Files
nick-doc/Taskmaster/README.md
Siavash Sameni 0060b16912 docs: ship in-house RN checkout, scope 5 follow-up tasks (#7-11)
In-house Request Network checkout went fully end-to-end on dev today.
A real 0.01 USDC payment flowed through wallet connect -> approve ->
ERC20FeeProxy.transferFromWithReferenceAndFee -> RN webhook ->
TransactionSafetyProvider -> Payment.status=completed -> page success
state. Tx 0x494c77a29161b5100d8e0b1ac675f1822955d0bb3633ecdbfafb886f84f2f320.

Docs:
- New PRD: Wallet, Multichain, Confirmations, AML, Trezor
  (5 follow-ups, each sized for an independent contributor)
- Updated PRD: Request Network In-House Checkout (phases 0..3 done,
  phase 4 partial, phases 5-6 not started)
- Updated handoff: deployed versions, what is working end-to-end,
  follow-up tasks index

Taskmaster: 5 new top-level tasks (#7..#11) covering ephemeral
destination wallets, multichain proxy registry + USDC/USDT, runtime
confirmation thresholds, optional seller-paid AML screening, and
Trezor signing for admin actions. Tasks are scoped fine-grained so
each is independent enough for kimi to pick up.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 15:50:24 +04:00

84 lines
6.0 KiB
Markdown

# Taskmaster Dashboard
Generated from `.taskmaster/tasks/tasks.json` at 2026-05-28T11:49:27.076Z.
Taskmaster remains the canonical source of truth. Re-run:
```sh
node scripts/export-taskmaster-to-obsidian.mjs
```
## Status Summary
- done: 44
- in-progress: 2
- pending: 8
## Task Index
| ID | Title | Status | Priority | Dependencies |
| --- | --- | --- | --- | --- |
| [[Tasks/task-1|1]] | Stabilize Mermaid diagram rendering across documentation vault | done | medium | None |
| [[Tasks/task-1-1|1.1]] | Fix Security Architecture email/password sequence | done | medium | None |
| [[Tasks/task-1-2|1.2]] | Fix authentication login and refresh diagrams | done | medium | None |
| [[Tasks/task-1-3|1.3]] | Fix chat, delivery, dispute, OAuth, purchase request, referral, registration, and seller-offer diagrams | done | medium | None |
| [[Tasks/task-2|2]] | Implement platform audit remediation plan | done | high | None |
| [[Tasks/task-2-1|2.1]] | Secure unauthenticated endpoints and owner enforcement | done | high | None |
| [[Tasks/task-2-2|2.2]] | Re-enable and scope rate limiting | done | high | 1 |
| [[Tasks/task-2-3|2.3]] | Replace stubbed passkey/WebAuthn flow | done | high | 1 |
| [[Tasks/task-2-4|2.4]] | Strengthen DePay/Web3 payment verification | done | high | 1 |
| [[Tasks/task-2-5|2.5]] | Lock Socket.IO room joins to authenticated context | done | medium | 1 |
| [[Tasks/task-2-6|2.6]] | Enforce dispute hold before payout and release operations | done | medium | 1, 4 |
| [[Tasks/task-2-7|2.7]] | Align documentation, API references, and runtime enums | done | medium | 1, 2, 3, 4, 5, 6 |
| [[Tasks/task-3|3]] | Migrate payment architecture toward Request Network and internal funds management | done | high | 2 |
| [[Tasks/task-3-1|3.1]] | Define provider-neutral payment contracts and adapter | done | high | None |
| [[Tasks/task-3-2|3.2]] | Implement provider configuration, feature flags, and safe rollback | done | high | 3.1 |
| [[Tasks/task-3-3|3.3]] | Create internal funds and payment ledger model | done | high | 3.1 |
| [[Tasks/task-3-4|3.4]] | Build migration and indexing plan for existing SHKeeper records | done | high | 3.3 |
| [[Tasks/task-3-5|3.5]] | Implement Request Network pay-in intent and secure payment pages | done | high | 3.2 |
| [[Tasks/task-3-6|3.6]] | Implement signed Request Network webhook intake | done | high | 3.2 |
| [[Tasks/task-3-7|3.7]] | Implement reconciliation and repair jobs | done | high | 3.5, 3.6 |
| [[Tasks/task-3-8|3.8]] | Replace checkout and payment UI with provider-neutral flows | done | high | 3.5 |
| [[Tasks/task-3-9|3.9]] | Add payout/release and refund orchestration using ledger gates | done | high | 3.3, 3.7 |
| [[Tasks/task-3-10|3.10]] | Update release/refund APIs and marketplace release paths | done | high | 3.8, 3.9 |
| [[Tasks/task-3-11|3.11]] | Add comprehensive observability, runbooks, and incident controls | done | high | 3.6, 3.8, 3.9, 3.10 |
| [[Tasks/task-3-12|3.12]] | Add end-to-end integration, migration, and rollback test suites | done | high | 3.6, 3.10, 3.11 |
| [[Tasks/task-3-13|3.13]] | Add durable RN webhook ingress and transaction safety | pending | high | None |
| [[Tasks/task-4|4]] | Define backend security and refactor strategy from latest audit | done | high | None |
| [[Tasks/task-4-1|4.1]] | Assign security ownership and launch decision criteria | done | high | None |
| [[Tasks/task-4-2|4.2]] | Produce threat model for escrow platform | done | high | 1 |
| [[Tasks/task-4-3|4.3]] | Specify funds ledger and escrow state machine | done | high | 2 |
| [[Tasks/task-4-4|4.4]] | Create authorization matrix for REST and Socket.IO | done | high | 2 |
| [[Tasks/task-4-5|4.5]] | Decide session, passkey, and admin step-up architecture | done | high | 2 |
| [[Tasks/task-4-6|4.6]] | Specify webhook security and provider adapter contracts | done | high | 3 |
| [[Tasks/task-4-7|4.7]] | Define secure build and supply-chain policy | done | medium | 1 |
| [[Tasks/task-4-8|4.8]] | Make backend-core stack decision | done | medium | 2, 3, 4, 5, 6, 7 |
| [[Tasks/task-4-9|4.9]] | Create migration and operational runbooks | done | medium | 8 |
| [[Tasks/task-5|5]] | Deliver Telegram-native app, bot, and wallet experience | in-progress | high | None |
| [[Tasks/task-5-1|5.1]] | Define Telegram product surface and flow map | done | high | None |
| [[Tasks/task-5-2|5.2]] | Build Telegram identity linking and session model | done | high | 1 |
| [[Tasks/task-5-3|5.3]] | Implement bot command and notification foundation | done | high | 1, 2 |
| [[Tasks/task-5-4|5.4]] | Build Telegram Mini App shell for marketplace workflows | in-progress | high | 1, 2 |
| [[Tasks/task-5-5|5.5]] | Add Telegram payment and wallet strategy | done | high | 2, 4 |
| [[Tasks/task-5-6|5.6]] | Expose escrow, delivery, dispute, and release actions safely | pending | high | 4, 5 |
| [[Tasks/task-5-7|5.7]] | Add admin and support surface for Telegram-originated cases | pending | high | 2, 3, 5 |
| [[Tasks/task-5-8|5.8]] | Add security, compliance, and abuse controls for Telegram | done | high | 2, 3, 5, 6 |
| [[Tasks/task-5-9|5.9]] | Prepare QA, rollout, analytics, and launch operations | done | high | 3, 4, 5, 6, 7, 8 |
| [[Tasks/task-5-10|5.10]] | Implement Telegram as first-class authentication provider | done | high | 2, 8 |
| [[Tasks/task-6|6]] | Request Network in-house checkout (Rabby-supporting) | done | high | None |
| [[Tasks/task-6-1|6.1]] | Deploy confirmation repair before next paid probe | done | high | None |
| [[Tasks/task-7|7]] | Per-(buyer, sellerOffer) ephemeral RN destination wallets | pending | high | None |
| [[Tasks/task-8|8]] | Multichain RN proxy registry + USDC/USDT support | pending | high | None |
| [[Tasks/task-9|9]] | Per-chain confirmation thresholds + admin UI | pending | medium | None |
| [[Tasks/task-10|10]] | Optional AML screening on incoming payments (seller-paid) | pending | medium | None |
| [[Tasks/task-11|11]] | Trezor signing for admin actions (release/refund/sweep) | pending | high | None |
## Obsidian Tasks Query
```tasks
not done
tag includes #taskmaster
sort by priority
sort by description
```