Skip to content

feat: add fund-escrow endpoint for the two-step commitment flow#532

Merged
1nonlypiece merged 1 commit into
Commitlabs-Org:masterfrom
AYOMI-cmd:feature/fund-escrow-endpoint
May 28, 2026
Merged

feat: add fund-escrow endpoint for the two-step commitment flow#532
1nonlypiece merged 1 commit into
Commitlabs-Org:masterfrom
AYOMI-cmd:feature/fund-escrow-endpoint

Conversation

@AYOMI-cmd
Copy link
Copy Markdown
Contributor

@AYOMI-cmd AYOMI-cmd commented May 27, 2026

Closes #446

Summary

Implements the backend support required for the two-step commitment flow where a commitment is created first and then funded separately.

  • Added fundEscrowOnChain to src/lib/backend/services/contracts.ts
  • Added POST /api/commitments/[id]/fund in src/app/api/commitments/[id]/fund/route.ts
  • Added end-to-end route tests in tests/api/commitments-fund.test.ts
  • Updated commitment status filtering to include CREATED in src/app/api/commitments/search/route.ts
  • Added API documentation in docs/backend-api-reference.md
  • Added CSRF documentation entry in docs/backend-session-csrf.md
  • Added security checklist coverage in docs/backend-security-checklist.md
  • Added OpenAPI schema for the new endpoint in openapi.yaml

Behavior

  • Only CREATED commitments can be funded.
  • Ownership is validated: funding must be performed by the commitment owner.
  • The route enforces CSRF protection for browser-originated mutations.
  • The route supports Idempotency-Key to safely retry or deduplicate submissions.
  • Commitment cache entries are invalidated after a successful fund transaction.

Files Changed

  • src/lib/backend/services/contracts.ts
  • src/app/api/commitments/[id]/fund/route.ts
  • tests/api/commitments-fund.test.ts
  • src/app/api/commitments/search/route.ts
  • docs/backend-api-reference.md
  • docs/backend-session-csrf.md
  • docs/backend-security-checklist.md
  • openapi.yaml

Testing Notes

  • Added route tests for:
    • rejecting funding when commitment status is not CREATED
    • rejecting funding when the caller is not the owner
    • successful owner-funded CREATED commitment funding
  • Editor diagnostics for the modified files report no errors.

@vercel
Copy link
Copy Markdown

vercel Bot commented May 27, 2026

@AYOMI-cmd is attempting to deploy a commit to the 1nonly's projects Team on Vercel.

A member of the Team first needs to authorize it.

@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented May 27, 2026

@AYOMI-cmd Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@1nonlypiece 1nonlypiece merged commit 67cab92 into Commitlabs-Org:master May 28, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Backend - Add fund-escrow endpoint to back the two-step create-then-fund flow

2 participants

@AYOMI-cmd @1nonlypiece