The Google Translate for Soroban β an open-source transparency tool for the Stellar/Soroban ecosystem.
Important
Looking for documentation? We have consolidated all guides into a centralized documentation index categorized by goal. Visit /docs/README.md to navigate directly to what you need:
- I want to run this locally (Quickstarts & development setup)
- I want to add a translation (Blueprints & registry linter)
- I want to understand the architecture (System design & microservices)
- I want to write a WASM parser (Advanced engine & tuning)
Smart contracts on Stellar/Soroban emit events as cryptic, hex-encoded binary data. To the average user β or even most developers β these events are completely unreadable. Open-Audit solves this by:
- Fetching raw contract events from the Stellar network via Horizon/RPC.
- Translating them into plain English sentences using a community-maintained Translation Registry.
- Displaying the results in a clean, searchable dashboard anyone can use.
Example:
| Before (Raw) | After (Translated) |
|---|---|
0x000000000000000000000000... |
Public Key [GABC...1234] transferred 100 USDC to [GXYZ...5678] |
Try the translation playground live at /playground (no local setup required).
- Framework: Next.js 14 (App Router) + TypeScript
- Design System: Tailwind CSS + shadcn/ui
- Stellar Integration:
stellar-sdk - State Management: React Context + Server Components
- Node.js >= 18
- npm >= 9
git clone https://github.com/your-org/open-audit.git
cd open-audit
npm install
npm run devOpen http://localhost:3000 in your browser.
For the recommended custom server with WebSocket support and /metrics, run:
npm run dev:decoupleddev:ws starts the decoupled microservices web server. Start the indexer in a
separate terminal with npm run worker:indexer when you need live chain events.
Copy .env.example to .env.local and fill in the values:
cp .env.example .env.localFor microservices architecture, use:
cp .env.microservices.example .env.local| Variable | Description | Default |
|---|---|---|
NEXT_PUBLIC_HORIZON_URL |
Stellar Horizon endpoint | https://horizon-testnet.stellar.org |
NEXT_PUBLIC_SOROBAN_RPC_URL |
Soroban RPC endpoint | https://soroban-testnet.stellar.org |
NEXT_PUBLIC_NETWORK_PASSPHRASE |
Network passphrase | Testnet passphrase |
REDIS_URL |
Redis connection URL (microservices) | redis://localhost:6379 |
REDIS_CHANNEL |
Redis Pub/Sub channel (microservices) | stellar:events |
PORT |
HTTP server port | 3000 |
Development:
npm run dev # Standard Next.js dev server
npm run dev:ws # Recommended decoupled WebSocket server (requires Redis)
npm run dev:decoupled # Microservices web server (requires Redis)
npm run worker:indexer # Microservices indexer worker (requires Redis)
npm run dev:ws:legacy # Deprecated monolithic WebSocket server; explicit legacy opt-in
npm run test:websocket # Test WebSocket connectionProduction (Microservices):
npm run docker:build # Build Docker images
npm run docker:up # Start all services with Docker Compose
npm run docker:down # Stop all Docker services
npm run docker:logs # View Docker logs
npm run start:pm2 # Start services with PM2
npm run stop:pm2 # Stop PM2 services
npm run monit:pm2 # Monitor PM2 processes
npm run logs:pm2 # View PM2 logsTesting & Quality:
npm run test # Run all tests
npm run lint # Run ESLint
npm run lint:registry # Validate translation registry
npm run format # Format code with PrettierThe custom server exposes Prometheus metrics on http://localhost:3000/metrics when running npm run dev:decoupled.
You can configure OpenTelemetry to export spans to Jaeger by setting:
export JAEGER_ENDPOINT="http://localhost:14268/api/traces"
export OTEL_SERVICE_NAME="open-audit"The default Jaeger endpoint is http://localhost:14268/api/traces.
Open-Audit supports two deployment architectures:
Decoupled, scalable, fault-isolated system using Redis Pub/Sub:
Stellar Network β Indexer Worker β Redis Pub/Sub β Web Server β WebSocket Clients
Benefits:
- β Zero CPU starvation (indexer runs in separate process)
- β Independent horizontal scaling
- β Fault isolation (crashes don't affect other services)
- β Auto-reconnect and message queuing
- β Zero-downtime deployments
Quick Start:
# Option 1: Docker Compose (Easiest)
npm run docker:up
# Option 2: PM2 Process Manager
npm run start:pm2
# Option 3: Manual
Terminal 1: redis-server
Terminal 2: npm run dev:decoupled
Terminal 3: npm run worker:indexerπ Documentation: For complete microservices instructions, architecture breakdowns, and testing guides, visit the Documentation Hub.
Bulletproof XDR parser protection against malicious contract payloads:
Untrusted XDR β Security Guards β Safe Parsing β Graceful Error Handling
Protection Against:
- β Stack overflow (deeply nested structures)
- β Out-of-memory attacks (large payloads)
- β Denial of service (infinite loops)
- β Malformed XDR exploitation
Security Mechanisms:
- Recursion depth limits (MAX=100 levels)
- Memory allocation guards (MAX=10 MB)
- Parsing timeout protection (MAX=5 seconds)
- Collection size limits (MAX=10,000 elements)
- Real-time attack detection
π Documentation:
- Security Hardening Guide - Complete security documentation
- Security Summary - Historical PR implementation overview
Quick Start:
import { secureParseScVal } from '@/lib/translator/secure-xdr-parser';
const result = secureParseScVal(hex);
if (result.success) {
// Use result.value safely
}Monitoring:
GET /api/security/metrics # Security metrics APIDeprecated single-process system kept only for migration/debugging:
Stellar Network β Event Indexer β Translation Engine β WebSocket Server β Frontend Dashboard
server.ts. New development should use the microservices path above.
npm run dev:ws:legacyThe legacy script passes --legacy to server.ts. Direct invocations of
server.ts without --legacy or OPEN_AUDIT_LEGACY_SERVER=1 exit immediately
with a migration message so local scripts do not accidentally start the
deprecated path.
For new contributors wanting to understand the system's data flow and internal architecture, see the comprehensive ARCHITECTURE.md guide which includes:
- π Interactive Mermaid diagrams showing data flow
- π Component deep dives for each service
- π Step-by-step event journey from blockchain to UI
- π οΈ Development guides for adding new features
Quick Overview:
- Event Indexer (
lib/stellar/,src/worker/) β Polls Stellar RPC with resilient rate limiting - Translation Engine (
lib/translator/) β Converts XDR to human-readable text with security hardening - Redis Pub/Sub (microservices only) β Message broker for event distribution
- WebSocket Server (
server-decoupled.ts) β Broadcasts events in real-time;server.tsis deprecated and available only throughdev:ws:legacy - Frontend Dashboard (
app/dashboard/,components/) β Interactive UI
open-audit/
βββ app/ # Next.js App Router pages
β βββ dashboard/ # Main dashboard page
β βββ api/ # API routes (health checks, etc.)
β βββ layout.tsx # Root layout with theme provider
β βββ page.tsx # Landing / redirect
βββ components/ # Reusable UI components
β βββ ui/ # shadcn/ui primitives
β βββ dashboard/ # Dashboard-specific components
β βββ theme/ # Dark mode toggle
βββ lib/
β βββ translator/ # π The Translation Registry core logic
β β βββ types.ts # RawEvent / TranslatedEvent interfaces
β β βββ registry.ts # Registry lookup function
β β βββ blueprints/ # Per-contract translation blueprints
β βββ stellar/ # Stellar SDK helpers
β β βββ indexer.ts # Event polling with rate limit handling
β β βββ client.ts # RPC client configuration
β βββ resilience/ # β‘ Rate limiting & circuit breaker
β β βββ token-bucket.ts # Token bucket rate limiter
β β βββ circuit-breaker.ts # Circuit breaker pattern
β β βββ resilient-client.ts # Resilient RPC client wrapper
β βββ hooks/ # React hooks for live data
β βββ utils.ts # Shared utilities
βββ src/
β βββ worker/ # π Microservices architecture
β βββ indexer.ts # Standalone indexer worker
βββ scripts/
β βββ lint-registry.ts # Translation registry validation
β βββ test-websocket-client.js # WebSocket testing tool
βββ docs/
β βββ README.md # π Centralized documentation hub
β βββ archive/ # π Historical PR write-ups & summaries
β βββ good-first-issues.json
βββ server.ts # Legacy monolithic server (deprecated)
βββ server-decoupled.ts # π Microservices web server
βββ ecosystem.config.js # π PM2 configuration
βββ docker-compose.microservices.yml # π Docker Compose config
βββ Dockerfile.worker # π Indexer worker Docker image
βββ Dockerfile.web # π Web server Docker image
βββ ARCHITECTURE.md # π Detailed architecture guide
βββ MICROSERVICES_ARCHITECTURE.md # π Microservices documentation
βββ QUICKSTART_MICROSERVICES.md # π Quick start guide
βββ MICROSERVICES_TESTING_GUIDE.md # π Testing guide
βββ public/
The heart of Open-Audit is the Translation Registry in /lib/translator/. Each contract gets a blueprint β a mapping from raw event topics/data to a human-readable template.
To add support for a new contract, create a file in /lib/translator/blueprints/ and register it in registry.ts. See CONTRIBUTING.md for a step-by-step guide.
Instant offline testing for translation blueprints β no database, no network, no services required.
# Install and build
npm install
npm run build:cli
# Test a specification
node dist/cli/open-audit-cli.js test \
--hex 0x74726e7312345678 \
--spec ./blueprints/my-contract.json \
--verboseBenefits:
- β 17x faster iteration cycle vs. full system
- β Zero setup - Node.js only
- β Works offline
- β JSON & YAML support
- β CI/CD integration ready
π Documentation:
- CLI README - Complete command reference and examples
- Quick Start - Get started in 30 seconds
- Task Summary - Historical PR implementation details
Quick Example:
npm run cli:exampleOutput:
β
Translation Successful
Description: GABC...1234 transferred 100.00 USDC to GXYZ...5678
Secure execution environment for third-party contract parsers:
Untrusted WASM β Sandbox β Zero Host Access β Strict Limits β Safe Execution
Security Features:
- β Zero host capabilities (no filesystem, network, or env access)
- β Memory limits (16MB maximum per execution)
- β Execution timeouts (5 seconds maximum)
- β Worker thread isolation (crashes don't affect main process)
- β Input/output validation (size and schema checks)
Why WASM?
- Community developers can write custom parsers for idiosyncratic contracts
- Zero RCE risk - parsers run in complete isolation
- Near-native performance with minimal overhead (~60-120ms)
- Industry-standard sandboxing technology
π Documentation:
- WASM Sandbox Architecture - Complete technical documentation
- Community Parser Guide - Write your own parser
- Implementation Summary - Historical PR overview and testing
Quick Start (Parser Development):
# Install Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustup target add wasm32-unknown-unknown
# Build example parsers
cd lib/wasm-sandbox/examples/rust
./build-all.sh # or build-all.bat on Windows
# Test your parser
npm run test:wasm:manual custom ./my-parser.wasm
# Run test suite
npm run test:wasmExample Usage:
import { WasmSandboxRunner } from '@/lib/wasm-sandbox';
const runner = new WasmSandboxRunner();
const result = await runner.execute('./parser.wasm', {
data: JSON.stringify({ from: 'G...', to: 'G...', amount: '1000000' }),
contractId: 'CDLZ...YSC',
eventType: 'transfer'
});
if (result.success) {
console.log(result.output.description); // "Transferred 1000000..."
}We welcome contributions of all sizes! See CONTRIBUTING.md to get started.
Good first issues are listed in /docs/good-first-issues.json.
MIT Β© Open-Audit Contributors