* fix(context): restore turn cap, serialize content parts and tool calls for llm compress, fix AftCompact debug log
Three context-compaction regression fixes after #8226:
1. Restore max_context_length -> enforce_max_turns propagation so
normal turn-based truncation works again.
2. Serialize ContentPart and ToolCall objects into plain dicts in
_message_to_dict so llm_compress no longer fails with JSON
serialization errors.
3. Print _provider_messages (compacted) instead of run_context.messages
(unchanged) in AftCompact debug log; truncate long role lists to
first4,...,last4 to avoid log spam.
Assertions in tests are also hardened to avoid coupling to exact prompt
wording.
* fix(tool_loop_agent_runner): simplify context handling by removing redundant provider messages
* fix(tool_loop_agent_runner): rename context manager variables for clarity
* fix: update context compression to use recent token ratio instead of fixed count
* fix: enhance LLMSummaryCompressor to sanitize contexts and improve message handling
* ruff format
---------
Co-authored-by: Soulter <905617992@qq.com>
* feat: add TOTP two-factor authentication for dashboard login
* fix: ensure TOTP verification uses UTC for accurate time comparison
* fix: update recovery code validation logic for disabling TOTP
* test: add unit tests for TOTP functionality and recovery code validation
* chore: format
* feat: add trust_proxy_headers switch for auth rate-limit IP source
* feat: make dashboard auth rate-limit configurable via system settings
Add auth_rate_limit config block to dashboard settings with enable
(default: true), average_interval (default: 1.0s), and max_burst
(default: 3) options. The dashboard auth middleware now reads from
config instead of using hardcoded values. The average_interval and
max_burst fields are conditionally shown only when rate limiting is
enabled.
* fix: normalize dashboard client IP from trusted proxy headers
* refactor: encapsulate rate limiter state into registry, add TTL
* feat: show dynamic page title during two-factor verification
* fix: require two-factor verification for protected config saves
* chore: format
* refactor: reorganize TOTP verification UI components for better layout
* refactor: clean up recovery stage UI by removing unused styles and improving label handling
* docs: add TOTP two-factor authentication documentation for WebUI
---------
Co-authored-by: Soulter <905617992@qq.com>
* refactor(ltm): redesign long-term memory with context compaction
- Add raw_records / contexts / summaries data model per group
- Add LLM summary compaction strategy alongside truncation
- Add turn-based (_split_into_rounds) granularity
- Add image caption integration into LTM history
- Add tool_call / tool_result persistence into raw_records
- Add active reply support driven by LTM state
- Improve summary injection prefix with system note and delimiters
- Add info-level logging for summary compaction lifecycle
- Clarify default summary prompt with explicit preserve/drop rules
- Add context_guard for history overflow protection in agent runner
- Add internal agent history compaction in agent_sub_stages
- Add comprehensive LTM unit tests and compaction test suites
* fix(ltm): handle malformed JSON in tool args and clean up lock on session removal
* fix(ltm): guard against duplicate system prompt note injection
* fix(ltm): fall back to user message when internal marker parsing fails
- Treat lines starting with <T:CALL>, <T:RES, or <BOT/ as regular user
messages when their respective parsers return None, instead of silently
dropping them. Defensive guard against malformed internal markers.
* fix(ltm): release session lock during LLM summary generation
* fix(ltm): trim raw_records in handle_message to prevent unbounded growth
* perf(ltm): use len(s) instead of len(s.encode()) in trim loop
Avoid allocating a new bytes object for every string when calculating
buffer size in _trim_raw_records. Character count is sufficient for
the approximate memory cap.
* feat(ltm): make user segment truncation limits configurable
* feat(ltm): pre-fill default LTM summary prompt in config and i18n
* refactor(ltm): hardcode internal segment/trim constants
* refactor(ltm): unify compaction strategy with main agent runner
* feat(ltm): add @mention weight marker for group chat messages
* test: fix test failures from LTM compaction unification
* chore(dashboard): remove obsolete LTM compaction i18n metadata
* chore: shrink codebase
* feat(group-chat): implement group chat context management and related functionality
---------
Co-authored-by: Tsukumi <112180165+Tsukumi233@users.noreply.github.com>
Co-authored-by: zenfun <zenfun510@gmail.com>
Co-authored-by: Soulter <905617992@qq.com>
* feat(lark): implement app registration and bot info retrieval
- Add app registration functionality for Lark and Feishu platforms, including endpoints and request handling.
- Introduce polling mechanism for app registration status.
- Create bot info retrieval functionality to fetch bot details after successful registration.
- Enhance dashboard with new UI components for one-click QR setup and manual setup options.
- Update internationalization files to support new features and actions.
- Add unit tests for app registration endpoint resolution and data handling.
* feat(weixin_oc): add WeChat login registration and QR code handling
* fix(webui): enforce 12-char dashboard password policy with backend+frontend validation
* fix(i18n): update password policy hints and validation rules for improved security
* test: adapt dashboard auth fixtures for hashed default password
* fix(security): increase PBKDF2 iterations
* feat(auth): implement secure login challenge and proof verification
* chore: ruff format
* fix(auth): update md5 import syntax for consistency
* feat(dashboard): implement random password generation for empty dashboard password
* feat(auth): enforce plaintext password requirement for legacy MD5 hashes
* fix(i18n): update password hint texts to reflect auto-generated initial passwords
* feat(dashboard): implement password change requirement and reset logic
* feat(auth): implement account setup flow and password change requirements
* feat: Implement legacy password support and upgrade mechanism
- Added `hash_legacy_dashboard_password` function for MD5 hashing of passwords.
- Updated configuration handling to store both PBKDF2 and legacy password hashes.
- Introduced logic to check if password storage has been upgraded and if a password change is required.
- Modified dashboard authentication routes to handle legacy password checks and prompts for upgrades.
- Updated frontend to display warnings for legacy password storage and required upgrades.
- Enhanced tests to cover scenarios for legacy password handling and migration to new storage format.
* fix(logo): update text color styles to use CSS variables for consistency
* feat(dashboard): upgrade password storage and enforce change requirement
* fix(dashboard): update minimum password length from 12 to 10 characters
* fix(dashboard): update minimum password length from 10 to 8 characters
---------
Co-authored-by: RC-CHN <1051989940@qq.com>
The websearch_firecrawl_key config key was added in PR #7764 (Firecrawl
web search provider) but was missing from DEFAULT_CONFIG in default.py.
Because AstrBotConfig.check_config_integrity() removes keys that exist
in the user's cmd_config.json but are absent from DEFAULT_CONFIG, the
firecrawl API key is silently deleted on every container restart.
Fixes: unreported issue (config key removed on restart)
- New config item fallback_max_context_tokens (default 128k)
- When max_context_tokens is 0 and model not in LLM_METADATAS,
use fallback_max_context_tokens as the context window limit
- Unified global config under provider_settings, in truncate_and_compress section
- i18n: zh-CN, en-US, ru-RU
Co-authored-by: AstrBot <astrbot@container>
* feat: add PluginDetailPage component for detailed plugin information display
refactor: remove extension preference storage management and related tests
chore: clean up useExtensionPage by removing unused preference storage logic
* feat: add getHandlerDisplayName function for improved handler name display
* feat: add Firecrawl web search and extract tools, update configuration and tests
* feat: implement Firecrawl API integration and error handling in web search tools
* feat: enhance Firecrawl web search with session management and payload validation
* feat: Firecrawl web search to use aiohttp.ClientSession directly for improved session management as it was
* feat: update Firecrawl search to handle grouped web data response and add corresponding tests
* feat: refactor Firecrawl web search to use aiohttp.ClientSession for improved error handling and session management
* feat: remove unused coercion function and update Firecrawl search to use default limit in payload
* feat: add MiniMax Token Plan provider with hardcoded model list (fix#7585)
- Add new provider 'minimax_token_plan' for MiniMax Token Plan users
- Inherit ProviderAnthropic to reuse all chat/completion logic
- Hardcode api_base to https://api.minimaxi.com/anthropic
- get_models() returns hardcoded list: MiniMax-M2.7, M2.5, M2.1, M2
- Highspeed models excluded (require premium tier)
- Reason for hardcoding: Token Plan API does not expose /models endpoint
- Fixes: https://github.com/AstrBotDevs/AstrBot/issues/7585
* fix: remove api_base from config template and add model validation
- Remove api_base from default_config_tmpl (always overridden, misleading)
- Add model validation against MINIMAX_TOKEN_PLAN_MODELS
- Raise clear ValueError if user configures an unsupported model
Addressed Sourcery AI review comments.
* fix: use custom_headers for Bearer token auth instead of auth_header
MiniMax Token Plan requires Authorization: Bearer <token> header.
Use custom_headers to inject the correct auth header instead of
the non-functional auth_header key.
Addressed Gemini Code Assist review comment.
* fix: update MiniMax Token Plan provider adapter and documentation to English
* feat: add MiniMax Token Plan configuration and icon support
* feat: remove default configuration template from MiniMax Token Plan provider adapter
---------
Co-authored-by: Soulter <905617992@qq.com>
* feat(discord): add configurable bot message filtering
Add `discord_allow_bot_messages` config option to allow receiving
messages from other Discord bots. This is useful for bot-to-bot
communication scenarios like message forwarding between channels.
By default, bot messages are still ignored (backward compatible).
Usage: Set `discord_allow_bot_messages: true` in your Discord
platform configuration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(discord): add WebUI config for discord_allow_bot_messages
Add configuration option to the dashboard for the new
discord_allow_bot_messages feature. Users can now enable/disable
this option through the WebUI in all supported languages
(zh-CN, en-US, ru-RU).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(discord): use typed constructor argument for allow_bot_messages
Address code review feedback:
- Add `allow_bot_messages` as a typed constructor argument in DiscordBotClient
- Simplify the on_message check by using the instance attribute directly
- Pass the parameter in constructor instead of using setattr
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: MinaraAgent <minara-agent@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat:Brave Search API adapted
* Modified hint message
* Modified according to AI reviews
* chore: revert compose.yml changes
---------
Co-authored-by: Soulter <905617992@qq.com>
* feat: add Rerank API support for NVIDIA NIM
- Add Rerank API support for NVIDIA NIM
- Add related i18n support in en-US zh-CN
* chore: format code
* fix: replace illegal characters
Replace illegal characters when building request model path.
* fix: refactor client initialization method
* fix: enhance response parsing
* docs: add comment for model_path process
* docs: add russia translation
* feat: update AddNewProvider component to support current provider type and enhance provider icon mapping
---------
Co-authored-by: Soulter <905617992@qq.com>
* feat: add audio input support across providers and chatui recording issue fix
- Introduced audio_urls parameter in Provider class and related methods to handle audio input.
- Updated ProviderAnthropic, ProviderGoogleGenAI, and ProviderOpenAIOfficial to process audio URLs.
- Enhanced media_utils with functions to ensure audio format compatibility and detect audio types.
- Modified dashboard components to display audio input support and handle audio attachments in messages.
- Updated localization files to include audio as a supported modality.
- Added new icons for audio input in the dashboard UI.
* feat: enhance audio handling with temporary file cleanup and format support
* feat: track temporary local files for converted audio components
* fix: update image placeholder in prompt from "[图片]" to "[Image]"