{"ok":true,"meta":{"generatedAt":"2026-06-30T13:17:43.903Z"},"data":{"version":"tzv3-telegram-handoff-v1","endpoint":"/api/webhooks/telegram/setup-policy","command":"npm run telegram:handoff","script":"scripts/tzv3-telegram-handoff.mjs","configured":true,"contractReady":true,"productionReady":false,"safety":{"mode":"read-only","writes":false,"network":false,"callsTelegramApi":false,"printsSecrets":false,"storesBotToken":false,"storesWebhookSecret":false,"note":"Reports Telegram setup steps, placeholder command templates, accepted headers, and validation gates. It never calls Telegram, stores bot tokens, or prints secret values."},"environment":{"required":[{"name":"NEXT_PUBLIC_SITE_URL","configured":true,"placeholder":false},{"name":"TELEGRAM_WEBHOOK_SECRET","configured":false,"placeholder":false},{"name":"DATABASE_URL","configured":false,"placeholder":false}],"ownerSuppliedOutsideArtescEnv":[{"name":"TELEGRAM_BOT_TOKEN","storage":"Telegram/BotFather or deployment secret manager outside this repo","reason":"Used only by Telegram setWebhook/deleteWebhook calls; the Artesc runtime does not need to store it."},{"name":"Operator chat/workflow IDs","storage":"Telegram admin/workflow configuration","reason":"Limits who can issue status commands before forwarding updates to Artesc."}]},"webhook":{"path":"/api/webhooks/telegram/status","productionUrl":"https://www.artescort.vip/api/webhooks/telegram/status","method":"POST","acceptedSecretHeaders":["x-telegram-bot-api-secret-token","x-webhook-token"],"preferredNativeSecretHeader":"x-telegram-bot-api-secret-token","relaySecretHeader":"x-webhook-token","payloadModes":["raw-telegram-update","text-command","json-payload"],"statusSource":"telegram","storesOriginalMessageText":false,"profileResolution":{"mode":"static-seed-fallback","databaseFirst":true,"rejectsUnknownProfiles":true},"persistence":{"provider":"dry-run-no-store","requiredEnvironment":["DATABASE_URL"],"writes":["profiles.status","profiles.status_label","status_events"]},"liveStatusStream":{"snapshot":"/api/status","sse":"/api/status/stream"}},"telegramSetup":{"botFatherSteps":["Create or select the Artesc operator bot in BotFather.","Keep the bot token outside the repository and outside public client env.","Restrict operator access in Telegram or the relay workflow before forwarding status updates.","Set commands for status operators: status, available, tonight, private."],"directTelegramNativeWebhook":{"recommended":true,"secretHeader":"x-telegram-bot-api-secret-token","setWebhookCurlTemplate":"curl -sS -X POST \"https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/setWebhook\" -H \"content-type: application/json\" --data '{\"url\":\"https://www.artescort.vip/api/webhooks/telegram/status\",\"secret_token\":\"<TELEGRAM_WEBHOOK_SECRET>\",\"allowed_updates\":[\"message\"]}'","getWebhookInfoCurlTemplate":"curl -sS \"https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/getWebhookInfo\"","deleteWebhookCurlTemplate":"curl -sS -X POST \"https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/deleteWebhook\""},"relayWorkflowWebhook":{"recommendedWhen":"Use only when a Telegram workflow/automation receiver sits between Telegram and Artesc.","secretHeader":"x-webhook-token","targetUrl":"https://www.artescort.vip/api/webhooks/telegram/status","requiredForwardedFields":["message.text","message.from.username or message.from.id"]}},"operatorCommands":["/status sofia available На месте","/status sofia tonight Сегодня","/status sofia private По запросу","/available sofia","/tonight sofia","статус sofia на месте"],"validation":{"noWriteFirst":["npm run telegram:handoff","curl -s https://your-domain.example/api/webhooks/telegram/setup-policy","curl -s https://your-domain.example/api/webhooks/telegram/status","npm run telegram:audit"],"finalProofs":["Telegram getWebhookInfo returns the deployed Artesc webhook URL.","Wrong secret token is rejected with 401.","Invalid payload with a valid secret is rejected with 422 without status writes.","A real operator command updates PostgreSQL status_events and appears in /api/status/stream."],"cannotVerifyFromArtesc":["Telegram bot token value","Telegram-side operator permissions","Telegram setWebhook result before the owner runs it"]},"summary":{"acceptedSecretHeaderCount":2,"operatorCommandExampleCount":6,"requiredEnvironmentCount":3,"missingRequiredEnvironmentCount":2,"contractFailureCount":0},"productionBoundary":["Run telegram:handoff before telegram:audit so the Telegram-native secret header and setup command are confirmed without calling Telegram.","Use Telegram setWebhook secret_token for direct Telegram delivery; it maps to x-telegram-bot-api-secret-token.","Use x-webhook-token only for custom relay workflows that can set arbitrary headers.","Do not store TELEGRAM_BOT_TOKEN in this repository or expose it through public env.","Do not send a valid status-changing command until DATABASE_URL and TELEGRAM_WEBHOOK_SECRET are configured on the deployed Artesc website."],"contractFailures":[],"productionBlockers":["TELEGRAM_WEBHOOK_SECRET is missing or placeholder","DATABASE_URL is missing or placeholder"]}}