feat: implement employer notification preferences#7
Open
devSoniia wants to merge 245 commits into
Open
Conversation
…289#63) - Add ERR_SAME_PARTY (E010) constant to types.rs for consistent error codes - Use ERR_SAME_PARTY in validate_create_stream() instead of inline string - Update test to match new error code prefix
- Pre-deployment checklist (tests, keys, audit, XLM balance) - Step-by-step deploy commands for token and stream contracts - Post-deploy verification steps - Rollback procedure: pause+upgrade or revert to previous WASM
- Connect wallet via Freighter - Create stream, withdraw, query state with TypeScript examples - Error handling with PayStream error codes
- examples/javascript/stream.js — create stream, query state (Node.js) - examples/python/stream.py — create stream, query state (stellar-sdk) - examples/rust/stream.rs — create stream, query claimable (off-chain client) - examples/README.md — setup instructions and links - README.md — link examples/ and docs/integration/frontend.md
Closes Vera3289#101 — TypeScript SDK (sdk/ package) Closes Vera3289#102 — Freighter wallet integration Closes Vera3289#103 — Demo React app Closes Vera3289#104 — pollClaimable utility - sdk/: PayStreamClient wrapping all 10 contract functions with full TypeScript types; read-only calls via simulateTransaction, mutating calls return unsigned XDR for caller to sign and submit - sdk/src/freighter.ts: connectFreighter, getFreighterPublicKey, freighterSignTransaction, isFreighterConnected helpers; throws FreighterNotInstalledError with install link when extension absent - sdk/src/poll.ts: pollClaimable(client, streamId, intervalMs, cb) polls claimable() at a configurable interval, stops on unsubscribe, handles network errors gracefully - demo/: Vite + React app connecting to testnet; connect wallet, create stream, load stream by ID, live claimable balance (5 s poll), withdraw button for employee
…ounty - Add in-scope / out-of-scope sections - Add coordinated disclosure timeline table - Add bug bounty programme with severity/reward tiers - Retain existing audit table and security design notes - Reference threat-model.md and remediation.md Closes Vera3289#64
- 30+ terms defined covering streams, storage, Soroban, SEP-41, fees, etc. - Accessible to developers unfamiliar with Stellar - Linked from docs/api-reference.md Closes Vera3289#93
Audits all DataKey and TokenDataKey variants across both contracts. No PII found. Documents methodology, findings, and recommendations. Closes Vera3289#67
feat: TypeScript SDK, Freighter wallet, pollClaimable, and demo app
…ema-docs Issue Vera3289#87: add event schema reference documentation
…-audit Issue Vera3289#75: Fund-lock audit and recovery regression test
…ce-docs Issue Vera3289#97: add performance benchmark documentation
…nbook docs: add mainnet deployment runbook (Vera3289#86)
feat: add SDK usage examples in JS, Python, and Rust (Vera3289#95)
…ntegration docs: add frontend integration guide for JS/TS (Vera3289#91)
…-employee fix: reject stream creation when employer == employee (Vera3289#63)
- Add FeeBps and FeeRecipient variants to DataKey enum - Add PendingAdmin to DataKey (was missing, used by storage.rs) - Add get/set_fee_bps and get/set_fee_recipient storage helpers - Add set_protocol_fee admin function (0-100 bps, E011 if exceeded) - Deduct fee from withdrawal amount; send to fee_recipient - Fee of 0 disables the mechanism entirely - Fix broken use statement in test.rs and add missing imports - Add 5 tests: no fee default, 1% fee deduction, disable fee, above-max rejected (E011), non-admin rejected, 0.5% rounding Closes Vera3289#125
feat: add protocol fee mechanism
docs: storage audit — no PII in contract storage
docs: add glossary of PayStream and Stellar terms
docs: complete SECURITY.md with scope, disclosure timeline, and bug bounty
… quickstart (Vera3289#82), FAQ (Vera3289#88) - Vera3289#62: validate token address via try_balance SEP-41 probe in create_stream and create_streams_batch; reject invalid addresses with ERR_INVALID_TOKEN (E012) - Vera3289#69: add propose_employer_transfer + accept_employer_transfer for safe two-step stream ownership transfer; old employer loses control on acceptance - Vera3289#82: add docs/quickstart.md — zero to running local stream in <30 min - Vera3289#88: add docs/faq.md — 17 Q&A entries covering tokens, errors, testnet, employer transfer, fee estimation, and event indexing Also fix pre-existing compile errors and test bugs: - types.rs: remove duplicate MinDeposit DataKey; add FeeBps, FeeRecipient, PendingEmployer variants; add ERR_FEE_TOO_HIGH, ERR_INVALID_TOKEN, ERR_UNAUTHORIZED_TRANSFER constants - token/lib.rs: add missing mod storage and mod types declarations - test.rs: fix imports (testutils Address/Ledger traits), fix upgrade call signature, fix pause/cancel balance assertions, add set_min_deposit where needed, gate WASM-dependent upgrade tests behind wasm-tests feature flag All 44 tests pass.
…3289#108 Vera3289#109 Vera3289#110 Vera3289#111) - Vera3289#109: Dark mode via CSS custom properties; manual toggle button; respects prefers-color-scheme; persists choice in localStorage - Vera3289#110: Accessibility audit fixes — semantic HTML (header/main/section/ul/li), ARIA labels/roles/live regions, aria-invalid + aria-describedby on inputs, aria-pressed on toggle, aria-busy on async buttons, skip-to-content link, focus-visible ring, sr-only utility class - Vera3289#111: Stream creation form with client-side validation (deposit > 0, rate > 0, stop_time in future or 0); inline error messages; estimated stream duration hint; re-validates on every field change after first submit - Vera3289#108: Transaction history panel per stream via Horizon testnet API; paginated (10/page) with Load More; shows timestamp, type, amount Also fixes pre-existing SDK issues: - Replace non-existent @freighter-api/freighter-api npm dep with globalThis access (extension is injected at runtime, not installed via npm) - Fix stellar-sdk v13 import: SorobanRpc → rpc - Switch SDK tsconfig to ESNext/bundler module output for Vite compatibility
- Add .gitleaks.toml with Stellar-specific secret patterns (Vera3289#38) - Add .github/workflows/secret-scan.yml running gitleaks on push/PR (Vera3289#38) - Add scripts/pre-commit-hook.sh for local staged-file scanning (Vera3289#38) - Document pre-commit hook in CONTRIBUTING.md (Vera3289#38) - Add coverage job to CI using cargo-llvm-cov + Codecov upload (Vera3289#39) - Add PR coverage diff comment via lcov-reporter-action (Vera3289#39) - Add codecov badge to README (Vera3289#39) - Add .rustfmt.toml with project style settings (Vera3289#41) Closes Vera3289#38, Vera3289#39, Vera3289#41 Note: Vera3289#40 (clippy -D warnings) was already enforced in CI
Bumps [supertest](https://github.com/ladjs/supertest) from 6.3.4 to 7.2.2. - [Release notes](https://github.com/ladjs/supertest/releases) - [Commits](forwardemail/supertest@v6.3.4...v7.2.2) --- updated-dependencies: - dependency-name: supertest dependency-version: 7.2.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…/eslint-10.4.1 chore(deps-dev): bump eslint from 8.57.1 to 10.4.1
…/supertest-7.2.2 chore(deps-dev): bump supertest from 6.3.4 to 7.2.2
…/stellar-sdk-13.3.0 chore(deps): bump stellar-sdk from 11.3.0 to 13.3.0
…ts-manager-3.1057.0
…/aws-sdk/client-secrets-manager-3.1057.0 chore(deps): bump @aws-sdk/client-secrets-manager from 3.1056.0 to 3.1057.0
…/demo/vite-8.0.14 chore(deps-dev): bump vite from 5.4.21 to 8.0.14 in /demo
…/demo/vitejs/plugin-react-6.0.2 chore(deps-dev): bump @vitejs/plugin-react from 4.7.0 to 6.0.2 in /demo
Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) from 29.7.0 to 30.4.2. - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest) --- updated-dependencies: - dependency-name: jest dependency-version: 30.4.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…/jest-30.4.2 chore(deps-dev): bump jest from 29.7.0 to 30.4.2
Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.6.1 to 17.4.2. - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v16.6.1...v17.4.2) --- updated-dependencies: - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [react](https://github.com/facebook/react/tree/HEAD/packages/react) and [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react). These dependencies needed to be updated together. Updates `react` from 18.3.1 to 19.2.6 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react) Updates `@types/react` from 18.3.28 to 19.2.15 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) --- updated-dependencies: - dependency-name: "@types/react" dependency-version: 19.2.15 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: react dependency-version: 19.2.6 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) and [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom). These dependencies needed to be updated together. Updates `react-dom` from 18.3.1 to 19.2.6 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react-dom) Updates `@types/react-dom` from 18.3.7 to 19.2.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom) --- updated-dependencies: - dependency-name: "@types/react-dom" dependency-version: 19.2.3 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: react-dom dependency-version: 19.2.6 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [helmet](https://github.com/helmetjs/helmet) from 7.2.0 to 8.2.0. - [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md) - [Commits](helmetjs/helmet@v7.2.0...v8.2.0) --- updated-dependencies: - dependency-name: helmet dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…/demo/multi-bb2efd036b chore(deps): bump react-dom and @types/react-dom in /demo
…/sdk/typescript-6.0.3 chore(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /sdk
…/demo/multi-e2615a3a50 chore(deps): bump react and @types/react in /demo
…/sdk/stellar/stellar-sdk-15.1.0 chore(deps): bump @stellar/stellar-sdk from 13.3.0 to 15.1.0 in /sdk
…/helmet-8.2.0 chore(deps): bump helmet from 7.2.0 to 8.2.0
…ns/codecov/codecov-action-6 chore(deps): bump codecov/codecov-action from 4 to 6
…/dotenv-17.4.2 chore(deps): bump dotenv from 16.6.1 to 17.4.2
…ns/softprops/action-gh-release-3 chore(deps): bump softprops/action-gh-release from 2 to 3
…ns/aquasecurity/trivy-action-0.36.0 chore(deps): bump aquasecurity/trivy-action from 0.28.0 to 0.36.0
…ns/actions/cache-5 chore(deps): bump actions/cache from 4 to 5
…ns/github/codeql-action-4 chore(deps): bump github/codeql-action from 3 to 4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds backend module for employer notification preferences with CRUD endpoints and per-event-type toggles.
Changes
backend/src/notifications.rs— core data model and storeNotificationPreferencewithemail/webhookchannelsEventTogglesmap for per-event-type enable/disableNotificationStorewith create, list, get, update, delete, unsubscribebackend/README.md— endpoint reference and usage examplesAcceptance Criteria
unsubscribe_token)Closes Vera3289#261