feat(telegram): include a presigned PDF view link in the admin-review alert

When an MCS-150/USDOT order hits the pre-submission admin-verification gate, the
Telegram FULFILLMENT NEEDED alert now appends a presigned link to the prepared
PDF (via the public minio.performancewest.net endpoint, IP-allowlisted to admin)
so you can review the document straight from the alert before approving. Added
notify_fulfillment_todo(view_url=...) + a _presigned_view_url helper (public
endpoint + explicit region to avoid the region-probe that 403s from the worker).

scripts/workers/services/mcs150_update.py

@@ -453,12 +453,40 @@ class MCS150UpdateHandler:
                 service_slug=slug,
                 priority="high",
                 description=todo_description,
+                view_url=self._presigned_view_url(minio_path),
             )
             conn.close()
             LOG.info("[%s] Admin-review (pre-submission) todo created", order_number)
         except Exception as exc:
             LOG.warning("[%s] Failed to create admin-review todo: %s", order_number, exc)
 
+    @staticmethod
+    def _presigned_view_url(minio_path, days=7):
+        """Presigned, browser-openable URL to a MinIO object via the PUBLIC
+        endpoint (minio.performancewest.net), so operator Telegram alerts can
+        link directly to the prepared PDF for review. Returns "" on failure.
+        The public host is IP-allowlisted at nginx, so the link only opens from
+        an allowlisted office/admin IP -- which is the intended audience.
+        """
+        if not minio_path:
+            return ""
+        try:
+            from minio import Minio
+            from datetime import timedelta
+            pub = os.environ.get("MINIO_PUBLIC_ENDPOINT", "minio.performancewest.net")
+            mc = Minio(
+                pub,
+                access_key=os.environ.get("MINIO_ACCESS_KEY", ""),
+                secret_key=os.environ.get("MINIO_SECRET_KEY", ""),
+                secure=True,
+                region=os.environ.get("MINIO_REGION", "us-east-1"),
+            )
+            bucket = os.environ.get("MINIO_BUCKET", "performancewest")
+            return mc.presigned_get_object(bucket, minio_path, expires=timedelta(days=days))
+        except Exception as exc:  # noqa: BLE001
+            LOG.warning("Could not presign view URL for %s: %s", minio_path, exc)
+            return ""
+
     @staticmethod
     def _upload_submission_evidence(order_number, slug, filing_result):
         """Persist submission proof (confirmation screenshot for web, attested

scripts/workers/telegram_notify.py

@@ -112,11 +112,14 @@ def notify_fulfillment_todo(
     service_slug: str,
     priority: str = "normal",
     description: str = "",
+    view_url: str = "",
 ) -> bool:
     """Operator alert that a fulfillment task needs attention.
 
     Called whenever an admin_todo is created so nothing waits unseen in the
-    queue. The description is trimmed to keep the message readable.
+    queue. The description is trimmed to keep the message readable. ``view_url``
+    (a presigned link to the prepared document) is appended when supplied so the
+    operator can review the PDF directly from the alert.
     """
     icon = {"high": "🔴", "urgent": "🔴", "normal": "🟡", "low": "⚪"}.get(
         (priority or "normal").lower(), "🟡"
@@ -133,4 +136,6 @@ def notify_fulfillment_todo(
     )
     if desc:
         text += f"\n{desc}"
+    if view_url:
+        text += f"\n\n📄 Review the prepared document:\n{view_url}"
     return send_telegram(text)