docs: sync from backend 19f7eb9, frontend 60ee6fb — Task #10 AML screening
This commit is contained in:
11
README.md
11
README.md
@@ -46,6 +46,8 @@ How the system is composed at every layer.
|
||||
- [[System Architecture]] — end-to-end topology + request lifecycle
|
||||
- [[Backend Architecture]] — Express 5 + Mongoose + Socket.IO module map
|
||||
- [[Frontend Architecture]] — Next.js 16 App Router + provider tree
|
||||
- [[Request Network Integration Constraints]] — current RN integration constraints and rollout gates
|
||||
- [[PRD - Decentralized Custody and Smart-Contract Escrow Roadmap]] — custody decentralization and smart-contract decision roadmap
|
||||
- [[Infrastructure]] — Docker images, compose stacks, registry, Watchtower
|
||||
- [[Real-time Layer]] — Socket.IO rooms, events, scaling notes
|
||||
- [[Security Architecture]] — auth layers, RBAC, HMAC, hardening checklist
|
||||
@@ -88,7 +90,7 @@ End-to-end narratives for every user-visible interaction, with Mermaid sequence/
|
||||
- [[Purchase Request Flow]] · [[Seller Offer Flow]] · [[Negotiation Flow]]
|
||||
|
||||
**Money**
|
||||
- [[Payment Flow - SHKeeper]] · [[Payment Flow - DePay & Web3]] · [[Escrow Flow]] · [[Payout Flow]]
|
||||
- [[PRD - Request Network In-House Checkout]] · [[Payment Flow - DePay & Web3]] · [[Escrow Flow]] · [[Payout Flow]] · [[PRD - Decentralized Custody and Smart-Contract Escrow Roadmap]]
|
||||
|
||||
**Resolution**
|
||||
- [[Dispute Flow]] · [[Delivery Confirmation Flow]] · [[Rating Flow]]
|
||||
@@ -151,7 +153,8 @@ For engineers / SREs running the system in production.
|
||||
|
||||
| Topic | Start here |
|
||||
|---|---|
|
||||
| **Payments** | [[Payment Flow - SHKeeper]] → [[Payment API]] → [[Payment]] → [[Payout Flow]] |
|
||||
| **Payments** | [[PRD - Request Network In-House Checkout]] → [[Payment API]] → [[Payment]] → [[Payout Flow]] |
|
||||
| **Custody / escrow strategy** | [[PRD - Decentralized Custody and Smart-Contract Escrow Roadmap]] → [[Escrow Flow]] → [[Funds Ledger and Escrow State Machine Specification]] |
|
||||
| **Auth** | [[Authentication Flow]] → [[Authentication API]] → [[Security Architecture]] |
|
||||
| **Backend security / refactor** | [[Backend Stack Security and Refactor Assessment - 2026-05-24]] → [[Platform Logical Audit - 2026-05-24]] → [[PRD - Platform Audit Remediation Plan (2026-05-24)]] |
|
||||
| **Developer task queue** | `.taskmaster/README.md` → `.taskmaster/tasks/tasks.json` → root `PRD - *.md` files |
|
||||
@@ -204,8 +207,8 @@ These are documented in their respective sections but worth highlighting:
|
||||
> [!warning]
|
||||
> - Backend rate-limit middleware is currently **disabled** (`backend/src/app.ts:227`). Enable before any public traffic — see [[Security Architecture]].
|
||||
> - Passkey service is partly **stubbed** — see [[Passkey (WebAuthn) Flow]] for production-hardening checklist.
|
||||
> - Auto-release of escrow on delivery confirmation **not yet automated** — admin runs manual payouts. See [[Delivery Confirmation Flow]] + [[Payout Flow]].
|
||||
> - Opening a dispute does **not pause** the escrow until admin intervention. See [[Dispute Flow]] + [[Escrow Flow]].
|
||||
> - Auto-release of escrow on delivery confirmation **not yet automated** — admin/custody operators run release flows. See [[Delivery Confirmation Flow]] + [[Payout Flow]].
|
||||
> - Dispute holds exist in code, but the Dispute model/docs still need full canonical state-machine alignment. See [[Dispute Flow]] + [[Escrow Flow]].
|
||||
> - Several development env values committed as public — see [[Environment Variables]] for rotation list.
|
||||
> - Single-host deployment; horizontal scaling requires Redis adapter for Socket.IO — see [[Real-time Layer]] §8.
|
||||
> - Request Network webhooks currently land on the main app. Roadmap: Cloudflare Worker durable ingress + replay, with backend Transaction Safety Provider checks before escrow is credited. See [[Request Network Integration Constraints]].
|
||||
|
||||
Reference in New Issue
Block a user