Files
nick-doc/Taskmaster/Tasks/task-5-8.md
Siavash Sameni 4cf5c49274 docs(audit): align documentation with post-remediation backend reality
- Update data model enums to match backend models
- Update API reference auth requirements
- Add dispute module references and warning blocks
- Add 2026-05-24 audit remediation callout to Overview
- Generate task breakdowns and audit artifacts
- Add doc alignment report (.taskmaster/reports/)
2026-05-24 11:16:29 +04:00

36 lines
1.2 KiB
Markdown

---
taskmaster_id: "5.8"
status: "pending"
priority: "high"
depends_on: ["2", "3", "5", "6"]
parent_id: "5"
source: "taskmaster"
generated_at: "2026-05-24T07:15:25.199Z"
---
# 5.8 - Add security, compliance, and abuse controls for Telegram
- [ ] 5.8 - Add security, compliance, and abuse controls for Telegram #taskmaster #priority/high #status/pending ⏫ 🆔 tm-5-8 ⛔ tm-2 ⛔ tm-3 ⛔ tm-5 ⛔ tm-6
## Metadata
| Field | Value |
| --- | --- |
| Taskmaster ID | 5.8 |
| Status | pending |
| Priority | high |
| Dependencies | 2, 3, 5, 6 |
| Parent | 5 - Deliver Telegram-native app, bot, and wallet experience |
## Description
Threat-model the Telegram surface and add controls before launch.
## Details
Cover forged init data, callback replay, deep-link parameter tampering, phishing links, bot token leakage, spam, account takeover, wallet spoofing, fake payment proof, and support impersonation. Document secrets, bot webhook endpoints, Wallet Pay keys, TON Connect manifest, CORS, CSP, allowed origins, rate limits, and monitoring for update failures, abnormal callbacks, payment mismatches, blocked notifications, and suspicious wallet activity.
## Verification
See Telegram-native PRD acceptance criteria.