- Replace LocalShellComponent's one-shot subprocess.run() with a
PersistentShellSession that wraps a long-running bash process per UMO.
cd/export/source now persist naturally within a conversation.
- Support background task execution via nohup.
- Remove unused ToolSessionManager / ToolSessionState (dead code,
never wired to any consumer).
- Fix performance benchmark: separate throughput and memory measurement
so tracemalloc doesn't distort timing (was 7x slower).
- Optimize bool validation in CommandFilter with frozenset + isinstance
short-circuit.
* feat(shell): add background command execution with output redirection and timeout support
* feat(shell): update timeout parameter to be optional in shell execution methods
* feat(shell): set default timeout for shell execution to 10,000,000 milliseconds
* feat(shell): set default timeout to 300s for shell execution
* feat(shell): reorder timeout parameter in ExecuteShellTool configuration
* feat(shell): implement background command execution with detached shell command support
Co-authored-by: Copilot <copilot@github.com>
* test(shell): remove obsolete test for background shell command output redirection
* fix: reorder import statements in shell.py for consistency
* fix: wrap command in parentheses for background output redirection
---------
Co-authored-by: Copilot <copilot@github.com>
- ToolSet.add() now protects active tools from inactive overrides
- Add missing _has_meaningful_content() method in RespondStage
- Remove is_local=True from ExecuteShellTool (no longer supported)
- Fix ToolSet() missing namespace argument in get_full_tool_set()
- Rewrite tests to match new tool architecture (cron_tools, func_tool_manager, tool_conflict_resolution)
* feat: filesystem grep, read, edit file
* feat: add file write tool and enhance file read functionality
* feat: enhance tool prompt formatting and add escaped text decoding for file editing
* feat: remove redundant safe path tests from security restrictions
* feat: implement file read tool with support for text and image files, including validation for large files
* feat: add file read utilities and integrate with filesystem tools
* refactor: move computer tools to builtin tools registry
* refactor: remove unused plugin_context parameter from _apply_sandbox_tools
* feat: supports to display enabled builtin tools in configs
* feat: add tooltip for disabled builtin tools and update localization strings
* feat: add workspace extra prompt handling in message processing
* feat: add ripgrep installation to Dockerfile
* perf: shell executed in workspace dir in local env
* feat: enhance file reading capabilities to support PDF and DOCX parsing, including workspace storage for long documents
* feat: update converted text notice to suggest using grep for large files
* feat: implement handling for large tool results with overflow file writing and read tool integration
* fix: test
* feat: enhance onboarding steps to include computer access configuration and related help information
* feat: add support for additional temporary path in restricted environment checks
* feat: update computer access hints and add detailed configuration instructions
- Add version check at startup in both __main__.py and cmd_run.py
- Suggest using `uv run -m astrbot` or reinstalling with uv
- Add ABC base class and abstract methods to ComputerBooter
- Improve type annotations in OpenAIAgentsRunner
- Add 'config' to known zh/en doc structure differences
- Remove trailing whitespace from docs/zh/faq.md
- Remove trailing whitespace from docs/en/dev/plugin-platform-adapter.md
- Ensure all README files end with newline
- Format bwrap.py with ruff, clean up imports
- Remove unused cast import in tool.py
- Add getattr fallbacks in context.py for handler name resolution
- Fix param_type annotation to allow Any in command.py
* New sandbox backend: bubblewrap.
- Based on Linux Namespace for resource isolation
- Runs on local computer, with no privilege required
- Only supports Linux as namespace & bubblewrap are not present on other platforms.
TODO:
- Fix dashboard presentation. Why change on src does not affect what is really displayed?
- Strenghthen backend availability detection. One known issue is, on some platforms like Ubuntu 24.04, bubblewrap is banned by system guards, even when it's shipped by package manager. A complete detector may contain :
1. run the command with cmdline used by the booter. Return True if succsed.
2. If false, do bottom-up reason detection. Namespace not compiled to kernel? Specific kernel parameters not set? Banned by safety guard? The availability detector should give the user a clear information on why this sandbox backend fails.
These work may require helps from frontend developers. It is tested to be usable on my computer, with non-persistent environment(forget on every command) and persistent file storage.
* Add RO bind entry for bubblewrap backend.
TODO add:
- add plugin utility to change ro and rw bind in cmdline
- make bind dirs dict instead of list to manually map mount point
* Fix: add boot time test for bwrap booter.
in older commits, ro_bind = ['/'] makes skill sync crash. This commit fixes it and adds detection.
* Add availability of bwrap check during booting
* unit tests of bwrap
* i18n of bwrap config by Gemini 3.1 pro
* Update astrbot/core/computer/booters/bwrap.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
---------
Co-authored-by: YI Zeping <yizeyi18@mail.nankai.edu.cn>
Co-authored-by: YI Zeping <18586016708@163.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
- Lower default max_agent_step from 30 to 3 across all agent runners
(coze, dashscope, deerflow, dify) for faster responses
- Refactor ExecuteShellTool to use plumbum with session-based isolation,
maintaining shell state per session (cwd, env vars, etc.)
- Remove unused API-specific environment variables from cmd_run
- Fix data access bug in shipyard_neo._maybe_model_dump
- Add plumbum>=1.10.0 dependency
- .gitignore: keep both .serena and .worktrees/ entries
- astr_main_agent_resources.py: keep deletion (refactored to tools/)
- send_message.py: port video message type support from master
- shipyard_neo: browser property now returns None when not initialized
instead of raising RuntimeError, matching ComputerBooter base contract
- computer_tool_provider: remove dead os.environ writes for shipyard
(SHIPYARD_ENDPOINT / SHIPYARD_ACCESS_TOKEN are never read anywhere)
and remove unused os import
- Add get_default_tools/get_tools/get_system_prompt_parts to ComputerBooter base
- Each booter subclass (ShipyardNeo, Shipyard, Boxlite) declares its own tools
- ComputerToolProvider now delegates to booter API via computer_client helpers
- Add unified query API: get_sandbox_tools, get_default_sandbox_tools, etc.
- Extract Neo prompts to dedicated computer/prompts.py module
- Add booter type constants (booters/constants.py)
- Fix subagent tool path to pass sandbox_cfg and session_id
- Fix Sourcery issues: shell injection in send_message, typo in prompts,
internal tools bypass inactivated_llm_tools check
Add capabilities property to ComputerBooter base class (returns None)
and ShipyardNeoBooter (returns immutable tuple from sandbox).
- Extract DEFAULT_PROFILE class constant to replace scattered magic string
- Use tuple[str, ...] for immutability (no defensive copy needed)
- Add _resolve_profile() for smart profile selection:
- honour user-specified profile
- query Bay API, prefer browser-capable profiles
- re-raise auth errors (401/403), fallback on transient failures
- Conditionally create NeoBrowserComponent only when profile has browser
- Log resolved profile and capabilities at boot
Add BayContainerManager to manage Bay container lifecycle via Docker
Engine API, similar to how BoxliteBooter manages Ship containers.
When ShipyardNeoBooter endpoint is empty or set to '__auto__', Bay is
automatically pulled, started, health-checked, and credentials are
read from the container.
- New bay_manager.py: ensure_running, wait_healthy, read_credentials
- Integrate auto-start into ShipyardNeoBooter boot/shutdown
- Reuse Bay container across sessions (unless-stopped policy)
- Friendly error messages for Docker and credential failures
set the base booter browser property to return None instead of
raising NotImplementedError so callers can handle missing browser
support through capability checks
* feat: support anthropic skills
closes: #4687
* chore: ruff
* feat: implement skills management and selection in persona configuration
* feat: enhance skills management with local environment tools and permissions