Extract account explorer helpers

[TUPM96]

Refs #320

Summary

• Extract account normalization, GitHub-login lookup, transfer status, and account summary shaping into app/accounts.py.
• Extract proof lookup and account/wallet transaction row building into app/explorer.py, then reuse it from ledger, account, and wallet page routes.
• Add focused unit tests for account helper behavior and explorer transaction/proof shaping.
• Keep repository checks green by removing redundant ledger casts reported by mypy app and by sanitizing percent-decoded OAuth next paths covered by the existing OAuth regression test.

Complexity reduced

app/main.py no longer owns account canonicalization rules, account API response shaping, proof hash lookup, or duplicated account/wallet transaction queries. Those responsibilities now live in small modules with direct tests, while route handlers remain thin wrappers around request/session/template concerns.

Tests

• python -m pytest -q -> 349 passed
• python -m pytest tests/test_accounts.py tests/test_explorer.py tests/test_account_validation.py tests/test_wallet_api.py::test_wallet_pages_expose_transfer_and_github_claim_flows tests/test_api_mcp.py::test_explorer_links_ledger_proof_and_account -q -> 41 passed
• python -m pytest tests/test_explorer.py tests/test_account_validation.py tests/test_wallet_api.py::test_wallet_pages_expose_transfer_and_github_claim_flows tests/test_api_mcp.py::test_explorer_links_ledger_proof_and_account tests/test_ledger.py -q -> 59 passed
• python -m ruff format --check app/accounts.py app/explorer.py app/main.py app/ledger/service.py tests/test_accounts.py tests/test_explorer.py
• python -m ruff check app/accounts.py app/explorer.py app/main.py app/ledger/service.py tests/test_accounts.py tests/test_explorer.py
• python -m mypy app

[coderabbitai]

Warning

Review limit reached

@TUPM96, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 3 minutes and 33 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: b2d93a2f-c720-4a6a-b7a2-617ce3a7a901

📥 Commits

Reviewing files that changed from the base of the PR and between ac99d79 and 3bb705c.

📒 Files selected for processing (5)

• app/accounts.py
• app/explorer.py
• app/main.py
• tests/test_accounts.py
• tests/test_explorer.py

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR factors account- and explorer-related helper logic into dedicated modules, updates the FastAPI app to use them, and adds tests for the new helper behavior.

Changes:

• Added app.accounts for account normalization + API summary helpers and refactored app.main to use it.
• Added app.explorer for proof/transaction query helpers and refactored account/wallet pages + ledger API to use it.
• Added tests covering new account normalization helpers and explorer query helpers; hardened _safe_next_path against percent-encoded unsafe paths.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
tests/test_explorer.py	Adds tests for explorer helper functions (proof lookup + transaction query behavior).
tests/test_accounts.py	Adds tests for account normalization and account summary helper output.
app/main.py	Refactors endpoints/pages to use new helpers; strengthens _safe_next_path.
app/ledger/service.py	Simplifies update execution typing/casts around SQLAlchemy execute().
app/explorer.py	Introduces reusable explorer query helpers for proofs and account transactions.
app/accounts.py	Introduces reusable account normalization + presentation helpers (summary/status/github login).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[tolga-tom-nook]

No blockers found on PR #358 at head 3bb705c.

Evidence checked:

• Inspected app/accounts.py extraction for account normalization, GitHub login parsing, transfer-status text, and account API summary shape; it preserves the existing HTTP 400 wrapping through _normalized_account().
• Inspected app/explorer.py extraction for proof-hash lookup and account/wallet ledger transaction rows; the shared helper keeps descending sequence order, 100-row default limit, and optional proof hashes.
• Checked the app/main.py call sites for /api/v1/accounts/{account}, account pages, wallet pages, and /api/v1/ledger; the account page reassigns the normalized account before querying transactions, so the normalized value is used after api_account().
• Reviewed the new tests in tests/test_accounts.py and tests/test_explorer.py, including account canonicalization/rejection, API summary shape, empty proof lookup, proof attachment, ordering, and limit behavior.

Commands run locally:

• ./.venv/bin/python -m pytest tests/test_accounts.py tests/test_explorer.py tests/test_wallet_api.py tests/test_activity.py -q → 47 passed
• ./.venv/bin/python -m ruff check app/accounts.py app/explorer.py app/main.py tests/test_accounts.py tests/test_explorer.py → passed
• ./.venv/bin/python -m ruff format --check app/accounts.py app/explorer.py app/main.py tests/test_accounts.py tests/test_explorer.py → passed
• ./.venv/bin/python -m mypy app → passed
• git diff --check origin/main...HEAD → passed

[newmattock]

No blockers found on current head 3bb705c.

Evidence checked:

• Inspected app/explorer.py, app/accounts.py, account/wallet page delegation in app/main.py, and tests/test_explorer.py.
• Verified proof_hashes_by_sequence() preserves the shared proof lookup behavior used by ledger/account/wallet views and returns an empty mapping for empty sequence lists.
• Verified ledger_transactions_for_account() preserves the account and wallet transaction query boundary: matches either from_account or to_account, orders newest-first by ledger sequence, honors the limit argument, and attaches bounty-payment proof hashes through ledger_to_dict().
• Rechecked the account API shape and malformed-proof fallback path because this branch also moves account normalization/summary helpers.

Validation run locally:

• uv run --extra dev python -m pytest tests/test_explorer.py tests/test_accounts.py tests/test_api_mcp.py::test_explorer_links_ledger_proof_and_account tests/test_api_mcp.py::test_account_api_keeps_schema_when_accepted_work_proof_is_malformed tests/test_wallet_api.py::test_github_login_stores_safe_default_for_backslash_next -q -> 17 passed.
• uv run --extra dev python -m mypy app/accounts.py app/explorer.py app/main.py -> success.
• uv run --extra dev python -m ruff check app/accounts.py app/explorer.py app/main.py tests/test_accounts.py tests/test_explorer.py -> passed.
• uv run --extra dev python -m ruff format --check app/accounts.py app/explorer.py app/main.py tests/test_accounts.py tests/test_explorer.py -> 5 files already formatted.
• git diff --check origin/main...HEAD -> clean.

[ramimbo]

Maintainer note after #320 filled: this PR still references closed bounty #320. If you want it considered for the current code-health round, rebase against main, update the bounty reference to #377, and keep the scope distinct from already accepted #328, #337, #364, #375, and #376. This is not accepted or paid as-is.