* refactor: migrate to fastapi
* structure refactor
* fix: pyright fix
* refactor: improve error handling and public messages in plugin services
* feat(api): refactor API client integration and enhance request handling
- Updated API client configuration to use a dedicated HTTP client.
- Introduced utility functions for generating options, queries, and form data for API requests.
- Refactored multiple API methods to utilize the new utility functions for improved consistency and readability.
- Renamed types for clarity and updated import statements accordingly.
feat(docs): add script to update OpenAPI JSON from YAML spec
- Created a Python script to convert OpenAPI YAML specification to JSON format.
- The script supports customizable input and output paths.
- Ensured the script handles directory creation for output paths and validates the YAML structure.
* fix
* feat(auth): implement rate limiting for v1 login endpoint and enhance request handling
* Refactor dashboard API routers to use legacy_router for backward compatibility
- Changed all instances of dashboard_router to legacy_router across multiple API modules including platform, plugins, providers, sessions, skills, stats, subagents, t2i, tools, updates, and asgi_runtime.
- Updated route definitions to ensure existing endpoints remain functional under the new router structure.
- Introduced support for Quart request context in asgi_runtime to enhance compatibility with existing Quart-based plugins.
- Added a test case to validate the functionality of the new Quart request context handling in plugin extensions.
* chore: remove cli test
* fix: update dashboard tests for fastapi migration
* chore: satisfy ruff checks
* fix: update openapi api key scopes
* fix: sync config scope chip selection
* fix: restore quart dependency
* docs: clarify quart plugin api compatibility
* docs: update openapi scope documentation
* fix: use singular skill openapi scope
* fix: hide update service exception details
* fix: address fastapi review comments
* fix: address dashboard review findings
* docs: revert unrelated package deployment changes
* docs: update agent api generation guidance
* feat: add plugin page web api helpers
* docs: add plugin page bridge demo
* fix: type plugin upload files
* fix: stabilize plugin page uploads
* fix: type plugin web request proxy
* docs: remove plugin page docs example
* fix: authenticate plugin page SSE bridge
* fix: unify media reference handling
* fix: accept bare base64 record media refs
* chore: update agents.md
* fix: unify file URI handling across media components and utilities
* fix: unify media reference type handling with MediaRefStr alias
* Potential fix for pull request finding 'CodeQL / Incomplete URL substring sanitization'
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* Update astrbot/core/platform/sources/discord/discord_platform_adapter.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* fix: unify media handling and improve base64 decoding across components
* fix: simplify client_kwargs type definition and enhance media message handling in platform adapter
* fix: unify media utility documentation and enhance function descriptions
* perf: drop "pilk" requirement, improve audio outbound for tencent-related IM apps which using silk
* fix: unify Tencent Silk audio handling and enhance media resolver functionality
---
- Centralize media reference materialization and base64 resolution for local paths, http(s), base64://, data URIs, and legacy bare base64 payloads.
- Normalize incoming Record audio to wav and Image media to temporary jpg during preprocess, with event-scoped cleanup.
- Reuse the shared media resolver across OpenAI, Gemini, Anthropic, MiMo, DeerFlow, STT, and platform media paths while sanitizing logs and cleaning temporary conversion outputs.
- Ensure generated TTS audio is tracked for cleanup after the event finishes.
fix#8676fix#8543fix#7588fix#7580fix#8030fix#8034fix#7461fix#7565fix#6509fix#7144fix#7795
---------
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* feat(plugin): pass theme through plugin page asset URLs and initial context
Add theme query parameter propagation through the plugin page asset pipeline
so that the bridge SDK initial context includes isDark.
* feat(plugin): inject data-theme and color-scheme into plugin page HTML
Set data-theme on <html> and add color-scheme meta tag server-side
to prevent flash when entering plugin pages in dark mode.
* feat(webui): add isDark getter to customizer store
* feat(webui): sync theme to plugin iframe via URL param and postMessage
Append theme query parameter to iframe src URL and include isDark
in the postMessage context. Watch uiTheme changes to re-send context.
* feat(bridge): auto-apply data-theme from context in plugin bridge SDK
Set data-theme attribute on document.documentElement when context
includes isDark, enabling live theme switching via postMessage.
* docs: add light/dark theme adaptation guide for plugin pages
Add theme adaptation section to existing plugin-pages docs in both
Chinese and English, covering CSS variables and onContext() usage.
* test: add theme sync tests for plugin page bridge and content
Verify isDark in bridge SDK initial context with various theme params,
and verify data-theme and color-scheme injection in rewritten HTML.
* fix(plugin): use case-insensitive regex for head tag in HTML rewrite
Replace string match for <head> with case-insensitive regex to handle
uppercase tags and tags with attributes, preventing duplicate injection
of color-scheme meta tag.
* refactor(webui): generalize isDark getter to support any dark theme
Replace hardcoded PurpleThemeDark check with suffix-based detection
so all dark theme variants are recognized automatically.
* refactor(plugin): extract theme helpers for HTML rewriting
Extract _get_request_theme and _apply_theme_to_html to eliminate
duplicate theme-parsing logic and isolate HTML mutation. Use case-
insensitive regex for head tag detection to prevent duplicate
injection when tags use mixed casing.
* style: apply ruff formatting to plugin page tests
Wrap long function call lines for consistency with project style.
* fix(plugin): handle existing data-theme and case-sensitive fallback in HTML rewrite
Strip any existing data-theme attribute before adding the new one to
prevent duplicate attributes. Use case-insensitive regex for the
<head> fallback insertion to avoid corrupting <html> tag attributes.
* fix(webui): add null guard to isDark getter
Guard against undefined uiTheme to prevent TypeError when the
theme config has not been initialized.
* fix(webui): centralize theme mapping and preserve hash in plugin page URL
Extract themeParam computed to avoid drift between URL and context.
Include hash fragment in iframe URL to support SPA hash routing.
* fix(webui): address CR feedback - deduplicate color-scheme meta, harden isDark getter, consolidate theme source
- _apply_theme_to_html: strip existing color-scheme meta before injecting to
avoid duplicates; merge data-theme strip+add into single-pass regex callback
- customizer.ts: replace brittle endsWith('Dark') with explicit theme name check
- _rewrite_plugin_page_html: use _get_request_theme() directly instead of
reading theme from extra_query_params
* fix(webui): 简化 isDark 推导、优化查询参数构建、使用暗色主题集合
- isDark 推导简化为 theme == "dark"(None == "dark" 为 False,去掉多余三元表达式)
- _prepare_plugin_page_query_params 改为线性构建,先计算再构建字典
- isDark getter 改用显式 DARK_THEMES Set,替代硬编码单值比较
---------
Co-authored-by: lxfight <lxfight@192.168.5.50>
* fix(context): restore turn cap, serialize content parts and tool calls for llm compress, fix AftCompact debug log
Three context-compaction regression fixes after #8226:
1. Restore max_context_length -> enforce_max_turns propagation so
normal turn-based truncation works again.
2. Serialize ContentPart and ToolCall objects into plain dicts in
_message_to_dict so llm_compress no longer fails with JSON
serialization errors.
3. Print _provider_messages (compacted) instead of run_context.messages
(unchanged) in AftCompact debug log; truncate long role lists to
first4,...,last4 to avoid log spam.
Assertions in tests are also hardened to avoid coupling to exact prompt
wording.
* fix(tool_loop_agent_runner): simplify context handling by removing redundant provider messages
* fix(tool_loop_agent_runner): rename context manager variables for clarity
* fix: update context compression to use recent token ratio instead of fixed count
* fix: enhance LLMSummaryCompressor to sanitize contexts and improve message handling
* ruff format
---------
Co-authored-by: Soulter <905617992@qq.com>
* fix(ltm): prevent wake commands from being recorded as group chat context
* test: fix mock event get_extra return value in group context wiring tests
* test: strengthen group context mock and add slash-command skip test
* feat: add TOTP two-factor authentication for dashboard login
* fix: ensure TOTP verification uses UTC for accurate time comparison
* fix: update recovery code validation logic for disabling TOTP
* test: add unit tests for TOTP functionality and recovery code validation
* chore: format
* feat: add trust_proxy_headers switch for auth rate-limit IP source
* feat: make dashboard auth rate-limit configurable via system settings
Add auth_rate_limit config block to dashboard settings with enable
(default: true), average_interval (default: 1.0s), and max_burst
(default: 3) options. The dashboard auth middleware now reads from
config instead of using hardcoded values. The average_interval and
max_burst fields are conditionally shown only when rate limiting is
enabled.
* fix: normalize dashboard client IP from trusted proxy headers
* refactor: encapsulate rate limiter state into registry, add TTL
* feat: show dynamic page title during two-factor verification
* fix: require two-factor verification for protected config saves
* chore: format
* refactor: reorganize TOTP verification UI components for better layout
* refactor: clean up recovery stage UI by removing unused styles and improving label handling
* docs: add TOTP two-factor authentication documentation for WebUI
---------
Co-authored-by: Soulter <905617992@qq.com>
* fix: improve template list config handling
* feat(webui): show template list display item
* feat(webui): allow hiding template list hints
* docs: document template list metadata fields
* fix: support file fields in template list configs
* refactor(ltm): redesign long-term memory with context compaction
- Add raw_records / contexts / summaries data model per group
- Add LLM summary compaction strategy alongside truncation
- Add turn-based (_split_into_rounds) granularity
- Add image caption integration into LTM history
- Add tool_call / tool_result persistence into raw_records
- Add active reply support driven by LTM state
- Improve summary injection prefix with system note and delimiters
- Add info-level logging for summary compaction lifecycle
- Clarify default summary prompt with explicit preserve/drop rules
- Add context_guard for history overflow protection in agent runner
- Add internal agent history compaction in agent_sub_stages
- Add comprehensive LTM unit tests and compaction test suites
* fix(ltm): handle malformed JSON in tool args and clean up lock on session removal
* fix(ltm): guard against duplicate system prompt note injection
* fix(ltm): fall back to user message when internal marker parsing fails
- Treat lines starting with <T:CALL>, <T:RES, or <BOT/ as regular user
messages when their respective parsers return None, instead of silently
dropping them. Defensive guard against malformed internal markers.
* fix(ltm): release session lock during LLM summary generation
* fix(ltm): trim raw_records in handle_message to prevent unbounded growth
* perf(ltm): use len(s) instead of len(s.encode()) in trim loop
Avoid allocating a new bytes object for every string when calculating
buffer size in _trim_raw_records. Character count is sufficient for
the approximate memory cap.
* feat(ltm): make user segment truncation limits configurable
* feat(ltm): pre-fill default LTM summary prompt in config and i18n
* refactor(ltm): hardcode internal segment/trim constants
* refactor(ltm): unify compaction strategy with main agent runner
* feat(ltm): add @mention weight marker for group chat messages
* test: fix test failures from LTM compaction unification
* chore(dashboard): remove obsolete LTM compaction i18n metadata
* chore: shrink codebase
* feat(group-chat): implement group chat context management and related functionality
---------
Co-authored-by: Tsukumi <112180165+Tsukumi233@users.noreply.github.com>
Co-authored-by: zenfun <zenfun510@gmail.com>
Co-authored-by: Soulter <905617992@qq.com>
* fix: plugin name in the marketplace does not match the local plugin
* chore: update test
* Update astrbot/dashboard/routes/plugin.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update astrbot/dashboard/routes/plugin.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update astrbot/dashboard/routes/plugin.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* chore: reformat code
* Clean up unused variables in useExtensionPage.js
Removed unused sets for installed repositories and names.
* fix: 统一repo匹配逻辑,移除fallback
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* feat(plugin): add pages field to plugin list API response
Include discovered page names for each plugin in the /api/plugin/get
response, so the frontend can determine whether a plugin has a WebUI
without an extra detail request.
* feat(webui): add direct WebUI access button on plugin cards
- Add "open-webui" button on plugin cards when plugin has pages
- Navigate to plugin's first page directly from the card
- Adjust PluginPagePage iframe height for better UX
- Add i18n labels (zh-CN/en-US/ru-RU)
* perf(plugin): use asyncio.gather for concurrent page discovery
Replace sequential await loop with concurrent processing to avoid
blocking on disk I/O when discovering plugin pages.
* fix(webui): disable open plugin UI button when plugin is deactivated
Prevent navigation to a disabled plugin's WebUI page which would
result in an error.
* test: update plugin API tests to match pages field in list response
- test_plugin_get_excludes_scanned_pages: expect pages field now present
- test_plugins: use name-based lookup instead of exact count assertion
---------
Co-authored-by: lxfight <lxfight@192.168.5.50>
* feat(lark): implement app registration and bot info retrieval
- Add app registration functionality for Lark and Feishu platforms, including endpoints and request handling.
- Introduce polling mechanism for app registration status.
- Create bot info retrieval functionality to fetch bot details after successful registration.
- Enhance dashboard with new UI components for one-click QR setup and manual setup options.
- Update internationalization files to support new features and actions.
- Add unit tests for app registration endpoint resolution and data handling.
* feat(weixin_oc): add WeChat login registration and QR code handling