feat: event-driven lighthouse implementation

.github/workflows/build-test-deploy.yml

@@ -64,6 +64,7 @@ jobs:
           SERVICES="${SERVICES},${ENVIRONMENT}-${STAGE}-relayer-web3signer"
           SERVICES="${SERVICES},${ENVIRONMENT}-${STAGE}-watchtower"
           SERVICES="${SERVICES},${ENVIRONMENT}-${STAGE}-watchtower-web3signer"
+          SERVICES="${SERVICES},${ENVIRONMENT}-${STAGE}-lighthouse-handler"
           SERVICES="${SERVICES},${ENVIRONMENT}-${STAGE}-lighthouse-web3signer"
           SERVICES="${SERVICES},${ENVIRONMENT}-${STAGE}-monitor"
           echo "ECS_SERVICES=${SERVICES}" >> $GITHUB_OUTPUT
@@ -180,9 +181,6 @@ jobs:
           DOCKER_BUILDKIT=1 docker build --provenance=false --sbom=false -f docker/relayer/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
           docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
 
-    outputs:
-      json: ${{ steps.meta.outputs.json }}
-
   build-and-push-watchtower-image:
     if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/testnet-staging' || github.ref == 'refs/heads/mainnet-staging' || github.ref == 'refs/heads/testnet-prod' || github.ref == 'refs/heads/mainnet-prod'
     env:
@@ -218,9 +216,6 @@ jobs:
           DOCKER_BUILDKIT=1 docker build --provenance=false --sbom=false -f docker/watchtower/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
           docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
 
-    outputs:
-      json: ${{ steps.meta.outputs.json }}
-
   build-and-push-lighthouse-image:
     if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/testnet-staging' || github.ref == 'refs/heads/mainnet-staging' || github.ref == 'refs/heads/testnet-prod' || github.ref == 'refs/heads/mainnet-prod'
     env:
@@ -256,8 +251,40 @@ jobs:
           DOCKER_BUILDKIT=1 docker build --provenance=false --sbom=false -f docker/lighthouse/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
           docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
 
-    outputs:
-      json: ${{ steps.meta.outputs.json }}
+  build-and-push-lighthouse-handler-image:
+    if: github.ref == 'refs/heads/mainnet-staging'
+    env:
+      REGISTRY: 679752396206.dkr.ecr.${{ needs.set-aws-region.outputs.AWS_REGION }}.amazonaws.com
+      IMAGE_TAG: chimera-${{ github.sha }}
+      REPOSITORY: chimera-lighthouse-handler
+    runs-on: ubuntu-latest
+    needs: [set-aws-region]
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: ${{ needs.set-aws-region.outputs.AWS_REGION }}
+          aws-access-key-id: ${{ secrets.DEPLOYER_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.DEPLOYER_AWS_SECRET_ACCESS_KEY }}
+
+      - name: Login to Private ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          mask-password: 'true'
+
+      - name: Build, tag, and push docker image to Amazon ECR Public
+
+        run: |
+          DOCKER_BUILDKIT=1 docker build --provenance=false -f docker/lighthouse-handler/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
+          docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
 
   build-and-push-cartographer-image:
     if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/testnet-staging' || github.ref == 'refs/heads/mainnet-staging' || github.ref == 'refs/heads/testnet-prod' || github.ref == 'refs/heads/mainnet-prod'
@@ -294,9 +321,6 @@ jobs:
           DOCKER_BUILDKIT=1 docker build --provenance=false --sbom=false -f docker/cartographer/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
           docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
 
-    outputs:
-      json: ${{ steps.meta.outputs.json }}
-
   build-and-push-cartographer-handler-image:
     if: github.ref == 'refs/heads/mainnet-staging'
     env:
@@ -366,9 +390,6 @@ jobs:
           DOCKER_BUILDKIT=1 docker build --provenance=false --sbom=false -f docker/monitor/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
           docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
 
-    outputs:
-      json: ${{ steps.meta.outputs.json }}
-
   build-and-push-monitor-poller-image:
     if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/testnet-staging' || github.ref == 'refs/heads/mainnet-staging' || github.ref == 'refs/heads/testnet-prod' || github.ref == 'refs/heads/mainnet-prod'
     env:
@@ -404,9 +425,6 @@ jobs:
           DOCKER_BUILDKIT=1 docker build --provenance=false --sbom=false -f docker/monitor/poller/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
           docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
 
-    outputs:
-      json: ${{ steps.meta.outputs.json }}
-
   e2e-tests:
     if: github.ref == 'refs/heads/mainnet-staging' || github.ref == 'refs/heads/mainnet-prod'
     runs-on: ubuntu-latest
@@ -989,14 +1007,15 @@ jobs:
 
   terraform-services-core-mainnet-staging:
     if: github.ref == 'refs/heads/mainnet-staging'
-    needs: [set-aws-region, e2e-tests]
+    needs: [set-aws-region, e2e-tests, build-and-push-lighthouse-handler-image]
     env:
       AWS_PROFILE: aws-deployer-connext
       TF_VAR_full_image_name_relayer: chimera-${{ github.sha }}
       TF_VAR_full_image_name_watchtower: chimera-${{ github.sha }}
       TF_VAR_full_image_name_monitor: chimera-${{ github.sha }}
       TF_VAR_full_image_name_monitor_poller: chimera-${{ github.sha }}
       TF_VAR_lighthouse_image_tag: chimera-${{ github.sha }}
+      TF_VAR_lighthouse_handler_image_tag: chimera-${{ github.sha }}
 
     runs-on: ubuntu-latest
     permissions:

docker/lighthouse-handler/Dockerfile

@@ -0,0 +1,61 @@
+FROM node:18-slim AS build
+
+RUN apt-get update && apt-get install -y git curl bash python3 make gcc g++ && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /tmp/build
+
+# Copy dependency files first for layer caching
+COPY .yarn /tmp/build/.yarn/
+COPY .yarnrc.yml /tmp/build/
+COPY package.json /tmp/build/
+# All workspace package.json files must be present for Yarn 3 resolution
+COPY packages/utils/package.json /tmp/build/packages/utils/
+COPY packages/adapters/cache/package.json /tmp/build/packages/adapters/cache/
+COPY packages/adapters/chainservice/package.json /tmp/build/packages/adapters/chainservice/
+COPY packages/adapters/subgraph/package.json /tmp/build/packages/adapters/subgraph/
+COPY packages/adapters/web3signer/package.json /tmp/build/packages/adapters/web3signer/
+COPY packages/adapters/relayer/package.json /tmp/build/packages/adapters/relayer/
+COPY packages/adapters/database/package.json /tmp/build/packages/adapters/database/
+COPY packages/adapters/mqclient/package.json /tmp/build/packages/adapters/mqclient/
+COPY packages/agents/cartographer/core/package.json /tmp/build/packages/agents/cartographer/core/
+COPY packages/agents/cartographer/poller/package.json /tmp/build/packages/agents/cartographer/poller/
+COPY packages/agents/cartographer/handler/package.json /tmp/build/packages/agents/cartographer/handler/
+COPY packages/agents/lighthouse/package.json /tmp/build/packages/agents/lighthouse/
+COPY packages/agents/monitor/package.json /tmp/build/packages/agents/monitor/
+COPY packages/agents/relayer/package.json /tmp/build/packages/agents/relayer/
+COPY packages/agents/watchtower/package.json /tmp/build/packages/agents/watchtower/
+COPY packages/contracts/package.json /tmp/build/packages/contracts/
+COPY packages/subgraph/package.json /tmp/build/packages/subgraph/
+COPY yarn.lock /tmp/build/
+
+RUN yarn install
+
+# Copy source
+COPY config config/
+COPY packages/agents/lighthouse /tmp/build/packages/agents/lighthouse
+COPY packages/adapters/mqclient /tmp/build/packages/adapters/mqclient
+COPY packages/adapters/database /tmp/build/packages/adapters/database
+COPY packages/adapters/chainservice /tmp/build/packages/adapters/chainservice
+COPY packages/adapters/web3signer /tmp/build/packages/adapters/web3signer
+COPY packages/adapters/relayer /tmp/build/packages/adapters/relayer
+COPY packages/utils /tmp/build/packages/utils
+COPY packages/contracts /tmp/build/packages/contracts
+COPY .eslintignore /tmp/build/
+COPY .eslintrc.js /tmp/build/
+
+ENV SKIP_SOLIDITY_BUILD=true
+RUN yarn workspace @chimera-monorepo/lighthouse build
+
+# Runtime stage
+FROM node:18-slim AS runtime
+
+ENV NODE_ENV=production
+ARG COMMIT_HASH
+ENV COMMIT_HASH=${COMMIT_HASH:-unknown}
+
+WORKDIR /app
+COPY --from=build /tmp/build /app
+
+EXPOSE 8080
+
+CMD ["node", "packages/agents/lighthouse/dist/server.js"]

ops/env/mainnet/core/secrets.staging.json

@@ -36,6 +36,7 @@
 	"monitor_webhook_secret": "ENC[AES256_GCM,data:4kEUcdG2hZFCq2mqanzbMQPn4nveg0OluWtLNVyjP2HvM1yJlJoe5Jp42XxpRzlj0D31tBVzfDR7wyNid9gYgQ==,iv:QK3cO+NzGjrqvaK1BTDPz/dILC7A39FgLqS2aj/Fcug=,tag:TMIdTsesSl+rZxbFDEpcAw==,type:str]",
 	"enable_monitor": "ENC[AES256_GCM,data:wcj+YA==,iv:xBlWl2PcauW9wovYfT68THX1nwNp6hUYD+v6mMEbpyQ=,tag:xfOhhydwxHY9/0P3jlK1Lw==,type:str]",
 	"tron_drpc_api_key": "ENC[AES256_GCM,data:Bc3Qrb4CQk2zW/NGXitbfDRJymqHZORKrlCeo5KtwRj8KqHwelm4hdsqR1o=,iv:nhtqS2THux0S0Sj3g8bhSSS1YfmSXhwnjK7eLjN4dR8=,tag:z2pnd+fJTB4DnGLKdK2c/A==,type:str]",
+	"lighthouse_queue_redis_auth_token": "ENC[AES256_GCM,data:5dLNZkf5RelGGdIlEItM3nQj9uWW3IwXESwl1U0H,iv:gq7RrMrbZEzF0rKWHnrYDGCt0GSYYZcIWQ6jy2X3ZXo=,tag:Pe9W2GGOY3k+LgsXg9qqFQ==,type:str]",
 	"sops": {
 		"kms": [
 			{
@@ -49,8 +50,8 @@
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2026-03-06T16:41:28Z",
-		"mac": "ENC[AES256_GCM,data:2x7jSBluVG4DccL3c7Tt0xj5GngifKkqhk0dld/Qamdx9t6XLZfRRhvyKgB0e1TwunBXOYCJOZAccS11mCz9k3GriboGG69ffq7Qgrpx360vhP7tpV+a18fZgIiaM/wtmfk2lt7BFh9rxIpZ91KL5SutL4qVCZAHczXj0vGtRpY=,iv:QgWUPIOq7L0fG3e3kh9Svqq5P/qB02kVovyZoADIXbA=,tag:MTjNlgJij1WNPOsAT86kgg==,type:str]",
+		"lastmodified": "2026-03-13T02:26:49Z",
+		"mac": "ENC[AES256_GCM,data:HHfWyvExxsjqKE6eSXAaGk2DqQ7vOetgb2ox68Z67jWVg3B7Jh8QmgctYyHD3pO91jFErCDC/o411tY08c8yxxOE5iWKLxUFCKXdPXqjo914sHF4Q7fRcLG7chXrsWMpZl6VT60IULpHBaDb6sGpfNu/EDmEkLUO1d2TZy3JPXg=,iv:733E8ilFnjslckcjI0585DHs3BkK3uw88LykKq9ZvH8=,tag:xJ4XEmysj0RinY4FEWcRsw==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.9.1"

ops/mainnet/staging/backend/config.tf

@@ -47,6 +47,7 @@ locals {
     { name = "DD_LOGS_ENABLED", value = "true" },
     { name = "DD_API_KEY", value = var.dd_api_key },
     { name = "CARTOGRAPHER_ADMIN_TOKEN", value = var.cartographer_admin_token },
+    { name = "REDIS_URL", value = data.terraform_remote_state.core.outputs.lighthouse_queue_redis_url },
   ]
 
   local_cartographer_config_obj = {

ops/mainnet/staging/backend/main.tf

@@ -10,6 +10,15 @@ provider "aws" {
   region = var.region
 }
 
+data "terraform_remote_state" "core" {
+  backend = "s3"
+  config = {
+    bucket = "everclear-chimera-mainnet-staging-core"
+    key    = "state"
+    region = "us-east-1"
+  }
+}
+
 # Fetch AZs in the current region
 data "aws_availability_zones" "available" {}
 

ops/mainnet/staging/core/config.tf

@@ -71,6 +71,17 @@ locals {
     GRAPH_API_KEY     = var.graph_api_key
   }
 
+  lighthouse_handler_env_vars = [
+    { name = "LIGHTHOUSE_CONFIG", value = local.local_lighthouse_config },
+    { name = "LIGHTHOUSE_SERVICE", value = "handler" },
+    { name = "REDIS_URL", value = "rediss://:${var.lighthouse_queue_redis_auth_token}@${module.lighthouse_queue_cache.redis_instance_address}:${module.lighthouse_queue_cache.redis_instance_port}" },
+    { name = "ENVIRONMENT", value = var.environment },
+    { name = "STAGE", value = var.stage },
+    { name = "DD_ENV", value = "${var.environment}-${var.stage}" },
+    { name = "DD_LOGS_ENABLED", value = "true" },
+    { name = "DD_API_KEY", value = var.dd_api_key },
+  ]
+
   lighthouse_web3signer_env_vars = [
     { name = "WEB3_SIGNER_PRIVATE_KEY", value = var.lighthouse_web3_signer_private_key },
     { name = "WEB3SIGNER_HTTP_HOST_ALLOWLIST", value = "*" },