Document telegram-native task 5 foundation
This commit is contained in:
40
09 - Audits/Task 5.7 Telegram Admin Support Surface.md
Normal file
40
09 - Audits/Task 5.7 Telegram Admin Support Surface.md
Normal file
@@ -0,0 +1,40 @@
|
||||
---
|
||||
title: Task 5.7 Telegram Admin Support Surface
|
||||
tags: [taskmaster, telegram, admin, support]
|
||||
created: 2026-05-24
|
||||
status: planned
|
||||
---
|
||||
|
||||
# Task 5.7 Telegram Admin Support Surface
|
||||
|
||||
Task 5.7 is not complete in this first Task 5 pass. This document defines the
|
||||
admin/support scope required for Telegram-originated cases.
|
||||
|
||||
## Required admin/support visibility
|
||||
|
||||
- Telegram linked identity on user profile.
|
||||
- Bot notification status and blocked-bot state.
|
||||
- Mini App launch source and latest Telegram session metadata.
|
||||
- Payment provider and wallet/payment references for Telegram-originated intents.
|
||||
- Telegram webhook/callback event history for support investigation.
|
||||
|
||||
## Required admin/support actions
|
||||
|
||||
- Resend link prompt.
|
||||
- Revoke Telegram link.
|
||||
- Block Telegram bot access for a user.
|
||||
- Inspect Telegram-originated event history.
|
||||
- Escalate payment/dispute issues to canonical admin workflows.
|
||||
|
||||
## Security requirements
|
||||
|
||||
- Admin overrides remain gated by Task 4 step-up/two-person controls.
|
||||
- Support can inspect Telegram context but cannot mutate funds state.
|
||||
- Every support/admin action writes structured audit metadata.
|
||||
|
||||
## Required tests
|
||||
|
||||
- Support can read Telegram link metadata but cannot release/refund funds.
|
||||
- Admin link revocation invalidates active Telegram link.
|
||||
- Blocked Telegram user cannot create a new Mini App session.
|
||||
- Admin override paths still require step-up when configured.
|
||||
Reference in New Issue
Block a user