* feat: supports plugin to add skills * fix tests * fix: fs tools * Add tests for plugin skills handling and improve skill management - Implement test for restricted local member reading plugin skill inventory even if the plugin is inactive. - Ensure that the skill synchronization process retains built-in skills when local skills are empty, including proper handling of plugin paths. - Update dashboard tests to verify that plugin details include components when requested. - Enhance skill metadata enrichment tests to include inactive plugin-provided skills for inventory. - Add filtering tests for plugin skills based on current configuration, ensuring only allowed plugins are considered and inactive plugins are skipped. Co-authored-by: Copilot <copilot@github.com> * fix: handle PPIO platform context-length error messages (#7888) * fix: 压缩算法删除 user 消息 Bug 修复 * perf: improve truncate algo * fix: improve context length error detection for PPIO platform compatibility - Extend error detection to handle PPIO's error message format: 'The input is longer than the model's context length' - Add case-insensitive matching using .lower() for robustness - Maintain backward compatibility with existing 'maximum context length' check This fixes the issue where PPIO platform models (e.g., ppio/zai-org/glm-5-turbo) would fail with AgentState.ERROR due to unrecognized context length errors. --------- Co-authored-by: Soulter <905617992@qq.com> * fix: 支持微信客服文件消息 (#7923) * fix: 支持微信客服文件消息 * fix: remove WeCom file message placeholder * fix(provider): fix Anthropic custom headers and system prompt compatibility (#7587) * fix(provider): fix Anthropic custom headers and system prompt compatibility - Pass custom_headers via AsyncAnthropic's `default_headers` parameter instead of creating a separate httpx.AsyncClient. This avoids `isinstance` check failures when multiple httpx installations exist on sys.path (e.g. bundled Python + system Python). - Use list format for the `system` parameter (`[{"type": "text", ...}]`) instead of a plain string. The list format is supported by the official Anthropic API and is also compatible with third-party API proxies that reject the string format. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(provider): fix Anthropic custom headers and system prompt compatibility - Pass custom_headers via AsyncAnthropic's `default_headers` parameter instead of creating a separate httpx.AsyncClient. This avoids `isinstance` check failures when multiple httpx installations exist on sys.path (e.g. bundled Python + system Python). - Use list format for the `system` parameter (`[{"type": "text", ...}]`) instead of a plain string. The list format is supported by the official Anthropic API and is also compatible with third-party API proxies that reject the string format. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add test unit --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * perf: improve logic of adding models Co-authored-by: piexian <piexian@users.noreply.github.com> * chore: remove redundant logger messages and improve log clarity Co-authored-by: Copilot <copilot@github.com> * chore: ruff format * docs: update knowledge base docs closes: #7962 * fix(#7907): send_message_to_user cron 场景下 session 容错 (#7911) * fix: send_message_to_user cron 场景下 session 容错 (#7907) - LLM 在主动场景可能只传 session_id 而非完整三段式, from_str 失败时用 current_session 补全前两段。 Co-authored-by: Copilot <copilot@github.com> * fix: 限制 session 补全仅对裸 session_id 生效,避免误修带冒号的错误输入 (#7907) * feat: add session information to cron job payload Co-authored-by: Copilot <copilot@github.com> * fix: improve clarity and consistency of safety mode prompts Co-authored-by: Copilot <copilot@github.com> --------- Co-authored-by: Copilot <copilot@github.com> Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com> Co-authored-by: Soulter <905617992@qq.com> * perf: tool rendering in conversation page (#7937) * fix(dashboard): route conversation history tool messages through ToolCallCard When viewing conversation history, large tool outputs (e.g. a single git log --stat producing tens of KB) caused the browser renderer to freeze. Root cause: formattedMessages mapped every role (including tool / system / _checkpoint) into user/bot bubbles, and bot plain strings went through markstream-vue's MarkdownRender. Single 88KB tool messages plus 88-of-them adding up to ~349KB of synchronous markdown parsing was enough to block the main thread for 5+ seconds. This patch: - Indexes tool-role messages by tool_call_id - Filters formattedMessages to user/assistant only — tool, system and _checkpoint roles no longer render as standalone bubbles - Converts assistant.tool_calls (OpenAI shape, with tc.name/tc.arguments fallbacks) into the existing tool_call MessagePart, attaching the paired result so MessageList's ToolCallCard renders it (default collapsed, no longer feeds large strings into the markdown renderer) - Drops empty placeholder plain parts when an assistant message only carries tool_calls - Sets ts/finished_ts to 0 as a sentinel: ToolCallCard.toolCallDuration returns "" when startTime <= 0, suppressing a misleading "0ms" duration that would otherwise appear because conversation history has no real timing data Behavior change: tool results are now embedded in their assistant's ToolCallCard.result instead of appearing as separate bot bubbles. This matches the main chat UI's behavior. Fixes #7929 Refs #7372 #7456 * style(dashboard): use single scrollbar in conversation history preview ToolCallCard's result/args panes have their own max-height + overflow, which produced a nested scrollbar when nested inside the history preview's already-scrollable .conversation-messages-container. Override those constraints inside the preview only — the outer 500px-bounded container already provides scroll bounds, so a single scrollbar feels cleaner. The main chat UI is unaffected. --------- Co-authored-by: wanger <wanger@example.com> * fix: ruff format * feat: add python tool timeout param (#7953) * feat: add python tool timeout param * Update python.py --------- Co-authored-by: Weilong Liao <37870767+Soulter@users.noreply.github.com> * fix: 钉钉连接超时后自动重连失败 (#7924) * fix: improve DingTalk adapter error handling in run() method * fix: add retry logic for DingTalk SDK task unexpected exit * fix: use task.add_done_callback to wake thread on task completion, handle UnboundLocalError * refactor: extract retry logic into handle_retry helper function --------- Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com> --------- Co-authored-by: Copilot <copilot@github.com> Co-authored-by: leonforcode <leonbeyourside01@gmail.com> Co-authored-by: AstralSolipsism <134063164+AstralSolipsism@users.noreply.github.com> Co-authored-by: Pink YuDeer <wer00001@outlook.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: piexian <piexian@users.noreply.github.com> Co-authored-by: NayukiMeko <ChibaNayuki@163.com> Co-authored-by: wanger <122891289+10knamesmore@users.noreply.github.com> Co-authored-by: wanger <wanger@example.com> Co-authored-by: Haoran Xu <3230105281@zju.edu.cn> Co-authored-by: 千岚之夏 <108566281+Blueteemo@users.noreply.github.com> Co-authored-by: Blueteemo <Blueteemo@users.noreply.github.com>
5.4 KiB
Computer Use
Computer Use controls whether an Agent can execute code, access files, run Shell commands.
Mode Selection
In WebUI, open:
Config -> General Config -> Use Computer Capabilities
The key option is Computer Use Runtime:
none: disables Computer Use; Shell, Python, filesystem, and related tools are not mounted.local: executes on the host machine where AstrBot is running. Use this when the Agent needs local files, command-line tools, or local dependencies.sandbox: executes inside an isolated sandbox. Use this when you want to reduce host risk or provide automation capabilities to multiple users.
If you are not sure which mode to choose, prefer sandbox. Use local only when direct host access is required.
Local Mode
local mode mounts Computer Use tools into the host environment where AstrBot runs. The Agent can call the host Shell, host Python, and host filesystem tools.
This means the Agent's boundary is close to the AstrBot process itself. What it can access depends on the system permissions, runtime user, working directory, and operating-system restrictions of the AstrBot process.
Workspace
In local mode, AstrBot prepares a workspace for each session:
data/workspaces/{normalized_umo}
{normalized_umo} is derived from the current session's unified_msg_origin; characters unsuitable for filenames are replaced with _.
Relative paths passed to local filesystem tools are resolved under this workspace. For example:
notes/todo.txt
is resolved as:
data/workspaces/{normalized_umo}/notes/todo.txt
The local Shell tool also runs with this workspace as its current working directory.
Note
The local Python tool executes code through AstrBot's current Python environment. When Python code reads or writes files, use explicit absolute paths or prepare files through filesystem tools in the workspace first.
Local Tools
local mode mainly provides:
Shell: executes host shell commands. Windows followscmd.exesemantics; Linux/macOS follow Unix-like shell semantics.Python: executes Python code in AstrBot's current Python environment.File read: reads text, image, spreadsheet, and other supported files.File write: writes UTF-8 text files; relative paths default to the current workspace.File edit: replaces exact text in files.Grep search: searches file contents through ripgrep.
local mode does not mount sandbox upload/download tools, and it does not provide browser automation. Browser automation belongs to the sandbox runtime and requires a sandbox profile with the browser capability.
The local Shell tool includes basic blocking for dangerous commands such as rm -rf, sudo, shutdown, reboot, and kill -9. This is not a complete security sandbox and should not be treated as one.
Permission Model
Computer Use has a separate option:
Require AstrBot admin permission
This option is enabled by default.
When enabled:
- Admin users can use Shell, Python, file read, file write, file edit, and Grep search in
localmode. - Non-admin users cannot use Shell or Python.
- Non-admin users can only use file read, write, edit, and search inside restricted directories. Plugin-provided Skills are read/search-only and cannot be written or edited.
Allowed directories for non-admin users in local mode include:
data/skillsdata/plugins/*/skills(read-only, for plugin-provided Skills)- Current session's
data/workspaces/{normalized_umo} - AstrBot temporary directories
.astrbotunder the system temporary directory
If Require AstrBot admin permission is disabled, regular users behave much closer to admins for Computer Use tools. Do not disable it unless you understand the risk.
Admin IDs can be configured in:
Config -> Other Config -> Admin ID
Users can get their own ID with /sid.
Sandbox Mode
sandbox mode runs execution actions inside an isolated environment instead of directly on the AstrBot host.
Inside the sandbox, the Agent can still use Shell, Python, and filesystem tools. If the selected sandbox profile supports the browser capability, AstrBot also mounts browser automation tools.
With Shipyard Neo, the sandbox workspace root is usually:
/workspace
Filesystem tools should usually receive relative paths, for example:
result.txt
instead of:
/workspace/result.txt
For sandbox deployment, profiles, TTL, persistence, and browser capabilities, see Agent Sandbox Environment.
Note
Even in
sandboxmode,Require AstrBot admin permissionstill affects access to Shell, Python, browser, upload/download, and related tools. The exact behavior depends on your configuration.
Skills
Skills are reusable instruction bundles for Agents. They are usually stored under data/skills, and each Skill contains a SKILL.md.
The relationship between Skills and Computer Use is:
- Skills tell the Agent what to do.
- Computer Use decides whether the Agent can execute those steps.
For example, a Skill may ask the Agent to read files, run scripts, and generate a report. If Computer Use Runtime is none, the Agent may see the Skill instructions, but it cannot call Shell or Python to execute them.
In local mode, the Agent reads local Skills.
In sandbox mode, AstrBot attempts to sync local Skills into the sandbox so the Agent can execute them there.
For more details, see Anthropic Skills.