docs(audit): align documentation with post-remediation backend reality

- Update data model enums to match backend models
- Update API reference auth requirements
- Add dispute module references and warning blocks
- Add 2026-05-24 audit remediation callout to Overview
- Generate task breakdowns and audit artifacts
- Add doc alignment report (.taskmaster/reports/)
This commit is contained in:
Siavash Sameni
2026-05-24 11:16:29 +04:00
parent b824ca0435
commit 4cf5c49274
74 changed files with 5964 additions and 81 deletions

View File

@@ -301,7 +301,7 @@ Payouts are SHKeeper-side outbound transfers (admin pays the seller from a hot w
### POST /api/payment/decentralized/save
**Description:** Persists a Web3-initiated payment record.
**Auth required:** No
**Auth required:** Bearer JWT (enforces `userId` ownership match)
**Request body:**
```ts
{
@@ -326,7 +326,7 @@ Payouts are SHKeeper-side outbound transfers (admin pays the seller from a hot w
### PUT /api/payment/decentralized/update
**Description:** Update a decentralized payment's status / confirmations.
**Auth required:** No
**Auth required:** Bearer JWT (owner or admin)
**Request body:** `{ paymentId, status, confirmations? }`
### GET /api/payment/decentralized/receiver
@@ -337,17 +337,17 @@ Payouts are SHKeeper-side outbound transfers (admin pays the seller from a hot w
### GET /api/payment/decentralized/history/:userId
**Description:** Decentralized payment history for a user.
**Auth required:** No
**Auth required:** Bearer JWT (self or admin)
### POST /api/payment/decentralized/verify/:paymentId
**Description:** Re-verifies a single decentralized payment against the chain.
**Auth required:** No
**Auth required:** Bearer JWT (owner or admin)
### POST /api/payment/decentralized/verify-all-pending
**Description:** Iterates all `pending` decentralized payments and re-verifies them.
**Auth required:** No (typically called by a cron)
**Auth required:** Bearer JWT (admin only)
### POST /api/payment/decentralized/admin-payout
@@ -371,6 +371,7 @@ Payouts are SHKeeper-side outbound transfers (admin pays the seller from a hot w
- `pending` - intent created, awaiting on-chain settlement
- `processing` - settlement seen, awaiting confirmations
- `confirmed` - fully credited (intermediate; sometimes skipped)
- `completed` - confirmed, escrow funded
- `failed` - intentionally failed (expired, declined, refused)
- `cancelled` - cancelled by user/admin