Files
nick-doc/09 - Audits/Task 5.7 Telegram Admin Support Surface.md
2026-05-24 13:19:54 +04:00

1.4 KiB

title, tags, created, status
title tags created status
Task 5.7 Telegram Admin Support Surface
taskmaster
telegram
admin
support
2026-05-24 planned

Task 5.7 Telegram Admin Support Surface

Task 5.7 is not complete in this first Task 5 pass. This document defines the admin/support scope required for Telegram-originated cases.

Required admin/support visibility

  • Telegram linked identity on user profile.
  • Bot notification status and blocked-bot state.
  • Mini App launch source and latest Telegram session metadata.
  • Payment provider and wallet/payment references for Telegram-originated intents.
  • Telegram webhook/callback event history for support investigation.

Required admin/support actions

  • Resend link prompt.
  • Revoke Telegram link.
  • Block Telegram bot access for a user.
  • Inspect Telegram-originated event history.
  • Escalate payment/dispute issues to canonical admin workflows.

Security requirements

  • Admin overrides remain gated by Task 4 step-up/two-person controls.
  • Support can inspect Telegram context but cannot mutate funds state.
  • Every support/admin action writes structured audit metadata.

Required tests

  • Support can read Telegram link metadata but cannot release/refund funds.
  • Admin link revocation invalidates active Telegram link.
  • Blocked Telegram user cannot create a new Mini App session.
  • Admin override paths still require step-up when configured.