From 4df5b7bde7ba548364b75ddce7a91ef6d5ecf5e4 Mon Sep 17 00:00:00 2001 From: Abhimanyu Yadav <122007096+Abhi1992002@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:52:01 +0530 Subject: [PATCH 1/5] refactor(frontend): remove defaultExpanded prop from ToolAccordion components (#12054) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Changes - Removed `defaultExpanded` prop from `ToolAccordion` in CreateAgent, EditAgent, RunAgent, and RunBlock components to streamline the code and improve readability. ### Impact - This refactor enhances maintainability by reducing complexity in the component structure while preserving existing functionality. ### Changes 🏗️ - Removed conditional expansion logic from all tool components - Simplified ToolAccordion implementation across all affected components ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Create and run agents with various tools to verify accordion behavior works correctly - [x] Verify that UI components expand and collapse as expected - [x] Test with different output types to ensure proper rendering --------- Co-authored-by: Ubbe Co-authored-by: Lluis Agusti --- .../app/(platform)/copilot/CopilotPage.tsx | 8 +++-- .../ChatMessagesContainer.tsx | 6 ++-- .../components/ChatSidebar/ChatSidebar.tsx | 4 +-- .../ScaleLoader/ScaleLoader.module.css | 35 +++++++++++++++++++ .../components/ScaleLoader/ScaleLoader.tsx | 16 +++++++++ .../copilot/tools/CreateAgent/CreateAgent.tsx | 18 +++++----- .../copilot/tools/EditAgent/EditAgent.tsx | 5 +-- .../copilot/tools/RunAgent/RunAgent.tsx | 9 +---- .../copilot/tools/RunAgent/helpers.tsx | 6 ++-- .../copilot/tools/RunBlock/RunBlock.tsx | 8 +---- .../copilot/tools/RunBlock/helpers.tsx | 6 ++-- 11 files changed, 79 insertions(+), 42 deletions(-) create mode 100644 autogpt_platform/frontend/src/app/(platform)/copilot/components/ScaleLoader/ScaleLoader.module.css create mode 100644 autogpt_platform/frontend/src/app/(platform)/copilot/components/ScaleLoader/ScaleLoader.tsx diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/CopilotPage.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/CopilotPage.tsx index cd1033f535..0d403b1a79 100644 --- a/autogpt_platform/frontend/src/app/(platform)/copilot/CopilotPage.tsx +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/CopilotPage.tsx @@ -1,11 +1,11 @@ "use client"; -import { LoadingSpinner } from "@/components/atoms/LoadingSpinner/LoadingSpinner"; import { SidebarProvider } from "@/components/ui/sidebar"; import { ChatContainer } from "./components/ChatContainer/ChatContainer"; import { ChatSidebar } from "./components/ChatSidebar/ChatSidebar"; import { MobileDrawer } from "./components/MobileDrawer/MobileDrawer"; import { MobileHeader } from "./components/MobileHeader/MobileHeader"; +import { ScaleLoader } from "./components/ScaleLoader/ScaleLoader"; import { useCopilotPage } from "./useCopilotPage"; export function CopilotPage() { @@ -34,7 +34,11 @@ export function CopilotPage() { } = useCopilotPage(); if (isUserLoading || !isLoggedIn) { - return ; + return ( +
+ +
+ ); } return ( diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/ChatMessagesContainer.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/ChatMessagesContainer.tsx index 0867ede5a4..4578b268e3 100644 --- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/ChatMessagesContainer.tsx +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/ChatMessagesContainer.tsx @@ -143,10 +143,10 @@ export const ChatMessagesContainer = ({ return ( - + {isLoading && messages.length === 0 && ( -
- +
+
)} {messages.map((message, messageIndex) => { diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatSidebar/ChatSidebar.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatSidebar/ChatSidebar.tsx index 8a48cb66c2..6b7398b4ba 100644 --- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatSidebar/ChatSidebar.tsx +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatSidebar/ChatSidebar.tsx @@ -121,8 +121,8 @@ export function ChatSidebar() { className="mt-4 flex flex-col gap-1" > {isLoadingSessions ? ( -
- +
+
) : sessions.length === 0 ? (

diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ScaleLoader/ScaleLoader.module.css b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ScaleLoader/ScaleLoader.module.css new file mode 100644 index 0000000000..3e7e71d66b --- /dev/null +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ScaleLoader/ScaleLoader.module.css @@ -0,0 +1,35 @@ +.loader { + width: 48px; + height: 48px; + display: inline-block; + position: relative; +} + +.loader::after, +.loader::before { + content: ""; + box-sizing: border-box; + width: 100%; + height: 100%; + border-radius: 50%; + background: currentColor; + position: absolute; + left: 0; + top: 0; + animation: animloader 2s linear infinite; +} + +.loader::after { + animation-delay: 1s; +} + +@keyframes animloader { + 0% { + transform: scale(0); + opacity: 1; + } + 100% { + transform: scale(1); + opacity: 0; + } +} diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ScaleLoader/ScaleLoader.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ScaleLoader/ScaleLoader.tsx new file mode 100644 index 0000000000..a395b21319 --- /dev/null +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ScaleLoader/ScaleLoader.tsx @@ -0,0 +1,16 @@ +import { cn } from "@/lib/utils"; +import styles from "./ScaleLoader.module.css"; + +interface Props { + size?: number; + className?: string; +} + +export function ScaleLoader({ size = 48, className }: Props) { + return ( +

+ ); +} diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/CreateAgent/CreateAgent.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/CreateAgent/CreateAgent.tsx index 5dc2f40dfe..0d023d0529 100644 --- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/CreateAgent/CreateAgent.tsx +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/CreateAgent/CreateAgent.tsx @@ -49,12 +49,7 @@ interface Props { part: CreateAgentToolPart; } -function getAccordionMeta(output: CreateAgentToolOutput): { - icon: React.ReactNode; - title: React.ReactNode; - titleClassName?: string; - description?: string; -} { +function getAccordionMeta(output: CreateAgentToolOutput) { const icon = ; if (isAgentSavedOutput(output)) { @@ -73,6 +68,7 @@ function getAccordionMeta(output: CreateAgentToolOutput): { icon, title: "Needs clarification", description: `${questions.length} question${questions.length === 1 ? "" : "s"}`, + expanded: true, }; } if ( @@ -97,18 +93,23 @@ function getAccordionMeta(output: CreateAgentToolOutput): { export function CreateAgentTool({ part }: Props) { const text = getAnimationText(part); const { onSend } = useCopilotChatActions(); + const isStreaming = part.state === "input-streaming" || part.state === "input-available"; const output = getCreateAgentToolOutput(part); + const isError = part.state === "output-error" || (!!output && isErrorOutput(output)); + const isOperating = !!output && (isOperationStartedOutput(output) || isOperationPendingOutput(output) || isOperationInProgressOutput(output)); + const progress = useAsymptoticProgress(isOperating); + const hasExpandableContent = part.state === "output-available" && !!output && @@ -149,10 +150,7 @@ export function CreateAgentTool({ part }: Props) {
{hasExpandableContent && output && ( - + {isOperating && ( diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/EditAgent/EditAgent.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/EditAgent/EditAgent.tsx index 3beb9e7e1e..6766a5cb49 100644 --- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/EditAgent/EditAgent.tsx +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/EditAgent/EditAgent.tsx @@ -146,10 +146,7 @@ export function EditAgentTool({ part }: Props) {
{hasExpandableContent && output && ( - + {isOperating && ( diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunAgent/RunAgent.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunAgent/RunAgent.tsx index 51044848b9..f16b9d2b2f 100644 --- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunAgent/RunAgent.tsx +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunAgent/RunAgent.tsx @@ -61,14 +61,7 @@ export function RunAgentTool({ part }: Props) {
{hasExpandableContent && output && ( - + {isRunAgentExecutionStartedOutput(output) && ( )} diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunAgent/helpers.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunAgent/helpers.tsx index 0a117a71f2..816c661230 100644 --- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunAgent/helpers.tsx +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunAgent/helpers.tsx @@ -10,7 +10,7 @@ import { WarningDiamondIcon, } from "@phosphor-icons/react"; import type { ToolUIPart } from "ai"; -import { SpinnerLoader } from "../../components/SpinnerLoader/SpinnerLoader"; +import { OrbitLoader } from "../../components/OrbitLoader/OrbitLoader"; export interface RunAgentInput { username_agent_slug?: string; @@ -171,7 +171,7 @@ export function ToolIcon({ ); } if (isStreaming) { - return ; + return ; } return ; } @@ -203,7 +203,7 @@ export function getAccordionMeta(output: RunAgentToolOutput): { ? output.status.trim() : "started"; return { - icon: , + icon: , title: output.graph_name, description: `Status: ${statusText}`, }; diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/RunBlock.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/RunBlock.tsx index ded344efa2..e1cb030449 100644 --- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/RunBlock.tsx +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/RunBlock.tsx @@ -55,13 +55,7 @@ export function RunBlockTool({ part }: Props) { {hasExpandableContent && output && ( - + {isRunBlockBlockOutput(output) && } {isRunBlockSetupRequirementsOutput(output) && ( diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/helpers.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/helpers.tsx index 61ba65e74e..c9b903876a 100644 --- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/helpers.tsx +++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/helpers.tsx @@ -8,7 +8,7 @@ import { WarningDiamondIcon, } from "@phosphor-icons/react"; import type { ToolUIPart } from "ai"; -import { SpinnerLoader } from "../../components/SpinnerLoader/SpinnerLoader"; +import { OrbitLoader } from "../../components/OrbitLoader/OrbitLoader"; export interface RunBlockInput { block_id?: string; @@ -120,7 +120,7 @@ export function ToolIcon({ ); } if (isStreaming) { - return ; + return ; } return ; } @@ -149,7 +149,7 @@ export function getAccordionMeta(output: RunBlockToolOutput): { if (isRunBlockBlockOutput(output)) { const keys = Object.keys(output.outputs ?? {}); return { - icon: , + icon: , title: output.block_name, description: keys.length > 0 From 659338f90cc7f682e55c8ced001ef0d30bc4604e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:28:23 +0000 Subject: [PATCH 2/5] chore(deps): bump peter-evans/repository-dispatch from 3 to 4 (#12035) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) from 3 to 4.
Release notes

Sourced from peter-evans/repository-dispatch's releases.

Repository Dispatch v4.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

... (truncated)

Commits
  • 28959ce Fix node version in actions.yml (#433)
  • 25d29c2 build(deps-dev): bump @​types/node in the npm group (#432)
  • 830136c build(deps): bump the github-actions group with 3 updates (#431)
  • 2c856c6 ci: update dependabot config
  • 6673907 build(deps-dev): bump @​types/node from 18.19.127 to 18.19.129 (#429)
  • 952a211 build(deps): bump peter-evans/repository-dispatch from 3 to 4 (#428)
  • 5fc4efd docs: update readme
  • a628c95 feat: v4 (#427)
  • de78ac1 build(deps-dev): bump @​vercel/ncc from 0.38.3 to 0.38.4 (#425)
  • f49fa7f build(deps-dev): bump @​types/node from 18.19.124 to 18.19.127 (#426)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/repository-dispatch&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nicholas Tindle --- .github/workflows/platform-autogpt-deploy-dev.yaml | 2 +- .github/workflows/platform-autogpt-deploy-prod.yml | 2 +- .github/workflows/platform-dev-deploy-event-dispatcher.yml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/platform-autogpt-deploy-dev.yaml b/.github/workflows/platform-autogpt-deploy-dev.yaml index 6e1e23d3eb..df1e8b1172 100644 --- a/.github/workflows/platform-autogpt-deploy-dev.yaml +++ b/.github/workflows/platform-autogpt-deploy-dev.yaml @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Trigger deploy workflow - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@v4 with: token: ${{ secrets.DEPLOY_TOKEN }} repository: Significant-Gravitas/AutoGPT_cloud_infrastructure diff --git a/.github/workflows/platform-autogpt-deploy-prod.yml b/.github/workflows/platform-autogpt-deploy-prod.yml index 4d7c16d710..42107d4f5a 100644 --- a/.github/workflows/platform-autogpt-deploy-prod.yml +++ b/.github/workflows/platform-autogpt-deploy-prod.yml @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Trigger deploy workflow - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@v4 with: token: ${{ secrets.DEPLOY_TOKEN }} repository: Significant-Gravitas/AutoGPT_cloud_infrastructure diff --git a/.github/workflows/platform-dev-deploy-event-dispatcher.yml b/.github/workflows/platform-dev-deploy-event-dispatcher.yml index b5324b7c2c..1a581c55c2 100644 --- a/.github/workflows/platform-dev-deploy-event-dispatcher.yml +++ b/.github/workflows/platform-dev-deploy-event-dispatcher.yml @@ -82,7 +82,7 @@ jobs: - name: Dispatch Deploy Event if: steps.check_status.outputs.should_deploy == 'true' - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@v4 with: token: ${{ secrets.DISPATCH_TOKEN }} repository: Significant-Gravitas/AutoGPT_cloud_infrastructure @@ -110,7 +110,7 @@ jobs: - name: Dispatch Undeploy Event (from comment) if: steps.check_status.outputs.should_undeploy == 'true' - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@v4 with: token: ${{ secrets.DISPATCH_TOKEN }} repository: Significant-Gravitas/AutoGPT_cloud_infrastructure @@ -168,7 +168,7 @@ jobs: github.event_name == 'pull_request' && github.event.action == 'closed' && steps.check_pr_close.outputs.should_undeploy == 'true' - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@v4 with: token: ${{ secrets.DISPATCH_TOKEN }} repository: Significant-Gravitas/AutoGPT_cloud_infrastructure From 1ecae8c87ebbeb088f3d39280f4b28864ccdf0ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Feb 2026 17:32:30 -0600 Subject: [PATCH 3/5] chore(backend/deps): bump aiofiles from 24.1.0 to 25.1.0 in /autogpt_platform/backend (#12043) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [aiofiles](https://github.com/Tinche/aiofiles) from 24.1.0 to 25.1.0.
Release notes

Sourced from aiofiles's releases.

v25.1.0

  • Switch to uv + add Python v3.14 support. (#219)
  • Add ruff formatter and linter. #216
  • Drop Python 3.8 support. If you require it, use version 24.1.0. #204

New Contributors

Full Changelog: https://github.com/Tinche/aiofiles/compare/v24.1.0...v25.1.0

Changelog

Sourced from aiofiles's changelog.

25.1.0 (2025-10-09)

  • Switch to uv + add Python v3.14 support. (#219)
  • Add ruff formatter and linter. #216
  • Drop Python 3.8 support. If you require it, use version 24.1.0. #204
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiofiles&package-manager=pip&previous-version=24.1.0&new-version=25.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Otto --- autogpt_platform/backend/poetry.lock | 10 +++++----- autogpt_platform/backend/pyproject.toml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/autogpt_platform/backend/poetry.lock b/autogpt_platform/backend/poetry.lock index 09d4d4225d..53b5030da6 100644 --- a/autogpt_platform/backend/poetry.lock +++ b/autogpt_platform/backend/poetry.lock @@ -46,14 +46,14 @@ pycares = ">=4.9.0,<5" [[package]] name = "aiofiles" -version = "24.1.0" +version = "25.1.0" description = "File support for asyncio." optional = false -python-versions = ">=3.8" +python-versions = ">=3.9" groups = ["main"] files = [ - {file = "aiofiles-24.1.0-py3-none-any.whl", hash = "sha256:b4ec55f4195e3eb5d7abd1bf7e061763e864dd4954231fb8539a0ef8bb8260e5"}, - {file = "aiofiles-24.1.0.tar.gz", hash = "sha256:22a075c9e5a3810f0c2e48f3008c94d68c65d763b9b03857924c99e57355166c"}, + {file = "aiofiles-25.1.0-py3-none-any.whl", hash = "sha256:abe311e527c862958650f9438e859c1fa7568a141b22abcd015e120e86a85695"}, + {file = "aiofiles-25.1.0.tar.gz", hash = "sha256:a8d728f0a29de45dc521f18f07297428d56992a742f0cd2701ba86e44d23d5b2"}, ] [[package]] @@ -8440,4 +8440,4 @@ cffi = ["cffi (>=1.17,<2.0) ; platform_python_implementation != \"PyPy\" and pyt [metadata] lock-version = "2.1" python-versions = ">=3.10,<3.14" -content-hash = "fc135114e01de39c8adf70f6132045e7d44a19473c1279aee0978de65aad1655" +content-hash = "c06e96ad49388ba7a46786e9ea55ea2c1a57408e15613237b4bee40a592a12af" diff --git a/autogpt_platform/backend/pyproject.toml b/autogpt_platform/backend/pyproject.toml index cfd495b760..317663ee98 100644 --- a/autogpt_platform/backend/pyproject.toml +++ b/autogpt_platform/backend/pyproject.toml @@ -76,7 +76,7 @@ yt-dlp = "2025.12.08" zerobouncesdk = "^1.1.2" # NOTE: please insert new dependencies in their alphabetical location pytest-snapshot = "^0.9.0" -aiofiles = "^24.1.0" +aiofiles = "^25.1.0" tiktoken = "^0.12.0" aioclamd = "^1.0.0" setuptools = "^80.9.0" From 2cd0d4fe0f943df393a522a8144803e9e059229b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Feb 2026 02:25:51 +0000 Subject: [PATCH 4/5] chore(deps): bump actions/checkout from 4 to 6 (#12034) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Otto --- .github/workflows/claude-ci-failure-auto-fix.yml | 2 +- .github/workflows/claude-dependabot.yml | 2 +- .github/workflows/claude.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/copilot-setup-steps.yml | 2 +- .github/workflows/docs-block-sync.yml | 2 +- .github/workflows/docs-claude-review.yml | 2 +- .github/workflows/docs-enhance.yml | 2 +- .github/workflows/platform-autogpt-deploy-dev.yaml | 2 +- .github/workflows/platform-autogpt-deploy-prod.yml | 2 +- .github/workflows/platform-backend-ci.yml | 2 +- .github/workflows/platform-frontend-ci.yml | 10 +++++----- .github/workflows/platform-fullstack-ci.yml | 4 ++-- .github/workflows/repo-workflow-checker.yml | 2 +- 14 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/claude-ci-failure-auto-fix.yml b/.github/workflows/claude-ci-failure-auto-fix.yml index 070a4acd14..ab07c8ae10 100644 --- a/.github/workflows/claude-ci-failure-auto-fix.yml +++ b/.github/workflows/claude-ci-failure-auto-fix.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.event.workflow_run.head_branch }} fetch-depth: 0 diff --git a/.github/workflows/claude-dependabot.yml b/.github/workflows/claude-dependabot.yml index 6dbe068c3d..da37df6de7 100644 --- a/.github/workflows/claude-dependabot.yml +++ b/.github/workflows/claude-dependabot.yml @@ -30,7 +30,7 @@ jobs: actions: read # Required for CI access steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 8e165b823e..ee901fe5d4 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -40,7 +40,7 @@ jobs: actions: read # Required for CI access steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a6c36ed86c..966243323c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -58,7 +58,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index eae6eea5d2..dad99cb8d9 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -27,7 +27,7 @@ jobs: # If you do not check out your code, Copilot will do this for you. steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 submodules: true diff --git a/.github/workflows/docs-block-sync.yml b/.github/workflows/docs-block-sync.yml index 4977877b19..32f205019f 100644 --- a/.github/workflows/docs-block-sync.yml +++ b/.github/workflows/docs-block-sync.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/docs-claude-review.yml b/.github/workflows/docs-claude-review.yml index 1643fe1c49..ca2788b387 100644 --- a/.github/workflows/docs-claude-review.yml +++ b/.github/workflows/docs-claude-review.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/docs-enhance.yml b/.github/workflows/docs-enhance.yml index 4baa882cd1..52607fa5df 100644 --- a/.github/workflows/docs-enhance.yml +++ b/.github/workflows/docs-enhance.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/platform-autogpt-deploy-dev.yaml b/.github/workflows/platform-autogpt-deploy-dev.yaml index df1e8b1172..b415fb1b7b 100644 --- a/.github/workflows/platform-autogpt-deploy-dev.yaml +++ b/.github/workflows/platform-autogpt-deploy-dev.yaml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.event.inputs.git_ref || github.ref_name }} diff --git a/.github/workflows/platform-autogpt-deploy-prod.yml b/.github/workflows/platform-autogpt-deploy-prod.yml index 42107d4f5a..e0c524d8d2 100644 --- a/.github/workflows/platform-autogpt-deploy-prod.yml +++ b/.github/workflows/platform-autogpt-deploy-prod.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.ref_name || 'master' }} diff --git a/.github/workflows/platform-backend-ci.yml b/.github/workflows/platform-backend-ci.yml index a301477ecf..1f0c6da3dd 100644 --- a/.github/workflows/platform-backend-ci.yml +++ b/.github/workflows/platform-backend-ci.yml @@ -68,7 +68,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 submodules: true diff --git a/.github/workflows/platform-frontend-ci.yml b/.github/workflows/platform-frontend-ci.yml index 669a775934..6410daae9f 100644 --- a/.github/workflows/platform-frontend-ci.yml +++ b/.github/workflows/platform-frontend-ci.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Check for component changes uses: dorny/paths-filter@v3 @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Node.js uses: actions/setup-node@v6 @@ -107,7 +107,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 @@ -148,7 +148,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: submodules: recursive @@ -277,7 +277,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: submodules: recursive diff --git a/.github/workflows/platform-fullstack-ci.yml b/.github/workflows/platform-fullstack-ci.yml index ab483b98af..b4724245dc 100644 --- a/.github/workflows/platform-fullstack-ci.yml +++ b/.github/workflows/platform-fullstack-ci.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Node.js uses: actions/setup-node@v6 @@ -63,7 +63,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: submodules: recursive diff --git a/.github/workflows/repo-workflow-checker.yml b/.github/workflows/repo-workflow-checker.yml index 35536ba922..aa94622d31 100644 --- a/.github/workflows/repo-workflow-checker.yml +++ b/.github/workflows/repo-workflow-checker.yml @@ -11,7 +11,7 @@ jobs: steps: # - name: Wait some time for all actions to start # run: sleep 30 - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 # with: # fetch-depth: 0 - name: Set up Python From 062fe1aa709217136b896c8b950e0f04435afb32 Mon Sep 17 00:00:00 2001 From: Otto Date: Wed, 11 Feb 2026 03:28:19 +0000 Subject: [PATCH 5/5] fix(security): enforce disabled flag on blocks in graph validation (#12059) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary Blocks marked `disabled=True` (like BlockInstallationBlock) were not being checked during graph validation, allowing them to be used via direct API calls despite being hidden from the UI. This adds a security check in `_validate_graph_get_errors()` to reject any graph containing disabled blocks. ## Security Advisory GHSA-4crw-9p35-9x54 ## Linear SECRT-1927 ## Changes - Added `block.disabled` check in graph validation (6 lines) ## Testing - Graphs with disabled blocks → rejected with clear error message - Graphs with valid blocks → unchanged behavior

Greptile Overview

Greptile Summary

 Adds critical security validation to prevent execution of disabled blocks (like `BlockInstallationBlock`) via direct API calls. The fix validates that `block.disabled` is `False` during graph validation in `_validate_graph_get_errors()` on line 747-750, ensuring disabled blocks are rejected before graph creation or execution. This closes a vulnerability where blocks marked disabled in the UI could still be used through API endpoints.

Confidence Score: 5/5

 - This PR is safe to merge and addresses a critical security vulnerability - The fix is minimal (6 lines), correctly placed in the validation flow, includes clear security context (GHSA reference), and follows existing validation patterns. The check is positioned after block existence validation and before input validation, ensuring disabled blocks are caught early in both graph creation and execution paths. - No files require special attention
--------- Co-authored-by: Nicholas Tindle Co-authored-by: Claude Opus 4.6 --- autogpt_platform/backend/backend/data/graph.py | 5 +++++ autogpt_platform/backend/backend/executor/manager.py | 3 +++ 2 files changed, 8 insertions(+) diff --git a/autogpt_platform/backend/backend/data/graph.py b/autogpt_platform/backend/backend/data/graph.py index 0dc3eea887..2433a5d270 100644 --- a/autogpt_platform/backend/backend/data/graph.py +++ b/autogpt_platform/backend/backend/data/graph.py @@ -743,6 +743,11 @@ class GraphModel(Graph, GraphMeta): # For invalid blocks, we still raise immediately as this is a structural issue raise ValueError(f"Invalid block {node.block_id} for node #{node.id}") + if block.disabled: + raise ValueError( + f"Block {node.block_id} is disabled and cannot be used in graphs" + ) + node_input_mask = ( nodes_input_masks.get(node.id, {}) if nodes_input_masks else {} ) diff --git a/autogpt_platform/backend/backend/executor/manager.py b/autogpt_platform/backend/backend/executor/manager.py index 8362dae828..7304653811 100644 --- a/autogpt_platform/backend/backend/executor/manager.py +++ b/autogpt_platform/backend/backend/executor/manager.py @@ -213,6 +213,9 @@ async def execute_node( block_name=node_block.name, ) + if node_block.disabled: + raise ValueError(f"Block {node_block.id} is disabled and cannot be executed") + # Sanity check: validate the execution input. input_data, error = validate_exec(node, data.inputs, resolve_input=False) if input_data is None: