diff --git a/.gitignore b/.gitignore index 8c72f93..aba8fb6 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,9 @@ slither-report.json # Local config .claude/settings.local*.json + +# Wallet files — NEVER commit +.production-wallet-backup.json +.production-wallet-backup.json.password +.test-wallet.json +.test_wallets.json diff --git a/README.md b/README.md index fabd298..14cbeff 100644 --- a/README.md +++ b/README.md @@ -244,14 +244,14 @@ Use **PredictionMarketV2** for everything. V1 lacks a resolution mechanism. ## Deployment -The backend runs on **Railway** at `proteus-production-6213.up.railway.app`, auto-deploying from `main`. - -| Service | Provider | Purpose | -|---------|----------|---------| -| Backend (gunicorn + Flask) | Railway | API, admin dashboard, marketing pages | -| Redis | Railway | Caching, Celery broker, auth stores | -| Postgres | Railway | Available but unused (chain-only mode) | -| Smart contracts | BASE Sepolia | All market data on-chain | +The backend auto-deploys from `main`. + +| Service | Purpose | +|---------|---------| +| Backend (gunicorn + Flask) | API, admin dashboard, marketing pages | +| Redis | Caching, Celery broker, auth stores | +| Postgres | Available but unused (chain-only mode) | +| Smart contracts (BASE Sepolia) | All market data on-chain | ### Local Development diff --git a/app.py b/app.py index 82bb9d9..af92c8f 100644 --- a/app.py +++ b/app.py @@ -41,7 +41,7 @@ def create_app(): app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1) # Set secret key for flash messages only (not for sessions) - app.secret_key = os.environ.get("SESSION_SECRET", "phase7-blockchain-only-flash-messages") + app.secret_key = os.environ["SESSION_SECRET"] # Load configuration # Phase 4: Use chain-only configuration diff --git a/config.py b/config.py index ffa6e5b..ee2c4a7 100644 --- a/config.py +++ b/config.py @@ -18,9 +18,9 @@ class Config: CELERY_RESULT_BACKEND = os.environ.get('CELERY_RESULT_BACKEND') or 'redis://localhost:6379/0' # Node configuration - NODE_OPERATOR_ID = os.environ.get('NODE_OPERATOR_ID') or 'default-node-001' - NODE_PRIVATE_KEY = os.environ.get('NODE_PRIVATE_KEY') or 'dev-private-key' - NODE_PUBLIC_KEY = os.environ.get('NODE_PUBLIC_KEY') or 'dev-public-key' + NODE_OPERATOR_ID = os.environ.get('NODE_OPERATOR_ID', 'default-node-001') + NODE_PRIVATE_KEY = os.environ.get('NODE_PRIVATE_KEY') + NODE_PUBLIC_KEY = os.environ.get('NODE_PUBLIC_KEY') # BASE Blockchain configuration BASE_RPC_URL = os.environ.get('BASE_RPC_URL') or 'https://mainnet.base.org' diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md index d1a08c2..fecccf9 100644 --- a/docs/ARCHITECTURE.md +++ b/docs/ARCHITECTURE.md @@ -34,9 +34,9 @@ The novel piece is on-chain Levenshtein distance as a scoring function for predi └─────────────────────┬───────────────────────────────────┘ │ ┌─────────────────────▼───────────────────────────────────┐ -│ Flask Backend (Railway) │ +│ Flask Backend │ │ (gunicorn, API Routes, Wallet Auth, Redis Cache) │ -│ proteus-production-6213.up.railway.app │ +│ │ └─────────────────────┬───────────────────────────────────┘ │ ┌─────────────────────▼───────────────────────────────────┐ diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md index d8c5917..4cd7dca 100644 --- a/docs/ROADMAP.md +++ b/docs/ROADMAP.md @@ -22,7 +22,7 @@ Validate that on-chain Levenshtein distance works as a prediction market scoring - [x] Structured logging, request tracing - [x] Railway deployment (gunicorn + Redis, auto-deploy from GitHub) -**Result:** The primitive works. Smart contracts handle the full lifecycle. Levenshtein scoring resolves markets deterministically on-chain. Backend deployed on Railway at `proteus-production-6213.up.railway.app`. +**Result:** The primitive works. Smart contracts handle the full lifecycle. Levenshtein scoring resolves markets deterministically on-chain. **Known tradeoffs (acceptable for prototype):** - PBKDF2 embedded wallet shim (not real CDP) diff --git a/docs/archive/FIREBASE-SETUP-GUIDE.md b/docs/archive/FIREBASE-SETUP-GUIDE.md index 4aa4aa1..7617989 100644 --- a/docs/archive/FIREBASE-SETUP-GUIDE.md +++ b/docs/archive/FIREBASE-SETUP-GUIDE.md @@ -85,7 +85,6 @@ This guide documents the exact Firebase Console configuration required for email 5. Under **Application restrictions**: - Select **HTTP referrers** - Add: - - `https://proteus-production-6213.up.railway.app/*` - `https://yourdomain.com/*` 6. Under **API restrictions**: - Select **Restrict key** diff --git a/services/embedded_wallet.py b/services/embedded_wallet.py index 7dc623b..7a08346 100644 --- a/services/embedded_wallet.py +++ b/services/embedded_wallet.py @@ -331,7 +331,7 @@ def _generate_seed(self, identifier: str) -> bytes: "PBKDF2 seed generation should not be called when CDP is configured. " "Use CDP wallet creation instead." ) - master_secret = os.environ.get('MASTER_WALLET_SECRET', 'default-secret-change-in-production') + master_secret = os.environ["MASTER_WALLET_SECRET"] combined = f"{master_secret}:{identifier}" # Legacy salt — do not change without migrating existing wallets return hashlib.pbkdf2_hmac('sha256', combined.encode(), b'clockchain', 100000) diff --git a/services/firebase_auth.py b/services/firebase_auth.py index 8083407..659b779 100644 --- a/services/firebase_auth.py +++ b/services/firebase_auth.py @@ -211,7 +211,7 @@ def _generate_temp_password(self, email: str) -> str: Generate a temporary password for the user This is used internally and not shared with the user """ - secret = os.environ.get('SESSION_SECRET', 'default-secret') + secret = os.environ["SESSION_SECRET"] return hashlib.pbkdf2_hmac( 'sha256', email.encode(),