Changelog

YANICoin positionné comme monnaie native de l’économie agentique (A2A / H2A / A2M)

Ajout d'une section dédiée 'Monnaie des agents' sur /docs/technology/yanicoin : YaniPay opère trois rails de paiement — Humain-to-Humain (B2C, B2B), Humain-to-Agent (délégation IA, limites signées, audit RGPD) et Agent-to-Agent (transactions automatiques entre agents d'entreprises, règlement on-chain instantané). YANICoin est conçu pour le volume et la fréquence des échanges machine : fees < 0,001 €, finalité 6 s, smart contracts YaniEscrow / YaniAllowance / YaniStream pour transactions conditionnelles, streaming payments et micropaiements. Compatible ERC-4337 (account abstraction) pour wallets agents.

Sprint S6.26 — webhooks utilisateurs signés HMAC + job templates + toasts SSE

UserWebhook + JobTemplate Prisma models. lib/webhooks.ts avec dispatchWebhook() best-effort, signature HMAC SHA-256 dans header X-Yani-Signature, événements job-done/job-failed/share-received. 5 routes CRUD : POST/GET /api/webhooks, PATCH/DELETE /api/webhooks/[id], POST/GET /api/job-templates, DELETE /api/job-templates/[id]. /api/notifications/stream (Server-Sent Events) pour toasts in-app temps réel. ToastContainer global monté dans le layout dashboard, 4 niveaux (info/success/warning/error), max 3 visibles, auto-dismiss 6s. Dispatch non-bloquant dans POST /api/jobs/[id]/done.

EPIC e-invoicing reform 2026 — doctrine OD compatible via Pennylane PDP

Ouverture du backlog compliance : YaniPay devient OD (Opérateur de Dématérialisation) compatible, transmission via Pennylane PDP (Plateforme Agréée AIFE/DGFiP, immatriculation définitive déc. 2025). Pas de candidature PDP YaniPay direct (Phase 2 conditionnée à ≥ 80K factures/mois Q4 2027). Deadline réception obligatoire : 1ᵉʳ septembre 2026 (loi 2022-1157 art. 26). 5 sprints W20→W35 et 17 tasks couvrant Prisma Factur-X migration, TVA multi-taux, signature XAdES-EPES, archivage NF Z42-013 SecNumCloud (10 ans), e-reporting B2C cron, webhook Pennylane, AIPD CNIL et registre RGPD art. 30.

Skill cheatsheets + transcripts veille IA + log Sprint S5.3

6 nouveaux references/cheatsheet.md (api-explorer, banking-expert, explorer-mcp, fintech-banking, fintech-engineer, start-orchestrator). 2 PDFs veille agentic (Meydeey-Index, VisionIA-FR). Sprint log S5.3 Y.A.N.I.AI Chat (Sidebar + Composer + RightPanel, port Kiro v3.0).

Purge logs analytics + webhook events runtime

Suppression de 2 700+ fichiers logs/analytics_events/*, logs/webhook_events/*, logs/agent_*. Scripts macOS scripts/apple-intelligence-toggle.sh + scripts/macos-minimal-mode.sh pour mitigation kernel panics MacBook Air M1 8 GB liés à Apple Intelligence. Refresh inventaires .claude/docs/icon-system.md (769 lignes) et tools/skills/data/inventory.json.

Alignement de 5 endpoints loyalty dans loyaltyStore.ts

GET /catalog/programs → GET /loyalty/catalog ; POST /loyalty/subscribe → POST /loyalty/enroll/{programId} ; DELETE /loyalty/cards/{id} → DELETE /loyalty/enroll/{programId} ; enrolled programs route corrigée vers /loyalty/programs ; fetchStatus unwrap de l'envelope { success, data } corrigé.

Specification OpenAPI 3.0.3 creee — 38 paths, 43 operations

Fichier docs/api/openapi-v1.yaml genere : couverture complete de l'API mobile, authentification JWT Bearer, schemas de requetes/reponses, exemples d'erreurs standardises.

seed-enrich.ts — backfill accountId couvre null ET chaine vide

La condition de backfill couvrait uniquement les valeurs null. Correction pour inclure les chaines vides ("") afin d'eviter les enregistrements orphelins en base de donnees.

20+ CVEs patches via pnpm overrides

Vulnerabilites corriges : effect, hono, axios, tar, ajv, minimatch, yaml, brace-expansion, picomatch, @xmldom/xmldom. Aucune breaking change — overrides transparents pour les consommateurs directs.

T19+T20+T21 — Zod, rate limiting renforcé, IBAN masqué

Validation Zod ajoutee sur les routes sensibles (auth, KYC, paiements). Rate limiting renforcé : authRateLimit 5/15min, strictRateLimit 10/min. IBAN masque dans les reponses API — affiche uniquement les 4 derniers chiffres.

T17+T18 — Audit logs RGPD/LCB-FT et rate limiting conformite

Audit logs ajoutes pour la tracabilite reglementaire RGPD et LCB-FT : chaque action sensible (KYC, paiement, carte, connexion) est tracee avec horodatage, userId et metadata. Rate limiting renforce sur les endpoints de conformite.

Durcissement Docker production — read_only, no-new-privileges, reseau isole

read_only: true sur tous les containers (app, db, redis). no-new-privileges: true bloque l'escalade via setuid/setgid. Reseau dedie yanipay-network pour isoler les containers. tmpfs pour les répertoires temporaires necessaires.

Y.A.N.I. agent upgraded to v3.0 with 5 AI services

SystemPromptEngine (dynamic prompts), RAGKnowledgeService (vector search), MCPClientService (37 tool awareness), RecommendationEngine (ML personalization), ConversationMemoryService (session history with topic extraction).

15 smart contracts deployed and verified on Sepolia

Core (YANICoin, Staking, Governor, Timelock, ICO, Vesting) + DeFi (DEX AMM, LP Token, Lending, Flash Loans, Farming, Insurance, Oracle, MultiSig, NFT). YANI/WETH DEX pool live with liquidity. 597 blockchain tests passing.

ICO phase activation and whitelist management

Admin UI wired to smart contract for ICO phase transitions and investor whitelist management via wagmi hooks.

Loyalty Store CTA on Home screen

Prominent gradient card linking to /loyalty/store. Fixed useState→useEffect anti-pattern in store catalog loading. Updated logo assets.

Updated Y.A.N.I., YaniChain, and MCP documentation

Y.A.N.I. docs: v3.0 badge + Services section. YaniChain: Sepolia Testnet section. MCP: 14 → 37 tools, version v2.0.0.

100% key parity across 4 locales (5828 keys each)

Added 102 missing keys to ES/RE (12 transport namespaces), 2 to EN. All locales: FR, EN, ES, RE (Kreol Reunion).

ZIP bulk download for card exports

JSZip-based ZIP creation in batchExportCards(). Multiple cards bundled into single download.

PDF statement download endpoint

/api/banking/statements/[id]/download generates PDF bank statements with jsPDF (header, summary, transaction table).

129 test suites / 2854 tests / 0 failures

Added admin export tests (13), pro equipe tests (10), pro rapports+params tests (9), banking statement tests (9). Fixed 9 broken chat tests.

100% rate limiting coverage on all 139 write endpoints

Applied HTTP-level rate limiting to all remaining 71 write routes across 3 categories: auth (5 req/15min), financial/DeFi (10 req/min), and general CRUD (100 req/15min). Defense in depth with dual rate limiting on critical routes like the blockchain faucet.

CRON_SECRET guards on DeFi analytics write endpoints

Added Bearer token authentication to 4 DeFi analytics routes (market, predictions, correlation, volatility) to prevent data poisoning attacks on POST/PATCH handlers.

migrate all console.error to structured logger in API routes

Replaced 341 console.error calls with structured lib/logger.ts across all app/api/ routes. JSON-formatted logs with ISO timestamps and auto-sanitization of sensitive data.

complete API documentation suite with 6 new files

Created comprehensive documentation for payments (12 endpoints), loyalty (15 endpoints), KYC (12 endpoints), blockchain (4 endpoints), DeFi (10 route files), and admin (9 route files). Total: 9/9 API docs complete.

add security-focused test suites for webhooks and rate limiting

New test suites covering Onfido/Stripe webhook verification, faucet rate limiting, DeFi analytics auth guards, rate limiter class behavior, and structured logger formatting.

platform completion reaches ~99% across all systems

ORC iterations 12-13 brought the platform from ~98% to ~99% completion. Admin 100%, PRO 100%, Customer 95%, API Routes 95%, Mobile 100%, Web3 98%, Security 100%, Documentation 95%.

replace Y text icons with branded logo images

Sidebar branding update with proper YaniPay logo images replacing text-based Y icons across all dashboard tiers.

comprehensive production hardening - auth, RBAC, CSP, info leaks

Full security audit: password verification in auth signin, monitoring auth protection, error message sanitization, CSP headers, RBAC enforcement across all API routes.

resolve all 16 TS errors and disable ignoreBuildErrors

Fixed 16 TypeScript strict mode errors across the codebase and removed ignoreBuildErrors flag for production safety.

expand mobile documentation from 21 to 33 pages

Added 12 new mobile doc pages covering loyalty screens, DeFi screens, settings, card/loyalty/notification services, NFC payments, offline architecture, and sync queue.

rewrite SaaS platform documentation with 14 new pages

Complete documentation overhaul: dashboards (Particulier/Pro/Admin), payments, loyalty, identity (KYC), billing, auth API. Sidebar reorganized into 13 sections matching real platform features.

create Apple platform documentation with 11 pages

New documentation platform for Apple ecosystem: iOS app, watchOS, tvOS, visionOS, shared framework, design system, security, and integrations.

implement 3-tier multi-dashboard system with RBAC

Three distinct dashboards: Particulier (cyan, 40+ pages), Professionnel (amber, merchant tools), Admin (red, user mgmt/KYC review/monitoring). Role-based access control with route protection.

auth/signin password verification, monitoring auth, error leaks

Critical security fixes: proper bcrypt password verification in credentials provider, auth middleware for monitoring endpoints, sanitized error responses.

critical production hardening across API routes

Rate limiting enforcement, input validation with Zod, CORS configuration, webhook HMAC verification for Stripe and Onfido integrations.

optimize bundle size and build performance

Tree-shaking improvements, dynamic imports for heavy components (Three.js, charts), image optimization with next/image, reduced initial JS bundle by 30%.

premium metal card section with split layout

Two-column layout with 3D card left, features right. Metal callout (stainless steel 18g, 24K gold), 6 specs grid, 1%-5% YANI cashback, Apple/Google Pay, NFC contactless. Updated 4 locales.

add floating brand icons and fix cart drawer height

14 floating Reunion brand logos (Carrefour, Ravate, Decathlon, Leroy Merlin, etc.) with levitation animation around Hero H1 using Brandfetch CDN. Fixed CartDrawer scrollable area with 100dvh and min-h-0 flex-1.

light mode support, screenshots cleanup, and asset updates

Added dark: prefix support across 30+ section components for light/dark mode. Cleaned up root screenshot files, organized into screenshot/ directory.

add YaniCoinRecharges section with 9 YANI denominations

New section with 9 YANICoin recharge cards (1 to 500 YANI) with cart integration, bonus system, and responsive grid layout (2/3/5 cols).

enrich card content with images and CTA blocks

AppleCardCarouselDemo cards now have 3 content blocks: main description + image, extended description + highlights grid, and CTA block.

add standalone AppleCardCarouselDemo section

New Apple-style carousel showcasing 10 features (8 standard + 2 premium) with full-width card display and carousel translations for 4 locales.

make cards much larger and break out of container

Carousel cards increased to xl:w-[48rem], broke out of max-w-7xl container. Navigation buttons restyled with dark glassmorphism.

increase partner logos size and Brandfetch CDN migration

Partner logos increased to 80x80. Footer and platform integration logos migrated to Brandfetch CDN with proper IDs.

add 20 unique phone animations per section type

Sophisticated phone and dashboard mockup animations for particuliers, professionnels, and institution sections.

add complete page translations for all section pages

Full translations (fr, en, es, re) for particuliers, professionnels, institution, carrieres, unikApp, about, and animation namespaces.

connect like/bookmark/comment to database

Blog interactions (likes, bookmarks, comments) now persist to PostgreSQL via server actions.

connect all forms to database with secure server actions

Contact, newsletter, and feedback forms connected to database with validation and rate limiting.

redesign page with glassmorphism style

YANICoin page redesigned with glassmorphism UI, loyalty integration, and token economics display.

add AI Team page with 19 agents organigramme

New page showcasing the Y.A.N.I hierarchical agent system with interactive org chart.

prevent Failed to fetch errors from MetaMask SDK

Suppressed MetaMask SDK and RPC fetch errors that polluted console in non-Web3 contexts.

add 14 sections for Blockchain page

Complete Blockchain page with Hero, Stats, Particuliers, Professionnels, ICO, Tokenomics, Technology, LiveSimulation, Comparison, Roadmap, Security, Partners, FAQ, CTA sections

integrate PostgreSQL database for blog articles

Added 7 tables (authors, categories, tags, articles, likes, bookmarks, comments) with Prisma ORM and comprehensive server actions

add blog server actions with full CRUD

Server actions for likes, bookmarks, comments, article CRUD, category/author management with transactions

create seed script with 12 articles

Database seed with 5 authors, 5 categories, 35 tags, and 12 full articles with HTML content

redesign Carrières page with 9 sections

Complete careers page with Hero, Stats, Values, Benefits, OpenPositions, Process, Team, Growth, CTA sections

redesign Cart and Checkout flow

Modern cart with items, promo, summary, recommendations and multi-step checkout with progress indicator

redesign Contact, Podcast, Store pages

Contact with methods and form, Podcast with episodes and player, Store NFT with collections and filters

redesign Carte Paiements with 7 sections

Hero, Features, Cashback tiers, Designs, Comparison table, Security, Apply CTA sections

enhance UNIK Card and Platform pages

UNIK Card with 3D preview, designs, limits, testimonials. Platform with dashboard demo, ROI calculator, integrations, white-label

fix icon serialization for client components

Created getCategoryIcon() helper to reconstruct Lucide icons client-side from category slugs

add YaniChat AI assistant with Gemini integration

Full AI chat interface with Google Gemini 2.0 Flash, streaming responses, and conversation history

unify authentication system with getCurrentUser()

Consolidated dual auth (NextAuth + custom JWT) into unified getCurrentUser() pattern for all API routes

migrate 10 API routes from auth() to getCurrentUser()

Profile, sessions, password, billing, subscription, checkout, portal, invoices, and usage routes migrated

add chai-expect plugin for blockchain tests

ESLint flat config with eslint-plugin-chai-expect for proper blockchain test assertions

update SKILLS_ACQUIRED.md with unified auth pattern

Documented JWT authentication system pattern and migration guide for API routes

update ARCHITECTURE.md with API auth pattern

Added API Authentication Pattern section explaining getCurrentUser() usage

update DEVELOPMENT.md with ESLint flat config

Added ESLint configuration section with chai-expect plugin setup for blockchain tests

add DeFi services and screens

Mobile DeFi: stakingService, dexService, 6 screens (dashboard, staking, swap, pools, stake, layout)

add Mobile API documentation (5 pages)

Complete API mobile docs: overview, authentication flow, 60 endpoints reference, offline sync, error handling

complete documentation system with 44 pages

Design System section, complete Mobile docs (17 pages), functional search with Cmd+K, platform/mobile dropdown navigation

update loyalty card modal design & fix billing usage error

Glassmorphism modal redesign with improved UX patterns

update Expo packages for optimal compatibility

Expo SDK 54 package alignment and dependency optimization

resolve all 35 TypeScript errors

Complete TypeScript strict mode compliance for React Native app

sync documents upload with web API

Unified KYC document upload flow across web and mobile platforms

add Documents and Billing API unit tests

Jest test coverage for file uploads and subscription endpoints

integrate KYC and Documents pages with navigation links

Seamless navigation flow between identity verification steps

implement object storage for file uploads

Secure cloud storage integration for KYC documents

implement complete SaaS subscription system with Stripe

Full billing integration with plan management and invoicing

migrate profile and billing APIs to NextAuth v5 auth()

Updated authentication middleware for NextAuth v5 beta

add comprehensive legal pages with regulatory compliance

Terms, privacy policy, and RGPD compliance documentation

redesign all auth pages with split layout

Modern authentication UI with branding integration

reorganize landing page sections for better UX

AIDA-based section ordering with improved conversion flow

implement BIP32Factory HD wallet generation

Hierarchical deterministic wallet generation for multi-chain support

activate Y.A.N.I voice system with ElevenLabs TTS v2

Full voice assistant integration with neural TTS capabilities

add complete DeFi integration guides

Wallet Integration, Building a DApp, Using the AMM, and DAO Proposals guides

create comprehensive guides landing page

Overview page with learning path and 4 detailed tutorials

YaniChain development with smart contracts

YaniCoin ERC-20, PaymentEscrow, and LoyaltyProgram contracts

resolve sidebar overlap with widgets

Fixed content passing behind fixed sidebar with proper z-index and overflow controls

fix Tailwind CSS v4 utility class generation bug

Added manual CSS rules for ml-16, ml-64, mt-*, gap-*, py-* that Tailwind v4 was not generating

fix calc(var()) parsing errors in Tailwind v4

Replaced arbitrary value classes with inline styles in sidebar and 3d-marquee components

exclude markdown files from Tailwind CSS scan

Added @source not directives to prevent CLAUDE.md causing CSS parse errors

add CartProvider to ClientLayout

Fixed useCart hook error by wrapping content with CartProvider context

add complete DeFi ecosystem overview

Comprehensive documentation covering all 3 phases with 1486 total lines

add comprehensive documentation for phases 1-3

Phase-specific docs for Wallets, DEX, and Farming/Governance with API references

correct PriceFeed API to match Prisma schema

Updated GET/POST endpoints to use assetId relation and correct field names

Phase 3 - Yield Farming, Governance DAO & Real-time Prices

Complete implementation of farming pools, DAO voting system, and price feeds

Avancement dans la Phase 2

DEX liquidity pools, AMM swap implementation, and unified DeFi dashboard

Phase 3 en cours

Initial implementation of all 3 phases with 12 API routes and 6 UI pages

resolve all build errors for Phase 1 Design System

Fixed TypeScript errors and build configuration

integrate BEP01-05 (Auth, KYB, Catalogue, Loyalty, Payments & Wallets)

Core business features integration with authentication

add Y.A.N.I. hierarchy placeholder implementations

AI agent system with hierarchical communication structure

add GitHub Actions CI/CD and clean up duplicate JS/JSX files

Continuous integration setup and code cleanup