5561 Commits

Author SHA1 Message Date
LIghtJUNction
0208dbb15f Merge branch 'master' of https://github.com/AstrBotDevs/AstrBot into dev
# Conflicts:
#	dashboard/vite.config.ts
2026-04-29 02:16:18 +08:00
LIghtJUNction
63e1988f86 chore: merge CLAUDE.md into AGENTS.md and remove CLAUDE.md 2026-04-29 02:15:06 +08:00
LIghtJUNction
5f827fffd2 feat: persistent shell session and remove dead ToolSessionManager
- Replace LocalShellComponent's one-shot subprocess.run() with a
  PersistentShellSession that wraps a long-running bash process per UMO.
  cd/export/source now persist naturally within a conversation.
- Support background task execution via nohup.
- Remove unused ToolSessionManager / ToolSessionState (dead code,
  never wired to any consumer).
- Fix performance benchmark: separate throughput and memory measurement
  so tracemalloc doesn't distort timing (was 7x slower).
- Optimize bool validation in CommandFilter with frozenset + isinstance
  short-circuit.
2026-04-29 02:06:24 +08:00
LIghtJUNction
4463895c89 chore: improve code quality score from 55 to 81
- Convert bad type: ignore[...] to blanket ignores
- Remove unused type: ignore directives
- Fix genie_tts/dashscope_tts Any type annotations
- Remove temp file
2026-04-29 01:28:20 +08:00
Soulter
6b36e1abac fix: comment out tool_choice parameter in ToolLoopAgentRunner for debugging
fixes: #7853
closes: #7856
closes: #7862
2026-04-29 00:20:38 +08:00
Weilong Liao
8f356b84c7 fix(core): restrict send_message_to_user to current session (security fix #7822) (#7824)
* fix(core): security fix - restrict send_message_to_user to current session only

Closes #7822

SECURITY: Remove the user-controlled 'session' parameter from the
send_message_to_user tool. Previously, a regular user could ask the
LLM to send messages to any arbitrary session (group chat) by
providing a crafted session string, which is a high-risk
vulnerability.

Changes:
- Remove 'session' parameter from tool schema (LLM can no longer
  propose it)
- Always use context.context.event.unified_msg_origin as the target
  session
- Update description to clearly state that messages can only be sent
  to the current user's session

* fix: restore session param but restrict to admin only

- Re-add the  parameter removed in the original PR
- Non-admin users can only send to their own session (current_session)
- Admin users can send to any session via the  param
- Uses  from computer_tools.util (same pattern as fs.py)
- Ref: https://github.com/AstrBotDevs/AstrBot/issues/7822

Co-authored-by: Soulter <soulter@astrbot.app>

* Update message_tools.py

---------

Co-authored-by: AstrBot <bot@astrbot.app>
2026-04-29 00:15:16 +08:00
诗浓
98b05b7e89 fix(provider): persist model enable toggle (#7865)
* fix(provider): persist model enable toggle

Fixes AstrBotDevs/AstrBot#7863

* fix(provider): wait for model toggle refresh
2026-04-28 23:55:46 +08:00
Soulter
962c299c2d feat(shell): enhance exec method to support timeout parameter and improve background command handling 2026-04-28 23:55:29 +08:00
daniel5u
66d620dab5 fix: merge anthropic parallel tool results (#7875) 2026-04-28 23:48:09 +08:00
Weilong Liao
ac7f6aa60d feat(shell): add background command execution with output redirection and timeout support (#7835)
* feat(shell): add background command execution with output redirection and timeout support

* feat(shell): update timeout parameter to be optional in shell execution methods

* feat(shell): set default timeout for shell execution to 10,000,000 milliseconds

* feat(shell): set default timeout to 300s for shell execution

* feat(shell): reorder timeout parameter in ExecuteShellTool configuration

* feat(shell): implement background command execution with detached shell command support

Co-authored-by: Copilot <copilot@github.com>

* test(shell): remove obsolete test for background shell command output redirection

* fix: reorder import statements in shell.py for consistency

* fix: wrap command in parentheses for background output redirection

---------

Co-authored-by: Copilot <copilot@github.com>
2026-04-28 23:25:54 +08:00
エイカク
2f33c34b5c fix: protect desktop plugin installs with core lock (#7872) 2026-04-28 21:10:19 +09:00
Weilong Liao
d8de0035a9 feat: add attachment saved event handling in chat and live chat routes (#7869)
Co-authored-by: Zhilan615 <2864095951@qq.com>
2026-04-28 17:14:40 +08:00
Soulter
1801834cac fix: remove BOM from install.ps1 file 2026-04-28 15:34:33 +08:00
Soulter
4d9340c216 feat: add deploy scripts for Windows and Linux installation, remove copy-deploy-cli script 2026-04-28 15:05:35 +08:00
dependabot[bot]
9016a3b2c4 chore(deps): bump pnpm/action-setup in the github-actions group (#7857)
Bumps the github-actions group with 1 update: [pnpm/action-setup](https://github.com/pnpm/action-setup).


Updates `pnpm/action-setup` from 5.0.0 to 6.0.3
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](https://github.com/pnpm/action-setup/compare/v5.0.0...v6.0.3)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-28 14:57:31 +08:00
Soulter
e4a9274b41 fix: update .gitignore and copy-deploy-cli script paths for public directory 2026-04-28 14:56:44 +08:00
EterUltimate
e218620a37 feat: add one-line deploy script (deploy-cli.sh) (#7631)
* feat: add one-line deploy script (deploy-cli.sh) and update cli.md

- Add docs/scripts/deploy-cli.sh for one-command deployment (Linux/macOS/WSL)
- Update docs/zh/deploy/astrbot/cli.md to reference local script
- Replace non-existent https://astrbot.app/deploy.sh with raw.githubusercontent.com URL
- Add local run tip and WSL-based Windows support

* fix: address PR review feedback for deploy-cli.sh

- Replace sort -V with Python-native version check (macOS BSD compat)
- Bump Python requirement from >=3.10 to >=3.12 (match pyproject.toml)
- Detect current directory as project root (avoid nested clone)
- Handle existing non-git directory explicitly
- Add curl dependency check
- Support ASTRBOT_REPO and ASTRBOT_DIR env vars for forks/mirrors
- Update cli.md version description to match

* feat: add Windows PowerShell deploy script and update docs

- Add deploy-cli.ps1 for Windows native environment (PowerShell 7+)
- Update cli.md to document Windows one-liner deployment
- Add local script execution instructions for both bash and ps1

* refactor: standardize log messages and improve clarity in various modules

Co-authored-by: Copilot <copilot@github.com>

* docs: 移除一行命令快速部署部分,简化安装说明

* feat: 添加脚本以复制部署 CLI 文件并更新构建命令

* refactor: 更新日志消息以提高可读性,统一英文提示信息

---------

Co-authored-by: Soulter <905617992@qq.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
2026-04-28 14:49:50 +08:00
エイカク
cb5c172e69 feat: add CUA computer-use sandbox support (#7828)
* feat: add CUA computer-use sandbox support

* fix: add CUA config metadata translations

* fix: address CUA sandbox review feedback

* fix: default CUA sandbox to local mode

* fix: harden CUA SDK method compatibility

* fix: harden CUA GUI and permission handling

* fix: refine CUA capability and shell handling

* fix: avoid inline CUA screenshot image results by default

* fix: guide CUA browser startup workflow

* feat: add CUA browser and key press tools

* fix: launch CUA browser as sandbox user

* fix: stabilize CUA browser screenshots

* fix: simplify CUA browser launch command

* fix: remove CUA open browser tool

* fix: align CUA desktop control guidance

* fix: harden CUA shell background handling

* fix: harden CUA runtime adapters

* fix: surface CUA filesystem failures

* fix: clarify CUA shell fallback support

* fix: harden CUA shell helpers

* fix: guard CUA file fallbacks

* fix: redact sensitive config log paths

* fix: guard CUA download fallback

* test: cover CUA GUI and shell env wiring

* fix: preserve CUA command result output

* fix: normalize CUA return codes

* fix: preserve foreground shell behavior

* fix: clean up failed CUA boots

* docs: add CUA sandbox runtime guide

* test: cover CUA GUI tool registration

* refactor: simplify CUA fallback handling

* refactor: simplify CUA shell helpers

* test: cover CUA screenshot result shapes
2026-04-28 01:40:14 +09:00
エイカク
67c7445d25 fix: prevent IME enter from sending chat (#7845)
* fix: prevent IME enter from sending chat

* fix: prevent IME enter from sending chat

* refactor: clarify IME composition state handling
2026-04-27 22:56:24 +09:00
Weilong Liao
72d65680b8 docs: add pre-commit setup guide to AGENTS.md (#7838)
* fix(dashboard): add tooltip for truncated command/tool descriptions in WebUI

- CommandTable.vue: add :title binding to description div
- ToolTable.vue: add :title binding to description and origin_name divs

Fixes #7583 - Webui中超出显示长度的指令描述无法以任何方式看到

* docs: add pre-commit setup guide to AGENTS.md

Extract the pre-commit and ruff setup instructions from README.md
into AGENTS.md so AI agents have a complete reference for
setting up the development environment.

---------

Co-authored-by: AstrBot Fixer <astrbot@fix-bot.local>
Co-authored-by: AstrBot Fixer <astrbot-fixer@users.noreply.github.com>
2026-04-27 21:42:56 +08:00
時壹
b711425b73 feat: add message-level markdown control for QQ Official platform (#6980)
* feat: add message-level markdown control for QQ Official platform

* feat: propagate MessageChain metadata through RespondStage chain splitting
2026-04-27 21:21:56 +08:00
若月千鸮
72f4e748e8 fix: restore T2I text template rendering (#7789)
* fix: restore T2I text template rendering

- keep using {{ text | safe }} instead of text_base64
- inject Shiki runtime by default for T2I templates
- update built-in templates to read markdown from a hidden textarea
- improve WebUI preview sample text and Shiki runtime serving
- add regression tests for template rendering and runtime injection

* fix: prevent injected Shiki runtime from breaking T2I templates

* fix(t2i): restore raw text template rendering

* test(t2i): remove test

* fix(t2i): restore previewText
2026-04-27 15:38:43 +08:00
Soulter
09ab45fcb5 chore: bump version to 4.23.6 v4.23.6 2026-04-27 13:05:20 +08:00
Weilong Liao
1efe4fd60e fix(stats): TPM now only counts output tokens (#7827)
* fix(stats): TPM now only counts output tokens

- Add range_total_output_tokens accumulation, separate from total tokens
- Change range_avg_tpm formula to use output tokens only
- Update i18n labels to reflect Output TPM

* fix(stats): range
2026-04-27 12:59:44 +08:00
Weilong Liao
c5ab4f7263 feat: add /stats command to view conversation token usage (#7831)
* feat: add /stats command to view conversation token usage

- Add stats() method to ConversationCommands that queries ProviderStat
  records by conversation_id and aggregates token breakdowns
- Register /stats command in main.py

* feat: reorder conversation stats output for better readability

Co-authored-by: Copilot <copilot@github.com>

* feat: reorder token usage output for improved clarity

* feat: enhance stats command to aggregate conversation token usage

* feat: add cached input tokens display and update translations for clarity

* feat: update stats command to clarify conversation token usage display

---------

Co-authored-by: Copilot <copilot@github.com>
2026-04-27 12:59:21 +08:00
Weilong Liao
415da218f6 fix: update reasoning_content handling to support empty string values (#7830)
* fix: update reasoning_content handling to support empty string values

* fix: add reasoning_content field for DeepSeek v4 models in assistant messages
2026-04-27 11:47:32 +08:00
Weilong Liao
07b37b98de fix: handle empty reasoning content for DeepSeek v4 models (#7823)
Co-authored-by: Copilot <copilot@github.com>
2026-04-27 02:19:40 +08:00
bugkeep
bbda1e678f fix(core): downscale oversized images (#7807)
* fix(core): downscale oversized images

* refactor: share image max-size check helper

* Delete tests/unit/test_media_utils_compress_image.py

---------

Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
2026-04-26 23:10:58 +08:00
EnemyWind
3c1d0cd2c2 [fix] 将Minimax TTS默认输出格式改为wav以解决RIFF错误 (#7797)
## 问题
在 QQ 官方平台插件中,处理来自 Minimax TTS 的语音时,会抛出错误:`处理语音时出错: file does not start with RIFF id`。
## 原因
Minimax TTS 提供商 (`minimax_tts_api_source.py`) 默认配置的音频输出格式为 `mp3`,而 `qqofficial_message_event.py` 中的 `wav_to_tencent_silk` 函数要求输入为 WAV 格式(具有 RIFF 文件头)。
## 解决方案
将 `minimax_tts_api_source.py` 文件中 `ProviderMiniMaxTTSAPI` 类的 `audio_setting` 字典的 `format` 键值,从 `"mp3"` 修改为 `"wav"`。
## 结果
修改后,Minimax TTS 生成的音频文件将直接为 WAV 格式,从而被下游函数正确识别和处理,修复上述错误。
2026-04-26 23:06:54 +08:00
Weilong Liao
d16ed4e552 fix: revise reasoning_key attribute to OpenRouter (#7821) 2026-04-26 22:21:57 +08:00
Yufeng He
55c1558686 fix(openai): apply empty-assistant filter to streaming path (fixes #7721) (#7758)
PR #7202 added empty-assistant filtering in `_query` so strict
providers (Moonshot, etc.) wouldn't 400 on history with blank
assistant entries. The streaming sibling `_query_stream` was
never updated, so DeepSeek Reasoner — which returns reasoning only
during tool calls, leaving serialized content as `""` — blew up with
`Invalid assistant message: content or tool_calls must be set` on
the next turn.

Hoisted the filter into a `_sanitize_assistant_messages` helper and
called it from both paths. Also widened the empty check to cover
`content == []`, which the original filter missed and which shows up
with providers that emit content as a list of parts.
2026-04-26 13:10:47 +08:00
wjiajian
17aea1aa2c feat: add Firecrawl web search tools (#7764)
* feat: add Firecrawl web search and extract tools, update configuration and tests

* feat: implement Firecrawl API integration and error handling in web search tools

* feat: enhance Firecrawl web search with session management and payload validation

* feat:  Firecrawl web search to use aiohttp.ClientSession directly for improved session management as it was

* feat: update Firecrawl search to handle grouped web data response and add corresponding tests

* feat: refactor Firecrawl web search to use aiohttp.ClientSession for improved error handling and session management

* feat: remove unused coercion function and update Firecrawl search to use default limit in payload
2026-04-26 13:07:27 +08:00
Rhonin Wang
d4cdeeae72 fix(computer): send sandbox image downloads as images (#7785) 2026-04-25 16:44:08 +08:00
lingyun14
5ce02da6df fix: use certifi ssl context on Windows (#7778)
* fix: use certifi ssl context on Windows

* docs: update docstring to reflect hybrid SSL context

* chore: ruff

---------

Co-authored-by: Soulter <905617992@qq.com>
2026-04-25 16:34:50 +08:00
Soulter
5d79c99938 feat: add deduplication for WeChat kefu text messages within 15 seconds (#7788) 2026-04-25 16:26:30 +08:00
Soulter
f0a1dd79c4 perf: improve provider config ui (#7772)
* stage

* style: update font families and improve responsive design across components
2026-04-24 20:46:45 +08:00
alonguser
8d9ae55c8f fix: extract shared clipboard utility and fix copy actions in dialogs and insecure contexts (#7747)
* fix: 在非安全上下文中为 copyMessage 添加 execCommand 备用方案

在非安全上下文中(例如通过 HTTP 局域网 IP 访问),navigator.clipboard 不可用。为此,我们添加了使用 document.execCommand(‘copy’) 的备用方案,这与 ReadmeDialog.vue 和 Settings.vue 中的现有实现保持一致。

* fix: extract shared clipboard utility and fix copy actions in dialogs and insecure contexts

---------

Co-authored-by: RC-CHN <1051989940@qq.com>
2026-04-24 10:44:20 +08:00
bugkeep
aaec41e505 fix: prevent path traversal in file uploads (#7751)
* fix: prevent path traversal in uploads

* fix: remove embedded NUL bytes from upload filenames

---------

Co-authored-by: RC-CHN <1051989940@qq.com>
2026-04-24 09:01:02 +08:00
Soulter
9f8ce24726 chore: bump version to 4.23.5 v4.23.5 2026-04-23 22:28:40 +08:00
Soulter
8eefda4611 chore: bump version to 4.23.4 2026-04-23 21:30:03 +08:00
SJ
489e2a33c8 fix(platform): clarify shared appid hint text (#7746)
Co-authored-by: idiotsj <idiotsj@users.noreply.github.com>
2026-04-23 21:00:11 +08:00
Soulter
bb6619f38c perf: improve tool calls in reasoning and multiple tool calls display (#7742)
* perf: improve tool calls in reasoning and multiple tool calls display

- Updated LiveChatRoute and OpenApiRoute to replace manual message accumulation with BotMessageAccumulator.
- Simplified message saving logic by using build_bot_history_content and collect_plain_text_from_message_parts.
- Enhanced message processing to handle various message types (plain, image, record, file, video) more efficiently.
- Improved reasoning handling by extracting thinking parts and displaying them correctly in the UI components.
- Refactored message normalization and reasoning extraction logic in useMessages composable for better clarity and maintainability.
- Updated ChatMessageList, MessageList, StandaloneChat, and ReasoningBlock components to accommodate new message structure and rendering logic.

* feat(chat): reasoning activity panel

- Introduced a new ReasoningSidebar component for displaying reasoning details.
- Refactored MessageList and StandaloneChat components to utilize renderBlocks for improved message part handling.
- Added ReasoningTimeline component to visualize reasoning steps.
- Updated message handling logic to differentiate between thinking and content blocks.
- Enhanced localization for reasoning-related terms in English, Russian, and Chinese.
- Improved styling for various components to ensure consistency and readability.

* Update astrbot/dashboard/routes/chat.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-04-23 17:46:53 +08:00
Soulter
2f479b5204 fix: add missing platform adapter filter types (#7738) 2026-04-23 13:42:45 +08:00
Soulter
56435b5c17 chore: delete video-fix.patch 2026-04-23 13:03:52 +08:00
Soulter
c1cd5627bb chore: bump version to 4.23.3 2026-04-23 12:00:10 +08:00
LIghtJUNction
1b76af4217 test: improve storage_cleaner tests (constants, helpers, clearer assertions) 2026-04-23 04:42:27 +08:00
LIghtJUNction
2ecd95b9e9 chore: ruff check && format 2026-04-23 04:29:07 +08:00
LIghtJUNction
5e32fdf58f Update context.py 2026-04-23 04:20:30 +08:00
LIghtJUNction
60738b44ee Update internal.py 2026-04-23 04:18:52 +08:00
LIghtJUNction
c4048bb8eb refactor: delete _internal
remove deprecated API modules and example scripts; update core modules
(agents, providers, tools, platform adapters, utils), dashboard package
and components, and unit tests.
2026-04-23 04:16:30 +08:00