Commit Graph

105 Commits

Author SHA1 Message Date
Siavash Sameni
8a9e562ced ops: draft Gatus monitoring proposal + /api/health endpoint shape
Captures the runtime-monitoring side of the 2026-05-28 silent-empty-
registry incident retrospective. Pairs with backend commit 28b17f2
(CI typecheck gate). Defines the proposed Gatus probe set, the
/api/health endpoint that has to land first, and a follow-up issue
list. Includes a retrospective table showing what this would have
caught across recent incidents.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 21:33:33 +04:00
Siavash Sameni
f5a42eb8d9 docs: route-overlap warning on Dispute resolve, fix RN docs URL 2026-05-28 20:46:04 +04:00
Siavash Sameni
81625d35d2 docs: AML scope note, human-blocked items, Task #11 pre-flight inventory
- Add AML scope note to Handoff - RN Multichain Probe (sanctions-only vs full KYT)
- Add human-blocked section with 3 precise next steps for owner
- Create Task 11 Pre-flight Inventory: library choice, dev/prod flow, admin UI gaps, backend gaps, risks, acceptance criteria
2026-05-28 20:42:42 +04:00
Siavash Sameni
ddc0434819 docs: sync from backend 19f7eb9, frontend 60ee6fb — Task #10 AML screening 2026-05-28 20:35:38 +04:00
Siavash Sameni
fd2aa71ef4 docs: Task #9 confirmation thresholds + PRD AC updates + API docs
- Update Activity Log with backend@441c8be, frontend@717d5c8
- Update PRD §3 acceptance criteria for Task #9
- Update Payment API.md with confirmation-threshold and awaiting-confirmation endpoints
2026-05-28 20:13:15 +04:00
Siavash Sameni
f5e1106e77 docs: Task #8 Base fix + USDT fork test verification + PRD AC updates
- Update Handoff - RN Multichain Probe with corrected Base proxy address
- Document anvil fork test verifying USDT-mainnet approve(0) reset
- Update PRD §2 AC #4 to verified
- Update Activity Log with backend@4a85737
2026-05-28 20:04:21 +04:00
Siavash Sameni
85cb439ce2 docs: Task #8 probe results + handoff + PRD AC updates
- Add Handoff - RN Multichain Probe - 2026-05-28.md
- Update Handoff - Request Network In-House Checkout with Task #8 status
- Update Activity Log with backend@ae17b18, frontend@0ebb2f1
- Update PRD §2 acceptance criteria for Task #8
- Update Payment API.md with /api/admin/rn/networks endpoints
2026-05-28 19:53:06 +04:00
Siavash Sameni
2308db8074 docs: sync from backend 34f542e — Task #7 B unit tests + C protocol + PRD updates 2026-05-28 19:18:53 +04:00
Siavash Sameni
7868d94340 DB strategy: add dual-DB partial-migration analysis
Three scoping tiers (ledger-only / +Payment+Dispute / all five financial
models) with concrete time estimates grounded in actual reference counts
from the codebase. Recommends Option 1 (ledger only, 3–4 weeks) as the
right dual-DB shape if a forcing function appears, and explains why it's
not yet worth doing over the 2-week in-place hardening.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 19:17:43 +04:00
Siavash Sameni
825d7870b3 Add Mongo vs Postgres database-strategy assessment
Records the current recommendation (stay on Mongo + targeted hardening),
the realistic full-migration cost (3.5–6 months), and the trigger
conditions under which we should revisit the decision. Prompted by the
multi-seller orphan-payment bug on 2026-05-28 — exactly the FK-shaped
class of bug Postgres would prevent, but not by itself worth a migration.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 19:13:50 +04:00
Siavash Sameni
e00129d40d docs: sync from backend 1889169, frontend c44ed64 — Task #7 A verification fix: multi-checkout conversion + orphan-payment guard 2026-05-28 17:21:14 +04:00
Siavash Sameni
4017aee800 docs: sync from backend faf2221, frontend 022ecb6 — Task #7 derived destinations sweep autostart, recordSweep fix, multi-seller checkout 2026-05-28 17:15:18 +04:00
Siavash Sameni
3b50311a81 PRD Task #7: mark A/D/E done, F in progress, B/C pending
A (cart-aware buyer UX), D (auto-start sweep cron), and E (recordSweep
$inc accumulation fix) shipped. F (API Reference + Activity Log doc
updates) underway. B (unit tests) and C (live divergent-destination
probe on dev) still pending.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 17:09:55 +04:00
Siavash Sameni
21627b7e71 docs(prd): update Task #7 to reflect what shipped in 2.6.42 + scoped remaining work for kimi
Rewrote §1 of the Wallet/Multichain/Confirmations/AML/Trezor PRD:
- Status promoted from 'Draft' to 'Living', §1 marked 🟡 In progress.
- Decisions taken table captures the locked-in choices (per-(buyer,
  sellerOffer, chainId) keying with reuse, monotonic counter,
  cron-based sweep, build-only signer default).
- 'What landed in 2.6.42' section enumerates the actual files +
  endpoints + env vars so kimi has concrete reference points.
- 'Remaining work for Task #7' table breaks the remainder into six
  discrete items (A..F) each with file paths and notes:
  A — cart-aware buyer UX (the big one)
  B — unit tests
  C — live divergent-destination probe
  D — optional auto-start cron on boot
  E — possible recordSweep accumulation bug to verify+fix
  F — API Reference doc updates
- Acceptance criteria annotated with / per item.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 16:42:15 +04:00
Siavash Sameni
d80892dbaa docs: sync vault with Task #7 backend + admin UI shipping (2.6.42)
- Handoff doc: mark Task #7 in-progress with what landed (backend
  modules, admin UI), what remains (cart-aware buyer UX, unit tests,
  live RN divergent-destination probe, optional auto-start cron).
  Promote the followups table from 'depends on' to 'status'.
- Environment Variables: add DERIVED_DESTINATION_* block with KMS /
  Trezor production guidance.

Code is on backend commit c98b3d7 / frontend commit 82d9a70, both
on integrate-main-into-development.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 16:35:18 +04:00
Siavash Sameni
31dd475b73 docs(prd): clarify task #7 keying — cart-with-multi-seller, per-Payment derivation
User flagged: a buyer's cart can span multiple sellers, so 'per-(buyer, seller)'
isn't really 1:1. The right framing is per-Payment: Amanat already creates N
Payment records for an N-seller cart (one per sellerOfferId), and each gets
its own derived destination + RN intent + buyer-side approve+pay tx pair.

PRD now explicitly:
- Recommends per-Payment keying (which collapses to per-(buyer, sellerOfferId)
  via the existing uniq_pending_request_network_by_buyer_session index)
- Documents the multi-seller cart UX (N approve+pay pairs in sequence, with
  clear progress indicator, mid-cart abandonment is fine)
- Notes RN's ERC20FeeProxy is single-destination by design (no atomic split
  in v1; future Amanat splitter contract is out of scope)
- Updates open questions to monotonic derivation counter, immediate sweep,
  single-use addresses (no rotation), and cold-payment recovery
- Scope explicitly mentions cart-aware buyer UX as part of task #7

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 16:05:50 +04:00
Siavash Sameni
0060b16912 docs: ship in-house RN checkout, scope 5 follow-up tasks (#7-11)
In-house Request Network checkout went fully end-to-end on dev today.
A real 0.01 USDC payment flowed through wallet connect -> approve ->
ERC20FeeProxy.transferFromWithReferenceAndFee -> RN webhook ->
TransactionSafetyProvider -> Payment.status=completed -> page success
state. Tx 0x494c77a29161b5100d8e0b1ac675f1822955d0bb3633ecdbfafb886f84f2f320.

Docs:
- New PRD: Wallet, Multichain, Confirmations, AML, Trezor
  (5 follow-ups, each sized for an independent contributor)
- Updated PRD: Request Network In-House Checkout (phases 0..3 done,
  phase 4 partial, phases 5-6 not started)
- Updated handoff: deployed versions, what is working end-to-end,
  follow-up tasks index

Taskmaster: 5 new top-level tasks (#7..#11) covering ephemeral
destination wallets, multichain proxy registry + USDC/USDT, runtime
confirmation thresholds, optional seller-paid AML screening, and
Trezor signing for admin actions. Tasks are scoped fine-grained so
each is independent enough for kimi to pick up.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 15:50:24 +04:00
moojttaba
37f946fc23 docs: add initial content to Welcome.md and update README.md with additional note 2026-05-28 10:41:39 +03:30
moojttaba
04afa95547 docs: add Sync-From-Code rule + Activity Log
- AGENTS.md: mandate Activity Log entry + section updates after every code push
- 09 - Audits/Activity Log.md: new append-only log, seeded with this session's
  frontend fixes (Docker build unblock, request template debug improvements,
  429 storm fix) and the cross-repo rule rollout

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-28 10:39:57 +03:30
moojttaba
90c2588b9b vault backup: 2026-05-28 09:31:01 2026-05-28 09:31:01 +03:30
moojttaba
061e797544 Merge remote-tracking branch 'origin/main' 2026-05-27 20:06:42 +03:30
Siavash Sameni
f03519bbfb docs(arch): capture RN integration constraints and design implications
Four payment-flow concerns surfaced during the RN integration that
need explicit design decisions before scaling:

1. Rabby wallet unsupported by RN's hosted UI - mitigated by
   bringing the checkout screen in-house.
2. RN auto-bridges cross-chain payments via LiFi, costing someone
   money - mitigated by gating chain selection in our own UI based
   on seller-accepted chains.
3. Single shared escrow wallet exposes the whole platform to
   sanctioned-funds taint - needs per-escrow ephemeral wallets and
   a wallet-abstraction layer.
4. The above pushes RN into a notification-only role - viable but
   needs validation tests (webhook reliability, custom destinations,
   API-only pricing) before commitment.
2026-05-27 10:52:26 +04:00
Siavash Sameni
fdb92a5056 docs: adopt RTK.md as canonical rule set; update RN handover
Moves the canonical agent rule set into nick-doc/RTK.md (previously only
present in the untracked escrow root). backend/AGENTS.md and
frontend/AGENTS.md now point here instead of duplicating the rules
3-ways and drifting.

New rules introduced as part of this session:
- Every build patch-bumps the version (image tracker on git.manko.yoga
  overwrites tags otherwise).
- Pre-deploy CLI verification: smoke tests in scripts/smoke/ must pass
  before pushing a build-triggering commit.
- CI notification safety: HTML-escape commit messages and strip git
  trailers; never embed {{commit.message}} directly in the telegram
  plugin's HTML-formatted body.

Handover doc updated to record that the Request Network checkout flow is
now end-to-end working at 2.6.20 (idempotency in bdbcc32, v2 wire shape
in 40750d3).

Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com
2026-05-27 09:56:43 +04:00
Siavash Sameni
2a00339882 docs(ops): mark Request Network intent idempotency fix as implemented
Backend solution (c) shipped in nick/backend@bdbcc32 — endpoint now reuses
existing pending Payments instead of colliding on the unique index.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 09:05:21 +04:00
Siavash Sameni
a9d7bf003d docs(ops): handover for Request Network intent duplicate key bug
Captures the E11000 collision on the uniq_pending_request_network_by_buyer_session
index, identifies reused purchaseRequestId as the root cause, and lays out the
mongo unblock, frontend id-rotation, and backend idempotency fixes.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 09:01:06 +04:00
Siavash Sameni
8ba8df3833 Add agent rules for auth and versioning 2026-05-25 18:45:46 +04:00
moojttaba
3e063cbf88 Merge remote-tracking branch 'origin/main' 2026-05-25 00:23:05 +03:30
Siavash Sameni
873a57874e Update docs for TON proof backend, Mini App fixes, and EVM wallet stub
PRD - TON Wallet Ownership Proof.md:
- Status updated from ready-to-implement -> backend-implemented.
- Added Implementation Status section documenting what is complete
  (challenge endpoint, tonProofService.ts, User model fields, 15 tests)
  and what remains (frontend proof wiring, verified badge).
- Acceptance criteria updated: backend items checked, frontend pending.

Handoff - Telegram Mini App Debug - 2026-05-24.md:
- New Implemented sections for session 3:
  - TON Wallet Ownership Proof backend (full detail of tonProofService,
    userController changes, User model fields, 15 unit tests).
  - Telegram Mini App shell dir="ltr" + smart displayName fallback.
  - Socket status suppressed on /telegram paths.
  - EVM WalletConnect stub card (disabled until project ID configured).
- Known Issues: TON proof updated to "frontend wiring pending";
  EVM WalletConnect section added with activation steps.
- Current Git State updated to Session 3.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-24 20:21:29 +04:00
Siavash Sameni
940ad0c655 Add full system audit reports and Telegram Mini App debug handoff
- Three-stream audit (security / logic / performance) with 35+ findings
  derived from actual source code, each with file:line and remediation
- Audit Index cross-references criticals across streams into prioritized
  fix tiers: immediately / before soft launch / before public launch
- Telegram Mini App debug handoff documenting what was implemented and
  all remaining work items with exact file lists and test commands
- Updated architecture, data model, auth API, and registration flow docs
  to reflect Telegram auth, TON wallet, and email verification additions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-24 17:20:08 +04:00
Siavash Sameni
2533bedb91 Update Telegram auth verification report 2026-05-24 16:15:40 +04:00
Siavash Sameni
fa7234cbe1 Document Telegram first-class auth 2026-05-24 16:12:46 +04:00
Siavash Sameni
7651d69811 Document telegram-native task 5 foundation 2026-05-24 13:19:54 +04:00
Siavash Sameni
6a451040d9 Complete task 4 backend security architecture docs 2026-05-24 11:31:40 +04:00
Siavash Sameni
4cf5c49274 docs(audit): align documentation with post-remediation backend reality
- Update data model enums to match backend models
- Update API reference auth requirements
- Add dispute module references and warning blocks
- Add 2026-05-24 audit remediation callout to Overview
- Generate task breakdowns and audit artifacts
- Add doc alignment report (.taskmaster/reports/)
2026-05-24 11:16:29 +04:00
Siavash Sameni
b824ca0435 Document payment verification and trezor safekeeping 2026-05-24 11:12:17 +04:00
Siavash Sameni
1a2b9f1f5d docs: refresh taskmaster roadmap share 2026-05-24 09:54:04 +04:00
Siavash Sameni
5188cba9e2 docs: add telegram roadmap and refresh share page 2026-05-24 09:30:35 +04:00
Siavash Sameni
28ff0642b2 added agents.md 2026-05-24 09:22:34 +04:00
Siavash Sameni
4ef9838383 docs: ignore vercel project metadata 2026-05-24 09:13:59 +04:00
Siavash Sameni
b84abb4d75 docs: add vercel taskmaster share site 2026-05-24 09:13:34 +04:00
moojttaba
1925469311 Merge remote-tracking branch 'origin/main' 2026-05-24 08:41:43 +03:30
Siavash Sameni
393bb17c2e docs: add latest audit to taskmaster 2026-05-24 09:09:55 +04:00
Siavash Sameni
a37b1b1446 docs: fix taskmaster file storage config 2026-05-24 09:08:20 +04:00
Siavash Sameni
825add6487 docs: add taskmaster prd task queue 2026-05-24 08:57:38 +04:00
moojttaba
7b011270d6 Merge remote-tracking branch 'origin/main' 2026-05-24 08:17:24 +03:30
moojttaba
41cb3604df Merge remote-tracking branch 'origin/main' 2026-05-24 08:16:28 +03:30
Siavash Sameni
10a6c2fa53 docs: add backend security refactor assessment 2026-05-24 08:43:01 +04:00
Siavash Sameni
fbc13c5128 docs: add payment remediation and request network PRDs 2026-05-24 08:24:02 +04:00
Siavash Sameni
b2acce2ac1 chore: ignore obsidian workspace directory 2026-05-24 08:14:49 +04:00
Siavash Sameni
09ef02c314 fix: repair Mermaid diagram syntax errors and add PRD task plan 2026-05-24 08:07:25 +04:00