Security

Teleton implements multi-layer security with access control policies, sandboxed workspace, and encrypted wallet storage.

Access Control Policies

Control who can interact with your agent using scope-based policies:

Scope	Description
`admin`	Only admin users (full access including wallet operations)
`dm`	Direct messages only (no group responses)
`group`	Groups where agent is member

config.yaml

policy:
  defaultScope: dm       # Default policy for new chats
  adminUsers:
    - 123456789          # Your Telegram user ID
    - 987654321          # Additional admin

Wallet Security

Wallet security

The wallet file contains your private keys. Keep it secure and backed up.

Wallet stored encrypted at ~/.teleton/wallet.json
W5R1 wallet version for enhanced security
Financial operations require admin scope
Transaction confirmations before execution

Sandboxed Workspace

The workspace directory is protected against path traversal attacks:

All file operations restricted to ~/.teleton/workspace/
Path normalization prevents ../ escapes
Immutable system files (SOUL.md, SECURITY.md)

Best Practices

Use environment variables for API keys: ${ANTHROPIC_API_KEY}
Restrict admin access to trusted user IDs only
Enable dm scope by default, expand as needed
Regularly backup ~/.teleton/ directory
Use testnet for development: wallet.network: testnet