#1 requirements.lock was incomplete (missing python-multipart, mcp, chain deps) - Switch Dockerfile to use requirements.txt (loose pins) - Add python-multipart>=0.0.9 and mcp>=1.25.0 to requirements.txt #2 main.py wrong import: AuditTrail does not exist - core/audit.py defines AuditLog, not AuditTrail - Updated import + usage #3 main.py wrong import path: _PersistentStore doesn't exist - Actual class is PersistentStore (no underscore prefix) - Lives in routers/_persistent_store.py (not routers/chain_vault.py) - Updated import path + name #4 DB volume permissions broken - Added entrypoint.sh that chowns /data to walletpress:walletpress as root - Reordered Dockerfile: COPY entrypoint + chmod before USER directive - Added /data mkdir + chown in Dockerfile for build-time setup After fixes: - walletpress-backend container Up (healthy) - 112 API endpoints accessible at /backend/* - Tailscale access works, direct IP requires basic auth
2.3 KiB
Fixes walletpress backend deployment blockers
The walletpress backend was unable to start due to 4 issues. This PR fixes all of them.
#1 — requirements.lock incomplete
Problem: requirements.lock was missing deps. The Dockerfile used requirements.lock for pip install, so the runtime couldn't import python-multipart (FastAPI Form data), mcp (MCP SDK), and various chain-specific deps.
Fix: Switched Dockerfile to use requirements.txt (which has all loose pins) instead of the incomplete lock. Also added python-multipart>=0.0.9 and mcp>=1.25.0 to requirements.txt.
#2 — main.py wrong import name (AuditTrail)
Problem: from core.audit import AuditTrail — class doesn't exist; only AuditLog does.
Fix: Changed import and usage to AuditLog.
#3 — main.py wrong import path (PersistentStore)
Problem: from routers.chain_vault import _PersistentStore — neither _PersistentStore nor _persistent_store exists in chain_vault.py. The actual class is PersistentStore (no underscore prefix) in routers/_persistent_store.py.
Fix: Changed import to from routers._persistent_store import PersistentStore.
#4 — DB volume permissions
Problem: /data/walletpress/walletpress.db couldn't be opened (unable to open database file). The mounted volume had wrong ownership and the previous Dockerfile chown'd /data to walletpress user, but only at build time — the runtime mount overwrote this.
Fix: Added entrypoint.sh that runs as root on container start, ensures /data exists, chowns to walletpress:walletpress, then execs the CMD. Also fixed Dockerfile ordering (COPY entrypoint + chmod must happen before USER directive).
Verification
After all fixes:
{"status":"ok","version":"1.1.0","service":"walletpress","checks":{"vault":"ok","key_store":"ok","proof":"ok","webhooks":"ok"}}
- Container:
walletpress-backendUp (healthy) - API: 112 endpoints exposed at
/backend/*via nginx - Tailscale access works (no auth)
- Direct IP requires basic auth (401 without)
Test plan
# Tailnet
curl https://walletpress.rugmunch.io/backend/health
curl https://walletpress.rugmunch.io/backend/docs
# Direct IP (needs creds)
curl -u crmuncher:<password> https://152.53.80.39/backend/health
Closes the 4 blockers documented in fleet-infra/ADMIN-ACCESS.md.