Backend API and integration layer for the NOC IQ system.
This repository sits in the middle of the 3-repo architecture:
noc-iq-fe-> frontendnoc-iq-be-> backend and integration layernoc-iq-contracts-> Soroban smart contracts
System flow:
User -> FE -> BE -> Contracts -> BE -> FE
Important rule:
- the frontend does not call contracts directly
- the backend is the bridge between UI and contract execution
noc-iq-be is a FastAPI application responsible for:
- managing outages
- computing and storing SLA results
- exposing aggregation and audit endpoints
- acting as the future bridge to Soroban contracts
As of the current stabilized baseline, the backend is strongest in the outage and SLA domains. Other domains are now routed, but not all of them are equally production-ready.
- Python
- FastAPI
- SQLAlchemy
- PostgreSQL
- Alembic
- Pydantic Settings
- Celery
- HTTPX
Dependencies are declared in requirements.txt.
The app entrypoint is app/main.py.
Current active routes are wired through app/api/v1/router.py:
/health/api/v1/audit/api/v1/jobs/api/v1/outages/api/v1/sla/api/v1/sla/disputes/api/v1/auth/api/v1/payments/api/v1/webhooks/api/v1/wallets
Module maturity on the routed runtime:
- strongest and most integration-focused:
outages,sla,audit - active and functional with lighter implementations:
auth,payments,wallets - active but operationally dependent on database or worker infrastructure:
jobs,webhooks,sla disputes
Dormant or contributor-only paths:
app/services/outage_store.pyis a legacy helper and not part of the routed runtime- local task and webhook support still depend on optional infrastructure like Redis and Celery for full behavior
- the backend contains both a local SLA execution path and a contract adapter path;
CONTRACT_EXECUTION_MODEdetermines which bridge is active at runtime
The current working backend flow is:
- create or update an outage
- resolve the outage with
mttr_minutes - calculate SLA in the backend
- persist the resulting SLA record
- return the outage and SLA result to the frontend
Key files:
app/api/v1/endpoints/outages.pyapp/api/v1/endpoints/sla.pyapp/repositories/outage_repository.pyapp/repositories/sla_repository.pyapp/services/sla/sla_calculator.pyapp/services/sla/config.py
The backend now includes both a local SLA calculator and a contract adapter surface. By default it uses the local adapter mode, but the runtime is structured so contract-backed execution can be enabled through configuration.
noc-iq-be/
├── alembic/ # database migration config and versions
├── app/
│ ├── api/v1/endpoints/ # FastAPI route handlers
│ ├── core/ # settings and application config
│ ├── db/ # SQLAlchemy base and session setup
│ ├── models/ # Pydantic and ORM models
│ ├── repositories/ # DB access layer
│ ├── services/ # domain logic and utilities
│ ├── tasks/ # Celery-related modules
│ └── utils/ # helpers such as exporters
├── docs/ # project and integration context
├── requirements.txt
└── README.md
- Python 3.11+ recommended
- PostgreSQL
- pip
- virtual environment support
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txtCreate a .env file in the repo root using .env.example as a template.
cp .env.example .env
# Edit .env with your actual configuration valuesSECURITY WARNING: Never commit .env files to version control. The .env.example file shows the required variables with placeholder values.
Startup validation fails fast if critical settings are malformed. In particular:
API_V1_PREFIXmust start with/DATABASE_URLmust include a URL schemeALLOWED_ORIGINSmust be validhttporhttpsoriginsSTELLAR_NETWORKandCONTRACT_EXECUTION_MODEmust be supported values- when
CELERY_TASK_ALWAYS_EAGER=false, both Celery URLs must be present
alembic upgrade headuvicorn app.main:app --reloadThe backend will be available at:
http://localhost:8000- Swagger docs:
http://localhost:8000/docs - Health check:
http://localhost:8000/health
As of the latest stabilization pass:
- Python modules compile cleanly
app.mainimports successfully/healthreturns200
To exercise outage and SLA routes meaningfully, you still need a reachable PostgreSQL instance because those routes depend on the database layer.
This backend is stabilized, but not feature-complete.
Examples:
authandwalletsare active but currently backed by lightweight in-memory stores rather than durable identity infrastructurejobsandwebhooksare routed, but they rely on optional worker infrastructure to be fully operational outside eager or local modes- the contract path exists, but the default runtime still favors the local adapter mode
- documentation and contributor expectations should follow the routed API surface, not every helper or legacy module under
app/services
NEVER commit sensitive information:
- API keys, secret keys, or passwords
- Private keys for any blockchain network
- Database connection strings with credentials
- JWT secrets or encryption keys
- Personal access tokens
ALWAYS use environment variables for:
- Database credentials
- API keys and secrets
- Blockchain private keys
- JWT signing secrets
- External service credentials
Documentation examples should:
- Use placeholder values clearly marked as examples
- Never include real credentials or keys
- Include security warnings where sensitive operations are discussed
- Show secure patterns (environment variables, secure key management)
The application uses the following sensitive environment variables:
# Database
DATABASE_URL=postgresql://user:password@localhost:5432/nociq
# Authentication
JWT_SECRET_KEY=your-jwt-secret-here
# Stellar Blockchain (if enabled)
STELLAR_POOL_SECRET_KEY=your-stellar-secret-key-here
# External Services
REDIS_URL=redis://user:password@localhost:6379
CELERY_BROKER_URL=redis://user:password@localhost:6379/0Never commit .env files to version control. Use .env.example for documentation.
If you discover a security vulnerability:
- Do not create a public issue
- Email security@noc-iq.com with details
- Allow time for the issue to be addressed before public disclosure