Files
nick-doc/09 - Audits/Activity Log.md
2026-05-30 03:20:28 +03:30

18 KiB
Raw Blame History

title, tags, created
title tags created
Activity Log
audit
log
append-only
2026-05-28

Activity Log

Append-only log of every git push from backend and frontend. Newest entries on top. Maintained by agents per the rule in ../AGENTS.md.


2026-05-30 — frontend@9013b70, c77cf82, 8add494 — staged node-package upgrade + TS6 test fix + lint sweep

Commits: 8add494 c77cf82 9013b70 Touched:

  • Deps (package.json, yarn.lock): TypeScript 5→6, Jest 29→30, Tiptap 2→3 (all 11 sub-packages), i18next 25→26, react-i18next 15→17, @types/node 22→25, @types/jest 29→30, react-dropzone 14→15, react-apexcharts 1→2, mui-one-time-password-input 5→7, React 19.1→19.2, MUI 7.1→7.3 (in-range), zod 4.0→4.4. Constraints bumped to tested floors (@mui/material ^7.3.11, wagmi ^2.19.5, etc.). Version bumped 2.7.9 → 2.7.10.
  • Code fixes for new types: src/theme/with-settings/update-core.ts (cast currentScheme via Record<string,unknown> after MUI 7.3 tightened ColorSystemOptions), src/components/editor/components/code-highlight-block.tsx (cast NodeViewContent as='code''code' as 'div' for Tiptap 3 stricter prop typing).
  • Test infra: jest.config.js (point ts-jest at tsconfig.test.json explicitly, ignore TS5101/TS5011), tsconfig.test.json (add rootDir: "." and ignoreDeprecations: "6.0").
  • Security hygiene: .env.local + .env.production removed from tracking; added to .gitignore. Existing values still in git history — rotate any leaked credentials.
  • Lint sweep: yarn lint:fix applied across 64 files in src/ — mostly perfectionist/sort-imports reorders and unused-imports removals.
  • Docs: AGENTS.md gained an "Enforced project conventions" section covering Prettier, ESLint, TypeScript, and the centralized src/theme/ structure. CLAUDE.md is now a symlink → AGENTS.md so Claude Code reads the same rules.
  • Tooling: scripts/upgrade-packages.sh (reusable staged-upgrade runner with snapshot + auto-rollback) and scripts/UPGRADE-PLAN.md (strategy + per-stage rationale) added. .upgrade-backups/ added to .gitignore.

Why: Many runtime / dev dependencies were 37 minors behind; the audit was triggered by a request to "update all node packages without breaking the build." Did it as eight staged groups (in-range → @types → ESLint → Jest → Tiptap → i18next → misc → TypeScript), each gated by yarn build. Three stages were pulled back: ESLint 10 (eslint-plugin-react@7 incompatible with new context API), wagmi 3 (@coinbase/wallet-sdk declares window.ethereum: unknown, breaks type union with viem), MUI 7→9 (AGENTS.md pins to v7).

Verification: yarn build passes after every stage (3444s, all 57 routes). yarn test recovered from "45 suites fail, 0 tests run" (TS6 blocker) to 530 tests pass, 18 unrelated mock failures. yarn lint went 204 → 21 problems (the remaining 5 errors are pre-existing: 2× @ts-nocheck, 3× no-bitwise). Dev server (/, /auth/jwt/sign-in, /post, /shop, /dashboard, /telegram) all return 200. Manual smoke test of the Tiptap editor + wagmi connect flow is still recommended before promoting to prod.

Linked docs updated: none yet — 07 - Development/ should grow a "Node dependency upgrade runbook" pointing at frontend/scripts/UPGRADE-PLAN.md and the staged-rollback pattern. Also worth promoting the new AGENTS.md conventions section to 07 - Development/Coding Standards.md.


2026-05-29 — backend@cdc8df1 — AMN Pay Scanner integration (retire Request Network)

Commits: backend cdc8df1, scanner 8fee27e Touched:

  • Backend: src/services/payment/adapters/amnPayAdapter.ts, src/routes/amnScannerWebhookRoutes.ts, src/services/payment/adapters/types.ts, src/services/payment/providerConfig.ts, src/app.ts, .env.example, docker-compose.dev.yml, docker-compose.production.yml
  • Scanner (new repo): scanner/*.go, Dockerfile, supported-chains.json
  • Frontend: src/actions/network-registry.ts, src/sections/admin/networks/networks-list-view.tsx Why: Implement AMN Pay Scanner per PRD - Retire Request Network — In-House Payment Scanner.md. Standalone Go microservice scans ERC20FeeProxy TransferWithReferenceAndFee events directly, eliminating RN API dependency. Supports any destination address (derived HD wallets enabled). Parallel run: RN stays active for existing payments; new payments route to scanner when AMN_SCANNER_URL is configured. Verification: tsc --noEmit clean. Scanner binary builds (go build). Go tests pass (3/3). Frontend networks page renders scanner lag column. Linked docs updated: 07 - Development/Environment Variables, PRD - Retire Request Network — In-House Payment Scanner

2026-05-29 — backend@7688f57 — Sweep gas strategy: PermitPull + GasTopUp signers

Commits: backend 7688f57 Touched:

  • Backend: src/services/payment/wallets/sweepService.ts, __tests__/sweep-service.test.ts, .env.example Why: Implement hybrid two-signer sweep strategy per PRD - Sweep Gas Strategy - Permit Pull vs Gas Top-Up.md. PermitPullSweepSigner uses EIP-2612 permit for non-BSC chains (ETH, Arbitrum, Polygon, Base) so derived addresses never need native gas. GasTopUpSweepSigner handles BSC by topping up BNB from a master wallet before the derived address calls transfer(). getSweepSigner(chainId, tokenSymbol) auto-selects the correct signer. Static PERMIT_CAPABLE_TOKENS map seeded from on-chain audit 2026-05-29. Verification: tsc --noEmit clean. npx jest __tests__/sweep-service.test.ts — 31/31 pass (including 16 new tests for auto-selection and permit capability matrix). Linked docs updated: 07 - Development/Environment Variables, PRD - Sweep Gas Strategy - Permit Pull vs Gas Top-Up

2026-05-28 — deployment@4e8658d — Gatus monitoring: Docker service + config

Commits: deployment 1ac2e744e8658d Touched: deployment/gatus/config.yaml, deployment/docker-compose.yml, deployment/.env Why: Add Gatus monitoring service to the deployment stack. Config covers backend-dev, backend-prod, frontend-dev, frontend-prod, and external deps (RN API, Chainalysis, BSC RPC). Telegram alerting configured. Service exposed via Traefik at gatus.ch.manko.yoga. Verification: Config file validated against Gatus schema. Awaiting docker-compose up -d gatus on server. Linked docs updated: 08 - Operations/Gatus Monitoring - Proposed Config


2026-05-28 — backend@6c01a30 — Gatus monitoring: GET /api/health endpoint

Commits: backend 19f7eb944579d66c01a30 (2.6.48 → 2.6.49) Touched:

  • Backend: src/services/health/healthCheckService.ts, src/services/health/index.ts, src/app.ts, __tests__/health-check.test.ts Why: Implement GET /api/health for Gatus monitoring. Exposes 5 checks (db, redis, rnChainRegistry, rnTokenRegistry, rnApi) in a single public endpoint. Status semantics: ok | degraded | down (503 when DB fails). Each check includes latencyMs; registry checks include counts. Rate limiter and request logging skip /api/health. 5 route-level unit tests cover ok/degraded/down transitions. Verification: tsc --noEmit clean. npx jest __tests__/health-check.test.ts — 5/5 pass. Linked docs updated: 08 - Operations/Gatus Monitoring - Proposed Config

2026-05-28 — backend@19f7eb9, frontend@60ee6fb — Task #10: AML screening (Chainalysis, seller-paid, seller opt-in)

Commits: backend 441c8be80ba04619f7eb9 (2.6.46 → 2.6.47), frontend 717d5c8b7540f560ee6fb (2.6.46 → 2.6.47) Touched:

  • Backend: src/services/payment/safety/amlProvider.ts, src/services/payment/safety/chainalysisProvider.ts, src/services/payment/safety/amlScreeningService.ts, src/services/payment/safety/transactionSafetyProvider.ts, src/services/payment/paymentCoordinator.ts, src/services/admin/amlConfigRoutes.ts, src/models/SellerOffer.ts, src/app.ts, .env.example
  • Frontend: src/sections/request/components/seller-steps/step-1-send-proposal.tsx, src/types/marketplace.ts Why: Task #10 implementation. Chainalysis Public Sanctions API integration for seller-paid AML screening. Seller can opt-in per-offer via requireAmlCheck + amlBlockOnFailure toggles. TransactionSafetyProvider screens buyer source address after on-chain transfer verification. paymentCoordinator deducts AML_CHECK_COST_USD (default 0, API is free) from seller escrow on payment completion. Admin routes for AML config. Verification: Frontend tsc --noEmit clean. Backend relevant tests pass (module resolution issues in unrelated test files). Linked docs updated: 02 - Data Models/SellerOffer, 03 - API Reference/Admin API, 04 - Flows/Escrow Flow

2026-05-28 — backend@441c8be, frontend@717d5c8 — Task #9: Per-chain confirmation thresholds + admin UI

Commits: backend 4a85737441c8be (2.6.47 → 2.6.48), frontend 0ebb2f1717d5c8 (2.6.46 → 2.6.48) Touched:

  • Backend: src/models/ConfigSetting.ts, src/services/payment/safety/confirmationThresholdService.ts, src/services/payment/safety/transactionSafetyProvider.ts, src/services/admin/confirmationThresholdRoutes.ts, src/services/admin/awaitingConfirmationRoutes.ts, src/app.ts
  • Frontend: src/sections/admin/confirmation-thresholds/, src/sections/admin/payments-awaiting-confirmation/, src/actions/confirmation-thresholds.ts, src/routes/paths.ts, src/layouts/nav-config-dashboard.tsx Why: PRD §3 — Task #9 implementation. Runtime per-chain confirmation thresholds via ConfigSetting Mongo model with 30s in-memory cache. TransactionSafetyProvider now reads getConfirmationThreshold(chainId) instead of static env. Admin endpoints: GET/PATCH /api/admin/settings/confirmation-thresholds, GET /api/admin/payments/awaiting-confirmation. Frontend admin pages for threshold editing and awaiting-confirmation payment monitoring. Verification: All 56 relevant backend tests green. Frontend tsc --noEmit clean. Linked docs updated: 03 - API Reference/Payment API

2026-05-28 — backend@4a85737, frontend@0ebb2f1 — Task #8: Multichain RN proxy registry + USDC/USDT support + Base fix + USDT fork test

Commits: backend 01b9ea0ae17b184a85737 (2.6.45 → 2.6.47), frontend 0ebb2f1 (2.6.44 → 2.6.46) Touched:

  • Backend: src/services/payment/requestNetwork/supportedChains.json, src/services/payment/requestNetwork/tokens.json, src/services/payment/requestNetwork/tokens.ts, src/services/payment/requestNetwork/proxyAddresses.ts, src/services/payment/requestNetwork/inHouseCheckout.ts, src/services/payment/requestNetwork/networkRegistryRoutes.ts, src/services/payment/wallets/sweepService.ts, src/app.ts, scripts/probe-rn-chains.ts
  • Frontend: src/web3/config.ts, src/sections/payment/checkout/rn-in-house-checkout-view.tsx, src/sections/admin/networks/, src/app/dashboard/admin/networks/page.tsx, src/actions/network-registry.ts, src/routes/paths.ts, src/layouts/nav-config-dashboard.tsx Why: PRD §2 — Task #8 implementation. 5-chain registry (BSC, Arbitrum, Ethereum, Polygon, Base) with canonical RN ERC20FeeProxy addresses and per-chain USDC/USDT entries including Base. tokens.ts and proxyAddresses.ts now load from JSON files with admin reload capability. buildInHouseCheckoutBlock returns unsupported_chain:<id> for unknown chains. Frontend wagmi config expanded to include arbitrum + base. Per-chain explorer URLs in checkout view. USDT-mainnet approve(0) reset quirk handled in approve flow. New admin page /dashboard/admin/networks renders registry with reload button. New probe script scripts/probe-rn-chains.ts verifies proxy deployment on-chain. Verification: All 58 relevant backend tests green (rn-in-house-checkout, derived-destinations, sweep-service, request-template-orphan-cleanup). Frontend tsc --noEmit clean. Linked docs updated: 03 - API Reference/Payment API (new GET /api/admin/rn/networks and POST /api/admin/rn/networks/reload endpoints)

2026-05-28 — backend@34f542e — Task #7 B: unit tests for derived-destinations + sweep-service + orphan-cleanup regression

Commits: backend 34f542e (2.6.44 → 2.6.45) Touched: __tests__/derived-destinations.test.ts (26 tests), __tests__/sweep-service.test.ts (18 tests), __tests__/request-template-orphan-cleanup.test.ts (2 tests) Why: PRD item B — regression lock-in test suite for Task #7. Covers: getDestinationFor idempotency, E11000 race fallback, validateXpub rejection of xpriv/tprv/garbage, deriveAddressAtIndex determinism, recordSweep $inc accumulation (regression lock-in for item E), and orphan-payment cleanup provider filtering (regression lock-in for Gap 2 fix in 2.6.44). Verification: All 46 tests green (npx jest derived-destinations.test.ts sweep-service.test.ts request-template-orphan-cleanup.test.ts). Linked docs updated: 08 - Operations/Handoff - Request Network In-House Checkout - 2026-05-28


2026-05-28 — backend@1889169, frontend@c44ed64 — Task #7 A verification fix: multi-checkout conversion + orphan-payment guard

Commits: backend 1889169 (2.6.43 → 2.6.44), frontend c44ed64 (2.6.43 → 2.6.44) Touched:

  • Backend: src/services/marketplace/RequestTemplateService.ts
  • Frontend: src/sections/payment/checkout/rn-multi-checkout-view.tsx Why: A verification revealed two gaps: (1) RnMultiCheckoutView.handleFinish only navigated to payment list and never called convertTemplatesToRequests, so multi-seller carts never created PurchaseRequests; fixed by calling conversion with stashed cart items and navigating to the first created request. (2) Backend orphan-payment cleanup found ALL pending payments for the buyer and hard-deleted all but the first — fatal for multi-seller carts; fixed by restricting orphan query to provider: 'shkeeper' only so request.network payments retain their independent lifecycle. Verification: Pushed to integrate-main-into-development on both repos — Woodpecker builds pending. Linked docs updated: 03 - API Reference/Payment API

2026-05-28 — backend@faf2221, frontend@022ecb6 — Task #7 derived destinations: sweep autostart, recordSweep fix, multi-seller checkout UX

Commits: backend faf2221 (2.6.42 → 2.6.43), frontend 022ecb6 (2.6.42 → 2.6.43) Touched:

  • Backend: src/app.ts, src/models/DerivedDestination.ts, src/models/Payment.ts, src/services/payment/requestNetwork/requestNetworkPayInService.ts, src/services/payment/wallets/derivedDestinations.ts, .env.example
  • Frontend: src/sections/payment/checkout/rn-in-house-checkout-view.tsx, src/sections/request-template/request-template-checkout-payment.tsx, src/web3/components/multi-seller-provider-payment.tsx, src/sections/payment/checkout/rn-multi-checkout-view.tsx, src/app/checkout/request-network/multi/page.tsx Why: PRD items D/E/F + frontend cart-aware checkout (A). Auto-start sweep cron on boot; fix recordSweep to $inc totalSwept instead of $setOnInsert; widen Payment unique index to include sellerOfferId for multi-seller carts; add multi-seller checkout wrapper and wire into template + request flows. Verification: Pushed to integrate-main-into-development on both repos — Woodpecker builds pending. Linked docs updated: 03 - API Reference/Payment API (derived-destination endpoints)

2026-05-28 — backend@e46be98, frontend@af77b3c — add nick-doc sync rule + version bumps

Commits: backend e46be98 (2.6.24 → 2.6.25), frontend af77b3c (2.6.25 → 2.6.26) Touched: backend/AGENTS.md, frontend/AGENTS.md (new), both package.json + package-lock.json Why: Establish a mandatory rule that every code push must be followed by a nick-doc Activity Log entry (and relevant section updates) so the vault never falls behind the code. Frontend AGENTS.md created from scratch (was missing). Verification: Pushed to integrate-main-into-development on both repos — Woodpecker builds pending. Linked docs updated: This vault's AGENTS.md updated with the same rule. Note: Backend (2.6.25) and frontend (2.6.26) are intentionally one patch apart — backend was a version behind before this session. Should be re-aligned on the next paired bump.


2026-05-28 — frontend@9d4aa37 — fix 429 request storm on template SWR hooks

Commits: 9d4aa37 Touched: src/actions/request-template.ts Why: Production browser showed repeated 429 (Too Many Requests) on /api/marketplace/request-templates/sellers. Default SWR config was revalidating on focus/reconnect and retrying on errors, making backend rate-limit recover impossible without a restart. Verification: Pushed, awaiting Woodpecker build. Visual confirmation on dev.amn.gg after deploy. Linked docs updated: none yet — SWR pattern should be promoted to 07 - Development/Coding Standards.md in a follow-up.


2026-05-28 — frontend@6c89444 — improve request template form debug feedback

Commits: 6c89444 Touched: src/sections/request-template/request-template-new-edit-form.tsx Why: Users could not tell why "ایجاد قالب" failed — validation errors silently blocked submission, API errors collapsed to generic "خطایی رخ داده است!", and the "انتشار" Switch in renderActions was visual-only. Verification: Type-check passes via Docker build in prior session; manual browser test pending. Linked docs updated: none.


2026-05-27 — frontend@8c0f14d, ad498f4, f3a3c9d, bb72a66 — unblock 2.6.19 Docker build

Commits: bb72a66 f3a3c9d ad498f4 8c0f14d Touched: src/sections/request-template/request-template-checkout-payment.tsx, src/web3/components/wallet-selector.tsx, tsconfig.json, src/types/payment.ts Why: Docker build was failing on TypeScript compilation after the wallet-support + test-payment feature merge. Four distinct errors fixed: User type uses _id not id; wallet-selector imported non-existent @/components/ui/dialog; @/* path alias missing from tsconfig; IPayment metadata type didn't allow test-payment fields. Verification: Local docker build succeeded — image escrow-frontend:2.6.19 created. Linked docs updated: none — should add SWR + UI library notes to 07 - Development/Coding Standards.md.