docs: add sub-project service docs + sync vault 2026-06-08
Add 10 - Services/ docs for all sub-projects: backend, frontend, scanner, deployment (new), update amanat-assist. Update Scanner Architecture, Telegram Mini App flow, and Activity Log. Add payment safety edge cases.
This commit is contained in:
@@ -65,17 +65,23 @@ Tests needed:
|
||||
|
||||
## P0 - Payment Negative Tests
|
||||
|
||||
Automate:
|
||||
**Automated as of 2026-06-08** (`backend/__tests__/payment-edge-cases.test.ts`, 38 tests):
|
||||
See [[Payment Safety Edge Cases]] for full detail.
|
||||
|
||||
- wrong token;
|
||||
- wrong chain;
|
||||
- wrong destination;
|
||||
- underpayment;
|
||||
- duplicate payment;
|
||||
- ✅ wrong token (on-chain `wrong_token` + direct-balance `address-token-mismatch` + `payment-wrong-token` event)
|
||||
- ✅ wrong chain (direct-balance `address-token-mismatch`)
|
||||
- ✅ wrong destination (direct-balance `address-token-mismatch`)
|
||||
- ✅ underpayment (`insufficient_amount` on-chain; `underpaid` direct-balance + `payment-underpaid` event)
|
||||
- ✅ native coin sent instead of ERC-20 (`wrong_asset` on-chain; stays pending in direct-balance webhook)
|
||||
- ✅ OFAC-sanctioned sender blocked (opt-in per seller; direct-balance `fundDirectBalancePayment` AML gate)
|
||||
- ✅ smart-contract sender blocked via `TRANSACTION_SAFETY_REQUIRE_EOA_SENDER=1`
|
||||
|
||||
Still needs automation:
|
||||
- duplicate payment (double-credit guard);
|
||||
- late payment after cancelled/expired intent;
|
||||
- payment with no gas;
|
||||
- scanner unavailable during payment;
|
||||
- scanner webhook signature invalid;
|
||||
- scanner webhook signature invalid (partially covered by `amn-pay-adapter-webhook-signature.test.ts`);
|
||||
- balance check baseline missing or stale.
|
||||
|
||||
## P0 - Authorization and ID Boundaries
|
||||
|
||||
Reference in New Issue
Block a user