Commit graph

3 commits

Author SHA1 Message Date
crmuncher
fbbe8db260
fix(backend): resolve 4 deployment blockers
Some checks are pending
AI PR Review / ai-review (pull_request) Waiting to run
CI / lint (pull_request) Waiting to run
CI / test (pull_request) Waiting to run
CI / security (pull_request) Waiting to run
CI / pre-commit (pull_request) Waiting to run
CI / license (pull_request) Waiting to run
CI / ai-review (pull_request) Waiting to run
#1 requirements.lock was incomplete (missing python-multipart, mcp, chain deps)
   - Switch Dockerfile to use requirements.txt (loose pins)
   - Add python-multipart>=0.0.9 and mcp>=1.25.0 to requirements.txt

#2 main.py wrong import: AuditTrail does not exist
   - core/audit.py defines AuditLog, not AuditTrail
   - Updated import + usage

#3 main.py wrong import path: _PersistentStore doesn't exist
   - Actual class is PersistentStore (no underscore prefix)
   - Lives in routers/_persistent_store.py (not routers/chain_vault.py)
   - Updated import path + name

#4 DB volume permissions broken
   - Added entrypoint.sh that chowns /data to walletpress:walletpress as root
   - Reordered Dockerfile: COPY entrypoint + chmod before USER directive
   - Added /data mkdir + chown in Dockerfile for build-time setup

After fixes:
- walletpress-backend container Up (healthy)
- 112 API endpoints accessible at /backend/*
- Tailscale access works, direct IP requires basic auth
2026-07-02 01:51:40 +07:00
b88212878a
fix(audit): Wave 4 — ruff cleanup + dead code + bugs (WP-080..WP-084)
P3-1 — ruff cleanup (93 → 28 errors, fixed 65)
  Auto-fixed with 'ruff check . --fix'. Remaining 28 are intentional
  E402 (module-level imports for circular-dep avoidance in mcp_server,
  main.py, routers/airdrop.py, tests/) and F401 on plugin re-exports
  (documented via __all__ in plugins/__init__.py). Will silence the
  intentional E402s via per-file ruff overrides in a follow-up.

P3-4 — Fixed cli/verify_receipt.py missing 'timestamp' name
  The script used 'timestamp' without importing 'time'.

P3-6 — Removed dead qrcode import in core/pdf.py
  Was imported but never used.

P3-7 — Removed unused coincurve.ecdsa.recover in core/smart_wallet.py
  Kept cdata import (used elsewhere).

P3-3 — Fixed missing 'os' import in core/hosting.py and core/smart_wallet.py
  Both used os.getenv() without importing os.

P3-12 — Fixed generators that ran in nested f-string with same quotes
  tests/test_address_vectors.py: xrp_path, xtz_priv, ton_priv, algo_priv,
  nano_priv, fil_path were extracted to local variables so the test
  passes on Python 3.10+ (the original test used 3.12 nested-quote
  f-strings). All paths now use hardened derivation correctly for
  SLIP-10 Ed25519.

P2-16 — chain_vault.py: Fixed _webhooks undefined names
  Two endpoints (test_webhook, retry_webhook) iterated over a global
  '_webhooks' list that never existed. Now uses _PersistentStore.all('webhooks')
  consistent with the list_webhooks endpoint.

P3-11 — Removed stub imports from plugins/__init__.py
  Added __all__ to document the re-exports as public plugin API.

P2-1 — generator.py: removed unused ecdsa.SigningKey + nacl imports
  Generator doesn't use them anywhere; only nacl.bindings.crypto_sign_seed_keypair.

Refs: AUDIT.md P2-1, P2-16, P3-1..P3-7, P3-11, P3-12
2026-06-30 21:25:54 +07:00
1127786e2d
feat: backend, installers, legal pages, pre-commit, docs — v1.0.0-beta follow-up 2026-06-29 17:21:45 +07:00