In-house Request Network checkout went fully end-to-end on dev today. A real 0.01 USDC payment flowed through wallet connect -> approve -> ERC20FeeProxy.transferFromWithReferenceAndFee -> RN webhook -> TransactionSafetyProvider -> Payment.status=completed -> page success state. Tx 0x494c77a29161b5100d8e0b1ac675f1822955d0bb3633ecdbfafb886f84f2f320. Docs: - New PRD: Wallet, Multichain, Confirmations, AML, Trezor (5 follow-ups, each sized for an independent contributor) - Updated PRD: Request Network In-House Checkout (phases 0..3 done, phase 4 partial, phases 5-6 not started) - Updated handoff: deployed versions, what is working end-to-end, follow-up tasks index Taskmaster: 5 new top-level tasks (#7..#11) covering ephemeral destination wallets, multichain proxy registry + USDC/USDT, runtime confirmation thresholds, optional seller-paid AML screening, and Trezor signing for admin actions. Tasks are scoped fine-grained so each is independent enough for kimi to pick up. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Taskmaster Dashboard
Generated from .taskmaster/tasks/tasks.json at 2026-05-28T11:49:27.076Z.
Taskmaster remains the canonical source of truth. Re-run:
node scripts/export-taskmaster-to-obsidian.mjs
Status Summary
- done: 44
- in-progress: 2
- pending: 8
Task Index
| ID | Title | Status | Priority | Dependencies |
|---|---|---|---|---|
| [[Tasks/task-1 | 1]] | Stabilize Mermaid diagram rendering across documentation vault | done | medium |
| [[Tasks/task-1-1 | 1.1]] | Fix Security Architecture email/password sequence | done | medium |
| [[Tasks/task-1-2 | 1.2]] | Fix authentication login and refresh diagrams | done | medium |
| [[Tasks/task-1-3 | 1.3]] | Fix chat, delivery, dispute, OAuth, purchase request, referral, registration, and seller-offer diagrams | done | medium |
| [[Tasks/task-2 | 2]] | Implement platform audit remediation plan | done | high |
| [[Tasks/task-2-1 | 2.1]] | Secure unauthenticated endpoints and owner enforcement | done | high |
| [[Tasks/task-2-2 | 2.2]] | Re-enable and scope rate limiting | done | high |
| [[Tasks/task-2-3 | 2.3]] | Replace stubbed passkey/WebAuthn flow | done | high |
| [[Tasks/task-2-4 | 2.4]] | Strengthen DePay/Web3 payment verification | done | high |
| [[Tasks/task-2-5 | 2.5]] | Lock Socket.IO room joins to authenticated context | done | medium |
| [[Tasks/task-2-6 | 2.6]] | Enforce dispute hold before payout and release operations | done | medium |
| [[Tasks/task-2-7 | 2.7]] | Align documentation, API references, and runtime enums | done | medium |
| [[Tasks/task-3 | 3]] | Migrate payment architecture toward Request Network and internal funds management | done | high |
| [[Tasks/task-3-1 | 3.1]] | Define provider-neutral payment contracts and adapter | done | high |
| [[Tasks/task-3-2 | 3.2]] | Implement provider configuration, feature flags, and safe rollback | done | high |
| [[Tasks/task-3-3 | 3.3]] | Create internal funds and payment ledger model | done | high |
| [[Tasks/task-3-4 | 3.4]] | Build migration and indexing plan for existing SHKeeper records | done | high |
| [[Tasks/task-3-5 | 3.5]] | Implement Request Network pay-in intent and secure payment pages | done | high |
| [[Tasks/task-3-6 | 3.6]] | Implement signed Request Network webhook intake | done | high |
| [[Tasks/task-3-7 | 3.7]] | Implement reconciliation and repair jobs | done | high |
| [[Tasks/task-3-8 | 3.8]] | Replace checkout and payment UI with provider-neutral flows | done | high |
| [[Tasks/task-3-9 | 3.9]] | Add payout/release and refund orchestration using ledger gates | done | high |
| [[Tasks/task-3-10 | 3.10]] | Update release/refund APIs and marketplace release paths | done | high |
| [[Tasks/task-3-11 | 3.11]] | Add comprehensive observability, runbooks, and incident controls | done | high |
| [[Tasks/task-3-12 | 3.12]] | Add end-to-end integration, migration, and rollback test suites | done | high |
| [[Tasks/task-3-13 | 3.13]] | Add durable RN webhook ingress and transaction safety | pending | high |
| [[Tasks/task-4 | 4]] | Define backend security and refactor strategy from latest audit | done | high |
| [[Tasks/task-4-1 | 4.1]] | Assign security ownership and launch decision criteria | done | high |
| [[Tasks/task-4-2 | 4.2]] | Produce threat model for escrow platform | done | high |
| [[Tasks/task-4-3 | 4.3]] | Specify funds ledger and escrow state machine | done | high |
| [[Tasks/task-4-4 | 4.4]] | Create authorization matrix for REST and Socket.IO | done | high |
| [[Tasks/task-4-5 | 4.5]] | Decide session, passkey, and admin step-up architecture | done | high |
| [[Tasks/task-4-6 | 4.6]] | Specify webhook security and provider adapter contracts | done | high |
| [[Tasks/task-4-7 | 4.7]] | Define secure build and supply-chain policy | done | medium |
| [[Tasks/task-4-8 | 4.8]] | Make backend-core stack decision | done | medium |
| [[Tasks/task-4-9 | 4.9]] | Create migration and operational runbooks | done | medium |
| [[Tasks/task-5 | 5]] | Deliver Telegram-native app, bot, and wallet experience | in-progress | high |
| [[Tasks/task-5-1 | 5.1]] | Define Telegram product surface and flow map | done | high |
| [[Tasks/task-5-2 | 5.2]] | Build Telegram identity linking and session model | done | high |
| [[Tasks/task-5-3 | 5.3]] | Implement bot command and notification foundation | done | high |
| [[Tasks/task-5-4 | 5.4]] | Build Telegram Mini App shell for marketplace workflows | in-progress | high |
| [[Tasks/task-5-5 | 5.5]] | Add Telegram payment and wallet strategy | done | high |
| [[Tasks/task-5-6 | 5.6]] | Expose escrow, delivery, dispute, and release actions safely | pending | high |
| [[Tasks/task-5-7 | 5.7]] | Add admin and support surface for Telegram-originated cases | pending | high |
| [[Tasks/task-5-8 | 5.8]] | Add security, compliance, and abuse controls for Telegram | done | high |
| [[Tasks/task-5-9 | 5.9]] | Prepare QA, rollout, analytics, and launch operations | done | high |
| [[Tasks/task-5-10 | 5.10]] | Implement Telegram as first-class authentication provider | done | high |
| [[Tasks/task-6 | 6]] | Request Network in-house checkout (Rabby-supporting) | done | high |
| [[Tasks/task-6-1 | 6.1]] | Deploy confirmation repair before next paid probe | done | high |
| [[Tasks/task-7 | 7]] | Per-(buyer, sellerOffer) ephemeral RN destination wallets | pending | high |
| [[Tasks/task-8 | 8]] | Multichain RN proxy registry + USDC/USDT support | pending | high |
| [[Tasks/task-9 | 9]] | Per-chain confirmation thresholds + admin UI | pending | medium |
| [[Tasks/task-10 | 10]] | Optional AML screening on incoming payments (seller-paid) | pending | medium |
| [[Tasks/task-11 | 11]] | Trezor signing for admin actions (release/refund/sweep) | pending | high |
Obsidian Tasks Query
not done
tag includes #taskmaster
sort by priority
sort by description