security(api): Remove transaction registration and server-side logging endopoints

[ronaldsg20]

📌 Summary

Removes the registerTx and logToServer API calls — along with all supporting types — that were sending transaction details and operational log entries to the backend from both the pegin and pegout flows.

🔍 Description

What was changed:

• Deleted ApiService.registerTx() and ApiService.logToServer() methods from ApiService.ts.
• Removed their call sites in ConfirmTx.vue (pegin flyover & native), PegoutForm.vue (pegout flyover & native), and both Flyover store action files (FlyoverPegin/actions.ts, FlyoverPegout/actions.ts).
• Deleted the TxInfo.ts type file entirely (held TxInfo, BaseQuoteDbModel, PeginQuoteDbModel, PegoutQuoteDbModel).
• Removed LogEntry, LogEntryType, and LogEntryOperation from Common.ts.
• Removed the TxInfo barrel export from common/types/index.ts.
• Removed the now-unused computed properties registerFlyover, registerPegout, flyoverProps, nativeProps, getLPName, getProviderFee, currentWallet that existed solely to build the payloads for those calls.
• Removed the useWalletInfo import from PegoutForm.vue (was only needed for currentWallet).
• Deleted the registerTx unit tests from ApiService.spec.ts.
• Added CLAUDE.md with AI assistant guidance and updated .gitignore to exclude .claude/.

Scope of impact:

• No user-facing behavior changes; the pegin and pegout flows continue to work normally.
• The backend /register and /logs endpoints will no longer receive calls from this client.
• Approximately 220 lines of dead code removed.

🧪 How to Test

1. Configure .env.local pointing to a 2wp-api instance (see .env.local.test).
2. Run npm run serve and open https://localhost:8080.
3. Pegin Native flow: Connect a wallet, fill in amount and destination, confirm a transaction. Verify the transaction proceeds to the status page without errors. Check network tab — no POST to /register should occur.
4. Pegin Flyover flow: Select a Flyover quote, confirm and broadcast. Verify success navigation. Confirm no POST to /register or /logs in network traffic.
5. Pegout Native flow: Connect an RSK wallet, fill in BTC recipient and amount, submit. Verify the transaction is sent. Confirm no POST to /register.
6. Pegout Flyover flow: Select a Flyover quote and accept. Verify the transaction is broadcast and the status page is reached. Confirm no POST to /register or /logs.
7. Run npm run test — all tests should pass (the registerTx tests are removed; no other tests should be broken).
8. Run npm run lint — no ESLint errors.

• I have tested this locally
• Unit / integration tests added or updated
• Manual QA performed

🧠 Known Issues / Limitations

• The backend /register and /logs endpoints are now dead from this client. Backend cleanup (removing or deprecating those endpoints) should be tracked separately.
• If future analytics are needed, a privacy-preserving, opt-in mechanism should be designed rather than restoring the removed calls.

📎 Related task

• Issue: SUP-727
• Related PRs: Security/3.4.0 2wp-api#464

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details

Scanned Files

• .github/workflows/build.yml

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud