- Updated the VitePress configuration to include links to CLI commands in both English and Chinese.
- Enhanced the AstrBot deployment documentation with instructions for installing it as a system service.
- Created comprehensive CLI commands documentation covering initialization, service management, configuration, and plugin management.
- Added tests for CLI command aliases and service functionalities to ensure proper command registration and behavior.
- Implemented service log management features, including enabling application logging and controlling log visibility.
* fix(webui): enforce 12-char dashboard password policy with backend+frontend validation
* fix(i18n): update password policy hints and validation rules for improved security
* test: adapt dashboard auth fixtures for hashed default password
* fix(security): increase PBKDF2 iterations
* feat(auth): implement secure login challenge and proof verification
* chore: ruff format
* fix(auth): update md5 import syntax for consistency
* feat(dashboard): implement random password generation for empty dashboard password
* feat(auth): enforce plaintext password requirement for legacy MD5 hashes
* fix(i18n): update password hint texts to reflect auto-generated initial passwords
* feat(dashboard): implement password change requirement and reset logic
* feat(auth): implement account setup flow and password change requirements
* feat: Implement legacy password support and upgrade mechanism
- Added `hash_legacy_dashboard_password` function for MD5 hashing of passwords.
- Updated configuration handling to store both PBKDF2 and legacy password hashes.
- Introduced logic to check if password storage has been upgraded and if a password change is required.
- Modified dashboard authentication routes to handle legacy password checks and prompts for upgrades.
- Updated frontend to display warnings for legacy password storage and required upgrades.
- Enhanced tests to cover scenarios for legacy password handling and migration to new storage format.
* fix(logo): update text color styles to use CSS variables for consistency
* feat(dashboard): upgrade password storage and enforce change requirement
* fix(dashboard): update minimum password length from 12 to 10 characters
* fix(dashboard): update minimum password length from 10 to 8 characters
---------
Co-authored-by: RC-CHN <1051989940@qq.com>
remove deprecated API modules and example scripts; update core modules
(agents, providers, tools, platform adapters, utils), dashboard package
and components, and unit tests.
- ToolSet.add() now protects active tools from inactive overrides
- Add missing _has_meaningful_content() method in RespondStage
- Remove is_local=True from ExecuteShellTool (no longer supported)
- Fix ToolSet() missing namespace argument in get_full_tool_set()
- Rewrite tests to match new tool architecture (cron_tools, func_tool_manager, tool_conflict_resolution)
- Move logo and print_logo to new astrbot/cli/banner.py module
to avoid circular imports
- Add is_interactive() helper to detect TTY
- Show ASCII logo in run/init commands only in interactive mode
- Show WeChat QR code ASCII art only in interactive mode;
non-interactive mode shows just the QR link
AstrBot uses a lock file (astrbot.lock) to prevent concurrent instances.
Before allowing a password change via `astrbot conf admin`, the CLI now
attempts to acquire the lock with a 1-second timeout. If acquisition fails
(another process holds it), the command is rejected with a clear error
message instructing the user to stop astrbot first.
The run command should use the original InitialLoader-based startup,
not the new _internal/runtime bootstrap. Only the dev subcommand
uses the new architecture.
Previously initialize_runtime_bootstrap() was called at module level,
causing it to run for ALL astrbot CLI commands (conf admin, etc).
Now it only runs when the 'run' command is executed.
Implement the new _internal package structure for AstrBot runtime:
- Add AstrbotOrchestrator with LSP, MCP, ACP, ABP protocol clients
- Add AstrbotGateway server with WebSocket support
- Add comprehensive test suite for runtime module
- Add tools base module for MCP tools
Implements bootstrap function using anyio task groups for
concurrent protocol client initialization.
Remove the dead is_legacy_dashboard_password_hash helper which was
never used by verify_dashboard_password. Legacy SHA-256/MD5 hashes
are not supported - only Argon2 and PBKDF2 are valid password hashes.
Users with old SHA-256 hashes must reset their password.
- Add version check at startup in both __main__.py and cmd_run.py
- Suggest using `uv run -m astrbot` or reinstalling with uv
- Add ABC base class and abstract methods to ComputerBooter
- Improve type annotations in OpenAIAgentsRunner
- Non-interactive mode now streams logs to stdout with color-coded levels
- Add proper async cleanup when shutting down
- Fix type annotations in coze and deerflow agent runners
- Remove all DASHBOARD_* and ASTRBOT_DASHBOARD_* fallback chains
- server.py now only checks ASTRBOT_HOST, ASTRBOT_PORT, ASTRBOT_SSL_*
- cmd_run.py no longer sets legacy DASHBOARD_* environment variables
- Clean up import paths for agent runners
- Add i18n support to cmd_conf.py (config validators)
- Fix BaseFunctionToolExecutor to be an ABC
- Add explicit type annotations for dict payloads
- Various type annotation improvements
- Add CLI i18n module (astrbot/cli/i18n.py) with zh/en translations
- Add TUI i18n module (astrbot/tui/i18n.py) with zh/en translations
- Update CLI commands to use translated strings
- Update TUI app and screen to use translated strings
- Add ASTRBOT_CLI_LANG and ASTRBOT_TUI_LANG to .env.example
- Update cmd_run.py env var documentation
- Add backward compatibility for moved modules with DeprecationWarning