Commit graph

98 commits

Author SHA1 Message Date
Alessandro
b3b5e44cc3 Patch LiteLLM security pins
Upgrade LiteLLM to 1.88.1 so Agent Zero is above the CVE-2026-42271 patched floor, and move the OpenAI SDK pin to 2.41.1 to satisfy LiteLLM's new dependency range.

Pin Starlette to the patched 1.0.1 release for the Host-header request.url.path advisory.

Fold requirements2.txt back into requirements.txt now that browser-use is no longer part of the repo dependency set, and update installer and setup docs to use a single requirements file.
2026-06-11 03:47:58 +02:00
Alessandro
b52b4220d9 Revert "Add builtin ACP plugin"
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
This reverts commit 46112c9750.
2026-06-02 01:05:09 +02:00
Alessandro
46112c9750 Add builtin ACP plugin
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Expose Agent Zero over the Agent Client Protocol as a builtin stdio plugin with session lifecycle support, streaming bridges, registry metadata, and editor workspace handling.

Add lazy dependency installation through the ACP plugin hook using the root requirements pin so self-updated instances can recover without a fresh Docker image.

Pin agent-client-protocol, add focused static coverage, and allow ACP sessions to override the per-context workdir for code execution and workdir prompts.
2026-06-01 02:40:28 +02:00
Alessandro
6df3acc1e6 fix(document_query): pin LiteParse dependency
Pin LiteParse to 2.0.3 in both Docker requirements and the plugin hook requirements so new images and existing plugin installs resolve the same tested runtime.
2026-05-29 16:07:20 +02:00
Alessandro
6ccbae0712 feat(document_query): add liteparse runtime and progressive skill
Add LiteParse as the preferred parser path with legacy parser fallbacks, centralized document fetching, generic user-facing progress, and compatibility shims for the former helper/tool imports.

Install the runtime through Docker requirements for fresh images and through the _document_query plugin hook/startup migration for existing installations.

Move the long document_query tool instructions into a document-query skill and leave a compact tool prompt stub that directs the model to load the skill before using document_query for documents, code-file Q&A, and document-image OCR. Also add default Agent Zero guidance for document/code/OCR Q&A routing.

Tests:
- PYTHONPATH=/home/eclypso/a0/agent-zero-pr-1528 conda run -n a0 pytest tests/test_document_query_plugin.py -q
- python -m compileall -q plugins/_document_query helpers/document_query.py tools/document_query.py tests/test_document_query_plugin.py
- git diff --check
- Live Agent Zero Web UI E2E at localhost:32080: PDF Q&A, code-file Q&A through document_query skill, and W-4 document-image OCR

Broader legacy pytest probe remains blocked by unrelated browser-agent, docker workflow branch expectation, and webui fixture path failures in this older PR worktree.
2026-05-29 12:45:14 +02:00
Alessandro
2613fac05f Pin pyreqwest-impersonate for Docker builds
Some checks failed
Build And Publish Docker Images / plan (push) Has been cancelled
Build And Publish Docker Images / build (push) Has been cancelled
Freeze pyreqwest-impersonate at 0.5.3 so duckduckgo-search installs the nearest older wheel-backed release. The newly published 0.5.5 release is source-only and fails Docker builds without cmake while compiling boring-sys-imp.
2026-05-05 19:20:56 +02:00
Alessandro
983d431a5e browser: replace browser-use agent with native browser
Introduce the new built-in Browser plugin for Agent Zero, replacing the legacy
browser-use-based browser agent with a direct Playwright-powered browser tool,
live WebUI viewer, browser session controls, status APIs, configuration, and
extension-management support.

Add browser-specific modal behavior so the browser can run as a floating,
resizable, no-backdrop window, including modal focus, toggle, and idempotent
open helpers for richer WebUI surfaces.

Remove the old `_browser_agent` core plugin and the `browser-use` dependency,
then clean up stale browser-model wiring and references across agent code,
model configuration docs, setup guides, troubleshooting docs, skills, and
Agent Zero knowledge.

Update regression and WebUI extension-surface coverage for the new browser
architecture and modal behavior.

The legacy browser-use implementation has been extracted from core so it can
continue separately as a community plugin published through the A0 Plugin Index for any user or professional that were relying on it for workflow.
2026-04-24 15:43:52 +02:00
Alessandro
b73da881c6 Upgrade FastMCP to 3.2.4 / MCP to 1.27.0 for CVE-2026-32871
Bump FastMCP from 2.13.1 to 3.2.4 and MCP from 1.22.0 to 1.27.0
to remediate CVE-2026-32871 (GHSA-vv7q-7jx5-f767), as flagged by
Docker Scout.

Add a regression test covering OpenAPI path-parameter escaping so
malicious values like ../../../admin/delete-all? remain percent-encoded
under the intended route prefix instead of resolving to a different
backend path.

Validation:
- smoke-tested Agent Zero MCP initialization against fastmcp 3.2.4 + mcp 1.27.0
- PYTHONPATH=/tmp/agent-zero-testdeps python3 -m pytest tests/test_fastmcp_openapi_security.py -q

Refs:
- CVE-2026-32871
- Docker Scout: https://scout.docker.com/vulnerabilities/id/CVE-2026-32871
- GitHub advisory: https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767
- Related upstream issue: https://github.com/agent0ai/agent-zero/issues/1526
2026-04-16 15:21:01 +02:00
frdel
247c8d845f Change default self-update backup directory from /a0/tmp to /root and add lazy aiogram dependency loading for Telegram plugin
- Update default backup path from /a0/tmp/self-update-backups to /root/update-backups in self_update_manager.py, helpers/self_update.py, and documentation
- Move aiogram from global requirements.txt to plugin-local requirements for _telegram_integration
- Add ensure_dependencies() helper that installs aiogram on-demand via uv pip install
- Add has_aiogram() check to avoid
2026-03-26 10:20:35 +01:00
keyboardstaff
83ffa27d13 feat: add Telegram integration plugin - core backend 2026-03-20 10:12:36 -07:00
frdel
e4f974b80d refactor: add file system watchdog support for API handlers, extensions, and plugins
- Add `watchdog` dependency to requirements.txt
- Implement cache entry timestamps with `CacheEntry` dataclass for LRU-style tracking
- Add `trim_cache` function to remove stale entries based on age
- Update cache operations to track and update entry timestamps on access
- Add `_get_matching_areas` helper for wildcard pattern matching in cache clearing
- Register watchdogs for API handlers, extensions, and plugins to
2026-03-18 21:07:33 +01:00
Deimos AI
f685b5abe6 fix(deps): remove non-existent [all-docs] extra from langchain-unstructured 2026-03-11 14:45:52 +00:00
Jan Tomášek
fbf9916b03
Merge pull request #1231 from Deimos-AI/pr/sec-transitive-dep-floor-pins 2026-03-10 20:15:11 +01:00
Jan Tomášek
de1938833a
Merge pull request #1230 from Deimos-AI/pr/sec-lxml-html-clean-xss 2026-03-10 20:14:40 +01:00
Tristan
dfe691d505 fix(deps): add security floor pins for 6 transitive dependencies 2026-03-09 17:15:46 +00:00
Tristan
30835c2ff4 fix(deps): bump lxml-html-clean 0.3.1 → 0.4.0 (XSS CWE-79 CVSS 8.4) 2026-03-09 17:14:11 +00:00
frdel
6dde8c2e74 Derive plugin names; refactor API helpers
Add robust plugin name derivation and clean up API helper code.

- helpers/git.py: add giturlparse dependency and extract_author_repo(url) to reliably extract owner/repo from git URLs (strips auth and validates).
- plugins/plugin_installer/helpers/install.py: replace the old sanitize function with two derivation helpers: _derive_git_plugin_name (normalizes owner/repo into a safe plugin ID) and _derive_zip_plugin_name (determine name from zip contents or uploaded filename). Import regex and use extract_author_repo; switch import to clear_plugin_cache and remove redundant cache clears on intermediate failures.
- requirements.txt: add giturlparse==0.14.0.
- webui/js/api.js: deduplicate and move extensions/URL normalization helpers, add redirect(response) helper to centralize login redirect handling, normalize CSRF cookie secure flag formatting, and minor whitespace/logic cleanup.

These changes improve reliability of plugin ID inference from git URLs/archives and simplify/centralize client-side API helper logic.
2026-03-09 15:59:41 +01:00
frdel
357d038114 whisper update 2026-02-10 10:41:48 +01:00
frdel
4932e12546 WebSocket merge 2026-02-01 16:07:45 +01:00
linuztx
68accf2dcb Update requirements.txt 2026-01-01 20:14:14 +08:00
Eddie Pick
f5fef3fbe5 Add AWS Bedrock provider support for chat and embeddings
- Add Bedrock to chat providers with native LiteLLM support
- Add Bedrock to embedding providers

Available models (from AWS docs):

Claude:
- anthropic.claude-opus-4-5-20251101-v1:0 (Opus 4.5)
- anthropic.claude-sonnet-4-5-20250929-v1:0 (Sonnet 4.5)
- anthropic.claude-haiku-4-5-20251001-v1:0 (Haiku 4.5)

Amazon Nova:
- amazon.nova-pro-v1:0, amazon.nova-lite-v1:0
- amazon.nova-2-lite-v1:0, amazon.nova-2-sonic-v1:0

Qwen:
- qwen.qwen3-235b-a22b-2507-v1:0
- qwen.qwen3-coder-480b-a35b-v1:0

Others: MiniMax M2, Mistral Large 3, DeepSeek R1/V3,
Llama 3.3, Titan Embeddings

Auth: Set BEDROCK_API_KEY (new AWS Bedrock API key)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-14 13:39:25 -05:00
frdel
908b9a259c Update requirements.txt 2025-11-13 19:35:54 +01:00
frdel
c78f6ff10b Update requirements.txt 2025-11-13 19:19:27 +01:00
frdel
786f51ca27 windows tty 2025-11-13 19:09:02 +01:00
frdel
7d4fa23f7f Merge branch 'pr/799' into development 2025-11-10 15:47:22 +01:00
frdel
7081479193 frontend file browsers, css colors, litellm update, reqs split 2025-11-09 20:56:31 +01:00
Rafael Uzarowski
096b066ac0
File Tree: update requirements.txt 2025-11-09 14:15:31 +01:00
TerminallyLazy
dea0bd8ad0 revert back to fastmcp==2.3.4 though we should think about upgrading soon. 2025-10-16 18:59:08 -04:00
TerminallyLazy
fec6aafe93 forgot to add exchangelib to requirements.txt 2025-10-16 18:28:51 -04:00
TerminallyLazy
3f6e55b65c added email_client helper. 2025-10-16 18:16:30 -04:00
frdel
43613d8f80 browser use upgrade 2025-09-23 14:55:10 +02:00
frdel
154b92cfd5 browser-use downgrade to 0.2.5 2025-08-27 21:43:03 +02:00
frdel
8a6355aa63 settings .env+json config, logging fix 2025-08-26 14:44:43 +02:00
frdel
f3401076cb browser-use upgrade 2025-08-26 10:38:58 +02:00
frdel
62cb6aff54 polishing litellm config 2025-08-25 12:48:22 +02:00
Rafael Uzarowski
d84d24b3be
feat: A2A Client/Server Implementation 2025-07-31 17:06:09 +02:00
frdel
0d77c537c2 Update requirements.txt 2025-07-14 22:55:42 +02:00
frdel
1953cae258 stt+tts fix 2025-07-12 23:52:48 +02:00
frdel
3b18b86454 api_base fix + litellm update 2025-07-09 10:30:54 +02:00
frdel
a3a276f355 Update requirements.txt 2025-07-04 22:48:08 +02:00
frdel
6fc24c23a0 0.9.1 finalizing 2025-07-02 13:03:43 +02:00
frdel
45cf742fa1 Merge branch 'pr/491' into development 2025-06-30 10:10:42 +02:00
TerminallyLazy
a100ee4143 Implement Kokoro TTS integration and settings updates
- Added Kokoro TTS support in preload and run_ui scripts.
- Introduced a new API endpoint for text-to-speech synthesis.
- Updated settings to include TTS enable/disable option.
- Refactored speech handling to utilize a centralized speech store.
- Enhanced UI with new speech button and SVG icon.
- Updated dependencies in requirements.txt for Kokoro TTS.
2025-06-28 22:48:37 -04:00
Rafael Uzarowski
69c268fe72
feat: Backup and Restore first version 2025-06-20 15:09:48 +02:00
frdel
a9d3987609 RAG tool merge 2025-06-14 09:45:04 +02:00
frdel
aadc111b31 playwright headless fix 2025-06-11 13:58:08 +02:00
frdel
8e5b108f58 faiss monkey patch 2025-06-11 12:24:19 +02:00
frdel
1b4cdae134 Update requirements.txt 2025-06-11 11:32:59 +02:00
frdel
102c57bf5c deps fixes 2025-06-11 11:32:26 +02:00
Rafael Uzarowski
15fe658aca
feat: update browser_use to v2 (0.2.5) 2025-06-05 20:56:36 +02:00