Skip to content

feat: external risk service#1407

Open
Dodecahedr0x wants to merge 5 commits into
masterfrom
dode/external-risk-server
Open

feat: external risk service#1407
Dodecahedr0x wants to merge 5 commits into
masterfrom
dode/external-risk-server

Conversation

@Dodecahedr0x

@Dodecahedr0x Dodecahedr0x commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Relies on the query filtering service to get risk results, sharing the same cache to reduce API calls.

Breaking Changes

  • Yes — The config changes to point to the service

Summary by CodeRabbit

  • New Features

    • Switched risk checking to a dedicated risk server with address-based lookups.
    • Updated configuration to use a risk server URL and simpler timeout settings.
  • Bug Fixes

    • Streamlined validator startup and risk-check handling for the new server-based flow.
    • Updated test coverage to match the new request format and response behavior.
  • Documentation

    • Refreshed example config and field descriptions to reflect the new risk-check setup.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@Dodecahedr0x, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 45 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: a701cc13-9740-41bf-b7b3-8e9d746f0f4f

📥 Commits

Reviewing files that changed from the base of the PR and between 668bfd9 and a76b2ed.

📒 Files selected for processing (3)
  • magicblock-aml/src/lib.rs
  • magicblock-chainlink/src/chainlink/errors.rs
  • magicblock-config/src/tests.rs
📝 Walkthrough

Walkthrough

This PR replaces the Range API-based AML risk checking client with a thin HTTP client querying a dedicated risk server. The magicblock-aml crate's RiskService drops SQLite caching, in-flight deduplication, and API-key/threshold logic in favor of concurrent GET /risk?pubkey= calls returning an isRisky flag. RiskConfig schema, default constants, and example config are updated to replace base_url/api_key/cache_ttl/risk_score_threshold with risk_server_url. RiskService::try_from_config no longer requires a ledger path, and call sites in magicblock-chainlink and magicblock-api are updated accordingly. Config, unit, and integration tests (including mock risk servers) are updated to match the new endpoint and configuration shape.

Suggested reviewers: snawaz, GabrielePicco

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dode/external-risk-server

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details
putComment timed out

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@config.example.toml`:
- Around line 272-287: The full-coverage example config test is missing
assertions for the new Chainlink risk settings. Update
test_example_config_full_coverage in tests.rs to also verify
config.chainlink.risk.risk_server_url and config.chainlink.risk.request_timeout
alongside config.chainlink.risk.enabled, so the example file’s new values are
covered and any drift is caught. Use the existing
test_example_config_full_coverage and config.chainlink.risk fields to locate the
check.

In `@magicblock-aml/src/lib.rs`:
- Around line 43-57: `Risk::try_from_config` currently stores
`config.risk_server_url` without validation, so invalid or empty URLs only fail
later during requests. Add a parse/validation step in `try_from_config` before
constructing `Self`, and map failures to an appropriate `RiskError` so startup
fails fast. Keep the existing `Client::builder` setup and `base_url` assignment,
but ensure `RiskConfig::risk_server_url` is validated before trimming and
storing it.

In `@magicblock-chainlink/src/chainlink/errors.rs`:
- Around line 73-74: Rename the RangeRisk error variant to RiskCheckFailed in
the errors enum so it matches the new risk server naming. Update the enum
definition in the Errors/RiskError area and keep the existing #[error(...)]
message and #[from] conversion aligned with the new variant name, then fix any
references that still use RangeRisk across the Chainlink error handling code.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1ead3eac-31fd-40bc-b762-990a70bf8305

📥 Commits

Reviewing files that changed from the base of the PR and between 4b70fd8 and 668bfd9.

⛔ Files ignored due to path filters (2)
  • Cargo.lock is excluded by !**/*.lock
  • test-integration/Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (11)
  • config.example.toml
  • magicblock-aml/Cargo.toml
  • magicblock-aml/src/lib.rs
  • magicblock-api/src/magic_validator.rs
  • magicblock-chainlink/src/chainlink/errors.rs
  • magicblock-chainlink/src/chainlink/mod.rs
  • magicblock-config/src/config/chain.rs
  • magicblock-config/src/consts.rs
  • magicblock-config/src/tests.rs
  • test-integration/test-aml/src/lib.rs
  • test-integration/test-chainlink/tests/ix_aml_undelegation.rs
💤 Files with no reviewable changes (2)
  • magicblock-aml/Cargo.toml
  • magicblock-api/src/magic_validator.rs

Comment thread config.example.toml
Comment thread magicblock-aml/src/lib.rs
Comment thread magicblock-chainlink/src/chainlink/errors.rs Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant