What happened / 发生了什么
In shipyard_neo mode, some computer-use tools are registered and exposed to the model/user, but their runtime permission checks are inconsistent.
Specifically:
- browser tools are registered when browser capability is available
- neo skill lifecycle tools are always registered in shipyard_neo
- however, runtime permission enforcement is split into two different paths
As a result, tools that appear available at registration time do not follow the same permission policy at execution time.
在 shipyard_neo 模式下,部分 computer-use 工具会被注册并暴露给模型/用户,但它们在运行时的权限检查并不一致。
具体来说:
- browser 工具会在 browser capability 可用时注册
- neo skill lifecycle 工具在 shipyard_neo 下会直接注册
- 但这些工具在真正执行时,权限判断却分裂成了两套不同逻辑
结果就是:注册阶段看起来“可用”的工具,在执行阶段却不遵循同一套权限策略。
Why this is a problem / 为什么这是问题
The current behavior makes the user experience inconsistent:
- some computer-use tools respect provider_settings.computer_use_require_admin
- some other tools ignore that shared config and still hard-require admin
So the same tool family is exposed under one registration policy but executed under two different permission policies.
当前行为会导致用户体验不一致:
- 一部分 computer-use 工具会遵循 provider_settings.computer_use_require_admin
- 另一部分工具会忽略这个统一配置,仍然硬编码要求 admin
也就是说,同一类工具在“注册是否可见”和“执行是否允许”上并没有遵循同一套权限策略。
Reproduce / 如何复现?
- Enable computer_use_runtime = sandbox
- Set provider_settings.sandbox.booter = shipyard_neo
- Set provider_settings.computer_use_require_admin = false
- Use a non-admin user
- Trigger a tool that respects the shared config, such as shell/python/fs, and observe that it works
- Trigger a browser tool or a neo skill lifecycle tool
- Observe that those tools still reject the user as admin-only
- 开启 computer_use_runtime = sandbox
- 设置 provider_settings.sandbox.booter = shipyard_neo
- 设置 provider_settings.computer_use_require_admin = false
- 使用一个非管理员用户
- 调用一个遵循统一配置的工具,例如 shell/python/fs,确认它可以工作
- 再调用 browser 工具或 neo skill lifecycle 工具
- 可以看到这些工具仍然以“仅管理员可用”为由拒绝执行
Expected / 预期行为
If tools are exposed under the same computer-use feature set, they should follow the same runtime permission policy.
When computer_use_require_admin = false, browser tools and neo skill lifecycle tools should behave consistently with shell/python/fs tools.
如果这些工具属于同一套 computer-use 功能集,那么它们应该遵循同一套运行时权限策略。
当 computer_use_require_admin = false 时,browser 工具和 neo skill lifecycle 工具应当与 shell/python/fs 工具保持一致。
Actual / 实际行为
Registration behavior and runtime permission behavior are inconsistent:
- tools are registered as available
- but execution permission is split into different implementations
注册行为和运行时权限行为不一致:
- 工具在注册阶段会被加入可用工具集合
- 但执行阶段的权限判定却来自不同实现
AstrBot version, deployment method (e.g., Windows Docker Desktop deployment), provider used, and messaging platform used. / AstrBot 版本、部署方式(如 Windows Docker Desktop 部署)、使用的提供商、使用的消息平台适配器
- AstrBot version: 4.22.0
- Deployment method: Linux Docker Compose deployment
- Provider used: openai_chat_completion (gpt-5.4)
- Messaging platform adapter: qq_official
- AstrBot 版本:4.22.0
- 部署方式:Linux Docker Compose 部署
- 使用的提供商:openai_chat_completion (gpt-5.4)
- 使用的消息平台适配器:qq_official
OS
Linux
Logs / 报错日志
Observed runtime tool errors:
error: Permission denied. Browser and skill lifecycle tools are only allowed for admin users.
error: Permission denied. Skill lifecycle tools are only allowed for admin users.
At the same time, shell/python/fs tools can still work for the same non-admin user when computer_use_require_admin = false.
观察到的运行时报错如下:
error: Permission denied. Browser and skill lifecycle tools are only allowed for admin users.
error: Permission denied. Skill lifecycle tools are only allowed for admin users.
与此同时,在同一个非管理员用户、同一个配置 computer_use_require_admin = false 下,shell/python/fs 工具仍然可以工作。
Are you willing to submit a PR? / 你愿意提交 PR 吗?
Code of Conduct
What happened / 发生了什么
In shipyard_neo mode, some computer-use tools are registered and exposed to the model/user, but their runtime permission checks are inconsistent.
Specifically:
As a result, tools that appear available at registration time do not follow the same permission policy at execution time.
在 shipyard_neo 模式下,部分 computer-use 工具会被注册并暴露给模型/用户,但它们在运行时的权限检查并不一致。
具体来说:
结果就是:注册阶段看起来“可用”的工具,在执行阶段却不遵循同一套权限策略。
Why this is a problem / 为什么这是问题
The current behavior makes the user experience inconsistent:
So the same tool family is exposed under one registration policy but executed under two different permission policies.
当前行为会导致用户体验不一致:
也就是说,同一类工具在“注册是否可见”和“执行是否允许”上并没有遵循同一套权限策略。
Reproduce / 如何复现?
Expected / 预期行为
If tools are exposed under the same computer-use feature set, they should follow the same runtime permission policy.
When computer_use_require_admin = false, browser tools and neo skill lifecycle tools should behave consistently with shell/python/fs tools.
如果这些工具属于同一套 computer-use 功能集,那么它们应该遵循同一套运行时权限策略。
当 computer_use_require_admin = false 时,browser 工具和 neo skill lifecycle 工具应当与 shell/python/fs 工具保持一致。
Actual / 实际行为
Registration behavior and runtime permission behavior are inconsistent:
注册行为和运行时权限行为不一致:
AstrBot version, deployment method (e.g., Windows Docker Desktop deployment), provider used, and messaging platform used. / AstrBot 版本、部署方式(如 Windows Docker Desktop 部署)、使用的提供商、使用的消息平台适配器
OS
Linux
Logs / 报错日志
Observed runtime tool errors:
error: Permission denied. Browser and skill lifecycle tools are only allowed for admin users.
error: Permission denied. Skill lifecycle tools are only allowed for admin users.
At the same time, shell/python/fs tools can still work for the same non-admin user when computer_use_require_admin = false.
观察到的运行时报错如下:
error: Permission denied. Browser and skill lifecycle tools are only allowed for admin users.
error: Permission denied. Skill lifecycle tools are only allowed for admin users.
与此同时,在同一个非管理员用户、同一个配置 computer_use_require_admin = false 下,shell/python/fs 工具仍然可以工作。
Are you willing to submit a PR? / 你愿意提交 PR 吗?
Code of Conduct