TheDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/natureloved/DeadMan-Vault/llms.txt
Use this file to discover all available pages before exploring further.
/api/keeper endpoint is the heartbeat of the Deadman Vault protocol. It is designed to be called on a schedule — typically via a Vercel Cron Job — and performs the full vault lifecycle sweep on every invocation. It fetches the current Stacks testnet block height, then evaluates every vault in an actionable state (active, warning, grace_period, or triggered) against that block height, advancing states, firing notification emails, and settling payouts to beneficiaries as deadlines are crossed.
This endpoint can take up to 60 seconds to complete. Settling multiple triggered vaults involves on-chain withdrawal and per-beneficiary token transfers, which can chain into several network round-trips. Per-vault errors are isolated — a failure on one vault does not abort the sweep for others.
Endpoint
Authentication
If theCRON_SECRET environment variable is set, every request to this endpoint must include a matching Authorization header. Requests that omit or mismatch the secret receive a 401 Unauthorized response immediately, before any vault work is performed.
Vercel Cron Jobs automatically inject the
Authorization: Bearer <CRON_SECRET> header when CRON_SECRET is configured in your project environment. No extra setup is needed for scheduled invocations.| Header | Value |
|---|---|
Authorization | Bearer <CRON_SECRET> |
CRON_SECRET is not set in the environment, the authentication check is skipped entirely and the endpoint is open.
Cron Schedule
The production deployment configures this endpoint as a Vercel Cron Job invercel.json:
0 0 * * * runs the sweep once per day at 00:00 UTC. At the Stacks target rate of 144 blocks per day, a single daily sweep is sufficient to advance vault states and catch deadlines as they expire. If you need a tighter detection window, reduce the cron interval — but bear in mind the maxDuration of 60 seconds limits how long a single invocation may run.
Sweep Behaviour
On each invocation,runKeeper(currentBlock) processes vaults in the following order:
1. Retry settlement for already-triggered vaults
For each vault in triggered status, if any beneficiary record has claimed = false, settleVaultPayout() is called again. This handles beneficiaries whose initial payout failed (e.g. due to a transient network error) and beneficiaries whose vesting cliff has matured since the last sweep. Once every beneficiary is paid, the vault is automatically moved to claimed status. A settle-retry:<vaultId> action is logged on success.
2. Advance to warning
If deadline - currentBlock <= 432 (within ~3 days) and the deadline has not yet passed, the vault is advanced to warning status. A warning email is sent to the owner, deduplicated so only one warning fires per 24-hour window. A warning:<vaultId> action is logged.
3. Advance to grace_period
If currentBlock > deadline and currentBlock <= deadline + 288 (within the ~2-day grace window), the vault is advanced to grace_period status. A grace-period email is sent to the owner, deduplicated to once per 48-hour window. A grace:<vaultId> action is logged.
4. Advance to triggered and settle
If currentBlock > deadline + 288, the vault is flatlined:
- Status is set to
triggeredandtriggered_atis recorded. - Vesting schedules are computed and written for all beneficiaries.
settleVaultPayout()is called immediately with the freshly-scheduled beneficiary list.- A claim-ready email is sent to every beneficiary.
- A
triggered:<vaultId>action is logged.
Response Fields
Total number of vaults evaluated during this sweep, regardless of whether any action was taken on them.
The Stacks testnet block height fetched from the Hiro API at the start of this invocation. All deadline comparisons during the sweep used this value.
An ordered list of action log entries recorded during the sweep. Each entry is a colon-separated string of the form
<action>:<vaultId>. Possible prefixes are settle-retry, warning, grace, and triggered.ISO 8601 timestamp of when this sweep response was generated, e.g.
"2025-01-15T10:30:00.000Z".Example Request
Authenticated (production)CRON_SECRET set)
Example Response
Error Responses
| Status | Condition |
|---|---|
401 | CRON_SECRET is set and the Authorization header is missing or does not match |
500 | The Hiro API is unavailable and the current block height cannot be fetched |
500 | An unexpected error causes the entire sweep to fail |