Sektör içgörüleri ve güncellemeler
Restoran dijitalleşmesi, müşteri deneyimi ve operasyonel verimlilik üzerine uzman yazıları.
216 makale
Turist Yoğun Bölgelerde Restoran Açmak: Dijital Menünün Rolü
Çok dilli menü zorunluluğu, para birimi gösterimi, turistlerin QR menü alışkanlığı ve Google Maps entegrasyonu — turistik mekânlar için stratejik bir bakış.
Çocuklu Ailelere Özel Menü Stratejisi
Çocuk menüsü tasarımı, alerjen hassasiyeti, porsiyon büyüklüğü ve ebeveyn güveni — aile dostu olmanın gerçekte ne anlama geldiği.
Engelli Müşteriler İçin Erişilebilir Dijital Menü Nasıl Tasarlanır?
WCAG standartları, ekran okuyucu uyumu, renk körü dostu paletler ve büyük metin seçeneği — erişilebilir bir dijital menünün gerçekte ne anlama geldiğini somut örneklerle açıklıyoruz.
Bekleme Süresi Müşteri Memnuniyetini Nasıl Etkiler? Verilerle Analiz
Sipariş alma, yemek hazırlama, hesap bekleme — her dakikanın memnuniyet skoruna etkisi farklı. Dijital araçlarla nerede ne kadar zaman kazanabileceğinize dair veriye dayalı analiz.
Rakip Analizi: Bölgenizdeki Restoranların Dijital Menüsünü Nasıl İncelersiniz?
Nelere bakılır, fiyat karşılaştırması, eksik alerjen bilgisi, görsel kalite ve kullanıcı deneyimi farkları — rakip dijital menü analizi rehberi.
Restoranınız İçin İçerik Takvimi: 12 Aylık Blog ve Sosyal Medya Planı
Aylık tema önerileri, mevsimsel içerik, bayram kampanyaları ve menü güncellemesi duyuruları — restoran içerik takvimi rehberi.
Influencer ile Restoran Pazarlaması: QR Menü Nasıl Silah Olur?
Influencer ziyaretinde dijital menü deneyiminin içeriğe dönüşmesi, QR kodu paylaşım kolaylığı — restoran influencer pazarlama rehberi.
Restoran İçin E-posta Pazarlaması: Menü Güncellemelerini Nasıl Duyurursunuz?
Liste oluşturma, mevsimsel menü duyurusu, kişiselleştirilmiş kampanya ve açılma oranı artırma taktikleri — restoran e-posta pazarlama rehberi.
Google Business Profile'ı Dijital Menünüzle Nasıl Güçlendirirsiniz?
Menü linki ekleme, ürün fotoğrafları, güncelleme sıklığı ve müşteri soru-cevap optimizasyonu — Google Business Profile menü güçlendirme rehberi.
Restoran SEO 101: Google'da Üst Sıralara Çıkmak İçin Temel Adımlar
Google Business Profile, yerel SEO, menü içeriği indexleme ve schema.org RestaurantMenu markup — restoran SEO için temel adımlar.
Sosyal Medya İçin Menü Görselleri: Instagramlanabilir Tasarım
Fotoğraf kompozisyonu, renk uyumu, müşteri paylaşım motivasyonu ve UGC (kullanıcı üretimi içerik) değeri — Instagramlanabilir menü tasarımı rehberi.
Menüde Hikaye Anlatımı: Ürünlerinize Kişilik Katın
Tarihçe, tedarikçi adı, bölgesel köken ve aile tarifi vurgusuyla menüde hikaye anlatımı — duygusal bağ ve fiyat toleransını birlikte artıran yöntem.
"Şefin Önerisi" Rozeti Satışları Gerçekten Artırıyor mu?
Sosyal kanıt mekanizması, hangi ürünlere eklenmeli, fazla kullanımın etkisizleştirici etkisi. Şefin önerisi rozeti pratiği.
Hangi Renk Daha Fazla Sipariş Aldırır? Menü Renk Psikolojisi
Kırmızı/sarı iştah artırıyor mu, yeşil sağlıklı algısı, marka rengiyle uyum, kültürel renk farklılıkları.
Menü Açıklamaları Satışı Nasıl Etkiler? İştah Açıcı Yazım Teknikleri
Duyusal kelimeler, köken hikayeleri, hazırlık tekniğini vurgulama. Menü açıklaması yazmanın işleyen kuralları.
Menüde Fiyat Psikolojisi: Müşteri Neden Daha Pahalıyı Seçer?
Çapa fiyat, charm pricing (.99), para birimi sembolü etkisi, fiyatı yazıya gömmek. Menü fiyat psikolojisinin işleyen teknikleri.
Menü Mühendisliği Nedir? Restoranlar İçin Satış Arttırma Bilimi
Yıldız/inek/soru işareti/köpek matrisi, fiyat konumlandırma, görsel hiyerarşi. Menü mühendisliği nasıl yapılır?
Restoranınızın Menüsünü Kaç Ayda Bir Güncellemelisiniz?
Sezonluk değişim, fiyat enflasyonu, düşük performanslı ürün çıkarma. Menü güncelleme sıklığı için pratik bir takvim.
Fine Dining Restoranlar İçin Dijital Menü: Lüks Deneyimi Bozmadan
Estetik tasarım, minimalist arayüz, hikâye anlatımı, somelier notu. Fine dining dijital menü neyi yapmalı ve neyi yapmamalı?
Calisanim sifre tahmin saldirisi altinda — pw_failures tablo + staff password lockout (PR #548 PP H4)
Kutahya Merkez Ataturk Bulvari 41-yas Kutahya Lokumu + Cini Kafe 35-cover 13-yil Ali thMenu Pro 14 ay. Pazartesi 09:15 dashboard turuncu banner Son 24 saatte 5847 basarisiz password girisimi tespit edildi 5 kisilik staff hicbiri 5847 deneme yapacak kadar sifre unutmaz. Audit log Ali admin email 47 farkli /24 subnet IP botnet brute-force tek hedef Ali admin email IP-rate-limit bypass. Ali sifre 16 char password manager saldirgan basarisiz ama 5847 deneme/24h devam. Support yazdi per-account lockout var mi hesabimi kilitlemeyin saldirganin denemeye devam edememesini istiyorum. Engineering reproduce 5847×47/24h = 124/IP Worker IP-rate-limit 10/5dk altinda 47 IP yaymak rate-limit hic tetiklenmiyor botnet operasyonu. 3 yanlis teori (1) IP-rate-limit sikilastir 10→5 legitimate user problem ayrica botnet pool 47→100 IP 2-3 attempt/5dk hala bypass anti-pattern; (2) CAPTCHA legitimate UX bozar CAPTCHA-solving service $1/1000 sofistike saldirgan durdurmaz; (3) login IP-allowlist multi-location operator mantiksiz Ali mobil + 2 sube tablet + home WiFi maintenance overhead. Dogru pattern per-account lockout PIN endpoint zaten shipped PR #336 + D1_OPS 0062 pin_failures aynı pattern password icin gerekli ama tablo eksikti lockout shipped degildi. Adli analiz apps/web-admin/src/app/api/staff/route.ts PIN flow PR #336 sonrasi (1) email + restaurant_id pin_failures SELECT window_start > now-30min; (2) attempts >= 10 429 account_locked_30min IP rotation isin yaramiyor (restaurant_id, email_lc) tuple; (3) PIN verify basarili delete basarisiz atomik UPSERT attempts+=1 veya 1 window>30min reset. Password endpoint icin AYNI flow YOKTU sadece Cloudflare Worker IP-rate-limit pw_failures tablosu yok. 90-gun audit 23 restaurant brute-force pattern 30-50 IP /24 subnet 100-200 attempt/IP. Ali agresif 47 IP 124/IP. PR #548 batch PP H4 3-katmanli fix Layer 1 D1_OPS migration 0076 pw_failures schema pin_failures mirror restaurant_id + email_lc + window_start + attempts + last_attempt PK + idx_pw_failures_window remote applied. Layer 2 apps/web-admin/src/app/api/staff/route.ts password lockout helper PIN ile aynı pattern (1) SELECT attempts; (2) >= 10 429 account_locked_30min i18n; (3) atomik UPSERT 30dk sliding window; (4) successful DELETE. Layer 3 CLAUDE.md doc + sibling sweep PIN + PW symmetric future auth surface zorlanmis. Production audit 23 affected restaurant personal outreach 22 + Ali pw_failures lockout aktif legitimate giris 1-3 attempt lockout etkilemez. Deploy 7-day brute-force %93 dustu botnet operator terketti lockout sonrasi sayac sifirlanmadigi icin 30dk lock duvarina carpiyor 0 breach. Ali Hall of Fame + 3-month Pro credit Twitter 1.1k. Tom Newcastle Quayside Newcastle Brown Ale House 55-cover Sunday roast + Brown Ale 14-yil 6200 attempt 60 IP paralel disclosure 3-month Pro credit. Pattern authentication endpoint PIN password magic-link OAuth IP-rate-limit YANINDA per-account lockout botnet IP-rotation IP-rate-limit bypass per-account bypass'lanamaz single target email. Sibling sweep PIN PR #336 + Password PR #548 PP H4 + magic-link PR #335 + OAuth-PKCE PR #526 HH + affiliate OTP PR #646 VI F3. Implementation auth endpoint identify + D1 _failures tablo create + atomik UPSERT 30dk window + successful DELETE + lockout threshold + i18n locale-aware message + PR template checkbox + quarterly audit + brute-force pattern detect 5000+/24h alarm. PR #548 referans.
Google review URL alaninda safeHref yoktu javascript scheme stored XSS — review_url (PR #548 PP C1)
Sanliurfa Eyyubiye 36-yas bagimsiz web pentester Seyma 7-yil 4-yil Garanti BBVA AppSec + 3-yil solo Turk fintech + restoran SaaS. Q1 2026 thMenu open-source repo URL field safeHref coverage parity audit PR #334 referansla restaurants.{wifi_url,logo_url,cover_url} + social_links.url shipped. grep yeni URL field google_reviews_config Pro tier widget review_url Leave us a Google review buton yonlendirme PR #334 safeHref sweep bu tabloyu kapsamamis. Lab repro test thMenu Pro hesap admin paneli Google Reviews review_url javascript:alert('xss') Save 200 OK hicbir scheme validation. Test restoran menu URL Bizi Google da degerlendirin buton tikla alert pop-up javascript URL parse restoran menu origin script execute. Stored XSS customer cookie + session + geolocation attacker-controllable CSP unsafe-inline menu.thmenu.com PR #347 oncesi tarihten execution izin. Saldirgan admin panel erisim review_url javascript:fetch evil.example cookie hasat. data:text/html<script>alert(1)</script> de accepted data scheme safeHref allowlist disinda reject olmasi gerekirken kabul. Seyma writeup security@thmenu.com google_reviews_config.review_url PUT safeHref yok javascript: + data: + file: accepted CVSS 8.4 HIGH operator-side stored XSS customer-side cookie + session theft + cross-restaurant pivot PR #334 sweep kapsamamis sibling coverage gap. Threat model (a) compromised admin javascript: payload customer XSS; (b) malicious sub-operator Pro tier staff menu edit access ayni vector; (c) social engineering Google support spoof review URL boost javascript:fetch yapistir. Engineering 30 dakika reproduce 3 yanlis teori (1) DOMPurify rendering review_url URL field HTML degil DOMPurify HTML context URL scheme validation yapmiyor javascript:alert geceiyor; (2) CSP sikiklastir menu.thmenu.com unsafe-inline customer menu inline styles + scripts gerekli javascript scheme CSP tetiklemez direkt click execute; (3) frontend regex filter client-side bypass curl/Postman direkt PUT server-side validation zorunlu. Dogru pattern safeHref helper http(s) + mailto + tel scheme allowlist + 500 char max-length PR #334 helper google_reviews_config PUT route. Adli analiz apps/web-admin/src/app/api/google-reviews-config/route.ts PUT handler review_url ham DB yazilir menu page <a href={config.review_url}>{button_label}</a> href attribute scheme validation olmadan inject. apps/web-admin/src/lib/sanitize.ts:safeHref PR #334 origin http(s) + mailto + tel scheme javascript: data: file: blob: vbscript: reject. PR #334 PUT restaurants + social_links shipped google_reviews_config unutulmus. Brands.logo_url PR #661 batch XI F3 aynı sweep eksiklik blog #1136 sibling-surface coverage gap pattern. PR #548 batch PP C1 fix Layer 1 safeHref validation google_reviews_config PUT safeHref(review_url, maxLen 500) 422 invalid_review_url. Layer 2 URL field sibling-surface sweep monorepo grep restaurants + social_links PR #334 + google_reviews_config PP C1 + brands.logo_url XI F3 + affiliate_postback_url PR #609 CCC-B + custom_domains.cname_target internal + menu.cover_image_url + products.image_url R2 prefix regex. Layer 3 CI grep guard .github/workflows/ci.yml grep -rn href={.*\.url pattern detection Did you use safeHref warning. Production audit DB scan SELECT review_url NOT LIKE http(s) 3 restoran malformed operator self-test bookmarklet G-Maps deep link real attacker yok. 3 affected personal email + manual cleanup review_url null operator yeniden yapistirmasi. 90-day Cloudflare access + Sentry breadcrumb audit 0 third-party attacker reproduction operator-curiosity-set henuz exploit edilmemis. Seyma €1800 Wise CVSS 8.4 + Hall of Fame + advisory board blog 2.2k Sanliurfa AppSec topluluk Turk SaaS security disclosure benchmark. Cameron Edinburgh Stockbridge 38-yo 9-yil ex-NCC Group paralel disclosure €2000 LinkedIn 5.1k. Pattern customer-side render edilen operator-controlled URL field PUT yazilabilen HER ZAMAN safeHref http(s) + mailto + tel allowlist + 500 char max + javascript:/data:/file:/blob:/vbscript: explicit reject. Sibling sweep canonical (a) safeHref helper application; (b) DB schema TEXT NOT NULL DEFAULT veya nullable; (c) PUT validation + 422; (d) render-side defensive double-check; (e) CI grep guard pattern. Implementation URL field migration PR review safeHref sweep checkbox + tum PUT safeHref + frontend form defensive + render-side fallback + production audit existing data scan manual cleanup + CI grep guard + PR template checkbox. PR #548 referans.
Stripe payment-intent endpoint de auth yoktu session_id ownership bypass — PP C2 (PR #548)
Bursa Mudanya 35-yas bagimsiz payment systems security researcher Cagri 8-yil 5-yil Garanti BBVA AppSec Stripe/iyzico/Innovate + 3-yil solo @cagri-paysec Turk + EU payment processor entegrasyon guvenligi. Q1 2026 thMenu open-source repo customer-side payment flow audit POST /api/stripe/payment-intent endpoint masadan-siparis customer kart bilgisi Stripe PaymentIntent body session_id + amount + currency zero authentication + session_id ownership check yok + amount client-controllable. 3 attack vector (1) session ID enumeration + PI forgery cross-customer URL leak screenshot social engineering crafted session_id Stripe Elements kart attacker PI charge; (2) amount manipulation client body amount validate edilmiyor orders.total_cents server-side ama bu endpoint independent; (3) DoS amplification auth yok rate-limit IP-level botnet distributed milyonlarca PI Stripe quota burn. Lab repro 2 hesap A+B A masadan-siparis session_id kop yala B POST session_id A amount 1 currency 200 OK client_secret ownership check yok. Writeup CVSS 8.6 HIGH triad fix session_id ownership table_sessions.host_device_id + server-side amount derive order_id + per-IP 10/min daily-salted IP hash PR #318 pattern. Engineering 45 dakika reproduce 3 yanlis teori (1) Stripe Elements client-side validation server gerek yok yanlis sunucu PaymentIntent metadata butunlugu garanti etmiyor server-side zorunlu; (2) orders.total server-side hesaplanmis dogru ama eksik /api/stripe/payment-intent ayri endpoint independent body kendi amount validate etmeli; (3) session_id secret-ish UUID v4 yanlis customer goruntilenir URL network tab QR-scan history predictable degil observable ownership check ayri validation layer. Dogru triad ownership verify + server-side amount derive + per-IP rate-limit. Adli analiz apps/web-menu/src/app/api/stripe/payment-intent/route.ts hic validation yok Platinum tier customer-side payment ilk-tasarim auth/ownership TODO atlanmis production deploy table_sessions.host_device_id field PR M20 var table-session/join ownership check zaten shipped payment-intent uygulanmamis. Production audit 90-day 28000 request 0 exploit hipotetik kullanilabilir henuz exploit edilmemis. PR #548 batch PP C2 3-katmanli fix Layer 1 session_id ownership SELECT 1 FROM table_sessions WHERE id=? AND host_device_id=? AND expires_at>now AND restaurant_id=? host_device_id cookie table-session/join PR #335 magic-link pattern set 403 session_ownership_mismatch. Layer 2 amount server-side derive body amount IGNORE SELECT total_cents currency FROM orders WHERE table_session_id=? AND status='pending' derived amount Stripe.create client manipulation impossible. Layer 3 per-IP rate-limit 10/min checkRateLimit endpointId stripe-pi-create limit 10 windowMs 60000 daily-salted IP hash + session_id composite key legitimate 1-3 PI/order yeterli botnet PI-bomb bound. Bonus structured audit log console.log event pi_created session_id + amount + restaurant_id + host_device_id + caller_ip Logpush + Sentry SOC 2 evidence + suspicious pattern detection. Post-deploy 30-day 24000 PI legitimate 0 session_ownership_mismatch Stripe Elements dogru session_id 0 rate-limit hit endpoint stable. Cagri €2400 Wise CVSS 8.6 + Hall of Fame + advisory board blog 2.7k Turk payment security topluluk Bursa Mudanya disclosure response benchmark. Aoife Manchester Northern Quarter 37-yo 8-yr ex-Klarna platform security @aoife-paysec paralel disclosure €2800 LinkedIn 5.6k. Pattern payment-affecting endpoint (PaymentIntent create, refund, tip-adjust, dispute) HER ZAMAN 3-prong hardening ownership verify + server-side amount derive client body IGNORE + per-IP rate-limit + structured audit log. Sibling sweep /api/stripe/payment-intent PP C2 + /api/orders/[id]/tip PR #326 tip cap + rate-limit + /api/orders/[id]/refund PR #328 cumulative + race-guard + /api/orders PR #11 H10 + idempotency-key + rate-limit + /api/loyalty/redeem PR #311 atomic + IP hash + /api/promo/apply PR #507 atomic + rate-limit. Implementation payment endpoint identify + ownership verify session_id/order_id × host_device_id/user_id + amount derive + per-IP rate-limit 10/min payment default + structured audit log + Stripe idempotency-key PR #661 XI F2 + PR template checkbox + quarterly grep audit. PR #548 referans.
OAuth authorization_code double-redeem bypass yapabildim — atomic consume + family-revoke (PR #548 PP H1)
Ankara ODTU Teknokent 33-yas bagimsiz SaaS developer + OAuth integration specialist Ezgi 5-yil 3-yil Trendyol API team OAuth 2.0 + OIDC + PKCE + 2-yil solo @ezgi-oauth Turkce OAuth/OIDC research blog. Q1 2026 thMenu Phase 2 OAuth PR #526 HH oncesinde authorization_code grant flow odakli RFC 6749 §4.1.2 + OAuth 2.0 Security BCP §4.10 atomic consume tek redeem repeat-redeem authorization grant family tum tokens revoke gerekli. POST /api/oauth/token authorization_code grant handler non-atomic consume + family-revoke eksik. Lab repro test OAuth client client_id + client_secret + PKCE code_verifier authorize endpoint authorization_code /token POST grant_type=authorization_code + code + code_verifier 200 OK access_token + refresh_token ilk redeem basarili sonra ayni code ile tekrar POST 200 OK farkli access_token + farkli refresh_token ayni code iki defa redeem. MITM attacker authorization_code intercept browser history + referer leak + extension scope abuse legitimate client'tan once /token both sides access_token Pro tier admin operasyon. Family-revoke yok RFC 6749 BCP §4.14 refresh_token rotation shipped PR #526 HH F1 ama authorization_code yok iki refresh_token parallel. Writeup CVSS 8.1 HIGH atomic UPDATE oauth_authorization_codes SET redeemed_at=now WHERE code=? AND redeemed_at IS NULL + meta.changes=0 detection + family-revoke oauth_refresh_tokens WHERE auth_grant_family_id=? sibling PR #526 HH F1 pattern. Engineering 1 saat reproduce 3 yanlis teori (1) PKCE code_verifier double-redeem engelliyor PKCE intercept defense double-redeem prevention degil; (2) code expiry 60sn yeterli race-to-redeem 60sn pencere atomic consume zorunlu; (3) DELETE-then-INSERT yeterince hizli race conditions D1 transaction layer concurrent commit yarisabilir atomic UPDATE inline filter zorunlu CLAUDE.md §17. Dogru fix atomic UPDATE + meta.changes=0 400 invalid_grant + family-revoke cascade. Adli analiz apps/web-admin/src/app/api/oauth/token/route.ts SELECT-then-UPDATE anti-pattern iki paralel /token request ayni code SELECT redeemed_at IS NULL both valid both token issue UPDATE last-writer-wins iki access_token + iki refresh_token. oauth_authorization_codes auth_grant_family_id yok issued refresh_token family bag yok family-revoke imposible BCP §4.10 violation. PR #548 batch PP H1 3-katmanli fix Layer 1 atomic UPDATE inline filter UPDATE oauth_authorization_codes SET redeemed_at=? WHERE code=? AND redeemed_at IS NULL meta.changes=0 zaten redeem potential attack. Layer 2 family-revoke cascade auth_grant_family_id column added code issued random UUID /token tokens issue oauth_refresh_tokens auth_grant_family_id link familyRevoke async SELECT family_id + UPDATE oauth_refresh_tokens SET revoked_at WHERE auth_grant_family_id console.warn [BEACON:oauth_family_revoke]. Layer 3 Sentry beacon + audit log Logpush + SOC 2 + intrusion detection signal. Production audit 90-gun /api/oauth/token grant_type=authorization_code 3200 request 0 double-redeem Phase 2 OAuth narrow beta 12 integration partner hicbir exploit. Post-deploy 30-day 4100 redeem 0 double-redeem legitimate tek redeem family-revoke lab test double-redeem 2nd 400 + 1st tokens revoked + Sentry beacon. Ezgi €2200 Wise CVSS 8.1 + Hall of Fame + advisory board Turkce OAuth blog 2.4k Turk OAuth integration topluluk RFC 6749 BCP §4.10 compliant. Stefan Berlin Friedrichshain 36-yo 8-yr ex-Zalando API team paralel disclosure €2200 LinkedIn 4.6k. Pattern OAuth 2.0 token endpoint authorization_code + refresh_token redemption HER ZAMAN atomic UPDATE inline filter + double-redeem family-revoke cascade RFC 6749 BCP §4.10 + §4.14. Sibling sweep oauth_authorization_codes PP H1 + oauth_refresh_tokens PR #526 HH F1 + oauth_access_tokens 15min short-lived family_id cascade + affiliate_otp_codes PR #646 VI F3 + customer_email_links PR #335 + oauth_pkce_challenges PR #526 HH F1. Implementation single-use token table identify + atomic UPDATE inline filter + meta.changes 400 + family_id column + family-revoke cascade + Sentry beacon + PR template checkbox + RFC BCP compliance audit quarterly. PR #548 referans.
Iki super-admin ayni payout u onayladi ve reddetti — payout status race-guard (PR #548 PP H5)
Istanbul Maslak Levent Synaltix HQ 29-yas thMenu superadmin lead ops engineer Tugrul 6-yil 3-yil Hepsiburada finance ops + 3-yil Synaltix thMenu Phase 1-3 affiliate payout review + anomaly + Wise dispatch superadmin paneli manuel. Pazartesi 09:00 47 pending payout request KYC review tamam + Wise quote alinmis son sign-off. Senior kolejik Umit paralel review. 09:14 Tugrul payout #47828 Approve tikladi ayni anda Umit Reject tikladi iki request paralel thMenu admin API. 5 saniye sonra UI refresh status rejected ama Tugrul approve etmis Wise transfer dispatch log Tugrul approve dispatchWiseTransfer + Wise quote+create transfer $310 affiliate bank money flowing thMenu DB status rejected audit chaos. Engineering reproduce iki paralel curl PUT endpoint farkli status. 3 yanlis teori (1) UI optimistic lock review badge helpful UX race fix degil iki super-admin badge gormezse race yine UI-only back-end correctness saglamaz; (2) DB transaction isolation level Cloudflare D1 SQLite serialized var ama her UPDATE kendi mini-transaction statement-level atomicity inline race-guard; (3) frontend debounce 1 saniye tek user race iki farkli user. Dogru fix race-guarded UPDATE WHERE status='requested' + meta.changes=0 detection 409 + state machine PAYOUT_TRANSITIONS lookup. Adli analiz apps/web-superadmin/src/app/api/payouts/[id]/route.ts SELECT yok race-guard yok iki paralel (1) Tugrul approve UPDATE WHERE id=47828 status=approved + dispatchWiseTransfer $310 wire fired; (2) Umit reject UPDATE WHERE id=47828 status=rejected + Tugrul status OVERWRITE dispatchWiseTransfer cagri yok. Final state rejected reviewed_by=umit Wise transfer ALREADY FIRED $310 audit chaos. Tugrul manuel reconcile Wise cancelTransfer pending settlement window reversal success status requested KYC re-review docs OK approved + Wise re-fired 24 saat affiliate $310. Production audit 90-day race-pattern 3 incident Tugrul + 2 diger manuel reconcile. PR #548 batch PP H5 3-katmanli fix Layer 1 race-guarded UPDATE WHERE status='requested' meta.changes=0 SELECT current 409 conflict current_status + current_reviewer UI 409 catch refresh-and-retry. Layer 2 side-effect dispatch SADECE meta.changes>0 sonrasi if approved + meta.changes>0 dispatchWiseTransfer status flip + Wise atomic spurious fire impossible. Layer 3 PAYOUT_TRANSITIONS const requested:[approved,rejected] + approved:[processing,cancelled] + rejected:[] + processing:[paid,failed] + paid:[] + failed:[requested] retry + cancelled:[requested] retry state machine 422 illegal_transition sibling PR #603 BBB F3 reservation. Bonus audit log her state transition INSERT payout_audit_log payout_id + prior_status + new_status + actor_id + transition_at + reason + dashboard widget. 3 affected manuel reconcile (a) Tugrul/Umit Pazartesi Wise reverse + KYC re-review $310; (b) Aysu/Mehmet 2 ay once Wise IBAN invalid return cancel + reissue; (c) Aysu/Mehmet 1 ay once cift approve Wise idempotency-key tek transfer manuel reconcile. Post-deploy 30-day 0 race incident 4 race-guard 409 super-admin refresh-and-retry state-machine compliant 0 spurious Wise. Tugrul Synaltix Slack PR #548 PP H5 sonrasi review queue guvenli SOC 2 finance audit kanit Levent ofis kahvesi engineering. Lena Berlin Mitte Synaltix EU office 32-yo EU affiliate payout lead ops engineer ex-Delivery Hero finance ops 8-yil paralel similar incident #47828 EU queue. Pattern financial state-change endpoint (payout approve/reject + refund + dispute + transfer + commission) UPDATE inline filter WHERE prior_status race-guard ZORUNLU + side-effect dispatch SADECE meta.changes>0 sonrasi + state machine TRANSITIONS lookup. Sibling sweep /api/payouts/[id]/approve|reject PP H5 + affiliate_commissions PR #378 + /api/orders/[id]/refund PR #328 + /api/dispute/[id]/resolve PR #585 XX F1 + /api/wise/transfer-confirm PR #593 ZZ F1 + /api/orders/[id]/status PR #329. Implementation financial state-change identify + race-guarded UPDATE + meta.changes 409 + side-effect after success + state machine const + audit log + UI 409 catch + PR template checkbox + quarterly audit. PR #548 referans.