5561 Commits

Author SHA1 Message Date
Yufeng He
094c2de85a fix: surface weixin media send failures (#8175)
* fix: surface weixin media send failures

* fix: include weixin send failure context

* Delete tests/unit/test_weixin_oc_adapter.py

---------

Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
2026-05-14 12:17:59 +08:00
counhopig
7d402fa16a fix: add ollama and nvidia embedding (#8104)
* fix: add ollama and nvidia embedding

* fix: address code review feedback for embedding providers

 - Remove redundant proxy branch in NvidiaEmbeddingProvider._get_client

 - Change ClientError handling to re-raise instead of wrapping in Exception

 - Add exc_info=True for better error diagnostics

 - Remove redundant isinstance check in OllamaEmbeddingProvider._build_payload
2026-05-14 12:16:35 +08:00
lingyun14
3a1d6c8f89 fix: handle None tool arguments from Claude API for no-parameter tools (#8136)
* fix: handle None tool arguments returned by Claude API for no-parameter tools

* fix: handle None tool arguments from Claude API for no-parameter tools

* fix: generalize None tool args comment

* fix: generalize None tool args comment

* 去除空格,以保证格式正确
2026-05-14 12:01:19 +08:00
Chang Lee
35f5d7e710 perf: enhance AMR audio quality and simplify opus logic (#8153)
* chore: streamline convert_audio_to_opus logic

- Route Opus conversion directly through the underlying convert_audio_format.
- Remove redundant FFmpeg processing chains to improve code reusability.

* perf: optimize AMR voice encoding parameters

- Enhance AMR audio quality via built-in FFmpeg filters.
2026-05-14 11:57:14 +08:00
M1LKT
720d384b44 fix: synchronize the autoScroll state of the consoleDisplayer component using $refs (#8186) 2026-05-14 11:44:42 +08:00
Yufeng He
3290d75519 fix: prefer bundled dashboard over stale data dist (#8172)
* fix: prefer bundled dashboard over stale dist

* fix: harden dashboard dist version checks
2026-05-14 09:00:16 +08:00
lingyun14
ef73d2da33 docs: Clarify and expand the LLM tool registration guidance in the AI plugin documentation (#8178)
* docs(zh/ai): fix misleading tool registration guide and add warnings

* docs(en/ai): add tool registration section with deprecation warnings
2026-05-14 08:58:37 +08:00
Soulter
c77cb0f4e2 chore: bump version to 4.24.5 v4.24.5 2026-05-14 01:16:26 +08:00
Soulter
0e6ad1c443 feat: cli supports ASTRBOT_DASHBOARD_INITIAL_PASSWORD env 2026-05-14 01:13:46 +08:00
Soulter
e05dd650ab feat(auth): add legacy password login failure message and FAQ guidance for upgrade issues 2026-05-14 00:48:15 +08:00
Soulter
93428a7976 feat: add initial dashboard password resolution from environment variable 2026-05-14 00:45:37 +08:00
Soulter
37142fd253 feat: enhance update dialog with progress tracking and localization updates
- Added advanced settings option in update dialog for better user control.
- Implemented detailed progress tracking for update stages including download size and speed.
- Updated localization files for English, Russian, and Chinese to include new strings for update progress and advanced settings.
- Improved UI for update dialog with better layout and responsiveness.
- Enhanced test coverage for update process including progress tracking.
2026-05-14 00:40:24 +08:00
Tsukumi
1b09132e4a fix: respect explicit Shipyard Neo profile (#8167) 2026-05-13 14:38:11 +08:00
NayukiMeko
22ba831a31 fix(message_tools): throw exception and block message sending when path does not exist (#8149)
* fix(message_tools): 路径不存在时抛出异常并阻止消息发送

- _resolve_path_from_sandbox 在所有解析路径均失败时改为抛出 FileNotFoundError,而非静默返回原始路径,避免将无效路径传递给下游组件
- 新增 component_type 关键字参数,使错误信息能明确指出是 image/record/video/file 哪类资源路径缺失
- 在 call 方法中捕获 FileNotFoundError 并提前返回错误字符串,确保路径无效时不会继续构建或发送任何消息组件
- 补充单元测试,验证缺失图片路径场景下 send_message 不会被调用

* Update tests/unit/test_message_tools.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix(tools): propagate sandbox error instead of masking as FileNotFoundError

---------

Co-authored-by: Ruochen Pan <badbatch0x01@gmail.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: RC-CHN <1051989940@qq.com>
2026-05-13 11:50:06 +08:00
Soulter
4672a04eb7 docs: update FAQ to clarify default password usage for first-time login 2026-05-13 01:50:37 +08:00
Soulter
c48108040c chore: bump version to 4.24.4 v4.24.4 2026-05-13 01:46:08 +08:00
Soulter
2d6f5e64b8 fix(auth): update login failure message for first-time users with details on random password 2026-05-13 01:37:35 +08:00
Soulter
7d72e3a9e7 docs: update FAQ with details on first login account and random password generation 2026-05-13 00:37:24 +08:00
Soulter
37d6159234 docs: update login instructions to use random initial password for first-time users 2026-05-13 00:24:21 +08:00
Soulter
989cc0d609 chore: bump version to 4.24.3 2026-05-13 00:17:27 +08:00
lingyun14
cb90de752d fix(docs): fix multiple errors in plugin development guides (#8166)
* Update listen-message-event.md

* Update listen-message-event.md

* Update ai.md

* Update plugin-new.md

* Update plugin-new.md

* Update simple.md

* Update star_handler.py

* Update listen-message-event.md

* Update listen-message-event.md
2026-05-13 00:04:12 +08:00
Soulter
48e111e47e chore: remove test 2026-05-12 23:57:16 +08:00
Weilong Liao
7ddf6371b9 fix(webui): enforce 12-char dashboard password policy with backend+frontend validation (#7338)
* fix(webui): enforce 12-char dashboard password policy with backend+frontend validation

* fix(i18n): update password policy hints and validation rules for improved security

* test: adapt dashboard auth fixtures for hashed default password

* fix(security): increase PBKDF2 iterations

* feat(auth): implement secure login challenge and proof verification

* chore: ruff format

* fix(auth): update md5 import syntax for consistency

* feat(dashboard): implement random password generation for empty dashboard password

* feat(auth): enforce plaintext password requirement for legacy MD5 hashes

* fix(i18n): update password hint texts to reflect auto-generated initial passwords

* feat(dashboard): implement password change requirement and reset logic

* feat(auth): implement account setup flow and password change requirements

* feat: Implement legacy password support and upgrade mechanism

- Added `hash_legacy_dashboard_password` function for MD5 hashing of passwords.
- Updated configuration handling to store both PBKDF2 and legacy password hashes.
- Introduced logic to check if password storage has been upgraded and if a password change is required.
- Modified dashboard authentication routes to handle legacy password checks and prompts for upgrades.
- Updated frontend to display warnings for legacy password storage and required upgrades.
- Enhanced tests to cover scenarios for legacy password handling and migration to new storage format.

* fix(logo): update text color styles to use CSS variables for consistency

* feat(dashboard): upgrade password storage and enforce change requirement

* fix(dashboard): update minimum password length from 12 to 10 characters

* fix(dashboard): update minimum password length from 10 to 8 characters

---------

Co-authored-by: RC-CHN <1051989940@qq.com>
2026-05-12 23:46:57 +08:00
Yufeng He
f86de988a4 fix: keep Discord startup alive on command quota (#8061)
* fix: keep Discord startup alive on command quota

* Update discord_platform_adapter.py

---------

Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
2026-05-12 23:28:23 +08:00
dependabot[bot]
1d3f54ca49 chore(deps): bump pnpm/action-setup in the github-actions group (#8156)
Bumps the github-actions group with 1 update: [pnpm/action-setup](https://github.com/pnpm/action-setup).


Updates `pnpm/action-setup` from 6.0.5 to 6.0.7
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](https://github.com/pnpm/action-setup/compare/v6.0.5...v6.0.7)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 6.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-12 23:16:19 +08:00
jdjfjdsfj
f6a99a25b9 Update API Key reference in knowledge-base.md (#8129)
* Update API Key reference in knowledge-base.md

* Update docs/zh/use/knowledge-base.md

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-05-12 08:43:53 +08:00
NayukiMeko
041c35c35b Fix: Fix issue where temporary directory is not cleaned and error tracking false positives when repeatedly installing plugins (#8148)
* fix(star): 修复重复安装插件时临时目录未清理及错误追踪误报问题

- 引入 skip_failed_tracking 标志,当目标目录已存在时跳过失败安装追踪,避免将预期冲突错误误记为安装失败
- 修复 finally 块中临时目录清理逻辑,确保冲突场景下 plugin_upload_* 临时目录也能被正确删除
- 新增测试用例 test_install_plugin_from_file_conflict_keeps_failed_plugins_clean,验证重复安装同名插件时 failed_plugin_dict 为空且无残留临时目录

Ref #8122

* style(star): ruff 格式化
2026-05-11 16:36:03 +08:00
エイカク
ad516950f2 fix(provider): force Gemini chat client to use managed httpx client (#8112)
When both aiohttp and httpx are installed, google-genai prefers aiohttp
as the async HTTP backend. In error response paths, the aiohttp backend
returns raw aiohttp.ClientResponse objects that google-genai cannot handle,
masking real API errors with:
  Unsupported response type: <class 'aiohttp.client_reqrep.ClientResponse'>

This fix explicitly creates an httpx.AsyncClient and passes it via
HttpOptions.httpx_async_client, ensuring the chat provider always uses
the httpx backend. The managed client is closed in terminate().

- Preserve HTTP_PROXY/HTTPS_PROXY support via trust_env=True.
- Preserve provider-level proxy via httpx.AsyncClient(proxy=...).
- Avoid logging full proxy URLs for security.

Fixes #7564
2026-05-10 00:20:36 +09:00
lingyun14
c9182c27a2 fix: fix console log level alignment and mobile layout issue (#7988)
* fix: fix console log level alignment and mobile layout issue

* Update ConsoleDisplayer.vue
2026-05-09 22:18:21 +08:00
lingyun14
bd9aade842 fix(docs):多份文档汉译英并整理 (#8001)
* docs(en): translate plugin-platform-adapter.md from Chinese to English

* docs(en): translate plugin-platform-adapter.md from Chinese to English

* Update ppio.md

* Update provider-lmstudio.md

* Update function-calling.md

* Update skills.md

* Update ai.md

* Update simple.md

* Update mcp.md

* Update config.mjs kook

* fix(docs): fix MessageSesion import path in platform adapter example

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-05-09 22:17:47 +08:00
dependabot[bot]
4bcaaab44f chore(deps): bump pnpm/action-setup in the github-actions group (#8004)
Bumps the github-actions group with 1 update: [pnpm/action-setup](https://github.com/pnpm/action-setup).


Updates `pnpm/action-setup` from 6.0.3 to 6.0.5
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](https://github.com/pnpm/action-setup/compare/v6.0.3...v6.0.5)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 6.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-09 22:16:30 +08:00
AstrBot
224915fbc8 docs: add 16MB size limit note for plugin publishing (#8108)
Add documentation to clarify the 16MB zip size limit for plugin
marketplace submissions, along with practical recommendations:
- Compress static assets like images
- Clean up unnecessary files (.git, __pycache__, etc.)
- Optimize dependency sizes
- Use .gitattributes or release branches

Also mention the option to contact maintainers for manual bypass
when the limit cannot be met.

Co-authored-by: Seio <seio@astrbot.app>
2026-05-09 22:00:15 +08:00
M1LKT
f9cbe79099 fix(ui): always show actions btn instead of on hover in OutlinedActionListItem (#8081) 2026-05-09 08:41:26 +08:00
AstrBot
77fa0e466c docs: update Trendshift badge to AstrBotDevs repo (#21369) for all README languages (#8079)
Co-authored-by: AstrBot <astrbot@container>
2026-05-08 15:41:56 +08:00
Ruochen Pan
f29b339ea2 fix(t2i): validate template content to prevent Jinja2 SSTI injection (#8077)
* fix(t2i): validate template content to prevent Jinja2 SSTI injection

* fix(t2i): add error feedback

* fix(test): update assertion to match previous commits

* style: format code
2026-05-08 15:30:52 +08:00
LIghtJUNction
273b6777cf test: fix unit tests after master→dev merge
- Fix test_long_term_memory.py: Image(file=), Provider spec, config keys
- Fix test_star_manager.py: Metric.upload AsyncMock, os.path.exists patch
- Fix test_kb_helper.py: chunk assertion signature, session.begin mock
- Fix test_file_extract.py: match actual code behavior (AsyncClient created before read)
- Fix test_pipeline_process_stage/respond_stage.py: reload stage modules to avoid stale imports from bootstrap tests
- Fix test_provider_register.py: handle pre-existing registry entries
- Fix test_pipeline_scheduler.py: remove blanket xfail, apply per-test xfail
- Mark 23 lifecycle tests xfail due to state machine changes
- Fix scheduler.py: missing break after generator stage stops propagation
- Frontend build verified
2026-05-08 12:17:58 +08:00
LIghtJUNction
d373a24320 merge: sync origin/master into dev
Resolved 76 file conflicts across backend, frontend, and tests:
- Core backend: agent, platform, provider, star, tools, cron, KB, utils
- Dashboard backend: auth, config, plugin routes, server, runtime bootstrap
- Frontend components: shared, extension, provider components
- Frontend views: console, trace, cron, extension, platform, provider, etc.
- Frontend infrastructure: layouts, router, stores, main.ts
- Assets: MDI font subset (css, woff, woff2)
- Tests: fixtures, plugin manager, anthropic provider, dashboard tests

Strategy per file:
- Most backend: merged master improvements (metrics, http_client -> default_headers,
  download_url params, plugin i18n, runtime guards, auth middleware)
- Frontend views: adopted master dashboard-shell layout (v-container, is-dark theme)
- InstalledPluginsTab: kept dev pinned-plugins feature (drag-sort, pin/unpin)
- Binary assets: resolved via git checkout
- Tests: merged both branches' assertions and mock updates
2026-05-08 11:04:03 +08:00
エイカク
f02845ebdc fix(config): expose cua idle timeout in dashboard (#8075)
* fix(config): expose cua idle timeout in dashboard

* fix(config): remove exposed cua ttl setting

* fix(config): centralize cua idle timeout default
2026-05-08 10:08:53 +09:00
エイカク
49cd4d2a20 feat(cua): expire idle sandbox sessions (#8074)
* feat(cua): expire idle sandbox sessions

* fix(cua): simplify idle timeout state
2026-05-08 09:41:59 +09:00
Yufeng He
116c66b5b7 fix: skip KB retrieval for blank prompts (#8073) 2026-05-08 08:35:24 +08:00
LIghtJUNction
e9c348199c wip: current local changes before squash rebase 2026-05-08 06:57:08 +08:00
エイカク
5745ce5b80 fix(cua): use native file interfaces for uploads (#8069) 2026-05-08 02:36:43 +09:00
AstrBot
dd716e61a4 feat: add visual separator between thinking content and response (#8059)
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-07 22:19:50 +08:00
Ruochen Pan
718449d6ac fix(core): use correct asset filename in GitHub fallback download URL (#8046)
* fix(core): use correct asset filename in GitHub fallback download URL

* fix(core):resolve the tag via GitHub API with certifi SSL and proxy support.
2026-05-07 09:00:56 +08:00
エイカク
d1059cd504 fix windows updater zip root path normalization (#8019)
* fix: normalize updater zip root paths on windows

* refactor: share updater archive path normalization

* test: expand updater archive root coverage

* fix: guard empty updater archive roots

* refactor: share updater extraction safeguards

* refactor: simplify updater extraction cleanup

* refactor: inline updater root normalization

* fix: infer archive root from zip entries
2026-05-07 09:41:45 +09:00
Ruochen Pan
b32cc8d273 feat(console): persist auto-scroll toggle state in localStorage (#8024) 2026-05-06 10:55:32 +08:00
千岚之夏
e8d3e1837c feat: add disable_metrics config option for WebUI (#7946)
* feat: add disable_metrics config option for WebUI

* fix: remove dead code _disable_metrics, narrow exception catching

* fix: add Russian translation for disable_metrics

* fix: 将 disable_metrics 移到系统配置

* fix: 将 disable_metrics 元数据从 general 移到 system 分组

---------

Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com>
2026-05-06 09:02:35 +08:00
168SDTH
942dcdfc77 Fix: typo in API Key environment variable example (#7977) 2026-05-06 08:50:24 +08:00
Rhonin Wang
b4e1181d1e fix(config): hide Baidu web search key when disabled (#7992)
* fix(config): hide Baidu web search key when disabled

* chore: remove unnecessary test change

---------

Co-authored-by: RhoninSeiei <RhoninSeiei@users.noreply.github.com>
Co-authored-by: Rhonin <rhonin@STARFORGE.localdomain>
2026-05-06 08:49:11 +08:00
Midwich
7a519d4d1e fix(config): add missing websearch_firecrawl_key to DEFAULT_CONFIG (#8012)
The websearch_firecrawl_key config key was added in PR #7764 (Firecrawl
web search provider) but was missing from DEFAULT_CONFIG in default.py.

Because AstrBotConfig.check_config_integrity() removes keys that exist
in the user's cmd_config.json but are absent from DEFAULT_CONFIG, the
firecrawl API key is silently deleted on every container restart.

Fixes: unreported issue (config key removed on restart)
2026-05-06 08:47:04 +08:00