1268 Commits

Author SHA1 Message Date
LIghtJUNction
fcfe5ca41f feat: migrate dashboard api runtime 2026-06-26 10:17:08 +08:00
LIghtJUNction
5d22db51ad fix: resolve merge conflicts and complete dashboard API migration 2026-06-26 09:50:15 +08:00
Weilong Liao
421d718041 feat: show public version details on login (#8986)
* feat: show public version details on login

* fix: address login version review feedback
2026-06-24 21:46:29 +08:00
Weilong Liao
967ed01cf7 fix: add data scope to api keys (#8985) 2026-06-24 16:37:46 +08:00
Tanishq
ae29a7eaf9 feat(websearch): add Exa as a web search provider (#8973)
- Add ExaWebSearchTool (web_search_exa) with keyword/semantic search,
  category filters, domain restrictions, and date range support
- Add ExaGetContentsTool (exa_get_contents) for extracting web page content
- Add _exa_search() and _exa_get_contents() API helpers hitting
  https://api.exa.ai/search and https://api.exa.ai/contents
- Add _EXA_KEY_ROTATOR for multi-key rotation
- Register Exa tools in _apply_web_search_tools() dispatch
- Add Exa to WEB_SEARCH_CITATION_TOOL_NAMES for citation support
- Add websearch_exa_key config default and provider option
- Add i18n metadata for en-US, zh-CN, ru-RU
- Add Exa section to docs (en + zh)
- Add 6 unit tests covering search, contents, error handling, and
  legacy config migration

Closes #5621
2026-06-24 15:53:47 +08:00
Soulter
756469a39f fix: remove unused vocechat logo and update xmas hat image 2026-06-21 23:44:33 +08:00
Weilong Liao
16beb9a9d7 fix: remove redundant font family from stylesheet link (#8942) 2026-06-21 23:36:21 +08:00
Soulter
e30655b04e fix: refresh WebUI with cache buster 2026-06-21 18:12:07 +08:00
Weilong Liao
b6913833d4 chore: bump version to 4.26.0-beta.11
Release 4.26.0-beta.11
2026-06-20 22:32:56 +08:00
Soulter
f9d4082217 feat: add prerelease visibility toggle 2026-06-20 22:23:25 +08:00
Soulter
ddc4e142c7 fix: clarify WebUI recovery hint 2026-06-20 22:11:38 +08:00
Weilong Liao
cdfb0bdf91 fix: restore webui 401 login redirect (#8903) 2026-06-19 22:43:21 +08:00
Weilong Liao
dd36979eca feat: implement request retry mechanism for provider requests (#8893)
* feat: implement request retry mechanism for provider requests

* feat: add request max retries configuration and implement retry logic for provider requests

* feat: update fake_query function to accept request_max_retries parameter

* feat: remove retry_rate_limits from provider request calls
2026-06-19 17:13:40 +08:00
Weilong Liao
29d66b84b9 feat: support workspace skills in requests (#8884)
* feat: support workspace skills in requests

* fix: harden workspace skill discovery

* fix: address workspace skills review comments
2026-06-19 12:03:07 +08:00
Weilong Liao
264e7eaaa3 fix: restore OpenAPI file uploads
Expose /api/v1/file in OpenAPI, enable file-scoped API keys, and regenerate docs/client artifacts.
2026-06-18 12:37:38 +08:00
Soulter
12b1b27825 fix: harden upgrade restart recovery 2026-06-18 00:13:18 +08:00
Soulter
08fc565175 fix: handle legacy login upgrade recovery 2026-06-17 23:43:04 +08:00
Weilong Liao
d5f5631287 fix: prefer v1 auth with legacy recovery fallback 2026-06-17 23:15:03 +08:00
C₂₂H₂₅NO₆
59fdd96627 fix: 修正人格编辑重名校验 (#8843)
Co-authored-by: C₂₂H₂₅NO₆ <Sisyphbaous-DT-Project@users.noreply.github.com>
2026-06-17 22:51:24 +08:00
Weilong Liao
19864b3f85 fix: recover interrupted dashboard upgrades 2026-06-17 22:48:47 +08:00
Weilong Liao
55af880369 feat(qqofficial): allow QQ Official Webhook adapters to proactively send group messages without requiring a cached msg_id (#8841)
* feat(qqofficial): support webhook QR setup

* docs(qqofficial): simplify webhook QR setup step
2026-06-17 21:13:05 +08:00
Weilong Liao
d3b52356a6 fix: repair onboarding platform and backup upload (#8834) 2026-06-17 10:54:57 +08:00
Weilong Liao
f1854df620 feat: add qq official qr binding
Add QQ Official Bot QR binding registration flow for the WebSocket adapter, wire dashboard credential autofill, and mark the WebSocket template as recommended.
2026-06-16 19:08:41 +08:00
Weilong Liao
898c800c96 fix: upload skills with generated multipart body
Fixes #8794.
2026-06-16 17:00:23 +08:00
Haoran Xu
f66215b365 fix(chat): prevent IME composition character loss at non-terminal cur… (#8811) 2026-06-16 13:45:33 +08:00
Weilong Liao
5566bd621c feat: reorganize settings system configuration (#8777)
* feat: reorganize settings system configuration

* fix: float system config restart notice

* fix: blur system config restart notice

* fix: tint restart notice blur background

* fix: allow totp setup without body

* fix: filter public openapi docs

* fix: handle settings autosave cleanup

* chore: ui
2026-06-16 11:03:42 +08:00
Weilong Liao
dd46cce09e fix: make project update flow atomic (#8805)
* fix: make project update flow atomic

* fix: address atomic update review feedback

* fix: show update success after restart

* fix: prevent update progress reset during restart

* fix: align update success feedback styling
2026-06-15 23:32:29 +08:00
Weilong Liao
0d8e8682db refactor(core): migrate backend backbone from Quart to FastAPI and introduce more OpenAPI (#8688)
* refactor: migrate to fastapi

* structure refactor

* fix: pyright fix

* refactor: improve error handling and public messages in plugin services

* feat(api): refactor API client integration and enhance request handling

- Updated API client configuration to use a dedicated HTTP client.
- Introduced utility functions for generating options, queries, and form data for API requests.
- Refactored multiple API methods to utilize the new utility functions for improved consistency and readability.
- Renamed types for clarity and updated import statements accordingly.

feat(docs): add script to update OpenAPI JSON from YAML spec

- Created a Python script to convert OpenAPI YAML specification to JSON format.
- The script supports customizable input and output paths.
- Ensured the script handles directory creation for output paths and validates the YAML structure.

* fix

* feat(auth): implement rate limiting for v1 login endpoint and enhance request handling

* Refactor dashboard API routers to use legacy_router for backward compatibility

- Changed all instances of dashboard_router to legacy_router across multiple API modules including platform, plugins, providers, sessions, skills, stats, subagents, t2i, tools, updates, and asgi_runtime.
- Updated route definitions to ensure existing endpoints remain functional under the new router structure.
- Introduced support for Quart request context in asgi_runtime to enhance compatibility with existing Quart-based plugins.
- Added a test case to validate the functionality of the new Quart request context handling in plugin extensions.

* chore: remove cli test

* fix: update dashboard tests for fastapi migration

* chore: satisfy ruff checks

* fix: update openapi api key scopes

* fix: sync config scope chip selection

* fix: restore quart dependency

* docs: clarify quart plugin api compatibility

* docs: update openapi scope documentation

* fix: use singular skill openapi scope

* fix: hide update service exception details

* fix: address fastapi review comments

* fix: address dashboard review findings

* docs: revert unrelated package deployment changes

* docs: update agent api generation guidance

* feat: add plugin page web api helpers

* docs: add plugin page bridge demo

* fix: type plugin upload files

* fix: stabilize plugin page uploads

* fix: type plugin web request proxy

* docs: remove plugin page docs example

* fix: authenticate plugin page SSE bridge
2026-06-14 15:03:26 +08:00
叹号大帝
2eee833832 feat(proxy): add gh proxy link gh.dpik.top (#8772) 2026-06-14 12:09:00 +08:00
Yufeng He
6c3a1ae8e5 fix: sanitize generated platform ids (#8768) 2026-06-14 10:57:13 +08:00
叹号大帝
d0323196f4 fix(proxy): drop invalid proxy gh.llkk.cc (#8761)
* fix: replace broken gh proxy URL

* fix: remove ghproxy.net from proxy list

Removed an unused GitHub proxy URL from the list.
2026-06-14 10:38:41 +08:00
Weilong Liao
7c366a708b fix: unify media reference handling (#8764)
* fix: unify media reference handling

* fix: accept bare base64 record media refs

* chore: update agents.md

* fix: unify file URI handling across media components and utilities

* fix: unify media reference type handling with MediaRefStr alias

* Potential fix for pull request finding 'CodeQL / Incomplete URL substring sanitization'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update astrbot/core/platform/sources/discord/discord_platform_adapter.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix: unify media handling and improve base64 decoding across components

* fix: simplify client_kwargs type definition and enhance media message handling in platform adapter

* fix: unify media utility documentation and enhance function descriptions

* perf: drop "pilk" requirement, improve audio outbound for tencent-related IM apps which using silk

* fix: unify Tencent Silk audio handling and enhance media resolver functionality

---

- Centralize media reference materialization and base64 resolution for local paths, http(s), base64://, data URIs, and legacy bare base64 payloads.
- Normalize incoming Record audio to wav and Image media to temporary jpg during preprocess, with event-scoped cleanup.
- Reuse the shared media resolver across OpenAI, Gemini, Anthropic, MiMo, DeerFlow, STT, and platform media paths while sanitizing logs and cleaning temporary conversion outputs.
- Ensure generated TTS audio is tracked for cleanup after the event finishes.

fix #8676
fix #8543
fix #7588
fix #7580
fix #8030
fix #8034
fix #7461
fix #7565
fix #6509
fix #7144
fix #7795



---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-06-14 10:37:16 +08:00
lingyun14
d2b86c5991 feat(dashboard): add a configurable theme mode with light, dark, and system options and centralize theme synchronization with system preferences. (#8648)
* Update main.ts

* Update config.ts

* Update header.json

* Update auth.json

* Update header.json

* Update auth.json

* Update header.json

* Update auth.json

* Update VerticalHeader.vue

* Update customizer.ts

* Update LoginPage.vue

* Update SetupPage.vue

* Update config.ts

* Update customizer.ts

* Update plugin-pages.md

* docs: add Follow System note to plugin-pages theme section
2026-06-13 16:41:54 +08:00
Yufeng He
f19f623a26 fix: handle changelog anchor links (#8750)
Signed-off-by: Yufeng He <40085740+he-yufeng@users.noreply.github.com>
2026-06-13 15:51:32 +08:00
lingyun14
fb8f4d68e1 feat: backup skills directory (#8700)
* feat: include skills directory in backup

* Update settings.json

* Update settings.json

* Update settings.json

* Update settings.json

* Update settings.json
2026-06-10 16:51:29 +08:00
Zayn
0b22349363 feat: add ElevenLabs TTS API provider 2026-06-10 16:47:14 +08:00
micaiguai
56d2b3fb55 fix(dashboard): allow creating folder by pressing Enter (#8597)
* fix(dashboard): allow creating folder by pressing Enter

* fix(dashboard): disable form while creating folder to prevent duplicate submissions
2026-06-10 16:46:11 +08:00
HIU
a3c25ec2c7 fix: preserve repo source on plugin reinstall
* fix: preserve repo source on plugin reinstall

* fix(dashboard): align extension market matching with repo identity

Use normalized repo keys as the primary identity when matching
installed extensions with marketplace plugins in useExtensionPage.

Only fall back to name matching for installed extensions that do
not have a repo, and normalize name lookups consistently on both
sides. Also clear stale online_version when no marketplace plugin
is matched.
2026-06-10 16:42:12 +08:00
Ruochen Pan
ae44b912fc feat(dashboard): add per-tool permission management for function tools (#8693)
* feat(func-tool): add per-tool permission management

* feat(dashboard): add permission column to function tool table

* refactor(dashboard): encapsulate tool actions into composable and unify permission UI

* style: format code

* fix: guard sync handler, simplify sp access, skip builtin instantiation
2026-06-09 14:47:41 +08:00
LIghtJUNction
398086ac5f chore: fix dashboard style checks 2026-06-08 02:12:19 +08:00
LIghtJUNction
a3ba7bd9ee merge: master into dev 2026-06-08 01:32:39 +08:00
EterUltimate
0db7fc9b39 fix(dashboard): sync pnpm lockfile overrides (#8637) 2026-06-07 10:54:56 +08:00
Copilot
6ae103a24f perf: enable full credential autofill on WebUI login form (#8631)
* Initial plan

* chore: outline plan for login autocomplete fix

* fix(webui): add login autocomplete attributes

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-06-06 23:17:42 +08:00
lxfight
c58916b8e9 feat(dashboard): add plugin WebUI entries to sidebar with MDI icon support (#8569)
* feat(plugin): support icon field in metadata.yaml for sidebar icon

* feat(sidebar): add isRawTitle support for non-i18n sidebar titles

* feat(sidebar): add usePluginSidebarItems composable for dynamic plugin WebUI entries

* feat(sidebar): inject plugin WebUI items into sidebar before More group

* refactor(plugin-page): remove header, make iframe full-screen

* feat(sidebar): restore plugin WebUI collapsible group

* fix(plugin-page): prevent iframe from capturing mousemove during sidebar resize

- Use absolute positioning instead of negative margin for full-screen layout
- Zero container padding for plugin page route in FullLayout
- Disable pointer-events on iframe during sidebar drag to avoid event capture

* refactor(sidebar): share plugin state reactively instead of polling

- Replace polling + events with module-level reactive shared state
- useExtensionPage.getExtensions() populates pluginSidebarState
- usePluginSidebarItems uses computed() to derive sidebar menu
- Zero additional API calls, updates instantly on any plugin change

* fix(sidebar): restore initial plugin data fetch on sidebar mount

* feat(sidebar): render plugin icons via MDI SVG CDN instead of subset font

- Plugin icons loaded from https://cdn.jsdelivr.net/npm/@mdi/svg@7/svg/
- Removes subset limitation - plugins can use any MDI icon
- Fallback to subset font class for built-in sidebar items
- Default icon remains mdi-puzzle when plugin doesn't specify one

* fix(sidebar): render plugin icons as inline SVG with currentColor for theme matching

* docs: add plugin sidebar icon documentation

* docs: require mdi- prefix for plugin icon field

* chore: ruff format

* fix: address review feedback

- Add SVG sanitization to prevent XSS via v-html (reject <script>, event handlers)
- Extract MORE_GROUP_KEY shared constant to avoid hardcoded i18n key
- Parallel SVG loading with Promise.all instead of serial
- Pure buildPluginItems, mutate iconSvg in place to avoid redundant rebuilds
- Fallback to default icon SVG when loading fails
- Revert accidental pnpm-lock.yaml changes

* chore: remove webui icon

---------

Co-authored-by: Soulter <905617992@qq.com>
2026-06-06 00:35:52 +08:00
lxfight
65fe0574b9 feat: sync dashboard theme to plugin pages (#8390)
* feat(plugin): pass theme through plugin page asset URLs and initial context

Add theme query parameter propagation through the plugin page asset pipeline
so that the bridge SDK initial context includes isDark.

* feat(plugin): inject data-theme and color-scheme into plugin page HTML

Set data-theme on <html> and add color-scheme meta tag server-side
to prevent flash when entering plugin pages in dark mode.

* feat(webui): add isDark getter to customizer store

* feat(webui): sync theme to plugin iframe via URL param and postMessage

Append theme query parameter to iframe src URL and include isDark
in the postMessage context. Watch uiTheme changes to re-send context.

* feat(bridge): auto-apply data-theme from context in plugin bridge SDK

Set data-theme attribute on document.documentElement when context
includes isDark, enabling live theme switching via postMessage.

* docs: add light/dark theme adaptation guide for plugin pages

Add theme adaptation section to existing plugin-pages docs in both
Chinese and English, covering CSS variables and onContext() usage.

* test: add theme sync tests for plugin page bridge and content

Verify isDark in bridge SDK initial context with various theme params,
and verify data-theme and color-scheme injection in rewritten HTML.

* fix(plugin): use case-insensitive regex for head tag in HTML rewrite

Replace string match for <head> with case-insensitive regex to handle
uppercase tags and tags with attributes, preventing duplicate injection
of color-scheme meta tag.

* refactor(webui): generalize isDark getter to support any dark theme

Replace hardcoded PurpleThemeDark check with suffix-based detection
so all dark theme variants are recognized automatically.

* refactor(plugin): extract theme helpers for HTML rewriting

Extract _get_request_theme and _apply_theme_to_html to eliminate
duplicate theme-parsing logic and isolate HTML mutation. Use case-
insensitive regex for head tag detection to prevent duplicate
injection when tags use mixed casing.

* style: apply ruff formatting to plugin page tests

Wrap long function call lines for consistency with project style.

* fix(plugin): handle existing data-theme and case-sensitive fallback in HTML rewrite

Strip any existing data-theme attribute before adding the new one to
prevent duplicate attributes. Use case-insensitive regex for the
<head> fallback insertion to avoid corrupting <html> tag attributes.

* fix(webui): add null guard to isDark getter

Guard against undefined uiTheme to prevent TypeError when the
theme config has not been initialized.

* fix(webui): centralize theme mapping and preserve hash in plugin page URL

Extract themeParam computed to avoid drift between URL and context.
Include hash fragment in iframe URL to support SPA hash routing.

* fix(webui): address CR feedback - deduplicate color-scheme meta, harden isDark getter, consolidate theme source

- _apply_theme_to_html: strip existing color-scheme meta before injecting to
  avoid duplicates; merge data-theme strip+add into single-pass regex callback
- customizer.ts: replace brittle endsWith('Dark') with explicit theme name check
- _rewrite_plugin_page_html: use _get_request_theme() directly instead of
  reading theme from extra_query_params

* fix(webui): 简化 isDark 推导、优化查询参数构建、使用暗色主题集合

- isDark 推导简化为 theme == "dark"(None == "dark" 为 False,去掉多余三元表达式)
- _prepare_plugin_page_query_params 改为线性构建,先计算再构建字典
- isDark getter 改用显式 DARK_THEMES Set,替代硬编码单值比较

---------

Co-authored-by: lxfight <lxfight@192.168.5.50>
2026-06-06 00:35:47 +08:00
Weilong Liao
7e22a07e0d feat: introduce a command /name to name a umo, and display in ui (#8575)
* feat: introduce a command /name to name a umo, and display in ui

* docs: add docs

* fix

* fix test

* fix: test
2026-06-05 19:09:48 +08:00
Weilong Liao
24f568b149 feat: future task UI (#8559)
* feat: future task UI

* fix: update filter label for UMO in English and Chinese locales

* feat: enhance cron job management with delivery target handling and UI improvements

* fix: update session label to indicate optional delivery target

* feat: add tooltip for last run time and error in cron job display
2026-06-03 22:02:59 +08:00
Foolllll
1daa0e3367 fix(compress): improve context compression, improve kv-cache rate of context compression, handle compression model modalities (#8530)
* fix(context): restore turn cap, serialize content parts and tool calls for llm compress, fix AftCompact debug log

Three context-compaction regression fixes after #8226:

1. Restore max_context_length -> enforce_max_turns propagation so
   normal turn-based truncation works again.
2. Serialize ContentPart and ToolCall objects into plain dicts in
   _message_to_dict so llm_compress no longer fails with JSON
   serialization errors.
3. Print _provider_messages (compacted) instead of run_context.messages
   (unchanged) in AftCompact debug log; truncate long role lists to
   first4,...,last4 to avoid log spam.

Assertions in tests are also hardened to avoid coupling to exact prompt
wording.

* fix(tool_loop_agent_runner): simplify context handling by removing redundant provider messages

* fix(tool_loop_agent_runner): rename context manager variables for clarity

* fix: update context compression to use recent token ratio instead of fixed count

* fix: enhance LLMSummaryCompressor to sanitize contexts and improve message handling

* ruff format

---------

Co-authored-by: Soulter <905617992@qq.com>
2026-06-03 17:40:05 +08:00
Caleb
25b134444f fix(console): use toast for pip-install error display (#8462)
* fix(console): use toast for pip-install error display

The pip-install dialog displayed error messages as unstyled inline
<small> text with no color differentiation from success messages.
Replaced with useToast() to show errors as red snackbar, consistent
with the rest of the dashboard.

* fix(console): use i18n for pip-install toast fallback messages
2026-06-02 12:52:55 +08:00
鸦羽
e8d13af5b9 feat: add TOTP two-factor authentication for dashboard login (#8189)
* feat: add TOTP two-factor authentication for dashboard login

* fix: ensure TOTP verification uses UTC for accurate time comparison

* fix: update recovery code validation logic for disabling TOTP

* test: add unit tests for TOTP functionality and recovery code validation

* chore: format

* feat: add trust_proxy_headers switch for auth rate-limit IP source

* feat: make dashboard auth rate-limit configurable via system settings

Add auth_rate_limit config block to dashboard settings with enable
(default: true), average_interval (default: 1.0s), and max_burst
(default: 3) options. The dashboard auth middleware now reads from
config instead of using hardcoded values. The average_interval and
max_burst fields are conditionally shown only when rate limiting is
enabled.

* fix: normalize dashboard client IP from trusted proxy headers

* refactor: encapsulate rate limiter state into registry, add TTL

* feat: show dynamic page title during two-factor verification

* fix: require two-factor verification for protected config saves

* chore: format

* refactor: reorganize TOTP verification UI components for better layout

* refactor: clean up recovery stage UI by removing unused styles and improving label handling

* docs: add TOTP two-factor authentication documentation for WebUI

---------

Co-authored-by: Soulter <905617992@qq.com>
2026-06-01 16:40:29 +08:00