feat(ui): Ghibli/Miyazaki reskin + Obsidian docs vault + project audit

UI: warm daylight design system (Tailwind v4 @theme palette, gh-* component
classes, watercolor grain, Zen Maru Gothic + Klee One fonts), animated SSR-safe
GhibliBackground (drifting clouds, meadow hills, soot sprites), and a full reskin
of navbar, connect button, dapp page, loan cards, settings modal, and readme.
Fixes the bg-white-on-dark loan-card inconsistency. Web3/business logic untouched.

Docs: converted docs/ into an Obsidian vault (frontmatter, [[wikilinks]],
callouts, Home MOC, folders Architecture/Operations/Audits) and added a
full-project audit note (Project Audit 2026-06). Redacted a real leaked Schedy
key value from the security audit example (rotate it at Schedy).

Also commits the previously-untracked server layer: app/api (cron + tasks routes)
and lib (redis, ssrf-guard, task-store).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
2026-06-14 08:13:53 +04:00
parent cf76322008
commit 6ae581ab2e
25 changed files with 4245 additions and 369 deletions

View File

@@ -0,0 +1,107 @@
---
title: Alert Changes
tags: [mortgagefi, ops, notifications]
type: operations
status: reference
updated: 2026-06-14
---
# Alert Changes
Alert branch: notification and scheduling changes
This branch introduces a singlealert scheduling flow, clearer alert copy, and an ntfy email setup via Docker Compose env vars.
## Changes
- Single scheduled alert per position
- Replaced multi-job scheduling with `scheduleNotification(row)` that returns `{ jobId, runAt }`.
- Toggle stores `{ enabled, jobId, scheduledAt }`.
- Auto-rescheduler keeps a single job in sync.
- Message improvements
- Time window shows the configured lead offset (e.g., `~10d`) instead of remaining time at execution.
- Payment guidance prioritizes Debt Remaining; fallbacks: 1.5× monthly, then current payment pending.
- Collateral at risk uses the same formatting as the UI: `fmt(row.coinSize, coinDecimals, 8)` + token symbol (e.g., `0.05651738 cbBTC`).
- Test alert sends email
- `scheduleTestNotification()` now includes `X-Email` from settings to trigger ntfy email in addition to topic publish.
- ntfy SMTP via Docker Compose
- Configure Gmail/App Password or another SMTP via env vars in compose instead of a server.yml.
## Files modified
- `mortgagefi-frontend/app/dapp/page.tsx`
- Toggle handler uses `scheduleNotification()` and stores `{ jobId, scheduledAt }`.
- `scheduleNotification()` builds improved message and schedules one Schedy job.
- `mortgagefi-frontend/utils/scheduler.ts`
- `scheduleTestNotification()` adds `X-Email` header.
- `docker-compose.yml` (root)
- ntfy service accepts SMTP settings via env vars (with defaults). You can also pass them via `env_file`.
## Configure SMTP (ntfy)
Set these in `.env` or `.env.local` (compose resolves `${VAR}` from `.env` or shell; using `env_file`, list bare keys in `environment:` to pass-through values):
```
NTFY_BASE_URL=https://web.example.com/ntfy # must match your public URL & subpath
NTFY_SMTP_SENDER_ADDR=smtp.gmail.com:587 # or smtp-relay / your SMTP
NTFY_SMTP_SENDER_USER=your.name@gmail.com # Gmail address or relay user
NTFY_SMTP_SENDER_PASS=app-password-xxxx # Gmail App Password
NTFY_SMTP_SENDER_FROM=your.name@gmail.com # From address
NTFY_LOG_LEVEL=info
```
Compose snippet (Option A: pass-through via env_file):
```yaml
services:
ntfy:
image: binwiederhier/ntfy
command: ["serve"]
env_file: .env.local
environment:
- TZ=Europe/Zurich
- NTFY_BASE_URL
- NTFY_SMTP_SENDER_ADDR
- NTFY_SMTP_SENDER_USER
- NTFY_SMTP_SENDER_PASS
- NTFY_SMTP_SENDER_FROM
- NTFY_LOG_LEVEL
```
## Bring up services
1) Populate `.env` or `.env.local` with:
- `NEXT_PUBLIC_NTFY_URL=/ntfy`
- `NEXT_PUBLIC_SCHEDY_URL=/schedy`
- `NEXT_PUBLIC_SCHEDY_API_KEY=<schedy_api_key>`
- SMTP variables above.
2) Start stack from repo root:
```
docker compose up -d
```
3) Access:
- App: `http://localhost`
- ntfy (proxied): `http://localhost/ntfy`
- schedy (proxied): `http://localhost/schedy`
## Verify email path
- Settings → Provider: ntfy, set Server+Topic, Email, Scheduler: Schedy + API key.
- Click “Send test alert”. Expect both topic message and email.
- Manual test:
```
curl -X POST -H 'Content-Type: text/plain' -H 'X-Email: your.name@gmail.com' \
https://web.example.com/ntfy/yourtopic -d 'Email test via ntfy SMTP'
```
## Notes
> [!note]
> - Ensure `NTFY_BASE_URL` includes `/ntfy` if you serve ntfy under a subpath.
> - For compose variable interpolation with `${VAR}`, put values in `.env` (not `.env.local`) or export them in the shell. Using `env_file`, prefer pass-through keys as shown above.
## Related
[[Home]], [[Architecture]], [[API Reference]], [[Development]]

View File

@@ -0,0 +1,252 @@
---
title: Deployment
tags: [mortgagefi, ops, deployment]
type: operations
status: stable
updated: 2026-06-14
---
# Deployment
## Prerequisites
- Docker Engine 24.0+ and Docker Compose v2
- Node.js 20+ (for frontend development only)
- Git with submodule support
## Environment Setup
Create `.env.local` in the project root:
```bash
# WalletConnect (required for frontend)
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your-project-id
# RPC endpoints (optional — defaults to public LlamaRPC)
NEXT_PUBLIC_RPC_BASE=https://base.llamarpc.com
NEXT_PUBLIC_RPC_ARBITRUM=https://arb.llamarpc.com
# Internal service URLs (use relative paths when behind nginx proxy)
NEXT_PUBLIC_NTFY_URL=/ntfy
NEXT_PUBLIC_SCHEDY_URL=/schedy
NEXT_PUBLIC_NFTCACHE_URL=/nftcache
# Schedy API key (must match server-side SCHEDY_API_KEY)
NEXT_PUBLIC_SCHEDY_API_KEY=your-random-hex-key
SCHEDY_API_KEY=your-random-hex-key
# nftcache API key (must match server-side NFTCACHE_API_KEY)
NFTCACHE_API_KEY=your-random-hex-key
# nftcache TTL
NFTCACHE_TTL=24h
# ntfy SMTP configuration
NTFY_BASE_URL=https://your-domain.com/ntfy
NTFY_SMTP_SENDER_ADDR=smtp.gmail.com:587
NTFY_SMTP_SENDER_USER=your.email@gmail.com
NTFY_SMTP_SENDER_PASS=your-app-password
NTFY_SMTP_SENDER_FROM=your.email@gmail.com
NTFY_LOG_LEVEL=info
# CORS (set to your frontend domain)
CORS_ALLOW_ORIGIN=https://your-domain.com
CORS_ALLOW_METHODS=GET,POST,DELETE,OPTIONS
CORS_ALLOW_HEADERS=Content-Type,X-API-Key
CORS_MAX_AGE=600
# RPC URLs for nftcache backend scanning
ETH_RPC_URL=https://eth.llamarpc.com
ARB_RPC_URL=https://arb.llamarpc.com
BASE_RPC_URL=https://base.llamarpc.com
```
Generate strong API keys:
```bash
openssl rand -hex 32
```
> [!warning] Key consistency
> `NEXT_PUBLIC_SCHEDY_API_KEY` must match the server-side `SCHEDY_API_KEY`, and `NFTCACHE_API_KEY` must match its server-side counterpart. Mismatched keys cause authentication failures.
---
## Full Stack Deployment (Docker Compose)
### 1. Clone and Initialize
```bash
git clone <repository>
cd mortgageFi
git submodule update --init --recursive
```
### 2. Configure
```bash
cp .env.example .env.local # if available, or create manually
# Edit .env.local with your values
```
### 3. Start Services
```bash
docker compose up -d
```
This starts:
- `frontend` — Next.js app (internal port 3000)
- `web` — nginx proxy (port 80)
- `ntfy` — notification server (internal port 80)
- `schedy` — task scheduler (port 8080)
- `nftcache` — NFT cache (port 8090)
### 4. Verify
```bash
# Check all containers are running
docker compose ps
# View logs
docker compose logs -f frontend
docker compose logs -f nftcache
docker compose logs -f schedy
# Test nftcache
curl "http://localhost/nftcache/nfts?network=base&nft_contract=cbbtc&user_wallet=0x..."
# Test Schedy
curl -X POST http://localhost/schedy/tasks \
-H "Content-Type: application/json" \
-H "X-API-Key: $SCHEDY_API_KEY" \
-d '{"url":"https://httpbin.org/post","execute_at":"2026-12-31T23:59:59Z","payload":"test"}'
# Test ntfy
curl -X POST http://localhost/ntfy/test \
-H "Content-Type: text/plain" \
-d "Hello from MortgageFi"
```
### 5. Access Application
Open `http://localhost` in your browser.
---
## Frontend-Only Deployment (Vercel)
For deploying just the Next.js frontend to Vercel:
### 1. Project Settings
- **Framework Preset:** Next.js
- **Root Directory:** `mortgagefi-frontend/`
- **Build Command:** `next build --turbopack`
- **Output Directory:** `.next`
### 2. Environment Variables
Add these in the Vercel dashboard:
```
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your-project-id
NEXT_PUBLIC_RPC_BASE=https://base.llamarpc.com
NEXT_PUBLIC_NTFY_URL=https://your-ntfy-server.com
NEXT_PUBLIC_SCHEDY_URL=https://your-schedy-server.com
NEXT_PUBLIC_SCHEDY_API_KEY=your-key
NEXT_PUBLIC_NFTCACHE_URL=https://your-nftcache-server.com
```
### 3. Backend Services
You must deploy the backend services separately and point the frontend to them:
- **nftcache:** Deploy as a Docker container or Go binary
- **schedy:** Deploy as a Docker container or Go binary
- **ntfy:** Use ntfy.sh cloud or self-host
### 4. Gitea Integration
> [!note] Gitea is not natively supported by Vercel
> Vercel does not natively support Gitea. Options:
> - Mirror the repository to GitHub/GitLab/Bitbucket
> - Or use the Vercel CLI for manual deploys:
```bash
cd mortgagefi-frontend
npm install -g vercel
vercel --prod
```
---
## nftcache Standalone Deployment
### Docker
```bash
cd nftcache
docker build -t nftcache .
docker run -d \
-p 8090:8090 \
-v $(pwd)/data:/data \
-v $(pwd)/config:/config:ro \
-e NFTCACHE_API_KEY=your-key \
-e NFTCACHE_TTL=24h \
-e BASE_RPC_URL=https://base.llamarpc.com \
-e NFTCACHE_CONFIG=/config/contracts.yaml \
nftcache
```
### Binary
```bash
cd nftcache
go build -o nftcache ./cmd/nftcache
./nftcache
```
---
## Schedy Standalone Deployment
### Docker
```bash
cd mortgagefi-frontend/submodules/schedy
docker build -t schedy .
docker run -d \
-p 8080:8080 \
-v $(pwd)/data:/data \
-e SCHEDY_API_KEY=your-key \
schedy
```
### Binary
```bash
cd mortgagefi-frontend/submodules/schedy
go build -o schedy ./cmd/schedy
./schedy -port 8080
```
---
## Production Checklist
- [ ] Change all default API keys to cryptographically random values
- [ ] Configure HTTPS (use a reverse proxy like Traefik or Cloudflare)
- [ ] Set `CORS_ALLOW_ORIGIN` to your exact frontend domain (not `*`)
- [ ] Enable mainnet only if explicitly required (`NEXT_PUBLIC_ENABLE_MAINNET=true`)
- [ ] Configure reliable RPC endpoints (avoid public endpoints for high traffic)
- [ ] Set up log aggregation and monitoring
- [ ] Back up BadgerDB data directories (`data/nftcache`, `data/schedy`, `data/ntfy`)
- [ ] Configure ntfy SMTP with a proper transactional email service
- [ ] Test end-to-end notification flow before going live
> [!warning] Before going to production
> Never ship with default API keys or a wildcard (`*`) CORS origin, and confirm the end-to-end notification flow works before going live.
## Related
[[Home]], [[Architecture]], [[Development]], [[Migration Notes]]

View File

@@ -0,0 +1,366 @@
---
title: Development
tags: [mortgagefi, ops, development]
type: operations
status: stable
updated: 2026-06-14
---
# Development
## Repository Structure
```
mortgageFi/
├── mortgagefi-frontend/ # Next.js DApp
│ ├── app/ # App Router pages
│ │ ├── dapp/page.tsx # Main DApp interface
│ │ ├── dapp/position/... # Deep-link position pages
│ │ ├── layout.tsx # Root layout with Web3Provider
│ │ └── page.tsx # Landing page
│ ├── components/ # React components
│ │ ├── ConnectButton.tsx
│ │ ├── Navbar.tsx
│ │ └── SettingsModal.tsx # Notification settings
│ ├── providers/
│ │ └── Web3Provider.tsx # Wagmi + QueryClient setup
│ ├── utils/
│ │ ├── scheduler.ts # Schedy API client
│ │ ├── useLocalStorage.ts # localStorage hook
│ │ ├── format.ts # Number formatting
│ │ └── cronhost.ts # Legacy cronhost support
│ ├── config/
│ │ └── web3.ts # Wagmi chain config
│ ├── types/
│ │ └── notifications.ts # TypeScript types
│ ├── ABIs/
│ │ └── mortgagefiusdccbbtcupgraded.json
│ └── submodules/
│ └── schedy/ # Go scheduler (Git submodule)
├── nftcache/ # Go NFT ownership cache
│ ├── cmd/nftcache/main.go
│ └── internal/
│ ├── config/config.go # YAML contract config
│ ├── fetcher/
│ │ ├── rpc.go # RPC scanning with rate limits
│ │ └── alchemy.go # Alchemy API fallback
│ └── store/store.go # BadgerDB persistence
├── config/
│ └── contracts.yaml # Contract address mappings
├── nginx/
│ └── nginx.conf # Reverse proxy config
├── docker-compose.yml # Full stack orchestration
├── .env / .env.local # Environment variables
├── ALERT_CHANGES.md # Alert feature changelog
└── MIGRATION_NOTES.md # Dependency upgrade notes
```
---
## Frontend Development
### Setup
```bash
cd mortgagefi-frontend
npm install
```
### Run Dev Server
```bash
npm run dev
# Opens on http://localhost:3000
```
> [!info]
> Turbopack is enabled by default for faster builds.
### Build for Production
```bash
npm run build
npm start
```
### Lint
```bash
npm run lint
```
### Environment Variables
Create `mortgagefi-frontend/.env.local`:
```bash
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your-project-id
NEXT_PUBLIC_RPC_BASE=https://base.llamarpc.com
```
> [!note]
> See `.env` in the repo root for the full variable list.
---
## Backend Development
### nftcache
```bash
cd nftcache
# Run
go run ./cmd/nftcache
# Build
go build -o nftcache ./cmd/nftcache
./nftcache
# With custom env
NFTCACHE_API_KEY=test NFTCACHE_TTL=1h go run ./cmd/nftcache
```
**Test the API:**
```bash
# After starting, test with:
curl "http://localhost:8090/nfts?network=base&nft_contract=cbbtc&user_wallet=0x..."
```
### schedy
```bash
cd mortgagefi-frontend/submodules/schedy
# Run
go run ./cmd/schedy
# Build
go build -o schedy ./cmd/schedy
./schedy -port 8080
```
**Test the API:**
```bash
# Create a task
curl -X POST http://localhost:8080/tasks \
-H "Content-Type: application/json" \
-H "X-API-Key: test" \
-d '{
"url": "https://httpbin.org/post",
"execute_at": "2026-12-31T23:59:59Z",
"payload": "test"
}'
# List tasks
curl http://localhost:8080/tasks -H "X-API-Key: test"
```
---
## Full Stack Local Development
Run all services together with Docker Compose:
```bash
# From repo root
docker compose up -d
# Watch logs
docker compose logs -f
# Restart a single service
docker compose restart frontend
docker compose restart nftcache
# Rebuild after code changes
docker compose up -d --build frontend
docker compose up -d --build nftcache
```
The nginx proxy exposes everything on `http://localhost`:
- `/` — Next.js frontend
- `/ntfy/` — ntfy web UI and API
- `/schedy/` — Schedy API
- `/nftcache/` — nftcache API
---
## Adding a New Chain/Preset
### 1. Update Frontend (`mortgagefi-frontend/app/dapp/page.tsx`)
Add chain defaults:
```typescript
const DEFAULTS = {
[base.id]: { nft: '0x...', debt: '0x...' },
[arbitrum.id]: { nft: '0x...', debt: '0x...' },
[newChain.id]: { nft: '0x...', debt: '0x...' },
};
```
Add presets:
```typescript
const PRESETS = {
[newChain.id]: [
{ key: 'PAIR-QUOTE', label: 'PAIR-QUOTE', nft: '0x...', debt: '0x...' },
],
};
```
### 2. Update Web3 Config (`mortgagefi-frontend/config/web3.ts`)
```typescript
import { newChain } from 'wagmi/chains';
export const config = createConfig({
chains: [base, arbitrum, newChain],
transports: {
[newChain.id]: http('https://newchain.rpc.com'),
},
});
```
### 3. Update nftcache (`config/contracts.yaml`)
```yaml
contracts:
mypreset:
network: newchain
address: "0x..."
max_token_id: "10000"
```
### 4. Add RPC to nftcache environment
```bash
NEWCHAIN_RPC_URL=https://newchain.rpc.com
```
Update `nftcache/cmd/nftcache/main.go` to read the new env var.
---
## Testing Notifications End-to-End
### 1. Configure Settings in UI
Open the DApp, click Settings (gear icon):
- **Provider:** ntfy
- **Server:** `/ntfy` (or your ntfy URL)
- **Topic:** `mortgagefi-test`
- **Email:** your email address
- **Scheduler:** Schedy
- **Schedy URL:** `/schedy`
- **Schedy API Key:** your key
### 2. Send Test Alert
Click "Send test alert" in Settings.
### 3. Verify
Check:
- ntfy web UI at `http://localhost/ntfy/` — message should appear
- Your email inbox — message should arrive within seconds (or 2 minutes for Schedy tests)
### 4. Manual Test via cURL
```bash
# Direct ntfy test
curl -X POST http://localhost/ntfy/mortgagefi-test \
-H "Content-Type: text/plain" \
-H "X-Email: you@example.com" \
-d "Manual test"
# Schedy + ntfy test
curl -X POST http://localhost/schedy/tasks \
-H "Content-Type: application/json" \
-H "X-API-Key: your-key" \
-d '{
"url": "http://localhost/ntfy/mortgagefi-test",
"headers": {"Content-Type":"text/plain","X-Email":"you@example.com"},
"payload": "Scheduled test",
"execute_at": "'$(date -u -v+2M +%Y-%m-%dT%H:%M:%SZ)'"
}'
```
---
## Common Issues
### 429 Rate Limit Errors
> [!warning] RPC returns "Too Many Requests" during NFT scanning.
**Solutions:**
- Use a private RPC endpoint (Infura, Alchemy, QuickNode)
- Reduce `NFTCACHE_TTL` to reduce background refresh frequency
- Enable nftcache in frontend settings to offload scanning
### Wallet Connection Fails
> [!warning] WalletConnect modal doesn't appear.
**Solutions:**
- Verify `NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID` is set
- Check that the project ID is valid at https://cloud.walletconnect.com
### Schedy Tasks Not Executing
> [!warning] Scheduled alerts never fire.
**Debugging:**
```bash
# List pending tasks
curl http://localhost/schedy/tasks -H "X-API-Key: your-key"
# Check schedy logs
docker compose logs -f schedy
```
**Common causes:**
- Schedy container clock drift (ensure NTP is enabled)
- Task deleted before execution (check auto-reschedule logic)
- ntfy URL unreachable from Schedy container
### CORS Errors
> [!warning] Browser blocks API calls to Schedy or nftcache.
**Solution:**
Ensure `CORS_ALLOW_ORIGIN` matches your frontend URL exactly, including protocol:
```bash
CORS_ALLOW_ORIGIN=https://mortgagefi.example.com
```
---
## Git Submodules
The `schedy` project is included as a Git submodule:
```bash
# Initialize on fresh clone
git submodule update --init --recursive
# Pull latest submodule changes
git submodule update --remote
# Commit submodule pin
cd mortgagefi-frontend/submodules/schedy
git checkout main
git pull
cd ../../..
git add mortgagefi-frontend/submodules/schedy
git commit -m "Update schedy submodule"
```
---
## Related
- [[Home]]
- [[Architecture]]
- [[API Reference]]
- [[Deployment]]

View File

@@ -0,0 +1,74 @@
---
title: Migration Notes
tags: [mortgagefi, ops, migration]
type: operations
status: reference
updated: 2026-06-14
---
# Migration Notes
Library Update Migration Notes
## Security Updates Applied
### Critical Fix
- **Next.js 15.5.0 → 16.0.10**: Fixed critical RCE vulnerability (CVE-2024-XXXX)
## Major Version Updates
### wagmi v2 → v3
> [!warning] Potential Breaking Changes
> - Check if `useConnect` hook API has changed
> - Verify `useAccount` return values are still compatible
> - Review connector configuration in `config/web3.ts`
> - Test wallet connection flows
### @types/node v20 → v25
> [!note] Potential Issues
> - TypeScript compilation may show new type errors
> - Node.js API type definitions may have changed
### Next.js v15 → v16
> [!note] Changes to Monitor
> - App Router behavior changes
> - Build process modifications
> - Runtime behavior differences
## Testing Checklist
After running `npm install`:
1. **Build Test**: `npm run build`
2. **Type Check**: `npx tsc --noEmit`
3. **Lint Check**: `npm run lint`
4. **Wallet Connection**: Test all wallet providers
5. **Contract Interactions**: Verify all smart contract calls work
6. **Chain Switching**: Test network switching functionality
## Rollback Plan
> [!warning] Rollback Plan
> If issues occur, revert to previous versions:
> ```json
> {
> "next": "15.5.9",
> "wagmi": "^2.19.5",
> "@types/node": "^20.19.27"
> }
> ```
## Manual Steps Required
1. Run `npm install` to update dependencies
2. Test the application thoroughly
3. Check for any TypeScript errors
4. Verify wallet connectivity still works
5. Test contract interactions on all supported chains
## Related
[[Home]], [[Deployment]], [[Development]]