49 lines
1.6 KiB
Markdown
49 lines
1.6 KiB
Markdown
---
|
|
title: Task 5.3 Telegram Bot Command and Notification Foundation
|
|
tags: [taskmaster, telegram, bot, notifications]
|
|
created: 2026-05-24
|
|
status: partial-foundation
|
|
---
|
|
|
|
# Task 5.3 Telegram Bot Command and Notification Foundation
|
|
|
|
This document captures the first backend bot foundation pass.
|
|
|
|
## Implemented foundation
|
|
|
|
- `/api/telegram/status` reports feature and webhook readiness without leaking
|
|
bot or webhook secrets.
|
|
- `/api/telegram/webhook` is mounted only when Telegram features are enabled.
|
|
- Webhook requests require `x-telegram-bot-api-secret-token` to match
|
|
`TELEGRAM_WEBHOOK_SECRET_TOKEN`.
|
|
- Webhook update handling dedupes by `update_id` or callback ID.
|
|
- Webhook handler classifies updates as:
|
|
- `command`
|
|
- `callback`
|
|
- `noop`
|
|
- `duplicate`
|
|
|
|
## Configuration
|
|
|
|
| Variable | Purpose |
|
|
|---|---|
|
|
| `TELEGRAM_WEBHOOK_ENABLED` | Enables webhook route |
|
|
| `TELEGRAM_WEBHOOK_SECRET_TOKEN` | Telegram webhook secret token |
|
|
| `TELEGRAM_WEBHOOK_REPLAY_WINDOW_MS` | Duplicate update replay window |
|
|
|
|
## Tests
|
|
|
|
- Service-level tests cover command/callback/noop classification and duplicate
|
|
handling.
|
|
- Route-level tests cover secret-token rejection and accepted command webhook
|
|
processing.
|
|
|
|
## Remaining work
|
|
|
|
- Implement actual command actions for `/start`, `/help`, `/link`, `/status`,
|
|
`/request`, `/offer`, `/payment`, `/dispute`, and `/settings`.
|
|
- Add signed opaque callback payload issuance and resolution.
|
|
- Add outbound notification delivery, blocked-bot detection, retry metrics, and
|
|
notification preferences.
|
|
- Persist webhook dedupe keys in shared storage instead of process memory.
|