Remaining docs updated to match code (the docs that the first pass had not covered):
- Flows: Chat, Referral, Rating, Registration, Google OAuth, Negotiation, Payout,
Trezor Safekeeping — corrected endpoints, socket events, status enums, auth gaps
- API Reference: User API, Trezor API — admin route prefix/verb/status corrections,
added undocumented endpoints (ton-proof challenge, profile email verify,
GET /trezor/account, POST /trezor/verify-operation)
- Data Models: Chat, Notification, Payment, PointTransaction, User — corrected
enums (PaymentProvider, escrowState, PointTransaction.type, User.status),
90-day notification TTL, soft-delete semantics, wallet fields
Trezor "zero frontend" finding (audit C31/C32) corrected as STALE:
- Verified current code HAS a full frontend Trezor implementation (admin/trezor
page, TrezorSettingsView, trezorConnector via @trezor/connect-web,
TrezorSignDialog, actions/trezor.ts building the {message,signature} object)
- Fixed Trezor Safekeeping Flow doc (removed false "no frontend" warnings)
- Reclassified ISSUE-012 as invalid/superseded with explanation
Issue set reconciled to a single canonical numbering (ISSUE-001..054):
- Adopted the comprehensive 51-issue set (long-slug, fully indexed)
- Removed 35 superseded short-slug duplicates from the first pass
- Removed a duplicate ISSUE-046 file
- Added 3 issues the 51-set lacked: ISSUE-052 (completed-not-counted-in-stats),
ISSUE-053 (axios 401-only interceptor), ISSUE-054 (rate limiter counts all attempts)
- Regenerated Issues Index: 53 open (14 critical, 39 major) + 1 invalid
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1.2 KiB
1.2 KiB
issue, title, severity, domain, labels, status, created, source
| issue | title | severity | domain | labels | status | created | source | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| 045 | addParticipants frontend sends { participants: string[] } array but backend expects { userId: string } single user | major | Chat |
|
open | 2026-05-29 | Doc vs Code Audit 2026-05-29 |
🟠 addParticipants frontend sends { participants: string[] } array but backend expects { userId: string } single user
Severity: major Domain: Chat Labels: bug, frontend, major, chat
Description
The frontend addParticipants action (chat.ts line 425) sends { participants: string[] } as the body. The API documents POST /api/chat/:id/participants with body { userId: string } — a single user. Backend expects a single userId, not an array. Bulk participant addition will be silently handled incorrectly.
Current Behavior
addParticipants sends an array payload that the backend does not expect. Participant addition may fail or be ignored.
Expected Behavior
Frontend should send { userId: string } and call the endpoint once per participant, or backend should be updated to accept an array.
Affected Files
frontend/src/actions/chat.ts