Skip to content

Security: elkrause/telegram-ai-supervisor-guide

Security

docs/security.md

Security Notes

Do Not Publish

Never publish:

  • bot tokens,
  • chat IDs from private groups,
  • user IDs,
  • private server URLs,
  • API tokens,
  • local .env files,
  • raw Telegram payloads,
  • private media,
  • logs containing private content,
  • real inbox/outbox archives.

Public Examples

Use placeholders:

"chat_ids": [-1000000000000]

Use generic paths:

"path": "/Users/you/repos/example-repo"

Use generic LaunchAgent labels:

com.example.telegram-supervisor.worker

Runner Boundaries

For AI runners:

  • run in one target repo only,
  • embed or provide AGENTS.md,
  • avoid global filesystem access,
  • do not let AI poll Telegram,
  • do not let AI commit/push directly if the supervisor owns Git,
  • require explicit approval for destructive or live production actions.

Home Automation And External Systems

For Home Assistant or similar systems:

  • prefer read-only status scripts,
  • require explicit approval for SSH, service reloads, writes, restarts, or device actions,
  • keep API tokens local,
  • summarize status in Telegram without exposing secrets.

Duplicate Pollers

Telegram long polling has one important rule:

one bot token, one active getUpdates poller.

If two pollers run, one may consume updates before the other sees them. This can make messages disappear from the intended routing path.

During migration to a central supervisor, disable old per-repo Telegram daemons.

There aren't any published security advisories