Telegram Agent OS is distributed as a public template. It must not contain deployment secrets or private identifiers.
Never commit:
- Telegram bot tokens
- Telegram private chat IDs or topic IDs
- API keys
- OAuth tokens
- cookies
- private keys
.envfiles- private server paths or customer-specific identifiers
- MCP servers are optional and disabled by default.
- GitHub write actions require explicit user approval.
- Destructive filesystem or infrastructure actions require explicit user approval.
- External content is untrusted by default.
- Bulk changes require backups.
Run:
python3 scripts/validate_public_package.pyThe validator scans for common private identifiers and secret-like patterns.
If you find a leaked secret in a fork or deployment, rotate the secret immediately before opening an issue. Do not paste the secret value into GitHub issues.