Remove legacy SQLite signing accounts

[wtfsayo]

Summary

Removes the legacy SQLite signing-account backend and keeps explicit local signer paths (--private-key, env/config private key, and Foundry keystore) at feature parity with resolved OWS wallets through the shared SelectedSigner signing surface.

Before

• --account and default signer resolution tried OWS first, then fell back to the legacy SQLite AccountStore.
• SQLite-backed records could still decrypt stored private keys and act as signers.
• Public/acting account selector resolution could still resolve legacy SQLite aliases.
• Direct dependencies included rusqlite, keyring, aes-gcm, and base64 for the deleted account store.
• Docs/schema/help still described stored-account alias/id semantics.

After

• OWS is the only stored wallet lifecycle backend.
• SQLite signing storage is removed, including src/db.rs, AccountStore, StoredAccount, account-key env vars, and fallback resolution.
• Explicit local signers remain supported through private key/config/env and keystore paths.
• Local private key, keystore, and resolved OWS wallets share SelectedSigner coverage for L1 actions, typed data, L1 connection IDs, and messages.
• Signer-source conflicts are stricter: private key, keystore, --account, and --ows-signer reject ambiguous combinations earlier.
• Docs, schema fixtures, command metadata, QA matrix, and terminology now describe OWS wallet name/id/address semantics instead of SQLite stored accounts.

Verification

• cargo fmt --check
• cargo check
• cargo test --lib
• cargo test --test wallet_management --test setup_wizard --test config_resolution --test release_artifacts
• cargo tree -i rusqlite confirms rusqlite is no longer in the dependency graph

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	hyperliquid-feedback	402af5d	May 20 2026, 06:09 PM

[Copilot]

Pull request overview

Removes the legacy SQLite-backed signing-account storage and its resolver fallbacks, making OWS the only managed wallet backend while keeping explicit local signer inputs (--private-key, env/config private key, and Foundry keystore) working through the shared SelectedSigner surface.

Changes:

• Deleted the SQLite account store (src/db.rs) and removed all production/test fallbacks that resolved stored accounts from accounts.db.
• Tightened signer selection semantics (including clap-level flag constraints) and updated resolver logic to be OWS-first with explicit local signer support.
• Updated docs, command metadata/catalog fixtures, QA matrix, and tests to reflect OWS wallet name/id/address semantics (no SQLite aliases/ids).

Reviewed changes

Copilot reviewed 43 out of 44 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/wallet_management.rs	Updates integration tests to assert no SQLite artifacts are created and adds stricter signer-conflict coverage.
tests/support/mod.rs	Removes legacy SQLite/keychain env plumbing; standardizes on OWS_PASSPHRASE for vault unlock in tests.
tests/setup_wizard.rs	Adjusts wizard tests to assert no legacy accounts.db creation.
tests/release_artifacts.rs	Updates doc terminology assertions to require OWS-focused language.
tests/fixtures/contracts/schema_representative.json	Updates selector descriptions to OWS wallet name/id semantics.
tests/fixtures/contracts/registry_inventory.json	Updates selector descriptions to OWS wallet name/id semantics across fixtures.
src/signing.rs	Removes SignerSource::StoredAccount variant from the signing surface.
src/resolvers.rs	Removes SQLite account-selector fallback; resolves selectors via explicit address or OWS wallet lookup only.
src/ows.rs	Updates unsupported-live-signing error messaging to remove legacy local-account wording.
src/main.rs	Adds clap constraints: --private-key conflicts with keystore flags; keystore/password are mutually required.
src/lib.rs	Stops exporting the deleted db module.
src/db.rs	Deletes the legacy SQLite-backed account storage implementation.
src/commands/wallet.rs	Removes stored-account signer display path and updates account type labeling/OWS fallback comments.
src/commands/subaccounts.rs	Updates CLI arg docs for acting-account selectors to OWS wallet name/id semantics.
src/commands/orders/args.rs	Updates CLI arg docs for acting-account/user selectors to OWS wallet name/id semantics.
src/commands/builder.rs	Updates CLI arg docs for user selector to OWS wallet name/id semantics.
src/commands/account.rs	Updates CLI arg docs for address selectors to OWS wallet name/id semantics.
src/command_metadata.rs	Updates input-kind inference to match new OWS-based selector description strings.
src/command_catalog.json	Updates catalog descriptions to remove stored-account alias/id wording.
src/cli_runtime.rs	Renames validation label from “account alias” to “wallet alias” for account add.
src/auth.rs	Removes SQLite signer/default fallbacks; --account resolution becomes OWS-only (or not-found/auth-required).
scripts/qa-command-matrix.sh	Removes legacy passphrase env handling and always runs account ls in QA.
README.zh-CN.md	Updates selector semantics documentation to OWS wallet name/id wording.
README.md	Updates terminology table and selector semantics to remove SQLite stored-account references.
README.ja-JP.md	Updates selector semantics documentation to OWS wallet name/id wording.
droid-wiki/systems/signing-and-wallets.md	Updates system documentation to describe OWS as the only stored wallet backend and explicit local signers.
droid-wiki/systems/index.md	Removes src/db.rs from the signer/wallet system file list.
droid-wiki/security.md	Updates threat model/security notes to remove encrypted SQLite storage references.
droid-wiki/reference/dependencies.md	Removes SQLite/keyring/AES/base64 dependency documentation; updates sha2 description.
droid-wiki/reference/data-models.md	Removes StoredAccount from SignerSource and deletes account-storage section.
droid-wiki/reference/configuration.md	Removes legacy SQLite/keychain env vars and storage location mentions.
droid-wiki/overview/glossary.md	Replaces “local signing account” with “explicit local signer” and updates selector semantics.
droid-wiki/overview/architecture.md	Updates diagrams/text to remove the DB component and describe explicit local signer path.
droid-wiki/lore.md	Updates historical description to remove mention of encrypted account DB.
droid-wiki/how-to-contribute/patterns-and-conventions.md	Updates contributor-facing selector terminology and removes stored-account implications.
droid-wiki/features/transfers.md	Updates selector rules wording to “wallet names and aliases are not resolved”.
droid-wiki/features/api-wallets.md	Updates extension guidance to remove src/db.rs references.
droid-wiki/deployment.md	Removes mention of rusqlite/aes-gcm cross-compilation notes.
droid-wiki/by-the-numbers.md	Removes src/db.rs from “largest source files” list.
droid-wiki/applications/cli.md	Updates --account description to OWS-only signer selection.
docs/plans/2026-05-20-001-refactor-remove-sqlite-signing-accounts-plan.md	Adds a refactor plan doc capturing scope/requirements and verification.
Cargo.toml	Drops rusqlite, keyring, aes-gcm, and base64 dependencies.
Cargo.lock	Removes SQLite/keyring-related transitive dependencies from the lockfile.
AGENTS.md	Updates terminology/selector semantics (but still contains one stale reference to “stored local-account signing paths”).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.