Loading...
Loading...
Loading...
**Purpose**: Real-time system health monitoring and automated incident response
# Phase 2B.1: Monitoring & Alerting Blueprint **Purpose**: Real-time system health monitoring and automated incident response **Scope**: Testnet E2E through mainnet production **Update Frequency**: Every 60 seconds --- ## ๐ฏ Monitoring Hierarchy ### Tier 1: Critical System Invariants (HALT on violation) These must NEVER be violated. Any violation halts the relayer immediately. ``` Critical Invariant Violations (Triggers Relayer HALT) โโ SUPPLY_MISMATCH โ โโ Trigger: locked_db != chain_locked (difference > 0.001 SIGIL) โ โโ Action: Stop all operations, alert on-call โ โโ Log Level: CRITICAL โ โโ DUPLICATE_BATCH โ โโ Trigger: UNIQUE(merkle_root) constraint violation โ โโ Action: Rollback operation, investigate indexer โ โโ Log Level: CRITICAL โ โโ PROOF_VERIFICATION_FAIL โ โโ Trigger: merkle proof rejects valid withdrawal โ โโ Action: Investigate merkle logic, halt settlement โ โโ Log Level: CRITICAL โ โโ NONCE_DESYNC โโ Trigger: expected_nonce != actual_nonce on chain โโ Action: Rescan chain, realign nonce state โโ Log Level: CRITICAL ``` ### Tier 2: Operational Health (Alert but don't halt) These indicate problems that need attention but don't require immediate stop. ``` Operational Health Alerts (Alert, don't halt) โโ RPC_TIMEOUT โ โโ Trigger: 3+ consecutive RPC call failures โ โโ Action: Switch RPC endpoint, retry with backoff โ โโ Log Level: ERROR โ โโ DB_CONNECTION_LOST โ โโ Trigger: 5+ database connection failures โ โโ Action: Check DB health, restart connection pool โ โโ Log Level: ERROR โ โโ HIGH_LATENCY โ โโ Trigger: Cycle time >2s (target <1s) โ โโ Action: Investigate bottleneck, adjust batch size โ โโ Log Level: WARNING โ โโ GAS_ESTIMATE_MISS โ โโ Trigger: Actual gas > estimate * 1.5 โ โโ Action: Increase gas limit buffer, log for analysis โ โโ Log Level: WARNING โ โโ QUEUE_BUILDUP โโ Trigger: Pending operations > 10 โโ Action: Increase batch frequency or size โโ Log Level: WARNING ``` ### Tier 3: Operational Metrics (Track but don't alert) These are tracked for trends and long-term optimization. ``` Operational Metrics (Tracked, no alert threshold) โโ Settlement Latency โ โโ Metric: Time from batch creation to anchor confirmation โ โโ Target: <5 minutes โ โโ Proof Verification Success Rate โ โโ Metric: successful_verifications / total_attempts โ โโ Target: >99.9% โ โโ Duplicate Event Rate โ โโ Metric: duplicate_events / total_events โ โโ Target: 0% โ โโ RPC Success Rate โ โโ Metric: successful_calls / total_calls โ โโ Target: >99% โ โโ Database Performance โโ Metric: Query time percentiles (p50, p95, p99) โโ Target: p95 <100ms ``` --- ## ๐ Dashboard Specification ### Dashboard 1: System Health (Main) **Refresh**: Every 60 seconds **Audience**: Operations team, monitoring ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ SIGILBRIDGE RELAYER - SYSTEM STATUS โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ SUPPLY INVARIANT โ โ RELAYER STATUS โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโค โโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ DB Total: 1000.00 โ โ โ Status: RUNNING โ โ โ โ โ Chain Total: 1000.00 โ โ โ Uptime: 48h 23m โ โ โ โ Delta: 0.00 โ โ โ Cycles: 2,847 โ โ โ โ โ Status: HEALTHY โ โ Errors: 0 โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ SETTLEMENT PROGRESS โ โ NETWORK STATUS โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโค โโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ Deposits Indexed: 1,234โ โ Execution Chain: OK โ โ โ โ Batches Created: 847 โ โ Cronos RPC: OK โ โ โ โ Batches Anchored: 847 โ โ DB Connection: OK โ โ โ โ Success Rate: 99.8% โ โ All Systems: SYNCED โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ Last Update: 2026-02-09 14:32:15 UTC โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` ### Dashboard 2: Detailed Metrics ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ DETAILED PERFORMANCE METRICS โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ INDEX CYCLE (target: <100ms) โ โ โโโโโโโโโโ 89ms โ โ โ โ โ BATCH CREATION (target: <50ms) โ โ โโโโโโโโโโ 38ms โ โ โ โ โ EXECUTION LATENCY (target: <500ms) โ โ โโโโโโโโโโ 425ms โ โ โ โ โ CONFIRMATION DEPTH (target: โฅ10 blocks) โ โ โโโโโโโโโโโโ 12 blocks โ โ โ โ โ PROOF VERIFICATION (success rate) โ โ โโโโโโโโโโ 100.0% โ โ โ โ โ RPC SUCCESS RATE (target: >99%) โ โ โโโโโโโโโโ 99.7% โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` ### Dashboard 3: Alerts & Events ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ ACTIVE ALERTS & RECENT EVENTS โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ CRITICAL ALERTS: 0 โ โ โ ERROR ALERTS: 0 โ โ โ WARNING ALERTS: 0 โ โ โ โ โ Recent Events: โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ 14:30:02 โ Batch #847 anchored (root: 0xa3f...) โ โ 14:29:45 โ Invariant check passed (delta: 0.00) โ โ 14:28:32 โ 12 deposits indexed, added to batches โ โ 14:27:15 โ Proof verification successful (batch 846)โ โ 14:15:00 ๐ RPC retry #1 on execution chain โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` --- ## ๐จ Alert Configuration ### Alert 1: Supply Mismatch (CRITICAL) ```yaml Alert: SUPPLY_MISMATCH Trigger: | locked_db_total != chain_locked_total AND abs(difference) > 0.001 SIGIL Severity: CRITICAL Action: - Halt relayer immediately - Page on-call engineer - Create incident ticket - Log full balance breakdown - Save DB snapshot for audit Notification: - Email to [email protected] - Slack to #incidents - PagerDuty trigger (critical) - SMS to on-call Recovery: 1. Investigate root cause 2. Verify chain state (Web3 call) 3. Check DB logs for corruption 4. Manually correct data if needed 5. Re-validate invariant 6. Resume relayer ``` ### Alert 2: Duplicate Batch (CRITICAL) ```yaml Alert: DUPLICATE_BATCH_DETECTED Trigger: | UNIQUE(merkle_root) constraint violation OR duplicate batch number in DB Severity: CRITICAL Action: - Halt batch creation immediately - Page on-call engineer - Investigate indexer logic - Check for event replay attack - Audit event processing logs Notification: - Email to [email protected] - Slack to #incidents (with logs) - PagerDuty critical Recovery: 1. Stop indexer immediately 2. Review last 100 events 3. Identify duplicate source 4. Manually remove duplicate from DB (if safe) 5. Restart indexer with manual event replay 6. Verify no further duplicates ``` ### Alert 3: RPC Timeout (ERROR) ```yaml Alert: RPC_TIMEOUT Trigger: | 3 consecutive RPC call failures OR any single call timeout >10s Severity: ERROR (not critical) Action: - Log error with retry count - Switch to fallback RPC endpoint - Retry with exponential backoff - Alert ops team if persists >5min Notification: - Log at ERROR level - Slack notification if >10 failures - Email if >1 hour of issues Backoff Strategy: - Attempt 1: immediate - Attempt 2: wait 1s - Attempt 3: wait 2s - Attempt 4: wait 5s - Attempt 5: switch RPC + restart ``` ### Alert 4: Database Connection Lost (ERROR) ```yaml Alert: DB_CONNECTION_LOST Trigger: | 5+ consecutive database connection failures Severity: ERROR Action: - Halt all DB operations - Attempt connection pool restart - Alert ops team - Check PostgreSQL logs on server Notification: - Log at ERROR level - Email to [email protected] - Slack to #ops Recovery: 1. Check database server health 2. Verify network connectivity 3. Check PostgreSQL logs 4. Restart connection pool 5. Verify connectivity 6. Resume relayer ``` ### Alert 5: High Latency (WARNING) ```yaml Alert: HIGH_LATENCY Trigger: | Cycle time > 2 seconds (target: <1 second) Severity: WARNING Action: - Continue operations (don't halt) - Log warning with latency measurements - Alert ops for investigation - Check for bottlenecks Notification: - Log at WARNING level - Slack notification if >5min sustained Investigation: 1. Check RPC latency (should be <500ms) 2. Check database query times 3. Check batch size (might be too large) 4. Check confirmation depth setting 5. Analyze merkle tree generation time ``` --- ## ๐ Monitoring Infrastructure ### Logging Level Configuration ```yaml Logging Levels: CRITICAL: System invariants violated - Supply mismatch detected - Duplicate batch created - Nonce desynchronized - Proof verification failed ERROR: Operational failures - RPC connection lost - Database error - Transaction reverted - Proof generation failed WARNING: Degraded performance - High latency - Gas estimate miss - Queue buildup - Low success rate INFO: Normal operations - Batch created (batch_id, deposits_count) - Deposit indexed (deposit_id, amount) - Proof verified (withdrawal_id, valid=True) - Cycle completed (duration) DEBUG: Detailed traces - RPC call details (method, args, result) - DB query execution (sql, duration) - Merkle tree construction steps - Nonce management state ``` ### Log Storage & Retention ``` Log Destinations: โโ Console: All levels (for development) โโ File: /var/log/sigilbridge/relayer.log (rotate daily) โ โโ Retention: 30 days โ โโ Size: Max 500MB per file โโ Database: CRITICAL/ERROR only (for audit) โ โโ Retention: 90 days โโ Centralized Logging: ELK or similar โโ All levels โโ Real-time indexing โโ 1-year retention for compliance ``` ### Metrics Collection ```python # Metrics to track (export to Prometheus/CloudWatch) metrics = { # Counter: Total operations by type "relayer_deposits_indexed_total": 1234, "relayer_batches_created_total": 847, "relayer_batches_anchored_total": 847, "relayer_withdrawals_claimed_total": 234, # Gauge: Current state "relayer_pending_deposits": 12, "relayer_pending_batches": 0, "relayer_db_locked_sigil": 1000.00, "relayer_chain_locked_sigil": 1000.00, "relayer_invariant_delta": 0.00, # Histogram: Latency measurements "relayer_index_cycle_seconds": [0.045, 0.089, 0.052, ...], "relayer_batch_creation_seconds": [0.038, 0.041, 0.039, ...], "relayer_settlement_latency_seconds": [0.425, 0.389, 0.412, ...], "relayer_proof_verification_seconds": [0.012, 0.011, 0.013, ...], # Rate: Operations per minute "relayer_index_rate": 234.5, # deposits per minute "relayer_batch_rate": 12.3, # batches per minute "relayer_settlement_rate": 12.1, # settlements per minute } ``` --- ## ๐ Incident Response Runbook ### Incident: Supply Mismatch Detected **Severity**: CRITICAL **Alert**: Supply invariant violated (db_total != chain_total) **On-Call**: Page immediately **Timeline**: - T+0m: Alert fires, relayer halts - T+1m: On-call acknowledges - T+2m: Begin investigation - T+5m: Root cause identified - T+10m: Decision to rollback or fix forward - T+20m: Issue mitigated - T+30m: Post-mortem meeting scheduled **Investigation Steps**: 1. **Verify Alert** (T+1m) ```bash SELECT SUM(amount) FROM deposit_confirmed = 1000.00 SELECT SUM(amount) FROM withdrawal_confirmed = 234.50 # Calculate expected: locked_db = 1000.00 - 234.50 = 765.50 # Query chain SIGIL.balanceOf(cronos_lockbox) = ? ExecutionSigilBridged.totalSupply() = ? # Calculate actual: locked_chain = cronos_lockbox + execution_bridged ``` 2. **Determine Direction** (T+3m) ``` If locked_db > locked_chain: SIGIL was LOST (worse scenario) Action: Audit settlement transactions If locked_db < locked_chain: SIGIL was CREATED (inflation) Action: Check minting logic ``` 3. **Audit Transactions** (T+5m) ```sql -- Check recent batch anchoring SELECT * FROM settlement_batch WHERE status='anchored' ORDER BY created_at DESC LIMIT 10; -- Check proof executions SELECT * FROM proof_executions ORDER BY created_at DESC LIMIT 10; -- Check where SIGIL went SELECT * FROM relayer_operations ORDER BY created_at DESC LIMIT 20; ``` 4. **Fix Forward or Rollback** (T+10m) - **Option A (Fix Forward)**: If issue identified in code, deploy fix - **Option B (Rollback)**: If transaction has bad effects, manually reverse 5. **Validate** (T+20m) ```bash ./scripts/validate_invariant.py # Should show: INVARIANT VALID ``` 6. **Resume** (T+25m) ```bash relayer resume --from-last-checkpoint ``` --- ## ๐ Escalation Policy | Severity | Response Time | Escalation | |----------|---|---| | CRITICAL | <5 min | Page on-call immediately | | ERROR | <15 min | Email + Slack | | WARNING | <60 min | Slack notification | | INFO | <24h | Daily report | --- ## โ Monitoring Readiness Checklist - [ ] All alerts configured and tested - [ ] Dashboard deployed and accessible - [ ] Logging pipeline operational - [ ] Metrics exported to monitoring system - [ ] Runbook accessible to on-call - [ ] Team trained on incident response - [ ] PagerDuty/alerting tool configured - [ ] Backup RPC endpoints configured - [ ] Database backups automated - [ ] 24/7 monitoring active --- **Document Created**: February 9, 2026 **System Status**: Ready for production monitoring **Next Phase**: Deploy and test monitoring on testnet
> ๅฑฌๆผ [research/](./README.md)ใๆถต่ LLM-as-JudgeใReasoning Modelใ่ฉไผฐ็ถญๅบฆใJudge ่จญ่จๅๅใ
> โ ๏ธ Note (Option A): `hwp-web (planned)` is intentionally excluded/disabled in this repo snapshot.
Here are three new, highly specialized AI agents for the T20 framework:
The **LLM Judge** is LLMTrace's third security detector alongside the
