feat: core fund flow hardening — atomicity, idempotency, insider threat controls, polyglot event handling#27
Conversation
…at, polyglot events - Fix 17 non-atomic balance updates across routers.ts, stablecoinEnhanced.ts, propertyEscrow.ts, temporal/activities.ts (SQL CAST with WHERE guard) - Add coreAtomicity middleware: idempotency cache (24h TTL), TigerBeetle double-entry, Kafka event publishing for 10 fund flow topics - Add insiderThreat middleware: maker-checker (dual auth >0K), geo+time fencing, DLP, JIT access, WebAuthn support - Wire idempotency to wallet.topup, savings.deposit, bills.pay, airtime.topup - Wire insider threat controls to CBDC transfer and batch.process - Go Kafka service: 10 new core fund flow topic consumers with CoreFundFlowEvent struct - Rust stablecoin bridge: /verify/fund-flow endpoint with 5-check validation - Python anomaly detector: /detect/fund-flow endpoint with velocity/outlier/rapid detection - 36 vitest tests covering all changes (0 TypeScript errors) Co-Authored-By: Patrick Munis <pmunis@gmail.com>
Original prompt from Patrick
|
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
…bypass Co-Authored-By: Patrick Munis <pmunis@gmail.com>
Testing Results — PR #27: Core Fund Flow HardeningSession: https://app.devin.ai/sessions/64d054ae77da41e9a2b74d8593fa635c Summary: 78/78 tests passed, 1 bug found and fixed
Phase 1-2: Baseline VerificationVitest (36 assertions across 9 test suites):
TypeScript compilation: Phase 3: Adversarial Boundary Tests (23 assertions)Maker-Checker exact boundaries:
Geo+Time fencing boundaries:
DLP rate limiting:
JIT access daily limit:
Idempotency cache:
Negative pattern verification:
Cross-service topic consistency:
Phase 4: Python Anomaly Detection (19 assertions)Standalone test replicating
Phase 5: Go/Rust Structural VerificationGo Kafka service (
Rust bridge (
Bug Found and FixedJIT grant ID timestamp collision (
|
Summary
Hardens all remaining fund flow paths that bypassed the atomicity/safety middleware added in PRs #21-#26. Three new middleware modules + polyglot service updates across Go, Rust, and Python.
Non-atomic balance fixes (17 occurrences)
Replaced all JS-arithmetic balance updates (
String(Number(balance) - amount)) with atomic SQL:Files:
routers.ts(CBDC transfer/receive, stablecoin swap),stablecoinEnhanced.ts(10 debit paths),propertyEscrow.ts(5 escrow operations),temporal/activities.ts(2 saga activities).New middleware:
server/middleware/coreAtomicity.tsgenerateIdempotencyKey(userId, op, ...args)→ deterministic SHA-256checkIdempotency(key)/storeIdempotency(key, result)→ 24h TTL cacherecordCoreDoubleEntry(params)→ TigerBeetle ledger (DB fallback)publishCoreEvent(topic, key, event)→ Kafka audit trailauditCoreOperation(params)→ orchestrates all threeCORE_TOPICS— 10 new Kafka topics for savings, CBDC, bills, airtime, batch, wallet, stablecoinNew middleware:
server/middleware/insiderThreat.tsrequiresMakerChecker(amount, action)→ dual auth for ops >$10K (2 approvers >$100K)checkGeoTimeFence({countryCode, utcHour})→ CA/NG/US/GB/KE/GH/ZA, Mon-Fri 6AM-10PM UTCcheckDlpAccess(userId, records)→ 100 records/query cap, 50 queries/hourrequestJitAccess(userId, reason)→ 2h max, 3/day, auto-revokeRouter wiring
wallet.topup,savings.deposit,bills.pay,airtime.topup→ idempotency guardtransfer→ insider threat check (maker-checker + geo-fence) +auditCoreOperationbatch.process→ insider threat check + per-payment execution with balance deductionPolyglot services
AllTopics,CoreFundFlowEventstruct,coreFundFlowHandlerregistered for all topicsPOST /verify/fund-flow— 5-check validation (amount_range, known_feature, valid_status, timestamp_present, user_id_positive) with risk assessmentPOST /detect/fund-flow— velocity spike, high-value, amount outlier, rapid-same-op detection;GET /fund-flow/topicsmetadataTests
36 vitest assertions: middleware unit tests, file-level verification of SQL CAST patterns, idempotency wiring, insider threat wiring, Go/Rust/Python structural checks,
auditCoreOperationintegration.npx tsc --noEmit→ 0 errors.Link to Devin session: https://app.devin.ai/sessions/64d054ae77da41e9a2b74d8593fa635c
Requested by: @munisp