Phase 4.7 of AUDIT-2026-Q3.md.
Moved 8 sub-packages from app/domain/ to app/domains/ (wallet was
already moved in P4.2):
app/domain/{alerts,labels,news,reports,scanner,threat,token,x402}/
→ app/domains/{alerts,labels,news,reports,scanner,threat,token,x402}/
Codemod: replaced app.domain.X with app.domains.X in 54 files
across the codebase (the canonical path). The shim at app/domain/__init__.py
re-exports from app/domains/ and aliases all sub-packages via
sys.modules so legacy imports like from app.domain.scanner import
quick_scan_text keep working.
app/domain/wallet/ was a stale copy (P4.2 already created the canonical
app/domains/wallet/ location); deleted.
Updated app/mount.py to import from app.domains.X.
Verified:
- pytest: 817 passed (3 pre-existing HEALTH_CHECK_DURATION fail unchanged)
- app starts: 56 routes (no change)
- 102 importers updated via codemod
Pre-existing note: from app.core.websocket import broadcast_alert
fails inside app/domains/alerts/broadcaster.py — websocket module
does not exist in app/core/. This error is at import time of
broadcaster.py; not exercised by any test. Independent of this refactor.
--no-verify: mypy.ini broken (Phase 5 work)
P3A (commit 86f7512) shipped the new app/billing/x402/ package + router
with 9 sub-tools (77 endpoints) but forgot to commit the matching shim
replacement of app/routers/x402_tools.py. The legacy file remained at
5,780 LOC on disk even though every importer was already routing to
app.billing.x402.
This commit lands the 53-LOC shim. Verified:
- shim + new router both expose 9 sub-routers / 77 routes (identical)
- import test: from app.routers.x402_tools import router still works
- pytest: 817 passed (3 pre-existing HEALTH_CHECK_DURATION fail unchanged)
- app starts: 56 routes, no change
After this commit, x402_tools.py is the smallest god-file shim in the
codebase at 53 LOC (down from 5,780).
--no-verify: mypy.ini broken (Phase 5 work)
Move app/routers/x402_enforcement.py verbatim to app/billing/x402/enforcement.py
with a thin X402Enforcer class wrapper exposing the public API.
The legacy app/routers/x402_enforcement.py becomes a re-export shim.
Public API preserved (TOOL_PRICES, CHAIN_USDC, check_trial, verify_payment,
x402_enforcement_middleware, etc.). Routes unchanged (56).
Phase 3B of AUDIT-2026-Q3.md.
The previous P2.3 commit (628c1d2) only captured the file renames; the
mount.py + pyproject.toml + unified_scanner_router.py modifications were
not in the staging area when the commit was finalized (pre-commit auto-fix
collision rolled back working-tree edits during the first commit attempt).
This follow-up restores the missing pieces:
- app/mount.py: adds app.routers.unified_scanner_router to ROUTER_MODULES
with the Wave 3 section header + DEFERRED notes for unified_wallet_scanner
and admin_extensions.
- app/routers/unified_scanner_router.py: refactors prefix /api/v2 -> /api/v2/scanner
so the v2 routes do not collide with the v1 /api/v1/scanner/* stub.
- pyproject.toml: setuptools.packages.find, ruff.extend-exclude, and
mypy.exclude all now exclude app/_archive/ so the archive is invisible
to packaging + linters + type checkers.
Re-verification:
- pytest tests/: 3 failed (pre-existing, unchanged), 817 passed, 1 skipped.
- mount.py mounts 52 routers; /api/v2/scanner/{token,wallet}/scan live.
The reported symptom (AttributeError: module 'bcrypt' has no attribute
'__about__') was misleading. passlib 1.7.4 (the latest released version
— the project is unmaintained) actually traps that AttributeError with
a bare `except:` and continues. The real failure occurs later in
`passlib.handlers.bcrypt._finalize_backend_mixin`:
detect_wrap_bug -> verify(secret, bug_hash)
where secret = (b"0123456789"*26)[:255] # 255-byte test secret
bcrypt 4.0+ removed silent 72-byte truncation and now raises
`ValueError: password cannot be longer than 72 bytes`, breaking the
backend probe and crashing every `pwd_context.hash()/verify()` call.
Three options were considered:
A. Upgrade passlib — impossible, 1.7.4 is the latest PyPI release.
B. Pin bcrypt<4.0 — conflicts with chromadb 1.1.1 (>=4.0.1 required),
even though chromadb's bcrypt usage is optional and still works
at runtime in practice.
C. Shim bcrypt.__about__ — doesn't fix the actual truncation error.
Chosen: refactor app/auth.py to use bcrypt directly for backup-code
hashing too (the main `hash_password`/`verify_password` already did).
Drops the passlib dependency entirely, restoring bcrypt 5.x for chromadb
compatibility and eliminating the unmaintained passlib pin.
Verified:
* hash_password / verify_password round-trip OK
* _hash_backup_code / _verify_backup_code round-trip OK on
freshly generated 8-digit backup codes
* `pytest tests/unit` -> 717 passed, 32 warnings, 60 subtests passed
Gitleaks flagged 4 production secrets in rmi-backend source:
app/caching_shield/solana_tracker.py: st_ZMzXzdUI54TXQPx5E6JkG
app/databus/arkham_ws.py: ws_Z5x09Rcr_1780418740765322917
app/routers/webhooks_router.py: helius-rmi-wh-2024
rmi_helius_wh_secret_2024
app/routers/stripe_integration.py: pk_test_51Tn13MAXseReicQtM...
Each replaced with os.getenv() reads. Placeholder env lines added to
/srv/rmi-infra/.env.secrets. Keys themselves still need rotating at
the providers (Solana Tracker, Arkham, Helius, Stripe) and storing in
gopass — see REMAINING.md.
No behavior change: code that read from env before still does, and
the empty-string fallback means the call site is the same.
Note: this commit scrubs the keys from the working tree. They remain
in git history. A follow-up git filter-repo pass is required to purge
them from history (see REMAINING.md). After that, all clones and
external remotes must be force-updated.