Problem
Hermes's Telegram integration has no user-level access control for group chats. Any Telegram user can add the bot to their own group and trigger it via @mention — without any authorization check.
Current Behavior
When a message passes through _should_process_message() (gateway/platforms/telegram.py), the only group access controls are:
- Is the chat in
free_response_chats? → allow
- Is
require_mention=false? → allow
- Is it a command? → allow
- Does it reply to the bot? → allow
- Does it @mention the bot? → allow
- Does it match
mention_patterns? → allow
There is NO user ID check. Anyone can trigger the bot in any group.
TELEGRAM_ALLOWED_USERS is Ineffective
TELEGRAM_ALLOWED_USERS is mapped in the config but only used in one place — the approval button callback (telegram.py:1462). It does not gate message processing.
Compare with WeChat, which correctly implements this:
# gateway/config.py
weixin_allowed_users = os.getenv("WEIXIN_ALLOWED_USERS", "").strip()
if weixin_allowed_users:
extra["allow_from"] = weixin_allowed_users
weixin_group_allowed_users = os.getenv("WEIXIN_GROUP_ALLOWED_USERS", "").strip()
if weixin_group_allowed_users:
extra["group_allow_from"] = weixin_group_allowed_usersTelegram has no equivalent.
Security Impact
Any Telegram user can:
- Add the bot to any group they control
- @mention the bot to trigger responses
- Invoke any tool the bot has access to (file operations, code execution, etc.)
This is a significant security gap for production deployments.
Expected Behavior
Add TELEGRAM_ALLOWED_USERS and TELEGRAM_GROUP_ALLOWED_USERS support for Telegram, mirroring the WeChat implementation:
TELEGRAM_ALLOWED_USERS — whitelist of user IDs who can interact with the botTELEGRAM_GROUP_ALLOWED_USERS — whitelist of user IDs who can trigger the bot in groups (beyond existing mention/pattern controls)
Suggested Fix
In gateway/config.py, add Telegram's user/group allowlist mapping alongside the existing WeChat implementation, then check allow_from in _should_process_message() before allowing group message processing.
References
- WeChat implementation:
gateway/config.py:1012-1017, gateway/platforms/weixin.py
- Telegram group trigger logic:
gateway/platforms/telegram.py:_should_process_message()
Problem
Hermes's Telegram integration has no user-level access control for group chats. Any Telegram user can add the bot to their own group and trigger it via @mention — without any authorization check.
Current Behavior
When a message passes through
_should_process_message()(gateway/platforms/telegram.py), the only group access controls are:free_response_chats? → allowrequire_mention=false? → allowmention_patterns? → allowThere is NO user ID check. Anyone can trigger the bot in any group.
TELEGRAM_ALLOWED_USERS is Ineffective
TELEGRAM_ALLOWED_USERSis mapped in the config but only used in one place — the approval button callback (telegram.py:1462). It does not gate message processing.Compare with WeChat, which correctly implements this:
Telegram has no equivalent.
Security Impact
Any Telegram user can:
This is a significant security gap for production deployments.
Expected Behavior
Add
TELEGRAM_ALLOWED_USERSandTELEGRAM_GROUP_ALLOWED_USERSsupport for Telegram, mirroring the WeChat implementation:TELEGRAM_ALLOWED_USERS— whitelist of user IDs who can interact with the botTELEGRAM_GROUP_ALLOWED_USERS— whitelist of user IDs who can trigger the bot in groups (beyond existing mention/pattern controls)Suggested Fix
In
gateway/config.py, add Telegram's user/group allowlist mapping alongside the existing WeChat implementation, then checkallow_fromin_should_process_message()before allowing group message processing.References
gateway/config.py:1012-1017,gateway/platforms/weixin.pygateway/platforms/telegram.py:_should_process_message()