docs: sync from backend 19f7eb9, frontend 60ee6fb — Task #10 AML screening
This commit is contained in:
@@ -8,7 +8,7 @@ Default mode: optional. Existing release/refund flows do not require Trezor proo
|
||||
|
||||
- Generate a fresh receive address per user/payment from a registered Trezor xpub.
|
||||
- Require a Trezor-produced signature before release/refund confirmation when safekeeping enforcement is enabled.
|
||||
- Keep SHKeeper and Request Network optional provider paths intact.
|
||||
- Keep the Request Network payment adapter and legacy provider abstractions intact while adding custody controls.
|
||||
- Preserve the existing `Payment` model and orchestration surface.
|
||||
|
||||
## Registration
|
||||
@@ -95,7 +95,7 @@ When `TREZOR_SAFEKEEPING_REQUIRED=true`, `confirmReleaseRefundInstruction` verif
|
||||
TREZOR_SAFEKEEPING_REQUIRED=false
|
||||
```
|
||||
|
||||
Default is permissive so existing SHKeeper and Request Network flows continue to work. Set it to `true` only after registering the operating admin's Trezor account and testing the signing path. Any value other than the literal string `true` is treated as disabled.
|
||||
Default is permissive so existing Request Network release/refund flows continue to work. Set it to `true` only after registering the operating admin's Trezor account and testing the signing path. Any value other than the literal string `true` is treated as disabled.
|
||||
|
||||
## Safety Rules
|
||||
|
||||
@@ -108,7 +108,7 @@ Default is permissive so existing SHKeeper and Request Network flows continue to
|
||||
|
||||
## Upgrade Path To Multisig
|
||||
|
||||
The current design stores a single `trezor-eoa` signer. Later, replace the signer policy with:
|
||||
The current design stores a single `trezor-eoa` signer. The recommended production path is to replace the signer policy with:
|
||||
|
||||
- `addressType: safe-multisig`
|
||||
- a Safe address per tenant/admin group
|
||||
@@ -116,4 +116,4 @@ The current design stores a single `trezor-eoa` signer. Later, replace the signe
|
||||
- Trezor owners as Safe signers
|
||||
- release/refund flow creates a Safe transaction and records collected signatures before execution
|
||||
|
||||
The payment orchestration API should stay the same: build instruction, collect hardware-backed approval, confirm release/refund, append ledger entry.
|
||||
The payment orchestration API should stay the same: build instruction, collect hardware-backed approval, confirm release/refund, append ledger entry. See [[PRD - Decentralized Custody and Smart-Contract Escrow Roadmap]] for the staged Safe-first path before any custom escrow contract.
|
||||
|
||||
Reference in New Issue
Block a user