# Telegram Bot Privacy & Access Control

## Quick Config

```bash
# Allow only specific user by Telegram ID
hermes config set telegram.allowed_users "<telegram_id>"

# Or allow all users (quick testing)
echo "GATEWAY_ALLOW_ALL_USERS=true" >> ~/.hermes/.env

# Then restart
hermes gateway restart
```

## Finding a User's Telegram ID

When an unauthorized user messages the bot, their numeric Telegram ID is logged:
```bash
journalctl --user -u hermes-gateway -f | grep "Unauthorized"
```

Or look in gateway logs:
```bash
grep "Unauthorized" ~/.hermes/logs/gateway.log
```

The user's current ID: `7862937585` (configured).

## Bot Types

| Type | Created via | Purpose |
|------|-------------|---------|
| Bot (e.g. @YourHermesBot) | @BotFather | Direct 1:1 chats, receives messages sent to it |
| BotFather | @BotFather | Creating/managing bots — NOT involved in auth |

Pairing codes go to the bot, not BotFather.

## Two-Level Access Control

1. **Hermes level** (`telegram.allowed_users`) — controls which Telegram IDs the gateway processes. Your config already has this set correctly.
2. **Telegram level** (`@BotFather → /setprivacy`) — controls what messages the Telegram API delivers to the bot. Default (`Enable`) means bot only receives messages directed at it.

Both layers work independently; `allowed_users` is the primary gate.

## Command Menu (Bot Command Menu)

Slash commands registered in Hermes are automatically pushed to Telegram as the bot command menu — users see them when they type `/` in the chat.

```bash
# See all registered commands (these appear in Telegram's / menu)
hermes skills list
```

For BotFather to also show a persistent command list (visible when long-pressing the input field):
1. Open @BotFather
2. `/setcommands`
3. Select bot
4. Enter commands in format:
   ```
   start - 开始使用
   help - 获取帮助
   model - 切换模型
   status - 查看状态
   ```

## Inline Keyboards (Built-in)

Hermes ships with inline keyboard support for several native flows:

| Flow | Keyboard | Trigger |
|------|----------|---------|
| Dangerous command approval | ✅ Allow Once / 🔒 Always / ❌ Deny | `approvals.mode` prompts |
| Model picker | Paginated button grid | `/model` slash command |
| Update prompts | ✓ Yes / ✗ No | Gateway update available |

The `send_message` tool and platform adapters support `reply_markup` for custom inline keyboards. See `gateway/platforms/telegram.py` for implementation patterns using `InlineKeyboardButton` + `InlineKeyboardMarkup`.