manawenuz/featherChat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.0.31: per-bot unique user IDs, remove raw fingerprint from bot API

Browse Source 
Privacy: from.id is now Hash(bot_token + user_fp) → different bots see
different numeric IDs for the same user. Prevents cross-bot user correlation.

Removed id_str (raw hex fingerprint) from all bot API responses.
Updated LLM_BOT_DEV.md and LLM_HELP.md.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
2026-03-29 13:49:10 +04:00
parent 6fee73fc4d
commit 3e583bb04b
8 changed files with 59 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
warzone/docs/LLM_BOT_DEV.md
View File

@@ -57,8 +57,8 @@ Response:
{"ok":true,"result":[
{"update_id":1,"message":{
"message_id":"uuid",
"from":{"id":123456,"id_str":"sender_fp_hex","is_bot":false},
"chat":{"id":123456,"id_str":"sender_fp_hex","type":"private"},
"from":{"id":123456,"is_bot":false},
"chat":{"id":123456,"type":"private"},
"date":1711612800,
"text":"Hello bot!"
}}
@@ -69,8 +69,8 @@ Response:
- `offset` — skip updates < offset (acknowledge processed). **Always use this.**
- `timeout` — long-poll seconds (max 50, matches Telegram)
- `limit` — max updates (default 100)
- `from.id` — numeric (i64 hash of fingerprint, for TG library compat)
- `from.id_str` — hex fingerprint string
- `from.id` — numeric (per-bot unique hash, different bots see different IDs for same user)
- No raw fingerprint exposed to bots (privacy: bots can't correlate users cross-bot)
### sendMessage
```
@@ -246,7 +246,7 @@ The bridge translates numeric chat_id ↔ fingerprints automatically.
| User→bot messages | plaintext | plaintext (auto-detected by client) |
| Bot creation | @BotFather chat | @botfather chat (same flow) |
| getUpdates timeout | up to 50s | up to 50s |
| from.id | integer | integer (hash of fp) + id_str (hex fp) |
| from.id | integer | integer (per-bot unique hash, no raw fp exposed) |
| File upload | multipart | JSON reference (v1) |
| Inline keyboards | full | stored + delivered, no popup |
| Webhooks | HTTPS POST | HTTP POST (delivered live) |
@@ -256,7 +256,7 @@ The bridge translates numeric chat_id ↔ fingerprints automatically.
## Key Rules
1. **Always use offset** in getUpdates — without it you reprocess messages
2. **chat_id** — use `msg.chat.id` (numeric) or `msg.chat.id_str` (hex fingerprint)
2. **chat_id** — use `msg.chat.id` (numeric, per-bot unique) for replies
3. **Bot names** must end with `bot`, `Bot`, or `_bot`
4. **Only @botfather** can create bots — direct API registration requires botfather_token
5. **Server needs --enable-bots** — without it all bot endpoints return 403

2
warzone/docs/LLM_HELP.md
View File

@@ -175,7 +175,7 @@ Bots can optionally participate in E2E encryption by registering with a seed and
- Webhooks: updates are delivered live to the registered URL (POST with JSON body)
- chat_id: accepts hex fingerprint or numeric ID (TG compatibility)
- parse_mode: `HTML` renders basic HTML tags (<b>, <i>, <code>, <a>) in clients
- from.id is numeric (integer), from.id_str contains the hex fingerprint
- from.id is per-bot unique numeric (bots can't correlate users cross-bot, no raw fingerprint exposed)
Update types in getUpdates:
- Encrypted msg: text=null, raw_encrypted=base64