* feat: add PluginDetailPage component for detailed plugin information display
refactor: remove extension preference storage management and related tests
chore: clean up useExtensionPage by removing unused preference storage logic
* feat: add getHandlerDisplayName function for improved handler name display
* fix(dashboard): use v-autocomplete for list+options config field (#7884)
Replace v-select with v-autocomplete in the list+options branch of
ConfigItemRenderer. v-select's keyboard typeahead auto-toggles the
first prefix-matching item in multiple mode, which is unusable for
long option lists (e.g. plugin language pickers). v-autocomplete
filters the dropdown by typed text instead.
Bind v-model:search and clear it in @update:model-value so the search
box resets after each selection, allowing consecutive keyword search.
* perf(dashboard): memoize list config select items via computed
Wrap getSelectItems(itemMeta) in a computed so the options array
is only re-mapped when itemMeta changes, not on every keystroke
in the v-autocomplete search input. Avoids quadratic-ish work for
long option lists
---------
Co-authored-by: wanger <wanger@example.com>
* fix: warn when default chat provider is unset
* fix: align startup warning with provider fallback
* refactor: simplify default chat provider warning guard checks
* feat: warn when default chat provider id is invalid or missing
- Emit a warning when `default_provider_id` points to a
non-existent enabled provider, preventing silent fallback to
an unexpected model.
- Reset the warning guard before each
`provider_manager.initialize()` so configuration reloads
trigger a fresh re-evaluation.
- Harden guard checks to handle `None` `provider_settings` and
`None` provider IDs gracefully.
* test: cover fallback and invalid default provider id warnings
- Add case for `curr_provider_inst=None` to verify fallback to
`providers[0]`.
- Add case for a `default_provider_id` that does not match any enabled
provider.
* style: format default chat provider warning
---------
Co-authored-by: RC-CHN <1051989940@qq.com>
* fix(core): security fix - restrict send_message_to_user to current session only
Closes#7822
SECURITY: Remove the user-controlled 'session' parameter from the
send_message_to_user tool. Previously, a regular user could ask the
LLM to send messages to any arbitrary session (group chat) by
providing a crafted session string, which is a high-risk
vulnerability.
Changes:
- Remove 'session' parameter from tool schema (LLM can no longer
propose it)
- Always use context.context.event.unified_msg_origin as the target
session
- Update description to clearly state that messages can only be sent
to the current user's session
* fix: restore session param but restrict to admin only
- Re-add the parameter removed in the original PR
- Non-admin users can only send to their own session (current_session)
- Admin users can send to any session via the param
- Uses from computer_tools.util (same pattern as fs.py)
- Ref: https://github.com/AstrBotDevs/AstrBot/issues/7822
Co-authored-by: Soulter <soulter@astrbot.app>
* Update message_tools.py
---------
Co-authored-by: AstrBot <bot@astrbot.app>
* feat(shell): add background command execution with output redirection and timeout support
* feat(shell): update timeout parameter to be optional in shell execution methods
* feat(shell): set default timeout for shell execution to 10,000,000 milliseconds
* feat(shell): set default timeout to 300s for shell execution
* feat(shell): reorder timeout parameter in ExecuteShellTool configuration
* feat(shell): implement background command execution with detached shell command support
Co-authored-by: Copilot <copilot@github.com>
* test(shell): remove obsolete test for background shell command output redirection
* fix: reorder import statements in shell.py for consistency
* fix: wrap command in parentheses for background output redirection
---------
Co-authored-by: Copilot <copilot@github.com>
* feat: add one-line deploy script (deploy-cli.sh) and update cli.md
- Add docs/scripts/deploy-cli.sh for one-command deployment (Linux/macOS/WSL)
- Update docs/zh/deploy/astrbot/cli.md to reference local script
- Replace non-existent https://astrbot.app/deploy.sh with raw.githubusercontent.com URL
- Add local run tip and WSL-based Windows support
* fix: address PR review feedback for deploy-cli.sh
- Replace sort -V with Python-native version check (macOS BSD compat)
- Bump Python requirement from >=3.10 to >=3.12 (match pyproject.toml)
- Detect current directory as project root (avoid nested clone)
- Handle existing non-git directory explicitly
- Add curl dependency check
- Support ASTRBOT_REPO and ASTRBOT_DIR env vars for forks/mirrors
- Update cli.md version description to match
* feat: add Windows PowerShell deploy script and update docs
- Add deploy-cli.ps1 for Windows native environment (PowerShell 7+)
- Update cli.md to document Windows one-liner deployment
- Add local script execution instructions for both bash and ps1
* refactor: standardize log messages and improve clarity in various modules
Co-authored-by: Copilot <copilot@github.com>
* docs: 移除一行命令快速部署部分,简化安装说明
* feat: 添加脚本以复制部署 CLI 文件并更新构建命令
* refactor: 更新日志消息以提高可读性,统一英文提示信息
---------
Co-authored-by: Soulter <905617992@qq.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
* fix(dashboard): add tooltip for truncated command/tool descriptions in WebUI
- CommandTable.vue: add :title binding to description div
- ToolTable.vue: add :title binding to description and origin_name divs
Fixes#7583 - Webui中超出显示长度的指令描述无法以任何方式看到
* docs: add pre-commit setup guide to AGENTS.md
Extract the pre-commit and ruff setup instructions from README.md
into AGENTS.md so AI agents have a complete reference for
setting up the development environment.
---------
Co-authored-by: AstrBot Fixer <astrbot@fix-bot.local>
Co-authored-by: AstrBot Fixer <astrbot-fixer@users.noreply.github.com>
* fix: restore T2I text template rendering
- keep using {{ text | safe }} instead of text_base64
- inject Shiki runtime by default for T2I templates
- update built-in templates to read markdown from a hidden textarea
- improve WebUI preview sample text and Shiki runtime serving
- add regression tests for template rendering and runtime injection
* fix: prevent injected Shiki runtime from breaking T2I templates
* fix(t2i): restore raw text template rendering
* test(t2i): remove test
* fix(t2i): restore previewText
* fix(stats): TPM now only counts output tokens
- Add range_total_output_tokens accumulation, separate from total tokens
- Change range_avg_tpm formula to use output tokens only
- Update i18n labels to reflect Output TPM
* fix(stats): range
* fix: update reasoning_content handling to support empty string values
* fix: add reasoning_content field for DeepSeek v4 models in assistant messages
PR #7202 added empty-assistant filtering in `_query` so strict
providers (Moonshot, etc.) wouldn't 400 on history with blank
assistant entries. The streaming sibling `_query_stream` was
never updated, so DeepSeek Reasoner — which returns reasoning only
during tool calls, leaving serialized content as `""` — blew up with
`Invalid assistant message: content or tool_calls must be set` on
the next turn.
Hoisted the filter into a `_sanitize_assistant_messages` helper and
called it from both paths. Also widened the empty check to cover
`content == []`, which the original filter missed and which shows up
with providers that emit content as a list of parts.
* feat: add Firecrawl web search and extract tools, update configuration and tests
* feat: implement Firecrawl API integration and error handling in web search tools
* feat: enhance Firecrawl web search with session management and payload validation
* feat: Firecrawl web search to use aiohttp.ClientSession directly for improved session management as it was
* feat: update Firecrawl search to handle grouped web data response and add corresponding tests
* feat: refactor Firecrawl web search to use aiohttp.ClientSession for improved error handling and session management
* feat: remove unused coercion function and update Firecrawl search to use default limit in payload
* perf: improve tool calls in reasoning and multiple tool calls display
- Updated LiveChatRoute and OpenApiRoute to replace manual message accumulation with BotMessageAccumulator.
- Simplified message saving logic by using build_bot_history_content and collect_plain_text_from_message_parts.
- Enhanced message processing to handle various message types (plain, image, record, file, video) more efficiently.
- Improved reasoning handling by extracting thinking parts and displaying them correctly in the UI components.
- Refactored message normalization and reasoning extraction logic in useMessages composable for better clarity and maintainability.
- Updated ChatMessageList, MessageList, StandaloneChat, and ReasoningBlock components to accommodate new message structure and rendering logic.
* feat(chat): reasoning activity panel
- Introduced a new ReasoningSidebar component for displaying reasoning details.
- Refactored MessageList and StandaloneChat components to utilize renderBlocks for improved message part handling.
- Added ReasoningTimeline component to visualize reasoning steps.
- Updated message handling logic to differentiate between thinking and content blocks.
- Enhanced localization for reasoning-related terms in English, Russian, and Chinese.
- Improved styling for various components to ensure consistency and readability.
* Update astrbot/dashboard/routes/chat.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* fix: handle reasoning_content when completion_text is empty (kimi-for-coding thinking mode)
* fix: use elif for result_chain/completion_text to avoid duplication, keep reasoning_content independent per review feedback
---------
Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com>