Implement api endpoint on chain

[codebestia]

Description

Implements on-chain data REST API endpoints with Redis TTL caching (30 seconds) for live Solana state queries.

Closes #507

New endpoints (/api prefix):

• GET /reputation/{wallet} — Reputation summary for the contributor whose verified wallet matches the address
• GET /staking/{wallet} — Native SOL + $FNDRY SPL token balances for any wallet via Solana RPC
• GET /treasury/stats — Treasury balance and aggregate payout stats (Redis cache + existing 60s in-memory layer)
• POST /webhooks/helius — Cache invalidation webhook for Helius/Shyft with optional HMAC-SHA256 signature verification

Cache layer (app/services/onchain_cache.py):

• Redis-backed cache_get / cache_set / cache_invalidate / cache_invalidate_prefix with 30s TTL
• Graceful degradation: any Redis error is logged as a warning and returns None so callers fall back to live RPC

Escrow GET caching (app/api/escrow.py):

• GET /api/escrow/{bounty_id} now caches the response in Redis for 30 seconds
• Fund / release / refund mutations invalidate the cache immediately

Solana Wallet for Payout

Wallet: 4QhseKvBuaCQhdkP248iXoUxohPzVC5m8pE9hAv4nMYw

Type of Change

• 🐛 Bug fix (non-breaking change which fixes an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📝 Documentation update
• 🎨 Style/UI update
• ♻️ Code refactoring
• ⚡ Performance improvement
• ✅ Test addition/update

Checklist

• Code is clean and follows the issue spec exactly
• One PR per bounty (no multiple bounties in one PR)
• Tests included for new functionality
• All existing tests pass
• No console.log or debugging code left behind
• No hardcoded secrets or API keys

Testing

• Unit tests added/updated — backend/tests/test_onchain_api.py (5 test classes, 19 tests)
  • TestReputationEndpoint — 404 on unknown wallet, cache miss/hit, cache write, pagination
  • TestStakingEndpoint — RPC balances, cached response, cache write, 502 on RPC error
  • TestTreasuryStatsEndpoint — service hit, cache hit, 503 on failure, cache write
  • TestHeliusWebhook — account invalidation, treasury bust, signature missing/invalid/valid
  • TestEscrowCaching — GET writes cache on miss, serves from cache without DB hit
• All RPC calls are mocked; no live Solana or Redis connections required in CI

Additional Notes

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 88f94d3e-1d4e-426f-b43b-76b19ecb5eb5

📥 Commits

Reviewing files that changed from the base of the PR and between 87e7678 and 705e07e.

📒 Files selected for processing (5)

• backend/app/api/escrow.py
• backend/app/api/onchain.py
• backend/app/main.py
• backend/app/services/onchain_cache.py
• backend/tests/test_onchain_api.py

---

📝 Walkthrough

Walkthrough

This PR introduces Redis-backed caching infrastructure for on-chain data endpoints. It adds a new cache service module with async Redis operations (get, set, invalidate, prefix-invalidate), integrates caching into the existing escrow endpoint with cache invalidation on state changes, and creates a new on-chain API router with endpoints for reputation lookups, staking balances, treasury statistics, and webhook-based cache invalidation. The webhook endpoint verifies HMAC-SHA256 signatures and clears cached data across staking, reputation, and treasury namespaces. The new router is registered in the main FastAPI application, and comprehensive tests cover all endpoint behaviors including cache hit/miss scenarios.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• CLOSES #189 - Custodial Escrow Service #400: Introduces escrow API handlers that are now enhanced with Redis caching and cache invalidation in this PR.
• feat: Payout History & Treasury Stats API #127: Adds treasury/stats API and TreasuryStats models that are extended with caching infrastructure in this PR.

Suggested labels

approved, paid

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (1 warning, 2 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 39.02% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	Title is vague and generic, using non-descriptive phrasing like 'on chain' without specifying the main changes or scope of the implementation.	Make the title more specific and descriptive, e.g., 'Add on-chain data REST API endpoints with Redis caching' or 'Implement on-chain reputation, staking, and treasury endpoints'.
Linked Issues check	❓ Inconclusive	PR implements most acceptance criteria from #507 but omits rate limiting and lacks explicit OpenAPI documentation verification in the provided summaries.	Verify rate limiting implementation and confirm OpenAPI documentation exists for all endpoints in the code or documentation files.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	Description clearly relates to the changeset, detailing new endpoints, caching implementation, and test coverage with specific technical details.
Out of Scope Changes check	✅ Passed	All changes align with #507 requirements: new on-chain endpoints, Redis caching, cache invalidation via webhooks, escrow caching, and comprehensive tests.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}