Skip to main content
Bot platform adapters now ship in the praisonai-bot package. praisonai bot serve still works exactly as documented here; for a standalone install see praisonai-bot Migration.
Per-command access control layers on top of user allowlists — admins run any command, regular users only run commands you explicitly permit. CommandAccessPolicy applies uniformly to Telegram, Slack, and Discord bots via the shared CommandRegistry. The user sends a restricted slash command; admins pass the policy check while other users only run commands on their allowlist.
The native / menu is filtered per user. When a CommandAccessPolicy is configured, Telegram and Discord only surface the commands a user may run in their typed-/ autocomplete — restricted commands never appear for users who cannot run them. See Native / Autocomplete.

Privileged Commands

Privileged commands (/learn today) are admin-only by default whenever any policy is configured. They stay open when neither admin_users nor user_allowed_commands is set, so existing deployments are unaffected. To grant a regular user a privileged command, add it explicitly to user_allowed_commands. The conversation-control commands (/undo, /sessions, /resume, /retry, /reasoning) are not privileged — they follow the same rules as /stop, /model, and /usage. Regular users can run them whenever the policy allows non-privileged commands.

Quick Start

1

Set admin_users in YAML

Once admin_users is set, /learn is admin-only on every channel. No allow-list needed for the privileged guard to activate.
2

Or configure in Python

3

Grant /learn to a specific regular user

User 123 is admin (everything). Regular users can also run /learn, /status, and /help.

How It Works

Policy truth table (from the SDK test suite):

Built-in Commands

ALWAYS_ALLOWED = {"help", "whoami"} — these cannot be locked away from any user. PRIVILEGED_COMMANDS = {"learn"} — admin-only whenever a policy is configured (admin_users or user_allowed_commands set). Available to all users when no policy is configured (backward-compatible).

Configuration

A policy is “configured” if either admin_users is non-empty or user_allowed_commands is not None (even if empty). Once configured, the privileged-command guard is active.

Choosing a Setup

Best Practices

You don’t need user_allowed_commands to restrict /learn. Setting admin_users alone is enough — regular users lose /learn automatically. Add learn to user_allowed_commands only if you want a specific non-admin to keep access.
Per-command access layers on top of user allowlists — it does not replace them.
Both have side effects: resetting state and cancelling tasks.
Shows the exact allow list resolved for the caller, including which commands are blocked.
Register with bot.register_command("ping", handler) then include "ping" in the allowlist for non-admins.

Bot Chat Commands

Built-in and custom commands

Bot Security

DM policy and safe defaults

Learn Skill

The privileged /learn command — authors a grounded SKILL.md from sources