🧪 Pre-release (beta) note for the upcoming v4.10.0 major release. / v4.10.0 大版本的预发布(beta)说明。
🚀 Key Features / 关键更新
📦 沙箱 / Sandbox (Box Runtime) - Authored by @huanghuoguoguo
LangBot's built-in Agent now runs in a real sandbox. The new Box Runtime gives it an isolated environment with six native tools — exec / read / write / edit / glob / grep — to run commands and work with files like a developer, and it hosts stdio MCP servers. Backends (Docker / nsjail / E2B) are pluggable and auto-selected.
LangBot 内置 Agent 现在运行在真正的沙箱中。全新 Box Runtime 提供隔离环境与 exec / read / write / edit / glob / grep 六件套原生工具,让 Agent 像开发者一样执行命令、读写文件,并托管 stdio 模式 MCP Server。后端(Docker / nsjail / E2B)可插拔、自动选择。
主要变更 / Key changes:
- New Box Runtime exposing the
exec/read/write/edit/glob/grepnative tools, and hosting stdio MCP servers - Pluggable backends (Docker / nsjail / E2B), auto-selected;
box.enabledmaster switch with graceful degradation - Control plane: a stdio subprocess for manual /
uvx, alangbot_boxcontainer (WebSocket) for Docker
🎯 技能 / Skills - Authored by @huanghuoguoguo
Skills are on-demand instruction packs — a prompt, a procedure, scripts, and reference files — that the Agent activates only when a task needs it. It sees the available skills upfront and pulls the full content via activate just in time, keeping the context lean.
技能(Skills) 是按需激活的指令包——提示词、流程、脚本与参考文件——Agent 只在任务需要时激活。平时只看到可用技能列表,遇到任务才通过 activate 即时拉取完整内容,保持上下文精简。
🧩 Shipped early across 4.9.x / 4.9.x 期间提前到位
These were planned for this release and shipped early in the 4.9.x line:
以下能力原计划随大版本发布,已在 4.9.x 提前上线:
- 插件扩展页面 / Plugin Extension Pages — plugins can render custom UI via iframe + a Page SDK (@TyperBody, #2107)
- 监控 / Monitoring — feedback linked to message IDs, plus feedback export (@6mvp6, #2120)
- 安全加固 / Security hardening — path-traversal fixes and removal of an authenticated RCE endpoint (@sebastiondev, #2087 / #2178)
更新须知 / Update Notice
- The sandbox needs a backend. Docker:
docker compose --profile all up(launches thelangbot_boxcontainer). Manual /uvx: runs as a stdio subprocess automatically. To disable it, setbox.enabled: false(built-in tools, Skill create/edit and stdio MCP are turned off; http/sse MCP is unaffected). See the Sandbox docs. - 沙箱需要后端。Docker:
docker compose --profile all up(启动langbot_box容器);手动 /uvx:自动以 stdio 子进程运行。如需关闭,设box.enabled: false(内置工具、技能创建/编辑、stdio MCP 停用;http/sse MCP 不受影响)。详见沙箱文档。 - Upgrades the plugin SDK to
langbot-plugin 0.4.1. / 插件 SDK 升级至langbot-plugin 0.4.1。
What's Changed
- fix(utils): handle missing funcschema parameter docs by @huanghuoguoguo in #2186
- fix(provider): ignore empty token rotation by @huanghuoguoguo in #2184
- fix(plugin): validate plugin id format by @huanghuoguoguo in #2185
- fix(core): handle SIGINT before app startup by @huanghuoguoguo in #2189
- Fix telemetry send task isolation by @huanghuoguoguo in #2187
- Fix pkgmgr install_requirements extra_params default by @huanghuoguoguo in #2190
- fix(utils): classify runner URLs safely by @huanghuoguoguo in #2191
- fix(utils): preserve QQ image URL scheme by @huanghuoguoguo in #2188
- fix(api): avoid mutating pipeline update payload by @huanghuoguoguo in #2192
- fix(rag): reject unsafe runtime file paths by @huanghuoguoguo in #2193
- fix(api): avoid mutating bot update payload by @huanghuoguoguo in #2194
- fix(api): validate api key prefix by @huanghuoguoguo in #2195
- fix(pipeline): preserve routed flag when aggregating by @huanghuoguoguo in #2196
- fix(pipeline): handle empty longtext response chain by @huanghuoguoguo in #2197
- fix(pipeline): return created query from QueryPool.add_query by @huanghuoguoguo in #2198
- fix(plugin): use specific runtime not connected error by @huanghuoguoguo in #2199
- Feat/test build by @huanghuoguoguo in #2174
- fix: load persisted plugin config by @rocksclawbot in #2208
- Fix/sidebar menu cursor webui by @sheetung in #2209
- feat(aiocqhttp): handle json type messages in message converter by @sheetung in #2211
- fix(system): remove /debug/exec endpoint allowing authenticated RCE by @sebastiondev in #2178
- feat(qrcode-login): enhance WeChat login flow with expiration handling by @fdc310 in #2212
- feat(lark): add domain configuration options for Lark adapter by @fdc310 in #2220
- Feat/sandbox by @huanghuoguoguo in #2072
Full Changelog: v4.9.7...v4.10.0-beta.3