* feat: add inline message editing and regeneration functionality for webui
- Implemented inline editing for user messages in the chat component.
- Added a regenerate menu for retrying messages with different models.
- Enhanced message handling to include llm_checkpoint_id for better tracking.
- Updated localization files to include new actions for retrying and model selection.
- Introduced tests for checkpoint message handling and chat route functionality.
* feat: thread mode in webui
* feat: enhance message editing functionality to allow only the latest user message to be edited
* feat: add error handling and user feedback for thread creation in chat component
* feat: add thread count display and localization support in chat component
* feat: add RefsSidebar component and integrate reference management in chat UI
* feat: improve message editing validation and cleanup for bot messages
* feat: enhance checkpoint message handling with binding and dumping functionality
# Conflicts:
# astrbot/core/agent/message.py
# astrbot/core/agent/runners/tool_loop_agent_runner.py
# astrbot/core/astr_main_agent.py
# astrbot/core/db/sqlite.py
# astrbot/core/pipeline/process_stage/method/agent_sub_stages/internal.py
# astrbot/core/platform/sources/webchat/webchat_adapter.py
# astrbot/dashboard/routes/chat.py
# astrbot/dashboard/routes/live_chat.py
# dashboard/src/components/chat/Chat.vue
# dashboard/src/components/chat/ChatInput.vue
# dashboard/src/components/chat/ChatMessageList.vue
# dashboard/src/components/chat/ProviderModelMenu.vue
# dashboard/src/components/shared/StyledMenu.vue
# dashboard/src/composables/useMessages.ts
# dashboard/src/i18n/locales/ru-RU/features/chat.json
- clearStaged({ revokeUrls: false }) to preserve blob URLs during send
- File type icon helpers (fileTypeStyles, fileExtension, filePresentation)
- CSS transitions for input container and textarea
- File dedup via SHA-256 signature in useMediaHandling
- Replace LocalShellComponent's one-shot subprocess.run() with a
PersistentShellSession that wraps a long-running bash process per UMO.
cd/export/source now persist naturally within a conversation.
- Support background task execution via nohup.
- Remove unused ToolSessionManager / ToolSessionState (dead code,
never wired to any consumer).
- Fix performance benchmark: separate throughput and memory measurement
so tracemalloc doesn't distort timing (was 7x slower).
- Optimize bool validation in CommandFilter with frozenset + isinstance
short-circuit.
* fix(core): security fix - restrict send_message_to_user to current session only
Closes#7822
SECURITY: Remove the user-controlled 'session' parameter from the
send_message_to_user tool. Previously, a regular user could ask the
LLM to send messages to any arbitrary session (group chat) by
providing a crafted session string, which is a high-risk
vulnerability.
Changes:
- Remove 'session' parameter from tool schema (LLM can no longer
propose it)
- Always use context.context.event.unified_msg_origin as the target
session
- Update description to clearly state that messages can only be sent
to the current user's session
* fix: restore session param but restrict to admin only
- Re-add the parameter removed in the original PR
- Non-admin users can only send to their own session (current_session)
- Admin users can send to any session via the param
- Uses from computer_tools.util (same pattern as fs.py)
- Ref: https://github.com/AstrBotDevs/AstrBot/issues/7822
Co-authored-by: Soulter <soulter@astrbot.app>
* Update message_tools.py
---------
Co-authored-by: AstrBot <bot@astrbot.app>
* feat(shell): add background command execution with output redirection and timeout support
* feat(shell): update timeout parameter to be optional in shell execution methods
* feat(shell): set default timeout for shell execution to 10,000,000 milliseconds
* feat(shell): set default timeout to 300s for shell execution
* feat(shell): reorder timeout parameter in ExecuteShellTool configuration
* feat(shell): implement background command execution with detached shell command support
Co-authored-by: Copilot <copilot@github.com>
* test(shell): remove obsolete test for background shell command output redirection
* fix: reorder import statements in shell.py for consistency
* fix: wrap command in parentheses for background output redirection
---------
Co-authored-by: Copilot <copilot@github.com>
* feat: add one-line deploy script (deploy-cli.sh) and update cli.md
- Add docs/scripts/deploy-cli.sh for one-command deployment (Linux/macOS/WSL)
- Update docs/zh/deploy/astrbot/cli.md to reference local script
- Replace non-existent https://astrbot.app/deploy.sh with raw.githubusercontent.com URL
- Add local run tip and WSL-based Windows support
* fix: address PR review feedback for deploy-cli.sh
- Replace sort -V with Python-native version check (macOS BSD compat)
- Bump Python requirement from >=3.10 to >=3.12 (match pyproject.toml)
- Detect current directory as project root (avoid nested clone)
- Handle existing non-git directory explicitly
- Add curl dependency check
- Support ASTRBOT_REPO and ASTRBOT_DIR env vars for forks/mirrors
- Update cli.md version description to match
* feat: add Windows PowerShell deploy script and update docs
- Add deploy-cli.ps1 for Windows native environment (PowerShell 7+)
- Update cli.md to document Windows one-liner deployment
- Add local script execution instructions for both bash and ps1
* refactor: standardize log messages and improve clarity in various modules
Co-authored-by: Copilot <copilot@github.com>
* docs: 移除一行命令快速部署部分,简化安装说明
* feat: 添加脚本以复制部署 CLI 文件并更新构建命令
* refactor: 更新日志消息以提高可读性,统一英文提示信息
---------
Co-authored-by: Soulter <905617992@qq.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com>
* fix(dashboard): add tooltip for truncated command/tool descriptions in WebUI
- CommandTable.vue: add :title binding to description div
- ToolTable.vue: add :title binding to description and origin_name divs
Fixes#7583 - Webui中超出显示长度的指令描述无法以任何方式看到
* docs: add pre-commit setup guide to AGENTS.md
Extract the pre-commit and ruff setup instructions from README.md
into AGENTS.md so AI agents have a complete reference for
setting up the development environment.
---------
Co-authored-by: AstrBot Fixer <astrbot@fix-bot.local>
Co-authored-by: AstrBot Fixer <astrbot-fixer@users.noreply.github.com>
* fix: restore T2I text template rendering
- keep using {{ text | safe }} instead of text_base64
- inject Shiki runtime by default for T2I templates
- update built-in templates to read markdown from a hidden textarea
- improve WebUI preview sample text and Shiki runtime serving
- add regression tests for template rendering and runtime injection
* fix: prevent injected Shiki runtime from breaking T2I templates
* fix(t2i): restore raw text template rendering
* test(t2i): remove test
* fix(t2i): restore previewText
* fix(stats): TPM now only counts output tokens
- Add range_total_output_tokens accumulation, separate from total tokens
- Change range_avg_tpm formula to use output tokens only
- Update i18n labels to reflect Output TPM
* fix(stats): range
* fix: update reasoning_content handling to support empty string values
* fix: add reasoning_content field for DeepSeek v4 models in assistant messages
PR #7202 added empty-assistant filtering in `_query` so strict
providers (Moonshot, etc.) wouldn't 400 on history with blank
assistant entries. The streaming sibling `_query_stream` was
never updated, so DeepSeek Reasoner — which returns reasoning only
during tool calls, leaving serialized content as `""` — blew up with
`Invalid assistant message: content or tool_calls must be set` on
the next turn.
Hoisted the filter into a `_sanitize_assistant_messages` helper and
called it from both paths. Also widened the empty check to cover
`content == []`, which the original filter missed and which shows up
with providers that emit content as a list of parts.
* feat: add Firecrawl web search and extract tools, update configuration and tests
* feat: implement Firecrawl API integration and error handling in web search tools
* feat: enhance Firecrawl web search with session management and payload validation
* feat: Firecrawl web search to use aiohttp.ClientSession directly for improved session management as it was
* feat: update Firecrawl search to handle grouped web data response and add corresponding tests
* feat: refactor Firecrawl web search to use aiohttp.ClientSession for improved error handling and session management
* feat: remove unused coercion function and update Firecrawl search to use default limit in payload