Soulter
aa7bd5e5ad
feat: add support for resetting dashboard initial password on startup
...
Co-authored-by: Copilot <copilot@github.com >
2026-05-22 19:34:22 +08:00
lingyun14
0711172fa7
Fix/stale command hints ( #8245 )
...
* Update stage.py
* fix: remove stale slash command hints
* fix: remove stale slash command hints
* fix: remove stale slash command hints
* Update openai_source.py
2026-05-21 21:45:57 +08:00
Yufeng He
c4693fa68e
fix: support rst and adoc knowledge uploads ( #8255 )
2026-05-20 14:38:16 +08:00
Yufeng He
5bbcdced0f
fix: skip empty llm summaries ( #8195 )
2026-05-19 09:38:55 +08:00
Soulter
d609f23b71
chore: bump version to 4.25.1
2026-05-17 15:01:59 +08:00
Soulter
02291a3217
chore: bump version to 4.25.0
2026-05-16 01:39:04 +08:00
Tom8266
871b932785
fix: detect Tencent SILK (\x02 prefix) in audio magic bytes to avoid ffmpeg failure ( #8009 )
...
* fix: detect Tencent SILK (\x02 prefix) in audio magic bytes to avoid ffmpeg failure
QQ official bot sends voice in Tencent SILK format (leading \x02 byte before
#!SILK_V3 magic). _get_audio_magic_type() had two off-by-one slice errors:
1. Standard SILK: header[:8] vs b'#!SILK_V3' (8 != 9 bytes) — never matched
2. Tencent SILK: not detected at all
Fixes:
- Standard SILK: header[:9] == b'#!SILK_V3' (correct 9-byte slice)
- Tencent SILK: header[:1] == b"\x02" and header[1:10] == b'#!SILK_V3'
- ensure_wav() routes detected silk to tencent_silk_to_wav()
Before: QQ voice → ffmpeg → 'Invalid data found'
After: QQ voice → magic detects silk → tencent_silk_to_wav → WAV OK
* refactor: use startswith() for SILK magic byte detection
Replace manual slice comparisons with startswith() — cleaner, less
error-prone, and immune to off-by-one slice errors.
Suggested by: sourcery-ai
2026-05-16 01:20:52 +08:00
Weilong Liao
c88025c2a3
feat(dingtalk): implement one-click QR registration and polling mechanism ( #8198 )
2026-05-15 18:43:21 +08:00
lingyun14
094aef6241
fix: drop **kwargs bug in two register funcs ( #8141 )
2026-05-15 17:00:03 +08:00
Weilong Liao
6982ef7d94
feat(weixin_oc): handle session timeout and clear login state ( #8196 )
2026-05-15 15:30:56 +08:00
千岚之夏
a09657e620
fix: handle MiniMax TTS timber weight configuration more robustly to avoid crashes on invalid or empty values
...
* fix: add comments and await asyncio.sleep(0) for startup signal
* fix: [Bug] 修复 MiniMax TTS 空字符串配置解析报错
* fix: 采纳AI审查建议,添日志+提取默认配置变量
* fix: 移除误加的core_lifecycle.py改动
---------
Co-authored-by: RainBot-Ai <qianlanzhiya@gmail.com >
2026-05-15 13:01:36 +08:00
Weilong Liao
aace90daab
feat: supports scan QR code to configure feishu / lark ( #8191 )
...
* feat(lark): implement app registration and bot info retrieval
- Add app registration functionality for Lark and Feishu platforms, including endpoints and request handling.
- Introduce polling mechanism for app registration status.
- Create bot info retrieval functionality to fetch bot details after successful registration.
- Enhance dashboard with new UI components for one-click QR setup and manual setup options.
- Update internationalization files to support new features and actions.
- Add unit tests for app registration endpoint resolution and data handling.
* feat(weixin_oc): add WeChat login registration and QR code handling
2026-05-15 13:00:26 +08:00
Yufeng He
094c2de85a
fix: surface weixin media send failures ( #8175 )
...
* fix: surface weixin media send failures
* fix: include weixin send failure context
* Delete tests/unit/test_weixin_oc_adapter.py
---------
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com >
2026-05-14 12:17:59 +08:00
counhopig
7d402fa16a
fix: add ollama and nvidia embedding ( #8104 )
...
* fix: add ollama and nvidia embedding
* fix: address code review feedback for embedding providers
- Remove redundant proxy branch in NvidiaEmbeddingProvider._get_client
- Change ClientError handling to re-raise instead of wrapping in Exception
- Add exc_info=True for better error diagnostics
- Remove redundant isinstance check in OllamaEmbeddingProvider._build_payload
2026-05-14 12:16:35 +08:00
lingyun14
3a1d6c8f89
fix: handle None tool arguments from Claude API for no-parameter tools ( #8136 )
...
* fix: handle None tool arguments returned by Claude API for no-parameter tools
* fix: handle None tool arguments from Claude API for no-parameter tools
* fix: generalize None tool args comment
* fix: generalize None tool args comment
* 去除空格,以保证格式正确
2026-05-14 12:01:19 +08:00
Chang Lee
35f5d7e710
perf: enhance AMR audio quality and simplify opus logic ( #8153 )
...
* chore: streamline convert_audio_to_opus logic
- Route Opus conversion directly through the underlying convert_audio_format.
- Remove redundant FFmpeg processing chains to improve code reusability.
* perf: optimize AMR voice encoding parameters
- Enhance AMR audio quality via built-in FFmpeg filters.
2026-05-14 11:57:14 +08:00
Yufeng He
3290d75519
fix: prefer bundled dashboard over stale data dist ( #8172 )
...
* fix: prefer bundled dashboard over stale dist
* fix: harden dashboard dist version checks
2026-05-14 09:00:16 +08:00
Soulter
c77cb0f4e2
chore: bump version to 4.24.5
2026-05-14 01:16:26 +08:00
Soulter
93428a7976
feat: add initial dashboard password resolution from environment variable
2026-05-14 00:45:37 +08:00
Soulter
37142fd253
feat: enhance update dialog with progress tracking and localization updates
...
- Added advanced settings option in update dialog for better user control.
- Implemented detailed progress tracking for update stages including download size and speed.
- Updated localization files for English, Russian, and Chinese to include new strings for update progress and advanced settings.
- Improved UI for update dialog with better layout and responsiveness.
- Enhanced test coverage for update process including progress tracking.
2026-05-14 00:40:24 +08:00
Tsukumi
1b09132e4a
fix: respect explicit Shipyard Neo profile ( #8167 )
2026-05-13 14:38:11 +08:00
NayukiMeko
22ba831a31
fix(message_tools): throw exception and block message sending when path does not exist ( #8149 )
...
* fix(message_tools): 路径不存在时抛出异常并阻止消息发送
- _resolve_path_from_sandbox 在所有解析路径均失败时改为抛出 FileNotFoundError,而非静默返回原始路径,避免将无效路径传递给下游组件
- 新增 component_type 关键字参数,使错误信息能明确指出是 image/record/video/file 哪类资源路径缺失
- 在 call 方法中捕获 FileNotFoundError 并提前返回错误字符串,确保路径无效时不会继续构建或发送任何消息组件
- 补充单元测试,验证缺失图片路径场景下 send_message 不会被调用
* Update tests/unit/test_message_tools.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* fix(tools): propagate sandbox error instead of masking as FileNotFoundError
---------
Co-authored-by: Ruochen Pan <badbatch0x01@gmail.com >
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: RC-CHN <1051989940@qq.com >
2026-05-13 11:50:06 +08:00
Soulter
c48108040c
chore: bump version to 4.24.4
2026-05-13 01:46:08 +08:00
Soulter
989cc0d609
chore: bump version to 4.24.3
2026-05-13 00:17:27 +08:00
lingyun14
cb90de752d
fix(docs): fix multiple errors in plugin development guides ( #8166 )
...
* Update listen-message-event.md
* Update listen-message-event.md
* Update ai.md
* Update plugin-new.md
* Update plugin-new.md
* Update simple.md
* Update star_handler.py
* Update listen-message-event.md
* Update listen-message-event.md
2026-05-13 00:04:12 +08:00
Weilong Liao
7ddf6371b9
fix(webui): enforce 12-char dashboard password policy with backend+frontend validation ( #7338 )
...
* fix(webui): enforce 12-char dashboard password policy with backend+frontend validation
* fix(i18n): update password policy hints and validation rules for improved security
* test: adapt dashboard auth fixtures for hashed default password
* fix(security): increase PBKDF2 iterations
* feat(auth): implement secure login challenge and proof verification
* chore: ruff format
* fix(auth): update md5 import syntax for consistency
* feat(dashboard): implement random password generation for empty dashboard password
* feat(auth): enforce plaintext password requirement for legacy MD5 hashes
* fix(i18n): update password hint texts to reflect auto-generated initial passwords
* feat(dashboard): implement password change requirement and reset logic
* feat(auth): implement account setup flow and password change requirements
* feat: Implement legacy password support and upgrade mechanism
- Added `hash_legacy_dashboard_password` function for MD5 hashing of passwords.
- Updated configuration handling to store both PBKDF2 and legacy password hashes.
- Introduced logic to check if password storage has been upgraded and if a password change is required.
- Modified dashboard authentication routes to handle legacy password checks and prompts for upgrades.
- Updated frontend to display warnings for legacy password storage and required upgrades.
- Enhanced tests to cover scenarios for legacy password handling and migration to new storage format.
* fix(logo): update text color styles to use CSS variables for consistency
* feat(dashboard): upgrade password storage and enforce change requirement
* fix(dashboard): update minimum password length from 12 to 10 characters
* fix(dashboard): update minimum password length from 10 to 8 characters
---------
Co-authored-by: RC-CHN <1051989940@qq.com >
2026-05-12 23:46:57 +08:00
Yufeng He
f86de988a4
fix: keep Discord startup alive on command quota ( #8061 )
...
* fix: keep Discord startup alive on command quota
* Update discord_platform_adapter.py
---------
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com >
2026-05-12 23:28:23 +08:00
NayukiMeko
041c35c35b
Fix: Fix issue where temporary directory is not cleaned and error tracking false positives when repeatedly installing plugins ( #8148 )
...
* fix(star): 修复重复安装插件时临时目录未清理及错误追踪误报问题
- 引入 skip_failed_tracking 标志,当目标目录已存在时跳过失败安装追踪,避免将预期冲突错误误记为安装失败
- 修复 finally 块中临时目录清理逻辑,确保冲突场景下 plugin_upload_* 临时目录也能被正确删除
- 新增测试用例 test_install_plugin_from_file_conflict_keeps_failed_plugins_clean,验证重复安装同名插件时 failed_plugin_dict 为空且无残留临时目录
Ref #8122
* style(star): ruff 格式化
2026-05-11 16:36:03 +08:00
エイカク
ad516950f2
fix(provider): force Gemini chat client to use managed httpx client ( #8112 )
...
When both aiohttp and httpx are installed, google-genai prefers aiohttp
as the async HTTP backend. In error response paths, the aiohttp backend
returns raw aiohttp.ClientResponse objects that google-genai cannot handle,
masking real API errors with:
Unsupported response type: <class 'aiohttp.client_reqrep.ClientResponse'>
This fix explicitly creates an httpx.AsyncClient and passes it via
HttpOptions.httpx_async_client, ensuring the chat provider always uses
the httpx backend. The managed client is closed in terminate().
- Preserve HTTP_PROXY/HTTPS_PROXY support via trust_env=True.
- Preserve provider-level proxy via httpx.AsyncClient(proxy=...).
- Avoid logging full proxy URLs for security.
Fixes #7564
2026-05-10 00:20:36 +09:00
Ruochen Pan
f29b339ea2
fix(t2i): validate template content to prevent Jinja2 SSTI injection ( #8077 )
...
* fix(t2i): validate template content to prevent Jinja2 SSTI injection
* fix(t2i): add error feedback
* fix(test): update assertion to match previous commits
* style: format code
2026-05-08 15:30:52 +08:00
エイカク
f02845ebdc
fix(config): expose cua idle timeout in dashboard ( #8075 )
...
* fix(config): expose cua idle timeout in dashboard
* fix(config): remove exposed cua ttl setting
* fix(config): centralize cua idle timeout default
2026-05-08 10:08:53 +09:00
エイカク
49cd4d2a20
feat(cua): expire idle sandbox sessions ( #8074 )
...
* feat(cua): expire idle sandbox sessions
* fix(cua): simplify idle timeout state
2026-05-08 09:41:59 +09:00
Yufeng He
116c66b5b7
fix: skip KB retrieval for blank prompts ( #8073 )
2026-05-08 08:35:24 +08:00
エイカク
5745ce5b80
fix(cua): use native file interfaces for uploads ( #8069 )
2026-05-08 02:36:43 +09:00
AstrBot
dd716e61a4
feat: add visual separator between thinking content and response ( #8059 )
...
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-07 22:19:50 +08:00
Ruochen Pan
718449d6ac
fix(core): use correct asset filename in GitHub fallback download URL ( #8046 )
...
* fix(core): use correct asset filename in GitHub fallback download URL
* fix(core):resolve the tag via GitHub API with certifi SSL and proxy support.
2026-05-07 09:00:56 +08:00
エイカク
d1059cd504
fix windows updater zip root path normalization ( #8019 )
...
* fix: normalize updater zip root paths on windows
* refactor: share updater archive path normalization
* test: expand updater archive root coverage
* fix: guard empty updater archive roots
* refactor: share updater extraction safeguards
* refactor: simplify updater extraction cleanup
* refactor: inline updater root normalization
* fix: infer archive root from zip entries
2026-05-07 09:41:45 +09:00
千岚之夏
e8d3e1837c
feat: add disable_metrics config option for WebUI ( #7946 )
...
* feat: add disable_metrics config option for WebUI
* fix: remove dead code _disable_metrics, narrow exception catching
* fix: add Russian translation for disable_metrics
* fix: 将 disable_metrics 移到系统配置
* fix: 将 disable_metrics 元数据从 general 移到 system 分组
---------
Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com >
2026-05-06 09:02:35 +08:00
Rhonin Wang
b4e1181d1e
fix(config): hide Baidu web search key when disabled ( #7992 )
...
* fix(config): hide Baidu web search key when disabled
* chore: remove unnecessary test change
---------
Co-authored-by: RhoninSeiei <RhoninSeiei@users.noreply.github.com >
Co-authored-by: Rhonin <rhonin@STARFORGE.localdomain >
2026-05-06 08:49:11 +08:00
Midwich
7a519d4d1e
fix(config): add missing websearch_firecrawl_key to DEFAULT_CONFIG ( #8012 )
...
The websearch_firecrawl_key config key was added in PR #7764 (Firecrawl
web search provider) but was missing from DEFAULT_CONFIG in default.py.
Because AstrBotConfig.check_config_integrity() removes keys that exist
in the user's cmd_config.json but are absent from DEFAULT_CONFIG, the
firecrawl API key is silently deleted on every container restart.
Fixes: unreported issue (config key removed on restart)
2026-05-06 08:47:04 +08:00
Haoran Xu
44e8c0061e
fix: preserve folder parent on rename ( #7974 )
2026-05-05 21:16:53 +08:00
Helian Nuits
0830f48ae0
fix: resolve path conflicts and improve self-healing during backup restore and plugin installation ( #7737 )
...
* fix(数据备份与恢复): 解决备份恢复和插件安装过程中的路径冲突及自愈问题
1. 修复备份导入时目录条目被误识别为 0 字节文件的问题。
2. 增加插件加载和数据目录创建时的路径冲突自动清理逻辑。
3. 增强插件解压安装过程对现有冲突文件的兼容性。
4. 优化 remove_dir 工具类使其支持同时处理文件和目录的删除。
* fix(core): 根据 CR 建议实现通用的路径冲突自愈机制并增强损坏符号链接的处理能力
2026-05-05 01:05:43 +08:00
elecvoid243
e410adc188
fix: encoding issue in windows when using python tool
2026-05-05 00:03:33 +08:00
Soulter
319f50be2a
feat: plugin changelogs and update system
2026-05-04 20:03:01 +08:00
Soulter
39386eeb3e
chore: bump version to 4.24.2
2026-05-04 00:21:43 +08:00
Soulter
bc2c67d4d7
fix: support dynamic plugin web api routes
2026-05-04 00:21:02 +08:00
Soulter
010e6d2eda
chore: bump version to 4.24.1
2026-05-03 23:00:16 +08:00
Soulter
afe999550d
chore: bump version to 4.24.0
2026-05-03 22:20:25 +08:00
Weilong Liao
93a6152eee
feat: add temporary extra user content parts ( #7976 )
...
* feat: add temporary extra user content parts
* fix: 3.10
2026-05-03 22:11:24 +08:00
lxfight
fff9c8ee19
feat: supports plugin to register custom pages (webui) ( #5940 )
...
* feat(plugin): add webui metadata schema for plugins
* feat(dashboard): serve plugin webui with scoped asset tokens
* feat(dashboard): add plugin webui page and extension entry actions
* test(dashboard): cover plugin webui auth and asset routing
* fix(dashboard): use aiofiles for non-blocking plugin webui assets
* fix(dashboard): streamline JWT extraction and validation for plugin webui paths
* fix(dashboard): harden plugin webui bridge and auth cookie security
* fix(dashboard): restore plugin webui bridge under sandbox iframe
* refactor(dashboard): apply plugin webui review improvements
* docs: 补充插件 WebUI 开发指南
* fix(plugin-webui): 统一 WebUI title 契约并修复桥接行为
* docs: 更新插件 WebUI 开发指南
* fix
* feat: Introduce Plugin Pages feature
- Added support for plugins to expose Dashboard pages via a `pages/` directory.
- Updated `PluginDetailPage.vue` to include a button for opening plugin pages.
- Refactored `useExtensionPage.js` to remove the deprecated `openPluginWebUI` function.
- Updated documentation to replace references from "Plugin WebUI" to "Plugin Pages".
- Created new documentation for Plugin Pages detailing structure, examples, and API usage.
- Removed the old Plugin WebUI documentation.
- Updated tests to reflect changes from Plugin WebUI to Plugin Pages, ensuring proper functionality and security checks.
* feat: 增强插件页面功能,添加返回按钮逻辑并更新测试用例
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
---------
Co-authored-by: Soulter <905617992@qq.com >
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com >
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-05-03 20:41:50 +08:00