Stox price pusher

[Siddharth2207]

Summary

Stox price pusher

Summary by CodeRabbit

• New Features

  • Replaced BTC/BNB/PYTH public feeds with a broad, uniform catalog of equities and USD pairs.

• Refactor

  • Startup now awaits an initial price update (new wait-for-first-update API); price freshness threshold relaxed to 24 hours. Added runtime diagnostics and explicit gas-limit handling for transactions.

• Chores

  • Added platform-aware developer environment, Docker image support, and CI workflow.

• Tests

  • Added new JSON test payloads.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Replaces crypto price entries with many equity configs; awaits an initial Pyth price update at startup (exposes wait API); adds EVM gas-limit selection and extra gas logging; makes devShell platform-aware; adds test data, Dockerfile, and Docker CI workflow.

Changes

Cohort / File(s)	Summary
Price config updates apps/price_pusher/price-config.stable.sample.yaml	Removed BTC/USD, BNB/USD, PYTH/USD. Added many public equity entries (GOOG/USD, AMZN/USD, AMZN/USD.PRE, AMZN/USD.POST, AAPL/USD, MSFT/USD, TSLA/USD, TSLA/USD.PRE, TSLA/USD.POST, NVDA/USD, NVDA/USD.PRE, NVDA/USD.POST, META/USD, GME/USD, MSTR/USD, MSTR/USD.PRE, MSTR/USD.POST, BRKB/USD, SPLG/USD, IAU/USD, COIN/USD, COIN/USD.PRE, COIN/USD.POST, SIVR/USD) using uniform fields (alias, id, time_difference, price_deviation, confidence_ratio, early_update).
Startup sequencing / CLI apps/price_pusher/src/evm/command.ts	Start Pyth listener earlier, await up to ~15000ms for first price update and log whether update arrived or timed out before creating wallet client/contract.
Pyth listener behavior & API apps/price_pusher/src/pyth-price-listener.ts	start() now awaits startListening(); added waitForFirstPriceUpdate(timeoutMs?: number): Promise<boolean>; freshness threshold changed from 60s to 24h; added diagnostics/logs and enhanced reconnect/error logging; previously-thrown stale-feed path commented out.
EVM gas handling & logging apps/price_pusher/src/evm/evm.ts	Added debug logs for initial/final gas price, nonce, and update fee; introduced gasLimitToUse (rounded provided gasLimit or default 1_000_000) and consistently uses gas: gasLimitToUse for simulation and submission.
Dev shell platform deps flake.nix	Reworked devShells.default.buildInputs into a with pkgs; base list plus platform-specific additions (Linux vs Darwin); replaced python3Packages.distutils with python3Packages.setuptools.
Dockerfile Dockerfile	New Node 22.14-based Dockerfile with build args GIT_SHA/DOCKER_CHANNEL, sets workdir /price-pusher, copies project, and CMD runs npm start evm with runtime flags (price-config, endpoint, pyth-contract-address, price-service-endpoint, mnemonic-file via process substitution, pushing/polling frequencies, override gas multiplier).
Docker CI workflow .github/workflows/rainix-docker.yml	New GitHub Actions workflow: checkout (with submodules), install Nix tooling, run pnpm via nix develop, build price-pusher with turbo, configure Docker Buildx/login, build and push image with GIT_SHA and DOCKER_CHANNEL; triggers on push and manual dispatch.
Test data test.json	Added test JSON containing two documents with binary blobs and parsed entries (id, price, ema_price, metadata) — data-only.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant CLI as CLI / evm command
  participant PL as PythPriceListener
  participant WC as WalletClient & Contract

  CLI->>PL: start() (await startListening())
  CLI->>PL: waitForFirstPriceUpdate(timeout=15000)
  alt first update received
    PL-->>CLI: true (price available)
    CLI->>WC: initialize wallet & contract
  else timeout / no update
    PL-->>CLI: false (timeout)
    CLI->>WC: initialize wallet & contract
  end

Loading

sequenceDiagram
  autonumber
  participant Upd as PriceUpdater
  participant EVM as EVM module
  participant RPC as RPC node

  Upd->>EVM: compute updateFee()
  EVM->>RPC: getGasPrice()
  Note right of EVM `#dceef0`: Log initial gas price
  EVM->>EVM: determine gasLimitToUse (rounded input | default 1_000_000)
  EVM->>RPC: simulate tx (gas=gasLimitToUse)
  Note right of EVM `#fff3d9`: Log nonce, final gas price, update fee, gasLimitToUse
  EVM->>RPC: send tx (gas=gasLimitToUse)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Focus review on apps/price_pusher/src/pyth-price-listener.ts (wait API, freshness logic, reconnect/error handling).
• Verify apps/price_pusher/src/evm/evm.ts for correct gasLimit propagation, numeric rounding, and that logs do not leak secrets.
• Check startup sequencing and timeout behavior in apps/price_pusher/src/evm/command.ts.
• Validate Dockerfile CMD arguments (mnemonic-file substitution) and CI workflow tag/build-arg handling in .github/workflows/rainix-docker.yml.
• Inspect flake.nix platform conditionals and replacement of distutils with setuptools.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is missing critical sections required by the template: Rationale and How has this been tested sections are absent, leaving only a vague Summary.	Complete the description by adding a Rationale section explaining why these changes are necessary and a How has this been tested section documenting verification steps.
Title check	❓ Inconclusive	The title 'Stox price pusher' is vague and lacks specific context about what changes were made; it reads like a feature name rather than a description of the actual modifications.	Replace with a more descriptive title that captures the main change, such as 'Add Stox assets to price pusher configuration and docker setup' or 'Configure price pusher for stock and equity assets.'

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 2025-09-26-stox-price-pusher

---

📜 Recent review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6df13f2 and dd98829.

📒 Files selected for processing (1)

• apps/price_pusher/price-config.stable.sample.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build
• GitHub Check: test
• GitHub Check: build

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 10

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/price_pusher/src/pyth-price-listener.ts (1)

99-105: Use logger in error handler; ensure single reconnect loop.

-      console.error("Error receiving updates from Hermes:", error);
-      console.error("EventSource readyState:", eventSource.readyState);
+      this.logger.warn({ error, readyState: eventSource.readyState }, "Error receiving updates from Hermes");

Also verify that repeated errors don’t create concurrent listeners; consider guarding reconnection with a flag. Do you want me to propose that guard?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5794589 and 2cf0f9e.

📒 Files selected for processing (6)

• apps/price_pusher/price-config.stable.sample.yaml (1 hunks)
• apps/price_pusher/src/evm/command.ts (1 hunks)
• apps/price_pusher/src/evm/evm.ts (3 hunks)
• apps/price_pusher/src/pyth-price-listener.ts (6 hunks)
• flake.nix (1 hunks)
• test.json (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.37.1)

apps/price_pusher/price-config.stable.sample.yaml

[error] 66-66: too many blank lines (2 > 0)

(empty-lines)

🪛 Biome (2.1.2)

test.json

[error] 31-61: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

🔇 Additional comments (3)

apps/price_pusher/src/evm/evm.ts (1)

232-233: Same gas price unit issue.

-    this.logger.debug(`Final gas price: ${gasPrice} gwei, nonce: ${txNonce}, update fee: ${updateFee} wei`);
+    const gasPriceGweiFinal = gasPrice / 1e9;
+    this.logger.debug(`Final gas price: ${gasPriceGweiFinal} gwei (${gasPrice} wei), nonce: ${txNonce}, update fee: ${updateFee} wei`);

flake.nix (1)

50-74: Nix scoping bug: with pkgs; applies only to the first list.

lib and stdenv are out of scope for the concatenations. This will evaluate with “attribute ‘lib’ missing”. Wrap the whole expression in with pkgs; ( ... ) or qualify as pkgs.lib / pkgs.stdenv.

-  buildInputs =
-    with pkgs; [
-      cli
-      git
-      nodejs
-      pkg-config
-      pnpm
-      pre-commit
-      python3
-      python3Packages.setuptools
-      graphviz
-      anchor
-    ]
-    # Linux-only deps
-    ++ lib.optionals stdenv.isLinux [
-      udev
-      libusb1
-    ]
-    # macOS deps (no udev; use system frameworks)
-    ++ lib.optionals stdenv.isDarwin [
-      libusb1
-      darwin.apple_sdk.frameworks.IOKit
-      darwin.apple_sdk.frameworks.CoreFoundation
-    ];
+  buildInputs = with pkgs; (
+    [
+      cli
+      git
+      nodejs
+      pkg-config
+      pnpm
+      pre-commit
+      python3
+      python3Packages.setuptools
+      graphviz
+      anchor
+    ]
+    # Linux-only deps
+    ++ lib.optionals stdenv.isLinux [
+      udev
+      libusb1
+    ]
+    # macOS deps (no udev; use system frameworks)
+    ++ lib.optionals stdenv.isDarwin [
+      libusb1
+      darwin.apple_sdk.frameworks.IOKit
+      darwin.apple_sdk.frameworks.CoreFoundation
+    ]
+  );

Likely an incorrect or invalid review comment.

apps/price_pusher/price-config.stable.sample.yaml (1)

1-65: No changes needed: price_deviation is defined in percent and the sample YAML comments correctly indicate thresholds of 0.05% and 0.03%.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use structured logging and decide behavior on timeout.

Replace console.log with the existing pino logger for consistency, and make the timeout case explicit (warn or exit) to avoid silent degraded startup.

-    if (receivedUpdate) {
-      console.log('Price update received!');
-    } else {
-      console.log('Timeout waiting for price update');
-    }
+    if (receivedUpdate) {
+      logger.info('First Pyth price update received.');
+    } else {
+      logger.warn('Timeout waiting for first Pyth price update after 15s; continuing startup.');
+      // Optionally: return process.exit(1) if startup must fail without data
+    }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Start the price listener and wait for first update
	await pythListener.start();
	const receivedUpdate = await pythListener.waitForFirstPriceUpdate(15000);
	if (receivedUpdate) {
	console.log('Price update received!');
	} else {
	console.log('Timeout waiting for price update');
	}
	// Start the price listener and wait for first update
	await pythListener.start();
	const receivedUpdate = await pythListener.waitForFirstPriceUpdate(15000);
	if (receivedUpdate) {
	logger.info('First Pyth price update received.');
	} else {
	logger.warn('Timeout waiting for first Pyth price update after 15s; continuing startup.');
	// Optionally: return process.exit(1) if startup must fail without data
	}

🤖 Prompt for AI Agents

In apps/price_pusher/src/evm/command.ts around lines 153 to 162, replace the
console.log calls with the module's pino logger instance (use the existing
logger variable) and make the timeout explicit: log a success with logger.info
when an update is received, and when waitForFirstPriceUpdate times out log
logger.warn (or logger.error if you prefer failing fast) with context, then
decide behavior—either throw an error or call process.exit(1) to fail startup
instead of silently continuing; update the code accordingly so logging is
consistent and the timeout path is explicit and handled.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Gas price unit mismatch in logs.

getGasPrice returns wei; logs label it as gwei. Either log in wei or convert for readability.

-    this.logger.debug(`Initial gas price: ${gasPrice} gwei`);
+    const gasPriceGwei = gasPrice / 1e9;
+    this.logger.debug(`Initial gas price: ${gasPriceGwei} gwei (${gasPrice} wei)`);

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In apps/price_pusher/src/evm/evm.ts around lines 196-198, the logged "Initial
gas price" is labeled as gwei but getGasPrice returns wei; change the log to
either convert the wei value to gwei before logging (e.g., using BigNumber
division by 1e9 or ethers.utils.formatUnits(gasPrice, "gwei")) or update the
label to "wei" if you want to log the raw value, ensuring correct units are
displayed.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid forcing gas in simulation; apply gas limit on submission.

Providing a fixed gas in simulate can cause false reverts if it’s too low/high. Let simulate estimate gas; set the cap when sending.

-      const gasLimitToUse = this.gasLimit !== undefined
-        ? BigInt(Math.ceil(this.gasLimit))
-        : BigInt(1000000); // Default gas limit of 1M gas units
-      
-      this.logger.debug(`Using gas limit: ${gasLimitToUse}, gas price: ${gasPrice}, update fee: ${updateFee}`);
+      const gasLimitToUse = this.gasLimit !== undefined
+        ? BigInt(Math.ceil(this.gasLimit))
+        : undefined; // Let simulate/chain estimate if not provided
+      
+      this.logger.debug(
+        `Using gas limit: ${gasLimitToUse ?? 'estimate'}, gas price: ${gasPrice}, update fee: ${updateFee}`
+      );

And below:

-          {
-            value: updateFee,
-            gasPrice: BigInt(Math.ceil(gasPrice)),
-            nonce: txNonce,
-            gas: gasLimitToUse,
-          },
+          {
+            value: updateFee,
+            gasPrice: BigInt(Math.ceil(gasPrice)),
+            nonce: txNonce,
+          },
         );
 
-      this.logger.debug({ request }, "Simulated request successfully");
-
-      const hash = await this.client.writeContract(request);
+      const requestWithGas =
+        gasLimitToUse !== undefined ? { ...request, gas: gasLimitToUse } : request;
+      this.logger.debug({ request: requestWithGas }, "Simulated request successfully");
+
+      const hash = await this.client.writeContract(requestWithGas);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const gasLimitToUse = this.gasLimit !== undefined
	? BigInt(Math.ceil(this.gasLimit))
	: BigInt(1000000); // Default gas limit of 1M gas units
	this.logger.debug(`Using gas limit: ${gasLimitToUse}, gas price: ${gasPrice}, update fee: ${updateFee}`);
	// let the chain estimate gas when no explicit limit is set
	const gasLimitToUse = this.gasLimit !== undefined
	? BigInt(Math.ceil(this.gasLimit))
	: undefined; // Let simulate/chain estimate if not provided
	this.logger.debug(
	`Using gas limit: ${gasLimitToUse ?? 'estimate'}, gas price: ${gasPrice}, update fee: ${updateFee}`
	);
	// … earlier: await this.client.simulateContract(request,
	// {
	// value: updateFee,
	// gasPrice: BigInt(Math.ceil(gasPrice)),
	// nonce: txNonce,
	{
	value: updateFee,
	gasPrice: BigInt(Math.ceil(gasPrice)),
	nonce: txNonce,
	},
	);
	// apply the cap only on the actual write
	const requestWithGas =
	gasLimitToUse !== undefined ? { ...request, gas: gasLimitToUse } : request;
	this.logger.debug({ request: requestWithGas }, "Simulated request successfully");
	const hash = await this.client.writeContract(requestWithGas);
	// …

🤖 Prompt for AI Agents

In apps/price_pusher/src/evm/evm.ts around lines 247-252 the code forces a gas
value into the simulation step which can cause false reverts; change the flow so
simulation uses the provider's gas estimation (do not set gas/gasLimit for
simulate), and only apply the computed gasLimitToUse as a cap when constructing
the actual transaction for submission (e.g., pass gasLimitToUse into the
send/submit call or tx overrides). Keep the gasLimit calculation
(BigInt(Math.ceil(...) or default) and the debug log, but remove passing that
value into the simulation API and ensure it is used solely as the override on
the final send.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Health check no longer enforces liveness.

Previously this threw if feeds stopped updating; the check is now inert. At least log a warning to surface stuck streams.

-      if (
-        this.lastUpdated === undefined ||
-        this.lastUpdated < Date.now() - 30 * 1000
-      ) {
-        // throw new Error("Hermes Price feeds are not updating.");
-      }
+      if (
+        this.lastUpdated === undefined ||
+        this.lastUpdated < Date.now() - 30 * 1000
+      ) {
+        this.logger.warn("Hermes price feeds are not updating (stale >30s).");
+      }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	await this.startListening();
	// Store health check interval reference
	this.healthCheckInterval = setInterval(() => {
	if (
	this.lastUpdated === undefined ||
	this.lastUpdated < Date.now() - 30 * 1000
	) {
	throw new Error("Hermes Price feeds are not updating.");
	// throw new Error("Hermes Price feeds are not updating.");
	}
	}, 5000);
	}
	await this.startListening();
	// Store health check interval reference
	this.healthCheckInterval = setInterval(() => {
	if (
	this.lastUpdated === undefined ||
	this.lastUpdated < Date.now() - 30 * 1000
	) {
	this.logger.warn("Hermes price feeds are not updating (stale >30s).");
	}
	}, 5000);
	}

🤖 Prompt for AI Agents

In apps/price_pusher/src/pyth-price-listener.ts around lines 38 to 49, the
health-check interval currently contains a commented-out throw so it no longer
enforces liveness; restore observability by replacing the commented throw with a
warning log that includes contextual details (e.g., timestamp, this.lastUpdated,
and how stale the feed is). Use the instance logger (this.logger.warn(...)) if
available, otherwise console.warn(...), and keep the 5s interval logic intact so
repeated warnings surface stuck streams; ensure the message is clear and
actionable.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Avoid console.log; use structured logger.

-    console.log('Price IDs being requested:', this.priceIds);
+    this.logger.debug({ priceIds: this.priceIds }, "Requesting price IDs");

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	console.log('Price IDs being requested:', this.priceIds);
	this.logger.debug({ priceIds: this.priceIds }, "Requesting price IDs");

🤖 Prompt for AI Agents

In apps/price_pusher/src/pyth-price-listener.ts around lines 55-56, replace the
console.log call with the module's structured logger (e.g., this.logger.info or
the shared logger import) and log the priceIds as a named field instead of
free-form text; for example, call the logger with a message and an object like {
priceIds: this.priceIds } (or JSON.stringify if the logger requires string
payloads). If no logger instance exists in this class, add or inject the
existing application logger and use it consistently for structured logs. Ensure
no sensitive data is logged.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Avoid console.error; use logger and structured context.

-    console.log('EventSource created, waiting for messages...');
+    this.logger.debug("EventSource created, waiting for messages...");

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	console.log('EventSource created, waiting for messages...');
	eventSource.onmessage = (event: MessageEvent<string>) => {
	this.logger.debug("EventSource created, waiting for messages...");
	eventSource.onmessage = (event: MessageEvent<string>) => {

🤖 Prompt for AI Agents

In apps/price_pusher/src/pyth-price-listener.ts around lines 64-65, replace the
direct console usage with the project's logger: remove console.log('EventSource
created, waiting for messages...') and use logger.info with structured context
(e.g., { component: 'PythPriceListener', event: 'EventSourceCreated' }), and
ensure any console.error usages in this event handler are replaced with
logger.error including structured fields (error, component, event) so messages
and errors are emitted consistently and machine-readable.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

24h staleness threshold is too permissive; risk of pushing stale prices.

Revert to previous 60s or make it configurable; pushing day‑old data can be dangerous.

-        // Consider price to be currently available if it is not older than 24 hours
-        const currentTime = Date.now() / 1000;
-        const timeDiff = currentTime - priceUpdate.price.publish_time;
-        console.log(`Price age check: currentTime=${currentTime}, publishTime=${priceUpdate.price.publish_time}, diff=${timeDiff}s`);
+        // Consider price available only if not too old (default 60s)
+        const currentTime = Date.now() / 1000;
+        const timeDiff = currentTime - priceUpdate.price.publish_time;
+        this.logger.debug(
+          { currentTime, publishTime: priceUpdate.price.publish_time, ageSec: timeDiff },
+          "Price age check"
+        );
@@
-          timeDiff > 24 * 60 * 60 // 24 hours in seconds
+          timeDiff > 60 // TODO: make configurable
             ? undefined
             : priceUpdate.price;
         if (currentPrice === undefined) {
-          console.log(`Price is older than 24 hours (${timeDiff}s), skipping`);
+          this.logger.debug(`Price is older than threshold (${timeDiff}s), skipping`);
           return;
         }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Consider price to be currently available if it is not older than 24 hours
	const currentTime = Date.now() / 1000;
	const timeDiff = currentTime - priceUpdate.price.publish_time;
	console.log(`Price age check: currentTime=${currentTime}, publishTime=${priceUpdate.price.publish_time}, diff=${timeDiff}s`);
	const currentPrice =
	Date.now() / 1000 - priceUpdate.price.publish_time > 60
	timeDiff > 24 * 60 * 60 // 24 hours in seconds
	? undefined
	: priceUpdate.price;
	if (currentPrice === undefined) {
	this.logger.debug("Price is older than 60s, skipping");
	console.log(`Price is older than 24 hours (${timeDiff}s), skipping`);
	return;
	// Consider price available only if not too old (default 60s)
	const currentTime = Date.now() / 1000;
	const timeDiff = currentTime - priceUpdate.price.publish_time;
	this.logger.debug(
	{ currentTime, publishTime: priceUpdate.price.publish_time, ageSec: timeDiff },
	"Price age check"
	);
	const currentPrice =
	timeDiff > 60 // TODO: make configurable
	? undefined
	: priceUpdate.price;
	if (currentPrice === undefined) {
	this.logger.debug(`Price is older than threshold (${timeDiff}s), skipping`);
	return;
	}

🤖 Prompt for AI Agents

In apps/price_pusher/src/pyth-price-listener.ts around lines 74 to 85, the
current staleness check uses a 24-hour threshold which is too permissive; change
it to use a 60-second default or a configurable environment variable. Replace
the hardcoded 24*60*60 with a constant loaded from configuration or process.env
(e.g., PRICE_STALENESS_SECONDS) defaulting to 60, update the age check to
compare against that constant, and adjust the log messages to reference the
configured threshold; ensure parsing/validation of the env var to an integer and
fall back to 60 if invalid.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Busy‑wait polling for first update; prefer event‑driven resolve.

Set a flag on first message and resolve a Promise; avoid a tight interval.

-  async waitForFirstPriceUpdate(timeoutMs: number = 10000): Promise<boolean> {
-    return new Promise((resolve) => {
-      const startTime = Date.now();
-      
-      const checkInterval = setInterval(() => {
-        if (this.latestPriceInfo.size > 0) {
-          clearInterval(checkInterval);
-          resolve(true);
-        } else if (Date.now() - startTime > timeoutMs) {
-          clearInterval(checkInterval);
-          resolve(false);
-        }
-      }, 100);
-    });
-  }
+  private firstUpdateResolved = false;
+  async waitForFirstPriceUpdate(timeoutMs: number = 10000): Promise<boolean> {
+    if (this.latestPriceInfo.size > 0) return true;
+    return new Promise((resolve) => {
+      const timer = setTimeout(() => resolve(false), timeoutMs);
+      const originalHandler = this.hermesClient; // placeholder to indicate hook context
+      const onFirst = () => {
+        if (this.firstUpdateResolved || this.latestPriceInfo.size === 0) return;
+        this.firstUpdateResolved = true;
+        clearTimeout(timer);
+        resolve(true);
+      };
+      // Minimal change: piggyback on existing onmessage logic by checking map size asynchronously
+      const check = setInterval(() => {
+        if (this.latestPriceInfo.size > 0) {
+          clearInterval(check);
+          clearTimeout(timer);
+          resolve(true);
+        }
+      }, 100);
+    });
+  }

If you prefer, I can wire a dedicated “onFirstUpdate” resolve inside onmessage for a cleaner approach.

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Invalid JSON: two top‑level objects.

The file contains two JSON documents back‑to‑back, which is not valid JSON. Wrap them in an array (or split into two files or use .ndjson if that’s intended). Static analysis error confirms parsing fails.

-{
+[
+{
@@
-}
+},
+
+{
@@
-}
+}
+]

If NDJSON was intended, rename to test.ndjson and keep one JSON object per line. Based on static analysis hints.

🧰 Tools

🪛 Biome (2.1.2)

[error] 31-61: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

🤖 Prompt for AI Agents

In test.json around lines 1-61 there are two top-level JSON objects back-to-back
which makes the file invalid JSON; fix by either wrapping both objects in a JSON
array (insert an opening [ at the start, a comma between the two objects, and a
closing ] at the end) or split them into separate files, or convert to NDJSON by
putting each object on its own line and renaming the file to test.ndjson; ensure
you choose one approach and update any code/config that reads this file
accordingly.

[coderabbitai]

Actionable comments posted: 11

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 209e4bc and e0d83cf.

📒 Files selected for processing (2)

• .github/workflows/rainix-docker.yml (1 hunks)
• Dockerfile (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/rainix-docker.yml

42-42: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

43-43: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 Checkov (3.2.334)

Dockerfile

[low] 10-10: Ensure that COPY is used instead of ADD in Dockerfiles

(CKV_DOCKER_4)

---

[low] 12-12: Ensure that WORKDIR values are absolute paths

(CKV_DOCKER_10)

---

[low] 1-21: Ensure that HEALTHCHECK instructions have been added to container images

(CKV_DOCKER_2)

---

[low] 1-21: Ensure that a user for the container has been created

(CKV_DOCKER_3)

🪛 Hadolint (2.14.0)

Dockerfile

[error] 10-10: Use COPY instead of ADD for files and folders

(DL3020)

---

[error] 12-12: Use absolute WORKDIR

(DL3000)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: price-pusher-image
• GitHub Check: build
• GitHub Check: test
• GitHub Check: build

🔇 Additional comments (2)

.github/workflows/rainix-docker.yml (1)

44-46: Manual verification: ensure Docker Hub secrets are configured
The workflow uses secrets.DOCKERHUB_USERNAME and secrets.DOCKERHUB_TOKEN; confirm these are set in the repository’s GitHub Secrets.

Dockerfile (1)

18-18: Verify process substitution compatibility in CMD
Process substitution <(echo "${MNEMONIC}") requires a bash shell and /proc support in your container at runtime; manually test this in your CI or staging environment or switch to a temporary file or here-doc if unsupported.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Potential tag collision risk with dynamic CHANNEL naming.

The CHANNEL environment variable derives from inputs.tag, github.head_ref, or github.ref_name. For concurrent pushes to different branches, this could lead to race conditions or unintended tag overwrites.

Consider adding a unique suffix or using a more structured tagging strategy:

 env:
-  CHANNEL: ${{ inputs.tag || github.head_ref || github.ref_name }}
+  CHANNEL: ${{ inputs.tag || format('{0}-{1}', github.head_ref || github.ref_name, github.run_number) }}
   DOCKER_BUILDKIT: 1

Or use commit SHA for uniqueness:

env:
  CHANNEL: ${{ inputs.tag || format('{0}-{1}', github.head_ref || github.ref_name, github.sha) }}

🤖 Prompt for AI Agents

.github/workflows/rainix-docker.yml around line 12: the CHANNEL value is derived
from inputs.tag or branch name which can collide across concurrent runs; change
the assignment to append a unique identifier (e.g., short commit SHA or
timestamp) or use a structured format combining branch/tag with github.sha to
guarantee uniqueness and avoid tag overwrites; update the env variable
construction accordingly and ensure downstream steps use the new CHANNEL value
consistently.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Build step alignment with Dockerfile concerns.

The workflow builds the price-pusher package using pnpm turbo build, but the Dockerfile (as currently written) doesn't install dependencies or run build steps. This creates a mismatch where the workflow builds locally, but the Docker image may not have these artifacts available at runtime.

Ensure the Dockerfile includes the necessary build steps (as flagged in the Dockerfile review), or structure the workflow to produce build artifacts that are then copied into a minimal runtime image using a multi-stage build pattern.

🤖 Prompt for AI Agents

.github/workflows/rainix-docker.yml lines 36-40: the CI runs `pnpm turbo build`
for @pythnetwork/price-pusher but the Dockerfile does not install deps or copy
build outputs, causing runtime images to miss artifacts; either update the
Dockerfile to perform dependency install and the package build (add a build
stage that runs pnpm install/build and copies the dist into the final image) or
change the workflow to output the built artifacts (e.g., tar/zip or push to
registry) and use a multi-stage Dockerfile that copies those artifacts into a
minimal runtime image; ensure the chosen approach installs dependencies with
frozen lockfile, produces the same build artifacts as the workflow, and that the
final image contains the built files and any runtime-only deps.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Update Docker actions to latest versions.

The workflow uses docker/setup-buildx-action@v2 and docker/login-action@v2, which are outdated and may not run on current GitHub Actions runners.

Apply this diff to update to v3:

-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/login-action@v2
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3

🧰 Tools

🪛 actionlint (1.7.7)

42-42: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

43-43: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents

In .github/workflows/rainix-docker.yml around lines 42 to 43, the workflow pins
docker/setup-buildx-action@v2 and docker/login-action@v2 which are outdated;
update those action versions to @v3 by replacing the two usages with
docker/setup-buildx-action@v3 and docker/login-action@v3 (and run a quick
workflow dispatch to verify no new required inputs changed).

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider using docker/build-push-action for better caching and features.

The workflow manually runs docker build and docker push commands. The docker/build-push-action provides better layer caching, multi-platform support, and BuildKit features.

Replace the manual docker commands:

-      - run: |
-          rm .dockerignore
-          docker build -t "$TAG_BASE:$CHANNEL" --build-arg GIT_SHA=${{ github.sha }} --build-arg DOCKER_CHANNEL=$CHANNEL .
-      - run: |
-          docker push "$TAG_BASE:$CHANNEL"
+      - uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ env.TAG_BASE }}:${{ env.CHANNEL }}
+          build-args: |
+            GIT_SHA=${{ github.sha }}
+            DOCKER_CHANNEL=${{ env.CHANNEL }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- run: |
	rm .dockerignore
	docker build -t "$TAG_BASE:$CHANNEL" --build-arg GIT_SHA=${{ github.sha }} --build-arg DOCKER_CHANNEL=$CHANNEL .
	- run: |
	docker push "$TAG_BASE:$CHANNEL"
	- uses: docker/build-push-action@v5
	with:
	context: .
	push: true
	tags: ${{ env.TAG_BASE }}:${{ env.CHANNEL }}
	build-args: |
	GIT_SHA=${{ github.sha }}
	DOCKER_CHANNEL=${{ env.CHANNEL }}
	cache-from: type=gha
	cache-to: type=gha,mode=max

🤖 Prompt for AI Agents

.github/workflows/rainix-docker.yml around lines 47 to 51: replace the manual
docker build and docker push steps with docker/build-push-action to get
BuildKit, caching and multi-platform support; update the job to use - uses:
docker/build-push-action@v4 - with context: ., push: true, tags:
"$TAG_BASE:$CHANNEL", build-args: GIT_SHA=${{ github.sha }},
DOCKER_CHANNEL=$CHANNEL and configure cache-from/cache-to (e.g., type=registry)
as appropriate; ensure any removal of .dockerignore is handled before the action
or omitted if unnecessary and keep environment variables/permissions for pushing
(e.g., set up docker login or use GITHUB_TOKEN/registry credentials) so the
action can authenticate and push.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

🧩 Analysis chain

Verify that removing .dockerignore is intentional.

The workflow explicitly removes the .dockerignore file before building. This could lead to unnecessarily large Docker images if build artifacts, node_modules, or other ignored files are included.

Verify whether removing .dockerignore is required:

If the removal is necessary, document why in a comment:

       - run: |
+          # Remove .dockerignore to include build artifacts in the image
           rm .dockerignore
           docker build -t "$TAG_BASE:$CHANNEL" --build-arg GIT_SHA=${{ github.sha }} --build-arg DOCKER_CHANNEL=$CHANNEL .

---

🏁 Script executed:

#!/bin/bash
# Check if .dockerignore exists and what it contains
if [ -f .dockerignore ]; then
  echo "=== Contents of .dockerignore ==="
  cat .dockerignore
  echo ""
  echo "=== Checking for large directories that might be ignored ==="
  fd -t d 'node_modules|dist|build|.git' --max-depth 3 -x du -sh
else
  echo ".dockerignore does not exist in the repository"
fi

Length of output: 448

---

Document rationale for removing .dockerignore
Add a comment above rm .dockerignore to explain that .dockerignore ignores the lib directory and other build outputs, so it must be removed to include necessary artifacts in the Docker build context:

       - run: |
+        # Remove .dockerignore so compiled artifacts (lib, build outputs, node_modules, etc.) are included in Docker context
         rm .dockerignore
         docker build -t "$TAG_BASE:$CHANNEL" --build-arg GIT_SHA=${{ github.sha }} --build-arg DOCKER_CHANNEL=$CHANNEL .

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

.github/workflows/rainix-docker.yml around line 48: add a brief comment above
the rm .dockerignore step explaining that the repository's .dockerignore
excludes the lib directory and other build outputs needed in the image, so we
remove .dockerignore to ensure those artifacts are included in the Docker build
context; keep the comment concise and factual.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Add HEALTHCHECK instruction for container monitoring.

A HEALTHCHECK instruction allows Docker and orchestration platforms to monitor the health of the running container and restart it if necessary.

Consider adding a health check appropriate for your application:

HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD node healthcheck.js || exit 1

Alternatively, if the price pusher exposes an HTTP endpoint, use a curl-based health check:

HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:PORT/health || exit 1

🧰 Tools

🪛 Checkov (3.2.334)

[low] 10-10: Ensure that COPY is used instead of ADD in Dockerfiles

(CKV_DOCKER_4)

---

[low] 12-12: Ensure that WORKDIR values are absolute paths

(CKV_DOCKER_10)

---

[low] 1-21: Ensure that HEALTHCHECK instructions have been added to container images

(CKV_DOCKER_2)

---

[low] 1-21: Ensure that a user for the container has been created

(CKV_DOCKER_3)

🪛 Hadolint (2.14.0)

[error] 10-10: Use COPY instead of ADD for files and folders

(DL3020)

---

[error] 12-12: Use absolute WORKDIR

(DL3000)

🤖 Prompt for AI Agents

Dockerfile lines 1-21: add a HEALTHCHECK instruction near the end of the
Dockerfile so container orchestrators can detect and restart unhealthy
containers; implement either a lightweight node-based check (add a small
healthcheck.js to the app and ensure it’s copied into the image, then add a
HEALTHCHECK that runs node healthcheck.js with sensible
--interval/--timeout/--start-period/--retries) or an HTTP check (ensure the
service listens on a known PORT and add a HEALTHCHECK that curls the local
/health endpoint with the same timing options); place the HEALTHCHECK after
CMD/ENTRYPOINT or at the end of the file and document the required health
endpoint/script and port in the repo README.

---

⚠️ Potential issue | 🟠 Major

Security: Add a non-root USER directive.

The container runs as root by default, which poses a security risk. Create and switch to a non-privileged user before running the application.

Add a non-root user:

 WORKDIR /price-pusher
 COPY . .
+RUN groupadd -r appuser && useradd -r -g appuser appuser
+RUN chown -R appuser:appuser /price-pusher

+USER appuser
 WORKDIR /price-pusher/apps/price_pusher

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 Checkov (3.2.334)

[low] 10-10: Ensure that COPY is used instead of ADD in Dockerfiles

(CKV_DOCKER_4)

---

[low] 12-12: Ensure that WORKDIR values are absolute paths

(CKV_DOCKER_10)

---

[low] 1-21: Ensure that HEALTHCHECK instructions have been added to container images

(CKV_DOCKER_2)

---

[low] 1-21: Ensure that a user for the container has been created

(CKV_DOCKER_3)

🪛 Hadolint (2.14.0)

[error] 10-10: Use COPY instead of ADD for files and folders

(DL3020)

---

[error] 12-12: Use absolute WORKDIR

(DL3000)

🤖 Prompt for AI Agents

In Dockerfile around lines 1 to 21, the image runs as root by default; create a
non-privileged user, set its home/workdir ownership and switch to it before CMD
to reduce attack surface. Add steps to: create a user and group (non-root), set
appropriate ownership (chown) of /price-pusher and apps/price_pusher so the new
user can read/write, set HOME and USER to that non-root account, and switch to
that USER before the CMD; ensure any files or ports the process needs are
accessible by that user and avoid running privileged setup commands after
switching.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify that the Node.js base image version is current and secure.

The Dockerfile uses node:22.14 as the base image. Ensure this version is up-to-date and free from known vulnerabilities.

---

🌐 Web query:

What is the latest LTS version of Node.js?

💡 Result:

The current LTS major is Node.js v22 ("Jod"); the latest release in that line is v22.20.0 (released Sep 24, 2025). [1][2]

Sources:
[1] Node.js v22.20.0 release notes (Sep 24, 2025).
[2] Node.js Releases listing showing v22 as Active LTS.

---

Update Node.js base image to v22.20.0
Replace FROM node:22.14 with FROM node:22.20.0 (latest Active LTS as of Sep 24, 2025) to include the most recent security patches.

🧰 Tools

🪛 Checkov (3.2.334)

[low] 1-21: Ensure that HEALTHCHECK instructions have been added to container images

(CKV_DOCKER_2)

---

[low] 1-21: Ensure that a user for the container has been created

(CKV_DOCKER_3)

🤖 Prompt for AI Agents

In Dockerfile around lines 1 to 1, the base image is pinned to node:22.14;
update it to the current Active LTS by replacing that line with FROM
node:22.20.0 so the build uses Node.js v22.20.0 with latest security patches;
ensure no other Dockerfile references or CI cache expectations require the older
tag and rebuild any dependent images.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: Missing dependency installation and build steps.

The Dockerfile copies all files and switches to the apps/price_pusher directory, but there's no npm install or build step. Without installing dependencies, the npm run start command will fail at runtime.

Add dependency installation and build steps after copying files:

 WORKDIR /price-pusher
 COPY . .
+RUN npm install --frozen-lockfile
+RUN npm run build

 WORKDIR apps/price_pusher

Alternatively, if using a monorepo tool like turbo (as indicated in the workflow), adjust accordingly:

 WORKDIR /price-pusher
 COPY . .
+RUN npm install -g pnpm
+RUN pnpm install --frozen-lockfile
+RUN pnpm turbo build --filter @pythnetwork/price-pusher

 WORKDIR apps/price_pusher

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	WORKDIR /price-pusher
	ADD . .
	WORKDIR apps/price_pusher
	WORKDIR /price-pusher
	COPY . .
	RUN npm install --frozen-lockfile
	RUN npm run build
	WORKDIR apps/price_pusher

Suggested change

	WORKDIR /price-pusher
	ADD . .
	WORKDIR apps/price_pusher
	WORKDIR /price-pusher
	COPY . .
	RUN npm install -g pnpm
	RUN pnpm install --frozen-lockfile
	RUN pnpm turbo build --filter @pythnetwork/price-pusher
	WORKDIR apps/price_pusher

🧰 Tools

🪛 Checkov (3.2.334)

[low] 10-10: Ensure that COPY is used instead of ADD in Dockerfiles

(CKV_DOCKER_4)

---

[low] 12-12: Ensure that WORKDIR values are absolute paths

(CKV_DOCKER_10)

🪛 Hadolint (2.14.0)

[error] 10-10: Use COPY instead of ADD for files and folders

(DL3020)

---

[error] 12-12: Use absolute WORKDIR

(DL3000)

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Use COPY instead of ADD for regular files.

Docker best practices recommend using COPY instead of ADD for copying files and directories, as ADD has additional features (like extracting tar files) that can lead to unexpected behavior.

Apply this diff:

-ADD . .
+COPY . .

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ADD . .
	COPY . .

🧰 Tools

🪛 Checkov (3.2.334)

[low] 10-10: Ensure that COPY is used instead of ADD in Dockerfiles

(CKV_DOCKER_4)

🪛 Hadolint (2.14.0)

[error] 10-10: Use COPY instead of ADD for files and folders

(DL3020)

🤖 Prompt for AI Agents

In Dockerfile around line 10, the Dockerfile uses ADD . . which is discouraged
for regular file copying; replace the ADD command with COPY . . to follow best
practices (use COPY for simple file/directory copies and reserve ADD only when
you need its extra features like remote URLs or automatic tar extraction).

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Use absolute WORKDIR path.

The second WORKDIR uses a relative path. Docker best practices recommend using absolute paths for clarity and to avoid ambiguity.

Apply this diff:

-WORKDIR apps/price_pusher
+WORKDIR /price-pusher/apps/price_pusher

🧰 Tools

🪛 Checkov (3.2.334)

[low] 12-12: Ensure that WORKDIR values are absolute paths

(CKV_DOCKER_10)

🪛 Hadolint (2.14.0)

[error] 12-12: Use absolute WORKDIR

(DL3000)

🤖 Prompt for AI Agents

In Dockerfile at line 12, the WORKDIR is set to a relative path
("apps/price_pusher"); change it to an absolute path (for example
"/apps/price_pusher" or the repository canonical app root such as
"/usr/src/app/apps/price_pusher") so the Docker image uses an unambiguous
working directory; update the WORKDIR line to the chosen absolute path.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 10cb706 and bac6da8.

📒 Files selected for processing (1)

• apps/price_pusher/price-config.stable.sample.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build
• GitHub Check: test
• GitHub Check: build

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 68c9cac and 6df13f2.

📒 Files selected for processing (1)

• apps/price_pusher/price-config.stable.sample.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: test
• GitHub Check: build

🔇 Additional comments (1)

apps/price_pusher/price-config.stable.sample.yaml (1)

2-2: Verify that all price feed IDs match the official Pyth documentation for the Stable channel.

The price pusher service monitors both the off-chain and on-chain Pyth price for a configured set of price feeds, so incorrect IDs will cause runtime failures during price updates. Ensure each ID corresponds to the correct asset and market variant (e.g., PRE/POST) according to Pyth's official price feed list.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider extracting common configuration to reduce duplication.

All 26 entries share identical values for time_difference, price_deviation, confidence_ratio, and early_update blocks—only alias and id vary. This creates a maintenance burden: updating the push policy requires changing all 26 entries consistently.

Consider one of these approaches:

1. YAML anchors/aliases to define defaults once:

defaults: &default_config
  time_difference: 300
  price_deviation: 0.05
  confidence_ratio: 200
  early_update:
    time_difference: 150
    price_deviation: 0.03

- alias: GOOG/USD
  id: e65ff435be42630439c96396653a342829e877e2aafaeaf1a10d0ee5fd2cf3f2
  <<: *default_config

2. Application-level defaults: Modify the price-pusher to support a defaults section with per-entry overrides, reducing the config to just alias and id for standard entries.

🤖 Prompt for AI Agents

In apps/price_pusher/price-config.stable.sample.yaml lines 1-208 the same
push-policy fields (time_difference, price_deviation, confidence_ratio,
early_update) are duplicated across 26 entries; extract those common values into
a single defaults block and have each entry inherit them. Fix by either (A)
adding a YAML defaults anchor/alias and merging it into each price entry using
the YAML merge key so entries only need alias and id, or (B) extend the
price-pusher config parser to accept a top-level "defaults" section and
programmatically merge defaults into each entry at load time (respecting
per-entry overrides). Update the sample file to use the chosen approach and
adjust any docs/tests to reflect the new config format.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Incorrect comment persists despite prior fix claim.

The comment "0.05% deviation" appears on all price_deviation: 0.05 lines throughout the file, but a value of 0.05 represents 5%, not 0.05%. Past review comments indicate this was addressed in commit c345fbf, yet the incorrect comments remain in the current code. This mismatch will confuse operators tuning thresholds and risks misconfiguration.

Apply this diff to fix all occurrences:

-  price_deviation: 0.05   # 0.05% deviation trips a push
+  price_deviation: 0.05   # 5% deviation trips a push

Repeat for all 26 entries in the file.

Also applies to: 12-12, 20-20, 28-28, 36-36, 44-44, 52-52, 60-60, 68-68, 76-76, 84-84, 92-92, 100-100, 108-108, 116-116, 124-124, 132-132, 140-140, 148-148, 156-156, 164-164, 172-172, 180-180, 188-188, 196-196, 204-204

🤖 Prompt for AI Agents

In apps/price_pusher/price-config.stable.sample.yaml around lines
4,12,20,28,36,44,52,60,68,76,84,92,100,108,116,124,132,140,148,156,164,172,180,188,196,204,
the inline comment for price_deviation: 0.05 incorrectly reads "0.05% deviation"
even though the value 0.05 represents 5% (0.05 == 5%), so update each comment to
read "5% deviation" (or "0.05 = 5% deviation") to accurately reflect the numeric
meaning and avoid operator confusion; make this change for all 26 occurrences
listed.