85 Commits

Author SHA1 Message Date
LIghtJUNction
5535f0c932 Merge branch 'master' into dev
# Conflicts:
#	AGENTS.md
#	astrbot/__init__.py
#	astrbot/cli/utils/__init__.py
#	astrbot/core/astr_agent_tool_exec.py
#	astrbot/core/computer/booters/local.py
#	astrbot/core/cron/manager.py
#	astrbot/core/knowledge_base/kb_mgr.py
#	astrbot/core/knowledge_base/retrieval/manager.py
#	astrbot/core/platform/sources/discord/discord_platform_adapter.py
#	astrbot/core/platform/sources/qqofficial/qqofficial_message_event.py
#	astrbot/core/platform/sources/qqofficial/qqofficial_platform_adapter.py
#	astrbot/core/platform/sources/qqofficial_webhook/qo_webhook_server.py
#	astrbot/core/platform/sources/wecom/wecom_adapter.py
#	astrbot/core/platform/sources/wecom_ai_bot/wecomai_adapter.py
#	astrbot/core/provider/func_tool_manager.py
#	astrbot/core/provider/sources/mimo_api_common.py
#	astrbot/core/star/star_manager.py
#	astrbot/core/tools/computer_tools/fs.py
#	astrbot/core/tools/computer_tools/python.py
#	astrbot/core/tools/computer_tools/shell.py
#	astrbot/core/tools/message_tools.py
#	astrbot/core/tools/web_search_tools.py
#	astrbot/core/utils/io.py
#	astrbot/core/utils/tencent_record_helper.py
#	dashboard/package.json
#	dashboard/src/assets/mdi-subset/materialdesignicons-subset.css
#	dashboard/src/assets/mdi-subset/materialdesignicons-webfont-subset.woff
#	dashboard/src/assets/mdi-subset/materialdesignicons-webfont-subset.woff2
#	dashboard/src/components/ConfirmDialog.vue
#	dashboard/src/components/chat/Chat.vue
#	dashboard/src/components/chat/ChatInput.vue
#	dashboard/src/components/chat/ChatMessageList.vue
#	dashboard/src/components/chat/ConfigSelector.vue
#	dashboard/src/components/chat/MessageList.vue
#	dashboard/src/components/chat/ProjectDialog.vue
#	dashboard/src/components/chat/ProjectList.vue
#	dashboard/src/components/chat/ProjectView.vue
#	dashboard/src/components/chat/ProviderModelMenu.vue
#	dashboard/src/components/chat/RegenerateMenu.vue
#	dashboard/src/components/chat/StandaloneChat.vue
#	dashboard/src/components/chat/ThreadPanel.vue
#	dashboard/src/components/chat/ThreadedMarkdownMessagePart.vue
#	dashboard/src/components/chat/message_list_comps/MarkdownMessagePart.vue
#	dashboard/src/components/chat/message_list_comps/ReasoningTimeline.vue
#	dashboard/src/components/chat/message_list_comps/RefsSidebar.vue
#	dashboard/src/components/config/UnsavedChangesConfirmDialog.vue
#	dashboard/src/components/extension/MarketPluginCard.vue
#	dashboard/src/components/extension/McpServersSection.vue
#	dashboard/src/components/extension/SkillsSection.vue
#	dashboard/src/components/extension/componentPanel/components/DetailsDialog.vue
#	dashboard/src/components/extension/componentPanel/components/RenameDialog.vue
#	dashboard/src/components/folder/BaseCreateFolderDialog.vue
#	dashboard/src/components/folder/BaseFolderItemSelector.vue
#	dashboard/src/components/folder/BaseMoveToFolderDialog.vue
#	dashboard/src/components/platform/AddNewPlatform.vue
#	dashboard/src/components/provider/AddNewProvider.vue
#	dashboard/src/components/provider/ProviderModelsPanel.vue
#	dashboard/src/components/shared/BackupDialog.vue
#	dashboard/src/components/shared/ChangelogDialog.vue
#	dashboard/src/components/shared/ExtensionCard.vue
#	dashboard/src/components/shared/FileConfigItem.vue
#	dashboard/src/components/shared/KnowledgeBaseSelector.vue
#	dashboard/src/components/shared/ListConfigItem.vue
#	dashboard/src/components/shared/ObjectEditor.vue
#	dashboard/src/components/shared/PersonaForm.vue
#	dashboard/src/components/shared/PluginSetSelector.vue
#	dashboard/src/components/shared/ProviderSelector.vue
#	dashboard/src/components/shared/ReadmeDialog.vue
#	dashboard/src/components/shared/SidebarCustomizer.vue
#	dashboard/src/components/shared/T2ITemplateEditor.vue
#	dashboard/src/components/shared/UninstallConfirmDialog.vue
#	dashboard/src/components/shared/WaitingForRestart.vue
#	dashboard/src/composables/useMessages.ts
#	dashboard/src/composables/useProjects.ts
#	dashboard/src/composables/useProviderModelConfigDialog.ts
#	dashboard/src/composables/useProviderSources.ts
#	dashboard/src/i18n/locales/ru-RU/features/config-metadata.json
#	dashboard/src/i18n/locales/ru-RU/features/extension.json
#	dashboard/src/i18n/locales/ru-RU/features/provider.json
#	dashboard/src/layouts/full/vertical-header/VerticalHeader.vue
#	dashboard/src/scss/_override.scss
#	dashboard/src/stores/common.js
#	dashboard/src/stores/customizer.ts
#	dashboard/src/views/ConfigPage.vue
#	dashboard/src/views/ConversationPage.vue
#	dashboard/src/views/PlatformPage.vue
#	dashboard/src/views/SessionManagementPage.vue
#	dashboard/src/views/WelcomePage.vue
#	dashboard/src/views/alkaid/KnowledgeBase.vue
#	dashboard/src/views/alkaid/LongTermMemory.vue
#	dashboard/src/views/authentication/auth/LoginPage.vue
#	dashboard/src/views/extension/InstalledPluginsTab.vue
#	dashboard/src/views/extension/useExtensionPage.js
#	dashboard/src/views/knowledge-base/DocumentDetail.vue
#	dashboard/src/views/knowledge-base/KBList.vue
#	dashboard/src/views/knowledge-base/components/DocumentsTab.vue
#	dashboard/src/views/knowledge-base/components/SettingsTab.vue
#	dashboard/src/views/knowledge-base/components/TavilyKeyDialog.vue
#	dashboard/src/views/persona/FolderTree.vue
#	dashboard/src/views/persona/MoveToFolderDialog.vue
#	dashboard/src/views/persona/PersonaManager.vue
#	requirements.txt
#	tests/test_local_shell_component.py
#	tests/unit/test_func_tool_manager.py
#	tests/unit/test_web_search_tools.py
2026-07-16 17:39:40 +08:00
NayukiChiba
8a31cf01f2 fix(core): improve web search API key failover
Merge PR #8896
2026-07-03 22:53:22 +08:00
Weilong Liao
e7d5be632f feat: add ChatUI project workspaces (#9066)
* feat: add ChatUI project workspaces

* feat: refine chatui layout

* feat: enhance chat input and project view styles for attachment handling

* feat: adjust chat sidebar brand logo positioning

* feat: enhance project dialog with error handling and loading state
2026-07-03 21:54:20 +08:00
Haoran Xu
41f8960302 fix: astrbot_file_read_tool returns clear error for directory path instead of misleading Permission denied (#9088)
When LLM passes a directory path to astrbot_file_read_tool, the tool previously
returned Error: [Errno 13] Permission denied, misleading the LLM into thinking
it was a permissions issue. The real cause: _probe_local_file() calls open('rb')
on the path, which fails on directories with Errno 13 on Windows. This is caught
by except PermissionError and displayed as-is.

Fix: Add os.path.isdir() check in FileReadTool.call() before any file I/O, at
the earliest safe point after path normalization and permission validation.
Returns a clear message: '<path> is a directory, not a file. Use a file path
instead, or use astrbot_execute_shell to list directory contents.'

Changes:
- astrbot/core/tools/computer_tools/fs.py: add isdir guard
- tests/test_computer_fs_tools.py: add test_file_read_tool_rejects_directory_with_clear_message
2026-06-30 20:39:50 +08:00
Weilong Liao
de572e3fe0 fix: avoid duplicate send_message_to_user replies (#9051) 2026-06-27 16:57:17 +08:00
fan
534ad0ccc7 fix: _KeyRotator index bounds check (#9040) 2026-06-27 13:56:26 +08:00
LIghtJUNction
5d22db51ad fix: resolve merge conflicts and complete dashboard API migration 2026-06-26 09:50:15 +08:00
Tanishq
ae29a7eaf9 feat(websearch): add Exa as a web search provider (#8973)
- Add ExaWebSearchTool (web_search_exa) with keyword/semantic search,
  category filters, domain restrictions, and date range support
- Add ExaGetContentsTool (exa_get_contents) for extracting web page content
- Add _exa_search() and _exa_get_contents() API helpers hitting
  https://api.exa.ai/search and https://api.exa.ai/contents
- Add _EXA_KEY_ROTATOR for multi-key rotation
- Register Exa tools in _apply_web_search_tools() dispatch
- Add Exa to WEB_SEARCH_CITATION_TOOL_NAMES for citation support
- Add websearch_exa_key config default and provider option
- Add i18n metadata for en-US, zh-CN, ru-RU
- Add Exa section to docs (en + zh)
- Add 6 unit tests covering search, contents, error handling, and
  legacy config migration

Closes #5621
2026-06-24 15:53:47 +08:00
Weilong Liao
59734c22b6 fix(core): reject hardlinked files in restricted local fs tools
Reject multi-linked regular files in restricted local filesystem tools so workspace hardlink aliases cannot read or overwrite files outside allowed directories.

Fixes #8868.
2026-06-19 00:28:36 +08:00
Weilong Liao
309e05d3cc fix: enforce future task owner checks (#8881) 2026-06-18 23:35:33 +08:00
エイカク
2c8736fe42 fix: harden sandbox file transfers (#8840)
* fix: harden sandbox file transfers

* fix: check CUA sandbox availability with shell probe

* fix: address sandbox transfer review feedback

* fix: preserve CUA health check cancellation

* fix: tighten CUA health probe checks
2026-06-17 22:25:51 +09:00
Soulter
90ca0857a5 Merge remote-tracking branch 'origin/pr/8197' into codex/pr-8197-merge
# Conflicts:
#	astrbot/core/platform/sources/dingtalk/dingtalk_adapter.py
#	astrbot/core/provider/sources/anthropic_source.py
#	astrbot/dashboard/routes/plugin.py
2026-06-16 11:46:33 +08:00
エイカク
dd828c99f4 fix: run local python in session workspace (#8792) 2026-06-15 20:52:00 +08:00
Weilong Liao
66ec415e56 fix: restrict local file paths in message tools (#8660)
* fix: restrict local file paths in message tool

* Update astrbot/core/tools/message_tools.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix: rf

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-06-08 01:20:47 +08:00
LIghtJUNction
a368609208 Merge remote-tracking branch 'origin/master' into dev
# Conflicts:
#	astrbot/core/astr_main_agent.py
#	astrbot/core/db/__init__.py
#	astrbot/core/db/vec_db/faiss_impl/document_storage.py
#	astrbot/core/message/components.py
#	astrbot/core/pipeline/process_stage/method/agent_sub_stages/internal.py
#	astrbot/core/platform/sources/qqofficial/qqofficial_message_event.py
#	astrbot/core/platform/sources/qqofficial/qqofficial_platform_adapter.py
#	astrbot/core/platform/sources/qqofficial_webhook/qo_webhook_server.py
#	astrbot/core/provider/sources/anthropic_source.py
#	astrbot/core/provider/sources/openai_source.py
#	astrbot/dashboard/routes/command.py
#	astrbot/dashboard/routes/static_file.py
#	astrbot/dashboard/server.py
#	dashboard/package.json
#	dashboard/src/components/chat/ChatInput.vue
#	dashboard/src/components/chat/ChatMessageList.vue
#	dashboard/src/components/chat/MessageList.vue
#	dashboard/src/components/chat/StandaloneChat.vue
#	dashboard/src/components/chat/message_list_comps/ReasoningBlock.vue
#	dashboard/src/components/provider/ProviderSourcesPanel.vue
#	dashboard/src/components/shared/ExtensionCard.vue
#	dashboard/src/components/shared/ListConfigItem.vue
#	dashboard/src/composables/useProviderSources.ts
#	dashboard/src/utils/providerUtils.js
#	dashboard/src/views/extension/InstalledPluginsTab.vue
#	docs/zh/dev/star/plugin.md
2026-05-30 16:59:16 +08:00
Soulter
49036f8f9d fix(message_tools): improve description for SendMessageToUserTool usage
fixes: #8355
2026-05-30 14:01:25 +08:00
LIghtJUNction
f48c11439b refactor(core): remove tools prompts module 2026-05-22 17:39:07 +08:00
LIghtJUNction
4098303658 refactor: miscellaneous updates across modules 2026-05-21 19:10:02 +08:00
LIghtJUNction
92c58f8a2a fix: resolve merge follow-ups (typing, imports, frontend tests) 2026-05-19 21:16:25 +08:00
LIghtJUNction
987099d4cb chore: merge origin/master into dev 2026-05-19 21:15:22 +08:00
Dale Null
c665b6e3e5 chore: reduce pyright type errors 2026-05-15 16:31:37 +08:00
NayukiMeko
22ba831a31 fix(message_tools): throw exception and block message sending when path does not exist (#8149)
* fix(message_tools): 路径不存在时抛出异常并阻止消息发送

- _resolve_path_from_sandbox 在所有解析路径均失败时改为抛出 FileNotFoundError,而非静默返回原始路径,避免将无效路径传递给下游组件
- 新增 component_type 关键字参数,使错误信息能明确指出是 image/record/video/file 哪类资源路径缺失
- 在 call 方法中捕获 FileNotFoundError 并提前返回错误字符串,确保路径无效时不会继续构建或发送任何消息组件
- 补充单元测试,验证缺失图片路径场景下 send_message 不会被调用

* Update tests/unit/test_message_tools.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix(tools): propagate sandbox error instead of masking as FileNotFoundError

---------

Co-authored-by: Ruochen Pan <badbatch0x01@gmail.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: RC-CHN <1051989940@qq.com>
2026-05-13 11:50:06 +08:00
LIghtJUNction
d373a24320 merge: sync origin/master into dev
Resolved 76 file conflicts across backend, frontend, and tests:
- Core backend: agent, platform, provider, star, tools, cron, KB, utils
- Dashboard backend: auth, config, plugin routes, server, runtime bootstrap
- Frontend components: shared, extension, provider components
- Frontend views: console, trace, cron, extension, platform, provider, etc.
- Frontend infrastructure: layouts, router, stores, main.ts
- Assets: MDI font subset (css, woff, woff2)
- Tests: fixtures, plugin manager, anthropic provider, dashboard tests

Strategy per file:
- Most backend: merged master improvements (metrics, http_client -> default_headers,
  download_url params, plugin i18n, runtime guards, auth middleware)
- Frontend views: adopted master dashboard-shell layout (v-container, is-dark theme)
- InstalledPluginsTab: kept dev pinned-plugins feature (drag-sort, pin/unpin)
- Binary assets: resolved via git checkout
- Tests: merged both branches' assertions and mock updates
2026-05-08 11:04:03 +08:00
Weilong Liao
f2370cd1ba feat: supports plugin to add skills (#7945)
* feat: supports plugin to add skills

* fix tests

* fix: fs tools

* Add tests for plugin skills handling and improve skill management

- Implement test for restricted local member reading plugin skill inventory even if the plugin is inactive.
- Ensure that the skill synchronization process retains built-in skills when local skills are empty, including proper handling of plugin paths.
- Update dashboard tests to verify that plugin details include components when requested.
- Enhance skill metadata enrichment tests to include inactive plugin-provided skills for inventory.
- Add filtering tests for plugin skills based on current configuration, ensuring only allowed plugins are considered and inactive plugins are skipped.

Co-authored-by: Copilot <copilot@github.com>

* fix: handle PPIO platform context-length error messages (#7888)

* fix: 压缩算法删除 user 消息 Bug 修复

* perf: improve truncate algo

* fix: improve context length error detection for PPIO platform compatibility

- Extend error detection to handle PPIO's error message format:
  'The input is longer than the model's context length'
- Add case-insensitive matching using .lower() for robustness
- Maintain backward compatibility with existing 'maximum context length' check

This fixes the issue where PPIO platform models (e.g., ppio/zai-org/glm-5-turbo)
would fail with AgentState.ERROR due to unrecognized context length errors.

---------

Co-authored-by: Soulter <905617992@qq.com>

* fix: 支持微信客服文件消息 (#7923)

* fix: 支持微信客服文件消息

* fix: remove WeCom file message placeholder

* fix(provider): fix Anthropic custom headers and system prompt compatibility (#7587)

* fix(provider): fix Anthropic custom headers and system prompt compatibility

- Pass custom_headers via AsyncAnthropic's `default_headers` parameter
  instead of creating a separate httpx.AsyncClient. This avoids
  `isinstance` check failures when multiple httpx installations exist
  on sys.path (e.g. bundled Python + system Python).

- Use list format for the `system` parameter (`[{"type": "text", ...}]`)
  instead of a plain string. The list format is supported by the official
  Anthropic API and is also compatible with third-party API proxies that
  reject the string format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(provider): fix Anthropic custom headers and system prompt compatibility

- Pass custom_headers via AsyncAnthropic's `default_headers` parameter
  instead of creating a separate httpx.AsyncClient. This avoids
  `isinstance` check failures when multiple httpx installations exist
  on sys.path (e.g. bundled Python + system Python).

- Use list format for the `system` parameter (`[{"type": "text", ...}]`)
  instead of a plain string. The list format is supported by the official
  Anthropic API and is also compatible with third-party API proxies that
  reject the string format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Add test unit

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* perf: improve logic of adding models

Co-authored-by: piexian <piexian@users.noreply.github.com>

* chore: remove redundant logger messages and improve log clarity

Co-authored-by: Copilot <copilot@github.com>

* chore: ruff format

* docs: update knowledge base docs

closes: #7962

* fix(#7907): send_message_to_user cron 场景下 session 容错 (#7911)

* fix: send_message_to_user cron 场景下 session 容错 (#7907)

- LLM 在主动场景可能只传 session_id 而非完整三段式,
from_str 失败时用 current_session 补全前两段。

Co-authored-by: Copilot <copilot@github.com>

* fix: 限制 session 补全仅对裸 session_id 生效,避免误修带冒号的错误输入 (#7907)

* feat: add session information to cron job payload

Co-authored-by: Copilot <copilot@github.com>

* fix: improve clarity and consistency of safety mode prompts

Co-authored-by: Copilot <copilot@github.com>

---------

Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
Co-authored-by: Soulter <905617992@qq.com>

* perf: tool rendering in conversation page (#7937)

* fix(dashboard): route conversation history tool messages through ToolCallCard

When viewing conversation history, large tool outputs (e.g. a single
git log --stat producing tens of KB) caused the browser renderer to
freeze. Root cause: formattedMessages mapped every role (including
tool / system / _checkpoint) into user/bot bubbles, and bot plain
strings went through markstream-vue's MarkdownRender. Single 88KB
tool messages plus 88-of-them adding up to ~349KB of synchronous
markdown parsing was enough to block the main thread for 5+ seconds.

This patch:

- Indexes tool-role messages by tool_call_id
- Filters formattedMessages to user/assistant only — tool, system and
  _checkpoint roles no longer render as standalone bubbles
- Converts assistant.tool_calls (OpenAI shape, with tc.name/tc.arguments
  fallbacks) into the existing tool_call MessagePart, attaching the
  paired result so MessageList's ToolCallCard renders it (default
  collapsed, no longer feeds large strings into the markdown renderer)
- Drops empty placeholder plain parts when an assistant message only
  carries tool_calls
- Sets ts/finished_ts to 0 as a sentinel: ToolCallCard.toolCallDuration
  returns "" when startTime <= 0, suppressing a misleading "0ms"
  duration that would otherwise appear because conversation history
  has no real timing data

Behavior change: tool results are now embedded in their assistant's
ToolCallCard.result instead of appearing as separate bot bubbles.
This matches the main chat UI's behavior.

Fixes #7929
Refs #7372 #7456

* style(dashboard): use single scrollbar in conversation history preview

ToolCallCard's result/args panes have their own max-height + overflow,
which produced a nested scrollbar when nested inside the history
preview's already-scrollable .conversation-messages-container. Override
those constraints inside the preview only — the outer 500px-bounded
container already provides scroll bounds, so a single scrollbar feels
cleaner. The main chat UI is unaffected.

---------

Co-authored-by: wanger <wanger@example.com>

* fix: ruff format

* feat: add python tool timeout param (#7953)

* feat: add python tool timeout param

* Update python.py

---------

Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>

* fix: 钉钉连接超时后自动重连失败 (#7924)

* fix: improve DingTalk adapter error handling in run() method

* fix: add retry logic for DingTalk SDK task unexpected exit

* fix: use task.add_done_callback to wake thread on task completion, handle UnboundLocalError

* refactor: extract retry logic into handle_retry helper function

---------

Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com>

---------

Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: leonforcode <leonbeyourside01@gmail.com>
Co-authored-by: AstralSolipsism <134063164+AstralSolipsism@users.noreply.github.com>
Co-authored-by: Pink YuDeer <wer00001@outlook.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: piexian <piexian@users.noreply.github.com>
Co-authored-by: NayukiMeko <ChibaNayuki@163.com>
Co-authored-by: wanger <122891289+10knamesmore@users.noreply.github.com>
Co-authored-by: wanger <wanger@example.com>
Co-authored-by: Haoran Xu <3230105281@zju.edu.cn>
Co-authored-by: 千岚之夏 <108566281+Blueteemo@users.noreply.github.com>
Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com>
2026-05-03 16:37:36 +08:00
Haoran Xu
9e09299dcb feat: add python tool timeout param (#7953)
* feat: add python tool timeout param

* Update python.py

---------

Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
2026-05-03 15:08:10 +08:00
NayukiMeko
8098a92f33 fix(#7907): send_message_to_user cron 场景下 session 容错 (#7911)
* fix: send_message_to_user cron 场景下 session 容错 (#7907)

- LLM 在主动场景可能只传 session_id 而非完整三段式,
from_str 失败时用 current_session 补全前两段。

Co-authored-by: Copilot <copilot@github.com>

* fix: 限制 session 补全仅对裸 session_id 生效,避免误修带冒号的错误输入 (#7907)

* feat: add session information to cron job payload

Co-authored-by: Copilot <copilot@github.com>

* fix: improve clarity and consistency of safety mode prompts

Co-authored-by: Copilot <copilot@github.com>

---------

Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
Co-authored-by: Soulter <905617992@qq.com>
2026-05-03 14:37:37 +08:00
Soulter
1aacb46289 fix: improve error message for invalid session format in SendMessageToUserTool
Co-authored-by: Copilot <copilot@github.com>
2026-05-01 13:09:27 +08:00
LIghtJUNction
dcaaf6286a test: comprehensive test coverage and type fixes
- Add 100+ new test files covering provider sources, platform adapters,
  agent runners, star/plugin system, knowledge base, core utils,
  pipeline, computer tools, builtin commands, and dashboard routes
- Fix Python type errors in sqlite.py (col() wrappers for SQLModel),
  astr_agent_tool_exec, core_lifecycle, star context/manager
- Fix TypeScript strict mode errors across 30+ dashboard Vue files
- Add import smoke tests, auth roundtrip, startup tests
- Add compile-all check and CLI entry test for AUR compatibility
- Restore BotMessageAccumulator and helpers lost in merge
2026-04-29 06:29:56 +08:00
LIghtJUNction
cafe26b154 fix: repair test failures from merge
- test_astr_agent_tool_exec: add get_llm_tool_manager mock to handoff tests
- test_astr_main_agent: fix fullwidth punctuation, Firecrawl->Tavily, streaming
  test, CUA/shipyard sandbox tests, add get_llm_tool_manager mock
- shipyard_neo/browser.py: add @builtin_tool to BrowserExecTool/BatchExecTool/RunBrowserSkillTool
- shipyard_neo/neo_skills.py: add @builtin_tool to all 11 NeoSkillToolBase subclasses
2026-04-29 04:04:08 +08:00
LIghtJUNction
d57582e599 fix: restore merge-dropped port/ip_addr variable definitions and payload type ignore 2026-04-29 03:06:56 +08:00
LIghtJUNction
497fefb3ca fix: restore missing sentinel classes and import lost in merge 2026-04-29 02:27:46 +08:00
LIghtJUNction
f5d60f3c7f fix: restore persistent shell session lost in merge, upgrade axios to 1.15.0 2026-04-29 02:18:08 +08:00
LIghtJUNction
0208dbb15f Merge branch 'master' of https://github.com/AstrBotDevs/AstrBot into dev
# Conflicts:
#	dashboard/vite.config.ts
2026-04-29 02:16:18 +08:00
LIghtJUNction
5f827fffd2 feat: persistent shell session and remove dead ToolSessionManager
- Replace LocalShellComponent's one-shot subprocess.run() with a
  PersistentShellSession that wraps a long-running bash process per UMO.
  cd/export/source now persist naturally within a conversation.
- Support background task execution via nohup.
- Remove unused ToolSessionManager / ToolSessionState (dead code,
  never wired to any consumer).
- Fix performance benchmark: separate throughput and memory measurement
  so tracemalloc doesn't distort timing (was 7x slower).
- Optimize bool validation in CommandFilter with frozenset + isinstance
  short-circuit.
2026-04-29 02:06:24 +08:00
LIghtJUNction
4463895c89 chore: improve code quality score from 55 to 81
- Convert bad type: ignore[...] to blanket ignores
- Remove unused type: ignore directives
- Fix genie_tts/dashscope_tts Any type annotations
- Remove temp file
2026-04-29 01:28:20 +08:00
Weilong Liao
8f356b84c7 fix(core): restrict send_message_to_user to current session (security fix #7822) (#7824)
* fix(core): security fix - restrict send_message_to_user to current session only

Closes #7822

SECURITY: Remove the user-controlled 'session' parameter from the
send_message_to_user tool. Previously, a regular user could ask the
LLM to send messages to any arbitrary session (group chat) by
providing a crafted session string, which is a high-risk
vulnerability.

Changes:
- Remove 'session' parameter from tool schema (LLM can no longer
  propose it)
- Always use context.context.event.unified_msg_origin as the target
  session
- Update description to clearly state that messages can only be sent
  to the current user's session

* fix: restore session param but restrict to admin only

- Re-add the  parameter removed in the original PR
- Non-admin users can only send to their own session (current_session)
- Admin users can send to any session via the  param
- Uses  from computer_tools.util (same pattern as fs.py)
- Ref: https://github.com/AstrBotDevs/AstrBot/issues/7822

Co-authored-by: Soulter <soulter@astrbot.app>

* Update message_tools.py

---------

Co-authored-by: AstrBot <bot@astrbot.app>
2026-04-29 00:15:16 +08:00
Soulter
962c299c2d feat(shell): enhance exec method to support timeout parameter and improve background command handling 2026-04-28 23:55:29 +08:00
Weilong Liao
ac7f6aa60d feat(shell): add background command execution with output redirection and timeout support (#7835)
* feat(shell): add background command execution with output redirection and timeout support

* feat(shell): update timeout parameter to be optional in shell execution methods

* feat(shell): set default timeout for shell execution to 10,000,000 milliseconds

* feat(shell): set default timeout to 300s for shell execution

* feat(shell): reorder timeout parameter in ExecuteShellTool configuration

* feat(shell): implement background command execution with detached shell command support

Co-authored-by: Copilot <copilot@github.com>

* test(shell): remove obsolete test for background shell command output redirection

* fix: reorder import statements in shell.py for consistency

* fix: wrap command in parentheses for background output redirection

---------

Co-authored-by: Copilot <copilot@github.com>
2026-04-28 23:25:54 +08:00
エイカク
cb5c172e69 feat: add CUA computer-use sandbox support (#7828)
* feat: add CUA computer-use sandbox support

* fix: add CUA config metadata translations

* fix: address CUA sandbox review feedback

* fix: default CUA sandbox to local mode

* fix: harden CUA SDK method compatibility

* fix: harden CUA GUI and permission handling

* fix: refine CUA capability and shell handling

* fix: avoid inline CUA screenshot image results by default

* fix: guide CUA browser startup workflow

* feat: add CUA browser and key press tools

* fix: launch CUA browser as sandbox user

* fix: stabilize CUA browser screenshots

* fix: simplify CUA browser launch command

* fix: remove CUA open browser tool

* fix: align CUA desktop control guidance

* fix: harden CUA shell background handling

* fix: harden CUA runtime adapters

* fix: surface CUA filesystem failures

* fix: clarify CUA shell fallback support

* fix: harden CUA shell helpers

* fix: guard CUA file fallbacks

* fix: redact sensitive config log paths

* fix: guard CUA download fallback

* test: cover CUA GUI and shell env wiring

* fix: preserve CUA command result output

* fix: normalize CUA return codes

* fix: preserve foreground shell behavior

* fix: clean up failed CUA boots

* docs: add CUA sandbox runtime guide

* test: cover CUA GUI tool registration

* refactor: simplify CUA fallback handling

* refactor: simplify CUA shell helpers

* test: cover CUA screenshot result shapes
2026-04-28 01:40:14 +09:00
wjiajian
17aea1aa2c feat: add Firecrawl web search tools (#7764)
* feat: add Firecrawl web search and extract tools, update configuration and tests

* feat: implement Firecrawl API integration and error handling in web search tools

* feat: enhance Firecrawl web search with session management and payload validation

* feat:  Firecrawl web search to use aiohttp.ClientSession directly for improved session management as it was

* feat: update Firecrawl search to handle grouped web data response and add corresponding tests

* feat: refactor Firecrawl web search to use aiohttp.ClientSession for improved error handling and session management

* feat: remove unused coercion function and update Firecrawl search to use default limit in payload
2026-04-26 13:07:27 +08:00
Rhonin Wang
d4cdeeae72 fix(computer): send sandbox image downloads as images (#7785) 2026-04-25 16:44:08 +08:00
LIghtJUNction
2ecd95b9e9 chore: ruff check && format 2026-04-23 04:29:07 +08:00
LIghtJUNction
c4048bb8eb refactor: delete _internal
remove deprecated API modules and example scripts; update core modules
(agents, providers, tools, platform adapters, utils), dashboard package
and components, and unit tests.
2026-04-23 04:16:30 +08:00
LIghtJUNction
33ec7bbf9c merge: master -> dev 2026-04-23 01:12:06 +08:00
Soulter
e6b68e9b09 perf: update FileReadTool description to mention image, PDF and docx support, and enhance modality checking in tool result case (#7506)
* feat: update FileReadTool description to mention image and PDF support

Add explicit mention of image (OCR) and PDF (text extraction) support
to the FileReadTool description for better discoverability.

* feat: update FileReadTool description to include support for docx and epub files; change base64 decoding to utf-8

* feat: enhance ToolLoopAgentRunner to support image and audio modalities; add context sanitization logic
2026-04-22 11:38:40 +08:00
千岚之夏
b40bcbbd86 fix: resolve relative file paths within a local workspace root for the SendMessageToUserTool (#7668)
* fix: resolve relative file paths against workspace directory

* fix: add path normalization and security check for workspace resolution

* chore: remove temp PR body file

* chore: added some comments

Added comments to clarify path resolution logic.

* Update astrbot/core/tools/message_tools.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: Test User <test@test.com>
Co-authored-by: Soulter <37870767+Soulter@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-04-19 14:09:02 +08:00
MagicSun7940
b2a95713f8 修复了使用 Bocha 搜索时报错 "Can not decode content-encoding: br"的bug (#7655)
* 修复了使用 Bocha 搜索时报错 "Can not decode content-encoding: br"的bug

* 添加了注释,解释为什么要限制 Accept-Encoding,方便以后的维护者理解这是针对 aiohttp brotli bug 的临时规避方案。
2026-04-19 13:04:20 +08:00
Hongbro886
22e8cbd10d fix: return an explicit erro from the cron tool when scheduling a task fails instead of processing silently(#7513)
* fix: 定时任务创建失败时返回错误信息而非静默处理

* fix: test and format

---------

Co-authored-by: Soulter <905617992@qq.com>
2026-04-16 20:14:55 +08:00
LIghtJUNction
e16e5c7630 fix: resolve merge conflicts from upstream and fix tool conflict resolution
- ToolSet.add() now protects active tools from inactive overrides
- Add missing _has_meaningful_content() method in RespondStage
- Remove is_local=True from ExecuteShellTool (no longer supported)
- Fix ToolSet() missing namespace argument in get_full_tool_set()
- Rewrite tests to match new tool architecture (cron_tools, func_tool_manager, tool_conflict_resolution)
2026-04-15 20:45:11 +08:00
LIghtJUNction
4d1e0ef1be merge: resolve conflicts from upstream
Conflict resolution: accepted HEAD versions for all conflicted files.
2026-04-15 17:03:54 +08:00