Airnode v2: HTTP-first signed API server

A complete rewrite of Airnode as an HTTP server that signs API
responses. The airnode never touches the chain — clients receive
signed data and submit it on-chain themselves.

Two delivery paths:
- Pull: POST /endpoints/{endpointId} → call API → sign → respond
- Push: background loop → call API → sign → store → GET /beacons

Two Vyper contracts:
- AirnodeVerifier: verify signature, prevent replay, forward callback
- AirnodeDataFeed: verify signature, store (int224, uint32) per beacon

Signature format: keccak256(encodePacked(endpointId, timestamp, data))
with EIP-191 personal sign. Endpoint IDs are specification-bound
hashes of the full API spec (URL, path, method, params, encoding).

Author: andreogle

.github/workflows/deploy-docs.yml

@@ -0,0 +1,38 @@
+name: Deploy Docs
+
+on:
+  push:
+    branches: [main]
+    paths: [book/**]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: pages
+  cancel-in-progress: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+      - run: bun install --cwd book
+      - run: bun run --cwd book build
+      - uses: actions/upload-pages-artifact@v3
+        with:
+          path: book/build
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - id: deployment
+        uses: actions/deploy-pages@v4

.gitignore

@@ -0,0 +1,47 @@
+# dependencies (bun install)
+node_modules
+
+# output
+out
+dist
+*.tgz
+
+# temporary files
+tmp/
+
+# code coverage
+coverage
+*.lcov
+
+# logs
+logs
+_.log
+report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
+
+# runtime config (contains secrets)
+/config/
+/config.yaml
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# caches
+.eslintcache
+.cache
+*.tsbuildinfo
+contracts/cache/
+contracts/broadcast/
+
+# docusaurus
+book/build/
+book/.docusaurus/
+
+# IntelliJ based IDEs
+.idea
+
+# Finder (MacOS) folder config
+.DS_Store

.gitmodules

@@ -0,0 +1,8 @@
+[submodule "contracts/lib/snekmate"]
+	path = contracts/lib/snekmate
+	url = https://github.com/pcaversaccio/snekmate
+	ignore = dirty
+[submodule "contracts/lib/account-abstraction"]
+	path = contracts/lib/account-abstraction
+	url = https://github.com/eth-infinitism/account-abstraction
+	ignore = dirty

.prettierignore

@@ -0,0 +1 @@
+contracts/lib

.prettierrc

@@ -0,0 +1,18 @@
+{
+  "bracketSpacing": true,
+  "printWidth": 120,
+  "singleQuote": true,
+  "tabWidth": 2,
+  "trailingComma": "es5",
+  "useTabs": false,
+  "plugins": ["prettier-plugin-solidity"],
+  "overrides": [
+    {
+      "files": "*.md",
+      "options": {
+        "parser": "markdown",
+        "proseWrap": "always"
+      }
+    }
+  ]
+}

CLAUDE.md

@@ -0,0 +1,229 @@
+## Runtime
+
+Default to Bun instead of Node.js.
+
+- `bun <file>` instead of `node` or `ts-node`
+- `bun test` instead of `jest` or `vitest`
+- `bun install` instead of `npm install` / `yarn install` / `pnpm install`
+- `bun run <script>` instead of `npm run` / `yarn run` / `pnpm run`
+- `bunx <package>` instead of `npx`
+- Bun automatically loads `.env` — don't use dotenv.
+- Prefer `Bun.file` over `node:fs` readFile/writeFile.
+- Use `node:` prefix for built-in modules without a Bun-native alternative (e.g. `node:async_hooks`).
+
+## Project structure
+
+```
+src/
+  cli/              CLI entry point (commander.js) and commands
+  config/           Schema (Zod v4), parser, validator, env interpolation
+  api/              HTTP call building and response processing
+  abi-encode.ts     ABI encoding (0x01 + string[] name-value pairs)
+  server.ts         Bun.serve HTTP server (routes, CORS, rate limiting)
+  pipeline.ts       Request processing pipeline (auth → validate → cache → plugins → API call → encode → sign)
+  auth.ts           Client-facing request authentication (free / apiKey)
+  cache.ts          In-memory TTL response cache with periodic sweep
+  sign.ts           EIP-191 response signing and request ID derivation
+  identity.ts       DNS identity verification (ERC-7529) — public API
+  endpoint.ts       Endpoint resolution and specification-bound ID derivation
+  plugins.ts        Plugin loader, hook registry, budget tracking
+  logger.ts         AsyncLocalStorage context, text/json formats
+  types.ts          Shared Zod-inferred types
+  guards.ts         Type guard utilities
+  version.ts        Version from package.json or build-time define
+examples/
+  configs/          Example YAML configs (must always pass validation)
+  plugins/          Example plugins (heartbeat, logger, slack-alerts, encrypted-channel)
+contracts/
+  src/              Vyper 0.4+ contracts (AirnodeVerifier, AirnodeDataFeed)
+  test/             Foundry tests (unit, invariant, symbolic)
+book/               Docusaurus documentation site
+```
+
+Key conventions:
+
+- No catch-all folders like `utils/` or `helpers/`. Place files directly in `src/` with clear names. Group by domain
+  only when there are multiple related files (e.g. `src/config/`, `src/api/`).
+- Shared types inferred from Zod schemas live in `src/types.ts`.
+- Example configs in `examples/configs/` must always pass schema validation (tested). Update them when the schema
+  changes.
+- Config format is YAML (parsed with `yaml` package). JSON also accepted.
+- In config YAML, the `settings` section goes immediately after `version`, before `apis`.
+- Runtime config is `config.yaml` + `.env` in the working directory (gitignored).
+- **Explicit over implicit**: config fields should be required with no defaults, unless a default is genuinely universal
+  (e.g. `method: GET`). Only truly optional behavior (like `rateLimit`, `cors`) uses optional fields. When adding new
+  schema fields, default to required.
+
+## Architecture
+
+### HTTP-first signed API server
+
+Airnode is an HTTP server (`Bun.serve`) that receives requests from clients, calls upstream APIs, signs the responses
+with the airnode's private key (EIP-191), and returns the signed data. Clients can then submit the signed responses
+on-chain themselves. There is no chain scanning, no coordinator cycle, no on-chain fulfillment — Airnode is a stateless
+HTTP service.
+
+Routes:
+
+- `POST /endpoints/{endpointId}` — call an endpoint with parameters in the request body
+- `GET /health` — health check with version and airnode address
+
+### Request processing pipeline
+
+The pipeline runs per-request in `src/pipeline.ts`:
+
+1. **Resolve endpoint** → look up endpoint by ID in the endpoint map
+2. **Plugin: onHttpRequest** → plugins can reject requests early
+3. **Authenticate** → verify client credentials (free access or API key via `X-Api-Key` header)
+4. **Validate parameters** → check that all required parameters are present
+5. **Check cache** → return cached response if TTL has not expired
+6. **Plugin: onBeforeApiCall** → plugins can modify parameters
+7. **Call API** → make upstream HTTP request via `src/api/call.ts`
+8. **Plugin: onAfterApiCall** → plugins can modify the response
+9. **Encode** → if endpoint has `encoding`, ABI-encode using type/path/times via `src/api/process.ts`
+10. **Plugin: onBeforeSign** → plugins can modify encoded data before signing
+11. **Sign** → EIP-191 sign `keccak256(requestId || keccak256(data))` via `src/sign.ts`
+12. **Cache** → store response if cache config is present
+13. **Plugin: onResponseSent** → observation hook for logging/monitoring
+
+### Config format
+
+Version `'1.0'`. Top-level sections: `version`, `server`, `settings`, `apis`.
+
+- `server` contains `port`, `host` (default `'0.0.0.0'`), `cors` (optional), `rateLimit` (optional).
+- `settings` contains `timeout` (default 10s), `proof` (`'none'` for Phase 1), `plugins`.
+- `apis[].url` is the upstream API base URL. Upstream credentials go in `apis[].headers`.
+- `apis[].auth` is client-facing: `{ type: 'free' }` or `{ type: 'apiKey', keys: [...] }`.
+- Endpoints use `encoding: { type, path, times? }` instead of `reservedParameters`. Encoding is optional — endpoints
+  without it return raw JSON with a signature over the JSON hash.
+- Auth and cache config inherit from API level; endpoint-level overrides take precedence.
+
+### Plugin hooks
+
+Plugins register hooks that fire during request processing. Budgets reset per request.
+
+- `onHttpRequest` — can reject requests early (e.g. IP filtering, custom auth)
+- `onBeforeApiCall` — can modify request parameters before the upstream API call
+- `onAfterApiCall` — can modify the API response before encoding
+- `onBeforeSign` — can modify encoded data before signing
+- `onResponseSent` — observation only (logging, monitoring, heartbeats)
+- `onError` — observation only (error alerting)
+
+## Testing
+
+- `bun test` / `bun run test:unit` — TypeScript unit tests rooted in `src/`. Coverage thresholds: 95% lines, functions,
+  and statements (configured in `bunfig.toml`).
+- `bun run test:contracts` — Foundry contract tests (`cd contracts && forge test`). Contracts are independent of the
+  TypeScript node.
+
+Test conventions:
+
+- Each source file should have a co-located `.test.ts` file (e.g. `schema.ts` → `schema.test.ts`).
+- Tests must assert exact values, not just shapes. For hex/encoded data, hardcode the expected output and compare with
+  `toBe()`.
+
+## Code style
+
+- Always order `scripts` in `package.json` alphabetically.
+- Functions must never exceed 3 levels of nesting, preferably 2 at most. Extract nested logic into named functions.
+- Always use early returns. Never use `else` blocks — invert the condition and return early.
+- Use single quotes. Backticks only when interpolating.
+- Wrap numeric values in `String()` in template literals: `` `Chain ${String(chain.id)}` ``.
+- All interface properties are `readonly`. Arrays use `readonly T[]` or `ReadonlyArray<T>`. Maps use `ReadonlyMap`.
+- No mutations. Use `map`, `filter`, `reduce`, `Object.fromEntries`, spread. When a mutation is necessary (loops,
+  `Map.set`), annotate with `// eslint-disable-line functional/immutable-data` or `functional/no-loop-statements`.
+- No try/catch. Use `go()` from `@api3/promise-utils` for async, `goSync()` for sync. Always check `result.success`
+  before accessing `result.data`. Early return on failure.
+- Don't use non-null assertions (`!`). Use narrowing or optional chaining.
+- Prefer readability over cleverness. Break complex expressions into named intermediate values.
+- Named exports at the bottom of files with separate `export type { ... }` blocks.
+- After finishing writing code, always run `bun run fmt` to format and fix lint issues.
+- Lint commands: `bun lint` (all), `bun lint:prettier`, `bun lint:eslint`, `bun lint:slither`.
+- ESLint uses `--cache` — don't use `bunx eslint .` directly.
+- Use multilevel section comments to separate logical sections:
+  ```ts
+  // =============================================================================
+  // Section name
+  // =============================================================================
+  const foo = ...
+  ```
+  77 `=` signs at top-level (80 chars total with `// `). 75 when indented.
+
+## Contracts
+
+Vyper 0.4+ contracts in `contracts/src/`, tested with Foundry. EVM target is `prague` (Pectra). See
+`contracts/README.md` for full architecture docs.
+
+- Foundry skips `.vy` files — Vyper is compiled via FFI through `test/VyperDeploy.sol`.
+- Tests inherit from `VyperDeploy` and call `deployVyper("ContractName")` in `setUp()`.
+- snekmate imports (`from snekmate.utils import ...`) resolve via `-p lib/snekmate/src` passed to vyper CLI.
+- macOS has `python3` not `python` — snekmate's VyperDeployer won't work directly, use custom VyperDeploy.
+- Slither needs `--foundry-ignore-compile` after stripping Vyper build info files.
+- Single blank lines between sections (no double blanks). Follow the Vyper style guide.
+
+### Contract architecture
+
+Two contracts:
+
+| Contract             | Path      | Purpose                                               |
+| -------------------- | --------- | ----------------------------------------------------- |
+| `AirnodeVerifier.vy` | Pull path | Verify signature, prevent replay, forward to callback |
+| `AirnodeDataFeed.vy` | Push path | Verify signature, store `(int224, uint32)` per beacon |
+
+Both use the same signature: `keccak256(encodePacked(endpointId, timestamp, data))` with EIP-191 personal sign.
+Permissionless — anyone can submit. No admin, no registry, no roles.
+
+### Signature format
+
+```
+hash = keccak256(encodePacked(endpointId, timestamp, data))
+signature = EIP-191 personal sign over hash
+```
+
+The endpoint ID is a top-level field so future TLS proof verifiers can inspect it directly.
+
+### Beacon derivation
+
+```
+beaconId = keccak256(encodePacked(airnode, endpointId))
+```
+
+Different airnodes serving the same endpoint produce different beacon IDs but the same endpoint ID.
+
+## Git
+
+Do not add `Co-authored-by` trailers referencing Claude in commit messages.
+
+## Design Context
+
+### Users
+
+API providers who want to serve data on-chain, smart contract developers integrating oracle feeds, and API3 DAO members
+managing infrastructure. They are technical, time-constrained, and value clarity over decoration. The primary interface
+is CLI + documentation — users arrive to get answers and leave.
+
+### Brand Personality
+
+Technical, Trustworthy, Minimal — confidence through precision and simplicity. Part of the API3 ecosystem (api3.org,
+market.api3.org).
+
+### Aesthetic Direction
+
+- **Visual tone**: Minimal and clean. Generous whitespace, content-first, no visual clutter.
+- **References**: api3.org and market.api3.org — the parent brand's visual language.
+- **Theme**: Dark mode primary, light mode optional. Dark backgrounds with high-contrast text.
+- **Colors**: Primary blue `#1843f5` (light) / `#7b9bff` (dark). Dark background `#0a0e2e` / surface `#111648`. CLI
+  accent `#f3004b`. Accent yellow `#f3e37a` (from api3.org, available for highlights).
+- **Typography**: System sans-serif stack via Docusaurus/Infima. Code blocks are the primary content type.
+
+### Design Principles
+
+1. **Content over chrome** — every visual element must serve comprehension. No decorative flourishes.
+2. **Developer-native** — design for people who live in terminals and editors. Code examples > prose.
+3. **Quiet confidence** — trustworthiness comes from clarity and consistency, not from bold visuals.
+4. **Reduce to essentials** — if removing an element doesn't hurt understanding, remove it.
+5. **Dark-first** — dark mode is the default experience; optimize contrast and readability there first.
+
+## Documentation (book/)
+
+Docusaurus site in `book/`. Run with `bun run --cwd book start`.