Release: develop -> main#37
Merged
Merged
Conversation
The pricing-proxy ships with its own quota monitor (DFXswiss/pricing-proxy PR #7 + #9): it probes /api/v3/key every 30 min and alerts via the dedicated @dfx_pricing_proxy_bot at 80 % (warning) and 95 % (critical) of the monthly credit, with a recovery message on healthy. That makes this service's daily probe redundant. Drop the cron, its state field and its two constants; the unused CoingeckoKeyInfo interface goes with them. The BTC-staleness watchdog and the cache plumbing are untouched. Mirror of d-EURO/monitoring#68. Update the README to drop the 'daily Pro quota probe' clause from the CoinGecko section.
…ed minters (#33) A new MinterGuardService runs after syncMinters() each cycle. For any PROPOSED minter that is not on a committed whitelist (initially empty), it submits denyMinter() within the application period using a signer fetched from Vaultwarden at container start. Bridge proposals are not exempted because the bridge type is inferred from a trivial usd() check. The signing key is loaded by entrypoint.sh via bw CLI using the vault-password file and a per-container copy of the bw appdata dir mounted from the host. The key only ever lives in container memory. Whitelisted exceptions are added via PR + redeploy. GUARD_ENABLED=false disables the watcher entirely without removing the service from the module graph.
…er bw (#39) * refactor(entrypoint): use standard .env pattern instead of in-container bw Removes the bw CLI from the image and the entrypoint that fetched GUARD_PRIVATE_KEY at container start. The infrastructure repo now provides GUARD_PRIVATE_KEY directly via .env (generated by generate-env.sh from Vaultwarden at deploy time), consistent with how every other secret is wired into this stack. Trade-off: GUARD_PRIVATE_KEY now lives on the host's .env file (chmod 600) between deploys; redeploy is required to rotate it. The added complexity of bw-in-container was not worth the divergence from the established pattern. * docs(minter-guard): document env vars + fix stale whitelist comment - .env.example: document GUARD_ENABLED, GUARD_PRIVATE_KEY, GUARD_HELPER_ADDRESS, GUARD_WHITELIST_FILE in the same style as the other sections - README.md: add Minter Guard to the architecture list - whitelist.{testnet,mainnet}.json: rewrite stale "_comment". The service denies bridge proposals too — the previous comment promised the opposite.
TaprootFreak
approved these changes
May 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automatic Release PR
This PR was automatically created after changes were pushed to develop.
Commits: 1 new commit(s)
Checklist