cd /news/ai-agents/create-sandboxed-rich-text-telegram-… · home topics ai-agents article
[ARTICLE · art-43170] src=github.com ↗ pub= topic=ai-agents verified=true sentiment=↑ positive

Create sandboxed rich-text telegram agents with a single config file

A new open-source tool allows developers to create sandboxed Telegram agents with rich-text formatting using a single YAML config file. Built on Deno, the tool supports customizable system prompts and granular sandbox permissions for network, filesystem, and environment access. The agent uses Claude models and can execute JavaScript in a restricted subprocess, enabling diverse use cases like research paper readers or coding assistants.

read2 min views1 publishedJun 29, 2026
Create sandboxed rich-text telegram agents with a single config file
Image: source

create sandboxed rich-text telegram agents with a single config file

needs deno.

deno task start my-agent.yaml

this example is a research paper reader:

name: my-agent
telegram_token: "123456:ABC-DEF..."
anthropic_api_key: "sk-ant-..."
allowed_usernames:
  - your-username
model: claude-opus-4-8        # optional
system: |                    # optional — defines what the agent is
  you are a research paper reader assistant.
  download all (html) papers you read and store them.
  when embedding a figure, only use real image urls from arxiv.org.
sandbox:                     # optional — omit to deny all
  net:   ["arxiv.org"]       # hosts, not urls
  write: ["./papers"]
  env:   false

required: telegram_token

, anthropic_api_key

, allowed_usernames

. the system

prompt is what turns the same engine into a paper reader, a maps helper, a coding assistant, etc. — telegram formatting and the agent's sandbox permissions are explained to it automatically, so system

only needs the persona.

the yaml holds secrets. don't commit it.

the agent's one tool is run_javascript

, which runs in a deno subprocess. each sandbox

entry maps to a deno --allow-*

flag on that subprocess:

true

→ allow (unrestricted)[list]

→ allow only those hosts/paths (e.g.--allow-net=a.com,b.com

)false

/ omitted → denied

omit the whole sandbox

block and generated js gets zero permissions. denied operations fail with a deno permission error returned to the agent. the agent is told its exact permissions in its system prompt, so it knows what it can and can't do.

replies are sent with telegram's sendRichMessage

, so the agent's github-flavored markdown renders natively: headings, bold/italic, strikethrough, lists, task lists, blockquotes, code

, fenced code blocks, links, footnotes, latex formulas ($x^2$

), tables, and media blocks (![](url)

, including maps via <tg-map .../>

). a bad media url is stripped and the message is retried so formatting never gets dropped wholesale.

  • typing indicator while it works
  • native rich-text replies (graceful fallback)
  • per-user conversation history (in memory, resets on restart)
  • streamed under the hood so long replies don't time out
deno task test
── more in #ai-agents 4 stories · sorted by recency
── more on @deno 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/create-sandboxed-ric…] indexed:0 read:2min 2026-06-29 ·