Files
nick-doc/taskmaster-share/index.html
2026-05-24 09:54:04 +04:00

911 lines
38 KiB
HTML

<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Amanat Taskmaster Queue</title>
<style>
:root {
--ink: #10100f;
--muted: #6f716c;
--paper: #f4f2eb;
--panel: #ffffff;
--soft: #e8e4d8;
--line: #d8d3c5;
--green: #169b62;
--amber: #c98616;
--red: #d64c3c;
--blue: #3568ff;
--black: #10100f;
--shadow: 0 20px 60px rgba(16, 16, 15, 0.08);
}
* { box-sizing: border-box; }
html { scroll-behavior: smooth; }
body {
margin: 0;
font-family: Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
color: var(--ink);
background: var(--paper);
min-height: 100vh;
}
body::before {
content: "";
position: fixed;
inset: 0;
pointer-events: none;
background:
linear-gradient(rgba(16, 16, 15, 0.035) 1px, transparent 1px),
linear-gradient(90deg, rgba(16, 16, 15, 0.035) 1px, transparent 1px);
background-size: 52px 52px;
mask-image: linear-gradient(to bottom, black, transparent 72%);
}
header {
padding: 22px clamp(18px, 4vw, 56px) 30px;
}
.topbar {
max-width: 1280px;
margin: 0 auto 72px;
display: flex;
align-items: center;
justify-content: space-between;
gap: 16px;
}
.brand {
display: inline-flex;
align-items: center;
gap: 10px;
color: var(--ink);
font-size: 0.9rem;
font-weight: 800;
letter-spacing: 0.02em;
text-decoration: none;
text-transform: uppercase;
}
.brand-mark {
width: 28px;
height: 28px;
border: 2px solid var(--ink);
border-radius: 50%;
display: inline-grid;
place-items: center;
font-size: 0.78rem;
}
.nav {
display: flex;
gap: 8px;
align-items: center;
flex-wrap: wrap;
justify-content: flex-end;
}
.nav a {
color: var(--ink);
text-decoration: none;
border: 1px solid transparent;
border-radius: 999px;
padding: 9px 13px;
font-size: 0.88rem;
font-weight: 700;
}
.nav a:hover,
.nav .active {
background: var(--black);
color: #fff;
}
.hero {
max-width: 1280px;
margin: 0 auto;
display: grid;
grid-template-columns: minmax(0, 1fr) minmax(300px, 420px);
gap: clamp(28px, 5vw, 72px);
align-items: center;
}
h1 {
font-size: clamp(3.2rem, 10vw, 9.6rem);
line-height: 0.82;
letter-spacing: 0;
margin: 0;
font-weight: 900;
max-width: 8ch;
}
.lead {
color: var(--muted);
font-size: clamp(1.02rem, 1.5vw, 1.25rem);
max-width: 720px;
line-height: 1.45;
margin: 28px 0 0;
}
.stats {
display: grid;
grid-template-columns: repeat(2, minmax(0, 1fr));
gap: 10px;
}
.stat {
min-height: 132px;
background: var(--panel);
border: 1px solid var(--line);
border-radius: 8px;
padding: 18px;
box-shadow: var(--shadow);
display: flex;
flex-direction: column;
justify-content: space-between;
}
.stat strong {
display: block;
font-size: clamp(2.2rem, 4vw, 4.2rem);
line-height: 0.85;
letter-spacing: 0;
}
.stat span {
color: var(--muted);
font-size: 0.82rem;
font-weight: 800;
text-transform: uppercase;
}
main {
max-width: 1280px;
margin: 0 auto;
padding: 36px clamp(18px, 4vw, 56px) 72px;
}
.toolbar {
display: flex;
gap: 12px;
flex-wrap: wrap;
align-items: center;
justify-content: space-between;
border-top: 1px solid var(--line);
border-bottom: 1px solid var(--line);
padding: 16px 0;
margin-bottom: 30px;
}
input, select, a.button, .status-pill {
border: 1px solid var(--black);
background: transparent;
border-radius: 999px;
padding: 12px 15px;
color: var(--ink);
font: inherit;
text-decoration: none;
font-size: 0.9rem;
font-weight: 750;
}
input {
min-width: min(100%, 320px);
flex: 1 1 320px;
background: var(--panel);
}
select {
appearance: none;
background: var(--panel);
cursor: pointer;
}
a.button {
background: var(--black);
color: #fff;
display: inline-flex;
align-items: center;
justify-content: center;
}
.roadmap-tabs {
display: grid;
grid-template-columns: repeat(3, minmax(0, 1fr));
gap: 10px;
margin: 0 0 18px;
}
.status-pill {
border-color: var(--line);
background: var(--panel);
min-height: 56px;
display: flex;
align-items: center;
justify-content: space-between;
gap: 12px;
}
.status-pill::after {
content: "";
width: 10px;
height: 10px;
border-radius: 50%;
background: var(--muted);
}
.status-pill.done::after { background: var(--green); }
.status-pill.progress::after { background: var(--blue); }
.status-pill.planned::after { background: var(--amber); }
#tasks {
display: grid;
grid-template-columns: repeat(3, minmax(0, 1fr));
gap: 14px;
align-items: start;
}
.roadmap-column {
display: grid;
gap: 14px;
align-content: start;
}
.column-title {
position: sticky;
top: 0;
z-index: 2;
background: rgba(244, 242, 235, 0.92);
backdrop-filter: blur(12px);
border: 1px solid var(--line);
border-radius: 8px;
padding: 12px 14px;
display: flex;
justify-content: space-between;
align-items: center;
font-size: 0.78rem;
font-weight: 900;
letter-spacing: 0.1em;
text-transform: uppercase;
}
.column-title span:last-child {
color: var(--muted);
letter-spacing: 0;
}
.task {
position: relative;
background: var(--panel);
border: 1px solid var(--line);
border-radius: 8px;
padding: clamp(18px, 2.4vw, 26px);
box-shadow: var(--shadow);
margin: 0;
overflow: clip;
}
.task::before {
content: "";
position: absolute;
inset: 0 0 auto;
height: 5px;
background: var(--amber);
}
.task[data-status="done"]::before { background: var(--green); }
.task[data-status="in-progress"]::before { background: var(--blue); }
.task[data-priority="high"] {
border-color: rgba(16, 16, 15, 0.32);
}
.task-head, .subtask-top {
display: flex;
justify-content: space-between;
gap: 14px;
align-items: flex-start;
}
.eyebrow {
color: var(--muted);
margin: 0 0 10px;
text-transform: uppercase;
letter-spacing: 0.12em;
font-size: 0.72rem;
font-weight: 900;
}
h2 {
font-size: clamp(1.35rem, 2vw, 2rem);
line-height: 0.98;
margin: 0;
letter-spacing: 0;
font-weight: 900;
}
h3 {
margin: 24px 0 10px;
font-size: 0.82rem;
text-transform: uppercase;
letter-spacing: 0.1em;
}
.desc, details p, .subtask p { color: var(--muted); line-height: 1.55; }
.desc {
font-size: 0.98rem;
margin: 18px 0 0;
}
details {
border-top: 1px solid var(--line);
border-bottom: 1px solid var(--line);
padding: 14px 0;
margin-top: 18px;
}
summary {
cursor: pointer;
color: var(--ink);
font-weight: 850;
font-size: 0.92rem;
}
.badges { display: flex; gap: 8px; flex-wrap: wrap; justify-content: flex-end; }
.badge {
display: inline-flex;
align-items: center;
border-radius: 999px;
padding: 6px 9px;
font-size: 0.68rem;
font-weight: 900;
line-height: 1;
background: var(--soft);
color: var(--ink);
white-space: nowrap;
text-transform: uppercase;
}
.done { background: rgba(22, 155, 98, 0.12); color: #09683f; }
.pending { background: rgba(201, 134, 22, 0.14); color: #8a5709; }
.in-progress { background: rgba(53, 104, 255, 0.12); color: #264fca; }
.blocked, .critical { background: rgba(214, 76, 60, 0.14); color: #a83327; }
.priority-high { background: var(--black); color: #fff; }
.priority-medium { background: rgba(16, 16, 15, 0.08); color: var(--ink); }
.priority-low { background: rgba(111, 113, 108, 0.12); color: var(--muted); }
.subtasks { list-style: none; padding: 0; margin: 0; display: grid; gap: 10px; }
.subtask {
border-top: 1px solid var(--line);
padding: 14px 0 0;
background: transparent;
}
.sub-id {
color: var(--muted);
font-weight: 800;
min-width: 42px;
}
.subtask strong { flex: 1; line-height: 1.2; }
.subtask p { margin: 9px 0 0 56px; font-size: 0.9rem; }
.deps { font-size: 0.9rem; color: var(--blue) !important; }
footer {
color: var(--muted);
border-top: 1px solid var(--line);
text-align: center;
padding: 30px;
font-size: 0.9rem;
}
@media (max-width: 1100px) {
#tasks { grid-template-columns: 1fr 1fr; }
}
@media (max-width: 760px) {
header { padding-top: 16px; }
.topbar { margin-bottom: 48px; align-items: flex-start; }
.nav { display: none; }
.hero { grid-template-columns: 1fr; }
.stats { grid-template-columns: repeat(2, 1fr); }
.roadmap-tabs, #tasks { grid-template-columns: 1fr; }
.task-head, .subtask-top { flex-direction: column; }
.badges { justify-content: flex-start; }
.subtask p { margin-left: 0; }
}
</style>
</head>
<body>
<header>
<nav class="topbar" aria-label="Primary">
<a class="brand" href="#">
<span class="brand-mark">A</span>
Amanat
</a>
<div class="nav">
<a class="active" href="#tasks">Roadmap</a>
<a href="#search">Filter</a>
<a href="tasks.json">JSON</a>
</div>
</nav>
<section class="hero">
<div>
<p class="eyebrow">Amanat docs · Taskmaster</p>
<h1>Roadmap</h1>
<p class="lead">A public planning view generated from the docs-side Taskmaster queue. Track security remediation, payment architecture, Telegram-native work, refactor decisions, and completed documentation work from one place.</p>
</div>
<aside class="stats">
<div class="stat"><strong>5</strong><span>parent tasks</span></div>
<div class="stat"><strong>40</strong><span>subtasks</span></div>
<div class="stat"><strong>41</strong><span>pending items</span></div>
<div class="stat"><strong>4</strong><span>done items</span></div>
</aside>
</section>
</header>
<main>
<div class="toolbar">
<input id="search" type="search" placeholder="Search tasks, subtasks, PRDs..." />
<select id="status"><option value="">All statuses</option><option>pending</option><option>done</option><option>in-progress</option><option>blocked</option></select>
<select id="priority"><option value="">All priorities</option><option>high</option><option>medium</option><option>low</option></select>
<a class="button" href="tasks.json">Raw JSON</a>
</div>
<div class="roadmap-tabs" aria-label="Roadmap columns">
<div class="status-pill done">Shipped</div>
<div class="status-pill progress">In progress</div>
<div class="status-pill planned">Planned</div>
</div>
<section id="tasks">
<article class="task" data-status="pending" data-priority="high">
<div class="task-head">
<div>
<p class="eyebrow">Task 2</p>
<h2>Implement platform audit remediation plan</h2>
</div>
<div class="badges"><span class="badge pending">pending</span><span class="badge priority-high">high</span></div>
</div>
<p class="desc">Address the code-backed security and consistency issues identified in the 2026-05-24 platform audit remediation PRD.</p>
<details>
<summary>Details and test strategy</summary>
<p>Source PRD: .taskmaster/docs/prd-platform-audit-remediation-plan-2026-05-24.md. Target backend hardening first, then documentation/runtime alignment. Delivery order suggested by PRD: security/auth, rate limiting, passkeys, Web3 verification, socket hardening, dispute hold controls, docs/API alignment.</p>
<p><strong>Test strategy:</strong> Add focused regression tests for route auth/ownership, passkey challenge/verification, Web3 verification semantics, socket authorization, rate limiting tiers, and payout/release dispute holds. Update API docs after behavior is implemented.</p>
</details>
<h3>Subtasks (7)</h3>
<ul class="subtasks">
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">2.1</span>
<strong>Secure unauthenticated endpoints and owner enforcement</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Require authenticateToken and owner/admin checks on exposed payment, AI, and legacy notification routes.</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">2.2</span>
<strong>Re-enable and scope rate limiting</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Restore global and route-tiered rate limits for public-sensitive paths.</p>
<p class="deps">Depends on: 2.1</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">2.3</span>
<strong>Replace stubbed passkey/WebAuthn flow</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Implement production-grade WebAuthn registration/authentication and shared challenge storage.</p>
<p class="deps">Depends on: 2.1</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">2.4</span>
<strong>Strengthen DePay/Web3 payment verification</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Verify transaction recipient, token contract, and amount, not only receipt success.</p>
<p class="deps">Depends on: 2.1</p>
</li>
<li class="subtask" data-status="pending" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">2.5</span>
<strong>Lock Socket.IO room joins to authenticated context</strong>
<span class="badge pending">pending</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Remove trust in client-supplied user/buyer/seller room IDs.</p>
<p class="deps">Depends on: 2.1</p>
</li>
<li class="subtask" data-status="pending" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">2.6</span>
<strong>Enforce dispute hold before payout and release operations</strong>
<span class="badge pending">pending</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Add payment hold state and central release/refund guards that block disputed funds.</p>
<p class="deps">Depends on: 2.1, 2.4</p>
</li>
<li class="subtask" data-status="pending" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">2.7</span>
<strong>Align documentation, API references, and runtime enums</strong>
<span class="badge pending">pending</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Normalize disputed/payment/request status docs and implementation references after security behavior changes.</p>
<p class="deps">Depends on: 2.1, 2.2, 2.3, 2.4, 2.5, 2.6</p>
</li></ul>
</article>
<article class="task" data-status="pending" data-priority="high">
<div class="task-head">
<div>
<p class="eyebrow">Task 3</p>
<h2>Migrate payment architecture toward Request Network and internal funds management</h2>
</div>
<div class="badges"><span class="badge pending">pending</span><span class="badge priority-high">high</span></div>
</div>
<p class="desc">Plan and implement provider-neutral payment flows, Request Network pay-in support, funds ledger, webhook reconciliation, release/refund orchestration, UI migration, and SHKeeper decommissioning.</p>
<details>
<summary>Details and test strategy</summary>
<p>Source PRD: .taskmaster/docs/prd-request-network-migration-and-funds-management.md. The PRD recommends phased migration behind a provider adapter, Secure Payment Pages first, platform-controlled escrow/payee destination, and a first-class internal funds ledger before release/refund enforcement.</p>
<p><strong>Test strategy:</strong> Use feature flags, provider fixture tests, webhook signature/idempotency tests, ledger invariant tests, migration dry-run reports, and limited cohort rollout before default provider switch.</p>
<p><strong>Depends on:</strong> 2</p>
</details>
<h3>Subtasks (7)</h3>
<ul class="subtasks">
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">3.1</span>
<strong>Introduce provider-neutral payment adapter</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Decouple checkout, webhook, and payout flows from SHKeeper-specific routes and metadata.</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">3.2</span>
<strong>Implement Request Network pay-in integration</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Create Request Network payment requests or Secure Payment Pages for new checkout flows.</p>
<p class="deps">Depends on: 3.1</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">3.3</span>
<strong>Add funds ledger and escrow state machine</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Introduce internal funds accounting independent from provider metadata.</p>
<p class="deps">Depends on: 3.1</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">3.4</span>
<strong>Build Request Network webhook and reconciliation service</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Process signed Request Network events and repair missed webhook state through reconciliation.</p>
<p class="deps">Depends on: 3.2, 3.3</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">3.5</span>
<strong>Implement release, refund, and payout orchestration</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Replace SHKeeper payout tasks and simulated release with auditable transaction instruction and confirmation flows.</p>
<p class="deps">Depends on: 3.3, 3.4</p>
</li>
<li class="subtask" data-status="pending" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">3.6</span>
<strong>Migrate frontend checkout and admin payment UI</strong>
<span class="badge pending">pending</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Update buyer checkout, admin release, seller payout, and payment details for provider-neutral Request Network flows.</p>
<p class="deps">Depends on: 3.2, 3.3, 3.5</p>
</li>
<li class="subtask" data-status="pending" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">3.7</span>
<strong>Backfill legacy SHKeeper records and decommission provider-specific code</strong>
<span class="badge pending">pending</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Migrate historical SHKeeper payment metadata and safely remove legacy wallet monitor/webhook/payout paths after cutoff.</p>
<p class="deps">Depends on: 3.3, 3.4, 3.5, 3.6</p>
</li></ul>
</article>
<article class="task" data-status="pending" data-priority="high">
<div class="task-head">
<div>
<p class="eyebrow">Task 4</p>
<h2>Define backend security and refactor strategy from latest audit</h2>
</div>
<div class="badges"><span class="badge pending">pending</span><span class="badge priority-high">high</span></div>
</div>
<p class="desc">Convert the backend stack security/refactor assessment into concrete architecture decisions, documentation deliverables, and developer handoff criteria.</p>
<details>
<summary>Details and test strategy</summary>
<p>Source audit: .taskmaster/docs/audit-backend-stack-security-and-refactor-assessment-2026-05-24.md. This task is advisory/architecture-focused and should run in parallel with immediate hardening. It should produce the decision artifacts needed before any backend-core rewrite or provider migration is started.</p>
<p><strong>Test strategy:</strong> Review and sign off each architecture document with backend, payments, frontend, and operations stakeholders. Confirm every open question has an owner or explicit deferred decision before implementation work begins.</p>
</details>
<h3>Subtasks (9)</h3>
<ul class="subtasks">
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">4.1</span>
<strong>Assign security ownership and launch decision criteria</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Define who owns security decisions and what must be true before public launch or migration work proceeds.</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">4.2</span>
<strong>Produce threat model for escrow platform</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Document protected assets, actors, trust boundaries, and abuse cases for the financial marketplace.</p>
<p class="deps">Depends on: 4.1</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">4.3</span>
<strong>Specify funds ledger and escrow state machine</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Define canonical money movement and legal state transitions before refactor or provider migration.</p>
<p class="deps">Depends on: 4.2</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">4.4</span>
<strong>Create authorization matrix for REST and Socket.IO</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Map every endpoint and realtime event to access level, ownership checks, state preconditions, rate-limit tier, and audit-log requirement.</p>
<p class="deps">Depends on: 4.2</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">4.5</span>
<strong>Decide session, passkey, and admin step-up architecture</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Choose browser session model and high-risk admin authentication requirements.</p>
<p class="deps">Depends on: 4.2</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">4.6</span>
<strong>Specify webhook security and provider adapter contracts</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Define provider-neutral payment interface and signed webhook processing rules.</p>
<p class="deps">Depends on: 4.3</p>
</li>
<li class="subtask" data-status="pending" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">4.7</span>
<strong>Define secure build and supply-chain policy</strong>
<span class="badge pending">pending</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Reduce npm/dependency compromise risk across frontend and any remaining Node services.</p>
<p class="deps">Depends on: 4.1</p>
</li>
<li class="subtask" data-status="pending" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">4.8</span>
<strong>Make backend-core stack decision</strong>
<span class="badge pending">pending</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Choose whether the security-critical backend core remains TypeScript or moves to Go/Kotlin/Rust/Python.</p>
<p class="deps">Depends on: 4.2, 4.3, 4.4, 4.5, 4.6, 4.7</p>
</li>
<li class="subtask" data-status="pending" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">4.9</span>
<strong>Create migration and operational runbooks</strong>
<span class="badge pending">pending</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Document rollout, rollback, and incident response for the selected backend/funds architecture.</p>
<p class="deps">Depends on: 4.8</p>
</li></ul>
</article>
<article class="task" data-status="pending" data-priority="high">
<div class="task-head">
<div>
<p class="eyebrow">Task 5</p>
<h2>Deliver Telegram-native app, bot, and wallet experience</h2>
</div>
<div class="badges"><span class="badge pending">pending</span><span class="badge priority-high">high</span></div>
</div>
<p class="desc">Create a Telegram bot plus Mini App surface so users can complete Amanat buyer, seller, escrow, chat, dispute, payment, release/refund, and support workflows from inside Telegram.</p>
<details>
<summary>Details and test strategy</summary>
<p>Source PRD: .taskmaster/docs/prd-telegram-native-app-bot-wallet.md. Keep this as a separate delivery track from security remediation and Request Network migration. Identity, bot navigation, Mini App shell, and notifications can start behind flags; wallet/payment crediting and release/refund actions must use canonical backend authorization, provider adapter, funds ledger, escrow state machine, idempotency, and dispute holds.</p>
<p><strong>Test strategy:</strong> Use Telegram sandbox and production bot separation, Mini App client matrix testing, provider/wallet payment fixtures, backend authorization and ledger invariant tests, webhook/callback replay tests, and staged rollout analytics before launch.</p>
</details>
<h3>Subtasks (9)</h3>
<ul class="subtasks">
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">5.1</span>
<strong>Define Telegram product surface and flow map</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Document which Amanat workflows live in bot messages, which live in the Mini App, and which remain web/admin-only for first release.</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">5.2</span>
<strong>Build Telegram identity linking and session model</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Implement secure account linking between Telegram users and Amanat accounts.</p>
<p class="deps">Depends on: 5.1</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">5.3</span>
<strong>Implement bot command and notification foundation</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Create the Telegram bot backend for commands, inline keyboards, callback queries, deep links, and outbound notifications.</p>
<p class="deps">Depends on: 5.1, 5.2</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">5.4</span>
<strong>Build Telegram Mini App shell for marketplace workflows</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Deliver the mobile-first Mini App that gives users the full Amanat workflow surface inside Telegram.</p>
<p class="deps">Depends on: 5.1, 5.2</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">5.5</span>
<strong>Add Telegram payment and wallet strategy</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Evaluate and implement safe payment entry points for Telegram-native users without weakening escrow accounting.</p>
<p class="deps">Depends on: 5.2, 5.4</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">5.6</span>
<strong>Expose escrow, delivery, dispute, and release actions safely</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Make Telegram actions useful for real escrow work while preserving backend state authority.</p>
<p class="deps">Depends on: 5.4, 5.5</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">5.7</span>
<strong>Add admin and support surface for Telegram-originated cases</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Give support/admin users visibility and controls for Telegram-originated users, payments, and bot events.</p>
<p class="deps">Depends on: 5.2, 5.3, 5.5</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">5.8</span>
<strong>Add security, compliance, and abuse controls for Telegram</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Threat-model the Telegram surface and add controls before launch.</p>
<p class="deps">Depends on: 5.2, 5.3, 5.5, 5.6</p>
</li>
<li class="subtask" data-status="pending" data-priority="high">
<div class="subtask-top">
<span class="sub-id">5.9</span>
<strong>Prepare QA, rollout, analytics, and launch operations</strong>
<span class="badge pending">pending</span>
<span class="badge priority-high">high</span>
</div>
<p>Prepare the Telegram app and bot for controlled release.</p>
<p class="deps">Depends on: 5.3, 5.4, 5.5, 5.6, 5.7, 5.8</p>
</li>
</ul>
</article>
<article class="task" data-status="done" data-priority="medium">
<div class="task-head">
<div>
<p class="eyebrow">Task 1</p>
<h2>Stabilize Mermaid diagram rendering across documentation vault</h2>
</div>
<div class="badges"><span class="badge done">done</span><span class="badge priority-medium">medium</span></div>
</div>
<p class="desc">Correct Mermaid syntax/rendering issues across the documentation vault and validate all Mermaid blocks.</p>
<details>
<summary>Details and test strategy</summary>
<p>Source PRD: .taskmaster/docs/prd-mermaid-diagram-rendering-stabilization.md. Scope covered 57 Mermaid blocks and 11 failing blocks. The source PRD records that all targeted files now pass mmdc parse validation and the full vault sweep passes.</p>
<p><strong>Test strategy:</strong> Run the same mmdc-based syntax validation across all Markdown Mermaid blocks and confirm zero parser failures in Obsidian/markdown previews.</p>
</details>
<h3>Subtasks (3)</h3>
<ul class="subtasks">
<li class="subtask" data-status="done" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">1.1</span>
<strong>Fix Security Architecture email/password sequence</strong>
<span class="badge done">done</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Normalize parser-sensitive sequence text in 01 - Architecture/Security Architecture.md.</p>
</li>
<li class="subtask" data-status="done" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">1.2</span>
<strong>Fix authentication login and refresh diagrams</strong>
<span class="badge done">done</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Normalize parser-sensitive token and refresh-token sequence text in Authentication Flow.</p>
</li>
<li class="subtask" data-status="done" data-priority="medium">
<div class="subtask-top">
<span class="sub-id">1.3</span>
<strong>Fix chat, delivery, dispute, OAuth, purchase request, referral, registration, and seller-offer diagrams</strong>
<span class="badge done">done</span>
<span class="badge priority-medium">medium</span>
</div>
<p>Clean the remaining Mermaid sequence diagrams with invalid or ambiguous syntax.</p>
</li></ul>
</article></section>
</main>
<footer>Generated from <code>.taskmaster/tasks/tasks.json</code>. Last docs update: 2026-05-24T00:00:00.000Z</footer>
<script>
const taskSection = document.querySelector('#tasks');
const originalCards = [...taskSection.querySelectorAll('.task')];
const columns = [
{ key: 'done', title: 'Shipped' },
{ key: 'in-progress', title: 'In progress' },
{ key: 'pending', title: 'Planned' }
];
taskSection.innerHTML = '';
const columnMap = new Map();
for (const column of columns) {
const wrapper = document.createElement('div');
wrapper.className = 'roadmap-column';
wrapper.dataset.column = column.key;
const count = originalCards.filter((card) => card.dataset.status === column.key).length;
wrapper.innerHTML = `<div class="column-title"><span>${column.title}</span><span>${count}</span></div>`;
taskSection.appendChild(wrapper);
columnMap.set(column.key, wrapper);
}
for (const card of originalCards) {
const target = columnMap.get(card.dataset.status) || columnMap.get('pending');
target.appendChild(card);
}
const search = document.querySelector('#search');
const status = document.querySelector('#status');
const priority = document.querySelector('#priority');
const cards = [...document.querySelectorAll('.task')];
function applyFilters() {
const q = search.value.trim().toLowerCase();
const s = status.value;
const p = priority.value;
for (const card of cards) {
const text = card.innerText.toLowerCase();
const statusMatch = !s || card.dataset.status === s || [...card.querySelectorAll('.subtask')].some((el) => el.dataset.status === s);
const priorityMatch = !p || card.dataset.priority === p || [...card.querySelectorAll('.subtask')].some((el) => el.dataset.priority === p);
const searchMatch = !q || text.includes(q);
card.style.display = statusMatch && priorityMatch && searchMatch ? '' : 'none';
}
for (const column of document.querySelectorAll('.roadmap-column')) {
const visibleCards = [...column.querySelectorAll('.task')].filter((card) => card.style.display !== 'none').length;
column.style.display = visibleCards ? '' : 'none';
}
}
search.addEventListener('input', applyFilters);
status.addEventListener('change', applyFilters);
priority.addEventListener('change', applyFilters);
</script>
</body>
</html>