a6af0f2154
- Validate JWT signature + expiry in /start (was only decoding, not verifying) - Constant-time signature comparison in telegram-token.ts (prevent timing attacks) - Rate limit /tg/token endpoint: 10 requests/hour per IP - Grammy bot.catch() error handler (prevent unhandled rejections crashing broker) - Cap WS reconnect attempts at 20 (prevent infinite retry loop) - Expire stale pendingDMs entries (prevent memory leak) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>