- Three-stream audit (security / logic / performance) with 35+ findings derived from actual source code, each with file:line and remediation - Audit Index cross-references criticals across streams into prioritized fix tiers: immediately / before soft launch / before public launch - Telegram Mini App debug handoff documenting what was implemented and all remaining work items with exact file lists and test commands - Updated architecture, data model, auth API, and registration flow docs to reflect Telegram auth, TON wallet, and email verification additions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
17 KiB
Handoff - Telegram Mini App Debug - 2026-05-24
Scope
This handoff covers the work done after bringing the app up under the consolidated https://amn.gg URL and debugging the Telegram Mini App flow.
Primary user-reported issues:
- The red
Nbadge in the Telegram webview was interpreted as backend/socket failure. - Telegram-created users without an existing Amanat account were blocked by the link/sign-in screen instead of being treated as buyer users.
- Wallet connect did not support Telegram Wallet / TON.
- Profile email updates for Telegram-created users did not persist and did not send confirmation email.
- The page needed visible debug statistics to identify which subsystem is working.
Repositories Touched
Backend:
backend/src/models/User.tsbackend/src/services/user/userController.tsbackend/src/services/user/userControllerRoutes.tsbackend/src/services/user/userRoutes.ts
Frontend:
frontend/next.config.tsfrontend/package.jsonfrontend/yarn.lockfrontend/public/tonconnect-manifest.jsonfrontend/src/actions/account.tsfrontend/src/app/layout.tsxfrontend/src/auth/context/jwt/auth-provider.tsxfrontend/src/auth/types.tsfrontend/src/components/debug/telegram-debug-panel.tsxfrontend/src/lib/axios.tsfrontend/src/sections/account/account-general.tsxfrontend/src/sections/account/account-wallet-connection.tsxfrontend/src/types/user.tsfrontend/src/web3/tonconnect-provider.tsx
Vault:
- This file.
Implemented
Debug Statistics
Added TelegramDebugPanel to account/profile and wallet pages.
It reports:
- API URL
- Socket URL
- socket connected/disconnected state and socket id
- auth state
- user id, role, email, email verification state
- Telegram Mini App detection, platform, version, and initData presence
- saved wallet type/address
- last frontend account/wallet action and result
Visibility:
- Always visible in development.
- Visible inside Telegram Mini App.
- Visible in production browser with
?debug=1orlocalStorage.setItem('amn-debug', '1').
Red N Badge
The red N indicator is the Next.js development indicator, not the backend/socket status.
Change:
frontend/next.config.tsnow setsdevIndicators: false.
The actual socket status should be read from the debug panel or the app socket status component.
Telegram User / Buyer Flow
Frontend auth mapping was changed so users without an email are not treated as email-unverified blockers:
isEmailVerifiedis treated as true when the user has no email.- If an email exists, normal verification state applies.
This supports Telegram-created buyer accounts without forcing immediate email collection.
Profile Email Update And Verification
Backend profile update now accepts email and handles verification:
- Normalizes email to lowercase.
- Rejects duplicate email.
- Stores a six-digit verification code on the user.
- Sets
isEmailVerified=falsewhen email changes. - Attempts to send a confirmation email.
- Returns
verificationEmailQueued.
New authenticated endpoints:
POST /api/user/profile/email/resend-verificationPOST /api/user/profile/email/verify
Frontend:
updateUserProfilenow unwraps the backend{ user, verificationEmailQueued }response correctly.- Profile page shows a verification code input and resend/verify controls when a user has an unverified email.
- Debug events are emitted for profile update/resend/verify actions.
Telegram Wallet / TON Support
Frontend:
- Added
@tonconnect/ui-reactand@ton/core. - Added
TonWalletProviderin the root layout. - Added
public/tonconnect-manifest.json. - Wallet connection page now offers Telegram Wallet / TON connection inside Telegram Mini App.
- Connected TON wallet can be saved as
walletType: "ton"with provider metadata.
Backend:
- User profile schema now supports:
profile.walletType: "evm" | "ton"profile.walletProvider
- Current
/user/wallet-addresscontroller supports TON address validation. - Legacy
/users/wallet-addressroute also accepts TON. - EVM still requires signature verification.
- TON currently validates address format only and skips EVM signature.
Verification Completed
Backend:
cd backend
npm run typecheck --if-present
Result: passed.
Frontend focused tests:
cd frontend
npm test -- __tests__/account-test/account-actions.test.ts __tests__/auth/telegram-auth-action.test.ts __tests__/sections/telegram/telegram-mini-app-shell.test.tsx --runInBand
Result:
- 3 suites passed
- 38 tests passed
Diff hygiene:
git diff --check
Result: passed in backend and frontend after whitespace cleanup.
Public smoke checks completed during the session:
https://amn.gg/returned HTTP 200.https://amn.gg/tonconnect-manifest.jsonreturned HTTP 200 with JSON.https://amn.gg/socket.io/?EIO=4&transport=pollingreturned HTTP 200 polling handshake.https://amn.gg/dashboard/account/wallet/returned HTTP 200 after compilation.
Known Issues Left
Frontend Typecheck Still Has Existing Failures
frontend npx tsc --noEmit -p tsconfig.json still fails in pre-existing areas not introduced by this Telegram/debug pass:
src/components/payment/shkeeper-payment-widget.tsxsrc/sections/address/address-form.tsxsrc/sections/address/address-new-form.tsxsrc/sections/request-template/request-template-checkout-payment.tsxsrc/sections/request-template/request-template-new-edit-form.tsxsrc/web3/components/provider-payment.tsx
Representative issues:
- Missing
sellerIdinIPaymentIntentPayload. - React Hook Form resolver typing mismatches.
- Invalid icon name
solar:wallet-money-bold.
Next agent should decide whether to clean these before treating global frontend typecheck as a release gate.
Backend Broad Test Pattern Is Noisy
A broad backend Jest pattern for user|auth|telegram pulled in unrelated payment/shkeeper/basic suites and failed with pre-existing app/test setup problems such as supertest app undefined and expected status mismatch.
Focused backend typecheck passed. The next agent should add targeted backend tests for:
PUT /api/user/profileemail update.- duplicate email rejection.
- resend profile email verification.
- verify profile email code.
- TON wallet save.
- EVM wallet signature requirement still enforced.
TON Wallet Signature Model Is Not Final
TON wallet save currently validates address shape only.
This is acceptable as a first Telegram Wallet integration smoke path, but not sufficient as final wallet ownership proof.
Next steps:
- Use TonConnect proof payload/signature validation server-side.
- Store wallet proof timestamp/provider.
- Decide whether Telegram Wallet should be required for payments or only optional profile wallet metadata.
Email Delivery Needs Runtime Confirmation
Backend is wired to call emailService.sendVerificationCodeEmail, and Resend support was configured earlier in the session, but the live flow should still be verified end-to-end:
- Add an email from the Telegram-created profile.
- Confirm the API returns
verificationEmailQueued: true. - Confirm the message arrives from the configured
@amn.ggsender. - Submit code and confirm
isEmailVerified=true.
Do not put API keys or bot tokens in docs or commits.
Package Manager State
The frontend project declares Yarn 1 as package manager and yarn.lock was updated for TON dependencies.
package-lock.json was intentionally restored to avoid unrelated massive lockfile churn.
Next agent should continue using Yarn for dependency changes unless the project standard changes.
Dev Runtime Note
During dependency installation, the mounted node_modules was temporarily broken by an Alpine/Yarn install attempt involving native packages. It was repaired on the host with dependency install and the public app recovered.
If the container shows stale Next errors in logs, check for a later successful startup before treating them as current.
Current Git State At Handoff
Backend and frontend contain uncommitted changes for this Telegram/debug/email/wallet pass. They have not been committed yet.
Backend current modified files:
src/models/User.tssrc/services/user/userController.tssrc/services/user/userControllerRoutes.tssrc/services/user/userRoutes.ts
Frontend current modified/untracked files:
next.config.tspackage.jsonyarn.lockpublic/tonconnect-manifest.jsonsrc/actions/account.tssrc/app/layout.tsxsrc/auth/context/jwt/auth-provider.tsxsrc/auth/types.tssrc/components/debug/telegram-debug-panel.tsxsrc/lib/axios.tssrc/sections/account/account-general.tsxsrc/sections/account/account-wallet-connection.tsxsrc/types/user.tssrc/web3/tonconnect-provider.tsx
Vault also has older uncommitted audit/doc updates from prior task work, plus this handoff file.
Vault current modified/untracked files at handoff:
00 - Overview/System Overview.md00 - Overview/Tech Stack.md01 - Architecture/Backend Architecture.md01 - Architecture/Security Architecture.md02 - Data Models/Data Model Overview.md03 - API Reference/Authentication API.md04 - Flows/Registration Flow.md08 - Operations/Handoff - Telegram Mini App Debug - 2026-05-24.md09 - Audits/Audit Index - 2026-05-24.md09 - Audits/Logic Audit - 2026-05-24.md09 - Audits/Performance Audit - 2026-05-24.md09 - Audits/Security Audit - 2026-05-24.md
Recommended commit split:
-
Backend commit:
- user profile email verification endpoints
- wallet type/provider model fields
- TON wallet address support
-
Frontend commit:
- debug stats panel
- TonConnect provider and manifest
- Telegram Wallet connect/save UI
- profile email verification UI/actions
- disabled Next dev indicator
-
Vault commit:
- existing task/audit docs
- this handoff document
Before committing, rerun:
cd /Users/manwe/CascadeProjects/escrow/backend
git diff --check
npm run typecheck --if-present
cd /Users/manwe/CascadeProjects/escrow/frontend
git diff --check
npm test -- __tests__/account-test/account-actions.test.ts __tests__/auth/telegram-auth-action.test.ts __tests__/sections/telegram/telegram-mini-app-shell.test.tsx --runInBand
Then commit only the relevant files for each repository. Do not include secrets, local .env files, or regenerated package-lock.json churn.
Suggested Next Steps
- Run the app in Telegram and open profile with
?debug=1if needed. - Confirm debug panel socket state matches
https://amn.gg/socket.io/?EIO=4&transport=polling. - Test Telegram-created user account creation as buyer without email.
- Add profile email, verify confirmation email delivery, and submit the code.
- Connect Telegram Wallet and confirm backend stores
profile.walletType="ton". - Add targeted backend Jest tests for the new endpoints.
- Fix existing frontend typecheck blockers or document them as accepted debt.
- Commit backend, frontend, and vault changes separately.
Detailed Remaining Work
1. Confirm Telegram Bot Web App URL
Make sure the Telegram bot opens the consolidated production URL:
- Target URL:
https://amn.gg - Bot username seen in the app:
@amnescrow_Bot - Mini App return URL configured for TonConnect:
https://t.me/amnescrow_Bot/escrow
If the Telegram button still opens an old frontend URL, update the bot menu/button/web app URL through BotFather or the bot startup/config code, depending on how this bot is registered.
2. Recheck Pangolin/Newt Routing
The desired public shape is one URL:
- Browser and Telegram app:
https://amn.gg - Backend proxied by path under the same host.
Expected route intent:
/*-> frontend container/service/api/*-> backend container/service/socket.io/*-> backend container/service with WebSocket support/uploads/*-> backend container/service/health-> backend container/service
If Telegram shows network errors:
- Open
https://amn.gg/?debug=1. - Check
API,Socket URL, andSocketfields in the debug panel. - Hit
https://amn.gg/socket.io/?EIO=4&transport=pollingdirectly and confirm HTTP 200 with a Socket.IO polling handshake. - Check newt target health in Pangolin.
3. Finish Email Verification Test Coverage
The code path exists but targeted backend tests still need to be written.
Recommended backend tests:
- Profile email update stores normalized email and sets
isEmailVerified=false. - Profile email update rejects duplicate email.
- Profile email update queues an email verification code and calls email service.
- Resend verification fails when user has no email.
- Resend verification fails when email is already verified.
- Resend verification refreshes code/expires and sends email.
- Verify email rejects malformed code.
- Verify email rejects expired/wrong code.
- Verify email sets
isEmailVerified=trueand clears code fields.
Mock emailService.sendVerificationCodeEmail in these tests so Resend is not called.
4. Finish Wallet Test Coverage
Recommended backend tests:
PATCH /api/user/wallet-addresswithwalletType="ton"accepts a valid friendly TON address.- TON wallet save stores
profile.walletAddress,profile.walletType, andprofile.walletProvider. - TON wallet save rejects malformed TON addresses.
- EVM wallet save still rejects missing signature/message.
- EVM wallet save still rejects a signature that does not recover the submitted address.
- Legacy
/api/users/wallet-addressbehavior remains compatible.
Recommended frontend tests:
updateWalletAddresssends legacy EVM payload unchanged when no options are passed.updateWalletAddresssends TON payload without signature when{ walletType: "ton" }is passed.TelegramDebugPanelrenders socket/auth/TG fields when debug is enabled.- Account profile page renders email verification controls for an unverified email.
5. Upgrade TON Ownership Proof
Current TON wallet support is intentionally minimal: it validates address format and stores the address.
Before using TON wallet as strong proof of ownership, implement TonConnect proof verification:
- Generate a backend nonce/payload for wallet proof.
- Pass the proof request into TonConnect.
- Verify the returned proof server-side using TON address public key/proof data.
- Store proof metadata, timestamp, wallet provider, and verified status.
- Expire or rotate proof when needed.
Until this is done, treat saved TON wallet as user-supplied wallet metadata, not a cryptographic ownership guarantee.
6. Check Profile Update UX
The backend now supports email changes and confirmation codes, but the profile UI should be manually checked in Telegram:
- Start with a Telegram-created buyer without email.
- Add email in profile.
- Confirm the page does not discard the email.
- Confirm warning/verification controls appear.
- Confirm Resend works.
- Enter verification code.
- Confirm user session refresh shows verified state.
If the UI toast says success but no email arrives, inspect backend email logs and Resend domain/sender configuration.
7. Resolve Existing Typecheck Debt
Do not assume the global frontend typecheck failure is caused by this pass. It was already failing in other modules.
Known blockers to resolve or explicitly defer:
shkeeper-payment-widget.tsx: payload type expectssellerId.- address form files: React Hook Form resolver type mismatches.
- request template form files: resolver/data typing issues.
provider-payment.tsx: invalid icon idsolar:wallet-money-bold.
After resolving these, make npx tsc --noEmit -p tsconfig.json part of the normal frontend verification gate.
8. Deployment/Container Follow-Up
Because dependencies changed in frontend/package.json and yarn.lock, the deployed frontend image/container should be rebuilt from a clean dependency install.
Recommended sequence:
cd /Users/manwe/CascadeProjects/escrow/frontend
yarn install --frozen-lockfile
yarn test __tests__/account-test/account-actions.test.ts __tests__/auth/telegram-auth-action.test.ts __tests__/sections/telegram/telegram-mini-app-shell.test.tsx --runInBand
cd /Users/manwe/CascadeProjects/escrow
docker compose build frontend backend
docker compose up -d frontend backend
If the existing compose setup relies on mounted node_modules, verify the mounted dependencies include @tonconnect/ui-react and @ton/core.
9. Spark Agent Status
The user asked to use codex-spark agents. Earlier in this session, existing subagents were already active and a fresh spark verifier could not be spawned because the agent thread limit was reached.
Next agent can continue with spark workers once capacity is available. Good isolated assignments:
- Worker A: backend tests for profile email verification.
- Worker B: backend tests for wallet address EVM/TON behavior.
- Worker C: frontend tests for debug panel and TON wallet action payload.
- Worker D: manual Telegram/Pangolin runtime verification report.
10. Safety Notes
- Do not commit Telegram bot token, Resend API key, Pangolin/Newt secret, or any
.envfile. - Do not revert unrelated vault audit files; they predate this handoff and should be reviewed as separate documentation work.
- Do not regenerate package locks casually. The frontend project declares Yarn 1 and
yarn.lockis the relevant lockfile for this change. - Keep Trezor optional; this pass did not modify Trezor safekeeping behavior.
- Payment adapter remains optional; this pass did not force SHKeeper or Request Network.