Files
nick-doc/Taskmaster/tasks.md
Siavash Sameni 0060b16912 docs: ship in-house RN checkout, scope 5 follow-up tasks (#7-11)
In-house Request Network checkout went fully end-to-end on dev today.
A real 0.01 USDC payment flowed through wallet connect -> approve ->
ERC20FeeProxy.transferFromWithReferenceAndFee -> RN webhook ->
TransactionSafetyProvider -> Payment.status=completed -> page success
state. Tx 0x494c77a29161b5100d8e0b1ac675f1822955d0bb3633ecdbfafb886f84f2f320.

Docs:
- New PRD: Wallet, Multichain, Confirmations, AML, Trezor
  (5 follow-ups, each sized for an independent contributor)
- Updated PRD: Request Network In-House Checkout (phases 0..3 done,
  phase 4 partial, phases 5-6 not started)
- Updated handoff: deployed versions, what is working end-to-end,
  follow-up tasks index

Taskmaster: 5 new top-level tasks (#7..#11) covering ephemeral
destination wallets, multichain proxy registry + USDC/USDT, runtime
confirmation thresholds, optional seller-paid AML screening, and
Trezor signing for admin actions. Tasks are scoped fine-grained so
each is independent enough for kimi to pick up.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 15:50:24 +04:00

67 lines
7.4 KiB
Markdown

# Taskmaster Tasks
Generated from `.taskmaster/tasks/tasks.json` at 2026-05-28T11:49:27.076Z.
These lines use the Obsidian Tasks emoji format:
- standard Markdown checkbox syntax
- `#taskmaster` tag for filtering
- priority emoji where available
- `🆔` task IDs
- `⛔` dependency IDs
- [x] 1 - Stabilize Mermaid diagram rendering across documentation vault #taskmaster #priority/medium #status/done 🔼 🆔 tm-1
- [x] 1.1 - Fix Security Architecture email/password sequence #taskmaster #priority/medium #status/done 🔼 🆔 tm-1-1
- [x] 1.2 - Fix authentication login and refresh diagrams #taskmaster #priority/medium #status/done 🔼 🆔 tm-1-2
- [x] 1.3 - Fix chat, delivery, dispute, OAuth, purchase request, referral, registration, and seller-offer diagrams #taskmaster #priority/medium #status/done 🔼 🆔 tm-1-3
- [x] 2 - Implement platform audit remediation plan #taskmaster #priority/high #status/done ⏫ 🆔 tm-2
- [x] 2.1 - Secure unauthenticated endpoints and owner enforcement #taskmaster #priority/high #status/done ⏫ 🆔 tm-2-1
- [x] 2.2 - Re-enable and scope rate limiting #taskmaster #priority/high #status/done ⏫ 🆔 tm-2-2 ⛔ tm-1
- [x] 2.3 - Replace stubbed passkey/WebAuthn flow #taskmaster #priority/high #status/done ⏫ 🆔 tm-2-3 ⛔ tm-1
- [x] 2.4 - Strengthen DePay/Web3 payment verification #taskmaster #priority/high #status/done ⏫ 🆔 tm-2-4 ⛔ tm-1
- [x] 2.5 - Lock Socket.IO room joins to authenticated context #taskmaster #priority/medium #status/done 🔼 🆔 tm-2-5 ⛔ tm-1
- [x] 2.6 - Enforce dispute hold before payout and release operations #taskmaster #priority/medium #status/done 🔼 🆔 tm-2-6 ⛔ tm-1 ⛔ tm-4
- [x] 2.7 - Align documentation, API references, and runtime enums #taskmaster #priority/medium #status/done 🔼 🆔 tm-2-7 ⛔ tm-1 ⛔ tm-2 ⛔ tm-3 ⛔ tm-4 ⛔ tm-5 ⛔ tm-6
- [x] 3 - Migrate payment architecture toward Request Network and internal funds management #taskmaster #priority/high #status/done ⏫ 🆔 tm-3 ⛔ tm-2
- [x] 3.1 - Define provider-neutral payment contracts and adapter #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-1
- [x] 3.2 - Implement provider configuration, feature flags, and safe rollback #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-2 ⛔ tm-3-1
- [x] 3.3 - Create internal funds and payment ledger model #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-3 ⛔ tm-3-1
- [x] 3.4 - Build migration and indexing plan for existing SHKeeper records #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-4 ⛔ tm-3-3
- [x] 3.5 - Implement Request Network pay-in intent and secure payment pages #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-5 ⛔ tm-3-2
- [x] 3.6 - Implement signed Request Network webhook intake #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-6 ⛔ tm-3-2
- [x] 3.7 - Implement reconciliation and repair jobs #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-7 ⛔ tm-3-5 ⛔ tm-3-6
- [x] 3.8 - Replace checkout and payment UI with provider-neutral flows #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-8 ⛔ tm-3-5
- [x] 3.9 - Add payout/release and refund orchestration using ledger gates #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-9 ⛔ tm-3-3 ⛔ tm-3-7
- [x] 3.10 - Update release/refund APIs and marketplace release paths #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-10 ⛔ tm-3-8 ⛔ tm-3-9
- [x] 3.11 - Add comprehensive observability, runbooks, and incident controls #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-11 ⛔ tm-3-6 ⛔ tm-3-8 ⛔ tm-3-9 ⛔ tm-3-10
- [x] 3.12 - Add end-to-end integration, migration, and rollback test suites #taskmaster #priority/high #status/done ⏫ 🆔 tm-3-12 ⛔ tm-3-6 ⛔ tm-3-10 ⛔ tm-3-11
- [ ] 3.13 - Add durable RN webhook ingress and transaction safety #taskmaster #priority/high #status/pending ⏫ 🆔 tm-3-13
- [x] 4 - Define backend security and refactor strategy from latest audit #taskmaster #priority/high #status/done ⏫ 🆔 tm-4
- [x] 4.1 - Assign security ownership and launch decision criteria #taskmaster #priority/high #status/done ⏫ 🆔 tm-4-1
- [x] 4.2 - Produce threat model for escrow platform #taskmaster #priority/high #status/done ⏫ 🆔 tm-4-2 ⛔ tm-1
- [x] 4.3 - Specify funds ledger and escrow state machine #taskmaster #priority/high #status/done ⏫ 🆔 tm-4-3 ⛔ tm-2
- [x] 4.4 - Create authorization matrix for REST and Socket.IO #taskmaster #priority/high #status/done ⏫ 🆔 tm-4-4 ⛔ tm-2
- [x] 4.5 - Decide session, passkey, and admin step-up architecture #taskmaster #priority/high #status/done ⏫ 🆔 tm-4-5 ⛔ tm-2
- [x] 4.6 - Specify webhook security and provider adapter contracts #taskmaster #priority/high #status/done ⏫ 🆔 tm-4-6 ⛔ tm-3
- [x] 4.7 - Define secure build and supply-chain policy #taskmaster #priority/medium #status/done 🔼 🆔 tm-4-7 ⛔ tm-1
- [x] 4.8 - Make backend-core stack decision #taskmaster #priority/medium #status/done 🔼 🆔 tm-4-8 ⛔ tm-2 ⛔ tm-3 ⛔ tm-4 ⛔ tm-5 ⛔ tm-6 ⛔ tm-7
- [x] 4.9 - Create migration and operational runbooks #taskmaster #priority/medium #status/done 🔼 🆔 tm-4-9 ⛔ tm-8
- [ ] 5 - Deliver Telegram-native app, bot, and wallet experience #taskmaster #priority/high #status/in-progress ⏫ 🆔 tm-5
- [x] 5.1 - Define Telegram product surface and flow map #taskmaster #priority/high #status/done ⏫ 🆔 tm-5-1
- [x] 5.2 - Build Telegram identity linking and session model #taskmaster #priority/high #status/done ⏫ 🆔 tm-5-2 ⛔ tm-1
- [x] 5.3 - Implement bot command and notification foundation #taskmaster #priority/high #status/done ⏫ 🆔 tm-5-3 ⛔ tm-1 ⛔ tm-2
- [ ] 5.4 - Build Telegram Mini App shell for marketplace workflows #taskmaster #priority/high #status/in-progress ⏫ 🆔 tm-5-4 ⛔ tm-1 ⛔ tm-2
- [x] 5.5 - Add Telegram payment and wallet strategy #taskmaster #priority/high #status/done ⏫ 🆔 tm-5-5 ⛔ tm-2 ⛔ tm-4
- [ ] 5.6 - Expose escrow, delivery, dispute, and release actions safely #taskmaster #priority/high #status/pending ⏫ 🆔 tm-5-6 ⛔ tm-4 ⛔ tm-5
- [ ] 5.7 - Add admin and support surface for Telegram-originated cases #taskmaster #priority/high #status/pending ⏫ 🆔 tm-5-7 ⛔ tm-2 ⛔ tm-3 ⛔ tm-5
- [x] 5.8 - Add security, compliance, and abuse controls for Telegram #taskmaster #priority/high #status/done ⏫ 🆔 tm-5-8 ⛔ tm-2 ⛔ tm-3 ⛔ tm-5 ⛔ tm-6
- [x] 5.9 - Prepare QA, rollout, analytics, and launch operations #taskmaster #priority/high #status/done ⏫ 🆔 tm-5-9 ⛔ tm-3 ⛔ tm-4 ⛔ tm-5 ⛔ tm-6 ⛔ tm-7 ⛔ tm-8
- [x] 5.10 - Implement Telegram as first-class authentication provider #taskmaster #priority/high #status/done ⏫ 🆔 tm-5-10 ⛔ tm-2 ⛔ tm-8
- [x] 6 - Request Network in-house checkout (Rabby-supporting) #taskmaster #priority/high #status/done ⏫ 🆔 tm-6
- [x] 6.1 - Deploy confirmation repair before next paid probe #taskmaster #priority/high #status/done ⏫ 🆔 tm-6-1
- [ ] 7 - Per-(buyer, sellerOffer) ephemeral RN destination wallets #taskmaster #priority/high #status/pending ⏫ 🆔 tm-7
- [ ] 8 - Multichain RN proxy registry + USDC/USDT support #taskmaster #priority/high #status/pending ⏫ 🆔 tm-8
- [ ] 9 - Per-chain confirmation thresholds + admin UI #taskmaster #priority/medium #status/pending 🔼 🆔 tm-9
- [ ] 10 - Optional AML screening on incoming payments (seller-paid) #taskmaster #priority/medium #status/pending 🔼 🆔 tm-10
- [ ] 11 - Trezor signing for admin actions (release/refund/sweep) #taskmaster #priority/high #status/pending ⏫ 🆔 tm-11