Siavash Sameni 7a616744f4 docs: complete code-reality alignment for remaining docs + reconcile issue set
Remaining docs updated to match code (the docs that the first pass had not covered):
- Flows: Chat, Referral, Rating, Registration, Google OAuth, Negotiation, Payout,
  Trezor Safekeeping — corrected endpoints, socket events, status enums, auth gaps
- API Reference: User API, Trezor API — admin route prefix/verb/status corrections,
  added undocumented endpoints (ton-proof challenge, profile email verify,
  GET /trezor/account, POST /trezor/verify-operation)
- Data Models: Chat, Notification, Payment, PointTransaction, User — corrected
  enums (PaymentProvider, escrowState, PointTransaction.type, User.status),
  90-day notification TTL, soft-delete semantics, wallet fields

Trezor "zero frontend" finding (audit C31/C32) corrected as STALE:
- Verified current code HAS a full frontend Trezor implementation (admin/trezor
  page, TrezorSettingsView, trezorConnector via @trezor/connect-web,
  TrezorSignDialog, actions/trezor.ts building the {message,signature} object)
- Fixed Trezor Safekeeping Flow doc (removed false "no frontend" warnings)
- Reclassified ISSUE-012 as invalid/superseded with explanation

Issue set reconciled to a single canonical numbering (ISSUE-001..054):
- Adopted the comprehensive 51-issue set (long-slug, fully indexed)
- Removed 35 superseded short-slug duplicates from the first pass
- Removed a duplicate ISSUE-046 file
- Added 3 issues the 51-set lacked: ISSUE-052 (completed-not-counted-in-stats),
  ISSUE-053 (axios 401-only interceptor), ISSUE-054 (rate limiter counts all attempts)
- Regenerated Issues Index: 53 open (14 critical, 39 major) + 1 invalid

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-29 15:15:02 +04:00

title, tags, created
title tags created
Amn Marketplace — Documentation Vault
moc
index
2026-05-23

vase in app mikham

Amn Marketplace — Documentation Vault

Complete technical & operational documentation for the Amn (a.k.a. "nick app") crypto-escrow marketplace platform. This vault is exhaustive enough to re-implement the system from scratch with no access to the source code.

[!info] Repos: git@git.manko.yoga:222/nick/{backend,frontend}.git · Branch: development · Vault generated: 2026-05-23


How to read this vault

Open this folder in Obsidian for the best experience (graph view + wikilinks + Mermaid rendering). It also reads as plain Markdown anywhere.

Suggested reading paths:

  • New developer00 Overview01 Architecture07 Development/Local Setup → start coding.
  • Re-implementer00 Overview02 Data Models03 API Reference04 Flows01 Architecture for plumbing details.
  • Designer00 Overview05 Design System01 Architecture/Frontend Architecture.
  • Product / PM00 Overview04 Flows06 Usage.
  • Operator / DevOps00 Overview01 Architecture/Infrastructure08 Operations.
  • Support staff06 Usage/Support Guide + 00 Overview/Glossary + relevant flow docs.

00 — Overview

Project context, the cast of characters, and shared vocabulary.

01 — Architecture

How the system is composed at every layer.

02 — Data Models

Per-entity Mongoose schemas — fields, relationships, state machines.

03 — API Reference

Every endpoint, grouped by service. Auth, request/response shapes, errors, socket events.

04 — Flows

End-to-end narratives for every user-visible interaction, with Mermaid sequence/state diagrams.

Identity

Marketplace

Money

Resolution

Engagement

05 — Design System

The visual & UX language of the frontend.

06 — Usage

End-user guides — one per role.

07 — Development

For engineers contributing to the codebase.

08 — Operations

For engineers / SREs running the system in production.


Cross-cutting indexes

By topic

Topic Start here
Payments PRD - Request Network In-House CheckoutPayment APIPaymentPayout Flow
Custody / escrow strategy PRD - Decentralized Custody and Smart-Contract Escrow RoadmapEscrow FlowFunds Ledger and Escrow State Machine Specification
Auth Authentication FlowAuthentication APISecurity Architecture
Backend security / refactor Backend Stack Security and Refactor Assessment - 2026-05-24Platform Logical Audit - 2026-05-24PRD - Platform Audit Remediation Plan (2026-05-24)
Developer task queue .taskmaster/README.md.taskmaster/tasks/tasks.json → root PRD - *.md files
Real-time Real-time LayerSocket EventsChat Flow / Notification Flow
Disputes Dispute FlowDispute APIDisputeAdmin Guide §5
Web3 Payment Flow - DePay & Web3Frontend Architecture §9
i18n / RTL Internationalization & RTLTypography
Theming Design System OverviewTheme ConfigurationSettings & Theming

By role

If you are… Start with
Buyer User Guide
Seller / Owner Seller Guide
Admin Admin Guide
Support agent Support Guide
Backend engineer Backend Architecture · Data Model Overview
Frontend engineer Frontend Architecture · Design System Overview
DevOps / SRE Infrastructure · Deployment · Incident Response
Product / PM Introduction · Roles & Personas · 04 Flows

Vault conventions

  • Wikilinks [[Document Name]] (no extension) — Obsidian resolves them automatically.
  • YAML frontmatter at the top of every file — title, tags, created.
  • Callouts > [!note], > [!warning], > [!tip], > [!info], > [!important], > [!example].
  • Mermaid diagrams in fenced code blocks (flowchart, sequenceDiagram, stateDiagram-v2, erDiagram).
  • Citations file:lineNumber whenever referring to specific code (e.g., backend/src/app.ts:79-179).
  • Tables for structured data — env vars, endpoints, model fields, etc.

Statistics

  • ~85 markdown files across 9 sections
  • ~600 KB total of documentation
  • ~80,000 words of prose
  • Mermaid diagrams for every major flow and architecture view
  • Wikilinks throughout for graph-view navigation

Known limitations & roadmap items

These are documented in their respective sections but worth highlighting:

Warning

  • Backend rate-limit middleware is currently disabled (backend/src/app.ts:227). Enable before any public traffic — see Security Architecture.
  • Passkey service is partly stubbed — see Passkey (WebAuthn) Flow for production-hardening checklist.
  • Auto-release of escrow on delivery confirmation not yet automated — admin/custody operators run release flows. See Delivery Confirmation Flow + Payout Flow.
  • Dispute holds exist in code, but the Dispute model/docs still need full canonical state-machine alignment. See Dispute Flow + Escrow Flow.
  • Several development env values committed as public — see Environment Variables for rotation list.
  • Single-host deployment; horizontal scaling requires Redis adapter for Socket.IO — see Real-time Layer §8.
  • Request Network webhooks currently land on the main app. Roadmap: Cloudflare Worker durable ingress + replay, with backend Transaction Safety Provider checks before escrow is credited. See Request Network Integration Constraints.

Contributing to this vault

  • Add files under the appropriate section folder.
  • Use the conventions above (frontmatter, wikilinks, callouts).
  • Run git diff on the source repo before updating docs — keep cited line numbers fresh.
  • For new flows, follow the structure of Authentication Flow (Actors → Preconditions → Steps → Mermaid → API calls → DB writes → Socket events → Side effects → Errors → Related).
  • For new models, follow the structure of User (purpose → schema table → virtuals/hooks → methods → relationships → state diagram → queries → related).

License & ownership

The vault is the project's internal documentation. Treat all credentials, addresses, and operational details as confidential. Public-facing copies should redact the seed credentials, env values, and any production URLs/IDs that aren't already public.


End

Welcome to the codebase. If anything here is unclear, the source is in the Backend Architecture / Frontend Architecture cited files — fix the docs as you go.

Description
No description provided
Readme 6.9 MiB
Languages
HTML 55.7%
JavaScript 44.3%