chore: standardize configuration, logging, and error handling across blockchain node and coordinator API

- Add infrastructure.md and workflow files to .gitignore to prevent sensitive info leaks - Change blockchain node mempool backend default from memory to database for persistence - Refactor blockchain node logger with StructuredLogFormatter and AuditLogger (consistent with coordinator) - Add structured logging fields: service, module, function, line number - Unify coordinator config with Database
2026-02-13 22:39:43 +01:00
parent 0cbd2b507c
commit 06e48ef34b
196 changed files with 4660 additions and 20090 deletions
--- a/apps/coordinator-api/src/app/config.py
+++ b/apps/coordinator-api/src/app/config.py
@@ -1,55 +1,125 @@
+"""
+Unified configuration for AITBC Coordinator API
+
+Provides environment-based adapter selection and consolidated settings.
+"""
+
 from pydantic_settings import BaseSettings, SettingsConfigDict
 from typing import List, Optional
 from pathlib import Path
 import os


-class Settings(BaseSettings):
-    model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8", case_sensitive=False)
-
-    app_env: str = "dev"
-    app_host: str = "127.0.0.1"
-    app_port: int = 8011
-
-    # Use absolute path to avoid database duplicates in different working directories
+class DatabaseConfig(BaseSettings):
+    """Database configuration with adapter selection."""
+    adapter: str = "sqlite"  # sqlite, postgresql
+    url: Optional[str] = None
+    pool_size: int = 10
+    max_overflow: int = 20
+    pool_pre_ping: bool = True
+    
    @property
-    def database_url(self) -> str:
-        # Find project root by looking for .git directory
+    def effective_url(self) -> str:
+        """Get the effective database URL."""
+        if self.url:
+            return self.url
+        # Auto-generate SQLite URL based on environment
+        if self.adapter == "sqlite":
+            project_root = self._find_project_root()
+            db_path = project_root / "data" / "coordinator.db"
+            db_path.parent.mkdir(parents=True, exist_ok=True)
+            return f"sqlite:///{db_path}"
+        elif self.adapter == "postgresql":
+            return "postgresql://localhost:5432/aitbc_coordinator"
+        return "sqlite:///:memory:"
+    
+    @staticmethod
+    def _find_project_root() -> Path:
+        """Find project root by looking for .git directory."""
        current = Path(__file__).resolve()
        while current.parent != current:
            if (current / ".git").exists():
-                project_root = current
-                break
+                return current
            current = current.parent
-        else:
-            # Fallback to relative path if .git not found
-            project_root = Path(__file__).resolve().parents[3]
-        
-        db_path = project_root / "data" / "coordinator.db"
-        db_path.parent.mkdir(parents=True, exist_ok=True)
-        return f"sqlite:///{db_path}"
+        return Path(__file__).resolve().parents[3]
+    
+    class Config:
+        env_file = ".env"
+        env_file_encoding = "utf-8"
+        case_sensitive = False

+
+class Settings(BaseSettings):
+    """Unified application settings with environment-based configuration."""
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        env_file_encoding="utf-8",
+        case_sensitive=False,
+        extra="allow"
+    )
+
+    # Environment
+    app_env: str = "dev"
+    app_host: str = "127.0.0.1"
+    app_port: int = 8011
+    
+    # Database
+    database: DatabaseConfig = DatabaseConfig()
+    
+    # API Keys
    client_api_keys: List[str] = []
    miner_api_keys: List[str] = []
    admin_api_keys: List[str] = []
-
+    
+    # Security
    hmac_secret: Optional[str] = None
+    jwt_secret: Optional[str] = None
+    jwt_algorithm: str = "HS256"
+    jwt_expiration_hours: int = 24
+    
+    # CORS
    allow_origins: List[str] = [
        "http://localhost:3000",
-        "http://localhost:8080", 
+        "http://localhost:8080",
        "http://localhost:8000",
        "http://localhost:8011"
    ]
-
+    
+    # Job Configuration
    job_ttl_seconds: int = 900
    heartbeat_interval_seconds: int = 10
    heartbeat_timeout_seconds: int = 30
-
+    
+    # Rate Limiting
    rate_limit_requests: int = 60
    rate_limit_window_seconds: int = 60
-
+    
+    # Receipt Signing
    receipt_signing_key_hex: Optional[str] = None
    receipt_attestation_key_hex: Optional[str] = None
+    
+    # Logging
+    log_level: str = "INFO"
+    log_format: str = "json"  # json or text
+    
+    # Mempool
+    mempool_backend: str = "database"  # database, memory
+    
+    def validate_secrets(self) -> None:
+        """Validate that all required secrets are provided."""
+        if self.app_env == "production":
+            if not self.jwt_secret:
+                raise ValueError("JWT_SECRET environment variable is required in production")
+            if self.jwt_secret == "change-me-in-production":
+                raise ValueError("JWT_SECRET must be changed from default value")
+    
+    @property
+    def database_url(self) -> str:
+        """Get the database URL (backward compatibility)."""
+        return self.database.effective_url


 settings = Settings()
+
+# Validate secrets on import
+settings.validate_secrets()