AGiXT v1.9.3 Release Notes

New Features

Video and Image Editing (ezLocalai)

• Image editing — New Edit Image with ezLocalai command allows modifying existing images via text prompts using FLUX.2-klein-4B.
• Text-to-video generation — New Generate Video with ezLocalai command creates MP4 videos with synchronized audio from text prompts using LTX-2.3.
• Image-to-video generation — New Image to Video with ezLocalai command animates a starting image into a video guided by a text prompt.
• Video-to-video transformation — New Video to Video with ezLocalai command generates smooth video transitions between start and end frames.
• Upgraded default image generation model from stabilityai/sdxl-turbo (512x512) to unsloth/FLUX.2-klein-4B-GGUF (1024x1024).

Package Tracking

• New Track Package command in essential abilities — automatically detects carrier (UPS, FedEx, USPS, DHL) from tracking number format and scrapes real-time tracking status using Playwright with ship24.com as a universal aggregator.

Multi-Instance Bot Support

• bot_instance_id support — Companies can now deploy multiple bot instances of the same type (e.g., two outreach bots). New bot_instance_id column added to CompanyExtensionSetting with corresponding database migration.
• New /v1/user/deployed-bots endpoint — Lists all deployed bots across companies the user belongs to.
• New /v1/company/{company_id}/bot/{bot_name}/activity endpoint — Retrieves outreach bot activity logs.

Mid-Task User Steering

• The streaming engine now detects new user messages sent during an active agent task and incorporates them as steering instructions into the next continuation iteration. This allows users to redirect or refine agent behavior without waiting for a response to complete.

Improvements

Streaming Engine & Continuation Loop

• Removed step budget from system prompt — The thinking prompt no longer imposes a 20-step limit. Agents can now use as many reasoning steps as needed for complex problems.
• More patient continuation loop — Increased non-answer iteration threshold from 5 to 25 before forcing an <answer> tag, giving agents more time to think and act without premature truncation.
• Relaxed stuck-loop detection — Stuck loop detection now requires 15 consecutive similar iterations (up from 6) with higher thresholds for content size, reducing false positives that cut off legitimate long-running tasks.
• Increased dedup tolerance — Dedup loop detection threshold raised from 2 to 4 consecutive iterations, and dedup recovery prompts trigger after 3 iterations instead of 1.
• Improved continuation prompts — Continuation prompts now encourage thorough work rather than rushing to answer.
• Better error reporting — Streaming inference errors now indicate when all providers have been exhausted.
• Essential commands always available — Core commands (Read File, Modify File, Write to File, List Directory, Search Files, Execute Python Code, Use Terminal, Interact with Webpage, Web Search) are now always included in the available command set when commands are enabled.
• Increased command cap — Maximum available commands raised from 20 to 25.
• Provider rotation for streaming — Streaming inference now properly falls through to provider retry/rotation logic on connection errors, matching non-streaming behavior.

Leaked <interaction> XML Handling

• Added detection and conversion of leaked <interaction> XML (from the web browsing extension's internal browser control protocol) in both the streaming engine and final response processing. respond operations are extracted as plain text answers, done operations are removed, and browser actions are converted to proper <execute> calls.

Workspace & File Path Handling

• Smarter path resolution — safe_join now strips hallucinated absolute prefixes (/workspace/, /agixt/, full host paths, WORKSPACE/agent_*/conv_id/ patterns) that models sometimes prepend to file paths.
• Suffix-based file lookup — When a file path doesn't resolve directly, the workspace is searched for files matching the relative path as a suffix, improving file command reliability.
• Improved workspace context prompt — File listing context now explicitly instructs the agent to use relative paths only, preventing path construction errors.
• Workspace directory listing hardened — Added PermissionError and OSError handling for stat() and iterdir() calls to prevent crashes on inaccessible files/directories.

Outreach Bot

• Redis status publishing — Outreach bots now publish their status to Redis, fixing the issue where bots showed as "Offline" in the UI despite running.
• Auto-enable required commands — When deploying an outreach bot, required commands are automatically enabled on the agent.
• Pause fix — Fixed outreach bot pause functionality that wasn't actually pausing.
• Multiple constructor and syntax fixes — Fixed wrong Agent constructor parameter in _ensure_agent_commands, syntax errors in stop() and get_outreach_bot_activity_log(), wrong impersonate_user import, and broken chat_completions call.
• Activity logging — Added structured activity logging methods for outreach bot operations.
• Sync request checking — Bots can now detect external sync requests.

Authentication & Authorization

• get_user_role returns default role — Now returns role 3 (User) instead of None when no company/role record is found, preventing TypeError exceptions in downstream comparisons.
• Company validation on bot endpoints — Added company validation to all bot management endpoints with diagnostic logging.
• UUID type handling for Postgres — Fixed sentinel UUID type mismatch that caused 500 errors on PostgreSQL by returning native uuid.UUID objects instead of strings for non-SQLite databases.

Security

• Removed AGIXT_API_KEY bypass for admin access — The master API key can no longer be used to impersonate admin users. All authentication now requires valid JWT tokens or Personal Access Tokens (PATs), closing a privilege escalation vector where anyone with the API key had full admin access. (#1679)
• Hardened verify_api_key flow — Simplified and tightened the API key verification logic in ApiClient.py, removing redundant code paths and dead branches that could lead to unintended access.
• Agent access control enforcement — get_agent_commands_only now verifies the requesting user has access to the agent before returning command data.

Bug Fixes

• Fixed ezlocalai environment variable handling — now checks EZLOCALAI_URI (standard) before EZLOCALAI_URL (legacy), and handles URLs that already contain /v1/ to prevent double-pathing.
• Fixed get_db_session usage for proper database rollback and UUID validation in bot enablement.
• Suppressed onnxruntime GPU device discovery warnings in containers without GPUs by setting ORT_LOG_LEVEL to ERROR.
• Reduced log spam from decryption warnings — decrypt_config_value now logs only once per process instead of on every failed decryption attempt.
• Added granular error handling to enable_company_bot to surface actual exceptions instead of generic 500 errors.

CI/CD

• Updated build-and-test workflow.
• Removed todos workflow.

Dependencies

• Updated requests and safeexecute packages.
• Updated docker-requirements.txt and requirements.txt.