Siavash Sameni 9698ec5809 docs: align API reference and data model docs with code reality
API Reference (9 files updated):
- Marketplace API: corrected offer endpoints (scoped under /purchase-requests/:id/offers),
  marked phantom /search /stats /seller/:sellerId /withdraw routes as NOT IMPLEMENTED,
  documented PUT→PATCH mismatches, removed invalid SellerOffer 'active' status
- Dispute API: corrected resolve schema (action enum), categories (no 'fraud'),
  removed 'under_review' status, added security callouts (3 unguarded endpoints),
  route shadowing documented, all socket events marked as TODO stubs
- Notification API: corrected mark-all-read method+path, fixed broken GET /:id,
  added unread-count-update event, 90-day TTL documented
- Payment API: /create→/save, removed 10+ phantom endpoints, fixed release/refund
  paths (no /shkeeper/ segment), added 3 unauthenticated endpoint security warnings,
  stats undercounting documented, export privilege gap documented
- Authentication API: 8-digit→6-digit code, no-complexity warning on reset-with-code,
  rate limiter counts all attempts, passkey stub claims removed, deleteAccount bug noted
- Admin API: PUT→PATCH bug documented, wrong status values documented, hard vs soft
  delete clarified, scanner no-auth security bug, 3 NOT IMPLEMENTED endpoints
- Chat API: file upload wrong endpoint bug, archive PUT→PATCH bug, rate limits added
- Points API: corrected redeem schema, referral triggers on 'completed' only,
  leaderboard period ignored, removed 'refund' PointTransaction type
- Socket Events: removed request-cancelled, notification-read; added unread-count-update;
  dispute events all stubs; referral-signup is auth-domain not points-domain

Data Models (3 files updated):
- SellerOffer: removed 'active' from status enum, withdrawOffer() is dead code
- PurchaseRequest: added pending_payment/active statuses, added 'urgent' urgency,
  corrected description minimum (5 chars), removed finalized/archived
- Dispute: corrected action enum, categories (no fraud), removed under_review,
  security callout on unguarded status/resolve endpoints

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-29 14:57:47 +04:00

title, tags, created
title tags created
Amn Marketplace — Documentation Vault
moc
index
2026-05-23

vase in app mikham

Amn Marketplace — Documentation Vault

Complete technical & operational documentation for the Amn (a.k.a. "nick app") crypto-escrow marketplace platform. This vault is exhaustive enough to re-implement the system from scratch with no access to the source code.

[!info] Repos: git@git.manko.yoga:222/nick/{backend,frontend}.git · Branch: development · Vault generated: 2026-05-23


How to read this vault

Open this folder in Obsidian for the best experience (graph view + wikilinks + Mermaid rendering). It also reads as plain Markdown anywhere.

Suggested reading paths:

  • New developer00 Overview01 Architecture07 Development/Local Setup → start coding.
  • Re-implementer00 Overview02 Data Models03 API Reference04 Flows01 Architecture for plumbing details.
  • Designer00 Overview05 Design System01 Architecture/Frontend Architecture.
  • Product / PM00 Overview04 Flows06 Usage.
  • Operator / DevOps00 Overview01 Architecture/Infrastructure08 Operations.
  • Support staff06 Usage/Support Guide + 00 Overview/Glossary + relevant flow docs.

00 — Overview

Project context, the cast of characters, and shared vocabulary.

01 — Architecture

How the system is composed at every layer.

02 — Data Models

Per-entity Mongoose schemas — fields, relationships, state machines.

03 — API Reference

Every endpoint, grouped by service. Auth, request/response shapes, errors, socket events.

04 — Flows

End-to-end narratives for every user-visible interaction, with Mermaid sequence/state diagrams.

Identity

Marketplace

Money

Resolution

Engagement

05 — Design System

The visual & UX language of the frontend.

06 — Usage

End-user guides — one per role.

07 — Development

For engineers contributing to the codebase.

08 — Operations

For engineers / SREs running the system in production.


Cross-cutting indexes

By topic

Topic Start here
Payments PRD - Request Network In-House CheckoutPayment APIPaymentPayout Flow
Custody / escrow strategy PRD - Decentralized Custody and Smart-Contract Escrow RoadmapEscrow FlowFunds Ledger and Escrow State Machine Specification
Auth Authentication FlowAuthentication APISecurity Architecture
Backend security / refactor Backend Stack Security and Refactor Assessment - 2026-05-24Platform Logical Audit - 2026-05-24PRD - Platform Audit Remediation Plan (2026-05-24)
Developer task queue .taskmaster/README.md.taskmaster/tasks/tasks.json → root PRD - *.md files
Real-time Real-time LayerSocket EventsChat Flow / Notification Flow
Disputes Dispute FlowDispute APIDisputeAdmin Guide §5
Web3 Payment Flow - DePay & Web3Frontend Architecture §9
i18n / RTL Internationalization & RTLTypography
Theming Design System OverviewTheme ConfigurationSettings & Theming

By role

If you are… Start with
Buyer User Guide
Seller / Owner Seller Guide
Admin Admin Guide
Support agent Support Guide
Backend engineer Backend Architecture · Data Model Overview
Frontend engineer Frontend Architecture · Design System Overview
DevOps / SRE Infrastructure · Deployment · Incident Response
Product / PM Introduction · Roles & Personas · 04 Flows

Vault conventions

  • Wikilinks [[Document Name]] (no extension) — Obsidian resolves them automatically.
  • YAML frontmatter at the top of every file — title, tags, created.
  • Callouts > [!note], > [!warning], > [!tip], > [!info], > [!important], > [!example].
  • Mermaid diagrams in fenced code blocks (flowchart, sequenceDiagram, stateDiagram-v2, erDiagram).
  • Citations file:lineNumber whenever referring to specific code (e.g., backend/src/app.ts:79-179).
  • Tables for structured data — env vars, endpoints, model fields, etc.

Statistics

  • ~85 markdown files across 9 sections
  • ~600 KB total of documentation
  • ~80,000 words of prose
  • Mermaid diagrams for every major flow and architecture view
  • Wikilinks throughout for graph-view navigation

Known limitations & roadmap items

These are documented in their respective sections but worth highlighting:

Warning

  • Backend rate-limit middleware is currently disabled (backend/src/app.ts:227). Enable before any public traffic — see Security Architecture.
  • Passkey service is partly stubbed — see Passkey (WebAuthn) Flow for production-hardening checklist.
  • Auto-release of escrow on delivery confirmation not yet automated — admin/custody operators run release flows. See Delivery Confirmation Flow + Payout Flow.
  • Dispute holds exist in code, but the Dispute model/docs still need full canonical state-machine alignment. See Dispute Flow + Escrow Flow.
  • Several development env values committed as public — see Environment Variables for rotation list.
  • Single-host deployment; horizontal scaling requires Redis adapter for Socket.IO — see Real-time Layer §8.
  • Request Network webhooks currently land on the main app. Roadmap: Cloudflare Worker durable ingress + replay, with backend Transaction Safety Provider checks before escrow is credited. See Request Network Integration Constraints.

Contributing to this vault

  • Add files under the appropriate section folder.
  • Use the conventions above (frontmatter, wikilinks, callouts).
  • Run git diff on the source repo before updating docs — keep cited line numbers fresh.
  • For new flows, follow the structure of Authentication Flow (Actors → Preconditions → Steps → Mermaid → API calls → DB writes → Socket events → Side effects → Errors → Related).
  • For new models, follow the structure of User (purpose → schema table → virtuals/hooks → methods → relationships → state diagram → queries → related).

License & ownership

The vault is the project's internal documentation. Treat all credentials, addresses, and operational details as confidential. Public-facing copies should redact the seed credentials, env values, and any production URLs/IDs that aren't already public.


End

Welcome to the codebase. If anything here is unclear, the source is in the Backend Architecture / Frontend Architecture cited files — fix the docs as you go.

Description
No description provided
Readme 6.9 MiB
Languages
HTML 55.7%
JavaScript 44.3%