Bot platform adapters now ship in the
praisonai-bot package. praisonai bot serve still works exactly as documented here; for a standalone install see praisonai-bot Migration.CommandAccessPolicy applies uniformly to Telegram, Slack, and Discord bots via the shared CommandRegistry.
The user sends a restricted slash command; admins pass the policy check while other users only run commands on their allowlist.
The native
/ menu is filtered per user. When a CommandAccessPolicy is configured, Telegram and Discord only surface the commands a user may run in their typed-/ autocomplete — restricted commands never appear for users who cannot run them. See Native / Autocomplete.Privileged Commands
Privileged commands (/learn today) are admin-only by default whenever any policy is configured. They stay open when neither admin_users nor user_allowed_commands is set, so existing deployments are unaffected. To grant a regular user a privileged command, add it explicitly to user_allowed_commands.
The conversation-control commands (/undo, /sessions, /resume, /retry, /reasoning) are not privileged — they follow the same rules as /stop, /model, and /usage. Regular users can run them whenever the policy allows non-privileged commands.
Quick Start
1
Set admin_users in YAML
admin_users is set, /learn is admin-only on every channel. No allow-list needed for the privileged guard to activate.2
Or configure in Python
- Telegram
- Slack
- Discord
3
Grant /learn to a specific regular user
123 is admin (everything). Regular users can also run /learn, /status, and /help.How It Works
Policy truth table (from the SDK test suite):Built-in Commands
ALWAYS_ALLOWED = {"help", "whoami"} — these cannot be locked away from any user.
PRIVILEGED_COMMANDS = {"learn"} — admin-only whenever a policy is configured (admin_users or user_allowed_commands set). Available to all users when no policy is configured (backward-compatible).
Configuration
A policy is “configured” if either
admin_users is non-empty or user_allowed_commands is not None (even if empty). Once configured, the privileged-command guard is active.
Choosing a Setup
Best Practices
admin_users alone is enough to lock down /learn
admin_users alone is enough to lock down /learn
You don’t need
user_allowed_commands to restrict /learn. Setting admin_users alone is enough — regular users lose /learn automatically. Add learn to user_allowed_commands only if you want a specific non-admin to keep access.Pair with allowed_users
Pair with allowed_users
Per-command access layers on top of user allowlists — it does not replace them.
Reserve /new and /stop for admins in production
Reserve /new and /stop for admins in production
Both have side effects: resetting state and cancelling tasks.
Use /whoami when debugging permissions
Use /whoami when debugging permissions
Shows the exact allow list resolved for the caller, including which commands are blocked.
Add custom commands to user_allowed_commands
Add custom commands to user_allowed_commands
Register with
bot.register_command("ping", handler) then include "ping" in the allowlist for non-admins.Related
Bot Chat Commands
Built-in and custom commands
Bot Security
DM policy and safe defaults
Learn Skill
The privileged /learn command — authors a grounded SKILL.md from sources

