ci: trigger CI to test optimizations

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.github/workflows/platform-backend-ci.yml

@@ -32,7 +32,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ["3.11", "3.12", "3.13"]
+        # Use Python 3.13 to match Docker image (see backend/Dockerfile)
+        # ClamAV tests moved to platform-backend-security-ci.yml (runs on merge to master)
+        python-version: ["3.13"]
     runs-on: ubuntu-latest
 
     services:
@@ -48,23 +50,6 @@ jobs:
         env:
           RABBITMQ_DEFAULT_USER: ${{ env.RABBITMQ_DEFAULT_USER }}
           RABBITMQ_DEFAULT_PASS: ${{ env.RABBITMQ_DEFAULT_PASS }}
-      clamav:
-        image: clamav/clamav-debian:latest
-        ports:
-          - 3310:3310
-        env:
-          CLAMAV_NO_FRESHCLAMD: false
-          CLAMD_CONF_StreamMaxLength: 50M
-          CLAMD_CONF_MaxFileSize: 100M
-          CLAMD_CONF_MaxScanSize: 100M
-          CLAMD_CONF_MaxThreads: 4
-          CLAMD_CONF_ReadTimeout: 300
-        options: >-
-          --health-cmd "clamdscan --version || exit 1"
-          --health-interval 30s
-          --health-timeout 10s
-          --health-retries 5
-          --health-start-period 180s
 
     steps:
       - name: Checkout repository
@@ -146,35 +131,6 @@ jobs:
         # outputs:
         # DB_URL, API_URL, GRAPHQL_URL, ANON_KEY, SERVICE_ROLE_KEY, JWT_SECRET
 
-      - name: Wait for ClamAV to be ready
-        run: |
-          echo "Waiting for ClamAV daemon to start..."
-          max_attempts=60
-          attempt=0
-          
-          until nc -z localhost 3310 || [ $attempt -eq $max_attempts ]; do
-            echo "ClamAV is unavailable - sleeping (attempt $((attempt+1))/$max_attempts)"
-            sleep 5
-            attempt=$((attempt+1))
-          done
-          
-          if [ $attempt -eq $max_attempts ]; then
-            echo "ClamAV failed to start after $((max_attempts*5)) seconds"
-            echo "Checking ClamAV service logs..."
-            docker logs $(docker ps -q --filter "ancestor=clamav/clamav-debian:latest") 2>&1 | tail -50 || echo "No ClamAV container found"
-            exit 1
-          fi
-          
-          echo "ClamAV is ready!"
-          
-          # Verify ClamAV is responsive
-          echo "Testing ClamAV connection..."
-          timeout 10 bash -c 'echo "PING" | nc localhost 3310' || {
-            echo "ClamAV is not responding to PING"
-            docker logs $(docker ps -q --filter "ancestor=clamav/clamav-debian:latest") 2>&1 | tail -50 || echo "No ClamAV container found"
-            exit 1
-          }
-
       - name: Run Database Migrations
         run: poetry run prisma migrate dev --name updates
         env:

.github/workflows/platform-backend-security-ci.yml

@@ -0,0 +1,145 @@
+name: AutoGPT Platform - Backend Security CI
+
+# This workflow runs ClamAV-dependent security tests.
+# It only runs on merge to master to avoid the 3-5 minute ClamAV startup time on every PR.
+
+on:
+  push:
+    branches: [master]
+    paths:
+      - "autogpt_platform/backend/**/file*.py"
+      - "autogpt_platform/backend/**/scan*.py"
+      - "autogpt_platform/backend/**/virus*.py"
+      - "autogpt_platform/backend/**/media*.py"
+      - ".github/workflows/platform-backend-security-ci.yml"
+
+concurrency:
+  group: ${{ format('backend-security-ci-{0}', github.sha) }}
+  cancel-in-progress: false
+
+defaults:
+  run:
+    shell: bash
+    working-directory: autogpt_platform/backend
+
+jobs:
+  security-tests:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    services:
+      redis:
+        image: redis:latest
+        ports:
+          - 6379:6379
+      clamav:
+        image: clamav/clamav-debian:latest
+        ports:
+          - 3310:3310
+        env:
+          CLAMAV_NO_FRESHCLAMD: false
+          CLAMD_CONF_StreamMaxLength: 50M
+          CLAMD_CONF_MaxFileSize: 100M
+          CLAMD_CONF_MaxScanSize: 100M
+          CLAMD_CONF_MaxThreads: 4
+          CLAMD_CONF_ReadTimeout: 300
+        options: >-
+          --health-cmd "clamdscan --version || exit 1"
+          --health-interval 30s
+          --health-timeout 10s
+          --health-retries 5
+          --health-start-period 180s
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Set up Python 3.13
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+
+      - name: Setup Supabase
+        uses: supabase/setup-cli@v1
+        with:
+          version: 1.178.1
+
+      - name: Set up Python dependency cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pypoetry
+          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
+
+      - name: Install Poetry
+        run: |
+          HEAD_POETRY_VERSION=$(python ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
+          echo "Using Poetry version ${HEAD_POETRY_VERSION}"
+          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$HEAD_POETRY_VERSION python3 -
+
+      - name: Install Python dependencies
+        run: poetry install
+
+      - name: Generate Prisma Client
+        run: poetry run prisma generate
+
+      - id: supabase
+        name: Start Supabase
+        working-directory: .
+        run: |
+          supabase init
+          supabase start --exclude postgres-meta,realtime,storage-api,imgproxy,inbucket,studio,edge-runtime,logflare,vector,supavisor
+          supabase status -o env | sed 's/="/=/; s/"$//' >> $GITHUB_OUTPUT
+
+      - name: Wait for ClamAV to be ready
+        run: |
+          echo "Waiting for ClamAV daemon to start..."
+          max_attempts=60
+          attempt=0
+
+          until nc -z localhost 3310 || [ $attempt -eq $max_attempts ]; do
+            echo "ClamAV is unavailable - sleeping (attempt $((attempt+1))/$max_attempts)"
+            sleep 5
+            attempt=$((attempt+1))
+          done
+
+          if [ $attempt -eq $max_attempts ]; then
+            echo "ClamAV failed to start after $((max_attempts*5)) seconds"
+            exit 1
+          fi
+
+          echo "ClamAV is ready!"
+
+      - name: Run Database Migrations
+        run: poetry run prisma migrate dev --name updates
+        env:
+          DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
+          DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
+
+      - name: Run security-related tests
+        run: |
+          poetry run pytest -v \
+            backend/util/virus_scanner_test.py \
+            backend/util/file_test.py \
+            backend/server/v2/store/media_test.py \
+            -x
+        env:
+          DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
+          DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
+          SUPABASE_URL: ${{ steps.supabase.outputs.API_URL }}
+          SUPABASE_SERVICE_ROLE_KEY: ${{ steps.supabase.outputs.SERVICE_ROLE_KEY }}
+          JWT_VERIFY_KEY: ${{ steps.supabase.outputs.JWT_SECRET }}
+          REDIS_HOST: "localhost"
+          REDIS_PORT: "6379"
+          ENCRYPTION_KEY: "dvziYgz0KSK8FENhju0ZYi8-fRTfAdlz6YLhdB_jhNw="
+          CLAMAV_SERVICE_HOST: "localhost"
+          CLAMAV_SERVICE_PORT: "3310"
+          CLAMAV_SERVICE_ENABLED: "true"
+
+    env:
+      CI: true
+      PLAIN_OUTPUT: True
+      RUN_ENV: local
+      PORT: 8080

.github/workflows/platform-frontend-ci.yml

@@ -154,35 +154,78 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Cache Docker layers
+      # Docker image tar caching - loads images from cache in parallel for faster startup
+      - name: Set up Docker image cache
+        id: docker-cache
         uses: actions/cache@v4
         with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-frontend-test-${{ hashFiles('autogpt_platform/docker-compose.yml', 'autogpt_platform/backend/Dockerfile', 'autogpt_platform/backend/pyproject.toml', 'autogpt_platform/backend/poetry.lock') }}
+          path: ~/docker-cache
+          key: docker-images-frontend-${{ runner.os }}-${{ hashFiles('autogpt_platform/docker-compose.yml') }}
           restore-keys: |
-            ${{ runner.os }}-buildx-frontend-test-
+            docker-images-frontend-${{ runner.os }}-
+
+      - name: Load or pull Docker images
+        working-directory: autogpt_platform
+        run: |
+          mkdir -p ~/docker-cache
+
+          # Define image list for easy maintenance
+          IMAGES=(
+            "redis:latest"
+            "rabbitmq:management"
+            "kong:2.8.1"
+            "supabase/gotrue:v2.170.0"
+            "supabase/postgres:15.8.1.049"
+          )
+
+          # Check if any cached tar files exist
+          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
+            echo "Docker cache found, loading images in parallel..."
+            for image in "${IMAGES[@]}"; do
+              filename=$(echo "$image" | tr ':/' '--')
+              if [ -f ~/docker-cache/${filename}.tar ]; then
+                echo "Loading $image..."
+                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
+              fi
+            done
+            wait
+            echo "All cached images loaded"
+          else
+            echo "No Docker cache found, pulling images in parallel..."
+            for image in "${IMAGES[@]}"; do
+              docker pull "$image" &
+            done
+            wait
+
+            # Only save cache on main branches (not PRs) to avoid cache pollution
+            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
+              echo "Saving Docker images to cache in parallel..."
+              for image in "${IMAGES[@]}"; do
+                filename=$(echo "$image" | tr ':/' '--')
+                echo "Saving $image..."
+                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
+              done
+              wait
+              echo "Docker image cache saved"
+            else
+              echo "Skipping cache save for PR/feature branch"
+            fi
+          fi
+
+          echo "Docker images ready for use"
 
       - name: Run docker compose
         run: |
           NEXT_PUBLIC_PW_TEST=true docker compose -f ../docker-compose.yml up -d
         env:
           DOCKER_BUILDKIT: 1
-          BUILDX_CACHE_FROM: type=local,src=/tmp/.buildx-cache
-          BUILDX_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new,mode=max
-
-      - name: Move cache
-        run: |
-          rm -rf /tmp/.buildx-cache
-          if [ -d "/tmp/.buildx-cache-new" ]; then
-            mv /tmp/.buildx-cache-new /tmp/.buildx-cache
-          fi
 
       - name: Wait for services to be ready
         run: |
           echo "Waiting for rest_server to be ready..."
-          timeout 60 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
+          timeout 30 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
           echo "Waiting for database to be ready..."
-          timeout 60 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
+          timeout 30 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
 
       - name: Create E2E test data
         run: |
@@ -221,9 +264,27 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
-      - name: Install Browser 'chromium'
+      # Playwright browser caching - saves 30-60s when cache hits
+      - name: Get Playwright version
+        id: playwright-version
+        run: |
+          echo "version=$(pnpm list @playwright/test --json | jq -r '.[0].dependencies["@playwright/test"].version')" >> $GITHUB_OUTPUT
+
+      - name: Cache Playwright browsers
+        uses: actions/cache@v4
+        id: playwright-cache
+        with:
+          path: ~/.cache/ms-playwright
+          key: playwright-${{ runner.os }}-${{ steps.playwright-version.outputs.version }}
+
+      - name: Install Playwright browsers
+        if: steps.playwright-cache.outputs.cache-hit != 'true'
         run: pnpm playwright install --with-deps chromium
 
+      - name: Install Playwright deps only (when cache hit)
+        if: steps.playwright-cache.outputs.cache-hit == 'true'
+        run: pnpm playwright install-deps chromium
+
       - name: Run Playwright tests
         run: pnpm test:no-build
 

.github/workflows/platform-fullstack-ci.yml

@@ -83,6 +83,66 @@ jobs:
         run: |
           cp ../backend/.env.default ../backend/.env
 
+      # Docker image tar caching - loads images from cache in parallel for faster startup
+      - name: Set up Docker image cache
+        id: docker-cache
+        uses: actions/cache@v4
+        with:
+          path: ~/docker-cache
+          key: docker-images-fullstack-${{ runner.os }}-${{ hashFiles('autogpt_platform/docker-compose.yml') }}
+          restore-keys: |
+            docker-images-fullstack-${{ runner.os }}-
+
+      - name: Load or pull Docker images
+        working-directory: autogpt_platform
+        run: |
+          mkdir -p ~/docker-cache
+
+          # Define image list for easy maintenance
+          IMAGES=(
+            "redis:latest"
+            "rabbitmq:management"
+            "kong:2.8.1"
+            "supabase/gotrue:v2.170.0"
+            "supabase/postgres:15.8.1.049"
+          )
+
+          # Check if any cached tar files exist
+          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
+            echo "Docker cache found, loading images in parallel..."
+            for image in "${IMAGES[@]}"; do
+              filename=$(echo "$image" | tr ':/' '--')
+              if [ -f ~/docker-cache/${filename}.tar ]; then
+                echo "Loading $image..."
+                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
+              fi
+            done
+            wait
+            echo "All cached images loaded"
+          else
+            echo "No Docker cache found, pulling images in parallel..."
+            for image in "${IMAGES[@]}"; do
+              docker pull "$image" &
+            done
+            wait
+
+            # Only save cache on main branches (not PRs) to avoid cache pollution
+            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
+              echo "Saving Docker images to cache in parallel..."
+              for image in "${IMAGES[@]}"; do
+                filename=$(echo "$image" | tr ':/' '--')
+                echo "Saving $image..."
+                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
+              done
+              wait
+              echo "Docker image cache saved"
+            else
+              echo "Skipping cache save for PR/feature branch"
+            fi
+          fi
+
+          echo "Docker images ready for use"
+
       - name: Run docker compose
         run: |
           docker compose -f ../docker-compose.yml --profile local --profile deps_backend up -d
@@ -104,9 +164,9 @@ jobs:
       - name: Wait for services to be ready
         run: |
           echo "Waiting for rest_server to be ready..."
-          timeout 60 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
+          timeout 30 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
           echo "Waiting for database to be ready..."
-          timeout 60 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
+          timeout 30 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
 
       - name: Generate API queries
         run: pnpm generate:api:force

autogpt_platform/Makefile

@@ -6,11 +6,12 @@ start-core:
 
 # Stop core services
 stop-core:
-	docker compose stop 
+	docker compose stop deps
 
 reset-db:
-	docker compose stop db
 	rm -rf db/docker/volumes/db/data
+	cd backend && poetry run prisma migrate deploy
+	cd backend && poetry run prisma generate
 	
 # View logs for core services
 logs-core:
@@ -57,4 +58,4 @@ help:
 	@echo "  run-backend - Run the backend FastAPI server"
 	@echo "  run-frontend - Run the frontend Next.js development server"
 	@echo "  test-data - Run the test data creator"
-	@echo "  load-store-agents - Load store agents from agents/ folder into test database"
+	@echo "  load-store-agents - Load store agents from agents/ folder into test database"

autogpt_platform/autogpt_libs/autogpt_libs/api_key/keysmith.py

@@ -57,9 +57,6 @@ class APIKeySmith:
 
     def hash_key(self, raw_key: str) -> tuple[str, str]:
         """Migrate a legacy hash to secure hash format."""
-        if not raw_key.startswith(self.PREFIX):
-            raise ValueError("Key without 'agpt_' prefix would fail validation")
-
         salt = self._generate_salt()
         hash = self._hash_key_with_salt(raw_key, salt)
         return hash, salt.hex()

autogpt_platform/autogpt_libs/autogpt_libs/auth/helpers.py

@@ -1,25 +1,29 @@
 from fastapi import FastAPI
+from fastapi.openapi.utils import get_openapi
 
 from .jwt_utils import bearer_jwt_auth
 
 
 def add_auth_responses_to_openapi(app: FastAPI) -> None:
     """
-    Patch a FastAPI instance's `openapi()` method to add 401 responses
+    Set up custom OpenAPI schema generation that adds 401 responses
     to all authenticated endpoints.
 
     This is needed when using HTTPBearer with auto_error=False to get proper
     401 responses instead of 403, but FastAPI only automatically adds security
     responses when auto_error=True.
     """
-    # Wrap current method to allow stacking OpenAPI schema modifiers like this
-    wrapped_openapi = app.openapi
 
     def custom_openapi():
         if app.openapi_schema:
             return app.openapi_schema
 
-        openapi_schema = wrapped_openapi()
+        openapi_schema = get_openapi(
+            title=app.title,
+            version=app.version,
+            description=app.description,
+            routes=app.routes,
+        )
 
         # Add 401 response to all endpoints that have security requirements
         for path, methods in openapi_schema["paths"].items():

autogpt_platform/backend/TESTING.md

@@ -108,7 +108,7 @@ import fastapi.testclient
 import pytest
 from pytest_snapshot.plugin import Snapshot
 
-from backend.api.features.myroute import router
+from backend.server.v2.myroute import router
 
 app = fastapi.FastAPI()
 app.include_router(router)
@@ -149,7 +149,7 @@ These provide the easiest way to set up authentication mocking in test modules:
 import fastapi
 import fastapi.testclient
 import pytest
-from backend.api.features.myroute import router
+from backend.server.v2.myroute import router
 
 app = fastapi.FastAPI()
 app.include_router(router)

autogpt_platform/backend/backend/api/external/fastapi_app.py

@@ -1,25 +0,0 @@
-from fastapi import FastAPI
-
-from backend.api.middleware.security import SecurityHeadersMiddleware
-from backend.monitoring.instrumentation import instrument_fastapi
-
-from .v1.routes import v1_router
-
-external_api = FastAPI(
-    title="AutoGPT External API",
-    description="External API for AutoGPT integrations",
-    docs_url="/docs",
-    version="1.0",
-)
-
-external_api.add_middleware(SecurityHeadersMiddleware)
-external_api.include_router(v1_router, prefix="/v1")
-
-# Add Prometheus instrumentation
-instrument_fastapi(
-    external_api,
-    service_name="external-api",
-    expose_endpoint=True,
-    endpoint="/metrics",
-    include_in_schema=True,
-)

autogpt_platform/backend/backend/api/external/middleware.py

@@ -1,107 +0,0 @@
-from fastapi import HTTPException, Security, status
-from fastapi.security import APIKeyHeader, HTTPAuthorizationCredentials, HTTPBearer
-from prisma.enums import APIKeyPermission
-
-from backend.data.auth.api_key import APIKeyInfo, validate_api_key
-from backend.data.auth.base import APIAuthorizationInfo
-from backend.data.auth.oauth import (
-    InvalidClientError,
-    InvalidTokenError,
-    OAuthAccessTokenInfo,
-    validate_access_token,
-)
-
-api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
-bearer_auth = HTTPBearer(auto_error=False)
-
-
-async def require_api_key(api_key: str | None = Security(api_key_header)) -> APIKeyInfo:
-    """Middleware for API key authentication only"""
-    if api_key is None:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED, detail="Missing API key"
-        )
-
-    api_key_obj = await validate_api_key(api_key)
-
-    if not api_key_obj:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid API key"
-        )
-
-    return api_key_obj
-
-
-async def require_access_token(
-    bearer: HTTPAuthorizationCredentials | None = Security(bearer_auth),
-) -> OAuthAccessTokenInfo:
-    """Middleware for OAuth access token authentication only"""
-    if bearer is None:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Missing Authorization header",
-        )
-
-    try:
-        token_info, _ = await validate_access_token(bearer.credentials)
-    except (InvalidClientError, InvalidTokenError) as e:
-        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=str(e))
-
-    return token_info
-
-
-async def require_auth(
-    api_key: str | None = Security(api_key_header),
-    bearer: HTTPAuthorizationCredentials | None = Security(bearer_auth),
-) -> APIAuthorizationInfo:
-    """
-    Unified authentication middleware supporting both API keys and OAuth tokens.
-
-    Supports two authentication methods, which are checked in order:
-    1. X-API-Key header (existing API key authentication)
-    2. Authorization: Bearer <token> header (OAuth access token)
-
-    Returns:
-        APIAuthorizationInfo: base class of both APIKeyInfo and OAuthAccessTokenInfo.
-    """
-    # Try API key first
-    if api_key is not None:
-        api_key_info = await validate_api_key(api_key)
-        if api_key_info:
-            return api_key_info
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid API key"
-        )
-
-    # Try OAuth bearer token
-    if bearer is not None:
-        try:
-            token_info, _ = await validate_access_token(bearer.credentials)
-            return token_info
-        except (InvalidClientError, InvalidTokenError) as e:
-            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=str(e))
-
-    # No credentials provided
-    raise HTTPException(
-        status_code=status.HTTP_401_UNAUTHORIZED,
-        detail="Missing authentication. Provide API key or access token.",
-    )
-
-
-def require_permission(permission: APIKeyPermission):
-    """
-    Dependency function for checking specific permissions
-    (works with API keys and OAuth tokens)
-    """
-
-    async def check_permission(
-        auth: APIAuthorizationInfo = Security(require_auth),
-    ) -> APIAuthorizationInfo:
-        if permission not in auth.scopes:
-            raise HTTPException(
-                status_code=status.HTTP_403_FORBIDDEN,
-                detail=f"Missing required permission: {permission.value}",
-            )
-        return auth
-
-    return check_permission

autogpt_platform/backend/backend/api/features/analytics_test.py

@@ -1,340 +0,0 @@
-"""Tests for analytics API endpoints."""
-
-import json
-from unittest.mock import AsyncMock, Mock
-
-import fastapi
-import fastapi.testclient
-import pytest
-import pytest_mock
-from pytest_snapshot.plugin import Snapshot
-
-from .analytics import router as analytics_router
-
-app = fastapi.FastAPI()
-app.include_router(analytics_router)
-
-client = fastapi.testclient.TestClient(app)
-
-
-@pytest.fixture(autouse=True)
-def setup_app_auth(mock_jwt_user):
-    """Setup auth overrides for all tests in this module."""
-    from autogpt_libs.auth.jwt_utils import get_jwt_payload
-
-    app.dependency_overrides[get_jwt_payload] = mock_jwt_user["get_jwt_payload"]
-    yield
-    app.dependency_overrides.clear()
-
-
-# =============================================================================
-# /log_raw_metric endpoint tests
-# =============================================================================
-
-
-def test_log_raw_metric_success(
-    mocker: pytest_mock.MockFixture,
-    configured_snapshot: Snapshot,
-    test_user_id: str,
-) -> None:
-    """Test successful raw metric logging."""
-    mock_result = Mock(id="metric-123-uuid")
-    mock_log_metric = mocker.patch(
-        "backend.data.analytics.log_raw_metric",
-        new_callable=AsyncMock,
-        return_value=mock_result,
-    )
-
-    request_data = {
-        "metric_name": "page_load_time",
-        "metric_value": 2.5,
-        "data_string": "/dashboard",
-    }
-
-    response = client.post("/log_raw_metric", json=request_data)
-
-    assert response.status_code == 200, f"Unexpected response: {response.text}"
-    assert response.json() == "metric-123-uuid"
-
-    mock_log_metric.assert_called_once_with(
-        user_id=test_user_id,
-        metric_name="page_load_time",
-        metric_value=2.5,
-        data_string="/dashboard",
-    )
-
-    configured_snapshot.assert_match(
-        json.dumps({"metric_id": response.json()}, indent=2, sort_keys=True),
-        "analytics_log_metric_success",
-    )
-
-
-@pytest.mark.parametrize(
-    "metric_value,metric_name,data_string,test_id",
-    [
-        (100, "api_calls_count", "external_api", "integer_value"),
-        (0, "error_count", "no_errors", "zero_value"),
-        (-5.2, "temperature_delta", "cooling", "negative_value"),
-        (1.23456789, "precision_test", "float_precision", "float_precision"),
-        (999999999, "large_number", "max_value", "large_number"),
-        (0.0000001, "tiny_number", "min_value", "tiny_number"),
-    ],
-)
-def test_log_raw_metric_various_values(
-    mocker: pytest_mock.MockFixture,
-    configured_snapshot: Snapshot,
-    metric_value: float,
-    metric_name: str,
-    data_string: str,
-    test_id: str,
-) -> None:
-    """Test raw metric logging with various metric values."""
-    mock_result = Mock(id=f"metric-{test_id}-uuid")
-    mocker.patch(
-        "backend.data.analytics.log_raw_metric",
-        new_callable=AsyncMock,
-        return_value=mock_result,
-    )
-
-    request_data = {
-        "metric_name": metric_name,
-        "metric_value": metric_value,
-        "data_string": data_string,
-    }
-
-    response = client.post("/log_raw_metric", json=request_data)
-
-    assert response.status_code == 200, f"Failed for {test_id}: {response.text}"
-
-    configured_snapshot.assert_match(
-        json.dumps(
-            {"metric_id": response.json(), "test_case": test_id},
-            indent=2,
-            sort_keys=True,
-        ),
-        f"analytics_metric_{test_id}",
-    )
-
-
-@pytest.mark.parametrize(
-    "invalid_data,expected_error",
-    [
-        ({}, "Field required"),
-        ({"metric_name": "test"}, "Field required"),
-        (
-            {"metric_name": "test", "metric_value": "not_a_number", "data_string": "x"},
-            "Input should be a valid number",
-        ),
-        (
-            {"metric_name": "", "metric_value": 1.0, "data_string": "test"},
-            "String should have at least 1 character",
-        ),
-        (
-            {"metric_name": "test", "metric_value": 1.0, "data_string": ""},
-            "String should have at least 1 character",
-        ),
-    ],
-    ids=[
-        "empty_request",
-        "missing_metric_value_and_data_string",
-        "invalid_metric_value_type",
-        "empty_metric_name",
-        "empty_data_string",
-    ],
-)
-def test_log_raw_metric_validation_errors(
-    invalid_data: dict,
-    expected_error: str,
-) -> None:
-    """Test validation errors for invalid metric requests."""
-    response = client.post("/log_raw_metric", json=invalid_data)
-
-    assert response.status_code == 422
-    error_detail = response.json()
-    assert "detail" in error_detail, f"Missing 'detail' in error: {error_detail}"
-
-    error_text = json.dumps(error_detail)
-    assert (
-        expected_error in error_text
-    ), f"Expected '{expected_error}' in error response: {error_text}"
-
-
-def test_log_raw_metric_service_error(
-    mocker: pytest_mock.MockFixture,
-    test_user_id: str,
-) -> None:
-    """Test error handling when analytics service fails."""
-    mocker.patch(
-        "backend.data.analytics.log_raw_metric",
-        new_callable=AsyncMock,
-        side_effect=Exception("Database connection failed"),
-    )
-
-    request_data = {
-        "metric_name": "test_metric",
-        "metric_value": 1.0,
-        "data_string": "test",
-    }
-
-    response = client.post("/log_raw_metric", json=request_data)
-
-    assert response.status_code == 500
-    error_detail = response.json()["detail"]
-    assert "Database connection failed" in error_detail["message"]
-    assert "hint" in error_detail
-
-
-# =============================================================================
-# /log_raw_analytics endpoint tests
-# =============================================================================
-
-
-def test_log_raw_analytics_success(
-    mocker: pytest_mock.MockFixture,
-    configured_snapshot: Snapshot,
-    test_user_id: str,
-) -> None:
-    """Test successful raw analytics logging."""
-    mock_result = Mock(id="analytics-789-uuid")
-    mock_log_analytics = mocker.patch(
-        "backend.data.analytics.log_raw_analytics",
-        new_callable=AsyncMock,
-        return_value=mock_result,
-    )
-
-    request_data = {
-        "type": "user_action",
-        "data": {
-            "action": "button_click",
-            "button_id": "submit_form",
-            "timestamp": "2023-01-01T00:00:00Z",
-            "metadata": {"form_type": "registration", "fields_filled": 5},
-        },
-        "data_index": "button_click_submit_form",
-    }
-
-    response = client.post("/log_raw_analytics", json=request_data)
-
-    assert response.status_code == 200, f"Unexpected response: {response.text}"
-    assert response.json() == "analytics-789-uuid"
-
-    mock_log_analytics.assert_called_once_with(
-        test_user_id,
-        "user_action",
-        request_data["data"],
-        "button_click_submit_form",
-    )
-
-    configured_snapshot.assert_match(
-        json.dumps({"analytics_id": response.json()}, indent=2, sort_keys=True),
-        "analytics_log_analytics_success",
-    )
-
-
-def test_log_raw_analytics_complex_data(
-    mocker: pytest_mock.MockFixture,
-    configured_snapshot: Snapshot,
-) -> None:
-    """Test raw analytics logging with complex nested data structures."""
-    mock_result = Mock(id="analytics-complex-uuid")
-    mocker.patch(
-        "backend.data.analytics.log_raw_analytics",
-        new_callable=AsyncMock,
-        return_value=mock_result,
-    )
-
-    request_data = {
-        "type": "agent_execution",
-        "data": {
-            "agent_id": "agent_123",
-            "execution_id": "exec_456",
-            "status": "completed",
-            "duration_ms": 3500,
-            "nodes_executed": 15,
-            "blocks_used": [
-                {"block_id": "llm_block", "count": 3},
-                {"block_id": "http_block", "count": 5},
-                {"block_id": "code_block", "count": 2},
-            ],
-            "errors": [],
-            "metadata": {
-                "trigger": "manual",
-                "user_tier": "premium",
-                "environment": "production",
-            },
-        },
-        "data_index": "agent_123_exec_456",
-    }
-
-    response = client.post("/log_raw_analytics", json=request_data)
-
-    assert response.status_code == 200
-
-    configured_snapshot.assert_match(
-        json.dumps(
-            {"analytics_id": response.json(), "logged_data": request_data["data"]},
-            indent=2,
-            sort_keys=True,
-        ),
-        "analytics_log_analytics_complex_data",
-    )
-
-
-@pytest.mark.parametrize(
-    "invalid_data,expected_error",
-    [
-        ({}, "Field required"),
-        ({"type": "test"}, "Field required"),
-        (
-            {"type": "test", "data": "not_a_dict", "data_index": "test"},
-            "Input should be a valid dictionary",
-        ),
-        ({"type": "test", "data": {"key": "value"}}, "Field required"),
-    ],
-    ids=[
-        "empty_request",
-        "missing_data_and_data_index",
-        "invalid_data_type",
-        "missing_data_index",
-    ],
-)
-def test_log_raw_analytics_validation_errors(
-    invalid_data: dict,
-    expected_error: str,
-) -> None:
-    """Test validation errors for invalid analytics requests."""
-    response = client.post("/log_raw_analytics", json=invalid_data)
-
-    assert response.status_code == 422
-    error_detail = response.json()
-    assert "detail" in error_detail, f"Missing 'detail' in error: {error_detail}"
-
-    error_text = json.dumps(error_detail)
-    assert (
-        expected_error in error_text
-    ), f"Expected '{expected_error}' in error response: {error_text}"
-
-
-def test_log_raw_analytics_service_error(
-    mocker: pytest_mock.MockFixture,
-    test_user_id: str,
-) -> None:
-    """Test error handling when analytics service fails."""
-    mocker.patch(
-        "backend.data.analytics.log_raw_analytics",
-        new_callable=AsyncMock,
-        side_effect=Exception("Analytics DB unreachable"),
-    )
-
-    request_data = {
-        "type": "test_event",
-        "data": {"key": "value"},
-        "data_index": "test_index",
-    }
-
-    response = client.post("/log_raw_analytics", json=request_data)
-
-    assert response.status_code == 500
-    error_detail = response.json()["detail"]
-    assert "Analytics DB unreachable" in error_detail["message"]
-    assert "hint" in error_detail

autogpt_platform/backend/backend/api/features/chat/db.py

@@ -1,215 +0,0 @@
-"""Database operations for chat sessions."""
-
-import logging
-from datetime import UTC, datetime
-from typing import Any, cast
-
-from prisma.models import ChatMessage as PrismaChatMessage
-from prisma.models import ChatSession as PrismaChatSession
-from prisma.types import (
-    ChatMessageCreateInput,
-    ChatSessionCreateInput,
-    ChatSessionUpdateInput,
-)
-
-from backend.util.json import SafeJson
-
-logger = logging.getLogger(__name__)
-
-
-async def get_chat_session(session_id: str) -> PrismaChatSession | None:
-    """Get a chat session by ID from the database."""
-    session = await PrismaChatSession.prisma().find_unique(
-        where={"id": session_id},
-        include={"Messages": True},
-    )
-    if session and session.Messages:
-        # Sort messages by sequence in Python since Prisma doesn't support order_by in include
-        session.Messages.sort(key=lambda m: m.sequence)
-    return session
-
-
-async def create_chat_session(
-    session_id: str,
-    user_id: str | None,
-) -> PrismaChatSession:
-    """Create a new chat session in the database."""
-    data = ChatSessionCreateInput(
-        id=session_id,
-        userId=user_id,
-        credentials=SafeJson({}),
-        successfulAgentRuns=SafeJson({}),
-        successfulAgentSchedules=SafeJson({}),
-    )
-    return await PrismaChatSession.prisma().create(
-        data=data,
-        include={"Messages": True},
-    )
-
-
-async def update_chat_session(
-    session_id: str,
-    credentials: dict[str, Any] | None = None,
-    successful_agent_runs: dict[str, Any] | None = None,
-    successful_agent_schedules: dict[str, Any] | None = None,
-    total_prompt_tokens: int | None = None,
-    total_completion_tokens: int | None = None,
-    title: str | None = None,
-) -> PrismaChatSession | None:
-    """Update a chat session's metadata."""
-    data: ChatSessionUpdateInput = {"updatedAt": datetime.now(UTC)}
-
-    if credentials is not None:
-        data["credentials"] = SafeJson(credentials)
-    if successful_agent_runs is not None:
-        data["successfulAgentRuns"] = SafeJson(successful_agent_runs)
-    if successful_agent_schedules is not None:
-        data["successfulAgentSchedules"] = SafeJson(successful_agent_schedules)
-    if total_prompt_tokens is not None:
-        data["totalPromptTokens"] = total_prompt_tokens
-    if total_completion_tokens is not None:
-        data["totalCompletionTokens"] = total_completion_tokens
-    if title is not None:
-        data["title"] = title
-
-    session = await PrismaChatSession.prisma().update(
-        where={"id": session_id},
-        data=data,
-        include={"Messages": True},
-    )
-    if session and session.Messages:
-        session.Messages.sort(key=lambda m: m.sequence)
-    return session
-
-
-async def add_chat_message(
-    session_id: str,
-    role: str,
-    sequence: int,
-    content: str | None = None,
-    name: str | None = None,
-    tool_call_id: str | None = None,
-    refusal: str | None = None,
-    tool_calls: list[dict[str, Any]] | None = None,
-    function_call: dict[str, Any] | None = None,
-) -> PrismaChatMessage:
-    """Add a message to a chat session."""
-    # Build the input dict dynamically - only include optional fields when they
-    # have values, as Prisma TypedDict validation fails when optional fields
-    # are explicitly set to None
-    data: dict[str, Any] = {
-        "Session": {"connect": {"id": session_id}},
-        "role": role,
-        "sequence": sequence,
-    }
-
-    # Add optional string fields
-    if content is not None:
-        data["content"] = content
-    if name is not None:
-        data["name"] = name
-    if tool_call_id is not None:
-        data["toolCallId"] = tool_call_id
-    if refusal is not None:
-        data["refusal"] = refusal
-
-    # Add optional JSON fields only when they have values
-    if tool_calls is not None:
-        data["toolCalls"] = SafeJson(tool_calls)
-    if function_call is not None:
-        data["functionCall"] = SafeJson(function_call)
-
-    # Update session's updatedAt timestamp
-    await PrismaChatSession.prisma().update(
-        where={"id": session_id},
-        data={"updatedAt": datetime.now(UTC)},
-    )
-
-    return await PrismaChatMessage.prisma().create(
-        data=cast(ChatMessageCreateInput, data)
-    )
-
-
-async def add_chat_messages_batch(
-    session_id: str,
-    messages: list[dict[str, Any]],
-    start_sequence: int,
-) -> list[PrismaChatMessage]:
-    """Add multiple messages to a chat session in a batch."""
-    if not messages:
-        return []
-
-    created_messages = []
-    for i, msg in enumerate(messages):
-        # Build the input dict dynamically - only include optional JSON fields
-        # when they have values, as Prisma TypedDict validation fails when
-        # optional fields are explicitly set to None
-        data: dict[str, Any] = {
-            "Session": {"connect": {"id": session_id}},
-            "role": msg["role"],
-            "sequence": start_sequence + i,
-        }
-
-        # Add optional string fields
-        if msg.get("content") is not None:
-            data["content"] = msg["content"]
-        if msg.get("name") is not None:
-            data["name"] = msg["name"]
-        if msg.get("tool_call_id") is not None:
-            data["toolCallId"] = msg["tool_call_id"]
-        if msg.get("refusal") is not None:
-            data["refusal"] = msg["refusal"]
-
-        # Add optional JSON fields only when they have values
-        if msg.get("tool_calls") is not None:
-            data["toolCalls"] = SafeJson(msg["tool_calls"])
-        if msg.get("function_call") is not None:
-            data["functionCall"] = SafeJson(msg["function_call"])
-
-        created = await PrismaChatMessage.prisma().create(
-            data=cast(ChatMessageCreateInput, data)
-        )
-        created_messages.append(created)
-
-    # Update session's updatedAt timestamp
-    await PrismaChatSession.prisma().update(
-        where={"id": session_id},
-        data={"updatedAt": datetime.now(UTC)},
-    )
-
-    return created_messages
-
-
-async def get_user_chat_sessions(
-    user_id: str,
-    limit: int = 50,
-    offset: int = 0,
-) -> list[PrismaChatSession]:
-    """Get chat sessions for a user, ordered by most recent."""
-    return await PrismaChatSession.prisma().find_many(
-        where={"userId": user_id},
-        order={"updatedAt": "desc"},
-        take=limit,
-        skip=offset,
-    )
-
-
-async def get_user_session_count(user_id: str) -> int:
-    """Get the total number of chat sessions for a user."""
-    return await PrismaChatSession.prisma().count(where={"userId": user_id})
-
-
-async def delete_chat_session(session_id: str) -> bool:
-    """Delete a chat session and all its messages."""
-    try:
-        await PrismaChatSession.prisma().delete(where={"id": session_id})
-        return True
-    except Exception as e:
-        logger.error(f"Failed to delete chat session {session_id}: {e}")
-        return False
-
-
-async def get_chat_session_message_count(session_id: str) -> int:
-    """Get the number of messages in a chat session."""
-    count = await PrismaChatMessage.prisma().count(where={"sessionId": session_id})
-    return count

autogpt_platform/backend/backend/api/features/chat/model.py

@@ -1,473 +0,0 @@
-import logging
-import uuid
-from datetime import UTC, datetime
-
-from openai.types.chat import (
-    ChatCompletionAssistantMessageParam,
-    ChatCompletionDeveloperMessageParam,
-    ChatCompletionFunctionMessageParam,
-    ChatCompletionMessageParam,
-    ChatCompletionSystemMessageParam,
-    ChatCompletionToolMessageParam,
-    ChatCompletionUserMessageParam,
-)
-from openai.types.chat.chat_completion_assistant_message_param import FunctionCall
-from openai.types.chat.chat_completion_message_tool_call_param import (
-    ChatCompletionMessageToolCallParam,
-    Function,
-)
-from prisma.models import ChatMessage as PrismaChatMessage
-from prisma.models import ChatSession as PrismaChatSession
-from pydantic import BaseModel
-
-from backend.data.redis_client import get_redis_async
-from backend.util import json
-from backend.util.exceptions import RedisError
-
-from . import db as chat_db
-from .config import ChatConfig
-
-logger = logging.getLogger(__name__)
-config = ChatConfig()
-
-
-class ChatMessage(BaseModel):
-    role: str
-    content: str | None = None
-    name: str | None = None
-    tool_call_id: str | None = None
-    refusal: str | None = None
-    tool_calls: list[dict] | None = None
-    function_call: dict | None = None
-
-
-class Usage(BaseModel):
-    prompt_tokens: int
-    completion_tokens: int
-    total_tokens: int
-
-
-class ChatSession(BaseModel):
-    session_id: str
-    user_id: str | None
-    title: str | None = None
-    messages: list[ChatMessage]
-    usage: list[Usage]
-    credentials: dict[str, dict] = {}  # Map of provider -> credential metadata
-    started_at: datetime
-    updated_at: datetime
-    successful_agent_runs: dict[str, int] = {}
-    successful_agent_schedules: dict[str, int] = {}
-
-    @staticmethod
-    def new(user_id: str | None) -> "ChatSession":
-        return ChatSession(
-            session_id=str(uuid.uuid4()),
-            user_id=user_id,
-            title=None,
-            messages=[],
-            usage=[],
-            credentials={},
-            started_at=datetime.now(UTC),
-            updated_at=datetime.now(UTC),
-        )
-
-    @staticmethod
-    def from_prisma(
-        prisma_session: PrismaChatSession,
-        prisma_messages: list[PrismaChatMessage] | None = None,
-    ) -> "ChatSession":
-        """Convert Prisma models to Pydantic ChatSession."""
-        messages = []
-        if prisma_messages:
-            for msg in prisma_messages:
-                tool_calls = None
-                if msg.toolCalls:
-                    tool_calls = (
-                        json.loads(msg.toolCalls)
-                        if isinstance(msg.toolCalls, str)
-                        else msg.toolCalls
-                    )
-
-                function_call = None
-                if msg.functionCall:
-                    function_call = (
-                        json.loads(msg.functionCall)
-                        if isinstance(msg.functionCall, str)
-                        else msg.functionCall
-                    )
-
-                messages.append(
-                    ChatMessage(
-                        role=msg.role,
-                        content=msg.content,
-                        name=msg.name,
-                        tool_call_id=msg.toolCallId,
-                        refusal=msg.refusal,
-                        tool_calls=tool_calls,
-                        function_call=function_call,
-                    )
-                )
-
-        # Parse JSON fields from Prisma
-        credentials = (
-            json.loads(prisma_session.credentials)
-            if isinstance(prisma_session.credentials, str)
-            else prisma_session.credentials or {}
-        )
-        successful_agent_runs = (
-            json.loads(prisma_session.successfulAgentRuns)
-            if isinstance(prisma_session.successfulAgentRuns, str)
-            else prisma_session.successfulAgentRuns or {}
-        )
-        successful_agent_schedules = (
-            json.loads(prisma_session.successfulAgentSchedules)
-            if isinstance(prisma_session.successfulAgentSchedules, str)
-            else prisma_session.successfulAgentSchedules or {}
-        )
-
-        # Calculate usage from token counts
-        usage = []
-        if prisma_session.totalPromptTokens or prisma_session.totalCompletionTokens:
-            usage.append(
-                Usage(
-                    prompt_tokens=prisma_session.totalPromptTokens or 0,
-                    completion_tokens=prisma_session.totalCompletionTokens or 0,
-                    total_tokens=(prisma_session.totalPromptTokens or 0)
-                    + (prisma_session.totalCompletionTokens or 0),
-                )
-            )
-
-        return ChatSession(
-            session_id=prisma_session.id,
-            user_id=prisma_session.userId,
-            title=prisma_session.title,
-            messages=messages,
-            usage=usage,
-            credentials=credentials,
-            started_at=prisma_session.createdAt,
-            updated_at=prisma_session.updatedAt,
-            successful_agent_runs=successful_agent_runs,
-            successful_agent_schedules=successful_agent_schedules,
-        )
-
-    def to_openai_messages(self) -> list[ChatCompletionMessageParam]:
-        messages = []
-        for message in self.messages:
-            if message.role == "developer":
-                m = ChatCompletionDeveloperMessageParam(
-                    role="developer",
-                    content=message.content or "",
-                )
-                if message.name:
-                    m["name"] = message.name
-                messages.append(m)
-            elif message.role == "system":
-                m = ChatCompletionSystemMessageParam(
-                    role="system",
-                    content=message.content or "",
-                )
-                if message.name:
-                    m["name"] = message.name
-                messages.append(m)
-            elif message.role == "user":
-                m = ChatCompletionUserMessageParam(
-                    role="user",
-                    content=message.content or "",
-                )
-                if message.name:
-                    m["name"] = message.name
-                messages.append(m)
-            elif message.role == "assistant":
-                m = ChatCompletionAssistantMessageParam(
-                    role="assistant",
-                    content=message.content or "",
-                )
-                if message.function_call:
-                    m["function_call"] = FunctionCall(
-                        arguments=message.function_call["arguments"],
-                        name=message.function_call["name"],
-                    )
-                if message.refusal:
-                    m["refusal"] = message.refusal
-                if message.tool_calls:
-                    t: list[ChatCompletionMessageToolCallParam] = []
-                    for tool_call in message.tool_calls:
-                        # Tool calls are stored with nested structure: {id, type, function: {name, arguments}}
-                        function_data = tool_call.get("function", {})
-
-                        # Skip tool calls that are missing required fields
-                        if "id" not in tool_call or "name" not in function_data:
-                            logger.warning(
-                                f"Skipping invalid tool call: missing required fields. "
-                                f"Got: {tool_call.keys()}, function keys: {function_data.keys()}"
-                            )
-                            continue
-
-                        # Arguments are stored as a JSON string
-                        arguments_str = function_data.get("arguments", "{}")
-
-                        t.append(
-                            ChatCompletionMessageToolCallParam(
-                                id=tool_call["id"],
-                                type="function",
-                                function=Function(
-                                    arguments=arguments_str,
-                                    name=function_data["name"],
-                                ),
-                            )
-                        )
-                    m["tool_calls"] = t
-                if message.name:
-                    m["name"] = message.name
-                messages.append(m)
-            elif message.role == "tool":
-                messages.append(
-                    ChatCompletionToolMessageParam(
-                        role="tool",
-                        content=message.content or "",
-                        tool_call_id=message.tool_call_id or "",
-                    )
-                )
-            elif message.role == "function":
-                messages.append(
-                    ChatCompletionFunctionMessageParam(
-                        role="function",
-                        content=message.content,
-                        name=message.name or "",
-                    )
-                )
-        return messages
-
-
-async def _get_session_from_cache(session_id: str) -> ChatSession | None:
-    """Get a chat session from Redis cache."""
-    redis_key = f"chat:session:{session_id}"
-    async_redis = await get_redis_async()
-    raw_session: bytes | None = await async_redis.get(redis_key)
-
-    if raw_session is None:
-        return None
-
-    try:
-        session = ChatSession.model_validate_json(raw_session)
-        logger.info(
-            f"Loading session {session_id} from cache: "
-            f"message_count={len(session.messages)}, "
-            f"roles={[m.role for m in session.messages]}"
-        )
-        return session
-    except Exception as e:
-        logger.error(f"Failed to deserialize session {session_id}: {e}", exc_info=True)
-        raise RedisError(f"Corrupted session data for {session_id}") from e
-
-
-async def _cache_session(session: ChatSession) -> None:
-    """Cache a chat session in Redis."""
-    redis_key = f"chat:session:{session.session_id}"
-    async_redis = await get_redis_async()
-    await async_redis.setex(redis_key, config.session_ttl, session.model_dump_json())
-
-
-async def _get_session_from_db(session_id: str) -> ChatSession | None:
-    """Get a chat session from the database."""
-    prisma_session = await chat_db.get_chat_session(session_id)
-    if not prisma_session:
-        return None
-
-    messages = prisma_session.Messages
-    logger.info(
-        f"Loading session {session_id} from DB: "
-        f"has_messages={messages is not None}, "
-        f"message_count={len(messages) if messages else 0}, "
-        f"roles={[m.role for m in messages] if messages else []}"
-    )
-
-    return ChatSession.from_prisma(prisma_session, messages)
-
-
-async def _save_session_to_db(
-    session: ChatSession, existing_message_count: int
-) -> None:
-    """Save or update a chat session in the database."""
-    # Check if session exists in DB
-    existing = await chat_db.get_chat_session(session.session_id)
-
-    if not existing:
-        # Create new session
-        await chat_db.create_chat_session(
-            session_id=session.session_id,
-            user_id=session.user_id,
-        )
-        existing_message_count = 0
-
-    # Calculate total tokens from usage
-    total_prompt = sum(u.prompt_tokens for u in session.usage)
-    total_completion = sum(u.completion_tokens for u in session.usage)
-
-    # Update session metadata
-    await chat_db.update_chat_session(
-        session_id=session.session_id,
-        credentials=session.credentials,
-        successful_agent_runs=session.successful_agent_runs,
-        successful_agent_schedules=session.successful_agent_schedules,
-        total_prompt_tokens=total_prompt,
-        total_completion_tokens=total_completion,
-    )
-
-    # Add new messages (only those after existing count)
-    new_messages = session.messages[existing_message_count:]
-    if new_messages:
-        messages_data = []
-        for msg in new_messages:
-            messages_data.append(
-                {
-                    "role": msg.role,
-                    "content": msg.content,
-                    "name": msg.name,
-                    "tool_call_id": msg.tool_call_id,
-                    "refusal": msg.refusal,
-                    "tool_calls": msg.tool_calls,
-                    "function_call": msg.function_call,
-                }
-            )
-        logger.info(
-            f"Saving {len(new_messages)} new messages to DB for session {session.session_id}: "
-            f"roles={[m['role'] for m in messages_data]}, "
-            f"start_sequence={existing_message_count}"
-        )
-        await chat_db.add_chat_messages_batch(
-            session_id=session.session_id,
-            messages=messages_data,
-            start_sequence=existing_message_count,
-        )
-
-
-async def get_chat_session(
-    session_id: str,
-    user_id: str | None,
-) -> ChatSession | None:
-    """Get a chat session by ID.
-
-    Checks Redis cache first, falls back to database if not found.
-    Caches database results back to Redis.
-    """
-    # Try cache first
-    try:
-        session = await _get_session_from_cache(session_id)
-        if session:
-            # Verify user ownership
-            if session.user_id is not None and session.user_id != user_id:
-                logger.warning(
-                    f"Session {session_id} user id mismatch: {session.user_id} != {user_id}"
-                )
-                return None
-            return session
-    except RedisError:
-        logger.warning(f"Cache error for session {session_id}, trying database")
-    except Exception as e:
-        logger.warning(f"Unexpected cache error for session {session_id}: {e}")
-
-    # Fall back to database
-    logger.info(f"Session {session_id} not in cache, checking database")
-    session = await _get_session_from_db(session_id)
-
-    if session is None:
-        logger.warning(f"Session {session_id} not found in cache or database")
-        return None
-
-    # Verify user ownership
-    if session.user_id is not None and session.user_id != user_id:
-        logger.warning(
-            f"Session {session_id} user id mismatch: {session.user_id} != {user_id}"
-        )
-        return None
-
-    # Cache the session from DB
-    try:
-        await _cache_session(session)
-        logger.info(f"Cached session {session_id} from database")
-    except Exception as e:
-        logger.warning(f"Failed to cache session {session_id}: {e}")
-
-    return session
-
-
-async def upsert_chat_session(
-    session: ChatSession,
-) -> ChatSession:
-    """Update a chat session in both cache and database."""
-    # Get existing message count from DB for incremental saves
-    existing_message_count = await chat_db.get_chat_session_message_count(
-        session.session_id
-    )
-
-    # Save to database
-    try:
-        await _save_session_to_db(session, existing_message_count)
-    except Exception as e:
-        logger.error(f"Failed to save session {session.session_id} to database: {e}")
-        # Continue to cache even if DB fails
-
-    # Save to cache
-    try:
-        await _cache_session(session)
-    except Exception as e:
-        raise RedisError(
-            f"Failed to persist chat session {session.session_id} to Redis: {e}"
-        ) from e
-
-    return session
-
-
-async def create_chat_session(user_id: str | None) -> ChatSession:
-    """Create a new chat session and persist it."""
-    session = ChatSession.new(user_id)
-
-    # Create in database first
-    try:
-        await chat_db.create_chat_session(
-            session_id=session.session_id,
-            user_id=user_id,
-        )
-    except Exception as e:
-        logger.error(f"Failed to create session in database: {e}")
-        # Continue even if DB fails - cache will still work
-
-    # Cache the session
-    try:
-        await _cache_session(session)
-    except Exception as e:
-        logger.warning(f"Failed to cache new session: {e}")
-
-    return session
-
-
-async def get_user_sessions(
-    user_id: str,
-    limit: int = 50,
-    offset: int = 0,
-) -> list[ChatSession]:
-    """Get all chat sessions for a user from the database."""
-    prisma_sessions = await chat_db.get_user_chat_sessions(user_id, limit, offset)
-
-    sessions = []
-    for prisma_session in prisma_sessions:
-        # Convert without messages for listing (lighter weight)
-        sessions.append(ChatSession.from_prisma(prisma_session, None))
-
-    return sessions
-
-
-async def delete_chat_session(session_id: str) -> bool:
-    """Delete a chat session from both cache and database."""
-    # Delete from cache
-    try:
-        redis_key = f"chat:session:{session_id}"
-        async_redis = await get_redis_async()
-        await async_redis.delete(redis_key)
-    except Exception as e:
-        logger.warning(f"Failed to delete session {session_id} from cache: {e}")
-
-    # Delete from database
-    return await chat_db.delete_chat_session(session_id)

autogpt_platform/backend/backend/api/features/chat/model_test.py

@@ -1,117 +0,0 @@
-import pytest
-
-from .model import (
-    ChatMessage,
-    ChatSession,
-    Usage,
-    get_chat_session,
-    upsert_chat_session,
-)
-
-messages = [
-    ChatMessage(content="Hello, how are you?", role="user"),
-    ChatMessage(
-        content="I'm fine, thank you!",
-        role="assistant",
-        tool_calls=[
-            {
-                "id": "t123",
-                "type": "function",
-                "function": {
-                    "name": "get_weather",
-                    "arguments": '{"city": "New York"}',
-                },
-            }
-        ],
-    ),
-    ChatMessage(
-        content="I'm using the tool to get the weather",
-        role="tool",
-        tool_call_id="t123",
-    ),
-]
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_chatsession_serialization_deserialization():
-    s = ChatSession.new(user_id="abc123")
-    s.messages = messages
-    s.usage = [Usage(prompt_tokens=100, completion_tokens=200, total_tokens=300)]
-    serialized = s.model_dump_json()
-    s2 = ChatSession.model_validate_json(serialized)
-    assert s2.model_dump() == s.model_dump()
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_chatsession_redis_storage():
-
-    s = ChatSession.new(user_id=None)
-    s.messages = messages
-
-    s = await upsert_chat_session(s)
-
-    s2 = await get_chat_session(
-        session_id=s.session_id,
-        user_id=s.user_id,
-    )
-
-    assert s2 == s
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_chatsession_redis_storage_user_id_mismatch():
-
-    s = ChatSession.new(user_id="abc123")
-    s.messages = messages
-    s = await upsert_chat_session(s)
-
-    s2 = await get_chat_session(s.session_id, None)
-
-    assert s2 is None
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_chatsession_db_storage():
-    """Test that messages are correctly saved to and loaded from DB (not cache)."""
-    from backend.data.redis_client import get_redis_async
-
-    # Create session with messages including assistant message
-    s = ChatSession.new(user_id=None)
-    s.messages = messages  # Contains user, assistant, and tool messages
-    assert s.session_id is not None, "Session id is not set"
-    # Upsert to save to both cache and DB
-    s = await upsert_chat_session(s)
-
-    # Clear the Redis cache to force DB load
-    redis_key = f"chat:session:{s.session_id}"
-    async_redis = await get_redis_async()
-    await async_redis.delete(redis_key)
-
-    # Load from DB (cache was cleared)
-    s2 = await get_chat_session(
-        session_id=s.session_id,
-        user_id=s.user_id,
-    )
-
-    assert s2 is not None, "Session not found after loading from DB"
-    assert len(s2.messages) == len(
-        s.messages
-    ), f"Message count mismatch: expected {len(s.messages)}, got {len(s2.messages)}"
-
-    # Verify all roles are present
-    roles = [m.role for m in s2.messages]
-    assert "user" in roles, f"User message missing. Roles found: {roles}"
-    assert "assistant" in roles, f"Assistant message missing. Roles found: {roles}"
-    assert "tool" in roles, f"Tool message missing. Roles found: {roles}"
-
-    # Verify message content
-    for orig, loaded in zip(s.messages, s2.messages):
-        assert orig.role == loaded.role, f"Role mismatch: {orig.role} != {loaded.role}"
-        assert (
-            orig.content == loaded.content
-        ), f"Content mismatch for {orig.role}: {orig.content} != {loaded.content}"
-        if orig.tool_calls:
-            assert (
-                loaded.tool_calls is not None
-            ), f"Tool calls missing for {orig.role} message"
-            assert len(orig.tool_calls) == len(loaded.tool_calls)

autogpt_platform/backend/backend/api/features/chat/prompts/chat_system.md

@@ -1,192 +0,0 @@
-You are Otto, an AI Co-Pilot and Forward Deployed Engineer for AutoGPT, an AI Business Automation tool. Your mission is to help users quickly find, create, and set up AutoGPT agents to solve their business problems.
-
-Here are the functions available to you:
-
-<functions>
-**Understanding & Discovery:**
-1. **add_understanding** - Save information about the user's business context (use this as you learn about them)
-2. **find_agent** - Search the marketplace for pre-built agents that solve the user's problem
-3. **find_library_agent** - Search the user's personal library of saved agents
-4. **find_block** - Search for individual blocks (building components for agents)
-5. **search_platform_docs** - Search AutoGPT documentation for help
-
-**Agent Creation & Editing:**
-6. **create_agent** - Create a new custom agent from scratch based on user requirements
-7. **edit_agent** - Modify an existing agent (add/remove blocks, change configuration)
-
-**Execution & Output:**
-8. **run_agent** - Run or schedule an agent (automatically handles setup)
-9. **run_block** - Run a single block directly without creating an agent
-10. **agent_output** - Get the output/results from a running or completed agent execution
-</functions>
-
-## ALWAYS GET THE USER'S NAME
-
-**This is critical:** If you don't know the user's name, ask for it in your first response. Use a friendly, natural approach:
-- "Hi! I'm Otto. What's your name?"
-- "Hey there! Before we dive in, what should I call you?"
-
-Once you have their name, immediately save it with `add_understanding(user_name="...")` and use it throughout the conversation.
-
-## BUILDING USER UNDERSTANDING
-
-**If no User Business Context is provided below**, gather information naturally during conversation - don't interrogate them.
-
-**Key information to gather (in priority order):**
-1. Their name (ALWAYS first if unknown)
-2. Their job title and role
-3. Their business/company and industry
-4. Pain points and what they want to automate
-5. Tools they currently use
-
-**How to gather this information:**
-- Ask naturally as part of helping them (e.g., "What's your role?" or "What industry are you in?")
-- When they share information, immediately save it using `add_understanding`
-- Don't ask all questions at once - spread them across the conversation
-- Prioritize understanding their immediate problem first
-
-**Example:**
-```
-User: "I need help automating my social media"
-Otto: I can help with that! I'm Otto - what's your name?
-User: "I'm Sarah"
-Otto: [calls add_understanding with user_name="Sarah"]
-Nice to meet you, Sarah! What's your role - are you a social media manager or business owner?
-User: "I'm the marketing director at a fintech startup"
-Otto: [calls add_understanding with job_title="Marketing Director", industry="fintech", business_size="startup"]
-Great! Let me find social media automation agents for you.
-[calls find_agent with query="social media automation marketing"]
-```
-
-## WHEN TO USE WHICH TOOL
-
-**Finding existing agents:**
-- `find_agent` - Search the marketplace for pre-built agents others have created
-- `find_library_agent` - Search agents the user has already saved to their library
-
-**Creating/editing agents:**
-- `create_agent` - When user wants a custom agent that doesn't exist, or has specific requirements
-- `edit_agent` - When user wants to modify an existing agent (change inputs, add blocks, etc.)
-
-**Running agents:**
-- `run_agent` - To execute an agent (handles credentials and inputs automatically)
-- `agent_output` - To check the results of a running or completed agent execution
-
-**Direct execution:**
-- `run_block` - Run a single block directly without needing a full agent
-
-## HOW run_agent WORKS
-
-The `run_agent` tool automatically handles the entire setup flow:
-
-1. **First call** (no inputs) → Returns available inputs so user can decide what values to use
-2. **Credentials check** → If missing, UI automatically prompts user to add them (you don't need to mention this)
-3. **Execution** → Runs when you provide `inputs` OR set `use_defaults=true`
-
-Parameters:
-- `username_agent_slug` (required): Agent identifier like "creator/agent-name"
-- `inputs`: Object with input values for the agent
-- `use_defaults`: Set to `true` to run with default values (only after user confirms)
-- `schedule_name` + `cron`: For scheduled execution
-
-## HOW create_agent WORKS
-
-Use `create_agent` when the user wants to build a custom automation:
-- Describe what the agent should do
-- The tool will create the agent structure with appropriate blocks
-- Returns the agent ID for further editing or running
-
-## HOW agent_output WORKS
-
-Use `agent_output` to get results from agent executions:
-- Pass the execution_id from a run_agent response
-- Returns the current status and any outputs produced
-- Useful for checking if an agent has completed and what it produced
-
-## WORKFLOW
-
-1. **Get their name** - If unknown, ask for it first
-2. **Understand context** - Ask 1-2 questions about their problem while helping
-3. **Find or create** - Use find_agent for existing solutions, create_agent for custom needs
-4. **Set up and run** - Use run_agent to execute, agent_output to get results
-
-## YOUR APPROACH
-
-**Step 1: Greet and Identify**
-- If you don't know their name, ask for it
-- Be friendly and conversational
-
-**Step 2: Understand the Problem**
-- Ask maximum 1-2 targeted questions
-- Focus on: What business problem are they solving?
-- If they want to create/edit an agent, understand what it should do
-
-**Step 3: Find or Create**
-- For existing solutions: Use `find_agent` with relevant keywords
-- For custom needs: Use `create_agent` with their requirements
-- For modifications: Use `edit_agent` on an existing agent
-
-**Step 4: Execute**
-- Call `run_agent` without inputs first to see what's available
-- Ask user what values they want or if defaults are okay
-- Call `run_agent` again with inputs or `use_defaults=true`
-- Use `agent_output` to check results when needed
-
-## USING add_understanding
-
-Call `add_understanding` whenever you learn something about the user:
-
-**User info:** `user_name`, `job_title`
-**Business:** `business_name`, `industry`, `business_size` (1-10, 11-50, 51-200, 201-1000, 1000+), `user_role` (decision maker, implementer, end user)
-**Processes:** `key_workflows` (array), `daily_activities` (array)
-**Pain points:** `pain_points` (array), `bottlenecks` (array), `manual_tasks` (array), `automation_goals` (array)
-**Tools:** `current_software` (array), `existing_automation` (array)
-**Other:** `additional_notes`
-
-Example: `add_understanding(user_name="Sarah", job_title="Marketing Director", industry="fintech")`
-
-## KEY RULES
-
-**What You DON'T Do:**
-- Don't help with login (frontend handles this)
-- Don't mention or explain credentials to the user (frontend handles this automatically)
-- Don't run agents without first showing available inputs to the user
-- Don't use `use_defaults=true` without user explicitly confirming
-- Don't write responses longer than 3 sentences
-- Don't interrogate users with many questions - gather info naturally
-
-**What You DO:**
-- ALWAYS ask for user's name if you don't have it
-- Save user information with `add_understanding` as you learn it
-- Use their name when addressing them
-- Always call run_agent first without inputs to see what's available
-- Ask user what values they want OR if they want to use defaults
-- Keep all responses to maximum 3 sentences
-- Include the agent link in your response after successful execution
-
-**Error Handling:**
-- Authentication needed → "Please sign in via the interface"
-- Credentials missing → The UI handles this automatically. Focus on asking the user about input values instead.
-
-## RESPONSE STRUCTURE
-
-Before responding, wrap your analysis in <thinking> tags to systematically plan your approach:
-- Check if you know the user's name - if not, ask for it
-- Check if you have user context - if not, plan to gather some naturally
-- Extract the key business problem or request from the user's message
-- Determine what function call (if any) you need to make next
-- Plan your response to stay under the 3-sentence maximum
-
-Example interaction:
-```
-User: "Hi, I want to build an agent that monitors my competitors"
-Otto: <thinking>I don't know this user's name. I should ask for it while acknowledging their request.</thinking>
-Hi! I'm Otto and I'd love to help you build a competitor monitoring agent. What's your name?
-User: "I'm Mike"
-Otto: [calls add_understanding with user_name="Mike"]
-<thinking>Now I know Mike wants competitor monitoring. I should search for existing agents first.</thinking>
-Great to meet you, Mike! Let me search for competitor monitoring agents.
-[calls find_agent with query="competitor monitoring analysis"]
-```
-
-KEEP ANSWERS TO 3 SENTENCES

autogpt_platform/backend/backend/api/features/chat/prompts/onboarding_system.md

@@ -1,155 +0,0 @@
-You are Otto, an AI Co-Pilot helping new users get started with AutoGPT, an AI Business Automation platform. Your mission is to welcome them, learn about their needs, and help them run their first successful agent.
-
-Here are the functions available to you:
-
-<functions>
-**Understanding & Discovery:**
-1. **add_understanding** - Save information about the user's business context (use this as you learn about them)
-2. **find_agent** - Search the marketplace for pre-built agents that solve the user's problem
-3. **find_library_agent** - Search the user's personal library of saved agents
-4. **find_block** - Search for individual blocks (building components for agents)
-5. **search_platform_docs** - Search AutoGPT documentation for help
-
-**Agent Creation & Editing:**
-6. **create_agent** - Create a new custom agent from scratch based on user requirements
-7. **edit_agent** - Modify an existing agent (add/remove blocks, change configuration)
-
-**Execution & Output:**
-8. **run_agent** - Run or schedule an agent (automatically handles setup)
-9. **run_block** - Run a single block directly without creating an agent
-10. **agent_output** - Get the output/results from a running or completed agent execution
-</functions>
-
-## YOUR ONBOARDING MISSION
-
-You are guiding a new user through their first experience with AutoGPT. Your goal is to:
-1. Welcome them warmly and get their name
-2. Learn about them and their business
-3. Find or create an agent that solves a real problem for them
-4. Get that agent running successfully
-5. Celebrate their success and point them to next steps
-
-## PHASE 1: WELCOME & INTRODUCTION
-
-**Start every conversation by:**
-- Giving a warm, friendly greeting
-- Introducing yourself as Otto, their AI assistant
-- Asking for their name immediately
-
-**Example opening:**
-```
-Hi! I'm Otto, your AI assistant. Welcome to AutoGPT! I'm here to help you set up your first automation. What's your name?
-```
-
-Once you have their name, save it immediately with `add_understanding(user_name="...")` and use it throughout.
-
-## PHASE 2: DISCOVERY
-
-**After getting their name, learn about them:**
-- What's their role/job title?
-- What industry/business are they in?
-- What's one thing they'd love to automate?
-
-**Keep it conversational - don't interrogate. Example:**
-```
-Nice to meet you, Sarah! What do you do for work, and what's one task you wish you could automate?
-```
-
-Save everything you learn with `add_understanding`.
-
-## PHASE 3: FIND OR CREATE AN AGENT
-
-**Once you understand their need:**
-- Search for existing agents with `find_agent`
-- Present the best match and explain how it helps them
-- If nothing fits, offer to create a custom agent with `create_agent`
-
-**Be enthusiastic about the solution:**
-```
-I found a great agent for you! The "Social Media Scheduler" can automatically post to your accounts on a schedule. Want to try it?
-```
-
-## PHASE 4: SETUP & RUN
-
-**Guide them through running the agent:**
-1. Call `run_agent` without inputs first to see what's needed
-2. Explain each input in simple terms
-3. Ask what values they want to use
-4. Run the agent with their inputs or defaults
-
-**Don't mention credentials** - the UI handles that automatically.
-
-## PHASE 5: CELEBRATE & HANDOFF
-
-**After successful execution:**
-- Congratulate them on their first automation!
-- Tell them where to find this agent (their Library)
-- Mention they can explore more agents in the Marketplace
-- Offer to help with anything else
-
-**Example:**
-```
-You did it! Your first agent is running. You can find it anytime in your Library. Ready to explore more automations?
-```
-
-## KEY RULES
-
-**What You DON'T Do:**
-- Don't help with login (frontend handles this)
-- Don't mention credentials (UI handles automatically)
-- Don't run agents without showing inputs first
-- Don't use `use_defaults=true` without explicit confirmation
-- Don't write responses longer than 3 sentences
-- Don't overwhelm with too many questions at once
-
-**What You DO:**
-- ALWAYS get the user's name first
-- Be warm, encouraging, and celebratory
-- Save info with `add_understanding` as you learn it
-- Use their name when addressing them
-- Keep responses to maximum 3 sentences
-- Make them feel successful at each step
-
-## USING add_understanding
-
-Save information as you learn it:
-
-**User info:** `user_name`, `job_title`
-**Business:** `business_name`, `industry`, `business_size`, `user_role`
-**Pain points:** `pain_points`, `manual_tasks`, `automation_goals`
-**Tools:** `current_software`
-
-Example: `add_understanding(user_name="Sarah", job_title="Marketing Manager", automation_goals=["social media scheduling"])`
-
-## HOW run_agent WORKS
-
-1. **First call** (no inputs) → Shows available inputs
-2. **Credentials** → UI handles automatically (don't mention)
-3. **Execution** → Run with `inputs={...}` or `use_defaults=true`
-
-## RESPONSE STRUCTURE
-
-Before responding, plan your approach in <thinking> tags:
-- What phase am I in? (Welcome/Discovery/Find/Setup/Celebrate)
-- Do I know their name? If not, ask for it
-- What's the next step to move them forward?
-- Keep response under 3 sentences
-
-**Example flow:**
-```
-User: "Hi"
-Otto: <thinking>Phase 1 - I need to welcome them and get their name.</thinking>
-Hi! I'm Otto, welcome to AutoGPT! I'm here to help you set up your first automation - what's your name?
-
-User: "I'm Alex"
-Otto: [calls add_understanding with user_name="Alex"]
-<thinking>Got their name. Phase 2 - learn about them.</thinking>
-Great to meet you, Alex! What do you do for work, and what's one task you'd love to automate?
-
-User: "I run an e-commerce store and spend hours on customer support emails"
-Otto: [calls add_understanding with industry="e-commerce", pain_points=["customer support emails"]]
-<thinking>Phase 3 - search for agents.</thinking>
-[calls find_agent with query="customer support email automation"]
-```
-
-KEEP ANSWERS TO 3 SENTENCES - Be warm, helpful, and focused on their success!

autogpt_platform/backend/backend/api/features/chat/routes.py

@@ -1,472 +0,0 @@
-"""Chat API routes for chat session management and streaming via SSE."""
-
-import logging
-from collections.abc import AsyncGenerator
-from typing import Annotated
-
-from autogpt_libs import auth
-from fastapi import APIRouter, Depends, Query, Security
-from fastapi.responses import StreamingResponse
-from pydantic import BaseModel
-
-from backend.util.exceptions import NotFoundError
-
-from . import service as chat_service
-from .config import ChatConfig
-
-config = ChatConfig()
-
-
-logger = logging.getLogger(__name__)
-
-router = APIRouter(
-    tags=["chat"],
-)
-
-# ========== Request/Response Models ==========
-
-
-class StreamChatRequest(BaseModel):
-    """Request model for streaming chat with optional context."""
-
-    message: str
-    is_user_message: bool = True
-    context: dict[str, str] | None = None  # {url: str, content: str}
-
-
-class CreateSessionResponse(BaseModel):
-    """Response model containing information on a newly created chat session."""
-
-    id: str
-    created_at: str
-    user_id: str | None
-
-
-class SessionDetailResponse(BaseModel):
-    """Response model providing complete details for a chat session, including messages."""
-
-    id: str
-    created_at: str
-    updated_at: str
-    user_id: str | None
-    messages: list[dict]
-
-
-class SessionSummaryResponse(BaseModel):
-    """Response model for a session summary (without messages)."""
-
-    id: str
-    created_at: str
-    updated_at: str
-    title: str | None = None
-
-
-class ListSessionsResponse(BaseModel):
-    """Response model for listing chat sessions."""
-
-    sessions: list[SessionSummaryResponse]
-    total: int
-
-
-# ========== Routes ==========
-
-
-@router.get(
-    "/sessions",
-    dependencies=[Security(auth.requires_user)],
-)
-async def list_sessions(
-    user_id: Annotated[str, Security(auth.get_user_id)],
-    limit: int = Query(default=50, ge=1, le=100),
-    offset: int = Query(default=0, ge=0),
-) -> ListSessionsResponse:
-    """
-    List chat sessions for the authenticated user.
-
-    Returns a paginated list of chat sessions belonging to the current user,
-    ordered by most recently updated.
-
-    Args:
-        user_id: The authenticated user's ID.
-        limit: Maximum number of sessions to return (1-100).
-        offset: Number of sessions to skip for pagination.
-
-    Returns:
-        ListSessionsResponse: List of session summaries and total count.
-    """
-    sessions = await chat_service.get_user_sessions(user_id, limit, offset)
-
-    return ListSessionsResponse(
-        sessions=[
-            SessionSummaryResponse(
-                id=session.session_id,
-                created_at=session.started_at.isoformat(),
-                updated_at=session.updated_at.isoformat(),
-                title=None,  # TODO: Add title support
-            )
-            for session in sessions
-        ],
-        total=len(sessions),
-    )
-
-
-@router.post(
-    "/sessions",
-)
-async def create_session(
-    user_id: Annotated[str | None, Depends(auth.get_user_id)],
-) -> CreateSessionResponse:
-    """
-    Create a new chat session.
-
-    Initiates a new chat session for either an authenticated or anonymous user.
-
-    Args:
-        user_id: The optional authenticated user ID parsed from the JWT. If missing, creates an anonymous session.
-
-    Returns:
-        CreateSessionResponse: Details of the created session.
-
-    """
-    logger.info(
-        f"Creating session with user_id: "
-        f"...{user_id[-8:] if user_id and len(user_id) > 8 else '<redacted>'}"
-    )
-
-    session = await chat_service.create_chat_session(user_id)
-
-    return CreateSessionResponse(
-        id=session.session_id,
-        created_at=session.started_at.isoformat(),
-        user_id=session.user_id or None,
-    )
-
-
-@router.get(
-    "/sessions/{session_id}",
-)
-async def get_session(
-    session_id: str,
-    user_id: Annotated[str | None, Depends(auth.get_user_id)],
-) -> SessionDetailResponse:
-    """
-    Retrieve the details of a specific chat session.
-
-    Looks up a chat session by ID for the given user (if authenticated) and returns all session data including messages.
-
-    Args:
-        session_id: The unique identifier for the desired chat session.
-        user_id: The optional authenticated user ID, or None for anonymous access.
-
-    Returns:
-        SessionDetailResponse: Details for the requested session; raises NotFoundError if not found.
-
-    """
-    session = await chat_service.get_session(session_id, user_id)
-    if not session:
-        raise NotFoundError(f"Session {session_id} not found")
-
-    messages = [message.model_dump() for message in session.messages]
-    logger.info(
-        f"Returning session {session_id}: "
-        f"message_count={len(messages)}, "
-        f"roles={[m.get('role') for m in messages]}"
-    )
-
-    return SessionDetailResponse(
-        id=session.session_id,
-        created_at=session.started_at.isoformat(),
-        updated_at=session.updated_at.isoformat(),
-        user_id=session.user_id or None,
-        messages=messages,
-    )
-
-
-@router.post(
-    "/sessions/{session_id}/stream",
-)
-async def stream_chat_post(
-    session_id: str,
-    request: StreamChatRequest,
-    user_id: str | None = Depends(auth.get_user_id),
-):
-    """
-    Stream chat responses for a session (POST with context support).
-
-    Streams the AI/completion responses in real time over Server-Sent Events (SSE), including:
-      - Text fragments as they are generated
-      - Tool call UI elements (if invoked)
-      - Tool execution results
-
-    Args:
-        session_id: The chat session identifier to associate with the streamed messages.
-        request: Request body containing message, is_user_message, and optional context.
-        user_id: Optional authenticated user ID.
-    Returns:
-        StreamingResponse: SSE-formatted response chunks.
-
-    """
-    # Validate session exists before starting the stream
-    # This prevents errors after the response has already started
-    session = await chat_service.get_session(session_id, user_id)
-
-    if not session:
-        raise NotFoundError(f"Session {session_id} not found. ")
-    if session.user_id is None and user_id is not None:
-        session = await chat_service.assign_user_to_session(session_id, user_id)
-
-    async def event_generator() -> AsyncGenerator[str, None]:
-        async for chunk in chat_service.stream_chat_completion(
-            session_id,
-            request.message,
-            is_user_message=request.is_user_message,
-            user_id=user_id,
-            session=session,  # Pass pre-fetched session to avoid double-fetch
-            context=request.context,
-        ):
-            yield chunk.to_sse()
-
-    return StreamingResponse(
-        event_generator(),
-        media_type="text/event-stream",
-        headers={
-            "Cache-Control": "no-cache",
-            "Connection": "keep-alive",
-            "X-Accel-Buffering": "no",  # Disable nginx buffering
-        },
-    )
-
-
-@router.get(
-    "/sessions/{session_id}/stream",
-)
-async def stream_chat_get(
-    session_id: str,
-    message: Annotated[str, Query(min_length=1, max_length=10000)],
-    user_id: str | None = Depends(auth.get_user_id),
-    is_user_message: bool = Query(default=True),
-):
-    """
-    Stream chat responses for a session (GET - legacy endpoint).
-
-    Streams the AI/completion responses in real time over Server-Sent Events (SSE), including:
-      - Text fragments as they are generated
-      - Tool call UI elements (if invoked)
-      - Tool execution results
-
-    Args:
-        session_id: The chat session identifier to associate with the streamed messages.
-        message: The user's new message to process.
-        user_id: Optional authenticated user ID.
-        is_user_message: Whether the message is a user message.
-    Returns:
-        StreamingResponse: SSE-formatted response chunks.
-
-    """
-    # Validate session exists before starting the stream
-    # This prevents errors after the response has already started
-    session = await chat_service.get_session(session_id, user_id)
-
-    if not session:
-        raise NotFoundError(f"Session {session_id} not found. ")
-    if session.user_id is None and user_id is not None:
-        session = await chat_service.assign_user_to_session(session_id, user_id)
-
-    async def event_generator() -> AsyncGenerator[str, None]:
-        async for chunk in chat_service.stream_chat_completion(
-            session_id,
-            message,
-            is_user_message=is_user_message,
-            user_id=user_id,
-            session=session,  # Pass pre-fetched session to avoid double-fetch
-        ):
-            yield chunk.to_sse()
-
-    return StreamingResponse(
-        event_generator(),
-        media_type="text/event-stream",
-        headers={
-            "Cache-Control": "no-cache",
-            "Connection": "keep-alive",
-            "X-Accel-Buffering": "no",  # Disable nginx buffering
-        },
-    )
-
-
-@router.patch(
-    "/sessions/{session_id}/assign-user",
-    dependencies=[Security(auth.requires_user)],
-    status_code=200,
-)
-async def session_assign_user(
-    session_id: str,
-    user_id: Annotated[str, Security(auth.get_user_id)],
-) -> dict:
-    """
-    Assign an authenticated user to a chat session.
-
-    Used (typically post-login) to claim an existing anonymous session as the current authenticated user.
-
-    Args:
-        session_id: The identifier for the (previously anonymous) session.
-        user_id: The authenticated user's ID to associate with the session.
-
-    Returns:
-        dict: Status of the assignment.
-
-    """
-    await chat_service.assign_user_to_session(session_id, user_id)
-    return {"status": "ok"}
-
-
-# ========== Onboarding Routes ==========
-# These routes use a specialized onboarding system prompt
-
-
-@router.post(
-    "/onboarding/sessions",
-)
-async def create_onboarding_session(
-    user_id: Annotated[str | None, Depends(auth.get_user_id)],
-) -> CreateSessionResponse:
-    """
-    Create a new onboarding chat session.
-
-    Initiates a new chat session specifically for user onboarding,
-    using a specialized prompt that guides users through their first
-    experience with AutoGPT.
-
-    Args:
-        user_id: The optional authenticated user ID parsed from the JWT.
-
-    Returns:
-        CreateSessionResponse: Details of the created onboarding session.
-    """
-    logger.info(
-        f"Creating onboarding session with user_id: "
-        f"...{user_id[-8:] if user_id and len(user_id) > 8 else '<redacted>'}"
-    )
-
-    session = await chat_service.create_chat_session(user_id)
-
-    return CreateSessionResponse(
-        id=session.session_id,
-        created_at=session.started_at.isoformat(),
-        user_id=session.user_id or None,
-    )
-
-
-@router.get(
-    "/onboarding/sessions/{session_id}",
-)
-async def get_onboarding_session(
-    session_id: str,
-    user_id: Annotated[str | None, Depends(auth.get_user_id)],
-) -> SessionDetailResponse:
-    """
-    Retrieve the details of an onboarding chat session.
-
-    Args:
-        session_id: The unique identifier for the onboarding session.
-        user_id: The optional authenticated user ID.
-
-    Returns:
-        SessionDetailResponse: Details for the requested session.
-    """
-    session = await chat_service.get_session(session_id, user_id)
-    if not session:
-        raise NotFoundError(f"Session {session_id} not found")
-
-    messages = [message.model_dump() for message in session.messages]
-    logger.info(
-        f"Returning onboarding session {session_id}: "
-        f"message_count={len(messages)}, "
-        f"roles={[m.get('role') for m in messages]}"
-    )
-
-    return SessionDetailResponse(
-        id=session.session_id,
-        created_at=session.started_at.isoformat(),
-        updated_at=session.updated_at.isoformat(),
-        user_id=session.user_id or None,
-        messages=messages,
-    )
-
-
-@router.post(
-    "/onboarding/sessions/{session_id}/stream",
-)
-async def stream_onboarding_chat(
-    session_id: str,
-    request: StreamChatRequest,
-    user_id: str | None = Depends(auth.get_user_id),
-):
-    """
-    Stream onboarding chat responses for a session.
-
-    Uses the specialized onboarding system prompt to guide new users
-    through their first experience with AutoGPT. Streams AI responses
-    in real time over Server-Sent Events (SSE).
-
-    Args:
-        session_id: The onboarding session identifier.
-        request: Request body containing message and optional context.
-        user_id: Optional authenticated user ID.
-
-    Returns:
-        StreamingResponse: SSE-formatted response chunks.
-    """
-    session = await chat_service.get_session(session_id, user_id)
-
-    if not session:
-        raise NotFoundError(f"Session {session_id} not found.")
-    if session.user_id is None and user_id is not None:
-        session = await chat_service.assign_user_to_session(session_id, user_id)
-
-    async def event_generator() -> AsyncGenerator[str, None]:
-        async for chunk in chat_service.stream_chat_completion(
-            session_id,
-            request.message,
-            is_user_message=request.is_user_message,
-            user_id=user_id,
-            session=session,
-            context=request.context,
-            prompt_type="onboarding",  # Use onboarding system prompt
-        ):
-            yield chunk.to_sse()
-
-    return StreamingResponse(
-        event_generator(),
-        media_type="text/event-stream",
-        headers={
-            "Cache-Control": "no-cache",
-            "Connection": "keep-alive",
-            "X-Accel-Buffering": "no",
-        },
-    )
-
-
-# ========== Health Check ==========
-
-
-@router.get("/health", status_code=200)
-async def health_check() -> dict:
-    """
-    Health check endpoint for the chat service.
-
-    Performs a full cycle test of session creation, assignment, and retrieval. Should always return healthy
-    if the service and data layer are operational.
-
-    Returns:
-        dict: A status dictionary indicating health, service name, and API version.
-
-    """
-    session = await chat_service.create_chat_session(None)
-    await chat_service.assign_user_to_session(session.session_id, "test_user")
-    await chat_service.get_session(session.session_id, "test_user")
-
-    return {
-        "status": "healthy",
-        "service": "chat",
-        "version": "0.1.0",
-    }

autogpt_platform/backend/backend/api/features/chat/tools/add_understanding.py

@@ -1,202 +0,0 @@
-"""Tool for capturing user business understanding incrementally."""
-
-import logging
-from typing import Any
-
-from backend.api.features.chat.model import ChatSession
-from backend.data.understanding import (
-    BusinessUnderstandingInput,
-    upsert_business_understanding,
-)
-
-from .base import BaseTool
-from .models import ErrorResponse, ToolResponseBase, UnderstandingUpdatedResponse
-
-logger = logging.getLogger(__name__)
-
-
-class AddUnderstandingTool(BaseTool):
-    """Tool for capturing user's business understanding incrementally."""
-
-    @property
-    def name(self) -> str:
-        return "add_understanding"
-
-    @property
-    def description(self) -> str:
-        return """Capture and store information about the user's business context,
-workflows, pain points, and automation goals. Call this tool whenever the user
-shares information about their business. Each call incrementally adds to the
-existing understanding - you don't need to provide all fields at once.
-
-Use this to build a comprehensive profile that helps recommend better agents
-and automations for the user's specific needs."""
-
-    @property
-    def parameters(self) -> dict[str, Any]:
-        return {
-            "type": "object",
-            "properties": {
-                "user_name": {
-                    "type": "string",
-                    "description": "The user's name",
-                },
-                "job_title": {
-                    "type": "string",
-                    "description": "The user's job title (e.g., 'Marketing Manager', 'CEO', 'Software Engineer')",
-                },
-                "business_name": {
-                    "type": "string",
-                    "description": "Name of the user's business or organization",
-                },
-                "industry": {
-                    "type": "string",
-                    "description": "Industry or sector (e.g., 'e-commerce', 'healthcare', 'finance')",
-                },
-                "business_size": {
-                    "type": "string",
-                    "description": "Company size: '1-10', '11-50', '51-200', '201-1000', or '1000+'",
-                },
-                "user_role": {
-                    "type": "string",
-                    "description": "User's role in organization context (e.g., 'decision maker', 'implementer', 'end user')",
-                },
-                "key_workflows": {
-                    "type": "array",
-                    "items": {"type": "string"},
-                    "description": "Key business workflows (e.g., 'lead qualification', 'content publishing')",
-                },
-                "daily_activities": {
-                    "type": "array",
-                    "items": {"type": "string"},
-                    "description": "Regular daily activities the user performs",
-                },
-                "pain_points": {
-                    "type": "array",
-                    "items": {"type": "string"},
-                    "description": "Current pain points or challenges",
-                },
-                "bottlenecks": {
-                    "type": "array",
-                    "items": {"type": "string"},
-                    "description": "Process bottlenecks slowing things down",
-                },
-                "manual_tasks": {
-                    "type": "array",
-                    "items": {"type": "string"},
-                    "description": "Manual or repetitive tasks that could be automated",
-                },
-                "automation_goals": {
-                    "type": "array",
-                    "items": {"type": "string"},
-                    "description": "Desired automation outcomes or goals",
-                },
-                "current_software": {
-                    "type": "array",
-                    "items": {"type": "string"},
-                    "description": "Software and tools currently in use",
-                },
-                "existing_automation": {
-                    "type": "array",
-                    "items": {"type": "string"},
-                    "description": "Any existing automations or integrations",
-                },
-                "additional_notes": {
-                    "type": "string",
-                    "description": "Any other relevant context or notes",
-                },
-            },
-            "required": [],
-        }
-
-    @property
-    def requires_auth(self) -> bool:
-        """Requires authentication to store user-specific data."""
-        return True
-
-    async def _execute(
-        self,
-        user_id: str | None,
-        session: ChatSession,
-        **kwargs,
-    ) -> ToolResponseBase:
-        """
-        Capture and store business understanding incrementally.
-
-        Each call merges new data with existing understanding:
-        - String fields are overwritten if provided
-        - List fields are appended (with deduplication)
-        """
-        session_id = session.session_id
-
-        if not user_id:
-            return ErrorResponse(
-                message="Authentication required to save business understanding.",
-                session_id=session_id,
-            )
-
-        # Check if any data was provided
-        if not any(v is not None for v in kwargs.values()):
-            return ErrorResponse(
-                message="Please provide at least one field to update.",
-                session_id=session_id,
-            )
-
-        # Build input model
-        input_data = BusinessUnderstandingInput(
-            user_name=kwargs.get("user_name"),
-            job_title=kwargs.get("job_title"),
-            business_name=kwargs.get("business_name"),
-            industry=kwargs.get("industry"),
-            business_size=kwargs.get("business_size"),
-            user_role=kwargs.get("user_role"),
-            key_workflows=kwargs.get("key_workflows"),
-            daily_activities=kwargs.get("daily_activities"),
-            pain_points=kwargs.get("pain_points"),
-            bottlenecks=kwargs.get("bottlenecks"),
-            manual_tasks=kwargs.get("manual_tasks"),
-            automation_goals=kwargs.get("automation_goals"),
-            current_software=kwargs.get("current_software"),
-            existing_automation=kwargs.get("existing_automation"),
-            additional_notes=kwargs.get("additional_notes"),
-        )
-
-        # Track which fields were updated
-        updated_fields = [k for k, v in kwargs.items() if v is not None]
-
-        # Upsert with merge
-        understanding = await upsert_business_understanding(user_id, input_data)
-
-        # Build current understanding summary for the response
-        current_understanding = {
-            "user_name": understanding.user_name,
-            "job_title": understanding.job_title,
-            "business_name": understanding.business_name,
-            "industry": understanding.industry,
-            "business_size": understanding.business_size,
-            "user_role": understanding.user_role,
-            "key_workflows": understanding.key_workflows,
-            "daily_activities": understanding.daily_activities,
-            "pain_points": understanding.pain_points,
-            "bottlenecks": understanding.bottlenecks,
-            "manual_tasks": understanding.manual_tasks,
-            "automation_goals": understanding.automation_goals,
-            "current_software": understanding.current_software,
-            "existing_automation": understanding.existing_automation,
-            "additional_notes": understanding.additional_notes,
-        }
-
-        # Filter out empty values for cleaner response
-        current_understanding = {
-            k: v
-            for k, v in current_understanding.items()
-            if v is not None and v != [] and v != ""
-        }
-
-        return UnderstandingUpdatedResponse(
-            message=f"Updated understanding with: {', '.join(updated_fields)}. "
-            "I now have a better picture of your business context.",
-            session_id=session_id,
-            updated_fields=updated_fields,
-            current_understanding=current_understanding,
-        )

autogpt_platform/backend/backend/api/features/chat/tools/agent_output.py

@@ -1,455 +0,0 @@
-"""Tool for retrieving agent execution outputs from user's library."""
-
-import logging
-import re
-from datetime import datetime, timedelta, timezone
-from typing import Any
-
-from pydantic import BaseModel, field_validator
-
-from backend.api.features.chat.model import ChatSession
-from backend.api.features.library import db as library_db
-from backend.api.features.library.model import LibraryAgent
-from backend.data import execution as execution_db
-from backend.data.execution import ExecutionStatus, GraphExecution, GraphExecutionMeta
-
-from .base import BaseTool
-from .models import (
-    AgentOutputResponse,
-    ErrorResponse,
-    ExecutionOutputInfo,
-    NoResultsResponse,
-    ToolResponseBase,
-)
-from .utils import fetch_graph_from_store_slug
-
-logger = logging.getLogger(__name__)
-
-
-class AgentOutputInput(BaseModel):
-    """Input parameters for the agent_output tool."""
-
-    agent_name: str = ""
-    library_agent_id: str = ""
-    store_slug: str = ""
-    execution_id: str = ""
-    run_time: str = "latest"
-
-    @field_validator(
-        "agent_name",
-        "library_agent_id",
-        "store_slug",
-        "execution_id",
-        "run_time",
-        mode="before",
-    )
-    @classmethod
-    def strip_strings(cls, v: Any) -> Any:
-        """Strip whitespace from string fields."""
-        return v.strip() if isinstance(v, str) else v
-
-
-def parse_time_expression(
-    time_expr: str | None,
-) -> tuple[datetime | None, datetime | None]:
-    """
-    Parse time expression into datetime range (start, end).
-
-    Supports:
-    - "latest" or None -> returns (None, None) to get most recent
-    - "yesterday" -> 24h window for yesterday
-    - "today" -> Today from midnight
-    - "last week" / "last 7 days" -> 7 day window
-    - "last month" / "last 30 days" -> 30 day window
-    - ISO date "YYYY-MM-DD" -> 24h window for that date
-    """
-    if not time_expr or time_expr.lower() == "latest":
-        return None, None
-
-    now = datetime.now(timezone.utc)
-    expr = time_expr.lower().strip()
-
-    # Relative expressions
-    if expr == "yesterday":
-        end = now.replace(hour=0, minute=0, second=0, microsecond=0)
-        start = end - timedelta(days=1)
-        return start, end
-
-    if expr in ("last week", "last 7 days"):
-        return now - timedelta(days=7), now
-
-    if expr in ("last month", "last 30 days"):
-        return now - timedelta(days=30), now
-
-    if expr == "today":
-        start = now.replace(hour=0, minute=0, second=0, microsecond=0)
-        return start, now
-
-    # Try ISO date format (YYYY-MM-DD)
-    date_match = re.match(r"^(\d{4})-(\d{2})-(\d{2})$", expr)
-    if date_match:
-        year, month, day = map(int, date_match.groups())
-        start = datetime(year, month, day, 0, 0, 0, tzinfo=timezone.utc)
-        end = start + timedelta(days=1)
-        return start, end
-
-    # Try ISO datetime
-    try:
-        parsed = datetime.fromisoformat(expr.replace("Z", "+00:00"))
-        if parsed.tzinfo is None:
-            parsed = parsed.replace(tzinfo=timezone.utc)
-        # Return +/- 1 hour window around the specified time
-        return parsed - timedelta(hours=1), parsed + timedelta(hours=1)
-    except ValueError:
-        pass
-
-    # Fallback: treat as "latest"
-    return None, None
-
-
-class AgentOutputTool(BaseTool):
-    """Tool for retrieving execution outputs from user's library agents."""
-
-    @property
-    def name(self) -> str:
-        return "agent_output"
-
-    @property
-    def description(self) -> str:
-        return """Retrieve execution outputs from agents in the user's library.
-
-        Identify the agent using one of:
-        - agent_name: Fuzzy search in user's library
-        - library_agent_id: Exact library agent ID
-        - store_slug: Marketplace format 'username/agent-name'
-
-        Select which run to retrieve using:
-        - execution_id: Specific execution ID
-        - run_time: 'latest' (default), 'yesterday', 'last week', or ISO date 'YYYY-MM-DD'
-        """
-
-    @property
-    def parameters(self) -> dict[str, Any]:
-        return {
-            "type": "object",
-            "properties": {
-                "agent_name": {
-                    "type": "string",
-                    "description": "Agent name to search for in user's library (fuzzy match)",
-                },
-                "library_agent_id": {
-                    "type": "string",
-                    "description": "Exact library agent ID",
-                },
-                "store_slug": {
-                    "type": "string",
-                    "description": "Marketplace identifier: 'username/agent-slug'",
-                },
-                "execution_id": {
-                    "type": "string",
-                    "description": "Specific execution ID to retrieve",
-                },
-                "run_time": {
-                    "type": "string",
-                    "description": (
-                        "Time filter: 'latest', 'yesterday', 'last week', or 'YYYY-MM-DD'"
-                    ),
-                },
-            },
-            "required": [],
-        }
-
-    @property
-    def requires_auth(self) -> bool:
-        return True
-
-    async def _resolve_agent(
-        self,
-        user_id: str,
-        agent_name: str | None,
-        library_agent_id: str | None,
-        store_slug: str | None,
-    ) -> tuple[LibraryAgent | None, str | None]:
-        """
-        Resolve agent from provided identifiers.
-        Returns (library_agent, error_message).
-        """
-        # Priority 1: Exact library agent ID
-        if library_agent_id:
-            try:
-                agent = await library_db.get_library_agent(library_agent_id, user_id)
-                return agent, None
-            except Exception as e:
-                logger.warning(f"Failed to get library agent by ID: {e}")
-                return None, f"Library agent '{library_agent_id}' not found"
-
-        # Priority 2: Store slug (username/agent-name)
-        if store_slug and "/" in store_slug:
-            username, agent_slug = store_slug.split("/", 1)
-            graph, _ = await fetch_graph_from_store_slug(username, agent_slug)
-            if not graph:
-                return None, f"Agent '{store_slug}' not found in marketplace"
-
-            # Find in user's library by graph_id
-            agent = await library_db.get_library_agent_by_graph_id(user_id, graph.id)
-            if not agent:
-                return (
-                    None,
-                    f"Agent '{store_slug}' is not in your library. "
-                    "Add it first to see outputs.",
-                )
-            return agent, None
-
-        # Priority 3: Fuzzy name search in library
-        if agent_name:
-            try:
-                response = await library_db.list_library_agents(
-                    user_id=user_id,
-                    search_term=agent_name,
-                    page_size=5,
-                )
-                if not response.agents:
-                    return (
-                        None,
-                        f"No agents matching '{agent_name}' found in your library",
-                    )
-
-                # Return best match (first result from search)
-                return response.agents[0], None
-            except Exception as e:
-                logger.error(f"Error searching library agents: {e}")
-                return None, f"Error searching for agent: {e}"
-
-        return (
-            None,
-            "Please specify an agent name, library_agent_id, or store_slug",
-        )
-
-    async def _get_execution(
-        self,
-        user_id: str,
-        graph_id: str,
-        execution_id: str | None,
-        time_start: datetime | None,
-        time_end: datetime | None,
-    ) -> tuple[GraphExecution | None, list[GraphExecutionMeta], str | None]:
-        """
-        Fetch execution(s) based on filters.
-        Returns (single_execution, available_executions_meta, error_message).
-        """
-        # If specific execution_id provided, fetch it directly
-        if execution_id:
-            execution = await execution_db.get_graph_execution(
-                user_id=user_id,
-                execution_id=execution_id,
-                include_node_executions=False,
-            )
-            if not execution:
-                return None, [], f"Execution '{execution_id}' not found"
-            return execution, [], None
-
-        # Get completed executions with time filters
-        executions = await execution_db.get_graph_executions(
-            graph_id=graph_id,
-            user_id=user_id,
-            statuses=[ExecutionStatus.COMPLETED],
-            created_time_gte=time_start,
-            created_time_lte=time_end,
-            limit=10,
-        )
-
-        if not executions:
-            return None, [], None  # No error, just no executions
-
-        # If only one execution, fetch full details
-        if len(executions) == 1:
-            full_execution = await execution_db.get_graph_execution(
-                user_id=user_id,
-                execution_id=executions[0].id,
-                include_node_executions=False,
-            )
-            return full_execution, [], None
-
-        # Multiple executions - return latest with full details, plus list of available
-        full_execution = await execution_db.get_graph_execution(
-            user_id=user_id,
-            execution_id=executions[0].id,
-            include_node_executions=False,
-        )
-        return full_execution, executions, None
-
-    def _build_response(
-        self,
-        agent: LibraryAgent,
-        execution: GraphExecution | None,
-        available_executions: list[GraphExecutionMeta],
-        session_id: str | None,
-    ) -> AgentOutputResponse:
-        """Build the response based on execution data."""
-        library_agent_link = f"/library/agents/{agent.id}"
-
-        if not execution:
-            return AgentOutputResponse(
-                message=f"No completed executions found for agent '{agent.name}'",
-                session_id=session_id,
-                agent_name=agent.name,
-                agent_id=agent.graph_id,
-                library_agent_id=agent.id,
-                library_agent_link=library_agent_link,
-                total_executions=0,
-            )
-
-        execution_info = ExecutionOutputInfo(
-            execution_id=execution.id,
-            status=execution.status.value,
-            started_at=execution.started_at,
-            ended_at=execution.ended_at,
-            outputs=dict(execution.outputs),
-            inputs_summary=execution.inputs if execution.inputs else None,
-        )
-
-        available_list = None
-        if len(available_executions) > 1:
-            available_list = [
-                {
-                    "id": e.id,
-                    "status": e.status.value,
-                    "started_at": e.started_at.isoformat() if e.started_at else None,
-                }
-                for e in available_executions[:5]
-            ]
-
-        message = f"Found execution outputs for agent '{agent.name}'"
-        if len(available_executions) > 1:
-            message += (
-                f". Showing latest of {len(available_executions)} matching executions."
-            )
-
-        return AgentOutputResponse(
-            message=message,
-            session_id=session_id,
-            agent_name=agent.name,
-            agent_id=agent.graph_id,
-            library_agent_id=agent.id,
-            library_agent_link=library_agent_link,
-            execution=execution_info,
-            available_executions=available_list,
-            total_executions=len(available_executions) if available_executions else 1,
-        )
-
-    async def _execute(
-        self,
-        user_id: str | None,
-        session: ChatSession,
-        **kwargs,
-    ) -> ToolResponseBase:
-        """Execute the agent_output tool."""
-        session_id = session.session_id
-
-        # Parse and validate input
-        try:
-            input_data = AgentOutputInput(**kwargs)
-        except Exception as e:
-            logger.error(f"Invalid input: {e}")
-            return ErrorResponse(
-                message="Invalid input parameters",
-                error=str(e),
-                session_id=session_id,
-            )
-
-        # Ensure user_id is present (should be guaranteed by requires_auth)
-        if not user_id:
-            return ErrorResponse(
-                message="User authentication required",
-                session_id=session_id,
-            )
-
-        # Check if at least one identifier is provided
-        if not any(
-            [
-                input_data.agent_name,
-                input_data.library_agent_id,
-                input_data.store_slug,
-                input_data.execution_id,
-            ]
-        ):
-            return ErrorResponse(
-                message=(
-                    "Please specify at least one of: agent_name, "
-                    "library_agent_id, store_slug, or execution_id"
-                ),
-                session_id=session_id,
-            )
-
-        # If only execution_id provided, we need to find the agent differently
-        if (
-            input_data.execution_id
-            and not input_data.agent_name
-            and not input_data.library_agent_id
-            and not input_data.store_slug
-        ):
-            # Fetch execution directly to get graph_id
-            execution = await execution_db.get_graph_execution(
-                user_id=user_id,
-                execution_id=input_data.execution_id,
-                include_node_executions=False,
-            )
-            if not execution:
-                return ErrorResponse(
-                    message=f"Execution '{input_data.execution_id}' not found",
-                    session_id=session_id,
-                )
-
-            # Find library agent by graph_id
-            agent = await library_db.get_library_agent_by_graph_id(
-                user_id, execution.graph_id
-            )
-            if not agent:
-                return NoResultsResponse(
-                    message=(
-                        f"Execution found but agent not in your library. "
-                        f"Graph ID: {execution.graph_id}"
-                    ),
-                    session_id=session_id,
-                    suggestions=["Add the agent to your library to see more details"],
-                )
-
-            return self._build_response(agent, execution, [], session_id)
-
-        # Resolve agent from identifiers
-        agent, error = await self._resolve_agent(
-            user_id=user_id,
-            agent_name=input_data.agent_name or None,
-            library_agent_id=input_data.library_agent_id or None,
-            store_slug=input_data.store_slug or None,
-        )
-
-        if error or not agent:
-            return NoResultsResponse(
-                message=error or "Agent not found",
-                session_id=session_id,
-                suggestions=[
-                    "Check the agent name or ID",
-                    "Make sure the agent is in your library",
-                ],
-            )
-
-        # Parse time expression
-        time_start, time_end = parse_time_expression(input_data.run_time)
-
-        # Fetch execution(s)
-        execution, available_executions, exec_error = await self._get_execution(
-            user_id=user_id,
-            graph_id=agent.graph_id,
-            execution_id=input_data.execution_id or None,
-            time_start=time_start,
-            time_end=time_end,
-        )
-
-        if exec_error:
-            return ErrorResponse(
-                message=exec_error,
-                session_id=session_id,
-            )
-
-        return self._build_response(agent, execution, available_executions, session_id)

autogpt_platform/backend/backend/api/features/chat/tools/find_library_agent.py

@@ -1,157 +0,0 @@
-"""Tool for searching agents in the user's library."""
-
-import logging
-from typing import Any
-
-from backend.api.features.chat.model import ChatSession
-from backend.api.features.library import db as library_db
-from backend.util.exceptions import DatabaseError
-
-from .base import BaseTool
-from .models import (
-    AgentCarouselResponse,
-    AgentInfo,
-    ErrorResponse,
-    NoResultsResponse,
-    ToolResponseBase,
-)
-
-logger = logging.getLogger(__name__)
-
-
-class FindLibraryAgentTool(BaseTool):
-    """Tool for searching agents in the user's library."""
-
-    @property
-    def name(self) -> str:
-        return "find_library_agent"
-
-    @property
-    def description(self) -> str:
-        return (
-            "Search for agents in the user's library. Use this to find agents "
-            "the user has already added to their library, including agents they "
-            "created or added from the marketplace."
-        )
-
-    @property
-    def parameters(self) -> dict[str, Any]:
-        return {
-            "type": "object",
-            "properties": {
-                "query": {
-                    "type": "string",
-                    "description": (
-                        "Search query to find agents by name or description. "
-                        "Use keywords for best results."
-                    ),
-                },
-            },
-            "required": ["query"],
-        }
-
-    @property
-    def requires_auth(self) -> bool:
-        return True
-
-    async def _execute(
-        self,
-        user_id: str | None,
-        session: ChatSession,
-        **kwargs,
-    ) -> ToolResponseBase:
-        """Search for agents in the user's library.
-
-        Args:
-            user_id: User ID (required)
-            session: Chat session
-            query: Search query
-
-        Returns:
-            AgentCarouselResponse: List of agents found in the library
-            NoResultsResponse: No agents found
-            ErrorResponse: Error message
-        """
-        query = kwargs.get("query", "").strip()
-        session_id = session.session_id
-
-        if not query:
-            return ErrorResponse(
-                message="Please provide a search query",
-                session_id=session_id,
-            )
-
-        if not user_id:
-            return ErrorResponse(
-                message="User authentication required to search library",
-                session_id=session_id,
-            )
-
-        agents = []
-        try:
-            logger.info(f"Searching user library for: {query}")
-            library_results = await library_db.list_library_agents(
-                user_id=user_id,
-                search_term=query,
-                page_size=10,
-            )
-
-            logger.info(
-                f"Find library agents tool found {len(library_results.agents)} agents"
-            )
-
-            for agent in library_results.agents:
-                agents.append(
-                    AgentInfo(
-                        id=agent.id,
-                        name=agent.name,
-                        description=agent.description or "",
-                        source="library",
-                        in_library=True,
-                        creator=agent.creator_name,
-                        status=agent.status.value,
-                        can_access_graph=agent.can_access_graph,
-                        has_external_trigger=agent.has_external_trigger,
-                        new_output=agent.new_output,
-                        graph_id=agent.graph_id,
-                    ),
-                )
-
-        except DatabaseError as e:
-            logger.error(f"Error searching library agents: {e}", exc_info=True)
-            return ErrorResponse(
-                message="Failed to search library. Please try again.",
-                error=str(e),
-                session_id=session_id,
-            )
-
-        if not agents:
-            return NoResultsResponse(
-                message=(
-                    f"No agents found matching '{query}' in your library. "
-                    "Try different keywords or use find_agent to search the marketplace."
-                ),
-                session_id=session_id,
-                suggestions=[
-                    "Try more general terms",
-                    "Use find_agent to search the marketplace",
-                    "Check your library at /library",
-                ],
-            )
-
-        title = (
-            f"Found {len(agents)} agent{'s' if len(agents) != 1 else ''} "
-            f"in your library for '{query}'"
-        )
-
-        return AgentCarouselResponse(
-            message=(
-                "Found agents in the user's library. You can provide a link to "
-                "view an agent at: /library/agents/{agent_id}. "
-                "Use agent_output to get execution results, or run_agent to execute."
-            ),
-            title=title,
-            agents=agents,
-            count=len(agents),
-            session_id=session_id,
-        )

autogpt_platform/backend/backend/api/features/oauth.py

@@ -1,833 +0,0 @@
-"""
-OAuth 2.0 Provider Endpoints
-
-Implements OAuth 2.0 Authorization Code flow with PKCE support.
-
-Flow:
-1. User clicks "Login with AutoGPT" in 3rd party app
-2. App redirects user to /auth/authorize with client_id, redirect_uri, scope, state
-3. User sees consent screen (if not already logged in, redirects to login first)
-4. User approves → backend creates authorization code
-5. User redirected back to app with code
-6. App exchanges code for access/refresh tokens at /api/oauth/token
-7. App uses access token to call external API endpoints
-"""
-
-import io
-import logging
-import os
-import uuid
-from datetime import datetime
-from typing import Literal, Optional
-from urllib.parse import urlencode
-
-from autogpt_libs.auth import get_user_id
-from fastapi import APIRouter, Body, HTTPException, Security, UploadFile, status
-from gcloud.aio import storage as async_storage
-from PIL import Image
-from prisma.enums import APIKeyPermission
-from pydantic import BaseModel, Field
-
-from backend.data.auth.oauth import (
-    InvalidClientError,
-    InvalidGrantError,
-    OAuthApplicationInfo,
-    TokenIntrospectionResult,
-    consume_authorization_code,
-    create_access_token,
-    create_authorization_code,
-    create_refresh_token,
-    get_oauth_application,
-    get_oauth_application_by_id,
-    introspect_token,
-    list_user_oauth_applications,
-    refresh_tokens,
-    revoke_access_token,
-    revoke_refresh_token,
-    update_oauth_application,
-    validate_client_credentials,
-    validate_redirect_uri,
-    validate_scopes,
-)
-from backend.util.settings import Settings
-from backend.util.virus_scanner import scan_content_safe
-
-settings = Settings()
-logger = logging.getLogger(__name__)
-
-router = APIRouter()
-
-
-# ============================================================================
-# Request/Response Models
-# ============================================================================
-
-
-class TokenResponse(BaseModel):
-    """OAuth 2.0 token response"""
-
-    token_type: Literal["Bearer"] = "Bearer"
-    access_token: str
-    access_token_expires_at: datetime
-    refresh_token: str
-    refresh_token_expires_at: datetime
-    scopes: list[str]
-
-
-class ErrorResponse(BaseModel):
-    """OAuth 2.0 error response"""
-
-    error: str
-    error_description: Optional[str] = None
-
-
-class OAuthApplicationPublicInfo(BaseModel):
-    """Public information about an OAuth application (for consent screen)"""
-
-    name: str
-    description: Optional[str] = None
-    logo_url: Optional[str] = None
-    scopes: list[str]
-
-
-# ============================================================================
-# Application Info Endpoint
-# ============================================================================
-
-
-@router.get(
-    "/app/{client_id}",
-    responses={
-        404: {"description": "Application not found or disabled"},
-    },
-)
-async def get_oauth_app_info(
-    client_id: str, user_id: str = Security(get_user_id)
-) -> OAuthApplicationPublicInfo:
-    """
-    Get public information about an OAuth application.
-
-    This endpoint is used by the consent screen to display application details
-    to the user before they authorize access.
-
-    Returns:
-    - name: Application name
-    - description: Application description (if provided)
-    - scopes: List of scopes the application is allowed to request
-    """
-    app = await get_oauth_application(client_id)
-    if not app or not app.is_active:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail="Application not found",
-        )
-
-    return OAuthApplicationPublicInfo(
-        name=app.name,
-        description=app.description,
-        logo_url=app.logo_url,
-        scopes=[s.value for s in app.scopes],
-    )
-
-
-# ============================================================================
-# Authorization Endpoint
-# ============================================================================
-
-
-class AuthorizeRequest(BaseModel):
-    """OAuth 2.0 authorization request"""
-
-    client_id: str = Field(description="Client identifier")
-    redirect_uri: str = Field(description="Redirect URI")
-    scopes: list[str] = Field(description="List of scopes")
-    state: str = Field(description="Anti-CSRF token from client")
-    response_type: str = Field(
-        default="code", description="Must be 'code' for authorization code flow"
-    )
-    code_challenge: str = Field(description="PKCE code challenge (required)")
-    code_challenge_method: Literal["S256", "plain"] = Field(
-        default="S256", description="PKCE code challenge method (S256 recommended)"
-    )
-
-
-class AuthorizeResponse(BaseModel):
-    """OAuth 2.0 authorization response with redirect URL"""
-
-    redirect_url: str = Field(description="URL to redirect the user to")
-
-
-@router.post("/authorize")
-async def authorize(
-    request: AuthorizeRequest = Body(),
-    user_id: str = Security(get_user_id),
-) -> AuthorizeResponse:
-    """
-    OAuth 2.0 Authorization Endpoint
-
-    User must be logged in (authenticated with Supabase JWT).
-    This endpoint creates an authorization code and returns a redirect URL.
-
-    PKCE (Proof Key for Code Exchange) is REQUIRED for all authorization requests.
-
-    The frontend consent screen should call this endpoint after the user approves,
-    then redirect the user to the returned `redirect_url`.
-
-    Request Body:
-    - client_id: The OAuth application's client ID
-    - redirect_uri: Where to redirect after authorization (must match registered URI)
-    - scopes: List of permissions (e.g., "EXECUTE_GRAPH READ_GRAPH")
-    - state: Anti-CSRF token provided by client (will be returned in redirect)
-    - response_type: Must be "code" (for authorization code flow)
-    - code_challenge: PKCE code challenge (required)
-    - code_challenge_method: "S256" (recommended) or "plain"
-
-    Returns:
-    - redirect_url: The URL to redirect the user to (includes authorization code)
-
-    Error cases return a redirect_url with error parameters, or raise HTTPException
-    for critical errors (like invalid redirect_uri).
-    """
-    try:
-        # Validate response_type
-        if request.response_type != "code":
-            return _error_redirect_url(
-                request.redirect_uri,
-                request.state,
-                "unsupported_response_type",
-                "Only 'code' response type is supported",
-            )
-
-        # Get application
-        app = await get_oauth_application(request.client_id)
-        if not app:
-            return _error_redirect_url(
-                request.redirect_uri,
-                request.state,
-                "invalid_client",
-                "Unknown client_id",
-            )
-
-        if not app.is_active:
-            return _error_redirect_url(
-                request.redirect_uri,
-                request.state,
-                "invalid_client",
-                "Application is not active",
-            )
-
-        # Validate redirect URI
-        if not validate_redirect_uri(app, request.redirect_uri):
-            # For invalid redirect_uri, we can't redirect safely
-            # Must return error instead
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST,
-                detail=(
-                    "Invalid redirect_uri. "
-                    f"Must be one of: {', '.join(app.redirect_uris)}"
-                ),
-            )
-
-        # Parse and validate scopes
-        try:
-            requested_scopes = [APIKeyPermission(s.strip()) for s in request.scopes]
-        except ValueError as e:
-            return _error_redirect_url(
-                request.redirect_uri,
-                request.state,
-                "invalid_scope",
-                f"Invalid scope: {e}",
-            )
-
-        if not requested_scopes:
-            return _error_redirect_url(
-                request.redirect_uri,
-                request.state,
-                "invalid_scope",
-                "At least one scope is required",
-            )
-
-        if not validate_scopes(app, requested_scopes):
-            return _error_redirect_url(
-                request.redirect_uri,
-                request.state,
-                "invalid_scope",
-                "Application is not authorized for all requested scopes. "
-                f"Allowed: {', '.join(s.value for s in app.scopes)}",
-            )
-
-        # Create authorization code
-        auth_code = await create_authorization_code(
-            application_id=app.id,
-            user_id=user_id,
-            scopes=requested_scopes,
-            redirect_uri=request.redirect_uri,
-            code_challenge=request.code_challenge,
-            code_challenge_method=request.code_challenge_method,
-        )
-
-        # Build redirect URL with authorization code
-        params = {
-            "code": auth_code.code,
-            "state": request.state,
-        }
-        redirect_url = f"{request.redirect_uri}?{urlencode(params)}"
-
-        logger.info(
-            f"Authorization code issued for user #{user_id} "
-            f"and app {app.name} (#{app.id})"
-        )
-
-        return AuthorizeResponse(redirect_url=redirect_url)
-
-    except HTTPException:
-        raise
-    except Exception as e:
-        logger.error(f"Error in authorization endpoint: {e}", exc_info=True)
-        return _error_redirect_url(
-            request.redirect_uri,
-            request.state,
-            "server_error",
-            "An unexpected error occurred",
-        )
-
-
-def _error_redirect_url(
-    redirect_uri: str,
-    state: str,
-    error: str,
-    error_description: Optional[str] = None,
-) -> AuthorizeResponse:
-    """Helper to build redirect URL with OAuth error parameters"""
-    params = {
-        "error": error,
-        "state": state,
-    }
-    if error_description:
-        params["error_description"] = error_description
-
-    redirect_url = f"{redirect_uri}?{urlencode(params)}"
-    return AuthorizeResponse(redirect_url=redirect_url)
-
-
-# ============================================================================
-# Token Endpoint
-# ============================================================================
-
-
-class TokenRequestByCode(BaseModel):
-    grant_type: Literal["authorization_code"]
-    code: str = Field(description="Authorization code")
-    redirect_uri: str = Field(
-        description="Redirect URI (must match authorization request)"
-    )
-    client_id: str
-    client_secret: str
-    code_verifier: str = Field(description="PKCE code verifier")
-
-
-class TokenRequestByRefreshToken(BaseModel):
-    grant_type: Literal["refresh_token"]
-    refresh_token: str
-    client_id: str
-    client_secret: str
-
-
-@router.post("/token")
-async def token(
-    request: TokenRequestByCode | TokenRequestByRefreshToken = Body(),
-) -> TokenResponse:
-    """
-    OAuth 2.0 Token Endpoint
-
-    Exchanges authorization code or refresh token for access token.
-
-    Grant Types:
-    1. authorization_code: Exchange authorization code for tokens
-       - Required: grant_type, code, redirect_uri, client_id, client_secret
-       - Optional: code_verifier (required if PKCE was used)
-
-    2. refresh_token: Exchange refresh token for new access token
-       - Required: grant_type, refresh_token, client_id, client_secret
-
-    Returns:
-    - access_token: Bearer token for API access (1 hour TTL)
-    - token_type: "Bearer"
-    - expires_in: Seconds until access token expires
-    - refresh_token: Token for refreshing access (30 days TTL)
-    - scopes: List of scopes
-    """
-    # Validate client credentials
-    try:
-        app = await validate_client_credentials(
-            request.client_id, request.client_secret
-        )
-    except InvalidClientError as e:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail=str(e),
-        )
-
-    # Handle authorization_code grant
-    if request.grant_type == "authorization_code":
-        # Consume authorization code
-        try:
-            user_id, scopes = await consume_authorization_code(
-                code=request.code,
-                application_id=app.id,
-                redirect_uri=request.redirect_uri,
-                code_verifier=request.code_verifier,
-            )
-        except InvalidGrantError as e:
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST,
-                detail=str(e),
-            )
-
-        # Create access and refresh tokens
-        access_token = await create_access_token(app.id, user_id, scopes)
-        refresh_token = await create_refresh_token(app.id, user_id, scopes)
-
-        logger.info(
-            f"Access token issued for user #{user_id} and app {app.name} (#{app.id})"
-            "via authorization code"
-        )
-
-        if not access_token.token or not refresh_token.token:
-            raise HTTPException(
-                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-                detail="Failed to generate tokens",
-            )
-
-        return TokenResponse(
-            token_type="Bearer",
-            access_token=access_token.token.get_secret_value(),
-            access_token_expires_at=access_token.expires_at,
-            refresh_token=refresh_token.token.get_secret_value(),
-            refresh_token_expires_at=refresh_token.expires_at,
-            scopes=list(s.value for s in scopes),
-        )
-
-    # Handle refresh_token grant
-    elif request.grant_type == "refresh_token":
-        # Refresh access token
-        try:
-            new_access_token, new_refresh_token = await refresh_tokens(
-                request.refresh_token, app.id
-            )
-        except InvalidGrantError as e:
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST,
-                detail=str(e),
-            )
-
-        logger.info(
-            f"Tokens refreshed for user #{new_access_token.user_id} "
-            f"by app {app.name} (#{app.id})"
-        )
-
-        if not new_access_token.token or not new_refresh_token.token:
-            raise HTTPException(
-                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-                detail="Failed to generate tokens",
-            )
-
-        return TokenResponse(
-            token_type="Bearer",
-            access_token=new_access_token.token.get_secret_value(),
-            access_token_expires_at=new_access_token.expires_at,
-            refresh_token=new_refresh_token.token.get_secret_value(),
-            refresh_token_expires_at=new_refresh_token.expires_at,
-            scopes=list(s.value for s in new_access_token.scopes),
-        )
-
-    else:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail=f"Unsupported grant_type: {request.grant_type}. "
-            "Must be 'authorization_code' or 'refresh_token'",
-        )
-
-
-# ============================================================================
-# Token Introspection Endpoint
-# ============================================================================
-
-
-@router.post("/introspect")
-async def introspect(
-    token: str = Body(description="Token to introspect"),
-    token_type_hint: Optional[Literal["access_token", "refresh_token"]] = Body(
-        None, description="Hint about token type ('access_token' or 'refresh_token')"
-    ),
-    client_id: str = Body(description="Client identifier"),
-    client_secret: str = Body(description="Client secret"),
-) -> TokenIntrospectionResult:
-    """
-    OAuth 2.0 Token Introspection Endpoint (RFC 7662)
-
-    Allows clients to check if a token is valid and get its metadata.
-
-    Returns:
-    - active: Whether the token is currently active
-    - scopes: List of authorized scopes (if active)
-    - client_id: The client the token was issued to (if active)
-    - user_id: The user the token represents (if active)
-    - exp: Expiration timestamp (if active)
-    - token_type: "access_token" or "refresh_token" (if active)
-    """
-    # Validate client credentials
-    try:
-        await validate_client_credentials(client_id, client_secret)
-    except InvalidClientError as e:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail=str(e),
-        )
-
-    # Introspect the token
-    return await introspect_token(token, token_type_hint)
-
-
-# ============================================================================
-# Token Revocation Endpoint
-# ============================================================================
-
-
-@router.post("/revoke")
-async def revoke(
-    token: str = Body(description="Token to revoke"),
-    token_type_hint: Optional[Literal["access_token", "refresh_token"]] = Body(
-        None, description="Hint about token type ('access_token' or 'refresh_token')"
-    ),
-    client_id: str = Body(description="Client identifier"),
-    client_secret: str = Body(description="Client secret"),
-):
-    """
-    OAuth 2.0 Token Revocation Endpoint (RFC 7009)
-
-    Allows clients to revoke an access or refresh token.
-
-    Note: Revoking a refresh token does NOT revoke associated access tokens.
-    Revoking an access token does NOT revoke the associated refresh token.
-    """
-    # Validate client credentials
-    try:
-        app = await validate_client_credentials(client_id, client_secret)
-    except InvalidClientError as e:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail=str(e),
-        )
-
-    # Try to revoke as access token first
-    # Note: We pass app.id to ensure the token belongs to the authenticated app
-    if token_type_hint != "refresh_token":
-        revoked = await revoke_access_token(token, app.id)
-        if revoked:
-            logger.info(
-                f"Access token revoked for app {app.name} (#{app.id}); "
-                f"user #{revoked.user_id}"
-            )
-            return {"status": "ok"}
-
-    # Try to revoke as refresh token
-    revoked = await revoke_refresh_token(token, app.id)
-    if revoked:
-        logger.info(
-            f"Refresh token revoked for app {app.name} (#{app.id}); "
-            f"user #{revoked.user_id}"
-        )
-        return {"status": "ok"}
-
-    # Per RFC 7009, revocation endpoint returns 200 even if token not found
-    # or if token belongs to a different application.
-    # This prevents token scanning attacks.
-    logger.warning(f"Unsuccessful token revocation attempt by app {app.name} #{app.id}")
-    return {"status": "ok"}
-
-
-# ============================================================================
-# Application Management Endpoints (for app owners)
-# ============================================================================
-
-
-@router.get("/apps/mine")
-async def list_my_oauth_apps(
-    user_id: str = Security(get_user_id),
-) -> list[OAuthApplicationInfo]:
-    """
-    List all OAuth applications owned by the current user.
-
-    Returns a list of OAuth applications with their details including:
-    - id, name, description, logo_url
-    - client_id (public identifier)
-    - redirect_uris, grant_types, scopes
-    - is_active status
-    - created_at, updated_at timestamps
-
-    Note: client_secret is never returned for security reasons.
-    """
-    return await list_user_oauth_applications(user_id)
-
-
-@router.patch("/apps/{app_id}/status")
-async def update_app_status(
-    app_id: str,
-    user_id: str = Security(get_user_id),
-    is_active: bool = Body(description="Whether the app should be active", embed=True),
-) -> OAuthApplicationInfo:
-    """
-    Enable or disable an OAuth application.
-
-    Only the application owner can update the status.
-    When disabled, the application cannot be used for new authorizations
-    and existing access tokens will fail validation.
-
-    Returns the updated application info.
-    """
-    updated_app = await update_oauth_application(
-        app_id=app_id,
-        owner_id=user_id,
-        is_active=is_active,
-    )
-
-    if not updated_app:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail="Application not found or you don't have permission to update it",
-        )
-
-    action = "enabled" if is_active else "disabled"
-    logger.info(f"OAuth app {updated_app.name} (#{app_id}) {action} by user #{user_id}")
-
-    return updated_app
-
-
-class UpdateAppLogoRequest(BaseModel):
-    logo_url: str = Field(description="URL of the uploaded logo image")
-
-
-@router.patch("/apps/{app_id}/logo")
-async def update_app_logo(
-    app_id: str,
-    request: UpdateAppLogoRequest = Body(),
-    user_id: str = Security(get_user_id),
-) -> OAuthApplicationInfo:
-    """
-    Update the logo URL for an OAuth application.
-
-    Only the application owner can update the logo.
-    The logo should be uploaded first using the media upload endpoint,
-    then this endpoint is called with the resulting URL.
-
-    Logo requirements:
-    - Must be square (1:1 aspect ratio)
-    - Minimum 512x512 pixels
-    - Maximum 2048x2048 pixels
-
-    Returns the updated application info.
-    """
-    if (
-        not (app := await get_oauth_application_by_id(app_id))
-        or app.owner_id != user_id
-    ):
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail="OAuth App not found",
-        )
-
-    # Delete the current app logo file (if any and it's in our cloud storage)
-    await _delete_app_current_logo_file(app)
-
-    updated_app = await update_oauth_application(
-        app_id=app_id,
-        owner_id=user_id,
-        logo_url=request.logo_url,
-    )
-
-    if not updated_app:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail="Application not found or you don't have permission to update it",
-        )
-
-    logger.info(
-        f"OAuth app {updated_app.name} (#{app_id}) logo updated by user #{user_id}"
-    )
-
-    return updated_app
-
-
-# Logo upload constraints
-LOGO_MIN_SIZE = 512
-LOGO_MAX_SIZE = 2048
-LOGO_ALLOWED_TYPES = {"image/jpeg", "image/png", "image/webp"}
-LOGO_MAX_FILE_SIZE = 3 * 1024 * 1024  # 3MB
-
-
-@router.post("/apps/{app_id}/logo/upload")
-async def upload_app_logo(
-    app_id: str,
-    file: UploadFile,
-    user_id: str = Security(get_user_id),
-) -> OAuthApplicationInfo:
-    """
-    Upload a logo image for an OAuth application.
-
-    Requirements:
-    - Image must be square (1:1 aspect ratio)
-    - Minimum 512x512 pixels
-    - Maximum 2048x2048 pixels
-    - Allowed formats: JPEG, PNG, WebP
-    - Maximum file size: 3MB
-
-    The image is uploaded to cloud storage and the app's logoUrl is updated.
-    Returns the updated application info.
-    """
-    # Verify ownership to reduce vulnerability to DoS(torage) or DoM(oney) attacks
-    if (
-        not (app := await get_oauth_application_by_id(app_id))
-        or app.owner_id != user_id
-    ):
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail="OAuth App not found",
-        )
-
-    # Check GCS configuration
-    if not settings.config.media_gcs_bucket_name:
-        raise HTTPException(
-            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
-            detail="Media storage is not configured",
-        )
-
-    # Validate content type
-    content_type = file.content_type
-    if content_type not in LOGO_ALLOWED_TYPES:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail=f"Invalid file type. Allowed: JPEG, PNG, WebP. Got: {content_type}",
-        )
-
-    # Read file content
-    try:
-        file_bytes = await file.read()
-    except Exception as e:
-        logger.error(f"Error reading logo file: {e}")
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Failed to read uploaded file",
-        )
-
-    # Check file size
-    if len(file_bytes) > LOGO_MAX_FILE_SIZE:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail=(
-                "File too large. "
-                f"Maximum size is {LOGO_MAX_FILE_SIZE // 1024 // 1024}MB"
-            ),
-        )
-
-    # Validate image dimensions
-    try:
-        image = Image.open(io.BytesIO(file_bytes))
-        width, height = image.size
-
-        if width != height:
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST,
-                detail=f"Logo must be square. Got {width}x{height}",
-            )
-
-        if width < LOGO_MIN_SIZE:
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST,
-                detail=f"Logo too small. Minimum {LOGO_MIN_SIZE}x{LOGO_MIN_SIZE}. "
-                f"Got {width}x{height}",
-            )
-
-        if width > LOGO_MAX_SIZE:
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST,
-                detail=f"Logo too large. Maximum {LOGO_MAX_SIZE}x{LOGO_MAX_SIZE}. "
-                f"Got {width}x{height}",
-            )
-    except HTTPException:
-        raise
-    except Exception as e:
-        logger.error(f"Error validating logo image: {e}")
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Invalid image file",
-        )
-
-    # Scan for viruses
-    filename = file.filename or "logo"
-    await scan_content_safe(file_bytes, filename=filename)
-
-    # Generate unique filename
-    file_ext = os.path.splitext(filename)[1].lower() or ".png"
-    unique_filename = f"{uuid.uuid4()}{file_ext}"
-    storage_path = f"oauth-apps/{app_id}/logo/{unique_filename}"
-
-    # Upload to GCS
-    try:
-        async with async_storage.Storage() as async_client:
-            bucket_name = settings.config.media_gcs_bucket_name
-
-            await async_client.upload(
-                bucket_name, storage_path, file_bytes, content_type=content_type
-            )
-
-            logo_url = f"https://storage.googleapis.com/{bucket_name}/{storage_path}"
-    except Exception as e:
-        logger.error(f"Error uploading logo to GCS: {e}")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="Failed to upload logo",
-        )
-
-    # Delete the current app logo file (if any and it's in our cloud storage)
-    await _delete_app_current_logo_file(app)
-
-    # Update the app with the new logo URL
-    updated_app = await update_oauth_application(
-        app_id=app_id,
-        owner_id=user_id,
-        logo_url=logo_url,
-    )
-
-    if not updated_app:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail="Application not found or you don't have permission to update it",
-        )
-
-    logger.info(
-        f"OAuth app {updated_app.name} (#{app_id}) logo uploaded by user #{user_id}"
-    )
-
-    return updated_app
-
-
-async def _delete_app_current_logo_file(app: OAuthApplicationInfo):
-    """
-    Delete the current logo file for the given app, if there is one in our cloud storage
-    """
-    bucket_name = settings.config.media_gcs_bucket_name
-    storage_base_url = f"https://storage.googleapis.com/{bucket_name}/"
-
-    if app.logo_url and app.logo_url.startswith(storage_base_url):
-        # Parse blob path from URL: https://storage.googleapis.com/{bucket}/{path}
-        old_path = app.logo_url.replace(storage_base_url, "")
-        try:
-            async with async_storage.Storage() as async_client:
-                await async_client.delete(bucket_name, old_path)
-            logger.info(f"Deleted old logo for OAuth app #{app.id}: {old_path}")
-        except Exception as e:
-            # Log but don't fail - the new logo was uploaded successfully
-            logger.warning(
-                f"Failed to delete old logo for OAuth app #{app.id}: {e}", exc_info=e
-            )

autogpt_platform/backend/backend/api/utils/openapi.py

@@ -1,41 +0,0 @@
-from fastapi import FastAPI
-
-
-def sort_openapi(app: FastAPI) -> None:
-    """
-    Patch a FastAPI instance's `openapi()` method to sort the endpoints,
-    schemas, and responses.
-    """
-    wrapped_openapi = app.openapi
-
-    def custom_openapi():
-        if app.openapi_schema:
-            return app.openapi_schema
-
-        openapi_schema = wrapped_openapi()
-
-        # Sort endpoints
-        openapi_schema["paths"] = dict(sorted(openapi_schema["paths"].items()))
-
-        # Sort endpoints -> methods
-        for p in openapi_schema["paths"].keys():
-            openapi_schema["paths"][p] = dict(
-                sorted(openapi_schema["paths"][p].items())
-            )
-
-            # Sort endpoints -> methods -> responses
-            for m in openapi_schema["paths"][p].keys():
-                openapi_schema["paths"][p][m]["responses"] = dict(
-                    sorted(openapi_schema["paths"][p][m]["responses"].items())
-                )
-
-        # Sort schemas and responses as well
-        for k in openapi_schema["components"].keys():
-            openapi_schema["components"][k] = dict(
-                sorted(openapi_schema["components"][k].items())
-            )
-
-        app.openapi_schema = openapi_schema
-        return openapi_schema
-
-    app.openapi = custom_openapi

autogpt_platform/backend/backend/app.py

@@ -36,10 +36,10 @@ def main(**kwargs):
     Run all the processes required for the AutoGPT-server (REST and WebSocket APIs).
     """
 
-    from backend.api.rest_api import AgentServer
-    from backend.api.ws_api import WebsocketServer
     from backend.executor import DatabaseManager, ExecutionManager, Scheduler
     from backend.notifications import NotificationManager
+    from backend.server.rest_api import AgentServer
+    from backend.server.ws_api import WebsocketServer
 
     run_processes(
         DatabaseManager().set_log_level("warning"),

autogpt_platform/backend/backend/blocks/ai_condition.py

@@ -1,7 +1,6 @@
 from typing import Any
 
 from backend.blocks.llm import (
-    DEFAULT_LLM_MODEL,
     TEST_CREDENTIALS,
     TEST_CREDENTIALS_INPUT,
     AIBlockBase,
@@ -50,7 +49,7 @@ class AIConditionBlock(AIBlockBase):
         )
         model: LlmModel = SchemaField(
             title="LLM Model",
-            default=DEFAULT_LLM_MODEL,
+            default=LlmModel.GPT4O,
             description="The language model to use for evaluating the condition.",
             advanced=False,
         )
@@ -82,7 +81,7 @@ class AIConditionBlock(AIBlockBase):
                 "condition": "the input is an email address",
                 "yes_value": "Valid email",
                 "no_value": "Not an email",
-                "model": DEFAULT_LLM_MODEL,
+                "model": LlmModel.GPT4O,
                 "credentials": TEST_CREDENTIALS_INPUT,
             },
             test_credentials=TEST_CREDENTIALS,

autogpt_platform/backend/backend/blocks/ai_shortform_video_block.py

@@ -20,7 +20,6 @@ from backend.data.model import (
     SchemaField,
 )
 from backend.integrations.providers import ProviderName
-from backend.util.exceptions import BlockExecutionError
 from backend.util.request import Requests
 
 TEST_CREDENTIALS = APIKeyCredentials(
@@ -247,11 +246,7 @@ class AIShortformVideoCreatorBlock(Block):
             await asyncio.sleep(10)
 
         logger.error("Video creation timed out")
-        raise BlockExecutionError(
-            message="Video creation timed out",
-            block_name=self.name,
-            block_id=self.id,
-        )
+        raise TimeoutError("Video creation timed out")
 
     def __init__(self):
         super().__init__(
@@ -427,11 +422,7 @@ class AIAdMakerVideoCreatorBlock(Block):
             await asyncio.sleep(10)
 
         logger.error("Video creation timed out")
-        raise BlockExecutionError(
-            message="Video creation timed out",
-            block_name=self.name,
-            block_id=self.id,
-        )
+        raise TimeoutError("Video creation timed out")
 
     def __init__(self):
         super().__init__(
@@ -608,11 +599,7 @@ class AIScreenshotToVideoAdBlock(Block):
             await asyncio.sleep(10)
 
         logger.error("Video creation timed out")
-        raise BlockExecutionError(
-            message="Video creation timed out",
-            block_name=self.name,
-            block_id=self.id,
-        )
+        raise TimeoutError("Video creation timed out")
 
     def __init__(self):
         super().__init__(

autogpt_platform/backend/backend/blocks/branching.py

@@ -106,10 +106,7 @@ class ConditionBlock(Block):
             ComparisonOperator.LESS_THAN_OR_EQUAL: lambda a, b: a <= b,
         }
 
-        try:
-            result = comparison_funcs[operator](value1, value2)
-        except Exception as e:
-            raise ValueError(f"Comparison failed: {e}") from e
+        result = comparison_funcs[operator](value1, value2)
 
         yield "result", result
 

autogpt_platform/backend/backend/blocks/dataforseo/related_keywords.py

@@ -182,10 +182,13 @@ class DataForSeoRelatedKeywordsBlock(Block):
             if results and len(results) > 0:
                 # results is a list, get the first element
                 first_result = results[0] if isinstance(results, list) else results
-                # Handle missing key, null value, or valid list value
-                if isinstance(first_result, dict):
-                    items = first_result.get("items") or []
-                else:
+                items = (
+                    first_result.get("items", [])
+                    if isinstance(first_result, dict)
+                    else []
+                )
+                # Ensure items is never None
+                if items is None:
                     items = []
                 for item in items:
                     # Extract keyword_data from the item

autogpt_platform/backend/backend/blocks/firecrawl/extract.py

@@ -15,7 +15,6 @@ from backend.sdk import (
     SchemaField,
     cost,
 )
-from backend.util.exceptions import BlockExecutionError
 
 from ._config import firecrawl
 
@@ -60,18 +59,11 @@ class FirecrawlExtractBlock(Block):
     ) -> BlockOutput:
         app = FirecrawlApp(api_key=credentials.api_key.get_secret_value())
 
-        try:
-            extract_result = app.extract(
-                urls=input_data.urls,
-                prompt=input_data.prompt,
-                schema=input_data.output_schema,
-                enable_web_search=input_data.enable_web_search,
-            )
-        except Exception as e:
-            raise BlockExecutionError(
-                message=f"Extract failed: {e}",
-                block_name=self.name,
-                block_id=self.id,
-            ) from e
+        extract_result = app.extract(
+            urls=input_data.urls,
+            prompt=input_data.prompt,
+            schema=input_data.output_schema,
+            enable_web_search=input_data.enable_web_search,
+        )
 
         yield "data", extract_result.data

autogpt_platform/backend/backend/blocks/flux_kontext.py

@@ -19,7 +19,6 @@ from backend.data.model import (
     SchemaField,
 )
 from backend.integrations.providers import ProviderName
-from backend.util.exceptions import ModerationError
 from backend.util.file import MediaFileType, store_media_file
 
 TEST_CREDENTIALS = APIKeyCredentials(
@@ -154,8 +153,6 @@ class AIImageEditorBlock(Block):
             ),
             aspect_ratio=input_data.aspect_ratio.value,
             seed=input_data.seed,
-            user_id=user_id,
-            graph_exec_id=graph_exec_id,
         )
         yield "output_image", result
 
@@ -167,8 +164,6 @@ class AIImageEditorBlock(Block):
         input_image_b64: Optional[str],
         aspect_ratio: str,
         seed: Optional[int],
-        user_id: str,
-        graph_exec_id: str,
     ) -> MediaFileType:
         client = ReplicateClient(api_token=api_key.get_secret_value())
         input_params = {
@@ -178,21 +173,11 @@ class AIImageEditorBlock(Block):
             **({"seed": seed} if seed is not None else {}),
         }
 
-        try:
-            output: FileOutput | list[FileOutput] = await client.async_run(  # type: ignore
-                model_name,
-                input=input_params,
-                wait=False,
-            )
-        except Exception as e:
-            if "flagged as sensitive" in str(e).lower():
-                raise ModerationError(
-                    message="Content was flagged as sensitive by the model provider",
-                    user_id=user_id,
-                    graph_exec_id=graph_exec_id,
-                    moderation_type="model_provider",
-                )
-            raise ValueError(f"Model execution failed: {e}") from e
+        output: FileOutput | list[FileOutput] = await client.async_run(  # type: ignore
+            model_name,
+            input=input_params,
+            wait=False,
+        )
 
         if isinstance(output, list) and output:
             output = output[0]

autogpt_platform/backend/backend/blocks/ideogram.py

@@ -2,6 +2,7 @@ from enum import Enum
 from typing import Any, Dict, Literal, Optional
 
 from pydantic import SecretStr
+from requests.exceptions import RequestException
 
 from backend.data.block import (
     Block,
@@ -331,8 +332,8 @@ class IdeogramModelBlock(Block):
         try:
             response = await Requests().post(url, headers=headers, json=data)
             return response.json()["data"][0]["url"]
-        except Exception as e:
-            raise ValueError(f"Failed to fetch image with V3 endpoint: {e}") from e
+        except RequestException as e:
+            raise Exception(f"Failed to fetch image with V3 endpoint: {str(e)}")
 
     async def _run_model_legacy(
         self,
@@ -384,8 +385,8 @@ class IdeogramModelBlock(Block):
         try:
             response = await Requests().post(url, headers=headers, json=data)
             return response.json()["data"][0]["url"]
-        except Exception as e:
-            raise ValueError(f"Failed to fetch image with legacy endpoint: {e}") from e
+        except RequestException as e:
+            raise Exception(f"Failed to fetch image with legacy endpoint: {str(e)}")
 
     async def upscale_image(self, api_key: SecretStr, image_url: str):
         url = "https://api.ideogram.ai/upscale"
@@ -412,5 +413,5 @@ class IdeogramModelBlock(Block):
 
             return (response.json())["data"][0]["url"]
 
-        except Exception as e:
-            raise ValueError(f"Failed to upscale image: {e}") from e
+        except RequestException as e:
+            raise Exception(f"Failed to upscale image: {str(e)}")

autogpt_platform/backend/backend/blocks/jina/search.py

@@ -16,7 +16,6 @@ from backend.data.block import (
     BlockSchemaOutput,
 )
 from backend.data.model import SchemaField
-from backend.util.exceptions import BlockExecutionError
 
 
 class SearchTheWebBlock(Block, GetRequest):
@@ -57,17 +56,7 @@ class SearchTheWebBlock(Block, GetRequest):
 
         # Prepend the Jina Search URL to the encoded query
         jina_search_url = f"https://s.jina.ai/{encoded_query}"
-
-        try:
-            results = await self.get_request(
-                jina_search_url, headers=headers, json=False
-            )
-        except Exception as e:
-            raise BlockExecutionError(
-                message=f"Search failed: {e}",
-                block_name=self.name,
-                block_id=self.id,
-            ) from e
+        results = await self.get_request(jina_search_url, headers=headers, json=False)
 
         # Output the search results
         yield "results", results

autogpt_platform/backend/backend/blocks/llm.py

@@ -92,9 +92,8 @@ class LlmModel(str, Enum, metaclass=LlmModelMeta):
     O1 = "o1"
     O1_MINI = "o1-mini"
     # GPT-5 models
-    GPT5_2 = "gpt-5.2-2025-12-11"
-    GPT5_1 = "gpt-5.1-2025-11-13"
     GPT5 = "gpt-5-2025-08-07"
+    GPT5_1 = "gpt-5.1-2025-11-13"
     GPT5_MINI = "gpt-5-mini-2025-08-07"
     GPT5_NANO = "gpt-5-nano-2025-08-07"
     GPT5_CHAT = "gpt-5-chat-latest"
@@ -195,9 +194,8 @@ MODEL_METADATA = {
     LlmModel.O1: ModelMetadata("openai", 200000, 100000),  # o1-2024-12-17
     LlmModel.O1_MINI: ModelMetadata("openai", 128000, 65536),  # o1-mini-2024-09-12
     # GPT-5 models
-    LlmModel.GPT5_2: ModelMetadata("openai", 400000, 128000),
-    LlmModel.GPT5_1: ModelMetadata("openai", 400000, 128000),
     LlmModel.GPT5: ModelMetadata("openai", 400000, 128000),
+    LlmModel.GPT5_1: ModelMetadata("openai", 400000, 128000),
     LlmModel.GPT5_MINI: ModelMetadata("openai", 400000, 128000),
     LlmModel.GPT5_NANO: ModelMetadata("openai", 400000, 128000),
     LlmModel.GPT5_CHAT: ModelMetadata("openai", 400000, 16384),
@@ -305,8 +303,6 @@ MODEL_METADATA = {
     LlmModel.V0_1_0_MD: ModelMetadata("v0", 128000, 64000),
 }
 
-DEFAULT_LLM_MODEL = LlmModel.GPT5_2
-
 for model in LlmModel:
     if model not in MODEL_METADATA:
         raise ValueError(f"Missing MODEL_METADATA metadata for model: {model}")
@@ -794,7 +790,7 @@ class AIStructuredResponseGeneratorBlock(AIBlockBase):
         )
         model: LlmModel = SchemaField(
             title="LLM Model",
-            default=DEFAULT_LLM_MODEL,
+            default=LlmModel.GPT4O,
             description="The language model to use for answering the prompt.",
             advanced=False,
         )
@@ -859,7 +855,7 @@ class AIStructuredResponseGeneratorBlock(AIBlockBase):
             input_schema=AIStructuredResponseGeneratorBlock.Input,
             output_schema=AIStructuredResponseGeneratorBlock.Output,
             test_input={
-                "model": DEFAULT_LLM_MODEL,
+                "model": LlmModel.GPT4O,
                 "credentials": TEST_CREDENTIALS_INPUT,
                 "expected_format": {
                     "key1": "value1",
@@ -1225,7 +1221,7 @@ class AITextGeneratorBlock(AIBlockBase):
         )
         model: LlmModel = SchemaField(
             title="LLM Model",
-            default=DEFAULT_LLM_MODEL,
+            default=LlmModel.GPT4O,
             description="The language model to use for answering the prompt.",
             advanced=False,
         )
@@ -1321,7 +1317,7 @@ class AITextSummarizerBlock(AIBlockBase):
         )
         model: LlmModel = SchemaField(
             title="LLM Model",
-            default=DEFAULT_LLM_MODEL,
+            default=LlmModel.GPT4O,
             description="The language model to use for summarizing the text.",
         )
         focus: str = SchemaField(
@@ -1538,7 +1534,7 @@ class AIConversationBlock(AIBlockBase):
         )
         model: LlmModel = SchemaField(
             title="LLM Model",
-            default=DEFAULT_LLM_MODEL,
+            default=LlmModel.GPT4O,
             description="The language model to use for the conversation.",
         )
         credentials: AICredentials = AICredentialsField()
@@ -1576,7 +1572,7 @@ class AIConversationBlock(AIBlockBase):
                     },
                     {"role": "user", "content": "Where was it played?"},
                 ],
-                "model": DEFAULT_LLM_MODEL,
+                "model": LlmModel.GPT4O,
                 "credentials": TEST_CREDENTIALS_INPUT,
             },
             test_credentials=TEST_CREDENTIALS,
@@ -1639,7 +1635,7 @@ class AIListGeneratorBlock(AIBlockBase):
         )
         model: LlmModel = SchemaField(
             title="LLM Model",
-            default=DEFAULT_LLM_MODEL,
+            default=LlmModel.GPT4O,
             description="The language model to use for generating the list.",
             advanced=True,
         )
@@ -1696,7 +1692,7 @@ class AIListGeneratorBlock(AIBlockBase):
                     "drawing explorers to uncover its mysteries. Each planet showcases the limitless possibilities of "
                     "fictional worlds."
                 ),
-                "model": DEFAULT_LLM_MODEL,
+                "model": LlmModel.GPT4O,
                 "credentials": TEST_CREDENTIALS_INPUT,
                 "max_retries": 3,
                 "force_json_output": False,

autogpt_platform/backend/backend/blocks/replicate/replicate_block.py

@@ -18,7 +18,6 @@ from backend.data.block import (
     BlockSchemaOutput,
 )
 from backend.data.model import APIKeyCredentials, CredentialsField, SchemaField
-from backend.util.exceptions import BlockExecutionError, BlockInputError
 
 logger = logging.getLogger(__name__)
 
@@ -112,27 +111,9 @@ class ReplicateModelBlock(Block):
             yield "status", "succeeded"
             yield "model_name", input_data.model_name
         except Exception as e:
-            error_msg = str(e)
-            logger.error(f"Error running Replicate model: {error_msg}")
-
-            # Input validation errors (422, 400) → BlockInputError
-            if (
-                "422" in error_msg
-                or "Input validation failed" in error_msg
-                or "400" in error_msg
-            ):
-                raise BlockInputError(
-                    message=f"Invalid model inputs: {error_msg}",
-                    block_name=self.name,
-                    block_id=self.id,
-                ) from e
-            # Everything else → BlockExecutionError
-            else:
-                raise BlockExecutionError(
-                    message=f"Replicate model error: {error_msg}",
-                    block_name=self.name,
-                    block_id=self.id,
-                ) from e
+            error_msg = f"Unexpected error running Replicate model: {str(e)}"
+            logger.error(error_msg)
+            raise RuntimeError(error_msg)
 
     async def run_model(self, model_ref: str, model_inputs: dict, api_key: SecretStr):
         """

autogpt_platform/backend/backend/blocks/search.py

@@ -45,16 +45,10 @@ class GetWikipediaSummaryBlock(Block, GetRequest):
     async def run(self, input_data: Input, **kwargs) -> BlockOutput:
         topic = input_data.topic
         url = f"https://en.wikipedia.org/api/rest_v1/page/summary/{topic}"
-
-        # Note: User-Agent is now automatically set by the request library
-        # to comply with Wikimedia's robot policy (https://w.wiki/4wJS)
-        try:
-            response = await self.get_request(url, json=True)
-            if "extract" not in response:
-                raise ValueError(f"Unable to parse Wikipedia response: {response}")
-            yield "summary", response["extract"]
-        except Exception as e:
-            raise ValueError(f"Failed to fetch Wikipedia summary: {e}") from e
+        response = await self.get_request(url, json=True)
+        if "extract" not in response:
+            raise RuntimeError(f"Unable to parse Wikipedia response: {response}")
+        yield "summary", response["extract"]
 
 
 TEST_CREDENTIALS = APIKeyCredentials(

autogpt_platform/backend/backend/blocks/smart_decision_maker.py

@@ -226,7 +226,7 @@ class SmartDecisionMakerBlock(Block):
         )
         model: llm.LlmModel = SchemaField(
             title="LLM Model",
-            default=llm.DEFAULT_LLM_MODEL,
+            default=llm.LlmModel.GPT4O,
             description="The language model to use for answering the prompt.",
             advanced=False,
         )

autogpt_platform/backend/backend/blocks/test/test_blocks_dos_vulnerability.py

@@ -196,15 +196,6 @@ class TestXMLParserBlockSecurity:
             async for _ in block.run(XMLParserBlock.Input(input_xml=large_xml)):
                 pass
 
-    async def test_rejects_text_outside_root(self):
-        """Ensure parser surfaces readable errors for invalid root text."""
-        block = XMLParserBlock()
-        invalid_xml = "<root><child>value</child></root> trailing"
-
-        with pytest.raises(ValueError, match="text outside the root element"):
-            async for _ in block.run(XMLParserBlock.Input(input_xml=invalid_xml)):
-                pass
-
 
 class TestStoreMediaFileSecurity:
     """Test file storage security limits."""

autogpt_platform/backend/backend/blocks/test/test_llm.py

@@ -28,7 +28,7 @@ class TestLLMStatsTracking:
 
             response = await llm.llm_call(
                 credentials=llm.TEST_CREDENTIALS,
-                llm_model=llm.DEFAULT_LLM_MODEL,
+                llm_model=llm.LlmModel.GPT4O,
                 prompt=[{"role": "user", "content": "Hello"}],
                 max_tokens=100,
             )
@@ -65,7 +65,7 @@ class TestLLMStatsTracking:
         input_data = llm.AIStructuredResponseGeneratorBlock.Input(
             prompt="Test prompt",
             expected_format={"key1": "desc1", "key2": "desc2"},
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore  # type: ignore
         )
 
@@ -109,7 +109,7 @@ class TestLLMStatsTracking:
         # Run the block
         input_data = llm.AITextGeneratorBlock.Input(
             prompt="Generate text",
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
         )
 
@@ -170,7 +170,7 @@ class TestLLMStatsTracking:
         input_data = llm.AIStructuredResponseGeneratorBlock.Input(
             prompt="Test prompt",
             expected_format={"key1": "desc1", "key2": "desc2"},
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
             retry=2,
         )
@@ -228,7 +228,7 @@ class TestLLMStatsTracking:
 
         input_data = llm.AITextSummarizerBlock.Input(
             text=long_text,
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
             max_tokens=100,  # Small chunks
             chunk_overlap=10,
@@ -299,7 +299,7 @@ class TestLLMStatsTracking:
             # Test with very short text (should only need 1 chunk + 1 final summary)
             input_data = llm.AITextSummarizerBlock.Input(
                 text="This is a short text.",
-                model=llm.DEFAULT_LLM_MODEL,
+                model=llm.LlmModel.GPT4O,
                 credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
                 max_tokens=1000,  # Large enough to avoid chunking
             )
@@ -346,7 +346,7 @@ class TestLLMStatsTracking:
                 {"role": "assistant", "content": "Hi there!"},
                 {"role": "user", "content": "How are you?"},
             ],
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
         )
 
@@ -387,7 +387,7 @@ class TestLLMStatsTracking:
         # Run the block
         input_data = llm.AIListGeneratorBlock.Input(
             focus="test items",
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
             max_retries=3,
         )
@@ -469,7 +469,7 @@ class TestLLMStatsTracking:
         input_data = llm.AIStructuredResponseGeneratorBlock.Input(
             prompt="Test",
             expected_format={"result": "desc"},
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
         )
 
@@ -513,7 +513,7 @@ class TestAITextSummarizerValidation:
         # Create input data
         input_data = llm.AITextSummarizerBlock.Input(
             text="Some text to summarize",
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
             style=llm.SummaryStyle.BULLET_POINTS,
         )
@@ -558,7 +558,7 @@ class TestAITextSummarizerValidation:
         # Create input data
         input_data = llm.AITextSummarizerBlock.Input(
             text="Some text to summarize",
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
             style=llm.SummaryStyle.BULLET_POINTS,
             max_tokens=1000,
@@ -593,7 +593,7 @@ class TestAITextSummarizerValidation:
         # Create input data
         input_data = llm.AITextSummarizerBlock.Input(
             text="Some text to summarize",
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
         )
 
@@ -623,7 +623,7 @@ class TestAITextSummarizerValidation:
         # Create input data
         input_data = llm.AITextSummarizerBlock.Input(
             text="Some text to summarize",
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
             max_tokens=1000,
         )
@@ -654,7 +654,7 @@ class TestAITextSummarizerValidation:
         # Create input data
         input_data = llm.AITextSummarizerBlock.Input(
             text="Some text to summarize",
-            model=llm.DEFAULT_LLM_MODEL,
+            model=llm.LlmModel.GPT4O,
             credentials=llm.TEST_CREDENTIALS_INPUT,  # type: ignore
         )
 

autogpt_platform/backend/backend/blocks/test/test_smart_decision_maker.py

@@ -5,10 +5,10 @@ from unittest.mock import AsyncMock, MagicMock, patch
 
 import pytest
 
-from backend.api.model import CreateGraph
-from backend.api.rest_api import AgentServer
 from backend.data.execution import ExecutionContext
 from backend.data.model import ProviderName, User
+from backend.server.model import CreateGraph
+from backend.server.rest_api import AgentServer
 from backend.usecases.sample import create_test_graph, create_test_user
 from backend.util.test import SpinTestServer, wait_execution
 
@@ -233,7 +233,7 @@ async def test_smart_decision_maker_tracks_llm_stats():
         # Create test input
         input_data = SmartDecisionMakerBlock.Input(
             prompt="Should I continue with this task?",
-            model=llm_module.DEFAULT_LLM_MODEL,
+            model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             agent_mode_max_iterations=0,
         )
@@ -335,7 +335,7 @@ async def test_smart_decision_maker_parameter_validation():
 
         input_data = SmartDecisionMakerBlock.Input(
             prompt="Search for keywords",
-            model=llm_module.DEFAULT_LLM_MODEL,
+            model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             retry=2,  # Set retry to 2 for testing
             agent_mode_max_iterations=0,
@@ -402,7 +402,7 @@ async def test_smart_decision_maker_parameter_validation():
 
         input_data = SmartDecisionMakerBlock.Input(
             prompt="Search for keywords",
-            model=llm_module.DEFAULT_LLM_MODEL,
+            model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             agent_mode_max_iterations=0,
         )
@@ -462,7 +462,7 @@ async def test_smart_decision_maker_parameter_validation():
 
         input_data = SmartDecisionMakerBlock.Input(
             prompt="Search for keywords",
-            model=llm_module.DEFAULT_LLM_MODEL,
+            model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             agent_mode_max_iterations=0,
         )
@@ -526,7 +526,7 @@ async def test_smart_decision_maker_parameter_validation():
 
         input_data = SmartDecisionMakerBlock.Input(
             prompt="Search for keywords",
-            model=llm_module.DEFAULT_LLM_MODEL,
+            model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             agent_mode_max_iterations=0,
         )
@@ -648,7 +648,7 @@ async def test_smart_decision_maker_raw_response_conversion():
 
         input_data = SmartDecisionMakerBlock.Input(
             prompt="Test prompt",
-            model=llm_module.DEFAULT_LLM_MODEL,
+            model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             retry=2,
             agent_mode_max_iterations=0,
@@ -722,7 +722,7 @@ async def test_smart_decision_maker_raw_response_conversion():
     ):
         input_data = SmartDecisionMakerBlock.Input(
             prompt="Simple prompt",
-            model=llm_module.DEFAULT_LLM_MODEL,
+            model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             agent_mode_max_iterations=0,
         )
@@ -778,7 +778,7 @@ async def test_smart_decision_maker_raw_response_conversion():
     ):
         input_data = SmartDecisionMakerBlock.Input(
             prompt="Another test",
-            model=llm_module.DEFAULT_LLM_MODEL,
+            model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             agent_mode_max_iterations=0,
         )
@@ -931,7 +931,7 @@ async def test_smart_decision_maker_agent_mode():
         # Test agent mode with max_iterations = 3
         input_data = SmartDecisionMakerBlock.Input(
             prompt="Complete this task using tools",
-            model=llm_module.DEFAULT_LLM_MODEL,
+            model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             agent_mode_max_iterations=3,  # Enable agent mode with 3 max iterations
         )
@@ -1020,7 +1020,7 @@ async def test_smart_decision_maker_traditional_mode_default():
         # Test default behavior (traditional mode)
         input_data = SmartDecisionMakerBlock.Input(
             prompt="Test prompt",
-            model=llm_module.DEFAULT_LLM_MODEL,
+            model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             agent_mode_max_iterations=0,  # Traditional mode
         )

autogpt_platform/backend/backend/blocks/test/test_smart_decision_maker_dynamic_fields.py

@@ -373,7 +373,7 @@ async def test_output_yielding_with_dynamic_fields():
             input_data = block.input_schema(
                 prompt="Create a user dictionary",
                 credentials=llm.TEST_CREDENTIALS_INPUT,
-                model=llm.DEFAULT_LLM_MODEL,
+                model=llm.LlmModel.GPT4O,
                 agent_mode_max_iterations=0,  # Use traditional mode to test output yielding
             )
 
@@ -594,7 +594,7 @@ async def test_validation_errors_dont_pollute_conversation():
                 input_data = block.input_schema(
                     prompt="Test prompt",
                     credentials=llm.TEST_CREDENTIALS_INPUT,
-                    model=llm.DEFAULT_LLM_MODEL,
+                    model=llm.LlmModel.GPT4O,
                     retry=3,  # Allow retries
                     agent_mode_max_iterations=1,
                 )

autogpt_platform/backend/backend/blocks/xml_parser.py

@@ -1,5 +1,5 @@
 from gravitasml.parser import Parser
-from gravitasml.token import Token, tokenize
+from gravitasml.token import tokenize
 
 from backend.data.block import Block, BlockOutput, BlockSchemaInput, BlockSchemaOutput
 from backend.data.model import SchemaField
@@ -25,38 +25,6 @@ class XMLParserBlock(Block):
             ],
         )
 
-    @staticmethod
-    def _validate_tokens(tokens: list[Token]) -> None:
-        """Ensure the XML has a single root element and no stray text."""
-        if not tokens:
-            raise ValueError("XML input is empty.")
-
-        depth = 0
-        root_seen = False
-
-        for token in tokens:
-            if token.type == "TAG_OPEN":
-                if depth == 0 and root_seen:
-                    raise ValueError("XML must have a single root element.")
-                depth += 1
-                if depth == 1:
-                    root_seen = True
-            elif token.type == "TAG_CLOSE":
-                depth -= 1
-                if depth < 0:
-                    raise SyntaxError("Unexpected closing tag in XML input.")
-            elif token.type in {"TEXT", "ESCAPE"}:
-                if depth == 0 and token.value:
-                    raise ValueError(
-                        "XML contains text outside the root element; "
-                        "wrap content in a single root tag."
-                    )
-
-        if depth != 0:
-            raise SyntaxError("Unclosed tag detected in XML input.")
-        if not root_seen:
-            raise ValueError("XML must include a root element.")
-
     async def run(self, input_data: Input, **kwargs) -> BlockOutput:
         # Security fix: Add size limits to prevent XML bomb attacks
         MAX_XML_SIZE = 10 * 1024 * 1024  # 10MB limit for XML input
@@ -67,9 +35,7 @@ class XMLParserBlock(Block):
             )
 
         try:
-            tokens = list(tokenize(input_data.input_xml))
-            self._validate_tokens(tokens)
-
+            tokens = tokenize(input_data.input_xml)
             parser = Parser(tokens)
             parsed_result = parser.parse()
             yield "parsed_xml", parsed_result

autogpt_platform/backend/backend/blocks/youtube.py

@@ -111,8 +111,6 @@ class TranscribeYoutubeVideoBlock(Block):
                 return parsed_url.path.split("/")[2]
             if parsed_url.path[:3] == "/v/":
                 return parsed_url.path.split("/")[2]
-            if parsed_url.path.startswith("/shorts/"):
-                return parsed_url.path.split("/")[2]
         raise ValueError(f"Invalid YouTube URL: {url}")
 
     def get_transcript(

autogpt_platform/backend/backend/cli.py

@@ -244,7 +244,11 @@ def websocket(server_address: str, graph_exec_id: str):
 
     import websockets.asyncio.client
 
-    from backend.api.ws_api import WSMessage, WSMethod, WSSubscribeGraphExecutionRequest
+    from backend.server.ws_api import (
+        WSMessage,
+        WSMethod,
+        WSSubscribeGraphExecutionRequest,
+    )
 
     async def send_message(server_address: str):
         uri = f"ws://{server_address}"

autogpt_platform/backend/backend/cli/__init__.py

@@ -1 +0,0 @@
-"""CLI utilities for backend development & administration"""

autogpt_platform/backend/backend/cli/generate_openapi_json.py

@@ -1,57 +0,0 @@
-#!/usr/bin/env python3
-"""
-Script to generate OpenAPI JSON specification for the FastAPI app.
-
-This script imports the FastAPI app from backend.api.rest_api and outputs
-the OpenAPI specification as JSON to stdout or a specified file.
-
-Usage:
-  `poetry run python generate_openapi_json.py`
-  `poetry run python generate_openapi_json.py --output openapi.json`
-  `poetry run python generate_openapi_json.py --indent 4 --output openapi.json`
-"""
-
-import json
-import os
-from pathlib import Path
-
-import click
-
-
-@click.command()
-@click.option(
-    "--output",
-    type=click.Path(dir_okay=False, path_type=Path),
-    help="Output file path (default: stdout)",
-)
-@click.option(
-    "--pretty",
-    type=click.BOOL,
-    default=False,
-    help="Pretty-print JSON output (indented 2 spaces)",
-)
-def main(output: Path, pretty: bool):
-    """Generate and output the OpenAPI JSON specification."""
-    openapi_schema = get_openapi_schema()
-
-    json_output = json.dumps(openapi_schema, indent=2 if pretty else None)
-
-    if output:
-        output.write_text(json_output)
-        click.echo(f"✅ OpenAPI specification written to {output}\n\nPreview:")
-        click.echo(f"\n{json_output[:500]} ...")
-    else:
-        print(json_output)
-
-
-def get_openapi_schema():
-    """Get the OpenAPI schema from the FastAPI app"""
-    from backend.api.rest_api import app
-
-    return app.openapi()
-
-
-if __name__ == "__main__":
-    os.environ["LOG_LEVEL"] = "ERROR"  # disable stdout log output
-
-    main()

autogpt_platform/backend/backend/data/__init__.py

@@ -1,4 +1,4 @@
-from backend.api.features.library.model import LibraryAgentPreset
+from backend.server.v2.library.model import LibraryAgentPreset
 
 from .graph import NodeModel
 from .integrations import Webhook  # noqa: F401

autogpt_platform/backend/backend/data/api_key.py

@@ -1,24 +1,22 @@
 import logging
 import uuid
 from datetime import datetime, timezone
-from typing import Literal, Optional
+from typing import Optional
 
 from autogpt_libs.api_key.keysmith import APIKeySmith
 from prisma.enums import APIKeyPermission, APIKeyStatus
 from prisma.models import APIKey as PrismaAPIKey
 from prisma.types import APIKeyWhereUniqueInput
-from pydantic import Field
+from pydantic import BaseModel, Field
 
 from backend.data.includes import MAX_USER_API_KEYS_FETCH
 from backend.util.exceptions import NotAuthorizedError, NotFoundError
 
-from .base import APIAuthorizationInfo
-
 logger = logging.getLogger(__name__)
 keysmith = APIKeySmith()
 
 
-class APIKeyInfo(APIAuthorizationInfo):
+class APIKeyInfo(BaseModel):
     id: str
     name: str
     head: str = Field(
@@ -28,9 +26,12 @@ class APIKeyInfo(APIAuthorizationInfo):
         description=f"The last {APIKeySmith.TAIL_LENGTH} characters of the key"
     )
     status: APIKeyStatus
+    permissions: list[APIKeyPermission]
+    created_at: datetime
+    last_used_at: Optional[datetime] = None
+    revoked_at: Optional[datetime] = None
     description: Optional[str] = None
-
-    type: Literal["api_key"] = "api_key"  # type: ignore
+    user_id: str
 
     @staticmethod
     def from_db(api_key: PrismaAPIKey):
@@ -40,7 +41,7 @@ class APIKeyInfo(APIAuthorizationInfo):
             head=api_key.head,
             tail=api_key.tail,
             status=APIKeyStatus(api_key.status),
-            scopes=[APIKeyPermission(p) for p in api_key.permissions],
+            permissions=[APIKeyPermission(p) for p in api_key.permissions],
             created_at=api_key.createdAt,
             last_used_at=api_key.lastUsedAt,
             revoked_at=api_key.revokedAt,
@@ -210,7 +211,7 @@ async def suspend_api_key(key_id: str, user_id: str) -> APIKeyInfo:
 
 
 def has_permission(api_key: APIKeyInfo, required_permission: APIKeyPermission) -> bool:
-    return required_permission in api_key.scopes
+    return required_permission in api_key.permissions
 
 
 async def get_api_key_by_id(key_id: str, user_id: str) -> Optional[APIKeyInfo]:

autogpt_platform/backend/backend/data/auth/base.py

@@ -1,15 +0,0 @@
-from datetime import datetime
-from typing import Literal, Optional
-
-from prisma.enums import APIKeyPermission
-from pydantic import BaseModel
-
-
-class APIAuthorizationInfo(BaseModel):
-    user_id: str
-    scopes: list[APIKeyPermission]
-    type: Literal["oauth", "api_key"]
-    created_at: datetime
-    expires_at: Optional[datetime] = None
-    last_used_at: Optional[datetime] = None
-    revoked_at: Optional[datetime] = None

autogpt_platform/backend/backend/data/auth/oauth.py

@@ -1,872 +0,0 @@
-"""
-OAuth 2.0 Provider Data Layer
-
-Handles management of OAuth applications, authorization codes,
-access tokens, and refresh tokens.
-
-Hashing strategy:
-- Access tokens & Refresh tokens: SHA256 (deterministic, allows direct lookup by hash)
-- Client secrets: Scrypt with salt (lookup by client_id, then verify with salt)
-"""
-
-import hashlib
-import logging
-import secrets
-import uuid
-from datetime import datetime, timedelta, timezone
-from typing import Literal, Optional
-
-from autogpt_libs.api_key.keysmith import APIKeySmith
-from prisma.enums import APIKeyPermission as APIPermission
-from prisma.models import OAuthAccessToken as PrismaOAuthAccessToken
-from prisma.models import OAuthApplication as PrismaOAuthApplication
-from prisma.models import OAuthAuthorizationCode as PrismaOAuthAuthorizationCode
-from prisma.models import OAuthRefreshToken as PrismaOAuthRefreshToken
-from prisma.types import OAuthApplicationUpdateInput
-from pydantic import BaseModel, Field, SecretStr
-
-from .base import APIAuthorizationInfo
-
-logger = logging.getLogger(__name__)
-keysmith = APIKeySmith()  # Only used for client secret hashing (Scrypt)
-
-
-def _generate_token() -> str:
-    """Generate a cryptographically secure random token."""
-    return secrets.token_urlsafe(32)
-
-
-def _hash_token(token: str) -> str:
-    """Hash a token using SHA256 (deterministic, for direct lookup)."""
-    return hashlib.sha256(token.encode()).hexdigest()
-
-
-# Token TTLs
-AUTHORIZATION_CODE_TTL = timedelta(minutes=10)
-ACCESS_TOKEN_TTL = timedelta(hours=1)
-REFRESH_TOKEN_TTL = timedelta(days=30)
-
-ACCESS_TOKEN_PREFIX = "agpt_xt_"
-REFRESH_TOKEN_PREFIX = "agpt_rt_"
-
-
-# ============================================================================
-# Exception Classes
-# ============================================================================
-
-
-class OAuthError(Exception):
-    """Base OAuth error"""
-
-    pass
-
-
-class InvalidClientError(OAuthError):
-    """Invalid client_id or client_secret"""
-
-    pass
-
-
-class InvalidGrantError(OAuthError):
-    """Invalid or expired authorization code/refresh token"""
-
-    def __init__(self, reason: str):
-        self.reason = reason
-        super().__init__(f"Invalid grant: {reason}")
-
-
-class InvalidTokenError(OAuthError):
-    """Invalid, expired, or revoked token"""
-
-    def __init__(self, reason: str):
-        self.reason = reason
-        super().__init__(f"Invalid token: {reason}")
-
-
-# ============================================================================
-# Data Models
-# ============================================================================
-
-
-class OAuthApplicationInfo(BaseModel):
-    """OAuth application information (without client secret hash)"""
-
-    id: str
-    name: str
-    description: Optional[str] = None
-    logo_url: Optional[str] = None
-    client_id: str
-    redirect_uris: list[str]
-    grant_types: list[str]
-    scopes: list[APIPermission]
-    owner_id: str
-    is_active: bool
-    created_at: datetime
-    updated_at: datetime
-
-    @staticmethod
-    def from_db(app: PrismaOAuthApplication):
-        return OAuthApplicationInfo(
-            id=app.id,
-            name=app.name,
-            description=app.description,
-            logo_url=app.logoUrl,
-            client_id=app.clientId,
-            redirect_uris=app.redirectUris,
-            grant_types=app.grantTypes,
-            scopes=[APIPermission(s) for s in app.scopes],
-            owner_id=app.ownerId,
-            is_active=app.isActive,
-            created_at=app.createdAt,
-            updated_at=app.updatedAt,
-        )
-
-
-class OAuthApplicationInfoWithSecret(OAuthApplicationInfo):
-    """OAuth application with client secret hash (for validation)"""
-
-    client_secret_hash: str
-    client_secret_salt: str
-
-    @staticmethod
-    def from_db(app: PrismaOAuthApplication):
-        return OAuthApplicationInfoWithSecret(
-            **OAuthApplicationInfo.from_db(app).model_dump(),
-            client_secret_hash=app.clientSecret,
-            client_secret_salt=app.clientSecretSalt,
-        )
-
-    def verify_secret(self, plaintext_secret: str) -> bool:
-        """Verify a plaintext client secret against the stored hash"""
-        # Use keysmith.verify_key() with stored salt
-        return keysmith.verify_key(
-            plaintext_secret, self.client_secret_hash, self.client_secret_salt
-        )
-
-
-class OAuthAuthorizationCodeInfo(BaseModel):
-    """Authorization code information"""
-
-    id: str
-    code: str
-    created_at: datetime
-    expires_at: datetime
-    application_id: str
-    user_id: str
-    scopes: list[APIPermission]
-    redirect_uri: str
-    code_challenge: Optional[str] = None
-    code_challenge_method: Optional[str] = None
-    used_at: Optional[datetime] = None
-
-    @property
-    def is_used(self) -> bool:
-        return self.used_at is not None
-
-    @staticmethod
-    def from_db(code: PrismaOAuthAuthorizationCode):
-        return OAuthAuthorizationCodeInfo(
-            id=code.id,
-            code=code.code,
-            created_at=code.createdAt,
-            expires_at=code.expiresAt,
-            application_id=code.applicationId,
-            user_id=code.userId,
-            scopes=[APIPermission(s) for s in code.scopes],
-            redirect_uri=code.redirectUri,
-            code_challenge=code.codeChallenge,
-            code_challenge_method=code.codeChallengeMethod,
-            used_at=code.usedAt,
-        )
-
-
-class OAuthAccessTokenInfo(APIAuthorizationInfo):
-    """Access token information"""
-
-    id: str
-    expires_at: datetime  # type: ignore
-    application_id: str
-
-    type: Literal["oauth"] = "oauth"  # type: ignore
-
-    @staticmethod
-    def from_db(token: PrismaOAuthAccessToken):
-        return OAuthAccessTokenInfo(
-            id=token.id,
-            user_id=token.userId,
-            scopes=[APIPermission(s) for s in token.scopes],
-            created_at=token.createdAt,
-            expires_at=token.expiresAt,
-            last_used_at=None,
-            revoked_at=token.revokedAt,
-            application_id=token.applicationId,
-        )
-
-
-class OAuthAccessToken(OAuthAccessTokenInfo):
-    """Access token with plaintext token included (sensitive)"""
-
-    token: SecretStr = Field(description="Plaintext token (sensitive)")
-
-    @staticmethod
-    def from_db(token: PrismaOAuthAccessToken, plaintext_token: str):  # type: ignore
-        return OAuthAccessToken(
-            **OAuthAccessTokenInfo.from_db(token).model_dump(),
-            token=SecretStr(plaintext_token),
-        )
-
-
-class OAuthRefreshTokenInfo(BaseModel):
-    """Refresh token information"""
-
-    id: str
-    user_id: str
-    scopes: list[APIPermission]
-    created_at: datetime
-    expires_at: datetime
-    application_id: str
-    revoked_at: Optional[datetime] = None
-
-    @property
-    def is_revoked(self) -> bool:
-        return self.revoked_at is not None
-
-    @staticmethod
-    def from_db(token: PrismaOAuthRefreshToken):
-        return OAuthRefreshTokenInfo(
-            id=token.id,
-            user_id=token.userId,
-            scopes=[APIPermission(s) for s in token.scopes],
-            created_at=token.createdAt,
-            expires_at=token.expiresAt,
-            application_id=token.applicationId,
-            revoked_at=token.revokedAt,
-        )
-
-
-class OAuthRefreshToken(OAuthRefreshTokenInfo):
-    """Refresh token with plaintext token included (sensitive)"""
-
-    token: SecretStr = Field(description="Plaintext token (sensitive)")
-
-    @staticmethod
-    def from_db(token: PrismaOAuthRefreshToken, plaintext_token: str):  # type: ignore
-        return OAuthRefreshToken(
-            **OAuthRefreshTokenInfo.from_db(token).model_dump(),
-            token=SecretStr(plaintext_token),
-        )
-
-
-class TokenIntrospectionResult(BaseModel):
-    """Result of token introspection (RFC 7662)"""
-
-    active: bool
-    scopes: Optional[list[str]] = None
-    client_id: Optional[str] = None
-    user_id: Optional[str] = None
-    exp: Optional[int] = None  # Unix timestamp
-    token_type: Optional[Literal["access_token", "refresh_token"]] = None
-
-
-# ============================================================================
-# OAuth Application Management
-# ============================================================================
-
-
-async def get_oauth_application(client_id: str) -> Optional[OAuthApplicationInfo]:
-    """Get OAuth application by client ID (without secret)"""
-    app = await PrismaOAuthApplication.prisma().find_unique(
-        where={"clientId": client_id}
-    )
-    if not app:
-        return None
-    return OAuthApplicationInfo.from_db(app)
-
-
-async def get_oauth_application_with_secret(
-    client_id: str,
-) -> Optional[OAuthApplicationInfoWithSecret]:
-    """Get OAuth application by client ID (with secret hash for validation)"""
-    app = await PrismaOAuthApplication.prisma().find_unique(
-        where={"clientId": client_id}
-    )
-    if not app:
-        return None
-    return OAuthApplicationInfoWithSecret.from_db(app)
-
-
-async def validate_client_credentials(
-    client_id: str, client_secret: str
-) -> OAuthApplicationInfo:
-    """
-    Validate client credentials and return application info.
-
-    Raises:
-        InvalidClientError: If client_id or client_secret is invalid, or app is inactive
-    """
-    app = await get_oauth_application_with_secret(client_id)
-    if not app:
-        raise InvalidClientError("Invalid client_id")
-
-    if not app.is_active:
-        raise InvalidClientError("Application is not active")
-
-    # Verify client secret
-    if not app.verify_secret(client_secret):
-        raise InvalidClientError("Invalid client_secret")
-
-    # Return without secret hash
-    return OAuthApplicationInfo(**app.model_dump(exclude={"client_secret_hash"}))
-
-
-def validate_redirect_uri(app: OAuthApplicationInfo, redirect_uri: str) -> bool:
-    """Validate that redirect URI is registered for the application"""
-    return redirect_uri in app.redirect_uris
-
-
-def validate_scopes(
-    app: OAuthApplicationInfo, requested_scopes: list[APIPermission]
-) -> bool:
-    """Validate that all requested scopes are allowed for the application"""
-    return all(scope in app.scopes for scope in requested_scopes)
-
-
-# ============================================================================
-# Authorization Code Flow
-# ============================================================================
-
-
-def _generate_authorization_code() -> str:
-    """Generate a cryptographically secure authorization code"""
-    # 32 bytes = 256 bits of entropy
-    return secrets.token_urlsafe(32)
-
-
-async def create_authorization_code(
-    application_id: str,
-    user_id: str,
-    scopes: list[APIPermission],
-    redirect_uri: str,
-    code_challenge: Optional[str] = None,
-    code_challenge_method: Optional[Literal["S256", "plain"]] = None,
-) -> OAuthAuthorizationCodeInfo:
-    """
-    Create a new authorization code.
-    Expires in 10 minutes and can only be used once.
-    """
-    code = _generate_authorization_code()
-    now = datetime.now(timezone.utc)
-    expires_at = now + AUTHORIZATION_CODE_TTL
-
-    saved_code = await PrismaOAuthAuthorizationCode.prisma().create(
-        data={
-            "id": str(uuid.uuid4()),
-            "code": code,
-            "expiresAt": expires_at,
-            "applicationId": application_id,
-            "userId": user_id,
-            "scopes": [s for s in scopes],
-            "redirectUri": redirect_uri,
-            "codeChallenge": code_challenge,
-            "codeChallengeMethod": code_challenge_method,
-        }
-    )
-
-    return OAuthAuthorizationCodeInfo.from_db(saved_code)
-
-
-async def consume_authorization_code(
-    code: str,
-    application_id: str,
-    redirect_uri: str,
-    code_verifier: Optional[str] = None,
-) -> tuple[str, list[APIPermission]]:
-    """
-    Consume an authorization code and return (user_id, scopes).
-
-    This marks the code as used and validates:
-    - Code exists and matches application
-    - Code is not expired
-    - Code has not been used
-    - Redirect URI matches
-    - PKCE code verifier matches (if code challenge was provided)
-
-    Raises:
-        InvalidGrantError: If code is invalid, expired, used, or PKCE fails
-    """
-    auth_code = await PrismaOAuthAuthorizationCode.prisma().find_unique(
-        where={"code": code}
-    )
-
-    if not auth_code:
-        raise InvalidGrantError("authorization code not found")
-
-    # Validate application
-    if auth_code.applicationId != application_id:
-        raise InvalidGrantError(
-            "authorization code does not belong to this application"
-        )
-
-    # Check if already used
-    if auth_code.usedAt is not None:
-        raise InvalidGrantError(
-            f"authorization code already used at {auth_code.usedAt}"
-        )
-
-    # Check expiration
-    now = datetime.now(timezone.utc)
-    if auth_code.expiresAt < now:
-        raise InvalidGrantError("authorization code expired")
-
-    # Validate redirect URI
-    if auth_code.redirectUri != redirect_uri:
-        raise InvalidGrantError("redirect_uri mismatch")
-
-    # Validate PKCE if code challenge was provided
-    if auth_code.codeChallenge:
-        if not code_verifier:
-            raise InvalidGrantError("code_verifier required but not provided")
-
-        if not _verify_pkce(
-            code_verifier, auth_code.codeChallenge, auth_code.codeChallengeMethod
-        ):
-            raise InvalidGrantError("PKCE verification failed")
-
-    # Mark code as used
-    await PrismaOAuthAuthorizationCode.prisma().update(
-        where={"code": code},
-        data={"usedAt": now},
-    )
-
-    return auth_code.userId, [APIPermission(s) for s in auth_code.scopes]
-
-
-def _verify_pkce(
-    code_verifier: str, code_challenge: str, code_challenge_method: Optional[str]
-) -> bool:
-    """
-    Verify PKCE code verifier against code challenge.
-
-    Supports:
-    - S256: SHA256(code_verifier) == code_challenge
-    - plain: code_verifier == code_challenge
-    """
-    if code_challenge_method == "S256":
-        # Hash the verifier with SHA256 and base64url encode
-        hashed = hashlib.sha256(code_verifier.encode("ascii")).digest()
-        computed_challenge = (
-            secrets.token_urlsafe(len(hashed)).encode("ascii").decode("ascii")
-        )
-        # For proper base64url encoding
-        import base64
-
-        computed_challenge = (
-            base64.urlsafe_b64encode(hashed).decode("ascii").rstrip("=")
-        )
-        return secrets.compare_digest(computed_challenge, code_challenge)
-    elif code_challenge_method == "plain" or code_challenge_method is None:
-        # Plain comparison
-        return secrets.compare_digest(code_verifier, code_challenge)
-    else:
-        logger.warning(f"Unsupported code challenge method: {code_challenge_method}")
-        return False
-
-
-# ============================================================================
-# Access Token Management
-# ============================================================================
-
-
-async def create_access_token(
-    application_id: str, user_id: str, scopes: list[APIPermission]
-) -> OAuthAccessToken:
-    """
-    Create a new access token.
-    Returns OAuthAccessToken (with plaintext token).
-    """
-    plaintext_token = ACCESS_TOKEN_PREFIX + _generate_token()
-    token_hash = _hash_token(plaintext_token)
-    now = datetime.now(timezone.utc)
-    expires_at = now + ACCESS_TOKEN_TTL
-
-    saved_token = await PrismaOAuthAccessToken.prisma().create(
-        data={
-            "id": str(uuid.uuid4()),
-            "token": token_hash,  # SHA256 hash for direct lookup
-            "expiresAt": expires_at,
-            "applicationId": application_id,
-            "userId": user_id,
-            "scopes": [s for s in scopes],
-        }
-    )
-
-    return OAuthAccessToken.from_db(saved_token, plaintext_token=plaintext_token)
-
-
-async def validate_access_token(
-    token: str,
-) -> tuple[OAuthAccessTokenInfo, OAuthApplicationInfo]:
-    """
-    Validate an access token and return token info.
-
-    Raises:
-        InvalidTokenError: If token is invalid, expired, or revoked
-        InvalidClientError: If the client application is not marked as active
-    """
-    token_hash = _hash_token(token)
-
-    # Direct lookup by hash
-    access_token = await PrismaOAuthAccessToken.prisma().find_unique(
-        where={"token": token_hash}, include={"Application": True}
-    )
-
-    if not access_token:
-        raise InvalidTokenError("access token not found")
-
-    if not access_token.Application:  # should be impossible
-        raise InvalidClientError("Client application not found")
-
-    if not access_token.Application.isActive:
-        raise InvalidClientError("Client application is disabled")
-
-    if access_token.revokedAt is not None:
-        raise InvalidTokenError("access token has been revoked")
-
-    # Check expiration
-    now = datetime.now(timezone.utc)
-    if access_token.expiresAt < now:
-        raise InvalidTokenError("access token expired")
-
-    return (
-        OAuthAccessTokenInfo.from_db(access_token),
-        OAuthApplicationInfo.from_db(access_token.Application),
-    )
-
-
-async def revoke_access_token(
-    token: str, application_id: str
-) -> OAuthAccessTokenInfo | None:
-    """
-    Revoke an access token.
-
-    Args:
-        token: The plaintext access token to revoke
-        application_id: The application ID making the revocation request.
-            Only tokens belonging to this application will be revoked.
-
-    Returns:
-        OAuthAccessTokenInfo if token was found and revoked, None otherwise.
-
-    Note:
-        Always performs exactly 2 DB queries regardless of outcome to prevent
-        timing side-channel attacks that could reveal token existence.
-    """
-    try:
-        token_hash = _hash_token(token)
-
-        # Use update_many to filter by both token and applicationId
-        updated_count = await PrismaOAuthAccessToken.prisma().update_many(
-            where={
-                "token": token_hash,
-                "applicationId": application_id,
-                "revokedAt": None,
-            },
-            data={"revokedAt": datetime.now(timezone.utc)},
-        )
-
-        # Always perform second query to ensure constant time
-        result = await PrismaOAuthAccessToken.prisma().find_unique(
-            where={"token": token_hash}
-        )
-
-        # Only return result if we actually revoked something
-        if updated_count == 0:
-            return None
-
-        return OAuthAccessTokenInfo.from_db(result) if result else None
-    except Exception as e:
-        logger.exception(f"Error revoking access token: {e}")
-        return None
-
-
-# ============================================================================
-# Refresh Token Management
-# ============================================================================
-
-
-async def create_refresh_token(
-    application_id: str, user_id: str, scopes: list[APIPermission]
-) -> OAuthRefreshToken:
-    """
-    Create a new refresh token.
-    Returns OAuthRefreshToken (with plaintext token).
-    """
-    plaintext_token = REFRESH_TOKEN_PREFIX + _generate_token()
-    token_hash = _hash_token(plaintext_token)
-    now = datetime.now(timezone.utc)
-    expires_at = now + REFRESH_TOKEN_TTL
-
-    saved_token = await PrismaOAuthRefreshToken.prisma().create(
-        data={
-            "id": str(uuid.uuid4()),
-            "token": token_hash,  # SHA256 hash for direct lookup
-            "expiresAt": expires_at,
-            "applicationId": application_id,
-            "userId": user_id,
-            "scopes": [s for s in scopes],
-        }
-    )
-
-    return OAuthRefreshToken.from_db(saved_token, plaintext_token=plaintext_token)
-
-
-async def refresh_tokens(
-    refresh_token: str, application_id: str
-) -> tuple[OAuthAccessToken, OAuthRefreshToken]:
-    """
-    Use a refresh token to create new access and refresh tokens.
-    Returns (new_access_token, new_refresh_token) both with plaintext tokens included.
-
-    Raises:
-        InvalidGrantError: If refresh token is invalid, expired, or revoked
-    """
-    token_hash = _hash_token(refresh_token)
-
-    # Direct lookup by hash
-    rt = await PrismaOAuthRefreshToken.prisma().find_unique(where={"token": token_hash})
-
-    if not rt:
-        raise InvalidGrantError("refresh token not found")
-
-    # NOTE: no need to check Application.isActive, this is checked by the token endpoint
-
-    if rt.revokedAt is not None:
-        raise InvalidGrantError("refresh token has been revoked")
-
-    # Validate application
-    if rt.applicationId != application_id:
-        raise InvalidGrantError("refresh token does not belong to this application")
-
-    # Check expiration
-    now = datetime.now(timezone.utc)
-    if rt.expiresAt < now:
-        raise InvalidGrantError("refresh token expired")
-
-    # Revoke old refresh token
-    await PrismaOAuthRefreshToken.prisma().update(
-        where={"token": token_hash},
-        data={"revokedAt": now},
-    )
-
-    # Create new access and refresh tokens with same scopes
-    scopes = [APIPermission(s) for s in rt.scopes]
-    new_access_token = await create_access_token(
-        rt.applicationId,
-        rt.userId,
-        scopes,
-    )
-    new_refresh_token = await create_refresh_token(
-        rt.applicationId,
-        rt.userId,
-        scopes,
-    )
-
-    return new_access_token, new_refresh_token
-
-
-async def revoke_refresh_token(
-    token: str, application_id: str
-) -> OAuthRefreshTokenInfo | None:
-    """
-    Revoke a refresh token.
-
-    Args:
-        token: The plaintext refresh token to revoke
-        application_id: The application ID making the revocation request.
-            Only tokens belonging to this application will be revoked.
-
-    Returns:
-        OAuthRefreshTokenInfo if token was found and revoked, None otherwise.
-
-    Note:
-        Always performs exactly 2 DB queries regardless of outcome to prevent
-        timing side-channel attacks that could reveal token existence.
-    """
-    try:
-        token_hash = _hash_token(token)
-
-        # Use update_many to filter by both token and applicationId
-        updated_count = await PrismaOAuthRefreshToken.prisma().update_many(
-            where={
-                "token": token_hash,
-                "applicationId": application_id,
-                "revokedAt": None,
-            },
-            data={"revokedAt": datetime.now(timezone.utc)},
-        )
-
-        # Always perform second query to ensure constant time
-        result = await PrismaOAuthRefreshToken.prisma().find_unique(
-            where={"token": token_hash}
-        )
-
-        # Only return result if we actually revoked something
-        if updated_count == 0:
-            return None
-
-        return OAuthRefreshTokenInfo.from_db(result) if result else None
-    except Exception as e:
-        logger.exception(f"Error revoking refresh token: {e}")
-        return None
-
-
-# ============================================================================
-# Token Introspection
-# ============================================================================
-
-
-async def introspect_token(
-    token: str,
-    token_type_hint: Optional[Literal["access_token", "refresh_token"]] = None,
-) -> TokenIntrospectionResult:
-    """
-    Introspect a token and return its metadata (RFC 7662).
-
-    Returns TokenIntrospectionResult with active=True and metadata if valid,
-    or active=False if the token is invalid/expired/revoked.
-    """
-    # Try as access token first (or if hint says "access_token")
-    if token_type_hint != "refresh_token":
-        try:
-            token_info, app = await validate_access_token(token)
-            return TokenIntrospectionResult(
-                active=True,
-                scopes=list(s.value for s in token_info.scopes),
-                client_id=app.client_id if app else None,
-                user_id=token_info.user_id,
-                exp=int(token_info.expires_at.timestamp()),
-                token_type="access_token",
-            )
-        except InvalidTokenError:
-            pass  # Try as refresh token
-
-    # Try as refresh token
-    token_hash = _hash_token(token)
-    refresh_token = await PrismaOAuthRefreshToken.prisma().find_unique(
-        where={"token": token_hash}
-    )
-
-    if refresh_token and refresh_token.revokedAt is None:
-        # Check if valid (not expired)
-        now = datetime.now(timezone.utc)
-        if refresh_token.expiresAt > now:
-            app = await get_oauth_application_by_id(refresh_token.applicationId)
-            return TokenIntrospectionResult(
-                active=True,
-                scopes=list(s for s in refresh_token.scopes),
-                client_id=app.client_id if app else None,
-                user_id=refresh_token.userId,
-                exp=int(refresh_token.expiresAt.timestamp()),
-                token_type="refresh_token",
-            )
-
-    # Token not found or inactive
-    return TokenIntrospectionResult(active=False)
-
-
-async def get_oauth_application_by_id(app_id: str) -> Optional[OAuthApplicationInfo]:
-    """Get OAuth application by ID"""
-    app = await PrismaOAuthApplication.prisma().find_unique(where={"id": app_id})
-    if not app:
-        return None
-    return OAuthApplicationInfo.from_db(app)
-
-
-async def list_user_oauth_applications(user_id: str) -> list[OAuthApplicationInfo]:
-    """Get all OAuth applications owned by a user"""
-    apps = await PrismaOAuthApplication.prisma().find_many(
-        where={"ownerId": user_id},
-        order={"createdAt": "desc"},
-    )
-    return [OAuthApplicationInfo.from_db(app) for app in apps]
-
-
-async def update_oauth_application(
-    app_id: str,
-    *,
-    owner_id: str,
-    is_active: Optional[bool] = None,
-    logo_url: Optional[str] = None,
-) -> Optional[OAuthApplicationInfo]:
-    """
-    Update OAuth application active status.
-    Only the owner can update their app's status.
-
-    Returns the updated app info, or None if app not found or not owned by user.
-    """
-    # First verify ownership
-    app = await PrismaOAuthApplication.prisma().find_first(
-        where={"id": app_id, "ownerId": owner_id}
-    )
-    if not app:
-        return None
-
-    patch: OAuthApplicationUpdateInput = {}
-    if is_active is not None:
-        patch["isActive"] = is_active
-    if logo_url:
-        patch["logoUrl"] = logo_url
-    if not patch:
-        return OAuthApplicationInfo.from_db(app)  # return unchanged
-
-    updated_app = await PrismaOAuthApplication.prisma().update(
-        where={"id": app_id},
-        data=patch,
-    )
-    return OAuthApplicationInfo.from_db(updated_app) if updated_app else None
-
-
-# ============================================================================
-# Token Cleanup
-# ============================================================================
-
-
-async def cleanup_expired_oauth_tokens() -> dict[str, int]:
-    """
-    Delete expired OAuth tokens from the database.
-
-    This removes:
-    - Expired authorization codes (10 min TTL)
-    - Expired access tokens (1 hour TTL)
-    - Expired refresh tokens (30 day TTL)
-
-    Returns a dict with counts of deleted tokens by type.
-    """
-    now = datetime.now(timezone.utc)
-
-    # Delete expired authorization codes
-    codes_result = await PrismaOAuthAuthorizationCode.prisma().delete_many(
-        where={"expiresAt": {"lt": now}}
-    )
-
-    # Delete expired access tokens
-    access_result = await PrismaOAuthAccessToken.prisma().delete_many(
-        where={"expiresAt": {"lt": now}}
-    )
-
-    # Delete expired refresh tokens
-    refresh_result = await PrismaOAuthRefreshToken.prisma().delete_many(
-        where={"expiresAt": {"lt": now}}
-    )
-
-    deleted = {
-        "authorization_codes": codes_result,
-        "access_tokens": access_result,
-        "refresh_tokens": refresh_result,
-    }
-
-    total = sum(deleted.values())
-    if total > 0:
-        logger.info(f"Cleaned up {total} expired OAuth tokens: {deleted}")
-
-    return deleted

autogpt_platform/backend/backend/data/block_cost_config.py

@@ -59,13 +59,12 @@ from backend.integrations.credentials_store import (
 
 MODEL_COST: dict[LlmModel, int] = {
     LlmModel.O3: 4,
-    LlmModel.O3_MINI: 2,
-    LlmModel.O1: 16,
+    LlmModel.O3_MINI: 2,  # $1.10 / $4.40
+    LlmModel.O1: 16,  # $15 / $60
     LlmModel.O1_MINI: 4,
     # GPT-5 models
-    LlmModel.GPT5_2: 6,
-    LlmModel.GPT5_1: 5,
     LlmModel.GPT5: 2,
+    LlmModel.GPT5_1: 5,
     LlmModel.GPT5_MINI: 1,
     LlmModel.GPT5_NANO: 1,
     LlmModel.GPT5_CHAT: 5,
@@ -88,7 +87,7 @@ MODEL_COST: dict[LlmModel, int] = {
     LlmModel.AIML_API_LLAMA3_3_70B: 1,
     LlmModel.AIML_API_META_LLAMA_3_1_70B: 1,
     LlmModel.AIML_API_LLAMA_3_2_3B: 1,
-    LlmModel.LLAMA3_3_70B: 1,
+    LlmModel.LLAMA3_3_70B: 1,  # $0.59 / $0.79
     LlmModel.LLAMA3_1_8B: 1,
     LlmModel.OLLAMA_LLAMA3_3: 1,
     LlmModel.OLLAMA_LLAMA3_2: 1,

autogpt_platform/backend/backend/data/credit.py

@@ -16,7 +16,6 @@ from prisma.models import CreditRefundRequest, CreditTransaction, User, UserBala
 from prisma.types import CreditRefundRequestCreateInput, CreditTransactionWhereInput
 from pydantic import BaseModel
 
-from backend.api.features.admin.model import UserHistoryResponse
 from backend.data.block_cost_config import BLOCK_COSTS
 from backend.data.db import query_raw_with_schema
 from backend.data.includes import MAX_CREDIT_REFUND_REQUESTS_FETCH
@@ -30,6 +29,7 @@ from backend.data.model import (
 from backend.data.notifications import NotificationEventModel, RefundRequestData
 from backend.data.user import get_user_by_id, get_user_email_by_id
 from backend.notifications.notifications import queue_notification_async
+from backend.server.v2.admin.model import UserHistoryResponse
 from backend.util.exceptions import InsufficientBalanceError
 from backend.util.feature_flag import Flag, is_feature_enabled
 from backend.util.json import SafeJson, dumps
@@ -341,19 +341,6 @@ class UserCreditBase(ABC):
 
         if result:
             # UserBalance is already updated by the CTE
-
-            # Clear insufficient funds notification flags when credits are added
-            # so user can receive alerts again if they run out in the future.
-            if transaction.amount > 0 and transaction.type in [
-                CreditTransactionType.GRANT,
-                CreditTransactionType.TOP_UP,
-            ]:
-                from backend.executor.manager import (
-                    clear_insufficient_funds_notifications,
-                )
-
-                await clear_insufficient_funds_notifications(user_id)
-
             return result[0]["balance"]
 
     async def _add_transaction(
@@ -543,22 +530,6 @@ class UserCreditBase(ABC):
         if result:
             new_balance, tx_key = result[0]["balance"], result[0]["transactionKey"]
             # UserBalance is already updated by the CTE
-
-            # Clear insufficient funds notification flags when credits are added
-            # so user can receive alerts again if they run out in the future.
-            if (
-                amount > 0
-                and is_active
-                and transaction_type
-                in [CreditTransactionType.GRANT, CreditTransactionType.TOP_UP]
-            ):
-                # Lazy import to avoid circular dependency with executor.manager
-                from backend.executor.manager import (
-                    clear_insufficient_funds_notifications,
-                )
-
-                await clear_insufficient_funds_notifications(user_id)
-
             return new_balance, tx_key
 
         # If no result, either user doesn't exist or insufficient balance

autogpt_platform/backend/backend/data/db.py

@@ -111,7 +111,7 @@ def get_database_schema() -> str:
 async def query_raw_with_schema(query_template: str, *args) -> list[dict]:
     """Execute raw SQL query with proper schema handling."""
     schema = get_database_schema()
-    schema_prefix = f'"{schema}".' if schema != "public" else ""
+    schema_prefix = f"{schema}." if schema != "public" else ""
     formatted_query = query_template.format(schema_prefix=schema_prefix)
 
     import prisma as prisma_module

autogpt_platform/backend/backend/data/graph_test.py

@@ -6,14 +6,14 @@ import fastapi.exceptions
 import pytest
 from pytest_snapshot.plugin import Snapshot
 
-import backend.api.features.store.model as store
-from backend.api.model import CreateGraph
+import backend.server.v2.store.model as store
 from backend.blocks.basic import StoreValueBlock
 from backend.blocks.io import AgentInputBlock, AgentOutputBlock
 from backend.data.block import BlockSchema, BlockSchemaInput
 from backend.data.graph import Graph, Link, Node
 from backend.data.model import SchemaField
 from backend.data.user import DEFAULT_USER_ID
+from backend.server.model import CreateGraph
 from backend.usecases.sample import create_test_user
 from backend.util.test import SpinTestServer
 

autogpt_platform/backend/backend/data/human_review.py

@@ -13,7 +13,7 @@ from prisma.models import PendingHumanReview
 from prisma.types import PendingHumanReviewUpdateInput
 from pydantic import BaseModel
 
-from backend.api.features.executions.review.model import (
+from backend.server.v2.executions.review.model import (
     PendingHumanReviewModel,
     SafeJsonData,
 )

autogpt_platform/backend/backend/data/integrations.py

@@ -23,7 +23,7 @@ from backend.util.exceptions import NotFoundError
 from backend.util.json import SafeJson
 
 if TYPE_CHECKING:
-    from backend.api.features.library.model import LibraryAgentPreset
+    from backend.server.v2.library.model import LibraryAgentPreset
 
 from .db import BaseDbModel
 from .graph import NodeModel
@@ -79,7 +79,7 @@ class WebhookWithRelations(Webhook):
         # integrations.py → library/model.py → integrations.py (for Webhook)
         # Runtime import is used in WebhookWithRelations.from_db() method instead
         # Import at runtime to avoid circular dependency
-        from backend.api.features.library.model import LibraryAgentPreset
+        from backend.server.v2.library.model import LibraryAgentPreset
 
         return WebhookWithRelations(
             **Webhook.from_db(webhook).model_dump(),
@@ -285,8 +285,8 @@ async def unlink_webhook_from_graph(
         user_id: The ID of the user (for authorization)
     """
     # Avoid circular imports
-    from backend.api.features.library.db import set_preset_webhook
     from backend.data.graph import set_node_webhook
+    from backend.server.v2.library.db import set_preset_webhook
 
     # Find all nodes in this graph that use this webhook
     nodes = await AgentNode.prisma().find_many(

autogpt_platform/backend/backend/data/notification_bus.py

@@ -4,8 +4,8 @@ from typing import AsyncGenerator
 
 from pydantic import BaseModel, field_serializer
 
-from backend.api.model import NotificationPayload
 from backend.data.event_bus import AsyncRedisEventBus
+from backend.server.model import NotificationPayload
 from backend.util.settings import Settings
 
 

autogpt_platform/backend/backend/data/onboarding.py

@@ -9,8 +9,6 @@ from prisma.enums import OnboardingStep
 from prisma.models import UserOnboarding
 from prisma.types import UserOnboardingCreateInput, UserOnboardingUpdateInput
 
-from backend.api.features.store.model import StoreAgentDetails
-from backend.api.model import OnboardingNotificationPayload
 from backend.data import execution as execution_db
 from backend.data.credit import get_user_credit_model
 from backend.data.notification_bus import (
@@ -18,6 +16,8 @@ from backend.data.notification_bus import (
     NotificationEvent,
 )
 from backend.data.user import get_user_by_id
+from backend.server.model import OnboardingNotificationPayload
+from backend.server.v2.store.model import StoreAgentDetails
 from backend.util.cache import cached
 from backend.util.json import SafeJson
 from backend.util.timezone_utils import get_user_timezone_or_utc
@@ -442,8 +442,6 @@ async def get_recommended_agents(user_id: str) -> list[StoreAgentDetails]:
             runs=agent.runs,
             rating=agent.rating,
             versions=agent.versions,
-            agentGraphVersions=agent.agentGraphVersions,
-            agentGraphId=agent.agentGraphId,
             last_updated=agent.updated_at,
         )
         for agent in recommended_agents

autogpt_platform/backend/backend/data/understanding.py

@@ -1,429 +0,0 @@
-"""Data models and access layer for user business understanding."""
-
-import logging
-from datetime import datetime
-from typing import Any, Optional, cast
-
-import pydantic
-from prisma.models import UserBusinessUnderstanding
-from prisma.types import (
-    UserBusinessUnderstandingCreateInput,
-    UserBusinessUnderstandingUpdateInput,
-)
-
-from backend.data.redis_client import get_redis_async
-from backend.util.json import SafeJson
-
-logger = logging.getLogger(__name__)
-
-# Cache configuration
-CACHE_KEY_PREFIX = "understanding"
-CACHE_TTL_SECONDS = 48 * 60 * 60  # 48 hours
-
-
-def _cache_key(user_id: str) -> str:
-    """Generate cache key for user business understanding."""
-    return f"{CACHE_KEY_PREFIX}:{user_id}"
-
-
-def _json_to_list(value: Any) -> list[str]:
-    """Convert Json field to list[str], handling None."""
-    if value is None:
-        return []
-    if isinstance(value, list):
-        return cast(list[str], value)
-    return []
-
-
-class BusinessUnderstandingInput(pydantic.BaseModel):
-    """Input model for updating business understanding - all fields optional for incremental updates."""
-
-    # User info
-    user_name: Optional[str] = pydantic.Field(None, description="The user's name")
-    job_title: Optional[str] = pydantic.Field(None, description="The user's job title")
-
-    # Business basics
-    business_name: Optional[str] = pydantic.Field(
-        None, description="Name of the user's business"
-    )
-    industry: Optional[str] = pydantic.Field(None, description="Industry or sector")
-    business_size: Optional[str] = pydantic.Field(
-        None, description="Company size (e.g., '1-10', '11-50')"
-    )
-    user_role: Optional[str] = pydantic.Field(
-        None,
-        description="User's role in the organization (e.g., 'decision maker', 'implementer')",
-    )
-
-    # Processes & activities
-    key_workflows: Optional[list[str]] = pydantic.Field(
-        None, description="Key business workflows"
-    )
-    daily_activities: Optional[list[str]] = pydantic.Field(
-        None, description="Daily activities performed"
-    )
-
-    # Pain points & goals
-    pain_points: Optional[list[str]] = pydantic.Field(
-        None, description="Current pain points"
-    )
-    bottlenecks: Optional[list[str]] = pydantic.Field(
-        None, description="Process bottlenecks"
-    )
-    manual_tasks: Optional[list[str]] = pydantic.Field(
-        None, description="Manual/repetitive tasks"
-    )
-    automation_goals: Optional[list[str]] = pydantic.Field(
-        None, description="Desired automation goals"
-    )
-
-    # Current tools
-    current_software: Optional[list[str]] = pydantic.Field(
-        None, description="Software/tools currently used"
-    )
-    existing_automation: Optional[list[str]] = pydantic.Field(
-        None, description="Existing automations"
-    )
-
-    # Additional context
-    additional_notes: Optional[str] = pydantic.Field(
-        None, description="Any additional context"
-    )
-
-
-class BusinessUnderstanding(pydantic.BaseModel):
-    """Full business understanding model returned from database."""
-
-    id: str
-    user_id: str
-    created_at: datetime
-    updated_at: datetime
-
-    # User info
-    user_name: Optional[str] = None
-    job_title: Optional[str] = None
-
-    # Business basics
-    business_name: Optional[str] = None
-    industry: Optional[str] = None
-    business_size: Optional[str] = None
-    user_role: Optional[str] = None
-
-    # Processes & activities
-    key_workflows: list[str] = pydantic.Field(default_factory=list)
-    daily_activities: list[str] = pydantic.Field(default_factory=list)
-
-    # Pain points & goals
-    pain_points: list[str] = pydantic.Field(default_factory=list)
-    bottlenecks: list[str] = pydantic.Field(default_factory=list)
-    manual_tasks: list[str] = pydantic.Field(default_factory=list)
-    automation_goals: list[str] = pydantic.Field(default_factory=list)
-
-    # Current tools
-    current_software: list[str] = pydantic.Field(default_factory=list)
-    existing_automation: list[str] = pydantic.Field(default_factory=list)
-
-    # Additional context
-    additional_notes: Optional[str] = None
-
-    @classmethod
-    def from_db(cls, db_record: UserBusinessUnderstanding) -> "BusinessUnderstanding":
-        """Convert database record to Pydantic model."""
-        return cls(
-            id=db_record.id,
-            user_id=db_record.userId,
-            created_at=db_record.createdAt,
-            updated_at=db_record.updatedAt,
-            user_name=db_record.userName,
-            job_title=db_record.jobTitle,
-            business_name=db_record.businessName,
-            industry=db_record.industry,
-            business_size=db_record.businessSize,
-            user_role=db_record.userRole,
-            key_workflows=_json_to_list(db_record.keyWorkflows),
-            daily_activities=_json_to_list(db_record.dailyActivities),
-            pain_points=_json_to_list(db_record.painPoints),
-            bottlenecks=_json_to_list(db_record.bottlenecks),
-            manual_tasks=_json_to_list(db_record.manualTasks),
-            automation_goals=_json_to_list(db_record.automationGoals),
-            current_software=_json_to_list(db_record.currentSoftware),
-            existing_automation=_json_to_list(db_record.existingAutomation),
-            additional_notes=db_record.additionalNotes,
-        )
-
-
-def _merge_lists(existing: list | None, new: list | None) -> list | None:
-    """Merge two lists, removing duplicates while preserving order."""
-    if new is None:
-        return existing
-    if existing is None:
-        return new
-    # Preserve order, add new items that don't exist
-    merged = list(existing)
-    for item in new:
-        if item not in merged:
-            merged.append(item)
-    return merged
-
-
-async def _get_from_cache(user_id: str) -> Optional[BusinessUnderstanding]:
-    """Get business understanding from Redis cache."""
-    try:
-        redis = await get_redis_async()
-        cached_data = await redis.get(_cache_key(user_id))
-        if cached_data:
-            return BusinessUnderstanding.model_validate_json(cached_data)
-    except Exception as e:
-        logger.warning(f"Failed to get understanding from cache: {e}")
-    return None
-
-
-async def _set_cache(user_id: str, understanding: BusinessUnderstanding) -> None:
-    """Set business understanding in Redis cache with TTL."""
-    try:
-        redis = await get_redis_async()
-        await redis.setex(
-            _cache_key(user_id),
-            CACHE_TTL_SECONDS,
-            understanding.model_dump_json(),
-        )
-    except Exception as e:
-        logger.warning(f"Failed to set understanding in cache: {e}")
-
-
-async def _delete_cache(user_id: str) -> None:
-    """Delete business understanding from Redis cache."""
-    try:
-        redis = await get_redis_async()
-        await redis.delete(_cache_key(user_id))
-    except Exception as e:
-        logger.warning(f"Failed to delete understanding from cache: {e}")
-
-
-async def get_business_understanding(
-    user_id: str,
-) -> Optional[BusinessUnderstanding]:
-    """Get the business understanding for a user.
-
-    Checks cache first, falls back to database if not cached.
-    Results are cached for 48 hours.
-    """
-    # Try cache first
-    cached = await _get_from_cache(user_id)
-    if cached:
-        logger.debug(f"Business understanding cache hit for user {user_id}")
-        return cached
-
-    # Cache miss - load from database
-    logger.debug(f"Business understanding cache miss for user {user_id}")
-    record = await UserBusinessUnderstanding.prisma().find_unique(
-        where={"userId": user_id}
-    )
-    if record is None:
-        return None
-
-    understanding = BusinessUnderstanding.from_db(record)
-
-    # Store in cache for next time
-    await _set_cache(user_id, understanding)
-
-    return understanding
-
-
-async def upsert_business_understanding(
-    user_id: str,
-    data: BusinessUnderstandingInput,
-) -> BusinessUnderstanding:
-    """
-    Create or update business understanding with incremental merge strategy.
-
-    - String fields: new value overwrites if provided (not None)
-    - List fields: new items are appended to existing (deduplicated)
-    """
-    # Get existing record for merge
-    existing = await UserBusinessUnderstanding.prisma().find_unique(
-        where={"userId": user_id}
-    )
-
-    # Build update data with merge strategy
-    update_data: UserBusinessUnderstandingUpdateInput = {}
-    create_data: dict[str, Any] = {"userId": user_id}
-
-    # String fields - overwrite if provided
-    if data.user_name is not None:
-        update_data["userName"] = data.user_name
-        create_data["userName"] = data.user_name
-    if data.job_title is not None:
-        update_data["jobTitle"] = data.job_title
-        create_data["jobTitle"] = data.job_title
-    if data.business_name is not None:
-        update_data["businessName"] = data.business_name
-        create_data["businessName"] = data.business_name
-    if data.industry is not None:
-        update_data["industry"] = data.industry
-        create_data["industry"] = data.industry
-    if data.business_size is not None:
-        update_data["businessSize"] = data.business_size
-        create_data["businessSize"] = data.business_size
-    if data.user_role is not None:
-        update_data["userRole"] = data.user_role
-        create_data["userRole"] = data.user_role
-    if data.additional_notes is not None:
-        update_data["additionalNotes"] = data.additional_notes
-        create_data["additionalNotes"] = data.additional_notes
-
-    # List fields - merge with existing
-    if data.key_workflows is not None:
-        existing_list = _json_to_list(existing.keyWorkflows) if existing else None
-        merged = _merge_lists(existing_list, data.key_workflows)
-        update_data["keyWorkflows"] = SafeJson(merged)
-        create_data["keyWorkflows"] = SafeJson(merged)
-
-    if data.daily_activities is not None:
-        existing_list = _json_to_list(existing.dailyActivities) if existing else None
-        merged = _merge_lists(existing_list, data.daily_activities)
-        update_data["dailyActivities"] = SafeJson(merged)
-        create_data["dailyActivities"] = SafeJson(merged)
-
-    if data.pain_points is not None:
-        existing_list = _json_to_list(existing.painPoints) if existing else None
-        merged = _merge_lists(existing_list, data.pain_points)
-        update_data["painPoints"] = SafeJson(merged)
-        create_data["painPoints"] = SafeJson(merged)
-
-    if data.bottlenecks is not None:
-        existing_list = _json_to_list(existing.bottlenecks) if existing else None
-        merged = _merge_lists(existing_list, data.bottlenecks)
-        update_data["bottlenecks"] = SafeJson(merged)
-        create_data["bottlenecks"] = SafeJson(merged)
-
-    if data.manual_tasks is not None:
-        existing_list = _json_to_list(existing.manualTasks) if existing else None
-        merged = _merge_lists(existing_list, data.manual_tasks)
-        update_data["manualTasks"] = SafeJson(merged)
-        create_data["manualTasks"] = SafeJson(merged)
-
-    if data.automation_goals is not None:
-        existing_list = _json_to_list(existing.automationGoals) if existing else None
-        merged = _merge_lists(existing_list, data.automation_goals)
-        update_data["automationGoals"] = SafeJson(merged)
-        create_data["automationGoals"] = SafeJson(merged)
-
-    if data.current_software is not None:
-        existing_list = _json_to_list(existing.currentSoftware) if existing else None
-        merged = _merge_lists(existing_list, data.current_software)
-        update_data["currentSoftware"] = SafeJson(merged)
-        create_data["currentSoftware"] = SafeJson(merged)
-
-    if data.existing_automation is not None:
-        existing_list = _json_to_list(existing.existingAutomation) if existing else None
-        merged = _merge_lists(existing_list, data.existing_automation)
-        update_data["existingAutomation"] = SafeJson(merged)
-        create_data["existingAutomation"] = SafeJson(merged)
-
-    # Upsert
-    record = await UserBusinessUnderstanding.prisma().upsert(
-        where={"userId": user_id},
-        data={
-            "create": UserBusinessUnderstandingCreateInput(**create_data),
-            "update": update_data,
-        },
-    )
-
-    understanding = BusinessUnderstanding.from_db(record)
-
-    # Update cache with new understanding
-    await _set_cache(user_id, understanding)
-
-    return understanding
-
-
-async def clear_business_understanding(user_id: str) -> bool:
-    """Clear/delete business understanding for a user from both DB and cache."""
-    # Delete from cache first
-    await _delete_cache(user_id)
-
-    try:
-        await UserBusinessUnderstanding.prisma().delete(where={"userId": user_id})
-        return True
-    except Exception:
-        # Record might not exist
-        return False
-
-
-def format_understanding_for_prompt(understanding: BusinessUnderstanding) -> str:
-    """Format business understanding as text for system prompt injection."""
-    sections = []
-
-    # User info section
-    user_info = []
-    if understanding.user_name:
-        user_info.append(f"Name: {understanding.user_name}")
-    if understanding.job_title:
-        user_info.append(f"Job Title: {understanding.job_title}")
-    if user_info:
-        sections.append("## User\n" + "\n".join(user_info))
-
-    # Business section
-    business_info = []
-    if understanding.business_name:
-        business_info.append(f"Company: {understanding.business_name}")
-    if understanding.industry:
-        business_info.append(f"Industry: {understanding.industry}")
-    if understanding.business_size:
-        business_info.append(f"Size: {understanding.business_size}")
-    if understanding.user_role:
-        business_info.append(f"Role Context: {understanding.user_role}")
-    if business_info:
-        sections.append("## Business\n" + "\n".join(business_info))
-
-    # Processes section
-    processes = []
-    if understanding.key_workflows:
-        processes.append(f"Key Workflows: {', '.join(understanding.key_workflows)}")
-    if understanding.daily_activities:
-        processes.append(
-            f"Daily Activities: {', '.join(understanding.daily_activities)}"
-        )
-    if processes:
-        sections.append("## Processes\n" + "\n".join(processes))
-
-    # Pain points section
-    pain_points = []
-    if understanding.pain_points:
-        pain_points.append(f"Pain Points: {', '.join(understanding.pain_points)}")
-    if understanding.bottlenecks:
-        pain_points.append(f"Bottlenecks: {', '.join(understanding.bottlenecks)}")
-    if understanding.manual_tasks:
-        pain_points.append(f"Manual Tasks: {', '.join(understanding.manual_tasks)}")
-    if pain_points:
-        sections.append("## Pain Points\n" + "\n".join(pain_points))
-
-    # Goals section
-    if understanding.automation_goals:
-        sections.append(
-            "## Automation Goals\n"
-            + "\n".join(f"- {goal}" for goal in understanding.automation_goals)
-        )
-
-    # Current tools section
-    tools_info = []
-    if understanding.current_software:
-        tools_info.append(
-            f"Current Software: {', '.join(understanding.current_software)}"
-        )
-    if understanding.existing_automation:
-        tools_info.append(
-            f"Existing Automation: {', '.join(understanding.existing_automation)}"
-        )
-    if tools_info:
-        sections.append("## Current Tools\n" + "\n".join(tools_info))
-
-    # Additional notes
-    if understanding.additional_notes:
-        sections.append(f"## Additional Context\n{understanding.additional_notes}")
-
-    if not sections:
-        return ""
-
-    return "# User Business Context\n\n" + "\n\n".join(sections)

autogpt_platform/backend/backend/executor/database.py

@@ -2,11 +2,6 @@ import logging
 from contextlib import asynccontextmanager
 from typing import TYPE_CHECKING, Callable, Concatenate, ParamSpec, TypeVar, cast
 
-from backend.api.features.library.db import (
-    add_store_agent_to_library,
-    list_library_agents,
-)
-from backend.api.features.store.db import get_store_agent_details, get_store_agents
 from backend.data import db
 from backend.data.analytics import (
     get_accuracy_trends_and_alerts,
@@ -66,6 +61,8 @@ from backend.data.user import (
     get_user_notification_preference,
     update_user_integrations,
 )
+from backend.server.v2.library.db import add_store_agent_to_library, list_library_agents
+from backend.server.v2.store.db import get_store_agent_details, get_store_agents
 from backend.util.service import (
     AppService,
     AppServiceClient,

autogpt_platform/backend/backend/executor/manager.py

@@ -48,8 +48,27 @@ from backend.data.notifications import (
     ZeroBalanceData,
 )
 from backend.data.rabbitmq import SyncRabbitMQ
+from backend.executor.activity_status_generator import (
+    generate_activity_status_for_execution,
+)
+from backend.executor.utils import (
+    GRACEFUL_SHUTDOWN_TIMEOUT_SECONDS,
+    GRAPH_EXECUTION_CANCEL_QUEUE_NAME,
+    GRAPH_EXECUTION_EXCHANGE,
+    GRAPH_EXECUTION_QUEUE_NAME,
+    GRAPH_EXECUTION_ROUTING_KEY,
+    CancelExecutionEvent,
+    ExecutionOutputEntry,
+    LogMetadata,
+    NodeExecutionProgress,
+    block_usage_cost,
+    create_execution_queue_config,
+    execution_usage_cost,
+    validate_exec,
+)
 from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.notifications.notifications import queue_notification
+from backend.server.v2.AutoMod.manager import automod_manager
 from backend.util import json
 from backend.util.clients import (
     get_async_execution_event_bus,
@@ -76,24 +95,7 @@ from backend.util.retry import (
 )
 from backend.util.settings import Settings
 
-from .activity_status_generator import generate_activity_status_for_execution
-from .automod.manager import automod_manager
 from .cluster_lock import ClusterLock
-from .utils import (
-    GRACEFUL_SHUTDOWN_TIMEOUT_SECONDS,
-    GRAPH_EXECUTION_CANCEL_QUEUE_NAME,
-    GRAPH_EXECUTION_EXCHANGE,
-    GRAPH_EXECUTION_QUEUE_NAME,
-    GRAPH_EXECUTION_ROUTING_KEY,
-    CancelExecutionEvent,
-    ExecutionOutputEntry,
-    LogMetadata,
-    NodeExecutionProgress,
-    block_usage_cost,
-    create_execution_queue_config,
-    execution_usage_cost,
-    validate_exec,
-)
 
 if TYPE_CHECKING:
     from backend.executor import DatabaseManagerAsyncClient, DatabaseManagerClient
@@ -114,40 +116,6 @@ utilization_gauge = Gauge(
     "Ratio of active graph runs to max graph workers",
 )
 
-# Redis key prefix for tracking insufficient funds Discord notifications.
-# We only send one notification per user per agent until they top up credits.
-INSUFFICIENT_FUNDS_NOTIFIED_PREFIX = "insufficient_funds_discord_notified"
-# TTL for the notification flag (30 days) - acts as a fallback cleanup
-INSUFFICIENT_FUNDS_NOTIFIED_TTL_SECONDS = 30 * 24 * 60 * 60
-
-
-async def clear_insufficient_funds_notifications(user_id: str) -> int:
-    """
-    Clear all insufficient funds notification flags for a user.
-
-    This should be called when a user tops up their credits, allowing
-    Discord notifications to be sent again if they run out of funds.
-
-    Args:
-        user_id: The user ID to clear notifications for.
-
-    Returns:
-        The number of keys that were deleted.
-    """
-    try:
-        redis_client = await redis.get_redis_async()
-        pattern = f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:*"
-        keys = [key async for key in redis_client.scan_iter(match=pattern)]
-        if keys:
-            return await redis_client.delete(*keys)
-        return 0
-    except Exception as e:
-        logger.warning(
-            f"Failed to clear insufficient funds notification flags for user "
-            f"{user_id}: {e}"
-        )
-        return 0
-
 
 # Thread-local storage for ExecutionProcessor instances
 _tls = threading.local()
@@ -1295,40 +1263,12 @@ class ExecutionProcessor:
         graph_id: str,
         e: InsufficientBalanceError,
     ):
-        # Check if we've already sent a notification for this user+agent combo.
-        # We only send one notification per user per agent until they top up credits.
-        redis_key = f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:{graph_id}"
-        try:
-            redis_client = redis.get_redis()
-            # SET NX returns True only if the key was newly set (didn't exist)
-            is_new_notification = redis_client.set(
-                redis_key,
-                "1",
-                nx=True,
-                ex=INSUFFICIENT_FUNDS_NOTIFIED_TTL_SECONDS,
-            )
-            if not is_new_notification:
-                # Already notified for this user+agent, skip all notifications
-                logger.debug(
-                    f"Skipping duplicate insufficient funds notification for "
-                    f"user={user_id}, graph={graph_id}"
-                )
-                return
-        except Exception as redis_error:
-            # If Redis fails, log and continue to send the notification
-            # (better to occasionally duplicate than to never notify)
-            logger.warning(
-                f"Failed to check/set insufficient funds notification flag in Redis: "
-                f"{redis_error}"
-            )
-
         shortfall = abs(e.amount) - e.balance
         metadata = db_client.get_graph_metadata(graph_id)
         base_url = (
             settings.config.frontend_base_url or settings.config.platform_base_url
         )
 
-        # Queue user email notification
         queue_notification(
             NotificationEventModel(
                 user_id=user_id,
@@ -1342,7 +1282,6 @@ class ExecutionProcessor:
             )
         )
 
-        # Send Discord system alert
         try:
             user_email = db_client.get_user_email_by_id(user_id)
 

autogpt_platform/backend/backend/executor/manager_insufficient_funds_test.py

@@ -1,560 +0,0 @@
-from unittest.mock import AsyncMock, MagicMock, patch
-
-import pytest
-from prisma.enums import NotificationType
-
-from backend.data.notifications import ZeroBalanceData
-from backend.executor.manager import (
-    INSUFFICIENT_FUNDS_NOTIFIED_PREFIX,
-    ExecutionProcessor,
-    clear_insufficient_funds_notifications,
-)
-from backend.util.exceptions import InsufficientBalanceError
-from backend.util.test import SpinTestServer
-
-
-async def async_iter(items):
-    """Helper to create an async iterator from a list."""
-    for item in items:
-        yield item
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_handle_insufficient_funds_sends_discord_alert_first_time(
-    server: SpinTestServer,
-):
-    """Test that the first insufficient funds notification sends a Discord alert."""
-
-    execution_processor = ExecutionProcessor()
-    user_id = "test-user-123"
-    graph_id = "test-graph-456"
-    error = InsufficientBalanceError(
-        message="Insufficient balance",
-        user_id=user_id,
-        balance=72,  # $0.72
-        amount=-714,  # Attempting to spend $7.14
-    )
-
-    with patch(
-        "backend.executor.manager.queue_notification"
-    ) as mock_queue_notif, patch(
-        "backend.executor.manager.get_notification_manager_client"
-    ) as mock_get_client, patch(
-        "backend.executor.manager.settings"
-    ) as mock_settings, patch(
-        "backend.executor.manager.redis"
-    ) as mock_redis_module:
-
-        # Setup mocks
-        mock_client = MagicMock()
-        mock_get_client.return_value = mock_client
-        mock_settings.config.frontend_base_url = "https://test.com"
-
-        # Mock Redis to simulate first-time notification (set returns True)
-        mock_redis_client = MagicMock()
-        mock_redis_module.get_redis.return_value = mock_redis_client
-        mock_redis_client.set.return_value = True  # Key was newly set
-
-        # Create mock database client
-        mock_db_client = MagicMock()
-        mock_graph_metadata = MagicMock()
-        mock_graph_metadata.name = "Test Agent"
-        mock_db_client.get_graph_metadata.return_value = mock_graph_metadata
-        mock_db_client.get_user_email_by_id.return_value = "test@example.com"
-
-        # Test the insufficient funds handler
-        execution_processor._handle_insufficient_funds_notif(
-            db_client=mock_db_client,
-            user_id=user_id,
-            graph_id=graph_id,
-            e=error,
-        )
-
-        # Verify notification was queued
-        mock_queue_notif.assert_called_once()
-        notification_call = mock_queue_notif.call_args[0][0]
-        assert notification_call.type == NotificationType.ZERO_BALANCE
-        assert notification_call.user_id == user_id
-        assert isinstance(notification_call.data, ZeroBalanceData)
-        assert notification_call.data.current_balance == 72
-
-        # Verify Redis was checked with correct key pattern
-        expected_key = f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:{graph_id}"
-        mock_redis_client.set.assert_called_once()
-        call_args = mock_redis_client.set.call_args
-        assert call_args[0][0] == expected_key
-        assert call_args[1]["nx"] is True
-
-        # Verify Discord alert was sent
-        mock_client.discord_system_alert.assert_called_once()
-        discord_message = mock_client.discord_system_alert.call_args[0][0]
-        assert "Insufficient Funds Alert" in discord_message
-        assert "test@example.com" in discord_message
-        assert "Test Agent" in discord_message
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_handle_insufficient_funds_skips_duplicate_notifications(
-    server: SpinTestServer,
-):
-    """Test that duplicate insufficient funds notifications skip both email and Discord."""
-
-    execution_processor = ExecutionProcessor()
-    user_id = "test-user-123"
-    graph_id = "test-graph-456"
-    error = InsufficientBalanceError(
-        message="Insufficient balance",
-        user_id=user_id,
-        balance=72,
-        amount=-714,
-    )
-
-    with patch(
-        "backend.executor.manager.queue_notification"
-    ) as mock_queue_notif, patch(
-        "backend.executor.manager.get_notification_manager_client"
-    ) as mock_get_client, patch(
-        "backend.executor.manager.settings"
-    ) as mock_settings, patch(
-        "backend.executor.manager.redis"
-    ) as mock_redis_module:
-
-        # Setup mocks
-        mock_client = MagicMock()
-        mock_get_client.return_value = mock_client
-        mock_settings.config.frontend_base_url = "https://test.com"
-
-        # Mock Redis to simulate duplicate notification (set returns False/None)
-        mock_redis_client = MagicMock()
-        mock_redis_module.get_redis.return_value = mock_redis_client
-        mock_redis_client.set.return_value = None  # Key already existed
-
-        # Create mock database client
-        mock_db_client = MagicMock()
-        mock_db_client.get_graph_metadata.return_value = MagicMock(name="Test Agent")
-
-        # Test the insufficient funds handler
-        execution_processor._handle_insufficient_funds_notif(
-            db_client=mock_db_client,
-            user_id=user_id,
-            graph_id=graph_id,
-            e=error,
-        )
-
-        # Verify email notification was NOT queued (deduplication worked)
-        mock_queue_notif.assert_not_called()
-
-        # Verify Discord alert was NOT sent (deduplication worked)
-        mock_client.discord_system_alert.assert_not_called()
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_handle_insufficient_funds_different_agents_get_separate_alerts(
-    server: SpinTestServer,
-):
-    """Test that different agents for the same user get separate Discord alerts."""
-
-    execution_processor = ExecutionProcessor()
-    user_id = "test-user-123"
-    graph_id_1 = "test-graph-111"
-    graph_id_2 = "test-graph-222"
-
-    error = InsufficientBalanceError(
-        message="Insufficient balance",
-        user_id=user_id,
-        balance=72,
-        amount=-714,
-    )
-
-    with patch("backend.executor.manager.queue_notification"), patch(
-        "backend.executor.manager.get_notification_manager_client"
-    ) as mock_get_client, patch(
-        "backend.executor.manager.settings"
-    ) as mock_settings, patch(
-        "backend.executor.manager.redis"
-    ) as mock_redis_module:
-
-        mock_client = MagicMock()
-        mock_get_client.return_value = mock_client
-        mock_settings.config.frontend_base_url = "https://test.com"
-
-        mock_redis_client = MagicMock()
-        mock_redis_module.get_redis.return_value = mock_redis_client
-        # Both calls return True (first time for each agent)
-        mock_redis_client.set.return_value = True
-
-        mock_db_client = MagicMock()
-        mock_graph_metadata = MagicMock()
-        mock_graph_metadata.name = "Test Agent"
-        mock_db_client.get_graph_metadata.return_value = mock_graph_metadata
-        mock_db_client.get_user_email_by_id.return_value = "test@example.com"
-
-        # First agent notification
-        execution_processor._handle_insufficient_funds_notif(
-            db_client=mock_db_client,
-            user_id=user_id,
-            graph_id=graph_id_1,
-            e=error,
-        )
-
-        # Second agent notification
-        execution_processor._handle_insufficient_funds_notif(
-            db_client=mock_db_client,
-            user_id=user_id,
-            graph_id=graph_id_2,
-            e=error,
-        )
-
-        # Verify Discord alerts were sent for both agents
-        assert mock_client.discord_system_alert.call_count == 2
-
-        # Verify Redis was called with different keys
-        assert mock_redis_client.set.call_count == 2
-        calls = mock_redis_client.set.call_args_list
-        assert (
-            calls[0][0][0]
-            == f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:{graph_id_1}"
-        )
-        assert (
-            calls[1][0][0]
-            == f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:{graph_id_2}"
-        )
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_clear_insufficient_funds_notifications(server: SpinTestServer):
-    """Test that clearing notifications removes all keys for a user."""
-
-    user_id = "test-user-123"
-
-    with patch("backend.executor.manager.redis") as mock_redis_module:
-
-        mock_redis_client = MagicMock()
-        # get_redis_async is an async function, so we need AsyncMock for it
-        mock_redis_module.get_redis_async = AsyncMock(return_value=mock_redis_client)
-
-        # Mock scan_iter to return some keys as an async iterator
-        mock_keys = [
-            f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:graph-1",
-            f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:graph-2",
-            f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:graph-3",
-        ]
-        mock_redis_client.scan_iter.return_value = async_iter(mock_keys)
-        # delete is awaited, so use AsyncMock
-        mock_redis_client.delete = AsyncMock(return_value=3)
-
-        # Clear notifications
-        result = await clear_insufficient_funds_notifications(user_id)
-
-        # Verify correct pattern was used
-        expected_pattern = f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:*"
-        mock_redis_client.scan_iter.assert_called_once_with(match=expected_pattern)
-
-        # Verify delete was called with all keys
-        mock_redis_client.delete.assert_called_once_with(*mock_keys)
-
-        # Verify return value
-        assert result == 3
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_clear_insufficient_funds_notifications_no_keys(server: SpinTestServer):
-    """Test clearing notifications when there are no keys to clear."""
-
-    user_id = "test-user-no-notifications"
-
-    with patch("backend.executor.manager.redis") as mock_redis_module:
-
-        mock_redis_client = MagicMock()
-        # get_redis_async is an async function, so we need AsyncMock for it
-        mock_redis_module.get_redis_async = AsyncMock(return_value=mock_redis_client)
-
-        # Mock scan_iter to return no keys as an async iterator
-        mock_redis_client.scan_iter.return_value = async_iter([])
-
-        # Clear notifications
-        result = await clear_insufficient_funds_notifications(user_id)
-
-        # Verify delete was not called
-        mock_redis_client.delete.assert_not_called()
-
-        # Verify return value
-        assert result == 0
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_clear_insufficient_funds_notifications_handles_redis_error(
-    server: SpinTestServer,
-):
-    """Test that clearing notifications handles Redis errors gracefully."""
-
-    user_id = "test-user-redis-error"
-
-    with patch("backend.executor.manager.redis") as mock_redis_module:
-
-        # Mock get_redis_async to raise an error
-        mock_redis_module.get_redis_async = AsyncMock(
-            side_effect=Exception("Redis connection failed")
-        )
-
-        # Clear notifications should not raise, just return 0
-        result = await clear_insufficient_funds_notifications(user_id)
-
-        # Verify it returned 0 (graceful failure)
-        assert result == 0
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_handle_insufficient_funds_continues_on_redis_error(
-    server: SpinTestServer,
-):
-    """Test that both email and Discord notifications are still sent when Redis fails."""
-
-    execution_processor = ExecutionProcessor()
-    user_id = "test-user-123"
-    graph_id = "test-graph-456"
-    error = InsufficientBalanceError(
-        message="Insufficient balance",
-        user_id=user_id,
-        balance=72,
-        amount=-714,
-    )
-
-    with patch(
-        "backend.executor.manager.queue_notification"
-    ) as mock_queue_notif, patch(
-        "backend.executor.manager.get_notification_manager_client"
-    ) as mock_get_client, patch(
-        "backend.executor.manager.settings"
-    ) as mock_settings, patch(
-        "backend.executor.manager.redis"
-    ) as mock_redis_module:
-
-        mock_client = MagicMock()
-        mock_get_client.return_value = mock_client
-        mock_settings.config.frontend_base_url = "https://test.com"
-
-        # Mock Redis to raise an error
-        mock_redis_client = MagicMock()
-        mock_redis_module.get_redis.return_value = mock_redis_client
-        mock_redis_client.set.side_effect = Exception("Redis connection error")
-
-        mock_db_client = MagicMock()
-        mock_graph_metadata = MagicMock()
-        mock_graph_metadata.name = "Test Agent"
-        mock_db_client.get_graph_metadata.return_value = mock_graph_metadata
-        mock_db_client.get_user_email_by_id.return_value = "test@example.com"
-
-        # Test the insufficient funds handler
-        execution_processor._handle_insufficient_funds_notif(
-            db_client=mock_db_client,
-            user_id=user_id,
-            graph_id=graph_id,
-            e=error,
-        )
-
-        # Verify email notification was still queued despite Redis error
-        mock_queue_notif.assert_called_once()
-
-        # Verify Discord alert was still sent despite Redis error
-        mock_client.discord_system_alert.assert_called_once()
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_add_transaction_clears_notifications_on_grant(server: SpinTestServer):
-    """Test that _add_transaction clears notification flags when adding GRANT credits."""
-    from prisma.enums import CreditTransactionType
-
-    from backend.data.credit import UserCredit
-
-    user_id = "test-user-grant-clear"
-
-    with patch("backend.data.credit.query_raw_with_schema") as mock_query, patch(
-        "backend.executor.manager.redis"
-    ) as mock_redis_module:
-
-        # Mock the query to return a successful transaction
-        mock_query.return_value = [{"balance": 1000, "transactionKey": "test-tx-key"}]
-
-        # Mock async Redis for notification clearing
-        mock_redis_client = MagicMock()
-        mock_redis_module.get_redis_async = AsyncMock(return_value=mock_redis_client)
-        mock_redis_client.scan_iter.return_value = async_iter(
-            [f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:graph-1"]
-        )
-        mock_redis_client.delete = AsyncMock(return_value=1)
-
-        # Create a concrete instance
-        credit_model = UserCredit()
-
-        # Call _add_transaction with GRANT type (should clear notifications)
-        await credit_model._add_transaction(
-            user_id=user_id,
-            amount=500,  # Positive amount
-            transaction_type=CreditTransactionType.GRANT,
-            is_active=True,  # Active transaction
-        )
-
-        # Verify notification clearing was called
-        mock_redis_module.get_redis_async.assert_called_once()
-        mock_redis_client.scan_iter.assert_called_once_with(
-            match=f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:*"
-        )
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_add_transaction_clears_notifications_on_top_up(server: SpinTestServer):
-    """Test that _add_transaction clears notification flags when adding TOP_UP credits."""
-    from prisma.enums import CreditTransactionType
-
-    from backend.data.credit import UserCredit
-
-    user_id = "test-user-topup-clear"
-
-    with patch("backend.data.credit.query_raw_with_schema") as mock_query, patch(
-        "backend.executor.manager.redis"
-    ) as mock_redis_module:
-
-        # Mock the query to return a successful transaction
-        mock_query.return_value = [{"balance": 2000, "transactionKey": "test-tx-key-2"}]
-
-        # Mock async Redis for notification clearing
-        mock_redis_client = MagicMock()
-        mock_redis_module.get_redis_async = AsyncMock(return_value=mock_redis_client)
-        mock_redis_client.scan_iter.return_value = async_iter([])
-        mock_redis_client.delete = AsyncMock(return_value=0)
-
-        credit_model = UserCredit()
-
-        # Call _add_transaction with TOP_UP type (should clear notifications)
-        await credit_model._add_transaction(
-            user_id=user_id,
-            amount=1000,  # Positive amount
-            transaction_type=CreditTransactionType.TOP_UP,
-            is_active=True,
-        )
-
-        # Verify notification clearing was attempted
-        mock_redis_module.get_redis_async.assert_called_once()
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_add_transaction_skips_clearing_for_inactive_transaction(
-    server: SpinTestServer,
-):
-    """Test that _add_transaction does NOT clear notifications for inactive transactions."""
-    from prisma.enums import CreditTransactionType
-
-    from backend.data.credit import UserCredit
-
-    user_id = "test-user-inactive"
-
-    with patch("backend.data.credit.query_raw_with_schema") as mock_query, patch(
-        "backend.executor.manager.redis"
-    ) as mock_redis_module:
-
-        # Mock the query to return a successful transaction
-        mock_query.return_value = [{"balance": 500, "transactionKey": "test-tx-key-3"}]
-
-        # Mock async Redis
-        mock_redis_client = MagicMock()
-        mock_redis_module.get_redis_async = AsyncMock(return_value=mock_redis_client)
-
-        credit_model = UserCredit()
-
-        # Call _add_transaction with is_active=False (should NOT clear notifications)
-        await credit_model._add_transaction(
-            user_id=user_id,
-            amount=500,
-            transaction_type=CreditTransactionType.TOP_UP,
-            is_active=False,  # Inactive - pending Stripe payment
-        )
-
-        # Verify notification clearing was NOT called
-        mock_redis_module.get_redis_async.assert_not_called()
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_add_transaction_skips_clearing_for_usage_transaction(
-    server: SpinTestServer,
-):
-    """Test that _add_transaction does NOT clear notifications for USAGE transactions."""
-    from prisma.enums import CreditTransactionType
-
-    from backend.data.credit import UserCredit
-
-    user_id = "test-user-usage"
-
-    with patch("backend.data.credit.query_raw_with_schema") as mock_query, patch(
-        "backend.executor.manager.redis"
-    ) as mock_redis_module:
-
-        # Mock the query to return a successful transaction
-        mock_query.return_value = [{"balance": 400, "transactionKey": "test-tx-key-4"}]
-
-        # Mock async Redis
-        mock_redis_client = MagicMock()
-        mock_redis_module.get_redis_async = AsyncMock(return_value=mock_redis_client)
-
-        credit_model = UserCredit()
-
-        # Call _add_transaction with USAGE type (spending, should NOT clear)
-        await credit_model._add_transaction(
-            user_id=user_id,
-            amount=-100,  # Negative - spending credits
-            transaction_type=CreditTransactionType.USAGE,
-            is_active=True,
-        )
-
-        # Verify notification clearing was NOT called
-        mock_redis_module.get_redis_async.assert_not_called()
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_enable_transaction_clears_notifications(server: SpinTestServer):
-    """Test that _enable_transaction clears notification flags when enabling a TOP_UP."""
-    from prisma.enums import CreditTransactionType
-
-    from backend.data.credit import UserCredit
-
-    user_id = "test-user-enable"
-
-    with patch("backend.data.credit.CreditTransaction") as mock_credit_tx, patch(
-        "backend.data.credit.query_raw_with_schema"
-    ) as mock_query, patch("backend.executor.manager.redis") as mock_redis_module:
-
-        # Mock finding the pending transaction
-        mock_transaction = MagicMock()
-        mock_transaction.amount = 1000
-        mock_transaction.type = CreditTransactionType.TOP_UP
-        mock_credit_tx.prisma.return_value.find_first = AsyncMock(
-            return_value=mock_transaction
-        )
-
-        # Mock the query to return updated balance
-        mock_query.return_value = [{"balance": 1500}]
-
-        # Mock async Redis for notification clearing
-        mock_redis_client = MagicMock()
-        mock_redis_module.get_redis_async = AsyncMock(return_value=mock_redis_client)
-        mock_redis_client.scan_iter.return_value = async_iter(
-            [f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:graph-1"]
-        )
-        mock_redis_client.delete = AsyncMock(return_value=1)
-
-        credit_model = UserCredit()
-
-        # Call _enable_transaction (simulates Stripe checkout completion)
-        from backend.util.json import SafeJson
-
-        await credit_model._enable_transaction(
-            transaction_key="cs_test_123",
-            user_id=user_id,
-            metadata=SafeJson({"payment": "completed"}),
-        )
-
-        # Verify notification clearing was called
-        mock_redis_module.get_redis_async.assert_called_once()
-        mock_redis_client.scan_iter.assert_called_once_with(
-            match=f"{INSUFFICIENT_FUNDS_NOTIFIED_PREFIX}:{user_id}:*"
-        )

autogpt_platform/backend/backend/executor/manager_test.py

@@ -3,16 +3,16 @@ import logging
 import fastapi.responses
 import pytest
 
-import backend.api.features.library.model
-import backend.api.features.store.model
-from backend.api.model import CreateGraph
-from backend.api.rest_api import AgentServer
+import backend.server.v2.library.model
+import backend.server.v2.store.model
 from backend.blocks.basic import StoreValueBlock
 from backend.blocks.data_manipulation import FindInDictionaryBlock
 from backend.blocks.io import AgentInputBlock
 from backend.blocks.maths import CalculatorBlock, Operation
 from backend.data import execution, graph
 from backend.data.model import User
+from backend.server.model import CreateGraph
+from backend.server.rest_api import AgentServer
 from backend.usecases.sample import create_test_graph, create_test_user
 from backend.util.test import SpinTestServer, wait_execution
 
@@ -356,7 +356,7 @@ async def test_execute_preset(server: SpinTestServer):
     test_graph = await create_graph(server, test_graph, test_user)
 
     # Create preset with initial values
-    preset = backend.api.features.library.model.LibraryAgentPresetCreatable(
+    preset = backend.server.v2.library.model.LibraryAgentPresetCreatable(
         name="Test Preset With Clash",
         description="Test preset with clashing input values",
         graph_id=test_graph.id,
@@ -444,7 +444,7 @@ async def test_execute_preset_with_clash(server: SpinTestServer):
     test_graph = await create_graph(server, test_graph, test_user)
 
     # Create preset with initial values
-    preset = backend.api.features.library.model.LibraryAgentPresetCreatable(
+    preset = backend.server.v2.library.model.LibraryAgentPresetCreatable(
         name="Test Preset With Clash",
         description="Test preset with clashing input values",
         graph_id=test_graph.id,
@@ -485,7 +485,7 @@ async def test_store_listing_graph(server: SpinTestServer):
     test_user = await create_test_user()
     test_graph = await create_graph(server, create_test_graph(), test_user)
 
-    store_submission_request = backend.api.features.store.model.StoreSubmissionRequest(
+    store_submission_request = backend.server.v2.store.model.StoreSubmissionRequest(
         agent_id=test_graph.id,
         agent_version=test_graph.version,
         slug=test_graph.id,
@@ -514,7 +514,7 @@ async def test_store_listing_graph(server: SpinTestServer):
 
     admin_user = await create_test_user(alt_user=True)
     await server.agent_server.test_review_store_listing(
-        backend.api.features.store.model.ReviewSubmissionRequest(
+        backend.server.v2.store.model.ReviewSubmissionRequest(
             store_listing_version_id=slv_id,
             is_approved=True,
             comments="Test comments",
@@ -523,7 +523,7 @@ async def test_store_listing_graph(server: SpinTestServer):
     )
 
     # Add the approved store listing to the admin user's library so they can execute it
-    from backend.api.features.library.db import add_store_agent_to_library
+    from backend.server.v2.library.db import add_store_agent_to_library
 
     await add_store_agent_to_library(
         store_listing_version_id=slv_id, user_id=admin_user.id

autogpt_platform/backend/backend/executor/scheduler.py

@@ -23,7 +23,6 @@ from dotenv import load_dotenv
 from pydantic import BaseModel, Field, ValidationError
 from sqlalchemy import MetaData, create_engine
 
-from backend.data.auth.oauth import cleanup_expired_oauth_tokens
 from backend.data.block import BlockInput
 from backend.data.execution import GraphExecutionWithNodes
 from backend.data.model import CredentialsMetaInput
@@ -243,12 +242,6 @@ def cleanup_expired_files():
     run_async(cleanup_expired_files_async())
 
 
-def cleanup_oauth_tokens():
-    """Clean up expired OAuth tokens from the database."""
-    # Wait for completion
-    run_async(cleanup_expired_oauth_tokens())
-
-
 def execution_accuracy_alerts():
     """Check execution accuracy and send alerts if drops are detected."""
     return report_execution_accuracy_alerts()
@@ -453,17 +446,6 @@ class Scheduler(AppService):
                 jobstore=Jobstores.EXECUTION.value,
             )
 
-            # OAuth Token Cleanup - configurable interval
-            self.scheduler.add_job(
-                cleanup_oauth_tokens,
-                id="cleanup_oauth_tokens",
-                trigger="interval",
-                replace_existing=True,
-                seconds=config.oauth_token_cleanup_interval_hours
-                * 3600,  # Convert hours to seconds
-                jobstore=Jobstores.EXECUTION.value,
-            )
-
             # Execution Accuracy Monitoring - configurable interval
             self.scheduler.add_job(
                 execution_accuracy_alerts,
@@ -622,11 +604,6 @@ class Scheduler(AppService):
         """Manually trigger cleanup of expired cloud storage files."""
         return cleanup_expired_files()
 
-    @expose
-    def execute_cleanup_oauth_tokens(self):
-        """Manually trigger cleanup of expired OAuth tokens."""
-        return cleanup_oauth_tokens()
-
     @expose
     def execute_report_execution_accuracy_alerts(self):
         """Manually trigger execution accuracy alert checking."""

autogpt_platform/backend/backend/executor/scheduler_test.py

@@ -1,7 +1,7 @@
 import pytest
 
-from backend.api.model import CreateGraph
 from backend.data import db
+from backend.server.model import CreateGraph
 from backend.usecases.sample import create_test_graph, create_test_user
 from backend.util.clients import get_scheduler_client
 from backend.util.test import SpinTestServer

autogpt_platform/backend/backend/integrations/embeddings.py

@@ -0,0 +1,157 @@
+"""
+Embedding service for generating text embeddings using OpenAI.
+
+Used for vector-based semantic search in the store.
+"""
+
+import functools
+import logging
+from typing import Optional
+
+import openai
+
+from backend.util.settings import Settings
+
+logger = logging.getLogger(__name__)
+
+# Model configuration
+# Using text-embedding-3-small (1536 dimensions) for compatibility with pgvector indexes
+# pgvector IVFFlat/HNSW indexes have dimension limits (2000 for IVFFlat, varies for HNSW)
+EMBEDDING_MODEL = "text-embedding-3-small"
+EMBEDDING_DIMENSIONS = 1536
+
+# Input validation limits
+# OpenAI text-embedding-3-large supports up to 8191 tokens (~32k chars)
+# We set a conservative limit to prevent abuse
+MAX_TEXT_LENGTH = 10000  # characters
+MAX_BATCH_SIZE = 100  # maximum texts per batch request
+
+
+class EmbeddingService:
+    """Service for generating text embeddings using OpenAI.
+
+    The service can be created without an API key - the key is validated
+    only when the client property is first accessed. This allows the service
+    to be instantiated at module load time without requiring configuration.
+    """
+
+    def __init__(self, api_key: Optional[str] = None):
+        settings = Settings()
+        self.api_key = (
+            api_key
+            or settings.secrets.openai_internal_api_key
+            or settings.secrets.openai_api_key
+        )
+
+    @functools.cached_property
+    def client(self) -> openai.AsyncOpenAI:
+        """Lazily create the OpenAI client, raising if no API key is configured."""
+        if not self.api_key:
+            raise ValueError(
+                "OpenAI API key not configured. "
+                "Set OPENAI_API_KEY or OPENAI_INTERNAL_API_KEY environment variable."
+            )
+        return openai.AsyncOpenAI(api_key=self.api_key)
+
+    async def generate_embedding(self, text: str) -> list[float]:
+        """
+        Generate embedding for a single text string.
+
+        Args:
+            text: The text to generate an embedding for.
+
+        Returns:
+            A list of floats representing the embedding vector.
+
+        Raises:
+            ValueError: If the text is empty or exceeds maximum length.
+            openai.APIError: If the OpenAI API call fails.
+        """
+        # Input validation
+        if not text or not text.strip():
+            raise ValueError("Text cannot be empty")
+        if len(text) > MAX_TEXT_LENGTH:
+            raise ValueError(
+                f"Text exceeds maximum length of {MAX_TEXT_LENGTH} characters"
+            )
+
+        response = await self.client.embeddings.create(
+            model=EMBEDDING_MODEL,
+            input=text,
+            dimensions=EMBEDDING_DIMENSIONS,
+        )
+        if not response.data:
+            raise ValueError("OpenAI API returned empty embedding data")
+        return response.data[0].embedding
+
+    async def generate_embeddings(self, texts: list[str]) -> list[list[float]]:
+        """
+        Generate embeddings for multiple texts (batch).
+
+        Args:
+            texts: List of texts to generate embeddings for.
+
+        Returns:
+            List of embedding vectors, one per input text.
+
+        Raises:
+            ValueError: If any text is invalid or batch size exceeds limit.
+            openai.APIError: If the OpenAI API call fails.
+        """
+        # Input validation
+        if not texts:
+            raise ValueError("Texts list cannot be empty")
+        if len(texts) > MAX_BATCH_SIZE:
+            raise ValueError(f"Batch size exceeds maximum of {MAX_BATCH_SIZE} texts")
+        for i, text in enumerate(texts):
+            if not text or not text.strip():
+                raise ValueError(f"Text at index {i} cannot be empty")
+            if len(text) > MAX_TEXT_LENGTH:
+                raise ValueError(
+                    f"Text at index {i} exceeds maximum length of {MAX_TEXT_LENGTH} characters"
+                )
+
+        response = await self.client.embeddings.create(
+            model=EMBEDDING_MODEL,
+            input=texts,
+            dimensions=EMBEDDING_DIMENSIONS,
+        )
+        # Sort by index to ensure correct ordering
+        sorted_data = sorted(response.data, key=lambda x: x.index)
+        return [item.embedding for item in sorted_data]
+
+
+def create_search_text(name: str, sub_heading: str, description: str) -> str:
+    """
+    Combine fields into searchable text for embedding.
+
+    This creates a single text string from the agent's name, sub-heading,
+    and description, which is then converted to an embedding vector.
+
+    Args:
+        name: The agent name.
+        sub_heading: The agent sub-heading/tagline.
+        description: The agent description.
+
+    Returns:
+        A single string combining all non-empty fields.
+    """
+    parts = [name or "", sub_heading or "", description or ""]
+    # filter(None, parts) removes empty strings since empty string is falsy
+    return " ".join(filter(None, parts)).strip()
+
+
+@functools.cache
+def get_embedding_service() -> EmbeddingService:
+    """
+    Get or create the embedding service singleton.
+
+    Uses functools.cache for thread-safe lazy initialization.
+
+    Returns:
+        The shared EmbeddingService instance.
+
+    Raises:
+        ValueError: If OpenAI API key is not configured (when generating embeddings).
+    """
+    return EmbeddingService()

autogpt_platform/backend/backend/integrations/embeddings_test.py

@@ -0,0 +1,235 @@
+"""Tests for the embedding service.
+
+This module tests:
+- create_search_text utility function
+- EmbeddingService input validation
+- EmbeddingService API interaction (mocked)
+"""
+
+from unittest.mock import AsyncMock, MagicMock, patch
+
+import pytest
+
+from backend.integrations.embeddings import (
+    EMBEDDING_DIMENSIONS,
+    MAX_BATCH_SIZE,
+    MAX_TEXT_LENGTH,
+    EmbeddingService,
+    create_search_text,
+)
+
+
+class TestCreateSearchText:
+    """Tests for the create_search_text utility function."""
+
+    def test_combines_all_fields(self):
+        result = create_search_text("Agent Name", "A cool agent", "Does amazing things")
+        assert result == "Agent Name A cool agent Does amazing things"
+
+    def test_handles_empty_name(self):
+        result = create_search_text("", "Sub heading", "Description")
+        assert result == "Sub heading Description"
+
+    def test_handles_empty_sub_heading(self):
+        result = create_search_text("Name", "", "Description")
+        assert result == "Name Description"
+
+    def test_handles_empty_description(self):
+        result = create_search_text("Name", "Sub heading", "")
+        assert result == "Name Sub heading"
+
+    def test_handles_all_empty(self):
+        result = create_search_text("", "", "")
+        assert result == ""
+
+    def test_handles_none_values(self):
+        # The function expects strings but should handle None gracefully
+        result = create_search_text(None, None, None)  # type: ignore
+        assert result == ""
+
+    def test_preserves_content_strips_outer_whitespace(self):
+        # The function joins parts and strips the outer result
+        # Internal whitespace in each part is preserved
+        result = create_search_text("  Name  ", "  Sub  ", "  Desc  ")
+        # Each part is joined with space, then outer strip applied
+        assert result == "Name     Sub     Desc"
+
+    def test_handles_only_whitespace(self):
+        # Parts that are only whitespace become empty after filter
+        result = create_search_text("   ", "   ", "   ")
+        assert result == ""
+
+
+class TestEmbeddingServiceValidation:
+    """Tests for EmbeddingService input validation."""
+
+    @pytest.fixture
+    def mock_settings(self):
+        """Mock settings with a test API key."""
+        with patch("backend.integrations.embeddings.Settings") as mock:
+            mock_instance = MagicMock()
+            mock_instance.secrets.openai_internal_api_key = "test-api-key"
+            mock_instance.secrets.openai_api_key = ""
+            mock.return_value = mock_instance
+            yield mock
+
+    @pytest.fixture
+    def service(self, mock_settings):
+        """Create an EmbeddingService instance with mocked settings."""
+        service = EmbeddingService()
+        # Inject a mock client by setting the cached_property directly
+        service.__dict__["client"] = MagicMock()
+        return service
+
+    def test_client_access_requires_api_key(self):
+        """Test that accessing client fails without an API key."""
+        with patch("backend.integrations.embeddings.Settings") as mock:
+            mock_instance = MagicMock()
+            mock_instance.secrets.openai_internal_api_key = ""
+            mock_instance.secrets.openai_api_key = ""
+            mock.return_value = mock_instance
+
+            # Service creation should succeed
+            service = EmbeddingService()
+
+            # But accessing client should fail
+            with pytest.raises(ValueError, match="OpenAI API key not configured"):
+                _ = service.client
+
+    def test_init_accepts_explicit_api_key(self):
+        """Test that explicit API key overrides settings."""
+        with patch("backend.integrations.embeddings.Settings") as mock:
+            mock_instance = MagicMock()
+            mock_instance.secrets.openai_internal_api_key = ""
+            mock_instance.secrets.openai_api_key = ""
+            mock.return_value = mock_instance
+
+            with patch("backend.integrations.embeddings.openai.AsyncOpenAI"):
+                service = EmbeddingService(api_key="explicit-key")
+                assert service.api_key == "explicit-key"
+
+    @pytest.mark.asyncio
+    async def test_generate_embedding_empty_text(self, service):
+        """Test that empty text raises ValueError."""
+        with pytest.raises(ValueError, match="Text cannot be empty"):
+            await service.generate_embedding("")
+
+    @pytest.mark.asyncio
+    async def test_generate_embedding_whitespace_only(self, service):
+        """Test that whitespace-only text raises ValueError."""
+        with pytest.raises(ValueError, match="Text cannot be empty"):
+            await service.generate_embedding("   ")
+
+    @pytest.mark.asyncio
+    async def test_generate_embedding_exceeds_max_length(self, service):
+        """Test that text exceeding max length raises ValueError."""
+        long_text = "a" * (MAX_TEXT_LENGTH + 1)
+        with pytest.raises(ValueError, match="exceeds maximum length"):
+            await service.generate_embedding(long_text)
+
+    @pytest.mark.asyncio
+    async def test_generate_embeddings_empty_list(self, service):
+        """Test that empty list raises ValueError."""
+        with pytest.raises(ValueError, match="Texts list cannot be empty"):
+            await service.generate_embeddings([])
+
+    @pytest.mark.asyncio
+    async def test_generate_embeddings_exceeds_batch_size(self, service):
+        """Test that batch exceeding max size raises ValueError."""
+        texts = ["text"] * (MAX_BATCH_SIZE + 1)
+        with pytest.raises(ValueError, match="Batch size exceeds maximum"):
+            await service.generate_embeddings(texts)
+
+    @pytest.mark.asyncio
+    async def test_generate_embeddings_empty_text_in_batch(self, service):
+        """Test that empty text in batch raises ValueError with index."""
+        with pytest.raises(ValueError, match="Text at index 1 cannot be empty"):
+            await service.generate_embeddings(["valid", "", "also valid"])
+
+    @pytest.mark.asyncio
+    async def test_generate_embeddings_long_text_in_batch(self, service):
+        """Test that long text in batch raises ValueError with index."""
+        long_text = "a" * (MAX_TEXT_LENGTH + 1)
+        with pytest.raises(ValueError, match="Text at index 2 exceeds maximum length"):
+            await service.generate_embeddings(["short", "also short", long_text])
+
+
+class TestEmbeddingServiceAPI:
+    """Tests for EmbeddingService API interaction."""
+
+    @pytest.fixture
+    def mock_openai_client(self):
+        """Create a mock OpenAI client."""
+        mock_client = MagicMock()
+        mock_client.embeddings = MagicMock()
+        return mock_client
+
+    @pytest.fixture
+    def service_with_mock_client(self, mock_openai_client):
+        """Create an EmbeddingService with a mocked OpenAI client."""
+        with patch("backend.integrations.embeddings.Settings") as mock_settings:
+            mock_instance = MagicMock()
+            mock_instance.secrets.openai_internal_api_key = "test-key"
+            mock_instance.secrets.openai_api_key = ""
+            mock_settings.return_value = mock_instance
+
+            service = EmbeddingService()
+            # Inject mock client by setting the cached_property directly
+            service.__dict__["client"] = mock_openai_client
+            return service, mock_openai_client
+
+    @pytest.mark.asyncio
+    async def test_generate_embedding_success(self, service_with_mock_client):
+        """Test successful embedding generation."""
+        service, mock_client = service_with_mock_client
+
+        # Create mock response
+        mock_embedding = [0.1] * EMBEDDING_DIMENSIONS
+        mock_response = MagicMock()
+        mock_response.data = [MagicMock(embedding=mock_embedding)]
+        mock_client.embeddings.create = AsyncMock(return_value=mock_response)
+
+        result = await service.generate_embedding("test text")
+
+        assert result == mock_embedding
+        mock_client.embeddings.create.assert_called_once()
+
+    @pytest.mark.asyncio
+    async def test_generate_embeddings_success(self, service_with_mock_client):
+        """Test successful batch embedding generation."""
+        service, mock_client = service_with_mock_client
+
+        # Create mock response with multiple embeddings
+        mock_embeddings = [[0.1] * EMBEDDING_DIMENSIONS, [0.2] * EMBEDDING_DIMENSIONS]
+        mock_response = MagicMock()
+        mock_response.data = [
+            MagicMock(embedding=mock_embeddings[0], index=0),
+            MagicMock(embedding=mock_embeddings[1], index=1),
+        ]
+        mock_client.embeddings.create = AsyncMock(return_value=mock_response)
+
+        result = await service.generate_embeddings(["text1", "text2"])
+
+        assert result == mock_embeddings
+        mock_client.embeddings.create.assert_called_once()
+
+    @pytest.mark.asyncio
+    async def test_generate_embeddings_preserves_order(self, service_with_mock_client):
+        """Test that batch embeddings are returned in correct order even if API returns out of order."""
+        service, mock_client = service_with_mock_client
+
+        # Create mock response with embeddings out of order
+        mock_embeddings = [[0.1] * EMBEDDING_DIMENSIONS, [0.2] * EMBEDDING_DIMENSIONS]
+        mock_response = MagicMock()
+        # Return in reverse order
+        mock_response.data = [
+            MagicMock(embedding=mock_embeddings[1], index=1),
+            MagicMock(embedding=mock_embeddings[0], index=0),
+        ]
+        mock_client.embeddings.create = AsyncMock(return_value=mock_response)
+
+        result = await service.generate_embeddings(["text1", "text2"])
+
+        # Should be sorted by index
+        assert result[0] == mock_embeddings[0]
+        assert result[1] == mock_embeddings[1]

autogpt_platform/backend/backend/integrations/webhooks/utils.py

@@ -149,10 +149,10 @@ async def setup_webhook_for_block(
 async def migrate_legacy_triggered_graphs():
     from prisma.models import AgentGraph
 
-    from backend.api.features.library.db import create_preset
-    from backend.api.features.library.model import LibraryAgentPresetCreatable
     from backend.data.graph import AGENT_GRAPH_INCLUDE, GraphModel, set_node_webhook
     from backend.data.model import is_credentials_field_name
+    from backend.server.v2.library.db import create_preset
+    from backend.server.v2.library.model import LibraryAgentPresetCreatable
 
     triggered_graphs = [
         GraphModel.from_db(_graph)

autogpt_platform/backend/backend/rest.py

@@ -1,5 +1,5 @@
-from backend.api.rest_api import AgentServer
 from backend.app import run_processes
+from backend.server.rest_api import AgentServer
 
 
 def main():

autogpt_platform/backend/backend/server/conn_manager.py

@@ -3,12 +3,12 @@ from typing import Dict, Set
 
 from fastapi import WebSocket
 
-from backend.api.model import NotificationPayload, WSMessage, WSMethod
 from backend.data.execution import (
     ExecutionEventType,
     GraphExecutionEvent,
     NodeExecutionEvent,
 )
+from backend.server.model import NotificationPayload, WSMessage, WSMethod
 
 _EVENT_TYPE_TO_METHOD_MAP: dict[ExecutionEventType, WSMethod] = {
     ExecutionEventType.GRAPH_EXEC_UPDATE: WSMethod.GRAPH_EXECUTION_EVENT,

autogpt_platform/backend/backend/server/conn_manager_test.py

@@ -4,13 +4,13 @@ from unittest.mock import AsyncMock
 import pytest
 from fastapi import WebSocket
 
-from backend.api.conn_manager import ConnectionManager
-from backend.api.model import NotificationPayload, WSMessage, WSMethod
 from backend.data.execution import (
     ExecutionStatus,
     GraphExecutionEvent,
     NodeExecutionEvent,
 )
+from backend.server.conn_manager import ConnectionManager
+from backend.server.model import NotificationPayload, WSMessage, WSMethod
 
 
 @pytest.fixture

autogpt_platform/backend/backend/server/external/api.py

@@ -0,0 +1,29 @@
+from fastapi import FastAPI
+
+from backend.monitoring.instrumentation import instrument_fastapi
+from backend.server.middleware.security import SecurityHeadersMiddleware
+
+from .routes.integrations import integrations_router
+from .routes.tools import tools_router
+from .routes.v1 import v1_router
+
+external_app = FastAPI(
+    title="AutoGPT External API",
+    description="External API for AutoGPT integrations",
+    docs_url="/docs",
+    version="1.0",
+)
+
+external_app.add_middleware(SecurityHeadersMiddleware)
+external_app.include_router(v1_router, prefix="/v1")
+external_app.include_router(tools_router, prefix="/v1")
+external_app.include_router(integrations_router, prefix="/v1")
+
+# Add Prometheus instrumentation
+instrument_fastapi(
+    external_app,
+    service_name="external-api",
+    expose_endpoint=True,
+    endpoint="/metrics",
+    include_in_schema=True,
+)

autogpt_platform/backend/backend/server/external/middleware.py

@@ -0,0 +1,36 @@
+from fastapi import HTTPException, Security
+from fastapi.security import APIKeyHeader
+from prisma.enums import APIKeyPermission
+
+from backend.data.api_key import APIKeyInfo, has_permission, validate_api_key
+
+api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
+
+
+async def require_api_key(api_key: str | None = Security(api_key_header)) -> APIKeyInfo:
+    """Base middleware for API key authentication"""
+    if api_key is None:
+        raise HTTPException(status_code=401, detail="Missing API key")
+
+    api_key_obj = await validate_api_key(api_key)
+
+    if not api_key_obj:
+        raise HTTPException(status_code=401, detail="Invalid API key")
+
+    return api_key_obj
+
+
+def require_permission(permission: APIKeyPermission):
+    """Dependency function for checking specific permissions"""
+
+    async def check_permission(
+        api_key: APIKeyInfo = Security(require_api_key),
+    ) -> APIKeyInfo:
+        if not has_permission(api_key, permission):
+            raise HTTPException(
+                status_code=403,
+                detail=f"API key lacks the required permission '{permission}'",
+            )
+        return api_key
+
+    return check_permission

autogpt_platform/backend/backend/server/external/routes/integrations.py

@@ -16,9 +16,7 @@ from fastapi import APIRouter, Body, HTTPException, Path, Security, status
 from prisma.enums import APIKeyPermission
 from pydantic import BaseModel, Field, SecretStr
 
-from backend.api.external.middleware import require_permission
-from backend.api.features.integrations.models import get_all_provider_names
-from backend.data.auth.base import APIAuthorizationInfo
+from backend.data.api_key import APIKeyInfo
 from backend.data.model import (
     APIKeyCredentials,
     Credentials,
@@ -30,6 +28,8 @@ from backend.data.model import (
 from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.oauth import CREDENTIALS_BY_PROVIDER, HANDLERS_BY_NAME
 from backend.integrations.providers import ProviderName
+from backend.server.external.middleware import require_permission
+from backend.server.integrations.models import get_all_provider_names
 from backend.util.settings import Settings
 
 if TYPE_CHECKING:
@@ -255,7 +255,7 @@ def _get_oauth_handler_for_external(
 
 @integrations_router.get("/providers", response_model=list[ProviderInfo])
 async def list_providers(
-    auth: APIAuthorizationInfo = Security(
+    api_key: APIKeyInfo = Security(
         require_permission(APIKeyPermission.READ_INTEGRATIONS)
     ),
 ) -> list[ProviderInfo]:
@@ -319,7 +319,7 @@ async def list_providers(
 async def initiate_oauth(
     provider: Annotated[str, Path(title="The OAuth provider")],
     request: OAuthInitiateRequest,
-    auth: APIAuthorizationInfo = Security(
+    api_key: APIKeyInfo = Security(
         require_permission(APIKeyPermission.MANAGE_INTEGRATIONS)
     ),
 ) -> OAuthInitiateResponse:
@@ -337,10 +337,7 @@ async def initiate_oauth(
     if not validate_callback_url(request.callback_url):
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
-            detail=(
-                f"Callback URL origin is not allowed. "
-                f"Allowed origins: {settings.config.external_oauth_callback_origins}",
-            ),
+            detail=f"Callback URL origin is not allowed. Allowed origins: {settings.config.external_oauth_callback_origins}",
         )
 
     # Validate provider
@@ -362,15 +359,13 @@ async def initiate_oauth(
     )
 
     # Store state token with external flow metadata
-    # Note: initiated_by_api_key_id is only available for API key auth, not OAuth
-    api_key_id = getattr(auth, "id", None) if auth.type == "api_key" else None
     state_token, code_challenge = await creds_manager.store.store_state_token(
-        user_id=auth.user_id,
+        user_id=api_key.user_id,
         provider=provider if isinstance(provider_name, str) else provider_name.value,
         scopes=request.scopes,
         callback_url=request.callback_url,
         state_metadata=request.state_metadata,
-        initiated_by_api_key_id=api_key_id,
+        initiated_by_api_key_id=api_key.id,
     )
 
     # Build login URL
@@ -398,7 +393,7 @@ async def initiate_oauth(
 async def complete_oauth(
     provider: Annotated[str, Path(title="The OAuth provider")],
     request: OAuthCompleteRequest,
-    auth: APIAuthorizationInfo = Security(
+    api_key: APIKeyInfo = Security(
         require_permission(APIKeyPermission.MANAGE_INTEGRATIONS)
     ),
 ) -> OAuthCompleteResponse:
@@ -411,7 +406,7 @@ async def complete_oauth(
     """
     # Verify state token
     valid_state = await creds_manager.store.verify_state_token(
-        auth.user_id, request.state_token, provider
+        api_key.user_id, request.state_token, provider
     )
 
     if not valid_state:
@@ -458,7 +453,7 @@ async def complete_oauth(
         )
 
     # Store credentials
-    await creds_manager.create(auth.user_id, credentials)
+    await creds_manager.create(api_key.user_id, credentials)
 
     logger.info(f"Successfully completed external OAuth for provider {provider}")
 
@@ -475,7 +470,7 @@ async def complete_oauth(
 
 @integrations_router.get("/credentials", response_model=list[CredentialSummary])
 async def list_credentials(
-    auth: APIAuthorizationInfo = Security(
+    api_key: APIKeyInfo = Security(
         require_permission(APIKeyPermission.READ_INTEGRATIONS)
     ),
 ) -> list[CredentialSummary]:
@@ -484,7 +479,7 @@ async def list_credentials(
 
     Returns metadata about each credential without exposing sensitive tokens.
     """
-    credentials = await creds_manager.store.get_all_creds(auth.user_id)
+    credentials = await creds_manager.store.get_all_creds(api_key.user_id)
     return [
         CredentialSummary(
             id=cred.id,
@@ -504,7 +499,7 @@ async def list_credentials(
 )
 async def list_credentials_by_provider(
     provider: Annotated[str, Path(title="The provider to list credentials for")],
-    auth: APIAuthorizationInfo = Security(
+    api_key: APIKeyInfo = Security(
         require_permission(APIKeyPermission.READ_INTEGRATIONS)
     ),
 ) -> list[CredentialSummary]:
@@ -512,7 +507,7 @@ async def list_credentials_by_provider(
     List credentials for a specific provider.
     """
     credentials = await creds_manager.store.get_creds_by_provider(
-        auth.user_id, provider
+        api_key.user_id, provider
     )
     return [
         CredentialSummary(
@@ -541,7 +536,7 @@ async def create_credential(
         CreateUserPasswordCredentialRequest,
         CreateHostScopedCredentialRequest,
     ] = Body(..., discriminator="type"),
-    auth: APIAuthorizationInfo = Security(
+    api_key: APIKeyInfo = Security(
         require_permission(APIKeyPermission.MANAGE_INTEGRATIONS)
     ),
 ) -> CreateCredentialResponse:
@@ -596,7 +591,7 @@ async def create_credential(
 
     # Store credentials
     try:
-        await creds_manager.create(auth.user_id, credentials)
+        await creds_manager.create(api_key.user_id, credentials)
     except Exception as e:
         logger.error(f"Failed to store credentials: {e}")
         raise HTTPException(
@@ -628,7 +623,7 @@ class DeleteCredentialResponse(BaseModel):
 async def delete_credential(
     provider: Annotated[str, Path(title="The provider")],
     cred_id: Annotated[str, Path(title="The credential ID to delete")],
-    auth: APIAuthorizationInfo = Security(
+    api_key: APIKeyInfo = Security(
         require_permission(APIKeyPermission.DELETE_INTEGRATIONS)
     ),
 ) -> DeleteCredentialResponse:
@@ -639,7 +634,7 @@ async def delete_credential(
     use the main API's delete endpoint which handles webhook cleanup and
     token revocation.
     """
-    creds = await creds_manager.store.get_creds_by_id(auth.user_id, cred_id)
+    creds = await creds_manager.store.get_creds_by_id(api_key.user_id, cred_id)
     if not creds:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND, detail="Credentials not found"
@@ -650,6 +645,6 @@ async def delete_credential(
             detail="Credentials do not match the specified provider",
         )
 
-    await creds_manager.delete(auth.user_id, cred_id)
+    await creds_manager.delete(api_key.user_id, cred_id)
 
     return DeleteCredentialResponse(deleted=True, credentials_id=cred_id)

autogpt_platform/backend/backend/server/external/routes/tools.py

@@ -14,19 +14,19 @@ from fastapi import APIRouter, Security
 from prisma.enums import APIKeyPermission
 from pydantic import BaseModel, Field
 
-from backend.api.external.middleware import require_permission
-from backend.api.features.chat.model import ChatSession
-from backend.api.features.chat.tools import find_agent_tool, run_agent_tool
-from backend.api.features.chat.tools.models import ToolResponseBase
-from backend.data.auth.base import APIAuthorizationInfo
+from backend.data.api_key import APIKeyInfo
+from backend.server.external.middleware import require_permission
+from backend.server.v2.chat.model import ChatSession
+from backend.server.v2.chat.tools import find_agent_tool, run_agent_tool
+from backend.server.v2.chat.tools.models import ToolResponseBase
 
 logger = logging.getLogger(__name__)
 
 tools_router = APIRouter(prefix="/tools", tags=["tools"])
 
-# Note: We use Security() as a function parameter dependency (auth: APIAuthorizationInfo = Security(...))
+# Note: We use Security() as a function parameter dependency (api_key: APIKeyInfo = Security(...))
 # rather than in the decorator's dependencies= list. This avoids duplicate permission checks
-# while still enforcing auth AND giving us access to auth for extracting user_id.
+# while still enforcing auth AND giving us access to the api_key for extracting user_id.
 
 
 # Request models
@@ -80,9 +80,7 @@ def _create_ephemeral_session(user_id: str | None) -> ChatSession:
 )
 async def find_agent(
     request: FindAgentRequest,
-    auth: APIAuthorizationInfo = Security(
-        require_permission(APIKeyPermission.USE_TOOLS)
-    ),
+    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.USE_TOOLS)),
 ) -> dict[str, Any]:
     """
     Search for agents in the marketplace based on capabilities and user needs.
@@ -93,9 +91,9 @@ async def find_agent(
     Returns:
         List of matching agents or no results response
     """
-    session = _create_ephemeral_session(auth.user_id)
+    session = _create_ephemeral_session(api_key.user_id)
     result = await find_agent_tool._execute(
-        user_id=auth.user_id,
+        user_id=api_key.user_id,
         session=session,
         query=request.query,
     )
@@ -107,9 +105,7 @@ async def find_agent(
 )
 async def run_agent(
     request: RunAgentRequest,
-    auth: APIAuthorizationInfo = Security(
-        require_permission(APIKeyPermission.USE_TOOLS)
-    ),
+    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.USE_TOOLS)),
 ) -> dict[str, Any]:
     """
     Run or schedule an agent from the marketplace.
@@ -133,9 +129,9 @@ async def run_agent(
         - execution_started: If agent was run or scheduled successfully
         - error: If something went wrong
     """
-    session = _create_ephemeral_session(auth.user_id)
+    session = _create_ephemeral_session(api_key.user_id)
     result = await run_agent_tool._execute(
-        user_id=auth.user_id,
+        user_id=api_key.user_id,
         session=session,
         username_agent_slug=request.username_agent_slug,
         inputs=request.inputs,

autogpt_platform/backend/backend/server/external/routes/v1.py

@@ -5,60 +5,46 @@ from typing import Annotated, Any, Literal, Optional, Sequence
 
 from fastapi import APIRouter, Body, HTTPException, Security
 from prisma.enums import AgentExecutionStatus, APIKeyPermission
-from pydantic import BaseModel, Field
 from typing_extensions import TypedDict
 
-import backend.api.features.store.cache as store_cache
-import backend.api.features.store.model as store_model
 import backend.data.block
-from backend.api.external.middleware import require_permission
+import backend.server.v2.store.cache as store_cache
+import backend.server.v2.store.model as store_model
 from backend.data import execution as execution_db
 from backend.data import graph as graph_db
-from backend.data import user as user_db
-from backend.data.auth.base import APIAuthorizationInfo
+from backend.data.api_key import APIKeyInfo
 from backend.data.block import BlockInput, CompletedBlockOutput
 from backend.executor.utils import add_graph_execution
+from backend.server.external.middleware import require_permission
 from backend.util.settings import Settings
 
-from .integrations import integrations_router
-from .tools import tools_router
-
 settings = Settings()
 logger = logging.getLogger(__name__)
 
 v1_router = APIRouter()
 
-v1_router.include_router(integrations_router)
-v1_router.include_router(tools_router)
+
+class NodeOutput(TypedDict):
+    key: str
+    value: Any
 
 
-class UserInfoResponse(BaseModel):
-    id: str
-    name: Optional[str]
-    email: str
-    timezone: str = Field(
-        description="The user's last known timezone (e.g. 'Europe/Amsterdam'), "
-        "or 'not-set' if not set"
-    )
+class ExecutionNode(TypedDict):
+    node_id: str
+    input: Any
+    output: dict[str, Any]
 
 
-@v1_router.get(
-    path="/me",
-    tags=["user", "meta"],
-)
-async def get_user_info(
-    auth: APIAuthorizationInfo = Security(
-        require_permission(APIKeyPermission.IDENTITY)
-    ),
-) -> UserInfoResponse:
-    user = await user_db.get_user_by_id(auth.user_id)
+class ExecutionNodeOutput(TypedDict):
+    node_id: str
+    outputs: list[NodeOutput]
 
-    return UserInfoResponse(
-        id=user.id,
-        name=user.name,
-        email=user.email,
-        timezone=user.timezone,
-    )
+
+class GraphExecutionResult(TypedDict):
+    execution_id: str
+    status: str
+    nodes: list[ExecutionNode]
+    output: Optional[list[dict[str, str]]]
 
 
 @v1_router.get(
@@ -79,9 +65,7 @@ async def get_graph_blocks() -> Sequence[dict[Any, Any]]:
 async def execute_graph_block(
     block_id: str,
     data: BlockInput,
-    auth: APIAuthorizationInfo = Security(
-        require_permission(APIKeyPermission.EXECUTE_BLOCK)
-    ),
+    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.EXECUTE_BLOCK)),
 ) -> CompletedBlockOutput:
     obj = backend.data.block.get_block(block_id)
     if not obj:
@@ -101,14 +85,12 @@ async def execute_graph(
     graph_id: str,
     graph_version: int,
     node_input: Annotated[dict[str, Any], Body(..., embed=True, default_factory=dict)],
-    auth: APIAuthorizationInfo = Security(
-        require_permission(APIKeyPermission.EXECUTE_GRAPH)
-    ),
+    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.EXECUTE_GRAPH)),
 ) -> dict[str, Any]:
     try:
         graph_exec = await add_graph_execution(
             graph_id=graph_id,
-            user_id=auth.user_id,
+            user_id=api_key.user_id,
             inputs=node_input,
             graph_version=graph_version,
         )
@@ -118,19 +100,6 @@ async def execute_graph(
         raise HTTPException(status_code=400, detail=msg)
 
 
-class ExecutionNode(TypedDict):
-    node_id: str
-    input: Any
-    output: dict[str, Any]
-
-
-class GraphExecutionResult(TypedDict):
-    execution_id: str
-    status: str
-    nodes: list[ExecutionNode]
-    output: Optional[list[dict[str, str]]]
-
-
 @v1_router.get(
     path="/graphs/{graph_id}/executions/{graph_exec_id}/results",
     tags=["graphs"],
@@ -138,12 +107,10 @@ class GraphExecutionResult(TypedDict):
 async def get_graph_execution_results(
     graph_id: str,
     graph_exec_id: str,
-    auth: APIAuthorizationInfo = Security(
-        require_permission(APIKeyPermission.READ_GRAPH)
-    ),
+    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.READ_GRAPH)),
 ) -> GraphExecutionResult:
     graph_exec = await execution_db.get_graph_execution(
-        user_id=auth.user_id,
+        user_id=api_key.user_id,
         execution_id=graph_exec_id,
         include_node_executions=True,
     )
@@ -155,7 +122,7 @@ async def get_graph_execution_results(
     if not await graph_db.get_graph(
         graph_id=graph_exec.graph_id,
         version=graph_exec.graph_version,
-        user_id=auth.user_id,
+        user_id=api_key.user_id,
     ):
         raise HTTPException(status_code=404, detail=f"Graph #{graph_id} not found.")
 

autogpt_platform/backend/backend/server/integrations/router.py

@@ -17,8 +17,6 @@ from fastapi import (
 from pydantic import BaseModel, Field, SecretStr
 from starlette.status import HTTP_500_INTERNAL_SERVER_ERROR, HTTP_502_BAD_GATEWAY
 
-from backend.api.features.library.db import set_preset_webhook, update_preset
-from backend.api.features.library.model import LibraryAgentPreset
 from backend.data.graph import NodeModel, get_graph, set_node_webhook
 from backend.data.integrations import (
     WebhookEvent,
@@ -47,6 +45,13 @@ from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.oauth import CREDENTIALS_BY_PROVIDER, HANDLERS_BY_NAME
 from backend.integrations.providers import ProviderName
 from backend.integrations.webhooks import get_webhook_manager
+from backend.server.integrations.models import (
+    ProviderConstants,
+    ProviderNamesResponse,
+    get_all_provider_names,
+)
+from backend.server.v2.library.db import set_preset_webhook, update_preset
+from backend.server.v2.library.model import LibraryAgentPreset
 from backend.util.exceptions import (
     GraphNotInLibraryError,
     MissingConfigError,
@@ -55,8 +60,6 @@ from backend.util.exceptions import (
 )
 from backend.util.settings import Settings
 
-from .models import ProviderConstants, ProviderNamesResponse, get_all_provider_names
-
 if TYPE_CHECKING:
     from backend.integrations.oauth import BaseOAuthHandler
 

autogpt_platform/backend/backend/server/middleware/security_test.py

@@ -3,7 +3,7 @@ from fastapi import FastAPI
 from fastapi.testclient import TestClient
 from starlette.applications import Starlette
 
-from backend.api.middleware.security import SecurityHeadersMiddleware
+from backend.server.middleware.security import SecurityHeadersMiddleware
 
 
 @pytest.fixture

autogpt_platform/backend/backend/server/model.py

@@ -4,7 +4,7 @@ from typing import Any, Literal, Optional
 import pydantic
 from prisma.enums import OnboardingStep
 
-from backend.data.auth.api_key import APIKeyInfo, APIKeyPermission
+from backend.data.api_key import APIKeyInfo, APIKeyPermission
 from backend.data.graph import Graph
 from backend.util.timezone_name import TimeZoneName
 

autogpt_platform/backend/backend/server/rest_api.py

@@ -16,33 +16,35 @@ from fastapi.middleware.gzip import GZipMiddleware
 from fastapi.routing import APIRoute
 from prisma.errors import PrismaError
 
-import backend.api.features.admin.credit_admin_routes
-import backend.api.features.admin.execution_analytics_routes
-import backend.api.features.admin.store_admin_routes
-import backend.api.features.builder
-import backend.api.features.builder.routes
-import backend.api.features.chat.routes as chat_routes
-import backend.api.features.executions.review.routes
-import backend.api.features.library.db
-import backend.api.features.library.model
-import backend.api.features.library.routes
-import backend.api.features.oauth
-import backend.api.features.otto.routes
-import backend.api.features.postmark.postmark
-import backend.api.features.store.model
-import backend.api.features.store.routes
-import backend.api.features.v1
 import backend.data.block
 import backend.data.db
 import backend.data.graph
 import backend.data.user
 import backend.integrations.webhooks.utils
+import backend.server.routers.postmark.postmark
+import backend.server.routers.v1
+import backend.server.v2.admin.credit_admin_routes
+import backend.server.v2.admin.execution_analytics_routes
+import backend.server.v2.admin.store_admin_routes
+import backend.server.v2.builder
+import backend.server.v2.builder.routes
+import backend.server.v2.chat.routes as chat_routes
+import backend.server.v2.executions.review.routes
+import backend.server.v2.library.db
+import backend.server.v2.library.model
+import backend.server.v2.library.routes
+import backend.server.v2.otto.routes
+import backend.server.v2.store.model
+import backend.server.v2.store.routes
 import backend.util.service
 import backend.util.settings
-from backend.blocks.llm import DEFAULT_LLM_MODEL
+from backend.blocks.llm import LlmModel
 from backend.data.model import Credentials
 from backend.integrations.providers import ProviderName
 from backend.monitoring.instrumentation import instrument_fastapi
+from backend.server.external.api import external_app
+from backend.server.middleware.security import SecurityHeadersMiddleware
+from backend.server.utils.cors import build_cors_params
 from backend.util import json
 from backend.util.cloud_storage import shutdown_cloud_storage_handler
 from backend.util.exceptions import (
@@ -53,13 +55,6 @@ from backend.util.exceptions import (
 from backend.util.feature_flag import initialize_launchdarkly, shutdown_launchdarkly
 from backend.util.service import UnhealthyServiceError
 
-from .external.fastapi_app import external_api
-from .features.analytics import router as analytics_router
-from .features.integrations.router import router as integrations_router
-from .middleware.security import SecurityHeadersMiddleware
-from .utils.cors import build_cors_params
-from .utils.openapi import sort_openapi
-
 settings = backend.util.settings.Settings()
 logger = logging.getLogger(__name__)
 
@@ -113,7 +108,7 @@ async def lifespan_context(app: fastapi.FastAPI):
 
     await backend.data.user.migrate_and_encrypt_user_integrations()
     await backend.data.graph.fix_llm_provider_credentials()
-    await backend.data.graph.migrate_llm_models(DEFAULT_LLM_MODEL)
+    await backend.data.graph.migrate_llm_models(LlmModel.GPT4O)
     await backend.integrations.webhooks.utils.migrate_legacy_triggered_graphs()
 
     with launch_darkly_context():
@@ -180,9 +175,6 @@ app.add_middleware(GZipMiddleware, minimum_size=50_000)  # 50KB threshold
 # Add 401 responses to authenticated endpoints in OpenAPI spec
 add_auth_responses_to_openapi(app)
 
-# Sort OpenAPI schema to eliminate diff on refactors
-sort_openapi(app)
-
 # Add Prometheus instrumentation
 instrument_fastapi(
     app,
@@ -261,52 +253,42 @@ app.add_exception_handler(MissingConfigError, handle_internal_http_error(503))
 app.add_exception_handler(ValueError, handle_internal_http_error(400))
 app.add_exception_handler(Exception, handle_internal_http_error(500))
 
-app.include_router(backend.api.features.v1.v1_router, tags=["v1"], prefix="/api")
+app.include_router(backend.server.routers.v1.v1_router, tags=["v1"], prefix="/api")
 app.include_router(
-    integrations_router,
-    prefix="/api/integrations",
-    tags=["v1", "integrations"],
+    backend.server.v2.store.routes.router, tags=["v2"], prefix="/api/store"
 )
 app.include_router(
-    analytics_router,
-    prefix="/api/analytics",
-    tags=["analytics"],
+    backend.server.v2.builder.routes.router, tags=["v2"], prefix="/api/builder"
 )
 app.include_router(
-    backend.api.features.store.routes.router, tags=["v2"], prefix="/api/store"
-)
-app.include_router(
-    backend.api.features.builder.routes.router, tags=["v2"], prefix="/api/builder"
-)
-app.include_router(
-    backend.api.features.admin.store_admin_routes.router,
+    backend.server.v2.admin.store_admin_routes.router,
     tags=["v2", "admin"],
     prefix="/api/store",
 )
 app.include_router(
-    backend.api.features.admin.credit_admin_routes.router,
+    backend.server.v2.admin.credit_admin_routes.router,
     tags=["v2", "admin"],
     prefix="/api/credits",
 )
 app.include_router(
-    backend.api.features.admin.execution_analytics_routes.router,
+    backend.server.v2.admin.execution_analytics_routes.router,
     tags=["v2", "admin"],
     prefix="/api/executions",
 )
 app.include_router(
-    backend.api.features.executions.review.routes.router,
+    backend.server.v2.executions.review.routes.router,
     tags=["v2", "executions", "review"],
     prefix="/api/review",
 )
 app.include_router(
-    backend.api.features.library.routes.router, tags=["v2"], prefix="/api/library"
+    backend.server.v2.library.routes.router, tags=["v2"], prefix="/api/library"
 )
 app.include_router(
-    backend.api.features.otto.routes.router, tags=["v2", "otto"], prefix="/api/otto"
+    backend.server.v2.otto.routes.router, tags=["v2", "otto"], prefix="/api/otto"
 )
 
 app.include_router(
-    backend.api.features.postmark.postmark.router,
+    backend.server.routers.postmark.postmark.router,
     tags=["v1", "email"],
     prefix="/api/email",
 )
@@ -315,13 +297,8 @@ app.include_router(
     tags=["v2", "chat"],
     prefix="/api/chat",
 )
-app.include_router(
-    backend.api.features.oauth.router,
-    tags=["oauth"],
-    prefix="/api/oauth",
-)
 
-app.mount("/external-api", external_api)
+app.mount("/external-api", external_app)
 
 
 @app.get(path="/health", tags=["health"], dependencies=[])
@@ -374,7 +351,7 @@ class AgentServer(backend.util.service.AppProcess):
         graph_version: Optional[int] = None,
         node_input: Optional[dict[str, Any]] = None,
     ):
-        return await backend.api.features.v1.execute_graph(
+        return await backend.server.routers.v1.execute_graph(
             user_id=user_id,
             graph_id=graph_id,
             graph_version=graph_version,
@@ -389,16 +366,16 @@ class AgentServer(backend.util.service.AppProcess):
         user_id: str,
         for_export: bool = False,
     ):
-        return await backend.api.features.v1.get_graph(
+        return await backend.server.routers.v1.get_graph(
             graph_id, user_id, graph_version, for_export
         )
 
     @staticmethod
     async def test_create_graph(
-        create_graph: backend.api.features.v1.CreateGraph,
+        create_graph: backend.server.routers.v1.CreateGraph,
         user_id: str,
     ):
-        return await backend.api.features.v1.create_new_graph(create_graph, user_id)
+        return await backend.server.routers.v1.create_new_graph(create_graph, user_id)
 
     @staticmethod
     async def test_get_graph_run_status(graph_exec_id: str, user_id: str):
@@ -414,45 +391,45 @@ class AgentServer(backend.util.service.AppProcess):
     @staticmethod
     async def test_delete_graph(graph_id: str, user_id: str):
         """Used for clean-up after a test run"""
-        await backend.api.features.library.db.delete_library_agent_by_graph_id(
+        await backend.server.v2.library.db.delete_library_agent_by_graph_id(
             graph_id=graph_id, user_id=user_id
         )
-        return await backend.api.features.v1.delete_graph(graph_id, user_id)
+        return await backend.server.routers.v1.delete_graph(graph_id, user_id)
 
     @staticmethod
     async def test_get_presets(user_id: str, page: int = 1, page_size: int = 10):
-        return await backend.api.features.library.routes.presets.list_presets(
+        return await backend.server.v2.library.routes.presets.list_presets(
             user_id=user_id, page=page, page_size=page_size
         )
 
     @staticmethod
     async def test_get_preset(preset_id: str, user_id: str):
-        return await backend.api.features.library.routes.presets.get_preset(
+        return await backend.server.v2.library.routes.presets.get_preset(
             preset_id=preset_id, user_id=user_id
         )
 
     @staticmethod
     async def test_create_preset(
-        preset: backend.api.features.library.model.LibraryAgentPresetCreatable,
+        preset: backend.server.v2.library.model.LibraryAgentPresetCreatable,
         user_id: str,
     ):
-        return await backend.api.features.library.routes.presets.create_preset(
+        return await backend.server.v2.library.routes.presets.create_preset(
             preset=preset, user_id=user_id
         )
 
     @staticmethod
     async def test_update_preset(
         preset_id: str,
-        preset: backend.api.features.library.model.LibraryAgentPresetUpdatable,
+        preset: backend.server.v2.library.model.LibraryAgentPresetUpdatable,
         user_id: str,
     ):
-        return await backend.api.features.library.routes.presets.update_preset(
+        return await backend.server.v2.library.routes.presets.update_preset(
             preset_id=preset_id, preset=preset, user_id=user_id
         )
 
     @staticmethod
     async def test_delete_preset(preset_id: str, user_id: str):
-        return await backend.api.features.library.routes.presets.delete_preset(
+        return await backend.server.v2.library.routes.presets.delete_preset(
             preset_id=preset_id, user_id=user_id
         )
 
@@ -462,7 +439,7 @@ class AgentServer(backend.util.service.AppProcess):
         user_id: str,
         inputs: Optional[dict[str, Any]] = None,
     ):
-        return await backend.api.features.library.routes.presets.execute_preset(
+        return await backend.server.v2.library.routes.presets.execute_preset(
             preset_id=preset_id,
             user_id=user_id,
             inputs=inputs or {},
@@ -471,20 +448,18 @@ class AgentServer(backend.util.service.AppProcess):
 
     @staticmethod
     async def test_create_store_listing(
-        request: backend.api.features.store.model.StoreSubmissionRequest, user_id: str
+        request: backend.server.v2.store.model.StoreSubmissionRequest, user_id: str
     ):
-        return await backend.api.features.store.routes.create_submission(
-            request, user_id
-        )
+        return await backend.server.v2.store.routes.create_submission(request, user_id)
 
     ### ADMIN ###
 
     @staticmethod
     async def test_review_store_listing(
-        request: backend.api.features.store.model.ReviewSubmissionRequest,
+        request: backend.server.v2.store.model.ReviewSubmissionRequest,
         user_id: str,
     ):
-        return await backend.api.features.admin.store_admin_routes.review_submission(
+        return await backend.server.v2.admin.store_admin_routes.review_submission(
             request.store_listing_version_id, request, user_id
         )
 
@@ -494,7 +469,10 @@ class AgentServer(backend.util.service.AppProcess):
         provider: ProviderName,
         credentials: Credentials,
     ) -> Credentials:
-        from .features.integrations.router import create_credentials, get_credential
+        from backend.server.integrations.router import (
+            create_credentials,
+            get_credential,
+        )
 
         try:
             return await create_credentials(

autogpt_platform/backend/backend/server/routers/analytics.py

@@ -6,11 +6,10 @@ from typing import Annotated
 import fastapi
 import pydantic
 from autogpt_libs.auth import get_user_id
-from autogpt_libs.auth.dependencies import requires_user
 
 import backend.data.analytics
 
-router = fastapi.APIRouter(dependencies=[fastapi.Security(requires_user)])
+router = fastapi.APIRouter()
 logger = logging.getLogger(__name__)
 
 

autogpt_platform/backend/backend/server/routers/analytics_improved_test.py

@@ -0,0 +1,150 @@
+"""Example of analytics tests with improved error handling and assertions."""
+
+import json
+from unittest.mock import AsyncMock, Mock
+
+import fastapi
+import fastapi.testclient
+import pytest
+import pytest_mock
+from pytest_snapshot.plugin import Snapshot
+
+import backend.server.routers.analytics as analytics_routes
+from backend.server.test_helpers import (
+    assert_error_response_structure,
+    assert_mock_called_with_partial,
+    assert_response_status,
+    safe_parse_json,
+)
+
+app = fastapi.FastAPI()
+app.include_router(analytics_routes.router)
+
+client = fastapi.testclient.TestClient(app)
+
+
+@pytest.fixture(autouse=True)
+def setup_app_auth(mock_jwt_user):
+    """Setup auth overrides for all tests in this module"""
+    from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+    app.dependency_overrides[get_jwt_payload] = mock_jwt_user["get_jwt_payload"]
+    yield
+    app.dependency_overrides.clear()
+
+
+def test_log_raw_metric_success_improved(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+    test_user_id: str,
+) -> None:
+    """Test successful raw metric logging with improved assertions."""
+    # Mock the analytics function
+    mock_result = Mock(id="metric-123-uuid")
+
+    mock_log_metric = mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "metric_name": "page_load_time",
+        "metric_value": 2.5,
+        "data_string": "/dashboard",
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+
+    # Improved assertions with better error messages
+    assert_response_status(response, 200, "Metric logging should succeed")
+    response_data = safe_parse_json(response, "Metric response parsing")
+
+    assert response_data == "metric-123-uuid", f"Unexpected response: {response_data}"
+
+    # Verify the function was called with correct parameters
+    assert_mock_called_with_partial(
+        mock_log_metric,
+        user_id=test_user_id,
+        metric_name="page_load_time",
+        metric_value=2.5,
+        data_string="/dashboard",
+    )
+
+    # Snapshot test the response
+    configured_snapshot.assert_match(
+        json.dumps({"metric_id": response_data}, indent=2, sort_keys=True),
+        "analytics_log_metric_success_improved",
+    )
+
+
+def test_log_raw_metric_invalid_request_improved() -> None:
+    """Test invalid metric request with improved error assertions."""
+    # Test missing required fields
+    response = client.post("/log_raw_metric", json={})
+
+    error_data = assert_error_response_structure(
+        response, expected_status=422, expected_error_fields=["loc", "msg", "type"]
+    )
+
+    # Verify specific error details
+    detail = error_data["detail"]
+    assert isinstance(detail, list), "Error detail should be a list"
+    assert len(detail) > 0, "Should have at least one error"
+
+    # Check that required fields are mentioned in errors
+    error_fields = [error["loc"][-1] for error in detail if "loc" in error]
+    assert "metric_name" in error_fields, "Should report missing metric_name"
+    assert "metric_value" in error_fields, "Should report missing metric_value"
+    assert "data_string" in error_fields, "Should report missing data_string"
+
+
+def test_log_raw_metric_type_validation_improved(
+    mocker: pytest_mock.MockFixture,
+) -> None:
+    """Test metric type validation with improved assertions."""
+    # Mock the analytics function to avoid event loop issues
+    mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        return_value=Mock(id="test-id"),
+    )
+
+    invalid_requests = [
+        {
+            "data": {
+                "metric_name": "test",
+                "metric_value": "not_a_number",  # Invalid type
+                "data_string": "test",
+            },
+            "expected_error": "Input should be a valid number",
+        },
+        {
+            "data": {
+                "metric_name": "",  # Empty string
+                "metric_value": 1.0,
+                "data_string": "test",
+            },
+            "expected_error": "String should have at least 1 character",
+        },
+        {
+            "data": {
+                "metric_name": "test",
+                "metric_value": 123,  # Valid number
+                "data_string": "",  # Empty data_string
+            },
+            "expected_error": "String should have at least 1 character",
+        },
+    ]
+
+    for test_case in invalid_requests:
+        response = client.post("/log_raw_metric", json=test_case["data"])
+
+        error_data = assert_error_response_structure(response, expected_status=422)
+
+        # Check that expected error is in the response
+        error_text = json.dumps(error_data)
+        assert (
+            test_case["expected_error"] in error_text
+            or test_case["expected_error"].lower() in error_text.lower()
+        ), f"Expected error '{test_case['expected_error']}' not found in: {error_text}"

autogpt_platform/backend/backend/server/routers/analytics_parametrized_test.py

@@ -0,0 +1,115 @@
+"""Example of parametrized tests for analytics endpoints."""
+
+import json
+from unittest.mock import AsyncMock, Mock
+
+import fastapi
+import fastapi.testclient
+import pytest
+import pytest_mock
+from pytest_snapshot.plugin import Snapshot
+
+import backend.server.routers.analytics as analytics_routes
+
+app = fastapi.FastAPI()
+app.include_router(analytics_routes.router)
+
+client = fastapi.testclient.TestClient(app)
+
+
+@pytest.fixture(autouse=True)
+def setup_app_auth(mock_jwt_user):
+    """Setup auth overrides for all tests in this module"""
+    from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+    app.dependency_overrides[get_jwt_payload] = mock_jwt_user["get_jwt_payload"]
+    yield
+    app.dependency_overrides.clear()
+
+
+@pytest.mark.parametrize(
+    "metric_value,metric_name,data_string,test_id",
+    [
+        (100, "api_calls_count", "external_api", "integer_value"),
+        (0, "error_count", "no_errors", "zero_value"),
+        (-5.2, "temperature_delta", "cooling", "negative_value"),
+        (1.23456789, "precision_test", "float_precision", "float_precision"),
+        (999999999, "large_number", "max_value", "large_number"),
+        (0.0000001, "tiny_number", "min_value", "tiny_number"),
+    ],
+)
+def test_log_raw_metric_values_parametrized(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+    metric_value: float,
+    metric_name: str,
+    data_string: str,
+    test_id: str,
+) -> None:
+    """Test raw metric logging with various metric values using parametrize."""
+    # Mock the analytics function
+    mock_result = Mock(id=f"metric-{test_id}-uuid")
+
+    mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "metric_name": metric_name,
+        "metric_value": metric_value,
+        "data_string": data_string,
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+
+    # Better error handling
+    assert response.status_code == 200, f"Failed for {test_id}: {response.text}"
+    response_data = response.json()
+
+    # Snapshot test the response
+    configured_snapshot.assert_match(
+        json.dumps(
+            {"metric_id": response_data, "test_case": test_id}, indent=2, sort_keys=True
+        ),
+        f"analytics_metric_{test_id}",
+    )
+
+
+@pytest.mark.parametrize(
+    "invalid_data,expected_error",
+    [
+        ({}, "Field required"),  # Missing all fields
+        ({"metric_name": "test"}, "Field required"),  # Missing metric_value
+        (
+            {"metric_name": "test", "metric_value": "not_a_number"},
+            "Input should be a valid number",
+        ),  # Invalid type
+        (
+            {"metric_name": "", "metric_value": 1.0, "data_string": "test"},
+            "String should have at least 1 character",
+        ),  # Empty name
+    ],
+)
+def test_log_raw_metric_invalid_requests_parametrized(
+    mocker: pytest_mock.MockFixture,
+    invalid_data: dict,
+    expected_error: str,
+) -> None:
+    """Test invalid metric requests with parametrize."""
+    # Mock the analytics function to avoid event loop issues
+    mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        return_value=Mock(id="test-id"),
+    )
+
+    response = client.post("/log_raw_metric", json=invalid_data)
+
+    assert response.status_code == 422
+    error_detail = response.json()
+    assert "detail" in error_detail
+    # Verify error message contains expected error
+    error_text = json.dumps(error_detail)
+    assert expected_error in error_text or expected_error.lower() in error_text.lower()

autogpt_platform/backend/backend/server/routers/analytics_test.py

@@ -0,0 +1,284 @@
+import json
+from unittest.mock import AsyncMock, Mock
+
+import fastapi
+import fastapi.testclient
+import pytest
+import pytest_mock
+from pytest_snapshot.plugin import Snapshot
+
+import backend.server.routers.analytics as analytics_routes
+
+app = fastapi.FastAPI()
+app.include_router(analytics_routes.router)
+
+client = fastapi.testclient.TestClient(app)
+
+
+@pytest.fixture(autouse=True)
+def setup_app_auth(mock_jwt_user):
+    """Setup auth overrides for all tests in this module"""
+    from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+    app.dependency_overrides[get_jwt_payload] = mock_jwt_user["get_jwt_payload"]
+    yield
+    app.dependency_overrides.clear()
+
+
+def test_log_raw_metric_success(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+    test_user_id: str,
+) -> None:
+    """Test successful raw metric logging"""
+
+    # Mock the analytics function
+    mock_result = Mock(id="metric-123-uuid")
+
+    mock_log_metric = mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "metric_name": "page_load_time",
+        "metric_value": 2.5,
+        "data_string": "/dashboard",
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+
+    assert response.status_code == 200
+    response_data = response.json()
+    assert response_data == "metric-123-uuid"
+
+    # Verify the function was called with correct parameters
+    mock_log_metric.assert_called_once_with(
+        user_id=test_user_id,
+        metric_name="page_load_time",
+        metric_value=2.5,
+        data_string="/dashboard",
+    )
+
+    # Snapshot test the response
+    configured_snapshot.assert_match(
+        json.dumps({"metric_id": response.json()}, indent=2, sort_keys=True),
+        "analytics_log_metric_success",
+    )
+
+
+def test_log_raw_metric_various_values(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+) -> None:
+    """Test raw metric logging with various metric values"""
+
+    # Mock the analytics function
+    mock_result = Mock(id="metric-456-uuid")
+
+    mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    # Test with integer value
+    request_data = {
+        "metric_name": "api_calls_count",
+        "metric_value": 100,
+        "data_string": "external_api",
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+    assert response.status_code == 200
+
+    # Test with zero value
+    request_data = {
+        "metric_name": "error_count",
+        "metric_value": 0,
+        "data_string": "no_errors",
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+    assert response.status_code == 200
+
+    # Test with negative value
+    request_data = {
+        "metric_name": "temperature_delta",
+        "metric_value": -5.2,
+        "data_string": "cooling",
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+    assert response.status_code == 200
+
+    # Snapshot the last response
+    configured_snapshot.assert_match(
+        json.dumps({"metric_id": response.json()}, indent=2, sort_keys=True),
+        "analytics_log_metric_various_values",
+    )
+
+
+def test_log_raw_analytics_success(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+    test_user_id: str,
+) -> None:
+    """Test successful raw analytics logging"""
+
+    # Mock the analytics function
+    mock_result = Mock(id="analytics-789-uuid")
+
+    mock_log_analytics = mocker.patch(
+        "backend.data.analytics.log_raw_analytics",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "type": "user_action",
+        "data": {
+            "action": "button_click",
+            "button_id": "submit_form",
+            "timestamp": "2023-01-01T00:00:00Z",
+            "metadata": {
+                "form_type": "registration",
+                "fields_filled": 5,
+            },
+        },
+        "data_index": "button_click_submit_form",
+    }
+
+    response = client.post("/log_raw_analytics", json=request_data)
+
+    assert response.status_code == 200
+    response_data = response.json()
+    assert response_data == "analytics-789-uuid"
+
+    # Verify the function was called with correct parameters
+    mock_log_analytics.assert_called_once_with(
+        test_user_id,
+        "user_action",
+        request_data["data"],
+        "button_click_submit_form",
+    )
+
+    # Snapshot test the response
+    configured_snapshot.assert_match(
+        json.dumps({"analytics_id": response_data}, indent=2, sort_keys=True),
+        "analytics_log_analytics_success",
+    )
+
+
+def test_log_raw_analytics_complex_data(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+) -> None:
+    """Test raw analytics logging with complex nested data"""
+
+    # Mock the analytics function
+    mock_result = Mock(id="analytics-complex-uuid")
+
+    mocker.patch(
+        "backend.data.analytics.log_raw_analytics",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "type": "agent_execution",
+        "data": {
+            "agent_id": "agent_123",
+            "execution_id": "exec_456",
+            "status": "completed",
+            "duration_ms": 3500,
+            "nodes_executed": 15,
+            "blocks_used": [
+                {"block_id": "llm_block", "count": 3},
+                {"block_id": "http_block", "count": 5},
+                {"block_id": "code_block", "count": 2},
+            ],
+            "errors": [],
+            "metadata": {
+                "trigger": "manual",
+                "user_tier": "premium",
+                "environment": "production",
+            },
+        },
+        "data_index": "agent_123_exec_456",
+    }
+
+    response = client.post("/log_raw_analytics", json=request_data)
+
+    assert response.status_code == 200
+    response_data = response.json()
+
+    # Snapshot test the complex data structure
+    configured_snapshot.assert_match(
+        json.dumps(
+            {
+                "analytics_id": response_data,
+                "logged_data": request_data["data"],
+            },
+            indent=2,
+            sort_keys=True,
+        ),
+        "analytics_log_analytics_complex_data",
+    )
+
+
+def test_log_raw_metric_invalid_request() -> None:
+    """Test raw metric logging with invalid request data"""
+    # Missing required fields
+    response = client.post("/log_raw_metric", json={})
+    assert response.status_code == 422
+
+    # Invalid metric_value type
+    response = client.post(
+        "/log_raw_metric",
+        json={
+            "metric_name": "test",
+            "metric_value": "not_a_number",
+            "data_string": "test",
+        },
+    )
+    assert response.status_code == 422
+
+    # Missing data_string
+    response = client.post(
+        "/log_raw_metric",
+        json={
+            "metric_name": "test",
+            "metric_value": 1.0,
+        },
+    )
+    assert response.status_code == 422
+
+
+def test_log_raw_analytics_invalid_request() -> None:
+    """Test raw analytics logging with invalid request data"""
+    # Missing required fields
+    response = client.post("/log_raw_analytics", json={})
+    assert response.status_code == 422
+
+    # Invalid data type (should be dict)
+    response = client.post(
+        "/log_raw_analytics",
+        json={
+            "type": "test",
+            "data": "not_a_dict",
+            "data_index": "test",
+        },
+    )
+    assert response.status_code == 422
+
+    # Missing data_index
+    response = client.post(
+        "/log_raw_analytics",
+        json={
+            "type": "test",
+            "data": {"key": "value"},
+        },
+    )
+    assert response.status_code == 422