Skip to content

Add status endpoint with live relayer balance and operational metrics#12

Merged
zkr99 merged 2 commits intoiam-protocol:developfrom
Akash-Kumar-Sinha:feature/executor-status-endpoint
Apr 9, 2026
Merged

Add status endpoint with live relayer balance and operational metrics#12
zkr99 merged 2 commits intoiam-protocol:developfrom
Akash-Kumar-Sinha:feature/executor-status-endpoint

Conversation

@Akash-Kumar-Sinha
Copy link
Copy Markdown
Contributor

@Akash-Kumar-Sinha Akash-Kumar-Sinha commented Apr 8, 2026

Adds a /status endpoint exposing uptime and operation metrics.

zkr99
zkr99 requested changes Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@zkr99 zkr99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work. Blueprint followed exactly, tests are clean, counter logic is correct. Three things to tighten before merge:

1. Replace .unwrap() with .unwrap_or_default() in StatusMetrics::new()

start_time: std::time::SystemTime::now()
    .duration_since(std::time::UNIX_EPOCH)
    .unwrap_or_default()
    .as_secs(),

Same fix in status_handler where you compute now. We don't use .unwrap() in production code in this repo. The handler already does this correctly -- match it in the metrics struct.

2. Cache the balance with a TTL instead of hitting the RPC on every /status request

Right now every GET /status calls get_balance() which is a Solana RPC round-trip. If anyone polls this endpoint frequently it burns through RPC rate limits.

Add a cached balance to StatusMetrics:

cached_balance: AtomicU64,
balance_fetched_at: AtomicU64,

In the handler, check if now - balance_fetched_at < 30 (30 second TTL). If fresh, return the cached value. If stale, fetch live, update both atomics. This way the RPC gets hit at most once per 30 seconds regardless of how often /status is polled.

3. Move the balance behind auth or redact it for unauthenticated requests

The relayer_balance_lamports field exposes the relayer's SOL balance to anyone who can hit /status. On mainnet, an attacker could monitor this to detect when the relayer is running low and time denial-of-service around it. Two options:

  • (Simpler) Return relayer_balance_lamports only when the request includes a valid API key. Return null for unauthenticated requests. The rest of the status response stays public.
  • (Alternative) Keep it fully public but add a note in the code explaining the trade-off.

I'd go with the first option. The endpoint stays public for uptime monitoring, but the balance is only visible to authenticated integrators.

All three changes are small -- no restructuring needed. Fix these and it's ready to merge.

@Akash-Kumar-Sinha
Copy link
Copy Markdown
Contributor Author

Akash-Kumar-Sinha commented Apr 9, 2026

Alright! I have implemented the changes.

zkr99
zkr99 approved these changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@zkr99 zkr99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All three issues addressed correctly. Cache TTL, constant-time key comparison for balance redaction, unwrap_or_default. Clean work.

@zkr99 zkr99 merged commit d3532af into iam-protocol:develop Apr 9, 2026
@zkr99 zkr99 mentioned this pull request Apr 9, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zkr99 zkr99 zkr99 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Akash-Kumar-Sinha @zkr99