Files
nick-doc/09 - Audits/Activity Log.md

47 KiB
Raw Blame History

title, tags, created
title tags created
Activity Log
audit
log
append-only
2026-05-28

Activity Log

Append-only log of every git push from backend and frontend. Newest entries on top. Maintained by agents per the rule in ../AGENTS.md.


2026-06-02 — backend@882096f, deployment@8764fdf — enable notification Postgres dev cutover

Commits: backend b64995a and 882096f (version 2.8.36), frontend 28ad8e6 (version 2.8.36, already on remote), deployment 8764fdf Touched:

  • Backend: src/services/marketplace/index.ts, __tests__/marketplace-runtime-import-surface.test.ts, package.json, package-lock.json
  • Deployment: docker-compose.yml, gatus/config.yaml Why: Continue MongoDB removal by detaching the unmounted legacy marketplace router export that still pulled in top-level Mongoose/model imports, and move notifications from PG-capable/operator-ready to PG-backed in the dev runtime. Dev Gatus now requires eight enabled Postgres stores and explicitly asserts storeModes.notification == "postgres". Verification: Backend npm run typecheck; backend npm test -- --runTestsByPath __tests__/marketplace-runtime-import-surface.test.ts __tests__/blog-service-repo.test.ts __tests__/health-check-service.test.ts --runInBand; backend active-surface static scan for non-type top-level mongoose/models/* imports returned no matches; backend/frontend/deployment git diff --check. Frontend push was not needed because remote frontend was already at 2.8.36. Linked docs updated: Postgres Runtime Cutover Status

2026-06-02 — backend@f1ba14b, frontend@b94d8a9 — add notification Postgres backfill tooling

Commits: backend f1ba14b (version 2.8.34), frontend b94d8a9 (version 2.8.34) Touched:

  • Backend: src/services/notification/notificationBackfill.ts, src/scripts/backfillNotificationPostgres.ts, src/db/backfill/backfill-notifications.ts, src/db/backfill/run-backfill.ts, scripts/smoke/notifications-postgres.sh, __tests__/notification-backfill.test.ts, package.json, package-lock.json
  • Frontend: package.json version metadata only. Why: Continue the MongoDB removal by making the already repo-backed notification domain operator-ready for Postgres cutover. Existing notification runtime paths use getNotificationRepo(); this adds Mongo→Postgres backfill, ordered-runner inclusion, dry-run support, and a focused PG smoke for notification create/list/read/delete behavior. Verification: Backend npm run typecheck; backend npm test -- --runTestsByPath __tests__/notification-service-repo.test.ts __tests__/notification-backfill.test.ts __tests__/health-check-service.test.ts --runInBand; backend bash scripts/smoke/marketplace-core-postgres-backfill.sh (static checks passed; optional live dry-run skipped because migration DSNs were not set); backend active-surface static scan for non-type top-level mongoose/models/* imports returned no matches; backend/frontend git diff --check. The new scripts/smoke/notifications-postgres.sh was added but not run locally because no PG_URL/DATABASE_URL/POSTGRES_URL is configured in the backend env files. Linked docs updated: Postgres Runtime Cutover Status

2026-06-02 — backend@10de752, frontend@3dfbac2 — defer legacy Mongo runtime imports

Commits: backend 10de752 (version 2.8.33), frontend 3dfbac2 (version 2.8.33) Touched:

  • Backend: src/infrastructure/database/connection.ts, src/services/health/healthCheckService.ts, src/services/admin/dataCleanupService.ts, src/services/payment/migration/reportService.ts, package.json, package-lock.json
  • Frontend: package.json version metadata only. Why: Continue removing MongoDB as a runtime dependency by deferring the remaining active startup/health/admin/report Mongoose/model loads. Legacy Mongo connection, health ping, admin cleanup, and SHKeeper migration report paths still work, but now load Mongoose/models only when those legacy actions actually run. Verification: Backend npm run typecheck; backend npm test -- --runTestsByPath __tests__/health-check-service.test.ts --runInBand; backend npm test -- --runTestsByPath __tests__/payment-migration.service.test.ts --runInBand; backend static scan for non-type top-level mongoose/models/* imports in active app/routes/services/infrastructure returned no matches; backend/frontend git diff --check; BASE_URL=https://dev.amn.gg bash scripts/smoke/backend-health.sh passed against dev before push. Linked docs updated: Postgres Runtime Cutover Status

2026-06-02 — backend@134d155, frontend@18af5dd — lazy-load PG-capable store Mongo fallbacks

Commits: backend 134d155 (version 2.8.32), frontend 18af5dd (version 2.8.32) Touched:

  • Backend: src/services/config/configStore.ts, src/services/marketplace/reviewStore.ts, src/services/marketplace/shopSettingsStore.ts, package.json, package-lock.json
  • Frontend: package.json version metadata only. Why: Continue removing MongoDB as a runtime dependency by making the already PG-capable config, review, and shop-settings stores avoid top-level Mongoose/model imports. Mongo fallback/backfill paths still lazy-load the legacy models when they are actually used, preserving rollback/mirror behavior. Verification: Backend npm run typecheck; backend bash scripts/smoke/marketplace-core-postgres-backfill.sh (static Jest checks passed; optional live dry-run skipped because MIGRATION_MONGO_URL/MIGRATION_PG_URL were not set); backend npx jest __tests__/health-check-service.test.ts __tests__/telegram-service.test.ts __tests__/telegram-auth.test.ts --runInBand rerun outside the sandbox after MongoMemoryServer hit local bind restrictions (16/16 passed); backend/frontend git diff --check. Linked docs updated: Postgres Runtime Cutover Status

2026-06-01 — backend@2c5c3c7, frontend@775a73b — route funds ledger through payment repo seam

Commits: backend 2c5c3c7, frontend 775a73b (backend 2.8.20, frontend 2.8.20) Touched:

  • Backend: src/services/payment/ledger/fundsLedgerService.ts, src/db/repositories/factory.ts, src/db/repositories/drizzle/DrizzlePaymentRepo.ts, src/db/repositories/mongo/MongoPaymentRepo.ts, __tests__/payment-ledger.service.test.ts, __tests__/mongo-payment-repo.test.ts, scripts/smoke/funds-ledger-repo.sh, package.json, package-lock.json
  • Frontend: package.json, Dockerfile version metadata only. Why: Start replacing the remaining PG-capable repository stores with a low-risk money-core slice. Funds ledger appends and balance reads now go through getPaymentRepo(), so REPO_PAYMENT=mongo|dual|pg can control the ledger path. The repo factory now lazy-loads PG/dual implementations so importing it in Mongo mode no longer requires PG_URL. Mongo/Drizzle payment repo stats were aligned with live behavior (buyerId, nested amount.amount, and completed counted as successful), and Drizzle ledger balance reads now match external/string refs as well as UUID refs. Verification: Backend git pull --rebase --autostash (already up to date); backend scripts/smoke/funds-ledger-repo.sh; backend npm test -- --runTestsByPath __tests__/payment-release-refund-orchestration.test.ts __tests__/money-safety.test.ts --runInBand (money-safety skipped by its own env guard); backend npm run typecheck -- --pretty false; backend npm run build:server; frontend git pull --rebase --autostash (already up to date); frontend npx tsc --noEmit --project tsconfig.json; frontend npm run build (passed with the existing non-fatal SSR getPosts fetch refusal during static page generation); backend/frontend git diff --check. Linked docs updated: Postgres Runtime Cutover Status, MongoDB to PostgreSQL Migration Plan (Drizzle), Payment

2026-06-01 — deployment@38cb75b — default PG-capable stores to Postgres in dev

Commits: deployment 38cb75b Touched:

  • Deployment: docker-compose.yml, gatus/config.yaml Why: Move the existing PG-capable runtime stores from opt-in env settings to the default dev runtime: AUTH_STORE, CONFIG_STORE, ADDRESS_STORE, CATEGORY_STORE, LEVEL_CONFIG_STORE, SHOP_SETTINGS_STORE, and REVIEW_STORE now default to postgres in compose. Gatus now verifies checks.postgres.enabledStoreCount >= 7 and asserts each of those store modes is postgres, so monitoring catches partial cutover drift. Verification: Deployment YAML parse via ruby -e 'require "yaml"; YAML.load_file("docker-compose.yml"); YAML.load_file("gatus/config.yaml"); puts "yaml ok"'; deployment docker compose config --quiet. Linked docs updated: Postgres Runtime Cutover Status, Monitoring, Gatus Monitoring - Proposed Config

2026-06-01 — backend@c5db471, frontend@f424a03 — add RequestTemplate Postgres backfill surface

Commits: backend c5db471, frontend f424a03 (backend 2.8.19, frontend 2.8.19) Touched:

  • Backend: src/db/schema/requestTemplate.ts, src/db/backfill/backfill-requestTemplates.ts, src/db/backfill/run-backfill.ts, src/db/backfill/_idMap.ts, src/db/schema/purchaseRequest.ts, src/db/migrations/0010_request_templates.sql, src/db/migrations/meta/_journal.json, __tests__/marketplace-core-backfill.test.ts, package.json, package-lock.json
  • Frontend: package.json, Dockerfile version metadata only. Why: Start the 28 migration pass with the lowest-risk marketplace-core gap. RequestTemplate now has a PG schema, id-map collection entry, ordered backfill step, and marketplace-core runner coverage. The same migration also adds the missing unique index for purchase_request_specifications (purchase_request_id, key), matching the existing backfill upsert target. Verification: Backend ./scripts/smoke/marketplace-core-postgres-backfill.sh (static checks passed; optional live dry-run skipped because MIGRATION_MONGO_URL/MIGRATION_PG_URL were not set); backend npm test -- --runTestsByPath __tests__/marketplace-core-backfill.test.ts; backend npm run typecheck -- --pretty false; backend npm run build:server; frontend npx tsc --noEmit --project tsconfig.json; frontend npm run build (passed with the existing non-fatal SSR getPosts fetch refusal during static page generation); backend/frontend git diff --check. Linked docs updated: RequestTemplate, Postgres Runtime Cutover Status, MongoDB to PostgreSQL Migration Plan (Drizzle), MongoDB to PostgreSQL Migration Guide

2026-06-01 — backend@1543b53, frontend@457de07 — enforce unique active categories

Commits: backend 1543b53, frontend 457de07 (backend 2.8.17, frontend 2.8.17) Touched:

  • Backend: src/services/marketplace/categoryStore.ts, src/services/marketplace/CategoryService.ts, src/db/schema/category.ts, src/db/migrations/0009_unique_active_categories.sql, src/db/migrations/meta/_journal.json, __tests__/category-store.test.ts, scripts/smoke/categories-postgres-unique.sh, scripts/smoke/reference-stores-postgres.sh, package.json, package-lock.json
  • Frontend: package.json version metadata only. Why: Category seed/backfill reruns could leave multiple active rows with the same visible label, which surfaced in the category dropdown as repeated Persian names. The PG category store now deactivates duplicate active rows before adding a normalized active-name unique index, repoints existing category references to the kept row, catches duplicate inserts as idempotent creates, and dedupes cached/list responses so stale rows cannot leak into the UI. Verification: Backend npm test -- --runTestsByPath __tests__/category-store.test.ts __tests__/postgres-client.test.ts; backend npm run typecheck; backend npm run build:server; backend PG_URL=postgresql://escrow:throwaway@127.0.0.1:5434/escrow_migration_test ./scripts/smoke/categories-postgres-unique.sh; frontend npx tsc --noEmit --project tsconfig.json; frontend npm run build (passed with the existing non-fatal SSR getPosts fetch refusal during static page generation). Linked docs updated: Category, Postgres Runtime Cutover Status, MongoDB to PostgreSQL Migration Plan (Drizzle), MongoDB to PostgreSQL Migration Guide

2026-06-01 — backend@6df113d, frontend@0f1db64 — harden marketplace-core Postgres backfill

Commits: backend 6df113d, frontend 0f1db64 (backend 2.8.13, frontend 2.8.13) Touched:

  • Backend: src/db/backfill/backfill-purchaseRequests.ts, src/db/backfill/run-backfill.ts, __tests__/marketplace-core-backfill.test.ts, scripts/smoke/marketplace-core-postgres-backfill.sh, package.json, package-lock.json
  • Frontend: src/components/hook-form/rhf-select.tsx, tsconfig.json, yarn.lock, package.json Why: The next Postgres migration slice is marketplace core. The existing PurchaseRequest/SellerOffer backfill path had real cutover blockers: the purchase_requests insert omitted updated_at, preferred sellers wrote the wrong junction column, and selected offers were remapped before seller offers existed. The runner now exposes a marketplaceCore group and a post-offer selected-offer remap step. Frontend typecheck was restored after the pulled request-template changes by installing the declared rehype-sanitize lock entry, allowing displayEmpty through RHFSelect, and silencing TS6's baseUrl deprecation gate. Verification: Backend ./scripts/smoke/marketplace-core-postgres-backfill.sh (static checks passed; optional live dry-run skipped because MIGRATION_MONGO_URL/MIGRATION_PG_URL were not set); backend npm run typecheck; backend npm run build:server; frontend npx tsc --noEmit --project tsconfig.json; frontend npm run build (passed with a non-fatal SSR getPosts fetch refusal during static page generation); backend/frontend git diff --check. Linked docs updated: Postgres Runtime Cutover Status, MongoDB to PostgreSQL Migration Plan (Drizzle), MongoDB to PostgreSQL Migration Guide

2026-06-01 — backend@ea43862, frontend@b4ea7c9 — expose Postgres store modes in health

Commits: backend ea43862, frontend b4ea7c9 (backend 2.8.11, frontend 2.8.11) Touched:

  • Backend: src/infrastructure/postgres/client.ts, src/services/health/healthCheckService.ts, __tests__/postgres-client.test.ts, package.json, package-lock.json
  • Frontend: package.json, Dockerfile version metadata only. Why: Phase 0 of the Postgres cutover needed runtime visibility before moving another domain. /api/health now reports checks.postgres.storeModes, enabledStores, and enabledStoreCount while preserving the existing configured/required/status semantics. This lets Gatus and operators verify which opt-in stores are actually PG-backed in dev. Backend was rebased on Mojtaba's 2be91d2 authStore fix before push. Verification: Backend npm test -- --runTestsByPath __tests__/postgres-client.test.ts; backend npm run typecheck -- --pretty false; backend npm run build; backend focused health smoke against local Mongo/Redis containers and escrow-pgmig-test Postgres asserted all seven enabled PG stores in checks.postgres; frontend npx tsc --noEmit --ignoreDeprecations 6.0; backend/frontend git diff --check. Linked docs updated: Monitoring, Postgres Runtime Cutover Status

2026-06-01 — backend@1757f1e, frontend@600dd0d, deployment@6db02b0 — Postgres runtime cutover stores and health monitoring

Commits: backend 1757f1e, frontend 600dd0d, deployment 6db02b0 (backend 2.8.9, frontend 2.8.9) Touched:

  • Backend: src/infrastructure/postgres/client.ts, src/infrastructure/database/connection.ts, auth/config/address/category/level/shop/review store facades, backfill scripts, smoke scripts, /api/health, package.json, package-lock.json
  • Frontend: package.json, Dockerfile version metadata only.
  • Deployment: docker-compose.yml Postgres service/store env wiring, gatus/config.yaml Postgres health assertions. Why: Continue the MongoDB-to-Postgres runtime cutover by moving auth-owned users and Telegram auth records, confirmation thresholds, user addresses, and the first reference/marketplace domains behind opt-in Postgres store flags while keeping Mongo as the default and rollback mirror. Monitoring now treats Postgres as a required health dependency when any PG-backed store is enabled. Verification: Backend npm run typecheck -- --pretty false; backend npm run build; backend PG_URL=postgres://escrow:throwaway@127.0.0.1:5434/escrow_migration_test MONGODB_URI=mongodb://127.0.0.1:27018/reference-smoke DB_NAME=reference-smoke scripts/smoke/reference-stores-postgres.sh; backend focused health smoke asserted checks.postgres.ok/configured/required; local backend BASE_URL=http://127.0.0.1:5011 scripts/smoke/auth-basic.sh; local backend BASE_URL=http://127.0.0.1:5011 scripts/smoke/confirmation-thresholds.sh; local backend BASE_URL=http://127.0.0.1:5011 JWT_SECRET=test-secret scripts/smoke/addresses-basic.sh; frontend npx tsc --noEmit --ignoreDeprecations 6.0; deployment ruby -e 'require "yaml"; YAML.load_file("gatus/config.yaml")'. Linked docs updated: Postgres Runtime Cutover Status, MongoDB to PostgreSQL Migration Plan (Drizzle), API Overview, Monitoring, Gatus Monitoring - Proposed Config

2026-05-31 — backend@8e03360, frontend@228eed2 — keep auth and health checks resilient under load

Commits: backend 8e03360, frontend 228eed2 (backend 2.6.84, frontend 2.7.24) Touched:

  • Backend: src/app.ts, src/services/health/healthCheckService.ts, package.json, package-lock.json
  • Frontend: package.json, package-lock.json version bump only. Why: A dev performance run consumed the global 100/15m limiter and blocked /api/auth/login; repeated /api/health calls also drove the external Request Network reachability probe into 429, making Gatus report status: degraded even though Mongo/Redis/app were healthy. Auth routes now bypass the global limiter and rely on the auth-specific limiter, and the RN health subcheck is cached and treats non-5xx HTTP responses as upstream reachable. Verification: Backend npm test -- --runTestsByPath __tests__/health-check.test.ts; backend npm run typecheck; backend git diff --check; frontend npx tsc --noEmit --ignoreDeprecations 6.0; frontend git diff --check. Dev login was manually verified after resetting the backend limiter state. Linked docs updated: Monitoring, Gatus Monitoring - Proposed Config

2026-05-31 — backend@cbc32dc, frontend@08e8da9 — seller-owned template delivery and payment rails

Commits: backend cbc32dc, frontend 08e8da9 (backend 2.6.83, frontend 2.7.23) Touched:

  • Backend: src/models/RequestTemplate.ts, src/services/marketplace/RequestTemplateService.ts, src/services/marketplace/requestTemplateRoutes.ts, src/services/marketplace/requestTemplateController.ts, __tests__/marketplace-request-budget-validation.test.ts, scripts/smoke/marketplace-request-budget.sh, package.json, package-lock.json
  • Frontend: src/sections/request-template/request-template-checkout-billing-address.tsx, src/sections/request-template/request-template-checkout-payment.tsx, src/sections/request-template/request-template-new-edit-form.tsx, src/sections/request-template/request-template-details-summary.tsx, src/sections/request-template/view/seller-shop-view.tsx, src/sections/request-template/view/public-seller-shop-view.tsx, src/web3/components/multi-seller-provider-payment.tsx, src/actions/request-template.ts, src/types/request-template.ts, src/sections/request-template/context/types.ts, package.json, package-lock.json Why: Template checkout let buyers choose delivery even though fulfillment is a seller decision, and payment creation could fail when a seller/template had no usable network/token allowlist. Sellers now choose physical vs online delivery on the template, new templates require at least one chain/token rail, checkout asks buyers only for the needed address/email details, and template payment intents resolve rails with the real templateId. Verification: Backend npm test -- --runTestsByPath __tests__/marketplace-request-budget-validation.test.ts; backend npm run typecheck; backend git diff --check; backend BASE_URL=http://localhost:5001 ./scripts/smoke/marketplace-request-budget.sh skipped with exit 77 because ACCESS_TOKEN and CATEGORY_ID were not set; frontend npx tsc --noEmit --ignoreDeprecations 6.0; frontend git diff --check. No browser verification was possible because the Browser tool was unavailable in this session. Linked docs updated: RequestTemplate, PurchaseRequest, ShopSettings, Marketplace API, Payment API, Purchase Request Flow, Seller Guide

2026-05-31 — backend@a4d72df, frontend@07db9b0, scanner@ca62e7a — cap confirmations at per-chain acceptance floors

Commits: backend a4d72df, frontend 07db9b0, scanner ca62e7a (backend 2.6.82, frontend 2.7.22, scanner 0.1.7) Touched:

  • Backend: src/services/payment/safety/confirmationThresholdService.ts, src/routes/amnScannerWebhookRoutes.ts, src/services/payment/requestNetwork/requestNetworkRoutes.ts, src/services/payment/adapters/amnPayAdapter.ts, src/services/admin/confirmationThresholdRoutes.ts, src/services/payment/requestNetwork/supportedChains.json, __tests__/confirmation-threshold-service.test.ts, package.json, package-lock.json
  • Frontend: src/sections/payment/payment-table-row.tsx, src/sections/payment/view/payment-details-view.tsx, package.json, package-lock.json
  • Scanner: supported-chains.json, webhook.go, chain.go, tron_chain.go, ton_chain.go, main.go, README.md, VERSION, webhook_test.go Why: Confirmation depth should be a chain-specific acceptance floor, roughly a ten-minute safety window, not an endlessly increasing block counter. The backend now clamps runtime settings below the chain floor, caps stored settled confirmations at the effective threshold, sends the same threshold to AMN scanner intents, and the scanner includes the capped accepted count in webhooks. Frontend payment views show settled confirmation counts with a + suffix. Verification: Backend npm test -- --runTestsByPath __tests__/confirmation-threshold-service.test.ts __tests__/transaction-safety-provider.test.ts; backend npm run typecheck; backend BASE_URL=https://dev.amn.gg ./scripts/smoke/rn-webhook.sh; backend git diff --check; scanner go test ./...; scanner git diff --check; frontend npx tsc --noEmit --ignoreDeprecations 6.0; frontend git diff --check. Linked docs updated: Payment, Payment API, Scanner API, Payment Flow - Scanner, ScannerIntent, Scanner Architecture, Scanner Operations, Environment Variables

2026-05-31 — backend@896f17f, frontend@fd8e797 — persist webhook confirmations for scanner payments

Commits: backend 896f17f, frontend fd8e797 (backend 2.6.81, frontend 2.7.21) Touched:

  • Backend: src/routes/amnScannerWebhookRoutes.ts, src/services/payment/requestNetwork/requestNetworkRoutes.ts, src/services/payment/safety/transactionSafetyProvider.ts, __tests__/transaction-safety-provider.test.ts, package.json, package-lock.json
  • Frontend: package.json, package-lock.json version bump only. Why: dev.amn.gg showed a confirmed AMN scanner payment with blockchain.confirmations = 0. Scanner webhooks report status: "confirmed", but transaction safety only evaluated "completed" statuses, so no verifier evidence was produced. The webhook routes now persist confirmations from safety evidence, scanner/RN payloads, or the chain confirmation threshold fallback when the provider already says confirmed/completed. Verification: Backend npm test -- --runTestsByPath __tests__/transaction-safety-provider.test.ts; backend npm run typecheck; backend git diff --check; frontend npx tsc --noEmit --ignoreDeprecations 6.0; frontend git diff --check. Could not inspect the actual dev.amn.gg payment row because SSH to 193.180.213.68 rejected the available key. Linked docs updated: Payment, Payment API, Payment Flow - Scanner

2026-05-31 — backend@cab0719, frontend@ec2f765 — align request budget validation after Postgres migration

Commits: backend cab0719, frontend ec2f765 (backend 2.6.80, frontend 2.7.20) Touched:

  • Backend: src/shared/constants/marketplace.ts, src/models/PurchaseRequest.ts, src/models/RequestTemplate.ts, src/services/marketplace/requestTemplateRoutes.ts, src/services/marketplace/PurchaseRequestService.ts, src/db/schema/purchaseRequest.ts, src/db/repositories/drizzle/DrizzleMarketplaceRepo.ts, __tests__/marketplace-request-budget-validation.test.ts, scripts/smoke/marketplace-request-budget.sh
  • Frontend: package.json, package-lock.json version bump only. Why: Product/template creation could return 400 when the UI sent urgency: "urgent", and template-to-purchase conversion could later fail when a template budget used USD / EUR / IRR while PurchaseRequest only accepted USDT / USDC. Runtime Mongoose validation, request-template route validation, and the PG budget_currency enum now share USD, EUR, IRR, USDT, USDC; urgency validation includes urgent. Verification: Backend npm test -- --runTestsByPath __tests__/marketplace-request-budget-validation.test.ts; backend npm run typecheck; backend git diff --check; frontend npx tsc --noEmit --ignoreDeprecations 6.0; smoke helper added at scripts/smoke/marketplace-request-budget.sh but not run against dev because no ACCESS_TOKEN / CATEGORY_ID were available in this session. Linked docs updated: PurchaseRequest, RequestTemplate, Marketplace API, MongoDB to PostgreSQL Migration Guide, MongoDB to PostgreSQL Migration Plan (Drizzle), Postgres Runtime Cutover Status, Data Model Overview, Payment

2026-05-31 — nick-doc@local — clarify Postgres runtime cutover status

Commits: docs-only sync after backend 3a50dc4 (integrate-main-into-development, backend 2.6.79) Touched:


2026-05-31 — backend@3a50dc4 — promote Postgres integration branch with oracle/depeg + gasless backports

Commits: backend 11bfd02 74d73c5 1730c4d 148c803 8aa4473 a5e4da2 3a50dc4 (backend 2.6.762.6.79) Touched:

  • Branches: preserved old integrate-main-into-development as integrate-main-into-development-old; promoted feat/pg-money-core-migration to integrate-main-into-development.
  • Payment routing: requestNetworkRoutes.ts, requestNetworkPayInService.ts, amnScannerPayInService.ts, permitRelay.ts, amnPayAdapter.ts
  • Oracle/depeg: priceOracle/*, paymentQuote.ts, migration 0008_giant_winter_soldier.sql, Payment.ts, SellerOffer.ts
  • Tests/config: oracle-depeg-protection.test.ts, request-network-payin.test.ts, .env.example, package.json, package-lock.json Why: Combine the old integration branch's AMN scanner rail-switch fix and partial gasless permit work with the Postgres money-core branch and oracle/depeg quote engine. The final fix resolves the PG payment id through payments.legacy_object_id / id_map before writing payment_quotes, records pg_dualwrite_gaps if PG is behind, and keeps the Mongo quote mirror coherent during dual-write. Verification: npm run typecheck -- --pretty false; npm test -- --runInBand __tests__/oracle-depeg-protection.test.ts; npm test -- --runInBand __tests__/request-network-payin.test.ts __tests__/request-network-adapter.test.ts __tests__/request-network-webhook.test.ts __tests__/sweep-service.test.ts. The PG decimal integration cases in the oracle suite skipped because no local PG_URL/MIGRATION_PG_URL was configured. Linked docs updated: Payment, SellerOffer, Payment API, Environment Variables, Oracle Pricing & Stablecoin Depeg Protection, PRD - Gasless Buyer Payments (Roadmap)

2026-05-30 — frontend@9013b70, c77cf82, 8add494 — staged node-package upgrade + TS6 test fix + lint sweep

Commits: 8add494 c77cf82 9013b70 Touched:

  • Deps (package.json, yarn.lock): TypeScript 5→6, Jest 29→30, Tiptap 2→3 (all 11 sub-packages), i18next 25→26, react-i18next 15→17, @types/node 22→25, @types/jest 29→30, react-dropzone 14→15, react-apexcharts 1→2, mui-one-time-password-input 5→7, React 19.1→19.2, MUI 7.1→7.3 (in-range), zod 4.0→4.4. Constraints bumped to tested floors (@mui/material ^7.3.11, wagmi ^2.19.5, etc.). Version bumped 2.7.9 → 2.7.10.
  • Code fixes for new types: src/theme/with-settings/update-core.ts (cast currentScheme via Record<string,unknown> after MUI 7.3 tightened ColorSystemOptions), src/components/editor/components/code-highlight-block.tsx (cast NodeViewContent as='code''code' as 'div' for Tiptap 3 stricter prop typing).
  • Test infra: jest.config.js (point ts-jest at tsconfig.test.json explicitly, ignore TS5101/TS5011), tsconfig.test.json (add rootDir: "." and ignoreDeprecations: "6.0").
  • Security hygiene: .env.local + .env.production removed from tracking; added to .gitignore. Existing values still in git history — rotate any leaked credentials.
  • Lint sweep: yarn lint:fix applied across 64 files in src/ — mostly perfectionist/sort-imports reorders and unused-imports removals.
  • Docs: AGENTS.md gained an "Enforced project conventions" section covering Prettier, ESLint, TypeScript, and the centralized src/theme/ structure. CLAUDE.md is now a symlink → AGENTS.md so Claude Code reads the same rules.
  • Tooling: scripts/upgrade-packages.sh (reusable staged-upgrade runner with snapshot + auto-rollback) and scripts/UPGRADE-PLAN.md (strategy + per-stage rationale) added. .upgrade-backups/ added to .gitignore.

Why: Many runtime / dev dependencies were 37 minors behind; the audit was triggered by a request to "update all node packages without breaking the build." Did it as eight staged groups (in-range → @types → ESLint → Jest → Tiptap → i18next → misc → TypeScript), each gated by yarn build. Three stages were pulled back: ESLint 10 (eslint-plugin-react@7 incompatible with new context API), wagmi 3 (@coinbase/wallet-sdk declares window.ethereum: unknown, breaks type union with viem), MUI 7→9 (AGENTS.md pins to v7).

Verification: yarn build passes after every stage (3444s, all 57 routes). yarn test recovered from "45 suites fail, 0 tests run" (TS6 blocker) to 530 tests pass, 18 unrelated mock failures. yarn lint went 204 → 21 problems (the remaining 5 errors are pre-existing: 2× @ts-nocheck, 3× no-bitwise). Dev server (/, /auth/jwt/sign-in, /post, /shop, /dashboard, /telegram) all return 200. Manual smoke test of the Tiptap editor + wagmi connect flow is still recommended before promoting to prod.

Linked docs updated: none yet — 07 - Development/ should grow a "Node dependency upgrade runbook" pointing at frontend/scripts/UPGRADE-PLAN.md and the staged-rollback pattern. Also worth promoting the new AGENTS.md conventions section to 07 - Development/Coding Standards.md.


2026-05-29 — backend@cdc8df1 — AMN Pay Scanner integration (retire Request Network)

Commits: backend cdc8df1, scanner 8fee27e Touched:

  • Backend: src/services/payment/adapters/amnPayAdapter.ts, src/routes/amnScannerWebhookRoutes.ts, src/services/payment/adapters/types.ts, src/services/payment/providerConfig.ts, src/app.ts, .env.example, docker-compose.dev.yml, docker-compose.production.yml
  • Scanner (new repo): scanner/*.go, Dockerfile, supported-chains.json
  • Frontend: src/actions/network-registry.ts, src/sections/admin/networks/networks-list-view.tsx Why: Implement AMN Pay Scanner per PRD - Retire Request Network — In-House Payment Scanner.md. Standalone Go microservice scans ERC20FeeProxy TransferWithReferenceAndFee events directly, eliminating RN API dependency. Supports any destination address (derived HD wallets enabled). Parallel run: RN stays active for existing payments; new payments route to scanner when AMN_SCANNER_URL is configured. Verification: tsc --noEmit clean. Scanner binary builds (go build). Go tests pass (3/3). Frontend networks page renders scanner lag column. Linked docs updated: 07 - Development/Environment Variables, PRD - Retire Request Network — In-House Payment Scanner

2026-05-29 — backend@7688f57 — Sweep gas strategy: PermitPull + GasTopUp signers

Commits: backend 7688f57 Touched:

  • Backend: src/services/payment/wallets/sweepService.ts, __tests__/sweep-service.test.ts, .env.example Why: Implement hybrid two-signer sweep strategy per PRD - Sweep Gas Strategy - Permit Pull vs Gas Top-Up.md. PermitPullSweepSigner uses EIP-2612 permit for non-BSC chains (ETH, Arbitrum, Polygon, Base) so derived addresses never need native gas. GasTopUpSweepSigner handles BSC by topping up BNB from a master wallet before the derived address calls transfer(). getSweepSigner(chainId, tokenSymbol) auto-selects the correct signer. Static PERMIT_CAPABLE_TOKENS map seeded from on-chain audit 2026-05-29. Verification: tsc --noEmit clean. npx jest __tests__/sweep-service.test.ts — 31/31 pass (including 16 new tests for auto-selection and permit capability matrix). Linked docs updated: 07 - Development/Environment Variables, PRD - Sweep Gas Strategy - Permit Pull vs Gas Top-Up

2026-05-28 — deployment@4e8658d — Gatus monitoring: Docker service + config

Commits: deployment 1ac2e744e8658d Touched: deployment/gatus/config.yaml, deployment/docker-compose.yml, deployment/.env Why: Add Gatus monitoring service to the deployment stack. Config covers backend-dev, backend-prod, frontend-dev, frontend-prod, and external deps (RN API, Chainalysis, BSC RPC). Telegram alerting configured. Service exposed via Traefik at gatus.ch.manko.yoga. Verification: Config file validated against Gatus schema. Awaiting docker-compose up -d gatus on server. Linked docs updated: 08 - Operations/Gatus Monitoring - Proposed Config


2026-05-28 — backend@6c01a30 — Gatus monitoring: GET /api/health endpoint

Commits: backend 19f7eb944579d66c01a30 (2.6.48 → 2.6.49) Touched:

  • Backend: src/services/health/healthCheckService.ts, src/services/health/index.ts, src/app.ts, __tests__/health-check.test.ts Why: Implement GET /api/health for Gatus monitoring. Exposes 5 checks (db, redis, rnChainRegistry, rnTokenRegistry, rnApi) in a single public endpoint. Status semantics: ok | degraded | down (503 when DB fails). Each check includes latencyMs; registry checks include counts. Rate limiter and request logging skip /api/health. 5 route-level unit tests cover ok/degraded/down transitions. Verification: tsc --noEmit clean. npx jest __tests__/health-check.test.ts — 5/5 pass. Linked docs updated: 08 - Operations/Gatus Monitoring - Proposed Config

2026-05-28 — backend@19f7eb9, frontend@60ee6fb — Task #10: AML screening (Chainalysis, seller-paid, seller opt-in)

Commits: backend 441c8be80ba04619f7eb9 (2.6.46 → 2.6.47), frontend 717d5c8b7540f560ee6fb (2.6.46 → 2.6.47) Touched:

  • Backend: src/services/payment/safety/amlProvider.ts, src/services/payment/safety/chainalysisProvider.ts, src/services/payment/safety/amlScreeningService.ts, src/services/payment/safety/transactionSafetyProvider.ts, src/services/payment/paymentCoordinator.ts, src/services/admin/amlConfigRoutes.ts, src/models/SellerOffer.ts, src/app.ts, .env.example
  • Frontend: src/sections/request/components/seller-steps/step-1-send-proposal.tsx, src/types/marketplace.ts Why: Task #10 implementation. Chainalysis Public Sanctions API integration for seller-paid AML screening. Seller can opt-in per-offer via requireAmlCheck + amlBlockOnFailure toggles. TransactionSafetyProvider screens buyer source address after on-chain transfer verification. paymentCoordinator deducts AML_CHECK_COST_USD (default 0, API is free) from seller escrow on payment completion. Admin routes for AML config. Verification: Frontend tsc --noEmit clean. Backend relevant tests pass (module resolution issues in unrelated test files). Linked docs updated: 02 - Data Models/SellerOffer, 03 - API Reference/Admin API, 04 - Flows/Escrow Flow

2026-05-28 — backend@441c8be, frontend@717d5c8 — Task #9: Per-chain confirmation thresholds + admin UI

Commits: backend 4a85737441c8be (2.6.47 → 2.6.48), frontend 0ebb2f1717d5c8 (2.6.46 → 2.6.48) Touched:

  • Backend: src/models/ConfigSetting.ts, src/services/payment/safety/confirmationThresholdService.ts, src/services/payment/safety/transactionSafetyProvider.ts, src/services/admin/confirmationThresholdRoutes.ts, src/services/admin/awaitingConfirmationRoutes.ts, src/app.ts
  • Frontend: src/sections/admin/confirmation-thresholds/, src/sections/admin/payments-awaiting-confirmation/, src/actions/confirmation-thresholds.ts, src/routes/paths.ts, src/layouts/nav-config-dashboard.tsx Why: PRD §3 — Task #9 implementation. Runtime per-chain confirmation thresholds via ConfigSetting Mongo model with 30s in-memory cache. TransactionSafetyProvider now reads getConfirmationThreshold(chainId) instead of static env. Admin endpoints: GET/PATCH /api/admin/settings/confirmation-thresholds, GET /api/admin/payments/awaiting-confirmation. Frontend admin pages for threshold editing and awaiting-confirmation payment monitoring. Verification: All 56 relevant backend tests green. Frontend tsc --noEmit clean. Linked docs updated: 03 - API Reference/Payment API

2026-05-28 — backend@4a85737, frontend@0ebb2f1 — Task #8: Multichain RN proxy registry + USDC/USDT support + Base fix + USDT fork test

Commits: backend 01b9ea0ae17b184a85737 (2.6.45 → 2.6.47), frontend 0ebb2f1 (2.6.44 → 2.6.46) Touched:

  • Backend: src/services/payment/requestNetwork/supportedChains.json, src/services/payment/requestNetwork/tokens.json, src/services/payment/requestNetwork/tokens.ts, src/services/payment/requestNetwork/proxyAddresses.ts, src/services/payment/requestNetwork/inHouseCheckout.ts, src/services/payment/requestNetwork/networkRegistryRoutes.ts, src/services/payment/wallets/sweepService.ts, src/app.ts, scripts/probe-rn-chains.ts
  • Frontend: src/web3/config.ts, src/sections/payment/checkout/rn-in-house-checkout-view.tsx, src/sections/admin/networks/, src/app/dashboard/admin/networks/page.tsx, src/actions/network-registry.ts, src/routes/paths.ts, src/layouts/nav-config-dashboard.tsx Why: PRD §2 — Task #8 implementation. 5-chain registry (BSC, Arbitrum, Ethereum, Polygon, Base) with canonical RN ERC20FeeProxy addresses and per-chain USDC/USDT entries including Base. tokens.ts and proxyAddresses.ts now load from JSON files with admin reload capability. buildInHouseCheckoutBlock returns unsupported_chain:<id> for unknown chains. Frontend wagmi config expanded to include arbitrum + base. Per-chain explorer URLs in checkout view. USDT-mainnet approve(0) reset quirk handled in approve flow. New admin page /dashboard/admin/networks renders registry with reload button. New probe script scripts/probe-rn-chains.ts verifies proxy deployment on-chain. Verification: All 58 relevant backend tests green (rn-in-house-checkout, derived-destinations, sweep-service, request-template-orphan-cleanup). Frontend tsc --noEmit clean. Linked docs updated: 03 - API Reference/Payment API (new GET /api/admin/rn/networks and POST /api/admin/rn/networks/reload endpoints)

2026-05-28 — backend@34f542e — Task #7 B: unit tests for derived-destinations + sweep-service + orphan-cleanup regression

Commits: backend 34f542e (2.6.44 → 2.6.45) Touched: __tests__/derived-destinations.test.ts (26 tests), __tests__/sweep-service.test.ts (18 tests), __tests__/request-template-orphan-cleanup.test.ts (2 tests) Why: PRD item B — regression lock-in test suite for Task #7. Covers: getDestinationFor idempotency, E11000 race fallback, validateXpub rejection of xpriv/tprv/garbage, deriveAddressAtIndex determinism, recordSweep $inc accumulation (regression lock-in for item E), and orphan-payment cleanup provider filtering (regression lock-in for Gap 2 fix in 2.6.44). Verification: All 46 tests green (npx jest derived-destinations.test.ts sweep-service.test.ts request-template-orphan-cleanup.test.ts). Linked docs updated: 08 - Operations/Handoff - Request Network In-House Checkout - 2026-05-28


2026-05-28 — backend@1889169, frontend@c44ed64 — Task #7 A verification fix: multi-checkout conversion + orphan-payment guard

Commits: backend 1889169 (2.6.43 → 2.6.44), frontend c44ed64 (2.6.43 → 2.6.44) Touched:

  • Backend: src/services/marketplace/RequestTemplateService.ts
  • Frontend: src/sections/payment/checkout/rn-multi-checkout-view.tsx Why: A verification revealed two gaps: (1) RnMultiCheckoutView.handleFinish only navigated to payment list and never called convertTemplatesToRequests, so multi-seller carts never created PurchaseRequests; fixed by calling conversion with stashed cart items and navigating to the first created request. (2) Backend orphan-payment cleanup found ALL pending payments for the buyer and hard-deleted all but the first — fatal for multi-seller carts; fixed by restricting orphan query to provider: 'shkeeper' only so request.network payments retain their independent lifecycle. Verification: Pushed to integrate-main-into-development on both repos — Woodpecker builds pending. Linked docs updated: 03 - API Reference/Payment API

2026-05-28 — backend@faf2221, frontend@022ecb6 — Task #7 derived destinations: sweep autostart, recordSweep fix, multi-seller checkout UX

Commits: backend faf2221 (2.6.42 → 2.6.43), frontend 022ecb6 (2.6.42 → 2.6.43) Touched:

  • Backend: src/app.ts, src/models/DerivedDestination.ts, src/models/Payment.ts, src/services/payment/requestNetwork/requestNetworkPayInService.ts, src/services/payment/wallets/derivedDestinations.ts, .env.example
  • Frontend: src/sections/payment/checkout/rn-in-house-checkout-view.tsx, src/sections/request-template/request-template-checkout-payment.tsx, src/web3/components/multi-seller-provider-payment.tsx, src/sections/payment/checkout/rn-multi-checkout-view.tsx, src/app/checkout/request-network/multi/page.tsx Why: PRD items D/E/F + frontend cart-aware checkout (A). Auto-start sweep cron on boot; fix recordSweep to $inc totalSwept instead of $setOnInsert; widen Payment unique index to include sellerOfferId for multi-seller carts; add multi-seller checkout wrapper and wire into template + request flows. Verification: Pushed to integrate-main-into-development on both repos — Woodpecker builds pending. Linked docs updated: 03 - API Reference/Payment API (derived-destination endpoints)

2026-05-28 — backend@e46be98, frontend@af77b3c — add nick-doc sync rule + version bumps

Commits: backend e46be98 (2.6.24 → 2.6.25), frontend af77b3c (2.6.25 → 2.6.26) Touched: backend/AGENTS.md, frontend/AGENTS.md (new), both package.json + package-lock.json Why: Establish a mandatory rule that every code push must be followed by a nick-doc Activity Log entry (and relevant section updates) so the vault never falls behind the code. Frontend AGENTS.md created from scratch (was missing). Verification: Pushed to integrate-main-into-development on both repos — Woodpecker builds pending. Linked docs updated: This vault's AGENTS.md updated with the same rule. Note: Backend (2.6.25) and frontend (2.6.26) are intentionally one patch apart — backend was a version behind before this session. Should be re-aligned on the next paired bump.


2026-05-28 — frontend@9d4aa37 — fix 429 request storm on template SWR hooks

Commits: 9d4aa37 Touched: src/actions/request-template.ts Why: Production browser showed repeated 429 (Too Many Requests) on /api/marketplace/request-templates/sellers. Default SWR config was revalidating on focus/reconnect and retrying on errors, making backend rate-limit recover impossible without a restart. Verification: Pushed, awaiting Woodpecker build. Visual confirmation on dev.amn.gg after deploy. Linked docs updated: none yet — SWR pattern should be promoted to 07 - Development/Coding Standards.md in a follow-up.


2026-05-28 — frontend@6c89444 — improve request template form debug feedback

Commits: 6c89444 Touched: src/sections/request-template/request-template-new-edit-form.tsx Why: Users could not tell why "ایجاد قالب" failed — validation errors silently blocked submission, API errors collapsed to generic "خطایی رخ داده است!", and the "انتشار" Switch in renderActions was visual-only. Verification: Type-check passes via Docker build in prior session; manual browser test pending. Linked docs updated: none.


2026-05-27 — frontend@8c0f14d, ad498f4, f3a3c9d, bb72a66 — unblock 2.6.19 Docker build

Commits: bb72a66 f3a3c9d ad498f4 8c0f14d Touched: src/sections/request-template/request-template-checkout-payment.tsx, src/web3/components/wallet-selector.tsx, tsconfig.json, src/types/payment.ts Why: Docker build was failing on TypeScript compilation after the wallet-support + test-payment feature merge. Four distinct errors fixed: User type uses _id not id; wallet-selector imported non-existent @/components/ui/dialog; @/* path alias missing from tsconfig; IPayment metadata type didn't allow test-payment fields. Verification: Local docker build succeeded — image escrow-frontend:2.6.19 created. Linked docs updated: none — should add SWR + UI library notes to 07 - Development/Coding Standards.md.