docs(audit): align documentation with post-remediation backend reality

- Update data model enums to match backend models
- Update API reference auth requirements
- Add dispute module references and warning blocks
- Add 2026-05-24 audit remediation callout to Overview
- Generate task breakdowns and audit artifacts
- Add doc alignment report (.taskmaster/reports/)
This commit is contained in:
Siavash Sameni
2026-05-24 11:16:29 +04:00
parent b824ca0435
commit 4cf5c49274
74 changed files with 5964 additions and 81 deletions

View File

@@ -0,0 +1,35 @@
---
taskmaster_id: "4.6"
status: "pending"
priority: "high"
depends_on: ["3"]
parent_id: "4"
source: "taskmaster"
generated_at: "2026-05-24T07:15:25.199Z"
---
# 4.6 - Specify webhook security and provider adapter contracts
- [ ] 4.6 - Specify webhook security and provider adapter contracts #taskmaster #priority/high #status/pending ⏫ 🆔 tm-4-6 ⛔ tm-3
## Metadata
| Field | Value |
| --- | --- |
| Taskmaster ID | 4.6 |
| Status | pending |
| Priority | high |
| Dependencies | 3 |
| Parent | 4 - Define backend security and refactor strategy from latest audit |
## Description
Define provider-neutral payment interface and signed webhook processing rules.
## Details
Document createPayInIntent, getPayInStatus, handleProviderWebhook, createHostedPaymentLink, createReleaseInstruction, createRefundInstruction, getPayoutStatus, searchProviderPayments, raw-body signature verification, replay prevention, delivery ID idempotency, duplicate/unknown event behavior, retry semantics, dead-letter/replay storage, and alert thresholds.
## Verification
Contracts cover SHKeeper legacy, Request Network, manual/admin wallet, invalid signatures, duplicate deliveries, and missed webhook reconciliation.