mirror of
https://github.com/Significant-Gravitas/AutoGPT.git
synced 2026-04-30 03:00:41 -04:00
cd242dcda788b5077536a3129130c217b3bcce07
1003 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Zamil Majdy
|
cd242dcda7 | Merge branch 'dev' into feat/mcp-blocks | ||
|
Ubbe
|
2a189c44c4 |
fix(frontend): API stream issues leaking into prompt (#12063)
## Changes 🏗️ <img width="800" height="621" alt="Screenshot 2026-02-11 at 19 32 39" src="https://github.com/user-attachments/assets/e97be1a7-972e-4ae0-8dfa-6ade63cf287b" /> When the BE API has an error, prevent it from leaking into the stream and instead handle it gracefully via toast. ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Run the app locally and trust the changes <!-- greptile_comment --> <h2>Greptile Overview</h2> <details><summary><h3>Greptile Summary</h3></summary> This PR fixes an issue where backend API stream errors were leaking into the chat prompt instead of being handled gracefully. The fix involves both backend and frontend changes to ensure error events conform to the AI SDK's strict schema. **Key Changes:** - **Backend (`response_model.py`)**: Added custom `to_sse()` method for `StreamError` that only emits `type` and `errorText` fields, stripping extra fields like `code` and `details` that cause AI SDK validation failures - **Backend (`prompt.py`)**: Added validation step after context compression to remove orphaned tool responses without matching tool calls, preventing "unexpected tool_use_id" API errors - **Frontend (`route.ts`)**: Implemented SSE stream normalization with `normalizeSSEStream()` and `normalizeSSEEvent()` functions to strip non-conforming fields from error events before they reach the AI SDK - **Frontend (`ChatMessagesContainer.tsx`)**: Added toast notifications for errors and improved error display UI with deduplication logic The changes ensure a clean separation between internal error metadata (useful for logging/debugging) and the strict schema required by the AI SDK on the frontend. </details> <details><summary><h3>Confidence Score: 4/5</h3></summary> - This PR is safe to merge with low risk - The changes are well-structured and address a specific bug with proper error handling. The dual-layer approach (backend filtering in `to_sse()` + frontend normalization) provides defense-in-depth. However, the lack of automated tests for the new error normalization logic and the potential for edge cases in SSE parsing prevent a perfect score. - Pay close attention to `autogpt_platform/frontend/src/app/api/chat/sessions/[sessionId]/stream/route.ts` - the SSE normalization logic should be tested with various error scenarios </details> <details><summary><h3>Sequence Diagram</h3></summary> ```mermaid sequenceDiagram participant User participant Frontend as ChatMessagesContainer participant Proxy as /api/chat/.../stream participant Backend as Backend API participant AISDK as AI SDK User->>Frontend: Send message Frontend->>Proxy: POST with message Proxy->>Backend: Forward request with auth Backend->>Backend: Process message alt Success Path Backend->>Proxy: SSE stream (text-delta, etc.) Proxy->>Proxy: normalizeSSEStream (pass through) Proxy->>AISDK: Forward SSE events AISDK->>Frontend: Update messages Frontend->>User: Display response else Error Path Backend->>Backend: StreamError.to_sse() Note over Backend: Only emit {type, errorText} Backend->>Proxy: SSE error event Proxy->>Proxy: normalizeSSEEvent() Note over Proxy: Strip extra fields (code, details) Proxy->>AISDK: {type: "error", errorText: "..."} AISDK->>Frontend: error state updated Frontend->>Frontend: Toast notification (deduplicated) Frontend->>User: Show error UI + toast end ``` </details> <!-- greptile_other_comments_section --> <!-- /greptile_comment --> --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Otto-AGPT <otto@agpt.co> |
||
|
Abhimanyu Yadav
|
508759610f |
fix(frontend): add min-width-0 to ContentCard to prevent overflow (#12060)
### Changes 🏗️ Added `min-w-0` class to the ContentCard component in the ToolAccordion to prevent content overflow issues. This CSS fix ensures that the card properly respects its container width constraints and allows text truncation to work correctly when content is too wide. ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Verified that tool content displays correctly in the accordion - [x] Confirmed that long content properly truncates instead of overflowing - [x] Tested with various screen sizes to ensure responsive behavior #### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] `docker-compose.yml` is updated or already compatible with my changes <!-- greptile_comment --> <h2>Greptile Overview</h2> <details><summary><h3>Greptile Summary</h3></summary> Added `min-w-0` class to `ContentCard` component to fix text truncation overflow in grid layouts. This is a standard CSS fix that allows grid items to shrink below their content size, enabling `truncate` classes on child elements (`ContentCardTitle`, `ContentCardSubtitle`) to work correctly. The fix follows the same pattern already used in `ContentCardHeader` (line 54) and `ToolAccordion` (line 54). </details> <details><summary><h3>Confidence Score: 5/5</h3></summary> - Safe to merge with no risk - Single-line CSS fix that addresses a well-known flexbox/grid layout issue. The change follows existing patterns in the codebase and is thoroughly tested. No logic changes, no breaking changes, no side effects. - No files require special attention </details> <!-- greptile_other_comments_section --> <!-- /greptile_comment --> |
||
|
Zamil Majdy
|
ab0ec3cfe7 | Merge branch 'dev' into feat/mcp-blocks | ||
|
Zamil Majdy
|
3263d50f4b |
refactor(mcp): Use BlockUIType.MCP_TOOL instead of SpecialBlockID checks
Add MCP_TOOL to backend BlockType enum and frontend BlockUIType enum, matching the existing pattern used by AGENT blocks. Replace all SpecialBlockID.MCP_TOOL type-checks with uiType-based checks. |
||
|
Abhimanyu Yadav
|
4df5b7bde7 |
refactor(frontend): remove defaultExpanded prop from ToolAccordion components (#12054)
### Changes - Removed `defaultExpanded` prop from `ToolAccordion` in CreateAgent, EditAgent, RunAgent, and RunBlock components to streamline the code and improve readability. ### Impact - This refactor enhances maintainability by reducing complexity in the component structure while preserving existing functionality. ### Changes 🏗️ - Removed conditional expansion logic from all tool components - Simplified ToolAccordion implementation across all affected components ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Create and run agents with various tools to verify accordion behavior works correctly - [x] Verify that UI components expand and collapse as expected - [x] Test with different output types to ensure proper rendering --------- Co-authored-by: Ubbe <hi@ubbe.dev> Co-authored-by: Lluis Agusti <hi@llu.lu> |
||
|
Reinier van der Leer
|
52650eed1d |
refactor(frontend/auth): Move /copilot auth check to middleware (#12053)
These "is the user authenticated, and should they be?" checks should not be spread across the codebase, it's complex enough as it is. :') - Follow-up to #12050 ### Changes 🏗️ - Revert "fix(frontend): copilot redirect logout (#12050)" - Add `/copilot` to `PROTECTED_PAGES` in `@/lib/supabase/helpers` ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Trivial change, we know this works for other pages |
||
|
Zamil Majdy
|
db038cd0e0 |
fix(tests): Revert oauth_test.py fixture scope changes to fix event loop error
Restores session-scoped fixtures and pytest_asyncio decorators that were accidentally changed, causing "RuntimeError: Event loop is closed" in test_authorize_creates_code_in_database. Also regenerates openapi.json. |
||
|
Ubbe
|
f2ead70f3d |
fix(frontend): copilot redirect logout (#12050)
## Changes 🏗️ Redirect to `/login` if the user is not authenticated and tries to access `/copilot` ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Run the app locally and tested |
||
|
Zamil Majdy
|
6805a4f3c5 | Merge branch 'dev' into feat/mcp-blocks | ||
|
Abhimanyu Yadav
|
7d4c020a9b |
feat(chat): implement AI SDK integration with custom streaming response handling (#11901)
### Changes 🏗️ - Added AI SDK integration for chat streaming with proper message handling - Implemented custom to_sse method in StreamToolOutputAvailable to exclude non-spec fields - Modified stream_chat_completion to reuse message IDs for tool call continuations - Created new Copilot 2.0 UI with AI SDK React components - Added streamdown and related packages for markdown rendering - Built reusable conversation and message components for the chat interface - Added support for tool output display in the chat UI ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Start a new chat session and verify streaming works correctly - [x] Test tool calls and verify they display properly in the UI - [x] Verify message continuations don't create duplicate messages - [x] Test markdown rendering with code blocks and other formatting - [x] Verify the UI is responsive and scrolls correctly #### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] `docker-compose.yml` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**) --------- Co-authored-by: Lluis Agusti <hi@llu.lu> Co-authored-by: Ubbe <hi@ubbe.dev> |
||
|
Zamil Majdy
|
79d6e8e2d7 |
fix(frontend/credentials): Handle stale credential IDs in CredentialsSelect
When a credential is deleted but the node still references its ID, CredentialsSelect now treats the stale ID as unselected and falls back to the first available credential instead of showing the raw ID. |
||
|
Zamil Majdy
|
84809f4b94 |
fix(mcp): Set customized_name at block creation and add pre-run validation
- Set customized_name in metadata when MCP and Agent blocks are created (both legacy and new builder) so titles persist through save/load - Remove convoluted agent_name fallback from NodeHeader and getNodeTitle - Add custom block-level validation in graph pre-run checks so MCP tool arguments are validated before execution - Fix server_name fallback to URL hostname in discover_tools endpoint |
||
|
Zamil Majdy
|
4364a771d4 |
fix(mcp): Validate required tool args and fix title fallback for existing blocks
Backend: Add required-field validation in MCPToolBlock.run() before calling the MCP server. The executor-level validation is bypassed for MCP blocks because get_input_defaults() flattens tool_arguments, stripping tool_input_schema from the validation context. Frontend: NodeHeader now derives the MCP server label from the server URL hostname when server_name is missing (pruned by pruneEmptyValues). This fixes the title for existing blocks that don't have customized_name in metadata. |
||
|
Zamil Majdy
|
4d4ed562f0 |
fix(frontend/mcp): Ensure MCP block title persists across save/refresh
When the MCP server returns a null server_name, fall back to the URL hostname so customized_name is always set in metadata. This prevents the title from degrading to "MCP:" after save and reload. |
||
|
Zamil Majdy
|
8bea7cf875 |
chore(mcp): Remove dev artifacts and simplify credential lookup
- Remove MCP_BLOCK_IMPLEMENTATION.md development doc - Remove console.log debug statements from OAuth callback - Simplify credential lookup to single call (get_creds_by_provider already handles Python 3.13 StrEnum bug via _provider_matches) - Remove unused Credentials import from routes.py |
||
|
Zamil Majdy
|
c1c269c4a9 |
fix(frontend/credentials): Auto-select first credential and persist MCP block title
- CredentialsSelect: default to first available credential instead of "None" when credentials exist, reorder options to show credentials before the "None" option, and notify parent on auto-select - Revert CredentialsGroupedView user auto-select effect (now handled at the CredentialsSelect level) - Block.tsx: persist MCP block title as customized_name in metadata so it survives save/load |
||
|
Zamil Majdy
|
65987ff15e |
fix(frontend/credentials): Auto-select user credentials in run dialog
Add auto-selection for user credentials (like MCP OAuth) in the CredentialsGroupedView run dialog. When exactly one credential matches the provider, type, and discriminator values (e.g. MCP server URL), it is pre-selected instead of defaulting to "None (skip this credential)". |
||
|
Zamil Majdy
|
ed50f7f87d |
fix(mcp): Wire credentials into MCP block form and add auto-lookup fallback
Frontend: Include credentials field in MCP block's dynamic input schema so users can select OAuth credentials from the node form. Separate credentials from tool_arguments in FormCreator to store them at the correct level in hardcodedValues. Backend: Add _auto_lookup_credential fallback in MCPToolBlock.run() for legacy nodes that don't have credentials explicitly set. This resolves the credential by matching mcp_server_url in stored OAuth metadata. |
||
|
Zamil Majdy
|
8a2f98b23c |
fix(mcp): Fix discover_tools test mock and credential auto-unselect
- Add missing `refresh_if_needed` mock to test_discover_tools_auto_uses_stored_credential so it returns the stored credential instead of a MagicMock - Fix credential auto-unselect clearing MCP credentials on initial render: skip the "unselect if not available" check when the saved credentials list is empty (empty list means not loaded yet, not invalid) |
||
|
Zamil Majdy
|
5e2ae3cec5 | Merge branch 'dev' into feat/mcp-blocks | ||
|
Zamil Majdy
|
f8771484fe |
fix(mcp): Fix CI failures and credential validation issues
- Fix pyright errors in graph_test.py by properly typing frozenset[CredentialsType]
- Fix executor validation crash when credentials is empty {} by nullifying
the field before JSON schema validation
- Exclude MCP Tool block from e2e block discovery test (requires dialog)
- Normalize provider string in CredentialsMetaResponse to handle Python 3.13
str(Enum) bug for stored credentials
- Fix get_host() to match MCP provider regardless of enum string format
|
||
|
Zamil Majdy
|
4db27ca112 |
fix(mcp): Auto-select credential and gracefully handle stale IDs
- Auto-select credential when exactly one match exists (even for optional fields). Only skip auto-select for optional fields with multiple choices. - In executor, catch ValueError from creds_manager.acquire() for optional credential fields — fall back to running without credentials instead of crashing when stale IDs reference deleted credentials. |
||
|
Zamil Majdy
|
27ba4e8e93 |
fix(frontend): Remove credential field reordering on selection
The sortByUnsetFirst comparator in splitCredentialFieldsBySystem caused credential inputs to jump positions every time a credential was selected (set fields moved to bottom, unset moved to top). Remove the sort to keep stable ordering. |
||
|
Zamil Majdy
|
4c02cd8f2f |
fix(mcp): Handle optional credentials in graph save and execution validation
- _on_graph_activate: Clear stale credential references for optional
fields instead of blocking the save. Checks both node metadata
(credentials_optional) and block schema (field not in required_fields).
- _validate_node_input_credentials: Use block schema's required_fields
as fallback for credentials_optional check, so MCP blocks with
default={} credentials are properly treated as optional.
- Set credentials_optional metadata on new MCP nodes in the frontend.
|
||
|
Zamil Majdy
|
909f313e1e |
fix(frontend/mcp): Filter credential auto-select by server URL discriminator
Prevent MCP credential cross-contamination where a credential for one server (e.g. Sentry) fills credential fields for other servers (e.g. Linear). Adds matchesDiscriminatorValues() to match credentials by host against discriminator_values from the schema. |
||
|
Zamil Majdy
|
edd9a90903 |
refactor(mcp): Share OAuth popup logic and fix credential persistence
- Extract shared OAuth popup utility (oauth-popup.ts) used by both MCPToolDialog and useCredentialsInput, eliminating ~200 lines of duplicated BroadcastChannel/postMessage/localStorage listener code - Add mcpOAuthCallback to credentials provider so MCP credentials are added to the in-memory cache after OAuth (fixes credentials not appearing in the credential picker after OAuth via MCPToolDialog) - Fix oauth_test.py async fixtures missing loop_scope="session" - Add MCP token refresh handler in creds_manager for dynamic endpoints - Fix enum string representation in CredentialsFieldInfo.combine() |
||
|
Zamil Majdy
|
ba031329e9 |
fix(mcp): Integrate MCPToolBlock with standard credentials system
- Replace manual credential_id field with CredentialsMetaInput pattern - Fix credential deduplication so different MCP server URLs get separate credential entries in the task credentials panel - Add descriptive display names (e.g. "MCP: mcp.sentry.dev") - Fix OAuth popup callback by adding mcp_callback route to middleware exclusion list and adding localStorage polling fallback - Fix SSRF test fixture to patch Requests constructor directly - Add MCP server URL matching for credential auto-assignment - Return CredentialsMetaResponse from MCP OAuth callback - Support MCP-specific OAuth flow in frontend credential input - Filter MCP credentials by server URL in frontend - Add test coverage for credential deduplication logic |
||
|
Zamil Majdy
|
d9269310cc |
fix(frontend/mcp): Loop HTML tag stripping to prevent XSS bypass
The single-pass regex `/<[^>]+>/g` can be bypassed with nested tags like `<scr<script>ipt>`. Loop until no more tags are found. Note: React auto-escapes JSX so this is defense-in-depth. |
||
|
Zamil Majdy
|
340520ba85 |
fix(mcp): OAuth discovery fallback, session ID, credential lookup, and DNS reliability
- Support MCP servers that serve OAuth metadata directly without protected-resource metadata (e.g. Linear) by falling back to discover_auth_server_metadata on the server's own origin - Omit resource_url when no protected-resource metadata exists to avoid token audience mismatch errors (RFC 8707 resource is optional) - Add Mcp-Session-Id header tracking per MCP Streamable HTTP spec - Fall back to server_url credential lookup when credential_id is empty (pruneEmptyValues strips it from saved graphs) - Use ThreadedResolver instead of c-ares AsyncResolver to avoid DNS failures in forked subprocess environments - Simplify OAuth UX: single "Sign in & Connect" button on 401, remove sticky localStorage URL prefill - Clean up stale MCP credentials on re-authentication |
||
|
Zamil Majdy
|
6c2791b00b |
fix(frontend/mcp): Robust OAuth callback with localStorage fallback and popup close detection
BroadcastChannel can silently fail in some browser scenarios. Added: - localStorage as third communication method in callback page - storage event listener in dialog - Popup close detection that checks localStorage directly - Cleaned up auth-required box styling (gray instead of amber) |
||
|
Zamil Majdy
|
d62fde9445 |
fix(mcp): Use manual credential resolution instead of CredentialsField
The block framework's CredentialsField requires credentials to always be present, which doesn't work for public MCP servers. Replace it with a plain credential_id field and manual resolution from the credential store, allowing both authenticated and public MCP servers to work seamlessly. |
||
|
Zamil Majdy
|
03487f7b4d |
fix(frontend/mcp): Remove broken credentials widget and disable auto-connect
- Remove credentials field from MCP dynamic schema since auth is handled by the dialog's OAuth flow (the standard credentials widget doesn't support MCP as a provider and fails with 404) - Simplify FormCreator MCP handling — all form fields are tool arguments - Disable auto-connect on dialog open; pre-fill last URL instead so user can edit before connecting |
||
|
Bently
|
1f4105e8f9 |
fix(frontend): Handle object values in FileInput component (#11948)
Fixes [#11800](https://github.com/Significant-Gravitas/AutoGPT/issues/11800) ## Problem The FileInput component crashed with `TypeError: e.startsWith is not a function` when the value was an object (from external API) instead of a string. ## Example Input Object When using the external API (`/external-api/v1/graphs/{id}/execute/{version}`), file inputs can be passed as objects: ```json { "node_input": { "input_image": { "name": "image.jpeg", "type": "image/jpeg", "size": 131147, "data": "/9j/4QAW..." } } } ``` ## Changes - Updated `getFileLabelFromValue()` to handle object format: `{ name, type, size, data }` - Added type guards for string vs object values - Graceful fallback for edge cases (null, undefined, empty object) ## Test cases verified - Object with name: returns filename - Object with type only: extracts and formats MIME type - String data URI: parses correctly - String file path: extracts extension - Edge cases: returns "File" fallback |
||
|
Zamil Majdy
|
df41d02fce |
feat(frontend/mcp): Add MCP tool discovery UI, OAuth flow, and dynamic block schema
- Add MCPToolDialog with tool discovery, OAuth sign-in, and card-based tool selection - Add OAuth callback route using BroadcastChannel API for popup communication - Add API client methods for MCP discovery, OAuth login, and callback - Register MCP API routes on the backend REST API - Render dynamic input schema for MCP blocks (credentials + tool params) in both legacy and new builder CustomNode components - Nest MCP tool argument values under tool_arguments in hardcodedValues - Display tool name with server name prefix in block header - Add backend route tests for discovery, OAuth login, and callback endpoints |
||
|
dependabot[bot]
|
5dae303ce0 |
chore(frontend/deps): Bump react-window and @types/react-window in /autogpt_platform/frontend (#10943)
Bumps [react-window](https://github.com/bvaughn/react-window) and [@types/react-window](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-window). These dependencies needed to be updated together. Updates `react-window` from 1.8.11 to 2.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bvaughn/react-window/releases">react-window's releases</a>.</em></p> <blockquote> <h2>2.1.0</h2> <p>Improved ARIA support:</p> <ul> <li>Add better default ARIA attributes for outer <code>HTMLDivElement</code></li> <li>Add optional <code>ariaAttributes</code> prop to row and cell renderers to simplify better ARIA attributes for user-rendered cells</li> <li>Remove intermediate <code>HTMLDivElement</code> from <code>List</code> and <code>Grid</code> <ul> <li>This may enable more/better custom CSS styling</li> <li>This may also enable adding an optional <code>children</code> prop to <code>List</code> and <code>Grid</code> for e.g. overlays/tooltips</li> </ul> </li> <li>Add optional <code>tagName</code> prop; defaults to <code>"div"</code> but can be changed to e.g. <code>"ul"</code></li> </ul> <pre lang="tsx"><code>// Example of how to use new `ariaAttributes` prop function RowComponent({ ariaAttributes, index, style, ...rest }: RowComponentProps<object>) { return ( <div style={style} {...ariaAttributes}> ... </div> ); } </code></pre> <p>Added optional <code>children</code> prop to better support edge cases like sticky rows.</p> <p>Minor changes to <code>onRowsRendered</code> and <code>onCellsRendered</code> callbacks to make it easier to differentiate between <em>visible</em> items and items rendered due to overscan settings. These methods will now receive two params– the first for <em>visible</em> rows and the second for <em>all</em> rows (including overscan), e.g.:</p> <pre lang="ts"><code>function onRowsRendered( visibleRows: { startIndex: number; stopIndex: number; }, allRows: { startIndex: number; stopIndex: number; } ): void { // ... } <p>function onCellsRendered(<br /> visibleCells: {<br /> columnStartIndex: number;<br /> columnStopIndex: number;<br /> rowStartIndex: number;<br /> rowStopIndex: number;<br /> </tr></table><br /> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bvaughn/react-window/blob/master/CHANGELOG.md">react-window's changelog</a>.</em></p> <blockquote> <h2>2.1.0</h2> <p>Improved ARIA support:</p> <ul> <li>Add better default ARIA attributes for outer <code>HTMLDivElement</code></li> <li>Add optional <code>ariaAttributes</code> prop to row and cell renderers to simplify better ARIA attributes for user-rendered cells</li> <li>Remove intermediate <code>HTMLDivElement</code> from <code>List</code> and <code>Grid</code> <ul> <li>This may enable more/better custom CSS styling</li> <li>This may also enable adding an optional <code>children</code> prop to <code>List</code> and <code>Grid</code> for e.g. overlays/tooltips</li> </ul> </li> <li>Add optional <code>tagName</code> prop; defaults to <code>"div"</code> but can be changed to e.g. <code>"ul"</code></li> </ul> <pre lang="tsx"><code>// Example of how to use new `ariaAttributes` prop function RowComponent({ ariaAttributes, index, style, ...rest }: RowComponentProps<object>) { return ( <div style={style} {...ariaAttributes}> ... </div> ); } </code></pre> <p>Added optional <code>children</code> prop to better support edge cases like sticky rows.</p> <p>Minor changes to <code>onRowsRendered</code> and <code>onCellsRendered</code> callbacks to make it easier to differentiate between <em>visible</em> items and items rendered due to overscan settings. These methods will now receive two params– the first for <em>visible</em> rows and the second for <em>all</em> rows (including overscan), e.g.:</p> <pre lang="ts"><code>function onRowsRendered( visibleRows: { startIndex: number; stopIndex: number; }, allRows: { startIndex: number; stopIndex: number; } ): void { // ... } <p>function onCellsRendered(<br /> visibleCells: {<br /> columnStartIndex: number;<br /> columnStopIndex: number;<br /> rowStartIndex: number;<br /> </tr></table><br /> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
cd64562e1b |
chore(libs/deps): bump the production-dependencies group across 1 directory with 8 updates (#11934)
Bumps the production-dependencies group with 8 updates in the /autogpt_platform/autogpt_libs directory: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.116.1` | `0.128.0` | | [google-cloud-logging](https://github.com/googleapis/python-logging) | `3.12.1` | `3.13.0` | | [launchdarkly-server-sdk](https://github.com/launchdarkly/python-server-sdk) | `9.12.0` | `9.14.1` | | [pydantic](https://github.com/pydantic/pydantic) | `2.11.7` | `2.12.5` | | [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.10.1` | `2.12.0` | | [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.11.0` | | [supabase](https://github.com/supabase/supabase-py) | `2.16.0` | `2.27.2` | | [uvicorn](https://github.com/Kludex/uvicorn) | `0.35.0` | `0.40.0` | Updates `fastapi` from 0.116.1 to 0.128.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastapi/fastapi/releases">fastapi's releases</a>.</em></p> <blockquote> <h2>0.128.0</h2> <h3>Breaking Changes</h3> <ul> <li>➖ Drop support for <code>pydantic.v1</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14609">#14609</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>✅ Run performance tests only on Pydantic v2. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14608">#14608</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h2>0.127.1</h2> <h3>Refactors</h3> <ul> <li>🔊 Add a custom <code>FastAPIDeprecationWarning</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14605">#14605</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Docs</h3> <ul> <li>📝 Add documentary to website. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14600">#14600</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Translations</h3> <ul> <li>🌐 Update translations for de (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14602">#14602</a> by <a href="https://github.com/nilslindemann"><code>@nilslindemann</code></a>.</li> <li>🌐 Update translations for de (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14581">#14581</a> by <a href="https://github.com/nilslindemann"><code>@nilslindemann</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>🔧 Update pre-commit to use local Ruff instead of hook. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14604">#14604</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>✅ Add missing tests for code examples. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14569">#14569</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> <li>👷 Remove <code>lint</code> job from <code>test</code> CI workflow. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14593">#14593</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> <li>👷 Update secrets check. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14592">#14592</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>👷 Run CodSpeed tests in parallel to other tests to speed up CI. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14586">#14586</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🔨 Update scripts and pre-commit to autofix files. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14585">#14585</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h2>0.127.0</h2> <h3>Breaking Changes</h3> <ul> <li>🔊 Add deprecation warnings when using <code>pydantic.v1</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14583">#14583</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Translations</h3> <ul> <li>🔧 Add LLM prompt file for Korean, generated from the existing translations. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14546">#14546</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🔧 Add LLM prompt file for Japanese, generated from the existing translations. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14545">#14545</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>⬆️ Upgrade OpenAI model for translations to gpt-5.2. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14579">#14579</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h2>0.126.0</h2> <h3>Upgrades</h3> <ul> <li>➖ Drop support for Pydantic v1, keeping short temporary support for Pydantic v2's <code>pydantic.v1</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14575">#14575</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Reinier van der Leer
|
8fddc9d71f |
fix(backend): Reduce GET /api/graphs expense + latency (#11986)
[SECRT-1896: Fix crazy `GET /api/graphs` latency (P95 = 107s)](https://linear.app/autogpt/issue/SECRT-1896) These changes should decrease latency of this endpoint by ~~60-65%~~ a lot. ### Changes 🏗️ - Make `Graph.credentials_input_schema` cheaper by avoiding constructing a new `BlockSchema` subclass - Strip down `GraphMeta` - drop all computed fields - Replace with either `GraphModel` or `GraphModelWithoutNodes` wherever those computed fields are used - Simplify usage in `list_graphs_paginated` and `fetch_graph_from_store_slug` - Refactor and clarify relationships between the different graph models - Split `BaseGraph` into `GraphBaseMeta` + `BaseGraph` - Strip down `Graph` - move `credentials_input_schema` and `aggregate_credentials_inputs` to `GraphModel` - Refactor to eliminate double `aggregate_credentials_inputs()` call in `credentials_input_schema` call tree - Add `GraphModelWithoutNodes` (similar to current `GraphMeta`) ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] `GET /api/graphs` works as it should - [x] Running a graph succeeds - [x] Adding a sub-agent in the Builder works as it should |
||
|
Swifty
|
e7ebe42306 | fix(frontend): Revert ThinkingMessage progress bar delay to original values (#11993) | ||
|
Otto
|
e0fab7e34e |
fix(frontend): Improve clarification answer message formatting (#11985)
## Summary Improves the auto-generated message format when users submit clarification answers in the agent generator. ## Before ``` I have the answers to your questions: keyword_1: User answer 1 keyword_2: User answer 2 Please proceed with creating the agent. ``` <img width="748" height="153" alt="image" src="https://github.com/user-attachments/assets/7231aaab-8ea4-406b-ba31-fa2b6055b82d" /> ## After ``` **Here are my answers:** > What is the primary purpose? User answer 1 > What is the target audience? User answer 2 Please proceed with creating the agent. ``` <img width="619" height="352" alt="image" src="https://github.com/user-attachments/assets/ef8c1fbf-fb60-4488-b51f-407c1b9e3e44" /> ## Changes - Use human-readable question text instead of machine-readable keywords - Use blockquote format for questions (natural "quote and reply" pattern) - Use double newlines for proper Markdown paragraph breaks - Iterate over `message.questions` array to preserve original question order - Move handler inside conditional block for proper TypeScript type narrowing ## Why - The old format was ugly and hard to read (raw keywords, no line breaks) - The new format uses a natural "quoting and replying" pattern - Better readability for both users and the LLM (verified: backend does NOT parse keywords) ## Linear Ticket Fixes [SECRT-1822](https://linear.app/autogpt/issue/SECRT-1822) ## Testing - [ ] Trigger agent creation that requires clarifying questions - [ ] Fill out the form and submit - [ ] Verify message appears with new blockquote format - [ ] Verify questions appear in original order - [ ] Verify agent generation proceeds correctly Co-authored-by: Toran Bruce Richards <toran.richards@gmail.com> |
||
|
Nicholas Tindle
|
85b6520710 |
feat(blocks): Add video editing blocks (#11796)
<!-- Clearly explain the need for these changes: -->
This PR adds general-purpose video editing blocks for the AutoGPT
Platform, enabling automated video production workflows like documentary
creation, marketing videos, tutorial assembly, and content repurposing.
### Changes 🏗️
<!-- Concisely describe all of the changes made in this pull request:
-->
**New blocks added in `backend/blocks/video/`:**
- `VideoDownloadBlock` - Download videos from URLs (YouTube, Vimeo, news
sites, direct links) using yt-dlp
- `VideoClipBlock` - Extract time segments from videos with start/end
time validation
- `VideoConcatBlock` - Merge multiple video clips with optional
transitions (none, crossfade, fade_black)
- `VideoTextOverlayBlock` - Add text overlays/captions with positioning
and timing options
- `VideoNarrationBlock` - Generate AI narration via ElevenLabs and mix
with video audio (replace, mix, or ducking modes)
**Dependencies required:**
- `yt-dlp` - For video downloading
- `moviepy` - For video editing operations
**Implementation details:**
- All blocks follow the SDK pattern with proper error handling and
exception chaining
- Proper resource cleanup in `finally` blocks to prevent memory leaks
- Input validation (e.g., end_time > start_time)
- Test mocks included for CI
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Blocks follow the SDK pattern with
`BlockSchemaInput`/`BlockSchemaOutput`
- [x] Resource cleanup is implemented in `finally` blocks
- [x] Exception chaining is properly implemented
- [x] Input validation is in place
- [x] Test mocks are provided for CI environments
#### For configuration changes:
- [ ] `.env.default` is updated or already compatible with my changes
- [x] `docker-compose.yml` is updated or already compatible with my
changes
- [ ] I have included a list of my configuration changes in the PR
description (under **Changes**)
N/A - No configuration changes required.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Adds new multimedia blocks that invoke ffmpeg/MoviePy and introduces
new external dependencies (plus container packages), which can impact
runtime stability and resource usage; download/overlay blocks are
present but disabled due to sandbox/policy concerns.
>
> **Overview**
> Adds a new `backend.blocks.video` module with general-purpose video
workflow blocks (download, clip, concat w/ transitions, loop, add-audio,
text overlay, and ElevenLabs-powered narration), including shared
utilities for codec selection, filename cleanup, and an ffmpeg-based
chapter-strip workaround for MoviePy.
>
> Extends credentials/config to support ElevenLabs
(`ELEVENLABS_API_KEY`, provider enum, system credentials, and cost
config) and adds new dependencies (`elevenlabs`, `yt-dlp`) plus Docker
runtime packages (`ffmpeg`, `imagemagick`).
>
> Improves file/reference handling end-to-end by embedding MIME types in
`workspace://...#mime` outputs and updating frontend rendering to detect
video vs image from MIME fragments (and broaden supported audio/video
extensions), with optional enhanced output rendering behind a feature
flag in the legacy builder UI.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
Otto
|
11256076d8 |
fix(frontend): Rename "Tasks" tab to "Agents" in navbar (#11982)
## Summary Renames the "Tasks" tab in the navbar to "Agents" per the Figma design. ## Changes - `Navbar.tsx`: Changed label from "Tasks" to "Agents" <img width="1069" height="153" alt="image" src="https://github.com/user-attachments/assets/3869d2a2-9bd9-4346-b650-15dabbdb46c4" /> ## Why - "Tasks" was incorrectly named and confusing for users trying to find their agent builds - Matches the Figma design ## Linear Ticket Fixes [SECRT-1894](https://linear.app/autogpt/issue/SECRT-1894) ## Related - [SECRT-1865](https://linear.app/autogpt/issue/SECRT-1865) - Find and Manage Existing/Unpublished or Recent Agent Builds Is Unintuitive |
||
|
Swifty
|
b121030c94 |
feat(frontend): Add progress indicator during agent generation [SECRT-1883] (#11974)
## Summary - Add asymptotic progress bar that appears during long-running chat tasks - Progress bar shows after 10 seconds with "Working on it..." label and percentage - Uses half-life formula: ~50% at 30s, ~75% at 60s, ~87.5% at 90s, etc. - Creates the classic "game loading bar" effect that never reaches 100% https://github.com/user-attachments/assets/3c59289e-793c-4a08-b3fc-69e1eef28b1f ## Test plan - [x] Start a chat that triggers agent generation - [x] Wait 10+ seconds for the progress bar to appear - [x] Verify progress bar is centered with label and percentage - [x] Verify progress follows expected timing (~50% at 30s) - [x] Verify progress bar disappears when task completes --------- Co-authored-by: Otto <otto@agpt.co> |
||
|
Swifty
|
c22c18374d |
feat(frontend): Add ready-to-test prompt after agent creation [SECRT-1882] (#11975)
## Summary - Add special UI prompt when agent is successfully created in chat - Show "Agent Created Successfully" with agent name - Provide two action buttons: - **Run with example values**: Sends chat message asking AI to run with placeholders - **Run with my inputs**: Opens RunAgentModal for custom input configuration - After run/schedule, automatically send chat message with execution details for AI monitoring https://github.com/user-attachments/assets/b11e118c-de59-4b79-a629-8bd0d52d9161 ## Test plan - [x] Create an agent through chat - [x] Verify "Agent Created Successfully" prompt appears - [x] Click "Run with example values" - verify chat message is sent - [x] Click "Run with my inputs" - verify RunAgentModal opens - [x] Fill inputs and run - verify chat message with execution ID is sent - [x] Fill inputs and schedule - verify chat message with schedule details is sent --------- Co-authored-by: Otto <otto@agpt.co> |
||
|
Reinier van der Leer
|
c1aa684743 |
fix(platform/chat): Filter host-scoped credentials for run_agent tool (#11905)
- Fixes [SECRT-1851: \[Copilot\] `run_agent` tool doesn't filter host-scoped credentials](https://linear.app/autogpt/issue/SECRT-1851) - Follow-up to #11881 ### Changes 🏗️ - Filter host-scoped credentials for `run_agent` tool - Tighten validation on host input field in `HostScopedCredentialsModal` - Use netloc (w/ port) rather than just hostname (w/o port) as host scope ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - Create graph that requires host-scoped credentials to work - Create host-scoped credentials with a *different* host - Try to have Copilot run the graph - [x] -> no matching credentials available - Create new credentials - [x] -> works --------- Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co> |
||
|
Otto
|
7e5b84cc5c |
fix(copilot): update homepage copy to focus on problem discovery (#11956)
## Summary Update the CoPilot homepage to shift from "what do you want to automate?" to "tell me about your problems." This lowers the barrier to engagement by letting users describe their work frustrations instead of requiring them to identify automations themselves. ## Changes | Element | Before | After | |---------|--------|-------| | Headline | "What do you want to automate?" | "Tell me about your work — I'll find what to automate." | | Placeholder | "You can search or just ask - e.g. 'create a blog post outline'" | "What's your role and what eats up most of your day? e.g. 'I'm a real estate agent and I hate...'" | | Button 1 | "Show me what I can automate" | "I don't know where to start, just ask me stuff" | | Button 2 | "Design a custom workflow" | "I do the same thing every week and it's killing me" | | Button 3 | "Help me with content creation" | "Help me find where I'm wasting my time" | | Container | max-w-2xl | max-w-3xl | > **Note on container width:** The `max-w-2xl` → `max-w-3xl` change is just to keep the longer headline on one line. This works but may not be the ideal solution — @lluis-xai should advise on the proper approach. ## Why This Matters The current UX assumes users know what they want to automate. In reality, most users know what frustrates them but can't identify automations. The current screen blocks Otto from starting the discovery conversation that leads to useful recommendations. ## Files Changed - `autogpt_platform/frontend/src/app/(platform)/copilot/page.tsx` — headline, placeholder, container width - `autogpt_platform/frontend/src/app/(platform)/copilot/helpers.ts` — quick action button text Resolves: [SECRT-1876](https://linear.app/autogpt/issue/SECRT-1876) --------- Co-authored-by: Lluis Agusti <hi@llu.lu> |
||
|
Swifty
|
09cb313211 |
fix(frontend): Prevent reflected XSS in OAuth callback route (#11963)
## Summary Fixes a reflected cross-site scripting (XSS) vulnerability in the OAuth callback route. **Security Issue:** https://github.com/Significant-Gravitas/AutoGPT/security/code-scanning/202 ### Vulnerability The OAuth callback route at `frontend/src/app/(platform)/auth/integrations/oauth_callback/route.ts` was writing user-controlled data directly into an HTML response without proper sanitization. This allowed potential attackers to inject malicious scripts via OAuth callback parameters. ### Fix Added a `safeJsonStringify()` function that escapes characters that could break out of the script context: - `<` → `\u003c` - `>` → `\u003e` - `&` → `\u0026` This prevents any user-provided values from being interpreted as HTML/script content when embedded in the response. ### References - [OWASP XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html) - [CWE-79: Improper Neutralization of Input During Web Page Generation](https://cwe.mitre.org/data/definitions/79.html) ## Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Verified the OAuth callback still functions correctly - [x] Confirmed special characters in OAuth responses are properly escaped |
||
|
Krzysztof Czerwinski
|
c026485023 |
feat(frontend): Disable auto-opening wallet (#11961)
<!-- Clearly explain the need for these changes: --> ### Changes 🏗️ - Disable auto-opening Wallet for first time user and on credit increase - Remove no longer needed `lastSeenCredits` state and storage ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Wallet doesn't open automatically |
||
|
Swifty
|
f4bf492f24 |
feat(platform): Add Redis-based SSE reconnection for long-running CoPilot operations (#11877)
## Changes 🏗️
Adds Redis-based SSE reconnection support for long-running CoPilot
operations (like Agent Generator), enabling clients to reconnect and
resume receiving updates after disconnection.
### What this does:
- **Stream Registry** - Redis-backed task tracking with message
persistence via Redis Streams
- **SSE Reconnection** - Clients can reconnect to active tasks using
`task_id` and `last_message_id`
- **Duplicate Message Fix** - Filters out in-progress assistant messages
from session response when active stream exists
- **Completion Consumer** - Handles background task completion
notifications via Redis Streams
### Architecture:
```
1. User sends message → Backend creates task in Redis
2. SSE chunks written to Redis Stream for persistence
3. Client receives chunks via SSE subscription
4. If client disconnects → Task continues in background
5. Client reconnects → GET /sessions/{id} returns active_stream info
6. Client subscribes to /tasks/{task_id}/stream with last_message_id
7. Missed messages replayed from Redis Stream
```
### Key endpoints:
- `GET /sessions/{session_id}` - Returns `active_stream` info if task is
running
- `GET /tasks/{task_id}/stream?last_message_id=X` - SSE endpoint for
reconnection
- `GET /tasks/{task_id}` - Get task status
- `POST /operations/{op_id}/complete` - Webhook for external service
completion
### Duplicate message fix:
When `GET /sessions/{id}` detects an active stream:
1. Filters out the in-progress assistant message from response
2. Returns `last_message_id="0-0"` so client replays stream from
beginning
3. Client receives complete response only through SSE (single source of
truth)
### Frontend changes:
- Task persistence in localStorage for cross-tab reconnection
- Stream event dispatcher handles reconnection flow
- Deduplication logic prevents duplicate messages
### Testing:
- Manual testing of reconnection scenarios
- Verified duplicate message fix works correctly
## Related
- Resolves SSE timeout issues for Agent Generator
- Fixes duplicate message bug on reconnection
|
||
|
Zamil Majdy
|
4878665c66 | Merge branch 'master' into dev |