1.4 KiB
1.4 KiB
title, tags, created, status
| title | tags | created | status | ||||
|---|---|---|---|---|---|---|---|
| Task 5.7 Telegram Admin Support Surface |
|
2026-05-24 | planned |
Task 5.7 Telegram Admin Support Surface
Task 5.7 is not complete in this first Task 5 pass. This document defines the admin/support scope required for Telegram-originated cases.
Required admin/support visibility
- Telegram linked identity on user profile.
- Bot notification status and blocked-bot state.
- Mini App launch source and latest Telegram session metadata.
- Payment provider and wallet/payment references for Telegram-originated intents.
- Telegram webhook/callback event history for support investigation.
Required admin/support actions
- Resend link prompt.
- Revoke Telegram link.
- Block Telegram bot access for a user.
- Inspect Telegram-originated event history.
- Escalate payment/dispute issues to canonical admin workflows.
Security requirements
- Admin overrides remain gated by Task 4 step-up/two-person controls.
- Support can inspect Telegram context but cannot mutate funds state.
- Every support/admin action writes structured audit metadata.
Required tests
- Support can read Telegram link metadata but cannot release/refund funds.
- Admin link revocation invalidates active Telegram link.
- Blocked Telegram user cannot create a new Mini App session.
- Admin override paths still require step-up when configured.