chore(security): enhance environment configuration, CI workflows, and wallet daemon with security improvements

- Restructure .env.example with security-focused documentation, service-specific environment file references, and AWS Secrets Manager integration - Update CLI tests workflow to single Python 3.13 version, add pytest-mock dependency, and consolidate test execution with coverage - Add comprehensive security validation to package publishing workflow with manual approval gates, secret scanning, and release
2026-03-03 10:33:46 +01:00
parent 00d00cb964
commit f353e00172
220 changed files with 42506 additions and 921 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,34 +1,101 @@
 [tool.pytest.ini_options]
-addopts = "-ra --tb=short"
+# Test discovery
+python_files = ["test_*.py", "*_test.py"]
+python_classes = ["Test*"]
+python_functions = ["test_*"]
+
+# Cache directory - prevent root level cache
+cache_dir = "dev/cache/.pytest_cache"
+
+# Test paths to run - include all test directories across the project
 testpaths = [
+    "tests",
+    "apps/blockchain-node/tests",
    "apps/coordinator-api/tests",
-    "apps/miner-node/tests",
-    "tests"
+    "apps/explorer-web/tests",
+    "apps/pool-hub/tests",
+    "apps/wallet-daemon/tests",
+    "apps/zk-circuits/test",
+    "cli/tests",
+    "contracts/test",
+    "packages/py/aitbc-crypto/tests",
+    "packages/py/aitbc-sdk/tests",
+    "packages/solidity/aitbc-token/test",
+    "scripts/test"
 ]
-asyncio_default_fixture_loop_scope = "function"
+
+# Python path for imports
 pythonpath = [
    ".",
-    "packages/py/aitbc-core/src",
    "packages/py/aitbc-crypto/src",
-    "packages/py/aitbc-p2p/src",
+    "packages/py/aitbc-crypto/tests",
    "packages/py/aitbc-sdk/src",
+    "packages/py/aitbc-sdk/tests",
    "apps/coordinator-api/src",
+    "apps/coordinator-api/tests",
    "apps/wallet-daemon/src",
-    "apps/blockchain-node/src"
+    "apps/wallet-daemon/tests",
+    "apps/blockchain-node/src",
+    "apps/blockchain-node/tests",
+    "apps/pool-hub/src",
+    "apps/pool-hub/tests",
+    "apps/explorer-web/src",
+    "apps/explorer-web/tests",
+    "cli",
+    "cli/tests"
 ]
-import_mode = "append"
+
+# Additional options for local testing
+addopts = [
+    "--verbose",
+    "--tb=short",
+    "--strict-markers",
+    "--disable-warnings",
+    "-ra"
+]
+
+# Custom markers
 markers = [
    "unit: Unit tests (fast, isolated)",
-    "integration: Integration tests (require external services)",
+    "integration: Integration tests (may require external services)",
+    "slow: Slow running tests",
+    "cli: CLI command tests",
+    "api: API endpoint tests",
+    "blockchain: Blockchain-related tests",
+    "crypto: Cryptography tests",
+    "contracts: Smart contract tests",
    "e2e: End-to-end tests (full system)",
    "performance: Performance tests (measure speed/memory)",
    "security: Security tests (vulnerability scanning)",
-    "slow: Slow tests (run separately)",
    "gpu: Tests requiring GPU resources",
    "confidential: Tests for confidential transactions",
    "multitenant: Multi-tenancy specific tests"
 ]

+# Environment variables for tests
+env = [
+    "AUDIT_LOG_DIR=/tmp/aitbc-audit",
+    "DATABASE_URL=sqlite:///./test_coordinator.db",
+    "TEST_MODE=true",
+    "SQLITE_DATABASE=sqlite:///./test_coordinator.db"
+]
+
+# Warnings
+filterwarnings = [
+    "ignore::UserWarning",
+    "ignore::DeprecationWarning",
+    "ignore::PendingDeprecationWarning",
+    "ignore::pytest.PytestUnknownMarkWarning",
+    "ignore::pydantic.PydanticDeprecatedSince20",
+    "ignore::sqlalchemy.exc.SADeprecationWarning"
+]
+
+# Asyncio configuration
+asyncio_default_fixture_loop_scope = "function"
+
+# Import mode
+import_mode = "append"
+
 [project]
 name = "aitbc-cli"
 version = "0.1.0"
@@ -40,18 +107,18 @@ readme = "cli/README.md"
 license = "MIT"
 requires-python = ">=3.13"
 dependencies = [
-    "click>=8.0.0",
-    "httpx>=0.24.0",
-    "pydantic>=1.10.0",
-    "pyyaml>=6.0",
-    "rich>=13.0.0",
-    "keyring>=23.0.0",
-    "cryptography>=3.4.8",
-    "click-completion>=0.5.2",
-    "tabulate>=0.9.0",
-    "colorama>=0.4.4",
-    "python-dotenv>=0.19.0",
-    "asyncpg (>=0.29.0)"
+    "click==8.1.7",
+    "httpx==0.26.0",
+    "pydantic==2.5.3",
+    "pyyaml==6.0.1",
+    "rich==13.7.0",
+    "keyring==24.3.0",
+    "cryptography==41.0.8",
+    "click-completion==0.5.2",
+    "tabulate==0.9.0",
+    "colorama==0.4.6",
+    "python-dotenv==1.0.0",
+    "asyncpg==0.29.0"
 ]
 classifiers = [
    "Development Status :: 4 - Beta",
@@ -67,13 +134,19 @@ classifiers = [

 [project.optional-dependencies]
 dev = [
-    "pytest>=7.0.0",
-    "pytest-asyncio>=0.21.0",
-    "pytest-cov>=4.0.0",
-    "pytest-mock>=3.10.0",
-    "black>=22.0.0",
-    "isort>=5.10.0",
-    "flake8>=5.0.0"
+    "pytest==7.4.4",
+    "pytest-asyncio==0.21.1",
+    "pytest-cov==4.1.0",
+    "pytest-mock==3.12.0",
+    "black==24.3.0",
+    "isort==5.13.2",
+    "ruff==0.1.15",
+    "mypy==1.8.0",
+    "bandit==1.7.5",
+    "types-requests==2.31.0",
+    "types-setuptools==69.0.0",
+    "types-PyYAML==6.0.12",
+    "sqlalchemy[mypy]==2.0.25"
 ]

 [project.scripts]