Files
nick-doc/09 - Audits/Task 5.6 Telegram Escrow Delivery Dispute Release Actions.md
2026-05-24 13:19:54 +04:00

1.4 KiB

title, tags, created, status
title tags created status
Task 5.6 Telegram Escrow Delivery Dispute Release Actions
taskmaster
telegram
escrow
disputes
release
2026-05-24 planned

Task 5.6 Telegram Escrow Delivery Dispute Release Actions

Task 5.6 is not complete in this first Task 5 pass. This document defines the implementation boundary required before Telegram shortcuts can affect escrow state.

Required behavior

  • Telegram users can view current escrow state and next allowed actions.
  • Delivery confirmation, evidence upload, refund request, dispute open/respond, and release approval route through existing backend precondition checks.
  • High-risk actions require fresh confirmation and audit logging with Telegram context.
  • Disputed or held funds cannot be released through Telegram shortcuts.

Required backend constraints

  • Use canonical purchase request, payment, dispute, and ledger state.
  • Reject release/refund actions unless the funds state machine says the action is allowed.
  • Apply the same step-up and two-person policy as web/admin flows.
  • Record Telegram user ID, chat/update ID, deep-link source, and callback token ID in audit metadata.

Required tests

  • Buyer cannot confirm delivery before delivery state.
  • Disputed funds cannot be released.
  • Replayed Telegram callback cannot create a second action.
  • Stale callback token is rejected.
  • Telegram release/refund action emits the same audit fields as web release.