+
+ ),
+ ],
+};
+
+export default meta;
+type Story = StoryObj
+ {entries.map(([name, schema]) => {
+ const field = schema as Record | undefined;
+ const fieldTitle =
+ typeof field?.title === "string" ? field.title : name;
+ const fieldType =
+ typeof field?.type === "string" ? field.type : "unknown";
+ const description =
+ typeof field?.description === "string"
+ ? field.description
+ : undefined;
+
+ return (
+
+
+
+ {description}
+
+ )}
+
+ );
+ })}
+
+
+ {fieldTitle}
+
+
+ {description && (
+
+ {fieldType}
+ {requiredSet.has(name) && (
+ Required
+ )}
+
+ Greptile Overview
Greptile Summary
Applies proven CI performance optimizations to Claude workflows by
simplifying pnpm caching and adding dev environment setup to the
auto-fix workflow.
**Key changes:**
- Replaced manual pnpm cache configuration (4 steps) with built-in
`setup-node` `cache: "pnpm"` support in `claude.yml` and
`claude-dependabot.yml`
- Added complete dev environment setup (Python/Poetry + Node.js/pnpm) to
`claude-ci-failure-auto-fix.yml` so Claude can run linting and tests
when fixing CI failures
- Correctly orders `corepack enable` before `setup-node` to ensure pnpm
is available for caching
The changes mirror the optimizations from PR #12090 and maintain
consistency across all Claude workflows.
Confidence Score: 5/5
- This PR is safe to merge with minimal risk
- The changes are CI infrastructure optimizations that mirror proven
patterns from PR #12090. The pnpm caching simplification reduces
complexity without changing functionality (caching failures gracefully
fall back to uncached builds). The dev environment setup in the auto-fix
workflow is additive and enables Claude to run linting/tests. All YAML
syntax is correct and the step ordering follows best practices.
- No files require special attention
Sequence Diagram
```mermaid
sequenceDiagram
participant GHA as GitHub Actions
participant Corepack as Corepack
participant SetupNode as setup-node@v6
participant Cache as GHA Cache
participant pnpm as pnpm
Note over GHA,pnpm: Before (Manual Caching)
GHA->>SetupNode: Set up Node.js 22
SetupNode-->>GHA: Node.js ready
GHA->>Corepack: Enable corepack
Corepack-->>GHA: pnpm available
GHA->>pnpm: Configure store directory
pnpm-->>GHA: Store path set
GHA->>Cache: actions/cache (manual key)
Cache-->>GHA: Cache restored/missed
GHA->>pnpm: Install dependencies
pnpm-->>GHA: Dependencies installed
Note over GHA,pnpm: After (Built-in Caching)
GHA->>Corepack: Enable corepack
Corepack-->>GHA: pnpm available
GHA->>SetupNode: Set up Node.js 22cache: "pnpm"
cache-dependency-path: pnpm-lock.yaml SetupNode->>Cache: Auto-detect pnpm store Cache-->>SetupNode: Cache restored/missed SetupNode-->>GHA: Node.js + cache ready GHA->>pnpm: Install dependencies pnpm-->>GHA: Dependencies installed ```
Greptile Overview
Greptile Summary
Adds feature request search and creation tools to CoPilot chat,
integrating with Linear's GraphQL API to track user feedback. Users can
now search existing feature requests and submit new ones (or add their
need to existing issues) directly through conversation.
**Key changes:**
- Backend: `SearchFeatureRequestsTool` and `CreateFeatureRequestTool`
with Linear API integration via system-level `LINEAR_API_KEY`
- Frontend: React components with streaming state handling and accordion
UI for search results and creation confirmations
- Models: Added `FeatureRequestSearchResponse` and
`FeatureRequestCreatedResponse` to response types
- Customer need tracking: Upserts customers in Linear and attaches needs
to issues for better feedback attribution
**Issues found:**
- Missing `LINEAR_API_KEY` entry in `.env.default` (required per PR
description checklist)
- Hardcoded project/team IDs reduce maintainability
- Global singleton pattern could cause issues in async contexts
- Using `user_id` as customer name reduces readability in Linear
Confidence Score: 4/5
- Safe to merge with minor configuration fix required
- The implementation is well-structured with proper error handling, type
safety, and follows existing patterns in the codebase. The missing
`.env.default` entry is a straightforward configuration issue that must
be fixed before deployment but doesn't affect code quality. The other
findings are style improvements that don't impact functionality.
- Verify that `LINEAR_API_KEY` is added to `.env.default` before merging
Sequence Diagram
```mermaid
sequenceDiagram
participant User
participant CoPilot UI
participant LLM
participant FeatureRequestTool
participant LinearClient
participant Linear API
User->>CoPilot UI: Request feature via chat
CoPilot UI->>LLM: Send user message
LLM->>FeatureRequestTool: search_feature_requests(query)
FeatureRequestTool->>LinearClient: query(SEARCH_ISSUES_QUERY)
LinearClient->>Linear API: POST /graphql (search)
Linear API-->>LinearClient: searchIssues.nodes[]
LinearClient-->>FeatureRequestTool: Feature request data
FeatureRequestTool-->>LLM: FeatureRequestSearchResponse
alt No existing requests found
LLM->>FeatureRequestTool: create_feature_request(title, description)
FeatureRequestTool->>LinearClient: mutate(CUSTOMER_UPSERT_MUTATION)
LinearClient->>Linear API: POST /graphql (upsert customer)
Linear API-->>LinearClient: customer {id, name}
LinearClient-->>FeatureRequestTool: Customer data
FeatureRequestTool->>LinearClient: mutate(ISSUE_CREATE_MUTATION)
LinearClient->>Linear API: POST /graphql (create issue)
Linear API-->>LinearClient: issue {id, identifier, url}
LinearClient-->>FeatureRequestTool: Issue data
FeatureRequestTool->>LinearClient: mutate(CUSTOMER_NEED_CREATE_MUTATION)
LinearClient->>Linear API: POST /graphql (attach need)
Linear API-->>LinearClient: need {id, issue}
LinearClient-->>FeatureRequestTool: Need data
FeatureRequestTool-->>LLM: FeatureRequestCreatedResponse
else Existing request found
LLM->>FeatureRequestTool: create_feature_request(title, description, existing_issue_id)
FeatureRequestTool->>LinearClient: mutate(CUSTOMER_UPSERT_MUTATION)
LinearClient->>Linear API: POST /graphql (upsert customer)
Linear API-->>LinearClient: customer {id}
LinearClient-->>FeatureRequestTool: Customer data
FeatureRequestTool->>LinearClient: mutate(CUSTOMER_NEED_CREATE_MUTATION)
LinearClient->>Linear API: POST /graphql (attach need to existing)
Linear API-->>LinearClient: need {id, issue}
LinearClient-->>FeatureRequestTool: Need data
FeatureRequestTool-->>LLM: FeatureRequestCreatedResponse
end
LLM-->>CoPilot UI: Tool response + continuation
CoPilot UI-->>User: Display result with accordion UI
```
+
+ {searchOutput.results.map((r) => (
+
+
+ {r.title}
+
+ {r.description && (
+
+ {truncate(r.description, 200)}
+
+ )}
+
+ ))}
+
+ )}
+
+ {noResultsOutput && (
+
+ );
+}
+
+export function CreateFeatureRequestTool({ part }: Props) {
+ const output = getFeatureRequestOutput(part);
+ const text = getAnimationText(part);
+ const isStreaming =
+ part.state === "input-streaming" || part.state === "input-available";
+ const isError =
+ part.state === "output-error" || (!!output && isErrorOutput(output));
+
+ const normalized = useMemo(() => {
+ if (!output) return null;
+ return { title: getAccordionTitle(part.type, output) };
+ }, [output, part.type]);
+
+ const isOutputAvailable = part.state === "output-available" && !!output;
+
+ const createdOutput =
+ isOutputAvailable && output && isCreatedOutput(output) ? output : null;
+ const errorOutput =
+ isOutputAvailable && output && isErrorOutput(output) ? output : null;
+
+ const hasExpandableContent =
+ isOutputAvailable && (!!createdOutput || !!errorOutput);
+
+ const accordionDescription =
+ hasExpandableContent && createdOutput
+ ? createdOutput.issue_title
+ : hasExpandableContent && errorOutput
+ ? errorOutput.message
+ : null;
+
+ return (
+
+
+
+ {hasExpandableContent && normalized && (
+
+ {noResultsOutput.message}
+ {noResultsOutput.suggestions &&
+ noResultsOutput.suggestions.length > 0 && (
+
+ )}
+
+ {errorOutput && (
+
+ {errorOutput.message}
+ {errorOutput.error && (
+
+ {errorOutput.error}
+
+ )}
+
+ )}
+
+ )}
+
+
+
+ {createdOutput.issue_title}
+
+ {createdOutput.message}
+
+ )}
+
+ {errorOutput && (
+
+ );
+}
diff --git a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/FeatureRequests/helpers.tsx b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/FeatureRequests/helpers.tsx
new file mode 100644
index 0000000000..75133905b1
--- /dev/null
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/FeatureRequests/helpers.tsx
@@ -0,0 +1,271 @@
+import {
+ CheckCircleIcon,
+ LightbulbIcon,
+ MagnifyingGlassIcon,
+ PlusCircleIcon,
+} from "@phosphor-icons/react";
+import type { ToolUIPart } from "ai";
+
+/* ------------------------------------------------------------------ */
+/* Types (local until API client is regenerated) */
+/* ------------------------------------------------------------------ */
+
+interface FeatureRequestInfo {
+ id: string;
+ identifier: string;
+ title: string;
+ description?: string | null;
+}
+
+export interface FeatureRequestSearchResponse {
+ type: "feature_request_search";
+ message: string;
+ results: FeatureRequestInfo[];
+ count: number;
+ query: string;
+}
+
+export interface FeatureRequestCreatedResponse {
+ type: "feature_request_created";
+ message: string;
+ issue_id: string;
+ issue_identifier: string;
+ issue_title: string;
+ issue_url: string;
+ is_new_issue: boolean;
+ customer_name: string;
+}
+
+interface NoResultsResponse {
+ type: "no_results";
+ message: string;
+ suggestions?: string[];
+}
+
+interface ErrorResponse {
+ type: "error";
+ message: string;
+ error?: string;
+}
+
+export type FeatureRequestOutput =
+ | FeatureRequestSearchResponse
+ | FeatureRequestCreatedResponse
+ | NoResultsResponse
+ | ErrorResponse;
+
+export type FeatureRequestToolType =
+ | "tool-search_feature_requests"
+ | "tool-create_feature_request"
+ | string;
+
+/* ------------------------------------------------------------------ */
+/* Output parsing */
+/* ------------------------------------------------------------------ */
+
+function parseOutput(output: unknown): FeatureRequestOutput | null {
+ if (!output) return null;
+ if (typeof output === "string") {
+ const trimmed = output.trim();
+ if (!trimmed) return null;
+ try {
+ return parseOutput(JSON.parse(trimmed) as unknown);
+ } catch {
+ return null;
+ }
+ }
+ if (typeof output === "object") {
+ const type = (output as { type?: unknown }).type;
+ if (
+ type === "feature_request_search" ||
+ type === "feature_request_created" ||
+ type === "no_results" ||
+ type === "error"
+ ) {
+ return output as FeatureRequestOutput;
+ }
+ // Fallback structural checks
+ if ("results" in output && "query" in output)
+ return output as FeatureRequestSearchResponse;
+ if ("issue_identifier" in output)
+ return output as FeatureRequestCreatedResponse;
+ if ("suggestions" in output && !("error" in output))
+ return output as NoResultsResponse;
+ if ("error" in output || "details" in output)
+ return output as ErrorResponse;
+ }
+ return null;
+}
+
+export function getFeatureRequestOutput(
+ part: unknown,
+): FeatureRequestOutput | null {
+ if (!part || typeof part !== "object") return null;
+ return parseOutput((part as { output?: unknown }).output);
+}
+
+/* ------------------------------------------------------------------ */
+/* Type guards */
+/* ------------------------------------------------------------------ */
+
+export function isSearchResultsOutput(
+ output: FeatureRequestOutput,
+): output is FeatureRequestSearchResponse {
+ return (
+ output.type === "feature_request_search" ||
+ ("results" in output && "query" in output)
+ );
+}
+
+export function isCreatedOutput(
+ output: FeatureRequestOutput,
+): output is FeatureRequestCreatedResponse {
+ return (
+ output.type === "feature_request_created" || "issue_identifier" in output
+ );
+}
+
+export function isNoResultsOutput(
+ output: FeatureRequestOutput,
+): output is NoResultsResponse {
+ return (
+ output.type === "no_results" ||
+ ("suggestions" in output && !("error" in output))
+ );
+}
+
+export function isErrorOutput(
+ output: FeatureRequestOutput,
+): output is ErrorResponse {
+ return output.type === "error" || "error" in output;
+}
+
+/* ------------------------------------------------------------------ */
+/* Accordion metadata */
+/* ------------------------------------------------------------------ */
+
+export function getAccordionTitle(
+ toolType: FeatureRequestToolType,
+ output: FeatureRequestOutput,
+): string {
+ if (toolType === "tool-search_feature_requests") {
+ if (isSearchResultsOutput(output)) return "Feature requests";
+ if (isNoResultsOutput(output)) return "No feature requests found";
+ return "Feature request search error";
+ }
+ if (isCreatedOutput(output)) {
+ return output.is_new_issue
+ ? "Feature request created"
+ : "Added to feature request";
+ }
+ if (isErrorOutput(output)) return "Feature request error";
+ return "Feature request";
+}
+
+/* ------------------------------------------------------------------ */
+/* Animation text */
+/* ------------------------------------------------------------------ */
+
+interface AnimationPart {
+ type: FeatureRequestToolType;
+ state: ToolUIPart["state"];
+ input?: unknown;
+ output?: unknown;
+}
+
+export function getAnimationText(part: AnimationPart): string {
+ if (part.type === "tool-search_feature_requests") {
+ const query = (part.input as { query?: string } | undefined)?.query?.trim();
+ const queryText = query ? ` for "${query}"` : "";
+
+ switch (part.state) {
+ case "input-streaming":
+ case "input-available":
+ return `Searching feature requests${queryText}`;
+ case "output-available": {
+ const output = parseOutput(part.output);
+ if (!output) return `Searching feature requests${queryText}`;
+ if (isSearchResultsOutput(output)) {
+ return `Found ${output.count} feature request${output.count === 1 ? "" : "s"}${queryText}`;
+ }
+ if (isNoResultsOutput(output))
+ return `No feature requests found${queryText}`;
+ return `Error searching feature requests${queryText}`;
+ }
+ case "output-error":
+ return `Error searching feature requests${queryText}`;
+ default:
+ return "Searching feature requests";
+ }
+ }
+
+ // create_feature_request
+ const title = (part.input as { title?: string } | undefined)?.title?.trim();
+ const titleText = title ? ` "${title}"` : "";
+
+ switch (part.state) {
+ case "input-streaming":
+ case "input-available":
+ return `Creating feature request${titleText}`;
+ case "output-available": {
+ const output = parseOutput(part.output);
+ if (!output) return `Creating feature request${titleText}`;
+ if (isCreatedOutput(output)) {
+ return output.is_new_issue
+ ? "Feature request created"
+ : "Added to existing feature request";
+ }
+ if (isErrorOutput(output)) return "Error creating feature request";
+ return `Created feature request${titleText}`;
+ }
+ case "output-error":
+ return "Error creating feature request";
+ default:
+ return "Creating feature request";
+ }
+}
+
+/* ------------------------------------------------------------------ */
+/* Icons */
+/* ------------------------------------------------------------------ */
+
+export function ToolIcon({
+ toolType,
+ isStreaming,
+ isError,
+}: {
+ toolType: FeatureRequestToolType;
+ isStreaming?: boolean;
+ isError?: boolean;
+}) {
+ const IconComponent =
+ toolType === "tool-create_feature_request"
+ ? PlusCircleIcon
+ : MagnifyingGlassIcon;
+
+ return (
+
+
+
+ {hasExpandableContent && normalized && (
+
+
+ {createdOutput.is_new_issue ? "New" : "Existing"}
+
+
+
+ {errorOutput.message}
+ {errorOutput.error && (
+
+ {errorOutput.error}
+
+ )}
+
+ )}
+
+ )}
+ Release notes
Sourced from github/codeql-action's releases.
v3.32.2
v3.32.1
- A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
- Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421
v3.32.0
v3.31.11
- When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
- Improved error handling throughout the CodeQL Action. #3415
- Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
- The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403
v3.31.10
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.10 - 12 Jan 2026
- Update default CodeQL bundle version to 2.23.9. #3393
See the full CHANGELOG.md for more information.
v3.31.9
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.9 - 16 Dec 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.31.8
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.8 - 11 Dec 2025
- Update default CodeQL bundle version to 2.23.8. #3354
See the full CHANGELOG.md for more information.
v3.31.7
... (truncated)
Changelog
Sourced from github/codeql-action's changelog.
4.31.11 - 23 Jan 2026
- When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
- Improved error handling throughout the CodeQL Action. #3415
- Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
- The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403
4.31.10 - 12 Jan 2026
- Update default CodeQL bundle version to 2.23.9. #3393
4.31.9 - 16 Dec 2025
No user facing changes.
4.31.8 - 11 Dec 2025
- Update default CodeQL bundle version to 2.23.8. #3354
4.31.7 - 05 Dec 2025
- Update default CodeQL bundle version to 2.23.7. #3343
4.31.6 - 01 Dec 2025
No user facing changes.
4.31.5 - 24 Nov 2025
- Update default CodeQL bundle version to 2.23.6. #3321
4.31.4 - 18 Nov 2025
No user facing changes.
4.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5. #3288
4.31.2 - 30 Oct 2025
No user facing changes.
4.31.1 - 30 Oct 2025
- The
add-snippetsinput has been removed from theanalyzeaction. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.4.31.0 - 24 Oct 2025
... (truncated)
Commits
8aac4e4Merge pull request #3448 from github/mergeback/v4.32.1-to-main-6bc82e05e8d7df4Rebuildc1bba77Update changelog and version after v4.32.16bc82e0Merge pull request #3447 from github/update-v4.32.1-f52cbc83042f00f2Add a couple of change notescedee6dUpdate changelog for v4.32.1f52cbc8Merge pull request #3445 from github/dependabot/npm_and_yarn/fast-xml-parser-...- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Greptile Overview
Greptile Summary
Added `disabled=True` parameter to `PrintToConsoleBlock` in `basic.py`
per Nick Tindle's request (OPEN-3000).
- Block follows the same disabling pattern used by other blocks in the
codebase (e.g., `BlockInstallationBlock`, video blocks, Ayrshare blocks)
- Block will no longer appear in the platform UI for new graph creation
- Existing graphs using this block (ID:
`f3b1c1b2-4c4f-4f0d-8d2f-4c4f0d8d2f4c`) will need to be checked for
compatibility
- Comment properly documents the reason for disabling
Confidence Score: 5/5
- This PR is safe to merge with minimal risk
- Single-line change that adds a well-documented flag following existing
patterns used throughout the codebase. The change is non-destructive and
only affects UI visibility of the block for new graphs.
- No files require special attention
These PRs touch the same files but different sections (click to expand)
\n") + + for o, _ in low_risk: + other = o.pr_b if o.pr_a.number == current_pr else o.pr_a + non_ignored = [f for f in o.overlapping_files if not should_ignore_file(f)] + if non_ignored: + format_pr_entry(other, lines) + if o.line_overlaps: + for file_path, ranges in o.line_overlaps.items(): + range_strs = [f"L{r[0]}-{r[1]}" if r[0] != r[1] else f"L{r[0]}" for r in ranges] + lines.append(f" - `{file_path}`: {', '.join(range_strs)}") + else: + lines.append(f" - Shared files: `{'`, `'.join(non_ignored[:5])}`") + lines.append("") # Add blank line between entries + + lines.append("Greptile Overview
Greptile Summary
This PR replaces the existing OpenAI-compatible CoPilot with a full
Claude Agent SDK integration, introducing multi-turn conversations,
stateless resume via JSONL transcripts, and sandboxed tool execution.
**Key changes:**
- **SDK integration** (`chat/sdk/`): spawns Claude Code CLI subprocess
per message, translates events to frontend protocol, bridges MCP tools
- **Stateless resume**: captures JSONL transcripts via Stop hook,
persists in `ChatSession.sdkTranscript`, restores with `--resume`
(feature-flagged, default off)
- **Sandboxed execution**: bubblewrap sandbox for bash commands with
filesystem whitelist, network isolation, resource limits
- **Security hooks**: tool allowlist enforcement, path traversal
prevention, workspace-scoped file operations, sub-agent spawn limits
- **Long-running operations**: delegates `create_agent`/`edit_agent` to
existing stream_registry infrastructure for SSE reconnection
- **Feature flag**: `CHAT_USE_CLAUDE_AGENT_SDK` with LaunchDarkly
support, defaults to enabled
**Security issues found:**
- Path traversal validation has logic errors in `security_hooks.py:82`
(tilde expansion order) and `service.py:266` (redundant `..` check)
- Config validator always prefers env var over explicit `False` value
(`config.py:162`)
- Race condition in `routes.py:323` — message persisted before task
registration, could duplicate on retry
- Resource limits in sandbox may fail silently (`sandbox.py:109`)
**Test coverage is strong** with 366 lines for response adapter, 165 for
security hooks, and integration tests for multi-turn resume.
Confidence Score: 3/5
- This PR is generally safe but has critical security issues in path
validation that must be fixed before merge
- Score reflects strong architecture and test coverage offset by real
security vulnerabilities: the tilde expansion bug in `security_hooks.py`
could allow sandbox escape, the race condition could cause message
duplication, and the silent ulimit failures could bypass resource
limits. The bubblewrap sandbox and allowlist enforcement are
well-designed, but the path validation bugs need fixing. The transcript
resume feature is properly feature-flagged. Overall the implementation
is solid but the security issues prevent a higher score.
- Pay close attention to
`backend/api/features/chat/sdk/security_hooks.py` (path traversal
vulnerability), `backend/api/features/chat/routes.py` (race condition),
`backend/api/features/chat/tools/sandbox.py` (silent resource limit
failures), and `backend/api/features/chat/sdk/service.py` (redundant
security check)
Sequence Diagram
```mermaid
sequenceDiagram
participant Frontend
participant Routes as routes.py
participant SDKService as sdk/service.py
participant ClaudeSDK as Claude Agent SDK CLI
participant SecurityHooks as security_hooks.py
participant ToolAdapter as tool_adapter.py
participant CoPilotTools as tools/*
participant Sandbox as sandbox.py (bwrap)
participant DB as Database
participant Redis as stream_registry
Frontend->>Routes: POST /chat (user message)
Routes->>SDKService: stream_chat_completion_sdk()
SDKService->>DB: get_chat_session()
DB-->>SDKService: session + messages
alt Resume enabled AND transcript exists
SDKService->>SDKService: validate_transcript()
SDKService->>SDKService: write_transcript_to_tempfile()
Note over SDKService: Pass --resume to SDK
else No resume
SDKService->>SDKService: _compress_conversation_history()
Note over SDKService: Inject history into user message
end
SDKService->>SecurityHooks: create_security_hooks()
SDKService->>ToolAdapter: create_copilot_mcp_server()
SDKService->>ClaudeSDK: spawn subprocess with MCP server
loop Streaming Conversation
ClaudeSDK->>SDKService: AssistantMessage (text/tool_use)
SDKService->>Frontend: StreamTextDelta / StreamToolInputAvailable
alt Tool Call
ClaudeSDK->>SecurityHooks: PreToolUse hook
SecurityHooks->>SecurityHooks: validate path, check allowlist
alt Tool blocked
SecurityHooks-->>ClaudeSDK: deny
else Tool allowed
SecurityHooks-->>ClaudeSDK: allow
ClaudeSDK->>ToolAdapter: call MCP tool
alt Long-running tool (create_agent, edit_agent)
ToolAdapter->>Redis: register task
ToolAdapter->>DB: save OperationPendingResponse
ToolAdapter->>ToolAdapter: spawn background task
ToolAdapter-->>ClaudeSDK: OperationStartedResponse
else Regular tool (find_block, bash_exec)
ToolAdapter->>CoPilotTools: execute()
alt bash_exec
CoPilotTools->>Sandbox: run_sandboxed()
Sandbox->>Sandbox: build bwrap command
Note over Sandbox: Network isolation,filesystem whitelist,
resource limits Sandbox-->>CoPilotTools: stdout, stderr, exit_code end CoPilotTools-->>ToolAdapter: result ToolAdapter->>ToolAdapter: stash full output ToolAdapter-->>ClaudeSDK: MCP response end SecurityHooks->>SecurityHooks: PostToolUse hook (log) end end ClaudeSDK->>SDKService: UserMessage (ToolResultBlock) SDKService->>ToolAdapter: pop_pending_tool_output() SDKService->>Frontend: StreamToolOutputAvailable end ClaudeSDK->>SecurityHooks: Stop hook SecurityHooks->>SDKService: transcript_path callback SDKService->>SDKService: read_transcript_file() SDKService->>DB: save transcript to session.sdkTranscript ClaudeSDK->>SDKService: ResultMessage (success) SDKService->>Frontend: StreamFinish SDKService->>DB: upsert_chat_session() ```
+
+ );
+}
diff --git a/autogpt_platform/frontend/src/app/api/openapi.json b/autogpt_platform/frontend/src/app/api/openapi.json
index 1e8dca865c..8e48931540 100644
--- a/autogpt_platform/frontend/src/app/api/openapi.json
+++ b/autogpt_platform/frontend/src/app/api/openapi.json
@@ -7066,13 +7066,57 @@
"properties": {
"id": { "type": "string", "title": "Id" },
"name": { "type": "string", "title": "Name" },
- "description": { "type": "string", "title": "Description" }
+ "description": { "type": "string", "title": "Description" },
+ "categories": {
+ "items": { "type": "string" },
+ "type": "array",
+ "title": "Categories"
+ },
+ "input_schema": {
+ "additionalProperties": true,
+ "type": "object",
+ "title": "Input Schema",
+ "description": "Full JSON schema for block inputs"
+ },
+ "output_schema": {
+ "additionalProperties": true,
+ "type": "object",
+ "title": "Output Schema",
+ "description": "Full JSON schema for block outputs"
+ },
+ "required_inputs": {
+ "items": { "$ref": "#/components/schemas/BlockInputFieldInfo" },
+ "type": "array",
+ "title": "Required Inputs",
+ "description": "List of input fields for this block"
+ }
},
"type": "object",
- "required": ["id", "name", "description"],
+ "required": ["id", "name", "description", "categories"],
"title": "BlockInfoSummary",
"description": "Summary of a block for search results."
},
+ "BlockInputFieldInfo": {
+ "properties": {
+ "name": { "type": "string", "title": "Name" },
+ "type": { "type": "string", "title": "Type" },
+ "description": {
+ "type": "string",
+ "title": "Description",
+ "default": ""
+ },
+ "required": {
+ "type": "boolean",
+ "title": "Required",
+ "default": false
+ },
+ "default": { "anyOf": [{}, { "type": "null" }], "title": "Default" }
+ },
+ "type": "object",
+ "required": ["name", "type"],
+ "title": "BlockInputFieldInfo",
+ "description": "Information about a block input field."
+ },
"BlockListResponse": {
"properties": {
"type": {
@@ -7090,7 +7134,12 @@
"title": "Blocks"
},
"count": { "type": "integer", "title": "Count" },
- "query": { "type": "string", "title": "Query" }
+ "query": { "type": "string", "title": "Query" },
+ "usage_hint": {
+ "type": "string",
+ "title": "Usage Hint",
+ "default": "To execute a block, call run_block with block_id set to the block's 'id' field and input_data containing the fields listed in required_inputs."
+ }
},
"type": "object",
"required": ["message", "blocks", "count", "query"],
@@ -10496,6 +10545,9 @@
"operation_pending",
"operation_in_progress",
"input_validation_error",
+ "web_fetch",
+ "bash_exec",
+ "operation_status",
"feature_request_search",
"feature_request_created"
],
From f9f358c5263b32902810769a5bfcfe0254aa3c2c Mon Sep 17 00:00:00 2001
From: Zamil Majdy
+
+
+
+
+
+
+
+`,
+ { headers: { "Content-Type": "text/html" } },
+ );
+}
diff --git a/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/nodes/CustomNode/CustomNode.tsx b/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/nodes/CustomNode/CustomNode.tsx
index d4aa26480d..62e796b748 100644
--- a/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/nodes/CustomNode/CustomNode.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/nodes/CustomNode/CustomNode.tsx
@@ -47,7 +47,10 @@ export type CustomNode = XYNodeCompleting sign-in...
+;
+ availableTools: Record;
+ /** Credentials meta from OAuth flow, null for public servers. */
+ credentials: CredentialsMetaInput | null;
+};
+
+interface MCPToolDialogProps {
+ open: boolean;
+ onClose: () => void;
+ onConfirm: (result: MCPToolDialogResult) => void;
+}
+
+type DialogStep = "url" | "tool";
+
+export function MCPToolDialog({
+ open,
+ onClose,
+ onConfirm,
+}: MCPToolDialogProps) {
+ const allProviders = useContext(CredentialsProvidersContext);
+
+ const [step, setStep] = useState("url");
+ const [serverUrl, setServerUrl] = useState("");
+ const [tools, setTools] = useState([]);
+ const [serverName, setServerName] = useState(null);
+ const [loading, setLoading] = useState(false);
+ const [error, setError] = useState(null);
+ const [authRequired, setAuthRequired] = useState(false);
+ const [oauthLoading, setOauthLoading] = useState(false);
+ const [showManualToken, setShowManualToken] = useState(false);
+ const [manualToken, setManualToken] = useState("");
+ const [selectedTool, setSelectedTool] = useState(
+ null,
+ );
+ const [credentials, setCredentials] = useState(
+ null,
+ );
+
+ const startOAuthRef = useRef(false);
+ const oauthAbortRef = useRef<((reason?: string) => void) | null>(null);
+
+ // Clean up on unmount
+ useEffect(() => {
+ return () => {
+ oauthAbortRef.current?.();
+ };
+ }, []);
+
+ const reset = useCallback(() => {
+ oauthAbortRef.current?.();
+ oauthAbortRef.current = null;
+ setStep("url");
+ setServerUrl("");
+ setManualToken("");
+ setTools([]);
+ setServerName(null);
+ setLoading(false);
+ setError(null);
+ setAuthRequired(false);
+ setOauthLoading(false);
+ setShowManualToken(false);
+ setSelectedTool(null);
+ setCredentials(null);
+ }, []);
+
+ const handleClose = useCallback(() => {
+ reset();
+ onClose();
+ }, [reset, onClose]);
+
+ const discoverTools = useCallback(async (url: string, authToken?: string) => {
+ setLoading(true);
+ setError(null);
+ try {
+ const response = await postV2DiscoverAvailableToolsOnAnMcpServer({
+ server_url: url,
+ auth_token: authToken || null,
+ });
+ if (response.status !== 200) throw response.data;
+ setTools(response.data.tools);
+ setServerName(response.data.server_name ?? null);
+ setAuthRequired(false);
+ setShowManualToken(false);
+ setStep("tool");
+ } catch (e: any) {
+ if (e?.status === 401 || e?.status === 403) {
+ setAuthRequired(true);
+ setError(null);
+ // Automatically start OAuth sign-in instead of requiring a second click
+ setLoading(false);
+ startOAuthRef.current = true;
+ return;
+ } else {
+ const message =
+ e?.message || e?.detail || "Failed to connect to MCP server";
+ setError(
+ typeof message === "string" ? message : JSON.stringify(message),
+ );
+ }
+ } finally {
+ setLoading(false);
+ }
+ }, []);
+
+ const handleDiscoverTools = useCallback(() => {
+ if (!serverUrl.trim()) return;
+ discoverTools(serverUrl.trim(), manualToken.trim() || undefined);
+ }, [serverUrl, manualToken, discoverTools]);
+
+ const handleOAuthSignIn = useCallback(async () => {
+ if (!serverUrl.trim()) return;
+ setError(null);
+
+ // Abort any previous OAuth flow
+ oauthAbortRef.current?.();
+
+ setOauthLoading(true);
+
+ try {
+ const loginResponse = await postV2InitiateOauthLoginForAnMcpServer({
+ server_url: serverUrl.trim(),
+ });
+ if (loginResponse.status !== 200) throw loginResponse.data;
+ const { login_url, state_token } = loginResponse.data;
+
+ const { promise, cleanup } = openOAuthPopup(login_url, {
+ stateToken: state_token,
+ useCrossOriginListeners: true,
+ });
+ oauthAbortRef.current = cleanup.abort;
+
+ const result = await promise;
+
+ // Exchange code for tokens via the credentials provider (updates cache)
+ setLoading(true);
+ setOauthLoading(false);
+
+ const mcpProvider = allProviders?.["mcp"];
+ let callbackResult;
+ if (mcpProvider) {
+ callbackResult = await mcpProvider.mcpOAuthCallback(
+ result.code,
+ state_token,
+ );
+ } else {
+ const cbResponse = await postV2ExchangeOauthCodeForMcpTokens({
+ code: result.code,
+ state_token,
+ });
+ if (cbResponse.status !== 200) throw cbResponse.data;
+ callbackResult = cbResponse.data;
+ }
+
+ setCredentials({
+ id: callbackResult.id,
+ provider: callbackResult.provider,
+ type: callbackResult.type,
+ title: callbackResult.title,
+ });
+ setAuthRequired(false);
+
+ // Discover tools now that we're authenticated
+ const toolsResponse = await postV2DiscoverAvailableToolsOnAnMcpServer({
+ server_url: serverUrl.trim(),
+ });
+ if (toolsResponse.status !== 200) throw toolsResponse.data;
+ setTools(toolsResponse.data.tools);
+ setServerName(toolsResponse.data.server_name ?? null);
+ setStep("tool");
+ } catch (e: any) {
+ // If server doesn't support OAuth → show manual token entry
+ if (e?.status === 400) {
+ setShowManualToken(true);
+ setError(
+ "This server does not support OAuth sign-in. Please enter a token manually.",
+ );
+ } else if (e?.message === "OAuth flow timed out") {
+ setError("OAuth sign-in timed out. Please try again.");
+ } else {
+ const status = e?.status;
+ let message: string;
+ if (status === 401 || status === 403) {
+ message =
+ "Authentication succeeded but the server still rejected the request. " +
+ "The token audience may not match. Please try again.";
+ } else {
+ message = e?.message || e?.detail || "Failed to complete sign-in";
+ }
+ setError(
+ typeof message === "string" ? message : JSON.stringify(message),
+ );
+ }
+ } finally {
+ setOauthLoading(false);
+ setLoading(false);
+ oauthAbortRef.current = null;
+ }
+ }, [serverUrl, allProviders]);
+
+ // Auto-start OAuth sign-in when server returns 401/403
+ useEffect(() => {
+ if (authRequired && startOAuthRef.current) {
+ startOAuthRef.current = false;
+ handleOAuthSignIn();
+ }
+ }, [authRequired, handleOAuthSignIn]);
+
+ const handleConfirm = useCallback(() => {
+ if (!selectedTool) return;
+
+ const availableTools: Record = {};
+ for (const t of tools) {
+ availableTools[t.name] = {
+ description: t.description,
+ input_schema: t.input_schema,
+ };
+ }
+
+ onConfirm({
+ serverUrl: serverUrl.trim(),
+ serverName,
+ selectedTool: selectedTool.name,
+ toolInputSchema: selectedTool.input_schema,
+ availableTools,
+ credentials,
+ });
+ reset();
+ }, [
+ selectedTool,
+ tools,
+ serverUrl,
+ serverName,
+ credentials,
+ onConfirm,
+ reset,
+ ]);
+
+ return (
+
+ );
+}
+
+// --------------- Tool Card Component --------------- //
+
+/** Truncate a description to a reasonable length for the collapsed view. */
+function truncateDescription(text: string, maxLen = 120): string {
+ if (text.length <= maxLen) return text;
+ return text.slice(0, maxLen).trimEnd() + "…";
+}
+
+/** Pretty-print a JSON Schema type for a parameter. */
+function schemaTypeLabel(schema: Record): string {
+ if (schema.type) return schema.type;
+ if (schema.anyOf)
+ return schema.anyOf.map((s: any) => s.type ?? "any").join(" | ");
+ if (schema.oneOf)
+ return schema.oneOf.map((s: any) => s.type ?? "any").join(" | ");
+ return "any";
+}
+
+function MCPToolCard({
+ tool,
+ selected,
+ onSelect,
+}: {
+ tool: MCPToolResponse;
+ selected: boolean;
+ onSelect: () => void;
+}) {
+ const [expanded, setExpanded] = useState(false);
+ const schema = tool.input_schema as Record;
+ const properties = schema?.properties ?? {};
+ const required = new Set(schema?.required ?? []);
+ const paramNames = Object.keys(properties);
+
+ // Strip XML-like tags from description for cleaner display.
+ // Loop to handle nested tags like ipt> (CodeQL fix).
+ let cleanDescription = tool.description ?? "";
+ let prev = "";
+ while (prev !== cleanDescription) {
+ prev = cleanDescription;
+ cleanDescription = cleanDescription.replace(/<[^>]*>/g, "");
+ }
+ cleanDescription = cleanDescription.trim();
+
+ return (
+
+ );
+}
diff --git a/autogpt_platform/frontend/src/app/(platform)/build/components/NewControlPanel/NewBlockMenu/Block.tsx b/autogpt_platform/frontend/src/app/(platform)/build/components/NewControlPanel/NewBlockMenu/Block.tsx
index 10f4fc8a44..07c6795808 100644
--- a/autogpt_platform/frontend/src/app/(platform)/build/components/NewControlPanel/NewBlockMenu/Block.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/build/components/NewControlPanel/NewBlockMenu/Block.tsx
@@ -1,7 +1,7 @@
import { Button } from "@/components/__legacy__/ui/button";
import { Skeleton } from "@/components/__legacy__/ui/skeleton";
import { beautifyString, cn } from "@/lib/utils";
-import React, { ButtonHTMLAttributes } from "react";
+import React, { ButtonHTMLAttributes, useCallback, useState } from "react";
import { highlightText } from "./helpers";
import { PlusIcon } from "@phosphor-icons/react";
import { BlockInfo } from "@/app/api/__generated__/models/blockInfo";
@@ -9,6 +9,12 @@ import { useControlPanelStore } from "../../../stores/controlPanelStore";
import { blockDragPreviewStyle } from "./style";
import { useReactFlow } from "@xyflow/react";
import { useNodeStore } from "../../../stores/nodeStore";
+import { BlockUIType, SpecialBlockID } from "@/lib/autogpt-server-api";
+import {
+ MCPToolDialog,
+ type MCPToolDialogResult,
+} from "@/app/(platform)/build/components/MCPToolDialog";
+
interface Props extends ButtonHTMLAttributes {
title?: string;
description?: string;
@@ -33,22 +39,86 @@ export const Block: BlockComponent = ({
);
const { setViewport } = useReactFlow();
const { addBlock } = useNodeStore();
+ const [mcpDialogOpen, setMcpDialogOpen] = useState(false);
+
+ const isMCPBlock = blockData.uiType === BlockUIType.MCP_TOOL;
+
+ const addBlockAndCenter = useCallback(
+ (block: BlockInfo, hardcodedValues?: Record) => {
+ const customNode = addBlock(block, hardcodedValues);
+ setTimeout(() => {
+ setViewport(
+ {
+ x: -customNode.position.x * 0.8 + window.innerWidth / 2,
+ y: -customNode.position.y * 0.8 + (window.innerHeight - 400) / 2,
+ zoom: 0.8,
+ },
+ { duration: 500 },
+ );
+ }, 50);
+ return customNode;
+ },
+ [addBlock, setViewport],
+ );
+
+ const updateNodeData = useNodeStore((state) => state.updateNodeData);
+
+ const handleMCPToolConfirm = useCallback(
+ (result: MCPToolDialogResult) => {
+ // Derive a display label: prefer server name, fall back to URL hostname.
+ let serverLabel = result.serverName;
+ if (!serverLabel) {
+ try {
+ serverLabel = new URL(result.serverUrl).hostname;
+ } catch {
+ serverLabel = "MCP";
+ }
+ }
+
+ const customNode = addBlockAndCenter(blockData, {
+ server_url: result.serverUrl,
+ server_name: serverLabel,
+ selected_tool: result.selectedTool,
+ tool_input_schema: result.toolInputSchema,
+ available_tools: result.availableTools,
+ credentials: result.credentials ?? undefined,
+ });
+ if (customNode) {
+ const title = result.selectedTool
+ ? `${serverLabel}: ${beautifyString(result.selectedTool)}`
+ : undefined;
+ updateNodeData(customNode.id, {
+ metadata: {
+ ...customNode.data.metadata,
+ credentials_optional: true,
+ ...(title && { customized_name: title }),
+ },
+ });
+ }
+ setMcpDialogOpen(false);
+ },
+ [addBlockAndCenter, blockData, updateNodeData],
+ );
const handleClick = () => {
- const customNode = addBlock(blockData);
- setTimeout(() => {
- setViewport(
- {
- x: -customNode.position.x * 0.8 + window.innerWidth / 2,
- y: -customNode.position.y * 0.8 + (window.innerHeight - 400) / 2,
- zoom: 0.8,
+ if (isMCPBlock) {
+ setMcpDialogOpen(true);
+ return;
+ }
+ const customNode = addBlockAndCenter(blockData);
+ // Set customized_name for agent blocks so the agent's name persists
+ if (customNode && blockData.id === SpecialBlockID.AGENT) {
+ updateNodeData(customNode.id, {
+ metadata: {
+ ...customNode.data.metadata,
+ customized_name: blockData.name,
},
- { duration: 500 },
- );
- }, 50);
+ });
+ }
};
const handleDragStart = (e: React.DragEvent) => {
+ if (isMCPBlock) return;
e.dataTransfer.effectAllowed = "copy";
e.dataTransfer.setData("application/reactflow", JSON.stringify(blockData));
@@ -71,46 +141,56 @@ export const Block: BlockComponent = ({
: undefined;
return (
-
+ setMcpDialogOpen(false)}
+ onConfirm={handleMCPToolConfirm}
+ />
+ )}
+
);
};
diff --git a/autogpt_platform/frontend/src/app/(platform)/build/components/types.ts b/autogpt_platform/frontend/src/app/(platform)/build/components/types.ts
index 2fde427330..0f5021351d 100644
--- a/autogpt_platform/frontend/src/app/(platform)/build/components/types.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/build/components/types.ts
@@ -9,4 +9,5 @@ export enum BlockUIType {
AGENT = "Agent",
AI = "AI",
AYRSHARE = "Ayrshare",
+ MCP_TOOL = "MCP Tool",
}
diff --git a/autogpt_platform/frontend/src/app/api/openapi.json b/autogpt_platform/frontend/src/app/api/openapi.json
index 8e48931540..63a8a856b9 100644
--- a/autogpt_platform/frontend/src/app/api/openapi.json
+++ b/autogpt_platform/frontend/src/app/api/openapi.json
@@ -4269,6 +4269,128 @@
}
}
},
+ "/api/mcp/discover-tools": {
+ "post": {
+ "tags": ["v2", "mcp", "mcp"],
+ "summary": "Discover available tools on an MCP server",
+ "description": "Connect to an MCP server and return its available tools.\n\nIf the user has a stored MCP credential for this server URL, it will be\nused automatically — no need to pass an explicit auth token.",
+ "operationId": "postV2Discover available tools on an mcp server",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": { "$ref": "#/components/schemas/DiscoverToolsRequest" }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Successful Response",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/DiscoverToolsResponse"
+ }
+ }
+ }
+ },
+ "401": {
+ "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
+ },
+ "422": {
+ "description": "Validation Error",
+ "content": {
+ "application/json": {
+ "schema": { "$ref": "#/components/schemas/HTTPValidationError" }
+ }
+ }
+ }
+ },
+ "security": [{ "HTTPBearerJWT": [] }]
+ }
+ },
+ "/api/mcp/oauth/callback": {
+ "post": {
+ "tags": ["v2", "mcp", "mcp"],
+ "summary": "Exchange OAuth code for MCP tokens",
+ "description": "Exchange the authorization code for tokens and store the credential.\n\nThe frontend calls this after receiving the OAuth code from the popup.\nOn success, subsequent ``/discover-tools`` calls for the same server URL\nwill automatically use the stored credential.",
+ "operationId": "postV2Exchange oauth code for mcp tokens",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MCPOAuthCallbackRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Successful Response",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/CredentialsMetaResponse"
+ }
+ }
+ }
+ },
+ "401": {
+ "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
+ },
+ "422": {
+ "description": "Validation Error",
+ "content": {
+ "application/json": {
+ "schema": { "$ref": "#/components/schemas/HTTPValidationError" }
+ }
+ }
+ }
+ },
+ "security": [{ "HTTPBearerJWT": [] }]
+ }
+ },
+ "/api/mcp/oauth/login": {
+ "post": {
+ "tags": ["v2", "mcp", "mcp"],
+ "summary": "Initiate OAuth login for an MCP server",
+ "description": "Discover OAuth metadata from the MCP server and return a login URL.\n\n1. Discovers the protected-resource metadata (RFC 9728)\n2. Fetches the authorization server metadata (RFC 8414)\n3. Performs Dynamic Client Registration (RFC 7591) if available\n4. Returns the authorization URL for the frontend to open in a popup",
+ "operationId": "postV2Initiate oauth login for an mcp server",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": { "$ref": "#/components/schemas/MCPOAuthLoginRequest" }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Successful Response",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MCPOAuthLoginResponse"
+ }
+ }
+ }
+ },
+ "401": {
+ "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
+ },
+ "422": {
+ "description": "Validation Error",
+ "content": {
+ "application/json": {
+ "schema": { "$ref": "#/components/schemas/HTTPValidationError" }
+ }
+ }
+ }
+ },
+ "security": [{ "HTTPBearerJWT": [] }]
+ }
+ },
"/api/oauth/app/{client_id}": {
"get": {
"tags": ["oauth"],
@@ -7691,7 +7813,7 @@
"host": {
"anyOf": [{ "type": "string" }, { "type": "null" }],
"title": "Host",
- "description": "Host pattern for host-scoped credentials"
+ "description": "Host pattern for host-scoped or MCP server URL for MCP credentials"
}
},
"type": "object",
@@ -7711,6 +7833,45 @@
"required": ["version_counts"],
"title": "DeleteGraphResponse"
},
+ "DiscoverToolsRequest": {
+ "properties": {
+ "server_url": {
+ "type": "string",
+ "title": "Server Url",
+ "description": "URL of the MCP server"
+ },
+ "auth_token": {
+ "anyOf": [{ "type": "string" }, { "type": "null" }],
+ "title": "Auth Token",
+ "description": "Optional Bearer token for authenticated MCP servers"
+ }
+ },
+ "type": "object",
+ "required": ["server_url"],
+ "title": "DiscoverToolsRequest",
+ "description": "Request to discover tools on an MCP server."
+ },
+ "DiscoverToolsResponse": {
+ "properties": {
+ "tools": {
+ "items": { "$ref": "#/components/schemas/MCPToolResponse" },
+ "type": "array",
+ "title": "Tools"
+ },
+ "server_name": {
+ "anyOf": [{ "type": "string" }, { "type": "null" }],
+ "title": "Server Name"
+ },
+ "protocol_version": {
+ "anyOf": [{ "type": "string" }, { "type": "null" }],
+ "title": "Protocol Version"
+ }
+ },
+ "type": "object",
+ "required": ["tools"],
+ "title": "DiscoverToolsResponse",
+ "description": "Response containing the list of tools available on an MCP server."
+ },
"DocPageResponse": {
"properties": {
"type": {
@@ -9287,6 +9448,62 @@
"required": ["login_url", "state_token"],
"title": "LoginResponse"
},
+ "MCPOAuthCallbackRequest": {
+ "properties": {
+ "code": {
+ "type": "string",
+ "title": "Code",
+ "description": "Authorization code from OAuth callback"
+ },
+ "state_token": {
+ "type": "string",
+ "title": "State Token",
+ "description": "State token for CSRF verification"
+ }
+ },
+ "type": "object",
+ "required": ["code", "state_token"],
+ "title": "MCPOAuthCallbackRequest",
+ "description": "Request to exchange an OAuth code for tokens."
+ },
+ "MCPOAuthLoginRequest": {
+ "properties": {
+ "server_url": {
+ "type": "string",
+ "title": "Server Url",
+ "description": "URL of the MCP server that requires OAuth"
+ }
+ },
+ "type": "object",
+ "required": ["server_url"],
+ "title": "MCPOAuthLoginRequest",
+ "description": "Request to start an OAuth flow for an MCP server."
+ },
+ "MCPOAuthLoginResponse": {
+ "properties": {
+ "login_url": { "type": "string", "title": "Login Url" },
+ "state_token": { "type": "string", "title": "State Token" }
+ },
+ "type": "object",
+ "required": ["login_url", "state_token"],
+ "title": "MCPOAuthLoginResponse",
+ "description": "Response with the OAuth login URL for the user to authenticate."
+ },
+ "MCPToolResponse": {
+ "properties": {
+ "name": { "type": "string", "title": "Name" },
+ "description": { "type": "string", "title": "Description" },
+ "input_schema": {
+ "additionalProperties": true,
+ "type": "object",
+ "title": "Input Schema"
+ }
+ },
+ "type": "object",
+ "required": ["name", "description", "input_schema"],
+ "title": "MCPToolResponse",
+ "description": "A single MCP tool returned by discovery."
+ },
"MarketplaceListing": {
"properties": {
"id": { "type": "string", "title": "Id" },
diff --git a/autogpt_platform/frontend/src/components/contextual/CredentialsInput/components/CredentialsGroupedView/CredentialsGroupedView.tsx b/autogpt_platform/frontend/src/components/contextual/CredentialsInput/components/CredentialsGroupedView/CredentialsGroupedView.tsx
index 135a960431..22d0a318a9 100644
--- a/autogpt_platform/frontend/src/components/contextual/CredentialsInput/components/CredentialsGroupedView/CredentialsGroupedView.tsx
+++ b/autogpt_platform/frontend/src/components/contextual/CredentialsInput/components/CredentialsGroupedView/CredentialsGroupedView.tsx
@@ -38,13 +38,8 @@ export function CredentialsGroupedView({
const allProviders = useContext(CredentialsProvidersContext);
const { userCredentialFields, systemCredentialFields } = useMemo(
- () =>
- splitCredentialFieldsBySystem(
- credentialFields,
- allProviders,
- inputCredentials,
- ),
- [credentialFields, allProviders, inputCredentials],
+ () => splitCredentialFieldsBySystem(credentialFields, allProviders),
+ [credentialFields, allProviders],
);
const hasSystemCredentials = systemCredentialFields.length > 0;
@@ -86,11 +81,13 @@ export function CredentialsGroupedView({
const providerNames = schema.credentials_provider || [];
const credentialTypes = schema.credentials_types || [];
const requiredScopes = schema.credentials_scopes;
+ const discriminatorValues = schema.discriminator_values;
const savedCredential = findSavedCredentialByProviderAndType(
providerNames,
credentialTypes,
requiredScopes,
allProviders,
+ discriminatorValues,
);
if (savedCredential) {
diff --git a/autogpt_platform/frontend/src/components/contextual/CredentialsInput/components/CredentialsGroupedView/helpers.ts b/autogpt_platform/frontend/src/components/contextual/CredentialsInput/components/CredentialsGroupedView/helpers.ts
index 5f439d3a32..2d8d001a72 100644
--- a/autogpt_platform/frontend/src/components/contextual/CredentialsInput/components/CredentialsGroupedView/helpers.ts
+++ b/autogpt_platform/frontend/src/components/contextual/CredentialsInput/components/CredentialsGroupedView/helpers.ts
@@ -23,10 +23,35 @@ function hasRequiredScopes(
return true;
}
+/** Check if a credential matches the discriminator values (e.g. MCP server URL). */
+function matchesDiscriminatorValues(
+ credential: { host?: string | null; provider: string; type: string },
+ discriminatorValues?: string[],
+) {
+ // MCP OAuth2 credentials must match by server URL
+ if (credential.type === "oauth2" && credential.provider === "mcp") {
+ if (!discriminatorValues || discriminatorValues.length === 0) return false;
+ return (
+ credential.host != null && discriminatorValues.includes(credential.host)
+ );
+ }
+ // Host-scoped credentials match by host
+ if (credential.type === "host_scoped" && credential.host) {
+ if (!discriminatorValues || discriminatorValues.length === 0) return true;
+ return discriminatorValues.some((v) => {
+ try {
+ return new URL(v).hostname === credential.host;
+ } catch {
+ return false;
+ }
+ });
+ }
+ return true;
+}
+
export function splitCredentialFieldsBySystem(
credentialFields: CredentialField[],
allProviders: CredentialsProvidersContextType | null,
- inputCredentials?: Record,
) {
if (!allProviders || credentialFields.length === 0) {
return {
@@ -52,17 +77,9 @@ export function splitCredentialFieldsBySystem(
}
}
- const sortByUnsetFirst = (a: CredentialField, b: CredentialField) => {
- const aIsSet = Boolean(inputCredentials?.[a[0]]);
- const bIsSet = Boolean(inputCredentials?.[b[0]]);
-
- if (aIsSet === bIsSet) return 0;
- return aIsSet ? 1 : -1;
- };
-
return {
- userCredentialFields: userFields.sort(sortByUnsetFirst),
- systemCredentialFields: systemFields.sort(sortByUnsetFirst),
+ userCredentialFields: userFields,
+ systemCredentialFields: systemFields,
};
}
@@ -160,6 +177,7 @@ export function findSavedCredentialByProviderAndType(
credentialTypes: string[],
requiredScopes: string[] | undefined,
allProviders: CredentialsProvidersContextType | null,
+ discriminatorValues?: string[],
): SavedCredential | undefined {
for (const providerName of providerNames) {
const providerData = allProviders?.[providerName];
@@ -176,9 +194,14 @@ export function findSavedCredentialByProviderAndType(
credentialTypes.length === 0 ||
credentialTypes.includes(credential.type);
const scopesMatch = hasRequiredScopes(credential, requiredScopes);
+ const hostMatches = matchesDiscriminatorValues(
+ credential,
+ discriminatorValues,
+ );
if (!typeMatches) continue;
if (!scopesMatch) continue;
+ if (!hostMatches) continue;
matchingCredentials.push(credential as SavedCredential);
}
@@ -190,9 +213,14 @@ export function findSavedCredentialByProviderAndType(
credentialTypes.length === 0 ||
credentialTypes.includes(credential.type);
const scopesMatch = hasRequiredScopes(credential, requiredScopes);
+ const hostMatches = matchesDiscriminatorValues(
+ credential,
+ discriminatorValues,
+ );
if (!typeMatches) continue;
if (!scopesMatch) continue;
+ if (!hostMatches) continue;
matchingCredentials.push(credential as SavedCredential);
}
@@ -214,6 +242,7 @@ export function findSavedUserCredentialByProviderAndType(
credentialTypes: string[],
requiredScopes: string[] | undefined,
allProviders: CredentialsProvidersContextType | null,
+ discriminatorValues?: string[],
): SavedCredential | undefined {
for (const providerName of providerNames) {
const providerData = allProviders?.[providerName];
@@ -230,9 +259,14 @@ export function findSavedUserCredentialByProviderAndType(
credentialTypes.length === 0 ||
credentialTypes.includes(credential.type);
const scopesMatch = hasRequiredScopes(credential, requiredScopes);
+ const hostMatches = matchesDiscriminatorValues(
+ credential,
+ discriminatorValues,
+ );
if (!typeMatches) continue;
if (!scopesMatch) continue;
+ if (!hostMatches) continue;
matchingCredentials.push(credential as SavedCredential);
}
diff --git a/autogpt_platform/frontend/src/components/contextual/CredentialsInput/useCredentialsInput.ts b/autogpt_platform/frontend/src/components/contextual/CredentialsInput/useCredentialsInput.ts
index 509713ff1e..9ab2e08141 100644
--- a/autogpt_platform/frontend/src/components/contextual/CredentialsInput/useCredentialsInput.ts
+++ b/autogpt_platform/frontend/src/components/contextual/CredentialsInput/useCredentialsInput.ts
@@ -5,14 +5,14 @@ import {
BlockIOCredentialsSubSchema,
CredentialsMetaInput,
} from "@/lib/autogpt-server-api/types";
+import { postV2InitiateOauthLoginForAnMcpServer } from "@/app/api/__generated__/endpoints/mcp/mcp";
+import { openOAuthPopup } from "@/lib/oauth-popup";
import { useQueryClient } from "@tanstack/react-query";
import { useEffect, useRef, useState } from "react";
import {
filterSystemCredentials,
getActionButtonText,
getSystemCredentials,
- OAUTH_TIMEOUT_MS,
- OAuthPopupResultMessage,
} from "./helpers";
export type CredentialsInputState = ReturnType;
@@ -57,6 +57,14 @@ export function useCredentialsInput({
const queryClient = useQueryClient();
const credentials = useCredentials(schema, siblingInputs);
const hasAttemptedAutoSelect = useRef(false);
+ const oauthAbortRef = useRef<((reason?: string) => void) | null>(null);
+
+ // Clean up on unmount
+ useEffect(() => {
+ return () => {
+ oauthAbortRef.current?.();
+ };
+ }, []);
const deleteCredentialsMutation = useDeleteV1DeleteCredentials({
mutation: {
@@ -81,11 +89,14 @@ export function useCredentialsInput({
}
}, [credentials, onLoaded]);
- // Unselect credential if not available
+ // Unselect credential if not available in the loaded credential list.
+ // Skip when no credentials have been loaded yet (empty list could mean
+ // the provider data hasn't finished loading, not that the credential is invalid).
useEffect(() => {
if (readOnly) return;
if (!credentials || !("savedCredentials" in credentials)) return;
const availableCreds = credentials.savedCredentials;
+ if (availableCreds.length === 0) return;
if (
selectedCredential &&
!availableCreds.some((c) => c.id === selectedCredential.id)
@@ -110,7 +121,9 @@ export function useCredentialsInput({
if (hasAttemptedAutoSelect.current) return;
hasAttemptedAutoSelect.current = true;
- if (isOptional) return;
+ // Auto-select if exactly one credential matches.
+ // For optional fields with multiple options, let the user choose.
+ if (isOptional && savedCreds.length > 1) return;
const cred = savedCreds[0];
onSelectCredential({
@@ -148,7 +161,9 @@ export function useCredentialsInput({
supportsHostScoped,
savedCredentials,
oAuthCallback,
+ mcpOAuthCallback,
isSystemProvider,
+ discriminatorValue,
} = credentials;
// Split credentials into user and system
@@ -157,72 +172,66 @@ export function useCredentialsInput({
async function handleOAuthLogin() {
setOAuthError(null);
- const { login_url, state_token } = await api.oAuthLogin(
- provider,
- schema.credentials_scopes,
- );
- setOAuth2FlowInProgress(true);
- const popup = window.open(login_url, "_blank", "popup=true");
- if (!popup) {
- throw new Error(
- "Failed to open popup window. Please allow popups for this site.",
+ // Abort any previous OAuth flow
+ oauthAbortRef.current?.();
+
+ // MCP uses dynamic OAuth discovery per server URL
+ const isMCP = provider === "mcp" && !!discriminatorValue;
+
+ try {
+ let login_url: string;
+ let state_token: string;
+
+ if (isMCP) {
+ const mcpLoginResponse = await postV2InitiateOauthLoginForAnMcpServer({
+ server_url: discriminatorValue!,
+ });
+ if (mcpLoginResponse.status !== 200) throw mcpLoginResponse.data;
+ ({ login_url, state_token } = mcpLoginResponse.data);
+ } else {
+ ({ login_url, state_token } = await api.oAuthLogin(
+ provider,
+ schema.credentials_scopes,
+ ));
+ }
+
+ setOAuth2FlowInProgress(true);
+
+ const { promise, cleanup } = openOAuthPopup(login_url, {
+ stateToken: state_token,
+ useCrossOriginListeners: isMCP,
+ // Standard OAuth uses "oauth_popup_result", MCP uses "mcp_oauth_result"
+ acceptMessageTypes: isMCP
+ ? ["mcp_oauth_result"]
+ : ["oauth_popup_result"],
+ });
+
+ oauthAbortRef.current = cleanup.abort;
+ // Expose abort signal for the waiting modal's cancel button
+ const controller = new AbortController();
+ cleanup.signal.addEventListener("abort", () =>
+ controller.abort("completed"),
);
- }
+ setOAuthPopupController(controller);
- const controller = new AbortController();
- setOAuthPopupController(controller);
- controller.signal.onabort = () => {
- console.debug("OAuth flow aborted");
- setOAuth2FlowInProgress(false);
- popup.close();
- };
+ const result = await promise;
- const handleMessage = async (e: MessageEvent) => {
- console.debug("Message received:", e.data);
- if (
- typeof e.data != "object" ||
- !("message_type" in e.data) ||
- e.data.message_type !== "oauth_popup_result"
- ) {
- console.debug("Ignoring irrelevant message");
- return;
- }
+ // Exchange code for tokens via the provider (updates credential cache)
+ const credentialResult = isMCP
+ ? await mcpOAuthCallback(result.code, state_token)
+ : await oAuthCallback(result.code, result.state);
- if (!e.data.success) {
- console.error("OAuth flow failed:", e.data.message);
- setOAuthError(`OAuth flow failed: ${e.data.message}`);
- setOAuth2FlowInProgress(false);
- return;
- }
-
- if (e.data.state !== state_token) {
- console.error("Invalid state token received");
- setOAuthError("Invalid state token received");
- setOAuth2FlowInProgress(false);
- return;
- }
-
- try {
- console.debug("Processing OAuth callback");
- const credentials = await oAuthCallback(e.data.code, e.data.state);
- console.debug("OAuth callback processed successfully");
-
- // Check if the credential's scopes match the required scopes
+ // Check if the credential's scopes match the required scopes (skip for MCP)
+ if (!isMCP) {
const requiredScopes = schema.credentials_scopes;
if (requiredScopes && requiredScopes.length > 0) {
- const grantedScopes = new Set(credentials.scopes || []);
+ const grantedScopes = new Set(credentialResult.scopes || []);
const hasAllRequiredScopes = new Set(requiredScopes).isSubsetOf(
grantedScopes,
);
if (!hasAllRequiredScopes) {
- console.error(
- `Newly created OAuth credential for ${providerName} has insufficient scopes. Required:`,
- requiredScopes,
- "Granted:",
- credentials.scopes,
- );
setOAuthError(
"Connection failed: the granted permissions don't match what's required. " +
"Please contact the application administrator.",
@@ -230,38 +239,28 @@ export function useCredentialsInput({
return;
}
}
+ }
- onSelectCredential({
- id: credentials.id,
- type: "oauth2",
- title: credentials.title,
- provider,
- });
- } catch (error) {
- console.error("Error in OAuth callback:", error);
+ onSelectCredential({
+ id: credentialResult.id,
+ type: "oauth2",
+ title: credentialResult.title,
+ provider,
+ });
+ } catch (error) {
+ if (error instanceof Error && error.message === "OAuth flow timed out") {
+ setOAuthError("OAuth flow timed out");
+ } else {
setOAuthError(
- `Error in OAuth callback: ${
+ `OAuth error: ${
error instanceof Error ? error.message : String(error)
}`,
);
- } finally {
- console.debug("Finalizing OAuth flow");
- setOAuth2FlowInProgress(false);
- controller.abort("success");
}
- };
-
- console.debug("Adding message event listener");
- window.addEventListener("message", handleMessage, {
- signal: controller.signal,
- });
-
- setTimeout(() => {
- console.debug("OAuth flow timed out");
- controller.abort("timeout");
+ } finally {
setOAuth2FlowInProgress(false);
- setOAuthError("OAuth flow timed out");
- }, OAUTH_TIMEOUT_MS);
+ oauthAbortRef.current = null;
+ }
}
function handleActionButtonClick() {
diff --git a/autogpt_platform/frontend/src/hooks/useCredentials.ts b/autogpt_platform/frontend/src/hooks/useCredentials.ts
index eda6ab0278..9a78e5b8f4 100644
--- a/autogpt_platform/frontend/src/hooks/useCredentials.ts
+++ b/autogpt_platform/frontend/src/hooks/useCredentials.ts
@@ -100,6 +100,11 @@ export default function useCredentials(
return false;
}
+ // Filter MCP OAuth2 credentials by server URL matching
+ if (c.type === "oauth2" && c.provider === "mcp") {
+ return discriminatorValue != null && c.host === discriminatorValue;
+ }
+
// Filter by OAuth credentials that have sufficient scopes for this block
if (c.type === "oauth2") {
const requiredScopes = credsInputSchema.credentials_scopes;
diff --git a/autogpt_platform/frontend/src/lib/autogpt-server-api/types.ts b/autogpt_platform/frontend/src/lib/autogpt-server-api/types.ts
index 65625f1cfb..ffc21269e6 100644
--- a/autogpt_platform/frontend/src/lib/autogpt-server-api/types.ts
+++ b/autogpt_platform/frontend/src/lib/autogpt-server-api/types.ts
@@ -749,10 +749,12 @@ export enum BlockUIType {
AGENT = "Agent",
AI = "AI",
AYRSHARE = "Ayrshare",
+ MCP_TOOL = "MCP Tool",
}
export enum SpecialBlockID {
AGENT = "e189baac-8c20-45a1-94a7-55177ea42565",
+ MCP_TOOL = "a0a4b1c2-d3e4-4f56-a7b8-c9d0e1f2a3b4",
SMART_DECISION = "3b191d9f-356f-482d-8238-ba04b6d18381",
OUTPUT = "363ae599-353e-4804-937e-b2ee3cef3da4",
}
diff --git a/autogpt_platform/frontend/src/lib/oauth-popup.ts b/autogpt_platform/frontend/src/lib/oauth-popup.ts
new file mode 100644
index 0000000000..2927887751
--- /dev/null
+++ b/autogpt_platform/frontend/src/lib/oauth-popup.ts
@@ -0,0 +1,177 @@
+/**
+ * Shared utility for OAuth popup flows with cross-origin support.
+ *
+ * Handles BroadcastChannel, postMessage, and localStorage polling
+ * to reliably receive OAuth callback results even when COOP headers
+ * sever the window.opener relationship.
+ */
+
+const DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
+
+export type OAuthPopupResult = {
+ code: string;
+ state: string;
+};
+
+export type OAuthPopupOptions = {
+ /** State token to validate against incoming messages */
+ stateToken: string;
+ /**
+ * Use BroadcastChannel + localStorage polling for cross-origin OAuth (MCP).
+ * Standard OAuth only uses postMessage via window.opener.
+ */
+ useCrossOriginListeners?: boolean;
+ /** BroadcastChannel name (default: "mcp_oauth") */
+ broadcastChannelName?: string;
+ /** localStorage key for cross-origin fallback (default: "mcp_oauth_result") */
+ localStorageKey?: string;
+ /** Message types to accept (default: ["oauth_popup_result", "mcp_oauth_result"]) */
+ acceptMessageTypes?: string[];
+ /** Timeout in ms (default: 5 minutes) */
+ timeout?: number;
+};
+
+type Cleanup = {
+ /** Abort the OAuth flow and close the popup */
+ abort: (reason?: string) => void;
+ /** The AbortController signal */
+ signal: AbortSignal;
+};
+
+/**
+ * Opens an OAuth popup and sets up listeners for the callback result.
+ *
+ * Opens a blank popup synchronously (to avoid popup blockers), then navigates
+ * it to the login URL. Returns a promise that resolves with the OAuth code/state.
+ *
+ * @param loginUrl - The OAuth authorization URL to navigate to
+ * @param options - Configuration for message handling
+ * @returns Object with `promise` (resolves with OAuth result) and `abort` (cancels flow)
+ */
+export function openOAuthPopup(
+ loginUrl: string,
+ options: OAuthPopupOptions,
+): { promise: Promise; cleanup: Cleanup } {
+ const {
+ stateToken,
+ useCrossOriginListeners = false,
+ broadcastChannelName = "mcp_oauth",
+ localStorageKey = "mcp_oauth_result",
+ acceptMessageTypes = ["oauth_popup_result", "mcp_oauth_result"],
+ timeout = DEFAULT_TIMEOUT_MS,
+ } = options;
+
+ const controller = new AbortController();
+
+ // Open popup synchronously (before any async work) to avoid browser popup blockers
+ const width = 500;
+ const height = 700;
+ const left = window.screenX + (window.outerWidth - width) / 2;
+ const top = window.screenY + (window.outerHeight - height) / 2;
+ const popup = window.open(
+ "about:blank",
+ "_blank",
+ `width=${width},height=${height},left=${left},top=${top},popup=true,scrollbars=yes`,
+ );
+
+ if (popup && !popup.closed) {
+ popup.location.href = loginUrl;
+ } else {
+ // Popup was blocked — open in new tab as fallback
+ window.open(loginUrl, "_blank");
+ }
+
+ // Close popup on abort
+ controller.signal.addEventListener("abort", () => {
+ if (popup && !popup.closed) popup.close();
+ });
+
+ // Clear any stale localStorage entry
+ if (useCrossOriginListeners) {
+ try {
+ localStorage.removeItem(localStorageKey);
+ } catch {}
+ }
+
+ const promise = new Promise((resolve, reject) => {
+ let handled = false;
+
+ const handleResult = (data: any) => {
+ if (handled) return; // Prevent double-handling
+
+ // Validate message type
+ const messageType = data?.message_type ?? data?.type;
+ if (!messageType || !acceptMessageTypes.includes(messageType)) return;
+
+ // Validate state token
+ if (data.state !== stateToken) {
+ // State mismatch — this message is for a different listener. Ignore silently.
+ return;
+ }
+
+ handled = true;
+
+ if (!data.success) {
+ reject(new Error(data.message || "OAuth authentication failed"));
+ } else {
+ resolve({ code: data.code, state: data.state });
+ }
+
+ controller.abort("completed");
+ };
+
+ // Listener: postMessage (works for same-origin popups)
+ window.addEventListener(
+ "message",
+ (event: MessageEvent) => {
+ if (typeof event.data === "object") {
+ handleResult(event.data);
+ }
+ },
+ { signal: controller.signal },
+ );
+
+ // Cross-origin listeners for MCP OAuth
+ if (useCrossOriginListeners) {
+ // Listener: BroadcastChannel (works across tabs/popups without opener)
+ try {
+ const bc = new BroadcastChannel(broadcastChannelName);
+ bc.onmessage = (event) => handleResult(event.data);
+ controller.signal.addEventListener("abort", () => bc.close());
+ } catch {}
+
+ // Listener: localStorage polling (most reliable cross-tab fallback)
+ const pollInterval = setInterval(() => {
+ try {
+ const stored = localStorage.getItem(localStorageKey);
+ if (stored) {
+ const data = JSON.parse(stored);
+ localStorage.removeItem(localStorageKey);
+ handleResult(data);
+ }
+ } catch {}
+ }, 500);
+ controller.signal.addEventListener("abort", () =>
+ clearInterval(pollInterval),
+ );
+ }
+
+ // Timeout
+ const timeoutId = setTimeout(() => {
+ if (!handled) {
+ handled = true;
+ reject(new Error("OAuth flow timed out"));
+ controller.abort("timeout");
+ }
+ }, timeout);
+ controller.signal.addEventListener("abort", () => clearTimeout(timeoutId));
+ });
+
+ return {
+ promise,
+ cleanup: {
+ abort: (reason?: string) => controller.abort(reason || "canceled"),
+ signal: controller.signal,
+ },
+ };
+}
diff --git a/autogpt_platform/frontend/src/middleware.ts b/autogpt_platform/frontend/src/middleware.ts
index af1c823295..8cec8a2645 100644
--- a/autogpt_platform/frontend/src/middleware.ts
+++ b/autogpt_platform/frontend/src/middleware.ts
@@ -18,6 +18,6 @@ export const config = {
* Note: /auth/authorize and /auth/integrations/* ARE protected and need
* middleware to run for authentication checks.
*/
- "/((?!_next/static|_next/image|favicon.ico|auth/callback|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)",
+ "/((?!_next/static|_next/image|favicon.ico|auth/callback|auth/integrations/mcp_callback|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)",
],
};
diff --git a/autogpt_platform/frontend/src/providers/agent-credentials/credentials-provider.tsx b/autogpt_platform/frontend/src/providers/agent-credentials/credentials-provider.tsx
index e47cc65e13..a426d8f667 100644
--- a/autogpt_platform/frontend/src/providers/agent-credentials/credentials-provider.tsx
+++ b/autogpt_platform/frontend/src/providers/agent-credentials/credentials-provider.tsx
@@ -8,6 +8,7 @@ import {
HostScopedCredentials,
UserPasswordCredentials,
} from "@/lib/autogpt-server-api";
+import { postV2ExchangeOauthCodeForMcpTokens } from "@/app/api/__generated__/endpoints/mcp/mcp";
import { useBackendAPI } from "@/lib/autogpt-server-api/context";
import { useSupabase } from "@/lib/supabase/hooks/useSupabase";
import { toDisplayName } from "@/providers/agent-credentials/helper";
@@ -38,6 +39,11 @@ export type CredentialsProviderData = {
code: string,
state_token: string,
) => Promise;
+ /** MCP-specific OAuth callback that uses dynamic per-server OAuth discovery. */
+ mcpOAuthCallback: (
+ code: string,
+ state_token: string,
+ ) => Promise;
createAPIKeyCredentials: (
credentials: APIKeyCredentialsCreatable,
) => Promise;
@@ -120,6 +126,35 @@ export default function CredentialsProvider({
[api, addCredentials, onFailToast],
);
+ /** Exchanges an MCP OAuth code for tokens and adds the result to the internal credentials store. */
+ const mcpOAuthCallback = useCallback(
+ async (
+ code: string,
+ state_token: string,
+ ): Promise => {
+ try {
+ const response = await postV2ExchangeOauthCodeForMcpTokens({
+ code,
+ state_token,
+ });
+ if (response.status !== 200) throw response.data;
+ const credsMeta: CredentialsMetaResponse = {
+ ...response.data,
+ title: response.data.title ?? undefined,
+ scopes: response.data.scopes ?? undefined,
+ username: response.data.username ?? undefined,
+ host: response.data.host ?? undefined,
+ };
+ addCredentials("mcp", credsMeta);
+ return credsMeta;
+ } catch (error) {
+ onFailToast("complete MCP OAuth authentication")(error);
+ throw error;
+ }
+ },
+ [addCredentials, onFailToast],
+ );
+
/** Wraps `BackendAPI.createAPIKeyCredentials`, and adds the result to the internal credentials store. */
const createAPIKeyCredentials = useCallback(
async (
@@ -258,6 +293,7 @@ export default function CredentialsProvider({
isSystemProvider: systemProviders.has(provider),
oAuthCallback: (code: string, state_token: string) =>
oAuthCallback(provider, code, state_token),
+ mcpOAuthCallback,
createAPIKeyCredentials: (
credentials: APIKeyCredentialsCreatable,
) => createAPIKeyCredentials(provider, credentials),
@@ -286,6 +322,7 @@ export default function CredentialsProvider({
createHostScopedCredentials,
deleteCredentials,
oAuthCallback,
+ mcpOAuthCallback,
onFailToast,
]);
diff --git a/autogpt_platform/frontend/src/tests/pages/build.page.ts b/autogpt_platform/frontend/src/tests/pages/build.page.ts
index 9370288f8e..3bb9552b82 100644
--- a/autogpt_platform/frontend/src/tests/pages/build.page.ts
+++ b/autogpt_platform/frontend/src/tests/pages/build.page.ts
@@ -528,6 +528,9 @@ export class BuildPage extends BasePage {
async getBlocksToSkip(): Promise {
return [
(await this.getGithubTriggerBlockDetails()).map((b) => b.id),
+ // MCP Tool block requires an interactive dialog (server URL + OAuth) before
+ // it can be placed, so it can't be tested via the standard "add block" flow.
+ "a0a4b1c2-d3e4-4f56-a7b8-c9d0e1f2a3b4",
].flat();
}
diff --git a/docs/integrations/README.md b/docs/integrations/README.md
index a471ef3533..c216aa4836 100644
--- a/docs/integrations/README.md
+++ b/docs/integrations/README.md
@@ -467,6 +467,7 @@ Below is a comprehensive list of all available blocks, categorized by their prim
| [Github Update Comment](block-integrations/github/issues.md#github-update-comment) | A block that updates an existing comment on a GitHub issue or pull request |
| [Github Update File](block-integrations/github/repo.md#github-update-file) | This block updates an existing file in a GitHub repository |
| [Instantiate Code Sandbox](block-integrations/misc.md#instantiate-code-sandbox) | Instantiate a sandbox environment with internet access in which you can execute code with the Execute Code Step block |
+| [MCP Tool](block-integrations/mcp/block.md#mcp-tool) | Connect to any MCP server and execute its tools |
| [Slant3D Order Webhook](block-integrations/slant3d/webhook.md#slant3d-order-webhook) | This block triggers on Slant3D order status updates and outputs the event details, including tracking information when orders are shipped |
## Media Generation
diff --git a/docs/integrations/SUMMARY.md b/docs/integrations/SUMMARY.md
index f481ae2e0a..3ad4bf2c6d 100644
--- a/docs/integrations/SUMMARY.md
+++ b/docs/integrations/SUMMARY.md
@@ -84,6 +84,7 @@
* [Linear Projects](block-integrations/linear/projects.md)
* [LLM](block-integrations/llm.md)
* [Logic](block-integrations/logic.md)
+* [Mcp Block](block-integrations/mcp/block.md)
* [Misc](block-integrations/misc.md)
* [Notion Create Page](block-integrations/notion/create_page.md)
* [Notion Read Database](block-integrations/notion/read_database.md)
diff --git a/docs/integrations/block-integrations/mcp/block.md b/docs/integrations/block-integrations/mcp/block.md
new file mode 100644
index 0000000000..6858e42e94
--- /dev/null
+++ b/docs/integrations/block-integrations/mcp/block.md
@@ -0,0 +1,40 @@
+# Mcp Block
+
+Blocks for connecting to and executing tools on MCP (Model Context Protocol) servers.
+
+
+## MCP Tool
+
+### What it is
+Connect to any MCP server and execute its tools. Provide a server URL, select a tool, and pass arguments dynamically.
+
+### How it works
+
+The block uses JSON-RPC 2.0 over HTTP to communicate with MCP servers. When configuring, it sends an `initialize` request followed by `tools/list` to discover available tools and their input schemas. On execution, it calls `tools/call` with the selected tool name and arguments, then extracts text, image, or resource content from the response.
+
+Authentication is handled via OAuth 2.0 when the server requires it. The block supports optional credentials — public servers work without authentication, while protected servers trigger a standard OAuth flow with PKCE. Tokens are automatically refreshed when they expire.
+
+
+### Inputs
+
+| Input | Description | Type | Required |
+|-------|-------------|------|----------|
+| server_url | URL of the MCP server (Streamable HTTP endpoint) | str | Yes |
+| selected_tool | The MCP tool to execute | str | No |
+| tool_arguments | Arguments to pass to the selected MCP tool. The fields here are defined by the tool's input schema. | Dict[str, Any] | No |
+
+### Outputs
+
+| Output | Description | Type |
+|--------|-------------|------|
+| error | Error message if the tool call failed | str |
+| result | The result returned by the MCP tool | Result |
+
+### Possible use case
+
+- **Connecting to third-party APIs**: Use an MCP server like Sentry or Linear to query issues, create tickets, or manage projects without building custom integrations.
+- **AI-powered tool execution**: Chain MCP tool calls with AI blocks to let agents dynamically discover and use external tools based on task requirements.
+- **Data retrieval from knowledge bases**: Connect to MCP servers like DeepWiki to search documentation, retrieve code context, or query structured knowledge bases.
+
+
+---
From ca216dfd7f91ef1e79c3129879b31a8a1d2b79a9 Mon Sep 17 00:00:00 2001
From: Otto
Date: Fri, 13 Feb 2026 16:46:23 +0000
Subject: [PATCH 12/16] ci(docs-claude-review): Update comments instead of
creating new ones (#12106)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
## Changes 🏗️
This PR updates the Claude Block Docs Review CI workflow to update
existing comments instead of creating new ones on each push.
### What's Changed:
1. **Concurrency group** - Prevents race conditions if the workflow runs
twice simultaneously
2. **Comment cleanup step** - Deletes any previous Claude review comment
before posting a new one
3. **Marker instruction** - Instructs Claude to include a `` marker in its comment for identification
### Why:
Previously, every PR push would create a new review comment, cluttering
the PR with multiple comments. Now only the most recent review is shown.
### Testing:
1. Create a PR that triggers this workflow (modify a file in
`docs/integrations/` or `autogpt_platform/backend/backend/blocks/`)
2. Verify first run creates comment with marker
3. Push another commit
4. Verify old comment is deleted and new comment is created (not
accumulated)
Requested by @Bentlybro
---
## Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [ ] I have made a test plan
- [ ] I have tested my changes according to the test plan (will be
tested on merge)
#### For configuration changes:
- [x] `.env.default` is updated or already compatible with my changes
- [x] `docker-compose.yml` is updated or already compatible with my
changes
- [x] I have included a list of my configuration changes in the PR
description (under **Changes**)
Added concurrency control and comment deduplication to prevent multiple
Claude review comments from accumulating on PRs. The workflow now
deletes previous review comments (identified by `` marker) before posting new ones, and uses concurrency groups to
prevent race conditions.
- This PR is safe to merge with minimal risk
- The changes are well-contained, follow GitHub Actions best practices,
and use built-in GitHub APIs safely. The concurrency control prevents
race conditions, and the comment cleanup logic uses proper filtering
with `head -1` to handle edge cases. The HTML comment marker approach is
standard and reliable.
- No files require special attention
```mermaid
sequenceDiagram
participant GH as GitHub PR Event
participant WF as Workflow
participant API as GitHub API
participant Claude as Claude Action
GH->>WF: PR opened/synchronized
WF->>WF: Check concurrency group
Note over WF: Cancel any in-progress runs
for same PR number WF->>API: Query PR comments API-->>WF: Return all comments WF->>WF: Filter for CLAUDE_DOCS_REVIEW marker alt Previous comment exists WF->>API: DELETE comment by ID API-->>WF: Comment deleted else No previous comment WF->>WF: Skip deletion end WF->>Claude: Run code review Claude->>API: POST new comment with marker API-->>Claude: Comment created ```
Last reviewed commit: fb1b436
---
.github/workflows/docs-claude-review.yml | 34 ++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/.github/workflows/docs-claude-review.yml b/.github/workflows/docs-claude-review.yml
index ca2788b387..19d5dd667b 100644
--- a/.github/workflows/docs-claude-review.yml
+++ b/.github/workflows/docs-claude-review.yml
@@ -7,6 +7,10 @@ on:
- "docs/integrations/**"
- "autogpt_platform/backend/backend/blocks/**"
+concurrency:
+ group: claude-docs-review-${{ github.event.pull_request.number }}
+ cancel-in-progress: true
+
jobs:
claude-review:
# Only run for PRs from members/collaborators
@@ -91,5 +95,35 @@ jobs:
3. Read corresponding documentation files to verify accuracy
4. Provide your feedback as a PR comment
+ ## IMPORTANT: Comment Marker
+ Start your PR comment with exactly this HTML comment marker on its own line:
+
+
+ This marker is used to identify and replace your comment on subsequent runs.
+
Be constructive and specific. If everything looks good, say so!
If there are issues, explain what's wrong and suggest how to fix it.
+
+ - name: Delete old Claude review comments
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ # Get all comment IDs with our marker, sorted by creation date (oldest first)
+ COMMENT_IDS=$(gh api \
+ repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments \
+ --jq '[.[] | select(.body | contains(""))] | sort_by(.created_at) | .[].id')
+
+ # Count comments
+ COMMENT_COUNT=$(echo "$COMMENT_IDS" | grep -c . || true)
+
+ if [ "$COMMENT_COUNT" -gt 1 ]; then
+ # Delete all but the last (newest) comment
+ echo "$COMMENT_IDS" | head -n -1 | while read -r COMMENT_ID; do
+ if [ -n "$COMMENT_ID" ]; then
+ echo "Deleting old review comment: $COMMENT_ID"
+ gh api -X DELETE repos/${{ github.repository }}/issues/comments/$COMMENT_ID
+ fi
+ done
+ else
+ echo "No old review comments to clean up"
+ fi
From b8f5c208d08e313306ad3ee87020d8746d9afbb4 Mon Sep 17 00:00:00 2001
From: DEEVEN SERU <144827577+DEVELOPER-DEEVEN@users.noreply.github.com>
Date: Sat, 14 Feb 2026 00:45:09 +0530
Subject: [PATCH 13/16] Handle errors in Jina ExtractWebsiteContentBlock
(#12048)
## Summary
- catch Jina reader client/server errors in ExtractWebsiteContentBlock
and surface a clear error output keyed to the user URL
- guard empty responses to return an explicit error instead of yielding
blank content
- add regression tests covering the happy path and HTTP client failures
via a monkeypatched fetch
## Testing
- not run (pytest unavailable in this environment)
---------
Co-authored-by: Nicholas Tindle
Co-authored-by: Nicholas Tindle
---
.../backend/backend/blocks/jina/search.py | 25 ++++++-
.../test/blocks/test_jina_extract_website.py | 66 +++++++++++++++++++
2 files changed, 89 insertions(+), 2 deletions(-)
create mode 100644 autogpt_platform/backend/test/blocks/test_jina_extract_website.py
diff --git a/autogpt_platform/backend/backend/blocks/jina/search.py b/autogpt_platform/backend/backend/blocks/jina/search.py
index 22a883fa03..5e58ddcab4 100644
--- a/autogpt_platform/backend/backend/blocks/jina/search.py
+++ b/autogpt_platform/backend/backend/blocks/jina/search.py
@@ -17,6 +17,7 @@ from backend.blocks.jina._auth import (
from backend.blocks.search import GetRequest
from backend.data.model import SchemaField
from backend.util.exceptions import BlockExecutionError
+from backend.util.request import HTTPClientError, HTTPServerError, validate_url
class SearchTheWebBlock(Block, GetRequest):
@@ -110,7 +111,12 @@ class ExtractWebsiteContentBlock(Block, GetRequest):
self, input_data: Input, *, credentials: JinaCredentials, **kwargs
) -> BlockOutput:
if input_data.raw_content:
- url = input_data.url
+ try:
+ parsed_url, _, _ = await validate_url(input_data.url, [])
+ url = parsed_url.geturl()
+ except ValueError as e:
+ yield "error", f"Invalid URL: {e}"
+ return
headers = {}
else:
url = f"https://r.jina.ai/{input_data.url}"
@@ -119,5 +125,20 @@ class ExtractWebsiteContentBlock(Block, GetRequest):
"Authorization": f"Bearer {credentials.api_key.get_secret_value()}",
}
- content = await self.get_request(url, json=False, headers=headers)
+ try:
+ content = await self.get_request(url, json=False, headers=headers)
+ except HTTPClientError as e:
+ yield "error", f"Client error ({e.status_code}) fetching {input_data.url}: {e}"
+ return
+ except HTTPServerError as e:
+ yield "error", f"Server error ({e.status_code}) fetching {input_data.url}: {e}"
+ return
+ except Exception as e:
+ yield "error", f"Failed to fetch {input_data.url}: {e}"
+ return
+
+ if not content:
+ yield "error", f"No content returned for {input_data.url}"
+ return
+
yield "content", content
diff --git a/autogpt_platform/backend/test/blocks/test_jina_extract_website.py b/autogpt_platform/backend/test/blocks/test_jina_extract_website.py
new file mode 100644
index 0000000000..335c43f966
--- /dev/null
+++ b/autogpt_platform/backend/test/blocks/test_jina_extract_website.py
@@ -0,0 +1,66 @@
+from typing import cast
+
+import pytest
+
+from backend.blocks.jina._auth import (
+ TEST_CREDENTIALS,
+ TEST_CREDENTIALS_INPUT,
+ JinaCredentialsInput,
+)
+from backend.blocks.jina.search import ExtractWebsiteContentBlock
+from backend.util.request import HTTPClientError
+
+
+@pytest.mark.asyncio
+async def test_extract_website_content_returns_content(monkeypatch):
+ block = ExtractWebsiteContentBlock()
+ input_data = block.Input(
+ url="https://example.com",
+ credentials=cast(JinaCredentialsInput, TEST_CREDENTIALS_INPUT),
+ raw_content=True,
+ )
+
+ async def fake_get_request(url, json=False, headers=None):
+ assert url == "https://example.com"
+ assert headers == {}
+ return "page content"
+
+ monkeypatch.setattr(block, "get_request", fake_get_request)
+
+ results = [
+ output
+ async for output in block.run(
+ input_data=input_data, credentials=TEST_CREDENTIALS
+ )
+ ]
+
+ assert ("content", "page content") in results
+ assert all(key != "error" for key, _ in results)
+
+
+@pytest.mark.asyncio
+async def test_extract_website_content_handles_http_error(monkeypatch):
+ block = ExtractWebsiteContentBlock()
+ input_data = block.Input(
+ url="https://example.com",
+ credentials=cast(JinaCredentialsInput, TEST_CREDENTIALS_INPUT),
+ raw_content=False,
+ )
+
+ async def fake_get_request(url, json=False, headers=None):
+ raise HTTPClientError("HTTP 400 Error: Bad Request", 400)
+
+ monkeypatch.setattr(block, "get_request", fake_get_request)
+
+ results = [
+ output
+ async for output in block.run(
+ input_data=input_data, credentials=TEST_CREDENTIALS
+ )
+ ]
+
+ assert ("content", "page content") not in results
+ error_messages = [value for key, value in results if key == "error"]
+ assert error_messages
+ assert "Client error (400)" in error_messages[0]
+ assert "https://example.com" in error_messages[0]
From 27d94e395cc8d191a1b284dda2b42572ed9d4796 Mon Sep 17 00:00:00 2001
From: Zamil Majdy
Date: Sun, 15 Feb 2026 10:51:25 +0400
Subject: [PATCH 14/16] feat(backend/sdk): enable WebSearch, block WebFetch,
consolidate tool constants (#12108)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
## Summary
- Enable Claude Agent SDK built-in **WebSearch** tool (Brave Search via
Anthropic API) for the CoPilot SDK agent
- Explicitly **block WebFetch** via `SDK_DISALLOWED_TOOLS`. The agent
uses the SSRF-protected `mcp__copilot__web_fetch` MCP tool instead
- **Consolidate** all tool security constants (`BLOCKED_TOOLS`,
`WORKSPACE_SCOPED_TOOLS`, `DANGEROUS_PATTERNS`, `SDK_DISALLOWED_TOOLS`)
into `tool_adapter.py` as a single source of truth — previously
scattered across `tool_adapter.py`, `security_hooks.py`, and inline in
`service.py`
## Changes
- `tool_adapter.py`: Add `WebSearch` to `_SDK_BUILTIN_TOOLS`, add
`SDK_DISALLOWED_TOOLS`, move security constants here
- `security_hooks.py`: Import constants from `tool_adapter.py` instead
of defining locally
- `service.py`: Use `SDK_DISALLOWED_TOOLS` instead of inline `["Bash"]`
## Test plan
- [x] All 21 security hooks tests pass
- [x] Ruff lint clean
- [x] All pre-commit hooks pass
- [ ] Verify WebSearch works in CoPilot chat (manual test)
Consolidates tool security constants into `tool_adapter.py` as single
source of truth, enables WebSearch (Brave via Anthropic API), and
explicitly blocks WebFetch to prevent SSRF attacks. The change improves
security by ensuring the agent uses the SSRF-protected
`mcp__copilot__web_fetch` tool instead of the built-in WebFetch which
can access internal networks like `localhost:8006`.
- This PR is safe to merge with minimal risk
- The changes improve security by blocking WebFetch (SSRF risk) while
enabling safe WebSearch. The consolidation of constants into a single
source of truth improves maintainability. All existing tests pass (21
security hooks tests), and the refactoring is straightforward with no
behavioral changes to existing security logic. The only suggestions are
minor improvements: adding a test for WebFetch blocking and considering
a lowercase alias for consistency.
- No files require special attention
```mermaid
sequenceDiagram
participant Agent as SDK Agent
participant Hooks as Security Hooks
participant TA as tool_adapter.py
participant MCP as MCP Tools
Note over TA: SDK_DISALLOWED_TOOLS = ["Bash", "WebFetch"]
Note over TA: _SDK_BUILTIN_TOOLS includes WebSearch
Agent->>Hooks: Request WebSearch (Brave API)
Hooks->>TA: Check BLOCKED_TOOLS
TA-->>Hooks: Not blocked
Hooks-->>Agent: Allowed ✓
Agent->>Agent: Execute via Anthropic API
Agent->>Hooks: Request WebFetch (SSRF risk)
Hooks->>TA: Check BLOCKED_TOOLS
Note over TA: WebFetch in SDK_DISALLOWED_TOOLS
TA-->>Hooks: Blocked
Hooks-->>Agent: Denied ✗
Note over Agent: Use mcp__copilot__web_fetch instead
Agent->>Hooks: Request mcp__copilot__web_fetch
Hooks->>MCP: Validate (MCP tool, not SDK builtin)
MCP-->>Hooks: Has SSRF protection
Hooks-->>Agent: Allowed ✓
Agent->>MCP: Execute with SSRF checks
```
Last reviewed commit: 2d9975f
---
.../api/features/chat/sdk/security_hooks.py | 42 +++---------------
.../backend/api/features/chat/sdk/service.py | 3 +-
.../api/features/chat/sdk/tool_adapter.py | 43 ++++++++++++++++++-
3 files changed, 50 insertions(+), 38 deletions(-)
diff --git a/autogpt_platform/backend/backend/api/features/chat/sdk/security_hooks.py b/autogpt_platform/backend/backend/api/features/chat/sdk/security_hooks.py
index 14efc6d459..89853402a3 100644
--- a/autogpt_platform/backend/backend/api/features/chat/sdk/security_hooks.py
+++ b/autogpt_platform/backend/backend/api/features/chat/sdk/security_hooks.py
@@ -11,45 +11,15 @@ import re
from collections.abc import Callable
from typing import Any, cast
-from backend.api.features.chat.sdk.tool_adapter import MCP_TOOL_PREFIX
+from backend.api.features.chat.sdk.tool_adapter import (
+ BLOCKED_TOOLS,
+ DANGEROUS_PATTERNS,
+ MCP_TOOL_PREFIX,
+ WORKSPACE_SCOPED_TOOLS,
+)
logger = logging.getLogger(__name__)
-# Tools that are blocked entirely (CLI/system access).
-# "Bash" (capital) is the SDK built-in — it's NOT in allowed_tools but blocked
-# here as defence-in-depth. The agent uses mcp__copilot__bash_exec instead,
-# which has kernel-level network isolation (unshare --net).
-BLOCKED_TOOLS = {
- "Bash",
- "bash",
- "shell",
- "exec",
- "terminal",
- "command",
-}
-
-# Tools allowed only when their path argument stays within the SDK workspace.
-# The SDK uses these to handle oversized tool results (writes to tool-results/
-# files, then reads them back) and for workspace file operations.
-WORKSPACE_SCOPED_TOOLS = {"Read", "Write", "Edit", "Glob", "Grep"}
-
-# Dangerous patterns in tool inputs
-DANGEROUS_PATTERNS = [
- r"sudo",
- r"rm\s+-rf",
- r"dd\s+if=",
- r"/etc/passwd",
- r"/etc/shadow",
- r"chmod\s+777",
- r"curl\s+.*\|.*sh",
- r"wget\s+.*\|.*sh",
- r"eval\s*\(",
- r"exec\s*\(",
- r"__import__",
- r"os\.system",
- r"subprocess",
-]
-
def _deny(reason: str) -> dict[str, Any]:
"""Return a hook denial response."""
diff --git a/autogpt_platform/backend/backend/api/features/chat/sdk/service.py b/autogpt_platform/backend/backend/api/features/chat/sdk/service.py
index 65195b442c..65c4cebb06 100644
--- a/autogpt_platform/backend/backend/api/features/chat/sdk/service.py
+++ b/autogpt_platform/backend/backend/api/features/chat/sdk/service.py
@@ -41,6 +41,7 @@ from .response_adapter import SDKResponseAdapter
from .security_hooks import create_security_hooks
from .tool_adapter import (
COPILOT_TOOL_NAMES,
+ SDK_DISALLOWED_TOOLS,
LongRunningCallback,
create_copilot_mcp_server,
set_execution_context,
@@ -543,7 +544,7 @@ async def stream_chat_completion_sdk(
"system_prompt": system_prompt,
"mcp_servers": {"copilot": mcp_server},
"allowed_tools": COPILOT_TOOL_NAMES,
- "disallowed_tools": ["Bash"],
+ "disallowed_tools": SDK_DISALLOWED_TOOLS,
"hooks": security_hooks,
"cwd": sdk_cwd,
"max_buffer_size": config.claude_agent_max_buffer_size,
diff --git a/autogpt_platform/backend/backend/api/features/chat/sdk/tool_adapter.py b/autogpt_platform/backend/backend/api/features/chat/sdk/tool_adapter.py
index d983d5e785..2d259730bf 100644
--- a/autogpt_platform/backend/backend/api/features/chat/sdk/tool_adapter.py
+++ b/autogpt_platform/backend/backend/api/features/chat/sdk/tool_adapter.py
@@ -310,7 +310,48 @@ def create_copilot_mcp_server():
# Bash is NOT included — use the sandboxed MCP bash_exec tool instead,
# which provides kernel-level network isolation via unshare --net.
# Task allows spawning sub-agents (rate-limited by security hooks).
-_SDK_BUILTIN_TOOLS = ["Read", "Write", "Edit", "Glob", "Grep", "Task"]
+# WebSearch uses Brave Search via Anthropic's API — safe, no SSRF risk.
+_SDK_BUILTIN_TOOLS = ["Read", "Write", "Edit", "Glob", "Grep", "Task", "WebSearch"]
+
+# SDK built-in tools that must be explicitly blocked.
+# Bash: dangerous — agent uses mcp__copilot__bash_exec with kernel-level
+# network isolation (unshare --net) instead.
+# WebFetch: SSRF risk — can reach internal network (localhost, 10.x, etc.).
+# Agent uses the SSRF-protected mcp__copilot__web_fetch tool instead.
+SDK_DISALLOWED_TOOLS = ["Bash", "WebFetch"]
+
+# Tools that are blocked entirely in security hooks (defence-in-depth).
+# Includes SDK_DISALLOWED_TOOLS plus common aliases/synonyms.
+BLOCKED_TOOLS = {
+ *SDK_DISALLOWED_TOOLS,
+ "bash",
+ "shell",
+ "exec",
+ "terminal",
+ "command",
+}
+
+# Tools allowed only when their path argument stays within the SDK workspace.
+# The SDK uses these to handle oversized tool results (writes to tool-results/
+# files, then reads them back) and for workspace file operations.
+WORKSPACE_SCOPED_TOOLS = {"Read", "Write", "Edit", "Glob", "Grep"}
+
+# Dangerous patterns in tool inputs
+DANGEROUS_PATTERNS = [
+ r"sudo",
+ r"rm\s+-rf",
+ r"dd\s+if=",
+ r"/etc/passwd",
+ r"/etc/shadow",
+ r"chmod\s+777",
+ r"curl\s+.*\|.*sh",
+ r"wget\s+.*\|.*sh",
+ r"eval\s*\(",
+ r"exec\s*\(",
+ r"__import__",
+ r"os\.system",
+ r"subprocess",
+]
# List of tool names for allowed_tools configuration
# Include MCP tools, the MCP Read tool for oversized results,
From 647c8ed8d46b133cff44572cb99f8e683f9083b2 Mon Sep 17 00:00:00 2001
From: Eve <162624394+aviu16@users.noreply.github.com>
Date: Mon, 16 Feb 2026 00:39:53 -0500
Subject: [PATCH 15/16] feat(backend/blocks): enhance list concatenation with
advanced operations (#12105)
## Summary
Enhances the existing `ConcatenateListsBlock` and adds five new
companion blocks for comprehensive list manipulation, addressing issue
#11139 ("Implement block to concatenate lists").
### Changes
- **Enhanced `ConcatenateListsBlock`** with optional deduplication
(`deduplicate`) and None-value filtering (`remove_none`), plus an output
`length` field
- **New `FlattenListBlock`**: Recursively flattens nested list
structures with configurable `max_depth`
- **New `InterleaveListsBlock`**: Round-robin interleaving of elements
from multiple lists
- **New `ZipListsBlock`**: Zips corresponding elements from multiple
lists with support for padding to longest or truncating to shortest
- **New `ListDifferenceBlock`**: Computes set difference between two
lists (regular or symmetric)
- **New `ListIntersectionBlock`**: Finds common elements between two
lists, preserving order
### Helper Utilities
Extracted reusable helper functions for validation, flattening,
deduplication, interleaving, chunking, and statistics computation to
support the blocks and enable future reuse.
### Test Coverage
Comprehensive test suite with 188 test functions across 29 test classes
covering:
- Built-in block test harness validation for all 6 blocks
- Manual edge-case tests for each block (empty inputs, large lists,
mixed types, nested structures)
- Internal method tests for all block classes
- Unit tests for all helper utility functions
Closes #11139
## Test plan
- [x] All files pass Python syntax validation (`ast.parse`)
- [x] Built-in `test_input`/`test_output` tests defined for all blocks
- [x] Manual tests cover edge cases: empty lists, large lists, mixed
types, nested structures, deduplication, None removal
- [x] Helper function tests validate all utility functions independently
- [x] All block IDs are valid UUID4
- [x] Block categories set to `BlockCategory.BASIC` for consistency with
existing list blocks
Enhanced `ConcatenateListsBlock` with deduplication and None-filtering
options, and added five new list manipulation blocks
(`FlattenListBlock`, `InterleaveListsBlock`, `ZipListsBlock`,
`ListDifferenceBlock`, `ListIntersectionBlock`) with comprehensive
helper functions and test coverage.
**Key Changes:**
- Enhanced `ConcatenateListsBlock` with `deduplicate` and `remove_none`
options, plus `length` output field
- Added `FlattenListBlock` for recursively flattening nested lists with
configurable `max_depth`
- Added `InterleaveListsBlock` for round-robin element interleaving
- Added `ZipListsBlock` with support for padding/truncation
- Added `ListDifferenceBlock` and `ListIntersectionBlock` for set
operations
- Extracted 12 reusable helper functions for validation, flattening,
deduplication, etc.
- Comprehensive test suite with 188 test functions covering edge cases
**Minor Issues:**
- Helper function `_deduplicate_list` has redundant logic in the `else`
branch that duplicates the `if` branch
- Three helper functions (`_filter_empty_collections`,
`_compute_list_statistics`, `_chunk_list`) are defined but unused -
consider removing unless planned for future use
- The `_make_hashable` function uses `hash(repr(item))` for unhashable
types, which correctly treats structurally identical dicts/lists as
duplicates
- Safe to merge with minor style improvements recommended
- The implementation is well-structured with comprehensive test coverage
(188 tests), proper error handling, and follows existing block patterns.
All blocks use valid UUID4 IDs and correct categories. The helper
functions provide good code reuse. The minor issues are purely stylistic
(redundant code, unused helpers) and don't affect functionality or
safety.
- No files require special attention - both files are well-tested and
follow project conventions
```mermaid
sequenceDiagram
participant User
participant Block as List Block
participant Helper as Helper Functions
participant Output
User->>Block: Input (lists/parameters)
Block->>Helper: _validate_all_lists()
Helper-->>Block: validation result
alt validation fails
Block->>Output: error message
else validation succeeds
Block->>Helper: _concatenate_lists_simple() / _flatten_nested_list() / etc.
Helper-->>Block: processed result
opt deduplicate enabled
Block->>Helper: _deduplicate_list()
Helper-->>Block: deduplicated result
end
opt remove_none enabled
Block->>Helper: _filter_none_values()
Helper-->>Block: filtered result
end
Block->>Output: result + length
end
Output-->>User: Block outputs
```
Last reviewed commit: a6d5445
(2/5) Greptile learns from your feedback when you react with thumbs
up/down!
---------
Co-authored-by: Otto
---
.../backend/blocks/data_manipulation.py | 704 ++++++++-
.../test/blocks/test_list_concatenation.py | 1276 +++++++++++++++++
docs/integrations/README.md | 5 +
docs/integrations/block-integrations/basic.md | 197 ++-
4 files changed, 2164 insertions(+), 18 deletions(-)
create mode 100644 autogpt_platform/backend/test/blocks/test_list_concatenation.py
diff --git a/autogpt_platform/backend/backend/blocks/data_manipulation.py b/autogpt_platform/backend/backend/blocks/data_manipulation.py
index a8f25ecb18..fe878acfa9 100644
--- a/autogpt_platform/backend/backend/blocks/data_manipulation.py
+++ b/autogpt_platform/backend/backend/blocks/data_manipulation.py
@@ -682,17 +682,219 @@ class ListIsEmptyBlock(Block):
yield "is_empty", len(input_data.list) == 0
+# =============================================================================
+# List Concatenation Helpers
+# =============================================================================
+
+
+def _validate_list_input(item: Any, index: int) -> str | None:
+ """Validate that an item is a list. Returns error message or None."""
+ if item is None:
+ return None # None is acceptable, will be skipped
+ if not isinstance(item, list):
+ return (
+ f"Invalid input at index {index}: expected a list, "
+ f"got {type(item).__name__}. "
+ f"All items in 'lists' must be lists (e.g., [[1, 2], [3, 4]])."
+ )
+ return None
+
+
+def _validate_all_lists(lists: List[Any]) -> str | None:
+ """Validate that all items in a sequence are lists. Returns first error or None."""
+ for idx, item in enumerate(lists):
+ error = _validate_list_input(item, idx)
+ if error is not None and item is not None:
+ return error
+ return None
+
+
+def _concatenate_lists_simple(lists: List[List[Any]]) -> List[Any]:
+ """Concatenate a sequence of lists into a single list, skipping None values."""
+ result: List[Any] = []
+ for lst in lists:
+ if lst is None:
+ continue
+ result.extend(lst)
+ return result
+
+
+def _flatten_nested_list(nested: List[Any], max_depth: int = -1) -> List[Any]:
+ """
+ Recursively flatten a nested list structure.
+
+ Args:
+ nested: The list to flatten.
+ max_depth: Maximum recursion depth. -1 means unlimited.
+
+ Returns:
+ A flat list with all nested elements extracted.
+ """
+ result: List[Any] = []
+ _flatten_recursive(nested, result, current_depth=0, max_depth=max_depth)
+ return result
+
+
+_MAX_FLATTEN_DEPTH = 1000
+
+
+def _flatten_recursive(
+ items: List[Any],
+ result: List[Any],
+ current_depth: int,
+ max_depth: int,
+) -> None:
+ """Internal recursive helper for flattening nested lists."""
+ if current_depth > _MAX_FLATTEN_DEPTH:
+ raise RecursionError(
+ f"Flattening exceeded maximum depth of {_MAX_FLATTEN_DEPTH} levels. "
+ "Input may be too deeply nested."
+ )
+ for item in items:
+ if isinstance(item, list) and (max_depth == -1 or current_depth < max_depth):
+ _flatten_recursive(item, result, current_depth + 1, max_depth)
+ else:
+ result.append(item)
+
+
+def _deduplicate_list(items: List[Any]) -> List[Any]:
+ """
+ Remove duplicate elements from a list, preserving order of first occurrences.
+
+ Args:
+ items: The list to deduplicate.
+
+ Returns:
+ A list with duplicates removed, maintaining original order.
+ """
+ seen: set = set()
+ result: List[Any] = []
+ for item in items:
+ item_id = _make_hashable(item)
+ if item_id not in seen:
+ seen.add(item_id)
+ result.append(item)
+ return result
+
+
+def _make_hashable(item: Any):
+ """
+ Create a hashable representation of any item for deduplication.
+ Converts unhashable types (dicts, lists) into deterministic tuple structures.
+ """
+ if isinstance(item, dict):
+ return tuple(
+ sorted(
+ ((_make_hashable(k), _make_hashable(v)) for k, v in item.items()),
+ key=lambda x: (str(type(x[0])), str(x[0])),
+ )
+ )
+ if isinstance(item, (list, tuple)):
+ return tuple(_make_hashable(i) for i in item)
+ if isinstance(item, set):
+ return frozenset(_make_hashable(i) for i in item)
+ return item
+
+
+def _filter_none_values(items: List[Any]) -> List[Any]:
+ """Remove None values from a list."""
+ return [item for item in items if item is not None]
+
+
+def _compute_nesting_depth(
+ items: Any, current: int = 0, max_depth: int = _MAX_FLATTEN_DEPTH
+) -> int:
+ """
+ Compute the maximum nesting depth of a list structure using iteration to avoid RecursionError.
+
+ Uses a stack-based approach to handle deeply nested structures without hitting Python's
+ recursion limit (~1000 levels).
+ """
+ if not isinstance(items, list):
+ return current
+
+ # Stack contains tuples of (item, depth)
+ stack = [(items, current)]
+ max_observed_depth = current
+
+ while stack:
+ item, depth = stack.pop()
+
+ if depth > max_depth:
+ return depth
+
+ if not isinstance(item, list):
+ max_observed_depth = max(max_observed_depth, depth)
+ continue
+
+ if len(item) == 0:
+ max_observed_depth = max(max_observed_depth, depth + 1)
+ continue
+
+ # Add all children to stack with incremented depth
+ for child in item:
+ stack.append((child, depth + 1))
+
+ return max_observed_depth
+
+
+def _interleave_lists(lists: List[List[Any]]) -> List[Any]:
+ """
+ Interleave elements from multiple lists in round-robin fashion.
+ Example: [[1,2,3], [a,b], [x,y,z]] -> [1, a, x, 2, b, y, 3, z]
+ """
+ if not lists:
+ return []
+ filtered = [lst for lst in lists if lst is not None]
+ if not filtered:
+ return []
+ result: List[Any] = []
+ max_len = max(len(lst) for lst in filtered)
+ for i in range(max_len):
+ for lst in filtered:
+ if i < len(lst):
+ result.append(lst[i])
+ return result
+
+
+# =============================================================================
+# List Concatenation Blocks
+# =============================================================================
+
+
class ConcatenateListsBlock(Block):
+ """
+ Concatenates two or more lists into a single list.
+
+ This block accepts a list of lists and combines all their elements
+ in order into one flat output list. It supports options for
+ deduplication and None-filtering to provide flexible list merging
+ capabilities for workflow pipelines.
+ """
+
class Input(BlockSchemaInput):
lists: List[List[Any]] = SchemaField(
description="A list of lists to concatenate together. All lists will be combined in order into a single list.",
placeholder="e.g., [[1, 2], [3, 4], [5, 6]]",
)
+ deduplicate: bool = SchemaField(
+ description="If True, remove duplicate elements from the concatenated result while preserving order.",
+ default=False,
+ advanced=True,
+ )
+ remove_none: bool = SchemaField(
+ description="If True, remove None values from the concatenated result.",
+ default=False,
+ advanced=True,
+ )
class Output(BlockSchemaOutput):
concatenated_list: List[Any] = SchemaField(
description="The concatenated list containing all elements from all input lists in order."
)
+ length: int = SchemaField(
+ description="The total number of elements in the concatenated list."
+ )
error: str = SchemaField(
description="Error message if concatenation failed due to invalid input types."
)
@@ -700,7 +902,7 @@ class ConcatenateListsBlock(Block):
def __init__(self):
super().__init__(
id="3cf9298b-5817-4141-9d80-7c2cc5199c8e",
- description="Concatenates multiple lists into a single list. All elements from all input lists are combined in order.",
+ description="Concatenates multiple lists into a single list. All elements from all input lists are combined in order. Supports optional deduplication and None removal.",
categories={BlockCategory.BASIC},
input_schema=ConcatenateListsBlock.Input,
output_schema=ConcatenateListsBlock.Output,
@@ -709,29 +911,497 @@ class ConcatenateListsBlock(Block):
{"lists": [["a", "b"], ["c"], ["d", "e", "f"]]},
{"lists": [[1, 2], []]},
{"lists": []},
+ {"lists": [[1, 2, 2, 3], [3, 4]], "deduplicate": True},
+ {"lists": [[1, None, 2], [None, 3]], "remove_none": True},
],
test_output=[
("concatenated_list", [1, 2, 3, 4, 5, 6]),
+ ("length", 6),
("concatenated_list", ["a", "b", "c", "d", "e", "f"]),
+ ("length", 6),
("concatenated_list", [1, 2]),
+ ("length", 2),
("concatenated_list", []),
+ ("length", 0),
+ ("concatenated_list", [1, 2, 3, 4]),
+ ("length", 4),
+ ("concatenated_list", [1, 2, 3]),
+ ("length", 3),
],
)
+ def _validate_inputs(self, lists: List[Any]) -> str | None:
+ return _validate_all_lists(lists)
+
+ def _perform_concatenation(self, lists: List[List[Any]]) -> List[Any]:
+ return _concatenate_lists_simple(lists)
+
+ def _apply_deduplication(self, items: List[Any]) -> List[Any]:
+ return _deduplicate_list(items)
+
+ def _apply_none_removal(self, items: List[Any]) -> List[Any]:
+ return _filter_none_values(items)
+
+ def _post_process(
+ self, items: List[Any], deduplicate: bool, remove_none: bool
+ ) -> List[Any]:
+ """Apply all post-processing steps to the concatenated result."""
+ result = items
+ if remove_none:
+ result = self._apply_none_removal(result)
+ if deduplicate:
+ result = self._apply_deduplication(result)
+ return result
+
async def run(self, input_data: Input, **kwargs) -> BlockOutput:
- concatenated = []
- for idx, lst in enumerate(input_data.lists):
- if lst is None:
- # Skip None values to avoid errors
- continue
- if not isinstance(lst, list):
- # Type validation: each item must be a list
- # Strings are iterable and would cause extend() to iterate character-by-character
- # Non-iterable types would raise TypeError
- yield "error", (
- f"Invalid input at index {idx}: expected a list, got {type(lst).__name__}. "
- f"All items in 'lists' must be lists (e.g., [[1, 2], [3, 4]])."
- )
- return
- concatenated.extend(lst)
- yield "concatenated_list", concatenated
+ # Validate all inputs are lists
+ validation_error = self._validate_inputs(input_data.lists)
+ if validation_error is not None:
+ yield "error", validation_error
+ return
+
+ # Perform concatenation
+ concatenated = self._perform_concatenation(input_data.lists)
+
+ # Apply post-processing
+ result = self._post_process(
+ concatenated, input_data.deduplicate, input_data.remove_none
+ )
+
+ yield "concatenated_list", result
+ yield "length", len(result)
+
+
+class FlattenListBlock(Block):
+ """
+ Flattens a nested list structure into a single flat list.
+
+ This block takes a list that may contain nested lists at any depth
+ and produces a single-level list with all leaf elements. Useful
+ for normalizing data structures from multiple sources that may
+ have varying levels of nesting.
+ """
+
+ class Input(BlockSchemaInput):
+ nested_list: List[Any] = SchemaField(
+ description="A potentially nested list to flatten into a single-level list.",
+ placeholder="e.g., [[1, [2, 3]], [4, [5, [6]]]]",
+ )
+ max_depth: int = SchemaField(
+ description="Maximum depth to flatten. -1 means flatten completely. 1 means flatten only one level.",
+ default=-1,
+ advanced=True,
+ )
+
+ class Output(BlockSchemaOutput):
+ flattened_list: List[Any] = SchemaField(
+ description="The flattened list with all nested elements extracted."
+ )
+ length: int = SchemaField(
+ description="The number of elements in the flattened list."
+ )
+ original_depth: int = SchemaField(
+ description="The maximum nesting depth of the original input list."
+ )
+ error: str = SchemaField(description="Error message if flattening failed.")
+
+ def __init__(self):
+ super().__init__(
+ id="cc45bb0f-d035-4756-96a7-fe3e36254b4d",
+ description="Flattens a nested list structure into a single flat list. Supports configurable maximum flattening depth.",
+ categories={BlockCategory.BASIC},
+ input_schema=FlattenListBlock.Input,
+ output_schema=FlattenListBlock.Output,
+ test_input=[
+ {"nested_list": [[1, 2], [3, [4, 5]]]},
+ {"nested_list": [1, [2, [3, [4]]]]},
+ {"nested_list": [1, [2, [3, [4]]], 5], "max_depth": 1},
+ {"nested_list": []},
+ {"nested_list": [1, 2, 3]},
+ ],
+ test_output=[
+ ("flattened_list", [1, 2, 3, 4, 5]),
+ ("length", 5),
+ ("original_depth", 3),
+ ("flattened_list", [1, 2, 3, 4]),
+ ("length", 4),
+ ("original_depth", 4),
+ ("flattened_list", [1, 2, [3, [4]], 5]),
+ ("length", 4),
+ ("original_depth", 4),
+ ("flattened_list", []),
+ ("length", 0),
+ ("original_depth", 1),
+ ("flattened_list", [1, 2, 3]),
+ ("length", 3),
+ ("original_depth", 1),
+ ],
+ )
+
+ def _compute_depth(self, items: List[Any]) -> int:
+ """Compute the nesting depth of the input list."""
+ return _compute_nesting_depth(items)
+
+ def _flatten(self, items: List[Any], max_depth: int) -> List[Any]:
+ """Flatten the list to the specified depth."""
+ return _flatten_nested_list(items, max_depth=max_depth)
+
+ def _validate_max_depth(self, max_depth: int) -> str | None:
+ """Validate the max_depth parameter."""
+ if max_depth < -1:
+ return f"max_depth must be -1 (unlimited) or a non-negative integer, got {max_depth}"
+ return None
+
+ async def run(self, input_data: Input, **kwargs) -> BlockOutput:
+ # Validate max_depth
+ depth_error = self._validate_max_depth(input_data.max_depth)
+ if depth_error is not None:
+ yield "error", depth_error
+ return
+
+ original_depth = self._compute_depth(input_data.nested_list)
+ flattened = self._flatten(input_data.nested_list, input_data.max_depth)
+
+ yield "flattened_list", flattened
+ yield "length", len(flattened)
+ yield "original_depth", original_depth
+
+
+class InterleaveListsBlock(Block):
+ """
+ Interleaves elements from multiple lists in round-robin fashion.
+
+ Given multiple input lists, this block takes one element from each
+ list in turn, producing an output where elements alternate between
+ sources. Lists of different lengths are handled gracefully - shorter
+ lists simply stop contributing once exhausted.
+ """
+
+ class Input(BlockSchemaInput):
+ lists: List[List[Any]] = SchemaField(
+ description="A list of lists to interleave. Elements will be taken in round-robin order.",
+ placeholder="e.g., [[1, 2, 3], ['a', 'b', 'c']]",
+ )
+
+ class Output(BlockSchemaOutput):
+ interleaved_list: List[Any] = SchemaField(
+ description="The interleaved list with elements alternating from each input list."
+ )
+ length: int = SchemaField(
+ description="The total number of elements in the interleaved list."
+ )
+ error: str = SchemaField(description="Error message if interleaving failed.")
+
+ def __init__(self):
+ super().__init__(
+ id="9f616084-1d9f-4f8e-bc00-5b9d2a75cd75",
+ description="Interleaves elements from multiple lists in round-robin fashion, alternating between sources.",
+ categories={BlockCategory.BASIC},
+ input_schema=InterleaveListsBlock.Input,
+ output_schema=InterleaveListsBlock.Output,
+ test_input=[
+ {"lists": [[1, 2, 3], ["a", "b", "c"]]},
+ {"lists": [[1, 2, 3], ["a", "b"], ["x", "y", "z"]]},
+ {"lists": [[1], [2], [3]]},
+ {"lists": []},
+ ],
+ test_output=[
+ ("interleaved_list", [1, "a", 2, "b", 3, "c"]),
+ ("length", 6),
+ ("interleaved_list", [1, "a", "x", 2, "b", "y", 3, "z"]),
+ ("length", 8),
+ ("interleaved_list", [1, 2, 3]),
+ ("length", 3),
+ ("interleaved_list", []),
+ ("length", 0),
+ ],
+ )
+
+ def _validate_inputs(self, lists: List[Any]) -> str | None:
+ return _validate_all_lists(lists)
+
+ def _interleave(self, lists: List[List[Any]]) -> List[Any]:
+ return _interleave_lists(lists)
+
+ async def run(self, input_data: Input, **kwargs) -> BlockOutput:
+ validation_error = self._validate_inputs(input_data.lists)
+ if validation_error is not None:
+ yield "error", validation_error
+ return
+
+ result = self._interleave(input_data.lists)
+ yield "interleaved_list", result
+ yield "length", len(result)
+
+
+class ZipListsBlock(Block):
+ """
+ Zips multiple lists together into a list of grouped tuples/lists.
+
+ Takes two or more input lists and combines corresponding elements
+ into sub-lists. For example, zipping [1,2,3] and ['a','b','c']
+ produces [[1,'a'], [2,'b'], [3,'c']]. Supports both truncating
+ to shortest list and padding to longest list with a fill value.
+ """
+
+ class Input(BlockSchemaInput):
+ lists: List[List[Any]] = SchemaField(
+ description="A list of lists to zip together. Corresponding elements will be grouped.",
+ placeholder="e.g., [[1, 2, 3], ['a', 'b', 'c']]",
+ )
+ pad_to_longest: bool = SchemaField(
+ description="If True, pad shorter lists with fill_value to match the longest list. If False, truncate to shortest.",
+ default=False,
+ advanced=True,
+ )
+ fill_value: Any = SchemaField(
+ description="Value to use for padding when pad_to_longest is True.",
+ default=None,
+ advanced=True,
+ )
+
+ class Output(BlockSchemaOutput):
+ zipped_list: List[List[Any]] = SchemaField(
+ description="The zipped list of grouped elements."
+ )
+ length: int = SchemaField(
+ description="The number of groups in the zipped result."
+ )
+ error: str = SchemaField(description="Error message if zipping failed.")
+
+ def __init__(self):
+ super().__init__(
+ id="0d0e684f-5cb9-4c4b-b8d1-47a0860e0c07",
+ description="Zips multiple lists together into a list of grouped elements. Supports padding to longest or truncating to shortest.",
+ categories={BlockCategory.BASIC},
+ input_schema=ZipListsBlock.Input,
+ output_schema=ZipListsBlock.Output,
+ test_input=[
+ {"lists": [[1, 2, 3], ["a", "b", "c"]]},
+ {"lists": [[1, 2, 3], ["a", "b"]]},
+ {
+ "lists": [[1, 2], ["a", "b", "c"]],
+ "pad_to_longest": True,
+ "fill_value": 0,
+ },
+ {"lists": []},
+ ],
+ test_output=[
+ ("zipped_list", [[1, "a"], [2, "b"], [3, "c"]]),
+ ("length", 3),
+ ("zipped_list", [[1, "a"], [2, "b"]]),
+ ("length", 2),
+ ("zipped_list", [[1, "a"], [2, "b"], [0, "c"]]),
+ ("length", 3),
+ ("zipped_list", []),
+ ("length", 0),
+ ],
+ )
+
+ def _validate_inputs(self, lists: List[Any]) -> str | None:
+ return _validate_all_lists(lists)
+
+ def _zip_truncate(self, lists: List[List[Any]]) -> List[List[Any]]:
+ """Zip lists, truncating to shortest."""
+ filtered = [lst for lst in lists if lst is not None]
+ if not filtered:
+ return []
+ return [list(group) for group in zip(*filtered)]
+
+ def _zip_pad(self, lists: List[List[Any]], fill_value: Any) -> List[List[Any]]:
+ """Zip lists, padding shorter ones with fill_value."""
+ if not lists:
+ return []
+ lists = [lst for lst in lists if lst is not None]
+ if not lists:
+ return []
+ max_len = max(len(lst) for lst in lists)
+ result: List[List[Any]] = []
+ for i in range(max_len):
+ group: List[Any] = []
+ for lst in lists:
+ if i < len(lst):
+ group.append(lst[i])
+ else:
+ group.append(fill_value)
+ result.append(group)
+ return result
+
+ async def run(self, input_data: Input, **kwargs) -> BlockOutput:
+ validation_error = self._validate_inputs(input_data.lists)
+ if validation_error is not None:
+ yield "error", validation_error
+ return
+
+ if not input_data.lists:
+ yield "zipped_list", []
+ yield "length", 0
+ return
+
+ if input_data.pad_to_longest:
+ result = self._zip_pad(input_data.lists, input_data.fill_value)
+ else:
+ result = self._zip_truncate(input_data.lists)
+
+ yield "zipped_list", result
+ yield "length", len(result)
+
+
+class ListDifferenceBlock(Block):
+ """
+ Computes the difference between two lists (elements in the first
+ list that are not in the second list).
+
+ This is useful for finding items that exist in one dataset but
+ not in another, such as finding new items, missing items, or
+ items that need to be processed.
+ """
+
+ class Input(BlockSchemaInput):
+ list_a: List[Any] = SchemaField(
+ description="The primary list to check elements from.",
+ placeholder="e.g., [1, 2, 3, 4, 5]",
+ )
+ list_b: List[Any] = SchemaField(
+ description="The list to subtract. Elements found here will be removed from list_a.",
+ placeholder="e.g., [3, 4, 5, 6]",
+ )
+ symmetric: bool = SchemaField(
+ description="If True, compute symmetric difference (elements in either list but not both).",
+ default=False,
+ advanced=True,
+ )
+
+ class Output(BlockSchemaOutput):
+ difference: List[Any] = SchemaField(
+ description="Elements from list_a not found in list_b (or symmetric difference if enabled)."
+ )
+ length: int = SchemaField(
+ description="The number of elements in the difference result."
+ )
+ error: str = SchemaField(description="Error message if the operation failed.")
+
+ def __init__(self):
+ super().__init__(
+ id="05309873-9d61-447e-96b5-b804e2511829",
+ description="Computes the difference between two lists. Returns elements in the first list not found in the second, or symmetric difference.",
+ categories={BlockCategory.BASIC},
+ input_schema=ListDifferenceBlock.Input,
+ output_schema=ListDifferenceBlock.Output,
+ test_input=[
+ {"list_a": [1, 2, 3, 4, 5], "list_b": [3, 4, 5, 6, 7]},
+ {
+ "list_a": [1, 2, 3, 4, 5],
+ "list_b": [3, 4, 5, 6, 7],
+ "symmetric": True,
+ },
+ {"list_a": ["a", "b", "c"], "list_b": ["b"]},
+ {"list_a": [], "list_b": [1, 2, 3]},
+ ],
+ test_output=[
+ ("difference", [1, 2]),
+ ("length", 2),
+ ("difference", [1, 2, 6, 7]),
+ ("length", 4),
+ ("difference", ["a", "c"]),
+ ("length", 2),
+ ("difference", []),
+ ("length", 0),
+ ],
+ )
+
+ def _compute_difference(self, list_a: List[Any], list_b: List[Any]) -> List[Any]:
+ """Compute elements in list_a not in list_b."""
+ b_hashes = {_make_hashable(item) for item in list_b}
+ return [item for item in list_a if _make_hashable(item) not in b_hashes]
+
+ def _compute_symmetric_difference(
+ self, list_a: List[Any], list_b: List[Any]
+ ) -> List[Any]:
+ """Compute elements in either list but not both."""
+ a_hashes = {_make_hashable(item) for item in list_a}
+ b_hashes = {_make_hashable(item) for item in list_b}
+ only_in_a = [item for item in list_a if _make_hashable(item) not in b_hashes]
+ only_in_b = [item for item in list_b if _make_hashable(item) not in a_hashes]
+ return only_in_a + only_in_b
+
+ async def run(self, input_data: Input, **kwargs) -> BlockOutput:
+ if input_data.symmetric:
+ result = self._compute_symmetric_difference(
+ input_data.list_a, input_data.list_b
+ )
+ else:
+ result = self._compute_difference(input_data.list_a, input_data.list_b)
+
+ yield "difference", result
+ yield "length", len(result)
+
+
+class ListIntersectionBlock(Block):
+ """
+ Computes the intersection of two lists (elements present in both lists).
+
+ This is useful for finding common items between two datasets,
+ such as shared tags, mutual connections, or overlapping categories.
+ """
+
+ class Input(BlockSchemaInput):
+ list_a: List[Any] = SchemaField(
+ description="The first list to intersect.",
+ placeholder="e.g., [1, 2, 3, 4, 5]",
+ )
+ list_b: List[Any] = SchemaField(
+ description="The second list to intersect.",
+ placeholder="e.g., [3, 4, 5, 6, 7]",
+ )
+
+ class Output(BlockSchemaOutput):
+ intersection: List[Any] = SchemaField(
+ description="Elements present in both list_a and list_b."
+ )
+ length: int = SchemaField(
+ description="The number of elements in the intersection."
+ )
+ error: str = SchemaField(description="Error message if the operation failed.")
+
+ def __init__(self):
+ super().__init__(
+ id="b6eb08b6-dbe3-411b-b9b4-2508cb311a1f",
+ description="Computes the intersection of two lists, returning only elements present in both.",
+ categories={BlockCategory.BASIC},
+ input_schema=ListIntersectionBlock.Input,
+ output_schema=ListIntersectionBlock.Output,
+ test_input=[
+ {"list_a": [1, 2, 3, 4, 5], "list_b": [3, 4, 5, 6, 7]},
+ {"list_a": ["a", "b", "c"], "list_b": ["c", "d", "e"]},
+ {"list_a": [1, 2], "list_b": [3, 4]},
+ {"list_a": [], "list_b": [1, 2, 3]},
+ ],
+ test_output=[
+ ("intersection", [3, 4, 5]),
+ ("length", 3),
+ ("intersection", ["c"]),
+ ("length", 1),
+ ("intersection", []),
+ ("length", 0),
+ ("intersection", []),
+ ("length", 0),
+ ],
+ )
+
+ def _compute_intersection(self, list_a: List[Any], list_b: List[Any]) -> List[Any]:
+ """Compute elements present in both lists, preserving order from list_a."""
+ b_hashes = {_make_hashable(item) for item in list_b}
+ seen: set = set()
+ result: List[Any] = []
+ for item in list_a:
+ h = _make_hashable(item)
+ if h in b_hashes and h not in seen:
+ result.append(item)
+ seen.add(h)
+ return result
+
+ async def run(self, input_data: Input, **kwargs) -> BlockOutput:
+ result = self._compute_intersection(input_data.list_a, input_data.list_b)
+ yield "intersection", result
+ yield "length", len(result)
diff --git a/autogpt_platform/backend/test/blocks/test_list_concatenation.py b/autogpt_platform/backend/test/blocks/test_list_concatenation.py
new file mode 100644
index 0000000000..8cea3b60f7
--- /dev/null
+++ b/autogpt_platform/backend/test/blocks/test_list_concatenation.py
@@ -0,0 +1,1276 @@
+"""
+Comprehensive test suite for list concatenation and manipulation blocks.
+
+Tests cover:
+- ConcatenateListsBlock: basic concatenation, deduplication, None removal
+- FlattenListBlock: nested list flattening with depth control
+- InterleaveListsBlock: round-robin interleaving of multiple lists
+- ZipListsBlock: zipping lists with truncation and padding
+- ListDifferenceBlock: computing list differences (regular and symmetric)
+- ListIntersectionBlock: finding common elements between lists
+- Helper utility functions: validation, flattening, deduplication, etc.
+"""
+
+import pytest
+
+from backend.blocks.data_manipulation import (
+ _MAX_FLATTEN_DEPTH,
+ ConcatenateListsBlock,
+ FlattenListBlock,
+ InterleaveListsBlock,
+ ListDifferenceBlock,
+ ListIntersectionBlock,
+ ZipListsBlock,
+ _compute_nesting_depth,
+ _concatenate_lists_simple,
+ _deduplicate_list,
+ _filter_none_values,
+ _flatten_nested_list,
+ _interleave_lists,
+ _make_hashable,
+ _validate_all_lists,
+ _validate_list_input,
+)
+from backend.util.test import execute_block_test
+
+# =============================================================================
+# Helper Function Tests
+# =============================================================================
+
+
+class TestValidateListInput:
+ """Tests for the _validate_list_input helper."""
+
+ def test_valid_list_returns_none(self):
+ assert _validate_list_input([1, 2, 3], 0) is None
+
+ def test_empty_list_returns_none(self):
+ assert _validate_list_input([], 0) is None
+
+ def test_none_returns_none(self):
+ assert _validate_list_input(None, 0) is None
+
+ def test_string_returns_error(self):
+ result = _validate_list_input("hello", 0)
+ assert result is not None
+ assert "str" in result
+ assert "index 0" in result
+
+ def test_integer_returns_error(self):
+ result = _validate_list_input(42, 1)
+ assert result is not None
+ assert "int" in result
+ assert "index 1" in result
+
+ def test_dict_returns_error(self):
+ result = _validate_list_input({"a": 1}, 2)
+ assert result is not None
+ assert "dict" in result
+ assert "index 2" in result
+
+ def test_tuple_returns_error(self):
+ result = _validate_list_input((1, 2), 3)
+ assert result is not None
+ assert "tuple" in result
+
+ def test_boolean_returns_error(self):
+ result = _validate_list_input(True, 0)
+ assert result is not None
+ assert "bool" in result
+
+ def test_float_returns_error(self):
+ result = _validate_list_input(3.14, 0)
+ assert result is not None
+ assert "float" in result
+
+
+class TestValidateAllLists:
+ """Tests for the _validate_all_lists helper."""
+
+ def test_all_valid_lists(self):
+ assert _validate_all_lists([[1], [2], [3]]) is None
+
+ def test_empty_outer_list(self):
+ assert _validate_all_lists([]) is None
+
+ def test_mixed_valid_and_none(self):
+ # None is skipped, so this should pass
+ assert _validate_all_lists([[1], None, [3]]) is None
+
+ def test_invalid_item_returns_error(self):
+ result = _validate_all_lists([[1], "bad", [3]])
+ assert result is not None
+ assert "index 1" in result
+
+ def test_first_invalid_is_returned(self):
+ result = _validate_all_lists(["first_bad", "second_bad"])
+ assert result is not None
+ assert "index 0" in result
+
+ def test_all_none_passes(self):
+ assert _validate_all_lists([None, None, None]) is None
+
+
+class TestConcatenateListsSimple:
+ """Tests for the _concatenate_lists_simple helper."""
+
+ def test_basic_concatenation(self):
+ assert _concatenate_lists_simple([[1, 2], [3, 4]]) == [1, 2, 3, 4]
+
+ def test_empty_lists(self):
+ assert _concatenate_lists_simple([[], []]) == []
+
+ def test_single_list(self):
+ assert _concatenate_lists_simple([[1, 2, 3]]) == [1, 2, 3]
+
+ def test_no_lists(self):
+ assert _concatenate_lists_simple([]) == []
+
+ def test_skip_none_values(self):
+ assert _concatenate_lists_simple([[1, 2], None, [3, 4]]) == [1, 2, 3, 4] # type: ignore[arg-type]
+
+ def test_mixed_types(self):
+ result = _concatenate_lists_simple([[1, "a"], [True, 3.14]])
+ assert result == [1, "a", True, 3.14]
+
+ def test_nested_lists_preserved(self):
+ result = _concatenate_lists_simple([[[1, 2]], [[3, 4]]])
+ assert result == [[1, 2], [3, 4]]
+
+ def test_large_number_of_lists(self):
+ lists = [[i] for i in range(100)]
+ result = _concatenate_lists_simple(lists)
+ assert result == list(range(100))
+
+
+class TestFlattenNestedList:
+ """Tests for the _flatten_nested_list helper."""
+
+ def test_already_flat(self):
+ assert _flatten_nested_list([1, 2, 3]) == [1, 2, 3]
+
+ def test_one_level_nesting(self):
+ assert _flatten_nested_list([[1, 2], [3, 4]]) == [1, 2, 3, 4]
+
+ def test_deep_nesting(self):
+ assert _flatten_nested_list([1, [2, [3, [4, [5]]]]]) == [1, 2, 3, 4, 5]
+
+ def test_empty_list(self):
+ assert _flatten_nested_list([]) == []
+
+ def test_mixed_nesting(self):
+ assert _flatten_nested_list([1, [2, 3], 4, [5, [6]]]) == [1, 2, 3, 4, 5, 6]
+
+ def test_max_depth_zero(self):
+ # max_depth=0 means no flattening at all
+ result = _flatten_nested_list([[1, 2], [3, 4]], max_depth=0)
+ assert result == [[1, 2], [3, 4]]
+
+ def test_max_depth_one(self):
+ result = _flatten_nested_list([[1, [2, 3]], [4, [5]]], max_depth=1)
+ assert result == [1, [2, 3], 4, [5]]
+
+ def test_max_depth_two(self):
+ result = _flatten_nested_list([[[1, 2], [3]], [[4, [5]]]], max_depth=2)
+ assert result == [1, 2, 3, 4, [5]]
+
+ def test_unlimited_depth(self):
+ deeply_nested = [[[[[[[1]]]]]]]
+ assert _flatten_nested_list(deeply_nested, max_depth=-1) == [1]
+
+ def test_preserves_non_list_iterables(self):
+ result = _flatten_nested_list(["hello", [1, 2]])
+ assert result == ["hello", 1, 2]
+
+ def test_preserves_dicts(self):
+ result = _flatten_nested_list([{"a": 1}, [{"b": 2}]])
+ assert result == [{"a": 1}, {"b": 2}]
+
+ def test_excessive_depth_raises_recursion_error(self):
+ """Deeply nested lists beyond 1000 levels should raise RecursionError."""
+ # Build a list nested 1100 levels deep
+ nested = [42]
+ for _ in range(1100):
+ nested = [nested]
+ with pytest.raises(RecursionError, match="maximum.*depth"):
+ _flatten_nested_list(nested, max_depth=-1)
+
+
+class TestDeduplicateList:
+ """Tests for the _deduplicate_list helper."""
+
+ def test_no_duplicates(self):
+ assert _deduplicate_list([1, 2, 3]) == [1, 2, 3]
+
+ def test_with_duplicates(self):
+ assert _deduplicate_list([1, 2, 2, 3, 3, 3]) == [1, 2, 3]
+
+ def test_all_duplicates(self):
+ assert _deduplicate_list([1, 1, 1]) == [1]
+
+ def test_empty_list(self):
+ assert _deduplicate_list([]) == []
+
+ def test_preserves_order(self):
+ result = _deduplicate_list([3, 1, 2, 1, 3])
+ assert result == [3, 1, 2]
+
+ def test_string_duplicates(self):
+ assert _deduplicate_list(["a", "b", "a", "c"]) == ["a", "b", "c"]
+
+ def test_mixed_types(self):
+ result = _deduplicate_list([1, "1", 1, "1"])
+ assert result == [1, "1"]
+
+ def test_dict_duplicates(self):
+ result = _deduplicate_list([{"a": 1}, {"a": 1}, {"b": 2}])
+ assert result == [{"a": 1}, {"b": 2}]
+
+ def test_list_duplicates(self):
+ result = _deduplicate_list([[1, 2], [1, 2], [3, 4]])
+ assert result == [[1, 2], [3, 4]]
+
+ def test_none_duplicates(self):
+ result = _deduplicate_list([None, 1, None, 2])
+ assert result == [None, 1, 2]
+
+ def test_single_element(self):
+ assert _deduplicate_list([42]) == [42]
+
+
+class TestMakeHashable:
+ """Tests for the _make_hashable helper."""
+
+ def test_integer(self):
+ assert _make_hashable(42) == 42
+
+ def test_string(self):
+ assert _make_hashable("hello") == "hello"
+
+ def test_none(self):
+ assert _make_hashable(None) is None
+
+ def test_dict_returns_tuple(self):
+ result = _make_hashable({"a": 1})
+ assert isinstance(result, tuple)
+ # Should be hashable
+ hash(result)
+
+ def test_list_returns_tuple(self):
+ result = _make_hashable([1, 2, 3])
+ assert result == (1, 2, 3)
+
+ def test_same_dict_same_hash(self):
+ assert _make_hashable({"a": 1, "b": 2}) == _make_hashable({"a": 1, "b": 2})
+
+ def test_different_dict_different_hash(self):
+ assert _make_hashable({"a": 1}) != _make_hashable({"a": 2})
+
+ def test_dict_key_order_independent(self):
+ """Dicts with same keys in different insertion order produce same result."""
+ d1 = {"b": 2, "a": 1}
+ d2 = {"a": 1, "b": 2}
+ assert _make_hashable(d1) == _make_hashable(d2)
+
+ def test_tuple_hashable(self):
+ result = _make_hashable((1, 2, 3))
+ assert result == (1, 2, 3)
+ hash(result)
+
+ def test_boolean(self):
+ result = _make_hashable(True)
+ assert result is True
+
+ def test_float(self):
+ result = _make_hashable(3.14)
+ assert result == 3.14
+
+
+class TestFilterNoneValues:
+ """Tests for the _filter_none_values helper."""
+
+ def test_removes_none(self):
+ assert _filter_none_values([1, None, 2, None, 3]) == [1, 2, 3]
+
+ def test_no_none(self):
+ assert _filter_none_values([1, 2, 3]) == [1, 2, 3]
+
+ def test_all_none(self):
+ assert _filter_none_values([None, None, None]) == []
+
+ def test_empty_list(self):
+ assert _filter_none_values([]) == []
+
+ def test_preserves_falsy_values(self):
+ assert _filter_none_values([0, False, "", None, []]) == [0, False, "", []]
+
+
+class TestComputeNestingDepth:
+ """Tests for the _compute_nesting_depth helper."""
+
+ def test_flat_list(self):
+ assert _compute_nesting_depth([1, 2, 3]) == 1
+
+ def test_one_level(self):
+ assert _compute_nesting_depth([[1, 2], [3, 4]]) == 2
+
+ def test_deep_nesting(self):
+ assert _compute_nesting_depth([[[[]]]]) == 4
+
+ def test_mixed_depth(self):
+ depth = _compute_nesting_depth([1, [2, [3]]])
+ assert depth == 3
+
+ def test_empty_list(self):
+ assert _compute_nesting_depth([]) == 1
+
+ def test_non_list(self):
+ assert _compute_nesting_depth(42) == 0
+
+ def test_string_not_recursed(self):
+ # Strings should not be treated as nested lists
+ assert _compute_nesting_depth(["hello"]) == 1
+
+
+class TestInterleaveListsHelper:
+ """Tests for the _interleave_lists helper."""
+
+ def test_equal_length_lists(self):
+ result = _interleave_lists([[1, 2, 3], ["a", "b", "c"]])
+ assert result == [1, "a", 2, "b", 3, "c"]
+
+ def test_unequal_length_lists(self):
+ result = _interleave_lists([[1, 2, 3], ["a"]])
+ assert result == [1, "a", 2, 3]
+
+ def test_empty_input(self):
+ assert _interleave_lists([]) == []
+
+ def test_single_list(self):
+ assert _interleave_lists([[1, 2, 3]]) == [1, 2, 3]
+
+ def test_three_lists(self):
+ result = _interleave_lists([[1], [2], [3]])
+ assert result == [1, 2, 3]
+
+ def test_with_none_list(self):
+ result = _interleave_lists([[1, 2], None, [3, 4]]) # type: ignore[arg-type]
+ assert result == [1, 3, 2, 4]
+
+ def test_all_empty_lists(self):
+ assert _interleave_lists([[], [], []]) == []
+
+ def test_all_none_lists(self):
+ """All-None inputs should return empty list, not crash."""
+ assert _interleave_lists([None, None, None]) == [] # type: ignore[arg-type]
+
+
+class TestComputeNestingDepthEdgeCases:
+ """Tests for _compute_nesting_depth with deeply nested input."""
+
+ def test_deeply_nested_does_not_crash(self):
+ """Deeply nested lists beyond 1000 levels should not raise RecursionError."""
+ nested = [42]
+ for _ in range(1100):
+ nested = [nested]
+ # Should return a depth value without crashing
+ depth = _compute_nesting_depth(nested)
+ assert depth >= _MAX_FLATTEN_DEPTH
+
+
+class TestMakeHashableMixedKeys:
+ """Tests for _make_hashable with mixed-type dict keys."""
+
+ def test_mixed_type_dict_keys(self):
+ """Dicts with mixed-type keys (int and str) should not crash sorted()."""
+ d = {1: "one", "two": 2}
+ result = _make_hashable(d)
+ assert isinstance(result, tuple)
+ hash(result) # Should be hashable without error
+
+ def test_mixed_type_keys_deterministic(self):
+ """Same dict with mixed keys produces same result."""
+ d1 = {1: "a", "b": 2}
+ d2 = {1: "a", "b": 2}
+ assert _make_hashable(d1) == _make_hashable(d2)
+
+
+class TestZipListsNoneHandling:
+ """Tests for ZipListsBlock with None values in input."""
+
+ def setup_method(self):
+ self.block = ZipListsBlock()
+
+ def test_zip_truncate_with_none(self):
+ """_zip_truncate should handle None values in input lists."""
+ result = self.block._zip_truncate([[1, 2], None, [3, 4]]) # type: ignore[arg-type]
+ assert result == [[1, 3], [2, 4]]
+
+ def test_zip_pad_with_none(self):
+ """_zip_pad should handle None values in input lists."""
+ result = self.block._zip_pad([[1, 2, 3], None, ["a"]], fill_value="X") # type: ignore[arg-type]
+ assert result == [[1, "a"], [2, "X"], [3, "X"]]
+
+ def test_zip_truncate_all_none(self):
+ """All-None inputs should return empty list."""
+ result = self.block._zip_truncate([None, None]) # type: ignore[arg-type]
+ assert result == []
+
+ def test_zip_pad_all_none(self):
+ """All-None inputs should return empty list."""
+ result = self.block._zip_pad([None, None], fill_value=0) # type: ignore[arg-type]
+ assert result == []
+
+
+# =============================================================================
+# Block Built-in Tests (using test_input/test_output)
+# =============================================================================
+
+
+class TestConcatenateListsBlockBuiltin:
+ """Run the built-in test_input/test_output tests for ConcatenateListsBlock."""
+
+ @pytest.mark.asyncio
+ async def test_builtin_tests(self):
+ block = ConcatenateListsBlock()
+ await execute_block_test(block)
+
+
+class TestFlattenListBlockBuiltin:
+ """Run the built-in test_input/test_output tests for FlattenListBlock."""
+
+ @pytest.mark.asyncio
+ async def test_builtin_tests(self):
+ block = FlattenListBlock()
+ await execute_block_test(block)
+
+
+class TestInterleaveListsBlockBuiltin:
+ """Run the built-in test_input/test_output tests for InterleaveListsBlock."""
+
+ @pytest.mark.asyncio
+ async def test_builtin_tests(self):
+ block = InterleaveListsBlock()
+ await execute_block_test(block)
+
+
+class TestZipListsBlockBuiltin:
+ """Run the built-in test_input/test_output tests for ZipListsBlock."""
+
+ @pytest.mark.asyncio
+ async def test_builtin_tests(self):
+ block = ZipListsBlock()
+ await execute_block_test(block)
+
+
+class TestListDifferenceBlockBuiltin:
+ """Run the built-in test_input/test_output tests for ListDifferenceBlock."""
+
+ @pytest.mark.asyncio
+ async def test_builtin_tests(self):
+ block = ListDifferenceBlock()
+ await execute_block_test(block)
+
+
+class TestListIntersectionBlockBuiltin:
+ """Run the built-in test_input/test_output tests for ListIntersectionBlock."""
+
+ @pytest.mark.asyncio
+ async def test_builtin_tests(self):
+ block = ListIntersectionBlock()
+ await execute_block_test(block)
+
+
+# =============================================================================
+# ConcatenateListsBlock Manual Tests
+# =============================================================================
+
+
+class TestConcatenateListsBlockManual:
+ """Manual test cases for ConcatenateListsBlock edge cases."""
+
+ def setup_method(self):
+ self.block = ConcatenateListsBlock()
+
+ @pytest.mark.asyncio
+ async def test_two_lists(self):
+ """Test basic two-list concatenation."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(lists=[[1, 2], [3, 4]])
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == [1, 2, 3, 4]
+ assert results["length"] == 4
+
+ @pytest.mark.asyncio
+ async def test_three_lists(self):
+ """Test three-list concatenation."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(lists=[[1], [2], [3]])
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == [1, 2, 3]
+
+ @pytest.mark.asyncio
+ async def test_five_lists(self):
+ """Test concatenation of five lists."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(lists=[[1], [2], [3], [4], [5]])
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == [1, 2, 3, 4, 5]
+ assert results["length"] == 5
+
+ @pytest.mark.asyncio
+ async def test_empty_lists_only(self):
+ """Test concatenation of only empty lists."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(lists=[[], [], []])
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == []
+ assert results["length"] == 0
+
+ @pytest.mark.asyncio
+ async def test_mixed_types_in_lists(self):
+ """Test concatenation with mixed types."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(
+ lists=[[1, "a"], [True, 3.14], [None, {"key": "val"}]]
+ )
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == [
+ 1,
+ "a",
+ True,
+ 3.14,
+ None,
+ {"key": "val"},
+ ]
+
+ @pytest.mark.asyncio
+ async def test_deduplication_enabled(self):
+ """Test deduplication removes duplicates."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(
+ lists=[[1, 2, 3], [2, 3, 4], [3, 4, 5]],
+ deduplicate=True,
+ )
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == [1, 2, 3, 4, 5]
+
+ @pytest.mark.asyncio
+ async def test_deduplication_preserves_order(self):
+ """Test that deduplication preserves first-occurrence order."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(
+ lists=[[3, 1, 2], [2, 4, 1]],
+ deduplicate=True,
+ )
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == [3, 1, 2, 4]
+
+ @pytest.mark.asyncio
+ async def test_remove_none_enabled(self):
+ """Test None removal from concatenated results."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(
+ lists=[[1, None], [None, 2], [3, None]],
+ remove_none=True,
+ )
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == [1, 2, 3]
+
+ @pytest.mark.asyncio
+ async def test_dedup_and_remove_none_combined(self):
+ """Test both deduplication and None removal together."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(
+ lists=[[1, None, 2], [2, None, 3]],
+ deduplicate=True,
+ remove_none=True,
+ )
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == [1, 2, 3]
+
+ @pytest.mark.asyncio
+ async def test_nested_lists_preserved(self):
+ """Test that nested lists are not flattened during concatenation."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(lists=[[[1, 2]], [[3, 4]]])
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == [[1, 2], [3, 4]]
+
+ @pytest.mark.asyncio
+ async def test_large_lists(self):
+ """Test concatenation of large lists."""
+ list_a = list(range(1000))
+ list_b = list(range(1000, 2000))
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(lists=[list_a, list_b])
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == list(range(2000))
+ assert results["length"] == 2000
+
+ @pytest.mark.asyncio
+ async def test_single_list_input(self):
+ """Test concatenation with a single list."""
+ results = {}
+ async for name, value in self.block.run(
+ ConcatenateListsBlock.Input(lists=[[1, 2, 3]])
+ ):
+ results[name] = value
+ assert results["concatenated_list"] == [1, 2, 3]
+
+ @pytest.mark.asyncio
+ async def test_block_id_is_valid_uuid(self):
+ """Test that the block has a valid UUID4 ID."""
+ import uuid
+
+ parsed = uuid.UUID(self.block.id)
+ assert parsed.version == 4
+
+ @pytest.mark.asyncio
+ async def test_block_category(self):
+ """Test that the block has the correct category."""
+ from backend.blocks._base import BlockCategory
+
+ assert BlockCategory.BASIC in self.block.categories
+
+
+# =============================================================================
+# FlattenListBlock Manual Tests
+# =============================================================================
+
+
+class TestFlattenListBlockManual:
+ """Manual test cases for FlattenListBlock."""
+
+ def setup_method(self):
+ self.block = FlattenListBlock()
+
+ @pytest.mark.asyncio
+ async def test_simple_flatten(self):
+ """Test flattening a simple nested list."""
+ results = {}
+ async for name, value in self.block.run(
+ FlattenListBlock.Input(nested_list=[[1, 2], [3, 4]])
+ ):
+ results[name] = value
+ assert results["flattened_list"] == [1, 2, 3, 4]
+ assert results["length"] == 4
+
+ @pytest.mark.asyncio
+ async def test_deeply_nested(self):
+ """Test flattening a deeply nested structure."""
+ results = {}
+ async for name, value in self.block.run(
+ FlattenListBlock.Input(nested_list=[1, [2, [3, [4, [5]]]]])
+ ):
+ results[name] = value
+ assert results["flattened_list"] == [1, 2, 3, 4, 5]
+
+ @pytest.mark.asyncio
+ async def test_partial_flatten(self):
+ """Test flattening with max_depth=1."""
+ results = {}
+ async for name, value in self.block.run(
+ FlattenListBlock.Input(
+ nested_list=[[1, [2, 3]], [4, [5]]],
+ max_depth=1,
+ )
+ ):
+ results[name] = value
+ assert results["flattened_list"] == [1, [2, 3], 4, [5]]
+
+ @pytest.mark.asyncio
+ async def test_already_flat_list(self):
+ """Test flattening an already flat list."""
+ results = {}
+ async for name, value in self.block.run(
+ FlattenListBlock.Input(nested_list=[1, 2, 3, 4])
+ ):
+ results[name] = value
+ assert results["flattened_list"] == [1, 2, 3, 4]
+
+ @pytest.mark.asyncio
+ async def test_empty_nested_lists(self):
+ """Test flattening with empty nested lists."""
+ results = {}
+ async for name, value in self.block.run(
+ FlattenListBlock.Input(nested_list=[[], [1], [], [2], []])
+ ):
+ results[name] = value
+ assert results["flattened_list"] == [1, 2]
+
+ @pytest.mark.asyncio
+ async def test_mixed_types_preserved(self):
+ """Test that non-list types are preserved during flattening."""
+ results = {}
+ async for name, value in self.block.run(
+ FlattenListBlock.Input(nested_list=["hello", [1, {"a": 1}], [True]])
+ ):
+ results[name] = value
+ assert results["flattened_list"] == ["hello", 1, {"a": 1}, True]
+
+ @pytest.mark.asyncio
+ async def test_original_depth_reported(self):
+ """Test that original nesting depth is correctly reported."""
+ results = {}
+ async for name, value in self.block.run(
+ FlattenListBlock.Input(nested_list=[1, [2, [3]]])
+ ):
+ results[name] = value
+ assert results["original_depth"] == 3
+
+ @pytest.mark.asyncio
+ async def test_block_id_is_valid_uuid(self):
+ """Test that the block has a valid UUID4 ID."""
+ import uuid
+
+ parsed = uuid.UUID(self.block.id)
+ assert parsed.version == 4
+
+
+# =============================================================================
+# InterleaveListsBlock Manual Tests
+# =============================================================================
+
+
+class TestInterleaveListsBlockManual:
+ """Manual test cases for InterleaveListsBlock."""
+
+ def setup_method(self):
+ self.block = InterleaveListsBlock()
+
+ @pytest.mark.asyncio
+ async def test_equal_length_interleave(self):
+ """Test interleaving two equal-length lists."""
+ results = {}
+ async for name, value in self.block.run(
+ InterleaveListsBlock.Input(lists=[[1, 2, 3], ["a", "b", "c"]])
+ ):
+ results[name] = value
+ assert results["interleaved_list"] == [1, "a", 2, "b", 3, "c"]
+
+ @pytest.mark.asyncio
+ async def test_unequal_length_interleave(self):
+ """Test interleaving lists of different lengths."""
+ results = {}
+ async for name, value in self.block.run(
+ InterleaveListsBlock.Input(lists=[[1, 2, 3, 4], ["a", "b"]])
+ ):
+ results[name] = value
+ assert results["interleaved_list"] == [1, "a", 2, "b", 3, 4]
+
+ @pytest.mark.asyncio
+ async def test_three_lists_interleave(self):
+ """Test interleaving three lists."""
+ results = {}
+ async for name, value in self.block.run(
+ InterleaveListsBlock.Input(lists=[[1, 2], ["a", "b"], ["x", "y"]])
+ ):
+ results[name] = value
+ assert results["interleaved_list"] == [1, "a", "x", 2, "b", "y"]
+
+ @pytest.mark.asyncio
+ async def test_single_element_lists(self):
+ """Test interleaving single-element lists."""
+ results = {}
+ async for name, value in self.block.run(
+ InterleaveListsBlock.Input(lists=[[1], [2], [3], [4]])
+ ):
+ results[name] = value
+ assert results["interleaved_list"] == [1, 2, 3, 4]
+
+ @pytest.mark.asyncio
+ async def test_block_id_is_valid_uuid(self):
+ """Test that the block has a valid UUID4 ID."""
+ import uuid
+
+ parsed = uuid.UUID(self.block.id)
+ assert parsed.version == 4
+
+
+# =============================================================================
+# ZipListsBlock Manual Tests
+# =============================================================================
+
+
+class TestZipListsBlockManual:
+ """Manual test cases for ZipListsBlock."""
+
+ def setup_method(self):
+ self.block = ZipListsBlock()
+
+ @pytest.mark.asyncio
+ async def test_basic_zip(self):
+ """Test basic zipping of two lists."""
+ results = {}
+ async for name, value in self.block.run(
+ ZipListsBlock.Input(lists=[[1, 2, 3], ["a", "b", "c"]])
+ ):
+ results[name] = value
+ assert results["zipped_list"] == [[1, "a"], [2, "b"], [3, "c"]]
+
+ @pytest.mark.asyncio
+ async def test_truncate_to_shortest(self):
+ """Test that default behavior truncates to shortest list."""
+ results = {}
+ async for name, value in self.block.run(
+ ZipListsBlock.Input(lists=[[1, 2, 3], ["a", "b"]])
+ ):
+ results[name] = value
+ assert results["zipped_list"] == [[1, "a"], [2, "b"]]
+ assert results["length"] == 2
+
+ @pytest.mark.asyncio
+ async def test_pad_to_longest(self):
+ """Test padding shorter lists with fill value."""
+ results = {}
+ async for name, value in self.block.run(
+ ZipListsBlock.Input(
+ lists=[[1, 2, 3], ["a"]],
+ pad_to_longest=True,
+ fill_value="X",
+ )
+ ):
+ results[name] = value
+ assert results["zipped_list"] == [[1, "a"], [2, "X"], [3, "X"]]
+
+ @pytest.mark.asyncio
+ async def test_pad_with_none(self):
+ """Test padding with None (default fill value)."""
+ results = {}
+ async for name, value in self.block.run(
+ ZipListsBlock.Input(
+ lists=[[1, 2], ["a"]],
+ pad_to_longest=True,
+ )
+ ):
+ results[name] = value
+ assert results["zipped_list"] == [[1, "a"], [2, None]]
+
+ @pytest.mark.asyncio
+ async def test_three_lists_zip(self):
+ """Test zipping three lists."""
+ results = {}
+ async for name, value in self.block.run(
+ ZipListsBlock.Input(lists=[[1, 2], ["a", "b"], [True, False]])
+ ):
+ results[name] = value
+ assert results["zipped_list"] == [[1, "a", True], [2, "b", False]]
+
+ @pytest.mark.asyncio
+ async def test_empty_lists_zip(self):
+ """Test zipping empty input."""
+ results = {}
+ async for name, value in self.block.run(ZipListsBlock.Input(lists=[])):
+ results[name] = value
+ assert results["zipped_list"] == []
+ assert results["length"] == 0
+
+ @pytest.mark.asyncio
+ async def test_block_id_is_valid_uuid(self):
+ """Test that the block has a valid UUID4 ID."""
+ import uuid
+
+ parsed = uuid.UUID(self.block.id)
+ assert parsed.version == 4
+
+
+# =============================================================================
+# ListDifferenceBlock Manual Tests
+# =============================================================================
+
+
+class TestListDifferenceBlockManual:
+ """Manual test cases for ListDifferenceBlock."""
+
+ def setup_method(self):
+ self.block = ListDifferenceBlock()
+
+ @pytest.mark.asyncio
+ async def test_basic_difference(self):
+ """Test basic set difference."""
+ results = {}
+ async for name, value in self.block.run(
+ ListDifferenceBlock.Input(
+ list_a=[1, 2, 3, 4, 5],
+ list_b=[3, 4, 5, 6, 7],
+ )
+ ):
+ results[name] = value
+ assert results["difference"] == [1, 2]
+
+ @pytest.mark.asyncio
+ async def test_symmetric_difference(self):
+ """Test symmetric difference."""
+ results = {}
+ async for name, value in self.block.run(
+ ListDifferenceBlock.Input(
+ list_a=[1, 2, 3],
+ list_b=[2, 3, 4],
+ symmetric=True,
+ )
+ ):
+ results[name] = value
+ assert results["difference"] == [1, 4]
+
+ @pytest.mark.asyncio
+ async def test_no_difference(self):
+ """Test when lists are identical."""
+ results = {}
+ async for name, value in self.block.run(
+ ListDifferenceBlock.Input(
+ list_a=[1, 2, 3],
+ list_b=[1, 2, 3],
+ )
+ ):
+ results[name] = value
+ assert results["difference"] == []
+ assert results["length"] == 0
+
+ @pytest.mark.asyncio
+ async def test_complete_difference(self):
+ """Test when lists share no elements."""
+ results = {}
+ async for name, value in self.block.run(
+ ListDifferenceBlock.Input(
+ list_a=[1, 2, 3],
+ list_b=[4, 5, 6],
+ )
+ ):
+ results[name] = value
+ assert results["difference"] == [1, 2, 3]
+
+ @pytest.mark.asyncio
+ async def test_empty_list_a(self):
+ """Test with empty list_a."""
+ results = {}
+ async for name, value in self.block.run(
+ ListDifferenceBlock.Input(list_a=[], list_b=[1, 2, 3])
+ ):
+ results[name] = value
+ assert results["difference"] == []
+
+ @pytest.mark.asyncio
+ async def test_empty_list_b(self):
+ """Test with empty list_b."""
+ results = {}
+ async for name, value in self.block.run(
+ ListDifferenceBlock.Input(list_a=[1, 2, 3], list_b=[])
+ ):
+ results[name] = value
+ assert results["difference"] == [1, 2, 3]
+
+ @pytest.mark.asyncio
+ async def test_string_difference(self):
+ """Test difference with string elements."""
+ results = {}
+ async for name, value in self.block.run(
+ ListDifferenceBlock.Input(
+ list_a=["apple", "banana", "cherry"],
+ list_b=["banana", "date"],
+ )
+ ):
+ results[name] = value
+ assert results["difference"] == ["apple", "cherry"]
+
+ @pytest.mark.asyncio
+ async def test_dict_difference(self):
+ """Test difference with dictionary elements."""
+ results = {}
+ async for name, value in self.block.run(
+ ListDifferenceBlock.Input(
+ list_a=[{"a": 1}, {"b": 2}, {"c": 3}],
+ list_b=[{"b": 2}],
+ )
+ ):
+ results[name] = value
+ assert results["difference"] == [{"a": 1}, {"c": 3}]
+
+ @pytest.mark.asyncio
+ async def test_block_id_is_valid_uuid(self):
+ """Test that the block has a valid UUID4 ID."""
+ import uuid
+
+ parsed = uuid.UUID(self.block.id)
+ assert parsed.version == 4
+
+
+# =============================================================================
+# ListIntersectionBlock Manual Tests
+# =============================================================================
+
+
+class TestListIntersectionBlockManual:
+ """Manual test cases for ListIntersectionBlock."""
+
+ def setup_method(self):
+ self.block = ListIntersectionBlock()
+
+ @pytest.mark.asyncio
+ async def test_basic_intersection(self):
+ """Test basic intersection."""
+ results = {}
+ async for name, value in self.block.run(
+ ListIntersectionBlock.Input(
+ list_a=[1, 2, 3, 4, 5],
+ list_b=[3, 4, 5, 6, 7],
+ )
+ ):
+ results[name] = value
+ assert results["intersection"] == [3, 4, 5]
+ assert results["length"] == 3
+
+ @pytest.mark.asyncio
+ async def test_no_intersection(self):
+ """Test when lists share no elements."""
+ results = {}
+ async for name, value in self.block.run(
+ ListIntersectionBlock.Input(
+ list_a=[1, 2, 3],
+ list_b=[4, 5, 6],
+ )
+ ):
+ results[name] = value
+ assert results["intersection"] == []
+ assert results["length"] == 0
+
+ @pytest.mark.asyncio
+ async def test_identical_lists(self):
+ """Test intersection of identical lists."""
+ results = {}
+ async for name, value in self.block.run(
+ ListIntersectionBlock.Input(
+ list_a=[1, 2, 3],
+ list_b=[1, 2, 3],
+ )
+ ):
+ results[name] = value
+ assert results["intersection"] == [1, 2, 3]
+
+ @pytest.mark.asyncio
+ async def test_preserves_order_from_list_a(self):
+ """Test that intersection preserves order from list_a."""
+ results = {}
+ async for name, value in self.block.run(
+ ListIntersectionBlock.Input(
+ list_a=[5, 3, 1],
+ list_b=[1, 3, 5],
+ )
+ ):
+ results[name] = value
+ assert results["intersection"] == [5, 3, 1]
+
+ @pytest.mark.asyncio
+ async def test_empty_list_a(self):
+ """Test with empty list_a."""
+ results = {}
+ async for name, value in self.block.run(
+ ListIntersectionBlock.Input(list_a=[], list_b=[1, 2, 3])
+ ):
+ results[name] = value
+ assert results["intersection"] == []
+
+ @pytest.mark.asyncio
+ async def test_empty_list_b(self):
+ """Test with empty list_b."""
+ results = {}
+ async for name, value in self.block.run(
+ ListIntersectionBlock.Input(list_a=[1, 2, 3], list_b=[])
+ ):
+ results[name] = value
+ assert results["intersection"] == []
+
+ @pytest.mark.asyncio
+ async def test_string_intersection(self):
+ """Test intersection with string elements."""
+ results = {}
+ async for name, value in self.block.run(
+ ListIntersectionBlock.Input(
+ list_a=["apple", "banana", "cherry"],
+ list_b=["banana", "cherry", "date"],
+ )
+ ):
+ results[name] = value
+ assert results["intersection"] == ["banana", "cherry"]
+
+ @pytest.mark.asyncio
+ async def test_deduplication_in_intersection(self):
+ """Test that duplicates in input don't cause duplicate results."""
+ results = {}
+ async for name, value in self.block.run(
+ ListIntersectionBlock.Input(
+ list_a=[1, 1, 2, 2, 3],
+ list_b=[1, 2],
+ )
+ ):
+ results[name] = value
+ assert results["intersection"] == [1, 2]
+
+ @pytest.mark.asyncio
+ async def test_block_id_is_valid_uuid(self):
+ """Test that the block has a valid UUID4 ID."""
+ import uuid
+
+ parsed = uuid.UUID(self.block.id)
+ assert parsed.version == 4
+
+
+# =============================================================================
+# Block Method Tests
+# =============================================================================
+
+
+class TestConcatenateListsBlockMethods:
+ """Tests for internal methods of ConcatenateListsBlock."""
+
+ def setup_method(self):
+ self.block = ConcatenateListsBlock()
+
+ def test_validate_inputs_valid(self):
+ assert self.block._validate_inputs([[1], [2]]) is None
+
+ def test_validate_inputs_invalid(self):
+ result = self.block._validate_inputs([[1], "bad"])
+ assert result is not None
+
+ def test_perform_concatenation(self):
+ result = self.block._perform_concatenation([[1, 2], [3, 4]])
+ assert result == [1, 2, 3, 4]
+
+ def test_apply_deduplication(self):
+ result = self.block._apply_deduplication([1, 2, 2, 3])
+ assert result == [1, 2, 3]
+
+ def test_apply_none_removal(self):
+ result = self.block._apply_none_removal([1, None, 2])
+ assert result == [1, 2]
+
+ def test_post_process_all_options(self):
+ result = self.block._post_process(
+ [1, None, 2, None, 2], deduplicate=True, remove_none=True
+ )
+ assert result == [1, 2]
+
+ def test_post_process_no_options(self):
+ result = self.block._post_process(
+ [1, None, 2, None, 2], deduplicate=False, remove_none=False
+ )
+ assert result == [1, None, 2, None, 2]
+
+
+class TestFlattenListBlockMethods:
+ """Tests for internal methods of FlattenListBlock."""
+
+ def setup_method(self):
+ self.block = FlattenListBlock()
+
+ def test_compute_depth_flat(self):
+ assert self.block._compute_depth([1, 2, 3]) == 1
+
+ def test_compute_depth_nested(self):
+ assert self.block._compute_depth([[1, [2]]]) == 3
+
+ def test_flatten_unlimited(self):
+ result = self.block._flatten([1, [2, [3]]], max_depth=-1)
+ assert result == [1, 2, 3]
+
+ def test_flatten_limited(self):
+ result = self.block._flatten([1, [2, [3]]], max_depth=1)
+ assert result == [1, 2, [3]]
+
+ def test_validate_max_depth_valid(self):
+ assert self.block._validate_max_depth(-1) is None
+ assert self.block._validate_max_depth(0) is None
+ assert self.block._validate_max_depth(5) is None
+
+ def test_validate_max_depth_invalid(self):
+ result = self.block._validate_max_depth(-2)
+ assert result is not None
+
+
+class TestZipListsBlockMethods:
+ """Tests for internal methods of ZipListsBlock."""
+
+ def setup_method(self):
+ self.block = ZipListsBlock()
+
+ def test_zip_truncate(self):
+ result = self.block._zip_truncate([[1, 2, 3], ["a", "b"]])
+ assert result == [[1, "a"], [2, "b"]]
+
+ def test_zip_pad(self):
+ result = self.block._zip_pad([[1, 2, 3], ["a"]], fill_value="X")
+ assert result == [[1, "a"], [2, "X"], [3, "X"]]
+
+ def test_zip_pad_empty(self):
+ result = self.block._zip_pad([], fill_value=None)
+ assert result == []
+
+ def test_validate_inputs(self):
+ assert self.block._validate_inputs([[1], [2]]) is None
+ result = self.block._validate_inputs([[1], "bad"])
+ assert result is not None
+
+
+class TestListDifferenceBlockMethods:
+ """Tests for internal methods of ListDifferenceBlock."""
+
+ def setup_method(self):
+ self.block = ListDifferenceBlock()
+
+ def test_compute_difference(self):
+ result = self.block._compute_difference([1, 2, 3], [2, 3, 4])
+ assert result == [1]
+
+ def test_compute_symmetric_difference(self):
+ result = self.block._compute_symmetric_difference([1, 2, 3], [2, 3, 4])
+ assert result == [1, 4]
+
+ def test_compute_difference_empty(self):
+ result = self.block._compute_difference([], [1, 2])
+ assert result == []
+
+ def test_compute_symmetric_difference_identical(self):
+ result = self.block._compute_symmetric_difference([1, 2], [1, 2])
+ assert result == []
+
+
+class TestListIntersectionBlockMethods:
+ """Tests for internal methods of ListIntersectionBlock."""
+
+ def setup_method(self):
+ self.block = ListIntersectionBlock()
+
+ def test_compute_intersection(self):
+ result = self.block._compute_intersection([1, 2, 3], [2, 3, 4])
+ assert result == [2, 3]
+
+ def test_compute_intersection_empty(self):
+ result = self.block._compute_intersection([], [1, 2])
+ assert result == []
+
+ def test_compute_intersection_no_overlap(self):
+ result = self.block._compute_intersection([1, 2], [3, 4])
+ assert result == []
diff --git a/docs/integrations/README.md b/docs/integrations/README.md
index c216aa4836..00d4b0c73a 100644
--- a/docs/integrations/README.md
+++ b/docs/integrations/README.md
@@ -56,12 +56,16 @@ Below is a comprehensive list of all available blocks, categorized by their prim
| [File Store](block-integrations/basic.md#file-store) | Downloads and stores a file from a URL, data URI, or local path |
| [Find In Dictionary](block-integrations/basic.md#find-in-dictionary) | A block that looks up a value in a dictionary, list, or object by key or index and returns the corresponding value |
| [Find In List](block-integrations/basic.md#find-in-list) | Finds the index of the value in the list |
+| [Flatten List](block-integrations/basic.md#flatten-list) | Flattens a nested list structure into a single flat list |
| [Get All Memories](block-integrations/basic.md#get-all-memories) | Retrieve all memories from Mem0 with optional conversation filtering |
| [Get Latest Memory](block-integrations/basic.md#get-latest-memory) | Retrieve the latest memory from Mem0 with optional key filtering |
| [Get List Item](block-integrations/basic.md#get-list-item) | Returns the element at the given index |
| [Get Store Agent Details](block-integrations/system/store_operations.md#get-store-agent-details) | Get detailed information about an agent from the store |
| [Get Weather Information](block-integrations/basic.md#get-weather-information) | Retrieves weather information for a specified location using OpenWeatherMap API |
| [Human In The Loop](block-integrations/basic.md#human-in-the-loop) | Pause execution for human review |
+| [Interleave Lists](block-integrations/basic.md#interleave-lists) | Interleaves elements from multiple lists in round-robin fashion, alternating between sources |
+| [List Difference](block-integrations/basic.md#list-difference) | Computes the difference between two lists |
+| [List Intersection](block-integrations/basic.md#list-intersection) | Computes the intersection of two lists, returning only elements present in both |
| [List Is Empty](block-integrations/basic.md#list-is-empty) | Checks if a list is empty |
| [List Library Agents](block-integrations/system/library_operations.md#list-library-agents) | List all agents in your personal library |
| [Note](block-integrations/basic.md#note) | A visual annotation block that displays a sticky note in the workflow editor for documentation and organization purposes |
@@ -84,6 +88,7 @@ Below is a comprehensive list of all available blocks, categorized by their prim
| [Store Value](block-integrations/basic.md#store-value) | A basic block that stores and forwards a value throughout workflows, allowing it to be reused without changes across multiple blocks |
| [Universal Type Converter](block-integrations/basic.md#universal-type-converter) | This block is used to convert a value to a universal type |
| [XML Parser](block-integrations/basic.md#xml-parser) | Parses XML using gravitasml to tokenize and coverts it to dict |
+| [Zip Lists](block-integrations/basic.md#zip-lists) | Zips multiple lists together into a list of grouped elements |
## Data Processing
diff --git a/docs/integrations/block-integrations/basic.md b/docs/integrations/block-integrations/basic.md
index 08def38ede..e032690edc 100644
--- a/docs/integrations/block-integrations/basic.md
+++ b/docs/integrations/block-integrations/basic.md
@@ -637,7 +637,7 @@ This enables extensibility by allowing custom blocks to be added without modifyi
## Concatenate Lists
### What it is
-Concatenates multiple lists into a single list. All elements from all input lists are combined in order.
+Concatenates multiple lists into a single list. All elements from all input lists are combined in order. Supports optional deduplication and None removal.
### How it works
@@ -651,6 +651,8 @@ The block includes validation to ensure each item is actually a list. If a non-l
| Input | Description | Type | Required |
|-------|-------------|------|----------|
| lists | A list of lists to concatenate together. All lists will be combined in order into a single list. | List[List[Any]] | Yes |
+| deduplicate | If True, remove duplicate elements from the concatenated result while preserving order. | bool | No |
+| remove_none | If True, remove None values from the concatenated result. | bool | No |
### Outputs
@@ -658,6 +660,7 @@ The block includes validation to ensure each item is actually a list. If a non-l
|--------|-------------|------|
| error | Error message if concatenation failed due to invalid input types. | str |
| concatenated_list | The concatenated list containing all elements from all input lists in order. | List[Any] |
+| length | The total number of elements in the concatenated list. | int |
### Possible use case
@@ -820,6 +823,45 @@ This enables conditional logic based on list membership and helps locate items f
---
+## Flatten List
+
+### What it is
+Flattens a nested list structure into a single flat list. Supports configurable maximum flattening depth.
+
+### How it works
+
+This block recursively traverses a nested list and extracts all leaf elements into a single flat list. You can control how deep the flattening goes with the max_depth parameter: set it to -1 to flatten completely, or to a positive integer to flatten only that many levels.
+
+The block also reports the original nesting depth of the input, which is useful for understanding the structure of data coming from sources with varying levels of nesting.
+
+
+### Inputs
+
+| Input | Description | Type | Required |
+|-------|-------------|------|----------|
+| nested_list | A potentially nested list to flatten into a single-level list. | List[Any] | Yes |
+| max_depth | Maximum depth to flatten. -1 means flatten completely. 1 means flatten only one level. | int | No |
+
+### Outputs
+
+| Output | Description | Type |
+|--------|-------------|------|
+| error | Error message if flattening failed. | str |
+| flattened_list | The flattened list with all nested elements extracted. | List[Any] |
+| length | The number of elements in the flattened list. | int |
+| original_depth | The maximum nesting depth of the original input list. | int |
+
+### Possible use case
+
+**Normalizing API Responses**: Flatten nested JSON arrays from different API endpoints into a uniform single-level list for consistent processing.
+
+**Aggregating Nested Results**: Combine results from recursive file searches or nested category trees into a flat list of items for display or export.
+
+**Data Pipeline Cleanup**: Simplify deeply nested data structures from multiple transformation steps into a clean flat list before final output.
+
+
+---
+
## Get All Memories
### What it is
@@ -1012,6 +1054,120 @@ This enables human oversight at critical points in automated workflows, ensuring
---
+## Interleave Lists
+
+### What it is
+Interleaves elements from multiple lists in round-robin fashion, alternating between sources.
+
+### How it works
+
+This block takes elements from each input list in round-robin order, picking one element from each list in turn. For example, given `[[1, 2, 3], ['a', 'b', 'c']]`, it produces `[1, 'a', 2, 'b', 3, 'c']`.
+
+When lists have different lengths, shorter lists stop contributing once exhausted, and remaining elements from longer lists continue to be added in order.
+
+
+### Inputs
+
+| Input | Description | Type | Required |
+|-------|-------------|------|----------|
+| lists | A list of lists to interleave. Elements will be taken in round-robin order. | List[List[Any]] | Yes |
+
+### Outputs
+
+| Output | Description | Type |
+|--------|-------------|------|
+| error | Error message if interleaving failed. | str |
+| interleaved_list | The interleaved list with elements alternating from each input list. | List[Any] |
+| length | The total number of elements in the interleaved list. | int |
+
+### Possible use case
+
+**Balanced Content Mixing**: Alternate between content from different sources (e.g., mixing promotional and organic posts) for a balanced feed.
+
+**Round-Robin Scheduling**: Distribute tasks evenly across workers or queues by interleaving items from separate task lists.
+
+**Multi-Language Output**: Weave together translated text segments with their original counterparts for side-by-side comparison.
+
+
+---
+
+## List Difference
+
+### What it is
+Computes the difference between two lists. Returns elements in the first list not found in the second, or symmetric difference.
+
+### How it works
+
+This block compares two lists and returns elements from list_a that do not appear in list_b. It uses hash-based lookup for efficient comparison. When symmetric mode is enabled, it returns elements that are in either list but not in both.
+
+The order of elements from list_a is preserved in the output, and elements from list_b are appended when using symmetric difference.
+
+
+### Inputs
+
+| Input | Description | Type | Required |
+|-------|-------------|------|----------|
+| list_a | The primary list to check elements from. | List[Any] | Yes |
+| list_b | The list to subtract. Elements found here will be removed from list_a. | List[Any] | Yes |
+| symmetric | If True, compute symmetric difference (elements in either list but not both). | bool | No |
+
+### Outputs
+
+| Output | Description | Type |
+|--------|-------------|------|
+| error | Error message if the operation failed. | str |
+| difference | Elements from list_a not found in list_b (or symmetric difference if enabled). | List[Any] |
+| length | The number of elements in the difference result. | int |
+
+### Possible use case
+
+**Change Detection**: Compare a current list of records against a previous snapshot to find newly added or removed items.
+
+**Exclusion Filtering**: Remove items from a list that appear in a blocklist or already-processed list to avoid duplicates.
+
+**Data Sync**: Identify which items exist in one system but not another to determine what needs to be synced.
+
+
+---
+
+## List Intersection
+
+### What it is
+Computes the intersection of two lists, returning only elements present in both.
+
+### How it works
+
+This block finds elements that appear in both input lists by hashing elements from list_b for efficient lookup, then checking each element of list_a against that set. The output preserves the order from list_a and removes duplicates.
+
+This is useful for finding common items between two datasets without needing to manually iterate or compare.
+
+
+### Inputs
+
+| Input | Description | Type | Required |
+|-------|-------------|------|----------|
+| list_a | The first list to intersect. | List[Any] | Yes |
+| list_b | The second list to intersect. | List[Any] | Yes |
+
+### Outputs
+
+| Output | Description | Type |
+|--------|-------------|------|
+| error | Error message if the operation failed. | str |
+| intersection | Elements present in both list_a and list_b. | List[Any] |
+| length | The number of elements in the intersection. | int |
+
+### Possible use case
+
+**Finding Common Tags**: Identify shared tags or categories between two items for recommendation or grouping purposes.
+
+**Mutual Connections**: Find users or contacts that appear in both of two different lists, such as shared friends or overlapping team members.
+
+**Feature Comparison**: Determine which features or capabilities are supported by both of two systems or products.
+
+
+---
+
## List Is Empty
### What it is
@@ -1452,3 +1608,42 @@ This makes XML data accessible using standard dictionary operations, allowing yo
---
+
+## Zip Lists
+
+### What it is
+Zips multiple lists together into a list of grouped elements. Supports padding to longest or truncating to shortest.
+
+### How it works
+
+This block pairs up corresponding elements from multiple input lists into sub-lists. For example, zipping `[[1, 2, 3], ['a', 'b', 'c']]` produces `[[1, 'a'], [2, 'b'], [3, 'c']]`.
+
+By default, the result is truncated to the length of the shortest input list. Enable pad_to_longest to instead pad shorter lists with a fill_value so no elements from longer lists are lost.
+
+
+### Inputs
+
+| Input | Description | Type | Required |
+|-------|-------------|------|----------|
+| lists | A list of lists to zip together. Corresponding elements will be grouped. | List[List[Any]] | Yes |
+| pad_to_longest | If True, pad shorter lists with fill_value to match the longest list. If False, truncate to shortest. | bool | No |
+| fill_value | Value to use for padding when pad_to_longest is True. | Fill Value | No |
+
+### Outputs
+
+| Output | Description | Type |
+|--------|-------------|------|
+| error | Error message if zipping failed. | str |
+| zipped_list | The zipped list of grouped elements. | List[List[Any]] |
+| length | The number of groups in the zipped result. | int |
+
+### Possible use case
+
+**Creating Key-Value Pairs**: Combine a list of field names with a list of values to build structured records or dictionaries.
+
+**Parallel Data Alignment**: Pair up corresponding items from separate data sources (e.g., names and email addresses) for processing together.
+
+**Table Row Construction**: Group column data into rows by zipping each column's values together for CSV export or display.
+
+
+---
From e2d3c8a21761cbbdee88f608833ffcab35eba79e Mon Sep 17 00:00:00 2001
From: Abhimanyu Yadav <122007096+Abhi1992002@users.noreply.github.com>
Date: Mon, 16 Feb 2026 12:29:33 +0530
Subject: [PATCH 16/16] fix(frontend): Prevent node drag when selecting text in
object editor key input (#11955)
## Summary
- Add `nodrag` class to the key name input wrapper in
`WrapIfAdditionalTemplate.tsx`
- This prevents the node from being dragged when users try to select
text in the key name input field
- Follows the same pattern used by other input components like
`TextWidget.tsx`
## Test plan
- [x] Open the new builder
- [x] Add a custom node with an Object input field
- [x] Try to select text in the key name input by clicking and dragging
- [x] Verify that text selection works without moving the block
Co-authored-by: Claude
---
.../InputRenderer/base/object/WrapIfAdditionalTemplate.tsx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/autogpt_platform/frontend/src/components/renderers/InputRenderer/base/object/WrapIfAdditionalTemplate.tsx b/autogpt_platform/frontend/src/components/renderers/InputRenderer/base/object/WrapIfAdditionalTemplate.tsx
index 97478e9eaf..a8b3514d41 100644
--- a/autogpt_platform/frontend/src/components/renderers/InputRenderer/base/object/WrapIfAdditionalTemplate.tsx
+++ b/autogpt_platform/frontend/src/components/renderers/InputRenderer/base/object/WrapIfAdditionalTemplate.tsx
@@ -80,7 +80,7 @@ export default function WrapIfAdditionalTemplate(
uiSchema={uiSchema}
/>
{!isHandleConnected && (
-
+ {title && (
+
+ {highlightText(beautifyString(title), highlightedText)}
+
+ )}
+ {description && (
+
+ {highlightText(description, highlightedText)}
+
+ )}
+
+
+
+
+ {isMCPBlock && (
+ Greptile Overview
Greptile Summary
Added concurrency control and comment deduplication to prevent multiple
Claude review comments from accumulating on PRs. The workflow now
deletes previous review comments (identified by `` marker) before posting new ones, and uses concurrency groups to
prevent race conditions.
Confidence Score: 5/5
- This PR is safe to merge with minimal risk
- The changes are well-contained, follow GitHub Actions best practices,
and use built-in GitHub APIs safely. The concurrency control prevents
race conditions, and the comment cleanup logic uses proper filtering
with `head -1` to handle edge cases. The HTML comment marker approach is
standard and reliable.
- No files require special attention
Sequence Diagram
```mermaid
sequenceDiagram
participant GH as GitHub PR Event
participant WF as Workflow
participant API as GitHub API
participant Claude as Claude Action
GH->>WF: PR opened/synchronized
WF->>WF: Check concurrency group
Note over WF: Cancel any in-progress runsfor same PR number WF->>API: Query PR comments API-->>WF: Return all comments WF->>WF: Filter for CLAUDE_DOCS_REVIEW marker alt Previous comment exists WF->>API: DELETE comment by ID API-->>WF: Comment deleted else No previous comment WF->>WF: Skip deletion end WF->>Claude: Run code review Claude->>API: POST new comment with marker API-->>Claude: Comment created ```
Greptile Overview
Greptile Summary
Consolidates tool security constants into `tool_adapter.py` as single
source of truth, enables WebSearch (Brave via Anthropic API), and
explicitly blocks WebFetch to prevent SSRF attacks. The change improves
security by ensuring the agent uses the SSRF-protected
`mcp__copilot__web_fetch` tool instead of the built-in WebFetch which
can access internal networks like `localhost:8006`.
Confidence Score: 5/5
- This PR is safe to merge with minimal risk
- The changes improve security by blocking WebFetch (SSRF risk) while
enabling safe WebSearch. The consolidation of constants into a single
source of truth improves maintainability. All existing tests pass (21
security hooks tests), and the refactoring is straightforward with no
behavioral changes to existing security logic. The only suggestions are
minor improvements: adding a test for WebFetch blocking and considering
a lowercase alias for consistency.
- No files require special attention
Sequence Diagram
```mermaid
sequenceDiagram
participant Agent as SDK Agent
participant Hooks as Security Hooks
participant TA as tool_adapter.py
participant MCP as MCP Tools
Note over TA: SDK_DISALLOWED_TOOLS = ["Bash", "WebFetch"]
Note over TA: _SDK_BUILTIN_TOOLS includes WebSearch
Agent->>Hooks: Request WebSearch (Brave API)
Hooks->>TA: Check BLOCKED_TOOLS
TA-->>Hooks: Not blocked
Hooks-->>Agent: Allowed ✓
Agent->>Agent: Execute via Anthropic API
Agent->>Hooks: Request WebFetch (SSRF risk)
Hooks->>TA: Check BLOCKED_TOOLS
Note over TA: WebFetch in SDK_DISALLOWED_TOOLS
TA-->>Hooks: Blocked
Hooks-->>Agent: Denied ✗
Note over Agent: Use mcp__copilot__web_fetch instead
Agent->>Hooks: Request mcp__copilot__web_fetch
Hooks->>MCP: Validate (MCP tool, not SDK builtin)
MCP-->>Hooks: Has SSRF protection
Hooks-->>Agent: Allowed ✓
Agent->>MCP: Execute with SSRF checks
```
Greptile Overview
Greptile Summary
Enhanced `ConcatenateListsBlock` with deduplication and None-filtering
options, and added five new list manipulation blocks
(`FlattenListBlock`, `InterleaveListsBlock`, `ZipListsBlock`,
`ListDifferenceBlock`, `ListIntersectionBlock`) with comprehensive
helper functions and test coverage.
**Key Changes:**
- Enhanced `ConcatenateListsBlock` with `deduplicate` and `remove_none`
options, plus `length` output field
- Added `FlattenListBlock` for recursively flattening nested lists with
configurable `max_depth`
- Added `InterleaveListsBlock` for round-robin element interleaving
- Added `ZipListsBlock` with support for padding/truncation
- Added `ListDifferenceBlock` and `ListIntersectionBlock` for set
operations
- Extracted 12 reusable helper functions for validation, flattening,
deduplication, etc.
- Comprehensive test suite with 188 test functions covering edge cases
**Minor Issues:**
- Helper function `_deduplicate_list` has redundant logic in the `else`
branch that duplicates the `if` branch
- Three helper functions (`_filter_empty_collections`,
`_compute_list_statistics`, `_chunk_list`) are defined but unused -
consider removing unless planned for future use
- The `_make_hashable` function uses `hash(repr(item))` for unhashable
types, which correctly treats structurally identical dicts/lists as
duplicates
Confidence Score: 4/5
- Safe to merge with minor style improvements recommended
- The implementation is well-structured with comprehensive test coverage
(188 tests), proper error handling, and follows existing block patterns.
All blocks use valid UUID4 IDs and correct categories. The helper
functions provide good code reuse. The minor issues are purely stylistic
(redundant code, unused helpers) and don't affect functionality or
safety.
- No files require special attention - both files are well-tested and
follow project conventions
Sequence Diagram
```mermaid
sequenceDiagram
participant User
participant Block as List Block
participant Helper as Helper Functions
participant Output
User->>Block: Input (lists/parameters)
Block->>Helper: _validate_all_lists()
Helper-->>Block: validation result
alt validation fails
Block->>Output: error message
else validation succeeds
Block->>Helper: _concatenate_lists_simple() / _flatten_nested_list() / etc.
Helper-->>Block: processed result
opt deduplicate enabled
Block->>Helper: _deduplicate_list()
Helper-->>Block: deduplicated result
end
opt remove_none enabled
Block->>Helper: _filter_none_values()
Helper-->>Block: filtered result
end
Block->>Output: result + length
end
Output-->>User: Block outputs
```
+