Files
nick-doc/09 - Audits/Activity Log.md

13 KiB

title, tags, created
title tags created
Activity Log
audit
log
append-only
2026-05-28

Activity Log

Append-only log of every git push from backend and frontend. Newest entries on top. Maintained by agents per the rule in ../AGENTS.md.


2026-05-28 — deployment@4e8658d — Gatus monitoring: Docker service + config

Commits: deployment 1ac2e744e8658d Touched: deployment/gatus/config.yaml, deployment/docker-compose.yml, deployment/.env Why: Add Gatus monitoring service to the deployment stack. Config covers backend-dev, backend-prod, frontend-dev, frontend-prod, and external deps (RN API, Chainalysis, BSC RPC). Telegram alerting configured. Service exposed via Traefik at gatus.ch.manko.yoga. Verification: Config file validated against Gatus schema. Awaiting docker-compose up -d gatus on server. Linked docs updated: 08 - Operations/Gatus Monitoring - Proposed Config


2026-05-28 — backend@6c01a30 — Gatus monitoring: GET /api/health endpoint

Commits: backend 19f7eb944579d66c01a30 (2.6.48 → 2.6.49) Touched:

  • Backend: src/services/health/healthCheckService.ts, src/services/health/index.ts, src/app.ts, __tests__/health-check.test.ts Why: Implement GET /api/health for Gatus monitoring. Exposes 5 checks (db, redis, rnChainRegistry, rnTokenRegistry, rnApi) in a single public endpoint. Status semantics: ok | degraded | down (503 when DB fails). Each check includes latencyMs; registry checks include counts. Rate limiter and request logging skip /api/health. 5 route-level unit tests cover ok/degraded/down transitions. Verification: tsc --noEmit clean. npx jest __tests__/health-check.test.ts — 5/5 pass. Linked docs updated: 08 - Operations/Gatus Monitoring - Proposed Config

2026-05-28 — backend@19f7eb9, frontend@60ee6fb — Task #10: AML screening (Chainalysis, seller-paid, seller opt-in)

Commits: backend 441c8be80ba04619f7eb9 (2.6.46 → 2.6.47), frontend 717d5c8b7540f560ee6fb (2.6.46 → 2.6.47) Touched:

  • Backend: src/services/payment/safety/amlProvider.ts, src/services/payment/safety/chainalysisProvider.ts, src/services/payment/safety/amlScreeningService.ts, src/services/payment/safety/transactionSafetyProvider.ts, src/services/payment/paymentCoordinator.ts, src/services/admin/amlConfigRoutes.ts, src/models/SellerOffer.ts, src/app.ts, .env.example
  • Frontend: src/sections/request/components/seller-steps/step-1-send-proposal.tsx, src/types/marketplace.ts Why: Task #10 implementation. Chainalysis Public Sanctions API integration for seller-paid AML screening. Seller can opt-in per-offer via requireAmlCheck + amlBlockOnFailure toggles. TransactionSafetyProvider screens buyer source address after on-chain transfer verification. paymentCoordinator deducts AML_CHECK_COST_USD (default 0, API is free) from seller escrow on payment completion. Admin routes for AML config. Verification: Frontend tsc --noEmit clean. Backend relevant tests pass (module resolution issues in unrelated test files). Linked docs updated: 02 - Data Models/SellerOffer, 03 - API Reference/Admin API, 04 - Flows/Escrow Flow

2026-05-28 — backend@441c8be, frontend@717d5c8 — Task #9: Per-chain confirmation thresholds + admin UI

Commits: backend 4a85737441c8be (2.6.47 → 2.6.48), frontend 0ebb2f1717d5c8 (2.6.46 → 2.6.48) Touched:

  • Backend: src/models/ConfigSetting.ts, src/services/payment/safety/confirmationThresholdService.ts, src/services/payment/safety/transactionSafetyProvider.ts, src/services/admin/confirmationThresholdRoutes.ts, src/services/admin/awaitingConfirmationRoutes.ts, src/app.ts
  • Frontend: src/sections/admin/confirmation-thresholds/, src/sections/admin/payments-awaiting-confirmation/, src/actions/confirmation-thresholds.ts, src/routes/paths.ts, src/layouts/nav-config-dashboard.tsx Why: PRD §3 — Task #9 implementation. Runtime per-chain confirmation thresholds via ConfigSetting Mongo model with 30s in-memory cache. TransactionSafetyProvider now reads getConfirmationThreshold(chainId) instead of static env. Admin endpoints: GET/PATCH /api/admin/settings/confirmation-thresholds, GET /api/admin/payments/awaiting-confirmation. Frontend admin pages for threshold editing and awaiting-confirmation payment monitoring. Verification: All 56 relevant backend tests green. Frontend tsc --noEmit clean. Linked docs updated: 03 - API Reference/Payment API

2026-05-28 — backend@4a85737, frontend@0ebb2f1 — Task #8: Multichain RN proxy registry + USDC/USDT support + Base fix + USDT fork test

Commits: backend 01b9ea0ae17b184a85737 (2.6.45 → 2.6.47), frontend 0ebb2f1 (2.6.44 → 2.6.46) Touched:

  • Backend: src/services/payment/requestNetwork/supportedChains.json, src/services/payment/requestNetwork/tokens.json, src/services/payment/requestNetwork/tokens.ts, src/services/payment/requestNetwork/proxyAddresses.ts, src/services/payment/requestNetwork/inHouseCheckout.ts, src/services/payment/requestNetwork/networkRegistryRoutes.ts, src/services/payment/wallets/sweepService.ts, src/app.ts, scripts/probe-rn-chains.ts
  • Frontend: src/web3/config.ts, src/sections/payment/checkout/rn-in-house-checkout-view.tsx, src/sections/admin/networks/, src/app/dashboard/admin/networks/page.tsx, src/actions/network-registry.ts, src/routes/paths.ts, src/layouts/nav-config-dashboard.tsx Why: PRD §2 — Task #8 implementation. 5-chain registry (BSC, Arbitrum, Ethereum, Polygon, Base) with canonical RN ERC20FeeProxy addresses and per-chain USDC/USDT entries including Base. tokens.ts and proxyAddresses.ts now load from JSON files with admin reload capability. buildInHouseCheckoutBlock returns unsupported_chain:<id> for unknown chains. Frontend wagmi config expanded to include arbitrum + base. Per-chain explorer URLs in checkout view. USDT-mainnet approve(0) reset quirk handled in approve flow. New admin page /dashboard/admin/networks renders registry with reload button. New probe script scripts/probe-rn-chains.ts verifies proxy deployment on-chain. Verification: All 58 relevant backend tests green (rn-in-house-checkout, derived-destinations, sweep-service, request-template-orphan-cleanup). Frontend tsc --noEmit clean. Linked docs updated: 03 - API Reference/Payment API (new GET /api/admin/rn/networks and POST /api/admin/rn/networks/reload endpoints)

2026-05-28 — backend@34f542e — Task #7 B: unit tests for derived-destinations + sweep-service + orphan-cleanup regression

Commits: backend 34f542e (2.6.44 → 2.6.45) Touched: __tests__/derived-destinations.test.ts (26 tests), __tests__/sweep-service.test.ts (18 tests), __tests__/request-template-orphan-cleanup.test.ts (2 tests) Why: PRD item B — regression lock-in test suite for Task #7. Covers: getDestinationFor idempotency, E11000 race fallback, validateXpub rejection of xpriv/tprv/garbage, deriveAddressAtIndex determinism, recordSweep $inc accumulation (regression lock-in for item E), and orphan-payment cleanup provider filtering (regression lock-in for Gap 2 fix in 2.6.44). Verification: All 46 tests green (npx jest derived-destinations.test.ts sweep-service.test.ts request-template-orphan-cleanup.test.ts). Linked docs updated: 08 - Operations/Handoff - Request Network In-House Checkout - 2026-05-28


2026-05-28 — backend@1889169, frontend@c44ed64 — Task #7 A verification fix: multi-checkout conversion + orphan-payment guard

Commits: backend 1889169 (2.6.43 → 2.6.44), frontend c44ed64 (2.6.43 → 2.6.44) Touched:

  • Backend: src/services/marketplace/RequestTemplateService.ts
  • Frontend: src/sections/payment/checkout/rn-multi-checkout-view.tsx Why: A verification revealed two gaps: (1) RnMultiCheckoutView.handleFinish only navigated to payment list and never called convertTemplatesToRequests, so multi-seller carts never created PurchaseRequests; fixed by calling conversion with stashed cart items and navigating to the first created request. (2) Backend orphan-payment cleanup found ALL pending payments for the buyer and hard-deleted all but the first — fatal for multi-seller carts; fixed by restricting orphan query to provider: 'shkeeper' only so request.network payments retain their independent lifecycle. Verification: Pushed to integrate-main-into-development on both repos — Woodpecker builds pending. Linked docs updated: 03 - API Reference/Payment API

2026-05-28 — backend@faf2221, frontend@022ecb6 — Task #7 derived destinations: sweep autostart, recordSweep fix, multi-seller checkout UX

Commits: backend faf2221 (2.6.42 → 2.6.43), frontend 022ecb6 (2.6.42 → 2.6.43) Touched:

  • Backend: src/app.ts, src/models/DerivedDestination.ts, src/models/Payment.ts, src/services/payment/requestNetwork/requestNetworkPayInService.ts, src/services/payment/wallets/derivedDestinations.ts, .env.example
  • Frontend: src/sections/payment/checkout/rn-in-house-checkout-view.tsx, src/sections/request-template/request-template-checkout-payment.tsx, src/web3/components/multi-seller-provider-payment.tsx, src/sections/payment/checkout/rn-multi-checkout-view.tsx, src/app/checkout/request-network/multi/page.tsx Why: PRD items D/E/F + frontend cart-aware checkout (A). Auto-start sweep cron on boot; fix recordSweep to $inc totalSwept instead of $setOnInsert; widen Payment unique index to include sellerOfferId for multi-seller carts; add multi-seller checkout wrapper and wire into template + request flows. Verification: Pushed to integrate-main-into-development on both repos — Woodpecker builds pending. Linked docs updated: 03 - API Reference/Payment API (derived-destination endpoints)

2026-05-28 — backend@e46be98, frontend@af77b3c — add nick-doc sync rule + version bumps

Commits: backend e46be98 (2.6.24 → 2.6.25), frontend af77b3c (2.6.25 → 2.6.26) Touched: backend/AGENTS.md, frontend/AGENTS.md (new), both package.json + package-lock.json Why: Establish a mandatory rule that every code push must be followed by a nick-doc Activity Log entry (and relevant section updates) so the vault never falls behind the code. Frontend AGENTS.md created from scratch (was missing). Verification: Pushed to integrate-main-into-development on both repos — Woodpecker builds pending. Linked docs updated: This vault's AGENTS.md updated with the same rule. Note: Backend (2.6.25) and frontend (2.6.26) are intentionally one patch apart — backend was a version behind before this session. Should be re-aligned on the next paired bump.


2026-05-28 — frontend@9d4aa37 — fix 429 request storm on template SWR hooks

Commits: 9d4aa37 Touched: src/actions/request-template.ts Why: Production browser showed repeated 429 (Too Many Requests) on /api/marketplace/request-templates/sellers. Default SWR config was revalidating on focus/reconnect and retrying on errors, making backend rate-limit recover impossible without a restart. Verification: Pushed, awaiting Woodpecker build. Visual confirmation on dev.amn.gg after deploy. Linked docs updated: none yet — SWR pattern should be promoted to 07 - Development/Coding Standards.md in a follow-up.


2026-05-28 — frontend@6c89444 — improve request template form debug feedback

Commits: 6c89444 Touched: src/sections/request-template/request-template-new-edit-form.tsx Why: Users could not tell why "ایجاد قالب" failed — validation errors silently blocked submission, API errors collapsed to generic "خطایی رخ داده است!", and the "انتشار" Switch in renderActions was visual-only. Verification: Type-check passes via Docker build in prior session; manual browser test pending. Linked docs updated: none.


2026-05-27 — frontend@8c0f14d, ad498f4, f3a3c9d, bb72a66 — unblock 2.6.19 Docker build

Commits: bb72a66 f3a3c9d ad498f4 8c0f14d Touched: src/sections/request-template/request-template-checkout-payment.tsx, src/web3/components/wallet-selector.tsx, tsconfig.json, src/types/payment.ts Why: Docker build was failing on TypeScript compilation after the wallet-support + test-payment feature merge. Four distinct errors fixed: User type uses _id not id; wallet-selector imported non-existent @/components/ui/dialog; @/* path alias missing from tsconfig; IPayment metadata type didn't allow test-payment fields. Verification: Local docker build succeeded — image escrow-frontend:2.6.19 created. Linked docs updated: none — should add SWR + UI library notes to 07 - Development/Coding Standards.md.