Platform Telegram

Deliverable SYS-006. Structure per cc02-standards/SYSTEM-STANDARD.md. Every component traces to a design basis (NEED/REQ) and to an acceptance criterion.

1. Purpose and Design Basis

1.1 Scope and Objective

Platform Telegram (v2) serves as the primary encrypted team-coordination bearer. It supports mobile communications, hosts the Daily Brief dissemination bots, and acts as the transport channel for ATAK-CIV data packages and tactical system notifications.

1.2 Design Basis

This system leverages standard Telegram channels and group configurations running MTProto v2 encryption. It implements custom API bot integrations to automate alert delivery and operational reporting, keeping all communication keys and endpoint configurations sandboxed.

1.3 Needs

  • NEED-SYS-006-01: Operators require a ubiquitous and encrypted platform to receive tactical alerts, daily briefs, and coordination messages in the field.
    • Source: Team Leader (RF)
    • Context: Commercial chat platforms are standard for mobile field teams, but require customized bot interfaces and end-to-end security measures.
  • NEED-SYS-006-02: Systems Engineer (CS) requires programmatic access to coordinate automated bots that publish threat intelligence reports and ATAK files.
    • Source: Systems Engineer (CS)
    • Context: Automating alert channels reduces human response times and metadata leaks.

1.4 Requirements

  • REQ-SYS-006-01 (Traceability: NEED-SYS-006-01): The platform shall utilize Telegram MTProto v2 encryption for all channel and group messages [VR-SYS-006-01].
    • Verification Method: Test (T)
  • REQ-SYS-006-02 (Traceability: NEED-SYS-006-02): The platform shall run automated bots (e.g. Daily Brief bot) to ingest and publish markdown summaries from the alert pipelines [VR-SYS-006-02].
    • Verification Method: Test (T)
  • REQ-SYS-006-03 (Traceability: NEED-SYS-006-01): The team communication channels shall enforce two-factor authentication and device passcode locks on all operator clients [VR-SYS-006-03].
    • Verification Method: Inspection (I)
  • REQ-SYS-006-04 (Traceability: NEED-SYS-006-02): The Telegram bot API integration shall use cryptographically randomized tokens stored in environment secrets to authenticate operations [VR-SYS-006-04].
    • Verification Method: Inspection (I)

2. Architecture As Built

+-----------------------------------------------------------------------+
| SYS-006 Platform Telegram (Bearer System)                            |
|                                                                       |
|  [Daily Brief pipeline / SYS-008] ---> [Telegram Bot Daemon]          |
|                                                |                      |
|                                                v                      |
|  [Operator Handsets] <---------- Encrypted MTProto 2.0 ------------+ |
|                                                                       |
+-----------------------------------------------------------------------+

3. Components and Bill of Materials

ComponentSpecVendor / LinkPriceTierStatusTraceability
Telegram ClientTelegram Messenger applicationTelegram FZ-LLC$0.00-SELECTEDREQ-SYS-006-01
Telegram Bot APITelegram Bot API hosting endpointTelegram FZ-LLC$0.00-SELECTEDREQ-SYS-006-02
Bot Controller DaemonPython 3.12 service with python-telegram-bot wrapperInternal$0.00-SELECTEDREQ-SYS-006-04

4. Build and Deployment

4.1 Channel Setup

  1. Create a private, non-searchable Telegram Channel for tactical alerts.
  2. Disable link forwarding, screenshots, and message saving in the channel settings.
  3. Restrict channel posting permissions to administrative bot accounts only.

4.2 Bot Provisioning

  1. Register new bot accounts via the Telegram BotFather.
  2. Record the API tokens and import them as environment variables on the hosting server.
  3. Deploy the Bot Controller Daemon on the static VPS (SYS-001) as a background systemd service.

5. Hardening Baseline

  • Account Security Hardening: Force cloud passwords (2FA) on all operator Telegram accounts; configure auto-lock passcode timers on mobile clients to 1 minute; restrict interface access to pre-vetted phone numbers only [REQ-SYS-006-03].
  • API Token Hardening: Store all Telegram bot tokens in /etc/security/tg_tokens.env with owner-restricted permissions (chmod 0600); prevent logging of API tokens in application log files [REQ-SYS-006-04].
  • Channel Access Hardening: Regenerate invite links immediately after an operator joins; audit member rosters weekly against the active operator database [REQ-SYS-006-01].

6. Integration Points

  • Produces For: SYS-008 (bearer for threat-alert coordination and command messaging); SYS-011 (Telegram delivery channel for the OSINT collection backbone’s alerts and briefs, per SYS-011 Section 6).
  • Dissemination: Feeds daily briefs to EP-016 (Daily Brief) and AGT-001 (Daily Brief Pipeline) over encrypted Telegram data channels.

7. Acceptance Tests

CriterionMethodExpected ResultReference
REQ-SYS-006-01TestVerify that all messages are transmitted using MTProto v2 protocols via packet analysis.VR-SYS-006-01
REQ-SYS-006-02TestInject test markdown payload and confirm the bot publishes the formatted summary to the channel.VR-SYS-006-02
REQ-SYS-006-03InspectionVerify 2FA is active and passcode locks are enabled on all operator devices.VR-SYS-006-03
REQ-SYS-006-04InspectionVerify bot token configuration permissions are restricted to the run user only.VR-SYS-006-04

8. Run and Maintenance Handover

  • Operational Check: Send a status ping command to the bot daemon daily and verify response latency is under 1 second.
  • Update Cadence: Audit channel member rosters weekly; apply client application updates immediately upon release.
  • Ownership: Systems Engineer (CS) for API integration and bot maintenance; Operations Manager (BR) for channel member vetting and physical credential verification.

END OF SYSTEM

Model wiring

Generated from cell frontmatter at publish time.