Skip to content

Commit 3b0e364

Browse files
author
Neo
committed
refactor(security): excise Telegram from owner identity + marketplace appeals (Phase 5 step 6b)
Telegram did nothing real for auth — no bot, no token, no send. Owner is identified by Apple ID; the Telegram-ID branch in userType() compared against "7161847911", which an Apple Sign-In id never equals (unreachable on device). Removed: - ownerTelegramID (AgentAccessControl + Secrets/Secrets.example) - the Telegram branch in userType() — owner now via the Apple-ID branch only - the dead Scenario3 telegramApproval factor (Scenario3 never invoked; initiate/verify have zero callers across all repos) - the "telegram:@dardan" marketplace appeal channel (appeals store locally, never sent) -> "owner-review" Adversarial-verified behavior-preserving (3 lenses, no holes): every userType() call site passes appState.currentUserID, sourced only from Apple's opaque credential.user (=== the stored com.mtrx.appleUserId the surviving branch compares), never a Telegram id. Owner still classifies as owner, non-owners as consumer — unchanged. Server core already migrated to OTP. This class is UX-only routing (server makes the binding owner call). Full 117-suite green.
1 parent 3864816 commit 3b0e364

3 files changed

Lines changed: 8 additions & 25 deletions

File tree

Blockchain/Components/Component24_Marketplace/MarketplaceManager.swift

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
// MarketplaceManager.swift
22
// MTRX Blockchain - Components - Marketplace (C24)
33
//
4-
// 5% NeoSafe / 95% seller, compliance filter, appeal to Dardan via Telegram.
4+
// 5% NeoSafe / 95% seller, compliance filter, appeal escalated to the platform owner.
55

66
import Foundation
77
import Combine
@@ -62,8 +62,8 @@ struct MarketAppeal: Identifiable, Codable {
6262
let reason: String
6363
var status: AppealStatus
6464
let filedAt: Date
65-
/// Appeals are directed to Dardan via Telegram.
66-
let escalationChannel: String // "telegram:@dardan"
65+
/// Appeals are escalated to the platform owner for review.
66+
let escalationChannel: String // e.g. "owner-review"
6767
}
6868

6969
enum AppealStatus: String, Codable {
@@ -102,8 +102,8 @@ final class MarketplaceManager: ObservableObject {
102102
static let platformFeePercent: Double = 0.05
103103
static let sellerSharePercent: Double = 0.95
104104

105-
/// Appeals go to Dardan via Telegram.
106-
static let appealChannel = "telegram:@dardan"
105+
/// Appeals are escalated to the platform owner for review (stored locally; no channel wired yet).
106+
static let appealChannel = "owner-review"
107107

108108
weak var delegate: MarketplaceDelegate?
109109

@@ -261,7 +261,7 @@ final class MarketplaceManager: ObservableObject {
261261
await updateListingInPublished(listing)
262262
}
263263

264-
// MARK: - Appeals (to Dardan via Telegram)
264+
// MARK: - Appeals (escalated to the platform owner)
265265

266266
func fileAppeal(listingId: String, appellantAddress: String, reason: String) async throws -> MarketAppeal {
267267
guard listingStore[listingId] != nil else {

Config/Secrets.example.swift

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,6 @@
77
import Foundation
88

99
enum AppSecrets {
10-
/// Owner Telegram ID — only account with Neo access
11-
static let ownerTelegramID: Int64 = 0
12-
1310
/// NeoSafe wallet address
1411
static let neoSafeAddress: String = ""
1512
}

Core/Security/AgentAccessControl.swift

Lines changed: 2 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ import Combine
1717
/// Two user types:
1818
/// - Consumer: Trinity primary, Morpheus at pivotal moments, Neo invisible
1919
/// - Owner (Dardan): Neo primary, enhanced Trinity + Morpheus available
20-
/// (owner identity is being moved from Telegram to Apple ID + Twilio OTP — Phase 2)
20+
/// (owner identity is the Apple ID that created this install; OTP verification — Phase 2)
2121
///
2222
/// Three scenarios for unauthorized Neo access (the *server* makes the binding call):
2323
/// - Scenario 1 (Unintentional): Trinity intercepts silently
@@ -27,12 +27,6 @@ import Combine
2727
final class AgentAccessControl: ObservableObject {
2828
static let shared = AgentAccessControl()
2929

30-
// MARK: - Owner identity
31-
32-
/// The owner's Telegram ID — only account with Neo access.
33-
/// Value sourced from AppSecrets (Config/Secrets.swift, gitignored).
34-
static let ownerTelegramID: Int64 = AppSecrets.ownerTelegramID
35-
3630
// MARK: - Published state
3731

3832
@Published private(set) var currentAgent: ActiveAgent = .trinity
@@ -60,10 +54,6 @@ final class AgentAccessControl: ObservableObject {
6054
}
6155

6256
func userType(for userID: String) -> UserType {
63-
// Owner check — only Dardan's account
64-
if userID == String(Self.ownerTelegramID) {
65-
return .owner
66-
}
6757
// The Apple account that signed in and created this install's
6858
// demo wallet IS the platform owner on this device.
6959
if !userID.isEmpty,
@@ -179,13 +169,12 @@ final class AgentAccessControl: ObservableObject {
179169
// MARK: - Scenario 3: Legitimate need
180170

181171
struct Scenario3State {
182-
var telegramApproved = false
183172
var onChainVerified = false
184173
var approvalCode: String?
185174
var generatedCode: String?
186175

187176
var isFullyAuthorized: Bool {
188-
telegramApproved && onChainVerified && approvalCode == generatedCode && generatedCode != nil
177+
onChainVerified && approvalCode == generatedCode && generatedCode != nil
189178
}
190179
}
191180

@@ -202,8 +191,6 @@ final class AgentAccessControl: ObservableObject {
202191
guard var state = scenario3States[userID] else { return false }
203192

204193
switch step {
205-
case .telegramApproval:
206-
state.telegramApproved = true
207194
case .onChainVerification:
208195
state.onChainVerified = true
209196
case .approvalCode:
@@ -327,7 +314,6 @@ enum AccessScenario {
327314
}
328315

329316
enum Scenario3Step {
330-
case telegramApproval
331317
case onChainVerification
332318
case approvalCode
333319
}

0 commit comments

Comments
 (0)