feat(transactions): add multi-safe queued transactions endpoint

[clovisdasilvaneto]

Summary

Implement an endpoint to retrieve pending queued transactions across multiple Safe addresses in a single request. This enables efficient monitoring of transaction queues for multiple Safes without making separate requests. We're gonna use this endpoint in the spaces dashboard while queue-service doesn't support mainnet.

Changes

• SafeQueuedTransaction entity: New entity wrapping a transaction with the associated Safe address and chain ID
• GET /multi-safe/transactions/queued endpoint: Accepts CAIP-10 formatted Safe addresses and returns queued transactions sorted by timestamp
• TransactionsService.getMultiSafeTransactionQueue(): Fetches transactions in batches (size: 3), handles errors gracefully, and returns top N results
• Integration tests: Added comprehensive tests for the multi-safe queued transactions endpoint
• Query parameters:
  • safes (required): Comma-separated CAIP-10 addresses (e.g., 1:0x1234...,5:0xabcd...)
  • trusted (optional): Filter by trust status (default: true)
  • limit (optional): Max transactions per result (default: 10)

🤖 Generated with Claude Code

[LucieFaire]

its not the most performant method (and for a large set it can grow exponentialy) and it could be improved, but if its a temp solution it is a solid one. I left some comments.
It would also be great to have unit tests for service-level method as there is a lot of logic going on

[LucieFaire]

not: that would usually go to the top of the file, before the constructor

[LucieFaire]

@ApiProperty({ type: Transaction })
so that Swagger can infer the type fully

[LucieFaire]

you can also write it in a short form:

export class SafeQueuedTransaction {
  @ApiProperty()
  readonly safeAddress!: string;
  @ApiProperty()
  readonly chainId!: string;
  @ApiProperty({ type: Transaction })
  readonly transaction!: Transaction;
}

! means the definite assignment assertion (!) which tells TypeScript the properties will be assigned in the constructor.

[LucieFaire]

if you update the DTO definition, you can just return plain object w/o contructor

 return {
                safeAddress: address,
                chainId,
                transaction,
              };
```s

[LucieFaire]

Each Safe fetches args.limit transactions (defaults to 10), but the final result is also capped to args.limit. With 15 Safes and limit=10, you could fetch up to 150 transactions, decode and map all of them, then throw away 140.
Since results are sorted by timestamp (oldest first), you could:

Fetch a smaller per-Safe limit (like that batch size)
or after each batch, track the current "worst" timestamp and skip further processing if a Safe's transactions can't make the cut

[clovisdasilvaneto]

@LucieFaire indeed, I can indeed fetch smaller number of pending tx per safe, but this could also lead to the following scenario:

Suppose we fetch 5 per safe, but the user asked for a limit of 15 txs and he just asked for one safe which has 20 pending tx... In this case e would only have 5 pending txs on the response, which would be wrong in this case.

[LucieFaire]

dont you have control over what is returned? Are you planning to give user control over how much data they want and for what safes?

[clovisdasilvaneto]

Yes I do, but I'm just talking in a general scenario, in case it is gonna be used elsewhere, but yeah, maybe it might not even make sense, since this is a temporary approach.

[LucieFaire]

If multiple users in the same Space hit this endpoint simultaneously for the same set of Safes, each request does the full work independently. There is caching on separate methods used (like transactions ,and safe) but maybe worth adding caching for this set of params too

[PooyaRaki]

@claude review

[claude]

Claude finished @PooyaRaki's task —— View job

---

Code Review: PR #2985

• Read changed files
• Analyze code quality, bugs, performance, security, test coverage
• Post review feedback

---

Issues to Address

1. No upper bound on limit query parameter (transactions.controller.ts:709)
The limit param is user-controlled with no max cap. A client can pass limit=100000, causing the service to fetch up to maxOverviews * 100000 transactions from upstream, decode and map all of them, then sort. Add a Math.min(limit, MAX_LIMIT) or validate with a Zod/Pipe max constraint.

2. Over-fetching per Safe (transactions.service.ts:668-674)
Each Safe fetches args.limit transactions (e.g., 10), but only args.limit total results are returned. With 10 Safes and limit=10, you fetch up to 100 transactions, decode/map all, then discard 90. Consider fetching a smaller per-Safe limit (e.g., Math.min(args.limit, MULTI_SAFE_QUEUE_BATCH_SIZE) or a fixed small number) and only fetching more if needed.

3. Sequential batch processing negates concurrency benefits (transactions.service.ts:652-712)
The for loop processes batches of 3 sequentially. With maxOverviews=10, that's 4 serial rounds. Since Promise.allSettled already handles errors gracefully, consider processing all Safes in a single Promise.allSettled with concurrency control (e.g., a semaphore pattern) instead of sequential batches, to reduce total latency.

4. Missing @ApiProperty({ type: Transaction }) on entity (safe-queued-transaction.entity.ts:10)
The transaction property uses @ApiProperty() without specifying the type. Swagger won't be able to infer the nested Transaction schema. Use @ApiProperty({ type: Transaction }).

5. Static constant placement (transactions.service.ts:642)
MULTI_SAFE_QUEUE_BATCH_SIZE is defined mid-file between methods. Move it to the top of the class (before the constructor) to follow the existing code convention.

6. Missing unit tests for service logic
Only integration tests are provided. The getMultiSafeTransactionQueue method has significant logic (batching, error handling, sorting, slicing) that would benefit from unit tests with mocked dependencies - particularly edge cases like partial failures across batches, the maxOverviews cap, and sorting correctness with mixed timestamps.

7. No test for maxOverviews truncation behavior
The service silently truncates the input list to maxOverviews (transactions.service.ts:649). There's no test verifying that excess Safes are ignored, or that the endpoint communicates this limit to callers.

---

|

[PooyaRaki]

QQ: Why don't we accept an object with chainId as the key which has safeAddresses as the values?
e.g.

{
"1" : [{{ADDRESS_1}}, {{ADDRESS_2}}],
"5": [{{ADDRESS_1}}, {{ADDRESS_2}}],
}

[clovisdasilvaneto]

@PooyaRaki because I'm following the same standard we have in the safesOverview endpoint (the one we use to get the number of queued transactions and show in the sidebar)

[PooyaRaki]

What do you think removing multi-safe? then it would be
@Get('transactions/queued')

[PooyaRaki]

Instead of using a for loop and then .slice we could simplify it using lodash which is already a dependency, Something like the following:
for (const batch of chunk(limitedSafes, TransactionsService.MULTI_SAFE_QUEUE_BATCH_SIZE)) {

[PooyaRaki]

Since the service is mocked we can safely remove the mocks.

[PooyaRaki]

Should use a random number generated by faker

[PooyaRaki]

Nit: We could extract the builder to another file.

[PooyaRaki]

Nit: We should use faker here.

[PooyaRaki]

We can use faker to generate the dates throughout the test file.

[PooyaRaki]

We should extract all the mock within the tests to another method to keep the test itself short and easy to follow.

[PooyaRaki]

We should explicitly check trusted and limit in this test as the title suggests.