A high-performance backend API designed to aggregate, analyze, and flag suspicious repository contribution patterns. Built with Node.js, Express.js, and PostgreSQL, this service provides essential telemetry for Web3 ecosystems to detect automated bot activity and duplicate accounts during grant distribution cycles.
- Features
- Drips Wave Program
- Active Issues & Point Matrix
- Global Acceptance Criteria
- Local Development Setup
- Project Structure
- License
- Webhook Telemetry Ingestion — Ingest and normalize contribution events from GitHub and other sources in real time.
- Sybil Flagging Engine — Detect bot-like behavior, duplicate accounts, and anomalous contribution patterns using configurable heuristics.
- Role-Based Access Control — Supabase RBAC middleware ensures only authorized
ecosystem_adminroles can access sensitive endpoints. - Pagination & Input Sanitization — All telemetry endpoints enforce strict integer casting, boundary limits, and SQL injection prevention.
- Concurrent PostgreSQL Pooling — Production-grade connection pooling with
pg-pooland ACID-compliant transaction rollbacks. - High-Throughput Ready — Capable of handling 5,000+ concurrent requests without connection exhaustion.
This repository participates in recurring Drips Wave sprints. Contributors earn points that translate directly to on-chain rewards. We strictly enforce the "Fix, Merge, Earn" workflow.
- Pick an open issue from the wave board.
- Fork the repository and implement the fix or feature.
- Submit a PR passing all CI checks (ESLint, test coverage, migration validation).
- Once merged, points are awarded and redeemable for on-chain rewards.
Issue #11: Concurrent PostgreSQL Connection Pooling & ACID Transactions
Design the database insertion logic to handle massive spikes in webhook telemetry during the final hours of a Wave sprint. Implement pg-pool with strict transaction rollbacks to ensure no partial Sybil flags are recorded if the connection drops.
Requirements:
- Provide a load-testing script demonstrating the API can handle 5,000 concurrent requests without throwing connection exhaustion errors.
Issue #16: Implement Supabase Role-Based Access Control (RBAC) Middleware
Create an Express middleware that validates incoming JWTs from Supabase. The middleware must ensure that only authenticated addresses with the ecosystem_admin role can trigger the /api/v1/ban-hammer endpoint.
Requirements:
- Write unit tests mocking valid, invalid, and expired tokens.
Issue #24: Sanitize Pagination Inputs for Telemetry Endpoints
Update the /api/v1/telemetry/logs route to enforce strict integer casting and boundary limits (maximum 100 results per page) on the limit and offset query parameters.
Requirements:
- Prevent potential SQL injection vectors by ensuring raw query parameters are never concatenated directly into the PostgreSQL query strings.
- Test Coverage: 95% test coverage using Jest or Mocha/Chai.
- Database Migrations: Any modifications to the PostgreSQL schema must be accompanied by raw SQL migration files in the
/migrationsdirectory. - Code Quality: All PRs must pass the standard ESLint configuration (
npm run lint:fix) before the CI pipeline will allow a merge.
- Node.js v18+
- PostgreSQL v14+
- Supabase instance
git clone https://github.com/levi-soromto/wavefront-sybil-defense.git
cd wavefront-sybil-defense
npm installRename .env.example to .env and provide your local PostgreSQL connection string and Supabase API keys.
npm run devwavefront-sybil-defense/
├── src/
│ ├── middleware/ # Express middleware (RBAC, validation, error handling)
│ ├── routes/ # API route definitions
│ ├── services/ # Business logic and Sybil detection engine
│ ├── db/ # Database client, connection pool, queries
│ └── utils/ # Helpers and utilities
├── migrations/ # Raw SQL migration files
├── tests/ # Jest/Mocha test suites
├── scripts/ # Load-testing and automation scripts
├── .env.example # Environment variable template
├── package.json
└── README.md
This project is licensed under the MIT License.