Implement claim all calibnet token API

[sudo-shashank]

Summary of changes

Changes introduced in this pull request:

• Impl /api/claim_token_all API to requests claims for both CalibnetUSDFC and CalibnetFIL in one call.
• This api internally just calls claim_token and aggregates the results.

Preview URL: https://36c9a6e.forest-explorer-preview.workers.dev

Reference issue to close (if applicable)

Closes #333

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code
  adheres to the team's
  documentation standards,
• I have added tests that prove my fix is effective or that my feature works
  (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes
  should be reflected in this document.

Summary by CodeRabbit

• New Features

  • Added a "claim all" API to request multiple faucet tokens in one call and receive per-claim JSON results (success items include faucet info and tx hash; failures include faucet info and error).

• Documentation

  • Updated API docs with the new endpoint, JSON array success/failure examples, multi-item responses, Key Points, and rate-limit info; original API docs now include additional success examples and references to the All API.

• Bug Fixes

  • Clarified address validation error messaging to specify supported address types.

[coderabbitai]

Walkthrough

Adds a new /api/claim_token_all GET endpoint returning a JSON array of per-faucet ClaimResponse; changes claim flow to return TxHash (instead of plain string) for claim_token, handle_native_claim, and handle_erc20_claim; adds ClaimResponse struct, updates SSR registration, docs, and refines an address error message.

Changes

Cohort / File(s)	Change Summary
API Documentation docs/api-documentation.md	Added /api/claim_token_all docs with JSON array response structure, per-item success/failure examples, multi-item error responses (400/429), Key points and Rate Limits specific to the All API, and references/examples linking the original claim_token to the new All API.
Server API Implementation src/faucet/server_api.rs	Added ClaimResponse struct (faucet_info, optional tx_hash: TxHash, optional error); changed claim_token, handle_native_claim, and handle_erc20_claim to return TxHash instead of String; added claim_token_all(address: String) -> Result<Vec<ClaimResponse>, ServerFnError> which aggregates per-faucet claims; added serde and TxHash usage.
SSR Registration src/lib.rs	Registered new server API endpoint faucet::server_api::ClaimTokenAll in SSR startup registration.
Address utils / Error messaging src/utils/address.rs	Updated error message when unsupported address protocol is encountered to: "Invalid address {self}, Only ID and Delegated addresses are supported." (message text change only).

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant API as /api/claim_token_all
    participant Claim as claim_token(faucet_info, address)
    participant Aggregator as Aggregator

    note right of API #DDF2E6: API calls per-faucet claim handlers\nand returns JSON Vec<ClaimResponse>

    User->>API: GET /api/claim_token_all?address=...
    API->>Claim: claim_token(CalibnetUSDFC, address)
    activate Claim
    Claim-->>API: TxHash or Error
    deactivate Claim
    API->>Claim: claim_token(CalibnetFIL, address)
    activate Claim
    Claim-->>API: TxHash or Error
    deactivate Claim
    API->>Aggregator: build Vec<ClaimResponse>{faucet_info, tx_hash?, error?}
    Aggregator-->>User: 200 JSON [ ClaimResponse, ... ] / 400/429 as applicable

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• Implement a new API to claim all calibnet tokens #333: Implements the requested /api/claim_token_all endpoint to claim all Calibnet tokens in one call — directly matched by this PR.
• Add automated tests for claim_token endpoint #319: Overlaps with changes to claim_token, handle_native_claim, and handle_erc20_claim signatures and return types; relevant for tests and validation.

Possibly related PRs

• Update claim token API to return transaction hash #321: Changes the claim handlers to return TxHash and adjusts serialization — closely related at the code level.
• Calibnet token claim api #315: Prior modifications to the faucet claim flow and server API overlapping structural/signature changes here.
• Handle low faucet balance in claim token API #327: Modifies claim_token flow with pre-checks and touches the same server_api area that now includes claim aggregation.

Suggested reviewers

• akaladarshi
• elmattic
• hanabi1224

Poem

🐰
I hopped to stitch a claim-all song,
Two faucets sang their hashes strong.
Bundled bits and errors small,
One call summoned tokens all.
A joyful hop — the ledger hums along.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes Check	⚠️ Warning	Most changes are appropriately scoped to issue #333, including the new endpoint implementation, return type refactoring to support structured responses, documentation updates, and API registration. However, the error handling change in src/utils/address.rs (updating the error message from "invalid address {self}" to "Invalid address {self}, Only ID and Delegated addresses are supported.") appears to be out of scope. This user-facing error message improvement is not related to the stated objectives of implementing the claim_token_all endpoint and lacks justification in the PR description for why this change was necessary.	The error message change in src/utils/address.rs should either be removed from this PR or its necessity should be explained and justified as a separate improvement. If this change was required to support the new feature, that dependency should be documented in the PR description. Consider splitting this into a separate PR if it is unrelated to the claim_token_all implementation, or clarify its purpose if it is a prerequisite fix.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "Implement claim all calibnet token API" accurately and concisely describes the primary change in the changeset. The title directly relates to the main objective of implementing a new /api/claim_token_all endpoint that allows claiming multiple calibnet tokens in a single call, which is the core focus of the changes across all modified files.
Linked Issues Check	✅ Passed	All coding requirements from issue #333 are met in this pull request. The new claim_token_all endpoint has been implemented [src/faucet/server_api.rs] to accept only an address parameter and internally call the existing claim_token implementation for both CalibnetUSDFC and CalibnetFIL while aggregating results into a structured ClaimResponse format. The endpoint respects faucet limits as it does not accept user-supplied faucet settings. Documentation has been updated [docs/api-documentation.md] to describe the new endpoint, parameters, and response formats. The endpoint has been registered in the SSR startup [src/lib.rs], and the PR indicates tests have been added. The return type changes from String to TxHash support the new structured response format required by the feature.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch shashank/claim_all

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 4.00000% with 24 lines in your changes missing coverage. Please review.
✅ Project coverage is 38.75%. Comparing base (532406e) to head (36c9a6e).

Files with missing lines	Patch %	Lines
src/faucet/server_api.rs	0.00%	23 Missing ⚠️
src/lib.rs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #334      +/-   ##
==========================================
- Coverage   39.03%   38.75%   -0.29%     
==========================================
  Files          40       40              
  Lines        2559     2578      +19     
==========================================
  Hits          999      999              
- Misses       1560     1579      +19     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/faucet/server_api.rs (1)

214-218: Add breaking change entry to CHANGELOG.md for claim_token API response format change.

The CHANGELOG.md has an empty Breaking section, but the API response format for claim_token has changed from a plain string to a JSON object with ClaimResponse structure. This breaking change must be documented.

Update the Breaking section in CHANGELOG.md to include an entry similar to:

• [#XXX](link): Breaking change - claim_tokenendpoint now returns JSON object withfaucet_infoandtx_hash instead of plain string transaction hash

Note: The API documentation (docs/api-documentation.md) is already accurate and reflects the current JSON response format. No frontend clients were found in this codebase to update.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 532406e and 6770701.

📒 Files selected for processing (4)

• docs/api-documentation.md (4 hunks)
• src/faucet/server_api.rs (8 hunks)
• src/lib.rs (1 hunks)
• src/utils/address.rs (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/faucet/server_api.rs (1)

src/lib.rs (5)

• server_fn (74-74)
• server_fn (75-75)
• server_fn (76-76)
• server_fn (77-77)
• server_fn (78-78)

🔇 Additional comments (7)

src/utils/address.rs (1)

111-111: LGTM! Error message improvement.

The updated error message is more informative and consistent with the log message above.

docs/api-documentation.md (2)

13-78: LGTM! Clear documentation updates.

The updated documentation accurately reflects the new JSON response format with faucet_info and tx_hash.

---

301-310: Good addition of rate limit details.

The rate limits table provides clear guidance on faucet constraints, which is helpful for users to understand the service limits.

src/lib.rs (1)

78-78: LGTM! Proper endpoint registration.

The registration of ClaimTokenAll follows the established pattern and is necessary for the new endpoint to function.

src/faucet/server_api.rs (3)

352-356: LGTM! Proper ClaimResponse construction.

The function correctly constructs a ClaimResponse with the transaction hash on success.

---

384-388: LGTM! Consistent with native claim handling.

The function correctly constructs a ClaimResponse mirroring the pattern used in handle_native_claim.

---

8-8: LGTM! Required imports added.

The imports for TxHash and Serialize/Deserialize are necessary for the new ClaimResponse struct.

Also applies to: 13-13

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

src/faucet/server_api.rs (1)

201-208: Consider the enum-based design suggested in previous review.

The existing review comment about enforcing mutual exclusivity between tx_hash and error remains unaddressed. The current design allows both fields to be None or both Some, which represents invalid states.

🧹 Nitpick comments (1)

src/faucet/server_api.rs (1)

250-272: Document partial success behavior.

The implementation correctly handles full success and full failure cases. However, the partial success scenario (e.g., CalibnetUSDFC succeeds but CalibnetFIL fails) is not explicitly documented in docs/api-documentation.md.

In this case, the HTTP status code will be set by whichever claim_token call executes last, so a partial success would return an error status code (400/429/500) even though one claim succeeded. The response body will correctly show one success and one failure.

Consider documenting this behavior in the API documentation to clarify expectations for consumers.

Would you like me to suggest specific documentation updates for the partial success scenario?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6770701 and 3b84f12.

📒 Files selected for processing (2)

• docs/api-documentation.md (3 hunks)
• src/faucet/server_api.rs (8 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/faucet/server_api.rs (1)

src/lib.rs (5)

• server_fn (74-74)
• server_fn (75-75)
• server_fn (76-76)
• server_fn (77-77)
• server_fn (78-78)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: e2e

🔇 Additional comments (6)

src/faucet/server_api.rs (4)

8-8: LGTM: Type-safe transaction hash.

Using TxHash from alloy primitives improves type safety over plain strings and aligns with the alloy ecosystem used in the codebase.

Also applies to: 13-13

---

218-218: LGTM: Improved return type.

Returning TxHash instead of String provides better type safety and makes the contract clearer.

---

317-317: LGTM: Consistent type usage.

The return type change to TxHash is consistent with the updated claim_token signature and eliminates unnecessary string conversions.

Also applies to: 351-351

---

363-363: LGTM: Consistent type usage.

The return type change to TxHash aligns with the updated API signature and removes unnecessary conversions.

Also applies to: 379-379

docs/api-documentation.md (2)

42-72: LGTM: Improved documentation clarity.

Separating the success examples for CalibnetFIL and CalibnetUSDFC makes the documentation more readable and provides clearer guidance for users.

---

146-221: LGTM: Comprehensive API documentation.

The new endpoint documentation is well-structured, clearly describes the JSON response format, and provides helpful examples.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

docs/api-documentation.md (2)

265-267: Remove undocumented parameter from curl example.

Same issue as line 234—the curl command includes faucet_info=CalibnetFIL, which should not be present based on the documented query parameters and endpoint design.

Apply this diff:

-curl "https://forest-explorer.chainsafe.dev/api/claim_token_all?faucet_info=CalibnetFIL&address=0xAe9C4b9508c929966ef37209b336E5796D632CDc"
+curl "https://forest-explorer.chainsafe.dev/api/claim_token_all?address=0xAe9C4b9508c929966ef37209b336E5796D632CDc"

---

233-235: Remove undocumented parameter from curl example.

The curl command includes faucet_info=CalibnetFIL, which contradicts the documented query parameters (line 159-163) that only list address as required. The endpoint description (line 154-155) states it automatically claims both CalibnetUSDFC and CalibnetFIL, so this parameter should not be present.

Apply this diff:

-curl "https://forest-explorer.chainsafe.dev/api/claim_token_all?faucet_info=CalibnetFIL&address=invalidaddress"
+curl "https://forest-explorer.chainsafe.dev/api/claim_token_all?address=invalidaddress"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3b84f12 and a3391eb.

📒 Files selected for processing (1)

• docs/api-documentation.md (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: codedov
• GitHub Check: deploy
• GitHub Check: e2e

🔇 Additional comments (1)

docs/api-documentation.md (1)

178-192: Response structure documentation is clear and well-formatted.

The Claim Response section clearly explains the per-faucet result format with conditional fields (tx_hash on success, error on failure). This aligns well with the JSON examples provided.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

docs/api-documentation.md (2)

239-254: Use json code block for JSON responses.

Line 239 marks the response as a bash code block, but the content is JSON. This causes inconsistent syntax highlighting compared to the success example at line 209, which correctly uses json.

Apply this diff to use the correct code block type:

 **Response:**

-```bash
+```json
 [
     {
         "faucet_info": "CalibnetUSDFC",

---

271-286: Use json code block for JSON responses.

Line 271 marks the response as a bash code block, but the content is JSON. This should use json to match the success example formatting and provide correct syntax highlighting.

Apply this diff to use the correct code block type:

 **Response:**

-```bash
+```json
 [
     {
         "faucet_info": "CalibnetUSDFC",

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a3391eb and d903e2f.

📒 Files selected for processing (1)

• docs/api-documentation.md (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: e2e
• GitHub Check: deploy
• GitHub Check: codedov
• GitHub Check: lint

🔇 Additional comments (2)

docs/api-documentation.md (2)

159-286: Query parameters and examples are consistent.

The endpoint correctly documents only the address parameter, and all success/failure examples consistently use only this parameter. The previous query parameter inconsistency has been resolved. ✓

---

178-220: Response structure documentation is clear and well-formatted.

The documentation clearly explains the response structure, and the success example uses the proper json code block for syntax highlighting. ✓

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

docs/api-documentation.md (2)

167-174: Clarify when different status codes are returned and what they indicate for per-faucet results.

The Status Codes table (200, 400, 429, 500) doesn't clarify the response behavior for partial failures. The examples show scenarios where both faucets fail identically (400 and 429 cases), but the documentation should explicitly address:

• What status code is returned if one faucet succeeds and the other fails?
• Is the status code determined by the "worst" error, the first error, or the last?

The current description "Tokens successfully claimed" for status 200 is ambiguous when per-faucet errors are possible in the response body.

Consider updating line 171 to:

-| 200         | Tokens successfully claimed      |
+| 200         | All token claims processed successfully |

And add clarification to the Status Codes section (after line 175) explaining the behavior for partial failures:

**Note:** The HTTP status code reflects the result of claim attempts. If all claims succeed, status 200 is returned. If validation fails for the address, status 400 is returned for both faucets. If rate-limited, status 429 is returned. If individual faucets fail with different error types, the last error encountered determines the final HTTP status code.

Alternatively, add an example demonstrating mixed success/failure (one faucet succeeds, one fails) to clarify the behavior.

---

290-293: Clarify rate-limiting scope for the All API.

Line 292 states "Each address is subject to rate limiting" but doesn't clarify whether this is:

• Per address across both faucets combined, or
• Per address per individual faucet

The example at lines 272–285 demonstrates different cooldown times per faucet (46 seconds vs. 12 seconds), which implies independent per-faucet rate limiting. However, the Key Points text is ambiguous.

Consider updating line 292 to:

-- Each address is subject to rate limiting to prevent abuse.
+- Each address is subject to independent rate limiting per faucet to prevent abuse.

This makes it explicit that the two faucets have separate rate limit counters, as demonstrated in the 429 example.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d903e2f and 36c9a6e.

📒 Files selected for processing (1)

• docs/api-documentation.md (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: e2e
• GitHub Check: lint
• GitHub Check: codedov
• GitHub Check: deploy