Commit Graph

4787 Commits

Author SHA1 Message Date
LIghtJUNction
90d565f4c7 fix(dashboard): remove stray closing div in InstalledPluginsTab 2026-03-29 15:51:09 +08:00
LIghtJUNction
7b22e56252 security: remove legacy SHA256/MD5 password verification and fix API key logging
- Remove insecure SHA256/MD5 password hash verification from cmd_conf.py
  (rejection logic for storing legacy hashes is preserved)
- Remove API key logging from gemini_source.py, openai_source.py
- Remove header logging (contains Authorization header) from volcengine_tts.py

CodeQL issues fixed:
- Broken cryptographic hash (SHA256/MD5 for passwords)
- Clear-text logging of sensitive information (API keys)
2026-03-29 15:48:38 +08:00
LIghtJUNction
2b70c29ea4 chore: bump version to 4.25.0 2026-03-29 15:46:11 +08:00
LIghtJUNction
5ea790d045 chore: misc fixes and new test files
- fix(openai_source): remove dead code comment
- fix(common.ts): use resolveApiUrl helper for live-log endpoint
- style(mdi-subset): clean up icon CSS
- feat: add translation check script and unit tests
2026-03-29 15:40:58 +08:00
LIghtJUNction
610370f3e8 i18n(dashboard): update translation files
Update ru-RU, zh-CN and en-US locale files for various features.
2026-03-29 15:40:58 +08:00
LIghtJUNction
d84565f21b feat(dashboard): switch to BlueBusiness theme
Replace PurpleTheme with BlueBusiness theme for improved visual design.
Includes new light and dark theme definitions.
2026-03-29 15:40:57 +08:00
LIghtJUNction
eca534f6d4 feat(core): add ToolSessionManager for stateful tool execution
Introduce session-level state management for tools that need to maintain
state across conversation turns within the same session (UMO).

- Add ToolSessionManager class for central per-(UMO, tool_name) state
- Add ToolSessionState with set_persistent(key) support
- Add is_stateful flag to FunctionTool base class
- Wire session_manager through run_context in all agent runners
- Update ExecuteShellTool to use framework session manager
- Update CLAUDE.md with stateful tool documentation

BREAKING: Tools that were manually managing session state via _sessions
dict should migrate to use the framework's ToolSessionManager for proper
lifecycle management and persistence support.
2026-03-29 15:40:57 +08:00
LIghtJUNction
64bc582879 fix(dashboard): wrap VWindowItem in VWindow to fix Vuetify 4 injection error
VWindowItem requires a VWindow parent for group context injection.
Without it, Vuetify 4 throws:
  "Could not find useGroup injection with symbol vuetify:v-window"

Changes:
- ExtensionPage.vue: wrap all tab content in v-window v-model="activeTab"
- InstalledPluginsTab.vue: remove v-window-item root wrapper
- MarketPluginsTab.vue: remove v-window-item root wrapper
2026-03-28 16:34:07 +08:00
LIghtJUNction
f000a21c01 fix(dashboard): suppress known Vuetify 4 internal slot invocation warning
Vuetify 4's VDefaultsProvider triggers "Slot default invoked outside of
render function" internally - not fixable from our side without framework
changes. Suppress via Vue warnHandler.
2026-03-28 16:20:23 +08:00
LIghtJUNction
495ca70ec5 fix(dashboard): replace remaining dense prop with density="compact"
Vuetify 4 deprecates `dense` prop on v-row and form fields.
2026-03-28 15:31:25 +08:00
LIghtJUNction
84c88db712 fix(dashboard): fix extraneous @update event listener in PlatformPage
@update was passed to AddNewPlatform but the component only emits
update:show, causing Vue warning about unrecognized event.
2026-03-28 15:27:54 +08:00
LIghtJUNction
b70aa517c8 fix(dashboard): pin pinia to 3.0.0 to avoid regression in 3.0.1+
Pinia 3.0.1-3.0.4 introduced a bug where devtoolsPlugin receives
undefined options when createOptionsStore is called, causing
"Cannot destructure property 'state' of 'options' as it is undefined"
on page load. Downgrade to 3.0.0 which is stable.
2026-03-28 14:43:29 +08:00
LIghtJUNction
d927f01da0 fix(dashboard): Vuetify 4 compatibility fixes
- Replace deprecated v-chip-text with span (PersonaForm)
- Replace deprecated v-tab-item with v-window-item (ExtensionPage, InstalledPluginsTab, MarketPluginsTab)
- Replace deprecated v-row dense with density="compact" (SessionManagementPage, InstalledPluginsTab)
- Add missing hasUnsavedChanges field to ConfigPage data()
- Add missing i18n key editPersona (en-US, zh-CN)

Fixes multiple Vue warnings about failed component resolution and deprecated Vuetify props.
2026-03-28 14:12:36 +08:00
LIghtJUNction
c823fcd3ae chore(dashboard): add d3 dependency and postinstall patch script 2026-03-28 13:09:12 +08:00
LIghtJUNction
bae7ec410c fix(dashboard): patch bundled DOMPurify to fix XSS vulnerability
monaco-editor@0.55.1 hardcodes dompurify@3.2.7 (vulnerable to SAFE_FOR_XML
bypass via rawtext elements). Added postinstall script that downloads the
patched 3.3.3 source and replaces the bundled file in node_modules.

Also keeps dompurify override at 3.3.2 for the npm package.
2026-03-28 12:40:02 +08:00
LIghtJUNction
7a6cea3da1 fix(dashboard): remove Authorization header and withCredentials from SSE connections
SSE connections to /api/live-log are same-origin (VITE_API_BASE is empty
in production, resolves to relative /api path). The Authorization header
and withCredentials:true triggered CORS preflight (OPTIONS) requests,
but the SSE route only handles GET, causing the preflight to fail.
2026-03-28 12:27:52 +08:00
LIghtJUNction
1faeee3732 merge: pull latest master into dev
Resolved conflicts:
- openai_source.py: keep dev version with abort_signal filtering
- customizer.ts: keep dev version with viewMode functionality
- useSessions.ts: keep dev version with pendingSessionId handling
- platformUtils.js: keep dev version with correct tutorial links
- AddNewPlatform.vue: keep dev version with correct docs link
- FullLayout.vue: keep dev version with viewMode-based logic
- VerticalHeader.vue: keep dev version with viewMode-based logic
2026-03-28 12:14:10 +08:00
LIghtJUNction
bc01532e59 fix(provider): filter abort_signal from payloads to avoid JSON serialize error
`abort_signal` (asyncio.Event) is passed via **kwargs into payloads during
tool_call streaming, causing "Object of type Event is not JSON serializable"
when the OpenAI client tries to serialize the request body.

Regression test added: test_prepare_chat_payload_strips_non_json_serializable_kwargs
2026-03-28 01:15:21 +08:00
LIghtJUNction
335daa03c4 Merge branch 'Sjshi763/issue4409' into dev
Feature: persona export/import support (#4409)

Conflicts resolved:
- dashboard/src/i18n/locales/en-US/features/persona.json: merged buttons (clone, addDialogPair, import)
- dashboard/src/i18n/locales/zh-CN/features/persona.json: merged buttons (clone, addDialogPair, import)
- dashboard/src/views/persona/PersonaCard.vue: merged emits (clone + export both preserved)
- dashboard/src/views/persona/PersonaManager.vue: merged template (import toolbar button + clone handler), merged methods (importPersona + clonePersona both mapped)

Also adds export error i18n key for both zh-CN and en-US locales.
2026-03-27 23:41:16 +08:00
LIghtJUNction
b4512f26e6 feat(openspec): add abp-plugin-loader change for remaining ABP tasks 2026-03-27 22:25:41 +08:00
LIghtJUNction
0c194576c4 fix: 修复 tool_call.function 类型错误和合并冲突
- tool.py: 重构 openai_schema 避免 dict[str, str] 类型推断问题
- openai_source.py: 使用 getattr 安全访问 tool_call.function
- 解决 origin/dev 中的合并冲突
2026-03-27 20:45:35 +08:00
LIghtJUNction
14a1e37261 docs: 更新 openspec 规范文档
- 添加实现状态表格
- 更新配置规范
- 添加新的协议规范
2026-03-27 19:10:49 +08:00
LIghtJUNction
18bc37aaae chore(dashboard): 将 views 目录剩余 :deep() 迁移到 ::v-deep() 2026-03-27 19:10:42 +08:00
LIghtJUNction
a8045851c4 fix(dashboard): 小修复和安全改进
- ProviderSourcesPanel 添加可选链 item.raw?.icon
- ChangelogDialog 和 useProviderSources 的 console.error 改为 console.warn
2026-03-27 19:10:26 +08:00
LIghtJUNction
20bd0c22b1 chore(dashboard): 将剩余 :deep() 迁移到 ::v-deep() 2026-03-27 19:10:17 +08:00
LIghtJUNction
47fc35fd6f chore(dashboard): 将剩余 :deep() 迁移到 ::v-deep() 2026-03-27 19:10:01 +08:00
LIghtJUNction
60e20f0084 style(rust): 格式化调整 2026-03-27 19:09:41 +08:00
LIghtJUNction
eb7f3fec71 chore(dashboard): 更新 MDI 图标子集 (248 → 249 icons)
添加 mdi-share-variant 图标
2026-03-27 19:09:34 +08:00
LIghtJUNction
243ecaaf1b fix(dashboard): 优先使用 localStorage 中的 apiBaseUrl 2026-03-27 19:09:27 +08:00
LIghtJUNction
0497b5fbb9 fix(dashboard): 迁移 router.beforeEach 到 Vue Router 4 返回值写法 2026-03-27 19:09:22 +08:00
LIghtJUNction
b25342303f fix(dashboard): 迁移 Vue Router navigation guard 到返回值的写法
Vue Router 4 已弃用 next() 回调,改为直接返回值
2026-03-27 19:09:17 +08:00
LIghtJUNction
0301511b1c fix(dashboard): 添加组件卸载后防止操作 DOM 的保护
- ConsoleDisplayer 添加 isUnmounted 标志
- ReadmeDialog 添加 btn.parentNode null 检查
2026-03-27 19:09:08 +08:00
LIghtJUNction
724e495ea9 i18n: 添加 updateAvailable 和 expiryOptions 翻译 2026-03-27 19:08:55 +08:00
LIghtJUNction
2b5f10e3cf chore(dashboard): 将剩余 :deep() 迁移到 ::v-deep() 2026-03-27 19:08:47 +08:00
LIghtJUNction
62ec9c3004 fix(dashboard): MessageList 组件卸载后防止操作 DOM
- 添加 isUnmounted 标志
- 在  和生命周期钩子中检查该标志
2026-03-27 19:08:43 +08:00
LIghtJUNction
d7d2c9be17 chore(dashboard): 将 :deep() 迁移到 ::v-deep() 2026-03-27 19:08:34 +08:00
LIghtJUNction
0f8a1910d0 fix(dashboard): 组件卸载时关闭 SSE EventSource
- VerticalHeader 添加 onBeforeUnmount 钩子
- common store 添加 isUnmounted 标志防止卸载后继续重连
2026-03-27 19:08:29 +08:00
LIghtJUNction
2c2ad31d03 chore(dashboard): 将 Sass @import 迁移到 @use
Dart Sass 3.0.0 将移除 @import,迁移到 @use 以消除弃用警告
2026-03-27 19:08:05 +08:00
LIghtJUNction
390544e340 fix(dashboard): 重构 common store 为 Composition API 风格
- Options API → Composition API (ref 替代 state)
- 增加 isUnmounted 防止组件卸载后继续创建 SSE 连接
- 增加 TypeScript 类型注解
2026-03-27 19:07:44 +08:00
LIghtJUNction
6171abf02e fix(dashboard): 修复 customizer store 调用方式和 theme API
- 静态导入 useCustomizerStore 替代动态导入
- useApiStore() 不再传入 pinia 实例
- 使用 theme.change() 替代 deprecated 的 theme.global.name.value
2026-03-27 19:07:38 +08:00
LIghtJUNction
2a5e55641d feat(abp): initial ABP protocol implementation
- Add ABP (AstrBot Plugin) protocol Python package (astrbot/core/plugin/)
  - PluginManager for plugin lifecycle management
  - PluginClient for out-of-process plugin communication
  - Transport layer (Stdio, Unix Socket, HTTP)
  - Data models and constants
- Add ABP error codes to Rust error.rs (-32700 to -32211)
- Fix Rust server.rs compilation issues
  - Fix UNIX_EPOODY typo
  - Fix mutable borrow issues
  - Fix API response type mismatches
- Update _core.pyi type stubs with ABP types
- Add openspec change archive for ABP protocol implementation
2026-03-27 18:07:09 +08:00
Haoyuan Li
55ed0289c2 feat(weixin_oc): Add "typing" ("对方正在输入...") state control for weixin_oc plateform (#6977)
* feat: Add "typing" state control for weixin_oc plateform

* fix: avoid typing state mutation during cleanup

* fix: preserve typing error tracebacks in logs

* refactor: simplify typing task cancellation flow

* chore: remove tests

* fix: remove unnecessary platform check for stopping typing

---------

Co-authored-by: Soulter <905617992@qq.com>
2026-03-27 15:54:41 +08:00
Soulter
777b831691 fix(weixin_oc): add error handling and retry logic for inbound updates polling (#7041)
fixes: #7022
2026-03-27 15:36:31 +08:00
一袋米要扛幾樓
383df74e34 fix(chatui): refactor routing and layout to drive UI mode from URL and scope state to sessionStorage (#6535)
* 移除所有使用 localStorage 的路由,改为使用 sessionStorage

* 增加修正

* 增加修正

* 增加修正

* 增加修正

* 增加修正

* 回退修正 就這樣吧

* 小修正
2026-03-27 14:01:18 +08:00
silwings1986
26627887d1 fix(wecom): fallback to message API when kf returns 40096 (#7012)
* fix(wecom): fallback to regular message API when kf API returns 40096

When sending WeCom messages via kf/send_msg, if the API returns error
40096 (invalid external userid), fall back to the regular message/send
API. This handles internal employees who don't have external userids.

Fixes the issue where internal WeCom users (e.g. WangCong) would cause
kf API to fail with 'invalid external userid' error.

* fix(wecom): improve error handling for kf API fallback to regular message API

---------

Co-authored-by: Soulter <905617992@qq.com>
2026-03-27 11:34:18 +08:00
sanyekana
a5e86c8b94 fix(telegram): preserve attachment captions (#7020)
* fix(telegram): preserve attachment captions

* Update astrbot/core/platform/sources/telegram/tg_adapter.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-03-27 11:29:03 +08:00
Izayoi9
af6f9cfc5e fix: 使用 removesuffix 替代 rstrip 修复 URL 字符误删问题 (#7026)
之前在 #6863 中我提交的修复使用了 rstrip() 来移除末尾的 /embeddings,
但 rstrip() 是字符集操作,会误删 URL 末尾属于该字符集的字符。

例如 siliconflow.cn 的末尾 n 会被误删,导致 URL 变成 siliconflow.c

改用 removesuffix() 可以正确处理这种情况,只在字符串以指定后缀结尾时才移除。

closes #7025
2026-03-27 11:24:06 +08:00
SJ
8986d05309 fix(dashboard): update aiocqhttp tutorial links (#7038)
Co-authored-by: idiotsj <idiotsj@users.noreply.github.com>
2026-03-27 11:16:21 +08:00
Soulter
045be7943d revert: "fix(provider): restore parameter transparency in core LLM provider ad…" (#7023)
This reverts commit 1ad7e10c0f.
2026-03-27 01:58:04 +08:00
LIghtJUNction
9db179075f chore: 添加 MDI 字体到 gitignore 并更新 agent-message 规范 2026-03-27 00:27:09 +08:00