Files
nick-doc/09 - Audits/Activity Log.md
2026-05-30 03:20:28 +03:30

212 lines
18 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: Activity Log
tags: [audit, log, append-only]
created: 2026-05-28
---
# Activity Log
Append-only log of every `git push` from `backend` and `frontend`. Newest
entries on top. Maintained by agents per the rule in `../AGENTS.md`.
---
### 2026-05-30 — frontend@9013b70, c77cf82, 8add494 — staged node-package upgrade + TS6 test fix + lint sweep
**Commits:** `8add494` `c77cf82` `9013b70`
**Touched:**
- Deps (`package.json`, `yarn.lock`): TypeScript 5→6, Jest 29→30, Tiptap 2→3 (all 11 sub-packages), i18next 25→26, react-i18next 15→17, @types/node 22→25, @types/jest 29→30, react-dropzone 14→15, react-apexcharts 1→2, mui-one-time-password-input 5→7, React 19.1→19.2, MUI 7.1→7.3 (in-range), zod 4.0→4.4. Constraints bumped to tested floors (`@mui/material ^7.3.11`, `wagmi ^2.19.5`, etc.). Version bumped 2.7.9 → 2.7.10.
- Code fixes for new types: `src/theme/with-settings/update-core.ts` (cast `currentScheme` via `Record<string,unknown>` after MUI 7.3 tightened `ColorSystemOptions`), `src/components/editor/components/code-highlight-block.tsx` (cast `NodeViewContent as='code'``'code' as 'div'` for Tiptap 3 stricter prop typing).
- Test infra: `jest.config.js` (point ts-jest at `tsconfig.test.json` explicitly, ignore TS5101/TS5011), `tsconfig.test.json` (add `rootDir: "."` and `ignoreDeprecations: "6.0"`).
- Security hygiene: `.env.local` + `.env.production` removed from tracking; added to `.gitignore`. Existing values still in git history — rotate any leaked credentials.
- Lint sweep: `yarn lint:fix` applied across 64 files in `src/` — mostly `perfectionist/sort-imports` reorders and unused-imports removals.
- Docs: `AGENTS.md` gained an "Enforced project conventions" section covering Prettier, ESLint, TypeScript, and the centralized `src/theme/` structure. `CLAUDE.md` is now a symlink → `AGENTS.md` so Claude Code reads the same rules.
- Tooling: `scripts/upgrade-packages.sh` (reusable staged-upgrade runner with snapshot + auto-rollback) and `scripts/UPGRADE-PLAN.md` (strategy + per-stage rationale) added. `.upgrade-backups/` added to `.gitignore`.
**Why:** Many runtime / dev dependencies were 37 minors behind; the audit was triggered by a request to "update all node packages without breaking the build." Did it as eight staged groups (in-range → @types → ESLint → Jest → Tiptap → i18next → misc → TypeScript), each gated by `yarn build`. Three stages were pulled back: ESLint 10 (eslint-plugin-react@7 incompatible with new context API), wagmi 3 (@coinbase/wallet-sdk declares `window.ethereum: unknown`, breaks type union with viem), MUI 7→9 (AGENTS.md pins to v7).
**Verification:** `yarn build` passes after every stage (3444s, all 57 routes). `yarn test` recovered from "45 suites fail, 0 tests run" (TS6 blocker) to 530 tests pass, 18 unrelated mock failures. `yarn lint` went 204 → 21 problems (the remaining 5 errors are pre-existing: 2× `@ts-nocheck`, 3× `no-bitwise`). Dev server (`/`, `/auth/jwt/sign-in`, `/post`, `/shop`, `/dashboard`, `/telegram`) all return 200. Manual smoke test of the Tiptap editor + wagmi connect flow is still recommended before promoting to prod.
**Linked docs updated:** none yet — `07 - Development/` should grow a "Node dependency upgrade runbook" pointing at `frontend/scripts/UPGRADE-PLAN.md` and the staged-rollback pattern. Also worth promoting the new AGENTS.md conventions section to `07 - Development/Coding Standards.md`.
---
### 2026-05-29 — backend@cdc8df1 — AMN Pay Scanner integration (retire Request Network)
**Commits:** backend `cdc8df1`, scanner `8fee27e`
**Touched:**
- Backend: `src/services/payment/adapters/amnPayAdapter.ts`, `src/routes/amnScannerWebhookRoutes.ts`, `src/services/payment/adapters/types.ts`, `src/services/payment/providerConfig.ts`, `src/app.ts`, `.env.example`, `docker-compose.dev.yml`, `docker-compose.production.yml`
- Scanner (new repo): `scanner/*.go`, `Dockerfile`, `supported-chains.json`
- Frontend: `src/actions/network-registry.ts`, `src/sections/admin/networks/networks-list-view.tsx`
**Why:** Implement AMN Pay Scanner per `PRD - Retire Request Network — In-House Payment Scanner.md`. Standalone Go microservice scans `ERC20FeeProxy` `TransferWithReferenceAndFee` events directly, eliminating RN API dependency. Supports any destination address (derived HD wallets enabled). Parallel run: RN stays active for existing payments; new payments route to scanner when `AMN_SCANNER_URL` is configured.
**Verification:** `tsc --noEmit` clean. Scanner binary builds (`go build`). Go tests pass (3/3). Frontend networks page renders scanner lag column.
**Linked docs updated:** [[07 - Development/Environment Variables]], [[PRD - Retire Request Network — In-House Payment Scanner]]
---
### 2026-05-29 — backend@7688f57 — Sweep gas strategy: PermitPull + GasTopUp signers
**Commits:** backend `7688f57`
**Touched:**
- Backend: `src/services/payment/wallets/sweepService.ts`, `__tests__/sweep-service.test.ts`, `.env.example`
**Why:** Implement hybrid two-signer sweep strategy per `PRD - Sweep Gas Strategy - Permit Pull vs Gas Top-Up.md`. `PermitPullSweepSigner` uses EIP-2612 permit for non-BSC chains (ETH, Arbitrum, Polygon, Base) so derived addresses never need native gas. `GasTopUpSweepSigner` handles BSC by topping up BNB from a master wallet before the derived address calls `transfer()`. `getSweepSigner(chainId, tokenSymbol)` auto-selects the correct signer. Static `PERMIT_CAPABLE_TOKENS` map seeded from on-chain audit 2026-05-29.
**Verification:** `tsc --noEmit` clean. `npx jest __tests__/sweep-service.test.ts` — 31/31 pass (including 16 new tests for auto-selection and permit capability matrix).
**Linked docs updated:** [[07 - Development/Environment Variables]], [[PRD - Sweep Gas Strategy - Permit Pull vs Gas Top-Up]]
---
### 2026-05-28 — deployment@4e8658d — Gatus monitoring: Docker service + config
**Commits:** deployment `1ac2e74``4e8658d`
**Touched:** `deployment/gatus/config.yaml`, `deployment/docker-compose.yml`, `deployment/.env`
**Why:** Add Gatus monitoring service to the deployment stack. Config covers backend-dev, backend-prod, frontend-dev, frontend-prod, and external deps (RN API, Chainalysis, BSC RPC). Telegram alerting configured. Service exposed via Traefik at `gatus.ch.manko.yoga`.
**Verification:** Config file validated against Gatus schema. Awaiting `docker-compose up -d gatus` on server.
**Linked docs updated:** [[08 - Operations/Gatus Monitoring - Proposed Config]]
---
### 2026-05-28 — backend@6c01a30 — Gatus monitoring: GET /api/health endpoint
**Commits:** backend `19f7eb9``44579d6``6c01a30` (2.6.48 → 2.6.49)
**Touched:**
- Backend: `src/services/health/healthCheckService.ts`, `src/services/health/index.ts`, `src/app.ts`, `__tests__/health-check.test.ts`
**Why:** Implement `GET /api/health` for Gatus monitoring. Exposes 5 checks (db, redis, rnChainRegistry, rnTokenRegistry, rnApi) in a single public endpoint. Status semantics: `ok` | `degraded` | `down` (503 when DB fails). Each check includes `latencyMs`; registry checks include counts. Rate limiter and request logging skip `/api/health`. 5 route-level unit tests cover ok/degraded/down transitions.
**Verification:** `tsc --noEmit` clean. `npx jest __tests__/health-check.test.ts` — 5/5 pass.
**Linked docs updated:** [[08 - Operations/Gatus Monitoring - Proposed Config]]
---
### 2026-05-28 — backend@19f7eb9, frontend@60ee6fb — Task #10: AML screening (Chainalysis, seller-paid, seller opt-in)
**Commits:** backend `441c8be``80ba046``19f7eb9` (2.6.46 → 2.6.47), frontend `717d5c8``b7540f5``60ee6fb` (2.6.46 → 2.6.47)
**Touched:**
- Backend: `src/services/payment/safety/amlProvider.ts`, `src/services/payment/safety/chainalysisProvider.ts`, `src/services/payment/safety/amlScreeningService.ts`, `src/services/payment/safety/transactionSafetyProvider.ts`, `src/services/payment/paymentCoordinator.ts`, `src/services/admin/amlConfigRoutes.ts`, `src/models/SellerOffer.ts`, `src/app.ts`, `.env.example`
- Frontend: `src/sections/request/components/seller-steps/step-1-send-proposal.tsx`, `src/types/marketplace.ts`
**Why:** Task #10 implementation. Chainalysis Public Sanctions API integration for seller-paid AML screening. Seller can opt-in per-offer via `requireAmlCheck` + `amlBlockOnFailure` toggles. `TransactionSafetyProvider` screens buyer source address after on-chain transfer verification. `paymentCoordinator` deducts `AML_CHECK_COST_USD` (default 0, API is free) from seller escrow on payment completion. Admin routes for AML config.
**Verification:** Frontend `tsc --noEmit` clean. Backend relevant tests pass (module resolution issues in unrelated test files).
**Linked docs updated:** [[02 - Data Models/SellerOffer]], [[03 - API Reference/Admin API]], [[04 - Flows/Escrow Flow]]
---
### 2026-05-28 — backend@441c8be, frontend@717d5c8 — Task #9: Per-chain confirmation thresholds + admin UI
**Commits:** backend `4a85737``441c8be` (2.6.47 → 2.6.48), frontend `0ebb2f1``717d5c8` (2.6.46 → 2.6.48)
**Touched:**
- Backend: `src/models/ConfigSetting.ts`, `src/services/payment/safety/confirmationThresholdService.ts`, `src/services/payment/safety/transactionSafetyProvider.ts`, `src/services/admin/confirmationThresholdRoutes.ts`, `src/services/admin/awaitingConfirmationRoutes.ts`, `src/app.ts`
- Frontend: `src/sections/admin/confirmation-thresholds/`, `src/sections/admin/payments-awaiting-confirmation/`, `src/actions/confirmation-thresholds.ts`, `src/routes/paths.ts`, `src/layouts/nav-config-dashboard.tsx`
**Why:** PRD §3 — Task #9 implementation. Runtime per-chain confirmation thresholds via `ConfigSetting` Mongo model with 30s in-memory cache. `TransactionSafetyProvider` now reads `getConfirmationThreshold(chainId)` instead of static env. Admin endpoints: `GET/PATCH /api/admin/settings/confirmation-thresholds`, `GET /api/admin/payments/awaiting-confirmation`. Frontend admin pages for threshold editing and awaiting-confirmation payment monitoring.
**Verification:** All 56 relevant backend tests green. Frontend `tsc --noEmit` clean.
**Linked docs updated:** [[03 - API Reference/Payment API]]
---
### 2026-05-28 — backend@4a85737, frontend@0ebb2f1 — Task #8: Multichain RN proxy registry + USDC/USDT support + Base fix + USDT fork test
**Commits:** backend `01b9ea0``ae17b18``4a85737` (2.6.45 → 2.6.47), frontend `0ebb2f1` (2.6.44 → 2.6.46)
**Touched:**
- Backend: `src/services/payment/requestNetwork/supportedChains.json`, `src/services/payment/requestNetwork/tokens.json`, `src/services/payment/requestNetwork/tokens.ts`, `src/services/payment/requestNetwork/proxyAddresses.ts`, `src/services/payment/requestNetwork/inHouseCheckout.ts`, `src/services/payment/requestNetwork/networkRegistryRoutes.ts`, `src/services/payment/wallets/sweepService.ts`, `src/app.ts`, `scripts/probe-rn-chains.ts`
- Frontend: `src/web3/config.ts`, `src/sections/payment/checkout/rn-in-house-checkout-view.tsx`, `src/sections/admin/networks/`, `src/app/dashboard/admin/networks/page.tsx`, `src/actions/network-registry.ts`, `src/routes/paths.ts`, `src/layouts/nav-config-dashboard.tsx`
**Why:** PRD §2 — Task #8 implementation. 5-chain registry (BSC, Arbitrum, Ethereum, Polygon, Base) with canonical RN ERC20FeeProxy addresses and per-chain USDC/USDT entries including Base. `tokens.ts` and `proxyAddresses.ts` now load from JSON files with admin reload capability. `buildInHouseCheckoutBlock` returns `unsupported_chain:<id>` for unknown chains. Frontend wagmi config expanded to include arbitrum + base. Per-chain explorer URLs in checkout view. USDT-mainnet `approve(0)` reset quirk handled in approve flow. New admin page `/dashboard/admin/networks` renders registry with reload button. New probe script `scripts/probe-rn-chains.ts` verifies proxy deployment on-chain.
**Verification:** All 58 relevant backend tests green (`rn-in-house-checkout`, `derived-destinations`, `sweep-service`, `request-template-orphan-cleanup`). Frontend `tsc --noEmit` clean.
**Linked docs updated:** [[03 - API Reference/Payment API]] (new `GET /api/admin/rn/networks` and `POST /api/admin/rn/networks/reload` endpoints)
---
### 2026-05-28 — backend@34f542e — Task #7 B: unit tests for derived-destinations + sweep-service + orphan-cleanup regression
**Commits:** backend `34f542e` (2.6.44 → 2.6.45)
**Touched:** `__tests__/derived-destinations.test.ts` (26 tests), `__tests__/sweep-service.test.ts` (18 tests), `__tests__/request-template-orphan-cleanup.test.ts` (2 tests)
**Why:** PRD item B — regression lock-in test suite for Task #7. Covers: `getDestinationFor` idempotency, E11000 race fallback, `validateXpub` rejection of xpriv/tprv/garbage, `deriveAddressAtIndex` determinism, `recordSweep` `$inc` accumulation (regression lock-in for item E), and orphan-payment cleanup provider filtering (regression lock-in for Gap 2 fix in 2.6.44).
**Verification:** All 46 tests green (`npx jest derived-destinations.test.ts sweep-service.test.ts request-template-orphan-cleanup.test.ts`).
**Linked docs updated:** [[08 - Operations/Handoff - Request Network In-House Checkout - 2026-05-28]]
---
### 2026-05-28 — backend@1889169, frontend@c44ed64 — Task #7 A verification fix: multi-checkout conversion + orphan-payment guard
**Commits:** backend `1889169` (2.6.43 → 2.6.44), frontend `c44ed64` (2.6.43 → 2.6.44)
**Touched:**
- Backend: `src/services/marketplace/RequestTemplateService.ts`
- Frontend: `src/sections/payment/checkout/rn-multi-checkout-view.tsx`
**Why:** A verification revealed two gaps: (1) `RnMultiCheckoutView.handleFinish` only navigated to payment list and never called `convertTemplatesToRequests`, so multi-seller carts never created PurchaseRequests; fixed by calling conversion with stashed cart items and navigating to the first created request. (2) Backend orphan-payment cleanup found ALL pending payments for the buyer and hard-deleted all but the first — fatal for multi-seller carts; fixed by restricting orphan query to `provider: 'shkeeper'` only so request.network payments retain their independent lifecycle.
**Verification:** Pushed to `integrate-main-into-development` on both repos — Woodpecker builds pending.
**Linked docs updated:** [[03 - API Reference/Payment API]]
---
### 2026-05-28 — backend@faf2221, frontend@022ecb6 — Task #7 derived destinations: sweep autostart, recordSweep fix, multi-seller checkout UX
**Commits:** backend `faf2221` (2.6.42 → 2.6.43), frontend `022ecb6` (2.6.42 → 2.6.43)
**Touched:**
- Backend: `src/app.ts`, `src/models/DerivedDestination.ts`, `src/models/Payment.ts`, `src/services/payment/requestNetwork/requestNetworkPayInService.ts`, `src/services/payment/wallets/derivedDestinations.ts`, `.env.example`
- Frontend: `src/sections/payment/checkout/rn-in-house-checkout-view.tsx`, `src/sections/request-template/request-template-checkout-payment.tsx`, `src/web3/components/multi-seller-provider-payment.tsx`, `src/sections/payment/checkout/rn-multi-checkout-view.tsx`, `src/app/checkout/request-network/multi/page.tsx`
**Why:** PRD items D/E/F + frontend cart-aware checkout (A). Auto-start sweep cron on boot; fix `recordSweep` to `$inc` totalSwept instead of `$setOnInsert`; widen Payment unique index to include `sellerOfferId` for multi-seller carts; add multi-seller checkout wrapper and wire into template + request flows.
**Verification:** Pushed to `integrate-main-into-development` on both repos — Woodpecker builds pending.
**Linked docs updated:** [[03 - API Reference/Payment API]] (derived-destination endpoints)
---
### 2026-05-28 — backend@e46be98, frontend@af77b3c — add nick-doc sync rule + version bumps
**Commits:** backend `e46be98` (2.6.24 → 2.6.25), frontend `af77b3c` (2.6.25 → 2.6.26)
**Touched:** `backend/AGENTS.md`, `frontend/AGENTS.md` (new), both `package.json` +
`package-lock.json`
**Why:** Establish a mandatory rule that every code push must be followed by a
nick-doc Activity Log entry (and relevant section updates) so the vault never
falls behind the code. Frontend AGENTS.md created from scratch (was missing).
**Verification:** Pushed to `integrate-main-into-development` on both repos —
Woodpecker builds pending.
**Linked docs updated:** This vault's `AGENTS.md` updated with the same rule.
**Note:** Backend (2.6.25) and frontend (2.6.26) are intentionally one patch
apart — backend was a version behind before this session. Should be re-aligned
on the next paired bump.
---
### 2026-05-28 — frontend@9d4aa37 — fix 429 request storm on template SWR hooks
**Commits:** `9d4aa37`
**Touched:** `src/actions/request-template.ts`
**Why:** Production browser showed repeated 429 (Too Many Requests) on
`/api/marketplace/request-templates/sellers`. Default SWR config was
revalidating on focus/reconnect and retrying on errors, making backend
rate-limit recover impossible without a restart.
**Verification:** Pushed, awaiting Woodpecker build. Visual confirmation on
dev.amn.gg after deploy.
**Linked docs updated:** none yet — SWR pattern should be promoted to
`07 - Development/Coding Standards.md` in a follow-up.
---
### 2026-05-28 — frontend@6c89444 — improve request template form debug feedback
**Commits:** `6c89444`
**Touched:** `src/sections/request-template/request-template-new-edit-form.tsx`
**Why:** Users could not tell why "ایجاد قالب" failed — validation errors
silently blocked submission, API errors collapsed to generic "خطایی رخ داده
است!", and the "انتشار" Switch in renderActions was visual-only.
**Verification:** Type-check passes via Docker build in prior session; manual
browser test pending.
**Linked docs updated:** none.
---
### 2026-05-27 — frontend@8c0f14d, ad498f4, f3a3c9d, bb72a66 — unblock 2.6.19 Docker build
**Commits:** `bb72a66` `f3a3c9d` `ad498f4` `8c0f14d`
**Touched:** `src/sections/request-template/request-template-checkout-payment.tsx`,
`src/web3/components/wallet-selector.tsx`, `tsconfig.json`, `src/types/payment.ts`
**Why:** Docker build was failing on TypeScript compilation after the
wallet-support + test-payment feature merge. Four distinct errors fixed:
User type uses `_id` not `id`; wallet-selector imported non-existent
`@/components/ui/dialog`; `@/*` path alias missing from tsconfig; IPayment
metadata type didn't allow test-payment fields.
**Verification:** Local `docker build` succeeded — image
`escrow-frontend:2.6.19` created.
**Linked docs updated:** none — should add SWR + UI library notes to
`07 - Development/Coding Standards.md`.
---
<!-- Add new entries above this line. Newest at top. -->