docs(audit): align documentation with post-remediation backend reality

- Update data model enums to match backend models
- Update API reference auth requirements
- Add dispute module references and warning blocks
- Add 2026-05-24 audit remediation callout to Overview
- Generate task breakdowns and audit artifacts
- Add doc alignment report (.taskmaster/reports/)
This commit is contained in:
Siavash Sameni
2026-05-24 11:16:29 +04:00
parent b824ca0435
commit 4cf5c49274
74 changed files with 5964 additions and 81 deletions

View File

@@ -56,15 +56,15 @@ The core identity document for every actor in the marketplace: buyers, sellers,
| `status` | String | no | `"active"` | enum: `active` / `suspended` / `deleted` | yes | Soft-delete and moderation flag. |
| `lastLoginAt` | Date | no | — | — | — | Updated by auth middleware. |
| `refreshTokens[]` | String[] | no | `[]` | — | — | Outstanding JWT refresh tokens. |
| `referralCode` | String | no | — | — | unique, sparse | Personal invite code. |
| `referredBy` | ObjectId → User | no | — | — | yes | Who invited this user. |
| `points.total` | Number | no | `0` | — | — | Lifetime points earned. |
| `points.available` | Number | no | `0` | — | — | Currently spendable. |
| `points.used` | Number | no | `0` | — | — | Cumulative spent. |
| `points.level` | Number | no | `1` | — | yes (`points.level`) | Resolved against [[LevelConfig]]. |
| `referralStats.totalReferrals` | Number | no | `0` | — | — | Count of invited users. |
| `referralStats.activeReferrals` | Number | no | `0` | — | — | Subset that became active buyers. |
| `referralStats.totalEarned` | Number | no | `0` | — | — | Cumulative reward earnings. |
| `referralCode` | String | no | — | — | unique, sparse | **Not yet implemented** in `User.ts` — planned for referral programme. |
| `referredBy` | ObjectId → User | no | — | — | yes | **Not yet implemented** in `User.ts` — planned for referral programme. |
| `points.total` | Number | no | `0` | — | — | **Not yet implemented** in `User.ts` — planned for loyalty system. |
| `points.available` | Number | no | `0` | — | — | **Not yet implemented** in `User.ts`. |
| `points.used` | Number | no | `0` | — | — | **Not yet implemented** in `User.ts`. |
| `points.level` | Number | no | `1` | — | yes (`points.level`) | **Not yet implemented** in `User.ts` — planned for [[LevelConfig]] lookup. |
| `referralStats.totalReferrals` | Number | no | `0` | — | — | **Not yet implemented** in `User.ts`. |
| `referralStats.activeReferrals` | Number | no | `0` | — | — | **Not yet implemented** in `User.ts`. |
| `referralStats.totalEarned` | Number | no | `0` | — | — | **Not yet implemented** in `User.ts`. |
| `createdAt` | Date | auto | — | — | — | Mongoose timestamp. |
| `updatedAt` | Date | auto | — | — | — | Mongoose timestamp. |
@@ -78,11 +78,11 @@ The core identity document for every actor in the marketplace: buyers, sellers,
Defined explicitly (in addition to the implicit `email` unique index):
- `{ role: 1 }``backend/src/models/User.ts:231`
- `{ status: 1 }``backend/src/models/User.ts:232`
- `{ referralCode: 1 }``backend/src/models/User.ts:233`
- `{ referredBy: 1 }``backend/src/models/User.ts:234`
- `{ 'points.level': 1 }``backend/src/models/User.ts:235`
- `{ role: 1 }``backend/src/models/User.ts:178`
- `{ status: 1 }``backend/src/models/User.ts:179`
> [!warning] Missing indexes
> The schema currently defines only `role` and `status` indexes. The `referralCode`, `referredBy`, and `points.level` indexes documented below are **not yet present** in `User.ts`:
## Pre/Post Hooks