

Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests
5. Submit a pull request

License

See LICENSE file for details.

Support

For support and questions, please join our Discord server or create an issue in this repository.