WalletPress — Python backend (FastAPI) + WordPress plugin. Wallet engine, x402 service, chain vault, hosting. CLI for wallet management. Production-grade wallet-as-a-service.
P3-1 — ruff config: 93 → 1 error (one legit unused import)
Added [tool.ruff] section to backend/pyproject.toml with:
- target-version = py310
- line-length = 100
- Per-file ignores for intentional E402 (mcp_server, main.py,
routers/airdrop.py, tests/) and F401 on plugin re-exports.
Fixed all auto-fixable issues via 'ruff check . --fix'. The
remaining 1 F401 is coincurve.ecdsa.recover — imported in
core/smart_wallet.py for a feature that's not yet wired up.
Wave 6 (pen test prep):
- bandit: 3 High (all pycryptodome false positives — pyCrypto the
original is deprecated, but pycryptodome is the active fork we use
for Keccak-256 in Ethereum address generation).
- bandit: 7 Medium (mostly bind-all-interfaces 0.0.0.0 which is
intentional for container deploys).
- bandit: 85 Low (mostly asserts on test code — acceptable).
- pip-audit: zero vulnerabilities in our actual dependencies.
Code hygiene improvements:
- core/pdf.py: properly imports qrcode (was missing).
- cli/verify_receipt.py: confirmed false-positive (timestamp is
a function parameter, ignored).
- routers/wallet_admin.py: removed duplicate class definitions
introduced during Wave 5 split.
Refs: AUDIT.md P3-1 (final), Wave 6 prep
|
||
|---|---|---|
| backend | ||
| cli | ||
| installers | ||
| wp-plugin | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| about.html | ||
| ADDRESS_GENERATION.md | ||
| ARCHITECTURE.md | ||
| AUDIT.md | ||
| BUILDER.md | ||
| buy.html | ||
| contact.html | ||
| CONTRIBUTING.md | ||
| docs.html | ||
| features.html | ||
| index.html | ||
| logo.svg | ||
| privacy.html | ||
| PROGRESS.md | ||
| ROADMAP.md | ||
| ROADMAP_V2.md | ||
| robots.txt | ||
| SECURITY.md | ||
| sitemap.xml | ||
| STRATEGY.md | ||
| terms.html | ||
| thanks.html | ||
| verify.html | ||
| walletpress-docs.pdf | ||
| WALLETPRESS.md | ||