Commit Graph

252 Commits

Author SHA1 Message Date
Soulter
3828ebde18 feat: update permission handling to delegate event context in guarded tools 2026-06-25 16:16:17 +08:00
Weilong Liao
d90530af8e Revert "fix: reconnect MCP client on terminated session (#8694)" (#8991)
This reverts commit 2bda4e4d96.
2026-06-24 22:44:45 +08:00
EterUltimate
2bda4e4d96 fix: reconnect MCP client on terminated session (#8694)
* fix: reconnect MCP client on terminated session

* Update astrbot/core/agent/mcp_client.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* Update mcp_client.py

---------

Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-06-24 22:43:24 +08:00
FuShang114
b7cadfe704 fix: allow plugin page asset token fallback (#8970)
Co-authored-by: beidou-lab-macmini <beidou-lab-macmini@beidou-lab-macminideMac-mini.local>
2026-06-24 22:11:49 +08:00
Weilong Liao
421d718041 feat: show public version details on login (#8986)
* feat: show public version details on login

* fix: address login version review feedback
2026-06-24 21:46:29 +08:00
Weilong Liao
df4d93d724 fix: normalize cron weekday scheduling (#8984) 2026-06-24 16:22:58 +08:00
Tanishq
ae29a7eaf9 feat(websearch): add Exa as a web search provider (#8973)
- Add ExaWebSearchTool (web_search_exa) with keyword/semantic search,
  category filters, domain restrictions, and date range support
- Add ExaGetContentsTool (exa_get_contents) for extracting web page content
- Add _exa_search() and _exa_get_contents() API helpers hitting
  https://api.exa.ai/search and https://api.exa.ai/contents
- Add _EXA_KEY_ROTATOR for multi-key rotation
- Register Exa tools in _apply_web_search_tools() dispatch
- Add Exa to WEB_SEARCH_CITATION_TOOL_NAMES for citation support
- Add websearch_exa_key config default and provider option
- Add i18n metadata for en-US, zh-CN, ru-RU
- Add Exa section to docs (en + zh)
- Add 6 unit tests covering search, contents, error handling, and
  legacy config migration

Closes #5621
2026-06-24 15:53:47 +08:00
Weilong Liao
d36987dd19 fix: restore static runtime version
Fixes #8924
2026-06-20 22:06:24 +08:00
Weilong Liao
da7f53d5eb fix: keep system tools with persona tool lists (#8908) 2026-06-20 01:15:31 +08:00
Soulter
a7533aacda fix: fall back to stale WebUI when repair fails 2026-06-20 00:01:29 +08:00
lxfight
2d98d38078 fix: inject knowledge base context as temporary user content (#8904) 2026-06-19 22:48:23 +08:00
Weilong Liao
1b0f5cb0d3 fix: keep WebUI assets in sync with core version (#8901)
* fix: keep WebUI assets in sync with core version

* fix: import dashboard version before bundled fallback

* fix: remove stale WebUI dist robustly
2026-06-19 22:46:38 +08:00
Weilong Liao
272242e407 chore: add release preparation workflow (#8891)
* chore: add release preparation workflow

* fix: address release workflow review feedback
2026-06-19 17:41:13 +08:00
Weilong Liao
dd36979eca feat: implement request retry mechanism for provider requests (#8893)
* feat: implement request retry mechanism for provider requests

* feat: add request max retries configuration and implement retry logic for provider requests

* feat: update fake_query function to accept request_max_retries parameter

* feat: remove retry_rate_limits from provider request calls
2026-06-19 17:13:40 +08:00
Weilong Liao
5888631ed5 feat: add hosted core package downloads (#8888)
* feat: add hosted core package downloads

* Potential fix for pull request finding 'CodeQL / Incomplete URL substring sanitization'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* fix: validate hosted core package archive

* fix: validate hosted dashboard package archive

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-06-19 12:44:31 +08:00
Weilong Liao
29d66b84b9 feat: support workspace skills in requests (#8884)
* feat: support workspace skills in requests

* fix: harden workspace skill discovery

* fix: address workspace skills review comments
2026-06-19 12:03:07 +08:00
Weilong Liao
59734c22b6 fix(core): reject hardlinked files in restricted local fs tools
Reject multi-linked regular files in restricted local filesystem tools so workspace hardlink aliases cannot read or overwrite files outside allowed directories.

Fixes #8868.
2026-06-19 00:28:36 +08:00
Weilong Liao
309e05d3cc fix: enforce future task owner checks (#8881) 2026-06-18 23:35:33 +08:00
Yufeng He
1a9d1f566d fix(core): enforce persona tool boundaries (#8786)
* fix(core): enforce persona tool boundaries

* refactor: filter persona tools in one pass

---------

Co-authored-by: Soulter <905617992@qq.com>
2026-06-18 23:15:25 +08:00
Weilong Liao
264e7eaaa3 fix: restore OpenAPI file uploads
Expose /api/v1/file in OpenAPI, enable file-scoped API keys, and regenerate docs/client artifacts.
2026-06-18 12:37:38 +08:00
Weilong Liao
19864b3f85 fix: recover interrupted dashboard upgrades 2026-06-17 22:48:47 +08:00
エイカク
2c8736fe42 fix: harden sandbox file transfers (#8840)
* fix: harden sandbox file transfers

* fix: check CUA sandbox availability with shell probe

* fix: address sandbox transfer review feedback

* fix: preserve CUA health check cancellation

* fix: tighten CUA health probe checks
2026-06-17 22:25:51 +09:00
Weilong Liao
55af880369 feat(qqofficial): allow QQ Official Webhook adapters to proactively send group messages without requiring a cached msg_id (#8841)
* feat(qqofficial): support webhook QR setup

* docs(qqofficial): simplify webhook QR setup step
2026-06-17 21:13:05 +08:00
letr
30ae18a8f0 feat(qqofficial): support group message create type (#8838)
* feat(qqofficial): support group message create

* chore: remove temporary qq official capture script

* feat(qqofficial): allow ws segmented replies

* fix(qqofficial): guard missing group mentions

* feat(qqofficial): enhance group message handling with debug logging and sender username

* feat(qqofficial): add recommended group chat settings and update bot creation instructions

* feat(qqofficial): enhance error handling for QQ Official API message sending

---------

Co-authored-by: Soulter <905617992@qq.com>
2026-06-17 19:11:48 +08:00
Weilong Liao
fda5161451 fix: preserve persona default tool selection
Fix https://github.com/AstrBotDevs/AstrBot/issues/8828
2026-06-17 11:08:46 +08:00
Weilong Liao
4f5075e608 feat: add startup reset password flag 2026-06-17 00:32:37 +08:00
Weilong Liao
f1854df620 feat: add qq official qr binding
Add QQ Official Bot QR binding registration flow for the WebSocket adapter, wire dashboard credential autofill, and mark the WebSocket template as recommended.
2026-06-16 19:08:41 +08:00
Weilong Liao
dd46cce09e fix: make project update flow atomic (#8805)
* fix: make project update flow atomic

* fix: address atomic update review feedback

* fix: show update success after restart

* fix: prevent update progress reset during restart

* fix: align update success feedback styling
2026-06-15 23:32:29 +08:00
エイカク
12d4a613b4 fix: write config files atomically (#8793)
* fix: write config files atomically

* Update astrbot_config.py

---------

Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
2026-06-15 22:06:14 +08:00
エイカク
dd828c99f4 fix: run local python in session workspace (#8792) 2026-06-15 20:52:00 +08:00
エイカク
6f88ad9a35 fix: preserve guarded run-based tools (#8790) 2026-06-15 20:47:03 +08:00
Soulter
a2b6aad849 fix: stabilize dashboard route tests on latest FastAPI 2026-06-15 13:41:13 +08:00
Soulter
ad1b64d127 fix: stabilize FastAPI dashboard route tests 2026-06-15 13:10:07 +08:00
Weilong Liao
0d8e8682db refactor(core): migrate backend backbone from Quart to FastAPI and introduce more OpenAPI (#8688)
* refactor: migrate to fastapi

* structure refactor

* fix: pyright fix

* refactor: improve error handling and public messages in plugin services

* feat(api): refactor API client integration and enhance request handling

- Updated API client configuration to use a dedicated HTTP client.
- Introduced utility functions for generating options, queries, and form data for API requests.
- Refactored multiple API methods to utilize the new utility functions for improved consistency and readability.
- Renamed types for clarity and updated import statements accordingly.

feat(docs): add script to update OpenAPI JSON from YAML spec

- Created a Python script to convert OpenAPI YAML specification to JSON format.
- The script supports customizable input and output paths.
- Ensured the script handles directory creation for output paths and validates the YAML structure.

* fix

* feat(auth): implement rate limiting for v1 login endpoint and enhance request handling

* Refactor dashboard API routers to use legacy_router for backward compatibility

- Changed all instances of dashboard_router to legacy_router across multiple API modules including platform, plugins, providers, sessions, skills, stats, subagents, t2i, tools, updates, and asgi_runtime.
- Updated route definitions to ensure existing endpoints remain functional under the new router structure.
- Introduced support for Quart request context in asgi_runtime to enhance compatibility with existing Quart-based plugins.
- Added a test case to validate the functionality of the new Quart request context handling in plugin extensions.

* chore: remove cli test

* fix: update dashboard tests for fastapi migration

* chore: satisfy ruff checks

* fix: update openapi api key scopes

* fix: sync config scope chip selection

* fix: restore quart dependency

* docs: clarify quart plugin api compatibility

* docs: update openapi scope documentation

* fix: use singular skill openapi scope

* fix: hide update service exception details

* fix: address fastapi review comments

* fix: address dashboard review findings

* docs: revert unrelated package deployment changes

* docs: update agent api generation guidance

* feat: add plugin page web api helpers

* docs: add plugin page bridge demo

* fix: type plugin upload files

* fix: stabilize plugin page uploads

* fix: type plugin web request proxy

* docs: remove plugin page docs example

* fix: authenticate plugin page SSE bridge
2026-06-14 15:03:26 +08:00
Soulter
fadada3d67 fix: correct plugin llm tool toggle ownership check 2026-06-14 11:02:16 +08:00
Weilong Liao
7c366a708b fix: unify media reference handling (#8764)
* fix: unify media reference handling

* fix: accept bare base64 record media refs

* chore: update agents.md

* fix: unify file URI handling across media components and utilities

* fix: unify media reference type handling with MediaRefStr alias

* Potential fix for pull request finding 'CodeQL / Incomplete URL substring sanitization'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update astrbot/core/platform/sources/discord/discord_platform_adapter.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix: unify media handling and improve base64 decoding across components

* fix: simplify client_kwargs type definition and enhance media message handling in platform adapter

* fix: unify media utility documentation and enhance function descriptions

* perf: drop "pilk" requirement, improve audio outbound for tencent-related IM apps which using silk

* fix: unify Tencent Silk audio handling and enhance media resolver functionality

---

- Centralize media reference materialization and base64 resolution for local paths, http(s), base64://, data URIs, and legacy bare base64 payloads.
- Normalize incoming Record audio to wav and Image media to temporary jpg during preprocess, with event-scoped cleanup.
- Reuse the shared media resolver across OpenAI, Gemini, Anthropic, MiMo, DeerFlow, STT, and platform media paths while sanitizing logs and cleaning temporary conversion outputs.
- Ensure generated TTS audio is tracked for cleanup after the event finishes.

fix #8676
fix #8543
fix #7588
fix #7580
fix #8030
fix #8034
fix #7461
fix #7565
fix #6509
fix #7144
fix #7795



---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-06-14 10:37:16 +08:00
Soulter
3ca6f241ac fix: resolve subdirectory llm tool plugin ownership 2026-06-13 17:34:11 +08:00
星鸿SeRazon
f3aa2a6959 perf(cli): optimize plugin list building performance and robustness while adding coverage for key merge and edge-case scenarios (#8705)
* perf: optimize plugin list merge

* fix: guard plugin list directory iteration

* test: move plugin utils tests to unit suite

* fix: minimize plugin path guard change

* test: cover missing plugin directory listing

* fix: address code review feedback on plugin utils and tests

* perf: optimize plugin comparison using dict pop method

* style: format plugin.py and retry CI
2026-06-13 16:44:22 +08:00
Yufeng He
d4e7aa0489 fix: avoid duplicate quoted image captions (#8718) 2026-06-13 16:12:54 +08:00
Yufeng He
690b184a62 fix: preserve embedding api version suffixes (#8736) 2026-06-13 15:57:36 +08:00
Ruochen Pan
ae44b912fc feat(dashboard): add per-tool permission management for function tools (#8693)
* feat(func-tool): add per-tool permission management

* feat(dashboard): add permission column to function tool table

* refactor(dashboard): encapsulate tool actions into composable and unify permission UI

* style: format code

* fix: guard sync handler, simplify sp access, skip builtin instantiation
2026-06-09 14:47:41 +08:00
C₂₂H₂₅NO₆
0fb3f5eb93 feat: display current weekday information (#8669)
在现实世界时间感知提示中追加 Weekday 字段,让模型能直接获取今天是星期几。\n\n使用固定英文星期表避免受系统 locale 影响,并补充单测覆盖输出格式。

Co-authored-by: C₂₂H₂₅NO₆ <Sisyphbaous-DT-Project@users.noreply.github.com>
2026-06-09 10:11:20 +08:00
Weilong Liao
66ec415e56 fix: restrict local file paths in message tools (#8660)
* fix: restrict local file paths in message tool

* Update astrbot/core/tools/message_tools.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix: rf

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-06-08 01:20:47 +08:00
Soulter
05c137eb29 fix: qq official webhook mode can not restart normally 2026-06-07 18:10:45 +08:00
Copilot
1a04998787 perf: handle Anthropic usage=None on content-filtered responses (#8647)
* Initial plan

* fix: handle missing anthropic usage on filtered responses

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-06-07 15:29:22 +08:00
Weilong Liao
c7e9d5b481 fix: Prevent duplicate web search citation prompts from being repeatedly appended to the system message after multiple tool invocations in a single interaction (#8642) 2026-06-07 12:23:03 +08:00
Weilong Liao
bdc32bb78c Revert "fix: retry provider stats on sqlite lock" (#8639)
This reverts commit 1ad2b2c385.
2026-06-07 10:51:27 +08:00
Weilong Liao
c70a1924fe Revert "fix SQLAlchemy compatibility issues on macOS" (#8638)
* Revert "fix SQLAlchemy compatibility issues on macOS (#7724)"

This reverts commit 2d78626840.

* fix

* chore: add busy timeout pragma
2026-06-07 10:50:33 +08:00
Weilong Liao
ef53a933ec fix: keep DingTalk stream reconnecting (#8610)
* fix: keep DingTalk stream reconnecting

* fix
2026-06-06 00:46:37 +08:00
lxfight
65fe0574b9 feat: sync dashboard theme to plugin pages (#8390)
* feat(plugin): pass theme through plugin page asset URLs and initial context

Add theme query parameter propagation through the plugin page asset pipeline
so that the bridge SDK initial context includes isDark.

* feat(plugin): inject data-theme and color-scheme into plugin page HTML

Set data-theme on <html> and add color-scheme meta tag server-side
to prevent flash when entering plugin pages in dark mode.

* feat(webui): add isDark getter to customizer store

* feat(webui): sync theme to plugin iframe via URL param and postMessage

Append theme query parameter to iframe src URL and include isDark
in the postMessage context. Watch uiTheme changes to re-send context.

* feat(bridge): auto-apply data-theme from context in plugin bridge SDK

Set data-theme attribute on document.documentElement when context
includes isDark, enabling live theme switching via postMessage.

* docs: add light/dark theme adaptation guide for plugin pages

Add theme adaptation section to existing plugin-pages docs in both
Chinese and English, covering CSS variables and onContext() usage.

* test: add theme sync tests for plugin page bridge and content

Verify isDark in bridge SDK initial context with various theme params,
and verify data-theme and color-scheme injection in rewritten HTML.

* fix(plugin): use case-insensitive regex for head tag in HTML rewrite

Replace string match for <head> with case-insensitive regex to handle
uppercase tags and tags with attributes, preventing duplicate injection
of color-scheme meta tag.

* refactor(webui): generalize isDark getter to support any dark theme

Replace hardcoded PurpleThemeDark check with suffix-based detection
so all dark theme variants are recognized automatically.

* refactor(plugin): extract theme helpers for HTML rewriting

Extract _get_request_theme and _apply_theme_to_html to eliminate
duplicate theme-parsing logic and isolate HTML mutation. Use case-
insensitive regex for head tag detection to prevent duplicate
injection when tags use mixed casing.

* style: apply ruff formatting to plugin page tests

Wrap long function call lines for consistency with project style.

* fix(plugin): handle existing data-theme and case-sensitive fallback in HTML rewrite

Strip any existing data-theme attribute before adding the new one to
prevent duplicate attributes. Use case-insensitive regex for the
<head> fallback insertion to avoid corrupting <html> tag attributes.

* fix(webui): add null guard to isDark getter

Guard against undefined uiTheme to prevent TypeError when the
theme config has not been initialized.

* fix(webui): centralize theme mapping and preserve hash in plugin page URL

Extract themeParam computed to avoid drift between URL and context.
Include hash fragment in iframe URL to support SPA hash routing.

* fix(webui): address CR feedback - deduplicate color-scheme meta, harden isDark getter, consolidate theme source

- _apply_theme_to_html: strip existing color-scheme meta before injecting to
  avoid duplicates; merge data-theme strip+add into single-pass regex callback
- customizer.ts: replace brittle endsWith('Dark') with explicit theme name check
- _rewrite_plugin_page_html: use _get_request_theme() directly instead of
  reading theme from extra_query_params

* fix(webui): 简化 isDark 推导、优化查询参数构建、使用暗色主题集合

- isDark 推导简化为 theme == "dark"(None == "dark" 为 False,去掉多余三元表达式)
- _prepare_plugin_page_query_params 改为线性构建,先计算再构建字典
- isDark getter 改用显式 DARK_THEMES Set,替代硬编码单值比较

---------

Co-authored-by: lxfight <lxfight@192.168.5.50>
2026-06-06 00:35:47 +08:00