Full-codebase-audit 2026-05-30 outputs: - Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md - 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer). - Scanner docs from scratch (was zero): architecture, data model, API ref, payment flow, operations runbook + repo README. - Doc-sync updates across API reference, data models, flows, design system. - Secret Rotation Runbook (08 - Operations) for the exposed credentials. - Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js. Issues remain status:open intentionally — the code fixes are uncommitted-then-committed working-tree changes per repo and aren't "resolved" until merged/deployed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1.5 KiB
1.5 KiB
issue, title, severity, domain, labels, status, created, source
| issue | title | severity | domain | labels | status | created | source | |||
|---|---|---|---|---|---|---|---|---|---|---|
| 065 | Backend: RN webhook advances PurchaseRequest to non-existent 'funded' status | high | Payment |
|
open | 2026-05-30 | Full Codebase Audit 2026-05-30 |
Backend: RN webhook advances PurchaseRequest to non-existent 'funded' status
Severity: high Domain: Payment Labels: bug, backend, state-machine
Description
src/services/payment/request-network/requestNetworkWebhook.ts:123 sets PurchaseRequest.status = 'funded' when a payment is confirmed. 'funded' does not exist in STATUS_PROGRESSION_ORDER or the status enum. The update is silently dropped by Mongoose, leaving the purchase request in its old status and breaking downstream state transitions.
Options
- Use the canonical
'processing'status that exists inSTATUS_PROGRESSION_ORDER. - Add
'funded'as a real status across progression and transition maps. - Route through the same
propagatePaymentCompletionpath the new flow uses.
Recommendation
Replace 'funded' with the canonical status used by the current completion flow (likely 'processing'), keeping the escrow.funded flag if needed. This is a state-machine decision — verify the intended state after on-chain funding confirmation.
Affected Files
backend/src/services/payment/request-network/requestNetworkWebhook.ts:123
References
- Full Codebase Audit 2026-05-30 — DEC-31