refactor：重构内部工具的注册机制，并进行解耦

.gitignore

@@ -61,5 +61,5 @@ GenieData/
 .codex/
 .opencode/
 .kilocode/
+.serena
 .worktrees/
-

astrbot/core/agent/mcp_client.py

@@ -387,6 +387,7 @@ def __init__(
         self.mcp_tool = mcp_tool
         self.mcp_client = mcp_client
         self.mcp_server_name = mcp_server_name
+        self.source = "mcp"
 
     async def call(
         self, context: ContextWrapper[TContext], **kwargs

astrbot/core/agent/tool.py

@@ -63,6 +63,11 @@ class FunctionTool(ToolSchema, Generic[TContext]):
     Declare this tool as a background task. Background tasks return immediately
     with a task identifier while the real work continues asynchronously.
     """
+    source: str = "plugin"
+    """
+    Origin of this tool: 'plugin' (from star plugins), 'internal' (AstrBot built-in),
+    or 'mcp' (from MCP servers). Used by WebUI for display grouping.
+    """
 
     def __repr__(self) -> str:
         return f"FuncTool(name={self.name}, parameters={self.parameters}, description={self.description})"
@@ -101,6 +106,15 @@ def remove_tool(self, name: str) -> None:
         """Remove a tool by its name."""
         self.tools = [tool for tool in self.tools if tool.name != name]
 
+    def normalize(self) -> None:
+        """Sort tools by name for deterministic serialization.
+
+        This ensures the serialized tool schema sent to the LLM is
+        identical across requests regardless of registration/injection
+        order, enabling LLM provider prefix cache hits.
+        """
+        self.tools.sort(key=lambda t: t.name)
+
     def get_tool(self, name: str) -> FunctionTool | None:
         """Get a tool by its name."""
         for tool in self.tools:

astrbot/core/astr_agent_tool_exec.py

@@ -17,16 +17,6 @@
 from astrbot.core.agent.tool import FunctionTool, ToolSet
 from astrbot.core.agent.tool_executor import BaseFunctionToolExecutor
 from astrbot.core.astr_agent_context import AstrAgentContext
-from astrbot.core.astr_main_agent_resources import (
-    BACKGROUND_TASK_RESULT_WOKE_SYSTEM_PROMPT,
-    EXECUTE_SHELL_TOOL,
-    FILE_DOWNLOAD_TOOL,
-    FILE_UPLOAD_TOOL,
-    LOCAL_EXECUTE_SHELL_TOOL,
-    LOCAL_PYTHON_TOOL,
-    PYTHON_TOOL,
-    SEND_MESSAGE_TO_USER_TOOL,
-)
 from astrbot.core.cron.events import CronMessageEvent
 from astrbot.core.message.components import Image
 from astrbot.core.message.message_event_result import (
@@ -37,6 +27,12 @@
 from astrbot.core.platform.message_session import MessageSession
 from astrbot.core.provider.entites import ProviderRequest
 from astrbot.core.provider.register import llm_tools
+from astrbot.core.tools.prompts import (
+    BACKGROUND_TASK_RESULT_WOKE_SYSTEM_PROMPT,
+    BACKGROUND_TASK_WOKE_USER_PROMPT,
+    CONVERSATION_HISTORY_INJECT_PREFIX,
+)
+from astrbot.core.tools.send_message import SEND_MESSAGE_TO_USER_TOOL
 from astrbot.core.utils.astrbot_path import get_astrbot_temp_path
 from astrbot.core.utils.history_saver import persist_agent_history
 from astrbot.core.utils.image_ref_utils import is_supported_image_ref
@@ -172,25 +168,90 @@ async def _run_in_background() -> None:
 
             return
         else:
+            # Guard: reject sandbox tools whose capability is unavailable.
+            # Tools are always injected (for schema stability / prefix caching),
+            # but execution is blocked when the sandbox lacks the capability.
+            rejection = cls._check_sandbox_capability(tool, run_context)
+            if rejection is not None:
+                yield rejection
+                return
+
             async for r in cls._execute_local(tool, run_context, **tool_args):
                 yield r
             return
 
+    # Browser tool names that require the "browser" sandbox capability.
+    _BROWSER_TOOL_NAMES: frozenset[str] = frozenset(
+        {
+            "astrbot_execute_browser",
+            "astrbot_execute_browser_batch",
+            "astrbot_run_browser_skill",
+        }
+    )
+
+    @classmethod
+    def _check_sandbox_capability(
+        cls,
+        tool: FunctionTool,
+        run_context: ContextWrapper[AstrAgentContext],
+    ) -> mcp.types.CallToolResult | None:
+        """Return a rejection result if the tool requires a sandbox capability
+        that is not available, or None if the tool may proceed."""
+        if tool.name not in cls._BROWSER_TOOL_NAMES:
+            return None
+
+        from astrbot.core.computer.computer_client import get_sandbox_capabilities
+
+        session_id = run_context.context.event.unified_msg_origin
+        caps = get_sandbox_capabilities(session_id)
+
+        # Sandbox not yet booted — allow through (boot will happen on first
+        # shell/python call; browser tools will fail naturally if truly unavailable).
+        if caps is None:
+            return None
+
+        if "browser" not in caps:
+            msg = (
+                f"Tool '{tool.name}' requires browser capability, but the current "
+                f"sandbox profile does not include it (capabilities: {list(caps)}). "
+                "Please ask the administrator to switch to a sandbox profile with "
+                "browser support, or use shell/python tools instead."
+            )
+            logger.warning(
+                "[ToolExec] capability_rejected tool=%s caps=%s", tool.name, list(caps)
+            )
+            return mcp.types.CallToolResult(
+                content=[mcp.types.TextContent(type="text", text=msg)],
+                isError=True,
+            )
+
+        return None
+
     @classmethod
-    def _get_runtime_computer_tools(cls, runtime: str) -> dict[str, FunctionTool]:
-        if runtime == "sandbox":
-            return {
-                EXECUTE_SHELL_TOOL.name: EXECUTE_SHELL_TOOL,
-                PYTHON_TOOL.name: PYTHON_TOOL,
-                FILE_UPLOAD_TOOL.name: FILE_UPLOAD_TOOL,
-                FILE_DOWNLOAD_TOOL.name: FILE_DOWNLOAD_TOOL,
-            }
-        if runtime == "local":
-            return {
-                LOCAL_EXECUTE_SHELL_TOOL.name: LOCAL_EXECUTE_SHELL_TOOL,
-                LOCAL_PYTHON_TOOL.name: LOCAL_PYTHON_TOOL,
-            }
-        return {}
+    def _get_runtime_computer_tools(
+        cls,
+        runtime: str,
+        sandbox_cfg: dict | None = None,
+        session_id: str = "",
+    ) -> dict[str, FunctionTool]:
+        from astrbot.core.computer.computer_tool_provider import ComputerToolProvider
+        from astrbot.core.tool_provider import ToolProviderContext
+
+        provider = ComputerToolProvider()
+        ctx = ToolProviderContext(
+            computer_use_runtime=runtime,
+            sandbox_cfg=sandbox_cfg,
+            session_id=session_id,
+        )
+        tools = provider.get_tools(ctx)
+        result = {tool.name: tool for tool in tools}
+        logger.info(
+            "[Computer] sandbox_tool_binding target=subagent runtime=%s tools=%d session=%s",
+            runtime,
+            len(result),
+            session_id,
+        )
+        return result
 
     @classmethod
     def _build_handoff_toolset(
@@ -203,7 +264,12 @@ def _build_handoff_toolset(
         cfg = ctx.get_config(umo=event.unified_msg_origin)
         provider_settings = cfg.get("provider_settings", {})
         runtime = str(provider_settings.get("computer_use_runtime", "local"))
-        runtime_computer_tools = cls._get_runtime_computer_tools(runtime)
+        sandbox_cfg = provider_settings.get("sandbox", {})
+        runtime_computer_tools = cls._get_runtime_computer_tools(
+            runtime,
+            sandbox_cfg=sandbox_cfg,
+            session_id=event.unified_msg_origin,
+        )
 
         # Keep persona semantics aligned with the main agent: tools=None means
         # "all tools", including runtime computer-use tools.
@@ -346,7 +412,7 @@ async def _run_handoff_in_background() -> None:
             type="text",
             text=(
                 f"Background task dedicated to subagent '{tool.agent.name}' submitted. task_id={task_id}. "
-                f"The subagent '{tool.agent.name}' is working on the task on hehalf you. "
+                f"The subagent '{tool.agent.name}' is working on the task on behalf of you. "
                 f"You will be notified when it finishes."
             ),
         )
@@ -480,11 +546,14 @@ async def _wake_main_agent_for_background_result(
             message_type=session.message_type,
         )
         cron_event.role = event.role
+        from astrbot.core.computer.computer_tool_provider import ComputerToolProvider
+
         config = MainAgentBuildConfig(
             tool_call_timeout=3600,
             streaming_response=ctx.get_config()
             .get("provider_settings", {})
             .get("stream", False),
+            tool_providers=[ComputerToolProvider()],
         )
 
         req = ProviderRequest()
@@ -495,23 +564,13 @@ async def _wake_main_agent_for_background_result(
             req.contexts = context
             context_dump = req._print_friendly_context()
             req.contexts = []
-            req.system_prompt += (
-                "\n\nBellow is you and user previous conversation history:\n"
-                f"{context_dump}"
-            )
+            req.system_prompt += CONVERSATION_HISTORY_INJECT_PREFIX + context_dump
 
         bg = json.dumps(extras["background_task_result"], ensure_ascii=False)
         req.system_prompt += BACKGROUND_TASK_RESULT_WOKE_SYSTEM_PROMPT.format(
             background_task_result=bg
         )
-        req.prompt = (
-            "Proceed according to your system instructions. "
-            "Output using same language as previous conversation. "
-            "If you need to deliver the result to the user immediately, "
-            "you MUST use `send_message_to_user` tool to send the message directly to the user, "
-            "otherwise the user will not see the result. "
-            "After completing your task, summarize and output your actions and results. "
-        )
+        req.prompt = BACKGROUND_TASK_WOKE_USER_PROMPT
         if not req.func_tool:
             req.func_tool = ToolSet()
         req.func_tool.add_tool(SEND_MESSAGE_TO_USER_TOOL)