Idk

.devcontainer/devcontainer.json

@@ -0,0 +1,10 @@
+{
+	"image": "mcr.microsoft.com/devcontainers/universal:2",
+	"features": {
+		"ghcr.io/dhoeric/features/act:1": {},
+		"ghcr.io/nikiforovall/devcontainer-features/dotnet-csharpier:1": {},
+		"ghcr.io/devcontainers-extra/features/act:1": {},
+		"ghcr.io/devcontainers-extra/features/actionlint:1": {},
+		"ghcr.io/dotnet/aspire-devcontainer-feature/dotnetaspire:1": {}
+	}
+}

.env.example

@@ -0,0 +1,13 @@
+# RPC Endpoints
+GROK_API_KEY=your_grok_key_here
+SOLANA_RPC=https://api.mainnet-beta.solana.com
+HELIUS_API_KEY=your_helius_key_here
+QUICKNODE_ENDPOINT=your_quicknode_endpoint_here
+MORALIS_API_KEY=your_moralis_key_here
+
+# Relayer
+RELAYER_URL=https://api.helius.xyz/v0/transactions/submit
+RELAYER_FEE_PAYER=HeLiuSrpc1111111111111111111111111111111111
+
+# DO NOT COMMIT ACTUAL KEYS
+# Copy to .env and add real values

.github/dependabot.yml

@@ -1,19 +1,28 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
 version: 2
 updates:
-  - package-ecosystem: "gomod"
+  - package-ecosystem: "npm"
     directory: "/"
     schedule:
-      interval: "weekly"
-  - package-ecosystem: "docker"
+      interval: "daily"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "loydcercenia-Paul"
+    labels:
+      - "dependencies"
+      - "automated"
+
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
-  - package-ecosystem: "github-actions"
+    labels:
+      - "github-actions"
+      - "automated"
+
+  - package-ecosystem: "docker"
     directory: "/"
     schedule:
       interval: "weekly"
+    labels:
+      - "docker"
+      - "automated"

.github/workflows/.github/workflows/dependency-audit.yml

@@ -0,0 +1,132 @@
+name: "Dependency Audit & Vulnerability Scan"
+
+# Run on push to main (or any branch), and on a daily schedule
+on:
+  push:
+    branches:
+      - '**'
+  schedule:
+    - cron: '0 2 * * *' # daily at 02:00 UTC
+  workflow_dispatch:
+
+concurrency:
+  group: dependency-audit
+  cancel-in-progress: true
+
+jobs:
+  audit-node:
+    name: "Node.js / npm audit"
+    runs-on: ubuntu-latest
+    if: ${{ always() }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+
+      - name: Install dependencies (npm)
+        if: ${{ hashFiles('**/package-lock.json') != '' }}
+        run: |
+          npm ci
+
+      - name: Run npm audit (JSON)
+        if: ${{ hashFiles('**/package-lock.json') != '' }}
+        run: |
+          set -o pipefail
+          npm audit --json > npm-audit.json || true
+          cat npm-audit.json
+
+      - name: Upload npm audit artifact
+        if: ${{ hashFiles('**/package-lock.json') != '' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: npm-audit-json
+          path: npm-audit.json
+
+      - name: Fail on high/critical npm findings
+        if: ${{ hashFiles('**/package-lock.json') != '' }}
+        run: |
+          jq -e '.advisories as $a | ($a | to_entries | map(.value) | map(select(.severity == "high" or .severity == "critical")) | length) > 0' npm-audit.json \
+            && (echo "High/Critical vulnerabilities found in npm dependencies" && exit 1) || echo "No high/critical npm vulnerabilities"
+
+  audit-go:
+    name: "Go / govulncheck"
+    runs-on: ubuntu-latest
+    if: ${{ always() }}
+    needs: audit-node
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.24'
+
+      - name: Install govulncheck
+        run: |
+          set -eux
+          GO111MODULE=on go install golang.org/x/vuln/cmd/govulncheck@latest
+          export PATH=$PATH:$(go env GOPATH)/bin
+
+      - name: Run govulncheck (JSON)
+        run: |
+          set -eux
+          # run in module root; govulncheck returns 0 with no vulns, >0 otherwise
+          $(go env GOPATH)/bin/govulncheck -json ./... > govulncheck.json || true
+          cat govulncheck.json
+
+      - name: Upload govulncheck artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: govulncheck-json
+          path: govulncheck.json
+
+      - name: Fail on found Go vulnerabilities (HIGH/CRITICAL)
+        run: |
+          # govulncheck JSON has "vulns" entries; search for severity levels if available
+          if jq -e '.vulns | length > 0' govulncheck.json >/dev/null 2>&1; then
+            # Try to detect severity mentions; if none, fail so maintainers can review
+            if jq -e '.vulns | map(.fixed|length > 0 or true) | length > 0' govulncheck.json >/dev/null 2>&1; then
+              echo "Go vulnerabilities detected — please review govulncheck.json artifact."
+              exit 1
+            fi
+          fi
+          echo "No Go vulnerabilities detected (or none reported by govulncheck)."
+
+  results-notify:
+    name: "Publish summary"
+    runs-on: ubuntu-latest
+    needs: [audit-node, audit-go]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: artifacts
+
+      - name: Create short summary comment (if run from PR)
+        if: github.event_name == 'pull_request'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const path = 'artifacts';
+            let summary = `🔎 Dependency audit artifacts available:\\n\\n`;
+            const files = fs.readdirSync(path);
+            files.forEach(f => summary += `- ${f}\\n`);
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number || github.context.payload.pull_request.number,
+              body: summary
+            });
+
+      - name: Finish
+        run: echo "Artifacts uploaded: $(ls -la artifacts || true)"

.github/workflows/alibabacloud.yml

@@ -0,0 +1,122 @@
+# This workflow will build and push a new container image to Alibaba Cloud Container Registry (ACR),
+# and then will deploy it to Alibaba Cloud Container Service for Kubernetes (ACK), when there is a push to the "main" branch.
+#
+# To use this workflow, you will need to complete the following set-up steps:
+#
+# 1. Create an ACR repository to store your container images.
+#    You can use ACR EE instance for more security and better performance.
+#    For instructions see https://www.alibabacloud.com/help/doc-detail/142168.htm
+#
+# 2. Create an ACK cluster to run your containerized application.
+#    You can use ACK Pro cluster for more security and better performance.
+#    For instructions see https://www.alibabacloud.com/help/doc-detail/95108.htm
+#
+# 3. Store your AccessKey pair in GitHub Actions secrets named `ACCESS_KEY_ID` and `ACCESS_KEY_SECRET`.
+#    For instructions on setting up secrets see: https://developer.github.com/actions/managing-workflows/storing-secrets/
+#
+# 4. Change the values for the REGION_ID, REGISTRY, NAMESPACE, IMAGE, ACK_CLUSTER_ID, and ACK_DEPLOYMENT_NAME.
+#
+
+name: Build and Deploy to ACK
+
+on:
+  push:
+    branches: [ "main" ]
+
+# Environment variables available to all jobs and steps in this workflow.
+env:
+  REGION_ID: cn-hangzhou
+  REGISTRY: registry.cn-hangzhou.aliyuncs.com
+  NAMESPACE: namespace
+  IMAGE: repo
+  TAG: ${{ github.sha }}
+  ACK_CLUSTER_ID: clusterID
+  ACK_DEPLOYMENT_NAME: nginx-deployment
+
+  ACR_EE_REGISTRY: myregistry.cn-hangzhou.cr.aliyuncs.com
+  ACR_EE_INSTANCE_ID: instanceID
+  ACR_EE_NAMESPACE: namespace
+  ACR_EE_IMAGE: repo
+  ACR_EE_TAG: ${{ github.sha }}
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    environment: production
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    # 1.1 Login to ACR
+    - name: Login to ACR with the AccessKey pair
+      uses: aliyun/acr-login@v1
+      with:
+        region-id: "${{ env.REGION_ID }}"
+        access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+        access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+
+    # 1.2 Build and push image to ACR
+    - name: Build and push image to ACR
+      run: |
+        docker build --tag "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" .
+        docker push "$REGISTRY/$NAMESPACE/$IMAGE:$TAG"
+
+    # 1.3 Scan image in ACR
+    - name: Scan image in ACR
+      uses: aliyun/acr-scan@v1
+      with:
+        region-id: "${{ env.REGION_ID }}"
+        access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+        access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+        repository: "${{ env.NAMESPACE }}/${{ env.IMAGE }}"
+        tag: "${{ env.TAG }}"
+
+    # 2.1 (Optional) Login to ACR EE
+    - uses: actions/checkout@v4
+    - name: Login to ACR EE with the AccessKey pair
+      uses: aliyun/acr-login@v1
+      with:
+        login-server: "https://${{ env.ACR_EE_REGISTRY }}"
+        region-id: "${{ env.REGION_ID }}"
+        access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+        access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+        instance-id: "${{ env.ACR_EE_INSTANCE_ID }}"
+
+    # 2.2 (Optional) Build and push image ACR EE
+    - name: Build and push image to ACR EE
+      run: |
+        docker build -t "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" .
+        docker push "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG"
+    # 2.3 (Optional) Scan image in ACR EE
+    - name: Scan image in ACR EE
+      uses: aliyun/acr-scan@v1
+      with:
+        region-id: "${{ env.REGION_ID }}"
+        access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+        access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+        instance-id: "${{ env.ACR_EE_INSTANCE_ID }}"
+        repository: "${{ env.ACR_EE_NAMESPACE}}/${{ env.ACR_EE_IMAGE }}"
+        tag: "${{ env.ACR_EE_TAG }}"
+
+    # 3.1 Set ACK context
+    - name: Set K8s context
+      uses: aliyun/ack-set-context@v1
+      with:
+        access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+        access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+        cluster-id: "${{ env.ACK_CLUSTER_ID }}"
+
+    # 3.2 Deploy the image to the ACK cluster
+    - name: Set up Kustomize
+      run: |-
+        curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"  | bash /dev/stdin 3.8.6
+    - name: Deploy
+      run: |-
+        ./kustomize edit set image REGISTRY/NAMESPACE/IMAGE:TAG=$REGISTRY/$NAMESPACE/$IMAGE:$TAG
+        ./kustomize build . | kubectl apply -f -
+        kubectl rollout status deployment/$ACK_DEPLOYMENT_NAME
+        kubectl get services -o wide