Four payment-flow concerns surfaced during the RN integration that
need explicit design decisions before scaling:
1. Rabby wallet unsupported by RN's hosted UI - mitigated by
bringing the checkout screen in-house.
2. RN auto-bridges cross-chain payments via LiFi, costing someone
money - mitigated by gating chain selection in our own UI based
on seller-accepted chains.
3. Single shared escrow wallet exposes the whole platform to
sanctioned-funds taint - needs per-escrow ephemeral wallets and
a wallet-abstraction layer.
4. The above pushes RN into a notification-only role - viable but
needs validation tests (webhook reliability, custom destinations,
API-only pricing) before commitment.
Moves the canonical agent rule set into nick-doc/RTK.md (previously only
present in the untracked escrow root). backend/AGENTS.md and
frontend/AGENTS.md now point here instead of duplicating the rules
3-ways and drifting.
New rules introduced as part of this session:
- Every build patch-bumps the version (image tracker on git.manko.yoga
overwrites tags otherwise).
- Pre-deploy CLI verification: smoke tests in scripts/smoke/ must pass
before pushing a build-triggering commit.
- CI notification safety: HTML-escape commit messages and strip git
trailers; never embed {{commit.message}} directly in the telegram
plugin's HTML-formatted body.
Handover doc updated to record that the Request Network checkout flow is
now end-to-end working at 2.6.20 (idempotency in bdbcc32, v2 wire shape
in 40750d3).
Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com
Backend solution (c) shipped in nick/backend@bdbcc32 — endpoint now reuses
existing pending Payments instead of colliding on the unique index.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Captures the E11000 collision on the uniq_pending_request_network_by_buyer_session
index, identifies reused purchaseRequestId as the root cause, and lays out the
mongo unblock, frontend id-rotation, and backend idempotency fixes.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
PRD - TON Wallet Ownership Proof.md:
- Status updated from ready-to-implement -> backend-implemented.
- Added Implementation Status section documenting what is complete
(challenge endpoint, tonProofService.ts, User model fields, 15 tests)
and what remains (frontend proof wiring, verified badge).
- Acceptance criteria updated: backend items checked, frontend pending.
Handoff - Telegram Mini App Debug - 2026-05-24.md:
- New Implemented sections for session 3:
- TON Wallet Ownership Proof backend (full detail of tonProofService,
userController changes, User model fields, 15 unit tests).
- Telegram Mini App shell dir="ltr" + smart displayName fallback.
- Socket status suppressed on /telegram paths.
- EVM WalletConnect stub card (disabled until project ID configured).
- Known Issues: TON proof updated to "frontend wiring pending";
EVM WalletConnect section added with activation steps.
- Current Git State updated to Session 3.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Three-stream audit (security / logic / performance) with 35+ findings
derived from actual source code, each with file:line and remediation
- Audit Index cross-references criticals across streams into prioritized
fix tiers: immediately / before soft launch / before public launch
- Telegram Mini App debug handoff documenting what was implemented and
all remaining work items with exact file lists and test commands
- Updated architecture, data model, auth API, and registration flow docs
to reflect Telegram auth, TON wallet, and email verification additions
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>