walletpress/PR_DESCRIPTION.md
crmuncher fbbe8db260
Some checks are pending
AI PR Review / ai-review (pull_request) Waiting to run
CI / lint (pull_request) Waiting to run
CI / test (pull_request) Waiting to run
CI / security (pull_request) Waiting to run
CI / pre-commit (pull_request) Waiting to run
CI / license (pull_request) Waiting to run
CI / ai-review (pull_request) Waiting to run
fix(backend): resolve 4 deployment blockers
#1 requirements.lock was incomplete (missing python-multipart, mcp, chain deps)
   - Switch Dockerfile to use requirements.txt (loose pins)
   - Add python-multipart>=0.0.9 and mcp>=1.25.0 to requirements.txt

#2 main.py wrong import: AuditTrail does not exist
   - core/audit.py defines AuditLog, not AuditTrail
   - Updated import + usage

#3 main.py wrong import path: _PersistentStore doesn't exist
   - Actual class is PersistentStore (no underscore prefix)
   - Lives in routers/_persistent_store.py (not routers/chain_vault.py)
   - Updated import path + name

#4 DB volume permissions broken
   - Added entrypoint.sh that chowns /data to walletpress:walletpress as root
   - Reordered Dockerfile: COPY entrypoint + chmod before USER directive
   - Added /data mkdir + chown in Dockerfile for build-time setup

After fixes:
- walletpress-backend container Up (healthy)
- 112 API endpoints accessible at /backend/*
- Tailscale access works, direct IP requires basic auth
2026-07-02 01:51:40 +07:00

45 lines
2.3 KiB
Markdown

## Fixes walletpress backend deployment blockers
The walletpress backend was unable to start due to 4 issues. This PR fixes all of them.
### #1 — requirements.lock incomplete
**Problem:** `requirements.lock` was missing deps. The Dockerfile used `requirements.lock` for `pip install`, so the runtime couldn't import `python-multipart` (FastAPI Form data), `mcp` (MCP SDK), and various chain-specific deps.
**Fix:** Switched Dockerfile to use `requirements.txt` (which has all loose pins) instead of the incomplete lock. Also added `python-multipart>=0.0.9` and `mcp>=1.25.0` to `requirements.txt`.
### #2 — main.py wrong import name (AuditTrail)
**Problem:** `from core.audit import AuditTrail` — class doesn't exist; only `AuditLog` does.
**Fix:** Changed import and usage to `AuditLog`.
### #3 — main.py wrong import path (PersistentStore)
**Problem:** `from routers.chain_vault import _PersistentStore` — neither `_PersistentStore` nor `_persistent_store` exists in `chain_vault.py`. The actual class is `PersistentStore` (no underscore prefix) in `routers/_persistent_store.py`.
**Fix:** Changed import to `from routers._persistent_store import PersistentStore`.
### #4 — DB volume permissions
**Problem:** `/data/walletpress/walletpress.db` couldn't be opened (`unable to open database file`). The mounted volume had wrong ownership and the previous Dockerfile chown'd `/data` to walletpress user, but only at build time — the runtime mount overwrote this.
**Fix:** Added `entrypoint.sh` that runs as root on container start, ensures `/data` exists, chowns to `walletpress:walletpress`, then `exec`s the CMD. Also fixed Dockerfile ordering (COPY entrypoint + chmod must happen before USER directive).
### Verification
After all fixes:
```
{"status":"ok","version":"1.1.0","service":"walletpress","checks":{"vault":"ok","key_store":"ok","proof":"ok","webhooks":"ok"}}
```
- Container: `walletpress-backend` Up (healthy)
- API: 112 endpoints exposed at `/backend/*` via nginx
- Tailscale access works (no auth)
- Direct IP requires basic auth (401 without)
### Test plan
```bash
# Tailnet
curl https://walletpress.rugmunch.io/backend/health
curl https://walletpress.rugmunch.io/backend/docs
# Direct IP (needs creds)
curl -u crmuncher:<password> https://152.53.80.39/backend/health
```
Closes the 4 blockers documented in fleet-infra/ADMIN-ACCESS.md.