When LLM passes a directory path to astrbot_file_read_tool, the tool previously
returned Error: [Errno 13] Permission denied, misleading the LLM into thinking
it was a permissions issue. The real cause: _probe_local_file() calls open('rb')
on the path, which fails on directories with Errno 13 on Windows. This is caught
by except PermissionError and displayed as-is.
Fix: Add os.path.isdir() check in FileReadTool.call() before any file I/O, at
the earliest safe point after path normalization and permission validation.
Returns a clear message: '<path> is a directory, not a file. Use a file path
instead, or use astrbot_execute_shell to list directory contents.'
Changes:
- astrbot/core/tools/computer_tools/fs.py: add isdir guard
- tests/test_computer_fs_tools.py: add test_file_read_tool_rejects_directory_with_clear_message
- Add ExaWebSearchTool (web_search_exa) with keyword/semantic search,
category filters, domain restrictions, and date range support
- Add ExaGetContentsTool (exa_get_contents) for extracting web page content
- Add _exa_search() and _exa_get_contents() API helpers hitting
https://api.exa.ai/search and https://api.exa.ai/contents
- Add _EXA_KEY_ROTATOR for multi-key rotation
- Register Exa tools in _apply_web_search_tools() dispatch
- Add Exa to WEB_SEARCH_CITATION_TOOL_NAMES for citation support
- Add websearch_exa_key config default and provider option
- Add i18n metadata for en-US, zh-CN, ru-RU
- Add Exa section to docs (en + zh)
- Add 6 unit tests covering search, contents, error handling, and
legacy config migration
Closes#5621
* feat: supports plugin to add skills
* fix tests
* fix: fs tools
* Add tests for plugin skills handling and improve skill management
- Implement test for restricted local member reading plugin skill inventory even if the plugin is inactive.
- Ensure that the skill synchronization process retains built-in skills when local skills are empty, including proper handling of plugin paths.
- Update dashboard tests to verify that plugin details include components when requested.
- Enhance skill metadata enrichment tests to include inactive plugin-provided skills for inventory.
- Add filtering tests for plugin skills based on current configuration, ensuring only allowed plugins are considered and inactive plugins are skipped.
Co-authored-by: Copilot <copilot@github.com>
* fix: handle PPIO platform context-length error messages (#7888)
* fix: 压缩算法删除 user 消息 Bug 修复
* perf: improve truncate algo
* fix: improve context length error detection for PPIO platform compatibility
- Extend error detection to handle PPIO's error message format:
'The input is longer than the model's context length'
- Add case-insensitive matching using .lower() for robustness
- Maintain backward compatibility with existing 'maximum context length' check
This fixes the issue where PPIO platform models (e.g., ppio/zai-org/glm-5-turbo)
would fail with AgentState.ERROR due to unrecognized context length errors.
---------
Co-authored-by: Soulter <905617992@qq.com>
* fix: 支持微信客服文件消息 (#7923)
* fix: 支持微信客服文件消息
* fix: remove WeCom file message placeholder
* fix(provider): fix Anthropic custom headers and system prompt compatibility (#7587)
* fix(provider): fix Anthropic custom headers and system prompt compatibility
- Pass custom_headers via AsyncAnthropic's `default_headers` parameter
instead of creating a separate httpx.AsyncClient. This avoids
`isinstance` check failures when multiple httpx installations exist
on sys.path (e.g. bundled Python + system Python).
- Use list format for the `system` parameter (`[{"type": "text", ...}]`)
instead of a plain string. The list format is supported by the official
Anthropic API and is also compatible with third-party API proxies that
reject the string format.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(provider): fix Anthropic custom headers and system prompt compatibility
- Pass custom_headers via AsyncAnthropic's `default_headers` parameter
instead of creating a separate httpx.AsyncClient. This avoids
`isinstance` check failures when multiple httpx installations exist
on sys.path (e.g. bundled Python + system Python).
- Use list format for the `system` parameter (`[{"type": "text", ...}]`)
instead of a plain string. The list format is supported by the official
Anthropic API and is also compatible with third-party API proxies that
reject the string format.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add test unit
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* perf: improve logic of adding models
Co-authored-by: piexian <piexian@users.noreply.github.com>
* chore: remove redundant logger messages and improve log clarity
Co-authored-by: Copilot <copilot@github.com>
* chore: ruff format
* docs: update knowledge base docs
closes: #7962
* fix(#7907): send_message_to_user cron 场景下 session 容错 (#7911)
* fix: send_message_to_user cron 场景下 session 容错 (#7907)
- LLM 在主动场景可能只传 session_id 而非完整三段式,
from_str 失败时用 current_session 补全前两段。
Co-authored-by: Copilot <copilot@github.com>
* fix: 限制 session 补全仅对裸 session_id 生效,避免误修带冒号的错误输入 (#7907)
* feat: add session information to cron job payload
Co-authored-by: Copilot <copilot@github.com>
* fix: improve clarity and consistency of safety mode prompts
Co-authored-by: Copilot <copilot@github.com>
---------
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
Co-authored-by: Soulter <905617992@qq.com>
* perf: tool rendering in conversation page (#7937)
* fix(dashboard): route conversation history tool messages through ToolCallCard
When viewing conversation history, large tool outputs (e.g. a single
git log --stat producing tens of KB) caused the browser renderer to
freeze. Root cause: formattedMessages mapped every role (including
tool / system / _checkpoint) into user/bot bubbles, and bot plain
strings went through markstream-vue's MarkdownRender. Single 88KB
tool messages plus 88-of-them adding up to ~349KB of synchronous
markdown parsing was enough to block the main thread for 5+ seconds.
This patch:
- Indexes tool-role messages by tool_call_id
- Filters formattedMessages to user/assistant only — tool, system and
_checkpoint roles no longer render as standalone bubbles
- Converts assistant.tool_calls (OpenAI shape, with tc.name/tc.arguments
fallbacks) into the existing tool_call MessagePart, attaching the
paired result so MessageList's ToolCallCard renders it (default
collapsed, no longer feeds large strings into the markdown renderer)
- Drops empty placeholder plain parts when an assistant message only
carries tool_calls
- Sets ts/finished_ts to 0 as a sentinel: ToolCallCard.toolCallDuration
returns "" when startTime <= 0, suppressing a misleading "0ms"
duration that would otherwise appear because conversation history
has no real timing data
Behavior change: tool results are now embedded in their assistant's
ToolCallCard.result instead of appearing as separate bot bubbles.
This matches the main chat UI's behavior.
Fixes#7929
Refs #7372#7456
* style(dashboard): use single scrollbar in conversation history preview
ToolCallCard's result/args panes have their own max-height + overflow,
which produced a nested scrollbar when nested inside the history
preview's already-scrollable .conversation-messages-container. Override
those constraints inside the preview only — the outer 500px-bounded
container already provides scroll bounds, so a single scrollbar feels
cleaner. The main chat UI is unaffected.
---------
Co-authored-by: wanger <wanger@example.com>
* fix: ruff format
* feat: add python tool timeout param (#7953)
* feat: add python tool timeout param
* Update python.py
---------
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
* fix: 钉钉连接超时后自动重连失败 (#7924)
* fix: improve DingTalk adapter error handling in run() method
* fix: add retry logic for DingTalk SDK task unexpected exit
* fix: use task.add_done_callback to wake thread on task completion, handle UnboundLocalError
* refactor: extract retry logic into handle_retry helper function
---------
Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com>
---------
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: leonforcode <leonbeyourside01@gmail.com>
Co-authored-by: AstralSolipsism <134063164+AstralSolipsism@users.noreply.github.com>
Co-authored-by: Pink YuDeer <wer00001@outlook.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: piexian <piexian@users.noreply.github.com>
Co-authored-by: NayukiMeko <ChibaNayuki@163.com>
Co-authored-by: wanger <122891289+10knamesmore@users.noreply.github.com>
Co-authored-by: wanger <wanger@example.com>
Co-authored-by: Haoran Xu <3230105281@zju.edu.cn>
Co-authored-by: 千岚之夏 <108566281+Blueteemo@users.noreply.github.com>
Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com>
- Replace LocalShellComponent's one-shot subprocess.run() with a
PersistentShellSession that wraps a long-running bash process per UMO.
cd/export/source now persist naturally within a conversation.
- Support background task execution via nohup.
- Remove unused ToolSessionManager / ToolSessionState (dead code,
never wired to any consumer).
- Fix performance benchmark: separate throughput and memory measurement
so tracemalloc doesn't distort timing (was 7x slower).
- Optimize bool validation in CommandFilter with frozenset + isinstance
short-circuit.
* fix(core): security fix - restrict send_message_to_user to current session only
Closes#7822
SECURITY: Remove the user-controlled 'session' parameter from the
send_message_to_user tool. Previously, a regular user could ask the
LLM to send messages to any arbitrary session (group chat) by
providing a crafted session string, which is a high-risk
vulnerability.
Changes:
- Remove 'session' parameter from tool schema (LLM can no longer
propose it)
- Always use context.context.event.unified_msg_origin as the target
session
- Update description to clearly state that messages can only be sent
to the current user's session
* fix: restore session param but restrict to admin only
- Re-add the parameter removed in the original PR
- Non-admin users can only send to their own session (current_session)
- Admin users can send to any session via the param
- Uses from computer_tools.util (same pattern as fs.py)
- Ref: https://github.com/AstrBotDevs/AstrBot/issues/7822
Co-authored-by: Soulter <soulter@astrbot.app>
* Update message_tools.py
---------
Co-authored-by: AstrBot <bot@astrbot.app>
* feat(shell): add background command execution with output redirection and timeout support
* feat(shell): update timeout parameter to be optional in shell execution methods
* feat(shell): set default timeout for shell execution to 10,000,000 milliseconds
* feat(shell): set default timeout to 300s for shell execution
* feat(shell): reorder timeout parameter in ExecuteShellTool configuration
* feat(shell): implement background command execution with detached shell command support
Co-authored-by: Copilot <copilot@github.com>
* test(shell): remove obsolete test for background shell command output redirection
* fix: reorder import statements in shell.py for consistency
* fix: wrap command in parentheses for background output redirection
---------
Co-authored-by: Copilot <copilot@github.com>
* feat: add Firecrawl web search and extract tools, update configuration and tests
* feat: implement Firecrawl API integration and error handling in web search tools
* feat: enhance Firecrawl web search with session management and payload validation
* feat: Firecrawl web search to use aiohttp.ClientSession directly for improved session management as it was
* feat: update Firecrawl search to handle grouped web data response and add corresponding tests
* feat: refactor Firecrawl web search to use aiohttp.ClientSession for improved error handling and session management
* feat: remove unused coercion function and update Firecrawl search to use default limit in payload
remove deprecated API modules and example scripts; update core modules
(agents, providers, tools, platform adapters, utils), dashboard package
and components, and unit tests.
* feat: update FileReadTool description to mention image and PDF support
Add explicit mention of image (OCR) and PDF (text extraction) support
to the FileReadTool description for better discoverability.
* feat: update FileReadTool description to include support for docx and epub files; change base64 decoding to utf-8
* feat: enhance ToolLoopAgentRunner to support image and audio modalities; add context sanitization logic
- ToolSet.add() now protects active tools from inactive overrides
- Add missing _has_meaningful_content() method in RespondStage
- Remove is_local=True from ExecuteShellTool (no longer supported)
- Fix ToolSet() missing namespace argument in get_full_tool_set()
- Rewrite tests to match new tool architecture (cron_tools, func_tool_manager, tool_conflict_resolution)