From 56fb0dc4e3bbe0801490503e40992cc8cbd0c770 Mon Sep 17 00:00:00 2001 From: Eric Jacksch Date: Thu, 12 Mar 2026 21:42:34 -0400 Subject: [PATCH 01/24] fix(claude_cli): surface stdout in error when CLI exits non-zero When the claude CLI exits with a non-zero status, the previous error handler only checked stderr. However, the CLI writes its output (including error details) to stdout, especially when invoked with --output-format json. This left the caller with only "exit status 1" and no actionable information. Now includes both stderr and stdout in the error message so the actual failure reason is visible in logs. Co-Authored-By: Claude Sonnet 4.6 --- pkg/providers/claude_cli_provider.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkg/providers/claude_cli_provider.go b/pkg/providers/claude_cli_provider.go index 6c4f6a767..40b581490 100644 --- a/pkg/providers/claude_cli_provider.go +++ b/pkg/providers/claude_cli_provider.go @@ -50,10 +50,18 @@ func (p *ClaudeCliProvider) Chat( cmd.Stderr = &stderr if err := cmd.Run(); err != nil { - if stderrStr := stderr.String(); stderrStr != "" { + stderrStr := strings.TrimSpace(stderr.String()) + stdoutStr := strings.TrimSpace(stdout.String()) + switch { + case stderrStr != "" && stdoutStr != "": + return nil, fmt.Errorf("claude cli error: %w\nstderr: %s\nstdout: %s", err, stderrStr, stdoutStr) + case stderrStr != "": return nil, fmt.Errorf("claude cli error: %s", stderrStr) + case stdoutStr != "": + return nil, fmt.Errorf("claude cli error: %w\noutput: %s", err, stdoutStr) + default: + return nil, fmt.Errorf("claude cli error: %w", err) } - return nil, fmt.Errorf("claude cli error: %w", err) } return p.parseClaudeCliResponse(stdout.String()) From d5c2bc538a60dbaaccc5a644757575caa644677c Mon Sep 17 00:00:00 2001 From: afjcjsbx Date: Sun, 15 Mar 2026 22:12:03 +0100 Subject: [PATCH 02/24] feat(tool): markdown format in output web_fetch tool --- README.fr.md | 3 + README.ja.md | 3 + README.md | 3 + README.pt-br.md | 3 + README.zh.md | 3 + config/config.example.json | 5 +- docs/tools_configuration.md | 9 + pkg/agent/loop.go | 6 +- pkg/config/config.go | 1 + pkg/config/defaults.go | 1 + pkg/tools/web.go | 71 +++++-- pkg/tools/web_test.go | 42 ++-- pkg/utils/markdown.go | 413 ++++++++++++++++++++++++++++++++++++ pkg/utils/markdown_test.go | 245 +++++++++++++++++++++ 14 files changed, 769 insertions(+), 39 deletions(-) create mode 100644 pkg/utils/markdown.go create mode 100644 pkg/utils/markdown_test.go diff --git a/README.fr.md b/README.fr.md index 49a02fb77..ac6bdcbd6 100644 --- a/README.fr.md +++ b/README.fr.md @@ -251,6 +251,9 @@ picoclaw onboard }, "tools": { "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", "brave": { "enabled": false, "api_key": "VOTRE_CLE_API_BRAVE", diff --git a/README.ja.md b/README.ja.md index c0d27de4f..61b35a91b 100644 --- a/README.ja.md +++ b/README.ja.md @@ -216,6 +216,9 @@ picoclaw onboard }, "tools": { "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", "search": { "api_key": "YOUR_BRAVE_API_KEY", "max_results": 5 diff --git a/README.md b/README.md index 159ac706f..39c8d14b0 100644 --- a/README.md +++ b/README.md @@ -270,6 +270,9 @@ picoclaw onboard ], "tools": { "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", "brave": { "enabled": false, "api_key": "YOUR_BRAVE_API_KEY", diff --git a/README.pt-br.md b/README.pt-br.md index 56946139b..0b0620b16 100644 --- a/README.pt-br.md +++ b/README.pt-br.md @@ -245,6 +245,9 @@ picoclaw onboard }, "tools": { "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", "brave": { "enabled": false, "api_key": "YOUR_BRAVE_API_KEY", diff --git a/README.zh.md b/README.zh.md index 9877ef9f4..4d15060a5 100644 --- a/README.zh.md +++ b/README.zh.md @@ -255,6 +255,9 @@ picoclaw onboard ], "tools": { "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", "brave": { "enabled": false, "api_key": "YOUR_BRAVE_API_KEY", diff --git a/config/config.example.json b/config/config.example.json index 1c11cd42a..f08989c4d 100644 --- a/config/config.example.json +++ b/config/config.example.json @@ -313,6 +313,8 @@ "allow_write_paths": null, "web": { "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", "brave": { "enabled": false, "api_key": "YOUR_BRAVE_API_KEY", @@ -350,8 +352,7 @@ "base_url": "https://open.bigmodel.cn/api/paas/v4/web_search", "search_engine": "search_std", "max_results": 5 - }, - "fetch_limit_bytes": 10485760 + } }, "cron": { "enabled": true, diff --git a/docs/tools_configuration.md b/docs/tools_configuration.md index 8c8eb31f0..ae3252e7c 100644 --- a/docs/tools_configuration.md +++ b/docs/tools_configuration.md @@ -30,6 +30,15 @@ PicoClaw's tools configuration is located in the `tools` field of `config.json`. Web tools are used for web search and fetching. +### Web Fetcher +General settings for fetching and processing webpage content. + +| Config | Type | Default | Description | +|---------------------|--------|---------------|-----------------------------------------------------------------------------------------------| +| `enabled` | bool | true | Enable the webpage fetching capability. | +| `fetch_limit_bytes` | int | 10485760 | Maximum size of the webpage payload to fetch, in bytes (default is 10MB). | +| `format` | string | "plaintext" | Output format of the fetched content. Options: `plaintext` or `markdown` (recommended). | + ### Brave | Config | Type | Default | Description | diff --git a/pkg/agent/loop.go b/pkg/agent/loop.go index f20a56b9c..5700a67b4 100644 --- a/pkg/agent/loop.go +++ b/pkg/agent/loop.go @@ -157,7 +157,11 @@ func registerSharedTools( } } if cfg.Tools.IsToolEnabled("web_fetch") { - fetchTool, err := tools.NewWebFetchToolWithProxy(50000, cfg.Tools.Web.Proxy, cfg.Tools.Web.FetchLimitBytes) + fetchTool, err := tools.NewWebFetchToolWithProxy( + 50000, + cfg.Tools.Web.Proxy, + cfg.Tools.Web.Format, + cfg.Tools.Web.FetchLimitBytes) if err != nil { logger.ErrorCF("agent", "Failed to create web fetch tool", map[string]any{"error": err.Error()}) } else { diff --git a/pkg/config/config.go b/pkg/config/config.go index 190341224..9f6253cdc 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -694,6 +694,7 @@ type WebToolsConfig struct { // For authenticated proxies, prefer HTTP_PROXY/HTTPS_PROXY env vars instead of embedding credentials in config. Proxy string `json:"proxy,omitempty" env:"PICOCLAW_TOOLS_WEB_PROXY"` FetchLimitBytes int64 `json:"fetch_limit_bytes,omitempty" env:"PICOCLAW_TOOLS_WEB_FETCH_LIMIT_BYTES"` + Format string `json:"format,omitempty" env:"PICOCLAW_TOOLS_WEB_FORMAT"` } type CronToolsConfig struct { diff --git a/pkg/config/defaults.go b/pkg/config/defaults.go index dc534d852..d0e528e12 100644 --- a/pkg/config/defaults.go +++ b/pkg/config/defaults.go @@ -412,6 +412,7 @@ func DefaultConfig() *Config { }, Proxy: "", FetchLimitBytes: 10 * 1024 * 1024, // 10MB by default + Format: "plaintext", Brave: BraveConfig{ Enabled: false, APIKey: "", diff --git a/pkg/tools/web.go b/pkg/tools/web.go index e5036d3a8..64df27780 100644 --- a/pkg/tools/web.go +++ b/pkg/tools/web.go @@ -7,6 +7,7 @@ import ( "errors" "fmt" "io" + "mime" "net" "net/http" "net/url" @@ -28,6 +29,7 @@ const ( defaultMaxChars = 50000 maxRedirects = 5 + format = "plaintext" ) // Pre-compiled regexes for HTML text extraction @@ -776,19 +778,20 @@ type WebFetchTool struct { maxChars int proxy string client *http.Client + format string fetchLimitBytes int64 } -func NewWebFetchTool(maxChars int, fetchLimitBytes int64) (*WebFetchTool, error) { +func NewWebFetchTool(maxChars int, format string, fetchLimitBytes int64) (*WebFetchTool, error) { // createHTTPClient cannot fail with an empty proxy string. - return NewWebFetchToolWithProxy(maxChars, "", fetchLimitBytes) + return NewWebFetchToolWithProxy(maxChars, "", format, fetchLimitBytes) } // allowPrivateWebFetchHosts controls whether loopback/private hosts are allowed. // This is false in normal runtime to reduce SSRF exposure, and tests can override it temporarily. var allowPrivateWebFetchHosts atomic.Bool -func NewWebFetchToolWithProxy(maxChars int, proxy string, fetchLimitBytes int64) (*WebFetchTool, error) { +func NewWebFetchToolWithProxy(maxChars int, proxy string, format string, fetchLimitBytes int64) (*WebFetchTool, error) { if maxChars <= 0 { maxChars = defaultMaxChars } @@ -819,6 +822,7 @@ func NewWebFetchToolWithProxy(maxChars int, proxy string, fetchLimitBytes int64) maxChars: maxChars, proxy: proxy, client: client, + format: format, fetchLimitBytes: fetchLimitBytes, }, nil } @@ -906,26 +910,50 @@ func (t *WebFetchTool) Execute(ctx context.Context, args map[string]any) *ToolRe return ErrorResult(fmt.Sprintf("failed to read response: %v", err)) } + bodyStr := string(body) contentType := resp.Header.Get("Content-Type") + mediaType, _, _ := mime.ParseMediaType(contentType) + var text, extractor string - if strings.Contains(contentType, "application/json") { + switch { + case mediaType == "application/json": var jsonData any - if err := json.Unmarshal(body, &jsonData); err == nil { - formatted, _ := json.MarshalIndent(jsonData, "", " ") - text = string(formatted) - extractor = "json" - } else { - text = string(body) + if err := json.Unmarshal(body, &jsonData); err != nil { + text = bodyStr extractor = "raw" + break } - } else if strings.Contains(contentType, "text/html") || len(body) > 0 && - (strings.HasPrefix(string(body), "]*>\)\]\(<[^>]*>\)`) + reEmptyHeader = regexp.MustCompile(`(?m)^#{1,6}\s*$`) + reLeadingLineSpace = regexp.MustCompile(`(?m)^([ \t])([^ \t\n])`) +) + +var skipTags = map[string]bool{ + "script": true, "style": true, "head": true, + "noscript": true, "template": true, + "nav": true, "footer": true, "aside": true, "header": true, "form": true, "dialog": true, +} + +func isSafeHref(href string) bool { + lower := strings.ToLower(strings.TrimSpace(href)) + if strings.HasPrefix(lower, "javascript:") || strings.HasPrefix(lower, "vbscript:") || + strings.HasPrefix(lower, "data:") { + return false + } + u, err := url.Parse(strings.TrimSpace(href)) + if err != nil { + return false + } + scheme := strings.ToLower(u.Scheme) + return scheme == "" || scheme == "http" || scheme == "https" || scheme == "mailto" +} + +func isSafeImageSrc(src string) bool { + lower := strings.ToLower(strings.TrimSpace(src)) + if strings.HasPrefix(lower, "data:image/") { + return true + } + return isSafeHref(src) +} + +func escapeMdAlt(s string) string { + s = strings.ReplaceAll(s, `\`, `\\`) + s = strings.ReplaceAll(s, `[`, `\[`) + s = strings.ReplaceAll(s, `]`, `\]`) + return s +} + +func getAttr(n *html.Node, key string) string { + for _, a := range n.Attr { + if a.Key == key { + return a.Val + } + } + return "" +} + +func normalizeAttr(val string) string { + val = strings.ReplaceAll(val, "\n", "") + val = strings.ReplaceAll(val, "\r", "") + val = strings.ReplaceAll(val, "\t", "") + return strings.TrimSpace(val) +} + +func isUnlikelyNode(n *html.Node) bool { + if n.Type != html.ElementNode { + return false + } + classId := strings.ToLower(getAttr(n, "class") + " " + getAttr(n, "id")) + if classId == " " { + return false + } + if strings.Contains(classId, "article") || strings.Contains(classId, "main") || + strings.Contains(classId, "content") { + return false + } + unlikelyKeywords := []string{ + "menu", + "nav", + "footer", + "sidebar", + "cookie", + "banner", + "sponsor", + "advert", + "popup", + "modal", + "newsletter", + "share", + "social", + } + for _, keyword := range unlikelyKeywords { + if strings.Contains(classId, keyword) { + return true + } + } + return false +} + +type converter struct { + stack []*bytes.Buffer + linkHrefs []string + linkStates []bool + emphStack []string // Tracks "**", "*", "~~" for buffered emphasis + olCounters []int + inPre bool + listDepth int +} + +func newConverter() *converter { + return &converter{ + stack: []*bytes.Buffer{{}}, + } +} + +func (c *converter) write(s string) { + c.stack[len(c.stack)-1].WriteString(s) +} + +func (c *converter) pushBuf() { + c.stack = append(c.stack, &bytes.Buffer{}) +} + +func (c *converter) popBuf() string { + top := c.stack[len(c.stack)-1] + c.stack = c.stack[:len(c.stack)-1] + return top.String() +} + +func (c *converter) walk(n *html.Node) { + if n.Type == html.ElementNode { + if skipTags[n.Data] { + return + } + if isUnlikelyNode(n) { + return + } + } + + if n.Type == html.TextNode { + text := n.Data + if !c.inPre { + text = strings.ReplaceAll(text, "\n", " ") + text = reSpaces.ReplaceAllString(text, " ") + } + if text != "" { + c.write(text) + } + return + } + + if n.Type != html.ElementNode { + for ch := n.FirstChild; ch != nil; ch = ch.NextSibling { + c.walk(ch) + } + return + } + + // Opening Tags + switch n.Data { + + // Buffer emphasis content so we can TrimSpace the inner text, + // avoiding the regex-across-boundaries bug. + case "b", "strong": + c.emphStack = append(c.emphStack, "**") + c.pushBuf() + case "i", "em": + c.emphStack = append(c.emphStack, "*") + c.pushBuf() + case "del", "s": + c.emphStack = append(c.emphStack, "~~") + c.pushBuf() + + case "a": + href := normalizeAttr(getAttr(n, "href")) + if href != "" && !isSafeHref(href) { + href = "#" + } + hasHref := href != "" + c.linkStates = append(c.linkStates, hasHref) + if hasHref { + c.linkHrefs = append(c.linkHrefs, href) + c.pushBuf() + } + + case "h1": + c.write("\n\n# ") + case "h2": + c.write("\n\n## ") + case "h3": + c.write("\n\n### ") + case "h4": + c.write("\n\n#### ") + case "h5": + c.write("\n\n##### ") + case "h6": + c.write("\n\n###### ") + + case "p": + c.write("\n\n") + case "br": + c.write("\n") + case "hr": + c.write("\n\n---\n\n") + + case "ol": + c.olCounters = append(c.olCounters, 1) + // Only write leading newline for top-level list. + if c.listDepth == 0 { + c.write("\n") + } + c.listDepth++ + case "ul": + if c.listDepth == 0 { + c.write("\n") + } + c.listDepth++ + case "li": + c.write("\n") + if c.listDepth > 1 { + c.write(strings.Repeat(" ", c.listDepth-1)) + } + if n.Parent != nil && n.Parent.Data == "ol" && len(c.olCounters) > 0 { + idx := c.olCounters[len(c.olCounters)-1] + c.write(strconv.Itoa(idx) + ". ") + c.olCounters[len(c.olCounters)-1]++ + } else { + c.write("- ") + } + + case "pre": + c.inPre = true + c.write("\n\n```\n") + case "code": + if !c.inPre { + c.write("`") + } + + case "blockquote": + c.pushBuf() + for ch := n.FirstChild; ch != nil; ch = ch.NextSibling { + c.walk(ch) + } + inner := strings.TrimSpace(c.popBuf()) + lines := strings.Split(inner, "\n") + var quoted []string + for _, l := range lines { + if strings.TrimSpace(l) == "" { + quoted = append(quoted, ">") + } else { + quoted = append(quoted, "> "+l) + } + } + var deduped []string + for i, line := range quoted { + if line == ">" && i > 0 && deduped[len(deduped)-1] == ">" { + continue + } + deduped = append(deduped, line) + } + c.write("\n\n" + strings.Join(deduped, "\n") + "\n\n") + return + + case "img": + src := normalizeAttr(getAttr(n, "src")) + if src == "" { + src = normalizeAttr(getAttr(n, "data-src")) + } + if src == "" { + return + } + alt := escapeMdAlt(normalizeAttr(getAttr(n, "alt"))) + if isSafeImageSrc(src) { + c.write("![" + alt + "](" + src + ")") + } + return + } + + // Traverse Children + for ch := n.FirstChild; ch != nil; ch = ch.NextSibling { + c.walk(ch) + } + + // Closing Tags + switch n.Data { + + // Pop buffer, trim, wrap with the correct marker. + case "b", "strong", "i", "em", "del", "s": + if len(c.emphStack) == 0 { + break + } + marker := c.emphStack[len(c.emphStack)-1] + c.emphStack = c.emphStack[:len(c.emphStack)-1] + inner := strings.TrimSpace(c.popBuf()) + if inner != "" { + c.write(marker + inner + marker) + } + + case "a": + if len(c.linkStates) == 0 { + break + } + hasHref := c.linkStates[len(c.linkStates)-1] + c.linkStates = c.linkStates[:len(c.linkStates)-1] + if !hasHref { + break + } + href := c.linkHrefs[len(c.linkHrefs)-1] + c.linkHrefs = c.linkHrefs[:len(c.linkHrefs)-1] + inner := strings.TrimSpace(c.popBuf()) + if strings.Contains(inner, "\n") { + lines := strings.Split(inner, "\n") + linked := false + for i, l := range lines { + cleanLine := strings.TrimSpace(l) + if cleanLine != "" && !strings.HasPrefix(cleanLine, "![") && !linked { + lines[i] = "[" + cleanLine + "](" + href + ")" + linked = true + } + } + c.write(strings.Join(lines, "\n")) + } else { + c.write("[" + inner + "](" + href + ")") + } + + case "h1", + "h2", + "h3", + "h4", + "h5", + "h6", + "p", + "div", + "section", + "article", + "header", + "footer", + "aside", + "nav", + "figure": + c.write("\n") + + case "ol": + c.listDepth-- + if len(c.olCounters) > 0 { + c.olCounters = c.olCounters[:len(c.olCounters)-1] + } + if c.listDepth == 0 { + c.write("\n") + } + case "ul": + c.listDepth-- + if c.listDepth == 0 { + c.write("\n") + } + + case "pre": + c.inPre = false + c.write("\n```\n\n") + case "code": + if !c.inPre { + c.write("`") + } + } +} + +func HtmlToMarkdown(htmlStr string) (string, error) { + doc, err := html.Parse(strings.NewReader(htmlStr)) + if err != nil { + return "", err + } + + c := newConverter() + c.walk(doc) + + res := c.stack[0].String() + + // Post-processing + res = reImageOnlyLink.ReplaceAllString(res, "") + res = reEmptyListItem.ReplaceAllString(res, "") + res = reEmptyHeader.ReplaceAllString(res, "") + + lines := strings.Split(res, "\n") + var cleanLines []string + for _, line := range lines { + line = strings.TrimRight(line, " \t") + cleanTest := strings.TrimSpace(line) + if cleanTest == "[]()" || cleanTest == "[](#)" || cleanTest == "-" { + cleanLines = append(cleanLines, "") + continue + } + cleanLines = append(cleanLines, line) + } + res = strings.Join(cleanLines, "\n") + + res = strings.TrimSpace(res) + res = reNewlines.ReplaceAllString(res, "\n\n") + + // Strip a single leading space from lines that are NOT list indentation. + // "(?m)^([ \t])([^ \t\n])" matches exactly one space/tab at line start followed + // by a non-whitespace char, so " - nested" (4 spaces) is left untouched. + res = reLeadingLineSpace.ReplaceAllString(res, "$2") + + return res, nil +} diff --git a/pkg/utils/markdown_test.go b/pkg/utils/markdown_test.go new file mode 100644 index 000000000..72277fb91 --- /dev/null +++ b/pkg/utils/markdown_test.go @@ -0,0 +1,245 @@ +package utils + +import ( + "testing" + + "github.com/sipeed/picoclaw/pkg/logger" +) + +func TestHtmlToMarkdown(t *testing.T) { + // Define our test cases + tests := []struct { + name string + input string + expected string + }{ + { + name: "Removes scripts and styles", + input: `

Clean text

`, + expected: "Clean text", + }, + { + name: "Extracts links correctly", + input: `Visit my website for info.`, + expected: "Visit my [website](https://example.com) for info.", + }, + { + name: "Converts headers (H1, H2, H3)", + input: `

Main Title

Subtitle

Section

`, + expected: "# Main Title\n\n## Subtitle\n\n### Section", + }, + { + name: "Handles bold and italics", + input: `Text bold and strong, then italic and em.`, + expected: "Text **bold** and **strong**, then *italic* and *em*.", + }, + { + name: "Converts lists", + input: `
  • First element
  • Second element
`, + expected: "- First element\n- Second element", + }, + { + name: "Handles paragraphs and line breaks (
)", + input: `

First paragraph

Second paragraph with
a line break.

`, + expected: "First paragraph\n\nSecond paragraph with\na line break.", + }, + { + name: "Decodes HTML entities", + input: `Math: 5 > 3 & 2 < 4. A "quote".`, + expected: "Math: 5 > 3 & 2 < 4. A \"quote\".", + }, + { + name: "Cleans up residual HTML tags", + input: `
Text inside div and span
`, + expected: "Text inside div and span", + }, + { + name: "Removes multiple spaces and excessive empty lines", + input: `This text has too many spaces.



And too many newlines.`, + expected: "This text has too many spaces.\n\nAnd too many newlines.", + }, + { + name: "Nested lists with indentation", + input: "
  • One
    • Two
", + // Expect the sub-element to have 4 spaces of indentation + expected: "- One\n - Two", + }, + { + name: "Image support", + input: `alternative text`, + // Correct Markdown syntax for images + expected: "![alternative text](image.jpg)", + }, + { + name: "Image support without alt-text", + input: ``, + // If alt is missing, square brackets remain empty + expected: "![](image.jpg)", + }, + { + name: "XSS Bypass on Links (Obfuscated HTML entities)", + // The Go HTML parser resolves entities, so this becomes "javascript:alert(1)" + input: `Click here`, + // Our isSafeHref (if updated with net/url) should neutralize it to "#" + expected: "[Click here](#)", + }, + { + name: "Empty link or used as anchor", + input: ``, + // With no text or href, it shouldn't print anything (not even empty brackets) + expected: "", + }, + { + name: "Link without href but with text (Textual anchor)", + input: `Back to top`, + // Should extract only plain text, without generating a broken Markdown link like [Back to top](#) or [Back to top]() + expected: "Back to top", + }, + { + name: "Badly spaced bold and italics (Edge Case)", + input: ` Text `, + // In Markdown `** Text **` is often not formatted correctly. The ideal is `**Text**` + expected: "**Text**", + }, + { + name: "Complex Test - Real Article", + input: ` +

Article Title

+

This is an introductory text with a link.

+

Subtitle

+
    +
  • Point one
    • +
  • Point two
    • +
+ + `, + // Note: The indentation of the real HTML test will generate spaces that + // regex will clean up. + expected: "# Article Title\n\nThis is an **introductory text** with a [link](http://link.com).\n\n## Subtitle\n\n- Point one\n- Point two", + }, + { + name: "Ordered list (OL)", + input: `
  1. First
  2. Second
  3. Third
`, + expected: "1. First\n2. Second\n3. Third", + }, + { + name: "Ordered list nested in unordered list", + input: `
  • Fruits
    1. Apples
    2. Pears
  • Vegetables
`, + expected: "- Fruits\n 1. Apples\n 2. Pears\n- Vegetables", + }, + { + name: "Code block (pre/code)", + input: "
func main() {\n    fmt.Println(\"hello\")\n}
", + expected: "```\nfunc main() {\n fmt.Println(\"hello\")\n}\n```", + }, + { + name: "Inline code", + input: `

Use the command go test ./... to run the tests.

`, + expected: "Use the command `go test ./...` to run the tests.", + }, + { + name: "Simple blockquote", + input: `

An important quote.

`, + expected: "> An important quote.", + }, + { + name: "Multiline blockquote", + input: `

First line of the quote.

Second line of the quote.

`, + expected: "> First line of the quote.\n>\n> Second line of the quote.", + }, + { + name: "Strikethrough text (del/s)", + input: `This text is deleted and this is crossed out.`, + expected: "This text is ~~deleted~~ and this is ~~crossed out~~.", + }, + { + name: "Horizontal separator (HR)", + input: `

Above the line

Below the line

`, + expected: "Above the line\n\n---\n\nBelow the line", + }, + { + name: "Bold nested in link", + input: `Linked bold text`, + expected: "[**Linked bold text**](https://example.com)", + }, + { + name: "data-src Image (lazy loading)", + input: `Lazy image`, + expected: "![Lazy image](lazy.jpg)", + }, + { + name: "Image with javascript: src blocked", + input: `XSS`, + // src is not safe, so the image is not emitted + expected: "", + }, + { + name: "Link with data: href blocked", + input: `Click`, + expected: "[Click](#)", + }, + { + name: "Deeply nested divs", + input: `

Deeply nested text

`, + expected: "Deeply nested text", + }, + { + name: "Non-consecutive headers (H1, H3, H5)", + input: `

Title

Subsection

Sub-subsection
`, + expected: "# Title\n\n### Subsection\n\n##### Sub-subsection", + }, + { + name: "Paragraph with mixed multiple emphasis", + input: `

Important: read the critical instructions carefully.

`, + expected: "**Important:** read the ***critical instructions*** *carefully*.", + }, + { + name: "Article with nav and aside sections (noise to filter)", + input: ` + +
+

Article title

+

This is the body of the article.

+
+ + `, + expected: "## Article title\n\nThis is the body of the article.", + }, + { + name: "Text with mixed special HTML entities", + input: `Copyright © 2024 — All rights reserved ®`, + expected: "Copyright © 2024 — All rights reserved ®", + }, + { + name: "Mailto link", + input: `Write to us at info@example.com`, + expected: "Write to us at [info@example.com](mailto:info@example.com)", + }, + { + name: "Image inside a link (clickable figure)", + input: `Photo`, + // The image-link without text must not generate broken markup + expected: "[![Photo](photo.jpg)](https://example.com)", + }, + { + name: "Empty content or only whitespace", + input: `

`, + expected: "", + }, + } + + // Iterate over all test cases + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := HtmlToMarkdown(tt.input) + if err != nil { + logger.ErrorCF("tool", "Failed to parse html to markdown: %s", map[string]any{"error": err.Error()}) + } + + if got != tt.expected { + t.Errorf("\nTest case failed: %s\nInput: %q\nGot: %q\nExpected: %q", + tt.name, tt.input, got, tt.expected) + } + }) + } +} From de68688c75dfb5d1cf50ad011bfbc1554b8b9d34 Mon Sep 17 00:00:00 2001 From: afjcjsbx Date: Sun, 15 Mar 2026 22:30:02 +0100 Subject: [PATCH 03/24] fix lint --- pkg/tools/web.go | 1 - pkg/utils/markdown.go | 2 -- 2 files changed, 3 deletions(-) diff --git a/pkg/tools/web.go b/pkg/tools/web.go index 64df27780..176b1628d 100644 --- a/pkg/tools/web.go +++ b/pkg/tools/web.go @@ -938,7 +938,6 @@ func (t *WebFetchTool) Execute(ctx context.Context, args map[string]any) *ToolRe case mediaType == "text/html" || looksLikeHTML(bodyStr): switch strings.ToLower(t.format) { - case "markdown": var err error text, err = utils.HtmlToMarkdown(bodyStr) diff --git a/pkg/utils/markdown.go b/pkg/utils/markdown.go index db66b04ad..c7873252a 100644 --- a/pkg/utils/markdown.go +++ b/pkg/utils/markdown.go @@ -166,7 +166,6 @@ func (c *converter) walk(n *html.Node) { // Opening Tags switch n.Data { - // Buffer emphasis content so we can TrimSpace the inner text, // avoiding the regex-across-boundaries bug. case "b", "strong": @@ -291,7 +290,6 @@ func (c *converter) walk(n *html.Node) { // Closing Tags switch n.Data { - // Pop buffer, trim, wrap with the correct marker. case "b", "strong", "i", "em", "del", "s": if len(c.emphStack) == 0 { From 0459deca03a31ed08f778bffa78a17c5ae3a0491 Mon Sep 17 00:00:00 2001 From: Argobell Date: Mon, 16 Mar 2026 16:45:39 +0800 Subject: [PATCH 04/24] Initial plan From 1ace296b9128e6e8bc383d1db4670d95611b2189 Mon Sep 17 00:00:00 2001 From: Argobell Date: Mon, 16 Mar 2026 16:46:13 +0800 Subject: [PATCH 05/24] fix: use fileEvent instead of event when appending fields for file logger Co-authored-by: argobell <183611258+argobell@users.noreply.github.com> --- go.mod | 4 ++-- pkg/logger/logger.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 130db73ff..52130c71b 100644 --- a/go.mod +++ b/go.mod @@ -28,6 +28,7 @@ require ( github.com/tencent-connect/botgo v0.2.1 go.mau.fi/whatsmeow v0.0.0-20260219150138-7ae702b1eed4 golang.org/x/oauth2 v0.36.0 + golang.org/x/term v0.40.0 golang.org/x/time v0.14.0 google.golang.org/protobuf v1.36.11 gopkg.in/yaml.v3 v3.0.1 @@ -59,7 +60,6 @@ require ( go.mau.fi/libsignal v0.2.1 // indirect go.mau.fi/util v0.9.6 // indirect golang.org/x/exp v0.0.0-20260212183809-81e46e3db34a // indirect - golang.org/x/term v0.40.0 // indirect golang.org/x/text v0.34.0 // indirect modernc.org/libc v1.67.6 // indirect modernc.org/mathutil v1.7.1 // indirect @@ -90,7 +90,7 @@ require ( github.com/valyala/fastjson v1.6.10 // indirect github.com/yosida95/uritemplate/v3 v3.0.2 // indirect golang.org/x/arch v0.24.0 // indirect - golang.org/x/crypto v0.48.0 // indirect + golang.org/x/crypto v0.48.0 golang.org/x/net v0.51.0 // indirect golang.org/x/sync v0.19.0 // indirect golang.org/x/sys v0.41.0 // indirect diff --git a/pkg/logger/logger.go b/pkg/logger/logger.go index 4204cc192..95af83ef1 100644 --- a/pkg/logger/logger.go +++ b/pkg/logger/logger.go @@ -209,7 +209,7 @@ func logMessage(level LogLevel, component string, message string, fields map[str fileEvent.Str("component", component) } - appendFields(event, fields) + appendFields(fileEvent, fields) fileEvent.Msg(message) } From fcf406bf2e1a5039c0ce7b69af395aa0c8627733 Mon Sep 17 00:00:00 2001 From: Alix-007 <267018309+Alix-007@users.noreply.github.com> Date: Tue, 17 Mar 2026 21:59:04 +0800 Subject: [PATCH 06/24] fix(config): start model round robin from the first match --- pkg/config/config.go | 2 +- pkg/config/model_config_test.go | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index 6694ef3a1..ca0b6cbe7 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -1029,7 +1029,7 @@ func (c *Config) GetModelConfig(modelName string) (*ModelConfig, error) { } // Multiple configs - use round-robin for load balancing - idx := rrCounter.Add(1) % uint64(len(matches)) + idx := (rrCounter.Add(1) - 1) % uint64(len(matches)) return &matches[idx], nil } diff --git a/pkg/config/model_config_test.go b/pkg/config/model_config_test.go index da6e506f8..9bc600ed9 100644 --- a/pkg/config/model_config_test.go +++ b/pkg/config/model_config_test.go @@ -80,6 +80,36 @@ func TestGetModelConfig_RoundRobin(t *testing.T) { } } +func TestGetModelConfig_RoundRobinStartsFromFirstMatch(t *testing.T) { + rrCounter.Store(0) + + cfg := &Config{ + ModelList: []ModelConfig{ + {ModelName: "lb-model", Model: "openai/gpt-4o-1", APIKey: "key1"}, + {ModelName: "lb-model", Model: "openai/gpt-4o-2", APIKey: "key2"}, + {ModelName: "lb-model", Model: "openai/gpt-4o-3", APIKey: "key3"}, + }, + } + + wantOrder := []string{ + "openai/gpt-4o-1", + "openai/gpt-4o-2", + "openai/gpt-4o-3", + "openai/gpt-4o-1", + "openai/gpt-4o-2", + } + + for i, want := range wantOrder { + result, err := cfg.GetModelConfig("lb-model") + if err != nil { + t.Fatalf("GetModelConfig() call %d error = %v", i, err) + } + if result.Model != want { + t.Fatalf("GetModelConfig() call %d model = %q, want %q", i, result.Model, want) + } + } +} + func TestGetModelConfig_Concurrent(t *testing.T) { cfg := &Config{ ModelList: []ModelConfig{ From b4468313e4510c4b68abb61e75be74d284e730ab Mon Sep 17 00:00:00 2001 From: Alix-007 Date: Tue, 17 Mar 2026 23:22:05 +0800 Subject: [PATCH 07/24] feat(web): whitelist private fetch targets (#1688) * feat(web): whitelist private fetch targets * test(web): avoid accept error shadowing --------- Co-authored-by: Alix-007 <267018309+Alix-007@users.noreply.github.com> --- config/config.example.json | 3 +- pkg/agent/loop.go | 7 +- pkg/config/config.go | 5 +- pkg/tools/web.go | 105 +++++++++++++++++++++++--- pkg/tools/web_test.go | 147 +++++++++++++++++++++++++++++++++++++ 5 files changed, 253 insertions(+), 14 deletions(-) diff --git a/config/config.example.json b/config/config.example.json index 14e209259..f05a09ef9 100644 --- a/config/config.example.json +++ b/config/config.example.json @@ -351,7 +351,8 @@ "search_engine": "search_std", "max_results": 5 }, - "fetch_limit_bytes": 10485760 + "fetch_limit_bytes": 10485760, + "private_host_whitelist": [] }, "cron": { "enabled": true, diff --git a/pkg/agent/loop.go b/pkg/agent/loop.go index 8328c691e..c25650201 100644 --- a/pkg/agent/loop.go +++ b/pkg/agent/loop.go @@ -159,7 +159,12 @@ func registerSharedTools( } } if cfg.Tools.IsToolEnabled("web_fetch") { - fetchTool, err := tools.NewWebFetchToolWithProxy(50000, cfg.Tools.Web.Proxy, cfg.Tools.Web.FetchLimitBytes) + fetchTool, err := tools.NewWebFetchToolWithConfig( + 50000, + cfg.Tools.Web.Proxy, + cfg.Tools.Web.FetchLimitBytes, + cfg.Tools.Web.PrivateHostWhitelist, + ) if err != nil { logger.ErrorCF("agent", "Failed to create web fetch tool", map[string]any{"error": err.Error()}) } else { diff --git a/pkg/config/config.go b/pkg/config/config.go index 6694ef3a1..005e44a30 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -695,8 +695,9 @@ type WebToolsConfig struct { GLMSearch GLMSearchConfig ` json:"glm_search"` // Proxy is an optional proxy URL for web tools (http/https/socks5/socks5h). // For authenticated proxies, prefer HTTP_PROXY/HTTPS_PROXY env vars instead of embedding credentials in config. - Proxy string `json:"proxy,omitempty" env:"PICOCLAW_TOOLS_WEB_PROXY"` - FetchLimitBytes int64 `json:"fetch_limit_bytes,omitempty" env:"PICOCLAW_TOOLS_WEB_FETCH_LIMIT_BYTES"` + Proxy string `json:"proxy,omitempty" env:"PICOCLAW_TOOLS_WEB_PROXY"` + FetchLimitBytes int64 `json:"fetch_limit_bytes,omitempty" env:"PICOCLAW_TOOLS_WEB_FETCH_LIMIT_BYTES"` + PrivateHostWhitelist FlexibleStringSlice `json:"private_host_whitelist,omitempty" env:"PICOCLAW_TOOLS_WEB_PRIVATE_HOST_WHITELIST"` } type CronToolsConfig struct { diff --git a/pkg/tools/web.go b/pkg/tools/web.go index e5036d3a8..9ed2140cc 100644 --- a/pkg/tools/web.go +++ b/pkg/tools/web.go @@ -777,11 +777,17 @@ type WebFetchTool struct { proxy string client *http.Client fetchLimitBytes int64 + whitelist *privateHostWhitelist +} + +type privateHostWhitelist struct { + exact map[string]struct{} + cidrs []*net.IPNet } func NewWebFetchTool(maxChars int, fetchLimitBytes int64) (*WebFetchTool, error) { // createHTTPClient cannot fail with an empty proxy string. - return NewWebFetchToolWithProxy(maxChars, "", fetchLimitBytes) + return NewWebFetchToolWithConfig(maxChars, "", fetchLimitBytes, nil) } // allowPrivateWebFetchHosts controls whether loopback/private hosts are allowed. @@ -789,9 +795,22 @@ func NewWebFetchTool(maxChars int, fetchLimitBytes int64) (*WebFetchTool, error) var allowPrivateWebFetchHosts atomic.Bool func NewWebFetchToolWithProxy(maxChars int, proxy string, fetchLimitBytes int64) (*WebFetchTool, error) { + return NewWebFetchToolWithConfig(maxChars, proxy, fetchLimitBytes, nil) +} + +func NewWebFetchToolWithConfig( + maxChars int, + proxy string, + fetchLimitBytes int64, + privateHostWhitelist []string, +) (*WebFetchTool, error) { if maxChars <= 0 { maxChars = defaultMaxChars } + whitelist, err := newPrivateHostWhitelist(privateHostWhitelist) + if err != nil { + return nil, fmt.Errorf("failed to parse web fetch private host whitelist: %w", err) + } client, err := utils.CreateHTTPClient(proxy, fetchTimeout) if err != nil { return nil, fmt.Errorf("failed to create HTTP client for web fetch: %w", err) @@ -801,13 +820,13 @@ func NewWebFetchToolWithProxy(maxChars int, proxy string, fetchLimitBytes int64) Timeout: 15 * time.Second, KeepAlive: 30 * time.Second, } - transport.DialContext = newSafeDialContext(dialer) + transport.DialContext = newSafeDialContext(dialer, whitelist) } client.CheckRedirect = func(req *http.Request, via []*http.Request) error { if len(via) >= maxRedirects { return fmt.Errorf("stopped after %d redirects", maxRedirects) } - if isObviousPrivateHost(req.URL.Hostname()) { + if isObviousPrivateHost(req.URL.Hostname(), whitelist) { return fmt.Errorf("redirect target is private or local network host") } return nil @@ -820,6 +839,7 @@ func NewWebFetchToolWithProxy(maxChars int, proxy string, fetchLimitBytes int64) proxy: proxy, client: client, fetchLimitBytes: fetchLimitBytes, + whitelist: whitelist, }, nil } @@ -871,7 +891,7 @@ func (t *WebFetchTool) Execute(ctx context.Context, args map[string]any) *ToolRe // Lightweight pre-flight: block obvious localhost/literal-IP without DNS resolution. // The real SSRF guard is newSafeDialContext at connect time. hostname := parsedURL.Hostname() - if isObviousPrivateHost(hostname) { + if isObviousPrivateHost(hostname, t.whitelist) { return ErrorResult("fetching private or local network hosts is not allowed") } @@ -981,7 +1001,10 @@ func (t *WebFetchTool) extractText(htmlContent string) string { // newSafeDialContext re-resolves DNS at connect time to mitigate DNS rebinding (TOCTOU) // where a hostname resolves to a public IP during pre-flight but a private IP at connect time. -func newSafeDialContext(dialer *net.Dialer) func(context.Context, string, string) (net.Conn, error) { +func newSafeDialContext( + dialer *net.Dialer, + whitelist *privateHostWhitelist, +) func(context.Context, string, string) (net.Conn, error) { return func(ctx context.Context, network, address string) (net.Conn, error) { if allowPrivateWebFetchHosts.Load() { return dialer.DialContext(ctx, network, address) @@ -996,7 +1019,7 @@ func newSafeDialContext(dialer *net.Dialer) func(context.Context, string, string } if ip := net.ParseIP(host); ip != nil { - if isPrivateOrRestrictedIP(ip) { + if shouldBlockPrivateIP(ip, whitelist) { return nil, fmt.Errorf("blocked private or local target: %s", host) } return dialer.DialContext(ctx, network, net.JoinHostPort(ip.String(), port)) @@ -1010,7 +1033,7 @@ func newSafeDialContext(dialer *net.Dialer) func(context.Context, string, string attempted := 0 var lastErr error for _, ipAddr := range ipAddrs { - if isPrivateOrRestrictedIP(ipAddr.IP) { + if shouldBlockPrivateIP(ipAddr.IP, whitelist) { continue } attempted++ @@ -1022,7 +1045,7 @@ func newSafeDialContext(dialer *net.Dialer) func(context.Context, string, string } if attempted == 0 { - return nil, fmt.Errorf("all resolved addresses for %s are private or restricted", host) + return nil, fmt.Errorf("all resolved addresses for %s are private, restricted, or not whitelisted", host) } if lastErr != nil { return nil, fmt.Errorf("failed connecting to public addresses for %s: %w", host, lastErr) @@ -1031,10 +1054,72 @@ func newSafeDialContext(dialer *net.Dialer) func(context.Context, string, string } } +func newPrivateHostWhitelist(entries []string) (*privateHostWhitelist, error) { + if len(entries) == 0 { + return nil, nil + } + + whitelist := &privateHostWhitelist{ + exact: make(map[string]struct{}), + cidrs: make([]*net.IPNet, 0, len(entries)), + } + for _, entry := range entries { + entry = strings.TrimSpace(entry) + if entry == "" { + continue + } + if ip := net.ParseIP(entry); ip != nil { + whitelist.exact[normalizeWhitelistIP(ip).String()] = struct{}{} + continue + } + _, network, err := net.ParseCIDR(entry) + if err != nil { + return nil, fmt.Errorf("invalid entry %q: expected IP or CIDR", entry) + } + whitelist.cidrs = append(whitelist.cidrs, network) + } + + if len(whitelist.exact) == 0 && len(whitelist.cidrs) == 0 { + return nil, nil + } + return whitelist, nil +} + +func (w *privateHostWhitelist) Contains(ip net.IP) bool { + if w == nil || ip == nil { + return false + } + + normalized := normalizeWhitelistIP(ip) + if _, ok := w.exact[normalized.String()]; ok { + return true + } + for _, network := range w.cidrs { + if network.Contains(normalized) { + return true + } + } + return false +} + +func normalizeWhitelistIP(ip net.IP) net.IP { + if ip == nil { + return nil + } + if ip4 := ip.To4(); ip4 != nil { + return ip4 + } + return ip +} + +func shouldBlockPrivateIP(ip net.IP, whitelist *privateHostWhitelist) bool { + return isPrivateOrRestrictedIP(ip) && !whitelist.Contains(ip) +} + // isObviousPrivateHost performs a lightweight, no-DNS check for obviously private hosts. // It catches localhost, literal private IPs, and empty hosts. It does NOT resolve DNS — // the real SSRF guard is newSafeDialContext which checks IPs at connect time. -func isObviousPrivateHost(host string) bool { +func isObviousPrivateHost(host string, whitelist *privateHostWhitelist) bool { if allowPrivateWebFetchHosts.Load() { return false } @@ -1050,7 +1135,7 @@ func isObviousPrivateHost(host string) bool { } if ip := net.ParseIP(h); ip != nil { - return isPrivateOrRestrictedIP(ip) + return shouldBlockPrivateIP(ip, whitelist) } return false diff --git a/pkg/tools/web_test.go b/pkg/tools/web_test.go index 41d83e6f5..80c9a2067 100644 --- a/pkg/tools/web_test.go +++ b/pkg/tools/web_test.go @@ -10,6 +10,7 @@ import ( "net/http/httptest" "strings" "testing" + "time" "github.com/sipeed/picoclaw/pkg/logger" ) @@ -423,6 +424,29 @@ func withPrivateWebFetchHostsAllowed(t *testing.T) { }) } +func serverHostAndPort(t *testing.T, rawURL string) (string, string) { + t.Helper() + hostPort := strings.TrimPrefix(rawURL, "http://") + hostPort = strings.TrimPrefix(hostPort, "https://") + host, port, err := net.SplitHostPort(hostPort) + if err != nil { + t.Fatalf("failed to split host/port from %q: %v", rawURL, err) + } + return host, port +} + +func singleHostCIDR(t *testing.T, host string) string { + t.Helper() + ip := net.ParseIP(host) + if ip == nil { + t.Fatalf("failed to parse IP %q", host) + } + if ip.To4() != nil { + return ip.String() + "/32" + } + return ip.String() + "/128" +} + func TestWebTool_WebFetch_PrivateHostBlocked(t *testing.T) { tool, err := NewWebFetchTool(50000, testFetchLimit) if err != nil { @@ -441,6 +465,56 @@ func TestWebTool_WebFetch_PrivateHostBlocked(t *testing.T) { } } +func TestWebTool_WebFetch_PrivateHostAllowedByExactWhitelist(t *testing.T) { + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "text/plain") + w.WriteHeader(http.StatusOK) + w.Write([]byte("exact whitelist ok")) + })) + defer server.Close() + + host, _ := serverHostAndPort(t, server.URL) + tool, err := NewWebFetchToolWithConfig(50000, "", testFetchLimit, []string{host}) + if err != nil { + t.Fatalf("Failed to create web fetch tool: %v", err) + } + + result := tool.Execute(context.Background(), map[string]any{ + "url": server.URL, + }) + if result.IsError { + t.Fatalf("expected success for exact whitelisted private IP, got %q", result.ForLLM) + } + if !strings.Contains(result.ForLLM, "exact whitelist ok") { + t.Fatalf("expected fetched content, got %q", result.ForLLM) + } +} + +func TestWebTool_WebFetch_PrivateHostAllowedByCIDRWhitelist(t *testing.T) { + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "text/plain") + w.WriteHeader(http.StatusOK) + w.Write([]byte("cidr whitelist ok")) + })) + defer server.Close() + + host, _ := serverHostAndPort(t, server.URL) + tool, err := NewWebFetchToolWithConfig(50000, "", testFetchLimit, []string{singleHostCIDR(t, host)}) + if err != nil { + t.Fatalf("Failed to create web fetch tool: %v", err) + } + + result := tool.Execute(context.Background(), map[string]any{ + "url": server.URL, + }) + if result.IsError { + t.Fatalf("expected success for CIDR-whitelisted private IP, got %q", result.ForLLM) + } + if !strings.Contains(result.ForLLM, "cidr whitelist ok") { + t.Fatalf("expected fetched content, got %q", result.ForLLM) + } +} + func TestWebTool_WebFetch_PrivateHostAllowedForTests(t *testing.T) { withPrivateWebFetchHostsAllowed(t) @@ -570,6 +644,69 @@ func TestWebFetch_RedirectToPrivateBlocked(t *testing.T) { } } +func TestNewSafeDialContext_BlocksPrivateDNSResolutionWithoutWhitelist(t *testing.T) { + listener, err := net.Listen("tcp", "127.0.0.1:0") + if err != nil { + t.Fatalf("failed to listen on loopback: %v", err) + } + defer listener.Close() + + _, port, err := net.SplitHostPort(listener.Addr().String()) + if err != nil { + t.Fatalf("failed to split listener address: %v", err) + } + + dialContext := newSafeDialContext(&net.Dialer{Timeout: time.Second}, nil) + _, err = dialContext(context.Background(), "tcp", net.JoinHostPort("localhost", port)) + if err == nil { + t.Fatal("expected localhost DNS resolution to be blocked without whitelist") + } + if !strings.Contains(err.Error(), "private") && !strings.Contains(err.Error(), "whitelisted") { + t.Fatalf("unexpected error: %v", err) + } +} + +func TestNewSafeDialContext_AllowsWhitelistedPrivateDNSResolution(t *testing.T) { + listener, err := net.Listen("tcp", "127.0.0.1:0") + if err != nil { + t.Fatalf("failed to listen on loopback: %v", err) + } + defer listener.Close() + + accepted := make(chan struct{}, 1) + go func() { + conn, acceptErr := listener.Accept() + if acceptErr != nil { + return + } + conn.Close() + accepted <- struct{}{} + }() + + _, port, err := net.SplitHostPort(listener.Addr().String()) + if err != nil { + t.Fatalf("failed to split listener address: %v", err) + } + + whitelist, err := newPrivateHostWhitelist([]string{"127.0.0.0/8"}) + if err != nil { + t.Fatalf("failed to parse whitelist: %v", err) + } + + dialContext := newSafeDialContext(&net.Dialer{Timeout: time.Second}, whitelist) + conn, err := dialContext(context.Background(), "tcp", net.JoinHostPort("localhost", port)) + if err != nil { + t.Fatalf("expected localhost DNS resolution to succeed with whitelist, got %v", err) + } + conn.Close() + + select { + case <-accepted: + case <-time.After(time.Second): + t.Fatal("expected localhost listener to accept a connection") + } +} + // TestIsPrivateOrRestrictedIP_Table tests IP classification logic func TestIsPrivateOrRestrictedIP_Table(t *testing.T) { tests := []struct { @@ -660,6 +797,16 @@ func TestNewWebFetchToolWithProxy(t *testing.T) { } } +func TestNewWebFetchToolWithConfig_InvalidPrivateHostWhitelist(t *testing.T) { + _, err := NewWebFetchToolWithConfig(1024, "", testFetchLimit, []string{"not-an-ip-or-cidr"}) + if err == nil { + t.Fatal("expected invalid whitelist entry to fail") + } + if !strings.Contains(err.Error(), "invalid entry") { + t.Fatalf("unexpected error: %v", err) + } +} + func TestNewWebSearchTool_PropagatesProxy(t *testing.T) { t.Run("perplexity", func(t *testing.T) { tool, err := NewWebSearchTool(WebSearchToolOptions{ From c639e2c21677aaff50796d2b68af3183d6d61fb5 Mon Sep 17 00:00:00 2001 From: Alix-007 Date: Tue, 17 Mar 2026 23:31:56 +0800 Subject: [PATCH 08/24] feat(agent): include current sender in dynamic context (#1696) * feat(agent): include current sender in dynamic context * test(agent): keep current-sender regression ASCII-only --------- Co-authored-by: Alix-007 <267018309+Alix-007@users.noreply.github.com> --- pkg/agent/context.go | 25 +++++++++-- pkg/agent/context_cache_test.go | 68 ++++++++++++++++++++++++++++-- pkg/agent/loop.go | 42 ++++++++++-------- pkg/agent/loop_test.go | 75 +++++++++++++++++++++++++++++++++ 4 files changed, 186 insertions(+), 24 deletions(-) diff --git a/pkg/agent/context.go b/pkg/agent/context.go index 5a84c45e2..830edf875 100644 --- a/pkg/agent/context.go +++ b/pkg/agent/context.go @@ -458,7 +458,23 @@ func (cb *ContextBuilder) LoadBootstrapFiles() string { // // See: https://docs.anthropic.com/en/docs/build-with-claude/prompt-caching // See: https://platform.openai.com/docs/guides/prompt-caching -func (cb *ContextBuilder) buildDynamicContext(channel, chatID string) string { +func formatCurrentSenderLine(senderID, senderDisplayName string) string { + senderID = strings.TrimSpace(senderID) + senderDisplayName = strings.TrimSpace(senderDisplayName) + + switch { + case senderDisplayName != "" && senderID != "": + return fmt.Sprintf("Current sender: %s (ID: %s)", senderDisplayName, senderID) + case senderDisplayName != "": + return fmt.Sprintf("Current sender: %s", senderDisplayName) + case senderID != "": + return fmt.Sprintf("Current sender: %s", senderID) + default: + return "" + } +} + +func (cb *ContextBuilder) buildDynamicContext(channel, chatID, senderID, senderDisplayName string) string { now := time.Now().Format("2006-01-02 15:04 (Monday)") rt := fmt.Sprintf("%s %s, Go %s", runtime.GOOS, runtime.GOARCH, runtime.Version()) @@ -468,6 +484,9 @@ func (cb *ContextBuilder) buildDynamicContext(channel, chatID string) string { if channel != "" && chatID != "" { fmt.Fprintf(&sb, "\n\n## Current Session\nChannel: %s\nChat ID: %s", channel, chatID) } + if senderLine := formatCurrentSenderLine(senderID, senderDisplayName); senderLine != "" { + fmt.Fprintf(&sb, "\n\n## Current Sender\n%s", senderLine) + } return sb.String() } @@ -477,7 +496,7 @@ func (cb *ContextBuilder) BuildMessages( summary string, currentMessage string, media []string, - channel, chatID string, + channel, chatID, senderID, senderDisplayName string, ) []providers.Message { messages := []providers.Message{} @@ -493,7 +512,7 @@ func (cb *ContextBuilder) BuildMessages( staticPrompt := cb.BuildSystemPromptWithCache() // Build short dynamic context (time, runtime, session) — changes per request - dynamicCtx := cb.buildDynamicContext(channel, chatID) + dynamicCtx := cb.buildDynamicContext(channel, chatID, senderID, senderDisplayName) // Compose a single system message: static (cached) + dynamic + optional summary. // Keeping all system content in one message ensures every provider adapter can diff --git a/pkg/agent/context_cache_test.go b/pkg/agent/context_cache_test.go index 707510820..c26976c3c 100644 --- a/pkg/agent/context_cache_test.go +++ b/pkg/agent/context_cache_test.go @@ -82,7 +82,7 @@ func TestSingleSystemMessage(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - msgs := cb.BuildMessages(tt.history, tt.summary, tt.message, nil, "test", "chat1") + msgs := cb.BuildMessages(tt.history, tt.summary, tt.message, nil, "test", "chat1", "", "") systemCount := 0 for _, m := range msgs { @@ -126,6 +126,68 @@ func TestSingleSystemMessage(t *testing.T) { } } +func TestBuildMessages_CurrentSenderDynamicContext(t *testing.T) { + tmpDir := setupWorkspace(t, map[string]string{ + "IDENTITY.md": "# Identity\nTest agent.", + }) + defer os.RemoveAll(tmpDir) + + cb := NewContextBuilder(tmpDir) + + tests := []struct { + name string + senderID string + senderDisplayName string + wantLine string + wantSection bool + }{ + { + name: "both id and display name", + senderID: "feishu:ou_xxx", + senderDisplayName: "Zhang San", + wantLine: "Current sender: Zhang San (ID: feishu:ou_xxx)", + wantSection: true, + }, + { + name: "display name only", + senderDisplayName: "Alice", + wantLine: "Current sender: Alice", + wantSection: true, + }, + { + name: "id only", + senderID: "discord:123", + wantLine: "Current sender: discord:123", + wantSection: true, + }, + { + name: "no sender info", + wantSection: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + msgs := cb.BuildMessages(nil, "", "hello", nil, "discord", "chat1", tt.senderID, tt.senderDisplayName) + sys := msgs[0].Content + + if tt.wantSection { + if !strings.Contains(sys, "## Current Sender") { + t.Fatalf("system prompt missing Current Sender section:\n%s", sys) + } + if !strings.Contains(sys, tt.wantLine) { + t.Fatalf("system prompt missing sender line %q:\n%s", tt.wantLine, sys) + } + return + } + + if strings.Contains(sys, "## Current Sender") { + t.Fatalf("system prompt should omit Current Sender section:\n%s", sys) + } + }) + } +} + // TestMtimeAutoInvalidation verifies that the cache detects source file changes // via mtime without requiring explicit InvalidateCache(). // Fix: original implementation had no auto-invalidation — edits to bootstrap files, @@ -576,7 +638,7 @@ func TestConcurrentBuildSystemPromptWithCache(t *testing.T) { } // Also exercise BuildMessages concurrently - msgs := cb.BuildMessages(nil, "", "hello", nil, "test", "chat") + msgs := cb.BuildMessages(nil, "", "hello", nil, "test", "chat", "", "") if len(msgs) < 2 { errs <- "BuildMessages returned fewer than 2 messages" return @@ -664,6 +726,6 @@ func BenchmarkBuildMessagesWithCache(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _ = cb.BuildMessages(history, "summary", "new message", nil, "cli", "test") + _ = cb.BuildMessages(history, "summary", "new message", nil, "cli", "test", "", "") } } diff --git a/pkg/agent/loop.go b/pkg/agent/loop.go index c25650201..00c9d913a 100644 --- a/pkg/agent/loop.go +++ b/pkg/agent/loop.go @@ -55,15 +55,17 @@ type AgentLoop struct { // processOptions configures how a message is processed type processOptions struct { - SessionKey string // Session identifier for history/context - Channel string // Target channel for tool execution - ChatID string // Target chat ID for tool execution - UserMessage string // User message content (may include prefix) - Media []string // media:// refs from inbound message - DefaultResponse string // Response when LLM returns empty - EnableSummary bool // Whether to trigger summarization - SendResponse bool // Whether to send response via bus - NoHistory bool // If true, don't load session history (for heartbeat) + SessionKey string // Session identifier for history/context + Channel string // Target channel for tool execution + ChatID string // Target chat ID for tool execution + SenderID string // Current sender ID for dynamic context + SenderDisplayName string // Current sender display name for dynamic context + UserMessage string // User message content (may include prefix) + Media []string // media:// refs from inbound message + DefaultResponse string // Response when LLM returns empty + EnableSummary bool // Whether to trigger summarization + SendResponse bool // Whether to send response via bus + NoHistory bool // If true, don't load session history (for heartbeat) } const ( @@ -746,14 +748,16 @@ func (al *AgentLoop) processMessage(ctx context.Context, msg bus.InboundMessage) }) opts := processOptions{ - SessionKey: sessionKey, - Channel: msg.Channel, - ChatID: msg.ChatID, - UserMessage: msg.Content, - Media: msg.Media, - DefaultResponse: defaultResponse, - EnableSummary: true, - SendResponse: false, + SessionKey: sessionKey, + Channel: msg.Channel, + ChatID: msg.ChatID, + SenderID: msg.SenderID, + SenderDisplayName: msg.Sender.DisplayName, + UserMessage: msg.Content, + Media: msg.Media, + DefaultResponse: defaultResponse, + EnableSummary: true, + SendResponse: false, } // context-dependent commands check their own Runtime fields and report @@ -893,6 +897,8 @@ func (al *AgentLoop) runAgentLoop( opts.Media, opts.Channel, opts.ChatID, + opts.SenderID, + opts.SenderDisplayName, ) // Resolve media:// refs: images→base64 data URLs, non-images→local paths in content @@ -1164,7 +1170,7 @@ func (al *AgentLoop) runLLMIteration( newSummary := agent.Sessions.GetSummary(opts.SessionKey) messages = agent.ContextBuilder.BuildMessages( newHistory, newSummary, "", - nil, opts.Channel, opts.ChatID, + nil, opts.Channel, opts.ChatID, opts.SenderID, opts.SenderDisplayName, ) continue } diff --git a/pkg/agent/loop_test.go b/pkg/agent/loop_test.go index a6604e87f..47c378771 100644 --- a/pkg/agent/loop_test.go +++ b/pkg/agent/loop_test.go @@ -30,6 +30,28 @@ func (f *fakeChannel) IsAllowed(string) bool { func (f *fakeChannel) IsAllowedSender(sender bus.SenderInfo) bool { return true } func (f *fakeChannel) ReasoningChannelID() string { return f.id } +type recordingProvider struct { + lastMessages []providers.Message +} + +func (r *recordingProvider) Chat( + ctx context.Context, + messages []providers.Message, + tools []providers.ToolDefinition, + model string, + opts map[string]any, +) (*providers.LLMResponse, error) { + r.lastMessages = append([]providers.Message(nil), messages...) + return &providers.LLMResponse{ + Content: "Mock response", + ToolCalls: []providers.ToolCall{}, + }, nil +} + +func (r *recordingProvider) GetDefaultModel() string { + return "mock-model" +} + func newTestAgentLoop( t *testing.T, ) (al *AgentLoop, cfg *config.Config, msgBus *bus.MessageBus, provider *mockProvider, cleanup func()) { @@ -54,6 +76,59 @@ func newTestAgentLoop( return al, cfg, msgBus, provider, func() { os.RemoveAll(tmpDir) } } +func TestProcessMessage_IncludesCurrentSenderInDynamicContext(t *testing.T) { + tmpDir, err := os.MkdirTemp("", "agent-test-*") + if err != nil { + t.Fatalf("Failed to create temp dir: %v", err) + } + defer os.RemoveAll(tmpDir) + + cfg := &config.Config{ + Agents: config.AgentsConfig{ + Defaults: config.AgentDefaults{ + Workspace: tmpDir, + Model: "test-model", + MaxTokens: 4096, + MaxToolIterations: 10, + }, + }, + } + + msgBus := bus.NewMessageBus() + provider := &recordingProvider{} + al := NewAgentLoop(cfg, msgBus, provider) + + response, err := al.processMessage(context.Background(), bus.InboundMessage{ + Channel: "discord", + SenderID: "discord:123", + Sender: bus.SenderInfo{ + DisplayName: "Alice", + }, + ChatID: "group-1", + Content: "hello", + }) + if err != nil { + t.Fatalf("processMessage() error = %v", err) + } + if response != "Mock response" { + t.Fatalf("processMessage() response = %q, want %q", response, "Mock response") + } + if len(provider.lastMessages) == 0 { + t.Fatal("provider did not receive any messages") + } + + systemPrompt := provider.lastMessages[0].Content + wantSender := "## Current Sender\nCurrent sender: Alice (ID: discord:123)" + if !strings.Contains(systemPrompt, wantSender) { + t.Fatalf("system prompt missing sender context %q:\n%s", wantSender, systemPrompt) + } + + lastMessage := provider.lastMessages[len(provider.lastMessages)-1] + if lastMessage.Role != "user" || lastMessage.Content != "hello" { + t.Fatalf("last provider message = %+v, want unchanged user message", lastMessage) + } +} + func TestRecordLastChannel(t *testing.T) { al, cfg, msgBus, provider, cleanup := newTestAgentLoop(t) defer cleanup() From f776611e291b71785132ffba9fb34556eaff6a96 Mon Sep 17 00:00:00 2001 From: juju <14191774+tong3jie@users.noreply.github.com> Date: Wed, 18 Mar 2026 00:02:51 +0800 Subject: [PATCH 09/24] feat(cron): refactor scheduler to event-driven model and add unit tests (#1313) * feat(cron): enhance CronService with wake channel and improve job scheduling logic * fix(cron): update file permission mode to use octal notation in test and fix some lint errors * fix(cron): improve wake channel handling and enhance concurrency in tests --- pkg/cron/service.go | 77 ++++++++++++--- pkg/cron/service_test.go | 199 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 265 insertions(+), 11 deletions(-) diff --git a/pkg/cron/service.go b/pkg/cron/service.go index 04775ac42..77a413133 100644 --- a/pkg/cron/service.go +++ b/pkg/cron/service.go @@ -65,6 +65,7 @@ type CronService struct { mu sync.RWMutex running bool stopChan chan struct{} + wakeChan chan struct{} gronx *gronx.Gronx } @@ -73,6 +74,7 @@ func NewCronService(storePath string, onJob JobHandler) *CronService { storePath: storePath, onJob: onJob, gronx: gronx.New(), + wakeChan: make(chan struct{}), } // Initialize and load store on creation cs.loadStore() @@ -97,6 +99,9 @@ func (cs *CronService) Start() error { } cs.stopChan = make(chan struct{}) + if cs.wakeChan == nil { + cs.wakeChan = make(chan struct{}) + } cs.running = true go cs.runLoop(cs.stopChan) @@ -119,14 +124,47 @@ func (cs *CronService) Stop() { } func (cs *CronService) runLoop(stopChan chan struct{}) { - ticker := time.NewTicker(1 * time.Second) - defer ticker.Stop() + timer := time.NewTimer(time.Hour) + if !timer.Stop() { + <-timer.C + } + defer timer.Stop() for { + // every loop, recalculate the next wake time + cs.mu.RLock() + nextWake := cs.getNextWakeMS() + cs.mu.RUnlock() + + var delay time.Duration + now := time.Now().UnixMilli() + + if nextWake == nil { + // no jobs, sleep for a long time (or until a new job is added) + delay = time.Hour + } else { + diff := *nextWake - now + if diff <= 0 { + delay = 0 + } else { + delay = time.Duration(diff) * time.Millisecond + } + } + + timer.Reset(delay) + select { case <-stopChan: return - case <-ticker.C: + case <-cs.wakeChan: // wake on new job or update + if !timer.Stop() { + select { + case <-timer.C: + default: + } + } + continue + case <-timer.C: cs.checkJobs() } } @@ -264,22 +302,19 @@ func (cs *CronService) executeJobByID(jobID string) { } func (cs *CronService) computeNextRun(schedule *CronSchedule, nowMS int64) *int64 { - if schedule.Kind == "at" { + switch schedule.Kind { + case "at": if schedule.AtMS != nil && *schedule.AtMS > nowMS { return schedule.AtMS } return nil - } - - if schedule.Kind == "every" { + case "every": if schedule.EveryMS == nil || *schedule.EveryMS <= 0 { return nil } next := nowMS + *schedule.EveryMS return &next - } - - if schedule.Kind == "cron" { + case "cron": if schedule.Expr == "" { return nil } @@ -294,9 +329,19 @@ func (cs *CronService) computeNextRun(schedule *CronSchedule, nowMS int64) *int6 nextMS := nextTime.UnixMilli() return &nextMS + default: + log.Printf("[cron] unknown schedule kind '%s'", schedule.Kind) + return nil } +} - return nil +// wake up the loop to re-evaluate next wake time immediately (e.g. after add/update/remove jobs) +func (cs *CronService) notify() { + select { + case cs.wakeChan <- struct{}{}: + default: + // if the channel is full, it means the loop will wake up soon anyway, so we can skip sending + } } func (cs *CronService) recomputeNextRuns() { @@ -400,6 +445,8 @@ func (cs *CronService) AddJob( return nil, err } + cs.notify() + return &job, nil } @@ -411,6 +458,9 @@ func (cs *CronService) UpdateJob(job *CronJob) error { if cs.store.Jobs[i].ID == job.ID { cs.store.Jobs[i] = *job cs.store.Jobs[i].UpdatedAtMS = time.Now().UnixMilli() + + cs.notify() + return cs.saveStoreUnsafe() } } @@ -441,6 +491,8 @@ func (cs *CronService) removeJobUnsafe(jobID string) bool { } } + cs.notify() + return removed } @@ -463,6 +515,9 @@ func (cs *CronService) EnableJob(jobID string, enabled bool) *CronJob { if err := cs.saveStoreUnsafe(); err != nil { log.Printf("[cron] failed to save store after enable: %v", err) } + + cs.notify() + return job } } diff --git a/pkg/cron/service_test.go b/pkg/cron/service_test.go index 1a0dd1829..c55e62174 100644 --- a/pkg/cron/service_test.go +++ b/pkg/cron/service_test.go @@ -1,10 +1,13 @@ package cron import ( + "fmt" "os" "path/filepath" "runtime" + "sync" "testing" + "time" ) func TestSaveStore_FilePermissions(t *testing.T) { @@ -36,3 +39,199 @@ func TestSaveStore_FilePermissions(t *testing.T) { func int64Ptr(v int64) *int64 { return &v } + +func setupService(handler JobHandler) (*CronService, string) { + tmpFile := fmt.Sprintf("test_cron_%d.json", time.Now().UnixNano()) + cs := NewCronService(tmpFile, handler) + return cs, tmpFile +} + +func TestCronService_CRUD(t *testing.T) { + cs, path := setupService(nil) + defer os.Remove(path) + + // Test AddJob + at := time.Now().Add(time.Hour).UnixMilli() + job, err := cs.AddJob("Task1", CronSchedule{Kind: "at", AtMS: &at}, "msg", true, "ch", "to") + if err != nil || job.ID == "" { + t.Fatalf("AddJob failed: %v", err) + } + + // Test ListJobs + if len(cs.ListJobs(true)) != 1 { + t.Error("ListJobs should return 1 job") + } + + // Test UpdateJob + job.Name = "UpdatedName" + err = cs.UpdateJob(job) + if err != nil || cs.store.Jobs[0].Name != "UpdatedName" { + t.Error("UpdateJob failed") + } + + // Test EnableJob + cs.EnableJob(job.ID, false) + if cs.store.Jobs[0].Enabled != false || cs.store.Jobs[0].State.NextRunAtMS != nil { + t.Error("EnableJob(false) failed to clear state") + } + + // Test RemoveJob + removed := cs.RemoveJob(job.ID) + if !removed || len(cs.store.Jobs) != 0 { + t.Error("RemoveJob failed") + } +} + +// 2. Test Cron Expression Calculation Logic +func TestCronService_ComputeNextRun(t *testing.T) { + cs, path := setupService(nil) + defer os.Remove(path) + + now := time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC).UnixMilli() + + tests := []struct { + name string + schedule CronSchedule + wantNil bool + }{ + {"Valid Cron", CronSchedule{Kind: "cron", Expr: "0 * * * *"}, false}, + {"Invalid Cron", CronSchedule{Kind: "cron", Expr: "invalid"}, true}, + {"Every MS", CronSchedule{Kind: "every", EveryMS: int64Ptr(5000)}, false}, + {"At Future", CronSchedule{Kind: "at", AtMS: int64Ptr(now + 1000)}, false}, + {"At Past", CronSchedule{Kind: "at", AtMS: int64Ptr(now - 1000)}, true}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := cs.computeNextRun(&tt.schedule, now) + if (got == nil) != tt.wantNil { + t.Errorf("%s: got %v, wantNil %v", tt.name, got, tt.wantNil) + } + }) + } +} + +// 3. Test Execution Flow +func TestCronService_ExecutionFlow(t *testing.T) { + var mu sync.Mutex + executedJobs := make(map[string]bool) + + handler := func(job *CronJob) (string, error) { + mu.Lock() + executedJobs[job.ID] = true + mu.Unlock() + return "ok", nil + } + + cs, path := setupService(handler) + defer os.Remove(path) + + // Start the service + if err := cs.Start(); err != nil { + t.Fatalf("Start failed: %v", err) + } + defer cs.Stop() + + // Add a job then runs 100ms from now + target := time.Now().Add(100 * time.Millisecond).UnixMilli() + job, _ := cs.AddJob("FastJob", CronSchedule{Kind: "at", AtMS: &target}, "", false, "", "") + + // Check for job execution with a timeout + success := false + for range 20 { + mu.Lock() + if executedJobs[job.ID] { + success = true + mu.Unlock() + break + } + mu.Unlock() + time.Sleep(100 * time.Millisecond) + } + + if !success { + t.Error("Job was not executed in time") + } + + // check that the job is removed after execution (DeleteAfterRun = true) + status := cs.Status() + if status["jobs"].(int) != 0 { + t.Errorf("Job should be deleted after run, got count: %v", status["jobs"]) + } +} + +func TestCronService_PersistenceIntegrity(t *testing.T) { + tmpFile := "persist_test.json" + defer os.Remove(tmpFile) + + // write a job and persist + cs1 := NewCronService(tmpFile, nil) + at := int64(2000000000000) + cs1.AddJob("PersistMe", CronSchedule{Kind: "at", AtMS: &at}, "payload", true, "ch1", "") + + // check file exists + if _, err := os.Stat(tmpFile); os.IsNotExist(err) { + t.Fatal("Store file was not created") + } + + // reload and check data integrity + cs2 := NewCronService(tmpFile, nil) + if err := cs2.Load(); err != nil { + t.Fatalf("Failed to load store: %v", err) + } + + jobs := cs2.ListJobs(true) + if len(jobs) != 1 || jobs[0].Name != "PersistMe" { + t.Errorf("Data corruption after reload. Got: %+v", jobs) + } + + // test loading invalid JSON + os.WriteFile(tmpFile, []byte("{invalid json}"), 0o644) + cs3 := NewCronService(tmpFile, nil) + err := cs3.loadStore() + if err == nil { + t.Error("Should return error when loading invalid JSON") + } +} + +func TestCronService_ConcurrentAccess(t *testing.T) { + cs, path := setupService(nil) + defer os.Remove(path) + + cs.Start() + defer cs.Stop() + + var wg sync.WaitGroup + workers := 10 + iterations := 50 + + wg.Add(workers * 2) + + // add jobs concurrently + for i := range workers { + go func(id int) { + defer wg.Done() + for j := range iterations { + at := time.Now().Add(time.Hour).UnixMilli() + cs.AddJob(fmt.Sprintf("Job-%d-%d", id, j), CronSchedule{Kind: "at", AtMS: &at}, "", false, "", "") + time.Sleep(100 * time.Microsecond) + } + }(i) + } + + // read and update jobs concurrently + for range workers { + go func() { + defer wg.Done() + for j := range iterations { + jobs := cs.ListJobs(true) + if len(jobs) > 0 { + cs.EnableJob(jobs[0].ID, j%2 == 0) + } + time.Sleep(100 * time.Microsecond) + } + }() + } + + wg.Wait() +} From 9c31b0ca958e94cdf081cd30ee61be1806c51013 Mon Sep 17 00:00:00 2001 From: juju <14191774+tong3jie@users.noreply.github.com> Date: Wed, 18 Mar 2026 00:12:12 +0800 Subject: [PATCH 10/24] fix: Fixed the bug where the bus was closed and consumers had unfinished messages. (#1179) * fix: Fixed the bug where the bus was closed and consumers had unfinished messages. * fix: remove unnecessary blank line in Close method * fix: refactor message bus and channel handling for improved performance and reliability * fix: improve message handling and bus closure logic for better reliability * fix: reduce sleep duration in agent loop for improved responsiveness * fix the test case --- pkg/agent/loop.go | 108 ++++++------- pkg/agent/loop_test.go | 111 ++++++++----- pkg/bus/bus.go | 153 +++++++----------- pkg/bus/bus_test.go | 52 ++++-- pkg/channels/manager.go | 60 +++---- pkg/channels/qq/qq_test.go | 20 ++- .../telegram/telegram_dispatch_test.go | 6 +- .../telegram_group_command_filter_test.go | 28 ++-- pkg/channels/telegram/telegram_test.go | 16 +- .../whatsapp/whatsapp_command_test.go | 6 +- .../whatsapp_native/whatsapp_command_test.go | 23 +-- 11 files changed, 301 insertions(+), 282 deletions(-) diff --git a/pkg/agent/loop.go b/pkg/agent/loop.go index 00c9d913a..5c6cb2fe9 100644 --- a/pkg/agent/loop.go +++ b/pkg/agent/loop.go @@ -267,67 +267,65 @@ func (al *AgentLoop) Run(ctx context.Context) error { select { case <-ctx.Done(): return nil - default: - msg, ok := al.bus.ConsumeInbound(ctx) + case msg, ok := <-al.bus.InboundChan(): if !ok { - continue + return nil + } + // Process message + // TODO: Re-enable media cleanup after inbound media is properly consumed by the agent. + // Currently disabled because files are deleted before the LLM can access their content. + // defer func() { + // if al.mediaStore != nil && msg.MediaScope != "" { + // if releaseErr := al.mediaStore.ReleaseAll(msg.MediaScope); releaseErr != nil { + // logger.WarnCF("agent", "Failed to release media", map[string]any{ + // "scope": msg.MediaScope, + // "error": releaseErr.Error(), + // }) + // } + // } + // }() + + response, err := al.processMessage(ctx, msg) + if err != nil { + response = fmt.Sprintf("Error processing message: %v", err) } - // Process message - func() { - // TODO: Re-enable media cleanup after inbound media is properly consumed by the agent. - // Currently disabled because files are deleted before the LLM can access their content. - // defer func() { - // if al.mediaStore != nil && msg.MediaScope != "" { - // if releaseErr := al.mediaStore.ReleaseAll(msg.MediaScope); releaseErr != nil { - // logger.WarnCF("agent", "Failed to release media", map[string]any{ - // "scope": msg.MediaScope, - // "error": releaseErr.Error(), - // }) - // } - // } - // }() - - response, err := al.processMessage(ctx, msg) - if err != nil { - response = fmt.Sprintf("Error processing message: %v", err) - } - - if response != "" { - // Check if the message tool already sent a response during this round. - // If so, skip publishing to avoid duplicate messages to the user. - // Use default agent's tools to check (message tool is shared). - alreadySent := false - defaultAgent := al.GetRegistry().GetDefaultAgent() - if defaultAgent != nil { - if tool, ok := defaultAgent.Tools.Get("message"); ok { - if mt, ok := tool.(*tools.MessageTool); ok { - alreadySent = mt.HasSentInRound() - } + if response != "" { + // Check if the message tool already sent a response during this round. + // If so, skip publishing to avoid duplicate messages to the user. + // Use default agent's tools to check (message tool is shared). + alreadySent := false + defaultAgent := al.GetRegistry().GetDefaultAgent() + if defaultAgent != nil { + if tool, ok := defaultAgent.Tools.Get("message"); ok { + if mt, ok := tool.(*tools.MessageTool); ok { + alreadySent = mt.HasSentInRound() } } - - if !alreadySent { - al.bus.PublishOutbound(ctx, bus.OutboundMessage{ - Channel: msg.Channel, - ChatID: msg.ChatID, - Content: response, - }) - logger.InfoCF("agent", "Published outbound response", - map[string]any{ - "channel": msg.Channel, - "chat_id": msg.ChatID, - "content_len": len(response), - }) - } else { - logger.DebugCF( - "agent", - "Skipped outbound (message tool already sent)", - map[string]any{"channel": msg.Channel}, - ) - } } - }() + + if !alreadySent { + al.bus.PublishOutbound(ctx, bus.OutboundMessage{ + Channel: msg.Channel, + ChatID: msg.ChatID, + Content: response, + }) + logger.InfoCF("agent", "Published outbound response", + map[string]any{ + "channel": msg.Channel, + "chat_id": msg.ChatID, + "content_len": len(response), + }) + } else { + logger.DebugCF( + "agent", + "Skipped outbound (message tool already sent)", + map[string]any{"channel": msg.Channel}, + ) + } + } + default: + time.Sleep(time.Microsecond * 200) } } diff --git a/pkg/agent/loop_test.go b/pkg/agent/loop_test.go index 47c378771..25ee6ab4d 100644 --- a/pkg/agent/loop_test.go +++ b/pkg/agent/loop_test.go @@ -997,10 +997,25 @@ func TestHandleReasoning(t *testing.T) { al, msgBus := newLoop(t) al.handleReasoning(context.Background(), "reasoning", "telegram", "") - ctx, cancel := context.WithTimeout(context.Background(), 20*time.Millisecond) + ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - if msg, ok := msgBus.SubscribeOutbound(ctx); ok { - t.Fatalf("expected no outbound message, got %+v", msg) + for { + select { + case msg, ok := <-msgBus.OutboundChan(): + if !ok { + t.Fatalf("expected no outbound message, got %+v", msg) + } + if msg.Content == "reasoning" { + t.Fatalf("expected no message for empty chatID, got %+v", msg) + } + return + case <-ctx.Done(): + t.Log("expected an outbound message, got none within timeout") + return + default: + // Continue to check for message + time.Sleep(5 * time.Millisecond) // Avoid busy loop + } } }) @@ -1008,9 +1023,7 @@ func TestHandleReasoning(t *testing.T) { al, msgBus := newLoop(t) al.handleReasoning(context.Background(), "hello reasoning", "slack", "channel-1") - ctx, cancel := context.WithTimeout(context.Background(), 200*time.Millisecond) - defer cancel() - msg, ok := msgBus.SubscribeOutbound(ctx) + msg, ok := <-msgBus.OutboundChan() if !ok { t.Fatal("expected an outbound message") } @@ -1024,35 +1037,52 @@ func TestHandleReasoning(t *testing.T) { reasoning := "hello telegram reasoning" al.handleReasoning(context.Background(), reasoning, "telegram", "tg-chat") - ctx, cancel := context.WithTimeout(context.Background(), 200*time.Millisecond) + ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - msg, ok := msgBus.SubscribeOutbound(ctx) - if !ok { - t.Fatal("expected outbound message") - } + for { + select { + case <-ctx.Done(): + t.Fatal("expected an outbound message, got none within timeout") + return + case msg, ok := <-msgBus.OutboundChan(): + if !ok { + t.Fatal("expected outbound message") + } - if msg.Channel != "telegram" { - t.Fatalf("expected telegram channel message, got %+v", msg) - } - if msg.ChatID != "tg-chat" { - t.Fatalf("expected chatID tg-chat, got %+v", msg) - } - if msg.Content != reasoning { - t.Fatalf("content mismatch: got %q want %q", msg.Content, reasoning) + if msg.Channel != "telegram" { + t.Fatalf("expected telegram channel message, got %+v", msg) + } + if msg.ChatID != "tg-chat" { + t.Fatalf("expected chatID tg-chat, got %+v", msg) + } + if msg.Content != reasoning { + t.Fatalf("content mismatch: got %q want %q", msg.Content, reasoning) + } + return + } } }) t.Run("expired ctx", func(t *testing.T) { al, msgBus := newLoop(t) reasoning := "hello telegram reasoning" - ctx, cancel := context.WithCancel(context.Background()) - cancel() - al.handleReasoning(ctx, reasoning, "telegram", "tg-chat") - ctx, cancel = context.WithTimeout(context.Background(), 200*time.Millisecond) - defer cancel() - msg, ok := msgBus.SubscribeOutbound(ctx) - if ok { - t.Fatalf("expected no outbound message, got %+v", msg) + al.handleReasoning(context.Background(), reasoning, "telegram", "tg-chat") + + consumeCtx, consumeCancel := context.WithTimeout(context.Background(), 2*time.Second) + defer consumeCancel() + + for { + select { + case msg, ok := <-msgBus.OutboundChan(): + if !ok { + t.Fatalf("expected no outbound message, but received: %+v", msg) + } + t.Logf("Received unexpected outbound message: %+v", msg) + return + case <-consumeCtx.Done(): + t.Fatalf("failed: no message received within timeout") + return + } } }) @@ -1092,20 +1122,23 @@ func TestHandleReasoning(t *testing.T) { // Drain the bus and verify the reasoning message was NOT published // (it should have been dropped due to timeout). - drainCtx, drainCancel := context.WithTimeout(context.Background(), 100*time.Millisecond) - defer drainCancel() - foundReasoning := false + timeer := time.After(1 * time.Second) for { - msg, ok := msgBus.SubscribeOutbound(drainCtx) - if !ok { - break + select { + case <-timeer: + t.Logf( + "no reasoning message received after draining bus for 1s, as expected,length=%d", + len(msgBus.OutboundChan()), + ) + return + case msg, ok := <-msgBus.OutboundChan(): + if !ok { + break + } + if msg.Content == "should timeout" { + t.Fatal("expected reasoning message to be dropped when bus is full, but it was published") + } } - if msg.Content == "should timeout" { - foundReasoning = true - } - } - if foundReasoning { - t.Fatal("expected reasoning message to be dropped when bus is full, but it was published") } }) } diff --git a/pkg/bus/bus.go b/pkg/bus/bus.go index f5ff9587d..3d08bda4f 100644 --- a/pkg/bus/bus.go +++ b/pkg/bus/bus.go @@ -3,6 +3,7 @@ package bus import ( "context" "errors" + "sync" "sync/atomic" "github.com/sipeed/picoclaw/pkg/logger" @@ -17,8 +18,11 @@ type MessageBus struct { inbound chan InboundMessage outbound chan OutboundMessage outboundMedia chan OutboundMediaMessage - done chan struct{} - closed atomic.Bool + + closeOnce sync.Once + done chan struct{} + closed atomic.Bool + wg sync.WaitGroup } func NewMessageBus() *MessageBus { @@ -30,128 +34,91 @@ func NewMessageBus() *MessageBus { } } -func (mb *MessageBus) PublishInbound(ctx context.Context, msg InboundMessage) error { +func publish[T any](ctx context.Context, mb *MessageBus, ch chan T, msg T) error { + // check bus closed before acquiring wg, to avoid unnecessary wg.Add and potential deadlock if mb.closed.Load() { return ErrBusClosed } - if err := ctx.Err(); err != nil { - return err - } + + // check again,before sending message, to avoid sending to closed channel select { - case mb.inbound <- msg: - return nil - case <-mb.done: - return ErrBusClosed case <-ctx.Done(): return ctx.Err() + case <-mb.done: + return ErrBusClosed + default: + } + + mb.wg.Add(1) + defer mb.wg.Done() + + select { + case ch <- msg: + return nil + case <-ctx.Done(): + return ctx.Err() + case <-mb.done: + return ErrBusClosed } } -func (mb *MessageBus) ConsumeInbound(ctx context.Context) (InboundMessage, bool) { - select { - case msg, ok := <-mb.inbound: - return msg, ok - case <-mb.done: - return InboundMessage{}, false - case <-ctx.Done(): - return InboundMessage{}, false - } +func (mb *MessageBus) PublishInbound(ctx context.Context, msg InboundMessage) error { + return publish(ctx, mb, mb.inbound, msg) +} + +func (mb *MessageBus) InboundChan() <-chan InboundMessage { + return mb.inbound } func (mb *MessageBus) PublishOutbound(ctx context.Context, msg OutboundMessage) error { - if mb.closed.Load() { - return ErrBusClosed - } - if err := ctx.Err(); err != nil { - return err - } - select { - case mb.outbound <- msg: - return nil - case <-mb.done: - return ErrBusClosed - case <-ctx.Done(): - return ctx.Err() - } + return publish(ctx, mb, mb.outbound, msg) } -func (mb *MessageBus) SubscribeOutbound(ctx context.Context) (OutboundMessage, bool) { - select { - case msg, ok := <-mb.outbound: - return msg, ok - case <-mb.done: - return OutboundMessage{}, false - case <-ctx.Done(): - return OutboundMessage{}, false - } +func (mb *MessageBus) OutboundChan() <-chan OutboundMessage { + return mb.outbound } func (mb *MessageBus) PublishOutboundMedia(ctx context.Context, msg OutboundMediaMessage) error { - if mb.closed.Load() { - return ErrBusClosed - } - if err := ctx.Err(); err != nil { - return err - } - select { - case mb.outboundMedia <- msg: - return nil - case <-mb.done: - return ErrBusClosed - case <-ctx.Done(): - return ctx.Err() - } + return publish(ctx, mb, mb.outboundMedia, msg) } -func (mb *MessageBus) SubscribeOutboundMedia(ctx context.Context) (OutboundMediaMessage, bool) { - select { - case msg, ok := <-mb.outboundMedia: - return msg, ok - case <-mb.done: - return OutboundMediaMessage{}, false - case <-ctx.Done(): - return OutboundMediaMessage{}, false - } +func (mb *MessageBus) OutboundMediaChan() <-chan OutboundMediaMessage { + return mb.outboundMedia } func (mb *MessageBus) Close() { - if mb.closed.CompareAndSwap(false, true) { + mb.closeOnce.Do(func() { + // notify all blocked publishers to exit close(mb.done) - // Drain buffered channels so messages aren't silently lost. - // Channels are NOT closed to avoid send-on-closed panics from concurrent publishers. + // because every publisher will check mb.closed before acquiring wg + // so we can be sure that new publishers will not be added new messages after this point + mb.closed.Store(true) + + // wait for all ongoing Publish calls to finish, ensuring all messages have been sent to channels or exited + mb.wg.Wait() + + // close channels safely + close(mb.inbound) + close(mb.outbound) + close(mb.outboundMedia) + + // clean up any remaining messages in channels drained := 0 - for { - select { - case <-mb.inbound: - drained++ - default: - goto doneInbound - } + for range mb.inbound { + drained++ } - doneInbound: - for { - select { - case <-mb.outbound: - drained++ - default: - goto doneOutbound - } + for range mb.outbound { + drained++ } - doneOutbound: - for { - select { - case <-mb.outboundMedia: - drained++ - default: - goto doneMedia - } + for range mb.outboundMedia { + drained++ } - doneMedia: + if drained > 0 { logger.DebugCF("bus", "Drained buffered messages during close", map[string]any{ "count": drained, }) } - } + }) } diff --git a/pkg/bus/bus_test.go b/pkg/bus/bus_test.go index e07b8c7fe..9b6324ca6 100644 --- a/pkg/bus/bus_test.go +++ b/pkg/bus/bus_test.go @@ -24,7 +24,7 @@ func TestPublishConsume(t *testing.T) { t.Fatalf("PublishInbound failed: %v", err) } - got, ok := mb.ConsumeInbound(ctx) + got, ok := <-mb.InboundChan() if !ok { t.Fatal("ConsumeInbound returned ok=false") } @@ -52,7 +52,7 @@ func TestPublishOutboundSubscribe(t *testing.T) { t.Fatalf("PublishOutbound failed: %v", err) } - got, ok := mb.SubscribeOutbound(ctx) + got, ok := <-mb.OutboundChan() if !ok { t.Fatal("SubscribeOutbound returned ok=false") } @@ -108,27 +108,48 @@ func TestPublishOutbound_BusClosed(t *testing.T) { func TestConsumeInbound_ContextCancel(t *testing.T) { mb := NewMessageBus() + defer mb.Close() - ctx, cancel := context.WithCancel(context.Background()) - cancel() + for i := range defaultBusBufferSize { + if err := mb.PublishInbound(context.Background(), InboundMessage{Content: "fill"}); err != nil { + t.Fatalf("fill failed at %d: %v", i, err) + } + } - _, ok := mb.ConsumeInbound(ctx) - if ok { - t.Fatal("expected ok=false when context is canceled") + ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond) + defer cancel() + mb.PublishInbound(ctx, InboundMessage{Content: "ContextCancel"}) + + select { + case <-ctx.Done(): + t.Log("context canceled, as expected") + + case msg, ok := <-mb.InboundChan(): + if !ok { + t.Fatal("expected ok=false when context is canceled") + } + if msg.Content == "ContextCancel" { + t.Fatalf("expected content 'ContextCancel', got %q", msg.Content) + } } } func TestConsumeInbound_BusClosed(t *testing.T) { mb := NewMessageBus() - mb.Close() - ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond) - defer cancel() + timer := time.AfterFunc(100*time.Millisecond, func() { + mb.Close() + }) - _, ok := mb.ConsumeInbound(ctx) - if ok { - t.Fatal("expected ok=false when bus is closed") + select { + case <-timer.C: + t.Log("context canceled, as expected") + + case _, ok := <-mb.InboundChan(): + if ok { + t.Fatal("expected ok=false when context is canceled") + } } } @@ -136,10 +157,7 @@ func TestSubscribeOutbound_BusClosed(t *testing.T) { mb := NewMessageBus() mb.Close() - ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond) - defer cancel() - - _, ok := mb.SubscribeOutbound(ctx) + _, ok := <-mb.OutboundChan() if ok { t.Fatal("expected ok=false when bus is closed") } diff --git a/pkg/channels/manager.go b/pkg/channels/manager.go index 7d49a0e30..aed815399 100644 --- a/pkg/channels/manager.go +++ b/pkg/channels/manager.go @@ -585,7 +585,7 @@ func (m *Manager) sendWithRetry(ctx context.Context, name string, w *channelWork func dispatchLoop[M any]( ctx context.Context, m *Manager, - subscribe func(context.Context) (M, bool), + ch <-chan M, getChannel func(M) string, enqueue func(context.Context, *channelWorker, M) bool, startMsg, stopMsg, unknownMsg, noWorkerMsg string, @@ -593,35 +593,41 @@ func dispatchLoop[M any]( logger.InfoC("channels", startMsg) for { - msg, ok := subscribe(ctx) - if !ok { + select { + case <-ctx.Done(): logger.InfoC("channels", stopMsg) return - } - channel := getChannel(msg) - - // Silently skip internal channels - if constants.IsInternalChannel(channel) { - continue - } - - m.mu.RLock() - _, exists := m.channels[channel] - w, wExists := m.workers[channel] - m.mu.RUnlock() - - if !exists { - logger.WarnCF("channels", unknownMsg, map[string]any{"channel": channel}) - continue - } - - if wExists && w != nil { - if !enqueue(ctx, w, msg) { + case msg, ok := <-ch: + if !ok { + logger.InfoC("channels", stopMsg) return } - } else if exists { - logger.WarnCF("channels", noWorkerMsg, map[string]any{"channel": channel}) + + channel := getChannel(msg) + + // Silently skip internal channels + if constants.IsInternalChannel(channel) { + continue + } + + m.mu.RLock() + _, exists := m.channels[channel] + w, wExists := m.workers[channel] + m.mu.RUnlock() + + if !exists { + logger.WarnCF("channels", unknownMsg, map[string]any{"channel": channel}) + continue + } + + if wExists && w != nil { + if !enqueue(ctx, w, msg) { + return + } + } else if exists { + logger.WarnCF("channels", noWorkerMsg, map[string]any{"channel": channel}) + } } } } @@ -629,7 +635,7 @@ func dispatchLoop[M any]( func (m *Manager) dispatchOutbound(ctx context.Context) { dispatchLoop( ctx, m, - m.bus.SubscribeOutbound, + m.bus.OutboundChan(), func(msg bus.OutboundMessage) string { return msg.Channel }, func(ctx context.Context, w *channelWorker, msg bus.OutboundMessage) bool { select { @@ -649,7 +655,7 @@ func (m *Manager) dispatchOutbound(ctx context.Context) { func (m *Manager) dispatchOutboundMedia(ctx context.Context) { dispatchLoop( ctx, m, - m.bus.SubscribeOutboundMedia, + m.bus.OutboundMediaChan(), func(msg bus.OutboundMediaMessage) string { return msg.Channel }, func(ctx context.Context, w *channelWorker, msg bus.OutboundMediaMessage) bool { select { diff --git a/pkg/channels/qq/qq_test.go b/pkg/channels/qq/qq_test.go index 3ceee0d09..b04cf5abd 100644 --- a/pkg/channels/qq/qq_test.go +++ b/pkg/channels/qq/qq_test.go @@ -34,11 +34,19 @@ func TestHandleC2CMessage_IncludesAccountIDMetadata(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), time.Second) defer cancel() - inbound, ok := messageBus.ConsumeInbound(ctx) - if !ok { - t.Fatal("expected inbound message") - } - if inbound.Metadata["account_id"] != "7750283E123456" { - t.Fatalf("account_id metadata = %q, want %q", inbound.Metadata["account_id"], "7750283E123456") + for { + select { + case <-ctx.Done(): + t.Fatal("timeout waiting for inbound message") + return + case inbound, ok := <-messageBus.InboundChan(): + if !ok { + t.Fatal("expected inbound message") + } + if inbound.Metadata["account_id"] != "7750283E123456" { + t.Fatalf("account_id metadata = %q, want %q", inbound.Metadata["account_id"], "7750283E123456") + } + return + } } } diff --git a/pkg/channels/telegram/telegram_dispatch_test.go b/pkg/channels/telegram/telegram_dispatch_test.go index 1ea4a4824..0eb1de5ea 100644 --- a/pkg/channels/telegram/telegram_dispatch_test.go +++ b/pkg/channels/telegram/telegram_dispatch_test.go @@ -3,7 +3,6 @@ package telegram import ( "context" "testing" - "time" "github.com/mymmrac/telego" @@ -36,10 +35,7 @@ func TestHandleMessage_DoesNotConsumeGenericCommandsLocally(t *testing.T) { t.Fatalf("handleMessage error: %v", err) } - ctx, cancel := context.WithTimeout(context.Background(), time.Second) - defer cancel() - - inbound, ok := messageBus.ConsumeInbound(ctx) + inbound, ok := <-messageBus.InboundChan() if !ok { t.Fatal("expected inbound message to be forwarded") } diff --git a/pkg/channels/telegram/telegram_group_command_filter_test.go b/pkg/channels/telegram/telegram_group_command_filter_test.go index 0d5b985fe..614b2ca7f 100644 --- a/pkg/channels/telegram/telegram_group_command_filter_test.go +++ b/pkg/channels/telegram/telegram_group_command_filter_test.go @@ -108,22 +108,24 @@ func TestHandleMessage_GroupMentionOnly_BotCommandEntity(t *testing.T) { t.Fatalf("handleMessage error: %v", err) } - ctx, cancel := context.WithTimeout(context.Background(), 150*time.Millisecond) + ctx, cancel := context.WithTimeout(context.Background(), 200*time.Microsecond) defer cancel() - - inbound, ok := messageBus.ConsumeInbound(ctx) - if tc.wantForwarded { - if !ok { - t.Fatal("expected inbound message to be forwarded") + select { + case <-ctx.Done(): + if tc.wantForwarded { + t.Fatal("timeout waiting for message to be forwarded") + return } - if inbound.Content != tc.wantContent { - t.Fatalf("content=%q want=%q", inbound.Content, tc.wantContent) + case inbound, ok := <-messageBus.InboundChan(): + if tc.wantForwarded { + if !ok { + t.Fatal("expected inbound message to be forwarded") + } + if inbound.Content != tc.wantContent { + t.Fatalf("content=%q want=%q", inbound.Content, tc.wantContent) + } + return } - return - } - - if ok { - t.Fatalf("expected message to be filtered, got content=%q", inbound.Content) } }) } diff --git a/pkg/channels/telegram/telegram_test.go b/pkg/channels/telegram/telegram_test.go index c2186d0a3..52a2b046c 100644 --- a/pkg/channels/telegram/telegram_test.go +++ b/pkg/channels/telegram/telegram_test.go @@ -6,7 +6,6 @@ import ( "errors" "strings" "testing" - "time" "github.com/mymmrac/telego" ta "github.com/mymmrac/telego/telegoapi" @@ -355,10 +354,7 @@ func TestHandleMessage_ForumTopic_SetsMetadata(t *testing.T) { err := ch.handleMessage(context.Background(), msg) require.NoError(t, err) - ctx, cancel := context.WithTimeout(context.Background(), time.Second) - defer cancel() - - inbound, ok := messageBus.ConsumeInbound(ctx) + inbound, ok := <-messageBus.InboundChan() require.True(t, ok, "expected inbound message") // Composite chatID should include thread ID @@ -397,10 +393,7 @@ func TestHandleMessage_NoForum_NoThreadMetadata(t *testing.T) { err := ch.handleMessage(context.Background(), msg) require.NoError(t, err) - ctx, cancel := context.WithTimeout(context.Background(), time.Second) - defer cancel() - - inbound, ok := messageBus.ConsumeInbound(ctx) + inbound, ok := <-messageBus.InboundChan() require.True(t, ok) // Plain chatID without thread suffix @@ -443,10 +436,7 @@ func TestHandleMessage_ReplyThread_NonForum_NoIsolation(t *testing.T) { err := ch.handleMessage(context.Background(), msg) require.NoError(t, err) - ctx, cancel := context.WithTimeout(context.Background(), time.Second) - defer cancel() - - inbound, ok := messageBus.ConsumeInbound(ctx) + inbound, ok := <-messageBus.InboundChan() require.True(t, ok) // chatID should NOT include thread suffix for non-forum groups diff --git a/pkg/channels/whatsapp/whatsapp_command_test.go b/pkg/channels/whatsapp/whatsapp_command_test.go index ee8aa4a52..2d85d74f8 100644 --- a/pkg/channels/whatsapp/whatsapp_command_test.go +++ b/pkg/channels/whatsapp/whatsapp_command_test.go @@ -3,7 +3,6 @@ package whatsapp import ( "context" "testing" - "time" "github.com/sipeed/picoclaw/pkg/bus" "github.com/sipeed/picoclaw/pkg/channels" @@ -25,10 +24,7 @@ func TestHandleIncomingMessage_DoesNotConsumeGenericCommandsLocally(t *testing.T "content": "/help", }) - ctx, cancel := context.WithTimeout(context.Background(), time.Second) - defer cancel() - - inbound, ok := messageBus.ConsumeInbound(ctx) + inbound, ok := <-messageBus.InboundChan() if !ok { t.Fatal("expected inbound message to be forwarded") } diff --git a/pkg/channels/whatsapp_native/whatsapp_command_test.go b/pkg/channels/whatsapp_native/whatsapp_command_test.go index cc2dcb619..e51bec392 100644 --- a/pkg/channels/whatsapp_native/whatsapp_command_test.go +++ b/pkg/channels/whatsapp_native/whatsapp_command_test.go @@ -43,14 +43,19 @@ func TestHandleIncoming_DoesNotConsumeGenericCommandsLocally(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), time.Second) defer cancel() - inbound, ok := messageBus.ConsumeInbound(ctx) - if !ok { - t.Fatal("expected inbound message to be forwarded") - } - if inbound.Channel != "whatsapp_native" { - t.Fatalf("channel=%q", inbound.Channel) - } - if inbound.Content != "/new" { - t.Fatalf("content=%q", inbound.Content) + select { + case <-ctx.Done(): + t.Fatal("timeout waiting for message to be forwarded") + return + case inbound, ok := <-messageBus.InboundChan(): + if !ok { + t.Fatal("expected inbound message to be forwarded") + } + if inbound.Channel != "whatsapp_native" { + t.Fatalf("channel=%q", inbound.Channel) + } + if inbound.Content != "/new" { + t.Fatalf("content=%q", inbound.Content) + } } } From 8f460726cc8be61f14097b65314986117ea6e9e3 Mon Sep 17 00:00:00 2001 From: afjcjsbx Date: Tue, 17 Mar 2026 17:14:23 +0100 Subject: [PATCH 11/24] fix lint + error check --- pkg/agent/loop.go | 2 +- pkg/config/config.go | 8 ++++---- pkg/tools/web.go | 36 +++++++++++++++++++++++++++++++----- pkg/tools/web_test.go | 11 ++++++----- 4 files changed, 42 insertions(+), 15 deletions(-) diff --git a/pkg/agent/loop.go b/pkg/agent/loop.go index 22a5d40c8..b3e392305 100644 --- a/pkg/agent/loop.go +++ b/pkg/agent/loop.go @@ -166,7 +166,7 @@ func registerSharedTools( cfg.Tools.Web.Proxy, cfg.Tools.Web.Format, cfg.Tools.Web.FetchLimitBytes, - cfg.Tools.Web.PrivateHostWhitelist) + cfg.Tools.Web.PrivateHostWhitelist) if err != nil { logger.ErrorCF("agent", "Failed to create web fetch tool", map[string]any{"error": err.Error()}) } else { diff --git a/pkg/config/config.go b/pkg/config/config.go index 6827cc4d7..fce5fbef9 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -695,10 +695,10 @@ type WebToolsConfig struct { GLMSearch GLMSearchConfig ` json:"glm_search"` // Proxy is an optional proxy URL for web tools (http/https/socks5/socks5h). // For authenticated proxies, prefer HTTP_PROXY/HTTPS_PROXY env vars instead of embedding credentials in config. - Proxy string `json:"proxy,omitempty" env:"PICOCLAW_TOOLS_WEB_PROXY"` - FetchLimitBytes int64 `json:"fetch_limit_bytes,omitempty" env:"PICOCLAW_TOOLS_WEB_FETCH_LIMIT_BYTES"` - Format string `json:"format,omitempty" env:"PICOCLAW_TOOLS_WEB_FORMAT"` - PrivateHostWhitelist FlexibleStringSlice `json:"private_host_whitelist,omitempty" env:"PICOCLAW_TOOLS_WEB_PRIVATE_HOST_WHITELIST"` + Proxy string `json:"proxy,omitempty" env:"PICOCLAW_TOOLS_WEB_PROXY"` + FetchLimitBytes int64 `json:"fetch_limit_bytes,omitempty" env:"PICOCLAW_TOOLS_WEB_FETCH_LIMIT_BYTES"` + Format string `json:"format,omitempty" env:"PICOCLAW_TOOLS_WEB_FORMAT"` + PrivateHostWhitelist FlexibleStringSlice `json:"private_host_whitelist,omitempty" env:"PICOCLAW_TOOLS_WEB_PRIVATE_HOST_WHITELIST"` } type CronToolsConfig struct { diff --git a/pkg/tools/web.go b/pkg/tools/web.go index fed2c5207..810914f2e 100644 --- a/pkg/tools/web.go +++ b/pkg/tools/web.go @@ -16,6 +16,7 @@ import ( "sync/atomic" "time" + "github.com/sipeed/picoclaw/pkg/logger" "github.com/sipeed/picoclaw/pkg/utils" ) @@ -29,7 +30,6 @@ const ( defaultMaxChars = 50000 maxRedirects = 5 - format = "plaintext" ) // Pre-compiled regexes for HTML text extraction @@ -790,20 +790,27 @@ type privateHostWhitelist struct { func NewWebFetchTool(maxChars int, format string, fetchLimitBytes int64) (*WebFetchTool, error) { // createHTTPClient cannot fail with an empty proxy string. - return NewWebFetchToolWithProxy(maxChars, "", format, fetchLimitBytes, nil) + return NewWebFetchToolWithConfig(maxChars, "", format, fetchLimitBytes, nil) } // allowPrivateWebFetchHosts controls whether loopback/private hosts are allowed. // This is false in normal runtime to reduce SSRF exposure, and tests can override it temporarily. var allowPrivateWebFetchHosts atomic.Bool -func NewWebFetchToolWithProxy(maxChars int, proxy string, format string, fetchLimitBytes int64) (*WebFetchTool, error) { - return NewWebFetchToolWithConfig(maxChars, proxy, fetchLimitBytes, nil) +func NewWebFetchToolWithProxy( + maxChars int, + proxy string, + format string, + fetchLimitBytes int64, + privateHostWhitelist []string, +) (*WebFetchTool, error) { + return NewWebFetchToolWithConfig(maxChars, proxy, format, fetchLimitBytes, privateHostWhitelist) } func NewWebFetchToolWithConfig( maxChars int, proxy string, + format string, fetchLimitBytes int64, privateHostWhitelist []string, ) (*WebFetchTool, error) { @@ -933,7 +940,26 @@ func (t *WebFetchTool) Execute(ctx context.Context, args map[string]any) *ToolRe bodyStr := string(body) contentType := resp.Header.Get("Content-Type") - mediaType, _, _ := mime.ParseMediaType(contentType) + mediaType, params, err := mime.ParseMediaType(contentType) + if err != nil { + // The most common error here is "mime: no media type" if the header is empty. + logger.WarnCF("tool", "Failed to parse Content-Type", map[string]any{ + "raw_header": contentType, + "error": err.Error(), + }) + + // security fallback + mediaType = "application/octet-stream" + } + + charset, hasCharset := params["charset"] + if hasCharset { + // If the charset is not utf-8, we might have to convert the bodyStr + // before passing it to the HTML/Markdown parser + if strings.ToLower(charset) != "utf-8" { + logger.WarnCF("tool", "Note: the content is not in UTF-8", map[string]any{"charset": charset}) + } + } var text, extractor string diff --git a/pkg/tools/web_test.go b/pkg/tools/web_test.go index 1bfcd2985..dfb33971a 100644 --- a/pkg/tools/web_test.go +++ b/pkg/tools/web_test.go @@ -17,6 +17,7 @@ import ( const ( testFetchLimit = int64(10 * 1024 * 1024) + format = "plaintext" ) // TestWebTool_WebFetch_Success verifies successful URL fetching @@ -476,7 +477,7 @@ func TestWebTool_WebFetch_PrivateHostAllowedByExactWhitelist(t *testing.T) { defer server.Close() host, _ := serverHostAndPort(t, server.URL) - tool, err := NewWebFetchToolWithConfig(50000, "", testFetchLimit, []string{host}) + tool, err := NewWebFetchToolWithConfig(50000, "", format, testFetchLimit, []string{host}) if err != nil { t.Fatalf("Failed to create web fetch tool: %v", err) } @@ -501,7 +502,7 @@ func TestWebTool_WebFetch_PrivateHostAllowedByCIDRWhitelist(t *testing.T) { defer server.Close() host, _ := serverHostAndPort(t, server.URL) - tool, err := NewWebFetchToolWithConfig(50000, "", testFetchLimit, []string{singleHostCIDR(t, host)}) + tool, err := NewWebFetchToolWithConfig(50000, "", format, testFetchLimit, []string{singleHostCIDR(t, host)}) if err != nil { t.Fatalf("Failed to create web fetch tool: %v", err) } @@ -778,7 +779,7 @@ func TestWebTool_WebFetch_MissingDomain(t *testing.T) { } func TestNewWebFetchToolWithProxy(t *testing.T) { - tool, err := NewWebFetchToolWithProxy(1024, "http://127.0.0.1:7890", format, testFetchLimit) + tool, err := NewWebFetchToolWithProxy(1024, "http://127.0.0.1:7890", format, testFetchLimit, nil) if err != nil { logger.ErrorCF("agent", "Failed to create web fetch tool", map[string]any{"error": err.Error()}) } else if tool.maxChars != 1024 { @@ -789,7 +790,7 @@ func TestNewWebFetchToolWithProxy(t *testing.T) { t.Fatalf("proxy = %q, want %q", tool.proxy, "http://127.0.0.1:7890") } - tool, err = NewWebFetchToolWithProxy(0, "http://127.0.0.1:7890", format, testFetchLimit) + tool, err = NewWebFetchToolWithProxy(0, "http://127.0.0.1:7890", format, testFetchLimit, nil) if err != nil { logger.ErrorCF("agent", "Failed to create web fetch tool", map[string]any{"error": err.Error()}) } @@ -800,7 +801,7 @@ func TestNewWebFetchToolWithProxy(t *testing.T) { } func TestNewWebFetchToolWithConfig_InvalidPrivateHostWhitelist(t *testing.T) { - _, err := NewWebFetchToolWithConfig(1024, "", testFetchLimit, []string{"not-an-ip-or-cidr"}) + _, err := NewWebFetchToolWithConfig(1024, "", format, testFetchLimit, []string{"not-an-ip-or-cidr"}) if err == nil { t.Fatal("expected invalid whitelist entry to fail") } From 61a899cfbce25ed07eac7f0e652069b5c550e3f3 Mon Sep 17 00:00:00 2001 From: Liu Yuan Date: Wed, 18 Mar 2026 01:37:07 +0800 Subject: [PATCH 12/24] fix(cron): update test to use OutboundChan instead of removed SubscribeOutbound The SubscribeOutbound method was removed in commit 9c31b0c but cron_test.go was not updated to use the new OutboundChan() API. --- pkg/tools/cron_test.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkg/tools/cron_test.go b/pkg/tools/cron_test.go index 09d29b6fa..cd7d39860 100644 --- a/pkg/tools/cron_test.go +++ b/pkg/tools/cron_test.go @@ -226,9 +226,12 @@ func TestCronTool_ExecuteJobPublishesErrorWhenExecDisabled(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), time.Second) defer cancel() - msg, ok := tool.msgBus.SubscribeOutbound(ctx) - if !ok { - t.Fatal("expected outbound message") + var msg bus.OutboundMessage + select { + case msg = <-tool.msgBus.OutboundChan(): + // got message + case <-ctx.Done(): + t.Fatal("timeout waiting for outbound message") } if !strings.Contains(msg.Content, "command execution is disabled") { t.Fatalf("expected exec disabled message, got: %s", msg.Content) From f12c09b767bb0a3bdd3ec546332a4018631a4a74 Mon Sep 17 00:00:00 2001 From: Zenix Date: Wed, 18 Mar 2026 11:46:35 +0900 Subject: [PATCH 13/24] fix: retry on dimension failure for tg media upload (#1409) --- pkg/channels/telegram/telegram.go | 15 +++ pkg/channels/telegram/telegram_test.go | 135 ++++++++++++++++++++++++- 2 files changed, 149 insertions(+), 1 deletion(-) diff --git a/pkg/channels/telegram/telegram.go b/pkg/channels/telegram/telegram.go index 34ee46b7b..ca746240f 100644 --- a/pkg/channels/telegram/telegram.go +++ b/pkg/channels/telegram/telegram.go @@ -3,6 +3,7 @@ package telegram import ( "context" "fmt" + "io" "net/http" "net/url" "os" @@ -367,6 +368,20 @@ func (c *TelegramChannel) SendMedia(ctx context.Context, msg bus.OutboundMediaMe Caption: part.Caption, } _, err = c.bot.SendPhoto(ctx, params) + if err != nil && strings.Contains(err.Error(), "PHOTO_INVALID_DIMENSIONS") { + if _, seekErr := file.Seek(0, io.SeekStart); seekErr != nil { + file.Close() + return fmt.Errorf("telegram rewind media after photo failure: %w", channels.ErrTemporary) + } + + docParams := &telego.SendDocumentParams{ + ChatID: tu.ID(chatID), + MessageThreadID: threadID, + Document: telego.InputFile{File: file}, + Caption: part.Caption, + } + _, err = c.bot.SendDocument(ctx, docParams) + } case "audio": params := &telego.SendAudioParams{ ChatID: tu.ID(chatID), diff --git a/pkg/channels/telegram/telegram_test.go b/pkg/channels/telegram/telegram_test.go index 52a2b046c..09ae1b2a7 100644 --- a/pkg/channels/telegram/telegram_test.go +++ b/pkg/channels/telegram/telegram_test.go @@ -4,6 +4,9 @@ import ( "context" "encoding/json" "errors" + "io" + "os" + "path/filepath" "strings" "testing" @@ -14,6 +17,7 @@ import ( "github.com/sipeed/picoclaw/pkg/bus" "github.com/sipeed/picoclaw/pkg/channels" + "github.com/sipeed/picoclaw/pkg/media" ) const testToken = "1234567890:aaaabbbbaaaabbbbaaaabbbbaaaabbbbccc" @@ -37,6 +41,11 @@ func (s *stubCaller) Call(ctx context.Context, url string, data *ta.RequestData) // stubConstructor implements ta.RequestConstructor for testing. type stubConstructor struct{} +type multipartCall struct { + Parameters map[string]string + FileSizes map[string]int +} + func (s *stubConstructor) JSONRequest(parameters any) (*ta.RequestData, error) { return &ta.RequestData{}, nil } @@ -48,6 +57,36 @@ func (s *stubConstructor) MultipartRequest( return &ta.RequestData{}, nil } +type multipartRecordingConstructor struct { + stubConstructor + calls []multipartCall +} + +func (s *multipartRecordingConstructor) MultipartRequest( + parameters map[string]string, + files map[string]ta.NamedReader, +) (*ta.RequestData, error) { + call := multipartCall{ + Parameters: make(map[string]string, len(parameters)), + FileSizes: make(map[string]int, len(files)), + } + for k, v := range parameters { + call.Parameters[k] = v + } + for field, file := range files { + if file == nil { + continue + } + data, err := io.ReadAll(file) + if err != nil { + return nil, err + } + call.FileSizes[field] = len(data) + } + s.calls = append(s.calls, call) + return &ta.RequestData{}, nil +} + // successResponse returns a ta.Response that telego will treat as a successful SendMessage. func successResponse(t *testing.T) *ta.Response { t.Helper() @@ -59,11 +98,19 @@ func successResponse(t *testing.T) *ta.Response { // newTestChannel creates a TelegramChannel with a mocked bot for unit testing. func newTestChannel(t *testing.T, caller *stubCaller) *TelegramChannel { + return newTestChannelWithConstructor(t, caller, &stubConstructor{}) +} + +func newTestChannelWithConstructor( + t *testing.T, + caller *stubCaller, + constructor ta.RequestConstructor, +) *TelegramChannel { t.Helper() bot, err := telego.NewBot(testToken, telego.WithAPICaller(caller), - telego.WithRequestConstructor(&stubConstructor{}), + telego.WithRequestConstructor(constructor), telego.WithDiscardLogger(), ) require.NoError(t, err) @@ -80,6 +127,92 @@ func newTestChannel(t *testing.T, caller *stubCaller) *TelegramChannel { } } +func TestSendMedia_ImageFallbacksToDocumentOnInvalidDimensions(t *testing.T) { + constructor := &multipartRecordingConstructor{} + caller := &stubCaller{ + callFn: func(ctx context.Context, url string, data *ta.RequestData) (*ta.Response, error) { + switch { + case strings.Contains(url, "sendPhoto"): + return nil, errors.New(`api: 400 "Bad Request: PHOTO_INVALID_DIMENSIONS"`) + case strings.Contains(url, "sendDocument"): + return successResponse(t), nil + default: + t.Fatalf("unexpected API call: %s", url) + return nil, nil + } + }, + } + ch := newTestChannelWithConstructor(t, caller, constructor) + + store := media.NewFileMediaStore() + ch.SetMediaStore(store) + + tmpDir := t.TempDir() + localPath := filepath.Join(tmpDir, "woodstock-en-10s.png") + content := []byte("fake-png-content") + require.NoError(t, os.WriteFile(localPath, content, 0o644)) + + ref, err := store.Store( + localPath, + media.MediaMeta{Filename: "woodstock-en-10s.png", ContentType: "image/png"}, + "scope-1", + ) + require.NoError(t, err) + + err = ch.SendMedia(context.Background(), bus.OutboundMediaMessage{ + ChatID: "12345", + Parts: []bus.MediaPart{{ + Type: "image", + Ref: ref, + Caption: "caption", + }}, + }) + + require.NoError(t, err) + require.Len(t, caller.calls, 2) + assert.Contains(t, caller.calls[0].URL, "sendPhoto") + assert.Contains(t, caller.calls[1].URL, "sendDocument") + require.Len(t, constructor.calls, 2) + assert.Equal(t, len(content), constructor.calls[0].FileSizes["photo"]) + assert.Equal(t, len(content), constructor.calls[1].FileSizes["document"]) + assert.Equal(t, "caption", constructor.calls[1].Parameters["caption"]) +} + +func TestSendMedia_ImageNonDimensionErrorDoesNotFallback(t *testing.T) { + constructor := &multipartRecordingConstructor{} + caller := &stubCaller{ + callFn: func(ctx context.Context, url string, data *ta.RequestData) (*ta.Response, error) { + return nil, errors.New("api: 500 \"server exploded\"") + }, + } + ch := newTestChannelWithConstructor(t, caller, constructor) + + store := media.NewFileMediaStore() + ch.SetMediaStore(store) + + tmpDir := t.TempDir() + localPath := filepath.Join(tmpDir, "image.png") + require.NoError(t, os.WriteFile(localPath, []byte("fake-png-content"), 0o644)) + + ref, err := store.Store(localPath, media.MediaMeta{Filename: "image.png", ContentType: "image/png"}, "scope-1") + require.NoError(t, err) + + err = ch.SendMedia(context.Background(), bus.OutboundMediaMessage{ + ChatID: "12345", + Parts: []bus.MediaPart{{ + Type: "image", + Ref: ref, + }}, + }) + + require.Error(t, err) + assert.ErrorIs(t, err, channels.ErrTemporary) + require.Len(t, caller.calls, 1) + assert.Contains(t, caller.calls[0].URL, "sendPhoto") + require.Len(t, constructor.calls, 1) + assert.NotContains(t, caller.calls[0].URL, "sendDocument") +} + func TestSend_EmptyContent(t *testing.T) { caller := &stubCaller{ callFn: func(ctx context.Context, url string, data *ta.RequestData) (*ta.Response, error) { From f79469c19dff69650c3ba8f6129f9b357596eff9 Mon Sep 17 00:00:00 2001 From: dataCenter430 <161712630+dataCenter430@users.noreply.github.com> Date: Wed, 18 Mar 2026 04:55:30 +0100 Subject: [PATCH 14/24] Add model-native search (prefer_native) for OpenAI/Codex (#1618) * config: add prefer_native and NativeSearchCapable for model-native search * providers: implement native web search for OpenAI and Codex * agent: use provider-native search when prefer_native and supported * tests: add coverage for model-native search * fix: Golang lint errors * fix: update the code based on the review * fix: update codex_provider_test --- config/config.example.json | 1 + pkg/agent/loop.go | 39 ++++ pkg/agent/loop_test.go | 81 +++++++ pkg/config/config.go | 6 + pkg/config/config_test.go | 39 ++++ pkg/config/defaults.go | 1 + pkg/providers/codex_provider.go | 9 +- pkg/providers/codex_provider_test.go | 4 +- pkg/providers/http_provider.go | 4 + pkg/providers/openai_compat/provider.go | 34 ++- pkg/providers/openai_compat/provider_test.go | 226 +++++++++++++++++++ pkg/providers/types.go | 9 + 12 files changed, 449 insertions(+), 4 deletions(-) diff --git a/config/config.example.json b/config/config.example.json index 9a92ff0c2..350f085d0 100644 --- a/config/config.example.json +++ b/config/config.example.json @@ -313,6 +313,7 @@ "allow_write_paths": null, "web": { "enabled": true, + "prefer_native": true, "fetch_limit_bytes": 10485760, "format": "plaintext", "brave": { diff --git a/pkg/agent/loop.go b/pkg/agent/loop.go index 98ef47a99..86994c360 100644 --- a/pkg/agent/loop.go +++ b/pkg/agent/loop.go @@ -1037,6 +1037,19 @@ func (al *AgentLoop) runLLMIteration( // Build tool definitions providerToolDefs := agent.Tools.ToProviderDefs() + // Determine whether the provider's native web search should replace + // the client-side web_search tool for this request. Only enable when web + // search is actually enabled and registered (so users who disabled web + // access do not get provider-side search or billing). + _, hasWebSearch := agent.Tools.Get("web_search") + useNativeSearch := al.cfg.Tools.Web.PreferNative && + isNativeSearchProvider(agent.Provider) && + hasWebSearch + + if useNativeSearch { + providerToolDefs = filterClientWebSearch(providerToolDefs) + } + // Log LLM request details logger.DebugCF("agent", "LLM request", map[string]any{ @@ -1045,6 +1058,7 @@ func (al *AgentLoop) runLLMIteration( "model": activeModel, "messages_count": len(messages), "tools_count": len(providerToolDefs), + "native_search": useNativeSearch, "max_tokens": agent.MaxTokens, "temperature": agent.Temperature, "system_prompt_len": len(messages[0].Content), @@ -1067,6 +1081,9 @@ func (al *AgentLoop) runLLMIteration( "temperature": agent.Temperature, "prompt_cache_key": agent.ID, } + if useNativeSearch { + llmOpts["native_search"] = true + } // parseThinkingLevel guarantees ThinkingOff for empty/unknown values, // so checking != ThinkingOff is sufficient. if agent.ThinkingLevel != ThinkingOff { @@ -1976,6 +1993,28 @@ func extractParentPeer(msg bus.InboundMessage) *routing.RoutePeer { return &routing.RoutePeer{Kind: parentKind, ID: parentID} } +// isNativeSearchProvider reports whether the given LLM provider implements +// NativeSearchCapable and returns true for SupportsNativeSearch. +func isNativeSearchProvider(p providers.LLMProvider) bool { + if ns, ok := p.(providers.NativeSearchCapable); ok { + return ns.SupportsNativeSearch() + } + return false +} + +// filterClientWebSearch returns a copy of tools with the client-side +// web_search tool removed. Used when native provider search is preferred. +func filterClientWebSearch(tools []providers.ToolDefinition) []providers.ToolDefinition { + result := make([]providers.ToolDefinition, 0, len(tools)) + for _, t := range tools { + if strings.EqualFold(t.Function.Name, "web_search") { + continue + } + result = append(result, t) + } + return result +} + // Helper to extract provider from registry for cleanup func extractProvider(registry *AgentRegistry) (providers.LLMProvider, bool) { if registry == nil { diff --git a/pkg/agent/loop_test.go b/pkg/agent/loop_test.go index 25ee6ab4d..8432ccac4 100644 --- a/pkg/agent/loop_test.go +++ b/pkg/agent/loop_test.go @@ -1426,3 +1426,84 @@ func TestResolveMediaRefs_MixedImageAndFile(t *testing.T) { t.Fatalf("expected content %q, got %q", expectedContent, result[0].Content) } } + +// --- Native search helper tests --- + +type nativeSearchProvider struct { + supported bool +} + +func (p *nativeSearchProvider) Chat( + ctx context.Context, msgs []providers.Message, tools []providers.ToolDefinition, + model string, opts map[string]any, +) (*providers.LLMResponse, error) { + return &providers.LLMResponse{Content: "ok"}, nil +} + +func (p *nativeSearchProvider) GetDefaultModel() string { return "test-model" } + +func (p *nativeSearchProvider) SupportsNativeSearch() bool { return p.supported } + +type plainProvider struct{} + +func (p *plainProvider) Chat( + ctx context.Context, msgs []providers.Message, tools []providers.ToolDefinition, + model string, opts map[string]any, +) (*providers.LLMResponse, error) { + return &providers.LLMResponse{Content: "ok"}, nil +} + +func (p *plainProvider) GetDefaultModel() string { return "test-model" } + +func TestIsNativeSearchProvider_Supported(t *testing.T) { + if !isNativeSearchProvider(&nativeSearchProvider{supported: true}) { + t.Fatal("expected true for provider that supports native search") + } +} + +func TestIsNativeSearchProvider_NotSupported(t *testing.T) { + if isNativeSearchProvider(&nativeSearchProvider{supported: false}) { + t.Fatal("expected false for provider that does not support native search") + } +} + +func TestIsNativeSearchProvider_NoInterface(t *testing.T) { + if isNativeSearchProvider(&plainProvider{}) { + t.Fatal("expected false for provider that does not implement NativeSearchCapable") + } +} + +func TestFilterClientWebSearch_RemovesWebSearch(t *testing.T) { + defs := []providers.ToolDefinition{ + {Type: "function", Function: providers.ToolFunctionDefinition{Name: "web_search"}}, + {Type: "function", Function: providers.ToolFunctionDefinition{Name: "read_file"}}, + {Type: "function", Function: providers.ToolFunctionDefinition{Name: "exec"}}, + } + result := filterClientWebSearch(defs) + if len(result) != 2 { + t.Fatalf("len(result) = %d, want 2", len(result)) + } + for _, td := range result { + if td.Function.Name == "web_search" { + t.Fatal("web_search should be filtered out") + } + } +} + +func TestFilterClientWebSearch_NoWebSearch(t *testing.T) { + defs := []providers.ToolDefinition{ + {Type: "function", Function: providers.ToolFunctionDefinition{Name: "read_file"}}, + {Type: "function", Function: providers.ToolFunctionDefinition{Name: "exec"}}, + } + result := filterClientWebSearch(defs) + if len(result) != 2 { + t.Fatalf("len(result) = %d, want 2", len(result)) + } +} + +func TestFilterClientWebSearch_EmptyInput(t *testing.T) { + result := filterClientWebSearch(nil) + if len(result) != 0 { + t.Fatalf("len(result) = %d, want 0", len(result)) + } +} diff --git a/pkg/config/config.go b/pkg/config/config.go index 7a47fccae..49fb3679f 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -693,6 +693,12 @@ type WebToolsConfig struct { Perplexity PerplexityConfig ` json:"perplexity"` SearXNG SearXNGConfig ` json:"searxng"` GLMSearch GLMSearchConfig ` json:"glm_search"` + // PreferNative controls whether to use provider-native web search when + // the active LLM supports it (e.g. OpenAI web_search_preview). When true, + // the client-side web_search tool is hidden to avoid duplicate search surfaces, + // and the provider's built-in search is used instead. Falls back to client-side + // search when the provider does not support native search. + PreferNative bool `json:"prefer_native" env:"PICOCLAW_TOOLS_WEB_PREFER_NATIVE"` // Proxy is an optional proxy URL for web tools (http/https/socks5/socks5h). // For authenticated proxies, prefer HTTP_PROXY/HTTPS_PROXY env vars instead of embedding credentials in config. Proxy string `json:"proxy,omitempty" env:"PICOCLAW_TOOLS_WEB_PROXY"` diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index f4f8979e1..82a845471 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -401,6 +401,45 @@ func TestDefaultConfig_OpenAIWebSearchEnabled(t *testing.T) { } } +func TestDefaultConfig_WebPreferNativeEnabled(t *testing.T) { + cfg := DefaultConfig() + if !cfg.Tools.Web.PreferNative { + t.Fatal("DefaultConfig().Tools.Web.PreferNative should be true") + } +} + +func TestLoadConfig_WebPreferNativeDefaultsTrueWhenUnset(t *testing.T) { + dir := t.TempDir() + configPath := filepath.Join(dir, "config.json") + if err := os.WriteFile(configPath, []byte(`{"tools":{"web":{"enabled":true}}}`), 0o600); err != nil { + t.Fatalf("WriteFile() error: %v", err) + } + + cfg, err := LoadConfig(configPath) + if err != nil { + t.Fatalf("LoadConfig() error: %v", err) + } + if !cfg.Tools.Web.PreferNative { + t.Fatal("PreferNative should remain true when unset in config file") + } +} + +func TestLoadConfig_WebPreferNativeCanBeDisabled(t *testing.T) { + dir := t.TempDir() + configPath := filepath.Join(dir, "config.json") + if err := os.WriteFile(configPath, []byte(`{"tools":{"web":{"prefer_native":false}}}`), 0o600); err != nil { + t.Fatalf("WriteFile() error: %v", err) + } + + cfg, err := LoadConfig(configPath) + if err != nil { + t.Fatalf("LoadConfig() error: %v", err) + } + if cfg.Tools.Web.PreferNative { + t.Fatal("PreferNative should be false when disabled in config file") + } +} + func TestDefaultConfig_ExecAllowRemoteEnabled(t *testing.T) { cfg := DefaultConfig() if !cfg.Tools.Exec.AllowRemote { diff --git a/pkg/config/defaults.go b/pkg/config/defaults.go index eebb1dce3..9e8668779 100644 --- a/pkg/config/defaults.go +++ b/pkg/config/defaults.go @@ -411,6 +411,7 @@ func DefaultConfig() *Config { ToolConfig: ToolConfig{ Enabled: true, }, + PreferNative: true, Proxy: "", FetchLimitBytes: 10 * 1024 * 1024, // 10MB by default Format: "plaintext", diff --git a/pkg/providers/codex_provider.go b/pkg/providers/codex_provider.go index cf5c2d876..4a6d61a4b 100644 --- a/pkg/providers/codex_provider.go +++ b/pkg/providers/codex_provider.go @@ -95,7 +95,10 @@ func (p *CodexProvider) Chat( ) } - params := buildCodexParams(messages, tools, resolvedModel, options, p.enableWebSearch) + // Respect tools.web.prefer_native: only inject native search when the agent + // loop requested it (options["native_search"]), so prefer_native: false + useNativeSearch := p.enableWebSearch && (options["native_search"] == true) + params := buildCodexParams(messages, tools, resolvedModel, options, useNativeSearch) stream := p.client.Responses.NewStreaming(ctx, params, opts...) defer stream.Close() @@ -157,6 +160,10 @@ func (p *CodexProvider) GetDefaultModel() string { return codexDefaultModel } +func (p *CodexProvider) SupportsNativeSearch() bool { + return p.enableWebSearch +} + func resolveCodexModel(model string) (string, string) { m := strings.ToLower(strings.TrimSpace(model)) if m == "" { diff --git a/pkg/providers/codex_provider_test.go b/pkg/providers/codex_provider_test.go index dd5ad2637..3a0da5e3b 100644 --- a/pkg/providers/codex_provider_test.go +++ b/pkg/providers/codex_provider_test.go @@ -355,7 +355,9 @@ func TestCodexProvider_ChatRoundTrip(t *testing.T) { provider.client = createOpenAITestClient(server.URL, "test-token", "acc-123") messages := []Message{{Role: "user", Content: "Hello"}} - resp, err := provider.Chat(t.Context(), messages, nil, "gpt-4o", map[string]any{"max_tokens": 1024}) + // Pass native_search so Codex injects built-in web search (mirrors agent loop when prefer_native is true). + opts := map[string]any{"max_tokens": 1024, "native_search": true} + resp, err := provider.Chat(t.Context(), messages, nil, "gpt-4o", opts) if err != nil { t.Fatalf("Chat() error: %v", err) } diff --git a/pkg/providers/http_provider.go b/pkg/providers/http_provider.go index 5c328f418..4d823630e 100644 --- a/pkg/providers/http_provider.go +++ b/pkg/providers/http_provider.go @@ -55,3 +55,7 @@ func (p *HTTPProvider) Chat( func (p *HTTPProvider) GetDefaultModel() string { return "" } + +func (p *HTTPProvider) SupportsNativeSearch() bool { + return p.delegate.SupportsNativeSearch() +} diff --git a/pkg/providers/openai_compat/provider.go b/pkg/providers/openai_compat/provider.go index fb2abaa5c..261f2d482 100644 --- a/pkg/providers/openai_compat/provider.go +++ b/pkg/providers/openai_compat/provider.go @@ -103,8 +103,11 @@ func (p *Provider) Chat( "messages": common.SerializeMessages(messages), } - if len(tools) > 0 { - requestBody["tools"] = tools + // When fallback uses a different provider (e.g. DeepSeek), that provider must not inject web_search_preview. + nativeSearch, _ := options["native_search"].(bool) + nativeSearch = nativeSearch && isNativeSearchHost(p.apiBase) + if len(tools) > 0 || nativeSearch { + requestBody["tools"] = buildToolsList(tools, nativeSearch) requestBody["tool_choice"] = "auto" } @@ -195,6 +198,33 @@ func normalizeModel(model, apiBase string) string { } } +func buildToolsList(tools []ToolDefinition, nativeSearch bool) []any { + result := make([]any, 0, len(tools)+1) + for _, t := range tools { + if nativeSearch && strings.EqualFold(t.Function.Name, "web_search") { + continue + } + result = append(result, t) + } + if nativeSearch { + result = append(result, map[string]any{"type": "web_search_preview"}) + } + return result +} + +func (p *Provider) SupportsNativeSearch() bool { + return isNativeSearchHost(p.apiBase) +} + +func isNativeSearchHost(apiBase string) bool { + u, err := url.Parse(apiBase) + if err != nil { + return false + } + host := u.Hostname() + return host == "api.openai.com" || strings.HasSuffix(host, ".openai.azure.com") +} + // supportsPromptCacheKey reports whether the given API base is known to // support the prompt_cache_key request field. Currently only OpenAI's own // API and Azure OpenAI support this. All other OpenAI-compatible providers diff --git a/pkg/providers/openai_compat/provider_test.go b/pkg/providers/openai_compat/provider_test.go index ed9747f9d..a3288a023 100644 --- a/pkg/providers/openai_compat/provider_test.go +++ b/pkg/providers/openai_compat/provider_test.go @@ -824,6 +824,232 @@ func TestSupportsPromptCacheKey(t *testing.T) { } } +func TestBuildToolsList_NativeSearchAddsWebSearchPreview(t *testing.T) { + tools := []ToolDefinition{ + {Type: "function", Function: ToolFunctionDefinition{Name: "read_file", Description: "read"}}, + } + result := buildToolsList(tools, true) + if len(result) != 2 { + t.Fatalf("len(result) = %d, want 2", len(result)) + } + wsEntry, ok := result[1].(map[string]any) + if !ok { + t.Fatalf("web search entry is %T, want map[string]any", result[1]) + } + if wsEntry["type"] != "web_search_preview" { + t.Fatalf("type = %v, want web_search_preview", wsEntry["type"]) + } +} + +func TestBuildToolsList_NativeSearchFiltersClientWebSearch(t *testing.T) { + tools := []ToolDefinition{ + {Type: "function", Function: ToolFunctionDefinition{Name: "web_search", Description: "search"}}, + {Type: "function", Function: ToolFunctionDefinition{Name: "read_file", Description: "read"}}, + } + result := buildToolsList(tools, true) + for _, entry := range result { + if td, ok := entry.(ToolDefinition); ok && strings.EqualFold(td.Function.Name, "web_search") { + t.Fatal("client-side web_search should be filtered out when native search is enabled") + } + } + if len(result) != 2 { // read_file + web_search_preview + t.Fatalf("len(result) = %d, want 2 (read_file + web_search_preview)", len(result)) + } +} + +func TestBuildToolsList_NoNativeSearchPassesThrough(t *testing.T) { + tools := []ToolDefinition{ + {Type: "function", Function: ToolFunctionDefinition{Name: "web_search", Description: "search"}}, + {Type: "function", Function: ToolFunctionDefinition{Name: "read_file", Description: "read"}}, + } + result := buildToolsList(tools, false) + if len(result) != 2 { + t.Fatalf("len(result) = %d, want 2", len(result)) + } +} + +func TestIsNativeSearchHost(t *testing.T) { + tests := []struct { + apiBase string + want bool + }{ + {"https://api.openai.com/v1", true}, + {"https://myresource.openai.azure.com/openai/deployments/gpt-4", true}, + {"https://api.mistral.ai/v1", false}, + {"https://api.deepseek.com/v1", false}, + {"https://api.groq.com/openai/v1", false}, + {"http://localhost:11434/v1", false}, + {"", false}, + } + for _, tt := range tests { + if got := isNativeSearchHost(tt.apiBase); got != tt.want { + t.Errorf("isNativeSearchHost(%q) = %v, want %v", tt.apiBase, got, tt.want) + } + } +} + +func TestSupportsNativeSearch_OpenAI(t *testing.T) { + p := NewProvider("key", "https://api.openai.com/v1", "") + if !p.SupportsNativeSearch() { + t.Fatal("OpenAI provider should support native search") + } +} + +func TestSupportsNativeSearch_NonOpenAI(t *testing.T) { + p := NewProvider("key", "https://api.deepseek.com/v1", "") + if p.SupportsNativeSearch() { + t.Fatal("DeepSeek provider should not support native search") + } +} + +func TestProviderChat_NativeSearchToolInjected(t *testing.T) { + var requestBody map[string]any + + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if err := json.NewDecoder(r.Body).Decode(&requestBody); err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + resp := map[string]any{ + "choices": []map[string]any{ + { + "message": map[string]any{"content": "ok"}, + "finish_reason": "stop", + }, + }, + } + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) + })) + defer server.Close() + + p := NewProvider("key", server.URL, "") + p.apiBase = "https://api.openai.com/v1" + p.httpClient = &http.Client{ + Transport: roundTripperFunc(func(r *http.Request) (*http.Response, error) { + r.URL, _ = url.Parse(server.URL + r.URL.Path) + return http.DefaultTransport.RoundTrip(r) + }), + } + tools := []ToolDefinition{ + {Type: "function", Function: ToolFunctionDefinition{Name: "read_file", Description: "read"}}, + } + _, err := p.Chat( + t.Context(), + []Message{{Role: "user", Content: "hi"}}, + tools, + "gpt-5.4", + map[string]any{"native_search": true}, + ) + if err != nil { + t.Fatalf("Chat() error = %v", err) + } + + toolsRaw, ok := requestBody["tools"].([]any) + if !ok { + t.Fatalf("tools is %T, want []any", requestBody["tools"]) + } + if len(toolsRaw) != 2 { + t.Fatalf("len(tools) = %d, want 2 (read_file + web_search_preview)", len(toolsRaw)) + } + + lastTool, ok := toolsRaw[1].(map[string]any) + if !ok { + t.Fatalf("last tool is %T, want map[string]any", toolsRaw[1]) + } + if lastTool["type"] != "web_search_preview" { + t.Fatalf("last tool type = %v, want web_search_preview", lastTool["type"]) + } +} + +func TestProviderChat_NativeSearchNotInjectedWithoutOption(t *testing.T) { + var requestBody map[string]any + + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if err := json.NewDecoder(r.Body).Decode(&requestBody); err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + resp := map[string]any{ + "choices": []map[string]any{ + { + "message": map[string]any{"content": "ok"}, + "finish_reason": "stop", + }, + }, + } + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) + })) + defer server.Close() + + p := NewProvider("key", server.URL, "") + tools := []ToolDefinition{ + {Type: "function", Function: ToolFunctionDefinition{Name: "web_search", Description: "search"}}, + } + _, err := p.Chat( + t.Context(), + []Message{{Role: "user", Content: "hi"}}, + tools, + "gpt-5.4", + map[string]any{}, + ) + if err != nil { + t.Fatalf("Chat() error = %v", err) + } + + toolsRaw, ok := requestBody["tools"].([]any) + if !ok { + t.Fatalf("tools is %T, want []any", requestBody["tools"]) + } + if len(toolsRaw) != 1 { + t.Fatalf("len(tools) = %d, want 1 (web_search only)", len(toolsRaw)) + } +} + +// TestProviderChat_NativeSearchIgnoredOnNonOpenAI verifies that when native_search +// is true in options but the provider's apiBase is not OpenAI (e.g. fallback to DeepSeek), +// we do not inject web_search_preview to avoid API errors. +func TestProviderChat_NativeSearchIgnoredOnNonOpenAI(t *testing.T) { + var requestBody map[string]any + + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if err := json.NewDecoder(r.Body).Decode(&requestBody); err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + resp := map[string]any{ + "choices": []map[string]any{ + { + "message": map[string]any{"content": "ok"}, + "finish_reason": "stop", + }, + }, + } + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) + })) + defer server.Close() + + // Use server.URL so host is not api.openai.com — simulates DeepSeek/other provider + p := NewProvider("key", server.URL, "") + _, err := p.Chat( + t.Context(), + []Message{{Role: "user", Content: "hi"}}, + nil, + "deepseek-chat", + map[string]any{"native_search": true}, + ) + if err != nil { + t.Fatalf("Chat() error = %v", err) + } + + // Should not have tools at all (no tools passed, and we must not add web_search_preview) + if toolsRaw, ok := requestBody["tools"]; ok { + t.Fatalf("tools should be omitted for non-OpenAI when only native_search was requested, got %v", toolsRaw) + } +} + func TestSerializeMessages_StripsSystemParts(t *testing.T) { messages := []protocoltypes.Message{ { diff --git a/pkg/providers/types.go b/pkg/providers/types.go index 68bbd1e65..1f28bc4ad 100644 --- a/pkg/providers/types.go +++ b/pkg/providers/types.go @@ -44,6 +44,15 @@ type ThinkingCapable interface { SupportsThinking() bool } +// NativeSearchCapable is an optional interface for providers that support +// built-in web search during LLM inference (e.g. OpenAI web_search_preview, +// xAI Grok search). When the active provider implements this interface and +// returns true, the agent loop can hide the client-side web_search tool to +// avoid duplicate search surfaces and use the provider's native search instead. +type NativeSearchCapable interface { + SupportsNativeSearch() bool +} + // FailoverReason classifies why an LLM request failed for fallback decisions. type FailoverReason string From e6ebeaed13b544626c8bda1c7693689ff535813d Mon Sep 17 00:00:00 2001 From: Cytown Date: Wed, 18 Mar 2026 14:43:58 +0800 Subject: [PATCH 15/24] feat(web): implement macOS app feature and file logger (#1723) --- Makefile | 12 +++ pkg/logger/logger.go | 28 +++--- scripts/build-macos-app.sh | 108 +++++++++++++++++++++ scripts/icon.icns | Bin 0 -> 16192 bytes scripts/setup.iss | 65 +++++++++++++ web/Makefile | 9 +- web/backend/api/gateway.go | 138 +++++++++++++++++++-------- web/backend/api/oauth.go | 6 +- web/backend/api/router.go | 5 +- web/backend/app_runtime.go | 22 ++++- web/backend/embed.go | 12 ++- web/backend/main.go | 94 ++++++++++++++---- web/backend/middleware/middleware.go | 8 +- web/backend/systray.go | 7 +- web/backend/utils/runtime.go | 20 ++-- 15 files changed, 438 insertions(+), 96 deletions(-) create mode 100755 scripts/build-macos-app.sh create mode 100644 scripts/icon.icns create mode 100644 scripts/setup.iss diff --git a/Makefile b/Makefile index 1c6b73591..411cd9dc5 100644 --- a/Makefile +++ b/Makefile @@ -297,6 +297,18 @@ docker-clean: docker compose -f docker/docker-compose.full.yml down -v docker rmi picoclaw:latest picoclaw:full 2>/dev/null || true + +## build-macos-app: Build PicoClaw macOS .app bundle (no terminal window) +build-macos-app: + @echo "Building macOS .app bundle..." + @if [ "$(UNAME_S)" != "Darwin" ]; then \ + echo "Error: This target is only available on macOS"; \ + exit 1; \ + fi + @cd web && $(MAKE) build && cd .. + @./scripts/build-macos-app.sh $(BINARY_NAME)-$(PLATFORM)-$(ARCH) + @echo "macOS .app bundle created: $(BUILD_DIR)/PicoClaw.app" + ## help: Show this help message help: @echo "picoclaw Makefile" diff --git a/pkg/logger/logger.go b/pkg/logger/logger.go index 95af83ef1..c5a1f895a 100644 --- a/pkg/logger/logger.go +++ b/pkg/logger/logger.go @@ -51,7 +51,7 @@ func init() { FormatFieldValue: formatFieldValue, } - logger = zerolog.New(consoleWriter).With().Timestamp().Logger() + logger = zerolog.New(consoleWriter).With().Timestamp().Caller().Logger() fileLogger = zerolog.Logger{} }) } @@ -94,6 +94,12 @@ func SetLevel(level LogLevel) { zerolog.SetGlobalLevel(level) } +func SetConsoleLevel(level LogLevel) { + mu.Lock() + defer mu.Unlock() + logger = logger.Level(level) +} + func GetLevel() LogLevel { mu.RLock() defer mu.RUnlock() @@ -134,9 +140,9 @@ func DisableFileLogging() { fileLogger = zerolog.Logger{} } -func getCallerInfo() (string, int, string) { +func getCallerSkip() int { for i := 2; i < 15; i++ { - pc, file, line, ok := runtime.Caller(i) + pc, file, _, ok := runtime.Caller(i) if !ok { continue } @@ -158,10 +164,10 @@ func getCallerInfo() (string, int, string) { continue } - return filepath.Base(file), line, filepath.Base(funcName) + return i - 1 } - return "???", 0, "???" + return 3 } //nolint:zerologlint @@ -187,19 +193,16 @@ func logMessage(level LogLevel, component string, message string, fields map[str return } - callerFile, callerLine, callerFunc := getCallerInfo() + skip := getCallerSkip() event := getEvent(logger, level) - // Build combined field with component and caller if component != "" { - event.Str("caller", fmt.Sprintf("%-6s %s:%d (%s)", component, callerFile, callerLine, callerFunc)) - } else { - event.Str("caller", fmt.Sprintf(" %s:%d (%s)", callerFile, callerLine, callerFunc)) + event.Str("component", component) } appendFields(event, fields) - event.Msg(message) + event.CallerSkipFrame(skip).Msg(message) // Also log to file if enabled if fileLogger.GetLevel() != zerolog.NoLevel { @@ -208,9 +211,10 @@ func logMessage(level LogLevel, component string, message string, fields map[str if component != "" { fileEvent.Str("component", component) } + // fileEvent.Str("caller", fmt.Sprintf("%s:%d (%s)", callerFile, callerLine, callerFunc)) appendFields(fileEvent, fields) - fileEvent.Msg(message) + fileEvent.CallerSkipFrame(skip).Msg(message) } if level == FATAL { diff --git a/scripts/build-macos-app.sh b/scripts/build-macos-app.sh new file mode 100755 index 000000000..093360ab7 --- /dev/null +++ b/scripts/build-macos-app.sh @@ -0,0 +1,108 @@ +#!/bin/bash +# Build macOS .app bundle for PicoClaw Launcher + +set -e + +EXECUTABLE=$1 + +if [ -z "$EXECUTABLE" ]; then + echo "Usage: $0 " + exit 1 +fi + +echo "executable: $EXECUTABLE" + +APP_NAME="PicoClaw Launcher" +APP_PATH="./build/${APP_NAME}.app" +APP_CONTENTS="${APP_PATH}/Contents" +APP_MACOS="${APP_CONTENTS}/MacOS" +APP_RESOURCES="${APP_CONTENTS}/Resources" +APP_EXECUTABLE="picoclaw-launcher" +ICON_SOURCE="./scripts/icon.icns" + +# Clean up existing .app +if [ -d "$APP_PATH" ]; then + echo "Removing existing ${APP_PATH}" + rm -rf "$APP_PATH" +fi + +# Create directory structure +echo "Creating .app bundle structure..." +mkdir -p "$APP_MACOS" +mkdir -p "$APP_RESOURCES" + +# Copy executable +echo "Copying executable..." +if [ -f "./web/build/${APP_EXECUTABLE}" ]; then + cp "./web/build/${APP_EXECUTABLE}" "${APP_MACOS}/" +else + echo "Error: ./web/build/${APP_EXECUTABLE} not found. Please build the web backend first." + echo "Run: make build in web dir" + exit 1 +fi +if [ -f "./build/picoclaw" ]; then + cp "./build/picoclaw" "${APP_MACOS}/" +else + echo "Error: ./build/picoclaw not found. Please build the main file first." + echo "Run: make build" + exit 1 +fi +chmod +x "${APP_MACOS}/"* + +# Create Info.plist +echo "Creating Info.plist..." +cat > "${APP_CONTENTS}/Info.plist" << 'EOF' + + + + + CFBundleExecutable + picoclaw-launcher + CFBundleIdentifier + com.picoclaw.launcher + CFBundleName + PicoClaw Launcher + CFBundleDisplayName + PicoClaw Launcher + CFBundleIconFile + icon.icns + CFBundlePackageType + APPL + CFBundleShortVersionString + 1.0 + CFBundleVersion + 1 + NSHighResolutionCapable + + NSSupportsAutomaticGraphicsSwitching + + LSRequiresCarbon + + LSUIElement + 1 + NSHighResolutionCapable + + + +EOF + +#sips -z 128 128 "$ICON_SOURCE" --out "${ICONSET_PATH}/icon_128x128.png" > /dev/null 2>&1 +# +## Create icns file +#iconutil -c icns "$ICONSET_PATH" -o "$ICON_OUTPUT" 2>/dev/null || { +# echo "Warning: iconutil failed" +#} + +cp $ICON_SOURCE "${APP_RESOURCES}/icon.icns" + +echo "" +echo "==========================================" +echo "Successfully created: ${APP_PATH}" +echo "==========================================" +echo "" +echo "To launch PicoClaw:" +echo " 1. Double-click ${APP_NAME}.app in Finder" +echo " 2. Or use: open ${APP_PATH}" +echo "" +echo "Note: The app will run in the menu bar (systray) without a terminal window." +echo "" diff --git a/scripts/icon.icns b/scripts/icon.icns new file mode 100644 index 0000000000000000000000000000000000000000..bcf9adcd737e21ddd54b4b9c1a23aaaa95afb26f GIT binary patch literal 16192 zcmbumWmH^E&@MUygWKQ)cXtxp-QC>@?rwu?&;<7&!6hNMySuw5xZ5B%@BPj?_x?Vo z*Q$Q1yKC3l)jxVw?_H0rg_An~AR=mO!OjB!2tCKBD$AfD6Cwiu05mySN%emS`A-nx z|Mh*sW@G;V=&mj!4yc(V{`+qrX{9S?t)v8C{HG%VfKj#p(0?ZXgz%pL0I&r>0PH^m z{x??u^S@Ui1+f30{-2?20?7N{8yLz-ifQ@)&x{ZPv=(09H?B6vHq8=6MZsSg{G*Gs zMW?%BwUhL8Dm|y{?)WOI8yoE$PXOO`dX+YqPAQ^c!PFsjSi_`j&Kq~{Z^jG!eAB zQT84bP04qjJe)<}Vy?+4rdPmeCscGER6(EJ>}aF`hxSs zr>DKAD3oELe>j#>?nL_`qoFu2#X$*xtEgsJeW?mug?Hz9AUf$#o4?PEO?kl(P;=25625&U=8{rw(Uub%ZPt$CG%J<+oLkarkN#Zu%(QD_jjzpYcnvWS}60^|B zm})Y(svs93WcXXbTRV^qi|39dah4Z2(06@57v=LY4CeUx(uY%lpQu7!jm7kiA@f_O zx*l6x$;T@Xeu~~(^a8|**{z)hY2VaDSeuWc=i@h~l1UG!951^xyP|5(WL^I7QfK;+e*j1i^-c?hb3Ixv6qN@`lKoCuQ7K>hW=zI;$07Q zu0t@^HmWybk?6|3c*QxeQ39mU&ss`s#0$#dkv}!oRCpS zIp_Ll^5HoLX<=UIMbAF>y$T6n-riLXCp%lRfCgk%XodCiLsS7y;AdeUU6hFXAgxWW->H0Bu^#IK8)=T)J45_J6hWz?G}XmhLVJ2 zL0yfL!IL0Bd$LRlZYJ?p9Hj0xd?CZnS);Jl)3qa5Xk_@2mNjf`?Fu{GZxB{#8*ldK zwLne#zf$B08^!b+nsYzOgzZkclU0o+yZCDmlGco(5MuT(l#D7xp~A!&4N!+_i;Xyg z6F54LF04RUvK+^VmMIx^EFd1c)+j`h+{3L6lE8yY&7E%ij(2ch!* zK_dj$cKpxHD#;`ljwhtd7aen%6+}HuJEzrxUW%Q& zLrkjGE4^Qn9kv1OdwGgk&Uul4(%_(HB4!|7TMB({N#bezEge^LL~_`MhYUzbQ>x?cJ!agO|*GgasXc4i8)X#PQ$ESo3w9jIUMX=vdaU|AkD8@ z-aw}-ld(8zTz4ySw(kdDva0yd;VD&6s+}4JT>~!Nn}7)@^j4{Ym+%=dSP3P4L0oUd z7?k|@EeM3WKoe306Bb7z8c3RWMW&z2n*$SR-r7t$VWo9^@ejJbz2&5@(?Mf15A)Y) zYA~PqsdLg5K*wzMMzu|ST9s|=&`ke2*qY3o-N z&UO@OEJZ`42pFdg{5_Pc~E9g^rSxVx8Nja%r@g zz+j+xqVq>T8K#YBEKvf}ROuJS35uDHQm4s9MW)O>59I6n(9#iXVJ_lWKj+myEjKLr z&!SI*HcTg3S=y9SZ=$&KPiKyiMl;$P6PcwPHbur39<6p0CX3rs*DSLa4W8mn60W%) z_E3+jw3ptL)6m^mE@rp!5dw}Q9vXXN-9e0ovJHQD=J&WHkvfxui-!l`5ti@zr_{ofVwQ1GooVmk}_wDPi zsHO3>4Y%D90|r6kjl`2|yL%Q~PR*wdSzeo;kC(Yg`pu>{d)568!nAJZnevl|j@Z(u zPjY@b=RCfaKKy3YA?Bd^0(r15&Jfz%9;o(Pp+6|s+VTqZ%1c>z2pCJbxR|HSG=7`& z{J6dEz^`g3kFseXeG$-^*C1e}?q*KxX}c9Ejs8cBjCD(L!PsQ0*df?>tq}hr4d)e^ z9^%0AYmh#}e1G zmKoVgGl%0RhfdvQ$p{aQ^F+N+Y(7X|Lect|>;mP$SGmQ--@v;>SltXf zc=9;U=(*ji3G`SwQTU^#tzGkC2I#JifO6+%PmaV|OZJb!0hM&E zN{n7eX&3De-%26;iJXt(omP`iw|9$%t@~+RGer+NGZ8jug-*GvvBDW(ul=(cX^pqD!)h;{mB1<=5pN_d_jnv&k6dyO0Rn>0U1lB)*7`Onvi@B zmUbh4HP;jgDG-_PPv>@AQ>y1cA3aWzW6jHmxSEXSQG&hi0X(0CK9tjf!|$9uvEj*g zMJF@%x2U~c)XEPF4z~7Z^Yi_~xR1`iqdTgL$s%4+spBBp?R)V4c^}M|t_}PZ8DBu5 z5&z_K&h&ufPmYzMf3x|{47_dg6l-T5fwh$4SGa*rO4@me4E$BxF=PViL++;MI}dM? z@Gdp7xgCEf>2qpn`hMyuK%DM2GtEl!LxrEa5(PWM?+5brsVJnieK$wY~Xt|xfOII!P`b%C% zfUK!it#p?86tyVn<{tR2f+=e9aDt?q=*(L_YRS%=<|o%tU~*vkB}!8V)g=LySwI_B ztvhEdl{a7>Efp0UiEPPF!dRgv3)TM7+#XxwA`(T8p@!!W;$PE}^b$gT9159Eh%4kG zkT@4=a{m$Q^974Y#Z?)9i`cQhrs zi6g1wJb46p#?RhjNOva-UnWTw@;kTc@gJ-(5lnG`mAS0EdmmjKnO~Ed64BGNLv%F} zak#$|4taqb+3QCbcM&tzdZ4qZdw&o0QiqYgT|c$5s3M5Dm5-LbqaI5*zt++~-gr9Z z)!gWhbe>Rx%lVD^*dvZ5BWuAIIYk5OF`s<*E2|>&&_bbTrB zMnx6<_oc$rOaOsg#K6I=)8vx4&5$U`IA1XH2D?QOWYwOmy5yLUjHZ;bCCcX9p?nsQ z8cnHgUX@Cl`zhL-LXS3)NU{t==v(L7Z|uk&yDHi5f)e+^GX*OuejifIME)`*o>@(w zmHmk2#8+!7*Ug-ZL1RME%Z&%&9T+OQGy^T-Finh-Fr0Wsl9L#l^YYhHAXAyDx;p-` z4{AAMVpA=(MMxG1VWuDTyZBTd&rgw1`DlpNYi4KJmgW{7L{xwi1&`b$NGGsa)DQsm z_<)5<37zwc$Q9!oo6YNk2h_x*@a!p~R70&ay(;g)ZlmwLdn6bQh}wJ>0Zch~xQ*KT_-k6;;IFs-R1EK7<3lw29H#R`hT+aDE_6w4fOrcn=z1a}DKqBdF*Qg9;7+gAbLKM9{kMm3@y594 z${~D(IN`1M#;zb zS=VL#ggWF3jr-@S&bhE!H0AnACD`HCtyt=UfA%3xBTuCt)*IhhCUwPGcU|e}eqlyi zzPMYKRdR7!+VPQAazR{ztx9;2oe;bnHnzZ|x{Xv$neYj!m=xtRb=t4?G65-~E{fnm z%GIAk-2%SkU1Wolv$qlyJOyuVs&A6P8S>geI!pw-pjUa;J zJ%j*FZOrDl?S_csr8kqYYh*~Ry5R=Z&Yvr;H~SjEQ+#_tS$o=cmAHi3iPD9&(XETK zLOpvhxe}bK=gu|`J(^LN>=pj)SLBf$`9XawS+eum-vu!_G2EGt_Z*VXxu4S9EtV8W z4S(2=RzkPljLMDbONOu`0q|SbijfD?`2$%khNy4%q+NltaAZ)+`=ySOl5M}L0ZS)` z$h`rXJ-)q+786j=Bkj5b)gKyTcrV_UIN?VT@@MuRHI@1opfmDLxLMvd1k%w&SrBFm zY;LLWyc)%mHMwU^6*(i)MZ_1qj5trDI+^cO{74uGJxpNJKC$I+N`3N-YWhBEIg&`? zu*-WCRgx?OAd_YK4`@7jA<$1f%Q%a0xe-e-&tXLKff+X&s< zV^{G$IIto4fZNVm4>E33ac$4DK==woV4QySE!igS?bjHN@J$q3(O)53X&mRHe;aJ8 zx_7Z@Avh>@axMXns?&L}I^tIK6=oyT(J;M45Lr0Pze!G$4nLyk6t!BgPp0(8msx5E z-d6W~g}2l2BO$9MJto|>3sH@1`%Vkzu(t5K^e;8mm{XisqUII~mF3_Z<0GU?E?U4# zy(Bx#r{Z23OLP8nxC_V(?I2iO*toBgVP8|^YNs_)Tq|~YGub!wfA1a^2 zW{4(OC%qrG_2RONym?%u-I~r8gAh=?RNjN2fXQ-HwU-5SJR`o93!Ox+RN1J>em{B)^ zV>D)_+D#3uY9X%UxP{)DUH+W|5othScfv1_UniB!M#k7m_YE;Gx%Ny}%Bg75x9abg zSET$l1@1XyqDRxU)0s#klz(7d33k~53nsqo)G0uAT132=8tS|(A@m4LIA&1g7|2!X z4`wQyI-RMmAhLGM9aWK1cq@fIKF9=$bEaEi+sSCwU7?7``qD!L#57BlJ9+Ro?mD8W z33OTfs#Z#=bYrl{#$J40UqJ~f!#}UwDp4`vv7PVe+cf!9yW`)tui7V5?JabfHef^( zbxT3(q->3Tm<%sSTEQR%mY(CjU|mG;l1s(h($N9vV-5|kGc!8^BKvFM~_y2 zH%oRA7Q<4JGzFQC#IAG+Cp=ot%Mj)pU3?bC4MYirNhb_a2}}<9_)1cPmWaDGxP=&V zS)Vt3xLUO2G$p`$(~fzGb`h?~%Om|Qcex9l>l+1Z+Kzt0Uq=w>jAjG-+S4VpPkZac zt1qOAMWh9D`GH4;uDi<*eP^A2A6i*Cq5&GyAlfPBLv$i#Fa1%Uy=pHb6#9qN>YPwZy$LLdk%Y(L_jnI|*3UJ<#XsPe6} z{$O}!tm?aL?0Vnu7Pf-3eL79YB2myu+XI7paz-$&NTV_|GGJc#10ngwaRF^6c{BU| zNq8w0!`>=}0=r(&4`jjmFx|iHYx=)JaiVS<7N0_IFfD3<*Bs)g2*D{ilzJS2o=UJ% zx||n_`+EU!zdDjn(=FVT9`y`N#yDeWqR& z>)sgEX%U0hDs#!?VuF60XUah+e3cdYaoo|{H4L&QDfqPkiirKa zd{nR=Cp?jillg<|&ag%CSg~2nR)nSt6>EY=aS)vA*|01Xwj8Pa)=WJ;)N(IjSb+gQz<^4#jzk^P}e8!nYOlBzE5^-lk5Qf+buIcyeI>kUE4fN9(I7@At_3IDSu- z{+KU5VSHpOVnFJ&=2>+HTwlnDXnV+4b~wHMa$AP4IhkVmhA_8?qgU+uLIM^(!n6`zNC97%>I#N$85HNYn`R?Zc2SMWv$iLv*`@gCD5Vo0S!N zZ`sYU038uW@QA$#y)%4?;7dd@j<_Jzol&foo0F4445cWqb~eByk8WmDfeTA_{Y?5i zVeEJA7js2uJ~es)FR{0|c^SCxY0}{B!8w%lJyWo57)}&|199bs3A*vn?P$Zi?M^$B zU9?>KvL;0hSU(B|XA+)*4*wnAjkOSUpjtQU+6WII1=+gtJ4+GG=0HxR#8M)$Q22BH zEXwZ~O7+gLVNt^6?zm1;88o@TefFR9ECVZLgQztl1j88M-Qg=nW^J7@W#}Z9Tdhii6218`$AbCZjwLw)LAsrOqdSZNU$POZVL`rFjT>N^bsum zi$?bjm7JB7c%>`944Ra(-NckDzbZzKK4y8miwQvxCg2wUD2Nz(!}=;82I0z)7(NmU zlVi&Rqz|k$jnR~Koy&i1*pI-KkaiFdyx*eF_x(7GA06Y7|de7P9{3q)`BF6FkYL(J~e7Em)u6P*⁢khI2_ z8@WN`$2xvd)8UgDAVj9PP0`tYh_Rs2$O19A0-LMZ6tGEcZs7Jnz=lrlBsO}nt?UeM z(*RI_?AwnDtUz`@MKB_E2!N{w4#+;u;UCqHp7KNt>PBKE)LrxFt_)FvY_W*O!z4>B zqs3YV4eVWIf5cJ~mJ#hn35SKTEq}z{!96b)Gm{H-zF4RLf$3VLB{1^)bIxnK74^v3 z8*fU2ADQ-#xGo3S;B-X~0eAtPhcD8@M^OOExM0ZVrjl$G^G=tY5S}15-WI>f@bRoS z4QT-DceQG=`1r}s$*78LFrU?SqV#2DZ)M#}iI-LIqD9|mWuGJa3vAq_}#8anV zx49U@V_2{}1IQG&u;0RkX~thT^qKqIc$XayQwCnwB6Qeo$@y_pe#{V@$?qb@(7=Fa(&Vb}Y9nV({qz-EbQiCW!Png_RGb+#_aC1S5r5jC)^7x1CJ0#6cq;ylP;O>G~DaqyWVa_<1q^t&b@ zSAlc%PG#*3q=cI8UCbF$-9t=X@S|L8T*>V%s=VV?f*@kpPpp0qyujRS1rx{T zG(%ZwE3KkknHT^++3H9owLID#m=M|B6JQ5msE8U|?Eip`vShOyh0m?p!<=pK1yJ=X zJoRccubq+(@nMh^6|CAq)Ubu3@J{g}6g~5a5Wzjuj3AiFNLYnD`2Ccj3pD$7s=BXS zg_14R`r3dfBMl>?6K2lQegd(EeR0g%<- ztF6y_QWfxjCEvYZEOQ|%5{<->6-^ zGES~ueh0&iNX4ukVbSrhVZp@%3%WrKU{?r^ndY~|hlxDFwKj9L!gJN-xTmBt^OibZPty`t zJ89aID;UgixjI}7Ds_SoMF6P@gxh&jJQBf6rMmyeC-U%pv%ge`px3K(cYnHPxjlA{ zMIzeX1OO^I%$*k`EQDMi&b1qDr2jeIaN_Pej|zv8lK_IL)|kEz0$ zXdCN_UUb!me+>8Zzdx6N^}oXk@4@OeP*cute|Kh#m^tYc$3p61(nf+u<(4t$1Sc2` zWtgh!0FY!ln|zm)pUqD2%wRMANbEpc^NgT@ZOu;84d)*+m#-3MQ)u7=L2?}Sqiw2Y zW#W*JjE4E??KfokQTQ2I!xF#mi8TYD`VoNV&D#JwrJlDBl^giN$(~nXOQQX35xfdu zjcOl0m1Y+#8;Q|h2qQ#{Kt`e`!Vey06~mZ_rq%ff(pqlj?SMR^2i=5tkjO1-n})7S z><;A8C6NY=S2;%Qo5)%Ar;^e+1(dhH#Qp;gbx-LoR;$;&Xd-MfeNB&b#v$p!-(x;s z4B<4v4(?2I*r>X>xpmZ=BME?FQeooR30%#Ah=gwbWZKM73Jwou9dA<#R4VwI1JO6( zJe;tNpU(3#m3=%Z-L<)TXFlziD4h{|aLjO^b(X7^$9>`AAxvp`WoWl>i9~yJYBoBD1|?4rMAh+3Rq@8@PUx z!%(iCNI_)^+plJBPFbZ#;426pZ#0Oy1xdDG_^BkY4%T%2?9sgMXJuuTfyRObq~IoP z32gHsp--^EC`2Fgx+vbA*mA4;thyS$MN2~$aCMA#j7=-PgE^7s#<0yPfQX)`JI!W| zP9==R!@?JpSS=0!I(teh+F3goN(*>D|Iu@OT5ReXYk+TPct*I@iQf(i^6&438RIv7 zl&G}bw)Os1$?-|Yw5fW0KDz75Qpf%(8S@Ngx3WG6!k5J2P22GC6cGo>MEO}v6_#qqWCo%XR8NxkU$qRAbB!0Z4XfM^<%7(937isPj8X<i!BE>ev@1Cz;44xTxt^%wrVK%NCJX$H1q3)bUi$m1i)W)FUZid1 zsZl?aBRO?2)QmCUQ%*dYuvZi;eVF;8Ad5N|blN|nF|^$;(e-Cw%EuqiVMbc6t}`1a z_)DAPwK6lU7QtWcg5@X?Rc)zq^3bp0ynpOdcQs2e+~S<5o1mS`3_S1UrKT6nXbM{% zwn#DarT%QA$BU`Fa|57jk7n;6@~^-SfnYkV({(X)<$#EfrbHnFogjg*BZhiIg1;7Z zNbCm9&Qr>ac?ugjZmie~x|z+dG^;nmRO!0v-vF}MDVrwW_ZW&fMI=cO2_jOS#iAs z>G)t+wSNglF~SExK`SrBH%O*)a3xiIzWOZV0yyH+qPRYj7NibxwberVCMtA^+ZIc3 z@d;XLviuif|L7*e{#dT&kpu(1PwHxoy_`#BU*M1d?B67N1^{ZvJy2S@W0aocdU^%vyOTM3%36H8Aj7_s8S}bX_~`A_;F-)aXY$R47eowr?Wl z4OC=^Z>YVOLb@D#K;66wM|RcUFlUq`byKI`RpCTcrB~~H;UL(+j7Qkn?V89rDr|k4 zcxBcPBS_3}t3Ko1CBGh1x~4OACUrj9V|h`g+}iDFxf%F6irWQC$!#m>Q!D)$6{_nF7WfcKX~TJhy7&BM#H}tnv(I_RsI*46yapeZwHDOH;%m+`^RsJp@GI2P?pj5k8iecc3&a@xu^QQnP?rxwke%>*od z@2I4{elT8n9mo`>dl#=^8?)c*G_uoF_ga%$Q zM!0RK0sD;;?7F9eD3L@Hf}JT8<68e3`!ltH@vtK!TlhW}w?b}%MFsa;^;6Dh7Zh2H zl$`fx2RXorh!a(;D*9#qD@j4h`bF{*Smg|gE+y^p3AMv>zZ=gBi~ENdC;E3U{~tjJIWwaB@>AfL8jG&>z0L_Dj0*@h|^#nAdU*&>nh!o(8P zI+urZ_7E=**0$mjs>`U|C%k)eX>KC6yD4(thilHb5k#5{c;5PrC{oF4fJ(3w~j!lG)y-)U%7Y3#xr&z%>DQVw88 ztg&+O0rZf-rf>|#$#KNUSc(ud>4Tqq}r=pXvFncOy@vO>! zohmNskk_`vEyH-Mubfe=#RScIuXm_Xw}B5ulw zr{yv9MX-}0d(nWr&0re&-1)Uv=qg@^f%zWwkF7S6j5uhWthbYqoe#cD5pWm#H8qT_ z(D9|o<8mASTf%$@69~7w+e}xth`Qt^Dbrtyl?)8PLBxnYg0nmoJbb@)OnHsI?1^af z!Q(*SCde2LX@+ewBUk~OZD1^K>9oH1CZmN1%9ADx5RM*7iga}mZ;^4noaXs_-CZMh z9cQUSa>k?BpFV4SKS3*bkArH8SMF)<95~pKFVx9g?5$1U(ATQI z&=P;b-+Aq>-|>ORhMmrExmv}hX1~EpIYn?_j)xH2+gZw#xwX{ZB9aQR151J+?X^PO zemi=c<(R^*RcQMkxEm^G+_BvJLj$OdN-s_`XOmnonJ2Hg9(rOl%X?%_qRFpFG>dbd zPqvGHRCF3F?KS%|B454K)Y*;wrY;ebAH>)wkR-?j+r7@DK{<}lQnS%1TF!Sz&6ZY^{&+oYr{~T(`=fB!uK41>mg3VDF}vKLrXi!Q!gt_$g_&W}h8ziMqx)2sc}=7d}l^2nYL`L{cq+b|ok zKLTvcl$KoV;NIsZ8LS{n(~QAQ$SIL#?oF&|Iteyy^XLyogl7jI_tvBVk)gXxL?8Pm zDm8?AFt1){i%b-#&w-GV>lP{c)zSG&u-1Lb6nG7dY0rAdQui8>_by%BQ~8%>%TJ)e zaQNoIy!(e6QdP6hF0$iMjp(_%f%I9ny6InQG9D5<7ffXe7tQ42i}J`~pdX$b{&HQ1 zC2{WLObOLbVq`5gCB?eS1hn6uOe;{nv!S)RUzrB`>M7SXz@RrO6&8*%Zx$rh5ze+! zJ>2;p{nP<)d@`xLLNzzXG)(NN^MJTMm>CYSj)^iqK*!__J!|{iNg}}r{LA!M{^vKW zAI57Y@F45IXw$1Q9y*QADv`d^b_*CF*Oz@<%7Pw}w9Scv+RvanTUK3#SIHZ6==lv7 zU%Z_V;)MZ8TMI%QCjxAG>Qg(1(Iodmy!dT7hOv2r-AdB!gzHTG!E;pBGtODhdo*K* zF?U$H_klu^@7OslIGeGU6UGq;g(r;7rKeWg+D1q*0g#Dbc;wT5N7ERcb~uuim4^P5 zxdC^n!8~^DOR>e{b!8O$ME<73MrjWf{&xie#(Aj9KEkSco3yI%rB#7HRnc01uO_GY z#&NNp;|fk8-)RYOl84O|`QT%;p#_HzGIXX5-vsBozunheO6rTa?km*C za)zbyWHGIyAPAc_Y6x0C5_VLy3}WV84f~XTl9>}ljlRbY;@s4aHF?%u6>d8w8exf- zYAgB5cRu>Yj=M_O`&rYfhj$z|o&|Ks zO7syDlXQ^J*Tk7^KnQ1f_xBY*;mz>$gHDIlLvZu=d8=8f@`T6kuDTu=PLpL18+MfX zi=Kv(o13)eE&`XM-EviDwnqhp-Ns|Ls~iFAB?QCPB~${NlAQUQNl2MrLS*%dqvQ={ zR~VgP?`24xD?#@?D;gvufp1JL7GJX4#9A-Hg$5zL$|vmzUh>JSw@w+TXLO!a>@=|g z>lG+WOQG7|L%Dc!*F$Dpd2pnNniJDk0Yk|T>C+)NY193CB?cY1a6-Faa9qBn=A%9I zSclTA=E4q+ZXb!0T=P(V1=0#sQro;m&i=(tc~KsUTHdrOzI+NnQT}sDVZAMthFOca zi}ynE;^dUzH|$vQDM^K`|2VJdIry3cuy#!;J#Bleq$`npO%Cr(()$(hTJ(r$b)%(r z6MEUbhEJhm>^Ej$__Y{izkw!^5}w?4*j+@Vaf-pOZuF+Gs|ciRsw+nF1CMk0{a|Jh zZ}Q47y_lu}g_CM|6|$NPHA_YC70ky^&VZWQoyeu~XC&l&?l^V9z#sKY42aDe5(3wd9ok)AxZ;RSLk$goX(@3hA*Q&BA z3!E@KIBfnqay3yOe{J>nK*MCg5fqbtc`doYIiX!4ft<2%c?W#aOHL6@ji?oSa~*Q_ zT^*J&KI0q2YJB0iA5VlAgb0baRKyGeyvrz0GDmxa1k8Vv)2SL~!P%3^R!IpTU!#+N z?^H^1`2ONiT|{|?jK+q*2WrPEt(SudegfmbxzcKJlNO!prj#RSr+b0-F_JZZ_Z*knhOxA)ZHYQ29m;M68w?1p3 zcXQo)SJT%yJtbyNg;;6WGFSI>vZI|r7qwLg7;Pt1LW@+8$S(++^`ALVJ8j?0kJdfYOR6=P#&2+LZTAqY=RHZzU4dd%W+J0WbHox+dr3ik9M_p$JiQl?l-r z<-I||+h>0)=E7|y9Mkapu=-7Qtw5_XU$S)AOBRyr8H^%07L0n2uu<3xzbB9I;Id~0 zQ4h1>rpg{;pMt5CREm&W17Gv+YCTaz?Z!1~W)KNVc6c+{9annp@ds)KB3o6&XT5i8 z%DvvF5Ybt*58rDA<<@_^CIWT$+&4c=kC*9zcoas=(4I7OtFE1a-?UA6TnV%dGr$Qp zW+VNq#BEjE`{?z$)Y;o^9ZWKhzBI>(LHx+CtG9y7tn187(Z_r_HrdhEVQ}Cc zKytg7LtJG?eh3u3hpxOkD*~ny5fi$D=zH0!m1OGn9W}8yqLWBW+cDN`tmEgN3HiJV zAHIu3|3w~1fhTb=?|N;-mRa9U`Wm(KWHzGv%CQ86AmUfS5UAyl5buef!)U@HBrl)+ z#H7zEG}aJ``aB3vHwDvR0DlPF6?!Yc$9vftt7IhOqdFo2ob)qzx&wD4D#|Y{|9;xM zPfo&^>C&rU4le6mIx%!vAITY9uXBM!+n`fXysH}7MirkN;9VC>bX&M$T*}XPj9U5B zlkDn0P8vzY@}66C(hjiy%KRMsUMP&7i}r3hflWmBW!YNyddmW*1))t%iQ+`Hays*i z<)ONAsi{eJ@>CBsEohQZ-PE;LJwgcvsRudA^$R|`++`i#Z;D-_N3W{bQ2YTkNn>v7 zfE^Bxhvvkk+Ru-h*gO11$d~E(?uYQ=7ws^3TFcM)WEguYDR_rLkD7qtt_)1Ptj$IS zvV4$3?21I5O0?=S6<9Rv!p^LO4uY|@C5_9QOwToAKWI>TtA#jPsJ!e1*e3e<7$33^vLrwV6CuZeR#H}e-i?V3h*Xk9+Fly%^7>QXBwn5e2fhadvA2a- zYP0B8{N3ak+(96$gngEMp``m+E$T;7;7YRcxJO8iesBAv@>@7Ecn+zGrAErX6gF;m zH^+`M{)b~IbO5#!119Mpm3f3Xs^)Mmi|?a0W|U_=BGavnZv*V}X56vn~&r-ggTmSA0&=#SIq8t)mXXTKG-zr9s(jjO_lek_(d8K#LY ze%Fh)mt_rEee}P&_U)SB4LmQKKC_7_Nc6$PK-dIwbM|Y3trPzk++q)zQ`{0%40GPp znY!1#G7%RdOuTp9x0?y!YP^23GlEaACs{f?Fky+IjC>gXZc!XpqQ$H=%m^ucM6J4N zP?H{$snNq8x%gKx8!jNi2(w-L$L|VO$8>D*D2Y(2;wLu@YJoW|*g#Om?cIlu*bQ+9 zhFr#t7b^n893{LO{L|JG5q=B>iQGVfMxv(og&$kg9M(4U@OpUGYO3CYx2OT{261}@ zi;k1T48>k@%MCVern+&O1E#~^bPntDPs`Rc zXW)mZP2_D#1NA%81XyE|`=D~GAb-U=SWO46IoKr`ML?g3VH3vL+hlO|BuQQbK3e~C zHgI@L80oK|ZUBX=ZdO@?o*>BdQrlcGg5AKIk=9X6)$1oUf>&Oo)VCiuB5E1UiLItH zN1q;zqJrhIw7Z(?90^rk>I~=)QM*;ZPp5?S2{LwAWEk?X!pI{@a6p?`J5Uh(JlAc; z2J?;Rw9B3Aj}QmMwIn*o@84gy`4AmwKM^tRmwYGn!A9dT73sX~m!uK7H9Qj4z}9-V zaUyF3fx(E!wfg9-n96Q!o15V@0C)bNbyeaOyF<$2iU>!2mcNljY{sKu=UpGLg<%Q* zRUiS*P0UKBE_uWQ4gp1#$4Qs*|8jE}mUYwu!w56`|5b2pA zy;g$Mot93AEA_9sc~Mc`Rtee92xGFmNOuC_V4pDHS@!YW&7fu7Y65fEeGTE{?1{UfjnMdIZImz z^;fdo3U0UeBa|ZIpmAMWJ%phMfc|~Oa3km7_y>@M3p`>WQ>cha+P+{uc8m3`)Bg=c z`Tx&wRv^E8PxW$ceknew{Eu%fC#5V|BW@aM>tyZxkDe`T?&4tU?!nGJ4}^gQ!NDUS z>r#7Jxw+dqJLyrIxmkR+{WsF2_HcI5rFJ&Av$F7T#{vK&3rxTm${Gq*zE+lE|I26w z5lPd{+1UdEEJH!XC-^`}szvSO>EJMjhK>Qo#?w*OV70gMb=Uug|I3j!wS|M3yL%BP z76b+YTZDrP0YTs(@S09$j#egMynjnp9u{UEW)99aEN)iTR&G{K7FL?J7S2xp`6MF7 zD=2`#&ytZ-Q0o7Wr~e+*{U6oJ-B4LW($>P`Um#{~zC{#Ny2=_V|8D?@n1s{}oIG-h wY8nRr?!5k?5m7Pm2}vpGb&c&Eo!tY|D~JCv-2XM;e|+};8ukCc|L(8/dev/null || echo "dev") GIT_COMMIT=$(shell git rev-parse --short=8 HEAD 2>/dev/null || echo "dev") @@ -57,7 +60,7 @@ endif # Run both frontend and backend dev servers dev: - @if [ ! -f backend/picoclaw-web ] || [ ! -d backend/dist ]; then \ + @if [ ! -f $(BUILD_DIR)/picoclaw-launcher ] || [ ! -d backend/dist ]; then \ echo "Build artifacts not found, building..."; \ $(MAKE) build; \ fi @@ -75,7 +78,7 @@ dev-backend: # Build frontend and embed into Go binary build: cd frontend && pnpm build:backend - cd backend && ${WEB_GO} build $(GOFLAGS) -ldflags "$(LDFLAGS)" -o picoclaw-web . + ${WEB_GO} build $(GOFLAGS) -ldflags "$(LDFLAGS)" -o $(BUILD_DIR)/picoclaw-launcher ./backend/ # Run all tests test: @@ -89,5 +92,5 @@ lint: # Clean build artifacts clean: - rm -rf frontend/dist backend/dist backend/picoclaw-web + rm -rf frontend/dist backend/dist $(BUILD_DIR)/* mkdir -p backend/dist && touch backend/dist/.gitkeep diff --git a/web/backend/api/gateway.go b/web/backend/api/gateway.go index 16b793427..098e2babe 100644 --- a/web/backend/api/gateway.go +++ b/web/backend/api/gateway.go @@ -6,7 +6,6 @@ import ( "errors" "fmt" "io" - "log" "net" "net/http" "os" @@ -20,6 +19,7 @@ import ( "github.com/sipeed/picoclaw/pkg/config" "github.com/sipeed/picoclaw/pkg/health" + "github.com/sipeed/picoclaw/pkg/logger" "github.com/sipeed/picoclaw/web/backend/utils" ) @@ -27,6 +27,7 @@ import ( var gateway = struct { mu sync.Mutex cmd *exec.Cmd + owned bool // true if we started the process, false if we attached to an existing one bootDefaultModel string runtimeStatus string startupDeadline time.Time @@ -101,16 +102,16 @@ func (h *Handler) TryAutoStartGateway() { defer gateway.mu.Unlock() ready, reason, err := h.gatewayStartReady() if err != nil { - log.Printf("Skip auto-starting gateway: %v", err) + logger.ErrorC("gateway", fmt.Sprintf("Skip auto-starting gateway: %v", err)) return } if !ready { - log.Printf("Skip auto-starting gateway: %s", reason) + logger.InfoC("gateway", fmt.Sprintf("Skip auto-starting gateway: %s", reason)) return } _, err = h.startGatewayLocked("starting", pid) if err != nil { - log.Printf("Failed to attach to running gateway (PID: %d): %v", pid, err) + logger.ErrorC("gateway", fmt.Sprintf("Failed to attach to running gateway (PID: %d): %v", pid, err)) } return } @@ -125,20 +126,20 @@ func (h *Handler) TryAutoStartGateway() { ready, reason, err := h.gatewayStartReady() if err != nil { - log.Printf("Skip auto-starting gateway: %v", err) + logger.ErrorC("gateway", fmt.Sprintf("Skip auto-starting gateway: %v", err)) return } if !ready { - log.Printf("Skip auto-starting gateway: %s", reason) + logger.InfoC("gateway", fmt.Sprintf("Skip auto-starting gateway: %s", reason)) return } pid, err := h.startGatewayLocked("starting", 0) if err != nil { - log.Printf("Failed to auto-start gateway: %v", err) + logger.ErrorC("gateway", fmt.Sprintf("Failed to auto-start gateway: %v", err)) return } - log.Printf("Gateway auto-started (PID: %d)", pid) + logger.InfoC("gateway", fmt.Sprintf("Gateway auto-started (PID: %d)", pid)) } // gatewayStartReady validates whether current config can start the gateway. @@ -224,6 +225,7 @@ func attachToGatewayProcessLocked(pid int, cfg *config.Config) error { } gateway.cmd = &exec.Cmd{Process: process} + gateway.owned = false // We didn't start this process setGatewayRuntimeStatusLocked("running") // Update bootDefaultModel from config @@ -232,7 +234,7 @@ func attachToGatewayProcessLocked(pid int, cfg *config.Config) error { gateway.bootDefaultModel = defaultModelName } - log.Printf("Attached to gateway process (PID: %d)", pid) + logger.InfoC("gateway", fmt.Sprintf("Attached to gateway process (PID: %d)", pid)) return nil } @@ -269,6 +271,59 @@ func waitForGatewayProcessExit(cmd *exec.Cmd, timeout time.Duration) bool { } } +// StopGateway stops the gateway process if it was started by this handler. +// This method is called during application shutdown to ensure the gateway subprocess +// is properly terminated. It only stops processes that were started by this handler, +// not processes that were attached to from existing instances. +func (h *Handler) StopGateway() { + gateway.mu.Lock() + defer gateway.mu.Unlock() + + // Only stop if we own the process (started it ourselves) + if !gateway.owned || gateway.cmd == nil || gateway.cmd.Process == nil { + return + } + + pid, err := stopGatewayLocked() + if err != nil { + logger.ErrorC("gateway", fmt.Sprintf("Failed to stop gateway (PID %d): %v", pid, err)) + return + } + + logger.InfoC("gateway", fmt.Sprintf("Gateway stopped (PID: %d)", pid)) +} + +// stopGatewayLocked sends a stop signal to the gateway process. +// Assumes gateway.mu is held by the caller. +// Returns the PID of the stopped process and any error encountered. +func stopGatewayLocked() (int, error) { + if gateway.cmd == nil || gateway.cmd.Process == nil { + return 0, nil + } + + pid := gateway.cmd.Process.Pid + + // Send SIGTERM for graceful shutdown (SIGKILL on Windows) + var sigErr error + if runtime.GOOS == "windows" { + sigErr = gateway.cmd.Process.Kill() + } else { + sigErr = gateway.cmd.Process.Signal(syscall.SIGTERM) + } + + if sigErr != nil { + return pid, sigErr + } + + logger.InfoC("gateway", fmt.Sprintf("Sent stop signal to gateway (PID: %d)", pid)) + gateway.cmd = nil + gateway.owned = false + gateway.bootDefaultModel = "" + setGatewayRuntimeStatusLocked("stopped") + + return pid, nil +} + func stopGatewayProcessForRestart(cmd *exec.Cmd) error { if cmd == nil || cmd.Process == nil || !isCmdProcessAliveLocked(cmd) { return nil @@ -353,7 +408,7 @@ func (h *Handler) startGatewayLocked(initialStatus string, existingPid int) (int // Ensure Pico Channel is configured before starting gateway if _, err := h.ensurePicoChannel(""); err != nil { - log.Printf("Warning: failed to ensure pico channel: %v", err) + logger.ErrorC("gateway", fmt.Sprintf("Warning: failed to ensure pico channel: %v", err)) // Non-fatal: gateway can still start without pico channel } @@ -362,10 +417,11 @@ func (h *Handler) startGatewayLocked(initialStatus string, existingPid int) (int } gateway.cmd = cmd + gateway.owned = true // We started this process gateway.bootDefaultModel = defaultModelName setGatewayRuntimeStatusLocked(initialStatus) pid = cmd.Process.Pid - log.Printf("Started picoclaw gateway (PID: %d) from %s", pid, execPath) + logger.InfoC("gateway", fmt.Sprintf("Started picoclaw gateway (PID: %d) from %s", pid, execPath)) // Capture stdout/stderr in background go scanPipe(stdoutPipe, gateway.logs) @@ -374,9 +430,9 @@ func (h *Handler) startGatewayLocked(initialStatus string, existingPid int) (int // Wait for exit in background and clean up go func() { if err := cmd.Wait(); err != nil { - log.Printf("Gateway process exited: %v", err) + logger.ErrorC("gateway", fmt.Sprintf("Gateway process exited: %v", err)) } else { - log.Printf("Gateway process exited normally") + logger.InfoC("gateway", "Gateway process exited normally") } gateway.mu.Lock() @@ -455,7 +511,7 @@ func (h *Handler) handleGatewayStart(w http.ResponseWriter, r *http.Request) { _, err = h.startGatewayLocked("starting", pid) gateway.mu.Unlock() if err != nil { - log.Printf("Failed to attach to running gateway (PID: %d): %v", pid, err) + logger.ErrorC("gateway", fmt.Sprintf("Failed to attach to running gateway (PID: %d): %v", pid, err)) http.Error(w, fmt.Sprintf("Failed to attach to gateway: %v", err), http.StatusInternalServerError) return } @@ -524,23 +580,12 @@ func (h *Handler) handleGatewayStop(w http.ResponseWriter, r *http.Request) { return } - pid := gateway.cmd.Process.Pid - - // Send SIGTERM for graceful shutdown (SIGKILL on Windows) - var sigErr error - if runtime.GOOS == "windows" { - sigErr = gateway.cmd.Process.Kill() - } else { - sigErr = gateway.cmd.Process.Signal(syscall.SIGTERM) - } - - if sigErr != nil { - http.Error(w, fmt.Sprintf("Failed to stop gateway (PID %d): %v", pid, sigErr), http.StatusInternalServerError) + pid, err := stopGatewayLocked() + if err != nil { + http.Error(w, fmt.Sprintf("Failed to stop gateway (PID %d): %v", pid, err), http.StatusInternalServerError) return } - log.Printf("Sent stop signal to gateway (PID: %d)", pid) - w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(map[string]any{ "status": "ok", @@ -681,9 +726,9 @@ func (h *Handler) gatewayStatusData() map[string]any { gateway.mu.Lock() data["gateway_status"] = gatewayStatusWithoutHealthLocked() gateway.mu.Unlock() - log.Printf("Gateway health check failed: %v", err) + logger.ErrorC("gateway", fmt.Sprintf("Gateway health check failed: %v", err)) } else { - log.Printf("Gateway health status: %d", statusCode) + logger.InfoC("gateway", fmt.Sprintf("Gateway health status: %d", statusCode)) if statusCode != http.StatusOK { gateway.mu.Lock() setGatewayRuntimeStatusLocked("error") @@ -698,17 +743,32 @@ func (h *Handler) gatewayStatusData() map[string]any { if gateway.cmd != nil && gateway.cmd.Process != nil { oldPid = fmt.Sprintf("%d", gateway.cmd.Process.Pid) } - log.Printf( - "Detected gateway PID from health (old: %s, new: %d), attempting to attach", - oldPid, - healthResp.Pid, - ) - if err := attachToGatewayProcessLocked(healthResp.Pid, cfg); err != nil { - log.Printf( - "Failed to attach to gateway process reported by health (PID: %d): %v", + logger.InfoC( + "gateway", + fmt.Sprintf( + "Detected new gateway PID (old: %s, new: %d), attempting to attach", + oldPid, healthResp.Pid, - err, + ), + ) + + if err := attachToGatewayProcessLocked(healthResp.Pid, cfg); err != nil { + // Failed to find the process, treat as error + setGatewayRuntimeStatusLocked("error") + data["gateway_status"] = "error" + data["pid"] = healthResp.Pid + logger.ErrorC( + "gateway", + fmt.Sprintf("Failed to attach to new gateway process (PID: %d): %v", healthResp.Pid, err), ) + } else { + // Successfully attached, update response data + bootDefaultModel := gateway.bootDefaultModel + if bootDefaultModel != "" { + data["boot_default_model"] = bootDefaultModel + } + data["gateway_status"] = "running" + data["pid"] = healthResp.Pid } } diff --git a/web/backend/api/oauth.go b/web/backend/api/oauth.go index 919b47fbc..4edabb9ab 100644 --- a/web/backend/api/oauth.go +++ b/web/backend/api/oauth.go @@ -7,13 +7,13 @@ import ( "fmt" "html" "io" - "log" "net/http" "strings" "time" "github.com/sipeed/picoclaw/pkg/auth" "github.com/sipeed/picoclaw/pkg/config" + "github.com/sipeed/picoclaw/pkg/logger" "github.com/sipeed/picoclaw/pkg/providers" ) @@ -714,7 +714,7 @@ func (h *Handler) persistCredentialAndConfig(provider, authMethod string, cred * if cp.Email == "" { email, err := oauthFetchGoogleUserEmailFunc(cp.AccessToken) if err != nil { - log.Printf("oauth warning: could not fetch google email: %v", err) + logger.ErrorC("oauth", fmt.Sprintf("oauth warning: could not fetch google email: %v", err)) } else { cp.Email = email } @@ -722,7 +722,7 @@ func (h *Handler) persistCredentialAndConfig(provider, authMethod string, cred * if cp.ProjectID == "" { projectID, err := oauthFetchAntigravityProject(cp.AccessToken) if err != nil { - log.Printf("oauth warning: could not fetch antigravity project id: %v", err) + logger.ErrorC("oauth", fmt.Sprintf("oauth warning: could not fetch antigravity project id: %v", err)) } else { cp.ProjectID = projectID } diff --git a/web/backend/api/router.go b/web/backend/api/router.go index 028a476f2..e4df86ed9 100644 --- a/web/backend/api/router.go +++ b/web/backend/api/router.go @@ -71,4 +71,7 @@ func (h *Handler) RegisterRoutes(mux *http.ServeMux) { h.registerLauncherConfigRoutes(mux) } -func (h *Handler) Shutdown() {} +// Shutdown gracefully shuts down the handler, stopping the gateway if it was started by this handler. +func (h *Handler) Shutdown() { + h.StopGateway() +} diff --git a/web/backend/app_runtime.go b/web/backend/app_runtime.go index cf54e18a1..e3a9ec64f 100644 --- a/web/backend/app_runtime.go +++ b/web/backend/app_runtime.go @@ -2,6 +2,7 @@ package main import ( "context" + "errors" "fmt" "time" @@ -14,20 +15,35 @@ const ( shutdownTimeout = 15 * time.Second ) +// shutdownApp gracefully shuts down all server components and resources. +// It performs the following shutdown sequence: +// - Shuts down the API handler to close all active SSE (Server-Sent Events) connections +// - Disables HTTP keep-alive to prevent new connections during shutdown +// - Attempts graceful HTTP server shutdown with timeout +// - Logs shutdown status at appropriate log levels +// +// The function handles timeout errors gracefully by logging them at info level +// since context.DeadlineExceeded is expected when there are active long-running +// connections (such as SSE streams). +// +// This function should be called during application termination to ensure +// clean resource cleanup and proper connection closure. func shutdownApp() { - fmt.Println(T(Exiting)) - + // First, shutdown API handler to close all SSE connections if apiHandler != nil { apiHandler.Shutdown() } if server != nil { + // Disable keep-alive to allow graceful shutdown server.SetKeepAlivesEnabled(false) ctx, cancel := context.WithTimeout(context.Background(), shutdownTimeout) defer cancel() if err := server.Shutdown(ctx); err != nil { - if err == context.DeadlineExceeded { + // Context deadline exceeded is expected if there are active connections + // This is not necessarily an error, so log it at info level + if errors.Is(err, context.DeadlineExceeded) { logger.Infof("Server shutdown timeout after %v, forcing close", shutdownTimeout) } else { logger.Errorf("Server shutdown error: %v", err) diff --git a/web/backend/embed.go b/web/backend/embed.go index 2b28f84b9..cf0c76bce 100644 --- a/web/backend/embed.go +++ b/web/backend/embed.go @@ -2,12 +2,14 @@ package main import ( "embed" + "fmt" "io/fs" - "log" "mime" "net/http" "path" "strings" + + "github.com/sipeed/picoclaw/pkg/logger" ) //go:embed all:dist @@ -19,16 +21,16 @@ func registerEmbedRoutes(mux *http.ServeMux) { // Go's built-in mime.TypeByExtension returns "image/svg" which is incorrect // The correct MIME type per RFC 6838 is "image/svg+xml" if err := mime.AddExtensionType(".svg", "image/svg+xml"); err != nil { - log.Printf("Warning: failed to register SVG MIME type: %v", err) + logger.ErrorC("web", fmt.Sprintf("Warning: failed to register SVG MIME type: %v", err)) } // Attempt to get the subdirectory 'dist' where Vite usually builds subFS, err := fs.Sub(frontendFS, "dist") if err != nil { // Log a warning if dist doesn't exist yet (e.g., during development before a frontend build) - log.Printf( - "Warning: no 'dist' folder found in embedded frontend. " + - "Ensure you run `pnpm build:backend` in the frontend directory " + + logger.WarnC("web", + "Warning: no 'dist' folder found in embedded frontend. "+ + "Ensure you run `pnpm build:backend` in the frontend directory "+ "before building the Go backend.", ) return diff --git a/web/backend/main.go b/web/backend/main.go index ec4e2832d..922dc2f6d 100644 --- a/web/backend/main.go +++ b/web/backend/main.go @@ -15,14 +15,16 @@ import ( "errors" "flag" "fmt" - "log" "net/http" "os" + "os/signal" "path/filepath" "strconv" + "syscall" "time" "github.com/sipeed/picoclaw/pkg/config" + "github.com/sipeed/picoclaw/pkg/logger" "github.com/sipeed/picoclaw/web/backend/api" "github.com/sipeed/picoclaw/web/backend/launcherconfig" "github.com/sipeed/picoclaw/web/backend/middleware" @@ -48,6 +50,7 @@ func main() { public := flag.Bool("public", false, "Listen on all interfaces (0.0.0.0) instead of localhost only") noBrowser = flag.Bool("no-browser", false, "Do not auto-open browser on startup") lang := flag.String("lang", "", "Language: en (English) or zh (Chinese). Default: auto-detect from system locale") + console := flag.Bool("console", false, "Console mode, no GUI") flag.Usage = func() { fmt.Fprintf(os.Stderr, "PicoClaw Launcher - A web-based configuration editor\n\n") @@ -67,6 +70,26 @@ func main() { } flag.Parse() + // Initialize logger + picoHome := utils.GetPicoclawHome() + // By default, detect terminal to decide console log behavior + // If -console-logs flag is explicitly set, it overrides the detection + enableConsole := *console + if !enableConsole { + // Disable console logging by setting level to Fatal (no output) + logger.SetConsoleLevel(logger.FATAL) + + logPath := filepath.Join(picoHome, "logs", "web.log") + if err := logger.EnableFileLogging(logPath); err != nil { + fmt.Fprintf(os.Stderr, "Failed to initialize logger: %v\n", err) + os.Exit(1) + } + defer logger.DisableFileLogging() + } + + logger.InfoC("web", "PicoClaw Launcher starting...") + logger.InfoC("web", fmt.Sprintf("PicoClaw Home: %s", picoHome)) + // Set language from command line or auto-detect if *lang != "" { SetLanguage(*lang) @@ -80,11 +103,11 @@ func main() { absPath, err := filepath.Abs(configPath) if err != nil { - log.Fatalf("Failed to resolve config path: %v", err) + logger.Fatalf("Failed to resolve config path: %v", err) } err = utils.EnsureOnboarded(absPath) if err != nil { - log.Printf("Warning: Failed to initialize PicoClaw config automatically: %v", err) + logger.Errorf("Warning: Failed to initialize PicoClaw config automatically: %v", err) } var explicitPort bool @@ -101,7 +124,7 @@ func main() { launcherPath := launcherconfig.PathForAppConfig(absPath) launcherCfg, err := launcherconfig.Load(launcherPath, launcherconfig.Default()) if err != nil { - log.Printf("Warning: Failed to load %s: %v", launcherPath, err) + logger.ErrorC("web", fmt.Sprintf("Warning: Failed to load %s: %v", launcherPath, err)) launcherCfg = launcherconfig.Default() } @@ -119,7 +142,7 @@ func main() { if err == nil { err = errors.New("must be in range 1-65535") } - log.Fatalf("Invalid port %q: %v", effectivePort, err) + logger.Fatalf("Invalid port %q: %v", effectivePort, err) } // Determine listen address @@ -143,7 +166,7 @@ func main() { accessControlledMux, err := middleware.IPAllowlist(launcherCfg.AllowedCIDRs, mux) if err != nil { - log.Fatalf("Invalid allowed CIDR configuration: %v", err) + logger.Fatalf("Invalid allowed CIDR configuration: %v", err) } // Apply middleware stack @@ -153,18 +176,28 @@ func main() { ), ) - // Print startup banner - fmt.Print(utils.Banner) - fmt.Println() - fmt.Println(" Open the following URL in your browser:") - fmt.Println() - fmt.Printf(" >> http://localhost:%s <<\n", effectivePort) + // Print startup banner (only in console mode) + if enableConsole { + fmt.Print(utils.Banner) + fmt.Println() + fmt.Println(" Open the following URL in your browser:") + fmt.Println() + fmt.Printf(" >> http://localhost:%s <<\n", effectivePort) + if effectivePublic { + if ip := utils.GetLocalIP(); ip != "" { + fmt.Printf(" >> http://%s:%s <<\n", ip, effectivePort) + } + } + fmt.Println() + } + + // Log startup info to file + logger.InfoC("web", fmt.Sprintf("Server will listen on http://localhost:%s", effectivePort)) if effectivePublic { if ip := utils.GetLocalIP(); ip != "" { - fmt.Printf(" >> http://%s:%s <<\n", ip, effectivePort) + logger.InfoC("web", fmt.Sprintf("Public access enabled at http://%s:%s", ip, effectivePort)) } } - fmt.Println() // Share the local URL with the launcher runtime. serverAddr = fmt.Sprintf("http://localhost:%s", effectivePort) @@ -180,11 +213,38 @@ func main() { // Start the Server in a goroutine server = &http.Server{Addr: addr, Handler: handler} go func() { - log.Printf("Server listening on %s", addr) + logger.InfoC("web", fmt.Sprintf("Server listening on %s", addr)) if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed { - log.Fatalf("Server failed to start: %v", err) + logger.Fatalf("Server failed to start: %v", err) } }() - runTray() + defer shutdownApp() + + // Start system tray or run in console mode + if enableConsole { + if !*noBrowser { + // Auto-open browser after systray is ready (if not disabled) + // Check no-browser flag via environment or pass as parameter if needed + if err := openBrowser(); err != nil { + logger.Errorf("Warning: Failed to auto-open browser: %v", err) + } + } + + sigChan := make(chan os.Signal, 1) + signal.Notify(sigChan, os.Interrupt, syscall.SIGTERM) + + // Main event loop - wait for signals or config changes + for { + select { + case <-sigChan: + logger.Info("Shutting down...") + + return + } + } + } else { + // GUI mode: start system tray + runTray() + } } diff --git a/web/backend/middleware/middleware.go b/web/backend/middleware/middleware.go index e15da577b..5e0dfeb90 100644 --- a/web/backend/middleware/middleware.go +++ b/web/backend/middleware/middleware.go @@ -1,10 +1,12 @@ package middleware import ( - "log" + "fmt" "net/http" "runtime/debug" "time" + + "github.com/sipeed/picoclaw/pkg/logger" ) // JSONContentType sets the Content-Type header to application/json for @@ -48,7 +50,7 @@ func Logger(next http.Handler) http.Handler { start := time.Now() rec := &responseRecorder{ResponseWriter: w, statusCode: http.StatusOK} next.ServeHTTP(rec, r) - log.Printf("%s %s %d %s", r.Method, r.URL.Path, rec.statusCode, time.Since(start)) + logger.DebugC("http", fmt.Sprintf("%s %s %d %s", r.Method, r.URL.Path, rec.statusCode, time.Since(start))) }) } @@ -58,7 +60,7 @@ func Recoverer(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer func() { if err := recover(); err != nil { - log.Printf("panic recovered: %v\n%s", err, debug.Stack()) + logger.ErrorC("http", fmt.Sprintf("panic recovered: %v\n%s", err, debug.Stack())) http.Error(w, `{"error":"internal server error"}`, http.StatusInternalServerError) } }() diff --git a/web/backend/systray.go b/web/backend/systray.go index 2ae4434bb..fde2e115e 100644 --- a/web/backend/systray.go +++ b/web/backend/systray.go @@ -13,7 +13,7 @@ import ( ) func runTray() { - systray.Run(onReady, shutdownApp) + systray.Run(onReady, onExit) } // onReady is called when the system tray is ready @@ -89,6 +89,11 @@ func onReady() { } } +// onExit is called when the system tray is exiting +func onExit() { + logger.Info(T(Exiting)) +} + // getIcon returns the system tray icon func getIcon() []byte { return iconData diff --git a/web/backend/utils/runtime.go b/web/backend/utils/runtime.go index 4e6c32c56..425f25c08 100644 --- a/web/backend/utils/runtime.go +++ b/web/backend/utils/runtime.go @@ -9,19 +9,21 @@ import ( "runtime" ) -// GetDefaultConfigPath returns the default path to the picoclaw config file. +// GetPicoclawHome returns the picoclaw home directory. +// Priority: $PICOCLAW_HOME > ~/.picoclaw +func GetPicoclawHome() string { + if home := os.Getenv("PICOCLAW_HOME"); home != "" { + return home + } + home, _ := os.UserHomeDir() + return filepath.Join(home, ".picoclaw") +} + func GetDefaultConfigPath() string { if configPath := os.Getenv("PICOCLAW_CONFIG"); configPath != "" { return configPath } - if picoclawHome := os.Getenv("PICOCLAW_HOME"); picoclawHome != "" { - return filepath.Join(picoclawHome, "config.json") - } - home, err := os.UserHomeDir() - if err != nil { - return "config.json" - } - return filepath.Join(home, ".picoclaw", "config.json") + return filepath.Join(GetPicoclawHome(), "config.json") } // FindPicoclawBinary locates the picoclaw executable. From 363861c91743777c6e4f1f86c2c483c073af70a8 Mon Sep 17 00:00:00 2001 From: BeaconCat <111232138+BeaconCat@users.noreply.github.com> Date: Wed, 18 Mar 2026 15:26:39 +0800 Subject: [PATCH 16/24] docs: restructure READMEs and add i18n documentation (#1729) Restructure all 6 README files (en, zh, ja, fr, pt-br, vi) from ~1200-1580 lines down to ~250 lines each. Long sections (Chat Apps, Providers, Configuration, Docker, Spawn Tasks, Troubleshooting, Tools) are extracted into dedicated docs under docs/{lang}/ subdirectories. Changes: - Split README content into 7 sub-documents per language (42 new files) - Update News section with v0.2.3/v0.2.1/v0.2.0/20K milestones - Add 3 new Features (MCP Support, Vision Pipeline, Smart Routing) - Complete CLI reference (14 commands, was 7) - Fix Go badge 1.21+ -> 1.25+ (matches go.mod) - Add LoongArch to architecture badge - Fix Install section: hardcoded v0.1.1 -> latest/download URL - Add Termux GitHub links - Fix currency symbol placement ($599 not 599$) - Add missing channels (Feishu, Slack, IRC, OneBot, MaixCam, Pico) - Add missing providers (Kimi, Minimax, Avian, Mistral, Longcat, ModelScope) - Add missing security docs (allow_read/write_paths, allow_remote, symlink) - Remove incorrect azure from Providers table (azure uses model_list only) - Cross-verified all claims against source code Co-authored-by: BeaconCat --- README.fr.md | 1159 ++--------------------- README.ja.md | 1179 +++-------------------- README.md | 1447 ++--------------------------- README.pt-br.md | 1224 +++--------------------- README.vi.md | 1213 +++--------------------- README.zh.md | 882 ++---------------- docs/chat-apps.md | 427 +++++++++ docs/configuration.md | 218 +++++ docs/docker.md | 166 ++++ docs/fr/chat-apps.md | 588 ++++++++++++ docs/fr/configuration.md | 217 +++++ docs/fr/docker.md | 166 ++++ docs/fr/providers.md | 434 +++++++++ docs/fr/spawn-tasks.md | 61 ++ docs/fr/tools_configuration.md | 336 +++++++ docs/fr/troubleshooting.md | 45 + docs/ja/chat-apps.md | 574 ++++++++++++ docs/ja/configuration.md | 256 +++++ docs/ja/docker.md | 168 ++++ docs/ja/providers.md | 434 +++++++++ docs/ja/spawn-tasks.md | 68 ++ docs/ja/tools_configuration.md | 336 +++++++ docs/ja/troubleshooting.md | 45 + docs/providers.md | 436 +++++++++ docs/pt-br/chat-apps.md | 427 +++++++++ docs/pt-br/configuration.md | 217 +++++ docs/pt-br/docker.md | 166 ++++ docs/pt-br/providers.md | 434 +++++++++ docs/pt-br/spawn-tasks.md | 61 ++ docs/pt-br/tools_configuration.md | 336 +++++++ docs/pt-br/troubleshooting.md | 45 + docs/spawn-tasks.md | 61 ++ docs/vi/chat-apps.md | 427 +++++++++ docs/vi/configuration.md | 217 +++++ docs/vi/docker.md | 166 ++++ docs/vi/providers.md | 434 +++++++++ docs/vi/spawn-tasks.md | 61 ++ docs/vi/tools_configuration.md | 336 +++++++ docs/vi/troubleshooting.md | 45 + docs/zh/chat-apps.md | 574 ++++++++++++ docs/zh/configuration.md | 256 +++++ docs/zh/docker.md | 168 ++++ docs/zh/providers.md | 428 +++++++++ docs/zh/spawn-tasks.md | 68 ++ docs/zh/tools_configuration.md | 336 +++++++ docs/zh/troubleshooting.md | 45 + 46 files changed, 10890 insertions(+), 6497 deletions(-) create mode 100644 docs/chat-apps.md create mode 100644 docs/configuration.md create mode 100644 docs/docker.md create mode 100644 docs/fr/chat-apps.md create mode 100644 docs/fr/configuration.md create mode 100644 docs/fr/docker.md create mode 100644 docs/fr/providers.md create mode 100644 docs/fr/spawn-tasks.md create mode 100644 docs/fr/tools_configuration.md create mode 100644 docs/fr/troubleshooting.md create mode 100644 docs/ja/chat-apps.md create mode 100644 docs/ja/configuration.md create mode 100644 docs/ja/docker.md create mode 100644 docs/ja/providers.md create mode 100644 docs/ja/spawn-tasks.md create mode 100644 docs/ja/tools_configuration.md create mode 100644 docs/ja/troubleshooting.md create mode 100644 docs/providers.md create mode 100644 docs/pt-br/chat-apps.md create mode 100644 docs/pt-br/configuration.md create mode 100644 docs/pt-br/docker.md create mode 100644 docs/pt-br/providers.md create mode 100644 docs/pt-br/spawn-tasks.md create mode 100644 docs/pt-br/tools_configuration.md create mode 100644 docs/pt-br/troubleshooting.md create mode 100644 docs/spawn-tasks.md create mode 100644 docs/vi/chat-apps.md create mode 100644 docs/vi/configuration.md create mode 100644 docs/vi/docker.md create mode 100644 docs/vi/providers.md create mode 100644 docs/vi/spawn-tasks.md create mode 100644 docs/vi/tools_configuration.md create mode 100644 docs/vi/troubleshooting.md create mode 100644 docs/zh/chat-apps.md create mode 100644 docs/zh/configuration.md create mode 100644 docs/zh/docker.md create mode 100644 docs/zh/providers.md create mode 100644 docs/zh/spawn-tasks.md create mode 100644 docs/zh/tools_configuration.md create mode 100644 docs/zh/troubleshooting.md diff --git a/README.fr.md b/README.fr.md index 35e5e1e08..325c6c096 100644 --- a/README.fr.md +++ b/README.fr.md @@ -3,10 +3,10 @@

PicoClaw : Assistant IA Ultra-Efficace en Go

-

Matériel à 10$ · 10 Mo de RAM · Démarrage en 1s · 皮皮虾,我们走!

+

Matériel à $10 · <10 Mo de RAM · Démarrage en <1s · 皮皮虾,我们走!

- Go - Hardware + Go + Hardware License
Website @@ -18,7 +18,8 @@ Discord

- [中文](README.zh.md) | [日本語](README.ja.md) | [Português](README.pt-br.md) | [Tiếng Việt](README.vi.md) | [English](README.md) | **Français** +[中文](README.zh.md) | [日本語](README.ja.md) | [Português](README.pt-br.md) | [Tiếng Việt](README.vi.md) | [English](README.md) | **Français** + --- @@ -27,7 +28,7 @@ 🦐 **PicoClaw** est un assistant personnel IA ultra-léger inspiré de [NanoBot](https://github.com/HKUDS/nanobot), entièrement réécrit en **Go** via un processus d'auto-amorçage (self-bootstrapping) — où l'agent IA lui-même a piloté l'intégralité de la migration architecturale et de l'optimisation du code. -⚡️ **Extrêmement léger :** Fonctionne sur du matériel à seulement **10$** avec **<10 Mo** de RAM. C'est 99% de mémoire en moins qu'OpenClaw et 98% moins cher qu'un Mac mini ! +⚡️ **Extrêmement léger :** Fonctionne sur du matériel à seulement **$10** avec **<10 Mo** de RAM. C'est 99% de mémoire en moins qu'OpenClaw et 98% moins cher qu'un Mac mini ! @@ -48,39 +49,59 @@ > **🚨 SÉCURITÉ & CANAUX OFFICIELS** > > * **PAS DE CRYPTO :** PicoClaw n'a **AUCUN** token/jeton officiel. Toute annonce sur `pump.fun` ou d'autres plateformes de trading est une **ARNAQUE**. +> > * **DOMAINE OFFICIEL :** Le **SEUL** site officiel est **[picoclaw.io](https://picoclaw.io)**, et le site de l'entreprise est **[sipeed.com](https://sipeed.com)**. -> * **Attention :** De nombreux domaines `.ai/.org/.com/.net/...` sont enregistrés par des tiers et ne nous appartiennent pas. +> * **Attention :** De nombreux domaines `.ai/.org/.com/.net/...` sont enregistrés par des tiers. > * **Attention :** PicoClaw est en phase de développement précoce et peut présenter des problèmes de sécurité réseau non résolus. Ne déployez pas en environnement de production avant la version v1.0. > * **Note :** PicoClaw a récemment fusionné de nombreuses PR, ce qui peut entraîner une empreinte mémoire plus importante (10–20 Mo) dans les dernières versions. Nous prévoyons de prioriser l'optimisation des ressources dès que l'ensemble des fonctionnalités sera stabilisé. - ## 📢 Actualités -2026-02-16 🎉 PicoClaw a atteint 12K étoiles en une semaine ! Merci à tous pour votre soutien ! PicoClaw grandit plus vite que nous ne l'avions jamais imaginé. Vu le volume élevé de PR, nous avons un besoin urgent de mainteneurs communautaires. Nos rôles de bénévoles et notre feuille de route sont officiellement publiés [ici](docs/ROADMAP.md) — nous avons hâte de vous accueillir ! +2026-03-17 🚀 **v0.2.3 publié !** Interface système tray (Windows & Linux), suivi de statut des sous-agents (`spawn_status`), rechargement à chaud expérimental du gateway, portes de sécurité cron, et 2 correctifs de sécurité. PicoClaw atteint **25K ⭐** ! -2026-02-13 🎉 PicoClaw a atteint 5000 étoiles en 4 jours ! Merci à la communauté ! Nous finalisons la **Feuille de Route du Projet** et mettons en place le **Groupe de Développeurs** pour accélérer le développement de PicoClaw. -🚀 **Appel à l'action :** Soumettez vos demandes de fonctionnalités dans les GitHub Discussions. Nous les examinerons et les prioriserons lors de notre prochaine réunion hebdomadaire. +2026-03-09 🎉 **v0.2.1 — Plus grande mise à jour !** Support du protocole MCP, 4 nouveaux canaux (Matrix/IRC/WeCom/Discord Proxy), 3 nouveaux fournisseurs (Kimi/Minimax/Avian), pipeline de vision, stockage mémoire JSONL, et routage de modèles. -2026-02-09 🎉 PicoClaw est lancé ! Construit en 1 jour pour apporter les Agents IA au matériel à 10$ avec <10 Mo de RAM. 🦐 PicoClaw, c'est parti ! +2026-02-28 📦 **v0.2.0** publié avec support Docker Compose et lanceur Web UI. + +2026-02-26 🎉 PicoClaw a atteint **20K étoiles** en seulement 17 jours ! L'orchestration automatique des canaux et les interfaces de capacités sont arrivées. + +
+Actualités précédentes... + +2026-02-16 🎉 PicoClaw a atteint 12K étoiles en une semaine ! Les rôles de mainteneurs communautaires et la [feuille de route](ROADMAP.md) sont officiellement publiés. + +2026-02-13 🎉 PicoClaw a atteint 5000 étoiles en 4 jours ! La Feuille de Route du Projet et le Groupe de Développeurs sont en cours de mise en place. + +2026-02-09 🎉 **PicoClaw est lancé !** Construit en 1 jour pour apporter les Agents IA au matériel à $10 avec <10 Mo de RAM. 🦐 PicoClaw, c'est parti ! + +
## ✨ Fonctionnalités -🪶 **Ultra-Léger** : Empreinte mémoire <10 Mo — 99% plus petit que Clawdbot pour les fonctionnalités essentielles. +🪶 **Ultra-Léger** : Empreinte mémoire <10 Mo — 99% plus petit que les fonctionnalités essentielles d'OpenClaw.* -💰 **Coût Minimal** : Suffisamment efficace pour fonctionner sur du matériel à 10$ — 98% moins cher qu'un Mac mini. +💰 **Coût Minimal** : Suffisamment efficace pour fonctionner sur du matériel à $10 — 98% moins cher qu'un Mac mini. -⚡️ **Démarrage Éclair** : Temps de démarrage 400X plus rapide, boot en 1 seconde même sur un cœur unique à 0,6 GHz. +⚡️ **Démarrage Éclair** : Temps de démarrage 400X plus rapide, boot en <1 seconde même sur un cœur unique à 0,6 GHz. 🌍 **Véritable Portabilité** : Un seul binaire autonome pour RISC-V, ARM, MIPS et x86. Un clic et c'est parti ! 🤖 **Auto-Construit par l'IA** : Implémentation native en Go de manière autonome — 95% du cœur généré par l'Agent avec affinement humain dans la boucle. +🔌 **Support MCP** : Intégration native du [Model Context Protocol](https://modelcontextprotocol.io/) — connectez n'importe quel serveur MCP pour étendre les capacités de l'agent. + +👁️ **Pipeline de Vision** : Envoyez des images et fichiers directement à l'agent — encodage base64 automatique pour les LLM multimodaux. + +🧠 **Routage Intelligent** : Routage de modèles basé sur des règles — les requêtes simples vont vers des modèles légers, économisant les coûts API. + +_*Les versions récentes peuvent utiliser 10–20 Mo en raison des fusions rapides de fonctionnalités. L'optimisation des ressources est prévue. La comparaison de démarrage est basée sur des benchmarks à cœur unique 0,8 GHz (voir tableau ci-dessous)._ + | | OpenClaw | NanoBot | **PicoClaw** | | ----------------------------- | ------------- | ------------------------ | ----------------------------------------- | | **Langage** | TypeScript | Python | **Go** | -| **RAM** | >1 Go | >100 Mo | **< 10 Mo** | +| **RAM** | >1 Go | >100 Mo | **< 10 Mo*** | | **Démarrage**
(cœur 0,8 GHz) | >500s | >30s | **<1s** | -| **Coût** | Mac Mini 599$ | La plupart des SBC Linux
~50$ | **N'importe quelle carte Linux**
**À partir de 10$** | +| **Coût** | Mac Mini $599 | La plupart des SBC Linux
~$50 | **N'importe quelle carte Linux**
**À partir de $10** | PicoClaw @@ -110,15 +131,15 @@ Donnez une seconde vie à votre téléphone d'il y a dix ans ! Transformez-le en assistant IA intelligent avec PicoClaw. Démarrage rapide : -1. **Installez Termux** (disponible sur F-Droid ou Google Play). +1. **Installez [Termux](https://github.com/termux/termux-app)** (Téléchargez depuis [GitHub Releases](https://github.com/termux/termux-app/releases), ou recherchez sur F-Droid / Google Play). 2. **Exécutez les commandes** ```bash -# Note : Remplacez v0.1.1 par la dernière version depuis la page des Releases -wget https://github.com/sipeed/picoclaw/releases/download/v0.1.1/picoclaw-linux-arm64 -chmod +x picoclaw-linux-arm64 +# Téléchargez la dernière version depuis https://github.com/sipeed/picoclaw/releases +wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz +tar xzf picoclaw_Linux_arm64.tar.gz pkg install proot -termux-chroot ./picoclaw-linux-arm64 onboard +termux-chroot ./picoclaw onboard ``` Puis suivez les instructions de la section « Démarrage Rapide » pour terminer la configuration ! @@ -130,7 +151,7 @@ Puis suivez les instructions de la section « Démarrage Rapide » pour terminer PicoClaw peut être déployé sur pratiquement n'importe quel appareil Linux ! - 9,9$ [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) version E (Ethernet) ou W (WiFi6), pour un Assistant Domotique Minimaliste -- 30~50$ [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), ou 100$ [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) pour la Maintenance Automatisée de Serveurs +- 30~$50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), ou 100$ [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) pour la Maintenance Automatisée de Serveurs - 50$ [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) ou 100$ [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) pour la Surveillance Intelligente @@ -141,7 +162,7 @@ PicoClaw peut être déployé sur pratiquement n'importe quel appareil Linux ! ### Installer avec un binaire précompilé -Téléchargez le binaire pour votre plateforme depuis la page des [releases](https://github.com/sipeed/picoclaw/releases). +Téléchargez le binaire pour votre plateforme depuis la page des [Releases](https://github.com/sipeed/picoclaw/releases). ### Installer depuis les sources (dernières fonctionnalités, recommandé pour le développement) @@ -157,460 +178,28 @@ make build # Compiler pour plusieurs plateformes make build-all +# Compiler pour Raspberry Pi Zero 2 W (32-bit : make build-linux-arm ; 64-bit : make build-linux-arm64) +make build-pi-zero + # Compiler et Installer make install ``` -## 🐳 Docker Compose +**Raspberry Pi Zero 2 W :** Utilisez le binaire correspondant à votre OS : Raspberry Pi OS 32-bit → `make build-linux-arm` ; 64-bit → `make build-linux-arm64`. Ou exécutez `make build-pi-zero` pour compiler les deux. -Vous pouvez également exécuter PicoClaw avec Docker Compose sans rien installer localement. +## 📚 Documentation -```bash -# 1. Clonez ce dépôt -git clone https://github.com/sipeed/picoclaw.git -cd picoclaw +Pour des guides détaillés, consultez la documentation ci-dessous. Ce README ne couvre que le démarrage rapide. -# 2. Premier lancement — génère docker/data/config.json puis s'arrête -docker compose -f docker/docker-compose.yml --profile gateway up -# Le conteneur affiche "First-run setup complete." puis s'arrête. - -# 3. Configurez vos clés API -vim docker/data/config.json # Clés API du fournisseur, tokens de bot, etc. - -# 4. Démarrer -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -> [!TIP] -> **Utilisateurs Docker** : Par défaut, le Gateway écoute sur `127.0.0.1`, ce qui n'est pas accessible depuis l'hôte. Si vous avez besoin d'accéder aux endpoints de santé ou d'exposer des ports, définissez `PICOCLAW_GATEWAY_HOST=0.0.0.0` dans votre environnement ou mettez à jour `config.json`. - -```bash -# 5. Voir les logs -docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway - -# 6. Arrêter -docker compose -f docker/docker-compose.yml --profile gateway down -``` - -### Mode Agent (exécution unique) - -```bash -# Poser une question -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "Combien font 2+2 ?" - -# Mode interactif -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -``` - -### Mettre à jour - -```bash -docker compose -f docker/docker-compose.yml pull -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -### 🚀 Démarrage Rapide - -> [!TIP] -> Configurez votre clé API dans `~/.picoclaw/config.json`. Obtenez des clés API : [Volcengine (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM). La recherche web est optionnelle — obtenez gratuitement l'[API Tavily](https://tavily.com) (1000 requêtes gratuites/mois) ou l'[API Brave Search](https://brave.com/search/api) (2000 requêtes gratuites/mois). - -**1. Initialiser** - -```bash -picoclaw onboard -``` - -**2. Configurer** (`~/.picoclaw/config.json`) - -```json -{ - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key", - "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-your-openai-key", - "request_timeout": 300, - "api_base": "https://api.openai.com/v1" - } - ], - "agents": { - "defaults": { - "model_name": "gpt-5.4" - } - }, - "channels": { - "telegram": { - "enabled": true, - "token": "VOTRE_TOKEN_BOT", - "allow_from": ["VOTRE_USER_ID"] - } - }, - "tools": { - "web": { - "enabled": true, - "fetch_limit_bytes": 10485760, - "format": "plaintext", - "brave": { - "enabled": false, - "api_key": "VOTRE_CLE_API_BRAVE", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - } - } -} -``` - -> **Nouveau** : Le format de configuration `model_list` permet d'ajouter des fournisseurs sans modifier le code. Voir [Configuration de Modèle](#configuration-de-modèle-model_list) pour plus de détails. -> `request_timeout` est optionnel et s'exprime en secondes. S'il est omis ou défini à `<= 0`, PicoClaw utilise le délai d'expiration par défaut (120s). - -**3. Obtenir des Clés API** - -* **Fournisseur LLM** : [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) -* **Recherche Web** (optionnel) : [Brave Search](https://brave.com/search/api) - Offre gratuite disponible (2000 requêtes/mois) - -> **Note** : Consultez `config.example.json` pour un modèle de configuration complet. - -**4. Discuter** - -```bash -picoclaw agent -m "Combien font 2+2 ?" -``` - -Et voilà ! Vous avez un assistant IA fonctionnel en 2 minutes. - ---- - -## 💬 Applications de Chat - -Discutez avec votre PicoClaw via Telegram, Discord, DingTalk, LINE ou WeCom - -| Canal | Configuration | -| ------------ | -------------------------------------- | -| **Telegram** | Facile (juste un token) | -| **Discord** | Facile (token bot + intents) | -| **QQ** | Facile (AppID + AppSecret) | -| **DingTalk** | Moyen (identifiants de l'application) | -| **LINE** | Moyen (identifiants + URL de webhook) | -| **WeCom AI Bot** | Moyen (Token + clé AES) | - -
-Telegram (Recommandé) - -**1. Créer un bot** - -* Ouvrez Telegram, recherchez `@BotFather` -* Envoyez `/newbot`, suivez les instructions -* Copiez le token - -**2. Configurer** - -```json -{ - "channels": { - "telegram": { - "enabled": true, - "token": "VOTRE_TOKEN_BOT", - "allow_from": ["VOTRE_USER_ID"] - } - } -} -``` - -> Obtenez votre User ID via `@userinfobot` sur Telegram. - -**3. Lancer** - -```bash -picoclaw gateway -``` - -
- -
-Discord - -**1. Créer un bot** - -* Rendez-vous sur -* Créez une application → Bot → Add Bot -* Copiez le token du bot - -**2. Activer les intents** - -* Dans les paramètres du Bot, activez **MESSAGE CONTENT INTENT** -* (Optionnel) Activez **SERVER MEMBERS INTENT** si vous souhaitez utiliser des listes d'autorisation basées sur les données des membres - -**3. Obtenir votre User ID** - -* Paramètres Discord → Avancé → activez le **Mode Développeur** -* Clic droit sur votre avatar → **Copier l'identifiant** - -**4. Configurer** - -```json -{ - "channels": { - "discord": { - "enabled": true, - "token": "VOTRE_TOKEN_BOT", - "allow_from": ["VOTRE_USER_ID"] - } - } -} -``` - -**5. Inviter le bot** - -* OAuth2 → URL Generator -* Scopes : `bot` -* Permissions du Bot : `Send Messages`, `Read Message History` -* Ouvrez l'URL d'invitation générée et ajoutez le bot à votre serveur - -**6. Lancer** - -```bash -picoclaw gateway -``` - -
- -
-QQ - -**1. Créer un bot** - -- Rendez-vous sur la [QQ Open Platform](https://q.qq.com/#) -- Créez une application → Obtenez l'**AppID** et l'**AppSecret** - -**2. Configurer** - -```json -{ - "channels": { - "qq": { - "enabled": true, - "app_id": "VOTRE_APP_ID", - "app_secret": "VOTRE_APP_SECRET", - "allow_from": [] - } - } -} -``` - -> Laissez `allow_from` vide pour autoriser tous les utilisateurs, ou spécifiez des numéros QQ pour restreindre l'accès. - -**3. Lancer** - -```bash -picoclaw gateway -``` - -
- -
-DingTalk - -**1. Créer un bot** - -* Rendez-vous sur la [Open Platform](https://open.dingtalk.com/) -* Créez une application interne -* Copiez le Client ID et le Client Secret - -**2. Configurer** - -```json -{ - "channels": { - "dingtalk": { - "enabled": true, - "client_id": "VOTRE_CLIENT_ID", - "client_secret": "VOTRE_CLIENT_SECRET", - "allow_from": [] - } - } -} -``` - -> Laissez `allow_from` vide pour autoriser tous les utilisateurs, ou spécifiez des identifiants pour restreindre l'accès. - -**3. Lancer** - -```bash -picoclaw gateway -``` - -
- -
-LINE - -**1. Créer un Compte Officiel LINE** - -- Rendez-vous sur la [LINE Developers Console](https://developers.line.biz/) -- Créez un provider → Créez un canal Messaging API -- Copiez le **Channel Secret** et le **Channel Access Token** - -**2. Configurer** - -```json -{ - "channels": { - "line": { - "enabled": true, - "channel_secret": "VOTRE_CHANNEL_SECRET", - "channel_access_token": "VOTRE_CHANNEL_ACCESS_TOKEN", - "webhook_path": "/webhook/line", - "allow_from": [] - } - } -} -``` - -**3. Configurer l'URL du Webhook** - -LINE exige HTTPS pour les webhooks. Utilisez un reverse proxy ou un tunnel : - -```bash -# Exemple avec ngrok (tunnel vers le serveur Gateway partagé) -ngrok http 18790 -``` - -Puis configurez l'URL du Webhook dans la LINE Developers Console sur `https://votre-domaine/webhook/line` et activez **Use webhook**. - -> **Note** : Le webhook LINE est servi par le serveur Gateway partagé (par défaut `127.0.0.1:18790`). Si vous utilisez ngrok ou un proxy inverse, faites pointer le tunnel vers le port `18790`. - -**4. Lancer** - -```bash -picoclaw gateway -``` - -> Dans les discussions de groupe, le bot répond uniquement lorsqu'il est mentionné avec @. Les réponses citent le message original. - -> **Docker Compose** : Si vous avez besoin d'exposer le webhook LINE via Docker, mappez le port du Gateway partagé (par défaut `18790`) vers l'hôte, par exemple `ports: ["18790:18790"]`. Notez que le serveur Gateway sert les webhooks de tous les canaux à partir de ce port. - -
- -
-WeCom (WeChat Work) - -PicoClaw prend en charge trois types d'intégration WeCom : - -**Option 1 : WeCom Bot (Robot)** - Configuration plus facile, prend en charge les discussions de groupe -**Option 2 : WeCom App (Application Personnalisée)** - Plus de fonctionnalités, messagerie proactive, chat privé uniquement -**Option 3 : WeCom AI Bot (Bot Intelligent)** - Bot IA officiel, réponses en streaming, prend en charge groupe et privé - -Voir le [Guide de Configuration WeCom AI Bot](docs/channels/wecom/wecom_aibot/README.zh.md) pour des instructions détaillées. - -**Configuration Rapide - WeCom Bot :** - -**1. Créer un bot** - -* Accédez à la Console d'Administration WeCom → Discussion de Groupe → Ajouter un Bot de Groupe -* Copiez l'URL du webhook (format : `https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) - -**2. Configurer** - -```json -{ - "channels": { - "wecom": { - "enabled": true, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_ENCODING_AES_KEY", - "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", - "webhook_path": "/webhook/wecom", - "allow_from": [] - } - } -} -``` - -**Configuration Rapide - WeCom App :** - -**1. Créer une application** - -* Accédez à la Console d'Administration WeCom → Gestion des Applications → Créer une Application -* Copiez l'**AgentId** et le **Secret** -* Accédez à la page "Mon Entreprise", copiez le **CorpID** - -**2. Configurer la réception des messages** - -* Dans les détails de l'application, cliquez sur "Recevoir les Messages" → "Configurer l'API" -* Définissez l'URL sur `http://your-server:18790/webhook/wecom-app` -* Générez le **Token** et l'**EncodingAESKey** - -**3. Configurer** - -```json -{ - "channels": { - "wecom_app": { - "enabled": true, - "corp_id": "wwxxxxxxxxxxxxxxxx", - "corp_secret": "YOUR_CORP_SECRET", - "agent_id": 1000002, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_ENCODING_AES_KEY", - "webhook_path": "/webhook/wecom-app", - "allow_from": [] - } - } -} -``` - -**4. Lancer** - -```bash -picoclaw gateway -``` - -> **Note** : Les callbacks webhook WeCom App sont servis par le serveur Gateway partagé (par défaut `127.0.0.1:18790`). Assurez-vous que le port `18790` est accessible ou utilisez un proxy inverse HTTPS en production. - -**Configuration Rapide - WeCom AI Bot :** - -**1. Créer un AI Bot** - -* Accédez à la Console d'Administration WeCom → Gestion des Applications → AI Bot -* Configurez l'URL de callback : `http://your-server:18791/webhook/wecom-aibot` -* Copiez le **Token** et générez l'**EncodingAESKey** - -**2. Configurer** - -```json -{ - "channels": { - "wecom_aibot": { - "enabled": true, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", - "webhook_path": "/webhook/wecom-aibot", - "allow_from": [], - "welcome_message": "Bonjour ! Comment puis-je vous aider ?" - } - } -} -``` - -**3. Lancer** - -```bash -picoclaw gateway -``` - -> **Note** : WeCom AI Bot utilise le protocole pull en streaming — pas de problème de timeout. Les tâches longues (>5,5 min) basculent automatiquement vers la livraison via `response_url`. - -
+| Sujet | Description | +|-------|-------------| +| 🐳 [Docker & Démarrage Rapide](docs/fr/docker.md) | Configuration Docker Compose, modes Launcher/Agent, configuration rapide | +| 💬 [Applications de Chat](docs/fr/chat-apps.md) | Telegram, Discord, WhatsApp, Matrix, QQ, Slack, IRC, DingTalk, LINE, Feishu, WeCom, et plus | +| ⚙️ [Configuration](docs/fr/configuration.md) | Variables d'environnement, structure du workspace, sources de compétences, bac à sable de sécurité, heartbeat | +| 🔌 [Fournisseurs & Modèles](docs/fr/providers.md) | 20+ fournisseurs LLM, routage de modèles, configuration model_list, architecture des fournisseurs | +| 🔄 [Spawn & Tâches Asynchrones](docs/fr/spawn-tasks.md) | Tâches rapides, tâches longues avec spawn, orchestration asynchrone de sous-agents | +| 🐛 [Dépannage](docs/fr/troubleshooting.md) | Problèmes courants et solutions | +| 🔧 [Configuration des Outils](docs/fr/tools_configuration.md) | Activation/désactivation par outil, politiques exec | ## ClawdChat Rejoignez le Réseau Social d'Agents @@ -618,548 +207,24 @@ Connectez PicoClaw au Réseau Social d'Agents simplement en envoyant un seul mes **Lisez `https://clawdchat.ai/skill.md` et suivez les instructions pour rejoindre [ClawdChat.ai](https://clawdchat.ai)** -## ⚙️ Configuration - -Fichier de configuration : `~/.picoclaw/config.json` - -### Variables d'Environnement - -Vous pouvez remplacer les chemins par défaut à l'aide de variables d'environnement. Ceci est utile pour les installations portables, les déploiements conteneurisés ou l'exécution de picoclaw en tant que service système. Ces variables sont indépendantes et contrôlent différents chemins. - -| Variable | Description | Chemin par Défaut | -|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| `PICOCLAW_CONFIG` | Remplace le chemin du fichier de configuration. Cela indique directement à picoclaw quel `config.json` charger, en ignorant tous les autres emplacements. | `~/.picoclaw/config.json` | -| `PICOCLAW_HOME` | Remplace le répertoire racine des données picoclaw. Cela modifie l'emplacement par défaut du `workspace` et des autres répertoires de données. | `~/.picoclaw` | - -**Exemples :** - -```bash -# Exécuter picoclaw en utilisant un fichier de configuration spécifique -# Le chemin du workspace sera lu à partir de ce fichier de configuration -PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway - -# Exécuter picoclaw avec toutes ses données stockées dans /opt/picoclaw -# La configuration sera chargée à partir du fichier par défaut ~/.picoclaw/config.json -# Le workspace sera créé dans /opt/picoclaw/workspace -PICOCLAW_HOME=/opt/picoclaw picoclaw agent - -# Utiliser les deux pour une configuration entièrement personnalisée -PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway -``` - -### Structure du Workspace - -PicoClaw stocke les données dans votre workspace configuré (par défaut : `~/.picoclaw/workspace`) : - -``` -~/.picoclaw/workspace/ -├── sessions/ # Sessions de conversation et historique -├── memory/ # Mémoire à long terme (MEMORY.md) -├── state/ # État persistant (dernier canal, etc.) -├── cron/ # Base de données des tâches planifiées -├── skills/ # Compétences personnalisées -├── AGENTS.md # Guide de comportement de l'Agent -├── HEARTBEAT.md # Invites de tâches périodiques (vérifiées toutes les 30 min) -├── IDENTITY.md # Identité de l'Agent -├── SOUL.md # Âme de l'Agent -└── USER.md # Préférences utilisateur -``` - -### 🔒 Bac à Sable de Sécurité - -PicoClaw s'exécute dans un environnement sandboxé par défaut. L'agent ne peut accéder aux fichiers et exécuter des commandes qu'au sein du workspace configuré. - -#### Configuration par Défaut - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "restrict_to_workspace": true - } - } -} -``` - -| Option | Par défaut | Description | -|--------|------------|-------------| -| `workspace` | `~/.picoclaw/workspace` | Répertoire de travail de l'agent | -| `restrict_to_workspace` | `true` | Restreindre l'accès fichiers/commandes au workspace | - -#### Outils Protégés - -Lorsque `restrict_to_workspace: true`, les outils suivants sont restreints au bac à sable : - -| Outil | Fonction | Restriction | -|-------|----------|-------------| -| `read_file` | Lire des fichiers | Uniquement les fichiers dans le workspace | -| `write_file` | Écrire des fichiers | Uniquement les fichiers dans le workspace | -| `list_dir` | Lister des répertoires | Uniquement les répertoires dans le workspace | -| `edit_file` | Éditer des fichiers | Uniquement les fichiers dans le workspace | -| `append_file` | Ajouter à des fichiers | Uniquement les fichiers dans le workspace | -| `exec` | Exécuter des commandes | Les chemins doivent être dans le workspace | - -#### Protection Supplémentaire d'Exec - -Même avec `restrict_to_workspace: false`, l'outil `exec` bloque ces commandes dangereuses : - -* `rm -rf`, `del /f`, `rmdir /s` — Suppression en masse -* `format`, `mkfs`, `diskpart` — Formatage de disque -* `dd if=` — Écriture d'image disque -* Écriture vers `/dev/sd[a-z]` — Écriture directe sur le disque -* `shutdown`, `reboot`, `poweroff` — Arrêt du système -* Fork bomb `:(){ :|:& };:` - -#### Exemples d'Erreurs - -``` -[ERROR] tool: Tool execution failed -{tool=exec, error=Command blocked by safety guard (path outside working dir)} -``` - -``` -[ERROR] tool: Tool execution failed -{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} -``` - -#### Désactiver les Restrictions (Risque de Sécurité) - -Si vous avez besoin que l'agent accède à des chemins en dehors du workspace : - -**Méthode 1 : Fichier de configuration** - -```json -{ - "agents": { - "defaults": { - "restrict_to_workspace": false - } - } -} -``` - -**Méthode 2 : Variable d'environnement** - -```bash -export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false -``` - -> ⚠️ **Attention** : Désactiver cette restriction permet à l'agent d'accéder à n'importe quel chemin sur votre système. À utiliser avec précaution uniquement dans des environnements contrôlés. - -#### Cohérence du Périmètre de Sécurité - -Le paramètre `restrict_to_workspace` s'applique de manière cohérente sur tous les chemins d'exécution : - -| Chemin d'Exécution | Périmètre de Sécurité | -|--------------------|----------------------| -| Agent Principal | `restrict_to_workspace` ✅ | -| Sous-agent / Spawn | Hérite de la même restriction ✅ | -| Tâches Heartbeat | Hérite de la même restriction ✅ | - -Tous les chemins partagent la même restriction de workspace — il est impossible de contourner le périmètre de sécurité via des sous-agents ou des tâches planifiées. - -### Heartbeat (Tâches Périodiques) - -PicoClaw peut exécuter des tâches périodiques automatiquement. Créez un fichier `HEARTBEAT.md` dans votre workspace : - -```markdown -# Tâches Périodiques - -- Vérifier mes e-mails pour les messages importants -- Consulter mon agenda pour les événements à venir -- Vérifier les prévisions météo -``` - -L'agent lira ce fichier toutes les 30 minutes (configurable) et exécutera les tâches à l'aide des outils disponibles. - -#### Tâches Asynchrones avec Spawn - -Pour les tâches de longue durée (recherche web, appels API), utilisez l'outil `spawn` pour créer un **sous-agent** : - -```markdown -# Tâches Périodiques - -## Tâches Rapides (réponse directe) -- Indiquer l'heure actuelle - -## Tâches Longues (utiliser spawn pour l'asynchrone) -- Rechercher les actualités IA sur le web et les résumer -- Vérifier les e-mails et signaler les messages importants -``` - -**Comportements clés :** - -| Fonctionnalité | Description | -|----------------|-------------| -| **spawn** | Crée un sous-agent asynchrone, ne bloque pas le heartbeat | -| **Contexte indépendant** | Le sous-agent a son propre contexte, sans historique de session | -| **Outil message** | Le sous-agent communique directement avec l'utilisateur via l'outil message | -| **Non-bloquant** | Après le spawn, le heartbeat continue vers la tâche suivante | - -#### Fonctionnement de la Communication du Sous-agent - -``` -Le Heartbeat se déclenche - ↓ -L'Agent lit HEARTBEAT.md - ↓ -Pour une tâche longue : spawn d'un sous-agent - ↓ ↓ -Continue la tâche suivante Le sous-agent travaille indépendamment - ↓ ↓ -Toutes les tâches terminées Le sous-agent utilise l'outil "message" - ↓ ↓ -Répond HEARTBEAT_OK L'utilisateur reçoit le résultat directement -``` - -Le sous-agent a accès aux outils (message, web_search, etc.) et peut communiquer avec l'utilisateur indépendamment sans passer par l'agent principal. - -**Configuration :** - -```json -{ - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -| Option | Par défaut | Description | -|--------|------------|-------------| -| `enabled` | `true` | Activer/désactiver le heartbeat | -| `interval` | `30` | Intervalle de vérification en minutes (min : 5) | - -**Variables d'environnement :** - -* `PICOCLAW_HEARTBEAT_ENABLED=false` pour désactiver -* `PICOCLAW_HEARTBEAT_INTERVAL=60` pour modifier l'intervalle - -### Fournisseurs - -> [!NOTE] -> Groq fournit la transcription vocale gratuite via Whisper. Si configuré, les messages audio de n'importe quel canal seront automatiquement transcrits au niveau de l'agent. - -| Fournisseur | Utilisation | Obtenir une Clé API | -| ------------------------ | ---------------------------------------- | ------------------------------------------------------ | -| `gemini` | LLM (Gemini direct) | [aistudio.google.com](https://aistudio.google.com) | -| `zhipu` | LLM (Zhipu direct) | [bigmodel.cn](bigmodel.cn) | -| `volcengine` | LLM(Volcengine direct) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| `openrouter` (À tester) | LLM (recommandé, accès à tous les modèles) | [openrouter.ai](https://openrouter.ai) | -| `anthropic` (À tester) | LLM (Claude direct) | [console.anthropic.com](https://console.anthropic.com) | -| `openai` (À tester) | LLM (GPT direct) | [platform.openai.com](https://platform.openai.com) | -| `deepseek` (À tester) | LLM (DeepSeek direct) | [platform.deepseek.com](https://platform.deepseek.com) | -| `qwen` | LLM (Alibaba Qwen) | [dashscope.aliyuncs.com](https://dashscope.aliyuncs.com/compatible-mode/v1) | -| `cerebras` | LLM (Cerebras) | [cerebras.ai](https://api.cerebras.ai/v1) | -| `groq` | LLM + **Transcription vocale** (Whisper) | [console.groq.com](https://console.groq.com) | - -
-Configuration Zhipu - -**1. Obtenir la clé API** - -* Obtenez la [clé API](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) - -**2. Configurer** - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "model": "glm-4.7", - "max_tokens": 8192, - "temperature": 0.7, - "max_tool_iterations": 20 - } - }, - "providers": { - "zhipu": { - "api_key": "Votre Clé API", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - } -} -``` - -**3. Lancer** - -```bash -picoclaw agent -m "Bonjour, comment ça va ?" -``` - -
- -
-Exemple de configuration complète - -```json -{ - "agents": { - "defaults": { - "model": "anthropic/claude-opus-4-5" - } - }, - "providers": { - "openrouter": { - "api_key": "sk-or-v1-xxx" - }, - "groq": { - "api_key": "gsk_xxx" - } - }, - "channels": { - "telegram": { - "enabled": true, - "token": "123456:ABC...", - "allow_from": ["123456789"] - }, - "discord": { - "enabled": true, - "token": "", - "allow_from": [""] - }, - "whatsapp": { - "enabled": false - }, - "feishu": { - "enabled": false, - "app_id": "cli_xxx", - "app_secret": "xxx", - "encrypt_key": "", - "verification_token": "", - "allow_from": [] - }, - "qq": { - "enabled": false, - "app_id": "", - "app_secret": "", - "allow_from": [] - } - }, - "tools": { - "web": { - "brave": { - "enabled": false, - "api_key": "BSA...", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - }, - "cron": { - "exec_timeout_minutes": 5 - } - }, - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -
- -### Configuration de Modèle (model_list) - -> **Nouveau !** PicoClaw utilise désormais une approche de configuration **centrée sur le modèle**. Spécifiez simplement le format `fournisseur/modèle` (par exemple, `zhipu/glm-4.7`) pour ajouter de nouveaux fournisseurs—**aucune modification de code requise !** - -Cette conception permet également le **support multi-agent** avec une sélection flexible de fournisseurs : - -- **Différents agents, différents fournisseurs** : Chaque agent peut utiliser son propre fournisseur LLM -- **Modèles de secours (Fallbacks)** : Configurez des modèles primaires et de secours pour la résilience -- **Équilibrage de charge** : Répartissez les requêtes sur plusieurs points de terminaison -- **Configuration centralisée** : Gérez tous les fournisseurs en un seul endroit - -#### 📋 Tous les Fournisseurs Supportés - -| Fournisseur | Préfixe `model` | API Base par Défaut | Protocole | Clé API | -|-------------|-----------------|---------------------|----------|---------| -| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Obtenir Clé](https://platform.openai.com) | -| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Obtenir Clé](https://console.anthropic.com) | -| **Zhipu AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Obtenir Clé](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | -| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Obtenir Clé](https://platform.deepseek.com) | -| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Obtenir Clé](https://aistudio.google.com/api-keys) | -| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Obtenir Clé](https://console.groq.com) | -| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [Obtenir Clé](https://platform.moonshot.cn) | -| **Qwen (Alibaba)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Obtenir Clé](https://dashscope.console.aliyun.com) | -| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [Obtenir Clé](https://build.nvidia.com) | -| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (pas de clé nécessaire) | -| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Obtenir Clé](https://openrouter.ai/keys) | -| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | Local | -| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [Obtenir Clé](https://cerebras.ai) | -| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Obtenir Clé](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| **ShengsuanYun** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | -| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [Obtenir Clé](https://www.byteplus.com/) | -| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [Obtenir une clé](https://longcat.chat/platform) | -| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [Obtenir un Token](https://modelscope.cn/my/tokens) | -| **Azure OpenAI** | `azure/` | `https://{resource}.openai.azure.com` | Azure | [Obtenir Clé](https://portal.azure.com) | -| **Antigravity** | `antigravity/` | Google Cloud | Custom | OAuth uniquement | -| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | - -#### Configuration de Base - -```json -{ - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-your-openai-key" - }, - { - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "api_key": "sk-ant-your-key" - }, - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-zhipu-key" - } - ], - "agents": { - "defaults": { - "model": "gpt-5.4" - } - } -} -``` - -#### Exemples par Fournisseur - -**OpenAI** -```json -{ - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-..." -} -``` - -**VolcEngine (Doubao)** -```json -{ - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-..." -} -``` - -**Zhipu AI (GLM)** -```json -{ - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" -} -``` - -**Anthropic (avec OAuth)** -```json -{ - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "auth_method": "oauth" -} -``` -> Exécutez `picoclaw auth login --provider anthropic` pour configurer les identifiants OAuth. - -**Proxy/API personnalisée** -```json -{ - "model_name": "my-custom-model", - "model": "openai/custom-model", - "api_base": "https://my-proxy.com/v1", - "api_key": "sk-...", - "request_timeout": 300 -} -``` - -#### Équilibrage de Charge - -Configurez plusieurs points de terminaison pour le même nom de modèle—PicoClaw utilisera automatiquement le round-robin entre eux : - -```json -{ - "model_list": [ - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api1.example.com/v1", - "api_key": "sk-key1" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api2.example.com/v1", - "api_key": "sk-key2" - } - ] -} -``` - -#### Migration depuis l'Ancienne Configuration `providers` - -L'ancienne configuration `providers` est **dépréciée** mais toujours supportée pour la rétrocompatibilité. - -**Ancienne Configuration (dépréciée) :** -```json -{ - "providers": { - "zhipu": { - "api_key": "your-key", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - }, - "agents": { - "defaults": { - "provider": "zhipu", - "model": "glm-4.7" - } - } -} -``` - -**Nouvelle Configuration (recommandée) :** -```json -{ - "model_list": [ - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" - } - ], - "agents": { - "defaults": { - "model": "glm-4.7" - } - } -} -``` - -Pour le guide de migration détaillé, voir [docs/migration/model-list-migration.md](docs/migration/model-list-migration.md). - -## Référence CLI - -| Commande | Description | -| ------------------------- | ------------------------------------- | -| `picoclaw onboard` | Initialiser la configuration & le workspace | -| `picoclaw agent -m "..."` | Discuter avec l'agent | -| `picoclaw agent` | Mode de discussion interactif | -| `picoclaw gateway` | Démarrer la passerelle | -| `picoclaw status` | Afficher le statut | -| `picoclaw cron list` | Lister toutes les tâches planifiées | -| `picoclaw cron add ...` | Ajouter une tâche planifiée | +## 🖥️ Référence CLI + +| Commande | Description | +| ------------------------- | ---------------------------------- | +| `picoclaw onboard` | Initialiser la config & le workspace | +| `picoclaw agent -m "..."` | Discuter avec l'agent | +| `picoclaw agent` | Mode chat interactif | +| `picoclaw gateway` | Démarrer le gateway | +| `picoclaw status` | Afficher le statut | +| `picoclaw version` | Afficher les infos de version | +| `picoclaw cron list` | Lister les tâches planifiées | +| `picoclaw cron add ...` | Ajouter une tâche planifiée | +| `picoclaw cron disable` | Désactiver une tâche planifiée | +| `picoclaw cron remove` | Supprimer une tâche planifiée | +| `picoclaw skills list` | Lister les compétences installées | +| `picoclaw skills install` | Installer une compétence | +| `picoclaw migrate` | Migrer les données des anciennes versions | +| `picoclaw auth login` | S'authentifier auprès des fournisseurs | ### Tâches Planifiées / Rappels @@ -1167,78 +232,18 @@ PicoClaw prend en charge les rappels planifiés et les tâches récurrentes via * **Rappels ponctuels** : « Rappelle-moi dans 10 minutes » → se déclenche une fois après 10 min * **Tâches récurrentes** : « Rappelle-moi toutes les 2 heures » → se déclenche toutes les 2 heures -* **Expressions Cron** : « Rappelle-moi à 9h tous les jours » → utilise une expression cron - -Les tâches sont stockées dans `~/.picoclaw/workspace/cron/` et traitées automatiquement. +* **Expressions cron** : « Rappelle-moi à 9h chaque jour » → utilise une expression cron ## 🤝 Contribuer & Feuille de Route -Les PR sont les bienvenues ! Le code source est volontairement petit et lisible. 🤗 +Les PR sont les bienvenues ! Le code est intentionnellement petit et lisible. 🤗 -Feuille de route à venir... +Consultez notre [Feuille de Route Communautaire](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md) complète. -Groupe de développeurs en construction. Condition d'entrée : au moins 1 PR fusionnée. +Groupe de développeurs en construction, rejoignez-nous après votre première PR fusionnée ! Groupes d'utilisateurs : -Discord : +discord : PicoClaw - -## 🐛 Dépannage - -### La recherche web affiche « API 配置问题 » - -C'est normal si vous n'avez pas encore configuré de clé API de recherche. PicoClaw fournira des liens utiles pour la recherche manuelle. - -Pour activer la recherche web : - -1. **Option 1 (Recommandé)** : Obtenez une clé API gratuite sur [https://brave.com/search/api](https://brave.com/search/api) (2000 requêtes gratuites/mois) pour les meilleurs résultats. -2. **Option 2 (Sans carte bancaire)** : Si vous n'avez pas de clé, le système bascule automatiquement sur **DuckDuckGo** (aucune clé requise). - -Ajoutez la clé dans `~/.picoclaw/config.json` si vous utilisez Brave : - -```json -{ - "tools": { - "web": { - "brave": { - "enabled": false, - "api_key": "VOTRE_CLE_API_BRAVE", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - } - } -} -``` - -### Erreurs de filtrage de contenu - -Certains fournisseurs (comme Zhipu) disposent d'un filtrage de contenu. Essayez de reformuler votre requête ou utilisez un modèle différent. - -### Le bot Telegram affiche « Conflict: terminated by other getUpdates » - -Cela se produit lorsqu'une autre instance du bot est en cours d'exécution. Assurez-vous qu'un seul `picoclaw gateway` fonctionne à la fois. - ---- - -## 📝 Comparaison des Clés API - -| Service | Offre Gratuite | Cas d'Utilisation | -| ---------------- | -------------------- | ------------------------------------- | -| **OpenRouter** | 200K tokens/mois | Multiples modèles (Claude, GPT-4, etc.) | -| **Volcengine CodingPlan** | 9,9¥/premier mois | Idéal pour les utilisateurs chinois, multiples modèles SOTA (Doubao, DeepSeek, etc.) | -| **Zhipu** | 200K tokens/mois | Convient aux utilisateurs chinois | -| **Brave Search** | 2000 requêtes/mois | Fonctionnalité de recherche web | -| **Groq** | Offre gratuite dispo | Inférence ultra-rapide (Llama, Mixtral) | -| **ModelScope** | 2000 requêtes/jour | Inférence gratuite (Qwen, GLM, DeepSeek, etc.) | - ---- - -
- PicoClaw Meme -
diff --git a/README.ja.md b/README.ja.md index b1a784af9..5cfd6359a 100644 --- a/README.ja.md +++ b/README.ja.md @@ -1,13 +1,12 @@
-PicoClaw + PicoClaw -

PicoClaw: Go で書かれた超効率 AI アシスタント

+

PicoClaw: Go で書かれた超効率 AI アシスタント

-

$10 ハードウェア · 10MB RAM · 1秒起動 · 行くぜ、シャコ!

-

+

$10 ハードウェア · <10MB RAM · <1秒起動 · 行くぜ、シャコ!

- Go - Hardware + Go + Hardware License
Website @@ -23,7 +22,6 @@

- --- > **PicoClaw** は [Sipeed](https://sipeed.com) が立ち上げた独立したオープンソースプロジェクトです。完全に **Go 言語**で一から書かれており、OpenClaw、NanoBot、その他のプロジェクトのフォークではありません。 @@ -47,32 +45,70 @@
+> [!CAUTION] +> **🚨 セキュリティ&公式チャンネル** +> +> * **暗号通貨なし:** PicoClaw には公式トークン/コインは**一切ありません**。`pump.fun` やその他の取引プラットフォームでの主張はすべて**詐欺**です。 +> +> * **公式ドメイン:** **唯一**の公式サイトは **[picoclaw.io](https://picoclaw.io)**、企業サイトは **[sipeed.com](https://sipeed.com)** です。 +> * **注意:** 多くの `.ai/.org/.com/.net/...` ドメインは第三者によって登録されています。 +> * **注意:** PicoClaw は初期開発段階にあり、未解決のネットワークセキュリティ問題がある可能性があります。v1.0 リリース前に本番環境へのデプロイは避けてください。 +> * **注記:** PicoClaw は最近多くの PR をマージしており、最新バージョンではメモリフットプリントが大きくなる場合があります(10〜20MB)。機能セットが安定次第、リソース最適化を優先する予定です。 + ## 📢 ニュース -2026-02-09 🎉 PicoClaw リリース!$10 ハードウェアで 10MB 未満の RAM で動く AI エージェントを 1 日で構築。🦐 行くぜ、シャコ! + +2026-03-17 🚀 **v0.2.3 リリース!** システムトレイ UI(Windows & Linux)、サブエージェントステータス追跡(`spawn_status`)、実験的ゲートウェイホットリロード、cron セキュリティゲート、セキュリティ修正 2 件。PicoClaw **25K ⭐** 達成! + +2026-03-09 🎉 **v0.2.1 — 史上最大のアップデート!** MCP プロトコル対応、4 つの新チャネル(Matrix/IRC/WeCom/Discord Proxy)、3 つの新プロバイダー(Kimi/Minimax/Avian)、ビジョンパイプライン、JSONL メモリストア、モデルルーティング。 + +2026-02-28 📦 **v0.2.0** リリース — Docker Compose 対応と Web UI ランチャー。 + +2026-02-26 🎉 PicoClaw がわずか 17 日で **20K スター** 達成!チャネル自動オーケストレーションとケイパビリティインターフェースが実装されました。 + +
+過去のニュース... + +2026-02-16 🎉 PicoClaw が 1 週間で 12K スター達成!コミュニティメンテナーの役割と[ロードマップ](ROADMAP.md)が正式に公開されました。 + +2026-02-13 🎉 PicoClaw が 4 日間で 5000 スター達成!プロジェクトロードマップと開発者グループの準備が進行中。 + +2026-02-09 🎉 **PicoClaw リリース!** $10 ハードウェアで 10MB 未満の RAM で動く AI エージェントを 1 日で構築。🦐 行くぜ、シャコ! + +
## ✨ 特徴 -🪶 **超軽量**: メモリフットプリント 10MB 未満 — Clawdbot のコア機能より 99% 小さい。 +🪶 **超軽量**: メモリフットプリント 10MB 未満 — OpenClaw のコア機能より 99% 小さい。* 💰 **最小コスト**: $10 ハードウェアで動作 — Mac mini より 98% 安い。 -⚡️ **超高速**: 起動時間 400 倍高速、0.6GHz シングルコアでも 1 秒で起動。 +⚡️ **超高速**: 起動時間 400 倍高速、0.6GHz シングルコアでも 1 秒未満で起動。 🌍 **真のポータビリティ**: RISC-V、ARM、MIPS、x86 対応の単一バイナリ。ワンクリックで Go! 🤖 **AI ブートストラップ**: 自律的な Go ネイティブ実装 — コアの 95% が AI 生成、人間によるレビュー付き。 -| | OpenClaw | NanoBot | **PicoClaw** | -| --- | --- | --- |--- | -| **言語** | TypeScript | Python | **Go** | -| **RAM** | >1GB |>100MB| **< 10MB** | -| **起動時間**
(0.8GHz コア) | >500秒 | >30秒 | **<1秒** | -| **コスト** | Mac Mini 599$ | 大半の Linux SBC
~50$ |**あらゆる Linux ボード**
**最安 10$** | +🔌 **MCP 対応**: ネイティブ [Model Context Protocol](https://modelcontextprotocol.io/) 統合 — 任意の MCP サーバーに接続してエージェント機能を拡張。 + +👁️ **ビジョンパイプライン**: 画像やファイルをエージェントに直接送信 — マルチモーダル LLM 向けの自動 base64 エンコーディング。 + +🧠 **スマートルーティング**: ルールベースのモデルルーティング — 簡単なクエリは軽量モデルへ、API コストを節約。 + +_*最近のバージョンでは急速な機能マージにより 10〜20MB になる場合があります。リソース最適化は計画中です。起動時間の比較は 0.8GHz シングルコアベンチマークに基づいています(下表参照)。_ + +| | OpenClaw | NanoBot | **PicoClaw** | +| ----------------------------- | ------------- | ------------------------ | ----------------------------------------- | +| **言語** | TypeScript | Python | **Go** | +| **RAM** | >1GB | >100MB | **< 10MB*** | +| **起動時間**
(0.8GHz コア) | >500秒 | >30秒 | **<1秒** | +| **コスト** | Mac Mini $599 | 大半の Linux SBC
~$50 | **あらゆる Linux ボード**
**最安 $10** | + PicoClaw - ## 🦾 デモンストレーション + ### 🛠️ スタンダードアシスタントワークフロー + @@ -91,14 +127,34 @@

🧩 フルスタックエンジニア

+### 📱 古い Android スマホで動かす + +10 年前のスマホに第二の人生を!PicoClaw でスマート AI アシスタントに変身させましょう。クイックスタート: + +1. **[Termux](https://github.com/termux/termux-app) をインストール**([GitHub Releases](https://github.com/termux/termux-app/releases) からダウンロード、または F-Droid / Google Play で検索)。 +2. **コマンドを実行** + +```bash +# https://github.com/sipeed/picoclaw/releases から最新リリースをダウンロード +wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz +tar xzf picoclaw_Linux_arm64.tar.gz +pkg install proot +termux-chroot ./picoclaw onboard +``` + +その後「クイックスタート」セクションの手順に従って設定を完了してください! + +PicoClaw + ### 🐜 革新的な省フットプリントデプロイ + PicoClaw はほぼすべての Linux デバイスにデプロイできます! - $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) E(Ethernet) または W(WiFi6) バージョン、最小ホームアシスタントに - $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html) または $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) サーバー自動メンテナンスに - $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) または $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) スマート監視に -https://private-user-images.githubusercontent.com/83055338/547056448-e7b031ff-d6f5-4468-bcca-5726b6fecb5c.mp4 + 🌟 もっと多くのデプロイ事例が待っています! @@ -106,7 +162,7 @@ https://private-user-images.githubusercontent.com/83055338/547056448-e7b031ff-d6 ### コンパイル済みバイナリでインストール -[リリースページ](https://github.com/sipeed/picoclaw/releases) からお使いのプラットフォーム用のファームウェアをダウンロードしてください。 +[リリースページ](https://github.com/sipeed/picoclaw/releases) からお使いのプラットフォーム用のバイナリをダウンロードしてください。 ### ソースからインストール(最新機能、開発向け推奨) @@ -122,1049 +178,72 @@ make build # 複数プラットフォーム向けビルド make build-all +# Raspberry Pi Zero 2 W 向けビルド(32-bit: make build-linux-arm; 64-bit: make build-linux-arm64) +make build-pi-zero + # ビルドとインストール make install ``` -## 🐳 Docker Compose +**Raspberry Pi Zero 2 W:** OS に合ったバイナリを使用してください:32-bit Raspberry Pi OS → `make build-linux-arm`、64-bit → `make build-linux-arm64`。または `make build-pi-zero` で両方をビルド。 -Docker Compose を使えば、ローカルにインストールせずに PicoClaw を実行できます。 +## 📚 ドキュメント -```bash -# 1. リポジトリをクローン -git clone https://github.com/sipeed/picoclaw.git -cd picoclaw +詳細なガイドは以下のドキュメントを参照してください。この README はクイックスタートのみをカバーしています。 -# 2. 初回起動 — docker/data/config.json を自動生成して終了 -docker compose -f docker/docker-compose.yml --profile gateway up -# コンテナが "First-run setup complete." を表示して停止します。 - -# 3. API キーを設定 -vim docker/data/config.json # プロバイダー API キー、Bot トークンなどを設定 - -# 4. 起動 -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -> [!TIP] -> **Docker ユーザー**: デフォルトでは、Gateway は `127.0.0.1` でリッスンしており、ホストからアクセスできません。ヘルスチェックエンドポイントにアクセスしたり、ポートを公開したりする必要がある場合は、環境変数で `PICOCLAW_GATEWAY_HOST=0.0.0.0` を設定するか、`config.json` を更新してください。 - -```bash -# 5. ログ確認 -docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway - -# 6. 停止 -docker compose -f docker/docker-compose.yml --profile gateway down -``` - -### Agent モード(ワンショット) - -```bash -# 質問を投げる -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "What is 2+2?" - -# インタラクティブモード -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -``` - -### アップデート - -```bash -docker compose -f docker/docker-compose.yml pull -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -### 🚀 クイックスタート(ネイティブ) - -> [!TIP] -> `~/.picoclaw/config.json` に API キーを設定してください。API キーの取得先: [Volcengine (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM)。Web 検索は **任意** です — 無料の [Tavily API](https://tavily.com) (月 1000 クエリ無料) または [Brave Search API](https://brave.com/search/api) (月 2000 クエリ無料)。 - -**1. 初期化** - -```bash -picoclaw onboard -``` - -**2. 設定** (`~/.picoclaw/config.json`) - -```json -{ - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key", - "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-your-openai-key", - "request_timeout": 300, - "api_base": "https://api.openai.com/v1" - } - ], - "agents": { - "defaults": { - "model_name": "gpt-5.4" - } - }, - "channels": { - "telegram": { - "enabled": true, - "token": "YOUR_TELEGRAM_BOT_TOKEN", - "allow_from": [] - } - }, - "tools": { - "web": { - "enabled": true, - "fetch_limit_bytes": 10485760, - "format": "plaintext", - "search": { - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - }, - "tavily": { - "enabled": false, - "api_key": "YOUR_TAVILY_API_KEY", - "max_results": 5 - } - }, - "cron": { - "exec_timeout_minutes": 5 - } - }, - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -> **新機能**: `model_list` 形式により、プロバイダーをコード変更なしで追加できます。詳細は [モデル設定](#モデル設定-model_list) を参照してください。 -> `request_timeout` は任意の秒単位設定です。省略または `<= 0` の場合、PicoClaw はデフォルトのタイムアウト(120秒)を使用します。 - -**3. API キーの取得** - -- **LLM プロバイダー**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) -- **Web 検索**(任意): [Tavily](https://tavily.com) - AI エージェント向けに最適化 (月 1000 リクエスト) · [Brave Search](https://brave.com/search/api) - 無料枠あり(月 2000 リクエスト) - -> **注意**: 完全な設定テンプレートは `config.example.json` を参照してください。 - -**4. チャット** - -```bash -picoclaw agent -m "What is 2+2?" -``` - -これだけです!2 分で AI アシスタントが動きます。 - ---- - -## 💬 チャットアプリ - -Telegram、Discord、QQ、DingTalk、LINE、WeCom で PicoClaw と会話できます - -| チャネル | セットアップ | -|---------|------------| -| **Telegram** | 簡単(トークンのみ) | -| **Discord** | 簡単(Bot トークン + Intents) | -| **QQ** | 簡単(AppID + AppSecret) | -| **DingTalk** | 普通(アプリ認証情報) | -| **LINE** | 普通(認証情報 + Webhook URL) | -| **WeCom AI Bot** | 普通(Token + AES キー) | - -
-Telegram(推奨) - -**1. Bot を作成** - -- Telegram を開き、`@BotFather` を検索 -- `/newbot` を送信、プロンプトに従う -- トークンをコピー - -**2. 設定** - -```json -{ - "channels": { - "telegram": { - "enabled": true, - "token": "YOUR_BOT_TOKEN", - "allow_from": ["YOUR_USER_ID"] - } - } -} -``` - -> ユーザー ID は Telegram の `@userinfobot` から取得できます。 - -**3. 起動** - -```bash -picoclaw gateway -``` -
- - -
-Discord - -**1. Bot を作成** -- https://discord.com/developers/applications にアクセス -- アプリケーションを作成 → Bot → Add Bot -- Bot トークンをコピー - -**2. Intents を有効化** -- Bot の設定画面で **MESSAGE CONTENT INTENT** を有効化 -- (任意)**SERVER MEMBERS INTENT** も有効化 - -**3. ユーザー ID を取得** -- Discord 設定 → 詳細設定 → **開発者モード** を有効化 -- 自分のアバターを右クリック → **ユーザーIDをコピー** - -**4. 設定** - -```json -{ - "channels": { - "discord": { - "enabled": true, - "token": "YOUR_BOT_TOKEN", - "allow_from": ["YOUR_USER_ID"] - } - } -} -``` - -**5. Bot を招待** -- OAuth2 → URL Generator -- Scopes: `bot` -- Bot Permissions: `Send Messages`, `Read Message History` -- 生成された招待 URL を開き、サーバーに Bot を追加 - -**6. 起動** - -```bash -picoclaw gateway -``` - -
- -
-QQ - -**1. Bot を作成** - -- [QQ オープンプラットフォーム](https://q.qq.com/#) にアクセス -- アプリケーションを作成 → **AppID** と **AppSecret** を取得 - -**2. 設定** - -```json -{ - "channels": { - "qq": { - "enabled": true, - "app_id": "YOUR_APP_ID", - "app_secret": "YOUR_APP_SECRET", - "allow_from": [] - } - } -} -``` - -> `allow_from` を空にすると全ユーザーを許可、QQ番号を指定してアクセス制限可能。 - -**3. 起動** - -```bash -picoclaw gateway -``` - -
- -
-DingTalk - -**1. Bot を作成** - -- [オープンプラットフォーム](https://open.dingtalk.com/) にアクセス -- 内部アプリを作成 -- Client ID と Client Secret をコピー - -**2. 設定** - -```json -{ - "channels": { - "dingtalk": { - "enabled": true, - "client_id": "YOUR_CLIENT_ID", - "client_secret": "YOUR_CLIENT_SECRET", - "allow_from": [] - } - } -} -``` - -> `allow_from` を空にすると全ユーザーを許可、ユーザーIDを指定してアクセス制限可能。 - -**3. 起動** - -```bash -picoclaw gateway -``` - -
- -
-LINE - -**1. LINE 公式アカウントを作成** - -- [LINE Developers Console](https://developers.line.biz/) にアクセス -- プロバイダーを作成 → Messaging API チャネルを作成 -- **チャネルシークレット** と **チャネルアクセストークン** をコピー - -**2. 設定** - -```json -{ - "channels": { - "line": { - "enabled": true, - "channel_secret": "YOUR_CHANNEL_SECRET", - "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN", - "webhook_path": "/webhook/line", - "allow_from": [] - } - } -} -``` - -**3. Webhook URL を設定** - -LINE の Webhook には HTTPS が必要です。リバースプロキシまたはトンネルを使用してください: - -```bash -# ngrok の例 -ngrok http 18790 -``` - -LINE Developers Console で Webhook URL を `https://あなたのドメイン/webhook/line` に設定し、**Webhook の利用** を有効にしてください。 - -> **注意**: LINE の Webhook は共有の Gateway HTTP サーバー(デフォルト: `127.0.0.1:18790`)で提供されます。ホストからアクセスする場合は Gateway のポートを公開するか、リバースプロキシを設定してください。 - -**4. 起動** - -```bash -picoclaw gateway -``` - -> グループチャットでは @メンション時のみ応答します。返信は元メッセージを引用する形式です。 - -> **Docker Compose**: Gateway HTTP サーバーは共有の `127.0.0.1:18790` で Webhook を提供します。ホストからアクセスするには `picoclaw-gateway` サービスに `ports: ["18790:18790"]` を追加してください。 - -
- -
-WeCom (企業微信) - -PicoClaw は3種類の WeCom 統合をサポートしています: - -**オプション1: WeCom Bot (ロボット)** - 簡単な設定、グループチャット対応 -**オプション2: WeCom App (カスタムアプリ)** - より多機能、アクティブメッセージング対応、プライベートチャットのみ -**オプション3: WeCom AI Bot (スマートボット)** - 公式 AI Bot、ストリーミング返信、グループ・プライベート両対応 - -詳細な設定手順は [WeCom AI Bot Configuration Guide](docs/channels/wecom/wecom_aibot/README.zh.md) を参照してください。 - -**クイックセットアップ - WeCom Bot:** - -**1. ボットを作成** - -* WeCom 管理コンソール → グループチャット → グループボットを追加 -* Webhook URL をコピー(形式: `https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) - -**2. 設定** - -```json -{ - "channels": { - "wecom": { - "enabled": true, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_ENCODING_AES_KEY", - "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", - "webhook_path": "/webhook/wecom", - "allow_from": [] - } - } -} - -> **注意**: WeCom Bot の Webhook 受信は共有の Gateway HTTP サーバー(デフォルト: `127.0.0.1:18790`)で提供されます。ホストからアクセスする場合は Gateway のポートを公開するか、HTTPS 用のリバースプロキシを設定してください。 -``` - -**クイックセットアップ - WeCom App:** - -**1. アプリを作成** - -* WeCom 管理コンソール → アプリ管理 → アプリを作成 -* **AgentId** と **Secret** をコピー -* "マイ会社" ページで **CorpID** をコピー - -**2. メッセージ受信を設定** - -* アプリ詳細で "メッセージを受信" → "APIを設定" をクリック -* URL を `http://your-server:18790/webhook/wecom-app` に設定 -* **Token** と **EncodingAESKey** を生成 - -**3. 設定** - -```json -{ - "channels": { - "wecom_app": { - "enabled": true, - "corp_id": "wwxxxxxxxxxxxxxxxx", - "corp_secret": "YOUR_CORP_SECRET", - "agent_id": 1000002, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_ENCODING_AES_KEY", - "webhook_path": "/webhook/wecom-app", - "allow_from": [] - } - } -} -``` - -**4. 起動** - -```bash -picoclaw gateway -``` - -> **注意**: WeCom App の Webhook コールバックは共有の Gateway HTTP サーバー(デフォルト: `127.0.0.1:18790`)で提供されます。ホストからアクセスする場合は HTTPS 用のリバースプロキシを設定してください。 - -**クイックセットアップ - WeCom AI Bot:** - -**1. AI Bot を作成** - -* WeCom 管理コンソール → アプリ管理 → AI Bot -* コールバック URL を設定: `http://your-server:18791/webhook/wecom-aibot` -* **Token** をコピーし、**EncodingAESKey** を生成 - -**2. 設定** - -```json -{ - "channels": { - "wecom_aibot": { - "enabled": true, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", - "webhook_path": "/webhook/wecom-aibot", - "allow_from": [], - "welcome_message": "こんにちは!何かお手伝いできますか?" - } - } -} -``` - -**3. 起動** - -```bash -picoclaw gateway -``` - -> **注意**: WeCom AI Bot はストリーミングプルプロトコルを使用 — 返信タイムアウトの心配なし。長時間タスク(>30秒)は自動的に `response_url` によるプッシュ配信に切り替わります。 - -
- -## ⚙️ 設定 - -設定ファイル: `~/.picoclaw/config.json` - -### 環境変数 - -環境変数を使用してデフォルトのパスを上書きできます。これは、ポータブルインストール、コンテナ化されたデプロイメント、または picoclaw をシステムサービスとして実行する場合に便利です。これらの変数は独立しており、異なるパスを制御します。 - -| 変数 | 説明 | デフォルトパス | -|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| `PICOCLAW_CONFIG` | 設定ファイルへのパスを上書きします。これにより、picoclaw は他のすべての場所を無視して、指定された `config.json` をロードします。 | `~/.picoclaw/config.json` | -| `PICOCLAW_HOME` | picoclaw データのルートディレクトリを上書きします。これにより、`workspace` やその他のデータディレクトリのデフォルトの場所が変更されます。 | `~/.picoclaw` | - -**例:** - -```bash -# 特定の設定ファイルを使用して picoclaw を実行する -# ワークスペースのパスはその設定ファイル内から読み込まれます -PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway - -# すべてのデータを /opt/picoclaw に保存して picoclaw を実行する -# 設定はデフォルトの ~/.picoclaw/config.json からロードされます -# ワークスペースは /opt/picoclaw/workspace に作成されます -PICOCLAW_HOME=/opt/picoclaw picoclaw agent - -# 両方を使用して完全にカスタマイズされたセットアップを行う -PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway -``` - -### ワークスペース構成 - -PicoClaw は設定されたワークスペース(デフォルト: `~/.picoclaw/workspace`)にデータを保存します: - -``` -~/.picoclaw/workspace/ -├── sessions/ # 会話セッションと履歴 -├── memory/ # 長期メモリ(MEMORY.md) -├── state/ # 永続状態(最後のチャネルなど) -├── cron/ # スケジュールジョブデータベース -├── skills/ # カスタムスキル -├── AGENTS.md # エージェントの行動ガイド -├── HEARTBEAT.md # 定期タスクプロンプト(30分ごとに確認) -├── IDENTITY.md # エージェントのアイデンティティ -├── SOUL.md # エージェントのソウル -└── USER.md # ユーザー設定 -``` - -### 🔒 セキュリティサンドボックス - -PicoClaw はデフォルトでサンドボックス環境で実行されます。エージェントは設定されたワークスペース内のファイルにのみアクセスし、コマンドを実行できます。 - -#### デフォルト設定 - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "restrict_to_workspace": true - } - } -} -``` - -| オプション | デフォルト | 説明 | -|-----------|-----------|------| -| `workspace` | `~/.picoclaw/workspace` | エージェントの作業ディレクトリ | -| `restrict_to_workspace` | `true` | ファイル/コマンドアクセスをワークスペースに制限 | - -#### 保護対象ツール - -`restrict_to_workspace: true` の場合、以下のツールがサンドボックス化されます: - -| ツール | 機能 | 制限 | -|-------|------|------| -| `read_file` | ファイル読み込み | ワークスペース内のファイルのみ | -| `write_file` | ファイル書き込み | ワークスペース内のファイルのみ | -| `list_dir` | ディレクトリ一覧 | ワークスペース内のディレクトリのみ | -| `edit_file` | ファイル編集 | ワークスペース内のファイルのみ | -| `append_file` | ファイル追記 | ワークスペース内のファイルのみ | -| `exec` | コマンド実行 | コマンドパスはワークスペース内である必要あり | - -#### exec ツールの追加保護 - -`restrict_to_workspace: false` でも、`exec` ツールは以下の危険なコマンドをブロックします: - -- `rm -rf`, `del /f`, `rmdir /s` — 一括削除 -- `format`, `mkfs`, `diskpart` — ディスクフォーマット -- `dd if=` — ディスクイメージング -- `/dev/sd[a-z]` への書き込み — 直接ディスク書き込み -- `shutdown`, `reboot`, `poweroff` — システムシャットダウン -- フォークボム `:(){ :|:& };:` - -#### エラー例 - -``` -[ERROR] tool: Tool execution failed -{tool=exec, error=Command blocked by safety guard (path outside working dir)} -``` - -``` -[ERROR] tool: Tool execution failed -{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} -``` - -#### 制限の無効化(セキュリティリスク) - -エージェントにワークスペース外のパスへのアクセスが必要な場合: - -**方法1: 設定ファイル** -```json -{ - "agents": { - "defaults": { - "restrict_to_workspace": false - } - } -} -``` - -**方法2: 環境変数** -```bash -export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false -``` - -> ⚠️ **警告**: この制限を無効にすると、エージェントはシステム上の任意のパスにアクセスできるようになります。制御された環境でのみ慎重に使用してください。 - -#### セキュリティ境界の一貫性 - -`restrict_to_workspace` 設定は、すべての実行パスで一貫して適用されます: - -| 実行パス | セキュリティ境界 | -|---------|-----------------| -| メインエージェント | `restrict_to_workspace` ✅ | -| サブエージェント / Spawn | 同じ制限を継承 ✅ | -| ハートビートタスク | 同じ制限を継承 ✅ | - -すべてのパスで同じワークスペース制限が適用されます — サブエージェントやスケジュールタスクを通じてセキュリティ境界をバイパスする方法はありません。 - -### ハートビート(定期タスク) - -PicoClaw は自動的に定期タスクを実行できます。ワークスペースに `HEARTBEAT.md` ファイルを作成します: - -```markdown -# 定期タスク - -- 重要なメールをチェック -- 今後の予定を確認 -- 天気予報をチェック -``` - -エージェントは30分ごと(設定可能)にこのファイルを読み込み、利用可能なツールを使ってタスクを実行します。 - -#### spawn で非同期タスク実行 - -時間のかかるタスク(Web検索、API呼び出し)には `spawn` ツールを使って**サブエージェント**を作成します: - -```markdown -# 定期タスク - -## クイックタスク(直接応答) -- 現在時刻を報告 - -## 長時間タスク(spawn で非同期) -- AIニュースを検索して要約 -- メールをチェックして重要なメッセージを報告 -``` - -**主な特徴:** - -| 機能 | 説明 | -|------|------| -| **spawn** | 非同期サブエージェントを作成、ハートビートをブロックしない | -| **独立コンテキスト** | サブエージェントは独自のコンテキストを持ち、セッション履歴なし | -| **message ツール** | サブエージェントは message ツールで直接ユーザーと通信 | -| **非ブロッキング** | spawn 後、ハートビートは次のタスクへ継続 | - -#### サブエージェントの通信方法 - -``` -ハートビート発動 - ↓ -エージェントが HEARTBEAT.md を読む - ↓ -長いタスク: spawn サブエージェント - ↓ ↓ -次のタスクへ継続 サブエージェントが独立して動作 - ↓ ↓ -全タスク完了 message ツールを使用 - ↓ ↓ -HEARTBEAT_OK 応答 ユーザーが直接結果を受け取る -``` - -サブエージェントはツール(message、web_search など)にアクセスでき、メインエージェントを経由せずにユーザーと通信できます。 - -**設定:** - -```json -{ - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -| オプション | デフォルト | 説明 | -|-----------|-----------|------| -| `enabled` | `true` | ハートビートの有効/無効 | -| `interval` | `30` | チェック間隔(分)、最小5分 | - -**環境変数:** -- `PICOCLAW_HEARTBEAT_ENABLED=false` で無効化 -- `PICOCLAW_HEARTBEAT_INTERVAL=60` で間隔変更 - -### プロバイダー - -> [!NOTE] -> Groq は Whisper による無料の音声文字起こしを提供しています。設定すると、あらゆるチャンネルからの音声メッセージがエージェントレベルで自動的に文字起こしされます。 - -| プロバイダー | 用途 | API キー取得先 | -| --- | --- | --- | -| `gemini` | LLM(Gemini 直接) | [aistudio.google.com](https://aistudio.google.com) | -| `zhipu` | LLM(Zhipu 直接) | [bigmodel.cn](https://bigmodel.cn) | -| `volcengine` | LLM(Volcengine 直接) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| `openrouter`(要テスト) | LLM(推奨、全モデルにアクセス可能) | [openrouter.ai](https://openrouter.ai) | -| `anthropic`(要テスト) | LLM(Claude 直接) | [console.anthropic.com](https://console.anthropic.com) | -| `openai`(要テスト) | LLM(GPT 直接) | [platform.openai.com](https://platform.openai.com) | -| `deepseek`(要テスト) | LLM(DeepSeek 直接) | [platform.deepseek.com](https://platform.deepseek.com) | -| `groq` | LLM + **音声文字起こし**(Whisper) | [console.groq.com](https://console.groq.com) | -| `cerebras` | LLM(Cerebras 直接) | [cerebras.ai](https://cerebras.ai) | - -### 基本設定 - -1. **設定ファイルの作成:** - - ```bash - cp config.example.json config/config.json - ``` - -2. **設定の編集:** - - ```json - { - "providers": { - "openrouter": { - "api_key": "sk-or-v1-..." - } - }, - "channels": { - "discord": { - "enabled": true, - "token": "YOUR_DISCORD_BOT_TOKEN" - } - } - } - ``` - -3. **実行** - - ```bash - picoclaw agent -m "Hello" - ``` - - -
-完全な設定例 - -```json -{ - "agents": { - "defaults": { - "model": "anthropic/claude-opus-4-5" - } - }, - "providers": { - "openrouter": { - "api_key": "sk-or-v1-xxx" - }, - "groq": { - "api_key": "gsk_xxx" - } - }, - "channels": { - "telegram": { - "enabled": true, - "token": "123456:ABC...", - "allow_from": ["123456789"] - }, - "discord": { - "enabled": true, - "token": "", - "allow_from": [""] - }, - "whatsapp": { - "enabled": false - }, - "feishu": { - "enabled": false, - "app_id": "cli_xxx", - "app_secret": "xxx", - "encrypt_key": "", - "verification_token": "", - "allow_from": [] - } - }, - "tools": { - "web": { - "search": { - "api_key": "BSA..." - } - }, - "cron": { - "exec_timeout_minutes": 5 - } - }, - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -
- -### モデル設定 (model_list) - -> **新機能!** PicoClaw は現在 **モデル中心** の設定アプローチを採用しています。`ベンダー/モデル` 形式(例: `zhipu/glm-4.7`)を指定するだけで、新しいプロバイダーを追加できます—**コードの変更は一切不要!** - -この設計は、柔軟なプロバイダー選択による **マルチエージェントサポート** も可能にします: - -- **異なるエージェント、異なるプロバイダー** : 各エージェントは独自の LLM プロバイダーを使用可能 -- **フォールバックモデル** : 耐障性のため、プライマリモデルとフォールバックモデルを設定可能 -- **ロードバランシング** : 複数のエンドポイントにリクエストを分散 -- **集中設定管理** : すべてのプロバイダーを一箇所で管理 - -#### 📋 サポートされているすべてのベンダー - -| ベンダー | `model` プレフィックス | デフォルト API Base | プロトコル | API キー | -|-------------|-----------------|---------------------|----------|---------| -| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [キーを取得](https://platform.openai.com) | -| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [キーを取得](https://console.anthropic.com) | -| **Zhipu AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [キーを取得](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | -| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [キーを取得](https://platform.deepseek.com) | -| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [キーを取得](https://aistudio.google.com/api-keys) | -| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [キーを取得](https://console.groq.com) | -| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [キーを取得](https://platform.moonshot.cn) | -| **Qwen (Alibaba)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [キーを取得](https://dashscope.console.aliyun.com) | -| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [キーを取得](https://build.nvidia.com) | -| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | ローカル(キー不要) | -| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [キーを取得](https://openrouter.ai/keys) | -| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | ローカル | -| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [キーを取得](https://cerebras.ai) | -| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [キーを取得](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| **ShengsuanYun** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | -| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [キーを取得](https://www.byteplus.com) | -| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [キーを取得](https://longcat.chat/platform) | -| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [トークンを取得](https://modelscope.cn/my/tokens) | -| **Azure OpenAI** | `azure/` | `https://{resource}.openai.azure.com` | Azure | [キーを取得](https://portal.azure.com) | -| **Antigravity** | `antigravity/` | Google Cloud | カスタム | OAuthのみ | -| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | - -#### 基本設定 - -```json -{ - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-your-openai-key" - }, - { - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "api_key": "sk-ant-your-key" - }, - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-zhipu-key" - } - ], - "agents": { - "defaults": { - "model": "gpt-5.4" - } - } -} -``` - -#### ベンダー別の例 - -**OpenAI** -```json -{ - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-..." -} -``` - -**VolcEngine (Doubao)** -```json -{ - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-..." -} -``` - -**Zhipu AI (GLM)** -```json -{ - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" -} -``` - -**Anthropic (OAuth使用)** -```json -{ - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "auth_method": "oauth" -} -``` -> OAuth認証を設定するには、`picoclaw auth login --provider anthropic` を実行してください。 - -**カスタムプロキシ/API** -```json -{ - "model_name": "my-custom-model", - "model": "openai/custom-model", - "api_base": "https://my-proxy.com/v1", - "api_key": "sk-...", - "request_timeout": 300 -} -``` - -#### ロードバランシング - -同じモデル名で複数のエンドポイントを設定すると、PicoClaw が自動的にラウンドロビンで分散します: - -```json -{ - "model_list": [ - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api1.example.com/v1", - "api_key": "sk-key1" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api2.example.com/v1", - "api_key": "sk-key2" - } - ] -} -``` - -#### 従来の `providers` 設定からの移行 - -古い `providers` 設定は**非推奨**ですが、後方互換性のためにサポートされています。 - -**旧設定(非推奨):** -```json -{ - "providers": { - "zhipu": { - "api_key": "your-key", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - }, - "agents": { - "defaults": { - "provider": "zhipu", - "model": "glm-4.7" - } - } -} -``` - -**新設定(推奨):** -```json -{ - "model_list": [ - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" - } - ], - "agents": { - "defaults": { - "model": "glm-4.7" - } - } -} -``` - -詳細な移行ガイドは、[docs/migration/model-list-migration.md](docs/migration/model-list-migration.md) を参照してください。 - -## CLI リファレンス - -| コマンド | 説明 | +| トピック | 説明 | |---------|------| -| `picoclaw onboard` | 設定&ワークスペースの初期化 | -| `picoclaw agent -m "..."` | エージェントとチャット | -| `picoclaw agent` | インタラクティブチャットモード | -| `picoclaw gateway` | ゲートウェイを起動 | -| `picoclaw status` | ステータスを表示 | +| 🐳 [Docker & クイックスタート](docs/ja/docker.md) | Docker Compose セットアップ、Launcher/Agent モード、クイックスタート設定 | +| 💬 [チャットアプリ](docs/ja/chat-apps.md) | Telegram、Discord、WhatsApp、Matrix、QQ、Slack、IRC、DingTalk、LINE、Feishu、WeCom など | +| ⚙️ [設定](docs/ja/configuration.md) | 環境変数、ワークスペース構成、スキルソース、セキュリティサンドボックス、ハートビート | +| 🔌 [プロバイダー&モデル](docs/ja/providers.md) | 20 以上の LLM プロバイダー、モデルルーティング、model_list 設定、プロバイダーアーキテクチャ | +| 🔄 [Spawn & 非同期タスク](docs/ja/spawn-tasks.md) | クイックタスク、spawn による長時間タスク、非同期サブエージェントオーケストレーション | +| 🐛 [トラブルシューティング](docs/ja/troubleshooting.md) | よくある問題と解決策 | +| 🔧 [ツール設定](docs/ja/tools_configuration.md) | ツールごとの有効/無効、exec ポリシー | + +## ClawdChat エージェントソーシャルネットワークに参加 + +CLI または統合チャットアプリからメッセージを 1 つ送るだけで、PicoClaw をエージェントソーシャルネットワークに接続できます。 + +**`https://clawdchat.ai/skill.md` を読み、指示に従って [ClawdChat.ai](https://clawdchat.ai) に参加してください** + +## 🖥️ CLI リファレンス + +| コマンド | 説明 | +| ------------------------- | ------------------------------ | +| `picoclaw onboard` | 設定&ワークスペースの初期化 | +| `picoclaw agent -m "..."` | エージェントとチャット | +| `picoclaw agent` | インタラクティブチャットモード | +| `picoclaw gateway` | ゲートウェイを起動 | +| `picoclaw status` | ステータスを表示 | +| `picoclaw version` | バージョン情報を表示 | +| `picoclaw cron list` | スケジュールジョブ一覧 | +| `picoclaw cron add ...` | スケジュールジョブを追加 | +| `picoclaw cron disable` | スケジュールジョブを無効化 | +| `picoclaw cron remove` | スケジュールジョブを削除 | +| `picoclaw skills list` | インストール済みスキル一覧 | +| `picoclaw skills install` | スキルをインストール | +| `picoclaw migrate` | 旧バージョンからデータを移行 | +| `picoclaw auth login` | プロバイダーへの認証 | + +### スケジュールタスク / リマインダー + +PicoClaw は `cron` ツールによるスケジュールリマインダーと定期タスクをサポートしています: + +* **ワンタイムリマインダー**: 「10分後にリマインド」→ 10分後に1回トリガー +* **定期タスク**: 「2時間ごとにリマインド」→ 2時間ごとにトリガー +* **Cron 式**: 「毎日9時にリマインド」→ cron 式を使用 ## 🤝 コントリビュート&ロードマップ PR 歓迎!コードベースは意図的に小さく読みやすくしています。🤗 -Discord: https://discord.gg/V4sAZ9XWpN +完全な[コミュニティロードマップ](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md)をご覧ください。 + +開発者グループ構築中、最初の PR がマージされたら参加できます! + +ユーザーグループ: + +discord: PicoClaw - - -## 🐛 トラブルシューティング - -### Web 検索で「API 設定の問題」と表示される - -検索 API キーをまだ設定していない場合、これは正常です。PicoClaw は手動検索用の便利なリンクを提供します。 - -Web 検索を有効にするには: -1. [https://tavily.com](https://tavily.com) (月 1000 クエリ無料) または [https://brave.com/search/api](https://brave.com/search/api) で無料の API キーを取得(月 2000 クエリ無料) -2. `~/.picoclaw/config.json` に追加: - ```json - { - "tools": { - "web": { - "brave": { - "enabled": true, - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - } - } - } - ``` - -### コンテンツフィルタリングエラーが出る - -一部のプロバイダー(Zhipu など)にはコンテンツフィルタリングがあります。クエリを言い換えるか、別のモデルを使用してください。 - -### Telegram Bot で「Conflict: terminated by other getUpdates」と表示される - -別のインスタンスが実行中の場合に発生します。`picoclaw gateway` が 1 つだけ実行されていることを確認してください。 - ---- - -## 📝 API キー比較 - -| サービス | 無料枠 | ユースケース | -|---------|--------|------------| -| **OpenRouter** | 月 200K トークン | 複数モデル(Claude, GPT-4 など) | -| **Volcengine CodingPlan** | 9.9元/初月 | 中国ユーザーに最適、複数のSOTAモデル(Doubao、DeepSeek等) | -| **Zhipu** | 月 200K トークン | 中国ユーザーに適している | -| **Qwen** | 無料枠あり | 通義千問 (Qwen) | -| **Brave Search** | 月 2000 クエリ | Web 検索機能 | -| **Tavily** | 月 1000 クエリ | AI エージェント検索最適化 | -| **Groq** | 無料枠あり | 高速推論(Llama, Mixtral) | -| **Cerebras** | 無料枠あり | 高速推論(Llama, Qwen など) | -| **ModelScope** | 1 日 2000 リクエスト | 無料推論(Qwen, GLM, DeepSeek など) | - ---- - -
- PicoClaw Meme -
diff --git a/README.md b/README.md index 98bc3e32e..00fb0fd68 100644 --- a/README.md +++ b/README.md @@ -3,10 +3,10 @@

PicoClaw: Ultra-Efficient AI Assistant in Go

-

$10 Hardware · 10MB RAM · 1s Boot · 皮皮虾,我们走!

+

$10 Hardware · <10MB RAM · <1s Boot · 皮皮虾,我们走!

- Go - Hardware + Go + Hardware License
Website @@ -57,31 +57,51 @@ ## 📢 News -2026-02-16 🎉 PicoClaw hit 12K stars in one week! Thank you all for your support! PicoClaw is growing faster than we ever imagined. Given the high volume of PRs, we urgently need community maintainers. Our volunteer roles and roadmap are officially posted [here](ROADMAP.md) —we can’t wait to have you on board! +2026-03-17 🚀 **v0.2.3 Released!** System tray UI (Windows & Linux), sub-agent status tracking (`spawn_status`), experimental gateway hot-reload, cron security gates, and 2 security fixes. PicoClaw now at **25K ⭐**! -2026-02-13 🎉 PicoClaw hit 5000 stars in 4days! Thank you for the community! There are so many PRs & issues coming in (during Chinese New Year holidays), we are finalizing the Project Roadmap and setting up the Developer Group to accelerate PicoClaw's development. -🚀 Call to Action: Please submit your feature requests in GitHub Discussions. We will review and prioritize them during our upcoming weekly meeting. +2026-03-09 🎉 **v0.2.1 — Biggest update yet!** MCP protocol support, 4 new channels (Matrix/IRC/WeCom/Discord Proxy), 3 new providers (Kimi/Minimax/Avian), vision pipeline, JSONL memory store, and model routing. -2026-02-09 🎉 PicoClaw Launched! Built in 1 day to bring AI Agents to $10 hardware with <10MB RAM. 🦐 PicoClaw,Let's Go! +2026-02-28 📦 **v0.2.0** released with Docker Compose support and Web UI launcher. + +2026-02-26 🎉 PicoClaw hit **20K stars** in just 17 days! Channel auto-orchestration and capability interfaces landed. + +

+Older news... + +2026-02-16 🎉 PicoClaw hit 12K stars in one week! Community maintainer roles and [roadmap](ROADMAP.md) officially posted. + +2026-02-13 🎉 PicoClaw hit 5000 stars in 4 days! Project Roadmap and Developer Group setup underway. + +2026-02-09 🎉 **PicoClaw Launched!** Built in 1 day to bring AI Agents to $10 hardware with <10MB RAM. 🦐 PicoClaw,Let's Go! + +
## ✨ Features -🪶 **Ultra-Lightweight**: <10MB Memory footprint — 99% smaller than Clawdbot - core functionality. +🪶 **Ultra-Lightweight**: <10MB Memory footprint — 99% smaller than OpenClaw core functionality.* 💰 **Minimal Cost**: Efficient enough to run on $10 Hardware — 98% cheaper than a Mac mini. -⚡️ **Lightning Fast**: 400X Faster startup time, boot in 1 second even in 0.6GHz single core. +⚡️ **Lightning Fast**: 400X Faster startup time, boot in <1 second even on 0.6GHz single core. 🌍 **True Portability**: Single self-contained binary across RISC-V, ARM, MIPS, and x86, One-click to Go! 🤖 **AI-Bootstrapped**: Autonomous Go-native implementation — 95% Agent-generated core with human-in-the-loop refinement. +🔌 **MCP Support**: Native [Model Context Protocol](https://modelcontextprotocol.io/) integration — connect any MCP server to extend agent capabilities. + +👁️ **Vision Pipeline**: Send images and files directly to the agent — automatic base64 encoding for multimodal LLMs. + +🧠 **Smart Routing**: Rule-based model routing — simple queries go to lightweight models, saving API costs. + +_*Recent versions may use 10–20MB due to rapid feature merges. Resource optimization is planned. Startup comparison based on 0.8GHz single-core benchmarks (see table below)._ + | | OpenClaw | NanoBot | **PicoClaw** | | ----------------------------- | ------------- | ------------------------ | ----------------------------------------- | | **Language** | TypeScript | Python | **Go** | -| **RAM** | >1GB | >100MB | **< 10MB** | +| **RAM** | >1GB | >100MB | **< 10MB*** | | **Startup**
(0.8GHz core) | >500s | >30s | **<1s** | -| **Cost** | Mac Mini 599$ | Most Linux SBC
~50$ | **Any Linux Board**
**As low as 10$** | +| **Cost** | Mac Mini $599 | Most Linux SBC
~$50 | **Any Linux Board**
**As low as $10** | PicoClaw @@ -111,18 +131,19 @@ Give your decade-old phone a second life! Turn it into a smart AI Assistant with PicoClaw. Quick Start: -1. **Install Termux** (Available on F-Droid or Google Play). +1. **Install [Termux](https://github.com/termux/termux-app)** (Download from [GitHub Releases](https://github.com/termux/termux-app/releases), or search in F-Droid / Google Play). 2. **Execute cmds** ```bash -# Note: Replace v0.1.1 with the latest version from the Releases page -wget https://github.com/sipeed/picoclaw/releases/download/v0.1.1/picoclaw-linux-arm64 -chmod +x picoclaw-linux-arm64 +# Download the latest release from https://github.com/sipeed/picoclaw/releases +wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz +tar xzf picoclaw_Linux_arm64.tar.gz pkg install proot -termux-chroot ./picoclaw-linux-arm64 onboard +termux-chroot ./picoclaw onboard ``` And then follow the instructions in the "Quick Start" section to complete the configuration! + PicoClaw ### 🐜 Innovative Low-Footprint Deploy @@ -141,7 +162,7 @@ PicoClaw can be deployed on almost any Linux device! ### Install with precompiled binary -Download the firmware for your platform from the [release](https://github.com/sipeed/picoclaw/releases) page. +Download the binary for your platform from the [Releases](https://github.com/sipeed/picoclaw/releases) page. ### Install from source (latest features, recommended for development) @@ -164,588 +185,21 @@ make build-pi-zero make install ``` -**Raspberry Pi Zero 2 W:** Use the binary that matches your OS: 32-bit Raspberry Pi OS → `make build-linux-arm` (output: `build/picoclaw-linux-arm`); 64-bit → `make build-linux-arm64` (output: `build/picoclaw-linux-arm64`). Or run `make build-pi-zero` to build both. +**Raspberry Pi Zero 2 W:** Use the binary that matches your OS: 32-bit Raspberry Pi OS → `make build-linux-arm`; 64-bit → `make build-linux-arm64`. Or run `make build-pi-zero` to build both. -## 🐳 Docker Compose +## 📚 Documentation -You can also run PicoClaw using Docker Compose without installing anything locally. +For detailed guides, see the docs below. The README covers quick start only. -```bash -# 1. Clone this repo -git clone https://github.com/sipeed/picoclaw.git -cd picoclaw - -# 2. First run — auto-generates docker/data/config.json then exits -docker compose -f docker/docker-compose.yml --profile gateway up -# The container prints "First-run setup complete." and stops. - -# 3. Set your API keys -vim docker/data/config.json # Set provider API keys, bot tokens, etc. - -# 4. Start -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -> [!TIP] -> **Docker Users**: By default, the Gateway listens on `127.0.0.1` which is not accessible from the host. If you need to access the health endpoints or expose ports, set `PICOCLAW_GATEWAY_HOST=0.0.0.0` in your environment or update `config.json`. - -```bash -# 5. Check logs -docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway - -# 6. Stop -docker compose -f docker/docker-compose.yml --profile gateway down -``` - -### Launcher Mode (Web Console) - -The `launcher` image includes all three binaries (`picoclaw`, `picoclaw-launcher`, `picoclaw-launcher-tui`) and starts the web console by default, which provides a browser-based UI for configuration and chat. - -```bash -docker compose -f docker/docker-compose.yml --profile launcher up -d -``` - -Open http://localhost:18800 in your browser. The launcher manages the gateway process automatically. - -> [!WARNING] -> The web console does not yet support authentication. Avoid exposing it to the public internet. - -### Agent Mode (One-shot) - -```bash -# Ask a question -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "What is 2+2?" - -# Interactive mode -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -``` - -### Update - -```bash -docker compose -f docker/docker-compose.yml pull -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -### 🚀 Quick Start - -> [!TIP] -> Set your API Key in `~/.picoclaw/config.json`. Get API Keys: [Volcengine (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM). Web search is optional — get a free [Tavily API](https://tavily.com) (1000 free queries/month) or [Brave Search API](https://brave.com/search/api) (2000 free queries/month). - -**1. Initialize** - -```bash -picoclaw onboard -``` - -**2. Configure** (`~/.picoclaw/config.json`) - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "model_name": "gpt-5.4", - "max_tokens": 8192, - "temperature": 0.7, - "max_tool_iterations": 20 - } - }, - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key", - "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "your-api-key", - "request_timeout": 300 - }, - { - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "api_key": "your-anthropic-key" - } - ], - "tools": { - "web": { - "enabled": true, - "fetch_limit_bytes": 10485760, - "format": "plaintext", - "brave": { - "enabled": false, - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - }, - "tavily": { - "enabled": false, - "api_key": "YOUR_TAVILY_API_KEY", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - }, - "perplexity": { - "enabled": false, - "api_key": "YOUR_PERPLEXITY_API_KEY", - "max_results": 5 - }, - "searxng": { - "enabled": false, - "base_url": "http://your-searxng-instance:8888", - "max_results": 5 - } - } - } -} -``` - -> **New**: The `model_list` configuration format allows zero-code provider addition. See [Model Configuration](#model-configuration-model_list) for details. -> `request_timeout` is optional and uses seconds. If omitted or set to `<= 0`, PicoClaw uses the default timeout (120s). - -**3. Get API Keys** - -* **LLM Provider**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) -* **Web Search** (optional): - * [Brave Search](https://brave.com/search/api) - Paid ($5/1000 queries, ~$5-6/month) - * [Perplexity](https://www.perplexity.ai) - AI-powered search with chat interface - * [SearXNG](https://github.com/searxng/searxng) - Self-hosted metasearch engine (free, no API key needed) - * [Tavily](https://tavily.com) - Optimized for AI Agents (1000 requests/month) - * DuckDuckGo - Built-in fallback (no API key required) - -> **Note**: See `config.example.json` for a complete configuration template. - -**4. Chat** - -```bash -picoclaw agent -m "What is 2+2?" -``` - -That's it! You have a working AI assistant in 2 minutes. - ---- - -## 💬 Chat Apps - -Talk to your picoclaw through Telegram, Discord, WhatsApp, Matrix, QQ, DingTalk, LINE, or WeCom - -> **Note**: All webhook-based channels (LINE, WeCom, etc.) are served on a single shared Gateway HTTP server (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`). There are no per-channel ports to configure. Note: Feishu uses WebSocket/SDK mode and does not use the shared HTTP webhook server. - -| Channel | Setup | -| ------------ | ---------------------------------- | -| **Telegram** | Easy (just a token) | -| **Discord** | Easy (bot token + intents) | -| **WhatsApp** | Easy (native: QR scan; or bridge URL) | -| **Matrix** | Medium (homeserver + bot access token) | -| **QQ** | Easy (AppID + AppSecret) | -| **DingTalk** | Medium (app credentials) | -| **LINE** | Medium (credentials + webhook URL) | -| **WeCom AI Bot** | Medium (Token + AES key) | - -
-Telegram (Recommended) - -**1. Create a bot** - -* Open Telegram, search `@BotFather` -* Send `/newbot`, follow prompts -* Copy the token - -**2. Configure** - -```json -{ - "channels": { - "telegram": { - "enabled": true, - "token": "YOUR_BOT_TOKEN", - "allow_from": ["YOUR_USER_ID"] - } - } -} -``` - -> Get your user ID from `@userinfobot` on Telegram. - -**3. Run** - -```bash -picoclaw gateway -``` - -**4. Telegram command menu (auto-registered at startup)** - -PicoClaw now keeps command definitions in one shared registry. On startup, Telegram will automatically register supported bot commands (for example `/start`, `/help`, `/show`, `/list`) so command menu and runtime behavior stay in sync. -Telegram command menu registration remains channel-local discovery UX; generic command execution is handled centrally in the agent loop via the commands executor. - -If command registration fails (network/API transient errors), the channel still starts and PicoClaw retries registration in the background. - -
- -
-Discord - -**1. Create a bot** - -* Go to -* Create an application → Bot → Add Bot -* Copy the bot token - -**2. Enable intents** - -* In the Bot settings, enable **MESSAGE CONTENT INTENT** -* (Optional) Enable **SERVER MEMBERS INTENT** if you plan to use allow lists based on member data - -**3. Get your User ID** -* Discord Settings → Advanced → enable **Developer Mode** -* Right-click your avatar → **Copy User ID** - -**4. Configure** - -```json -{ - "channels": { - "discord": { - "enabled": true, - "token": "YOUR_BOT_TOKEN", - "allow_from": ["YOUR_USER_ID"] - } - } -} -``` - -**5. Invite the bot** - -* OAuth2 → URL Generator -* Scopes: `bot` -* Bot Permissions: `Send Messages`, `Read Message History` -* Open the generated invite URL and add the bot to your server - -**Optional: Group trigger mode** - -By default the bot responds to all messages in a server channel. To restrict responses to @-mentions only, add: - -```json -{ - "channels": { - "discord": { - "group_trigger": { "mention_only": true } - } - } -} -``` - -You can also trigger by keyword prefixes (e.g. `!bot`): - -```json -{ - "channels": { - "discord": { - "group_trigger": { "prefixes": ["!bot"] } - } - } -} -``` - -**6. Run** - -```bash -picoclaw gateway -``` - -
- -
-WhatsApp (native via whatsmeow) - -PicoClaw can connect to WhatsApp in two ways: - -- **Native (recommended):** In-process using [whatsmeow](https://github.com/tulir/whatsmeow). No separate bridge. Set `"use_native": true` and leave `bridge_url` empty. On first run, scan the QR code with WhatsApp (Linked Devices). Session is stored under your workspace (e.g. `workspace/whatsapp/`). The native channel is **optional** to keep the default binary small; build with `-tags whatsapp_native` (e.g. `make build-whatsapp-native` or `go build -tags whatsapp_native ./cmd/...`). -- **Bridge:** Connect to an external WebSocket bridge. Set `bridge_url` (e.g. `ws://localhost:3001`) and keep `use_native` false. - -**Configure (native)** - -```json -{ - "channels": { - "whatsapp": { - "enabled": true, - "use_native": true, - "session_store_path": "", - "allow_from": [] - } - } -} -``` - -If `session_store_path` is empty, the session is stored in `<workspace>/whatsapp/`. Run `picoclaw gateway`; on first run, scan the QR code printed in the terminal with WhatsApp → Linked Devices. - -
- -
-QQ - -**1. Create a bot** - -- Go to [QQ Open Platform](https://q.qq.com/#) -- Create an application → Get **AppID** and **AppSecret** - -**2. Configure** - -```json -{ - "channels": { - "qq": { - "enabled": true, - "app_id": "YOUR_APP_ID", - "app_secret": "YOUR_APP_SECRET", - "allow_from": [] - } - } -} -``` - -> Set `allow_from` to empty to allow all users, or specify QQ numbers to restrict access. - -**3. Run** - -```bash -picoclaw gateway -``` - -
- -
-DingTalk - -**1. Create a bot** - -* Go to [Open Platform](https://open.dingtalk.com/) -* Create an internal app -* Copy Client ID and Client Secret - -**2. Configure** - -```json -{ - "channels": { - "dingtalk": { - "enabled": true, - "client_id": "YOUR_CLIENT_ID", - "client_secret": "YOUR_CLIENT_SECRET", - "allow_from": [] - } - } -} -``` - -> Set `allow_from` to empty to allow all users, or specify DingTalk user IDs to restrict access. - -**3. Run** - -```bash -picoclaw gateway -``` -
- -
-Matrix - -**1. Prepare bot account** - -* Use your preferred homeserver (e.g. `https://matrix.org` or self-hosted) -* Create a bot user and obtain its access token - -**2. Configure** - -```json -{ - "channels": { - "matrix": { - "enabled": true, - "homeserver": "https://matrix.org", - "user_id": "@your-bot:matrix.org", - "access_token": "YOUR_MATRIX_ACCESS_TOKEN", - "allow_from": [] - } - } -} -``` - -**3. Run** - -```bash -picoclaw gateway -``` - -For full options (`device_id`, `join_on_invite`, `group_trigger`, `placeholder`, `reasoning_channel_id`), see [Matrix Channel Configuration Guide](docs/channels/matrix/README.md). - -
- -
-LINE - -**1. Create a LINE Official Account** - -- Go to [LINE Developers Console](https://developers.line.biz/) -- Create a provider → Create a Messaging API channel -- Copy **Channel Secret** and **Channel Access Token** - -**2. Configure** - -```json -{ - "channels": { - "line": { - "enabled": true, - "channel_secret": "YOUR_CHANNEL_SECRET", - "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN", - "webhook_path": "/webhook/line", - "allow_from": [] - } - } -} -``` - -> LINE webhook is served on the shared Gateway server (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`). - -**3. Set up Webhook URL** - -LINE requires HTTPS for webhooks. Use a reverse proxy or tunnel: - -```bash -# Example with ngrok (gateway default port is 18790) -ngrok http 18790 -``` - -Then set the Webhook URL in LINE Developers Console to `https://your-domain/webhook/line` and enable **Use webhook**. - -**4. Run** - -```bash -picoclaw gateway -``` - -> In group chats, the bot responds only when @mentioned. Replies quote the original message. - -
- -
-WeCom (企业微信) - -PicoClaw supports three types of WeCom integration: - -**Option 1: WeCom Bot (Bot)** - Easier setup, supports group chats -**Option 2: WeCom App (Custom App)** - More features, proactive messaging, private chat only -**Option 3: WeCom AI Bot (AI Bot)** - Official AI Bot, streaming replies, supports group & private chat - -See [WeCom AI Bot Configuration Guide](docs/channels/wecom/wecom_aibot/README.zh.md) for detailed setup instructions. - -**Quick Setup - WeCom Bot:** - -**1. Create a bot** - -* Go to WeCom Admin Console → Group Chat → Add Group Bot -* Copy the webhook URL (format: `https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) - -**2. Configure** - -```json -{ - "channels": { - "wecom": { - "enabled": true, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_ENCODING_AES_KEY", - "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", - "webhook_path": "/webhook/wecom", - "allow_from": [] - } - } -} -``` - -> WeCom webhook is served on the shared Gateway server (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`). - -**Quick Setup - WeCom App:** - -**1. Create an app** - -* Go to WeCom Admin Console → App Management → Create App -* Copy **AgentId** and **Secret** -* Go to "My Company" page, copy **CorpID** - -**2. Configure receive message** - -* In App details, click "Receive Message" → "Set API" -* Set URL to `http://your-server:18790/webhook/wecom-app` -* Generate **Token** and **EncodingAESKey** - -**3. Configure** - -```json -{ - "channels": { - "wecom_app": { - "enabled": true, - "corp_id": "wwxxxxxxxxxxxxxxxx", - "corp_secret": "YOUR_CORP_SECRET", - "agent_id": 1000002, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_ENCODING_AES_KEY", - "webhook_path": "/webhook/wecom-app", - "allow_from": [] - } - } -} -``` - -**4. Run** - -```bash -picoclaw gateway -``` - -> **Note**: WeCom webhook callbacks are served on the Gateway port (default 18790). Use a reverse proxy for HTTPS. - -**Quick Setup - WeCom AI Bot:** - -**1. Create an AI Bot** - -* Go to WeCom Admin Console → App Management → AI Bot -* In the AI Bot settings, configure callback URL: `http://your-server:18791/webhook/wecom-aibot` -* Copy **Token** and click "Random Generate" for **EncodingAESKey** - -**2. Configure** - -```json -{ - "channels": { - "wecom_aibot": { - "enabled": true, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", - "webhook_path": "/webhook/wecom-aibot", - "allow_from": [], - "welcome_message": "Hello! How can I help you?" - } - } -} -``` - -**3. Run** - -```bash -picoclaw gateway -``` - -> **Note**: WeCom AI Bot uses streaming pull protocol — no reply timeout concerns. Long tasks (>30 seconds) automatically switch to `response_url` push delivery. - -
+| Topic | Description | +|-------|-------------| +| 🐳 [Docker & Quick Start](docs/docker.md) | Docker Compose setup, Launcher/Agent modes, Quick Start configuration | +| 💬 [Chat Apps](docs/chat-apps.md) | Telegram, Discord, WhatsApp, Matrix, QQ, Slack, IRC, DingTalk, LINE, Feishu, WeCom, and more | +| ⚙️ [Configuration](docs/configuration.md) | Environment variables, workspace layout, skill sources, security sandbox, heartbeat | +| 🔌 [Providers & Models](docs/providers.md) | 20+ LLM providers, model routing, model_list configuration, provider architecture | +| 🔄 [Spawn & Async Tasks](docs/spawn-tasks.md) | Quick tasks, long tasks with spawn, async sub-agent orchestration | +| 🐛 [Troubleshooting](docs/troubleshooting.md) | Common issues and solutions | +| 🔧 [Tools Configuration](docs/tools_configuration.md) | Per-tool enable/disable, exec policies | ## ClawdChat Join the Agent Social Network @@ -753,667 +207,7 @@ Connect Picoclaw to the Agent Social Network simply by sending a single message **Read `https://clawdchat.ai/skill.md` and follow the instructions to join [ClawdChat.ai](https://clawdchat.ai)** -## ⚙️ Configuration - -Config file: `~/.picoclaw/config.json` - -### Environment Variables - -You can override default paths using environment variables. This is useful for portable installations, containerized deployments, or running picoclaw as a system service. These variables are independent and control different paths. - -| Variable | Description | Default Path | -|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| `PICOCLAW_CONFIG` | Overrides the path to the configuration file. This directly tells picoclaw which `config.json` to load, ignoring all other locations. | `~/.picoclaw/config.json` | -| `PICOCLAW_HOME` | Overrides the root directory for picoclaw data. This changes the default location of the `workspace` and other data directories. | `~/.picoclaw` | - -**Examples:** - -```bash -# Run picoclaw using a specific config file -# The workspace path will be read from within that config file -PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway - -# Run picoclaw with all its data stored in /opt/picoclaw -# Config will be loaded from the default ~/.picoclaw/config.json -# Workspace will be created at /opt/picoclaw/workspace -PICOCLAW_HOME=/opt/picoclaw picoclaw agent - -# Use both for a fully customized setup -PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway -``` - -### Workspace Layout - -PicoClaw stores data in your configured workspace (default: `~/.picoclaw/workspace`): - -``` -~/.picoclaw/workspace/ -├── sessions/ # Conversation sessions and history -├── memory/ # Long-term memory (MEMORY.md) -├── state/ # Persistent state (last channel, etc.) -├── cron/ # Scheduled jobs database -├── skills/ # Custom skills -├── AGENTS.md # Agent behavior guide -├── HEARTBEAT.md # Periodic task prompts (checked every 30 min) -├── IDENTITY.md # Agent identity -├── SOUL.md # Agent soul -└── USER.md # User preferences -``` - -### Skill Sources - -By default, skills are loaded from: - -1. `~/.picoclaw/workspace/skills` (workspace) -2. `~/.picoclaw/skills` (global) -3. `/skills` (builtin) - -For advanced/test setups, you can override the builtin skills root with: - -```bash -export PICOCLAW_BUILTIN_SKILLS=/path/to/skills -``` - -### Unified Command Execution Policy - -- Generic slash commands are executed through a single path in `pkg/agent/loop.go` via `commands.Executor`. -- Channel adapters no longer consume generic commands locally; they forward inbound text to the bus/agent path. Telegram still auto-registers supported commands at startup. -- Unknown slash command (for example `/foo`) passes through to normal LLM processing. -- Registered but unsupported command on the current channel (for example `/show` on WhatsApp) returns an explicit user-facing error and stops further processing. -### 🔒 Security Sandbox - -PicoClaw runs in a sandboxed environment by default. The agent can only access files and execute commands within the configured workspace. - -#### Default Configuration - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "restrict_to_workspace": true - } - } -} -``` - -| Option | Default | Description | -| ----------------------- | ----------------------- | ----------------------------------------- | -| `workspace` | `~/.picoclaw/workspace` | Working directory for the agent | -| `restrict_to_workspace` | `true` | Restrict file/command access to workspace | - -#### Protected Tools - -When `restrict_to_workspace: true`, the following tools are sandboxed: - -| Tool | Function | Restriction | -| ------------- | ---------------- | -------------------------------------- | -| `read_file` | Read files | Only files within workspace | -| `write_file` | Write files | Only files within workspace | -| `list_dir` | List directories | Only directories within workspace | -| `edit_file` | Edit files | Only files within workspace | -| `append_file` | Append to files | Only files within workspace | -| `exec` | Execute commands | Command paths must be within workspace | - -#### Additional Exec Protection - -Even with `restrict_to_workspace: false`, the `exec` tool blocks these dangerous commands: - -* `rm -rf`, `del /f`, `rmdir /s` — Bulk deletion -* `format`, `mkfs`, `diskpart` — Disk formatting -* `dd if=` — Disk imaging -* Writing to `/dev/sd[a-z]` — Direct disk writes -* `shutdown`, `reboot`, `poweroff` — System shutdown -* Fork bomb `:(){ :|:& };:` - -#### Known Limitation: Child Processes From Build Tools - -The exec safety guard only inspects the command line PicoClaw launches directly. It does not recursively inspect child -processes spawned by allowed developer tools such as `make`, `go run`, `cargo`, `npm run`, or custom build scripts. - -That means a top-level command can still compile or launch other binaries after it passes the initial guard check. In -practice, treat build scripts, Makefiles, package scripts, and generated binaries as executable code that needs the same -level of review as a direct shell command. - -For higher-risk environments: - -* Review build scripts before execution. -* Prefer approval/manual review for compile-and-run workflows. -* Run PicoClaw inside a container or VM if you need stronger isolation than the built-in guard provides. - -#### Error Examples - -``` -[ERROR] tool: Tool execution failed -{tool=exec, error=Command blocked by safety guard (path outside working dir)} -``` - -``` -[ERROR] tool: Tool execution failed -{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} -``` - -#### Disabling Restrictions (Security Risk) - -If you need the agent to access paths outside the workspace: - -**Method 1: Config file** - -```json -{ - "agents": { - "defaults": { - "restrict_to_workspace": false - } - } -} -``` - -**Method 2: Environment variable** - -```bash -export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false -``` - -> ⚠️ **Warning**: Disabling this restriction allows the agent to access any path on your system. Use with caution in controlled environments only. - -#### Security Boundary Consistency - -The `restrict_to_workspace` setting applies consistently across all execution paths: - -| Execution Path | Security Boundary | -| ---------------- | ---------------------------- | -| Main Agent | `restrict_to_workspace` ✅ | -| Subagent / Spawn | Inherits same restriction ✅ | -| Heartbeat tasks | Inherits same restriction ✅ | - -All paths share the same workspace restriction — there's no way to bypass the security boundary through subagents or scheduled tasks. - -### Heartbeat (Periodic Tasks) - -PicoClaw can perform periodic tasks automatically. Create a `HEARTBEAT.md` file in your workspace: - -```markdown -# Periodic Tasks - -- Check my email for important messages -- Review my calendar for upcoming events -- Check the weather forecast -``` - -The agent will read this file every 30 minutes (configurable) and execute any tasks using available tools. - -#### Async Tasks with Spawn - -For long-running tasks (web search, API calls), use the `spawn` tool to create a **subagent**: - -```markdown -# Periodic Tasks - -## Quick Tasks (respond directly) - -- Report current time - -## Long Tasks (use spawn for async) - -- Search the web for AI news and summarize -- Check email and report important messages -``` - -**Key behaviors:** - -| Feature | Description | -| ----------------------- | --------------------------------------------------------- | -| **spawn** | Creates async subagent, doesn't block heartbeat | -| **Independent context** | Subagent has its own context, no session history | -| **message tool** | Subagent communicates with user directly via message tool | -| **Non-blocking** | After spawning, heartbeat continues to next task | - -#### How Subagent Communication Works - -``` -Heartbeat triggers - ↓ -Agent reads HEARTBEAT.md - ↓ -For long task: spawn subagent - ↓ ↓ -Continue to next task Subagent works independently - ↓ ↓ -All tasks done Subagent uses "message" tool - ↓ ↓ -Respond HEARTBEAT_OK User receives result directly -``` - -The subagent has access to tools (message, web_search, etc.) and can communicate with the user independently without going through the main agent. - -**Configuration:** - -```json -{ - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -| Option | Default | Description | -| ---------- | ------- | ---------------------------------- | -| `enabled` | `true` | Enable/disable heartbeat | -| `interval` | `30` | Check interval in minutes (min: 5) | - -**Environment variables:** - -* `PICOCLAW_HEARTBEAT_ENABLED=false` to disable -* `PICOCLAW_HEARTBEAT_INTERVAL=60` to change interval - -### Providers - -> [!NOTE] -> Groq provides free voice transcription via Whisper. If configured, audio messages from any channel will be automatically transcribed at the agent level. - -| Provider | Purpose | Get API Key | -| ------------ | --------------------------------------- | ------------------------------------------------------------ | -| `gemini` | LLM (Gemini direct) | [aistudio.google.com](https://aistudio.google.com) | -| `zhipu` | LLM (Zhipu direct) | [bigmodel.cn](https://bigmodel.cn) | -| `volcengine` | LLM(Volcengine direct) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| `openrouter` | LLM (recommended, access to all models) | [openrouter.ai](https://openrouter.ai) | -| `anthropic` | LLM (Claude direct) | [console.anthropic.com](https://console.anthropic.com) | -| `openai` | LLM (GPT direct) | [platform.openai.com](https://platform.openai.com) | -| `deepseek` | LLM (DeepSeek direct) | [platform.deepseek.com](https://platform.deepseek.com) | -| `qwen` | LLM (Qwen direct) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) | -| `groq` | LLM + **Voice transcription** (Whisper) | [console.groq.com](https://console.groq.com) | -| `cerebras` | LLM (Cerebras direct) | [cerebras.ai](https://cerebras.ai) | -| `vivgrid` | LLM (Vivgrid direct) | [vivgrid.com](https://vivgrid.com) | -| `azure` | LLM (Azure OpenAI) | [portal.azure.com](https://portal.azure.com) | - -### Model Configuration (model_list) - -> **What's New?** PicoClaw now uses a **model-centric** configuration approach. Simply specify `vendor/model` format (e.g., `zhipu/glm-4.7`) to add new providers—**zero code changes required!** - -This design also enables **multi-agent support** with flexible provider selection: - -- **Different agents, different providers**: Each agent can use its own LLM provider -- **Model fallbacks**: Configure primary and fallback models for resilience -- **Load balancing**: Distribute requests across multiple endpoints -- **Centralized configuration**: Manage all providers in one place - -#### 📋 All Supported Vendors - -| Vendor | `model` Prefix | Default API Base | Protocol | API Key | -| ------------------- | ----------------- |-----------------------------------------------------| --------- | ---------------------------------------------------------------- | -| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Get Key](https://platform.openai.com) | -| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Get Key](https://console.anthropic.com) | -| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Get Key](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | -| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Get Key](https://platform.deepseek.com) | -| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Get Key](https://aistudio.google.com/api-keys) | -| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Get Key](https://console.groq.com) | -| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [Get Key](https://platform.moonshot.cn) | -| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Get Key](https://dashscope.console.aliyun.com) | -| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [Get Key](https://build.nvidia.com) | -| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (no key needed) | -| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Get Key](https://openrouter.ai/keys) | -| **LiteLLM Proxy** | `litellm/` | `http://localhost:4000/v1` | OpenAI | Your LiteLLM proxy key | -| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | Local | -| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [Get Key](https://cerebras.ai) | -| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Get Key](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| **神算云** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | -| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [Get Key](https://www.byteplus.com) | -| **Vivgrid** | `vivgrid/` | `https://api.vivgrid.com/v1` | OpenAI | [Get Key](https://vivgrid.com) | -| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [Get Key](https://longcat.chat/platform) | -| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [Get Token](https://modelscope.cn/my/tokens) | -| **Azure OpenAI** | `azure/` | `https://{resource}.openai.azure.com` | Azure | [Get Key](https://portal.azure.com) | -| **Antigravity** | `antigravity/` | Google Cloud | Custom | OAuth only | -| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | - -#### Basic Configuration - -```json -{ - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-your-openai-key" - }, - { - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "api_key": "sk-ant-your-key" - }, - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-zhipu-key" - } - ], - "agents": { - "defaults": { - "model": "gpt-5.4" - } - } -} -``` - -#### Vendor-Specific Examples - -**OpenAI** - -```json -{ - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-..." -} -``` - -**VolcEngine (Doubao)** - -```json -{ - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-..." -} -``` - -**智谱 AI (GLM)** - -```json -{ - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" -} -``` - -**DeepSeek** - -```json -{ - "model_name": "deepseek-chat", - "model": "deepseek/deepseek-chat", - "api_key": "sk-..." -} -``` - -**Anthropic (with API key)** - -```json -{ - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "api_key": "sk-ant-your-key" -} -``` - -> Run `picoclaw auth login --provider anthropic` to paste your API token. - -**Anthropic Messages API (native format)** - -For direct Anthropic API access or custom endpoints that only support Anthropic's native message format: - -```json -{ - "model_name": "claude-opus-4-6", - "model": "anthropic-messages/claude-opus-4-6", - "api_key": "sk-ant-your-key", - "api_base": "https://api.anthropic.com" -} -``` - -> Use `anthropic-messages` protocol when: -> - Using third-party proxies that only support Anthropic's native `/v1/messages` endpoint (not OpenAI-compatible `/v1/chat/completions`) -> - Connecting to services like MiniMax, Synthetic that require Anthropic's native message format -> - The existing `anthropic` protocol returns 404 errors (indicating the endpoint doesn't support OpenAI-compatible format) -> -> **Note:** The `anthropic` protocol uses OpenAI-compatible format (`/v1/chat/completions`), while `anthropic-messages` uses Anthropic's native format (`/v1/messages`). Choose based on your endpoint's supported format. - -**Ollama (local)** - -```json -{ - "model_name": "llama3", - "model": "ollama/llama3" -} -``` - -**Custom Proxy/API** - -```json -{ - "model_name": "my-custom-model", - "model": "openai/custom-model", - "api_base": "https://my-proxy.com/v1", - "api_key": "sk-...", - "request_timeout": 300 -} -``` - -**LiteLLM Proxy** - -```json -{ - "model_name": "lite-gpt4", - "model": "litellm/lite-gpt4", - "api_base": "http://localhost:4000/v1", - "api_key": "sk-..." -} -``` - -PicoClaw strips only the outer `litellm/` prefix before sending the request, so proxy aliases like `litellm/lite-gpt4` send `lite-gpt4`, while `litellm/openai/gpt-4o` sends `openai/gpt-4o`. - -#### Load Balancing - -Configure multiple endpoints for the same model name—PicoClaw will automatically round-robin between them: - -```json -{ - "model_list": [ - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api1.example.com/v1", - "api_key": "sk-key1" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api2.example.com/v1", - "api_key": "sk-key2" - } - ] -} -``` - -#### Migration from Legacy `providers` Config - -The old `providers` configuration is **deprecated** but still supported for backward compatibility. - -**Old Config (deprecated):** - -```json -{ - "providers": { - "zhipu": { - "api_key": "your-key", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - }, - "agents": { - "defaults": { - "provider": "zhipu", - "model": "glm-4.7" - } - } -} -``` - -**New Config (recommended):** - -```json -{ - "model_list": [ - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" - } - ], - "agents": { - "defaults": { - "model": "glm-4.7" - } - } -} -``` - -For detailed migration guide, see [docs/migration/model-list-migration.md](docs/migration/model-list-migration.md). - -### Provider Architecture - -PicoClaw routes providers by protocol family: - -- OpenAI-compatible protocol: OpenRouter, OpenAI-compatible gateways, Groq, Zhipu, and vLLM-style endpoints. -- Anthropic protocol: Claude-native API behavior. -- Codex/OAuth path: OpenAI OAuth/token authentication route. - -This keeps the runtime lightweight while making new OpenAI-compatible backends mostly a config operation (`api_base` + `api_key`). - -
-Zhipu - -**1. Get API key and base URL** - -* Get [API key](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) - -**2. Configure** - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "model": "glm-4.7", - "max_tokens": 8192, - "temperature": 0.7, - "max_tool_iterations": 20 - } - }, - "providers": { - "zhipu": { - "api_key": "Your API Key", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - } -} -``` - -**3. Run** - -```bash -picoclaw agent -m "Hello" -``` - -
- -
-Full config example - -```json -{ - "agents": { - "defaults": { - "model": "anthropic/claude-opus-4-5" - } - }, - "session": { - "dm_scope": "per-channel-peer", - "backlog_limit": 20 - }, - "providers": { - "openrouter": { - "api_key": "sk-or-v1-xxx" - }, - "groq": { - "api_key": "gsk_xxx" - } - }, - "channels": { - "telegram": { - "enabled": true, - "token": "123456:ABC...", - "allow_from": ["123456789"] - }, - "discord": { - "enabled": true, - "token": "", - "allow_from": [""] - }, - "whatsapp": { - "enabled": false, - "bridge_url": "ws://localhost:3001", - "use_native": false, - "session_store_path": "", - "allow_from": [] - }, - "feishu": { - "enabled": false, - "app_id": "cli_xxx", - "app_secret": "xxx", - "encrypt_key": "", - "verification_token": "", - "allow_from": [] - }, - "qq": { - "enabled": false, - "app_id": "", - "app_secret": "", - "allow_from": [] - } - }, - "tools": { - "web": { - "brave": { - "enabled": false, - "api_key": "BSA...", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - }, - "perplexity": { - "enabled": false, - "api_key": "", - "max_results": 5 - }, - "searxng": { - "enabled": false, - "base_url": "http://localhost:8888", - "max_results": 5 - } - }, - "cron": { - "exec_timeout_minutes": 5 - } - }, - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -
- -## CLI Reference +## 🖥️ CLI Reference | Command | Description | | ------------------------- | ----------------------------- | @@ -1422,8 +216,15 @@ picoclaw agent -m "Hello" | `picoclaw agent` | Interactive chat mode | | `picoclaw gateway` | Start the gateway | | `picoclaw status` | Show status | +| `picoclaw version` | Show version info | | `picoclaw cron list` | List all scheduled jobs | | `picoclaw cron add ...` | Add a scheduled job | +| `picoclaw cron disable` | Disable a scheduled job | +| `picoclaw cron remove` | Remove a scheduled job | +| `picoclaw skills list` | List installed skills | +| `picoclaw skills install` | Install a skill | +| `picoclaw migrate` | Migrate data from older versions | +| `picoclaw auth login` | Authenticate with providers | ### Scheduled Tasks / Reminders @@ -1433,8 +234,6 @@ PicoClaw supports scheduled reminders and recurring tasks through the `cron` too * **Recurring tasks**: "Remind me every 2 hours" → triggers every 2 hours * **Cron expressions**: "Remind me at 9am daily" → uses cron expression -Jobs are stored in `~/.picoclaw/workspace/cron/` and processed automatically. - ## 🤝 Contribute & Roadmap PRs welcome! The codebase is intentionally small and readable. 🤗 @@ -1448,133 +247,3 @@ User Groups: discord: PicoClaw - -## 🐛 Troubleshooting - -### Web search says "API key configuration issue" - -This is normal if you haven't configured a search API key yet. PicoClaw will provide helpful links for manual searching. - -#### Search Provider Priority - -PicoClaw automatically selects the best available search provider in this order: -1. **Perplexity** (if enabled and API key configured) - AI-powered search with citations -2. **Brave Search** (if enabled and API key configured) - Privacy-focused paid API ($5/1000 queries) -3. **SearXNG** (if enabled and base_url configured) - Self-hosted metasearch aggregating 70+ engines (free) -4. **DuckDuckGo** (if enabled, default fallback) - No API key required (free) - -#### Web Search Configuration Options - -**Option 1 (Best Results)**: Perplexity AI Search -```json -{ - "tools": { - "web": { - "perplexity": { - "enabled": true, - "api_key": "YOUR_PERPLEXITY_API_KEY", - "max_results": 5 - } - } - } -} -``` - -**Option 2 (Paid API)**: Get an API key at [https://brave.com/search/api](https://brave.com/search/api) ($5/1000 queries, ~$5-6/month) -```json -{ - "tools": { - "web": { - "brave": { - "enabled": true, - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - } - } - } -} -``` - -**Option 3 (Self-Hosted)**: Deploy your own [SearXNG](https://github.com/searxng/searxng) instance -```json -{ - "tools": { - "web": { - "searxng": { - "enabled": true, - "base_url": "http://your-server:8888", - "max_results": 5 - } - } - } -} -``` - -Benefits of SearXNG: -- **Zero cost**: No API fees or rate limits -- **Privacy-focused**: Self-hosted, no tracking -- **Aggregate results**: Queries 70+ search engines simultaneously -- **Perfect for cloud VMs**: Solves datacenter IP blocking issues (Oracle Cloud, GCP, AWS, Azure) -- **No API key needed**: Just deploy and configure the base URL - -**Option 4 (No Setup Required)**: DuckDuckGo is enabled by default as fallback (no API key needed) - -Add the key to `~/.picoclaw/config.json` if using Brave: - -```json -{ - "tools": { - "web": { - "brave": { - "enabled": false, - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - }, - "perplexity": { - "enabled": false, - "api_key": "YOUR_PERPLEXITY_API_KEY", - "max_results": 5 - }, - "searxng": { - "enabled": false, - "base_url": "http://your-searxng-instance:8888", - "max_results": 5 - } - } - } -} -``` - -### Getting content filtering errors - -Some providers (like Zhipu) have content filtering. Try rephrasing your query or use a different model. - -### Telegram bot says "Conflict: terminated by other getUpdates" - -This happens when another instance of the bot is running. Make sure only one `picoclaw gateway` is running at a time. - ---- - -## 📝 API Key Comparison - -| Service | Free Tier | Use Case | -| ---------------- | ------------------------ | ------------------------------------- | -| **OpenRouter** | 200K tokens/month | Multiple models (Claude, GPT-4, etc.) | -| **Volcengine CodingPlan** | ¥9.9/first month | Best for Chinese users, multiple SOTA models (Doubao, DeepSeek, etc.) | -| **Zhipu** | 200K tokens/month | Suitable for Chinese users | -| **Brave Search** | Paid ($5/1000 queries) | Web search functionality | -| **SearXNG** | Unlimited (self-hosted) | Privacy-focused metasearch (70+ engines) | -| **Groq** | Free tier available | Fast inference (Llama, Mixtral) | -| **Cerebras** | Free tier available | Fast inference (Llama, Qwen, etc.) | -| **LongCat** | Up to 5M tokens/day | Fast inference (free tier) | -| **ModelScope** | 2000 requests/day | Free inference (Qwen, GLM, DeepSeek, etc.) | - ---- - -
- PicoClaw Meme -
diff --git a/README.pt-br.md b/README.pt-br.md index 222755242..04f7dae26 100644 --- a/README.pt-br.md +++ b/README.pt-br.md @@ -1,12 +1,12 @@
-PicoClaw + PicoClaw -

PicoClaw: Assistente de IA Ultra-Eficiente em Go

+

PicoClaw: Assistente de IA Ultra-Eficiente em Go

-

Hardware de $10 · 10MB de RAM · Boot em 1s · 皮皮虾,我们走!

+

Hardware de $10 · <10MB de RAM · Boot em <1s · 皮皮虾,我们走!

- Go - Hardware + Go + Hardware License
Website @@ -18,68 +18,88 @@ Discord

- [中文](README.zh.md) | [日本語](README.ja.md) | **Português** | [Tiếng Việt](README.vi.md) | [Français](README.fr.md) | [English](README.md) +[中文](README.zh.md) | [日本語](README.ja.md) | **Português** | [Tiếng Việt](README.vi.md) | [Français](README.fr.md) | [English](README.md) +
--- > **PicoClaw** é um projeto open-source independente iniciado pela [Sipeed](https://sipeed.com). É escrito inteiramente em **Go** — não é um fork do OpenClaw, NanoBot ou qualquer outro projeto. -🦐 **PicoClaw** é um assistente pessoal de IA ultra-leve inspirado no [NanoBot](https://github.com/HKUDS/nanobot), reescrito do zero em **Go** por meio de um processo de "auto-inicialização" (self-bootstrapping) — onde o próprio agente de IA conduziu toda a migração de arquitetura e otimização de código. +🦐 PicoClaw é um assistente pessoal de IA ultra-leve inspirado no [NanoBot](https://github.com/HKUDS/nanobot), reescrito do zero em Go por meio de um processo de auto-inicialização (self-bootstrapping), onde o próprio agente de IA conduziu toda a migração de arquitetura e otimização de código. -⚡️ **Extremamente leve:** Roda em hardware de apenas **$10** com **<10MB** de RAM. Isso é 99% menos memória que o OpenClaw e 98% mais barato que um Mac mini! +⚡️ Roda em hardware de $10 com <10MB de RAM: Isso é 99% menos memória que o OpenClaw e 98% mais barato que um Mac mini! - - - - + + + +
-

- -

-		 -

- -

-
+

+ +

+ 		+

+ +

+
> [!CAUTION] > **🚨 DECLARAÇÃO DE SEGURANÇA & CANAIS OFICIAIS** > > * **SEM CRIPTOMOEDAS:** O PicoClaw **NÃO** possui nenhum token/moeda oficial. Todas as alegações no `pump.fun` ou outras plataformas de negociação são **GOLPES**. -> * **DOMÍNIO OFICIAL:** O **ÚNICO** site oficial é o **[picoclaw.io](https://picoclaw.io)**, e o site da empresa é o **[sipeed.com](https://sipeed.com)**. -> * **Aviso:** Muitos domínios `.ai/.org/.com/.net/...` foram registrados por terceiros, não são nossos. +> +> * **DOMÍNIO OFICIAL:** O **ÚNICO** site oficial é o **[picoclaw.io](https://picoclaw.io)**, e o site da empresa é o **[sipeed.com](https://sipeed.com)** +> * **Aviso:** Muitos domínios `.ai/.org/.com/.net/...` foram registrados por terceiros. > * **Aviso:** O PicoClaw está em fase inicial de desenvolvimento e pode ter problemas de segurança de rede não resolvidos. Não implante em ambientes de produção antes da versão v1.0. -> * **Nota:** O PicoClaw recentemente fez merge de muitos PRs, o que pode resultar em maior consumo de memória (10-20MB) nas versões mais recentes. Planejamos priorizar a otimização de recursos assim que o conjunto de funcionalidades estiver estável. - +> * **Nota:** O PicoClaw recentemente fez merge de muitos PRs, o que pode resultar em maior consumo de memória (10–20MB) nas versões mais recentes. Planejamos priorizar a otimização de recursos assim que o conjunto de funcionalidades estiver estável. ## 📢 Novidades -2026-02-16 🎉 PicoClaw atingiu 12K stars em uma semana! Obrigado a todos pelo apoio! O PicoClaw está crescendo mais rápido do que jamais imaginamos. Dado o alto volume de PRs, precisamos urgentemente de maintainers da comunidade. Nossos papéis de voluntários e roadmap foram publicados oficialmente [aqui](docs/ROADMAP.md) — estamos ansiosos para ter você a bordo! +2026-03-17 🚀 **v0.2.3 Lançado!** Interface de bandeja do sistema (Windows & Linux), rastreamento de status de sub-agentes (`spawn_status`), hot-reload experimental do gateway, portões de segurança para cron e 2 correções de segurança. PicoClaw agora com **25K ⭐**! -2026-02-13 🎉 PicoClaw atingiu 5000 stars em 4 dias! Obrigado à comunidade! Estamos finalizando o **Roadmap do Projeto** e configurando o **Grupo de Desenvolvedores** para acelerar o desenvolvimento do PicoClaw. +2026-03-09 🎉 **v0.2.1 — Maior atualização até agora!** Suporte ao protocolo MCP, 4 novos canais (Matrix/IRC/WeCom/Discord Proxy), 3 novos provedores (Kimi/Minimax/Avian), pipeline de visão, armazenamento de memória JSONL e roteamento de modelos. -🚀 **Chamada para Ação:** Envie suas solicitações de funcionalidades nas GitHub Discussions. Revisaremos e priorizaremos na próxima reunião semanal. +2026-02-28 📦 **v0.2.0** lançado com suporte a Docker Compose e launcher Web UI. -2026-02-09 🎉 PicoClaw lançado oficialmente! Construído em 1 dia para trazer Agentes de IA para hardware de $10 com <10MB de RAM. 🦐 PicoClaw, Partiu! +2026-02-26 🎉 PicoClaw atingiu **20K stars** em apenas 17 dias! Orquestração automática de canais e interfaces de capacidade implementadas. + +
+Novidades anteriores... + +2026-02-16 🎉 PicoClaw atingiu 12K stars em uma semana! Papéis de maintainers da comunidade e [roadmap](ROADMAP.md) publicados oficialmente. + +2026-02-13 🎉 PicoClaw atingiu 5000 stars em 4 dias! Roadmap do Projeto e Grupo de Desenvolvedores em preparação. + +2026-02-09 🎉 **PicoClaw Lançado!** Construído em 1 dia para trazer Agentes de IA para hardware de $10 com <10MB de RAM. 🦐 PicoClaw, Partiu! + +
## ✨ Funcionalidades -🪶 **Ultra-Leve**: Consumo de memória <10MB — 99% menor que o Clawdbot para funcionalidades essenciais. +🪶 **Ultra-Leve**: Consumo de memória <10MB — 99% menor que o OpenClaw para funcionalidades essenciais.* 💰 **Custo Mínimo**: Eficiente o suficiente para rodar em hardware de $10 — 98% mais barato que um Mac mini. -⚡️ **Inicialização Relámpago**: Tempo de inicialização 400X mais rápido, boot em 1 segundo mesmo em CPU single-core de 0.6GHz. +⚡️ **Inicialização Relâmpago**: Tempo de inicialização 400X mais rápido, boot em <1 segundo mesmo em CPU single-core de 0.6GHz. 🌍 **Portabilidade Real**: Um único binário auto-contido para RISC-V, ARM, MIPS e x86. Um clique e já era! 🤖 **Auto-Construído por IA**: Implementação nativa em Go de forma autônoma — 95% do núcleo gerado pelo Agente com refinamento humano no loop. +🔌 **Suporte MCP**: Integração nativa com o [Model Context Protocol](https://modelcontextprotocol.io/) — conecte qualquer servidor MCP para estender as capacidades do agente. + +👁️ **Pipeline de Visão**: Envie imagens e arquivos diretamente ao agente — codificação base64 automática para LLMs multimodais. + +🧠 **Roteamento Inteligente**: Roteamento de modelos baseado em regras — consultas simples vão para modelos leves, economizando custos de API. + +_*Versões recentes podem usar 10–20MB devido a merges rápidos de funcionalidades. Otimização de recursos está planejada. Comparação de inicialização baseada em benchmarks de single-core a 0.8GHz (veja tabela abaixo)._ + | | OpenClaw | NanoBot | **PicoClaw** | | ----------------------------- | ------------- | ------------------------ | ----------------------------------------- | | **Linguagem** | TypeScript | Python | **Go** | -| **RAM** | >1GB | >100MB | **< 10MB** | +| **RAM** | >1GB | >100MB | **< 10MB*** | | **Inicialização**
(CPU 0.8GHz) | >500s | >30s | **<1s** | | **Custo** | Mac Mini $599 | Maioria dos SBC Linux
~$50 | **Qualquer placa Linux**
**A partir de $10** | @@ -90,36 +110,36 @@ ### 🛠️ Fluxos de Trabalho Padrão do Assistente - - - - - - - - - - - - - - - + + + + + + + + + + + + + + +

🧩 Engenharia Full-Stack

🗂️ Gerenciamento de Logs & Planejamento

🔎 Busca Web & Aprendizado

Desenvolver • Implantar • EscalarAgendar • Automatizar • MemorizarDescobrir • Analisar • Tendências

🧩 Engenharia Full-Stack

🗂️ Gerenciamento de Logs & Planejamento

🔎 Busca Web & Aprendizado

Desenvolver • Implantar • EscalarAgendar • Automatizar • MemorizarDescobrir • Analisar • Tendências
### 📱 Rode em celulares Android antigos Dê uma segunda vida ao seu celular de dez anos atrás! Transforme-o em um assistente de IA inteligente com o PicoClaw. Início rápido: -1. **Instale o Termux** (Disponível no F-Droid ou Google Play). +1. **Instale o [Termux](https://github.com/termux/termux-app)** (Baixe em [GitHub Releases](https://github.com/termux/termux-app/releases), ou busque no F-Droid / Google Play). 2. **Execute os comandos** ```bash -# Nota: Substitua v0.1.1 pela versao mais recente da pagina de Releases -wget https://github.com/sipeed/picoclaw/releases/download/v0.1.1/picoclaw-linux-arm64 -chmod +x picoclaw-linux-arm64 +# Baixe a versão mais recente em https://github.com/sipeed/picoclaw/releases +wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz +tar xzf picoclaw_Linux_arm64.tar.gz pkg install proot -termux-chroot ./picoclaw-linux-arm64 onboard +termux-chroot ./picoclaw onboard ``` Depois siga as instruções na seção "Início Rápido" para completar a configuração! @@ -130,11 +150,11 @@ Depois siga as instruções na seção "Início Rápido" para completar a config O PicoClaw pode ser implantado em praticamente qualquer dispositivo Linux! -- $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) versão E (Ethernet) ou W (WiFi6), para Assistente Doméstico Minimalista +- $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) versão E(Ethernet) ou W(WiFi6), para Assistente Doméstico Minimalista - $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), ou $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) para Manutenção Automatizada de Servidores - $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) ou $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) para Monitoramento Inteligente -https://private-user-images.githubusercontent.com/83055338/547056448-e7b031ff-d6f5-4468-bcca-5726b6fecb5c.mp4 + 🌟 Mais cenários de implantação aguardam você! @@ -142,7 +162,7 @@ https://private-user-images.githubusercontent.com/83055338/547056448-e7b031ff-d6 ### Instalar com binário pré-compilado -Baixe o binário para sua plataforma na página de [releases](https://github.com/sipeed/picoclaw/releases). +Baixe o binário para sua plataforma na página de [Releases](https://github.com/sipeed/picoclaw/releases). ### Instalar a partir do código-fonte (funcionalidades mais recentes, recomendado para desenvolvimento) @@ -155,1087 +175,75 @@ make deps # Build, sem necessidade de instalar make build -# Build para multiplas plataformas +# Build para múltiplas plataformas make build-all +# Build para Raspberry Pi Zero 2 W (32-bit: make build-linux-arm; 64-bit: make build-linux-arm64) +make build-pi-zero + # Build e Instalar make install ``` -## 🐳 Docker Compose +**Raspberry Pi Zero 2 W:** Use o binário correspondente ao seu SO: Raspberry Pi OS 32-bit → `make build-linux-arm`; 64-bit → `make build-linux-arm64`. Ou execute `make build-pi-zero` para compilar ambos. -Você tambêm pode rodar o PicoClaw usando Docker Compose sem instalar nada localmente. +## 📚 Documentação -```bash -# 1. Clone este repositorio -git clone https://github.com/sipeed/picoclaw.git -cd picoclaw +Para guias detalhados, consulte a documentação abaixo. Este README cobre apenas o início rápido. -# 2. Primeiro uso — gera docker/data/config.json automaticamente e para -docker compose -f docker/docker-compose.yml --profile gateway up -# O contêiner exibe "First-run setup complete." e para. +| Tópico | Descrição | +|--------|-----------| +| 🐳 [Docker & Início Rápido](docs/pt-br/docker.md) | Configuração Docker Compose, modos Launcher/Agent, configuração de Início Rápido | +| 💬 [Apps de Chat](docs/pt-br/chat-apps.md) | Telegram, Discord, WhatsApp, Matrix, QQ, Slack, IRC, DingTalk, LINE, Feishu, WeCom e mais | +| ⚙️ [Configuração](docs/pt-br/configuration.md) | Variáveis de ambiente, estrutura do workspace, fontes de skills, sandbox de segurança, heartbeat | +| 🔌 [Provedores & Modelos](docs/pt-br/providers.md) | 20+ provedores LLM, roteamento de modelos, configuração model_list, arquitetura de provedores | +| 🔄 [Spawn & Tarefas Assíncronas](docs/pt-br/spawn-tasks.md) | Tarefas rápidas, tarefas longas com spawn, orquestração assíncrona de sub-agentes | +| 🐛 [Solução de Problemas](docs/pt-br/troubleshooting.md) | Problemas comuns e soluções | +| 🔧 [Configuração de Ferramentas](docs/pt-br/tools_configuration.md) | Habilitar/desabilitar por ferramenta, políticas de execução | -# 3. Configure suas API keys -vim docker/data/config.json # Chaves de API do provedor, tokens de bot, etc. +## ClawdChat Junte-se à Rede Social de Agentes -# 4. Iniciar -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -> [!TIP] -> **Usuários Docker**: Por padrão, o Gateway ouve em `127.0.0.1`, o que não é acessível a partir do host. Se você precisar acessar os endpoints de integridade ou expor portas, defina `PICOCLAW_GATEWAY_HOST=0.0.0.0` em seu ambiente ou atualize o `config.json`. - -```bash -# 5. Ver logs -docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway - -# 6. Parar -docker compose -f docker/docker-compose.yml --profile gateway down -``` - -### Modo Agente (Execução única) - -```bash -# Fazer uma pergunta -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "Quanto e 2+2?" - -# Modo interativo -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -``` - -### Atualizar - -```bash -docker compose -f docker/docker-compose.yml pull -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -### 🚀 Início Rápido - -> [!TIP] -> Configure sua API key em `~/.picoclaw/config.json`. Obtenha API keys: [Volcengine (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM). Busca web é **opcional** — obtenha a [API Tavily](https://tavily.com) gratuita (1000 consultas grátis/mês) ou a [Brave Search API](https://brave.com/search/api) (2000 consultas grátis/mês). - -**1. Inicializar** - -```bash -picoclaw onboard -``` - -**2. Configurar** (`~/.picoclaw/config.json`) - -```json -{ - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key", - "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-your-openai-key", - "request_timeout": 300, - "api_base": "https://api.openai.com/v1" - } - ], - "agents": { - "defaults": { - "model_name": "gpt-5.4" - } - }, - "tools": { - "web": { - "enabled": true, - "fetch_limit_bytes": 10485760, - "format": "plaintext", - "brave": { - "enabled": false, - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - } - } -} -``` - -> **Novo**: O formato de configuração `model_list` permite adicionar provedores sem alterar código. Veja [Configuração de Modelo](#configuração-de-modelo-model_list) para detalhes. -> `request_timeout` é opcional e usa segundos. Se omitido ou definido como `<= 0`, o PicoClaw usa o timeout padrão (120s). - -**3. Obter API Keys** - -* **Provedor de LLM**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) -* **Busca Web** (opcional): [Brave Search](https://brave.com/search/api) - Plano gratuito disponível (2000 consultas/mês) - -> **Nota**: Veja `config.example.json` para um modelo de configuração completo. - -**4. Conversar** - -```bash -picoclaw agent -m "Quanto e 2+2?" -``` - -Pronto! Você tem um assistente de IA funcionando em 2 minutos. - ---- - -## 💬 Integração com Apps de Chat - -Converse com seu PicoClaw via Telegram, Discord, DingTalk, LINE ou WeCom. - -| Canal | Nível de Configuração | -| --- | --- | -| **Telegram** | Fácil (apenas um token) | -| **Discord** | Fácil (bot token + intents) | -| **QQ** | Fácil (AppID + AppSecret) | -| **DingTalk** | Médio (credenciais do app) | -| **LINE** | Médio (credenciais + webhook URL) | -| **WeCom AI Bot** | Médio (Token + chave AES) | - -
-Telegram (Recomendado) - -**1. Criar o bot** - -* Abra o Telegram, busque `@BotFather` -* Envie `/newbot`, siga as instruções -* Copie o token - -**2. Configurar** - -```json -{ - "channels": { - "telegram": { - "enabled": true, - "token": "YOUR_BOT_TOKEN", - "allow_from": ["YOUR_USER_ID"] - } - } -} -``` - -> Obtenha seu User ID pelo `@userinfobot` no Telegram. - -**3. Executar** - -```bash -picoclaw gateway -``` - -
- -
-Discord - -**1. Criar o bot** - -* Acesse -* Crie um aplicativo → Bot → Add Bot -* Copie o token do bot - -**2. Habilitar Intents** - -* Nas configurações do Bot, habilite **MESSAGE CONTENT INTENT** -* (Opcional) Habilite **SERVER MEMBERS INTENT** se quiser usar lista de permissões baseada em dados dos membros - -**3. Obter seu User ID** - -* Configurações do Discord → Avançado → habilite **Modo Desenvolvedor** -* Clique com botão direito no seu avatar → **Copiar ID do Usuário** - -**4. Configurar** - -```json -{ - "channels": { - "discord": { - "enabled": true, - "token": "YOUR_BOT_TOKEN", - "allow_from": ["YOUR_USER_ID"] - } - } -} -``` - -**5. Convidar o bot** - -* OAuth2 → URL Generator -* Scopes: `bot` -* Bot Permissions: `Send Messages`, `Read Message History` -* Abra a URL de convite gerada e adicione o bot ao seu servidor - -**6. Executar** - -```bash -picoclaw gateway -``` - -
- -
-QQ - -**1. Criar o bot** - -- Acesse a [QQ Open Platform](https://q.qq.com/#) -- Crie um aplicativo → Obtenha **AppID** e **AppSecret** - -**2. Configurar** - -```json -{ - "channels": { - "qq": { - "enabled": true, - "app_id": "YOUR_APP_ID", - "app_secret": "YOUR_APP_SECRET", - "allow_from": [] - } - } -} -``` - -> Deixe `allow_from` vazio para permitir todos os usuários, ou especifique números QQ para restringir o acesso. - -**3. Executar** - -```bash -picoclaw gateway -``` - -
- -
-DingTalk - -**1. Criar o bot** - -* Acesse a [Open Platform](https://open.dingtalk.com/) -* Crie um app interno -* Copie o Client ID e Client Secret - -**2. Configurar** - -```json -{ - "channels": { - "dingtalk": { - "enabled": true, - "client_id": "YOUR_CLIENT_ID", - "client_secret": "YOUR_CLIENT_SECRET", - "allow_from": [] - } - } -} -``` - -> Deixe `allow_from` vazio para permitir todos os usuários, ou especifique IDs para restringir o acesso. - -**3. Executar** - -```bash -picoclaw gateway -``` - -
- -
-LINE - -**1. Criar uma Conta Oficial LINE** - -- Acesse o [LINE Developers Console](https://developers.line.biz/) -- Crie um provider → Crie um canal Messaging API -- Copie o **Channel Secret** e o **Channel Access Token** - -**2. Configurar** - -```json -{ - "channels": { - "line": { - "enabled": true, - "channel_secret": "YOUR_CHANNEL_SECRET", - "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN", - "webhook_path": "/webhook/line", - "allow_from": [] - } - } -} -``` - -**3. Configurar URL do Webhook** - -O LINE requer HTTPS para webhooks. Use um reverse proxy ou tunnel: - -```bash -# Exemplo com ngrok -ngrok http 18790 -``` - -Em seguida, configure a Webhook URL no LINE Developers Console para `https://seu-dominio/webhook/line` e habilite **Use webhook**. - -> **Nota**: O webhook do LINE é servido pelo Gateway compartilhado (padrão 127.0.0.1:18790). Use um proxy reverso/HTTPS ou túnel (como ngrok) para expor o Gateway de forma segura quando necessário. - -**4. Executar** - -```bash -picoclaw gateway -``` - -> Em chats de grupo, o bot responde apenas quando mencionado com @. As respostas citam a mensagem original. - -> **Docker Compose**: Se você usa Docker Compose, exponha o Gateway (padrão 127.0.0.1:18790) se precisar acessar o webhook LINE externamente, por exemplo `ports: ["18790:18790"]`. - -
- -
-WeCom (WeChat Work) - -O PicoClaw suporta três tipos de integração WeCom: - -**Opção 1: WeCom Bot (Robô)** - Configuração mais fácil, suporta chats em grupo -**Opção 2: WeCom App (Aplicativo Personalizado)** - Mais recursos, mensagens proativas, somente chat privado -**Opção 3: WeCom AI Bot (Robô Inteligente)** - Bot IA oficial, respostas em streaming, suporta grupo e privado - -Veja o [Guia de Configuração WeCom AI Bot](docs/channels/wecom/wecom_aibot/README.zh.md) para instruções detalhadas. - -**Configuração Rápida - WeCom Bot:** - -**1. Criar um bot** - -* Acesse o Console de Administração WeCom → Chat em Grupo → Adicionar Bot de Grupo -* Copie a URL do webhook (formato: `https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) - -**2. Configurar** - -```json -{ - "channels": { - "wecom": { - "enabled": true, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_ENCODING_AES_KEY", - "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", - "webhook_path": "/webhook/wecom", - "allow_from": [] - } - } -} -``` - -> **Nota**: O webhook do WeCom Bot é atendido pelo Gateway compartilhado (padrão 127.0.0.1:18790). Use um proxy reverso/HTTPS ou túnel para expor o Gateway em produção. - -**Configuração Rápida - WeCom App:** - -**1. Criar um aplicativo** - -* Acesse o Console de Administração WeCom → Gerenciamento de Aplicativos → Criar Aplicativo -* Copie o **AgentId** e o **Secret** -* Acesse a página "Minha Empresa", copie o **CorpID** - -**2. Configurar recebimento de mensagens** - -* Nos detalhes do aplicativo, clique em "Receber Mensagens" → "Configurar API" -* Defina a URL como `http://your-server:18790/webhook/wecom-app` -* Gere o **Token** e o **EncodingAESKey** - -**3. Configurar** - -```json -{ - "channels": { - "wecom_app": { - "enabled": true, - "corp_id": "wwxxxxxxxxxxxxxxxx", - "corp_secret": "YOUR_CORP_SECRET", - "agent_id": 1000002, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_ENCODING_AES_KEY", - "webhook_path": "/webhook/wecom-app", - "allow_from": [] - } - } -} -``` - -**4. Executar** - -```bash -picoclaw gateway -``` - -> **Nota**: O WeCom App (callbacks de webhook) é servido pelo Gateway compartilhado (padrão 127.0.0.1:18790). Em produção use um proxy reverso HTTPS para expor a porta do Gateway, ou atualize `PICOCLAW_GATEWAY_HOST` para `0.0.0.0` se necessário. - -**Configuração Rápida - WeCom AI Bot:** - -**1. Criar um AI Bot** - -* Acesse o Console de Administração WeCom → Gerenciamento de Aplicativos → AI Bot -* Configure a URL de callback: `http://your-server:18791/webhook/wecom-aibot` -* Copie o **Token** e gere o **EncodingAESKey** - -**2. Configurar** - -```json -{ - "channels": { - "wecom_aibot": { - "enabled": true, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", - "webhook_path": "/webhook/wecom-aibot", - "allow_from": [], - "welcome_message": "Olá! Como posso ajudá-lo?" - } - } -} -``` - -**3. Executar** - -```bash -picoclaw gateway -``` - -> **Nota**: O WeCom AI Bot usa protocolo de pull em streaming — sem preocupações com timeout de resposta. Tarefas longas (>5,5 min) alternam automaticamente para entrega via `response_url`. - -
- -## ClawdChat Junte-se a Rede Social de Agentes - -Conecte o PicoClaw a Rede Social de Agentes simplesmente enviando uma única mensagem via CLI ou qualquer App de Chat integrado. +Conecte o PicoClaw à Rede Social de Agentes simplesmente enviando uma única mensagem via CLI ou qualquer App de Chat integrado. **Leia `https://clawdchat.ai/skill.md` e siga as instruções para entrar no [ClawdChat.ai](https://clawdchat.ai)** -## ⚙️ Configuração Detalhada - -Arquivo de configuração: `~/.picoclaw/config.json` - -### Variáveis de Ambiente - -Você pode substituir os caminhos padrão usando variáveis de ambiente. Isso é útil para instalações portáteis, implantações em contêineres ou para executar o picoclaw como um serviço do sistema. Essas variáveis são independentes e controlam caminhos diferentes. - -| Variável | Descrição | Caminho Padrão | -|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| `PICOCLAW_CONFIG` | Substitui o caminho para o arquivo de configuração. Isso informa diretamente ao picoclaw qual `config.json` carregar, ignorando todos os outros locais. | `~/.picoclaw/config.json` | -| `PICOCLAW_HOME` | Substitui o diretório raiz dos dados do picoclaw. Isso altera o local padrão do `workspace` e de outros diretórios de dados. | `~/.picoclaw` | - -**Exemplos:** - -```bash -# Executar o picoclaw usando um arquivo de configuração específico -# O caminho do workspace será lido de dentro desse arquivo de configuração -PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway - -# Executar o picoclaw com todos os seus dados armazenados em /opt/picoclaw -# A configuração será carregada do ~/.picoclaw/config.json padrão -# O workspace será criado em /opt/picoclaw/workspace -PICOCLAW_HOME=/opt/picoclaw picoclaw agent - -# Use ambos para uma configuração totalmente personalizada -PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway -``` - -### Estrutura do Workspace - -O PicoClaw armazena dados no workspace configurado (padrão: `~/.picoclaw/workspace`): - -``` -~/.picoclaw/workspace/ -├── sessions/ # Sessoes de conversa e historico -├── memory/ # Memoria de longo prazo (MEMORY.md) -├── state/ # Estado persistente (ultimo canal, etc.) -├── cron/ # Banco de dados de tarefas agendadas -├── skills/ # Skills personalizadas -├── AGENTS.md # Guia de comportamento do Agente -├── HEARTBEAT.md # Prompts de tarefas periodicas (verificado a cada 30 min) -├── IDENTITY.md # Identidade do Agente -├── SOUL.md # Alma do Agente -└── USER.md # Preferencias do usuario -``` - -### 🔒 Sandbox de Segurança - -O PicoClaw roda em um ambiente sandbox por padrão. O agente so pode acessar arquivos e executar comandos dentro do workspace configurado. - -#### Configuração Padrão - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "restrict_to_workspace": true - } - } -} -``` - -| Opção | Padrão | Descrição | -|-------|--------|-----------| -| `workspace` | `~/.picoclaw/workspace` | Diretório de trabalho do agente | -| `restrict_to_workspace` | `true` | Restringir acesso de arquivos/comandos ao workspace | - -#### Ferramentas Protegidas - -Quando `restrict_to_workspace: true`, as seguintes ferramentas são restritas ao sandbox: - -| Ferramenta | Função | Restrição | -|------------|--------|-----------| -| `read_file` | Ler arquivos | Apenas arquivos dentro do workspace | -| `write_file` | Escrever arquivos | Apenas arquivos dentro do workspace | -| `list_dir` | Listar diretorios | Apenas diretorios dentro do workspace | -| `edit_file` | Editar arquivos | Apenas arquivos dentro do workspace | -| `append_file` | Adicionar a arquivos | Apenas arquivos dentro do workspace | -| `exec` | Executar comandos | Caminhos dos comandos devem estar dentro do workspace | - -#### Proteção Adicional do Exec - -Mesmo com `restrict_to_workspace: false`, a ferramenta `exec` bloqueia estes comandos perigosos: - -* `rm -rf`, `del /f`, `rmdir /s` — Exclusão em massa -* `format`, `mkfs`, `diskpart` — Formatação de disco -* `dd if=` — Criação de imagem de disco -* Escrita em `/dev/sd[a-z]` — Escrita direta no disco -* `shutdown`, `reboot`, `poweroff` — Desligamento do sistema -* Fork bomb `:(){ :|:& };:` - -#### Exemplos de Erro - -``` -[ERROR] tool: Tool execution failed -{tool=exec, error=Command blocked by safety guard (path outside working dir)} -``` - -``` -[ERROR] tool: Tool execution failed -{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} -``` - -#### Desabilitar Restrições (Risco de Segurança) - -Se você precisa que o agente acesse caminhos fora do workspace: - -**Método 1: Arquivo de configuração** - -```json -{ - "agents": { - "defaults": { - "restrict_to_workspace": false - } - } -} -``` - -**Método 2: Variável de ambiente** - -```bash -export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false -``` - -> ⚠️ **Aviso**: Desabilitar esta restrição permite que o agente acesse qualquer caminho no seu sistema. Use com cuidado apenas em ambientes controlados. - -#### Consistência do Limite de Segurança - -A configuração `restrict_to_workspace` se aplica consistentemente em todos os caminhos de execução: - -| Caminho de Execução | Limite de Segurança | -|----------------------|---------------------| -| Agente Principal | `restrict_to_workspace` ✅ | -| Subagente / Spawn | Herda a mesma restrição ✅ | -| Tarefas Heartbeat | Herda a mesma restrição ✅ | - -Todos os caminhos compartilham a mesma restrição de workspace — nao há como contornar o limite de segurança por meio de subagentes ou tarefas agendadas. - -### Heartbeat (Tarefas Periódicas) - -O PicoClaw pode executar tarefas periódicas automaticamente. Crie um arquivo `HEARTBEAT.md` no seu workspace: - -```markdown -# Tarefas Periodicas - -- Verificar meu email para mensagens importantes -- Revisar minha agenda para proximos eventos -- Verificar a previsao do tempo -``` - -O agente lerá este arquivo a cada 30 minutos (configurável) e executará as tarefas usando as ferramentas disponíveis. - -#### Tarefas Assincronas com Spawn - -Para tarefas de longa duração (busca web, chamadas de API), use a ferramenta `spawn` para criar um **subagente**: - -```markdown -# Tarefas Periódicas - -## Tarefas Rápidas (resposta direta) -- Informar hora atual - -## Tarefas Longas (usar spawn para async) -- Buscar notícias de IA na web e resumir -- Verificar email e reportar mensagens importantes -``` - -**Comportamentos principais:** - -| Funcionalidade | Descrição | -|----------------|-----------| -| **spawn** | Cria subagente assíncrono, não bloqueia o heartbeat | -| **Contexto independente** | Subagente tem seu próprio contexto, sem histórico de sessão | -| **Ferramenta message** | Subagente se comunica diretamente com o usuário via ferramenta message | -| **Não-bloqueante** | Após o spawn, o heartbeat continua para a próxima tarefa | - -#### Como Funciona a Comunicação do Subagente - -``` -Heartbeat dispara - ↓ -Agente lê HEARTBEAT.md - ↓ -Para tarefa longa: spawn subagente - ↓ ↓ -Continua próxima tarefa Subagente trabalha independentemente - ↓ ↓ -Todas tarefas concluídas Subagente usa ferramenta "message" - ↓ ↓ -Responde HEARTBEAT_OK Usuário recebe resultado diretamente -``` - -O subagente tem acesso às ferramentas (message, web_search, etc.) e pode se comunicar com o usuário independentemente sem passar pelo agente principal. - -**Configuração:** - -```json -{ - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -| Opção | Padrão | Descrição | -|-------|--------|-----------| -| `enabled` | `true` | Habilitar/desabilitar heartbeat | -| `interval` | `30` | Intervalo de verificação em minutos (min: 5) | - -**Variáveis de ambiente:** - -* `PICOCLAW_HEARTBEAT_ENABLED=false` para desabilitar -* `PICOCLAW_HEARTBEAT_INTERVAL=60` para alterar o intervalo - -### Provedores - -> [!NOTE] -> O Groq fornece transcrição de voz gratuita via Whisper. Se configurado, mensagens de áudio de qualquer canal serão automaticamente transcritas no nível do agente. - -| Provedor | Finalidade | Obter API Key | -| --- | --- | --- | -| `gemini` | LLM (Gemini direto) | [aistudio.google.com](https://aistudio.google.com) | -| `zhipu` | LLM (Zhipu direto) | [bigmodel.cn](bigmodel.cn) | -| `volcengine` | LLM(Volcengine direto) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| `openrouter` (Em teste) | LLM (recomendado, acesso a todos os modelos) | [openrouter.ai](https://openrouter.ai) | -| `anthropic` (Em teste) | LLM (Claude direto) | [console.anthropic.com](https://console.anthropic.com) | -| `openai` (Em teste) | LLM (GPT direto) | [platform.openai.com](https://platform.openai.com) | -| `deepseek` (Em teste) | LLM (DeepSeek direto) | [platform.deepseek.com](https://platform.deepseek.com) | -| `qwen` | Alibaba Qwen | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) | -| `cerebras` | Cerebras | [cerebras.ai](https://cerebras.ai) | -| `groq` | LLM + **Transcrição de voz** (Whisper) | [console.groq.com](https://console.groq.com) | - -
-Configuração Zhipu - -**1. Obter API key** - -* Obtenha a [API key](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) - -**2. Configurar** - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "model": "glm-4.7", - "max_tokens": 8192, - "temperature": 0.7, - "max_tool_iterations": 20 - } - }, - "providers": { - "zhipu": { - "api_key": "Sua API Key", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - } -} -``` - -**3. Executar** - -```bash -picoclaw agent -m "Ola, como vai?" -``` - -
- -
-Exemplo de configuraçao completa - -```json -{ - "agents": { - "defaults": { - "model": "anthropic/claude-opus-4-5" - } - }, - "providers": { - "openrouter": { - "api_key": "sk-or-v1-xxx" - }, - "groq": { - "api_key": "gsk_xxx" - } - }, - "channels": { - "telegram": { - "enabled": true, - "token": "123456:ABC...", - "allow_from": ["123456789"] - }, - "discord": { - "enabled": true, - "token": "", - "allow_from": [""] - }, - "whatsapp": { - "enabled": false - }, - "feishu": { - "enabled": false, - "app_id": "cli_xxx", - "app_secret": "xxx", - "encrypt_key": "", - "verification_token": "", - "allow_from": [] - }, - "qq": { - "enabled": false, - "app_id": "", - "app_secret": "", - "allow_from": [] - } - }, - "tools": { - "web": { - "brave": { - "enabled": false, - "api_key": "BSA...", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - }, - "cron": { - "exec_timeout_minutes": 5 - } - }, - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -
- -### Configuração de Modelo (model_list) - -> **Novidade!** PicoClaw agora usa uma abordagem de configuração **centrada no modelo**. Basta especificar o formato `fornecedor/modelo` (ex: `zhipu/glm-4.7`) para adicionar novos provedores—**nenhuma alteração de código necessária!** - -Este design também possibilita o **suporte multi-agent** com seleção flexível de provedores: - -- **Diferentes agentes, diferentes provedores** : Cada agente pode usar seu próprio provedor LLM -- **Modelos de fallback** : Configure modelos primários e de reserva para resiliência -- **Balanceamento de carga** : Distribua solicitações entre múltiplos endpoints -- **Configuração centralizada** : Gerencie todos os provedores em um só lugar - -#### 📋 Todos os Fornecedores Suportados - -| Fornecedor | Prefixo `model` | API Base Padrão | Protocolo | Chave API | -|-------------|-----------------|------------------|----------|-----------| -| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Obter Chave](https://platform.openai.com) | -| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Obter Chave](https://console.anthropic.com) | -| **Zhipu AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Obter Chave](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | -| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Obter Chave](https://platform.deepseek.com) | -| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Obter Chave](https://aistudio.google.com/api-keys) | -| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Obter Chave](https://console.groq.com) | -| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [Obter Chave](https://platform.moonshot.cn) | -| **Qwen (Alibaba)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Obter Chave](https://dashscope.console.aliyun.com) | -| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [Obter Chave](https://build.nvidia.com) | -| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (sem chave necessária) | -| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Obter Chave](https://openrouter.ai/keys) | -| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | Local | -| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [Obter Chave](https://cerebras.ai) | -| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Obter Chave](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| **ShengsuanYun** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | -| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [Obter Chave](https://www.byteplus.com) | -| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [Obter Chave](https://longcat.chat/platform) | -| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [Obter Token](https://modelscope.cn/my/tokens) | -| **Azure OpenAI** | `azure/` | `https://{resource}.openai.azure.com` | Azure | [Obter Chave](https://portal.azure.com) | -| **Antigravity** | `antigravity/` | Google Cloud | Custom | Apenas OAuth | -| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | - -#### Configuração Básica - -```json -{ - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-your-openai-key" - }, - { - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "api_key": "sk-ant-your-key" - }, - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-zhipu-key" - } - ], - "agents": { - "defaults": { - "model": "gpt-5.4" - } - } -} -``` - -#### Exemplos por Fornecedor - -**OpenAI** -```json -{ - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-..." -} -``` - -**VolcEngine (Doubao)** -```json -{ - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-..." -} -``` - -**Zhipu AI (GLM)** -```json -{ - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" -} -``` - -**Anthropic (com OAuth)** -```json -{ - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "auth_method": "oauth" -} -``` -> Execute `picoclaw auth login --provider anthropic` para configurar credenciais OAuth. - -**Proxy/API personalizada** -```json -{ - "model_name": "my-custom-model", - "model": "openai/custom-model", - "api_base": "https://my-proxy.com/v1", - "api_key": "sk-...", - "request_timeout": 300 -} -``` - -#### Balanceamento de Carga - -Configure vários endpoints para o mesmo nome de modelo—PicoClaw fará round-robin automaticamente entre eles: - -```json -{ - "model_list": [ - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api1.example.com/v1", - "api_key": "sk-key1" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api2.example.com/v1", - "api_key": "sk-key2" - } - ] -} -``` - -#### Migração da Configuração Legada `providers` - -A configuração antiga `providers` está **descontinuada** mas ainda é suportada para compatibilidade reversa. - -**Configuração Antiga (descontinuada):** -```json -{ - "providers": { - "zhipu": { - "api_key": "your-key", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - }, - "agents": { - "defaults": { - "provider": "zhipu", - "model": "glm-4.7" - } - } -} -``` - -**Nova Configuração (recomendada):** -```json -{ - "model_list": [ - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" - } - ], - "agents": { - "defaults": { - "model": "glm-4.7" - } - } -} -``` - -Para o guia de migração detalhado, consulte [docs/migration/model-list-migration.md](docs/migration/model-list-migration.md). - -## Referência CLI - -| Comando | Descrição | -| --- | --- | -| `picoclaw onboard` | Inicializar configuração & workspace | -| `picoclaw agent -m "..."` | Conversar com o agente | -| `picoclaw agent` | Modo de chat interativo | -| `picoclaw gateway` | Iniciar o gateway (para bots de chat) | -| `picoclaw status` | Mostrar status | -| `picoclaw cron list` | Listar todas as tarefas agendadas | -| `picoclaw cron add ...` | Adicionar uma tarefa agendada | +## 🖥️ Referência CLI + +| Comando | Descrição | +| ------------------------- | ----------------------------- | +| `picoclaw onboard` | Inicializar configuração & workspace | +| `picoclaw agent -m "..."` | Conversar com o agente | +| `picoclaw agent` | Modo de chat interativo | +| `picoclaw gateway` | Iniciar o gateway | +| `picoclaw status` | Mostrar status | +| `picoclaw version` | Mostrar informações de versão | +| `picoclaw cron list` | Listar todas as tarefas agendadas | +| `picoclaw cron add ...` | Adicionar uma tarefa agendada | +| `picoclaw cron disable` | Desabilitar uma tarefa agendada | +| `picoclaw cron remove` | Remover uma tarefa agendada | +| `picoclaw skills list` | Listar skills instaladas | +| `picoclaw skills install` | Instalar uma skill | +| `picoclaw migrate` | Migrar dados de versões anteriores | +| `picoclaw auth login` | Autenticar com provedores | ### Tarefas Agendadas / Lembretes O PicoClaw suporta lembretes agendados e tarefas recorrentes por meio da ferramenta `cron`: -* **Lembretes únicos**: "Remind me in 10 minutes" (Me lembre em 10 minutos) → dispara uma vez após 10min -* **Tarefas recorrentes**: "Remind me every 2 hours" (Me lembre a cada 2 horas) → dispara a cada 2 horas -* **Expressões Cron**: "Remind me at 9am daily" (Me lembre às 9h todos os dias) → usa expressão cron - -As tarefas são armazenadas em `~/.picoclaw/workspace/cron/` e processadas automaticamente. +* **Lembretes únicos**: "Me lembre em 10 minutos" → dispara uma vez após 10min +* **Tarefas recorrentes**: "Me lembre a cada 2 horas" → dispara a cada 2 horas +* **Expressões Cron**: "Me lembre às 9h todos os dias" → usa expressão cron ## 🤝 Contribuir & Roadmap PRs são bem-vindos! O código-fonte é intencionalmente pequeno e legível. 🤗 -Roadmap em breve... +Veja nosso [Roadmap da Comunidade](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md) completo. -Grupo de desenvolvedores em formação. Requisito de entrada: Pelo menos 1 PR com merge. +Grupo de desenvolvedores em formação. Junte-se após seu primeiro PR com merge! Grupos de usuários: -Discord: +discord: PicoClaw - -## 🐛 Solução de Problemas - -### Busca web mostra "API 配置问题" - -Isso é normal se você ainda não configurou uma API key de busca. O PicoClaw fornecerá links úteis para busca manual. - -Para habilitar a busca web: - -1. **Opção 1 (Recomendado)**: Obtenha uma API key gratuita em [https://brave.com/search/api](https://brave.com/search/api) (2000 consultas grátis/mês) para os melhores resultados. -2. **Opção 2 (Sem Cartão de Crédito)**: Se você não tem uma key, o sistema automaticamente usa o **DuckDuckGo** como fallback (sem necessidade de key). - -Adicione a key em `~/.picoclaw/config.json` se usar o Brave: - -```json -{ - "tools": { - "web": { - "brave": { - "enabled": false, - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - } - } -} -``` - -### Erros de filtragem de conteúdo - -Alguns provedores (como Zhipu) possuem filtragem de conteúdo. Tente reformular sua pergunta ou use um modelo diferente. - -### Bot do Telegram diz "Conflict: terminated by other getUpdates" - -Isso acontece quando outra instância do bot está em execução. Certifique-se de que apenas um `picoclaw gateway` esteja rodando por vez. - ---- - -## 📝 Comparação de API Keys - -| Serviço | Plano Gratuito | Caso de Uso | -| --- | --- | --- | -| **OpenRouter** | 200K tokens/mês | Múltiplos modelos (Claude, GPT-4, etc.) | -| **Volcengine CodingPlan** | ¥9,9/primeiro mês | Ideal para usuários chineses, múltiplos modelos SOTA (Doubao, DeepSeek, etc.) | -| **Zhipu** | 200K tokens/mês | Adequado para usuários chineses | -| **Brave Search** | 2000 consultas/mês | Funcionalidade de busca web | -| **Groq** | Plano gratuito disponível | Inferência ultra-rápida (Llama, Mixtral) | -| **Cerebras** | Plano gratuito disponível | Inferência ultra-rápida (Llama 3.3 70B) | -| **ModelScope** | 2000 requisições/dia | Inferência gratuita (Qwen, GLM, DeepSeek, etc.) | - ---- - -
- PicoClaw Meme -
diff --git a/README.vi.md b/README.vi.md index da77d0bf5..3832890ed 100644 --- a/README.vi.md +++ b/README.vi.md @@ -1,12 +1,12 @@
-PicoClaw + PicoClaw -

PicoClaw: Trợ lý AI Siêu Nhẹ viết bằng Go

+

PicoClaw: Trợ lý AI Siêu Nhẹ viết bằng Go

-

Phần cứng $10 · RAM 10MB · Khởi động 1 giây · Nào, xuất phát!

+

Phần cứng $10 · <10MB RAM · Khởi động <1 giây · Nào, xuất phát!

- Go - Hardware + Go + Hardware License
Website @@ -19,66 +19,87 @@

[中文](README.zh.md) | [日本語](README.ja.md) | [Português](README.pt-br.md) | **Tiếng Việt** | [Français](README.fr.md) | [English](README.md) +
--- > **PicoClaw** là dự án mã nguồn mở độc lập được khởi xướng bởi [Sipeed](https://sipeed.com). Được viết hoàn toàn bằng **Go** — không phải là bản fork của OpenClaw, NanoBot hay bất kỳ dự án nào khác. -🦐 **PicoClaw** là trợ lý AI cá nhân siêu nhẹ, lấy cảm hứng từ [NanoBot](https://github.com/HKUDS/nanobot), được viết lại hoàn toàn bằng **Go** thông qua quá trình "tự khởi tạo" (self-bootstrapping) — nơi chính AI Agent đã tự dẫn dắt toàn bộ quá trình chuyển đổi kiến trúc và tối ưu hóa mã nguồn. +🦐 PicoClaw là trợ lý AI cá nhân siêu nhẹ, lấy cảm hứng từ [NanoBot](https://github.com/HKUDS/nanobot), được viết lại hoàn toàn bằng Go thông qua quá trình "tự khởi tạo" (self-bootstrapping) — nơi chính AI Agent đã tự dẫn dắt toàn bộ quá trình chuyển đổi kiến trúc và tối ưu hóa mã nguồn. -⚡️ **Cực kỳ nhẹ:** Chạy trên phần cứng chỉ **$10** với RAM **<10MB**. Tiết kiệm 99% bộ nhớ so với OpenClaw và rẻ hơn 98% so với Mac mini! +⚡️ Chạy trên phần cứng chỉ $10 với RAM <10MB: Tiết kiệm 99% bộ nhớ so với OpenClaw và rẻ hơn 98% so với Mac mini! - - - - + + + +
-

- -

-		 -

- -

-
+

+ +

+ 		+

+ +

+
> [!CAUTION] > **🚨 TUYÊN BỐ BẢO MẬT & KÊNH CHÍNH THỨC** > > * **KHÔNG CÓ CRYPTO:** PicoClaw **KHÔNG** có bất kỳ token/coin chính thức nào. Mọi thông tin trên `pump.fun` hoặc các sàn giao dịch khác đều là **LỪA ĐẢO**. -> * **DOMAIN CHÍNH THỨC:** Website chính thức **DUY NHẤT** là **[picoclaw.io](https://picoclaw.io)**, website công ty là **[sipeed.com](https://sipeed.com)**. -> * **Cảnh báo:** Nhiều tên miền `.ai/.org/.com/.net/...` đã bị bên thứ ba đăng ký, không phải của chúng tôi. +> +> * **DOMAIN CHÍNH THỨC:** Website chính thức **DUY NHẤT** là **[picoclaw.io](https://picoclaw.io)**, website công ty là **[sipeed.com](https://sipeed.com)** +> * **Cảnh báo:** Nhiều tên miền `.ai/.org/.com/.net/...` đã bị bên thứ ba đăng ký. > * **Cảnh báo:** PicoClaw đang trong giai đoạn phát triển sớm và có thể còn các vấn đề bảo mật mạng chưa được giải quyết. Không nên triển khai lên môi trường production trước phiên bản v1.0. > * **Lưu ý:** PicoClaw gần đây đã merge nhiều PR, dẫn đến bộ nhớ sử dụng có thể lớn hơn (10–20MB) ở các phiên bản mới nhất. Chúng tôi sẽ ưu tiên tối ưu tài nguyên khi bộ tính năng đã ổn định. - ## 📢 Tin tức -2026-02-16 🎉 PicoClaw đạt 12K stars chỉ trong một tuần! Cảm ơn tất cả mọi người! PicoClaw đang phát triển nhanh hơn chúng tôi tưởng tượng. Do số lượng PR tăng cao, chúng tôi cấp thiết cần maintainer từ cộng đồng. Các vai trò tình nguyện viên và roadmap đã được công bố [tại đây](docs/ROADMAP.md) — rất mong đón nhận sự tham gia của bạn! +2026-03-17 🚀 **v0.2.3 Phát hành!** Giao diện khay hệ thống (Windows & Linux), theo dõi trạng thái sub-agent (`spawn_status`), hot-reload gateway thử nghiệm, cổng bảo mật cron và 2 bản vá bảo mật. PicoClaw đạt **25K ⭐**! -2026-02-13 🎉 PicoClaw đạt 5000 stars trong 4 ngày! Cảm ơn cộng đồng! Chúng tôi đang hoàn thiện **Lộ trình dự án (Roadmap)** và thiết lập **Nhóm phát triển** để đẩy nhanh tốc độ phát triển PicoClaw. -🚀 **Kêu gọi hành động:** Vui lòng gửi yêu cầu tính năng tại GitHub Discussions. Chúng tôi sẽ xem xét và ưu tiên trong cuộc họp hàng tuần. +2026-03-09 🎉 **v0.2.1 — Bản cập nhật lớn nhất!** Hỗ trợ giao thức MCP, 4 kênh mới (Matrix/IRC/WeCom/Discord Proxy), 3 nhà cung cấp mới (Kimi/Minimax/Avian), pipeline xử lý hình ảnh, bộ nhớ JSONL và định tuyến mô hình. -2026-02-09 🎉 PicoClaw chính thức ra mắt! Được xây dựng trong 1 ngày để mang AI Agent đến phần cứng $10 với RAM <10MB. 🦐 PicoClaw, Lên Đường! +2026-02-28 📦 **v0.2.0** phát hành với hỗ trợ Docker Compose và launcher Web UI. + +2026-02-26 🎉 PicoClaw đạt **20K stars** chỉ trong 17 ngày! Tự động điều phối kênh và giao diện năng lực đã được triển khai. + +
+Tin tức cũ hơn... + +2026-02-16 🎉 PicoClaw đạt 12K stars chỉ trong một tuần! Vai trò maintainer cộng đồng và [roadmap](ROADMAP.md) đã được công bố chính thức. + +2026-02-13 🎉 PicoClaw đạt 5000 stars trong 4 ngày! Lộ trình dự án và Nhóm phát triển đang được thiết lập. + +2026-02-09 🎉 **PicoClaw chính thức ra mắt!** Được xây dựng trong 1 ngày để mang AI Agent đến phần cứng $10 với RAM <10MB. 🦐 PicoClaw, Lên Đường! + +
## ✨ Tính năng nổi bật -🪶 **Siêu nhẹ**: Bộ nhớ sử dụng <10MB — nhỏ hơn 99% so với Clawdbot (chức năng cốt lõi). +🪶 **Siêu nhẹ**: Bộ nhớ sử dụng <10MB — nhỏ hơn 99% so với OpenClaw (chức năng cốt lõi).* 💰 **Chi phí tối thiểu**: Đủ hiệu quả để chạy trên phần cứng $10 — rẻ hơn 98% so với Mac mini. -⚡️ **Khởi động siêu nhanh**: Nhanh gấp 400 lần, khởi động trong 1 giây ngay cả trên CPU đơn nhân 0.6GHz. +⚡️ **Khởi động siêu nhanh**: Nhanh gấp 400 lần, khởi động trong <1 giây ngay cả trên CPU đơn nhân 0.6GHz. 🌍 **Di động thực sự**: Một file binary duy nhất chạy trên RISC-V, ARM, MIPS và x86. Một click là chạy! 🤖 **AI tự xây dựng**: Triển khai Go-native tự động — 95% mã nguồn cốt lõi được Agent tạo ra, với sự tinh chỉnh của con người. +🔌 **Hỗ trợ MCP**: Tích hợp [Model Context Protocol](https://modelcontextprotocol.io/) gốc — kết nối bất kỳ máy chủ MCP nào để mở rộng khả năng của agent. + +👁️ **Pipeline Xử lý Hình ảnh**: Gửi hình ảnh và tệp trực tiếp cho agent — tự động mã hóa base64 cho các LLM đa phương thức. + +🧠 **Định tuyến Thông minh**: Định tuyến mô hình dựa trên quy tắc — truy vấn đơn giản chuyển đến mô hình nhẹ, tiết kiệm chi phí API. + +_*Các phiên bản gần đây có thể sử dụng 10–20MB do merge tính năng nhanh chóng. Tối ưu tài nguyên đang được lên kế hoạch. So sánh thời gian khởi động dựa trên benchmark đơn nhân 0.8GHz (xem bảng bên dưới)._ + | | OpenClaw | NanoBot | **PicoClaw** | | ----------------------------- | ------------- | ------------------------ | ----------------------------------------- | | **Ngôn ngữ** | TypeScript | Python | **Go** | -| **RAM** | >1GB | >100MB | **< 10MB** | +| **RAM** | >1GB | >100MB | **< 10MB*** | | **Thời gian khởi động**
(CPU 0.8GHz) | >500s | >30s | **<1s** | | **Chi phí** | Mac Mini $599 | Hầu hết SBC Linux ~$50 | **Mọi bo mạch Linux**
**Chỉ từ $10** | @@ -89,32 +110,51 @@ ### 🛠️ Quy trình trợ lý tiêu chuẩn - - - - - - - - - - - - - - - + + + + + + + + + + + + + + +

🧩 Lập trình Full-Stack

🗂️ Quản lý Nhật ký & Kế hoạch

🔎 Tìm kiếm Web & Học hỏi

Phát triển • Triển khai • Mở rộngLên lịch • Tự động hóa • Ghi nhớKhám phá • Phân tích • Xu hướng

🧩 Lập trình Full-Stack

🗂️ Quản lý Nhật ký & Kế hoạch

🔎 Tìm kiếm Web & Học hỏi

Phát triển • Triển khai • Mở rộngLên lịch • Tự động hóa • Ghi nhớKhám phá • Phân tích • Xu hướng
+### 📱 Chạy trên điện thoại Android cũ + +Hãy cho chiếc điện thoại cũ một cuộc sống mới! Biến nó thành trợ lý AI thông minh với PicoClaw. Bắt đầu nhanh: + +1. **Cài đặt [Termux](https://github.com/termux/termux-app)** (Tải từ [GitHub Releases](https://github.com/termux/termux-app/releases), hoặc tìm trên F-Droid / Google Play). +2. **Chạy các lệnh** + +```bash +# Tải phiên bản mới nhất từ https://github.com/sipeed/picoclaw/releases +wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz +tar xzf picoclaw_Linux_arm64.tar.gz +pkg install proot +termux-chroot ./picoclaw onboard +``` + +Sau đó làm theo hướng dẫn trong phần "Bắt đầu nhanh" để hoàn tất cấu hình! + +PicoClaw + ### 🐜 Triển khai sáng tạo trên phần cứng tối thiểu PicoClaw có thể triển khai trên hầu hết mọi thiết bị Linux! -* $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) phiên bản E (Ethernet) hoặc W (WiFi6), dùng làm Trợ lý Gia đình tối giản. -* $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), hoặc $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html), dùng cho quản trị Server tự động. -* $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) hoặc $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera), dùng cho Giám sát thông minh. +- $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) phiên bản E(Ethernet) hoặc W(WiFi6), dùng làm Trợ lý Gia đình tối giản +- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), hoặc $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) dùng cho quản trị Server tự động +- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) hoặc $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) dùng cho Giám sát thông minh -https://private-user-images.githubusercontent.com/83055338/547056448-e7b031ff-d6f5-4468-bcca-5726b6fecb5c.mp4 + 🌟 Nhiều hình thức triển khai hơn đang chờ bạn khám phá! @@ -122,7 +162,7 @@ https://private-user-images.githubusercontent.com/83055338/547056448-e7b031ff-d6 ### Cài đặt bằng binary biên dịch sẵn -Tải file binary cho nền tảng của bạn từ [trang Release](https://github.com/sipeed/picoclaw/releases). +Tải file binary cho nền tảng của bạn từ [trang Releases](https://github.com/sipeed/picoclaw/releases). ### Cài đặt từ mã nguồn (có tính năng mới nhất, khuyên dùng cho phát triển) @@ -138,444 +178,28 @@ make build # Build cho nhiều nền tảng make build-all +# Build cho Raspberry Pi Zero 2 W (32-bit: make build-linux-arm; 64-bit: make build-linux-arm64) +make build-pi-zero + # Build và cài đặt make install ``` -## 🐳 Docker Compose +**Raspberry Pi Zero 2 W:** Sử dụng binary phù hợp với hệ điều hành: Raspberry Pi OS 32-bit → `make build-linux-arm`; 64-bit → `make build-linux-arm64`. Hoặc chạy `make build-pi-zero` để build cả hai. -Bạn cũng có thể chạy PicoClaw bằng Docker Compose mà không cần cài đặt gì trên máy. +## 📚 Tài liệu -```bash -# 1. Clone repo -git clone https://github.com/sipeed/picoclaw.git -cd picoclaw +Để xem hướng dẫn chi tiết, tham khảo tài liệu bên dưới. README này chỉ bao gồm phần bắt đầu nhanh. -# 2. Lần chạy đầu tiên — tự tạo docker/data/config.json rồi dừng lại -docker compose -f docker/docker-compose.yml --profile gateway up -# Container hiển thị "First-run setup complete." rồi tự dừng. - -# 3. Thiết lập API Key -vim docker/data/config.json # API key của provider, bot token, v.v. - -# 4. Khởi động -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -> [!TIP] -> **Người dùng Docker**: Theo mặc định, Gateway lắng nghe trên `127.0.0.1`, không thể truy cập từ máy chủ. Nếu bạn cần truy cập các endpoint kiểm tra sức khỏe hoặc mở cổng, hãy đặt `PICOCLAW_GATEWAY_HOST=0.0.0.0` trong môi trường của bạn hoặc cập nhật `config.json`. - -```bash -# 5. Xem logs -docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway - -# 6. Dừng -docker compose -f docker/docker-compose.yml --profile gateway down -``` - -### Chế độ Agent (chạy một lần) - -```bash -# Đặt câu hỏi -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "2+2 bằng mấy?" - -# Chế độ tương tác -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -``` - -### Cập nhật - -```bash -docker compose -f docker/docker-compose.yml pull -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -### 🚀 Bắt đầu nhanh - -> [!TIP] -> Thiết lập API key trong `~/.picoclaw/config.json`. Lấy API key: [Volcengine (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM). Tìm kiếm web là **tùy chọn** — lấy [Tavily API](https://tavily.com) miễn phí (1000 truy vấn/tháng) hoặc [Brave Search API](https://brave.com/search/api) (2000 truy vấn/tháng). - -**1. Khởi tạo** - -```bash -picoclaw onboard -``` - -**2. Cấu hình** (`~/.picoclaw/config.json`) - -```json -{ - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key", - "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-your-openai-key", - "request_timeout": 300, - "api_base": "https://api.openai.com/v1" - } - ], - "agents": { - "defaults": { - "model_name": "gpt4" - } - }, - "channels": { - "telegram": { - "enabled": true, - "token": "YOUR_TELEGRAM_BOT_TOKEN", - "allow_from": [] - } - } -} -``` - -> **Mới**: Định dạng cấu hình `model_list` cho phép thêm nhà cung cấp mà không cần thay đổi mã nguồn. Xem [Cấu hình Mô hình](#cấu-hình-mô-hình-model_list) để biết chi tiết. -> `request_timeout` là tùy chọn và dùng đơn vị giây. Nếu bỏ qua hoặc đặt `<= 0`, PicoClaw sẽ dùng timeout mặc định (120s). - -**3. Lấy API Key** - -* **Nhà cung cấp LLM**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) -* **Tìm kiếm Web** (tùy chọn): [Brave Search](https://brave.com/search/api) — Có gói miễn phí (2000 truy vấn/tháng) - -> **Lưu ý**: Xem `config.example.json` để có mẫu cấu hình đầy đủ. - -**4. Trò chuyện** - -```bash -picoclaw agent -m "Xin chào, bạn là ai?" -``` - -Vậy là xong! Bạn đã có một trợ lý AI hoạt động chỉ trong 2 phút. - ---- - -## 💬 Tích hợp ứng dụng Chat - -Trò chuyện với PicoClaw qua Telegram, Discord, DingTalk, LINE hoặc WeCom. - -| Kênh | Mức độ thiết lập | -| --- | --- | -| **Telegram** | Dễ (chỉ cần token) | -| **Discord** | Dễ (bot token + intents) | -| **QQ** | Dễ (AppID + AppSecret) | -| **DingTalk** | Trung bình (app credentials) | -| **LINE** | Trung bình (credentials + webhook URL) | -| **WeCom AI Bot** | Trung bình (Token + khóa AES) | - -
-Telegram (Khuyên dùng) - -**1. Tạo bot** - -* Mở Telegram, tìm `@BotFather` -* Gửi `/newbot`, làm theo hướng dẫn -* Sao chép token - -**2. Cấu hình** - -```json -{ - "channels": { - "telegram": { - "enabled": true, - "token": "YOUR_BOT_TOKEN", - "allow_from": ["YOUR_USER_ID"] - } - } -} -``` - -> Lấy User ID từ `@userinfobot` trên Telegram. - -**3. Chạy** - -```bash -picoclaw gateway -``` - -
- -
-Discord - -**1. Tạo bot** - -* Truy cập -* Create an application → Bot → Add Bot -* Sao chép bot token - -**2. Bật Intents** - -* Trong phần Bot settings, bật **MESSAGE CONTENT INTENT** -* (Tùy chọn) Bật **SERVER MEMBERS INTENT** nếu muốn dùng danh sách cho phép theo thông tin thành viên - -**3. Lấy User ID** - -* Discord Settings → Advanced → bật **Developer Mode** -* Click chuột phải vào avatar → **Copy User ID** - -**4. Cấu hình** - -```json -{ - "channels": { - "discord": { - "enabled": true, - "token": "YOUR_BOT_TOKEN", - "allow_from": ["YOUR_USER_ID"] - } - } -} -``` - -**5. Mời bot vào server** - -* OAuth2 → URL Generator -* Scopes: `bot` -* Bot Permissions: `Send Messages`, `Read Message History` -* Mở URL mời được tạo và thêm bot vào server của bạn - -**6. Chạy** - -```bash -picoclaw gateway -``` - -
- -
-QQ - -**1. Tạo bot** - -* Truy cập [QQ Open Platform](https://q.qq.com/#) -* Tạo ứng dụng → Lấy **AppID** và **AppSecret** - -**2. Cấu hình** - -```json -{ - "channels": { - "qq": { - "enabled": true, - "app_id": "YOUR_APP_ID", - "app_secret": "YOUR_APP_SECRET", - "allow_from": [] - } - } -} -``` - -> Để `allow_from` trống để cho phép tất cả người dùng, hoặc chỉ định số QQ để giới hạn quyền truy cập. - -**3. Chạy** - -```bash -picoclaw gateway -``` - -
- -
-DingTalk - -**1. Tạo bot** - -* Truy cập [Open Platform](https://open.dingtalk.com/) -* Tạo ứng dụng nội bộ -* Sao chép Client ID và Client Secret - -**2. Cấu hình** - -```json -{ - "channels": { - "dingtalk": { - "enabled": true, - "client_id": "YOUR_CLIENT_ID", - "client_secret": "YOUR_CLIENT_SECRET", - "allow_from": [] - } - } -} -``` - -> Để `allow_from` trống để cho phép tất cả người dùng, hoặc chỉ định ID để giới hạn quyền truy cập. - -**3. Chạy** - -```bash -picoclaw gateway -``` - -
- -
-LINE - -**1. Tạo tài khoản LINE Official** - -- Truy cập [LINE Developers Console](https://developers.line.biz/) -- Tạo provider → Tạo Messaging API channel -- Sao chép **Channel Secret** và **Channel Access Token** - -**2. Cấu hình** - -```json -{ - "channels": { - "line": { - "enabled": true, - "channel_secret": "YOUR_CHANNEL_SECRET", - "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN", - "webhook_path": "/webhook/line", - "allow_from": [] - } - } -} -``` - -**3. Thiết lập Webhook URL** - -LINE yêu cầu HTTPS cho webhook. Sử dụng reverse proxy hoặc tunnel: - -```bash -# Ví dụ với ngrok -ngrok http 18790 -``` - -Sau đó cài đặt Webhook URL trong LINE Developers Console thành `https://your-domain/webhook/line` và bật **Use webhook**. - -**4. Chạy** - -```bash -picoclaw gateway -``` - -> Trong nhóm chat, bot chỉ phản hồi khi được @mention. Các câu trả lời sẽ trích dẫn tin nhắn gốc. - -> **Docker Compose**: Nếu bạn cần mở port webhook cục bộ, hãy thêm một rule chuyển tiếp từ port Gateway (mặc định 18790) tới host. Lưu ý: LINE webhook được phục vụ bởi Gateway HTTP chung (mặc định 127.0.0.1:18790). - -
- -
-WeCom (WeChat Work) - -PicoClaw hỗ trợ ba loại tích hợp WeCom: - -**Tùy chọn 1: WeCom Bot (Robot)** - Thiết lập dễ dàng hơn, hỗ trợ chat nhóm -**Tùy chọn 2: WeCom App (Ứng dụng Tùy chỉnh)** - Nhiều tính năng hơn, nhắn tin chủ động, chỉ chat riêng tư -**Tùy chọn 3: WeCom AI Bot (Bot Thông Minh)** - Bot AI chính thức, phản hồi streaming, hỗ trợ nhóm và riêng tư - -Xem [Hướng dẫn Cấu hình WeCom AI Bot](docs/channels/wecom/wecom_aibot/README.zh.md) để biết hướng dẫn chi tiết. - -**Thiết lập Nhanh - WeCom Bot:** - -**1. Tạo bot** - -* Truy cập Bảng điều khiển Quản trị WeCom → Chat Nhóm → Thêm Bot Nhóm -* Sao chép URL webhook (định dạng: `https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) - -**2. Cấu hình** - -```json -{ - "channels": { - "wecom": { - "enabled": true, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_ENCODING_AES_KEY", - "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", - "webhook_path": "/webhook/wecom", - "allow_from": [] - } - } -} -``` - -> **Lưu ý:** Các endpoint webhook của WeCom Bot được phục vụ bởi máy chủ Gateway HTTP dùng chung (mặc định 127.0.0.1:18790). Nếu bạn cần truy cập từ bên ngoài, hãy cấu hình reverse proxy hoặc mở cổng Gateway tương ứng. - -**Thiết lập Nhanh - WeCom App:** - -**1. Tạo ứng dụng** - -* Truy cập Bảng điều khiển Quản trị WeCom → Quản lý Ứng dụng → Tạo Ứng dụng -* Sao chép **AgentId** và **Secret** -* Truy cập trang "Công ty của tôi", sao chép **CorpID** - -**2. Cấu hình nhận tin nhắn** - -* Trong chi tiết ứng dụng, nhấp vào "Nhận Tin nhắn" → "Thiết lập API" -* Đặt URL thành `http://your-server:18790/webhook/wecom-app` -* Tạo **Token** và **EncodingAESKey** - -**3. Cấu hình** - -```json -{ - "channels": { - "wecom_app": { - "enabled": true, - "corp_id": "wwxxxxxxxxxxxxxxxx", - "corp_secret": "YOUR_CORP_SECRET", - "agent_id": 1000002, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_ENCODING_AES_KEY", - "webhook_path": "/webhook/wecom-app", - "allow_from": [] - } - } -} -``` - -**4. Chạy** - -```bash -picoclaw gateway -``` - -> **Lưu ý**: WeCom App callback webhook được phục vụ bởi Gateway HTTP chung (mặc định 127.0.0.1:18790). Sử dụng proxy ngược để cung cấp HTTPS trong môi trường production nếu cần. - -**Thiết lập Nhanh - WeCom AI Bot:** - -**1. Tạo AI Bot** - -* Truy cập Bảng điều khiển Quản trị WeCom → Quản lý Ứng dụng → AI Bot -* Cấu hình URL callback: `http://your-server:18791/webhook/wecom-aibot` -* Sao chép **Token** và tạo **EncodingAESKey** - -**2. Cấu hình** - -```json -{ - "channels": { - "wecom_aibot": { - "enabled": true, - "token": "YOUR_TOKEN", - "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", - "webhook_path": "/webhook/wecom-aibot", - "allow_from": [], - "welcome_message": "Xin chào! Tôi có thể giúp gì cho bạn?" - } - } -} -``` - -**3. Chạy** - -```bash -picoclaw gateway -``` - -> **Lưu ý**: WeCom AI Bot sử dụng giao thức pull streaming — không lo timeout phản hồi. Tác vụ dài (>5,5 phút) tự động chuyển sang gửi qua `response_url`. - -
+| Chủ đề | Mô tả | +|--------|-------| +| 🐳 [Docker & Bắt đầu nhanh](docs/vi/docker.md) | Thiết lập Docker Compose, chế độ Launcher/Agent, cấu hình Bắt đầu nhanh | +| 💬 [Ứng dụng Chat](docs/vi/chat-apps.md) | Telegram, Discord, WhatsApp, Matrix, QQ, Slack, IRC, DingTalk, LINE, Feishu, WeCom và nhiều hơn | +| ⚙️ [Cấu hình](docs/vi/configuration.md) | Biến môi trường, cấu trúc workspace, nguồn skill, sandbox bảo mật, heartbeat | +| 🔌 [Nhà cung cấp & Mô hình](docs/vi/providers.md) | 20+ nhà cung cấp LLM, định tuyến mô hình, cấu hình model_list, kiến trúc nhà cung cấp | +| 🔄 [Spawn & Tác vụ bất đồng bộ](docs/vi/spawn-tasks.md) | Tác vụ nhanh, tác vụ dài với spawn, điều phối sub-agent bất đồng bộ | +| 🐛 [Xử lý sự cố](docs/vi/troubleshooting.md) | Các vấn đề thường gặp và giải pháp | +| 🔧 [Cấu hình Công cụ](docs/vi/tools_configuration.md) | Bật/tắt từng công cụ, chính sách thực thi | ## ClawdChat Tham gia Mạng xã hội Agent @@ -583,624 +207,43 @@ Kết nối PicoClaw với Mạng xã hội Agent chỉ bằng cách gửi một **Đọc `https://clawdchat.ai/skill.md` và làm theo hướng dẫn để tham gia [ClawdChat.ai](https://clawdchat.ai)** -## ⚙️ Cấu hình chi tiết - -File cấu hình: `~/.picoclaw/config.json` - -### Biến môi trường - -Bạn có thể ghi đè các đường dẫn mặc định bằng cách sử dụng các biến môi trường. Điều này hữu ích cho việc cài đặt di động, triển khai container hóa hoặc chạy picoclaw như một dịch vụ hệ thống. Các biến này độc lập và kiểm soát các đường dẫn khác nhau. - -| Biến | Mô tả | Đường dẫn mặc định | -|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| `PICOCLAW_CONFIG` | Ghi đè đường dẫn đến file cấu hình. Điều này trực tiếp yêu cầu picoclaw tải file `config.json` nào, bỏ qua tất cả các vị trí khác. | `~/.picoclaw/config.json` | -| `PICOCLAW_HOME` | Ghi đè thư mục gốc cho dữ liệu picoclaw. Điều này thay đổi vị trí mặc định của `workspace` và các thư mục dữ liệu khác. | `~/.picoclaw` | - -**Ví dụ:** - -```bash -# Chạy picoclaw bằng một file cấu hình cụ thể -# Đường dẫn workspace sẽ được đọc từ trong file cấu hình đó -PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway - -# Chạy picoclaw với tất cả dữ liệu được lưu trữ trong /opt/picoclaw -# Cấu hình sẽ được tải từ ~/.picoclaw/config.json mặc định -# Workspace sẽ được tạo tại /opt/picoclaw/workspace -PICOCLAW_HOME=/opt/picoclaw picoclaw agent - -# Sử dụng cả hai để có thiết lập tùy chỉnh hoàn toàn -PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway -``` - -### Cấu trúc Workspace - -PicoClaw lưu trữ dữ liệu trong workspace đã cấu hình (mặc định: `~/.picoclaw/workspace`): - -``` -~/.picoclaw/workspace/ -├── sessions/ # Phiên hội thoại và lịch sử -├── memory/ # Bộ nhớ dài hạn (MEMORY.md) -├── state/ # Trạng thái lưu trữ (kênh cuối cùng, v.v.) -├── cron/ # Cơ sở dữ liệu tác vụ định kỳ -├── skills/ # Kỹ năng tùy chỉnh -├── AGENTS.md # Hướng dẫn hành vi Agent -├── HEARTBEAT.md # Prompt tác vụ định kỳ (kiểm tra mỗi 30 phút) -├── IDENTITY.md # Danh tính Agent -├── SOUL.md # Tâm hồn/Tính cách Agent -└── USER.md # Tùy chọn người dùng -``` - -### 🔒 Hộp cát bảo mật (Security Sandbox) - -PicoClaw chạy trong môi trường sandbox theo mặc định. Agent chỉ có thể truy cập file và thực thi lệnh trong phạm vi workspace. - -#### Cấu hình mặc định - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "restrict_to_workspace": true - } - } -} -``` - -| Tùy chọn | Mặc định | Mô tả | -|----------|---------|-------| -| `workspace` | `~/.picoclaw/workspace` | Thư mục làm việc của agent | -| `restrict_to_workspace` | `true` | Giới hạn truy cập file/lệnh trong workspace | - -#### Công cụ được bảo vệ - -Khi `restrict_to_workspace: true`, các công cụ sau bị giới hạn trong sandbox: - -| Công cụ | Chức năng | Giới hạn | -|---------|----------|---------| -| `read_file` | Đọc file | Chỉ file trong workspace | -| `write_file` | Ghi file | Chỉ file trong workspace | -| `list_dir` | Liệt kê thư mục | Chỉ thư mục trong workspace | -| `edit_file` | Sửa file | Chỉ file trong workspace | -| `append_file` | Thêm vào file | Chỉ file trong workspace | -| `exec` | Thực thi lệnh | Đường dẫn lệnh phải trong workspace | - -#### Bảo vệ bổ sung cho Exec - -Ngay cả khi `restrict_to_workspace: false`, công cụ `exec` vẫn chặn các lệnh nguy hiểm sau: - -* `rm -rf`, `del /f`, `rmdir /s` — Xóa hàng loạt -* `format`, `mkfs`, `diskpart` — Định dạng ổ đĩa -* `dd if=` — Tạo ảnh đĩa -* Ghi vào `/dev/sd[a-z]` — Ghi trực tiếp lên đĩa -* `shutdown`, `reboot`, `poweroff` — Tắt/khởi động lại hệ thống -* Fork bomb `:(){ :|:& };:` - -#### Ví dụ lỗi - -``` -[ERROR] tool: Tool execution failed -{tool=exec, error=Command blocked by safety guard (path outside working dir)} -``` - -``` -[ERROR] tool: Tool execution failed -{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} -``` - -#### Tắt giới hạn (Rủi ro bảo mật) - -Nếu bạn cần agent truy cập đường dẫn ngoài workspace: - -**Cách 1: File cấu hình** - -```json -{ - "agents": { - "defaults": { - "restrict_to_workspace": false - } - } -} -``` - -**Cách 2: Biến môi trường** - -```bash -export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false -``` - -> ⚠️ **Cảnh báo**: Tắt giới hạn này cho phép agent truy cập mọi đường dẫn trên hệ thống. Chỉ sử dụng cẩn thận trong môi trường được kiểm soát. - -#### Tính nhất quán của ranh giới bảo mật - -Cài đặt `restrict_to_workspace` áp dụng nhất quán trên mọi đường thực thi: - -| Đường thực thi | Ranh giới bảo mật | -|----------------|-------------------| -| Agent chính | `restrict_to_workspace` ✅ | -| Subagent / Spawn | Kế thừa cùng giới hạn ✅ | -| Tác vụ Heartbeat | Kế thừa cùng giới hạn ✅ | - -Tất cả đường thực thi chia sẻ cùng giới hạn workspace — không có cách nào vượt qua ranh giới bảo mật thông qua subagent hoặc tác vụ định kỳ. - -### Heartbeat (Tác vụ định kỳ) - -PicoClaw có thể tự động thực hiện các tác vụ định kỳ. Tạo file `HEARTBEAT.md` trong workspace: - -```markdown -# Tác vụ định kỳ - -- Kiểm tra email xem có tin nhắn quan trọng không -- Xem lại lịch cho các sự kiện sắp tới -- Kiểm tra dự báo thời tiết -``` - -Agent sẽ đọc file này mỗi 30 phút (có thể cấu hình) và thực hiện các tác vụ bằng công cụ có sẵn. - -#### Tác vụ bất đồng bộ với Spawn - -Đối với các tác vụ chạy lâu (tìm kiếm web, gọi API), sử dụng công cụ `spawn` để tạo **subagent**: - -```markdown -# Tác vụ định kỳ - -## Tác vụ nhanh (trả lời trực tiếp) -- Báo cáo thời gian hiện tại - -## Tác vụ lâu (dùng spawn cho async) -- Tìm kiếm tin tức AI trên web và tóm tắt -- Kiểm tra email và báo cáo tin nhắn quan trọng -``` - -**Hành vi chính:** - -| Tính năng | Mô tả | -|-----------|-------| -| **spawn** | Tạo subagent bất đồng bộ, không chặn heartbeat | -| **Context độc lập** | Subagent có context riêng, không có lịch sử phiên | -| **message tool** | Subagent giao tiếp trực tiếp với người dùng qua công cụ message | -| **Không chặn** | Sau khi spawn, heartbeat tiếp tục tác vụ tiếp theo | - -#### Cách Subagent giao tiếp - -``` -Heartbeat kích hoạt - ↓ -Agent đọc HEARTBEAT.md - ↓ -Tác vụ lâu: spawn subagent - ↓ ↓ -Tiếp tục tác vụ tiếp theo Subagent làm việc độc lập - ↓ ↓ -Tất cả tác vụ hoàn thành Subagent dùng công cụ "message" - ↓ ↓ -Phản hồi HEARTBEAT_OK Người dùng nhận kết quả trực tiếp -``` - -Subagent có quyền truy cập các công cụ (message, web_search, v.v.) và có thể giao tiếp với người dùng một cách độc lập mà không cần thông qua agent chính. - -**Cấu hình:** - -```json -{ - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -| Tùy chọn | Mặc định | Mô tả | -|----------|---------|-------| -| `enabled` | `true` | Bật/tắt heartbeat | -| `interval` | `30` | Khoảng thời gian kiểm tra (phút, tối thiểu: 5) | - -**Biến môi trường:** - -* `PICOCLAW_HEARTBEAT_ENABLED=false` để tắt -* `PICOCLAW_HEARTBEAT_INTERVAL=60` để thay đổi khoảng thời gian - -### Nhà cung cấp (Providers) - -> [!NOTE] -> Groq cung cấp dịch vụ chuyển giọng nói thành văn bản miễn phí qua Whisper. Nếu đã cấu hình Groq, tin nhắn âm thanh từ bất kỳ kênh nào sẽ được tự động chuyển thành văn bản ở cấp độ agent. - -| Nhà cung cấp | Mục đích | Lấy API Key | -| --- | --- | --- | -| `gemini` | LLM (Gemini trực tiếp) | [aistudio.google.com](https://aistudio.google.com) | -| `zhipu` | LLM (Zhipu trực tiếp) | [bigmodel.cn](bigmodel.cn) | -| `volcengine` | LLM(Volcengine trực tiếp) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| `openrouter` (Đang thử nghiệm) | LLM (khuyên dùng, truy cập mọi model) | [openrouter.ai](https://openrouter.ai) | -| `anthropic` (Đang thử nghiệm) | LLM (Claude trực tiếp) | [console.anthropic.com](https://console.anthropic.com) | -| `openai` (Đang thử nghiệm) | LLM (GPT trực tiếp) | [platform.openai.com](https://platform.openai.com) | -| `deepseek` (Đang thử nghiệm) | LLM (DeepSeek trực tiếp) | [platform.deepseek.com](https://platform.deepseek.com) | -| `groq` | LLM + **Chuyển giọng nói** (Whisper) | [console.groq.com](https://console.groq.com) | -| `qwen` | LLM (Qwen trực tiếp) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) | -| `cerebras` | LLM (Cerebras trực tiếp) | [cerebras.ai](https://cerebras.ai) | - -
-Cấu hình Zhipu - -**1. Lấy API key** - -* Lấy [API key](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) - -**2. Cấu hình** - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "model": "glm-4.7", - "max_tokens": 8192, - "temperature": 0.7, - "max_tool_iterations": 20 - } - }, - "providers": { - "zhipu": { - "api_key": "Your API Key", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - } -} -``` - -**3. Chạy** - -```bash -picoclaw agent -m "Xin chào" -``` - -
- -
-Ví dụ cấu hình đầy đủ - -```json -{ - "agents": { - "defaults": { - "model": "anthropic/claude-opus-4-5" - } - }, - "providers": { - "openrouter": { - "api_key": "sk-or-v1-xxx" - }, - "groq": { - "api_key": "gsk_xxx" - } - }, - "channels": { - "telegram": { - "enabled": true, - "token": "123456:ABC...", - "allow_from": ["123456789"] - }, - "discord": { - "enabled": true, - "token": "", - "allow_from": [""] - }, - "whatsapp": { - "enabled": false - }, - "feishu": { - "enabled": false, - "app_id": "cli_xxx", - "app_secret": "xxx", - "encrypt_key": "", - "verification_token": "", - "allow_from": [] - }, - "qq": { - "enabled": false, - "app_id": "", - "app_secret": "", - "allow_from": [] - } - }, - "tools": { - "web": { - "brave": { - "enabled": false, - "api_key": "BSA...", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - } - }, - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -
- -### Cấu hình Mô hình (model_list) - -> **Tính năng mới!** PicoClaw hiện sử dụng phương pháp cấu hình **đặt mô hình vào trung tâm**. Chỉ cần chỉ định dạng `nhà cung cấp/mô hình` (ví dụ: `zhipu/glm-4.7`) để thêm nhà cung cấp mới—**không cần thay đổi mã!** - -Thiết kế này cũng cho phép **hỗ trợ đa tác nhân** với lựa chọn nhà cung cấp linh hoạt: - -- **Tác nhân khác nhau, nhà cung cấp khác nhau** : Mỗi tác nhân có thể sử dụng nhà cung cấp LLM riêng -- **Mô hình dự phòng** : Cấu hình mô hình chính và dự phòng để tăng độ tin cậy -- **Cân bằng tải** : Phân phối yêu cầu trên nhiều endpoint khác nhau -- **Cấu hình tập trung** : Quản lý tất cả nhà cung cấp ở một nơi - -#### 📋 Tất cả Nhà cung cấp được Hỗ trợ - -| Nhà cung cấp | Prefix `model` | API Base Mặc định | Giao thức | Khóa API | -|-------------|----------------|-------------------|-----------|----------| -| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Lấy Khóa](https://platform.openai.com) | -| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Lấy Khóa](https://console.anthropic.com) | -| **Zhipu AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Lấy Khóa](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | -| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Lấy Khóa](https://platform.deepseek.com) | -| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Lấy Khóa](https://aistudio.google.com/api-keys) | -| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Lấy Khóa](https://console.groq.com) | -| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [Lấy Khóa](https://platform.moonshot.cn) | -| **Qwen (Alibaba)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Lấy Khóa](https://dashscope.console.aliyun.com) | -| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [Lấy Khóa](https://build.nvidia.com) | -| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (không cần khóa) | -| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Lấy Khóa](https://openrouter.ai/keys) | -| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | Local | -| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [Lấy Khóa](https://cerebras.ai) | -| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Lấy Khóa](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| **ShengsuanYun** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | -| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [Lấy Khóa](https://www.byteplus.com) | -| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [Lấy Key](https://longcat.chat/platform) | -| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [Lấy Token](https://modelscope.cn/my/tokens) | -| **Azure OpenAI** | `azure/` | `https://{resource}.openai.azure.com` | Azure | [Lấy Khóa](https://portal.azure.com) | -| **Antigravity** | `antigravity/` | Google Cloud | Tùy chỉnh | Chỉ OAuth | -| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | - -#### Cấu hình Cơ bản - -```json -{ - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-your-openai-key" - }, - { - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "api_key": "sk-ant-your-key" - }, - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-zhipu-key" - } - ], - "agents": { - "defaults": { - "model": "gpt-5.4" - } - } -} -``` - -#### Ví dụ theo Nhà cung cấp - -**OpenAI** -```json -{ - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-..." -} -``` - -**VolcEngine (Doubao)** -```json -{ - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-..." -} -``` - -**Zhipu AI (GLM)** -```json -{ - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" -} -``` - -**Anthropic (với OAuth)** -```json -{ - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "auth_method": "oauth" -} -``` -> Chạy `picoclaw auth login --provider anthropic` để thiết lập thông tin xác thực OAuth. - -**Proxy/API tùy chỉnh** -```json -{ - "model_name": "my-custom-model", - "model": "openai/custom-model", - "api_base": "https://my-proxy.com/v1", - "api_key": "sk-...", - "request_timeout": 300 -} -``` - -#### Cân bằng Tải tải - -Định cấu hình nhiều endpoint cho cùng một tên mô hình—PicoClaw sẽ tự động phân phối round-robin giữa chúng: - -```json -{ - "model_list": [ - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api1.example.com/v1", - "api_key": "sk-key1" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api2.example.com/v1", - "api_key": "sk-key2" - } - ] -} -``` - -#### Chuyển đổi từ Cấu hình `providers` Cũ - -Cấu hình `providers` cũ đã **ngừng sử dụng** nhưng vẫn được hỗ trợ để tương thích ngược. - -**Cấu hình Cũ (đã ngừng sử dụng):** -```json -{ - "providers": { - "zhipu": { - "api_key": "your-key", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - }, - "agents": { - "defaults": { - "provider": "zhipu", - "model": "glm-4.7" - } - } -} -``` - -**Cấu hình Mới (khuyến nghị):** -```json -{ - "model_list": [ - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" - } - ], - "agents": { - "defaults": { - "model": "glm-4.7" - } - } -} -``` - -Xem hướng dẫn chuyển đổi chi tiết tại [docs/migration/model-list-migration.md](docs/migration/model-list-migration.md). - -## Tham chiếu CLI - -| Lệnh | Mô tả | -| --- | --- | -| `picoclaw onboard` | Khởi tạo cấu hình & workspace | -| `picoclaw agent -m "..."` | Trò chuyện với agent | -| `picoclaw agent` | Chế độ chat tương tác | -| `picoclaw gateway` | Khởi động gateway (cho bot chat) | -| `picoclaw status` | Hiển thị trạng thái | -| `picoclaw cron list` | Liệt kê tất cả tác vụ định kỳ | -| `picoclaw cron add ...` | Thêm tác vụ định kỳ | +## 🖥️ Tham chiếu CLI + +| Lệnh | Mô tả | +| -------------------------- | ------------------------------ | +| `picoclaw onboard` | Khởi tạo cấu hình & workspace | +| `picoclaw agent -m "..."` | Trò chuyện với agent | +| `picoclaw agent` | Chế độ chat tương tác | +| `picoclaw gateway` | Khởi động gateway | +| `picoclaw status` | Hiển thị trạng thái | +| `picoclaw version` | Hiển thị thông tin phiên bản | +| `picoclaw cron list` | Liệt kê tất cả tác vụ định kỳ | +| `picoclaw cron add ...` | Thêm tác vụ định kỳ | +| `picoclaw cron disable` | Tắt tác vụ định kỳ | +| `picoclaw cron remove` | Xóa tác vụ định kỳ | +| `picoclaw skills list` | Liệt kê các skill đã cài | +| `picoclaw skills install` | Cài đặt một skill | +| `picoclaw migrate` | Di chuyển dữ liệu từ phiên bản cũ | +| `picoclaw auth login` | Xác thực với nhà cung cấp | ### Tác vụ định kỳ / Nhắc nhở PicoClaw hỗ trợ nhắc nhở theo lịch và tác vụ lặp lại thông qua công cụ `cron`: -* **Nhắc nhở một lần**: "Remind me in 10 minutes" (Nhắc tôi sau 10 phút) → kích hoạt một lần sau 10 phút -* **Tác vụ lặp lại**: "Remind me every 2 hours" (Nhắc tôi mỗi 2 giờ) → kích hoạt mỗi 2 giờ -* **Biểu thức Cron**: "Remind me at 9am daily" (Nhắc tôi lúc 9 giờ sáng mỗi ngày) → sử dụng biểu thức cron - -Các tác vụ được lưu trong `~/.picoclaw/workspace/cron/` và được xử lý tự động. +* **Nhắc nhở một lần**: "Nhắc tôi sau 10 phút" → kích hoạt một lần sau 10 phút +* **Tác vụ lặp lại**: "Nhắc tôi mỗi 2 giờ" → kích hoạt mỗi 2 giờ +* **Biểu thức Cron**: "Nhắc tôi lúc 9 giờ sáng mỗi ngày" → sử dụng biểu thức cron ## 🤝 Đóng góp & Lộ trình Chào đón mọi PR! Mã nguồn được thiết kế nhỏ gọn và dễ đọc. 🤗 -Lộ trình sắp được công bố... +Xem [Lộ trình Cộng đồng](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md) đầy đủ. -Nhóm phát triển đang được xây dựng. Điều kiện tham gia: Ít nhất 1 PR đã được merge. +Nhóm phát triển đang được xây dựng. Tham gia sau khi có PR đầu tiên được merge! Nhóm người dùng: -Discord: +discord: PicoClaw - -## 🐛 Xử lý sự cố - -### Tìm kiếm web hiện "API 配置问题" - -Điều này là bình thường nếu bạn chưa cấu hình API key cho tìm kiếm. PicoClaw sẽ cung cấp các liên kết hữu ích để tìm kiếm thủ công. - -Để bật tìm kiếm web: - -1. **Tùy chọn 1 (Khuyên dùng)**: Lấy API key miễn phí tại [https://brave.com/search/api](https://brave.com/search/api) (2000 truy vấn miễn phí/tháng) để có kết quả tốt nhất. -2. **Tùy chọn 2 (Không cần thẻ tín dụng)**: Nếu không có key, hệ thống tự động chuyển sang dùng **DuckDuckGo** (không cần key). - -Thêm key vào `~/.picoclaw/config.json` nếu dùng Brave: - -```json -{ - "tools": { - "web": { - "brave": { - "enabled": false, - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - } - } -} -``` - -### Gặp lỗi lọc nội dung (Content Filtering) - -Một số nhà cung cấp (như Zhipu) có bộ lọc nội dung nghiêm ngặt. Thử diễn đạt lại câu hỏi hoặc sử dụng model khác. - -### Telegram bot báo "Conflict: terminated by other getUpdates" - -Điều này xảy ra khi có một instance bot khác đang chạy. Đảm bảo chỉ có một tiến trình `picoclaw gateway` chạy tại một thời điểm. - ---- - -## 📝 So sánh API Key - -| Dịch vụ | Gói miễn phí | Trường hợp sử dụng | -| --- | --- | --- | -| **OpenRouter** | 200K tokens/tháng | Đa model (Claude, GPT-4, v.v.) | -| **Volcengine CodingPlan** | ¥9.9/tháng đầu | Tốt nhất cho người dùng Trung Quốc, nhiều mô hình SOTA (Doubao, DeepSeek, v.v.) | -| **Zhipu** | 200K tokens/tháng | Phù hợp cho người dùng Trung Quốc | -| **Brave Search** | 2000 truy vấn/tháng | Chức năng tìm kiếm web | -| **Groq** | Có gói miễn phí | Suy luận siêu nhanh (Llama, Mixtral) | -| **ModelScope** | 2000 yêu cầu/ngày | Suy luận miễn phí (Qwen, GLM, DeepSeek, v.v.) | - ---- - -
- PicoClaw Meme -
diff --git a/README.zh.md b/README.zh.md index 800e7ada7..bbb8e8e4d 100644 --- a/README.zh.md +++ b/README.zh.md @@ -3,10 +3,10 @@

PicoClaw: 基于Go语言的超高效 AI 助手

-

10$硬件 · 10MB内存 · 1秒启动 · 皮皮虾,我们走!

+

$10 硬件 · <10MB 内存 · <1s 启动 · 皮皮虾,我们走!

- Go - Hardware + Go + Hardware License
Website @@ -26,7 +26,7 @@ > **PicoClaw** 是由 [矽速科技 (Sipeed)](https://sipeed.com) 发起的独立开源项目,完全使用 **Go 语言**从零编写——不是 OpenClaw、NanoBot 或其他项目的分支。 -🦐 **PicoClaw** 是一个受 [NanoBot](https://github.com/HKUDS/nanobot) 启发的超轻量级个人 AI 助手。它采用 **Go 语言** 从零重构,经历了一个“自举”过程——即由 AI Agent 自身驱动了整个架构迁移和代码优化。 +🦐 **PicoClaw** 是一个受 [NanoBot](https://github.com/HKUDS/nanobot) 启发的超轻量级个人 AI 助手。它采用 **Go 语言** 从零重构,经历了一个"自举"过程——即由 AI Agent 自身驱动了整个架构迁移和代码优化。 ⚡️ **极致轻量**:可在 **10 美元** 的硬件上运行,内存占用 **<10MB**。这意味着比 OpenClaw 节省 99% 的内存,比 Mac mini 便宜 98%! @@ -45,42 +45,60 @@ -注意:人手有限,中文文档可能略有滞后,请优先查看英文文档。 - > [!CAUTION] -> **🚨 SECURITY & OFFICIAL CHANNELS / 安全声明** +> **🚨 安全声明** > > - **无加密货币 (NO CRYPTO):** PicoClaw **没有** 发行任何官方代币、Token 或虚拟货币。所有在 `pump.fun` 或其他交易平台上的相关声称均为 **诈骗**。 > - **官方域名:** 唯一的官方网站是 **[picoclaw.io](https://picoclaw.io)**,公司官网是 **[sipeed.com](https://sipeed.com)**。 > - **警惕:** 许多 `.ai/.org/.com/.net/...` 后缀的域名被第三方抢注,请勿轻信。 -> - **注意:** picoclaw正在初期的快速功能开发阶段,可能有尚未修复的网络安全问题,在1.0正式版发布前,请不要将其部署到生产环境中 -> - **注意:** picoclaw最近合并了大量PRs,近期版本可能内存占用较大(10~20MB),我们将在功能较为收敛后进行资源占用优化. +> - **注意:** PicoClaw 正在初期的快速功能开发阶段,可能有尚未修复的网络安全问题,在 1.0 正式版发布前,请不要将其部署到生产环境中。 +> - **注意:** PicoClaw 最近合并了大量 PR,近期版本可能内存占用较大 (10~20MB),我们将在功能较为收敛后进行资源占用优化。 -## 📢 新闻 (News) +## 📢 新闻 -2026-02-16 🎉 PicoClaw 在一周内突破了12K star! 感谢大家的关注!PicoClaw 的成长速度超乎我们预期. 由于PR数量的快速膨胀,我们亟需社区开发者参与维护. 我们需要的志愿者角色和roadmap已经发布到了[这里](docs/ROADMAP.md), 期待你的参与! +2026-03-17 🚀 **v0.2.3 发布!** 系统托盘 UI(Windows & Linux)、子 Agent 状态查询 (`spawn_status`)、实验性 Gateway 热重载、Cron 安全门控,以及 2 项安全修复。PicoClaw 已达 **25K ⭐**! -2026-02-13 🎉 **PicoClaw 在 4 天内突破 5000 Stars!** 感谢社区的支持!由于正值中国春节假期,PR 和 Issue 涌入较多,我们正在利用这段时间敲定 **项目路线图 (Roadmap)** 并组建 **开发者群组**,以便加速 PicoClaw 的开发。 -🚀 **行动号召:** 请在 GitHub Discussions 中提交您的功能请求 (Feature Requests)。我们将在接下来的周会上进行审查和优先级排序。 +2026-03-09 🎉 **v0.2.1 — 史上最大更新!** MCP 协议支持、4 个新频道 (Matrix/IRC/WeCom/Discord Proxy)、3 个新 Provider (Kimi/Minimax/Avian)、视觉管线、JSONL 记忆存储、模型路由。 -2026-02-09 🎉 **PicoClaw 正式发布!** 仅用 1 天构建,旨在将 AI Agent 带入 10 美元硬件与 <10MB 内存的世界。🦐 PicoClaw(皮皮虾),我们走! +2026-02-28 📦 **v0.2.0** 发布,支持 Docker Compose 和 Web UI 启动器。 + +2026-02-26 🎉 PicoClaw 仅 17 天突破 **20K Stars**!频道自动编排和能力接口上线。 + +

+更早的新闻... + +2026-02-16 🎉 PicoClaw 一周内突破 12K Stars!社区维护者角色和 [路线图](ROADMAP.md) 正式发布。 + +2026-02-13 🎉 PicoClaw 4 天内突破 5000 Stars!项目路线图和开发者群组筹建中。 + +2026-02-09 🎉 **PicoClaw 正式发布!** 仅用 1 天构建,将 AI Agent 带入 $10 硬件与 <10MB 内存的世界。🦐 皮皮虾,我们走! + +
## ✨ 特性 -🪶 **超轻量级**: 核心功能内存占用 <10MB — 比 Clawdbot 小 99%。 +🪶 **超轻量级**: 核心功能内存占用 <10MB — 比 OpenClaw 小 99%。* -💰 **极低成本**: 高效到足以在 10 美元的硬件上运行 — 比 Mac mini 便宜 98%。 +💰 **极低成本**: 高效到足以在 $10 的硬件上运行 — 比 Mac mini 便宜 98%。 ⚡️ **闪电启动**: 启动速度快 400 倍,即使在 0.6GHz 单核处理器上也能在 1 秒内启动。 🌍 **真正可移植**: 跨 RISC-V、ARM、MIPS 和 x86 架构的单二进制文件,一键运行! -🤖 **AI 自举**: 纯 Go 语言原生实现 — 95% 的核心代码由 Agent 生成,并经由“人机回环 (Human-in-the-loop)”微调。 +🤖 **AI 自举**: 纯 Go 语言原生实现 — 95% 的核心代码由 Agent 生成,并经由"人机回环"微调。 + +🔌 **MCP 支持**: 原生 [Model Context Protocol](https://modelcontextprotocol.io/) 集成 — 连接任意 MCP 服务器扩展 Agent 能力。 + +👁️ **视觉管线**: 直接向 Agent 发送图片和文件 — 自动 base64 编码对接多模态 LLM。 + +🧠 **智能路由**: 基于规则的模型路由 — 简单查询走轻量模型,节省 API 成本。 + +_*近期版本因快速合并 PR 可能占用 10–20MB,资源优化已列入计划。启动速度对比基于 0.8GHz 单核实测(见下方对比表)。_ | | OpenClaw | NanoBot | **PicoClaw** | | ------------------------------ | ------------- | ------------------------ | -------------------------------------- | | **语言** | TypeScript | Python | **Go** | -| **RAM** | >1GB | >100MB | **< 10MB** | +| **RAM** | >1GB | >100MB | **< 10MB*** | | **启动时间**
(0.8GHz core) | >500s | >30s | **<1s** | | **成本** | Mac Mini $599 | 大多数 Linux 开发板 ~$50 | **任意 Linux 开发板**
**低至 $10** | @@ -110,31 +128,32 @@ ### 📱 在手机上轻松运行 -picoclaw 可以将你10年前的老旧手机废物利用,变身成为你的AI助理!快速指南: +PicoClaw 可以将你 10 年前的老旧手机废物利用,变身成为你的 AI 助理!快速指南: -1. 先去应用商店下载安装Termux +1. 安装 [Termux](https://github.com/termux/termux-app)(可从 [GitHub Releases](https://github.com/termux/termux-app/releases) 下载,或在 F-Droid 等应用商店搜索) 2. 打开后执行指令 ```bash -# 注意: 下面的v0.1.1 可以换为你实际看到的最新版本 -wget https://github.com/sipeed/picoclaw/releases/download/v0.1.1/picoclaw-linux-arm64 -chmod +x picoclaw-linux-arm64 +# 从 Release 页面下载最新版本 +wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz +tar xzf picoclaw_Linux_arm64.tar.gz pkg install proot -termux-chroot ./picoclaw-linux-arm64 onboard +termux-chroot ./picoclaw onboard ``` -然后跟随下面的“快速开始”章节继续配置picoclaw即可使用! +然后跟随下面的"快速开始"章节继续配置 PicoClaw 即可使用! + PicoClaw ### 🐜 创新的低占用部署 PicoClaw 几乎可以部署在任何 Linux 设备上! -- $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) E(网口) 或 W(WiFi6) 版本,用于极简家庭助手。 -- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html),或 $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html),用于自动化服务器运维。 -- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) 或 $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera),用于智能监控。 +- $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) E(网口) 或 W(WiFi6) 版本,用于极简家庭助手 +- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html),或 $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html),用于自动化服务器运维 +- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) 或 $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera),用于智能监控 -[https://private-user-images.githubusercontent.com/83055338/547056448-e7b031ff-d6f5-4468-bcca-5726b6fecb5c.mp4](https://private-user-images.githubusercontent.com/83055338/547056448-e7b031ff-d6f5-4468-bcca-5726b6fecb5c.mp4) + 🌟 更多部署案例敬请期待! @@ -142,7 +161,7 @@ PicoClaw 几乎可以部署在任何 Linux 设备上! ### 使用预编译二进制文件安装 -从 [Release 页面](https://github.com/sipeed/picoclaw/releases) 下载适用于您平台的固件。 +从 [Release 页面](https://github.com/sipeed/picoclaw/releases) 下载适用于您平台的二进制文件。 ### 从源码安装(获取最新特性,开发推荐) @@ -158,785 +177,72 @@ make build # 为多平台构建 make build-all +# 为 Raspberry Pi Zero 2 W 构建(32位: make build-linux-arm; 64位: make build-linux-arm64) +make build-pi-zero + # 构建并安装 make install - ``` -## 🐳 Docker Compose +**Raspberry Pi Zero 2 W:** 请使用与系统匹配的二进制文件:32 位 Raspberry Pi OS → `make build-linux-arm`;64 位 → `make build-linux-arm64`。或运行 `make build-pi-zero` 同时构建两者。 -您也可以使用 Docker Compose 运行 PicoClaw,无需在本地安装任何环境。 +## 📚 文档 -```bash -# 1. 克隆仓库 -git clone https://github.com/sipeed/picoclaw.git -cd picoclaw +详细指南请参阅以下文档,README 仅涵盖快速入门。 -# 2. 首次运行 — 自动生成 docker/data/config.json 后退出 -docker compose -f docker/docker-compose.yml --profile gateway up -# 容器打印 "First-run setup complete." 后自动停止 - -# 3. 填写 API Key 等配置 -vim docker/data/config.json # 设置 provider API key、Bot Token 等 - -# 4. 正式启动 -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -> [!TIP] -> **Docker 用户**: 默认情况下, Gateway 监听 `127.0.0.1`,该端口不会暴露到容器外。如果需要通过端口映射访问健康检查接口,请在环境变量中设置 `PICOCLAW_GATEWAY_HOST=0.0.0.0` 或修改 `config.json`。 - -```bash -# 5. 查看日志 -docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway - -# 6. 停止 -docker compose -f docker/docker-compose.yml --profile gateway down -``` - -### Agent 模式 (一次性运行) - -```bash -# 提问 -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "2+2 等于几?" - -# 交互模式 -docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -``` - -### 更新镜像 - -```bash -docker compose -f docker/docker-compose.yml pull -docker compose -f docker/docker-compose.yml --profile gateway up -d -``` - -### 🚀 快速开始 - -> [!TIP] -> 在 `~/.picoclaw/config.json` 中设置您的 API Key。获取 API Key: [火山引擎 (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu (智谱)](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM)。网络搜索是 **可选的** — 获取免费的 [Tavily API](https://tavily.com) (每月 1000 次免费查询) 或 [Brave Search API](https://brave.com/search/api) (每月 2000 次免费查询)。 - -**1. 初始化 (Initialize)** - -```bash -picoclaw onboard - -``` - -**2. 配置 (Configure)** (`~/.picoclaw/config.json`) - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "model_name": "gpt-5.4", - "max_tokens": 8192, - "temperature": 0.7, - "max_tool_iterations": 20 - } - }, - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key", - "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "your-api-key", - "request_timeout": 300 - }, - { - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "api_key": "your-anthropic-key" - } - ], - "tools": { - "web": { - "enabled": true, - "fetch_limit_bytes": 10485760, - "format": "plaintext", - "brave": { - "enabled": false, - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - }, - "tavily": { - "enabled": false, - "api_key": "YOUR_TAVILY_API_KEY", - "max_results": 5 - } - }, - "cron": { - "exec_timeout_minutes": 5 - } - } -} -``` - -> **新功能**: `model_list` 配置格式支持零代码添加 provider。详见[模型配置](#模型配置-model_list)章节。 -> `request_timeout` 为可选项,单位为秒。若省略或设置为 `<= 0`,PicoClaw 使用默认超时(120 秒)。 - -**3. 获取 API Key** - -* **LLM 提供商**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) -* **网络搜索** (可选): [Tavily](https://tavily.com) - 专为 AI Agent 优化 (1000 请求/月) · [Brave Search](https://brave.com/search/api) - 提供免费层级 (2000 请求/月) - -> **注意**: 完整的配置模板请参考 `config.example.json`。 - -**4. 对话 (Chat)** - -```bash -picoclaw agent -m "2+2 等于几?" - -``` - -就是这样!您在 2 分钟内就拥有了一个可工作的 AI 助手。 - ---- - -## 💬 聊天应用集成 (Chat Apps) - -PicoClaw 支持多种聊天平台,使您的 Agent 能够连接到任何地方。 - -> **注意**: 所有 Webhook 类渠道(LINE、WeCom 等)均挂载在同一个 Gateway HTTP 服务器上(`gateway.host`:`gateway.port`,默认 `127.0.0.1:18790`),无需为每个渠道单独配置端口。注意:飞书(Feishu)使用 WebSocket/SDK 模式,不通过该共享 HTTP webhook 服务器接收消息。 - -### 核心渠道 - -| 渠道 | 设置难度 | 特性说明 | 文档链接 | -| -------------------- | ----------- | ----------------------------------------- | --------------------------------------------------------------------------------------------------------------- | -| **Telegram** | ⭐ 简单 | 推荐,支持语音转文字,长轮询无需公网 | [查看文档](docs/channels/telegram/README.zh.md) | -| **Discord** | ⭐ 简单 | Socket Mode,支持群组/私信,Bot 生态成熟 | [查看文档](docs/channels/discord/README.zh.md) | -| **Slack** | ⭐ 简单 | **Socket Mode** (无需公网 IP),企业级支持 | [查看文档](docs/channels/slack/README.zh.md) | -| **Matrix** | ⭐⭐ 中等 | 联邦协议,支持自建 homeserver 与公开服务器 | [查看文档](docs/channels/matrix/README.zh.md) | -| **QQ** | ⭐⭐ 中等 | 官方机器人 API,适合国内社群 | [查看文档](docs/channels/qq/README.zh.md) | -| **钉钉 (DingTalk)** | ⭐⭐ 中等 | Stream 模式无需公网,企业办公首选 | [查看文档](docs/channels/dingtalk/README.zh.md) | -| **企业微信 (WeCom)** | ⭐⭐⭐ 较难 | 支持群机器人(Webhook)、自建应用(API)和智能机器人(AI Bot) | [Bot 文档](docs/channels/wecom/wecom_bot/README.zh.md) / [App 文档](docs/channels/wecom/wecom_app/README.zh.md) / [AI Bot 文档](docs/channels/wecom/wecom_aibot/README.zh.md) | -| **飞书 (Feishu)** | ⭐⭐⭐ 较难 | 企业级协作,功能丰富 | [查看文档](docs/channels/feishu/README.zh.md) | -| **Line** | ⭐⭐⭐ 较难 | 需要 HTTPS Webhook | [查看文档](docs/channels/line/README.zh.md) | -| **OneBot** | ⭐⭐ 中等 | 兼容 NapCat/Go-CQHTTP,社区生态丰富 | [查看文档](docs/channels/onebot/README.zh.md) | -| **MaixCam** | ⭐ 简单 | 专为 AI 摄像头设计的硬件集成通道 | [查看文档](docs/channels/maixcam/README.zh.md) | - -### Telegram 命令注册(启动时自动同步) - -PicoClaw 现在使用统一的命令定义来源。启动时会自动将 Telegram 支持的命令(例如 `/start`、`/help`、`/show`、`/list`)注册到 Bot 命令菜单,确保菜单展示与实际行为一致。 -Telegram 侧保留的是命令菜单注册能力;通用命令的实际执行统一走 Agent Loop 中的 commands executor。 - -如果注册因网络或 API 短暂异常失败,不会阻塞 channel 启动;系统会在后台自动重试。 +| 主题 | 说明 | +|------|------| +| 🐳 [Docker 与快速开始](docs/zh/docker.md) | Docker Compose 配置、Launcher/Agent 模式、快速开始 | +| 💬 [聊天应用配置](docs/zh/chat-apps.md) | Telegram、Discord、WhatsApp、Matrix、QQ、Slack、IRC、钉钉、LINE、飞书、企业微信等 | +| ⚙️ [配置指南](docs/zh/configuration.md) | 环境变量、工作区布局、技能来源、安全沙箱、心跳任务 | +| 🔌 [提供商与模型配置](docs/zh/providers.md) | 20+ LLM 提供商、模型路由、model_list 配置、Provider 架构 | +| 🔄 [异步任务与 Spawn](docs/zh/spawn-tasks.md) | 快速任务、长任务与 Spawn、异步子 Agent 编排 | +| 🐛 [疑难解答](docs/zh/troubleshooting.md) | 常见问题与解决方案 | +| 🔧 [工具配置](docs/zh/tools_configuration.md) | 工具启用/禁用、执行策略 | ## ClawdChat 加入 Agent 社交网络 -只需通过 CLI 或任何集成的聊天应用发送一条消息,即可将 PicoClaw 连接到 Agent 社交网络。 - -\*\*阅读 `https://clawdchat.ai/skill.md` 并按照说明加入 [ClawdChat.ai](https://clawdchat.ai) - -## ⚙️ 配置详解 - -配置文件路径: `~/.picoclaw/config.json` - -### 环境变量 - -你可以使用环境变量覆盖默认路径。这对于便携安装、容器化部署或将 picoclaw 作为系统服务运行非常有用。这些变量是独立的,控制不同的路径。 - -| 变量 | 描述 | 默认路径 | -|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| `PICOCLAW_CONFIG` | 覆盖配置文件的路径。这直接告诉 picoclaw 加载哪个 `config.json`,忽略所有其他位置。 | `~/.picoclaw/config.json` | -| `PICOCLAW_HOME` | 覆盖 picoclaw 数据根目录。这会更改 `workspace` 和其他数据目录的默认位置。 | `~/.picoclaw` | - -**示例:** - -```bash -# 使用特定的配置文件运行 picoclaw -# 工作区路径将从该配置文件中读取 -PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway - -# 在 /opt/picoclaw 中存储所有数据运行 picoclaw -# 配置将从默认的 ~/.picoclaw/config.json 加载 -# 工作区将在 /opt/picoclaw/workspace 创建 -PICOCLAW_HOME=/opt/picoclaw picoclaw agent - -# 同时使用两者进行完全自定义设置 -PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway -``` - -### 工作区布局 (Workspace Layout) - -PicoClaw 将数据存储在您配置的工作区中(默认:`~/.picoclaw/workspace`): - -``` -~/.picoclaw/workspace/ -├── sessions/ # 对话会话和历史 -├── memory/ # 长期记忆 (MEMORY.md) -├── state/ # 持久化状态 (最后一次频道等) -├── cron/ # 定时任务数据库 -├── skills/ # 自定义技能 -├── AGENTS.md # Agent 行为指南 -├── HEARTBEAT.md # 周期性任务提示词 (每 30 分钟检查一次) -├── IDENTITY.md # Agent 身份设定 -├── SOUL.md # Agent 灵魂/性格 -└── USER.md # 用户偏好 - -``` - -### 技能来源 (Skill Sources) - -默认情况下,技能会按以下顺序加载: - -1. `~/.picoclaw/workspace/skills`(工作区) -2. `~/.picoclaw/skills`(全局) -3. `/skills`(内置) - -在高级/测试场景下,可通过以下环境变量覆盖内置技能目录: - -```bash -export PICOCLAW_BUILTIN_SKILLS=/path/to/skills -``` - -### 统一命令执行策略 - -- 通用斜杠命令通过 `pkg/agent/loop.go` 中的 `commands.Executor` 统一执行。 -- Channel 适配器不再在本地消费通用命令;它们只负责把入站文本转发到 bus/agent 路径。Telegram 仍会在启动时自动注册其支持的命令菜单。 -- 未注册的斜杠命令(例如 `/foo`)会透传给 LLM 按普通输入处理。 -- 已注册但当前 channel 不支持的命令(例如 WhatsApp 上的 `/show`)会返回明确的用户可见错误,并停止后续处理。 -### 心跳 / 周期性任务 (Heartbeat) - -PicoClaw 可以自动执行周期性任务。在工作区创建 `HEARTBEAT.md` 文件: - -```markdown -# Periodic Tasks - -- Check my email for important messages -- Review my calendar for upcoming events -- Check the weather forecast -``` - -Agent 将每隔 30 分钟(可配置)读取此文件,并使用可用工具执行任务。 - -#### 使用 Spawn 的异步任务 - -对于耗时较长的任务(网络搜索、API 调用),使用 `spawn` 工具创建一个 **子 Agent (subagent)**: - -```markdown -# Periodic Tasks - -## Quick Tasks (respond directly) - -- Report current time - -## Long Tasks (use spawn for async) - -- Search the web for AI news and summarize -- Check email and report important messages -``` - -**关键行为:** - -| 特性 | 描述 | -| ---------------- | ---------------------------------------- | -| **spawn** | 创建异步子 Agent,不阻塞主心跳进程 | -| **独立上下文** | 子 Agent 拥有独立上下文,无会话历史 | -| **message tool** | 子 Agent 通过 message 工具直接与用户通信 | -| **非阻塞** | spawn 后,心跳继续处理下一个任务 | - -#### 子 Agent 通信原理 - -``` -心跳触发 (Heartbeat triggers) - ↓ -Agent 读取 HEARTBEAT.md - ↓ -对于长任务: spawn 子 Agent - ↓ ↓ -继续下一个任务 子 Agent 独立工作 - ↓ ↓ -所有任务完成 子 Agent 使用 "message" 工具 - ↓ ↓ -响应 HEARTBEAT_OK 用户直接收到结果 - -``` - -子 Agent 可以访问工具(message, web_search 等),并且无需通过主 Agent 即可独立与用户通信。 - -**配置:** - -```json -{ - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -| 选项 | 默认值 | 描述 | -| ---------- | ------ | ---------------------------- | -| `enabled` | `true` | 启用/禁用心跳 | -| `interval` | `30` | 检查间隔,单位分钟 (最小: 5) | - -**环境变量:** - -- `PICOCLAW_HEARTBEAT_ENABLED=false` 禁用 -- `PICOCLAW_HEARTBEAT_INTERVAL=60` 更改间隔 - -### 提供商 (Providers) - -> [!NOTE] -> Groq 通过 Whisper 提供免费的语音转录。如果配置了 Groq,任意渠道的音频消息都将在 Agent 层面自动转录为文字。 - -| 提供商 | 用途 | 获取 API Key | -| -------------------- | ---------------------------- | -------------------------------------------------------------------- | -| `gemini` | LLM (Gemini 直连) | [aistudio.google.com](https://aistudio.google.com) | -| `zhipu` | LLM (智谱直连) | [bigmodel.cn](bigmodel.cn) | -| `volcengine` | LLM (火山引擎直连) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| `openrouter` | LLM (推荐,可访问所有模型) | [openrouter.ai](https://openrouter.ai) | -| `anthropic` | LLM (Claude 直连) | [console.anthropic.com](https://console.anthropic.com) | -| `openai` | LLM (GPT 直连) | [platform.openai.com](https://platform.openai.com) | -| `deepseek` | LLM (DeepSeek 直连) | [platform.deepseek.com](https://platform.deepseek.com) | -| `qwen` | LLM (通义千问) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) | -| `groq` | LLM + **语音转录** (Whisper) | [console.groq.com](https://console.groq.com) | -| `cerebras` | LLM (Cerebras 直连) | [cerebras.ai](https://cerebras.ai) | - -### 模型配置 (model_list) - -> **新功能!** PicoClaw 现在采用**以模型为中心**的配置方式。只需使用 `厂商/模型` 格式(如 `zhipu/glm-4.7`)即可添加新的 provider——**无需修改任何代码!** - -该设计同时支持**多 Agent 场景**,提供灵活的 Provider 选择: - -- **不同 Agent 使用不同 Provider**:每个 Agent 可以使用自己的 LLM provider -- **模型回退(Fallback)**:配置主模型和备用模型,提高可靠性 -- **负载均衡**:在多个 API 端点之间分配请求 -- **集中化配置**:在一个地方管理所有 provider - -#### 📋 所有支持的厂商 - -| 厂商 | `model` 前缀 | 默认 API Base | 协议 | 获取 API Key | -| ------------------- | ----------------- | --------------------------------------------------- | --------- | ----------------------------------------------------------------- | -| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [获取密钥](https://platform.openai.com) | -| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [获取密钥](https://console.anthropic.com) | -| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [获取密钥](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | -| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [获取密钥](https://platform.deepseek.com) | -| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [获取密钥](https://aistudio.google.com/api-keys) | -| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [获取密钥](https://console.groq.com) | -| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [获取密钥](https://platform.moonshot.cn) | -| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [获取密钥](https://dashscope.console.aliyun.com) | -| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [获取密钥](https://build.nvidia.com) | -| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | 本地(无需密钥) | -| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [获取密钥](https://openrouter.ai/keys) | -| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | 本地 | -| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [获取密钥](https://cerebras.ai) | -| **火山引擎(Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [获取密钥](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | -| **神算云** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | -| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [获取密钥](https://www.byteplus.com) | -| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [获取密钥](https://longcat.chat/platform) | -| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [获取 Token](https://modelscope.cn/my/tokens) | -| **Azure OpenAI** | `azure/` | `https://{resource}.openai.azure.com` | Azure | [获取密钥](https://portal.azure.com) | -| **Antigravity** | `antigravity/` | Google Cloud | 自定义 | 仅 OAuth | -| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | - -#### 基础配置示例 - -```json -{ - "model_list": [ - { - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-your-api-key" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-your-openai-key" - }, - { - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "api_key": "sk-ant-your-key" - }, - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-zhipu-key" - } - ], - "agents": { - "defaults": { - "model": "gpt-5.4" - } - } -} -``` - -#### 各厂商配置示例 - -**OpenAI** - -```json -{ - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_key": "sk-..." -} -``` - -**火山引擎(Doubao)** - -```json -{ - "model_name": "ark-code-latest", - "model": "volcengine/ark-code-latest", - "api_key": "sk-..." -} -``` - -**智谱 AI (GLM)** - -```json -{ - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" -} -``` - -**DeepSeek** - -```json -{ - "model_name": "deepseek-chat", - "model": "deepseek/deepseek-chat", - "api_key": "sk-..." -} -``` - -**Anthropic (使用 OAuth)** - -```json -{ - "model_name": "claude-sonnet-4.6", - "model": "anthropic/claude-sonnet-4.6", - "auth_method": "oauth" -} -``` - -> 运行 `picoclaw auth login --provider anthropic` 来设置 OAuth 凭证。 - -**Anthropic Messages API(原生格式)** - -用于直接访问 Anthropic API 或仅支持 Anthropic 原生消息格式的自定义端点: - -```json -{ - "model_name": "claude-opus-4-6", - "model": "anthropic-messages/claude-opus-4-6", - "api_key": "sk-ant-your-key", - "api_base": "https://api.anthropic.com" -} -``` - -> 使用 `anthropic-messages` 协议的场景: -> - 使用仅支持 Anthropic 原生 `/v1/messages` 端点的第三方代理(不支持 OpenAI 兼容的 `/v1/chat/completions`) -> - 连接到 MiniMax、Synthetic 等需要 Anthropic 原生消息格式的服务 -> - 现有的 `anthropic` 协议返回 404 错误(说明端点不支持 OpenAI 兼容格式) -> -> **注意:** `anthropic` 协议使用 OpenAI 兼容格式(`/v1/chat/completions`),而 `anthropic-messages` 使用 Anthropic 原生格式(`/v1/messages`)。请根据端点支持的格式选择。 - -**Ollama (本地)** - -```json -{ - "model_name": "llama3", - "model": "ollama/llama3" -} -``` - -**自定义代理/API** - -```json -{ - "model_name": "my-custom-model", - "model": "openai/custom-model", - "api_base": "https://my-proxy.com/v1", - "api_key": "sk-...", - "request_timeout": 300 -} -``` - -#### 负载均衡 - -为同一个模型名称配置多个端点——PicoClaw 会自动在它们之间轮询: - -```json -{ - "model_list": [ - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api1.example.com/v1", - "api_key": "sk-key1" - }, - { - "model_name": "gpt-5.4", - "model": "openai/gpt-5.4", - "api_base": "https://api2.example.com/v1", - "api_key": "sk-key2" - } - ] -} -``` - -#### 从旧的 `providers` 配置迁移 - -旧的 `providers` 配置格式**已弃用**,但为向后兼容仍支持。 - -**旧配置(已弃用):** - -```json -{ - "providers": { - "zhipu": { - "api_key": "your-key", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - }, - "agents": { - "defaults": { - "provider": "zhipu", - "model": "glm-4.7" - } - } -} -``` - -**新配置(推荐):** - -```json -{ - "model_list": [ - { - "model_name": "glm-4.7", - "model": "zhipu/glm-4.7", - "api_key": "your-key" - } - ], - "agents": { - "defaults": { - "model": "glm-4.7" - } - } -} -``` - -详细的迁移指南请参考 [docs/migration/model-list-migration.md](docs/migration/model-list-migration.md)。 - -
-智谱 (Zhipu) 配置示例 - -**1. 获取 API key 和 base URL** - -- 获取 [API key](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) - -**2. 配置** - -```json -{ - "agents": { - "defaults": { - "workspace": "~/.picoclaw/workspace", - "model": "glm-4.7", - "max_tokens": 8192, - "temperature": 0.7, - "max_tool_iterations": 20 - } - }, - "providers": { - "zhipu": { - "api_key": "Your API Key", - "api_base": "https://open.bigmodel.cn/api/paas/v4" - } - } -} -``` - -**3. 运行** - -```bash -picoclaw agent -m "你好" - -``` - -
- -
-完整配置示例 - -```json -{ - "agents": { - "defaults": { - "model": "anthropic/claude-opus-4-5" - } - }, - "session": { - "dm_scope": "per-channel-peer", - "backlog_limit": 20 - }, - "providers": { - "openrouter": { - "api_key": "sk-or-v1-xxx" - }, - "groq": { - "api_key": "gsk_xxx" - } - }, - "channels": { - "telegram": { - "enabled": true, - "token": "123456:ABC...", - "allow_from": ["123456789"] - }, - "discord": { - "enabled": true, - "token": "", - "allow_from": [""] - }, - "whatsapp": { - "enabled": false - }, - "feishu": { - "enabled": false, - "app_id": "cli_xxx", - "app_secret": "xxx", - "encrypt_key": "", - "verification_token": "", - "allow_from": [] - }, - "qq": { - "enabled": false, - "app_id": "", - "app_secret": "", - "allow_from": [] - } - }, - "tools": { - "web": { - "brave": { - "enabled": false, - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - }, - "cron": { - "exec_timeout_minutes": 5 - } - }, - "heartbeat": { - "enabled": true, - "interval": 30 - } -} -``` - -
- -## CLI 命令行参考 - -| 命令 | 描述 | -| ------------------------- | ------------------ | -| `picoclaw onboard` | 初始化配置和工作区 | -| `picoclaw agent -m "..."` | 与 Agent 对话 | -| `picoclaw agent` | 交互式聊天模式 | -| `picoclaw gateway` | 启动网关 (Gateway) | -| `picoclaw status` | 显示状态 | -| `picoclaw cron list` | 列出所有定时任务 | -| `picoclaw cron add ...` | 添加定时任务 | - -### 定时任务 / 提醒 (Scheduled Tasks) +通过 CLI 或任何已集成的聊天应用发送一条消息,即可将 PicoClaw 连接到 Agent 社交网络。 + +**阅读 `https://clawdchat.ai/skill.md` 并按照说明加入 [ClawdChat.ai](https://clawdchat.ai)** + +## 🖥️ CLI 命令行参考 + +| 命令 | 说明 | +| ------------------------- | ---------------------- | +| `picoclaw onboard` | 初始化配置与工作区 | +| `picoclaw agent -m "..."` | 与 Agent 对话 | +| `picoclaw agent` | 交互式对话模式 | +| `picoclaw gateway` | 启动网关 | +| `picoclaw status` | 查看状态 | +| `picoclaw version` | 查看版本信息 | +| `picoclaw cron list` | 列出所有定时任务 | +| `picoclaw cron add ...` | 添加定时任务 | +| `picoclaw cron disable` | 禁用定时任务 | +| `picoclaw cron remove` | 删除定时任务 | +| `picoclaw skills list` | 列出已安装技能 | +| `picoclaw skills install` | 安装技能 | +| `picoclaw migrate` | 从旧版本迁移数据 | +| `picoclaw auth login` | 认证提供商 | + +### 定时任务 / 提醒 PicoClaw 通过 `cron` 工具支持定时提醒和重复任务: -- **一次性提醒**: "Remind me in 10 minutes" (10分钟后提醒我) → 10分钟后触发一次 -- **重复任务**: "Remind me every 2 hours" (每2小时提醒我) → 每2小时触发 -- **Cron 表达式**: "Remind me at 9am daily" (每天上午9点提醒我) → 使用 cron 表达式 +* **一次性提醒**: "10分钟后提醒我" → 10分钟后触发一次 +* **重复任务**: "每2小时提醒我" → 每2小时触发 +* **Cron 表达式**: "每天上午9点提醒我" → 使用 cron 表达式 -任务存储在 `~/.picoclaw/workspace/cron/` 中并自动处理。 - -## 🤝 贡献与路线图 (Roadmap) +## 🤝 贡献与路线图 欢迎提交 PR!代码库刻意保持小巧和可读。🤗 -路线图即将发布... +查看完整的 [社区路线图](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md)。 开发者群组正在组建中,入群门槛:至少合并过 1 个 PR。 用户群组: -Discord: [https://discord.gg/V4sAZ9XWpN](https://discord.gg/V4sAZ9XWpN) +Discord: PicoClaw - -## 🐛 疑难解答 (Troubleshooting) - -### 网络搜索提示 "API 配置问题" - -如果您尚未配置搜索 API Key,这是正常的。PicoClaw 会提供手动搜索的帮助链接。 - -启用网络搜索: - -1. 在 [https://tavily.com](https://tavily.com) (1000 次免费) 或 [https://brave.com/search/api](https://brave.com/search/api) 获取免费 API Key (2000 次免费) -2. 添加到 `~/.picoclaw/config.json`: - -```json -{ - "tools": { - "web": { - "brave": { - "enabled": false, - "api_key": "YOUR_BRAVE_API_KEY", - "max_results": 5 - }, - "duckduckgo": { - "enabled": true, - "max_results": 5 - } - } - } -} -``` - -### 遇到内容过滤错误 (Content Filtering Errors) - -某些提供商(如智谱)有严格的内容过滤。尝试改写您的问题或使用其他模型。 - -### Telegram bot 提示 "Conflict: terminated by other getUpdates" - -这表示有另一个机器人实例正在运行。请确保同一时间只有一个 `picoclaw gateway` 进程在运行。 - ---- - -## 📝 API Key 对比 - -| 服务 | 免费层级 | 适用场景 | -| --- | --- | --- | -| **OpenRouter** | 200K tokens/月 | 多模型聚合 (Claude, GPT-4 等) | -| **火山引擎 CodingPlan** | 9.9 元/首月 | 最适合国内用户,多种 SOTA 模型(豆包、DeepSeek 等) | -| **智谱 (Zhipu)** | 200K tokens/月 | 适合中国用户 | -| **Brave Search** | 2000 次查询/月 | 网络搜索功能 | -| **Tavily** | 1000 次查询/月 | AI Agent 搜索优化 | -| **Groq** | 提供免费层级 | 极速推理 (Llama, Mixtral) | -| **LongCat** | 最多 5M tokens/天 | 推理速度快 (免费额度) | -| **ModelScope (魔搭)** | 2000 次请求/天 | 免费推理 (Qwen, GLM, DeepSeek 等) | - ---- - -
- PicoClaw Meme -
diff --git a/docs/chat-apps.md b/docs/chat-apps.md new file mode 100644 index 000000000..6f700d6c1 --- /dev/null +++ b/docs/chat-apps.md @@ -0,0 +1,427 @@ +# 💬 Chat Apps Configuration + +> Back to [README](../README.md) + +## 💬 Chat Apps + +Talk to your picoclaw through Telegram, Discord, WhatsApp, Matrix, QQ, DingTalk, LINE, WeCom, Feishu, Slack, IRC, OneBot, MaixCam, or Pico (native protocol) + +> **Note**: All webhook-based channels (LINE, WeCom, etc.) are served on a single shared Gateway HTTP server (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`). There are no per-channel ports to configure. Note: Feishu uses WebSocket/SDK mode and does not use the shared HTTP webhook server. + +| Channel | Setup | +| ------------ | ---------------------------------- | +| **Telegram** | Easy (just a token) | +| **Discord** | Easy (bot token + intents) | +| **WhatsApp** | Easy (native: QR scan; or bridge URL) | +| **Matrix** | Medium (homeserver + bot access token) | +| **QQ** | Easy (AppID + AppSecret) | +| **DingTalk** | Medium (app credentials) | +| **LINE** | Medium (credentials + webhook URL) | +| **WeCom AI Bot** | Medium (Token + AES key) | +| **Feishu** | Medium (App ID + Secret, WebSocket mode) | +| **Slack** | Medium (Bot token + App token) | +| **IRC** | Medium (server + TLS config) | +| **OneBot** | Medium (QQ via OneBot protocol) | +| **MaixCam** | Easy (Sipeed hardware integration) | +| **Pico** | Native PicoClaw protocol | + +
+Telegram (Recommended) + +**1. Create a bot** + +* Open Telegram, search `@BotFather` +* Send `/newbot`, follow prompts +* Copy the token + +**2. Configure** + +```json +{ + "channels": { + "telegram": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +> Get your user ID from `@userinfobot` on Telegram. + +**3. Run** + +```bash +picoclaw gateway +``` + +**4. Telegram command menu (auto-registered at startup)** + +PicoClaw now keeps command definitions in one shared registry. On startup, Telegram will automatically register supported bot commands (for example `/start`, `/help`, `/show`, `/list`) so command menu and runtime behavior stay in sync. +Telegram command menu registration remains channel-local discovery UX; generic command execution is handled centrally in the agent loop via the commands executor. + +If command registration fails (network/API transient errors), the channel still starts and PicoClaw retries registration in the background. + +
+ +
+Discord + +**1. Create a bot** + +* Go to +* Create an application → Bot → Add Bot +* Copy the bot token + +**2. Enable intents** + +* In the Bot settings, enable **MESSAGE CONTENT INTENT** +* (Optional) Enable **SERVER MEMBERS INTENT** if you plan to use allow lists based on member data + +**3. Get your User ID** +* Discord Settings → Advanced → enable **Developer Mode** +* Right-click your avatar → **Copy User ID** + +**4. Configure** + +```json +{ + "channels": { + "discord": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +**5. Invite the bot** + +* OAuth2 → URL Generator +* Scopes: `bot` +* Bot Permissions: `Send Messages`, `Read Message History` +* Open the generated invite URL and add the bot to your server + +**Optional: Group trigger mode** + +By default the bot responds to all messages in a server channel. To restrict responses to @-mentions only, add: + +```json +{ + "channels": { + "discord": { + "group_trigger": { "mention_only": true } + } + } +} +``` + +You can also trigger by keyword prefixes (e.g. `!bot`): + +```json +{ + "channels": { + "discord": { + "group_trigger": { "prefixes": ["!bot"] } + } + } +} +``` + +**6. Run** + +```bash +picoclaw gateway +``` + +
+ +
+WhatsApp (native via whatsmeow) + +PicoClaw can connect to WhatsApp in two ways: + +- **Native (recommended):** In-process using [whatsmeow](https://github.com/tulir/whatsmeow). No separate bridge. Set `"use_native": true` and leave `bridge_url` empty. On first run, scan the QR code with WhatsApp (Linked Devices). Session is stored under your workspace (e.g. `workspace/whatsapp/`). The native channel is **optional** to keep the default binary small; build with `-tags whatsapp_native` (e.g. `make build-whatsapp-native` or `go build -tags whatsapp_native ./cmd/...`). +- **Bridge:** Connect to an external WebSocket bridge. Set `bridge_url` (e.g. `ws://localhost:3001`) and keep `use_native` false. + +**Configure (native)** + +```json +{ + "channels": { + "whatsapp": { + "enabled": true, + "use_native": true, + "session_store_path": "", + "allow_from": [] + } + } +} +``` + +If `session_store_path` is empty, the session is stored in `/whatsapp/`. Run `picoclaw gateway`; on first run, scan the QR code printed in the terminal with WhatsApp → Linked Devices. + +
+ +
+QQ + +**1. Create a bot** + +- Go to [QQ Open Platform](https://q.qq.com/#) +- Create an application → Get **AppID** and **AppSecret** + +**2. Configure** + +```json +{ + "channels": { + "qq": { + "enabled": true, + "app_id": "YOUR_APP_ID", + "app_secret": "YOUR_APP_SECRET", + "allow_from": [] + } + } +} +``` + +> Set `allow_from` to empty to allow all users, or specify QQ numbers to restrict access. + +**3. Run** + +```bash +picoclaw gateway +``` + +
+ +
+DingTalk + +**1. Create a bot** + +* Go to [Open Platform](https://open.dingtalk.com/) +* Create an internal app +* Copy Client ID and Client Secret + +**2. Configure** + +```json +{ + "channels": { + "dingtalk": { + "enabled": true, + "client_id": "YOUR_CLIENT_ID", + "client_secret": "YOUR_CLIENT_SECRET", + "allow_from": [] + } + } +} +``` + +> Set `allow_from` to empty to allow all users, or specify DingTalk user IDs to restrict access. + +**3. Run** + +```bash +picoclaw gateway +``` +
+ +
+Matrix + +**1. Prepare bot account** + +* Use your preferred homeserver (e.g. `https://matrix.org` or self-hosted) +* Create a bot user and obtain its access token + +**2. Configure** + +```json +{ + "channels": { + "matrix": { + "enabled": true, + "homeserver": "https://matrix.org", + "user_id": "@your-bot:matrix.org", + "access_token": "YOUR_MATRIX_ACCESS_TOKEN", + "allow_from": [] + } + } +} +``` + +**3. Run** + +```bash +picoclaw gateway +``` + +For full options (`device_id`, `join_on_invite`, `group_trigger`, `placeholder`, `reasoning_channel_id`), see [Matrix Channel Configuration Guide](docs/channels/matrix/README.md). + +
+ +
+LINE + +**1. Create a LINE Official Account** + +- Go to [LINE Developers Console](https://developers.line.biz/) +- Create a provider → Create a Messaging API channel +- Copy **Channel Secret** and **Channel Access Token** + +**2. Configure** + +```json +{ + "channels": { + "line": { + "enabled": true, + "channel_secret": "YOUR_CHANNEL_SECRET", + "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN", + "webhook_path": "/webhook/line", + "allow_from": [] + } + } +} +``` + +> LINE webhook is served on the shared Gateway server (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`). + +**3. Set up Webhook URL** + +LINE requires HTTPS for webhooks. Use a reverse proxy or tunnel: + +```bash +# Example with ngrok (gateway default port is 18790) +ngrok http 18790 +``` + +Then set the Webhook URL in LINE Developers Console to `https://your-domain/webhook/line` and enable **Use webhook**. + +**4. Run** + +```bash +picoclaw gateway +``` + +> In group chats, the bot responds only when @mentioned. Replies quote the original message. + +
+ +
+WeCom (企业微信) + +PicoClaw supports three types of WeCom integration: + +**Option 1: WeCom Bot (Bot)** - Easier setup, supports group chats +**Option 2: WeCom App (Custom App)** - More features, proactive messaging, private chat only +**Option 3: WeCom AI Bot (AI Bot)** - Official AI Bot, streaming replies, supports group & private chat + +See [WeCom AI Bot Configuration Guide](docs/channels/wecom/wecom_aibot/README.zh.md) for detailed setup instructions. + +**Quick Setup - WeCom Bot:** + +**1. Create a bot** + +* Go to WeCom Admin Console → Group Chat → Add Group Bot +* Copy the webhook URL (format: `https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) + +**2. Configure** + +```json +{ + "channels": { + "wecom": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", + "webhook_path": "/webhook/wecom", + "allow_from": [] + } + } +} +``` + +> WeCom webhook is served on the shared Gateway server (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`). + +**Quick Setup - WeCom App:** + +**1. Create an app** + +* Go to WeCom Admin Console → App Management → Create App +* Copy **AgentId** and **Secret** +* Go to "My Company" page, copy **CorpID** + +**2. Configure receive message** + +* In App details, click "Receive Message" → "Set API" +* Set URL to `http://your-server:18790/webhook/wecom-app` +* Generate **Token** and **EncodingAESKey** + +**3. Configure** + +```json +{ + "channels": { + "wecom_app": { + "enabled": true, + "corp_id": "wwxxxxxxxxxxxxxxxx", + "corp_secret": "YOUR_CORP_SECRET", + "agent_id": 1000002, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-app", + "allow_from": [] + } + } +} +``` + +**4. Run** + +```bash +picoclaw gateway +``` + +> **Note**: WeCom webhook callbacks are served on the Gateway port (default 18790). Use a reverse proxy for HTTPS. + +**Quick Setup - WeCom AI Bot:** + +**1. Create an AI Bot** + +* Go to WeCom Admin Console → App Management → AI Bot +* In the AI Bot settings, configure callback URL: `http://your-server:18791/webhook/wecom-aibot` +* Copy **Token** and click "Random Generate" for **EncodingAESKey** + +**2. Configure** + +```json +{ + "channels": { + "wecom_aibot": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-aibot", + "allow_from": [], + "welcome_message": "Hello! How can I help you?" + } + } +} +``` + +**3. Run** + +```bash +picoclaw gateway +``` + +> **Note**: WeCom AI Bot uses streaming pull protocol — no reply timeout concerns. Long tasks (>30 seconds) automatically switch to `response_url` push delivery. + +
diff --git a/docs/configuration.md b/docs/configuration.md new file mode 100644 index 000000000..9d503f44f --- /dev/null +++ b/docs/configuration.md @@ -0,0 +1,218 @@ +# ⚙️ Configuration Guide + +> Back to [README](../README.md) + +## ⚙️ Configuration + +Config file: `~/.picoclaw/config.json` + +### Environment Variables + +You can override default paths using environment variables. This is useful for portable installations, containerized deployments, or running picoclaw as a system service. These variables are independent and control different paths. + +| Variable | Description | Default Path | +|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| +| `PICOCLAW_CONFIG` | Overrides the path to the configuration file. This directly tells picoclaw which `config.json` to load, ignoring all other locations. | `~/.picoclaw/config.json` | +| `PICOCLAW_HOME` | Overrides the root directory for picoclaw data. This changes the default location of the `workspace` and other data directories. | `~/.picoclaw` | + +**Examples:** + +```bash +# Run picoclaw using a specific config file +# The workspace path will be read from within that config file +PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway + +# Run picoclaw with all its data stored in /opt/picoclaw +# Config will be loaded from the default ~/.picoclaw/config.json +# Workspace will be created at /opt/picoclaw/workspace +PICOCLAW_HOME=/opt/picoclaw picoclaw agent + +# Use both for a fully customized setup +PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway +``` + +### Workspace Layout + +PicoClaw stores data in your configured workspace (default: `~/.picoclaw/workspace`): + +``` +~/.picoclaw/workspace/ +├── sessions/ # Conversation sessions and history +├── memory/ # Long-term memory (MEMORY.md) +├── state/ # Persistent state (last channel, etc.) +├── cron/ # Scheduled jobs database +├── skills/ # Custom skills +├── AGENTS.md # Agent behavior guide +├── HEARTBEAT.md # Periodic task prompts (checked every 30 min) +├── IDENTITY.md # Agent identity +├── SOUL.md # Agent soul +└── USER.md # User preferences +``` + +### Skill Sources + +By default, skills are loaded from: + +1. `~/.picoclaw/workspace/skills` (workspace) +2. `~/.picoclaw/skills` (global) +3. `/skills` (builtin) + +For advanced/test setups, you can override the builtin skills root with: + +```bash +export PICOCLAW_BUILTIN_SKILLS=/path/to/skills +``` + +### Unified Command Execution Policy + +- Generic slash commands are executed through a single path in `pkg/agent/loop.go` via `commands.Executor`. +- Channel adapters no longer consume generic commands locally; they forward inbound text to the bus/agent path. Telegram still auto-registers supported commands at startup. +- Unknown slash command (for example `/foo`) passes through to normal LLM processing. +- Registered but unsupported command on the current channel (for example `/show` on WhatsApp) returns an explicit user-facing error and stops further processing. +### 🔒 Security Sandbox + +PicoClaw runs in a sandboxed environment by default. The agent can only access files and execute commands within the configured workspace. + +#### Default Configuration + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "restrict_to_workspace": true + } + } +} +``` + +| Option | Default | Description | +| ----------------------- | ----------------------- | ----------------------------------------- | +| `workspace` | `~/.picoclaw/workspace` | Working directory for the agent | +| `restrict_to_workspace` | `true` | Restrict file/command access to workspace | + +#### Protected Tools + +When `restrict_to_workspace: true`, the following tools are sandboxed: + +| Tool | Function | Restriction | +| ------------- | ---------------- | -------------------------------------- | +| `read_file` | Read files | Only files within workspace | +| `write_file` | Write files | Only files within workspace | +| `list_dir` | List directories | Only directories within workspace | +| `edit_file` | Edit files | Only files within workspace | +| `append_file` | Append to files | Only files within workspace | +| `exec` | Execute commands | Command paths must be within workspace | + +#### Additional Exec Protection + +Even with `restrict_to_workspace: false`, the `exec` tool blocks these dangerous commands: + +* `rm -rf`, `del /f`, `rmdir /s` — Bulk deletion +* `format`, `mkfs`, `diskpart` — Disk formatting +* `dd if=` — Disk imaging +* Writing to `/dev/sd[a-z]` — Direct disk writes +* `shutdown`, `reboot`, `poweroff` — System shutdown +* Fork bomb `:(){ :|:& };:` + +### File Access Control + +| Config Key | Type | Default | Description | +|------------|------|---------|-------------| +| `tools.allow_read_paths` | string[] | `[]` | Additional paths allowed for reading outside workspace | +| `tools.allow_write_paths` | string[] | `[]` | Additional paths allowed for writing outside workspace | + +### Exec Security + +| Config Key | Type | Default | Description | +|------------|------|---------|-------------| +| `tools.exec.allow_remote` | bool | `false` | Allow exec tool from remote channels (Telegram/Discord etc.) | +| `tools.exec.enable_deny_patterns` | bool | `true` | Enable dangerous command interception | +| `tools.exec.custom_deny_patterns` | string[] | `[]` | Custom regex patterns to block | +| `tools.exec.custom_allow_patterns` | string[] | `[]` | Custom regex patterns to allow | + +> **Security Note:** Symlink protection is enabled by default — all file paths are resolved through `filepath.EvalSymlinks` before whitelist matching, preventing symlink escape attacks. + +#### Known Limitation: Child Processes From Build Tools + +The exec safety guard only inspects the command line PicoClaw launches directly. It does not recursively inspect child +processes spawned by allowed developer tools such as `make`, `go run`, `cargo`, `npm run`, or custom build scripts. + +That means a top-level command can still compile or launch other binaries after it passes the initial guard check. In +practice, treat build scripts, Makefiles, package scripts, and generated binaries as executable code that needs the same +level of review as a direct shell command. + +For higher-risk environments: + +* Review build scripts before execution. +* Prefer approval/manual review for compile-and-run workflows. +* Run PicoClaw inside a container or VM if you need stronger isolation than the built-in guard provides. + +#### Error Examples + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (path outside working dir)} +``` + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} +``` + +#### Disabling Restrictions (Security Risk) + +If you need the agent to access paths outside the workspace: + +**Method 1: Config file** + +```json +{ + "agents": { + "defaults": { + "restrict_to_workspace": false + } + } +} +``` + +**Method 2: Environment variable** + +```bash +export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false +``` + +> ⚠️ **Warning**: Disabling this restriction allows the agent to access any path on your system. Use with caution in controlled environments only. + +#### Security Boundary Consistency + +The `restrict_to_workspace` setting applies consistently across all execution paths: + +| Execution Path | Security Boundary | +| ---------------- | ---------------------------- | +| Main Agent | `restrict_to_workspace` ✅ | +| Subagent / Spawn | Inherits same restriction ✅ | +| Heartbeat tasks | Inherits same restriction ✅ | + +All paths share the same workspace restriction — there's no way to bypass the security boundary through subagents or scheduled tasks. + +### Heartbeat (Periodic Tasks) + +PicoClaw can perform periodic tasks automatically. Create a `HEARTBEAT.md` file in your workspace: + +```markdown +# Periodic Tasks + +- Check my email for important messages +- Review my calendar for upcoming events +- Check the weather forecast +``` + +The agent will read this file every 30 minutes (configurable) and execute any tasks using available tools. + +#### Async Tasks with Spawn + +For long-running tasks (web search, API calls), use the `spawn` tool to create a **subagent**: + +```markdown +# Periodic Tasks diff --git a/docs/docker.md b/docs/docker.md new file mode 100644 index 000000000..b91a7f68d --- /dev/null +++ b/docs/docker.md @@ -0,0 +1,166 @@ +# 🐳 Docker & Quick Start Guide + +> Back to [README](../README.md) + +## 🐳 Docker Compose + +You can also run PicoClaw using Docker Compose without installing anything locally. + +```bash +# 1. Clone this repo +git clone https://github.com/sipeed/picoclaw.git +cd picoclaw + +# 2. First run — auto-generates docker/data/config.json then exits +docker compose -f docker/docker-compose.yml --profile gateway up +# The container prints "First-run setup complete." and stops. + +# 3. Set your API keys +vim docker/data/config.json # Set provider API keys, bot tokens, etc. + +# 4. Start +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +> [!TIP] +> **Docker Users**: By default, the Gateway listens on `127.0.0.1` which is not accessible from the host. If you need to access the health endpoints or expose ports, set `PICOCLAW_GATEWAY_HOST=0.0.0.0` in your environment or update `config.json`. + +```bash +# 5. Check logs +docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway + +# 6. Stop +docker compose -f docker/docker-compose.yml --profile gateway down +``` + +### Launcher Mode (Web Console) + +The `launcher` image includes all three binaries (`picoclaw`, `picoclaw-launcher`, `picoclaw-launcher-tui`) and starts the web console by default, which provides a browser-based UI for configuration and chat. + +```bash +docker compose -f docker/docker-compose.yml --profile launcher up -d +``` + +Open http://localhost:18800 in your browser. The launcher manages the gateway process automatically. + +> [!WARNING] +> The web console does not yet support authentication. Avoid exposing it to the public internet. + +### Agent Mode (One-shot) + +```bash +# Ask a question +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "What is 2+2?" + +# Interactive mode +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent +``` + +### Update + +```bash +docker compose -f docker/docker-compose.yml pull +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +### 🚀 Quick Start + +> [!TIP] +> Set your API Key in `~/.picoclaw/config.json`. Get API Keys: [Volcengine (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM). Web search is optional — get a free [Tavily API](https://tavily.com) (1000 free queries/month) or [Brave Search API](https://brave.com/search/api) (2000 free queries/month). + +**1. Initialize** + +```bash +picoclaw onboard +``` + +**2. Configure** (`~/.picoclaw/config.json`) + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model_name": "gpt-5.4", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key", + "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "your-api-key", + "request_timeout": 300 + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "your-anthropic-key" + } + ], + "tools": { + "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", + "brave": { + "enabled": false, + "api_key": "YOUR_BRAVE_API_KEY", + "max_results": 5 + }, + "tavily": { + "enabled": false, + "api_key": "YOUR_TAVILY_API_KEY", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "YOUR_PERPLEXITY_API_KEY", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://your-searxng-instance:8888", + "max_results": 5 + } + } + } +} +``` + +> **New**: The `model_list` configuration format allows zero-code provider addition. See [Model Configuration](#model-configuration-model_list) for details. +> `request_timeout` is optional and uses seconds. If omitted or set to `<= 0`, PicoClaw uses the default timeout (120s). + +**3. Get API Keys** + +* **LLM Provider**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) +* **Web Search** (optional): + * [Brave Search](https://brave.com/search/api) - Paid ($5/1000 queries, ~$5-6/month) + * [Perplexity](https://www.perplexity.ai) - AI-powered search with chat interface + * [SearXNG](https://github.com/searxng/searxng) - Self-hosted metasearch engine (free, no API key needed) + * [Tavily](https://tavily.com) - Optimized for AI Agents (1000 requests/month) + * DuckDuckGo - Built-in fallback (no API key required) + +> **Note**: See `config.example.json` for a complete configuration template. + +**4. Chat** + +```bash +picoclaw agent -m "What is 2+2?" +``` + +That's it! You have a working AI assistant in 2 minutes. + +--- diff --git a/docs/fr/chat-apps.md b/docs/fr/chat-apps.md new file mode 100644 index 000000000..03bb6e17b --- /dev/null +++ b/docs/fr/chat-apps.md @@ -0,0 +1,588 @@ +# 💬 Configuration des Applications de Chat + +> Retour au [README](../../README.fr.md) + +## 💬 Applications de Chat + +Communiquez avec votre PicoClaw via Telegram, Discord, WhatsApp, Matrix, QQ, DingTalk, LINE, WeCom, Feishu, Slack, IRC, OneBot ou MaixCam. + +> **Note** : Tous les canaux basés sur les webhooks (LINE, WeCom, etc.) sont servis sur un seul serveur HTTP Gateway partagé (`gateway.host`:`gateway.port`, par défaut `127.0.0.1:18790`). Il n'y a pas de ports par canal à configurer. Note : Feishu utilise le mode WebSocket/SDK et n'utilise pas le serveur HTTP webhook partagé. + +| Canal | Configuration | +| ------------ | -------------------------------------- | +| **Telegram** | Facile (juste un token) | +| **Discord** | Facile (bot token + intents) | +| **WhatsApp** | Facile (natif : scan QR ; ou bridge URL) | +| **Matrix** | Moyen (homeserver + bot access token) | +| **QQ** | Facile (AppID + AppSecret) | +| **DingTalk** | Moyen (identifiants de l'application) | +| **LINE** | Moyen (identifiants + webhook URL) | +| **WeCom AI Bot** | Moyen (Token + clé AES) | +| **Feishu** | Moyen (App ID + Secret, mode WebSocket) | +| **Slack** | Moyen (Bot token + App token) | +| **IRC** | Moyen (serveur + configuration TLS) | +| **OneBot** | Moyen (QQ via protocole OneBot) | +| **MaixCam** | Facile (intégration matérielle Sipeed) | +| **Pico** | Native PicoClaw protocol | + +
+Telegram (Recommandé) + +**1. Créer un bot** + +* Ouvrez Telegram, recherchez `@BotFather` +* Envoyez `/newbot`, suivez les instructions +* Copiez le token + +**2. Configurer** + +```json +{ + "channels": { + "telegram": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +> Obtenez votre identifiant utilisateur via `@userinfobot` sur Telegram. + +**3. Lancer** + +```bash +picoclaw gateway +``` + +**4. Menu de commandes Telegram (enregistré automatiquement au démarrage)** + +PicoClaw conserve les définitions de commandes dans un registre partagé unique. Au démarrage, Telegram enregistre automatiquement les commandes bot prises en charge (par exemple `/start`, `/help`, `/show`, `/list`) afin que le menu de commandes et le comportement à l'exécution restent synchronisés. +L'enregistrement du menu de commandes Telegram reste une découverte UX locale au canal ; l'exécution générique des commandes est gérée de manière centralisée dans la boucle agent via l'exécuteur de commandes. + +Si l'enregistrement des commandes échoue (erreurs transitoires réseau/API), le canal démarre quand même et PicoClaw réessaie l'enregistrement en arrière-plan. + +
+ +
+Discord + +**1. Créer un bot** + +* Allez sur +* Créez une application → Bot → Add Bot +* Copiez le token du bot + +**2. Activer les intents** + +* Dans les paramètres du Bot, activez **MESSAGE CONTENT INTENT** +* (Optionnel) Activez **SERVER MEMBERS INTENT** si vous prévoyez d'utiliser des listes d'autorisation basées sur les données des membres + +**3. Obtenir votre identifiant utilisateur** +* Paramètres Discord → Avancé → activez **Developer Mode** +* Clic droit sur votre avatar → **Copy User ID** + +**4. Configurer** + +```json +{ + "channels": { + "discord": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +**5. Inviter le bot** + +* OAuth2 → URL Generator +* Scopes : `bot` +* Bot Permissions : `Send Messages`, `Read Message History` +* Ouvrez l'URL d'invitation générée et ajoutez le bot à votre serveur + +**Mode déclenchement en groupe (optionnel)** + +Par défaut, le bot répond à tous les messages dans un canal de serveur. Pour limiter les réponses aux @mentions uniquement, ajoutez : + +```json +{ + "channels": { + "discord": { + "group_trigger": { "mention_only": true } + } + } +} +``` + +Vous pouvez également déclencher par préfixes de mots-clés (par ex. `!bot`) : + +```json +{ + "channels": { + "discord": { + "group_trigger": { "prefixes": ["!bot"] } + } + } +} +``` + +**6. Lancer** + +```bash +picoclaw gateway +``` + +
+ +
+WhatsApp (natif via whatsmeow) + +PicoClaw peut se connecter à WhatsApp de deux manières : + +- **Natif (recommandé) :** En processus via [whatsmeow](https://github.com/tulir/whatsmeow). Pas de bridge séparé. Définissez `"use_native": true` et laissez `bridge_url` vide. Au premier lancement, scannez le code QR avec WhatsApp (Appareils liés). La session est stockée dans votre workspace (par ex. `workspace/whatsapp/`). Le canal natif est **optionnel** pour garder le binaire par défaut léger ; compilez avec `-tags whatsapp_native` (par ex. `make build-whatsapp-native` ou `go build -tags whatsapp_native ./cmd/...`). +- **Bridge :** Connectez-vous à un bridge WebSocket externe. Définissez `bridge_url` (par ex. `ws://localhost:3001`) et gardez `use_native` à false. + +**Configurer (natif)** + +```json +{ + "channels": { + "whatsapp": { + "enabled": true, + "use_native": true, + "session_store_path": "", + "allow_from": [] + } + } +} +``` + +Si `session_store_path` est vide, la session est stockée dans `/whatsapp/`. Lancez `picoclaw gateway` ; au premier lancement, scannez le code QR affiché dans le terminal avec WhatsApp → Appareils liés. + +
+ +
+QQ + +**1. Créer un bot** + +- Allez sur [QQ Open Platform](https://q.qq.com/#) +- Créez une application → Obtenez **AppID** et **AppSecret** + +**2. Configurer** + +```json +{ + "channels": { + "qq": { + "enabled": true, + "app_id": "YOUR_APP_ID", + "app_secret": "YOUR_APP_SECRET", + "allow_from": [] + } + } +} +``` + +> Définissez `allow_from` vide pour autoriser tous les utilisateurs, ou spécifiez des numéros QQ pour restreindre l'accès. + +**3. Lancer** + +```bash +picoclaw gateway +``` + +
+ +
+DingTalk + +**1. Créer un bot** + +* Allez sur [Open Platform](https://open.dingtalk.com/) +* Créez une application interne +* Copiez le Client ID et le Client Secret + +**2. Configurer** + +```json +{ + "channels": { + "dingtalk": { + "enabled": true, + "client_id": "YOUR_CLIENT_ID", + "client_secret": "YOUR_CLIENT_SECRET", + "allow_from": [] + } + } +} +``` + +> Définissez `allow_from` vide pour autoriser tous les utilisateurs, ou spécifiez des identifiants DingTalk pour restreindre l'accès. + +**3. Lancer** + +```bash +picoclaw gateway +``` +
+ +
+Matrix + +**1. Préparer le compte bot** + +* Utilisez votre homeserver préféré (par ex. `https://matrix.org` ou auto-hébergé) +* Créez un utilisateur bot et obtenez son access token + +**2. Configurer** + +```json +{ + "channels": { + "matrix": { + "enabled": true, + "homeserver": "https://matrix.org", + "user_id": "@your-bot:matrix.org", + "access_token": "YOUR_MATRIX_ACCESS_TOKEN", + "allow_from": [] + } + } +} +``` + +**3. Lancer** + +```bash +picoclaw gateway +``` + +Pour toutes les options (`device_id`, `join_on_invite`, `group_trigger`, `placeholder`, `reasoning_channel_id`), voir le [Guide de Configuration du Canal Matrix](docs/channels/matrix/README.md). + +
+ +
+LINE + +**1. Créer un compte officiel LINE** + +- Allez sur [LINE Developers Console](https://developers.line.biz/) +- Créez un provider → Créez un canal Messaging API +- Copiez le **Channel Secret** et le **Channel Access Token** + +**2. Configurer** + +```json +{ + "channels": { + "line": { + "enabled": true, + "channel_secret": "YOUR_CHANNEL_SECRET", + "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN", + "webhook_path": "/webhook/line", + "allow_from": [] + } + } +} +``` + +> Le webhook LINE est servi sur le serveur Gateway partagé (`gateway.host`:`gateway.port`, par défaut `127.0.0.1:18790`). + +**3. Configurer l'URL du Webhook** + +LINE nécessite HTTPS pour les webhooks. Utilisez un reverse proxy ou un tunnel : + +```bash +# Exemple avec ngrok (le port par défaut du gateway est 18790) +ngrok http 18790 +``` + +Puis définissez l'URL du Webhook dans la console LINE Developers à `https://your-domain/webhook/line` et activez **Use webhook**. + +**4. Lancer** + +```bash +picoclaw gateway +``` + +> Dans les discussions de groupe, le bot ne répond que lorsqu'il est @mentionné. Les réponses citent le message original. + +
+ +
+WeCom (企业微信) + +PicoClaw prend en charge trois types d'intégration WeCom : + +**Option 1 : WeCom Bot (Bot)** - Configuration plus facile, prend en charge les discussions de groupe +**Option 2 : WeCom App (Application personnalisée)** - Plus de fonctionnalités, messagerie proactive, chat privé uniquement +**Option 3 : WeCom AI Bot (Bot IA)** - Bot IA officiel, réponses en streaming, prend en charge les discussions de groupe et privées + +Voir le [Guide de Configuration WeCom AI Bot](docs/channels/wecom/wecom_aibot/README.zh.md) pour les instructions détaillées. + +**Configuration rapide - WeCom Bot :** + +**1. Créer un bot** + +* Allez dans la console d'administration WeCom → Discussion de groupe → Ajouter un bot de groupe +* Copiez l'URL du webhook (format : `https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) + +**2. Configurer** + +```json +{ + "channels": { + "wecom": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", + "webhook_path": "/webhook/wecom", + "allow_from": [] + } + } +} +``` + +> Le webhook WeCom est servi sur le serveur Gateway partagé (`gateway.host`:`gateway.port`, par défaut `127.0.0.1:18790`). + +**Configuration rapide - WeCom App :** + +**1. Créer une application** + +* Allez dans la console d'administration WeCom → Gestion des applications → Créer une application +* Copiez **AgentId** et **Secret** +* Allez sur la page "Mon entreprise", copiez **CorpID** + +**2. Configurer la réception des messages** + +* Dans les détails de l'application, cliquez sur "Recevoir les messages" → "Configurer l'API" +* Définissez l'URL à `http://your-server:18790/webhook/wecom-app` +* Générez **Token** et **EncodingAESKey** + +**3. Configurer** + +```json +{ + "channels": { + "wecom_app": { + "enabled": true, + "corp_id": "wwxxxxxxxxxxxxxxxx", + "corp_secret": "YOUR_CORP_SECRET", + "agent_id": 1000002, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-app", + "allow_from": [] + } + } +} +``` + +**4. Lancer** + +```bash +picoclaw gateway +``` + +> **Note** : Les callbacks webhook WeCom sont servis sur le port Gateway (par défaut 18790). Utilisez un reverse proxy pour HTTPS. + +**Configuration rapide - WeCom AI Bot :** + +**1. Créer un AI Bot** + +* Allez dans la console d'administration WeCom → Gestion des applications → AI Bot +* Dans les paramètres du AI Bot, configurez l'URL de callback : `http://your-server:18791/webhook/wecom-aibot` +* Copiez **Token** et cliquez sur "Générer aléatoirement" pour **EncodingAESKey** + +**2. Configurer** + +```json +{ + "channels": { + "wecom_aibot": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-aibot", + "allow_from": [], + "welcome_message": "Hello! How can I help you?" + } + } +} +``` + +**3. Lancer** + +```bash +picoclaw gateway +``` + +> **Note** : WeCom AI Bot utilise le protocole streaming pull — pas de problème de timeout de réponse. Les tâches longues (>30 secondes) basculent automatiquement vers la livraison push via `response_url`. + +
+ +
+Feishu (飞书) + +**1. Créer une application** + +* Allez sur [Feishu Open Platform](https://open.feishu.cn/) +* Créez une application → Obtenez **App ID** et **App Secret** + +**2. Configurer** + +```json +{ + "channels": { + "feishu": { + "enabled": true, + "app_id": "cli_xxx", + "app_secret": "xxx", + "encrypt_key": "", + "verification_token": "", + "allow_from": [] + } + } +} +``` + +> Feishu utilise le mode WebSocket/SDK et ne nécessite pas de serveur webhook. + +**3. Lancer** + +```bash +picoclaw gateway +``` + +
+ +
+Slack + +**1. Créer une application Slack** + +* Allez sur [Slack API](https://api.slack.com/apps) +* Créez une nouvelle application +* Obtenez le **Bot Token** et l'**App Token** + +**2. Configurer** + +```json +{ + "channels": { + "slack": { + "enabled": true, + "bot_token": "xoxb-your-bot-token", + "app_token": "xapp-your-app-token", + "allow_from": [] + } + } +} +``` + +**3. Lancer** + +```bash +picoclaw gateway +``` + +
+ +
+IRC + +**1. Configurer le serveur IRC** + +* Préparez les informations de votre serveur IRC (adresse, port, canal) + +**2. Configurer** + +```json +{ + "channels": { + "irc": { + "enabled": true, + "server": "irc.example.com:6697", + "nick": "picoclaw-bot", + "channel": "#your-channel", + "use_tls": true, + "allow_from": [] + } + } +} +``` + +**3. Lancer** + +```bash +picoclaw gateway +``` + +
+ +
+OneBot + +**1. Configurer OneBot** + +* Installez une implémentation OneBot compatible (par ex. go-cqhttp, Lagrange) +* Configurez la connexion WebSocket + +**2. Configurer** + +```json +{ + "channels": { + "onebot": { + "enabled": true, + "ws_url": "ws://localhost:8080", + "allow_from": [] + } + } +} +``` + +> OneBot permet d'utiliser QQ via le protocole OneBot standard. + +**3. Lancer** + +```bash +picoclaw gateway +``` + +
+ +
+MaixCam + +**1. Préparer le matériel** + +* Obtenez un appareil [Sipeed MaixCam](https://wiki.sipeed.com/maixcam) + +**2. Configurer** + +```json +{ + "channels": { + "maixcam": { + "enabled": true, + "allow_from": [] + } + } +} +``` + +> MaixCam est une intégration matérielle Sipeed pour l'interaction IA embarquée. + +**3. Lancer** + +```bash +picoclaw gateway +``` + +
diff --git a/docs/fr/configuration.md b/docs/fr/configuration.md new file mode 100644 index 000000000..c813fe25b --- /dev/null +++ b/docs/fr/configuration.md @@ -0,0 +1,217 @@ +# ⚙️ Guide de Configuration + +> Retour au [README](../../README.fr.md) + +## ⚙️ Configuration + +Fichier de configuration : `~/.picoclaw/config.json` + +### Variables d'Environnement + +Vous pouvez remplacer les chemins par défaut à l'aide de variables d'environnement. Ceci est utile pour les installations portables, les déploiements conteneurisés ou l'exécution de PicoClaw en tant que service système. Ces variables sont indépendantes et contrôlent des chemins différents. + +| Variable | Description | Chemin par défaut | +|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| +| `PICOCLAW_CONFIG` | Remplace le chemin vers le fichier de configuration. Indique directement à PicoClaw quel `config.json` charger, en ignorant tous les autres emplacements. | `~/.picoclaw/config.json` | +| `PICOCLAW_HOME` | Remplace le répertoire racine des données PicoClaw. Change l'emplacement par défaut du `workspace` et des autres répertoires de données. | `~/.picoclaw` | + +**Exemples :** + +```bash +# Run picoclaw using a specific config file +# The workspace path will be read from within that config file +PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway + +# Run picoclaw with all its data stored in /opt/picoclaw +# Config will be loaded from the default ~/.picoclaw/config.json +# Workspace will be created at /opt/picoclaw/workspace +PICOCLAW_HOME=/opt/picoclaw picoclaw agent + +# Use both for a fully customized setup +PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway +``` + +### Structure du Workspace + +PicoClaw stocke les données dans votre workspace configuré (par défaut : `~/.picoclaw/workspace`) : + +``` +~/.picoclaw/workspace/ +├── sessions/ # Sessions de conversation et historique +├── memory/ # Mémoire à long terme (MEMORY.md) +├── state/ # État persistant (dernier canal, etc.) +├── cron/ # Base de données des tâches planifiées +├── skills/ # Compétences personnalisées +├── AGENTS.md # Guide de comportement de l'agent +├── HEARTBEAT.md # Invites de tâches périodiques (vérifiées toutes les 30 min) +├── IDENTITY.md # Identité de l'agent +├── SOUL.md # Âme de l'agent +└── USER.md # Préférences utilisateur +``` + +### Sources de Compétences + +Par défaut, les compétences sont chargées depuis : + +1. `~/.picoclaw/workspace/skills` (workspace) +2. `~/.picoclaw/skills` (global) +3. `/skills` (builtin) + +Pour les configurations avancées/de test, vous pouvez remplacer la racine des compétences builtin avec : + +```bash +export PICOCLAW_BUILTIN_SKILLS=/path/to/skills +``` + +### Politique Unifiée d'Exécution des Commandes + +- Les commandes slash génériques sont exécutées via un chemin unique dans `pkg/agent/loop.go` via `commands.Executor`. +- Les adaptateurs de canaux ne consomment plus les commandes génériques localement ; ils transmettent le texte entrant au chemin bus/agent. Telegram enregistre toujours automatiquement les commandes prises en charge au démarrage. +- Une commande slash inconnue (par exemple `/foo`) passe au traitement LLM normal. +- Une commande enregistrée mais non prise en charge sur le canal actuel (par exemple `/show` sur WhatsApp) renvoie une erreur explicite à l'utilisateur et arrête le traitement ultérieur. + +### 🔒 Sandbox de Sécurité + +PicoClaw s'exécute dans un environnement sandboxé par défaut. L'agent ne peut accéder aux fichiers et exécuter des commandes que dans le workspace configuré. + +#### Configuration par Défaut + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "restrict_to_workspace": true + } + } +} +``` + +| Option | Par défaut | Description | +| ----------------------- | ----------------------- | ------------------------------------------------- | +| `workspace` | `~/.picoclaw/workspace` | Répertoire de travail de l'agent | +| `restrict_to_workspace` | `true` | Restreindre l'accès fichiers/commandes au workspace | + +#### Outils Protégés + +Lorsque `restrict_to_workspace: true`, les outils suivants sont sandboxés : + +| Outil | Fonction | Restriction | +| ------------- | --------------------- | ---------------------------------------------- | +| `read_file` | Lire des fichiers | Uniquement les fichiers dans le workspace | +| `write_file` | Écrire des fichiers | Uniquement les fichiers dans le workspace | +| `list_dir` | Lister les répertoires| Uniquement les répertoires dans le workspace | +| `edit_file` | Modifier des fichiers | Uniquement les fichiers dans le workspace | +| `append_file` | Ajouter aux fichiers | Uniquement les fichiers dans le workspace | +| `exec` | Exécuter des commandes| Les chemins de commande doivent être dans le workspace | + +#### Protection Exec Supplémentaire + +Même avec `restrict_to_workspace: false`, l'outil `exec` bloque ces commandes dangereuses : + +* `rm -rf`, `del /f`, `rmdir /s` — Suppression en masse +* `format`, `mkfs`, `diskpart` — Formatage de disque +* `dd if=` — Imagerie de disque +* Écriture vers `/dev/sd[a-z]` — Écritures directes sur disque +* `shutdown`, `reboot`, `poweroff` — Arrêt du système +* Fork bomb `:(){ :|:& };:` + +### Contrôle d'Accès aux Fichiers + +| Clé de configuration | Type | Par défaut | Description | +|----------------------|------|------------|-------------| +| `tools.allow_read_paths` | string[] | `[]` | Chemins supplémentaires autorisés en lecture en dehors du workspace | +| `tools.allow_write_paths` | string[] | `[]` | Chemins supplémentaires autorisés en écriture en dehors du workspace | + +### Sécurité Exec + +| Clé de configuration | Type | Par défaut | Description | +|----------------------|------|------------|-------------| +| `tools.exec.allow_remote` | bool | `false` | Autoriser l'outil exec depuis les canaux distants (Telegram/Discord etc.) | +| `tools.exec.enable_deny_patterns` | bool | `true` | Activer l'interception des commandes dangereuses | +| `tools.exec.custom_deny_patterns` | string[] | `[]` | Patterns regex personnalisés à bloquer | +| `tools.exec.custom_allow_patterns` | string[] | `[]` | Patterns regex personnalisés à autoriser | + +> **Note de sécurité :** La protection Symlink est activée par défaut — tous les chemins de fichiers sont résolus via `filepath.EvalSymlinks` avant la correspondance avec la liste blanche, empêchant les attaques d'évasion par symlink. + +#### Limitation Connue : Processus Enfants des Outils de Build + +Le garde de sécurité exec n'inspecte que la ligne de commande lancée directement par PicoClaw. Il n'inspecte pas récursivement les processus enfants générés par les outils de développement autorisés tels que `make`, `go run`, `cargo`, `npm run` ou les scripts de build personnalisés. + +Cela signifie qu'une commande de niveau supérieur peut toujours compiler ou lancer d'autres binaires après avoir passé la vérification initiale du garde. En pratique, traitez les scripts de build, les Makefiles, les scripts de packages et les binaires générés comme du code exécutable nécessitant le même niveau de revue qu'une commande shell directe. + +Pour les environnements à haut risque : + +* Examinez les scripts de build avant l'exécution. +* Préférez l'approbation/revue manuelle pour les workflows de compilation et d'exécution. +* Exécutez PicoClaw dans un conteneur ou une VM si vous avez besoin d'une isolation plus forte que celle fournie par le garde intégré. + +#### Exemples d'Erreurs + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (path outside working dir)} +``` + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} +``` + +#### Désactiver les Restrictions (Risque de Sécurité) + +Si vous avez besoin que l'agent accède à des chemins en dehors du workspace : + +**Méthode 1 : Fichier de configuration** + +```json +{ + "agents": { + "defaults": { + "restrict_to_workspace": false + } + } +} +``` + +**Méthode 2 : Variable d'environnement** + +```bash +export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false +``` + +> ⚠️ **Avertissement** : Désactiver cette restriction permet à l'agent d'accéder à n'importe quel chemin sur votre système. À utiliser avec précaution dans des environnements contrôlés uniquement. + +#### Cohérence des Limites de Sécurité + +Le paramètre `restrict_to_workspace` s'applique de manière cohérente à tous les chemins d'exécution : + +| Chemin d'exécution | Limite de sécurité | +| ------------------ | -------------------------------- | +| Main Agent | `restrict_to_workspace` ✅ | +| Subagent / Spawn | Hérite de la même restriction ✅ | +| Heartbeat tasks | Hérite de la même restriction ✅ | + +Tous les chemins partagent la même restriction de workspace — il n'y a aucun moyen de contourner la limite de sécurité via les subagents ou les tâches planifiées. + +### Heartbeat (Tâches Périodiques) + +PicoClaw peut effectuer des tâches périodiques automatiquement. Créez un fichier `HEARTBEAT.md` dans votre workspace : + +```markdown +# Periodic Tasks + +- Check my email for important messages +- Review my calendar for upcoming events +- Check the weather forecast +``` + +L'agent lira ce fichier toutes les 30 minutes (configurable) et exécutera toutes les tâches en utilisant les outils disponibles. + +#### Tâches Asynchrones avec Spawn + +Pour les tâches longues (recherche web, appels API), utilisez l'outil `spawn` pour créer un **subagent** : + +```markdown +# Periodic Tasks +``` diff --git a/docs/fr/docker.md b/docs/fr/docker.md new file mode 100644 index 000000000..f17ec355d --- /dev/null +++ b/docs/fr/docker.md @@ -0,0 +1,166 @@ +# 🐳 Docker et Démarrage Rapide + +> Retour au [README](../../README.fr.md) + +## 🐳 Docker Compose + +Vous pouvez également exécuter PicoClaw avec Docker Compose sans rien installer localement. + +```bash +# 1. Cloner ce dépôt +git clone https://github.com/sipeed/picoclaw.git +cd picoclaw + +# 2. Premier lancement — génère automatiquement docker/data/config.json puis s'arrête +docker compose -f docker/docker-compose.yml --profile gateway up +# Le conteneur affiche "First-run setup complete." et s'arrête. + +# 3. Configurer vos clés API +vim docker/data/config.json # Set provider API keys, bot tokens, etc. + +# 4. Démarrer +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +> [!TIP] +> **Utilisateurs Docker** : Par défaut, le Gateway écoute sur `127.0.0.1`, ce qui n'est pas accessible depuis l'hôte. Si vous devez accéder aux endpoints de santé ou exposer des ports, définissez `PICOCLAW_GATEWAY_HOST=0.0.0.0` dans votre environnement ou mettez à jour `config.json`. + +```bash +# 5. Vérifier les logs +docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway + +# 6. Arrêter +docker compose -f docker/docker-compose.yml --profile gateway down +``` + +### Mode Launcher (Console Web) + +L'image `launcher` inclut les trois binaires (`picoclaw`, `picoclaw-launcher`, `picoclaw-launcher-tui`) et démarre la console web par défaut, qui fournit une interface navigateur pour la configuration et le chat. + +```bash +docker compose -f docker/docker-compose.yml --profile launcher up -d +``` + +Ouvrez http://localhost:18800 dans votre navigateur. Le launcher gère automatiquement le processus gateway. + +> [!WARNING] +> La console web ne prend pas encore en charge l'authentification. Évitez de l'exposer sur Internet public. + +### Mode Agent (One-shot) + +```bash +# Poser une question +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "What is 2+2?" + +# Mode interactif +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent +``` + +### Mise à jour + +```bash +docker compose -f docker/docker-compose.yml pull +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +### 🚀 Démarrage Rapide + +> [!TIP] +> Configurez votre clé API dans `~/.picoclaw/config.json`. Obtenir des clés API : [Volcengine (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM). La recherche web est optionnelle — obtenez gratuitement une [API Tavily](https://tavily.com) (1000 requêtes gratuites/mois) ou une [API Brave Search](https://brave.com/search/api) (2000 requêtes gratuites/mois). + +**1. Initialiser** + +```bash +picoclaw onboard +``` + +**2. Configurer** (`~/.picoclaw/config.json`) + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model_name": "gpt-5.4", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key", + "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "your-api-key", + "request_timeout": 300 + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "your-anthropic-key" + } + ], + "tools": { + "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", + "brave": { + "enabled": false, + "api_key": "YOUR_BRAVE_API_KEY", + "max_results": 5 + }, + "tavily": { + "enabled": false, + "api_key": "YOUR_TAVILY_API_KEY", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "YOUR_PERPLEXITY_API_KEY", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://your-searxng-instance:8888", + "max_results": 5 + } + } + } +} +``` + +> **Nouveau** : Le format de configuration `model_list` permet l'ajout de fournisseurs sans modification de code. Voir [Configuration des Modèles](#configuration-des-modèles-model_list) pour plus de détails. +> `request_timeout` est optionnel et utilise les secondes. S'il est omis ou défini à `<= 0`, PicoClaw utilise le timeout par défaut (120s). + +**3. Obtenir des clés API** + +* **Fournisseur LLM** : [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) +* **Recherche Web** (optionnel) : + * [Brave Search](https://brave.com/search/api) - Payant ($5/1000 requêtes, ~$5-6/mois) + * [Perplexity](https://www.perplexity.ai) - Recherche alimentée par l'IA avec interface de chat + * [SearXNG](https://github.com/searxng/searxng) - Métamoteur auto-hébergé (gratuit, pas de clé API nécessaire) + * [Tavily](https://tavily.com) - Optimisé pour les agents IA (1000 requêtes/mois) + * DuckDuckGo - Solution de repli intégrée (pas de clé API requise) + +> **Note** : Voir `config.example.json` pour un modèle de configuration complet. + +**4. Discuter** + +```bash +picoclaw agent -m "What is 2+2?" +``` + +C'est tout ! Vous avez un assistant IA fonctionnel en 2 minutes. + +--- diff --git a/docs/fr/providers.md b/docs/fr/providers.md new file mode 100644 index 000000000..b0b950a44 --- /dev/null +++ b/docs/fr/providers.md @@ -0,0 +1,434 @@ +# 🔌 Fournisseurs et Configuration des Modèles + +> Retour au [README](../../README.fr.md) + +### Fournisseurs + +> [!NOTE] +> Groq fournit la transcription vocale gratuite via Whisper. Si configuré, les messages audio de n'importe quel canal seront automatiquement transcrits au niveau de l'agent. + +| Provider | Purpose | Get API Key | +| ------------ | --------------------------------------- | ------------------------------------------------------------ | +| `gemini` | LLM (Gemini direct) | [aistudio.google.com](https://aistudio.google.com) | +| `zhipu` | LLM (Zhipu direct) | [bigmodel.cn](https://bigmodel.cn) | +| `volcengine` | LLM (Volcengine direct) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| `openrouter` | LLM (recommended, access to all models) | [openrouter.ai](https://openrouter.ai) | +| `anthropic` | LLM (Claude direct) | [console.anthropic.com](https://console.anthropic.com) | +| `openai` | LLM (GPT direct) | [platform.openai.com](https://platform.openai.com) | +| `deepseek` | LLM (DeepSeek direct) | [platform.deepseek.com](https://platform.deepseek.com) | +| `qwen` | LLM (Qwen direct) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) | +| `groq` | LLM + **Voice transcription** (Whisper) | [console.groq.com](https://console.groq.com) | +| `cerebras` | LLM (Cerebras direct) | [cerebras.ai](https://cerebras.ai) | +| `vivgrid` | LLM (Vivgrid direct) | [vivgrid.com](https://vivgrid.com) | +| `moonshot` | LLM (Kimi/Moonshot direct) | [platform.moonshot.cn](https://platform.moonshot.cn) | +| `minimax` | LLM (Minimax direct) | [platform.minimaxi.com](https://platform.minimaxi.com) | +| `avian` | LLM (Avian direct) | [avian.io](https://avian.io) | +| `mistral` | LLM (Mistral direct) | [console.mistral.ai](https://console.mistral.ai) | +| `longcat` | LLM (Longcat direct) | [longcat.ai](https://longcat.ai) | +| `modelscope` | LLM (ModelScope direct) | [modelscope.cn](https://modelscope.cn) | + +### Configuration des Modèles (model_list) + +> **Nouveauté** PicoClaw utilise désormais une approche de configuration **centrée sur le modèle**. Spécifiez simplement le format `vendor/model` (par ex. `zhipu/glm-4.7`) pour ajouter de nouveaux fournisseurs — **aucune modification de code requise !** + +Cette conception permet également le **support multi-agents** avec une sélection flexible de fournisseurs : + +- **Différents agents, différents fournisseurs** : Chaque agent peut utiliser son propre fournisseur LLM +- **Modèles de repli** : Configurez des modèles principaux et de repli pour la résilience +- **Répartition de charge** : Distribuez les requêtes entre plusieurs endpoints +- **Configuration centralisée** : Gérez tous les fournisseurs en un seul endroit + +#### 📋 Tous les Vendors Supportés + +| Vendor | `model` Prefix | Default API Base | Protocol | API Key | +| ------------------- | ----------------- |-----------------------------------------------------| --------- | ---------------------------------------------------------------- | +| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Get Key](https://platform.openai.com) | +| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Get Key](https://console.anthropic.com) | +| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Get Key](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | +| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Get Key](https://platform.deepseek.com) | +| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Get Key](https://aistudio.google.com/api-keys) | +| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Get Key](https://console.groq.com) | +| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [Get Key](https://platform.moonshot.cn) | +| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Get Key](https://dashscope.console.aliyun.com) | +| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [Get Key](https://build.nvidia.com) | +| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (no key needed) | +| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Get Key](https://openrouter.ai/keys) | +| **LiteLLM Proxy** | `litellm/` | `http://localhost:4000/v1` | OpenAI | Your LiteLLM proxy key | +| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | Local | +| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [Get Key](https://cerebras.ai) | +| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Get Key](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| **神算云** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | +| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [Get Key](https://www.byteplus.com) | +| **Vivgrid** | `vivgrid/` | `https://api.vivgrid.com/v1` | OpenAI | [Get Key](https://vivgrid.com) | +| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [Get Key](https://longcat.chat/platform) | +| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [Get Token](https://modelscope.cn/my/tokens) | +| **Antigravity** | `antigravity/` | Google Cloud | Custom | OAuth only | +| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | + +#### Configuration de Base + +```json +{ + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-your-openai-key" + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" + }, + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-zhipu-key" + } + ], + "agents": { + "defaults": { + "model": "gpt-5.4" + } + } +} +``` + +#### Exemples par Vendor + +**OpenAI** + +```json +{ + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-..." +} +``` + +**VolcEngine (Doubao)** + +```json +{ + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-..." +} +``` + +**智谱 AI (GLM)** + +```json +{ + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" +} +``` + +**DeepSeek** + +```json +{ + "model_name": "deepseek-chat", + "model": "deepseek/deepseek-chat", + "api_key": "sk-..." +} +``` + +**Anthropic (avec clé API)** + +```json +{ + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" +} +``` + +> Exécutez `picoclaw auth login --provider anthropic` pour coller votre token API. + +**API Anthropic Messages (format natif)** + +Pour l'accès direct à l'API Anthropic ou les endpoints personnalisés qui ne prennent en charge que le format de message natif d'Anthropic : + +```json +{ + "model_name": "claude-opus-4-6", + "model": "anthropic-messages/claude-opus-4-6", + "api_key": "sk-ant-your-key", + "api_base": "https://api.anthropic.com" +} +``` + +> Utilisez le protocole `anthropic-messages` lorsque : +> - Vous utilisez des proxys tiers qui ne prennent en charge que l'endpoint natif `/v1/messages` d'Anthropic (pas le format compatible OpenAI `/v1/chat/completions`) +> - Vous vous connectez à des services comme MiniMax, Synthetic qui nécessitent le format de message natif d'Anthropic +> - Le protocole `anthropic` existant renvoie des erreurs 404 (indiquant que l'endpoint ne prend pas en charge le format compatible OpenAI) +> +> **Note :** Le protocole `anthropic` utilise le format compatible OpenAI (`/v1/chat/completions`), tandis que `anthropic-messages` utilise le format natif d'Anthropic (`/v1/messages`). Choisissez en fonction du format pris en charge par votre endpoint. + +**Ollama (local)** + +```json +{ + "model_name": "llama3", + "model": "ollama/llama3" +} +``` + +**Proxy/API Personnalisé** + +```json +{ + "model_name": "my-custom-model", + "model": "openai/custom-model", + "api_base": "https://my-proxy.com/v1", + "api_key": "sk-...", + "request_timeout": 300 +} +``` + +**LiteLLM Proxy** + +```json +{ + "model_name": "lite-gpt4", + "model": "litellm/lite-gpt4", + "api_base": "http://localhost:4000/v1", + "api_key": "sk-..." +} +``` + +PicoClaw ne supprime que le préfixe externe `litellm/` avant d'envoyer la requête, donc les alias de proxy comme `litellm/lite-gpt4` envoient `lite-gpt4`, tandis que `litellm/openai/gpt-4o` envoie `openai/gpt-4o`. + +#### Répartition de Charge + +Configurez plusieurs endpoints pour le même nom de modèle — PicoClaw effectuera automatiquement un round-robin entre eux : + +```json +{ + "model_list": [ + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api1.example.com/v1", + "api_key": "sk-key1" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api2.example.com/v1", + "api_key": "sk-key2" + } + ] +} +``` + +#### Migration depuis l'Ancienne Configuration `providers` + +L'ancienne configuration `providers` est **dépréciée** mais toujours prise en charge pour la compatibilité ascendante. + +**Ancienne configuration (dépréciée) :** + +```json +{ + "providers": { + "zhipu": { + "api_key": "your-key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + }, + "agents": { + "defaults": { + "provider": "zhipu", + "model": "glm-4.7" + } + } +} +``` + +**Nouvelle configuration (recommandée) :** + +```json +{ + "model_list": [ + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" + } + ], + "agents": { + "defaults": { + "model": "glm-4.7" + } + } +} +``` + +Pour un guide de migration détaillé, voir [docs/migration/model-list-migration.md](docs/migration/model-list-migration.md). + +### Architecture des Fournisseurs + +PicoClaw route les fournisseurs par famille de protocoles : + +- Protocole compatible OpenAI : OpenRouter, passerelles compatibles OpenAI, Groq, Zhipu et endpoints de type vLLM. +- Protocole Anthropic : Comportement natif de l'API Claude. +- Chemin Codex/OAuth : Route d'authentification OAuth/token OpenAI. + +Cela maintient le runtime léger tout en faisant des nouveaux backends compatibles OpenAI principalement une opération de configuration (`api_base` + `api_key`). + +
+Zhipu + +**1. Obtenir la clé API et l'URL de base** + +* Obtenir la [clé API](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) + +**2. Configurer** + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model": "glm-4.7", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "providers": { + "zhipu": { + "api_key": "Your API Key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + } +} +``` + +**3. Lancer** + +```bash +picoclaw agent -m "Hello" +``` + +
+ +
+Exemple de configuration complète + +```json +{ + "agents": { + "defaults": { + "model": "anthropic/claude-opus-4-5" + } + }, + "session": { + "dm_scope": "per-channel-peer", + "backlog_limit": 20 + }, + "providers": { + "openrouter": { + "api_key": "sk-or-v1-xxx" + }, + "groq": { + "api_key": "gsk_xxx" + } + }, + "channels": { + "telegram": { + "enabled": true, + "token": "123456:ABC...", + "allow_from": ["123456789"] + }, + "discord": { + "enabled": true, + "token": "", + "allow_from": [""] + }, + "whatsapp": { + "enabled": false, + "bridge_url": "ws://localhost:3001", + "use_native": false, + "session_store_path": "", + "allow_from": [] + }, + "feishu": { + "enabled": false, + "app_id": "cli_xxx", + "app_secret": "xxx", + "encrypt_key": "", + "verification_token": "", + "allow_from": [] + }, + "qq": { + "enabled": false, + "app_id": "", + "app_secret": "", + "allow_from": [] + } + }, + "tools": { + "web": { + "brave": { + "enabled": false, + "api_key": "BSA...", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://localhost:8888", + "max_results": 5 + } + }, + "cron": { + "exec_timeout_minutes": 5 + } + }, + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +
+ +--- + +## 📝 Comparaison des Clés API + +| Service | Pricing | Use Case | +| ---------------- | ------------------------ | ------------------------------------- | +| **OpenRouter** | Free: 200K tokens/month | Multiple models (Claude, GPT-4, etc.) | +| **Volcengine CodingPlan** | ¥9.9/first month | Best for Chinese users, multiple SOTA models (Doubao, DeepSeek, etc.) | +| **Zhipu** | Free: 200K tokens/month | Suitable for Chinese users | +| **Brave Search** | $5/1000 queries | Web search functionality | +| **SearXNG** | Free (self-hosted) | Privacy-focused metasearch (70+ engines) | +| **Groq** | Free tier available | Fast inference (Llama, Mixtral) | +| **Cerebras** | Free tier available | Fast inference (Llama, Qwen, etc.) | +| **LongCat** | Free: up to 5M tokens/day | Fast inference | +| **ModelScope** | Free: 2000 requests/day | Inference (Qwen, GLM, DeepSeek, etc.) | + +--- + +
+ PicoClaw Meme +
diff --git a/docs/fr/spawn-tasks.md b/docs/fr/spawn-tasks.md new file mode 100644 index 000000000..5635cd645 --- /dev/null +++ b/docs/fr/spawn-tasks.md @@ -0,0 +1,61 @@ +# 🔄 Tâches Asynchrones et Spawn + +> Retour au [README](../../README.fr.md) + +## Tâches Rapides (réponse directe) + +- Rapporter l'heure actuelle + +## Tâches Longues (utiliser spawn pour l'asynchrone) + +- Rechercher sur le web des actualités IA et résumer +- Vérifier les emails et rapporter les messages importants +``` + +**Comportements clés :** + +| Fonctionnalité | Description | +| ----------------------- | --------------------------------------------------------------- | +| **spawn** | Crée un subagent asynchrone, ne bloque pas le heartbeat | +| **Independent context** | Le subagent a son propre contexte, pas d'historique de session | +| **message tool** | Le subagent communique directement avec l'utilisateur via l'outil message | +| **Non-blocking** | Après le spawn, le heartbeat continue à la tâche suivante | + +#### Fonctionnement de la Communication du Subagent + +``` +Heartbeat se déclenche + ↓ +L'agent lit HEARTBEAT.md + ↓ +Pour une tâche longue : spawn subagent + ↓ ↓ +Continue à la tâche suivante Le subagent travaille indépendamment + ↓ ↓ +Toutes les tâches terminées Le subagent utilise l'outil "message" + ↓ ↓ +Répond HEARTBEAT_OK L'utilisateur reçoit le résultat directement +``` + +Le subagent a accès aux outils (message, web_search, etc.) et peut communiquer avec l'utilisateur indépendamment sans passer par l'agent principal. + +**Configuration :** + +```json +{ + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +| Option | Par défaut | Description | +| ---------- | ---------- | ---------------------------------------------- | +| `enabled` | `true` | Activer/désactiver le heartbeat | +| `interval` | `30` | Intervalle de vérification en minutes (min: 5) | + +**Variables d'environnement :** + +* `PICOCLAW_HEARTBEAT_ENABLED=false` pour désactiver +* `PICOCLAW_HEARTBEAT_INTERVAL=60` pour changer l'intervalle diff --git a/docs/fr/tools_configuration.md b/docs/fr/tools_configuration.md new file mode 100644 index 000000000..15573fc30 --- /dev/null +++ b/docs/fr/tools_configuration.md @@ -0,0 +1,336 @@ +# 🔧 Configuration des Outils + +> Retour au [README](../../README.fr.md) + +La configuration des outils de PicoClaw se trouve dans le champ `tools` de `config.json`. + +## Structure du répertoire + +```json +{ + "tools": { + "web": { + ... + }, + "mcp": { + ... + }, + "exec": { + ... + }, + "cron": { + ... + }, + "skills": { + ... + } + } +} +``` + +## Outils Web + +Les outils web sont utilisés pour la recherche et la récupération de pages web. + +### Web Fetcher +Paramètres généraux pour la récupération et le traitement du contenu des pages web. + +| Config | Type | Par défaut | Description | +|---------------------|--------|---------------|-----------------------------------------------------------------------------------------------| +| `enabled` | bool | true | Activer la capacité de récupération de pages web. | +| `fetch_limit_bytes` | int | 10485760 | Taille maximale du contenu de la page web à récupérer, en octets (par défaut 10 Mo). | +| `format` | string | "plaintext" | Format de sortie du contenu récupéré. Options : `plaintext` ou `markdown` (recommandé). | + +### Brave + +| Config | Type | Par défaut | Description | +|---------------|--------|------------|---------------------------| +| `enabled` | bool | false | Activer la recherche Brave | +| `api_key` | string | - | Clé API Brave Search | +| `max_results` | int | 5 | Nombre maximum de résultats | + +### DuckDuckGo + +| Config | Type | Par défaut | Description | +|---------------|------|------------|--------------------------------| +| `enabled` | bool | true | Activer la recherche DuckDuckGo | +| `max_results` | int | 5 | Nombre maximum de résultats | + +### Perplexity + +| Config | Type | Par défaut | Description | +|---------------|--------|------------|--------------------------------| +| `enabled` | bool | false | Activer la recherche Perplexity | +| `api_key` | string | - | Clé API Perplexity | +| `max_results` | int | 5 | Nombre maximum de résultats | + +## Outil Exec + +L'outil exec est utilisé pour exécuter des commandes shell. + +| Config | Type | Par défaut | Description | +|------------------------|-------|------------|------------------------------------------------| +| `enable_deny_patterns` | bool | true | Activer le blocage par défaut des commandes dangereuses | +| `custom_deny_patterns` | array | [] | Modèles de refus personnalisés (expressions régulières) | + +### Fonctionnalité + +- **`enable_deny_patterns`** : Définir à `false` pour désactiver complètement les modèles de blocage par défaut des commandes dangereuses +- **`custom_deny_patterns`** : Ajouter des modèles regex de refus personnalisés ; les commandes correspondantes seront bloquées + +### Modèles de commandes bloquées par défaut + +Par défaut, PicoClaw bloque les commandes dangereuses suivantes : + +- Commandes de suppression : `rm -rf`, `del /f/q`, `rmdir /s` +- Opérations disque : `format`, `mkfs`, `diskpart`, `dd if=`, écriture vers `/dev/sd*` +- Opérations système : `shutdown`, `reboot`, `poweroff` +- Substitution de commandes : `$()`, `${}`, backticks +- Pipe vers shell : `| sh`, `| bash` +- Élévation de privilèges : `sudo`, `chmod`, `chown` +- Contrôle de processus : `pkill`, `killall`, `kill -9` +- Opérations distantes : `curl | sh`, `wget | sh`, `ssh` +- Gestion de paquets : `apt`, `yum`, `dnf`, `npm install -g`, `pip install --user` +- Conteneurs : `docker run`, `docker exec` +- Git : `git push`, `git force` +- Autres : `eval`, `source *.sh` + +### Limitation architecturale connue + +Le garde exec ne valide que la commande de niveau supérieur envoyée à PicoClaw. Il n'inspecte **pas** récursivement les processus enfants générés par les outils de build ou les scripts après le démarrage de cette commande. + +Exemples de workflows pouvant contourner le garde de commande directe une fois la commande initiale autorisée : + +- `make run` +- `go run ./cmd/...` +- `cargo run` +- `npm run build` + +Cela signifie que le garde est utile pour bloquer les commandes directes manifestement dangereuses, mais ce n'est **pas** un bac à sable complet pour les pipelines de build non vérifiés. Si votre modèle de menace inclut du code non fiable dans l'espace de travail, utilisez une isolation plus forte comme des conteneurs, des VM ou un flux d'approbation autour des commandes de build et d'exécution. + +### Exemple de configuration + +```json +{ + "tools": { + "exec": { + "enable_deny_patterns": true, + "custom_deny_patterns": [ + "\\brm\\s+-r\\b", + "\\bkillall\\s+python" + ] + } + } +} +``` + +## Outil Cron + +L'outil cron est utilisé pour planifier des tâches périodiques. + +| Config | Type | Par défaut | Description | +|------------------------|------|------------|----------------------------------------------------| +| `exec_timeout_minutes` | int | 5 | Délai d'expiration en minutes, 0 signifie sans limite | + +## Outil MCP + +L'outil MCP permet l'intégration avec des serveurs Model Context Protocol externes. + +### Découverte d'outils (chargement paresseux) + +Lors de la connexion à plusieurs serveurs MCP, exposer simultanément des centaines d'outils peut épuiser la fenêtre de contexte du LLM et augmenter les coûts API. La fonctionnalité **Discovery** résout ce problème en gardant les outils MCP *masqués* par défaut. + +Au lieu de charger tous les outils, le LLM reçoit un outil de recherche léger (utilisant la correspondance par mots-clés BM25 ou les expressions régulières). Lorsque le LLM a besoin d'une capacité spécifique, il recherche dans la bibliothèque masquée. Les outils correspondants sont alors temporairement « déverrouillés » et injectés dans le contexte pour un nombre configuré de tours (`ttl`). + +### Configuration globale + +| Config | Type | Par défaut | Description | +|-------------|--------|------------|----------------------------------------------| +| `enabled` | bool | false | Activer l'intégration MCP globalement | +| `discovery` | object | `{}` | Configuration de la découverte d'outils (voir ci-dessous) | +| `servers` | object | `{}` | Mappage du nom de serveur à la configuration du serveur | + +### Configuration Discovery (`discovery`) + +| Config | Type | Par défaut | Description | +|----------------------|------|------------|-----------------------------------------------------------------------------------------------------------------------------------| +| `enabled` | bool | false | Si true, les outils MCP sont masqués et chargés à la demande via la recherche. Si false, tous les outils sont chargés | +| `ttl` | int | 5 | Nombre de tours de conversation pendant lesquels un outil découvert reste déverrouillé | +| `max_search_results` | int | 5 | Nombre maximum d'outils retournés par requête de recherche | +| `use_bm25` | bool | true | Activer l'outil de recherche par langage naturel/mots-clés (`tool_search_tool_bm25`). **Attention** : consomme plus de ressources que la recherche regex | +| `use_regex` | bool | false | Activer l'outil de recherche par motif regex (`tool_search_tool_regex`) | + +> **Note :** Si `discovery.enabled` est `true`, vous **devez** activer au moins un moteur de recherche (`use_bm25` ou `use_regex`), +> sinon l'application ne démarrera pas. + +### Configuration par serveur + +| Config | Type | Requis | Description | +|------------|--------|----------|--------------------------------------------| +| `enabled` | bool | oui | Activer ce serveur MCP | +| `type` | string | non | Type de transport : `stdio`, `sse`, `http` | +| `command` | string | stdio | Commande exécutable pour le transport stdio | +| `args` | array | non | Arguments de commande pour le transport stdio | +| `env` | object | non | Variables d'environnement pour le processus stdio | +| `env_file` | string | non | Chemin vers le fichier d'environnement pour le processus stdio | +| `url` | string | sse/http | URL du point de terminaison pour le transport `sse`/`http` | +| `headers` | object | non | En-têtes HTTP pour le transport `sse`/`http` | + +### Comportement du transport + +- Si `type` est omis, le transport est détecté automatiquement : + - `url` est défini → `sse` + - `command` est défini → `stdio` +- `http` et `sse` utilisent tous deux `url` + `headers` optionnels. +- `env` et `env_file` ne sont appliqués qu'aux serveurs `stdio`. + +### Exemples de configuration + +#### 1) Serveur MCP Stdio + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "servers": { + "filesystem": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-filesystem", + "/tmp" + ] + } + } + } + } +} +``` + +#### 2) Serveur MCP distant SSE/HTTP + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "servers": { + "remote-mcp": { + "enabled": true, + "type": "sse", + "url": "https://example.com/mcp", + "headers": { + "Authorization": "Bearer YOUR_TOKEN" + } + } + } + } + } +} +``` + +#### 3) Configuration MCP massive avec découverte d'outils activée + +*Dans cet exemple, le LLM ne verra que `tool_search_tool_bm25`. Il recherchera et déverrouillera dynamiquement les outils Github ou Postgres uniquement lorsque l'utilisateur le demande.* + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "discovery": { + "enabled": true, + "ttl": 5, + "max_search_results": 5, + "use_bm25": true, + "use_regex": false + }, + "servers": { + "github": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-github" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "YOUR_GITHUB_TOKEN" + } + }, + "postgres": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-postgres", + "postgresql://user:password@localhost/dbname" + ] + }, + "slack": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-slack" + ], + "env": { + "SLACK_BOT_TOKEN": "YOUR_SLACK_BOT_TOKEN", + "SLACK_TEAM_ID": "YOUR_SLACK_TEAM_ID" + } + } + } + } + } +} +``` + +## Outil Skills + +L'outil skills configure la découverte et l'installation de compétences via des registres comme ClawHub. + +### Registres + +| Config | Type | Par défaut | Description | +|------------------------------------|--------|----------------------|----------------------------------------------| +| `registries.clawhub.enabled` | bool | true | Activer le registre ClawHub | +| `registries.clawhub.base_url` | string | `https://clawhub.ai` | URL de base ClawHub | +| `registries.clawhub.auth_token` | string | `""` | Jeton Bearer optionnel pour des limites de débit plus élevées | +| `registries.clawhub.search_path` | string | `/api/v1/search` | Chemin de l'API de recherche | +| `registries.clawhub.skills_path` | string | `/api/v1/skills` | Chemin de l'API Skills | +| `registries.clawhub.download_path` | string | `/api/v1/download` | Chemin de l'API de téléchargement | + +### Exemple de configuration + +```json +{ + "tools": { + "skills": { + "registries": { + "clawhub": { + "enabled": true, + "base_url": "https://clawhub.ai", + "auth_token": "", + "search_path": "/api/v1/search", + "skills_path": "/api/v1/skills", + "download_path": "/api/v1/download" + } + } + } + } +} +``` + +## Variables d'environnement + +Toutes les options de configuration peuvent être remplacées via des variables d'environnement au format `PICOCLAW_TOOLS_
_` : + +Par exemple : + +- `PICOCLAW_TOOLS_WEB_BRAVE_ENABLED=true` +- `PICOCLAW_TOOLS_EXEC_ENABLE_DENY_PATTERNS=false` +- `PICOCLAW_TOOLS_CRON_EXEC_TIMEOUT_MINUTES=10` +- `PICOCLAW_TOOLS_MCP_ENABLED=true` + +Note : La configuration de type map imbriquée (par exemple `tools.mcp.servers..*`) est configurée dans `config.json` plutôt que via des variables d'environnement. diff --git a/docs/fr/troubleshooting.md b/docs/fr/troubleshooting.md new file mode 100644 index 000000000..bfe8901ef --- /dev/null +++ b/docs/fr/troubleshooting.md @@ -0,0 +1,45 @@ +# 🐛 Dépannage + +> Retour au [README](../../README.fr.md) + +## "model ... not found in model_list" ou OpenRouter "free is not a valid model ID" + +**Symptôme :** Vous voyez l'une des erreurs suivantes : + +- `Error creating provider: model "openrouter/free" not found in model_list` +- OpenRouter retourne 400 : `"free is not a valid model ID"` + +**Cause :** Le champ `model` dans votre entrée `model_list` est ce qui est envoyé à l'API. Pour OpenRouter, vous devez utiliser l'identifiant de modèle **complet**, pas un raccourci. + +- **Incorrect :** `"model": "free"` → OpenRouter reçoit `free` et le rejette. +- **Correct :** `"model": "openrouter/free"` → OpenRouter reçoit `openrouter/free` (routage automatique du niveau gratuit). + +**Correction :** Dans `~/.picoclaw/config.json` (ou votre chemin de configuration) : + +1. **agents.defaults.model** doit correspondre à un `model_name` dans `model_list` (par ex. `"openrouter-free"`). +2. Le **model** de cette entrée doit être un identifiant de modèle OpenRouter valide, par exemple : + - `"openrouter/free"` – niveau gratuit automatique + - `"google/gemini-2.0-flash-exp:free"` + - `"meta-llama/llama-3.1-8b-instruct:free"` + +Exemple : + +```json +{ + "agents": { + "defaults": { + "model": "openrouter-free" + } + }, + "model_list": [ + { + "model_name": "openrouter-free", + "model": "openrouter/free", + "api_key": "sk-or-v1-YOUR_OPENROUTER_KEY", + "api_base": "https://openrouter.ai/api/v1" + } + ] +} +``` + +Obtenez votre clé sur [OpenRouter Keys](https://openrouter.ai/keys). diff --git a/docs/ja/chat-apps.md b/docs/ja/chat-apps.md new file mode 100644 index 000000000..6d01c817b --- /dev/null +++ b/docs/ja/chat-apps.md @@ -0,0 +1,574 @@ +# 💬 チャットアプリ設定 + +> [README](../../README.ja.md) に戻る + +## 💬 チャットアプリ連携 + +PicoClaw は複数のチャットプラットフォームをサポートしており、Agent をどこにでも接続できます。 + +> **注意**: すべての Webhook ベースのチャネル(LINE、WeCom など)は、共有 Gateway HTTP サーバー(`gateway.host`:`gateway.port`、デフォルト `127.0.0.1:18790`)上で提供されます。チャネルごとにポートを設定する必要はありません。注意:飛書(Feishu)は WebSocket/SDK モードを使用し、共有 HTTP Webhook サーバーは使用しません。 + +### チャネル一覧 + +| チャネル | セットアップ難易度 | 特徴 | ドキュメント | +| -------------------- | ------------------ | ----------------------------------------- | --------------------------------------------------------------------------------------------------------------- | +| **Telegram** | ⭐ 簡単 | 推奨、音声テキスト変換対応、ロングポーリング(公開 IP 不要) | [ドキュメント](../channels/telegram/README.zh.md) | +| **Discord** | ⭐ 簡単 | Socket Mode、グループ/DM 対応、Bot エコシステム充実 | [ドキュメント](../channels/discord/README.zh.md) | +| **WhatsApp** | ⭐ 簡単 | ネイティブ (QR スキャン) または Bridge URL | [ドキュメント](../channels/whatsapp/README.zh.md) | +| **Slack** | ⭐ 簡単 | **Socket Mode** (公開 IP 不要)、エンタープライズ対応 | [ドキュメント](../channels/slack/README.zh.md) | +| **Matrix** | ⭐⭐ 中程度 | フェデレーションプロトコル、セルフホスト対応 | [ドキュメント](../channels/matrix/README.zh.md) | +| **QQ** | ⭐⭐ 中程度 | 公式ボット API、中国コミュニティ向け | [ドキュメント](../channels/qq/README.zh.md) | +| **DingTalk** | ⭐⭐ 中程度 | Stream モード(公開 IP 不要)、企業向け | [ドキュメント](../channels/dingtalk/README.zh.md) | +| **LINE** | ⭐⭐⭐ やや難 | HTTPS Webhook が必要 | [ドキュメント](../channels/line/README.zh.md) | +| **WeCom (企業微信)** | ⭐⭐⭐ やや難 | グループ Bot (Webhook)、カスタムアプリ (API)、AI Bot 対応 | [Bot](../channels/wecom/wecom_bot/README.zh.md) / [App](../channels/wecom/wecom_app/README.zh.md) / [AI Bot](../channels/wecom/wecom_aibot/README.zh.md) | +| **Feishu (飛書)** | ⭐⭐⭐ やや難 | エンタープライズコラボレーション、機能豊富 | [ドキュメント](../channels/feishu/README.zh.md) | +| **IRC** | ⭐⭐ 中程度 | サーバー + TLS 設定 | - | +| **OneBot** | ⭐⭐ 中程度 | NapCat/Go-CQHTTP 互換、コミュニティエコシステム充実 | [ドキュメント](../channels/onebot/README.zh.md) | +| **MaixCam** | ⭐ 簡単 | Sipeed AI カメラハードウェア統合チャネル | [ドキュメント](../channels/maixcam/README.zh.md) | +| **Pico** | ⭐ 簡単 | PicoClaw ネイティブプロトコルチャネル | | + +--- + +
+Telegram(推奨) + +**1. Bot を作成** + +* Telegram を開き、`@BotFather` を検索 +* `/newbot` を送信し、プロンプトに従う +* Token をコピー + +**2. 設定** + +```json +{ + "channels": { + "telegram": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +> Telegram の `@userinfobot` から User ID を取得できます。 + +**3. 実行** + +```bash +picoclaw gateway +``` + +**4. Telegram コマンドメニュー(起動時に自動登録)** + +PicoClaw は統一されたコマンド定義を使用します。起動時に Telegram がサポートするコマンド(例: `/start`、`/help`、`/show`、`/list`)を Bot コマンドメニューに自動登録し、メニュー表示と実際の動作を一致させます。 +Telegram 側はコマンドメニュー登録機能を保持し、汎用コマンドの実行は Agent Loop 内の commands executor で統一的に処理されます。 + +ネットワークや API の一時的なエラーで登録に失敗しても、チャネルの起動はブロックされません。システムがバックグラウンドで自動リトライします。 + +
+ +
+Discord + +**1. Bot を作成** + +* にアクセス +* アプリケーションを作成 → Bot → Bot を追加 +* Bot Token をコピー + +**2. Intents を有効化** + +* Bot 設定で **MESSAGE CONTENT INTENT** を有効化 +* (オプション)メンバーデータに基づくホワイトリストが必要な場合は **SERVER MEMBERS INTENT** を有効化 + +**3. User ID を取得** + +* Discord 設定 → 詳細設定 → **開発者モード** を有効化 +* アバターを右クリック → **ユーザー ID をコピー** + +**4. 設定** + +```json +{ + "channels": { + "discord": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +**5. Bot を招待** + +* OAuth2 → URL Generator +* Scopes: `bot` +* Bot Permissions: `Send Messages`, `Read Message History` +* 生成された招待リンクを開き、Bot をサーバーに追加 + +**オプション:グループトリガーモード** + +デフォルトでは Bot はサーバーチャネル内のすべてのメッセージに応答します。@メンション時のみ応答するには: + +```json +{ + "channels": { + "discord": { + "group_trigger": { "mention_only": true } + } + } +} +``` + +キーワードプレフィックスでトリガーすることもできます(例: `!bot`): + +```json +{ + "channels": { + "discord": { + "group_trigger": { "prefixes": ["!bot"] } + } + } +} +``` + +**6. 実行** + +```bash +picoclaw gateway +``` + +
+ +
+WhatsApp(ネイティブ whatsmeow) + +PicoClaw は 2 つの WhatsApp 接続方式をサポートしています: + +- **ネイティブ(推奨):** プロセス内で [whatsmeow](https://github.com/tulir/whatsmeow) を使用。独立した Bridge は不要です。`"use_native": true` に設定し、`bridge_url` を空にします。初回実行時に WhatsApp で QR コードをスキャン(リンクデバイス)。セッションはワークスペース配下(例: `workspace/whatsapp/`)に保存されます。ネイティブチャネルは**オプション**ビルドで、`-tags whatsapp_native` でコンパイルします(例: `make build-whatsapp-native` または `go build -tags whatsapp_native ./cmd/...`)。 +- **Bridge:** 外部 WebSocket Bridge に接続。`bridge_url`(例: `ws://localhost:3001`)を設定し、`use_native` を false のままにします。 + +**設定(ネイティブ)** + +```json +{ + "channels": { + "whatsapp": { + "enabled": true, + "use_native": true, + "session_store_path": "", + "allow_from": [] + } + } +} +``` + +`session_store_path` が空の場合、セッションは `/whatsapp/` に保存されます。`picoclaw gateway` を実行し、初回実行時にターミナルに表示される QR コードをスキャンしてください(WhatsApp → リンクデバイス)。 + +
+ +
+Matrix + +**1. Bot アカウントを準備** + +* お好みの homeserver(例: `https://matrix.org` またはセルフホスト)を使用 +* Bot ユーザーを作成し、access token を取得 + +**2. 設定** + +```json +{ + "channels": { + "matrix": { + "enabled": true, + "homeserver": "https://matrix.org", + "user_id": "@your-bot:matrix.org", + "access_token": "YOUR_MATRIX_ACCESS_TOKEN", + "allow_from": [] + } + } +} +``` + +**3. 実行** + +```bash +picoclaw gateway +``` + +すべてのオプション(`device_id`、`join_on_invite`、`group_trigger`、`placeholder`、`reasoning_channel_id`)については [Matrix チャネル設定ガイド](../channels/matrix/README.md) を参照してください。 + +
+ +
+QQ + +**1. Bot を作成** + +- [QQ 開放プラットフォーム](https://q.qq.com/#) にアクセス +- アプリケーションを作成 → **AppID** と **AppSecret** を取得 + +**2. 設定** + +```json +{ + "channels": { + "qq": { + "enabled": true, + "app_id": "YOUR_APP_ID", + "app_secret": "YOUR_APP_SECRET", + "allow_from": [] + } + } +} +``` + +> `allow_from` を空にするとすべてのユーザーを許可します。QQ 番号を指定してアクセスを制限することもできます。 + +**3. 実行** + +```bash +picoclaw gateway +``` + +
+ +
+Slack + +**1. Slack App を作成** + +* [Slack API](https://api.slack.com/apps) でアプリを作成 +* **Socket Mode** を有効化 +* **Bot Token** と **App-Level Token** を取得 + +**2. 設定** + +```json +{ + "channels": { + "slack": { + "enabled": true, + "bot_token": "xoxb-YOUR_BOT_TOKEN", + "app_token": "xapp-YOUR_APP_TOKEN", + "allow_from": [] + } + } +} +``` + +**3. 実行** + +```bash +picoclaw gateway +``` + +
+ +
+IRC + +**1. 設定** + +```json +{ + "channels": { + "irc": { + "enabled": true, + "server": "irc.libera.chat:6697", + "nick": "picoclaw-bot", + "use_tls": true, + "channels_to_join": ["#your-channel"], + "allow_from": [] + } + } +} +``` + +**2. 実行** + +```bash +picoclaw gateway +``` + +
+ +
+DingTalk + +**1. Bot を作成** + +* [開放プラットフォーム](https://open.dingtalk.com/) にアクセス +* 内部アプリを作成 +* Client ID と Client Secret をコピー + +**2. 設定** + +```json +{ + "channels": { + "dingtalk": { + "enabled": true, + "client_id": "YOUR_CLIENT_ID", + "client_secret": "YOUR_CLIENT_SECRET", + "allow_from": [] + } + } +} +``` + +> `allow_from` を空にするとすべてのユーザーを許可します。DingTalk ユーザー ID を指定してアクセスを制限することもできます。 + +**3. 実行** + +```bash +picoclaw gateway +``` + +
+ +
+LINE + +**1. LINE 公式アカウントを作成** + +- [LINE Developers Console](https://developers.line.biz/) にアクセス +- Provider を作成 → Messaging API チャネルを作成 +- **Channel Secret** と **Channel Access Token** をコピー + +**2. 設定** + +```json +{ + "channels": { + "line": { + "enabled": true, + "channel_secret": "YOUR_CHANNEL_SECRET", + "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN", + "webhook_path": "/webhook/line", + "allow_from": [] + } + } +} +``` + +> LINE Webhook は共有 Gateway サーバー(`gateway.host`:`gateway.port`、デフォルト `127.0.0.1:18790`)上で提供されます。 + +**3. Webhook URL を設定** + +LINE は HTTPS Webhook が必要です。リバースプロキシまたはトンネルを使用してください: + +```bash +# 例:ngrok を使用(Gateway デフォルトポートは 18790) +ngrok http 18790 +``` + +LINE Developers Console で Webhook URL を `https://your-domain/webhook/line` に設定し、**Use webhook** を有効にしてください。 + +**4. 実行** + +```bash +picoclaw gateway +``` + +> グループチャットでは、Bot は @メンション時のみ応答します。返信は元のメッセージを引用します。 + +
+ +
+Feishu (飛書) + +**1. アプリを作成** + +* [飛書開放プラットフォーム](https://open.feishu.cn/) にアクセス +* 企業カスタムアプリを作成 +* **App ID** と **App Secret** を取得 + +**2. 設定** + +```json +{ + "channels": { + "feishu": { + "enabled": true, + "app_id": "cli_xxx", + "app_secret": "xxx", + "encrypt_key": "", + "verification_token": "", + "allow_from": [] + } + } +} +``` + +**3. 実行** + +```bash +picoclaw gateway +``` + +
+ +
+WeCom (企業微信) + +PicoClaw は 3 種類の WeCom 統合をサポートしています: + +**方式 1: グループ Bot (Bot)** — セットアップ簡単、グループチャット対応 +**方式 2: カスタムアプリ (App)** — より多機能、プロアクティブメッセージング、プライベートチャットのみ +**方式 3: AI Bot** — 公式 AI Bot、ストリーミング返信、グループ・プライベートチャット対応 + +詳細なセットアップ手順は [WeCom AI Bot 設定ガイド](../channels/wecom/wecom_aibot/README.zh.md) を参照してください。 + +**クイックセットアップ — グループ Bot:** + +**1. Bot を作成** + +* WeCom 管理コンソール → グループチャット → グループ Bot を追加 +* Webhook URL をコピー(形式:`https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) + +**2. 設定** + +```json +{ + "channels": { + "wecom": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", + "webhook_path": "/webhook/wecom", + "allow_from": [] + } + } +} +``` + +> WeCom Webhook は共有 Gateway サーバー(`gateway.host`:`gateway.port`、デフォルト `127.0.0.1:18790`)上で提供されます。 + +**クイックセットアップ — カスタムアプリ:** + +**1. アプリを作成** + +* WeCom 管理コンソール → アプリ管理 → アプリを作成 +* **AgentId** と **Secret** をコピー +* 「マイ企業」ページで **CorpID** をコピー + +**2. メッセージ受信を設定** + +* アプリ詳細で「メッセージ受信」→「API を設定」をクリック +* URL を `http://your-server:18790/webhook/wecom-app` に設定 +* **Token** と **EncodingAESKey** を生成 + +**3. 設定** + +```json +{ + "channels": { + "wecom_app": { + "enabled": true, + "corp_id": "wwxxxxxxxxxxxxxxxx", + "corp_secret": "YOUR_CORP_SECRET", + "agent_id": 1000002, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-app", + "allow_from": [] + } + } +} +``` + +**4. 実行** + +```bash +picoclaw gateway +``` + +> **注意**: WeCom Webhook コールバックは Gateway ポート(デフォルト 18790)で提供されます。HTTPS にはリバースプロキシを使用してください。 + +**クイックセットアップ — AI Bot:** + +**1. AI Bot を作成** + +* WeCom 管理コンソール → アプリ管理 → AI Bot +* AI Bot 設定でコールバック URL を設定:`http://your-server:18791/webhook/wecom-aibot` +* **Token** をコピーし、「ランダム生成」をクリックして **EncodingAESKey** を取得 + +**2. 設定** + +```json +{ + "channels": { + "wecom_aibot": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-aibot", + "allow_from": [], + "welcome_message": "こんにちは!何かお手伝いできますか?" + } + } +} +``` + +**3. 実行** + +```bash +picoclaw gateway +``` + +> **注意**: WeCom AI Bot はストリーミングプルプロトコルを使用しており、返信タイムアウトの心配はありません。長時間タスク(30 秒超)は自動的に `response_url` プッシュ配信に切り替わります。 + +
+ +
+OneBot + +**1. 設定** + +NapCat / Go-CQHTTP などの OneBot 実装と互換性があります。 + +```json +{ + "channels": { + "onebot": { + "enabled": true, + "allow_from": [] + } + } +} +``` + +**2. 実行** + +```bash +picoclaw gateway +``` + +
+ +
+MaixCam + +Sipeed AI カメラハードウェア向けの統合チャネルです。 + +```json +{ + "channels": { + "maixcam": { + "enabled": true + } + } +} +``` + +```bash +picoclaw gateway +``` + +
diff --git a/docs/ja/configuration.md b/docs/ja/configuration.md new file mode 100644 index 000000000..bfd574a4d --- /dev/null +++ b/docs/ja/configuration.md @@ -0,0 +1,256 @@ +# ⚙️ 設定ガイド + +> [README](../../README.ja.md) に戻る + +## ⚙️ 設定詳細 + +設定ファイルパス: `~/.picoclaw/config.json` + +### 環境変数 + +環境変数を使用してデフォルトパスを上書きできます。ポータブルインストール、コンテナ化デプロイ、または picoclaw をシステムサービスとして実行する場合に便利です。これらの変数は独立しており、異なるパスを制御します。 + +| 変数 | 説明 | デフォルトパス | +|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| +| `PICOCLAW_CONFIG` | 設定ファイルのパスを上書きします。picoclaw がどの `config.json` を読み込むかを直接指定し、他のすべての場所を無視します。 | `~/.picoclaw/config.json` | +| `PICOCLAW_HOME` | picoclaw データのルートディレクトリを上書きします。`workspace` やその他のデータディレクトリのデフォルト場所を変更します。 | `~/.picoclaw` | + +**例:** + +```bash +# 特定の設定ファイルで picoclaw を実行 +# ワークスペースパスはその設定ファイル内から読み込まれます +PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway + +# /opt/picoclaw にすべてのデータを保存して picoclaw を実行 +# 設定はデフォルトの ~/.picoclaw/config.json から読み込まれます +# ワークスペースは /opt/picoclaw/workspace に作成されます +PICOCLAW_HOME=/opt/picoclaw picoclaw agent + +# 両方を使用して完全にカスタマイズ +PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway +``` + +### ワークスペースレイアウト + +PicoClaw は設定されたワークスペース(デフォルト: `~/.picoclaw/workspace`)にデータを保存します: + +``` +~/.picoclaw/workspace/ +├── sessions/ # 会話セッションと履歴 +├── memory/ # 長期記憶 (MEMORY.md) +├── state/ # 永続化状態 (最後のチャネルなど) +├── cron/ # スケジュールジョブデータベース +├── skills/ # カスタムスキル +├── AGENTS.md # Agent 動作ガイド +├── HEARTBEAT.md # 定期タスクプロンプト (30 分ごとにチェック) +├── IDENTITY.md # Agent アイデンティティ +├── SOUL.md # Agent ソウル/性格 +└── USER.md # ユーザー設定 +``` + +### スキルソース + +デフォルトでは、スキルは以下の順序で読み込まれます: + +1. `~/.picoclaw/workspace/skills`(ワークスペース) +2. `~/.picoclaw/skills`(グローバル) +3. `/skills`(ビルトイン) + +高度な/テスト用セットアップでは、以下の環境変数でビルトインスキルのルートを上書きできます: + +```bash +export PICOCLAW_BUILTIN_SKILLS=/path/to/skills +``` + +### 統一コマンド実行ポリシー + +- 汎用スラッシュコマンドは `pkg/agent/loop.go` 内の `commands.Executor` を通じて統一的に実行されます。 +- チャネルアダプターはローカルで汎用コマンドを消費しなくなりました。受信テキストを bus/agent パスに転送するだけです。Telegram は起動時にサポートするコマンドメニューを自動登録します。 +- 未登録のスラッシュコマンド(例: `/foo`)は通常の LLM 処理にパススルーされます。 +- 登録済みだが現在のチャネルでサポートされていないコマンド(例: WhatsApp での `/show`)は、明示的なユーザー向けエラーを返し、以降の処理を停止します。 + +### 🔒 セキュリティサンドボックス + +PicoClaw はデフォルトでサンドボックス環境で実行されます。Agent は設定されたワークスペース内のファイルアクセスとコマンド実行のみが可能です。 + +#### デフォルト設定 + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "restrict_to_workspace": true + } + } +} +``` + +| オプション | デフォルト値 | 説明 | +| ----------------------- | ----------------------- | ------------------------------------- | +| `workspace` | `~/.picoclaw/workspace` | Agent の作業ディレクトリ | +| `restrict_to_workspace` | `true` | ファイル/コマンドアクセスをワークスペース内に制限 | + +#### 保護されたツール + +`restrict_to_workspace: true` の場合、以下のツールがサンドボックス化されます: + +| ツール | 機能 | 制限 | +| ------------- | ---------------- | ---------------------------------- | +| `read_file` | ファイル読み取り | ワークスペース内のファイルのみ | +| `write_file` | ファイル書き込み | ワークスペース内のファイルのみ | +| `list_dir` | ディレクトリ一覧 | ワークスペース内のディレクトリのみ | +| `edit_file` | ファイル編集 | ワークスペース内のファイルのみ | +| `append_file` | ファイル追記 | ワークスペース内のファイルのみ | +| `exec` | コマンド実行 | コマンドパスはワークスペース内必須 | + +#### 追加の Exec 保護 + +`restrict_to_workspace: false` の場合でも、`exec` ツールは以下の危険なコマンドをブロックします: + +* `rm -rf`、`del /f`、`rmdir /s` — 一括削除 +* `format`、`mkfs`、`diskpart` — ディスクフォーマット +* `dd if=` — ディスクイメージング +* `/dev/sd[a-z]` への書き込み — 直接ディスク書き込み +* `shutdown`、`reboot`、`poweroff` — システムシャットダウン +* Fork bomb `:(){ :|:& };:` + +### ファイルアクセス制御 + +| 設定キー | 型 | デフォルト値 | 説明 | +|----------|------|-------------|------| +| `tools.allow_read_paths` | string[] | `[]` | ワークスペース外で読み取りを許可する追加パス | +| `tools.allow_write_paths` | string[] | `[]` | ワークスペース外で書き込みを許可する追加パス | + +### Exec セキュリティ設定 + +| 設定キー | 型 | デフォルト値 | 説明 | +|----------|------|-------------|------| +| `tools.exec.allow_remote` | bool | `false` | リモートチャネル(Telegram/Discord など)からの exec ツール実行を許可 | +| `tools.exec.enable_deny_patterns` | bool | `true` | 危険なコマンドのインターセプトを有効化 | +| `tools.exec.custom_deny_patterns` | string[] | `[]` | カスタムブロック正規表現パターン | +| `tools.exec.custom_allow_patterns` | string[] | `[]` | カスタム許可正規表現パターン | + +> **セキュリティ注意:** Symlink 保護はデフォルトで有効です。すべてのファイルパスはホワイトリストマッチング前に `filepath.EvalSymlinks` で解決され、シンボリックリンクエスケープ攻撃を防止します。 + +#### 既知の制限:ビルドツールの子プロセス + +exec セキュリティガードは PicoClaw が直接起動するコマンドラインのみを検査します。`make`、`go run`、`cargo`、`npm run`、またはカスタムビルドスクリプトなどの開発ツールが生成する子プロセスは再帰的に検査しません。 + +つまり、トップレベルのコマンドが初期ガードチェックを通過した後、他のバイナリをコンパイルまたは起動できます。実際には、ビルドスクリプト、Makefile、パッケージスクリプト、生成されたバイナリを、直接のシェルコマンドと同等レベルの実行可能コードとしてレビューする必要があります。 + +高リスク環境の場合: + +* 実行前にビルドスクリプトをレビューしてください。 +* コンパイル・実行ワークフローには承認/手動レビューを優先してください。 +* ビルトインガードより強力な分離が必要な場合は、コンテナまたは VM 内で PicoClaw を実行してください。 + +#### エラー例 + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (path outside working dir)} +``` + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} +``` + +#### 制限の無効化(セキュリティリスク) + +Agent がワークスペース外のパスにアクセスする必要がある場合: + +**方法 1: 設定ファイル** + +```json +{ + "agents": { + "defaults": { + "restrict_to_workspace": false + } + } +} +``` + +**方法 2: 環境変数** + +```bash +export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false +``` + +> ⚠️ **警告**: この制限を無効にすると、Agent がシステム上の任意のパスにアクセスできるようになります。管理された環境でのみ慎重に使用してください。 + +#### セキュリティ境界の一貫性 + +`restrict_to_workspace` 設定はすべての実行パスで一貫して適用されます: + +| 実行パス | セキュリティ境界 | +| ---------------- | ---------------------------- | +| メイン Agent | `restrict_to_workspace` ✅ | +| サブ Agent / Spawn | 同じ制限を継承 ✅ | +| ハートビートタスク | 同じ制限を継承 ✅ | + +すべてのパスは同じワークスペース制限を共有しており、サブ Agent やスケジュールタスクを通じてセキュリティ境界を回避することはできません。 + +### ハートビート(定期タスク) + +PicoClaw は定期タスクを自動実行できます。ワークスペースに `HEARTBEAT.md` ファイルを作成してください: + +```markdown +# Periodic Tasks + +- Check my email for important messages +- Review my calendar for upcoming events +- Check the weather forecast +``` + +Agent は 30 分ごと(設定可能)にこのファイルを読み取り、利用可能なツールを使用してタスクを実行します。 + +#### Spawn を使用した非同期タスク + +長時間実行タスク(Web 検索、API 呼び出し)には、`spawn` ツールを使用して**サブ Agent (subagent)** を作成します: + +```markdown +# Periodic Tasks + +## Quick Tasks (respond directly) + +- Report current time + +## Long Tasks (use spawn for async) + +- Search the web for AI news and summarize +- Check email and report important messages +``` + +**主な動作:** + +| 特性 | 説明 | +| ---------------- | -------------------------------------------- | +| **spawn** | 非同期サブ Agent を作成、メインハートビートをブロックしない | +| **独立コンテキスト** | サブ Agent は独自のコンテキストを持ち、セッション履歴なし | +| **message tool** | サブ Agent は message ツールでユーザーと直接通信 | +| **ノンブロッキング** | spawn 後、ハートビートは次のタスクに進む | + +**設定:** + +```json +{ + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +| オプション | デフォルト値 | 説明 | +| ---------- | ------------ | ------------------------------ | +| `enabled` | `true` | ハートビートの有効/無効 | +| `interval` | `30` | チェック間隔(分単位、最小: 5)| + +**環境変数:** + +- `PICOCLAW_HEARTBEAT_ENABLED=false` で無効化 +- `PICOCLAW_HEARTBEAT_INTERVAL=60` で間隔を変更 diff --git a/docs/ja/docker.md b/docs/ja/docker.md new file mode 100644 index 000000000..6ad55d41d --- /dev/null +++ b/docs/ja/docker.md @@ -0,0 +1,168 @@ +# 🐳 Docker とクイックスタート + +> [README](../../README.ja.md) に戻る + +## 🐳 Docker Compose + +Docker Compose を使用して PicoClaw を実行できます。ローカルに何もインストールする必要はありません。 + +```bash +# 1. リポジトリをクローン +git clone https://github.com/sipeed/picoclaw.git +cd picoclaw + +# 2. 初回実行 — docker/data/config.json を自動生成して終了 +docker compose -f docker/docker-compose.yml --profile gateway up +# コンテナが "First-run setup complete." と表示して停止します + +# 3. API Key を設定 +vim docker/data/config.json # provider API key、Bot Token などを設定 + +# 4. 起動 +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +> [!TIP] +> **Docker ユーザー**: デフォルトでは Gateway は `127.0.0.1` でリッスンしており、コンテナ外からはアクセスできません。ヘルスチェックエンドポイントへのアクセスやポート公開が必要な場合は、環境変数で `PICOCLAW_GATEWAY_HOST=0.0.0.0` を設定するか、`config.json` を更新してください。 + +```bash +# 5. ログを確認 +docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway + +# 6. 停止 +docker compose -f docker/docker-compose.yml --profile gateway down +``` + +### Launcher モード (Web コンソール) + +`launcher` イメージには 3 つのバイナリ(`picoclaw`、`picoclaw-launcher`、`picoclaw-launcher-tui`)がすべて含まれており、デフォルトで Web コンソールを起動します。ブラウザベースの設定・チャット画面を提供します。 + +```bash +docker compose -f docker/docker-compose.yml --profile launcher up -d +``` + +ブラウザで http://localhost:18800 を開いてください。Launcher が Gateway プロセスを自動管理します。 + +> [!WARNING] +> Web コンソールはまだ認証をサポートしていません。公開インターネットに公開しないでください。 + +### Agent モード (ワンショット) + +```bash +# 質問する +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "2+2は?" + +# インタラクティブモード +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent +``` + +### イメージの更新 + +```bash +docker compose -f docker/docker-compose.yml pull +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +--- + +## 🚀 クイックスタート + +> [!TIP] +> `~/.picoclaw/config.json` に API Key を設定してください。API Key の取得先: [Volcengine (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM)。Web 検索は**オプション**です — 無料の [Tavily API](https://tavily.com) (月 1000 回無料) または [Brave Search API](https://brave.com/search/api) (月 2000 回無料) を取得できます。 + +**1. 初期化** + +```bash +picoclaw onboard +``` + +**2. 設定** (`~/.picoclaw/config.json`) + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model_name": "gpt-5.4", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key", + "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "your-api-key", + "request_timeout": 300 + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "your-anthropic-key" + } + ], + "tools": { + "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", + "brave": { + "enabled": false, + "api_key": "YOUR_BRAVE_API_KEY", + "max_results": 5 + }, + "tavily": { + "enabled": false, + "api_key": "YOUR_TAVILY_API_KEY", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "YOUR_PERPLEXITY_API_KEY", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://your-searxng-instance:8888", + "max_results": 5 + } + } + } +} +``` + +> **新機能**: `model_list` 設定形式により、コード変更なしで provider を追加できます。詳細は[モデル設定](providers.md#モデル設定-model_list)を参照してください。 +> `request_timeout` はオプションで、単位は秒です。省略または `<= 0` に設定した場合、PicoClaw はデフォルトのタイムアウト(120 秒)を使用します。 + +**3. API Key の取得** + +* **LLM プロバイダー**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) +* **Web 検索** (オプション): + * [Brave Search](https://brave.com/search/api) - 有料 ($5/1000 queries, ~$5-6/month) + * [Perplexity](https://www.perplexity.ai) - AI 搭載の検索・チャットインターフェース + * [SearXNG](https://github.com/searxng/searxng) - セルフホスト型メタ検索エンジン(無料、API Key 不要) + * [Tavily](https://tavily.com) - AI Agent 向けに最適化 (1000 requests/month) + * DuckDuckGo - 組み込みフォールバック(API Key 不要) + +> **注意**: 完全な設定テンプレートは `config.example.json` を参照してください。 + +**4. チャット** + +```bash +picoclaw agent -m "2+2は?" +``` + +以上です!2 分で動作する AI アシスタントが手に入ります。 + +--- diff --git a/docs/ja/providers.md b/docs/ja/providers.md new file mode 100644 index 000000000..2323a27cc --- /dev/null +++ b/docs/ja/providers.md @@ -0,0 +1,434 @@ +# 🔌 プロバイダーとモデル設定 + +> [README](../../README.ja.md) に戻る + +### プロバイダー + +> [!NOTE] +> Groq は Whisper による無料の音声文字起こしを提供しています。Groq を設定すると、任意のチャネルからの音声メッセージが Agent レベルで自動的にテキストに変換されます。 + +| プロバイダー | 用途 | API Key の取得 | +| -------------------- | ---------------------------- | -------------------------------------------------------------------- | +| `gemini` | LLM (Gemini 直接接続) | [aistudio.google.com](https://aistudio.google.com) | +| `zhipu` | LLM (Zhipu 直接接続) | [bigmodel.cn](https://bigmodel.cn) | +| `volcengine` | LLM (Volcengine 直接接続) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| `openrouter` | LLM (推奨、全モデルアクセス可) | [openrouter.ai](https://openrouter.ai) | +| `anthropic` | LLM (Claude 直接接続) | [console.anthropic.com](https://console.anthropic.com) | +| `openai` | LLM (GPT 直接接続) | [platform.openai.com](https://platform.openai.com) | +| `deepseek` | LLM (DeepSeek 直接接続) | [platform.deepseek.com](https://platform.deepseek.com) | +| `qwen` | LLM (Qwen 直接接続) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) | +| `groq` | LLM + **音声文字起こし** (Whisper) | [console.groq.com](https://console.groq.com) | +| `cerebras` | LLM (Cerebras 直接接続) | [cerebras.ai](https://cerebras.ai) | +| `vivgrid` | LLM (Vivgrid 直接接続) | [vivgrid.com](https://vivgrid.com) | +| `moonshot` | LLM (Kimi/Moonshot 直接接続) | [platform.moonshot.cn](https://platform.moonshot.cn) | +| `minimax` | LLM (Minimax 直接接続) | [platform.minimaxi.com](https://platform.minimaxi.com) | +| `avian` | LLM (Avian 直接接続) | [avian.io](https://avian.io) | +| `mistral` | LLM (Mistral 直接接続) | [console.mistral.ai](https://console.mistral.ai) | +| `longcat` | LLM (Longcat 直接接続) | [longcat.ai](https://longcat.ai) | +| `modelscope` | LLM (ModelScope 直接接続) | [modelscope.cn](https://modelscope.cn) | + +### モデル設定 (model_list) + +> **新機能!** PicoClaw は**モデル中心**の設定方式を採用しました。`ベンダー/モデル` 形式(例: `zhipu/glm-4.7`)を指定するだけで新しい provider を追加できます——**コード変更は一切不要です!** + +この設計は**マルチ Agent シナリオ**もサポートし、柔軟な Provider 選択を提供します: + +- **Agent ごとに異なる Provider**: 各 Agent が独自の LLM provider を使用可能 +- **モデルフォールバック**: プライマリモデルとフォールバックモデルを設定し、信頼性を向上 +- **ロードバランシング**: 複数の API エンドポイント間でリクエストを分散 +- **一元管理**: すべての provider を一箇所で管理 + +#### 📋 サポートされている全ベンダー + +| ベンダー | `model` プレフィックス | デフォルト API Base | プロトコル | API Key の取得 | +| ------------------- | --------------------- | --------------------------------------------------- | ---------- | ----------------------------------------------------------------- | +| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [キーを取得](https://platform.openai.com) | +| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [キーを取得](https://console.anthropic.com) | +| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [キーを取得](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | +| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [キーを取得](https://platform.deepseek.com) | +| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [キーを取得](https://aistudio.google.com/api-keys) | +| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [キーを取得](https://console.groq.com) | +| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [キーを取得](https://platform.moonshot.cn) | +| **通義千問 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [キーを取得](https://dashscope.console.aliyun.com) | +| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [キーを取得](https://build.nvidia.com) | +| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | ローカル(キー不要) | +| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [キーを取得](https://openrouter.ai/keys) | +| **LiteLLM Proxy** | `litellm/` | `http://localhost:4000/v1` | OpenAI | LiteLLM プロキシキー | +| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | ローカル | +| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [キーを取得](https://cerebras.ai) | +| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [キーを取得](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| **神算云** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | +| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [キーを取得](https://www.byteplus.com) | +| **Vivgrid** | `vivgrid/` | `https://api.vivgrid.com/v1` | OpenAI | [キーを取得](https://vivgrid.com) | +| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [キーを取得](https://longcat.chat/platform) | +| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [トークンを取得](https://modelscope.cn/my/tokens) | +| **Antigravity** | `antigravity/` | Google Cloud | カスタム | OAuth のみ | +| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | + +#### 基本設定 + +```json +{ + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-your-openai-key" + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" + }, + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-zhipu-key" + } + ], + "agents": { + "defaults": { + "model": "gpt-5.4" + } + } +} +``` + +#### ベンダー別設定例 + +**OpenAI** + +```json +{ + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-..." +} +``` + +**VolcEngine (Doubao)** + +```json +{ + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-..." +} +``` + +**智谱 AI (GLM)** + +```json +{ + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" +} +``` + +**DeepSeek** + +```json +{ + "model_name": "deepseek-chat", + "model": "deepseek/deepseek-chat", + "api_key": "sk-..." +} +``` + +**Anthropic (API キー使用)** + +```json +{ + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" +} +``` + +> `picoclaw auth login --provider anthropic` を実行して API トークンを設定してください。 + +**Anthropic Messages API(ネイティブ形式)** + +Anthropic API への直接アクセスや、Anthropic のネイティブメッセージ形式のみをサポートするカスタムエンドポイント向け: + +```json +{ + "model_name": "claude-opus-4-6", + "model": "anthropic-messages/claude-opus-4-6", + "api_key": "sk-ant-your-key", + "api_base": "https://api.anthropic.com" +} +``` + +> `anthropic-messages` プロトコルを使用するケース: +> - Anthropic のネイティブ `/v1/messages` エンドポイントのみをサポートするサードパーティプロキシを使用する場合(OpenAI 互換の `/v1/chat/completions` 非対応) +> - MiniMax、Synthetic など Anthropic のネイティブメッセージ形式を必要とするサービスに接続する場合 +> - 既存の `anthropic` プロトコルが 404 エラーを返す場合(エンドポイントが OpenAI 互換形式をサポートしていないことを示す) +> +> **注意:** `anthropic` プロトコルは OpenAI 互換形式(`/v1/chat/completions`)を使用し、`anthropic-messages` は Anthropic のネイティブ形式(`/v1/messages`)を使用します。エンドポイントがサポートする形式に応じて選択してください。 + +**Ollama (ローカル)** + +```json +{ + "model_name": "llama3", + "model": "ollama/llama3" +} +``` + +**カスタムプロキシ/API** + +```json +{ + "model_name": "my-custom-model", + "model": "openai/custom-model", + "api_base": "https://my-proxy.com/v1", + "api_key": "sk-...", + "request_timeout": 300 +} +``` + +**LiteLLM Proxy** + +```json +{ + "model_name": "lite-gpt4", + "model": "litellm/lite-gpt4", + "api_base": "http://localhost:4000/v1", + "api_key": "sk-..." +} +``` + +PicoClaw はリクエスト送信前に外側の `litellm/` プレフィックスのみを除去するため、`litellm/lite-gpt4` は `lite-gpt4` を送信し、`litellm/openai/gpt-4o` は `openai/gpt-4o` を送信します。 + +#### ロードバランシング + +同じモデル名に複数のエンドポイントを設定すると、PicoClaw が自動的にラウンドロビンで分散します: + +```json +{ + "model_list": [ + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api1.example.com/v1", + "api_key": "sk-key1" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api2.example.com/v1", + "api_key": "sk-key2" + } + ] +} +``` + +#### レガシー `providers` 設定からの移行 + +旧 `providers` 設定形式は**非推奨**ですが、後方互換性のためまだサポートされています。 + +**旧設定(非推奨):** + +```json +{ + "providers": { + "zhipu": { + "api_key": "your-key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + }, + "agents": { + "defaults": { + "provider": "zhipu", + "model": "glm-4.7" + } + } +} +``` + +**新設定(推奨):** + +```json +{ + "model_list": [ + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" + } + ], + "agents": { + "defaults": { + "model": "glm-4.7" + } + } +} +``` + +詳細な移行ガイドは [docs/migration/model-list-migration.md](../migration/model-list-migration.md) を参照してください。 + +### Provider アーキテクチャ + +PicoClaw はプロトコルファミリーごとに Provider をルーティングします: + +- OpenAI 互換プロトコル:OpenRouter、OpenAI 互換ゲートウェイ、Groq、Zhipu、vLLM スタイルのエンドポイント。 +- Anthropic プロトコル:Claude ネイティブ API 動作。 +- Codex/OAuth パス:OpenAI OAuth/Token 認証ルート。 + +これによりランタイムを軽量に保ちつつ、新しい OpenAI 互換バックエンドの追加をほぼ設定操作(`api_base` + `api_key`)のみで実現しています。 + +
+Zhipu 設定例 + +**1. API key と base URL を取得** + +- [API key](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) を取得 + +**2. 設定** + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model": "glm-4.7", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "providers": { + "zhipu": { + "api_key": "Your API Key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + } +} +``` + +**3. 実行** + +```bash +picoclaw agent -m "こんにちは" +``` + +
+ +
+完全な設定例 + +```json +{ + "agents": { + "defaults": { + "model": "anthropic/claude-opus-4-5" + } + }, + "session": { + "dm_scope": "per-channel-peer", + "backlog_limit": 20 + }, + "providers": { + "openrouter": { + "api_key": "sk-or-v1-xxx" + }, + "groq": { + "api_key": "gsk_xxx" + } + }, + "channels": { + "telegram": { + "enabled": true, + "token": "123456:ABC...", + "allow_from": ["123456789"] + }, + "discord": { + "enabled": true, + "token": "", + "allow_from": [""] + }, + "whatsapp": { + "enabled": false, + "bridge_url": "ws://localhost:3001", + "use_native": false, + "session_store_path": "", + "allow_from": [] + }, + "feishu": { + "enabled": false, + "app_id": "cli_xxx", + "app_secret": "xxx", + "encrypt_key": "", + "verification_token": "", + "allow_from": [] + }, + "qq": { + "enabled": false, + "app_id": "", + "app_secret": "", + "allow_from": [] + } + }, + "tools": { + "web": { + "brave": { + "enabled": false, + "api_key": "BSA...", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://localhost:8888", + "max_results": 5 + } + }, + "cron": { + "exec_timeout_minutes": 5 + } + }, + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +
+ +--- + +## 📝 API Key 比較表 + +| サービス | Pricing | ユースケース | +| ---------------- | ------------------------ | ------------------------------------- | +| **OpenRouter** | Free: 200K tokens/month | マルチモデル (Claude, GPT-4 など) | +| **Volcengine CodingPlan** | ¥9.9/first month | 中国ユーザー向け、複数の SOTA モデル (Doubao, DeepSeek など) | +| **Zhipu** | Free: 200K tokens/month | 中国ユーザー向け | +| **Brave Search** | $5/1000 queries | Web 検索機能 | +| **SearXNG** | Free (self-hosted) | プライバシー重視のメタ検索 (70+ engines) | +| **Groq** | Free tier available | 高速推論 (Llama, Mixtral) | +| **Cerebras** | Free tier available | 高速推論 (Llama, Qwen など) | +| **LongCat** | Free: up to 5M tokens/day | 高速推論 | +| **ModelScope** | Free: 2000 requests/day | 推論 (Qwen, GLM, DeepSeek など) | + +--- + +
+ PicoClaw Meme +
diff --git a/docs/ja/spawn-tasks.md b/docs/ja/spawn-tasks.md new file mode 100644 index 000000000..a13aab9eb --- /dev/null +++ b/docs/ja/spawn-tasks.md @@ -0,0 +1,68 @@ +# 🔄 非同期タスクと Spawn + +> [README](../../README.ja.md) に戻る + +### Spawn を使用した非同期タスク + +長時間実行タスク(Web 検索、API 呼び出し)には、`spawn` ツールを使用して**サブ Agent (subagent)** を作成します: + +```markdown +# Periodic Tasks + +## Quick Tasks (respond directly) + +- Report current time + +## Long Tasks (use spawn for async) + +- Search the web for AI news and summarize +- Check email and report important messages +``` + +**主な動作:** + +| 特性 | 説明 | +| ---------------- | ------------------------------------------------ | +| **spawn** | 非同期サブ Agent を作成、メインハートビートをブロックしない | +| **独立コンテキスト** | サブ Agent は独自のコンテキストを持ち、セッション履歴なし | +| **message tool** | サブ Agent は message ツールでユーザーと直接通信 | +| **ノンブロッキング** | spawn 後、ハートビートは次のタスクに進む | + +#### サブ Agent の通信の仕組み + +``` +ハートビートトリガー (Heartbeat triggers) + ↓ +Agent が HEARTBEAT.md を読み取り + ↓ +長時間タスクの場合: サブ Agent を spawn + ↓ ↓ +次のタスクに進む サブ Agent が独立して作業 + ↓ ↓ +すべてのタスク完了 サブ Agent が "message" ツールを使用 + ↓ ↓ +HEARTBEAT_OK を応答 ユーザーが直接結果を受信 +``` + +サブ Agent はツール(message、web_search など)にアクセスでき、メイン Agent を経由せずにユーザーと独立して通信できます。 + +**設定:** + +```json +{ + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +| オプション | デフォルト値 | 説明 | +| ---------- | ------------ | ------------------------------ | +| `enabled` | `true` | ハートビートの有効/無効 | +| `interval` | `30` | チェック間隔(分単位、最小: 5)| + +**環境変数:** + +- `PICOCLAW_HEARTBEAT_ENABLED=false` で無効化 +- `PICOCLAW_HEARTBEAT_INTERVAL=60` で間隔を変更 diff --git a/docs/ja/tools_configuration.md b/docs/ja/tools_configuration.md new file mode 100644 index 000000000..e4568f6ae --- /dev/null +++ b/docs/ja/tools_configuration.md @@ -0,0 +1,336 @@ +# 🔧 ツール設定 + +> [README](../../README.ja.md) に戻る + +PicoClaw のツール設定は `config.json` の `tools` フィールドにあります。 + +## ディレクトリ構造 + +```json +{ + "tools": { + "web": { + ... + }, + "mcp": { + ... + }, + "exec": { + ... + }, + "cron": { + ... + }, + "skills": { + ... + } + } +} +``` + +## Web ツール + +Web ツールはウェブ検索とフェッチに使用されます。 + +### Web Fetcher +ウェブページコンテンツの取得と処理に関する一般設定。 + +| 設定項目 | 型 | デフォルト | 説明 | +|---------------------|--------|---------------|----------------------------------------------------------------------------------------| +| `enabled` | bool | true | ウェブページ取得機能を有効にする。 | +| `fetch_limit_bytes` | int | 10485760 | 取得するウェブページペイロードの最大サイズ(バイト単位、デフォルトは10MB)。 | +| `format` | string | "plaintext" | 取得コンテンツの出力形式。オプション:`plaintext` または `markdown`(推奨)。 | + +### Brave + +| 設定項目 | 型 | デフォルト | 説明 | +|---------------|--------|------------|-----------------------| +| `enabled` | bool | false | Brave 検索を有効にする | +| `api_key` | string | - | Brave Search API キー | +| `max_results` | int | 5 | 最大結果数 | + +### DuckDuckGo + +| 設定項目 | 型 | デフォルト | 説明 | +|---------------|------|------------|---------------------------| +| `enabled` | bool | true | DuckDuckGo 検索を有効にする | +| `max_results` | int | 5 | 最大結果数 | + +### Perplexity + +| 設定項目 | 型 | デフォルト | 説明 | +|---------------|--------|------------|---------------------------| +| `enabled` | bool | false | Perplexity 検索を有効にする | +| `api_key` | string | - | Perplexity API キー | +| `max_results` | int | 5 | 最大結果数 | + +## Exec ツール + +Exec ツールはシェルコマンドの実行に使用されます。 + +| 設定項目 | 型 | デフォルト | 説明 | +|------------------------|-------|------------|------------------------------------| +| `enable_deny_patterns` | bool | true | デフォルトの危険コマンドブロックを有効にする | +| `custom_deny_patterns` | array | [] | カスタム拒否パターン(正規表現) | + +### 機能 + +- **`enable_deny_patterns`**:`false` に設定すると、デフォルトの危険コマンドブロックパターンを完全に無効にします +- **`custom_deny_patterns`**:カスタム拒否正規表現パターンを追加します。一致するコマンドはブロックされます + +### デフォルトでブロックされるコマンドパターン + +デフォルトで、PicoClaw は以下の危険なコマンドをブロックします: + +- 削除コマンド:`rm -rf`、`del /f/q`、`rmdir /s` +- ディスク操作:`format`、`mkfs`、`diskpart`、`dd if=`、`/dev/sd*` への書き込み +- システム操作:`shutdown`、`reboot`、`poweroff` +- コマンド置換:`$()`、`${}`、バッククォート +- シェルへのパイプ:`| sh`、`| bash` +- 権限昇格:`sudo`、`chmod`、`chown` +- プロセス制御:`pkill`、`killall`、`kill -9` +- リモート操作:`curl | sh`、`wget | sh`、`ssh` +- パッケージ管理:`apt`、`yum`、`dnf`、`npm install -g`、`pip install --user` +- コンテナ:`docker run`、`docker exec` +- Git:`git push`、`git force` +- その他:`eval`、`source *.sh` + +### 既知のアーキテクチャ上の制限 + +exec ガードは PicoClaw に送信されたトップレベルのコマンドのみを検証します。そのコマンドの実行開始後にビルドツールやスクリプトが生成する子プロセスを再帰的に検査することは**ありません**。 + +初期コマンドが許可された後、直接コマンドガードをバイパスできるワークフローの例: + +- `make run` +- `go run ./cmd/...` +- `cargo run` +- `npm run build` + +これは、明らかに危険な直接コマンドのブロックには有用ですが、未レビューのビルドパイプラインに対する完全なサンドボックスでは**ありません**。脅威モデルにワークスペース内の信頼できないコードが含まれる場合は、コンテナ、VM、またはビルド・実行コマンドに対する承認フローなど、より強力な分離を使用してください。 + +### 設定例 + +```json +{ + "tools": { + "exec": { + "enable_deny_patterns": true, + "custom_deny_patterns": [ + "\\brm\\s+-r\\b", + "\\bkillall\\s+python" + ] + } + } +} +``` + +## Cron ツール + +Cron ツールは定期タスクのスケジューリングに使用されます。 + +| 設定項目 | 型 | デフォルト | 説明 | +|------------------------|-----|------------|-----------------------------------------| +| `exec_timeout_minutes` | int | 5 | 実行タイムアウト(分)、0 は無制限 | + +## MCP ツール + +MCP ツールは外部の Model Context Protocol サーバーとの統合を可能にします。 + +### ツールディスカバリ(遅延読み込み) + +複数の MCP サーバーに接続する場合、数百のツールを同時に公開すると LLM のコンテキストウィンドウを使い果たし、API コストが増加する可能性があります。**Discovery** 機能は、MCP ツールをデフォルトで*非表示*にすることでこの問題を解決します。 + +すべてのツールを読み込む代わりに、LLM には軽量な検索ツール(BM25 キーワードマッチングまたは正規表現を使用)が提供されます。LLM が特定の機能を必要とする場合、非表示のライブラリを検索します。一致するツールは一時的に「アンロック」され、設定されたターン数(`ttl`)の間コンテキストに注入されます。 + +### グローバル設定 + +| 設定項目 | 型 | デフォルト | 説明 | +|-------------|--------|------------|--------------------------------------| +| `enabled` | bool | false | MCP 統合をグローバルに有効にする | +| `discovery` | object | `{}` | ツールディスカバリ設定(下記参照) | +| `servers` | object | `{}` | サーバー名からサーバー設定へのマップ | + +### Discovery 設定(`discovery`) + +| 設定項目 | 型 | デフォルト | 説明 | +|----------------------|------|------------|---------------------------------------------------------------------------------------------------------------| +| `enabled` | bool | false | true の場合、MCP ツールは非表示になり、検索を通じてオンデマンドで読み込まれます。false の場合、すべてのツールが読み込まれます | +| `ttl` | int | 5 | 発見されたツールがアンロック状態を維持する会話ターン数 | +| `max_search_results` | int | 5 | 検索クエリごとに返されるツールの最大数 | +| `use_bm25` | bool | true | 自然言語/キーワード検索ツール(`tool_search_tool_bm25`)を有効にする。**警告**:正規表現検索よりリソースを消費します | +| `use_regex` | bool | false | 正規表現パターン検索ツール(`tool_search_tool_regex`)を有効にする | + +> **注意:** `discovery.enabled` が `true` の場合、少なくとも1つの検索エンジン(`use_bm25` または `use_regex`)を有効にする**必要があります**。 +> そうしないとアプリケーションの起動に失敗します。 + +### サーバーごとの設定 + +| 設定項目 | 型 | 必須 | 説明 | +|------------|--------|----------|----------------------------------------| +| `enabled` | bool | はい | この MCP サーバーを有効にする | +| `type` | string | いいえ | トランスポートタイプ:`stdio`、`sse`、`http` | +| `command` | string | stdio | stdio トランスポートの実行コマンド | +| `args` | array | いいえ | stdio トランスポートのコマンド引数 | +| `env` | object | いいえ | stdio プロセスの環境変数 | +| `env_file` | string | いいえ | stdio プロセスの環境ファイルパス | +| `url` | string | sse/http | `sse`/`http` トランスポートのエンドポイント URL | +| `headers` | object | いいえ | `sse`/`http` トランスポートの HTTP ヘッダー | + +### トランスポートの動作 + +- `type` を省略した場合、トランスポートは自動検出されます: + - `url` が設定されている → `sse` + - `command` が設定されている → `stdio` +- `http` と `sse` はどちらも `url` + オプションの `headers` を使用します。 +- `env` と `env_file` は `stdio` サーバーにのみ適用されます。 + +### 設定例 + +#### 1) Stdio MCP サーバー + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "servers": { + "filesystem": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-filesystem", + "/tmp" + ] + } + } + } + } +} +``` + +#### 2) リモート SSE/HTTP MCP サーバー + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "servers": { + "remote-mcp": { + "enabled": true, + "type": "sse", + "url": "https://example.com/mcp", + "headers": { + "Authorization": "Bearer YOUR_TOKEN" + } + } + } + } + } +} +``` + +#### 3) ツールディスカバリを有効にした大規模 MCP セットアップ + +*この例では、LLM は `tool_search_tool_bm25` のみを認識します。ユーザーからリクエストがあった場合にのみ、Github や Postgres のツールを動的に検索してアンロックします。* + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "discovery": { + "enabled": true, + "ttl": 5, + "max_search_results": 5, + "use_bm25": true, + "use_regex": false + }, + "servers": { + "github": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-github" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "YOUR_GITHUB_TOKEN" + } + }, + "postgres": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-postgres", + "postgresql://user:password@localhost/dbname" + ] + }, + "slack": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-slack" + ], + "env": { + "SLACK_BOT_TOKEN": "YOUR_SLACK_BOT_TOKEN", + "SLACK_TEAM_ID": "YOUR_SLACK_TEAM_ID" + } + } + } + } + } +} +``` + +## Skills ツール + +Skills ツールは ClawHub などのレジストリを通じたスキルの発見とインストールを設定します。 + +### レジストリ + +| 設定項目 | 型 | デフォルト | 説明 | +|------------------------------------|--------|----------------------|----------------------------------------------| +| `registries.clawhub.enabled` | bool | true | ClawHub レジストリを有効にする | +| `registries.clawhub.base_url` | string | `https://clawhub.ai` | ClawHub ベース URL | +| `registries.clawhub.auth_token` | string | `""` | より高いレート制限のためのオプションの Bearer トークン | +| `registries.clawhub.search_path` | string | `/api/v1/search` | 検索 API パス | +| `registries.clawhub.skills_path` | string | `/api/v1/skills` | Skills API パス | +| `registries.clawhub.download_path` | string | `/api/v1/download` | ダウンロード API パス | + +### 設定例 + +```json +{ + "tools": { + "skills": { + "registries": { + "clawhub": { + "enabled": true, + "base_url": "https://clawhub.ai", + "auth_token": "", + "search_path": "/api/v1/search", + "skills_path": "/api/v1/skills", + "download_path": "/api/v1/download" + } + } + } + } +} +``` + +## 環境変数 + +すべての設定オプションは `PICOCLAW_TOOLS_
_` 形式の環境変数で上書きできます: + +例: + +- `PICOCLAW_TOOLS_WEB_BRAVE_ENABLED=true` +- `PICOCLAW_TOOLS_EXEC_ENABLE_DENY_PATTERNS=false` +- `PICOCLAW_TOOLS_CRON_EXEC_TIMEOUT_MINUTES=10` +- `PICOCLAW_TOOLS_MCP_ENABLED=true` + +注意:ネストされたマップ形式の設定(例:`tools.mcp.servers..*`)は環境変数ではなく `config.json` で設定します。 diff --git a/docs/ja/troubleshooting.md b/docs/ja/troubleshooting.md new file mode 100644 index 000000000..1c98224b9 --- /dev/null +++ b/docs/ja/troubleshooting.md @@ -0,0 +1,45 @@ +# 🐛 トラブルシューティング + +> [README](../../README.ja.md) に戻る + +## "model ... not found in model_list" または OpenRouter "free is not a valid model ID" + +**症状:** 以下のいずれかのエラーが表示されます: + +- `Error creating provider: model "openrouter/free" not found in model_list` +- OpenRouter が 400 を返す:`"free is not a valid model ID"` + +**原因:** `model_list` エントリの `model` フィールドは API に送信される値です。OpenRouter では省略形ではなく、**完全な**モデル ID を使用する必要があります。 + +- **誤り:** `"model": "free"` → OpenRouter は `free` を受け取り、拒否します。 +- **正しい:** `"model": "openrouter/free"` → OpenRouter は `openrouter/free` を受け取ります(自動無料枠ルーティング)。 + +**修正方法:** `~/.picoclaw/config.json`(またはお使いの設定パス)で: + +1. **agents.defaults.model** は `model_list` 内の `model_name` と一致する必要があります(例:`"openrouter-free"`)。 +2. そのエントリの **model** は有効な OpenRouter モデル ID である必要があります。例: + - `"openrouter/free"` – 自動無料枠 + - `"google/gemini-2.0-flash-exp:free"` + - `"meta-llama/llama-3.1-8b-instruct:free"` + +設定例: + +```json +{ + "agents": { + "defaults": { + "model": "openrouter-free" + } + }, + "model_list": [ + { + "model_name": "openrouter-free", + "model": "openrouter/free", + "api_key": "sk-or-v1-YOUR_OPENROUTER_KEY", + "api_base": "https://openrouter.ai/api/v1" + } + ] +} +``` + +キーは [OpenRouter Keys](https://openrouter.ai/keys) で取得できます。 diff --git a/docs/providers.md b/docs/providers.md new file mode 100644 index 000000000..e62cbb969 --- /dev/null +++ b/docs/providers.md @@ -0,0 +1,436 @@ +# 🔌 Providers & Model Configuration + +> Back to [README](../README.md) + +### Providers + +> [!NOTE] +> Groq provides free voice transcription via Whisper. If configured, audio messages from any channel will be automatically transcribed at the agent level. + +| Provider | Purpose | Get API Key | +| ------------ | --------------------------------------- | ------------------------------------------------------------ | +| `gemini` | LLM (Gemini direct) | [aistudio.google.com](https://aistudio.google.com) | +| `zhipu` | LLM (Zhipu direct) | [bigmodel.cn](https://bigmodel.cn) | +| `volcengine` | LLM(Volcengine direct) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| `openrouter` | LLM (recommended, access to all models) | [openrouter.ai](https://openrouter.ai) | +| `anthropic` | LLM (Claude direct) | [console.anthropic.com](https://console.anthropic.com) | +| `openai` | LLM (GPT direct) | [platform.openai.com](https://platform.openai.com) | +| `deepseek` | LLM (DeepSeek direct) | [platform.deepseek.com](https://platform.deepseek.com) | +| `qwen` | LLM (Qwen direct) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) | +| `groq` | LLM + **Voice transcription** (Whisper) | [console.groq.com](https://console.groq.com) | +| `cerebras` | LLM (Cerebras direct) | [cerebras.ai](https://cerebras.ai) | +| `vivgrid` | LLM (Vivgrid direct) | [vivgrid.com](https://vivgrid.com) | +| `nvidia` | LLM (NVIDIA NIM) | [build.nvidia.com](https://build.nvidia.com) | +| `moonshot` | LLM (Kimi/Moonshot direct) | [platform.moonshot.cn](https://platform.moonshot.cn) | +| `minimax` | LLM (Minimax direct) | [platform.minimaxi.com](https://platform.minimaxi.com) | +| `avian` | LLM (Avian direct) | [avian.io](https://avian.io) | +| `mistral` | LLM (Mistral direct) | [console.mistral.ai](https://console.mistral.ai) | +| `longcat` | LLM (Longcat direct) | [longcat.ai](https://longcat.ai) | +| `modelscope` | LLM (ModelScope direct) | [modelscope.cn](https://modelscope.cn) | + +### Model Configuration (model_list) + +> **What's New?** PicoClaw now uses a **model-centric** configuration approach. Simply specify `vendor/model` format (e.g., `zhipu/glm-4.7`) to add new providers—**zero code changes required!** + +This design also enables **multi-agent support** with flexible provider selection: + +- **Different agents, different providers**: Each agent can use its own LLM provider +- **Model fallbacks**: Configure primary and fallback models for resilience +- **Load balancing**: Distribute requests across multiple endpoints +- **Centralized configuration**: Manage all providers in one place + +#### 📋 All Supported Vendors + +| Vendor | `model` Prefix | Default API Base | Protocol | API Key | +| ------------------- | ----------------- |-----------------------------------------------------| --------- | ---------------------------------------------------------------- | +| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Get Key](https://platform.openai.com) | +| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Get Key](https://console.anthropic.com) | +| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Get Key](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | +| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Get Key](https://platform.deepseek.com) | +| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Get Key](https://aistudio.google.com/api-keys) | +| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Get Key](https://console.groq.com) | +| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [Get Key](https://platform.moonshot.cn) | +| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Get Key](https://dashscope.console.aliyun.com) | +| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [Get Key](https://build.nvidia.com) | +| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (no key needed) | +| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Get Key](https://openrouter.ai/keys) | +| **LiteLLM Proxy** | `litellm/` | `http://localhost:4000/v1` | OpenAI | Your LiteLLM proxy key | +| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | Local | +| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [Get Key](https://cerebras.ai) | +| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Get Key](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| **神算云** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | +| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [Get Key](https://www.byteplus.com) | +| **Vivgrid** | `vivgrid/` | `https://api.vivgrid.com/v1` | OpenAI | [Get Key](https://vivgrid.com) | +| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [Get Key](https://longcat.chat/platform) | +| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [Get Token](https://modelscope.cn/my/tokens) | +| **Azure OpenAI** | `azure/` | `https://{resource}.openai.azure.com` | Azure | [Get Key](https://portal.azure.com) | +| **Antigravity** | `antigravity/` | Google Cloud | Custom | OAuth only | +| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | + +#### Basic Configuration + +```json +{ + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-your-openai-key" + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" + }, + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-zhipu-key" + } + ], + "agents": { + "defaults": { + "model": "gpt-5.4" + } + } +} +``` + +#### Vendor-Specific Examples + +**OpenAI** + +```json +{ + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-..." +} +``` + +**VolcEngine (Doubao)** + +```json +{ + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-..." +} +``` + +**智谱 AI (GLM)** + +```json +{ + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" +} +``` + +**DeepSeek** + +```json +{ + "model_name": "deepseek-chat", + "model": "deepseek/deepseek-chat", + "api_key": "sk-..." +} +``` + +**Anthropic (with API key)** + +```json +{ + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" +} +``` + +> Run `picoclaw auth login --provider anthropic` to paste your API token. + +**Anthropic Messages API (native format)** + +For direct Anthropic API access or custom endpoints that only support Anthropic's native message format: + +```json +{ + "model_name": "claude-opus-4-6", + "model": "anthropic-messages/claude-opus-4-6", + "api_key": "sk-ant-your-key", + "api_base": "https://api.anthropic.com" +} +``` + +> Use `anthropic-messages` protocol when: +> - Using third-party proxies that only support Anthropic's native `/v1/messages` endpoint (not OpenAI-compatible `/v1/chat/completions`) +> - Connecting to services like MiniMax, Synthetic that require Anthropic's native message format +> - The existing `anthropic` protocol returns 404 errors (indicating the endpoint doesn't support OpenAI-compatible format) +> +> **Note:** The `anthropic` protocol uses OpenAI-compatible format (`/v1/chat/completions`), while `anthropic-messages` uses Anthropic's native format (`/v1/messages`). Choose based on your endpoint's supported format. + +**Ollama (local)** + +```json +{ + "model_name": "llama3", + "model": "ollama/llama3" +} +``` + +**Custom Proxy/API** + +```json +{ + "model_name": "my-custom-model", + "model": "openai/custom-model", + "api_base": "https://my-proxy.com/v1", + "api_key": "sk-...", + "request_timeout": 300 +} +``` + +**LiteLLM Proxy** + +```json +{ + "model_name": "lite-gpt4", + "model": "litellm/lite-gpt4", + "api_base": "http://localhost:4000/v1", + "api_key": "sk-..." +} +``` + +PicoClaw strips only the outer `litellm/` prefix before sending the request, so proxy aliases like `litellm/lite-gpt4` send `lite-gpt4`, while `litellm/openai/gpt-4o` sends `openai/gpt-4o`. + +#### Load Balancing + +Configure multiple endpoints for the same model name—PicoClaw will automatically round-robin between them: + +```json +{ + "model_list": [ + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api1.example.com/v1", + "api_key": "sk-key1" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api2.example.com/v1", + "api_key": "sk-key2" + } + ] +} +``` + +#### Migration from Legacy `providers` Config + +The old `providers` configuration is **deprecated** but still supported for backward compatibility. + +**Old Config (deprecated):** + +```json +{ + "providers": { + "zhipu": { + "api_key": "your-key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + }, + "agents": { + "defaults": { + "provider": "zhipu", + "model": "glm-4.7" + } + } +} +``` + +**New Config (recommended):** + +```json +{ + "model_list": [ + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" + } + ], + "agents": { + "defaults": { + "model": "glm-4.7" + } + } +} +``` + +For detailed migration guide, see [docs/migration/model-list-migration.md](docs/migration/model-list-migration.md). + +### Provider Architecture + +PicoClaw routes providers by protocol family: + +- OpenAI-compatible protocol: OpenRouter, OpenAI-compatible gateways, Groq, Zhipu, and vLLM-style endpoints. +- Anthropic protocol: Claude-native API behavior. +- Codex/OAuth path: OpenAI OAuth/token authentication route. + +This keeps the runtime lightweight while making new OpenAI-compatible backends mostly a config operation (`api_base` + `api_key`). + +
+Zhipu + +**1. Get API key and base URL** + +* Get [API key](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) + +**2. Configure** + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model": "glm-4.7", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "providers": { + "zhipu": { + "api_key": "Your API Key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + } +} +``` + +**3. Run** + +```bash +picoclaw agent -m "Hello" +``` + +
+ +
+Full config example + +```json +{ + "agents": { + "defaults": { + "model": "anthropic/claude-opus-4-5" + } + }, + "session": { + "dm_scope": "per-channel-peer", + "backlog_limit": 20 + }, + "providers": { + "openrouter": { + "api_key": "sk-or-v1-xxx" + }, + "groq": { + "api_key": "gsk_xxx" + } + }, + "channels": { + "telegram": { + "enabled": true, + "token": "123456:ABC...", + "allow_from": ["123456789"] + }, + "discord": { + "enabled": true, + "token": "", + "allow_from": [""] + }, + "whatsapp": { + "enabled": false, + "bridge_url": "ws://localhost:3001", + "use_native": false, + "session_store_path": "", + "allow_from": [] + }, + "feishu": { + "enabled": false, + "app_id": "cli_xxx", + "app_secret": "xxx", + "encrypt_key": "", + "verification_token": "", + "allow_from": [] + }, + "qq": { + "enabled": false, + "app_id": "", + "app_secret": "", + "allow_from": [] + } + }, + "tools": { + "web": { + "brave": { + "enabled": false, + "api_key": "BSA...", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://localhost:8888", + "max_results": 5 + } + }, + "cron": { + "exec_timeout_minutes": 5 + } + }, + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +
+ +--- + +## 📝 API Key Comparison + +| Service | Pricing | Use Case | +| ---------------- | ------------------------ | ------------------------------------- | +| **OpenRouter** | Free: 200K tokens/month | Multiple models (Claude, GPT-4, etc.) | +| **Volcengine CodingPlan** | ¥9.9/first month | Best for Chinese users, multiple SOTA models (Doubao, DeepSeek, etc.) | +| **Zhipu** | Free: 200K tokens/month | Suitable for Chinese users | +| **Brave Search** | $5/1000 queries | Web search functionality | +| **SearXNG** | Free (self-hosted) | Privacy-focused metasearch (70+ engines) | +| **Groq** | Free tier available | Fast inference (Llama, Mixtral) | +| **Cerebras** | Free tier available | Fast inference (Llama, Qwen, etc.) | +| **LongCat** | Free: up to 5M tokens/day | Fast inference | +| **ModelScope** | Free: 2000 requests/day | Inference (Qwen, GLM, DeepSeek, etc.) | + +--- + +
+ PicoClaw Meme +
diff --git a/docs/pt-br/chat-apps.md b/docs/pt-br/chat-apps.md new file mode 100644 index 000000000..5f18080f0 --- /dev/null +++ b/docs/pt-br/chat-apps.md @@ -0,0 +1,427 @@ +# 💬 Configuração de Aplicativos de Chat + +> Voltar ao [README](../../README.pt-br.md) + +## 💬 Aplicativos de Chat + +Converse com seu picoclaw através do Telegram, Discord, WhatsApp, Matrix, QQ, DingTalk, LINE, WeCom, Feishu, Slack, IRC, OneBot ou MaixCam + +> **Nota**: Todos os canais baseados em webhook (LINE, WeCom, etc.) são servidos em um único servidor HTTP Gateway compartilhado (`gateway.host`:`gateway.port`, padrão `127.0.0.1:18790`). Não há portas por canal para configurar. Nota: Feishu usa o modo WebSocket/SDK e não utiliza o servidor HTTP webhook compartilhado. + +| Channel | Setup | +| ------------ | ---------------------------------- | +| **Telegram** | Easy (just a token) | +| **Discord** | Easy (bot token + intents) | +| **WhatsApp** | Easy (native: QR scan; or bridge URL) | +| **Matrix** | Medium (homeserver + bot access token) | +| **QQ** | Easy (AppID + AppSecret) | +| **DingTalk** | Medium (app credentials) | +| **LINE** | Medium (credentials + webhook URL) | +| **WeCom AI Bot** | Medium (Token + AES key) | +| **Feishu** | Medium (App ID + Secret, WebSocket mode) | +| **Slack** | Medium (Bot token + App token) | +| **IRC** | Medium (server + TLS config) | +| **OneBot** | Medium (QQ via OneBot protocol) | +| **MaixCam** | Easy (Sipeed hardware integration) | +| **Pico** | Native PicoClaw protocol | + +
+Telegram (Recomendado) + +**1. Criar um bot** + +* Abra o Telegram, pesquise `@BotFather` +* Envie `/newbot`, siga as instruções +* Copie o token + +**2. Configurar** + +```json +{ + "channels": { + "telegram": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +> Obtenha seu ID de usuário com `@userinfobot` no Telegram. + +**3. Executar** + +```bash +picoclaw gateway +``` + +**4. Menu de comandos do Telegram (registrado automaticamente na inicialização)** + +O PicoClaw agora mantém definições de comandos em um registro compartilhado. Na inicialização, o Telegram registrará automaticamente os comandos de bot suportados (por exemplo `/start`, `/help`, `/show`, `/list`) para que o menu de comandos e o comportamento em tempo de execução permaneçam sincronizados. +O registro do menu de comandos do Telegram permanece como descoberta UX local do canal; a execução genérica de comandos é tratada centralmente no loop do agente via commands executor. + +Se o registro de comandos falhar (erros transitórios de rede/API), o canal ainda inicia e o PicoClaw tenta novamente o registro em segundo plano. + +
+ +
+Discord + +**1. Criar um bot** + +* Acesse +* Crie um aplicativo → Bot → Add Bot +* Copie o token do bot + +**2. Habilitar intents** + +* Nas configurações do Bot, habilite **MESSAGE CONTENT INTENT** +* (Opcional) Habilite **SERVER MEMBERS INTENT** se planeja usar listas de permissão baseadas em dados de membros + +**3. Obter seu User ID** +* Configurações do Discord → Avançado → habilite **Developer Mode** +* Clique com o botão direito no seu avatar → **Copy User ID** + +**4. Configurar** + +```json +{ + "channels": { + "discord": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +**5. Convidar o bot** + +* OAuth2 → URL Generator +* Scopes: `bot` +* Bot Permissions: `Send Messages`, `Read Message History` +* Abra a URL de convite gerada e adicione o bot ao seu servidor + +**Opcional: Modo de ativação em grupo** + +Por padrão, o bot responde a todas as mensagens em um canal do servidor. Para restringir respostas apenas a @menções, adicione: + +```json +{ + "channels": { + "discord": { + "group_trigger": { "mention_only": true } + } + } +} +``` + +Você também pode ativar por prefixos de palavras-chave (ex.: `!bot`): + +```json +{ + "channels": { + "discord": { + "group_trigger": { "prefixes": ["!bot"] } + } + } +} +``` + +**6. Executar** + +```bash +picoclaw gateway +``` + +
+ +
+WhatsApp (nativo via whatsmeow) + +O PicoClaw pode se conectar ao WhatsApp de duas formas: + +- **Nativo (recomendado):** In-process usando [whatsmeow](https://github.com/tulir/whatsmeow). Sem bridge separado. Defina `"use_native": true` e deixe `bridge_url` vazio. Na primeira execução, escaneie o QR code com o WhatsApp (Dispositivos Vinculados). A sessão é armazenada no seu workspace (ex.: `workspace/whatsapp/`). O canal nativo é **opcional** para manter o binário padrão pequeno; compile com `-tags whatsapp_native` (ex.: `make build-whatsapp-native` ou `go build -tags whatsapp_native ./cmd/...`). +- **Bridge:** Conecte-se a um bridge WebSocket externo. Defina `bridge_url` (ex.: `ws://localhost:3001`) e mantenha `use_native` como false. + +**Configurar (nativo)** + +```json +{ + "channels": { + "whatsapp": { + "enabled": true, + "use_native": true, + "session_store_path": "", + "allow_from": [] + } + } +} +``` + +Se `session_store_path` estiver vazio, a sessão é armazenada em `/whatsapp/`. Execute `picoclaw gateway`; na primeira execução, escaneie o QR code impresso no terminal com WhatsApp → Dispositivos Vinculados. + +
+ +
+QQ + +**1. Criar um bot** + +- Acesse a [QQ Open Platform](https://q.qq.com/#) +- Crie um aplicativo → Obtenha **AppID** e **AppSecret** + +**2. Configurar** + +```json +{ + "channels": { + "qq": { + "enabled": true, + "app_id": "YOUR_APP_ID", + "app_secret": "YOUR_APP_SECRET", + "allow_from": [] + } + } +} +``` + +> Defina `allow_from` como vazio para permitir todos os usuários, ou especifique números QQ para restringir o acesso. + +**3. Executar** + +```bash +picoclaw gateway +``` + +
+ +
+DingTalk + +**1. Criar um bot** + +* Acesse a [Open Platform](https://open.dingtalk.com/) +* Crie um aplicativo interno +* Copie o Client ID e o Client Secret + +**2. Configurar** + +```json +{ + "channels": { + "dingtalk": { + "enabled": true, + "client_id": "YOUR_CLIENT_ID", + "client_secret": "YOUR_CLIENT_SECRET", + "allow_from": [] + } + } +} +``` + +> Defina `allow_from` como vazio para permitir todos os usuários, ou especifique IDs de usuário DingTalk para restringir o acesso. + +**3. Executar** + +```bash +picoclaw gateway +``` +
+ +
+Matrix + +**1. Preparar conta do bot** + +* Use seu homeserver preferido (ex.: `https://matrix.org` ou auto-hospedado) +* Crie um usuário bot e obtenha seu access token + +**2. Configurar** + +```json +{ + "channels": { + "matrix": { + "enabled": true, + "homeserver": "https://matrix.org", + "user_id": "@your-bot:matrix.org", + "access_token": "YOUR_MATRIX_ACCESS_TOKEN", + "allow_from": [] + } + } +} +``` + +**3. Executar** + +```bash +picoclaw gateway +``` + +Para opções completas (`device_id`, `join_on_invite`, `group_trigger`, `placeholder`, `reasoning_channel_id`), veja o [Guia de Configuração do Canal Matrix](docs/channels/matrix/README.md). + +
+ +
+LINE + +**1. Criar uma Conta Oficial LINE** + +- Acesse o [LINE Developers Console](https://developers.line.biz/) +- Crie um provider → Crie um canal Messaging API +- Copie o **Channel Secret** e o **Channel Access Token** + +**2. Configurar** + +```json +{ + "channels": { + "line": { + "enabled": true, + "channel_secret": "YOUR_CHANNEL_SECRET", + "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN", + "webhook_path": "/webhook/line", + "allow_from": [] + } + } +} +``` + +> O webhook do LINE é servido no servidor Gateway compartilhado (`gateway.host`:`gateway.port`, padrão `127.0.0.1:18790`). + +**3. Configurar URL do Webhook** + +O LINE requer HTTPS para webhooks. Use um proxy reverso ou túnel: + +```bash +# Exemplo com ngrok (porta padrão do gateway é 18790) +ngrok http 18790 +``` + +Em seguida, defina a URL do Webhook no LINE Developers Console como `https://your-domain/webhook/line` e habilite **Use webhook**. + +**4. Executar** + +```bash +picoclaw gateway +``` + +> Em chats de grupo, o bot responde apenas quando @mencionado. As respostas citam a mensagem original. + +
+ +
+WeCom (企业微信) + +O PicoClaw suporta três tipos de integração WeCom: + +**Opção 1: WeCom Bot (Bot)** - Configuração mais fácil, suporta chats de grupo +**Opção 2: WeCom App (App Personalizado)** - Mais recursos, mensagens proativas, apenas chat privado +**Opção 3: WeCom AI Bot (AI Bot)** - AI Bot oficial, respostas em streaming, suporta chat de grupo e privado + +Veja o [Guia de Configuração do WeCom AI Bot](docs/channels/wecom/wecom_aibot/README.zh.md) para instruções detalhadas de configuração. + +**Configuração Rápida - WeCom Bot:** + +**1. Criar um bot** + +* Acesse o Console de Administração WeCom → Chat de Grupo → Adicionar Bot de Grupo +* Copie a URL do webhook (formato: `https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) + +**2. Configurar** + +```json +{ + "channels": { + "wecom": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", + "webhook_path": "/webhook/wecom", + "allow_from": [] + } + } +} +``` + +> O webhook do WeCom é servido no servidor Gateway compartilhado (`gateway.host`:`gateway.port`, padrão `127.0.0.1:18790`). + +**Configuração Rápida - WeCom App:** + +**1. Criar um aplicativo** + +* Acesse o Console de Administração WeCom → Gerenciamento de Apps → Criar App +* Copie o **AgentId** e o **Secret** +* Acesse a página "Minha Empresa", copie o **CorpID** + +**2. Configurar recebimento de mensagens** + +* Nos detalhes do App, clique em "Receber Mensagem" → "Configurar API" +* Defina a URL como `http://your-server:18790/webhook/wecom-app` +* Gere o **Token** e o **EncodingAESKey** + +**3. Configurar** + +```json +{ + "channels": { + "wecom_app": { + "enabled": true, + "corp_id": "wwxxxxxxxxxxxxxxxx", + "corp_secret": "YOUR_CORP_SECRET", + "agent_id": 1000002, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-app", + "allow_from": [] + } + } +} +``` + +**4. Executar** + +```bash +picoclaw gateway +``` + +> **Nota**: Os callbacks de webhook do WeCom são servidos na porta do Gateway (padrão 18790). Use um proxy reverso para HTTPS. + +**Configuração Rápida - WeCom AI Bot:** + +**1. Criar um AI Bot** + +* Acesse o Console de Administração WeCom → Gerenciamento de Apps → AI Bot +* Nas configurações do AI Bot, configure a URL de callback: `http://your-server:18791/webhook/wecom-aibot` +* Copie o **Token** e clique em "Gerar Aleatoriamente" para o **EncodingAESKey** + +**2. Configurar** + +```json +{ + "channels": { + "wecom_aibot": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-aibot", + "allow_from": [], + "welcome_message": "Hello! How can I help you?" + } + } +} +``` + +**3. Executar** + +```bash +picoclaw gateway +``` + +> **Nota**: O WeCom AI Bot usa protocolo de streaming pull — sem preocupações com timeout de resposta. Tarefas longas (>30 segundos) mudam automaticamente para entrega via `response_url` push. + +
diff --git a/docs/pt-br/configuration.md b/docs/pt-br/configuration.md new file mode 100644 index 000000000..bf4833da4 --- /dev/null +++ b/docs/pt-br/configuration.md @@ -0,0 +1,217 @@ +# ⚙️ Guia de Configuração + +> Voltar ao [README](../../README.pt-br.md) + +## ⚙️ Configuração + +Arquivo de configuração: `~/.picoclaw/config.json` + +### Variáveis de Ambiente + +Você pode substituir os caminhos padrão usando variáveis de ambiente. Isso é útil para instalações portáteis, implantações em contêineres ou execução do picoclaw como serviço do sistema. Essas variáveis são independentes e controlam caminhos diferentes. + +| Variável | Descrição | Caminho Padrão | +|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| +| `PICOCLAW_CONFIG` | Substitui o caminho para o arquivo de configuração. Isso indica diretamente ao picoclaw qual `config.json` carregar, ignorando todos os outros locais. | `~/.picoclaw/config.json` | +| `PICOCLAW_HOME` | Substitui o diretório raiz para dados do picoclaw. Isso altera o local padrão do `workspace` e outros diretórios de dados. | `~/.picoclaw` | + +**Exemplos:** + +```bash +# Executar picoclaw usando um arquivo de configuração específico +# O caminho do workspace será lido de dentro desse arquivo de configuração +PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway + +# Executar picoclaw com todos os dados armazenados em /opt/picoclaw +# A configuração será carregada do padrão ~/.picoclaw/config.json +# O workspace será criado em /opt/picoclaw/workspace +PICOCLAW_HOME=/opt/picoclaw picoclaw agent + +# Usar ambos para uma configuração totalmente personalizada +PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway +``` + +### Layout do Workspace + +O PicoClaw armazena dados no seu workspace configurado (padrão: `~/.picoclaw/workspace`): + +``` +~/.picoclaw/workspace/ +├── sessions/ # Sessões de conversa e histórico +├── memory/ # Memória de longo prazo (MEMORY.md) +├── state/ # Estado persistente (último canal, etc.) +├── cron/ # Banco de dados de tarefas agendadas +├── skills/ # Skills personalizadas +├── AGENTS.md # Guia de comportamento do agente +├── HEARTBEAT.md # Prompts de tarefas periódicas (verificados a cada 30 min) +├── IDENTITY.md # Identidade do agente +├── SOUL.md # Alma do agente +└── USER.md # Preferências do usuário +``` + +### Fontes de Skills + +Por padrão, as skills são carregadas de: + +1. `~/.picoclaw/workspace/skills` (workspace) +2. `~/.picoclaw/skills` (global) +3. `/skills` (builtin) + +Para configurações avançadas/de teste, você pode substituir o diretório raiz de skills builtin com: + +```bash +export PICOCLAW_BUILTIN_SKILLS=/path/to/skills +``` + +### Política Unificada de Execução de Comandos + +- Comandos slash genéricos são executados através de um único caminho em `pkg/agent/loop.go` via `commands.Executor`. +- Os adaptadores de canal não consomem mais comandos genéricos localmente; eles encaminham o texto de entrada para o caminho bus/agent. O Telegram ainda registra automaticamente os comandos suportados na inicialização. +- Comando slash desconhecido (por exemplo `/foo`) passa para o processamento normal do LLM. +- Comando registrado mas não suportado no canal atual (por exemplo `/show` no WhatsApp) retorna um erro explícito ao usuário e interrompe o processamento. + +### 🔒 Sandbox de Segurança + +O PicoClaw é executado em um ambiente sandbox por padrão. O agente só pode acessar arquivos e executar comandos dentro do workspace configurado. + +#### Configuração Padrão + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "restrict_to_workspace": true + } + } +} +``` + +| Opção | Padrão | Descrição | +| ----------------------- | ----------------------- | ----------------------------------------- | +| `workspace` | `~/.picoclaw/workspace` | Diretório de trabalho do agente | +| `restrict_to_workspace` | `true` | Restringir acesso a arquivos/comandos ao workspace | + +#### Ferramentas Protegidas + +Quando `restrict_to_workspace: true`, as seguintes ferramentas são isoladas: + +| Ferramenta | Função | Restrição | +| ------------- | ---------------- | -------------------------------------- | +| `read_file` | Ler arquivos | Apenas arquivos dentro do workspace | +| `write_file` | Escrever arquivos| Apenas arquivos dentro do workspace | +| `list_dir` | Listar diretórios| Apenas diretórios dentro do workspace | +| `edit_file` | Editar arquivos | Apenas arquivos dentro do workspace | +| `append_file` | Anexar a arquivos| Apenas arquivos dentro do workspace | +| `exec` | Executar comandos| Caminhos de comando devem estar dentro do workspace | + +#### Proteção Adicional do Exec + +Mesmo com `restrict_to_workspace: false`, a ferramenta `exec` bloqueia estes comandos perigosos: + +* `rm -rf`, `del /f`, `rmdir /s` — Exclusão em massa +* `format`, `mkfs`, `diskpart` — Formatação de disco +* `dd if=` — Imagem de disco +* Escrita em `/dev/sd[a-z]` — Escritas diretas em disco +* `shutdown`, `reboot`, `poweroff` — Desligamento do sistema +* Fork bomb `:(){ :|:& };:` + +### Controle de Acesso a Arquivos + +| Config Key | Type | Default | Description | +|------------|------|---------|-------------| +| `tools.allow_read_paths` | string[] | `[]` | Additional paths allowed for reading outside workspace | +| `tools.allow_write_paths` | string[] | `[]` | Additional paths allowed for writing outside workspace | + +### Segurança do Exec + +| Config Key | Type | Default | Description | +|------------|------|---------|-------------| +| `tools.exec.allow_remote` | bool | `false` | Allow exec tool from remote channels (Telegram/Discord etc.) | +| `tools.exec.enable_deny_patterns` | bool | `true` | Enable dangerous command interception | +| `tools.exec.custom_deny_patterns` | string[] | `[]` | Custom regex patterns to block | +| `tools.exec.custom_allow_patterns` | string[] | `[]` | Custom regex patterns to allow | + +> **Nota de Segurança:** A proteção contra symlinks é habilitada por padrão — todos os caminhos de arquivo são resolvidos através de `filepath.EvalSymlinks` antes da correspondência com a whitelist, prevenindo ataques de escape via symlink. + +#### Limitação Conhecida: Processos Filhos de Ferramentas de Build + +O guard de segurança do exec inspeciona apenas a linha de comando que o PicoClaw executa diretamente. Ele não inspeciona recursivamente processos filhos gerados por ferramentas de desenvolvimento permitidas como `make`, `go run`, `cargo`, `npm run` ou scripts de build personalizados. + +Isso significa que um comando de nível superior ainda pode compilar ou executar outros binários após passar pela verificação inicial do guard. Na prática, trate scripts de build, Makefiles, scripts de pacotes e binários gerados como código executável que precisa do mesmo nível de revisão que um comando shell direto. + +Para ambientes de maior risco: + +* Revise scripts de build antes da execução. +* Prefira aprovação/revisão manual para fluxos de trabalho de compilação e execução. +* Execute o PicoClaw dentro de um contêiner ou VM se precisar de isolamento mais forte do que o guard integrado oferece. + +#### Exemplos de Erro + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (path outside working dir)} +``` + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} +``` + +#### Desabilitando Restrições (Risco de Segurança) + +Se você precisar que o agente acesse caminhos fora do workspace: + +**Método 1: Arquivo de configuração** + +```json +{ + "agents": { + "defaults": { + "restrict_to_workspace": false + } + } +} +``` + +**Método 2: Variável de ambiente** + +```bash +export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false +``` + +> ⚠️ **Aviso**: Desabilitar esta restrição permite que o agente acesse qualquer caminho no seu sistema. Use com cautela apenas em ambientes controlados. + +#### Consistência do Limite de Segurança + +A configuração `restrict_to_workspace` se aplica consistentemente em todos os caminhos de execução: + +| Caminho de Execução | Limite de Segurança | +| -------------------- | ---------------------------- | +| Main Agent | `restrict_to_workspace` ✅ | +| Subagent / Spawn | Herda a mesma restrição ✅ | +| Heartbeat tasks | Herda a mesma restrição ✅ | + +Todos os caminhos compartilham a mesma restrição de workspace — não há como contornar o limite de segurança através de subagentes ou tarefas agendadas. + +### Heartbeat (Tarefas Periódicas) + +O PicoClaw pode executar tarefas periódicas automaticamente. Crie um arquivo `HEARTBEAT.md` no seu workspace: + +```markdown +# Tarefas Periódicas + +- Verificar meu e-mail para mensagens importantes +- Revisar meu calendário para eventos próximos +- Verificar a previsão do tempo +``` + +O agente lerá este arquivo a cada 30 minutos (configurável) e executará quaisquer tarefas usando as ferramentas disponíveis. + +#### Tarefas Assíncronas com Spawn + +Para tarefas de longa duração (busca na web, chamadas de API), use a ferramenta `spawn` para criar um **subagente**: + +```markdown +# Tarefas Periódicas +``` diff --git a/docs/pt-br/docker.md b/docs/pt-br/docker.md new file mode 100644 index 000000000..af58c89b2 --- /dev/null +++ b/docs/pt-br/docker.md @@ -0,0 +1,166 @@ +# 🐳 Docker e Início Rápido + +> Voltar ao [README](../../README.pt-br.md) + +## 🐳 Docker Compose + +Você também pode executar o PicoClaw usando Docker Compose sem instalar nada localmente. + +```bash +# 1. Clone este repositório +git clone https://github.com/sipeed/picoclaw.git +cd picoclaw + +# 2. Primeira execução — gera automaticamente docker/data/config.json e encerra +docker compose -f docker/docker-compose.yml --profile gateway up +# O contêiner exibe "First-run setup complete." e para. + +# 3. Configure suas chaves de API +vim docker/data/config.json # Set provider API keys, bot tokens, etc. + +# 4. Iniciar +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +> [!TIP] +> **Usuários Docker**: Por padrão, o Gateway escuta em `127.0.0.1`, que não é acessível a partir do host. Se você precisar acessar os endpoints de saúde ou expor portas, defina `PICOCLAW_GATEWAY_HOST=0.0.0.0` no seu ambiente ou atualize o `config.json`. + +```bash +# 5. Verificar logs +docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway + +# 6. Parar +docker compose -f docker/docker-compose.yml --profile gateway down +``` + +### Modo Launcher (Console Web) + +A imagem `launcher` inclui os três binários (`picoclaw`, `picoclaw-launcher`, `picoclaw-launcher-tui`) e inicia o console web por padrão, que fornece uma interface baseada em navegador para configuração e chat. + +```bash +docker compose -f docker/docker-compose.yml --profile launcher up -d +``` + +Abra http://localhost:18800 no seu navegador. O launcher gerencia o processo do gateway automaticamente. + +> [!WARNING] +> O console web ainda não suporta autenticação. Evite expô-lo na internet pública. + +### Modo Agent (One-shot) + +```bash +# Fazer uma pergunta +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "What is 2+2?" + +# Modo interativo +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent +``` + +### Atualização + +```bash +docker compose -f docker/docker-compose.yml pull +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +### 🚀 Início Rápido + +> [!TIP] +> Configure sua chave de API em `~/.picoclaw/config.json`. Obtenha chaves de API: [Volcengine (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM). A busca na web é opcional — obtenha gratuitamente uma [API Tavily](https://tavily.com) (1000 consultas gratuitas/mês) ou [API Brave Search](https://brave.com/search/api) (2000 consultas gratuitas/mês). + +**1. Inicializar** + +```bash +picoclaw onboard +``` + +**2. Configurar** (`~/.picoclaw/config.json`) + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model_name": "gpt-5.4", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key", + "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "your-api-key", + "request_timeout": 300 + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "your-anthropic-key" + } + ], + "tools": { + "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", + "brave": { + "enabled": false, + "api_key": "YOUR_BRAVE_API_KEY", + "max_results": 5 + }, + "tavily": { + "enabled": false, + "api_key": "YOUR_TAVILY_API_KEY", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "YOUR_PERPLEXITY_API_KEY", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://your-searxng-instance:8888", + "max_results": 5 + } + } + } +} +``` + +> **Novo**: O formato de configuração `model_list` permite adicionar provedores sem alteração de código. Veja [Configuração de Modelos](#configuração-de-modelos-model_list) para detalhes. +> `request_timeout` é opcional e usa segundos. Se omitido ou definido como `<= 0`, o PicoClaw usa o timeout padrão (120s). + +**3. Obter chaves de API** + +* **Provedor LLM**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) +* **Busca na Web** (opcional): + * [Brave Search](https://brave.com/search/api) - Pago ($5/1000 consultas, ~$5-6/mês) + * [Perplexity](https://www.perplexity.ai) - Busca com IA e interface de chat + * [SearXNG](https://github.com/searxng/searxng) - Metabuscador auto-hospedado (gratuito, sem necessidade de chave de API) + * [Tavily](https://tavily.com) - Otimizado para agentes de IA (1000 requisições/mês) + * DuckDuckGo - Fallback integrado (sem necessidade de chave de API) + +> **Nota**: Veja `config.example.json` para um modelo de configuração completo. + +**4. Conversar** + +```bash +picoclaw agent -m "What is 2+2?" +``` + +Pronto! Você tem um assistente de IA funcionando em 2 minutos. + +--- diff --git a/docs/pt-br/providers.md b/docs/pt-br/providers.md new file mode 100644 index 000000000..04fb9fc6b --- /dev/null +++ b/docs/pt-br/providers.md @@ -0,0 +1,434 @@ +# 🔌 Provedores e Configuração de Modelos + +> Voltar ao [README](../../README.pt-br.md) + +### Provedores + +> [!NOTE] +> O Groq fornece transcrição de voz gratuita via Whisper. Se configurado, mensagens de áudio de qualquer canal serão automaticamente transcritas no nível do agente. + +| Provider | Purpose | Get API Key | +| ------------ | --------------------------------------- | ------------------------------------------------------------ | +| `gemini` | LLM (Gemini direct) | [aistudio.google.com](https://aistudio.google.com) | +| `zhipu` | LLM (Zhipu direct) | [bigmodel.cn](https://bigmodel.cn) | +| `volcengine` | LLM(Volcengine direct) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| `openrouter` | LLM (recommended, access to all models) | [openrouter.ai](https://openrouter.ai) | +| `anthropic` | LLM (Claude direct) | [console.anthropic.com](https://console.anthropic.com) | +| `openai` | LLM (GPT direct) | [platform.openai.com](https://platform.openai.com) | +| `deepseek` | LLM (DeepSeek direct) | [platform.deepseek.com](https://platform.deepseek.com) | +| `qwen` | LLM (Qwen direct) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) | +| `groq` | LLM + **Voice transcription** (Whisper) | [console.groq.com](https://console.groq.com) | +| `cerebras` | LLM (Cerebras direct) | [cerebras.ai](https://cerebras.ai) | +| `vivgrid` | LLM (Vivgrid direct) | [vivgrid.com](https://vivgrid.com) | +| `moonshot` | LLM (Kimi/Moonshot direct) | [platform.moonshot.cn](https://platform.moonshot.cn) | +| `minimax` | LLM (Minimax direct) | [platform.minimaxi.com](https://platform.minimaxi.com) | +| `avian` | LLM (Avian direct) | [avian.io](https://avian.io) | +| `mistral` | LLM (Mistral direct) | [console.mistral.ai](https://console.mistral.ai) | +| `longcat` | LLM (Longcat direct) | [longcat.ai](https://longcat.ai) | +| `modelscope` | LLM (ModelScope direct) | [modelscope.cn](https://modelscope.cn) | + +### Configuração de Modelos (model_list) + +> **Novidade?** O PicoClaw agora usa uma abordagem de configuração **centrada no modelo**. Basta especificar o formato `vendor/model` (ex.: `zhipu/glm-4.7`) para adicionar novos provedores — **sem necessidade de alteração de código!** + +Este design também permite **suporte multi-agente** com seleção flexível de provedores: + +- **Agentes diferentes, provedores diferentes**: Cada agente pode usar seu próprio provedor LLM +- **Fallback de modelos**: Configure modelos primários e de fallback para resiliência +- **Balanceamento de carga**: Distribua requisições entre múltiplos endpoints +- **Configuração centralizada**: Gerencie todos os provedores em um só lugar + +#### 📋 Todos os Vendors Suportados + +| Vendor | `model` Prefix | Default API Base | Protocol | API Key | +| ------------------- | ----------------- |-----------------------------------------------------| --------- | ---------------------------------------------------------------- | +| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Get Key](https://platform.openai.com) | +| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Get Key](https://console.anthropic.com) | +| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Get Key](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | +| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Get Key](https://platform.deepseek.com) | +| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Get Key](https://aistudio.google.com/api-keys) | +| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Get Key](https://console.groq.com) | +| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [Get Key](https://platform.moonshot.cn) | +| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Get Key](https://dashscope.console.aliyun.com) | +| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [Get Key](https://build.nvidia.com) | +| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (no key needed) | +| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Get Key](https://openrouter.ai/keys) | +| **LiteLLM Proxy** | `litellm/` | `http://localhost:4000/v1` | OpenAI | Your LiteLLM proxy key | +| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | Local | +| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [Get Key](https://cerebras.ai) | +| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Get Key](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| **神算云** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | +| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [Get Key](https://www.byteplus.com) | +| **Vivgrid** | `vivgrid/` | `https://api.vivgrid.com/v1` | OpenAI | [Get Key](https://vivgrid.com) | +| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [Get Key](https://longcat.chat/platform) | +| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [Get Token](https://modelscope.cn/my/tokens) | +| **Antigravity** | `antigravity/` | Google Cloud | Custom | OAuth only | +| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | + +#### Configuração Básica + +```json +{ + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-your-openai-key" + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" + }, + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-zhipu-key" + } + ], + "agents": { + "defaults": { + "model": "gpt-5.4" + } + } +} +``` + +#### Exemplos por Vendor + +**OpenAI** + +```json +{ + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-..." +} +``` + +**VolcEngine (Doubao)** + +```json +{ + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-..." +} +``` + +**智谱 AI (GLM)** + +```json +{ + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" +} +``` + +**DeepSeek** + +```json +{ + "model_name": "deepseek-chat", + "model": "deepseek/deepseek-chat", + "api_key": "sk-..." +} +``` + +**Anthropic (com chave de API)** + +```json +{ + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" +} +``` + +> Execute `picoclaw auth login --provider anthropic` para colar seu token de API. + +**Anthropic Messages API (formato nativo)** + +Para acesso direto à API Anthropic ou endpoints personalizados que suportam apenas o formato de mensagem nativo da Anthropic: + +```json +{ + "model_name": "claude-opus-4-6", + "model": "anthropic-messages/claude-opus-4-6", + "api_key": "sk-ant-your-key", + "api_base": "https://api.anthropic.com" +} +``` + +> Use o protocolo `anthropic-messages` quando: +> - Usar proxies de terceiros que suportam apenas o endpoint nativo `/v1/messages` da Anthropic (não o compatível com OpenAI `/v1/chat/completions`) +> - Conectar a serviços como MiniMax, Synthetic que requerem o formato de mensagem nativo da Anthropic +> - O protocolo `anthropic` existente retorna erros 404 (indicando que o endpoint não suporta formato compatível com OpenAI) +> +> **Nota:** O protocolo `anthropic` usa formato compatível com OpenAI (`/v1/chat/completions`), enquanto `anthropic-messages` usa o formato nativo da Anthropic (`/v1/messages`). Escolha com base no formato suportado pelo seu endpoint. + +**Ollama (local)** + +```json +{ + "model_name": "llama3", + "model": "ollama/llama3" +} +``` + +**Proxy/API Personalizado** + +```json +{ + "model_name": "my-custom-model", + "model": "openai/custom-model", + "api_base": "https://my-proxy.com/v1", + "api_key": "sk-...", + "request_timeout": 300 +} +``` + +**LiteLLM Proxy** + +```json +{ + "model_name": "lite-gpt4", + "model": "litellm/lite-gpt4", + "api_base": "http://localhost:4000/v1", + "api_key": "sk-..." +} +``` + +O PicoClaw remove apenas o prefixo externo `litellm/` antes de enviar a requisição, então aliases de proxy como `litellm/lite-gpt4` enviam `lite-gpt4`, enquanto `litellm/openai/gpt-4o` envia `openai/gpt-4o`. + +#### Balanceamento de Carga + +Configure múltiplos endpoints para o mesmo nome de modelo — o PicoClaw fará automaticamente round-robin entre eles: + +```json +{ + "model_list": [ + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api1.example.com/v1", + "api_key": "sk-key1" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api2.example.com/v1", + "api_key": "sk-key2" + } + ] +} +``` + +#### Migração da Configuração Legacy `providers` + +A configuração antiga `providers` está **descontinuada** mas ainda é suportada para compatibilidade retroativa. + +**Configuração Antiga (descontinuada):** + +```json +{ + "providers": { + "zhipu": { + "api_key": "your-key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + }, + "agents": { + "defaults": { + "provider": "zhipu", + "model": "glm-4.7" + } + } +} +``` + +**Configuração Nova (recomendada):** + +```json +{ + "model_list": [ + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" + } + ], + "agents": { + "defaults": { + "model": "glm-4.7" + } + } +} +``` + +Para guia de migração detalhado, veja [docs/migration/model-list-migration.md](docs/migration/model-list-migration.md). + +### Arquitetura de Provedores + +O PicoClaw roteia provedores por família de protocolo: + +- Protocolo compatível com OpenAI: OpenRouter, gateways compatíveis com OpenAI, Groq, Zhipu e endpoints estilo vLLM. +- Protocolo Anthropic: Comportamento nativo da API Claude. +- Caminho Codex/OAuth: Rota de autenticação OAuth/token da OpenAI. + +Isso mantém o runtime leve enquanto torna novos backends compatíveis com OpenAI basicamente uma operação de configuração (`api_base` + `api_key`). + +
+Zhipu + +**1. Obter chave de API e URL base** + +* Obtenha a [chave de API](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) + +**2. Configurar** + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model": "glm-4.7", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "providers": { + "zhipu": { + "api_key": "Your API Key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + } +} +``` + +**3. Executar** + +```bash +picoclaw agent -m "Hello" +``` + +
+ +
+Exemplo de configuração completa + +```json +{ + "agents": { + "defaults": { + "model": "anthropic/claude-opus-4-5" + } + }, + "session": { + "dm_scope": "per-channel-peer", + "backlog_limit": 20 + }, + "providers": { + "openrouter": { + "api_key": "sk-or-v1-xxx" + }, + "groq": { + "api_key": "gsk_xxx" + } + }, + "channels": { + "telegram": { + "enabled": true, + "token": "123456:ABC...", + "allow_from": ["123456789"] + }, + "discord": { + "enabled": true, + "token": "", + "allow_from": [""] + }, + "whatsapp": { + "enabled": false, + "bridge_url": "ws://localhost:3001", + "use_native": false, + "session_store_path": "", + "allow_from": [] + }, + "feishu": { + "enabled": false, + "app_id": "cli_xxx", + "app_secret": "xxx", + "encrypt_key": "", + "verification_token": "", + "allow_from": [] + }, + "qq": { + "enabled": false, + "app_id": "", + "app_secret": "", + "allow_from": [] + } + }, + "tools": { + "web": { + "brave": { + "enabled": false, + "api_key": "BSA...", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://localhost:8888", + "max_results": 5 + } + }, + "cron": { + "exec_timeout_minutes": 5 + } + }, + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +
+ +--- + +## 📝 Comparação de Chaves de API + +| Service | Pricing | Use Case | +| ---------------- | ------------------------ | ------------------------------------- | +| **OpenRouter** | Free: 200K tokens/month | Multiple models (Claude, GPT-4, etc.) | +| **Volcengine CodingPlan** | ¥9.9/first month | Best for Chinese users, multiple SOTA models (Doubao, DeepSeek, etc.) | +| **Zhipu** | Free: 200K tokens/month | Suitable for Chinese users | +| **Brave Search** | $5/1000 queries | Web search functionality | +| **SearXNG** | Free (self-hosted) | Privacy-focused metasearch (70+ engines) | +| **Groq** | Free tier available | Fast inference (Llama, Mixtral) | +| **Cerebras** | Free tier available | Fast inference (Llama, Qwen, etc.) | +| **LongCat** | Free: up to 5M tokens/day | Fast inference | +| **ModelScope** | Free: 2000 requests/day | Inference (Qwen, GLM, DeepSeek, etc.) | + +--- + +
+ PicoClaw Meme +
diff --git a/docs/pt-br/spawn-tasks.md b/docs/pt-br/spawn-tasks.md new file mode 100644 index 000000000..d6b539cb1 --- /dev/null +++ b/docs/pt-br/spawn-tasks.md @@ -0,0 +1,61 @@ +# 🔄 Tarefas Assíncronas e Spawn + +> Voltar ao [README](../../README.pt-br.md) + +## Tarefas Rápidas (resposta direta) + +- Informar a hora atual + +## Tarefas Longas (usar spawn para assíncrono) + +- Pesquisar na web notícias sobre IA e resumir +- Verificar e-mail e relatar mensagens importantes +``` + +**Comportamentos principais:** + +| Feature | Description | +| ----------------------- | --------------------------------------------------------- | +| **spawn** | Creates async subagent, doesn't block heartbeat | +| **Independent context** | Subagent has its own context, no session history | +| **message tool** | Subagent communicates with user directly via message tool | +| **Non-blocking** | After spawning, heartbeat continues to next task | + +#### Como Funciona a Comunicação do Subagente + +``` +Heartbeat é acionado + ↓ +Agente lê HEARTBEAT.md + ↓ +Para tarefa longa: spawn subagente + ↓ ↓ +Continua para próxima tarefa Subagente trabalha independentemente + ↓ ↓ +Todas as tarefas concluídas Subagente usa ferramenta "message" + ↓ ↓ +Responde HEARTBEAT_OK Usuário recebe resultado diretamente +``` + +O subagente tem acesso a ferramentas (message, web_search, etc.) e pode se comunicar com o usuário independentemente sem passar pelo agente principal. + +**Configuração:** + +```json +{ + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +| Option | Default | Description | +| ---------- | ------- | ---------------------------------- | +| `enabled` | `true` | Enable/disable heartbeat | +| `interval` | `30` | Check interval in minutes (min: 5) | + +**Variáveis de ambiente:** + +* `PICOCLAW_HEARTBEAT_ENABLED=false` para desabilitar +* `PICOCLAW_HEARTBEAT_INTERVAL=60` para alterar o intervalo diff --git a/docs/pt-br/tools_configuration.md b/docs/pt-br/tools_configuration.md new file mode 100644 index 000000000..b6f726aa4 --- /dev/null +++ b/docs/pt-br/tools_configuration.md @@ -0,0 +1,336 @@ +# 🔧 Configuração de Ferramentas + +> Voltar ao [README](../../README.pt-br.md) + +A configuração de ferramentas do PicoClaw está localizada no campo `tools` do `config.json`. + +## Estrutura de diretórios + +```json +{ + "tools": { + "web": { + ... + }, + "mcp": { + ... + }, + "exec": { + ... + }, + "cron": { + ... + }, + "skills": { + ... + } + } +} +``` + +## Ferramentas Web + +As ferramentas web são usadas para pesquisa e busca de páginas web. + +### Web Fetcher +Configurações gerais para busca e processamento de conteúdo de páginas web. + +| Config | Tipo | Padrão | Descrição | +|---------------------|--------|---------------|-----------------------------------------------------------------------------------------------| +| `enabled` | bool | true | Habilitar a capacidade de busca de páginas web. | +| `fetch_limit_bytes` | int | 10485760 | Tamanho máximo do payload da página web a ser buscado, em bytes (padrão é 10MB). | +| `format` | string | "plaintext" | Formato de saída do conteúdo buscado. Opções: `plaintext` ou `markdown` (recomendado). | + +### Brave + +| Config | Tipo | Padrão | Descrição | +|---------------|--------|--------|----------------------------| +| `enabled` | bool | false | Habilitar pesquisa Brave | +| `api_key` | string | - | Chave API do Brave Search | +| `max_results` | int | 5 | Número máximo de resultados | + +### DuckDuckGo + +| Config | Tipo | Padrão | Descrição | +|---------------|------|--------|--------------------------------| +| `enabled` | bool | true | Habilitar pesquisa DuckDuckGo | +| `max_results` | int | 5 | Número máximo de resultados | + +### Perplexity + +| Config | Tipo | Padrão | Descrição | +|---------------|--------|--------|--------------------------------| +| `enabled` | bool | false | Habilitar pesquisa Perplexity | +| `api_key` | string | - | Chave API do Perplexity | +| `max_results` | int | 5 | Número máximo de resultados | + +## Ferramenta Exec + +A ferramenta exec é usada para executar comandos shell. + +| Config | Tipo | Padrão | Descrição | +|------------------------|-------|--------|-------------------------------------------------| +| `enable_deny_patterns` | bool | true | Habilitar bloqueio padrão de comandos perigosos | +| `custom_deny_patterns` | array | [] | Padrões de negação personalizados (expressões regulares) | + +### Funcionalidade + +- **`enable_deny_patterns`**: Defina como `false` para desabilitar completamente os padrões de bloqueio de comandos perigosos padrão +- **`custom_deny_patterns`**: Adicione padrões regex de negação personalizados; comandos correspondentes serão bloqueados + +### Padrões de comandos bloqueados por padrão + +Por padrão, o PicoClaw bloqueia os seguintes comandos perigosos: + +- Comandos de exclusão: `rm -rf`, `del /f/q`, `rmdir /s` +- Operações de disco: `format`, `mkfs`, `diskpart`, `dd if=`, escrita em `/dev/sd*` +- Operações do sistema: `shutdown`, `reboot`, `poweroff` +- Substituição de comandos: `$()`, `${}`, crases +- Pipe para shell: `| sh`, `| bash` +- Escalação de privilégios: `sudo`, `chmod`, `chown` +- Controle de processos: `pkill`, `killall`, `kill -9` +- Operações remotas: `curl | sh`, `wget | sh`, `ssh` +- Gerenciamento de pacotes: `apt`, `yum`, `dnf`, `npm install -g`, `pip install --user` +- Contêineres: `docker run`, `docker exec` +- Git: `git push`, `git force` +- Outros: `eval`, `source *.sh` + +### Limitação arquitetural conhecida + +O guarda exec apenas valida o comando de nível superior enviado ao PicoClaw. Ele **não** inspeciona recursivamente processos filhos gerados por ferramentas de build ou scripts após o início desse comando. + +Exemplos de fluxos de trabalho que podem contornar o guarda de comando direto uma vez que o comando inicial é permitido: + +- `make run` +- `go run ./cmd/...` +- `cargo run` +- `npm run build` + +Isso significa que o guarda é útil para bloquear comandos diretos obviamente perigosos, mas **não** é um sandbox completo para pipelines de build não revisados. Se seu modelo de ameaça inclui código não confiável no workspace, use isolamento mais forte, como contêineres, VMs ou um fluxo de aprovação em torno de comandos de build e execução. + +### Exemplo de configuração + +```json +{ + "tools": { + "exec": { + "enable_deny_patterns": true, + "custom_deny_patterns": [ + "\\brm\\s+-r\\b", + "\\bkillall\\s+python" + ] + } + } +} +``` + +## Ferramenta Cron + +A ferramenta cron é usada para agendar tarefas periódicas. + +| Config | Tipo | Padrão | Descrição | +|------------------------|------|--------|-----------------------------------------------------| +| `exec_timeout_minutes` | int | 5 | Tempo limite de execução em minutos, 0 significa sem limite | + +## Ferramenta MCP + +A ferramenta MCP permite a integração com servidores Model Context Protocol externos. + +### Descoberta de ferramentas (carregamento preguiçoso) + +Ao conectar a vários servidores MCP, expor centenas de ferramentas simultaneamente pode esgotar a janela de contexto do LLM e aumentar os custos de API. O recurso **Discovery** resolve isso mantendo as ferramentas MCP *ocultas* por padrão. + +Em vez de carregar todas as ferramentas, o LLM recebe uma ferramenta de pesquisa leve (usando correspondência de palavras-chave BM25 ou Regex). Quando o LLM precisa de uma capacidade específica, ele pesquisa a biblioteca oculta. As ferramentas correspondentes são então temporariamente "desbloqueadas" e injetadas no contexto por um número configurado de turnos (`ttl`). + +### Configuração global + +| Config | Tipo | Padrão | Descrição | +|-------------|--------|--------|----------------------------------------------| +| `enabled` | bool | false | Habilitar integração MCP globalmente | +| `discovery` | object | `{}` | Configuração de descoberta de ferramentas (veja abaixo) | +| `servers` | object | `{}` | Mapa de nome do servidor para configuração do servidor | + +### Configuração Discovery (`discovery`) + +| Config | Tipo | Padrão | Descrição | +|----------------------|------|--------|-----------------------------------------------------------------------------------------------------------------------------------| +| `enabled` | bool | false | Se true, as ferramentas MCP ficam ocultas e são carregadas sob demanda via pesquisa. Se false, todas as ferramentas são carregadas | +| `ttl` | int | 5 | Número de turnos de conversa que uma ferramenta descoberta permanece desbloqueada | +| `max_search_results` | int | 5 | Número máximo de ferramentas retornadas por consulta de pesquisa | +| `use_bm25` | bool | true | Habilitar a ferramenta de pesquisa por linguagem natural/palavras-chave (`tool_search_tool_bm25`). **Aviso**: consome mais recursos que a pesquisa regex | +| `use_regex` | bool | false | Habilitar a ferramenta de pesquisa por padrão regex (`tool_search_tool_regex`) | + +> **Nota:** Se `discovery.enabled` for `true`, você **deve** habilitar pelo menos um mecanismo de pesquisa (`use_bm25` ou `use_regex`), +> caso contrário a aplicação falhará ao iniciar. + +### Configuração por servidor + +| Config | Tipo | Obrigatório | Descrição | +|------------|--------|-------------|--------------------------------------------| +| `enabled` | bool | sim | Habilitar este servidor MCP | +| `type` | string | não | Tipo de transporte: `stdio`, `sse`, `http` | +| `command` | string | stdio | Comando executável para transporte stdio | +| `args` | array | não | Argumentos do comando para transporte stdio | +| `env` | object | não | Variáveis de ambiente para processo stdio | +| `env_file` | string | não | Caminho para arquivo de ambiente para processo stdio | +| `url` | string | sse/http | URL do endpoint para transporte `sse`/`http` | +| `headers` | object | não | Cabeçalhos HTTP para transporte `sse`/`http` | + +### Comportamento do transporte + +- Se `type` for omitido, o transporte é detectado automaticamente: + - `url` está definido → `sse` + - `command` está definido → `stdio` +- `http` e `sse` ambos usam `url` + `headers` opcionais. +- `env` e `env_file` são aplicados apenas a servidores `stdio`. + +### Exemplos de configuração + +#### 1) Servidor MCP Stdio + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "servers": { + "filesystem": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-filesystem", + "/tmp" + ] + } + } + } + } +} +``` + +#### 2) Servidor MCP remoto SSE/HTTP + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "servers": { + "remote-mcp": { + "enabled": true, + "type": "sse", + "url": "https://example.com/mcp", + "headers": { + "Authorization": "Bearer YOUR_TOKEN" + } + } + } + } + } +} +``` + +#### 3) Configuração MCP massiva com descoberta de ferramentas habilitada + +*Neste exemplo, o LLM verá apenas o `tool_search_tool_bm25`. Ele pesquisará e desbloqueará ferramentas do Github ou Postgres dinamicamente apenas quando solicitado pelo usuário.* + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "discovery": { + "enabled": true, + "ttl": 5, + "max_search_results": 5, + "use_bm25": true, + "use_regex": false + }, + "servers": { + "github": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-github" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "YOUR_GITHUB_TOKEN" + } + }, + "postgres": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-postgres", + "postgresql://user:password@localhost/dbname" + ] + }, + "slack": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-slack" + ], + "env": { + "SLACK_BOT_TOKEN": "YOUR_SLACK_BOT_TOKEN", + "SLACK_TEAM_ID": "YOUR_SLACK_TEAM_ID" + } + } + } + } + } +} +``` + +## Ferramenta Skills + +A ferramenta skills configura a descoberta e instalação de habilidades via registros como o ClawHub. + +### Registros + +| Config | Tipo | Padrão | Descrição | +|------------------------------------|--------|-----------------------|----------------------------------------------| +| `registries.clawhub.enabled` | bool | true | Habilitar registro ClawHub | +| `registries.clawhub.base_url` | string | `https://clawhub.ai` | URL base do ClawHub | +| `registries.clawhub.auth_token` | string | `""` | Token Bearer opcional para limites de taxa mais altos | +| `registries.clawhub.search_path` | string | `/api/v1/search` | Caminho da API de pesquisa | +| `registries.clawhub.skills_path` | string | `/api/v1/skills` | Caminho da API de Skills | +| `registries.clawhub.download_path` | string | `/api/v1/download` | Caminho da API de download | + +### Exemplo de configuração + +```json +{ + "tools": { + "skills": { + "registries": { + "clawhub": { + "enabled": true, + "base_url": "https://clawhub.ai", + "auth_token": "", + "search_path": "/api/v1/search", + "skills_path": "/api/v1/skills", + "download_path": "/api/v1/download" + } + } + } + } +} +``` + +## Variáveis de ambiente + +Todas as opções de configuração podem ser substituídas via variáveis de ambiente com o formato `PICOCLAW_TOOLS_
_`: + +Por exemplo: + +- `PICOCLAW_TOOLS_WEB_BRAVE_ENABLED=true` +- `PICOCLAW_TOOLS_EXEC_ENABLE_DENY_PATTERNS=false` +- `PICOCLAW_TOOLS_CRON_EXEC_TIMEOUT_MINUTES=10` +- `PICOCLAW_TOOLS_MCP_ENABLED=true` + +Nota: Configuração de tipo mapa aninhado (por exemplo `tools.mcp.servers..*`) é configurada no `config.json` em vez de variáveis de ambiente. diff --git a/docs/pt-br/troubleshooting.md b/docs/pt-br/troubleshooting.md new file mode 100644 index 000000000..e6c1a55ab --- /dev/null +++ b/docs/pt-br/troubleshooting.md @@ -0,0 +1,45 @@ +# 🐛 Solução de Problemas + +> Voltar ao [README](../../README.pt-br.md) + +## "model ... not found in model_list" ou OpenRouter "free is not a valid model ID" + +**Sintoma:** Você vê um dos seguintes erros: + +- `Error creating provider: model "openrouter/free" not found in model_list` +- OpenRouter retorna 400: `"free is not a valid model ID"` + +**Causa:** O campo `model` na sua entrada `model_list` é o que é enviado para a API. Para o OpenRouter, você deve usar o ID de modelo **completo**, não uma abreviação. + +- **Errado:** `"model": "free"` → OpenRouter recebe `free` e rejeita. +- **Correto:** `"model": "openrouter/free"` → OpenRouter recebe `openrouter/free` (roteamento automático do nível gratuito). + +**Correção:** Em `~/.picoclaw/config.json` (ou seu caminho de configuração): + +1. **agents.defaults.model** deve corresponder a um `model_name` em `model_list` (ex.: `"openrouter-free"`). +2. O **model** dessa entrada deve ser um ID de modelo OpenRouter válido, por exemplo: + - `"openrouter/free"` – nível gratuito automático + - `"google/gemini-2.0-flash-exp:free"` + - `"meta-llama/llama-3.1-8b-instruct:free"` + +Exemplo: + +```json +{ + "agents": { + "defaults": { + "model": "openrouter-free" + } + }, + "model_list": [ + { + "model_name": "openrouter-free", + "model": "openrouter/free", + "api_key": "sk-or-v1-YOUR_OPENROUTER_KEY", + "api_base": "https://openrouter.ai/api/v1" + } + ] +} +``` + +Obtenha sua chave em [OpenRouter Keys](https://openrouter.ai/keys). diff --git a/docs/spawn-tasks.md b/docs/spawn-tasks.md new file mode 100644 index 000000000..eff96ce45 --- /dev/null +++ b/docs/spawn-tasks.md @@ -0,0 +1,61 @@ +# 🔄 Spawn & Async Tasks + +> Back to [README](../README.md) + +## Quick Tasks (respond directly) + +- Report current time + +## Long Tasks (use spawn for async) + +- Search the web for AI news and summarize +- Check email and report important messages +``` + +**Key behaviors:** + +| Feature | Description | +| ----------------------- | --------------------------------------------------------- | +| **spawn** | Creates async subagent, doesn't block heartbeat | +| **Independent context** | Subagent has its own context, no session history | +| **message tool** | Subagent communicates with user directly via message tool | +| **Non-blocking** | After spawning, heartbeat continues to next task | + +#### How Subagent Communication Works + +``` +Heartbeat triggers + ↓ +Agent reads HEARTBEAT.md + ↓ +For long task: spawn subagent + ↓ ↓ +Continue to next task Subagent works independently + ↓ ↓ +All tasks done Subagent uses "message" tool + ↓ ↓ +Respond HEARTBEAT_OK User receives result directly +``` + +The subagent has access to tools (message, web_search, etc.) and can communicate with the user independently without going through the main agent. + +**Configuration:** + +```json +{ + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +| Option | Default | Description | +| ---------- | ------- | ---------------------------------- | +| `enabled` | `true` | Enable/disable heartbeat | +| `interval` | `30` | Check interval in minutes (min: 5) | + +**Environment variables:** + +* `PICOCLAW_HEARTBEAT_ENABLED=false` to disable +* `PICOCLAW_HEARTBEAT_INTERVAL=60` to change interval diff --git a/docs/vi/chat-apps.md b/docs/vi/chat-apps.md new file mode 100644 index 000000000..1fefa00d3 --- /dev/null +++ b/docs/vi/chat-apps.md @@ -0,0 +1,427 @@ +# 💬 Cấu Hình Ứng Dụng Chat + +> Quay lại [README](../../README.vi.md) + +## 💬 Ứng Dụng Chat + +Trò chuyện với picoclaw của bạn qua Telegram, Discord, WhatsApp, Matrix, QQ, DingTalk, LINE, WeCom, Feishu, Slack, IRC, OneBot hoặc MaixCam + +> **Lưu ý**: Tất cả các kênh dựa trên webhook (LINE, WeCom, v.v.) được phục vụ trên một máy chủ HTTP Gateway chung (`gateway.host`:`gateway.port`, mặc định `127.0.0.1:18790`). Không có port riêng cho từng kênh. Lưu ý: Feishu sử dụng chế độ WebSocket/SDK và không sử dụng máy chủ HTTP webhook chung. + +| Channel | Setup | +| ------------ | ---------------------------------- | +| **Telegram** | Easy (just a token) | +| **Discord** | Easy (bot token + intents) | +| **WhatsApp** | Easy (native: QR scan; or bridge URL) | +| **Matrix** | Medium (homeserver + bot access token) | +| **QQ** | Easy (AppID + AppSecret) | +| **DingTalk** | Medium (app credentials) | +| **LINE** | Medium (credentials + webhook URL) | +| **WeCom AI Bot** | Medium (Token + AES key) | +| **Feishu** | Medium (App ID + Secret, WebSocket mode) | +| **Slack** | Medium (Bot token + App token) | +| **IRC** | Medium (server + TLS config) | +| **OneBot** | Medium (QQ via OneBot protocol) | +| **MaixCam** | Easy (Sipeed hardware integration) | +| **Pico** | Native PicoClaw protocol | + +
+Telegram (Khuyến nghị) + +**1. Tạo bot** + +* Mở Telegram, tìm `@BotFather` +* Gửi `/newbot`, làm theo hướng dẫn +* Sao chép token + +**2. Cấu hình** + +```json +{ + "channels": { + "telegram": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +> Lấy user ID của bạn từ `@userinfobot` trên Telegram. + +**3. Chạy** + +```bash +picoclaw gateway +``` + +**4. Menu lệnh Telegram (tự động đăng ký khi khởi động)** + +PicoClaw hiện lưu trữ định nghĩa lệnh trong một registry chung. Khi khởi động, Telegram sẽ tự động đăng ký các lệnh bot được hỗ trợ (ví dụ `/start`, `/help`, `/show`, `/list`) để menu lệnh và hành vi runtime luôn đồng bộ. +Đăng ký menu lệnh Telegram vẫn là UX khám phá cục bộ của kênh; thực thi lệnh chung được xử lý tập trung trong vòng lặp agent qua commands executor. + +Nếu đăng ký lệnh thất bại (lỗi tạm thời mạng/API), kênh vẫn khởi động và PicoClaw thử lại đăng ký trong nền. + +
+ +
+Discord + +**1. Tạo bot** + +* Truy cập +* Tạo ứng dụng → Bot → Add Bot +* Sao chép bot token + +**2. Bật intents** + +* Trong cài đặt Bot, bật **MESSAGE CONTENT INTENT** +* (Tùy chọn) Bật **SERVER MEMBERS INTENT** nếu bạn muốn sử dụng danh sách cho phép dựa trên dữ liệu thành viên + +**3. Lấy User ID** +* Cài đặt Discord → Nâng cao → bật **Developer Mode** +* Nhấp chuột phải vào avatar → **Copy User ID** + +**4. Cấu hình** + +```json +{ + "channels": { + "discord": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +**5. Mời bot** + +* OAuth2 → URL Generator +* Scopes: `bot` +* Bot Permissions: `Send Messages`, `Read Message History` +* Mở URL mời được tạo và thêm bot vào server của bạn + +**Tùy chọn: Chế độ kích hoạt nhóm** + +Mặc định bot phản hồi tất cả tin nhắn trong kênh server. Để giới hạn phản hồi chỉ khi @mention, thêm: + +```json +{ + "channels": { + "discord": { + "group_trigger": { "mention_only": true } + } + } +} +``` + +Bạn cũng có thể kích hoạt bằng tiền tố từ khóa (ví dụ: `!bot`): + +```json +{ + "channels": { + "discord": { + "group_trigger": { "prefixes": ["!bot"] } + } + } +} +``` + +**6. Chạy** + +```bash +picoclaw gateway +``` + +
+ +
+WhatsApp (native qua whatsmeow) + +PicoClaw có thể kết nối WhatsApp theo hai cách: + +- **Native (khuyến nghị):** In-process sử dụng [whatsmeow](https://github.com/tulir/whatsmeow). Không cần bridge riêng. Đặt `"use_native": true` và để trống `bridge_url`. Lần chạy đầu tiên, quét mã QR bằng WhatsApp (Thiết bị liên kết). Phiên được lưu trong workspace (ví dụ: `workspace/whatsapp/`). Kênh native là **tùy chọn** để giữ binary mặc định nhỏ; build với `-tags whatsapp_native` (ví dụ: `make build-whatsapp-native` hoặc `go build -tags whatsapp_native ./cmd/...`). +- **Bridge:** Kết nối đến bridge WebSocket bên ngoài. Đặt `bridge_url` (ví dụ: `ws://localhost:3001`) và giữ `use_native` là false. + +**Cấu hình (native)** + +```json +{ + "channels": { + "whatsapp": { + "enabled": true, + "use_native": true, + "session_store_path": "", + "allow_from": [] + } + } +} +``` + +Nếu `session_store_path` trống, phiên được lưu tại `/whatsapp/`. Chạy `picoclaw gateway`; lần chạy đầu tiên, quét mã QR hiển thị trong terminal bằng WhatsApp → Thiết bị liên kết. + +
+ +
+QQ + +**1. Tạo bot** + +- Truy cập [QQ Open Platform](https://q.qq.com/#) +- Tạo ứng dụng → Lấy **AppID** và **AppSecret** + +**2. Cấu hình** + +```json +{ + "channels": { + "qq": { + "enabled": true, + "app_id": "YOUR_APP_ID", + "app_secret": "YOUR_APP_SECRET", + "allow_from": [] + } + } +} +``` + +> Đặt `allow_from` trống để cho phép tất cả người dùng, hoặc chỉ định số QQ để giới hạn truy cập. + +**3. Chạy** + +```bash +picoclaw gateway +``` + +
+ +
+DingTalk + +**1. Tạo bot** + +* Truy cập [Open Platform](https://open.dingtalk.com/) +* Tạo ứng dụng nội bộ +* Sao chép Client ID và Client Secret + +**2. Cấu hình** + +```json +{ + "channels": { + "dingtalk": { + "enabled": true, + "client_id": "YOUR_CLIENT_ID", + "client_secret": "YOUR_CLIENT_SECRET", + "allow_from": [] + } + } +} +``` + +> Đặt `allow_from` trống để cho phép tất cả người dùng, hoặc chỉ định DingTalk user ID để giới hạn truy cập. + +**3. Chạy** + +```bash +picoclaw gateway +``` +
+ +
+Matrix + +**1. Chuẩn bị tài khoản bot** + +* Sử dụng homeserver ưa thích (ví dụ: `https://matrix.org` hoặc tự host) +* Tạo user bot và lấy access token + +**2. Cấu hình** + +```json +{ + "channels": { + "matrix": { + "enabled": true, + "homeserver": "https://matrix.org", + "user_id": "@your-bot:matrix.org", + "access_token": "YOUR_MATRIX_ACCESS_TOKEN", + "allow_from": [] + } + } +} +``` + +**3. Chạy** + +```bash +picoclaw gateway +``` + +Để xem đầy đủ các tùy chọn (`device_id`, `join_on_invite`, `group_trigger`, `placeholder`, `reasoning_channel_id`), xem [Hướng Dẫn Cấu Hình Kênh Matrix](docs/channels/matrix/README.md). + +
+ +
+LINE + +**1. Tạo Tài Khoản LINE Official** + +- Truy cập [LINE Developers Console](https://developers.line.biz/) +- Tạo provider → Tạo kênh Messaging API +- Sao chép **Channel Secret** và **Channel Access Token** + +**2. Cấu hình** + +```json +{ + "channels": { + "line": { + "enabled": true, + "channel_secret": "YOUR_CHANNEL_SECRET", + "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN", + "webhook_path": "/webhook/line", + "allow_from": [] + } + } +} +``` + +> Webhook LINE được phục vụ trên máy chủ Gateway chung (`gateway.host`:`gateway.port`, mặc định `127.0.0.1:18790`). + +**3. Thiết lập Webhook URL** + +LINE yêu cầu HTTPS cho webhook. Sử dụng reverse proxy hoặc tunnel: + +```bash +# Ví dụ với ngrok (port mặc định gateway là 18790) +ngrok http 18790 +``` + +Sau đó đặt Webhook URL trong LINE Developers Console thành `https://your-domain/webhook/line` và bật **Use webhook**. + +**4. Chạy** + +```bash +picoclaw gateway +``` + +> Trong chat nhóm, bot chỉ phản hồi khi được @mention. Phản hồi trích dẫn tin nhắn gốc. + +
+ +
+WeCom (企业微信) + +PicoClaw hỗ trợ ba loại tích hợp WeCom: + +**Tùy chọn 1: WeCom Bot (Bot)** - Thiết lập dễ hơn, hỗ trợ chat nhóm +**Tùy chọn 2: WeCom App (App Tùy chỉnh)** - Nhiều tính năng hơn, nhắn tin chủ động, chỉ chat riêng +**Tùy chọn 3: WeCom AI Bot (AI Bot)** - AI Bot chính thức, phản hồi streaming, hỗ trợ chat nhóm & riêng + +Xem [Hướng Dẫn Cấu Hình WeCom AI Bot](docs/channels/wecom/wecom_aibot/README.zh.md) để biết hướng dẫn thiết lập chi tiết. + +**Thiết Lập Nhanh - WeCom Bot:** + +**1. Tạo bot** + +* Truy cập Console Quản Trị WeCom → Chat Nhóm → Thêm Bot Nhóm +* Sao chép URL webhook (định dạng: `https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) + +**2. Cấu hình** + +```json +{ + "channels": { + "wecom": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", + "webhook_path": "/webhook/wecom", + "allow_from": [] + } + } +} +``` + +> Webhook WeCom được phục vụ trên máy chủ Gateway chung (`gateway.host`:`gateway.port`, mặc định `127.0.0.1:18790`). + +**Thiết Lập Nhanh - WeCom App:** + +**1. Tạo ứng dụng** + +* Truy cập Console Quản Trị WeCom → Quản Lý App → Tạo App +* Sao chép **AgentId** và **Secret** +* Truy cập trang "Công Ty Của Tôi", sao chép **CorpID** + +**2. Cấu hình nhận tin nhắn** + +* Trong chi tiết App, nhấp "Nhận Tin Nhắn" → "Cấu Hình API" +* Đặt URL thành `http://your-server:18790/webhook/wecom-app` +* Tạo **Token** và **EncodingAESKey** + +**3. Cấu hình** + +```json +{ + "channels": { + "wecom_app": { + "enabled": true, + "corp_id": "wwxxxxxxxxxxxxxxxx", + "corp_secret": "YOUR_CORP_SECRET", + "agent_id": 1000002, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-app", + "allow_from": [] + } + } +} +``` + +**4. Chạy** + +```bash +picoclaw gateway +``` + +> **Lưu ý**: Callback webhook WeCom được phục vụ trên port Gateway (mặc định 18790). Sử dụng reverse proxy cho HTTPS. + +**Thiết Lập Nhanh - WeCom AI Bot:** + +**1. Tạo AI Bot** + +* Truy cập Console Quản Trị WeCom → Quản Lý App → AI Bot +* Trong cài đặt AI Bot, cấu hình callback URL: `http://your-server:18791/webhook/wecom-aibot` +* Sao chép **Token** và nhấp "Tạo Ngẫu Nhiên" cho **EncodingAESKey** + +**2. Cấu hình** + +```json +{ + "channels": { + "wecom_aibot": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-aibot", + "allow_from": [], + "welcome_message": "Hello! How can I help you?" + } + } +} +``` + +**3. Chạy** + +```bash +picoclaw gateway +``` + +> **Lưu ý**: WeCom AI Bot sử dụng giao thức streaming pull — không lo timeout phản hồi. Tác vụ dài (>30 giây) tự động chuyển sang gửi qua `response_url` push. + +
diff --git a/docs/vi/configuration.md b/docs/vi/configuration.md new file mode 100644 index 000000000..22b9bd509 --- /dev/null +++ b/docs/vi/configuration.md @@ -0,0 +1,217 @@ +# ⚙️ Hướng Dẫn Cấu Hình + +> Quay lại [README](../../README.vi.md) + +## ⚙️ Cấu Hình + +File cấu hình: `~/.picoclaw/config.json` + +### Biến Môi Trường + +Bạn có thể ghi đè các đường dẫn mặc định bằng biến môi trường. Điều này hữu ích cho cài đặt portable, triển khai container, hoặc chạy picoclaw như dịch vụ hệ thống. Các biến này độc lập và kiểm soát các đường dẫn khác nhau. + +| Biến | Mô tả | Đường Dẫn Mặc Định | +|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| +| `PICOCLAW_CONFIG` | Ghi đè đường dẫn đến file cấu hình. Chỉ định trực tiếp cho picoclaw file `config.json` nào cần tải, bỏ qua tất cả vị trí khác. | `~/.picoclaw/config.json` | +| `PICOCLAW_HOME` | Ghi đè thư mục gốc cho dữ liệu picoclaw. Thay đổi vị trí mặc định của `workspace` và các thư mục dữ liệu khác. | `~/.picoclaw` | + +**Ví dụ:** + +```bash +# Chạy picoclaw với file cấu hình cụ thể +# Đường dẫn workspace sẽ được đọc từ trong file cấu hình đó +PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway + +# Chạy picoclaw với tất cả dữ liệu lưu tại /opt/picoclaw +# Cấu hình sẽ được tải từ mặc định ~/.picoclaw/config.json +# Workspace sẽ được tạo tại /opt/picoclaw/workspace +PICOCLAW_HOME=/opt/picoclaw picoclaw agent + +# Sử dụng cả hai cho thiết lập tùy chỉnh hoàn toàn +PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway +``` + +### Bố Cục Workspace + +PicoClaw lưu trữ dữ liệu trong workspace đã cấu hình (mặc định: `~/.picoclaw/workspace`): + +``` +~/.picoclaw/workspace/ +├── sessions/ # Phiên hội thoại và lịch sử +├── memory/ # Bộ nhớ dài hạn (MEMORY.md) +├── state/ # Trạng thái bền vững (kênh cuối, v.v.) +├── cron/ # Cơ sở dữ liệu tác vụ lên lịch +├── skills/ # Skill tùy chỉnh +├── AGENTS.md # Hướng dẫn hành vi agent +├── HEARTBEAT.md # Prompt tác vụ định kỳ (kiểm tra mỗi 30 phút) +├── IDENTITY.md # Danh tính agent +├── SOUL.md # Linh hồn agent +└── USER.md # Tùy chọn người dùng +``` + +### Nguồn Skill + +Mặc định, skill được tải từ: + +1. `~/.picoclaw/workspace/skills` (workspace) +2. `~/.picoclaw/skills` (global) +3. `/skills` (builtin) + +Cho thiết lập nâng cao/test, bạn có thể ghi đè thư mục gốc skill builtin với: + +```bash +export PICOCLAW_BUILTIN_SKILLS=/path/to/skills +``` + +### Chính Sách Thực Thi Lệnh Thống Nhất + +- Lệnh slash chung được thực thi qua một đường dẫn duy nhất trong `pkg/agent/loop.go` qua `commands.Executor`. +- Adapter kênh không còn xử lý lệnh chung cục bộ; chúng chuyển tiếp văn bản đầu vào đến đường dẫn bus/agent. Telegram vẫn tự động đăng ký lệnh được hỗ trợ khi khởi động. +- Lệnh slash không xác định (ví dụ `/foo`) được chuyển sang xử lý LLM bình thường. +- Lệnh đã đăng ký nhưng không được hỗ trợ trên kênh hiện tại (ví dụ `/show` trên WhatsApp) trả về lỗi rõ ràng cho người dùng và dừng xử lý tiếp. + +### 🔒 Sandbox Bảo Mật + +PicoClaw chạy trong môi trường sandbox mặc định. Agent chỉ có thể truy cập file và thực thi lệnh trong workspace đã cấu hình. + +#### Cấu Hình Mặc Định + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "restrict_to_workspace": true + } + } +} +``` + +| Tùy chọn | Mặc định | Mô tả | +| ----------------------- | ----------------------- | ----------------------------------------- | +| `workspace` | `~/.picoclaw/workspace` | Thư mục làm việc của agent | +| `restrict_to_workspace` | `true` | Giới hạn truy cập file/lệnh trong workspace | + +#### Công Cụ Được Bảo Vệ + +Khi `restrict_to_workspace: true`, các công cụ sau được sandbox: + +| Công cụ | Chức năng | Giới hạn | +| ------------- | ---------------- | -------------------------------------- | +| `read_file` | Đọc file | Chỉ file trong workspace | +| `write_file` | Ghi file | Chỉ file trong workspace | +| `list_dir` | Liệt kê thư mục | Chỉ thư mục trong workspace | +| `edit_file` | Sửa file | Chỉ file trong workspace | +| `append_file` | Nối vào file | Chỉ file trong workspace | +| `exec` | Thực thi lệnh | Đường dẫn lệnh phải trong workspace | + +#### Bảo Vệ Exec Bổ Sung + +Ngay cả khi `restrict_to_workspace: false`, công cụ `exec` chặn các lệnh nguy hiểm sau: + +* `rm -rf`, `del /f`, `rmdir /s` — Xóa hàng loạt +* `format`, `mkfs`, `diskpart` — Định dạng đĩa +* `dd if=` — Tạo ảnh đĩa +* Ghi vào `/dev/sd[a-z]` — Ghi trực tiếp đĩa +* `shutdown`, `reboot`, `poweroff` — Tắt hệ thống +* Fork bomb `:(){ :|:& };:` + +### Kiểm Soát Truy Cập File + +| Config Key | Type | Default | Description | +|------------|------|---------|-------------| +| `tools.allow_read_paths` | string[] | `[]` | Additional paths allowed for reading outside workspace | +| `tools.allow_write_paths` | string[] | `[]` | Additional paths allowed for writing outside workspace | + +### Bảo Mật Exec + +| Config Key | Type | Default | Description | +|------------|------|---------|-------------| +| `tools.exec.allow_remote` | bool | `false` | Allow exec tool from remote channels (Telegram/Discord etc.) | +| `tools.exec.enable_deny_patterns` | bool | `true` | Enable dangerous command interception | +| `tools.exec.custom_deny_patterns` | string[] | `[]` | Custom regex patterns to block | +| `tools.exec.custom_allow_patterns` | string[] | `[]` | Custom regex patterns to allow | + +> **Lưu ý Bảo Mật:** Bảo vệ symlink được bật mặc định — tất cả đường dẫn file được giải quyết qua `filepath.EvalSymlinks` trước khi so khớp whitelist, ngăn chặn tấn công thoát qua symlink. + +#### Hạn Chế Đã Biết: Tiến Trình Con Từ Công Cụ Build + +Guard bảo mật exec chỉ kiểm tra dòng lệnh mà PicoClaw khởi chạy trực tiếp. Nó không kiểm tra đệ quy các tiến trình con được tạo bởi công cụ phát triển được phép như `make`, `go run`, `cargo`, `npm run`, hoặc script build tùy chỉnh. + +Điều này có nghĩa là lệnh cấp cao nhất vẫn có thể biên dịch hoặc khởi chạy binary khác sau khi vượt qua kiểm tra guard ban đầu. Trong thực tế, hãy coi script build, Makefile, script package, và binary được tạo như mã thực thi cần cùng mức độ review như lệnh shell trực tiếp. + +Cho môi trường rủi ro cao hơn: + +* Review script build trước khi thực thi. +* Ưu tiên phê duyệt/review thủ công cho quy trình biên dịch và chạy. +* Chạy PicoClaw trong container hoặc VM nếu bạn cần cách ly mạnh hơn guard tích hợp. + +#### Ví Dụ Lỗi + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (path outside working dir)} +``` + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} +``` + +#### Tắt Giới Hạn (Rủi Ro Bảo Mật) + +Nếu bạn cần agent truy cập đường dẫn ngoài workspace: + +**Phương pháp 1: File cấu hình** + +```json +{ + "agents": { + "defaults": { + "restrict_to_workspace": false + } + } +} +``` + +**Phương pháp 2: Biến môi trường** + +```bash +export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false +``` + +> ⚠️ **Cảnh báo**: Tắt giới hạn này cho phép agent truy cập bất kỳ đường dẫn nào trên hệ thống. Chỉ sử dụng cẩn thận trong môi trường được kiểm soát. + +#### Tính Nhất Quán Ranh Giới Bảo Mật + +Cài đặt `restrict_to_workspace` áp dụng nhất quán trên tất cả đường dẫn thực thi: + +| Đường Dẫn Thực Thi | Ranh Giới Bảo Mật | +| -------------------- | ---------------------------- | +| Main Agent | `restrict_to_workspace` ✅ | +| Subagent / Spawn | Kế thừa cùng giới hạn ✅ | +| Heartbeat tasks | Kế thừa cùng giới hạn ✅ | + +Tất cả đường dẫn chia sẻ cùng giới hạn workspace — không có cách nào vượt qua ranh giới bảo mật qua subagent hoặc tác vụ lên lịch. + +### Heartbeat (Tác Vụ Định Kỳ) + +PicoClaw có thể thực hiện tác vụ định kỳ tự động. Tạo file `HEARTBEAT.md` trong workspace: + +```markdown +# Tác Vụ Định Kỳ + +- Kiểm tra email cho tin nhắn quan trọng +- Xem lịch cho sự kiện sắp tới +- Kiểm tra dự báo thời tiết +``` + +Agent sẽ đọc file này mỗi 30 phút (có thể cấu hình) và thực thi các tác vụ sử dụng công cụ có sẵn. + +#### Tác Vụ Bất Đồng Bộ Với Spawn + +Cho tác vụ chạy lâu (tìm kiếm web, gọi API), sử dụng công cụ `spawn` để tạo **subagent**: + +```markdown +# Tác Vụ Định Kỳ +``` diff --git a/docs/vi/docker.md b/docs/vi/docker.md new file mode 100644 index 000000000..519ace5ba --- /dev/null +++ b/docs/vi/docker.md @@ -0,0 +1,166 @@ +# 🐳 Docker và Bắt Đầu Nhanh + +> Quay lại [README](../../README.vi.md) + +## 🐳 Docker Compose + +Bạn cũng có thể chạy PicoClaw bằng Docker Compose mà không cần cài đặt gì trên máy. + +```bash +# 1. Clone repo này +git clone https://github.com/sipeed/picoclaw.git +cd picoclaw + +# 2. Lần chạy đầu tiên — tự động tạo docker/data/config.json rồi thoát +docker compose -f docker/docker-compose.yml --profile gateway up +# Container hiển thị "First-run setup complete." và dừng lại. + +# 3. Cấu hình API key của bạn +vim docker/data/config.json # Set provider API keys, bot tokens, etc. + +# 4. Khởi động +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +> [!TIP] +> **Người dùng Docker**: Mặc định, Gateway lắng nghe trên `127.0.0.1`, không thể truy cập từ host. Nếu bạn cần truy cập các health endpoint hoặc mở port, hãy đặt `PICOCLAW_GATEWAY_HOST=0.0.0.0` trong môi trường hoặc cập nhật `config.json`. + +```bash +# 5. Kiểm tra log +docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway + +# 6. Dừng +docker compose -f docker/docker-compose.yml --profile gateway down +``` + +### Chế Độ Launcher (Web Console) + +Image `launcher` bao gồm cả ba binary (`picoclaw`, `picoclaw-launcher`, `picoclaw-launcher-tui`) và khởi động web console mặc định, cung cấp giao diện trình duyệt để cấu hình và chat. + +```bash +docker compose -f docker/docker-compose.yml --profile launcher up -d +``` + +Mở http://localhost:18800 trong trình duyệt. Launcher tự động quản lý tiến trình gateway. + +> [!WARNING] +> Web console chưa hỗ trợ xác thực. Tránh để lộ ra internet công cộng. + +### Chế Độ Agent (One-shot) + +```bash +# Đặt câu hỏi +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "What is 2+2?" + +# Chế độ tương tác +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent +``` + +### Cập Nhật + +```bash +docker compose -f docker/docker-compose.yml pull +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +### 🚀 Bắt Đầu Nhanh + +> [!TIP] +> Cấu hình API Key trong `~/.picoclaw/config.json`. Lấy API Key: [Volcengine (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM). Tìm kiếm web là tùy chọn — lấy miễn phí [Tavily API](https://tavily.com) (1000 truy vấn miễn phí/tháng) hoặc [Brave Search API](https://brave.com/search/api) (2000 truy vấn miễn phí/tháng). + +**1. Khởi tạo** + +```bash +picoclaw onboard +``` + +**2. Cấu hình** (`~/.picoclaw/config.json`) + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model_name": "gpt-5.4", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key", + "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "your-api-key", + "request_timeout": 300 + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "your-anthropic-key" + } + ], + "tools": { + "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", + "brave": { + "enabled": false, + "api_key": "YOUR_BRAVE_API_KEY", + "max_results": 5 + }, + "tavily": { + "enabled": false, + "api_key": "YOUR_TAVILY_API_KEY", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "YOUR_PERPLEXITY_API_KEY", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://your-searxng-instance:8888", + "max_results": 5 + } + } + } +} +``` + +> **Mới**: Định dạng cấu hình `model_list` cho phép thêm provider mà không cần thay đổi code. Xem [Cấu Hình Mô Hình](#cấu-hình-mô-hình-model_list) để biết chi tiết. +> `request_timeout` là tùy chọn và tính bằng giây. Nếu bỏ qua hoặc đặt `<= 0`, PicoClaw sử dụng timeout mặc định (120s). + +**3. Lấy API Key** + +* **Nhà cung cấp LLM**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) +* **Tìm kiếm Web** (tùy chọn): + * [Brave Search](https://brave.com/search/api) - Trả phí ($5/1000 truy vấn, ~$5-6/tháng) + * [Perplexity](https://www.perplexity.ai) - Tìm kiếm bằng AI với giao diện chat + * [SearXNG](https://github.com/searxng/searxng) - Công cụ tìm kiếm tổng hợp tự host (miễn phí, không cần API key) + * [Tavily](https://tavily.com) - Tối ưu cho AI Agent (1000 yêu cầu/tháng) + * DuckDuckGo - Fallback tích hợp (không cần API key) + +> **Lưu ý**: Xem `config.example.json` để có mẫu cấu hình đầy đủ. + +**4. Chat** + +```bash +picoclaw agent -m "What is 2+2?" +``` + +Vậy là xong! Bạn có một trợ lý AI hoạt động trong 2 phút. + +--- diff --git a/docs/vi/providers.md b/docs/vi/providers.md new file mode 100644 index 000000000..f7543eec3 --- /dev/null +++ b/docs/vi/providers.md @@ -0,0 +1,434 @@ +# 🔌 Nhà Cung Cấp và Cấu Hình Mô Hình + +> Quay lại [README](../../README.vi.md) + +### Nhà Cung Cấp + +> [!NOTE] +> Groq cung cấp chuyển đổi giọng nói miễn phí qua Whisper. Nếu được cấu hình, tin nhắn âm thanh từ bất kỳ kênh nào sẽ được tự động chuyển đổi ở cấp agent. + +| Provider | Purpose | Get API Key | +| ------------ | --------------------------------------- | ------------------------------------------------------------ | +| `gemini` | LLM (Gemini direct) | [aistudio.google.com](https://aistudio.google.com) | +| `zhipu` | LLM (Zhipu direct) | [bigmodel.cn](https://bigmodel.cn) | +| `volcengine` | LLM(Volcengine direct) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| `openrouter` | LLM (recommended, access to all models) | [openrouter.ai](https://openrouter.ai) | +| `anthropic` | LLM (Claude direct) | [console.anthropic.com](https://console.anthropic.com) | +| `openai` | LLM (GPT direct) | [platform.openai.com](https://platform.openai.com) | +| `deepseek` | LLM (DeepSeek direct) | [platform.deepseek.com](https://platform.deepseek.com) | +| `qwen` | LLM (Qwen direct) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) | +| `groq` | LLM + **Voice transcription** (Whisper) | [console.groq.com](https://console.groq.com) | +| `cerebras` | LLM (Cerebras direct) | [cerebras.ai](https://cerebras.ai) | +| `vivgrid` | LLM (Vivgrid direct) | [vivgrid.com](https://vivgrid.com) | +| `moonshot` | LLM (Kimi/Moonshot direct) | [platform.moonshot.cn](https://platform.moonshot.cn) | +| `minimax` | LLM (Minimax direct) | [platform.minimaxi.com](https://platform.minimaxi.com) | +| `avian` | LLM (Avian direct) | [avian.io](https://avian.io) | +| `mistral` | LLM (Mistral direct) | [console.mistral.ai](https://console.mistral.ai) | +| `longcat` | LLM (Longcat direct) | [longcat.ai](https://longcat.ai) | +| `modelscope` | LLM (ModelScope direct) | [modelscope.cn](https://modelscope.cn) | + +### Cấu Hình Mô Hình (model_list) + +> **Có gì mới?** PicoClaw hiện sử dụng cách tiếp cận cấu hình **tập trung vào mô hình**. Chỉ cần chỉ định định dạng `vendor/model` (ví dụ: `zhipu/glm-4.7`) để thêm provider mới — **không cần thay đổi code!** + +Thiết kế này cũng cho phép **hỗ trợ đa agent** với lựa chọn provider linh hoạt: + +- **Agent khác nhau, provider khác nhau**: Mỗi agent có thể sử dụng provider LLM riêng +- **Fallback mô hình**: Cấu hình mô hình chính và dự phòng cho khả năng phục hồi +- **Cân bằng tải**: Phân phối yêu cầu qua nhiều endpoint +- **Cấu hình tập trung**: Quản lý tất cả provider tại một nơi + +#### 📋 Tất Cả Vendor Được Hỗ Trợ + +| Vendor | `model` Prefix | Default API Base | Protocol | API Key | +| ------------------- | ----------------- |-----------------------------------------------------| --------- | ---------------------------------------------------------------- | +| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Get Key](https://platform.openai.com) | +| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Get Key](https://console.anthropic.com) | +| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Get Key](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | +| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Get Key](https://platform.deepseek.com) | +| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Get Key](https://aistudio.google.com/api-keys) | +| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Get Key](https://console.groq.com) | +| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [Get Key](https://platform.moonshot.cn) | +| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Get Key](https://dashscope.console.aliyun.com) | +| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [Get Key](https://build.nvidia.com) | +| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (no key needed) | +| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Get Key](https://openrouter.ai/keys) | +| **LiteLLM Proxy** | `litellm/` | `http://localhost:4000/v1` | OpenAI | Your LiteLLM proxy key | +| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | Local | +| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [Get Key](https://cerebras.ai) | +| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Get Key](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| **神算云** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | +| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [Get Key](https://www.byteplus.com) | +| **Vivgrid** | `vivgrid/` | `https://api.vivgrid.com/v1` | OpenAI | [Get Key](https://vivgrid.com) | +| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [Get Key](https://longcat.chat/platform) | +| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [Get Token](https://modelscope.cn/my/tokens) | +| **Antigravity** | `antigravity/` | Google Cloud | Custom | OAuth only | +| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | + +#### Cấu Hình Cơ Bản + +```json +{ + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-your-openai-key" + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" + }, + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-zhipu-key" + } + ], + "agents": { + "defaults": { + "model": "gpt-5.4" + } + } +} +``` + +#### Ví Dụ Theo Vendor + +**OpenAI** + +```json +{ + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-..." +} +``` + +**VolcEngine (Doubao)** + +```json +{ + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-..." +} +``` + +**智谱 AI (GLM)** + +```json +{ + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" +} +``` + +**DeepSeek** + +```json +{ + "model_name": "deepseek-chat", + "model": "deepseek/deepseek-chat", + "api_key": "sk-..." +} +``` + +**Anthropic (với API key)** + +```json +{ + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" +} +``` + +> Chạy `picoclaw auth login --provider anthropic` để dán API token. + +**Anthropic Messages API (định dạng native)** + +Để truy cập trực tiếp API Anthropic hoặc endpoint tùy chỉnh chỉ hỗ trợ định dạng message native của Anthropic: + +```json +{ + "model_name": "claude-opus-4-6", + "model": "anthropic-messages/claude-opus-4-6", + "api_key": "sk-ant-your-key", + "api_base": "https://api.anthropic.com" +} +``` + +> Sử dụng giao thức `anthropic-messages` khi: +> - Sử dụng proxy bên thứ ba chỉ hỗ trợ endpoint native `/v1/messages` của Anthropic (không tương thích OpenAI `/v1/chat/completions`) +> - Kết nối đến dịch vụ như MiniMax, Synthetic yêu cầu định dạng message native của Anthropic +> - Giao thức `anthropic` hiện tại trả về lỗi 404 (cho thấy endpoint không hỗ trợ định dạng tương thích OpenAI) +> +> **Lưu ý:** Giao thức `anthropic` sử dụng định dạng tương thích OpenAI (`/v1/chat/completions`), trong khi `anthropic-messages` sử dụng định dạng native của Anthropic (`/v1/messages`). Chọn dựa trên định dạng endpoint hỗ trợ. + +**Ollama (local)** + +```json +{ + "model_name": "llama3", + "model": "ollama/llama3" +} +``` + +**Proxy/API Tùy Chỉnh** + +```json +{ + "model_name": "my-custom-model", + "model": "openai/custom-model", + "api_base": "https://my-proxy.com/v1", + "api_key": "sk-...", + "request_timeout": 300 +} +``` + +**LiteLLM Proxy** + +```json +{ + "model_name": "lite-gpt4", + "model": "litellm/lite-gpt4", + "api_base": "http://localhost:4000/v1", + "api_key": "sk-..." +} +``` + +PicoClaw chỉ loại bỏ tiền tố ngoài `litellm/` trước khi gửi yêu cầu, nên alias proxy như `litellm/lite-gpt4` gửi `lite-gpt4`, trong khi `litellm/openai/gpt-4o` gửi `openai/gpt-4o`. + +#### Cân Bằng Tải + +Cấu hình nhiều endpoint cho cùng tên mô hình — PicoClaw sẽ tự động round-robin giữa chúng: + +```json +{ + "model_list": [ + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api1.example.com/v1", + "api_key": "sk-key1" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api2.example.com/v1", + "api_key": "sk-key2" + } + ] +} +``` + +#### Di Chuyển Từ Cấu Hình Legacy `providers` + +Cấu hình `providers` cũ đã **ngừng hỗ trợ** nhưng vẫn được hỗ trợ để tương thích ngược. + +**Cấu hình cũ (ngừng hỗ trợ):** + +```json +{ + "providers": { + "zhipu": { + "api_key": "your-key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + }, + "agents": { + "defaults": { + "provider": "zhipu", + "model": "glm-4.7" + } + } +} +``` + +**Cấu hình mới (khuyến nghị):** + +```json +{ + "model_list": [ + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" + } + ], + "agents": { + "defaults": { + "model": "glm-4.7" + } + } +} +``` + +Để xem hướng dẫn di chuyển chi tiết, xem [docs/migration/model-list-migration.md](docs/migration/model-list-migration.md). + +### Kiến Trúc Provider + +PicoClaw định tuyến provider theo họ giao thức: + +- Giao thức tương thích OpenAI: OpenRouter, gateway tương thích OpenAI, Groq, Zhipu, và endpoint kiểu vLLM. +- Giao thức Anthropic: Hành vi API native của Claude. +- Đường dẫn Codex/OAuth: Tuyến xác thực OAuth/token của OpenAI. + +Điều này giữ runtime nhẹ trong khi làm cho backend tương thích OpenAI mới chủ yếu là thao tác cấu hình (`api_base` + `api_key`). + +
+Zhipu + +**1. Lấy API key và URL base** + +* Lấy [API key](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) + +**2. Cấu hình** + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model": "glm-4.7", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "providers": { + "zhipu": { + "api_key": "Your API Key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + } +} +``` + +**3. Chạy** + +```bash +picoclaw agent -m "Hello" +``` + +
+ +
+Ví dụ cấu hình đầy đủ + +```json +{ + "agents": { + "defaults": { + "model": "anthropic/claude-opus-4-5" + } + }, + "session": { + "dm_scope": "per-channel-peer", + "backlog_limit": 20 + }, + "providers": { + "openrouter": { + "api_key": "sk-or-v1-xxx" + }, + "groq": { + "api_key": "gsk_xxx" + } + }, + "channels": { + "telegram": { + "enabled": true, + "token": "123456:ABC...", + "allow_from": ["123456789"] + }, + "discord": { + "enabled": true, + "token": "", + "allow_from": [""] + }, + "whatsapp": { + "enabled": false, + "bridge_url": "ws://localhost:3001", + "use_native": false, + "session_store_path": "", + "allow_from": [] + }, + "feishu": { + "enabled": false, + "app_id": "cli_xxx", + "app_secret": "xxx", + "encrypt_key": "", + "verification_token": "", + "allow_from": [] + }, + "qq": { + "enabled": false, + "app_id": "", + "app_secret": "", + "allow_from": [] + } + }, + "tools": { + "web": { + "brave": { + "enabled": false, + "api_key": "BSA...", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://localhost:8888", + "max_results": 5 + } + }, + "cron": { + "exec_timeout_minutes": 5 + } + }, + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +
+ +--- + +## 📝 So Sánh API Key + +| Service | Pricing | Use Case | +| ---------------- | ------------------------ | ------------------------------------- | +| **OpenRouter** | Free: 200K tokens/month | Multiple models (Claude, GPT-4, etc.) | +| **Volcengine CodingPlan** | ¥9.9/first month | Best for Chinese users, multiple SOTA models (Doubao, DeepSeek, etc.) | +| **Zhipu** | Free: 200K tokens/month | Suitable for Chinese users | +| **Brave Search** | $5/1000 queries | Web search functionality | +| **SearXNG** | Free (self-hosted) | Privacy-focused metasearch (70+ engines) | +| **Groq** | Free tier available | Fast inference (Llama, Mixtral) | +| **Cerebras** | Free tier available | Fast inference (Llama, Qwen, etc.) | +| **LongCat** | Free: up to 5M tokens/day | Fast inference | +| **ModelScope** | Free: 2000 requests/day | Inference (Qwen, GLM, DeepSeek, etc.) | + +--- + +
+ PicoClaw Meme +
diff --git a/docs/vi/spawn-tasks.md b/docs/vi/spawn-tasks.md new file mode 100644 index 000000000..78f728040 --- /dev/null +++ b/docs/vi/spawn-tasks.md @@ -0,0 +1,61 @@ +# 🔄 Tác Vụ Bất Đồng Bộ và Spawn + +> Quay lại [README](../../README.vi.md) + +## Tác Vụ Nhanh (phản hồi trực tiếp) + +- Báo cáo thời gian hiện tại + +## Tác Vụ Dài (sử dụng spawn cho bất đồng bộ) + +- Tìm kiếm web tin tức AI và tóm tắt +- Kiểm tra email và báo cáo tin nhắn quan trọng +``` + +**Hành vi chính:** + +| Feature | Description | +| ----------------------- | --------------------------------------------------------- | +| **spawn** | Creates async subagent, doesn't block heartbeat | +| **Independent context** | Subagent has its own context, no session history | +| **message tool** | Subagent communicates with user directly via message tool | +| **Non-blocking** | After spawning, heartbeat continues to next task | + +#### Cách Giao Tiếp Subagent Hoạt Động + +``` +Heartbeat được kích hoạt + ↓ +Agent đọc HEARTBEAT.md + ↓ +Cho tác vụ dài: spawn subagent + ↓ ↓ +Tiếp tục tác vụ tiếp theo Subagent làm việc độc lập + ↓ ↓ +Tất cả tác vụ hoàn thành Subagent sử dụng công cụ "message" + ↓ ↓ +Phản hồi HEARTBEAT_OK Người dùng nhận kết quả trực tiếp +``` + +Subagent có quyền truy cập công cụ (message, web_search, v.v.) và có thể giao tiếp với người dùng độc lập mà không cần qua agent chính. + +**Cấu hình:** + +```json +{ + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +| Option | Default | Description | +| ---------- | ------- | ---------------------------------- | +| `enabled` | `true` | Enable/disable heartbeat | +| `interval` | `30` | Check interval in minutes (min: 5) | + +**Biến môi trường:** + +* `PICOCLAW_HEARTBEAT_ENABLED=false` để tắt +* `PICOCLAW_HEARTBEAT_INTERVAL=60` để thay đổi khoảng thời gian diff --git a/docs/vi/tools_configuration.md b/docs/vi/tools_configuration.md new file mode 100644 index 000000000..6cc4dc8b6 --- /dev/null +++ b/docs/vi/tools_configuration.md @@ -0,0 +1,336 @@ +# 🔧 Cấu Hình Công Cụ + +> Quay lại [README](../../README.vi.md) + +Cấu hình công cụ của PicoClaw nằm trong trường `tools` của `config.json`. + +## Cấu trúc thư mục + +```json +{ + "tools": { + "web": { + ... + }, + "mcp": { + ... + }, + "exec": { + ... + }, + "cron": { + ... + }, + "skills": { + ... + } + } +} +``` + +## Công cụ Web + +Các công cụ web được sử dụng để tìm kiếm và tải nội dung web. + +### Web Fetcher +Cài đặt chung để tải và xử lý nội dung trang web. + +| Cấu hình | Kiểu | Mặc định | Mô tả | +|----------------------|--------|---------------|-----------------------------------------------------------------------------------------------| +| `enabled` | bool | true | Bật khả năng tải trang web. | +| `fetch_limit_bytes` | int | 10485760 | Kích thước tối đa của payload trang web cần tải, tính bằng byte (mặc định là 10MB). | +| `format` | string | "plaintext" | Định dạng đầu ra của nội dung đã tải. Tùy chọn: `plaintext` hoặc `markdown` (khuyến nghị). | + +### Brave + +| Cấu hình | Kiểu | Mặc định | Mô tả | +|----------------|--------|----------|----------------------------| +| `enabled` | bool | false | Bật tìm kiếm Brave | +| `api_key` | string | - | Khóa API Brave Search | +| `max_results` | int | 5 | Số kết quả tối đa | + +### DuckDuckGo + +| Cấu hình | Kiểu | Mặc định | Mô tả | +|----------------|------|----------|-------------------------------| +| `enabled` | bool | true | Bật tìm kiếm DuckDuckGo | +| `max_results` | int | 5 | Số kết quả tối đa | + +### Perplexity + +| Cấu hình | Kiểu | Mặc định | Mô tả | +|----------------|--------|----------|-------------------------------| +| `enabled` | bool | false | Bật tìm kiếm Perplexity | +| `api_key` | string | - | Khóa API Perplexity | +| `max_results` | int | 5 | Số kết quả tối đa | + +## Công cụ Exec + +Công cụ exec được sử dụng để thực thi các lệnh shell. + +| Cấu hình | Kiểu | Mặc định | Mô tả | +|--------------------------|-------|----------|------------------------------------------------| +| `enable_deny_patterns` | bool | true | Bật chặn lệnh nguy hiểm mặc định | +| `custom_deny_patterns` | array | [] | Mẫu từ chối tùy chỉnh (biểu thức chính quy) | + +### Chức năng + +- **`enable_deny_patterns`**: Đặt thành `false` để tắt hoàn toàn các mẫu chặn lệnh nguy hiểm mặc định +- **`custom_deny_patterns`**: Thêm các mẫu regex từ chối tùy chỉnh; các lệnh khớp sẽ bị chặn + +### Các mẫu lệnh bị chặn mặc định + +Theo mặc định, PicoClaw chặn các lệnh nguy hiểm sau: + +- Lệnh xóa: `rm -rf`, `del /f/q`, `rmdir /s` +- Thao tác đĩa: `format`, `mkfs`, `diskpart`, `dd if=`, ghi vào `/dev/sd*` +- Thao tác hệ thống: `shutdown`, `reboot`, `poweroff` +- Thay thế lệnh: `$()`, `${}`, dấu backtick +- Pipe đến shell: `| sh`, `| bash` +- Leo thang đặc quyền: `sudo`, `chmod`, `chown` +- Điều khiển tiến trình: `pkill`, `killall`, `kill -9` +- Thao tác từ xa: `curl | sh`, `wget | sh`, `ssh` +- Quản lý gói: `apt`, `yum`, `dnf`, `npm install -g`, `pip install --user` +- Container: `docker run`, `docker exec` +- Git: `git push`, `git force` +- Khác: `eval`, `source *.sh` + +### Hạn chế kiến trúc đã biết + +Bộ bảo vệ exec chỉ xác thực lệnh cấp cao nhất được gửi đến PicoClaw. Nó **không** kiểm tra đệ quy các tiến trình con được tạo bởi các công cụ build hoặc script sau khi lệnh đó bắt đầu chạy. + +Ví dụ về các quy trình có thể bỏ qua bộ bảo vệ lệnh trực tiếp sau khi lệnh ban đầu được cho phép: + +- `make run` +- `go run ./cmd/...` +- `cargo run` +- `npm run build` + +Điều này có nghĩa là bộ bảo vệ hữu ích để chặn các lệnh trực tiếp rõ ràng nguy hiểm, nhưng nó **không phải** là sandbox đầy đủ cho các pipeline build chưa được xem xét. Nếu mô hình mối đe dọa của bạn bao gồm mã không đáng tin cậy trong workspace, hãy sử dụng cách ly mạnh hơn như container, VM hoặc quy trình phê duyệt xung quanh các lệnh build và chạy. + +### Ví dụ cấu hình + +```json +{ + "tools": { + "exec": { + "enable_deny_patterns": true, + "custom_deny_patterns": [ + "\\brm\\s+-r\\b", + "\\bkillall\\s+python" + ] + } + } +} +``` + +## Công cụ Cron + +Công cụ cron được sử dụng để lên lịch các tác vụ định kỳ. + +| Cấu hình | Kiểu | Mặc định | Mô tả | +|--------------------------|------|----------|-----------------------------------------------------| +| `exec_timeout_minutes` | int | 5 | Thời gian chờ thực thi tính bằng phút, 0 nghĩa là không giới hạn | + +## Công cụ MCP + +Công cụ MCP cho phép tích hợp với các máy chủ Model Context Protocol bên ngoài. + +### Khám phá công cụ (tải chậm) + +Khi kết nối với nhiều máy chủ MCP, việc hiển thị hàng trăm công cụ cùng lúc có thể làm cạn kiệt cửa sổ ngữ cảnh của LLM và tăng chi phí API. Tính năng **Discovery** giải quyết vấn đề này bằng cách giữ các công cụ MCP *ẩn* theo mặc định. + +Thay vì tải tất cả các công cụ, LLM được cung cấp một công cụ tìm kiếm nhẹ (sử dụng khớp từ khóa BM25 hoặc Regex). Khi LLM cần một khả năng cụ thể, nó tìm kiếm trong thư viện ẩn. Các công cụ khớp sau đó được tạm thời "mở khóa" và đưa vào ngữ cảnh trong số lượt được cấu hình (`ttl`). + +### Cấu hình toàn cục + +| Cấu hình | Kiểu | Mặc định | Mô tả | +|-------------|--------|----------|-----------------------------------------------| +| `enabled` | bool | false | Bật tích hợp MCP toàn cục | +| `discovery` | object | `{}` | Cấu hình khám phá công cụ (xem bên dưới) | +| `servers` | object | `{}` | Ánh xạ tên máy chủ đến cấu hình máy chủ | + +### Cấu hình Discovery (`discovery`) + +| Cấu hình | Kiểu | Mặc định | Mô tả | +|----------------------|------|----------|-----------------------------------------------------------------------------------------------------------------------------------| +| `enabled` | bool | false | Nếu true, các công cụ MCP bị ẩn và được tải theo yêu cầu qua tìm kiếm. Nếu false, tất cả công cụ được tải | +| `ttl` | int | 5 | Số lượt hội thoại mà một công cụ đã khám phá vẫn được mở khóa | +| `max_search_results` | int | 5 | Số công cụ tối đa được trả về cho mỗi truy vấn tìm kiếm | +| `use_bm25` | bool | true | Bật công cụ tìm kiếm ngôn ngữ tự nhiên/từ khóa (`tool_search_tool_bm25`). **Cảnh báo**: tiêu tốn nhiều tài nguyên hơn tìm kiếm regex | +| `use_regex` | bool | false | Bật công cụ tìm kiếm mẫu regex (`tool_search_tool_regex`) | + +> **Lưu ý:** Nếu `discovery.enabled` là `true`, bạn **phải** bật ít nhất một công cụ tìm kiếm (`use_bm25` hoặc `use_regex`), +> nếu không ứng dụng sẽ không khởi động được. + +### Cấu hình từng máy chủ + +| Cấu hình | Kiểu | Bắt buộc | Mô tả | +|------------|--------|----------|--------------------------------------------| +| `enabled` | bool | có | Bật máy chủ MCP này | +| `type` | string | không | Loại truyền tải: `stdio`, `sse`, `http` | +| `command` | string | stdio | Lệnh thực thi cho truyền tải stdio | +| `args` | array | không | Đối số lệnh cho truyền tải stdio | +| `env` | object | không | Biến môi trường cho tiến trình stdio | +| `env_file` | string | không | Đường dẫn đến tệp môi trường cho tiến trình stdio | +| `url` | string | sse/http | URL endpoint cho truyền tải `sse`/`http` | +| `headers` | object | không | Header HTTP cho truyền tải `sse`/`http` | + +### Hành vi truyền tải + +- Nếu bỏ qua `type`, truyền tải được tự động phát hiện: + - `url` được đặt → `sse` + - `command` được đặt → `stdio` +- `http` và `sse` đều sử dụng `url` + `headers` tùy chọn. +- `env` và `env_file` chỉ được áp dụng cho máy chủ `stdio`. + +### Ví dụ cấu hình + +#### 1) Máy chủ MCP Stdio + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "servers": { + "filesystem": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-filesystem", + "/tmp" + ] + } + } + } + } +} +``` + +#### 2) Máy chủ MCP từ xa SSE/HTTP + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "servers": { + "remote-mcp": { + "enabled": true, + "type": "sse", + "url": "https://example.com/mcp", + "headers": { + "Authorization": "Bearer YOUR_TOKEN" + } + } + } + } + } +} +``` + +#### 3) Thiết lập MCP quy mô lớn với khám phá công cụ được bật + +*Trong ví dụ này, LLM chỉ thấy `tool_search_tool_bm25`. Nó sẽ tìm kiếm và mở khóa động các công cụ Github hoặc Postgres chỉ khi được người dùng yêu cầu.* + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "discovery": { + "enabled": true, + "ttl": 5, + "max_search_results": 5, + "use_bm25": true, + "use_regex": false + }, + "servers": { + "github": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-github" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "YOUR_GITHUB_TOKEN" + } + }, + "postgres": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-postgres", + "postgresql://user:password@localhost/dbname" + ] + }, + "slack": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-slack" + ], + "env": { + "SLACK_BOT_TOKEN": "YOUR_SLACK_BOT_TOKEN", + "SLACK_TEAM_ID": "YOUR_SLACK_TEAM_ID" + } + } + } + } + } +} +``` + +## Công cụ Skills + +Công cụ skills cấu hình khám phá và cài đặt kỹ năng thông qua các registry như ClawHub. + +### Registry + +| Cấu hình | Kiểu | Mặc định | Mô tả | +|------------------------------------|--------|-----------------------|----------------------------------------------| +| `registries.clawhub.enabled` | bool | true | Bật registry ClawHub | +| `registries.clawhub.base_url` | string | `https://clawhub.ai` | URL cơ sở ClawHub | +| `registries.clawhub.auth_token` | string | `""` | Token Bearer tùy chọn để có giới hạn tốc độ cao hơn | +| `registries.clawhub.search_path` | string | `/api/v1/search` | Đường dẫn API tìm kiếm | +| `registries.clawhub.skills_path` | string | `/api/v1/skills` | Đường dẫn API Skills | +| `registries.clawhub.download_path` | string | `/api/v1/download` | Đường dẫn API tải xuống | + +### Ví dụ cấu hình + +```json +{ + "tools": { + "skills": { + "registries": { + "clawhub": { + "enabled": true, + "base_url": "https://clawhub.ai", + "auth_token": "", + "search_path": "/api/v1/search", + "skills_path": "/api/v1/skills", + "download_path": "/api/v1/download" + } + } + } + } +} +``` + +## Biến môi trường + +Tất cả các tùy chọn cấu hình có thể được ghi đè qua biến môi trường với định dạng `PICOCLAW_TOOLS_
_`: + +Ví dụ: + +- `PICOCLAW_TOOLS_WEB_BRAVE_ENABLED=true` +- `PICOCLAW_TOOLS_EXEC_ENABLE_DENY_PATTERNS=false` +- `PICOCLAW_TOOLS_CRON_EXEC_TIMEOUT_MINUTES=10` +- `PICOCLAW_TOOLS_MCP_ENABLED=true` + +Lưu ý: Cấu hình kiểu map lồng nhau (ví dụ `tools.mcp.servers..*`) được cấu hình trong `config.json` thay vì qua biến môi trường. diff --git a/docs/vi/troubleshooting.md b/docs/vi/troubleshooting.md new file mode 100644 index 000000000..d74153aa3 --- /dev/null +++ b/docs/vi/troubleshooting.md @@ -0,0 +1,45 @@ +# 🐛 Khắc Phục Sự Cố + +> Quay lại [README](../../README.vi.md) + +## "model ... not found in model_list" hoặc OpenRouter "free is not a valid model ID" + +**Triệu chứng:** Bạn thấy một trong các lỗi sau: + +- `Error creating provider: model "openrouter/free" not found in model_list` +- OpenRouter trả về 400: `"free is not a valid model ID"` + +**Nguyên nhân:** Trường `model` trong mục `model_list` của bạn là giá trị được gửi đến API. Đối với OpenRouter, bạn phải sử dụng ID mô hình **đầy đủ**, không phải dạng viết tắt. + +- **Sai:** `"model": "free"` → OpenRouter nhận được `free` và từ chối. +- **Đúng:** `"model": "openrouter/free"` → OpenRouter nhận được `openrouter/free` (định tuyến tự động tầng miễn phí). + +**Cách sửa:** Trong `~/.picoclaw/config.json` (hoặc đường dẫn cấu hình của bạn): + +1. **agents.defaults.model** phải khớp với một `model_name` trong `model_list` (ví dụ: `"openrouter-free"`). +2. **model** của mục đó phải là ID mô hình OpenRouter hợp lệ, ví dụ: + - `"openrouter/free"` – tầng miễn phí tự động + - `"google/gemini-2.0-flash-exp:free"` + - `"meta-llama/llama-3.1-8b-instruct:free"` + +Ví dụ: + +```json +{ + "agents": { + "defaults": { + "model": "openrouter-free" + } + }, + "model_list": [ + { + "model_name": "openrouter-free", + "model": "openrouter/free", + "api_key": "sk-or-v1-YOUR_OPENROUTER_KEY", + "api_base": "https://openrouter.ai/api/v1" + } + ] +} +``` + +Lấy khóa của bạn tại [OpenRouter Keys](https://openrouter.ai/keys). diff --git a/docs/zh/chat-apps.md b/docs/zh/chat-apps.md new file mode 100644 index 000000000..4957fbcca --- /dev/null +++ b/docs/zh/chat-apps.md @@ -0,0 +1,574 @@ +# 💬 聊天应用配置 + +> 返回 [README](../../README.zh.md) + +## 💬 聊天应用集成 (Chat Apps) + +PicoClaw 支持多种聊天平台,使您的 Agent 能够连接到任何地方。 + +> **注意**: 所有 Webhook 类渠道(LINE、WeCom 等)均挂载在同一个 Gateway HTTP 服务器上(`gateway.host`:`gateway.port`,默认 `127.0.0.1:18790`),无需为每个渠道单独配置端口。注意:飞书(Feishu)使用 WebSocket/SDK 模式,不通过该共享 HTTP webhook 服务器接收消息。 + +### 核心渠道 + +| 渠道 | 设置难度 | 特性说明 | 文档链接 | +| -------------------- | ----------- | ----------------------------------------- | --------------------------------------------------------------------------------------------------------------- | +| **Telegram** | ⭐ 简单 | 推荐,支持语音转文字,长轮询无需公网 | [查看文档](../channels/telegram/README.zh.md) | +| **Discord** | ⭐ 简单 | Socket Mode,支持群组/私信,Bot 生态成熟 | [查看文档](../channels/discord/README.zh.md) | +| **WhatsApp** | ⭐ 简单 | 原生 (QR 扫码) 或 Bridge URL | [查看文档](../channels/whatsapp/README.zh.md) | +| **Slack** | ⭐ 简单 | **Socket Mode** (无需公网 IP),企业级支持 | [查看文档](../channels/slack/README.zh.md) | +| **Matrix** | ⭐⭐ 中等 | 联邦协议,支持自建 homeserver 与公开服务器 | [查看文档](../channels/matrix/README.zh.md) | +| **QQ** | ⭐⭐ 中等 | 官方机器人 API,适合国内社群 | [查看文档](../channels/qq/README.zh.md) | +| **钉钉 (DingTalk)** | ⭐⭐ 中等 | Stream 模式无需公网,企业办公首选 | [查看文档](../channels/dingtalk/README.zh.md) | +| **LINE** | ⭐⭐⭐ 较难 | 需要 HTTPS Webhook | [查看文档](../channels/line/README.zh.md) | +| **企业微信 (WeCom)** | ⭐⭐⭐ 较难 | 支持群机器人(Webhook)、自建应用(API)和智能机器人(AI Bot) | [Bot 文档](../channels/wecom/wecom_bot/README.zh.md) / [App 文档](../channels/wecom/wecom_app/README.zh.md) / [AI Bot 文档](../channels/wecom/wecom_aibot/README.zh.md) | +| **飞书 (Feishu)** | ⭐⭐⭐ 较难 | 企业级协作,功能丰富 | [查看文档](../channels/feishu/README.zh.md) | +| **IRC** | ⭐⭐ 中等 | 服务器 + TLS 配置 | - | +| **OneBot** | ⭐⭐ 中等 | 兼容 NapCat/Go-CQHTTP,社区生态丰富 | [查看文档](../channels/onebot/README.zh.md) | +| **MaixCam** | ⭐ 简单 | 专为 AI 摄像头设计的硬件集成通道 | [查看文档](../channels/maixcam/README.zh.md) | +| **Pico** | ⭐ 简单 | PicoClaw 原生协议通道 | | + +--- + +
+Telegram(推荐) + +**1. 创建 Bot** + +* 打开 Telegram,搜索 `@BotFather` +* 发送 `/newbot`,按提示操作 +* 复制 Token + +**2. 配置** + +```json +{ + "channels": { + "telegram": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +> 通过 Telegram 上的 `@userinfobot` 获取你的 User ID。 + +**3. 运行** + +```bash +picoclaw gateway +``` + +**4. Telegram 命令菜单(启动时自动注册)** + +PicoClaw 使用统一的命令定义来源。启动时会自动将 Telegram 支持的命令(例如 `/start`、`/help`、`/show`、`/list`)注册到 Bot 命令菜单,确保菜单展示与实际行为一致。 +Telegram 侧保留的是命令菜单注册能力;通用命令的实际执行统一走 Agent Loop 中的 commands executor。 + +如果注册因网络或 API 短暂异常失败,不会阻塞 channel 启动;系统会在后台自动重试。 + +
+ +
+Discord + +**1. 创建 Bot** + +* 前往 +* 创建应用 → Bot → 添加 Bot +* 复制 Bot Token + +**2. 启用 Intents** + +* 在 Bot 设置中启用 **MESSAGE CONTENT INTENT** +* (可选)启用 **SERVER MEMBERS INTENT**(如需基于成员数据的白名单) + +**3. 获取 User ID** + +* Discord 设置 → 高级 → 启用 **开发者模式** +* 右键点击头像 → **复制用户 ID** + +**4. 配置** + +```json +{ + "channels": { + "discord": { + "enabled": true, + "token": "YOUR_BOT_TOKEN", + "allow_from": ["YOUR_USER_ID"] + } + } +} +``` + +**5. 邀请 Bot** + +* OAuth2 → URL Generator +* Scopes: `bot` +* Bot Permissions: `Send Messages`, `Read Message History` +* 打开生成的邀请链接,将 Bot 添加到服务器 + +**可选:群组触发模式** + +默认情况下 Bot 会回复服务器频道中的所有消息。如需仅在 @提及时回复: + +```json +{ + "channels": { + "discord": { + "group_trigger": { "mention_only": true } + } + } +} +``` + +也可通过关键词前缀触发(如 `!bot`): + +```json +{ + "channels": { + "discord": { + "group_trigger": { "prefixes": ["!bot"] } + } + } +} +``` + +**6. 运行** + +```bash +picoclaw gateway +``` + +
+ +
+WhatsApp(原生 whatsmeow) + +PicoClaw 支持两种 WhatsApp 连接方式: + +- **原生(推荐):** 进程内使用 [whatsmeow](https://github.com/tulir/whatsmeow),无需独立 Bridge。设置 `"use_native": true` 并留空 `bridge_url`。首次运行时用 WhatsApp 扫描 QR 码(关联设备)。会话存储在工作区下(如 `workspace/whatsapp/`)。原生渠道为**可选**构建,使用 `-tags whatsapp_native` 编译(如 `make build-whatsapp-native` 或 `go build -tags whatsapp_native ./cmd/...`)。 +- **Bridge:** 连接外部 WebSocket Bridge。设置 `bridge_url`(如 `ws://localhost:3001`),保持 `use_native` 为 false。 + +**配置(原生)** + +```json +{ + "channels": { + "whatsapp": { + "enabled": true, + "use_native": true, + "session_store_path": "", + "allow_from": [] + } + } +} +``` + +如果 `session_store_path` 为空,会话存储在 `/whatsapp/`。运行 `picoclaw gateway`;首次运行时在终端扫描 QR 码(WhatsApp → 关联设备)。 + +
+ +
+Matrix + +**1. 准备 Bot 账号** + +* 使用你的 homeserver(如 `https://matrix.org` 或自建) +* 创建 Bot 用户并获取 access token + +**2. 配置** + +```json +{ + "channels": { + "matrix": { + "enabled": true, + "homeserver": "https://matrix.org", + "user_id": "@your-bot:matrix.org", + "access_token": "YOUR_MATRIX_ACCESS_TOKEN", + "allow_from": [] + } + } +} +``` + +**3. 运行** + +```bash +picoclaw gateway +``` + +完整选项(`device_id`、`join_on_invite`、`group_trigger`、`placeholder`、`reasoning_channel_id`)请参考 [Matrix 渠道配置指南](../channels/matrix/README.md)。 + +
+ +
+QQ + +**1. 创建 Bot** + +- 前往 [QQ 开放平台](https://q.qq.com/#) +- 创建应用 → 获取 **AppID** 和 **AppSecret** + +**2. 配置** + +```json +{ + "channels": { + "qq": { + "enabled": true, + "app_id": "YOUR_APP_ID", + "app_secret": "YOUR_APP_SECRET", + "allow_from": [] + } + } +} +``` + +> `allow_from` 留空表示允许所有用户,或指定 QQ 号限制访问。 + +**3. 运行** + +```bash +picoclaw gateway +``` + +
+ +
+Slack + +**1. 创建 Slack App** + +* 前往 [Slack API](https://api.slack.com/apps) 创建应用 +* 启用 **Socket Mode** +* 获取 **Bot Token** 和 **App-Level Token** + +**2. 配置** + +```json +{ + "channels": { + "slack": { + "enabled": true, + "bot_token": "xoxb-YOUR_BOT_TOKEN", + "app_token": "xapp-YOUR_APP_TOKEN", + "allow_from": [] + } + } +} +``` + +**3. 运行** + +```bash +picoclaw gateway +``` + +
+ +
+IRC + +**1. 配置** + +```json +{ + "channels": { + "irc": { + "enabled": true, + "server": "irc.libera.chat:6697", + "nick": "picoclaw-bot", + "use_tls": true, + "channels_to_join": ["#your-channel"], + "allow_from": [] + } + } +} +``` + +**2. 运行** + +```bash +picoclaw gateway +``` + +
+ +
+钉钉 (DingTalk) + +**1. 创建 Bot** + +* 前往 [开放平台](https://open.dingtalk.com/) +* 创建内部应用 +* 复制 Client ID 和 Client Secret + +**2. 配置** + +```json +{ + "channels": { + "dingtalk": { + "enabled": true, + "client_id": "YOUR_CLIENT_ID", + "client_secret": "YOUR_CLIENT_SECRET", + "allow_from": [] + } + } +} +``` + +> `allow_from` 留空表示允许所有用户,或指定钉钉用户 ID 限制访问。 + +**3. 运行** + +```bash +picoclaw gateway +``` + +
+ +
+LINE + +**1. 创建 LINE Official Account** + +- 前往 [LINE Developers Console](https://developers.line.biz/) +- 创建 Provider → 创建 Messaging API Channel +- 复制 **Channel Secret** 和 **Channel Access Token** + +**2. 配置** + +```json +{ + "channels": { + "line": { + "enabled": true, + "channel_secret": "YOUR_CHANNEL_SECRET", + "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN", + "webhook_path": "/webhook/line", + "allow_from": [] + } + } +} +``` + +> LINE Webhook 挂载在共享 Gateway 服务器上(`gateway.host`:`gateway.port`,默认 `127.0.0.1:18790`)。 + +**3. 设置 Webhook URL** + +LINE 要求 HTTPS Webhook。使用反向代理或隧道: + +```bash +# 示例:使用 ngrok(Gateway 默认端口 18790) +ngrok http 18790 +``` + +然后在 LINE Developers Console 中将 Webhook URL 设置为 `https://your-domain/webhook/line` 并启用 **Use webhook**。 + +**4. 运行** + +```bash +picoclaw gateway +``` + +> 在群聊中,Bot 仅在被 @提及时回复。回复会引用原始消息。 + +
+ +
+飞书 (Feishu) + +**1. 创建应用** + +* 前往 [飞书开放平台](https://open.feishu.cn/) +* 创建企业自建应用 +* 获取 **App ID** 和 **App Secret** + +**2. 配置** + +```json +{ + "channels": { + "feishu": { + "enabled": true, + "app_id": "cli_xxx", + "app_secret": "xxx", + "encrypt_key": "", + "verification_token": "", + "allow_from": [] + } + } +} +``` + +**3. 运行** + +```bash +picoclaw gateway +``` + +
+ +
+企业微信 (WeCom) + +PicoClaw 支持三种企业微信集成方式: + +**方式 1: 群机器人 (Bot)** — 设置简单,支持群聊 +**方式 2: 自建应用 (App)** — 功能更多,支持主动推送,仅私聊 +**方式 3: 智能机器人 (AI Bot)** — 官方 AI Bot,流式回复,支持群聊和私聊 + +详细设置请参考 [企业微信 AI Bot 配置指南](../channels/wecom/wecom_aibot/README.zh.md)。 + +**快速设置 — 群机器人:** + +**1. 创建 Bot** + +* 企业微信管理后台 → 群聊 → 添加群机器人 +* 复制 Webhook URL(格式:`https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`) + +**2. 配置** + +```json +{ + "channels": { + "wecom": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY", + "webhook_path": "/webhook/wecom", + "allow_from": [] + } + } +} +``` + +> WeCom Webhook 挂载在共享 Gateway 服务器上(`gateway.host`:`gateway.port`,默认 `127.0.0.1:18790`)。 + +**快速设置 — 自建应用:** + +**1. 创建应用** + +* 企业微信管理后台 → 应用管理 → 创建应用 +* 复制 **AgentId** 和 **Secret** +* 前往"我的企业"页面,复制 **CorpID** + +**2. 配置接收消息** + +* 在应用详情中,点击"接收消息" → "设置 API" +* 设置 URL 为 `http://your-server:18790/webhook/wecom-app` +* 生成 **Token** 和 **EncodingAESKey** + +**3. 配置** + +```json +{ + "channels": { + "wecom_app": { + "enabled": true, + "corp_id": "wwxxxxxxxxxxxxxxxx", + "corp_secret": "YOUR_CORP_SECRET", + "agent_id": 1000002, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-app", + "allow_from": [] + } + } +} +``` + +**4. 运行** + +```bash +picoclaw gateway +``` + +> **注意**: WeCom Webhook 回调挂载在 Gateway 端口(默认 18790)。使用反向代理配置 HTTPS。 + +**快速设置 — 智能机器人 (AI Bot):** + +**1. 创建 AI Bot** + +* 企业微信管理后台 → 应用管理 → AI Bot +* 在 AI Bot 设置中配置回调 URL:`http://your-server:18791/webhook/wecom-aibot` +* 复制 **Token** 并点击"随机生成" **EncodingAESKey** + +**2. 配置** + +```json +{ + "channels": { + "wecom_aibot": { + "enabled": true, + "token": "YOUR_TOKEN", + "encoding_aes_key": "YOUR_43_CHAR_ENCODING_AES_KEY", + "webhook_path": "/webhook/wecom-aibot", + "allow_from": [], + "welcome_message": "你好!有什么可以帮你的?" + } + } +} +``` + +**3. 运行** + +```bash +picoclaw gateway +``` + +> **注意**: 企业微信 AI Bot 使用流式拉取协议,无回复超时问题。长任务(>30 秒)会自动切换到 `response_url` 推送投递。 + +
+ +
+OneBot + +**1. 配置** + +兼容 NapCat / Go-CQHTTP 等 OneBot 实现。 + +```json +{ + "channels": { + "onebot": { + "enabled": true, + "allow_from": [] + } + } +} +``` + +**2. 运行** + +```bash +picoclaw gateway +``` + +
+ +
+MaixCam + +专为 Sipeed AI 摄像头硬件设计的集成通道。 + +```json +{ + "channels": { + "maixcam": { + "enabled": true + } + } +} +``` + +```bash +picoclaw gateway +``` + +
diff --git a/docs/zh/configuration.md b/docs/zh/configuration.md new file mode 100644 index 000000000..d3f810208 --- /dev/null +++ b/docs/zh/configuration.md @@ -0,0 +1,256 @@ +# ⚙️ 配置指南 + +> 返回 [README](../../README.zh.md) + +## ⚙️ 配置详解 + +配置文件路径: `~/.picoclaw/config.json` + +### 环境变量 + +你可以使用环境变量覆盖默认路径。这对于便携安装、容器化部署或将 picoclaw 作为系统服务运行非常有用。这些变量是独立的,控制不同的路径。 + +| 变量 | 描述 | 默认路径 | +|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------| +| `PICOCLAW_CONFIG` | 覆盖配置文件的路径。这直接告诉 picoclaw 加载哪个 `config.json`,忽略所有其他位置。 | `~/.picoclaw/config.json` | +| `PICOCLAW_HOME` | 覆盖 picoclaw 数据根目录。这会更改 `workspace` 和其他数据目录的默认位置。 | `~/.picoclaw` | + +**示例:** + +```bash +# 使用特定的配置文件运行 picoclaw +# 工作区路径将从该配置文件中读取 +PICOCLAW_CONFIG=/etc/picoclaw/production.json picoclaw gateway + +# 在 /opt/picoclaw 中存储所有数据运行 picoclaw +# 配置将从默认的 ~/.picoclaw/config.json 加载 +# 工作区将在 /opt/picoclaw/workspace 创建 +PICOCLAW_HOME=/opt/picoclaw picoclaw agent + +# 同时使用两者进行完全自定义设置 +PICOCLAW_HOME=/srv/picoclaw PICOCLAW_CONFIG=/srv/picoclaw/main.json picoclaw gateway +``` + +### 工作区布局 (Workspace Layout) + +PicoClaw 将数据存储在您配置的工作区中(默认:`~/.picoclaw/workspace`): + +``` +~/.picoclaw/workspace/ +├── sessions/ # 对话会话和历史 +├── memory/ # 长期记忆 (MEMORY.md) +├── state/ # 持久化状态 (最后一次频道等) +├── cron/ # 定时任务数据库 +├── skills/ # 自定义技能 +├── AGENTS.md # Agent 行为指南 +├── HEARTBEAT.md # 周期性任务提示词 (每 30 分钟检查一次) +├── IDENTITY.md # Agent 身份设定 +├── SOUL.md # Agent 灵魂/性格 +└── USER.md # 用户偏好 +``` + +### 技能来源 (Skill Sources) + +默认情况下,技能会按以下顺序加载: + +1. `~/.picoclaw/workspace/skills`(工作区) +2. `~/.picoclaw/skills`(全局) +3. `/skills`(内置) + +在高级/测试场景下,可通过以下环境变量覆盖内置技能目录: + +```bash +export PICOCLAW_BUILTIN_SKILLS=/path/to/skills +``` + +### 统一命令执行策略 + +- 通用斜杠命令通过 `pkg/agent/loop.go` 中的 `commands.Executor` 统一执行。 +- Channel 适配器不再在本地消费通用命令;它们只负责把入站文本转发到 bus/agent 路径。Telegram 仍会在启动时自动注册其支持的命令菜单。 +- 未注册的斜杠命令(例如 `/foo`)会透传给 LLM 按普通输入处理。 +- 已注册但当前 channel 不支持的命令(例如 WhatsApp 上的 `/show`)会返回明确的用户可见错误,并停止后续处理。 + +### 🔒 安全沙箱 (Security Sandbox) + +PicoClaw 默认在沙箱环境中运行。Agent 只能访问配置的工作区内的文件和执行命令。 + +#### 默认配置 + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "restrict_to_workspace": true + } + } +} +``` + +| 选项 | 默认值 | 描述 | +| ----------------------- | ----------------------- | ----------------------------- | +| `workspace` | `~/.picoclaw/workspace` | Agent 的工作目录 | +| `restrict_to_workspace` | `true` | 限制文件/命令访问在工作区内 | + +#### 受保护的工具 + +当 `restrict_to_workspace: true` 时,以下工具会被沙箱化: + +| 工具 | 功能 | 限制 | +| ------------- | ------------ | ------------------------------ | +| `read_file` | 读取文件 | 仅限工作区内的文件 | +| `write_file` | 写入文件 | 仅限工作区内的文件 | +| `list_dir` | 列出目录 | 仅限工作区内的目录 | +| `edit_file` | 编辑文件 | 仅限工作区内的文件 | +| `append_file` | 追加文件 | 仅限工作区内的文件 | +| `exec` | 执行命令 | 命令路径必须在工作区内 | + +#### 额外的 Exec 保护 + +即使 `restrict_to_workspace: false`,`exec` 工具也会阻止以下危险命令: + +* `rm -rf`、`del /f`、`rmdir /s` — 批量删除 +* `format`、`mkfs`、`diskpart` — 磁盘格式化 +* `dd if=` — 磁盘镜像 +* 写入 `/dev/sd[a-z]` — 直接磁盘写入 +* `shutdown`、`reboot`、`poweroff` — 系统关机 +* Fork bomb `:(){ :|:& };:` + +### 文件访问控制 + +| 配置键 | 类型 | 默认值 | 描述 | +|--------|------|--------|------| +| `tools.allow_read_paths` | string[] | `[]` | 允许在工作区外读取的额外路径 | +| `tools.allow_write_paths` | string[] | `[]` | 允许在工作区外写入的额外路径 | + +### Exec 安全配置 + +| 配置键 | 类型 | 默认值 | 描述 | +|--------|------|--------|------| +| `tools.exec.allow_remote` | bool | `false` | 允许从远程渠道(Telegram/Discord 等)执行 exec 工具 | +| `tools.exec.enable_deny_patterns` | bool | `true` | 启用危险命令拦截 | +| `tools.exec.custom_deny_patterns` | string[] | `[]` | 自定义阻止的正则表达式模式 | +| `tools.exec.custom_allow_patterns` | string[] | `[]` | 自定义允许的正则表达式模式 | + +> **安全提示:** Symlink 保护默认启用——所有文件路径在白名单匹配前都会通过 `filepath.EvalSymlinks` 解析,防止符号链接逃逸攻击。 + +#### 已知限制:构建工具的子进程 + +exec 安全守卫仅检查 PicoClaw 直接启动的命令行。它不会递归检查由 `make`、`go run`、`cargo`、`npm run` 或自定义构建脚本等开发工具产生的子进程。 + +这意味着顶层命令通过初始守卫检查后,仍可以编译或启动其他二进制文件。实际上,应将构建脚本、Makefile、包脚本和生成的二进制文件视为与直接 shell 命令同等级别的可执行代码进行审查。 + +对于高风险环境: + +* 执行前审查构建脚本。 +* 对编译并运行的工作流优先使用审批/手动审查。 +* 如果需要比内置守卫更强的隔离,请在容器或虚拟机中运行 PicoClaw。 + +#### 错误示例 + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (path outside working dir)} +``` + +``` +[ERROR] tool: Tool execution failed +{tool=exec, error=Command blocked by safety guard (dangerous pattern detected)} +``` + +#### 禁用限制(安全风险) + +如果需要 Agent 访问工作区外的路径: + +**方法 1: 配置文件** + +```json +{ + "agents": { + "defaults": { + "restrict_to_workspace": false + } + } +} +``` + +**方法 2: 环境变量** + +```bash +export PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false +``` + +> ⚠️ **警告**: 禁用此限制将允许 Agent 访问系统上的任何路径。仅在受控环境中谨慎使用。 + +#### 安全边界一致性 + +`restrict_to_workspace` 设置在所有执行路径中一致应用: + +| 执行路径 | 安全边界 | +| ---------------- | ---------------------------- | +| 主 Agent | `restrict_to_workspace` ✅ | +| 子 Agent / Spawn | 继承相同限制 ✅ | +| 心跳任务 | 继承相同限制 ✅ | + +所有路径共享相同的工作区限制——无法通过子 Agent 或定时任务绕过安全边界。 + +### 心跳 / 周期性任务 (Heartbeat) + +PicoClaw 可以自动执行周期性任务。在工作区创建 `HEARTBEAT.md` 文件: + +```markdown +# Periodic Tasks + +- Check my email for important messages +- Review my calendar for upcoming events +- Check the weather forecast +``` + +Agent 将每隔 30 分钟(可配置)读取此文件,并使用可用工具执行任务。 + +#### 使用 Spawn 的异步任务 + +对于耗时较长的任务(网络搜索、API 调用),使用 `spawn` 工具创建一个 **子 Agent (subagent)**: + +```markdown +# Periodic Tasks + +## Quick Tasks (respond directly) + +- Report current time + +## Long Tasks (use spawn for async) + +- Search the web for AI news and summarize +- Check email and report important messages +``` + +**关键行为:** + +| 特性 | 描述 | +| ---------------- | ---------------------------------------- | +| **spawn** | 创建异步子 Agent,不阻塞主心跳进程 | +| **独立上下文** | 子 Agent 拥有独立上下文,无会话历史 | +| **message tool** | 子 Agent 通过 message 工具直接与用户通信 | +| **非阻塞** | spawn 后,心跳继续处理下一个任务 | + +**配置:** + +```json +{ + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +| 选项 | 默认值 | 描述 | +| ---------- | ------ | ---------------------------- | +| `enabled` | `true` | 启用/禁用心跳 | +| `interval` | `30` | 检查间隔,单位分钟 (最小: 5) | + +**环境变量:** + +- `PICOCLAW_HEARTBEAT_ENABLED=false` 禁用 +- `PICOCLAW_HEARTBEAT_INTERVAL=60` 更改间隔 diff --git a/docs/zh/docker.md b/docs/zh/docker.md new file mode 100644 index 000000000..d2e582d12 --- /dev/null +++ b/docs/zh/docker.md @@ -0,0 +1,168 @@ +# 🐳 Docker 与快速开始 + +> 返回 [README](../../README.zh.md) + +## 🐳 Docker Compose + +您也可以使用 Docker Compose 运行 PicoClaw,无需在本地安装任何环境。 + +```bash +# 1. 克隆仓库 +git clone https://github.com/sipeed/picoclaw.git +cd picoclaw + +# 2. 首次运行 — 自动生成 docker/data/config.json 后退出 +docker compose -f docker/docker-compose.yml --profile gateway up +# 容器打印 "First-run setup complete." 后自动停止 + +# 3. 填写 API Key 等配置 +vim docker/data/config.json # 设置 provider API key、Bot Token 等 + +# 4. 正式启动 +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +> [!TIP] +> **Docker 用户**: 默认情况下, Gateway 监听 `127.0.0.1`,该端口不会暴露到容器外。如果需要通过端口映射访问健康检查接口,请在环境变量中设置 `PICOCLAW_GATEWAY_HOST=0.0.0.0` 或修改 `config.json`。 + +```bash +# 5. 查看日志 +docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway + +# 6. 停止 +docker compose -f docker/docker-compose.yml --profile gateway down +``` + +### Launcher 模式 (Web 控制台) + +`launcher` 镜像包含所有三个二进制文件(`picoclaw`、`picoclaw-launcher`、`picoclaw-launcher-tui`),默认启动 Web 控制台,提供基于浏览器的配置和聊天界面。 + +```bash +docker compose -f docker/docker-compose.yml --profile launcher up -d +``` + +在浏览器中打开 http://localhost:18800。Launcher 会自动管理 Gateway 进程。 + +> [!WARNING] +> Web 控制台尚不支持身份验证。请勿将其暴露到公网。 + +### Agent 模式 (一次性运行) + +```bash +# 提问 +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "2+2 等于几?" + +# 交互模式 +docker compose -f docker/docker-compose.yml run --rm picoclaw-agent +``` + +### 更新镜像 + +```bash +docker compose -f docker/docker-compose.yml pull +docker compose -f docker/docker-compose.yml --profile gateway up -d +``` + +--- + +## 🚀 快速开始 + +> [!TIP] +> 在 `~/.picoclaw/config.json` 中设置您的 API Key。获取 API Key: [火山引擎 (CodingPlan)](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu (智谱)](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM)。网络搜索是 **可选的** — 获取免费的 [Tavily API](https://tavily.com) (每月 1000 次免费查询) 或 [Brave Search API](https://brave.com/search/api) (每月 2000 次免费查询)。 + +**1. 初始化 (Initialize)** + +```bash +picoclaw onboard +``` + +**2. 配置 (Configure)** (`~/.picoclaw/config.json`) + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model_name": "gpt-5.4", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key", + "api_base":"https://ark.cn-beijing.volces.com/api/coding/v3" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "your-api-key", + "request_timeout": 300 + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "your-anthropic-key" + } + ], + "tools": { + "web": { + "enabled": true, + "fetch_limit_bytes": 10485760, + "format": "plaintext", + "brave": { + "enabled": false, + "api_key": "YOUR_BRAVE_API_KEY", + "max_results": 5 + }, + "tavily": { + "enabled": false, + "api_key": "YOUR_TAVILY_API_KEY", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "YOUR_PERPLEXITY_API_KEY", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://your-searxng-instance:8888", + "max_results": 5 + } + } + } +} +``` + +> **新功能**: `model_list` 配置格式支持零代码添加 provider。详见[模型配置](providers.md#模型配置-model_list)章节。 +> `request_timeout` 为可选项,单位为秒。若省略或设置为 `<= 0`,PicoClaw 使用默认超时(120 秒)。 + +**3. 获取 API Key** + +* **LLM 提供商**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys) +* **网络搜索** (可选): + * [Brave Search](https://brave.com/search/api) - 付费 ($5/1000 次查询,约 $5-6/月) + * [Perplexity](https://www.perplexity.ai) - AI 驱动的搜索与聊天界面 + * [SearXNG](https://github.com/searxng/searxng) - 自建元搜索引擎(免费,无需 API Key) + * [Tavily](https://tavily.com) - 专为 AI Agent 优化 (1000 请求/月) + * DuckDuckGo - 内置回退(无需 API Key) + +> **注意**: 完整的配置模板请参考 `config.example.json`。 + +**4. 对话 (Chat)** + +```bash +picoclaw agent -m "2+2 等于几?" +``` + +就是这样!您在 2 分钟内就拥有了一个可工作的 AI 助手。 + +--- diff --git a/docs/zh/providers.md b/docs/zh/providers.md new file mode 100644 index 000000000..5b7a4cc2a --- /dev/null +++ b/docs/zh/providers.md @@ -0,0 +1,428 @@ +# 🔌 提供商与模型配置 + +> 返回 [README](../../README.zh.md) + +### 提供商 (Providers) + +> [!NOTE] +> Groq 通过 Whisper 提供免费的语音转录。如果配置了 Groq,任意渠道的音频消息都将在 Agent 层面自动转录为文字。 + +| 提供商 | 用途 | 获取 API Key | +| -------------------- | ---------------------------- | -------------------------------------------------------------------- | +| `gemini` | LLM (Gemini 直连) | [aistudio.google.com](https://aistudio.google.com) | +| `zhipu` | LLM (智谱直连) | [bigmodel.cn](https://bigmodel.cn) | +| `volcengine` | LLM (火山引擎直连) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| `openrouter` | LLM (推荐,可访问所有模型) | [openrouter.ai](https://openrouter.ai) | +| `anthropic` | LLM (Claude 直连) | [console.anthropic.com](https://console.anthropic.com) | +| `openai` | LLM (GPT 直连) | [platform.openai.com](https://platform.openai.com) | +| `deepseek` | LLM (DeepSeek 直连) | [platform.deepseek.com](https://platform.deepseek.com) | +| `qwen` | LLM (通义千问) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) | +| `groq` | LLM + **语音转录** (Whisper) | [console.groq.com](https://console.groq.com) | +| `cerebras` | LLM (Cerebras 直连) | [cerebras.ai](https://cerebras.ai) | +| `vivgrid` | LLM (Vivgrid 直连) | [vivgrid.com](https://vivgrid.com) | +| `moonshot` | LLM (Kimi/Moonshot 直连) | [platform.moonshot.cn](https://platform.moonshot.cn) | +| `minimax` | LLM (Minimax 直连) | [platform.minimaxi.com](https://platform.minimaxi.com) | +| `avian` | LLM (Avian 直连) | [avian.io](https://avian.io) | +| `mistral` | LLM (Mistral 直连) | [console.mistral.ai](https://console.mistral.ai) | +| `longcat` | LLM (Longcat 直连) | [longcat.ai](https://longcat.ai) | +| `modelscope` | LLM (ModelScope 直连) | [modelscope.cn](https://modelscope.cn) | + +### 模型配置 (model_list) + +> **新功能!** PicoClaw 现在采用**以模型为中心**的配置方式。只需使用 `厂商/模型` 格式(如 `zhipu/glm-4.7`)即可添加新的 provider——**无需修改任何代码!** + +该设计同时支持**多 Agent 场景**,提供灵活的 Provider 选择: + +- **不同 Agent 使用不同 Provider**:每个 Agent 可以使用自己的 LLM provider +- **模型回退(Fallback)**:配置主模型和备用模型,提高可靠性 +- **负载均衡**:在多个 API 端点之间分配请求 +- **集中化配置**:在一个地方管理所有 provider + +#### 📋 所有支持的厂商 + +| 厂商 | `model` 前缀 | 默认 API Base | 协议 | 获取 API Key | +| ------------------- | ----------------- | --------------------------------------------------- | --------- | ----------------------------------------------------------------- | +| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [获取密钥](https://platform.openai.com) | +| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [获取密钥](https://console.anthropic.com) | +| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [获取密钥](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | +| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [获取密钥](https://platform.deepseek.com) | +| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [获取密钥](https://aistudio.google.com/api-keys) | +| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [获取密钥](https://console.groq.com) | +| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [获取密钥](https://platform.moonshot.cn) | +| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [获取密钥](https://dashscope.console.aliyun.com) | +| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [获取密钥](https://build.nvidia.com) | +| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | 本地(无需密钥) | +| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [获取密钥](https://openrouter.ai/keys) | +| **LiteLLM Proxy** | `litellm/` | `http://localhost:4000/v1` | OpenAI | 你的 LiteLLM 代理密钥 | +| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | 本地 | +| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [获取密钥](https://cerebras.ai) | +| **火山引擎(Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [获取密钥](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) | +| **神算云** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | - | +| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [获取密钥](https://www.byteplus.com) | +| **Vivgrid** | `vivgrid/` | `https://api.vivgrid.com/v1` | OpenAI | [获取密钥](https://vivgrid.com) | +| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [获取密钥](https://longcat.chat/platform) | +| **ModelScope (魔搭)**| `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [获取 Token](https://modelscope.cn/my/tokens) | +| **Antigravity** | `antigravity/` | Google Cloud | 自定义 | 仅 OAuth | +| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | - | + +#### 基础配置示例 + +```json +{ + "model_list": [ + { + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-your-api-key" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-your-openai-key" + }, + { + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "api_key": "sk-ant-your-key" + }, + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-zhipu-key" + } + ], + "agents": { + "defaults": { + "model": "gpt-5.4" + } + } +} +``` + +#### 各厂商配置示例 + +**OpenAI** + +```json +{ + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_key": "sk-..." +} +``` + +**火山引擎(Doubao)** + +```json +{ + "model_name": "ark-code-latest", + "model": "volcengine/ark-code-latest", + "api_key": "sk-..." +} +``` + +**智谱 AI (GLM)** + +```json +{ + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" +} +``` + +**DeepSeek** + +```json +{ + "model_name": "deepseek-chat", + "model": "deepseek/deepseek-chat", + "api_key": "sk-..." +} +``` + +**Anthropic (使用 OAuth)** + +```json +{ + "model_name": "claude-sonnet-4.6", + "model": "anthropic/claude-sonnet-4.6", + "auth_method": "oauth" +} +``` + +> 运行 `picoclaw auth login --provider anthropic` 来设置 OAuth 凭证。 + +**Anthropic Messages API(原生格式)** + +用于直接访问 Anthropic API 或仅支持 Anthropic 原生消息格式的自定义端点: + +```json +{ + "model_name": "claude-opus-4-6", + "model": "anthropic-messages/claude-opus-4-6", + "api_key": "sk-ant-your-key", + "api_base": "https://api.anthropic.com" +} +``` + +> 使用 `anthropic-messages` 协议的场景: +> - 使用仅支持 Anthropic 原生 `/v1/messages` 端点的第三方代理(不支持 OpenAI 兼容的 `/v1/chat/completions`) +> - 连接到 MiniMax、Synthetic 等需要 Anthropic 原生消息格式的服务 +> - 现有的 `anthropic` 协议返回 404 错误(说明端点不支持 OpenAI 兼容格式) +> +> **注意:** `anthropic` 协议使用 OpenAI 兼容格式(`/v1/chat/completions`),而 `anthropic-messages` 使用 Anthropic 原生格式(`/v1/messages`)。请根据端点支持的格式选择。 + +**Ollama (本地)** + +```json +{ + "model_name": "llama3", + "model": "ollama/llama3" +} +``` + +**自定义代理/API** + +```json +{ + "model_name": "my-custom-model", + "model": "openai/custom-model", + "api_base": "https://my-proxy.com/v1", + "api_key": "sk-...", + "request_timeout": 300 +} +``` + +**LiteLLM Proxy** + +```json +{ + "model_name": "lite-gpt4", + "model": "litellm/lite-gpt4", + "api_base": "http://localhost:4000/v1", + "api_key": "sk-..." +} +``` + +PicoClaw 在发送请求前仅去除外层 `litellm/` 前缀,因此 `litellm/lite-gpt4` 会发送 `lite-gpt4`,而 `litellm/openai/gpt-4o` 会发送 `openai/gpt-4o`。 + +#### 负载均衡 + +为同一个模型名称配置多个端点——PicoClaw 会自动在它们之间轮询: + +```json +{ + "model_list": [ + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api1.example.com/v1", + "api_key": "sk-key1" + }, + { + "model_name": "gpt-5.4", + "model": "openai/gpt-5.4", + "api_base": "https://api2.example.com/v1", + "api_key": "sk-key2" + } + ] +} +``` + +#### 从旧的 `providers` 配置迁移 + +旧的 `providers` 配置格式**已弃用**,但为向后兼容仍支持。 + +**旧配置(已弃用):** + +```json +{ + "providers": { + "zhipu": { + "api_key": "your-key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + }, + "agents": { + "defaults": { + "provider": "zhipu", + "model": "glm-4.7" + } + } +} +``` + +**新配置(推荐):** + +```json +{ + "model_list": [ + { + "model_name": "glm-4.7", + "model": "zhipu/glm-4.7", + "api_key": "your-key" + } + ], + "agents": { + "defaults": { + "model": "glm-4.7" + } + } +} +``` + +详细的迁移指南请参考 [docs/migration/model-list-migration.md](../migration/model-list-migration.md)。 + +### Provider 架构 + +PicoClaw 按协议族路由 Provider: + +- OpenAI 兼容协议:OpenRouter、OpenAI 兼容网关、Groq、智谱、vLLM 风格端点。 +- Anthropic 协议:Claude 原生 API 行为。 +- Codex/OAuth 路径:OpenAI OAuth/Token 认证路由。 + +这使得运行时保持轻量,同时让新的 OpenAI 兼容后端基本只需配置操作(`api_base` + `api_key`)。 + +
+智谱 (Zhipu) 配置示例 + +**1. 获取 API key 和 base URL** + +- 获取 [API key](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) + +**2. 配置** + +```json +{ + "agents": { + "defaults": { + "workspace": "~/.picoclaw/workspace", + "model": "glm-4.7", + "max_tokens": 8192, + "temperature": 0.7, + "max_tool_iterations": 20 + } + }, + "providers": { + "zhipu": { + "api_key": "Your API Key", + "api_base": "https://open.bigmodel.cn/api/paas/v4" + } + } +} +``` + +**3. 运行** + +```bash +picoclaw agent -m "你好" +``` + +
+ +
+完整配置示例 + +```json +{ + "agents": { + "defaults": { + "model": "anthropic/claude-opus-4-5" + } + }, + "session": { + "dm_scope": "per-channel-peer", + "backlog_limit": 20 + }, + "providers": { + "openrouter": { + "api_key": "sk-or-v1-xxx" + }, + "groq": { + "api_key": "gsk_xxx" + } + }, + "channels": { + "telegram": { + "enabled": true, + "token": "123456:ABC...", + "allow_from": ["123456789"] + }, + "discord": { + "enabled": true, + "token": "", + "allow_from": [""] + }, + "whatsapp": { + "enabled": false, + "bridge_url": "ws://localhost:3001", + "use_native": false, + "session_store_path": "", + "allow_from": [] + }, + "feishu": { + "enabled": false, + "app_id": "cli_xxx", + "app_secret": "xxx", + "encrypt_key": "", + "verification_token": "", + "allow_from": [] + }, + "qq": { + "enabled": false, + "app_id": "", + "app_secret": "", + "allow_from": [] + } + }, + "tools": { + "web": { + "brave": { + "enabled": false, + "api_key": "BSA...", + "max_results": 5 + }, + "duckduckgo": { + "enabled": true, + "max_results": 5 + }, + "perplexity": { + "enabled": false, + "api_key": "", + "max_results": 5 + }, + "searxng": { + "enabled": false, + "base_url": "http://localhost:8888", + "max_results": 5 + } + }, + "cron": { + "exec_timeout_minutes": 5 + } + }, + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +
+ +--- + +## 📝 API Key 对比 + +| 服务 | 价格 | 适用场景 | +| --- | --- | --- | +| **OpenRouter** | 免费: 200K tokens/月 | 多模型聚合 (Claude, GPT-4 等) | +| **火山引擎 CodingPlan** | ¥9.9/首月 | 最适合国内用户,多种 SOTA 模型(豆包、DeepSeek 等) | +| **智谱 (Zhipu)** | 免费: 200K tokens/月 | 适合中国用户 | +| **Brave Search** | $5/1000 次查询 | 网络搜索功能 | +| **SearXNG** | 免费(自建) | 隐私优先的元搜索引擎(70+ 搜索引擎) | +| **Groq** | 免费额度可用 | 极速推理 (Llama, Mixtral) | +| **Cerebras** | 免费额度可用 | 极速推理 (Llama, Qwen 等) | +| **LongCat** | 免费: 最多 5M tokens/天 | 极速推理 | +| **ModelScope (魔搭)** | 免费: 2000 次请求/天 | 推理 (Qwen, GLM, DeepSeek 等) | diff --git a/docs/zh/spawn-tasks.md b/docs/zh/spawn-tasks.md new file mode 100644 index 000000000..c6721fceb --- /dev/null +++ b/docs/zh/spawn-tasks.md @@ -0,0 +1,68 @@ +# 🔄 异步任务与 Spawn + +> 返回 [README](../../README.zh.md) + +### 使用 Spawn 的异步任务 + +对于耗时较长的任务(网络搜索、API 调用),使用 `spawn` 工具创建一个 **子 Agent (subagent)**: + +```markdown +# Periodic Tasks + +## Quick Tasks (respond directly) + +- Report current time + +## Long Tasks (use spawn for async) + +- Search the web for AI news and summarize +- Check email and report important messages +``` + +**关键行为:** + +| 特性 | 描述 | +| ---------------- | ---------------------------------------- | +| **spawn** | 创建异步子 Agent,不阻塞主心跳进程 | +| **独立上下文** | 子 Agent 拥有独立上下文,无会话历史 | +| **message tool** | 子 Agent 通过 message 工具直接与用户通信 | +| **非阻塞** | spawn 后,心跳继续处理下一个任务 | + +#### 子 Agent 通信原理 + +``` +心跳触发 (Heartbeat triggers) + ↓ +Agent 读取 HEARTBEAT.md + ↓ +对于长任务: spawn 子 Agent + ↓ ↓ +继续下一个任务 子 Agent 独立工作 + ↓ ↓ +所有任务完成 子 Agent 使用 "message" 工具 + ↓ ↓ +响应 HEARTBEAT_OK 用户直接收到结果 +``` + +子 Agent 可以访问工具(message, web_search 等),并且无需通过主 Agent 即可独立与用户通信。 + +**配置:** + +```json +{ + "heartbeat": { + "enabled": true, + "interval": 30 + } +} +``` + +| 选项 | 默认值 | 描述 | +| ---------- | ------ | ---------------------------- | +| `enabled` | `true` | 启用/禁用心跳 | +| `interval` | `30` | 检查间隔,单位分钟 (最小: 5) | + +**环境变量:** + +- `PICOCLAW_HEARTBEAT_ENABLED=false` 禁用 +- `PICOCLAW_HEARTBEAT_INTERVAL=60` 更改间隔 diff --git a/docs/zh/tools_configuration.md b/docs/zh/tools_configuration.md new file mode 100644 index 000000000..ff88b6707 --- /dev/null +++ b/docs/zh/tools_configuration.md @@ -0,0 +1,336 @@ +# 🔧 工具配置 + +> 返回 [README](../../README.zh.md) + +PicoClaw 的工具配置位于 `config.json` 的 `tools` 字段中。 + +## 目录结构 + +```json +{ + "tools": { + "web": { + ... + }, + "mcp": { + ... + }, + "exec": { + ... + }, + "cron": { + ... + }, + "skills": { + ... + } + } +} +``` + +## Web 工具 + +Web 工具用于网页搜索和抓取。 + +### Web Fetcher +用于抓取和处理网页内容的通用设置。 + +| 配置项 | 类型 | 默认值 | 描述 | +|---------------------|--------|---------------|----------------------------------------------------------------------------------------| +| `enabled` | bool | true | 启用网页抓取功能。 | +| `fetch_limit_bytes` | int | 10485760 | 抓取网页负载的最大大小,单位为字节(默认 10MB)。 | +| `format` | string | "plaintext" | 抓取内容的输出格式。选项:`plaintext` 或 `markdown`(推荐)。 | + +### Brave + +| 配置项 | 类型 | 默认值 | 描述 | +|---------------|--------|--------|--------------------| +| `enabled` | bool | false | 启用 Brave 搜索 | +| `api_key` | string | - | Brave Search API 密钥 | +| `max_results` | int | 5 | 最大结果数 | + +### DuckDuckGo + +| 配置项 | 类型 | 默认值 | 描述 | +|---------------|------|--------|-----------------------| +| `enabled` | bool | true | 启用 DuckDuckGo 搜索 | +| `max_results` | int | 5 | 最大结果数 | + +### Perplexity + +| 配置项 | 类型 | 默认值 | 描述 | +|---------------|--------|--------|-----------------------| +| `enabled` | bool | false | 启用 Perplexity 搜索 | +| `api_key` | string | - | Perplexity API 密钥 | +| `max_results` | int | 5 | 最大结果数 | + +## Exec 工具 + +Exec 工具用于执行 shell 命令。 + +| 配置项 | 类型 | 默认值 | 描述 | +|------------------------|-------|--------|--------------------------------| +| `enable_deny_patterns` | bool | true | 启用默认的危险命令拦截 | +| `custom_deny_patterns` | array | [] | 自定义拒绝模式(正则表达式) | + +### 功能说明 + +- **`enable_deny_patterns`**:设为 `false` 可完全禁用默认的危险命令拦截模式 +- **`custom_deny_patterns`**:添加自定义拒绝正则模式;匹配的命令将被拦截 + +### 默认拦截的命令模式 + +默认情况下,PicoClaw 会拦截以下危险命令: + +- 删除命令:`rm -rf`、`del /f/q`、`rmdir /s` +- 磁盘操作:`format`、`mkfs`、`diskpart`、`dd if=`、写入 `/dev/sd*` +- 系统操作:`shutdown`、`reboot`、`poweroff` +- 命令替换:`$()`、`${}`、反引号 +- 管道到 shell:`| sh`、`| bash` +- 权限提升:`sudo`、`chmod`、`chown` +- 进程控制:`pkill`、`killall`、`kill -9` +- 远程操作:`curl | sh`、`wget | sh`、`ssh` +- 包管理:`apt`、`yum`、`dnf`、`npm install -g`、`pip install --user` +- 容器:`docker run`、`docker exec` +- Git:`git push`、`git force` +- 其他:`eval`、`source *.sh` + +### 已知架构限制 + +exec 守卫仅验证发送给 PicoClaw 的顶层命令。它**不会**递归检查该命令启动后由构建工具或脚本生成的子进程。 + +以下工作流在初始命令被允许后可以绕过直接命令守卫: + +- `make run` +- `go run ./cmd/...` +- `cargo run` +- `npm run build` + +这意味着守卫对于拦截明显危险的直接命令很有用,但它**不是**未审查构建管道的完整沙箱。如果你的威胁模型包括工作区中的不受信任代码,请使用更强的隔离措施,如容器、虚拟机或围绕构建和运行命令的审批流程。 + +### 配置示例 + +```json +{ + "tools": { + "exec": { + "enable_deny_patterns": true, + "custom_deny_patterns": [ + "\\brm\\s+-r\\b", + "\\bkillall\\s+python" + ] + } + } +} +``` + +## Cron 工具 + +Cron 工具用于调度周期性任务。 + +| 配置项 | 类型 | 默认值 | 描述 | +|------------------------|------|--------|-------------------------------------| +| `exec_timeout_minutes` | int | 5 | 执行超时时间(分钟),0 表示无限制 | + +## MCP 工具 + +MCP 工具支持与外部 Model Context Protocol 服务器集成。 + +### 工具发现(延迟加载) + +当连接多个 MCP 服务器时,同时暴露数百个工具可能会耗尽 LLM 的上下文窗口并增加 API 成本。**Discovery** 功能通过默认*隐藏* MCP 工具来解决此问题。 + +LLM 不会加载所有工具,而是获得一个轻量级搜索工具(使用 BM25 关键词匹配或正则表达式)。当 LLM 需要特定功能时,它会搜索隐藏的工具库。匹配的工具随后被临时"解锁"并注入上下文中,持续配置的轮数(`ttl`)。 + +### 全局配置 + +| 配置项 | 类型 | 默认值 | 描述 | +|-------------|--------|--------|--------------------------------------| +| `enabled` | bool | false | 全局启用 MCP 集成 | +| `discovery` | object | `{}` | 工具发现配置(见下文) | +| `servers` | object | `{}` | 服务器名称到服务器配置的映射 | + +### Discovery 配置(`discovery`) + +| 配置项 | 类型 | 默认值 | 描述 | +|----------------------|------|--------|---------------------------------------------------------------------------------------------------------------| +| `enabled` | bool | false | 如果为 true,MCP 工具将被隐藏并按需通过搜索加载。如果为 false,所有工具都会被加载 | +| `ttl` | int | 5 | 已发现工具保持解锁状态的对话轮数 | +| `max_search_results` | int | 5 | 每次搜索查询返回的最大工具数 | +| `use_bm25` | bool | true | 启用自然语言/关键词搜索工具(`tool_search_tool_bm25`)。**警告**:比正则搜索消耗更多资源 | +| `use_regex` | bool | false | 启用正则模式搜索工具(`tool_search_tool_regex`) | + +> **注意:** 如果 `discovery.enabled` 为 `true`,你**必须**启用至少一个搜索引擎(`use_bm25` 或 `use_regex`), +> 否则应用程序将无法启动。 + +### 单服务器配置 + +| 配置项 | 类型 | 必需 | 描述 | +|------------|--------|----------|------------------------------------| +| `enabled` | bool | 是 | 启用此 MCP 服务器 | +| `type` | string | 否 | 传输类型:`stdio`、`sse`、`http` | +| `command` | string | stdio | stdio 传输的可执行命令 | +| `args` | array | 否 | stdio 传输的命令参数 | +| `env` | object | 否 | stdio 进程的环境变量 | +| `env_file` | string | 否 | stdio 进程的环境文件路径 | +| `url` | string | sse/http | `sse`/`http` 传输的端点 URL | +| `headers` | object | 否 | `sse`/`http` 传输的 HTTP 头 | + +### 传输行为 + +- 如果省略 `type`,传输方式将自动检测: + - 设置了 `url` → `sse` + - 设置了 `command` → `stdio` +- `http` 和 `sse` 都使用 `url` + 可选的 `headers`。 +- `env` 和 `env_file` 仅应用于 `stdio` 服务器。 + +### 配置示例 + +#### 1) Stdio MCP 服务器 + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "servers": { + "filesystem": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-filesystem", + "/tmp" + ] + } + } + } + } +} +``` + +#### 2) 远程 SSE/HTTP MCP 服务器 + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "servers": { + "remote-mcp": { + "enabled": true, + "type": "sse", + "url": "https://example.com/mcp", + "headers": { + "Authorization": "Bearer YOUR_TOKEN" + } + } + } + } + } +} +``` + +#### 3) 启用工具发现的大规模 MCP 设置 + +*在此示例中,LLM 只会看到 `tool_search_tool_bm25`。它将仅在用户请求时动态搜索并解锁 Github 或 Postgres 工具。* + +```json +{ + "tools": { + "mcp": { + "enabled": true, + "discovery": { + "enabled": true, + "ttl": 5, + "max_search_results": 5, + "use_bm25": true, + "use_regex": false + }, + "servers": { + "github": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-github" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "YOUR_GITHUB_TOKEN" + } + }, + "postgres": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-postgres", + "postgresql://user:password@localhost/dbname" + ] + }, + "slack": { + "enabled": true, + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-slack" + ], + "env": { + "SLACK_BOT_TOKEN": "YOUR_SLACK_BOT_TOKEN", + "SLACK_TEAM_ID": "YOUR_SLACK_TEAM_ID" + } + } + } + } + } +} +``` + +## Skills 工具 + +Skills 工具配置通过 ClawHub 等注册表进行技能发现和安装。 + +### 注册表 + +| 配置项 | 类型 | 默认值 | 描述 | +|------------------------------------|--------|----------------------|--------------------------------------| +| `registries.clawhub.enabled` | bool | true | 启用 ClawHub 注册表 | +| `registries.clawhub.base_url` | string | `https://clawhub.ai` | ClawHub 基础 URL | +| `registries.clawhub.auth_token` | string | `""` | 可选的 Bearer 令牌,用于更高速率限制 | +| `registries.clawhub.search_path` | string | `/api/v1/search` | 搜索 API 路径 | +| `registries.clawhub.skills_path` | string | `/api/v1/skills` | Skills API 路径 | +| `registries.clawhub.download_path` | string | `/api/v1/download` | 下载 API 路径 | + +### 配置示例 + +```json +{ + "tools": { + "skills": { + "registries": { + "clawhub": { + "enabled": true, + "base_url": "https://clawhub.ai", + "auth_token": "", + "search_path": "/api/v1/search", + "skills_path": "/api/v1/skills", + "download_path": "/api/v1/download" + } + } + } + } +} +``` + +## 环境变量 + +所有配置选项都可以通过格式为 `PICOCLAW_TOOLS_
_` 的环境变量覆盖: + +例如: + +- `PICOCLAW_TOOLS_WEB_BRAVE_ENABLED=true` +- `PICOCLAW_TOOLS_EXEC_ENABLE_DENY_PATTERNS=false` +- `PICOCLAW_TOOLS_CRON_EXEC_TIMEOUT_MINUTES=10` +- `PICOCLAW_TOOLS_MCP_ENABLED=true` + +注意:嵌套的映射式配置(例如 `tools.mcp.servers..*`)在 `config.json` 中配置,而非通过环境变量。 diff --git a/docs/zh/troubleshooting.md b/docs/zh/troubleshooting.md new file mode 100644 index 000000000..a3329ee35 --- /dev/null +++ b/docs/zh/troubleshooting.md @@ -0,0 +1,45 @@ +# 🐛 疑难解答 + +> 返回 [README](../../README.zh.md) + +## "model ... not found in model_list" 或 OpenRouter "free is not a valid model ID" + +**症状:** 你看到以下任一错误: + +- `Error creating provider: model "openrouter/free" not found in model_list` +- OpenRouter 返回 400:`"free is not a valid model ID"` + +**原因:** `model_list` 条目中的 `model` 字段是发送给 API 的内容。对于 OpenRouter,你必须使用**完整的**模型 ID,而不是简写。 + +- **错误:** `"model": "free"` → OpenRouter 收到 `free` 并拒绝。 +- **正确:** `"model": "openrouter/free"` → OpenRouter 收到 `openrouter/free`(自动免费层路由)。 + +**修复方法:** 在 `~/.picoclaw/config.json`(或你的配置路径)中: + +1. **agents.defaults.model** 必须匹配 `model_list` 中的某个 `model_name`(例如 `"openrouter-free"`)。 +2. 该条目的 **model** 必须是有效的 OpenRouter 模型 ID,例如: + - `"openrouter/free"` – 自动免费层 + - `"google/gemini-2.0-flash-exp:free"` + - `"meta-llama/llama-3.1-8b-instruct:free"` + +示例片段: + +```json +{ + "agents": { + "defaults": { + "model": "openrouter-free" + } + }, + "model_list": [ + { + "model_name": "openrouter-free", + "model": "openrouter/free", + "api_key": "sk-or-v1-YOUR_OPENROUTER_KEY", + "api_base": "https://openrouter.ai/api/v1" + } + ] +} +``` + +在 [OpenRouter Keys](https://openrouter.ai/keys) 获取你的密钥。 From a1e8ee56f0f199c786a2873408df4fde8c106e1f Mon Sep 17 00:00:00 2001 From: badgerbees <93577481+badgerbees@users.noreply.github.com> Date: Wed, 18 Mar 2026 15:44:30 +0700 Subject: [PATCH 17/24] fix(telegram): improve HTML chunking and preserve word boundaries (#1651) * fix(telegram): improve HTML chunking and preserve word boundaries * fix(telegram): address copilot feedback, filter empty chunks and add word-boundary regression test * style(telegram): fix gofmt and gci lint errors in tests * fix to feedback --- pkg/channels/telegram/telegram.go | 41 +++++++++++++++--- pkg/channels/telegram/telegram_test.go | 58 +++++++++++++++++++++++++- 2 files changed, 92 insertions(+), 7 deletions(-) diff --git a/pkg/channels/telegram/telegram.go b/pkg/channels/telegram/telegram.go index ca746240f..e33f46042 100644 --- a/pkg/channels/telegram/telegram.go +++ b/pkg/channels/telegram/telegram.go @@ -191,15 +191,44 @@ func (c *TelegramChannel) Send(ctx context.Context, msg bus.OutboundMessage) err htmlContent := markdownToTelegramHTML(chunk) if len([]rune(htmlContent)) > 4096 { - ratio := float64(len([]rune(chunk))) / float64(len([]rune(htmlContent))) + runeChunk := []rune(chunk) + ratio := float64(len(runeChunk)) / float64(len([]rune(htmlContent))) smallerLen := int(float64(4096) * ratio * 0.95) // 5% safety margin - if smallerLen < 100 { - smallerLen = 100 + + // Guarantee progress: if estimated length is >= chunk length, force it smaller + if smallerLen >= len(runeChunk) { + smallerLen = len(runeChunk) - 1 } - // Push sub-chunks back to the front of the queue for - // re-validation instead of sending them blindly. + + if smallerLen <= 0 { + if err := c.sendHTMLChunk(ctx, chatID, threadID, htmlContent, chunk, replyToID); err != nil { + return err + } + replyToID = "" + continue + } + + // Use the estimated smaller length as a guide for SplitMessage. + // SplitMessage will find natural break points (newlines/spaces) and respect code blocks. subChunks := channels.SplitMessage(chunk, smallerLen) - queue = append(subChunks, queue...) + + // Safety fallback: If SplitMessage failed to shorten the chunk, force a manual hard split. + if len(subChunks) == 1 && subChunks[0] == chunk { + part1 := string(runeChunk[:smallerLen]) + part2 := string(runeChunk[smallerLen:]) + subChunks = []string{part1, part2} + } + + // Filter out empty chunks to avoid sending empty messages to Telegram. + nonEmpty := make([]string, 0, len(subChunks)) + for _, s := range subChunks { + if s != "" { + nonEmpty = append(nonEmpty, s) + } + } + + // Push sub-chunks back to the front of the queue + queue = append(nonEmpty, queue...) continue } diff --git a/pkg/channels/telegram/telegram_test.go b/pkg/channels/telegram/telegram_test.go index 09ae1b2a7..7ca6b18ff 100644 --- a/pkg/channels/telegram/telegram_test.go +++ b/pkg/channels/telegram/telegram_test.go @@ -47,7 +47,14 @@ type multipartCall struct { } func (s *stubConstructor) JSONRequest(parameters any) (*ta.RequestData, error) { - return &ta.RequestData{}, nil + b, err := json.Marshal(parameters) + if err != nil { + return nil, err + } + return &ta.RequestData{ + ContentType: "application/json", + BodyRaw: b, + }, nil } func (s *stubConstructor) MultipartRequest( @@ -367,6 +374,55 @@ func TestSend_MarkdownShortButHTMLLong_MultipleCalls(t *testing.T) { ) } +func TestSend_HTMLOverflow_WordBoundary(t *testing.T) { + caller := &stubCaller{ + callFn: func(ctx context.Context, url string, data *ta.RequestData) (*ta.Response, error) { + return successResponse(t), nil + }, + } + ch := newTestChannel(t, caller) + + // We want to force a split near index ~2600 while keeping markdown length <= 4000. + // Prefix of 430 bold units (6 chars each) = 2580 chars. + // Expansion per unit is +3 chars when converted to HTML, so 2580 + 430*3 = 3870. + prefix := strings.Repeat("**a** ", 430) + targetWord := "TARGETWORDTHATSTAYSTOGETHER" + // Suffix of 230 bold units (6 chars each) = 1380 chars. + // Total markdown length: 2580 (prefix) + 27 (target word) + 1380 (suffix) = 3987 <= 4000. + // HTML expansion adds ~3 chars per bold unit: (430 + 230)*3 = 1980 extra chars, + // so total HTML length comfortably exceeds 4096. + suffix := strings.Repeat(" **b**", 230) + content := prefix + targetWord + suffix + + // Ensure the test content matches the intended boundary conditions. + assert.LessOrEqual(t, len([]rune(content)), 4000, "markdown content must not exceed chunk size for this test") + + err := ch.Send(context.Background(), bus.OutboundMessage{ + ChatID: "123456", + Content: content, + }) + + assert.NoError(t, err) + + foundFullWord := false + for i, call := range caller.calls { + var params map[string]any + err := json.Unmarshal(call.Data.BodyRaw, ¶ms) + require.NoError(t, err) + text, _ := params["text"].(string) + + hasWord := strings.Contains(text, targetWord) + t.Logf("Chunk %d length: %d, contains target word: %v", i, len(text), hasWord) + + if hasWord { + foundFullWord = true + break + } + } + + assert.True(t, foundFullWord, "The target word should not be split between chunks") +} + func TestSend_NotRunning(t *testing.T) { caller := &stubCaller{ callFn: func(ctx context.Context, url string, data *ta.RequestData) (*ta.Response, error) { From b6c5f587c93c3d3507c8ca9b328c8b8ab0725a0e Mon Sep 17 00:00:00 2001 From: lxowalle <83055338+lxowalle@users.noreply.github.com> Date: Wed, 18 Mar 2026 17:58:55 +0800 Subject: [PATCH 18/24] Update qrcode of wechat group (#1744) --- assets/wechat.png | Bin 94960 -> 162306 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/assets/wechat.png b/assets/wechat.png index d7881fa4f0c702681c3baf7462d1a5f2ba162aa3..6512421edec830f5d3b1ced07b923656b499a599 100644 GIT binary patch literal 162306 zcmeEtRaYEcv@MVjf(Lg9!QI^g1PJc#!QCAig1fs0cL=VHySp^*+PFi*CEq>gC)~ID zwD+hQWos;%YtB_+3UU(22>1w4P*BK{KYu7eLBaSzL464L4D)^@Uxv!|eSx?Csp$lT zLY@SLLg@#E$Ka(31@#3=@`tdBd*Zb8}8eA^v$ zS)DhBQ!>!ffe&DVN$~!VDZ_aO0O5Qa@r8xjychO^eh}ycrCuV%0AARi?q9t~9%oZB z4xixaFQs!RtFo!LifgL5p7sDOxRrmI4`CMJ=3DaQbe8#JvwZ6r0AO<3yR-`=A=*f_)$erq zMIw|N6%7=ACfvN-x$NT*+PLa0gq--i%5Bc7Kfe$SlwSfLJ?ww@dBz|*dKk~yx_Jw8zASC)fhP!x4Ti%=d+VJkE4()j6Hc0XM)My1Iw7s zd$_goYK3{1=ct=k!VT0ngM_-5rnkTtePpPMnD>Z%5b(WUnXPd%%F&AgxL;nbT{l(d zbO0V>fKMUo?cTw6SM!MMH@Q>UKtROZ4ad_^HQa`fD1k@u%1#s0`_ac0$|{eS{o4n< zW6n!KJBcYh;QK`n^SGd)l_vAab$;QD=GXa%MRO+ohc1FBS_XJt5Hy z_qP-#L7$ez>Vb72(euMr3e)`abZ6G=7CTax5DfIE&HER^P1GF0=ypIZKCuGQ-7vdU zn*Wy_)>4)59d1rJ%2{CePjd82ZfC<8j&E`1+nzTQ%_@PE{e`R|l$6ZuXuMar!OlJ>I8HXT-fV8ILEJ|@W5W(z>Xl(vVB$BeXpjGn8Il*$OfOV~JsZZrwn$kDb zKawU=>`3Yuj+I($bBk~8hey{3cI!U4oozT}=TvLD-GTrQ&?hLF|Gq48y9)ZzDV(|<4~&@zkU{^(6?mBd0|5&pclqdYX#hw%Fc z4JJ+hucVK%C12o^U^+4fd&v(Y@`(U1+iM{)MkE_CB>sxQZyRfT$bN4G|9Ml6_(r?u z8W(>k&E8>im{dSag0yjGT%JhUMnqYyLSw|rZ2-kYTr&GNUx zxWtYHCFO1ztassO*+1y{@bmHdjG-#DzeT!}O0Xc4IY5tFz5C}aw^pc_H$9J2j2Cu% zzu~W4P%qJLcI$Um&*X>hWnZVJU}Yjv3LK+wl_Q*~Kw-r4nSRrwVd!)Nxri8p+hMbR z&ju%i2+r9(F&IfdA3e0?`tpfTKT|CEDXcPm$-N3=&j}bj?`_7ni21ZATPePS#^lnw zk?U}|2wb9LWbq$Rv*e~_sMaULJyoWCNR4FkOL(f0YlvKy_&fh2hmfc=Ngg)-JqsYq zUp7i`j3@%OhlTROb|(jl#WARzcW7KP9wK%2pz!5iUs4>x%wYDUbC0p~FGa|GqbOsM zBf_XsrLM0agE6fb7jW;ns}mLmsp}jUA2)I5BX7Y~UymMXPVWJNS2IvXP3F6~mFDei zv3!nz*WK=Lg4s@XbVl>b%j30rwO($@VP(uGY&*;H-Z-(=>;*q;Hm6QvRo;LRP6n2C}yBP0B33%|_?Sq$2xR?Y1?i^)aFvx2H zejC2Ho%h(5lY?#~8@WF2_m|`4O@}rC>4Suf69!?WYu4<%Z4!ZK?|!p5_tfYG9RovF zmE*+zd8A3&(#3np{#CC~Q|7TWR3u^O*G`)l=P-F2X1Hi(pP-sIX&g5Jlatg5Fcsv) z(lS6=Gs4VmAJ=kJmN3edUd`wIYl5b((4w2K0K5)ksnf}=UeHBB>jAd|5&qCwm|@2V zviG@@&%SQd&uF<_h-3hGuGo#O?6o=OoX2Oam%Dk{@j6>Y0X~9gd(GG6#2NSiX49_< z^(Jj+^sD&o=1!YMy$;V~%4(-5dhI))7lv%UTd);Pph#sbTJ3Kt(Q{|2&C3u=AHWzo z)TZ6P7~)mgxF=b^MZL*=J%*uIoAxRI%TPuQT8&By`kIG4U+tL#sN_b%rSzyVjV5zC zUmsq;t!C8q;@G^tdPSi0GYWc|9bLAKqUbaF|&%CDD`Ot}Q7>gtK<2E4WKHTaPajNlo)q%c8}#;Wn5-t-MLAn#V-&Ep@9Ra#Qw4 zadD`#okk*q3fi}Z_5cpoC2s5fM!wO;!10YOpmWYfxG0*{tx;pTgbg1N(7Cvm1e@?} zk_YZ~A^n`6z^#wQCdG>sTygHT^Ujvye(zH7`Haso~RIZIxhn<-hiN z?fL}fa2AGED}k3`q?j8yu+xi*_N4&;Mo^%-HvSbWm)0C1A+J0oI+H-81S6mlN2U76 zk*N|d-&M7~lryigjZLDRJGJvVqvxyw>iw*ONif^Fcu%0p!8fS>?VxwsmKt zxaOWoA_v)GMSCym_W15@VRyH$q@?!rlv4{Qsn^urGl-RtY`0nGGE7MhQY-5lG9Kuq#&r#(*L4tQJUm`#pZLLCPo0oM1Vy@ehW)JR&Et=gqEIVe(KLcX>czG}$!?qQ z-47m>zSr5XXSXiCgaj;X4cg?p;p)8t`hN>etk=5llP0x|$SN21KVRU5GWL`dN(WVFiE@9qlhTU(d56sJb`D)Xn zTXCc<{$DVZ($LTQRdjV~V&~V?w6D9i-IMcS=Z~E88vxmlHP#8eZsYQEuzK>JuaXqB zTu8QOpD#aLEETJh;dW+drYk>g+L~z?gcVEsH@HNmEho(uHGysLC9`w|2q{CD5=ROh z3uSVjzE^$|+ZaP_$1pJQBK_0HSu)o3Jl+4?fX6PWf;``Uo*Q+bOP5oTz<7z`aC=so zRV9hFLiEB(Knyah@_o3Gha2a#5dvC<^vA4BGK$V}Wke;Pc4mLo#d71vMZ*kD)T-Y< ztML&xjA#mGe4%k42#%=Z(${n9vP*H;y>t?$#37Tep2!SUpFf1li7gU@aM-yFuUcj_EU;SamF~8{<>8#cXE*e_O-e3W##?TGr0@Bg zTP#odo*1$J)ffwVbEquoLIfn(X1K+8FN$xx0n0O5Zv9m~d-S8rksiYZ%hS!X{on4l zkFb54Cg!*+I-F1Urj|~;@vPeamkWrKpZxS>(tcK}Bd_f9w&R6i%@9r>RTp(jLMY(< zHU+)d3rBc=T47^reCgTN>IJLR5~v`(mmY>;e+Fju9Yq`vo==HSGb2`t%u8qZrX(wZ zE+D!CIWuz?$8jG_(uIC^rUYb8{S}75pGy48;O{8d%cHzbND*QwO(oo?hHOdhy?I^5j(t8rO{vxtus8 zkR(?=1MX_0R!~XYkZNyzjqzsf?}Q^PevJ+<@dm(gxQfX<(@zk0_7GJ)o`9!FxqXrh zXKDl74!}qtvqMeUnITn28b+)g_qU;;r5}D<%el}G2=6&lpT*%bG2vkfM$U(^`1>ZO z!aPP(JGdaM?KMyEx3zK1D34pD(UtVwlcg=A4aWmdiA1}iYH4kyAM%=>^`pxQ0T2f> zxg_rN6dujFOdd@ei&(1yePdhq!5)~(+K%LbGt;}zUO~7Be`RvTpo_$xu|Ix-)5_vN zWO9)#<~F`xDsXG#mtpH9I&+yn3XVBR$~c?QlRL{k@V3)M`CQww>;2-t%%70I;n`LZ z(`IBpU;z={S>~H$keKC4^B6PtyqPcD=5+H=ze2Pq#g#}~gmv$f?AsQ&S0e&6FYsHB zws;Z9!0ewpJ)4eq`)byMGlE8^O%E9|dCaCGIYJr<^y*vH_v1tbb5<;pmMs%!%;VM! z<7Qff>fK}1p?Tr#+G3l!S$)7^&Hc|k_t~vVvd79LiMY95-fZv2^M!g3^XdoIE?nLT z8eUy)jyFj1|D5Lwz1~5FQdNv zbmO;TN;}BnQF41!0oIYO&8BZ#D*9ep?-X7iF;+oS$tS6)E4ATKck#23cBvj(KmAq` zjcU;)B>dtzacun~+e@l<&l)@3>Ze~}i1ZrS{S#(Pt?}Tovzb&WV*W^iCb+Mp^(P&> zt(?HBCLmhJqkGzCO)=lDNxO2@2QV%f(IOFL7T7j^z{RsO7cyBWhH-FObXFs}uQ(dr zS1pj#`uYO#IZON0!6Q*sXybH|U2F$gEG&Oz_8mUuxh|fZd)`^)U{eQkdkXBEq8&Nn z&FB8zaV8#S1};ocg^R{L%juS%5h_^B1&S~xjsA=7 z5C5ov{uJl|cpB1_=_JUwcd6e*E@xxYqnG0uY;7-L4%WINl|IG~J@PaCY09TaeuO!} z=F+In=%VmTe3|!M>x>8d{5|tdvRFzrNADZ|?Ol?be$$NKcanevRb-AaJ#2WaRE3CL z{Q8(VEzHfCzkc=vbSFcEDT(P3M>+@Axoy=k2MqdoBhtFQAIh6>)b*$4wC?7$Z@Dy3 zIJ8mO)9yJ^rL-6w$|k&YH%fhvpR>%=z&vgHiF@s2;#YBVLdvV(wO{xd~I4=C?P6C)jwI zZql@ORy$s5vo>W**g=>Pk(~JjPs&^KPu+Wi0<`yhSZ6gOTID2OL%XKP7C$S&WSCOi z&>t>h{y`oreYn)3Q#*WA=KLfbx7jEUrck`Cxf~pSs&|yLs@U1Sv$BS_U{P`j zoY=^#q7;Jwh0*+?J>_DDC4bpze`7xbbkG^YK? zMAwwnij6LV{?v4*XN$e8=43s3nA`$ZLj@t9&*6H+oICb&?(`WIL#&2-sk>M+zZl~F zZ|E)^ZV){4bU{A&u*!sE{1Rc@+Ln?+%~@NMrkIVeZRV7Ch!ADka$CFLX6hHUqaV;F zKFANdR}iva?9*52=P5bY$9F$00-h|B?9JnxRCXN9-*18_Fr;6b%=IKuPVtf6SqDoTGY4QXyA-{IJs7?w!T-t!1>O%WnD$!9LeHDl5EcSP?; zs}TK263r8NV38KHXP2NQO0}Uz2m(H~^_#joqiS=v$wqB5?ajB$2or6I_oWvSuM7{C> z%t=W=vlQuo2`fAc`^CexzG5)dHq<8Fzc}XWfs4@M=HdbVXEh|Ef zHKl@H-wEC0La%$yyzVI0MU)3x|CACh{ju0#ycK9(#W`4h+Z-`?iRxIg(gm1c1E-ReM;N+($kU%rCUOlK08ztckwl!QY`XSS-hx`0Com34 z0e;@T3KfWdRjMj?J2&h|YPwkg#kx;neo7G~1G-_d!Tr`5;nC8_H$$zA5Ubo#?5ddz zLEni?k2Y6u4btbgqY6k(XyVUg{`j(sO7ODB^qUapQFV*`C^z{ibIDe!-5%N?I;KHB zVs}F#bea-lk4d14pg#=%t26n#(KTt){tOqjP{IE8(RP>x)z3$XEsW4t96k8-nZ6n~s0(6U!! zN@EZ)`s)D$FFXV{MJd-s-DN0uXZB5Mb(U|k_~MkUf6>2+N5^6FfB?CXyQ4%1QZ{|1 z8U+hV(3&%-3xh)C$|k628sK|5q>$rOzXx-q`F2?oYsD|JT8#IHVf;;;8rlWbuDihz zOY5S)j5J!HLp!4GFx0u)H-iYt-@$B zRw3S&lBjK1h73TsEXbS3W3-q!qZ!$Cln8$GDm~w}M*S@9+7ji*EI&m*3P-|(5uqGE zMQ^HC%J)7Q@!edn5zuN%UJpp7Oc`W{KObg`kQA)xMo5iqFKTt@_L@`{Y7ntbwkfcQ>&!Hw(`cfyeC{Ts$Cfl@pwQmf9H~*^ ztK#;+}hDN&|}gfDsfV+o*H^OBB9 zOF3jNtz5&(bzN9a9RB-Lj`Wb|PU@~O^_1abrm*1}vTc5rq8>~itaj88#`P7;1ji-d z;c0;DpvqH?Ot=T$Vqvyp)*Qx$2uC~dU(4l@N6%~1@$44Eou`bL8QK<@lV=N@?Yix@ zW_ah0YhVE^oIE3&!(U*E1-7DFU(@DL;Wm-ktSq>P5{6#&%g10Cex!GQYWmm10ikwU zJLg9G=M#xZD>J0cF5UO~4P6gbUUULc{afHkvkcWUyah%C2x)c3Gwhaze(|$Q3XU{q z(EARePhP`TskJb2zPBbf&CDafKTz6M7EU&(5`CudC4~Mx3lL56j-Np=k$3mdjCVs{ z^?&Yx3NACNTJ(@_ra5(0xVYP`IlUGPUh)R;!IDuFpa@>Fxy{^9b%W#BKgy|ip6gp6 z1CZcrl+5hT4R5{ngJ12_nj+yo^dku)D%`o1=-#}in00H6;1aXp;n?um>8QckpUH)* zbh6HGjNJjIGm38KElvj~N8|Gu#Z8`TmXoPVYLTHw#-P5!zmls>eey1&u z`_SV++7Pc#=Zldo1)t4~?5U__+Y^N)3^J_yU*FIF)2m(ZK@WW9!AD?jP!EI|+x?ta zfFdV`M@Ct|&_{KY#~?(Pl#zyKVgr23c(VYCFddD>`AhE?${kc!Xx2XFyg8kd_+G5~ zkaurEXUl46?xPTUBQSC~IxW$3vxoILMmUW^KC zX|~Q%&d-rz!fI6XOfyH~5)u->{mQ!o;0AdKf4I2+M_jGLYgB!QK1;GF5kRL+kT8N@ z|0Bwh=Do6c7{oyrnNoep?Y$j5jaM$)w(#=YS@GKR=HgkZw~N>7K3ex_Lyj%A6WlX^ zAs*qD3x=qjA6E1WqTtLCic>{N9sC`lhYwW}LGF0h=9Yzt8B6SCZqzlVl(FP9x5Z4!ZWDedrae6rYO>j&z&=yup-{@HF#8Zhh3s53um z%`v6dXL0J6%HW$$LjR^O_+{?L`niJ(STiF>F7v^*Km1Ln#&CbZM`(G2qczKI73lu_ zC?SqQI$sZ{3I0;XY;13D{}K@<*G2MfbP+~m8Y>cgOvTZ7C$cq>{NhIME1c)eYv z2+U#=X9BHpM&>$YweJt?Tqn}Ayn3Zo5~Vxtr_3jQ)y+$+#w=OC^u`Bx3K6B&m=6m< z%9qcG@UipDGlYxW;#y%b*RuXTz=RP}J-xY7Ra{*Bjlf|Ll~(kdEc$E1=8@}Qfue3( zsJqfl=jgj&d)eH7stM!)ZNM$PSR}ymo)$g5xQ`hREAI4TP#Mha=)=&blqID$qQfrH z>{De(JnLMcJmX{`mGfSfTssqw)`f2`f}8}}wx0#4URw_(=+w`niX-3ZwbpXE+k-Z$)?4>ekMfk)2Z6KEEm*lw1R%JDsb_L6or2_laCY#Y zPwDwNaDbSg&kC;V`Oz9$U$-c57Jc9*tCnpVZ;F*i-Okc3cYec0$iFrxXQW6q7Atz2tzY!a4{Ye@1P%2|NapQ}yza5AMAx2}-I%4P|Iimzmy$>nCz=7P zw9MX5&GD=T9`&_(tNU=qy)|&x~<@V?w#wqo!84^p&!JE-l3FzNk>5RadaV zFbeW2ni6xoVzWVPVkW^bQjEFJ!NIQd)0j0x^ytXYo*QP(r;;O3=Q&JCE~-Nj7n|5& z8XopR$`c2HS?dBwxJWRqxfpZ1>lwqIgJ)UqzF-h~SKo~eHpzOdvrHI7#x@@@=g0?UjiZ;}AA#Jak#XBQP)EJ5|E5)f>n9ye8b%H7kf;~h2o0A{>a@WQCaE9N;Kb=us=A*lT!T0+N8JNMnkIJRi zd)FDBUNo$lP8P$e5^#Ck)s$0Ai)&Sko0hF7dvJ{hvvzC7*!u!|PAa-tM$Ps}7)Y)Q z>;u8O9!s1-?oDeQAOeDcYHFGoBzZZHK4TX*2Y2&1VnDS_)z`$2l)lsR>yAQstlZQS z-Rr#V0}!-v#)MxvVz($)PHi4ZNp70!n~RI)0e8*a*50j$f~9o;9jn{seL|2z<(hq# zKq+YSdHae?eB&fzJhYP&)y_qwVbx=DGWDUn7r7m0@YH`n+ZbF=w|1Q5#F{ruS$8Sp znB=5YXC;2($#!qCA`2EFE^LJ7XB#OdVqf-No9wJR5tpwfXc+A*JyEjV8z2&|!?Ag` z9nZBXnh54{it#8UYLwrwM)!GH1zUo?7R`rZI^t0h;hvHZ_!6VIf0OzTyc*Q%Pjm-B zJ~SgK8#JR+X&{*J#cYi2xrLGwVPTP~SEHzP()cfwQU>79FutNLVN2%{Ijs-8$WDR;<7M;jgOo|?VDu&K}UG zaeW;ZN0GpL=Qr4*SR20MK4O(*mq)DdS*J!$9_h5&MVP>nTVTeRXQ?2DbIx6<>63E( zpo^(FnTuM?Nu`&zZ9yOjJ9C=H#e+V&ZB=|j3k@hw?~*krP%3YZ(_w?K7DdB_)v8?e zaeve!#OGxEJPA(>lULCCZ>#px0eGKoj33CRy`xoV%Y*C`NyPQ^N#BC9Z7Q{~l4#L# zs5npgpn7)0`QqgT!g(TFb*Rt8znR@~Z+*oZ5NeeC%8^K#CQg?~XPoM8pul(c=+@N= z4b|~JGGtII3B3S;7E1fI?a&1#BvtiuX>#5d^e!l)Juor*seJYsL)4Q*3|Z}7P7(gKY%-#c7cqPX1Ur<6j@$;|~Yu;8Eo;p1ab6)}mAYK8U3R z8_X$UR}z6}`Po&z)0+5n2L}wb;o?JG5Cl$~nZ(eA}Tvg~rlbB79<(nnTe`V)Rk zzO1o(LAOHFWt*t<3NV9>!P;7FWw}zeqeXP#RN9$b@BrsJ(dQdj!DzA=xGyY?A_Owm zY98kFN^u&7&skLlz%IDa-8Tz9EUsaPyd+d%xvZ6KFBL8_@O!z8-^NBH+29=WPR`fs zGn#Af5OVt#_tP9)Pz0-|Waw-hD7KH&cx7nL#7K~#rfrlI-N+;SJ!9#D@~eKwwyD-i zejG}LYDL?l^}5y$aN4W=RDtvWO zb+pc06_qw05`o2oGT@>MjCMFtdirJ^ycYW`UE`sr?ocy_Ard3)igxJn3OzVdjQ zpF)DCKhDvS1{~>gYitQwhWr|oXvp>;LMd&~UhQdIZ}zJBGu&8!H+~FwRic{&AJ}TG zOX(SIwe{URp@d{2FT`->L~6TSOaL&drQ)@U6eBPlWhjXWaZ&%CY5v(lLh3SpFA|g) zmEprp-YhDVkYbAT7B~yUMn0sm||+>FjA*{9m^G z>>F2I&Q9SGE;AIPd@1x~j5(6_f=Q>QFH?Z|eCd;=<=}MjK{Moq9k<_t5qA}5r?Xlo z2MuP^dUNSQ)hx4|I$b03Av)_vc5lkHC&HHTd^AkPv8wcH5g0h_ifx)O~FMgp9by)Y$fqaWQs!jF;N1+D8Yk*P5tSs!S&4PRy$3+v5lp%->syVOn!EUvFJAkKiKFs0Cky>ki`B z^3|I^Z$&*NXCPOo5!Gn=jM-irp38<**?@d(Zn2v_6f@4d{tE99{4FECxwQHH?IDMZ zFbL|y1;@LLlOT)m_eT{b1_DaeHz%=5U_574eHNYg$?@K7GmI7vRwX6XL2|j3^;Big z?nC-&q*XL$LC*^`inQpt^{`A;R9HoHwEbGgr0MuRo%q4wBZoCFNoB@_m=SY}2wEnHHzyv8DY}WCdo&?7QD02r`r|vR`W7cn-56cpDP&UyMH_+;3a0UmYLZ9+YBTWj98u>-<)b~ zfzjQiz{k5w7q*N7N~1cPer&n;fIJ-t2<9jGaEI(vwSi|E>ri>Z=s9+_RfY%|HybqL z5OlK1xA0A1(b5mF@Xb$aT#!}WBRsFC>W47%jMP!wILbzz+p8yOQ7#z7SJ}QMXTcpX zuJK!KJsn+h<;iArK0LP|7Eh+}7@bvkI30{-<#V~+RXjS~V4sYq2^sD8Skz%pPHD3% z+igWIAIc)`PtML}@L46VSENNunabz~arz9%*O}UBH*I}aMkG)+TzXJe%wzgJZESC}cfby&3oXqOTu^L%d1kvG}$V zLd6s^?}%1ROO>Rgp6$a$zi#)QsQ z!1|Si=ld@85kC|_4e}vxo1E(>c;q+Ehte~nneoO@}x2$}YBaTXr+Z<%g zm?z-9X$02z79`gE+}4_}ZPcu+RP5|Rq+8Q#ZA9#>`jp3LmrMTZjK4#xXNEX@MDPT= zOfIzvj8!RSMz+_}VdPY^E66dJMw63NrKCo9l3;JP={-G=goo#6qz2R@7bHf{i*asd zom`9xP+iT+Qt^JMOKF=@=kInD&?>9Mtt;ybER8DtRH021r;HyE-#|q`KtyaK_~On* z%}q?o$w1jIxaCLCjOT%*tntC=(u0- zG2OYo;xbS(zXSGT*QpQn52@tD+JRf&GQW)4|N7RIBR(j;^?=x={@$?4a6Zauuo4dL zaZ~mhE8UdoM9Y=ov(rpdbvJxGPSc>Fs{dFeJRC=-+N{M$S%BUmQ`W_f(4ZqeL{7cs z2urF?lZa4Ah)iZ5Bvl%Fzm=**xwt(7D73_dm5wf-nj*y_QVlWQHk9#Kiq=Ds68nHo z+WN^xffhIR;+aBVXXlu5AK566wAA@KJ#m+b4{Mkdc74A#`#Q+MaA$3y{AkKbybUfvMj zd#hmpM^{Pm$LQ8Dy_D@{bXm%I1J+8NvIXQ>19S@El3hm*@gWN81@7Qcc$r8#=0bFJ zG^Lg^cm{abOSUx$Y`V{B_`MuTX;S{>g(WA4y(7DhNMZzg8TZ-=qs<8IX5Kn$%+UCx z)5s~|Du)ZyEIgDVvSN5=DRk_(Rb36uDnWu|RnG}shsovS;e)>(LzSw8L%ghCI%WST z{DF6f3;hx?Z9}Dk^W6HsTmUm#G)i5wMyZG>7phOS- z(41bm(r1FDUUb-v=`BK$xCvD9FIPaA!>>{5mdI#6V0+4jB9c@*GD%I3iTP6lCpa^2 zw^UYa&OiSdU;SExtFlo&f9vknX%0VGsaMUSEy+hFD7o_Vd>-kx+JTEvpIC-jjD@Hx_wJM!Pw^~7`yNdZ1t3|uN+ybnyzrRi5*pG}L zB8JcYocomiC#c7U{GL<6L-vprztykmXq#*1qb$2&fbF6GpVEj8ku#fun?}VJFgm9F%Mh{3oo_@z24QJwS_dsMLnl9=>K-(>Q`rG~a?KPe8X zvEP*77ydx3vhGP@aC8YV4Q0J3P-R=Kz_(UJWiNlq=<`S5tZOKTtIQSCQXQNuJrNnT zCO6|!E(dY1Z9_-Kj!uVZ=1xV!J&sZG9O zN;|C4;ZeLki@^14z20kY221GW_SxlxGj>=-hhb3Vqx#U#QBT|)%$X&vr2%T&Tr5sE ztcIy@?IQ}CNG0c%Fs;z4A9j{Tm{F*@4=)R#JOB9B8%`}TK45J_d3}JQqD}(-Gj(%o zVRM*Hl3J|XmI8}Oj!bT$(Im-klMdZiU8cMT>?SxB1>!`v!a1ia5Cw&b2b#Pl<;*@p zs7P2@I3cqSZ$VGVN1>Nm;ST_2yT+bpcOdtWO?eAqWbu9zfjx^cK-6EbcAycWquG+OI5 zx{SZvN*6KZyn*xfoRX{cnmupBNe;#r1pYMEB~+ZMOJONRhvMhpr==0d9@Czm(!Q7w z&B4?&F}XSKDW-~%YoWCU_fXp$jWN(l{~V7TVv3?-qg9NFuuSM7S+~EdVYHdBGF%WG zkuO9{WsOqHQ<^0wyYz@!jF9A#8hSOs%;~vn<6)p_IQ2(q|C=zhYhLU1%=+W_*L=bN zSN{Cux|$F~HSCrjEv^>P<~5qX zd7FA3?erD`3z>meY9?$isuR)!s(w_*w}lg=vyISVI3b=Dng%r~htsAj=cD@&?*~Z~KH+ff zEhy5V*Cv$c;1?+kCrY(iGnY0`R|h)Qh3;l->}Sp6rmf&>%XB1ZoI5lPk>zjMVlagj z)022>-`(2G+V zrvo9)QWQxi*+|j?OG0JOL>Grk#W5H5?@i!;z-X7xaLZDp%H+m=hoq1d_jF)jp?+w$ zHZf1zteTIg0q8il<{7ZJ*DD9W<`Re$Kw;pkcN(7Xp}PlbwYXjPRF<3By;@wJMIpNW zK^!%$SZj74T$hzlo6vn*>zsVq5;Dyo=88fHcXYZeP)sZ7DCu5%iT2}LRC4N(DkE`q z-gBODl)T};sm)4{(xYIzq8Wp69`7sPSv*+~W~i|JSz0DvY5Q|@EaH3dR%`Uw%g9n~ zWBn@V;ggoCs@ZUFg|QTqZdsdEa(Fl@Wil6B6004Sg55zpP&vJ7b=(bQ;_s#OEW@`q zSLj=4Wzdax#nGBZZ$?e9x>0F-$B=7_FV?-Ol;cl5ISVIaHL>qM0j*Xt50Y=*ZEy@| z6#iaGGZnR*`1+#M@b436+vv9nB>zLV{zq~N%mq)y;;p5u3Y-vVYY;L5)23BGW3)$7 z7ahL$I;ktKqqc*qzjS}ut*mlFhMmu^Ae4M#NN(x5b?37EmYeed zh)f)AGL?j{(`gMF*hvqn0W`(5>Cg1C1F8e3sQUsFhpl`QiIg>n^ylLjrn5FC#-2@V zB3GFfr6w)TMl8=pED8@AW)LE*FlaMoGfIPaOlpGW;bpUyZRTEDtNhzr`*eOraJJ4>#BhT*aO9L^=tH2lO&(&6Fq=A zfNSB=ls=6N)h1!1WOse26p7x3wnTokOa^J3p^XsD3`fnKE+KR6E4_8^RXHD?NR(7* z8(Gt59E)J~_p$)^4@ptNYE;dYG<*Q7fR5@85{L`2k`mcKno@E5g%6tY$aK@Uxr;3F z#lYyMF>jv=Z>G~Gp#2=@63^UY{b0v@2p8kJlfi5$nYL`SEgJ`)C$!CdaDFh{Waj&9 zam`uRzN$8ZoL2w3^zQ9Xg}p+ANV>u%g))MlJT^CZoUVFoY;9q2vol$X6ExOFIDZhw z$5z$U1Y2XZotRpfn@cVY>B|46DJE(XD}yo@#;7IfBEw~xHD@!$O_EX?jf;{7IA^Rf z(r%AD@MNkOyF`Lolia zbB$5T?PJloGVzlT0?Y`IV*lTH0m=+Q1D)Rk#;iU*KIh`%m{>S!NvaW#@x{j}Oi$~v zjv5_iqToAjZld;6BUeb#Bl3ZA%6Y5UgKn$O-9r!&9m=5{TMehZGoNqoBFDv87-HK3 z2{XU>nXTLS%w~H_M@t*5+nz*L42VUF%@+Mq*k-KNyroI1B1zhHru`mUEd zZ}gWB3fSU3Kcqjc^BxfZ#`q35lb%D`f7uyN6E|96So~lWjT25VVS~r_h+XEGNtjnA z(#k@QrMAKeV=ly1AO10u+abJ$bF)L`{skRMKj7aK^KJ;Kp(Cb2sfyIMxZ{(PWouW| ze2Jja^*f+fr3abSv|xMomcw@Vd~)4__T&<{rbfu}z;=88WcS?TtgL?vabXZ_gPgTm zQN4~B+Uaziy>=u`b%(F-&~9jTX6!gePRo3(C{mlsBw~@cg#bT6HmmiX-dM?U`i4$% ztL@;(>Js8a&t6{w%x`Lgl64h)n3}$^vTj*=4^)O1CHj}a;RUgTrETE_)%0_eHrTYl zCWX;>Y|U35smR$-)z$tX&wr=D9STKqE&78oENK)gh1su8jF!dw;EW z(z!GreVZVstH4j5ZMW*#+zl6-aj=6jDYzQmoo}mB5#@r9FUFwqkNZDAy}5icEBStt zr_K)Q_teCi|KiQqvv`JI9Y&#A(iaGm@)NGXr^{SW`yY8J|t<;>(Q1edq~G zw|b8Nla5opJv@-uWAHqCG>A?;%a%9ieidjDGmW-W5NJ%QPu>g9PSagDrA-MVV`v;_ zjz?4rASp5WU3@b zGCOjQOrXo?d~s7iP`S!4!j#d!VNmbCo4&xoLqqBN|MR&;A^&7aXJ3rckn!BOHhe3B zA4sGFaa$@ftE73RHROvk429ep`yKr`+?5Bm7rJ7}CIyz*b1;`XZN9XgTc67-v5a z-4(#srhP5K%s)ngZ@G(LwY;j6e5FUk_D2nEVHHQA7&v>!t;~r%>4Bv_*pjv8{RR-X zwl=l(tnwp^rTL6T*>61aDhU2J&bR^fpO?K6<`NRgQz&8AwKcZ4vUh5TF0FB(3UaU(XuG%X$W=!W!%o^pL`%FTNPopy?8`Z1r_I2H^9}*z@gN@l599GC6 z5G;Wlm<^>BAK#l{YyvdA8`wXLQQS(+zUIW0Cogv6%A)1mUuZU+x~$@SM}*3p6ep4E z3;2mX!mK4gLsm!rt&_DXEPnClM76bC^~uoDDI-;l)XHIyZf4KGMB+&B^C6V1QIaw) z#p51zmr9rpqcSaliTp2G8fcUHE=NxTylYzlA(02h$a_$^!l`=Um^EhdEIYeJ&hh+G zR~u^W)}RW@w5+*jc2vV=?|V#Zn?#<7t!5PZ$Eq!ZKWza`mCRLl^0(tN(?R zrnPCutlQ<=WK+7x$mASuR=2n0v#l))6@e#yu;`D7U z^g3n-z z{P73{%e9qu0!G~jB}5TL=XXrft*DoKUxl?u*)T1A_#(wx95}80b7xn5v44(ZAg(Pu z^>hTZfSw&m8e9HDN|xc3ytR?;Ph_NPTLIWpE=w7C1*o~H+6B~PwAi}IcX2EL;pBsg ztJ7dKKSW7yVK|Q~PfVRSPJjO-8^0v1BWr_DVYX^<0^C^sB4ImH%!xC-lAc;&iv$T7 zno=alI(UY27V>{(fBj7UuLt{&^C;hd-Z4i&I&knT5cn4K#cs4z`l^$}7U$G?>h&fj znF>3TUDtEOyCv=jA;4$0(Jrmg;rjjr2jVfE`6eK7?kk^hACl(u#%;CmmVF0)dpXg6 z9pv(b9CXUO-CJzDTsPIda+}S9z?=&>ke3%lKP*}bUJfZ{Q=EKgBJXMQ9D>ZK1+hu7 zd{%@Z_OhrO)!-?X%WQA6z)+G<3-MOo> zAvq<%2wl|;z3v1TL`=(ECFM$QLPdF$GIRJ+OGLV|mgGd6BsE9D@}8#9?B(k~Tw=0& z%afH<>)-MH>an;zrs;`fUNXs1?APo(#&R^$t3^)=eP>>C0fTHmN_DidE1F~$X8$BL zem2&1WQe9?ks(bOetLc$q$CbzM}WW@u>Lcm&n=&U2yOD84_QCH62@C3>S$`4`gm9i zgXYN>1LRCc$M3w`%g z*{{_bKG*WT5BqPA*Qjq#kes(c{Z2>G6jv8$&EKuk$wAgeumsWqA&ov$+?=v$Vw z5l)`3k~YDjLe7NgJiDvPbpd_H{~_xg!z=58ZQ)Kjwr!(hTOHf!*d5z;I(E{rZQHhO z+xEB9?>YD0=lOo`xz?_!nxjUInoELO?r|PDDz`)&F~5E~Ap)|Wl!2q!SK0AnfBx8# z`=yI~eAiijA0m#}^4w6Fjj;slh{nN^+`Xs?S+ernRcUd(3%?A#bApUIcev+g1JN&v z3HhQDF!0gWmysnu6-{E*yVH*$hM-4Sn4H?nuiD(t;P%^Z);kjD4h3C=G%L_3`gop(QVR>e^>mdH>nvM( z*{(awdc97M!SiK&JfPR|fxLP(Z{ZBsJr+Yef<+{g@m z%5c-21f@B7jXhvn4Yr>w3<&CK=n^9l6VwybBtA-Q+?eH5l!b;o8g_Z}#}2hIg+)q0xgeB@gorWXToHnG%zA-IQ6p!?aCr*ny z-zNg@z_^+tuLVp&+*L~6Q8S$&xSNi)SRzak-e-skj=Egj_=*uLrFNMciM=T%wO>Ck zUSa3CZASvETzQ&g-dRWqxt$PnemlAO`WeMcUfYtiJU}s1QA51g+G6_tq!lbL0I%ho zM@Yfwcdb}&lID+cc@2(y?}q!H<-aN6FB{N#2eqbeQ;7_8PLBc-qt{ponN3`B3rWfm?dUfY|LSe0gXL~ z!Ny`*euK&I>9Y_kE|MuXh%HTKW&i?SpyuS1m{-5-+38A~`Lk2fH|O^^;7nItS=UsU zN=Qi@=8v*}{=77#@N)4Sa8Q=m^6-3PBcz6gow>Tc-Epy$Ex*9{hRI2Y=7wqFTt(XN zNi&``0^VU&7mAj+_>vr7LZEC!vpWgF>FH%FkMF_P!4TH^KnC=2UBCmnWcI6*h$Z3h z5W{<@M*G>?yqSP)X&yyatJNBZ_EUx%vF$ydMrY#lY*&=;$>CxUf8rSdc8(PQHcCB?MqxXK;t!i0XqsQ@BVaC(puI^@k6!-Pmu4Lkv&dWXd z=1sC6Yq>}%QM8YI>LHj6RV!hjX=qCj3NDlDTFr{;=WiD|rOX-I+uVYG$k zzL+StfM(;QAeAb?uxC8XyDWWeUBpGU`e-F$lhb*49ZakahkSQkF)n?%yLF1+4sb#y0~O;1WnN=?Z^$bFKwKmFa@DG2|Xr+s<*wXoCeGKOt4DB|;D_7kzO&jLSiJ%ea3a+&SPv@yI5=Mrm|`0q^7_bBNcrB;oCQ)}pW9J`F!Q+K zItm3_jASJFZn5IS-?iAa0yEJ-x2dcL#%svtyV9^k*5%8p-}QdW#dn$%#)N%Ia1ZT1&S0#OLB7E zu|=q6TI;^+(>MD6+tjf>ELgY#Mg95=al`SAp^g#>1@iI<(zyeuoEBBCzYj|3-glc- zKiubAnKs>iPjFd}dF;*)YP%YIoKhc@sj+y^huN!CcsPLm#n^dnp6u<)uT7#$yYj4iG7iEx}rfV9r~0gDYYS?3OM+%%8ul)fF?f)YmhD ziHH$7G+tyyorAccR!ioXD;jId5>$r?%k14Uw8gUT>W=8)_OiD!P=sS|@>P}VCD@P8 zV-t_)1phH@a@x;R&A~E_LYSN%g@kZj-tu+;XU)hnM7jBHk`idm(8t>un`?XTTIN)- zAyEdyLtBoObW06s>a1GsLg~Ev z?yLqBCB#$8_JQ&bT^Qs4&R;1nMDT3oVh6kCw(4s6A1IDTE3mmir{5P(YR#QII`;d) zllVTP@+Uucmy-(HuU5uXbv*YH4u6-cG2AvAF(vVH-(Jm5PHF>fcv?N!Q{!nopPd~h zj(J{$V9L?~^wZa8q|k@l&rfBbvSS*W!ll!v-5O>wq2nl17=CH$yv=YR7E0D+wJ}PI ze}xZ?_f&uWR_v8L5?6-(bvM9`V54P#H}qE_IXVMbP8|~*?tuBA+Lc37fE7YbH*~-l zDm67zH3bqlvEjInQ<`QPRbCBKn@r4HE|6I=H~)mOf{Hmpq9z;?Q03=i=~JkaVPtc` zHt4t5LZ;R)XE8hSBj*;*rO$%n*xBt=uhH{2W9PbZUH5?ZWRN|dr|rU_nuLG_SS@er zX!cE@hgRXh-BO(r*~yt%t1-PMOGh};C&qU$Cd{wFWQ^14%bqEocdJ%gnd-8%L^@V_ z*=|6DuokU+Olp6;8AGMU*KXOtmsI6x+u0Y@b}=0o*=GW*v+A>Bz(BdVOwZ0{Xuk~2 zkTNCmPtGzW(YoF(_tz%!eoVzh@wC}2@ZqI$omLlSxVY`xS1KjWAFtd|MW`3)E?)C@ zJ+ri>y%bm&+rzcyfAi2BA1*U2jH5)nCb5pv9gJV|VPp*%7%4Lc0Y6-lxRGl#hEJjG5+!^G8yT?=C}F_?{+6vF67A_ZM# zjZ>-fTxly?`}2LXrIRQ!(&G!b2R2eGEvu!aalVnTy-oI(nv49C)94@ESL{ZsLXVf{ z=E}y_ij7^IXe8N+hw&l!5!&G&l?EeqoCzwG3&W_fkup30XJ}9UzgQ3=MyyAlh1u>2 zD#Rnt^RL!K&6C?=1)Z};{f$oLgx2#+?qp?3{f=<-b@+bP>hA)+T9bh|St*UDx!$mF zhIh)VYh)%gy0i|H3;)~S+*e0q-eVc>TLzguTIv-c>FD>ek1?}lm$0S$+9Jv%6 z0DQ-tI3Pw>I+-<>XPEHQ5G~LsNrcqsRkYAG&7nSA%660@Bz*ivaumM6-u}e3dB47x zBT#Q{0-`n=D~GvATJ=r4@{}pc_?yUyhtq+`+BkOiv?|Dgkm9n(vx8`HX%;XOg zG4!+6t?cKpLcZra;;^J~tro)vrrUyX@4L>!v8UA^RhPT986L*lH!ajkg*G|=%LSZBDV31tlSOD^B#MSm{fGbq&t>Dw<;DP6Bl%%s1_Y#N#=(qGrIzbM zp?cyUHX=BJwR>vx%mNGry$~^)tpWpJn=N@dPU9YBEmx!E_DMTOikfnUr|g{@%pRy) zcZ`Cn3b6BL5mhcN0d-@+G5FS;=Q7gcvtXkzK>GgZ_0yDVmJ z4r|OEp-9*m{>i}qZEKJ+r6c|>M$GPA7M5x(Wg^njtc9J{^Gup|-B)nzH292KfIft4Fr`tZ)BQl$EYo+T<$*J`v)N+6%@hQ<3-O6s*+q8yV{<3S2Godf- zDD2?ZtkNi1CSK&YqC3xb=5j@|SUWy`i!-0uM%lcX*h=wAN;J<<5aMp-$y3Pqwb~;G zI}$<*ku12pv24T-HUNN#R^Ook!#HLLM6C>xO=dWP<|{X59>XTCuSv}3^04k$`HA4j z7?7xNHGZ1e_V#p3H?C3bF;MfnkPZ}x&g*EH98djQwF#C(gzWpooA>PRcguq{?+Mql z?ZJb|zkILV98uD#k8?Ssw}(8{4};Pkf6LWrR44-Mc*_geGjOmH@S^48qlF|ThXI8_ z@R8E+V^opksAMRr#`{V6hG+xv^M#97c4ke>$`(io8FJc5nxhkjH#Hm)t}v`2{o@(Y zK#HI}3Sd!Wv#dyFs34-e(JC|1@k z8{RD<3eyo7nYW#N_)gdN*+umBrn8vB#7Vb<tmSfK=}xP}Ry^ z#OjS~c|5$1LR~SrCUcWIdqS3&`M(o;g$&Qf2f8fARiFcp*7VJ$INETP3{jhEBqmgd z%t^PP%&dh<6&47ms6^>$gy-Som9&!OB!PyaOKyf4VSDJRFn|8kn29Lka`{h4Pc`!tT52?S85F#+zp8sET8p)l z)t5A@FD#avSP*i0q0zsvkeunj9I*b67X&X`C}LI@%-*wiRq&-}B3yPF^xCYwSetQ^ zkJ!qq-z}(IY{BLFoc+Do`7&05dYi<yZ3`oT#jzFf_fTYbPM(=Hz17 zMh=i?@6_DnGT9RYid2bq*G=a!2a>d}YY6rOiwutDPoL`oPy=HCWN zz+?h7yOT^36mYxa9{OTNYK3m!Bf-*jtVKET`$zJJj?Pw6f<~Z34Do1u1!c30L1KxR zIPSW7q@WenecOVp?F{+k9YjkY*t+>!_RQEz-GA3u7&zP(fOKcaI?;u8wbq5K6djxn z{xoY>n+^JkMsWXgbejSBQ&jPs`3my@{9?K@OCen6Cupizo6}sM-Li1}#DV|2vh6NS zE^}+#oVCKm?72tua6FUa@mdtm-Qp!pw2+6>{pGAVYAl`29Ir18(|&96_>f+%X8;T%3hj3AFKaH^+G=Undu!Rgml<4m5sLPri1Z^Xj-*|D%P)Z(Ef@ZF% zm8I->7FqLP=BoXQ>#3fb5-$x0H5-xduSx5@FuRfzV#ZPb;XGskAacRnH2t`VeaJNm z{Zym`;f5p4YWlqFxW3cToky-DCu``ERUCz8@<>P8KrH3?9)$)-E^s4DONDmrl4z%g zudV3}^3S`G07;@?VP?ls#!L60#WW?zQ7Q*0loO#KH5WD4`>Bi?vH1&_m;UMx%-17~ z@#6jH*znTE+t|q9#k=s*&H&=w5ZKW6&A|JZ3iNVj({XmTwzl@>`;?O~CC$yCMxs{6 z;>lhRH_8zKQe9dhFfnFrTo8Z=V2K#NL$hs{8crC(p6XJ8tX1wo6UXjjgmcL56dn^4 z`l;_!`iB(JJ`btlXJ1k%Ht7ypwHSqkDOi80L%M`?tJKVN7ZO|I6@_hoy?B4g2$`#Y zRx#Ecb?k6Gx2v^Rf{#*f&`{ad!93(`Q#$HQwZ(G%6qXjSmgd|_Z!~Om2t()^g4R5m zN;yoq!k!)J{0J@YQhT{{#iCd}RkFg&^ty4EWflEjuK!4vSRW%Q)a+SbN7R5=IqdsV zd1nNPc8Te16{nNB_JA6p+>3Z|7W%f@+|JtC*49?l%?+^Wjp@bdW%z9C(`gf~?7~{} zZ!h=fT3S5sFBNc<*>a7J2raD53b1-F)8NJG#Htki0TLw&qYhg}5jbvHr6eTuQ)}P9 z6J~*bFh|K!kV*uqmB*Vv6bH$fDTBQ57!)hXAec3mzzXJ{AcoYn*IeM4E=ISN%B~fV zGIJ)N-K|lP287BKH+1HEVhHBoCp1Kevn2iOGs$(TYd(*yGf_<{ z6%iP)bx14b%bn~&l`AbTP|Y8asF$ndCYi46sZ#hIFK@=m2OhL`3)1=Vmw}1pLqX56DsqgRm`0*o6+-2|mX-HP?D8!FnUbEFT{e5gjp33uxXDksWh6K}<>} z|8Rsq#dugDsz?H=aIVjXxO_Z%Mk;E2QaXXD(eYfgnq*hJ7Vf&|dha_AaU3w%2M&)v z!u$KXr{eVHD%;c|-_jy9!`vqLdPl~_hSk$zX<(nSfmBvLP3TF@O3F-4(207E@ERF8 ze_3>UX#dTEO0g7)3f4H(FOF<$#fT91j@R!z3QX{^m04)KcZk1}Q z%G~_uKD?!(;Q#(mkqGAcnZ1d>YdJ>*eNK18&WnRDsL(8bT+ZLOQ96GK*}{}41~Np&Yvdy zLyay^@m|&-IazR z4P%0sxQ}Nukx@JUm|47SiV+P`efX5b${#do^SFi(QD&x867K4N&A#l#1k|LM*`bJg zoZRdLb(-wBVU+XpbX8b3{;oyqjeqo}?-#Yy-Q?pQKQQPY{wUWkjmn^hPUJzO4@@J_ zjsTf`8r#Fx2a50W2bTLUfR!{m}=52&bNU4gAe;N$Q~lvjf@^m4rQ%d2s@gl|6JAojH;(yQ?FPnT5dH$ABJJ<;3f+HLGFcE%D-2al42YN8zF6^dG2C@{JgFD-EuFz8^4crj?^s6f- z7^w$75?W1^La8&yXHW#Z0EIq4B&RG}MFmxXLm9?Px!q?1IHZA@StUsc#rS|Bl&ZU1 z+UU+qL0doysjw+rxOhjEzV9B`F;|H$UWnfg2DxU$To;bW3b`|KeQZY=bymRuNuWzt zCs2wqfts_W1@_C0;eIXZf-NVY(Ns!#Us2+9CqX2fQzKuHG=v)PnN5OAEp(YnZnH;4 zpT&?lmrjVx+wP0PSRqYfZdow)b4W+7Xq=O1G+Ppu9Xa*9^(LS5t;tvNt?8JLVkTWb zIjRJ8N_ibUyWjrb_Ez}w*%oTL3-b4JdhXVOc1Bv(W@hrj)BdpAiJ?$e2KpIN^r;5d_2cP&~=dKKnMwpQ3^Lk7X!9Ur6@$fMJVl*zHhjVfIfN(Qf zydALul>(O4TwO^;6%5E2W#KF|MSNXa?A)2U9VDr*5>C2OMm(gJhzd};($vpV!X+B4 z3bl0tc}9)qxfLh{c~fJc+W3u`Z!K%YW zV^oHys`Qd0rFNk=y9z@w*Pt;WuG`lZb{TCoLCG<&0+VBwl$FygbtcP#%AU0~GW_I< z5^?sSigsquBY|Tgcw6!oF^!ZiG#*yP<*Or!&wyuPpmt}^9 z1JKi_ki9=b2$YDd2*ukf2)dhn5UYJAvb8?S66acsx+JRhFRSzG8;hHs*E0}Uz&ys7 zvM5)1l2hLdyIAH7W_o&U5#`Bdqwy&EJAp^zpR)E#1TZ^-6GUQcyOAJYb2Yh{4sLB;& z_`$;I1OUh%=pXVw2M!{^0KvI%X20uE5%Y`j$$e``?V%bo*Kyg}{#&(+m*G?>qj9#} zYV{h4AIW|Z2J!e~0!k*NB^t?*h;m0w;i(&NGPXiL(PGkzp)8}j(Q4rZ;-RI=tHpz3 zb$A%T1a)0?XY)?c4?WQWvwrm0*5>47wN+I4CH_)FNFN)c-bYDTj13FjiA8FEFYkCY zUKPc+@cyJh4?8!sZVVbj5jNs5`CF7NBsM}#g%n3|Jv`T^Bmq@Sn>o{iG&gHT1!Y=4 zck&i)fmrz~U#Yic%N^h+*1tSH8IyQd^oQV3ibRhGu3%b&k54X-Q@`tF$kj3&;(;Ef zjb74ivSr2uTH%Dc8t$9zdg5fquiJ}-^vw*;->{|(e>gZ^iWsEmHpN1!{GQ-JEIQ6$ zcwSgxw zez}sq?d%v+v5cQv^x3xl$!#DdH#;#7`KnpTJ<&qlqz5p(VC*xTw#o7&px zV^%>_mK&`cqRx$_3^aW{wjCZpD^8i>M}onuYDQ%S^Kbqy+;v8>DT?yEdLGxCSk2*f z?sw4$aJPoMUBS7qI`+026d%ltT(0Esu-N4-wf+HDwp{(#TF%wE+-@C_I{To@cN!q} zns?MIjtEYm&=VeG92x?=;E#t&l_1E+ZF4M>l+~RZedgqFQd}2Xb)}21GZ{VAmAB_| z6cribv;F>^r_%v)1x3(Lz(C0u6`j;Lp|3z;XU44d26H*^tc}~RJ348f1wD_tXb;FL z!Plf?sqbie4gy--!Y=ktibeto+ELS{*X&B}DjQh3bMeT8b&+nuz8p0)HRCShn`XN@ zJMipj**s%lO?&Mr*%!YK{uO~x@&jL-oq+-6z82^Um{vs@Y&}b7)2`;MIS;s8MBXi- z?l*I-Owx9_UJmD`;#e%ItyV5Kz5CO=b}Sj)uEU*H63Ap~o*ve+(Z1<=1Xy|;@gmsR zHPv$<^;jYk!;$`Ul?dE@^igghtST&~K{ay;WK=iQ`QzKYQDDrA!A8RTceunFFbh6 z3K)U&q?FIX$Dr~Zh=UgJOw{K0E3CV%S>zBHI(`6x5*)CRpE>qf44&|ToJaQUk|iir zk;{S2qA#a??6G?^8--gh{@gC%9@`Nt?CNR`9n<3v){;A|td_0UU!Gbowtbv8u(AE} zY`LEzUp?dHad={q-NYTf4&Kd$?+?C^4Xu*#D`Oi2n}d!q41J=IwPnJ6m-3Uy#l^wH zY&P+*&wK8;oD@Ir-|qOZY8Dinn6R^ToERB7IXa3KBQY{Eil2$S`coAufpvsA>~7NJ zY*_cX0OF=rI!geAtRRhAUXT{A`1h}R!r#;#GzG+jndpqkaS3G9L)hEXV3+XG@^C9M zqrB>~mb{AsKaLrt4f#~QF*@Uy04pJsZF*P~b2t^^#5y=O=WT{a$7zx2P%AV;DN%(um zPsX)H4c~sLZt!L`LWB2Zcqg}fLFdBZNq=(My6n8e=6WqT!;PDFftFzgiil$dj5!U% zDgnW%>u49^^oasKB)USyygSmY+zLX8gY^#x3~OK>TAkbTh?=bR@9)9M=|WWbXhP^F zCMLS{7*b@4M5u%0eWWA*#+(#>5Pc5+mN#gb_`cK)Xxz9UV-8VVR-}-(gEEu(-Y($)77j8vN18FGPocu2l~m zN)R8eKgLwX1ZAlB@I`Msch*={J42^$E<(NQ6H)s=q2XtP5Aj-qh^s}E%_{PtK?05! zFVg}I)m>TPXm>8T6DQuPmAgmW_%y5vxmOKO?ez9s6ndL8c|J~9g!3QxO?Y6Dh^pA0 z2l9Y3$v^Dh5b@86OpE18Bc$W&UmEmwE2-boKH%W)F;kg!a28BL*0>otxZ*a4fbbvT z?|eLwk&x`{?Gq%7taW4s^t|*Ha4_87=5ag?(7~-eMF&42)X0>S6iP~OLT`~~Lw9SL z{E=^oc1mVyPlqV6Sl?3`oJ^eRgrjyefXgdPA4lYhso9mf8RVNJ4GKG?e%McVm zEu$&wbG#q3-7hzJ86`J28?|4Y#mp=UJz3h;)`3lByV}#Yw5MvScW0;S8`7S{d)?6p zQOpVOR}!sF^C0biQ!{(1hwgdo&aM(I!5hz4nqSCQ+f@j3=b-)}p?@QS0xSZ^Ch>#) zAn%i?chKy@7Se1CZnA`Q+{C(QrsJJrW}=OhTm zO}`Xz0si>ln4F>?VNz#S>l0Q3B_Zb8pWMuhL`uy`ys=uz&X7;QE2gI9QZD4uUb}Ax zercwgK%=ZEM3>Uq5dbjKXu?*gdJ{A|7R--mklM&71Nc)@z`Q zaT-Pp-pR!=AjZ+pS?e!n(G^9g(%$3+2{|3Qx{AII(H3)s4!e<{2>kBfPGAtD20<1? zn4xVY8i`};>?|uIBO@y-D;DnDV)JpAj4T?3`*8ah#N8ArudJvcP+4rTMQ>zhtHU?s z0)k`x#zE5TXOgi0+weE}Z$PLPpNEQ0vR?=qK>7-HDEj=T6uROF3wAx{)N@?51-tTr zMf+lV{R|N+SIb6uw7uX!hp-8KpJqIso0EfjVz$?#-_%F)2lR&pBM5GdtO&Q!J{ff7}_p=R@oqf(z_RpfPoOP+(B=N^YaNFeS zD+d=?Yvy&U&D!F=TGk+?cjaydE!>4~@T8j>2gfB`6n93t8zIk!gGAqS9{u3l(C+ax z`7ZI~&p@20u!p$1nmM!j>)%LqFWueSVZ^;jBBFPeDSka`3T6yTk2Cwz7a5VpdIrLz z(6vJ(3MynR;xNMu2`YksN-DXVYMcb6o$XVupLHZb8J zyy=JvGzVYxQF97O$%2AdBoAQA#)~z;4j42Qjhcna+Wr=`>t!XH z-VWFNvZT{gH8^hRt$y}A26DJp#1w*9h?JWaYmgR~%Y#I`u7K1-N<%=yvLr8U0`>yd z-H|jXqHHE?sm0QS%woaX8GLiNX^er}ZnqEhL(ks6R%~r$eKzpoBS+L%nx^VSSMbku zfm(00Au^O$Z30$E8$nze0vaF-p_cqhJ5xtALPE;!At#`TG1jkjNf-?G)7X3WUVFm? z9(~6y^Xi2Ev>tCdp(1hgJX8j;ktj|xK3YneF7z>?W~BzZ$8I#zGquqGuvi}90J!f~ zGARoZHG4rUIs zaY<6uJLg9NAb;uU?_xzPfO~fIj^G3fxGgL~S%CjuV5Z_@Wh_Bqi3D-{RX2bY04s~9 z?z#gc=6GlsSU4%kC~7FO+w6Y-FBibtNfe=io0_tVtBJQKa_v|W>a?g5OY2-?eRoX< zcP$Fulmwnq2?JI65K8L^NeX*+lQy^3ROiwK-%yEX7v7xE?0 zuH@AJY$6c=;o=4(UcO*f@8(KP&cVt~GmuX}?304bPxwk2n0dqb+jhqI-E=jg(4v7q zt#Q?T#W*SM-D{DU6&>&(G8DtA3dmrvBq6{$9{&p3M75p*nt8!a75 zUPCK8I&^B3T1mpv`*Ny(S`vX^5m1-lryU#=BqHTwE6?XZ_#KZ4=)35kNLQs;?-ZXC zA}_WN{ihX@Tbg*GDmAKIeW;1?ZLf!aEOFes*1J8CJ=87~K$h41fjCF-Sc5R>aTyoi zb(?b&ASuzJSG6xvxn)es1BUwtUgB z(&-qLJD)8wTS=IWZtL*)klavSjfe*3pA7Pk>l*4_UtbpiLdKd3scPosrKKQT35h?^ zir-I4xs`ow^{(4&UvL^Uv$+BVA5{c@OmC>?b~Ky}>1~z8 zTlN~$8$I4#Mb@X?I|$g{4^mY&oL4%eKdM_PnR!`}NN)O-PeQ;mZ^juMOdF-u#=z<1 zX=rHSfTHP!2m|f=GS1*coplo8E%Ph{r=Bj6A8ign3bAzjluU3rWj{zq0$N}+xVM;p zum>)@I2cTiEJ!V=N#XT7?0Y0zj8F@EJcF%e=HJTgxhZ?-VR_pP(X`(5H$~uFMSuNR ze|^8SwkY)#+!fbvJ;tjYxvURwoDJIL#D)@qen*%1KUZ%DScd$(7kNUv->&~rXW#a_ z+uPd*MAQP1YDB7wc!_zqX@*&t=83ubSx8^%GG{joR5mlKH+S56cG`Aj2H*K`SKep4 z)A=~hmhF1n9w}Gf5meAl31sk=_b(midI91k(9iq%RiFizeOPixODtog7lAk35g*RBrzW! zZR%cn!gex}Gwaac!P&MnxU;uwpV=;EaQY$6V^bRY)}_bTVO#F*M|z^hg1Yr4M77@d z@7Bf&Cti1Yh5@c0eUww54w`A`2`TETNt61hOlHN7EcuR(`$!?*I)FPM>it-Gp|}}? zv`IpM*I!sV6~5~OaK8&xP!PCuQtl;z?ktb4cC`Zi^iq}U+uiwC*wMN1xaw%lgb`?zVL)%wy} z$-7ds{i-+!|KgHy|Hze!aG4puC!1fOJbPEI zeY4`#_`msx0XJH;LudSX&yAr*UY`AB1d6g+*n_i z2Hd_A_>;s~Rb@X(ZpXw(e7|mv(G04dq&<&5pFJ}^JsAZTZSUNvd;ECq*g$k5o!fPL z4D+z|x7I}Zt(`NM+fw&Mbh&@~`Y>{&fG_WGu{;8)(Xaixw-Prh5dUA4iBJUZ%I15V z?JIAyokJbybg%;aQOAd%uj71-Pu7qwXGA1DLYC)l`Dt>L^Az8C9nYHPc_qUDm-a5F zOFhC8fd|?v7;u^wC8^bop4DW#rIb+QQZcgMuZ8?UF5H>m;8@15UT(1;Ehxucu+(fk zAeRjDocNtawj6K5LDkL`-b7X&nej z@pu3C=<=LHH#%)B0lHZX?{+Y#T%AvvsaXj(9taFZw{$Ur8;1vO&y&1}`hv=c9{^FPr{6uR{aq0mD9_JTstxj8-D+;r@C%jVU;dt2^boiu(1 z1T3g1kM_rE)0bC7C=aqbpWNxWi>mNo+v(U`bxl=WmoO<@N_#+J`6t7Coue#A;(6F? zRxo!_#meW=99Z6C{G?bAh58o0G7wl4(_MAI#|e0TG|4I zVpM=s$&^~!!(IPXhb#wrK3ckME10Kc<100P_h}e zgU^I5Cnx6$;A;jMzQe68Em@@s#Q+70gp5i4i8@w$POJ!ZZhU-vVv;KBRB0(C=~)do zW>STz{;>u-&&~m_sia0N|A67pvW2)OPq?CFF4`e_^vsN8XsAX?;8A3aOd&A@pngtC zRRt9V1v0QaKxUDL-sU;z_*e%J${oOc#U_eOAFTmFk_JH&4~TwKf>{kCRHS+ymU%U} zg4qOfX5}Ke{!_=CcP|qU4_4(3TE%lih5-r%v*sY5(35nf~Ie#B!LVB&mz7bX$X&@nzX^c%$TuuiIwf@MT#vI zk6Pw%Ez>zIQ`OfO3T93nqrIs~)IoI$EtG~eAd={&XH_`m1YW}Pxg`81uNo4 zSLRo&JX>WzZ+(pvv3|qdBL->~6ESn{VoT~SGoPQMS8BCd(Q7hERnY-v)t>q*z@YhS z^=sqjdgg9{p2L~Cs%)i5VUkcmiF~emnjMFjJZy`+>0N+2Ia|lO+V^ZFQ$pQ8>Z=9w z4uTIb8wu3>)l{>hARv3K2uC!t2wB>4Gu%&f?yh`bU zK$Jo`GuRK9Y^9;>ns1+yN&!lyZhCdcvVnj*K};Y>9j0%mjx1*opptQDP{#zU)Hy?b z0;gPFT;R1jTo<@X?lj8j(>s6r;%GqgBFvF{?#OmiRV#I{u`n-Aj=_HU`AcJ|B*T=n zN)oX7I}42In(P_d7g+^1QIBXm!%M+132ZW&J_R&mDW12|4V;G=W|V7J;^W}7Ii0Uu zw!<_0{lxy7`9_;opGs`|txP^(Soo+&7#LWm$A>z{I`jJh=0{o};10}kNtHX`o`K;|^tpGUH*y!xy@^rI5df5b3;L}As% zn^*XQmkp7f3K^jr=&ZI@ORX4V?OzomYd!HvS>xk1S@`d+?lRm)Zvr51*eUw?uCmZ^D$KTCw|3rG9*dbpPSbyFBiO;@V&Hp?>4|vVLsqWSV zH2%tu9&CQs$r{k5?}YkVwd-9eeY*6IkY7JUZgB&QTjTqBJJ(kibT9C~+TecWe&`?J z|F!w|udm==%U%@F5M%89OU>I%3}^^*@bRUNSVIIf1hfDAGWg=FL;lU)Ur+rL#{Ktt z3>biY|5DHYfBV4v0X_UmOZ;!64@KLg%+z!{_7lMOPJ?n-1n{klZGkl50sC#&C)2edzs9QV&&Vu`<79h3%16~l#r}-23vXW*}zvF174)D z;5fZEAK&|y*SZ4(7)#&Q%gPYZGrEiM5RID$>CgioID^|YGQ8Wz4s3tkMKzd7#9nfD=+COv2e~){(xva1I zq&?^tF=0-5cyRJB*4NX%Zk00UHIeU!gDXGXU27|^fXwXigQRGka=9leFgF6`M^E5Ox8jV(- z_w%at>g9UeJo|Rd(CD-tujh@JFatcs0S6#h@03U(Z}0E(X7$?(FTCO3KzH8J2GS*F zLQYa@B=l&C5?JNZ3i2TCN3{6W%2mY)~y+- zE1?JArOSXfFkMpS)rk`i4h&RiHrvgYC})ZE@?@eo>)1V^k;OgFtLn6We!LdBg(eo3 zl$dR_x$1a5=gU#Fy-JO7oodJG_9{Vch%&7GFBiaYFbR%!l^Ic8UA?uXYi@q(4-UT~ z^X-G%;RwM29-p^t@l;QWLe6*+Q0L(fpTS{2pj&b*v*~ zcF@C0xQsZElTMs}++5tXo6!B0yb>RI=F`*hKmI1P5Fi9B^)Mv_PovYJ`2($2^oVg- zt3db^Lj1h-vI80%z$aI3PlS#P5BnMb1`Pk<`kLWw=D`-{!NFc8dsZtQ$Nuk?PW4!<2Dj^bxvvs|gWyK|6Zj}NE+{g*HN zJEVh|*$H{3$IacWET4gXe<-SC;t$uubY}v{4q58RkzaqkRaKKFK;lDMY_mEmD=%r| zs8K@m^73@X3@)gX=yZZ`s3ZdV%&Zbhdu7z_ZqKRY$0+a#0#3IbpF%>^;COUJ@#YI*s&2b!*H z8`eHZ2tD#Qd(fvba8Q>m+;34?S$K7@D`uGBUhD!tLR3`L+r!CB4trxUv7z=dVGRxJ zGr6L_GOmzV_eDx2v9U-?yn%s%<>lojpZXtVU&HD%ySllFF98U{Guo z>W*kuJH7eB!Gy65ztbNK$C2x)QxtB6Z7EV=O!_af&fyxaDLf!{JVgL<*53ViF z2iG9Q#;R(&?nkg~d;_S{PfDk5UrsAKA6Cregr9Ck>7wv>)U~uCMp){cz!Zm{K3*?{ zb~?=FshTytbdqd{4qlT0%h%M@6yUPFKAsN&(ezC#6q$eTH!8hjv7;zaH5oMve1*DL@L45C@rW81m*Vor_(6(&bXJ;^4MU**w-7#DJ zpwMXi+Na0I$0sKzJ3BiE2Vgw(WJ+pZrRxRPMqHAob0?_J`-yWlTP> z&U6{gEiN{_Js78JzeDn%G{K{4s*2R{yhpVd2sy{}Ze0&){`_)}e_a+4aK3W}^z=+l z!ownl{FL+fq1}ctBI-~1E1)7S4jE;CdwV-t!RH5I`_=t@yJwKxa8R#Vz|G*FSo^eKc}dhw+2(q=a@_vQXU@07Z{F;VvD=i8*RimIhjk{!{07<&Ili>7Z& z6$zj#{&*CddQms$)oKHl8;Nsw4j$g$(N)6<-3DjE55^m^#7 z045KogyOEI z%wt8UNJJ=`glsbEb9sM0@4w>vJ-^hWhlkF6-`DkeJ=g2HXOQ0{H|9^bQd$EyBR^Uj zE<36bX;e>5UhxrT>+s&T>S3lOdw^q4^ee@k3^L)f{iW80_pgU!=fD-GDJEQi*Ceg? za<8-Z?@7bPuP13D2t!gkh$$f@(MV`1zcO7M$3JZ80Vgt^rKH2)jsH9! zAM6R;=kwJ1$~5dm%3vk5jKv)(rw?(po1Ui=O<-bH#0K>ijUIOJ~nfl zRrs}}uXPk=BU1R!TBd&go3R@Y!Pa5;u@m}ZeelwrF1=*~R`H%i6w-V$~EjC0{ zMi#;DPft%XxQ7nH#DZm93|g@taKPc@mhjmoJ0fOE&-VV)2;Ib-?bPN5(SN~c)IVd) zdxFi~)7|;A-TAiQGk1RZrNVz(<*7nKLhPIKU4i1%I-d6iVC)tDE*kztUSTb6MSdnv zq?Gx$tk2J{Ja2Fs@oc(*6!x)K5%Yz48{+V(7&r>#B~g$!evqRYyl8*m#NS6AXYzHz8> zx{p~!^8W7gZ%DSQJktiO$&Mn#VP8lOqweEroS(0zPCm2#(gJ-+lr~mYCj=+gW00|0 z5)w~V!ijON_ayJvgp(TMBHy5?lraYDDuOok5av5U)Hw`_F}GD7rj8?aX$j~Duj0Oa z&9%Z6T2f;2^YhzS!`8E`sZb4!FxTrtWUWR9Sp}}s$n1hoYHk2HtR<}llv!)iI5M`_ zV?j>NevAF=?Cid1c0=-9(7t0ym=N_^7*NdjpS^kWWO^nsl?EL%Yi*QzZ7kZB^i33P6z^?#^_iZEIHcb7T5cBo-j~d7P*q9Na zBJv+8#DOZ?+3|2YhbXcwDoJh1QT=#<<@@w$gaGIYNL#6bJ8(EMcONG!up5+9<9kTa z;=ql({CviN_RtTny~m&Qd-~W!_u#%!(1L>T7Yf?ZO@m&I^3qAi{arLMn!Cj9=zFwR z$z!PY?Bpbb$o?!b8HBt|4A^7`e}p3{1Cl5{yhG}!`mgl*4J_W2)a_8 z)1r&4yZ)#c8GQy^s5B9qfZx?~p#9?qeaeCKf2Z>vswQ|Ho?5CsM2~1bvd}~0@R`T; z6%KHYG0KWwlBK+mTDZ*9&)fR0S)|vvxVVn^5Gg4s1De=B`qXf^oE+f~7+dJ+oI{OV z%o|o6_s1%;GDyc79Hza0zt-Trz+Vn$HF!N264w7dnb6-8ixJSEQYh&32VxqVvNrFk=B4%akZ6>7f+A5c^b&NJv(0?l}gVtfU{N1})DM zM;_flrqPbr|2bT5BRY@$S*caB$-p~0Hb%0V_o0DvDZ$NcqV4SLEPTHYAKhahsr+2j zS_dB=f8=4<`7%C#kB45sI)@Ilmd`csri~Lin#$J^8!&EFNC_rv&QXb9Fd|4)^i)CT_EP zLM44Nc#q%6K7K`dQvBTxhqp4T33DFDLSF}E8Aiq4X_yGA=;i)7S6zhKVYZUS zTghumO0XN=zWu}N4!hoj5}oT04Qga4u#$ar-Y5V3x-ZK+0@}xx=B_6oSDHh@v-GXi z#p4BsfGa;%(V-cX0s&Vg3kY2}6q)a{TG9nLb8g%MR*0Au+UAv8u}{jBXL1s=&Q) zT^4-f@gwCbj+uDwC`b5_!IVn{;jtV{V({Zf(k6rt0qK$EZ%>pQNrIZ#?eDh<&o=@D zx9&2a`;5mTx=8G_u{thcV+q@kB|YCL2HwD<57MQ78@<=>`9d%XkLZ^Hi-^68P&Z%! z%s2o1Rsi(|*->;M<(*egFL5^$%x-N*e4F@6+JcmuNDygx~k8&oURoUiK{WcKy3UM8HG{2{#pHE;vnQ-amDZz z7|jIqjr0BY?_s}YUjGO=BC%CUI|R;5SX~03WC&556v!{ccdT`4dOAg1H-reRk{(9+ z3hg#8HS(}T2&FP(ard^ca0~?kv-Ok~0)ZF|hF|=w#+wr7>&=DyxQlVzaBgL^#lj`Y z+Sy|GFz@l`aByaca3ZZs_{OK2 zM?{sAl~t$|&Z?oR_`S`8tz#SOzOomw83lE@fvqa54sRyWU!~w5EW+xIp^J1U2{k3$ zxbI~X6Hyt1C>&)71-AnPq731|f1k%^ScXEaao=q!L9uhn#%FLRp->lLV%NLVm%o}5 z_lkSYK3dq5JO2}{tM07ZHr{IfWh~PgAo>{3!Se;NbgB^^y-DT0?EX-C)63J{^8JW{ z<&Tzd=tj9>=mon9EH)?){ADy-kOS-ZFO|Lmq_*TjHUZY+HlM>7{;kESYQ^afP%i@V zX2hGi!mfkvmm1-0YDl)Eg-6PG(ymk#7D#)@*7>e$?U^!Q2gsO}v19vBFa!)YnN53|$sLSDvSN;tuuWiMsIH<=?@cGNk<@0_xIYccVsb+ zEo?;I)d6DTZYFOYZEDARl+Ey5 zZMxSNTs5~@G)KqnBDtq!nVt-Z4#EwO+DL5%B8TNm5Zn<4Gy=v58k`*lyJDiq=ho+u z`{YM|uP-UOyjI_#$0ogAIY)>%P7G{;5_-0`I60=4=PAd0b|B2|GWPto^zKKt46OGN zZ_-`-6cOKd;E;B*oSWFx#jAkC-!W{kYI=6=e=CYL`BMy#A>}Harv)O=91fR6ufJD; z)D+*y9-4b*N^C+!_mQNktYlJROR`F%|z z+A+VQ38;`p2rnNkhW?Qyg^EZ#e0Al^DR(@LXN)ml2fZbCWsMW@1=dGzO&L}F?)|5D z%{So{UGuO9Mc>}`6oZ0vMO93yBNF*}j+Itq+W2siog<|l#+C52&t7l}Ts+bua)of| z->Y?;EF-61#5MaKa|Y@i5eJ9S`e-(VlF_n&_>{L-B5y>&R{2DB?R-SD>1Td@19pFS zc@d@%cc^Tw&w(xUINdgyYc`(2o=uDKx>+@j^m>1QtdL6mefdz+0N0*tzS5DDuLi z>j?Y#xw7gteranA>K2FC$6dCG+~ZjOdF?MT#zOCa8r-i}7OwWuYg7%1Ic-6S5NYQY zl&7%B#~vyt#t_nQ;=W5l^^uT5V*|GL7)c*S%9gY$v$o`d4lv&Op{ms>?n$x5Ni2N| zn^H;`ecA3}=h`a zr=Nai`~wOw+5o&3hq68Jb$iDsnX6?90%9y}=d(GMZsz;=fM)4o_bu&4g<-sfBy#G%M^pv+pkPZqZ)QarZ$S()I)!x+2f*c#Ly#gd}n2 z86U`OL;IIvx@a+;$mfx`M577RON+igKbJ-toOCrK`=GuCm{E3)W7(491LHTFWn8$i znER(S(JqTC>9Z-UcL?8Ae&y>qUG)D^8bCpC;np-kfX9E9q$;(ah8A11=n4=uFVU&J zXU>nHFLI2#5f+JFYd;quC${VF{|BUTGa27W1=m@)@%1B*Zl362sfLf%Q5A-lj!ZT8 zj?<7?1GyV#k-ZD7RmC18+czdifusvB_Qw$AzZc}_?RYNaYbivOnqhg=eB%?%lM!<6 zZpTSZU)pr}5nhKH#|6;|oDj_jqR9Qb0QS<{BjF{=VtK`OmD7r-4i%%i1&XX-7PU&? zJ12A1i3tj{K+US+jVx8-y*`>ZV|KSt2B*l=i7czg$qds(Cex2I&f$1W96*d|ahlqf zfAWra_5l5~X4L66UNb8E&pKU=f`EHUWTH)WD_nZ#*$}^e8iN=RdVIbc(jAD&nu3E? zDERPCOCPXJSy8`BMwdY&FgMkFon1V)ckZ`;A zN{nO_$VfhV7i;e`nXyo2X5|_rQYg?NrUWG|?-P9O;IU;RWq5ww&gs|ixO-#;piJ)f z5fuk?&+w@ozx{e|$kJ5$z>*xZh8T~>iFsdTXFj7~s~YHif!vvG3`h()pe|n?h-+r` z;O|VFp2Nu^kp2LAXu;~IbE5#mQWe}|A-k6<`!~WE)bCZK)NXz3CZcg3x)Ev{S6nw) zxirkfYBZNK;rsR#3yp28v~syur!v)k5%%Q$W`|FD1yaI2&c)fW`pk0TmV|iLQ9Bp6v}69gn|L8kz;-Or$&H*a!DSP7-vPF4Pu+6j|@+rWau0= zHViDmbrBeTTXM8x;BX7iJ#6)8%GiTpd5gqkgQl5VGYhy}$f?td=zBQTWzL72pRAhg zb#ouEg`Ha`(Fz+JIudBH*m9jR>mCSa z3_fG;Y+=DZ5z|AcsIMvqdiOGnv}>la7BV`1siBaEsC;)FXP!*&)oHw6t+&v_)7%x0 zU)J;Y;+L!C>bqyFX3;{0hUFTI!N0rHELy+Xv43k3+W1m?e*kOftpCHPqtZ@$Nyx+| z>VurqXYLTXEuN)L)LoMP*jXO!oWT#Ed@S=S=0ULWCM4T7jc&E!j(;(886l;+NMH~q zA%45$O=z4Jw3G3U1xpv>o8(XzwWsbgZm<5TgSHn({^CKuqm0AG;@hSy;a?5YX& ziF@qY{J+!^D7}bys{?-S)1HwGn0ERJms@rRN!kPh)-M}FP#McUL4;1$2FWGTcSQiA zw7JfS0X4T{z9p^%z_@PP_ZcFV9qg9-Z9-n0(8RBisBY$mg~;fMIXWnwwE;`g0k$3Lr^!Q_!LiS=}ywKP|iVR+Hqk_Wh=7Tj^0~s zEb@Ni#!~yRFC9;~9iJ?5xI1TjWY$sr^2Md0`&~b<_I0|CKWi6Su-yrg$d}lD4lNPy zGx2}~|7}I~MUJp+L%aFOw>Lf%dG?-+Dn#)ed1`)# z9T+_WJB=eljWIo^u?PTYQKRoJ4G+>e((84G^QGAoS7W14 zf6TjsP6F~dzBD>rCaejS=n#sXx4L{4cvw$-s2X;*Gsks$Kr*jPQ$xxFj#t8~?;9k~ z9zIH#zh&k?Z9p5i3mmiubZ%<)iL`K*ek^1}%rOk4>kU^xmrcm=z+l%orsA?vZ7 z5NM$vIZRdhi_*h?5~1|%ja$<5(gF-&I{_6WpYdx&;`i?0@?J6;ER_|ryA~e_C2>x; z@8>Q=MHei*c_{ylMhG2-7qwl?e00jSoqWRlqYc{`#EU3Ht;;oQP`|WZ4m1y9hFWi^!o;R(yxD=tTE&oOc2`)T^Kxz{Pk~czY%3(H9?&! zpJGtm#G|w8SK?^|DobhP=Ap>5@Y^?!DOcWKq{r5gC#2q>(?Fw1dHwugm0R8KXgc++ z&*sMoQgk#os{pLYus7_wS*a;gBu-h&G*0*ql0xos`In&7433?$!z% ze&urI-ktB=OhPNNq3XNDR3sY2Hc>@=!l~O2UIcK^LoNrVpm-1aCf4*G7*NnhMtuSZ zkx{~t{1wmEhwbS)uI7M$6Q!!hnB?MnfcaTl9Ij{b>Gwyf5yKInF5A^OnOO}Gm#x)4 zrXVK_{g5w-_AXgTmrJx8jHf^cr_tJIyf5d*e#1rjg>J{(6MGCDdU?7Cn+_Y{U{m}$l zqMlHC3Mr58UBJ#)aH436P_vFHKf}}$aAej(f?JINAu!xw*Ph!J2N?=`Ww}V^$Oi=U zJW&^RM+lno0k8cfWjswXuo_-E7RFP3um?ZC!pm6sOj;SUlCIGKbtH?={MbV9Q}Si= zm;f^^(8j?*@xgnt?o@HyAPTDHaQqS%HrML%Fh?mdK68*GgqpEU7(6*c)C_97y3S$N z&43?S4p5M4GbpTQAEbXoizfayWBxTF#3jtp#V#)qV2oW0tvH`^c%dxGZtu>`0t6Lf zymO-rR#2!@HDfMTS!#l7)JZjepzr($dP#+fX?)JRej5t2ln?963~C`bbR?*@S@ z3z_eEb1*Coqehtzd|jI2;4_eAYGS zu<}_FRg0qi>d5}a{K@4|#bZUXhjFabx#UvJQlTqK!}}hiIliRpu%Y;nk$m^EVBBim zw_nl@;&ndTghy%`qEbz<*rF74>=MWm-QOiMAQ^3=r@jZga7SQf-65#U z{2SrN?+T7BI6}ovySJE#p5ebL`BwFp268XTZLvGpfAH>CJ$@WmZ2wOn)M*w}hE3Wr zi`l~B(%(9=2@$EN^Z+s+bND=L9z=xtpDjxG_4PQe`T77U=bjTbH&Q}fk35-P6#7>6 zGe15z&gq9jS@Hh-(MfRf{$F`~R|7i>jgR_xUjzODaW1RBn!ARAx`~;Ohh#dG12g7` zBrgswXF)V;rbf8SL*7XEjTpE9sUo}k(yJEwES%_O50UruZH{s{hMZ>d>PDK#^+AOm zTBsJt=lld38!HZW`J6E`q1+5#9m*u)taL_qECC|Ky;Xko=g0@0lFukWwDEP1*@t#vY^y0X5h@9>TqX+PL7;05lkKlN+9GI3X zS4@Zc-AGDIC%Q70j7^V3WJgf2%-XyZfmG@{6*eqW19-Uf%;d~ez_x$Bg|@R_B%0XQ zmsk<+k1{L0&i0;Bie-7&CcslocG|G1PJa(kT5Fyt1M7DY7^Hfik=iES@A4jlu8Gxv z`{&udCxD&ysoX@}CctXI7k^Q2-kRv}vAK=nxt$lY!SWkvG;9mUk2{f+M4vZky3()9 z2VgT$^h%j)--2>|q?Y-8 zwTSx)t6c|2CR)sbqCGIQojHtshz4Egjp5CiwskH`3Ck{zUPnH8w=vtYTYpR1R0eRS z46jIl>_V0Zp|p3cvgeYl@)?PNoNcO-cy61+KP)e`dRWL4E8k`PK5ZdLJbhjjK34ZAFr@UG1?be-xQ5TAyOBmn~0nn`7 zefyr8NuNy{0OX{hZnK0opZ=u!v&eem+y?!Q;Wq{mJv|iGJxVoIrHidUc9rMgT9(Y8 zz~9uq6@<@xsf+!lVey|&k=d_Xv7>j545}8*D56a5B%eNixu2*?p&b!?iuI+sZ-5oAextob<>Geh-8yBJl1FL$=CDw^kqo&x z?GKM5(YLkrb)hUU_yK@Jknbj)YL3%@N?s2ujyPVOA6Ovyr$Yx0UEZ~h9+SRF@pt=G=`on`qSNhZ2U_brf*J{`4>dsKyCpP9p~w5TV|$QzJ$^H)9TM9 zglps5;oa|gVK)*mjw_iispYL;Bi$jZ5V-hA-$XHiEa!8S&01|vjlv1X5=v}q_l57P zIXXh>2T9t|oTv_nMxx5eF!w^$_WkU6wdOirZ8!sW*1du4rRX5*@8kI?O_X-R+OJqt zyiJN~eRaRA>DV!wtVnxQ?V2VTo|yAUn+zv@zN%QR)q7|xQ%2)0mVLk!sJzl^Eid3j z-Jq)Hm#qdr+E9kJk}McpEYm+;rW?zG;25_vMO+$SxIz3{^vfEZ3 zJrKx@Vb9io%|pHNc}?Q)^aRc;@QUctQVLv0=*+~;Cmt#RaRDQBj*e=Oe3Ycb&8G}d zX~zG23{kvDFq%R_@{Aurg$7n97+a+-Aut6g1XWco!vFv4{vWw_@iWj1hRz8yvK7z!>>>1nmn&B zp0Zuj2r`FKoG5C)Ke}b4wtaqm`MY;fzpn@O>&2cDZDb5dTvXK06`WE(&FHERY<=Kx zeEyzqR9YDc9;NK1_F@(SkJH>9jko zl~17k-9AS6`EUc!Vjv?G0g=lwy!~JR+_J}jH-SW5L0>Q3v*;M`wNay$Zu4(G&ww_( z_jZ%jf*XLrualQskx(O^CWLGRsQE^{(Nppp54!>FabN5J`M|pB81S2afA4-o+zx`@ zzTj`ExLx8%3|8)v@vuSuli`%>S!fhs@!yi8aEV<(674saG2nvaKH%TL1Fe&ZJ%LoH z{KlE&><9kc>Pqjw>jtMOeHl@CL`s%pFECu|Ej!D$45$IrS5EXOfYw&! zCii=`G0H6gG4=;!n|13d12bym^xz)f6$p~XIS+w_a40z<1t9I%uE8l+&=nTz_4#`|Yj_Ami-qE#_kdZ*iW^mtK(K@KDE(V@3cX0~6s0zQ8LFGLf z=XYSz>20OkWLZqLWcdn6n!e8#e9nbTq`o!NV8u4hpUP$0OxktyQNA&e+Ny^79E2Sd z&X=N6)RJffPeIlqpM!*2d;}!XtU?adHCq7XDF)^W3|hB{du+H+2~?X(04@Vg=>w>G zL4#A75*U+GoCkA2$m?>aJb>M2S zQA3+Mm&`^$5K`E@g`Wp!e|G`oH_q$A4%=wdhz>G0tDh?b9)2j0jx$(gJh)k2OTf1W zJgRHBKm6|zTkFY>*dN@=iyTG%&Y5wnL5={cTIXmq+kYTe;?yjRHGu*6rX(`^Tf`L2 zUhfqrmvl|DFxL|*Z_JlCiEd$fjNHTupQ_Zx-`LluenTogwDgL|VgO5Qp!sKdhqaR_ zs?yff9*19PO=i)6FX-TTVKjAmp*b}WXT?`NI$=ewiyhg~928BVGj$I?5i5q06Ela{ zr-AIPd45hyU#h{Ycj4{eEP*_bC$(oTC`U)q0Per^=EjrXNfZ~ z22j}|fX=K%^}Gk&aydW2=ohc4{^|C8yfRe{z?P@EYl=M^ZH5RHDj^(}-VDqjru=*V zxN(@3OR(7oLHH?0cpkX*S5&x=qtK??PI#zmM!m;adMD|jcJ>^gI>nK)hz*qc;ny6$ zcK}wNoc3McJ5zQH?})Yy{(HJy7p0YrO;|s;m@qI@z0D@!POfpG1ra^VP*{*4;$ActH?SQAev~KRvp`w?9 z43Ftms*kXvQL>B_Psp^IOe9=p#*=$-$Is?01&u1=msiAd-+)APltYUV7a9eeYD51h zZis$?)CX&3@eP2ytY!Qq0wALk6Z&5;q z;foF7Nd1mj8$7^3IrpBvreKtSXhNC8kE~@FUUy9Yc+9M%efChmoXe^w1Z*RcY6&3A z+L=~mCzptAfMm$B)B6mbKh#(E6uBlA)Fiu0v&$X?Sg~Lqh zy*AQ!7*Qzp9frNKzdT_5ZYS2%gE`XP&(;L8CuG_2CD|cdrS-ltrm#4*G42k%unmI_*0p?3;J9M?G?pJpa5)sio4IqjSO3>FnxS8%%cCcDpsfJ+whk!U{q!J1e;6& zQC!}m4Ib?)s(Mfr#IjOSa+8;-;5#0)ESH4ijB8gQ4Kt8D2O$m4KnWVxAQ!r-Qd^sC z-&2bJ^}*PTm!?%d4(PKo#~fIO49g<(3)~g4Df#rqopJT$Yb={kDRcqmB2Ll`cAEi;C89d70bnH@sbT*UI3|>4V67>=7eJ6ZV z(-03z+JlSQ_(GzI!(oi?YJzDb0$ASQ76VK7Tan{i?{yKYp5$r}v*@|JwbN|+oOyut z!~*w&*Kg0Iw}c&G*B4*wEs4bK@f}eaLJl7bf3ofh8J6K(XmIQ-Q9o9Cx=p>SLR0d7 zuGyjBpbd5R>8t#7F3k>YP`&Q~1*7xlFK6s$yRBaz`{1Zu7Rq>)ISG5LQKJ$;dH1R< z*^G5!xU+H9h<%f&Ebwo0UtG`!I4aqBJwCKcXlX0M-Ejhk8R7^{!HGsqryBI!wJ32| z1fp&6o#0dSg!l@wj783OB$F@opTi%JO9n>Qt#PPXqm4TF(#n?O9>DH7-I;sx?UZm9 z*B@DMy0^&mo0uMs;Af+qj;G*a7uY*`h&O7p9t$jezecRZL=?#Kn0Ey<)&{tEpTEzz ztonf8bfM!{o1bGX=f2RMs(1mDRe4PQXQ?l0Na=a1@uAjJYM#`EXf?U?uQ?)?iBbdC z!>^R}^n>az*L6p!(AWA24rB<6$2;?F4IV#w779t&<-v5!+rT5ORxa;Pt$N${A9Jx% z_q0fBiF}t`z^&|@lG5_b%SDph3*Mo|FX76w_j^qJf5dhTkz-Bt#@ct7W=*yU_b}Twf?+?m!WR_xDnawf5Hb@pVUg|e)x}Vtz(U1z6BsG# zg*1M)ru(Y2EHp|&0vV&?ZXE#KTxL2*5SIJ4Kq1f@D4pK{=LHtq%^)6-Za^P8IzZDy zbc*C!K@X%(Fe-hlMRpz|sultAaD6|zgU_1ULD9n!B(zQ^igsRT_X2ZW?ZTrz(9g#2 zyro@dQ3k?~-ncqL?h-SI;n?TQzpWaW7@Pv_g46I80`-wslQX`Me&vOUhsxi;@4`HTA~rk*LNbdpf6k zQ&t*(vX)al2t~XG^RoAuMo2?_qj@t-zxV#Va2ZZvNvADW-+pc0D(AHlU3*-{Y|TQ8 ze$wg#99pLXA7_Q7q=5I#x6vNM+y&;3^N)e6akb%86^)*e z2uZWA3HR!|L*F(6#k=e%2Z=5>>Nv;^4wa9>-HO=(?wtOO;?jnZ^XY1wnjc0aEVpNw^fG#3w4HugxXfv_M8dt&m;iV5g=GTz9-JfKi}4cq>4O zyp^qBKhiy=v=)mTLHZ1g#8L{`heI`Pe`x8DVP;GqglL~d-VHf?&zGf3<=JwBS;?V# z73}Z6Cmeub%e+(m7joKk)*}_XEm74>?3^LcSW)YR9VhS-ok*&LXcZ7`AhGjmJ;ye0 zail1|f%3+`n!NIYXio);tMp$yZsKB9nRp=+bX?;tPa1DAE zc1Z=d?1}eBJDOn>>Y^53Sr5e44(*M+;$4Cvs64rsKtgk)7;KsPqJz9goRn*0$I=bh zr$$AOoFP6u;71o%)ttqvn{SJ!bcMn9Ce0YwrB)x!w)kN^70d~WK0lU?Hyr<;oM1YI(a=1wK50?~|$S+=jY}a2uO~HEpJ9%OvsuO+e zG}QJ=1%0bBf1VN2I4$N)|6f<@=Rj&&U24#$9qb~~G7mZLVk$(lKb6Vge9(R2trf*Q ztTt?9H=0$7sc<0u&iLk6y^vW`ysCZUPeAau?qZ~Obal@yTb;AF>D4S!(ol;>?GmC+ zW1s0-;L;)iBNA~XcZ89=L4eDfV?+~sZ3g7--ZE{yx9I`GK<_??-*O#L5WE#Fi>#*` zxLvJa>^E!`BH4R=IuERP=A@^2jsvkIy1$J1^$$^Q4tQSl40Xnenvw`TQsub2nBrKc zNT$BV6pRZrMeYVdEt8|4NIReRFQE0EPC{(I2SMF|{;=Bo@S0u|cS&Jc+yo7VU6+1p z-|psatx~KU<37xL=|}R*)kk07^kpajP>cxz8V4COpkz+f)&INrb$jw7H?nGI4>|xa z$^vl{EQy+wDAxxgdTN6pG(aPj(U$BZ% z)UVS`^wm@vIr+P`YAw}RV$mn_aV$FAcn4QFYZ4X6dj0{vC7eI+c+CGXPU0{>y(y^u z%-~(Rc}mCYrFZ@j(kOiR3v5TlAAz>8^8$~ay9H9a*HSgj7=CLFCQ<+`uvhV7U2TXI zh#Nur(Co{*=U&6J;_wd_Wn43E7D0StL^WU=o zVabUd@Sov=jBWeB{)c(1#2r`R73Qn;U32}bNI4}P;P(C2Xo=i5qr7T?BW~z*JiZFn}!MP1f-H zs|hA~qn_Z+>Fgp$&cN%O0_gu1Utop;-%u_2*9XCzt9&o(o zk!nxX(s;WlHa5=Ro>R#!=Cewr{e5!{o2_>C3jmNw&@4yUF8x3xemPmo7rbJyoZq)t znu6#LbzpjReDvm)S7T!}0e^EvvA)M_PyNK0vOV1+1SPX&nvE|$aU3cFXjPKVUtm9O zDH^>Xn`0w>1Yi$fM`2)MKE>R#qK-gj8}xC4!6cLk7s0jJr|Wp@GLQx;*0xuB8?B0g z%y&wbf95S;#U~M&6`{bqH>c)_+bGf$y$?VixDUF8= zPI6fCX4SrD8u#4{266k`zTq-Sh$hPo`wyT%za#=ZPcyGEQ(tb+lY3OMBepgC7-Z%> z$MV>5T+O#{a4i^@D0}}H^luPnJlmd5D$fFv&CZwFshbe0CYZppYYPQtMuq8Y5gL1+ zT6xqIBM(+0=?0k*YKe$e2w@(;R!V*aj=y*f+#e8L@wf%~J=ct1%Pwq>^YcNiksW|} zq^!?~zBH}?Rj7n`S_KhE%BqlSmkT7ScN*sTa!&=u$PrbKftm?Wj@P;&Y~DGB3yeV| zINuylp#2DO&3Q;8_+VsIOf%)LA(ko|4~7@Qo&k0@s5A|QpIJq128nKW8N9>8*#l1Q zJ%Y&-5d?W(O_2bW;jCn%?PQ><>k@8yrTJ`P}NWHBM~b99c%m@!a77bgMeDX!-I z;ptYF9Zkw2$L%g>>{-hw^J%xA7$FVS2b$zoSabstL{0*}l_+DMO#z+;1lUi+PP%3? zIN%;U8BkoBJBnVF;oPuiyS3#xQfslN_TR;FPKnNC{1J93Os1M`$p-p?ObEuR`0EBj zg#vy}_1>&^#XX@w6{wAOa!{^2r8RJ$%2$JpS*|7^B2^Gx2JW`1bt36X6U$X77|v?2 z>ScYgoyZ0PIRbk%73NbFcd5oH;*@OnUMx~iKO}gvQDW0?j_D8I!oCCQZCM}HTs3bw z6_qzx?2{4wJ11E!s!n-#Gq{%v+X_&2%#J|!1^mEdKujhXIrR;HCt$F80bi&mg=MLy z7NmXJ-{QN)zKDHPVM;*?k#_zvf+on_GwbJAq7Rl-91rqBycS-XC%@SfGN4qi zvl5?7oTPEgOMB@KUz2iEL!!8CcEtIJ?R-80a=G6EP4i7V|%g+2+^+ep(E9}U89Fuz6k?pFSIdZsfmEGkW%6%}l zLNfF;Yg{W7jI33;LB@Qa!$spt!1i{Uea!KPs0fxPtGa_t4v+hF_o0|1jL39RENf|L z#iU7*Og+9aL^)V)C7!0qIYD(o^mHd`ymktzH!Bh|AxoIY+G;BQIl*bJsgfZBS7?)| zLl`;W9sT$E>_@?4P5wkk2k3qvi}{7+&ExK%s;}e{|1wZF!9rDr^Ymr57X2w+6_NNCk5SLhI91ftYvO6qnTPzpy!Evei;?lXpUi5 zFvpOBO}d^#s_ZbD^}dK-Xo*WRWl)gyY}k41^Hm!&Y+R^D?rCqWz?jouA&M5Qqrhdz{|gke5{%(r zE$SFD2*@U#fNz(7u*t14cJv$M+LChy92vyJ;)oeIwWAkA#f2s+wdruik=QFVLZ)fr zt$-(jci{pC8pPzNy*~C_^EW=l3Wzs1@k<9L?sNfJ8wg1%Yd~-xh)a-na;wlQ>Ht)h zJmEU_e2;Sq=M{z3e;$+obVKvzNQ!dWw9Xq_37GNVe4iXqok7p7369xU0J`wsGnrFX zS_zFFy8ReI{8xw98FxH-7Nlkp3}9g^g9H`@qwVgF`-X!}?`eJ(qp_TRI*$9Wc`n&& zS{556oF&|JzbtYN?N#6d^s`LsC&}B3pZ{g}WGAzI|6Wo>I$cH58Y!D%GLhUZqPJM; z^l3bt3N}&QqT#jfv-NW+{3s+)8|vbHcfU!(Y85M!450eyMOLm$=1=QM(?LfK7>RX# zN;LDNyr%CZ`<1$BEbme$@lDn1OhZ{~fYpI#>^lSHPsFS5r5Vx;pwfw5g27CFc@`%0 z8e~<-@mt6xuVryishbBxqt3en4$2t*WgafHdoD*F6O;^km2P`c!`74&$z#n(bM6bc zdwq;4hHyr2J1AjKzKlC8Q;L952#duKadVuO1&`-=C2A58CbRG0)h5T#k#oENZ(Vrn zbeTigT(W{YtM-`ng8?M6H&Tj zd^gSwFlMuWcE~L2y(A6zz;xZi>O0#F`qCcXEm|BW!4wfEbzFlNfC8|Ot0LwtFesu6 zctr3GprC_Fob)}bM9h;9s6|)m`zkSnHzQ#j?Vd)BV26XHD|Q>msiXF#V4~L73l01+ zfL>QADs0LEe1Jh!Y~R+wLbc%v+Fbhm!Mthcy;mTY*)o7w^XR>nYD#r9V{8utgU|-& zFJGub=qQi;K_o>zk=oic@tILsgXolbIgq8p2Jc2hfE`nB+8AkXHMroH5hRNM(R<1f ztOzsGtdPD)+~cP-{l2a;MvZh$UdN+Vqk)d&4rVqG%4UfR*MY{DaFFUjv`B5e`~%8(nZ8m(0UN5t=9VWwPE-^yztVn z!}lkc?n|<=ySmxC#g7XESocemqZFvtrMN#mYi^1q8eb;O6|=i{5uoBQa!nlyGp^f2 z{}EQfoYIo!P2zebMd#o(%aE_d$3Mbp9Jw<_zNnZo9FSN+V9M3=e_wC>14o%Ick@-n zHG%0H4zHt(owz^XKqm_FwTNB=pDP|JRpI^(4bjhb88Y5BWnc`C$cM%kFa(k@^(din z`|$<%C{S;#;^)mlNdiYS*h-ZIm__^?zoSi=7;*(fkCmS&2sZI$yv9aji z+(g_Cy6Fg9e3Al%fDtkmRqtHmC5Gp%nrhcpK5xhq75{&~gCfwhy6N?uUty>2v%Cpz zmbT*KtV#zy^rcK^1nKiMG(43LU{HgZAOjt=7JYp54C;9Yi>=&J91s* z8n-W5e#B;+e2@PvNgAY>ivafFxvi{n~_nVL2h ztnms(v6uUj1RifAQ#T@hs^}zituArTnukk`syr==MCqLA8WC7wUWdt5=Wou`4M`{P zp^|rt0c&geLKFxyL+tW0iC~5xaEWYg77zJFVrgP=5R~g zk@!ZygHH9S9gQcv2j)&?>f;%6#NDO1KW=E~F|y*1PI6D-*SmeHwj;=6c!O5(+i+ZP zN7M-%`@$MnF@#IsogdOiZ7s-7!3YKR1R(anWTXgwFVEPHU4vEzx_SDd;Dbilkjr+L zFcb(D9q~sul7whTvXRx_(U)nE|9R1q(d!&z#mnTU;soJicZ;W+x|S8M?g1mYV!~XS zBm=Ji)OuP2^PYF~WJ9z!bNT4%bL~=pBsl2IMG(8qnpDwcxVxIC$SHnDf4ryj;^s@^ zQN^@wE*Hck9M?1%j36X#%F*-sE9Jn4c)_P|UZInYi%j}FQKnnksG@bdOeY>kC0+vErd*UA`AcLDX#2W%mcYuWW6Ukv(2uNXrOQM*u3k93Oolvr|HA@CLhY%! zQI=aQX-A3-*en8#1}$SA6ASC#(6-=NwoWv9CHlW7;RTT#O5Sv1vXZjim6#OPy~s7! zukC-KS2|pF!Um}UUE2zF2%_H*K#^6C^Re$q`(j(I(-7AhgXrQDD7&DmNFE14-o*#B zf?OPI7sPDZpi$RobWbe;0#R+-aqcs!6i1ZDO@v_;3~T`@1^n?6pJp$9zdPVios9?m z(z`%kYo)S@A~>bI=c_HGw%tMKCS-bu1?m`f6X6v43x@61h7O1O!>~ibl)(3m@=bBP zQLNQ6>CiA()UGnVq<%s`&B&0J_Hi(P%N>CSAo&B}s?67MstC5o zKMH-rK3H9GSYdz%_aZ7)PJO*pKjzKU)|EF}L%E@Sd7;vB*C$YqZCP=Vo0+G}U4(!_ z3N|uFeRqEqezttC8*yi{k_BvEV#<$15}AZPcN&}Kq{^3>eGYG4Vlw;?A0E6LG+3te zSLeM@29sl>0_uK>ivak4#kG=U&H_Xg?i1g2)dWOR*(5BZ0`CE$DkdC4>$~d_as_|e!d(& zM2!f*DiIgrD*@P-zW3=Wa87gr+rRK3(cxenUF+6Q2m#YjGpLQrOy>$Uev|)>o6fzC z=91tp)E`*wpA%7EP2XR<_1n=KCUSTR#GogZ<6GG_dutY!M0*jcGP1;InM`aITY77M zk_W+}re=Z&FY|lFnts-7mVugQ_B<_v1Z6FOdt8OJ6W}K5cD6Vd5U?QHvY=CY)t^&J zCTJ|4{q1^!@8+}w-MH&TqLJ)AIxN0y>2N2VMC11xufPAV%$gy|IJBX&gN;)nIvm0( z)81pH2*86WcrN0YVnFth1D_m#`s_#SA-kP`)v4Zl_xscB<*r+o&Pej`YmFx+j5K5P1MGcRw% zPt0k2FET7vqsl0zx*9EZvzqZchw3v>#k{|MhrT1wvLh^XWTiwljZ2dxTFu5>Lj{rx zI3|EWe163wE6*WY{u!WzT8g+Cybrzmvjk}=tM*w=_&Szx?_CCzpD4G7VEMUagV1*` z)nU-1Rfy9uN^~481eXy8_z}A2a8NY?Hgh!RV_<)gC>MOk39B)Exc~D3Dd`IN0$-0W^>Qw^1vCAE|rc^aY<17l{RD?xd#BSuFmzC|}?sA@W0Y)%4e;v*e$^aXpY>^sv&Z^ST;2?Yy+@ zd_86}V0(^fQ?3i;k>}LY8uV+ekn4J$WN-cFFAC^0?_gPL-(Jg8ArOT2Fkt)37c31e zDp^?56a?2UzNBI05YrcvbplOqE6b20N;TT#yna$x@B^?}LuvrYU$qHdPf(O!m>Z`+ zP~RMLYkoSaQrwK%2ZU{8r*sd92!f7%_m+F#+`LpB^xT9b_A5X8=W>ajl;Kg^QxOaYYG6<2YWB_RJc<^DI z5JGAk2z|D-=f%Dr$E18Fx8q5?I`B^+Xs%HAf{0bqSp8MRdo6CpABt-;K1BIke<5cL zsO@L1tdTqN{hL9T@Y%5r?81A2Pz~;+{X!c}0sba+|4@Wp8_Y6v1&RQ7FU)7L7`0EOP+b$Qi2Z)cFl%{n*T{8?x+P$ zP@3&GY8(gZZ^XB=S+vr1TmokSCg?dE*JfvuL72oLLw}j8YyVqjyR5>YIF~PV*hi4JuP@zft4d%kyU!h7FU;AYd<&(| z8b4KAtgwp?=R?bXSlBX(dk*HGE$FM6-Hd^@zR(TL3=0iY3bcDd&mu>2v3M4>5A3C6 zLq(3mbi*~W^Cwa5MYJ=o1o9@K;Gg{%F9i_06kjBiT8p$bnl`zxbgcRTh3d6%wf@J2 zHO>fb(j>#GM@aqA6yIC+(>FzUK*W){?t~b!UjcUAr$=*^zqA~Gvw6XM8e3#y84zNy z5g9xUJ+xR^qd-W;taZMd+TOFVn8wd*zHNDL`1m$tF$7I=J~Dp=DSCx=M=uDtN3odfFF+R}r;CI#Yrumz+K#u)~ ziCI=aias5Luc2sAlR8cvXdkq=L+P>)M=?<#l?Er+g^{-^cPn1x2ncsh z&4qJ%R#ZUVWu%w30gcq>YK&9tNVG#vjd_WzdnK1gL%i`frg-r=0F|%hq?~ujF>k6s z=>{d@#TrF%LheOS3S_jg7F{|lDExlNV?}mRW|)<#dep*(xs;+vlvU}0DPPA&=k=0_ z`olUUh=bj(5kTCSY$CYXzGB`>U+-Wd+y?{Qv!??Fc|cZ1|}pzC+u|^7aZIG6OksBAmP~~r5+F-V)L;;6m(4Yu&W-Q z)VK^dfaNft_L!(}!Bnl4^&4atUW7-~1!BW_QtuCpZ&Psi<%$WI$EuY8jJ_hFTyZ&a z7CftSt0p=N(1Kt>P!-DMLwvp>GJdMVFpoPOlvY`RkNme;H(EvpipT`#pXQ6CR_%#s ztnBqI-i+N07l&ifeb;RtKiV1%Qu=hmW6gGO$Pl{7^KS?wqqiC(8I?l4t*c_~ znmjC)g!%fgNZ2^(Y9+(h3+8tMkz_@YW7i|1GbYm_{9(KF@n>hPBZIE^-{ieS=11bQ(326(jNSI^HKerwCY}WbDnp#~6GMeOjk8cDL_6P>*Pk~Q1;P5onrn7faOGtu`2 z6-}o8TN~6CV(IL7rl{&&wggzkQ5X>Jf+`2%q{FSouF@fdkw-AtCIw)FTS!x$^i}1e z60R4>QL9od;gHr?UAOh1-~8GU4k;8mFR(x);?pPudPOl2dJ$&*2B$1MRK8?`Yf zQD*Qo4B*K?lG)66W|0u@l5sTzr{Uwv+p=$UU=-amjTZvJ-=Lq0ka3w#r{G6Vj1L~G z^K8AK95Gi=OC?$@;C9%#-i+NY47Ik07Q~RS{Rk309&A6=6~Of;eOUiv!5fOfw$e|i z%EJFywL3k;Qc zS+@o5K|_#>m2h|zLCUG+~m8S3nG5E;E$M z+mB?6UKF@WwX1BS1_)co|L_x79AY&oeYrS;&Hw27_{68hxf_=-@Ux?DVPW$A{rOJT zOfsSd7_?me)rd0*b`%(irO0(n#nyh;J}basl5|9W(>5@dI1FQ(iR}r+P~h$|aHDQx zs=2Q$r@g#x9E+8UN4e9tXd*?p-;py*i$^LfFYo%Js&K2HZtxj#JP~DLqVGqD< zzh3lTen^hU{I8rHCp^2uZ5BDaO(jX(xmUvMLV$p&zvg&UMV38rf%h-1*HEclv-0Ak zxsu&qU_x9bE57le_Jm!a9XoyW68B`Ud1ks!J4SocxmR;+uXZ(STx|rr@A&lM`u>js z1$Kd89nMT##`jB>X7!5yBiz$1Np@FH0hvDS{v*NIN#qe)=`Bt1o=+ytyNAT1)G)cf z^IXCu%6%nZ#)V{t;bPWWN!G->y7z8Fet3ocV>E0369w6hPbz1lc);&IcA@mru8w3O zGN)zFH~~qrS^4V!(^@rmr;46;60$o!Wo9S%i{K?Xjm5cizM4=bPMiz;Pj;g4S;BKY zZ5DX5Bs^qdb*{~^LvJOtUs1WlYHr-y9ads_fFRD@A43pz1EDLXe0d#_5hpiVqC_H} z3fS}d1TR$$P<6dd2ZdEQjA>a6%Kk?~MKjpui(emqw9-!$`DldG3D zyC9@!!V#vPW-~rmwLNG=4T~^<8}lKnWf;4?H6LOF*Rmqq9u)$I>m0kPuYRSoC_JG4 z$40TOCXHX}FOZkUDK;553UqYm6o&RRm9_}h0eczz$QhW(s+&TTRIU%4a; zvf6(&0#sD!UnQa|{{W6tPz>elO+<&o5(@fHIb3D9OaQ|vk-0}+bF~&eo%Gx4V;noB zcMO;B&1My{hIRo*k|t!P3B!rK(_eE{{zwXpa#ZoJ&$i)ML}9xU_4nAnG5XrEg4eRf z+ddKFGOWo({bB$)xzG$O(_`<%6+o5%;+9M%$CrTsSI=ZCj*upmzMqi%`X+EsfLYaW`VLd+LatR)4HjSX>*<^BbJxjP+_w>uX<|7 z^_dt;P=i-7T}7PKoH-Ppm*V20oV_ogfl(%oZr@V{TNBJ6TEQcKFOw`cQ8F?^x@RK? zf6okzHQ3;(bSc8^qUtYzvyI~xLP?MCNN_OAF$^Cgji>Ky^<9tTNxS|)IpO2xm-f(L z!i!s?o|~NdiO80~-`Ri*F!UPM&+#h-?b;+I(?iFpN2o`nsr?63@4 zQ%DkSa$n$QP#O}adi?qYN`i3nkwRzJzKi%d@JF zA%0P4Mx#BhWzFOe!J)@^GA_Cd^$8+{2M5kK)Csta2C$)yyUH4xWKAkzLHYQsXgOR- znUQ~6Upv^dxk%#jdhwBK1qbki&$pF4u(5);xGI9;{M#xG014l&>N7GV>+O7ql?1WK zQMokKqifYR3YsfTQ)*Z^IYwbiODt)uLF<5wU5j$U%3#%*Y?FMKx<|dCu_huiqdP@W zNl#B~6+D-qKg%H)_74Pl7{Dx(2z-&a+pWar+h1==Z=ze?+0c3-p_9=px~y(^mxT** zgtv$Mv2Q?QRgdr4f`_T;TLdqC|AIZ>v+Zkywi3SN`QqxcKsNF3DzHpDG@uzo%omm0 z1p!p>k|!US{QMCTtGpoZ1f?o4T&y0~bn@A#3oGzncglLvmsf3TmJWp(5dEfPDb5Qv zrd6f`tn^6rK5wcHOWz;qp0^$)z^Crr_3?c|uOGMzkBGrI|dsTx_+DnKWeW<_x@@dNOp{j}Cs@O&7BM{qRpBKVEtkDYGHtG@g~+)vAr0eE0as597mqp8i(Nv1Gq+1uymzf2UP(xH9B z&lj0h^Gtc=4(=T?h<=fdV!6YcI4(!Jg5onDt-d+xg1Z0(y0VhL8Wdp*HI&ZYl&Zfx ziNHEK5548F>W#BU!+NQzf88N@;d+PPwjIGD(1CMw9%pVK;&_pM#cu<)@dq-fWMnk3 z88|JuU%YiFC1l0A5}HNr1O~bKY$ATcHwJ0^sc+VDQsi{*5D_UnwDq$(nPSnp`HrQo z+MbnM8ODBAu|#blZ)3oPpQnV5LHtSgnp9c|W2rCK66KFM#^B&Lfn6~2(h^TAoro47 zYaOYn)iAI=OTMd~4$m_A2XI^GgJO)NdlTfJOb#_>#BXD~!rO$ho{K7fY|2Ol7z(@Qly%CEWA1^{NFjikm;zcPj&v7% zVaHnolH@Bgd?=;@(mINE@SYCE(J@4b^&C0(R!BqG695MDia# zLZ`ASXk8cm#ABulNJG%(6G~<9Qgm;#@!lxNU76OJBg*}fs2i=%91cYpTBF@$FI8KG zW;;ln+Y9;+$2&Ek!+y^*RFN0YEv!jnQL-D5L%hA*s%x6v0lftPIBjseDGlzlCbeLi=O^p2q=3QGSvm+8t) zC>X1|1N=|>Wje$0S-PF@2*|`86z&!-&iF_)`tk1dI1yQ1encaqk(`98-fPcM3?zq9K->wi0oP z;y)NDYp@GglS6LhUZt3R(c=}-t^-A3%JL2ddt3&LwE_1lZ|a(c94T-hHyeLD<;nt5 zzm5KZsDTrfb#pVV0k7e8fTg{Toz{Iu=2AY~Y7!Jrb>#beW#W-l)93e0^avl+fw~Oro;M}w` zr1{5K_df`_`|^JPxC=iy@<={Wf0C*382+I>Ipo2c^TpNJXN1Agg0#33YqLGcdk@_- zKs_s;&stw-WDh&vVu^i#SX`T0tU2f`AaY0V>GU#D3zU!=OwZ(N?rIT6t@}~Jy^ggk z7o>r5$Q*)HPP$N@RGtSa-}0`nVC-r=Sv3J0)s=s#6vEv90T zT;xi5^#qJt=$y``8Y`nlB5bIMl*hR=%&Bq1BMpcMxC|H8tvo(|Rm51;9I09&@D{QI zJeiH@e+)jJa+8cDcGDI0L{@6XpFJ4q&5$~F2JT;=983rt9qu>g*!YCY&Elz(%2ZuI zlb|X5MEOo`Sr4Bzx zdET#Vz013BH@FD1S=!$&sNEuY17+DR#Q9zEBGFJ(UGB5HoKk95)nIGNd$i*Vvlt@S z#}wn1cZE9(SHn$%O>-0fEib+0Vt~-kLp*BV3jZAJJGj`4S{;cRW%SFv!5-SRuYv8nuX{m*YP)-$OuLq?F9;~t1bc0H;sU5g7dzSBJYHV8B5Hm+ z;hF?N>(1BbGyx8K$rgp@FRuOyZ`l2J1yW9Q0#!Q6*%XfmmLb_lwl-reWJEL$DVBU0BIf41z!t_kSalGD2ag`f86r%c)bNDs%w!Mf&cp;to-+goBpcc;v-| z3&LwDhk)Yz1DPOH#D39c3Ta4J0H=;JY*Y^wX6Xct(N23)p*K_QUb;XidVS^ngy={; zjAZTg{Y4s4LWn;M-e1*i8^#}?D7vN^z`Li!#WgIFw$pqtkMQLP1Dq8pE5O?YC~Yfk zD99dF&hD5}l20`SV``v1NUBpKqh1!M;0)~t5Usrr4 zsPyFcH3)Jz39CX0!#en$B^?w-_0+jl|MQ7r>xSJm)0dRW{q6?BeX>232Y+ysg>ZEC!}kT4f)~d z^IBr;|9Iuj)`Y0W$s<1qniWrLH13eHxoeY}6ZFadNq)?;*q`(x!ItO-L8(eVuWJAg ze2oD09D}C8Oq*qyu>nM5)O?EUWX&N!0Ik2vo}d$!>x zC{fa%02cUdI4@JM;tkG>RtgJookE6ig6^HU(|ULZrnAy`0MHc)$9c#8Ain@or&~lI zQ;&6s>hJ_wzRNF7cZ%G^;{Ky&s_{KSnXa0$Ba_xXxhgWvS5LvP5d>b;@=rLvkD)K` z=fs4c`r9OjqpIop3I3$ditJ zZHPBmg|<-HB{%v+A&$>?j3DFAQ;vG_xh1+Me5bAOl5-Qxu z2af$(ErTutO<`@sqN1eCP40pB#70&LKf&NKOiB~uZbfp@umCS=i1WJzY5xTU7FwP*BAY&+FAG}!i{3*mmryT zP(qissJP6@5z$QJA)RjZ-2~rRf>+~e(X&d4y&cs*zBBEWhKvZM{mSTl(a6m~ns%1# zKXgA?vs394m-zjC^}fsZJhDgOAhoQqO0#;B)rX~H<03Gf_9pqEQjB5)xd;%LWhWX03Lt?ykZ1@C>v~!0VwA zCZGco0@8YbTYOdlKkH~%YLvq=wpRg$&;$4w@2^WQ0p9{*^_b1o+H}w|V{aQ+=`?`O z7cSY#yvA4Ta-(vAW-aa3mwZuM-hx5}1`mkU^^&Ek!ArTWw@P+%4uBFPX92V93$qto zu~E$%S6sCf+hXs8gZ_BTavy61WWMWarv;D0Pbf44E_enow-RZo{(1k6EVU`>js&{@ zOT9}btiCRyI&@F*9%L5Yz1Bm*q@$t$7^gT_)>`x#Rx9;vo?0BG(B7Bx5#Cn)Jjr6z zj79`(-QL%6;_Kkvhd{_fdRsTZ1z~HCtb~tI@YXAq?O%!AVq8q(D4dQ@fEdBKk)-kc zsNS6{L6h7`@bIY0bHr0z1`s8uc)JOwBu00WLUbR(y@l8jt7Lqu`2)ggU^o5_69 z7r_Vap7F@*ND7s&SE1=_qoHG5Gq;WXNAhe_`2E!y)(5Wwg>2g7W{ez?(L^VxsJIfH_>h;>GVBR{A^9w!@1YLY|*7o zWQM-|v8m1j`hiD0Uv67ah%0l+GXy{8Si}vY%g=vN#QNpFUbe^pF}3V#q5x<+m9gGB zby?ywufV{*?HmEqb|6?~qtO7er1$^CSZ~Ww-eb$jzEZ8*{qbYeZ{jbrWRe9##`$m@ zP?>%vT2un82^S1n{eD(tX9RMo&*V1_F>Da}-K9$nTC425_oJ3c355HA=xRRARX7MV z@y~e&2T=-=No3q#QCkBoN`*~&hX>Pp;N4*Q4#%Rok_>?Bnr$L`Id<3!NtKX4AVv3@ zRBaR_*E07S1Z=BW{IBuTpiCCBC<{;BR54VH1m&At7uI6OhdJNhjs}ydF@eXk3uf5K zRI!|vn2konn*3QWRDf=2RlBN|hk;;M+v%$NIENfQ^{LhSW7M^?$}RdBF`wdO*Kj1_exf(jdh70C0pAm&}D$B8Z~xH z><4dkrv{}pmNGfd@nH)XHiX9h-9Tl`YhLW=$B7z$gsbrpG&7Tp*P=CCSeHlOz1ppZ zjMIJ7_K-*DZxtaQn;<|FN18#~*TpSC2HW#=F>il3U_+z?Y5poFFo-@v=V=ePfMTiH zgV$xEtjcS+Aa;lJ_Ws2Et|!ajEKb*@v`Eh6*et8gj)%u?x|TSW{7;p1}GMO>u^2bf97 zzhO$qFRTI1I!N`ICCYp=nzE0qfkygFdmCjS>8O4{q zi7k1v)gmPbyoj%)pGavlmAt;9vo+UD`)V$muV??_hoUFTG`>})&!>!+<;+0<-XV|k zbMTlnQ~*Yp$WqA^>@6V0hPw=Ja8Dqk3YlrjnnU-sU}I(}52v6e7{jxN>4tuVT%F=c z2CWL^!%=w@vxv@T!(f(*2Ud~(1qR}}*uZhgm9$W_zA{cE-GQG zVk%b*F#b-T7qh8+@*y9@83W%>deDW+m(+ZnOm7eWa*t6~9OD$wb!oOSK$?-V+55If z@2@DHVMi1e19~Po&!X)x3Vb|-6)1|`1JvH1gG+VsWa66GjJ1SH={1MGMSshP|#r=M6=~v}p?$m8?JM9GaBBD|HAn<-=WKgXj=;Vo#zr&BA6Ef|$(PKP`_<(!0 z%9g1WnycFp(Vyi+vBlX^ZA$IW;O|~1Cda|WfZE2d?Kq>(AlQGIQL-mp&~jR0>lg9E zpI`2Ge6v6%VxyN|!8r5AK~U7H$xxPGf?n0R?XVQ~V*k(J{K1AETT4RxmH%geUK8+5 zi6*ISX>Nz$+#p#JXbk^%E@W0!@K7n1ljnIB z=Wzx2ldvXL4=gpBe&e`TtS$=qRL-l*Hk=#f8G2!Zj${ks(lx2y6pT}V0K3#%eO75B zHq_rsAT8*BSO8f47R&1e1-^rGk-FKXEE;t!H&U#48iKEHU9#4}Y{q}v0}z#j;nG=~ zAoNKWP^IhZ>pQ~P;v$vCDnke~g|5%hAuHf`X}X0f;tz{0DuVp zMvrqxNPst6QH|gkR++r|U5%;Hc|3AweDjYu$USZjf+Plf7ztTp#Oo1}rvMPuL_(5_ z@WIUoj(_AY*0}!AT)m6bIPBNjbut#Bh_EO=h1FNv682TAoc?xqwh|zMNm( z)oqWQR`qsunjZ~GY7Eqb^ydt?Ubv;*G0`$Du916#GNjyuD6XdMn#y57x{yH7FlkI0 zyJzLc0}6}7Hl=01P27d+S>@WP6SR96b>o&HE`+TfXE&*&a1X1Zwe#DB>^rZ8TW39% z@qUHUv7#vq!*QEsM>ERvr2x=_cn#ATGTHo~e#4yxyNF&Agd$F(ND6X!yn25DhBZ`zzKPhe z`c%PkHH_sew>Hkub$R-j>{b!`n}lDqy}A&!DSDq))>Q z3L3J>0nFa;Jjq+`CZVfz8TA0=t?JNJKjv=W{uo<^l_j`4h}iHXg@}37XfUqDhr?Cw zkd7IuKy7kwybP^pd(1yRwiVqImp)`JBNr7#Ent4cU!q|Zwtm2JRu%V-lJ!bYfn*5J zZTvP^eRchu8YDZ)T5C1*)Vz=1!O^@nohQqAbLDKph{zw1*Gc-~qC}Sh?hNFeG*(&k=M)-FuKvr z^Kng*Dre`XU;n`o8|k=WpgOS;8M~3blAZ7nU7xp1S$9!1xjt z8r_~4ojh*GLy#e_^&fxBvBjz*bO<7ysurJobY-6<^3xaX>w!6*lWQ$fUNb|y8*^9S z1r4uW5sP7$2w@gyM)Y%Zsap7`J+R)c zyQ-X(&Mu0z-{qcCX}tIR_x0a7Lzqckq)xgj*wzAsh|+nae}l_cTty~~2OB1yi@_hB zoKFe!bD%ed5ELH42El(PpF04q)Z}9_6{ZpCTt@KD!L6`~8y}u1Fz}9Ec@!3x-B-@N z?XV7ag7u2~Qpza<&f(_jdSDHpxj$@)^;0FgD%8jR0=Ok5D%GI1)$aX=Xam z#=P$D*Es{M|4{|ikC(9HX)lx;aO&cd(51~Zc4+%_^bjuc(ByMI{7}NkUlfI}sYiBC zajw5E-FpMcSS0)@k3Om&=Dm$h^L5=3-bUSg7i}G-VRg`-^hxz`4I4o?zwe5B)ifsXtlw@vnP^n+Hi77$Ozs}!<0o(uLww+ff)jX~Nr zZ`NYRJjw!`Jt@Pa z-3ysk3xsnZf4!nAerc?Q_)~WKr}I42PGM~@pUEmGPG)=|jubdDJz~u%Vp@d7x9Fma%&*7Ko(aqw zma$yEA4ymdm2XeTVz*nX%Y=(wX&~31za?95?p%`p;gC4+^|o(SS1bE2nxaJBD@vs` zMtD@7-$cM!I%*~6+6VjCvX+upx-ty$eL}l}}c~>dXJe2dzp`EfK2nPRJncLV{ z%EC9EW>$3GB-C(kE&(Y&ElWs6%pzbG>SH1e&m-e#d5!pb6{^}pa4#v8X&*?`!qQx1wh~J8T;SbbdjWohinMd_33wSgFK`qK zp0RcDt3+Y|?vk8XjqQ)eNv3)QM9h@FNxvgWI@MN%+=pAuCmaCFm3zgRsXv@k7z)$P((X3hun4N9&HA#OwG%v4Yc;r_Av%CGKo*CuS z?r^^x+T@nI6L_TGbvH6jzlu==TGd6 zo74{0noZ%-@^Ln6*Md$N_i00=Pma1Ydr3IeG8gE3!A|X4S8h>|7K$r=%ii=dT?Vw= zB7aQ(>)~K7x)XC6FQQ0G8vPD;7d0o|vDbCaS>j;E3t)K?st^$yPO%N8U!*yY9VmJ}mB(9@rt7+ki z;pxmNt5tzW6+Ik^CZYm}f)eg7r;6#?fvm#P$ILZ`cK^Omjia}?N~H>6zkQt-{iN0u zhcQa#xo{7&>n~IWyu@laDe>1!p1YOy;WqsM9Jj!+1<=1sjyschT>-pp>B!?B!M6XY zy1wFQLNl$#u=A4cUx77opf01t_0Anw&auuXjaubDiR+pkE{D+Wo$vz>LX^ME!72!( z^(y~X3I@{Bp(V10j78Z3y&~__*!);y^Nem55+=2`isZxbVM6~HLQeMA!euzg~jp$}b*U#vQ>4cv0+?Ac7@3PNMvM;aX?1^2lo zBiTpZd9C7(IO4LTzo!|ig}*%e8hXS!iBXhv{4j^tH>_gfPtVgiwXlimn=~UUIL#T3 zueOF8i4n4T@>L!OMC7^RudCMbpCi8fCCFNtJXAuRT;Qt?MAWdDDTEx0Uq+D{%XrKk z18Yv%G^eLQo-2A?T5X)PSwY>Hf%H{rkKAjn*D-`Rtxk7=kCl94{MKl!&zHek3YE`H zgPtLuQIPw8 zt!S9ozWk1Y9f#oEJf(AvQm}ukEzN@W=z#K}*Nk4kXEdiF_hu)(@J$hcLReA~ZqL#) zUGaV9@xvd)Qg!?f7ZFO++tj-%f0J%Mq#wwW`VP%8Z6A=qS?l8B4AL&{PMCf@R|iTY zA;w<1)da)=&&UweTd!39Lb66@1I!%$wlMkZ+rGg_WD5t5uI$nb7nJ|y^J}1$+kEBh^6chYB~+xq9r={c_WNC` zLlm!wXotJe^qph|hZLK={j+DV*|0u5v}|st&t*v!mY;CQ~sgxgU+Z1?mGj3L-apCd!kUGkD# z#h}`x>nS+HIhb>}ZM7I2JIu3JT^;ASPATvO@+*L5;856&U)O}17-UF``}eVY3`(T? z?#lbr%3_{&COC(+P(*c%D2Xl95Y7jG3k9P%&MR{A2wKS$M7)F2lwQ(fqCEWgG{iLK zQPJ(B-BWOePgR*Ec6Mihtl<(em$-XxO`GqMV5ikAFV$Uih#i5?&rhOiq(ao+&^pw7_HjRf+6yX}-s7n= zCAYK$L)%ZLE*{QKtB)vri?f6XK}SGcLAG@t~-2^(cCW6!IIH0>nD&QiNtgZq2JZL-H1 z$?R-1yg~O9irVMJq_87IS(#e=XJh7%u?zfeE%~>L#`*#@x8;_^+K0{jkOKcbr#={ zfNP!@#hR71jlg}KjMaD58%yKeyWI-9(rSK5vPE-NbhdUGih8;?H04_!)T^)cifXep z+{vppkNyj944deOU?r<7DUWSsWZqu)dYcBvhBn@{_9;yc58t!s742LI)suaJDOEkm z2wcY7{mZZ{aOYr*`8{wABWd998#hv`2iUrxyooYCW!O8fZ3UC>Y&?)2qGB6sx!D87xoOlQl&TPRhT`t=>Q zrau6ztm6~+?Le2-SXcDlWK=8(G|D)RvGs^nut($2B-#Ty;>=^bvl|9WqhL3T9wD%! z1r9_;N{W`=3mHlvk8KCd$a|DvKZQYMW;6av3PGR{%!X6+!W)4SoZ?$p!Ml^kpNiW@ zT?YAg9Q6j|op_e{)t_vdJR`=(FLX{cn#(-2Xro)riEUHMWBS^{*UqI4?NK|DN#qM> z_v(&1`7KJn<$rqr`BeQ~-m?mlorLGRAA5w}fwdfpM{VHn6NR^W71X#m+zSAv%w$SC zk8#MsebojSqv$Ik*!-)a7i|iPqfvVn_$F_&c5tx!e+D5&8ozKlGEI>Gm1bJ#aGqg? ze;*lnf3gHyu*&)wmmx<`NANQ#WGz~u^xVkYyS-0kzbjH@ zEm;Pii=9v@wqXa+)+EhN)dTaiPnmgNgTm(y_zIsf8Ow217Fp04cYy!`Ej-X1xNUmL zVI)_AJL_r@sf6yx%!C7kYBoK*q-9mrX$EoPzWnV%e!pws5J&@&33N76TxI z2BK)#)QRIXlTM`zsav~2ulWnl&sJy~hwL}SEMuI}?ABO*IV5KoYDr`{9F(c1xW1i) zHt0#f$5Rbg!Sd~{t4>vN5-#jc;KO!Qah-l8O@qeRNROCkH%;%>u~`od@c>>4DkV}^ zAK*gg<6_H`o3E^x5~jfEY+CA==Lb0BXRnZ33~Jzs<<{kTMf=hDwVDEIBoBEi1=K^9 z-PEPI2j5BR3Vi6PoFZLzwG>bvv-5qZXAxIVH|s3je|el;&$+}}@7gr@@PXO2OU7kH zC-_rt`J5KJtxz;tI;V%Z8dOf9Ci@*Fhf`9!y0N`$oL1(1!luCjpNQ=q;y8keOqwyN zN5i0~95_I$(o*vi#eeq4lXOu=Z%*mRj|X~oEMKha6{_>|${bgzT(SS_#2ehI|Y z)FZ`uJV~Zm!c>Zz^C2Zg2);#9Xh+AZo0?~flWQR`EJYuYcxW))`<))% zn-Cx==A$LkcrPHP!4lai(hU#(6~3q_U&mSvu3aZBFs%?`G~u@){u;Y&%ZuHa^!c8U0lPMLcZgNGEyqP1e~O_<^|y< zwMwgIZ{7_WUkLIL?R{ZvJ*iFY~vD1Q%5afCMHnsYGGeX^Cs zq5qweFOgHUg`+=#LM#$xt|D=jCXy2-)O*UbWd&_bac=4w0GC@TD2%8L#o(Dtp}Fnr zY|8W=CEQw*UkE{G$7%&a2*(Y35w6c+8q^eHqnyE`+1#F(>!I>Jcv~>w7Ea^Ef;V*n#NhWxIGD59f$|1#TD4xrpKD z{zW@@!Nk)oLQ?BcWg4U`fb6*dkiVKOs`ZlNO9_PAsWF@_B)b3hK8LA&FaEMLN7u@ehfiGDQ`LL zNN`g@%3rUb3ek;t)=Nz(t?{lu`=z3?wMg$%eqpl>dDwc46Y`H2H604W`1HaOqz?S8 z3{r1O=xo8oKycREUyg9<&k3g02aGsLfkD-MT-YS;A3o6k;P%`2GLkM&+Qm4xTq5My zGq?t=>X zxny3W62KXnl`|Lce`xy7K&s#O|8qDt*?Z5(UfE@DviDwD$x2o__TJ)wLcd-?JWtbKdX!zOL77By80;!N{>)YJg1DbY_|LM>O~}@7DpldT(pv z=EielWqYQybgC!a7&R|#5-49ntJUVv8)+@mc0IKf@GrciE`f{6^&DJg#BO4UeK|7yYu0A4vndPWKOtAH-Z{6Lf3eNhJTM|g;`o8uzB z?+w4lr~D3e4zM7^OK62->Y>2q4CW5IDn*E)nPaD=#mnU9HJfjA9*i?X{b6rLBc3tF zB*M9@U~;1tG3AJ0JLA$cGq|WWc1z>j7f8J%5<`8eIpv4%DfX{x_xFE$Z2ycdJ46Q0 z7;C4_c>o;M0Ii%xn(w$>N7-%tmrLz$ZNP*ct3&HUc7nga9hofnC&uo|UBJ(K)HN&f zmgYPo+JV*q1ooCB9&NwI&FV{WQ&e{1){KgwVyd6L33C=82BU}vMJnk0k0SrSyY;8z zx~kSzE%MP_)^mJ3r<*S_h#uy?pK$Qpx8Z7j=S3-lZy!L`-yTQ`{y> z7Y-Cr$Apr_J7-=)=d|o-_TXa+hqr5Bdr{^^Q-^qRejp*e#9(mc_a=4y{fbL4+wh7+ zfi#$e>|XbUv-O`~c%bpMg4*~6)_?&?s$H^~fNbzXsEVq1E~s;YQ1s7aEjJzOZ4kS_ zlgu15^)*Y<9e8AZg3fjN?-%aSNK=VfRl$WV4b~#5*o=fe(FKE&?H1RZshOQt*U<|o zjm#vsr)qV){Xi1lob|tU}&Qv@-gt-mS za*s91mY$^f|8OAoV508uw3mZ=f6R1BuPDiVc#fy^w)fTd3BjkR=ViOV^7j}na@jF| z=m~2%FDZqqBEVVEO+^lr-Lq_7upoL0pEv3$cL@@?yI+mWgJ?~Wy|2p68YNMGymCyO z5w{*&tS8>7%zvH+2jbVxW(`kMwgG<8iHZ%StMHuhM#(ySglT};!e?O4kVuJ6Y=zAW z%obglUqS^fVWkzz>_1B&*bt7XD}Ns|ue8xjyxjRL?IMA>%D=5E-5cp90CKP58K5|jXSVChcs;gJ77bf2#h8SGbBJMf)K;Nkd!s)bbRIt70bFO5GHuP|ao0=rnS#}o}g`?3aIJlLKsx%>StfJ!s!DF_m5z!}; zV47b~2`+&d8JJR-|IIRE=G)+j$T1_Km}oG7MOu13N`G4D?NHp;cuVz`A8-M7!^Bn; z79q9raF6mPoTWeis>#xisAKziq+i-TuM*BSm?}{J@BM+#L|IxzR@`llhEGUFC9|rV zJ2T`+yJTZQl@WIb3v%ngiF9h#Hov(}AbC36i9#r$|(Tln{ zvQ4BksX=?AoSuDia~P7=e8PD1^bWk!oLU%$VntR)9|y;i*i&zap*L@kr+;ww$` zC0-}(S3!b%bg)>IB(!B7xL;M79ZJ~=qf)w1!WKQ(VCqY{YwLX%9mamJYuI@RJ0fBvVNT9w=x*2OHvd@l#miOKq_*9ja+HQv! z)4RqesSQh(S4`cPd3q;+)8$bL;0}B_8jS)X{!`}KPXc% ze@aTtLEHR!Dx-y^ei;lgS?lRyyVg=c&r^zh_9ZU8l95T)$rWi44_D9R=w~EDsxA?+ zK}SaQ{v&+U7hy*%}>5zLbO(TNL_j3(|=)!603)R25+`);<*8-B(5R0*Xf_dM%{ zRf9LjRmy@g_shbYcFrNYpd7772z|TOcOL-!1nRH2TrA3USB-HkEa9U8?}ekKl+(*V zx4O4DeUuaNbP(ReFXgm6E@hELJHd|cVz8EGR#5gm^c|+|Q&t_)mIs{bJ+6ZlNXdRs zb8Ln94y5EALE5=fDYY^Q55g3;oe=R0)P=L?u%Z6-4j|D`PN(`BA#b}{vZmZH*MZ`Hw&s63oqwOBck7_$dRg#Sb8LG`^}a``+4`BDKG1iI^u4#HE!nhZ$tSx z&2RE&wS1a(k2YzvB!A)^qnj6L;melzH`rN6bh8&abC!G9Rc9?5+^po;ZxvjlU}9RFZq28 zlNt%a?cRME#UDv@I%@LJrtYxq2guSrYe} zEYoxlbFf~GvXgnKT?4%}?xS%&V88HGy$pj7%3mK*9kROlO5YfoOVC4nMgA29nk{ zf4~Nqbk{rPW7sEFG)qboXab7r#+uK$`8}Il9=msZU+1jDTK_*Wbhh``_wUDu1w+fC39YIQ^ zRtfMa83QOhnsla|IQ>;udw!0@4sq1_A5*+TQ2hqLl0)AupFlmgB%WJby)l|0>}VDG zv-mh`#za#nw~|e0X&I@XV)+36I5;j_YRz+Jv3Y3?>y*DnZGy~lHjn7*|H5JXE#8qv zbl_uWz(cmV@3?faEK=kajB(SN-!zn&_9z>C#k7xrNpQ14Fc>bWS>+S}`QP}~G|N4( zi0b=`-`mU~{Co^LIeBog=T@m_hOV;2`!M`KQKPM2)>?cc)J*Ii6cxS`e@H#=GL(9= znpt&2JY0)$ovfQVXWCEW#N}1v#xpHt$3B}@I>0q6>JYnyJpYN0djCbKSl*1><{v-fPH6g}hRin`;m8_ANm zG6oB${&e?iZR;7TAKvzg`w?Cs6HqAd&M~~8QHwEr@V(MWcRf1&QpTYYp{Y_zf&Jpc zFFiyiJ*i`Zp}Wqz(&TN}MJJxs3ASK?&7By3tyQ4!OC(-f4!C|M2X2i#{*ptnx7 z*5b)KKnYbRenA90IbhA@(w?(r83J&uZ98F&(}2vuf5XhaN^b}~jM4QID^c)lf|m^F zKHNjfP#9349v}j|Di`Wz)qz)v`>BuJnBauGz&o{a6SrwtL5r{)NCACvoKf6$00RZ} zh%PyS4(2%FSQWf)FU_svNN@B4IWt9grEd`A23wfQP^c@l1bdDpbeWDMEm4x_)Ui=$ z{zZ?|On(HaR{p*{I^W%I$+9FP`rnM5j?Nhl9r@G&Vuqvb73GNo;ila?8cZ zywd?E6MXTI!z5dTWFp1Yx_`F!=&99iZ9LGT1Ie^0F6!`Cyyx?2IW}Kr5IqAqBW-r` z2xpQDL<{+zWk_n&NqFXC`(wj*vhO_uIF;io(QbwD&7#<_-AesGIFKgiz zkCVrpQ_`;Zw>kEs`X_-*7#SLpWh?Hlt>wej=&~<7E=e_wg@` zbwhPpqae@QJUPGt#sT8LH+hPnI~n!7C?N$f4|&En6m&Qj#E12zNOgqx%I)*D;$(cvB# zPSXzV^a{eOgT?5OzT*eA<1W8|M{xUEGXd|&B2E(z1_7XT*r*)RJY;k#fm^8d_DYzR zsqcwfyMe+gdNM>dNJWC0>2vN~n!BaYUjXiW2$YLmoM^bz@A4(-?I(bmkbM%C`EvP) zBV38(GiD(9$m52Fh7gK`QT5J52-#YVS#aG-#r7vQ^6&`)gcRok&$OEm-RG#DHFGkS zx?RiaO_URw4q??Zrfmh?$b!G>k5d2~itNCA3;>*#`j3oN^7CFq02`5a_A=*=G z+cVxXYBPMQCW`8>n!uaheeAufN49kE&VUbNAB(Ro!ODXGdloBsk=*s1E&&9?af8G2 zqQyVgOn2VZnO;=-VLso>(}cyv3HxxF8u@u$+{vHw)Z$~4(RV}5ScnvP*8671vxi+? zya0jya^+ZowCzZSvX}{UHx@jmrwWW4zZMMgSCGd|P&IYu09w%EpCJ6U-0UJ(1#$z| zyHC}$PkaYDs$>2{9ItEOh_!I|yusR2Pa1e$p{u+x);LGFT*xghf`*?dMZi4+@83n_ovx^CK+EpeR!yosqVwe$|zMlJJVGBy4%##f7&_uE6$^=8=a#4UJ?o6(5$ifN4`(< z>;tkSFfAAYIJ+mWH2kVk^`c)%$ZIU1(5nQ|X-HZgeS97B?|R2-c%ZpLGU1bo!HGxz!W^)k z)YuH1*)yQQiO%uu#o<~x!U`~9&UkR;j*X13VcGTo(JbB~0p~^+T%s5W?oFTpoz~N2 zK#-Dj9-t-`nyupmFVoR5kGllQNap%WmT%@ec{|UK;tTYJTNz24p;1{4qZ9^{#h5HG zmW)@LA!p?3&h>7Uz+}5sGLuOm?jP{_bM-TL;*+x#zopnFB!|&;*o=FM_HwOyJPEyr z3!5Zr2IiG+2;Yg7^d(B?4aBBsDMGlVHcxKRFone!$Ui=3($~Ot9&Zd6Fj0XE6){dn54hX`rQqr zp1MgP-MR>Silhl2L$=Gia1aiWGl$RB2s!q$JeO_}*k^jEmC5J0M8F=|7d62&N???s z(--5dp;6|xL}j#bWCaPL7J{yk{x)Af>P8}Z{|y9CFOz$3LBGKd2ApXQ5jUxQMc{3t z3qXlW)EgxcSE;>l20s2qnD^nkVZ9u0BVDtZgr|0q`y8w(VXpRln<1mh2?eAqrJPyl zao4_wR-u^`;HZlknrD+advA+1F1nTRQ?Qz3STXQPVx8BO1nhl8P2BO_a*<9_S`w>1 zFE~T_w1R)dk_n|gwF@o_5v0AT6>y7|7QAN| ziFa1!^pxVzv}>zc{+WZ?DrnO!g_P+i6=(7sSjM%71*bpt3N)fD$pw)AA#Hgi1vfFut6IsgFBcJ4r@Ha6 z$(7)1r_URavz(R(VbP9pFbG~Yl>Z9iVjb|cB(n^x ztm($MxwoAdK0Y&ObzdN1FvCBJ5x+owWSBndib2z(hm>MJkt?w*|1ILI=&;U+7;8y0 z@*|KC&ok1{G$N!Z9Kfa0eDcoLt4uH_PT*<}2lrIQ9?AHKp0vMon6h=~W&~juZu}Yf z+qjANyuRIT&TgVyhGe6!Ldub`1U!Qej}CY@ey}x(xp^dJ?|r$RTIqW{`7O!O&+-}T z?RDINH_=i5hXtH-DR`29!&~EM$QOHbA1{WW1NRD*hh1mBQO;vgJ_aHqMv6M$Wr;X* zwarzT+Sm6Jj&LtWdG-A&;WS0%Vh|(4#p_6R68-Lbjd{5B+m;$a=BrlHe!AuL zzEvi6X?o4vZ)m#3!zaAudWTxkUKy9wJ8qdr7%pd|1tbqV6qPiI9BJ0jwCZv$vHixI z0SYA(LWOY{a3Or)ANVI}q$%0^|YT*q(##NVzY z_L?lc`VV{%go&6M%X+h2aJXzoXo}zY6P!T^yXu{_c>1HijB2arV8pj=a={zLHWiEW z1`l5cW-IzK`W3;+Jy=h+ptQ1TbU=#+7IngZOjW?tfI^%pfO85kV(z0)rFWxX`^a#u znDVuH0zk8fPnLsjz_`XAkb{+ps;w$@A+#xI<2}J1gXbmFhJg z+gO-;m5Yho-krmvO+>XYfCsV;Od1qI#!p~hi+@x}d<+#p3`wdfnUIlCPn$>qBb}z3 z4S@WAa8~FqqsV!6^Q=1jSUDkur-|^=3xOmY;q+ATjQn1S8+bY8DUjj)JM;^*M1(b~ zI(6{rs{$oGa7oaOP*ns%m2QTpO0of2WmD9urdZbhFjDak{q?NcKX8nT*G&lxsI(Cu z6qJ+^3!27wgDF)|mw`7^zsUzmzf`ufdwEK*HlrAezhK>wD^VK<+CRLy<94vGc&oXF z($Efr0E%_|c$R>Gdfy%{{<7dC%fty?Dx z7!5HSB(B&ykC(;PEv#4S9ba6@L8%7|spTN!xuv$6wZWCz8R#QG))pH5q4h^QVZu$I z74uy!Lj6{Hy0jSQ^51cJdfB;<-FQy_qEByB+w15xD7myO^AzpGwVD)QO3OH)c=%$O z)>P1G5Y&QP+}sBZNro1bLUpv$n9El~*18%gNYkwXFz2#g;}`2pwPeP+SRUO1JT%;Q zkILLi0Au!6sp9x9WXp6=}teAbWR%dhq8 z$-aJ_)y^&$pO-h)?jL&X2@euKao0q;hp|5HtOy_9HtYg{g=bf%_4cJVih>~(*mEM@ z$K-;M=m5)t)e{$)VIHO9A!?H+^|d|E7|gxgc-vcw<(*+v3qjZOV_b^Dyqwg1`|rbxxa*u{Py*FtK{yeO(7LINp4}eL z=_e}vPY0WMXRD>iskgkJIU$MgMC3aDSGbsW`oF9ZsxT}-hQiEi)fDm{y2AVKpWR7L z{qI3rTLtYryl>pocsfN({bKmXoz3qT7`_6-m4qxkVnE?J5hu&WJ{3F&0k5qn}(G^tYzTaLCCph+_RUcJ~-?KJ4xow|N7& zQmwpyb(;BsJC!N;A9RS=jmG*&b1V~mS9IB2+Yp7Tz_ssr=$XdT9)odXkC-y?(m)*E z9K;(5-!I32HYEJz)skgVQ=u);L9F73x6R?9Xb zz{@9nA`xUz9=a*dyh|Bpe2tKx3^{17&10570ggOnTut%7N(FDDgW@(!o3xk6AE z@~;Z zRPy&$B|*O$ylMMvoG`mDZp{4U)VK`*l_6@82w4ftQ8%)$Rm<{$lm>3~VivEPh;I+v z8QzIGK;}A%eB_ZuKnSeKADWBiX$#;Qp#Z74Ht1|WYFk(k4T5)Q&87+yw4}h0_ri@& z<=fSJr$lB7;WC^`suDrV=C%9>db7t=q+6<;52^lO#j&;ShM*}}G{&cxM5ZG2`GmL_ z7ajRPVvwbQYw>16EK*BLt5o53#{0QuZDpZKhZs(M$-4Gjfe$(h=t0JXg|K@<#%^G2 zAz`L7wxrBf~JjY{|5O|^zH}HcLu>!eIgoXEr7&YAt z3eUC2HpSbi19*Zy#Z)KZ?-TX`TL@A9doT}fnov+06z;w4P;^UC3*RGTZX1KuEm-3) zEkdsGNW3j)9^ZQvBBZ0S`4De~a)-BjSIuSuKH8X=fNfCtay%pM8kN+^y;T{f3y>Z^ zXR{OlfI@B~=DyS+0XLr+nAIz<-xM~JIZ%z4aFYu?DyzL; zudbni$NCW>z1J{25){vWyz>dUh?WwzX4TpQSRE{rtnaA0B!y$-kcth~EeT>bDRb}> zTL|_$JBuK)!Qzp|!trfTr)2!phRf0F_MB2aZs?T1ZjKg35elT=)Hw445Y!bY$wKegj`A?uLUS)DZ+qdE{(I3b0L;IP~vWfW@RoJ#A_dY;uGPYb#42?_JYtCUT0} ztt#j|PVU2I6m&M99rr_o={#JNwJ)6;b`O@Cuy$MQ0#zBRoCD&uU1!~)PXHG`w8>_m z!P7;%FG1InpH8P&pIrc+5Vlb{KwKeInPXNRB*UpUe}MYn2I<=x!D7TX)Q9?iK$Bit z$7^9J6QVJ#lSQpSzy`=g(7Zfs6Ef3tDGWGOh56H-3>cg8sbSg|@CNf!7x zGVhBgQy694!{NRXMfBV`#C3o(Mis-LcI*#xfa0Uyfi%(%uRi_aFjMiSAxwW*X?3H5 zW$Y7LoJKrFP;JDqCsEK^R`yToijGlUZf)9|fNLTS;IX69%VC-MH71oRj!)|2)NG=S z#8>pf42kwuYW<;gAQ4b{ExWQo-=rPBuCSI>br`|7ykxItbtP~i4x!WMU7P;cAl(MBwjBBoIjP-@1u@Vv7q~~hCbKL%0hX~5B?-xJ}pg4o8 z3~ORNPQBhtk4NLDsz={_y-~Ie%EG|OTIn}>6L1oMXj6ORGOrcO8keia!xUB}gX&-J zg7?(T<3~OK@SHmO@aIRg^Z z9nd1}hAx=&K{P4RK$-xKc#l3bl0oKhI6t(CQ(nFs79f~dG#xOe>Naq&=qH8Z-HohYZK5qRdjB9NzAcZ=z+@R2SfES4(dcRxwif z_j~4U=q+7kxgEdbR7W!(P|2)`OGr@dssyRV0BD<%jPuDMxJ< zyL0huC2%k2lMyyNRLgRXJ2X}ICGRIaPHiep#*!=d28$!n^sfe01<819B@H|oB(9|c zvT7qUvyo(aa;ZRTX`4EqeapM_WwY3*p?W_5fH!o6so+8Zskt&sP_XKYcwwENB z+%84Z*RKgNYK{+jm)?4H!Aj&(QbZ3jH%U$8qd9lH$jd73%&Jwe*Fw#%X!Tt%ZgA7SpefpX-^#mxmT@giV^)GO>5>A>+5{c{u#uO0pGf2L3?i_jvGU4>W0ba;iN|bZX>41j$lZRKw8&rgPLF zwI-u@Ev?ToEdGf^eJ)Q`2ROt(@gjg>wva58(#{;sHf(>UnhTG%ZsS+M`kW4I477(~ zy+HkgDIR^}%&weL?F79hDn7)&X=x{cDxik6_=_E5;#-}0DHB=Iaxzs7j88qL!pIS# zrq%i(?yVq;-dpK$jREakt$?Cr%){2-0Vv~RJq69etXEGFjbEb1u%Q`P`#RF9i2AJJ zqAm>pw)9x53y%{^56ycO9I76$7paUuLg zD(5-n1uZCPo!SEb95?#!gflRTNacRFd5w!g|J!!0(l;-kB)$`;`yzgB-hgcB!c6h~ zgdoP)hhBk@hhAGRkHfivjcApQzi^F@z>V6JoT@(iE7{>vR>olQ6*VUgi*w}o)z zg)M?%yRJU1;x{E)O*VulqEGdAMg1GFOFd+5=f(s?VCbcE)Tmg_fn2-w^YimXB@lj0 z6-f({XUi5{!qa~#9V`=7s=wxJj|5o0xV~{~O03&{?ZQSgpBR9W^-v`eF z2i`-CvGrE}HB|>yr)+rQLu-hYUT240gh&c(N6~^?d@Et~@8c@b#xcm)-0z3VuW&GI zbWc7Bfp#oeuz<*BNBukhnXzEMpx85!@rHJPekb*$PTdxcVp!L7_ex5sBu%a=I^h6XW&^1pSb>HuMw7 zB~`*B$RXT-5QY{>2)BF;-(jfrCi4Y}%&Elf+);5q?mq@KFS@7N}I zbeJ3JF#GbRC26%9of|^Rpk>k#2oLwdCE=|JK*fa5eLL4Pv=&` zf`X-%aWV*Pw9?whRMsIzmv7_}5yPR{MVF`X-D+*B-}4gUs7}H7YF$%n=hV2D5;FXZ zkd-VdhFC#jeYrD$n~CaDe1C;-xoC@zYz!kZ$E!rji|V~I2y&O0u1^=y8i~AbjFllv zhbHp3z}jWtdeV9hdS>y==g+?hL2O&dYzGMugvjR&MjSrZ+PqMHc1MT*f3LpDbXQmR ztypyb-gc)6btn^FoZ4xFIJNP!JGeQe@lklO0Et7;2X z+Wbks*d%>A*O}v{xb@P4K}D2AGeI4>b{o!ipvl%DTlrGt)kPZpk+=4E_FoEVhUV-U z1!%%6*~JYZkJx#A4F=2C29+PM5ug(Caha`<@?_8qhV$1%)O=zNJPb1*2(OQUt#|p? z@kX|dZ2tzh>a^7biJ{k)AtM@KPpAfv+G25e4>-3BlRmgH%p%grXxRYyZhe_Sfi|2<_5Z@gz z$e~hs`W4PWm0}SXeD*8go2>e1R<@Iz^?_c+fBw{c=2rS}tBQ@I*I(lri-CG~A2_w^3Wu_X|?rGt`?@>w5*<0eMzf7O_q(oT^<0~uO-sLS$fUT_vAP_^Yz_#u z*zecr&z^$=@1KnwkXE~$M!UbM{ugR>Zxav;@9O2}OGpq2o`FDk=Y)l1Nc~>vJ$_>x zw(?@HYR0rnZUbBmC$d#Wk*j2UUH+i8tPA!KM=j`65v{gX7st@?3Ei_D4M5`#)z?&S zm19j)$cmzXcN(?$m`eCk3O~aB$UsAY@fz|%4?HwJn z|Asi?Vv2xT)HSdO;vrm%N+D6NDbJ~9I0$wDL|-49xDAJdu@)+47vHtT zHm2$$o1|X7_`g`MvHm*&d{qwee=PZlfFBS9fMqO)t|O-3&g`f3Y9+lfu{b?Mgg=+M zSa@GmIRAd+`Xl5?M7tDiK4BDA%dE)}vjcF_aJPNcJC099%x`EnxIQsWZw`H9Czr~u zVQs{WwQMNDeQ#vGY_UPklYHOVQ-FnOYM2u<9wY%0-+ zB+D`Nept%Jz4N^z6~S1#9RJl`>J119>>r4~Ri@3J(>+A9xR`pkr&ka?~nFR{isgYn~T1Nv4Q^0VCrs zfAN&R3;8GFIWSbn23@aFopJlexe*Ebxm2!_)?!bG@7oH9lHlKpIk$_cmc5_`=w!rZ zw${+o#=Azie27VjXZ(2(W;bU*W~Hh0s-z2L@O3VRb|nZ&Dnc%ribPw1D#z$W zey;4^{UJSns?;LsF6G$`Oh8PMXJ5~6<#-+MzWTSpA2en&gr@`XankbbPLeQ?*X+Q9+}k++aj9@SW^F;zW9gx!;|k0 zt5@M$^G<>@=uAj@^nmCQyx2IoNla@&Ti&2T>~1EQx-gT@)w8x$&4zvJOswmOpL^^h zxm!?9jCb4$3WD}Pa!WL%iBT-T>FXiWsb;Dm2%1*Rt^`|zzL>aGwZI459|&!DEx-71$wK^^OcRp9m|Z?NsUy(35{`pnds(P(F!zBUo_GIT}yZqr4ndNGl?2^$``RNw%Q z^8u^UK?96$IiJ&S)yT0|C_ub1PE#lfKR1UuC_q8ygKMVJ2y*EEvlz0H8Xpnet-f!m zihRt>%wVGdhndFbBCMYs?lts#C>*A4fKlMaeDyR;Mm6_0hOti5;2lH_92?A0$BZ;k zVR;iURNuvV+Lb}tQqB}u+9n8bibt6LxGWgexer_cs`=NAkG)ERhp(S7Pe&`pv6UA& z;irpb+wixALIV!D+vhJZerUQ-2o)b8E3AMcV$j8jJ>I^dRzZp_hDoa#W3qeC7{deR zYa*Smjlc9MR2U^hg)|k_ZYJqfeh}I`x(&8#nn_T*U)0B-?UXl4e;rMRs=-{_0$GX9 zB4foVzrDE3wfcApqm>6gFEw%RX%r2?Fu$78>w5Jkv)LEM$62iz8r4eyAZmq-zp9Sz zfLEQ#Qh(u(Z}WVGQ_iXX!&<^Rq3FW@VF95ZO^0%Ltd}4|Q2x&q`3pI5b{i^w%&6H6 z$XwjO@4keSNPPu@bGjR>7~Vrrl0>&6K9Y|p=K7|6FG#MrR~jER9|v`>>bZcoT!%BG zoq+2F^ZL^JwPDxt%*UZ@4StW6ev|58ZALzQx=}jz5mLi0!^$wqufr6S^O%&ua;05$2S7SIF%jVW-YG*LhZswiNS6kTQZ*=O% zaf^0VJscf`Odyc~|3@XC63_3bB=XHD)z>XWF5N?@wt|mweLD#!0+P-~$llk0SrnBMC&%?|DP&~OPs7F)m#XYt?7_0Y# zl1!%BMncnYDY8;^xeNSpp6ioyqlW@RulC#qOz`GxVZ|9Q=F)_j8RqcZWfajzaSBJO zYyWW>g=Cg4x>Bl5*t^6Mv0mGV`lwmhHnEZi4%^cbrX%GwdaPRupR;Tw`}6L_ z-G4zdN;T*4%5T&*6A{CD6Zr`j zK6eUFca_<4B?keS4VOaO@W$Q0C+sESc{!vPV}DGQK)mJ^^x0>}e?^klGroj{PyR0m zO1n%1J8{%AA~Gd#aJ7GLi+B3IZ%=nE)x8ld18~q950P5Utl=v+Z9^m6hOAW(bRA!@ zNw$%^;2$5xF7{OC6Qg0tkIjDH(NpS0iRg7OKl2F?%Y}o@)z3sHVhmzB+92J&1zYXOZT_g>!v1#vdAI_up#i zft~LIWD12oZ)jE41z?2eAVhHkr6F^0VFCX!j(-d;XAo$Wr=_N^Uw@-7Svi#Sra<<; z1<3Pb$IXu;->eg&zM+_wt3jz#`=cF}6BpXk`m9xd9Oh=_@=Afq+OEoB<$sD0zci8x ztDZMsa$*|IQ4R-Fqwah^zvtcErnxb56r+@eW6 zm;vXr!i8N&<~!2v2P$SAaF^tM{+E24OWs+d{#sI%8A6kH?rek-{b~+ggS$W-LBz+c zOZs&V&*d|R6kcjD2naaJ7UsXMEu1=FJ2m3GZXr|0@4hFH&Ta}#;Slgbg=Lljc)5*e ztfqL|I9Q`s@C9b-l_>aZ>Ix?ktNmYR5v5WUMEU$iw78a6@O(>Qx(&5KY4ojIv=xFG zG&71P`bK0+fq_HoDQ-U1>w^8>e29qs3g_UBc)Diq>3~g8-FEx0#oRU)g6y&Cf2xAj z5TbWX^;W%DDWaXVl!|bd%_v*NE{hwmBA6By*-O+~VlqT~j$)KzJuTe^nr&Bn@DYwZ zp_GyyA!NImLd2eZZ1mK|vnx_n541Nv73yC8o2AqF!40(hJnO5ooT;Axa`{9+uD5*t z9aQO+6sJv4Fi z?x}7wCFig(!q|~_%DEt5dGC_B8b0W0XIB4AZyNr=zT$ogL^8NPl2==0dni>g5WxXi))vCz zEGMe#p{eGihi3ULZ!>Z;feIzMRq&WawRD@V+D0~`xH~_x2^D&C=%eXoCz{SS;>3^q zc;H^#S0Bo95_=E?pKtGiSt~FKKtAn=24L8ctn{p}qnNOf`TPWYGcRX&5B8wZBIhCP z*HaMUv4BU=H$?5V7ApyXJuWVxs60)x&h%>c`jpPKxT>3u|DW!AOqcZ=l%X?lE&<;U z?xJA|iiJIN!)y+=Kk5azoJ%C!iMzXl*(M7v?T?#a?ntnSeMf`h7m>jDUkd_I@Zu+U zq>zV4*f3A3Qu*uA==JJ-2GNy&0Fh1M5hJq!B>C27AC@e|O?D&!w5(1-mf?)VKSKV5 z9I7!GJdc#tReQ#SN|Jl&xSdWNJBIv?P9sttYxr#cb+=piNPt9}b1wt>)1;$3%kgS# zxbrtm#t;@Ve4jA^*3&zH)2fD1Qd7rTpk5qFzs&;h(WbjZi6k%>&Gzp)q3$(5(i>apv7<8YKiTb`7N~GznvdSvE$tKbndny&8?qrz`UKSjg!JxFR1Hg_wIRpN}Uap z{V^$T8*COgdyX~Xo<4pLO&0ora!H_1_1T#%2T&a@R~=WiBZP+C_E(7;FRteh>#Y8G z+thPxC^itihwjW`(@fvI15~4Sn!LW=!rn)q&ws*7Z;k$`nZThni`k{@R!zLX%5*;_ z3o0`}>8+E{1$YD2m`_qMc=PptAY6{3ybD<(P4Am}rM40|ar;HX!E zYk`mQd6na@oIJ2Ws|oFk30geXE>Y~dleBq3{F=QD4^Xm|4|FSgJK%R472JeSj;Es~ zkxLuH943jhwy{iYZ{wb#Zaox9n90#M^`2TR7XWST>uW-%KZ)E8ZVvli>B| zj{4lNr% ziB=|t7nvqM}oAR~PaI0NLHYe@^aTE$`vK0jqdb0Hc#e6uJ0UHOoZ7?ExF#_ZLe}SEtd* zsJ0Okfwrx;gj(-^(E2OJRs6ji2f z@R~sJtBw(qq3ta_e;^6=tzTwy6WpM~iAJ+_Yj%);GK62414|fNwOEe3j>1sn)tO(g_QAwX#$ET?kPMy0evHDz>M=feJFs$`h?8$XnOG`wxO{+Z7@Zes9di4NJ4+QPBaYH*AY#i<>J*bvNH zn|;}eVSyuK_Ir?zhd*ry5&>yUVY=l`Dr*o~=ar!FW)rayG>OPQ{ zrm4>uHB$Cw@{h+KP-S$39;&U_x#>`WGVt3W*{$| zfr?#JNzCKk^B+%y*?2Fx3-x53f7HMPwefVLU!Jnxev-d5k4lRSLsFBmFo8LSeTl3A z!}<1N&`=8;seume*|3iiU9c|7VrW(<39_*5yt855KpfITMr6Z>#At?lV{+yJ>zr$n zFFW1iqt3VI)5jnzSF0Wh{zMD&SbNifYj~6%WnINrx7C-)#qy4|5 zIuRR__rd@e2tGBCZkLNAZo!#b&YVXNwKh{(oP$7Lr$7(|2xdNpe|`d=;SjHXv{ly^ z&9)UH%-NMo>iyqg-Uf-IiaMNY40D6pa0T9l+q0|?MD^~_kd%%0%O&Rc16YlU^x-VT z4I7I1jrcvVs^NbCGWwP4VsY6JhTsYwh5Eg|=(*-QNfMD@Cs?JgoAxD~Xn~*{;3V@u z@X8{BlCKmB>^b{7iAiw%cJJ+cQJcaqr6Z(*w6Y(!b6Ni#Ux?8$aLApZ$kw#KLKvG(yIUwC2 zC@tMc2y*C@Rzg8i5RgW(zkTlg?piZHMrT~ZIq$pU*-y;9jqLSXYs0IEAI{|vJu8s) z;btW!xZl{^ZQC?XdMKN!=WTaIU|^Stx6##~jP4DO;F*Rw>J$wt8S@ZRd>QxrOuM|uQ5 zpDX}8>fjxU>s7k``VbZvpvJP;tw&i&f9`orq;xH|9En#E*;&a5KG7t?{;0Y1XiMA0cV2z>o9c3-B3J|kH!$hQndV{~cJ+V8b6Jl7MJaU+{FD1>hLG?!&BUa! zaS(d;1v@wa)roOIh8wFCUZXezB9=85!~mGK16;y zZswJU!giK5w7@6Yj|ojU`koVkCF^&PGhe`giT^3!c8yHAluep3`5p<&&4l(GbGbs} z-Os1Vn=`I~$$z_1Ij|~n()J*WVVLL|CTorbN~2isAd!+EE(zmE zU?h{tB^egRIIruYTZiZ@Q!wr@^{uKAKdHO-x?LOeeZQudDPkA$&lPw;CB5%LMyMrE& z;~csU{Bz9NME^}uKDz6FtH>QryK+JNzx!yK69OR0aK!PNb6b7)H~Q5zc?HEDi*`>o zWt*hSTziXFX|{XJaDBThqLKA>BcIg=;^*W{rpz82hQagd7JPMe)GWlZGfkD-@f9-c z+-BqeVt*C08-5{Ij2fh7^bT&NID$)}UmgEQg+a;MPlz+S!A*-@Ctu--LFC*Qb)@_7U| zc`R)w@-bm}N(2eVG!%KOXrC~{3nfaf@;x38Ni6}7a^>-;pT5|fY-1PRaIFCvKO-wnuX zh$U5L;{mJvjcOc)fFf`IFC0{7Qy-Dwy$iKuXXTH5Q>h%W@*x#L08h(8>MTdC3xG05 zOOrd*T#>N=Mqe+_XOw(MP=1g3!>ea(u+|U+J#cU+&7%p$?Uu9o7{HCUe`f*g_;!U% zaGowFl1W5M#nw_@j8r!n6UtZK)x~M|+i09W7{}&EPh@?rF)qEzxIErgsll({9muoQ z<|)XU^C9`e>^fs}PDbLKMvTWeHwn7sT$$<_M@cGzVyRx7i1G1hkIWo$V2tZ%oIPaa|6$CCd710< zyyL%m4n|2>DU$7$c7zN`;M?`m?Z9a0<{g`e!Km@$e{1@;1K0?lvK-ZVn7a3_8vNcI z#~BIpF={@zA$fI0FiqWh%Z|vxI$p8q$Q&3!UA=~J!`$J=Y1n`6JKn#Q3Vw`XCk(%eFgJXaVVYJnseR17kA?u8oqwe_* zQ4~*c6XLL@zXK!)_U&BGm^NC1f6|aD{zZT6luj@ZFZJB2&-MAn{!OiB#;)9HJ=**w z$!5r|B9=_YKtwEdjf>Oq`6!vTi>g*?+Lajr6*Xl|Y&z{3o5`9qHXqH3H>*D1j^2EG z{BT8rz=wB@vpy|mcI^K7vw(fo4LwQZSY03SPx+l1i*mP869BZh7_k}!@P$5 zGbD;AFT``Hnd+K>^n6JI(Q7-SKJRZ~-8t7E@mT`r#N9V>+zASH;kqLYXiCC+VS@Uq z-cbs0OIG*lKGQ{*iFF{?Lo*l}ruND0iCaY?i?#_Ce&gPGu!W|(^ge=JWXN!=M#WT_ zftX&R@J&2_w9sr~UW@A`Zq(P#g#y1f=h+it6%qbqbo=a^NF7vXrnmKWAMioCT;{k# z?zg1l6#amsLeAdyWWk61Wq3Ca^Ma?&2%CR0_2r4$$2jJCd{4)={OI`z^NXD48VcS| zHvb?ikJn$NREe7;v{6v~(zVa8EsM<@_J`1Tu6fwwliG zcs400BW1{LpBd*{&WiVkXH3H&1Uct6sNz*+Fx)u#42iv-f8cF>Cg~dUMb4O;?`{o{ z6@Gxa(~xkERF_k;8s3&m=1mewQPdka{BmN-!IgC$i9zNDM&Kx+uGa5hMgy$zo(kJF zal~w`g*1`1*Dw;ehG5#;0MG2UJL>}ncfk9530}>ARLf4@c4k(2fIi{Sako~Hxj|ei z5C^E5FN|4**$p39uxSJg9qSS6AHg!Eif?+<2LPJM!%xkO7miw8j!$dBXrV}PlilWi zY~NLd@(zlb>_?9$Jiw#OMy}>LFMQZpv$w#B{320$6{&7GqmIJ>{qO!+%sev9$qG9F z;~(gek!%SJ(n(YrCU^7zh=F+3iOCJCh^#N;Q1`*v$O4XXrzFR6fH%W`+jQKGt5`}< zvM81pI&xbj z#5d(ms=4udmNG#xi(kNzLg(Pc?yO&j;Vuo9pCnP-Leqz;akAJJ3o|Wms-{DkC%hv% zQnY!W3$H%Yo4Bbn_&^!EL=X*BY`?esV2BjN}&OjSaqWb}fm&8vTivj&x%qJlMG;S)z6VC4UqY&2e)7 zhXrI%@#A~g-E<1MOesX@p3o?RMdPn1?-8E7mKahN=EenvlV=boQWe_yAWAD5S#xXs z+wM&NYa*Sw-mK1B(mxOaZ-+ciRr|>YK%72sSVCKsAp2p}rc2 zUgpGxiM)fIrh2ht=MMs0#Xe(FAEWVNk&#&r*g6N(si=Tba1927E_@aipsrx6 zNO5(oNmx|Y$`8ypawo)*${k}EJ+)-@%p1XTSCyBRZvTzje>C2H@HE^70E3a66p>Ml zBI6mn&CWCI1r$u}M5eUU@Z`mbMct$Sq!G8`HOwTT>7rYdsg6}XNIJxmo|Cg2lQO>e z#S1)I>NM>qLwCUTqeF0vA)Q{zjYmq7%Rz7zKt4T+k`kGBhy(4eeaAaYUO5o%!60=y zSWSOB89?KNWvS;tOF(7aGP!frd>JCrFZ@&#eMLzVo}x}gEtUb^fFK0nHtq)F!Zt%n zb)C&tQk{RL$bsXk(1eE9+7qx7Yv6Yl5Cr-urZ(0~Yb zm3NC*4Fmv4hH$NMsH6~3wD+icuc~@_TZHiaj`LOr+z#=9VtP+1DcPKK@oD=4IW9yd zZaxkKr*`U8>CwnOSY`v=o~3Y@K#W!5>nFdbRY>V{csFBY+VK*i0+S1d8Bg*uP|xfL zbkn*%jq`28It88%>@4=)K#Zu2y%itsD7|h3bON4N{qoQmz@|9_b>pO-BAq>1e1FJD9*Eg_lZQ?QF5uA{! zX`)6kf;jL239s$PtHMaM)qf1e@^Z+})wcy=0(?85HQ!B-H!UieoB|Rxhjy%S((jZo zH~}$w3EU8~?i_lDO)>-;Ko`UKFB!&fL8$q>?p*`iQoT#F#2oaYAybEJOn9G%MZa)B z{Q=%o7t2dytRWBRmsqo8Mhv+?&G}p;zJM({-;8S%ooVn0%0$gR_ zIYV|rzY)k4$bCR_JrdzoSxc;Y!?!`#0W7FUndRD{qHO4?~dZJC*xX!TZ&o+lRaHeJ7NW%KBRqxVbq#tOm<<+v>e){`A)|@K7}KNa1Wn)s9m0GqXH7Nbgv(i$8qdHQZ~R;Z>!$Y>{#J0Vyz^2w zOnNWvYSpBc$20kN-g<+AP*f!Xkq^0+N6J|ErquuD=v}lQ=$K9jjAN3bgLE^4k`)Ge zu>bqupB2GMK>jRj5JjvWm=Fh=*Q@w40G+X~X@9CVZ{?Fi#{q7bQgA2FUL3wYQeOkn zaS~7Clp_IQ!ibPyc}>7%md^Atqw0iggFPkW z@~=aYBFb`fpTt+eYv+piQ~R%G<@B%*WIeNd)VHcsc zi$`X<-7(9MZAOr1hb8_zr2mc4(^OWQ&Eia;gTELJWu?hHF$hKR#*2-uFvU?YJgdPH zrD_YjEEt+gGVf}MyP}Vr`FnKkR$mhKmox5l)c^-i)tz?q%GK;btDOoXM$K#9Uj#~d zo+)&)JA5mbp1El1(04)_#iNIxZ;8NM4SIc^2{SjC>?I@v-uk_BwuxgvZ!^&iOFUs zY7sS&zZHOm_8kbOyB4>T8AgD3yaH8THapDhX~HiraWzgJOuVZi1qrdq^b*eKKvKAt z!Uy$!|2pX34_O!pOgRl6j_qldBz;Q~ZJif?mH*Y02C(2r*w(PfUj%zpv)}7jc*|sDp6^oi9qFNArH^?k;cN3lJCNR1A+l={z|Uo zuf1kDv5b)suDtAkzfgqQdqy-<*C5-5?fRFm=HD`9+Y@9Ce&peZPu>C()Hi37H&RPM zSXWRs(;e(@j+nE*7jJK<9mAj-2IEkYK*MhX$pCg7dXBhMOC}c4R=cLq)62#XTbrN~LsjA$FDASlJ;UpTHMxw)M&(fFloN;jXedf`9L0!r(=X|5?moty!rlxt+3559hUtyI z@A%ZrIq zV#<56V6XLKg?Y(mJhZv$cl`9qpo@1VE>cnU)9_@bXhsoS3swA}PA7|^G9F*GSiA;joSGC-|TOg5?-<&dGM@32Tm@w1Olub`n6-?E?N!4Kj<** zrY8dXu`tls)W7G5@JFf&Xa2E2`2d~}hnj5eLV_j8?vommgv9;)KJx@#lz1Jt4 zKC4u(v;wi6^8keDOm*}&rY3t#+N{3vGfh|Ah9=#GJ9S-xbRu-T`C>5eYU zlxVoVtHLp$>aW-~?WDd@5QL+A7IojTo6nW^t;ywA`27I`m$}#vf10TM36{NUlI%Ud z=jDZ8P6ozFDYJura6tTZ#kGjGcpO74G+oBLrvnU2ASTB{HevTvsO$txAp_GT0*-CE zzdlGEn*YYG^oAJI>p*f6jI0braWZXk&r+Z8Bty#mM`t5t>|*tSnevoh{v4Bcc?3DM z8w@FjUjGv#Ou?mnx?gh%y!!jHG{dK#?V0yJ6Fk_%eC<#pK`s(LCRs)KlB$qDPl{t_ z)V%sWPPWZ8hQy|wor3f@&zQS#TAf37s<7LrT_-0nMUGY6eTwP<@Ar0kkMH~zuLQUi zvzo{D>^@y<2HRlK_EKP&vW(Ms46T-K3ZZ7MiQ=+Rk8;r%@;N~dO^nUVTconc0X4#T`Ue_k z)ip_dag3;6m0RbD2TaooFff}P6}M5Rw6-GzswBH;1B9zt(l`@mb$nH$O@o z524`2=T0-{;S4bLoA(t{%pxA3$oggqJ`Bhz_yBP?p>N+-t(77$jj6fq5xf}^;h3X_ z`NY5sZN9-*&~)=dgTxv-dvXFiq$2p%=BKZsk$%=iSmx9jqyHjH5Yc!O2Xh&{WY6BI zZT$}m_@ap334UUzcLQ7M$~N-P6|!SE+$J;K$O8AMS*q)C=XI`i9o%&YqPtIdj2LFy z93!VmX~_qai$6PCPj0UWux6-JH;``qUpT!-^IVJM~c5Z1fJHw`u)iP zy3KX>RC@FS^t)HKrfX$IHdEI>Xf?*l05Wv8GNFGE3j6chva- z77_w*>VW%J`xyPB$+0o|3;6wq?d!Ps*-Y1cr(gO-zZ49%XW!UO5L{AW9jqB6#d#7=f7hf>u-}@;=!q@E7=Z)i1>54q-+uf+G-55wRc35-Rg_ zl$mbqqqoE3g-QvnG=B@c5pWcQ1!r0+Dl9tkqz%T0<6lq=?}POXG;r!Ct_4GU|d z&?yuD{$9H%!-1Q5vzR(6sOvQ}F!3~;X! z-23Mz!G|3?vlMs1TKK|>u(S@ijU$O4vu1Zw3@H&{;cST)Xe|aDrj}Z8UBnm;xW*4hXgn9Aw>18&{ySt4L zhnPlH=`Cvc@-`z}9{tt8qVwFLLI-)#5)a`j&KjobmKm;?<}8sKREBgqzl2T z)zn^F0ZFxn8ov+VE?BNcLo!@L!mUF3Ga&SHu2X{C`k1*0X0uj9OEL1E1 z=eZ;D%vnpyAcS=bj>j^bqP}1zN#^Ph_hjK@O|ZDnAkDG9oy@y$lT zejZ3VVE0Xh&L6IzUHRJB9Q54mqRGWNd9ZZ>E_L?VZz+{HjI!SGlPP0kE%C1(%88!z z($Vf@zLJLcS>@MURluFFN#(-M zH5=~au?M!xm=c|N|IWMNFO-J3r%Uxa!ru`Uf&2)6oRAb5@0)du4DL$y+8l)^H`AiR zsb<)01JKIV_It=EJ&@nR*Ws&dP^cSVo8h0YCykk22S*ZB;?4H{HtOb-fJ^kQAlN!k zl|GQ2^7ZyTxytcTYCK;TKH9OJiQGsz<#UN9ntp}AQ_i+)V%}HGr$%p&!0TzBZbM*y zGYG_zQq0pL=JX%ftVAy$^VL+KwN*{&&X>D^-|g(jROjJ_W>9Oz$a+QBl*@h9Xqep; z_5is0gr{+~%tEbPFB|#P`)H?DyD=ofg=Z{$g;9}G?hje>BQ8~Ut2+&)FH01`#92T~ z*)QnZftH@^xbQmpQxgw&Y*GD(!Ij))JTrC-H3~Xi`N@kftt#^XzD$5Wm(mMI* zrlssar8<0JVaF8l^V<1 zVc?2}3x-cWQb-7LLi_;H^!V5=+M6Nn{_#c#)F6SmeAMZpQM!7W39n@c z$82ev?r|`T{KEye2IQj#aS!B|_*oDwu^EVj47%#%lUc*qdn3!M(J_rfR&{pwmXE|a zoUd}DWS~=&Bwfk9H-cH0AO0hEwwW>agRoZU8)XM-G_pN#2Mdo^JLSm@ByV*s`xtVR zFSG&V;F>RTW+B}$GKK0GWuM+SZ$e)xgKK|*fpDQcMaZF(qC?3i0e#q|xw-}UHFOb| zDx~rQDbQ8>N?smxcIjwrSrMHyId{O*0X)}pOa@KTVp{S03EK(JF2z1C-q1A|VqdIg z%Rc}5;X9-Rm-`P)a?KgVQaa-3#^_U%H=n^TemnZ~VjEQ)bDLR`PJ4nC)5oU{9K=8V zB?=Qbu$T;FXV$$iEO+H#{cNz3y4m`({?m0n`>n>x1Ysq@x5I`Ud(O88b%$&4g+BZR zu73sjtE+23{&)gyLbX9Et-=>?<;Zf5oP$YQXj=05lfQuj7lp*s3Bn}m_>SjZCwcZb1IRSPpDxdB7qsX-wC*HDbUADFM<1==jRyc^Cq}?=`N8@j@knl-gxqVMtOrhje zC!rjMt)n98CCr{1pF7n-R1BsjjTUY zhakpve61^dg<9rF(O1p9RFnL9#J7jccq)73?2iVdkZg&GZ0K7=)?Bfwp5~Po>KmHH zcIuHmAR77y?#?1?li9*A9^N-&)G_550x~Fawd4&YqhbBFY2WN{X`rsa9TjaXWvst= zpsO-io_Smkr*il?``+-}jKjrptcS!ExeYhnE1AW=1|m#JZcWU-cdQwK<1?UJ>ehgjTj7vVFLI@EZ8Qv~uv5xZv^uMRTLjLhjpfB7LO zJTdfnF~^rLft?>%ygC>S{UWI{^V>wcNsci!hHoiwGZy@1OL-mMAAz49#~4vQCAWVD zz-%RicbNn3z6e4UTTI0Q!;M1=QeHAu{$5{%<$(j8bp4X;p@GVVG&-uY0Sz%K+)oDT z#MfB#>Uhb5QIE)%!Sn}FX4>+5s_Z8nZ|(p^$WJG}x%iciaV|z!SZk5Z(lQ`V?jOVB zsw*dO+&4vUC0|ShqsN@9WpvzS`zze69Ri=+cHZokwWAt4np9HLFY-E>w>=DYjII)a$^^QaVi(E zp4&1^lu+YydL0#Jh4X9KwZ1pggj@3#jmdMZ&y6zjK@#sjU(2^{yQx%t9Obu#?C;8Ms=t81zT73Jr=J3uPBdVmf*G zRqid+CzpZ~|7}j2w|`*WOy15Z&d}olk1s(seO`25DBi1^&aofZIYPZ|l4Qly$S9!y zq8zvQeOQKz>DD6G#sTITy;z-`Yr65BH1ZO;pPGV^IGE#DP0S?iBDDFO=6&&t>4(VX zGkV#H$wTe{O%1&N3oP-s9mfrNytnJeK9Aa1POCz|ROGkiyBt zUu0FQ9&U0x0rrGe|FO<3c7(v*ts&Jt?B8`p(}o97_vD4I_!NQEv+hV7#}L28a((RP zpx(H~Re^^iSr1(5_U_vQTy>#M;6sqNZ+y@*Ykamn{vDPPWvr~oJHJ_V_T+8i40ez@ z&cH$~m2nxb^j>2fs8m6ZUca92{)k((p160*B+LV_=Hcg+sgP|Xl!6;Da0J5GQ6IB; zNhHYY*RSlrO)gp~I{3Q(VFH^e!%_;K=t>x!KiqFDwXQ>&4Ft3?w@IKKqv#ABF{-S) ze}bHhLU4Lw2uk6$&b*6cr} z=nR%9BPbIE@O5=bk8nHS#Je)PAjS=q^B~dk9A?Re*^GT_#sslh9w5I$WssFiZKGhvuEnB?frWr@OF(o90;Me6}AS>h{<~z|V5Q z#Q@}EJg?&Vp~UR)$Yb>cT2aV*zKr+|ktL9sWfXv;%v|0XpzwYOaznY}sSQ3*JkMNi zNhzfZXVuaq;y%*lrT)kFKP-Uutq0ByatR2FyfL_!YE|mV%zyd_g>5j#KBh|4n!a+Q z8^ipfq@Kc28qcuqy^zAnfe?sYYmx8saT|Fg5gIzEDg0ILs#yBC=4#;2yrqwD7v&Nx zoqlaxnTn4&oH5y0O*6o_ZF599tnJR~2o=WJr6R+`tuP6GZYrPiaq+gLUB@sG?G({9 zxHr2ZQ#BPh>_VrFz5)(VsF3t3+y)lGRsaabE44MN0p?(D8r4iSdwAXS8xb=d%O(cP zn)q^O{POz&5E_Kl4M-)B%4pb*mONo&?@}$@4MIkYFHa1jT}Lhr`Vz?NfLAm*U`V_k z3wvldhA7t|mO0AKVKCyGZ z!IN>LUZ>(cY{cD%o$2JslAO3Y;0? zWG^w$w>-vY@K#8}hz)!nARo1+C&E+adCGu6()1$alt8e(4~z}aaT(|EdU%x#Ap#d0 zY{3bssM0AfzChv0oAH1wjkqeN|p!Se{{qDE_o|p|LK@*b0J>%Pr{23!m*q69I z$FQ8Si{dxKE;E8Qs!X}NGNy|V!zwC*E14z{@z>%gc*Q1VmAEMy7)>{o_M6??liKmf z;2(fGfG5q0#jQf1jJ&#Z06D0tD^I9UZ{o-rbYJnj0OnZ*Or{n4Nm9VcnIueGkGDo; zsb8B{25@F+cFP-!*sSndNtv$-{Xam1b2-1!b21R9C#Phd`D&s{`=wU{u>YifE2BFF zrNnpwqe3WSpQz;tMG3-gpdYS>T*hMSWZGHZgJhNXGYH4y-&u5Tp$K9H{J(6+&%LAj z_mYglGc63)UBcK1=pmpzMEp`~lU`lO8hLEnWilBJ?&ilinX4P`8VEVjd#sM)-?bXa5_~pe?x2pph{TvBzPyYe6iVTjcCdLD*>tCD zzUi*O=K#SSirX(~59czf5ZQ%4C_*-gi-25qr}~1~3*)fsOkY8 zscIGd6ffbFF%nBr-sWg+5eCTi6T2%c235l38u%q_B*GVC$hgKMG>2xRVsC6|1S~z{ z8+XsCa1wuid8(898a+-t#=OtiC2(u9K>L0o!`EDW)R!RutrZ|;0w^e^dwt0jV*5u` zci+CvD|+(ltF$#f&xeUP)?TA&%82Sal^Yk}x#G8s0dn68>EA$dG1?h+o%k`|im;XG z;Inw4E@agyQP1;gHrOP5CZF>dD6xH+M%G7hj?c5ShiCT5oMfQ+Q6#Y_knr9mJ+TZx zjLuBEVz9=#BKm6PjvhmDHQiswr{ zxJV3~z{jFtSp7t#xoM(W;pSC*(L^GB^cuL!U#fv?2(kpozqX*`wh8C_B9T{2Nsz-O@bXDwytNY+rbfQFnJ%B|I#3BC zHU0=iNGMkY!<$><=)NK#M8UR}(|q`~`y*K>v^{OC@|&H6P4D}zE(7Fkzt=@eu!!Sp ztBv}iiTgcaaO)|*LlzJ$h|4@%)MaR5u}Es7FJsx^^2d7ro{}lFDCBj#r}u~oX)HaJ zEU_SgzJoT5ikG;@rm5Xvj=H7dtIlvamjKPto}(5;1NHmd7|6{Fl&+nVpuK?N(Zs6W z&JHw>^2h9gsjfPvLiucn2}sfudef@{q5!mzA`lx%{4VOQ|LhQpR4A<6XhyfpSzd*@jc9TM+JZK)JRUVpGLp`mTPuPSgfW^Ic z?9LRGn7h&(WtqPhQhmb#6QymREFQ{OcmD;!e{U($NAaz`5n@~pG<$2oCM1r>KjCiV zFfzvmx)RBU^PnA)OnQDVB`i+OEoi#}bP;uv=W5fPGu~A~?G9VFedkM}1o3c`^VQMkkcPoqc@n(0p3B*^ z61s0q7BH}X2E;IMyv^F7*^pmJSrKj8ENAUIqn45bgGDBkJP-vx{&N9x;Xfd-70p-+ z9zgcego4=u#PzhHXT0)x+0v)p?WIyP(9u{$`)*(<<)PW~GZvnSkYzQ64rA{lR#wj; zqH9ipR^jdXqs0cOENBKYLag+PR-f?mXA&;n$7@O+Nt3!*`iwy;n9lEO=pLy0^Yu=cmbj+z`jLEYID#2NB$2) zKG(&&nV&5kZ!jWpe`1R0{r&x8bSzgBHBZ=@g{;;jBp;dI)n1ZZv|SoUOhlO0Nli{TNbdSG><%8xTN@Bdn)d1YOp^ zsWM;YS2&Xg#2vu&rJ4ioAA;<)5A4A{kx>tTqJVM1HdZd*K5R|2ZJR^vjtKc9B1xMD zvi@ciT*O8bFf=JBLI7-6T28W{2W=x5jah&l30bz=tt5KM_}N*PaM%5UlG+z#{o*ge zS`h*gysRuw&GY^mPWo`s>R4jE%Dow z!raVNq-r5T=@-Xq+-2F>+>IxHGTc59F-RpapAaVR(!_&vFXHry?q`$rORS0Ld?zDYI>Q2Xiu<%R^h zb%b3F+?34#3pPmoAf0pITj{*r_RuQ8^0nVr*`55&M~`=lVmH)R;LN|dJK8Tiq{2dD zYrx3#G5ab~lnTA<|uhJI*!D=_WiF`Xm&xI82raq8eJ25EQj~+^Z{h zn4N^0BaXvY-PSXNa(mGsQotGbT-xKg7u^fLeOP&H1t!2HtF!L}%g3=^V-=4vzY>f{ zXzP75FgZVx-n2r`N~o@OD6-_q?geOjQ@}HFXqsc&RjDV8l~A8T&JvwjMt|CJit3m` z!AM;<#1G=f)2a_7f0$dpvO>^qIPU9WsJesM~ zd; zJ^Q2h59z=`v@Uomu0$%Mhfk0*LW%Y2VEb;>$ZJn?P8&9xFZ9>7K)qD-XaWNZjov0A zegjX&{BKr+X-s|>ecSAbC%i=g@?iHRLyk2hvw6Y)-8=>n(up3dF$i+TlJamkzHuSo zDWJf5ziB>@6^3?oMZ4y|S>RA+N9Z#2n1_}BB_Q^?jrCb4RrO@NnjWhG6ebi6{5PP; zCI&kUsi7j~oC)~<^ZzGK@>>StjVfX)da}Lex zEY`|K=mrPV3Oh*VkTG5BIfkW_za-(!$Sa^Qd!dl{FWuX74~&9;hzd+ykZ{eib}Gx%qpaNc+KwiWdP7F}NRwugx} zsTzJhA#>oG@&H?BtuAHhCiua_f7Mm!Iel~~0@QK?u`GhbhaZTjt(fIo5{P|GRhPk| zgfs4~bzZ0DhxK={qv+FTm}OQdh$5hwT)?7xDet+45nQlsx`Wa=pMui_)6Edtp7|!4 zziYuEK8rCQkz@_9c>aRjkaZDT>KG%ruRO~g`Qn=d8PhB_HD%zSOlkZfcPQzSVihUSav)IXct-#t}8yg@3m0 zWIYLEBN4jOV8rN$a;4RjQ#TX;Y^p$9ao+B?)Me9?QpeVf+ha+(Gx3hL#^GuY9wRHq zaVQuV<>Ig-K2u`$5wMK734a!icdC3xFV|1g<;hs+Kd!-;?QKK8j`?PK*ySm{|`MC%dU>uf}FSO(aa6x_%mP;{P8_obBW9f1F+>` z<%ej=7Rg3n?G{HZEGr5g7ru~?@`&EUAu^#-&0O)mojNbGPtxL4_Nx4O0Dqchq87!O z@ldD+^M$w?ullD1E5pz1LkJ%-&kGX4sy>3Qr1#@*bUiuZX4u|(4vs^$E7~%+ZK>nL znsdD#=KH!D`rl(GZDcRe>JaQE#evaBx=OE@9dk`;PDW3gYDh*AX2QkVl-A#7Z`d}8 z3~IXgJ%G6u`tAfco56km6yj@Q;W7q~4x;`G&b7p+Z5-m^C*&9YP`^9Ls9H0-{GWFOQ|A0PR z;x3^spMq5F`2n`Jr$U{Y5#7gqgg`b-ywaNgJgwZ1%4j$>A+4?SJ%gLBl@^8G z<8t2n%hai+c9X`$*Ed(cac@R)8kTW$xKqhAHqr$^{H$;+5Bj*Zv+E6w6Yp z&B>N9S{6FA1EH!7da*Cx?Lv&|a>yy5tp5*T=ywm{x$SYfzuTXwCx5YfX*ePb9uy=w|m)-uR2OljM}5=du=U2qLB49&RJtrg;8nKo-Ff9b=EicP=Urf z|9M$r<1Ywu6#ciUFVGDjPf+A_!1>tR%pM31ldg);tw7{YLL8c6_vqkX5IVUp`U=%) z7It}#%`RM~7!rM8ou>%}%M}*^mAu0%UfSdo$Nz+;#REkw=F>IVXsNYO4m5P0OM?8y zRa@6+o?C~7sb%Ugh`TJe@LDRBkGo@7*h}49JKbxV+jm+T#i=3rf(+~Z zYivOMm89=AImCSoDN`t9BT>ML(R|$5d~u|qiTd|iajFy{P|l;(0ul=;0yG`))XxPe z_K{J34g>4`XE_d%XHu^3Cz@Ktt*}$LZ5}wOQ*hXrscDd-oyh>vll+AO-btx939R&$@!V_UiT&FpwM>NjsNx=!9*4d=ZdP_E4M@hqt|jEcss9u zUvhepm?L!?nil%x_z6c{RP=kg+R6*;n@|kSpr~>oYA~^G+H=`ZG)$|&6!c5gg?-KW zL3APn)_GR4ZZyvQI*NSmFkfdCjJ~`z|JrxL&Zl&is3pSs3k<_cvpjrLzQN?Mju3jC z1*P35>}ba+ZY*vd%=EDCxnbC6!_Xjh&X)>ruuCvKs0J8XQ zUpW^A!IHP33rJ{(5aSfS*GX(Um=o$kL+9p461~)n_-QT&4^M-EF9MId+Pp*F_HF3K z|NegO0Y?7)1y5sV*tFLDA%%5FEW?H}h4i)FKzN8-1On-s(f>mwlXHjtkV+=xL ztb5!1u`=_e=*_vP-d3ZV((cRiA5Mh2&kZ%DE{B|nDuAuil0$AxlOTR0O?g3fCu9Du z@T^sWt~gZ%ZOIlnI=;@;p%;pJ?-6h+T;z;^?_1w{QI>6edfk>1tZ`DQJQf|_!oPq{ ziie&pndJBnXs?d}y8;_(Qj^Vd`+ILZmYT|>D<~jkVzIGb`|&r^s|_smgqTw=6g~wQ z?c6x(;`sVj?W_0g7quf)?V4x2NrBWRU2Z7#w~BEyJbpUDirCa#ShBzKH!T0~KOiqA zF8bBFO)Em)ZQEI_V-4DlRc~jwnIDN~s?ihAb6`QZMpa`mpi$)02PzI%(DPDM;=pc# zZ>YyLf2E*uZjmbSxVyzf)O7|40%ekiWpiTkpuWOYSP40M+xF302U-odSq%ZasKR4w zau4zbnfyP_R2XpJrxrd4c@Hck7{^B|dhrURnl@p0vl^o^_h(-j%-JygJj*!s1EI6| z=lds(pQ$vQnM;_wr|iBV$52u@ggxEuut~{6c;80q$B;0^cc=k8wnknDd*vKZ@WX%T zeU#LFkHzl~a1=1_omV;~v21U*{XPrti|TsXC3ilp0{RJFO*LA-DLnw~E zV+ofJ%XXHv!}kh}(Uo!fM;}U65?K`90M{syalZcEijQQ{g{*Ry;9(!Lm2yq1 zEU-%o8hd-jn#oJt5GYTBiaj9%*yGyU-w^FDcw(~{eO9R_mwfvb(`n;y`{GLt-WOH7 zVku=(Nbsm<7(L=gzn&*fJ%#O`q*cksE$2=z>WoGVvVNJ*m|d9y9+XD{%e|CRFUr;& zAJ9pnl7#y6+y8-`6yTrRHaM;fP(FGdEt`bbgzc^PArY(+BW`7|*%K}6HKLpKV%%B0 zl_aI-RjMZqB zR)>kPVCOJdtdNl3?i1}>8a%P`YARsm4H&;jSbn(Yi63zn)Bz=XhgU^h)ys9OXv4=-1S@EvC5ZtXGS+g0YNm*~dF zza9gWbOz@;(Rw+4N9Q=Pg0djpx#2CWWjG}=Xg}UUdHB|~MJ$8w<7|wvcig9kFViB# z!|xUZMOoNokNyC&%wE|S1rp}NRW(&+nzLg$-uuHD{E*3+-6tu;X8CH~<{^{IHJ@jk zSe4qk*5ZkHHz@>I9_V>LHtxs=@ut`DRCFy|=7@XZb06H}(g>L-)1@)P90Ni%M%|C; zP7gPFRERs|k6(s6PUu_LKxZyWtbmdj^ibn-z5757+roTGPNwxsz91QxJzkOv5{;S@ zXOmh#Sa2r$Gi*dh1nw2xnNiEZFgV@yNk3d51`&^`rNt9qHU?(K(F9JPzz1J(U6lW% zPWV;BxTsAN2z@w`-Z65hN5BYxXDw>DFTy?j!4A+5Mqd;m1TK08DhlW{6RFbwh`L~# zY-5%Q?GAu4tYNmVU@iKB)~5MtlgWX+7f!$auD&`AFp+paP4`MTeoAAjb;m!_RDX^a z%&_}%{ZWJo32s{UP>paRHhHJI=BWOgZnL_V>txR)H@2H0nb;h#5D}vYcNCkvhV*1L z7SZ+sXgr88S?HNPeM&|IKYiZyg)yLmKwQMm$m}; z5F#^w8?*5>#s|(|6CT5C_OG^>-z|DxsWf0)W$X)0*8*%C5+5Dx#vKWYb zaD9p~rgk_3;qmG>ne8ZDBJJUn-Op@OL~BNHAe8tEdy6?YMkc9Jmy=u;K1D?^sm@N$ z&HrHmvWZ`nsd9l$LvI5`#imK+*RgETZO0DxJ`TIVm&=^jAp#kRJU;|W4k_-~iUY5f zZSE3&sfVumqgbPgVAQGEsTGSFFo}E+dBub$|8H1{BqXopJ$;H`#KSu)jPR$Zov0

>9Rr2Wy?p^cMA{p9;l&zk-U+sW-g9+x%S_D&XxGLEWth~rUzihW?F^AkSACihme zKweZ()VfFF<4H#h;-XIr>G_UNwZIM2yd8zO{-|v{&Tkqu!OM?oy#LZ;j`Bud~>VlRTFI~#N zrkU?PW%H8?I@+^JbFr?X2!iP| z8|ttieXF}Q>Zq=T?Qet^&__&2E5cfAN?9h~j3dC(it)Q9t3`*;kBqd+poo93#{c56 z9iL#Xp5A*2<_%^M`Wv3gty6s4-FvXJSWhwdfRe%TK*(_mmW#;%Fapl}$1JkcjsT&&^M|kaN$EsiyXo8(t3-s8J|aC8XEW74eW_=y{7zn zPNW|-fx7q0Kyo{{!qv*(dvh^U!$?3=Etso;HzA?VQfEDgBRaV%`{&wEP0AYM^Z*_{ zr?;%!HN|e37H$pcL$6Rctd$QS{-BWU)b-S085!7vF&947%@a9?UfdDW#UeZnBGOZE zWA#{=-6`fb02*^$KHlBq7a8ln;o*bZPr*mD23!WA|W z<8-4;eQID(ahxwyrDyXPZK*6DM!JsAoxmXyIp=hKjPG>?&`aF+;3 zC&$R}h>C^r{_y?8$=ido z!lQQctDNWRx#Z)Dsf6YITIzKtN4qp{%y+K`JC)`6r3nqH2_m^M6CAyRX$-3~AKw!3 z!!rjAM~qW_NGDlJ8~rJZp?jvyb%|d4-aC@vRxc;DH_bK748|@m`x$k&LsK>MHwF8= zkW@0|1Jaa(?1^_CY)ScLDX4Iw41B_}9ZR*N9IT9yV0y8j3Ft^5O1180(Yy zUX^K$IOCa?f6r{kCu-g|V#toY0mO6%XPVBGC>%msr3y_CyT8nhBW$<96ai%ccA(Ja zxRYr2a*+Q+3T}v{`Q1U%g;dTnCJEOGB?gH=@3_YQW0PC9M~k%34ln@t)9#W53TK zQbbc6D_sPo4M<=$PAA_n>fQBkr1M%n(J6P%Yp^Thkb~jB=>a~u`UBf1R{`bGWs!*Z z^H-QS#PTqh2q?`ETN{;%%^q>I9V?rMRhwmrEYJfimv!i+b2^Ye#ZCD^Lj=dIOtRZWgX3D9rXGiFtK=5W6>=H`1zH0g@2(6?Zm zS}*nYe!ka@?5i^~tN(HH#34r5O0*?Lb=%xZCnPq5VDCEfK7f#YdVuLs(>^&Mr}q ziQ$9)v5D12n|9>3VTcT5Pyxcy8ZLPI6(vo8iJlenVfmAPf0t1aO0h=_l;!goJe?B> z?L3lWz!qt!%l6}lr|el7(`U|Ac7CJwWbUW!2 z3Tb)Pt~4$O$EUX3Kj)^IQcTs&z+LUmL5txM$TFRUOI;M_&o8ZJ2~0Z_x9yzIp5m@w z!wJQ#!B3j;9V-vM-5ls0m1`u#Gb*`$FRP47G{9jYFu63{9=cz<0brS*+k(Wg{pZi6 z%TX!Zq^i}N#2tJ)t5j47>n6C_m6i3)oO)Z+*;EehQ67U;ykLNmp6YVCfW_1<8CI*; ziXs@R++GNWA=Ywd(~X9eXt(YuuKiO)NYpA6=!|Ehxk&e!O0wDvbtT2=h?m}ICrHt| z4`mLdlonEvb-k&U6+8}BIptqz&{D^(5u;f4H-73ZekMTbl9)4#m=>dnius!RlZix9 zojr%-kia#)@D)NPSqW)lG|bnp(ayX6h)8_a?!l+zC4HF4Ry~36uog}g698)3{5G&e z!OfN**L<870jKe5?$uHKW-`nB6jVWpAi_*Rs_*FYqpL-=WZcQg>pRf-!Ru^TD^6M_usp%?G7(4h8Yv2=r2QSj49m zh~XS!uB}yk;??|(n$rV>b~T(n>0fJUL(VEenoxr{3Ttept9IN33f!leShWgW+fM)4 zcZyFUI|tJn1JRkUKm3V)#4x%KwrCg_b6?q(VKIg~;3Tp*WkaUMdhpQ=+k@a#sdq#n z+htiA^1Ptn&aj>imeA|in|+-n^(jVNiYNtnUM0qlR<%j;M` z=W>z>Ru(c+e9;vk!;lx}d`~d;gD~BYHSYNx_)IETjI6|qfVQ$MbTwmgvyag^A-ma0*j@f4A3OIRDb0I_6PFm^t?rl&N2=HJ_GlXw4*1I5GY{kjUBqwy^15&qMJ-@&15xsjVCbmIqbx zL|J^nVnxnetxV674_tnl9t3Knt%3t-h4Hu$lA`=tyXM%vKd!7J*}^P3z1Ea6RrcMF zXI~wx4S~e)1$so+2@F|TS?_2kAZx>5Gl6;ma#z`P?$=1T>x&ELl}o!QBz zv~JOC-=l(29@(Ibamy|-W?@cC;14zHUScPh9>6jmEfhjDLm%+AAaEVeE3Iqm$tRH- zCGSwYbJ`=9EDG)<;8syll=Is#e4cuK;e}Hy*L!!8D_%DGR8W1~&G}>YyOqPn@2`IJ ze!xq;ABhOL=r#xdTof#d6plv4X%&DIeFA15N1?JeYx3;Eyu~O(@u!*MK`YRy zAp$-!E5-+`)PdyBshG6*plY=RzPk#~E@4HbHi?F;;!!Fe&K_L;9*a@YMhUPqE~TIg zyA!GO%5hS;IGn;aPK4|)@Q>Vfy1~#VPz&3^lRiOoYU2r0X{qFEPG@P4Pa@PsnJr4cxt$32r8oQ4N>*l>VslI>b|ogGZ)aBz ze>v!Prd%o7`J=N}xwr}^_=Pv^j}UbCliK}?6E8q^UA+?CG{^W&VCs(c$b`!9p;#>8 zzI)l@_txcO8uN8g)a*>4Av%s|C#E<;@p$)^uY?!^K`yfjH%N{7^T&ivr2oSLAhKy| z5>vR;2}EDWRE>S=A^+~*66%9*kh!(Q7F@c?T~LQ1S$z)qyd0s7^7&hPdv)J+*> zzaN1G7C^z{3cr<%>+*{(y#`FP^x~XFLxB4N>xk64${;RvC|e3#^78MnqZ3l39^$iDj%_3)|O|y%m3Y_%yKN8tK`zz zoVec(UBZFt!%Lv`1tv!W*B&O;R`zQHcKsMm7(P}%C{*Z>s?GO(4rbObw7VMN2p!s;L zbUd#w$qI2!RmuhvFOW;@kIaSJ-3dK+PIWM<=2g{*OG#Y-KB{Qy8Fu*f<=T7ZrV!a8 z_-6yYSHo%>PgVt2T3)Vn`#7=KXQp#s>24mI;yuF)1yaxyr9sRwAW-5MTiCE0pZvOJ z@2}L^vwy3}+x`u|7gHfHu6}nk_>IX#@4oh3sOaa)vhH~*O^C3ahhFI?XR78mKV0Oz zGUy_IPq&pCIBH+fg%aP7$;LPS37Y4muy*Oi0Sd;UM)0)0)D>WSVhzLL)m3r3vjI%c zoxB0RShj;!Jd_b)Yr3TZD0CpnYuk>7d@6#R@<2bfaK$Kt5_Ei9UliE1hoxV+1?8Wy zhE@EH<}Lm=USf+aEx@@otd3a>C{Iw*eO7

+SpWi7D&(VT~X6z6}YNGzs@P$dlZL zpA5k*|7FA2&VRn&nn?2$Yp^8rr`lphBf3?R$6a|2!P&S^?Wl;-_5MzucY}7K;;QO_ zR~>M}&eRWBzK4pc2ViPd7A#=i48R$>=1wPb4M5SqTfn{GnK;#unS4sTcesac1WV2e0J?@%%-Ir1EqA$O6mzHc?)o5O&aP`|B ziuFw)@EiTEQR8jRST<=}G#AbVLy6rq#tum;wo@hH`J!^)R3&$m9>vNKn`TP=;8=Q_YJGz%x7 zP&-wKC|K@ba@FT${AaL&Ut8ZVGIc4X$3aH=9(6ep&ox?*kK7 zZl7hhUPA2w{5BBCH~pN>wT)3)2-NBVq(!nw1fxtf;u4HJw>8d4*zGuKnm6gaO8=Q4 zMiHu0vx3S1HlPHNbm&0b!xO@IAd`ystK-l8kwT=KXP0i5S~-PC1QGY@WQpe8()37V z0GWE4L09-OS#8?^xk$t;g7IK9-?eWW2I-Jz#2DBs`NkO3c;?@~-J%c)Z8w0UeOXzv zH6|`_)Ox^&G8L(cVW0>%4(8(F%#_!^|H8FzxrC1F5y=^pVw4e^&ECT8UoE>rx`KrC zt^Tk~CfejO*x35fA?ke{6(5CV>UU`*!^!Eb-rd}6BM67}>3`8k4I{N~3B_S-0;SUoEg!d3=DWym z7$jq0!`{2w`#HrBx8`$73^;WzdXbpVIEt_{a6AU>_VI7o&K`UXMLB?WO{*=j%u2Yb zASq!hDB~?>bsa@=pu`v+8hPy`xhbmj+!Fx7?8oawmOW{in;5~O)?g{+?Ef4};2k>1 zX}Jr3TBa=jcUjiWowgeMo;QWC6TMP*krggsh1-74saqV#iRc z;;AJvO0F{bT>?G9WGM&2e7~{<4!L2jaik0|KT2?;uwnANh?8Z56&LMl<5BNZy8|S` zE|4Al^73dLP94srmkQ9AS-p{HZ68c?;|{>ZMgwU~tal2*3~IME^i*Tm@d@&Ebd0{Y ztW-MshHax0*-2|qo8!h{;6ZIuBtd60fzeNm?=4!+%h0QfgRKDe+i&(l5@m-M;GX8W z@Qw>VrP&TEL%<>}o&r2%(fQboT__5}Y78gAEvE6uqs;@Z_S(qQGmrtX>ZwUU3725z z&i2F$glIarSH?=%bv>0xK-(r`L8hUwM?V?`r+7i!z{t|4hkta?+X*75GIpJ?S9g&Tz))nCEs)V2Yc~E!W_(Yy&`F)Kb9Mw*%8Z z5snvAwzQjXjCIgH%UIIuevsy|s|7AvJ1h{XCT=2umGBBz&;wo`$r|4_jrTP9unq1` zYXo?3v>TtWS{pVF=kMueq^IzY{0H}#;___HQ;SPQIR6{t7V9yZxY+hSC}>L^;BvPSp+Y$L0k-~6dI?d%pVUq&6|z}Dk}jTx-V?PVxJyhXlNLmiDU z>~00m!(w7CXKBLW{qU?a8;^*n7`ijinkxaT5tY<*?iS_p*JAatMXrQ%cAehP!e(U&Zda^MkK`IkT9zau?iuQ za41V`AAJI_XXn-q@k??TL~XWF=X!Z|?K8BO4)s%YJ&-&=^QlV;H?yZDp&71pk-~G* z;m*1gd9H6~Vy;0r#OaT)tTIVbZgzEcK^9B_4=rOFfbx|R*0YWX%W;(GQ?i6TR>Nj@ zDh#ThuP=J}D3>b-YPh{ed)!5x4f3~B6K}yfS z7EM;85Gg(TpK3@p>S7{`^{HK)V5jAn_j#Pm17 zr<@(0AMS^{fgc?1cDUBabYbIGA0Jo{5M4^|c)99T(1kIYr5wzROJ_ZNX>HbG{>aYl z@@F;y^~Vj$Cj^Fvul)q+{Hqyp2lmA|$aK_ObIX)0vxs%RioBF_v`P!qw&5{R4c51; z@E71W&40TbpxoTm!}B`mMoNoF|E`#7`JdcxdP0ezC&xC|%*HqSx)_;5LC8l*oJ*%W zWXyn$TNqWfaJX>$s)ciY2Z#`d4j ztA2PR!Qj+4I5X6s9N|1?pmxC{4;4O4zH~m7vsz4O!_1~B)c$7%fXfPs_BVsYx3YrADkCD6bI?Vtib zwM$)vTWR#~pH7InQT5OCj2yjZ*aZ+t8bwPcOn}c70xAq864UPu7+ z0ouCTrtPvkQBT-fVY{ba`5+wbY@}BpZ-LLo+6^14hQA&avtb*GAgr5G{676h&0R@a zRn&U%lHMh*74r-YLkBJ>*|eD=Q>XCqzf>t|Khq4v_X?=+wWm03; ze?MbLDFw|eO5)fthOJBMCGujxSU88293#{y3Pwki>8>uxPxLZTkOpi%SO2LpV-cGJ zDPIIdQ6+{Ct~IK-Kh_PYa_- z7QdF;?)9~7&rtU+Bzg?)f@a?ujk@yd2M!Cj7Blo-EDW;!1*DTw`{^47j~5b(=U*v8 zqi}BV_o&Tw;q^UTZUM)ca@2-3kO!7a6EtF{XnYwDCSRA%Q^mT9y7ri_ixIH_j8(;a`Gr!kbW_Qn}wnj{c~7I>Yj0R z>xidxx<>cEm(O-PP_#R@Wql{S$=J_%VAn7v&8ET-3RK;_lbDO*?V9YndlvXCqk@_% z*MaF!pqQ58Pw#01WTbdGz7|ggE4xwggQ=mpnilsnCa01IImF7`;p8+sgS&6RLVT+_ z82m+2OxP~s1Xv^+a3JZqeP}WBe7MGP+L71g+Vbu``|0f{Yi56C9CcmuWi7UE zR>VO~{weH9^l5hnwP@F`zhYD7Obg1m^XhW!^ATm;N*ve9`?BU+u0WO0_^@Gmk9dx` zdt!NnpW`&>kN*)ufu6|ca^>F@OKVidf_(1}LPqHc^Qa4BVUGHZ#`Qdw@c&@}FpQHW zYhb$YK$E`#aYR13;oH75lAnKFm!$JKrWO2`%JZL1lQ!5?-~Ty_AWYk^XBp{a2-G(^ zY=*toXQQnCE~q;639ryEc7Ww8f?hF}OaP?NINh!p%u@|n;K0^pSr>Q7b3@Z0BSCL; zoy4etEpbx#TOLngh}iu>iDcF&v0l04t}{H<%*SI3l}DIH+(_j1L!efWQJ_!jD0(TL z?)=BX%f{00f-z<$w&?e6O=}X)#?|Gz{pH!ga+@0C)5gm2w`k-fR=M%W?kY+t!6z8Y zz`TW6r}oqa_jw_3A-7JIg<0Tbl+$y13`xsJNz%`<(H7`CLG|d25(0y@>+NPB#O%(g zw}G^HZE5Byj7r*PFw9eu@N+WR?KU{efd=W5^#bKhY&PqP0d|kp#m)K_nn6s(dru&1k71f_~R|^ ziD6rW6O(H6fkh=4pa*57B0+ZGA+JVGzV8O4Ta_A5yntiZy0|9QI?L6E=QjyoEoBo2ce(KcHP3*NP@>rSg74VADkk=AC zT=K!O2GO^>-jvBr1+MOXMnMk#6S{oxjlfDTa(-2x?UyD4)F|8J&_`Vtq?zVh0b%{k zDSRdTUiIST(Kzo?I5%chQ;=?Ey}M@F0X>m;{aOdhV%tAOBsw(T9|R-Nfsy|E!ciN^ z$O9>x?LH*5h^leVAo1OMg*A*8W3#G4XV0tsoQK7J28{@4KH1!14Rxsio~%<4t~s&e zJ3=4={5r`NzS9AJHXXvF%JeJQPdah+4d(r>FwE*19?}5Ygawk+X4H%U`X$07Gn;_h z0D8fLVgb1=ATr4iw4&~D*w;27&V^6LTblv6Ixkj$r{M+sNNHO&d<#_PiFzX@sgos? zsKg99(tCjNe#-(iqmtM@c_%PeWkN-%4Zk>mxp&IL?bqpvpu>+}#0;S7Esv}e>HqP0 zUimWRY?~l#;~dT$rOUTk;*HEBU*#JO=wwwcB{0cRPl_g^#nEH^{V284bpp>5%5124 zjmzYz82bA|1mkQkL?CB5v81SZIXiIeQLyGK_>;td z@>Fujf9Fu-8aawf%B~(K@{$mB7f3N#YXSGm!Eb}apUKk@^MD;k%&QxHx_#f+9ez}# zd|b*xJ}K_205H0$38w5MUj*z5PVgX=vd_f4bePziD8l@y706}hi+6nh=4W(b4RKz3 zOg2_q%A~o*NlP@*@0=o+9cSzD$10s#=g{6rCUfo_$~SAwOgbdzLbqV|zHx>(#Jh$z z^r00TjWW z0Q$#7Y(Gs&(i#>gIWq~&)e_A=?(TFOH%@clmr~pRb-;9#s^)Z=AdN1ZM57}$Djg&S z+0BdEu>*ooi!&{}QiZQE4z9Ha2p1fx=pqU>4vs-e=GCWtwD~T90|UH`3X+DDRsKd| zb1~N_<}$1M>ZY+@W3Opx2z;jJT`o!ay{I(EuEd}l%Vr|S$Q5D7WiRoFv!u51le&N^ z##X#OS*Tl+D64UfV3E+4*Z8Z?7Wi+xO6X_@2=19H2a$;$lqx zHuBpQ|GT6SZ8h(ae;!#04Yp<$gd)D=(;hhql2&n+2_I_Q7w%LHaCNq@Qz5dg99Xvq zc+UkT_xGQ9-pS?i5O9iJWH>C8G*56XBYg0hNPZ%Y+WLI;qg$M#9f9_gXRM%p9Q%t) zvTdjf$UQO+6{S{kAqh+3SQ%=0>G3Ff9lFLG3U&aK@(I1|a&J5d1*dHA7P|97DGa&@%A^j6R^UwPP-|G3IOCm8X`<;< zQ5me|EN$6(r$y*bg#foz(ki=q+F{OR-w~M5fmd59%A!m-a1gXUppga$gYSbwoa6k2 z^9m0~pET%nzzvi}z`PcMIeEKug_;pYesnBhH=uuJ**u_Iei6AAH-7C_WtaGM(qq&q z0sOhp83HR!Du^|26J`aD$rYM7qP#+Ly!9KE#R6hgj8&SG{q zL*8p*w*rkaeiAss@L60s7k`NHY3R(BG? z$MnZ?`)7Ko0@KgpEOzf8my&*;CO`ReKu*|lbfTl_`9=Rzm)!qhoyo`2$OXi!#bxpJ=`s9s77MX8}hM%jLEVMop=02>$%xwAQ1yY9m zx`NukLL3o48h_vb2ZWRBVEo-vl@~Oq;yk0G2ucLu)v)L|Ug_RmaZ=(?5Mc9Y0Ho$KtYrLkf0Ks(G!xDD#m ze2p&DK7%W*BFWCa%E`vQTE)S>`a?ynOL<5G!ARyUMn(p5ZH&1w%cs~dE*t?hu)uX& zED=Ip?`3HmqGs_^nA-LjM2_0GisR3SvVVn!7+;5YBcEt>e)QiU6DvYlxN+OzJ%RLmV6dTJ6Z?s0Wdd*lY1}?0Ji_N z$$+rRs%{Iz8`c6B(*6=~k(8sOJ#->S`{9>qQ*Tj4WP>?H&9_5oFR1!zaaQ2Z`13l< zhf57cx+6muS#oJHv#SHzUU|0zV|z(oL+rWB6*vKAJ#gr_ijWoF?H6sPsB4eGFAErH z+_;@};#m#jfPP9n;X&QzHb{o*TYjw@*-f=OA2l0%eD&`8NLKP#bKPS*>z|EjzqvN7 zFap#k{aWz~QfSwj;0tp?Hc(Ia7qKp{7DIF+kc&ZD^bIQN`?Po2)G+~(%;Bo+{R)lo z$D^!#y*6^xGV@;!PSHkq1wyG5FZVwHNnOG>?A;6urNAGxkg%D+)^*6a7R4KA2P$VU zd5J1UG9CaM$!~`3Cer|>p*g^wqpVs_gYU0&T*1kg`XN(98)%?#doY_;zz!o}58Pc! zw9_Lt%X*pN@nrVq zg>lj&2ImcIPMV(rdgGt!ICHKEmrM^*eT?gf%zd+mK?8`0RkLqdNlPS&j~C6`g>m&C z;8BBerv<3!_4gvEquIV!g*eYT`^Ipd!P~j7H%e1R?p1mo*gN52nXs-#{In zFVc=xdw(vs%RRQ4G}fxTg+I9b4t5TnfM$y}EfTjB6yaXPE&qVn%I3gs;X3=BKO zj-4cnDSlK89Z+h%{VO4^-$-9gl}5f=%EwRo`D41>yivXp7T*I0!p{bVa)yr|I(+=O$%n&Ob(p0!Tk&yl z%l%^YQm>A47ua%QdMIHGCdirLH~^XaA!z!Pa)IPYrqawg!sY@BJ6d`%%JZ*3``9Ik2?Gc1d`K0H6hUK(XDm}|%TrKAoCE$pvdUlFv#M)^if zz$Tu+a)a5pD3NsvE+kA|>Aw@3Ef)f;qsMvsfc<6>rWFFrxg^Uz<%wG)fi6J1FbH0v zKp1VX9szGK^@{|Jmc^5kCGgaiz>>#KUGF{}SaCC7lAd5)~<-hL6wb!)kNIVI4 z*B^B3-lMEUlca1E1NT{t9dGZKZHUq$b__2tLw$%mZA;ae400u6ucK5y9F!`u%dMBt zfr~8`?p5J4Qw+(l+bVV3*UEf{x5r(JFZhM;c93amv&Y<>uejU)y|BVR0R%Ph^BLx= z$PYOj0t4Y4Fsc0uDdv&8>Dvwfs>8`p6-AS^dLI>_s^-6RW4rWO$_aR@JUg+`)mlUSXj;lmP8t%$ zGgg|bkoc6`XGoNF2z$W~b|A;gcP4LSiPR8YS$oiUJ+Wp>&sa{_!U1!*v1dFa?%If7 zke1Q#sP1M!yH6^ci068!#LSK1_@zl>IAq`O-y$vOtsUdIG{meTwT6U=jdd|?p4T+; zsGA=&hyJCxzfo0ai%R8l$a`@*dT0xbypJ;}p0MfKWM zqPM>+ds=(Xy?SURJ!q#>C1lLK9~t59hl5hfmVo0kYmt&;I-As=Qzu*KY1wJ2dk0jJ z$;)o_*HeQe8iOV+UhohxojCKJ<4#t=U%vz4}J2i7+-)9AA-o`?bEw1P*0N zpUZVJv(~SHD#bsxsJ->o4GQK4VeEy~x{8bZKhf`~U{e>+{u3u)L$=D(7<;F$bhlWf zN|goW6^LDwsAcA7lsg^Bk~QtrYcS6h={-3FEFW*U=cBo315~|IVye5uUU78?L7;|DE*)ZI~lnKs?@l=T>O$u=r?it z&J}0W-l*T9nHF>ifog4z7uo))MDKmurn1TW(hn?7F30~}l5B2d4_YbMqY^MJLISFz z3oroPQ4Q<`LEx8%zO8{h!!yxuM|)aMT3{nsxW8Pj*$;(%+m_Q)t$pI2ib<`Va$PQk zYy%2Xo{Mm7e#XeT);g{S)Rmu+x|AdhnEkg1UtQxSn$zzSn|(jV6PQXSXUAkiQ9Daa zTSbVWar1qPTG{k8gt}Sqi24UFf&%}wR(`KxfaJlf*&ViHASjDP=%n*@*VpvoO83O7 z!{4YPhL;_C_bC$O!kh?!cn>enz?v&;9clskTrkWa< z_x`R>l9N~|gd+l@Vu&<e%=0>gEyWBMW*3L11e5!g)AVlKA`p8ph`rKh^^>dbH z8-$!B?QU$tDfbjh*|9v-<-S%Dzn1pnqJ)5>k5YL#4Q|ue3Z8&4E(QO@d>qs7Dc8xl z05q}r1oKM6B5<{kM$fDLT3&AfVsIZ6vL8(hQAYtTTd1&z7?jET*pTAI7DptC9b6uo z&^!sWAksxh;1g$`xnE%E>1paMdG(ZQZm6$0u0+Q2$K)#t? zP@mX`fMK6sOUIWF%I^4t5?ZIgssLa@A+(5b;#6bQ)-&g zDOu-4055p~;(HizD)+Aq8VA7EZ7!W2!^;GJ1IjLDZVU^t1@zwS6kWgSh9;_HOJ7!* zLiylh*Ur!@R`MhD3(!Q61aW<7zXixw_+`w~Ns37$61x=-iT?U^z%XfpjAXKNSF=9C z$z-|7-Qb?$-uohlgTAC^Cnyy6Pu+u$PHm{ku*4VTX4)WE(-%Ogg>ga6Y5zp&=@R@J zz-;hM->&cux@XBk3_K1sO3Ko90tx;~gR1DsHz=9XGN#yLV0M&Ja?|Lnm%pa4A(`M4 zrAgQG36oX(?i3D>sj8?2HChhH^%-QQ^rJJ7lkuOv1M8s@OXIm6J=sIgrD|d+*PN($ zuqc;@o)uW|g(0Wd-CnXw2i_(o*&AO=wX~YypV`{t`n**?x&#Q;9eR3caD2dZA{-Cr zb6GXPXc3>_dIubs7}-f_$~12Ng*I+(lRagRw#G2fi1`Mar#!gkS&{8)OXVfsN!GmU zcAg(`7m{MYP*AkteU!^nX5$DOgQ&pq)QJ=))lwq9_)qiLTzT|A47H{Cc<-mwkt=Nd z^?5#Ng|%UKFH=HYW`&r3qt|#rZ`w$s#?-#5q1tk0KZ;<7{ACTEui>z=4SP*UDdIYd z7Juc9NVzid5wjz7Q-LN;Bj`j^SRX(5*ybm>_i7r`5D z_!82eWYJ6V1hi`14DU(O<_`NqCE|SjTV}a*t+UAoG!{$sJZ3TQT)}Q>Azs{r-1<2S3h>Oy7~YBOi(oxQpk$ z6fke&M8je{i!%>xwi<4E9WkIIFKVI&=Anoz{6T2yZ{8MsT2LkjW~D} z5p9jEec5aC?9h2FmV|W0Iq%y#ua`<)6N2G3x!J1Zrpz}=#AGY;uL&>l#$X+RwLVZl zYh7GqBr(_)JK4+_<=qjnHR06G$qBb6y8y=norCR^Rt5HK8_HbRbFjEk1BdL;E8fDjIoAvQh1r6s~lk5`OFeq8ECNZrW`*K~_g z;~{Sww+)NuuW7>YXbe1XC=8(cL#1HfM|k3^$5dOct(W-T zRpeE*c)c>2r=Zhrz1KU`lPtHBG3Us#i8!t;6hWEVivP$$!Yd?O5Kz99t{j)=20+7o z9flDk(|)W<3X@2b+W@P?!@ifweV>SBt6feF?%?9dcX{a|%ba2sY8SJRm#cH>r_0hP{9HT*YeFBkharqvX_W6xSB=i{qB3cCFdJM-9 z!n#;37KXg${~PkC$-LFN+yI=yCL`N_^4|xi)b;MR&h!-QeQAAOU8aSEU9bs~4y$77 z@2i@@dQw&7pOY@Kh1ShE3C4xeQ8$3B8H!oXBOrcXqXWH=G@HTPp?d{+a)Pp+sSeqd zT1`+QM==FQoj}P_(uw{D*?k3E6b-Jt>m>dl0baXc6E**i*t*O&gW;|P&RlM-KNwjs z8V)T+A6>8V3x_uW1>`_mmSRdn1BQxHFZg3xJ}cv?sv@mzZY1C}E{$Ov$~RXy-kl%6 zCbBYzJ3xghLxBoaOic8z0$M%#-#QJEn^bhiXna`*#9!?D21+j7`tS`!?YFZzE3a=I zI)2ISDQnRrv|IHX?if0le=2`+{0|F=Zh+Zj)L#fUAe!O5CKzdX`AUXcHdg&+M zpRf~Zksu91I|-)>V{4hO>~$a0N|JN}U^p0?If!ZlntL`zBMf9An}Jr25}a7P#+yQ0 zKqPku`;sKl0^`89L$UlgcQ4TKUB39jW4{Z45i8|R6&-5qR|CuWCxDQID5G|8AmXe# z708#iC4EfxAH7Z2{OwZ;mf$%nKOAo%R9}Ai65o90rCZ|7Dt+lSHEV_aV1L*M! zge?g9PvQIy+x;rEt&hb-Wl!8Vh$H|ro;XA`wJ z;lLL(!c^~neKdD^Yr_{;1q%AQOVQI<)9WKGFb32_WoA7%BPgqVT-jbd7LU!KbhBCt zlPOTe)>dPTo*Y(>6TX$T6BIfjAJ^$>N{KU7{FhB;FsgZ)@)}q5uD)oh?^2G=9U51R zbeh-~ZyD!D`x*6eaJ8S(Sb9)f5NZQa6DbrXF}Y$MJxWQ2LI&YN?XZmegK0y^qG%lx z0;r*DI&2=QoP!Z}E(|4XESyXIh9j}(pKnM<4sL}VvrG47Z@#s7#JqODPY04X%RtB#~kMnTH%vFh38Q_ z{vXh&D4EV)z7|7F>R_FJ1#3&G%aQV}66NH^N$l|$mO+C*PvWb&m z6VZu`2NH6oDLGk^6x0fAW0fxkTq0hxe9_Y6_&zTv9Nx2-Ef&$`rv8>+x-y-}SG9f; ziOb087jq;pYTckQ)8SoR#76(5>34C8tbcl#M@pBA>#Ogt*-E7k6Rz`?O80zI?ju{F zQ6|Yw!PALJuJ*Pi@zLQLF1~(?+gQ0s`SJD*$$!rDYz+-!yZCVo?6rD7!c|mdt*iw@ zov2@S*Bq1E9pmPpo+Px^LtwDJNQdZI1>k3ef*2nJCmk?LIDMg!xWcZumP~OtB4>C{ z?!k{UxK*K)+Gjs!UQ(1dhS-1u-%Y(T7|XN*pq$^h*edarod)~iLeQhhuK=SI)uzR6 zfZ2n;4i!c@Y%nYw*Gq@C&X^!KjBsG03&km49uO`7ACZoYX8GPW=7%X?fb|uLvrnL( z%CQNOXOu+~*aNp3+iBqjL`KX5P|JGvE{z_e-#NSjzL5Y{Q2%;SimT#(sY19`dayCD z0v1Aq&X{XKnOiVff-5fm`Z~9&QKI~Fyz^hn?F?c{XT#gTgoaT zi3^~zVx>-aGydf*A}m?F{jBD8wT7w(?)Wu_AfI;EN%jH17~T=IV!POjf}Qh~Io)^b zMQ-52#*1O>7?gUL!lt@)B^MFTLT}7YNtesMTbMyO6qJy>alxrv&ng$iJ`H+*PmtN< zz*M!4P9wl)%gBlKG5NNHV?UvUH4O>wV_3D-NAgANF_xwA)Ws(m2z3*4Z(i>pOF^c} z1j#6jGxvR6Yn>@;ixkcTO40Yw?=LE>MG5+ibv1W{LvDd2n>=bB-qji1T4B$x zQz+>OIrlcc^v~VQAhAynnc5T4x<=2h=` zt^T=Gij8_k!<)X%Gv~H;rXMaJ4d*1!oX(m2RvQYZWUl8HpD4=fnoi@hac)F*-HCY` zo?F;4zHNKH{jwE94*{Fw_ph5od1mZIShziiL@`vcA_aHZF|fo@TOX(*hwC% z^AKzWCRO~QJj*ffP2~`Oei@7ul;OH}E7+z*k9Vf=35j|?1+R%%%^vu1_jDMKJ03_~ z&;2tO2WNoHN#(T*eeB?%L@ zWR^^+_wsX9^s}!jbTVg8we~=;s~}Nbu7!bkj|f?MYI>~Rd(4n4Fa19pvGN_AW61Lh zfH?A0WH!A{O%1ghyR&#TKdMt0tb`Kb}(*OK~+Ur~ZiV2kx zar7X2v7hfAQi>_zznC>e)eO8Z%Jv4`*t06HpR7D%=$iD-8D=-5zXI4;8m@+3FT{!86rTfA?02VjjFY7r!=VL{vwuH} z{|RT#05JY^`RGTw9N}c~@;;8}9ktI6-^FKull)ZOS`k_b*OpI`Yu$B|r;NcvYu&!i zNX~jNGT);w01?F0+4t#RJv66q8!@*5ZMUMAKhD{=M8`aaqF}d%Nt*(BUX#OtVyYMC zR1jWjJA5DWH{=XTxrr}SaXF-imm;2t*kg}?2??F#HYjzi6(S+?ktbUiy~E9OEGoPm zJ<9<-mM2fXMJhUcCRSzx^S=KujG~xisM(DKF}6V3#6}IIuRRji6zE>ue^{ug6%Fxp zDelfuOQ5svnH3`T76vG-1n+8uxa;R4UrE1qT24d{1AYzt9CQIpWaRa6GR zTk|+nUJPYU36wzCQN+Jn7r|fk_zLsry-Wy>upe5;2uC@!M9qYfZxK%5C@bg!Bva_G z;{{l~AmY&qu= z14&R#q+FtIm!)wGimlrbuu!F|*zC13%a^saz{K%ONBWTMFdB)Al{M1?0v(vX%l_@2 zp+$gcugh(jhYi#`24cdAN=)>!sfYPw)6VtRF2ugGptmUS^f$Pes1pg7CvGG9l-J+2 zKl|MNSVcNNhdce3me2-zuGl|L z4s_x2-3#woy@ZQyd`tyGidSZRr_>~%PK?C?5p6^lT+})ehNFJ~EK4H~1Z1i|_j6>d zE*-uQfkJn=kXEtPV|Ma~#GxPy?ixH0+{hBDyy2fDzb4fSb2sA}l5uuZudB6X9}iU!y0hXJ0|d1nm6^v}x>x)&y+~3x+lz zUwW*6Wuj(lcw&dwQ5dN4?3Yqw9FB4Nju~^DWW=@j5$n3oftuBEl3PP1dMi)Fjn*|y zD>5{1G7>*dV>ZBwFFXn&Ywc%RTa4i*eNl!DTFGoZ?mAV-D3iA`>kIUT=Q)ij zbHrXdUo0Y+$DLrC+Dt}6=Zx;NriNq5ZdU+g=feCCmK(#2kuRVzGvzGPl04B<*I*NO zDTAL=yHf^)f_f?3MS4XJD;2HT6^hqRfn*iB7MAV`L=3Ps$`piazabMlD)?3C3R}_P zhk@HCcP48X9K0mN*%XVESE{EWZib~DE>I@#-7s)&!~Zye9@QUWuW*TvU|N8gb;W+y8$oK;6aLgjL`)$NCRRC`gU`Et_sLT{QNdM6QgR1cH7U zz$2?Mj3ZQT80Mb?={IvztsJS9feiW}V_9l(yhDO#9APr3ZKi(u0?YeL7FLjZ$d~lM zE3GrSq^jCh%0OpGmj|fh_7!vf4e{BOGa&E{b<9N0CZ?%qG(~BR2D~Lcgox6&ni_w^ zl|rDtJrPP5T1vVqEyHD7w2a=QrI6(G-mutmbw~CQnOS*3{qtU@p3GPXr(5b_bc4$w zrRtjAZ1$E0HWCJ=rzCrP_ZUnLlmNm4B7(P1;Mt9eKdI6K3cNqogj<%aO`(_Iz)gu1 z{(;zsK}p|CS3&<6eXD5OH7CpPMJ5B?k9&dOi<$0%JFsl0J6Gss^6I}cqUf}mB!Xj; zv8ggyh1GTsUw3dv@i@bjUuj>H+Zn;tnyI46wVPgBAdA$T;cQ5$kPm~X{x?tx;U-t# z1R5ixr0>2~-8}#7wuAFcyxa#bpJi(`bGQ0`v;;qe{BND`lSb!i?xSjf8XO(uw>It( z8RGaFGr7gWp#40H4?2XGk>S=Cj~~o44KAg%7B49ms;EgeqFz~K-Dgpq1^SswKO)hG z-8F*KOq{Qjgl5u)zsJA1ghrWaw&NQq>;f}sIsmHD3X*ianhmr28<904br(3ly;nt< z0bf#|^QCCx`S!i2*=D#SpBn4*&NTvnP$~8pAXOLj9n~Mqf=O0pgOru#U|VO+enFdz z_C2vevg7`7mo>4=WQ8xL-e-^xD6+#~_>OK2Xrc`Qv0k|`ru4S975=eYE;soa1l3xks9~ z0rnX;bRD#d?^@W)7y`>Pr|mM$7_TcV^eK5wl2#lQL>b23PiPIK+VRi$ReM~exKVDW zKMN8ymM7VPv@|2G(9y~{g;F|j4XnF;&1~YG^h)1lLBbpeh2-;YUzKDwnb0d=-m^Py zOi~nVxRu3wS0J&f%9I&X>uy%he2{`*19SZVtd{vcKl9sxPWQ30jiy5)!&x0}w5}S_M8Ae^))zo_T!J%G7*$FnAm(aakcwrhx+w_GzZl?_AEZ1TFsFGABOS}%0oI{5qdPS6BPL3|2hn#~{V^-?9ALiLVUM+xUpjCMQlbQ3gF zq&~C;db&H^_u}!Udm4;tGV<<&zA}XuA>lGNXigXGO87J3HxOLrPuoEi=yPJyhA)lt zALSOHcrLh+4eKmikdCd1{8ALuzfjj>5226jud<}R(cDx>c%*c|`%Fycdmu4~3xQAB zNr5j=F-eV}r|~+95fJb}EayFHML{-G0=)ziEZXHs2$J786+$ZXPk8QWxhiL+|0(8j z1yyPq)45%x`p=C=Ur;b@<_6O(_Z2=ptQ`>+F(2ZnWw)ElUuz>i0B;QjB|>%;?=_)|ArU{gJZ##n@Hyl=pBqfW^GHKg|}66nUDyW-f_@e z0t7b)-A#ipK;+JCI~)Re(%>+TxAj>o=5LquJ}}v_Ik9^-yGNc@2OP$I+R!n-;~^># z^YYa_OD3!((l<6NBNCjj6FP){A@GwqCgJ^uD^F3vudJH2nT8{xxIvu=xinoPmds3v z_DdMTM(Z>r@iu({B270a=eyVN(gM?T<|L0XFbC(f8m}NFD;-@` zp7ZUdvbz&8bwy?j@$bkfvx1Uf9m4PLC=8@OTtle3?M?*|guN8t<8DZpAy+<=h6EiL zx=mkPsstSxtshlN(ygf_>;z}+vSAEj-4H-FI^5do!pGwp@?_9s5v#z>G^;Uq(n?O; zbV?J(oiR?fi&SzubfyZX(V$z)?dWTX4ksE6w((9AuVR{hGkMjIbe(O6Ccb4z$M63Ucd0{&IgEW zY?01DTW;0^*Ayy-4;hVbv=5Aj{Ah;bJ${PY8sUvF;+5x=Fk8U^A#aoPWVHf)o&)UC zka3|x5>F@wUD0``dC60B3jY8>Q<-VP@hPo?p)r@JGWhjUJ!X;vv?8L^Gy=EI$j}xJ zK|xag=-wOV-OBI(_~yDDYI#`L{u`-sHLblzD1?7hTb^Vre|l=~o#DJZIUxLy>{_T! z#XSdG+N~XeBNme}gF(=!7q;E$@}6B}&WurXl9Qx-)x1p7jQvpIDez{hJ?M)B6LFBP zqxhxymf)Q|D8BE!!iO38>9c*|{vkJmX{NSO?3F53BF0*ihHLwCJuRxp}tfUaJpACvgNjL{L83&vPEN3u9#`_UifI{Z07rKI`b-O1T%3 zmFP1bzI5KVT;~}U*fS}etyn}GQD#hQ^46xj7=kOXAa)Xa2{`TF{+06iMuZnN za^(~CWhkgK=qqHLEZDe-#C%%cSb{B5w$$KJK$aBZ>$Q9`uYpjv{Zz&@&t|>HGY-P5 z+p3E0wkrPFPRn12$jvx6@gv)a{#Y+aYTH9TQHnW(Zl|WdL}FSdN@Op89GNL=O}N6$ z8mIJI)1=Pi0c0|cJ#QSu6mB*it>u`J1sXiJ z!Fsya)OM33ad`SqK-$V%7(q3i6EL`nE9b^27u*J~knrAWRE9OErPl8|DrO5r;!^V+ zuu0#xF*e1crfs^_byukj1wXA>9_q?8Yn%2pdA#8=tRxWMOv?h(y<4F}X86vAd9$EN zt%wroIi(jnN6}C1_ar_jb{AVHC$-!9vAt{i#A9NhZgT`@<*LWVIro&0z9#jQng76JQBKG~!A{j^8^7Kg5%^^azA!$<8e!qRYrZV{j|&6?L_IYbe0-EhBPC zFLC6&60!O6xda2LmA)&U%Yj=E&$KoN-TKkz_WLVoXQ4~g`u$c45kQytb21Z}-a5bz z#UMI=<#mJSdyQj2N#K2XeVfPt1n1tE>{B-8y{QenI>dEsa4Zi_fIsDf!0%fEocR zSGKtg=khn1!h|p%!(DWb#meM7lsgl8nHd?pVIp7otODQf-5&gh&-<@x+s9Eqvj-jZ zojWPJcy13WD+!jN8lWHl{q1Do=DCVb(+;DA+qW}6;Qm0*1N}1}z~1BB!0!F}3AYEb z?uDYl7zuXhr!;BIcX`%Y_8ZQJr`x8?6{kTlY(g^RtY1p9P$2+NGnMN-B2y{O(*6$A zIr${%v@cSIMf);^hi+q`R=ss}`md5&D^lMgLf>>(1AaGJXwHc~-U)KEe(g1mKvivZ zTa||N#gz7%vQIn7ysTwi(vks-mD-?|lBtdSHfaAAcCfuiZ}p28hr=me2^T$w!nke7 z|GhB)9V%1sI?&H*MAD7(jJ5da$v_|&U@`h3yNSrl5pmPJiOO1ED|+!O-#H7=pK%aQ zlcTeG02Y7(4zn%_yqISoZWf=U;t+CM=K)U^dbs}9;h5`O=bMGw_zBzUIgj}L(I-#g z4uJ7W10aMvR!p>CuwaTX^f^l|x6YnGF8=s=FcmW882G_RjtU>K;qWJq9)@yP1*+|C z2SegKOrXwt80y^s0{}*scAh_?aaIu62jiJ>tx@-D4B8W5f^I|I+p%(Xi2r8|Ec1bp z^Jd5-=yY37XvZwcK3b{~1#dO^>>kpe%p~FX@dK1NnH+(UwTIV~1c zn%0WY5kij9OgC3Zfsw26!L^XwsJX)bhXqio<-I?r--<>JBJxm-ZTf{&8seBBS<`2z z^R8D(2s{n-akCBy;jRttiubibVGyywh(sH?9;3$MYCxp zjMgsaYny#j5aVMAXR=N#k-&opV(q*Ve7sR5Z zeY}XoY$;%l#(XOShg_+trF_c$%><(`rF@8Kiuaf5~|*q%`rVr`dBym^dn{ zw7NOzm_NqvLJ1ZjmdHK}-L6&H?>o&xA{)M%_fy=G(MtmcYv;2?9yMqH~3W8K+O zXb6gM-pQQ~Vq7LZbuRG6W*GD@Rg4+bO*zJ|0Qwb@PAF^A4naB52e|bZJrZ?!h#^Ly zKld-}i*#>nI&EG?b_Lbqm#1!{c=wAG?#bdJv1s1C$S!l0EWi3syoAHGsB#XF>cz4Y zz=K~4Q`9EUBI}dv;rkEM&7R}^D!EN}d6L+v4)^g(tf+l3etk=|_J}qmTc z`!ZjU=$4ju%N6)7Xh5wEHpZ5)RtD|O`$(Bj1Za(@z`Xf9O7h6dwEM4dv)1oX== zmuQnl%13jZ<)#sxFeazC7t(y~_RJ(5IJ zP8_(};oKJx&0Q3HVWuz}IK5(Pd%RS`N?7|f#_c4KlkMueIu*aUk<%%BI6K7f;SjfA z5x($j1$p*=YRwI=viV|gfXdLJJ>cFlS8 z#pjN9#8-fT{@UQaDcwnT8=n4^Te4xl1IK)Wj}nnmbe(kfK8H^|;pN1d;MN6(3?x3!lP#^JQ2QcmEg2i; zyB2znDsfnj*v+k-xo!(_5_7DR$aE-G^LPj=83CTC|i^%5~O7Wv>26R%(=8Y z3gCG|FFIHg1ERxDU*g=FLjSvGeg`HG`=i?9&xn2<_bQ7)^ez+JM4KN}2e(;@i;9%r)7`wE zyTebA5o&)T&6cMtw#g)ar{sfLm;!ld8&Jqei?!)iH&9;&n5U5%;Yss%}lIL14TfJTteT>B+3VlT_O3?`vef z67oO>4K?$JPE{SCI(TN^G9lvJ2Mdn!m=KGHH8lv7uR{k7VPDG`_sQvb;{?YuY`R_i z9#HF6ssq1MK1Fpb5s52BhZ=VN-9%>)b<*PdY)&(l1)g)sqE1BUisGpFChSv_we7@S z09`@2Z*n@x6K>5~F9YDSg@i&u6)s%yH{rV$;U!@3S$d&P*mA_)<+seXqFn}4t}c*@ zBU!W0bL+Gx)eDtMZtt1@B$(lhv&i%ACiw!8+Hl`wQX)6~>J+B6uPSDKyz^MA#$6(o(pt4mqZ0#dYq;5H6pLma%5#{--jFbQO z#67@FVxC?yFZrUACo z1TH0lxJxRI<3~H(V1E0pIDzHHIGN4g3vky?sTXENP3LL2jaGUBmEh}U$wvbS&H^TX zk+An6&{&`qF`pB-k-p4~eW%BMjOh5I>FWXr{gt_(6D9x3&skDM!KG&dZqxrLZyIw@ z=Z5XU8QMUz286GNx{lTxg7_ixqc_is^9~^pstH21q5+3{@t@2!Fd=rs<-v@EL5eRE z>enM>vU%{WIqXlc&@im(5Vjp155`IeyAC8fUnYFUT=mZc%B<6gjK~hSK#n*n9{|`~ zyUV;CjPrct3yff|IcY-`mExTFQxu&;WHm#`=}WNnQ0S-e2|!E=`nMbsIJTn2(ghh^ zAenJARN7u~18xs+;wdzu*t2)I&i8t-UihIp(|~faBX-Zo_DOlvp$0D? z2@m=QXu2AN;5JB(6V-C-_jqMN;)BhGa~!*y>b z;jWSU`V!g?dS&%J87uF|ZOypmn;uAe$_MNeThXX7&1b~1<9KrdxcgO}4`)Bd~6>OA1iuVHIy|B08kC5$=U( zdJq(qRkLT2_{+ffd~j7$)OrBU2$(33k%?DZUqBvFkv%7zM$S@3n=Vp*1y}>UC*AB) zoNAt0f=NUAHlh?o`?M+=-6U2H2KxTrj`WG@Fe+wgNWMHmfLK$8MXVs#DUWzrbh$~$ zsk-PkUb&gD=nc7Gv4mNz^j|=gJG$D!Q$vi0-g^BREx=~{+?N0j&%am|3$=9l+5`ef zmh3j##=8yXBkh#YFvgQTeCwqZ0-IdcPgDpXpf4oDJm_=pM)oC7Xlj4vhZisC#~oa+ zw<50vCCqPz@~7O7I-jVFuFh= zL*9yIn+u8J?LQZWi!EPK?I|4(?n!1U^ug3SNghx1L`e2MzxMn7_0ko_gl5BYKs3L^?M~=|ff-*{M zA(EP$`27#&wt#g)qUsy-OPTOM{x(K*hQ$oHj;N4n9GAhN;`5%VnCc99h)C2*N9j3h zH#$9wXOGpVL!$;$l6ddDL^rGWr@JOfAg1-C=h@AlZ4H@&uNbjK3BY`@DY3U-vrX>FEO_qs1T_2S$LL=Qi9*t zw3L-7c&JRMk10oll^}}L)6v@7R zKgSiGdzWQW-nPQaD$}mDF_DG+iR&|^@{O+nBED)8$6L)~48Dp6;+Ja+hdr_`y7se_fw z(B@C%u*GvKmlcp<{?z$l?*c&P&QSHNLzj@WsL9#WRMlcxn$+r}oSzCv?IxBnUT#rR7!eZi4HB zh58JtcQcotm2__wNckSP80v1H{eUi~bR>=E3hpY9f|(JRxVcnJHdkABlKeuYeE2p) zX=Sd`EHPmyqlp@RJ_0Wa{VY)~QI*}~7uMMLQ-{(Jn=V_62LqU{AnjH{&o0$ggxbly zE}XGzh&va#AMwD7w$-+UPnfe>Z@Yy@lqixr*`$ts(@;lWO?ZJU+lp#FllqKpayaik zq(;g+kP78b|cqlYS?3P>wZd=erO;Iw_@x#=~3e@ z`3v#G8%Ict{9?Y^r^mn<-W6@M_f4FULcF;z2nD~Qh8JSeaw?8j8!o?ZdTy+HQw3`2 z(hkBJ{y9+Q$Tx^Xmvj;%3BqNmMfskE=ZQK?Z!~WU&!!c=L0M}sBxY8&3gN}FFR)b> zh!Va6t3z$CV?g`;=p+CO^7 zAf^Ke)-LmFx#52-c+{_09uzA#+qC%6@})?INE6a~n;zee!p&LD7kLhcP~Eq{Gu#!( z7jqvr+FMPhZEAb&GRtP8%^H%+x-AMxD>_1!Oq$e=#zi+n3p~CjHzv zGSIXtw*qZ7UyFze-#J1fDDeaGUbDnpFDU=OusmpL&33i&D%^KZcMiuN1Rn>Rh82~Z?1lP&t|Z1#g) zG9huBjB7a>HO2E(7huV!|LP}rR!%+jR>H=^=B#@zQnM490joLa934_-^;`z4r=fUP zJ)uN=6OQDS>4Qs>rjQ1|^@dHB&l-~>VjNuF?^3Aex4hni&ANl{nYyoULk5vd1x8c( z9BZj|WaG59{2opfJ%p%>h|4Rz5Mw_Y}A+=9>&4u(&mEbr?Zys}a?f;qn- z)}Wb*lF#(C z4c{q2&%CShmusfU(E3k4C;njkwhsR-JuV&5Awz%$#4BRd$uGgvk#s{<=DgeJI0T0I z&;_hIs=YG9ut_PP7uQSk1R20$L`6g=IhYZ-0ElX2NIL5gF`+O((#&^V3Xm~R>y^q0 zOl)iy`BU&}a2O2}dM1t{?}KC}s$jN9eg&mQ;_|)y@3$}TKd8>2wIxL!53__vlxiGL zL;w?^VIU zAl6f16j7SL9u^j2aB4>gw$4kU-aviy!2Q+e#djpTkM&dhN`nSuEnSJ8k-e_;5QxU9E( z05eMk_KjQf7Cc-=Uwde-;B|>JiYX#?=%V|_=rBrb5a%aP5`EfFPA<_Wd0*1q82QsI zP1eOkfX%dYrYur~FoA38#;t?A1RB~67H^n%^eUOXS^tmO{KtdNQBo`iewtL-b9KmL zW(+>mz*qt|ZK-fA!GEhd`UB(_N)__?>NFDphYMJuSKviQ_7XJ2 zOBWH9D~+VR(chq1Wd94Bj^dh{CDX&-299dddR(Q6^3=%T7Wt@%m5goaaRLn!a>o~$ zT#Yv=6>g}ysZ$Q{)w}TbNZ$H$@A$xb))+Tt-oDx8lyqtgQBOJli;TLSJ#_ys>}5?O zj6M-Q4>tPpy1`ia#l__CdRO?#C9E{k9-h$cjWwCVwQ#SbC6PrY^y&f%#pFIAN-r`; z@a903oLaSAA(;5gC-$jw*b#fg8WWa}4oL-{tOX&%`1&Z63A}fn9OZdBb||nq$oy}` zC%7p-TP+2%XP_y=TZx=zygh(e_pCCAOUwg_8n45t1|or`XD$BGc2fG&M^l(J2F3yQUHORhX0O!QTaAYE+g)B~I$$bX)Z@Jc3R0$4Q?oYhS zyfZHoM#>ZJVTljxX1Apm*&J^0{$XRc-{@XlS9}p-C9R4+B}&pl_5UCn$W`I{jObYx z9{!^zTk(Wa5|HUz&`8uRD*E1Xju-$UJHO-7LRaX^GxywFc$Mwdz|di^6t6_XOcCr% zUTlb#>=@*A9{>t7(cnjJFl(vLZV}HIV`e{5ZRy|mGV^Cb_O`yxdvDp6iyAZUZ+}b` z4VM}2PsokPe-}h_ef1*NkKWR4qT8zR6iK zc253gEU@P(Da-FS{|6yz3<~dwW@P?>=ssrXv|vmQ+7LRxOAN^-(KQ94B**rS*d|y7 zya2hP@l2VHT+!~fcx6W!J+KsB^8(ZuY~HD9+z0%!J|#mMMb>OOh7c~i`}-MgZo%+f z`G+I9y=AYLZG_y2hNxV|;)atnu39%J-gE8GjP4VmGg zIEjbrMNT~pXjZ|8?3|nHRk``Yrs6g}O`fCj=|DN4eft3pj~MKNJKce-<{kGZ9z0}T zWbG*v<0KTT&q!?_tJ7fF6+%(ezu)2J(l&)KXEJBdHhJ3WDR!&yVp6}qNV%b3UP8HO zaxNM1H{Q-|FKv=5RixZ`%wkfCM4;r|yprc=p2$fzDVseCXX+^z_FUR0y}(-^s=W<; z2~8p8Vxfk^>!D~%;q#GBTyH%fF%5S1%x)U~eUEt`blJPZvQ!`FWdhn_CrSO*!>dP3 zzU0DU5q_2U+R2i_bFKt|CpqFqrvKP5}Zozr|@C+b@k+Df}+r>q%1X9cE{+uBvsavj~`d(5dNsr$_Nw2DA z;-9I?)o5|bQC`U1S4C9`%|b$Wnn265w`p4`GAC~VB~^qVAS{aHA3xEGLbl^MyBImy z@ax!EegmdH{~#m}griU1#YUM(F7oSiu_;Kfm!&o?EH5jU7Rv_t{QdoN-jt8%t}=L- z89c1N0NtFU(ZwImO9-fh$Tm>-)o?3xTm0K-aYdUEhF%x7pMjH~5xVe|R{U=313e}% z9K|0!NCHV0xv%gO-v!*9=(p3NoF8KoNS%TA>4z|tWshI_FEnLEPuQgDLln}k(rb6Z z27&WXc>i&XisTURkw`mw-A6rT?JAL1y2Gpg^#1$O>u__2Kq~7E9hr+&x;T%veq`$2 z+Nxx;&4JzN5`L~4F~cj-brp)nx87pKa1Up38xoVud%sj7*qID5xyw{&Izeg8`FUSA zKEqDZb-^4TO@)vgU0?V_$(-w$30va<(C29mwK(3MuJ6l_ZsaJPf)$L(a98p@))DbT zx^IOBQ4)?1I~~gJ@LbEDn6WFdyBX1?D=g}mDC9v*GxkDz3G%Px5`<nES`iC!uaLJ6dj6G00AnozUj|}MQW-yfqzA>Bl{szOl|dJ?n1)E3ix1F z7tzXZgS`8Y2dXgS884SG7;J8f^=3AzZj4=!D~eEtdA|Uqi`qA>4{RDo%++|x`^eaT z-v4{VypW&{e9obqNT`S_HztRJYyNL;GLGOuzj1$;xxbe7@t^szy_FWsCt0t_+J2HT zRNkI4a;&5?cw3_PLhExBlAk*_K&}7c+jHva%V8vMlue!b+QI~%BJz&`@`C_p14X8| z$G97R71j!qn!dSH#rd+=9L80OM-1c}-VB9=htIPb?&y857TT&d^k?f zUH|?+EZ~1LLDIbKcp5V*?h?pJR;sSBqnavZcP-;vPnAWd#@{>#r`ZOe;Sgxx^0sLU zszbeC=vgIg0H)y`$FfCZ@$mDSKfJu-^w+eX zTfIoD$4yFvsJP_fixN?28^%)^#6Tjo(j}LuKw@yA_07TxIjENeI@Jgyh%TN@rxpKd zUHFsoG=HVFjp0EfP7X$`SY4i4;#xL4N8t`+ zpNtMXAx44Ez39L8#8p$s_~-+^H;pQawktg0Q(!CM=N@H2X0*B3Rpat1g|M>`Ij3oA zwwNp1mdj9-&YBZH8fA-ABDjSHK1Uq6WNxK$RAH3%r~~r`lzk6ZDtsIOQSQ+r`4bnl zo4n~K4#z*<=gieo1|@H?oR2NP|vPJw_joA>VP zB>aH#*6p+{19zQ&`nU_?F;7VFUv=hjuVvj^o@UKO)3P|&erq(pUF7R2R_s4@26>Q$ zZDeZnZ+cF&#}hj5`!1p_etFk9tM5ysy>Zs2W^x%!@^xDWa1YULi~Ifq{!oI&;jmLmWS@cXF{Me7NR|ehekh z&rIk;gJo+;j!=p!`=a-ph5nnKFyHQ36cW2UdHrxq(|>4n{UxuXZ6($t8;dHPJ& z_V6y#{^v;5^qC(d*CCyI5YJTVBfU#c%r%Mxnx}aRX(_#qy4m?YH80NKv{ZJ1SH-UA zhUD7j8A1oM^v$SjU2E=|xh@96>%p||PnHw+Q`J*0B~FYF;w-yjs3X}SJA6+i5_@`a zynV4?TCr8|;r-DRQG}9lLJ(%!ouFGo7q@wrF9-hp8n}>W^QbbVBs~Sds5B_;qr(gO zQfRvIS~uJ%#}$#>?y(*SOZmv4AS!{i9~47J`7MNH-OH>Ck)>K3BjO^m3c^-->sd|X z+%zmVu`RPDjY^R_Jl>u&eL$x*xADqr6#)O9zs;(@Gz!#DA)3g}{qTUn{W=BoB4K;% zMku$9CbM`qII>>7nF#ie>SL4a^sWY7CxWEc&U5)17E2QE!J!Q%yY>p{OZ5ZDbc%7MSaOn*HQqeSn((pH3 zQSw}IG0dVPEn@G%j>^g)iP9d`{=hVXTb|adwmD8cK@`f7G)xQzzr6Dt_{>%wRuTBU zWrf0$d2_l*iLV&V#m~K`u#Ddy(E4eu`AIgLV@;*n&M*1A!nfM)uaeHr7D#0ls=38e z9oVOQOjzL5oo3yH!G1(mx6b?#2Li%N%@SA%aWvEio!+U8|NIZiCr2E=34`nsc!1~H zZ2P|-Dz-es;*XEBDhL_3LZ|#rfs=e8SuB*oAgB2`Ik<0W0(Ot+^kCRHS~l)H(sR-z z3TmD3iHuQiQLzf!!m z`Kn=yXGDb8WmIE8x96Xl!G2KkXE}w%Mt|T^298S3%gqh1h#=c>FAY;D~jQ7Ft)+=94uBOy*!LCj8@tx|zg*>+yTuw^Vq>UGXv0s-W+zeuc6$Lil z@E&{i`A;mc^c-Tm|HDR*6kqnj)dFxF>KY)|8vl^twS&fx9|^0vU!6JzHi4HcxL3&U zpjQgI_}@p7HZ_qTAJxqe z7YGki{7Lwh;PYZtYUawzyiowuP~NIdC;6VQAhSTM$vFoUGAZiFqpl4nytn!vnkfY= zOd(bfi2aC1mrv1va<>}7!Y1n5T{m)N>BXg13IdN0B->kX-5aO>X*Z|Vk17u{sU`70 zhs{ahgJWq4;WI@b?|%V{eiry0f^)Wr@DuCL20;+t0tp{k_=b7FujiB|S(U4kRCg>f zps@cE1q>6xZ59@W-mkA^y73=^?S}dnaRO7#EUZgKGI^ndAGy%O)dBH(R*)1E%w^p# zJGwaS=D)Hw=OE~0*;NGQVaZ(d)|+~+sNmfhBOyW_(5x!ztJD*7mE@L`yKlBZEfdJ& zOC{^s1FD{S^u%-8M)N7SOMTNe;{|mT%bI>Zc01;(eCCzdqhj@*%at!HDRs3dwW#7` zVz{cB#3s%q(2Z80sO>UbQiAak94Dzx$-UUU`ynhNG6JVh?pnS4dVXu0_8jQPciy3X zelVU)XsQiiF#Q6tIG#7Es0J2N<}Cm50}vtX$+Sb#Imodn^-U*6EM(7y$<|A5!KmoR z@IB-&Ix2*25j^629-{XbkA4`5GiC4Dt&lPfVyVf+mPryQZfluMSJ%50OPZs<^{Ni~yO2|!IY%W!qt)Q8!e#+Z zC91Nr1PE%pj!ec^qaoko7~Y)k2pK&~*>2u{di0Y-iO|#gWg~LCNfh(5aiw{zwYkw# zVu^cc%E8eNZC1e=h%qa+ham5GFJ>+*C7XNZj8~ z!sPaR*O6RBwjC*#JW(d0$g4tPdbcaB-EZu3+&Fm z%U@xxUUyXGT_k73sS3X7v$B1VFu8=?gS#4oqSNY$PtO8{BbT0kV%cPJo7m=iI$=iu zeLYld0{ILPu5`2W0s;YDgSlOcBfwT424W_qQ_X%wB=ueH^?&d)mKbBVVH?pxj5Apv z4|4C>nC_Y;36sQ+$#tfz?32w}diM_IsrNOFRJG)@uCzQ4s&JN=ADNF2#kN_dwfT9()Y|-G^O}hivc3q|A2G>1 znPG4&Bx>Ph@m{)N#yHTme~+(#-gS`kzZ@FSgas)XEK1Xj^Z8w*y|`)iBYFg(GdsEC z_ClC97YgloTER&JLgF#cJP}78lX}UZbBC1$VEjST*aEtPwt_^kP@2>j#1vl$`N)CE ztwQsOT|GENtbqmvkU(V*-|Q%1A+Z21=myK)n`FxU)pQmFG$PS$!T`3pH+Ew`1f0OD zIS!AE19{zzCToOU#Vy=E!D~F2?}*ae5(G|q1q%XtEVy$J+AE*}al)OjSH1x8GqY$y zJkIGZWX32YK&!g5wHRy?mu5!@oQBl_|V{x>m#xPG9W!LtN}wcym-~WVxSRoXN(Lv z$V@L%t-R0)k!T9GrgY=6KOz}rqSx55YS_6e{Ro1>wJ~D4073fXbe~Dg0`?W*hr_QR zyP8n?c0R?-*x%R>AQ!*G^K!C3rOx*@R47*~mB(6hq`cO}*bW@j42x#_Pbb2QS>G)R zf5bg4k>J0FYs#hey=#)#m7Z0Es421FPn8O~hCF+uPWYr4mIo{^n3n(>G>inn9;)Kx z#<~4o&rRb~c&InTVZ`Yrxj40eDAlP|lO36I&bXt6Ok!#@a@&NIlXl8Dh8sfiPZc2A zVB|8T%jAa1v=MALO+I^?v`Ie!7QZf;5N@~_sZePy*nWh0UrP1SnXFB#=Ttcv8;Ku- z*ElCyjnxdV!k0+ZKwcq1mo2d`-w}o^QrAt_vyL=OWk1*8T_GlwMA;&Lo%**f5KQ2B z9l=XY=eW3ceDhL8twILD2yVT7%;#3h>gcE?vPFGR=lhI-IFFr?aZdP^YNM)4~%0~MDOgBZ~~ZIe_$ z;v>vTZf?WQO5^J>B){mi$ajAga8NW{ICNYt;Z8XFJ>%LpwVOEy7=|?~jK7?ei*z4T zZ;zyqL#!Xkv_ zJwFtgKhqfOsfy9^6OqBm5Q7zhFO%BxzXCw+-(>y?)n$d=# zdeX1=o8O=u_dTnF=F4k1Ic^$*xyA?S<`zgjN}roKPtv5)^TW8 z;_86?r!qR=830`A2AJK_n!4??unZewt;iFRg`Xb)1&+l?fq>iH({W!ZMzh`eEBPm9 zwv~ndU;!+;K-Xub?mpKdxYQ4TOwxeXS@y06Agx(l2sfL&Td4v4G@Qt#&;n-DOT|<0 zWZ{CLh>k|keX478`~JK(bhsC_Y#_U4u=;<|32P9iZc(^Kfl>Lkee!*{0;x}*v>O}2 zXee+1@uA>z55u0yn7u8#fRpGH$YBBS*%ubgK^51E0hiKq9_aC6pH?>i8kPJ0sr9Bu%r4B(O3mmYEhm-a;} z)~Cn?Xb>!vo~+z*1e{ov{H(v{00I~)5*Lb`kcfiS2cWHyKohbg5al!F`*d0&fwgk` z6)ZjXznRKGYjzcGL~3nOdAMjhN8En^-$3Z6Njt>&S*+mBS6i+w|m_2qb29k5@g`X=8z>-O7=ry33+~4O~qQOB~^8%WYlU^B!bwKN#<%O z@OM2(9loYZx<8XiZ}JuvjJu%3W46?SNbffa{r}#A78iKD-Uy%Ou%Md?e!|4 z49Wdk{n-}nT;iye*rX}V20#F==Z+BaJ;02v;f_G&#}~;N{1)Z`KyE#xd|4ZJriR-K zjP(G<$`1etdn@n%5TOoe+D3Ff$~W2Q7~iyCBG3kC0#jq)PX%N~^&NXT_M9&|$s58! z5A-*{5dk>lY(KYho|Cd>V0db%0)ECg)pCSl{bSVr2XqFSM{wgl2`1;na&o1}brAMP zV?e?MU?UPy7L~Su4~bbhkT%#q0vMI_0g>>oL#v2IpI)rGW|W}B3WNUrXF#lvU1SSz z^{}-_ikjPgF(7#6}-dLVoe4qm@;K~N%wkdX+=!| z2n)|HNwVt)vMGSpXT=qyQ7)BI>Mw8#0P~hyRztT!&ob)H$TRa0md=5;z zrT@H9Cib_Xlm?V&B7htJr@Bt`Mp}Uq2E1z;w{IyNg$n;|1P9o)_B>ldI&mo9*p`XO z#$$?XH}p=e%Mr>dOJUeDf-Z0!tf{Ia8s*T){fBFV0e+{nb+-_j%-Op4oI&6r3U8Ld zI4=8l|JqwcWvSliFhgSn^tS}%?Yz_2ctVwtQo_IO_7JwahSma;!jaeadbyJYO7*=W z?qsbDk3)qWxVlTF)@pa0%$ns$URM;QG333tTw#tAYp^xiC0rrmyCQqMNa5yN5k~bI zfE$6Z$DZWzASP8Gp!t1?0k=F~Yq2A62CN760VeL~h^|QxB=Kdk zDavG2S?Q+uh~Y!h@Wn0w?r0W!I2Ds4K-WTj_j`B%W?^}e^bLcg^ zYMe>PW+$l&doU|K+e7@XRXdHzTHD;VkXTLkFA>r^)8N-FhOnkZ!0b^atpTL>MI{bI zv-<+BVR^t210=Elm#cKUY=q92o8W07pjf(ladapU^KJm*k5Q zs>FIG$JULya2=>^0IW(+7^qRHLANf;oHD}ou)^?B%zX+;^=Dui3_UJJ4InPeQYyUu zh!L#|%$81-;l21Df=}}GYrs0Ik?KswcTCt9gToZ{J;{LOE-Q8n4{OOi5g|YJY%~wv zju@k%FKm<+S!SV)mQ^yXgCT}(5^CT8R4$lg;>ex$4AEXw!Pqj2&mjX0f5^Y<^V;12BN z?$gfWf~Vg$Z1n44ld^wW=G9=7*0m>AWp%-OuL}pHN?^N4_Ad-NSkn}8S867w!`_<+ zq&vMLa8cu(Yo(K)l?8-xR~U33PN1fDz1jKm`;X^8l`X+f$0qwf02ZM*+e4z-*$r>D zT@w{c>h>DLo2-vt(nM+gu8g^>FgQ9mI6MXbGqpb@uoLy`fID5bKJQWl$-B!M8}Vac zzWMLtT6?r^=~U$~r+))ekGl;(mV>dq+WfnDo6)$@2~I#L^gpVCfnVHM*fFs8r2`g} zDX2m-c3)s07)oBg`vi;CMI6^Rk>eWF?=x0tS67Aq9%pS@+k-r>yAGES<2iK#Za$fC zWXk*KupE|@LdfRbuK`Tzv*+=N?%r6*9WWIj$-Mu}c-@q1+`7rzVevk51HS&?n2q4xpy)SHF+!QSV{ru8R>P*VRa&Pe&PMn=iahhu=d)&q0IXC zH=iE=e!vMd1?LYFp5XUfdxlzbyJRLPd@INNRgrzhH>MT%9@wO~c85aE_cZ5hCifHR zp76=ja|VZ-C^a1KL^c1~l@a{}9#>}#_O_2^`_@^61pbsyZNOcw{4gn1V z95PQBM(P^CEjiv+o*%EO2W}H=K_!S%1RS#8L^F5>m5D~f^j&{1*97rvQKAx{q+MQF zaRp@i_Y-h%YvEy>H~s{=c27#3W6wzQZ#iPKE6H*rJCCEIO{#L^bfb%?)i(4%D=ItwNWaF8{7=Xtu`tjd-uYa+&R2+^*v%rG3RAq_ z@ZCx15xi%1;6tn}-%R2PI#d=mh9y(wBgpln)dFnO1J~O$X@KNUm+#OB6IFRv6&`4x zIcsa8)yk-3fLV61S|4=cP$nv6wc@@Q+bs4rIc%6|54;!RQ@Zob_+c*79<`Gl>h!g7 z3_g%u@65RTsm`az;o7i=N$8vJ=944$&jRU~HA03g& zmvl%P^teMaX8-SuAWN|KBEiLfKKCwgh+^}+7$@kUJlA}Zjj)YgS&K;NY@YwtwUV|GTS`n6q)d-%U($t7#Zm#jkkUae!c=llnm_y z*`=L;hnKkWK7!ZQ58ppjXTDL>#bTV;lF^pSBxxZvOb>zhnE* z^dT?XnO-ZVoMT%oG=l?M`J}+?_v3L-P>WqH-{#k)Pwy2~ zI^QC1_uHYCmOooS;RvlpzL5s29xp^vBsBq^xGp-V2M(?k09sr=-PxWO5WqwtSby!9SRoHQmI zl!;?rgWX2ISW)UrODXnD>rg2&9?fEJIOQ}|7JiwXP^czQP8*|hX>~SnDXkRr5#XqG zb<@o+hWF!=1W}jC|7+C?`K(4-!%oT?x4P+6e~+Z!=gUhf>pztg5#=8<^WVz%KuXsWs!r+3C|6mt|2Tq$?q@@?MQ*ns%y)9_T=`=J9q z#mb35a{)#743#`I|F!waB4%wmG^Kt>c2}h*q%nT%%0$@MDye!t#t>PUnnX~A=F|@m zzwO|`zaek^J$XJ^vhZ# zD#iboXfNYCfJF$3)zBAtNb?SS(bOtwqV{@R05+d%n}ctD$8J6My)zd|L%#(6g1Bf6 zDrO28d>|lfeY*G&@s^Ig>-BaXBT$^u>m6wnPsDIN?)%4h~JgP*Hx(xllEu3KA z-DG*CiAbEwZJc*kR-C4~W0AcRBV_<&P8W>aen;3-3GI|JflQ}=FS z_khq-UjW2^>8OYL+K^a>xPtE|0h=y~_(=f$2?n|lQ_K4o`ug*pU|$T}CtFmD6pbq2 zcrLtcH5I)ZmIf>?QLDZSegiu1eN`m1zj5Hf2jH|9*ZbEca_J+bap6BS3RmR=G}@Cj z>LD0p;y}ZeAD}>vH8s5VnNz8yqW9&QrTBbTkD+dNH_cWjD<*c81v}pd`p? zMOywlaS1+FJ6~#eC2}W<{z$t*e1tvw(YV(XK_uF{_!Gu+ZO7^#Ko#|< zyW*O@d&FDVLEw28nv_I`))q4fB?;?0xdC|FdXl$#R-zhrYOW=S(` zK5TV)+3=<}^;t~%`T0nA9QiJ8j5My!R=D_V-Zd4rZNA&iR_sA&fc1o1WIN zma@mx6j1wG@Hp}o$aEt4fRMhDkSHy(yXz&rdzXn7BGf?x1wA0J)g$D0R&jr69twsrqI( ztk3SXKr_gAt87Ew;6wLmp>xt8`fhD4hcc6{d~b)`ZJ7VT>2Vm3J{tM_sTlkD1S|ZK zfTFnH0(Idgjb)dqO(wy!&I6&mSdkz=kA6E*V4Q^>V$YUTdjHJ;m5GIH=yHq8ImI?E z^3at`{#rZ!&f4YATd8Oe<;_2bP_numEp zCw2hJ-!Ao&Ht%JY1U!qFp2sQOX__T#=vrCcMJDkbw017$R%2S{pRFRQIijh{xa$~Ch9XHLxK^-U+ zzA#7&W_h#V)09%to@kiNvOfB4eI|xkmSZUBChVSf?Nvfk`0sSJXC3k?c*HPErets( zpHwBUud1A_tfhH)%(^zC8mP(t8!1hz?s2zFZibe|^@>4Y900TXF!YdJR5OySg zXM-6^qrPv;cwkZkVvHq=9X*Xj_;a$*(amKH)jm28))*STei51iZGDHTH!Bn2M^nu! zW?P(s6EyBZOPa$fD6zB9+@)(Axi|nB4iIms&>y(<;&M;eAnJTUdW?8X9n3Q7Wt&p! zAH#o4tG*CID)1DVktW+o#ZSaPN2+J}cO;xFng(Z&Nc;$pRw;Dqv1TMOlqB(bn!-#O z{@u|hYd{AaBv^z4p<`+>k{TVH%eV&A&}LFQx=QiIcr4T6ffiM?5b`Ra_fm06H3ntF z1_h%UQn*7P`-VAJrj=@{A!*X|`~ctZKOd?&)~Y^$K^g<|Om=a7d~FLV%R822Bk`<7 zZnOyocvhO~3@E|2TP%jt^K)fX+#eC?d}TG}H5b_HlZ0wm$rd z4!R(TgwIuJYR2Y~&u-+jk5?1Y!hPiA_=I`piikDOXWwRi0dY33M#UFY-Y0aAhc{NR zuzb2tJi&m=pc~3EM^|=eaM$?N{(!Eac9)Js%0Hs9_sWKZZ-ON3J>X7`iBXqZmLDFw zTS7vV_{pv$c?H*qhtSk3-^OCndwizg)tD2$LeNCceuB*etXqQlaj~Tl-G*y|Z;x5P zkJYDzWU*`dDTfx+!JO2Ia;&l+lk{drIxZZsSnBoc+6t~;6b4^Rbj~PdN&W|uG&9+> zV?rkX7V;0vu~FTLnV69G+WNk+h{=Bu3(^Mot*%RmR4fIjGul=sNVJp6BN?;ql*82T z6p|txa@?fRfEU5fI9;G+* zgvt_jrd#!_TyD#h-1pNrwobC|GSme4D_i)}Y^xQeR60!l&@Edz{CCMEMH~%>>arvU zDp6aXh$ymxQgDMLdNtO0oWwCi`NjysZ@5lCsUlt4tgN6-yIHJ736ROB*Cju+Qf5Kn z3-A2jgB9`S;xJ}S$LP;rBiC7|a805O{G_gVx719Rh4z3FN303CZhRa5W(n&He*#X_ zSItXv5t$JFztJqSxSzI}$(9&~G06IxWHoKtKRENm+oVc zl}v@Fh6TY~{0!J9z*8Eu$GX)al2%T#M-@YMDl~*mYt~+@U-SWncw^Z;%i)WV3lx(iwQ#-C~jO zBn`#OTyMk7KE5QqxkjSW*Ri1vWz8WeE56*J=;1U0N~v!MIoEE?5YZyb&n*&#X?a>z z%0IV@e9qfV^zS!7VzjwZ5BxUy)!jM8+;V={jDfEh7lP#+byl|cx|p?*L6$e|tKY3;DczFjWjBkN1;5Ei*mJ&72}F#{oqazMmP0a}BSEk#wK*#x zGv~?lD`8F(`KkLWzM?!{*&jU7+E7N60Iw2^|6l=lM7(k8?v!Wk(|w?bHFYIK^f!VU z;e4M}lVRcK`Q~ydnof#x9MC=LUX53-vND7VKJV>oy{O+YS~b1eNqmc)_|~-*Tc?}F z0z`#2k~tgc>p5Vj=t>czNL=|VTy!`tv{=gVWW=`{?4zjj$Y-K#SN!Lx3Nl&l`j!AC za3Yy`h1{P0bU4CuX+`2T$zQgx{MGU=RJ+S#;+iBzhbilqJwE+9!&(Zj(Zu3Mt~b>3 z5_FlSj9!<)Vm8|{QNBOE@GsZkE=JCe=LmK0k*Ptm^Dv`g-BOkB+FHyI3>%!x`x+ErUsT5Zkh z9HNx{MjG6qg^;Bx*q}&?YIgmP?FS3m#LQR!oEFOkiMYeUr1@ak94=;anZsg(-uDn>% z#aM_}%_|9&9_pBIYKDc`|&fyd7?X6Q%&1{{j*B6aRF~R8hhj;GWct67W@o^BmO7T2@(9LkEY6mIA&i>R7P_$ zyRXP^Z~30o=#-8e1jb5Krh$1)KYaaGih8t;HG3X>*zsCci2h6lNTStL%b}v)p}20u znia@{N(1Rf3rUr6J1CeSJoD0)7B6+#n%fHPJ7oY(3;WPB8<;wdfo^s}y&8o$m6i3l zDjUD{+eBDK?xkRjcTGppr70))aY6G$X-=DOJWa#TU#95jNyCqit(5SZdDN>CZ z1Tv5p6T|Y4^OLIOU&mmkUw}$Vb`gAY+ z)mRpspo4jR3qgrNYsFL5b?P`$?0h~NK3RT}AtVvTxr=0c4(^=g+hBeq^-NdH`=!=B z<2X`2@kpQJyjYN7|0xwckm;+UUu@o=^jY87{0pc*!kP|w;YT*~hCLreL|zCuFr%$! zi@f(h1+&-oA88>F|Gg$wPGn~JgZmu4kC@0|qiatq$^xOIQE$y?+>&xzz7e$gC9PX6 zH#&(h2Vok=el?%mW>$LfT=9>>A5gWQ8e1>JCQlcaAX@iYM9XVt0Ujf(wh$y=kKF>| zUwT-ZynWOkjyMcozTVAVE`JvS z+pKsCp?hP18z(&EZ;wzW0Jh+4l~i;H`W3A$f9!BcIXC02VBPXQypD)SXsoA{5rWF? zBL|i@XfVe|qmL^~_0ha$??3u>IG{iy{E2EMhg|Y;X=w>`-YDN}7tmiS=lF9P*KL?R zk(Tr;7rx1NSJVJH6YnGj7Am(?BCz6zV79&(KO z`j~z5?!2d^Jj$7XNbh@ME9ApONYDa1BT=sZpt@5_h0iBBabpK{LUp@NT~TKeKY2)* zQ*I_P+p8v$M&aVAk5ef25w>{==#)c~et-BL=jNO-{pUH)=tBWd*c{iCf_4Ey(*$kh zl9DH5&0NXJurIV^N?(`cvtlH?RjWPj#SB5`*UlvQt}$fbi$*1$_wAch5tW?p6$R1) zY+u{03u$V4^z)2rATwhAntok{C*PFr8I6rAfsg5xCP-+CFRWbEwx7`kO5GTOrj{SO zrTC|u7(Oeiuel=PW9=bp7atO%pF^7QbJ$p_e!20C>X;?PgBrB=DYTYRk;!TC;f5uo?-Fv`1l5m5Y7j|g&jK~kStLbNqD(x9 z-P96CK`qBFs1Opt81{672q`wiR!5DvijV^hhsrg>7&-zhlj9mr=b4te4C3vdi&UM7 z?($ycwp$8Qkx3fsFfCC9J@nUbZ#{@bB~>qepUs-WZ6b=x07fC^GSTF-6xA#R39ukCF4a7vPCx;eKib3b_~BeAx7O+2!IvQ1N~ zff8)MHY>vwV+y<^o7=QK1xqnNPWBXGVVP#OU4x3Aq)M#gVb~@U^rrfY%}sWd=Uy!# z|8o3cbCR=|XNdQHB2v!(O4_zGble*5RLb_sFyKyY$yDx3Yj8_Z(XJh)6ilSqnXJQ| zdmm#vJRFmWisg%}yhGOVes*i_k2^v2xu~#a@9*g%ijA^>pA)VI`<3;D8D)SB0|B2M zslL3@Aqa9(Cnc>x%P~1eq$DxI5}C}fo2F7y-z$2diN(6n9*SPDrypRUAepo8<@dmH z4-LR0W1yn9Drt#26FJlZzx{{Lf-Yt}X}f!ZT;>F^%kM)DV0L-@w9!wVKR3vRA3jHP zWhnfS*|d`Jmn=+bSXVxx(ky2`KIi^dMkzjYhq|?gnL>#&VTi58fU@Y!8h~0pCniRh z$R53-%KujbWtV7#KZq6ahOSQREr(h|$&C6Ve1{X~=Du2wApg@}+gH-ynLsa2lo(9{ z{Nemak@7ps5O}x=3@c_gj+-nt&K0WXG0aGF=Dbx}W#oX(m?^7{DLJUYpYA(@IQr9=uylPgvTE^Dq z6mFlHLE)~%3Qi;r;Y%j2z{V~oSlB$14RV;c!>G8kPAV0%*vngMG4VFEdr6PHK$FxH zfhZQeP6sKL<-^uRHz#lCu!$u&oyWy*e19QB>aV(0WQ77jZFIROG>p$wj;DWyrK)vp z7Cw;gWvBMCTV@J7Rd0ZB&>9CKPAhR@lu=@xUdrtKWW|=TKG03VC_9Ii3MR3v&D#SL zj=@;)8?d4T(Z`U(DXf!$G20^*rI`z)KzrL{)=Y}C^_cr{rXR>1UlWrxb9TR$Bce@4 zK;v=>%Zy}Z{KQW*k}P%bKCUAawAQzN;g!=oe?2`hBQBd1Cqe}_T)wbjySHEMR*$yfHD zx?DEpu;<=9k!R%Wfo(;`&RqQ(AVdGb^YHnz&FA8S;b{3gLEVE z-%jGAu?pfK38hfUEBLYU7b-PwJs=p)pvrRgD={nOV0$u5%tl7Lm&tf7uy9==X`X6f z+aW;m=N=Fik-!X`4(Gys0_}&`XQkQ)lA(cw2B`wkf_A&*p2t)7AiQzIQ2D!yP%c7? z5$O&WI0+?S925nw`n`}?8&shmhni zeHWvAC8+^s4S%KNvix89s-(64q8Wh`Q~}KjSWJg}*K3b6rE@BiZKsfjVLpo>Pr|F2 ztPJm7C6o;))6Qe8s|KU`{*A2)Zz(nm=A_U(U{FiRiq>GsKBM>9AFZqvbv=x0g^_AP zUF0BMlK*2#K=Eg*-M~Xg?AXm{T#6iqOZyh`6lY3UGd`;#VIi-g$V_sL)RcnXoK!8} zT)1uI0Ed%FxFL)Nw#aus9QXvHv7pdYBYp<^m`mhx0XqT@^JBUN$V$pWSN0xMDgvEC zs4+VB@q6qOR1~ci(M>HS(j>0BT|{~escWw|8fW1JMbrr?2E{15i`kReFAVyj^~&;bjbsmlQ&GF^>vm3kZxWve|iaF?O;VAAX~`+CdUsQ~U`jsKB)h zrU4OAve5*r?lC2ln#c;wPA75DhnfL{%}TOQhR-)fC}I0P^=`o`xA@xBQx#e_a)jrZ zcYtLLK|tAS9aQ@o)3dVIb$F^);If?38AKFtHp)eGUBlo{>hoC(xJ`Oh(Po9i1)jb% zgX+p@nUBp(UP)N|QEw|UMl@4zh{bA?43OEYuxU7J(am-I^4Qv8pUE}gY@Z$CPPhzO z?4k7$(J+{jsBZ-MR#D=IgkNzv6$_e*SV*5XaB-?5VNOj{;_tpd5DzE*V7+b;yL3Ch z$Jj&o)lWI!zW2<1+lVgGMakg_%1E-+QRv>~$y-FmG$*f1o|er9>=GkrX9?yCX3Ht^ zWb3%S%_N6VQ_@$+^IcSA%}rtrmo_P=wU48?{7>La&eggSlm-75-O`_b=|c=@|F$=F zg@zzl=>@s-x*JMI!w=LBVG)+izDt?5tSl#rQJz=3GwW64>A6SOqOglNTU#dz=;uvi zJG51lxiz4!U*^P1=}xI@AupeAHz!XoN)b(yqjD`qn=B7Iu#XOQY|ndOqK{15 zYAUZ{CHyz3TNBqR`TG}CKp-ytoK_5R;)Kj?q>tycJXBQBc+(yDTaEjwKXeM@p&8+r z7V^!J3#qm8UoIU$mc`tzE9L8$E^7(ZSvZ&|0?af)hHKAx)4~%L@ed?0m@dNMqPjtR z{$FGN`7UcLb7ZM{xp6ushG;^#nZuw}*um0Fb&_I2&ny{Lq-5I>Du#Gv3l`i`$(xjj zgG!fh01Scyi5ZZpcDc*fOOxljmXTDpK9uFMZ3!6IiR`DS$G7{Z(tWGMK8Ylqif&nS zV-wL9PAgCuzTGUh|4OT{C{RN7z98+qt%5>NBg{j1b+aD5DrKR$WChF-d5+gw%Z%zri4 zFlZ^_jr}zJXO69}viqW`m6Sy)9W5T&(L8tCKOifAm| zXD*4jv*L&4yUYZ=Zu80I$KFv!Q0CcnKOE{+t=6E@8*rz&Dh z5*cRd13P8EBJgoCC+m5G)05%t2d%+Nt)tZznRUH$w55iN!`tajF=Rrx1-X)T-NE~k zU}VWmf=T^zlME<2Ji4viOLO?{E9zDbsznCG30biW_S_)U3(qc^a$LwudL<>e^~}+5 zqk3Oznv>;`NaYn$#W3ogThv6Eq};pgmsF#o0OHX2WHmdAoBr9|q+fV*mT#@5AtTup z>1a7Cv{&DyJhn-@Ga{hl;asaeF*-bU`0QRZmuW)NvEno1lQ8g) zP#2)5s3~~bF#Z8s<7!Uh6D*W>p(fe@pI9hjC8GTZ;Iv5>p&v-W#}Hh`>Y-VV2tC*3FhyPp*6gvaE6Tdi>Y6(Y}t>MrQGV)rB~P zUh4a%O1-0-h@%Uata0HmVhCO8&LVr#w;Sho!CZKQUEO6&T-7w?a+Vs-!^54E`Z>9U zwDJwNy4X5g-b3N6VKq}av=v|cZ!a5D(z-AWrl3-C%?xJ_+_@w0f!daF1nB~??$7wQ zE-s2+y{u(21H2p;T8%X_(N1R06CxYp?GzVw(ZW(_xUSl`C}s|E|Im{rUVHl3Y6|9> z+&|BjqGk#@Cfr!E<2z++CP4RcX?sv3V|QhZ)1-QsagfTVGCyN!nL?A9jR*iT>ayC5 z^5=pu@egEJ-rw>A#pPL8|{yZ@Bm@cKWN?c;L$v)eYXnZ;2kL@(Wofvlj@$>aK zGhdl;TqBNP4L&3rTQTEpQKE>f&UEOYNPBlJZ(-PUKk4R@!smSFi!HhIo3hnW&&F;= z7}2x`w%kmHrFV*xp2niDCPyIFHLv_()^I$gZ)-uNxhNw6+4{QPnDvH|{i>tT<#?nd zQ#AWg*EyO?>60;HuHTl)wQlOfBDZ|bz5QZoH|d;m)cAvOAixss#eBWth>mgo4<&Ja zt}otC|Kurn#xZT&p&Set Rba(}PDMHj_>!eLX{}+sE=|%tm literal 94960 zcmeFXRdgk}wk5iqb{f*m%*@Qp%*@Qp%*@Qp_BJy!Gqas$W==clx$4}$_f++{?{t6k zM~~4V4UGsXVrgnFX-Qh4-|N5k00>fIl41Z55C8z=BLIGH0fYfi;1G}y;82hdkYBz) zLBpcK!@|J8VxyoUpb_8_5fR|xWaB{K# zAq3>hmoKm|uvqZ$SnQ@&!xk3vk4e_a1r^wFqKABDd+0WhE+-ywh^eB|W(Q}O@1{XfS5IP>M9hD}S@ zl=hHiafO>c=yhEzJ65qJkgd_;Cw3jL!oRQD>e?z}5OBxh;XCV3FR!f)2V<`%JaPGa zn0nfE0KmqqKLHW=w^IHT0&=(ugD5G_&FiuG@WbQ0c=Oc7%W>j1I$qBUq#+y50Oj9` z0k2)HjGw{J=7NQ1%?l1+Kkj2ZGq}wC!NHq;*fze!1*cZs^BdsF4`GV^HSWcRGvR+t zB-UK`sq$$$<>S~YK5N7jX0)a2qpv-w3)|+2MEh5Jb5Qk_MQOYQIj8A$ zXS06`767VltrBNEaZfM5o9`#z%1C+m(vxQgx6Aq5>yKtQaptt_CW?1+sog;N13tbg z_XeJ>mo!mQ%#mv*oMrsqi)VFfk@yAIHwX94IVa2W;p8&IpKtPYX|VZWT3Snj)Su15 z(S(!i(grQORFf|84Lh^`MBv{`{m@imwqWS)Bj%NA3VgoHO%h!F<<&#a{IzyH$Jtr@?Pih=jIcm@9qvv zz6~9gyPs;~Qp_mOnB34hW zN85jRMrq`|dXqK1Cj2k7``_31zxBqQS3h&FFR$l=Z#Q1Re|`zFf2nVPhnICSG$*)! ziC?~@Z}6XG|9k^-|5_`^WbqT%mhTiMeaIZac($Cn-HD9Rl5)kdO}3v9*+cTyzY>D$ zfe-C`UYOh55NDoDC-=-So25(RZ)D~`=q!z+rGR_4qKg+vB9HxxJp$kdkZRK?0 zpv(`#J;nCba49%^Y~wVyR$N%&=B3$PqB)G6ov`yULX!RIpTYdcJ;>uTP<@A2wzvoD z`c88CizXIpTca6kNdwe={#Uz+#?RKKLh@ca_b}fk&gs`qyc|mvzIN2rEgvJhgXWpu zj{V@>d+{W0M*cdXQG3$H<7bNumc^WuSRj*UL1u@!&gJYlaL zxJ&3Pp)((EGgeOUF8~1`u=yo8eg=%Bh;?BXr>?--bO2yw>%q(B<`18lU~T0Je15{o zeO(`lwsB%}50-ZEG28%%c69~MvRgRzb{~9Fo_#=*W~kL`)sI%F7ulTUg?jpMkANh-&*k=<`Nhj)n?o^ik4#6X} zzDnrm9nY}a{mb!os3EybRN76#61PiDy#t?PcCgHHf)B5V*Cn|K=eh4;JsA~sbAEXe ziJ1&z!Lx+M+u$uI(Kh@?^fXr^DI2f8>i;WJ(8;vTN?GW#v`(=;ym~rQCOVsx+Bb($ zlKY^R2I?+^v_vO`+G=H7euq_aAx4u|S>1{{jQV>)cL~#I_-xz?o;}sH{De>aBBg~R zA!*?W*T|`BdHYn*RHy`G40!e~hnfz&Mx&yo1gO7C)2QUGzDrcvLel&=S6_v!sZIzK zCUY2EzjERVEk?1kV zSh!@BlW#f8q-Qi+rM?997Ejbm>B@OaaHb_<2LZ@I_Yy6vY_H?z+-0`P4FCd#$t;F8 zFQ2(g$&c6m&s~bzWjpjPN=Iqa{|%SeMd_W8$EN11w37C617 z3L5j>jzxwu+j= zVYHOBaWRX)76I0dPSg#{!|R_pF)i*651w*b;SKfpJt?m@M5P{`~A=wp@*Phh(eIu&$n!nE6XZ)_ub$wDPTTBhTyL=e2Nm zSj=mA^IQXvPhm3qrY&pH?(vMr7@1YFYHm3IzbAj^?N$H_e&d{BK(NEx{nFkKAxH5@cIqUxKe zi;UNgT_yb48w%tYP6ySP*KL+Bgv}V0)A>SYWVIG&>L&8lvlj@nc3_<>%eyMnT5*V6 z><7&jh{fDtG7~gJ=fH{hCWdt>5M2sH7X#6y_~xR?vlsu?8^JT%4_*R?xovd|0B~gc zy?d|lK;X(AVi$b;I)KGBt}8j?j6+x12$U~2A=?U`i2Xd;J;qjom2L8SBI7(+=a&9w za_VcB$)d}c=h@`c75F^NDqStaV7%sR5T;WXhm@A8xyxL3MkQ{d(f`12kSxX>hG6Wl)wG%C3!x^06Qf=$&cxerE7S6lh-4cOgwi<=u zYVsbLg}%x4FzFAW>MrZA_oSk(lEu-Rg!R^3Y#MlPXGhO1U+gwRCn9n6woqi5ARVwS;!|@t|-LVd^VVd4W0QQv09MNN1Gr~po>Io z@ZM2wg^F7OHNUO~zGQ`e>Z{)?EltMXxM;mb`t}qaqTa|y5^$=C`Wys;6C}S+uCF!n zPE{$=OpN5Q|M~WTR;cS_^MI0Su}0E`Pj-M7-v{rp>eo4PvV%=h+xfZ!^NBxrPQYJL z!t;hEW2BIs5b1a$rPF*plG6ZrsCt>}&^M2AZD&m#7IB^d(^7)*(Q5DNwZ35_-%Z}< z>sVo_7%@^>BWwn6GHj4q>GG@IGTc6sWR2SCDpK)ryFTTd%>cU;K;w}cAm--bEPKX) z$3jD;C8qJu>YL!zaHEKRtU-LJ6`R)rW@A*&U9hD0kmfqKQJm@m%B2^?uL#1}a-p*@L(AdGc8D?!q3dB18F$V2DC!%fNgH4=Z;Gf_t|8_qb!ptd zSY=C$k8D>=*WDf0f%w3`PkrGc9J&*hAXmnjefruHZZ=7rW2?ldmHMp}za-M$9rvkVJ?4ewU#Sl+Is}SiIesad5&MK&bl)>HLa_so`OU1 z5kJmRk|j8Nf}Dd>o*>%;02o%%s=-oTJad`QXA&%N;#To8iT7SRNWHE4%}-l$vmw}y z8*V1*--d--Iy;Y+#JyFjj&dfT5LybDi)nSu1Ys+V2KnT;xU@^4XKtb5`K>`TC0V*c zw2PBX)^bHm`~QYMBw{eO%W4X%QF|)i$ zMXfC+WL|R>#|d$)sn`UgHW8aF*IKrr>B)LmUABqzNg&QeE>)lDBuATyl=g2R5i0Az zYP@-&26Q((8Uuug-0&gu-p)!$k*`Y0Df65pJ`aH9W>jjo_AriI#~yqh&wY@C(6{$V z4ph;4nyC0wSjq;fY&8ZU$#Y>ZPwXDS!?_!?PzNm|-k(9r|5hXSHm=sk-fgz(4Hg+T104mQ0qKK(bL-VSl0U(Lu zgCk+^n56ob;SFlPoHfK$WqG+{R;MMg4A@JsTDO{ADfQ30Sk!8(6#(2Wt;&{Isn#7F zzhN%~_h&cPDQKbItHf-gj>O~$a`<+GQKx^@4t7Wk?6(uI`#^wqOw+7wm(D_5Q302i{U>189!0pzeYz=Tc@a;US zuYX{bJC%~0A@qI!s$hD(#%_p`7FPYmTro|ZN^*@TQa=Q=NnbXWGVO{bb+llO5IrT} zuNXl?cS5rkt$I&68M(it(9%syX*oA@A~KogQMXFAQcVaxGFBdwhw?h!9QVw^xuxii3Y1_ ziMQ;8t0MPq+ll!YuOsxt@hvb-ys$R;#_%0u7%WYeWI4PPo6KdVr)cz=j|v>O4F9-M zR;OjL46d_LMsgaA73!hQ&y`&|-4!3(f>OU{YmwWjQQ7RriD>hKlVLdDBiDF&iol6O zC1rhYz&r1vtE)zyv8{vXh1c_9WqUh9^VHZV^O)}J<65l1x%(@F08vw&PpHeUK8tz7 zC1ttxW`YwZC%pr@S6AjlOfQ->84($u5eXQC6j8 zvGfCQy@?9m>5fI8v|Y>63QOSr#D;jr8;neYU(J_Vk}cotZmc`&3250%ZdwAV)6~3M zG7h9a$oF&MA;b9@Luza`bW*nBZy+-3^FaUi>Ea*b6_-*FYENr{7)5I$9yu-?TPO6! z^)aazuXRFoTfrJ^8gzUiueOaPVh+!Bl3V~pR;T&A;LnDBsL{3r1g*A~PZM<|`FMuN4WLik6nhia28CFVBgsUU9R-)I7S>{#D)bXI-? zB+`|d&L#Cm>>wFm2V0#{{dUz2>P*qlGUc}&q`_ukR9bdoVkbH4m#o-XPLZ4G9a5+} zJXa#8K9k2?zfp>=Q?mY3zC<|m}(EzCYdrwO)b2Cai*f~ z!<@ZzI1Kp>nDe2G?Bf%2FKnU%(b-Obi=-Dh4)`m~PxKU#iM9D?YXnPmyqu{sP5YH? zNHMswxv)i^Q#IuxRC60op4T>-kT@=l)EnI)p-$g%knR1fs3K48!`ykxuY(P$r)a@r z(%#`QXQrJL|*Oa1o?slz0ohRvWUIC1INWj1pK$oKw=6Et!Q!LuI#<{z3yCi^Hk3@5z? zqiHZaNRGTo+P!0qa&+x<@i22_={V)nZ@gM@)fCS;j_?)`dtY9}ikGk&I$!rzlJ6x6 z6gW~XEpRy17XZ&6;n8NSz4eJPN(1j5V+a|qvgAzjmXU;pKWRHgo94E%5PMTjL=YeS z4Y2CY&hqu-VOY8lxG`eyLNOa6YtoI~k zry>QV#-W#JW_4dq2DA6LfV)#oda7KwfP;%^YUlc1-z9M3)Y*dRVt(`-rwruKg`HpA z!QuNGYaa`fz1PDl=Y3_at0v}4+l1{OGfC#f^Ct+EU{YcRGn4CF+j8MxsSaL=i*s{z z^+N3JJxqp^7xxnJPP7D!vX@&ZZ|@-cXMFmCr^N^K)M5BsyIke|(ev?WMyq}{$ZP!`^&1#s|gY>sUnzQ}&s5P$dcL#DJvssGdq zJ0IPb;~;mF9p2_ZjI4vqYw3;3l1{ExU-b7TVK;Ay8RCkbl%ut^8lH%or751#Z!!+u zIZ5?x(w~d{n8Cw}+x8(6qaosCoqT=*u&~K2aM~iouPRiQmw>eEnvYoZoM2m*r)PM0 zqg?OD_Jr%39NQE86Ad&6*SO#~;Ac2jd8jId8-%!g=^KRxBBcd??RJ2ZToP-88>O@u zoe}hAAEF=J$|^y2GQVcC=oh%osxu~3wC?8w9OCGAh zh<1W!K~LzUa^fs0Je#0f zL{0m=01!zj8hRm~_a?~E2+>t^iV%Tu?pES=YG{h#nRqI#D^gA;iqs_`Wd{h^5khu^IMhlE zYOSR1Mo3@DZT?uqVtq4GY}|c&N65>GV-x3o?#?;88M0mE#mrwk&Yr%IhLgJ5)wKutxZk^$xst_9KxLq`HNRbAZ{Gk=s0^g z3N4>H5ta6W+fxsYGZfy_&8dYXRgfprI0Eflik|>F2)i0Q4s{auWU=^2PFB-YA{ zM``5adraP#g67~B@H`pSUP+B7-*w&}$d+b{Oswv`NSfm}3=!#$@49@;8Xynr@ikBz z30ydFm5A&6+7R7`k%;8aizi}w*T5Vs7tiyK134W<<@RG_pWTb+!xV;t_t#t{{(YI$AyEY_V&MCQli_hI>-j$U`-9{8a8Bs*8gyqqzp=~#`1U^8~^ zeSELQ91;4C`LER3e7M}~vch&HO^4yjZLt~Wy?#;0L`Zz@Yo*FoV#j4(Cu6ZV)L*!X z{>CX!r7bXJzLOHJ(#}%_TKCUrM2j%bY9nR>1 zJNqPKiCy5+@{KR-lwRvM5~8<1&8FFrRgx}kk1DzOnAx}pK=9>vy@7GDI-ck91ROu} zNr^3gzsRK4rXmxwrEnQOR%x>*cx||U;o1ALXG3ut z>OaLU`67hO`ihqtLfuijLOs#ifvRRyeLXM4H$W*JZ358N5Ht^f04EFNS=&I#&Hegk zn?H3nh#H#%0BThf%1+#1N^Wy9A0AS5G>*S9@_*0chd_cOn)y;uc!*Ac8Ugz?gwmF&b3?G+n@npol z_UefFU~`Sl?Pi0Q`S^>$=ISQi--Zue4m4DDTN{nld$-i(JmERNbCJQ;_!i#ZAa+!B zTN{3#G}v7mw?6&$jqUCGrg(?rH`BG9(@eHrXDmPCcV^qmtG~bljHDR9P4n@LGk$;J zW3++c_cuPpGrYf@fBQCx!5rfW3T`h(pL2M6O7QL5G~?kqp63&TcZR{l3&ZymV-t*D zKQWkm}&X2KfL6pmiye< z&t~fw8HwxRiXD6ZAz7Xj>*k!f(~eSBW;rv)pG(HuC|%i(G+CV$?LdQQuaxkMWDf+} zBI{^A=%O?@Gpm_FSabT=%O7ALh`(CG#m2ca=Opnu`1cD}rYnjv zv9g|`X#8il9ZwogjfeulMrpDhroeSwy zg}&|l$>qc_EADn1ci5@J_6>I8c>J);vCcn&%6`uI%ot}=oU^fB-1wi$Q~F*NIfC6T zBi~l|?Y21Q$BF7_-2(22@oVv)dX&Ba-ib>9tKFFlGV*P*)Ts+Ib*}tm->8*T0`&6u zGqIu53H>pR|Kr_qIA|;rf7!tU-_*$;-iI?651C12LNxILN6$`;eEG*#GABF!DO?@9IdyUB=2ZPx zh&BHW7*ChR)~8t*T-KxP(23~#e$kCYS)9p>ERVvM-qX-hE6#>loZHv!zP_-{Jsv2U zb)bRs2p!XixR60H#OHC4WFcr!9aE8K6Qtg=2ywnV?NVjr;{h_wSW8kPzwEgXwoEtc z60~uZG~X5tCU+A3PSTc`WQ|1kNhe6MMmqJRy_@e-QSK>5grzffB91dLSY-K>;9DbO z>fRU)w9--<*Jh-cjR+#f!X8yu{9$+lh`uYRk_u z>ED2a^>V$fFcQa+6xs_38QV12e5ZCV(qnSB`ET_=7V~X^5rR^Zt+T$(M(V7p((+Wt zQK!v_)uU&iVCdr-wu!eE3+mY&0J|k<)}tV3<42GNe<7w4jd?tnaO+!r%ZyeWOau{F zhGDh|#Ub2P>l;reaS^S;PY`}PDPDspGBDqiA*pl9aG%tbd-O!;b$E;y#4#milMvDy zc>re=8e|fNENzh(PbClcdH2u7-+&`_L_W$bE2>c_pmAurG{cqz(ig=Y$np^aF;N@p zE!L`|tlxmBFqLspQA0r?%2GnHRCFCj&he}px&l|85!_Bm<4Cy1I5!p}fX7R)Y^;it z#&5txQ>VM4-BPgpo8oEWOIoo+TuOn8z~uoAWz~Uc#EJquo3>9L|F6NVS7!A_V+0Uo zR}U+)bL=^+Rqmz$H^I*iQ8<_^h_i_e4NX46!pN@__cW6^iq<0PjIpszf+**x9u3^6 z9L1L+UV|(QCW(z|0z3+=AH^JkI~_rT6MDOqk>HjznT)!Yuj{1ll03j_Uc0LoZCf~@wrvtBmqdDH)t z5cK|%apG+kWQbX}5y_IA!*Gu?0XwYuWL=n<+yqI5n1qdJmgGDVBsdk2yEr~xEUl30 zE^k1C1g8U5v>6h;BfM2wA=UNmZlo28Q7V+cwnEPB+(sny4iyS!C2;)f2IfVc#a?Wh zVbAx|%mh)=$BveN0fP0sp>5F_T*Y+cy~@4nioec0uNIyy{RSf2{((jBm(6W>w&dH| z+v+ZHQ=XXqHw^OVv_3-dj$M#MZ|~^)hTi~?m>&$gOjW~^{Bh5=_;L9zyUp?XR~xTD z%=apJ-q;f#*C56$hs<)Qza(y83`5zR2S@Yb+{Ta=`3wm%X9Xc<69!1VpnJA%y%`OI zI*Q;t@+pERJ`RJ-YCpS0^O#4Z?h$Qlw2&g5HcnF*Ph1#8Khb(b^+0w~04lnoI&F|c z%?2~dLx;r$3}gXnoue~_Jk)L}B7yPL`#~Jq<&m*gj2*^i^CjRrrE;Q&Mj6sH0GT|j>ciBXpm)-+@9^riosT?oW-)`f+ew!q1n7J^-&F;-S;&kmT_B# zho@!FZ%bm|`ezD))Dz`+CJfK}g49uE!74n9(tae0iF#roAKamPNUPsrs*K8lqbjPsMYpn zSwBl?bhy|I?y;5fRADn2F_jH^uGqmIDhW@Z`-T=WqD#4q@Y6B-#WXbrSqVm^hmGspJC98PGO$&8}gC`*>I8TFV>*2h+3r#`j^{KS^NF_j5V$29v~l^gy(-&%k#l|(f{FJz)#N>JTQ}U@3aR6BS<+OljG&gx*X!H3b_wH6+pra zT24e{LuHoH*|`BRQc50cFpHo^+5H}QLRHkOh?^G7QK*!V$CjFuvPVT8Qk|MBk(QE2 zSDk3JC8mz8wIP|*3bcTx$_P(X01JHgxS^u!#vmcQZ_bQwyEBv2gPJR&4Qmrt`vszVIHgfa8vfNFShiZ zuKafT>q`zVYefwpAD@EfH(*7}^Uiy{A}TkcV?FxMBrz6DI$Ln>WY(j@%r{^$XT?i_P|*~OQ;D%4a!kkdcwLjw zg8i?e>7h`8QPIXmfgIF12f-K6W?;|(Avd8q*0Qma22nOK9!8Gru9QO!mI$?9J5OQ` zwJ>H?`xN4Q)?C??O^*FPRJDE&k+|~@gzbS}qC>vD37-A}F3rVm*F`KGnY-}0 z3!naTqK}EZ|Iv+|Eew)G0Gi)-Uher6yp_;tN3+{%(fnSPEmMBx2WcEXZNl>VO0kSb zQ9?E^^b$B*K%_pZM)Ug`(fqubi>I-B%Aq;a)o5}9QerA2??ZSNC4{a*vm0*7r#f~b z@cuEDIO|_>r!lt&{yD*LtQTWb@caz`wpq0fy}x(@1CRHUzXWQb9o%0|u4!l0mXisE zP7RS^gEY||A4N}&w6Us{L_#6c&E}Y|ZKOOrh&ze3jvlMr67Y0!IhNKoQ3*YmyBw^< zPIi2i@O1G6l~p%U8Qo{15xy8RHMu3>>EsC<2R2X{GjyOKwiq{dnj_%pIRIM(8VqQhR7&?#jzoy>)rxXzrl6rl+}b(UL(*jYS6%t zQBstP`(Go(7Li8~j^X$XaCJDP4V&fkuDjS|r&p_)wS42c3sqI8SW)X^i=En5=};PA zNL7m;agxL@AWlWik1w{+ses0*@tfz|nZZt_VH%j6f5@G@xZO#T5oY5SIPyE)3>%9R z5oubyG}t`B1RYx$90hVR05hO6sLq7l9;8E5!p1dA@`g1?FxH_yrf)Q;;yj+V7;*zd zwO3`0Xs`qn&d5U8V7P(8DT_hps)L#v#~E>UA#AkH&xjPGq67oO16SZgGR}#WRiWV= zLLgCCd8N$;G^vT|g`70DX}pj&CwSdvT4AqV5@duKQwm?NZ@rDpYS9?4y&Zx_F%NM# z>3*s${$lX{Uh>N3Jo-ep{|g%A?x(i&o4V)6OfULo`Z1x2->$yB^bt1s{rXw_0PGdy z`x;yHaNa8of7j?AV1Mj?tmG5-v-p1NjlA5FH{<8bOCNr!KYn^X@yAfAyfTSc*fXxC z?b5ug@t!Da4zE&?hQjxJ`PqQFntKFffm6!I2)szxZ?#|{+If!PI&3BCT4Y&3$TGL$3ihQRBSivVt&qcgshv1j$uue@a{g=ab%e zbt{s)pdKcLnMBS)1u4;zFbU!D-I6q^gGgbkVZvbrcorqo1tuBPCrUMzy*bfsCK+r& zO0_%9qpSiUEWhvLCOK@MlzKm&^KyhR90QSe6a;B#rq)R_JO(Hi^`Ln|mLP@UD2TeU zAW6e$dV@3zLy*#RUl2PLx|r(k$+Z@QsM|Y`+_NQU?$h6=oW~<3jUzHDZJ{p~ktvDa z^{tF^rDQ^4(@UqBKuwgRo9oG#En#yaf3mrO)o(JB6UnsZ9)_ib5%vEn;fr>{#ikXOT(?KK{WSbv$omd*8RSjgy?mdbGM@$PN-g=f7U0{OYaSJ1f?B39Y z?99wCd~9vS7Dmz?)=Xc8eB05k%nXz|5BVR6@>i(thMnj%SEM9aU7etKmKUF`L=+*u z)`|?PxN$|qS=BESzHO!L@hl@{c|_J%WCQ`NP2hC5uSZm5#EJHwk>ylnT>|@ZJB--f zsFY@_khvV+X-1VoZE3bA24X+nXkL<%mGvIdb34wM)Tk-R&RT6b>TRu+__Aw39D|uc z;#}k)`{Q~_VR@XmB)xJ3JK{)pM05>bi26(Q$1z56E(u^{j-o@9rJBK|E(R8&28#v9 z*-5RI8c&dwwI0idb>0+JF_=}G>r_=uH&<2BeU(#f*m$M)OsA^U4Ww$97u^J^-%q7? zh}Sq3ZZO?Nsz(*?6c_+&@fUo60YrD&ubd{8PNhMHR26&@uNIKNXuspjMPO-8iJe-X1*-QXJC%l)y$;Y9I$eQKb?NG$PM9rLy@U#g>;-H^`Og#vRn^7`C*jK%}@$DRWad-L_;*9c!IJ)q(cM-iRMS9 zB!VOc;+i@~TFbTG$&&wu0n$ZWddqeX#)pax#FzV03AA$%hWi_P8LG< zTHjE_7NVj|T}Ufh6rkBllEYDl)?-96iLr@U2phG&k)WmowX9Bqm{!GgK#lb@v}r&S zCpI$EYU(wuF!eyDrC5@{a16!MW>FVnan&9yq+W6LogY;2toF`-14IM9 zdD=g4bDr35%1?I9?)vW;K_$lqwzvn3yYcMF~=e#2?H`&a@# zydF{Xiu)~k3wxsfVVL|z*GHoUXo;0*s*NMElGjCmJakH52S8VhhithmM7uQ0eHbMw z#`mpuyP|0kSKhxrOb#T9pyt?9Y^CC4UCP~}{oEEJgu`wLWSX67RHRFD!Ut2Lr*UA` zcZ1-TMFkH;+dhH0_)c*|(N!7}HHG)OEPF7*YZ~r**2)_^rD-$~HE}FKxV9T4zy0CM z;bcr0!`f#mVX$gAda;C5+@&t@QJjbgVf! zZ4lw95)_Z9X|;R?Tz_{noI4C8Nnys*iP2hGG=c~zyMdloIQJd^NnuJL(sOxG9;?RF z$FeX9@bIKrmeh`V%|jykHRHGSDPPxAjhHyW$cv#iW~4i9$|ds(gh zgLIluWiVTq9YqfEm(nC5s;X@?*P;<8Vy}f-ZS_~C)m56$A8VEUg`H&8s>=;wdhWbc zV-w@MtWeFt+VjxjF0k+dHZ8U1@v53LgvQYoA{Gi;a387$Q@AgjnymkU*nd@zswVVP zop0JjrEXfSQxFyq-38dn%~$pHc=E2MKUGDhT~!+kol351jL^Fo2T@h@H(-rZweaZ1 zEnsEu@>%aBQC)EgRRw}_MOQmppz7-a@ZvMDQgzlz^;ikGc6|-gA=4x*59Mj0+LPc**uyVon{%bIBctKq^fW#g=+)Ex%R|5j=m`H zv|v&iL%^^V%}}ZeCsU-}K_oF1S7L#b7F%&lYaEDvE?Alr%@~>_tWQ59lgtOSkr2>pwCLkc6~V*J>RcBC8{lvB4NdY-p0STKn271(57l zY^mr8&PTm>6AK<+ugSo3q__J-anXgQO!VgAxk+Ev2(8XIouY!*JXb#qlJSQ>LU+C4^;W_n0t?1%I)#2;hQ&tbU3+*&wv&qc|B8oA_7tVrj1PdRnuWeX}gL zFhJe$vJcDh0sEBD?d8n4GSXs6kl@JlQPdAY3DXRgjx9oSH`U!oy?}!>mF4M4!X)|= zWtTLx!4zAbo~qCX#B?utT2??r%ncj66kVR4n#c!myzV@$${`|Vse0@V_{?qn^l&#{ z?rOq1Qr*{1ci?i&ARHl;rkN4n*&-oX!GS3|T;hCWC1w~dw>4oSeU+0VBBq=pQYLSr zuR$E)N@rvSOk4_28%IP;DNCf(Pvx9gu_^4-MaGP^hBsO+SBRQ@{er3Bv4vn zs6_%I(|8Cp#;guo93e@R*fef|g~soez0$q~J@eD$a^6};L{gi>Aw?9sBm*l?;0q64 z%dRdiQkd;aB)E)pq^{tS?X% zHwOCe?fa=IjLrI?f=Y(4IN$Y8xcrLxAiMd)RsFdy^}Wtj@`2L? z7_d*Li`XYlzU7*A2TGM5>-T^jv&GhTb+SnRUFav&Pt!KbMN}*ApsH{(LF+x#M_PHc zs+Q}!AwtCZt!S23Ywhjj3S99W$Tf~cDTr7x8G{4i&-G1GvKd2Cn0FXm(`*Qf(1zt{ zBi7!)yb)E)5LG;Icr^55v$-BD_ae($b$Dvqu$!9=cth)K5M4!T{L>B z;^U0=V8hsGbMr;2vf&O_fyt>DEB17AoUop)8yodfe63g&S<{!E!7XRC>tWN>AW;am zoK-H0y__7^Xj^iurS8IqerQwAC2%UbmuWj(9T9ONa*(lBtW4)8P1z;woo<0~`}o}4 zVxOe8)sv(XW4o~5@3*U_5q+&Ws4Vl2V2{k9b>JzE0h9=R*N@O*kqEh8=hb1`3znN}$GPCY;g zGl`tVTE~c%2T9~zqmL@iW$yEJ#{Gr&cAR#bQN2~7z z4J%rEc=Lel>B2xho37ZNL5p^qi z$rM+3!@WHNB_g(zB~p5tQfETT(EVS}KTjD)#9Sy#q@-)2)dp;=<}1?E!sZ5l@|4mo z9IoFqHcwO6M5~hI34!XJKG1MQRGy=I_)(|oIR_^w8&Ix z3|&v%QAnnQnI0m=an(qR-+hjYkQL}**worcjr86|mWY@#nn;*wNL&Q3Ko3Y<3{MA7 z#B44@r1S^2!a~P*g+13$D>+$JW$|3H$SM_E8l6KWh$RfAsm5kx0iW>H75cKchU2;< zWVq_uL$uUI1eb3}vMzcTZVLRd?iCO_?+)`;iA`fKT)892YFmW-KG14Wm9h1=5?4z* zK^qCoGMNy>eoQI7^C~nJ=UcONCKekQ&qT3{@@nu#vj;d0@V%ia^rzeB#a7d+DSUxs z=vr%_u)Yu?aA~KX#dRX0#s>}CV(_$FW%TQ+?|8{s)z96O zSapth5|7H*mc!PzDj-RXsk?K$uwE|&PnZU^yX`=pq8kI^(WaeBlPVoJ>V*@Rw}CDFtmr5sDGLuzhp~9PcW-0-=U(CAl5B1t^UeZiW#%eK%#=`l($t>bn`_0G*cpaQX{I|!;T6R<6|G~+dyHGxhUXf^Ky$s z?=BHtcE3iViWye*n%RXD~gy=HZd z2})L%csf6^I!tyex>h=Ym;5Kj$~3jw0AMybDm$^mMwcRMr4tla{q2z*j<^L~x0uET z4MM2hnC3a5i7~ej!b7JSj&WZgqqikD5WS1uw z!}WkkTh!K?zWk)6(P2?dizldUGjn4Ack4X|(Ge@MuWY-SRVa*lBTaT`dpubsqf9vM zgu)TlnYg^MH9^Vh8c*kA=iH5^WQppLS5bvco+=};c2RzIv2L4w2olc-ozYzbx}AYa^6 zGwOSSd6riKRK(7!u$098N=Dt&S6E7hAvLY3_Nc-4Wur+JP7junVOC4uk@kQ!+APRc&y*RMaVtZkZd|f%u_b`>Jt~i_f*X?u?R$tlC+!3 z4O2oBo*_9%bAZXU=3Z>m}-UeIBAk{vfe1Vc= zZS|c~U*N`S{yPWb0~?FYJ+DobCZ(zX69iY_cK?@v*d4*N{pJ$zMmE$A$v~8aO@~T> zUyLmn(`=dMWSvbdq6PlwYpm4R%2*wG<609%iPEK-5p~tq8ZC_XTC2S+&2S%$vA-#p z0#Vq{6uPmd>b;SA4@HR~BFVy~;vwo}t&J*UO?()`W3o6>M}$^Wt8aLMV#pd!p{Pi0 z)LLuwyr|j$0aF!UgX@Wf5J-ltGakeO^7X_@rHI<xQ5v^S^V!B?C2!1U?6S@8)&Jv2oh^MZf>oZ^pr_F+RpfM>BkTL16{Aa&GY%|DFe(sZ#SlplV8N{gY@I9pBrS2ZN+v)g^)bljJL{k$CN_)u1PIDQ z^*HLIN+j_Z7NMpuXhfN~3W*cnp%j&5b3_H5EwO-stSU3JRxM)2%`{M`MRv&-Bch_A zaq}Jq5fyaWMWu1GM9&Xzr~>=xGEPi2!167k(y*DLXJ0m16@Ie?ugqph;1?p`Zj0Ab zMU{!SYMIR@J-%c`h2BijgZ(Co-b*C9!qlHj6b1Ngr!q`-E4ofGfnV)EDl(02DUMY) z#&v#FhRbe7*2so$bV7o4W+~Co9^(L~*i&A0Cu`$o)S9%j3H_C5>RXeLfHXMT594{u zDqY#JsmTQvY!6cERCEse7ivWZF^M({zVp2%yzSO>*HckHmHRtKf3TM{b&>K!GQ z!%MP*9Eq@LsU=gk3?OiFnnX`POLEgxpQ9L1O5(ogByG@Czo^ z3|o|&Jk#OObOHfGR@RXrGi>NIbSbXyeB0GVmCTiwU2jZ9SP>(6c|Mvo<@H2BeXl9V z(=f&uRPrt=w_G-vek5Z^O$)Om!)6QeG_nvw+_~{A=@?4qi{430E0qfh(8N7%P%c~s zlO@Eor{0I?A_sTs_7`2Q3qfH>QQWQzcA2b+lp$3ekuNL^DH`q8yyzpc7%!)C#}Dl> zMwKQfqw_@!LyEWGTJYsbh{Y^vm0mP6R4J7^jAjTWH$O?z=ut!BBIs&l>aTnnkRgQX zq;ks@lbNG`Rud?k4vSCH{*rg&b254UT|91n26xo|DFjMh8ksYGB)o| zQH9md@_EP_ONLm<#k}bgM5-K)0zWM77kmMo$VePdLWbe9vN+pS1cpFu4XzG-gat7f zq%OR#W;LJgm$1u8Ayz5}*ei>Qs;edD2Xb2XN4PHmK}?MniyFqi~guMk+T+OmJj08xK5Zom=g9NugAjshE z?(Xgog1fr~4K~Q&?rwp=3{G&@V8QYY?>YDW=YH$E>t_vn)^ztCs(SBTPgnI*#bsTL zv1#XWp4PEjIZ?0`TBrt(F=f%gxD7f-q6#j%{QZG2`zIV0g6G!(`qQI!f8lZu{xLE_ zJpX1q5V=&2Yjwl+PQP`Nkau4Z1#YW6reA4$@ylPpHc;IuMs~grZ@`u($^@-#fxZ?` zxwqXffyT0*CK!qO7&M_vA~XeyB4)|ss*su!dQ3?)`nPYk!fK_8={iiza2b#^4N&9a z`cNXPqhnlzGA&tL@KhN9)g5?vP4D>R-Sk-d;4_4JevX^7IC?6a=d=pS<#Cl^;4f~l zGwoEJ)@i14&$ucD*UQeRD|?kvMos$hYuVYnrKRRl~yftO{H5zU;qLVQ3`ndRx94s?x6`IC!(P`U=k#F06khMEr4^ktT-Q}+) z=H1sLK#;J?bb`{xB9cKgTJZ_jzn$x~nkM)_S{0gYlZGvcJN+MkP9+S z(A{nCE`YV_Z0B{x>*S%OG5e^aLK%5M9t9#$&+ZDft(@|xh?ZFKDYb!npH@{qOD30< z+mNq%(~LYkU|9NV^muwI+nr3<1n*LJoev$-1iCX{*1$&}|Rjwj6p_5R2@;=}9YBIGs&S&Qu|^OcpG zCPiYMacL=r?D9pS&(qwQHm1R$>BX)~i&D(jX-V&1%p7brg}x)#P@iA|INqkoQ_~aQ z$cY_yB_$PGnK<~P?2LtT?dWT2vy7Bgt6lm3I3RtgZ+BmC#S2nT>#I7FP8k!SC-!Ry z+D0iRNpt@_{+ipIts{}YNGI5(*fWMsACdn9LRH!L)hZ%Cr=|uTQMh`_o!GeLY_eW1@+U7{Q}Xo87jTU#b56`ARj zX@oK=YtxAHr@fx|jv5pP-uHAMr7XOHh5pHWLm{Q+P~!e)(x&)iL7rAE!uK=bLUoOy zl7xy-m`yUHT22+WrLx$F;sim~GTd1_$utU<>P%kcq7b z=Fl93@3Rku9G#~L%x!cQxj^wLnElH0p~s5~owB_5=Y0B<`J6BJ7f!J>@cU2Up9lE| zSL4Lc&~{5fJ#dX!f(@`=xYW8Rl$!O8ew>0u_4IcFO$jnv+hFzj*PgX-NY)ZRxxT_z zSw%GVUdY@PgJfQ98EgE+m9dBy4E>B#n8lxriH9DJg9R+j$2M?U%$^?0ma;C#YUf)zll$+-QtR#3wE-D17ipj7yH*_}bgD;H4CfHeQ7xFKa`}i{UuBk9@oL=*pkPij+5JGWW8tZt^llK z*qZ39_IH!x>Ux8LKJTdUGrrp=ZI%TMKUt19OArxpIwoLNr=!vUe%Y!3$QEcC+5(zoFDpS@(v(S(Qi%96m+q1Ex zRTz%(1fe(VpA*i zWPxdl*23Os1G=Z@OLMHN3@G+UGkoBxEGW(odh9|bI?TA;I7!vT3sTS;x~jmccIE}S zXen`zIsS7!kGs!>;Qx64i_z5`_VKO}YQ|I%MA;psY=G3*YH6F+VksJqEj5&10k+a#I&Vc~)Rg83=9{ajTn=p`{?#C+mX`bs{y81I2E$~; z9~9~TrXDqLN|VFMJ?%<$5SF~#2`Rr)*pI;*yXYiP>7rCB#Bz9(Nu(q9bo0uVxX|e$Mp3s{0s^3I)O2+ASfTIYJE<%Z z<;2IlLlsvwl6mr1rc+e}lz7vWQ5B}gX%ZdV=`6CP#HT(o8|?R;T8`beiGcSbv)r+8 z_@@8Gm(n^0V8FM2yk));ND9(Wmk|vsgaJ+j zSz##x@wBY3_0caBTV}HKh!LHZhHz)BGhaQlU-0FOpuK6_V2ZCYwxRuql9Q#ODCF-8 zKlLcyH*CB`i^!L+(NBsehLjTplx0gzj79x|FY|86%zcA7e7<%Rq0Fj&8aQe}+{8X~ z4BxY9Mr}6Gk1Vc+!#rn~q=aCEb%uByxLEmB`pOfI_@6P`o|p;7pLjxBy0&9Wva+vhcBd0j?I}+UUHn@76r0*%l1SD%otT}zAN3bjDg#e{{#jvn z_!ICu5qrl1m|wHsG&KEdS>>E-EUMLq4RT3jOcViJzQ5_>-GvV+(9;s)dkvdboIBB6F&M^L*mboo-rstmqaZ*nQ!YR3e zw%(SB`vbAOm?t%}0cO*!I1h@uI~&hevOU>igD?(Xkwm3AZ;+9`HA>YjTv^1(o=KC6X)O9+eA!hfeuKG>N)^bR-4Rwt}77 zW{eFxUWdWKIc@BKZKY*o&(O|(LAi%?t!(fSF|NenT zz*0iQd5=xW&hhRu?w8tsvcX_whK1puwxm0z!prMPxGV0)56BFG-*bw#Mj@f2^T18g zluQY;M(??zi$px>IJHUj8?jNWcB#AYngduB93??DK3e)| zAc|b!fyyO3v1otCJ{U$0`mWq2wUkrJL0Q%IFuZpMU@l&B@@CwGQD-? z{TLHmZ2%1M7^77gB>?;Y%biGprOm0ozb$TUx*`CZUjGOgZR?4Xm-fi==ksasmsR{0 zp5!d&*AYlVS*SObE(Fe}UI=^UH7hTh!P{Vo(xi2i@nQ!A8pOlok$eY}2LTZgmb8Ej z4@;s$da0ufhlTx~{TT>Lww4p|tMQg@c<+81${Z%7Pje6F!oG9QU*=sK>Lq3@VK`F`!HWHI7%11B}8 z<@Xn^GD3j3@5d@IWyzQ#I@GOxVnJ8N!`Rd}P?L>#si6=dIN*Nh@Y{VX!{-@_`FoQ4 zGT=n7y`M&DUzP8EWo5k8b6I~_TWMQkM)ky>`GbT4o@=O?-%`kt!j<`75uiTU+>mcbQrG$dWIg9|i0ig$H_C-l zsRVZXD&HMu5xU^n^xst6*)7;ViJcWMX@rCGmo=zr-`*d%r&9x00E*^@p+=B40jRVy z`ThOM0cd^$Hn7BjMCVE<<$0;o(aW?-S!Ykj$gNx`g}J5u2nTC+F<}Dc$=D}67u-Un z+&n5#$;SfiNu0-0B@rbTfsZzd<|OlwUN`(*?!R!D*Khdb-7(Oc80wBxZO_V4i?9L? z4~6^nwFN6H=~LY)Hp>a^^Mu>>YaAy>`MRC5RB@;RIxl2*#hHh`G^$6+!5FWj6= z5gYmv>L3#mvEKYpwg|mp3#(h9iPJAn*MP=($Mwm9V?0S5t)Ts!Gp$0W{`uR3vagrl z?JQR90cb91eu{Z+rTi>{mMwFD6Dv&~N;2z^x1xEmJ&hF}_u|3sNBq!PY>R=jV8IjF zt30JkmuM5602O{!V+A}k{&u{H-?^|FPj7xTdh_#2LP}%92#7(iLjqNgpU$SIi}xg| zoW;z~A!ljB!B88?=r`@U!sblm)PI<}ft|4}(89-qu|ApZ#i>q$Jr$E^WD?~azszyZ z63OtyEw(t}c)*q6NgC9c4=RtNz5x2hqMMvIyuK^S%Xf3M@AK?ROw%uXW^1ODx76$ zL>JWVOIv_QZ^4HNdy5Hk-BwS&@GVH`y~Yt}W>9SZ&eQT!T5cCfPN`-W)|* z0I*f^`Bse_RU=jm8!}at7#fZCn_sg2>DWEGa<*i<1u34w-84Yp?fozXZAU=AxGq|( zMl&1Tr4CA}i|zYsosh)r@^YGFZUqXK=uVLZw@%5ezi?_XZf_*_bF#59)sLLVs8>g& z5h;5h2dext5(kM1teW_sooYuTMjCfi-H&!3-q-$tJn!;peqNVL91V&mUU4~>be$hc zS(hO!a7`p-)F7`1^?RZY>||NYEp;W2YX606;YlGE_Bt&uUiS}ZVP*32R)iXNp~YHT z?q~@F#ufIqt>~8610K`eBQWben-eHG+H6;Rfn!OyId1*F!!jo?3|+_P8iSJNy3A!~ z>3y8g90y74968^QWe48q7X55|y>VDmeLbf0#)&F9!cZr|d7W4qVFMnc=9qg-__htU z3NO8<(2dVEHZ?w^RQBX6c3dj@3%7<`5PF|!=P3@CGb#Vk;%a{hOXa(BwNkj@<4OGR zbL@M%9?HU6@#*8Sf@Jr0%Ao4jIak&)d#QeH*w%g4wu_VbL10^OQcd^zXJD{#lJ%SD zud@oxY~*p|XX@~X`a5JKo+^W54u-nVsH^FNxfoZzJwprDbZSa};a0vawem+&6HfWV z>t*5gVJp=3F+?OV&|MXKOjr9c70sl0g}5z^=ZE9%wX?hlL=c_9 zp^~I@o8(#KE8uiEAj0J<%hwYh*m_73AeH3sA1vZ#f(KZKjXq?~@K1yX2+0!N8( zC9juE?j=fTu1NBxe2a1-dJ@#0RgE$DdGwC85tCMKrO8N>mTX!ts#RQ~3j`D`-NDXp z!V^jvBNp^xncuPrEoNq0F+VA5Wn&2%vIJ-==VRY4ThiV7-55h)sR7V+QEv<=MlF`M zNS-cj`{s~iUGfE*%B6e$iQW##p$H$ZohAC?F@hR8ivO$6=EQG}y|z$?Rh#{k9EI_; z4m4My`l4{(B7gwMHxSwgLulSOachV#xTYdjqgJXQ<(x}{rtfWGor7ds(!~d{%EJY7 zsUFv%sM;2RC@LCMOb>{+xygrwN(n+kgYjQIs|SjfEYXVU!VE*w4k)356GM{pR9-43 zCTt`-GTNEiUQrh46O#jwGknrBUxP1f?{75-=K!~;@hMw}7%UBfiC@PH7UYye=?$M# zwkV{hqL>(xC!ppOXZk6DogT{1*Nc)5|BsIvc}yRCewg#3h}9D1FbF6~?X;62#Tun4 zk+jWuVk0*-s7QF%_ z(mDAHH}J!aSG9oj(WMFRTP0iTPwEK{DZ9e13as#l*#BMj|I%zWl;w~+j{1ab-F-X& zx&Keh+o(mm;B_UhLHU#NZkpr3iNA1SX5{^_2E~(dKZ-NUBND1}%(T%*^|5XylV^v) z8~gO00A1?G)#&3z-WceI$C^Kj6b+AmF1%p32@mc@=CiQ@dg~KZIO^+d7Fw&ub=H;F zW97`&WsPL~SSPtK;6Fa5S!p7BP}(IA*Q1va`s@oj71nMdnWWL0u1WBmaw|NbnqDFC z3asmJ4&&pAg~OfIND7lNy1o6*9-+avA>nY&gj>hN>y10a^_rUpFP)y}0z#FGlc=gm znkNiU{?g7{Jy%C4vpGVlS*0Qxv%0N}MFo1O*h~JN>QKvic0NDw#`$pRf|<59+Yqlp zRH+o+g?p^~VEjU5iISS%NRR;wLC>dL)k81Q-(D04OVo|G(=-X!;*6?xAgXBIAf6%> zN!f_cPHi=v#!y!&+D$1J<4m5oPxnpZg-%IIfj(5r)*vQ8K!edO0ONDot5?>kuW!vK zYe1FmZ43&T>#$j_GfzdV-^)k+k16@TW+?xaF(KMlo`B$6y=Q>pyXB?tgZdSI>i>Q- zbN|#|e;u3T^`{EOU90bwVp*m7q>f+!g+$ZjFC2zAs7&cC1W|<{810dZH|jI9f-kk3 zXdh&(;A3g6ZFc;&{Iz^GHZxPI0SCKeh+$;)kYZSZ6tgSON340GbPRCW!cY&(snoS= zB7}!2Y!Ma6UW;%`qt>nVWcsaIi`R?*U-#nWoI+`&tR>$YrYbv4q-rE4!UZ^tQIhvJ zWC>m#+Qmx#7VT*hn~NX596zC)wmz!my|1gXcY)vSQ(M>~5!PCyk2f>H zMrM((pz%Pjf>6Kh^9?oo^{9&e1VZ)=4yOVGYxxeXfBRp1|*Vted+}H zvsBy0?bu{Al0Ajl)Crw_4hz>#YsR}R&P7EN0F!_i3^oWqoWv7 zg9-wxlapevOcy==Sy^h@^p?4JlJ^?CQ^g$M)t0w@i3SUyHTqUvfH-Ui&1}rtbet_8q^~Sfry;Z&y)K}tUc=e zBoEg9*=E#ArESAg$yoH9bp%*VWPtY(3v17M+k~;T)>7;wBLV&W_pSjvaD7-DwTG*CXnHBOC)u#Eb%7Jk721L3xW zkD-S3FGDFb*~1y_7}v$_GMQL-2)EOVxySMm!*tzXYrns6>+Y1>Ll?KlVq+y{w&r0$ zUoE_mgIY6o?3hH}xL+%IGFKtBad&EXI1m)Ze~_|GmA1qnkL~LO7=CzEvxV>Q82N4d za@SjT=Ije{|Ho}!yI|Fy{Tktk{a+7jvagNf=tsK8ndc^#53ulTRPYc#Oxf-HBmgGi zZa`g~e>T75F7Zx&YMsz`6E6To;CM!U#wTDXrp2hAMQdP)UHJO%-Tvc`l;<-y>Tw+l z@c4W-hVYB`n5(XL<$_}7u|8aeNdNh3z?Z1#rT@=_)(H?UcDf}t@Hvy{aUbC(Qs>?1 zd@P&)a3@igwtaye*pzYF`#BAc14e)y?*9wdbr{lsV817YydhPTI80<$$HFCx&n%E+ zuh8Csq0R88*=(%{+Z2W)r2()6wmx=T+S=k)Fg||F> z5p}Y4H|TNkXwvTW%&y-NNLall9HSJ*^A_5r$0NP9hyx7$(s`ovr22)BbeJ8&9qkewt^VcOP6xAYmA#T)M?H|784*$nY0ZliWl5hcPH$gs$Y>Hipj;cU-3q2e z15Ak};TTPOiXo<^7cC`WS{B_63PYH%U&G7ayZ{Z9IQuUgdn6ITxS1$&f3&JiB)Oc- zq{(ZNH>Y^cES*{s_~|?twztO-A`8w2yYs}-bhM@>%siZ)s3)MqJ_f%3a z7nrq9GS%RzLp0@e>hxIOWHiuQX7`UIWeGd-T`H0`8~Sfs+&!QoO|PryFd#+pR+C>v zk~t%_QB2r=$T zp~}2qdV7-42%ZRJt0h9>eW-rYMvm3DdOXtl-(N?oqJQD+UskOci5VFPo!6vE9LB1C zO<3!|Nh0#4p50^l$tIu))zP~0C^a1(@3^tSg*KPR&5zj0rCXkbcpL_5CgM10GPd$A zT_WGX${LDXX1mVF;g1X}|*7uH&ZPH}R`G4BQgyTIY_nsmx~wh_%hl!MAov zAD4*}eU2peq;W_Rs|S(DfHgazWT9mC^#VVOd@@2q5*SiWr3 z4l}fHUps{Qd%twU&VA7kM3L)W^t-wtz#S4l)i(173hO!$G}6GG$gB5!x@8$1mq~O? zLt9>dY)SiL+*v_Fq7SMYd89YdTN^lzh4m~I)bVHArNHX!M9vD8bk4oz|8e6g5eK$> z_(8c4tQ@`5UOcV4ZZ;?%AqK`C+7r%S&nWfd{T9t?*<|=H=UbHz1(Sr!qnLNQD7G z&=@b83So&wAegw>MS7OJ0%rEl@Sw?4A38--y`(mPjjW=yTu7 z=fUTm?KoZS!9g3zmw;I@Ygh zZeP|*+tt~b`OSyMx^Mq3L8=9|qN37H+{StEXTSbds5kAkOWTRE^efkTRHu@Ki`8fD@;BKhoACscn$JRtxC5HL8Zl9=SPj(eI7E!`Y zACO>=pnk5{+f62H(J!~5pxMEwehzuUEI~RbKG%A$_~PN5j5u|leTel0Ta{Mrp>z?6 zWXRH%K)V?DGC_sQ#C`3Tz{6M`TKhP+(D#BssO6tfp6Dytj@?1g?!!6#YKC?}0uJ+|RcI zl0oM5pHivbN+oWNWB+`=9r<3bj$0}cVF2h){t>;!*$JUO_yZogRTVd3=nLYMx$ zTN*K#z*>QzQHYAfy&eOQ9{|)nVO{I{5Td?Bxp^n*RPv1cKCdv5B)O^-df-$*e5n>u zJ8wPnzD3nGS;5Je34DhC8>G{%rPv743y?lPyGlQF;p z-T4hW+1r%-USR8CTb$`g-v%&s|J@uXjpv%x$8xNKT2tF#-KOnPMnsJw;!F34MBkd# zl399lBTi+XHEA3`=!587zw`U)uRqU}s_90^P1{6|K?TY_A86#F!&cwhCl#9`M8lahQ&e93_)3Dfjg>$EK7xk zmYLDeuZp!2Z&R~Zy2UKu8CELd8$8FN@$(-j?b%i-br`;=i2Ik1+$54Xe7z14oxn4+ z3ec&RZaCZPlse3RI&BASc;e`szpi5WNP6k3JG%7EvwTa4(QE@9sseBaB%AI}8^!tx>Zhc;zSY;9^cD8%wF&)Ub*VTHBF{qItE=tEGI!Jr&3)rkNLCJFG$M z%Kk{~8Jhq|H(%}r!7qkP`LRaW${x*lu)HjFhq($u`Lo!?NPQgOwd*H_@q14yaWqtu z2{n<J~;aAYAV9o=|W+A`3PkjKz>8w)UH7HJ#8%AgO)m8ec2mFB%&d`_UK%eigQ#|dft97U{;8r>@Yn7r*wYn{n!O{> ztdQn7C{I&WoM=SgsO1fDPsF_(IIwtBJ7Z#`(Jj)67hnLHmT`S*qKHaGS;XJX=tqK; zkwzQG=#&@1(I!rk%4KWqmdPzP(guT}u=A0OFit;|piN?Q0u#3qk;2GxnZeRTXuXP@ z9x;f>EuH8plHsv6lSh~W@LI6i$37~XSxnA-4z`@yWbt?>5jxkB}hXuA_J_oE>gw>$i^zE{VjB#}c|;}I2;FKGljdVdzjC>3cH!V~m$ zmw0wmOnKb^PpjSJ;b*_#orx5j63~u>W1?8vDCqFdaY(Z37gvL!#n_yJ>IJs*|UTJd*=-WIN0<~H4 zP)$em>X%QH^-puhtQYgnpNdxXJJ!_NyGp=KlPgJXouXIbA6)o!jpG!`s~hs%u`kmY z!)f}Z+fo;wN9@zMAql?wgNzMg@gzU)|M+i)y#;}r`bm@A!kTbBKls|F4c#k)J^$${ zx|dDm8OL;I-PN@IG~yq^V+7Sv6d=tShT9qn>Ik3rQKjwGYvZDolL$)}{8cX$xna}$ z0&%*=k_4)Wu)porkrPdIU~k2}vK++KEt8mfa^qX^m<6SxjoA%?bs-B3e&!@&X63rYR=^o z{~eUBf{XZE`O`nj=VUqGhlC*`eu!pkOUak8{J7oE$J{6}uEI)-1Yi7`6gSKLKEgbC zlpWOI!N>V?wE)=GB%c=&eeH2R%+-54bc3pByeqcJO%S8{57H$eM@UBp6;p`EI@m{A z4PKcg)ZmxKxVXnGJrTD?zB&Kdb!@CWkGIb@$6B|!hPG=>Z6$(kpIF&pGYnx!5$U|a zoB5&}x|E&j@LM$;v$~ViPyG$s8{Xh|7=4KWk;Eo2oD#1y#Kg9dQ{L!l0duF*<6po^ zS{qU^)x~cVE0a?#9!cZ$+X11-)fbf%TBQs@z|ubO7e6(!WNKI->D}=8Ebs?&ar9NW z={-O)nh7K*jnS8_m*vjBVSfEPk1K3LzFJ=BC)$UajJjreZTXtn0>bT4BIAl;0n(6*;6jr^V|C&Xc_*cYul3`4D`wHZT=sIJ}# zJ!Ke-VNl+a+Pd0;9OCJ;QDb#tOp~jC(EX}MANK-S?40#x@{70Sh*Z;|I%Bfsxq`% zz6p2%)H7~U#}Q<%DBaG=sABHTNRW`39a6$F4sa_L9l)n~2hd1GU4wM98!#*mk(f(e zijP(LO^uo=)U&F?zDG@Ygt=e&Y>nVJy?)C%7w6_%%o4I^6L-!> z7-pvIwP~Tkr@>EcuJqloZR=eVsrbsQfl1#zG5g?qbtNv)3fNSo!#nY{?pqdlablI8 z+E--7XA#}-;u8x|jWrXA)F~C!BB-h6enxcfeY&2)!O?OKW00Q*jj?xpC4`99xn6GhJHUq;XyU*q7w15f-oLVI3W^D`of8ong&?1AjOqnel zKs~e0xG|pHG)xW=W znQQ49DVr$CBdom16%`{TOIh&p%ur^K=0pKdETAqqKPoWNvoH3Fx3>f1q9jfN^ zkDATXrwx6*+8+ zS^Kr0`X$lJ9SAz{JX+~?+r{si8oqi#2~f&OC*mWWt{CEr`_H&TT5NN~W0@Khqly@Q z;hhyHZp$)u8IGEt;a8Q!-7mpWkTy%SYhARFrcSimeFAuRqEDvj^4cuO zpE4MzHFtsP*7ylvVJj5^r-{{hm_(X1x?NRdeg|eaROSx3Z{#kT$lug$(!oMe2C1XZ zfav6^T!!DRTVkZ;FpSctLtL^g?0LZ8CoO#M>dQV=8Zidy+-yU=s#d&Eb2hjGw(}O6 z$;Og5mzw!ei&qjT`8Qltnr%YymWChZ*owbiI15@6?Z_hf)#%P}Sw~o1nR8O_*wU|p zT)*MjJ|%-~J?*x6>AA}60v7(vH4EshsYzTic*r|yPMgs@!-I9t%j^HbHOT87sk+5m zJEo09PW+;H7T=MNh}i>^PFp+XA^<+-KbRCXlN{#+n|^`enty;V+;gw=5pqfQ7WcTF zf|wcaKH~98K}CWB^g1I5oHXXNPP^N<0E)U>2+AhsfMG8sc}d=Sw6P=D=t-c zGnAeBpp@Ha&BrdwMy-9K9M+@DC>f<1sN0bLnQd5K!W|EDLu~HXpKWW#0D_W*J_W90 zAyz|svQg~qq++_L##p?huXjxo9#H)K)vQoz1P%w!p&B2;+Uoqc=c6~Os|+#RP3~+f z3HtT5x`_X0XH9ja)bmQ2G>*PPUlr@y!p8K?g3;P5Ml}19FF$?h5|(Id+L8&%z)7<;9N_vY zYxy;Me{dr0A<(_YOK;8y?J88bR`Wn`1hc82d5c1*NdU??eiDCOpJ;vqz?>ihCalXW^Ga=lVtUoEa7)qflI|iae~EwgZqj9?#V)vi!uOe4 zubCw$niUVPoACP$DlCrOIQTA^=*NNdBaLltbsJP3ud}f2b!EWDgvbockdw%KzLJ9M zLiL-i67nt^Lm2v3ZH`UvBq-V6um=EQKSdLp@U$J%Mc(5|LTonKzLC;;X_`{>0l3+! zGP?1o{PDR4Qz2QLqeaPYHErD9F?$f~|E9ah&;Pw~``9EHE@8|tMZB@ znD`M{h!#Kzp^JQT#-y+Tr%nKd8g=8*^ym^`eC3YE*KFmYvZ`IN!Qi{6u{X7ClxN+h zJ30pWpyU06M(Z+4KcaDZPTIvoZd0oO-`@Uufl0j36s#2qeG?JizW-A1n8JO)SWZj2 z1vg)%Ur14a8XFcyUn-=-hhwA3a|7bC*sjgva52LfNq>BOt=^1zT1cx$(|7`=i$q(3 z8Qe)U1`HQ@segcns@U3;fo=Jd*&65X-6uV}wcZyn@HeyTnt6=y{|m>GG}H!u$27A( zmPmu|a1wO^)G}^Ti>HxLcg$R5wuYG3)<^~dqWFcN7Gp&cC@fJlt`8Et=F%dI!R@0 z^_o&U>I(!;6X5A5PuP}hkZ?V^gK6pV*#^aLSP0`)lxXk^qDZ4Ll6uHexu?3oM1?sj zi`z%Ux)ZPggqsP4U$_cL!T2g~8*Va!UYr)9(~B2y`A4O_+F{&Kb&=U-ml1uLi-+oC z5%M-+VM#ZY`wz|!-Ham#N9R>GE{>L|aM&)9lgpTV3O$HL7u-IH5o0#^r0)sfxv zr|SDzpP1wsA*If_x@t;Y*{Ic4lYTv_OcT1TAkx9L^51^sWTFFn$dG9OjTe0CROkg*wkekJX@Ux!KsZ&C+>V?%|kwhBs~L7!J#pvsE2mYug?0`4tep#;^&CjBCe}= z-H6zyxxc1}QET3EOvSOQC9WHJG5vurK?C{MEBM~QATQIf7JOUZh8pg3aiWqV}r=iXX5A-8t>5r zvN`sF49DDZ(^&Yi?M8>95)Y9 zS`lspvL;f%QA}S;ZL$;N2Q-GR@3#J8q}RC1^L^Si4yL1|67$^{M6@x58%=(fC|KeS zgv)Kk5j7CbEi{9;XZ2BW>zJVy1>(p&d?n)T+?b+>!cTEm_{tVE*>>4O0lrG3a~Qd} z+x-a7tlTLBcl9OMSTlBF0By~zl*?=QO#s}a7?CP}!ndpggpNKe+S`HO?6|u7E z0<>u&DnP$K(#CTC3tGOiHM{Wwgxrdp`i10~28rDJ?aIxPs49x$FU?~G24QXhi={KiQ@N1WG6~{XIwRK%?vXE%7`^iwb9BAKGJ$kW}sKj()=#V zy`T7!8&B$zs{R9&kvSBK@w?FTR47$2^o)uGxkf5^s+Ca^pzkoCCi9aMq34~AxU{yq z3!GXdb7)WeyH3M^=R-Qxh_J>#NmMdpl?e#N+Geb5>;E9>-iih65??FkZwUM*Ca^C25e|)@!#$qG|al#Qp@E9`3jj5mu?WKL%jo&;^U4Q(hO%xbw)hw3Y z)61MchDAzC?r-?_t%gZMap6l|Zzq5g+!vX?Yq6>yV0+K~J2bWfyUmzhfeBP#4%+Nx z#2A^bjHtJoy{Rv2W9Pl7WQ5h6`Fd3t1U#Q5jxwkaG??KY>SM;080=JOd(83l{#`Rl zX>tIVM7KZ^{U|(iPiJKA_FD3#f1r)4oPn?fOJS0ZN&>tqza=cZt*4&m`MZ*6t(xN9CP)!b zO{%?Y2MfoibHXPh#W7_WZc*`{7ew~lWPt^mYk#)MF%SKT^6jFUhp{X^i)~P@5EJg| z3EJ^2zHk}x*#59J4tgByDD`*sw>`+q251sZOF)|2uVNC5Ah!WYT2`qRiSRc+hbZXq zTdEfY%c+p>B$^zPlvp`mDJO0ZriOMM1uxkMzx#fJnHrERe^RZ!35%D+COvei`Jup` z!aP`XCF^KT+DALNXXOK?Qt9BYg&pppmfYe2{cpb* z9BK_w>M{>f6f+Td{VKf&)cX2&9a5M28>uCIa(XJzm+m<5^p|zBZx(s0ISD6 z`Ok>6N`cf*-MdRP%>HWHzf&8pT~p3`mG5gNVwNfY!X17g%AUEYafT{Whlqc8tB&E{d1)GBrqZM}y$`Sm9?KGGZu;5|BjEW2 zC9!!H5y*y839^3~TE$Ytbq1whs1>RqB5dwMlqGHcG49Q5OcjEa|GzJmn)lPFYyW($ zf*SP!d%q1~Vcd$nR3vdDVi>Q4FCn6pgZn_11k5#Is`ZKDnO8%s+lHCW)j6|NHguk8v&3PDfTqzrF`2r^ zZX1wwkp%W(G{iREqeZ@g&MT@SJIO{ej$>@`E5H{>2xE%Hk9L+rn+YSzAwyk7D zXh$yFK=a1C!28BaV_9D8l}y+Rv)O4J70u9$_CyzuuM$ZT=iKjP7j`@Wl{M_b``j8U zS+qmO+wqXPpJu+PgCPgXYuH8ac)84?1Z`eSx*RG&{HpWooN6iu33_PjG>~^soXRDm z##c=<4+u*==02FAHCO+^*vRD~HPzxc%UifEm0;LfcBWOQ(KyW^E}g6H0xw^oo&@`M zErYP$fJ8d~N%1jQc&ge%ypCUXC5QW+b#9RDyP?Ov8B%8X8qIt0Zam zEvmiVH|h6&j1eYNom7TVA=&-$_@sI^FaHa5ZSKt}EEJV1S_jA2=#t|?(326yd^Br* zcR;g7YF@j!CGte2*S-|A8;pa;eA7}QER}4)qFn64fljcWtx`004Dt=*U1W}gsJGNe zr*CnOt_bB$Mq^kjJd2qQ)=Z>{A0dr((mBRJ>D&{-V1dYn?}6{9MWLV-7cd}bo~M8` zslE~s!u$RH53&z(qsw>eH&*w>(BjF9tnF$rp0&V$TA<Hs`Q_z+|k(&`?qwbU{`o zWM=W~WbkRPWYv6<8hr~lSH4V~pdNX#{XL9QzVB2N=IlVA(_`>w)AWVsP_|gARr}1s zNOIuZh2sZsT{h)1x(mg{tTqm{6j<(;36{WLxGer=GBp6J12CXxJO<9SKdvciXsR2G zIS}#Zp>QsUod@PpYe-|omzVEIi=aE20F*9GIMDe$HNSt}lO0XdefsvuV3MO78>*Z6 z!WZcwU))3vV;pQ*P-zMp?U5T7jW)&yN5;T7g!Gs}##>ZeYUap?UsOtDhVd_4 zOr+~foJmQD9EI;qy37f5qpXng)vAAKv9MfZ6)ftPwN{+rz}ZqnJsPpp*MG(!bd9-- znJ<9p|9K0Kx2gEC`-Vrj!SCk3xJNv~A;(Xa`S(L3!hmlVb}#f!oF(u2<-c&tAE|F2 z|J1|$5$XIT;nVP@@SP|{Mz|tC&>8P{}3mL>Sg2`AJi}*(M?HKzkkmaggMqv#x7iG-kn889= zsH|M(#`?g!GLf0sg&&?u_G`JjDK5n(HxEMd4svlcOJf)@BNo z=uM`n0{Xuo|DYEE`>t=Sai|@Sai#+jiW)E3-WmQYOP_?q%Hxn_=0g&+tD#v!t*9L` zoNU7#@H-biWXO$r#8k;(%_?MftR~&IXqFFwfUI9}ndOt<@lS65hq12!ilb@QUED4B zLV^?AJ-BOdcL?ql2oT)e-F0zY+&zoCYan=V5;S-7f8VXT=bXBA@AlMA)%HwJch77; z^S=E)PxnQ;PkwYrq{_f(?4!qMMtph?FxXv1rrad!amTx^+{QvZkx~8T*toS=P!`5z z6pt&-kK^7(*^GA`iiCxFR&)(|$3>W8ER0X;7#SMdSQf>l&-zuik^HEZ3A9Gny_cWj zI6}kcFwjZYRY47IKs)nFqNZ@|R4*>734Q#49_aFxvv!1)A>0#~ySI0&;nF2%$#b-1 zq9u`=fuFXCz+@fe+AE*-J{FOMQH@gSZOVG7dglmCq>H=PvYLRLY=ht=f?%L`(S2=+ z2kBA^3kkdpkhJb|A?`>p_Tpzb=DHB0#Z`#|m5&kZ3fluIf;M)Cj;?qr3h%h0j?!pX zRin5J!hxG((WU)lUUEQ>2uLT^H9nq0C5YsmPV$@9+L&ZooUpaCB)-Q{`7@C*ZCafG z%UF9iQ0Di6%4OA|pyFGkrc#Q8nj7FVg*Z6 zRwkEiL&vJVL>GKvd*(l;{eA=FixP6EDww#d$xEI8qj;b#jKofkx?xxIZXqUdPs=U{ zxmKewAWU1RREa63J<`R}shN7e z;2&G$Pb&*4|CSN?E1X35&4xoRTyL`RutZj88DnGMt zCc11qmY?SC(WNCiRCO-b5*G=w=k7s+}`2{U{PIlfHr8{Ug zv0YD6UyxOq+PBb>r&T6wBqG~5)(V2uFCSeLZ9hmoR^Fb~Qz_-+hue@O)5kr$DeC_i zLi++`2s9UNs!B`XRI^XS_ypTCxKlPBknI{vjd=918d^a(E*IO=1dCYXT0@r++v-vQ z{F0LSKTDE6s?=xemyU!)Lgv(ZEj|l66r*XE_=mF6U`pfq8g&qrw|%$x@hEBh7Gc!> zCuTF+w8wXg(!>Y(0SCu);MRKvIr&(E+$A4G-UdC>cpUT0I=SfY)s82)SGcJNa^Ecl z;T#xlMu?o5KUVG(N1Le|B?zNN!BCKNV=y-VLUl3$cll`~qyf3PA|YC42pxjL7fueY zy#!NYJ0M^4Lv^3O7EbOz2*f}CWNVD{wBjpaMg5$p0woV5vj#l3$UJmXJ~ya5y&8YZ z@B1uq@o@GIM)e8v8`PIV*pt2vewHq~!u%&lO2-DeFtb`|iT)L3t0QUaeH8sWwxwQK zJ7q5#+CKm*QzV(JjhoJaLaP@~k*NaiNW>uhU7!*~ z>XM~sby>}c;tzm}*quK%L>ad^M;_|!l9mQf37@nOD_6tFqy#x*K%vQl<{B?%B|}6T zgUOa!ZOsgCz^lYYcvjx!8%}E5-impGq0(ooJ#OGNXf=KnWgyuNFZ%r|YkhJ-ZAp)K zPwHI%ru~JXu5YM;z4cgP)M zMAKbo4?^dNz9Ltv&d5mgi*-!kbNWewTHnSEZP|<@foj1@ajNv${nOh;MYCLGK$!_F0%@|(vQ8flB_juaz9o0#?(xwsE_GdeUdbT&66EFgKL49f; zDHQGPMZrcR{Yq@)(5Q>Vs)H$tlpyX}^;v%Kt7fSh`ipNi9D zb?(?|&R6*rqdBx00LfM{56@;)%*uh!O<+TVn5?}$Ot(BTRheDd>PK_tocJQwr38i~ zC&`tSKwEWl6O0p4F(jN?-C6!)J#DI^95AE^@UE?lhlgCR&fKK@=OluSF6xZiEeRL? zyK^z-ZPk&Z44rib>mmitQ9IugIAxh4YlJ`b9gq7CEM^{G)? zhn+^3iocHqI1PS`hzwO~s^E=+F**-S6tm=kmJ$nLv1rG}$Z!H( zQvh{S21tSh)~}!vbE#YkhT4|NuoX;xi$lx#`#f;BWu_1p&R$Q-$cEjJSFn(#4^9CZR%dNd4D@BGHS0`m^n@Ig-W$N(|)0WP6 ze2=Tz7O&#%Y!Qg;wYa&`KQlCyzV(b4T^Xi7XrXv7)2>r_Ni(A96@9@)t!SUlNfK|X zZdoc$k{qaXs*%4cu&`|7tpJ*a?e!U3A~%^VgR!bwdy1_!xYI@j)X&f+K_}= zihmAL`S7s5lERU|H995{1n1VN){#CL}n>-s^nd7QKO$QzH_BPL*N8xTd z87Hw;M=@kaQNj1@FYbc!yrKq;lzN_7AB4; zYtM~|h9V;YURy_O6L*863WyINFS2=8W~t0Lk;inf&7``DtdNa5P)!SU>m8w57@v?UMr17)8nq5A|C$K!xk}+ay#YtV-pygI4m!s}6>WkWN zZ?oOpmRfvyu~h-^oZ*Jtbl@)PJ-U#-aEIZHy01p@@yY6)=u(>87uk@t)vKC)UywY6 zi{u^cY-rV-|3DHAFDefT^?^76mBdJEqH7^1-HiHnI)l|Bm3$iAk1eK-`Z~Ek08}Zf zMiy;b)MN_tKH%1cJZ`Oa&5zr5aC7TFY>WqyzdV-b456@st2nC@68`u5P{Id~-0la$ zp)WbbHyBF0q(lEbJ{ZdM=&~$-5xMx}CvqnaHM`MuJ`+v%0E)Bg%Dnh_d!KV$!5{wYt`G@^Om$@!ZUpgSV@X%Zc< z69bnC#u;ESKhBOxOJ>i@gl1!E<5O7{BFXZ4c$4N6zS`&(cOjAIbr|oGT2=6tYM~EB zALtiUmmGU1lhIn){SX6-%u;Qx+y<^btC_30>M8H)x-Dd{CAelN#ycXeYQ0m2i4*5w za#GBATc2&9k!)Ec3_fjywke;3tdfpiM*pgys|c4mz?lb(zkf-zPZimHeDO^;_J(}z zjyi$%9JiWp+2Z}V>Nf!=oEz1VWGosB-mzrw%~VTAo?R(C4sc!mKljk;gmeY^2J;Vn zCuxK92A_Svp%aX6A_j~~FK|o7zPD(kF*U=sc+P~v*&Rd{sj0Q6nX4_dR_=##1dbApwiYY0wC9n_q59 za#xly)}#bcCree^i#8N2@u)c3iuMIZEHgFcrR8ywuq z{=>y==6*Q)&m&{QWuK_Os==C7z0h*kJPSm)k~wtXW9CoN z?T}Hy8z`nem_Ze(Ugeiih!>S+dN0*-EN`x&8xJ&)BPN_0XjNtS#L2{}U!lnf1g)3S zo{KSg%`sAcrd`GAw7OFB3Y%Wwum8RL?>#K>j3SrDs=W)+H)Hnkw2v$#9Q28b+!w7Z z`}H5F$`F1;Vb$Be(S;H^pb{GQaYhvA6PAFR0 z?IS|xi?Qw2LchZ;d&d^SRJU*?LE1FG`cTK%LZm($AIOp1g>@3hivELAp?^^-f>^k_JSCQ#K>U|7-ZNu9f?UCrN4 zp)|zPxBTU$k?UGadkMv@e|pcK8tpLVF99=qUHQTP%--Mn;Vit5=Wm2B*+u^QkTc`S zm7d8aFRXF1CuQCgKiyTNAAbOosP87B{=&Z#$wI+>3?hC|%Z>c`aAtLM!QS`R)oiW~>xqfWrsymfpV6LXGzs9unm%i0wylRc262EJ zdx1XJik2@9tZH)TKH!gy%Vw|cjqf!>?;WE!c}Y}b7#Z~*UY2ho2=N~wjNHPSg*6z~ zb`t-})f85%4(t^+=CyHCFt|-GWEDN6r8t9h zltYTN7U+7udB5j$QES1q=jj;?z%@guLJ-yjwiF_Mt1XBA-k=@^jc4K=aNY%azh*%z%gud1*5qy-U|#)&qv> z=!DLj^Wa*-jx?C^pt}7591FPEauK$)ZGx6#`KngKR8V8~vXtPYRSl^wP7U{pU8-H~yxs;gDsm!R24PGJ3SDk5#x8?X`)=q~{alnt^S`xj11DGe-y8 zVn{$|scJ@K{KoTLD7`^g&7v zymLo>H)R#8-_}2}eyM(Q{fVF2SpAjsv?}%Kv?||&hYg{ztQ%ZQIGolOye@jCDcnJX zi&Z__ul(-;n!84Z~m+D#7<)G1{+h!^WhFt?*z80YnRNRP2q#Gcx zL8rg1dxH`E%(dFnz2Lq23mTN2O3!!!4WC(@Di;u@(&p0b7^%C*I@eX(*hp~Fkrl2! zdaPUwXM0($751=2!mJS!Z5TE#|LMbG1c5Z5SN%KBS-AvhgpD1(sRdP^QW#oRp+ahO z?T0u@h1LZowThwLRfYP#2TZl9-Tr>rkit+8tfM*UA!SCaS;gV7X=o;tYTCFC!=zNX z7`Cb^Xop?pCNO!Z%lTzlx9hZXRfkUt*ifY}e=3sekv-L5KUGb~>tSb0yPt395pl1r z)!23qT*!BTb4y3X*wpDZemU-iDvL2=!~B&NgGWGs`OgOcfC1o8u!~`0GSp^`fVM$szWOJg!AeH9*zVuI)km`>4y)Incmn4rDjmXb=sUC9TD+JAH%sIWq#6}jNFt8tk82$%f*hj_eq zQqmJSec1EL=W#Qg6zw%oXQ;>{d2c&Blzly1Eg=XmRdcS^Ao>c&~0*AFOcF=^?$)nmgU`Ck+toUcgZpdfso`p!)2YzRS)T%B#0qc{QtJVh8yp# z!N<-a3a*_J*WHYJQrN?caxa=sWD{*pMQ)eqPjXKg;#4)`^Jp^C*U!I6OeQp|JN$0` zUi?mhzo~jY;7K&n4}&W7uWXaJtus zDN^pN4)pyX_4r5OK37oUzuj0S8TAgXFI5lq5TEV0D9ng%122Q5opZzI=??PXWJ^2G zKY;1iI0V}tf#U5GTkU-Dc0sWd-jmP zhrZm5hFH_ct&l~i_CYiy5I-;WmEAb|2>w0mHHD^HH`nZdh!9I4yL}aL8AbexSng9( zPEX_GBz$w3Qh}n+eYr83RYg>>kT?21A3p~sWOXHO5AHY*!0-|Po9KGTE$ZuHMqizEdrd`+Xo6a=Y zHVNgDWvrokUq82JjdYc1)!N$%+{Kp%TE*mA2<6kJbu5~xb!94e;D4n!g6F{a(2P-V zmu;9VYLw2>M$QsNXxz-gEO{_rB3@e28!adnqSp~jg9s|;2^L8rOik~qBcknmyQG4< ze|Qsk(QacnW?Ih2FyUZr_XmI$&h>6NRjBBbo)eU@zQT6Ud?NUQ%hSC4rSo{s)X8$? zyqy@dR#S#-nQ6wJBd+^qNyt=@v5{7rW4trjmLVxki3}LZ z%*zLO43S$dux^H=>n7F@y5MWVnfFyEm9 zXZxCk!=zCboG5~wHXJ&2-wOf&3g%ie*X}TMykpP~zL@mdMIpiFyS|B;o+E=F;D_xr zLsDBBCicqSpE;89WbhU_!{bA0T_eGk@p zU%^@WndYRoc!Tp@g<%QCmZ*{~Zxtm!>aEPAd1ZgV{5~7(X=x=17O84jLgcXj#F3`0 zA|c`RNk*l&J}+~}>0{IoNG5mC9DU%Bqus9%6_1vdv6 z;Px=G7bUSoT@U`OfN9MzF4h_>rjmUzWGACElYwAL?3X>JavkCxg7>EQrJ@8z$zEMq z7!YUg4VCqe<-wUXPrH&Y76(?*bkP1W~ zFdnlC%Qkz{6R8@91acy!ii?f}^vC zh?~mDG;ho0pdz^%E){B}@~Mnbqc#G(yT6SmTAP*#J!MYFeA@dSwvak*C<2|V%;OM^ zHoeS*A7$juys`b{GM#!}x(O%5DH{*SlHT>t!JTfi9oR*eUs!c35xF?7bJs7 ze^%PMrc*6yl7=f9ZhtlX;^8DQhkL>^9vr|mma&+MV1LL_@#XW1itYg~w%cWDz$#-S zp&oqeuOG_v0lO0tVO4h3VrDG^*&Ox55(lO61bUyv&$?BmbsHL?smZ&eAJ+SD#3%-Op(+6?L7sGcwc znIbJaDF?%CU>leOC-hRrMHLa~$aL0UaD0fkN1 zf;e~Qp=rj1<}(u3m;KBCqv}l2@UE9TDSZ3jLFLUlEYq1C1*MdhgolBG=*_8F^Rh6@>M-XYWecID_SHzwc zq2ufyz(C=ASGQSTS?lq4no!YM5{frFtW>D}g2Iziz-gDoSUFJX1b$U-K&%T!^{+f- z3@pcddH4L>ywxdO{Xw7B_ZT9dyM)3e0!-KV9Cte+*EXCXV97xEa5SB7QTpgeH=!am zxNq&|h!MawLygL-)XH*I+grrZteCu{{K}?oB{w@m&x?3TzxIf|P~TvV6eF`QP8l$p zj9wtH-#K_o$Yn6nLm+8=vsZksrfRDWC^BpwCEs$vu6w-=EAVSMg9}>3*22E1zG`a>UxQ~GyVbwm>OM>__=*JQ-F(|EJfA=Qn0(W;&Oc!1<@9-fxBTaF zc>R%=UaWW>-IFlBIs>ilOmSbMb-`4qSf=cV=OF=QyT15S{`1rfV&6y50Z4PRc%X?q zZJd1omzeaaIOV>ph$|R`VHn=Ap_hCoUWVqgJt!PGZU`JZkTC_^>3$_-TsFJiT z8r0(?FD6jci`C>7*0kYabts~G`HJZ?{XQ(bRk>6^d1~7J5XCk&ypTboLN%3{v-jUe zqfe+-g+(MGbqapuz74@VwF{==d^tb?x>hTl!TW%gAoyqh6Sng92@?H3fG(lBe5{ez zUBAP#@L-vJ#ShldLQ(gA6L+!r88`jgc{&Hqrw!Un_@3*-Nj z*hNkfF6V#Q4X(KJscA72;j^(YllR)hc4`omtEgp5fe0!lJV^==e54sF7ODcnQ4O#R zMhQ~N#-GI2*HyoWTSiNv^c8|B%mMJ3K+(RiK69!*-K_*%NfA3%hn zo9Rk$1V)4lCqK;$GKn%`Yl`!)Xt3}+a|MB+*{S1MC z_KmKVG|$#Ks#sVL??*0FBTk{~&_w;rIAEh@A0!dtn;kP`(hgs3AJqLR&;?{T!M7SH zho(YuL`gxR!{kAU_42vg_lFjlSwu#$VewG8hL^md*J(3bq4ZJRH;;<73%TM%dWL_L>WjN=6Is_a2UbJ^7$Zb-`tf!z4 zabI`vtk?}rD;%yYaTKIrg)9V}NyxwaihX^8X!GFjH~#_nLWdQnH=oa7zAWTDzfSx4 zTlI=GZRf9EOrQNay!W|zV&AeY{Rn)wDV%c5b`ZMYe{3`?q_cyApA-J}fM_S$X!P$8 z85HYGCxWy722=z0veOm^L5n)v(xTMSyXR961&vgQZ$fit5elkm0k8+K?KL~Et)aEQ zDM~R58tHM+Syn-tS_ZWw=63dtn*$ z7qq7=-ww&?7{=wGGysK=H=cym>4qb?%i3UL#--erw0ijDbh;xXRt%8j7JR(rzm^Ub z7P34NKR4xIHgvo^!dtccef}}#644T(t?N}D3^py9NOfq}g%8B?Q;|c$Ef;8^7b)X4NlagKwW?RI}3C(JNP(06QZq#HsPj=-O7 zo$Vp_LghPu0DfrOtu+XqEnW^ zgLXoxsDWv{Z7wSxFSX4FUYF(0e7>^we3fLwDu7S>1(>meI8iAeXSotZ`|Mds*3Dg7 z9HAq6WYnAyu)jMMQ)=AJLdMu5`|&Q(jxneLn?x^5CyT{|6UnEolQ)AZkDIn5pjG<0 z39U)PY%@URZbGpX=bOLHJYQ+*;sS~XCMIKo{_jx9v>Nz>{CL0otFvT%I+YET{vi68pD{yA6(h++rF+<%;fCG#_ zN50m=zmw?nIWK7lnEqrEf8yqZhH z#(Go-Dd(Rg)W%VfyY@=mBt8l##4VeVxVmQEh3SxaIk!itV){~(h)6WIRZVad5Ke|0 zrjB*UgaqAT&1+jZGj)y17l)++TM%F*2Q2W%cb!G)G-p&lq&0Z%R=$%k5Uor?kI}sq zMZb$@tCE%;eA@G^DIhIMpr)d=3qB$jQreMTo1`!X1;U65r0-Ud-xeAW*r1x%fkYyP z;$~>)5xc~a%h6?I-j)UR2*%9PNqea&%=;toxeLmvJygj~#)WbG;J_B~!sO#|q*^Vm0Ic|)2- z#PNQvPY~)_1Ua*Ahirct3-mO0WqJR z;eIzucZ!&n<=d;cPC@9Ac8DtW8v7IzGtl06p$ZkyV$y#$?mekSdD_faQq~hVSO5doyUybCG%W@0k5k(;@*hSNcV?=V-1A=R&2_T7$g9t0e2qcS zh6aKZd*3|jY#N+#;o}ylWNhKYCBmJD3laXs32tTu^8bht{|iB$WARRf@9H!tyVbQjk;$IWD<4 z7T6-4;TI?q5>>}_7EqA{B?jh!>Mi7IcoM!c)M>0{&;uzoV}RzNPN!cvmy~&9ZK5p^rrF6+K^7pP`(PEO^mq zT9ZGOHIvEMYwh$;Xe2kjBU^g$TiMmthXMhqk zR1zgiGeh(&jgiy((=+qUp(NG<`P|=gi^Bq;{a$-a=P!ubXbFs4EDhO*&Hj&o-Y7S4zWW>>dUX_PeGNVbTh=WUR7|_D5GmO)+@PPzexgS zek#X%OX^ot6IBB{@LnljgHOBDBgNmUlzR_RkTRFeZ*GqnkDK;lXdPqY^MZI?@y!A!ANZoT~7Y1!L+);$KK7<`VeNE5|`vWM#AG{zh zC8c&COAa9K_yfR1_!c9g!lT8!gX!du%peHRlJLcV55KFgx{atSTW^g~$ z`q#va|BMjub%m@IZouf*efXL~-=@?dZy?KkYk-21-F48V&EqrSu|KkXysh|?5{3Ku zvtP-~{Zgbl)l7!*pG7Q%Pn|%O3>FqHG@w+Rb}0H#b;WUprb+xANKLW!C-`| ziU$}~o9Myn;b&HynZ7g<`(Q~(sO(vSmNye`FaXr_KzkB5E}NaGclwD&(*lkjzrze0 zeqcw?L78Q90IMKNVkmG;m0arJCWu#owsz0$=5WO~3M1&?$AaAHU@<5niNHIcxw3g( z$0$su_Yo1`K#kNelF|@g;M)7v))XC3ok(CvSuix#yzMsZ`eRL#@f3cBA%iWK^sel# z=c>W{x_{D7NAy`GQ)vzTHv$YmOVAqVRCQ;i!u^UQ#&Fi_fLm`=JH_sX=kf54v7DS! zA(b*=2F^9MGVC5}|3kx0mEP^HxYv7bs)5^A%`9$4$YlT@n;s~Beu=38+r&skyMzRL zkzQKk``o*6l>qX<&}eJ6@)>>DYAtqJ9Bb$stO%&aCOZ&>PZn_#wLK=fSwrp3rLR{^p(k_ zU*5DgQng60HSS8UO;0Oh$oD;U_m@i*=6+#%I@(qNsBj^FscszH&lK$Ugtc-T7cwVc#>8 z1w*%km5~&oEm_u`%{!0_tnb9v@&1uq`dQ=}U+hY^t-bCB05y{r` zxbI9r^Q;g}wT90Ju9yS5qe3as(KZx^pBLSKb4@qrb|66`3avOHus8;UP z^-mTl5s}RMs3XtMw*1FjO-z; z+QZKNGp_gcVtjNXzvCjA3@-3O#blVg;FAJa?ZwH1W}M3BrZpH~>~Ixl7L2`enLqQi z&HozJUq&@UmAi_UTh$AIMu+y_XUm6Nr;>f95Jvb!F=rX0S;TRQS7j=)N#S|(2S9~S z3D`_UMyNv9$*W%3Hl&i72wi1^VSXi=BNZ5JZPYR(Y>!_U9h>D6N!WMUjV9t1`zn)c zJ7d@1sg+kr^VCy5C1myg+DsXzzLX1v?7T;kYbP`?wiLm!j=6OeyvXUeuMHK6Ko6HE zP?Q+{q`k+8rk>N*Y_G|m{)i=~B_$Ec5T>EaWeBo=VrQ#!@Z_x)hed0g%ASt@10aV{ z^m5&C4^x}{C6j?cAp9+?^SHg+Oc$rOK{;>y!XX_EDy(22=Ue=_{cuEJt0z4Gi24!{ zgEHilfumZM*B0swWVs{&*^ykwP&j6|JG%#piiLd6I>?PvhN+Xz$wk&cf9ygC(ChkI zAf2m}={^(~+v?nmqhY@VJ7a`{Cf}JS$($N>*ayZh+$Xzu`I%~W_KpV+<>R3j$tkeM zk1}L;^MYt^Y`tU)udTNBf&kAf8E!M8)UuhXng#?pJBAHteM~4V)qCqgY@*U|P(If` zC%<2+{~@uCw5aHz)V}8sHTqJ}m>{UosJEAuw5{pW0xHCJsVemI&UOCUQc#bnTkRKr zN5GFjH_CaRI$x<+F>jvZ3|Mm7YZaxeIqiuLM%o6w&7Nfr{tF5#uA6O5TMxY#P_|1` zU|5xDxAgW=*oSG~$UdEoH5&D3Emz6P$3Qbze3N{JV3m<``np3nVA7G@6#}@jiF3WP ztO0_8kzBO#JO0`LV@ai~el>z&8=vVhPgeb=E*pd3h3`9R5V5k42h(<|Cr_op!vOvdq&_6JM*mybz zWQ3EZ!4&0fwwl4<*}SsqzVY&bTPsI*W2_#177@93F5B4unaCZj|J;?fjR~FDv?04E zRs8t2Dv*y3p?YMc0x!!bE&l>BJGQB$S0|UL+egj3Opv0dVvh4CYK-+s~)Z6vv5iY|a66H&~f7h^@Z`P&oHsQ1+};_F2LX(0%T z^Ts)SI4`cj4KiGNkF#n|Qn8*5Dl+;o$kRSQzGwf^nDGdOb0G_a&P>kmF;ki%#PAt( z8@Fs*FNm;R`T3t+YWHU>(EBH10n8<^Rk3nSlPsrJ%IFJV7&lCA$mGsZbly|(^~y!e zXAp}Gp45yYR#8VGQz$aMCfjK!f|2Bxt}!jqiyhlNQ{(c~^#y>4mh+&d%^a@zkSxa^+AL<}La9zKmleu?uEzp>*EJs2!KzL(G$gGx|C-=L64M;_@^KyqXX( zIE^L%&Zpb#1L6zc4Z0Mu$v~SPN*D=y0TJIh_Gj`hbQ6X_HvQ|*PeWz-Sck9E0E4Qx z%o7izZx~Du&Y7&)E^5`^WLCeB<8Yx^43%OuE8CZ>p82l5nu=zH+BJU#=zNiXyie_g zD-&weLbc&mCs@+XM6(#h7u{DG-r!HEUsSh1@nSX6cqn1lXx7H0v}Y<}MR6daZhPmi zfDoF>T1Y&`fu+WQ7LdzMRM5QP7O7Kt?lU5#$0oc5k6NSBT^~XT9zHFHZ&V^W+es-k zhuz4Q&evl4c|c$IuA%R7kQqO(q#nhR@> z%>B_<3xQ`K^M`>h7fk~j-|TpI(2X*gBbJX9q! zdl9nR)LWEqx;D3%WTM*NU14iQVYR|f3`U>hhkhJ&I|gxwgBCR3>)f5YiBYC?rkkOT z7rpzj^#_n52i9Nq*oj7)VK#?_XrvzkK$WkaOSBD7dEb&sb44uyNfgg0@KXftKl zV)TO2gt z8eGwG;hMVRTGWEt5#+O^fT_zEv6Q&cF3RGMSc1+Is1(qtbjQq%0F%(rpK5&H2x-@( zsU&32iCRm_xDhw#8laf%T*$*I{Ota}+k(uD|+8a3y=Y zdeEV5BGLUMW$(U!{k`qzqRG%)*twtFpww3W5dxzDwS$kB%+FD6zS8I*P%k+AhK?-$ zeM403TLxwU#ReRO^qNe+yyOs!;kN+rUpjjTu(f_u)jgrP(oLR61P~nMPM1YoM4=5J z5bjDEvG=E0P-bg;@v_W#nup7Bv1s~jNaLf4fz$cIzB`wNwU4j>LAvUdn&`@&{_hp> zKb;zf1SJqPSuiXX60$3QRnTa@Q*|8_YC=<}@*UwC!U!hIfzaP_8LT7eGzO}gL{~)m z>@9)9(gNnj{*E-xkOPlD01GLGDbhoq9+53fcqJJxcmNyXT)7N21Luv14A%5Z9x4zo zm)Ad0;18g}Hdeb)`5LRQo#^A$hnBti{6Y@UFTSTRm7U%j@Wc3%$H74LNqG% zUikKli+upy`~aQRR)tqp*8)pHqXRZkQ6Qb?f$GsOvGv}$HM=eJ<&qJ)T5Q^+pKpV} z7%^{$XliVPr?}giU8@m&3w+Tmw7O}=^FOt_{y0d;#7#9D(U$IWlQQoikFXu+D|DR_ zqM;+@GBc141$|MN(PCopNPw_#ZauWE9w3(P?aJBc8<&jWk0bqHf6>t9G&Le!&%>EO zQ$Z*_9uJ2ODhPskHEPN4Tn^Ls@O`fMR2iM-7W2mGxy-|RqQM)8c{K;u zDd*SVVz%M!QqJ!><+^jp;UN0svOfzJW;*bxlz-8jJpiz7H-79SlZUQdjle3VPYT&( z6If{b#%3o_p{`%RZxx1rDtc-_m$+wV8gnVMCZAbPQY!Y2j%6w9ZYLJ?XSQ|J-fjc2 zzPofwEE_OOGV)m89Yon`P@@+9#GnD%n;U5f^MkRur-ZQT?Q#SHkTh7E-Rp$OG)WuDHK8Jp zu+vQvj1D@rGiP|u9=p++H{u}!zm-yJz!tTFKOO4b%-+euV2}4R`PfMob-{QD2A2X- zrU>&@&`gD?%JN|p1{g8KP-8-&e)v5PD)tvD4Qgv1p^aDPG3M`}QupA*)X6Bn!S3l5 z{B|GZnDF^ydsYbdw^{b+xxz}`>_ivG69HVkOQJsjT3hC`RIwXP0ZvmLM&C_b0JjPr z5`oV)?=wCQuB#cs(mXs%tisXfdGlksHt#G!f027HI?A@WgM7XqF-5`d0tyc)sqtNm z(9oncnshwc>!X6Y%u8#7HFUOd*%KDhH)*ygSaYYp)DPIRc$!I;%*$n5*38Gk3n5l? z{R@Yrc(&B0C*6*R-%PsDNBvNaD8|~wPihgtk9u}3*~)YgKo86-`r4F1`I`4}}jC%+uNf~ujvW!>)H3)r#E+exDI{lQsQJJkFf$Tvrt`<=Fp@i-zNj^uHV z#*^`hXsr%N<^<9wpSh_tm(fYvwCLa}75_emqX$2w;G@2uzQkGfs{`cU@i?9w2~|Nh zh4B3ZfS{`{qn*OOe*ZvGj;2Szs$m+F|1VUW%id#TNfj+B64GGBKdvdPk|!2FGkzmJIZKs?ZR%T zVUgz+!(hEPJgfl6NY?}%P3PDD#ok*7#nE+pqXRR*;Dg)X?h<5hm*8%}2~L8$yIXJq z!QCZDaM$2Y5-dmp!65|8o#%PaJ@q|#Pu+9wKexWG>JDAC>F(XTe`{^&-o4lQt#=zz zd#~6=zMw9qbC<;PR)Z9b6m0;u=d7 zQNun!LF*XuT^Q113*sn{UsnG0aEFI!I z?=31){fi+U_*nh))=s3h>Q~y_&|I2_$y*W=Ep|NfHsM%yn6%jFq zkT$x;uF@SUGT3tN!%jlYjpAW7nd{1p|2_hkoV>oT*+KM8eY#4VzP@olw?@dVK^R3d zeLs`JaJ%kukBhrK*6t~L)dtY%2G>Et&W2poi*cZQY-RpKceII&Kg#7b+6ODG{~73Rw>`&hS}b)MI7sEl_+ZeWQY`o1`@EWM-CWGBfoe& zvkYq>YeX8bobC?&(C8&$d7DH%_oznbH zuGeP;Mfl=JyR22mbYR5f$n>Mnn&;eT*kRs?;5gi^#HLNuigT5<4Ly?s>VUYu;4H)3 z<8j3Pt~8*VVNfQKR>!SjbWwOjuu;W8dve~GW$(Phb#L;_sKfPvfXdWpo~n0dnQjT> zrn1{(0Y029;%~%Gp(c^(JU8MDi8OLjtdVj4oB-K%-LEXmdlA7ayC4Izx7W;Z{XgEh|JZ6o0Zfh79}5~Rj0X>GY5I6mew_dhd^-b zHNA%TF)YlFV+?(UEYcScZnEm7X>~f8c8x)Dyx&N?kyBW>Wc3u`eBUe{xKU!RDV7cq zN;(k!F)5xH%{SfDx&;>@$ZUH}X^!b1Y1!q2V{`hTqoS~X;F{hn+e+(6^Aqfc_};py|dPwHNky~DBZW|YAMQI5W9w~ zk7fPuTu9UrKMKn8HQ+ncFQ!VJw@vW6QN#`9@YnAP6@M9O6NviGA2-~N%Dk2B`(e9O ze~VYkbi2Ra>HNHE1Y~{fY^lh78JV(>6;vJif--d=twg!}HR@|8F_J1$Z_@G2BTVR^ zLY}Du*(q;~(@ZsmXm4gnZS9hnhUm-+X=mo0++5q))|p=wuQWv^c6n2hNiF)XxGxz9 z3TIfo{rjrkNm*-g9F~zUUuYZxgt&uv zzVc;Ysa~v2ZSJdM7S9tu{VJ?no;8+7cbNjeNobSGd>u+ye$ziIU;R`jq`&6BAiF=u zhVJ}82ImBnB8#-(L8% z(dQxK9^!kBqHnR$=cFlrA24?EXaC+`EQM-Ikp8l4t(>koGIp+z9nwkE!E=P;5!Z_j zG@LSMnravsB=QGTtUA0hZ(%OLG}mq*dNG_rpJi)^)M2gK@J$bkxa&3(cUHAwTo&E% zXbU&J%E72nMmxgLGOS2G6zD7K-pZ(V#M;`tu023JYjk@<##eQ`G|0r*QmWhL@XGXt zcs~HyWPQ^vvOst0{bTmQ<_URN=Dxb}7b&AY{>;3F`&XQ*n^|Y(E*2vv`PZtszFlW#0B!R^P2XUC>+>pe47GV3zz&PzrS-Rw=gDc#Irj_1s>%14TmES(2Fp zsXU#->&qU(D`zxi(~B4VitP3l0t|qe5~n9e|49&qii<^U%}qG*rW}XAA5Pq0fVAl} zX;?0&X|#b%K~){uuSW&d3)|sX2YjS3s=+}O0oQbr<0I-xQeIZK_t8@`1&=&?lbLY3 zG-YFJW0NmU864@;rBkq@U|nF~?12d)!G}E#oE=#rLpcwM>88qx2}c{zQu0CD&SyCB z(TbPB+Je;Y>x_#fB@PQ82K%b-^?STSKg`&`KE|RQI)9Ku#Cu&+2a<|CC5#jk#qyW90@>G+7n zx3%E&i$H=J66;K%Bqsyiv~~}@`$7Dk3UKC3SLY9VvaVMHtu=&sHf=TYZ{XZC>wO=> z#-l>_T#7x*c}8rB;|?d}mV>KK$pEtrwKsPr8u3CdFCKSWleLQ9X_h2wF1G(V)Y6yL z*nod`x--;OeN)h5sG3pj4W$MZu{*D0lh!lIP-Fc7zIfbox}KbsTGn8d;I)mfFQLIx zK{Q@4e@urwF7mO5@cVS+Pd_k{ZZ%iywhSQd3Y9XivF5le(Uqr3)VNjIx3^UsV8mhU z$v9|pCdpW`wC?d1T6H`*5BGW_G6x0fQcIa*IW=P1hD<2@$eRHxrkU~SA+j8@_(+aK zFipDAfYI$j8zc&V%zHPUnY-=WFVftDIKVPr@SewdC{$#sXM|-xqhP}CWSl?cuBw_k z;(Odfs%t}aka(-^iAez69w{$ebtBT8a?B^qQK!{$UW~D8vB{+hNygn;WY>PrruYLs z2^;QY1qL+UG@yc;dWEC-1qD3T(C{O5GaOoP{UXs-1!xZ3l6)jlGKUDw&OV6 zkqagW(J-BBrE5zCud=%lwA)&c=Se$@ER{afZ;_s3Dk-wU9WOK_b8UYER5b?m_-yWj zEhXv^0Soqubb1U?!b$o}zzol=sI@G4QAIx+QE&Z-pGH}q=IT!MI~6OsSCTr}JnHZ( z4=`CX33B0F_egqax5_UuV~I{(K7R6(XS>efX}139_AEgVt+z|Z245X?t37*e%X7pl zB%!lgxqwKgdpM@{&UaXQXKzzD%P<#l)+*llfO#ZRUsJ*=MaJ<0>cx#O3x*gh1CAfEe-7AysQ{ObTa zrCoO`!F^iI5`rLW03s0Zn4M*HV61v`hUYsMMppU7m_>nhYN(QBL^ANTH)$2RerU$^ zvp@@T{uUn)fYI+;pgE#`R=nJv0?RL}FrMpVc%X$n8ri!1rOOEIs*5)w$2*ZrH(6(; zsC-*{f(Z7b3F&4@Q#_64q+-WdUCeU+8IV=9l+6(NhZZvDsUIIvm)@AZ@|=V>9-US4 zKz#*umAAoJ7KTeVuJHtQC8BP?1XhV42CWaC0Mk@H-#h%PDO29Kd=bc);u>lAO$HV1p_00TL_z1a zX0fFBDMrZ!)Y;A)Z5%KRP_?pmYY)TwNvKkYZdPK=tZLJpcZGut!C}8~{aooc;sRb2 zeVctNhv6?WC$4u?2 zP&#-4KZsu0v;Yd~aewq^gLMcd{I$U!E?Y~fYL}qHEhU|VW=Cnd+mA`V<_?GOl;0z$ ztz9SXUk=KNKck^&p&w$S_$n=@NZej3Z&q*MrM+qy20o$rSy`9RioSb3pRTRPMDb4B zn*QPK;)jKa9iCZE2g1UWKAJ?L(3n-_jtwft8_s11=5&K`8Td>U7N~&)pTA7`P6ve} zOb6ldeaMKPNki>6dlyBM>Md4DpocqKGo5j|5Fz$v-Qs}hEBI-jtFY+$HsTE*l8&ry zc_jcJ*m8@nsELZ;$k|fTmoDIif%_7zDz?_91wjIZ`Anfu=@(iW*u#0RqNx8w1tLtT zv{HvE30M-FdD2WPWmeQ|d>W3p+%db&(8{9kGhfHviw>`c;lF97AA{r5j7>wY6#%`g zF4D~HxCyDjCvRsatppX2ej*7ACeZS5-F^nHRc%A7aLjA})PquCz@_{NUw0V(+JXQ% z1w68a4YULsEsegB`kpHVPJENvg-N)i{WkDY7t zJGESYnHFwyC$n);19(by8bA%E__#>Vn)^K`@AxTN+vw#4N@(HI$a6+;s^rMjfKU|* z2iatTbQMmt5CRf_xJ>i_b`@8Dtn9SFA^rAPdZ}-zaYOhWIdY1{l2Jp=r&T&R#7Q^$ z1oYR0O^hk%;;kGa1Dg>dBc+wkoT6K3$6V(-hunr47QQy6>0ZJt$`M|<+)3zO1TfDB zdU7LGOM)gzh5}AJC>{?qPQUzHvh_mNP-`XX{kMU!j(Niopn75<@8*zbWntB}E+!9* zA`(1QrQ5f0PpUIq)D2NQvJc6hs{NECq%4a#uqo&|`g(WTv@l?n8m-DcC27i?ZR@R{ zYZzg|K>jM;cM*yHe<5n~HH@c99K zpiFvfhA+;(WZ=73I3nD?eW<*BO|dW?s0O^4t?m$Askuos;k4Q#>Rk6L=l3h;p!hN2 zm&CY0{`Vcii4q8HjRNw2iPo$7ndIJd!)#`(bY7P_|7BRdeszY2J<%f4%(gmi+6hT6 zN6h5t{sa}InIAiFHnVS9Fqze`kA3G9%xJ#|K+1-jBAS^9#+axtN2Fu(vvMIBQg-bl zJpUYB^TmVYHX(4;>BTMbRD<3g=~;13c_7+rBDtbrdg!qnLleJnP2wu$DQULka#8&$ zrEGF0VeYgmFMBBbwbO8)KxT!G(qU>;dt&Rp-|}cMpE=4pDPofd3I8=pnfEI*pw8hB zLL?NCfXrv~pUXW`ICiNHttx2O5i@W+3&zC^as7O)4zRvfT}7phJ8{rDjJpvWwxI)w$gN;$I@3fjIisuKbh;*vg@I#)W!U5)kwLv2LqSu%txX*6Wd z4cREiL6rc~Vaz_}I6~%R&9B;W^l5o!F}Qi(AH8`VvNj-<5QG{aOJSWJhH_CYH?MMt z&?Mz@(Pqc=h6WNLqzHiM!ZtbTq~MLHO%s?uI_~SDpd|A=$9KmS=co~JVNn9 z52DQiU>yIeoUi{=PS@zVS^Z?0trw56#P1vXkC?|YSz3y&e#HP^IUk%3;u|k!+WiPU zy+MGqCU`?Ub04*%wP{bDKE5IP=(}>EZXm#U#F^3l_Fm4*_)VahS;;=%&!~0)+Jke! zY+eZ|RadBZ^9$9Yecgx7NX}nOo{al%wB>&O>^8&s095A5EfV=mvj@1$!C5Ah8u6m^ zQMDK^?A-VEtKcmJA9c$10VMlNr{c^ zx_aYc$-Yt2W+69(>FT#dN+7uD;Q}}`hFD7Z=CuhujWM^y8=~QBYMKHt@t1y63H+_Q z&n8hrZ5~6r$P;#o!4On0vWW_^{=hEI2(=Jmdea)|iPg`y%&wjvjX$F06^GIwBxKMI zc=4=l61Ni6dbU>b+Z1K=g<3ZgB%qD9jZEj=(v8qzSIfP4)&=W z6h9ct<|*Jc&z=*+dumhVAFm#<8u9O_lS*y z6V&ssE}6?SbrrFlwd00mO%kvr^%BXkjykRZZq7R?Q=Y$rhCQHyX06ix+T=a%T05sl z-}5Sl0jc?;FX4hL^G$J|?#yP;D?)WK6(hOyK(I0U;Hj_m-D~7=lfY*%(w9@tE)I%_ zY;ptAUq?J4m8}Y2DUH|gmnY2g7<8R=%iL`O{kRtE>*!Ym)+OrL!T$^rC4bBO{jym0(~D zRi@=oJ!{!e#jz)B^yaMvyyWBk&JcU2Rq}9bu^e_IAq30h{_DqKGO$Qg2lpvbWqV-! z9%vf#Ud?L{?h7Qojs1F$CD8BY>>=nVsqxbJ=Tji1IsAyV)6ep)EB`?pQHb{Lu~S}z^uJ46(qt&mChyl<0k z3CJJ#6_IJD-%aI1oUgb+29}NKjV&$I0Se9TTP-{UyQw~KxO3UF=_9|Mr(d>kqaX!a zKsb0YH!{W=U%yzo&fn(+bC4}vhuoaLQQ_p)AWCDXF+a{Aaa(xIdVi%gfQ&#c$MhTE zq>XhppG99doYT9Bn2MP4#XqwOM{_xNE91g(Sa_0dnzWl5rJ$1hVBEK$6~6cj($OoN zV>5rDRrT`mEu1#bt=7KnF&{tvGPs8T5Z9;8VjsqOXQCgB`tAVMgv3W6#^SGiTY0Xv zQ$DN~n-AYLmG9I)u^gB4`2_sXE-h#Dl#+l*oUL7}@MGzH2R9C;CM${ZG=gD*X(Sqg z9GSW6jq>7+vd0vHdL zVf|`K_Q{brsf+9T1V%_$7qVzNuoTGNPXIFjQ0>o*M->Mq}< zvRIYrM^~Si0F{YoTobau1}~CZGy3u0#Rh+u`cXHkji)fyRYa)9dPZd!6-cr^UNh8R zE=8`<$_QIQ-3xABfw=~*IqTvzND+pY1IpwPLYdFd7#%y?L$TG+B12NP zkQU|b=jK9lfuH!X5WmtOA~(r<91tt&5GEMhLom?`x^Id~dsLUDKiJplgZodd_5)z|vCs9K4{ay>b$` zr)DIKM_u@lu)o$Sv6Kocq|_^q%5?6i6Gg?6qbmY6bV=lcj4g$dn7#jE7p9#`0c!0Q zH*w7>3xjJXjWi~EtYumpJ+05?e%4E0@j&SOp=%mKNR(L9@fv^b>i7$RJ)U&>0IeE= zd~2M<;YELB6(RJ@BiJyBxcGN0T(k^|*_e8P@2*3;FndJ%c9q_w!~U;})mm_u=_ zWQ*t6m%^n8l=w7f*~p#~WghMxjY!(M_wmh7s#P10rEL?!(~k4hNfXZ9kAR-Gplyf3$wVj?v})%0m!}ZyUQ~Zz&t_J?8RDBY zS0=+F7%0MgKdr;cTn>=XpDL+qW`3PT?Ey&-sYaXPP)DrT6r55ZWD;3{Y?1QI)N~Rv za*vxn!P%150T@8Ifh+(B001DDGa~>0_WywfBmfbJ3o7Mm|Gl=)xHe1u(J@5*|9ez@ zgUeL|T@6eBea;!^LUo>!zM|g$pt@g5u9u35x%^L{eoL;8T9erO?}fUE*n7nPwOrip_mK?{8t&#+-z*j$5=V45)i&k+7!SN+=-G6;~G!M{+0HHTwp zATT9kixhzY#s8KKe&N}uh|8qNvl+I=!N0a=gCg8BP`Cdo=fB_Of72t=e<@`5qsRg# zY$1_rArY=pk;_Dp-Ty);;^aXLS2QlmcxbX3L@N$*IRv|$B;Fmz;2MV4$UhWYJkFIW zA+m)<+^EEMnE=KK=W0gfqEh67jNxnjGv`GFm!vGrFJwErE-6h6w;* z(op+HnU@pzfDwG)IF&jOCWVc$I|Trav4zZt6i8w;%KkIw43jwkFpI|2I3;p92Q=~-PX23XM z(4ArMA2}}upckt6(kd8K(;~a_B5tE>m%;FBc~ddLZhvTXhWB!m4i^M7lgBW_W=c`x z#Z%vIfvfwa*gnn+ZQ(sUMsQ0a(2pNH)j1To$? zMpFa?0K)Hs6B9~fxDEo&Br&8={(veHA_;R25qUPv)qns-hywwzA;CjzO_OY4sDI`x zh`>J^p+ku0-3CDB&1AqaMj-vwh!3qI@GayFtziD+~6r9p8k{l&+1{WXx9)S&( zl;Jg>;g!bz6KdnM$Y40tMKCd70NzXifEWl45^Nv}urNdH_D=v8)6mobE;nrGc0W}r z23TrbWELHQphnez%!T*QoR^bym!pt{P_UUA1g8&FJOn+*rozPl(4b*x{gD$s0IJfZ zAOZ?yq3Y=P=MfmQK^_S@@q&cl+qhB4Jd6yp}@%>F3ZhB+!l$7&i+4G7)h3 zN3kPNiFjU%1S+^Yz2+4DE(%7 zkmeAuWHhWP7y@r*e`w$$3O-nH!SN3afu+W{nx?>JAL$AP01Zi?KZTkQ8AQbge&nKp zKP(WSO$s2F0TDMue6wiK{O~`8nqfKv;HzWtz6oVYMFn3@v!%+z2Bsj0%3Npgf$N{T zDjou8^f76Uf(FL`jY?dpqf|{ZutqshQ8cgHKXYD0LI#n*@Fwb-gwa1rH2{Q4s6gGM zc>5En5dP5W3>RDh3&DVpJ~o^Lwov%^4=-wh?y`?dGvW`Z|L5#Z@eV3+4JNYfhQlrs zxz0zZwvt2^KyJ)JTg^-0+W;!7tcSn$~_3Z zm}EO2#JCs~;hBUs53;#ULeFQQT%#B~lmF)^=bu9T(Z>Gw+=Ua`q#Es)h#{8g!Z0x#TcTHlyUHc}k9q&_% zq^K+zL)5I)kD|Q-3J8ea| z)lpb|#3vO?3x1i3?MX3(%B*?|=0E|byQ|TE;etc@3)#O=!ExaL{>G&t`5(9t|Hiee zeqxAPJ7R9~MWIY^Z9U%Z4cqvITgi1&wO_G{Fayhj`BtPJD6|O*!}*kZKV!k$F@yCL zlXyr^Mo%z(#^TZ_a`%$}n@W&hTn5D)7WmoLvYD~n>e-7h(T+23ly9MUjdAV_v|G%4 zdUsbraA0sIUpOuVAP|Uz0D!9o;csBvk{ad^mz0pgGb;7Q{<(85v+e(t$rl3W230?a zvV?;yzaHAIlOB;wK4?JpzEKN+jqI}FN)KOTDwe|LrbwM^%?=Jv5-+epwq~!#*4S78~avL>!Jxi^=Kak3+#9_Glg}Iyb&V z>f`sk9IxRfXp$o@EyPB8I#BPg+pONLE#H|fl1XD5zT%^X+&y!<4I6zn+^^#kh-rVd2z;;)@QGt^E=idO=mG8o0YYs)| zdLs--5c^T1hk8o5w$FRJgaS#2p)9D|{EzX}Ccj2f$*;zf@NWd=o@Ldg9-0v{MQ0*; zdUguvPgNFojE;vVY2q=gJ{t*T{xla`FhqxRwyplGCbb8B!cLekVgeu79Jj&>Tp9T+ z@~>L?4T#ANiflqNEH1&hH;XCDp5Nu+LO8a1@*;W3bp38b_#J7la$`>74dp4L?91}D zIoIF-@eJko8T7vIcy(+cMJ+$#K>j?KRQ$rx4kJW(4N&HlR)=5h@Ct_)9S_n}Bpu*M zkZ>xl@8JR zb%<{pI#zOMJvSHX=x<95HfY&I3 zq7>F~3&@uyntSlGq%`im-Cie?VQ9-w-~A0ReM0#e7ZoA{_mpTBD^n1!7ia5({fej8 z)J<$_1zEVWzGIyH&n=h~J2!N%sxv0>`Z6In;KJ|V?=J8g5Rr6X zWi8AB3;Ft$!+e$G{Y>N2+6|nhytjsqi#NbpoQ{yq?0!e2*}!TL%!rfSg`0lbwQ}hK z?+L#FWJFWbEs3`VI^9_(?z+Mh&yIsy12Tw7+!C_o1DX!7d#|IF(gIfm)QM%{ z4*+~u?zv9NHnzzN-F2L9@>d7@d_$ZZQyk4p>KXLnUs$oqn4FA)sS-|7@Ptx&B<-VE4+P;H;{=@#{F-=q&WKMQ%@S2 z!mbdr&jAApJg`$nU}(}2dBM(H^N(cxN>xh1_TfC|2w$7z86a&lZ8LE{3EZm{Pn{bx z%0nwXC|4Pc0xKI(%j>IL`o_L3*NzuCFY9dwoT#q;EfQ25(Px|kF8ho60}*&kL1E6X z_Yone__`=1N0X!)0 zc2ziFZ+t9&h^^;K9FM(+kl81_O5)jluRahC(_Mfm33+}L_LYJBQvYI#kcRv&MJ+$e z@l61SsnY#0cp|bK%NfPr)*Mb#8b$2)GaUFfKxz89Y#NFQewD~i5v#THkhpo$SPvtM z6PcG=mbI2+k&wb4yL=k2*2(C8tSAeRw!g>n*KKi#w^;} z1wS<5M0GD~_;^Cx8MSU*L|WL37FH9>1NM5bj14Ku5JM1(r>xf+I%ig%{*IXNXkc1xGcibkC{DuB1tD#?E>MTW>zLP^n7k z{uH*lFvn^veO}V8NXqEd3iJc7wPb}WF1TMH;$u77B4a$SL0C$3JFY=TFB5G$jq5^k zVGa=rxxSLcatz>-CQKZ8{0;ERk`*fF82U93-Ei`J5vZ5)EjgX^4dC$P(tEfr+Wb=H zi5sDC`MK{qwqbePgbe0uv9+!rEcR_84zzkZ?V_wWzcvN=&eHHd*DF&8k%O){9*rIt z0}*I&4zI@$O(h}ajfGK==Ph4Qpj&EdR>h5&)p17Da3LfV+a z)avnpyWSqE^H{QuS_#Fw$O1)D)38R-<{zQzrbnD)>mND=wxOQhFL1wDZ((mx5tnO_ zyX^)UW!YX=`T{y#+An0THNWxs^1%l4=mg9^sDv#EgcEC^*Tss3+-+Yoq2aaf(V8!~ zqipRtrMXm-i7Ox-sFfRS(BHPbCkiyF!*!>M7NU`H_x3cu?xOKxdb-PQ3Nu+04X+n$ z*bTjvZ(QCbB(md5#2T#Ho=KS9x~Y949$Vm5zs@5`h~^0fv3=dpx1R@#MoNAi66Jvb z9nz_2yoJQ2b_aht3mPNaEu$9H1iKYT+{qpI;WQUd`os(XK#^XW`RV&> zW5!XdiW|7;6rU!BEi|{``{CR5bYD}*Cx}>sxhn`LJ)(m{ge&x5E+o-x|LJGpvDpgb z2)^Vc1JzJ-oDS-6kp@WaJ#G0uE+BoCmO!pvKtq*){*dAnX|B_F3{8f3eNydk92;fm zzXPJX02kj<%5kf+1@YF~xw!(OG&2w5cte$bge7uYFQqYDgnf zrOx;hQCayj{aS(voy#dUtVjTaRa&~u@wSi7jC!SuB$2!RUgIl!oimh?88<0R(VjqB4ljO*iQ!84A`*?UT5b> zY=28PhF?>8v`Mj0<%Q#=a#Thg7Q9se92>Y#E2sjh$HkdSw6*2R*L!>Rw`e6Zg!&PB zThZ$1&=4=wohk3|6i5WIH4pd`)QG%T1PWtqE~O^ zd{CC$D;@H=PTcV;J*jUU7R88+X06ap5(2o<9$1_*^eU#c+SY`~=&#yv^!~`PC`wqp z&7~4}LFtZ^kod*VlCKdpruj6FTa=S;R_MV0&U=t=mF;dj)`)2!L0C|LDAzx+x2A4a9L|9Q#bAKvwX!H~#H+5J&cP%F!IT<1@reGqWTw2-x>qgiUWeAu zstDj}KUMeOv5#1`=2@Nz^Sg-nS$s7H0h?Km3#t+EQ)E}SntHGe30VtT93%P$zmI+X z2}wL+ayCv0mcU`xt2gYX8GQWb2w(dnLg=3dilVH*Bn3-mU;QZ9`r`5Y7v_Qjn-KW@o4-lpM&yJZ0g z!~9G+e*=bvgI8Hlv>#{Upvrj-;Uc5rz^BVI@zei0p?$irr(zd98uK&TxaU>HTX5f2 z&^$yJIUn_xY)Zr5lIY>E`?#v_-I5gL=H0Iz555kz$t^@rUuXhdJVSiCR29Toy;b`5 z!77~GjO{Z0OY72WFwyX!La>O4Hr4Ijc2)A%a#EnkodF$@{M`*^yNLx@=cK`}T?U6d zW@Xj}oN?5RaGq$c`m(bE*=JYHvFC$&{4VaKQkzW*3XU)_hK*JoB*NN)r|S?cd8>Z)?>27K?v@QvqlyX+Hf z%MXDEJ-DU(`Tvx97khO^MU-zK)4oP&RomYF^;ju$I~=Es1z^0mlidpB=@ch1&X2E~ z8PT)ZWoQJGb5EwD5zvQR@Q&UQtf1 zf%45OmV#4BR&xu`g~jvfGef&Bmq`5luQs#*raaVxU>aiu?+KP~UqA&v#7>vVfc-x$ zgr{><-PF%~!_|%ZsO~w8w@k4Agly&cmn_6FV~@^WZ@=YusOL}K>xs7p`Zd18Lb8&2 zJj0)Q9-!0lYxAeL@YBIT(5Hvf`}{okl;N`XL_F{5>$vi)R0KJ-EMO?eDn$V<8AWD5c6qNd7Gwa< z8J)wlfGbc6OCa=dkQB8mh=|b;PSvs=^q%Xn52|H34WdqL+h9j}hvtshA_|{n7z{-( zns*E3^}N-M4E?1_ENKy1w3*ECu3gZZeQ5PE=hTc;{gZ>dKCX?TI#&v>@ZdZ6QgFEJ zJl!pDtpctFh@)>@-@qz|-)e;1gXmO5h~J|mY53+D?&S;(YXkj89ao9A%s?xZ`Y3Ew zVSv(p@0?t-uezmXT5m@4WnbuY=}Y@tqS~p9>%b?v&RdVh<{O-*ADgK`N2AKv1S#eP z&pLWx6+RiB2rCE0H0NRD@3J&Oz! zXodw`o>F9jIW(?}9(wO*CgJ?s@N|SlUDh<0)E6P!DaT#|sN}qspbqc~{SDCn z4OlJ4w$C(iiB|nak2<_vwq7_3DsK(QwRsAlQ6AETzI zXr|#1{|3~6jS_g%Woz0ou%EZkz+JSCutcquvp*iRP*?9V+it3zeN<+ku}8`4>4`~Q zIPcCLJk9qW*NVn|Nkke&H{n_LFO>xJa65iWhx%6Y^(INE{cv`>w>jt}`StqK)_w1E zAZ6!W8p*B6W^of*85pN?$K`-Blm<>V=oUp{7-3+AcRzM85F^CQ_v3Ac!c8#62h0_5 zQ<-2C6;zG$hlXsab$0|Tzg;&{oMc?N^Xb<+s3ktCJzUFIw9;KUH$x5^>%5}wZU><4 zz<9C|G_f`MV5}j~_K#_?`K&`eo!hLPX1jge%(6`H1vH@KQmPLyNA!+fn6tISl)d zek{EaF@tm#{gj<)uXJ9xQCjt8k^3W*%C9|5Yx~L^WFP8nP1AjHdP(o(ghb`d+ikV- z?ZL^~`TpPw&x5IFQ2y=}^kBd1?$4IycJ>sc8TNNK^GRuOm*w_HGS{;|1&!C`<#H<4 zuUs+0KDuI32>cu~m$fAbo94+>kL~K(j<@u#hkLgV0-Yq%D0A&!dT6Bkp3aK;G}1!j zZB#5ZR}mS8UJJgozt;FZvOX3PewWoK`CcdRwk^39gmi2fYR1DwZ?Gw+-B%ge$T5LE zJ55=*i&0|MXZWlqDW00#CEQW96NBG^w!e{)HdZgc_i;GIz#N$~7`y!6q{{wPFBY7? zzIAXjGvoQ};&Vs;Pxx0^@%+Vtzq*QXG%e))aAZEo6!x}9HA%f-JzW5QS(MzC`(ZRr zvNb zkd0Z!1xUnm4yWqA%g8euehG;Ws9oLfH)#t>dbrjO_o$ey0u^r)VTvg=oakJa4==TY zBa``VvYLgW$@8tS{4G|jMj|w#m3sZT`>2q_lGt?XGL?)w$;MF=^+RZ*z9hE_^*J@p zfXmY3;BkzrgLdtz`;b>2#u#O~{3?OdcHPvD1<~gw!aMdE3BLMdIbT#@QFV*-6IwiZ zEE{+)I;8fHS?G(Zsz2-aUpt~6+MFtYJeLFte#qVTOg9bAyD7Bfe zT&(c!k`n8?m$fe>TC+PSJGCNm`Jo#zHQEZL^y~#oW?dbL!=E9E*Uk<^E6T6;Z!QV?dMe^q~PL<4@$|&`j&f3QTWnD z&Lza#M0}c0CuQaS%-ivX$SKtanDGFl3GH2Pb#iQoiw!IR+*6)z4RW1F11A%Fv5la>70Fu@ z8g@Zwjh~e!tyWc~o~uhdUnp~|s6br)c)wf3OMvVK-jt6w2l&!Xv!DZ*az$PS5!0L) zC6n8wj!QErV^^^vI9OjQBhh`ABP%B+PqssLFFmpDjHky}x$qfmE8v4NG`<{ZRU}K$ zcC+br`V5k5Ii#b~8$<#2 zWLwW(APF%I&FM10zk|JR_OBz|Vk;X)t)QV0SKIY_7PTpM{w-iIYPKwp_0eXhcNv~o zP|jjfJeVN>P5!e>asjB%j&PnD>_4~G4TI!OZ$V%P-25K(j&g`fOYsX9yl}bkwkpH$ zxsG!01*tn7TPzGr-%MA`0#>Y=Z!0Vi#B^VCl4+LmdiGa6e7TF@S;F9P15_|H%H1R3 zWrVIXm?JSrb%4AnEcTjHArnnQA;5&;bwn){7c60wQS;sA)n z?qCxYsRiI0`kp#I9b;5RexvNgn3yb8#`7L=^|6OTkPIW1+twrXLd$}`8Fx|AL(|2) zGnms_BrrHQqy=Aswp>sM9l(b%Tc_K#MmT>x1^5+aT7KT0#nTj2wKz`;+UyWN^FH4l zO@dM!e+6I>lD!{=N8^y(0KQGXk`haQ;OXvJGud>kcWTvZ+hE=Jk^bXm;^yAcc|<1J z7r;4F6l}mG1AgAKB8SU;PLmd<>by%V2@o~wUB-VqIsA#mW3N4>ECn%~&mZF*+*y!J zsuGMGO)TI$m%tRJoYh<`yN8tTSa67*WKjlv71&N~O=rPm>$T8U;DKpQWgD^*7xq$v z-dVDI#F3JCPzI+zX1GB2jc=iSfU6xS5u(0y%9kj;E+p#=L3RG%nix7j#@Ko(dE(Vy zL9!V*0wyQq^ zVJ(uAz@m^^%_G#C7P0*LQcYWq9IxCTcYjeq67r?&x(ojNKha)iDG|CInF2PZtq4S- z>$-Oaxa?vJdHcFX$y>Yf$Yd2!{Sb(Ju3d3em`{8embtOZ+4dhVMgcuM_x@Hlw-ejb zyiv`hz$41_Yk&He>oFX#dJJ>{7Q|`=dNjY9((txC|T59;9xecmri0%=nI8&Y3L+B zKss|5gCY41+-a@{5*}^_d$~-bytPJ3(L{D71+>R8$G!d*HqGP-#U;JW#i-z5Yofp3 z(yEcr>dNWAljYS3TiJw`)Nd(@ zNwV4$g`4=nGb($I(duZ?VLoFu@d-?;sw(H9#Au=5PNa7nwy638JG@3(X4puX1hbn) z&X|%o8W5-3(Tvt(QeNs#w@CM}&x^TJg{j@QW+-pa@XswNxJ+Wvm}Ml}ZePCC*dO`~ z_Lu-~&l2E847e+Wf9h~*ND-raQ06l04@1TvCYkiCyo#9o3CfjGb| z=dJ@F=M@L{^Gj-GCz7`DsrgEZ+MIGC*!Ow39p*|ijQv)#>f(TfIt~-_ihFP*%Olj_ z3$l`oEI%g2en3hzQut~-1Cw^Ajup}|>#D}_Ts<<5DILCZ;xn|0?&~`RRRe|zF(z?k zb9XKoAE@lC_JCoOCo#$?8oK4C`Jv^pD6T84wDn7!o=K86hADuuM{OHcy^OrJf)K43 zY6%V_c^~WuGGg@*qD`hPQvHaQToytUH#-4Z9FIJ_+zNLd&T&xcB#Qhar5Ax1DSo% zC%#mI-7&y@M!_MHyHY9(mzoyM6XN0iO2uA?UFkzer+ zTphWFb?Bq6;XMyiVin~t>C-5$zclyS=zaa~2b$5U3s_U0ceeFMiOeb7#fh)aLzgk< z#MGsj?~Ewl@Ow;CDElJKF5Y+2h6W(V-n&6HLN~_X!DdJBzv@STFEk~UD=IXaNe#gt z)V7vsO}am*!qVS>r&9lg7B$7cG zvdOi;<>kj@hA~v)4G@8&xobTrtRdu4P7L+D-R+Lu3hT2T!D~A&jw^NZzl_kR^ztq% zT#5CQh^G&qwYrx(A9x$=#Qy9dGbxH)?=x6p)>pm#+h0tiec#eSuVJv8)N)>V9m%20 zGJITwg7SxJqA$i0lwC1aK)Yg*%8 z_72Ejem`{3-x;Y$+x@(Qw<7E2#K&wYlJ7$W*Gj`}#bP4HjBX!|FNDV?$bv?hv4(vD zcfxuyO3ETThap?>3xQa_UGt)*U4%cw@Cq1#?a2~P6a91?uR7ypnsaAv3|TqiqK<_) zl#ToBK!x+oVLVJCN4Y{Zxk$z&f4g8eJxf$Zg85Q)Xb5>9i;o{C zkEU2BkqD*39Z{eMlnJRhCZZ!O6{zWVGTvo~2p*X4S(%iRl2EG8y&VclLCKZNVKNr3 zHHsoaX@}$IFobJTl>`%bmte=WzEw%%7qZBdoAtcaGUp(@7OdN}FJJ->htq%-e0H*a z8^jf2N>^L(P|c#1R6UGpg_@7>i7ei)WUWcWkqoJIM*rw_1Dx-+B=z!Y(PaK!g=8BG zRnn-_S(u5taamx9jv-fr}CWQIoU{vba7` zDH^ul1c8~Qo5b@ygj?uEd;%)D-!ALN*3l45M9QJbI8aasdr(%);JxCC2wl{=rqwI( znmPu0O7As*OG1kkEODP#`9#v|MXd^2b>l6*Z=+xh4r+S0(OgDcsfdIQ5eli`?a%ec zd>Mgx{I(zag-aM%EpZda3`~0?ZCl{yDK%t3jVv%<0uNX%tM@ZMvP!_{348y$7&VjG z_?N^yve5SkA|_Denh9$JKI&;9bA3xI0-h4S*ocbQR}^Oc7}@O5=wR zgpf+{6GodH6>RIy^}zN3PE0yKn?1^%`x;n=*t_!<&&}Z-y9Qagn`wlKUN7D+M{3|V zD#`aeo4fNw1v((*KJm)2xXFgeo_rs)%mF||a=xEG)8shD zv$0oG@delvoE5vTQyLW!@rAC==k-Nlx)hf?6Zp2YDPa}e?ZAx%ie?h*)wfS=d`@!R z|F}5ICfzjnw%euK*&+rsb^KS1e~7OwZK@?ySQSGG`<^gkTs4m0L)oj244y$7yPfGV zkQ51W!na$@)}!|_9<93m6KhGbuw(FPJ`e6mow6=RefiaGVb%HWnY#>TzeZ|Fv6HY( zi+L*Un%tZ678#75W_@~-w;R+sfVj&gAils z^aOhq*>O2@BD%vA7X68_=~AQRgEQls+$yj|Fu8v&5AVK)3{bv99|ZJ{7NMTWTDA>U z)f%|?tPeLH?E3p zCF}D}{&-s)ye(e}aZNcXg+n5N4+!ET5E|dWXPBkxMm{0zt+CYMyZumRj(EcvZL_dT z#9G`plw)?>rPBrH6H=TFuw=&!9yl3-kYS8I%|2r3^B}~pbO{dtQKNhxz=itZ+|H!2 z7K%UZ^rQdH>&a58#6_rj9-(J^mN3%AT1+q?<))wtQZv~TrcOfn?LKpbk)j7Yll4qx zYYa1UUHoOnv-<{EvJULS#cKWlCP(3#4-_{C>hO z{DZMXTKz9K2F2fWO=ZYU551n8V+W)m{*$O)h5#-0LkrGmQDb{CnINB-M3d4Ph?%9V z@g!97jQgD=?PIx;E?_%i`QRz^(_c28BKHgB!Jx6zWY9-4U1FSozJc zY(=#9V9D~h`yVXg%J95Xb+RLMtMH&7XdD%9g;0I1F>WqndW;4>Q?3o!EG!&z{QaHv zHaB!F{>b2m{4)v4NG$SSmz~HNp#EhtW~^MO8!1!kBrW(^S3!~g#c(B$BA2eVVaCJA zArWWSGv@n@PzPGQ(V>S|X;L^5h2U5Hgl=)0H&R!+!538UbX*Iy!;oNt>LNMn&zdSF z2qtsxBDk(*$8BG292AcV4KWfu94>Yxs>kRZcX7U*Nn&W|QBEf;p0|k!Bvc8;@uqo=J+u8XY7PlFuXq z{{h0-+>X;zPd*xpoY}D*7MxM;qMgSzMaKFQP|f|CXD|9m1(QHQ0jT|}Fk5hwxT-ec zIx*?Q=J#TZ^G^Dmn&$0u`q513SK4f_#pqjB)dg^cq1#7Dt&*BLjA_Lioe(>>UbQt4 zvQY5WiFCwwY@B@&c*R3~0T2DWiTPTcy$(rtV}7 zw^A&^e8~xl7U#j$(5jLk?Cmay4MMJrkO@q>8f>IZ>tt&T)sjjRBNMY_<*Mmgo;Mvi z!sc>)6QOXzy#yphwQw?ZcOg3TmBf0CiOp$MRS;pRI^s_bTg~xHpC6k+s&JPwBf%&d zmL3Ak!uRb6*}D5Z9usE-)aE%chW|B(K4umpaGD;5{3eqs_}&=UfvkSKC682(fuNY6 zQ3{5A@zgYNjk_$}!a?S=CDG=eCSWSl+%Fdm#G_LvMA`eS4abAO?DfW4h-+~=`xPEL0FM<=k$V8{{tlMGvk#I zMob`LEgKtacc01WigBN|G~G1xytXkdi}x@#u-S#ifs{9>uoPmMuiH?NOr>Gh?NCFd z5~gO(E`p~%!XKE1o>|{x`G!TxCFH=VN_k6EWUDRF-;!7($FX~xm`Ne(5Mcl7Ej)^g zfe@`|P3UygbS**OJ9iomOU2ET-2fz%IB=~LaeW)%xc8gP!duX=B<&Opz?5!NVYy&8 z?-iQx^1wAABH#HHI?Yb7>Q(+Uvs%N>UEgmdadj{5X)Kv|E6l&`N8rU;SqohLCgBoE zH_Pka8|QN39av5!#p}Z;uotw)I>!Qlh zMV5N^OII{NV4<(glY=s%NIUBr8lurW$7j2b2(@Gb$GH$@oOY@aGYS!41x0~T^GXwO zzuF8UHL(_0Jj0eVc%ddD=e2S*nm?Q!w)+$cnocw3mxj-1Sc-Ef?p|zo4*vpiklgU{ zTX$?fC$Q)b#G{>;km0eK&;)wUXaMt45lM{e9HET`ysUi@yi`VL62&A6OX z#E{>*T{FsAtZj)QokYTm%-IV1y@Jgp*_2Q@|FQeW)BBFHIn-~;M=Yl*XsufM&a49a z4J=%%Jv7TE-@NjhRcNcPZ1e8Af*rPrKhw-f*lE8h`c%l;5CQ)W@E_n7#2bCYM_3(- z)PQpyAisuB2)g3f8q0+s(eOcrTGD*3kwMy1U)yC4c=YiIwr~0T_Ijx~Q68ejK)A{+ zzUqvC-!LGxwjV7k0O<^GWyVaRG!8ZRaQrODTErSjGU;PKs-)ifB?+ycb0oe)w>YEM zC_T#@6AT;e4npeSBNnku*AyO$Ojrm#>A+gjVO}hnb&h$xlE$h{Jt%q^){U=avKv{< zL6 zjQCq3bGgXl#TK5?`fhPi8NO`E1>j?WE0{R*;J1E5ci`%Qw#Q(%+Hzh^aE$N_$*ABo zz%k!{^2hcV$*_@MR)wVHOS3sUKEh=<51v6>l?0H^1A;r+QSz@-DePz_qBFHZ7~k&B zDG|1O8y2y=!Ub?diQaSL&V}lQ$>cYlMqOJIk`e{GGoSv04;3+kN-CUI!24U&D5otc z4y(vOUDfXFT5}fbRHhH>mokh>GPc7BIjQfxxIz!cy;(1kV(7;VO3D3M_7i=d19&uE zEeHdJ4Ez7Ogf2?aPUq)E_9a+rtdY+2+us90V{IO4q_pv8yE1Xb9PwzuO~%7VYEl={ zpKK?d#Q!A`@6@Eu3-Ke)3K1IBy8uE=0JLk_GJnsR7kJ-qT;+&>~Iq zg`AN{+7}HJsy)7*Oo!?qA(b&bq)xF?S1qLHk=8G0YIGMo{`@`dt{|6dy!nHA04Rxd zz!R3iY9H&yhyar5+nDXoTQN7MrRMVWShi_8qZ)9#B{fD}Sw-IiYCrPHy9zaCNJy%7 z>kiT3)AD$(5E4Rx6qm4XtI(QNR6i`DC~i%8v27LpsgI6ArdWTDFpW5*+Lpch>%)Ij zE$f1d+M?UZ)SZz4Iy1M0#!1of8s{cENCN~o+=IzB0(`G~5A^y25YMU2!I%gjlgu85 zV*%^_C`h6%$3|ZGsQta1)MoiCX-l66kv!_WTet=w@ks67s_mW!9wh-%gNj;<`brf= zA(b=Z#y_JcDe`>r=i%159y_n2%_vlgd0&&0BW{6j`f}^#7zGRC_DSCdPAB_8T{(U{ zO+?B%QlDM0q*GLB4WowF+_{U$I7>zePtFEqwSGtE20zCIdrYSlV0ykUuAy+>NA|5Y zfe=TyIO6PKfqmJ&!Z)*}st!%NIKqf0>4uElJLrsqtk@~4)7xH+!-sv9El_HA$|R2M zpO8u|z3GBM((A++Q)C=Q;(kdDz0bbLW| zSwGd-WR@u{t|K>F%>|N!vvy6Orgj`xkrH@>=OV_We4cO~I-N2vs(!0*P8p5Xp)%iy zP-}?{v=#F`0W`0U$vr;S`YIjKA#5>9F3k37G>g^hzaEt}DRC^zAkm+2I9oiJ10ynJG!UE7_$)Tw*{2e{{7wQ$b|-Rxv*0c|y#S zx+J@qvJ;B|clJ{4;ID#w*7DxPAOkb!t!Iab${z(DH61)nG(xP&(0`M{ESH1Bert+gQu2Z`YC!OikANNUeZkCvabzAp*9v@$u=LN}RZ zwAQqH#*YJXK-69YA?}PD@~yguCoz$e$ldWuU z&ff)IC#PW17r;pFc-|B+O=1zeD|i%Mk|ZtzxHz%IkY;MiS77VL==XaIfp_258We3s z=Oy(HG`8ti*9CR%@>Vq;W0A3mT^9@qc4r_t)buEchgEztd4J`%rHE4hR2z}Km3(IfT|UZR6NL{g|*Ox z{E#d>vb+Mumu98M|Ld^xy{L@EfgsWA+9yf!hJAv_oDFd8FF)T}hGSVWuG&=N^A&xV zxOq0lG6|)1jc3D+cQ;Fb`Tg7}Vc$vqBj#6dbd!7~g(ot~LJiQY)DdfDC-{8HWR48} z5|mYq51dM0jEbdI3YK}c>XJp*A#VQ<;3R~Q2UnkLO}z4gcd#p8bp|1g%(!1kyx@L? zv4Lym(JgO2x0LTtZ@R&TP>KliVpotw(luYNoJh4RWHSZBL$3UaG4z4`k2%xCV&3@W zU&{zcig=7%_a!#hJ6)D<7}0TX)NfxJEB!#!=J`m9@kwBCY)eIg@w2%a2Hn@Y#OrLN zV=t#ZImKv}%y&*7X6$YDko@hp{`v)bn*9d=rq5vh#P0-JTxZZ^>i@a^&?q+#yWU;MhCYDKHw5LJ^^_z2G9na3>U;thr)EM zzLa|!c?;Z>yqg{UTDx0!>bS4ghFH369E2@IP%Y>zdwqEJ9(iqW>Gb(qbIKrvYQuZ$ zNdh8deeiAfR3^Z)(N1Az-GjEhkS$~k7GO+vOheq7_$t{h-<+I*x`R8XYPA*O28%7p z4YkyYJ^V+4zO-XeP_$*@WMtb*i@fj2O=l$&x!gzk4^Wtfb?DWz?30m5KfOklMMjNSQ0>%U zB+m-#z#sM4@+tPr^Bx@^u4f2jUW@>}J0r_{2LlR4!fsFi7<+e|&+!;naD=vEYfv<$b5M7@v4&=&U3t6m8Vr^GI^( z;$t?DPwX}Qp$F;@4(r;g?S zUZD6CBay>(#>&*!OIsphV=+D=Kiq#LkrHMrP2+~(Z_ZH69m3F{9A0*TVy4nQZMi-F zi;tq2B@h@~mjNa5bvyI{yX%hBamKY;zqDAOPJ4eKiD;)O)0|CEWY@CqAA=_`^ ~AV zYvqbRGEIM@!Y|L4cY~-lI5l}#{w1sAqSE12dtLLY3)cpxF@m++JnxW?{I=vNqyVnL zt0FyK#yaDJhR6K)DA`jklFKi+{3*&{}b6 z-Ca2&NY@~=N%$Xu0xcoihukT6u-LI*TkgM1>_GOCUQCl#w4tl|VLm%SXtn6YRlOZ2 zh!`P$ZMy)$o7}!@uF7f8$e=6$nBi~(UlV?pdDh z{&e1e$eFT+S0n4djprQ<0q|y8)5il6S-mcI>UMd#9?F_pm=&o(Ehn;`|4lUYE5>5$ zcVDbMEel_`oqj^Ci-7p>+&VV)r!ZAl3M^q za~An*h4rE|_x^Dm-S;nitFU+TO1s^!9VBKP4xG8kH}!NSao~*?%7S*gJ%{=A1~)Qe zv9w=i678@RL*M>6xW2p9<2`oz76d! z`!`P_|Ke6+%Z!_ISZ)$yjuqFOI?5?8BtXS=OJboINQtvFOne=zS_58)|b2#zIxnes`rfe z9#ByXMdW$>*)g(GqQG~a-pgV+z&sEXyZ!=e`M~U(Gm&s!d;n`n_|ZM2W)v}qncscr zFkAU`lkJUOPSO(@)~O443ApFWc*WFFdE8;S66CrswsF1vmKo`@z_#F$HkpH==1&3> zV-vly^zM~L+lhNWFiunF=9!x7O+>D}eczG)T~^3yBr1UwUVy-o-RIU3GS*NMm!cL`XjXEako3S-ZsJEwti+^>ERx}tkFKOmdu6Z}E3H)JfWOjDpFGhO>F^G5JyR?}${}xZu7d}2pDj0Fw zz`GzwKW#9d=KXexeMBa)MFWpgs|%}lxE=pmr38%=p0Q=F!hgV8RLP=&{=2$Wlkdu{ zFn>T*Un=OD!7;Mok|$1R{yA+@x|p{gMGD0}QP1-^c;cRj#kAZ%L;Ur~R_RN^{Kk5> zkECz>z@z#-oLhbOtvWJ2^q^Bv=BR~A%^j_cxNWrkYPGwQ%Wj+b`o;L-H@;HU_cieV z>-1R<3-LeRTrO@?O;O~SHGPc+iOd&>lbJuyJRx%KYJBNnl$1A=K1jLXrYyWwnFn_} z-!TcvZR?P%=9xOmUmwSjQ&>3Z`MC&{^57Vm0#<>;M|rrUl2?II{YV;->>tTFNSw^i zkS*eDSP6w$d1h84cRKJ2O>!vz6u8~CN}zkkox+uZC64d8o_r+XuI=r%6+~UBqOG1(JjM}8%zxj&mvw9UG1la;@0=jfBhowvC2BB1ooQ8UI0vLGNS_J4q7 z1|bMslVH2z+`7=l1twkT@$fM88|6Ax_c`!Ti00zJO}(5%wi0S7){*%BTnMPRXe;mc zFht2Ug?530RN}PuFt{X`N=p&fC7^u-%23=oFby#nnY>Y~jiPd$vf$tHs!V%hhtmAq_80QGH z)1=7OSr=51JUe~WTC$^g#fCH%D*}K3g-7^5e~6bN2`YAEmc8@CFf2#kYT`B2Y7i31 zv3!ejc%3Ab;>?j;gkyY!TAgF|9xSgHgEEdLAY>X1_6w^fQ;WU}V=9X-q*(uXUUWBg z(MMhK?%4)sqhGzIpCHC7UUVuEfZKoZeS_kU*8=NjnUVd~do85y9&TGdDxslrtoa*+ z&`KZD#_==GNLU``iGk*2eJ>MVzHk2r$YTn#U`79S67y9MzsbA( zt265Lm_lSoJ%_=zJdn@)9x+_LQmx~`X>j=;V8-D}$QU)krMd5CC0$jb@{S_W8?cB7KPZg{^!>zZNL{)$*0T{ zjGG+peidRFPqHCp<38d%wcYkKX#1QD-FwWvs$6KJ%#GJqI{~iz3OIUxildIqhN&AM z_oxXlv)E63(uVznPdkvSWM#pqJ$u5!Sop}cs%TR2q4v9V^Oogq~f3*p1hw6gzZ zIF+FC?0)%;Nrdhi2Ya*}sLd~93+-#nt7HBrS0#|MNX&V#ur5*J`ELcSB80~D-8}c~ zA4xWTJLi2*7810I0kaTp#<)?}KSxp&tTcv0B^-rOcpCL(6GR_b!3$pVF|=0vVVDKZ(bDhjra<@5&57X76*xA7t{Oz2v*kdeT6&l&yZC0+H``RdE8*6o30I}9b z!6?t%?XdUjWj8FTC6kyrn3#xS2ztBRZQ(v4Lq?0b(3$J~n6o&yM`t^87Zr~eYKdOn zy;qYrM9XneK{7It7Z_hFCs|4tLXoxbGtW0X!TZ+a9bi~08Pyo{10Am0H%8T#)k^9h z<#0FJqcxYakB~(5ls9l=mV;X#K}lJ=O}^|5Q&ZQ+IAjKkbL%odH|j+#jA;2*O<(OQ zvbg4>t}{+}r1mGrM?U`nvihsM9Z#P5GtEoK(s+`Du5*3S*$msC_rjUAjk^Deihun_ zmOF!^$p-)~Xn%n1^%pyk#e#8(M#^E#$T?-tm|+Yu%N$!m=Si4IddIxyzxImN&NJz0 zq+%o+q(Lmp`9j=gG<|24kLly%J&wc|Z z0>C=iOQG-C4U?I6L>_szzj0cHqxMdPkqZfYUYls`ifz{^1~gcWOJuO}M%2+_9t_?xf4JEC8Ow6(m^H%FQ{Kl7U8xL)YrfG z4<#>95A=%R2B*Ka{26k!>cu(3gx_hJE6|hEx}A%6DqrE@{W8gtebCUXBhZ_z7i=(( zF>)R?D;r9XDWZ)X-^)$%{-`|AhSZ>I9Nd3g_g!Ajd-`NFYTMwC`7m*!XoN}hwTa5F zyh3-ApG(N3($(i@ly0>zZy)H|lEsRhe=&lnnjM;x#bi#Xq^rjJj9H z@t5yUM$=lEU*L63Rfv5{^lv6gd9AW3+3lAxznozpgyxGt`IB(D1b+Pf*N5Z(z86lC zap&OX=mK2eHN>!Zi>naSgwv6#>+3|LvKf5a7+^k-Pw*uh(m2^H4i>{Eug%Buc*rt3 z-dRGa|3actu8p#1tQFjqwtM9+{IUlvHEp{r*gu$c|83X##Jd@keIc&$K*boCoGvyt z@qY)hifEC_eqUKs0VtBf0xq3aKsL8{V+N8%gy9*ezk>F12bqnF$${deSdDLSX6<{cn!A9pJ=2__7pc^pm+x>Mo}6V zW0!!U+@tb801Pi1o(6jCHdnM11^(To1bvUnY^WI(3_8>dS*1X=n|{--pw5IUh)`w}B5*fMH=Hm&9u%ufs&=7x-kE~2NpTIM-a z7VfEz-opO1+$5jAh5x^|razvK6Xo|vkNq(v8v^ZkF{6%{wN+dZEf?a`?>Df0%+u15 z*xWVVsxUPcfI^Y#1w*HO41{z`$@yGYva%bcQm0B16fh(6k(5!XXwD+U-ABBCGCU69 zZ+!mz!QgmhepeT(H^R)mD`VJ3TA2zi2oH8Q&@Cmb7Uy}?2w>PkRlY6NOXkhkNh1Y?G5;J=k#Jpfl2NA}bMiL~SvRD&CkNa6D%wdwfyW; zaOwwX13IR_o$T_DO2Fh&yXfGz@R~U0C5eYTv{uu9Xael(>qymNzA}j?!Al-HIjbz3f@&ah_*J!GOOcYKnHzXCsw;8r~Ts~;A0N^ zGR5K%(fs~BKLbp2P*4-R zCBGVQ3!M90ipr0YjwL9325Z#3b3E@~or#r*n~PVm?UZ^bgi&I;oa(aFeB5vW&OP?8 zIKPot>*_G9fqVom+#Hp^OWVQ5yn?N~BqG-*b)78wEjxw2_a$PAfzPW&vSEK8LEWIv z;s*$0|L7jP7Gbt@@a1z#?h{p2LLm-7L5%=c?f9+y7@B(O411_Hh2?y_}uvu4>G^2q7J(z%s#kNE}+{d z*m;XpeXzPki<;#>m{mZI9vnf>uh{?|Y`#jQ{pkNKaGKgL6}Kbs9iv{{eL%q) zz(PUoaC#Z{1`S~&=u~WpJ5d*9uNi+HVc+7c09;2c^7TP)a4d>KPcY3p)(2#ovBj4- z{5jmmKn6N;tg1J_$K#zvhnuc^!7+uD| zu9M_64peE~RLplW0+fXWuJ-*q510&1-3?TKHG-a^83>qDk*G1%a%ReDJo~!4x4f%F z^G>;K?%Ze*h%S;}_B|sBFtMTpd z6Q+SkUT#M_kboQ;g`-l>qw6Bk^!A!}=43dNbw71xYaqhm*(tw|8INc=L@nDtf^@qK z-I}oGB{i8$IvDOJj+Gh|I^FX!6}a;Dlou~E8ovhkzLRj2H##CN>23+3_B zGMl%M^~CFV$mS$42CmdL35E@0(&5$WZp;9o5}>OO%hDakG0rLq^mx)$ zJ?~a%{#r=nO!?G>td?eksXFk@2o4|)QScBuU(?@|U^bu@2lUDfBeqyMpFSEv8jzhB znTq1<=@a}$w$&5dE2)#IV@6q-sdMD^q73y1g|IFE@!7Btw*}H5d!{9~%>pDanz$M8Sn{X4~Yg(iN4<**It|q!9rEnpM!N_AyrdN;b8a1=rF7+3d{uEsL7Z7 ztyM4RD$S8W?BJKzzJtz#B&^x1nwEQTJY+>1?Lh7zc(qPXloAXq1k0DSJDYKFBv9i`}CZI(7yb9^o9SBWHw$sxY z*>%D29LXS5ve3GityhDxJIvLP z+z;}b9P~8K`%fU)pcMsXsCn=vbkU!9$({#e37TZ+R%LlJnYhKWD&8CM2_Pox-(h2m z0xP0bzq{>J;M4JA_@Y<^ZtckiscYo>FnVN0Km-4RA`7+tZ@bgIbVw0%Pg_Acq8M^fe}tYrjB`YHhdw=k6DCXRFJ5`}E15;yxu zKRPpPbYxC|XY^S`92UXXlFkc_U-F*ts`f=?PXFW6_MidB$F-W=)4svJKU-sUornGUsPPe}IY9e%ktJj5#Y0;(MW!a# zoZ>jk@UW|u@XyQckU%|h=BN0!5fggB`?1em3kX8-={;Rq00o=R&hO~)X}Xj} zQ!WMrJd3x2kOQ`Ng*MO6pjb`oj)6WN6LWU~wC$j04%6w$_6Pn^!Ekg|b*yDELQzay zRF0>9y3^X7%k)uW)Hv+MQY>er4`qUg73;!NBP&J=0Qi0$ zu1oa5`_0v?C?%9V*6j`z{j?5=Qs=;)Lwi|^v4{TTFBY0i(E(8-Q{+{~LTJqp_;sR} z{Lu<#_l`Y{d|R!OZFZeLE#Q@&Wzg8DSlE4`!Xquos=088`}Fm~m$`a+t$o^O0Dp&C zW1;@0`?galiVHg5=HWc+29z~@yqf3*9pe+c0!JFtmFV7oZL1HYN_cKrJ!*O!Qbm%X zAqkrJyzbWU>!B2wef2P~WNB&zmV0sn^4L%AFv*-2j8T|3BIDm`3{bx15R%ky_aa35 zo6u~M0cxf*h0iShY6Z)<8mvvgqI|qQyjfy}9C<_s?xuH-M&w4B8MgRwDHIuGX(9y? zq6DC2+Zo{jzx?AO6i*N^$#|XIWN*ljqB4^12=%FcMGSFO|C5J_m09( z*Z%;;#3SZYz5CyM=J25Qf2ayu#F9rbgwhKcSV{ALf6QTEv>Ay(242>^0)y#+ZsG39^Fb@pG@TjL278v$wrlJ{^cZMs+udOELGG zN%hOVpI+<$BsCCzWc>!$kD|?IFAc&TU3^{E;C$$wQRoDO-P)OExunE)yo~9nfpIx{ z|1w@y=}|ARSk12psc5mCZDZuAS4cr)x>JS>;y}*^u{?z~(jr$}N64+!0vIOxS~s6w zx67Jdh2W9OACbbZv%lQja;u63@{YNP*ViP-ujYHOEdQ~mg=?EWmX_)M2dH;hEa@k8 zxe@K89L5w}GAJNdtY$+S4=8g{DUO;+4-;@ciOzw1>?0h$&Y)m5(wgxTYy8ERy&zMc zyEGvUItBovBT!*K0DSd78~M{2!FLKAk=66+B9lMF#kYfsZ?PiYiT}O+8BXzvA6nR9 zIj1T7B;sluVzzF9e?4{iVkYV&DuJIL+rynpmGa))(WK!F08Tv5bSd?1iea%m9iY^th24yzDIev_B5nm?SP@T{FOZ)hqHH% z3*PL59nvZ!2tj{&XqJBxS~VsbU81{~*iweJ%|%EGme_qJ5twEVMEPD5r&0iAX(!NB#{t!e*+7BbQpB@G-`$wiU_B1QJrWHf{~i*=TBr9I7)nt45t*Pcn>R;s94~A*OJ(#B6ZriHL!Uc? zo-*PTigd)$BXtA%U|K`|%1dYdb4VtGTbd79Jc4jjE}0|$-1$?I$5u#-8mBO@<5RcB%BvtJ! zY{AIf#7`{0LJ^4+DkMUgv;S%X;DJT6EY-9f*5>rebm?`6xC_{H1p8lM(j1YKD@mYV zx&OT~M`u{<`Ie2D=#-!eFVhBWC%MS-m`!CaQ&tyS2%V(c84lbAkkH`cFnHe&1ol|* z#EnrvP(J(@-1r)*!PL+KyC#0vBt$T8ziq1p@9%$HC#^8;6mwrciq|uP zjc>LSH)^cA8Vc8|2rsxd6m+&Zw3MyW5)b4W@3H=>F~s|_LcrSovK zypSDL7}lK6g}?6r9Qmbosj{aWZxR!Bj!=*`y<@TKw2YZX50@x&pcBkMP;6?yTul=C z9%rhMK(;>DUyz`rK7`zah;u5c|Pb zup@9=5NuI+K2E_Iu-XR#ZlKa;d!Ae>Oouc-t|k65exq&P!*H_dZ^yqg;f3 z30P+4{ZefDNOqoT;C`id7@Yn+<&f*+A=1+}MGHLF}Z!=rwz)nPeVAZGb? zRwGh2#URl=^8lz?sMuAs#QcGzXGGNd^)h5iykRM+l**|s*M)z%Nz_7Yo_0+d&soSz zl6qI>)5xt_@tYMh_`HMBllSXXHOYuCw1tlq6A550jd}g@yU>~H)Oht~xWPE6JwxPM z)YjR-mfp(pM%zi$;N5pCOsp@ZLsZysvOB2((~q{gwYBSka4!3Z>ics5oeirgcK4V3<-3H$z|7WfFV2+*gEwx z)NbIv9MqEjTALp;A^c)3-rKHJHxzyC$8;LG+aX!^bD=t<4J1~_U9tLUWc!rJ>WS2{ zfr9(E)$xi{!d4T}g$Egb9Tp ztNBS%>ph&ucz5xg$&wlat|b({FINHbR*=I;_yo48!CK^*GcNmX`CjrNa|S@|A@o-+ zSU-xgi`p2Bq|D!0u$4=oKwZbt7Vu5mPdD)}?vJ&oH3(apZ&atOI#vQ0{1E+SYM-<8 zFPLzkM10l!VIc#+cIxKA^XLZT^9V&Zadf4`9t!0|za1E8I9JAqbdE^?%N3h{Xt+A5pSo zLo-5y=?yTEU6SAf0I(jjiIuvj*VQ)PD!jVpKR{3l%cMQh)Wj4|%ec%@<;k#nlZkh< zx{&C>t+<16p?Od4d8*w6Z$U}v!(b{6N=8cornnNVL3#n%(yP=e57XVgO!d3m?*Rk+ z5n5j*#_<2v;uW`idYIg&#*k4S3dlmpNQOcHe7Ibn)@;+=eg9cmuZ->OdrSOJS7#j+ zg|qhYr5hHhRf$EqQyO+rLTL%5SwOnGmM%fqr9oM`lvF@Ka%n}9DKIuI+r@i^Sk*04$PNf0b0a#g~OloA)6k>-B)X)$@U3_-N5)K8KfG=KN#I563Oc zU1c-@C{-!Vu$diYH4;lh*+>L&9W7wsVTtjxay{vp7a`caT+FWuCnm91tVGZEWI4Oc zLyE>Zx6R%jEa^|8S;?MEqk^w^{q70NuHMbEY?!qNFlic3Yg(4c|6RPy$h5|YcL-07C*m+r;{{Cn*zUAQ6ohmdtJ-=cjT zUT{Tl7#tjScooX6`{T{rj}(I%_+{_Cd;WSs3qt9J8gjqWG)8-$CsdJGi!Gn5aebfMbs_)QZZuE5_QkV!A#19l)Ku0V@YNn@8z0dSlGiWF)yP%6Pc=SCc8p zQRR~vhbU+&eew}mDe7t^)dk8IBtwJSK66#HNmScBEEYn|ON(gZ((o%Nq)!H&%0wL9 zoScLU;9K#cUvtfgrd1bRX=G@X+Y9Gy`}TZWila`>Jf}c!^bCc70l#5Fzg|#3s$wx$ zUtwtssN}d4IAS4{;DCv5)|wMXu53CHRxX^*vEWf1ueS#xygDqHZK|pR_YiXLmG5ik z4DB~*Ha>1op|Lb+4s_$uuaqn+f778(E#ds_dv-A0qoxA5&L)-nYg5*-S<;VDU$dTR zAexn0O1mEs|8UIzF=ful4aN|)W43a~2MRSfF+OF@hdT(#Jf>;KJkR;MTsivZmNRVK zPs@AcV>Uv)mhK!=#Von4T#Fs)S+40z1Qab&e*%7g<}@1}yjt!Wzj5(x>cbxYuA`Ii zc{jO~%goz9c@IZ*U1P|XjG8=*yAR08hF@s-{BMZIaNa<&=UtFW>j4~jtYV*SaB}so z9J#X%(wSRw-~AK)A53=TJ5ndQPBAC0nFQHfxGffdXB6xp#N|uG2052vbA7~JNl%(L zB9p%>#Gt2m71UqHMXK^0zD(Y&Ri3bX^0_ClS5>mUn5C~LN1~oX|19?st0hMUZHW+#YB~FOCrYT;i2PKiCDq*XH$htimO3htgHD*x)(!2; z)?&l;R3jS-`{e^Jv|JZuW=NLc|67#HpF+jQ_EMb`+D|APka`>sdQ+Pg3+uA5tv=MK zBWB9#jy0t5E|BpW2xh>)_KVKok9@7Z%@Lo7V*Ewo+glX0mtZgCQMGHePvPu`i+Tz( z5D|Vg*qcDf>m6w&vQdBW%UUWt$^I3oJMz6)z`|bc_h7}(EVbeVxfljK0@ZH70?%;GkWaEKJl*PQ{d`7 z6@wyGV{9YtHIQ5|(Qdz>jVJGuh9=tr`ZpH`je6&A z0Q=tvu|2H~cfC5Zh0x%>?E)^w`Y*2asU;3NIv{~JO4&Yqn>|Fzf;bgv3@I_)d$Z_D z|94OkrmVL0{^&{apVWUKO?SArxW|d7kjJ4wOO~bVPV? z4~i-3kuJE#PY2ba;BTqY(HWowIG8FIFv*-a-pl4!kWLt1tp0B3Mq0|Hk z`px`NAanB;K)D7N0Hu)Zv@^GzJn&~Er4s%mGonPg#QB`c%TI|N-~DQbCUu!Ch69tg z{961*OTH`?oMGYecYxawKvZOzBOCsI2iNs~(2k1*-?@QaI8xu%-@(HZ0e61KNP|!d z>k|4SLRB5n)jNPd&5yF}Xh2m50Zlo(>trSU_VywdIx22^alu)H?+e4%OG>=TAv0DT zYUvEpXKfB`amc1(2IKQpx?y;$%F}p~(rdybU8`35Fx$~0pM$M zyGp+eh`9sBBTzH7p=nfWyQ|rC;UU|3^WnuX)uqKOs`^;r$XV1d1D(Oyg#5Nno5`5GaMD-9f+ zJy5o_->Hh3P<%Vq-(vxXkS(&PFsqu0vVw4%f-eV zI^q;`#;^{$(h;Iz1FdNInv7ip@?P*lOT(bPZ>Gy)(x;}N2OE-;yH+ z##wKonqZ>{0#e}fz94b=0@)BGs$+1}auqA$b)4OD@#Qys8SwlW)KG2+ei^!YetF=% zZAH79*}43fx@$l@Js$D%!hKN_rXYjXzi_OTH7Dltg$7D4{Wl`0oT`jiy@#%IkHV%lU3$Ds*zYJ^}*)loI=_ z>B?evOEN9|l)O4cWrPW(n@uWK2o?S?l694H9twQ)&p0S=|Fd~!?7WZ^*aC?D#qIyQ zwuF5=KY?ik%_u=A)Q5BYaCZtmQP!R*1x80-xqI465%l2J#%Z}X^@8B+Sqd{#+VZ`94>Rxkn?`)gNEG~q zD8YDDO(_9xk_kA^6I9T*^(%h~Xc~G_+q&uZI){bMdcpH_B#ArHmUh3hBj}nZbevwj z*oLTKModB-9Zx2u>4NJnp$K{11mH_IyeR<@?HyZDD6MhN3F z?nc}$jYU4rLZ8s66AY2Ir2{-chf$Gfu$si9@;?I{&qWAb4Pvl?GNN|@{k*x%vexA6K-Hc@~ydiiX9&5Bhx$OGIYBs&4+0CX%;R7@_3`ZQNl=4r z2uLkCg0~?Q$0>T^I8`~?zo0}{$TxnkKkfL4uz=gO;{$1xFj(cc(?}T;;6QQXM$v%Q zV$rzacXCfVMWL-x=)t31+cCw@k7%;#-$Q9-WqK#U{TdQuIC6}&ev~Tjr2&@c(+2vT z!1@$h(TGVi50r3ssn&)gOE^Tn9YaX$8+WWqn1k@8n7=49!M zSnh`Hi$9t;Pc5Fh$>Z(pnY=@zxHl#nM>ih(5he z$ga;#JR#oCfVWNIFV}DCopYT2K;(LJ&D@$+gd$?z^d)GEbh+8aD%ZE3_lpB7EJh^| z#1Z<$Sq`|i42Lp>cc1r{K2NtNPg)LMwn9==S~W2hjNHJ$8VNs!f`1SceM`ANT(ROL zkVI0vT#UVLzDSl#{JCwPMik*@5lvybggi&DiIBXQW$%euuLhPaGdir{Dkg15rpmu8 zU*}^zCi}5WN?EPXd(EWP^Gcchr|*~|AIq|F*4Z=8}9K1 zFDIp}20St+LVW|sQ>|0w86bgQcN_x)SdJc1*F)-k_LFuAhZpK(i<3P=S{*2*=8772 z#6AxAdk6M0!$_QNtRp>>P_|TCbeUdY0AOh33duJT7X_&0nPo|9OIONK`Hsk*W%smO zW|Ao9H#cERU#lvd;{iU$!UdPU7z)8|U(!OLpEa+%Z#8P7p$rK$o~ zenK?Ai)@$T(j2{d@69v;>;XS^tW!HIO>p6^Em?y}Y%=&_Ueu>(dOj|IIwa}lqdypf z_G^#&gVVv5d;J9zDacT0Lbo?zPhdp;UGZA=SX4$5{5W32gBFl-W?V68rgI2gXeWBR!0H%jq>%h+l~r1) zg;Hq9xaE{tf0BJDFSKm149%)jmEQTiMH;C}G23KH`+?6gNFto*=cnI0x=A=iec>;3 zFM}Q;F25y!H=s;aITL4$VkujMr z9zlUUeRqWsLPU$1>lw)-%&z#^%Ed^3`pljFh6@a8+5$phhQ-^T{{jeDx{v?> From affd77f989f7a8ec0f4092a5bdfc7539bb45747d Mon Sep 17 00:00:00 2001 From: Cytown Date: Wed, 18 Mar 2026 18:00:14 +0800 Subject: [PATCH 19/24] fix for feat(web): implement macOS app feature and file logger (#1735) --- scripts/build-macos-app.sh | 2 -- web/Makefile | 2 +- web/backend/api/gateway.go | 2 ++ web/backend/main.go | 1 + 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/build-macos-app.sh b/scripts/build-macos-app.sh index 093360ab7..76cc72938 100755 --- a/scripts/build-macos-app.sh +++ b/scripts/build-macos-app.sh @@ -80,8 +80,6 @@ cat > "${APP_CONTENTS}/Info.plist" << 'EOF' LSUIElement 1 - NSHighResolutionCapable - EOF diff --git a/web/Makefile b/web/Makefile index c631a974d..06717f2b9 100644 --- a/web/Makefile +++ b/web/Makefile @@ -92,5 +92,5 @@ lint: # Clean build artifacts clean: - rm -rf frontend/dist backend/dist $(BUILD_DIR)/* + rm -rf frontend/dist backend/dist $(BUILD_DIR) mkdir -p backend/dist && touch backend/dist/.gitkeep diff --git a/web/backend/api/gateway.go b/web/backend/api/gateway.go index 098e2babe..da2cb5768 100644 --- a/web/backend/api/gateway.go +++ b/web/backend/api/gateway.go @@ -566,6 +566,8 @@ func (h *Handler) handleGatewayStart(w http.ResponseWriter, r *http.Request) { } // handleGatewayStop stops the running gateway subprocess gracefully. +// Note: Unlike StopGateway (which only stops self-started processes), this API endpoint +// stops any gateway process, including attached ones. This is intentional for user control. // // POST /api/gateway/stop func (h *Handler) handleGatewayStop(w http.ResponseWriter, r *http.Request) { diff --git a/web/backend/main.go b/web/backend/main.go index 922dc2f6d..b1db3c57a 100644 --- a/web/backend/main.go +++ b/web/backend/main.go @@ -81,6 +81,7 @@ func main() { logPath := filepath.Join(picoHome, "logs", "web.log") if err := logger.EnableFileLogging(logPath); err != nil { + // FIXME: https://github.com/sipeed/picoclaw/issues/1734 fmt.Fprintf(os.Stderr, "Failed to initialize logger: %v\n", err) os.Exit(1) } From c07f5c948f6a849d6af38d0e389434904ed74943 Mon Sep 17 00:00:00 2001 From: dev-miro26 <121471669+dev-miro26@users.noreply.github.com> Date: Wed, 18 Mar 2026 19:03:24 +0900 Subject: [PATCH 20/24] refactor: centralize environment variable key constants (#1730) * refactor: centralize environment variable key constants * refactor: update environment variable constants and usage in gateway --- cmd/picoclaw/internal/helpers.go | 4 +- pkg/agent/context.go | 4 +- pkg/auth/store.go | 3 +- pkg/config/defaults.go | 2 +- pkg/config/envkeys.go | 37 +++++++++++++++++++ pkg/credential/credential.go | 15 ++++++-- pkg/migrate/internal/common.go | 4 +- .../sources/openclaw/openclaw_handler.go | 7 +++- pkg/providers/codex_cli_credentials.go | 7 +++- web/backend/api/gateway.go | 4 +- web/backend/api/skills.go | 4 +- web/backend/utils/onboard.go | 4 +- web/backend/utils/runtime.go | 9 +++-- 13 files changed, 83 insertions(+), 21 deletions(-) create mode 100644 pkg/config/envkeys.go diff --git a/cmd/picoclaw/internal/helpers.go b/cmd/picoclaw/internal/helpers.go index e04bccffb..6b2d65c91 100644 --- a/cmd/picoclaw/internal/helpers.go +++ b/cmd/picoclaw/internal/helpers.go @@ -12,7 +12,7 @@ const Logo = "🦞" // GetPicoclawHome returns the picoclaw home directory. // Priority: $PICOCLAW_HOME > ~/.picoclaw func GetPicoclawHome() string { - if home := os.Getenv("PICOCLAW_HOME"); home != "" { + if home := os.Getenv(config.EnvHome); home != "" { return home } home, _ := os.UserHomeDir() @@ -20,7 +20,7 @@ func GetPicoclawHome() string { } func GetConfigPath() string { - if configPath := os.Getenv("PICOCLAW_CONFIG"); configPath != "" { + if configPath := os.Getenv(config.EnvConfig); configPath != "" { return configPath } return filepath.Join(GetPicoclawHome(), "config.json") diff --git a/pkg/agent/context.go b/pkg/agent/context.go index 830edf875..8db8f0b5e 100644 --- a/pkg/agent/context.go +++ b/pkg/agent/context.go @@ -52,7 +52,7 @@ func (cb *ContextBuilder) WithToolDiscovery(useBM25, useRegex bool) *ContextBuil } func getGlobalConfigDir() string { - if home := os.Getenv("PICOCLAW_HOME"); home != "" { + if home := os.Getenv(config.EnvHome); home != "" { return home } home, err := os.UserHomeDir() @@ -65,7 +65,7 @@ func getGlobalConfigDir() string { func NewContextBuilder(workspace string) *ContextBuilder { // builtin skills: skills directory in current project // Use the skills/ directory under the current working directory - builtinSkillsDir := strings.TrimSpace(os.Getenv("PICOCLAW_BUILTIN_SKILLS")) + builtinSkillsDir := strings.TrimSpace(os.Getenv(config.EnvBuiltinSkills)) if builtinSkillsDir == "" { wd, _ := os.Getwd() builtinSkillsDir = filepath.Join(wd, "skills") diff --git a/pkg/auth/store.go b/pkg/auth/store.go index 2e55d4877..f7813ca57 100644 --- a/pkg/auth/store.go +++ b/pkg/auth/store.go @@ -6,6 +6,7 @@ import ( "path/filepath" "time" + "github.com/sipeed/picoclaw/pkg/config" "github.com/sipeed/picoclaw/pkg/fileutil" ) @@ -39,7 +40,7 @@ func (c *AuthCredential) NeedsRefresh() bool { } func authFilePath() string { - if home := os.Getenv("PICOCLAW_HOME"); home != "" { + if home := os.Getenv(config.EnvHome); home != "" { return filepath.Join(home, "auth.json") } home, _ := os.UserHomeDir() diff --git a/pkg/config/defaults.go b/pkg/config/defaults.go index 9e8668779..eca8af1bf 100644 --- a/pkg/config/defaults.go +++ b/pkg/config/defaults.go @@ -15,7 +15,7 @@ func DefaultConfig() *Config { // Determine the base path for the workspace. // Priority: $PICOCLAW_HOME > ~/.picoclaw var homePath string - if picoclawHome := os.Getenv("PICOCLAW_HOME"); picoclawHome != "" { + if picoclawHome := os.Getenv(EnvHome); picoclawHome != "" { homePath = picoclawHome } else { userHome, _ := os.UserHomeDir() diff --git a/pkg/config/envkeys.go b/pkg/config/envkeys.go new file mode 100644 index 000000000..b04ff19f5 --- /dev/null +++ b/pkg/config/envkeys.go @@ -0,0 +1,37 @@ +// PicoClaw - Ultra-lightweight personal AI agent +// License: MIT +// +// Copyright (c) 2026 PicoClaw contributors + +package config + +// Runtime environment variable keys for the picoclaw process. +// These control the location of files and binaries at runtime and are read +// directly via os.Getenv / os.LookupEnv. All picoclaw-specific keys use the +// PICOCLAW_ prefix. Reference these constants instead of inline string +// literals to keep all supported knobs visible in one place and to prevent +// typos. +const ( + // EnvHome overrides the base directory for all picoclaw data + // (config, workspace, skills, auth store, …). + // Default: ~/.picoclaw + EnvHome = "PICOCLAW_HOME" + + // EnvConfig overrides the full path to the JSON config file. + // Default: $PICOCLAW_HOME/config.json + EnvConfig = "PICOCLAW_CONFIG" + + // EnvBuiltinSkills overrides the directory from which built-in + // skills are loaded. + // Default: /skills + EnvBuiltinSkills = "PICOCLAW_BUILTIN_SKILLS" + + // EnvBinary overrides the path to the picoclaw executable. + // Used by the web launcher when spawning the gateway subprocess. + // Default: resolved from the same directory as the current executable. + EnvBinary = "PICOCLAW_BINARY" + + // EnvGatewayHost overrides the host address for the gateway server. + // Default: "127.0.0.1" + EnvGatewayHost = "PICOCLAW_GATEWAY_HOST" +) diff --git a/pkg/credential/credential.go b/pkg/credential/credential.go index 83af3fc9f..b65c19446 100644 --- a/pkg/credential/credential.go +++ b/pkg/credential/credential.go @@ -66,6 +66,14 @@ var ErrPassphraseRequired = errors.New("credential: enc:// passphrase required") // indicating a wrong passphrase or SSH key. Callers can detect this with errors.Is. var ErrDecryptionFailed = errors.New("credential: enc:// decryption failed (wrong passphrase or SSH key?)") +// SSHKeyPathEnvVar is the environment variable that specifies the path to the +// SSH private key used for enc:// credential encryption and decryption. +const SSHKeyPathEnvVar = "PICOCLAW_SSH_KEY_PATH" + +// picoclawHome is a package-local copy of config.EnvHome. It is kept here to +// avoid a circular import between pkg/credential and pkg/config. +const picoclawHome = "PICOCLAW_HOME" + const ( fileScheme = "file://" encScheme = "enc://" @@ -73,7 +81,6 @@ const ( saltLen = 16 nonceLen = 12 keyLen = 32 - sshKeyEnv = "PICOCLAW_SSH_KEY_PATH" ) // Resolver resolves raw credential strings for model_list api_key fields. @@ -248,14 +255,14 @@ func allowedSSHKeyPath(path string) bool { clean := filepath.Clean(path) // Exact match with PICOCLAW_SSH_KEY_PATH. - if envPath, ok := os.LookupEnv(sshKeyEnv); ok && envPath != "" { + if envPath, ok := os.LookupEnv(SSHKeyPathEnvVar); ok && envPath != "" { if clean == filepath.Clean(envPath) { return true } } // Within PICOCLAW_HOME. - if picoHome := os.Getenv("PICOCLAW_HOME"); picoHome != "" { + if picoHome := os.Getenv(picoclawHome); picoHome != "" { if isWithinDir(clean, picoHome) { return true } @@ -316,7 +323,7 @@ func pickSSHKeyPath(override string) string { if override != "" { return override } - if p, ok := os.LookupEnv(sshKeyEnv); ok { + if p, ok := os.LookupEnv(SSHKeyPathEnvVar); ok { return p // respect explicit setting, even if "" } return findDefaultSSHKey() diff --git a/pkg/migrate/internal/common.go b/pkg/migrate/internal/common.go index c77ab9f26..75aef5dc2 100644 --- a/pkg/migrate/internal/common.go +++ b/pkg/migrate/internal/common.go @@ -5,13 +5,15 @@ import ( "io" "os" "path/filepath" + + "github.com/sipeed/picoclaw/pkg/config" ) func ResolveTargetHome(override string) (string, error) { if override != "" { return ExpandHome(override), nil } - if envHome := os.Getenv("PICOCLAW_HOME"); envHome != "" { + if envHome := os.Getenv(config.EnvHome); envHome != "" { return ExpandHome(envHome), nil } home, err := os.UserHomeDir() diff --git a/pkg/migrate/sources/openclaw/openclaw_handler.go b/pkg/migrate/sources/openclaw/openclaw_handler.go index aaff119f1..5e5241268 100644 --- a/pkg/migrate/sources/openclaw/openclaw_handler.go +++ b/pkg/migrate/sources/openclaw/openclaw_handler.go @@ -10,6 +10,11 @@ import ( "github.com/sipeed/picoclaw/pkg/migrate/internal" ) +// OpenclawHomeEnvVar is the environment variable that overrides the source +// openclaw home directory when migrating from openclaw to picoclaw. +// Default: ~/.openclaw +const OpenclawHomeEnvVar = "OPENCLAW_HOME" + var providerMapping = map[string]string{ "anthropic": "anthropic", "claude": "anthropic", @@ -112,7 +117,7 @@ func resolveSourceHome(override string) (string, error) { if override != "" { return internal.ExpandHome(override), nil } - if envHome := os.Getenv("OPENCLAW_HOME"); envHome != "" { + if envHome := os.Getenv(OpenclawHomeEnvVar); envHome != "" { return internal.ExpandHome(envHome), nil } home, err := os.UserHomeDir() diff --git a/pkg/providers/codex_cli_credentials.go b/pkg/providers/codex_cli_credentials.go index 40f3ee2a1..c5b25f040 100644 --- a/pkg/providers/codex_cli_credentials.go +++ b/pkg/providers/codex_cli_credentials.go @@ -8,6 +8,11 @@ import ( "time" ) +// CodexHomeEnvVar is the environment variable that overrides the Codex CLI +// home directory when resolving the codex auth.json credentials file. +// Default: ~/.codex +const CodexHomeEnvVar = "CODEX_HOME" + // CodexCliAuth represents the ~/.codex/auth.json file structure. type CodexCliAuth struct { Tokens struct { @@ -69,7 +74,7 @@ func CreateCodexCliTokenSource() func() (string, string, error) { } func resolveCodexAuthPath() (string, error) { - codexHome := os.Getenv("CODEX_HOME") + codexHome := os.Getenv(CodexHomeEnvVar) if codexHome == "" { home, err := os.UserHomeDir() if err != nil { diff --git a/web/backend/api/gateway.go b/web/backend/api/gateway.go index da2cb5768..d5ccd6e29 100644 --- a/web/backend/api/gateway.go +++ b/web/backend/api/gateway.go @@ -387,10 +387,10 @@ func (h *Handler) startGatewayLocked(initialStatus string, existingPid int) (int // GetConfigPath() already reads, so the gateway sub-process uses the same // config file without requiring a --config flag on the gateway subcommand. if h.configPath != "" { - cmd.Env = append(cmd.Env, "PICOCLAW_CONFIG="+h.configPath) + cmd.Env = append(cmd.Env, config.EnvConfig+"="+h.configPath) } if host := h.gatewayHostOverride(); host != "" { - cmd.Env = append(cmd.Env, "PICOCLAW_GATEWAY_HOST="+host) + cmd.Env = append(cmd.Env, config.EnvGatewayHost+"="+host) } stdoutPipe, err := cmd.StdoutPipe() diff --git a/web/backend/api/skills.go b/web/backend/api/skills.go index 936074fee..3c2fb57dd 100644 --- a/web/backend/api/skills.go +++ b/web/backend/api/skills.go @@ -309,7 +309,7 @@ func loadSkillContent(path string) (string, error) { } func globalConfigDir() string { - if home := os.Getenv("PICOCLAW_HOME"); home != "" { + if home := os.Getenv(config.EnvHome); home != "" { return home } home, err := os.UserHomeDir() @@ -320,7 +320,7 @@ func globalConfigDir() string { } func builtinSkillsDir() string { - if path := os.Getenv("PICOCLAW_BUILTIN_SKILLS"); path != "" { + if path := os.Getenv(config.EnvBuiltinSkills); path != "" { return path } wd, err := os.Getwd() diff --git a/web/backend/utils/onboard.go b/web/backend/utils/onboard.go index fbe34f220..81475ac80 100644 --- a/web/backend/utils/onboard.go +++ b/web/backend/utils/onboard.go @@ -5,6 +5,8 @@ import ( "os" "os/exec" "strings" + + "github.com/sipeed/picoclaw/pkg/config" ) var execCommand = exec.Command @@ -19,7 +21,7 @@ func EnsureOnboarded(configPath string) error { } cmd := execCommand(FindPicoclawBinary(), "onboard") - cmd.Env = append(os.Environ(), "PICOCLAW_CONFIG="+configPath) + cmd.Env = append(os.Environ(), config.EnvConfig+"="+configPath) cmd.Stdin = strings.NewReader("n\n") output, err := cmd.CombinedOutput() diff --git a/web/backend/utils/runtime.go b/web/backend/utils/runtime.go index 425f25c08..772cd7ec0 100644 --- a/web/backend/utils/runtime.go +++ b/web/backend/utils/runtime.go @@ -7,20 +7,23 @@ import ( "os/exec" "path/filepath" "runtime" + + "github.com/sipeed/picoclaw/pkg/config" ) // GetPicoclawHome returns the picoclaw home directory. // Priority: $PICOCLAW_HOME > ~/.picoclaw func GetPicoclawHome() string { - if home := os.Getenv("PICOCLAW_HOME"); home != "" { + if home := os.Getenv(config.EnvHome); home != "" { return home } home, _ := os.UserHomeDir() return filepath.Join(home, ".picoclaw") } +// GetDefaultConfigPath returns the default path to the picoclaw config file. func GetDefaultConfigPath() string { - if configPath := os.Getenv("PICOCLAW_CONFIG"); configPath != "" { + if configPath := os.Getenv(config.EnvConfig); configPath != "" { return configPath } return filepath.Join(GetPicoclawHome(), "config.json") @@ -37,7 +40,7 @@ func FindPicoclawBinary() string { binaryName = "picoclaw.exe" } - if p := os.Getenv("PICOCLAW_BINARY"); p != "" { + if p := os.Getenv(config.EnvBinary); p != "" { if info, _ := os.Stat(p); info != nil && !info.IsDir() { return p } From 578f90855e031c2b45a3edaaac058612caf96b9b Mon Sep 17 00:00:00 2001 From: Alex Date: Wed, 18 Mar 2026 18:29:27 +0800 Subject: [PATCH 21/24] feat: Add Novita provider support (#1677) * Add Novita provider support - Add 'novita' prefix to normalizeModel switch in openai_compat provider - Add Novita provider to all_supported_vendors table in README.md - Add test cases for Novita model prefix stripping Novita endpoint: https://api.novita.ai/openai Default models: deepseek/deepseek-v3.2, zai-org/glm-5, minimax/minimax-m2.5 * feat: complete Novita provider integration * chore: drop README changes from Novita PR * fix: remove duplicate function declarations in openai_compat provider The functions buildToolsList, SupportsNativeSearch, and isNativeSearchHost were declared twice, causing compilation failures in all CI checks. Co-Authored-By: Claude Opus 4.6 * fix: break long line in novita test to satisfy golines linter Co-Authored-By: Claude Opus 4.6 --------- Co-authored-by: Claude Opus 4.6 --- pkg/config/config.go | 8 ++- pkg/config/config_test.go | 16 +++++ pkg/providers/factory_provider.go | 8 ++- pkg/providers/factory_provider_test.go | 29 +++++++++ pkg/providers/openai_compat/provider.go | 2 +- pkg/providers/openai_compat/provider_test.go | 65 +++++++++++++------- 6 files changed, 100 insertions(+), 28 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index 49fb3679f..79d0196b0 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -531,6 +531,7 @@ type ProvidersConfig struct { Minimax ProviderConfig `json:"minimax"` LongCat ProviderConfig `json:"longcat"` ModelScope ProviderConfig `json:"modelscope"` + Novita ProviderConfig `json:"novita"` } // IsEmpty checks if all provider configs are empty (no API keys or API bases set) @@ -559,7 +560,8 @@ func (p ProvidersConfig) IsEmpty() bool { p.Avian.APIKey == "" && p.Avian.APIBase == "" && p.Minimax.APIKey == "" && p.Minimax.APIBase == "" && p.LongCat.APIKey == "" && p.LongCat.APIBase == "" && - p.ModelScope.APIKey == "" && p.ModelScope.APIBase == "" + p.ModelScope.APIKey == "" && p.ModelScope.APIBase == "" && + p.Novita.APIKey == "" && p.Novita.APIBase == "" } // MarshalJSON implements custom JSON marshaling for ProvidersConfig @@ -589,7 +591,9 @@ type OpenAIProviderConfig struct { // ModelConfig represents a model-centric provider configuration. // It allows adding new providers (especially OpenAI-compatible ones) via configuration only. // The model field uses protocol prefix format: [protocol/]model-identifier -// Supported protocols: openai, anthropic, antigravity, claude-cli, codex-cli, github-copilot +// Supported protocols include openai, anthropic, antigravity, claude-cli, +// codex-cli, github-copilot, and named OpenAI-compatible protocols such as +// groq, deepseek, modelscope, and novita. // Default protocol is "openai" if no prefix is specified. type ModelConfig struct { // Required fields diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 82a845471..588c04645 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -77,6 +77,22 @@ func TestAgentModelConfig_MarshalObject(t *testing.T) { } } +func TestProvidersConfig_IsEmpty(t *testing.T) { + var empty ProvidersConfig + if !empty.IsEmpty() { + t.Fatal("empty ProvidersConfig should report empty") + } + + novita := ProvidersConfig{ + Novita: ProviderConfig{ + APIKey: "test-key", + }, + } + if novita.IsEmpty() { + t.Fatal("ProvidersConfig with novita settings should not report empty") + } +} + func TestAgentConfig_FullParse(t *testing.T) { jsonData := `{ "agents": { diff --git a/pkg/providers/factory_provider.go b/pkg/providers/factory_provider.go index b7567f9fc..dbb5db5cb 100644 --- a/pkg/providers/factory_provider.go +++ b/pkg/providers/factory_provider.go @@ -55,8 +55,8 @@ func ExtractProtocol(model string) (protocol, modelID string) { // CreateProviderFromConfig creates a provider based on the ModelConfig. // It uses the protocol prefix in the Model field to determine which provider to create. -// Supported protocols: openai, litellm, anthropic, anthropic-messages, antigravity, -// claude-cli, codex-cli, github-copilot +// Supported protocols: openai, litellm, novita, anthropic, anthropic-messages, +// antigravity, claude-cli, codex-cli, github-copilot // Returns the provider, the model ID (without protocol prefix), and any error. func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, error) { if cfg == nil { @@ -116,7 +116,7 @@ func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, err case "litellm", "openrouter", "groq", "zhipu", "gemini", "nvidia", "ollama", "moonshot", "shengsuanyun", "deepseek", "cerebras", "vivgrid", "volcengine", "vllm", "qwen", "mistral", "avian", - "minimax", "longcat", "modelscope": + "minimax", "longcat", "modelscope", "novita": // All other OpenAI-compatible HTTP providers if cfg.APIKey == "" && cfg.APIBase == "" { return nil, "", fmt.Errorf("api_key or api_base is required for HTTP-based protocol %q", protocol) @@ -219,6 +219,8 @@ func getDefaultAPIBase(protocol string) string { return "https://openrouter.ai/api/v1" case "litellm": return "http://localhost:4000/v1" + case "novita": + return "https://api.novita.ai/openai" case "groq": return "https://api.groq.com/openai/v1" case "zhipu": diff --git a/pkg/providers/factory_provider_test.go b/pkg/providers/factory_provider_test.go index b678a7eb6..c7629ad9d 100644 --- a/pkg/providers/factory_provider_test.go +++ b/pkg/providers/factory_provider_test.go @@ -112,6 +112,7 @@ func TestCreateProviderFromConfig_DefaultAPIBase(t *testing.T) { }{ {"openai", "openai"}, {"groq", "groq"}, + {"novita", "novita"}, {"openrouter", "openrouter"}, {"cerebras", "cerebras"}, {"vivgrid", "vivgrid"}, @@ -222,6 +223,34 @@ func TestGetDefaultAPIBase_ModelScope(t *testing.T) { } } +func TestCreateProviderFromConfig_Novita(t *testing.T) { + cfg := &config.ModelConfig{ + ModelName: "test-novita", + Model: "novita/deepseek/deepseek-v3.2", + APIKey: "test-key", + } + + provider, modelID, err := CreateProviderFromConfig(cfg) + if err != nil { + t.Fatalf("CreateProviderFromConfig() error = %v", err) + } + if provider == nil { + t.Fatal("CreateProviderFromConfig() returned nil provider") + } + if modelID != "deepseek/deepseek-v3.2" { + t.Errorf("modelID = %q, want %q", modelID, "deepseek/deepseek-v3.2") + } + if _, ok := provider.(*HTTPProvider); !ok { + t.Fatalf("expected *HTTPProvider, got %T", provider) + } +} + +func TestGetDefaultAPIBase_Novita(t *testing.T) { + if got := getDefaultAPIBase("novita"); got != "https://api.novita.ai/openai" { + t.Fatalf("getDefaultAPIBase(%q) = %q, want %q", "novita", got, "https://api.novita.ai/openai") + } +} + func TestCreateProviderFromConfig_Anthropic(t *testing.T) { cfg := &config.ModelConfig{ ModelName: "test-anthropic", diff --git a/pkg/providers/openai_compat/provider.go b/pkg/providers/openai_compat/provider.go index 261f2d482..463db83c9 100644 --- a/pkg/providers/openai_compat/provider.go +++ b/pkg/providers/openai_compat/provider.go @@ -191,7 +191,7 @@ func normalizeModel(model, apiBase string) string { prefix := strings.ToLower(before) switch prefix { case "litellm", "moonshot", "nvidia", "groq", "ollama", "deepseek", "google", - "openrouter", "zhipu", "mistral", "vivgrid", "minimax": + "openrouter", "zhipu", "mistral", "vivgrid", "minimax", "novita": return after default: return model diff --git a/pkg/providers/openai_compat/provider_test.go b/pkg/providers/openai_compat/provider_test.go index a3288a023..efb03ccb8 100644 --- a/pkg/providers/openai_compat/provider_test.go +++ b/pkg/providers/openai_compat/provider_test.go @@ -432,7 +432,28 @@ func TestProviderChat_StripsMoonshotPrefixAndNormalizesKimiTemperature(t *testin } } -func TestProviderChat_StripsGroqOllamaDeepseekVivgridPrefixes(t *testing.T) { +func TestProviderChat_StripsGroqOllamaDeepseekVivgridNovitaPrefixes(t *testing.T) { + var requestBody map[string]any + + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if err := json.NewDecoder(r.Body).Decode(&requestBody); err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + resp := map[string]any{ + "choices": []map[string]any{ + { + "message": map[string]any{"content": "ok"}, + "finish_reason": "stop", + }, + }, + } + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) + })) + defer server.Close() + + p := NewProvider("key", server.URL, "") tests := []struct { name string input string @@ -463,31 +484,25 @@ func TestProviderChat_StripsGroqOllamaDeepseekVivgridPrefixes(t *testing.T) { input: "vivgrid/auto", wantModel: "auto", }, + { + name: "strips novita prefix deepseek model", + input: "novita/deepseek/deepseek-v3.2", + wantModel: "deepseek/deepseek-v3.2", + }, + { + name: "strips novita prefix zai model", + input: "novita/zai-org/glm-5", + wantModel: "zai-org/glm-5", + }, + { + name: "strips novita prefix minimax model", + input: "novita/minimax/minimax-m2.5", + wantModel: "minimax/minimax-m2.5", + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - var requestBody map[string]any - - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if err := json.NewDecoder(r.Body).Decode(&requestBody); err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) - return - } - resp := map[string]any{ - "choices": []map[string]any{ - { - "message": map[string]any{"content": "ok"}, - "finish_reason": "stop", - }, - }, - } - w.Header().Set("Content-Type", "application/json") - json.NewEncoder(w).Encode(resp) - })) - defer server.Close() - - p := NewProvider("key", server.URL, "") _, err := p.Chat(t.Context(), []Message{{Role: "user", Content: "hi"}}, nil, tt.input, nil) if err != nil { t.Fatalf("Chat() error = %v", err) @@ -573,6 +588,12 @@ func TestNormalizeModel_UsesAPIBase(t *testing.T) { if got := normalizeModel("vivgrid/auto", "https://api.vivgrid.com/v1"); got != "auto" { t.Fatalf("normalizeModel(vivgrid auto) = %q, want %q", got, "auto") } + if got := normalizeModel( + "novita/deepseek/deepseek-v3.2", + "https://api.novita.ai/openai", + ); got != "deepseek/deepseek-v3.2" { + t.Fatalf("normalizeModel(novita) = %q, want %q", got, "deepseek/deepseek-v3.2") + } } func TestProvider_RequestTimeoutDefault(t *testing.T) { From 3e9b7ce9c130e0a1c5ebf880da3e728cb1b9fa3a Mon Sep 17 00:00:00 2001 From: Vast-stars <865274218@qq.com> Date: Wed, 18 Mar 2026 19:07:49 +0800 Subject: [PATCH 22/24] fix(feishu): invalidate cached token on auth error to enable retry recovery (#1318) The Lark SDK v3's built-in token retry loop does not clear stale tokens from cache when the server returns error 99991663 (tenant_access_token invalid), causing all API calls to fail until the token naturally expires (~2 hours). - Add tokenCache struct (implementing larkcore.Cache) with Get/Set/InvalidateAll methods and proper expired-entry cleanup - Wire custom cache into lark.NewClient via WithTokenCache() - Add invalidateTokenOnAuthError helper called in all API methods --- pkg/channels/feishu/feishu_64.go | 37 ++++++++++++++++++--- pkg/channels/feishu/token_cache.go | 52 ++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 4 deletions(-) create mode 100644 pkg/channels/feishu/token_cache.go diff --git a/pkg/channels/feishu/feishu_64.go b/pkg/channels/feishu/feishu_64.go index 9c462e41e..c503e2993 100644 --- a/pkg/channels/feishu/feishu_64.go +++ b/pkg/channels/feishu/feishu_64.go @@ -29,11 +29,17 @@ import ( "github.com/sipeed/picoclaw/pkg/utils" ) +// errCodeTenantTokenInvalid is the Feishu API error code for an expired/revoked +// tenant_access_token. The Lark SDK's built-in retry does not clear its cache +// on this error, so we do it ourselves. +const errCodeTenantTokenInvalid = 99991663 + type FeishuChannel struct { *channels.BaseChannel - config config.FeishuConfig - client *lark.Client - wsClient *larkws.Client + config config.FeishuConfig + client *lark.Client + wsClient *larkws.Client + tokenCache *tokenCache // custom cache that supports invalidation botOpenID atomic.Value // stores string; populated lazily for @mention detection @@ -47,10 +53,12 @@ func NewFeishuChannel(cfg config.FeishuConfig, bus *bus.MessageBus) (*FeishuChan channels.WithReasoningChannelID(cfg.ReasoningChannelID), ) + tc := newTokenCache() ch := &FeishuChannel{ BaseChannel: base, config: cfg, - client: lark.NewClient(cfg.AppID, cfg.AppSecret), + tokenCache: tc, + client: lark.NewClient(cfg.AppID, cfg.AppSecret, lark.WithTokenCache(tc)), } ch.SetOwner(ch) return ch, nil @@ -147,6 +155,7 @@ func (c *FeishuChannel) EditMessage(ctx context.Context, chatID, messageID, cont return fmt.Errorf("feishu edit: %w", err) } if !resp.Success() { + c.invalidateTokenOnAuthError(resp.Code) return fmt.Errorf("feishu edit api error (code=%d msg=%s)", resp.Code, resp.Msg) } return nil @@ -186,6 +195,7 @@ func (c *FeishuChannel) SendPlaceholder(ctx context.Context, chatID string) (str return "", fmt.Errorf("feishu placeholder send: %w", err) } if !resp.Success() { + c.invalidateTokenOnAuthError(resp.Code) return "", fmt.Errorf("feishu placeholder api error (code=%d msg=%s)", resp.Code, resp.Msg) } @@ -226,6 +236,7 @@ func (c *FeishuChannel) ReactToMessage(ctx context.Context, chatID, messageID st return func() {}, fmt.Errorf("feishu react: %w", err) } if !resp.Success() { + c.invalidateTokenOnAuthError(resp.Code) logger.ErrorCF("feishu", "Reaction API error", map[string]any{ "emoji": chosenEmoji, "message_id": messageID, @@ -451,6 +462,7 @@ func (c *FeishuChannel) fetchBotOpenID(ctx context.Context) error { return fmt.Errorf("bot info parse: %w", err) } if result.Code != 0 { + c.invalidateTokenOnAuthError(result.Code) return fmt.Errorf("bot info api error (code=%d)", result.Code) } if result.Bot.OpenID == "" { @@ -593,6 +605,7 @@ func (c *FeishuChannel) downloadResource( return "" } if !resp.Success() { + c.invalidateTokenOnAuthError(resp.Code) logger.ErrorCF("feishu", "Resource download api error", map[string]any{ "code": resp.Code, "msg": resp.Msg, @@ -705,6 +718,7 @@ func (c *FeishuChannel) sendCard(ctx context.Context, chatID, cardContent string } if !resp.Success() { + c.invalidateTokenOnAuthError(resp.Code) return fmt.Errorf("feishu api error (code=%d msg=%s): %w", resp.Code, resp.Msg, channels.ErrTemporary) } @@ -730,6 +744,7 @@ func (c *FeishuChannel) sendImage(ctx context.Context, chatID string, file *os.F return fmt.Errorf("feishu image upload: %w", err) } if !uploadResp.Success() { + c.invalidateTokenOnAuthError(uploadResp.Code) return fmt.Errorf("feishu image upload api error (code=%d msg=%s)", uploadResp.Code, uploadResp.Msg) } if uploadResp.Data == nil || uploadResp.Data.ImageKey == nil { @@ -754,6 +769,7 @@ func (c *FeishuChannel) sendImage(ctx context.Context, chatID string, file *os.F return fmt.Errorf("feishu image send: %w", err) } if !resp.Success() { + c.invalidateTokenOnAuthError(resp.Code) return fmt.Errorf("feishu image send api error (code=%d msg=%s)", resp.Code, resp.Msg) } return nil @@ -784,6 +800,7 @@ func (c *FeishuChannel) sendFile(ctx context.Context, chatID string, file *os.Fi return fmt.Errorf("feishu file upload: %w", err) } if !uploadResp.Success() { + c.invalidateTokenOnAuthError(uploadResp.Code) return fmt.Errorf("feishu file upload api error (code=%d msg=%s)", uploadResp.Code, uploadResp.Msg) } if uploadResp.Data == nil || uploadResp.Data.FileKey == nil { @@ -808,6 +825,7 @@ func (c *FeishuChannel) sendFile(ctx context.Context, chatID string, file *os.Fi return fmt.Errorf("feishu file send: %w", err) } if !resp.Success() { + c.invalidateTokenOnAuthError(resp.Code) return fmt.Errorf("feishu file send api error (code=%d msg=%s)", resp.Code, resp.Msg) } return nil @@ -830,3 +848,14 @@ func extractFeishuSenderID(sender *larkim.EventSender) string { return "" } + +// invalidateTokenOnAuthError clears the cached tenant_access_token when the +// Feishu API reports it as invalid (99991663), so the next request fetches a +// fresh one. The Lark SDK's built-in retry does not clear the cache, causing +// all API calls to fail until the token naturally expires (~2 hours). +func (c *FeishuChannel) invalidateTokenOnAuthError(code int) { + if code == errCodeTenantTokenInvalid { + c.tokenCache.InvalidateAll() + logger.WarnCF("feishu", "Invalidated cached token due to auth error", nil) + } +} diff --git a/pkg/channels/feishu/token_cache.go b/pkg/channels/feishu/token_cache.go new file mode 100644 index 000000000..00acbc084 --- /dev/null +++ b/pkg/channels/feishu/token_cache.go @@ -0,0 +1,52 @@ +package feishu + +import ( + "context" + "sync" + "time" +) + +// tokenCache implements larkcore.Cache with an extra InvalidateAll method. +// This works around a bug in the Lark SDK v3 where the built-in token retry +// loop does not clear stale tokens from cache on auth errors. +type tokenCache struct { + mu sync.RWMutex + store map[string]*tokenEntry +} + +type tokenEntry struct { + value string + expireAt time.Time +} + +func newTokenCache() *tokenCache { + return &tokenCache{store: make(map[string]*tokenEntry)} +} + +func (c *tokenCache) Set(_ context.Context, key, value string, ttl time.Duration) error { + c.mu.Lock() + defer c.mu.Unlock() + c.store[key] = &tokenEntry{value: value, expireAt: time.Now().Add(ttl)} + return nil +} + +func (c *tokenCache) Get(_ context.Context, key string) (string, error) { + c.mu.Lock() + defer c.mu.Unlock() + e, ok := c.store[key] + if !ok { + return "", nil + } + if e.expireAt.Before(time.Now()) { + delete(c.store, key) + return "", nil + } + return e.value, nil +} + +// InvalidateAll removes all cached tokens, forcing fresh acquisition. +func (c *tokenCache) InvalidateAll() { + c.mu.Lock() + defer c.mu.Unlock() + clear(c.store) +} From 12f402961043692eadc27ac89c484c45b6604edd Mon Sep 17 00:00:00 2001 From: Alexander <59264285+Alexandersfg4@users.noreply.github.com> Date: Wed, 18 Mar 2026 16:29:21 +0300 Subject: [PATCH 23/24] feat: telegram use parse mode ModeMarkdownV2 instead of ModeHTML (#1018) * feat: telegram use parse mode ModeMarkdownV2 instead of ModeHTML * handle expandable block quotation starts, add test for all md2 formats * fix: linter issue * feat: added flag use_markdown_v2, corrected config, updated documentation * move parseChatID to parser_markdown_to_html * fix: tests and linter issues * fix: case with ~ * test: fixed Test_markdownToTelegramMarkdownV2 * fix: regex block-quote line > * fix: linter issues * fix: send chunk param mismatched, in edit msg use HTML parse mode too * fix: remove from .gitignore redundant comment --- .gitignore | 3 + config/config.example.json | 5 +- docs/chat-apps.md | 6 +- .../telegram/parse_markdown_to_md_v2.go | 197 +++++++++++++++++ .../telegram/parse_markdown_to_md_v2_test.go | 68 ++++++ .../telegram/parser_markdown_to_html.go | 111 ++++++++++ pkg/channels/telegram/telegram.go | 205 +++++++----------- pkg/channels/telegram/telegram_test.go | 2 + .../telegram/testdata/md2_all_formats.txt | 31 +++ pkg/config/config.go | 1 + pkg/config/defaults.go | 1 + .../sources/openclaw/openclaw_config.go | 26 ++- 12 files changed, 517 insertions(+), 139 deletions(-) create mode 100644 pkg/channels/telegram/parse_markdown_to_md_v2.go create mode 100644 pkg/channels/telegram/parse_markdown_to_md_v2_test.go create mode 100644 pkg/channels/telegram/parser_markdown_to_html.go create mode 100644 pkg/channels/telegram/testdata/md2_all_formats.txt diff --git a/.gitignore b/.gitignore index 61fe494ca..8ba6a45fe 100644 --- a/.gitignore +++ b/.gitignore @@ -52,6 +52,9 @@ dist/ # Windows Application Icon/Resource *.syso +# Test telegram integration +cmd/telegram/ + # Keep embedded backend dist directory placeholder in VCS !web/backend/dist/ web/backend/dist/* diff --git a/config/config.example.json b/config/config.example.json index 350f085d0..167ba7d59 100644 --- a/config/config.example.json +++ b/config/config.example.json @@ -78,9 +78,8 @@ "token": "YOUR_TELEGRAM_BOT_TOKEN", "base_url": "", "proxy": "", - "allow_from": [ - "YOUR_USER_ID" - ], + "allow_from": ["YOUR_USER_ID"], + "use_markdown_v2": false, "reasoning_channel_id": "" }, "discord": { diff --git a/docs/chat-apps.md b/docs/chat-apps.md index 6f700d6c1..05afc7f33 100644 --- a/docs/chat-apps.md +++ b/docs/chat-apps.md @@ -42,7 +42,8 @@ Talk to your picoclaw through Telegram, Discord, WhatsApp, Matrix, QQ, DingTalk, "telegram": { "enabled": true, "token": "YOUR_BOT_TOKEN", - "allow_from": ["YOUR_USER_ID"] + "allow_from": ["YOUR_USER_ID"], + "use_markdown_v2": false, } } } @@ -63,6 +64,9 @@ Telegram command menu registration remains channel-local discovery UX; generic c If command registration fails (network/API transient errors), the channel still starts and PicoClaw retries registration in the background. +**4. Advanced Formatting** +You can set use_markdown_v2: true to enable enhanced formatting options. This allows the bot to utilize the full range of Telegram MarkdownV2 features, including nested styles, spoilers, and custom fixed-width blocks. +

diff --git a/pkg/channels/telegram/parse_markdown_to_md_v2.go b/pkg/channels/telegram/parse_markdown_to_md_v2.go new file mode 100644 index 000000000..8cae312c5 --- /dev/null +++ b/pkg/channels/telegram/parse_markdown_to_md_v2.go @@ -0,0 +1,197 @@ +package telegram + +import ( + "regexp" + "strings" +) + +// mdV2SpecialChars are all characters that must be escaped in Telegram MarkdownV2 +var mdV2SpecialChars = map[rune]bool{ + '*': true, + '_': true, + '[': true, + ']': true, + '(': true, + ')': true, + '~': true, + '`': true, + '>': true, + '<': true, + '#': true, + '+': true, + '-': true, + '=': true, + '|': true, + '{': true, + '}': true, + '.': true, + '!': true, + '\\': true, +} + +// entityPattern describes one Telegram MarkdownV2 inline entity type. +type entityPattern struct { + re *regexp.Regexp + open string + close string +} + +// allEntityPatterns lists every recognized entity in priority order +// (longer / more-specific delimiters first so they win over shorter ones). +// Each entry's regex is anchored to find the first occurrence in a string. +var allEntityPatterns = []entityPattern{ + // fenced code block — content is completely verbatim + {re: regexp.MustCompile("(?s)```(?:[\\w]*\\n)?[\\s\\S]*?```"), open: "```", close: "```"}, + // inline code — content is completely verbatim + {re: regexp.MustCompile("`(?:[^`\\\n]|\\\\.)*`"), open: "`", close: "`"}, + // expandable block-quote opener **>… + {re: regexp.MustCompile(`(?m)\*\*>(?:[^\n]*)`), open: "**>", close: ""}, + // block-quote line >… + {re: regexp.MustCompile(`(?m)^>(?:[^\n]*)`), open: ">", close: ""}, + // custom emoji / timestamp ![…](…) — must come before plain link + {re: regexp.MustCompile(`!\[[^\]]*\]\([^)]*\)`), open: "!", close: ""}, + // inline URL / user mention […](…) + {re: regexp.MustCompile(`\[[^\]]*\]\([^)]*\)`), open: "[", close: ""}, + // spoiler ||…|| — before single | so it wins + {re: regexp.MustCompile(`\|\|(?:[^|\\\n]|\\.)*\|\|`), open: "||", close: "||"}, + // underline __…__ — before single _ so it wins + {re: regexp.MustCompile(`__(?:[^_\\\n]|\\.)*__`), open: "__", close: "__"}, + // bold *…* + {re: regexp.MustCompile(`\*(?:[^*\\\n]|\\.)*\*`), open: "*", close: "*"}, + // italic _…_ + {re: regexp.MustCompile(`_(?:[^_\\\n]|\\.)*_`), open: "_", close: "_"}, + // strikethrough ~…~ + {re: regexp.MustCompile(`~(?:[^~\\\n]|\\.)*~`), open: "~", close: "~"}, +} + +// verbatimEntities are entity types whose inner content must never be +// touched (code blocks, URLs, quotes, custom emoji). +// Their content is passed through completely unchanged. +var verbatimEntities = map[string]bool{ + "```": true, + "`": true, + "**>": true, + ">": true, + "!": true, + "[": true, +} + +// markdownToTelegramMarkdownV2 converts a Markdown string into a string safe +// for sending with Telegram's MarkdownV2 parse mode. +// +// Rules: +// - Markdown headings (# … ######) are converted to *bold*. +// - **bold** Markdown syntax is converted to *bold*. +// - Recognized Telegram MarkdownV2 entity spans are preserved; their inner +// content is processed recursively so that nested valid entities are kept +// intact while stray special characters are escaped. +// - All plain-text segments have their MarkdownV2 special characters escaped. +// +// Reference: https://core.telegram.org/bots/api#formatting-options +func markdownToTelegramMarkdownV2(text string) string { + // 1. Convert Markdown headings → *escaped heading text* + text = reHeading.ReplaceAllStringFunc(text, func(match string) string { + sub := reHeading.FindStringSubmatch(match) + if len(sub) < 2 { + return match + } + // The heading content is fresh plain text — escape everything + // including * so the resulting *…* bold span stays valid. + return "*" + escapeMarkdownV2(sub[1]) + "*" + }) + + // 2. Convert **bold** → *bold* + text = reBoldStar.ReplaceAllString(text, "*$1*") + + // 3. Recursively escape the full string. + return processText(text) +} + +// processText walks `text`, finds the leftmost / longest matching entity, +// escapes the gap before it, processes the entity (recursing into its inner +// content when appropriate), then continues with the remainder. +func processText(text string) string { + if text == "" { + return "" + } + + // Find the leftmost match among all entity patterns. + bestStart := -1 + bestEnd := -1 + var bestPat *entityPattern + + for i := range allEntityPatterns { + p := &allEntityPatterns[i] + loc := p.re.FindStringIndex(text) + if loc == nil { + continue + } + if bestStart == -1 || loc[0] < bestStart || + (loc[0] == bestStart && (loc[1]-loc[0]) > (bestEnd-bestStart)) { + bestStart = loc[0] + bestEnd = loc[1] + bestPat = p + } + } + + if bestPat == nil { + // No entity found — escape everything. + return escapeMarkdownV2(text) + } + + var b strings.Builder + + // Plain text before the entity. + if bestStart > 0 { + b.WriteString(escapeMarkdownV2(text[:bestStart])) + } + + // The matched entity span. + matched := text[bestStart:bestEnd] + + if verbatimEntities[bestPat.open] { + // Code blocks, URLs, quotes: pass through completely untouched. + b.WriteString(matched) + } else { + // Inline formatting (bold, italic, underline, strikethrough, spoiler): + // keep the delimiters and recursively process the inner content so that + // nested entities survive but stray specials get escaped. + openLen := len(bestPat.open) + closeLen := len(bestPat.close) + inner := matched[openLen : len(matched)-closeLen] + + b.WriteString(bestPat.open) + b.WriteString(processText(inner)) + b.WriteString(bestPat.close) + } + + // Continue with the remainder of the string. + b.WriteString(processText(text[bestEnd:])) + + return b.String() +} + +// escapeMarkdownV2 escapes every MarkdownV2 special character in a plain-text +// segment (i.e. a segment that is not part of any recognized entity). +// Already-escaped sequences (backslash + char) are forwarded verbatim to avoid +// double-escaping. +func escapeMarkdownV2(s string) string { + var b strings.Builder + b.Grow(len(s) + 8) + runes := []rune(s) + for i := 0; i < len(runes); i++ { + ch := runes[i] + // Forward an existing escape sequence verbatim. + if ch == '\\' && i+1 < len(runes) { + b.WriteRune(ch) + b.WriteRune(runes[i+1]) + i++ + continue + } + if mdV2SpecialChars[ch] { + b.WriteByte('\\') + } + b.WriteRune(ch) + } + return b.String() +} diff --git a/pkg/channels/telegram/parse_markdown_to_md_v2_test.go b/pkg/channels/telegram/parse_markdown_to_md_v2_test.go new file mode 100644 index 000000000..fd68a9b83 --- /dev/null +++ b/pkg/channels/telegram/parse_markdown_to_md_v2_test.go @@ -0,0 +1,68 @@ +package telegram + +import ( + _ "embed" + "testing" + + "github.com/stretchr/testify/require" +) + +//go:embed testdata/md2_all_formats.txt +var md2AllFormats string + +func Test_markdownToTelegramMarkdownV2(t *testing.T) { + cases := []struct { + name string + input string + expected string + }{ + { + name: "heading -> bolding", + input: `## HeadingH2 #`, + expected: "*HeadingH2 \\#*", + }, + { + name: "strikethrough", + input: "~strikethroughMD~", + expected: "~strikethroughMD~", + }, + { + name: "inline URL", + input: "[inline URL](http://www.example.com/)", + expected: "[inline URL](http://www.example.com/)", + }, + { + name: "all telegram formats", + input: md2AllFormats, + expected: md2AllFormats, + }, + { + name: "empty", + input: "", + expected: "", + }, + { + name: "one letter", + input: "o", + expected: "o", + }, + { + name: "", + input: "*Last update: ~10 24h*", + expected: "*Last update: \\~10 24h*", + }, + { + name: "", + input: "", + expected: "\\", + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + actual := markdownToTelegramMarkdownV2(tc.input) + + require.EqualValues(t, tc.expected, actual) + }) + } +} diff --git a/pkg/channels/telegram/parser_markdown_to_html.go b/pkg/channels/telegram/parser_markdown_to_html.go new file mode 100644 index 000000000..bdaa51807 --- /dev/null +++ b/pkg/channels/telegram/parser_markdown_to_html.go @@ -0,0 +1,111 @@ +package telegram + +import ( + "fmt" + "strings" +) + +func markdownToTelegramHTML(text string) string { + if text == "" { + return "" + } + + codeBlocks := extractCodeBlocks(text) + text = codeBlocks.text + + inlineCodes := extractInlineCodes(text) + text = inlineCodes.text + + text = reHeading.ReplaceAllString(text, "$1") + + text = reBlockquote.ReplaceAllString(text, "$1") + + text = escapeHTML(text) + + text = reLink.ReplaceAllString(text, `$1`) + + text = reBoldStar.ReplaceAllString(text, "$1") + + text = reBoldUnder.ReplaceAllString(text, "$1") + + text = reItalic.ReplaceAllStringFunc(text, func(s string) string { + match := reItalic.FindStringSubmatch(s) + if len(match) < 2 { + return s + } + return "" + match[1] + "" + }) + + text = reStrike.ReplaceAllString(text, "$1") + + text = reListItem.ReplaceAllString(text, "• ") + + for i, code := range inlineCodes.codes { + escaped := escapeHTML(code) + text = strings.ReplaceAll(text, fmt.Sprintf("\x00IC%d\x00", i), fmt.Sprintf("%s", escaped)) + } + + for i, code := range codeBlocks.codes { + escaped := escapeHTML(code) + text = strings.ReplaceAll( + text, + fmt.Sprintf("\x00CB%d\x00", i), + fmt.Sprintf("
%s
", escaped), + ) + } + + return text +} + +type codeBlockMatch struct { + text string + codes []string +} + +func extractCodeBlocks(text string) codeBlockMatch { + matches := reCodeBlock.FindAllStringSubmatch(text, -1) + + codes := make([]string, 0, len(matches)) + for _, match := range matches { + codes = append(codes, match[1]) + } + + i := 0 + text = reCodeBlock.ReplaceAllStringFunc(text, func(m string) string { + placeholder := fmt.Sprintf("\x00CB%d\x00", i) + i++ + return placeholder + }) + + return codeBlockMatch{text: text, codes: codes} +} + +type inlineCodeMatch struct { + text string + codes []string +} + +func extractInlineCodes(text string) inlineCodeMatch { + matches := reInlineCode.FindAllStringSubmatch(text, -1) + + codes := make([]string, 0, len(matches)) + for _, match := range matches { + codes = append(codes, match[1]) + } + + i := 0 + text = reInlineCode.ReplaceAllStringFunc(text, func(m string) string { + placeholder := fmt.Sprintf("\x00IC%d\x00", i) + i++ + return placeholder + }) + + return inlineCodeMatch{text: text, codes: codes} +} + +func escapeHTML(text string) string { + text = strings.ReplaceAll(text, "&", "&") + text = strings.ReplaceAll(text, "<", "<") + text = strings.ReplaceAll(text, ">", ">") + return text +} diff --git a/pkg/channels/telegram/telegram.go b/pkg/channels/telegram/telegram.go index e33f46042..9d0325093 100644 --- a/pkg/channels/telegram/telegram.go +++ b/pkg/channels/telegram/telegram.go @@ -27,7 +27,7 @@ import ( ) var ( - reHeading = regexp.MustCompile(`^#{1,6}\s+(.+)$`) + reHeading = regexp.MustCompile(`(?m)^#{1,6}\s+([^\n]+)`) reBlockquote = regexp.MustCompile(`^>\s*(.*)$`) reLink = regexp.MustCompile(`\[([^\]]+)\]\(([^)]+)\)`) reBoldStar = regexp.MustCompile(`\*\*(.+?)\*\*`) @@ -170,6 +170,8 @@ func (c *TelegramChannel) Send(ctx context.Context, msg bus.OutboundMessage) err return channels.ErrNotRunning } + useMarkdownV2 := c.config.Channels.Telegram.UseMarkdownV2 + chatID, threadID, err := parseTelegramChatID(msg.ChatID) if err != nil { return fmt.Errorf("invalid chat ID %s: %w", msg.ChatID, channels.ErrSendFailed) @@ -188,11 +190,11 @@ func (c *TelegramChannel) Send(ctx context.Context, msg bus.OutboundMessage) err chunk := queue[0] queue = queue[1:] - htmlContent := markdownToTelegramHTML(chunk) + content := parseContent(chunk, useMarkdownV2) - if len([]rune(htmlContent)) > 4096 { + if len([]rune(content)) > 4096 { runeChunk := []rune(chunk) - ratio := float64(len(runeChunk)) / float64(len([]rune(htmlContent))) + ratio := float64(len(runeChunk)) / float64(len([]rune(content))) smallerLen := int(float64(4096) * ratio * 0.95) // 5% safety margin // Guarantee progress: if estimated length is >= chunk length, force it smaller @@ -201,7 +203,14 @@ func (c *TelegramChannel) Send(ctx context.Context, msg bus.OutboundMessage) err } if smallerLen <= 0 { - if err := c.sendHTMLChunk(ctx, chatID, threadID, htmlContent, chunk, replyToID); err != nil { + if err := c.sendChunk(ctx, sendChunkParams{ + chatID: chatID, + threadID: threadID, + content: content, + replyToID: replyToID, + mdFallback: chunk, + useMarkdownV2: useMarkdownV2, + }); err != nil { return err } replyToID = "" @@ -232,7 +241,14 @@ func (c *TelegramChannel) Send(ctx context.Context, msg bus.OutboundMessage) err continue } - if err := c.sendHTMLChunk(ctx, chatID, threadID, htmlContent, chunk, replyToID); err != nil { + if err := c.sendChunk(ctx, sendChunkParams{ + chatID: chatID, + threadID: threadID, + content: content, + replyToID: replyToID, + mdFallback: chunk, + useMarkdownV2: useMarkdownV2, + }); err != nil { return err } // Only the first chunk should be a reply; subsequent chunks are normal messages. @@ -242,17 +258,31 @@ func (c *TelegramChannel) Send(ctx context.Context, msg bus.OutboundMessage) err return nil } -// sendHTMLChunk sends a single HTML message, falling back to the original -// markdown as plain text on parse failure so users never see raw HTML tags. -func (c *TelegramChannel) sendHTMLChunk( - ctx context.Context, chatID int64, threadID int, htmlContent, mdFallback string, replyToID string, -) error { - tgMsg := tu.Message(tu.ID(chatID), htmlContent) - tgMsg.ParseMode = telego.ModeHTML - tgMsg.MessageThreadID = threadID +type sendChunkParams struct { + chatID int64 + threadID int + content string + replyToID string + mdFallback string + useMarkdownV2 bool +} - if replyToID != "" { - if mid, parseErr := strconv.Atoi(replyToID); parseErr == nil { +// sendChunk sends a single HTML/MarkdownV2 message, falling back to the original +// markdown as plain text on parse failure so users never see raw HTML/MarkdownV2 tags. +func (c *TelegramChannel) sendChunk( + ctx context.Context, + params sendChunkParams, +) error { + tgMsg := tu.Message(tu.ID(params.chatID), params.content) + tgMsg.MessageThreadID = params.threadID + if params.useMarkdownV2 { + tgMsg.WithParseMode(telego.ModeMarkdownV2) + } else { + tgMsg.WithParseMode(telego.ModeHTML) + } + + if params.replyToID != "" { + if mid, parseErr := strconv.Atoi(params.replyToID); parseErr == nil { tgMsg.ReplyParameters = &telego.ReplyParameters{ MessageID: mid, } @@ -260,15 +290,15 @@ func (c *TelegramChannel) sendHTMLChunk( } if _, err := c.bot.SendMessage(ctx, tgMsg); err != nil { - logger.ErrorCF("telegram", "HTML parse failed, falling back to plain text", map[string]any{ - "error": err.Error(), - }) - tgMsg.Text = mdFallback + logParseFailed(err, params.useMarkdownV2) + + tgMsg.Text = params.mdFallback tgMsg.ParseMode = "" if _, err = c.bot.SendMessage(ctx, tgMsg); err != nil { return fmt.Errorf("telegram send: %w", channels.ErrTemporary) } } + return nil } @@ -309,6 +339,7 @@ func (c *TelegramChannel) StartTyping(ctx context.Context, chatID string) (func( // EditMessage implements channels.MessageEditor. func (c *TelegramChannel) EditMessage(ctx context.Context, chatID string, messageID string, content string) error { + useMarkdownV2 := c.config.Channels.Telegram.UseMarkdownV2 cid, _, err := parseTelegramChatID(chatID) if err != nil { return err @@ -317,10 +348,19 @@ func (c *TelegramChannel) EditMessage(ctx context.Context, chatID string, messag if err != nil { return err } - htmlContent := markdownToTelegramHTML(content) - editMsg := tu.EditMessageText(tu.ID(cid), mid, htmlContent) - editMsg.ParseMode = telego.ModeHTML + parsedContent := parseContent(content, useMarkdownV2) + editMsg := tu.EditMessageText(tu.ID(cid), mid, parsedContent) + if useMarkdownV2 { + editMsg.WithParseMode(telego.ModeMarkdownV2) + } else { + editMsg.WithParseMode(telego.ModeHTML) + } _, err = c.bot.EditMessageText(ctx, editMsg) + if err != nil { + logParseFailed(err, useMarkdownV2) + _, err = c.bot.EditMessageText(ctx, tu.EditMessageText(tu.ID(cid), mid, content)) + } + return err } @@ -668,6 +708,14 @@ func (c *TelegramChannel) downloadFile(ctx context.Context, fileID, ext string) return c.downloadFileWithInfo(file, ext) } +func parseContent(text string, useMarkdownV2 bool) string { + if useMarkdownV2 { + return markdownToTelegramMarkdownV2(text) + } + + return markdownToTelegramHTML(text) +} + // parseTelegramChatID splits "chatID/threadID" into its components. // Returns threadID=0 when no "/" is present (non-forum messages). func parseTelegramChatID(chatID string) (int64, int, error) { @@ -687,109 +735,18 @@ func parseTelegramChatID(chatID string) (int64, int, error) { return cid, tid, nil } -func markdownToTelegramHTML(text string) string { - if text == "" { - return "" +func logParseFailed(err error, useMarkdownV2 bool) { + parsingName := "HTML" + if useMarkdownV2 { + parsingName = "MarkdownV2" } - codeBlocks := extractCodeBlocks(text) - text = codeBlocks.text - - inlineCodes := extractInlineCodes(text) - text = inlineCodes.text - - text = reHeading.ReplaceAllString(text, "$1") - - text = reBlockquote.ReplaceAllString(text, "$1") - - text = escapeHTML(text) - - text = reLink.ReplaceAllString(text, `$1`) - - text = reBoldStar.ReplaceAllString(text, "$1") - - text = reBoldUnder.ReplaceAllString(text, "$1") - - text = reItalic.ReplaceAllStringFunc(text, func(s string) string { - match := reItalic.FindStringSubmatch(s) - if len(match) < 2 { - return s - } - return "" + match[1] + "" - }) - - text = reStrike.ReplaceAllString(text, "$1") - - text = reListItem.ReplaceAllString(text, "• ") - - for i, code := range inlineCodes.codes { - escaped := escapeHTML(code) - text = strings.ReplaceAll(text, fmt.Sprintf("\x00IC%d\x00", i), fmt.Sprintf("%s", escaped)) - } - - for i, code := range codeBlocks.codes { - escaped := escapeHTML(code) - text = strings.ReplaceAll( - text, - fmt.Sprintf("\x00CB%d\x00", i), - fmt.Sprintf("
%s
", escaped), - ) - } - - return text -} - -type codeBlockMatch struct { - text string - codes []string -} - -func extractCodeBlocks(text string) codeBlockMatch { - matches := reCodeBlock.FindAllStringSubmatch(text, -1) - - codes := make([]string, 0, len(matches)) - for _, match := range matches { - codes = append(codes, match[1]) - } - - i := 0 - text = reCodeBlock.ReplaceAllStringFunc(text, func(m string) string { - placeholder := fmt.Sprintf("\x00CB%d\x00", i) - i++ - return placeholder - }) - - return codeBlockMatch{text: text, codes: codes} -} - -type inlineCodeMatch struct { - text string - codes []string -} - -func extractInlineCodes(text string) inlineCodeMatch { - matches := reInlineCode.FindAllStringSubmatch(text, -1) - - codes := make([]string, 0, len(matches)) - for _, match := range matches { - codes = append(codes, match[1]) - } - - i := 0 - text = reInlineCode.ReplaceAllStringFunc(text, func(m string) string { - placeholder := fmt.Sprintf("\x00IC%d\x00", i) - i++ - return placeholder - }) - - return inlineCodeMatch{text: text, codes: codes} -} - -func escapeHTML(text string) string { - text = strings.ReplaceAll(text, "&", "&") - text = strings.ReplaceAll(text, "<", "<") - text = strings.ReplaceAll(text, ">", ">") - return text + logger.ErrorCF("telegram", + fmt.Sprintf("%s parse failed, falling back to plain text", parsingName), + map[string]any{ + "error": err.Error(), + }, + ) } // isBotMentioned checks if the bot is mentioned in the message via entities. diff --git a/pkg/channels/telegram/telegram_test.go b/pkg/channels/telegram/telegram_test.go index 7ca6b18ff..6bf1077af 100644 --- a/pkg/channels/telegram/telegram_test.go +++ b/pkg/channels/telegram/telegram_test.go @@ -17,6 +17,7 @@ import ( "github.com/sipeed/picoclaw/pkg/bus" "github.com/sipeed/picoclaw/pkg/channels" + "github.com/sipeed/picoclaw/pkg/config" "github.com/sipeed/picoclaw/pkg/media" ) @@ -131,6 +132,7 @@ func newTestChannelWithConstructor( BaseChannel: base, bot: bot, chatIDs: make(map[string]int64), + config: config.DefaultConfig(), } } diff --git a/pkg/channels/telegram/testdata/md2_all_formats.txt b/pkg/channels/telegram/testdata/md2_all_formats.txt new file mode 100644 index 000000000..f78fcc72f --- /dev/null +++ b/pkg/channels/telegram/testdata/md2_all_formats.txt @@ -0,0 +1,31 @@ +*bold \*text* +_italic \*text_ +__underline__ +~strikethrough~ +||spoiler|| +*bold _italic bold ~italic bold strikethrough ||italic bold strikethrough spoiler||~ __underline italic bold___ bold* +[inline URL](http://www.example.com/) +[inline mention of a user](tg://user?id=123456789) +![👍](tg://emoji?id=5368324170671202286) +![22:45 tomorrow](tg://time?unix=1647531900&format=wDT) +![22:45 tomorrow](tg://time?unix=1647531900&format=t) +![22:45 tomorrow](tg://time?unix=1647531900&format=r) +![22:45 tomorrow](tg://time?unix=1647531900) +`inline fixed-width code` +``` +pre-formatted fixed-width code block +``` +```python +pre-formatted fixed-width code block written in the Python programming language +``` +>Block quotation started +>Block quotation continued +>Block quotation continued +>Block quotation continued +>The last line of the block quotation +**>The expandable block quotation started right after the previous block quotation +>It is separated from the previous block quotation by an empty bold entity +>Expandable block quotation continued +>Hidden by default part of the expandable block quotation started +>Expandable block quotation continued +>The last line of the expandable block quotation with the expandability mark|| diff --git a/pkg/config/config.go b/pkg/config/config.go index 79d0196b0..dd4e86319 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -311,6 +311,7 @@ type TelegramConfig struct { Typing TypingConfig `json:"typing,omitempty"` Placeholder PlaceholderConfig `json:"placeholder,omitempty"` ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_TELEGRAM_REASONING_CHANNEL_ID"` + UseMarkdownV2 bool `json:"use_markdown_v2" env:"PICOCLAW_CHANNELS_TELEGRAM_USE_MARKDOWN_V2"` } type FeishuConfig struct { diff --git a/pkg/config/defaults.go b/pkg/config/defaults.go index eca8af1bf..ea1e92dda 100644 --- a/pkg/config/defaults.go +++ b/pkg/config/defaults.go @@ -58,6 +58,7 @@ func DefaultConfig() *Config { Enabled: true, Text: "Thinking... 💭", }, + UseMarkdownV2: false, }, Feishu: FeishuConfig{ Enabled: false, diff --git a/pkg/migrate/sources/openclaw/openclaw_config.go b/pkg/migrate/sources/openclaw/openclaw_config.go index e95c2f3ec..317bd3e84 100644 --- a/pkg/migrate/sources/openclaw/openclaw_config.go +++ b/pkg/migrate/sources/openclaw/openclaw_config.go @@ -132,11 +132,12 @@ type OpenClawChannels struct { } type OpenClawTelegramConfig struct { - BotToken *string `json:"botToken"` - AllowFrom []string `json:"allowFrom"` - GroupPolicy *string `json:"groupPolicy"` - DmPolicy *string `json:"dmPolicy"` - Enabled *bool `json:"enabled"` + BotToken *string `json:"botToken"` + AllowFrom []string `json:"allowFrom"` + GroupPolicy *string `json:"groupPolicy"` + DmPolicy *string `json:"dmPolicy"` + Enabled *bool `json:"enabled"` + UseMarkdownV2 *bool `json:"useMarkdownV2"` } type OpenClawDiscordConfig struct { @@ -645,10 +646,11 @@ type WhatsAppConfig struct { } type TelegramConfig struct { - Enabled bool `json:"enabled"` - Token string `json:"token"` - Proxy string `json:"proxy"` - AllowFrom []string `json:"allow_from"` + Enabled bool `json:"enabled"` + Token string `json:"token"` + Proxy string `json:"proxy"` + AllowFrom []string `json:"allow_from"` + UseMarkdownV2 bool `json:"use_markdown_v2"` } type FeishuConfig struct { @@ -777,9 +779,11 @@ func (c *OpenClawConfig) convertChannels(warnings *[]string) ChannelsConfig { if c.Channels.Telegram != nil { enabled := c.Channels.Telegram.Enabled == nil || *c.Channels.Telegram.Enabled + useMarkdownV2 := c.Channels.Telegram.UseMarkdownV2 != nil && *c.Channels.Telegram.UseMarkdownV2 channels.Telegram = TelegramConfig{ - Enabled: enabled, - AllowFrom: c.Channels.Telegram.AllowFrom, + Enabled: enabled, + AllowFrom: c.Channels.Telegram.AllowFrom, + UseMarkdownV2: useMarkdownV2, } if c.Channels.Telegram.BotToken != nil { channels.Telegram.Token = *c.Channels.Telegram.BotToken From 54654d279403018fdb0e1c6c41519fa8714f3e75 Mon Sep 17 00:00:00 2001 From: "Darren.Zeng" Date: Wed, 18 Mar 2026 21:55:01 +0800 Subject: [PATCH 24/24] fix(anthropic): skip tool calls with empty names to prevent API errors (#1739) When building parameters for Anthropic API calls, tool calls with empty names would cause 400 Bad Request errors with the message: 'tool_use.name: String should have at least 1 character' This fix adds a check to skip tool calls that have empty names, preventing the API error and allowing the conversation to continue normally. Fixes #1658 --- pkg/providers/anthropic/provider.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/providers/anthropic/provider.go b/pkg/providers/anthropic/provider.go index 242ded175..d4ceaab2c 100644 --- a/pkg/providers/anthropic/provider.go +++ b/pkg/providers/anthropic/provider.go @@ -180,6 +180,10 @@ func buildParams( blocks = append(blocks, anthropic.NewTextBlock(msg.Content)) } for _, tc := range msg.ToolCalls { + // Skip tool calls with empty names to avoid API errors + if tc.Name == "" { + continue + } args := tc.Arguments if args == nil && tc.Function != nil && tc.Function.Arguments != "" { if err := json.Unmarshal([]byte(tc.Function.Arguments), &args); err != nil {