Devin
fdb14dc420
Some checks failed
CI / Backend (go 1.23.x) (pull_request) Successful in 56s
CI / Backend security scanners (pull_request) Failing after 40s
CI / Frontend (node 20) (pull_request) Successful in 2m19s
CI / gitleaks (secret scan) (pull_request) Failing after 7s
e2e-full / e2e-full (pull_request) Has been skipped
Two small follow-ups to the out-of-band git-history rewrite that
purged L@ker$2010 / L@kers2010 / L@ker\$2010 from every branch and
tag:
.gitleaks.toml:
- Regex was L@kers?\$?2010 which catches the expanded form but
NOT the shell-escaped form (L@ker\$2010) that slipped past PR #3
in scripts/setup-database.sh. PR #13 fixed the live leak but did
not tighten the detector. New regex L@kers?\\?\$?2010 catches
both forms so future pastes of either form fail CI.
- Description rewritten without the literal password (the previous
description was redacted by the history rewrite itself and read
'Legacy hardcoded ... (***REDACTED-LEGACY-PW*** / ***REDACTED-LEGACY-PW***)'
which was cryptic).
docs/SECURITY.md:
- New 'History-purge audit trail' section recording what was done,
how it was verified (0 literal password matches in any blob or
commit message; 0 legacy-password findings from a post-rewrite
gitleaks scan), and what operator cleanup is still required on
the Gitea host to drop the 13 refs/pull/*/head refs that still
pin the pre-rewrite commits (the update hook declined those refs
over HTTPS, so only an admin on the Gitea VM can purge them via
'git update-ref -d' + 'git gc --prune=now' in the bare repo).
- New 'Re-introduction guard' subsection pointing at the tightened
regex and commit 78e1ff5.
Verification:
gitleaks detect --no-git --source . --config .gitleaks.toml # 0 legacy hits
git log --all -p | grep -cE 'L@ker\$2010|L@kers2010' # 0
Explorer Monorepo – Documentation
Overview of documentation for the ChainID 138 Explorer (SolaceScan).
Entry points
| Doc | Description |
|---|---|
| INDEX.md | Full documentation index (bridge, setup, verification, operations) |
| EXPLORER_API_ACCESS.md | API access, 502 fix, CSP, frontend deploy for https://blockscout.defi-oracle.io |
| ../README.md | Project README: quick start, frontend, architecture, config |
Frontend
| Doc | Description |
|---|---|
| ../frontend/FRONTEND_REVIEW.md | Frontend code review (Next app + legacy SPA) |
| ../frontend/FRONTEND_TASKS_AND_REVIEW.md | Task list C1–L4 and detail review |
Deploy the current Next standalone frontend (VMID 5000):
./scripts/deploy-next-frontend-to-vmid5000.sh
Nginx should preserve /api, /api/config/*, /explorer-api/*, /token-aggregation/api/v1/*, /snap/, and /health, then proxy / and /_next/ using deployment/common/nginx-next-frontend-proxy.conf.
Legacy static SPA compatibility assets:
The historical static SPA (frontend/public/index.html +
frontend/public/explorer-spa.js) remains in-repo for compatibility and audit
reference only. The old static deploy scripts are deprecated shims and are not
supported deployment targets.
Full explorer/API fix (Blockscout + nginx + frontend):
./scripts/complete-explorer-api-access.sh
Deployment
| Doc | Description |
|---|---|
| ../README_DEPLOYMENT.md | Deployment quick reference |
| ../deployment/DEPLOYMENT_GUIDE.md | Full LXC + Nginx + Cloudflare deployment guide |
| ../QUICKSTART.md | Quick start (deps, infra, dev services) |
Other
- Bridge / WETH: See INDEX.md for bridge setup, verification, and operations.
- Specs: specs/ for infrastructure and multichain specs.
- CCIP, Blockscout, etc.: See files in this directory and the repo root.
Last updated: 2026-04-11