This PR removes turnstile from the platform.
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Test to make sure that turnstile is gone, it will be.
- [x] Test logging in with out turnstile to make sure it still works
- [x] Test registering a new account with out turnstile and it works
## Summary
Adds a non-blocking warning banner to Login and Sign Up pages that
alerts mobile users about potential limitations in the mobile
experience.
## Changes
- Created `MobileWarningBanner` component in `src/components/auth/`
- Integrated banner into Login page (`/login`)
- Integrated banner into Sign Up page (`/signup`)
- Banner displays only on mobile devices (viewports < 768px)
- Uses existing `useBreakpoint` hook for responsive detection
## Design Details
- **Position**: Appears below the login/signup card (after the bottom
"Sign up"/"Log in" links)
- **Style**: Amber-themed warning banner with DeviceMobile icon
- **Message**:
- Title: "Heads up: AutoGPT works best on desktop"
- Description: "Some features may be limited on mobile. For the best
experience, consider switching to a desktop."
- **Behavior**: Non-blocking, no user interaction required
<img width="342" height="81" alt="image"
src="https://github.com/user-attachments/assets/b6584299-b388-4d8d-b951-02bd95915566"
/>
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Verified banner appears on mobile viewports (< 768px)
- [x] Verified banner is hidden on desktop viewports (≥ 768px)
- [x] Tested on Login page
- [x] Tested on Sign Up page
<img width="342" height="758" alt="image"
src="https://github.com/user-attachments/assets/077b3e0a-ab9c-41c7-83b7-7ee80a3396fd"
/>
<img width="342" height="759" alt="image"
src="https://github.com/user-attachments/assets/77a64b28-748b-4d97-bd7c-67c55e5e9f22"
/>
---------
Co-authored-by: Abhimanyu Yadav <122007096+Abhi1992002@users.noreply.github.com>
### Changes 🏗️
### Before
<img width="800" height="649" alt="Screenshot_2025-10-23_at_00 44 59"
src="https://github.com/user-attachments/assets/fd717d39-772a-4331-bc54-4db15a9a3107"
/>
### After
<img width="800" height="555" alt="Screenshot 2025-10-27 at 23 19 10"
src="https://github.com/user-attachments/assets/64878bd0-3a96-4b3a-8344-1a88c89de52e"
/>
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Try to signup with a non-approved email
- [x] You see the modal with an updated copy
Improves the "not on waitlist" error display based on feedback.
- Follow-up to #11198
- Follow-up to #11196
### Changes 🏗️
- Use standard `ErrorCard`
- Improve text strings
- Merge `isWaitlistError` and `isWaitlistErrorFromParams`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] We need to test in dev becasue we don't have a waitlist locally
and will revert if it doesnt work
- deploy to dev environment and sign up with a non approved account and
see if error appears
## Changes 🏗️
Standardize all the runtime environment checks on the Front-end and
associated conditions to run against a single environment service where
all the environment config is centralized and hence easier to manage.
This helps prevent typos and bug when manually asserting against
environment variables ( which are typed as `string` ), the helper
functions are easier to read and re-use across the codebase.
## Checklist 📋
### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Run the app and click around
- [x] Everything is smooth
- [x] Test on the CI and types are green
### For configuration changes:
None 🙏🏽
## Summary
This PR improves the user experience for users who are not on the
waitlist during sign-up. When a user attempts to sign up or log in with
an email that's not on the allowlist, they now see a clear, helpful
modal with a direct call-to-action to join the waitlist.
Fixes
[OPEN-2794](https://linear.app/autogpt/issue/OPEN-2794/display-waitlist-error-for-users-not-on-waitlist-during-sign-up)
## Changes
- ✨ Updated `EmailNotAllowedModal` with improved messaging and a "Join
Waitlist" button
- 🔧 Fixed OAuth provider signup/login to properly display the waitlist
modal
- 📝 Enhanced auth-code-error page to detect and display
waitlist-specific errors
- 💬 Added helpful guidance about checking email address and Discord
support link
- 🎯 Consistent waitlist error handling across all auth flows (regular
signup, OAuth, error pages)
## Test Plan
Tested locally by:
1. Attempting signup with non-allowlisted email - modal appears ✅
2. Attempting Google SSO with non-allowlisted account - modal appears ✅
3. Modal shows "Join Waitlist" button that opens
https://agpt.co/waitlist✅
4. Help text about checking email and Discord support is visible ✅
## Screenshots
The new waitlist modal includes:
- Clear "Join the Waitlist" title
- Explanation that platform is in closed beta
- "Join Waitlist" button (opens in new tab)
- Help text about checking email address
- Discord support link for users who need help
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Reinier van der Leer <pwuts@agpt.co>
## Changes 🏗️
We are seeing login and authentication issues in production and staging.
Locally though, the app behaves fine. We also had issues related to the
CAPTCHA in the past.
Our CAPTCHA code is less than ideal, with some heavy `useEffect` that
will load the Turnstile script into the DOM. I have the impression that
is loading the script multiple times ( due to dependencies on the
effects array not being well set ), or the like causing associated login
issues.
Created a new Turnstile component using
[`react-turnstile`](https://docs.page/marsidev/react-turnstile) that is
way simpler and should hopefully be more stable.
I also fixed an issue with the Credits popover layout rendering cropped
on the window.
## Checklist 📋
### For code changes
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Login/logout on the app multiple times with Turnstile ON,
everything is stable
- [x] Credits popover appears on the right place
### For configuration changes:
None
## Changes 🏗️
Moving non-design-system components ( old ) to a `components/__legacy__`
folder 📁 so like this is more obvious for developers that they should
not import them or use them on new features. What is now top-level in
`/components` is what it is actively maintained.
Document some existing components like `<Alert />`. More on this coming
on follow-up PRs.
## Checklist 📋
### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Test and types pass on the CI
- [x] Run app locally, click around, looks good
### For configuration changes:
None
This PR helps us bypass the proxy server in server-side requests,
allowing us to directly send requests to the backend and reduce latency.
### Changes 🏗️
- Introduced server-side detection to dynamically set the base URL for
API requests.
- Added error handling for server-side requests to log failures and
throw errors appropriately.
- Updated header management to include authentication tokens when
applicable.
### Checklist 📋
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] All E2E tests are working.
- [x] I have manually checked the server-side and client-side
components, and both are working perfectly.
## Changes 🏗️
<img width="800" alt="Screenshot 2025-07-07 at 13 16 44"
src="https://github.com/user-attachments/assets/0d404958-d4c9-454d-b71a-9dd677fe0fdc"
/>
<img width="800" alt="Screenshot 2025-07-07 at 13 17 08"
src="https://github.com/user-attachments/assets/1142f6d5-a6af-485d-b42e-98afd26de3ed"
/>
Update the UI of the logged-out pages ( _login, signup,
reset-password..._ ) using the new Design System components, so the app
starts to look a bit more cohesive 💆🏽
Some notes:
- I refactored the `<AuthCard />` components a bit to be easier to use
- I split the render from hook login on login/signup
- I added a couple of modals to improve the UX when logging in with
Google or using non-whitelisted emails
- _see below my comments for more context_
- When there are API errors, they are shown in a toast to prevent the
layout of the form from jumping
- When using the components in the UI, an issue with border-radius, see
comments for an explanation
## Checklist 📋
### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Logout on the platform
- [x] Check the updated Login/Signup/Reset password pages
- [x] The UI looks good and is consistent
- [x] The forms work as expected
## Changes 🏗️
### ESLint Config
1. **Disabled `react-hooks/exhaustive-deps`:**
- to prevent unnecessary dependency proliferation and rely on code
review instead
2. **Added
[`next/typescript`](https://nextjs.org/docs/app/api-reference/config/eslint#with-typescript):**
- to the ESLint config to make sure we also have TS linting rules
3. **Added custom rule for `@typescript-eslint/no-unused-vars`:**
- to allow underscore-prefixed variables (convention for intentionally
unused), in some cases helpful
From now on, whenever we have unused variables or imports, the `lint` CI
will fail 🔴 , thanks to `next/typescript` that adds
`typescript-eslint/no-unused-vars` 💆🏽
### Minor Fixes
- Replaced empty interfaces with type aliases to resolve
`@typescript-eslint/no-empty-object-type` warnings
- Fixed unsafe non-null assertions with proper null checks
- Removed `@ts-ignore` comments in favour of proper type casting ( _when
possible_ 🙏🏽 )
### Google Analytics Component
- Changed Next.js Script strategy from `beforeInteractive` to
`afterInteractive` to resolve Next.js warnings
- this make sure loading analytics does not block page render 🙏🏽 (
_better page load time_ )
### Are these changes safe?
As long as the Typescript compiler does not complain ( check the
`type-check` job ) we should be save. Most changes are removing unused
code, if that code would be used somewhere else the compiler should
catch it and tell us 🫶
I also typed some code when possible, or bypassed the linter when I
thought it was fair for now. I disabled a couple ESLint rules. Most
importantly the `no-explicity-any` one as we have loads of stuff untyped
yet ( _this should be improved once API types are generated for us_ ).
### DX
Added some settings on `.vscode` folder 📁 so that files will be
formatted on save and also ESLint will fix errors on save when able 💯
### 📈 **Result:**
- ✅ All linting errors resolved
- ✅ Improved TypeScript strict mode compliance
- ✅ Better developer experience with cleaner code
## Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Lint CI job passes
- [x] There is not type errors ( _TS will catch issue related to these
changes_ )
## Changes 🏗️
<img width="500" alt="Screenshot 2025-06-05 at 16 24 35"
src="https://github.com/user-attachments/assets/ccf51917-68fb-4538-bfd9-7ab8bc8ce33a"
/>
<br /><br />
- Allow users to sign in or sign up with Google (SSO), via Supabase
- Prevent password login or signup with `@agpt.co` emails
- Refactor/simplify the login/signup page logic by splitting rendering
and hook logic (
[explanation](https://github.com/Significant-Gravitas/AutoGPT/pull/10117#discussion_r2128793394)
)
### Moved the `createUser` logic to the callback
`api.createUser()` was being called **before** the OAuth flow completes.
Here's what's happening. I moved `api.createUser()` from `providerLogin`
to the **callback handler** where the session is established to make
sure it happens once we get the OK from Google session wise.
## Checklist 📋
### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [ ] I have tested my changes according to the test plan:
- [ ] Run this PR on a preview
- [ ] The "Login with Google" button is visible
- [ ] Login/signup with Google works
- [ ] You can't login or signup with password using an `@agpt.co` email
Users were unable to retry login attempts after a failed authentication
because the Turnstile CAPTCHA widget was not properly resetting. This
forced users to refresh the entire page to attempt login again, creating
a terrible user experience.
Root Cause: The useTurnstile hook had several critical issues:
- The reset() function only cleared state when shouldRender was true and
widget existed
- Widget ID tracking was unreliable due to intercepting
window.turnstile.render
- Token wasn't being cleared on verification failures
- State wasn't being reset consistently across error scenarios
Changes 🏗️
<!-- Concisely describe all of the changes made in this pull request:
-->
- Fixed useTurnstile hook reset logic: Modified the reset() function to
always clear all state (token, verified, verifying, error) regardless of
shouldRender condition
- Improved widget ID synchronization: Added setWidgetId prop to the
Turnstile component interface and hook for reliable widget tracking
between component and hook
- Enhanced error handling: Updated handleVerify, handleExpire, and
handleError to properly reset tokens on failures
- Updated all auth components: Added setWidgetId prop to all Turnstile
component usages in login, signup, and password reset pages
- Removed unreliable widget tracking: Eliminated the
window.turnstile.render interception approach in favor of explicit
prop-based communication
Checklist 📋
For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- <!-- Put your test plan here: -->
- [x] Test failed login attempt - CAPTCHA resets properly without page
refresh
- [x] Test failed signup attempt - CAPTCHA resets properly without page
refresh
- [x] Test successful login flow - CAPTCHA works normally
- [x] Test CAPTCHA expiration - State resets correctly
- [x] Test CAPTCHA error scenarios - Error handling works properly
Currently both login and signup page show the same feedback on error on
cloud (join the waitlist).
### Changes 🏗️
Update login&signup feedback for cloud.
- Use cards for login and signup feedback instead of html list
- Make login page show prompt to redirect user to signup
<img width="474" alt="Screenshot 2025-05-07 at 4 01 07 PM"
src="https://github.com/user-attachments/assets/45f189ea-5fea-45bb-89f9-7323418d69ea"
/>
<img width="476" alt="Screenshot 2025-05-07 at 4 03 29 PM"
src="https://github.com/user-attachments/assets/96f4cd7f-f3e6-44b2-b647-96ee98063572"
/>
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Signup&login works with correct credentials
- [x] Signup&login shows correct error message on wrong credentials
- [x] Links work correctly
<!-- Clearly explain the need for these changes: -->
I oopsed and had an extra unneeded parameter (as @majdyz pointed out)
and wasn't respected everywhere it was used.
### Changes 🏗️
<!-- Concisely describe all of the changes made in this pull request:
-->
- Remove parameter
- update all the places AuthFeedback is called
### Checklist 📋
#### For code changes:
- [ ] I have clearly listed my changes in the PR description
- [ ] I have made a test plan
- [ ] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [ ] Test all pages with authfeedback on it
Co-authored-by: Bently <tomnoon9@gmail.com>
<!-- Clearly explain the need for these changes: -->
We keep showing local users error messages that are just not relevant
### Changes 🏗️
Swaps the error messaging logic to be dependent on the behavior of the
specific platform they are on
<!-- Concisely describe all of the changes made in this pull request:
-->
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Test with auth container down (simulates incorrect setup) and
validate that error message is shown
- [x] Try normal path
Reverts Significant-Gravitas/AutoGPT#9570
Some of the styling changes cause issues with existing parts of the
application, and I don't know if partially reverting would cause issues
with the other refactored components/elements.
Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co>
Our application currently uses multiple inconsistent button
implementations across the codebase.
This PR standardizes buttons to use our base Button component that
leverages ShadcN, improving UI consistency, maintainability, and
accessibility.
Resolves: #9567
### Changes 🏗️
- Replaced custom button implementations in various components with our
base Button component and greatly reduced redundant overlapping styles.
- Paired with our designer to streamline our `globals.css` to match the
desired approach.
- Added button variant documentation in Storybook
- Deprecated the obsolete 'primary' class and marked it.
### Screenshots 📷
#### Variants
<img width="466" alt="image"
src="https://github.com/user-attachments/assets/9e4f6360-57ec-4f28-b702-e57252d67def"
/>
<img width="418" alt="image"
src="https://github.com/user-attachments/assets/a9af17dc-e8bc-429d-a9ac-8380e34b9089"
/>
<img width="129" alt="image"
src="https://github.com/user-attachments/assets/2df5d184-bb49-4640-bfb4-879360ca35e6"
/>
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<details>
<summary>Button Consolidation Test Plan</summary>
Visual Verification
- [ ] Verify all button variants (default, destructive, outline,
secondary, ghost, link) render correctly
- [ ] Confirm button styling is consistent across all themes (light,
dark, etc.)
- [ ] Validate that the rounded-full style is applied to appropriate
variants
Functional Testing
- [ ] Test click handlers continue to work on all migrated buttons
- [ ] Verify hover, focus, and active states display correctly on all
buttons
- [ ] Confirm disabled states are working properly
- [ ] Test loading state animations and behavior
Responsive Testing
- [ ] Verify button layouts on mobile devices (< 640px)
- [ ] Confirm button layouts on tablet devices (640px - 1024px)
- [ ] Test button layouts on desktop screens (> 1024px)
</details>
---------
Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co>
- Resolves#9310
### Changes 🏗️
- Make base layout full width and fix its sizing behavior
- Fix navbar overflowing on the right
- Set padding on `/monitoring`
- Make `/login` and `/signup` layouts self-center
### Checklist 📋
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- Check layouts of all pages
- `/signup`
- `/login`
- `/build`
- `/monitoring`
- `/store`
- `/store/profile`
- `/store/dashboard`
- `/store/settings`
---------
Co-authored-by: Zamil Majdy <zamil.majdy@agpt.co>
There are UX and design issues with current auth pages; `login`,
`signup` and `reset_password` (including change password).
### Changes 🏗️
*Missing `s` on the login's password error is fixed.
Important changes in bold.
#### All auth pages
- **Split `/login` into `/signup`**
- UI Redesign that adheres to Figma designs
- General code cleanup and improvements
- Fix feedback: it's now shown when needed and clear (e.g. "~~String~~
Password must be...")
- All action functions use `Sentry.withServerActionInstrumentation`
- `PasswordInput` "eye button" shows password only when mouse button is
hold and doesn't capture tab
#### Login page
- **Removed agree to terms checkbox** (it's only on signup now)
- Move provider login function to `actions.ts`
#### Signup page
- **Requires to type password twice**
- Shows waitlist information on *any* database error
#### Reset password page
- **Password update requires to type password twice**
- **When request to send email is processed then the feedback is:
Password reset email sent if user exists. Please check your email.**
- Email sent feedback is black, error is red
- Move send email and update password functions to `actions.ts`
- Disable button when email is sent
#### Other
- Update zod schema objects and move them to `types/auth`
- Move `components/PasswordInput.tsx` to `/components/auth`
- Make common UI elements separate components in `components/auth`
- Update `yarn.lock` (supabase packages)
- Remove redundant letter in `client.ts`
- Don't log error when user auth is missing in `useSupabase`; user is
simply not logged in
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Form feedback:
- [x] Login works
- [x] Signup works
- [x] Reset email works
- [x] Change password works
- [x] Login works
- [x] Signup works
- [x] Reset email is sent
- [x] Reset email logs user in and redirects to `/reset_password`
- [x] Change password works
- [x] Logout works
- [x] All links across auth pages work
Note: OAuth login providers are disabled and so untested.
<details>
<summary>Example test plan</summary>
- [ ] Create from scratch and execute an agent with at least 3 blocks
- [ ] Import an agent from file upload, and confirm it executes
correctly
- [ ] Upload agent to marketplace
- [ ] Import an agent from marketplace and confirm it executes correctly
- [ ] Edit an agent from monitor, and confirm it executes correctly
</details>
#### For configuration changes:
- [ ] `.env.example` is updated or already compatible with my changes
- [ ] `docker-compose.yml` is updated or already compatible with my
changes
- [ ] I have included a list of my configuration changes in the PR
description (under **Changes**)
<details>
<summary>Examples of configuration changes</summary>
- Changing ports
- Adding new services that need to communicate with each other
- Secrets or environment variable changes
- New or infrastructure changes such as databases
</details>
---------
Co-authored-by: Zamil Majdy <zamil.majdy@agpt.co>
