iwa 0.0.1a2__py3-none-any.whl → 0.0.1a3__py3-none-any.whl

tests/test_keys.py

@@ -11,8 +11,8 @@ from iwa.core.keys import EncryptedAccount, KeyStorage, StoredSafeAccount
 
 @pytest.fixture
 def mock_secrets():
-    """Mock settings to provide test password."""
-    with patch("iwa.core.keys.settings") as mock:
+    """Mock secrets to provide test password."""
+    with patch("iwa.core.keys.secrets") as mock:
         mock.wallet_password.get_secret_value.return_value = "test_password"
         mock.gnosis_rpc.get_secret_value.return_value = "http://rpc"
         yield mock
@@ -51,7 +51,12 @@ def mock_account():
         )
 
         def create_side_effect():
+            # Skip the first address if it's reserved for the master account
+            # (to avoid overwriting master if create_account is called immediately)
             addr = next(addresses)
+            if addr == "0x5B38Da6a701c568545dCfcB03FcB875f56beddC4":
+                addr = next(addresses)
+
             m = MagicMock()
             m.key.hex.return_value = f"0xPrivateKey{addr}"
             m.address = addr
@@ -60,19 +65,49 @@ def mock_account():
         mock.create.side_effect = create_side_effect
 
         def from_key_side_effect(private_key):
-            if isinstance(private_key, str) and "0xPrivateKey" in private_key:
+            # 1. Handle the master private key
+            if (
+                private_key == "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"  # gitleaks:allow
+            ):
+                addr = "0x5B38Da6a701c568545dCfcB03FcB875f56beddC4"
+            # 2. Handle our mock key format
+            elif isinstance(private_key, str) and private_key.startswith("0xPrivateKey"):
                 addr = private_key.replace("0xPrivateKey", "")
+            # 3. Default fallback
             else:
-                addr = "0x5B38Da6a701c568545dCfcB03FcB875f56beddC4"
+                addr = "0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B"
+
             m = MagicMock()
             m.address = addr
-            m.key = private_key.encode() if isinstance(private_key, str) else private_key
             return m
 
         mock.from_key.side_effect = from_key_side_effect
         yield mock
 
 
+@pytest.fixture
+def mock_bip_utils():
+    """Mock BIP-utils for mnemonic derivation."""
+    with (
+        patch("iwa.core.keys.Bip39MnemonicGenerator") as mock_gen,
+        patch("iwa.core.keys.Bip39SeedGenerator") as mock_seed,
+        patch("iwa.core.keys.Bip44") as mock_bip44,
+    ):
+        # Generator
+        mock_gen.return_value.FromWordsNumber.return_value.ToStr.return_value = (
+            "word " * 23 + "word"
+        )
+
+        # Derivation chain
+        mock_bip44.FromSeed.return_value.Purpose.return_value.Coin.return_value.Account.return_value.Change.return_value.AddressIndex.return_value.PrivateKey.return_value.Raw.return_value.ToHex.return_value = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
+
+        yield {
+            "gen": mock_gen,
+            "seed": mock_seed,
+            "bip44": mock_bip44,
+        }
+
+
 # --- EncryptedAccount tests (no file I/O needed) ---
 
 
@@ -109,7 +144,9 @@ def test_encrypted_account_decrypt_private_key(mock_scrypt, mock_aesgcm, mock_se
 # --- KeyStorage tests using tmp_path ---
 
 
-def test_keystorage_init_new(tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt):
+def test_keystorage_init_new(
+    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt, mock_bip_utils
+):
     """Test initialization of new KeyStorage creates master account."""
     wallet_path = tmp_path / "wallet.json"
     storage = KeyStorage(wallet_path, password="test_password")
@@ -140,7 +177,9 @@ def test_keystorage_init_existing(tmp_path, mock_secrets):
     assert storage.get_account("master") is not None
 
 
-def test_keystorage_init_corrupted(tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt):
+def test_keystorage_init_corrupted(
+    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt, mock_bip_utils
+):
     """Test handling of corrupted wallet file."""
     wallet_path = tmp_path / "wallet.json"
     wallet_path.write_text("{invalid json")
@@ -153,7 +192,9 @@ def test_keystorage_init_corrupted(tmp_path, mock_secrets, mock_account, mock_ae
         mock_logger.error.assert_called()
 
 
-def test_keystorage_save(tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt):
+def test_keystorage_save(
+    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt, mock_bip_utils
+):
     """Test saving wallet to file."""
     wallet_path = tmp_path / "wallet.json"
     storage = KeyStorage(wallet_path, password="test_password")
@@ -165,7 +206,9 @@ def test_keystorage_save(tmp_path, mock_secrets, mock_account, mock_aesgcm, mock
     assert "accounts" in data
 
 
-def test_keystorage_create_account(tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt):
+def test_keystorage_create_account(
+    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt, mock_bip_utils
+):
     """Test creating additional accounts."""
     wallet_path = tmp_path / "wallet.json"
     storage = KeyStorage(wallet_path, password="test_password")
@@ -177,7 +220,7 @@ def test_keystorage_create_account(tmp_path, mock_secrets, mock_account, mock_ae
 
 
 def test_keystorage_create_account_duplicate_tag(
-    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt
+    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt, mock_bip_utils
 ):
     """Test creating account with duplicate tag raises error."""
     wallet_path = tmp_path / "wallet.json"
@@ -263,7 +306,7 @@ def test_keystorage_get_account(tmp_path, mock_secrets, mock_account, mock_aesgc
 
 
 def test_keystorage_get_tag_by_address(
-    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt
+    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt, mock_bip_utils
 ):
     """Test getting tag by address."""
     wallet_path = tmp_path / "wallet.json"
@@ -315,7 +358,7 @@ def test_keystorage_master_account_fallback(tmp_path, mock_secrets):
 
 
 def test_keystorage_master_account_success(
-    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt
+    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt, mock_bip_utils
 ):
     """Test master_account property returns master."""
     wallet_path = tmp_path / "wallet.json"
@@ -326,7 +369,7 @@ def test_keystorage_master_account_success(
 
 
 def test_keystorage_create_account_default_tag(
-    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt
+    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt, mock_bip_utils
 ):
     """Test creating account with custom tag."""
     wallet_path = tmp_path / "wallet.json"
@@ -338,7 +381,7 @@ def test_keystorage_create_account_default_tag(
 
 
 def test_keystorage_remove_account_not_found(
-    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt
+    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt, mock_bip_utils
 ):
     """Test removing non-existent account doesn't raise."""
     wallet_path = tmp_path / "wallet.json"
@@ -349,7 +392,7 @@ def test_keystorage_remove_account_not_found(
 
 
 def test_keystorage_get_account_auto_load_safe(
-    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt
+    tmp_path, mock_secrets, mock_account, mock_aesgcm, mock_scrypt, mock_bip_utils
 ):
     """Test getting StoredSafeAccount."""
     wallet_path = tmp_path / "wallet.json"

tests/test_migration.py

@@ -0,0 +1,52 @@
+from iwa.core.keys import EncryptedAccount
+from iwa.core.models import EncryptedData
+
+
+def test_legacy_account_migration():
+    """Test that a legacy account dict is correctly upgraded."""
+    legacy_data = {
+        "address": "0xCD0184079fb3Bd15ddE5Bcbc248d81a893482280",
+        "tag": "master",
+        "salt": "FW19o5XPRxinb18TuQroxg==",
+        "nonce": "s1K+wNb24JY2BGeH",
+        "ciphertext": "i5BYYBjR7jiSW6OTNFuXJ03FaNQjlgbXMSo8uEgz71jtWQ24MAOZqJYckEjEqPFv4GX/Dwi5QVZFWV+tqECNh7AK0zY3/po4FDL7DU3s5ms=",
+    }
+
+    # Load into model
+    account = EncryptedAccount(**legacy_data)
+
+    # Verify legacy fields are mapped
+    assert account.kdf_salt == legacy_data["salt"]
+    assert account.nonce == legacy_data["nonce"]
+    assert account.ciphertext == legacy_data["ciphertext"]
+
+    # Verify default KDF params are set
+    assert account.kdf == "scrypt"
+    assert account.kdf_n == 16384
+    assert account.kdf_r == 8
+    assert account.kdf_p == 1
+    assert account.cipher == "aesgcm"
+
+    # Verify it is an instance of EncryptedData (implicitly checking inheritance)
+    assert isinstance(account, EncryptedData)
+
+
+def test_new_account_format():
+    """Test that a new account is created with explicit params."""
+    # We use a mocked password and private key
+    # This just tests structure, not actual crypto (covered by other tests)
+    account = EncryptedAccount.encrypt_private_key(
+        "0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
+        "password",
+        tag="new_test",
+    )
+
+    data = account.model_dump()
+
+    assert data["kdf"] == "scrypt"
+    assert "kdf_salt" in data
+    assert data["kdf_n"] == 16384
+    assert data["cipher"] == "aesgcm"
+
+    # Ensure legacy salt is NOT present (avoid duplication)
+    assert "salt" not in data

tests/test_mnemonic.py

@@ -83,7 +83,7 @@ def test_encrypted_mnemonic_decrypt_unsupported_kdf():
 
 def test_encrypted_mnemonic_decrypt_unsupported_cipher():
     em = EncryptedMnemonic(
-        cypher="unsupported", kdf_salt="salt", nonce="nonce", ciphertext="ciphertext"
+        cipher="unsupported", kdf_salt="salt", nonce="nonce", ciphertext="ciphertext"
     )
     with pytest.raises(ValueError, match="Unsupported cipher"):
         em.decrypt("password")

tests/test_pricing.py

@@ -8,7 +8,7 @@ from iwa.core.pricing import PriceService
 
 @pytest.fixture
 def mock_secrets():
-    with patch("iwa.core.pricing.settings") as mock:
+    with patch("iwa.core.pricing.secrets") as mock:
         mock.coingecko_api_key.get_secret_value.return_value = "test_api_key"
         yield mock
 
@@ -81,8 +81,8 @@ def test_get_token_price_key_not_found(price_service):
 
 def test_get_token_price_rate_limit():
     """Test rate limit (429) handling with retries."""
-    with patch("iwa.core.pricing.settings") as mock_settings:
-        mock_settings.coingecko_api_key = None
+    with patch("iwa.core.pricing.secrets") as mock_secrets:
+        mock_secrets.coingecko_api_key = None
 
         service = PriceService()
 
@@ -102,8 +102,8 @@ def test_get_token_price_rate_limit_then_success():
     """Test rate limit recovery on retry."""
     from unittest.mock import MagicMock
 
-    with patch("iwa.core.pricing.settings") as mock_settings:
-        mock_settings.coingecko_api_key = None
+    with patch("iwa.core.pricing.secrets") as mock_secrets:
+        mock_secrets.coingecko_api_key = None
 
         service = PriceService()
 
@@ -126,8 +126,8 @@ def test_get_token_price_rate_limit_then_success():
 
 def test_get_token_price_no_api_key():
     """Test getting price without API key."""
-    with patch("iwa.core.pricing.settings") as mock_settings:
-        mock_settings.coingecko_api_key = None
+    with patch("iwa.core.pricing.secrets") as mock_secrets:
+        mock_secrets.coingecko_api_key = None
 
         service = PriceService()
 

tests/test_safe_coverage.py

@@ -119,7 +119,7 @@ def test_redeploy_safes(safe_service, mock_deps):
 
     mock_deps["key_storage"].accounts = {"0xSafe1": account1}
 
-    with patch("iwa.core.services.safe.settings") as mock_settings:
+    with patch("iwa.core.services.safe.secrets") as mock_settings:
         mock_settings.gnosis_rpc.get_secret_value.return_value = "http://rpc"
 
         with patch("iwa.core.services.safe.EthereumClient") as mock_eth_client:

tests/test_safe_service.py

@@ -53,12 +53,12 @@ def mock_dependencies():
         patch("iwa.core.services.safe.EthereumClient") as mock_client,
         patch("iwa.core.services.safe.Safe") as mock_safe,
         patch("iwa.core.services.safe.ProxyFactory") as mock_proxy_factory,
-        patch("iwa.core.services.safe.settings") as mock_settings,
+        patch("iwa.core.services.safe.secrets") as mock_secrets,
         patch("iwa.core.services.safe.log_transaction") as mock_log,
         patch("iwa.core.services.safe.get_safe_master_copy_address") as mock_master,
         patch("iwa.core.services.safe.get_safe_proxy_factory_address") as mock_factory,
     ):
-        mock_settings.gnosis_rpc.get_secret_value.return_value = "http://rpc"
+        mock_secrets.gnosis_rpc.get_secret_value.return_value = "http://rpc"
 
         # Setup Safe creation return
         mock_create_tx = MagicMock()
@@ -104,7 +104,7 @@ def mock_dependencies():
             "client": mock_client,
             "safe": mock_safe,
             "proxy_factory": mock_proxy_factory,
-            "settings": mock_settings,
+            "secrets": mock_secrets,
             "log": mock_log,
             "master": mock_master,
             "factory": mock_factory,

tests/test_staking_router.py

@@ -1,6 +1,18 @@
 """Tests for staking.py router coverage."""
 
-from unittest.mock import MagicMock
+from unittest.mock import MagicMock, patch
+
+import pytest
+
+
+@pytest.fixture(autouse=True)
+def mock_key_storage():
+    """Bypass KeyStorage security check."""
+    with (
+        patch("iwa.core.keys.KeyStorage.__init__", return_value=None),
+        patch("iwa.web.dependencies.wallet", MagicMock()),
+    ):
+        yield
 
 
 def test_check_availability_exception():

tools/verify_drain.py

@@ -71,7 +71,7 @@ def verify_drain():  # noqa: C901, D103
             assert manager.olas_config is not None, "Olas config not initialized"
             service = manager.olas_config.get_service("gnosis", service_id)
             if not service:
-                 raise ValueError(f"Service {service_id} not found in config")
+                raise ValueError(f"Service {service_id} not found in config")
             safe_addr = service.multisig_address
             agent_addr = service.agent_address
 

iwa/core/settings.py

@@ -1,95 +0,0 @@
-"""Configuration settings module."""
-
-import os
-from typing import Optional
-
-from dotenv import load_dotenv
-from pydantic import ConfigDict, SecretStr, model_validator
-from pydantic_settings import BaseSettings
-
-from iwa.core.constants import SECRETS_PATH
-from iwa.core.utils import singleton
-
-
-@singleton
-class Settings(BaseSettings):
-    """Application Settings loaded from environment and secrets file."""
-
-    # Testing mode - when True, uses Tenderly test RPCs; when False, uses production RPCs
-    testing: bool = True
-
-    # RPC endpoints (loaded from gnosis_rpc/ethereum_rpc/base_rpc in secrets.env)
-    # When testing=True, these get overwritten with *_test_rpc values
-    gnosis_rpc: Optional[SecretStr] = None
-    base_rpc: Optional[SecretStr] = None
-    ethereum_rpc: Optional[SecretStr] = None
-
-    # Test RPCs
-    gnosis_test_rpc: Optional[SecretStr] = None
-    ethereum_test_rpc: Optional[SecretStr] = None
-    base_test_rpc: Optional[SecretStr] = None
-
-    gnosisscan_api_key: Optional[SecretStr] = None
-    coingecko_api_key: Optional[SecretStr] = None
-    wallet_password: Optional[SecretStr] = None
-    security_word: Optional[SecretStr] = None
-
-    # Tenderly profile (1 or 2) - determines which credentials to load
-    tenderly_profile: int = 1
-
-    # Tenderly credentials - loaded dynamically based on profile
-    tenderly_account_slug: Optional[SecretStr] = None
-    tenderly_project_slug: Optional[SecretStr] = None
-    tenderly_access_key: Optional[SecretStr] = None
-
-    # Tenderly funding configuration
-    tenderly_native_funds: float = 1000.0
-    tenderly_olas_funds: float = 100000.0
-
-    web_enabled: bool = False
-    web_port: int = 8080
-    webui_password: Optional[SecretStr] = None
-
-    model_config = ConfigDict(env_file=str(SECRETS_PATH), env_file_encoding="utf-8", extra="ignore")
-
-    def __init__(self, **values):
-        """Initialize Settings and load environment variables."""
-        # Force load dotenv to ensure os.environ variables are set
-        load_dotenv(SECRETS_PATH, override=True)
-        super().__init__(**values)
-
-    @model_validator(mode="after")
-    def load_tenderly_profile_credentials(self) -> "Settings":
-        """Load Tenderly credentials based on the selected profile."""
-        profile = self.tenderly_profile
-
-        # Load profile-specific credentials from environment
-        account = os.getenv(f"tenderly_account_slug_{profile}")
-        project = os.getenv(f"tenderly_project_slug_{profile}")
-        access_key = os.getenv(f"tenderly_access_key_{profile}")
-
-        if account:
-            self.tenderly_account_slug = SecretStr(account)
-        if project:
-            self.tenderly_project_slug = SecretStr(project)
-        if access_key:
-            self.tenderly_access_key = SecretStr(access_key)
-
-        # When in testing mode, override RPCs with test RPCs (Tenderly)
-        if self.testing:
-            if self.gnosis_test_rpc:
-                self.gnosis_rpc = self.gnosis_test_rpc
-            if self.ethereum_test_rpc:
-                self.ethereum_rpc = self.ethereum_test_rpc
-            if self.base_test_rpc:
-                self.base_rpc = self.base_test_rpc
-
-        # Convert empty webui_password to None (no auth required)
-        if self.webui_password and not self.webui_password.get_secret_value():
-            self.webui_password = None
-
-        return self
-
-
-# Global settings instance
-settings = Settings()

iwa-0.0.1a2.dist-info/entry_points.txt

@@ -1,2 +0,0 @@
-[console_scripts]
-iwa = iwa.core.cli:iwa_cli