feat(health-checks): implement Naga health check system with automated endpoint testing

- Added health check initialization and management for Naga networks.
- Implemented tests for key functionalities: Handshake, PKP Sign, Sign Session Key, Execute JS, and Decrypt.
- Integrated logging to Lit Status backend for monitoring.
- Created GitHub Actions workflow for automated health checks on push and manual triggers.
- Updated package.json and pnpm-lock.yaml for new dependencies and scripts.

Author: Ansonhkg

.github/workflows/health-checks.yml

@@ -0,0 +1,109 @@
+name: Naga Health Checks
+
+on:
+  push:
+    branches:
+      - feature/jss-29-feature-add-naga-uptime-bot
+  # Temporarily disabled schedule; re-enable when satisfied
+  # schedule:
+  #   - cron: '*/5 * * * *'
+  workflow_dispatch:
+    inputs:
+      naga_branch:
+        description: 'Branch to run health checks from (optional)'
+        required: true
+        default: 'naga'
+      network:
+        description: 'Specific network to test (leave empty for all)'
+        required: false
+        type: choice
+        options:
+          - naga-dev
+          - naga-test
+
+env:
+  LIT_STATUS_WRITE_KEY: ${{ secrets.LIT_STATUS_WRITE_KEY }}
+  LIT_STATUS_BACKEND_URL: ${{ vars.LIT_STATUS_BACKEND_URL }}
+
+jobs:
+  naga-health-check:
+    runs-on: ubuntu-latest
+    environment: Health Check
+    strategy:
+      # Don't cancel other network tests if one fails
+      fail-fast: false
+      matrix:
+        network: [naga-dev, naga-test]
+    
+    env:
+      NETWORK: ${{ matrix.network }}
+      LIVE_MASTER_ACCOUNT: ${{ matrix.network == 'naga-dev' && secrets.LIVE_MASTER_ACCOUNT_NAGA_DEV || secrets.LIVE_MASTER_ACCOUNT_NAGA_TEST }}
+      LIT_YELLOWSTONE_PRIVATE_RPC_URL: ${{ vars.LIT_YELLOWSTONE_PRIVATE_RPC_URL }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # If manually triggered and a branch is provided, use it; otherwise use the triggering ref
+          ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.naga_branch || github.ref }}
+          fetch-depth: 1
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22.18.0'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Enable corepack and setup pnpm
+        run: |
+          corepack enable
+          corepack prepare [email protected] --activate
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build project
+        run: pnpm build
+
+      - name: Verify required environment variables
+        run: |
+          echo "Checking environment variables for ${{ matrix.network }}..."
+          if [ -z "${LIVE_MASTER_ACCOUNT}" ]; then
+            echo "❌ LIVE_MASTER_ACCOUNT is not set for ${{ matrix.network }}"
+            exit 1
+          fi
+          if [ -z "${LIT_STATUS_WRITE_KEY}" ]; then
+            echo "❌ LIT_STATUS_WRITE_KEY is not set"
+            exit 1
+          fi
+          if [ -z "${LIT_STATUS_BACKEND_URL}" ]; then
+            echo "❌ LIT_STATUS_BACKEND_URL is not set"
+            exit 1
+          fi
+          echo "✅ All required environment variables are set"
+
+      - name: Run health check for ${{ matrix.network }}
+        # If a specific network is selected via workflow_dispatch input, only run that one
+        if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.network == '' || github.event.inputs.network == matrix.network }}
+        run: pnpm run ci:health
+        timeout-minutes: 10
+        env:
+          NETWORK: ${{ matrix.network }}
+          LIVE_MASTER_ACCOUNT: ${{ matrix.network == 'naga-dev' && secrets.LIVE_MASTER_ACCOUNT_NAGA_DEV || secrets.LIVE_MASTER_ACCOUNT_NAGA_TEST }}
+          LIT_STATUS_WRITE_KEY: ${{ secrets.LIT_STATUS_WRITE_KEY }}
+          LIT_STATUS_BACKEND_URL: ${{ vars.LIT_STATUS_BACKEND_URL }}
+          LIT_YELLOWSTONE_PRIVATE_RPC_URL: ${{ vars.LIT_YELLOWSTONE_PRIVATE_RPC_URL }}
+          LOG_LEVEL: info
+
+      - name: Health check summary
+        if: always()
+        run: |
+          if [ ${{ job.status }} == 'success' ]; then
+            echo "✅ Health check passed for ${{ matrix.network }}"
+            echo "Time: $(date -u +"%Y-%m-%d %H:%M:%S UTC")"
+          else
+            echo "❌ Health check failed for ${{ matrix.network }}"
+            echo "Time: $(date -u +"%Y-%m-%d %H:%M:%S UTC")"
+            echo "Please check the logs above for details"
+          fi
+

package.json

@@ -13,14 +13,17 @@
     "format:check": "npx nx format:check --all",
     "test:e2e": "npx jest --clearCache --config ./jest.e2e.config.ts && LOG_LEVEL=${LOG_LEVEL:-silent} dotenvx run --env-file=.env -- jest --runInBand --detectOpenHandles --forceExit --config ./jest.e2e.config.ts --testTimeout=50000000 -t",
     "test:custom": "npx jest --clearCache --config ./jest.e2e.config.ts && LOG_LEVEL=${LOG_LEVEL:-silent} dotenvx run --env-file=.env -- jest --runInBand --detectOpenHandles --forceExit --config ./jest.e2e.config.ts --testTimeout=50000000",
-    "test:e2e:ci": "npx jest --clearCache --config ./jest.e2e.config.ts && LOG_LEVEL=${LOG_LEVEL:-silent} npx jest --runInBand --detectOpenHandles --forceExit --config ./jest.e2e.config.ts --testTimeout=50000000 --runTestsByPath"
+    "test:e2e:ci": "npx jest --clearCache --config ./jest.e2e.config.ts && LOG_LEVEL=${LOG_LEVEL:-silent} npx jest --runInBand --detectOpenHandles --forceExit --config ./jest.e2e.config.ts --testTimeout=50000000 --runTestsByPath",
+    "test:health": "LOG_LEVEL=${LOG_LEVEL:-silent} dotenvx run --env-file=.env -- tsx packages/e2e/src/health/index.ts",
+    "ci:health": "LOG_LEVEL=${LOG_LEVEL:-silent} tsx packages/e2e/src/health/index.ts"
   },
   "private": true,
   "dependencies": {
     "@babel/core": "^7.28.4",
     "@babel/preset-env": "^7.28.3",
     "@babel/preset-typescript": "^7.27.1",
     "@dotenvx/dotenvx": "^1.6.4",
+    "@lit-protocol/lit-status-sdk": "^0.1.8",
     "@lit-protocol/nacl": "7.1.1",
     "@lit-protocol/uint8arrays": "7.1.1",
     "@metamask/eth-sig-util": "5.0.2",

packages/e2e/src/health/NagaHealthManager.ts

@@ -0,0 +1,248 @@
+/**
+ * Naga Health Manager
+ * 
+ * This module implements health checks for Naga network endpoints.
+ * It tests the core functionality of the Lit Protocol network by executing
+ * a series of endpoint tests using a single test account.
+ * 
+ * Tested Endpoints:
+ * 1. Handshake - Verifies basic node connectivity
+ * 2. PKP Sign - Tests PKP signing functionality
+ * 3. Sign Session Key - Tests session key signing (via PKP auth context creation)
+ * 4. Execute JS - Tests Lit Actions execution
+ * 5. Decrypt - Tests encryption and decryption flow
+ * 
+ * Usage:
+ *   const manager = new NagaHealthManager(ctx);
+ *   await manager.handshakeTest();
+ *   await manager.pkpSignTest();
+ *   // ... other tests
+ */
+
+import { initHealthCheck } from './health-init';
+import { createAccBuilder } from '@lit-protocol/access-control-conditions';
+
+type HealthCheckContext = Awaited<ReturnType<typeof initHealthCheck>>;
+
+export class NagaHealthManager {
+  private ctx: HealthCheckContext;
+
+  constructor(ctx: HealthCheckContext) {
+    this.ctx = ctx;
+  }
+
+  /**
+   * Test 1: Handshake Test
+   * 
+   * Verifies basic connectivity to Lit nodes by checking if the client
+   * is properly initialized and connected.
+   * 
+   * This is the most basic health check - if this fails, the network is down.
+   */
+  handshakeTest = async (): Promise<void> => {
+    try {
+      // Fetch current context which includes the latest handshake result
+      const ctx = await this.ctx.litClient.getContext();
+
+      if (!ctx?.handshakeResult) {
+        throw new Error('Handshake result missing from client context');
+      }
+
+      const { serverKeys, connectedNodes, threshold } = ctx.handshakeResult;
+
+      const numServers = serverKeys ? Object.keys(serverKeys).length : 0;
+      const numConnected = connectedNodes ? connectedNodes.size : 0;
+
+      if (numServers === 0) {
+        throw new Error('No server keys received during handshake');
+      }
+
+      if (typeof threshold === 'number' && numConnected < threshold) {
+        throw new Error(
+          `Connected nodes (${numConnected}) below threshold (${threshold})`
+        );
+      }
+
+      console.log('✅ Handshake test passed');
+    } catch (e) {
+      console.error('❌ Handshake test failed:', e);
+      throw e;
+    }
+  };
+
+  /**
+   * Test 2: PKP Sign Test
+   * 
+   * Tests the PKP signing endpoint by signing a simple message.
+   * This verifies that:
+   * - The PKP is accessible
+   * - The auth context is valid
+   * - The signing endpoint is operational
+   */
+  pkpSignTest = async (): Promise<void> => {
+    try {
+      const testMessage = 'Hello from Naga health check!';
+      
+      const result = await this.ctx.litClient.chain.ethereum.pkpSign({
+        authContext: this.ctx.aliceEoaAuthContext,
+        pubKey: this.ctx.aliceViemAccountPkp.pubkey,
+        toSign: testMessage,
+      });
+
+      if (!result.signature) {
+        throw new Error('No signature returned from pkpSign');
+      }
+
+      console.log('✅ PKP Sign test passed');
+    } catch (e) {
+      console.error('❌ PKP Sign test failed:', e);
+      throw e;
+    }
+  };
+
+  /**
+   * Test 3: Sign Session Key Test
+   * 
+   * Tests the session key signing endpoint by creating a PKP auth context.
+   * This involves the signSessionKey endpoint which is critical for
+   * establishing authenticated sessions with PKPs.
+   */
+  signSessionKeyTest = async (): Promise<void> => {
+    try {
+      // Creating a PKP auth context involves calling the signSessionKey endpoint
+      const pkpAuthContext = await this.ctx.authManager.createPkpAuthContext({
+        authData: this.ctx.aliceViemAccountAuthData,
+        pkpPublicKey: this.ctx.aliceViemAccountPkp.pubkey,
+        authConfig: {
+          resources: [
+            ['pkp-signing', '*'],
+            ['lit-action-execution', '*'],
+          ],
+          expiration: new Date(Date.now() + 1000 * 60 * 15).toISOString(), // 15 minutes
+        },
+        litClient: this.ctx.litClient,
+      });
+
+      if (!pkpAuthContext) {
+        throw new Error('Failed to create PKP auth context');
+      }
+
+      console.log('✅ Sign Session Key test passed');
+    } catch (e) {
+      console.error('❌ Sign Session Key test failed:', e);
+      throw e;
+    }
+  };
+
+  /**
+   * Test 4: Execute JS Test
+   * 
+   * Tests Lit Actions execution by running a simple JavaScript code
+   * that performs an ECDSA signature.
+   * 
+   * This verifies:
+   * - Lit Actions runtime is operational
+   * - Code execution environment is working
+   * - Signing within actions works
+   */
+  executeJsTest = async (): Promise<void> => {
+    try {
+      const litActionCode = `
+(async () => {
+  const { sigName, toSign, publicKey } = jsParams;
+  const { keccak256, arrayify } = ethers.utils;
+  
+  const toSignBytes = new TextEncoder().encode(toSign);
+  const toSignBytes32 = keccak256(toSignBytes);
+  const toSignBytes32Array = arrayify(toSignBytes32);
+  
+  const sigShare = await Lit.Actions.signEcdsa({
+    toSign: toSignBytes32Array,
+    publicKey,
+    sigName,
+  });  
+})();`;
+
+      const result = await this.ctx.litClient.executeJs({
+        code: litActionCode,
+        authContext: this.ctx.aliceEoaAuthContext,
+        jsParams: {
+          sigName: 'health-check-sig',
+          toSign: 'Health check message',
+          publicKey: this.ctx.aliceViemAccountPkp.pubkey,
+        },
+      });
+
+      if (!result || !result.signatures) {
+        throw new Error('No signatures returned from executeJs');
+      }
+
+      console.log('✅ Execute JS test passed');
+    } catch (e) {
+      console.error('❌ Execute JS test failed:', e);
+      throw e;
+    }
+  };
+
+  /**
+   * Test 5: Decrypt Test
+   * 
+   * Tests the encryption and decryption flow:
+   * 1. Encrypts data with access control conditions
+   * 2. Decrypts the data using the same account
+   * 
+   * This verifies:
+   * - Encryption endpoint works
+   * - Access control condition evaluation works
+   * - Decryption endpoint works
+   * - End-to-end encryption flow is operational
+   */
+  decryptTest = async (): Promise<void> => {
+    try {
+      const testData = 'Secret health check data';
+      
+      // Create access control conditions for Alice's wallet
+      const builder = createAccBuilder();
+      const accs = builder
+        .requireWalletOwnership(this.ctx.aliceViemAccount.address)
+        .on('ethereum')
+        .build();
+
+      // Encrypt the data
+      const encryptedData = await this.ctx.litClient.encrypt({
+        dataToEncrypt: testData,
+        unifiedAccessControlConditions: accs,
+        chain: 'ethereum',
+      });
+
+      if (!encryptedData.ciphertext || !encryptedData.dataToEncryptHash) {
+        throw new Error('Encryption failed - missing ciphertext or hash');
+      }
+
+      // Decrypt the data
+      const decryptedData = await this.ctx.litClient.decrypt({
+        data: encryptedData,
+        unifiedAccessControlConditions: accs,
+        chain: 'ethereum',
+        authContext: this.ctx.aliceEoaAuthContext,
+      });
+
+      if (!decryptedData.convertedData) {
+        throw new Error('Decryption failed - no converted data');
+      }
+
+      // Verify the decrypted data matches
+      if (decryptedData.convertedData !== testData) {
+        throw new Error(
+          `Decryption mismatch: expected "${testData}", got "${decryptedData.convertedData}"`
+        );
+      }
+
+      console.log('✅ Decrypt test passed');
+    } catch (e) {
+      console.error('❌ Decrypt test failed:', e);
+      throw e;
+    }
+  };
+}
+