[pull] master from AstrBotDevs:master#460
Merged
pull[bot] merged 7 commits intoSXP-Simon:masterfrom Apr 28, 2026
Merged
Conversation
… and timeout support (#7835) * feat(shell): add background command execution with output redirection and timeout support * feat(shell): update timeout parameter to be optional in shell execution methods * feat(shell): set default timeout for shell execution to 10,000,000 milliseconds * feat(shell): set default timeout to 300s for shell execution * feat(shell): reorder timeout parameter in ExecuteShellTool configuration * feat(shell): implement background command execution with detached shell command support Co-authored-by: Copilot <copilot@github.com> * test(shell): remove obsolete test for background shell command output redirection * fix: reorder import statements in shell.py for consistency * fix: wrap command in parentheses for background output redirection --------- Co-authored-by: Copilot <copilot@github.com>
…rove background command handling
* fix(provider): persist model enable toggle Fixes #7863 * fix(provider): wait for model toggle refresh
…ix #7822) (#7824) * fix(core): security fix - restrict send_message_to_user to current session only Closes #7822 SECURITY: Remove the user-controlled 'session' parameter from the send_message_to_user tool. Previously, a regular user could ask the LLM to send messages to any arbitrary session (group chat) by providing a crafted session string, which is a high-risk vulnerability. Changes: - Remove 'session' parameter from tool schema (LLM can no longer propose it) - Always use context.context.event.unified_msg_origin as the target session - Update description to clearly state that messages can only be sent to the current user's session * fix: restore session param but restrict to admin only - Re-add the parameter removed in the original PR - Non-admin users can only send to their own session (current_session) - Admin users can send to any session via the param - Uses from computer_tools.util (same pattern as fs.py) - Ref: #7822 Co-authored-by: Soulter <soulter@astrbot.app> * Update message_tools.py --------- Co-authored-by: AstrBot <bot@astrbot.app>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )