audit(2026-06-13): forensic reality audit + cost & observability fixes#125
Merged
Conversation
Forensic findings (evidence in docs/audit-2026-06-13/): - Epoch revenue is PHANTOM: rpc_gateway records 0.00003 USDT/call for all traffic (rpc_gateway.js:247/275); creditGate only charges x-wallet-address requests (credit_gate.js:44) and 0 wallets have deposited. No cash collected. - Settlement never fires: anchor is configured:true (signer IS set, contra CLAUDE.md), but all 4008 epochs are below the 1 USDT threshold (settlement_anchor_job.js:100); no dust-rollup code exists. 0 on-chain tx. - Traffic is scanner noise: 1121 active IPs (not 445), 2 IPs = 59% of 610k calls; Upstash Redis at 500k/day cap. - .gitignore already comprehensive; no build artifacts or secrets in git. Fixes: - start-cloud.sh: Paperclip default model claude-sonnet-4-6 -> haiku-4-5 (~12x cheaper; sonnet retained as largeContextModel). Effective next rebuild. - rpc_billing.js: record chain/method/source into revenue_events_v2 INSERT (method column existed but was never written -> traffic was unclassifiable). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Forensic Reality Audit — 2026-06-13
Evidence-based audit (every claim cites file:line / curl / git). Full reports in
docs/audit-2026-06-13/.Key findings (reality vs docs)
rpc_gateway.js:247/275records 0.00003 USDT/call for all traffic;creditGate(rpc_gateway.js:175) only chargesx-wallet-addressrequests and 0 wallets have deposited → no cash collected. 0 on-chain settlement tx ever (/api/settlement/history: everytxHash:null).configured:true; the real gate istotal_revenue_usdt >= 1.0(settlement_anchor_job.js:100) — all 4008 epochs are ~0.0025 USDT dust, and the promised dust-rollup code does not exist..gitignorealready comprehensive; no build artifacts or secrets committed (audit brief's premise was false).railway.jsonvsapps/api/railway.jsonvsnixpacks.toml).Fixes in this PR
start-cloud.sh— Paperclip default modelclaude-sonnet-4-6→claude-haiku-4-5-20251001(~12× cheaper; Sonnet retained aslargeContextModel). Takes effect on next Paperclip rebuild.rpc_billing.js— recordchain/method/sourceintorevenue_events_v2INSERT (column existed but was never written → traffic was unclassifiable).Single next action to Customer Zero
Run one wallet-authenticated paid call end-to-end (deposit ≥1 USDT → DepositListener credits
credit_balances→POST /rpc/polygonwithx-wallet-address→ verify deduction + a settled epoch). SeeCURRENT_STATE.md.🤖 Generated with Claude Code