Extract wallet view helpers from app.main

[TUPM96]

Refs #320

Summary

• Move wallet page address validation, wallet list context, wallet detail context, transaction row lookup, and proof-hash mapping into app.wallet_views.
• Keep /wallets and /wallets/{address} route handlers in app.main as thin template renderers.
• Reuse the shared wallet address path validator from account/API/MCP wallet lookups.
• Add direct wallet view helper tests for list serialization, detail transactions with proof hashes, invalid addresses, and missing wallets.
• Preserve the existing OAuth encoded-backslash next-path safety expectation required by the test suite.

Complexity reduced

• app.main no longer owns wallet page query composition or wallet route address normalization. Wallet HTML view data can now be reviewed and tested independently from the broader app wiring, API routes, MCP dispatch, and admin flows.

Tests

• python -m pytest tests\test_wallet_views.py tests\test_wallet_api.py::test_wallet_pages_expose_transfer_and_github_claim_flows tests\test_wallet_api.py::test_github_login_stores_safe_default_for_backslash_next -q
• python -m pytest -q
• python -m ruff check .
• git diff --check

[coderabbitai]

Warning

Review limit reached

@TUPM96, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 4 minutes and 3 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: e856c3cc-b01e-4a83-a8e5-2e7b04bebb79

📥 Commits

Reviewing files that changed from the base of the PR and between ac99d79 and 608ed9e.

📒 Files selected for processing (3)

• app/main.py
• app/wallet_views.py
• tests/test_wallet_views.py

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Introduces reusable wallet view context helpers (list/detail) and refactors the FastAPI app to consume them, with accompanying tests and a hardening update to _safe_next_path.

Changes:

• Added app/wallet_views.py with wallet_list_context, wallet_detail_context, and related query helpers.
• Refactored app/main.py wallet HTML routes and wallet address normalization to use the new helpers.
• Added tests for wallet view contexts and wallet address/path error handling.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
tests/test_wallet_views.py	Adds coverage for wallet list/detail context serialization and error cases
app/wallet_views.py	New module encapsulating wallet list/detail context creation and related queries
app/main.py	Uses new wallet view helpers; strengthens next-path validation by checking decoded content

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[AugmentSecurity]

Reviewed PR #370 for the MRWK #340 review bounty.

Evidence checked:

• Inspected app/wallet_views.py, app/main.py, and tests/test_wallet_views.py at head 608ed9e9f22dc86d9309f7f2a7be51a82f56d092.
• Verified wallet list rendering now delegates to wallet_list_context() while preserving newest-first wallet ordering, serialization, labels, and balances.
• Verified wallet detail rendering now delegates to wallet_detail_context(), keeps wallet address normalization through wallet_address_from_path(), returns 404 for missing wallets, and preserves transaction rows with proof hashes via proof_hashes_by_sequence().
• Confirmed the API/MCP wallet-address paths now reuse the same wallet address validator without changing the existing response shape.
• Confirmed the OAuth decoded-backslash next safety regression remains covered.

Local validation:

• ./.venv/bin/python -m pytest tests/test_wallet_views.py tests/test_wallet_api.py::test_wallet_pages_expose_transfer_and_github_claim_flows tests/test_wallet_api.py::test_github_login_stores_safe_default_for_backslash_next -q -> 5 passed.
• ./.venv/bin/python -m pytest -q -> 338 passed.
• ./.venv/bin/python -m ruff check app/main.py app/wallet_views.py tests/test_wallet_views.py -> passed.
• ./.venv/bin/python -m ruff format --check app/main.py app/wallet_views.py tests/test_wallet_views.py -> passed.
• ./.venv/bin/python -m mypy app/main.py app/wallet_views.py -> passed.
• git diff --check origin/main...HEAD -> clean.

No blockers found.

[tolga-tom-nook]

No blockers from my review of current head 608ed9e.

Evidence checked:

• Inspected app/wallet_views.py, app/main.py, and tests/test_wallet_views.py against origin/main.
• Verified wallet address normalization moved through wallet_address_from_path() still raises HTTPException(400) on invalid addresses and is used by /api/v1/wallets/{address}, /wallets/{address}, _normalized_account(), and MCP get_wallet.
• Verified wallet_detail_context() preserves the old ledger query semantics: it selects both incoming/outgoing LedgerEntry rows for the normalized wallet, keeps sequence desc ordering/limit, and still attaches proof hashes by ledger sequence.
• Verified page/API regression coverage exercises list serialization, detail transactions with proof hashes, invalid wallet path handling, and missing-wallet 404 behavior.

Validation run locally:

• .venv/bin/python -m pytest tests/test_wallet_views.py tests/test_bounty_pages.py tests/test_wallet_api.py -q -> 39 passed
• .venv/bin/python -m mypy app/main.py app/wallet_views.py -> success

Verdict: comment-only / no blockers. This is a focused extraction with behavior covered by the new helper tests plus existing wallet/page tests.

[ramimbo]

Maintainer note after #320 filled: this PR still references closed bounty #320. If you want it considered for the current code-health round, rebase against main, update the bounty reference to #377, and keep the scope distinct from already accepted #328, #337, #364, #375, and #376. This is not accepted or paid as-is.

[ramimbo]

Closing this stale bounty submission. It still references a closed/filled bounty round and is dirty or unstable against current main after the route/test extraction batches. A future attempt needs a fresh PR against current main, a currently open bounty reference, and scope distinct from work already accepted.