Extract ledger API routes from app.main

[TUPM96]

Refs #320

Summary

• Move public ledger and proof API route registration into app.ledger_api.
• Add reusable helpers for ledger list/detail payloads, proof payload lookup, proof hash validation, and ledger sequence validation.
• Reuse those helpers from ledger/proof HTML pages and account/wallet transaction views while keeping behavior stable.
• Add direct ledger API helper tests covering proof-linked ledger entries and malformed path values.

Complexity reduced

• app.main no longer owns /api/v1/ledger, /api/v1/ledger/{sequence}, /api/v1/proofs/{proof_hash}, or their proof lookup and path validation details. Ledger/proof API behavior now has a focused route boundary and direct tests independent of the main app wiring.

Tests

• python -m pytest tests\test_ledger_api.py tests\test_bounty_pages.py::test_ledger_and_proof_pages_make_bounty_payments_scannable tests\test_api_mcp.py::test_mcp_get_ledger_entry_includes_payment_proof_hash tests\test_api_mcp.py::test_mcp_get_proof_returns_public_proof_details -q
• python -m pytest -q
• python -m ruff check .
• git diff --check

[coderabbitai]

Warning

Review limit reached

@TUPM96, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 42 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: aae1712d-1005-4e49-afbe-6e5c88e20868

📥 Commits

Reviewing files that changed from the base of the PR and between ac99d79 and 78de3e2.

📒 Files selected for processing (3)

• app/ledger_api.py
• app/main.py
• tests/test_ledger_api.py

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR extracts the Ledger API endpoints and related helpers out of app/main.py into a dedicated app/ledger_api.py module and adds tests for the new helper-layer API.

Changes:

• Introduces app/ledger_api.py with route registration and reusable helper functions (ledger_entries, ledger_entry, proof_payload, etc.).
• Wires the extracted Ledger API back into the FastAPI app via register_ledger_api_routes and updates HTML pages to call the new helpers.
• Adds pytest coverage for helper payload shape and path validation.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
tests/test_ledger_api.py	Adds tests for the extracted Ledger API helper functions (payload shape + path validation).
app/main.py	Removes inline Ledger API routes/helpers and uses register_ledger_api_routes + extracted helper functions.
app/ledger_api.py	New module implementing Ledger API route registration and helper functions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[tolga-tom-nook]

No blockers found on current head 95b74fa.

Evidence checked:

• Inspected app/ledger_api.py: route registration now owns /api/v1/ledger, /api/v1/ledger/{sequence}, and /api/v1/proofs/{proof_hash} while keeping the same serializer/proof lookup paths and explicit path validation.
• Inspected app/main.py: removed the inline ledger/proof API handlers, wires register_ledger_api_routes(app, database_url=db_url), and keeps HTML ledger/account/proof pages calling the extracted helpers. The OAuth next hardening also rejects decoded protocol-relative/backslash/control-character values without changing normal relative paths.
• Inspected tests/test_ledger_api.py: covers helper-level ledger/proof payload shape, uppercase proof hash normalization, invalid hash rejection, and non-positive/oversized sequence rejection.

Validation run locally on PR head 95b74fa:

• ./.venv/bin/python -m pytest tests/test_ledger_api.py tests/test_docs_public_urls.py tests/test_api_mcp.py -q → 95 passed
• ./.venv/bin/python -m pytest -q → 337 passed
• ./.venv/bin/python -m ruff check app/ledger_api.py app/main.py tests/test_ledger_api.py → passed
• ./.venv/bin/python -m ruff format --check app/ledger_api.py app/main.py tests/test_ledger_api.py → passed
• ./.venv/bin/python -m mypy app → passed
• git diff --check origin/main...HEAD → passed

The extraction looks behavior-preserving for the public ledger/proof API and gives the new module direct regression coverage.

[ayskobtw-lil]

No blockers from my review on current head 78de3e2.

Evidence checked:

• Inspected app/ledger_api.py, the refactor points in app/main.py, and tests/test_ledger_api.py.
• Verified the extracted /api/v1/ledger, /api/v1/ledger/{sequence}, and /api/v1/proofs/{proof_hash} helpers preserve the old route behavior while moving proof hash lookup, positive ledger sequence validation, proof hash normalization, and public proof payload parsing into app.ledger_api.
• Checked the HTML ledger/proof pages and MCP proof/ledger call sites still reuse the same helper boundaries rather than duplicating path parsing.
• Verified malformed proof JSON and non-object proof payloads now return the documented HTTPException(500, "invalid proof payload") path instead of leaking a raw JSON decode failure.
• Hosted Quality/readiness/docs/image check is green.

Validation run locally:

• python -m pytest tests/test_ledger_api.py tests/test_bounty_pages.py::test_ledger_and_proof_pages_make_bounty_payments_scannable tests/test_api_mcp.py::test_mcp_get_ledger_entry_includes_payment_proof_hash tests/test_api_mcp.py::test_mcp_get_proof_returns_public_proof_details -q -> 6 passed.
• python -m ruff check app/ledger_api.py app/main.py tests/test_ledger_api.py -> passed.
• python -m ruff format --check app/ledger_api.py app/main.py tests/test_ledger_api.py -> 3 files already formatted.
• python -m mypy app/ledger_api.py app/main.py -> success.
• git diff --check origin/main...HEAD -> clean.

Residual risk is limited to the existing broader ledger/proof API contracts; this PR mostly moves those boundaries into a smaller module and adds targeted malformed-payload coverage.

[ramimbo]

Maintainer note after #320 filled: this PR still references closed bounty #320. If you want it considered for the current code-health round, rebase against main, update the bounty reference to #377, and keep the scope distinct from already accepted #328, #337, #364, #375, and #376. This is not accepted or paid as-is.

[ramimbo]

Closing this stale bounty submission. It still references a closed/filled bounty round and is dirty or unstable against current main after the route/test extraction batches. A future attempt needs a fresh PR against current main, a currently open bounty reference, and scope distinct from work already accepted.