Commit Graph

225 Commits

Author SHA1 Message Date
Siavash Sameni
798fa2f48e docs: sync from backend 896f17f - persist webhook confirmations 2026-05-31 15:08:50 +04:00
Siavash Sameni
0bd3fe5598 docs: sync from backend cab0719 - align request budget validation 2026-05-31 14:46:59 +04:00
Siavash Sameni
773f5db454 docs: sync from backend 3a50dc4 - promote postgres integration 2026-05-31 14:20:40 +04:00
moojttaba
622dbe4dcb Merge branch 'main' of ssh://git.manko.yoga:222/nick/nick-doc 2026-05-31 07:50:51 +03:30
Siavash Sameni
dceaf82934 audit: 2026-05-30 full-codebase audit — report, issues, docs, runbooks
Full-codebase-audit 2026-05-30 outputs:
- Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md
- 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer).
- Scanner docs from scratch (was zero): architecture, data model, API ref, payment
  flow, operations runbook + repo README.
- Doc-sync updates across API reference, data models, flows, design system.
- Secret Rotation Runbook (08 - Operations) for the exposed credentials.
- Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js.

Issues remain status:open intentionally — the code fixes are uncommitted-then-committed
working-tree changes per repo and aren't "resolved" until merged/deployed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-30 18:48:04 +04:00
Siavash Sameni
eab1d77582 docs(issues): mark ISSUE-003 through ISSUE-006 resolved, update index
Index: 47 open (8 critical, 39 major), 6 resolved.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-30 18:48:04 +04:00
Siavash Sameni
12348ebb80 docs(issues): mark ISSUE-001 and ISSUE-002 resolved, update index
Both dispute privilege-escalation issues fixed in backend disputeRoutes.ts.
Index updated: 51 open (12 critical), 2 resolved.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-30 18:48:04 +04:00
moojttaba
c6bbb4bdcb docs: sync from frontend 9013b70 — staged node-package upgrade + TS6 test fix + lint sweep
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-30 03:20:28 +03:30
Siavash Sameni
7a616744f4 docs: complete code-reality alignment for remaining docs + reconcile issue set
Remaining docs updated to match code (the docs that the first pass had not covered):
- Flows: Chat, Referral, Rating, Registration, Google OAuth, Negotiation, Payout,
  Trezor Safekeeping — corrected endpoints, socket events, status enums, auth gaps
- API Reference: User API, Trezor API — admin route prefix/verb/status corrections,
  added undocumented endpoints (ton-proof challenge, profile email verify,
  GET /trezor/account, POST /trezor/verify-operation)
- Data Models: Chat, Notification, Payment, PointTransaction, User — corrected
  enums (PaymentProvider, escrowState, PointTransaction.type, User.status),
  90-day notification TTL, soft-delete semantics, wallet fields

Trezor "zero frontend" finding (audit C31/C32) corrected as STALE:
- Verified current code HAS a full frontend Trezor implementation (admin/trezor
  page, TrezorSettingsView, trezorConnector via @trezor/connect-web,
  TrezorSignDialog, actions/trezor.ts building the {message,signature} object)
- Fixed Trezor Safekeeping Flow doc (removed false "no frontend" warnings)
- Reclassified ISSUE-012 as invalid/superseded with explanation

Issue set reconciled to a single canonical numbering (ISSUE-001..054):
- Adopted the comprehensive 51-issue set (long-slug, fully indexed)
- Removed 35 superseded short-slug duplicates from the first pass
- Removed a duplicate ISSUE-046 file
- Added 3 issues the 51-set lacked: ISSUE-052 (completed-not-counted-in-stats),
  ISSUE-053 (axios 401-only interceptor), ISSUE-054 (rate limiter counts all attempts)
- Regenerated Issues Index: 53 open (14 critical, 39 major) + 1 invalid

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-29 15:15:02 +04:00
Siavash Sameni
9698ec5809 docs: align API reference and data model docs with code reality
API Reference (9 files updated):
- Marketplace API: corrected offer endpoints (scoped under /purchase-requests/:id/offers),
  marked phantom /search /stats /seller/:sellerId /withdraw routes as NOT IMPLEMENTED,
  documented PUT→PATCH mismatches, removed invalid SellerOffer 'active' status
- Dispute API: corrected resolve schema (action enum), categories (no 'fraud'),
  removed 'under_review' status, added security callouts (3 unguarded endpoints),
  route shadowing documented, all socket events marked as TODO stubs
- Notification API: corrected mark-all-read method+path, fixed broken GET /:id,
  added unread-count-update event, 90-day TTL documented
- Payment API: /create→/save, removed 10+ phantom endpoints, fixed release/refund
  paths (no /shkeeper/ segment), added 3 unauthenticated endpoint security warnings,
  stats undercounting documented, export privilege gap documented
- Authentication API: 8-digit→6-digit code, no-complexity warning on reset-with-code,
  rate limiter counts all attempts, passkey stub claims removed, deleteAccount bug noted
- Admin API: PUT→PATCH bug documented, wrong status values documented, hard vs soft
  delete clarified, scanner no-auth security bug, 3 NOT IMPLEMENTED endpoints
- Chat API: file upload wrong endpoint bug, archive PUT→PATCH bug, rate limits added
- Points API: corrected redeem schema, referral triggers on 'completed' only,
  leaderboard period ignored, removed 'refund' PointTransaction type
- Socket Events: removed request-cancelled, notification-read; added unread-count-update;
  dispute events all stubs; referral-signup is auth-domain not points-domain

Data Models (3 files updated):
- SellerOffer: removed 'active' from status enum, withdrawOffer() is dead code
- PurchaseRequest: added pending_payment/active statuses, added 'urgent' urgency,
  corrected description minimum (5 chars), removed finalized/archived
- Dispute: corrected action enum, categories (no fraud), removed under_review,
  security callout on unguarded status/resolve endpoints

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-29 14:57:47 +04:00
Siavash Sameni
a1f056e6a5 docs: align flow docs with code reality + create 35 implementation issue files
Flow docs updated (11 files):
- Delivery Confirmation: reversed actor roles (buyer generates, seller verifies),
  fixed endpoint paths (/delivery-code/generate, /delivery-code/verify)
- Passkey (WebAuthn): removed stub/simulated-key claims; real @simplewebauthn/server
  attestation is implemented; refresh tokens are persisted
- Dispute: corrected resolve schema (action enum), removed non-existent statuses,
  documented security gaps (no role guards on status/resolve/assign), route shadowing,
  all socket events are TODO stubs
- Seller Offer: corrected all endpoint paths, removed 'active' status, documented
  withdraw dead code, missing seller history page, select-offer notification gap
- Notification: corrected mark-all-read method+path, fixed GET /:id broken lookup,
  added unread-count-update socket event
- Authentication: corrected rate limiter (counts all attempts), axios 403 not handled,
  deleteAccount wrong endpoint bug, changePassword no UI
- Password Reset: corrected 6-digit code (not 8), documented no-complexity gap on
  reset-with-code vs token reset
- Payment Flow DePay: /create→/save, removed phantom sub-routes, SIM_ bypass risk,
  PaymentProvider type gap, getProviderIntentEndpoint routing bug
- Payment Flow SHKeeper: removed phantom polling endpoint, fixed release/refund paths
- Purchase Request: added pending_payment/active statuses, fixed sellers/attachments
  endpoints, corrected socket events, PUT→PATCH bug
- Escrow: documented dispute resolve does not touch escrow, route shadowing, confirm-delivery auth gap

Issues created (35 files in Issues/):
- 9 security issues (critical) including: dispute privilege escalation ×4,
  unauthenticated payment/scanner endpoints ×2, SIM_ production bypass,
  confirm-delivery ownership gap
- 26 additional major/critical bugs covering broken endpoints, missing features,
  data integrity gaps, and frontend-backend mismatches

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-29 14:47:49 +04:00
Siavash Sameni
5113b0df23 docs: add doc vs code audit report and comprehensive UAT test plan (2026-05-29)
228 findings (35 critical, 123 major, 54 minor) across 8 domains.
513 UAT test cases (165 P0, 233 P1, 102 P2, 13 P3) across 9 domains.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-29 14:32:02 +04:00
Siavash Sameni
0e5b37ca14 chore(taskmaster): mark task #13 done — AMN Pay Scanner fully implemented (Kimi, 2026-05-29) 2026-05-29 13:39:49 +04:00
Siavash Sameni
67cfe4469b docs: sync from backend cdc8df1 + frontend a5dd48e + scanner 8fee27e — AMN Pay Scanner
- Activity Log: new entry for AMN Pay Scanner implementation
- Environment Variables: document AMN_SCANNER_URL, AMN_SCANNER_WEBHOOK_SECRET, AMN_SCANNER_DEFAULT
- PRD status table: mark all components implemented
2026-05-29 13:07:07 +04:00
Siavash Sameni
04f158e5f3 chore(taskmaster): add tasks #13 (AMN Pay Scanner) and #14 (sweep service — Kimi) 2026-05-29 12:34:40 +04:00
Siavash Sameni
93a7a7f7b6 docs: restructure RN retirement PRD — standalone Go microservice (AMN Pay Scanner) 2026-05-29 12:30:53 +04:00
Siavash Sameni
4f09b1356e docs: PRD for retiring RN API with in-house payment scanner (task #13) 2026-05-29 12:26:51 +04:00
Siavash Sameni
eeb8066b87 docs: sync from backend 7688f57 — sweep gas strategy: PermitPull + GasTopUp signers 2026-05-29 10:13:44 +04:00
Siavash Sameni
8623762b85 docs: sync from deployment 4e8658d — Gatus service config committed 2026-05-29 05:40:02 +04:00
Siavash Sameni
02846aced9 docs: sync from backend 6c01a30 — Gatus /api/health endpoint shipped
- Mark backend work as complete in Gatus Monitoring doc
- Update follow-up issues table with status column
- Add Activity Log entry for 2.6.49
2026-05-29 05:36:22 +04:00
Siavash Sameni
8a9e562ced ops: draft Gatus monitoring proposal + /api/health endpoint shape
Captures the runtime-monitoring side of the 2026-05-28 silent-empty-
registry incident retrospective. Pairs with backend commit 28b17f2
(CI typecheck gate). Defines the proposed Gatus probe set, the
/api/health endpoint that has to land first, and a follow-up issue
list. Includes a retrospective table showing what this would have
caught across recent incidents.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 21:33:33 +04:00
Siavash Sameni
f5a42eb8d9 docs: route-overlap warning on Dispute resolve, fix RN docs URL 2026-05-28 20:46:04 +04:00
Siavash Sameni
81625d35d2 docs: AML scope note, human-blocked items, Task #11 pre-flight inventory
- Add AML scope note to Handoff - RN Multichain Probe (sanctions-only vs full KYT)
- Add human-blocked section with 3 precise next steps for owner
- Create Task 11 Pre-flight Inventory: library choice, dev/prod flow, admin UI gaps, backend gaps, risks, acceptance criteria
2026-05-28 20:42:42 +04:00
Siavash Sameni
ddc0434819 docs: sync from backend 19f7eb9, frontend 60ee6fb — Task #10 AML screening 2026-05-28 20:35:38 +04:00
Siavash Sameni
fd2aa71ef4 docs: Task #9 confirmation thresholds + PRD AC updates + API docs
- Update Activity Log with backend@441c8be, frontend@717d5c8
- Update PRD §3 acceptance criteria for Task #9
- Update Payment API.md with confirmation-threshold and awaiting-confirmation endpoints
2026-05-28 20:13:15 +04:00
Siavash Sameni
f5e1106e77 docs: Task #8 Base fix + USDT fork test verification + PRD AC updates
- Update Handoff - RN Multichain Probe with corrected Base proxy address
- Document anvil fork test verifying USDT-mainnet approve(0) reset
- Update PRD §2 AC #4 to verified
- Update Activity Log with backend@4a85737
2026-05-28 20:04:21 +04:00
Siavash Sameni
85cb439ce2 docs: Task #8 probe results + handoff + PRD AC updates
- Add Handoff - RN Multichain Probe - 2026-05-28.md
- Update Handoff - Request Network In-House Checkout with Task #8 status
- Update Activity Log with backend@ae17b18, frontend@0ebb2f1
- Update PRD §2 acceptance criteria for Task #8
- Update Payment API.md with /api/admin/rn/networks endpoints
2026-05-28 19:53:06 +04:00
Siavash Sameni
2308db8074 docs: sync from backend 34f542e — Task #7 B unit tests + C protocol + PRD updates 2026-05-28 19:18:53 +04:00
Siavash Sameni
7868d94340 DB strategy: add dual-DB partial-migration analysis
Three scoping tiers (ledger-only / +Payment+Dispute / all five financial
models) with concrete time estimates grounded in actual reference counts
from the codebase. Recommends Option 1 (ledger only, 3–4 weeks) as the
right dual-DB shape if a forcing function appears, and explains why it's
not yet worth doing over the 2-week in-place hardening.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 19:17:43 +04:00
Siavash Sameni
825d7870b3 Add Mongo vs Postgres database-strategy assessment
Records the current recommendation (stay on Mongo + targeted hardening),
the realistic full-migration cost (3.5–6 months), and the trigger
conditions under which we should revisit the decision. Prompted by the
multi-seller orphan-payment bug on 2026-05-28 — exactly the FK-shaped
class of bug Postgres would prevent, but not by itself worth a migration.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 19:13:50 +04:00
Siavash Sameni
e00129d40d docs: sync from backend 1889169, frontend c44ed64 — Task #7 A verification fix: multi-checkout conversion + orphan-payment guard 2026-05-28 17:21:14 +04:00
Siavash Sameni
4017aee800 docs: sync from backend faf2221, frontend 022ecb6 — Task #7 derived destinations sweep autostart, recordSweep fix, multi-seller checkout 2026-05-28 17:15:18 +04:00
Siavash Sameni
3b50311a81 PRD Task #7: mark A/D/E done, F in progress, B/C pending
A (cart-aware buyer UX), D (auto-start sweep cron), and E (recordSweep
$inc accumulation fix) shipped. F (API Reference + Activity Log doc
updates) underway. B (unit tests) and C (live divergent-destination
probe on dev) still pending.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 17:09:55 +04:00
Siavash Sameni
21627b7e71 docs(prd): update Task #7 to reflect what shipped in 2.6.42 + scoped remaining work for kimi
Rewrote §1 of the Wallet/Multichain/Confirmations/AML/Trezor PRD:
- Status promoted from 'Draft' to 'Living', §1 marked 🟡 In progress.
- Decisions taken table captures the locked-in choices (per-(buyer,
  sellerOffer, chainId) keying with reuse, monotonic counter,
  cron-based sweep, build-only signer default).
- 'What landed in 2.6.42' section enumerates the actual files +
  endpoints + env vars so kimi has concrete reference points.
- 'Remaining work for Task #7' table breaks the remainder into six
  discrete items (A..F) each with file paths and notes:
  A — cart-aware buyer UX (the big one)
  B — unit tests
  C — live divergent-destination probe
  D — optional auto-start cron on boot
  E — possible recordSweep accumulation bug to verify+fix
  F — API Reference doc updates
- Acceptance criteria annotated with / per item.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 16:42:15 +04:00
Siavash Sameni
d80892dbaa docs: sync vault with Task #7 backend + admin UI shipping (2.6.42)
- Handoff doc: mark Task #7 in-progress with what landed (backend
  modules, admin UI), what remains (cart-aware buyer UX, unit tests,
  live RN divergent-destination probe, optional auto-start cron).
  Promote the followups table from 'depends on' to 'status'.
- Environment Variables: add DERIVED_DESTINATION_* block with KMS /
  Trezor production guidance.

Code is on backend commit c98b3d7 / frontend commit 82d9a70, both
on integrate-main-into-development.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 16:35:18 +04:00
Siavash Sameni
31dd475b73 docs(prd): clarify task #7 keying — cart-with-multi-seller, per-Payment derivation
User flagged: a buyer's cart can span multiple sellers, so 'per-(buyer, seller)'
isn't really 1:1. The right framing is per-Payment: Amanat already creates N
Payment records for an N-seller cart (one per sellerOfferId), and each gets
its own derived destination + RN intent + buyer-side approve+pay tx pair.

PRD now explicitly:
- Recommends per-Payment keying (which collapses to per-(buyer, sellerOfferId)
  via the existing uniq_pending_request_network_by_buyer_session index)
- Documents the multi-seller cart UX (N approve+pay pairs in sequence, with
  clear progress indicator, mid-cart abandonment is fine)
- Notes RN's ERC20FeeProxy is single-destination by design (no atomic split
  in v1; future Amanat splitter contract is out of scope)
- Updates open questions to monotonic derivation counter, immediate sweep,
  single-use addresses (no rotation), and cold-payment recovery
- Scope explicitly mentions cart-aware buyer UX as part of task #7

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 16:05:50 +04:00
Siavash Sameni
0060b16912 docs: ship in-house RN checkout, scope 5 follow-up tasks (#7-11)
In-house Request Network checkout went fully end-to-end on dev today.
A real 0.01 USDC payment flowed through wallet connect -> approve ->
ERC20FeeProxy.transferFromWithReferenceAndFee -> RN webhook ->
TransactionSafetyProvider -> Payment.status=completed -> page success
state. Tx 0x494c77a29161b5100d8e0b1ac675f1822955d0bb3633ecdbfafb886f84f2f320.

Docs:
- New PRD: Wallet, Multichain, Confirmations, AML, Trezor
  (5 follow-ups, each sized for an independent contributor)
- Updated PRD: Request Network In-House Checkout (phases 0..3 done,
  phase 4 partial, phases 5-6 not started)
- Updated handoff: deployed versions, what is working end-to-end,
  follow-up tasks index

Taskmaster: 5 new top-level tasks (#7..#11) covering ephemeral
destination wallets, multichain proxy registry + USDC/USDT, runtime
confirmation thresholds, optional seller-paid AML screening, and
Trezor signing for admin actions. Tasks are scoped fine-grained so
each is independent enough for kimi to pick up.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 15:50:24 +04:00
moojttaba
37f946fc23 docs: add initial content to Welcome.md and update README.md with additional note 2026-05-28 10:41:39 +03:30
moojttaba
04afa95547 docs: add Sync-From-Code rule + Activity Log
- AGENTS.md: mandate Activity Log entry + section updates after every code push
- 09 - Audits/Activity Log.md: new append-only log, seeded with this session's
  frontend fixes (Docker build unblock, request template debug improvements,
  429 storm fix) and the cross-repo rule rollout

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-28 10:39:57 +03:30
moojttaba
90c2588b9b vault backup: 2026-05-28 09:31:01 2026-05-28 09:31:01 +03:30
moojttaba
061e797544 Merge remote-tracking branch 'origin/main' 2026-05-27 20:06:42 +03:30
Siavash Sameni
f03519bbfb docs(arch): capture RN integration constraints and design implications
Four payment-flow concerns surfaced during the RN integration that
need explicit design decisions before scaling:

1. Rabby wallet unsupported by RN's hosted UI - mitigated by
   bringing the checkout screen in-house.
2. RN auto-bridges cross-chain payments via LiFi, costing someone
   money - mitigated by gating chain selection in our own UI based
   on seller-accepted chains.
3. Single shared escrow wallet exposes the whole platform to
   sanctioned-funds taint - needs per-escrow ephemeral wallets and
   a wallet-abstraction layer.
4. The above pushes RN into a notification-only role - viable but
   needs validation tests (webhook reliability, custom destinations,
   API-only pricing) before commitment.
2026-05-27 10:52:26 +04:00
Siavash Sameni
fdb92a5056 docs: adopt RTK.md as canonical rule set; update RN handover
Moves the canonical agent rule set into nick-doc/RTK.md (previously only
present in the untracked escrow root). backend/AGENTS.md and
frontend/AGENTS.md now point here instead of duplicating the rules
3-ways and drifting.

New rules introduced as part of this session:
- Every build patch-bumps the version (image tracker on git.manko.yoga
  overwrites tags otherwise).
- Pre-deploy CLI verification: smoke tests in scripts/smoke/ must pass
  before pushing a build-triggering commit.
- CI notification safety: HTML-escape commit messages and strip git
  trailers; never embed {{commit.message}} directly in the telegram
  plugin's HTML-formatted body.

Handover doc updated to record that the Request Network checkout flow is
now end-to-end working at 2.6.20 (idempotency in bdbcc32, v2 wire shape
in 40750d3).

Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com
2026-05-27 09:56:43 +04:00
Siavash Sameni
2a00339882 docs(ops): mark Request Network intent idempotency fix as implemented
Backend solution (c) shipped in nick/backend@bdbcc32 — endpoint now reuses
existing pending Payments instead of colliding on the unique index.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 09:05:21 +04:00
Siavash Sameni
a9d7bf003d docs(ops): handover for Request Network intent duplicate key bug
Captures the E11000 collision on the uniq_pending_request_network_by_buyer_session
index, identifies reused purchaseRequestId as the root cause, and lays out the
mongo unblock, frontend id-rotation, and backend idempotency fixes.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 09:01:06 +04:00
Siavash Sameni
8ba8df3833 Add agent rules for auth and versioning 2026-05-25 18:45:46 +04:00
moojttaba
3e063cbf88 Merge remote-tracking branch 'origin/main' 2026-05-25 00:23:05 +03:30
Siavash Sameni
873a57874e Update docs for TON proof backend, Mini App fixes, and EVM wallet stub
PRD - TON Wallet Ownership Proof.md:
- Status updated from ready-to-implement -> backend-implemented.
- Added Implementation Status section documenting what is complete
  (challenge endpoint, tonProofService.ts, User model fields, 15 tests)
  and what remains (frontend proof wiring, verified badge).
- Acceptance criteria updated: backend items checked, frontend pending.

Handoff - Telegram Mini App Debug - 2026-05-24.md:
- New Implemented sections for session 3:
  - TON Wallet Ownership Proof backend (full detail of tonProofService,
    userController changes, User model fields, 15 unit tests).
  - Telegram Mini App shell dir="ltr" + smart displayName fallback.
  - Socket status suppressed on /telegram paths.
  - EVM WalletConnect stub card (disabled until project ID configured).
- Known Issues: TON proof updated to "frontend wiring pending";
  EVM WalletConnect section added with activation steps.
- Current Git State updated to Session 3.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-24 20:21:29 +04:00
Siavash Sameni
940ad0c655 Add full system audit reports and Telegram Mini App debug handoff
- Three-stream audit (security / logic / performance) with 35+ findings
  derived from actual source code, each with file:line and remediation
- Audit Index cross-references criticals across streams into prioritized
  fix tiers: immediately / before soft launch / before public launch
- Telegram Mini App debug handoff documenting what was implemented and
  all remaining work items with exact file lists and test commands
- Updated architecture, data model, auth API, and registration flow docs
  to reflect Telegram auth, TON wallet, and email verification additions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-24 17:20:08 +04:00
Siavash Sameni
2533bedb91 Update Telegram auth verification report 2026-05-24 16:15:40 +04:00