This bot connects Telegram to OpenCode running on your machine. Anyone who can message the bot can make OpenCode read/write files and run shell commands on the host with your user's permissions. Treat the bot token and host access as highly sensitive.
- Always set
ALLOWED_USERS. With it empty, any Telegram user who finds the bot can control your machine. Set it to your own numeric Telegram ID(s). - Keep
.envprivate. It contains your bot token. It is git-ignored by default — never commit it. - Understand
OPENCODE_TRUST_ALL_TOOLS=true. This runs tools without confirmation. Set it tofalseif you want OpenCode to surface permission prompts; the bot then auto-declines unknown permission requests. - Scope the workspace. The bot operates in the project folders you select.
Only point
PROJECT_ROOTSat directories you are comfortable exposing. - Run as a non-privileged user. The provided services install as a user
service (systemd
--user, launchd LaunchAgent, Windows logon task) — never as root/SYSTEM/admin.
- It does not transmit your code or secrets anywhere except to Telegram (your messages) and to OpenCode (which talks to its own backend).
- It does not open any inbound network port.
- It does not commit, read, or log the contents of
.envsecrets.
Please do not open a public issue for security problems. Instead, open a
private security advisory on the repository, or email the maintainer listed in
package.json. We aim to respond within 7 days.
The latest released version on the default branch receives security fixes.