Skip to content

Enable dangerous tools in Telegram agent via ToolFactory injection#46

Merged
yiwang merged 3 commits into
mainfrom
copilot/fix-telegram-agent-tools-access
Feb 19, 2026
Merged

Enable dangerous tools in Telegram agent via ToolFactory injection#46
yiwang merged 3 commits into
mainfrom
copilot/fix-telegram-agent-tools-access

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Feb 19, 2026
edited
Loading

Telegram agent dangerous tools support ✅

Implementation Complete

  • Understand the issue: Telegram bot cannot use dangerous tools (bash, read_file, write_file, edit_file)
  • Analyze heartbeat fix: HeartbeatRunner was fixed to accept ToolFactory callback for injecting CLI tools
  • Modify run_telegram_bot to accept optional ToolFactory parameter (similar to HeartbeatRunner)
  • Update BotState to store the tool factory
  • Modify agent creation in handle_chat to extend tools using factory (similar to heartbeat at line 346-349 of runner.rs)
  • Update daemon.rs to pass create_cli_tools factory when starting Telegram bot
  • Document the changes and pattern used
  • Fix cargo fmt formatting issues

Summary

Applied the same ToolFactory pattern used for HeartbeatRunner to the Telegram bot, enabling it to use dangerous tools (bash, read_file, write_file, edit_file) when running in daemon mode.

Changes Made

telegram.rs:

  • Added ToolFactory type definition
  • Added tool_factory field to BotState
  • Modified run_telegram_bot() to accept tool_factory parameter
  • Added tool extension logic in handle_chat()

daemon.rs:

  • Created tool factory wrapping create_cli_tools()
  • Pass factory to run_telegram_bot() call

Pattern Applied

Exact same pattern as HeartbeatRunner (crates/core/src/heartbeat/runner.rs):

  1. Define ToolFactory type - boxed function Config → Vec
  2. Accept optional ToolFactory parameter in public function
  3. Store factory in state structure
  4. Extend agent with factory tools after Agent::new()
  5. Daemon injects create_cli_tools() via factory closure

Security

  • Tools only injected when running via localgpt daemon start
  • Mobile/web builds don't get dangerous tools
  • All dangerous tools run in sandbox with restrictions
  • Follows principle of least privilege
Original prompt

This section details on the original issue you should resolve

<issue_title>Telegram agent also cannot use "dangerous" tools now?</issue_title>
<issue_description>Okay now that I've got my daemon up and running again that the heartbeat works, I tried to reply to tell it to download a link into a file for later reference... but it replied immediately saying no file tools... argh, this was all working back in v0.1 ... while I appreciate the focus on providing security, sandboxing, and all that... I run mine in an isolated low-priv user, and I very much want it to be able to do everything that that user can do at all times... can we just like have a setting for "Yes Please, let LocalGPT Do All The Things Its System User Can Do" back?</issue_description>

<agent_instructions>check what blocked telegram to use all tools, maybe the same issue as the core crate is refactered out, so need similar fix as have heartbeat back</agent_instructions>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@yiwang
Add tool factory support to Telegram bot for dangerous tools
c59297a 
- Add ToolFactory type to telegram module (same pattern as HeartbeatRunner)
- Modify run_telegram_bot() to accept optional ToolFactory parameter
- Store tool_factory in BotState
- Extend agent with CLI tools when factory is provided in handle_chat()
- Update daemon to inject create_cli_tools factory when starting Telegram bot
- This allows Telegram agent to use bash, read_file, write_file, edit_file tools

Co-authored-by: yiwang <142937+yiwang@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix Telegram agent to use file tools again Enable dangerous tools in Telegram agent via ToolFactory injection Feb 19, 2026
Copilot AI requested a review from yiwang February 19, 2026 05:08
@yiwang
Copy link
Copy Markdown
Contributor

yiwang commented Feb 19, 2026

@copilot fix ci format error

@yiwang
Fix cargo fmt formatting issues
bdc7c90 
Co-authored-by: yiwang <142937+yiwang@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Feb 19, 2026

@copilot fix ci format error

Fixed in bdc7c90. Ran cargo fmt to apply standard Rust formatting to the function signatures and await expressions.

@yiwang yiwang marked this pull request as ready for review February 19, 2026 05:44
@yiwang yiwang merged commit dacdec6 into main Feb 19, 2026
5 checks passed
@yiwang yiwang deleted the copilot/fix-telegram-agent-tools-access branch February 19, 2026 05:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yiwang yiwang Awaiting requested review from yiwang

Assignees

@yiwang yiwang

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Telegram agent also cannot use "dangerous" tools now?

2 participants

@yiwang