Files
nick-doc/Taskmaster/Tasks/task-5-8.md
Siavash Sameni 4cf5c49274 docs(audit): align documentation with post-remediation backend reality
- Update data model enums to match backend models
- Update API reference auth requirements
- Add dispute module references and warning blocks
- Add 2026-05-24 audit remediation callout to Overview
- Generate task breakdowns and audit artifacts
- Add doc alignment report (.taskmaster/reports/)
2026-05-24 11:16:29 +04:00

1.2 KiB

taskmaster_id, status, priority, depends_on, parent_id, source, generated_at
taskmaster_id status priority depends_on parent_id source generated_at
5.8 pending high
2
3
5
6
5 taskmaster 2026-05-24T07:15:25.199Z

5.8 - Add security, compliance, and abuse controls for Telegram

  • 5.8 - Add security, compliance, and abuse controls for Telegram #taskmaster #priority/high #status/pending 🆔 tm-5-8 tm-2 tm-3 tm-5 tm-6

Metadata

Field Value
Taskmaster ID 5.8
Status pending
Priority high
Dependencies 2, 3, 5, 6
Parent 5 - Deliver Telegram-native app, bot, and wallet experience

Description

Threat-model the Telegram surface and add controls before launch.

Details

Cover forged init data, callback replay, deep-link parameter tampering, phishing links, bot token leakage, spam, account takeover, wallet spoofing, fake payment proof, and support impersonation. Document secrets, bot webhook endpoints, Wallet Pay keys, TON Connect manifest, CORS, CSP, allowed origins, rate limits, and monitoring for update failures, abnormal callbacks, payment mismatches, blocked notifications, and suspicious wallet activity.

Verification

See Telegram-native PRD acceptance criteria.