- Add app registration functionality for Lark and Feishu platforms, including endpoints and request handling.
- Introduce polling mechanism for app registration status.
- Create bot info retrieval functionality to fetch bot details after successful registration.
- Enhance dashboard with new UI components for one-click QR setup and manual setup options.
- Update internationalization files to support new features and actions.
- Add unit tests for app registration endpoint resolution and data handling.
- Added advanced settings option in update dialog for better user control.
- Implemented detailed progress tracking for update stages including download size and speed.
- Updated localization files for English, Russian, and Chinese to include new strings for update progress and advanced settings.
- Improved UI for update dialog with better layout and responsiveness.
- Enhanced test coverage for update process including progress tracking.
* fix(webui): enforce 12-char dashboard password policy with backend+frontend validation
* fix(i18n): update password policy hints and validation rules for improved security
* test: adapt dashboard auth fixtures for hashed default password
* fix(security): increase PBKDF2 iterations
* feat(auth): implement secure login challenge and proof verification
* chore: ruff format
* fix(auth): update md5 import syntax for consistency
* feat(dashboard): implement random password generation for empty dashboard password
* feat(auth): enforce plaintext password requirement for legacy MD5 hashes
* fix(i18n): update password hint texts to reflect auto-generated initial passwords
* feat(dashboard): implement password change requirement and reset logic
* feat(auth): implement account setup flow and password change requirements
* feat: Implement legacy password support and upgrade mechanism
- Added `hash_legacy_dashboard_password` function for MD5 hashing of passwords.
- Updated configuration handling to store both PBKDF2 and legacy password hashes.
- Introduced logic to check if password storage has been upgraded and if a password change is required.
- Modified dashboard authentication routes to handle legacy password checks and prompts for upgrades.
- Updated frontend to display warnings for legacy password storage and required upgrades.
- Enhanced tests to cover scenarios for legacy password handling and migration to new storage format.
* fix(logo): update text color styles to use CSS variables for consistency
* feat(dashboard): upgrade password storage and enforce change requirement
* fix(dashboard): update minimum password length from 12 to 10 characters
* fix(dashboard): update minimum password length from 10 to 8 characters
---------
Co-authored-by: RC-CHN <1051989940@qq.com>
* feat: enhance plugin page internationalization
- Updated PluginRoute to read initial context from JWT and set it in the bridge SDK.
- Added methods to retrieve locale and plugin metadata for better i18n support.
- Enhanced pluginI18n utility to resolve page-specific translations and added new functions for page titles and descriptions.
- Modified PluginPagePage and PluginDetailPage to utilize new i18n features for dynamic content rendering.
- Improved documentation for plugin page i18n structure and usage.
- Added tests to verify the correct integration of i18n in plugin pages and context handling.
* fix test
* feat: supports plugin to add skills
* fix tests
* fix: fs tools
* Add tests for plugin skills handling and improve skill management
- Implement test for restricted local member reading plugin skill inventory even if the plugin is inactive.
- Ensure that the skill synchronization process retains built-in skills when local skills are empty, including proper handling of plugin paths.
- Update dashboard tests to verify that plugin details include components when requested.
- Enhance skill metadata enrichment tests to include inactive plugin-provided skills for inventory.
- Add filtering tests for plugin skills based on current configuration, ensuring only allowed plugins are considered and inactive plugins are skipped.
Co-authored-by: Copilot <copilot@github.com>
* fix: handle PPIO platform context-length error messages (#7888)
* fix: 压缩算法删除 user 消息 Bug 修复
* perf: improve truncate algo
* fix: improve context length error detection for PPIO platform compatibility
- Extend error detection to handle PPIO's error message format:
'The input is longer than the model's context length'
- Add case-insensitive matching using .lower() for robustness
- Maintain backward compatibility with existing 'maximum context length' check
This fixes the issue where PPIO platform models (e.g., ppio/zai-org/glm-5-turbo)
would fail with AgentState.ERROR due to unrecognized context length errors.
---------
Co-authored-by: Soulter <905617992@qq.com>
* fix: 支持微信客服文件消息 (#7923)
* fix: 支持微信客服文件消息
* fix: remove WeCom file message placeholder
* fix(provider): fix Anthropic custom headers and system prompt compatibility (#7587)
* fix(provider): fix Anthropic custom headers and system prompt compatibility
- Pass custom_headers via AsyncAnthropic's `default_headers` parameter
instead of creating a separate httpx.AsyncClient. This avoids
`isinstance` check failures when multiple httpx installations exist
on sys.path (e.g. bundled Python + system Python).
- Use list format for the `system` parameter (`[{"type": "text", ...}]`)
instead of a plain string. The list format is supported by the official
Anthropic API and is also compatible with third-party API proxies that
reject the string format.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(provider): fix Anthropic custom headers and system prompt compatibility
- Pass custom_headers via AsyncAnthropic's `default_headers` parameter
instead of creating a separate httpx.AsyncClient. This avoids
`isinstance` check failures when multiple httpx installations exist
on sys.path (e.g. bundled Python + system Python).
- Use list format for the `system` parameter (`[{"type": "text", ...}]`)
instead of a plain string. The list format is supported by the official
Anthropic API and is also compatible with third-party API proxies that
reject the string format.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add test unit
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* perf: improve logic of adding models
Co-authored-by: piexian <piexian@users.noreply.github.com>
* chore: remove redundant logger messages and improve log clarity
Co-authored-by: Copilot <copilot@github.com>
* chore: ruff format
* docs: update knowledge base docs
closes: #7962
* fix(#7907): send_message_to_user cron 场景下 session 容错 (#7911)
* fix: send_message_to_user cron 场景下 session 容错 (#7907)
- LLM 在主动场景可能只传 session_id 而非完整三段式,
from_str 失败时用 current_session 补全前两段。
Co-authored-by: Copilot <copilot@github.com>
* fix: 限制 session 补全仅对裸 session_id 生效,避免误修带冒号的错误输入 (#7907)
* feat: add session information to cron job payload
Co-authored-by: Copilot <copilot@github.com>
* fix: improve clarity and consistency of safety mode prompts
Co-authored-by: Copilot <copilot@github.com>
---------
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
Co-authored-by: Soulter <905617992@qq.com>
* perf: tool rendering in conversation page (#7937)
* fix(dashboard): route conversation history tool messages through ToolCallCard
When viewing conversation history, large tool outputs (e.g. a single
git log --stat producing tens of KB) caused the browser renderer to
freeze. Root cause: formattedMessages mapped every role (including
tool / system / _checkpoint) into user/bot bubbles, and bot plain
strings went through markstream-vue's MarkdownRender. Single 88KB
tool messages plus 88-of-them adding up to ~349KB of synchronous
markdown parsing was enough to block the main thread for 5+ seconds.
This patch:
- Indexes tool-role messages by tool_call_id
- Filters formattedMessages to user/assistant only — tool, system and
_checkpoint roles no longer render as standalone bubbles
- Converts assistant.tool_calls (OpenAI shape, with tc.name/tc.arguments
fallbacks) into the existing tool_call MessagePart, attaching the
paired result so MessageList's ToolCallCard renders it (default
collapsed, no longer feeds large strings into the markdown renderer)
- Drops empty placeholder plain parts when an assistant message only
carries tool_calls
- Sets ts/finished_ts to 0 as a sentinel: ToolCallCard.toolCallDuration
returns "" when startTime <= 0, suppressing a misleading "0ms"
duration that would otherwise appear because conversation history
has no real timing data
Behavior change: tool results are now embedded in their assistant's
ToolCallCard.result instead of appearing as separate bot bubbles.
This matches the main chat UI's behavior.
Fixes#7929
Refs #7372#7456
* style(dashboard): use single scrollbar in conversation history preview
ToolCallCard's result/args panes have their own max-height + overflow,
which produced a nested scrollbar when nested inside the history
preview's already-scrollable .conversation-messages-container. Override
those constraints inside the preview only — the outer 500px-bounded
container already provides scroll bounds, so a single scrollbar feels
cleaner. The main chat UI is unaffected.
---------
Co-authored-by: wanger <wanger@example.com>
* fix: ruff format
* feat: add python tool timeout param (#7953)
* feat: add python tool timeout param
* Update python.py
---------
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
* fix: 钉钉连接超时后自动重连失败 (#7924)
* fix: improve DingTalk adapter error handling in run() method
* fix: add retry logic for DingTalk SDK task unexpected exit
* fix: use task.add_done_callback to wake thread on task completion, handle UnboundLocalError
* refactor: extract retry logic into handle_retry helper function
---------
Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com>
---------
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: leonforcode <leonbeyourside01@gmail.com>
Co-authored-by: AstralSolipsism <134063164+AstralSolipsism@users.noreply.github.com>
Co-authored-by: Pink YuDeer <wer00001@outlook.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: piexian <piexian@users.noreply.github.com>
Co-authored-by: NayukiMeko <ChibaNayuki@163.com>
Co-authored-by: wanger <122891289+10knamesmore@users.noreply.github.com>
Co-authored-by: wanger <wanger@example.com>
Co-authored-by: Haoran Xu <3230105281@zju.edu.cn>
Co-authored-by: 千岚之夏 <108566281+Blueteemo@users.noreply.github.com>
Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com>
* fix(provider): fix Anthropic custom headers and system prompt compatibility
- Pass custom_headers via AsyncAnthropic's `default_headers` parameter
instead of creating a separate httpx.AsyncClient. This avoids
`isinstance` check failures when multiple httpx installations exist
on sys.path (e.g. bundled Python + system Python).
- Use list format for the `system` parameter (`[{"type": "text", ...}]`)
instead of a plain string. The list format is supported by the official
Anthropic API and is also compatible with third-party API proxies that
reject the string format.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(provider): fix Anthropic custom headers and system prompt compatibility
- Pass custom_headers via AsyncAnthropic's `default_headers` parameter
instead of creating a separate httpx.AsyncClient. This avoids
`isinstance` check failures when multiple httpx installations exist
on sys.path (e.g. bundled Python + system Python).
- Use list format for the `system` parameter (`[{"type": "text", ...}]`)
instead of a plain string. The list format is supported by the official
Anthropic API and is also compatible with third-party API proxies that
reject the string format.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add test unit
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: supports to download plugins via astrbot official plugin storage
* fix: improve exception message for missing root directory name in PluginUpdator
* feat: Implement plugin internationalization support
- Added support for plugins to provide localized names, descriptions, and configuration texts through JSON files in the `.astrbot-plugin/i18n` directory.
- Updated various components to utilize the new internationalization functions, including `ConfigItemRenderer`, `ExtensionCard`, `ItemCard`, `ObjectEditor`, `PluginSetSelector`, and `TemplateListEditor`.
- Enhanced the `usePluginI18n` utility to resolve plugin-specific translations based on the current locale.
- Modified the `common` store to include an `i18n` field for plugin metadata.
- Updated documentation to include guidelines for plugin internationalization.
- Added tests to ensure proper loading of localization files and integration with plugin metadata.
* perf: code quality
* feat: update config path handling for internationalization support
* feat: update ExtensionCard variant to outlined and adjust InstalledPluginsTab layout for better responsiveness
* feat: update MCP servers management UI and add descriptions for better clarity
* feat: enhance OutlinedActionListItem component with clickable functionality and new slots
feat(i18n): update English, Russian, and Chinese translations for extension and knowledge base features
fix: improve DocumentDetail and KBDetail views with outlined card styles and remove unnecessary dividers
refactor: streamline KBList component to use OutlinedActionListItem for better UI consistency
style: adjust styles for knowledge base components and improve responsive design
test: add security tests for skill file browser and editor to prevent path traversal and file size issues
* feat: update UI components and styles for improved layout and readability
* fix: warn when default chat provider is unset
* fix: align startup warning with provider fallback
* refactor: simplify default chat provider warning guard checks
* feat: warn when default chat provider id is invalid or missing
- Emit a warning when `default_provider_id` points to a
non-existent enabled provider, preventing silent fallback to
an unexpected model.
- Reset the warning guard before each
`provider_manager.initialize()` so configuration reloads
trigger a fresh re-evaluation.
- Harden guard checks to handle `None` `provider_settings` and
`None` provider IDs gracefully.
* test: cover fallback and invalid default provider id warnings
- Add case for `curr_provider_inst=None` to verify fallback to
`providers[0]`.
- Add case for a `default_provider_id` that does not match any enabled
provider.
* style: format default chat provider warning
---------
Co-authored-by: RC-CHN <1051989940@qq.com>
* feat: add one-line deploy script (deploy-cli.sh) and update cli.md
- Add docs/scripts/deploy-cli.sh for one-command deployment (Linux/macOS/WSL)
- Update docs/zh/deploy/astrbot/cli.md to reference local script
- Replace non-existent https://astrbot.app/deploy.sh with raw.githubusercontent.com URL
- Add local run tip and WSL-based Windows support
* fix: address PR review feedback for deploy-cli.sh
- Replace sort -V with Python-native version check (macOS BSD compat)
- Bump Python requirement from >=3.10 to >=3.12 (match pyproject.toml)
- Detect current directory as project root (avoid nested clone)
- Handle existing non-git directory explicitly
- Add curl dependency check
- Support ASTRBOT_REPO and ASTRBOT_DIR env vars for forks/mirrors
- Update cli.md version description to match
* feat: add Windows PowerShell deploy script and update docs
- Add deploy-cli.ps1 for Windows native environment (PowerShell 7+)
- Update cli.md to document Windows one-liner deployment
- Add local script execution instructions for both bash and ps1
* refactor: standardize log messages and improve clarity in various modules
Co-authored-by: Copilot <copilot@github.com>
* docs: 移除一行命令快速部署部分,简化安装说明
* feat: 添加脚本以复制部署 CLI 文件并更新构建命令
* refactor: 更新日志消息以提高可读性,统一英文提示信息
---------
Co-authored-by: Soulter <905617992@qq.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
PR #7202 added empty-assistant filtering in `_query` so strict
providers (Moonshot, etc.) wouldn't 400 on history with blank
assistant entries. The streaming sibling `_query_stream` was
never updated, so DeepSeek Reasoner — which returns reasoning only
during tool calls, leaving serialized content as `""` — blew up with
`Invalid assistant message: content or tool_calls must be set` on
the next turn.
Hoisted the filter into a `_sanitize_assistant_messages` helper and
called it from both paths. Also widened the empty check to cover
`content == []`, which the original filter missed and which shows up
with providers that emit content as a list of parts.
* feat: add Firecrawl web search and extract tools, update configuration and tests
* feat: implement Firecrawl API integration and error handling in web search tools
* feat: enhance Firecrawl web search with session management and payload validation
* feat: Firecrawl web search to use aiohttp.ClientSession directly for improved session management as it was
* feat: update Firecrawl search to handle grouped web data response and add corresponding tests
* feat: refactor Firecrawl web search to use aiohttp.ClientSession for improved error handling and session management
* feat: remove unused coercion function and update Firecrawl search to use default limit in payload
* feat: add inline message editing and regeneration functionality for webui
- Implemented inline editing for user messages in the chat component.
- Added a regenerate menu for retrying messages with different models.
- Enhanced message handling to include llm_checkpoint_id for better tracking.
- Updated localization files to include new actions for retrying and model selection.
- Introduced tests for checkpoint message handling and chat route functionality.
* feat: thread mode in webui
* feat: enhance message editing functionality to allow only the latest user message to be edited
* feat: add error handling and user feedback for thread creation in chat component
* feat: add thread count display and localization support in chat component
* feat: add RefsSidebar component and integrate reference management in chat UI
* feat: improve message editing validation and cleanup for bot messages
* feat: enhance checkpoint message handling with binding and dumping functionality
* feat: update FileReadTool description to mention image and PDF support
Add explicit mention of image (OCR) and PDF (text extraction) support
to the FileReadTool description for better discoverability.
* feat: update FileReadTool description to include support for docx and epub files; change base64 decoding to utf-8
* feat: enhance ToolLoopAgentRunner to support image and audio modalities; add context sanitization logic
* feat: add EPUB parsing support for knowledge base and file reader
* feat: update supported file formats for document upload in knowledge base
* feat: enhance EPUB parser to support spine order and generic containers
* makeitdown parse epub
* update parser
* fix
* feat: implement FTS5 support in DocumentStorage and SparseRetriever with tokenizer enhancements
* feat: optimize FTS row handling in DocumentStorage and update query tokenization in SparseRetriever