Merge branch 'dev' into fix/scheduler-thread-dump-debugging

## Summary
Fix critical deadlock issue where scheduler pods would freeze completely
and become unresponsive to health checks, causing pod restarts and stuck
QUEUED executions.

## Root Cause Analysis
The scheduler was using `BlockingScheduler` which blocked the main
thread, and when concurrent jobs deadlocked in the async event loop, the
entire process would freeze - unable to respond to health checks or
process any requests.

From crash analysis:
- At 01:18:00, two jobs started executing concurrently
- At 01:18:01.482, last successful health check
- Process completely froze - no more logs until pod was killed at
01:18:46
- Execution `8174c459-c975-4308-bc01-331ba67f26ab` was created in DB but
never published to RabbitMQ

## Changes Made

### Core Deadlock Fix
- **Switch from BlockingScheduler to BackgroundScheduler**: Prevents
main thread blocking, allows health checks to work even if scheduler
jobs deadlock
- **Make all health_check methods async**: Makes health checks
completely independent of thread pools and more resilient to blocking
operations

### Enhanced Monitoring & Debugging
- **Add execution timing**: Track and log how long each graph execution
takes to create and publish
- **Warn on slow operations**: Alert when operations take >10 seconds,
indicating resource contention
- **Enhanced error logging**: Include elapsed time and exception types
in error messages
- **Better APScheduler event listeners**: Add listeners for missed jobs
and max instances with actionable messages

### Files Modified
- `backend/executor/scheduler.py` - Switch to BackgroundScheduler, async
health_check, timing monitoring
- `backend/util/service.py` - Base async health_check method
- `backend/executor/database.py` - Async health_check override
- `backend/notifications/notifications.py` - Async health_check override

## Test Plan
- [x] All existing tests pass (914 passed, 1 failed unrelated connection
issue)
- [x] Scheduler starts correctly with BackgroundScheduler
- [x] Health checks respond properly under load
- [x] Enhanced logging provides visibility into execution timing

## Impact
- **Prevents pod freezes**: Scheduler remains responsive even when jobs
deadlock
- **Better observability**: Clear visibility into slow operations and
failures
- **No dropped executions**: Jobs won't get stuck in QUEUED state due to
process freezes
- **Faster incident response**: Health checks and logs provide
actionable debugging info

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Claude <noreply@anthropic.com>

.branchlet.json

@@ -1,37 +0,0 @@
-{
-  "worktreeCopyPatterns": [
-    ".env*",
-    ".vscode/**",
-    ".auth/**",
-    ".claude/**",
-    "autogpt_platform/.env*",
-    "autogpt_platform/backend/.env*",
-    "autogpt_platform/frontend/.env*",
-    "autogpt_platform/frontend/.auth/**",
-    "autogpt_platform/db/docker/.env*"
-  ],
-  "worktreeCopyIgnores": [
-    "**/node_modules/**",
-    "**/dist/**",
-    "**/.git/**",
-    "**/Thumbs.db",
-    "**/.DS_Store",
-    "**/.next/**",
-    "**/__pycache__/**",
-    "**/.ruff_cache/**",
-    "**/.pytest_cache/**",
-    "**/*.pyc",
-    "**/playwright-report/**",
-    "**/logs/**",
-    "**/site/**"
-  ],
-  "worktreePathTemplate": "$BASE_PATH.worktree",
-  "postCreateCmd": [
-    "cd autogpt_platform/autogpt_libs && poetry install",
-    "cd autogpt_platform/backend && poetry install && poetry run prisma generate",
-    "cd autogpt_platform/frontend && pnpm install",
-    "cd docs && pip install -r requirements.txt"
-  ],
-  "terminalCommand": "code .",
-  "deleteBranchWithWorktree": false
-}

.claude/skills/vercel-react-best-practices/SKILL.md

@@ -1,125 +0,0 @@
----
-name: vercel-react-best-practices
-description: React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
-license: MIT
-metadata:
-  author: vercel
-  version: "1.0.0"
----
-
-# Vercel React Best Practices
-
-Comprehensive performance optimization guide for React and Next.js applications, maintained by Vercel. Contains 45 rules across 8 categories, prioritized by impact to guide automated refactoring and code generation.
-
-## When to Apply
-
-Reference these guidelines when:
-- Writing new React components or Next.js pages
-- Implementing data fetching (client or server-side)
-- Reviewing code for performance issues
-- Refactoring existing React/Next.js code
-- Optimizing bundle size or load times
-
-## Rule Categories by Priority
-
-| Priority | Category | Impact | Prefix |
-|----------|----------|--------|--------|
-| 1 | Eliminating Waterfalls | CRITICAL | `async-` |
-| 2 | Bundle Size Optimization | CRITICAL | `bundle-` |
-| 3 | Server-Side Performance | HIGH | `server-` |
-| 4 | Client-Side Data Fetching | MEDIUM-HIGH | `client-` |
-| 5 | Re-render Optimization | MEDIUM | `rerender-` |
-| 6 | Rendering Performance | MEDIUM | `rendering-` |
-| 7 | JavaScript Performance | LOW-MEDIUM | `js-` |
-| 8 | Advanced Patterns | LOW | `advanced-` |
-
-## Quick Reference
-
-### 1. Eliminating Waterfalls (CRITICAL)
-
-- `async-defer-await` - Move await into branches where actually used
-- `async-parallel` - Use Promise.all() for independent operations
-- `async-dependencies` - Use better-all for partial dependencies
-- `async-api-routes` - Start promises early, await late in API routes
-- `async-suspense-boundaries` - Use Suspense to stream content
-
-### 2. Bundle Size Optimization (CRITICAL)
-
-- `bundle-barrel-imports` - Import directly, avoid barrel files
-- `bundle-dynamic-imports` - Use next/dynamic for heavy components
-- `bundle-defer-third-party` - Load analytics/logging after hydration
-- `bundle-conditional` - Load modules only when feature is activated
-- `bundle-preload` - Preload on hover/focus for perceived speed
-
-### 3. Server-Side Performance (HIGH)
-
-- `server-cache-react` - Use React.cache() for per-request deduplication
-- `server-cache-lru` - Use LRU cache for cross-request caching
-- `server-serialization` - Minimize data passed to client components
-- `server-parallel-fetching` - Restructure components to parallelize fetches
-- `server-after-nonblocking` - Use after() for non-blocking operations
-
-### 4. Client-Side Data Fetching (MEDIUM-HIGH)
-
-- `client-swr-dedup` - Use SWR for automatic request deduplication
-- `client-event-listeners` - Deduplicate global event listeners
-
-### 5. Re-render Optimization (MEDIUM)
-
-- `rerender-defer-reads` - Don't subscribe to state only used in callbacks
-- `rerender-memo` - Extract expensive work into memoized components
-- `rerender-dependencies` - Use primitive dependencies in effects
-- `rerender-derived-state` - Subscribe to derived booleans, not raw values
-- `rerender-functional-setstate` - Use functional setState for stable callbacks
-- `rerender-lazy-state-init` - Pass function to useState for expensive values
-- `rerender-transitions` - Use startTransition for non-urgent updates
-
-### 6. Rendering Performance (MEDIUM)
-
-- `rendering-animate-svg-wrapper` - Animate div wrapper, not SVG element
-- `rendering-content-visibility` - Use content-visibility for long lists
-- `rendering-hoist-jsx` - Extract static JSX outside components
-- `rendering-svg-precision` - Reduce SVG coordinate precision
-- `rendering-hydration-no-flicker` - Use inline script for client-only data
-- `rendering-activity` - Use Activity component for show/hide
-- `rendering-conditional-render` - Use ternary, not && for conditionals
-
-### 7. JavaScript Performance (LOW-MEDIUM)
-
-- `js-batch-dom-css` - Group CSS changes via classes or cssText
-- `js-index-maps` - Build Map for repeated lookups
-- `js-cache-property-access` - Cache object properties in loops
-- `js-cache-function-results` - Cache function results in module-level Map
-- `js-cache-storage` - Cache localStorage/sessionStorage reads
-- `js-combine-iterations` - Combine multiple filter/map into one loop
-- `js-length-check-first` - Check array length before expensive comparison
-- `js-early-exit` - Return early from functions
-- `js-hoist-regexp` - Hoist RegExp creation outside loops
-- `js-min-max-loop` - Use loop for min/max instead of sort
-- `js-set-map-lookups` - Use Set/Map for O(1) lookups
-- `js-tosorted-immutable` - Use toSorted() for immutability
-
-### 8. Advanced Patterns (LOW)
-
-- `advanced-event-handler-refs` - Store event handlers in refs
-- `advanced-use-latest` - useLatest for stable callback refs
-
-## How to Use
-
-Read individual rule files for detailed explanations and code examples:
-
-```
-rules/async-parallel.md
-rules/bundle-barrel-imports.md
-rules/_sections.md
-```
-
-Each rule file contains:
-- Brief explanation of why it matters
-- Incorrect code example with explanation
-- Correct code example with explanation
-- Additional context and references
-
-## Full Compiled Document
-
-For the complete guide with all rules expanded: `AGENTS.md`

.claude/skills/vercel-react-best-practices/rules/advanced-event-handler-refs.md

@@ -1,55 +0,0 @@
----
-title: Store Event Handlers in Refs
-impact: LOW
-impactDescription: stable subscriptions
-tags: advanced, hooks, refs, event-handlers, optimization
----
-
-## Store Event Handlers in Refs
-
-Store callbacks in refs when used in effects that shouldn't re-subscribe on callback changes.
-
-**Incorrect (re-subscribes on every render):**
-
-```tsx
-function useWindowEvent(event: string, handler: () => void) {
-  useEffect(() => {
-    window.addEventListener(event, handler)
-    return () => window.removeEventListener(event, handler)
-  }, [event, handler])
-}
-```
-
-**Correct (stable subscription):**
-
-```tsx
-function useWindowEvent(event: string, handler: () => void) {
-  const handlerRef = useRef(handler)
-  useEffect(() => {
-    handlerRef.current = handler
-  }, [handler])
-
-  useEffect(() => {
-    const listener = () => handlerRef.current()
-    window.addEventListener(event, listener)
-    return () => window.removeEventListener(event, listener)
-  }, [event])
-}
-```
-
-**Alternative: use `useEffectEvent` if you're on latest React:**
-
-```tsx
-import { useEffectEvent } from 'react'
-
-function useWindowEvent(event: string, handler: () => void) {
-  const onEvent = useEffectEvent(handler)
-
-  useEffect(() => {
-    window.addEventListener(event, onEvent)
-    return () => window.removeEventListener(event, onEvent)
-  }, [event])
-}
-```
-
-`useEffectEvent` provides a cleaner API for the same pattern: it creates a stable function reference that always calls the latest version of the handler.

.claude/skills/vercel-react-best-practices/rules/advanced-use-latest.md

@@ -1,49 +0,0 @@
----
-title: useLatest for Stable Callback Refs
-impact: LOW
-impactDescription: prevents effect re-runs
-tags: advanced, hooks, useLatest, refs, optimization
----
-
-## useLatest for Stable Callback Refs
-
-Access latest values in callbacks without adding them to dependency arrays. Prevents effect re-runs while avoiding stale closures.
-
-**Implementation:**
-
-```typescript
-function useLatest<T>(value: T) {
-  const ref = useRef(value)
-  useEffect(() => {
-    ref.current = value
-  }, [value])
-  return ref
-}
-```
-
-**Incorrect (effect re-runs on every callback change):**
-
-```tsx
-function SearchInput({ onSearch }: { onSearch: (q: string) => void }) {
-  const [query, setQuery] = useState('')
-
-  useEffect(() => {
-    const timeout = setTimeout(() => onSearch(query), 300)
-    return () => clearTimeout(timeout)
-  }, [query, onSearch])
-}
-```
-
-**Correct (stable effect, fresh callback):**
-
-```tsx
-function SearchInput({ onSearch }: { onSearch: (q: string) => void }) {
-  const [query, setQuery] = useState('')
-  const onSearchRef = useLatest(onSearch)
-
-  useEffect(() => {
-    const timeout = setTimeout(() => onSearchRef.current(query), 300)
-    return () => clearTimeout(timeout)
-  }, [query])
-}
-```

.claude/skills/vercel-react-best-practices/rules/async-api-routes.md

@@ -1,38 +0,0 @@
----
-title: Prevent Waterfall Chains in API Routes
-impact: CRITICAL
-impactDescription: 2-10× improvement
-tags: api-routes, server-actions, waterfalls, parallelization
----
-
-## Prevent Waterfall Chains in API Routes
-
-In API routes and Server Actions, start independent operations immediately, even if you don't await them yet.
-
-**Incorrect (config waits for auth, data waits for both):**
-
-```typescript
-export async function GET(request: Request) {
-  const session = await auth()
-  const config = await fetchConfig()
-  const data = await fetchData(session.user.id)
-  return Response.json({ data, config })
-}
-```
-
-**Correct (auth and config start immediately):**
-
-```typescript
-export async function GET(request: Request) {
-  const sessionPromise = auth()
-  const configPromise = fetchConfig()
-  const session = await sessionPromise
-  const [config, data] = await Promise.all([
-    configPromise,
-    fetchData(session.user.id)
-  ])
-  return Response.json({ data, config })
-}
-```
-
-For operations with more complex dependency chains, use `better-all` to automatically maximize parallelism (see Dependency-Based Parallelization).

.claude/skills/vercel-react-best-practices/rules/async-defer-await.md

@@ -1,80 +0,0 @@
----
-title: Defer Await Until Needed
-impact: HIGH
-impactDescription: avoids blocking unused code paths
-tags: async, await, conditional, optimization
----
-
-## Defer Await Until Needed
-
-Move `await` operations into the branches where they're actually used to avoid blocking code paths that don't need them.
-
-**Incorrect (blocks both branches):**
-
-```typescript
-async function handleRequest(userId: string, skipProcessing: boolean) {
-  const userData = await fetchUserData(userId)
-  
-  if (skipProcessing) {
-    // Returns immediately but still waited for userData
-    return { skipped: true }
-  }
-  
-  // Only this branch uses userData
-  return processUserData(userData)
-}
-```
-
-**Correct (only blocks when needed):**
-
-```typescript
-async function handleRequest(userId: string, skipProcessing: boolean) {
-  if (skipProcessing) {
-    // Returns immediately without waiting
-    return { skipped: true }
-  }
-  
-  // Fetch only when needed
-  const userData = await fetchUserData(userId)
-  return processUserData(userData)
-}
-```
-
-**Another example (early return optimization):**
-
-```typescript
-// Incorrect: always fetches permissions
-async function updateResource(resourceId: string, userId: string) {
-  const permissions = await fetchPermissions(userId)
-  const resource = await getResource(resourceId)
-  
-  if (!resource) {
-    return { error: 'Not found' }
-  }
-  
-  if (!permissions.canEdit) {
-    return { error: 'Forbidden' }
-  }
-  
-  return await updateResourceData(resource, permissions)
-}
-
-// Correct: fetches only when needed
-async function updateResource(resourceId: string, userId: string) {
-  const resource = await getResource(resourceId)
-  
-  if (!resource) {
-    return { error: 'Not found' }
-  }
-  
-  const permissions = await fetchPermissions(userId)
-  
-  if (!permissions.canEdit) {
-    return { error: 'Forbidden' }
-  }
-  
-  return await updateResourceData(resource, permissions)
-}
-```
-
-This optimization is especially valuable when the skipped branch is frequently taken, or when the deferred operation is expensive.

.claude/skills/vercel-react-best-practices/rules/async-dependencies.md

@@ -1,36 +0,0 @@
----
-title: Dependency-Based Parallelization
-impact: CRITICAL
-impactDescription: 2-10× improvement
-tags: async, parallelization, dependencies, better-all
----
-
-## Dependency-Based Parallelization
-
-For operations with partial dependencies, use `better-all` to maximize parallelism. It automatically starts each task at the earliest possible moment.
-
-**Incorrect (profile waits for config unnecessarily):**
-
-```typescript
-const [user, config] = await Promise.all([
-  fetchUser(),
-  fetchConfig()
-])
-const profile = await fetchProfile(user.id)
-```
-
-**Correct (config and profile run in parallel):**
-
-```typescript
-import { all } from 'better-all'
-
-const { user, config, profile } = await all({
-  async user() { return fetchUser() },
-  async config() { return fetchConfig() },
-  async profile() {
-    return fetchProfile((await this.$.user).id)
-  }
-})
-```
-
-Reference: [https://github.com/shuding/better-all](https://github.com/shuding/better-all)

.claude/skills/vercel-react-best-practices/rules/async-parallel.md

@@ -1,28 +0,0 @@
----
-title: Promise.all() for Independent Operations
-impact: CRITICAL
-impactDescription: 2-10× improvement
-tags: async, parallelization, promises, waterfalls
----
-
-## Promise.all() for Independent Operations
-
-When async operations have no interdependencies, execute them concurrently using `Promise.all()`.
-
-**Incorrect (sequential execution, 3 round trips):**
-
-```typescript
-const user = await fetchUser()
-const posts = await fetchPosts()
-const comments = await fetchComments()
-```
-
-**Correct (parallel execution, 1 round trip):**
-
-```typescript
-const [user, posts, comments] = await Promise.all([
-  fetchUser(),
-  fetchPosts(),
-  fetchComments()
-])
-```

.claude/skills/vercel-react-best-practices/rules/async-suspense-boundaries.md

@@ -1,99 +0,0 @@
----
-title: Strategic Suspense Boundaries
-impact: HIGH
-impactDescription: faster initial paint
-tags: async, suspense, streaming, layout-shift
----
-
-## Strategic Suspense Boundaries
-
-Instead of awaiting data in async components before returning JSX, use Suspense boundaries to show the wrapper UI faster while data loads.
-
-**Incorrect (wrapper blocked by data fetching):**
-
-```tsx
-async function Page() {
-  const data = await fetchData() // Blocks entire page
-  
-  return (
-    <div>
-      <div>Sidebar</div>
-      <div>Header</div>
-      <div>
-        <DataDisplay data={data} />
-      </div>
-      <div>Footer</div>
-    </div>
-  )
-}
-```
-
-The entire layout waits for data even though only the middle section needs it.
-
-**Correct (wrapper shows immediately, data streams in):**
-
-```tsx
-function Page() {
-  return (
-    <div>
-      <div>Sidebar</div>
-      <div>Header</div>
-      <div>
-        <Suspense fallback={<Skeleton />}>
-          <DataDisplay />
-        </Suspense>
-      </div>
-      <div>Footer</div>
-    </div>
-  )
-}
-
-async function DataDisplay() {
-  const data = await fetchData() // Only blocks this component
-  return <div>{data.content}</div>
-}
-```
-
-Sidebar, Header, and Footer render immediately. Only DataDisplay waits for data.
-
-**Alternative (share promise across components):**
-
-```tsx
-function Page() {
-  // Start fetch immediately, but don't await
-  const dataPromise = fetchData()
-  
-  return (
-    <div>
-      <div>Sidebar</div>
-      <div>Header</div>
-      <Suspense fallback={<Skeleton />}>
-        <DataDisplay dataPromise={dataPromise} />
-        <DataSummary dataPromise={dataPromise} />
-      </Suspense>
-      <div>Footer</div>
-    </div>
-  )
-}
-
-function DataDisplay({ dataPromise }: { dataPromise: Promise<Data> }) {
-  const data = use(dataPromise) // Unwraps the promise
-  return <div>{data.content}</div>
-}
-
-function DataSummary({ dataPromise }: { dataPromise: Promise<Data> }) {
-  const data = use(dataPromise) // Reuses the same promise
-  return <div>{data.summary}</div>
-}
-```
-
-Both components share the same promise, so only one fetch occurs. Layout renders immediately while both components wait together.
-
-**When NOT to use this pattern:**
-
-- Critical data needed for layout decisions (affects positioning)
-- SEO-critical content above the fold
-- Small, fast queries where suspense overhead isn't worth it
-- When you want to avoid layout shift (loading → content jump)
-
-**Trade-off:** Faster initial paint vs potential layout shift. Choose based on your UX priorities.

.claude/skills/vercel-react-best-practices/rules/bundle-barrel-imports.md

@@ -1,59 +0,0 @@
----
-title: Avoid Barrel File Imports
-impact: CRITICAL
-impactDescription: 200-800ms import cost, slow builds
-tags: bundle, imports, tree-shaking, barrel-files, performance
----
-
-## Avoid Barrel File Imports
-
-Import directly from source files instead of barrel files to avoid loading thousands of unused modules. **Barrel files** are entry points that re-export multiple modules (e.g., `index.js` that does `export * from './module'`).
-
-Popular icon and component libraries can have **up to 10,000 re-exports** in their entry file. For many React packages, **it takes 200-800ms just to import them**, affecting both development speed and production cold starts.
-
-**Why tree-shaking doesn't help:** When a library is marked as external (not bundled), the bundler can't optimize it. If you bundle it to enable tree-shaking, builds become substantially slower analyzing the entire module graph.
-
-**Incorrect (imports entire library):**
-
-```tsx
-import { Check, X, Menu } from 'lucide-react'
-// Loads 1,583 modules, takes ~2.8s extra in dev
-// Runtime cost: 200-800ms on every cold start
-
-import { Button, TextField } from '@mui/material'
-// Loads 2,225 modules, takes ~4.2s extra in dev
-```
-
-**Correct (imports only what you need):**
-
-```tsx
-import Check from 'lucide-react/dist/esm/icons/check'
-import X from 'lucide-react/dist/esm/icons/x'
-import Menu from 'lucide-react/dist/esm/icons/menu'
-// Loads only 3 modules (~2KB vs ~1MB)
-
-import Button from '@mui/material/Button'
-import TextField from '@mui/material/TextField'
-// Loads only what you use
-```
-
-**Alternative (Next.js 13.5+):**
-
-```js
-// next.config.js - use optimizePackageImports
-module.exports = {
-  experimental: {
-    optimizePackageImports: ['lucide-react', '@mui/material']
-  }
-}
-
-// Then you can keep the ergonomic barrel imports:
-import { Check, X, Menu } from 'lucide-react'
-// Automatically transformed to direct imports at build time
-```
-
-Direct imports provide 15-70% faster dev boot, 28% faster builds, 40% faster cold starts, and significantly faster HMR.
-
-Libraries commonly affected: `lucide-react`, `@mui/material`, `@mui/icons-material`, `@tabler/icons-react`, `react-icons`, `@headlessui/react`, `@radix-ui/react-*`, `lodash`, `ramda`, `date-fns`, `rxjs`, `react-use`.
-
-Reference: [How we optimized package imports in Next.js](https://vercel.com/blog/how-we-optimized-package-imports-in-next-js)

.claude/skills/vercel-react-best-practices/rules/bundle-conditional.md

@@ -1,31 +0,0 @@
----
-title: Conditional Module Loading
-impact: HIGH
-impactDescription: loads large data only when needed
-tags: bundle, conditional-loading, lazy-loading
----
-
-## Conditional Module Loading
-
-Load large data or modules only when a feature is activated.
-
-**Example (lazy-load animation frames):**
-
-```tsx
-function AnimationPlayer({ enabled }: { enabled: boolean }) {
-  const [frames, setFrames] = useState<Frame[] | null>(null)
-
-  useEffect(() => {
-    if (enabled && !frames && typeof window !== 'undefined') {
-      import('./animation-frames.js')
-        .then(mod => setFrames(mod.frames))
-        .catch(() => setEnabled(false))
-    }
-  }, [enabled, frames])
-
-  if (!frames) return <Skeleton />
-  return <Canvas frames={frames} />
-}
-```
-
-The `typeof window !== 'undefined'` check prevents bundling this module for SSR, optimizing server bundle size and build speed.

.claude/skills/vercel-react-best-practices/rules/bundle-defer-third-party.md

@@ -1,49 +0,0 @@
----
-title: Defer Non-Critical Third-Party Libraries
-impact: MEDIUM
-impactDescription: loads after hydration
-tags: bundle, third-party, analytics, defer
----
-
-## Defer Non-Critical Third-Party Libraries
-
-Analytics, logging, and error tracking don't block user interaction. Load them after hydration.
-
-**Incorrect (blocks initial bundle):**
-
-```tsx
-import { Analytics } from '@vercel/analytics/react'
-
-export default function RootLayout({ children }) {
-  return (
-    <html>
-      <body>
-        {children}
-        <Analytics />
-      </body>
-    </html>
-  )
-}
-```
-
-**Correct (loads after hydration):**
-
-```tsx
-import dynamic from 'next/dynamic'
-
-const Analytics = dynamic(
-  () => import('@vercel/analytics/react').then(m => m.Analytics),
-  { ssr: false }
-)
-
-export default function RootLayout({ children }) {
-  return (
-    <html>
-      <body>
-        {children}
-        <Analytics />
-      </body>
-    </html>
-  )
-}
-```

.claude/skills/vercel-react-best-practices/rules/bundle-dynamic-imports.md

@@ -1,35 +0,0 @@
----
-title: Dynamic Imports for Heavy Components
-impact: CRITICAL
-impactDescription: directly affects TTI and LCP
-tags: bundle, dynamic-import, code-splitting, next-dynamic
----
-
-## Dynamic Imports for Heavy Components
-
-Use `next/dynamic` to lazy-load large components not needed on initial render.
-
-**Incorrect (Monaco bundles with main chunk ~300KB):**
-
-```tsx
-import { MonacoEditor } from './monaco-editor'
-
-function CodePanel({ code }: { code: string }) {
-  return <MonacoEditor value={code} />
-}
-```
-
-**Correct (Monaco loads on demand):**
-
-```tsx
-import dynamic from 'next/dynamic'
-
-const MonacoEditor = dynamic(
-  () => import('./monaco-editor').then(m => m.MonacoEditor),
-  { ssr: false }
-)
-
-function CodePanel({ code }: { code: string }) {
-  return <MonacoEditor value={code} />
-}
-```

.claude/skills/vercel-react-best-practices/rules/bundle-preload.md

@@ -1,50 +0,0 @@
----
-title: Preload Based on User Intent
-impact: MEDIUM
-impactDescription: reduces perceived latency
-tags: bundle, preload, user-intent, hover
----
-
-## Preload Based on User Intent
-
-Preload heavy bundles before they're needed to reduce perceived latency.
-
-**Example (preload on hover/focus):**
-
-```tsx
-function EditorButton({ onClick }: { onClick: () => void }) {
-  const preload = () => {
-    if (typeof window !== 'undefined') {
-      void import('./monaco-editor')
-    }
-  }
-
-  return (
-    <button
-      onMouseEnter={preload}
-      onFocus={preload}
-      onClick={onClick}
-    >
-      Open Editor
-    </button>
-  )
-}
-```
-
-**Example (preload when feature flag is enabled):**
-
-```tsx
-function FlagsProvider({ children, flags }: Props) {
-  useEffect(() => {
-    if (flags.editorEnabled && typeof window !== 'undefined') {
-      void import('./monaco-editor').then(mod => mod.init())
-    }
-  }, [flags.editorEnabled])
-
-  return <FlagsContext.Provider value={flags}>
-    {children}
-  </FlagsContext.Provider>
-}
-```
-
-The `typeof window !== 'undefined'` check prevents bundling preloaded modules for SSR, optimizing server bundle size and build speed.

.claude/skills/vercel-react-best-practices/rules/client-event-listeners.md

@@ -1,74 +0,0 @@
----
-title: Deduplicate Global Event Listeners
-impact: LOW
-impactDescription: single listener for N components
-tags: client, swr, event-listeners, subscription
----
-
-## Deduplicate Global Event Listeners
-
-Use `useSWRSubscription()` to share global event listeners across component instances.
-
-**Incorrect (N instances = N listeners):**
-
-```tsx
-function useKeyboardShortcut(key: string, callback: () => void) {
-  useEffect(() => {
-    const handler = (e: KeyboardEvent) => {
-      if (e.metaKey && e.key === key) {
-        callback()
-      }
-    }
-    window.addEventListener('keydown', handler)
-    return () => window.removeEventListener('keydown', handler)
-  }, [key, callback])
-}
-```
-
-When using the `useKeyboardShortcut` hook multiple times, each instance will register a new listener.
-
-**Correct (N instances = 1 listener):**
-
-```tsx
-import useSWRSubscription from 'swr/subscription'
-
-// Module-level Map to track callbacks per key
-const keyCallbacks = new Map<string, Set<() => void>>()
-
-function useKeyboardShortcut(key: string, callback: () => void) {
-  // Register this callback in the Map
-  useEffect(() => {
-    if (!keyCallbacks.has(key)) {
-      keyCallbacks.set(key, new Set())
-    }
-    keyCallbacks.get(key)!.add(callback)
-
-    return () => {
-      const set = keyCallbacks.get(key)
-      if (set) {
-        set.delete(callback)
-        if (set.size === 0) {
-          keyCallbacks.delete(key)
-        }
-      }
-    }
-  }, [key, callback])
-
-  useSWRSubscription('global-keydown', () => {
-    const handler = (e: KeyboardEvent) => {
-      if (e.metaKey && keyCallbacks.has(e.key)) {
-        keyCallbacks.get(e.key)!.forEach(cb => cb())
-      }
-    }
-    window.addEventListener('keydown', handler)
-    return () => window.removeEventListener('keydown', handler)
-  })
-}
-
-function Profile() {
-  // Multiple shortcuts will share the same listener
-  useKeyboardShortcut('p', () => { /* ... */ }) 
-  useKeyboardShortcut('k', () => { /* ... */ })
-  // ...
-}
-```

.claude/skills/vercel-react-best-practices/rules/client-swr-dedup.md

@@ -1,56 +0,0 @@
----
-title: Use SWR for Automatic Deduplication
-impact: MEDIUM-HIGH
-impactDescription: automatic deduplication
-tags: client, swr, deduplication, data-fetching
----
-
-## Use SWR for Automatic Deduplication
-
-SWR enables request deduplication, caching, and revalidation across component instances.
-
-**Incorrect (no deduplication, each instance fetches):**
-
-```tsx
-function UserList() {
-  const [users, setUsers] = useState([])
-  useEffect(() => {
-    fetch('/api/users')
-      .then(r => r.json())
-      .then(setUsers)
-  }, [])
-}
-```
-
-**Correct (multiple instances share one request):**
-
-```tsx
-import useSWR from 'swr'
-
-function UserList() {
-  const { data: users } = useSWR('/api/users', fetcher)
-}
-```
-
-**For immutable data:**
-
-```tsx
-import { useImmutableSWR } from '@/lib/swr'
-
-function StaticContent() {
-  const { data } = useImmutableSWR('/api/config', fetcher)
-}
-```
-
-**For mutations:**
-
-```tsx
-import { useSWRMutation } from 'swr/mutation'
-
-function UpdateButton() {
-  const { trigger } = useSWRMutation('/api/user', updateUser)
-  return <button onClick={() => trigger()}>Update</button>
-}
-```
-
-Reference: [https://swr.vercel.app](https://swr.vercel.app)

.claude/skills/vercel-react-best-practices/rules/js-batch-dom-css.md

@@ -1,82 +0,0 @@
----
-title: Batch DOM CSS Changes
-impact: MEDIUM
-impactDescription: reduces reflows/repaints
-tags: javascript, dom, css, performance, reflow
----
-
-## Batch DOM CSS Changes
-
-Avoid changing styles one property at a time. Group multiple CSS changes together via classes or `cssText` to minimize browser reflows.
-
-**Incorrect (multiple reflows):**
-
-```typescript
-function updateElementStyles(element: HTMLElement) {
-  // Each line triggers a reflow
-  element.style.width = '100px'
-  element.style.height = '200px'
-  element.style.backgroundColor = 'blue'
-  element.style.border = '1px solid black'
-}
-```
-
-**Correct (add class - single reflow):**
-
-```typescript
-// CSS file
-.highlighted-box {
-  width: 100px;
-  height: 200px;
-  background-color: blue;
-  border: 1px solid black;
-}
-
-// JavaScript
-function updateElementStyles(element: HTMLElement) {
-  element.classList.add('highlighted-box')
-}
-```
-
-**Correct (change cssText - single reflow):**
-
-```typescript
-function updateElementStyles(element: HTMLElement) {
-  element.style.cssText = `
-    width: 100px;
-    height: 200px;
-    background-color: blue;
-    border: 1px solid black;
-  `
-}
-```
-
-**React example:**
-
-```tsx
-// Incorrect: changing styles one by one
-function Box({ isHighlighted }: { isHighlighted: boolean }) {
-  const ref = useRef<HTMLDivElement>(null)
-  
-  useEffect(() => {
-    if (ref.current && isHighlighted) {
-      ref.current.style.width = '100px'
-      ref.current.style.height = '200px'
-      ref.current.style.backgroundColor = 'blue'
-    }
-  }, [isHighlighted])
-  
-  return <div ref={ref}>Content</div>
-}
-
-// Correct: toggle class
-function Box({ isHighlighted }: { isHighlighted: boolean }) {
-  return (
-    <div className={isHighlighted ? 'highlighted-box' : ''}>
-      Content
-    </div>
-  )
-}
-```
-
-Prefer CSS classes over inline styles when possible. Classes are cached by the browser and provide better separation of concerns.

.claude/skills/vercel-react-best-practices/rules/js-cache-function-results.md

@@ -1,80 +0,0 @@
----
-title: Cache Repeated Function Calls
-impact: MEDIUM
-impactDescription: avoid redundant computation
-tags: javascript, cache, memoization, performance
----
-
-## Cache Repeated Function Calls
-
-Use a module-level Map to cache function results when the same function is called repeatedly with the same inputs during render.
-
-**Incorrect (redundant computation):**
-
-```typescript
-function ProjectList({ projects }: { projects: Project[] }) {
-  return (
-    <div>
-      {projects.map(project => {
-        // slugify() called 100+ times for same project names
-        const slug = slugify(project.name)
-        
-        return <ProjectCard key={project.id} slug={slug} />
-      })}
-    </div>
-  )
-}
-```
-
-**Correct (cached results):**
-
-```typescript
-// Module-level cache
-const slugifyCache = new Map<string, string>()
-
-function cachedSlugify(text: string): string {
-  if (slugifyCache.has(text)) {
-    return slugifyCache.get(text)!
-  }
-  const result = slugify(text)
-  slugifyCache.set(text, result)
-  return result
-}
-
-function ProjectList({ projects }: { projects: Project[] }) {
-  return (
-    <div>
-      {projects.map(project => {
-        // Computed only once per unique project name
-        const slug = cachedSlugify(project.name)
-        
-        return <ProjectCard key={project.id} slug={slug} />
-      })}
-    </div>
-  )
-}
-```
-
-**Simpler pattern for single-value functions:**
-
-```typescript
-let isLoggedInCache: boolean | null = null
-
-function isLoggedIn(): boolean {
-  if (isLoggedInCache !== null) {
-    return isLoggedInCache
-  }
-  
-  isLoggedInCache = document.cookie.includes('auth=')
-  return isLoggedInCache
-}
-
-// Clear cache when auth changes
-function onAuthChange() {
-  isLoggedInCache = null
-}
-```
-
-Use a Map (not a hook) so it works everywhere: utilities, event handlers, not just React components.
-
-Reference: [How we made the Vercel Dashboard twice as fast](https://vercel.com/blog/how-we-made-the-vercel-dashboard-twice-as-fast)

.claude/skills/vercel-react-best-practices/rules/js-cache-property-access.md

@@ -1,28 +0,0 @@
----
-title: Cache Property Access in Loops
-impact: LOW-MEDIUM
-impactDescription: reduces lookups
-tags: javascript, loops, optimization, caching
----
-
-## Cache Property Access in Loops
-
-Cache object property lookups in hot paths.
-
-**Incorrect (3 lookups × N iterations):**
-
-```typescript
-for (let i = 0; i < arr.length; i++) {
-  process(obj.config.settings.value)
-}
-```
-
-**Correct (1 lookup total):**
-
-```typescript
-const value = obj.config.settings.value
-const len = arr.length
-for (let i = 0; i < len; i++) {
-  process(value)
-}
-```

.claude/skills/vercel-react-best-practices/rules/js-cache-storage.md

@@ -1,70 +0,0 @@
----
-title: Cache Storage API Calls
-impact: LOW-MEDIUM
-impactDescription: reduces expensive I/O
-tags: javascript, localStorage, storage, caching, performance
----
-
-## Cache Storage API Calls
-
-`localStorage`, `sessionStorage`, and `document.cookie` are synchronous and expensive. Cache reads in memory.
-
-**Incorrect (reads storage on every call):**
-
-```typescript
-function getTheme() {
-  return localStorage.getItem('theme') ?? 'light'
-}
-// Called 10 times = 10 storage reads
-```
-
-**Correct (Map cache):**
-
-```typescript
-const storageCache = new Map<string, string | null>()
-
-function getLocalStorage(key: string) {
-  if (!storageCache.has(key)) {
-    storageCache.set(key, localStorage.getItem(key))
-  }
-  return storageCache.get(key)
-}
-
-function setLocalStorage(key: string, value: string) {
-  localStorage.setItem(key, value)
-  storageCache.set(key, value)  // keep cache in sync
-}
-```
-
-Use a Map (not a hook) so it works everywhere: utilities, event handlers, not just React components.
-
-**Cookie caching:**
-
-```typescript
-let cookieCache: Record<string, string> | null = null
-
-function getCookie(name: string) {
-  if (!cookieCache) {
-    cookieCache = Object.fromEntries(
-      document.cookie.split('; ').map(c => c.split('='))
-    )
-  }
-  return cookieCache[name]
-}
-```
-
-**Important (invalidate on external changes):**
-
-If storage can change externally (another tab, server-set cookies), invalidate cache:
-
-```typescript
-window.addEventListener('storage', (e) => {
-  if (e.key) storageCache.delete(e.key)
-})
-
-document.addEventListener('visibilitychange', () => {
-  if (document.visibilityState === 'visible') {
-    storageCache.clear()
-  }
-})
-```

.claude/skills/vercel-react-best-practices/rules/js-combine-iterations.md

@@ -1,32 +0,0 @@
----
-title: Combine Multiple Array Iterations
-impact: LOW-MEDIUM
-impactDescription: reduces iterations
-tags: javascript, arrays, loops, performance
----
-
-## Combine Multiple Array Iterations
-
-Multiple `.filter()` or `.map()` calls iterate the array multiple times. Combine into one loop.
-
-**Incorrect (3 iterations):**
-
-```typescript
-const admins = users.filter(u => u.isAdmin)
-const testers = users.filter(u => u.isTester)
-const inactive = users.filter(u => !u.isActive)
-```
-
-**Correct (1 iteration):**
-
-```typescript
-const admins: User[] = []
-const testers: User[] = []
-const inactive: User[] = []
-
-for (const user of users) {
-  if (user.isAdmin) admins.push(user)
-  if (user.isTester) testers.push(user)
-  if (!user.isActive) inactive.push(user)
-}
-```

.claude/skills/vercel-react-best-practices/rules/js-early-exit.md

@@ -1,50 +0,0 @@
----
-title: Early Return from Functions
-impact: LOW-MEDIUM
-impactDescription: avoids unnecessary computation
-tags: javascript, functions, optimization, early-return
----
-
-## Early Return from Functions
-
-Return early when result is determined to skip unnecessary processing.
-
-**Incorrect (processes all items even after finding answer):**
-
-```typescript
-function validateUsers(users: User[]) {
-  let hasError = false
-  let errorMessage = ''
-  
-  for (const user of users) {
-    if (!user.email) {
-      hasError = true
-      errorMessage = 'Email required'
-    }
-    if (!user.name) {
-      hasError = true
-      errorMessage = 'Name required'
-    }
-    // Continues checking all users even after error found
-  }
-  
-  return hasError ? { valid: false, error: errorMessage } : { valid: true }
-}
-```
-
-**Correct (returns immediately on first error):**
-
-```typescript
-function validateUsers(users: User[]) {
-  for (const user of users) {
-    if (!user.email) {
-      return { valid: false, error: 'Email required' }
-    }
-    if (!user.name) {
-      return { valid: false, error: 'Name required' }
-    }
-  }
-
-  return { valid: true }
-}
-```

.claude/skills/vercel-react-best-practices/rules/js-hoist-regexp.md

@@ -1,45 +0,0 @@
----
-title: Hoist RegExp Creation
-impact: LOW-MEDIUM
-impactDescription: avoids recreation
-tags: javascript, regexp, optimization, memoization
----
-
-## Hoist RegExp Creation
-
-Don't create RegExp inside render. Hoist to module scope or memoize with `useMemo()`.
-
-**Incorrect (new RegExp every render):**
-
-```tsx
-function Highlighter({ text, query }: Props) {
-  const regex = new RegExp(`(${query})`, 'gi')
-  const parts = text.split(regex)
-  return <>{parts.map((part, i) => ...)}</>
-}
-```
-
-**Correct (memoize or hoist):**
-
-```tsx
-const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
-
-function Highlighter({ text, query }: Props) {
-  const regex = useMemo(
-    () => new RegExp(`(${escapeRegex(query)})`, 'gi'),
-    [query]
-  )
-  const parts = text.split(regex)
-  return <>{parts.map((part, i) => ...)}</>
-}
-```
-
-**Warning (global regex has mutable state):**
-
-Global regex (`/g`) has mutable `lastIndex` state:
-
-```typescript
-const regex = /foo/g
-regex.test('foo')  // true, lastIndex = 3
-regex.test('foo')  // false, lastIndex = 0
-```

.claude/skills/vercel-react-best-practices/rules/js-index-maps.md

@@ -1,37 +0,0 @@
----
-title: Build Index Maps for Repeated Lookups
-impact: LOW-MEDIUM
-impactDescription: 1M ops to 2K ops
-tags: javascript, map, indexing, optimization, performance
----
-
-## Build Index Maps for Repeated Lookups
-
-Multiple `.find()` calls by the same key should use a Map.
-
-**Incorrect (O(n) per lookup):**
-
-```typescript
-function processOrders(orders: Order[], users: User[]) {
-  return orders.map(order => ({
-    ...order,
-    user: users.find(u => u.id === order.userId)
-  }))
-}
-```
-
-**Correct (O(1) per lookup):**
-
-```typescript
-function processOrders(orders: Order[], users: User[]) {
-  const userById = new Map(users.map(u => [u.id, u]))
-
-  return orders.map(order => ({
-    ...order,
-    user: userById.get(order.userId)
-  }))
-}
-```
-
-Build map once (O(n)), then all lookups are O(1).
-For 1000 orders × 1000 users: 1M ops → 2K ops.

.claude/skills/vercel-react-best-practices/rules/js-length-check-first.md

@@ -1,49 +0,0 @@
----
-title: Early Length Check for Array Comparisons
-impact: MEDIUM-HIGH
-impactDescription: avoids expensive operations when lengths differ
-tags: javascript, arrays, performance, optimization, comparison
----
-
-## Early Length Check for Array Comparisons
-
-When comparing arrays with expensive operations (sorting, deep equality, serialization), check lengths first. If lengths differ, the arrays cannot be equal.
-
-In real-world applications, this optimization is especially valuable when the comparison runs in hot paths (event handlers, render loops).
-
-**Incorrect (always runs expensive comparison):**
-
-```typescript
-function hasChanges(current: string[], original: string[]) {
-  // Always sorts and joins, even when lengths differ
-  return current.sort().join() !== original.sort().join()
-}
-```
-
-Two O(n log n) sorts run even when `current.length` is 5 and `original.length` is 100. There is also overhead of joining the arrays and comparing the strings.
-
-**Correct (O(1) length check first):**
-
-```typescript
-function hasChanges(current: string[], original: string[]) {
-  // Early return if lengths differ
-  if (current.length !== original.length) {
-    return true
-  }
-  // Only sort/join when lengths match
-  const currentSorted = current.toSorted()
-  const originalSorted = original.toSorted()
-  for (let i = 0; i < currentSorted.length; i++) {
-    if (currentSorted[i] !== originalSorted[i]) {
-      return true
-    }
-  }
-  return false
-}
-```
-
-This new approach is more efficient because:
-- It avoids the overhead of sorting and joining the arrays when lengths differ
-- It avoids consuming memory for the joined strings (especially important for large arrays)
-- It avoids mutating the original arrays
-- It returns early when a difference is found

.claude/skills/vercel-react-best-practices/rules/js-min-max-loop.md

@@ -1,82 +0,0 @@
----
-title: Use Loop for Min/Max Instead of Sort
-impact: LOW
-impactDescription: O(n) instead of O(n log n)
-tags: javascript, arrays, performance, sorting, algorithms
----
-
-## Use Loop for Min/Max Instead of Sort
-
-Finding the smallest or largest element only requires a single pass through the array. Sorting is wasteful and slower.
-
-**Incorrect (O(n log n) - sort to find latest):**
-
-```typescript
-interface Project {
-  id: string
-  name: string
-  updatedAt: number
-}
-
-function getLatestProject(projects: Project[]) {
-  const sorted = [...projects].sort((a, b) => b.updatedAt - a.updatedAt)
-  return sorted[0]
-}
-```
-
-Sorts the entire array just to find the maximum value.
-
-**Incorrect (O(n log n) - sort for oldest and newest):**
-
-```typescript
-function getOldestAndNewest(projects: Project[]) {
-  const sorted = [...projects].sort((a, b) => a.updatedAt - b.updatedAt)
-  return { oldest: sorted[0], newest: sorted[sorted.length - 1] }
-}
-```
-
-Still sorts unnecessarily when only min/max are needed.
-
-**Correct (O(n) - single loop):**
-
-```typescript
-function getLatestProject(projects: Project[]) {
-  if (projects.length === 0) return null
-  
-  let latest = projects[0]
-  
-  for (let i = 1; i < projects.length; i++) {
-    if (projects[i].updatedAt > latest.updatedAt) {
-      latest = projects[i]
-    }
-  }
-  
-  return latest
-}
-
-function getOldestAndNewest(projects: Project[]) {
-  if (projects.length === 0) return { oldest: null, newest: null }
-  
-  let oldest = projects[0]
-  let newest = projects[0]
-  
-  for (let i = 1; i < projects.length; i++) {
-    if (projects[i].updatedAt < oldest.updatedAt) oldest = projects[i]
-    if (projects[i].updatedAt > newest.updatedAt) newest = projects[i]
-  }
-  
-  return { oldest, newest }
-}
-```
-
-Single pass through the array, no copying, no sorting.
-
-**Alternative (Math.min/Math.max for small arrays):**
-
-```typescript
-const numbers = [5, 2, 8, 1, 9]
-const min = Math.min(...numbers)
-const max = Math.max(...numbers)
-```
-
-This works for small arrays but can be slower for very large arrays due to spread operator limitations. Use the loop approach for reliability.

.claude/skills/vercel-react-best-practices/rules/js-set-map-lookups.md

@@ -1,24 +0,0 @@
----
-title: Use Set/Map for O(1) Lookups
-impact: LOW-MEDIUM
-impactDescription: O(n) to O(1)
-tags: javascript, set, map, data-structures, performance
----
-
-## Use Set/Map for O(1) Lookups
-
-Convert arrays to Set/Map for repeated membership checks.
-
-**Incorrect (O(n) per check):**
-
-```typescript
-const allowedIds = ['a', 'b', 'c', ...]
-items.filter(item => allowedIds.includes(item.id))
-```
-
-**Correct (O(1) per check):**
-
-```typescript
-const allowedIds = new Set(['a', 'b', 'c', ...])
-items.filter(item => allowedIds.has(item.id))
-```

.claude/skills/vercel-react-best-practices/rules/js-tosorted-immutable.md

@@ -1,57 +0,0 @@
----
-title: Use toSorted() Instead of sort() for Immutability
-impact: MEDIUM-HIGH
-impactDescription: prevents mutation bugs in React state
-tags: javascript, arrays, immutability, react, state, mutation
----
-
-## Use toSorted() Instead of sort() for Immutability
-
-`.sort()` mutates the array in place, which can cause bugs with React state and props. Use `.toSorted()` to create a new sorted array without mutation.
-
-**Incorrect (mutates original array):**
-
-```typescript
-function UserList({ users }: { users: User[] }) {
-  // Mutates the users prop array!
-  const sorted = useMemo(
-    () => users.sort((a, b) => a.name.localeCompare(b.name)),
-    [users]
-  )
-  return <div>{sorted.map(renderUser)}</div>
-}
-```
-
-**Correct (creates new array):**
-
-```typescript
-function UserList({ users }: { users: User[] }) {
-  // Creates new sorted array, original unchanged
-  const sorted = useMemo(
-    () => users.toSorted((a, b) => a.name.localeCompare(b.name)),
-    [users]
-  )
-  return <div>{sorted.map(renderUser)}</div>
-}
-```
-
-**Why this matters in React:**
-
-1. Props/state mutations break React's immutability model - React expects props and state to be treated as read-only
-2. Causes stale closure bugs - Mutating arrays inside closures (callbacks, effects) can lead to unexpected behavior
-
-**Browser support (fallback for older browsers):**
-
-`.toSorted()` is available in all modern browsers (Chrome 110+, Safari 16+, Firefox 115+, Node.js 20+). For older environments, use spread operator:
-
-```typescript
-// Fallback for older browsers
-const sorted = [...items].sort((a, b) => a.value - b.value)
-```
-
-**Other immutable array methods:**
-
-- `.toSorted()` - immutable sort
-- `.toReversed()` - immutable reverse
-- `.toSpliced()` - immutable splice
-- `.with()` - immutable element replacement

.claude/skills/vercel-react-best-practices/rules/rendering-activity.md

@@ -1,26 +0,0 @@
----
-title: Use Activity Component for Show/Hide
-impact: MEDIUM
-impactDescription: preserves state/DOM
-tags: rendering, activity, visibility, state-preservation
----
-
-## Use Activity Component for Show/Hide
-
-Use React's `<Activity>` to preserve state/DOM for expensive components that frequently toggle visibility.
-
-**Usage:**
-
-```tsx
-import { Activity } from 'react'
-
-function Dropdown({ isOpen }: Props) {
-  return (
-    <Activity mode={isOpen ? 'visible' : 'hidden'}>
-      <ExpensiveMenu />
-    </Activity>
-  )
-}
-```
-
-Avoids expensive re-renders and state loss.

.claude/skills/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md

@@ -1,47 +0,0 @@
----
-title: Animate SVG Wrapper Instead of SVG Element
-impact: LOW
-impactDescription: enables hardware acceleration
-tags: rendering, svg, css, animation, performance
----
-
-## Animate SVG Wrapper Instead of SVG Element
-
-Many browsers don't have hardware acceleration for CSS3 animations on SVG elements. Wrap SVG in a `<div>` and animate the wrapper instead.
-
-**Incorrect (animating SVG directly - no hardware acceleration):**
-
-```tsx
-function LoadingSpinner() {
-  return (
-    <svg 
-      className="animate-spin"
-      width="24" 
-      height="24" 
-      viewBox="0 0 24 24"
-    >
-      <circle cx="12" cy="12" r="10" stroke="currentColor" />
-    </svg>
-  )
-}
-```
-
-**Correct (animating wrapper div - hardware accelerated):**
-
-```tsx
-function LoadingSpinner() {
-  return (
-    <div className="animate-spin">
-      <svg 
-        width="24" 
-        height="24" 
-        viewBox="0 0 24 24"
-      >
-        <circle cx="12" cy="12" r="10" stroke="currentColor" />
-      </svg>
-    </div>
-  )
-}
-```
-
-This applies to all CSS transforms and transitions (`transform`, `opacity`, `translate`, `scale`, `rotate`). The wrapper div allows browsers to use GPU acceleration for smoother animations.

.claude/skills/vercel-react-best-practices/rules/rendering-conditional-render.md

@@ -1,40 +0,0 @@
----
-title: Use Explicit Conditional Rendering
-impact: LOW
-impactDescription: prevents rendering 0 or NaN
-tags: rendering, conditional, jsx, falsy-values
----
-
-## Use Explicit Conditional Rendering
-
-Use explicit ternary operators (`? :`) instead of `&&` for conditional rendering when the condition can be `0`, `NaN`, or other falsy values that render.
-
-**Incorrect (renders "0" when count is 0):**
-
-```tsx
-function Badge({ count }: { count: number }) {
-  return (
-    <div>
-      {count && <span className="badge">{count}</span>}
-    </div>
-  )
-}
-
-// When count = 0, renders: <div>0</div>
-// When count = 5, renders: <div><span class="badge">5</span></div>
-```
-
-**Correct (renders nothing when count is 0):**
-
-```tsx
-function Badge({ count }: { count: number }) {
-  return (
-    <div>
-      {count > 0 ? <span className="badge">{count}</span> : null}
-    </div>
-  )
-}
-
-// When count = 0, renders: <div></div>
-// When count = 5, renders: <div><span class="badge">5</span></div>
-```

.claude/skills/vercel-react-best-practices/rules/rendering-content-visibility.md

@@ -1,38 +0,0 @@
----
-title: CSS content-visibility for Long Lists
-impact: HIGH
-impactDescription: faster initial render
-tags: rendering, css, content-visibility, long-lists
----
-
-## CSS content-visibility for Long Lists
-
-Apply `content-visibility: auto` to defer off-screen rendering.
-
-**CSS:**
-
-```css
-.message-item {
-  content-visibility: auto;
-  contain-intrinsic-size: 0 80px;
-}
-```
-
-**Example:**
-
-```tsx
-function MessageList({ messages }: { messages: Message[] }) {
-  return (
-    <div className="overflow-y-auto h-screen">
-      {messages.map(msg => (
-        <div key={msg.id} className="message-item">
-          <Avatar user={msg.author} />
-          <div>{msg.content}</div>
-        </div>
-      ))}
-    </div>
-  )
-}
-```
-
-For 1000 messages, browser skips layout/paint for ~990 off-screen items (10× faster initial render).

.claude/skills/vercel-react-best-practices/rules/rendering-hoist-jsx.md

@@ -1,46 +0,0 @@
----
-title: Hoist Static JSX Elements
-impact: LOW
-impactDescription: avoids re-creation
-tags: rendering, jsx, static, optimization
----
-
-## Hoist Static JSX Elements
-
-Extract static JSX outside components to avoid re-creation.
-
-**Incorrect (recreates element every render):**
-
-```tsx
-function LoadingSkeleton() {
-  return <div className="animate-pulse h-20 bg-gray-200" />
-}
-
-function Container() {
-  return (
-    <div>
-      {loading && <LoadingSkeleton />}
-    </div>
-  )
-}
-```
-
-**Correct (reuses same element):**
-
-```tsx
-const loadingSkeleton = (
-  <div className="animate-pulse h-20 bg-gray-200" />
-)
-
-function Container() {
-  return (
-    <div>
-      {loading && loadingSkeleton}
-    </div>
-  )
-}
-```
-
-This is especially helpful for large and static SVG nodes, which can be expensive to recreate on every render.
-
-**Note:** If your project has [React Compiler](https://react.dev/learn/react-compiler) enabled, the compiler automatically hoists static JSX elements and optimizes component re-renders, making manual hoisting unnecessary.

.claude/skills/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md

@@ -1,82 +0,0 @@
----
-title: Prevent Hydration Mismatch Without Flickering
-impact: MEDIUM
-impactDescription: avoids visual flicker and hydration errors
-tags: rendering, ssr, hydration, localStorage, flicker
----
-
-## Prevent Hydration Mismatch Without Flickering
-
-When rendering content that depends on client-side storage (localStorage, cookies), avoid both SSR breakage and post-hydration flickering by injecting a synchronous script that updates the DOM before React hydrates.
-
-**Incorrect (breaks SSR):**
-
-```tsx
-function ThemeWrapper({ children }: { children: ReactNode }) {
-  // localStorage is not available on server - throws error
-  const theme = localStorage.getItem('theme') || 'light'
-  
-  return (
-    <div className={theme}>
-      {children}
-    </div>
-  )
-}
-```
-
-Server-side rendering will fail because `localStorage` is undefined.
-
-**Incorrect (visual flickering):**
-
-```tsx
-function ThemeWrapper({ children }: { children: ReactNode }) {
-  const [theme, setTheme] = useState('light')
-  
-  useEffect(() => {
-    // Runs after hydration - causes visible flash
-    const stored = localStorage.getItem('theme')
-    if (stored) {
-      setTheme(stored)
-    }
-  }, [])
-  
-  return (
-    <div className={theme}>
-      {children}
-    </div>
-  )
-}
-```
-
-Component first renders with default value (`light`), then updates after hydration, causing a visible flash of incorrect content.
-
-**Correct (no flicker, no hydration mismatch):**
-
-```tsx
-function ThemeWrapper({ children }: { children: ReactNode }) {
-  return (
-    <>
-      <div id="theme-wrapper">
-        {children}
-      </div>
-      <script
-        dangerouslySetInnerHTML={{
-          __html: `
-            (function() {
-              try {
-                var theme = localStorage.getItem('theme') || 'light';
-                var el = document.getElementById('theme-wrapper');
-                if (el) el.className = theme;
-              } catch (e) {}
-            })();
-          `,
-        }}
-      />
-    </>
-  )
-}
-```
-
-The inline script executes synchronously before showing the element, ensuring the DOM already has the correct value. No flickering, no hydration mismatch.
-
-This pattern is especially useful for theme toggles, user preferences, authentication states, and any client-only data that should render immediately without flashing default values.

.claude/skills/vercel-react-best-practices/rules/rendering-svg-precision.md

@@ -1,28 +0,0 @@
----
-title: Optimize SVG Precision
-impact: LOW
-impactDescription: reduces file size
-tags: rendering, svg, optimization, svgo
----
-
-## Optimize SVG Precision
-
-Reduce SVG coordinate precision to decrease file size. The optimal precision depends on the viewBox size, but in general reducing precision should be considered.
-
-**Incorrect (excessive precision):**
-
-```svg
-<path d="M 10.293847 20.847362 L 30.938472 40.192837" />
-```
-
-**Correct (1 decimal place):**
-
-```svg
-<path d="M 10.3 20.8 L 30.9 40.2" />
-```
-
-**Automate with SVGO:**
-
-```bash
-npx svgo --precision=1 --multipass icon.svg
-```

.claude/skills/vercel-react-best-practices/rules/rerender-defer-reads.md

@@ -1,39 +0,0 @@
----
-title: Defer State Reads to Usage Point
-impact: MEDIUM
-impactDescription: avoids unnecessary subscriptions
-tags: rerender, searchParams, localStorage, optimization
----
-
-## Defer State Reads to Usage Point
-
-Don't subscribe to dynamic state (searchParams, localStorage) if you only read it inside callbacks.
-
-**Incorrect (subscribes to all searchParams changes):**
-
-```tsx
-function ShareButton({ chatId }: { chatId: string }) {
-  const searchParams = useSearchParams()
-
-  const handleShare = () => {
-    const ref = searchParams.get('ref')
-    shareChat(chatId, { ref })
-  }
-
-  return <button onClick={handleShare}>Share</button>
-}
-```
-
-**Correct (reads on demand, no subscription):**
-
-```tsx
-function ShareButton({ chatId }: { chatId: string }) {
-  const handleShare = () => {
-    const params = new URLSearchParams(window.location.search)
-    const ref = params.get('ref')
-    shareChat(chatId, { ref })
-  }
-
-  return <button onClick={handleShare}>Share</button>
-}
-```

.claude/skills/vercel-react-best-practices/rules/rerender-dependencies.md

@@ -1,45 +0,0 @@
----
-title: Narrow Effect Dependencies
-impact: LOW
-impactDescription: minimizes effect re-runs
-tags: rerender, useEffect, dependencies, optimization
----
-
-## Narrow Effect Dependencies
-
-Specify primitive dependencies instead of objects to minimize effect re-runs.
-
-**Incorrect (re-runs on any user field change):**
-
-```tsx
-useEffect(() => {
-  console.log(user.id)
-}, [user])
-```
-
-**Correct (re-runs only when id changes):**
-
-```tsx
-useEffect(() => {
-  console.log(user.id)
-}, [user.id])
-```
-
-**For derived state, compute outside effect:**
-
-```tsx
-// Incorrect: runs on width=767, 766, 765...
-useEffect(() => {
-  if (width < 768) {
-    enableMobileMode()
-  }
-}, [width])
-
-// Correct: runs only on boolean transition
-const isMobile = width < 768
-useEffect(() => {
-  if (isMobile) {
-    enableMobileMode()
-  }
-}, [isMobile])
-```

.claude/skills/vercel-react-best-practices/rules/rerender-derived-state.md

@@ -1,29 +0,0 @@
----
-title: Subscribe to Derived State
-impact: MEDIUM
-impactDescription: reduces re-render frequency
-tags: rerender, derived-state, media-query, optimization
----
-
-## Subscribe to Derived State
-
-Subscribe to derived boolean state instead of continuous values to reduce re-render frequency.
-
-**Incorrect (re-renders on every pixel change):**
-
-```tsx
-function Sidebar() {
-  const width = useWindowWidth()  // updates continuously
-  const isMobile = width < 768
-  return <nav className={isMobile ? 'mobile' : 'desktop'}>
-}
-```
-
-**Correct (re-renders only when boolean changes):**
-
-```tsx
-function Sidebar() {
-  const isMobile = useMediaQuery('(max-width: 767px)')
-  return <nav className={isMobile ? 'mobile' : 'desktop'}>
-}
-```

.claude/skills/vercel-react-best-practices/rules/rerender-functional-setstate.md

@@ -1,74 +0,0 @@
----
-title: Use Functional setState Updates
-impact: MEDIUM
-impactDescription: prevents stale closures and unnecessary callback recreations
-tags: react, hooks, useState, useCallback, callbacks, closures
----
-
-## Use Functional setState Updates
-
-When updating state based on the current state value, use the functional update form of setState instead of directly referencing the state variable. This prevents stale closures, eliminates unnecessary dependencies, and creates stable callback references.
-
-**Incorrect (requires state as dependency):**
-
-```tsx
-function TodoList() {
-  const [items, setItems] = useState(initialItems)
-  
-  // Callback must depend on items, recreated on every items change
-  const addItems = useCallback((newItems: Item[]) => {
-    setItems([...items, ...newItems])
-  }, [items])  // ❌ items dependency causes recreations
-  
-  // Risk of stale closure if dependency is forgotten
-  const removeItem = useCallback((id: string) => {
-    setItems(items.filter(item => item.id !== id))
-  }, [])  // ❌ Missing items dependency - will use stale items!
-  
-  return <ItemsEditor items={items} onAdd={addItems} onRemove={removeItem} />
-}
-```
-
-The first callback is recreated every time `items` changes, which can cause child components to re-render unnecessarily. The second callback has a stale closure bug—it will always reference the initial `items` value.
-
-**Correct (stable callbacks, no stale closures):**
-
-```tsx
-function TodoList() {
-  const [items, setItems] = useState(initialItems)
-  
-  // Stable callback, never recreated
-  const addItems = useCallback((newItems: Item[]) => {
-    setItems(curr => [...curr, ...newItems])
-  }, [])  // ✅ No dependencies needed
-  
-  // Always uses latest state, no stale closure risk
-  const removeItem = useCallback((id: string) => {
-    setItems(curr => curr.filter(item => item.id !== id))
-  }, [])  // ✅ Safe and stable
-  
-  return <ItemsEditor items={items} onAdd={addItems} onRemove={removeItem} />
-}
-```
-
-**Benefits:**
-
-1. **Stable callback references** - Callbacks don't need to be recreated when state changes
-2. **No stale closures** - Always operates on the latest state value
-3. **Fewer dependencies** - Simplifies dependency arrays and reduces memory leaks
-4. **Prevents bugs** - Eliminates the most common source of React closure bugs
-
-**When to use functional updates:**
-
-- Any setState that depends on the current state value
-- Inside useCallback/useMemo when state is needed
-- Event handlers that reference state
-- Async operations that update state
-
-**When direct updates are fine:**
-
-- Setting state to a static value: `setCount(0)`
-- Setting state from props/arguments only: `setName(newName)`
-- State doesn't depend on previous value
-
-**Note:** If your project has [React Compiler](https://react.dev/learn/react-compiler) enabled, the compiler can automatically optimize some cases, but functional updates are still recommended for correctness and to prevent stale closure bugs.

.claude/skills/vercel-react-best-practices/rules/rerender-lazy-state-init.md

@@ -1,58 +0,0 @@
----
-title: Use Lazy State Initialization
-impact: MEDIUM
-impactDescription: wasted computation on every render
-tags: react, hooks, useState, performance, initialization
----
-
-## Use Lazy State Initialization
-
-Pass a function to `useState` for expensive initial values. Without the function form, the initializer runs on every render even though the value is only used once.
-
-**Incorrect (runs on every render):**
-
-```tsx
-function FilteredList({ items }: { items: Item[] }) {
-  // buildSearchIndex() runs on EVERY render, even after initialization
-  const [searchIndex, setSearchIndex] = useState(buildSearchIndex(items))
-  const [query, setQuery] = useState('')
-  
-  // When query changes, buildSearchIndex runs again unnecessarily
-  return <SearchResults index={searchIndex} query={query} />
-}
-
-function UserProfile() {
-  // JSON.parse runs on every render
-  const [settings, setSettings] = useState(
-    JSON.parse(localStorage.getItem('settings') || '{}')
-  )
-  
-  return <SettingsForm settings={settings} onChange={setSettings} />
-}
-```
-
-**Correct (runs only once):**
-
-```tsx
-function FilteredList({ items }: { items: Item[] }) {
-  // buildSearchIndex() runs ONLY on initial render
-  const [searchIndex, setSearchIndex] = useState(() => buildSearchIndex(items))
-  const [query, setQuery] = useState('')
-  
-  return <SearchResults index={searchIndex} query={query} />
-}
-
-function UserProfile() {
-  // JSON.parse runs only on initial render
-  const [settings, setSettings] = useState(() => {
-    const stored = localStorage.getItem('settings')
-    return stored ? JSON.parse(stored) : {}
-  })
-  
-  return <SettingsForm settings={settings} onChange={setSettings} />
-}
-```
-
-Use lazy initialization when computing initial values from localStorage/sessionStorage, building data structures (indexes, maps), reading from the DOM, or performing heavy transformations.
-
-For simple primitives (`useState(0)`), direct references (`useState(props.value)`), or cheap literals (`useState({})`), the function form is unnecessary.

.claude/skills/vercel-react-best-practices/rules/rerender-memo.md

@@ -1,44 +0,0 @@
----
-title: Extract to Memoized Components
-impact: MEDIUM
-impactDescription: enables early returns
-tags: rerender, memo, useMemo, optimization
----
-
-## Extract to Memoized Components
-
-Extract expensive work into memoized components to enable early returns before computation.
-
-**Incorrect (computes avatar even when loading):**
-
-```tsx
-function Profile({ user, loading }: Props) {
-  const avatar = useMemo(() => {
-    const id = computeAvatarId(user)
-    return <Avatar id={id} />
-  }, [user])
-
-  if (loading) return <Skeleton />
-  return <div>{avatar}</div>
-}
-```
-
-**Correct (skips computation when loading):**
-
-```tsx
-const UserAvatar = memo(function UserAvatar({ user }: { user: User }) {
-  const id = useMemo(() => computeAvatarId(user), [user])
-  return <Avatar id={id} />
-})
-
-function Profile({ user, loading }: Props) {
-  if (loading) return <Skeleton />
-  return (
-    <div>
-      <UserAvatar user={user} />
-    </div>
-  )
-}
-```
-
-**Note:** If your project has [React Compiler](https://react.dev/learn/react-compiler) enabled, manual memoization with `memo()` and `useMemo()` is not necessary. The compiler automatically optimizes re-renders.

.claude/skills/vercel-react-best-practices/rules/rerender-transitions.md

@@ -1,40 +0,0 @@
----
-title: Use Transitions for Non-Urgent Updates
-impact: MEDIUM
-impactDescription: maintains UI responsiveness
-tags: rerender, transitions, startTransition, performance
----
-
-## Use Transitions for Non-Urgent Updates
-
-Mark frequent, non-urgent state updates as transitions to maintain UI responsiveness.
-
-**Incorrect (blocks UI on every scroll):**
-
-```tsx
-function ScrollTracker() {
-  const [scrollY, setScrollY] = useState(0)
-  useEffect(() => {
-    const handler = () => setScrollY(window.scrollY)
-    window.addEventListener('scroll', handler, { passive: true })
-    return () => window.removeEventListener('scroll', handler)
-  }, [])
-}
-```
-
-**Correct (non-blocking updates):**
-
-```tsx
-import { startTransition } from 'react'
-
-function ScrollTracker() {
-  const [scrollY, setScrollY] = useState(0)
-  useEffect(() => {
-    const handler = () => {
-      startTransition(() => setScrollY(window.scrollY))
-    }
-    window.addEventListener('scroll', handler, { passive: true })
-    return () => window.removeEventListener('scroll', handler)
-  }, [])
-}
-```

.claude/skills/vercel-react-best-practices/rules/server-after-nonblocking.md

@@ -1,73 +0,0 @@
----
-title: Use after() for Non-Blocking Operations
-impact: MEDIUM
-impactDescription: faster response times
-tags: server, async, logging, analytics, side-effects
----
-
-## Use after() for Non-Blocking Operations
-
-Use Next.js's `after()` to schedule work that should execute after a response is sent. This prevents logging, analytics, and other side effects from blocking the response.
-
-**Incorrect (blocks response):**
-
-```tsx
-import { logUserAction } from '@/app/utils'
-
-export async function POST(request: Request) {
-  // Perform mutation
-  await updateDatabase(request)
-  
-  // Logging blocks the response
-  const userAgent = request.headers.get('user-agent') || 'unknown'
-  await logUserAction({ userAgent })
-  
-  return new Response(JSON.stringify({ status: 'success' }), {
-    status: 200,
-    headers: { 'Content-Type': 'application/json' }
-  })
-}
-```
-
-**Correct (non-blocking):**
-
-```tsx
-import { after } from 'next/server'
-import { headers, cookies } from 'next/headers'
-import { logUserAction } from '@/app/utils'
-
-export async function POST(request: Request) {
-  // Perform mutation
-  await updateDatabase(request)
-  
-  // Log after response is sent
-  after(async () => {
-    const userAgent = (await headers()).get('user-agent') || 'unknown'
-    const sessionCookie = (await cookies()).get('session-id')?.value || 'anonymous'
-    
-    logUserAction({ sessionCookie, userAgent })
-  })
-  
-  return new Response(JSON.stringify({ status: 'success' }), {
-    status: 200,
-    headers: { 'Content-Type': 'application/json' }
-  })
-}
-```
-
-The response is sent immediately while logging happens in the background.
-
-**Common use cases:**
-
-- Analytics tracking
-- Audit logging
-- Sending notifications
-- Cache invalidation
-- Cleanup tasks
-
-**Important notes:**
-
-- `after()` runs even if the response fails or redirects
-- Works in Server Actions, Route Handlers, and Server Components
-
-Reference: [https://nextjs.org/docs/app/api-reference/functions/after](https://nextjs.org/docs/app/api-reference/functions/after)

.claude/skills/vercel-react-best-practices/rules/server-cache-lru.md

@@ -1,41 +0,0 @@
----
-title: Cross-Request LRU Caching
-impact: HIGH
-impactDescription: caches across requests
-tags: server, cache, lru, cross-request
----
-
-## Cross-Request LRU Caching
-
-`React.cache()` only works within one request. For data shared across sequential requests (user clicks button A then button B), use an LRU cache.
-
-**Implementation:**
-
-```typescript
-import { LRUCache } from 'lru-cache'
-
-const cache = new LRUCache<string, any>({
-  max: 1000,
-  ttl: 5 * 60 * 1000  // 5 minutes
-})
-
-export async function getUser(id: string) {
-  const cached = cache.get(id)
-  if (cached) return cached
-
-  const user = await db.user.findUnique({ where: { id } })
-  cache.set(id, user)
-  return user
-}
-
-// Request 1: DB query, result cached
-// Request 2: cache hit, no DB query
-```
-
-Use when sequential user actions hit multiple endpoints needing the same data within seconds.
-
-**With Vercel's [Fluid Compute](https://vercel.com/docs/fluid-compute):** LRU caching is especially effective because multiple concurrent requests can share the same function instance and cache. This means the cache persists across requests without needing external storage like Redis.
-
-**In traditional serverless:** Each invocation runs in isolation, so consider Redis for cross-process caching.
-
-Reference: [https://github.com/isaacs/node-lru-cache](https://github.com/isaacs/node-lru-cache)

.claude/skills/vercel-react-best-practices/rules/server-cache-react.md

@@ -1,26 +0,0 @@
----
-title: Per-Request Deduplication with React.cache()
-impact: MEDIUM
-impactDescription: deduplicates within request
-tags: server, cache, react-cache, deduplication
----
-
-## Per-Request Deduplication with React.cache()
-
-Use `React.cache()` for server-side request deduplication. Authentication and database queries benefit most.
-
-**Usage:**
-
-```typescript
-import { cache } from 'react'
-
-export const getCurrentUser = cache(async () => {
-  const session = await auth()
-  if (!session?.user?.id) return null
-  return await db.user.findUnique({
-    where: { id: session.user.id }
-  })
-})
-```
-
-Within a single request, multiple calls to `getCurrentUser()` execute the query only once.

.claude/skills/vercel-react-best-practices/rules/server-parallel-fetching.md

@@ -1,79 +0,0 @@
----
-title: Parallel Data Fetching with Component Composition
-impact: CRITICAL
-impactDescription: eliminates server-side waterfalls
-tags: server, rsc, parallel-fetching, composition
----
-
-## Parallel Data Fetching with Component Composition
-
-React Server Components execute sequentially within a tree. Restructure with composition to parallelize data fetching.
-
-**Incorrect (Sidebar waits for Page's fetch to complete):**
-
-```tsx
-export default async function Page() {
-  const header = await fetchHeader()
-  return (
-    <div>
-      <div>{header}</div>
-      <Sidebar />
-    </div>
-  )
-}
-
-async function Sidebar() {
-  const items = await fetchSidebarItems()
-  return <nav>{items.map(renderItem)}</nav>
-}
-```
-
-**Correct (both fetch simultaneously):**
-
-```tsx
-async function Header() {
-  const data = await fetchHeader()
-  return <div>{data}</div>
-}
-
-async function Sidebar() {
-  const items = await fetchSidebarItems()
-  return <nav>{items.map(renderItem)}</nav>
-}
-
-export default function Page() {
-  return (
-    <div>
-      <Header />
-      <Sidebar />
-    </div>
-  )
-}
-```
-
-**Alternative with children prop:**
-
-```tsx
-async function Layout({ children }: { children: ReactNode }) {
-  const header = await fetchHeader()
-  return (
-    <div>
-      <div>{header}</div>
-      {children}
-    </div>
-  )
-}
-
-async function Sidebar() {
-  const items = await fetchSidebarItems()
-  return <nav>{items.map(renderItem)}</nav>
-}
-
-export default function Page() {
-  return (
-    <Layout>
-      <Sidebar />
-    </Layout>
-  )
-}
-```

.claude/skills/vercel-react-best-practices/rules/server-serialization.md

@@ -1,38 +0,0 @@
----
-title: Minimize Serialization at RSC Boundaries
-impact: HIGH
-impactDescription: reduces data transfer size
-tags: server, rsc, serialization, props
----
-
-## Minimize Serialization at RSC Boundaries
-
-The React Server/Client boundary serializes all object properties into strings and embeds them in the HTML response and subsequent RSC requests. This serialized data directly impacts page weight and load time, so **size matters a lot**. Only pass fields that the client actually uses.
-
-**Incorrect (serializes all 50 fields):**
-
-```tsx
-async function Page() {
-  const user = await fetchUser()  // 50 fields
-  return <Profile user={user} />
-}
-
-'use client'
-function Profile({ user }: { user: User }) {
-  return <div>{user.name}</div>  // uses 1 field
-}
-```
-
-**Correct (serializes only 1 field):**
-
-```tsx
-async function Page() {
-  const user = await fetchUser()
-  return <Profile name={user.name} />
-}
-
-'use client'
-function Profile({ name }: { name: string }) {
-  return <div>{name}</div>
-}
-```

.dockerignore

@@ -1,9 +1,6 @@
 # Ignore everything by default, selectively add things to context
 *
 
-# Documentation (for embeddings/search)
-!docs/
-
 # Platform - Libs
 !autogpt_platform/autogpt_libs/autogpt_libs/
 !autogpt_platform/autogpt_libs/pyproject.toml
@@ -18,8 +15,6 @@
 !autogpt_platform/backend/pyproject.toml
 !autogpt_platform/backend/poetry.lock
 !autogpt_platform/backend/README.md
-!autogpt_platform/backend/.env
-!autogpt_platform/backend/gen_prisma_types_stub.py
 
 # Platform - Market
 !autogpt_platform/market/market/
@@ -32,7 +27,6 @@
 # Platform - Frontend
 !autogpt_platform/frontend/src/
 !autogpt_platform/frontend/public/
-!autogpt_platform/frontend/scripts/
 !autogpt_platform/frontend/package.json
 !autogpt_platform/frontend/pnpm-lock.yaml
 !autogpt_platform/frontend/tsconfig.json
@@ -40,7 +34,6 @@
 ## config
 !autogpt_platform/frontend/*.config.*
 !autogpt_platform/frontend/.env.*
-!autogpt_platform/frontend/.env
 
 # Classic - AutoGPT
 !classic/original_autogpt/autogpt/

.github/PULL_REQUEST_TEMPLATE.md

@@ -24,8 +24,7 @@
 </details>
 
 #### For configuration changes:
-
-- [ ] `.env.default` is updated or already compatible with my changes
+- [ ] `.env.example` is updated or already compatible with my changes
 - [ ] `docker-compose.yml` is updated or already compatible with my changes
 - [ ] I have included a list of my configuration changes in the PR description (under **Changes**)
 

.github/copilot-instructions.md

@@ -1,322 +0,0 @@
-# GitHub Copilot Instructions for AutoGPT
-
-This file provides comprehensive onboarding information for GitHub Copilot coding agent to work efficiently with the AutoGPT repository.
-
-## Repository Overview
-
-**AutoGPT** is a powerful platform for creating, deploying, and managing continuous AI agents that automate complex workflows. This is a large monorepo (~150MB) containing multiple components:
-
-- **AutoGPT Platform** (`autogpt_platform/`) - Main focus: Modern AI agent platform (Polyform Shield License)
-- **Classic AutoGPT** (`classic/`) - Legacy agent system (MIT License)
-- **Documentation** (`docs/`) - MkDocs-based documentation site
-- **Infrastructure** - Docker configurations, CI/CD, and development tools
-
-**Primary Languages & Frameworks:**
-
-- **Backend**: Python 3.10-3.13, FastAPI, Prisma ORM, PostgreSQL, RabbitMQ
-- **Frontend**: TypeScript, Next.js 15, React, Tailwind CSS, Radix UI
-- **Development**: Docker, Poetry, pnpm, Playwright, Storybook
-
-## Build and Validation Instructions
-
-### Essential Setup Commands
-
-**Always run these commands in the correct directory and in this order:**
-
-1. **Initial Setup** (required once):
-
-   ```bash
-   # Clone and enter repository
-   git clone <repo> && cd AutoGPT
-
-   # Start all services (database, redis, rabbitmq, clamav)
-   cd autogpt_platform && docker compose --profile local up deps --build --detach
-   ```
-
-2. **Backend Setup** (always run before backend development):
-
-   ```bash
-   cd autogpt_platform/backend
-   poetry install                    # Install dependencies
-   poetry run prisma migrate dev     # Run database migrations
-   poetry run prisma generate        # Generate Prisma client
-   ```
-
-3. **Frontend Setup** (always run before frontend development):
-   ```bash
-   cd autogpt_platform/frontend
-   pnpm install                      # Install dependencies
-   ```
-
-### Runtime Requirements
-
-**Critical:** Always ensure Docker services are running before starting development:
-
-```bash
-cd autogpt_platform && docker compose --profile local up deps --build --detach
-```
-
-**Python Version:** Use Python 3.11 (required; managed by Poetry via pyproject.toml)
-**Node.js Version:** Use Node.js 21+ with pnpm package manager
-
-### Development Commands
-
-**Backend Development:**
-
-```bash
-cd autogpt_platform/backend
-poetry run serve                     # Start development server (port 8000)
-poetry run test                      # Run all tests (requires ~5 minutes)
-poetry run pytest path/to/test.py    # Run specific test
-poetry run format                    # Format code (Black + isort) - always run first
-poetry run lint                      # Lint code (ruff) - run after format
-```
-
-**Frontend Development:**
-
-```bash
-cd autogpt_platform/frontend
-pnpm dev                            # Start development server (port 3000) - use for active development
-pnpm build                          # Build for production (only needed for E2E tests or deployment)
-pnpm test                           # Run Playwright E2E tests (requires build first)
-pnpm test-ui                        # Run tests with UI
-pnpm format                         # Format and lint code
-pnpm storybook                      # Start component development server
-```
-
-### Testing Strategy
-
-**Backend Tests:**
-
-- **Block Tests**: `poetry run pytest backend/blocks/test/test_block.py -xvs` (validates all blocks)
-- **Specific Block**: `poetry run pytest 'backend/blocks/test/test_block.py::test_available_blocks[BlockName]' -xvs`
-- **Snapshot Tests**: Use `--snapshot-update` when output changes, always review with `git diff`
-
-**Frontend Tests:**
-
-- **E2E Tests**: Always run `pnpm dev` before `pnpm test` (Playwright requires running instance)
-- **Component Tests**: Use Storybook for isolated component development
-
-### Critical Validation Steps
-
-**Before committing changes:**
-
-1. Run `poetry run format` (backend) and `pnpm format` (frontend)
-2. Ensure all tests pass in modified areas
-3. Verify Docker services are still running
-4. Check that database migrations apply cleanly
-
-**Common Issues & Workarounds:**
-
-- **Prisma issues**: Run `poetry run prisma generate` after schema changes
-- **Permission errors**: Ensure Docker has proper permissions
-- **Port conflicts**: Check the `docker-compose.yml` file for the current list of exposed ports. You can list all mapped ports with:
-- **Test timeouts**: Backend tests can take 5+ minutes, use `-x` flag to stop on first failure
-
-## Project Layout & Architecture
-
-### Core Architecture
-
-**AutoGPT Platform** (`autogpt_platform/`):
-
-- `backend/` - FastAPI server with async support
-  - `backend/backend/` - Core API logic
-  - `backend/blocks/` - Agent execution blocks
-  - `backend/data/` - Database models and schemas
-  - `schema.prisma` - Database schema definition
-- `frontend/` - Next.js application
-  - `src/app/` - App Router pages and layouts
-  - `src/components/` - Reusable React components
-  - `src/lib/` - Utilities and configurations
-- `autogpt_libs/` - Shared Python utilities
-- `docker-compose.yml` - Development stack orchestration
-
-**Key Configuration Files:**
-
-- `pyproject.toml` - Python dependencies and tooling
-- `package.json` - Node.js dependencies and scripts
-- `schema.prisma` - Database schema and migrations
-- `next.config.mjs` - Next.js configuration
-- `tailwind.config.ts` - Styling configuration
-
-### Security & Middleware
-
-**Cache Protection**: Backend includes middleware preventing sensitive data caching in browsers/proxies
-**Authentication**: JWT-based with Supabase integration
-**User ID Validation**: All data access requires user ID checks - verify this for any `data/*.py` changes
-
-### Development Workflow
-
-**GitHub Actions**: Multiple CI/CD workflows in `.github/workflows/`
-
-- `platform-backend-ci.yml` - Backend testing and validation
-- `platform-frontend-ci.yml` - Frontend testing and validation
-- `platform-fullstack-ci.yml` - End-to-end integration tests
-
-**Pre-commit Hooks**: Run linting and formatting checks
-**Conventional Commits**: Use format `type(scope): description` (e.g., `feat(backend): add API`)
-
-### Key Source Files
-
-**Backend Entry Points:**
-
-- `backend/backend/server/server.py` - FastAPI application setup
-- `backend/backend/data/` - Database models and user management
-- `backend/blocks/` - Agent execution blocks and logic
-
-**Frontend Entry Points:**
-
-- `frontend/src/app/layout.tsx` - Root application layout
-- `frontend/src/app/page.tsx` - Home page
-- `frontend/src/lib/supabase/` - Authentication and database client
-
-**Protected Routes**: Update `frontend/lib/supabase/middleware.ts` when adding protected routes
-
-### Agent Block System
-
-Agents are built using a visual block-based system where each block performs a single action. Blocks are defined in `backend/blocks/` and must include:
-
-- Block definition with input/output schemas
-- Execution logic with proper error handling
-- Tests validating functionality
-
-### Database & ORM
-
-**Prisma ORM** with PostgreSQL backend including pgvector for embeddings:
-
-- Schema in `schema.prisma`
-- Migrations in `backend/migrations/`
-- Always run `prisma migrate dev` and `prisma generate` after schema changes
-
-## Environment Configuration
-
-### Configuration Files Priority Order
-
-1. **Backend**: `/backend/.env.default` → `/backend/.env` (user overrides)
-2. **Frontend**: `/frontend/.env.default` → `/frontend/.env` (user overrides)
-3. **Platform**: `/.env.default` (Supabase/shared) → `/.env` (user overrides)
-4. Docker Compose `environment:` sections override file-based config
-5. Shell environment variables have highest precedence
-
-### Docker Environment Setup
-
-- All services use hardcoded defaults (no `${VARIABLE}` substitutions)
-- The `env_file` directive loads variables INTO containers at runtime
-- Backend/Frontend services use YAML anchors for consistent configuration
-- Copy `.env.default` files to `.env` for local development customization
-
-## Advanced Development Patterns
-
-### Adding New Blocks
-
-1. Create file in `/backend/backend/blocks/`
-2. Inherit from `Block` base class with input/output schemas
-3. Implement `run` method with proper error handling
-4. Generate block UUID using `uuid.uuid4()`
-5. Register in block registry
-6. Write tests alongside block implementation
-7. Consider how inputs/outputs connect with other blocks in graph editor
-
-### API Development
-
-1. Update routes in `/backend/backend/server/routers/`
-2. Add/update Pydantic models in same directory
-3. Write tests alongside route files
-4. For `data/*.py` changes, validate user ID checks
-5. Run `poetry run test` to verify changes
-
-### Frontend Development
-
-**📖 Complete Frontend Guide**: See `autogpt_platform/frontend/CONTRIBUTING.md` and `autogpt_platform/frontend/.cursorrules` for comprehensive patterns and conventions.
-
-**Quick Reference:**
-
-**Component Structure:**
-
-- Separate render logic from data/behavior
-- Structure: `ComponentName/ComponentName.tsx` + `useComponentName.ts` + `helpers.ts`
-- Exception: Small components (3-4 lines of logic) can be inline
-- Render-only components can be direct files without folders
-
-**Data Fetching:**
-
-- Use generated API hooks from `@/app/api/__generated__/endpoints/`
-- Generated via Orval from backend OpenAPI spec
-- Pattern: `use{Method}{Version}{OperationName}`
-- Example: `useGetV2ListLibraryAgents`
-- Regenerate with: `pnpm generate:api`
-- **Never** use deprecated `BackendAPI` or `src/lib/autogpt-server-api/*`
-
-**Code Conventions:**
-
-- Use function declarations for components and handlers (not arrow functions)
-- Only arrow functions for small inline lambdas (map, filter, etc.)
-- Components: `PascalCase`, Hooks: `camelCase` with `use` prefix
-- No barrel files or `index.ts` re-exports
-- Minimal comments (code should be self-documenting)
-
-**Styling:**
-
-- Use Tailwind CSS utilities only
-- Use design system components from `src/components/` (atoms, molecules, organisms)
-- Never use `src/components/__legacy__/*`
-- Only use Phosphor Icons (`@phosphor-icons/react`)
-- Prefer design tokens over hardcoded values
-
-**Error Handling:**
-
-- Render errors: Use `<ErrorCard />` component
-- Mutation errors: Display with toast notifications
-- Manual exceptions: Use `Sentry.captureException()`
-- Global error boundaries already configured
-
-**Testing:**
-
-- Add/update Storybook stories for UI components (`pnpm storybook`)
-- Run Playwright E2E tests with `pnpm test`
-- Verify in Chromatic after PR
-
-**Architecture:**
-
-- Default to client components ("use client")
-- Server components only for SEO or extreme TTFB needs
-- Use React Query for server state (via generated hooks)
-- Co-locate UI state in components/hooks
-
-### Security Guidelines
-
-**Cache Protection Middleware** (`/backend/backend/server/middleware/security.py`):
-
-- Default: Disables caching for ALL endpoints with `Cache-Control: no-store, no-cache, must-revalidate, private`
-- Uses allow list approach for cacheable paths (static assets, health checks, public pages)
-- Prevents sensitive data caching in browsers/proxies
-- Add new cacheable endpoints to `CACHEABLE_PATHS`
-
-### CI/CD Alignment
-
-The repository has comprehensive CI workflows that test:
-
-- **Backend**: Python 3.11-3.13, services (Redis/RabbitMQ/ClamAV), Prisma migrations, Poetry lock validation
-- **Frontend**: Node.js 21, pnpm, Playwright with Docker Compose stack, API schema validation
-- **Integration**: Full-stack type checking and E2E testing
-
-Match these patterns when developing locally - the copilot setup environment mirrors these CI configurations.
-
-## Collaboration with Other AI Assistants
-
-This repository is actively developed with assistance from Claude (via CLAUDE.md files). When working on this codebase:
-
-- Check for existing CLAUDE.md files that provide additional context
-- Follow established patterns and conventions already in the codebase
-- Maintain consistency with existing code style and architecture
-- Consider that changes may be reviewed and extended by both human developers and AI assistants
-
-## Trust These Instructions
-
-These instructions are comprehensive and tested. Only perform additional searches if:
-
-1. Information here is incomplete for your specific task
-2. You encounter errors not covered by the workarounds
-3. You need to understand implementation details not covered above
-
-For detailed platform development patterns, refer to `autogpt_platform/CLAUDE.md` and `AGENTS.md` in the repository root.

.github/workflows/claude-ci-failure-auto-fix.yml

@@ -1,97 +0,0 @@
-name: Auto Fix CI Failures
-
-on:
-  workflow_run:
-    workflows: ["CI"]
-    types:
-      - completed
-
-permissions:
-  contents: write
-  pull-requests: write
-  actions: read
-  issues: write
-  id-token: write # Required for OIDC token exchange
-
-jobs:
-  auto-fix:
-    if: |
-      github.event.workflow_run.conclusion == 'failure' &&
-      github.event.workflow_run.pull_requests[0] &&
-      !startsWith(github.event.workflow_run.head_branch, 'claude-auto-fix-ci-')
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.workflow_run.head_branch }}
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Setup git identity
-        run: |
-          git config --global user.email "claude[bot]@users.noreply.github.com"
-          git config --global user.name "claude[bot]"
-
-      - name: Create fix branch
-        id: branch
-        run: |
-          BRANCH_NAME="claude-auto-fix-ci-${{ github.event.workflow_run.head_branch }}-${{ github.run_id }}"
-          git checkout -b "$BRANCH_NAME"
-          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
-
-      - name: Get CI failure details
-        id: failure_details
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const run = await github.rest.actions.getWorkflowRun({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              run_id: ${{ github.event.workflow_run.id }}
-            });
-
-            const jobs = await github.rest.actions.listJobsForWorkflowRun({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              run_id: ${{ github.event.workflow_run.id }}
-            });
-
-            const failedJobs = jobs.data.jobs.filter(job => job.conclusion === 'failure');
-
-            let errorLogs = [];
-            for (const job of failedJobs) {
-              const logs = await github.rest.actions.downloadJobLogsForWorkflowRun({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                job_id: job.id
-              });
-              errorLogs.push({
-                jobName: job.name,
-                logs: logs.data
-              });
-            }
-
-            return {
-              runUrl: run.data.html_url,
-              failedJobs: failedJobs.map(j => j.name),
-              errorLogs: errorLogs
-            };
-
-      - name: Fix CI failures with Claude
-        id: claude
-        uses: anthropics/claude-code-action@v1
-        with:
-          prompt: |
-            /fix-ci 
-            Failed CI Run: ${{ fromJSON(steps.failure_details.outputs.result).runUrl }}
-            Failed Jobs: ${{ join(fromJSON(steps.failure_details.outputs.result).failedJobs, ', ') }}
-            PR Number: ${{ github.event.workflow_run.pull_requests[0].number }}
-            Branch Name: ${{ steps.branch.outputs.branch_name }}
-            Base Branch: ${{ github.event.workflow_run.head_branch }}
-            Repository: ${{ github.repository }}
-
-            Error logs:
-            ${{ toJSON(fromJSON(steps.failure_details.outputs.result).errorLogs) }}
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          claude_args: "--allowedTools 'Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash(git:*),Bash(bun:*),Bash(npm:*),Bash(npx:*),Bash(gh:*)'"

.github/workflows/claude-dependabot.yml

@@ -1,379 +0,0 @@
-# Claude Dependabot PR Review Workflow
-# 
-# This workflow automatically runs Claude analysis on Dependabot PRs to:
-# - Identify dependency changes and their versions
-# - Look up changelogs for updated packages  
-# - Assess breaking changes and security impacts
-# - Provide actionable recommendations for the development team
-#
-# Triggered on: Dependabot PRs (opened, synchronize)
-# Requirements: ANTHROPIC_API_KEY secret must be configured
-
-name: Claude Dependabot PR Review
-
-on:
-  pull_request:
-    types: [opened, synchronize]
-
-jobs:
-  dependabot-review:
-    # Only run on Dependabot PRs
-    if: github.actor == 'dependabot[bot]'
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-
-    permissions:
-      contents: write
-      pull-requests: read
-      issues: read
-      id-token: write
-      actions: read # Required for CI access
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      # Backend Python/Poetry setup (mirrors platform-backend-ci.yml)
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"  # Use standard version matching CI
-
-      - name: Set up Python dependency cache
-        uses: actions/cache@v4
-        with:
-          path: ~/.cache/pypoetry
-          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
-
-      - name: Install Poetry
-        run: |
-          # Extract Poetry version from backend/poetry.lock (matches CI)
-          cd autogpt_platform/backend
-          HEAD_POETRY_VERSION=$(python3 ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
-          echo "Found Poetry version ${HEAD_POETRY_VERSION} in backend/poetry.lock"
-          
-          # Install Poetry
-          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$HEAD_POETRY_VERSION python3 -
-          
-          # Add Poetry to PATH
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-      - name: Check poetry.lock
-        working-directory: autogpt_platform/backend
-        run: |
-          poetry lock
-          if ! git diff --quiet --ignore-matching-lines="^# " poetry.lock; then
-            echo "Warning: poetry.lock not up to date, but continuing for setup"
-            git checkout poetry.lock  # Reset for clean setup
-          fi
-
-      - name: Install Python dependencies
-        working-directory: autogpt_platform/backend
-        run: poetry install
-
-      - name: Generate Prisma Client
-        working-directory: autogpt_platform/backend
-        run: poetry run prisma generate && poetry run gen-prisma-stub
-
-      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "22"
-
-      - name: Enable corepack
-        run: corepack enable
-
-      - name: Set pnpm store directory
-        run: |
-          pnpm config set store-dir ~/.pnpm-store
-          echo "PNPM_HOME=$HOME/.pnpm-store" >> $GITHUB_ENV
-
-      - name: Cache frontend dependencies
-        uses: actions/cache@v4
-        with:
-          path: ~/.pnpm-store
-          key: ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
-            ${{ runner.os }}-pnpm-
-
-      - name: Install JavaScript dependencies
-        working-directory: autogpt_platform/frontend
-        run: pnpm install --frozen-lockfile
-
-      # Install Playwright browsers for frontend testing
-      # NOTE: Disabled to save ~1 minute of setup time. Re-enable if Copilot needs browser automation (e.g., for MCP)
-      # - name: Install Playwright browsers
-      #   working-directory: autogpt_platform/frontend
-      #   run: pnpm playwright install --with-deps chromium
-
-      # Docker setup for development environment
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Copy default environment files
-        working-directory: autogpt_platform
-        run: |
-          # Copy default environment files for development
-          cp .env.default .env
-          cp backend/.env.default backend/.env
-          cp frontend/.env.default frontend/.env
-
-      # Phase 1: Cache and load Docker images for faster setup
-      - name: Set up Docker image cache
-        id: docker-cache
-        uses: actions/cache@v4
-        with:
-          path: ~/docker-cache
-          # Use a versioned key for cache invalidation when image list changes
-          key: docker-images-v2-${{ runner.os }}-${{ hashFiles('.github/workflows/copilot-setup-steps.yml') }}
-          restore-keys: |
-            docker-images-v2-${{ runner.os }}-
-            docker-images-v1-${{ runner.os }}-
-
-      - name: Load or pull Docker images
-        working-directory: autogpt_platform
-        run: |
-          mkdir -p ~/docker-cache
-          
-          # Define image list for easy maintenance
-          IMAGES=(
-            "redis:latest"
-            "rabbitmq:management"
-            "clamav/clamav-debian:latest"
-            "busybox:latest"
-            "kong:2.8.1"
-            "supabase/gotrue:v2.170.0"
-            "supabase/postgres:15.8.1.049"
-            "supabase/postgres-meta:v0.86.1"
-            "supabase/studio:20250224-d10db0f"
-          )
-          
-          # Check if any cached tar files exist (more reliable than cache-hit)
-          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
-            echo "Docker cache found, loading images in parallel..."
-            for image in "${IMAGES[@]}"; do
-              # Convert image name to filename (replace : and / with -)
-              filename=$(echo "$image" | tr ':/' '--')
-              if [ -f ~/docker-cache/${filename}.tar ]; then
-                echo "Loading $image..."
-                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
-              fi
-            done
-            wait
-            echo "All cached images loaded"
-          else
-            echo "No Docker cache found, pulling images in parallel..."
-            # Pull all images in parallel
-            for image in "${IMAGES[@]}"; do
-              docker pull "$image" &
-            done
-            wait
-            
-            # Only save cache on main branches (not PRs) to avoid cache pollution
-            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
-              echo "Saving Docker images to cache in parallel..."
-              for image in "${IMAGES[@]}"; do
-                # Convert image name to filename (replace : and / with -)
-                filename=$(echo "$image" | tr ':/' '--')
-                echo "Saving $image..."
-                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
-              done
-              wait
-              echo "Docker image cache saved"
-            else
-              echo "Skipping cache save for PR/feature branch"
-            fi
-          fi
-          
-          echo "Docker images ready for use"
-
-      # Phase 2: Build migrate service with GitHub Actions cache
-      - name: Build migrate Docker image with cache
-        working-directory: autogpt_platform
-        run: |
-          # Build the migrate image with buildx for GHA caching
-          docker buildx build \
-            --cache-from type=gha \
-            --cache-to type=gha,mode=max \
-            --target migrate \
-            --tag autogpt_platform-migrate:latest \
-            --load \
-            -f backend/Dockerfile \
-            ..
-
-      # Start services using pre-built images
-      - name: Start Docker services for development
-        working-directory: autogpt_platform
-        run: |
-          # Start essential services (migrate image already built with correct tag)
-          docker compose --profile local up deps --no-build --detach
-          echo "Waiting for services to be ready..."
-          
-          # Wait for database to be ready
-          echo "Checking database readiness..."
-          timeout 30 sh -c 'until docker compose exec -T db pg_isready -U postgres 2>/dev/null; do 
-            echo "  Waiting for database..."
-            sleep 2
-          done' && echo "✅ Database is ready" || echo "⚠️ Database ready check timeout after 30s, continuing..."
-          
-          # Check migrate service status
-          echo "Checking migration status..."
-          docker compose ps migrate || echo "  Migrate service not visible in ps output"
-          
-          # Wait for migrate service to complete
-          echo "Waiting for migrations to complete..."
-          timeout 30 bash -c '
-            ATTEMPTS=0
-            while [ $ATTEMPTS -lt 15 ]; do
-              ATTEMPTS=$((ATTEMPTS + 1))
-              
-              # Check using docker directly (more reliable than docker compose ps)
-              CONTAINER_STATUS=$(docker ps -a --filter "label=com.docker.compose.service=migrate" --format "{{.Status}}" | head -1)
-              
-              if [ -z "$CONTAINER_STATUS" ]; then
-                echo "  Attempt $ATTEMPTS: Migrate container not found yet..."
-              elif echo "$CONTAINER_STATUS" | grep -q "Exited (0)"; then
-                echo "✅ Migrations completed successfully"
-                docker compose logs migrate --tail=5 2>/dev/null || true
-                exit 0
-              elif echo "$CONTAINER_STATUS" | grep -q "Exited ([1-9]"; then
-                EXIT_CODE=$(echo "$CONTAINER_STATUS" | grep -oE "Exited \([0-9]+\)" | grep -oE "[0-9]+")
-                echo "❌ Migrations failed with exit code: $EXIT_CODE"
-                echo "Migration logs:"
-                docker compose logs migrate --tail=20 2>/dev/null || true
-                exit 1
-              elif echo "$CONTAINER_STATUS" | grep -q "Up"; then
-                echo "  Attempt $ATTEMPTS: Migrate container is running... ($CONTAINER_STATUS)"
-              else
-                echo "  Attempt $ATTEMPTS: Migrate container status: $CONTAINER_STATUS"
-              fi
-              
-              sleep 2
-            done
-            
-            echo "⚠️ Timeout: Could not determine migration status after 30 seconds"
-            echo "Final container check:"
-            docker ps -a --filter "label=com.docker.compose.service=migrate" || true
-            echo "Migration logs (if available):"
-            docker compose logs migrate --tail=10 2>/dev/null || echo "  No logs available"
-          ' || echo "⚠️ Migration check completed with warnings, continuing..."
-          
-          # Brief wait for other services to stabilize
-          echo "Waiting 5 seconds for other services to stabilize..."
-          sleep 5
-
-      # Verify installations and provide environment info
-      - name: Verify setup and show environment info
-        run: |
-          echo "=== Python Setup ==="
-          python --version
-          poetry --version
-          
-          echo "=== Node.js Setup ==="
-          node --version
-          pnpm --version
-          
-          echo "=== Additional Tools ==="
-          docker --version
-          docker compose version
-          gh --version || true
-          
-          echo "=== Services Status ==="
-          cd autogpt_platform
-          docker compose ps || true
-          
-          echo "=== Backend Dependencies ==="
-          cd backend
-          poetry show | head -10 || true
-          
-          echo "=== Frontend Dependencies ==="
-          cd ../frontend
-          pnpm list --depth=0 | head -10 || true
-          
-          echo "=== Environment Files ==="
-          ls -la ../.env* || true
-          ls -la .env* || true
-          ls -la ../backend/.env* || true
-          
-          echo "✅ AutoGPT Platform development environment setup complete!"
-          echo "🚀 Ready for development with Docker services running"
-          echo "📝 Backend server: poetry run serve (port 8000)"
-          echo "🌐 Frontend server: pnpm dev (port 3000)"
-
-
-      - name: Run Claude Dependabot Analysis
-        id: claude_review
-        uses: anthropics/claude-code-action@v1
-        with:
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          claude_args: |
-            --allowedTools "Bash(npm:*),Bash(pnpm:*),Bash(poetry:*),Bash(git:*),Edit,Replace,NotebookEditCell,mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*), Bash(gh pr diff:*), Bash(gh pr view:*)"
-          prompt: |
-            You are Claude, an AI assistant specialized in reviewing Dependabot dependency update PRs. 
-            
-            Your primary tasks are:
-            1. **Analyze the dependency changes** in this Dependabot PR
-            2. **Look up changelogs** for all updated dependencies to understand what changed
-            3. **Identify breaking changes** and assess potential impact on the AutoGPT codebase
-            4. **Provide actionable recommendations** for the development team
-            
-            ## Analysis Process:
-            
-            1. **Identify Changed Dependencies**: 
-               - Use git diff to see what dependencies were updated
-               - Parse package.json, poetry.lock, requirements files, etc.
-               - List all package versions: old → new
-            
-            2. **Changelog Research**:
-               - For each updated dependency, look up its changelog/release notes
-               - Use WebFetch to access GitHub releases, NPM package pages, PyPI project pages. The pr should also have some details
-               - Focus on versions between the old and new versions
-               - Identify: breaking changes, deprecations, security fixes, new features
-            
-            3. **Breaking Change Assessment**:
-               - Categorize changes: BREAKING, MAJOR, MINOR, PATCH, SECURITY
-               - Assess impact on AutoGPT's usage patterns
-               - Check if AutoGPT uses affected APIs/features
-               - Look for migration guides or upgrade instructions
-            
-            4. **Codebase Impact Analysis**:
-               - Search the AutoGPT codebase for usage of changed APIs
-               - Identify files that might be affected by breaking changes
-               - Check test files for deprecated usage patterns
-               - Look for configuration changes needed
-            
-            ## Output Format:
-            
-            Provide a comprehensive review comment with:
-            
-            ### 🔍 Dependency Analysis Summary
-            - List of updated packages with version changes
-            - Overall risk assessment (LOW/MEDIUM/HIGH)
-            
-            ### 📋 Detailed Changelog Review
-            For each updated dependency:
-            - **Package**: name (old_version → new_version)
-            - **Changes**: Summary of key changes
-            - **Breaking Changes**: List any breaking changes
-            - **Security Fixes**: Note security improvements
-            - **Migration Notes**: Any upgrade steps needed
-            
-            ### ⚠️ Impact Assessment
-            - **Breaking Changes Found**: Yes/No with details
-            - **Affected Files**: List AutoGPT files that may need updates
-            - **Test Impact**: Any tests that may need updating
-            - **Configuration Changes**: Required config updates
-            
-            ### 🛠️ Recommendations
-            - **Action Required**: What the team should do
-            - **Testing Focus**: Areas to test thoroughly
-            - **Follow-up Tasks**: Any additional work needed
-            - **Merge Recommendation**: APPROVE/REVIEW_NEEDED/HOLD
-            
-            ### 📚 Useful Links
-            - Links to relevant changelogs, migration guides, documentation
-            
-            Be thorough but concise. Focus on actionable insights that help the development team make informed decisions about the dependency updates.

.github/workflows/claude.yml

@@ -30,302 +30,18 @@ jobs:
         github.event.issue.author_association == 'COLLABORATOR'
       )
     runs-on: ubuntu-latest
-    timeout-minutes: 45
-
     permissions:
-      contents: write
+      contents: read
       pull-requests: read
       issues: read
       id-token: write
-      actions: read # Required for CI access
     steps:
-      - name: Checkout code
+      - name: Checkout repository
         uses: actions/checkout@v4
         with:
           fetch-depth: 1
-
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@v1.3.1
-        with:
-          large-packages: false  # slow
-          docker-images: false  # limited benefit
-
-      # Backend Python/Poetry setup (mirrors platform-backend-ci.yml)
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"  # Use standard version matching CI
-
-      - name: Set up Python dependency cache
-        uses: actions/cache@v4
-        with:
-          path: ~/.cache/pypoetry
-          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
-
-      - name: Install Poetry
-        run: |
-          # Extract Poetry version from backend/poetry.lock (matches CI)
-          cd autogpt_platform/backend
-          HEAD_POETRY_VERSION=$(python3 ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
-          echo "Found Poetry version ${HEAD_POETRY_VERSION} in backend/poetry.lock"
-          
-          # Install Poetry
-          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$HEAD_POETRY_VERSION python3 -
-          
-          # Add Poetry to PATH
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-      - name: Check poetry.lock
-        working-directory: autogpt_platform/backend
-        run: |
-          poetry lock
-          if ! git diff --quiet --ignore-matching-lines="^# " poetry.lock; then
-            echo "Warning: poetry.lock not up to date, but continuing for setup"
-            git checkout poetry.lock  # Reset for clean setup
-          fi
-
-      - name: Install Python dependencies
-        working-directory: autogpt_platform/backend
-        run: poetry install
-
-      - name: Generate Prisma Client
-        working-directory: autogpt_platform/backend
-        run: poetry run prisma generate && poetry run gen-prisma-stub
-
-      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "22"
-
-      - name: Enable corepack
-        run: corepack enable
-
-      - name: Set pnpm store directory
-        run: |
-          pnpm config set store-dir ~/.pnpm-store
-          echo "PNPM_HOME=$HOME/.pnpm-store" >> $GITHUB_ENV
-
-      - name: Cache frontend dependencies
-        uses: actions/cache@v4
-        with:
-          path: ~/.pnpm-store
-          key: ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
-            ${{ runner.os }}-pnpm-
-
-      - name: Install JavaScript dependencies
-        working-directory: autogpt_platform/frontend
-        run: pnpm install --frozen-lockfile
-
-      # Install Playwright browsers for frontend testing
-      # NOTE: Disabled to save ~1 minute of setup time. Re-enable if Copilot needs browser automation (e.g., for MCP)
-      # - name: Install Playwright browsers
-      #   working-directory: autogpt_platform/frontend
-      #   run: pnpm playwright install --with-deps chromium
-
-      # Docker setup for development environment
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Copy default environment files
-        working-directory: autogpt_platform
-        run: |
-          # Copy default environment files for development
-          cp .env.default .env
-          cp backend/.env.default backend/.env
-          cp frontend/.env.default frontend/.env
-
-      # Phase 1: Cache and load Docker images for faster setup
-      - name: Set up Docker image cache
-        id: docker-cache
-        uses: actions/cache@v4
-        with:
-          path: ~/docker-cache
-          # Use a versioned key for cache invalidation when image list changes
-          key: docker-images-v2-${{ runner.os }}-${{ hashFiles('.github/workflows/copilot-setup-steps.yml') }}
-          restore-keys: |
-            docker-images-v2-${{ runner.os }}-
-            docker-images-v1-${{ runner.os }}-
-
-      - name: Load or pull Docker images
-        working-directory: autogpt_platform
-        run: |
-          mkdir -p ~/docker-cache
-          
-          # Define image list for easy maintenance
-          IMAGES=(
-            "redis:latest"
-            "rabbitmq:management"
-            "clamav/clamav-debian:latest"
-            "busybox:latest"
-            "kong:2.8.1"
-            "supabase/gotrue:v2.170.0"
-            "supabase/postgres:15.8.1.049"
-            "supabase/postgres-meta:v0.86.1"
-            "supabase/studio:20250224-d10db0f"
-          )
-          
-          # Check if any cached tar files exist (more reliable than cache-hit)
-          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
-            echo "Docker cache found, loading images in parallel..."
-            for image in "${IMAGES[@]}"; do
-              # Convert image name to filename (replace : and / with -)
-              filename=$(echo "$image" | tr ':/' '--')
-              if [ -f ~/docker-cache/${filename}.tar ]; then
-                echo "Loading $image..."
-                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
-              fi
-            done
-            wait
-            echo "All cached images loaded"
-          else
-            echo "No Docker cache found, pulling images in parallel..."
-            # Pull all images in parallel
-            for image in "${IMAGES[@]}"; do
-              docker pull "$image" &
-            done
-            wait
-            
-            # Only save cache on main branches (not PRs) to avoid cache pollution
-            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
-              echo "Saving Docker images to cache in parallel..."
-              for image in "${IMAGES[@]}"; do
-                # Convert image name to filename (replace : and / with -)
-                filename=$(echo "$image" | tr ':/' '--')
-                echo "Saving $image..."
-                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
-              done
-              wait
-              echo "Docker image cache saved"
-            else
-              echo "Skipping cache save for PR/feature branch"
-            fi
-          fi
-          
-          echo "Docker images ready for use"
-
-      # Phase 2: Build migrate service with GitHub Actions cache
-      - name: Build migrate Docker image with cache
-        working-directory: autogpt_platform
-        run: |
-          # Build the migrate image with buildx for GHA caching
-          docker buildx build \
-            --cache-from type=gha \
-            --cache-to type=gha,mode=max \
-            --target migrate \
-            --tag autogpt_platform-migrate:latest \
-            --load \
-            -f backend/Dockerfile \
-            ..
-
-      # Start services using pre-built images
-      - name: Start Docker services for development
-        working-directory: autogpt_platform
-        run: |
-          # Start essential services (migrate image already built with correct tag)
-          docker compose --profile local up deps --no-build --detach
-          echo "Waiting for services to be ready..."
-          
-          # Wait for database to be ready
-          echo "Checking database readiness..."
-          timeout 30 sh -c 'until docker compose exec -T db pg_isready -U postgres 2>/dev/null; do 
-            echo "  Waiting for database..."
-            sleep 2
-          done' && echo "✅ Database is ready" || echo "⚠️ Database ready check timeout after 30s, continuing..."
-          
-          # Check migrate service status
-          echo "Checking migration status..."
-          docker compose ps migrate || echo "  Migrate service not visible in ps output"
-          
-          # Wait for migrate service to complete
-          echo "Waiting for migrations to complete..."
-          timeout 30 bash -c '
-            ATTEMPTS=0
-            while [ $ATTEMPTS -lt 15 ]; do
-              ATTEMPTS=$((ATTEMPTS + 1))
-              
-              # Check using docker directly (more reliable than docker compose ps)
-              CONTAINER_STATUS=$(docker ps -a --filter "label=com.docker.compose.service=migrate" --format "{{.Status}}" | head -1)
-              
-              if [ -z "$CONTAINER_STATUS" ]; then
-                echo "  Attempt $ATTEMPTS: Migrate container not found yet..."
-              elif echo "$CONTAINER_STATUS" | grep -q "Exited (0)"; then
-                echo "✅ Migrations completed successfully"
-                docker compose logs migrate --tail=5 2>/dev/null || true
-                exit 0
-              elif echo "$CONTAINER_STATUS" | grep -q "Exited ([1-9]"; then
-                EXIT_CODE=$(echo "$CONTAINER_STATUS" | grep -oE "Exited \([0-9]+\)" | grep -oE "[0-9]+")
-                echo "❌ Migrations failed with exit code: $EXIT_CODE"
-                echo "Migration logs:"
-                docker compose logs migrate --tail=20 2>/dev/null || true
-                exit 1
-              elif echo "$CONTAINER_STATUS" | grep -q "Up"; then
-                echo "  Attempt $ATTEMPTS: Migrate container is running... ($CONTAINER_STATUS)"
-              else
-                echo "  Attempt $ATTEMPTS: Migrate container status: $CONTAINER_STATUS"
-              fi
-              
-              sleep 2
-            done
-            
-            echo "⚠️ Timeout: Could not determine migration status after 30 seconds"
-            echo "Final container check:"
-            docker ps -a --filter "label=com.docker.compose.service=migrate" || true
-            echo "Migration logs (if available):"
-            docker compose logs migrate --tail=10 2>/dev/null || echo "  No logs available"
-          ' || echo "⚠️ Migration check completed with warnings, continuing..."
-          
-          # Brief wait for other services to stabilize
-          echo "Waiting 5 seconds for other services to stabilize..."
-          sleep 5
-
-      # Verify installations and provide environment info
-      - name: Verify setup and show environment info
-        run: |
-          echo "=== Python Setup ==="
-          python --version
-          poetry --version
-          
-          echo "=== Node.js Setup ==="
-          node --version
-          pnpm --version
-          
-          echo "=== Additional Tools ==="
-          docker --version
-          docker compose version
-          gh --version || true
-          
-          echo "=== Services Status ==="
-          cd autogpt_platform
-          docker compose ps || true
-          
-          echo "=== Backend Dependencies ==="
-          cd backend
-          poetry show | head -10 || true
-          
-          echo "=== Frontend Dependencies ==="
-          cd ../frontend
-          pnpm list --depth=0 | head -10 || true
-          
-          echo "=== Environment Files ==="
-          ls -la ../.env* || true
-          ls -la .env* || true
-          ls -la ../backend/.env* || true
-          
-          echo "✅ AutoGPT Platform development environment setup complete!"
-          echo "🚀 Ready for development with Docker services running"
-          echo "📝 Backend server: poetry run serve (port 8000)"
-          echo "🌐 Frontend server: pnpm dev (port 3000)"
-
       - name: Run Claude Code
         id: claude
-        uses: anthropics/claude-code-action@v1
+        uses: anthropics/claude-code-action@beta
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          claude_args: |
-            --allowedTools "Bash(npm:*),Bash(pnpm:*),Bash(poetry:*),Bash(git:*),Edit,Replace,NotebookEditCell,mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*), Bash(gh pr diff:*), Bash(gh pr view:*), Bash(gh pr edit:*)"
-            --model opus
-          additional_permissions: |
-            actions: read

.github/workflows/copilot-setup-steps.yml

@@ -1,312 +0,0 @@
-name: "Copilot Setup Steps"
-
-# Automatically run the setup steps when they are changed to allow for easy validation, and
-# allow manual testing through the repository's "Actions" tab
-on:
-  workflow_dispatch:
-  push:
-    paths:
-      - .github/workflows/copilot-setup-steps.yml
-  pull_request:
-    paths:
-      - .github/workflows/copilot-setup-steps.yml
-
-jobs:
-  # The job MUST be called `copilot-setup-steps` or it will not be picked up by Copilot.
-  copilot-setup-steps:
-    runs-on: ubuntu-latest
-    timeout-minutes: 45
-
-    # Set the permissions to the lowest permissions possible needed for your steps.
-    # Copilot will be given its own token for its operations.
-    permissions:
-      # If you want to clone the repository as part of your setup steps, for example to install dependencies, you'll need the `contents: read` permission. If you don't clone the repository in your setup steps, Copilot will do this for you automatically after the steps complete.
-      contents: read
-
-    # You can define any steps you want, and they will run before the agent starts.
-    # If you do not check out your code, Copilot will do this for you.
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          submodules: true
-
-      # Backend Python/Poetry setup (mirrors platform-backend-ci.yml)
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"  # Use standard version matching CI
-
-      - name: Set up Python dependency cache
-        uses: actions/cache@v4
-        with:
-          path: ~/.cache/pypoetry
-          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
-
-      - name: Install Poetry
-        run: |
-          # Extract Poetry version from backend/poetry.lock (matches CI)
-          cd autogpt_platform/backend
-          HEAD_POETRY_VERSION=$(python3 ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
-          echo "Found Poetry version ${HEAD_POETRY_VERSION} in backend/poetry.lock"
-          
-          # Install Poetry
-          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$HEAD_POETRY_VERSION python3 -
-          
-          # Add Poetry to PATH
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-      - name: Check poetry.lock
-        working-directory: autogpt_platform/backend
-        run: |
-          poetry lock
-          if ! git diff --quiet --ignore-matching-lines="^# " poetry.lock; then
-            echo "Warning: poetry.lock not up to date, but continuing for setup"
-            git checkout poetry.lock  # Reset for clean setup
-          fi
-
-      - name: Install Python dependencies
-        working-directory: autogpt_platform/backend
-        run: poetry install
-
-      - name: Generate Prisma Client
-        working-directory: autogpt_platform/backend
-        run: poetry run prisma generate && poetry run gen-prisma-stub
-
-      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "22"
-
-      - name: Enable corepack
-        run: corepack enable
-
-      - name: Set pnpm store directory
-        run: |
-          pnpm config set store-dir ~/.pnpm-store
-          echo "PNPM_HOME=$HOME/.pnpm-store" >> $GITHUB_ENV
-
-      - name: Cache frontend dependencies
-        uses: actions/cache@v4
-        with:
-          path: ~/.pnpm-store
-          key: ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
-            ${{ runner.os }}-pnpm-
-
-      - name: Install JavaScript dependencies
-        working-directory: autogpt_platform/frontend
-        run: pnpm install --frozen-lockfile
-
-      # Install Playwright browsers for frontend testing
-      # NOTE: Disabled to save ~1 minute of setup time. Re-enable if Copilot needs browser automation (e.g., for MCP)
-      # - name: Install Playwright browsers
-      #   working-directory: autogpt_platform/frontend
-      #   run: pnpm playwright install --with-deps chromium
-
-      # Docker setup for development environment
-      - name: Free up disk space
-        run: |
-          # Remove large unused tools to free disk space for Docker builds
-          sudo rm -rf /usr/share/dotnet
-          sudo rm -rf /usr/local/lib/android
-          sudo rm -rf /opt/ghc
-          sudo rm -rf /opt/hostedtoolcache/CodeQL
-          sudo docker system prune -af
-          df -h
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Copy default environment files
-        working-directory: autogpt_platform
-        run: |
-          # Copy default environment files for development
-          cp .env.default .env
-          cp backend/.env.default backend/.env
-          cp frontend/.env.default frontend/.env
-
-      # Phase 1: Cache and load Docker images for faster setup
-      - name: Set up Docker image cache
-        id: docker-cache
-        uses: actions/cache@v4
-        with:
-          path: ~/docker-cache
-          # Use a versioned key for cache invalidation when image list changes
-          key: docker-images-v2-${{ runner.os }}-${{ hashFiles('.github/workflows/copilot-setup-steps.yml') }}
-          restore-keys: |
-            docker-images-v2-${{ runner.os }}-
-            docker-images-v1-${{ runner.os }}-
-
-      - name: Load or pull Docker images
-        working-directory: autogpt_platform
-        run: |
-          mkdir -p ~/docker-cache
-          
-          # Define image list for easy maintenance
-          IMAGES=(
-            "redis:latest"
-            "rabbitmq:management"
-            "clamav/clamav-debian:latest"
-            "busybox:latest"
-            "kong:2.8.1"
-            "supabase/gotrue:v2.170.0"
-            "supabase/postgres:15.8.1.049"
-            "supabase/postgres-meta:v0.86.1"
-            "supabase/studio:20250224-d10db0f"
-          )
-          
-          # Check if any cached tar files exist (more reliable than cache-hit)
-          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
-            echo "Docker cache found, loading images in parallel..."
-            for image in "${IMAGES[@]}"; do
-              # Convert image name to filename (replace : and / with -)
-              filename=$(echo "$image" | tr ':/' '--')
-              if [ -f ~/docker-cache/${filename}.tar ]; then
-                echo "Loading $image..."
-                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
-              fi
-            done
-            wait
-            echo "All cached images loaded"
-          else
-            echo "No Docker cache found, pulling images in parallel..."
-            # Pull all images in parallel
-            for image in "${IMAGES[@]}"; do
-              docker pull "$image" &
-            done
-            wait
-            
-            # Only save cache on main branches (not PRs) to avoid cache pollution
-            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
-              echo "Saving Docker images to cache in parallel..."
-              for image in "${IMAGES[@]}"; do
-                # Convert image name to filename (replace : and / with -)
-                filename=$(echo "$image" | tr ':/' '--')
-                echo "Saving $image..."
-                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
-              done
-              wait
-              echo "Docker image cache saved"
-            else
-              echo "Skipping cache save for PR/feature branch"
-            fi
-          fi
-          
-          echo "Docker images ready for use"
-
-      # Phase 2: Build migrate service with GitHub Actions cache
-      - name: Build migrate Docker image with cache
-        working-directory: autogpt_platform
-        run: |
-          # Build the migrate image with buildx for GHA caching
-          docker buildx build \
-            --cache-from type=gha \
-            --cache-to type=gha,mode=max \
-            --target migrate \
-            --tag autogpt_platform-migrate:latest \
-            --load \
-            -f backend/Dockerfile \
-            ..
-
-      # Start services using pre-built images
-      - name: Start Docker services for development
-        working-directory: autogpt_platform
-        run: |
-          # Start essential services (migrate image already built with correct tag)
-          docker compose --profile local up deps --no-build --detach
-          echo "Waiting for services to be ready..."
-          
-          # Wait for database to be ready
-          echo "Checking database readiness..."
-          timeout 30 sh -c 'until docker compose exec -T db pg_isready -U postgres 2>/dev/null; do 
-            echo "  Waiting for database..."
-            sleep 2
-          done' && echo "✅ Database is ready" || echo "⚠️ Database ready check timeout after 30s, continuing..."
-          
-          # Check migrate service status
-          echo "Checking migration status..."
-          docker compose ps migrate || echo "  Migrate service not visible in ps output"
-          
-          # Wait for migrate service to complete
-          echo "Waiting for migrations to complete..."
-          timeout 30 bash -c '
-            ATTEMPTS=0
-            while [ $ATTEMPTS -lt 15 ]; do
-              ATTEMPTS=$((ATTEMPTS + 1))
-              
-              # Check using docker directly (more reliable than docker compose ps)
-              CONTAINER_STATUS=$(docker ps -a --filter "label=com.docker.compose.service=migrate" --format "{{.Status}}" | head -1)
-              
-              if [ -z "$CONTAINER_STATUS" ]; then
-                echo "  Attempt $ATTEMPTS: Migrate container not found yet..."
-              elif echo "$CONTAINER_STATUS" | grep -q "Exited (0)"; then
-                echo "✅ Migrations completed successfully"
-                docker compose logs migrate --tail=5 2>/dev/null || true
-                exit 0
-              elif echo "$CONTAINER_STATUS" | grep -q "Exited ([1-9]"; then
-                EXIT_CODE=$(echo "$CONTAINER_STATUS" | grep -oE "Exited \([0-9]+\)" | grep -oE "[0-9]+")
-                echo "❌ Migrations failed with exit code: $EXIT_CODE"
-                echo "Migration logs:"
-                docker compose logs migrate --tail=20 2>/dev/null || true
-                exit 1
-              elif echo "$CONTAINER_STATUS" | grep -q "Up"; then
-                echo "  Attempt $ATTEMPTS: Migrate container is running... ($CONTAINER_STATUS)"
-              else
-                echo "  Attempt $ATTEMPTS: Migrate container status: $CONTAINER_STATUS"
-              fi
-              
-              sleep 2
-            done
-            
-            echo "⚠️ Timeout: Could not determine migration status after 30 seconds"
-            echo "Final container check:"
-            docker ps -a --filter "label=com.docker.compose.service=migrate" || true
-            echo "Migration logs (if available):"
-            docker compose logs migrate --tail=10 2>/dev/null || echo "  No logs available"
-          ' || echo "⚠️ Migration check completed with warnings, continuing..."
-          
-          # Brief wait for other services to stabilize
-          echo "Waiting 5 seconds for other services to stabilize..."
-          sleep 5
-
-      # Verify installations and provide environment info
-      - name: Verify setup and show environment info
-        run: |
-          echo "=== Python Setup ==="
-          python --version
-          poetry --version
-          
-          echo "=== Node.js Setup ==="
-          node --version
-          pnpm --version
-          
-          echo "=== Additional Tools ==="
-          docker --version
-          docker compose version
-          gh --version || true
-          
-          echo "=== Services Status ==="
-          cd autogpt_platform
-          docker compose ps || true
-          
-          echo "=== Backend Dependencies ==="
-          cd backend
-          poetry show | head -10 || true
-          
-          echo "=== Frontend Dependencies ==="
-          cd ../frontend
-          pnpm list --depth=0 | head -10 || true
-          
-          echo "=== Environment Files ==="
-          ls -la ../.env* || true
-          ls -la .env* || true
-          ls -la ../backend/.env* || true
-          
-          echo "✅ AutoGPT Platform development environment setup complete!"
-          echo "🚀 Ready for development with Docker services running"
-          echo "📝 Backend server: poetry run serve (port 8000)"
-          echo "🌐 Frontend server: pnpm dev (port 3000)"

.github/workflows/platform-autgpt-deploy-prod.yml

@@ -3,7 +3,6 @@ name: AutoGPT Platform - Deploy Prod Environment
 on:
   release:
     types: [published]
-  workflow_dispatch:
 
 permissions:
   contents: 'read'
@@ -18,8 +17,6 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-        with:
-          ref: ${{ github.ref_name || 'master' }}
 
       - name: Set up Python
         uses: actions/setup-python@v5
@@ -39,7 +36,7 @@ jobs:
           DATABASE_URL: ${{ secrets.BACKEND_DATABASE_URL }}
           DIRECT_URL: ${{ secrets.BACKEND_DATABASE_URL }}
 
-
+          
   trigger:
     needs: migrate
     runs-on: ubuntu-latest
@@ -50,5 +47,4 @@ jobs:
           token: ${{ secrets.DEPLOY_TOKEN }}
           repository: Significant-Gravitas/AutoGPT_cloud_infrastructure
           event-type: build_deploy_prod
-          client-payload: |
-            {"ref": "${{ github.ref_name || 'master' }}", "repository": "${{ github.repository }}"}
+          client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "repository": "${{ github.repository }}"}'

.github/workflows/platform-autogpt-deploy-dev.yaml

@@ -5,13 +5,6 @@ on:
     branches: [ dev ]
     paths:
       - 'autogpt_platform/**'
-  workflow_dispatch:
-    inputs:
-      git_ref:
-        description: 'Git ref (branch/tag) of AutoGPT to deploy'
-        required: true
-        default: 'master'
-        type: string
 
 permissions:
   contents: 'read'
@@ -26,8 +19,6 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.inputs.git_ref || github.ref_name }}
 
       - name: Set up Python
         uses: actions/setup-python@v5
@@ -57,4 +48,4 @@ jobs:
           token: ${{ secrets.DEPLOY_TOKEN }}
           repository: Significant-Gravitas/AutoGPT_cloud_infrastructure
           event-type: build_deploy_dev
-          client-payload: '{"ref": "${{ github.event.inputs.git_ref || github.ref }}", "repository": "${{ github.repository }}"}'
+          client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "repository": "${{ github.repository }}"}'

.github/workflows/platform-backend-ci.yml

@@ -32,12 +32,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ["3.11", "3.12", "3.13"]
+        python-version: ["3.11"]
     runs-on: ubuntu-latest
 
     services:
       redis:
-        image: redis:latest
+        image: bitnami/redis:6.2
+        env:
+          REDIS_PASSWORD: testpassword
         ports:
           - 6379:6379
       rabbitmq:
@@ -134,7 +136,7 @@ jobs:
         run: poetry install
 
       - name: Generate Prisma Client
-        run: poetry run prisma generate && poetry run gen-prisma-stub
+        run: poetry run prisma generate
 
       - id: supabase
         name: Start Supabase
@@ -176,7 +178,7 @@ jobs:
           }
 
       - name: Run Database Migrations
-        run: poetry run prisma migrate deploy
+        run: poetry run prisma migrate dev --name updates
         env:
           DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
           DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
@@ -199,9 +201,10 @@ jobs:
           DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
           SUPABASE_URL: ${{ steps.supabase.outputs.API_URL }}
           SUPABASE_SERVICE_ROLE_KEY: ${{ steps.supabase.outputs.SERVICE_ROLE_KEY }}
-          JWT_VERIFY_KEY: ${{ steps.supabase.outputs.JWT_SECRET }}
+          SUPABASE_JWT_SECRET: ${{ steps.supabase.outputs.JWT_SECRET }}
           REDIS_HOST: "localhost"
           REDIS_PORT: "6379"
+          REDIS_PASSWORD: "testpassword"
           ENCRYPTION_KEY: "dvziYgz0KSK8FENhju0ZYi8-fRTfAdlz6YLhdB_jhNw=" # DO NOT USE IN PRODUCTION!!
 
     env:

.github/workflows/platform-frontend-ci.yml

@@ -11,11 +11,6 @@ on:
       - ".github/workflows/platform-frontend-ci.yml"
       - "autogpt_platform/frontend/**"
   merge_group:
-  workflow_dispatch:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name == 'merge_group' && format('merge-queue-{0}', github.ref) || format('{0}-{1}', github.ref, github.event.pull_request.number || github.sha) }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 defaults:
   run:
@@ -35,7 +30,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "22.18.0"
+          node-version: "21"
 
       - name: Enable corepack
         run: corepack enable
@@ -67,7 +62,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "22.18.0"
+          node-version: "21"
 
       - name: Enable corepack
         run: corepack enable
@@ -87,6 +82,37 @@ jobs:
       - name: Run lint
         run: pnpm lint
 
+  type-check:
+    runs-on: ubuntu-latest
+    needs: setup
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Restore dependencies cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ needs.setup.outputs.cache-key }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run tsc check
+        run: pnpm type-check
+
   chromatic:
     runs-on: ubuntu-latest
     needs: setup
@@ -102,7 +128,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "22.18.0"
+          node-version: "21"
 
       - name: Enable corepack
         run: corepack enable
@@ -143,22 +169,18 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "22.18.0"
+          node-version: "21"
 
       - name: Enable corepack
         run: corepack enable
 
       - name: Copy default supabase .env
         run: |
-          cp ../.env.default ../.env
+          cp ../.env.example ../.env
 
-      - name: Copy backend .env and set OpenAI API key
+      - name: Copy backend .env
         run: |
-          cp ../backend/.env.default ../backend/.env
-          echo "OPENAI_INTERNAL_API_KEY=${{ secrets.OPENAI_API_KEY }}" >> ../backend/.env
-        env:
-          # Used by E2E test data script to generate embeddings for approved store agents
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          cp ../backend/.env.example ../backend/.env
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -173,7 +195,7 @@ jobs:
 
       - name: Run docker compose
         run: |
-          NEXT_PUBLIC_PW_TEST=true docker compose -f ../docker-compose.yml up -d
+          docker compose -f ../docker-compose.yml up -d
         env:
           DOCKER_BUILDKIT: 1
           BUILDX_CACHE_FROM: type=local,src=/tmp/.buildx-cache
@@ -230,30 +252,27 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
+      - name: Setup .env
+        run: cp .env.example .env
+
+      - name: Build frontend
+        run: pnpm build --turbo
+        # uses Turbopack, much faster and safe enough for a test pipeline
+        env:
+          NEXT_PUBLIC_PW_TEST: true
+
       - name: Install Browser 'chromium'
         run: pnpm playwright install --with-deps chromium
 
       - name: Run Playwright tests
         run: pnpm test:no-build
-        continue-on-error: false
 
-      - name: Upload Playwright report
-        if: always()
+      - name: Upload Playwright artifacts
+        if: failure()
         uses: actions/upload-artifact@v4
         with:
           name: playwright-report
           path: playwright-report
-          if-no-files-found: ignore
-          retention-days: 3
-
-      - name: Upload Playwright test results
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: playwright-test-results
-          path: test-results
-          if-no-files-found: ignore
-          retention-days: 3
 
       - name: Print Final Docker Compose logs
         if: always()

.github/workflows/platform-fullstack-ci.yml

@@ -1,136 +0,0 @@
-name: AutoGPT Platform - Frontend CI
-
-on:
-  push:
-    branches: [master, dev]
-    paths:
-      - ".github/workflows/platform-fullstack-ci.yml"
-      - "autogpt_platform/**"
-  pull_request:
-    paths:
-      - ".github/workflows/platform-fullstack-ci.yml"
-      - "autogpt_platform/**"
-  merge_group:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name == 'merge_group' && format('merge-queue-{0}', github.ref) || github.head_ref && format('pr-{0}', github.event.pull_request.number) || github.sha }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
-defaults:
-  run:
-    shell: bash
-    working-directory: autogpt_platform/frontend
-
-jobs:
-  setup:
-    runs-on: ubuntu-latest
-    outputs:
-      cache-key: ${{ steps.cache-key.outputs.key }}
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "22.18.0"
-
-      - name: Enable corepack
-        run: corepack enable
-
-      - name: Generate cache key
-        id: cache-key
-        run: echo "key=${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}" >> $GITHUB_OUTPUT
-
-      - name: Cache dependencies
-        uses: actions/cache@v4
-        with:
-          path: ~/.pnpm-store
-          key: ${{ steps.cache-key.outputs.key }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
-            ${{ runner.os }}-pnpm-
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-  types:
-    runs-on: ubuntu-latest
-    needs: setup
-    strategy:
-      fail-fast: false
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          submodules: recursive
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "22.18.0"
-
-      - name: Enable corepack
-        run: corepack enable
-
-      - name: Copy default supabase .env
-        run: |
-          cp ../.env.default ../.env
-
-      - name: Copy backend .env
-        run: |
-          cp ../backend/.env.default ../backend/.env
-
-      - name: Run docker compose
-        run: |
-          docker compose -f ../docker-compose.yml --profile local --profile deps_backend up -d
-
-      - name: Restore dependencies cache
-        uses: actions/cache@v4
-        with:
-          path: ~/.pnpm-store
-          key: ${{ needs.setup.outputs.cache-key }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Setup .env
-        run: cp .env.default .env
-
-      - name: Wait for services to be ready
-        run: |
-          echo "Waiting for rest_server to be ready..."
-          timeout 60 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
-          echo "Waiting for database to be ready..."
-          timeout 60 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
-
-      - name: Generate API queries
-        run: pnpm generate:api:force
-
-      - name: Check for API schema changes
-        run: |
-          if ! git diff --exit-code src/app/api/openapi.json; then
-            echo "❌ API schema changes detected in src/app/api/openapi.json"
-            echo ""
-            echo "The openapi.json file has been modified after running 'pnpm generate:api-all'."
-            echo "This usually means changes have been made in the BE endpoints without updating the Frontend."
-            echo "The API schema is now out of sync with the Front-end queries."
-            echo ""
-            echo "To fix this:"
-            echo "1. Pull the backend 'docker compose pull && docker compose up -d --build --force-recreate'"
-            echo "2. Run 'pnpm generate:api' locally"
-            echo "3. Run 'pnpm types' locally"
-            echo "4. Fix any TypeScript errors that may have been introduced"
-            echo "5. Commit and push your changes"
-            echo ""
-            exit 1
-          else
-            echo "✅ No API schema changes detected"
-          fi
-
-      - name: Run Typescript checks
-        run: pnpm types

.github/workflows/repo-close-stale-issues.yml

@@ -11,7 +11,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v10
+      - uses: actions/stale@v9
         with:
           # operations-per-run: 5000
           stale-issue-message: >

.github/workflows/repo-pr-label.yml

@@ -61,6 +61,6 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@v6
+      - uses: actions/labeler@v5
         with:
           sync-labels: true

.gitignore

@@ -5,8 +5,6 @@ classic/original_autogpt/*.json
 auto_gpt_workspace/*
 *.mpeg
 .env
-# Root .env files
-/.env
 azure.yaml
 .vscode
 .idea/*
@@ -123,6 +121,7 @@ celerybeat.pid
 
 # Environments
 .direnv/
+.env
 .venv
 env/
 venv*/
@@ -178,4 +177,3 @@ autogpt_platform/backend/settings.py
 *.ign.*
 .test-contents
 .claude/settings.local.json
-/autogpt_platform/backend/logs

.pr_agent.toml

@@ -1,3 +1,6 @@
+[pr_reviewer]
+num_code_suggestions=0
+
 [pr_code_suggestions]
 commitable_code_suggestions=false
 num_code_suggestions=0

.pre-commit-config.yaml

@@ -235,7 +235,7 @@ repos:
     hooks:
       - id: tsc
         name: Typecheck - AutoGPT Platform - Frontend
-        entry: bash -c 'cd autogpt_platform/frontend && pnpm types'
+        entry: bash -c 'cd autogpt_platform/frontend && pnpm type-check'
         files: ^autogpt_platform/frontend/
         types: [file]
         language: system

README.md

@@ -3,16 +3,6 @@
 [![Discord Follow](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fdiscord.com%2Fapi%2Finvites%2Fautogpt%3Fwith_counts%3Dtrue&query=%24.approximate_member_count&label=total%20members&logo=discord&logoColor=white&color=7289da)](https://discord.gg/autogpt)  
 [![Twitter Follow](https://img.shields.io/twitter/follow/Auto_GPT?style=social)](https://twitter.com/Auto_GPT)  
 
-<!-- Keep these links. Translations will automatically update with the README. -->
-[Deutsch](https://zdoc.app/de/Significant-Gravitas/AutoGPT) | 
-[Español](https://zdoc.app/es/Significant-Gravitas/AutoGPT) | 
-[français](https://zdoc.app/fr/Significant-Gravitas/AutoGPT) | 
-[日本語](https://zdoc.app/ja/Significant-Gravitas/AutoGPT) | 
-[한국어](https://zdoc.app/ko/Significant-Gravitas/AutoGPT) | 
-[Português](https://zdoc.app/pt/Significant-Gravitas/AutoGPT) | 
-[Русский](https://zdoc.app/ru/Significant-Gravitas/AutoGPT) | 
-[中文](https://zdoc.app/zh/Significant-Gravitas/AutoGPT)
-
 **AutoGPT** is a powerful platform that allows you to create, deploy, and manage continuous AI agents that automate complex workflows. 
 
 ## Hosting Options 

autogpt_platform/CLAUDE.md

@@ -1,11 +1,9 @@
 # CLAUDE.md
 
 This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
-
 ## Repository Overview
 
 AutoGPT Platform is a monorepo containing:
-
 - **Backend** (`/backend`): Python FastAPI server with async support
 - **Frontend** (`/frontend`): Next.js React application
 - **Shared Libraries** (`/autogpt_libs`): Common Python utilities
@@ -13,7 +11,6 @@ AutoGPT Platform is a monorepo containing:
 ## Essential Commands
 
 ### Backend Development
-
 ```bash
 # Install dependencies
 cd backend && poetry install
@@ -44,7 +41,6 @@ poetry run pytest 'backend/blocks/test/test_block.py::test_available_blocks[GetC
 poetry run format  # Black + isort
 poetry run lint    # ruff
 ```
-
 More details can be found in TESTING.md
 
 #### Creating/Updating Snapshots
@@ -57,49 +53,31 @@ poetry run pytest path/to/test.py --snapshot-update
 
 ⚠️ **Important**: Always review snapshot changes before committing! Use `git diff` to verify the changes are expected.
 
-### Frontend Development
 
+### Frontend Development
 ```bash
 # Install dependencies
-cd frontend && pnpm i
-
-# Generate API client from OpenAPI spec
-pnpm generate:api
+cd frontend && npm install
 
 # Start development server
-pnpm dev
+npm run dev
 
 # Run E2E tests
-pnpm test
+npm run test
 
 # Run Storybook for component development
-pnpm storybook
+npm run storybook
 
 # Build production
-pnpm build
-
-# Format and lint
-pnpm format
+npm run build
 
 # Type checking
-pnpm types
+npm run type-check
 ```
 
-**📖 Complete Guide**: See `/frontend/CONTRIBUTING.md` and `/frontend/.cursorrules` for comprehensive frontend patterns.
-
-**Key Frontend Conventions:**
-
-- Separate render logic from data/behavior in components
-- Use generated API hooks from `@/app/api/__generated__/endpoints/`
-- Use function declarations (not arrow functions) for components/handlers
-- Use design system components from `src/components/` (atoms, molecules, organisms)
-- Only use Phosphor Icons
-- Never use `src/components/__legacy__/*` or deprecated `BackendAPI`
-
 ## Architecture Overview
 
 ### Backend Architecture
-
 - **API Layer**: FastAPI with REST and WebSocket endpoints
 - **Database**: PostgreSQL with Prisma ORM, includes pgvector for embeddings
 - **Queue System**: RabbitMQ for async task processing
@@ -108,20 +86,13 @@ pnpm types
 - **Security**: Cache protection middleware prevents sensitive data caching in browsers/proxies
 
 ### Frontend Architecture
-
-- **Framework**: Next.js 15 App Router (client-first approach)
-- **Data Fetching**: Type-safe generated API hooks via Orval + React Query
-- **State Management**: React Query for server state, co-located UI state in components/hooks
-- **Component Structure**: Separate render logic (`.tsx`) from business logic (`use*.ts` hooks)
+- **Framework**: Next.js App Router with React Server Components
+- **State Management**: React hooks + Supabase client for real-time updates
 - **Workflow Builder**: Visual graph editor using @xyflow/react
-- **UI Components**: shadcn/ui (Radix UI primitives) with Tailwind CSS styling
-- **Icons**: Phosphor Icons only
+- **UI Components**: Radix UI primitives with Tailwind CSS styling
 - **Feature Flags**: LaunchDarkly integration
-- **Error Handling**: ErrorCard for render errors, toast for mutations, Sentry for exceptions
-- **Testing**: Playwright for E2E, Storybook for component development
 
 ### Key Concepts
-
 1. **Agent Graphs**: Workflow definitions stored as JSON, executed by the backend
 2. **Blocks**: Reusable components in `/backend/blocks/` that perform specific tasks
 3. **Integrations**: OAuth and API connections stored per user
@@ -129,16 +100,13 @@ pnpm types
 5. **Virus Scanning**: ClamAV integration for file upload security
 
 ### Testing Approach
-
 - Backend uses pytest with snapshot testing for API responses
 - Test files are colocated with source files (`*_test.py`)
 - Frontend uses Playwright for E2E tests
 - Component testing via Storybook
 
 ### Database Schema
-
 Key models (defined in `/backend/schema.prisma`):
-
 - `User`: Authentication and profile data
 - `AgentGraph`: Workflow definitions with version control
 - `AgentGraphExecution`: Execution history and results
@@ -146,82 +114,38 @@ Key models (defined in `/backend/schema.prisma`):
 - `StoreListing`: Marketplace listings for sharing agents
 
 ### Environment Configuration
-
-#### Configuration Files
-
-- **Backend**: `/backend/.env.default` (defaults) → `/backend/.env` (user overrides)
-- **Frontend**: `/frontend/.env.default` (defaults) → `/frontend/.env` (user overrides)
-- **Platform**: `/.env.default` (Supabase/shared defaults) → `/.env` (user overrides)
-
-#### Docker Environment Loading Order
-
-1. `.env.default` files provide base configuration (tracked in git)
-2. `.env` files provide user-specific overrides (gitignored)
-3. Docker Compose `environment:` sections provide service-specific overrides
-4. Shell environment variables have highest precedence
-
-#### Key Points
-
-- All services use hardcoded defaults in docker-compose files (no `${VARIABLE}` substitutions)
-- The `env_file` directive loads variables INTO containers at runtime
-- Backend/Frontend services use YAML anchors for consistent configuration
-- Supabase services (`db/docker/docker-compose.yml`) follow the same pattern
+- Backend: `.env` file in `/backend`
+- Frontend: `.env.local` file in `/frontend`
+- Both require Supabase credentials and API keys for various services
 
 ### Common Development Tasks
 
 **Adding a new block:**
-
-Follow the comprehensive [Block SDK Guide](../../../docs/content/platform/block-sdk-guide.md) which covers:
-
-- Provider configuration with `ProviderBuilder`
-- Block schema definition
-- Authentication (API keys, OAuth, webhooks)
-- Testing and validation
-- File organization
-
-Quick steps:
-
 1. Create new file in `/backend/backend/blocks/`
-2. Configure provider using `ProviderBuilder` in `_config.py`
-3. Inherit from `Block` base class
-4. Define input/output schemas using `BlockSchema`
-5. Implement async `run` method
-6. Generate unique block ID using `uuid.uuid4()`
-7. Test with `poetry run pytest backend/blocks/test/test_block.py`
+2. Inherit from `Block` base class
+3. Define input/output schemas
+4. Implement `run` method
+5. Register in block registry
+6. Generate the block uuid using `uuid.uuid4()`
 
-Note: when making many new blocks analyze the interfaces for each of these blocks and picture if they would go well together in a graph based editor or would they struggle to connect productively?
+Note: when making many new blocks analyze the interfaces for each of these blcoks and picture if they would go well together in a graph based editor or would they struggle to connect productively?
 ex: do the inputs and outputs tie well together?
 
-If you get any pushback or hit complex block conditions check the new_blocks guide in the docs.
-
 **Modifying the API:**
-
 1. Update route in `/backend/backend/server/routers/`
 2. Add/update Pydantic models in same directory
 3. Write tests alongside the route file
 4. Run `poetry run test` to verify
 
 **Frontend feature development:**
-
-See `/frontend/CONTRIBUTING.md` for complete patterns. Quick reference:
-
-1. **Pages**: Create in `src/app/(platform)/feature-name/page.tsx`
-   - Add `usePageName.ts` hook for logic
-   - Put sub-components in local `components/` folder
-2. **Components**: Structure as `ComponentName/ComponentName.tsx` + `useComponentName.ts` + `helpers.ts`
-   - Use design system components from `src/components/` (atoms, molecules, organisms)
-   - Never use `src/components/__legacy__/*`
-3. **Data fetching**: Use generated API hooks from `@/app/api/__generated__/endpoints/`
-   - Regenerate with `pnpm generate:api`
-   - Pattern: `use{Method}{Version}{OperationName}`
-4. **Styling**: Tailwind CSS only, use design tokens, Phosphor Icons only
-5. **Testing**: Add Storybook stories for new components, Playwright for E2E
-6. **Code conventions**: Function declarations (not arrow functions) for components/handlers
+1. Components go in `/frontend/src/components/`
+2. Use existing UI components from `/frontend/src/components/ui/`
+3. Add Storybook stories for new components
+4. Test with Playwright if user-facing
 
 ### Security Implementation
 
 **Cache Protection Middleware:**
-
 - Located in `/backend/backend/server/middleware/security.py`
 - Default behavior: Disables caching for ALL endpoints with `Cache-Control: no-store, no-cache, must-revalidate, private`
 - Uses an allow list approach - only explicitly permitted paths can be cached
@@ -230,20 +154,14 @@ See `/frontend/CONTRIBUTING.md` for complete patterns. Quick reference:
 - To allow caching for a new endpoint, add it to `CACHEABLE_PATHS` in the middleware
 - Applied to both main API server and external API applications
 
-### Creating Pull Requests
 
+### Creating Pull Requests
 - Create the PR aginst the `dev` branch of the repository.
 - Ensure the branch name is descriptive (e.g., `feature/add-new-block`)/
 - Use conventional commit messages (see below)/
 - Fill out the .github/PULL_REQUEST_TEMPLATE.md template as the PR description/
 - Run the github pre-commit hooks to ensure code quality.
 
-### Reviewing/Revising Pull Requests
-
-- When the user runs /pr-comments or tries to fetch them, also run gh api /repos/Significant-Gravitas/AutoGPT/pulls/[issuenum]/reviews to get the reviews
-- Use gh api /repos/Significant-Gravitas/AutoGPT/pulls/[issuenum]/reviews/[review_id]/comments to get the review contents
-- Use gh api /repos/Significant-Gravitas/AutoGPT/issues/9924/comments to get the pr specific comments
-
 ### Conventional Commits
 
 Use this format for commit messages and Pull Request titles:

autogpt_platform/Makefile

@@ -1,64 +0,0 @@
-.PHONY: start-core stop-core logs-core format lint migrate run-backend run-frontend load-store-agents
-
-# Run just Supabase + Redis + RabbitMQ
-start-core:
-	docker compose up -d deps
-
-# Stop core services
-stop-core:
-	docker compose stop 
-
-reset-db:
-	docker compose stop db
-	rm -rf db/docker/volumes/db/data
-	cd backend && poetry run prisma migrate deploy
-	cd backend && poetry run prisma generate
-	cd backend && poetry run gen-prisma-stub
-	
-# View logs for core services
-logs-core:
-	docker compose logs -f deps
-
-# Run formatting and linting for backend and frontend
-format:
-	cd backend && poetry run format
-	cd frontend && pnpm format
-	cd frontend && pnpm lint
-
-init-env:
-	cp -n .env.default .env || true
-	cd backend && cp -n .env.default .env || true
-	cd frontend && cp -n .env.default .env || true
-
-
-# Run migrations for backend
-migrate:
-	cd backend && poetry run prisma migrate deploy
-	cd backend && poetry run prisma generate
-	cd backend && poetry run gen-prisma-stub
-
-run-backend:
-	cd backend && poetry run app
-
-run-frontend:
-	cd frontend && pnpm dev
-
-test-data:
-	cd backend && poetry run python test/test_data_creator.py
-
-load-store-agents:
-	cd backend && poetry run load-store-agents
-
-help:
-	@echo "Usage: make <target>"
-	@echo "Targets:"
-	@echo "  start-core - Start just the core services (Supabase, Redis, RabbitMQ) in background"
-	@echo "  stop-core - Stop the core services"
-	@echo "  reset-db - Reset the database by deleting the volume"
-	@echo "  logs-core - Tail the logs for core services"
-	@echo "  format - Format & lint backend (Python) and frontend (TypeScript) code"
-	@echo "  migrate - Run backend database migrations"
-	@echo "  run-backend - Run the backend FastAPI server"
-	@echo "  run-frontend - Run the frontend Next.js development server"
-	@echo "  test-data - Run the test data creator"
-	@echo "  load-store-agents - Load store agents from agents/ folder into test database"

autogpt_platform/README.md

@@ -8,6 +8,7 @@ Welcome to the AutoGPT Platform - a powerful system for creating and running AI
 
 - Docker
 - Docker Compose V2 (comes with Docker Desktop, or can be installed separately)
+- Node.js & NPM (for running the frontend application)
 
 ### Running the System
 
@@ -23,10 +24,10 @@ To run the AutoGPT Platform, follow these steps:
 2. Run the following command:
 
    ```
-   cp .env.default .env
+   cp .env.example .env
    ```
 
-   This command will copy the `.env.default` file to `.env`. You can modify the `.env` file to add your own environment variables.
+   This command will copy the `.env.example` file to `.env`. You can modify the `.env` file to add your own environment variables.
 
 3. Run the following command:
 
@@ -36,38 +37,44 @@ To run the AutoGPT Platform, follow these steps:
 
    This command will start all the necessary backend services defined in the `docker-compose.yml` file in detached mode.
 
-4. After all the services are in ready state, open your browser and navigate to `http://localhost:3000` to access the AutoGPT Platform frontend.
+4. Navigate to `frontend` within the `autogpt_platform` directory:
 
-### Running Just Core services
+   ```
+   cd frontend
+   ```
 
-You can now run the following to enable just the core services.
+   You will need to run your frontend application separately on your local machine.
 
-```
-# For help
-make help
+5. Run the following command:
 
-# Run just Supabase + Redis + RabbitMQ
-make start-core
+   ```
+   cp .env.example .env.local
+   ```
 
-# Stop core services
-make stop-core
+   This command will copy the `.env.example` file to `.env.local` in the `frontend` directory. You can modify the `.env.local` within this folder to add your own environment variables for the frontend application.
 
-# View logs from core services 
-make logs-core
+6. Run the following command:
 
-# Run formatting and linting for backend and frontend
-make format
+   Enable corepack and install dependencies by running:
 
-# Run migrations for backend database
-make migrate
+   ```
+   corepack enable
+   pnpm i
+   ```
 
-# Run backend server
-make run-backend
+   Generate the API client (this step is required before running the frontend):
 
-# Run frontend development server
-make run-frontend
+   ```
+   pnpm generate:api-client
+   ```
 
-```
+   Then start the frontend application in development mode:
+
+   ```
+   pnpm dev
+   ```
+
+7. Open your browser and navigate to `http://localhost:3000` to access the AutoGPT Platform frontend.
 
 ### Docker Compose Commands
 
@@ -170,21 +177,20 @@ The platform includes scripts for generating and managing the API client:
 
 - `pnpm fetch:openapi`: Fetches the OpenAPI specification from the backend service (requires backend to be running on port 8006)
 - `pnpm generate:api-client`: Generates the TypeScript API client from the OpenAPI specification using Orval
-- `pnpm generate:api`: Runs both fetch and generate commands in sequence
+- `pnpm generate:api-all`: Runs both fetch and generate commands in sequence
 
 #### Manual API Client Updates
 
 If you need to update the API client after making changes to the backend API:
 
 1. Ensure the backend services are running:
-
    ```
    docker compose up -d
    ```
 
 2. Generate the updated API client:
    ```
-   pnpm generate:api
+   pnpm generate:api-all
    ```
 
 This will fetch the latest OpenAPI specification and regenerate the TypeScript client code.

autogpt_platform/autogpt_libs/autogpt_libs/api_key/key_manager.py

@@ -0,0 +1,35 @@
+import hashlib
+import secrets
+from typing import NamedTuple
+
+
+class APIKeyContainer(NamedTuple):
+    """Container for API key parts."""
+
+    raw: str
+    prefix: str
+    postfix: str
+    hash: str
+
+
+class APIKeyManager:
+    PREFIX: str = "agpt_"
+    PREFIX_LENGTH: int = 8
+    POSTFIX_LENGTH: int = 8
+
+    def generate_api_key(self) -> APIKeyContainer:
+        """Generate a new API key with all its parts."""
+        raw_key = f"{self.PREFIX}{secrets.token_urlsafe(32)}"
+        return APIKeyContainer(
+            raw=raw_key,
+            prefix=raw_key[: self.PREFIX_LENGTH],
+            postfix=raw_key[-self.POSTFIX_LENGTH :],
+            hash=hashlib.sha256(raw_key.encode()).hexdigest(),
+        )
+
+    def verify_api_key(self, provided_key: str, stored_hash: str) -> bool:
+        """Verify if a provided API key matches the stored hash."""
+        if not provided_key.startswith(self.PREFIX):
+            return False
+        provided_hash = hashlib.sha256(provided_key.encode()).hexdigest()
+        return secrets.compare_digest(provided_hash, stored_hash)

autogpt_platform/autogpt_libs/autogpt_libs/api_key/keysmith.py

@@ -1,81 +0,0 @@
-import hashlib
-import secrets
-from typing import NamedTuple
-
-from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
-
-
-class APIKeyContainer(NamedTuple):
-    """Container for API key parts."""
-
-    key: str
-    head: str
-    tail: str
-    hash: str
-    salt: str
-
-
-class APIKeySmith:
-    PREFIX: str = "agpt_"
-    HEAD_LENGTH: int = 8
-    TAIL_LENGTH: int = 8
-
-    def generate_key(self) -> APIKeyContainer:
-        """Generate a new API key with secure hashing."""
-        raw_key = f"{self.PREFIX}{secrets.token_urlsafe(32)}"
-        hash, salt = self.hash_key(raw_key)
-
-        return APIKeyContainer(
-            key=raw_key,
-            head=raw_key[: self.HEAD_LENGTH],
-            tail=raw_key[-self.TAIL_LENGTH :],
-            hash=hash,
-            salt=salt,
-        )
-
-    def verify_key(
-        self, provided_key: str, known_hash: str, known_salt: str | None = None
-    ) -> bool:
-        """
-        Verify an API key against a known hash (+ salt).
-        Supports verifying both legacy SHA256 and secure Scrypt hashes.
-        """
-        if not provided_key.startswith(self.PREFIX):
-            return False
-
-        # Handle legacy SHA256 hashes (migration support)
-        if known_salt is None:
-            legacy_hash = hashlib.sha256(provided_key.encode()).hexdigest()
-            return secrets.compare_digest(legacy_hash, known_hash)
-
-        try:
-            salt_bytes = bytes.fromhex(known_salt)
-            provided_hash = self._hash_key_with_salt(provided_key, salt_bytes)
-            return secrets.compare_digest(provided_hash, known_hash)
-        except (ValueError, TypeError):
-            return False
-
-    def hash_key(self, raw_key: str) -> tuple[str, str]:
-        """Migrate a legacy hash to secure hash format."""
-        if not raw_key.startswith(self.PREFIX):
-            raise ValueError("Key without 'agpt_' prefix would fail validation")
-
-        salt = self._generate_salt()
-        hash = self._hash_key_with_salt(raw_key, salt)
-        return hash, salt.hex()
-
-    def _generate_salt(self) -> bytes:
-        """Generate a random salt for hashing."""
-        return secrets.token_bytes(32)
-
-    def _hash_key_with_salt(self, raw_key: str, salt: bytes) -> str:
-        """Hash API key using Scrypt with salt."""
-        kdf = Scrypt(
-            length=32,
-            salt=salt,
-            n=2**14,  # CPU/memory cost parameter
-            r=8,  # Block size parameter
-            p=1,  # Parallelization parameter
-        )
-        key_hash = kdf.derive(raw_key.encode())
-        return key_hash.hex()

autogpt_platform/autogpt_libs/autogpt_libs/api_key/test_keysmith.py

@@ -1,79 +0,0 @@
-import hashlib
-
-from autogpt_libs.api_key.keysmith import APIKeySmith
-
-
-def test_generate_api_key():
-    keysmith = APIKeySmith()
-    key = keysmith.generate_key()
-
-    assert key.key.startswith(keysmith.PREFIX)
-    assert key.head == key.key[: keysmith.HEAD_LENGTH]
-    assert key.tail == key.key[-keysmith.TAIL_LENGTH :]
-    assert len(key.hash) == 64  # 32 bytes hex encoded
-    assert len(key.salt) == 64  # 32 bytes hex encoded
-
-
-def test_verify_new_secure_key():
-    keysmith = APIKeySmith()
-    key = keysmith.generate_key()
-
-    # Test correct key validates
-    assert keysmith.verify_key(key.key, key.hash, key.salt) is True
-
-    # Test wrong key fails
-    wrong_key = f"{keysmith.PREFIX}wrongkey123"
-    assert keysmith.verify_key(wrong_key, key.hash, key.salt) is False
-
-
-def test_verify_legacy_key():
-    keysmith = APIKeySmith()
-    legacy_key = f"{keysmith.PREFIX}legacykey123"
-    legacy_hash = hashlib.sha256(legacy_key.encode()).hexdigest()
-
-    # Test legacy key validates without salt
-    assert keysmith.verify_key(legacy_key, legacy_hash) is True
-
-    # Test wrong legacy key fails
-    wrong_key = f"{keysmith.PREFIX}wronglegacy"
-    assert keysmith.verify_key(wrong_key, legacy_hash) is False
-
-
-def test_rehash_existing_key():
-    keysmith = APIKeySmith()
-    legacy_key = f"{keysmith.PREFIX}migratekey123"
-
-    # Migrate the legacy key
-    new_hash, new_salt = keysmith.hash_key(legacy_key)
-
-    # Verify migrated key works
-    assert keysmith.verify_key(legacy_key, new_hash, new_salt) is True
-
-    # Verify different key fails with migrated hash
-    wrong_key = f"{keysmith.PREFIX}wrongkey"
-    assert keysmith.verify_key(wrong_key, new_hash, new_salt) is False
-
-
-def test_invalid_key_prefix():
-    keysmith = APIKeySmith()
-    key = keysmith.generate_key()
-
-    # Test key without proper prefix fails
-    invalid_key = "invalid_prefix_key"
-    assert keysmith.verify_key(invalid_key, key.hash, key.salt) is False
-
-
-def test_secure_hash_requires_salt():
-    keysmith = APIKeySmith()
-    key = keysmith.generate_key()
-
-    # Secure hash without salt should fail
-    assert keysmith.verify_key(key.key, key.hash) is False
-
-
-def test_invalid_salt_format():
-    keysmith = APIKeySmith()
-    key = keysmith.generate_key()
-
-    # Invalid salt format should fail gracefully
-    assert keysmith.verify_key(key.key, key.hash, "invalid_hex") is False

autogpt_platform/autogpt_libs/autogpt_libs/auth/__init__.py

@@ -1,19 +1,13 @@
-from .config import verify_settings
-from .dependencies import (
-    get_optional_user_id,
-    get_user_id,
-    requires_admin_user,
-    requires_user,
-)
-from .helpers import add_auth_responses_to_openapi
+from .depends import requires_admin_user, requires_user
+from .jwt_utils import parse_jwt_token
+from .middleware import APIKeyValidator, auth_middleware
 from .models import User
 
 __all__ = [
-    "verify_settings",
-    "get_user_id",
-    "requires_admin_user",
+    "parse_jwt_token",
     "requires_user",
-    "get_optional_user_id",
-    "add_auth_responses_to_openapi",
+    "requires_admin_user",
+    "APIKeyValidator",
+    "auth_middleware",
     "User",
 ]

autogpt_platform/autogpt_libs/autogpt_libs/auth/config.py

@@ -1,90 +1,11 @@
-import logging
 import os
 
-from jwt.algorithms import get_default_algorithms, has_crypto
-
-logger = logging.getLogger(__name__)
-
-
-class AuthConfigError(ValueError):
-    """Raised when authentication configuration is invalid."""
-
-    pass
-
-
-ALGO_RECOMMENDATION = (
-    "We highly recommend using an asymmetric algorithm such as ES256, "
-    "because when leaked, a shared secret would allow anyone to "
-    "forge valid tokens and impersonate users. "
-    "More info: https://supabase.com/docs/guides/auth/signing-keys#choosing-the-right-signing-algorithm"  # noqa
-)
-
 
 class Settings:
     def __init__(self):
-        self.JWT_VERIFY_KEY: str = os.getenv(
-            "JWT_VERIFY_KEY", os.getenv("SUPABASE_JWT_SECRET", "")
-        ).strip()
-        self.JWT_ALGORITHM: str = os.getenv("JWT_SIGN_ALGORITHM", "HS256").strip()
-
-        self.validate()
-
-    def validate(self):
-        if not self.JWT_VERIFY_KEY:
-            raise AuthConfigError(
-                "JWT_VERIFY_KEY must be set. "
-                "An empty JWT secret would allow anyone to forge valid tokens."
-            )
-
-        if len(self.JWT_VERIFY_KEY) < 32:
-            logger.warning(
-                "⚠️ JWT_VERIFY_KEY appears weak (less than 32 characters). "
-                "Consider using a longer, cryptographically secure secret."
-            )
-
-        supported_algorithms = get_default_algorithms().keys()
-
-        if not has_crypto:
-            logger.warning(
-                "⚠️ Asymmetric JWT verification is not available "
-                "because the 'cryptography' package is not installed. "
-                + ALGO_RECOMMENDATION
-            )
-
-        if (
-            self.JWT_ALGORITHM not in supported_algorithms
-            or self.JWT_ALGORITHM == "none"
-        ):
-            raise AuthConfigError(
-                f"Invalid JWT_SIGN_ALGORITHM: '{self.JWT_ALGORITHM}'. "
-                "Supported algorithms are listed on "
-                "https://pyjwt.readthedocs.io/en/stable/algorithms.html"
-            )
-
-        if self.JWT_ALGORITHM.startswith("HS"):
-            logger.warning(
-                f"⚠️ JWT_SIGN_ALGORITHM is set to '{self.JWT_ALGORITHM}', "
-                "a symmetric shared-key signature algorithm. " + ALGO_RECOMMENDATION
-            )
+        self.JWT_SECRET_KEY: str = os.getenv("SUPABASE_JWT_SECRET", "")
+        self.ENABLE_AUTH: bool = os.getenv("ENABLE_AUTH", "false").lower() == "true"
+        self.JWT_ALGORITHM: str = "HS256"
 
 
-_settings: Settings = None  # type: ignore
-
-
-def get_settings() -> Settings:
-    global _settings
-
-    if not _settings:
-        _settings = Settings()
-
-    return _settings
-
-
-def verify_settings() -> None:
-    global _settings
-
-    if not _settings:
-        _settings = Settings()  # calls validation indirectly
-        return
-
-    _settings.validate()
+settings = Settings()

autogpt_platform/autogpt_libs/autogpt_libs/auth/config_test.py

@@ -1,306 +0,0 @@
-"""
-Comprehensive tests for auth configuration to ensure 100% line and branch coverage.
-These tests verify critical security checks preventing JWT token forgery.
-"""
-
-import logging
-import os
-
-import pytest
-from pytest_mock import MockerFixture
-
-from autogpt_libs.auth.config import AuthConfigError, Settings
-
-
-def test_environment_variable_precedence(mocker: MockerFixture):
-    """Test that environment variables take precedence over defaults."""
-    secret = "environment-secret-key-with-proper-length-123456"
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == secret
-
-
-def test_environment_variable_backwards_compatible(mocker: MockerFixture):
-    """Test that SUPABASE_JWT_SECRET is read if JWT_VERIFY_KEY is not set."""
-    secret = "environment-secret-key-with-proper-length-123456"
-    mocker.patch.dict(os.environ, {"SUPABASE_JWT_SECRET": secret}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == secret
-
-
-def test_auth_config_error_inheritance():
-    """Test that AuthConfigError is properly defined as an Exception."""
-    assert issubclass(AuthConfigError, Exception)
-    error = AuthConfigError("test message")
-    assert str(error) == "test message"
-
-
-def test_settings_static_after_creation(mocker: MockerFixture):
-    """Test that settings maintain their values after creation."""
-    secret = "immutable-secret-key-with-proper-length-12345"
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret}, clear=True)
-
-    settings = Settings()
-    original_secret = settings.JWT_VERIFY_KEY
-
-    # Changing environment after creation shouldn't affect settings
-    os.environ["JWT_VERIFY_KEY"] = "different-secret"
-
-    assert settings.JWT_VERIFY_KEY == original_secret
-
-
-def test_settings_load_with_valid_secret(mocker: MockerFixture):
-    """Test auth enabled with a valid JWT secret."""
-    valid_secret = "a" * 32  # 32 character secret
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": valid_secret}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == valid_secret
-
-
-def test_settings_load_with_strong_secret(mocker: MockerFixture):
-    """Test auth enabled with a cryptographically strong secret."""
-    strong_secret = "super-secret-jwt-token-with-at-least-32-characters-long"
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": strong_secret}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == strong_secret
-    assert len(settings.JWT_VERIFY_KEY) >= 32
-
-
-def test_secret_empty_raises_error(mocker: MockerFixture):
-    """Test that auth enabled with empty secret raises AuthConfigError."""
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": ""}, clear=True)
-
-    with pytest.raises(Exception) as exc_info:
-        Settings()
-    assert "JWT_VERIFY_KEY" in str(exc_info.value)
-
-
-def test_secret_missing_raises_error(mocker: MockerFixture):
-    """Test that auth enabled without secret env var raises AuthConfigError."""
-    mocker.patch.dict(os.environ, {}, clear=True)
-
-    with pytest.raises(Exception) as exc_info:
-        Settings()
-    assert "JWT_VERIFY_KEY" in str(exc_info.value)
-
-
-@pytest.mark.parametrize("secret", [" ", "  ", "\t", "\n", " \t\n "])
-def test_secret_only_whitespace_raises_error(mocker: MockerFixture, secret: str):
-    """Test that auth enabled with whitespace-only secret raises error."""
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret}, clear=True)
-
-    with pytest.raises(ValueError):
-        Settings()
-
-
-def test_secret_weak_logs_warning(
-    mocker: MockerFixture, caplog: pytest.LogCaptureFixture
-):
-    """Test that weak JWT secret triggers warning log."""
-    weak_secret = "short"  # Less than 32 characters
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": weak_secret}, clear=True)
-
-    with caplog.at_level(logging.WARNING):
-        settings = Settings()
-        assert settings.JWT_VERIFY_KEY == weak_secret
-        assert "key appears weak" in caplog.text.lower()
-        assert "less than 32 characters" in caplog.text
-
-
-def test_secret_31_char_logs_warning(
-    mocker: MockerFixture, caplog: pytest.LogCaptureFixture
-):
-    """Test that 31-character secret triggers warning (boundary test)."""
-    secret_31 = "a" * 31  # Exactly 31 characters
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret_31}, clear=True)
-
-    with caplog.at_level(logging.WARNING):
-        settings = Settings()
-        assert len(settings.JWT_VERIFY_KEY) == 31
-        assert "key appears weak" in caplog.text.lower()
-
-
-def test_secret_32_char_no_warning(
-    mocker: MockerFixture, caplog: pytest.LogCaptureFixture
-):
-    """Test that 32-character secret does not trigger warning (boundary test)."""
-    secret_32 = "a" * 32  # Exactly 32 characters
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret_32}, clear=True)
-
-    with caplog.at_level(logging.WARNING):
-        settings = Settings()
-        assert len(settings.JWT_VERIFY_KEY) == 32
-        assert "JWT secret appears weak" not in caplog.text
-
-
-def test_secret_whitespace_stripped(mocker: MockerFixture):
-    """Test that JWT secret whitespace is stripped."""
-    secret = "a" * 32
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": f"  {secret}  "}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == secret
-
-
-def test_secret_with_special_characters(mocker: MockerFixture):
-    """Test JWT secret with special characters."""
-    special_secret = "!@#$%^&*()_+-=[]{}|;:,.<>?`~" + "a" * 10  # 40 chars total
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": special_secret}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == special_secret
-
-
-def test_secret_with_unicode(mocker: MockerFixture):
-    """Test JWT secret with unicode characters."""
-    unicode_secret = "秘密🔐キー" + "a" * 25  # Ensure >32 bytes
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": unicode_secret}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == unicode_secret
-
-
-def test_secret_very_long(mocker: MockerFixture):
-    """Test JWT secret with excessive length."""
-    long_secret = "a" * 1000  # 1000 character secret
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": long_secret}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == long_secret
-    assert len(settings.JWT_VERIFY_KEY) == 1000
-
-
-def test_secret_with_newline(mocker: MockerFixture):
-    """Test JWT secret containing newlines."""
-    multiline_secret = "secret\nwith\nnewlines" + "a" * 20
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": multiline_secret}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == multiline_secret
-
-
-def test_secret_base64_encoded(mocker: MockerFixture):
-    """Test JWT secret that looks like base64."""
-    base64_secret = "dGhpc19pc19hX3NlY3JldF9rZXlfd2l0aF9wcm9wZXJfbGVuZ3Ro"
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": base64_secret}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == base64_secret
-
-
-def test_secret_numeric_only(mocker: MockerFixture):
-    """Test JWT secret with only numbers."""
-    numeric_secret = "1234567890" * 4  # 40 character numeric secret
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": numeric_secret}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_VERIFY_KEY == numeric_secret
-
-
-def test_algorithm_default_hs256(mocker: MockerFixture):
-    """Test that JWT algorithm defaults to HS256."""
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": "a" * 32}, clear=True)
-
-    settings = Settings()
-    assert settings.JWT_ALGORITHM == "HS256"
-
-
-def test_algorithm_whitespace_stripped(mocker: MockerFixture):
-    """Test that JWT algorithm whitespace is stripped."""
-    secret = "a" * 32
-    mocker.patch.dict(
-        os.environ,
-        {"JWT_VERIFY_KEY": secret, "JWT_SIGN_ALGORITHM": "  HS256  "},
-        clear=True,
-    )
-
-    settings = Settings()
-    assert settings.JWT_ALGORITHM == "HS256"
-
-
-def test_no_crypto_warning(mocker: MockerFixture, caplog: pytest.LogCaptureFixture):
-    """Test warning when crypto package is not available."""
-    secret = "a" * 32
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret}, clear=True)
-
-    # Mock has_crypto to return False
-    mocker.patch("autogpt_libs.auth.config.has_crypto", False)
-
-    with caplog.at_level(logging.WARNING):
-        Settings()
-        assert "Asymmetric JWT verification is not available" in caplog.text
-        assert "cryptography" in caplog.text
-
-
-def test_algorithm_invalid_raises_error(mocker: MockerFixture):
-    """Test that invalid JWT algorithm raises AuthConfigError."""
-    secret = "a" * 32
-    mocker.patch.dict(
-        os.environ,
-        {"JWT_VERIFY_KEY": secret, "JWT_SIGN_ALGORITHM": "INVALID_ALG"},
-        clear=True,
-    )
-
-    with pytest.raises(AuthConfigError) as exc_info:
-        Settings()
-    assert "Invalid JWT_SIGN_ALGORITHM" in str(exc_info.value)
-    assert "INVALID_ALG" in str(exc_info.value)
-
-
-def test_algorithm_none_raises_error(mocker: MockerFixture):
-    """Test that 'none' algorithm raises AuthConfigError."""
-    secret = "a" * 32
-    mocker.patch.dict(
-        os.environ,
-        {"JWT_VERIFY_KEY": secret, "JWT_SIGN_ALGORITHM": "none"},
-        clear=True,
-    )
-
-    with pytest.raises(AuthConfigError) as exc_info:
-        Settings()
-    assert "Invalid JWT_SIGN_ALGORITHM" in str(exc_info.value)
-
-
-@pytest.mark.parametrize("algorithm", ["HS256", "HS384", "HS512"])
-def test_algorithm_symmetric_warning(
-    mocker: MockerFixture, caplog: pytest.LogCaptureFixture, algorithm: str
-):
-    """Test warning for symmetric algorithms (HS256, HS384, HS512)."""
-    secret = "a" * 32
-    mocker.patch.dict(
-        os.environ,
-        {"JWT_VERIFY_KEY": secret, "JWT_SIGN_ALGORITHM": algorithm},
-        clear=True,
-    )
-
-    with caplog.at_level(logging.WARNING):
-        settings = Settings()
-        assert algorithm in caplog.text
-        assert "symmetric shared-key signature algorithm" in caplog.text
-        assert settings.JWT_ALGORITHM == algorithm
-
-
-@pytest.mark.parametrize(
-    "algorithm",
-    ["ES256", "ES384", "ES512", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512"],
-)
-def test_algorithm_asymmetric_no_warning(
-    mocker: MockerFixture, caplog: pytest.LogCaptureFixture, algorithm: str
-):
-    """Test that asymmetric algorithms do not trigger warning."""
-    secret = "a" * 32
-    mocker.patch.dict(
-        os.environ,
-        {"JWT_VERIFY_KEY": secret, "JWT_SIGN_ALGORITHM": algorithm},
-        clear=True,
-    )
-
-    with caplog.at_level(logging.WARNING):
-        settings = Settings()
-        # Should not contain the symmetric algorithm warning
-        assert "symmetric shared-key signature algorithm" not in caplog.text
-        assert settings.JWT_ALGORITHM == algorithm

autogpt_platform/autogpt_libs/autogpt_libs/auth/dependencies.py

@@ -1,117 +0,0 @@
-"""
-FastAPI dependency functions for JWT-based authentication and authorization.
-
-These are the high-level dependency functions used in route definitions.
-"""
-
-import logging
-
-import fastapi
-from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
-
-from .jwt_utils import get_jwt_payload, verify_user
-from .models import User
-
-optional_bearer = HTTPBearer(auto_error=False)
-
-# Header name for admin impersonation
-IMPERSONATION_HEADER_NAME = "X-Act-As-User-Id"
-
-logger = logging.getLogger(__name__)
-
-
-def get_optional_user_id(
-    credentials: HTTPAuthorizationCredentials | None = fastapi.Security(
-        optional_bearer
-    ),
-) -> str | None:
-    """
-    Attempts to extract the user ID ("sub" claim) from a Bearer JWT if provided.
-
-    This dependency allows for both authenticated and anonymous access. If a valid bearer token is
-    supplied, it parses the JWT and extracts the user ID. If the token is missing or invalid, it returns None,
-    treating the request as anonymous.
-
-    Args:
-        credentials: Optional HTTPAuthorizationCredentials object from FastAPI Security dependency.
-
-    Returns:
-        The user ID (str) extracted from the JWT "sub" claim, or None if no valid token is present.
-    """
-    if not credentials:
-        return None
-
-    try:
-        # Parse JWT token to get user ID
-        from autogpt_libs.auth.jwt_utils import parse_jwt_token
-
-        payload = parse_jwt_token(credentials.credentials)
-        return payload.get("sub")
-    except Exception as e:
-        logger.debug(f"Auth token validation failed (anonymous access): {e}")
-        return None
-
-
-async def requires_user(jwt_payload: dict = fastapi.Security(get_jwt_payload)) -> User:
-    """
-    FastAPI dependency that requires a valid authenticated user.
-
-    Raises:
-        HTTPException: 401 for authentication failures
-    """
-    return verify_user(jwt_payload, admin_only=False)
-
-
-async def requires_admin_user(
-    jwt_payload: dict = fastapi.Security(get_jwt_payload),
-) -> User:
-    """
-    FastAPI dependency that requires a valid admin user.
-
-    Raises:
-        HTTPException: 401 for authentication failures, 403 for insufficient permissions
-    """
-    return verify_user(jwt_payload, admin_only=True)
-
-
-async def get_user_id(
-    request: fastapi.Request, jwt_payload: dict = fastapi.Security(get_jwt_payload)
-) -> str:
-    """
-    FastAPI dependency that returns the ID of the authenticated user.
-
-    Supports admin impersonation via X-Act-As-User-Id header:
-    - If the header is present and user is admin, returns the impersonated user ID
-    - Otherwise returns the authenticated user's own ID
-    - Logs all impersonation actions for audit trail
-
-    Raises:
-        HTTPException: 401 for authentication failures or missing user ID
-        HTTPException: 403 if non-admin tries to use impersonation
-    """
-    # Get the authenticated user's ID from JWT
-    user_id = jwt_payload.get("sub")
-    if not user_id:
-        raise fastapi.HTTPException(
-            status_code=401, detail="User ID not found in token"
-        )
-
-    # Check for admin impersonation header
-    impersonate_header = request.headers.get(IMPERSONATION_HEADER_NAME, "").strip()
-    if impersonate_header:
-        # Verify the authenticated user is an admin
-        authenticated_user = verify_user(jwt_payload, admin_only=False)
-        if authenticated_user.role != "admin":
-            raise fastapi.HTTPException(
-                status_code=403, detail="Only admin users can impersonate other users"
-            )
-
-        # Log the impersonation for audit trail
-        logger.info(
-            f"Admin impersonation: {authenticated_user.user_id} ({authenticated_user.email}) "
-            f"acting as user {impersonate_header} for requesting {request.method} {request.url}"
-        )
-
-        return impersonate_header
-
-    return user_id

autogpt_platform/autogpt_libs/autogpt_libs/auth/dependencies_test.py

@@ -1,554 +0,0 @@
-"""
-Comprehensive integration tests for authentication dependencies.
-Tests the full authentication flow from HTTP requests to user validation.
-"""
-
-import os
-from unittest.mock import Mock
-
-import pytest
-from fastapi import FastAPI, HTTPException, Request, Security
-from fastapi.testclient import TestClient
-from pytest_mock import MockerFixture
-
-from autogpt_libs.auth.dependencies import (
-    get_user_id,
-    requires_admin_user,
-    requires_user,
-)
-from autogpt_libs.auth.models import User
-
-
-class TestAuthDependencies:
-    """Test suite for authentication dependency functions."""
-
-    @pytest.fixture
-    def app(self):
-        """Create a test FastAPI application."""
-        app = FastAPI()
-
-        @app.get("/user")
-        def get_user_endpoint(user: User = Security(requires_user)):
-            return {"user_id": user.user_id, "role": user.role}
-
-        @app.get("/admin")
-        def get_admin_endpoint(user: User = Security(requires_admin_user)):
-            return {"user_id": user.user_id, "role": user.role}
-
-        @app.get("/user-id")
-        def get_user_id_endpoint(user_id: str = Security(get_user_id)):
-            return {"user_id": user_id}
-
-        return app
-
-    @pytest.fixture
-    def client(self, app):
-        """Create a test client."""
-        return TestClient(app)
-
-    @pytest.mark.asyncio
-    async def test_requires_user_with_valid_jwt_payload(self, mocker: MockerFixture):
-        """Test requires_user with valid JWT payload."""
-        jwt_payload = {"sub": "user-123", "role": "user", "email": "user@example.com"}
-
-        # Mock get_jwt_payload to return our test payload
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-        user = await requires_user(jwt_payload)
-        assert isinstance(user, User)
-        assert user.user_id == "user-123"
-        assert user.role == "user"
-
-    @pytest.mark.asyncio
-    async def test_requires_user_with_admin_jwt_payload(self, mocker: MockerFixture):
-        """Test requires_user accepts admin users."""
-        jwt_payload = {
-            "sub": "admin-456",
-            "role": "admin",
-            "email": "admin@example.com",
-        }
-
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-        user = await requires_user(jwt_payload)
-        assert user.user_id == "admin-456"
-        assert user.role == "admin"
-
-    @pytest.mark.asyncio
-    async def test_requires_user_missing_sub(self):
-        """Test requires_user with missing user ID."""
-        jwt_payload = {"role": "user", "email": "user@example.com"}
-
-        with pytest.raises(HTTPException) as exc_info:
-            await requires_user(jwt_payload)
-        assert exc_info.value.status_code == 401
-        assert "User ID not found" in exc_info.value.detail
-
-    @pytest.mark.asyncio
-    async def test_requires_user_empty_sub(self):
-        """Test requires_user with empty user ID."""
-        jwt_payload = {"sub": "", "role": "user"}
-
-        with pytest.raises(HTTPException) as exc_info:
-            await requires_user(jwt_payload)
-        assert exc_info.value.status_code == 401
-
-    @pytest.mark.asyncio
-    async def test_requires_admin_user_with_admin(self, mocker: MockerFixture):
-        """Test requires_admin_user with admin role."""
-        jwt_payload = {
-            "sub": "admin-789",
-            "role": "admin",
-            "email": "admin@example.com",
-        }
-
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-        user = await requires_admin_user(jwt_payload)
-        assert user.user_id == "admin-789"
-        assert user.role == "admin"
-
-    @pytest.mark.asyncio
-    async def test_requires_admin_user_with_regular_user(self):
-        """Test requires_admin_user rejects regular users."""
-        jwt_payload = {"sub": "user-123", "role": "user", "email": "user@example.com"}
-
-        with pytest.raises(HTTPException) as exc_info:
-            await requires_admin_user(jwt_payload)
-        assert exc_info.value.status_code == 403
-        assert "Admin access required" in exc_info.value.detail
-
-    @pytest.mark.asyncio
-    async def test_requires_admin_user_missing_role(self):
-        """Test requires_admin_user with missing role."""
-        jwt_payload = {"sub": "user-123", "email": "user@example.com"}
-
-        with pytest.raises(KeyError):
-            await requires_admin_user(jwt_payload)
-
-    @pytest.mark.asyncio
-    async def test_get_user_id_with_valid_payload(self, mocker: MockerFixture):
-        """Test get_user_id extracts user ID correctly."""
-        request = Mock(spec=Request)
-        request.headers = {}
-        jwt_payload = {"sub": "user-id-xyz", "role": "user"}
-
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-        user_id = await get_user_id(request, jwt_payload)
-        assert user_id == "user-id-xyz"
-
-    @pytest.mark.asyncio
-    async def test_get_user_id_missing_sub(self):
-        """Test get_user_id with missing user ID."""
-        request = Mock(spec=Request)
-        request.headers = {}
-        jwt_payload = {"role": "user"}
-
-        with pytest.raises(HTTPException) as exc_info:
-            await get_user_id(request, jwt_payload)
-        assert exc_info.value.status_code == 401
-        assert "User ID not found" in exc_info.value.detail
-
-    @pytest.mark.asyncio
-    async def test_get_user_id_none_sub(self):
-        """Test get_user_id with None user ID."""
-        request = Mock(spec=Request)
-        request.headers = {}
-        jwt_payload = {"sub": None, "role": "user"}
-
-        with pytest.raises(HTTPException) as exc_info:
-            await get_user_id(request, jwt_payload)
-        assert exc_info.value.status_code == 401
-
-
-class TestAuthDependenciesIntegration:
-    """Integration tests for auth dependencies with FastAPI."""
-
-    acceptable_jwt_secret = "test-secret-with-proper-length-123456"
-
-    @pytest.fixture
-    def create_token(self, mocker: MockerFixture):
-        """Helper to create JWT tokens."""
-        import jwt
-
-        mocker.patch.dict(
-            os.environ,
-            {"JWT_VERIFY_KEY": self.acceptable_jwt_secret},
-            clear=True,
-        )
-
-        def _create_token(payload, secret=self.acceptable_jwt_secret):
-            return jwt.encode(payload, secret, algorithm="HS256")
-
-        return _create_token
-
-    @pytest.mark.asyncio
-    async def test_endpoint_auth_enabled_no_token(self):
-        """Test endpoints require token when auth is enabled."""
-        app = FastAPI()
-
-        @app.get("/test")
-        def test_endpoint(user: User = Security(requires_user)):
-            return {"user_id": user.user_id}
-
-        client = TestClient(app)
-
-        # Should fail without auth header
-        response = client.get("/test")
-        assert response.status_code == 401
-
-    @pytest.mark.asyncio
-    async def test_endpoint_with_valid_token(self, create_token):
-        """Test endpoint with valid JWT token."""
-        app = FastAPI()
-
-        @app.get("/test")
-        def test_endpoint(user: User = Security(requires_user)):
-            return {"user_id": user.user_id, "role": user.role}
-
-        client = TestClient(app)
-
-        token = create_token(
-            {"sub": "test-user", "role": "user", "aud": "authenticated"},
-            secret=self.acceptable_jwt_secret,
-        )
-
-        response = client.get("/test", headers={"Authorization": f"Bearer {token}"})
-        assert response.status_code == 200
-        assert response.json()["user_id"] == "test-user"
-
-    @pytest.mark.asyncio
-    async def test_admin_endpoint_requires_admin_role(self, create_token):
-        """Test admin endpoint rejects non-admin users."""
-        app = FastAPI()
-
-        @app.get("/admin")
-        def admin_endpoint(user: User = Security(requires_admin_user)):
-            return {"user_id": user.user_id}
-
-        client = TestClient(app)
-
-        # Regular user token
-        user_token = create_token(
-            {"sub": "regular-user", "role": "user", "aud": "authenticated"},
-            secret=self.acceptable_jwt_secret,
-        )
-
-        response = client.get(
-            "/admin", headers={"Authorization": f"Bearer {user_token}"}
-        )
-        assert response.status_code == 403
-
-        # Admin token
-        admin_token = create_token(
-            {"sub": "admin-user", "role": "admin", "aud": "authenticated"},
-            secret=self.acceptable_jwt_secret,
-        )
-
-        response = client.get(
-            "/admin", headers={"Authorization": f"Bearer {admin_token}"}
-        )
-        assert response.status_code == 200
-        assert response.json()["user_id"] == "admin-user"
-
-
-class TestAuthDependenciesEdgeCases:
-    """Edge case tests for authentication dependencies."""
-
-    @pytest.mark.asyncio
-    async def test_dependency_with_complex_payload(self):
-        """Test dependencies handle complex JWT payloads."""
-        complex_payload = {
-            "sub": "user-123",
-            "role": "admin",
-            "email": "test@example.com",
-            "app_metadata": {"provider": "email", "providers": ["email"]},
-            "user_metadata": {
-                "full_name": "Test User",
-                "avatar_url": "https://example.com/avatar.jpg",
-            },
-            "aud": "authenticated",
-            "iat": 1234567890,
-            "exp": 9999999999,
-        }
-
-        user = await requires_user(complex_payload)
-        assert user.user_id == "user-123"
-        assert user.email == "test@example.com"
-
-        admin = await requires_admin_user(complex_payload)
-        assert admin.role == "admin"
-
-    @pytest.mark.asyncio
-    async def test_dependency_with_unicode_in_payload(self):
-        """Test dependencies handle unicode in JWT payloads."""
-        unicode_payload = {
-            "sub": "user-😀-123",
-            "role": "user",
-            "email": "测试@example.com",
-            "name": "日本語",
-        }
-
-        user = await requires_user(unicode_payload)
-        assert "😀" in user.user_id
-        assert user.email == "测试@example.com"
-
-    @pytest.mark.asyncio
-    async def test_dependency_with_null_values(self):
-        """Test dependencies handle null values in payload."""
-        null_payload = {
-            "sub": "user-123",
-            "role": "user",
-            "email": None,
-            "phone": None,
-            "metadata": None,
-        }
-
-        user = await requires_user(null_payload)
-        assert user.user_id == "user-123"
-        assert user.email is None
-
-    @pytest.mark.asyncio
-    async def test_concurrent_requests_isolation(self):
-        """Test that concurrent requests don't interfere with each other."""
-        payload1 = {"sub": "user-1", "role": "user"}
-        payload2 = {"sub": "user-2", "role": "admin"}
-
-        # Simulate concurrent processing
-        user1 = await requires_user(payload1)
-        user2 = await requires_admin_user(payload2)
-
-        assert user1.user_id == "user-1"
-        assert user2.user_id == "user-2"
-        assert user1.role == "user"
-        assert user2.role == "admin"
-
-    @pytest.mark.parametrize(
-        "payload,expected_error,admin_only",
-        [
-            (None, "Authorization header is missing", False),
-            ({}, "User ID not found", False),
-            ({"sub": ""}, "User ID not found", False),
-            ({"role": "user"}, "User ID not found", False),
-            ({"sub": "user", "role": "user"}, "Admin access required", True),
-        ],
-    )
-    @pytest.mark.asyncio
-    async def test_dependency_error_cases(
-        self, payload, expected_error: str, admin_only: bool
-    ):
-        """Test that errors propagate correctly through dependencies."""
-        # Import verify_user to test it directly since dependencies use FastAPI Security
-        from autogpt_libs.auth.jwt_utils import verify_user
-
-        with pytest.raises(HTTPException) as exc_info:
-            verify_user(payload, admin_only=admin_only)
-        assert expected_error in exc_info.value.detail
-
-    @pytest.mark.asyncio
-    async def test_dependency_valid_user(self):
-        """Test valid user case for dependency."""
-        # Import verify_user to test it directly since dependencies use FastAPI Security
-        from autogpt_libs.auth.jwt_utils import verify_user
-
-        # Valid case
-        user = verify_user({"sub": "user", "role": "user"}, admin_only=False)
-        assert user.user_id == "user"
-
-
-class TestAdminImpersonation:
-    """Test suite for admin user impersonation functionality."""
-
-    @pytest.mark.asyncio
-    async def test_admin_impersonation_success(self, mocker: MockerFixture):
-        """Test admin successfully impersonating another user."""
-        request = Mock(spec=Request)
-        request.headers = {"X-Act-As-User-Id": "target-user-123"}
-        jwt_payload = {
-            "sub": "admin-456",
-            "role": "admin",
-            "email": "admin@example.com",
-        }
-
-        # Mock verify_user to return admin user data
-        mock_verify_user = mocker.patch("autogpt_libs.auth.dependencies.verify_user")
-        mock_verify_user.return_value = Mock(
-            user_id="admin-456", email="admin@example.com", role="admin"
-        )
-
-        # Mock logger to verify audit logging
-        mock_logger = mocker.patch("autogpt_libs.auth.dependencies.logger")
-
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-
-        user_id = await get_user_id(request, jwt_payload)
-
-        # Should return the impersonated user ID
-        assert user_id == "target-user-123"
-
-        # Should log the impersonation attempt
-        mock_logger.info.assert_called_once()
-        log_call = mock_logger.info.call_args[0][0]
-        assert "Admin impersonation:" in log_call
-        assert "admin@example.com" in log_call
-        assert "target-user-123" in log_call
-
-    @pytest.mark.asyncio
-    async def test_non_admin_impersonation_attempt(self, mocker: MockerFixture):
-        """Test non-admin user attempting impersonation returns 403."""
-        request = Mock(spec=Request)
-        request.headers = {"X-Act-As-User-Id": "target-user-123"}
-        jwt_payload = {
-            "sub": "regular-user",
-            "role": "user",
-            "email": "user@example.com",
-        }
-
-        # Mock verify_user to return regular user data
-        mock_verify_user = mocker.patch("autogpt_libs.auth.dependencies.verify_user")
-        mock_verify_user.return_value = Mock(
-            user_id="regular-user", email="user@example.com", role="user"
-        )
-
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-
-        with pytest.raises(HTTPException) as exc_info:
-            await get_user_id(request, jwt_payload)
-
-        assert exc_info.value.status_code == 403
-        assert "Only admin users can impersonate other users" in exc_info.value.detail
-
-    @pytest.mark.asyncio
-    async def test_impersonation_empty_header(self, mocker: MockerFixture):
-        """Test impersonation with empty header falls back to regular user ID."""
-        request = Mock(spec=Request)
-        request.headers = {"X-Act-As-User-Id": ""}
-        jwt_payload = {
-            "sub": "admin-456",
-            "role": "admin",
-            "email": "admin@example.com",
-        }
-
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-
-        user_id = await get_user_id(request, jwt_payload)
-
-        # Should fall back to the admin's own user ID
-        assert user_id == "admin-456"
-
-    @pytest.mark.asyncio
-    async def test_impersonation_missing_header(self, mocker: MockerFixture):
-        """Test normal behavior when impersonation header is missing."""
-        request = Mock(spec=Request)
-        request.headers = {}  # No impersonation header
-        jwt_payload = {
-            "sub": "admin-456",
-            "role": "admin",
-            "email": "admin@example.com",
-        }
-
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-
-        user_id = await get_user_id(request, jwt_payload)
-
-        # Should return the admin's own user ID
-        assert user_id == "admin-456"
-
-    @pytest.mark.asyncio
-    async def test_impersonation_audit_logging_details(self, mocker: MockerFixture):
-        """Test that impersonation audit logging includes all required details."""
-        request = Mock(spec=Request)
-        request.headers = {"X-Act-As-User-Id": "victim-user-789"}
-        jwt_payload = {
-            "sub": "admin-999",
-            "role": "admin",
-            "email": "superadmin@company.com",
-        }
-
-        # Mock verify_user to return admin user data
-        mock_verify_user = mocker.patch("autogpt_libs.auth.dependencies.verify_user")
-        mock_verify_user.return_value = Mock(
-            user_id="admin-999", email="superadmin@company.com", role="admin"
-        )
-
-        # Mock logger to capture audit trail
-        mock_logger = mocker.patch("autogpt_libs.auth.dependencies.logger")
-
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-
-        user_id = await get_user_id(request, jwt_payload)
-
-        # Verify all audit details are logged
-        assert user_id == "victim-user-789"
-        mock_logger.info.assert_called_once()
-
-        log_message = mock_logger.info.call_args[0][0]
-        assert "Admin impersonation:" in log_message
-        assert "superadmin@company.com" in log_message
-        assert "victim-user-789" in log_message
-
-    @pytest.mark.asyncio
-    async def test_impersonation_header_case_sensitivity(self, mocker: MockerFixture):
-        """Test that impersonation header is case-sensitive."""
-        request = Mock(spec=Request)
-        # Use wrong case - should not trigger impersonation
-        request.headers = {"x-act-as-user-id": "target-user-123"}
-        jwt_payload = {
-            "sub": "admin-456",
-            "role": "admin",
-            "email": "admin@example.com",
-        }
-
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-
-        user_id = await get_user_id(request, jwt_payload)
-
-        # Should fall back to admin's own ID (header case mismatch)
-        assert user_id == "admin-456"
-
-    @pytest.mark.asyncio
-    async def test_impersonation_with_whitespace_header(self, mocker: MockerFixture):
-        """Test impersonation with whitespace in header value."""
-        request = Mock(spec=Request)
-        request.headers = {"X-Act-As-User-Id": "  target-user-123  "}
-        jwt_payload = {
-            "sub": "admin-456",
-            "role": "admin",
-            "email": "admin@example.com",
-        }
-
-        # Mock verify_user to return admin user data
-        mock_verify_user = mocker.patch("autogpt_libs.auth.dependencies.verify_user")
-        mock_verify_user.return_value = Mock(
-            user_id="admin-456", email="admin@example.com", role="admin"
-        )
-
-        # Mock logger
-        mock_logger = mocker.patch("autogpt_libs.auth.dependencies.logger")
-
-        mocker.patch(
-            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
-        )
-
-        user_id = await get_user_id(request, jwt_payload)
-
-        # Should strip whitespace and impersonate successfully
-        assert user_id == "target-user-123"
-        mock_logger.info.assert_called_once()

autogpt_platform/autogpt_libs/autogpt_libs/auth/depends.py

@@ -0,0 +1,46 @@
+import fastapi
+
+from .config import settings
+from .middleware import auth_middleware
+from .models import DEFAULT_USER_ID, User
+
+
+def requires_user(payload: dict = fastapi.Depends(auth_middleware)) -> User:
+    return verify_user(payload, admin_only=False)
+
+
+def requires_admin_user(
+    payload: dict = fastapi.Depends(auth_middleware),
+) -> User:
+    return verify_user(payload, admin_only=True)
+
+
+def verify_user(payload: dict | None, admin_only: bool) -> User:
+    if not payload:
+        if settings.ENABLE_AUTH:
+            raise fastapi.HTTPException(
+                status_code=401, detail="Authorization header is missing"
+            )
+        # This handles the case when authentication is disabled
+        payload = {"sub": DEFAULT_USER_ID, "role": "admin"}
+
+    user_id = payload.get("sub")
+
+    if not user_id:
+        raise fastapi.HTTPException(
+            status_code=401, detail="User ID not found in token"
+        )
+
+    if admin_only and payload["role"] != "admin":
+        raise fastapi.HTTPException(status_code=403, detail="Admin access required")
+
+    return User.from_payload(payload)
+
+
+def get_user_id(payload: dict = fastapi.Depends(auth_middleware)) -> str:
+    user_id = payload.get("sub")
+    if not user_id:
+        raise fastapi.HTTPException(
+            status_code=401, detail="User ID not found in token"
+        )
+    return user_id

autogpt_platform/autogpt_libs/autogpt_libs/auth/depends_tests.py

@@ -0,0 +1,68 @@
+import pytest
+
+from .depends import requires_admin_user, requires_user, verify_user
+
+
+def test_verify_user_no_payload():
+    user = verify_user(None, admin_only=False)
+    assert user.user_id == "3e53486c-cf57-477e-ba2a-cb02dc828e1a"
+    assert user.role == "admin"
+
+
+def test_verify_user_no_user_id():
+    with pytest.raises(Exception):
+        verify_user({"role": "admin"}, admin_only=False)
+
+
+def test_verify_user_not_admin():
+    with pytest.raises(Exception):
+        verify_user(
+            {"sub": "3e53486c-cf57-477e-ba2a-cb02dc828e1a", "role": "user"},
+            admin_only=True,
+        )
+
+
+def test_verify_user_with_admin_role():
+    user = verify_user(
+        {"sub": "3e53486c-cf57-477e-ba2a-cb02dc828e1a", "role": "admin"},
+        admin_only=True,
+    )
+    assert user.user_id == "3e53486c-cf57-477e-ba2a-cb02dc828e1a"
+    assert user.role == "admin"
+
+
+def test_verify_user_with_user_role():
+    user = verify_user(
+        {"sub": "3e53486c-cf57-477e-ba2a-cb02dc828e1a", "role": "user"},
+        admin_only=False,
+    )
+    assert user.user_id == "3e53486c-cf57-477e-ba2a-cb02dc828e1a"
+    assert user.role == "user"
+
+
+def test_requires_user():
+    user = requires_user(
+        {"sub": "3e53486c-cf57-477e-ba2a-cb02dc828e1a", "role": "user"}
+    )
+    assert user.user_id == "3e53486c-cf57-477e-ba2a-cb02dc828e1a"
+    assert user.role == "user"
+
+
+def test_requires_user_no_user_id():
+    with pytest.raises(Exception):
+        requires_user({"role": "user"})
+
+
+def test_requires_admin_user():
+    user = requires_admin_user(
+        {"sub": "3e53486c-cf57-477e-ba2a-cb02dc828e1a", "role": "admin"}
+    )
+    assert user.user_id == "3e53486c-cf57-477e-ba2a-cb02dc828e1a"
+    assert user.role == "admin"
+
+
+def test_requires_admin_user_not_admin():
+    with pytest.raises(Exception):
+        requires_admin_user(
+            {"sub": "3e53486c-cf57-477e-ba2a-cb02dc828e1a", "role": "user"}
+        )

autogpt_platform/autogpt_libs/autogpt_libs/auth/helpers.py

@@ -1,64 +0,0 @@
-from fastapi import FastAPI
-
-from .jwt_utils import bearer_jwt_auth
-
-
-def add_auth_responses_to_openapi(app: FastAPI) -> None:
-    """
-    Patch a FastAPI instance's `openapi()` method to add 401 responses
-    to all authenticated endpoints.
-
-    This is needed when using HTTPBearer with auto_error=False to get proper
-    401 responses instead of 403, but FastAPI only automatically adds security
-    responses when auto_error=True.
-    """
-    # Wrap current method to allow stacking OpenAPI schema modifiers like this
-    wrapped_openapi = app.openapi
-
-    def custom_openapi():
-        if app.openapi_schema:
-            return app.openapi_schema
-
-        openapi_schema = wrapped_openapi()
-
-        # Add 401 response to all endpoints that have security requirements
-        for path, methods in openapi_schema["paths"].items():
-            for method, details in methods.items():
-                security_schemas = [
-                    schema
-                    for auth_option in details.get("security", [])
-                    for schema in auth_option.keys()
-                ]
-                if bearer_jwt_auth.scheme_name not in security_schemas:
-                    continue
-
-                if "responses" not in details:
-                    details["responses"] = {}
-
-                details["responses"]["401"] = {
-                    "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
-                }
-
-        # Ensure #/components/responses exists
-        if "components" not in openapi_schema:
-            openapi_schema["components"] = {}
-        if "responses" not in openapi_schema["components"]:
-            openapi_schema["components"]["responses"] = {}
-
-        # Define 401 response
-        openapi_schema["components"]["responses"]["HTTP401NotAuthenticatedError"] = {
-            "description": "Authentication required",
-            "content": {
-                "application/json": {
-                    "schema": {
-                        "type": "object",
-                        "properties": {"detail": {"type": "string"}},
-                    }
-                }
-            },
-        }
-
-        app.openapi_schema = openapi_schema
-        return app.openapi_schema
-
-    app.openapi = custom_openapi

autogpt_platform/autogpt_libs/autogpt_libs/auth/helpers_test.py

@@ -1,435 +0,0 @@
-"""
-Comprehensive tests for auth helpers module to achieve 100% coverage.
-Tests OpenAPI schema generation and authentication response handling.
-"""
-
-from unittest import mock
-
-from fastapi import FastAPI
-from fastapi.openapi.utils import get_openapi
-
-from autogpt_libs.auth.helpers import add_auth_responses_to_openapi
-from autogpt_libs.auth.jwt_utils import bearer_jwt_auth
-
-
-def test_add_auth_responses_to_openapi_basic():
-    """Test adding 401 responses to OpenAPI schema."""
-    app = FastAPI(title="Test App", version="1.0.0")
-
-    # Add some test endpoints with authentication
-    from fastapi import Depends
-
-    from autogpt_libs.auth.dependencies import requires_user
-
-    @app.get("/protected", dependencies=[Depends(requires_user)])
-    def protected_endpoint():
-        return {"message": "Protected"}
-
-    @app.get("/public")
-    def public_endpoint():
-        return {"message": "Public"}
-
-    # Apply the OpenAPI customization
-    add_auth_responses_to_openapi(app)
-
-    # Get the OpenAPI schema
-    schema = app.openapi()
-
-    # Verify basic schema properties
-    assert schema["info"]["title"] == "Test App"
-    assert schema["info"]["version"] == "1.0.0"
-
-    # Verify 401 response component is added
-    assert "components" in schema
-    assert "responses" in schema["components"]
-    assert "HTTP401NotAuthenticatedError" in schema["components"]["responses"]
-
-    # Verify 401 response structure
-    error_response = schema["components"]["responses"]["HTTP401NotAuthenticatedError"]
-    assert error_response["description"] == "Authentication required"
-    assert "application/json" in error_response["content"]
-    assert "schema" in error_response["content"]["application/json"]
-
-    # Verify schema properties
-    response_schema = error_response["content"]["application/json"]["schema"]
-    assert response_schema["type"] == "object"
-    assert "detail" in response_schema["properties"]
-    assert response_schema["properties"]["detail"]["type"] == "string"
-
-
-def test_add_auth_responses_to_openapi_with_security():
-    """Test that 401 responses are added only to secured endpoints."""
-    app = FastAPI()
-
-    # Mock endpoint with security
-    from fastapi import Security
-
-    from autogpt_libs.auth.dependencies import get_user_id
-
-    @app.get("/secured")
-    def secured_endpoint(user_id: str = Security(get_user_id)):
-        return {"user_id": user_id}
-
-    @app.post("/also-secured")
-    def another_secured(user_id: str = Security(get_user_id)):
-        return {"status": "ok"}
-
-    @app.get("/unsecured")
-    def unsecured_endpoint():
-        return {"public": True}
-
-    # Apply OpenAPI customization
-    add_auth_responses_to_openapi(app)
-
-    # Get schema
-    schema = app.openapi()
-
-    # Check that secured endpoints have 401 responses
-    if "/secured" in schema["paths"]:
-        if "get" in schema["paths"]["/secured"]:
-            secured_get = schema["paths"]["/secured"]["get"]
-            if "responses" in secured_get:
-                assert "401" in secured_get["responses"]
-                assert (
-                    secured_get["responses"]["401"]["$ref"]
-                    == "#/components/responses/HTTP401NotAuthenticatedError"
-                )
-
-    if "/also-secured" in schema["paths"]:
-        if "post" in schema["paths"]["/also-secured"]:
-            secured_post = schema["paths"]["/also-secured"]["post"]
-            if "responses" in secured_post:
-                assert "401" in secured_post["responses"]
-
-    # Check that unsecured endpoint does not have 401 response
-    if "/unsecured" in schema["paths"]:
-        if "get" in schema["paths"]["/unsecured"]:
-            unsecured_get = schema["paths"]["/unsecured"]["get"]
-            if "responses" in unsecured_get:
-                assert "401" not in unsecured_get.get("responses", {})
-
-
-def test_add_auth_responses_to_openapi_cached_schema():
-    """Test that OpenAPI schema is cached after first generation."""
-    app = FastAPI()
-
-    # Apply customization
-    add_auth_responses_to_openapi(app)
-
-    # Get schema twice
-    schema1 = app.openapi()
-    schema2 = app.openapi()
-
-    # Should return the same cached object
-    assert schema1 is schema2
-
-
-def test_add_auth_responses_to_openapi_existing_responses():
-    """Test handling endpoints that already have responses defined."""
-    app = FastAPI()
-
-    from fastapi import Security
-
-    from autogpt_libs.auth.jwt_utils import get_jwt_payload
-
-    @app.get(
-        "/with-responses",
-        responses={
-            200: {"description": "Success"},
-            404: {"description": "Not found"},
-        },
-    )
-    def endpoint_with_responses(jwt: dict = Security(get_jwt_payload)):
-        return {"data": "test"}
-
-    # Apply customization
-    add_auth_responses_to_openapi(app)
-
-    schema = app.openapi()
-
-    # Check that existing responses are preserved and 401 is added
-    if "/with-responses" in schema["paths"]:
-        if "get" in schema["paths"]["/with-responses"]:
-            responses = schema["paths"]["/with-responses"]["get"].get("responses", {})
-            # Original responses should be preserved
-            if "200" in responses:
-                assert responses["200"]["description"] == "Success"
-            if "404" in responses:
-                assert responses["404"]["description"] == "Not found"
-            # 401 should be added
-            if "401" in responses:
-                assert (
-                    responses["401"]["$ref"]
-                    == "#/components/responses/HTTP401NotAuthenticatedError"
-                )
-
-
-def test_add_auth_responses_to_openapi_no_security_endpoints():
-    """Test with app that has no secured endpoints."""
-    app = FastAPI()
-
-    @app.get("/public1")
-    def public1():
-        return {"message": "public1"}
-
-    @app.post("/public2")
-    def public2():
-        return {"message": "public2"}
-
-    # Apply customization
-    add_auth_responses_to_openapi(app)
-
-    schema = app.openapi()
-
-    # Component should still be added for consistency
-    assert "HTTP401NotAuthenticatedError" in schema["components"]["responses"]
-
-    # But no endpoints should have 401 responses
-    for path in schema["paths"].values():
-        for method in path.values():
-            if isinstance(method, dict) and "responses" in method:
-                assert "401" not in method["responses"]
-
-
-def test_add_auth_responses_to_openapi_multiple_security_schemes():
-    """Test endpoints with multiple security requirements."""
-    app = FastAPI()
-
-    from fastapi import Security
-
-    from autogpt_libs.auth.dependencies import requires_admin_user, requires_user
-    from autogpt_libs.auth.models import User
-
-    @app.get("/multi-auth")
-    def multi_auth(
-        user: User = Security(requires_user),
-        admin: User = Security(requires_admin_user),
-    ):
-        return {"status": "super secure"}
-
-    # Apply customization
-    add_auth_responses_to_openapi(app)
-
-    schema = app.openapi()
-
-    # Should have 401 response
-    if "/multi-auth" in schema["paths"]:
-        if "get" in schema["paths"]["/multi-auth"]:
-            responses = schema["paths"]["/multi-auth"]["get"].get("responses", {})
-            if "401" in responses:
-                assert (
-                    responses["401"]["$ref"]
-                    == "#/components/responses/HTTP401NotAuthenticatedError"
-                )
-
-
-def test_add_auth_responses_to_openapi_empty_components():
-    """Test when OpenAPI schema has no components section initially."""
-    app = FastAPI()
-
-    # Mock get_openapi to return schema without components
-    original_get_openapi = get_openapi
-
-    def mock_get_openapi(*args, **kwargs):
-        schema = original_get_openapi(*args, **kwargs)
-        # Remove components if it exists
-        if "components" in schema:
-            del schema["components"]
-        return schema
-
-    with mock.patch("autogpt_libs.auth.helpers.get_openapi", mock_get_openapi):
-        # Apply customization
-        add_auth_responses_to_openapi(app)
-
-        schema = app.openapi()
-
-        # Components should be created
-        assert "components" in schema
-        assert "responses" in schema["components"]
-        assert "HTTP401NotAuthenticatedError" in schema["components"]["responses"]
-
-
-def test_add_auth_responses_to_openapi_all_http_methods():
-    """Test that all HTTP methods are handled correctly."""
-    app = FastAPI()
-
-    from fastapi import Security
-
-    from autogpt_libs.auth.jwt_utils import get_jwt_payload
-
-    @app.get("/resource")
-    def get_resource(jwt: dict = Security(get_jwt_payload)):
-        return {"method": "GET"}
-
-    @app.post("/resource")
-    def post_resource(jwt: dict = Security(get_jwt_payload)):
-        return {"method": "POST"}
-
-    @app.put("/resource")
-    def put_resource(jwt: dict = Security(get_jwt_payload)):
-        return {"method": "PUT"}
-
-    @app.patch("/resource")
-    def patch_resource(jwt: dict = Security(get_jwt_payload)):
-        return {"method": "PATCH"}
-
-    @app.delete("/resource")
-    def delete_resource(jwt: dict = Security(get_jwt_payload)):
-        return {"method": "DELETE"}
-
-    # Apply customization
-    add_auth_responses_to_openapi(app)
-
-    schema = app.openapi()
-
-    # All methods should have 401 response
-    if "/resource" in schema["paths"]:
-        for method in ["get", "post", "put", "patch", "delete"]:
-            if method in schema["paths"]["/resource"]:
-                method_spec = schema["paths"]["/resource"][method]
-                if "responses" in method_spec:
-                    assert "401" in method_spec["responses"]
-
-
-def test_bearer_jwt_auth_scheme_config():
-    """Test that bearer_jwt_auth is configured correctly."""
-    assert bearer_jwt_auth.scheme_name == "HTTPBearerJWT"
-    assert bearer_jwt_auth.auto_error is False
-
-
-def test_add_auth_responses_with_no_routes():
-    """Test OpenAPI generation with app that has no routes."""
-    app = FastAPI(title="Empty App")
-
-    # Apply customization to empty app
-    add_auth_responses_to_openapi(app)
-
-    schema = app.openapi()
-
-    # Should still have basic structure
-    assert schema["info"]["title"] == "Empty App"
-    assert "components" in schema
-    assert "responses" in schema["components"]
-    assert "HTTP401NotAuthenticatedError" in schema["components"]["responses"]
-
-
-def test_custom_openapi_function_replacement():
-    """Test that the custom openapi function properly replaces the default."""
-    app = FastAPI()
-
-    # Store original function
-    original_openapi = app.openapi
-
-    # Apply customization
-    add_auth_responses_to_openapi(app)
-
-    # Function should be replaced
-    assert app.openapi != original_openapi
-    assert callable(app.openapi)
-
-
-def test_endpoint_without_responses_section():
-    """Test endpoint that has security but no responses section initially."""
-    app = FastAPI()
-
-    from fastapi import Security
-    from fastapi.openapi.utils import get_openapi as original_get_openapi
-
-    from autogpt_libs.auth.jwt_utils import get_jwt_payload
-
-    # Create endpoint
-    @app.get("/no-responses")
-    def endpoint_without_responses(jwt: dict = Security(get_jwt_payload)):
-        return {"data": "test"}
-
-    # Mock get_openapi to remove responses from the endpoint
-    def mock_get_openapi(*args, **kwargs):
-        schema = original_get_openapi(*args, **kwargs)
-        # Remove responses from our endpoint to trigger line 40
-        if "/no-responses" in schema.get("paths", {}):
-            if "get" in schema["paths"]["/no-responses"]:
-                # Delete responses to force the code to create it
-                if "responses" in schema["paths"]["/no-responses"]["get"]:
-                    del schema["paths"]["/no-responses"]["get"]["responses"]
-        return schema
-
-    with mock.patch("autogpt_libs.auth.helpers.get_openapi", mock_get_openapi):
-        # Apply customization
-        add_auth_responses_to_openapi(app)
-
-        # Get schema and verify 401 was added
-        schema = app.openapi()
-
-        # The endpoint should now have 401 response
-        if "/no-responses" in schema["paths"]:
-            if "get" in schema["paths"]["/no-responses"]:
-                responses = schema["paths"]["/no-responses"]["get"].get("responses", {})
-                assert "401" in responses
-                assert (
-                    responses["401"]["$ref"]
-                    == "#/components/responses/HTTP401NotAuthenticatedError"
-                )
-
-
-def test_components_with_existing_responses():
-    """Test when components already has a responses section."""
-    app = FastAPI()
-
-    # Mock get_openapi to return schema with existing components/responses
-    from fastapi.openapi.utils import get_openapi as original_get_openapi
-
-    def mock_get_openapi(*args, **kwargs):
-        schema = original_get_openapi(*args, **kwargs)
-        # Add existing components/responses
-        if "components" not in schema:
-            schema["components"] = {}
-        schema["components"]["responses"] = {
-            "ExistingResponse": {"description": "An existing response"}
-        }
-        return schema
-
-    with mock.patch("autogpt_libs.auth.helpers.get_openapi", mock_get_openapi):
-        # Apply customization
-        add_auth_responses_to_openapi(app)
-
-        schema = app.openapi()
-
-        # Both responses should exist
-        assert "ExistingResponse" in schema["components"]["responses"]
-        assert "HTTP401NotAuthenticatedError" in schema["components"]["responses"]
-
-        # Verify our 401 response structure
-        error_response = schema["components"]["responses"][
-            "HTTP401NotAuthenticatedError"
-        ]
-        assert error_response["description"] == "Authentication required"
-
-
-def test_openapi_schema_persistence():
-    """Test that modifications to OpenAPI schema persist correctly."""
-    app = FastAPI()
-
-    from fastapi import Security
-
-    from autogpt_libs.auth.jwt_utils import get_jwt_payload
-
-    @app.get("/test")
-    def test_endpoint(jwt: dict = Security(get_jwt_payload)):
-        return {"test": True}
-
-    # Apply customization
-    add_auth_responses_to_openapi(app)
-
-    # Get schema multiple times
-    schema1 = app.openapi()
-
-    # Modify the cached schema (shouldn't affect future calls)
-    schema1["info"]["title"] = "Modified Title"
-
-    # Clear cache and get again
-    app.openapi_schema = None
-    schema2 = app.openapi()
-
-    # Should regenerate with original title
-    assert schema2["info"]["title"] == app.title
-    assert schema2["info"]["title"] != "Modified Title"

autogpt_platform/autogpt_libs/autogpt_libs/auth/jwt_utils.py

@@ -1,48 +1,11 @@
-import logging
-from typing import Any
+from typing import Any, Dict
 
 import jwt
-from fastapi import HTTPException, Security
-from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 
-from .config import get_settings
-from .models import User
-
-logger = logging.getLogger(__name__)
-
-# Bearer token authentication scheme
-bearer_jwt_auth = HTTPBearer(
-    bearerFormat="jwt", scheme_name="HTTPBearerJWT", auto_error=False
-)
+from .config import settings
 
 
-async def get_jwt_payload(
-    credentials: HTTPAuthorizationCredentials | None = Security(bearer_jwt_auth),
-) -> dict[str, Any]:
-    """
-    Extract and validate JWT payload from HTTP Authorization header.
-
-    This is the core authentication function that handles:
-    - Reading the `Authorization` header to obtain the JWT token
-    - Verifying the JWT token's signature
-    - Decoding the JWT token's payload
-
-    :param credentials: HTTP Authorization credentials from bearer token
-    :return: JWT payload dictionary
-    :raises HTTPException: 401 if authentication fails
-    """
-    if not credentials:
-        raise HTTPException(status_code=401, detail="Authorization header is missing")
-
-    try:
-        payload = parse_jwt_token(credentials.credentials)
-        logger.debug("Token decoded successfully")
-        return payload
-    except ValueError as e:
-        raise HTTPException(status_code=401, detail=str(e))
-
-
-def parse_jwt_token(token: str) -> dict[str, Any]:
+def parse_jwt_token(token: str) -> Dict[str, Any]:
     """
     Parse and validate a JWT token.
 
@@ -50,11 +13,10 @@ def parse_jwt_token(token: str) -> dict[str, Any]:
     :return: The decoded payload
     :raises ValueError: If the token is invalid or expired
     """
-    settings = get_settings()
     try:
         payload = jwt.decode(
             token,
-            settings.JWT_VERIFY_KEY,
+            settings.JWT_SECRET_KEY,
             algorithms=[settings.JWT_ALGORITHM],
             audience="authenticated",
         )
@@ -63,18 +25,3 @@ def parse_jwt_token(token: str) -> dict[str, Any]:
         raise ValueError("Token has expired")
     except jwt.InvalidTokenError as e:
         raise ValueError(f"Invalid token: {str(e)}")
-
-
-def verify_user(jwt_payload: dict | None, admin_only: bool) -> User:
-    if jwt_payload is None:
-        raise HTTPException(status_code=401, detail="Authorization header is missing")
-
-    user_id = jwt_payload.get("sub")
-
-    if not user_id:
-        raise HTTPException(status_code=401, detail="User ID not found in token")
-
-    if admin_only and jwt_payload["role"] != "admin":
-        raise HTTPException(status_code=403, detail="Admin access required")
-
-    return User.from_payload(jwt_payload)

autogpt_platform/autogpt_libs/autogpt_libs/auth/jwt_utils_test.py

@@ -1,308 +0,0 @@
-"""
-Comprehensive tests for JWT token parsing and validation.
-Ensures 100% line and branch coverage for JWT security functions.
-"""
-
-import os
-from datetime import datetime, timedelta, timezone
-
-import jwt
-import pytest
-from fastapi import HTTPException
-from fastapi.security import HTTPAuthorizationCredentials
-from pytest_mock import MockerFixture
-
-from autogpt_libs.auth import config, jwt_utils
-from autogpt_libs.auth.config import Settings
-from autogpt_libs.auth.models import User
-
-MOCK_JWT_SECRET = "test-secret-key-with-at-least-32-characters"
-TEST_USER_PAYLOAD = {
-    "sub": "test-user-id",
-    "role": "user",
-    "aud": "authenticated",
-    "email": "test@example.com",
-}
-TEST_ADMIN_PAYLOAD = {
-    "sub": "admin-user-id",
-    "role": "admin",
-    "aud": "authenticated",
-    "email": "admin@example.com",
-}
-
-
-@pytest.fixture(autouse=True)
-def mock_config(mocker: MockerFixture):
-    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": MOCK_JWT_SECRET}, clear=True)
-    mocker.patch.object(config, "_settings", Settings())
-    yield
-
-
-def create_token(payload, secret=None, algorithm="HS256"):
-    """Helper to create JWT tokens."""
-    if secret is None:
-        secret = MOCK_JWT_SECRET
-    return jwt.encode(payload, secret, algorithm=algorithm)
-
-
-def test_parse_jwt_token_valid():
-    """Test parsing a valid JWT token."""
-    token = create_token(TEST_USER_PAYLOAD)
-    result = jwt_utils.parse_jwt_token(token)
-
-    assert result["sub"] == "test-user-id"
-    assert result["role"] == "user"
-    assert result["aud"] == "authenticated"
-
-
-def test_parse_jwt_token_expired():
-    """Test parsing an expired JWT token."""
-    expired_payload = {
-        **TEST_USER_PAYLOAD,
-        "exp": datetime.now(timezone.utc) - timedelta(hours=1),
-    }
-    token = create_token(expired_payload)
-
-    with pytest.raises(ValueError) as exc_info:
-        jwt_utils.parse_jwt_token(token)
-    assert "Token has expired" in str(exc_info.value)
-
-
-def test_parse_jwt_token_invalid_signature():
-    """Test parsing a token with invalid signature."""
-    # Create token with different secret
-    token = create_token(TEST_USER_PAYLOAD, secret="wrong-secret")
-
-    with pytest.raises(ValueError) as exc_info:
-        jwt_utils.parse_jwt_token(token)
-    assert "Invalid token" in str(exc_info.value)
-
-
-def test_parse_jwt_token_malformed():
-    """Test parsing a malformed token."""
-    malformed_tokens = [
-        "not.a.token",
-        "invalid",
-        "",
-        # Header only
-        "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9",
-        # No signature
-        "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0In0",
-    ]
-
-    for token in malformed_tokens:
-        with pytest.raises(ValueError) as exc_info:
-            jwt_utils.parse_jwt_token(token)
-        assert "Invalid token" in str(exc_info.value)
-
-
-def test_parse_jwt_token_wrong_audience():
-    """Test parsing a token with wrong audience."""
-    wrong_aud_payload = {**TEST_USER_PAYLOAD, "aud": "wrong-audience"}
-    token = create_token(wrong_aud_payload)
-
-    with pytest.raises(ValueError) as exc_info:
-        jwt_utils.parse_jwt_token(token)
-    assert "Invalid token" in str(exc_info.value)
-
-
-def test_parse_jwt_token_missing_audience():
-    """Test parsing a token without audience claim."""
-    no_aud_payload = {k: v for k, v in TEST_USER_PAYLOAD.items() if k != "aud"}
-    token = create_token(no_aud_payload)
-
-    with pytest.raises(ValueError) as exc_info:
-        jwt_utils.parse_jwt_token(token)
-    assert "Invalid token" in str(exc_info.value)
-
-
-async def test_get_jwt_payload_with_valid_token():
-    """Test extracting JWT payload with valid bearer token."""
-    token = create_token(TEST_USER_PAYLOAD)
-    credentials = HTTPAuthorizationCredentials(scheme="Bearer", credentials=token)
-
-    result = await jwt_utils.get_jwt_payload(credentials)
-    assert result["sub"] == "test-user-id"
-    assert result["role"] == "user"
-
-
-async def test_get_jwt_payload_no_credentials():
-    """Test JWT payload when no credentials provided."""
-    with pytest.raises(HTTPException) as exc_info:
-        await jwt_utils.get_jwt_payload(None)
-    assert exc_info.value.status_code == 401
-    assert "Authorization header is missing" in exc_info.value.detail
-
-
-async def test_get_jwt_payload_invalid_token():
-    """Test JWT payload extraction with invalid token."""
-    credentials = HTTPAuthorizationCredentials(
-        scheme="Bearer", credentials="invalid.token.here"
-    )
-
-    with pytest.raises(HTTPException) as exc_info:
-        await jwt_utils.get_jwt_payload(credentials)
-    assert exc_info.value.status_code == 401
-    assert "Invalid token" in exc_info.value.detail
-
-
-def test_verify_user_with_valid_user():
-    """Test verifying a valid user."""
-    user = jwt_utils.verify_user(TEST_USER_PAYLOAD, admin_only=False)
-    assert isinstance(user, User)
-    assert user.user_id == "test-user-id"
-    assert user.role == "user"
-    assert user.email == "test@example.com"
-
-
-def test_verify_user_with_admin():
-    """Test verifying an admin user."""
-    user = jwt_utils.verify_user(TEST_ADMIN_PAYLOAD, admin_only=True)
-    assert isinstance(user, User)
-    assert user.user_id == "admin-user-id"
-    assert user.role == "admin"
-
-
-def test_verify_user_admin_only_with_regular_user():
-    """Test verifying regular user when admin is required."""
-    with pytest.raises(HTTPException) as exc_info:
-        jwt_utils.verify_user(TEST_USER_PAYLOAD, admin_only=True)
-    assert exc_info.value.status_code == 403
-    assert "Admin access required" in exc_info.value.detail
-
-
-def test_verify_user_no_payload():
-    """Test verifying user with no payload."""
-    with pytest.raises(HTTPException) as exc_info:
-        jwt_utils.verify_user(None, admin_only=False)
-    assert exc_info.value.status_code == 401
-    assert "Authorization header is missing" in exc_info.value.detail
-
-
-def test_verify_user_missing_sub():
-    """Test verifying user with payload missing 'sub' field."""
-    invalid_payload = {"role": "user", "email": "test@example.com"}
-    with pytest.raises(HTTPException) as exc_info:
-        jwt_utils.verify_user(invalid_payload, admin_only=False)
-    assert exc_info.value.status_code == 401
-    assert "User ID not found in token" in exc_info.value.detail
-
-
-def test_verify_user_empty_sub():
-    """Test verifying user with empty 'sub' field."""
-    invalid_payload = {"sub": "", "role": "user"}
-    with pytest.raises(HTTPException) as exc_info:
-        jwt_utils.verify_user(invalid_payload, admin_only=False)
-    assert exc_info.value.status_code == 401
-    assert "User ID not found in token" in exc_info.value.detail
-
-
-def test_verify_user_none_sub():
-    """Test verifying user with None 'sub' field."""
-    invalid_payload = {"sub": None, "role": "user"}
-    with pytest.raises(HTTPException) as exc_info:
-        jwt_utils.verify_user(invalid_payload, admin_only=False)
-    assert exc_info.value.status_code == 401
-    assert "User ID not found in token" in exc_info.value.detail
-
-
-def test_verify_user_missing_role_admin_check():
-    """Test verifying admin when role field is missing."""
-    no_role_payload = {"sub": "user-id"}
-    with pytest.raises(KeyError):
-        # This will raise KeyError when checking payload["role"]
-        jwt_utils.verify_user(no_role_payload, admin_only=True)
-
-
-# ======================== EDGE CASES ======================== #
-
-
-def test_jwt_with_additional_claims():
-    """Test JWT token with additional custom claims."""
-    extra_claims_payload = {
-        "sub": "user-id",
-        "role": "user",
-        "aud": "authenticated",
-        "custom_claim": "custom_value",
-        "permissions": ["read", "write"],
-        "metadata": {"key": "value"},
-    }
-    token = create_token(extra_claims_payload)
-
-    result = jwt_utils.parse_jwt_token(token)
-    assert result["sub"] == "user-id"
-    assert result["custom_claim"] == "custom_value"
-    assert result["permissions"] == ["read", "write"]
-
-
-def test_jwt_with_numeric_sub():
-    """Test JWT token with numeric user ID."""
-    payload = {
-        "sub": 12345,  # Numeric ID
-        "role": "user",
-        "aud": "authenticated",
-    }
-    # Should convert to string internally
-    user = jwt_utils.verify_user(payload, admin_only=False)
-    assert user.user_id == 12345
-
-
-def test_jwt_with_very_long_sub():
-    """Test JWT token with very long user ID."""
-    long_id = "a" * 1000
-    payload = {
-        "sub": long_id,
-        "role": "user",
-        "aud": "authenticated",
-    }
-    user = jwt_utils.verify_user(payload, admin_only=False)
-    assert user.user_id == long_id
-
-
-def test_jwt_with_special_characters_in_claims():
-    """Test JWT token with special characters in claims."""
-    payload = {
-        "sub": "user@example.com/special-chars!@#$%",
-        "role": "admin",
-        "aud": "authenticated",
-        "email": "test+special@example.com",
-    }
-    user = jwt_utils.verify_user(payload, admin_only=True)
-    assert "special-chars!@#$%" in user.user_id
-
-
-def test_jwt_with_future_iat():
-    """Test JWT token with issued-at time in future."""
-    future_payload = {
-        "sub": "user-id",
-        "role": "user",
-        "aud": "authenticated",
-        "iat": datetime.now(timezone.utc) + timedelta(hours=1),
-    }
-    token = create_token(future_payload)
-
-    # PyJWT validates iat claim and should reject future tokens
-    with pytest.raises(ValueError, match="not yet valid"):
-        jwt_utils.parse_jwt_token(token)
-
-
-def test_jwt_with_different_algorithms():
-    """Test that only HS256 algorithm is accepted."""
-    payload = {
-        "sub": "user-id",
-        "role": "user",
-        "aud": "authenticated",
-    }
-
-    # Try different algorithms
-    algorithms = ["HS384", "HS512", "none"]
-    for algo in algorithms:
-        if algo == "none":
-            # Special case for 'none' algorithm (security vulnerability if accepted)
-            token = create_token(payload, "", algorithm="none")
-        else:
-            token = create_token(payload, algorithm=algo)
-
-        with pytest.raises(ValueError) as exc_info:
-            jwt_utils.parse_jwt_token(token)
-        assert "Invalid token" in str(exc_info.value)

autogpt_platform/autogpt_libs/autogpt_libs/auth/middleware.py

@@ -0,0 +1,140 @@
+import inspect
+import logging
+import secrets
+from typing import Any, Callable, Optional
+
+from fastapi import HTTPException, Request, Security
+from fastapi.security import APIKeyHeader, HTTPBearer
+from starlette.status import HTTP_401_UNAUTHORIZED
+
+from .config import settings
+from .jwt_utils import parse_jwt_token
+
+security = HTTPBearer()
+logger = logging.getLogger(__name__)
+
+
+async def auth_middleware(request: Request):
+    if not settings.ENABLE_AUTH:
+        # If authentication is disabled, allow the request to proceed
+        logger.warning("Auth disabled")
+        return {}
+
+    security = HTTPBearer()
+    credentials = await security(request)
+
+    if not credentials:
+        raise HTTPException(status_code=401, detail="Authorization header is missing")
+
+    try:
+        payload = parse_jwt_token(credentials.credentials)
+        request.state.user = payload
+        logger.debug("Token decoded successfully")
+    except ValueError as e:
+        raise HTTPException(status_code=401, detail=str(e))
+    return payload
+
+
+class APIKeyValidator:
+    """
+    Configurable API key validator that supports custom validation functions
+    for FastAPI applications.
+
+    This class provides a flexible way to implement API key authentication with optional
+    custom validation logic. It can be used for simple token matching
+    or more complex validation scenarios like database lookups.
+
+    Examples:
+        Simple token validation:
+        ```python
+        validator = APIKeyValidator(
+            header_name="X-API-Key",
+            expected_token="your-secret-token"
+        )
+
+        @app.get("/protected", dependencies=[Depends(validator.get_dependency())])
+        def protected_endpoint():
+            return {"message": "Access granted"}
+        ```
+
+        Custom validation with database lookup:
+        ```python
+        async def validate_with_db(api_key: str):
+            api_key_obj = await db.get_api_key(api_key)
+            return api_key_obj if api_key_obj and api_key_obj.is_active else None
+
+        validator = APIKeyValidator(
+            header_name="X-API-Key",
+            validate_fn=validate_with_db
+        )
+        ```
+
+    Args:
+        header_name (str): The name of the header containing the API key
+        expected_token (Optional[str]): The expected API key value for simple token matching
+        validate_fn (Optional[Callable]): Custom validation function that takes an API key
+            string and returns a boolean or object. Can be async.
+        error_status (int): HTTP status code to use for validation errors
+        error_message (str): Error message to return when validation fails
+    """
+
+    def __init__(
+        self,
+        header_name: str,
+        expected_token: Optional[str] = None,
+        validate_fn: Optional[Callable[[str], bool]] = None,
+        error_status: int = HTTP_401_UNAUTHORIZED,
+        error_message: str = "Invalid API key",
+    ):
+        # Create the APIKeyHeader as a class property
+        self.security_scheme = APIKeyHeader(name=header_name)
+        self.expected_token = expected_token
+        self.custom_validate_fn = validate_fn
+        self.error_status = error_status
+        self.error_message = error_message
+
+    async def default_validator(self, api_key: str) -> bool:
+        if not self.expected_token:
+            raise ValueError(
+                "Expected Token Required to be set when uisng API Key Validator default validation"
+            )
+        return secrets.compare_digest(api_key, self.expected_token)
+
+    async def __call__(
+        self, request: Request, api_key: str = Security(APIKeyHeader)
+    ) -> Any:
+        if api_key is None:
+            raise HTTPException(status_code=self.error_status, detail="Missing API key")
+
+        # Use custom validation if provided, otherwise use default equality check
+        validator = self.custom_validate_fn or self.default_validator
+        result = (
+            await validator(api_key)
+            if inspect.iscoroutinefunction(validator)
+            else validator(api_key)
+        )
+
+        if not result:
+            raise HTTPException(
+                status_code=self.error_status, detail=self.error_message
+            )
+
+        # Store validation result in request state if it's not just a boolean
+        if result is not True:
+            request.state.api_key = result
+
+        return result
+
+    def get_dependency(self):
+        """
+        Returns a callable dependency that FastAPI will recognize as a security scheme
+        """
+
+        async def validate_api_key(
+            request: Request, api_key: str = Security(self.security_scheme)
+        ) -> Any:
+            return await self(request, api_key)
+
+        # This helps FastAPI recognize it as a security dependency
+        validate_api_key.__name__ = f"validate_{self.security_scheme.model.name}"
+        return validate_api_key

autogpt_platform/autogpt_libs/autogpt_libs/feature_flag/client.py

@@ -0,0 +1,196 @@
+import asyncio
+import contextlib
+import logging
+from functools import wraps
+from typing import Any, Awaitable, Callable, Dict, Optional, TypeVar, Union, cast
+
+import ldclient
+from fastapi import HTTPException
+from ldclient import Context, LDClient
+from ldclient.config import Config
+from typing_extensions import ParamSpec
+
+from .config import SETTINGS
+
+logger = logging.getLogger(__name__)
+
+P = ParamSpec("P")
+T = TypeVar("T")
+
+_is_initialized = False
+
+
+def get_client() -> LDClient:
+    """Get the LaunchDarkly client singleton."""
+    if not _is_initialized:
+        initialize_launchdarkly()
+    return ldclient.get()
+
+
+def initialize_launchdarkly() -> None:
+    sdk_key = SETTINGS.launch_darkly_sdk_key
+    logger.debug(
+        f"Initializing LaunchDarkly with SDK key: {'present' if sdk_key else 'missing'}"
+    )
+
+    if not sdk_key:
+        logger.warning("LaunchDarkly SDK key not configured")
+        return
+
+    config = Config(sdk_key)
+    ldclient.set_config(config)
+
+    if ldclient.get().is_initialized():
+        global _is_initialized
+        _is_initialized = True
+        logger.info("LaunchDarkly client initialized successfully")
+    else:
+        logger.error("LaunchDarkly client failed to initialize")
+
+
+def shutdown_launchdarkly() -> None:
+    """Shutdown the LaunchDarkly client."""
+    if ldclient.get().is_initialized():
+        ldclient.get().close()
+        logger.info("LaunchDarkly client closed successfully")
+
+
+def create_context(
+    user_id: str, additional_attributes: Optional[Dict[str, Any]] = None
+) -> Context:
+    """Create LaunchDarkly context with optional additional attributes."""
+    builder = Context.builder(str(user_id)).kind("user")
+    if additional_attributes:
+        for key, value in additional_attributes.items():
+            builder.set(key, value)
+    return builder.build()
+
+
+def is_feature_enabled(flag_key: str, user_id: str, default: bool = False) -> bool:
+    """
+    Simple helper to check if a feature flag is enabled for a user.
+
+    Args:
+        flag_key: The LaunchDarkly feature flag key
+        user_id: The user ID to evaluate the flag for
+        default: Default value if LaunchDarkly is unavailable or flag evaluation fails
+
+    Returns:
+        True if feature is enabled, False otherwise
+    """
+    try:
+        client = get_client()
+        context = create_context(str(user_id))
+        return client.variation(flag_key, context, default)
+
+    except Exception as e:
+        logger.debug(
+            f"LaunchDarkly flag evaluation failed for {flag_key}: {e}, using default={default}"
+        )
+        return default
+
+
+def feature_flag(
+    flag_key: str,
+    default: bool = False,
+) -> Callable[
+    [Callable[P, Union[T, Awaitable[T]]]], Callable[P, Union[T, Awaitable[T]]]
+]:
+    """
+    Decorator for feature flag protected endpoints.
+    """
+
+    def decorator(
+        func: Callable[P, Union[T, Awaitable[T]]],
+    ) -> Callable[P, Union[T, Awaitable[T]]]:
+        @wraps(func)
+        async def async_wrapper(*args: P.args, **kwargs: P.kwargs) -> T:
+            try:
+                user_id = kwargs.get("user_id")
+                if not user_id:
+                    raise ValueError("user_id is required")
+
+                if not get_client().is_initialized():
+                    logger.warning(
+                        f"LaunchDarkly not initialized, using default={default}"
+                    )
+                    is_enabled = default
+                else:
+                    context = create_context(str(user_id))
+                    is_enabled = get_client().variation(flag_key, context, default)
+
+                if not is_enabled:
+                    raise HTTPException(status_code=404, detail="Feature not available")
+
+                result = func(*args, **kwargs)
+                if asyncio.iscoroutine(result):
+                    return await result
+                return cast(T, result)
+            except Exception as e:
+                logger.error(f"Error evaluating feature flag {flag_key}: {e}")
+                raise
+
+        @wraps(func)
+        def sync_wrapper(*args: P.args, **kwargs: P.kwargs) -> T:
+            try:
+                user_id = kwargs.get("user_id")
+                if not user_id:
+                    raise ValueError("user_id is required")
+
+                if not get_client().is_initialized():
+                    logger.warning(
+                        f"LaunchDarkly not initialized, using default={default}"
+                    )
+                    is_enabled = default
+                else:
+                    context = create_context(str(user_id))
+                    is_enabled = get_client().variation(flag_key, context, default)
+
+                if not is_enabled:
+                    raise HTTPException(status_code=404, detail="Feature not available")
+
+                return cast(T, func(*args, **kwargs))
+            except Exception as e:
+                logger.error(f"Error evaluating feature flag {flag_key}: {e}")
+                raise
+
+        return cast(
+            Callable[P, Union[T, Awaitable[T]]],
+            async_wrapper if asyncio.iscoroutinefunction(func) else sync_wrapper,
+        )
+
+    return decorator
+
+
+def percentage_rollout(
+    flag_key: str,
+    default: bool = False,
+) -> Callable[
+    [Callable[P, Union[T, Awaitable[T]]]], Callable[P, Union[T, Awaitable[T]]]
+]:
+    """Decorator for percentage-based rollouts."""
+    return feature_flag(flag_key, default)
+
+
+def beta_feature(
+    flag_key: Optional[str] = None,
+    unauthorized_response: Any = {"message": "Not available in beta"},
+) -> Callable[
+    [Callable[P, Union[T, Awaitable[T]]]], Callable[P, Union[T, Awaitable[T]]]
+]:
+    """Decorator for beta features."""
+    actual_key = f"beta-{flag_key}" if flag_key else "beta"
+    return feature_flag(actual_key, False)
+
+
+@contextlib.contextmanager
+def mock_flag_variation(flag_key: str, return_value: Any):
+    """Context manager for testing feature flags."""
+    original_variation = get_client().variation
+    get_client().variation = lambda key, context, default: (
+        return_value if key == flag_key else original_variation(key, context, default)
+    )
+    try:
+        yield
+    finally:
+        get_client().variation = original_variation

autogpt_platform/autogpt_libs/autogpt_libs/feature_flag/client_test.py

@@ -0,0 +1,84 @@
+import pytest
+from ldclient import LDClient
+
+from autogpt_libs.feature_flag.client import (
+    feature_flag,
+    is_feature_enabled,
+    mock_flag_variation,
+)
+
+
+@pytest.fixture
+def ld_client(mocker):
+    client = mocker.Mock(spec=LDClient)
+    mocker.patch("ldclient.get", return_value=client)
+    client.is_initialized.return_value = True
+    return client
+
+
+@pytest.mark.asyncio
+async def test_feature_flag_enabled(ld_client):
+    ld_client.variation.return_value = True
+
+    @feature_flag("test-flag")
+    async def test_function(user_id: str):
+        return "success"
+
+    result = test_function(user_id="test-user")
+    assert result == "success"
+    ld_client.variation.assert_called_once()
+
+
+@pytest.mark.asyncio
+async def test_feature_flag_unauthorized_response(ld_client):
+    ld_client.variation.return_value = False
+
+    @feature_flag("test-flag")
+    async def test_function(user_id: str):
+        return "success"
+
+    result = test_function(user_id="test-user")
+    assert result == {"error": "disabled"}
+
+
+def test_mock_flag_variation(ld_client):
+    with mock_flag_variation("test-flag", True):
+        assert ld_client.variation("test-flag", None, False)
+
+    with mock_flag_variation("test-flag", False):
+        assert ld_client.variation("test-flag", None, False)
+
+
+def test_is_feature_enabled(ld_client):
+    """Test the is_feature_enabled helper function."""
+    ld_client.is_initialized.return_value = True
+    ld_client.variation.return_value = True
+
+    result = is_feature_enabled("test-flag", "user123", default=False)
+    assert result is True
+
+    ld_client.variation.assert_called_once()
+    call_args = ld_client.variation.call_args
+    assert call_args[0][0] == "test-flag"  # flag_key
+    assert call_args[0][2] is False  # default value
+
+
+def test_is_feature_enabled_not_initialized(ld_client):
+    """Test is_feature_enabled when LaunchDarkly is not initialized."""
+    ld_client.is_initialized.return_value = False
+
+    result = is_feature_enabled("test-flag", "user123", default=True)
+    assert result is True  # Should return default
+
+    ld_client.variation.assert_not_called()
+
+
+def test_is_feature_enabled_exception(mocker):
+    """Test is_feature_enabled when get_client() raises an exception."""
+    mocker.patch(
+        "autogpt_libs.feature_flag.client.get_client",
+        side_effect=Exception("Client error"),
+    )
+
+    result = is_feature_enabled("test-flag", "user123", default=True)
+    assert result is True  # Should return default

autogpt_platform/autogpt_libs/autogpt_libs/feature_flag/config.py

@@ -0,0 +1,15 @@
+from pydantic import Field
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+
+class Settings(BaseSettings):
+    launch_darkly_sdk_key: str = Field(
+        default="",
+        description="The Launch Darkly SDK key",
+        validation_alias="LAUNCH_DARKLY_SDK_KEY",
+    )
+
+    model_config = SettingsConfigDict(case_sensitive=True, extra="ignore")
+
+
+SETTINGS = Settings()

autogpt_platform/autogpt_libs/autogpt_libs/logging/config.py

@@ -1,10 +1,7 @@
 """Logging module for Auto-GPT."""
 
 import logging
-import os
-import socket
 import sys
-from logging.handlers import RotatingFileHandler
 from pathlib import Path
 
 from pydantic import Field, field_validator
@@ -13,15 +10,6 @@ from pydantic_settings import BaseSettings, SettingsConfigDict
 from .filters import BelowLevelFilter
 from .formatters import AGPTFormatter
 
-# Configure global socket timeout and gRPC keepalive to prevent deadlocks
-# This must be done at import time before any gRPC connections are established
-socket.setdefaulttimeout(30)  # 30-second socket timeout
-
-# Enable gRPC keepalive to detect dead connections faster
-os.environ.setdefault("GRPC_KEEPALIVE_TIME_MS", "30000")  # 30 seconds
-os.environ.setdefault("GRPC_KEEPALIVE_TIMEOUT_MS", "5000")  # 5 seconds
-os.environ.setdefault("GRPC_KEEPALIVE_PERMIT_WITHOUT_CALLS", "true")
-
 LOG_DIR = Path(__file__).parent.parent.parent.parent / "logs"
 LOG_FILE = "activity.log"
 DEBUG_LOG_FILE = "debug.log"
@@ -91,39 +79,42 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
     Note: This function is typically called at the start of the application
     to set up the logging infrastructure.
     """
+
     config = LoggingConfig()
     log_handlers: list[logging.Handler] = []
 
-    structured_logging = config.enable_cloud_logging or force_cloud_logging
-
     # Console output handlers
-    if not structured_logging:
-        stdout = logging.StreamHandler(stream=sys.stdout)
-        stdout.setLevel(config.level)
-        stdout.addFilter(BelowLevelFilter(logging.WARNING))
-        if config.level == logging.DEBUG:
-            stdout.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT))
-        else:
-            stdout.setFormatter(AGPTFormatter(SIMPLE_LOG_FORMAT))
+    stdout = logging.StreamHandler(stream=sys.stdout)
+    stdout.setLevel(config.level)
+    stdout.addFilter(BelowLevelFilter(logging.WARNING))
+    if config.level == logging.DEBUG:
+        stdout.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT))
+    else:
+        stdout.setFormatter(AGPTFormatter(SIMPLE_LOG_FORMAT))
 
-        stderr = logging.StreamHandler()
-        stderr.setLevel(logging.WARNING)
-        if config.level == logging.DEBUG:
-            stderr.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT))
-        else:
-            stderr.setFormatter(AGPTFormatter(SIMPLE_LOG_FORMAT))
+    stderr = logging.StreamHandler()
+    stderr.setLevel(logging.WARNING)
+    if config.level == logging.DEBUG:
+        stderr.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT))
+    else:
+        stderr.setFormatter(AGPTFormatter(SIMPLE_LOG_FORMAT))
 
-        log_handlers += [stdout, stderr]
+    log_handlers += [stdout, stderr]
 
     # Cloud logging setup
-    else:
-        # Use Google Cloud Structured Log Handler. Log entries are printed to stdout
-        # in a JSON format which is automatically picked up by Google Cloud Logging.
-        from google.cloud.logging.handlers import StructuredLogHandler
+    if config.enable_cloud_logging or force_cloud_logging:
+        import google.cloud.logging
+        from google.cloud.logging.handlers import CloudLoggingHandler
+        from google.cloud.logging_v2.handlers.transports.sync import SyncTransport
 
-        structured_log_handler = StructuredLogHandler(stream=sys.stdout)
-        structured_log_handler.setLevel(config.level)
-        log_handlers.append(structured_log_handler)
+        client = google.cloud.logging.Client()
+        cloud_handler = CloudLoggingHandler(
+            client,
+            name="autogpt_logs",
+            transport=SyncTransport,
+        )
+        cloud_handler.setLevel(config.level)
+        log_handlers.append(cloud_handler)
 
     # File logging setup
     if config.enable_file_logging:
@@ -134,13 +125,8 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
         print(f"Log directory: {config.log_dir}")
 
         # Activity log handler (INFO and above)
-        # Security fix: Use RotatingFileHandler with size limits to prevent disk exhaustion
-        activity_log_handler = RotatingFileHandler(
-            config.log_dir / LOG_FILE,
-            mode="a",
-            encoding="utf-8",
-            maxBytes=10 * 1024 * 1024,  # 10MB per file
-            backupCount=3,  # Keep 3 backup files (40MB total)
+        activity_log_handler = logging.FileHandler(
+            config.log_dir / LOG_FILE, "a", "utf-8"
         )
         activity_log_handler.setLevel(config.level)
         activity_log_handler.setFormatter(
@@ -150,13 +136,8 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
 
         if config.level == logging.DEBUG:
             # Debug log handler (all levels)
-            # Security fix: Use RotatingFileHandler with size limits
-            debug_log_handler = RotatingFileHandler(
-                config.log_dir / DEBUG_LOG_FILE,
-                mode="a",
-                encoding="utf-8",
-                maxBytes=10 * 1024 * 1024,  # 10MB per file
-                backupCount=3,  # Keep 3 backup files (40MB total)
+            debug_log_handler = logging.FileHandler(
+                config.log_dir / DEBUG_LOG_FILE, "a", "utf-8"
             )
             debug_log_handler.setLevel(logging.DEBUG)
             debug_log_handler.setFormatter(
@@ -165,13 +146,8 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
             log_handlers.append(debug_log_handler)
 
         # Error log handler (ERROR and above)
-        # Security fix: Use RotatingFileHandler with size limits
-        error_log_handler = RotatingFileHandler(
-            config.log_dir / ERROR_LOG_FILE,
-            mode="a",
-            encoding="utf-8",
-            maxBytes=10 * 1024 * 1024,  # 10MB per file
-            backupCount=3,  # Keep 3 backup files (40MB total)
+        error_log_handler = logging.FileHandler(
+            config.log_dir / ERROR_LOG_FILE, "a", "utf-8"
         )
         error_log_handler.setLevel(logging.ERROR)
         error_log_handler.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT, no_color=True))
@@ -179,13 +155,7 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
 
     # Configure the root logger
     logging.basicConfig(
-        format=(
-            "%(levelname)s  %(message)s"
-            if structured_logging
-            else (
-                DEBUG_LOG_FORMAT if config.level == logging.DEBUG else SIMPLE_LOG_FORMAT
-            )
-        ),
+        format=DEBUG_LOG_FORMAT if config.level == logging.DEBUG else SIMPLE_LOG_FORMAT,
         level=config.level,
         handlers=log_handlers,
     )

autogpt_platform/autogpt_libs/autogpt_libs/logging/utils.py

@@ -1,5 +1,39 @@
+import logging
 import re
+from typing import Any
+
+import uvicorn.config
+from colorama import Fore
 
 
 def remove_color_codes(s: str) -> str:
     return re.sub(r"\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])", "", s)
+
+
+def fmt_kwargs(kwargs: dict) -> str:
+    return ", ".join(f"{n}={repr(v)}" for n, v in kwargs.items())
+
+
+def print_attribute(
+    title: str, value: Any, title_color: str = Fore.GREEN, value_color: str = ""
+) -> None:
+    logger = logging.getLogger()
+    logger.info(
+        str(value),
+        extra={
+            "title": f"{title.rstrip(':')}:",
+            "title_color": title_color,
+            "color": value_color,
+        },
+    )
+
+
+def generate_uvicorn_config():
+    """
+    Generates a uvicorn logging config that silences uvicorn's default logging and tells it to use the native logging module.
+    """
+    log_config = dict(uvicorn.config.LOGGING_CONFIG)
+    log_config["loggers"]["uvicorn"] = {"handlers": []}
+    log_config["loggers"]["uvicorn.error"] = {"handlers": []}
+    log_config["loggers"]["uvicorn.access"] = {"handlers": []}
+    return log_config

autogpt_platform/autogpt_libs/autogpt_libs/rate_limit/config.py

@@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
@@ -15,8 +13,8 @@ class RateLimitSettings(BaseSettings):
         default="6379", description="Redis port", validation_alias="REDIS_PORT"
     )
 
-    redis_password: Optional[str] = Field(
-        default=None,
+    redis_password: str = Field(
+        default="password",
         description="Redis password",
         validation_alias="REDIS_PASSWORD",
     )

autogpt_platform/autogpt_libs/autogpt_libs/rate_limit/limiter.py

@@ -11,7 +11,7 @@ class RateLimiter:
         self,
         redis_host: str = RATE_LIMIT_SETTINGS.redis_host,
         redis_port: str = RATE_LIMIT_SETTINGS.redis_port,
-        redis_password: str | None = RATE_LIMIT_SETTINGS.redis_password,
+        redis_password: str = RATE_LIMIT_SETTINGS.redis_password,
         requests_per_minute: int = RATE_LIMIT_SETTINGS.requests_per_minute,
     ):
         self.redis = Redis(

autogpt_platform/autogpt_libs/autogpt_libs/utils/cache.py

@@ -0,0 +1,59 @@
+import inspect
+import threading
+from typing import Awaitable, Callable, ParamSpec, TypeVar, cast, overload
+
+P = ParamSpec("P")
+R = TypeVar("R")
+
+
+@overload
+def thread_cached(func: Callable[P, Awaitable[R]]) -> Callable[P, Awaitable[R]]: ...
+
+
+@overload
+def thread_cached(func: Callable[P, R]) -> Callable[P, R]: ...
+
+
+def thread_cached(
+    func: Callable[P, R] | Callable[P, Awaitable[R]],
+) -> Callable[P, R] | Callable[P, Awaitable[R]]:
+    thread_local = threading.local()
+
+    def _clear():
+        if hasattr(thread_local, "cache"):
+            del thread_local.cache
+
+    if inspect.iscoroutinefunction(func):
+
+        async def async_wrapper(*args: P.args, **kwargs: P.kwargs) -> R:
+            cache = getattr(thread_local, "cache", None)
+            if cache is None:
+                cache = thread_local.cache = {}
+            key = (args, tuple(sorted(kwargs.items())))
+            if key not in cache:
+                cache[key] = await cast(Callable[P, Awaitable[R]], func)(
+                    *args, **kwargs
+                )
+            return cache[key]
+
+        setattr(async_wrapper, "clear_cache", _clear)
+        return async_wrapper
+
+    else:
+
+        def sync_wrapper(*args: P.args, **kwargs: P.kwargs) -> R:
+            cache = getattr(thread_local, "cache", None)
+            if cache is None:
+                cache = thread_local.cache = {}
+            key = (args, tuple(sorted(kwargs.items())))
+            if key not in cache:
+                cache[key] = func(*args, **kwargs)
+            return cache[key]
+
+        setattr(sync_wrapper, "clear_cache", _clear)
+        return sync_wrapper
+
+
+def clear_thread_cache(func: Callable) -> None:
+    if clear := getattr(func, "clear_cache", None):
+        clear()

autogpt_platform/autogpt_libs/autogpt_libs/utils/cache_test.py

@@ -0,0 +1,325 @@
+"""Tests for the @thread_cached decorator.
+
+This module tests the thread-local caching functionality including:
+- Basic caching for sync and async functions
+- Thread isolation (each thread has its own cache)
+- Cache clearing functionality
+- Exception handling (exceptions are not cached)
+- Argument handling (positional vs keyword arguments)
+"""
+
+import asyncio
+import threading
+import time
+from concurrent.futures import ThreadPoolExecutor
+from unittest.mock import Mock
+
+import pytest
+
+from autogpt_libs.utils.cache import clear_thread_cache, thread_cached
+
+
+class TestThreadCached:
+    def test_sync_function_caching(self):
+        call_count = 0
+
+        @thread_cached
+        def expensive_function(x: int, y: int = 0) -> int:
+            nonlocal call_count
+            call_count += 1
+            return x + y
+
+        assert expensive_function(1, 2) == 3
+        assert call_count == 1
+
+        assert expensive_function(1, 2) == 3
+        assert call_count == 1
+
+        assert expensive_function(1, y=2) == 3
+        assert call_count == 2
+
+        assert expensive_function(2, 3) == 5
+        assert call_count == 3
+
+        assert expensive_function(1) == 1
+        assert call_count == 4
+
+    @pytest.mark.asyncio
+    async def test_async_function_caching(self):
+        call_count = 0
+
+        @thread_cached
+        async def expensive_async_function(x: int, y: int = 0) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            return x + y
+
+        assert await expensive_async_function(1, 2) == 3
+        assert call_count == 1
+
+        assert await expensive_async_function(1, 2) == 3
+        assert call_count == 1
+
+        assert await expensive_async_function(1, y=2) == 3
+        assert call_count == 2
+
+        assert await expensive_async_function(2, 3) == 5
+        assert call_count == 3
+
+    def test_thread_isolation(self):
+        call_count = 0
+        results = {}
+
+        @thread_cached
+        def thread_specific_function(x: int) -> str:
+            nonlocal call_count
+            call_count += 1
+            return f"{threading.current_thread().name}-{x}"
+
+        def worker(thread_id: int):
+            result1 = thread_specific_function(1)
+            result2 = thread_specific_function(1)
+            result3 = thread_specific_function(2)
+            results[thread_id] = (result1, result2, result3)
+
+        with ThreadPoolExecutor(max_workers=3) as executor:
+            futures = [executor.submit(worker, i) for i in range(3)]
+            for future in futures:
+                future.result()
+
+        assert call_count >= 2
+
+        for thread_id, (r1, r2, r3) in results.items():
+            assert r1 == r2
+            assert r1 != r3
+
+    @pytest.mark.asyncio
+    async def test_async_thread_isolation(self):
+        call_count = 0
+        results = {}
+
+        @thread_cached
+        async def async_thread_specific_function(x: int) -> str:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            return f"{threading.current_thread().name}-{x}"
+
+        async def async_worker(worker_id: int):
+            result1 = await async_thread_specific_function(1)
+            result2 = await async_thread_specific_function(1)
+            result3 = await async_thread_specific_function(2)
+            results[worker_id] = (result1, result2, result3)
+
+        tasks = [async_worker(i) for i in range(3)]
+        await asyncio.gather(*tasks)
+
+        for worker_id, (r1, r2, r3) in results.items():
+            assert r1 == r2
+            assert r1 != r3
+
+    def test_clear_cache_sync(self):
+        call_count = 0
+
+        @thread_cached
+        def clearable_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            return x * 2
+
+        assert clearable_function(5) == 10
+        assert call_count == 1
+
+        assert clearable_function(5) == 10
+        assert call_count == 1
+
+        clear_thread_cache(clearable_function)
+
+        assert clearable_function(5) == 10
+        assert call_count == 2
+
+    @pytest.mark.asyncio
+    async def test_clear_cache_async(self):
+        call_count = 0
+
+        @thread_cached
+        async def clearable_async_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            return x * 2
+
+        assert await clearable_async_function(5) == 10
+        assert call_count == 1
+
+        assert await clearable_async_function(5) == 10
+        assert call_count == 1
+
+        clear_thread_cache(clearable_async_function)
+
+        assert await clearable_async_function(5) == 10
+        assert call_count == 2
+
+    def test_simple_arguments(self):
+        call_count = 0
+
+        @thread_cached
+        def simple_function(a: str, b: int, c: str = "default") -> str:
+            nonlocal call_count
+            call_count += 1
+            return f"{a}-{b}-{c}"
+
+        # First call with all positional args
+        result1 = simple_function("test", 42, "custom")
+        assert call_count == 1
+
+        # Same args, all positional - should hit cache
+        result2 = simple_function("test", 42, "custom")
+        assert call_count == 1
+        assert result1 == result2
+
+        # Same values but last arg as keyword - creates different cache key
+        result3 = simple_function("test", 42, c="custom")
+        assert call_count == 2
+        assert result1 == result3  # Same result, different cache entry
+
+        # Different value - new cache entry
+        result4 = simple_function("test", 43, "custom")
+        assert call_count == 3
+        assert result1 != result4
+
+    def test_positional_vs_keyword_args(self):
+        """Test that positional and keyword arguments create different cache entries."""
+        call_count = 0
+
+        @thread_cached
+        def func(a: int, b: int = 10) -> str:
+            nonlocal call_count
+            call_count += 1
+            return f"result-{a}-{b}"
+
+        # All positional
+        result1 = func(1, 2)
+        assert call_count == 1
+        assert result1 == "result-1-2"
+
+        # Same values, but second arg as keyword
+        result2 = func(1, b=2)
+        assert call_count == 2  # Different cache key!
+        assert result2 == "result-1-2"  # Same result
+
+        # Verify both are cached separately
+        func(1, 2)  # Uses first cache entry
+        assert call_count == 2
+
+        func(1, b=2)  # Uses second cache entry
+        assert call_count == 2
+
+    def test_exception_handling(self):
+        call_count = 0
+
+        @thread_cached
+        def failing_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            if x < 0:
+                raise ValueError("Negative value")
+            return x * 2
+
+        assert failing_function(5) == 10
+        assert call_count == 1
+
+        with pytest.raises(ValueError):
+            failing_function(-1)
+        assert call_count == 2
+
+        with pytest.raises(ValueError):
+            failing_function(-1)
+        assert call_count == 3
+
+        assert failing_function(5) == 10
+        assert call_count == 3
+
+    @pytest.mark.asyncio
+    async def test_async_exception_handling(self):
+        call_count = 0
+
+        @thread_cached
+        async def async_failing_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            if x < 0:
+                raise ValueError("Negative value")
+            return x * 2
+
+        assert await async_failing_function(5) == 10
+        assert call_count == 1
+
+        with pytest.raises(ValueError):
+            await async_failing_function(-1)
+        assert call_count == 2
+
+        with pytest.raises(ValueError):
+            await async_failing_function(-1)
+        assert call_count == 3
+
+    def test_sync_caching_performance(self):
+        @thread_cached
+        def slow_function(x: int) -> int:
+            print(f"slow_function called with x={x}")
+            time.sleep(0.1)
+            return x * 2
+
+        start = time.time()
+        result1 = slow_function(5)
+        first_call_time = time.time() - start
+        print(f"First call took {first_call_time:.4f} seconds")
+
+        start = time.time()
+        result2 = slow_function(5)
+        second_call_time = time.time() - start
+        print(f"Second call took {second_call_time:.4f} seconds")
+
+        assert result1 == result2 == 10
+        assert first_call_time > 0.09
+        assert second_call_time < 0.01
+
+    @pytest.mark.asyncio
+    async def test_async_caching_performance(self):
+        @thread_cached
+        async def slow_async_function(x: int) -> int:
+            print(f"slow_async_function called with x={x}")
+            await asyncio.sleep(0.1)
+            return x * 2
+
+        start = time.time()
+        result1 = await slow_async_function(5)
+        first_call_time = time.time() - start
+        print(f"First async call took {first_call_time:.4f} seconds")
+
+        start = time.time()
+        result2 = await slow_async_function(5)
+        second_call_time = time.time() - start
+        print(f"Second async call took {second_call_time:.4f} seconds")
+
+        assert result1 == result2 == 10
+        assert first_call_time > 0.09
+        assert second_call_time < 0.01
+
+    def test_with_mock_objects(self):
+        mock = Mock(return_value=42)
+
+        @thread_cached
+        def function_using_mock(x: int) -> int:
+            return mock(x)
+
+        assert function_using_mock(1) == 42
+        assert mock.call_count == 1
+
+        assert function_using_mock(1) == 42
+        assert mock.call_count == 1
+
+        assert function_using_mock(2) == 42
+        assert mock.call_count == 2

autogpt_platform/autogpt_libs/poetry.lock

@@ -54,7 +54,7 @@ version = "1.2.0"
 description = "Backport of asyncio.Runner, a context manager that controls event loop life cycle."
 optional = false
 python-versions = "<3.11,>=3.8"
-groups = ["dev"]
+groups = ["main"]
 markers = "python_version < \"3.11\""
 files = [
     {file = "backports_asyncio_runner-1.2.0-py3-none-any.whl", hash = "sha256:0da0a936a8aeb554eccb426dc55af3ba63bcdc69fa1a600b5bb305413a4477b5"},
@@ -85,87 +85,6 @@ files = [
     {file = "certifi-2025.7.14.tar.gz", hash = "sha256:8ea99dbdfaaf2ba2f9bac77b9249ef62ec5218e7c2b2e903378ed5fccf765995"},
 ]
 
-[[package]]
-name = "cffi"
-version = "1.17.1"
-description = "Foreign Function Interface for Python calling C code."
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-markers = "platform_python_implementation != \"PyPy\""
-files = [
-    {file = "cffi-1.17.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"},
-    {file = "cffi-1.17.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67"},
-    {file = "cffi-1.17.1-cp310-cp310-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:edae79245293e15384b51f88b00613ba9f7198016a5948b5dddf4917d4d26382"},
-    {file = "cffi-1.17.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:45398b671ac6d70e67da8e4224a065cec6a93541bb7aebe1b198a61b58c7b702"},
-    {file = "cffi-1.17.1-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ad9413ccdeda48c5afdae7e4fa2192157e991ff761e7ab8fdd8926f40b160cc3"},
-    {file = "cffi-1.17.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5da5719280082ac6bd9aa7becb3938dc9f9cbd57fac7d2871717b1feb0902ab6"},
-    {file = "cffi-1.17.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2bb1a08b8008b281856e5971307cc386a8e9c5b625ac297e853d36da6efe9c17"},
-    {file = "cffi-1.17.1-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8"},
-    {file = "cffi-1.17.1-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:6883e737d7d9e4899a8a695e00ec36bd4e5e4f18fabe0aca0efe0a4b44cdb13e"},
-    {file = "cffi-1.17.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:6b8b4a92e1c65048ff98cfe1f735ef8f1ceb72e3d5f0c25fdb12087a23da22be"},
-    {file = "cffi-1.17.1-cp310-cp310-win32.whl", hash = "sha256:c9c3d058ebabb74db66e431095118094d06abf53284d9c81f27300d0e0d8bc7c"},
-    {file = "cffi-1.17.1-cp310-cp310-win_amd64.whl", hash = "sha256:0f048dcf80db46f0098ccac01132761580d28e28bc0f78ae0d58048063317e15"},
-    {file = "cffi-1.17.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:a45e3c6913c5b87b3ff120dcdc03f6131fa0065027d0ed7ee6190736a74cd401"},
-    {file = "cffi-1.17.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:30c5e0cb5ae493c04c8b42916e52ca38079f1b235c2f8ae5f4527b963c401caf"},
-    {file = "cffi-1.17.1-cp311-cp311-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f75c7ab1f9e4aca5414ed4d8e5c0e303a34f4421f8a0d47a4d019ceff0ab6af4"},
-    {file = "cffi-1.17.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41"},
-    {file = "cffi-1.17.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1"},
-    {file = "cffi-1.17.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6"},
-    {file = "cffi-1.17.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d"},
-    {file = "cffi-1.17.1-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6"},
-    {file = "cffi-1.17.1-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:de2ea4b5833625383e464549fec1bc395c1bdeeb5f25c4a3a82b5a8c756ec22f"},
-    {file = "cffi-1.17.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b"},
-    {file = "cffi-1.17.1-cp311-cp311-win32.whl", hash = "sha256:85a950a4ac9c359340d5963966e3e0a94a676bd6245a4b55bc43949eee26a655"},
-    {file = "cffi-1.17.1-cp311-cp311-win_amd64.whl", hash = "sha256:caaf0640ef5f5517f49bc275eca1406b0ffa6aa184892812030f04c2abf589a0"},
-    {file = "cffi-1.17.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:805b4371bf7197c329fcb3ead37e710d1bca9da5d583f5073b799d5c5bd1eee4"},
-    {file = "cffi-1.17.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:733e99bc2df47476e3848417c5a4540522f234dfd4ef3ab7fafdf555b082ec0c"},
-    {file = "cffi-1.17.1-cp312-cp312-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1257bdabf294dceb59f5e70c64a3e2f462c30c7ad68092d01bbbfb1c16b1ba36"},
-    {file = "cffi-1.17.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:da95af8214998d77a98cc14e3a3bd00aa191526343078b530ceb0bd710fb48a5"},
-    {file = "cffi-1.17.1-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d63afe322132c194cf832bfec0dc69a99fb9bb6bbd550f161a49e9e855cc78ff"},
-    {file = "cffi-1.17.1-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f79fc4fc25f1c8698ff97788206bb3c2598949bfe0fef03d299eb1b5356ada99"},
-    {file = "cffi-1.17.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b62ce867176a75d03a665bad002af8e6d54644fad99a3c70905c543130e39d93"},
-    {file = "cffi-1.17.1-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:386c8bf53c502fff58903061338ce4f4950cbdcb23e2902d86c0f722b786bbe3"},
-    {file = "cffi-1.17.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:4ceb10419a9adf4460ea14cfd6bc43d08701f0835e979bf821052f1805850fe8"},
-    {file = "cffi-1.17.1-cp312-cp312-win32.whl", hash = "sha256:a08d7e755f8ed21095a310a693525137cfe756ce62d066e53f502a83dc550f65"},
-    {file = "cffi-1.17.1-cp312-cp312-win_amd64.whl", hash = "sha256:51392eae71afec0d0c8fb1a53b204dbb3bcabcb3c9b807eedf3e1e6ccf2de903"},
-    {file = "cffi-1.17.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e"},
-    {file = "cffi-1.17.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2"},
-    {file = "cffi-1.17.1-cp313-cp313-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3"},
-    {file = "cffi-1.17.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683"},
-    {file = "cffi-1.17.1-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5"},
-    {file = "cffi-1.17.1-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4"},
-    {file = "cffi-1.17.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd"},
-    {file = "cffi-1.17.1-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed"},
-    {file = "cffi-1.17.1-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9"},
-    {file = "cffi-1.17.1-cp313-cp313-win32.whl", hash = "sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d"},
-    {file = "cffi-1.17.1-cp313-cp313-win_amd64.whl", hash = "sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a"},
-    {file = "cffi-1.17.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:636062ea65bd0195bc012fea9321aca499c0504409f413dc88af450b57ffd03b"},
-    {file = "cffi-1.17.1-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c7eac2ef9b63c79431bc4b25f1cd649d7f061a28808cbc6c47b534bd789ef964"},
-    {file = "cffi-1.17.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e221cf152cff04059d011ee126477f0d9588303eb57e88923578ace7baad17f9"},
-    {file = "cffi-1.17.1-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:31000ec67d4221a71bd3f67df918b1f88f676f1c3b535a7eb473255fdc0b83fc"},
-    {file = "cffi-1.17.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:6f17be4345073b0a7b8ea599688f692ac3ef23ce28e5df79c04de519dbc4912c"},
-    {file = "cffi-1.17.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0e2b1fac190ae3ebfe37b979cc1ce69c81f4e4fe5746bb401dca63a9062cdaf1"},
-    {file = "cffi-1.17.1-cp38-cp38-win32.whl", hash = "sha256:7596d6620d3fa590f677e9ee430df2958d2d6d6de2feeae5b20e82c00b76fbf8"},
-    {file = "cffi-1.17.1-cp38-cp38-win_amd64.whl", hash = "sha256:78122be759c3f8a014ce010908ae03364d00a1f81ab5c7f4a7a5120607ea56e1"},
-    {file = "cffi-1.17.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:b2ab587605f4ba0bf81dc0cb08a41bd1c0a5906bd59243d56bad7668a6fc6c16"},
-    {file = "cffi-1.17.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:28b16024becceed8c6dfbc75629e27788d8a3f9030691a1dbf9821a128b22c36"},
-    {file = "cffi-1.17.1-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1d599671f396c4723d016dbddb72fe8e0397082b0a77a4fab8028923bec050e8"},
-    {file = "cffi-1.17.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ca74b8dbe6e8e8263c0ffd60277de77dcee6c837a3d0881d8c1ead7268c9e576"},
-    {file = "cffi-1.17.1-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f7f5baafcc48261359e14bcd6d9bff6d4b28d9103847c9e136694cb0501aef87"},
-    {file = "cffi-1.17.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:98e3969bcff97cae1b2def8ba499ea3d6f31ddfdb7635374834cf89a1a08ecf0"},
-    {file = "cffi-1.17.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cdf5ce3acdfd1661132f2a9c19cac174758dc2352bfe37d98aa7512c6b7178b3"},
-    {file = "cffi-1.17.1-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:9755e4345d1ec879e3849e62222a18c7174d65a6a92d5b346b1863912168b595"},
-    {file = "cffi-1.17.1-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:f1e22e8c4419538cb197e4dd60acc919d7696e5ef98ee4da4e01d3f8cfa4cc5a"},
-    {file = "cffi-1.17.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:c03e868a0b3bc35839ba98e74211ed2b05d2119be4e8a0f224fba9384f1fe02e"},
-    {file = "cffi-1.17.1-cp39-cp39-win32.whl", hash = "sha256:e31ae45bc2e29f6b2abd0de1cc3b9d5205aa847cafaecb8af1476a609a2f6eb7"},
-    {file = "cffi-1.17.1-cp39-cp39-win_amd64.whl", hash = "sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662"},
-    {file = "cffi-1.17.1.tar.gz", hash = "sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824"},
-]
-
-[package.dependencies]
-pycparser = "*"
-
 [[package]]
 name = "charset-normalizer"
 version = "3.4.2"
@@ -289,176 +208,12 @@ version = "0.4.6"
 description = "Cross-platform colored terminal text."
 optional = false
 python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
-groups = ["main", "dev"]
+groups = ["main"]
 files = [
     {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
     {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
 ]
 
-[[package]]
-name = "coverage"
-version = "7.10.5"
-description = "Code coverage measurement for Python"
-optional = false
-python-versions = ">=3.9"
-groups = ["dev"]
-files = [
-    {file = "coverage-7.10.5-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:c6a5c3414bfc7451b879141ce772c546985163cf553f08e0f135f0699a911801"},
-    {file = "coverage-7.10.5-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:bc8e4d99ce82f1710cc3c125adc30fd1487d3cf6c2cd4994d78d68a47b16989a"},
-    {file = "coverage-7.10.5-cp310-cp310-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:02252dc1216e512a9311f596b3169fad54abcb13827a8d76d5630c798a50a754"},
-    {file = "coverage-7.10.5-cp310-cp310-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:73269df37883e02d460bee0cc16be90509faea1e3bd105d77360b512d5bb9c33"},
-    {file = "coverage-7.10.5-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:1f8a81b0614642f91c9effd53eec284f965577591f51f547a1cbeb32035b4c2f"},
-    {file = "coverage-7.10.5-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:6a29f8e0adb7f8c2b95fa2d4566a1d6e6722e0a637634c6563cb1ab844427dd9"},
-    {file = "coverage-7.10.5-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:fcf6ab569436b4a647d4e91accba12509ad9f2554bc93d3aee23cc596e7f99c3"},
-    {file = "coverage-7.10.5-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:90dc3d6fb222b194a5de60af8d190bedeeddcbc7add317e4a3cd333ee6b7c879"},
-    {file = "coverage-7.10.5-cp310-cp310-win32.whl", hash = "sha256:414a568cd545f9dc75f0686a0049393de8098414b58ea071e03395505b73d7a8"},
-    {file = "coverage-7.10.5-cp310-cp310-win_amd64.whl", hash = "sha256:e551f9d03347196271935fd3c0c165f0e8c049220280c1120de0084d65e9c7ff"},
-    {file = "coverage-7.10.5-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:c177e6ffe2ebc7c410785307758ee21258aa8e8092b44d09a2da767834f075f2"},
-    {file = "coverage-7.10.5-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:14d6071c51ad0f703d6440827eaa46386169b5fdced42631d5a5ac419616046f"},
-    {file = "coverage-7.10.5-cp311-cp311-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:61f78c7c3bc272a410c5ae3fde7792b4ffb4acc03d35a7df73ca8978826bb7ab"},
-    {file = "coverage-7.10.5-cp311-cp311-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:f39071caa126f69d63f99b324fb08c7b1da2ec28cbb1fe7b5b1799926492f65c"},
-    {file = "coverage-7.10.5-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:343a023193f04d46edc46b2616cdbee68c94dd10208ecd3adc56fcc54ef2baa1"},
-    {file = "coverage-7.10.5-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:585ffe93ae5894d1ebdee69fc0b0d4b7c75d8007983692fb300ac98eed146f78"},
-    {file = "coverage-7.10.5-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:b0ef4e66f006ed181df29b59921bd8fc7ed7cd6a9289295cd8b2824b49b570df"},
-    {file = "coverage-7.10.5-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:eb7b0bbf7cc1d0453b843eca7b5fa017874735bef9bfdfa4121373d2cc885ed6"},
-    {file = "coverage-7.10.5-cp311-cp311-win32.whl", hash = "sha256:1d043a8a06987cc0c98516e57c4d3fc2c1591364831e9deb59c9e1b4937e8caf"},
-    {file = "coverage-7.10.5-cp311-cp311-win_amd64.whl", hash = "sha256:fefafcca09c3ac56372ef64a40f5fe17c5592fab906e0fdffd09543f3012ba50"},
-    {file = "coverage-7.10.5-cp311-cp311-win_arm64.whl", hash = "sha256:7e78b767da8b5fc5b2faa69bb001edafcd6f3995b42a331c53ef9572c55ceb82"},
-    {file = "coverage-7.10.5-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:c2d05c7e73c60a4cecc7d9b60dbfd603b4ebc0adafaef371445b47d0f805c8a9"},
-    {file = "coverage-7.10.5-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:32ddaa3b2c509778ed5373b177eb2bf5662405493baeff52278a0b4f9415188b"},
-    {file = "coverage-7.10.5-cp312-cp312-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:dd382410039fe062097aa0292ab6335a3f1e7af7bba2ef8d27dcda484918f20c"},
-    {file = "coverage-7.10.5-cp312-cp312-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:7fa22800f3908df31cea6fb230f20ac49e343515d968cc3a42b30d5c3ebf9b5a"},
-    {file = "coverage-7.10.5-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f366a57ac81f5e12797136552f5b7502fa053c861a009b91b80ed51f2ce651c6"},
-    {file = "coverage-7.10.5-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:5f1dc8f1980a272ad4a6c84cba7981792344dad33bf5869361576b7aef42733a"},
-    {file = "coverage-7.10.5-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:2285c04ee8676f7938b02b4936d9b9b672064daab3187c20f73a55f3d70e6b4a"},
-    {file = "coverage-7.10.5-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:c2492e4dd9daab63f5f56286f8a04c51323d237631eb98505d87e4c4ff19ec34"},
-    {file = "coverage-7.10.5-cp312-cp312-win32.whl", hash = "sha256:38a9109c4ee8135d5df5505384fc2f20287a47ccbe0b3f04c53c9a1989c2bbaf"},
-    {file = "coverage-7.10.5-cp312-cp312-win_amd64.whl", hash = "sha256:6b87f1ad60b30bc3c43c66afa7db6b22a3109902e28c5094957626a0143a001f"},
-    {file = "coverage-7.10.5-cp312-cp312-win_arm64.whl", hash = "sha256:672a6c1da5aea6c629819a0e1461e89d244f78d7b60c424ecf4f1f2556c041d8"},
-    {file = "coverage-7.10.5-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:ef3b83594d933020f54cf65ea1f4405d1f4e41a009c46df629dd964fcb6e907c"},
-    {file = "coverage-7.10.5-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:2b96bfdf7c0ea9faebce088a3ecb2382819da4fbc05c7b80040dbc428df6af44"},
-    {file = "coverage-7.10.5-cp313-cp313-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:63df1fdaffa42d914d5c4d293e838937638bf75c794cf20bee12978fc8c4e3bc"},
-    {file = "coverage-7.10.5-cp313-cp313-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:8002dc6a049aac0e81ecec97abfb08c01ef0c1fbf962d0c98da3950ace89b869"},
-    {file = "coverage-7.10.5-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:63d4bb2966d6f5f705a6b0c6784c8969c468dbc4bcf9d9ded8bff1c7e092451f"},
-    {file = "coverage-7.10.5-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:1f672efc0731a6846b157389b6e6d5d5e9e59d1d1a23a5c66a99fd58339914d5"},
-    {file = "coverage-7.10.5-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:3f39cef43d08049e8afc1fde4a5da8510fc6be843f8dea350ee46e2a26b2f54c"},
-    {file = "coverage-7.10.5-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:2968647e3ed5a6c019a419264386b013979ff1fb67dd11f5c9886c43d6a31fc2"},
-    {file = "coverage-7.10.5-cp313-cp313-win32.whl", hash = "sha256:0d511dda38595b2b6934c2b730a1fd57a3635c6aa2a04cb74714cdfdd53846f4"},
-    {file = "coverage-7.10.5-cp313-cp313-win_amd64.whl", hash = "sha256:9a86281794a393513cf117177fd39c796b3f8e3759bb2764259a2abba5cce54b"},
-    {file = "coverage-7.10.5-cp313-cp313-win_arm64.whl", hash = "sha256:cebd8e906eb98bb09c10d1feed16096700b1198d482267f8bf0474e63a7b8d84"},
-    {file = "coverage-7.10.5-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:0520dff502da5e09d0d20781df74d8189ab334a1e40d5bafe2efaa4158e2d9e7"},
-    {file = "coverage-7.10.5-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:d9cd64aca68f503ed3f1f18c7c9174cbb797baba02ca8ab5112f9d1c0328cd4b"},
-    {file = "coverage-7.10.5-cp313-cp313t-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:0913dd1613a33b13c4f84aa6e3f4198c1a21ee28ccb4f674985c1f22109f0aae"},
-    {file = "coverage-7.10.5-cp313-cp313t-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:1b7181c0feeb06ed8a02da02792f42f829a7b29990fef52eff257fef0885d760"},
-    {file = "coverage-7.10.5-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:36d42b7396b605f774d4372dd9c49bed71cbabce4ae1ccd074d155709dd8f235"},
-    {file = "coverage-7.10.5-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:b4fdc777e05c4940b297bf47bf7eedd56a39a61dc23ba798e4b830d585486ca5"},
-    {file = "coverage-7.10.5-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:42144e8e346de44a6f1dbd0a56575dd8ab8dfa7e9007da02ea5b1c30ab33a7db"},
-    {file = "coverage-7.10.5-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:66c644cbd7aed8fe266d5917e2c9f65458a51cfe5eeff9c05f15b335f697066e"},
-    {file = "coverage-7.10.5-cp313-cp313t-win32.whl", hash = "sha256:2d1b73023854068c44b0c554578a4e1ef1b050ed07cf8b431549e624a29a66ee"},
-    {file = "coverage-7.10.5-cp313-cp313t-win_amd64.whl", hash = "sha256:54a1532c8a642d8cc0bd5a9a51f5a9dcc440294fd06e9dda55e743c5ec1a8f14"},
-    {file = "coverage-7.10.5-cp313-cp313t-win_arm64.whl", hash = "sha256:74d5b63fe3f5f5d372253a4ef92492c11a4305f3550631beaa432fc9df16fcff"},
-    {file = "coverage-7.10.5-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:68c5e0bc5f44f68053369fa0d94459c84548a77660a5f2561c5e5f1e3bed7031"},
-    {file = "coverage-7.10.5-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:cf33134ffae93865e32e1e37df043bef15a5e857d8caebc0099d225c579b0fa3"},
-    {file = "coverage-7.10.5-cp314-cp314-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:ad8fa9d5193bafcf668231294241302b5e683a0518bf1e33a9a0dfb142ec3031"},
-    {file = "coverage-7.10.5-cp314-cp314-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:146fa1531973d38ab4b689bc764592fe6c2f913e7e80a39e7eeafd11f0ef6db2"},
-    {file = "coverage-7.10.5-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:6013a37b8a4854c478d3219ee8bc2392dea51602dd0803a12d6f6182a0061762"},
-    {file = "coverage-7.10.5-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:eb90fe20db9c3d930fa2ad7a308207ab5b86bf6a76f54ab6a40be4012d88fcae"},
-    {file = "coverage-7.10.5-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:384b34482272e960c438703cafe63316dfbea124ac62006a455c8410bf2a2262"},
-    {file = "coverage-7.10.5-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:467dc74bd0a1a7de2bedf8deaf6811f43602cb532bd34d81ffd6038d6d8abe99"},
-    {file = "coverage-7.10.5-cp314-cp314-win32.whl", hash = "sha256:556d23d4e6393ca898b2e63a5bca91e9ac2d5fb13299ec286cd69a09a7187fde"},
-    {file = "coverage-7.10.5-cp314-cp314-win_amd64.whl", hash = "sha256:f4446a9547681533c8fa3e3c6cf62121eeee616e6a92bd9201c6edd91beffe13"},
-    {file = "coverage-7.10.5-cp314-cp314-win_arm64.whl", hash = "sha256:5e78bd9cf65da4c303bf663de0d73bf69f81e878bf72a94e9af67137c69b9fe9"},
-    {file = "coverage-7.10.5-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:5661bf987d91ec756a47c7e5df4fbcb949f39e32f9334ccd3f43233bbb65e508"},
-    {file = "coverage-7.10.5-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:a46473129244db42a720439a26984f8c6f834762fc4573616c1f37f13994b357"},
-    {file = "coverage-7.10.5-cp314-cp314t-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:1f64b8d3415d60f24b058b58d859e9512624bdfa57a2d1f8aff93c1ec45c429b"},
-    {file = "coverage-7.10.5-cp314-cp314t-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:44d43de99a9d90b20e0163f9770542357f58860a26e24dc1d924643bd6aa7cb4"},
-    {file = "coverage-7.10.5-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:a931a87e5ddb6b6404e65443b742cb1c14959622777f2a4efd81fba84f5d91ba"},
-    {file = "coverage-7.10.5-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:f9559b906a100029274448f4c8b8b0a127daa4dade5661dfd821b8c188058842"},
-    {file = "coverage-7.10.5-cp314-cp314t-musllinux_1_2_i686.whl", hash = "sha256:b08801e25e3b4526ef9ced1aa29344131a8f5213c60c03c18fe4c6170ffa2874"},
-    {file = "coverage-7.10.5-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:ed9749bb8eda35f8b636fb7632f1c62f735a236a5d4edadd8bbcc5ea0542e732"},
-    {file = "coverage-7.10.5-cp314-cp314t-win32.whl", hash = "sha256:609b60d123fc2cc63ccee6d17e4676699075db72d14ac3c107cc4976d516f2df"},
-    {file = "coverage-7.10.5-cp314-cp314t-win_amd64.whl", hash = "sha256:0666cf3d2c1626b5a3463fd5b05f5e21f99e6aec40a3192eee4d07a15970b07f"},
-    {file = "coverage-7.10.5-cp314-cp314t-win_arm64.whl", hash = "sha256:bc85eb2d35e760120540afddd3044a5bf69118a91a296a8b3940dfc4fdcfe1e2"},
-    {file = "coverage-7.10.5-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:62835c1b00c4a4ace24c1a88561a5a59b612fbb83a525d1c70ff5720c97c0610"},
-    {file = "coverage-7.10.5-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:5255b3bbcc1d32a4069d6403820ac8e6dbcc1d68cb28a60a1ebf17e47028e898"},
-    {file = "coverage-7.10.5-cp39-cp39-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:3876385722e335d6e991c430302c24251ef9c2a9701b2b390f5473199b1b8ebf"},
-    {file = "coverage-7.10.5-cp39-cp39-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:8048ce4b149c93447a55d279078c8ae98b08a6951a3c4d2d7e87f4efc7bfe100"},
-    {file = "coverage-7.10.5-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:4028e7558e268dd8bcf4d9484aad393cafa654c24b4885f6f9474bf53183a82a"},
-    {file = "coverage-7.10.5-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:03f47dc870eec0367fcdd603ca6a01517d2504e83dc18dbfafae37faec66129a"},
-    {file = "coverage-7.10.5-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:2d488d7d42b6ded7ea0704884f89dcabd2619505457de8fc9a6011c62106f6e5"},
-    {file = "coverage-7.10.5-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:b3dcf2ead47fa8be14224ee817dfc1df98043af568fe120a22f81c0eb3c34ad2"},
-    {file = "coverage-7.10.5-cp39-cp39-win32.whl", hash = "sha256:02650a11324b80057b8c9c29487020073d5e98a498f1857f37e3f9b6ea1b2426"},
-    {file = "coverage-7.10.5-cp39-cp39-win_amd64.whl", hash = "sha256:b45264dd450a10f9e03237b41a9a24e85cbb1e278e5a32adb1a303f58f0017f3"},
-    {file = "coverage-7.10.5-py3-none-any.whl", hash = "sha256:0be24d35e4db1d23d0db5c0f6a74a962e2ec83c426b5cac09f4234aadef38e4a"},
-    {file = "coverage-7.10.5.tar.gz", hash = "sha256:f2e57716a78bc3ae80b2207be0709a3b2b63b9f2dcf9740ee6ac03588a2015b6"},
-]
-
-[package.dependencies]
-tomli = {version = "*", optional = true, markers = "python_full_version <= \"3.11.0a6\" and extra == \"toml\""}
-
-[package.extras]
-toml = ["tomli ; python_full_version <= \"3.11.0a6\""]
-
-[[package]]
-name = "cryptography"
-version = "45.0.6"
-description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
-optional = false
-python-versions = "!=3.9.0,!=3.9.1,>=3.7"
-groups = ["main"]
-files = [
-    {file = "cryptography-45.0.6-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:048e7ad9e08cf4c0ab07ff7f36cc3115924e22e2266e034450a890d9e312dd74"},
-    {file = "cryptography-45.0.6-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:44647c5d796f5fc042bbc6d61307d04bf29bccb74d188f18051b635f20a9c75f"},
-    {file = "cryptography-45.0.6-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:e40b80ecf35ec265c452eea0ba94c9587ca763e739b8e559c128d23bff7ebbbf"},
-    {file = "cryptography-45.0.6-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:00e8724bdad672d75e6f069b27970883179bd472cd24a63f6e620ca7e41cc0c5"},
-    {file = "cryptography-45.0.6-cp311-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:7a3085d1b319d35296176af31c90338eeb2ddac8104661df79f80e1d9787b8b2"},
-    {file = "cryptography-45.0.6-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:1b7fa6a1c1188c7ee32e47590d16a5a0646270921f8020efc9a511648e1b2e08"},
-    {file = "cryptography-45.0.6-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:275ba5cc0d9e320cd70f8e7b96d9e59903c815ca579ab96c1e37278d231fc402"},
-    {file = "cryptography-45.0.6-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:f4028f29a9f38a2025abedb2e409973709c660d44319c61762202206ed577c42"},
-    {file = "cryptography-45.0.6-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:ee411a1b977f40bd075392c80c10b58025ee5c6b47a822a33c1198598a7a5f05"},
-    {file = "cryptography-45.0.6-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:e2a21a8eda2d86bb604934b6b37691585bd095c1f788530c1fcefc53a82b3453"},
-    {file = "cryptography-45.0.6-cp311-abi3-win32.whl", hash = "sha256:d063341378d7ee9c91f9d23b431a3502fc8bfacd54ef0a27baa72a0843b29159"},
-    {file = "cryptography-45.0.6-cp311-abi3-win_amd64.whl", hash = "sha256:833dc32dfc1e39b7376a87b9a6a4288a10aae234631268486558920029b086ec"},
-    {file = "cryptography-45.0.6-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:3436128a60a5e5490603ab2adbabc8763613f638513ffa7d311c900a8349a2a0"},
-    {file = "cryptography-45.0.6-cp37-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:0d9ef57b6768d9fa58e92f4947cea96ade1233c0e236db22ba44748ffedca394"},
-    {file = "cryptography-45.0.6-cp37-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:ea3c42f2016a5bbf71825537c2ad753f2870191134933196bee408aac397b3d9"},
-    {file = "cryptography-45.0.6-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:20ae4906a13716139d6d762ceb3e0e7e110f7955f3bc3876e3a07f5daadec5f3"},
-    {file = "cryptography-45.0.6-cp37-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:2dac5ec199038b8e131365e2324c03d20e97fe214af051d20c49db129844e8b3"},
-    {file = "cryptography-45.0.6-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:18f878a34b90d688982e43f4b700408b478102dd58b3e39de21b5ebf6509c301"},
-    {file = "cryptography-45.0.6-cp37-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:5bd6020c80c5b2b2242d6c48487d7b85700f5e0038e67b29d706f98440d66eb5"},
-    {file = "cryptography-45.0.6-cp37-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:eccddbd986e43014263eda489abbddfbc287af5cddfd690477993dbb31e31016"},
-    {file = "cryptography-45.0.6-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:550ae02148206beb722cfe4ef0933f9352bab26b087af00e48fdfb9ade35c5b3"},
-    {file = "cryptography-45.0.6-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:5b64e668fc3528e77efa51ca70fadcd6610e8ab231e3e06ae2bab3b31c2b8ed9"},
-    {file = "cryptography-45.0.6-cp37-abi3-win32.whl", hash = "sha256:780c40fb751c7d2b0c6786ceee6b6f871e86e8718a8ff4bc35073ac353c7cd02"},
-    {file = "cryptography-45.0.6-cp37-abi3-win_amd64.whl", hash = "sha256:20d15aed3ee522faac1a39fbfdfee25d17b1284bafd808e1640a74846d7c4d1b"},
-    {file = "cryptography-45.0.6-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:705bb7c7ecc3d79a50f236adda12ca331c8e7ecfbea51edd931ce5a7a7c4f012"},
-    {file = "cryptography-45.0.6-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:826b46dae41a1155a0c0e66fafba43d0ede1dc16570b95e40c4d83bfcf0a451d"},
-    {file = "cryptography-45.0.6-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:cc4d66f5dc4dc37b89cfef1bd5044387f7a1f6f0abb490815628501909332d5d"},
-    {file = "cryptography-45.0.6-pp310-pypy310_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:f68f833a9d445cc49f01097d95c83a850795921b3f7cc6488731e69bde3288da"},
-    {file = "cryptography-45.0.6-pp310-pypy310_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:3b5bf5267e98661b9b888a9250d05b063220dfa917a8203744454573c7eb79db"},
-    {file = "cryptography-45.0.6-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:2384f2ab18d9be88a6e4f8972923405e2dbb8d3e16c6b43f15ca491d7831bd18"},
-    {file = "cryptography-45.0.6-pp311-pypy311_pp73-macosx_10_9_x86_64.whl", hash = "sha256:fc022c1fa5acff6def2fc6d7819bbbd31ccddfe67d075331a65d9cfb28a20983"},
-    {file = "cryptography-45.0.6-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:3de77e4df42ac8d4e4d6cdb342d989803ad37707cf8f3fbf7b088c9cbdd46427"},
-    {file = "cryptography-45.0.6-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:599c8d7df950aa68baa7e98f7b73f4f414c9f02d0e8104a30c0182a07732638b"},
-    {file = "cryptography-45.0.6-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:31a2b9a10530a1cb04ffd6aa1cd4d3be9ed49f7d77a4dafe198f3b382f41545c"},
-    {file = "cryptography-45.0.6-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:e5b3dda1b00fb41da3af4c5ef3f922a200e33ee5ba0f0bc9ecf0b0c173958385"},
-    {file = "cryptography-45.0.6-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:629127cfdcdc6806dfe234734d7cb8ac54edaf572148274fa377a7d3405b0043"},
-    {file = "cryptography-45.0.6.tar.gz", hash = "sha256:5c966c732cf6e4a276ce83b6e4c729edda2df6929083a952cc7da973c539c719"},
-]
-
-[package.dependencies]
-cffi = {version = ">=1.14", markers = "platform_python_implementation != \"PyPy\""}
-
-[package.extras]
-docs = ["sphinx (>=5.3.0)", "sphinx-inline-tabs ; python_full_version >= \"3.8.0\"", "sphinx-rtd-theme (>=3.0.0) ; python_full_version >= \"3.8.0\""]
-docstest = ["pyenchant (>=3)", "readme-renderer (>=30.0)", "sphinxcontrib-spelling (>=7.3.1)"]
-nox = ["nox (>=2024.4.15)", "nox[uv] (>=2024.3.2) ; python_full_version >= \"3.8.0\""]
-pep8test = ["check-sdist ; python_full_version >= \"3.8.0\"", "click (>=8.0.1)", "mypy (>=1.4)", "ruff (>=0.3.6)"]
-sdist = ["build (>=1.0.0)"]
-ssh = ["bcrypt (>=3.1.5)"]
-test = ["certifi (>=2024)", "cryptography-vectors (==45.0.6)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
-test-randomorder = ["pytest-randomly"]
-
 [[package]]
 name = "deprecation"
 version = "2.1.0"
@@ -480,7 +235,7 @@ version = "1.3.0"
 description = "Backport of PEP 654 (exception groups)"
 optional = false
 python-versions = ">=3.7"
-groups = ["main", "dev"]
+groups = ["main"]
 markers = "python_version < \"3.11\""
 files = [
     {file = "exceptiongroup-1.3.0-py3-none-any.whl", hash = "sha256:4d111e6e0c13d0644cad6ddaa7ed0261a0b36971f6d23e7ec9b4b9097da78a10"},
@@ -955,7 +710,7 @@ version = "2.1.0"
 description = "brain-dead simple config-ini parsing"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
+groups = ["main"]
 files = [
     {file = "iniconfig-2.1.0-py3-none-any.whl", hash = "sha256:9deba5723312380e77435581c6bf4935c94cbfab9b1ed33ef8d238ea168eb760"},
     {file = "iniconfig-2.1.0.tar.gz", hash = "sha256:3abbd2e30b36733fee78f9c7f7308f2d0050e88f0087fd25c2645f63c773e1c7"},
@@ -1002,18 +757,6 @@ dynamodb = ["boto3 (>=1.9.71)"]
 redis = ["redis (>=2.10.5)"]
 test-filesource = ["pyyaml (>=5.3.1)", "watchdog (>=3.0.0)"]
 
-[[package]]
-name = "nodeenv"
-version = "1.9.1"
-description = "Node.js virtual environment builder"
-optional = false
-python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
-groups = ["dev"]
-files = [
-    {file = "nodeenv-1.9.1-py2.py3-none-any.whl", hash = "sha256:ba11c9782d29c27c70ffbdda2d7415098754709be8a7056d79a737cd901155c9"},
-    {file = "nodeenv-1.9.1.tar.gz", hash = "sha256:6ec12890a2dab7946721edbfbcd91f3319c6ccc9aec47be7c7e6b7011ee6645f"},
-]
-
 [[package]]
 name = "opentelemetry-api"
 version = "1.35.0"
@@ -1036,7 +779,7 @@ version = "25.0"
 description = "Core utilities for Python packages"
 optional = false
 python-versions = ">=3.8"
-groups = ["main", "dev"]
+groups = ["main"]
 files = [
     {file = "packaging-25.0-py3-none-any.whl", hash = "sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484"},
     {file = "packaging-25.0.tar.gz", hash = "sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f"},
@@ -1048,7 +791,7 @@ version = "1.6.0"
 description = "plugin and hook calling mechanisms for python"
 optional = false
 python-versions = ">=3.9"
-groups = ["dev"]
+groups = ["main"]
 files = [
     {file = "pluggy-1.6.0-py3-none-any.whl", hash = "sha256:e920276dd6813095e9377c0bc5566d94c932c33b27a3e3945d8389c374dd4746"},
     {file = "pluggy-1.6.0.tar.gz", hash = "sha256:7dcc130b76258d33b90f61b658791dede3486c3e6bfb003ee5c9bfb396dd22f3"},
@@ -1140,19 +883,6 @@ files = [
 [package.dependencies]
 pyasn1 = ">=0.6.1,<0.7.0"
 
-[[package]]
-name = "pycparser"
-version = "2.22"
-description = "C parser in Python"
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-markers = "platform_python_implementation != \"PyPy\""
-files = [
-    {file = "pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"},
-    {file = "pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6"},
-]
-
 [[package]]
 name = "pydantic"
 version = "2.11.7"
@@ -1317,7 +1047,7 @@ version = "2.19.2"
 description = "Pygments is a syntax highlighting package written in Python."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
+groups = ["main"]
 files = [
     {file = "pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b"},
     {file = "pygments-2.19.2.tar.gz", hash = "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887"},
@@ -1338,9 +1068,6 @@ files = [
     {file = "pyjwt-2.10.1.tar.gz", hash = "sha256:3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953"},
 ]
 
-[package.dependencies]
-cryptography = {version = ">=3.4.0", optional = true, markers = "extra == \"crypto\""}
-
 [package.extras]
 crypto = ["cryptography (>=3.4.0)"]
 dev = ["coverage[toml] (==5.0.4)", "cryptography (>=3.4.0)", "pre-commit", "pytest (>=6.0.0,<7.0.0)", "sphinx", "sphinx-rtd-theme", "zope.interface"]
@@ -1359,34 +1086,13 @@ files = [
     {file = "pyrfc3339-2.0.1.tar.gz", hash = "sha256:e47843379ea35c1296c3b6c67a948a1a490ae0584edfcbdea0eaffb5dd29960b"},
 ]
 
-[[package]]
-name = "pyright"
-version = "1.1.404"
-description = "Command line wrapper for pyright"
-optional = false
-python-versions = ">=3.7"
-groups = ["dev"]
-files = [
-    {file = "pyright-1.1.404-py3-none-any.whl", hash = "sha256:c7b7ff1fdb7219c643079e4c3e7d4125f0dafcc19d253b47e898d130ea426419"},
-    {file = "pyright-1.1.404.tar.gz", hash = "sha256:455e881a558ca6be9ecca0b30ce08aa78343ecc031d37a198ffa9a7a1abeb63e"},
-]
-
-[package.dependencies]
-nodeenv = ">=1.6.0"
-typing-extensions = ">=4.1"
-
-[package.extras]
-all = ["nodejs-wheel-binaries", "twine (>=3.4.1)"]
-dev = ["twine (>=3.4.1)"]
-nodejs = ["nodejs-wheel-binaries"]
-
 [[package]]
 name = "pytest"
 version = "8.4.1"
 description = "pytest: simple powerful testing with Python"
 optional = false
 python-versions = ">=3.9"
-groups = ["dev"]
+groups = ["main"]
 files = [
     {file = "pytest-8.4.1-py3-none-any.whl", hash = "sha256:539c70ba6fcead8e78eebbf1115e8b589e7565830d7d006a8723f19ac8a0afb7"},
     {file = "pytest-8.4.1.tar.gz", hash = "sha256:7c67fd69174877359ed9371ec3af8a3d2b04741818c51e5e99cc1742251fa93c"},
@@ -1410,7 +1116,7 @@ version = "1.1.0"
 description = "Pytest support for asyncio"
 optional = false
 python-versions = ">=3.9"
-groups = ["dev"]
+groups = ["main"]
 files = [
     {file = "pytest_asyncio-1.1.0-py3-none-any.whl", hash = "sha256:5fe2d69607b0bd75c656d1211f969cadba035030156745ee09e7d71740e58ecf"},
     {file = "pytest_asyncio-1.1.0.tar.gz", hash = "sha256:796aa822981e01b68c12e4827b8697108f7205020f24b5793b3c41555dab68ea"},
@@ -1424,33 +1130,13 @@ pytest = ">=8.2,<9"
 docs = ["sphinx (>=5.3)", "sphinx-rtd-theme (>=1)"]
 testing = ["coverage (>=6.2)", "hypothesis (>=5.7.1)"]
 
-[[package]]
-name = "pytest-cov"
-version = "6.2.1"
-description = "Pytest plugin for measuring coverage."
-optional = false
-python-versions = ">=3.9"
-groups = ["dev"]
-files = [
-    {file = "pytest_cov-6.2.1-py3-none-any.whl", hash = "sha256:f5bc4c23f42f1cdd23c70b1dab1bbaef4fc505ba950d53e0081d0730dd7e86d5"},
-    {file = "pytest_cov-6.2.1.tar.gz", hash = "sha256:25cc6cc0a5358204b8108ecedc51a9b57b34cc6b8c967cc2c01a4e00d8a67da2"},
-]
-
-[package.dependencies]
-coverage = {version = ">=7.5", extras = ["toml"]}
-pluggy = ">=1.2"
-pytest = ">=6.2.5"
-
-[package.extras]
-testing = ["fields", "hunter", "process-tests", "pytest-xdist", "virtualenv"]
-
 [[package]]
 name = "pytest-mock"
 version = "3.14.1"
 description = "Thin-wrapper around the mock package for easier use with pytest"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
+groups = ["main"]
 files = [
     {file = "pytest_mock-3.14.1-py3-none-any.whl", hash = "sha256:178aefcd11307d874b4cd3100344e7e2d888d9791a6a1d9bfe90fbc1b74fd1d0"},
     {file = "pytest_mock-3.14.1.tar.gz", hash = "sha256:159e9edac4c451ce77a5cdb9fc5d1100708d2dd4ba3c3df572f14097351af80e"},
@@ -1567,31 +1253,30 @@ pyasn1 = ">=0.1.3"
 
 [[package]]
 name = "ruff"
-version = "0.12.11"
+version = "0.12.3"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 groups = ["dev"]
 files = [
-    {file = "ruff-0.12.11-py3-none-linux_armv6l.whl", hash = "sha256:93fce71e1cac3a8bf9200e63a38ac5c078f3b6baebffb74ba5274fb2ab276065"},
-    {file = "ruff-0.12.11-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:b8e33ac7b28c772440afa80cebb972ffd823621ded90404f29e5ab6d1e2d4b93"},
-    {file = "ruff-0.12.11-py3-none-macosx_11_0_arm64.whl", hash = "sha256:d69fb9d4937aa19adb2e9f058bc4fbfe986c2040acb1a4a9747734834eaa0bfd"},
-    {file = "ruff-0.12.11-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:411954eca8464595077a93e580e2918d0a01a19317af0a72132283e28ae21bee"},
-    {file = "ruff-0.12.11-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:6a2c0a2e1a450f387bf2c6237c727dd22191ae8c00e448e0672d624b2bbd7fb0"},
-    {file = "ruff-0.12.11-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:8ca4c3a7f937725fd2413c0e884b5248a19369ab9bdd850b5781348ba283f644"},
-    {file = "ruff-0.12.11-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:4d1df0098124006f6a66ecf3581a7f7e754c4df7644b2e6704cd7ca80ff95211"},
-    {file = "ruff-0.12.11-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5a8dd5f230efc99a24ace3b77e3555d3fbc0343aeed3fc84c8d89e75ab2ff793"},
-    {file = "ruff-0.12.11-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4dc75533039d0ed04cd33fb8ca9ac9620b99672fe7ff1533b6402206901c34ee"},
-    {file = "ruff-0.12.11-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4fc58f9266d62c6eccc75261a665f26b4ef64840887fc6cbc552ce5b29f96cc8"},
-    {file = "ruff-0.12.11-py3-none-manylinux_2_31_riscv64.whl", hash = "sha256:5a0113bd6eafd545146440225fe60b4e9489f59eb5f5f107acd715ba5f0b3d2f"},
-    {file = "ruff-0.12.11-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:0d737b4059d66295c3ea5720e6efc152623bb83fde5444209b69cd33a53e2000"},
-    {file = "ruff-0.12.11-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:916fc5defee32dbc1fc1650b576a8fed68f5e8256e2180d4d9855aea43d6aab2"},
-    {file = "ruff-0.12.11-py3-none-musllinux_1_2_i686.whl", hash = "sha256:c984f07d7adb42d3ded5be894fb4007f30f82c87559438b4879fe7aa08c62b39"},
-    {file = "ruff-0.12.11-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:e07fbb89f2e9249f219d88331c833860489b49cdf4b032b8e4432e9b13e8a4b9"},
-    {file = "ruff-0.12.11-py3-none-win32.whl", hash = "sha256:c792e8f597c9c756e9bcd4d87cf407a00b60af77078c96f7b6366ea2ce9ba9d3"},
-    {file = "ruff-0.12.11-py3-none-win_amd64.whl", hash = "sha256:a3283325960307915b6deb3576b96919ee89432ebd9c48771ca12ee8afe4a0fd"},
-    {file = "ruff-0.12.11-py3-none-win_arm64.whl", hash = "sha256:bae4d6e6a2676f8fb0f98b74594a048bae1b944aab17e9f5d504062303c6dbea"},
-    {file = "ruff-0.12.11.tar.gz", hash = "sha256:c6b09ae8426a65bbee5425b9d0b82796dbb07cb1af045743c79bfb163001165d"},
+    {file = "ruff-0.12.3-py3-none-linux_armv6l.whl", hash = "sha256:47552138f7206454eaf0c4fe827e546e9ddac62c2a3d2585ca54d29a890137a2"},
+    {file = "ruff-0.12.3-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:0a9153b000c6fe169bb307f5bd1b691221c4286c133407b8827c406a55282041"},
+    {file = "ruff-0.12.3-py3-none-macosx_11_0_arm64.whl", hash = "sha256:fa6b24600cf3b750e48ddb6057e901dd5b9aa426e316addb2a1af185a7509882"},
+    {file = "ruff-0.12.3-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e2506961bf6ead54887ba3562604d69cb430f59b42133d36976421bc8bd45901"},
+    {file = "ruff-0.12.3-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:c4faaff1f90cea9d3033cbbcdf1acf5d7fb11d8180758feb31337391691f3df0"},
+    {file = "ruff-0.12.3-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:40dced4a79d7c264389de1c59467d5d5cefd79e7e06d1dfa2c75497b5269a5a6"},
+    {file = "ruff-0.12.3-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:0262d50ba2767ed0fe212aa7e62112a1dcbfd46b858c5bf7bbd11f326998bafc"},
+    {file = "ruff-0.12.3-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:12371aec33e1a3758597c5c631bae9a5286f3c963bdfb4d17acdd2d395406687"},
+    {file = "ruff-0.12.3-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:560f13b6baa49785665276c963edc363f8ad4b4fc910a883e2625bdb14a83a9e"},
+    {file = "ruff-0.12.3-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:023040a3499f6f974ae9091bcdd0385dd9e9eb4942f231c23c57708147b06311"},
+    {file = "ruff-0.12.3-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:883d844967bffff5ab28bba1a4d246c1a1b2933f48cb9840f3fdc5111c603b07"},
+    {file = "ruff-0.12.3-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:2120d3aa855ff385e0e562fdee14d564c9675edbe41625c87eeab744a7830d12"},
+    {file = "ruff-0.12.3-py3-none-musllinux_1_2_i686.whl", hash = "sha256:6b16647cbb470eaf4750d27dddc6ebf7758b918887b56d39e9c22cce2049082b"},
+    {file = "ruff-0.12.3-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:e1417051edb436230023575b149e8ff843a324557fe0a265863b7602df86722f"},
+    {file = "ruff-0.12.3-py3-none-win32.whl", hash = "sha256:dfd45e6e926deb6409d0616078a666ebce93e55e07f0fb0228d4b2608b2c248d"},
+    {file = "ruff-0.12.3-py3-none-win_amd64.whl", hash = "sha256:a946cf1e7ba3209bdef039eb97647f1c77f6f540e5845ec9c114d3af8df873e7"},
+    {file = "ruff-0.12.3-py3-none-win_arm64.whl", hash = "sha256:5f9c7c9c8f84c2d7f27e93674d27136fbf489720251544c4da7fb3d742e011b1"},
+    {file = "ruff-0.12.3.tar.gz", hash = "sha256:f1b5a4b6668fd7b7ea3697d8d98857390b40c1320a63a178eee6be0899ea2d77"},
 ]
 
 [[package]]
@@ -1725,7 +1410,7 @@ version = "2.2.1"
 description = "A lil' TOML parser"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
+groups = ["main"]
 markers = "python_version < \"3.11\""
 files = [
     {file = "tomli-2.2.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:678e4fa69e4575eb77d103de3df8a895e1591b48e740211bd1067378c69e8249"},
@@ -1768,7 +1453,7 @@ version = "4.14.1"
 description = "Backported and Experimental Type Hints for Python 3.9+"
 optional = false
 python-versions = ">=3.9"
-groups = ["main", "dev"]
+groups = ["main"]
 files = [
     {file = "typing_extensions-4.14.1-py3-none-any.whl", hash = "sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76"},
     {file = "typing_extensions-4.14.1.tar.gz", hash = "sha256:38b39f4aeeab64884ce9f74c94263ef78f3c22467c8724005483154c26648d36"},
@@ -1929,4 +1614,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10,<4.0"
-content-hash = "0c40b63c3c921846cf05ccfb4e685d4959854b29c2c302245f9832e20aac6954"
+content-hash = "f67db13e6f68b1d67a55eee908c1c560bfa44da8509f98f842889a7570a9830f"

autogpt_platform/autogpt_libs/pyproject.toml

@@ -9,25 +9,21 @@ packages = [{ include = "autogpt_libs" }]
 [tool.poetry.dependencies]
 python = ">=3.10,<4.0"
 colorama = "^0.4.6"
-cryptography = "^45.0"
 expiringdict = "^1.2.2"
 fastapi = "^0.116.1"
 google-cloud-logging = "^3.12.1"
 launchdarkly-server-sdk = "^9.12.0"
 pydantic = "^2.11.7"
 pydantic-settings = "^2.10.1"
-pyjwt = { version = "^2.10.1", extras = ["crypto"] }
+pyjwt = "^2.10.1"
+pytest-asyncio = "^1.1.0"
+pytest-mock = "^3.14.1"
 redis = "^6.2.0"
 supabase = "^2.16.0"
 uvicorn = "^0.35.0"
 
 [tool.poetry.group.dev.dependencies]
-pyright = "^1.1.404"
-pytest = "^8.4.1"
-pytest-asyncio = "^1.1.0"
-pytest-mock = "^3.14.1"
-pytest-cov = "^6.2.1"
-ruff = "^0.12.11"
+ruff = "^0.12.3"
 
 [build-system]
 requires = ["poetry-core"]

autogpt_platform/backend/.dockerignore

@@ -1,52 +0,0 @@
-# Development and testing files
-**/__pycache__
-**/*.pyc
-**/*.pyo
-**/*.pyd
-**/.Python
-**/env/
-**/venv/
-**/.venv/
-**/pip-log.txt
-**/.pytest_cache/
-**/test-results/
-**/snapshots/
-**/test/
-
-# IDE and editor files
-**/.vscode/
-**/.idea/
-**/*.swp
-**/*.swo
-*~
-
-# OS files
-.DS_Store
-Thumbs.db
-
-# Logs
-**/*.log
-**/logs/
-
-# Git
-.git/
-.gitignore
-
-# Documentation
-**/*.md
-!README.md
-
-# Local development files
-.env
-.env.local
-**/.env.test
-
-# Build artifacts
-**/dist/
-**/build/
-**/target/
-
-# Docker files (avoid recursion)
-Dockerfile*
-docker-compose*
-.dockerignore

autogpt_platform/backend/.env.example

@@ -1,9 +1,3 @@
-# Backend Configuration
-# This file contains environment variables that MUST be set for the AutoGPT platform
-# Variables with working defaults in settings.py are not included here
-
-## ===== REQUIRED DATABASE CONFIGURATION ===== ##
-# PostgreSQL Database Connection
 DB_USER=postgres
 DB_PASS=your-super-secret-and-long-postgres-password
 DB_NAME=postgres
@@ -17,55 +11,71 @@ DATABASE_URL="postgresql://${DB_USER}:${DB_PASS}@${DB_HOST}:${DB_PORT}/${DB_NAME
 DIRECT_URL="postgresql://${DB_USER}:${DB_PASS}@${DB_HOST}:${DB_PORT}/${DB_NAME}?schema=${DB_SCHEMA}&connect_timeout=${DB_CONNECT_TIMEOUT}"
 PRISMA_SCHEMA="postgres/schema.prisma"
 
-## ===== REQUIRED SERVICE CREDENTIALS ===== ##
-# Redis Configuration
+# EXECUTOR
+NUM_GRAPH_WORKERS=10
+
+BACKEND_CORS_ALLOW_ORIGINS=["http://localhost:3000"]
+
+# generate using `from cryptography.fernet import Fernet;Fernet.generate_key().decode()`
+ENCRYPTION_KEY='dvziYgz0KSK8FENhju0ZYi8-fRTfAdlz6YLhdB_jhNw='
+UNSUBSCRIBE_SECRET_KEY = 'HlP8ivStJjmbf6NKi78m_3FnOogut0t5ckzjsIqeaio='
+
 REDIS_HOST=localhost
 REDIS_PORT=6379
-# REDIS_PASSWORD=
+REDIS_PASSWORD=password
 
-# RabbitMQ Credentials
+ENABLE_CREDIT=false
+STRIPE_API_KEY=
+STRIPE_WEBHOOK_SECRET=
+
+# What environment things should be logged under: local dev or prod
+APP_ENV=local
+# What environment to behave as: "local" or "cloud"
+BEHAVE_AS=local
+PYRO_HOST=localhost
+SENTRY_DSN=
+
+# Email For Postmark so we can send emails
+POSTMARK_SERVER_API_TOKEN=
+POSTMARK_SENDER_EMAIL=invalid@invalid.com
+POSTMARK_WEBHOOK_TOKEN=
+
+## User auth with Supabase is required for any of the 3rd party integrations with auth to work.
+ENABLE_AUTH=true
+SUPABASE_URL=http://localhost:8000
+SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
+SUPABASE_JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long
+
+# RabbitMQ credentials -- Used for communication between services
+RABBITMQ_HOST=localhost
+RABBITMQ_PORT=5672
 RABBITMQ_DEFAULT_USER=rabbitmq_user_default
 RABBITMQ_DEFAULT_PASS=k0VMxyIJF9S35f3x2uaw5IWAl6Y536O7
 
-# Supabase Authentication
-SUPABASE_URL=http://localhost:8000
-SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
-JWT_VERIFY_KEY=your-super-secret-jwt-token-with-at-least-32-characters-long
-
-## ===== REQUIRED SECURITY KEYS ===== ##
-# Generate using: from cryptography.fernet import Fernet;Fernet.generate_key().decode()
-ENCRYPTION_KEY=dvziYgz0KSK8FENhju0ZYi8-fRTfAdlz6YLhdB_jhNw=
-UNSUBSCRIBE_SECRET_KEY=HlP8ivStJjmbf6NKi78m_3FnOogut0t5ckzjsIqeaio=
-
-## ===== IMPORTANT OPTIONAL CONFIGURATION ===== ##
-# Platform URLs (set these for webhooks and OAuth to work)
-PLATFORM_BASE_URL=http://localhost:8000
-FRONTEND_BASE_URL=http://localhost:3000
-
-# Media Storage (required for marketplace and library functionality)
+## GCS bucket is required for marketplace and library functionality
 MEDIA_GCS_BUCKET_NAME=
 
-## ===== API KEYS AND OAUTH CREDENTIALS ===== ##
-# All API keys below are optional - only add what you need
+## For local development, you may need to set FRONTEND_BASE_URL for the OAuth flow
+## for integrations to work. Defaults to the value of PLATFORM_BASE_URL if not set.
+# FRONTEND_BASE_URL=http://localhost:3000
 
-# AI/LLM Services
-OPENAI_API_KEY=
-ANTHROPIC_API_KEY=
-GROQ_API_KEY=
-LLAMA_API_KEY=
-AIML_API_KEY=
-V0_API_KEY=
-OPEN_ROUTER_API_KEY=
-NVIDIA_API_KEY=
+## PLATFORM_BASE_URL must be set to a *publicly accessible* URL pointing to your backend
+## to use the platform's webhook-related functionality.
+## If you are developing locally, you can use something like ngrok to get a publc URL
+## and tunnel it to your locally running backend.
+PLATFORM_BASE_URL=http://localhost:3000
 
-# Langfuse Prompt Management
-# Used for managing the CoPilot system prompt externally
-# Get credentials from https://cloud.langfuse.com or your self-hosted instance
-LANGFUSE_PUBLIC_KEY=
-LANGFUSE_SECRET_KEY=
-LANGFUSE_HOST=https://cloud.langfuse.com
+## Cloudflare Turnstile (CAPTCHA) Configuration
+## Get these from the Cloudflare Turnstile dashboard: https://dash.cloudflare.com/?to=/:account/turnstile
+## This is the backend secret key
+TURNSTILE_SECRET_KEY=
+## This is the verify URL
+TURNSTILE_VERIFY_URL=https://challenges.cloudflare.com/turnstile/v0/siteverify
+
+## == INTEGRATION CREDENTIALS == ##
+# Each set of server side credentials is required for the corresponding 3rd party
+# integration to work.
 
-# OAuth Credentials
 # For the OAuth callback URL, use <your_frontend_url>/auth/integrations/oauth_callback,
 # e.g. http://localhost:3000/auth/integrations/oauth_callback
 
@@ -73,13 +83,9 @@ LANGFUSE_HOST=https://cloud.langfuse.com
 GITHUB_CLIENT_ID=
 GITHUB_CLIENT_SECRET=
 
-# Notion OAuth App server credentials - https://developers.notion.com/docs/authorization
-# Configure a public integration
-NOTION_CLIENT_ID=
-NOTION_CLIENT_SECRET=
-
 # Google OAuth App server credentials - https://console.cloud.google.com/apis/credentials, and enable gmail api and set scopes
 # https://console.cloud.google.com/apis/credentials/consent ?project=<your_project_id>
+
 # You'll need to add/enable the following scopes (minimum):
 # https://console.developers.google.com/apis/api/gmail.googleapis.com/overview ?project=<your_project_id>
 # https://console.cloud.google.com/apis/library/sheets.googleapis.com/ ?project=<your_project_id>
@@ -115,68 +121,104 @@ LINEAR_CLIENT_SECRET=
 TODOIST_CLIENT_ID=
 TODOIST_CLIENT_SECRET=
 
-NOTION_CLIENT_ID=
-NOTION_CLIENT_SECRET=
+## ===== OPTIONAL API KEYS ===== ##
 
-# Discord OAuth App credentials
-# 1. Go to https://discord.com/developers/applications
-# 2. Create a new application
-# 3. Go to OAuth2 section and add redirect URI: http://localhost:3000/auth/integrations/oauth_callback
-# 4. Copy Client ID and Client Secret below
-DISCORD_CLIENT_ID=
-DISCORD_CLIENT_SECRET=
+# LLM
+OPENAI_API_KEY=
+ANTHROPIC_API_KEY=
+AIML_API_KEY=
+GROQ_API_KEY=
+OPEN_ROUTER_API_KEY=
+LLAMA_API_KEY=
 
+# Reddit
+# Go to https://www.reddit.com/prefs/apps and create a new app
+# Choose "script" for the type
+# Fill in the redirect uri as <your_frontend_url>/auth/integrations/oauth_callback, e.g. http://localhost:3000/auth/integrations/oauth_callback
 REDDIT_CLIENT_ID=
 REDDIT_CLIENT_SECRET=
+REDDIT_USER_AGENT="AutoGPT:1.0 (by /u/autogpt)"
 
-# Payment Processing
-STRIPE_API_KEY=
-STRIPE_WEBHOOK_SECRET=
-
-# Email Service (for sending notifications and confirmations)
-POSTMARK_SERVER_API_TOKEN=
-POSTMARK_SENDER_EMAIL=invalid@invalid.com
-POSTMARK_WEBHOOK_TOKEN=
-
-# Error Tracking
-SENTRY_DSN=
-
-# Feature Flags
-LAUNCH_DARKLY_SDK_KEY=
-
-# Content Generation & Media
-DID_API_KEY=
-FAL_API_KEY=
-IDEOGRAM_API_KEY=
-REPLICATE_API_KEY=
-REVID_API_KEY=
-SCREENSHOTONE_API_KEY=
-UNREAL_SPEECH_API_KEY=
-
-# Data & Search Services
-E2B_API_KEY=
-EXA_API_KEY=
-JINA_API_KEY=
-MEM0_API_KEY=
-OPENWEATHERMAP_API_KEY=
-GOOGLE_MAPS_API_KEY=
-
-# Communication Services
+# Discord
 DISCORD_BOT_TOKEN=
-MEDIUM_API_KEY=
-MEDIUM_AUTHOR_ID=
+
+# SMTP/Email
 SMTP_SERVER=
 SMTP_PORT=
 SMTP_USERNAME=
 SMTP_PASSWORD=
 
-# Business & Marketing Tools
+# D-ID
+DID_API_KEY=
+
+# Open Weather Map
+OPENWEATHERMAP_API_KEY=
+
+# SMTP
+SMTP_SERVER=
+SMTP_PORT=
+SMTP_USERNAME=
+SMTP_PASSWORD=
+
+# Medium
+MEDIUM_API_KEY=
+MEDIUM_AUTHOR_ID=
+
+# Google Maps
+GOOGLE_MAPS_API_KEY=
+
+# Replicate
+REPLICATE_API_KEY=
+
+# Ideogram
+IDEOGRAM_API_KEY=
+
+# Fal
+FAL_API_KEY=
+
+# Exa
+EXA_API_KEY=
+
+# E2B
+E2B_API_KEY=
+
+# Mem0
+MEM0_API_KEY=
+
+# Nvidia
+NVIDIA_API_KEY=
+
+# Apollo
 APOLLO_API_KEY=
-ENRICHLAYER_API_KEY=
-AYRSHARE_API_KEY=
-AYRSHARE_JWT_KEY=
+
+# SmartLead
 SMARTLEAD_API_KEY=
+
+# ZeroBounce
 ZEROBOUNCE_API_KEY=
 
-# Other Services
-AUTOMOD_API_KEY=
+# Ayrshare
+AYRSHARE_API_KEY=
+AYRSHARE_JWT_KEY=
+
+## ===== OPTIONAL API KEYS END ===== ##
+
+# Block Error Rate Monitoring
+BLOCK_ERROR_RATE_THRESHOLD=0.5
+BLOCK_ERROR_RATE_CHECK_INTERVAL_SECS=86400
+
+# Logging Configuration
+LOG_LEVEL=INFO
+ENABLE_CLOUD_LOGGING=false
+ENABLE_FILE_LOGGING=false
+# Use to manually set the log directory
+# LOG_DIR=./logs
+
+# Example Blocks Configuration
+# Set to true to enable example blocks in development
+# These blocks are disabled by default in production
+ENABLE_EXAMPLE_BLOCKS=false
+
+# Cloud Storage Configuration
+# Cleanup interval for expired files (hours between cleanup runs, 1-24 hours)
+CLOUD_STORAGE_CLEANUP_INTERVAL_HOURS=6

autogpt_platform/backend/.gitignore

@@ -1,4 +1,3 @@
-.env
 database.db
 database.db-journal
 dev.db
@@ -9,13 +8,4 @@ secrets/*
 !secrets/.gitkeep
 
 *.ignore.*
-*.ign.*
-
-# Load test results and reports
-load-tests/*_RESULTS.md
-load-tests/*_REPORT.md
-load-tests/results/
-load-tests/*.json
-load-tests/*.log
-load-tests/node_modules/*
-migrations/*/rollback*.sql
+*.ign.*