docs: add sub-project service docs + sync vault 2026-06-08

Add 10 - Services/ docs for all sub-projects: backend, frontend, scanner,
deployment (new), update amanat-assist. Update Scanner Architecture,
Telegram Mini App flow, and Activity Log. Add payment safety edge cases.
This commit is contained in:
Siavash Sameni
2026-06-08 16:22:52 +04:00
parent 181e8e9c2f
commit 67244223ec
13 changed files with 2734 additions and 311 deletions

View File

@@ -65,17 +65,23 @@ Tests needed:
## P0 - Payment Negative Tests
Automate:
**Automated as of 2026-06-08** (`backend/__tests__/payment-edge-cases.test.ts`, 38 tests):
See [[Payment Safety Edge Cases]] for full detail.
- wrong token;
- wrong chain;
- wrong destination;
- underpayment;
- duplicate payment;
- wrong token (on-chain `wrong_token` + direct-balance `address-token-mismatch` + `payment-wrong-token` event)
- wrong chain (direct-balance `address-token-mismatch`)
- wrong destination (direct-balance `address-token-mismatch`)
- underpayment (`insufficient_amount` on-chain; `underpaid` direct-balance + `payment-underpaid` event)
- ✅ native coin sent instead of ERC-20 (`wrong_asset` on-chain; stays pending in direct-balance webhook)
- ✅ OFAC-sanctioned sender blocked (opt-in per seller; direct-balance `fundDirectBalancePayment` AML gate)
- ✅ smart-contract sender blocked via `TRANSACTION_SAFETY_REQUIRE_EOA_SENDER=1`
Still needs automation:
- duplicate payment (double-credit guard);
- late payment after cancelled/expired intent;
- payment with no gas;
- scanner unavailable during payment;
- scanner webhook signature invalid;
- scanner webhook signature invalid (partially covered by `amn-pay-adapter-webhook-signature.test.ts`);
- balance check baseline missing or stale.
## P0 - Authorization and ID Boundaries