Spaces:

nexusbert
/

zurri

Runtime error

App Files Files Community

nexusbert commited on Nov 4, 2025

Commit

90f2b51

1 Parent(s): 4a31a72

push docs

Browse files

Files changed (2) hide show

DEVELOPMENT_LOG.md +82 -8
TODO_BUSINESS_MODEL.md +286 -0

DEVELOPMENT_LOG.md CHANGED Viewed

@@ -69,12 +69,16 @@ Zurri is an AI Agents Marketplace platform with a chat protocol, wallet point sy
   - Verification status
 - [x] Creator dashboard endpoints (overview, earnings)
 - [x] Earnings tracking with time-series data
 ### ✅ Admin Dashboard
 - [x] Admin authentication middleware
 - [x] Admin overview endpoint with platform statistics
 - [x] Platform metrics (users, agents, messages, points volume)
 - [x] Date range filters
 ### ✅ IPFS Integration (Pinata)
 - [x] Pinata SDK integration
@@ -91,14 +95,23 @@ Zurri is an AI Agents Marketplace platform with a chat protocol, wallet point sy
 - [x] Example values
 ### ✅ Security & Best Practices
-- [x] JWT authentication
-- [x] Password hashing (bcrypt)
-- [x] CORS configuration
-- [x] Helmet security headers
-- [x] Rate limiting
-- [x] Input validation
-- [x] Error handling
 - [x] Environment variable management
 ### ✅ Deployment
 - [x] Dockerfile for Hugging Face Spaces
@@ -116,10 +129,50 @@ Zurri is an AI Agents Marketplace platform with a chat protocol, wallet point sy
 - Exchange rate management operational
 - Complete API documentation
 - Docker deployment ready
 ### 🔄 In Progress
 - None
 ### 📋 Next Milestone: Frontend Development
 The frontend will be built in a separate milestone. The backend is ready to serve API requests.
@@ -129,6 +182,9 @@ The frontend will be built in a separate milestone. The backend is ready to serv
 - `POST /api/auth/register` - User registration
 - `POST /api/auth/login` - User login
 - `GET /api/auth/me` - Get current user profile
 ### Creator Authentication
 - `POST /api/creator-auth/register` - Creator registration
@@ -218,5 +274,23 @@ The frontend will be built in a separate milestone. The backend is ready to serv
 - Frontend development will be done in a separate milestone
 - Backend is production-ready and deployed on Hugging Face Spaces
 ## Last Updated
-2024-01-15

   - Verification status
 - [x] Creator dashboard endpoints (overview, earnings)
 - [x] Earnings tracking with time-series data
+- [x] Total points earned tracking (gross earnings)
 ### ✅ Admin Dashboard
 - [x] Admin authentication middleware
 - [x] Admin overview endpoint with platform statistics
 - [x] Platform metrics (users, agents, messages, points volume)
 - [x] Date range filters
+- [x] Admin payment exemption for testing unapproved agents
+- [x] Admin can test pending/rejected agents without payment
+- [x] Admin test transactions tracked separately (ADMIN_TEST type)
 ### ✅ IPFS Integration (Pinata)
 - [x] Pinata SDK integration
 - [x] Example values
 ### ✅ Security & Best Practices
+- [x] JWT authentication with enhanced validation
+- [x] Password hashing (bcrypt, 12 rounds)
+- [x] Password strength validation (8+ chars, uppercase, lowercase, number, special char)
+- [x] Forgot password functionality with secure reset tokens
+- [x] Password reset with token expiration (1 hour)
+- [x] Change password endpoint for authenticated users
+- [x] Account lockout after 5 failed login attempts (30-minute lockout)
+- [x] Failed login attempt tracking
+- [x] CORS configuration with origin validation
+- [x] Helmet security headers (CSP, HSTS, XSS protection, frame guard)
+- [x] Rate limiting (general API, auth endpoints, password reset)
+- [x] Input sanitization (XSS prevention)
+- [x] Request size validation
+- [x] Request logging
+- [x] Error handling with secure messages
 - [x] Environment variable management
+- [x] Trust proxy configuration for rate limiting
 ### ✅ Deployment
 - [x] Dockerfile for Hugging Face Spaces
 - Exchange rate management operational
 - Complete API documentation
 - Docker deployment ready
+- Security enhancements (password reset, account lockout, rate limiting)
+- Admin testing capabilities (no payment for unapproved agents)
 ### 🔄 In Progress
 - None
+### 📋 Pending: Business Model Implementation
+#### Payout System & Commission Model
+The following features need to be implemented to complete the business model:
+1. **Platform Commission System**
+   - [ ] Configure platform commission percentage (e.g., 20-30%)
+   - [ ] Store commission rate in environment variables or database
+   - [ ] Calculate creator earnings after platform cut
+   - [ ] Track platform revenue separately
+2. **Creator Earnings Calculation**
+   - [ ] Update earnings endpoints to show net earnings (after platform cut)
+   - [ ] Track gross vs net earnings per transaction
+   - [ ] Calculate platform revenue from each transaction
+   - [ ] Display earnings breakdown (gross, platform fee, net)
+3. **Payout System**
+   - [ ] Create Payout entity (pending, processing, completed, failed)
+   - [ ] Payout request endpoint for creators
+   - [ ] Minimum payout threshold (e.g., $10 or 200 points)
+   - [ ] Payout approval workflow (admin approval)
+   - [ ] Payout processing (manual or automated via Paystack transfers)
+   - [ ] Payout history for creators
+   - [ ] Payout management for admins
+4. **Financial Tracking**
+   - [ ] Track platform revenue (total commission earned)
+   - [ ] Track creator payouts (total paid out)
+   - [ ] Track pending payouts
+   - [ ] Financial reporting for admins
+5. **Integration Requirements**
+   - [ ] Paystack transfer API integration for automated payouts
+   - [ ] Bank account verification for creators
+   - [ ] Tax document handling (if required)
+   - [ ] Payout notifications (email/webhook)
 ### 📋 Next Milestone: Frontend Development
 The frontend will be built in a separate milestone. The backend is ready to serve API requests.
 - `POST /api/auth/register` - User registration
 - `POST /api/auth/login` - User login
 - `GET /api/auth/me` - Get current user profile
+- `POST /api/auth/forgot-password` - Request password reset
+- `POST /api/auth/reset-password` - Reset password with token
+- `POST /api/auth/change-password` - Change password (authenticated)
 ### Creator Authentication
 - `POST /api/creator-auth/register` - Creator registration
 - Frontend development will be done in a separate milestone
 - Backend is production-ready and deployed on Hugging Face Spaces
+## Recent Updates
+### Security Enhancements (2024-11-04)
+- Implemented comprehensive password security (strength validation, reset flow)
+- Added account lockout after failed login attempts
+- Enhanced rate limiting for authentication endpoints
+- Added input sanitization and XSS protection
+- Configured trust proxy for rate limiting behind proxies
+### Admin Features (2024-11-04)
+- Admins can test unapproved agents without payment
+- Admin test transactions tracked separately
+- Admin can view history for any agent status
+### Business Model (Pending)
+- Commission system and payout infrastructure planned
+- See `TODO_BUSINESS_MODEL.md` for detailed implementation plan
 ## Last Updated
+2024-11-04

TODO_BUSINESS_MODEL.md ADDED Viewed

	@@ -0,0 +1,286 @@

+# Business Model Implementation TODOs
+## Overview
+This document outlines the remaining tasks to implement the complete business model for Zurri, including platform commission, creator payouts, and financial tracking.
+## Platform Commission System
+### 1. Commission Configuration
+- [ ] **Environment Variable**: Add `PLATFORM_COMMISSION_PERCENTAGE` (default: 20%)
+- [ ] **Database Config**: Optionally store commission rate in database for dynamic changes
+- [ ] **Commission Service**: Create `CommissionService` to calculate:
+  - Platform commission from transaction
+  - Creator net earnings
+  - Platform revenue
+### 2. Transaction Updates
+- [ ] **Modify Transaction Entity**: Add fields for commission tracking:
+  - `platformCommission` (decimal) - Points taken as commission
+  - `creatorEarnings` (decimal) - Points earned by creator (net)
+  - `grossAmount` (decimal) - Total points charged (already exists as `amount`)
+- [ ] **Update WalletService.chargeForTask()**:
+  - Calculate commission when charging user
+  - Store commission and creator earnings in transaction
+  - Track creator earnings separately
+### 3. Earnings Calculation
+- [ ] **Update CreatorController.earnings()**:
+  - Show net earnings (after commission)
+  - Show platform fee breakdown
+  - Show gross earnings for reference
+- [ ] **Update CreatorController.overview()**:
+  - Display gross earnings, platform fee, net earnings
+  - Show pending payout amount
+  - Show total paid out
+## Payout System
+### 4. Payout Entity
+- [ ] **Create Payout Entity**:
+  ```typescript
+  - id: UUID
+  - creatorId: string (FK to User)
+  - amount: decimal (points to payout)
+  - amountInCurrency: decimal (converted to preferred currency)
+  - currency: string (USD, NGN, etc.)
+  - status: enum (pending, processing, completed, failed, cancelled)
+  - payoutMethod: enum (bank_transfer, wallet_address)
+  - bankAccount?: jsonb (if bank transfer)
+  - walletAddress?: string (if crypto)
+  - paymentReference?: string (Paystack transfer reference)
+  - processedAt?: Date
+  - processedBy?: string (Admin user ID)
+  - failureReason?: string
+  - metadata?: jsonb
+  - createdAt: Date
+  - updatedAt: Date
+  ```
+### 5. Payout Endpoints
+#### Creator Endpoints
+- [ ] **POST /api/creators/payouts/request**
+  - Request payout (minimum threshold check)
+  - Validate payout method (bank account or wallet)
+  - Create pending payout record
+  - Deduct from creator's available earnings
+- [ ] **GET /api/creators/payouts**
+  - List creator's payout history
+  - Filter by status, date range
+  - Pagination
+- [ ] **GET /api/creators/payouts/:id**
+  - Get payout details
+#### Admin Endpoints
+- [ ] **GET /api/admin/payouts**
+  - List all pending/completed payouts
+  - Filter by status, creator, date range
+  - Pagination
+- [ ] **POST /api/admin/payouts/:id/approve**
+  - Approve payout
+  - Initiate Paystack transfer (if automated)
+  - Update payout status
+- [ ] **POST /api/admin/payouts/:id/reject**
+  - Reject payout with reason
+  - Return earnings to creator's available balance
+- [ ] **POST /api/admin/payouts/:id/process**
+  - Mark payout as processing
+  - For manual processing workflows
+- [ ] **GET /api/admin/payouts/stats**
+  - Total pending payouts
+  - Total paid out (all time)
+  - Payouts by status
+### 6. Payout Service
+- [ ] **Create PayoutService**:
+  - `calculateAvailableEarnings(userId)` - Calculate creator's available balance
+  - `requestPayout(userId, amount, method)` - Create payout request
+  - `processPayout(payoutId, adminId)` - Process approved payout
+  - `processPaystackTransfer(payout)` - Automated transfer via Paystack
+  - `validatePayoutMethod(creator, method)` - Validate bank account/wallet
+  - `checkMinimumThreshold(amount)` - Verify minimum payout amount
+### 7. Payout Processing
+- [ ] **Manual Processing**:
+  - Admin reviews and approves payout
+  - Admin initiates bank transfer manually
+  - Admin marks as completed
+- [ ] **Automated Processing**:
+  - Integrate Paystack Transfer API
+  - Auto-initiate transfer on approval
+  - Webhook handling for transfer status
+  - Retry logic for failed transfers
+### 8. Payout Configuration
+- [ ] **Environment Variables**:
+  - `MINIMUM_PAYOUT_POINTS` (default: 200 points = $10)
+  - `PAYOUT_ENABLED` (boolean)
+  - `PAYSTACK_TRANSFER_ENABLED` (boolean)
+  - `PAYSTACK_TRANSFER_SOURCE` (balance, account)
+## Financial Tracking
+### 9. Platform Revenue Tracking
+- [ ] **Create PlatformRevenue Entity** (optional) or use Transaction aggregation:
+  - Track total commission earned
+  - Track by time period (daily, monthly, yearly)
+  - Track by agent/category
+- [ ] **Admin Dashboard Updates**:
+  - Total platform revenue
+  - Commission breakdown
+  - Revenue trends (charts)
+  - Top revenue-generating agents
+### 10. Creator Financial Dashboard
+- [ ] **Enhanced Earnings Display**:
+  - Gross earnings (total points earned)
+  - Platform fee (commission deducted)
+  - Net earnings (available for payout)
+  - Pending payout amount
+  - Total paid out (all time)
+  - Next payout date (if scheduled)
+### 11. Transaction Metadata
+- [ ] **Update Transaction Metadata**:
+  - Store commission breakdown in metadata
+  - Store creator earnings in metadata
+  - Store payout information (if applicable)
+## Integration Requirements
+### 12. Paystack Transfer API
+- [ ] **Paystack Transfer Integration**:
+  - Single transfer endpoint
+  - Bulk transfer endpoint (for batch payouts)
+  - Transfer recipient management
+  - Transfer status webhooks
+  - Error handling and retry logic
+- [ ] **Recipient Management**:
+  - Create transfer recipient (bank account)
+  - Verify recipient details
+  - Store recipient codes
+### 13. Bank Account Verification
+- [ ] **Bank Account Validation**:
+  - Verify account number with bank code (Paystack)
+  - Validate account name matches
+  - Store verified account details
+  - Re-verification on payout requests
+### 14. Currency Conversion
+- [ ] **Payout Currency Conversion**:
+  - Convert points to creator's preferred currency
+  - Use current exchange rates
+  - Display in both points and currency
+  - Handle currency fluctuations
+## Security & Compliance
+### 15. Payout Security
+- [ ] **Rate Limiting**: Limit payout requests per creator
+- [ ] **Verification**: Require verified creator profile for payouts
+- [ ] **Audit Trail**: Log all payout actions (create, approve, process, reject)
+- [ ] **Admin Authorization**: Require admin role for payout processing
+- [ ] **Payout Limits**: Maximum payout amount per request/period
+### 16. Tax & Compliance
+- [ ] **Tax ID Collection**: Already in CreatorProfile
+- [ ] **Tax Reporting**: Generate tax reports (if needed)
+- [ ] **KYC Verification**: Link payout eligibility to verification status
+- [ ] **Document Verification**: Verify ID documents before first payout
+## Database Migrations
+### 17. Schema Updates
+- [ ] **Transaction Table**:
+  - Add `platformCommission` column
+  - Add `creatorEarnings` column
+  - Add migration for existing transactions
+- [ ] **Payout Table**:
+  - Create `payouts` table
+  - Add indexes (creatorId, status, createdAt)
+  - Add foreign keys
+- [ ] **Platform Revenue Table** (optional):
+  - Create `platform_revenue` table for aggregated tracking
+## Testing
+### 18. Unit Tests
+- [ ] Test commission calculation
+- [ ] Test payout request validation
+- [ ] Test minimum threshold checks
+- [ ] Test currency conversion
+- [ ] Test payout status transitions
+### 19. Integration Tests
+- [ ] Test Paystack transfer integration
+- [ ] Test payout approval workflow
+- [ ] Test payout rejection and refund
+- [ ] Test earnings calculation accuracy
+## Documentation
+### 20. API Documentation
+- [ ] Swagger documentation for all payout endpoints
+- [ ] Payout flow documentation
+- [ ] Commission calculation examples
+- [ ] Paystack transfer setup guide
+### 21. Business Rules Documentation
+- [ ] Commission percentage explanation
+- [ ] Payout minimum threshold
+- [ ] Payout processing timeframes
+- [ ] Payout method requirements
+## Priority Order
+### Phase 1: Core Business Model (High Priority)
+1. Commission calculation and tracking
+2. Update earnings endpoints with net/gross breakdown
+3. Payout entity creation
+4. Basic payout request endpoint
+### Phase 2: Payout Processing (Medium Priority)
+5. Admin payout approval
+6. Manual payout processing
+7. Payout history and tracking
+### Phase 3: Automation (Lower Priority)
+8. Paystack transfer integration
+9. Automated payout processing
+10. Bulk payout support
+### Phase 4: Advanced Features (Future)
+11. Scheduled payouts
+12. Advanced financial reporting
+13. Tax document generation
+14. Multi-currency support enhancements
+## Estimated Implementation Time
+- **Phase 1**: 2-3 days
+- **Phase 2**: 2-3 days
+- **Phase 3**: 3-4 days
+- **Phase 4**: 5-7 days
+**Total**: ~12-17 days for complete business model implementation
+## Notes
+- Commission percentage should be configurable (start with 20-30%)
+- Minimum payout should be reasonable (e.g., $10 or 200 points)
+- Payout processing can start manual, then automate later
+- Consider payout scheduling (weekly, monthly) for efficiency
+- Track all financial data for accounting and reporting