Commit Graph

2187 Commits

Author SHA1 Message Date
zhayujie
e9d9b566a4 feat(desktop): chat core with streaming, sessions, tool steps and markdown-it rendering 2026-06-20 00:40:11 +08:00
zhayujie
3baa3252bc feat(desktop): align API client and types with latest web backend endpoints 2026-06-20 00:39:47 +08:00
zhayujie
90d9db0f83 feat(desktop): platform-aware shell, design tokens and three-column layout 2026-06-20 00:39:38 +08:00
zhayujie
8bff4f1658 Merge branch 'master' into feat-cow-desktop 2026-06-19 21:35:29 +08:00
zhayujie
a0e20ef311 Merge branch 'pr-2909' 2026-06-19 21:07:32 +08:00
zhayujie
6996215d3b feat(models): custom model explanation standardization 2026-06-19 21:06:56 +08:00
zhayujie
03ffa2db7d refactor(web): drop hardcoded preset models for custom providers & fix handler bug
- Remove vendor-specific preset model lists for custom embedding/vision
  providers; users now type the model id manually (lists vary per vendor).
- Strip third-party vendor names from comments.
- Fix AttributeError in _set_vision/_set_embedding: the provider constants
  live on ModelsHandler, not ConfigHandler, so selecting a built-in
  provider crashed. Also replace the fragile [:-1] slice with an explicit
  non-custom filter.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-19 20:59:10 +08:00
zhayujie
75e3110e8c Merge pull request #2905 from Jiangrong-W/harness-fix/net-egress-cowagent-browser-navigate-no-internal-url-guard
fix(browser): block link-local / cloud-metadata navigation (SSRF guard)
2026-06-19 20:36:28 +08:00
christop
033480eef1 fix(browser): block link-local / cloud-metadata navigation (SSRF guard)
The browser tool navigates to a model-supplied URL via Playwright
page.goto and then auto-snapshots the page back to the model. The
http(s) navigate path performed no filtering, so a model tool call
(including under prompt injection) could point the agent-driven browser
at the cloud-metadata endpoint (169.254.169.254) and read the
credentials back through the snapshot.

Unlike the vision/web_fetch tools, the browser legitimately needs local
pages — a dev server on localhost / 127.0.0.1 / a LAN IP — so a blanket
"block all internal" policy is the wrong default here. The guard is
therefore narrow: it resolves the hostname and rejects only link-local
addresses (169.254.0.0/16, which includes the 169.254.169.254 metadata
endpoint, and IPv6 fe80::/10) plus the AWS IPv6 IMDS address
(fd00:ec2::254), before navigation. Loopback and RFC1918/LAN stay
reachable so local dev works out of the box.

Only http/https targets are validated; the documented non-HTTP scheme
handling (about:/data:/file:) is unchanged. An operator who deliberately
needs the link-local/metadata target can opt out with
tools.browser.allow_private_targets = true.

tests/test_security_ssrf_browser_navigate.py asserts link-local/metadata
targets are blocked while loopback, RFC1918/LAN and public targets
navigate through (browser service and DNS are stubbed; no real
browser/network).

Signed-off-by: christop <825583681@qq.com>
2026-06-19 20:15:27 +08:00
HnBigVolibear
8ddfcbb125 feat(web): add custom provider support for embedding & vision models, and fix memory_get Windows path bug!
1. Embedding model: support custom provider
   - Add "custom" entry to EMBEDDING_VENDORS with supports_dim_param=False
   - Parse custom:<id> credentials and model fallback in agent_initializer
   - Expand custom_providers as custom:<id> entries in Web UI dropdown

2. Vision model: support custom provider
   - Add custom:<id> routing in _route_by_provider_id
   - Add _build_custom_provider reading credentials from custom_providers
   - Expand custom_providers in Web UI dropdown, add validation in _set_vision

3. Fix memory_get Windows path validation bug!
   - str.startswith(path+'/') always False on Windows due to backslashes, So All Users can not use "memory_get" tool in Windows.
   - Use os.path.realpath + os.sep, consistent with MemoryService

4. Fix historical needsModel:false bug preventing embedding provider switch
   - Change embedding needsModel to true in console.js
   - Support custom:<id> resolution in cow_cli /memory status, also for adding custom provider support

Closes #2908, Closes #2880
2026-06-19 18:35:44 +08:00
zhayujie
a5aaecc48d Merge pull request #2901 from 6vision/master
docs(wecom_bot): mention webhook (callback) mode in channel docs
2026-06-19 17:12:13 +08:00
yangziyu-hhh
84d6848e67 feat(knowledge): add document creation and import 2026-06-18 16:06:41 +08:00
zhayujie
01373465b0 fix(web): correct Bridge import path in MessageDeleteHandler #2902 2.1.2 2026-06-17 22:04:24 +08:00
6vision
a1e733080d docs(wecom_bot): mention webhook (callback) mode in channel docs 2026-06-17 20:37:51 +08:00
zhayujie
3b3ef715bb feat: update 2.1.2 release docs 2026-06-17 19:09:47 +08:00
zhayujie
47b2bf9d46 Merge pull request #2900 from Jr61-star/harness-fix/net-egress-cowagent-web-fetch-no-private-ip-guard
fix(web_fetch): add SSRF guard for model-supplied URLs
2026-06-17 17:47:48 +08:00
christop
ea47f3097e fix(web_fetch): add SSRF guard for model-supplied URLs
web_fetch fetched any http/https URL a model emitted, checking only the
scheme. It performed requests.get(..., allow_redirects=True) with no
hostname resolution check and no private/loopback/link-local/cloud-metadata
filtering, and never re-validated redirect targets. A model (including one
under prompt injection) could make CowAgent fetch 127.0.0.1, RFC1918,
169.254.169.254 or other internal endpoints and return their bodies into
the conversation; a public URL could also 302-bounce into a private target.

The repo already shipped an SSRF validator for the vision tool
(Vision._validate_url_safe). Extract that logic into a shared helper
(agent/tools/utils/url_safety.py) and reuse it:

- execute() now validates the URL before dispatching to either fetch path.
- A new _safe_get() helper disables auto-redirect and follows redirects
  manually, re-validating every hop so a public URL cannot bounce into an
  internal address. Both the webpage and document fetch paths use it.
- Vision._validate_url_safe now delegates to the shared helper (public API
  unchanged), so both URL-consuming tools share one guard.

Stdlib only (ipaddress, socket, urllib.parse); no new dependency. Adds
tests/test_security_ssrf_web_fetch.py covering loopback, cloud-metadata,
RFC1918 and a public->loopback redirect.

Sink: agent/tools/web_fetch/web_fetch.py (_fetch_webpage / _fetch_document).
Signed-off-by: christop <825583681@qq.com>
2026-06-17 17:38:35 +08:00
zhayujie
70c1c44d15 feat: add kimi-k2.7-code and glm-5.2 models
- Add Kimi kimi-k2.7-code (default), kimi-k2.7-code-highspeed, and GLM glm-5.2 (default)
- Fix 400 error when disabling thinking on kimi-k2.7-code; omit the thinking param for this series since it only accepts type=enabled
- Update README, docs (zh/en/ja), install scripts, and Web console model dropdown
2026-06-17 11:54:35 +08:00
zhayujie
e3dce45b2a fix(bash): bypass cmd.exe length limit for long python -c on Windows 2026-06-16 21:11:33 +08:00
zhayujie
3bb8ec3bea feat(web): support manually renaming sessions in console #2897 2026-06-16 20:03:38 +08:00
zhayujie
35e42a3ad6 Merge pull request #2893 from yangziyu-hhh/master
feat(knowledge): add category and document management
2026-06-16 18:52:43 +08:00
zhayujie
949575ad14 Merge pull request #2896 from 6vision/feat/wecom-bot-callback #2869
Feat: wecom bot callback
2026-06-16 17:29:30 +08:00
zhayujie
1c34f0f03d Merge pull request #2892 from HnBigVolibear/master
feat(web): enhance scheduled task management in web console
2026-06-16 17:24:05 +08:00
6vision
eed2eab014 refactor(wecom_bot): use wecom_bot_mode field and clean up temp images
Replace the boolean wecom_bot_callback with a wecom_bot_mode field
("websocket" | "webhook"), consistent with the Feishu channel's
feishu_event_mode. Update startup() and send() to branch on the mode.

Also fix a temp-file leak in _load_image_base64: downloads, format
conversions and compressions wrote to /tmp but were never removed. Track
only the temp files created here and delete them in a finally block,
leaving the caller's original local file untouched.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-16 17:23:31 +08:00
zhayujie
381cbed4fd fix(evolution): improve review summary language, tone and length 2026-06-15 22:28:07 +08:00
zhayujie
4cde25325d fix(evolution): pin review summary language via i18n hint 2026-06-15 22:04:52 +08:00
zhayujie
8d70af5e89 refactor(evolution): simplify review summary prompt 2026-06-15 21:43:53 +08:00
zhayujie
b3408d8e5f fix(windows): persist cow CLI dir to user PATH 2026-06-15 20:53:01 +08:00
zhayujie
e74906fbec fix(evolution): skip idle review while a turn is running 2026-06-15 20:33:52 +08:00
6vision
52209217fc refactor(wecom_bot): config-file-only callback mode + fixed callback path
Remove the callback-mode fields (Callback Mode / Token / EncodingAESKey /
Port) from the web console channel form; these are rarely changed and are
now configured via config.json only. The console keeps Bot ID / Secret for
the long-connection setup.

Serve the callback HTTP server on a fixed path (/wecombot) instead of any
path (/.*), so unrelated requests 404 rather than being processed as
signature-failing WeCom callbacks. The bot's receive-message URL must point
at http(s)://host:<port>/wecombot.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-15 19:47:19 +08:00
6vision
018493a60b fix(wecom_bot): revert callback image cap to 512KB (2MB inline body rejected by WeCom)
The 2MB cap (matching the long-connection upload path) does not work for
the callback path: there the whole image is base64-embedded in an
AES-encrypted body returned on every poll. A ~1.5MB image (base64 ~2.1MB,
encrypted ~2.8MB) makes WeCom reject the finish packet and poll forever,
which also surfaces as a truncated text bubble and WeCom's own timeout
error. Cap well below that at 512KB so the finish packet is accepted.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-15 19:22:16 +08:00
6vision
630373b1f0 fix(wecom_bot): defer text finish for image race; align callback image cap to 2MB
Defer the callback stream finish after a text reply so a trailing
image-with-caption send (text first, image 0.3s later) can merge in
instead of closing the stream prematurely. Raise the callback inline
image cap from 512KB to 2MB to match the long-connection upload path.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-15 18:56:20 +08:00
6vision
dec31dfd75 fix(wecom_bot): shrink callback inline images so finish packets aren't rejected
In callback mode the image is base64-embedded in the stream finish reply and
the whole response is AES-encrypted and returned on every poll. A multi-MB
body is rejected/times out on WeCom's side, leaving the "···" bubble spinning
and the image never shown.

- Compress callback images to <=512KB (JPEG, resize if needed) instead of the
  10MB the protocol nominally allows
- Fall back to the original image if compression fails, and log the final
  base64 payload size for diagnosis

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-15 18:26:38 +08:00
zhayujie
2397ea019e feat: config cli support evolution 2026-06-15 17:57:10 +08:00
zhayujie
77da90e316 feat: record self-evolution turn on streaming chat 2026-06-15 17:51:22 +08:00
6vision
18ce17d21a fix(wecom_bot): finalize stream on cancel; never force-finish on a timer
The streaming "···" bubble should only stop when the task actually completes
or the user cancels — not on an arbitrary timeout that would also steal the
response_url fallback's chance to deliver a late answer.

- On agent_cancelled, finalize the stream (finish=true, "🛑 已中止" if empty)
  and schedule the response_url fallback so the bubble clears immediately when
  a run is cancelled, even past the poll window
- Do not force-finish a still-running stream on a timer; let it keep spinning
  until completion or cancel. Answers that finish after WeCom's ~6min poll
  window are delivered via response_url instead

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-15 17:26:06 +08:00
zhayujie
ce09b14836 feat: sync self-evolution switch and fix scheduler context 2026-06-15 16:30:34 +08:00
yangziyu-hhh
e7a069b060 Merge remote-tracking branch 'upstream/master' 2026-06-15 13:17:12 +08:00
yangziyu-hhh
6e3933be30 feat(knowledge): add category and document management 2026-06-15 13:15:07 +08:00
zhayujie
e2cb9e11b0 fix(install): avoid greenlet source build on Windows & guide browser tool install 2026-06-15 11:50:41 +08:00
zhayujie
d281a34c6f fix(models): demote claude-fable-5 from Claude default 2026-06-14 21:06:41 +08:00
湖南大白熊工作室
c97cf5610f Merge branch 'zhayujie:master' into master 2026-06-14 18:38:45 +08:00
zhayujie
ab674a3517 fix(docs): architecture graph link 2026-06-14 17:22:41 +08:00
zhayujie
7d63e7d8fa feat(cli): add agent self-restart command 2026-06-14 17:20:41 +08:00
zhayujie
6538843bdf fix(memory): remove max_tokens cap in deep dream distillation 2026-06-14 11:06:25 +08:00
HnBigVolibear
bd5fede122 feat(web): enhance scheduled task management in web console. Now we can edit any scheduled tasks in web!
- Add toggle, update and delete APIs for scheduled tasks
- Add task edit modal with schedule/action updates in web console  (PS: In edit box, now I Prevent channel type changes during editing (weixin token bound to session) )
- Add enable/disable switch with visual feedback in task cards
- Sort task list by enabled status first, then by next_run_at

Closes #2882
2026-06-14 02:11:15 +08:00
zhayujie
047fb57630 Merge pull request #2891 from sufan721/feat-add-role-module
- Auto-scan roles/*.json on startup and merge into built-in roles
2026-06-13 18:23:57 +08:00
sufan721
583c1de5ba - Auto-scan roles/*.json on startup and merge into built-in roles
- Same title overrides built-in role; different title appends as new
  - roles/ directory is optional — no impact when absent

  Users can now add custom roles by simply dropping a .json file
  into the roles/ directory and restarting. No config changes needed.
2026-06-13 16:50:54 +08:00
zhayujie
c9c293f67c Merge pull request #2888 from kirs-hi/fix/robustness-cancel-keyerror-compress-loop
fix: avoid KeyError on /cancel and infinite loop in image compression
2026-06-12 18:28:10 +08:00
6vision
561631baba fix(wecom_bot): rescue late replies via response_url + fix degrade notice
Handle agent replies that finish after WeCom stops polling the passive
stream (the poll window is ~6min from the user's message).

- Capture response_url from the message callback and, when a reply is
  finalized but no poll picks it up within a short grace period, push it as
  a one-shot active markdown reply (valid 1h, single use)
- Guard against double delivery via delivered/url_sent flags
- Embed public image URLs in the active markdown; note when a local image
  can't be delivered post-timeout
- Append (instead of discarding) the unsupported-type notice for
  file/voice/video replies so streamed text is preserved
- Quiet the per-poll debug log and log stream completion with content size

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-12 18:24:33 +08:00