<!-- Clearly explain the need for these changes: -->
### Changes 🏗️
* Add an enriching email feature toggle for SearchPeopleBlock
* Introduce GetPersonDetailBlock
* Adjust the cost of both blocks
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Execute SearchPeopleBlock & GetPersonDetailBlock
Currently, we don't have a secure way to pass Authorization headers when
calling the `SendWebRequestBlock`.
This hinders the integration of third-party applications that do not yet
have native block support.
### Changes 🏗️
Add Host-scoped credentials support for the newly introduced
SendAuthenticatedWebRequestBlock.
<img width="1000" alt="image"
src="https://github.com/user-attachments/assets/0d3d577a-2b9b-4f0f-9377-0e00a069ba37"
/>
<img width="1000" alt="image"
src="https://github.com/user-attachments/assets/a59b9f16-c89c-453d-a628-1df0dfd60fb5"
/>
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Uses `https://api.openai.com/v1/images/edits` through
SendWebRequestBlock by passing the api-key through host-scoped
credentials.
### Why are these changes needed?
<!-- Clearly explain the need for these changes: -->
These changes document the OAuth integration flow for CASA lvl 2
compliance, specifically addressing the requirement to "Verify
documentation and justification of all the application's trust
boundaries, components, and significant data flows." The documentation
clarifies the two distinct OAuth implementations in AutoGPT: user
authentication via Supabase SSO and API integration credentials for
third-party services.
### Changes 🏗️
<!-- Concisely describe all of the changes made in this pull request:
-->
- Created comprehensive OAuth integration flow documentation at
`/docs/content/platform/contributing/oauth-integration-flow.md`
- Documented trust boundaries between frontend (untrusted), backend API
(trusted), and external providers (semi-trusted)
- Added detailed component architecture for both frontend and backend
OAuth implementations
- Included mermaid diagrams illustrating:
- OAuth flow sequences (initiation, authorization, token refresh)
- System architecture showing SSO vs API integration OAuth
- Data flow diagram
- Security architecture layers
- Credential lifecycle state diagram
- Documented security measures including CSRF protection, PKCE
implementation, and token management
- Clarified the distinction between Supabase SSO for user login and
custom OAuth for API integrations
- Added references to source files for up-to-date provider lists rather
than hard-coding all providers
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Created documentation file with proper markdown formatting
- [x] Verified all file paths referenced in documentation exist
- [x] Confirmed mermaid diagrams render correctly
- [x] Validated that the documentation accurately reflects the codebase
implementation
---------
Co-authored-by: Claude <noreply@anthropic.com>
### Changes 🏗️
- We have implemented some backend changes, so I have added a new,
updated OpenAPI specification.
- We have updated the settings and API keys page to enable us to use
React Query for fetching data.
### Checklist 📋
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Settings and api keys page is working correctly
### Changes 🏗️
Implemented `httpOnly` cookies 🍪 for secure session management 💆🏽
- 🙏🏽 **Moved all API requests to server-side execution** for maximum XSS
protection
- All authentication now happens server-side with `httpOnly` cookies (no
JWT tokens exposed to client)
- Created `proxyApiRequest()` and `proxyFileUpload()` server actions to
handle all communication with API
- Updated `BackendAPI._request()` to always use proxy approach for
consistent security
- 🚧 **Exception: WebSocket authentication** requires client-side token
exposure
- Added `getWebSocketToken()` server action to securely provide tokens
only for WebSocket connections
- Maintains secure architecture while we keep the real-time features
- 🧹 **Abstracted implementation details** into reusable helper functions
- Reduced proxy actions from 157 lines to 48 lines (70% reduction)
- Added flexible content-type support ( _JSON, form-urlencoded, custom_
)
- Enhanced error handling for graceful logout scenarios
- 📙 **Renamed `/reset_password` page to `/reset-password`**
- couldn't resist sorry... snake case URLs get me
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Verify all API requests work through server-side proxy
- [x] Confirm httpOnly cookies prevent client-side JWT access
- [x] Test WebSocket connections work with server-provided tokens
- [x] Verify logout scenarios don't throw authentication errors
- [x] Check file uploads work securely through proxy
- [x] Validate zero breaking changes for existing BackendAPI calls
---------
Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co>
Co-authored-by: Nicholas Tindle <nicktindle@outlook.com>
Co-authored-by: Swifty <craigswift13@gmail.com>
## Changes 🏗️
<img width="800" alt="Screenshot 2025-06-25 at 20 34 38"
src="https://github.com/user-attachments/assets/bfc90504-85b6-4178-9ace-2aa4d14f16b0"
/>
<br /><br />
- To match what is on the AutoGPT design system
- Unit tests commented because they depend on:
https://github.com/Significant-Gravitas/AutoGPT/pull/10243
## Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Run Storybook locally, Badge stories look good
An anti-virus file scan step is added to each file upload step on the
platform before the file is sent to cloud storage or local machine
storage.
### Changes 🏗️
* Added ClamAV service
* Added AV file scan on each upload step
* Added tests & documentation
* Make the step mandatory even on local development
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Tried using FileUploadBlock & AgentFileInputBlock
## Changes 🏗️
<img width="1580" alt="Screenshot 2025-06-25 at 18 11 36"
src="https://github.com/user-attachments/assets/c8b136b6-5897-41fa-a03b-010582c4b879"
/>
<br /><br />
Add a new `<Link />` component that will be the standard when rendering
links on the platform.
It is a wrapper of `next/link` and has an `isExternal` prop; when
supplied `target="_blank"` and `rel="noopener noreferrer"` will be added
to it. It comes with the styles agreed on AutoGPT design system.
## Checklist 📋
### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Run Storybook locally
- [x] Tests pass and the component looks good
## Changes 🏗️
<img width="800" alt="Screenshot 2025-06-25 at 17 52 38"
src="https://github.com/user-attachments/assets/18f859cf-5008-4915-925c-1912ab9cf176"
/>
- Depends on #10235 so that we can test the new Chromatic workflow with
this
- Documents our Skeleton atom which is directly
[shadcn/skeleton](https://ui.shadcn.com/docs/components/skeleton)
## Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Run storybook locally
- [x] The Skeleton stories look good
## Changes 🏗️
<img width="800" alt="Screenshot 2025-06-25 at 13 43 06"
src="https://github.com/user-attachments/assets/13ffd32e-ffa1-482e-91a6-8363ad6b67df"
/>
<br /><br />
- Setup Chromatic ( install + `package.json` command )
- Make it run on the CI
- Remove a lot of old component in Storybook which were broken or need
deign review
- for now we only keep on Storybook what has been ✅ by design
- Remove `test-storybook:ci` commands
- I plan to run tests via Chromatic, but I want to look at that setup on
a separate PR and in a clean state
## 📋 Checklist
### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] The `chromatic` job succeeds on the CI and the changes appear on
Chromatic's dashboard
## Changes 🏗️
The test data script is not working locally, this should fix it 🤞🏽
- Fixed `agentId` → `agentGraphId` field references in preset matching
logic
- Fixed `agentId` → `agentGraphId` field references in store listing
graph lookup
- Added graph uniqueness logic to prevent duplicate library agents per
user
- Improved data consistency by ensuring proper foreign key relationships
## Checklist 📋
### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Verified script runs without database schema errors
- [x] Confirmed foreign key relationships are properly maintained
- [x] Tested that library agents use unique graphs per user
- [x] Validated preset matching uses correct field references
This PR makes several improvements to the `update_library_agent`
endpoint.
- Resolves#10216
### Changes 🏗️
- Add `DELETE /library/agents/{id}` endpoint
- Fix `PUT /library/agents/{id}` endpoint
- Return updated library agent
- Remove `is_deleted` parameter
- Change method from `PUT` to `PATCH`
Also, a small DX improvement:
- Expose `BackendAPI` globally through `window.api` for local dev
purposes
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Deleting library agents works
- Follow-up fix to #10167
- Resolves#10228
### Changes 🏗️
- Don't assume `block.input_schema.jsonschema()["required"]` exists
- Unbreak handling of `webhook_type` in
`BaseWebhooksManager.get_manual_webhook(..)`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- Create an agent with a Generic Webhook Trigger block; go to it in the
Library
- [x] -> `/library/agents/[id]` loads normally
- Follow-up fix to #9862
- Resolves#10097
In #9862, the `AgentExecutorBlock`'s nested input field was renamed from
`data` to `input`, but apparently the frontend also had a reference to
this field and was now broken.
### Changes 🏗️
- Update `getInputPropKey` in `CustomNode` to use `inputs.{key}` instead
of `data.{key}`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- Create an agent with at least one input
- Use the agent with at least one input inside another agent
- Set a default value on the input on the agent block
- Save the graph
- [x] -> default input value is saved
AIImageEditorBlock was not able to accept an image from AgentFileInput
or FileStore block.
### Changes 🏗️
* Add support for image loading for the image editor block:
<img width="1081" alt="Screenshot 2025-06-23 at 10 28 45 AM"
src="https://github.com/user-attachments/assets/ac3fea91-9503-4894-bbe3-2dc3c5649a39"
/>
* Avoid rendering a relative path image file.
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Run AiImageEditor block using AgentFileInput or FileStore block.
This pull request adds support for setting up (webhook-)triggered agents
in the Library. It contains changes throughout the entire stack to make
everything work in the various phases of a triggered agent's lifecycle:
setup, execution, updates, deletion.
Setting up agents with webhook triggers was previously only possible in
the Builder, limiting their use to the agent's creator only. To make it
work in the Library, this change uses the previously introduced
`AgentPreset` to store information on, instead of on the graph's nodes
to which only a graph's creator has access.
- Initial ticket: #10111
- Builds on #9786
### Changes 🏗️
Frontend:
- Amend the Library's `AgentRunDraftView` to handle creating and editing
Presets
- Add `hideIfSingleCredentialAvailable` parameter to `CredentialsInput`
- Add multi-select support to `TypeBasedInput`
- Add Presets section to `AgentRunsSelectorList`
- Amend `AgentRunSummaryCard` for use for Presets
- Add `AgentStatusChip` to display general agent status (for now: Active
/ Inactive / Error)
- Add Preset loading logic and create/update/delete handlers logic to
`AgentRunsPage`
- Rename `IconClose` to `IconCross`
API:
- Add `LibraryAgent` properties `has_external_trigger`,
`trigger_setup_info`, `credentials_input_schema`
- Add `POST /library/agents/{library_agent_id}/setup_trigger` endpoint
- Remove redundant parameters from `POST
/library/presets/{preset_id}/execute` endpoint
Backend:
- Add `POST /library/agents/{library_agent_id}/setup_trigger` endpoint
- Extract non-node-related logic from `on_node_activate` into
`setup_webhook_for_block`
- Add webhook-related logic to `update_preset` and `delete_preset`
endpoints
- Amend webhook infrastructure to work with AgentPresets
- Add preset trigger support to webhook ingress endpoint
- Amend executor stack to work with passed-in node input
(`nodes_input_masks`, generalized from `node_credentials_input_map`)
- Amend graph validation to work with passed-in node input
- Add `AgentPreset`->`IntegrationWebhook` relation
- Add `WebhookWithRelations` model
- Change behavior of `BaseWebhooksManager.get_manual_webhook(..)` to
avoid unnecessary changes of the webhook URL: ignore `events` to find
matching webhook, and update `events` if necessary.
- Fix & improve `AgentPreset` API, models, and DB logic
- Add `isDeleted` filter to get/list queries
- Add `user_id` attribute to `LibraryAgentPreset` model
- Add separate `credentials` property to `LibraryAgentPreset` model
- Fix `library_db.update_preset(..)` replacement of existing
`InputPresets`
- Make `library_db.update_preset(..)` more usage-friendly with separate
parameters for updateable properties
- Add `user_id` checks to various DB functions
- Fix error handling in various endpoints
- Fix cache race condition on `load_webhook_managers()`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- Test existing functionality
- [x] Auto-setup and -teardown of webhooks on save in the builder still
works
- [x] Running an agent normally from the Library still works
- Test new functionality
- [x] Setting up a trigger in the Library
- [x] Updating a trigger in the Library
- [x] Disabling and re-enabling a trigger in the Library
- [x] Deleting a trigger in the Library
- [x] Triggers set up in the Library result in a new run when the
webhook receives a payload
This pull request sets up and configures Orval for API client
generation. It automates the process of creating TypeScript clients from
the backend's OpenAPI specification, improving development efficiency
and reducing manual code maintenance.
### Changes 🏗️
- Configures Orval with a new configuration file (`orval.config.ts`).
- Adds scripts to `package.json` for fetching the OpenAPI spec and
generating the API client.
- Implements a custom mutator for handling authentication.
- Adds API client generation as a step in the CI workflow.
- Adds `.gitignore` entry for generated API client files.
- Adds a security middleware to prevent caching of sensitive data.
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Verified that the API client is generated correctly.
- [x] Confirmed that the custom mutator is functioning as expected for
authentication.
- [x] Ensured that the new CI workflow step for API client generation is
successful.
- [x] Tested generated API calls
#### For configuration changes:
- [x] `.env.example` is updated or already compatible with my changes
- [ ] `docker-compose.yml` is updated or already compatible with my
changes
- [x] I have included a list of my configuration changes in the PR
description (under **Changes**)
Since auto conversion is applied before merging nested input in the
block, it breaks the auto conversion break.
### Changes 🏗️
* Enabling auto-type conversion on block input schema mismatch for
nested input
* Add batching feature for `CreateListBlock`
* Increase default max_token size for LLM call
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Run `AIStructuredResponseGeneratorBlock` with non-string prompt
value (should be auto-converted).
### Changes 🏗️
Add cost calculation for Apollo integration.
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Run Apollo block Search People & Organizations Block.
### Why? 🤔
<!-- Clearly explain the need for these changes: -->
We need to prevent sensitive data (authentication tokens, API
keys, user credentials, personal information) from being cached by
browsers and proxies. Following the principle of "secure by
default", we're switching from a deny list to an allow list
approach for cache control.
### Changes 🛠️
<!-- Concisely describe all of the changes made in this pull
request: -->
- **Refactored cache control middleware from deny list to allow
list approach**
- By default, ALL endpoints now have `Cache-Control: no-store,
no-cache, must-revalidate, private` headers
- Only explicitly allowed paths (static assets, health checks,
public store pages) can be cached
- This ensures new endpoints are automatically protected without
developers having to remember to add them to a list
- **Updated `SecurityHeadersMiddleware` in
`/backend/backend/server/middleware/security.py`**
- Renamed `SENSITIVE_PATHS` to `CACHEABLE_PATHS`
- Inverted the logic in `is_cacheable_path()` method
- Cache control headers are now applied to all paths NOT in the
allow list
- **Updated test suite to match new behavior**
- Tests now verify that most endpoints have cache control
headers by default
- Tests verify that only allowed paths (static assets, health
endpoints, etc.) can be cached
- **Updated documentation in `CLAUDE.md`**
- Documented the new allow list approach
- Added instructions for developers on how to allow caching for
new endpoints
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Test modified endpoints work still
- [x] Test modified endpoints correctly have no cache rules
---------
Co-authored-by: Swifty <craigswift13@gmail.com>
Main issues:
* `AIStructuredResponseGeneratorBlock` is not able to produce a list of
objects.
* `SmartDecisionBlock` is not able to call tools with some optional
inputs.
### Changes 🏗️
* Allow persisting `null` / `None` value as execution output.
* Provide `multiple_tool_calls` option for `SmartDecisionBlock`.
* Provide `list_result` option for `AIStructuredResponseGeneratorBlock`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Run `SmartDecisionBlock` & `AIStructuredResponseGeneratorBlock`
This PR introduces a custom function for generating unique operation IDs
for OpenAPI specifications to improve auto-generated client code
quality.
## Why This Change?
**Better Auto-Generated Clients**: Default FastAPI operation IDs create
unclear method names in generated clients. Our custom generator produces
clean, readable operation IDs that translate to intuitive method names.
- **Before**: `get_items_api_v1_items_get` → unclear generated methods
- **After**: `get_users_list` → clean, descriptive method names
## Changes
- ✨ **Added**: `custom_generate_unique_id` utility function
- Generates IDs using pattern: `{method}_{tag}_{summary}`
- Ensures uniqueness and readability
- 🔧 **Updated**: FastAPI app configuration to use custom generator
## Checklist
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] OpenAPI docs reflect new operation ID format
- [x] Tested various HTTP methods, tags, and summaries
- [x] Verified app startup functionality
- [x] Validated improved client generation output
Current Apollo blocks only work with keywords; the huge number of list
filter fields doesn't work because it's passing the wrong GET parameter
(missing `[]`).
### Changes 🏗️
Change the GET request to a POST request for Apollo.
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Run SearchPeopleBlock with title filter
This PR integrates React Query DevTools and ESLint rules to improve the
development workflow and enforce best practices for data fetching.
### Changes:
- **React Query DevTools:**
- Added the `@tanstack/react-query-devtools` package.
- DevTools are enabled by default in the development environment.
- They can be disabled by setting
`NEXT_PUBLIC_REACT_QUERY_DEVTOOL=false` in your environment variables.
- **ESLint Rules:**
- Integrated `@tanstack/eslint-plugin-query` to enforce best practices
and catch common errors in React Query usage.
- **Configuration:**
- Added the `NEXT_PUBLIC_REACT_QUERY_DEVTOOL` variable to the
`.env.example` file so other developers are aware of this option.
- **Documentation:**
- Updated the `README.md` with instructions on how to toggle the
DevTools using the environment variable.
Configuration Changes Checklist
- `.env.example` has been updated with the new environment variable.
### Checklist
For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Run the app in development with pnpm dev.
- [x] Verified DevTools toggle with environment variables
- [x] Run pnpm lint in the frontend directory.
- [x] Confirm that linting passes on the current codebase.
### Screenshot
<img width="1512" alt="Screenshot 2025-06-19 at 6 32 22 PM"
src="https://github.com/user-attachments/assets/a3defd23-2c3d-4d20-b152-037d85e04503"
/>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Issue -
https://linear.app/autogpt/issue/OPEN-2534/set-up-react-query-for-both-client-side-and-server-side-operations
This update adds react-query to the frontend, enabling efficient data
fetching and caching. It uses a singleton QueryClient on the client for
shared cache, creates a new QueryClient for each server request to
prevent data leaks, and supports server-side prefetching for faster
data.
### Changes
- Add @tanstack/react-query dependency
- Set up QueryClient with default config (except 1m staleTime)
- Wrap app with QueryClientProvider for global access
- Ensure safe client/server QueryClient instantiation
> I only changed the staleTime in the default config because the other
settings work well for general use. For specific cases—like when you
want data to stay fresh unless manually invalidated—you can set
staleTime: Infinity in that query.
### Checklist 📋
For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Ran frontend locally – it’s working fine
### Changes 🏗️
- Adds a new `<Button>` component that mirrors 1:1 what we have in the
design system
- Documented the new component via stories
- Re-arranged the stories in the Storybook sidebar to show the legacy
ones at the end
Once this is merged, we can start updating buttons on the app to only
use this one, so we have a consistent UX 💆🏽
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Run Storybook locally
- [x] Button stories look good ( _in all variants_ )
### Changes 🏗️
Fixes: [Make the default scheduler frequency to daily instead of every
minute
#9985](https://github.com/Significant-Gravitas/AutoGPT/issues/9985)
This simply updates the Schedule Task's default from minute to daily at
09:00 as default time
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Open the Schedule Task UI and see the default is now daily at
09:00
### Changes 🏗️
<img width="800" alt="Screenshot 2025-06-18 at 19 55 24"
src="https://github.com/user-attachments/assets/f3bd662e-cc64-4a32-a030-973b7cf89d8b"
/>
Document the new colour tokens agreed with the design team, and update
the Tailwind theme with them.
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Run Storybook locally
- [x] Verify the colors story renders well and make sense
## Description
Added the `graph_id` parameter to the stop execution endpoint path
(`/graphs/{graph_id}/executions/{graph_exec_id}/stop`) to fix client
generation from Openapi spec error.
## Problem
The client generation was failing due to missing path parameter
definition for `graph_id` in the stop execution endpoint.
<img width="1412" alt="Screenshot 2025-06-19 at 9 20 17 AM"
src="https://github.com/user-attachments/assets/aa1667d3-05be-48c6-975b-84473830ac03"
/>
## Solution
Added `graph_id` as a path parameter while maintaining the existing
functionality.
## Testing
- [x] Verified OpenAPI client generation works without errors
- [x] Confirmed endpoint functionality remains unchanged
- [x] Tested API calls maintain backward compatibility
## Changes 🏗️
Migrate to [Storybook 9](https://storybook.js.org/docs/migration-guide),
changes are mostly from the migration tool:
``` basg
pnpm storybook@latest upgrade
```
On top of that:
- removed stories for [shadcn](https://ui.shadcn.com/) components
- to avoid confusion, shadcn in our base for the component library, and
is already documented on their website
- removed example stories
- regrouped existing `agpt-ui` stories under `Legacy`
- I need to review them and see if they still fit the expected designs
of the platform or not
<img width="600" alt="Screenshot 2025-06-17 at 13 43 57"
src="https://github.com/user-attachments/assets/ca3d9c1b-9dc4-4684-ac77-6259beeb3e1d"
/>
## Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Run `pn storybook` locally
- [x] It works well, and the stories look good
---------
Co-authored-by: Abhimanyu Yadav <122007096+Abhi1992002@users.noreply.github.com>
Request on block execution can be throttled, and requests between
services can sometimes break. The scope of this PR is to add an
appropriate retry on those.
### Changes 🏗️
* Block request retry: Retry on throttled status code only (504, 429,
etc).
* RPC request retry: Retry connection issues (ConnectError, Timeout,
etc).
* Truncate logging on executor/utils.
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Manual graph execution
## Changes 🏗️
### ESLint Config
1. **Disabled `react-hooks/exhaustive-deps`:**
- to prevent unnecessary dependency proliferation and rely on code
review instead
2. **Added
[`next/typescript`](https://nextjs.org/docs/app/api-reference/config/eslint#with-typescript):**
- to the ESLint config to make sure we also have TS linting rules
3. **Added custom rule for `@typescript-eslint/no-unused-vars`:**
- to allow underscore-prefixed variables (convention for intentionally
unused), in some cases helpful
From now on, whenever we have unused variables or imports, the `lint` CI
will fail 🔴 , thanks to `next/typescript` that adds
`typescript-eslint/no-unused-vars` 💆🏽
### Minor Fixes
- Replaced empty interfaces with type aliases to resolve
`@typescript-eslint/no-empty-object-type` warnings
- Fixed unsafe non-null assertions with proper null checks
- Removed `@ts-ignore` comments in favour of proper type casting ( _when
possible_ 🙏🏽 )
### Google Analytics Component
- Changed Next.js Script strategy from `beforeInteractive` to
`afterInteractive` to resolve Next.js warnings
- this make sure loading analytics does not block page render 🙏🏽 (
_better page load time_ )
### Are these changes safe?
As long as the Typescript compiler does not complain ( check the
`type-check` job ) we should be save. Most changes are removing unused
code, if that code would be used somewhere else the compiler should
catch it and tell us 🫶
I also typed some code when possible, or bypassed the linter when I
thought it was fair for now. I disabled a couple ESLint rules. Most
importantly the `no-explicity-any` one as we have loads of stuff untyped
yet ( _this should be improved once API types are generated for us_ ).
### DX
Added some settings on `.vscode` folder 📁 so that files will be
formatted on save and also ESLint will fix errors on save when able 💯
### 📈 **Result:**
- ✅ All linting errors resolved
- ✅ Improved TypeScript strict mode compliance
- ✅ Better developer experience with cleaner code
## Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Lint CI job passes
- [x] There is not type errors ( _TS will catch issue related to these
changes_ )
- Follow-up fix for #9786
A change to a DB statement introduced in #9786 turns out to be breaking.
Apparently `connect` can't just be used for *some* relations: if it is
used, it must be used for *all* relations created by the statement.
### Changes 🏗️
- Fix broken DB statement in `add_store_agent_to_library(..)`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Add store agent to library
Co-authored-by: Swifty <craigswift13@gmail.com>
## Changes 🏗️
### Checklist 📋
<img width="800" alt="Screenshot 2025-06-17 at 14 11 55"
src="https://github.com/user-attachments/assets/61d5a6b9-57f7-4117-bbc6-e78c2cdc5778"
/>
Document the icons for the new design system. With the design team, it
was agreed we will settle on [phosphor
icons](https://phosphoricons.com/), so we will need to migrate
progressively out of `lucide-react`.
### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Run Storybook locally
- [x] Check the icons story and displays well
This change introduced async execution for blocks and the execution
engine. Paralellism will be achieved through a single process
asynchronous execution instead of process concurrency.
### Changes 🏗️
* Support async execution for the graph executor
* Removed process creation for node execution
* Update all blocks to support async executions
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Manual graph executions, tested many of the impacted blocks.
<!-- Clearly explain the need for these changes: -->
Doing the CASA Audit and this is something to check
### Changes 🏗️
- limits APIs to use their specific endpoints
- use expected trusted sources for each block and requests call
- Use cryptographically valid string comparisons
- Don't log secrets
<!-- Concisely describe all of the changes made in this pull request:
-->
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Testing in dev branch once merged
---------
Co-authored-by: Swifty <craigswift13@gmail.com>
<!-- Clearly explain the need for these changes: -->
## Background & Summary of Changes
If a user has a single invalid Agent in their Library (i.e one with a
Block which doesn't exist) currently the Blocks menu does not return any
Agent results.
Valid agents should still load even when some stored graphs are
malformed.
Graphs which are malformed should just be skipped rather than breaking
the entire process, this PR implements that fix, unblocking users with a
malformed Agent in their Library (me!).
## Testing
I have tested this PR in the dev deployment (where I have this issue on
my account) and have confirmed that Agents now show up in the list:
| Before this Change | After this Change |
| ------------------ | ----------------- |
| 
| 
|
## Changes 🏗️
- Validate each graph’s serialization in get_graphs and skip any that
raise an exception
- Added error logging for invalid graphs
## Checklist 📋
For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] poetry run format
- [ ] poetry run test
For configuration changes:
- [x] .env.example is updated or already compatible with my changes
- [x] docker-compose.yml is updated or already compatible with my
changes
- [x] I have included a list of my configuration changes in the PR
description (under Changes)
Fixes [OPEN-2461: Loading a Library Agent with an invalid block causes
all Library Agent Loading to fail in Builder Blocks
Menu](https://linear.app/autogpt/issue/OPEN-2461/loading-a-library-agent-with-an-invalid-block-causes-all-library-agent)
Fixes#9868
This pull request updates the `StoreCard` component in
`autogpt_platform/frontend/src/components/agptui/StoreCard.tsx` to
replace the hardcoded Tailwind CSS class `bg-white` with the more
flexible `bg-background` utility class. This change ensures better
consistency with the application's theming and makes it easier to adapt
to different color schemes, such as light and dark modes.
#### Changes:
- **Before:**
`className="... bg-white ... dark:bg-transparent ..."`
- **After:**
`className="... bg-background ... dark:bg-transparent ..."`
#### Motivation:
- Removes the white background on the cards, which weren't part of the
designs.
No functional or visual changes are expected except for improved support
for custom themes.
---
This PR was entirely generated by an AI Agent.
**Please review and let me know if additional changes are needed!**
Co-authored-by: itsababseh <36419647+itsababseh@users.noreply.github.com>
