mirror of
https://github.com/Significant-Gravitas/AutoGPT.git
synced 2026-01-07 22:33:57 -05:00
37b3e4e82ed37f3315e8130572693a524a6106fc
7497 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Nicholas Tindle
|
37b3e4e82e |
feat(blocks)!: Update Exa search block to match latest API specification (#11185)
BREAKING CHANGE: Removed deprecated use_auto_prompt field from Input
schema. Existing workflows using this field will need to be updated to
use the type field set to "auto" instead.
## Summary of Changes 📝
This PR comprehensively updates all Exa search blocks to match the
latest Exa API specification and adds significant new functionality
through the Websets API integration.
### Core API Updates 🔄
- **Migration to Exa SDK**: Replaced manual API calls with the official
`exa_py` AsyncExa SDK across all blocks for better reliability and
maintainability
- **Removed deprecated fields**: Eliminated
`use_auto_prompt`/`useAutoprompt` field (breaking change)
- **Fixed incomplete field definitions**: Corrected `user_location`
field definition
- **Added new input fields**: Added `moderation` and `context` fields
for enhanced content filtering
### Enhanced Content Settings 🛠️
- **Text field improvements**: Support both boolean and advanced object
configurations
- **New content options**:
- Added `livecrawl` settings (never, fallback, always, preferred)
- Added `subpages` support for deeper content retrieval
- Added `extras` settings for links and images
- Added `context` settings for additional contextual information
- **Updated settings**: Enhanced `highlight` and `summary`
configurations with new query and schema options
### Comprehensive Cost Tracking 💰
- Added detailed cost tracking models:
- `CostDollars` for monetary costs
- `CostCredits` for API credit tracking
- `CostDuration` for time-based costs
- New output fields: `request_id`, `resolved_search_type`,
`cost_dollars`
- Improved response handling to conditionally yield fields based on
availability
### New Websets API Integration 🚀
Added eight new specialized blocks for Exa's Websets API:
- **`websets.py`**: Core webset management (create, get, list, delete)
- **`websets_search.py`**: Search operations within websets
- **`websets_items.py`**: Individual item management (add, get, update,
delete)
- **`websets_enrichment.py`**: Data enrichment operations
- **`websets_import_export.py`**: Bulk import/export functionality
- **`websets_monitor.py`**: Monitor and track webset changes
- **`websets_polling.py`**: Poll for updates and changes
### New Special-Purpose Blocks 🎯
- **`code_context.py`**: Code search capabilities for finding relevant
code snippets from open source repositories, documentation, and Stack
Overflow
- **`research.py`**: Asynchronous research capabilities that explore the
web, gather sources, synthesize findings, and return structured results
with citations
### Code Organization Improvements 📁
- **Removed legacy code**: Deleted `model.py` file containing deprecated
API models
- **Centralized helpers**: Consolidated shared models and utilities in
`helpers.py`
- **Improved modularity**: Each webset operation is now in its own
dedicated file
### Other Changes 🔧
- Updated `.gitignore` for better development workflow
- Updated `CLAUDE.md` with project-specific instructions
- Updated documentation in `docs/content/platform/new_blocks.md` with
error handling, data models, and file input guidelines
- Improved webhook block implementations with SDK integration
### Files Changed 📂
- **Modified (11 files)**:
- `.gitignore`
- `autogpt_platform/CLAUDE.md`
- `autogpt_platform/backend/backend/blocks/exa/answers.py`
- `autogpt_platform/backend/backend/blocks/exa/contents.py`
- `autogpt_platform/backend/backend/blocks/exa/helpers.py`
- `autogpt_platform/backend/backend/blocks/exa/search.py`
- `autogpt_platform/backend/backend/blocks/exa/similar.py`
- `autogpt_platform/backend/backend/blocks/exa/webhook_blocks.py`
- `autogpt_platform/backend/backend/blocks/exa/websets.py`
- `docs/content/platform/new_blocks.md`
- **Added (8 files)**:
- `autogpt_platform/backend/backend/blocks/exa/code_context.py`
- `autogpt_platform/backend/backend/blocks/exa/research.py`
- `autogpt_platform/backend/backend/blocks/exa/websets_enrichment.py`
- `autogpt_platform/backend/backend/blocks/exa/websets_import_export.py`
- `autogpt_platform/backend/backend/blocks/exa/websets_items.py`
- `autogpt_platform/backend/backend/blocks/exa/websets_monitor.py`
- `autogpt_platform/backend/backend/blocks/exa/websets_polling.py`
- `autogpt_platform/backend/backend/blocks/exa/websets_search.py`
- **Deleted (1 file)**:
- `autogpt_platform/backend/backend/blocks/exa/model.py`
### Migration Guide 🚦
For users with existing workflows using the deprecated `use_auto_prompt`
field:
1. Remove the `use_auto_prompt` field from your input configuration
2. Set the `type` field to `ExaSearchTypes.AUTO` (or "auto" in JSON) to
achieve the same behavior
3. Review any custom content settings as the structure has been enhanced
### Testing Recommendations ✅
- Test existing workflows to ensure they handle the breaking change
- Verify cost tracking fields are properly returned
- Test new content settings options (livecrawl, subpages, extras,
context)
- Validate websets functionality if using the new Websets API blocks
🤖 Generated with [Claude Code](https://claude.com/claude-code)
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] made + ran a test agent for the blocks and flows between them
[Exa
Tests_v44.json](https://github.com/user-attachments/files/23226143/Exa.Tests_v44.json)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Migrates Exa blocks to AsyncExa SDK, adds comprehensive
Websets/research/code-context blocks, updates existing
search/content/answers/similar, deletes legacy models, adjusts
tests/docs; breaking: remove `use_auto_prompt` in favor of
`type="auto"`.
>
> - **Backend — Exa integration (SDK migration & BREAKING)**:
> - Replace manual HTTP calls with `exa_py.AsyncExa` across `search`,
`similar`, `contents`, `answers`, and webhooks; richer outputs
(citations, context, costs, resolved search type).
> - BREAKING: remove `Input.use_auto_prompt`; use `type = "auto"`.
> - Centralize models/utilities in `exa/helpers.py` (content settings,
cost models, result mappers).
> - **New Blocks**:
> - **Websets**: management (`websets.py`), searches, items,
enrichments, imports/exports, monitors, polling (new files under
`exa/websets_*`).
> - **Research**: async research task create/get/wait/list
(`exa/research.py`).
> - **Code Context**: code snippet/context retrieval
(`exa/code_context.py`).
> - **Removals**:
> - Delete deprecated `exa/model.py`.
> - **Docs & DX**:
> - Update `docs/new_blocks.md` (error handling, models, file input) and
`CLAUDE.md`; ignore backend logs in `.gitignore`.
> - **Frontend Tests**:
> - Split/extend “e” block tests and improve block add robustness in
Playwright (`build.spec.ts`, `build.page.ts`).
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
Reinier van der Leer
|
de7c5b5c31 | Merge branch 'master' into dev | ||
|
Reinier van der Leer
|
d68dceb9c1 |
fix(backend/executor): Improve graph execution permission check (#11323)
- Resolves #11316 - Durable fix to replace #11318 ### Changes 🏗️ - Expand graph execution permissions check - Don't require library membership for execution as sub-graph ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Can run sub-agent with non-latest graph version - [x] Can run sub-agent that is available in Marketplace but not added to Library |
||
|
Zamil Majdy
|
193866232c |
hotfix(backend): fix rate-limited messages blocking queue by republishing to back (#11326)
## Summary Fix critical queue blocking issue where rate-limited user messages prevent other users' executions from being processed, causing the 135 late executions reported in production. ## Root Cause Analysis When a user exceeds `max_concurrent_graph_executions_per_user` (25), the executor uses `basic_nack(requeue=True)` which sends the message to the **FRONT** of the RabbitMQ queue. This creates an infinite blocking loop where: 1. Rate-limited message goes to front of queue 2. Gets processed, hits rate limit again 3. Goes back to front of queue 4. Blocks all other users' messages indefinitely ## Solution Implementation ### 🔧 Core Changes - **New setting**: `requeue_by_republishing` (default: `True`) in `backend/util/settings.py` - **Smart `_ack_message`**: Automatically uses republishing when `requeue=True` and setting enabled - **Efficient implementation**: Uses existing `self.run_client` connection instead of creating new ones - **Integration test**: Real RabbitMQ test validates queue ordering behavior ### 🔄 Technical Implementation **Before (blocking):** ```python basic_nack(delivery_tag, requeue=True) # Goes to FRONT of queue ❌ ``` **After (non-blocking):** ```python if requeue and self.config.requeue_by_republishing: # First: Republish to BACK of queue self.run_client.publish_message(...) # Then: Reject without requeue basic_nack(delivery_tag, requeue=False) ``` ### 📊 Impact - ✅ **Other users' executions no longer blocked** by rate-limited users - ✅ **Fair queue processing** - FIFO behavior maintained for all users - ✅ **Rate limiting still works** - just doesn't block others - ✅ **Configurable** - can revert to old behavior with `requeue_by_republishing=False` - ✅ **Zero performance impact** - uses existing connections ## Test Plan - **Integration test**: `test_requeue_integration.py` validates real RabbitMQ queue ordering - **Scenario testing**: Confirms rate-limited messages go to back of queue - **Cross-user validation**: Verifies other users' messages process correctly - **Setting test**: Confirms configuration loads with correct defaults ## Deployment Strategy This is a **hotfix** that can be deployed immediately: - **Backward compatible**: Old behavior available via config - **Safe default**: New behavior is safer than current state - **No breaking changes**: All existing functionality preserved - **Immediate relief**: Resolves production queue blocking ## Files Modified - `backend/executor/manager.py`: Enhanced `_ack_message` logic and `_requeue_message_to_back` method - `backend/util/settings.py`: Added `requeue_by_republishing` configuration field - `test_requeue_integration.py`: Integration test for queue ordering validation ## Related Issues Fixes the 135 late executions issue where messages were stuck in QUEUED state despite available executor capacity (583m/600m utilization). 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> |
||
|
Krzysztof Czerwinski
|
979826f559 |
fix(platform): Wallet fixes (#11304)
### Changes 🏗️ - Unmask for Sentry: - Agent name&creator on onboarding cards - Edge paths - Block I/O names - Prevent firing `onClick` when onboarding agents are loading - Prevent confetti on null elements and top-left corner - Fix tooltip on Wallet hover - Fix `0` appearing in place of notification dot on the Wallet button ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Onboarding works and can be completed - [x] Wallet confetti works properly - [x] Tooltip works |
||
|
Swifty
|
2f87e13d17 |
feat(platform): Chat system backend (#11230)
Implements foundational backend infrastructure for chat-based agent interaction system. Users will be able to discover, configure, and run marketplace agents through conversational AI. **Note:** Chat routes are behind a feature flag ### Changes 🏗️ **Core Chat System:** - Chat service with LLM orchestration (Claude 3.5 Sonnet, Haiku, GPT-4) - REST API routes for sessions and messages - Database layer for chat persistence - System prompts and configuration **5 Conversational Tools:** 1. `find_agent` - Search marketplace by keywords 2. `get_agent_details` - Fetch agent info, inputs, credentials 3. `get_required_setup_info` - Check user readiness, missing credentials 4. `run_agent` - Execute agents immediately 5. `setup_agent` - Configure scheduled execution with cron **Testing:** - 28 tests across chat tools (23 passing, 5 skipped for scheduler) - Test fixtures for simple, LLM, and Firecrawl agents - Service and data layer tests **Bug Fixes:** - Fixed `setup_agent.py` to create schedules instead of immediate execution - Fixed graph lookup to use UUID instead of username/slug - Fixed credential matching by provider/type instead of ID - Fixed internal tool calls to use `._execute()` instead of `.execute()` ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] All 28 chat tool tests pass (23 pass, 5 skip - require scheduler) - [x] Code formatting and linting pass - [x] Tool execution flow validated through unit tests - [x] Agent discovery, details, and execution tested - [x] Credential parsing and matching tested #### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] `docker-compose.yml` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**) No configuration changes required - all existing settings compatible. |
||
|
Zamil Majdy
|
2ad5a88a5c |
feat(frontend): Change copywriting for execution task summary (#11324)
### Changes 🏗️ Change copywriting for execution task summary ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: <!-- Put your test plan here: --> - [x] Manual review |
||
|
Abhimanyu Yadav
|
e9cd40c0d4 |
fix(frontend): Correctly rendering all types of outputs in the custom node in the new builder (#11258)
Currently, we are rendering text for all types of outputs, even if it’s a video, image, or other type. So, In current we fixed it by rendering them correctly. Also, some output actions weren’t working, so fixed them also. <img width="1486" height="1080" alt="Screenshot 2025-10-27 at 4 36 33 PM" src="https://github.com/user-attachments/assets/4e4ee43f-5400-477e-8fa9-2914acf11466" /> <img width="463" height="683" alt="Screenshot 2025-10-27 at 4 39 00 PM" src="https://github.com/user-attachments/assets/bfc09c00-58dd-4a0d-96a2-aa51cc282797" /> <img width="1455" height="753" alt="Screenshot 2025-10-27 at 4 36 56 PM" src="https://github.com/user-attachments/assets/52870ffe-3e47-4b0f-bfa3-8d8bbe38cbbd" /> <img width="1131" height="1062" alt="Screenshot 2025-10-27 at 4 37 17 PM" src="https://github.com/user-attachments/assets/e55040e9-33e6-45a8-8397-bf912e93840f" /> ### Changes 🏗️ - Add a new design for the node output. - Render the correct HTML tag for each type. - Make all the output actions below the data section workable, such as viewing the complete data or copying it. - Add a “View more” button. We’re only seeing two pins of output. If we have more pins, we can view all the output in a dialogue box. ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] able to render different types of output data correctly. - [x] All output actions are working perfectly. --------- Co-authored-by: Krzysztof Czerwinski <34861343+kcze@users.noreply.github.com> Co-authored-by: Ubbe <hi@ubbe.dev> |
||
|
dependabot[bot]
|
4744675ef9 |
chore(frontend/deps-dev): bump the development-dependencies group across 1 directory with 13 updates (#11288)
Bumps the development-dependencies group with 13 updates in the /autogpt_platform/frontend directory: | Package | From | To | | --- | --- | --- | | [@chromatic-com/storybook](https://github.com/chromaui/addon-visual-tests) | `4.1.1` | `4.1.2` | | [@playwright/test](https://github.com/microsoft/playwright) | `1.55.0` | `1.56.1` | | [@tanstack/eslint-plugin-query](https://github.com/TanStack/query/tree/HEAD/packages/eslint-plugin-query) | `5.86.0` | `5.91.2` | | [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.87.3` | `5.90.2` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.3.1` | `24.9.2` | | [axe-playwright](https://github.com/abhinaba-ghosh/axe-playwright) | `2.1.0` | `2.2.2` | | [chromatic](https://github.com/chromaui/chromatic-cli) | `13.1.4` | `13.3.2` | | [msw](https://github.com/mswjs/msw) | `2.11.1` | `2.11.6` | | [msw-storybook-addon](https://github.com/mswjs/msw-storybook-addon/tree/HEAD/packages/msw-addon) | `2.0.5` | `2.0.6` | | [orval](https://github.com/orval-labs/orval) | `7.11.2` | `7.15.0` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.3` | `3.1.5` | | [prettier-plugin-tailwindcss](https://github.com/tailwindlabs/prettier-plugin-tailwindcss) | `0.6.14` | `0.7.1` | | [typescript](https://github.com/microsoft/TypeScript) | `5.9.2` | `5.9.3` | Updates `@chromatic-com/storybook` from 4.1.1 to 4.1.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chromaui/addon-visual-tests/releases"><code>@chromatic-com/storybook</code>'s releases</a>.</em></p> <blockquote> <h2>v4.1.2</h2> <h4>🐛 Bug Fix</h4> <ul> <li>Broaden version-range for storybook peerDependency to include 10.1.0-0 <a href="https://redirect.github.com/chromaui/addon-visual-tests/pull/392">#392</a> (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <h4>Authors: 2</h4> <ul> <li><a href="https://github.com/chromatic-support"><code>@chromatic-support</code></a></li> <li>Norbert de Langen (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <h2>v4.1.2-next.4</h2> <h4>⚠️ Pushed to <code>next</code></h4> <ul> <li>Broaden version-range for storybook peerDependency to include 10.2.0-0 and 10.3.0-0 (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <h4>Authors: 1</h4> <ul> <li>Norbert de Langen (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <h2>v4.1.2-next.3</h2> <h4>⚠️ Pushed to <code>next</code></h4> <ul> <li>Update GitHub Actions workflow to fetch full git history and tags with optimized settings (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <h4>Authors: 1</h4> <ul> <li>Norbert de Langen (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <h2>v4.1.2-next.2</h2> <h4>⚠️ Pushed to <code>next</code></h4> <ul> <li>bump yarn version (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <h4>Authors: 1</h4> <ul> <li>Norbert de Langen (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <h2>v4.1.2-next.1</h2> <h4>🐛 Bug Fix</h4> <ul> <li>Broaden version-range for storybook peerDependency to include 10.1.0-0 <a href="https://redirect.github.com/chromaui/addon-visual-tests/pull/392">#392</a> (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <h4>Authors: 1</h4> <ul> <li>Norbert de Langen (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <h2>v4.1.2-next.0</h2> <h4>🐛 Bug Fix</h4> <ul> <li>Main <a href="https://redirect.github.com/chromaui/addon-visual-tests/pull/391">#391</a> (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a> <a href="https://github.com/chromatic-support"><code>@chromatic-support</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/chromaui/addon-visual-tests/blob/v4.1.2/CHANGELOG.md"><code>@chromatic-com/storybook</code>'s changelog</a>.</em></p> <blockquote> <h1>v4.1.2 (Wed Oct 29 2025)</h1> <h4>🐛 Bug Fix</h4> <ul> <li>Broaden version-range for storybook peerDependency to include 10.1.0-0 <a href="https://redirect.github.com/chromaui/addon-visual-tests/pull/392">#392</a> (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> <li>Main <a href="https://redirect.github.com/chromaui/addon-visual-tests/pull/391">#391</a> (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a> <a href="https://github.com/chromatic-support"><code>@chromatic-support</code></a>)</li> </ul> <h4>Authors: 2</h4> <ul> <li><a href="https://github.com/chromatic-support"><code>@chromatic-support</code></a></li> <li>Norbert de Langen (<a href="https://github.com/ndelangen"><code>@ndelangen</code></a>)</li> </ul> <hr /> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Zamil Majdy
|
910fd2640d |
hotfix(backend): Temporarily disable library existence check for graph execution (#11318)
### Changes 🏗️ add_store_agent_to_library does not add subagents to the user library, this check can cause issues. ### Checklist 📋 #### For code changes: - [ ] I have clearly listed my changes in the PR description - [ ] I have made a test plan - [ ] I have tested my changes according to the test plan: <!-- Put your test plan here: --> - [ ] ... <details> <summary>Example test plan</summary> - [ ] Create from scratch and execute an agent with at least 3 blocks - [ ] Import an agent from file upload, and confirm it executes correctly - [ ] Upload agent to marketplace - [ ] Import an agent from marketplace and confirm it executes correctly - [ ] Edit an agent from monitor, and confirm it executes correctly </details> #### For configuration changes: - [ ] `.env.default` is updated or already compatible with my changes - [ ] `docker-compose.yml` is updated or already compatible with my changes - [ ] I have included a list of my configuration changes in the PR description (under **Changes**) <details> <summary>Examples of configuration changes</summary> - Changing ports - Adding new services that need to communicate with each other - Secrets or environment variable changes - New or infrastructure changes such as databases </details> |
||
|
Ubbe
|
eae2616fb5 |
fix(frontend): marketplace breadcrumbs typo (#11315)
## Changes 🏗️ Fixing a ✍🏽 typo found by @Pwuts ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Run the app - [x] No typos on the breadcrumbs |
||
|
Abhimanyu Yadav
|
ad3ea59d90 |
feat(frontend): Add cron-based scheduling functionality to new builder with input/credential support (#11312)
This PR introduces scheduling functionality to the new builder, allowing users to create cron-based schedules for automated graph execution with configurable inputs and credentials. https://github.com/user-attachments/assets/20c1359f-a3d6-47bf-a881-4f22c657906c ## What's New ### 🚀 Features #### Scheduling Infrastructure - **CronSchedulerDialog Component**: Interactive dialog for creating scheduled runs with: - Schedule name configuration - Cron expression builder with visual UI - Timezone support (displays user timezone or defaults to UTC) - Integration with backend scheduling API - **ScheduleGraph Component**: New action button in builder actions toolbar - Clock icon button to initiate scheduling workflow - Handles conditional flow based on input/credential requirements #### Enhanced Input Management - **Unified RunInputDialog**: Refactored to support both manual runs and scheduled runs - Dynamic "purpose" prop (`"run"` | `"schedule"`) for contextual behavior - Seamless credential and input collection flow - Transitions to cron scheduler when scheduling #### Builder Actions Improvements - **New Action Buttons Layout**: Three primary actions in the builder toolbar: 1. Agent Outputs (placeholder for future implementation) 2. Run Graph (play/stop button with gradient styling) 3. Schedule Graph (clock icon for scheduling) ## Technical Details ### New Components - `CronSchedulerDialog` - Main scheduling dialog component - `useCronSchedulerDialog` - Hook managing scheduling logic and API calls - `ScheduleGraph` - Schedule button component - `useScheduleGraph` - Hook for scheduling flow control - `AgentOutputs` - Placeholder component for future outputs feature ### Modified Components - `BuilderActions` - Added new action buttons - `RunGraph` - Enhanced with tooltip support - `RunInputDialog` - Made multi-purpose for run/schedule - `useRunInputDialog` - Added scheduling dialog state management ### API Integration - Uses `usePostV1CreateExecutionSchedule` for schedule creation - Fetches user timezone with `useGetV1GetUserTimezone` - Validates and passes graph ID, version, inputs, and credentials ## User Experience 1. **Without Inputs/Credentials**: - Click schedule button → Opens cron scheduler directly 2. **With Inputs/Credentials**: - Click schedule button → Opens input dialog - Fill required fields → Click "Schedule Run" - Configure cron expression → Create schedule 3. **Timezone Awareness**: - Shows user's configured timezone - Warns if no timezone is set (defaults to UTC) - Provides link to timezone settings ## Testing Checklist - [x] Create a schedule without inputs/credentials - [x] Create a schedule with required inputs - [x] Create a schedule with credentials - [x] Verify timezone display (with and without user timezone) |
||
|
Reinier van der Leer
|
69b6b732a2 |
feat(frontend/ui): Increase contrast of Switch component (#11309)
- Resolves #11308 ### Changes 🏗️ - Change background color of `Switch` in unchecked state from `neutral-200` to `zinc-300` Before / after: <center> <img width="48%" alt="before" src="https://github.com/user-attachments/assets/d23c9531-2f7e-49d3-8a92-f4ad40e9fa14" /> <img width="48%" alt="after" src="https://github.com/user-attachments/assets/9f27fbee-081e-4b26-8b24-74d5d5cdcef8" /> </center> ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Visually verified new look |
||
|
Abhimanyu Yadav
|
b1a2d21892 |
feat(frontend): add undo/redo functionality with keyboard shortcuts to flow builder (#11307)
This PR introduces comprehensive undo/redo functionality to the flow builder, allowing users to revert and restore changes to their workflows. The implementation includes keyboard shortcuts (Ctrl/Cmd+Z for undo, Ctrl/Cmd+Y for redo) and visual controls in the UI. https://github.com/user-attachments/assets/514253a6-4e86-4ac5-96b4-992180fb3b00 ### What's New 🚀 - **Undo/Redo State Management**: Implemented a dedicated Zustand store (`historyStore`) that tracks up to 50 historical states of nodes and connections - **Keyboard Shortcuts**: Added cross-platform keyboard shortcuts: - `Ctrl/Cmd + Z` for undo - `Ctrl/Cmd + Y` for redo - **UI Controls**: Added dedicated undo/redo buttons to the control panel with: - Visual feedback when actions are available/disabled - Tooltips for better user guidance - Proper accessibility attributes - **Automatic History Tracking**: Integrated history tracking into node operations (add, remove, position changes, data updates) ### Technical Details 🔧 #### Architecture - **History Store** (`historyStore.ts`): Manages past and future states using a stack-based approach - Stores snapshots of nodes and connections - Implements state deduplication to prevent duplicate history entries - Limits history to 50 states to manage memory usage - **Integration Points**: - `nodeStore.ts`: Modified to push state changes to history on relevant operations - `Flow.tsx`: Added the new `useFlowRealtime` hook for real-time updates - `NewControlPanel.tsx`: Integrated the new `UndoRedoButtons` component #### UI Improvements - **Enhanced Control Panel Button**: Updated to support different HTML elements (button/div) with proper role attributes for accessibility - **Block Menu Tooltips**: Added tooltips to improve user guidance - **Responsive UI**: Adjusted tooltip delays for better responsiveness (100ms delay) ### Testing Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description ✅ - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Create a new flow with multiple nodes and verify undo/redo works for node additions - [x] Move nodes and verify position changes can be undone/redone - [x] Delete nodes and verify deletions can be undone - [x] Test keyboard shortcuts (Ctrl/Cmd+Z and Ctrl/Cmd+Y) on different platforms - [x] Verify undo/redo buttons are disabled when no history is available - [x] Test with complex flows (10+ nodes) to ensure performance remains good |
||
|
Zamil Majdy
|
a78b08f5e7 |
feat(platform): implement admin user impersonation with header-based authentication (#11298)
## Summary Implement comprehensive admin user impersonation functionality to enable admins to act on behalf of any user for debugging and support purposes. ## 🔐 Security Features - **Admin Role Validation**: Only users with 'admin' role can impersonate others - **Header-Based Authentication**: Uses `X-Act-As-User-Id` header for impersonation requests - **Comprehensive Audit Logging**: All impersonation attempts logged with admin details - **Secure Error Handling**: Proper HTTP 403/401 responses for unauthorized access - **SSR Safety**: Client-side environment checks prevent server-side rendering issues ## 🏗️ Architecture ### Backend Implementation (`autogpt_libs/auth/dependencies.py`) - Enhanced `get_user_id` FastAPI dependency to process impersonation headers - Admin role verification using existing `verify_user()` function - Audit trail logging with admin email, user ID, and target user - Seamless integration with all existing routes using `get_user_id` dependency ### Frontend Implementation - **React Hook**: `useAdminImpersonation` for state management and API calls - **Security Banner**: Prominent warning when impersonation is active - **Admin Panel**: Control interface for starting/stopping impersonation - **Session Persistence**: Maintains impersonation state across page refreshes - **Full Page Refresh**: Ensures all data updates correctly on state changes ### API Integration - **Header Forwarding**: All API requests include impersonation header when active - **Proxy Support**: Next.js API proxy forwards headers to backend - **Generated Hooks**: Compatible with existing React Query API hooks - **Error Handling**: Graceful fallback for storage/authentication failures ## 🎯 User Experience ### For Admins 1. Navigate to `/admin/impersonation` 2. Enter target user ID (UUID format with validation) 3. System displays security banner during active impersonation 4. All API calls automatically use impersonated user context 5. Click "Stop Impersonation" to return to admin context ### Security Notice - **Audit Trail**: All impersonation logged with `logger.info()` including admin email - **Session Isolation**: Impersonation state stored in sessionStorage (not persistent) - **No Token Manipulation**: Uses header-based approach, preserving admin's JWT - **Role Enforcement**: Backend validates admin role on every impersonated request ## 🔧 Technical Details ### Constants & Configuration - `IMPERSONATION_HEADER_NAME = "X-Act-As-User-Id"` - `IMPERSONATION_STORAGE_KEY = "admin-impersonate-user-id"` - Centralized in `frontend/src/lib/constants.ts` and `autogpt_libs/auth/dependencies.py` ### Code Quality Improvements - **DRY Principle**: Eliminated duplicate header forwarding logic - **Icon Compliance**: Uses Phosphor Icons per coding guidelines - **Type Safety**: Proper TypeScript interfaces and error handling - **SSR Compatibility**: Environment checks for client-side only operations - **Error Consistency**: Uniform silent failure with logging approach ### Testing - Updated backend auth dependency tests for new function signatures - Added Mock Request objects for comprehensive test coverage - Maintained existing test functionality while extending capabilities ## 🚀 CodeRabbit Review Responses All CodeRabbit feedback has been addressed: 1. ✅ **DRY Principle**: Refactored duplicate header forwarding logic 2. ✅ **Icon Library**: Replaced lucide-react with Phosphor Icons 3. ✅ **SSR Safety**: Added environment checks for sessionStorage 4. ✅ **UI Improvements**: Synchronous initialization prevents flicker 5. ✅ **Error Handling**: Consistent silent failure with logging 6. ✅ **Backend Validation**: Confirmed comprehensive security implementation 7. ✅ **Type Safety**: Addressed TypeScript concerns 8. ✅ **Code Standards**: Followed all coding guidelines and best practices ## 🧪 Testing Instructions 1. **Login as Admin**: Ensure user has admin role 2. **Navigate to Panel**: Go to `/admin/impersonation` 3. **Test Impersonation**: Enter valid user UUID and start impersonation 4. **Verify Banner**: Security banner should appear at top of all pages 5. **Test API Calls**: Verify credits/graphs/etc show impersonated user's data 6. **Check Logging**: Backend logs should show impersonation audit trail 7. **Stop Impersonation**: Verify return to admin context works correctly ## 📝 Files Modified ### Backend - `autogpt_libs/auth/dependencies.py` - Core impersonation logic - `autogpt_libs/auth/dependencies_test.py` - Updated test signatures ### Frontend - `src/hooks/useAdminImpersonation.ts` - State management hook - `src/components/admin/AdminImpersonationBanner.tsx` - Security warning banner - `src/components/admin/AdminImpersonationPanel.tsx` - Admin control interface - `src/app/(platform)/admin/impersonation/page.tsx` - Admin page - `src/app/(platform)/admin/layout.tsx` - Navigation integration - `src/app/(platform)/layout.tsx` - Banner integration - `src/lib/autogpt-server-api/client.ts` - Header injection for API calls - `src/lib/autogpt-server-api/helpers.ts` - Header forwarding logic - `src/app/api/proxy/[...path]/route.ts` - Proxy header forwarding - `src/app/api/mutators/custom-mutator.ts` - Enhanced error handling - `src/lib/constants.ts` - Shared constants ## 🔒 Security Compliance - **Authorization**: Admin role required for impersonation access - **Authentication**: Uses existing JWT validation with additional role checks - **Audit Logging**: Comprehensive logging of all impersonation activities - **Error Handling**: Secure error responses without information leakage - **Session Management**: Temporary sessionStorage without persistent data - **Header Validation**: Proper sanitization and validation of impersonation headers This implementation provides a secure, auditable, and user-friendly admin impersonation system that integrates seamlessly with the existing AutoGPT Platform architecture. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Admin user impersonation to view the app as another user. * New "User Impersonation" admin page for entering target user IDs and managing sessions. * Sidebar link for quick access to the impersonation page. * Persistent impersonation state that updates app data (e.g., credits) and survives page reloads. * Top warning banner when impersonation is active with a Stop Impersonation control. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude <noreply@anthropic.com> |
||
|
Ubbe
|
5359f20070 |
feat(frontend): Google Drive Picker component (#11286)
## Changes 🏗️ <img width="800" height="876" alt="Screenshot_2025-10-29_at_22 56 43" src="https://github.com/user-attachments/assets/e1d9cf62-0a81-4658-82c2-6e673d636479" /> New `<GoogleDrivePicker />` component that, when rendered: - re-uses existing Google credentials OR asks the user to SSO - uses the Google Drive Picker script to launch a modal for the user to select files We will need this 3 new environment variables on the Front-end for it to work: ``` # Google Drive Picker NEXT_PUBLIC_GOOGLE_CLIENT_ID= NEXT_PUBLIC_GOOGLE_API_KEY= NEXT_PUBLIC_GOOGLE_APP_ID= ``` Updated `.env.default` with them. ### Next We need to figure out how to map this to an agent input type and update the Back-end to accept the files as input. ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] I tried the whole flow ### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**) |
||
|
Abhimanyu Yadav
|
427c7eb1d4 |
feat(frontend): Add dynamic input dialog for agent execution with credential support (#11301)
### Changes 🏗️ This PR enhances the agent execution functionality by introducing a dynamic input dialog that collects both regular inputs and credentials before running agents. <img width="1309" height="826" alt="Screenshot 2025-11-03 at 10 16 38 AM" src="https://github.com/user-attachments/assets/2015da5d-055d-49c5-8e7e-31bd0fe369f4" /> #### ✨ New Features - **Dynamic Input Dialog**: Added a new `RunInputDialog` component that automatically detects when agents require inputs or credentials and prompts users before execution - **Credential Management**: Integrated credential input handling directly into the execution flow, supporting various credential types (API keys, OAuth, passwords) - **Enhanced Run Controls**: Improved the `RunGraph` component with better state management and visual feedback for running/stopping agents - **Form Renderer**: Created a new unified `FormRenderer` component for consistent input rendering across the application #### 🔧 Refactoring - **Input Renderer Migration**: Moved input renderer components from FlowEditor-specific location to a shared components directory for better reusability: - Migrated fields (AnyOfField, CredentialField, ObjectField) - Migrated widgets (ArrayEditor, DateInput, SelectWidget, TextInput, etc.) - Migrated templates (FieldTemplate, ArrayFieldTemplate) - **State Management**: Enhanced `graphStore` with schemas for inputs and credentials, including helper methods to check for their presence - **Component Organization**: Restructured BuilderActions components for better modularity #### 🗑️ Cleanup - Removed outdated FlowEditor documentation files (FORM_CREATOR.md, README.md) - Removed deprecated `RunGraph` and `useRunGraph` implementations from FlowEditor - Consolidated duplicate functionality into new shared components #### 🎨 UI/UX Improvements - Added gradient styling to Run/Stop button for better visual appeal - Improved dialog layout with clear sections for Credentials and Inputs - Enhanced form fields with size variants (small, medium, large) for better responsiveness - Added loading states and proper error handling during execution ### Technical Details - The new system automatically detects input requirements from the graph schema - Credentials are handled separately with special UI treatment based on credential type - The dialog only appears when inputs or credentials are actually required - Execution flow: Save graph → Check for inputs/credentials → Show dialog if needed → Execute with provided values ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Create an agent without inputs and verify it runs directly without dialog - [x] Create an agent with input blocks and verify the dialog appears with correct fields - [x] Create an agent requiring credentials and verify credential selection/creation works - [x] Test agent execution with both inputs and credentials - [x] Verify Stop Agent functionality during execution - [x] Test error handling for invalid inputs or missing credentials - [x] Verify that the dialog closes properly after submission - [x] Test that execution state is properly reflected in the UI |
||
|
Krzysztof Czerwinski
|
c17a2f807d |
fix(frontend): Reset beads on run (#11303)
Beads are reset when saving but not on run which can result in beads from previous runs accumulating on the opened graph. ### Changes 🏗️ - Move bead reset code to function and call it before run ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Beads reset on every run |
||
|
Krzysztof Czerwinski
|
f80739d38c | Merge branch 'master' into dev | ||
|
Krzysztof Czerwinski
|
f97e19f418 |
hotfix: Patch onboarding (#11299)
### Changes 🏗️ - Prevent removing progress of user onboarding tasks by merging arrays on the backend instead of replacing them - New endpoint for onboarding reset ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Tasks are not being reset - [x] `/onboarding/reset` works |
||
|
Reinier van der Leer
|
42b9facd4a |
hotfix(backend/scheduler): Bump apscheduler to DST-fixed version 3.11.1 (#11294)
- #11273 - Bump `apscheduler` to v3.11.1 which contains a fix for the issue - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] "It's a rather ugly solution but the test proves that it works." ~the maintainer - [x] CI passes |
||
|
Reinier van der Leer
|
a02b8d9ad7 |
fix(backend/scheduler): Bump apscheduler to DST-fixed version 3.11.1 (#11294)
- #11273 ### Changes 🏗️ - Bump `apscheduler` to v3.11.1 which contains a fix for the issue ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] "It's a rather ugly solution but the test proves that it works." ~the maintainer - [x] CI passes |
||
|
Nicholas Tindle
|
834617d221 | hotfix(backend): Clarify prompt requirements for list generation for our friend claude (#11293) | ||
|
Lluis Agusti
|
e6fb649ced | Merge 'master' into 'dev' autogpt-platform-beta-v0.6.35 | ||
|
Zamil Majdy
|
2f8cdf62ba |
feat(backend): Standardize error handling with BlockSchemaInput & BlockSchemaOutput base class (#11257)
<!-- Clearly explain the need for these changes: --> This PR addresses the need for consistent error handling across all blocks in the AutoGPT platform. Previously, each block had to manually define an `error` field in their output schema, leading to code duplication and potential inconsistencies. Some blocks might forget to include the error field, making error handling unpredictable. ### Changes 🏗️ <!-- Concisely describe all of the changes made in this pull request: --> - **Created `BlockSchemaOutput` base class**: New base class that extends `BlockSchema` with a standardized `error` field - **Created `BlockSchemaInput` base class**: Added for consistency and future extensibility - **Updated 140+ block implementations**: Changed all block `Output` classes from `class Output(BlockSchema):` to `class Output(BlockSchemaOutput):` - **Removed manual error field definitions**: Eliminated hundreds of duplicate `error: str = SchemaField(...)` definitions - **Updated type annotations**: Changed `Block[BlockSchema, BlockSchema]` to `Block[BlockSchemaInput, BlockSchemaOutput]` throughout the codebase - **Fixed imports**: Added `BlockSchemaInput` and `BlockSchemaOutput` imports to all relevant files - **Maintained backward compatibility**: Updated `EmptySchema` to inherit from `BlockSchemaOutput` **Key Benefits:** - Consistent error handling across all blocks - Reduced code duplication (removed ~200 lines of repetitive error field definitions) - Type safety improvements with distinct input/output schema types - Blocks can still override error field with more specific descriptions when needed ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: <!-- Put your test plan here: --> - [x] Verified `poetry run format` passes (all linting, formatting, and type checking) - [x] Tested block instantiation works correctly (MediaDurationBlock, UnrealTextToSpeechBlock) - [x] Confirmed error fields are automatically present in all updated blocks - [x] Verified block loading system works (successfully loads 353+ blocks) - [x] Tested backward compatibility with EmptySchema - [x] Confirmed blocks can still override error field with custom descriptions - [x] Validated core schema inheritance chain works correctly #### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] `docker-compose.yml` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**) *Note: No configuration changes were needed for this refactoring.* 🤖 Generated with [Claude Code](https://claude.ai/code) --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Lluis Agusti <hi@llu.lu> Co-authored-by: Ubbe <hi@ubbe.dev> |
||
|
seer-by-sentry[bot]
|
3dc5208f71 |
feat(backend): Increase max_field_size in aiohttp requests (#11261)
### Changes 🏗️ - Increased `max_field_size` in `aiohttp.ClientSession` to 16KB to handle servers with large headers (e.g., long CSP headers). ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: <!-- Put your test plan here: --> - [x] Add unit test that checks it can now parse headers over 8k size --------- Co-authored-by: seer-by-sentry[bot] <157164994+seer-by-sentry[bot]@users.noreply.github.com> Co-authored-by: Swifty <craigswift13@gmail.com> Co-authored-by: Ubbe <hi@ubbe.dev> |
||
|
Ubbe
|
04493598e2 |
fix(frontend): more wallet popover fixes (#11285)
## Changes 🏗️ <img width="800" height="547" alt="Screenshot 2025-10-29 at 22 11 35" src="https://github.com/user-attachments/assets/5c700ddc-d770-48ef-9847-7e652c5dedcb" /> <br /><br /> - Use [`react-currency-input-field`](https://www.npmjs.com/package/react-currency-input-field) for `<Input type="amount" />` under the hood - so it formats numbers nicely with `,` and `.` - Simplify form logic - Make the popover cover the trigger button when open - Re-organize imports - Show a `$` prefix in front of the amount inputs ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Login - [x] Open the wallet with credits enabled - [x] Play with the inputs --------- Co-authored-by: Swifty <craigswift13@gmail.com> |
||
|
seer-by-sentry[bot]
|
4140331731 |
fix(blocks/llm): Validate LLM summary responses are strings (#11275)
### Changes 🏗️ - Added validation to ensure that the `summary` and `final_summary` returned by the LLM are strings. - Raises a `ValueError` if the LLM returns a list or other non-string type, providing a descriptive error message to aid debugging. Fixes [AUTOGPT-SERVER-6M4](https://sentry.io/organizations/significant-gravitas/issues/6978480131/). The issue was that: LLM returned list of strings instead of single string summary, causing `_combine_summaries` to fail on `join`. This fix was generated by Seer in Sentry, triggered by Craig Swift. 👁️ Run ID: 2230933 Not quite right? [Click here to continue debugging with Seer.](https://sentry.io/organizations/significant-gravitas/issues/6978480131/?seerDrawer=true) ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: <!-- Put your test plan here: --> - [x] Added a unit test to verify that a ValueError is raised when the LLM returns a list instead of a string for summary or final_summary. --------- Co-authored-by: seer-by-sentry[bot] <157164994+seer-by-sentry[bot]@users.noreply.github.com> Co-authored-by: Swifty <craigswift13@gmail.com> |
||
|
Swifty
|
594b1adcf7 |
fix(frontend): Fix marketplace sort by (#11284)
Marketplace sort by functionality was not working on the frontend. This PR fixes it ### Changes 🏗️ - Add type hints for sort by - Fix marketplace sort by drop downs ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: <!-- Put your test plan here: --> - [x] tested locally |
||
|
Swifty
|
cab6590908 |
fix(frontend): Safely parse error response body in handleFetchError (#11274)
### Changes 🏗️ - Ensures `handleFetchError` can handle non-JSON error responses (e.g., HTML error pages). - Attempts to parse the response body as JSON, but falls back to text if JSON parsing fails. - Logs a warning to the console if JSON parsing fails. - Sets `responseData` to null if parsing fails. Fixes [BUILDER-482](https://sentry.io/organizations/significant-gravitas/issues/6958135748/). The issue was that: Frontend error handler unconditionally calls `response.json()` on a non-JSON HTML error page starting with 'A'. This fix was generated by Seer in Sentry, triggered by Craig Swift. 👁️ Run ID: 2206951 Not quite right? [Click here to continue debugging with Seer.](https://sentry.io/organizations/significant-gravitas/issues/6958135748/?seerDrawer=true) ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Test Plan: - [x] Created unit tests for the issue that caused the error - [x] Created unit tests to ensure responses are parsed gracefully |
||
|
Swifty
|
a1ac109356 |
fix(backend): Further enhance sanitization of SQL raw queries (#11279)
### Changes 🏗️ Enhanced SQL query security in the store search functionality by implementing proper parameterization to prevent SQL injection vulnerabilities. **Security Improvements:** - Replaced string interpolation with PostgreSQL positional parameters (`$1`, `$2`, etc.) for all user inputs - Added ORDER BY whitelist validation to prevent injection via `sorted_by` parameter - Parameterized search term, creators array, category, and pagination values - Fixed variable naming conflict (`sql_where_clause` vs `where_clause`) **Testing:** - Added 4 comprehensive tests validating SQL injection prevention across different attack vectors - Tests verify that malicious input in search queries, filters, sorting, and categories are safely handled - All 10 tests in db_test.py pass successfully ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] All existing tests pass (10/10 tests passing) - [x] New security tests validate SQL injection prevention - [x] Verified parameterized queries handle malicious input safely - [x] Code formatting passes (`poetry run format`) #### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] `docker-compose.yml` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**) *Note: No configuration changes required for this security fix* |
||
|
Zamil Majdy
|
5506d59da1 |
fix(backend/executor): make graph execution permission check version-agnostic (#11283)
## Summary Fix critical issue where pre-execution permission validation broke execution of graphs that reference older versions of sub-graphs. ## Problem The `validate_graph_execution_permissions` function was checking for the specific version of a graph in the user's library. This caused failures when: 1. A parent graph references an older version of a sub-graph 2. The user updates the sub-graph to a newer version 3. The older version is no longer in their library 4. Execution of the parent graph fails with `GraphNotInLibraryError` ## Root Cause In `backend/executor/utils.py` line 523, the function was checking for the exact version, but sub-graphs legitimately reference older versions that may no longer be in the library. ## Solution ### 1. Remove Version-Specific Check (backend/executor/utils.py) - Remove `graph_version=graph.version` parameter from validation call - Add explanatory comment about version-agnostic behavior - Now only checks that the graph ID exists in user's library (any version) ### 2. Enhance Documentation (backend/data/graph.py) - Update function docstring to explain version-agnostic behavior - Document that `None` (now default) allows execution of any version - Clarify this is important for sub-graph version compatibility ## Technical Details The `validate_graph_execution_permissions` function was already designed to handle version-agnostic checks when `graph_version=None`. By omitting the version parameter, we skip the version check and only verify: - Graph exists in user's library - Graph is not deleted/archived - User has execution permissions ## Impact - ✅ Parent graphs can execute even when they reference older sub-graph versions - ✅ Sub-graph updates don't break existing parent graphs - ✅ Maintains security: still checks library membership and permissions - ✅ No breaking changes: version-specific validation still available when needed ## Example Scenario Fixed 1. User creates parent graph that uses sub-graph v1 2. User updates sub-graph to v2 (v1 removed from library) 3. Parent graph still references sub-graph v1 4. **Before**: Execution fails with `GraphNotInLibraryError` 5. **After**: Execution succeeds (version-agnostic permission check) ## Testing - [x] Code formatting and linting passes - [x] Type checking passes - [x] No breaking changes to existing functionality - [x] Security still maintained through library membership checks ## Files Changed - `backend/executor/utils.py`: Remove version-specific permission check - `backend/data/graph.py`: Enhanced documentation for version-agnostic behavior Closes #[issue-number-if-applicable] Co-authored-by: Claude <noreply@anthropic.com> |
||
|
Ubbe
|
749341100b |
fix(frontend): prevent Wallet rendering twice (#11282)
## Changes 🏗️ The `<Wallet />` was being rendered twice ( one hidden with CSS `hidden` ) because of the Navbar layout, which caused logic issues within the wallet. I changed to render it conditionally via Javascript instance, which is always better practice than use `hidden` specially for components with actual logic. I also moved the component files closer to where it is used ( in the navbar ). I have a Cursor plugin that removes imports when unused, but annoyingly re-organizes them, hence the changes around that... ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Login - [x] There is only 1 Wallet in the DOM |
||
|
Zamil Majdy
|
4922f88851 |
feat(backend/executor): Implement cascading stop for nested graph executions (#11277)
## Summary Fixes critical issue where child executions spawned by `AgentExecutorBlock` continue running after parent execution is stopped. Implements parent-child execution tracking and recursive cascading stop logic to ensure entire execution trees are terminated together. ## Background When a parent graph execution containing `AgentExecutorBlock` nodes is stopped, only the parent was terminated. Child executions continued running, leading to: - ❌ Orphaned child executions consuming credits - ❌ No user control over execution trees - ❌ Race conditions where children start after parent stops - ❌ Resource leaks from abandoned executions ## Core Changes ### 1. Database Schema (`schema.prisma` + migration) ```sql -- Add nullable parent tracking field ALTER TABLE "AgentGraphExecution" ADD COLUMN "parentGraphExecutionId" TEXT; -- Add self-referential foreign key with graceful deletion ALTER TABLE "AgentGraphExecution" ADD CONSTRAINT "AgentGraphExecution_parentGraphExecutionId_fkey" FOREIGN KEY ("parentGraphExecutionId") REFERENCES "AgentGraphExecution"("id") ON DELETE SET NULL ON UPDATE CASCADE; -- Add index for efficient child queries CREATE INDEX "AgentGraphExecution_parentGraphExecutionId_idx" ON "AgentGraphExecution"("parentGraphExecutionId"); ``` ### 2. Parent ID Propagation (`backend/blocks/agent.py`) ```python # Extract current graph execution ID and pass as parent to child execution = add_graph_execution( # ... other params parent_graph_exec_id=graph_exec_id, # NEW: Track parent relationship ) ``` ### 3. Data Layer (`backend/data/execution.py`) ```python async def get_child_graph_executions(parent_exec_id: str) -> list[GraphExecution]: """Get all child executions of a parent execution.""" children = await AgentGraphExecution.prisma().find_many( where={"parentGraphExecutionId": parent_exec_id, "isDeleted": False} ) return [GraphExecution.from_db(child) for child in children] ``` ### 4. Cascading Stop Logic (`backend/executor/utils.py`) ```python async def stop_graph_execution( user_id: str, graph_exec_id: str, wait_timeout: float = 15.0, cascade: bool = True, # NEW parameter ): # 1. Find all child executions if cascade: children = await _get_child_executions(graph_exec_id) # 2. Stop all children recursively in parallel if children: await asyncio.gather( *[stop_graph_execution(user_id, child.id, wait_timeout, True) for child in children], return_exceptions=True, # Don't fail parent if child fails ) # 3. Stop the parent execution # ... existing stop logic ``` ### 5. Race Condition Prevention (`backend/executor/manager.py`) ```python # Before executing queued child, check if parent was terminated if parent_graph_exec_id: parent_exec = get_db_client().get_graph_execution_meta(parent_graph_exec_id, user_id) if parent_exec and parent_exec.status == ExecutionStatus.TERMINATED: # Skip execution, mark child as terminated get_db_client().update_graph_execution_stats( graph_exec_id=graph_exec_id, status=ExecutionStatus.TERMINATED, ) return # Don't start orphaned child ``` ## How It Works ### Before (Broken) ``` User stops parent execution ↓ Parent terminates ✓ ↓ Child executions keep running ✗ ↓ User cannot stop children ✗ ``` ### After (Fixed) ``` User stops parent execution ↓ Query database for all children ↓ Recursively stop all children in parallel ↓ Wait for children to terminate ↓ Stop parent execution ↓ All executions in tree stopped ✓ ``` ### Race Prevention ``` Child in QUEUED status ↓ Parent stopped ↓ Child picked up by executor ↓ Pre-flight check: parent TERMINATED? ↓ Yes → Skip execution, mark child TERMINATED ↓ Child never runs ✓ ``` ## Edge Cases Handled ✅ **Deep nesting** - Recursive cascading handles multi-level trees ✅ **Queued children** - Pre-flight check prevents execution ✅ **Race conditions** - Child spawned during stop operation ✅ **Partial failures** - `return_exceptions=True` continues on error ✅ **Multiple children** - Parallel stop via `asyncio.gather()` ✅ **No parent** - Backward compatible (nullable field) ✅ **Already completed** - Existing status check handles it ## Performance Impact - **Stop operation**: O(depth) with parallel execution vs O(1) before - **Memory**: +36 bytes per execution (one UUID reference) - **Database**: +1 query per tree level, indexed for efficiency ## API Changes (Backward Compatible) ### `stop_graph_execution()` - New Optional Parameter ```python # Before async def stop_graph_execution(user_id: str, graph_exec_id: str, wait_timeout: float = 15.0) # After async def stop_graph_execution(user_id: str, graph_exec_id: str, wait_timeout: float = 15.0, cascade: bool = True) ``` **Default `cascade=True`** means existing callers get the new behavior automatically. ### `add_graph_execution()` - New Optional Parameter ```python async def add_graph_execution(..., parent_graph_exec_id: Optional[str] = None) ``` ## Security & Safety - ✅ **User verification** - Users can only stop their own executions (parent + children) - ✅ **No cycles** - Self-referential FK prevents infinite loops - ✅ **Graceful degradation** - Errors in child stops don't block parent stop - ✅ **Rate limits** - Existing execution rate limits still apply ## Testing Checklist ### Database Migration - [x] Migration runs successfully - [x] Prisma client regenerates without errors - [x] Existing tests pass ### Core Functionality - [ ] Manual test: Stop parent with running child → child stops - [ ] Manual test: Stop parent with queued child → child never starts - [ ] Unit test: Cascading stop with multiple children - [ ] Unit test: Deep nesting (3+ levels) - [ ] Integration test: Race condition prevention ## Breaking Changes **None** - All changes are backward compatible with existing code. ## Rollback Plan If issues arise: 1. **Code rollback**: Revert PR, redeploy 2. **Database rollback**: Drop column and constraints (non-destructive) --- **Note**: This branch contains additional unrelated changes from merging with `dev`. The core cascading stop feature involves only: - `schema.prisma` + migration - `backend/data/execution.py` - `backend/executor/utils.py` - `backend/blocks/agent.py` - `backend/executor/manager.py` All other file changes are from dev branch updates and not part of this feature. 🤖 Generated with [Claude Code](https://claude.ai/code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Nested graph executions: parent-child tracking and retrieval of child executions * **Improvements** * Cascading stop: stopping a parent optionally terminates child executions * Parent execution IDs propagated through runs and surfaced in logs * Per-user/graph concurrent execution limits enforced * **Bug Fixes** * Skip enqueuing children if parent is terminated; robust handling when parent-status checks fail * **Tests** * Updated tests to cover parent linkage in graph creation <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude <noreply@anthropic.com> |
||
|
Zamil Majdy
|
5fb142c656 |
fix(backend/executor): ensure cluster lock release on all execution submission failures (#11281)
## Root Cause
During rolling deployment, execution
`97058338-052a-4528-87f4-98c88416bb7f` got stuck in QUEUED state
because:
1. Pod acquired cluster lock successfully during shutdown
2. Subsequent setup operations failed (ThreadPoolExecutor shutdown,
resource exhaustion, etc.)
3. **No error handling existed** around the critical section after lock
acquisition
4. Cluster lock remained stuck in Redis for 5 minutes (TTL timeout)
5. Other pods couldn't acquire the lock, leaving execution permanently
queued
## The Fix
### Problem: Critical Section Not Protected
The original code had no error handling for the entire critical section
after successful lock acquisition:
```python
# Original code - no error handling after lock acquired
current_owner = cluster_lock.try_acquire()
if current_owner != self.executor_id:
return # didn't get lock
# CRITICAL SECTION - any failure here leaves lock stuck
self._execution_locks[graph_exec_id] = cluster_lock # Could fail: memory
logger.info("Acquired cluster lock...") # Could fail: logging
cancel_event = threading.Event() # Could fail: resources
future = self.executor.submit(...) # Could fail: shutdown
self.active_graph_runs[...] = (future, cancel_event) # Could fail: memory
```
### Solution: Wrap Entire Critical Section
Protect ALL operations after successful lock acquisition:
```python
# Fixed code - comprehensive error handling
current_owner = cluster_lock.try_acquire()
if current_owner != self.executor_id:
return # didn't get lock
# Wrap ENTIRE critical section after successful acquisition
try:
self._execution_locks[graph_exec_id] = cluster_lock
logger.info("Acquired cluster lock...")
cancel_event = threading.Event()
future = self.executor.submit(...)
self.active_graph_runs[...] = (future, cancel_event)
except Exception as e:
# Release cluster lock before requeue
cluster_lock.release()
del self._execution_locks[graph_exec_id]
_ack_message(reject=True, requeue=True)
return
```
### Why This Comprehensive Approach Works
- **Complete protection**: Any failure in critical section → lock
released
- **Proper cleanup order**: Lock released → message requeued → another
pod can try
- **Uses existing infrastructure**: Leverages established
`_ack_message()` requeue logic
- **Handles all scenarios**: ThreadPoolExecutor shutdown, resource
exhaustion, memory issues, logging failures
## Protected Failure Scenarios
1. **Memory exhaustion**: `_execution_locks` assignment or
`active_graph_runs` assignment
2. **Resource exhaustion**: `threading.Event()` creation fails
3. **ThreadPoolExecutor shutdown**: `executor.submit()` with "cannot
schedule new futures after shutdown"
4. **Logging system failures**: `logger.info()` calls fail
5. **Any unexpected exceptions**: Network issues, disk problems, etc.
## Validation
- ✅ All existing tests pass
- ✅ Maintains exact same success path behavior
- ✅ Comprehensive error handling for all failure points
- ✅ Minimal code change with maximum protection
## Impact
- **Eliminates stuck executions** during pod lifecycle events (rolling
deployments, scaling, crashes)
- **Faster recovery**: Immediate requeue vs 5-minute Redis TTL wait
- **Higher reliability**: Handles ANY failure in the critical section
- **Production-ready**: Comprehensive solution for distributed lock
management
This prevents the exact race condition that caused execution
`97058338-052a-4528-87f4-98c88416bb7f` to be stuck for >300 seconds,
plus many other potential failure scenarios.
---------
Co-authored-by: Claude <noreply@anthropic.com>
|
||
|
Pratyush Singh
|
e14594ff4a |
fix: handle oversized notifications by sending summary email (#11119) (#11130)
📨 Fix: Handle Oversized Notification Emails Summary This PR adds logic to detect and handle oversized notification emails exceeding Postmark’s 5 MB limit. Instead of retrying indefinitely, the system now sends a lightweight summary email with key stats and a dashboard link. Changes Added size check in EmailSender.send_templated() Sends summary email when payload > ~4.5 MB Prevents infinite retries and queue clogging Added logs for oversized detection Fixes #11119 --------- Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co> Co-authored-by: Zamil Majdy <zamil.majdy@agpt.co> |
||
|
Zamil Majdy
|
de70ede54a |
fix(backend): prevent execution of deleted agents and cleanup orphaned resources (#11243)
## Summary Fix critical bug where deleted agents continue running scheduled and triggered executions indefinitely, consuming credits without user control. ## Problem When agents are deleted from user libraries, their schedules and webhook triggers remain active, leading to: - ❌ Uncontrolled resource consumption - ❌ "Unknown agent" executions that charge credits - ❌ No way for users to stop orphaned executions - ❌ Accumulation of orphaned database records ## Solution ### 1. Prevention: Library Validation Before Execution - Add `is_graph_in_user_library()` function with efficient database queries - Validate graph accessibility before all executions in `validate_and_construct_node_execution_input()` - Use specific `GraphNotInLibraryError` for clear error handling ### 2. Cleanup: Remove Schedules & Webhooks on Deletion - Enhanced `delete_library_agent()` to clean up associated schedules and webhooks - Comprehensive cleanup functions for both scheduled and triggered executions - Proper database transaction handling ### 3. Error-Based Cleanup: Handle Existing Orphaned Resources - Catch `GraphNotInLibraryError` in scheduler and webhook handlers - Automatically clean up orphaned resources when execution fails - Graceful degradation without breaking existing workflows ### 4. Migration: Clean Up Historical Orphans - SQL migration to remove existing orphaned schedules and webhooks - Performance index for faster cleanup queries - Proper logging and error handling ## Key Changes ### Core Library Validation ```python # backend/data/graph.py - Single source of truth async def is_graph_in_user_library(graph_id: str, user_id: str, graph_version: Optional[int] = None) -> bool: where_clause = {"userId": user_id, "agentGraphId": graph_id, "isDeleted": False, "isArchived": False} if graph_version is not None: where_clause["agentGraphVersion"] = graph_version count = await LibraryAgent.prisma().count(where=where_clause) return count > 0 ``` ### Enhanced Agent Deletion ```python # backend/server/v2/library/db.py async def delete_library_agent(library_agent_id: str, user_id: str, soft_delete: bool = True) -> None: # ... existing deletion logic ... await _cleanup_schedules_for_graph(graph_id=graph_id, user_id=user_id) await _cleanup_webhooks_for_graph(graph_id=graph_id, user_id=user_id) ``` ### Execution Prevention ```python # backend/executor/utils.py if not await gdb.is_graph_in_user_library(graph_id=graph_id, user_id=user_id, graph_version=graph.version): raise GraphNotInLibraryError(f"Graph #{graph_id} is not accessible in your library") ``` ### Error-Based Cleanup ```python # backend/executor/scheduler.py & backend/server/integrations/router.py except GraphNotInLibraryError as e: logger.warning(f"Execution blocked for deleted/archived graph {graph_id}") await _cleanup_orphaned_resources_for_graph(graph_id, user_id) ``` ## Technical Implementation ### Database Efficiency - Use `count()` instead of `find_first()` for faster queries - Add performance index: `idx_library_agent_user_graph_active` - Follow existing `prisma.is_connected()` patterns ### Error Handling Hierarchy - **`GraphNotInLibraryError`**: Specific exception for deleted/archived graphs - **`NotAuthorizedError`**: Generic authorization errors (preserved for user ID mismatches) - Clear error messages for better debugging ### Code Organization - Single source of truth for library validation in `backend/data/graph.py` - Import from centralized location to avoid duplication - Top-level imports following codebase conventions ## Testing & Validation ### Functional Testing - ✅ Library validation prevents execution of deleted agents - ✅ Cleanup functions remove schedules and webhooks properly - ✅ Error-based cleanup handles orphaned resources gracefully - ✅ Migration removes existing orphaned records ### Integration Testing - ✅ All existing tests pass (including `test_store_listing_graph`) - ✅ No breaking changes to existing functionality - ✅ Proper error propagation and handling ### Performance Testing - ✅ Efficient database queries with proper indexing - ✅ Minimal overhead for normal execution flows - ✅ Cleanup operations don't impact performance ## Impact ### User Experience - 🎯 **Immediate**: Deleted agents stop running automatically - 🎯 **Ongoing**: No more unexpected credit charges from orphaned executions - 🎯 **Cleanup**: Historical orphaned resources are removed ### System Reliability - 🔒 **Security**: Users can only execute agents they have access to - 🧹 **Cleanup**: Automatic removal of orphaned database records - 📈 **Performance**: Efficient validation with minimal overhead ### Developer Experience - 🎯 **Clear Errors**: Specific exception types for better debugging - 🔧 **Maintainable**: Centralized library validation logic - 📚 **Documented**: Comprehensive error handling patterns ## Files Modified - `backend/data/graph.py` - Library validation function - `backend/server/v2/library/db.py` - Enhanced agent deletion with cleanup - `backend/executor/utils.py` - Execution validation and prevention - `backend/executor/scheduler.py` - Error-based cleanup for schedules - `backend/server/integrations/router.py` - Error-based cleanup for webhooks - `backend/util/exceptions.py` - Specific error type for deleted graphs - `migrations/20251023000000_cleanup_orphaned_schedules_and_webhooks/migration.sql` - Historical cleanup ## Breaking Changes None. All changes are backward compatible and preserve existing functionality. ## Follow-up Tasks - [ ] Monitor cleanup effectiveness in production - [ ] Consider adding metrics for orphaned resource detection - [ ] Potential optimization of cleanup batch operations 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> |
||
|
Ubbe
|
59657eb42e |
fix(frontend): onboarding step 5 adjustments (#11276)
## Changes 🏗️ A couple of improvements on **Onboarding Step 5**: - Show a spinner when the page is loading ( better contrast / context than skeleton in this case ) - Prevent the run button being disabled if credentials failed to load - while this is good/expected behavior, it will help us debug the issue in production where credentials failed to load silently, given running the agent it'll throw an error we can see ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Create a new account/signup - [x] On Onboarding Step 5 test the above |
||
|
Reinier van der Leer
|
5e5f45a713 |
fix(backend): Fix various warnings (#11252)
- Resolves #11251 This fixes all the warnings mentioned in #11251, reducing noise and making our logs and error alerts more useful :) ### Changes 🏗️ - Remove "Block {block_name} has multiple credential inputs" warning (not actually an issue) - Rename `json` attribute of `MainCodeExecutionResult` to `json_data`; retain serialized name through a field alias - Replace `Path(regex=...)` with `Path(pattern=...)` in `get_shared_execution` endpoint parameter config - Change Uvicorn's WebSocket module to new Sans-I/O implementation for WS server - Disable Uvicorn's WebSocket module for REST server - Remove deprecated `enable_cleanup_closed=True` argument in `CloudStorageHandler` implementation - Replace Prisma transaction timeout `int` argument with a `timedelta` value - Update Sentry SDK to latest version (v2.42.1) - Broaden filter for cleanup warnings from indirect dependency `litellm` - Fix handling of `MissingConfigError` in REST server endpoints ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - Check that the warnings are actually gone - [x] Deploy to dev environment and run a graph; check for any warnings - Test WebSocket server - [x] Run an agent in the Builder; make sure real-time execution updates still work |
||
|
Ubbe
|
320fb7d83a |
fix(frontend): waitlist modal copy (#11263)
### Changes 🏗️ ### Before <img width="800" height="649" alt="Screenshot_2025-10-23_at_00 44 59" src="https://github.com/user-attachments/assets/fd717d39-772a-4331-bc54-4db15a9a3107" /> ### After <img width="800" height="555" alt="Screenshot 2025-10-27 at 23 19 10" src="https://github.com/user-attachments/assets/64878bd0-3a96-4b3a-8344-1a88c89de52e" /> ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Try to signup with a non-approved email - [x] You see the modal with an updated copy |
||
|
Ubbe
|
54552248f7 |
fix(frontend): login not visible mobile (#11245)
## Changes 🏗️ The mobile 📱 experience is still a mess but this helps a little. ### Before <img width="350" height="395" alt="Screenshot 2025-10-24 at 18 26 18" src="https://github.com/user-attachments/assets/75eab232-8c37-41e7-a51d-dbe07db336a0" /> ### After <img width="350" height="406" alt="Screenshot 2025-10-24 at 18 25 54" src="https://github.com/user-attachments/assets/ecbd8bbd-8a94-4775-b990-c8b51de48cf9" /> ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Load the app - [x] Check the Tally popup button copy - [x] The button still works |
||
|
Ubbe
|
d8a5780ea2 |
fix(frontend): feedback button copy (#11246)
## Changes 🏗️ <img width="800" height="827" alt="Screenshot 2025-10-24 at 17 45 48" src="https://github.com/user-attachments/assets/ab18361e-6c58-43e9-bea6-c9172d06c0e7" /> - Shows the text `Give feedback` so the button is more explicit 🏁 - Refactor the component to stick to [new code conventions](https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/frontend/CONTRIBUTING.md) ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Load the app - [x] Check the Tally popup button copy - [x] The button still works |
||
|
seer-by-sentry[bot]
|
377657f8a1 |
fix(backend): Extract response from LLM response dictionary (#11262)
### Changes 🏗️ - Modifies the LLM block to extract the actual response from the dictionary returned by the LLM, instead of yielding the entire dictionary. This addresses [AUTOGPT-SERVER-6EY](https://sentry.io/organizations/significant-gravitas/issues/6950850822/). ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: <!-- Put your test plan here: --> - [x] After applying the fix, I ran the agent that triggered the Sentry error and confirmed that it now completes successfully without errors. --------- Co-authored-by: seer-by-sentry[bot] <157164994+seer-by-sentry[bot]@users.noreply.github.com> Co-authored-by: Swifty <craigswift13@gmail.com> |
||
|
seer-by-sentry[bot]
|
ff71c940c9 |
fix(backend): Properly encode hostname in URL validation (#11259)
Fixes [AUTOGPT-SERVER-6KZ](https://sentry.io/organizations/significant-gravitas/issues/6976926125/). The issue was that: Redirect handling strips the URL scheme, causing subsequent requests to fail validation and hit a 404. - Ensures the hostname in the URL is properly IDNA-encoded after validation. - Reconstructs the netloc with the encoded hostname and preserves the port if it exists. This fix was generated by Seer in Sentry, triggered by Craig Swift. 👁️ Run ID: 2204774 Not quite right? [Click here to continue debugging with Seer.](https://sentry.io/organizations/significant-gravitas/issues/6976926125/?seerDrawer=true) ### Changes 🏗️ **backend/util/request.py:** - Fixed URL validation to properly preserve port numbers when reconstructing netloc - Ensures IDNA-encoded hostname is combined with port (if present) before URL reconstruction **Test Results:** - ✅ Tested request to https://www.target.com/ (original failing URL from Sentry issue) - ✅ Status: 200, Content retrieved successfully (339,846 bytes) - ✅ Port preservation verified for URLs with explicit ports ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Tested request to https://www.target.com/ (original failing URL) - [x] Verified status code 200 and successful content retrieval - [x] Verified port preservation in URL validation <details> <summary>Example test plan</summary> - [ ] Create from scratch and execute an agent with at least 3 blocks - [ ] Import an agent from file upload, and confirm it executes correctly - [ ] Upload agent to marketplace - [ ] Import an agent from marketplace and confirm it executes correctly - [ ] Edit an agent from monitor, and confirm it executes correctly </details> #### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] `docker-compose.yml` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**) <details> <summary>Examples of configuration changes</summary> - Changing ports - Adding new services that need to communicate with each other - Secrets or environment variable changes - New or infrastructure changes such as databases </details> Co-authored-by: seer-by-sentry[bot] <157164994+seer-by-sentry[bot]@users.noreply.github.com> Co-authored-by: Swifty <craigswift13@gmail.com> |
||
|
Reinier van der Leer
|
9967b3a7ce |
fix(frontend/builder): Fix unnecessary graph re-saving (#11145)
- Resolves #10980 - 2nd attempt after #11075 broke some things Fixes unnecessary graph re-saving when no changes were made after initial save. More specifically, this PR fixes two causes of this issue: - Frontend node IDs were being compared to backend IDs, which won't match if the graph has been modified and saved since loading. - `fillDefaults` was being applied to all nodes (including existing ones) on element creation, and empty values were being stripped *post-save* with `removeEmptyStringsAndNulls`. This invisible auto-modification of node input data meant that in some common cases the graph would never be in sync with the backend. ### Changes 🏗️ - Fix node ID handling - Use `node.data.backend_id ?? node.id` instead of `node.id` in `prepareSaveableGraph` - Also map link source/sink IDs to their corresponding backend IDs - Add note about `node.data.backend_id` to `_saveAgent` - Use `node.data.backend_id || node.id` as display ID in `CustomNode` - Prevent auto-modification of node input data on existing nodes - Prune empty values (`undefined`, `null`, `""`) from node input data *pre-save* instead of post-save - Related: improve typing and functionality of `fillObjectDefaultsFromSchema` (moved and renamed from `fillDefaults`) ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Node display ID updates on save - [x] Clicking save a second time (without making more changes) doesn't cause re-save - [x] Updating nodes with dynamic input links (e.g. Create Dictionary Block) doesn't make the links disappear <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Prevented unintended auto-modification of existing nodes during editing * Improved consistency of node and connection identifiers in saved graphs * **Improvements** * Enhanced node title display logic for clearer node identification * Optimized data cleanup utilities for more robust input processing in the builder <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Bently
|
9db443960a |
feat(blocks/claude): Remove Claude 3.5 Sonnet and Haiku model (#11260)
Removes CLAUDE_3_5_SONNET and CLAUDE_3_5_HAIKU from LlmModel enum, model
metadata, and cost configuration since they are deprecated
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Verify the models are gone from the llm blocks
|
||
|
Ubbe
|
9316100864 |
fix(frontend): agent activity graph names (#11233)
## Changes 🏗️ We weren't fetching all library agents, just the first 15... to compute the agent map on the Agent Activity dropdown. We suspect that is causing some agent executions coming as `Unknown agent`. In this changes, I'm fetching all the library agents upfront ( _without blocking page load_ ) and caching them on the browser, so we have all the details to render the agent runs. This is re-used in the library as well for fast initial load on the agents list page. ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] First request populates cache; subsequent identical requests hit cache - [x] Editing an agent invalidates relevant cache keys and serves fresh data - [x] Different query params generate distinct cache entries - [x] Cache layer gracefully falls back to live data on errors - [x] 404 behavior for unknown agents unchanged ### For configuration changes: None |
||
|
Ubbe
|
cbe0cee0fc |
fix(frontend): Credentials disabling onboarding Run button (#11244)
## Changes 🏗️ The onboarding `Run` button is disabled sometimes when an agent requiring credentials is selected. We think this can be because the credentials load _async_ by a sub-component ( `<CredentialsInputs />` ), and there wasn't a way for the parent component to know whether they loaded or not. - Refactored **Step 5** of onboarding to adhere to our code conventions - split concerns and colocated state - used generated API hooks - the UI will only render once API calls succeed - Created a system where ``<CredentialsInputs />` notify the parent component when they load - Did minor adjustments here and there ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] I will know once I find an agent with credentials that I can run.... <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added visual agent selection card displaying agent details during onboarding * Introduced credentials input management for agent configuration * Added onboarding guidance for initiating agent runs * **Improvements** * Enhanced onboarding flow with improved state management * Refined login state handling * Adjusted spacing in agent rating display <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Swifty
|
b31d60276a |
fix(backend/store): Sanitize all sql terms (#11228)
Categories and Creators where not sanitized in the full text search - apply sanitization to categories and creators - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] run tests to check it still works |
||
|
Swifty
|
7cbb1ed859 |
fix(backend/store): Sanitize all sql terms (#11228)
Categories and Creators where not sanitized in the full text search ### Changes 🏗️ - apply sanitization to categories and creators ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] run tests to check it still works |