Skip to main content

Telegram Connection

These variables define how your bot connects to the Telegram platform. A TELEGRAM_BOT_TOKEN is always required.
[!WARNING] Security Advisory Your TELEGRAM_BOT_TOKEN is highly sensitive. Treat it like a password. Do not expose it in public repositories or client-side code.

Access Control

Control who can interact with your bot. By default, the bot is private.

Pre-start Security Checks

Starting from version 1.6.1, Chibi performs automatic security validations before starting the bot to prevent dangerous configurations.

Security Rules

  1. Private Mode Requires User Whitelist
    • If PUBLIC_MODE=False (default), you must configure USERS_WHITELIST.
    • Without a whitelist, unauthorized users could access your bot and incur API costs.
    • The bot will refuse to start if this condition is not met.
  2. Public Mode Blocks Filesystem Access
    • If PUBLIC_MODE=True, you cannot enable FILESYSTEM_ACCESS=True.
    • Running a public bot with filesystem access is a severe security risk, as any user could potentially read or write files on your server.
    • The bot will refuse to start if this combination is detected.
  3. Warning: Filesystem Access in Groups
    • If FILESYSTEM_ACCESS=True and the bot is added to groups (via GROUPS_WHITELIST), a warning is displayed.
    • Consider whether your group members need filesystem access before enabling this combination.

Example Secure Configuration

General Behavior

These settings control the bot’s core functionality and user interface elements.

Agent Capabilities

These settings define what the AI agent is allowed to do.

MCP (Model Context Protocol)

Settings for the Model Context Protocol integration.

Next Steps