- Replace LocalShellComponent's one-shot subprocess.run() with a
PersistentShellSession that wraps a long-running bash process per UMO.
cd/export/source now persist naturally within a conversation.
- Support background task execution via nohup.
- Remove unused ToolSessionManager / ToolSessionState (dead code,
never wired to any consumer).
- Fix performance benchmark: separate throughput and memory measurement
so tracemalloc doesn't distort timing (was 7x slower).
- Optimize bool validation in CommandFilter with frozenset + isinstance
short-circuit.
* fix(core): security fix - restrict send_message_to_user to current session only
Closes#7822
SECURITY: Remove the user-controlled 'session' parameter from the
send_message_to_user tool. Previously, a regular user could ask the
LLM to send messages to any arbitrary session (group chat) by
providing a crafted session string, which is a high-risk
vulnerability.
Changes:
- Remove 'session' parameter from tool schema (LLM can no longer
propose it)
- Always use context.context.event.unified_msg_origin as the target
session
- Update description to clearly state that messages can only be sent
to the current user's session
* fix: restore session param but restrict to admin only
- Re-add the parameter removed in the original PR
- Non-admin users can only send to their own session (current_session)
- Admin users can send to any session via the param
- Uses from computer_tools.util (same pattern as fs.py)
- Ref: https://github.com/AstrBotDevs/AstrBot/issues/7822
Co-authored-by: Soulter <soulter@astrbot.app>
* Update message_tools.py
---------
Co-authored-by: AstrBot <bot@astrbot.app>
* feat(shell): add background command execution with output redirection and timeout support
* feat(shell): update timeout parameter to be optional in shell execution methods
* feat(shell): set default timeout for shell execution to 10,000,000 milliseconds
* feat(shell): set default timeout to 300s for shell execution
* feat(shell): reorder timeout parameter in ExecuteShellTool configuration
* feat(shell): implement background command execution with detached shell command support
Co-authored-by: Copilot <copilot@github.com>
* test(shell): remove obsolete test for background shell command output redirection
* fix: reorder import statements in shell.py for consistency
* fix: wrap command in parentheses for background output redirection
---------
Co-authored-by: Copilot <copilot@github.com>
* feat: add Firecrawl web search and extract tools, update configuration and tests
* feat: implement Firecrawl API integration and error handling in web search tools
* feat: enhance Firecrawl web search with session management and payload validation
* feat: Firecrawl web search to use aiohttp.ClientSession directly for improved session management as it was
* feat: update Firecrawl search to handle grouped web data response and add corresponding tests
* feat: refactor Firecrawl web search to use aiohttp.ClientSession for improved error handling and session management
* feat: remove unused coercion function and update Firecrawl search to use default limit in payload
remove deprecated API modules and example scripts; update core modules
(agents, providers, tools, platform adapters, utils), dashboard package
and components, and unit tests.
* feat: update FileReadTool description to mention image and PDF support
Add explicit mention of image (OCR) and PDF (text extraction) support
to the FileReadTool description for better discoverability.
* feat: update FileReadTool description to include support for docx and epub files; change base64 decoding to utf-8
* feat: enhance ToolLoopAgentRunner to support image and audio modalities; add context sanitization logic
- ToolSet.add() now protects active tools from inactive overrides
- Add missing _has_meaningful_content() method in RespondStage
- Remove is_local=True from ExecuteShellTool (no longer supported)
- Fix ToolSet() missing namespace argument in get_full_tool_set()
- Rewrite tests to match new tool architecture (cron_tools, func_tool_manager, tool_conflict_resolution)
* feat: filesystem grep, read, edit file
* feat: add file write tool and enhance file read functionality
* feat: enhance tool prompt formatting and add escaped text decoding for file editing
* feat: remove redundant safe path tests from security restrictions
* feat: implement file read tool with support for text and image files, including validation for large files
* feat: add file read utilities and integrate with filesystem tools
* refactor: move computer tools to builtin tools registry
* refactor: remove unused plugin_context parameter from _apply_sandbox_tools
* feat: supports to display enabled builtin tools in configs
* feat: add tooltip for disabled builtin tools and update localization strings
* feat: add workspace extra prompt handling in message processing
* feat: add ripgrep installation to Dockerfile
* perf: shell executed in workspace dir in local env
* feat: enhance file reading capabilities to support PDF and DOCX parsing, including workspace storage for long documents
* feat: update converted text notice to suggest using grep for large files
* feat: implement handling for large tool results with overflow file writing and read tool integration
* fix: test
* feat: enhance onboarding steps to include computer access configuration and related help information
* feat: add support for additional temporary path in restricted environment checks
* feat: update computer access hints and add detailed configuration instructions
* perf: replace cron tools with FutureTaskTool for improved task management
* feat: enhance FutureTaskTool with edit functionality and improve descriptions
* feat: add edit functionality for cron jobs and update related UI components
Resolved merge conflicts in:
- func_tool_manager.py: kept origin version (full implementation)
- astr_main_agent*.py: kept HEAD version (complete refactor)
- cron_tools.py: kept HEAD version (with get_all_tools)
- config/default.py: kept HEAD version (DEFAULT_WEB_SEARCH_PROVIDER)
- dashboard/*.vue: kept HEAD version
- web_searcher engines: kept HEAD version
- Added new tools: knowledge_base_tools, message_tools, registry, web_search_tools
* feat: Refactor astrbot builtin tool management
- Introduced a new registry for builtin tools to streamline their management.
- Added `SendMessageToUserTool`, `KnowledgeBaseQueryTool`, and various web search tools as builtin tools.
- Updated `FunctionToolManager` to cache and retrieve builtin tools efficiently.
- Modified `CronJobManager` to utilize the new `SendMessageToUserTool`.
- Enhanced the dashboard to display readonly status for builtin tools and prevent toggling their state.
- Added tests for builtin tool injection and retrieval to ensure proper functionality.
* fix: escape file path in shell command to prevent injection vulnerabilities
- Add CLI i18n module (astrbot/cli/i18n.py) with zh/en translations
- Add TUI i18n module (astrbot/tui/i18n.py) with zh/en translations
- Update CLI commands to use translated strings
- Update TUI app and screen to use translated strings
- Add ASTRBOT_CLI_LANG and ASTRBOT_TUI_LANG to .env.example
- Update cmd_run.py env var documentation
- Add backward compatibility for moved modules with DeprecationWarning
Simplify the message items schema by using additionalProperties
instead of explicit properties, while preserving type info for LLM docs.
Note: 12 ty diagnostics remain in send_message.py and
astr_main_agent_resources.py due to architectural issue where
FunctionTool.parameters JSON Schema is used by ty for Python
type inference. This requires larger refactoring to fix properly.
- Add 'config' to known zh/en doc structure differences
- Remove trailing whitespace from docs/zh/faq.md
- Remove trailing whitespace from docs/en/dev/plugin-platform-adapter.md
- Ensure all README files end with newline
- .gitignore: keep both .serena and .worktrees/ entries
- astr_main_agent_resources.py: keep deletion (refactored to tools/)
- send_message.py: port video message type support from master
- Add get_default_tools/get_tools/get_system_prompt_parts to ComputerBooter base
- Each booter subclass (ShipyardNeo, Shipyard, Boxlite) declares its own tools
- ComputerToolProvider now delegates to booter API via computer_client helpers
- Add unified query API: get_sandbox_tools, get_default_sandbox_tools, etc.
- Extract Neo prompts to dedicated computer/prompts.py module
- Add booter type constants (booters/constants.py)
- Fix subagent tool path to pass sandbox_cfg and session_id
- Fix Sourcery issues: shell injection in send_message, typo in prompts,
internal tools bypass inactivated_llm_tools check