audit: 2026-05-30 full-codebase audit — report, issues, docs, runbooks
Full-codebase-audit 2026-05-30 outputs: - Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md - 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer). - Scanner docs from scratch (was zero): architecture, data model, API ref, payment flow, operations runbook + repo README. - Doc-sync updates across API reference, data models, flows, design system. - Secret Rotation Runbook (08 - Operations) for the exposed credentials. - Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js. Issues remain status:open intentionally — the code fixes are uncommitted-then-committed working-tree changes per repo and aren't "resolved" until merged/deployed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
49
02 - Data Models/ConfigSettingHistory.md
Normal file
49
02 - Data Models/ConfigSettingHistory.md
Normal file
@@ -0,0 +1,49 @@
|
||||
---
|
||||
title: ConfigSettingHistory
|
||||
tags: [data-model, mongoose, admin, audit]
|
||||
aliases: [Setting History, Threshold History, IConfigSettingHistory]
|
||||
created: 2026-05-30
|
||||
---
|
||||
|
||||
# ConfigSettingHistory
|
||||
|
||||
> **Added:** 2026-05-30 — introduced in commit `27fb15a` as part of Task #9 (per-chain confirmation thresholds + audit log).
|
||||
|
||||
Audit trail document that records every change to a runtime configuration setting. Currently used exclusively to log confirmation-threshold updates (`key` pattern: `confirmation_threshold:<chainId>`), but the schema is generic and can store other numeric runtime config changes.
|
||||
|
||||
> [!note] Source
|
||||
> `backend/src/models/ConfigSettingHistory.ts` — schema and model export.
|
||||
> Written by `backend/src/services/payment/safety/confirmationThresholdService.ts` (`setConfirmationThreshold`).
|
||||
> Read by `GET /api/admin/settings/confirmation-thresholds/history` in `confirmationThresholdRoutes.ts`.
|
||||
|
||||
## Schema
|
||||
|
||||
| Field | Type | Required | Default | Description |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| `key` | String | yes | — | Setting identifier. Format: `confirmation_threshold:<chainId>` for threshold changes. Indexed. |
|
||||
| `oldValue` | Number | no | `null` | Value before the change. `null` when the setting had no prior database entry. |
|
||||
| `newValue` | Number | yes | — | Value after the change. |
|
||||
| `changedBy` | ObjectId (ref: `User`) | no | — | Admin user who made the change. Populated by `GET …/history` via `.populate('changedBy', 'email name')`. |
|
||||
| `changedAt` | Date | no | `Date.now()` | Timestamp of the change. Indexed; used for sort-descending pagination. |
|
||||
|
||||
> [!note] No `timestamps: false`
|
||||
> The schema deliberately disables Mongoose's automatic `createdAt`/`updatedAt` fields (`timestamps: false`) because `changedAt` is the canonical timestamp.
|
||||
|
||||
## Example document
|
||||
|
||||
```json
|
||||
{
|
||||
"_id": "6657c3...",
|
||||
"key": "confirmation_threshold:56",
|
||||
"oldValue": 12,
|
||||
"newValue": 6,
|
||||
"changedBy": { "_id": "...", "email": "admin@amn.gg" },
|
||||
"changedAt": "2026-05-30T10:22:00.000Z"
|
||||
}
|
||||
```
|
||||
|
||||
## Related
|
||||
|
||||
- [[Payment API]] — `GET /api/admin/settings/confirmation-thresholds/history`
|
||||
- [[Admin API]] — confirmation thresholds section
|
||||
- `backend/src/services/payment/safety/confirmationThresholdService.ts`
|
||||
Reference in New Issue
Block a user